aws-cdk-conf-n-tags 0.1.0

package/LICENSE

@@ -0,0 +1,29 @@
+BSD 3-Clause License
+
+Copyright (c) 2021-2026, Eduard Moskvin <ed@moskvin.ca>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

package/README.md

@@ -0,0 +1,297 @@
+# aws-cdk-conf-n-tags
+
+Per-environment configuration loading and stack tagging for **AWS CDK** apps.
+
+- **One YAML file per environment**, selected with `--context env=<name>`.
+- **Schema-validated** with [zod](https://zod.dev) — typos and bad values fail loudly
+  at synth time, and the validated config is fully typed.
+- **Account/region guard** — refuses to synth an environment against the wrong AWS
+  account or region.
+- **Immutable config** — the loaded values are frozen; this is a config object, not a
+  place to stash resource references.
+- **Centralized tagging** — apply arbitrary tags plus auto `CreatedBy` / `WorkDir`
+  tags to every resource in a stack.
+
+## Install
+
+This package is used inside an AWS CDK app. If you don't have one yet, scaffold it first
+with the CDK CLI in an empty directory:
+
+```sh
+mkdir my-infra && cd my-infra
+cdk init app --language typescript
+```
+
+Then, **from inside that CDK app directory** (where `package.json` and `cdk.json` live),
+install this package:
+
+```sh
+npm install aws-cdk-conf-n-tags zod
+```
+
+> This both adds the entries to your `package.json` `dependencies` and installs them, in
+> one step (modern npm writes to `package.json` by default — no `--save` needed). If you
+> prefer, you can instead add the dependencies to `package.json` by hand and then run
+> `npm install` with no arguments.
+
+`aws-cdk-lib` (`^2`), `constructs` (`^10`), and `zod` (`^3`) are **peer dependencies**.
+Your CDK app already has the first two; install `zod` yourself — you import it to declare
+your schema, and a single shared `zod` instance is required for validation to work
+(a second copy would break the internal schema checks).
+
+## Quick start
+
+### 1. Declare your schema
+
+Extend `BaseConfigSchema` (which already covers `awsAccount`, `awsRegion`, `tags`, and
+the tag-name overrides) with the parameters your stack needs:
+
+```ts
+// config-schema.ts
+import { BaseConfigSchema } from 'aws-cdk-conf-n-tags';
+import { z } from 'zod';
+
+export const ConfigSchema = BaseConfigSchema.extend({
+  vpcId: z.string(),
+  asgMinCapacity: z.number().int().default(1),
+  asgMaxCapacity: z.number().int().default(1),
+  ec2InstanceType: z.string().default('t4g.micro'),
+  auroraEngineVersion: z.enum(['5.7', '8.0']).default('5.7'),
+  serverlessMinCapacity: z.number().min(0.5).default(1),
+  certificateArns: z.array(z.string()).optional(),
+});
+```
+
+### 2. Load and use it in your stack
+
+```ts
+import { Stack, type StackProps } from 'aws-cdk-lib';
+import { Vpc } from 'aws-cdk-lib/aws-ec2';
+import type { Construct } from 'constructs';
+import { Config } from 'aws-cdk-conf-n-tags';
+import { ConfigSchema } from './config-schema.js';
+import { MyAsg } from './my-asg.js'; // your own construct
+
+export class MyStack extends Stack {
+  constructor(scope: Construct, id: string, props?: StackProps) {
+    super(scope, id, props);
+
+    // Resolves env from `--context env=...`, reads config/<env>.yaml,
+    // validates it, and checks the account/region. `conf.values` is typed + frozen.
+    const conf = Config.load(this, ConfigSchema);
+
+    // Tag every resource in the stack (config tags + auto CreatedBy/WorkDir).
+    conf.tagStack(this);
+
+    // Pass config values to constructs explicitly.
+    const vpc = Vpc.fromLookup(this, 'vpc', { vpcId: conf.values.vpcId });
+    new MyAsg(this, 'asg', { vpc, min: conf.values.asgMinCapacity });
+  }
+}
+```
+
+### 3. Add a config file per environment
+
+```yaml
+# config/production.yaml
+awsAccount: "012345678901"   # quote it — preserves leading zeros
+awsRegion: us-west-2
+
+vpcId: vpc-0abc123def4567890
+asgMinCapacity: 2
+auroraEngineVersion: "8.0"
+
+tags:
+  Product: my-product
+  Cluster: web-001
+  Env: Production
+  RetentionDays: 28          # non-string values are coerced to strings when tagging
+```
+
+Deploy with:
+
+```sh
+cdk deploy --context env=production
+```
+
+## Using from JavaScript
+
+The package ships both ESM and CommonJS builds, so it works in JavaScript CDK apps
+(`cdk init app --language javascript`) just as well as TypeScript ones. The API is
+identical — you only give up the *compile-time* layer (`z.infer` types and `tsc`
+checking). **Runtime validation still catches typos, bad types, and out-of-range values
+and applies defaults**, because that is zod behavior, not TypeScript.
+
+ESM JavaScript (a project with `"type": "module"` in its `package.json`):
+
+```js
+import { Stack } from 'aws-cdk-lib';
+import { Config, BaseConfigSchema } from 'aws-cdk-conf-n-tags';
+import { z } from 'zod';
+
+const ConfigSchema = BaseConfigSchema.extend({
+  vpcId: z.string(),
+  asgMinCapacity: z.number().int().default(1),
+});
+
+export class MyStack extends Stack {
+  constructor(scope, id, props) {
+    super(scope, id, props);
+
+    const conf = Config.load(this, ConfigSchema);
+    conf.tagStack(this);
+    // conf.values.vpcId, conf.values.asgMinCapacity, ...
+  }
+}
+```
+
+CommonJS JavaScript (the default `cdk init --language javascript` template) is the same,
+with `require`:
+
+```js
+const { Config, BaseConfigSchema } = require('aws-cdk-conf-n-tags');
+const { z } = require('zod');
+```
+
+> Tip: even in `.js` files, editors like VS Code read the package's bundled type
+> declarations and offer autocomplete and hover docs on `conf.values`.
+
+## How it behaves
+
+- **Environment selection** — `Config.load` reads the env name from CDK context
+  (`--context env=<name>`; the key is configurable). It then loads
+  `config/<env>.yaml` relative to the current working directory.
+- **Validation** — unknown keys are **rejected** by default (`unknownKeys: 'strict'`),
+  so a mistyped key like `asgMinCapcity` errors instead of silently using a default.
+  Types, enums, numeric ranges, and `required`/`default` are all enforced by your
+  schema. Switch to `'strip'` or `'passthrough'` if you need leniency.
+- **Account/region guard** — `awsAccount` / `awsRegion` in the file are checked against
+  `CDK_DEFAULT_ACCOUNT` / `CDK_DEFAULT_REGION` (override via options, or disable with
+  `verifyAccountRegion: false`).
+- **Immutability** — `conf.values` is `Object.freeze`'d, so it can't double as a mutable bag for created resources. Share those via explicit args
+  or the [`StackResources`](#sharing-resources-between-constructs) helper instead.
+
+## Sharing resources between constructs
+
+Because `conf.values` is frozen, it can't accumulate created resources the way a single
+mutable config object used to. To hand resources (VPC, database, …) from one construct to
+the next, you have two options.
+
+**Explicit props (most type-safe).** Give each construct exactly what it needs:
+
+```js
+const vpc = Vpc.fromLookup(this, 'vpc', { vpcId: conf.values.vpcId });
+const db = new MyDb(this, 'db', { vpc, conf });
+new MyBackup(this, 'backup', { dbCluster: db.cluster });
+```
+
+**`StackResources` (one bag, fail-loud).** If you prefer threading a single object
+through every construct, use the exported `StackResources` container. Unlike a plain
+object, reading a resource that hasn't been created yet throws a clear error instead of
+yielding `undefined` — valuable in JavaScript stacks where there's no compiler to catch it:
+
+```js
+import { Config, StackResources } from 'aws-cdk-conf-n-tags';
+
+const res = new StackResources();
+res.set('vpc', Vpc.fromLookup(this, 'vpc', { vpcId: conf.values.vpcId }));
+const db = res.set('db', new MyDb(this, 'db', { conf, res })); // set() returns the value
+
+new MyBackup(this, 'backup', { conf, res });   // internally reads res.get('db').cluster
+
+// res.get('cache') before the cache is created throws:
+//   Resource "cache" was requested before it was created. Check the order ...
+```
+
+`set(key, value)` stores and returns the value; `get(key)` returns it or throws;
+`has(key)` checks; `keys()` lists what's been set. In TypeScript, parameterize it for
+typed keys and values: `new StackResources<{ vpc: IVpc; db: MyDb }>()`.
+
+## API
+
+### `Config.load(scope, schema, options?)`
+
+Returns a `Config` with:
+
+| Member | Description |
+|---|---|
+| `conf.values` | The validated, frozen config (typed as `z.infer<typeof schema>`). |
+| `conf.environment` | The resolved environment name. |
+| `conf.path` | Absolute path of the file that was loaded. |
+| `conf.tagStack(scope, options?)` | Tag a stack using this config's `tags` + auto-tags. |
+
+`options` (all optional):
+
+| Option | Default | Description |
+|---|---|---|
+| `contextKey` | `'env'` | CDK context key holding the environment name. |
+| `environment` | — | Provide the env name explicitly (skips context). |
+| `configDir` | `'config'` | Directory holding `<env>.yaml`, relative to `cwd`. |
+| `configPath` | — | Explicit file path (overrides `configDir`). |
+| `cwd` | `process.cwd()` | Base directory for relative paths. |
+| `unknownKeys` | `'strict'` | `'strict'` \| `'strip'` \| `'passthrough'`. |
+| `verifyAccountRegion` | `true` | Cross-check account/region. |
+| `account` / `region` | `CDK_DEFAULT_*` | Expected account/region. |
+
+### `tagStack(scope, options?)`
+
+Standalone tagging (no `Config` needed). Applies the working-directory tag, the
+created-by tag, then the explicit `tags` map, to every taggable resource in `scope`.
+
+```ts
+import { tagStack } from 'aws-cdk-conf-n-tags';
+
+tagStack(stack, {
+  tags: { Product: 'my-product', Env: 'Production' },
+  auto: { workDir: false },                 // disable individual auto-tags
+  tagNames: { createdBy: 'Blame' },         // rename auto-tag keys
+  providers: { createdBy: () => 'ci-bot' }, // override how a value is computed
+});
+```
+
+By default `CreatedBy` is derived from `git config user.name` / `user.email` (falling
+back to `$USER`), and `WorkDir` is `process.cwd()`.
+
+### `StackResources<T>`
+
+A fail-loud container for resources created during synthesis — see
+[Sharing resources between constructs](#sharing-resources-between-constructs).
+
+| Method | Description |
+|---|---|
+| `set(key, value)` | Store a resource and return it. |
+| `get(key)` | Return it, or throw if it was never set. |
+| `has(key)` | Whether a resource has been set. |
+| `keys()` | The keys set so far. |
+
+### `loadConfig(schema, options)`
+
+The validation core without any CDK scope — useful for tests or non-CDK tooling.
+Returns `{ values, path }`. See `LoadOptions` for the option shape.
+
+## Migrating from the original `Config` class
+
+If you used the original JavaScript `Config` (which flattened every YAML key onto the
+instance and doubled as a mutable dependency bag):
+
+- Read config via `conf.values.<key>` instead of `conf.<key>`.
+- Declare a zod schema instead of relying on scattered `|| default` fallbacks.
+- Stop writing resources back onto the config object (`conf.vpc = vpc`); pass them to
+  constructs explicitly.
+- `setTags(stack)` → `conf.tagStack(stack)`.
+
+## Development
+
+```sh
+npm install
+npm run build         # tsup → dist (ESM + CJS + d.ts/d.cts)
+npm test              # vitest
+npm run typecheck     # tsc --noEmit
+npm run check:exports # publint + attw
+```
+
+Run a single test: `npx vitest run test/loader.test.ts` (or `-t "<name>"`).
+
+## License
+
+BSD-3-Clause © Eduard Moskvin

package/dist/index.cjs

@@ -0,0 +1,275 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  BaseConfigSchema: () => BaseConfigSchema,
+  Config: () => Config,
+  StackResources: () => StackResources,
+  gitCreatedBy: () => gitCreatedBy,
+  loadConfig: () => loadConfig,
+  resolveConfigPath: () => resolveConfigPath,
+  tagStack: () => tagStack,
+  tagValueSchema: () => tagValueSchema
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/config.ts
+var import_zod2 = require("zod");
+
+// src/loader.ts
+var import_node_fs = require("fs");
+var import_node_path = require("path");
+var import_yaml = __toESM(require("yaml"), 1);
+var import_zod = require("zod");
+function resolveConfigPath(opts) {
+  const cwd = opts.cwd ?? process.cwd();
+  if (opts.configPath) {
+    return (0, import_node_path.isAbsolute)(opts.configPath) ? opts.configPath : (0, import_node_path.join)(cwd, opts.configPath);
+  }
+  return (0, import_node_path.join)(cwd, opts.configDir ?? "config", `${opts.environment}.yaml`);
+}
+function withUnknownKeys(schema, policy) {
+  if (policy === "strip") return schema;
+  if (schema instanceof import_zod.z.ZodObject) {
+    return policy === "strict" ? schema.strict() : schema.passthrough();
+  }
+  if (schema instanceof import_zod.z.ZodEffects) {
+    const inner = withUnknownKeys(schema.innerType(), policy);
+    return new import_zod.z.ZodEffects({ ...schema._def, schema: inner });
+  }
+  return schema;
+}
+function verifyAccountRegion(values, options, path) {
+  const account = options.account ?? process.env.CDK_DEFAULT_ACCOUNT;
+  const region = options.region ?? process.env.CDK_DEFAULT_REGION;
+  if (account && typeof values.awsAccount === "string" && values.awsAccount !== account) {
+    throw new Error(
+      `AWS account mismatch for environment "${options.environment}": ${path} expects "${values.awsAccount}" but the active credentials resolve to "${account}". Check ${path} and your AWS CLI settings.`
+    );
+  }
+  if (region && typeof values.awsRegion === "string" && values.awsRegion !== region) {
+    throw new Error(
+      `AWS region mismatch for environment "${options.environment}": ${path} expects "${values.awsRegion}" but the active credentials resolve to "${region}". Check ${path} and your AWS CLI settings.`
+    );
+  }
+}
+function loadConfig(schema, options) {
+  const path = resolveConfigPath(options);
+  let raw;
+  try {
+    raw = (0, import_node_fs.readFileSync)(path, "utf8");
+  } catch (err) {
+    throw new Error(
+      `Could not read config file for environment "${options.environment}" at ${path}: ${err.message}`
+    );
+  }
+  let parsed;
+  try {
+    parsed = import_yaml.default.parse(raw) ?? {};
+  } catch (err) {
+    throw new Error(
+      `Could not parse YAML config for environment "${options.environment}" at ${path}: ${err.message}`
+    );
+  }
+  const result = withUnknownKeys(schema, options.unknownKeys ?? "strict").safeParse(parsed);
+  if (!result.success) {
+    const details = result.error.issues.map((issue) => `  - ${issue.path.join(".") || "(root)"}: ${issue.message}`).join("\n");
+    throw new Error(`Invalid configuration in ${path}:
+${details}`);
+  }
+  if (options.verifyAccountRegion !== false) {
+    verifyAccountRegion(result.data, options, path);
+  }
+  return { values: result.data, path };
+}
+
+// src/tags.ts
+var import_node_child_process = require("child_process");
+var import_aws_cdk_lib = require("aws-cdk-lib");
+var DEFAULT_CREATED_BY_TAG = "CreatedBy";
+var DEFAULT_WORK_DIR_TAG = "WorkDir";
+function gitCreatedBy() {
+  let name = "";
+  let email = "";
+  try {
+    name = (0, import_node_child_process.execSync)("git config user.name").toString().trim();
+    email = (0, import_node_child_process.execSync)("git config user.email").toString().trim();
+  } catch {
+  }
+  const joined = name && email ? `${name} - ${email}` : name || email;
+  return joined || process.env.USER || void 0;
+}
+function tagStack(scope, options = {}) {
+  const { tags, auto = {}, tagNames = {}, providers = {} } = options;
+  const collected = [];
+  if (auto.workDir !== false) {
+    const value = (providers.workDir ?? (() => process.cwd()))();
+    if (value) collected.push({ key: tagNames.workDir ?? DEFAULT_WORK_DIR_TAG, value });
+  }
+  if (auto.createdBy !== false) {
+    const value = (providers.createdBy ?? gitCreatedBy)();
+    if (value) collected.push({ key: tagNames.createdBy ?? DEFAULT_CREATED_BY_TAG, value });
+  }
+  if (tags && typeof tags === "object" && !Array.isArray(tags)) {
+    for (const [key, value] of Object.entries(tags)) {
+      if (value === void 0 || value === null) continue;
+      collected.push({ key, value: String(value) });
+    }
+  }
+  for (const { key, value } of collected) {
+    import_aws_cdk_lib.Tags.of(scope).add(key, value);
+  }
+}
+
+// src/config.ts
+function deepFreeze(value) {
+  if (value && typeof value === "object" && !Object.isFrozen(value)) {
+    Object.freeze(value);
+    for (const nested of Object.values(value)) deepFreeze(nested);
+  }
+  return value;
+}
+function resolveEnvironment(scope, options) {
+  if (options.environment) return options.environment;
+  const key = options.contextKey ?? "env";
+  const fromContext = scope.node.tryGetContext(key);
+  if (typeof fromContext !== "string" || fromContext.length === 0) {
+    throw new Error(
+      `Deployment environment not set. Pass it with \`--context ${key}=<environment>\` or via the \`environment\` option.`
+    );
+  }
+  return fromContext;
+}
+var Config = class _Config {
+  /** The environment name (e.g. from `--context env=...`). */
+  environment;
+  /** The validated, frozen config values. */
+  values;
+  /** Absolute path of the config file that was loaded. */
+  path;
+  constructor(environment, values, path) {
+    this.environment = environment;
+    this.values = deepFreeze(values);
+    this.path = path;
+  }
+  /**
+   * Resolve the environment from `scope`'s context, then load and validate its
+   * config against `schema` (which should extend {@link BaseConfigSchema}).
+   */
+  static load(scope, schema, options = {}) {
+    const environment = resolveEnvironment(scope, options);
+    const { values, path } = loadConfig(schema, {
+      environment,
+      configDir: options.configDir,
+      configPath: options.configPath,
+      cwd: options.cwd,
+      unknownKeys: options.unknownKeys,
+      verifyAccountRegion: options.verifyAccountRegion,
+      account: options.account,
+      region: options.region
+    });
+    return new _Config(environment, values, path);
+  }
+  /**
+   * Tag every taggable resource in `scope` (the stack) using this config's `tags`
+   * and the configured auto-tag key names. Pass `options` to toggle auto-tags or
+   * override providers.
+   */
+  tagStack(scope, options = {}) {
+    const base = this.values;
+    tagStack(scope, {
+      ...options,
+      // Merge per-key so a partial override (e.g. only `tags.Extra` or only
+      // `tagNames.createdBy`) layers on top of the config instead of replacing
+      // the whole map and silently dropping the config's other values.
+      tags: { ...base.tags, ...options.tags },
+      tagNames: {
+        createdBy: options.tagNames?.createdBy ?? base.createdByTagName,
+        workDir: options.tagNames?.workDir ?? base.cwdTagName
+      }
+    });
+  }
+};
+
+// src/resources.ts
+var StackResources = class {
+  #refs = /* @__PURE__ */ new Map();
+  /** Store a resource and return it, so it can be captured inline. */
+  set(key, value) {
+    this.#refs.set(key, value);
+    return value;
+  }
+  /** Retrieve a resource, throwing a clear error if it was never set. */
+  get(key) {
+    if (!this.#refs.has(key)) {
+      throw new Error(
+        `Resource "${String(key)}" was requested before it was created. Check the order constructs are created in the stack.`
+      );
+    }
+    return this.#refs.get(key);
+  }
+  /** Whether a resource has been set. */
+  has(key) {
+    return this.#refs.has(key);
+  }
+  /** The keys set so far. */
+  keys() {
+    return [...this.#refs.keys()];
+  }
+};
+
+// src/schema.ts
+var import_zod3 = require("zod");
+var tagValueSchema = import_zod3.z.union([import_zod3.z.string(), import_zod3.z.number(), import_zod3.z.boolean()]);
+var BaseConfigSchema = import_zod3.z.object({
+  /** Target AWS account ID. Quote it in YAML (`"012345678901"`) to preserve leading zeros. */
+  awsAccount: import_zod3.z.string().min(1),
+  /** Target AWS region, e.g. `us-east-1`. */
+  awsRegion: import_zod3.z.string().min(1),
+  /** Arbitrary tags applied to every resource in the stack. */
+  tags: import_zod3.z.record(import_zod3.z.string(), tagValueSchema).optional(),
+  /** Tag key used for the auto-generated "created by" tag. */
+  createdByTagName: import_zod3.z.string().default("CreatedBy"),
+  /** Tag key used for the auto-generated "working directory" tag. */
+  cwdTagName: import_zod3.z.string().default("WorkDir")
+});
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  BaseConfigSchema,
+  Config,
+  StackResources,
+  gitCreatedBy,
+  loadConfig,
+  resolveConfigPath,
+  tagStack,
+  tagValueSchema
+});
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts","../src/config.ts","../src/loader.ts","../src/tags.ts","../src/resources.ts","../src/schema.ts"],"sourcesContent":["export { Config, type ConfigOptions } from './config.js';\nexport { StackResources } from './resources.js';\nexport { BaseConfigSchema, tagValueSchema, type BaseConfig } from './schema.js';\nexport {\n  loadConfig,\n  resolveConfigPath,\n  type LoadOptions,\n  type UnknownKeys,\n} from './loader.js';\nexport {\n  tagStack,\n  gitCreatedBy,\n  type TagStackOptions,\n  type TagValue,\n} from './tags.js';\n","import { z } from 'zod';\nimport type { IConstruct } from 'constructs';\nimport { loadConfig, type UnknownKeys } from './loader.js';\nimport { tagStack as applyStackTags, type TagStackOptions } from './tags.js';\nimport type { BaseConfig } from './schema.js';\n\n/** Options for {@link Config.load}. */\nexport interface ConfigOptions {\n  /** CDK context key holding the environment name. Default: `env`. */\n  contextKey?: string;\n  /** Provide the environment name explicitly instead of reading it from context. */\n  environment?: string;\n  /** Directory holding `<environment>.yaml`, relative to `cwd`. Default: `config`. */\n  configDir?: string;\n  /** Explicit config file path (absolute, or relative to `cwd`). Overrides `configDir`. */\n  configPath?: string;\n  /** Base directory for relative paths. Default: `process.cwd()`. */\n  cwd?: string;\n  /** Unknown-key policy. Default: `strict` (reject mistyped keys). */\n  unknownKeys?: UnknownKeys;\n  /** Cross-check `awsAccount`/`awsRegion` against the active credentials. Default: `true`. */\n  verifyAccountRegion?: boolean;\n  /** Expected account. Default: `process.env.CDK_DEFAULT_ACCOUNT`. */\n  account?: string;\n  /** Expected region. Default: `process.env.CDK_DEFAULT_REGION`. */\n  region?: string;\n}\n\n/** Recursively freeze an object and everything reachable from it. */\nfunction deepFreeze<T>(value: T): T {\n  if (value && typeof value === 'object' && !Object.isFrozen(value)) {\n    Object.freeze(value);\n    for (const nested of Object.values(value)) deepFreeze(nested);\n  }\n  return value;\n}\n\nfunction resolveEnvironment(scope: IConstruct, options: ConfigOptions): string {\n  if (options.environment) return options.environment;\n  const key = options.contextKey ?? 'env';\n  const fromContext: unknown = scope.node.tryGetContext(key);\n  if (typeof fromContext !== 'string' || fromContext.length === 0) {\n    throw new Error(\n      `Deployment environment not set. Pass it with \\`--context ${key}=<environment>\\` ` +\n        `or via the \\`environment\\` option.`,\n    );\n  }\n  return fromContext;\n}\n\n/**\n * Loaded, validated, immutable per-environment configuration.\n *\n * Build it with {@link Config.load}, which resolves the environment from CDK\n * context, reads and validates `config/<env>.yaml`, and (by default) verifies the\n * target account/region. The validated values are frozen — this object is **not**\n * a place to stash resource references; pass those between constructs explicitly.\n */\nexport class Config<V extends BaseConfig> {\n  /** The environment name (e.g. from `--context env=...`). */\n  readonly environment: string;\n  /** The validated, frozen config values. */\n  readonly values: Readonly<V>;\n  /** Absolute path of the config file that was loaded. */\n  readonly path: string;\n\n  private constructor(environment: string, values: V, path: string) {\n    this.environment = environment;\n    this.values = deepFreeze(values);\n    this.path = path;\n  }\n\n  /**\n   * Resolve the environment from `scope`'s context, then load and validate its\n   * config against `schema` (which should extend {@link BaseConfigSchema}).\n   */\n  static load<S extends z.ZodTypeAny>(\n    scope: IConstruct,\n    schema: S,\n    options: ConfigOptions = {},\n  ): Config<z.infer<S> & BaseConfig> {\n    const environment = resolveEnvironment(scope, options);\n    const { values, path } = loadConfig(schema, {\n      environment,\n      configDir: options.configDir,\n      configPath: options.configPath,\n      cwd: options.cwd,\n      unknownKeys: options.unknownKeys,\n      verifyAccountRegion: options.verifyAccountRegion,\n      account: options.account,\n      region: options.region,\n    });\n    return new Config(environment, values as z.infer<S> & BaseConfig, path);\n  }\n\n  /**\n   * Tag every taggable resource in `scope` (the stack) using this config's `tags`\n   * and the configured auto-tag key names. Pass `options` to toggle auto-tags or\n   * override providers.\n   */\n  tagStack(scope: IConstruct, options: TagStackOptions = {}): void {\n    const base = this.values as BaseConfig;\n    applyStackTags(scope, {\n      ...options,\n      // Merge per-key so a partial override (e.g. only `tags.Extra` or only\n      // `tagNames.createdBy`) layers on top of the config instead of replacing\n      // the whole map and silently dropping the config's other values.\n      tags: { ...base.tags, ...options.tags },\n      tagNames: {\n        createdBy: options.tagNames?.createdBy ?? base.createdByTagName,\n        workDir: options.tagNames?.workDir ?? base.cwdTagName,\n      },\n    });\n  }\n}\n","import { readFileSync } from 'node:fs';\nimport { isAbsolute, join } from 'node:path';\nimport YAML from 'yaml';\nimport { z } from 'zod';\n\n/**\n * How unknown (typically mistyped) keys in the config file are handled:\n * - `strict` — reject them with an error (default; catches typos loudly);\n * - `strip` — silently drop them (zod's default object behavior);\n * - `passthrough` — keep them on the result without validation.\n */\nexport type UnknownKeys = 'strict' | 'strip' | 'passthrough';\n\n/** Inputs for {@link loadConfig}. */\nexport interface LoadOptions {\n  /** Environment name, used to resolve the config file and for error messages. */\n  environment: string;\n  /** Directory holding `<environment>.yaml`, relative to `cwd`. Default: `config`. */\n  configDir?: string;\n  /** Explicit config file path (absolute, or relative to `cwd`). Overrides `configDir`. */\n  configPath?: string;\n  /** Base directory for relative paths. Default: `process.cwd()`. */\n  cwd?: string;\n  /** Unknown-key policy. Default: `strict`. */\n  unknownKeys?: UnknownKeys;\n  /** Cross-check `awsAccount`/`awsRegion` against the active credentials. Default: `true`. */\n  verifyAccountRegion?: boolean;\n  /** Expected account. Default: `process.env.CDK_DEFAULT_ACCOUNT`. */\n  account?: string;\n  /** Expected region. Default: `process.env.CDK_DEFAULT_REGION`. */\n  region?: string;\n}\n\n/** Resolve the absolute path of the config file for an environment. */\nexport function resolveConfigPath(opts: {\n  environment: string;\n  configDir?: string;\n  configPath?: string;\n  cwd?: string;\n}): string {\n  const cwd = opts.cwd ?? process.cwd();\n  if (opts.configPath) {\n    return isAbsolute(opts.configPath) ? opts.configPath : join(cwd, opts.configPath);\n  }\n  return join(cwd, opts.configDir ?? 'config', `${opts.environment}.yaml`);\n}\n\nfunction withUnknownKeys<S extends z.ZodTypeAny>(schema: S, policy: UnknownKeys): S {\n  if (policy === 'strip') return schema; // zod's default object behavior\n  if (schema instanceof z.ZodObject) {\n    return (policy === 'strict' ? schema.strict() : schema.passthrough()) as unknown as S;\n  }\n  // Unwrap `.refine()` / `.superRefine()` / `.transform()` so the policy still\n  // reaches the underlying object schema. Without this, a refined schema would\n  // silently fall through to zod's default strip and never reject typos.\n  if (schema instanceof z.ZodEffects) {\n    const inner = withUnknownKeys(schema.innerType(), policy);\n    return new z.ZodEffects({ ...schema._def, schema: inner }) as unknown as S;\n  }\n  return schema;\n}\n\nfunction verifyAccountRegion(\n  values: { awsAccount?: unknown; awsRegion?: unknown },\n  options: LoadOptions,\n  path: string,\n): void {\n  const account = options.account ?? process.env.CDK_DEFAULT_ACCOUNT;\n  const region = options.region ?? process.env.CDK_DEFAULT_REGION;\n\n  // Only compare when there is a reference to compare against; an unset\n  // CDK_DEFAULT_ACCOUNT/REGION (common in `cdk synth` and unit tests) means we\n  // cannot verify, not that the config is wrong.\n  if (account && typeof values.awsAccount === 'string' && values.awsAccount !== account) {\n    throw new Error(\n      `AWS account mismatch for environment \"${options.environment}\": ${path} expects ` +\n        `\"${values.awsAccount}\" but the active credentials resolve to \"${account}\". ` +\n        `Check ${path} and your AWS CLI settings.`,\n    );\n  }\n  if (region && typeof values.awsRegion === 'string' && values.awsRegion !== region) {\n    throw new Error(\n      `AWS region mismatch for environment \"${options.environment}\": ${path} expects ` +\n        `\"${values.awsRegion}\" but the active credentials resolve to \"${region}\". ` +\n        `Check ${path} and your AWS CLI settings.`,\n    );\n  }\n}\n\n/**\n * Read, parse, and validate the YAML config for an environment.\n *\n * Standalone (no CDK scope needed) so it can be unit-tested and reused outside a\n * stack. {@link Config.load} wraps this with environment resolution from context.\n */\nexport function loadConfig<S extends z.ZodTypeAny>(\n  schema: S,\n  options: LoadOptions,\n): { values: z.infer<S>; path: string } {\n  const path = resolveConfigPath(options);\n\n  let raw: string;\n  try {\n    raw = readFileSync(path, 'utf8');\n  } catch (err) {\n    throw new Error(\n      `Could not read config file for environment \"${options.environment}\" at ${path}: ` +\n        `${(err as Error).message}`,\n    );\n  }\n\n  let parsed: unknown;\n  try {\n    parsed = YAML.parse(raw) ?? {};\n  } catch (err) {\n    throw new Error(\n      `Could not parse YAML config for environment \"${options.environment}\" at ${path}: ` +\n        `${(err as Error).message}`,\n    );\n  }\n\n  const result = withUnknownKeys(schema, options.unknownKeys ?? 'strict').safeParse(parsed);\n  if (!result.success) {\n    const details = result.error.issues\n      .map((issue) => `  - ${issue.path.join('.') || '(root)'}: ${issue.message}`)\n      .join('\\n');\n    throw new Error(`Invalid configuration in ${path}:\\n${details}`);\n  }\n\n  if (options.verifyAccountRegion !== false) {\n    verifyAccountRegion(result.data as Record<string, unknown>, options, path);\n  }\n\n  return { values: result.data as z.infer<S>, path };\n}\n","import { execSync } from 'node:child_process';\nimport { Tags } from 'aws-cdk-lib';\nimport type { IConstruct } from 'constructs';\n\n/** A tag value as authored in config; coerced to a string when applied. */\nexport type TagValue = string | number | boolean;\n\n/** Options for {@link tagStack}. */\nexport interface TagStackOptions {\n  /** Arbitrary key/value tags to apply (e.g. from config `tags:`). */\n  tags?: Record<string, TagValue>;\n  /** Toggle the auto-generated tags. Both default to `true`. */\n  auto?: {\n    /** Add a \"created by\" tag derived from the git/OS user. */\n    createdBy?: boolean;\n    /** Add a \"working directory\" tag with the current working directory. */\n    workDir?: boolean;\n  };\n  /** Override the keys used for the auto-generated tags. */\n  tagNames?: {\n    createdBy?: string;\n    workDir?: string;\n  };\n  /**\n   * Override how the auto-tag values are computed. Injectable so tests don't\n   * shell out to git and stacks can supply their own provenance.\n   */\n  providers?: {\n    createdBy?: () => string | undefined;\n    workDir?: () => string | undefined;\n  };\n}\n\nconst DEFAULT_CREATED_BY_TAG = 'CreatedBy';\nconst DEFAULT_WORK_DIR_TAG = 'WorkDir';\n\n/**\n * Default \"created by\" provider: the git `user.name - user.email` identity,\n * falling back to `$USER`. Returns `undefined` if nothing is available.\n */\nexport function gitCreatedBy(): string | undefined {\n  let name = '';\n  let email = '';\n  try {\n    name = execSync('git config user.name').toString().trim();\n    email = execSync('git config user.email').toString().trim();\n  } catch {\n    // No git identity available; fall back below.\n  }\n  const joined = name && email ? `${name} - ${email}` : name || email;\n  return joined || process.env.USER || undefined;\n}\n\n/**\n * Apply tags to every taggable resource in `scope` (typically a Stack) via CDK's\n * tag aspect. Merges, in order: the working-directory tag, the created-by tag,\n * then the explicit `tags` map. Non-string tag values are coerced with `String()`.\n */\nexport function tagStack(scope: IConstruct, options: TagStackOptions = {}): void {\n  const { tags, auto = {}, tagNames = {}, providers = {} } = options;\n  const collected: Array<{ key: string; value: string }> = [];\n\n  if (auto.workDir !== false) {\n    const value = (providers.workDir ?? (() => process.cwd()))();\n    if (value) collected.push({ key: tagNames.workDir ?? DEFAULT_WORK_DIR_TAG, value });\n  }\n\n  if (auto.createdBy !== false) {\n    const value = (providers.createdBy ?? gitCreatedBy)();\n    if (value) collected.push({ key: tagNames.createdBy ?? DEFAULT_CREATED_BY_TAG, value });\n  }\n\n  if (tags && typeof tags === 'object' && !Array.isArray(tags)) {\n    for (const [key, value] of Object.entries(tags)) {\n      if (value === undefined || value === null) continue;\n      collected.push({ key, value: String(value) });\n    }\n  }\n\n  for (const { key, value } of collected) {\n    Tags.of(scope).add(key, value);\n  }\n}\n","/**\n * A small, mutable container for resources created during stack synthesis, kept\n * separate from the frozen {@link Config} values.\n *\n * It lets you thread a single object through your constructs (the convenience of a\n * shared dependency bag) without the classic footgun: reading a resource that has\n * not been created yet throws a clear error instead of silently returning\n * `undefined`. That matters most in JavaScript stacks, where there is no compiler to\n * catch a missing reference.\n *\n * ```ts\n * const res = new StackResources<{ vpc: IVpc; db: MyDb }>();\n * res.set('vpc', Vpc.fromLookup(this, 'vpc', { vpcId: conf.values.vpcId }));\n * const db = res.set('db', new MyDb(this, 'db', { conf, res }));\n * // later: res.get('db').cluster  — throws if 'db' was never set\n * ```\n */\nexport class StackResources<T extends Record<string, unknown> = Record<string, unknown>> {\n  #refs = new Map<keyof T, T[keyof T]>();\n\n  /** Store a resource and return it, so it can be captured inline. */\n  set<K extends keyof T>(key: K, value: T[K]): T[K] {\n    this.#refs.set(key, value);\n    return value;\n  }\n\n  /** Retrieve a resource, throwing a clear error if it was never set. */\n  get<K extends keyof T>(key: K): T[K] {\n    if (!this.#refs.has(key)) {\n      throw new Error(\n        `Resource \"${String(key)}\" was requested before it was created. ` +\n          `Check the order constructs are created in the stack.`,\n      );\n    }\n    return this.#refs.get(key) as T[K];\n  }\n\n  /** Whether a resource has been set. */\n  has<K extends keyof T>(key: K): boolean {\n    return this.#refs.has(key);\n  }\n\n  /** The keys set so far. */\n  keys(): Array<keyof T> {\n    return [...this.#refs.keys()];\n  }\n}\n","import { z } from 'zod';\n\n/**\n * A single tag value as it may appear in YAML. CloudFormation tag values must\n * ultimately be strings; numbers and booleans are coerced at tag-apply time\n * (see {@link tagStack}) so config authors can write `Env: 1` or `Managed: true`.\n */\nexport const tagValueSchema = z.union([z.string(), z.number(), z.boolean()]);\n\n/**\n * The keys every environment config shares. Consumers build their own schema by\n * extending this with the parameters their stack needs:\n *\n * ```ts\n * const ConfigSchema = BaseConfigSchema.extend({\n *   vpcId: z.string(),\n *   asgMinCapacity: z.number().int().default(1),\n * });\n * ```\n */\nexport const BaseConfigSchema = z.object({\n  /** Target AWS account ID. Quote it in YAML (`\"012345678901\"`) to preserve leading zeros. */\n  awsAccount: z.string().min(1),\n  /** Target AWS region, e.g. `us-east-1`. */\n  awsRegion: z.string().min(1),\n  /** Arbitrary tags applied to every resource in the stack. */\n  tags: z.record(z.string(), tagValueSchema).optional(),\n  /** Tag key used for the auto-generated \"created by\" tag. */\n  createdByTagName: z.string().default('CreatedBy'),\n  /** Tag key used for the auto-generated \"working directory\" tag. */\n  cwdTagName: z.string().default('WorkDir'),\n});\n\n/** The validated shape produced by {@link BaseConfigSchema}. */\nexport type BaseConfig = z.infer<typeof BaseConfigSchema>;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,IAAAA,cAAkB;;;ACAlB,qBAA6B;AAC7B,uBAAiC;AACjC,kBAAiB;AACjB,iBAAkB;AA+BX,SAAS,kBAAkB,MAKvB;AACT,QAAM,MAAM,KAAK,OAAO,QAAQ,IAAI;AACpC,MAAI,KAAK,YAAY;AACnB,eAAO,6BAAW,KAAK,UAAU,IAAI,KAAK,iBAAa,uBAAK,KAAK,KAAK,UAAU;AAAA,EAClF;AACA,aAAO,uBAAK,KAAK,KAAK,aAAa,UAAU,GAAG,KAAK,WAAW,OAAO;AACzE;AAEA,SAAS,gBAAwC,QAAW,QAAwB;AAClF,MAAI,WAAW,QAAS,QAAO;AAC/B,MAAI,kBAAkB,aAAE,WAAW;AACjC,WAAQ,WAAW,WAAW,OAAO,OAAO,IAAI,OAAO,YAAY;AAAA,EACrE;AAIA,MAAI,kBAAkB,aAAE,YAAY;AAClC,UAAM,QAAQ,gBAAgB,OAAO,UAAU,GAAG,MAAM;AACxD,WAAO,IAAI,aAAE,WAAW,EAAE,GAAG,OAAO,MAAM,QAAQ,MAAM,CAAC;AAAA,EAC3D;AACA,SAAO;AACT;AAEA,SAAS,oBACP,QACA,SACA,MACM;AACN,QAAM,UAAU,QAAQ,WAAW,QAAQ,IAAI;AAC/C,QAAM,SAAS,QAAQ,UAAU,QAAQ,IAAI;AAK7C,MAAI,WAAW,OAAO,OAAO,eAAe,YAAY,OAAO,eAAe,SAAS;AACrF,UAAM,IAAI;AAAA,MACR,yCAAyC,QAAQ,WAAW,MAAM,IAAI,aAChE,OAAO,UAAU,4CAA4C,OAAO,YAC/D,IAAI;AAAA,IACjB;AAAA,EACF;AACA,MAAI,UAAU,OAAO,OAAO,cAAc,YAAY,OAAO,cAAc,QAAQ;AACjF,UAAM,IAAI;AAAA,MACR,wCAAwC,QAAQ,WAAW,MAAM,IAAI,aAC/D,OAAO,SAAS,4CAA4C,MAAM,YAC7D,IAAI;AAAA,IACjB;AAAA,EACF;AACF;AAQO,SAAS,WACd,QACA,SACsC;AACtC,QAAM,OAAO,kBAAkB,OAAO;AAEtC,MAAI;AACJ,MAAI;AACF,cAAM,6BAAa,MAAM,MAAM;AAAA,EACjC,SAAS,KAAK;AACZ,UAAM,IAAI;AAAA,MACR,+CAA+C,QAAQ,WAAW,QAAQ,IAAI,KACxE,IAAc,OAAO;AAAA,IAC7B;AAAA,EACF;AAEA,MAAI;AACJ,MAAI;AACF,aAAS,YAAAC,QAAK,MAAM,GAAG,KAAK,CAAC;AAAA,EAC/B,SAAS,KAAK;AACZ,UAAM,IAAI;AAAA,MACR,gDAAgD,QAAQ,WAAW,QAAQ,IAAI,KACzE,IAAc,OAAO;AAAA,IAC7B;AAAA,EACF;AAEA,QAAM,SAAS,gBAAgB,QAAQ,QAAQ,eAAe,QAAQ,EAAE,UAAU,MAAM;AACxF,MAAI,CAAC,OAAO,SAAS;AACnB,UAAM,UAAU,OAAO,MAAM,OAC1B,IAAI,CAAC,UAAU,OAAO,MAAM,KAAK,KAAK,GAAG,KAAK,QAAQ,KAAK,MAAM,OAAO,EAAE,EAC1E,KAAK,IAAI;AACZ,UAAM,IAAI,MAAM,4BAA4B,IAAI;AAAA,EAAM,OAAO,EAAE;AAAA,EACjE;AAEA,MAAI,QAAQ,wBAAwB,OAAO;AACzC,wBAAoB,OAAO,MAAiC,SAAS,IAAI;AAAA,EAC3E;AAEA,SAAO,EAAE,QAAQ,OAAO,MAAoB,KAAK;AACnD;;;ACtIA,gCAAyB;AACzB,yBAAqB;AAgCrB,IAAM,yBAAyB;AAC/B,IAAM,uBAAuB;AAMtB,SAAS,eAAmC;AACjD,MAAI,OAAO;AACX,MAAI,QAAQ;AACZ,MAAI;AACF,eAAO,oCAAS,sBAAsB,EAAE,SAAS,EAAE,KAAK;AACxD,gBAAQ,oCAAS,uBAAuB,EAAE,SAAS,EAAE,KAAK;AAAA,EAC5D,QAAQ;AAAA,EAER;AACA,QAAM,SAAS,QAAQ,QAAQ,GAAG,IAAI,MAAM,KAAK,KAAK,QAAQ;AAC9D,SAAO,UAAU,QAAQ,IAAI,QAAQ;AACvC;AAOO,SAAS,SAAS,OAAmB,UAA2B,CAAC,GAAS;AAC/E,QAAM,EAAE,MAAM,OAAO,CAAC,GAAG,WAAW,CAAC,GAAG,YAAY,CAAC,EAAE,IAAI;AAC3D,QAAM,YAAmD,CAAC;AAE1D,MAAI,KAAK,YAAY,OAAO;AAC1B,UAAM,SAAS,UAAU,YAAY,MAAM,QAAQ,IAAI,IAAI;AAC3D,QAAI,MAAO,WAAU,KAAK,EAAE,KAAK,SAAS,WAAW,sBAAsB,MAAM,CAAC;AAAA,EACpF;AAEA,MAAI,KAAK,cAAc,OAAO;AAC5B,UAAM,SAAS,UAAU,aAAa,cAAc;AACpD,QAAI,MAAO,WAAU,KAAK,EAAE,KAAK,SAAS,aAAa,wBAAwB,MAAM,CAAC;AAAA,EACxF;AAEA,MAAI,QAAQ,OAAO,SAAS,YAAY,CAAC,MAAM,QAAQ,IAAI,GAAG;AAC5D,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,IAAI,GAAG;AAC/C,UAAI,UAAU,UAAa,UAAU,KAAM;AAC3C,gBAAU,KAAK,EAAE,KAAK,OAAO,OAAO,KAAK,EAAE,CAAC;AAAA,IAC9C;AAAA,EACF;AAEA,aAAW,EAAE,KAAK,MAAM,KAAK,WAAW;AACtC,4BAAK,GAAG,KAAK,EAAE,IAAI,KAAK,KAAK;AAAA,EAC/B;AACF;;;AFrDA,SAAS,WAAc,OAAa;AAClC,MAAI,SAAS,OAAO,UAAU,YAAY,CAAC,OAAO,SAAS,KAAK,GAAG;AACjE,WAAO,OAAO,KAAK;AACnB,eAAW,UAAU,OAAO,OAAO,KAAK,EAAG,YAAW,MAAM;AAAA,EAC9D;AACA,SAAO;AACT;AAEA,SAAS,mBAAmB,OAAmB,SAAgC;AAC7E,MAAI,QAAQ,YAAa,QAAO,QAAQ;AACxC,QAAM,MAAM,QAAQ,cAAc;AAClC,QAAM,cAAuB,MAAM,KAAK,cAAc,GAAG;AACzD,MAAI,OAAO,gBAAgB,YAAY,YAAY,WAAW,GAAG;AAC/D,UAAM,IAAI;AAAA,MACR,4DAA4D,GAAG;AAAA,IAEjE;AAAA,EACF;AACA,SAAO;AACT;AAUO,IAAM,SAAN,MAAM,QAA6B;AAAA;AAAA,EAE/B;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA,EAED,YAAY,aAAqB,QAAW,MAAc;AAChE,SAAK,cAAc;AACnB,SAAK,SAAS,WAAW,MAAM;AAC/B,SAAK,OAAO;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,KACL,OACA,QACA,UAAyB,CAAC,GACO;AACjC,UAAM,cAAc,mBAAmB,OAAO,OAAO;AACrD,UAAM,EAAE,QAAQ,KAAK,IAAI,WAAW,QAAQ;AAAA,MAC1C;AAAA,MACA,WAAW,QAAQ;AAAA,MACnB,YAAY,QAAQ;AAAA,MACpB,KAAK,QAAQ;AAAA,MACb,aAAa,QAAQ;AAAA,MACrB,qBAAqB,QAAQ;AAAA,MAC7B,SAAS,QAAQ;AAAA,MACjB,QAAQ,QAAQ;AAAA,IAClB,CAAC;AACD,WAAO,IAAI,QAAO,aAAa,QAAmC,IAAI;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,SAAS,OAAmB,UAA2B,CAAC,GAAS;AAC/D,UAAM,OAAO,KAAK;AAClB,aAAe,OAAO;AAAA,MACpB,GAAG;AAAA;AAAA;AAAA;AAAA,MAIH,MAAM,EAAE,GAAG,KAAK,MAAM,GAAG,QAAQ,KAAK;AAAA,MACtC,UAAU;AAAA,QACR,WAAW,QAAQ,UAAU,aAAa,KAAK;AAAA,QAC/C,SAAS,QAAQ,UAAU,WAAW,KAAK;AAAA,MAC7C;AAAA,IACF,CAAC;AAAA,EACH;AACF;;;AGjGO,IAAM,iBAAN,MAAkF;AAAA,EACvF,QAAQ,oBAAI,IAAyB;AAAA;AAAA,EAGrC,IAAuB,KAAQ,OAAmB;AAChD,SAAK,MAAM,IAAI,KAAK,KAAK;AACzB,WAAO;AAAA,EACT;AAAA;AAAA,EAGA,IAAuB,KAAc;AACnC,QAAI,CAAC,KAAK,MAAM,IAAI,GAAG,GAAG;AACxB,YAAM,IAAI;AAAA,QACR,aAAa,OAAO,GAAG,CAAC;AAAA,MAE1B;AAAA,IACF;AACA,WAAO,KAAK,MAAM,IAAI,GAAG;AAAA,EAC3B;AAAA;AAAA,EAGA,IAAuB,KAAiB;AACtC,WAAO,KAAK,MAAM,IAAI,GAAG;AAAA,EAC3B;AAAA;AAAA,EAGA,OAAuB;AACrB,WAAO,CAAC,GAAG,KAAK,MAAM,KAAK,CAAC;AAAA,EAC9B;AACF;;;AC9CA,IAAAC,cAAkB;AAOX,IAAM,iBAAiB,cAAE,MAAM,CAAC,cAAE,OAAO,GAAG,cAAE,OAAO,GAAG,cAAE,QAAQ,CAAC,CAAC;AAapE,IAAM,mBAAmB,cAAE,OAAO;AAAA;AAAA,EAEvC,YAAY,cAAE,OAAO,EAAE,IAAI,CAAC;AAAA;AAAA,EAE5B,WAAW,cAAE,OAAO,EAAE,IAAI,CAAC;AAAA;AAAA,EAE3B,MAAM,cAAE,OAAO,cAAE,OAAO,GAAG,cAAc,EAAE,SAAS;AAAA;AAAA,EAEpD,kBAAkB,cAAE,OAAO,EAAE,QAAQ,WAAW;AAAA;AAAA,EAEhD,YAAY,cAAE,OAAO,EAAE,QAAQ,SAAS;AAC1C,CAAC;","names":["import_zod","YAML","import_zod"]}