dotsec 1.0.0-alpha.2 → 1.0.0-alpha.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (25) hide show
  1. package/README.md +191 -39
  2. package/bin/dotsec.js +1 -1
  3. package/dist/cli/index.js +37 -0
  4. package/dist/cli/index.js.map +7 -0
  5. package/dist/cli/index.mjs +37 -0
  6. package/dist/cli/index.mjs.map +7 -0
  7. package/dist/index.d.ts +141 -11
  8. package/dist/index.js +1 -43
  9. package/dist/index.js.map +3 -3
  10. package/dist/index.mjs +2 -0
  11. package/dist/index.mjs.map +7 -0
  12. package/package.json +26 -31
  13. package/src/templates/dotsec.config.ts +15 -0
  14. package/bin/ds.js +0 -3
  15. package/dist/cli.d.ts +0 -1
  16. package/dist/cli.js +0 -2237
  17. package/dist/cli.js.map +0 -7
  18. package/dist/ds/cli.js +0 -1111
  19. package/dist/ds/cli.js.map +0 -7
  20. package/dist/esm/cli.js +0 -2245
  21. package/dist/esm/cli.js.map +0 -7
  22. package/dist/esm/ds/cli.js +0 -1116
  23. package/dist/esm/ds/cli.js.map +0 -7
  24. package/dist/esm/index.js +0 -16
  25. package/dist/esm/index.js.map +0 -7
package/dist/esm/cli.js.map DELETED
@@ -1,7 +0,0 @@
1
- {
2
- "version": 3,
3
- "sources": ["../../src/cli.ts", "../../src/commonCliOptions.ts", "../../src/commands/convert.ts", "../../src/commands/defaultCommand.ts", "../../src/lib/config-old/index.ts", "../../src/lib/json.ts", "../../src/lib/config-old/constants.ts", "../../src/lib/encryptedSecrets.ts", "../../src/utils/io.ts", "../../src/utils/getCredentialsProfileRegion.ts", "../../src/utils/logger.ts", "../../src/lib/partial-commands/handleCredentialsAndRegion.ts", "../../src/utils/kms.ts", "../../src/commands/dot-sec-to-dot-env.ts", "../../src/lib/wtf/crypto.ts", "../../src/utils/secretsManager.ts", "../../src/utils/ssm.ts", "../../src/lib/wtf/types.ts", "../../src/lib/wtf/flat.ts", "../../src/lib/wtf/io.ts", "../../src/lib/wtf/json.ts", "../../src/lib/wtf/yaml.ts", "../../src/commands/encrypted-secrets-to-dot-env.ts", "../../src/lib/wtf/dotenv.ts", "../../src/commands/encrypted-secrets-to-dot-sec.ts", "../../src/lib/wtf/dotsec.ts", "../../src/commands/encrypted-secrets-to-plaintext-secrets.ts", "../../src/commands/offload-plaintext-secrets.ts", "../../src/commands/plaintext-secrets-to-dot-env.ts", "../../src/commands/plaintext-secrets-to-dot-sec.ts", "../../src/commands/plaintext-secrets-to-encrypted-secrets.ts"],
4
- "sourcesContent": ["/* eslint-disable @typescript-eslint/no-shadow */\nimport { hideBin } from 'yargs/helpers';\nimport yargs from 'yargs/yargs';\n\n// import * as createAwsKey from './commands/createAwsKey';\n// import * as awsDecrypt from './commands/aws-decrypt';\n// import * as awsEncrypt from './commands/aws-encrypt';\n// import * as awsPush from './commands/aws-push';\n// import * as debugCommand from './commands/debugCommand';\n// import * as decryptSecCommand from './commands/decryptSecCommand';\n// import * as decryptSecretsJson from './commands/decryptSecretsJson';\nimport convertCommand from './commands/convert';\nimport * as defaultCommmand from './commands/defaultCommand';\n// import * as deleteAwsKey from './commands/deleteAwsKey';\nimport * as dotSecToDotEnv from './commands/dot-sec-to-dot-env';\nimport * as encryptedSecretsToDotEnv from './commands/encrypted-secrets-to-dot-env';\nimport * as encryptedSecretsToDotSec from './commands/encrypted-secrets-to-dot-sec';\nimport * as encryptedSecretsToPlaintextSecrets from './commands/encrypted-secrets-to-plaintext-secrets';\n// import * as encryptEnvCommand from './commands/encryptEnvCommand';\n// import * as encryptSecretsJson from './commands/encryptSecretsJson';\n// import * as offloadToSSMCommand from './commands/offloadToSSMCommand';\nimport * as offloadPlaintextSecrets from './commands/offload-plaintext-secrets';\nimport * as plaintextSecretsToDotEnv from './commands/plaintext-secrets-to-dot-env';\nimport * as plaintextSecretsToDotSec from './commands/plaintext-secrets-to-dot-sec';\nimport * as plaintextSecretsToEncryptedSecrets from './commands/plaintext-secrets-to-encrypted-secrets';\n\nvoid yargs(hideBin(process.argv))\n .command(convertCommand)\n .command(defaultCommmand)\n .command(plaintextSecretsToEncryptedSecrets)\n .command(encryptedSecretsToPlaintextSecrets)\n .command(encryptedSecretsToDotEnv)\n .command(encryptedSecretsToDotSec)\n .command(plaintextSecretsToDotEnv)\n .command(plaintextSecretsToDotSec)\n .command(dotSecToDotEnv)\n .command(offloadPlaintextSecrets)\n\n // .command(awsEncrypt)\n // .command(awsDecrypt)\n // .command(awsPush)\n // .command(offloadToSSMCommand)\n // .command(debugCommand)\n // .command(encryptEnvCommand)\n // .command(decryptSecCommand)\n // .command(encryptSecretsJson)\n // .command(decryptSecretsJson)\n // .command(createAwsKey)\n // .command(deleteAwsKey)\n .parse();\n", "// import regions from 'aws-regions/regions.json';\n\nexport const commonCliOptions = {\n awsProfile: {\n string: true,\n describe: 'AWS profile',\n },\n awsRegion: {\n string: true,\n describe: 'AWS region',\n },\n awsKeyAlias: {\n string: true,\n describe: 'AWS KMS key alias',\n },\n awsKeyArn: {\n string: true,\n describe: 'AWS KMS key id',\n },\n awsKey: {\n string: true,\n describe: 'AWS KMS key arn',\n },\n envFile: {\n string: true,\n describe: '.env file',\n },\n ignoreMissingEnvFile: {\n boolean: true,\n describe: `Don't halt on missing .env file`,\n },\n secFile: {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n awsAssumeRoleArn: {\n string: true,\n describe:\n 'arn or role to assume. Can also be set using the AWS_ASSUME_ROLE_ARN environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable.',\n },\n awsAssumeRoleSessionDuration: {\n number: true,\n describe:\n 'Duration of assume role sessions. Defaults to 3600 seconds. Can also be set using the AWS_ASSUME_ROLE_SESSION_DURATION environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable.',\n },\n useTopLevelsAsEnvironments: {\n boolean: true,\n describe: 'Use top level keys as environments',\n },\n verbose: {\n boolean: true,\n describe: 'Be verbose',\n },\n encryptedSecretsFile: {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n },\n jsonFilter: {\n string: true,\n describe:\n 'dot separated filter path, for example a.b.c will return { a: { b: { c: ... }}}',\n },\n searchpath: {\n string: true,\n describe: 'search path in which to look for secrets tree',\n },\n // regions: {\n // describe: 'AWS region',\n // array: true,\n // choices: regions.map(({ code }) => code),\n // },\n // baseRegion: {\n // describe: 'AWS region where to store encyption secrets. This is also the same region where *you* should deploy the Top Secret! stack.',\n // choices: regions.map(({ code }) => code),\n // },\n yes: {\n boolean: true,\n describe: 'Proceeds without confirmation',\n },\n dryRun: {\n boolean: true,\n describe: 'Do a dry run',\n },\n} as const;\n", "import { CommandModule } from 'yargs';\n\nimport { commonCliOptions } from '../commonCliOptions';\n\n// export const command = 'convert';\n// export const desc = `Converts between .env, .sec, secrets.json and secrets.encrypted.json.\n// If '--use-top-levels-as-environments' is set, it will create a .env file for each top level key in the encrypted secrets file.`;\n\nconst convertModule: CommandModule<\n { 'env-file': { type: string } },\n { envFile: { type: string } }\n> = {\n command: 'convert',\n describe: 'does stuff',\n builder: {\n 'env-file': commonCliOptions.envFile,\n 'search-path': commonCliOptions.searchpath,\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'aws-assume-role-session-duration':\n commonCliOptions.awsAssumeRoleSessionDuration,\n 'use-top-levels-as-environments':\n commonCliOptions.useTopLevelsAsEnvironments,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n },\n handler: (a) => {\n console.log(a.d);\n console.log(a['env-file']);\n },\n};\n\nexport default convertModule;\n\n// export const builder = {\n// 'env-file': commonCliOptions.envFile,\n// 'search-path': commonCliOptions.searchpath,\n// 'aws-profile': commonCliOptions.awsProfile,\n// 'aws-region': commonCliOptions.awsRegion,\n// 'aws-key-alias': commonCliOptions.awsKeyAlias,\n// 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n// 'aws-assume-role-session-duration':\n// commonCliOptions.awsAssumeRoleSessionDuration,\n// 'use-top-levels-as-environments':\n// commonCliOptions.useTopLevelsAsEnvironments,\n// verbose: commonCliOptions.verbose,\n// yes: { ...commonCliOptions.yes },\n// } as const;\n\n// export const handler = async (\n// argv: YargsHandlerParams<typeof builder>,\n// ): Promise<void> => {\n// const config = await getConfig();\n\n// const { info, error } = getLogger();\n// try {\n// const defaultRegion = config.aws.region || argv.awsRegion;\n// const { credentialsAndOrigin, regionAndOrigin } =\n// await handleCredentialsAndRegion({\n// argv: {\n// ...argv,\n// awsRegion: defaultRegion,\n// awsProfile: config.aws.profile || argv.awsProfile,\n// awsAssumeRoleArn:\n// config.aws.assumeRoleArn || argv.awsAssumeRoleArn,\n// awsAssumeRoleSessionDuration:\n// config.aws.assumeRoleSessionDuration ||\n// argv.awsAssumeRoleSessionDuration,\n// },\n// env: { ...process.env },\n// });\n\n// const { fileType, dotSecEncrypted } = await getDotSecEncrypted({\n// defaultConfig: {\n// config: {\n// aws: {\n// keyAlias: 'alias/dotsec',\n// regions: [regionAndOrigin.value],\n// },\n// },\n// },\n// options: {\n// verbose: argv.verbose,\n// },\n// });\n// if (!dotSecEncrypted.encrypted) {\n// throw new Error(`Expected 'encrypted' property, but got none`);\n// }\n// // const dotSecEncryptedFlattened = flattenEncrypted(dotSecEncrypted);\n// // const expanded = expandEncrypted(dotSecEncryptedFlattened);\n\n// const dotSecPlainText = await decryptedEncrypted({\n// dotSecEncrypted,\n// credentials: credentialsAndOrigin.value,\n// region: regionAndOrigin.value,\n// keyAlias: argv.awsKeyAlias,\n// verbose: argv.verbose,\n// });\n\n// if (\n// argv.useTopLevelsAsEnvironments ||\n// dotSecEncrypted.config?.useTopLevelsAsEnvironments\n// ) {\n// const dotEnvsPerEnvironment = toDotEnvPerEnvironment({\n// dotSecPlainText,\n// verbose: argv.verbose,\n// });\n\n// for (const [environment, dotEnv] of Object.entries(\n// dotEnvsPerEnvironment,\n// )) {\n// const fileName = `.env.${environment}`;\n// const dotEnvPath = path.resolve(process.cwd(), fileName);\n\n// info(`target: ${strong(dotEnvPath)}\\n`);\n// info(prettyCode(dotEnv));\n// info(`\\n`);\n// const overwriteResponse = await promptOverwriteIfFileExists({\n// filePath: dotEnvPath,\n// skip: argv.yes,\n// });\n\n// if (\n// overwriteResponse === undefined ||\n// overwriteResponse.overwrite === true\n// ) {\n// fs.writeFileSync(dotEnvPath, dotEnv);\n// }\n\n// // write to file, prompt if file exists\n// }\n// } else {\n// const dotEnv = toDotEnv({\n// dotSecPlainText,\n// verbose: argv.verbose,\n// searchPath: argv.searchPath,\n// });\n\n// const fileName = argv.envFile || `.env`;\n// const dotEnvPath = path.resolve(process.cwd(), fileName);\n// info(`target: ${strong(dotEnvPath)}\\n`);\n// info(prettyCode(dotEnv));\n// info(`\\n`);\n\n// const overwriteResponse = await promptOverwriteIfFileExists({\n// filePath: dotEnvPath,\n// skip: argv.yes,\n// });\n\n// if (\n// overwriteResponse === undefined ||\n// overwriteResponse.overwrite === true\n// ) {\n// fs.writeFileSync(dotEnvPath, dotEnv);\n// }\n// }\n// } catch (e) {\n// error(e);\n// }\n// };\n", "import fs from \"node:fs\";\nimport path from \"node:path\";\n\nimport { KMSClient, DecryptCommand } from \"@aws-sdk/client-kms\";\nimport { redBright } from \"chalk\";\nimport { constantCase } from \"constant-case\";\nimport { spawn } from \"cross-spawn\";\nimport { parse } from \"dotenv\";\nimport flat from \"flat\";\n\nimport { commonCliOptions } from \"../commonCliOptions\";\nimport { getConfig } from \"../lib/config-old\";\nimport { loadEncryptedSecrets } from \"../lib/encryptedSecrets\";\nimport { handleCredentialsAndRegion } from \"../lib/partial-commands/handleCredentialsAndRegion\";\nimport {\n\tCredentialsAndOrigin,\n\tRegionAndOrigin,\n\tYargsHandlerParams,\n} from \"../types\";\nimport { fileExists } from \"../utils/io\";\nimport { getEncryptionAlgorithm } from \"../utils/kms\";\n\nexport const command = \"$0 <command>\";\nexport const desc =\n\t\"Decrypts a .sec file, injects the results into a separate process and runs a command\";\n\nexport const builder = {\n\t\"aws-profile\": commonCliOptions.awsProfile,\n\t\"aws-region\": commonCliOptions.awsRegion,\n\t\"aws-key-alias\": commonCliOptions.awsKeyAlias,\n\t\"sec-file\": commonCliOptions.secFile,\n\t\"env-file\": commonCliOptions.envFile,\n\t\"ignore-missing-env-file\": commonCliOptions.ignoreMissingEnvFile,\n\t\"aws-assume-role-arn\": commonCliOptions.awsAssumeRoleArn,\n\t\"aws-assume-role-session-duration\":\n\t\tcommonCliOptions.awsAssumeRoleSessionDuration,\n\t\"encrypted-secrets-file\": commonCliOptions.encryptedSecretsFile,\n\t\"json-filter\": commonCliOptions.jsonFilter,\n\n\tverbose: commonCliOptions.verbose,\n\t// yes: { ...commonCliOptions.yes },\n\tcommand: { string: true, required: true },\n} as const;\n\nconst handleSec = async ({\n\tsecFile,\n\tcredentialsAndOrigin,\n\tregionAndOrigin,\n\tawsKeyAlias,\n}: {\n\tsecFile: string;\n\tcredentialsAndOrigin: CredentialsAndOrigin;\n\tregionAndOrigin: RegionAndOrigin;\n\tawsKeyAlias: string;\n}) => {\n\tconst secSource = path.resolve(process.cwd(), secFile);\n\tif (!(await fileExists(secSource))) {\n\t\tconsole.error(`Could not open ${redBright(secSource)}`);\n\t\treturn;\n\t}\n\tconst parsedSec = parse(fs.readFileSync(secSource, { encoding: \"utf8\" }));\n\n\tconst kmsClient = new KMSClient({\n\t\tcredentials: credentialsAndOrigin.value,\n\t\tregion: regionAndOrigin.value,\n\t});\n\n\tconst encryptionAlgorithm = await getEncryptionAlgorithm(\n\t\tkmsClient,\n\t\tawsKeyAlias,\n\t);\n\n\tconst envEntries: [string, string][] = await Promise.all(\n\t\tObject.entries(parsedSec).map(async ([key, cipherText]) => {\n\t\t\tconst decryptCommand = new DecryptCommand({\n\t\t\t\tKeyId: awsKeyAlias,\n\t\t\t\tCiphertextBlob: Buffer.from(cipherText, \"base64\"),\n\t\t\t\tEncryptionAlgorithm: encryptionAlgorithm,\n\t\t\t});\n\t\t\tconst decryptionResult = await kmsClient.send(decryptCommand);\n\n\t\t\tif (!decryptionResult?.Plaintext) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`No: ${JSON.stringify({\n\t\t\t\t\t\tkey,\n\t\t\t\t\t\tcipherText,\n\t\t\t\t\t\tdecryptCommand,\n\t\t\t\t\t})}`,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst value = Buffer.from(decryptionResult.Plaintext).toString();\n\t\t\treturn [key, value];\n\t\t}),\n\t);\n\tconst env = Object.fromEntries(envEntries);\n\n\treturn env;\n};\nconst handleEncryptedJson = async ({\n\tencryptedSecretsFile,\n\tjsonFilter,\n\tcredentialsAndOrigin,\n\tregionAndOrigin,\n\tawsKeyAlias,\n}: {\n\tencryptedSecretsFile: string;\n\tjsonFilter?: string;\n\tcredentialsAndOrigin: CredentialsAndOrigin;\n\tregionAndOrigin: RegionAndOrigin;\n\tawsKeyAlias: string;\n}) => {\n\tconst encryptedSecrets = await loadEncryptedSecrets({\n\t\tencryptedSecretsFile: encryptedSecretsFile,\n\t});\n\n\tconst flattened: Record<string, string> = flat.flatten(\n\t\tencryptedSecrets.encryptedParameters,\n\t\t{\n\t\t\tdelimiter: \"__\",\n\t\t\ttransformKey: (key) => {\n\t\t\t\treturn constantCase(key);\n\t\t\t},\n\t\t},\n\t);\n\n\tconst kmsClient = new KMSClient({\n\t\tcredentials: credentialsAndOrigin.value,\n\t\tregion: regionAndOrigin.value,\n\t});\n\n\tconst encryptionAlgorithm = await getEncryptionAlgorithm(\n\t\tkmsClient,\n\t\tawsKeyAlias,\n\t);\n\n\tconst filterKey = jsonFilter\n\t\t?.split(\".\")\n\t\t.map((part) => constantCase(part))\n\t\t.join(\"__\");\n\tconst envEntries: [string, string][] = await Promise.all(\n\t\tObject.entries(flattened)\n\t\t\t.filter(([key]) => {\n\t\t\t\tif (filterKey) {\n\t\t\t\t\treturn key.indexOf(filterKey) === 0;\n\t\t\t\t}\n\t\t\t\treturn true;\n\t\t\t})\n\t\t\t.map(async ([key, cipherText]) => {\n\t\t\t\tconst decryptCommand = new DecryptCommand({\n\t\t\t\t\tKeyId: awsKeyAlias,\n\t\t\t\t\tCiphertextBlob: Buffer.from(cipherText, \"base64\"),\n\t\t\t\t\tEncryptionAlgorithm: encryptionAlgorithm,\n\t\t\t\t});\n\t\t\t\tconst decryptionResult = await kmsClient.send(decryptCommand);\n\n\t\t\t\tif (!decryptionResult?.Plaintext) {\n\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t`No: ${JSON.stringify({\n\t\t\t\t\t\t\tkey,\n\t\t\t\t\t\t\tcipherText,\n\t\t\t\t\t\t\tdecryptCommand,\n\t\t\t\t\t\t})}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tconst value = Buffer.from(decryptionResult.Plaintext).toString();\n\t\t\t\treturn [key, value];\n\t\t\t}),\n\t);\n\tconst env = Object.fromEntries(envEntries);\n\n\treturn env;\n};\nexport const handler = async (\n\targv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n\tconst config = await getConfig();\n\n\ttry {\n\t\tlet env: Record<string, string> | undefined;\n\t\tlet awsEnv: Record<string, string> | undefined;\n\n\t\ttry {\n\t\t\tif (argv.envFile) {\n\t\t\t\tenv = parse(fs.readFileSync(argv.envFile, { encoding: \"utf8\" }));\n\n\t\t\t\tif (\n\t\t\t\t\targv.awsAssumeRoleArn ||\n\t\t\t\t\tprocess.env.AWS_ASSUME_ROLE_ARN ||\n\t\t\t\t\tenv?.AWS_ASSUME_ROLE_ARN\n\t\t\t\t) {\n\t\t\t\t\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\t\t\t\t\tawait handleCredentialsAndRegion({\n\t\t\t\t\t\t\targv: {\n\t\t\t\t\t\t\t\t...argv,\n\t\t\t\t\t\t\t\tawsRegion: config.aws.region || argv.awsRegion,\n\t\t\t\t\t\t\t\tawsProfile: config.aws.profile || argv.awsProfile,\n\t\t\t\t\t\t\t\tawsAssumeRoleArn:\n\t\t\t\t\t\t\t\t\tconfig.aws.assumeRoleArn || argv.awsAssumeRoleArn,\n\t\t\t\t\t\t\t\tawsAssumeRoleSessionDuration:\n\t\t\t\t\t\t\t\t\tconfig.aws.assumeRoleSessionDuration ||\n\t\t\t\t\t\t\t\t\targv.awsAssumeRoleSessionDuration,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tenv: { ...process.env },\n\t\t\t\t\t\t});\n\n\t\t\t\t\tawsEnv = {\n\t\t\t\t\t\tAWS_ACCESS_KEY_ID: credentialsAndOrigin.value.accessKeyId,\n\t\t\t\t\t\tAWS_SECRET_ACCESS_KEY: credentialsAndOrigin.value.secretAccessKey,\n\t\t\t\t\t};\n\n\t\t\t\t\tif (credentialsAndOrigin.value.sessionToken) {\n\t\t\t\t\t\tawsEnv.AWS_SESSION_TOKEN = credentialsAndOrigin.value.sessionToken;\n\t\t\t\t\t}\n\t\t\t\t\t// this means we have\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\t\t\t\tawait handleCredentialsAndRegion({\n\t\t\t\t\t\targv: {\n\t\t\t\t\t\t\t...argv,\n\t\t\t\t\t\t\tawsRegion: config.aws.region || argv.awsRegion,\n\t\t\t\t\t\t\tawsProfile: config.aws.profile || argv.awsProfile,\n\t\t\t\t\t\t\tawsAssumeRoleArn:\n\t\t\t\t\t\t\t\tconfig.aws.assumeRoleArn || argv.awsAssumeRoleArn,\n\t\t\t\t\t\t\tawsAssumeRoleSessionDuration:\n\t\t\t\t\t\t\t\tconfig.aws.assumeRoleSessionDuration ||\n\t\t\t\t\t\t\t\targv.awsAssumeRoleSessionDuration,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tenv: { ...process.env },\n\t\t\t\t\t});\n\n\t\t\t\tif (\n\t\t\t\t\t(argv.awsAssumeRoleArn ||\n\t\t\t\t\t\tprocess.env.AWS_ASSUME_ROLE_ARN ||\n\t\t\t\t\t\tenv?.AWS_ASSUME_ROLE_ARN) &&\n\t\t\t\t\tcredentialsAndOrigin.value.sessionToken !== undefined\n\t\t\t\t) {\n\t\t\t\t\tawsEnv = {\n\t\t\t\t\t\tAWS_ACCESS_KEY_ID: credentialsAndOrigin.value.accessKeyId,\n\t\t\t\t\t\tAWS_SECRET_ACCESS_KEY: credentialsAndOrigin.value.secretAccessKey,\n\t\t\t\t\t\tAWS_SESSION_TOKEN: credentialsAndOrigin.value.sessionToken,\n\t\t\t\t\t};\n\t\t\t\t\t// this means we have\n\t\t\t\t}\n\t\t\t\tif (argv.verbose) {\n\t\t\t\t\tconsole.log({ credentialsAndOrigin, regionAndOrigin });\n\t\t\t\t}\n\t\t\t\tconst awsKeyAlias = argv.awsKeyAlias || config.aws.keyAlias;\n\n\t\t\t\tif (argv.encryptedSecretsFile) {\n\t\t\t\t\tenv = await handleEncryptedJson({\n\t\t\t\t\t\tencryptedSecretsFile: argv.encryptedSecretsFile,\n\t\t\t\t\t\tjsonFilter: argv.jsonFilter,\n\t\t\t\t\t\tcredentialsAndOrigin,\n\t\t\t\t\t\tregionAndOrigin,\n\t\t\t\t\t\tawsKeyAlias,\n\t\t\t\t\t});\n\t\t\t\t\t// // load that file\n\t\t\t\t\t// const encryptedSecrets = await loadEncryptedSecrets({\n\t\t\t\t\t// encryptedSecretsFile: argv.encryptedSecretsFile,\n\t\t\t\t\t// });\n\n\t\t\t\t\t// const flattened = flat.flatten(encryptedSecrets, {\n\t\t\t\t\t// delimiter: '__',\n\t\t\t\t\t// transformKey: (key) => {\n\t\t\t\t\t// return constantCase(key);\n\t\t\t\t\t// },\n\t\t\t\t\t// });\n\n\t\t\t\t\t// console.log('flattened', flattened);\n\n\t\t\t\t\t// const unflattend = flat.unflatten(flattened, {\n\t\t\t\t\t// delimiter: '__',\n\t\t\t\t\t// transformKey: (key) => {\n\t\t\t\t\t// return camelCase(key);\n\t\t\t\t\t// },\n\t\t\t\t\t// });\n\n\t\t\t\t\t// console.log(JSON.stringify(unflattend, null, 4));\n\t\t\t\t} else {\n\t\t\t\t\tenv = await handleSec({\n\t\t\t\t\t\tsecFile: argv.secFile,\n\t\t\t\t\t\tcredentialsAndOrigin,\n\t\t\t\t\t\tregionAndOrigin,\n\t\t\t\t\t\tawsKeyAlias,\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t}\n\t\t} catch (e) {\n\t\t\tif (argv.ignoreMissingEnvFile !== true) {\n\t\t\t\tthrow e;\n\t\t\t}\n\t\t}\n\n\t\t//\n\t\tconst userCommandArgs = process.argv.slice(\n\t\t\tprocess.argv.indexOf(argv.command) + 1,\n\t\t);\n\n\t\tif (argv.command) {\n\t\t\tspawn(argv.command, [...userCommandArgs], {\n\t\t\t\tstdio: \"inherit\",\n\t\t\t\tshell: false,\n\t\t\t\tenv: { ...process.env, ...awsEnv, ...env },\n\t\t\t});\n\t\t}\n\t} catch (e) {\n\t\tconsole.error(e);\n\t}\n};\n", "import path from 'node:path';\n\nimport { bundleRequire } from 'bundle-require';\nimport JoyCon from 'joycon';\n\nimport { loadJson } from '../json';\nimport { defaultConfig } from './constants';\nimport { DotsecConfig, PartialConfig } from './types';\nexport { DotsecConfig, PartialConfig } from './types';\n\nexport const getConfig = async (): Promise<DotsecConfig> => {\n const cwd = process.cwd();\n const configJoycon = new JoyCon();\n const configPath = await configJoycon.resolve({\n files: [\n 'dotsec.config.ts',\n 'dotsec.config.js',\n 'dotsec.config.cjs',\n 'dotsec.config.mjs',\n 'dotsec.config.json',\n 'package.json',\n ],\n cwd,\n stopDir: path.parse(cwd).root,\n packageKey: 'dotsec',\n });\n\n if (configPath) {\n if (configPath.endsWith('.json')) {\n const rawData = (await loadJson(configPath)) as PartialConfig;\n\n let data: Partial<DotsecConfig>;\n\n if (\n configPath.endsWith('package.json') &&\n (rawData as { dotsec: Partial<DotsecConfig> }).dotsec !==\n undefined\n ) {\n data = (rawData as { dotsec: Partial<DotsecConfig> }).dotsec;\n } else {\n data = rawData as Partial<DotsecConfig>;\n }\n\n return {\n ...defaultConfig,\n ...data,\n aws: { ...defaultConfig.aws, ...data.aws },\n };\n }\n\n const config = await bundleRequire({\n filepath: configPath,\n });\n\n const retrievedConfig =\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n (config.mod.dotsec as Partial<DotsecConfig>) ||\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n (config.mod.default as Partial<DotsecConfig>) ||\n config.mod;\n return {\n ...defaultConfig,\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n ...retrievedConfig,\n };\n }\n\n return { ...defaultConfig };\n};\n", "import fs from 'fs';\nimport path from 'node:path';\n\nexport function jsoncParse(data: string) {\n try {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-return, @typescript-eslint/no-implied-eval\n return new Function('return ' + data.trim())();\n } catch {\n // Silently ignore any error\n // That's what tsc/jsonc-parser did after all\n return {};\n }\n}\n\nexport const loadJson = async (filepath: string) => {\n try {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-return\n return jsoncParse(await fs.promises.readFile(filepath, 'utf8'));\n } catch (error) {\n if (error instanceof Error) {\n throw new Error(\n `Failed to parse ${path.relative(process.cwd(), filepath)}: ${\n error.message\n }`,\n );\n } else {\n throw error;\n }\n }\n};\n", "import { DotsecConfig } from './types';\n\nexport const defaultConfig: DotsecConfig = {\n aws: {\n keyAlias: 'alias/top-secret',\n },\n} as const;\n", "import fs from 'fs';\nimport path from 'path';\n\nimport { redBright } from 'chalk';\n\nimport { EncryptedSecrets } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const loadEncryptedSecrets = async ({\n encryptedSecretsFile,\n}: {\n encryptedSecretsFile: string;\n}) => {\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n throw new Error(`Could not open ${redBright(encryptedSecretsPath)}`);\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n if (!encryptedSecrets) {\n throw new Error(\n `No encrypted secrets found in ${redBright(encryptedSecretsPath)}`,\n );\n }\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n return encryptedSecrets;\n};\n", "import { stat } from \"fs/promises\";\n\nimport prompts from \"prompts\";\nimport path from \"node:path\";\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n\ttry {\n\t\tawait stat(source);\n\t\treturn true;\n\t} catch {\n\t\treturn false;\n\t}\n};\n\nexport const promptOverwriteIfFileExists = async ({\n\tfilePath,\n\tskip,\n}: {\n\tfilePath: string;\n\tskip?: boolean;\n}) => {\n\tlet overwriteResponse: prompts.Answers<\"overwrite\"> | undefined;\n\n\tif ((await fileExists(filePath)) && skip !== true) {\n\t\toverwriteResponse = await prompts({\n\t\t\ttype: \"confirm\",\n\t\t\tname: \"overwrite\",\n\t\t\tmessage: () => {\n\t\t\t\treturn `Overwrite './${path.relative(process.cwd(), filePath)}' ?`;\n\t\t\t},\n\t\t});\n\t} else {\n\t\toverwriteResponse = undefined;\n\t}\n\treturn overwriteResponse;\n};\n", "import {\n fromEnv,\n fromIni,\n fromTemporaryCredentials,\n} from '@aws-sdk/credential-providers';\nimport { loadSharedConfigFiles } from '@aws-sdk/shared-ini-file-loader';\n\nimport {\n CredentialsAndOrigin,\n ProfileAndOrigin,\n RegionAndOrigin,\n} from '../types';\nimport { emphasis, strong } from './logger';\n\nexport const getCredentialsProfileRegion = async ({\n argv,\n env,\n}: {\n argv: {\n profile?: string;\n region?: string;\n assumeRoleArn?: string;\n assumeRoleSessionDuration?: number;\n };\n env: {\n AWS_PROFILE?: string;\n AWS_ACCESS_KEY_ID?: string;\n AWS_SECRET_ACCESS_KEY?: string;\n AWS_REGION?: string;\n AWS_DEFAULT_REGION?: string;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n AWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const sharedConfigFiles = await loadSharedConfigFiles();\n let credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n let profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n let regionAndOrigin: RegionAndOrigin | undefined = undefined;\n if (argv.profile) {\n profileAndOrigin = {\n value: argv.profile,\n origin: `command line option: ${emphasis(argv.profile)}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: argv.profile,\n })(),\n origin: `${emphasis(`[${argv.profile}]`)} in credentials file`,\n };\n } else if (env.AWS_PROFILE) {\n profileAndOrigin = {\n value: env.AWS_PROFILE,\n origin: `env variable ${emphasis('AWS_PROFILE')}: ${strong(\n env.AWS_PROFILE,\n )}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: env.AWS_PROFILE,\n })(),\n origin: `env variable ${emphasis('AWS_PROFILE')}: ${strong(\n env.AWS_PROFILE,\n )}`,\n };\n } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n credentialsAndOrigin = {\n value: await fromEnv()(),\n origin: `env variables ${emphasis(\n 'AWS_ACCESS_KEY_ID',\n )} and ${emphasis('AWS_SECRET_ACCESS_KEY')}`,\n };\n } else if (sharedConfigFiles.credentialsFile?.default) {\n profileAndOrigin = {\n value: 'default',\n origin: `${emphasis('[default]')} in credentials file`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: 'default',\n })(),\n origin: `profile ${emphasis('[default]')}`,\n };\n }\n\n if (argv.region) {\n regionAndOrigin = {\n value: argv.region,\n origin: `command line option: ${emphasis(argv.region)}`,\n };\n } else if (env.AWS_REGION) {\n regionAndOrigin = {\n value: env.AWS_REGION,\n origin: `env variable ${emphasis('AWS_REGION')}: ${strong(\n env.AWS_REGION,\n )}`,\n };\n } else if (env.AWS_DEFAULT_REGION) {\n regionAndOrigin = {\n value: env.AWS_DEFAULT_REGION,\n origin: `env variable ${emphasis('AWS_DEFAULT_REGION')}: ${strong(\n env.AWS_DEFAULT_REGION,\n )}`,\n };\n } else if (profileAndOrigin) {\n const foundRegion =\n sharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n if (foundRegion) {\n regionAndOrigin = {\n value: foundRegion,\n origin: `${emphasis(\n `[profile ${profileAndOrigin.value}]`,\n )} in config file`,\n };\n }\n }\n\n const assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;\n if (assumedRole) {\n const origin = argv.assumeRoleArn\n ? 'command line option'\n : 'env variable';\n credentialsAndOrigin = {\n value: await fromTemporaryCredentials({\n masterCredentials: credentialsAndOrigin?.value,\n\n params: {\n DurationSeconds:\n argv.assumeRoleSessionDuration ||\n Number(env.AWS_ASSUME_ROLE_SESSION_DURATION) ||\n 3600,\n RoleArn: assumedRole,\n },\n\n clientConfig: {\n region: regionAndOrigin?.value,\n },\n })(),\n origin: `${origin} ${emphasis(`[${assumedRole}]`)}`,\n };\n }\n\n return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n}: {\n credentialsAndOrigin?: CredentialsAndOrigin;\n regionAndOrigin?: RegionAndOrigin;\n profileAndOrigin?: ProfileAndOrigin;\n}): string => {\n const out: string[] = [];\n if (profileAndOrigin) {\n out.push(`Got profile name from ${profileAndOrigin.origin}`);\n }\n if (credentialsAndOrigin) {\n out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n }\n if (regionAndOrigin) {\n out.push(`Resolved region from ${regionAndOrigin.origin}`);\n }\n return out.join('\\n');\n};\n", "import chalk from 'chalk';\nimport { highlight, Theme, plain } from 'cli-highlight';\n// eslint-disable-next-line @typescript-eslint/naming-convention\nlet _logger: Pick<Console, 'info' | 'error' | 'table'>;\nexport const getLogger = () => {\n if (!_logger) {\n _logger = console;\n }\n\n return _logger;\n};\nexport const writeLine = (str: string) => {\n process.stdout.write(str);\n};\nexport const emphasis = (str: string): string => chalk.yellowBright(str);\nexport const strong = (str: string): string => chalk.yellow.bold(str);\n\nconst myTheme: Theme = {\n attr: chalk.yellow.bold,\n string: chalk.yellowBright.dim,\n params: chalk.red,\n deletion: chalk.red.strikethrough,\n number: plain,\n};\n\nexport const prettyCode = (str: string): string => {\n return highlight(str, { theme: myTheme });\n};\nexport const clientLogger = {\n debug(content: object) {\n console.log(content);\n },\n info(content: object) {\n console.log(content);\n },\n warn(content: object) {\n console.log(content);\n },\n error(content: object) {\n console.error(content);\n },\n};\n", "import {\n getCredentialsProfileRegion,\n printVerboseCredentialsProfileRegion,\n} from '../../utils/getCredentialsProfileRegion';\n\nexport const handleCredentialsAndRegion = async ({\n argv,\n env,\n}: {\n argv: {\n awsRegion?: string;\n awsProfile?: string;\n verbose?: boolean;\n awsAssumeRoleArn?: string;\n awsAssumeRoleSessionDuration?: number;\n };\n env: {\n AWS_PROFILE?: string | undefined;\n AWS_ACCESS_KEY_ID?: string | undefined;\n AWS_SECRET_ACCESS_KEY?: string | undefined;\n AWS_REGION?: string | undefined;\n AWS_DEFAULT_REGION?: string | undefined;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n AWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n await getCredentialsProfileRegion({\n argv: {\n region: argv.awsRegion,\n profile: argv.awsProfile,\n assumeRoleArn: argv.awsAssumeRoleArn,\n assumeRoleSessionDuration: argv.awsAssumeRoleSessionDuration,\n },\n env: {\n ...env,\n },\n });\n\n if (argv.verbose === true) {\n console.log(\n printVerboseCredentialsProfileRegion({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n }),\n );\n }\n\n if (!credentialsAndOrigin || !regionAndOrigin) {\n if (!credentialsAndOrigin) {\n console.error('Could not find credentials');\n throw new Error('Could not find credentials');\n }\n if (!regionAndOrigin) {\n console.error('Could not find region');\n throw new Error('Could not find region');\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin };\n};\n", "import {\n DescribeKeyCommand,\n KMSClient,\n KMSClientConfig,\n} from '@aws-sdk/client-kms';\n\nexport const getKMSClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: KMSClientConfig;\n}) => {\n const kmsClient = new KMSClient(configuration);\n\n return kmsClient;\n};\n\nexport const getEncryptionAlgorithm = async (\n kmsClient: KMSClient,\n awsKeyAlias: string,\n) => {\n // describe key *once*\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n const encryptionAlgorithm =\n describeKeyResult.KeyMetadata?.EncryptionAlgorithms?.[0];\n\n if (encryptionAlgorithm === undefined) {\n throw new Error(`Could not determine encryption algorithm`);\n }\n\n return encryptionAlgorithm;\n};\n", "import fs from \"node:fs\";\nimport path from \"node:path\";\n\nimport * as dotenv from \"dotenv\";\n\nimport { commonCliOptions } from \"../commonCliOptions\";\nimport { getConfig } from \"../lib/config-old\";\nimport { handleCredentialsAndRegion } from \"../lib/partial-commands/handleCredentialsAndRegion\";\nimport { decryptRawDotSecValues } from \"../lib/wtf/crypto\";\nimport { loadFile } from \"../lib/wtf/io\";\nimport { YargsHandlerParams } from \"../types\";\nimport { promptOverwriteIfFileExists } from \"../utils/io\";\nimport { getLogger } from \"../utils/logger\";\nexport const command = \"dot-sec-to-dot-env\";\nexport const desc = `Creates .env file from a .sec file.`;\n\nexport const builder = {\n\t\"sec-file\": commonCliOptions.secFile,\n\t\"env-file\": commonCliOptions.envFile,\n\t\"aws-profile\": commonCliOptions.awsProfile,\n\t\"aws-region\": commonCliOptions.awsRegion,\n\t\"aws-key-alias\": commonCliOptions.awsKeyAlias,\n\t\"aws-assume-role-arn\": commonCliOptions.awsAssumeRoleArn,\n\t\"aws-assume-role-session-duration\":\n\t\tcommonCliOptions.awsAssumeRoleSessionDuration,\n\t\"use-top-levels-as-environments\": commonCliOptions.useTopLevelsAsEnvironments,\n\tverbose: commonCliOptions.verbose,\n\tyes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n\targv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n\tconst config = await getConfig();\n\n\tconst { error } = getLogger();\n\ttry {\n\t\tconst defaultRegion = config.aws.region || argv.awsRegion;\n\t\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\t\tawait handleCredentialsAndRegion({\n\t\t\t\targv: {\n\t\t\t\t\t...argv,\n\t\t\t\t\tawsRegion: defaultRegion,\n\t\t\t\t\tawsProfile: config.aws.profile || argv.awsProfile,\n\t\t\t\t\tawsAssumeRoleArn: config.aws.assumeRoleArn || argv.awsAssumeRoleArn,\n\t\t\t\t\tawsAssumeRoleSessionDuration:\n\t\t\t\t\t\tconfig.aws.assumeRoleSessionDuration ||\n\t\t\t\t\t\targv.awsAssumeRoleSessionDuration,\n\t\t\t\t},\n\t\t\t\tenv: { ...process.env },\n\t\t\t});\n\n\t\t// load .env file\n\t\tconst dotSecFilename = argv.secFile || \".sec\";\n\t\tconst dotSecPath = path.resolve(process.cwd(), dotSecFilename);\n\t\tconst dotSecString = await loadFile(dotSecPath);\n\t\tconst dotSecKeysValues = dotenv.parse(dotSecString);\n\t\tconst dotEnvString = await decryptRawDotSecValues({\n\t\t\tdotSecKeysValues,\n\t\t\tcredentials: credentialsAndOrigin.value,\n\t\t\tregion: regionAndOrigin.value,\n\t\t\tkeyAlias: argv.awsKeyAlias || \"alias/dotsec\",\n\t\t\tverbose: argv.verbose,\n\t\t});\n\n\t\tconst dotEnvFilename = argv.envFile || `.env`;\n\t\tconst dotEnvPath = path.resolve(process.cwd(), dotEnvFilename);\n\n\t\tconst overwriteResponse = await promptOverwriteIfFileExists({\n\t\t\tfilePath: dotEnvPath,\n\t\t\tskip: argv.yes,\n\t\t});\n\n\t\tif (\n\t\t\toverwriteResponse === undefined ||\n\t\t\toverwriteResponse.overwrite === true\n\t\t) {\n\t\t\tfs.writeFileSync(dotEnvPath, dotEnvString);\n\t\t}\n\n\t\t// const { fileType, dotSecPlainText } = await getDotSecPlainText({\n\t\t// defaultConfig: {\n\t\t// config: {\n\t\t// aws: {\n\t\t// keyAlias: 'alias/dotsec',\n\t\t// regions: [regionAndOrigin.value],\n\t\t// },\n\t\t// },\n\t\t// },\n\t\t// options: {\n\t\t// verbose: argv.verbose,\n\t\t// },\n\t\t// });\n\t\t// if (!dotSecPlainText.plaintext) {\n\t\t// throw new Error(`Expected 'encrypted' property, but got none`);\n\t\t// }\n\n\t\t// if (\n\t\t// argv.useTopLevelsAsEnvironments ||\n\t\t// dotSecPlainText.config?.useTopLevelsAsEnvironments\n\t\t// ) {\n\t\t// const dotEnvsPerEnvironment = toDotEnvPerEnvironment({\n\t\t// dotSecPlainText,\n\t\t// verbose: argv.verbose,\n\t\t// });\n\n\t\t// for (const [environment, dotEnv] of Object.entries(\n\t\t// dotEnvsPerEnvironment,\n\t\t// )) {\n\t\t// const fileName = `.env.${environment}`;\n\t\t// const dotEnvPath = path.resolve(process.cwd(), fileName);\n\n\t\t// const overwriteResponse = await promptOverwriteIfFileExists({\n\t\t// filePath: dotEnvPath,\n\t\t// skip: argv.yes,\n\t\t// });\n\n\t\t// if (\n\t\t// overwriteResponse === undefined ||\n\t\t// overwriteResponse.overwrite === true\n\t\t// ) {\n\t\t// fs.writeFileSync(dotEnvPath, dotEnv);\n\t\t// }\n\n\t\t// // write to file, prompt if file exists\n\t\t// }\n\t\t// } else {\n\t\t// const dotEnv = toDotEnv({\n\t\t// dotSecPlainText,\n\t\t// verbose: argv.verbose,\n\t\t// });\n\n\t\t// const fileName = `.env`;\n\t\t// const dotEnvPath = path.resolve(process.cwd(), fileName);\n\n\t\t// const overwriteResponse = await promptOverwriteIfFileExists({\n\t\t// filePath: dotEnvPath,\n\t\t// skip: argv.yes,\n\t\t// });\n\n\t\t// if (\n\t\t// overwriteResponse === undefined ||\n\t\t// overwriteResponse.overwrite === true\n\t\t// ) {\n\t\t// fs.writeFileSync(dotEnvPath, dotEnv);\n\t\t// }\n\t\t// }\n\t} catch (e) {\n\t\terror(e);\n\t}\n};\n", "import {\n\tDecryptCommand,\n\tDescribeKeyCommand,\n\tEncryptCommand,\n} from \"@aws-sdk/client-kms\";\nimport {\n\tCreateSecretCommand,\n\tListSecretsCommand,\n\tPutSecretValueCommand,\n} from \"@aws-sdk/client-secrets-manager\";\nimport {\n\tParameterTier,\n\tParameterType,\n\tPutParameterCommand,\n} from \"@aws-sdk/client-ssm\";\nimport { Credentials } from \"@aws-sdk/types\";\nimport { constantCase } from \"constant-case\";\n\nimport { getEncryptionAlgorithm, getKMSClient } from \"../../utils/kms\";\nimport { emphasis, getLogger, strong } from \"../../utils/logger\";\nimport { getSecretsManagerClient } from \"../../utils/secretsManager\";\nimport { getSSMClient } from \"../../utils/ssm\";\nimport {\n\texpandEncrypted,\n\texpandPlainText,\n\tflattenEncrypted,\n\tflattenPlainText,\n} from \"./flat\";\nimport {\n\tDotSecEncrypted,\n\tDotSecEncryptedFlattened,\n\tDotSecPlainText,\n\tDotSecPlainTextFlattened,\n\tDotSecValue,\n\tisBoolean,\n\tisNumber,\n\tisRegularParameter,\n\tisRegularParameterObject,\n\tisSecretsManagerParameter,\n\tisSSMParameter,\n\tisString,\n} from \"./types\";\n\nconst maybeJson = (value: string): string | JSON => {\n\ttry {\n\t\treturn JSON.parse(value) as JSON;\n\t} catch (e) {\n\t\treturn value;\n\t}\n};\nexport const decryptedEncrypted = async (options: {\n\tdotSecEncrypted: DotSecEncrypted;\n\tcredentials: Credentials;\n\tregion: string;\n\tverbose?: boolean;\n\tkeyAlias?: string;\n}): Promise<DotSecPlainText> => {\n\tconst { dotSecEncrypted, credentials, region, verbose, keyAlias } = options;\n\tconst dotSecEncryptedFlattened = flattenEncrypted(dotSecEncrypted);\n\t// get logger\n\tconst { info, table } = getLogger();\n\t// create KMS client\n\tconst kmsClient = getKMSClient({\n\t\tconfiguration: {\n\t\t\tcredentials,\n\t\t\tregion,\n\t\t},\n\t\tverbose,\n\t});\n\n\tconst awsKeyAlias = keyAlias || dotSecEncrypted.config?.aws?.keyAlias;\n\tif (!awsKeyAlias) {\n\t\tthrow new Error(\"No key alias specified\");\n\t}\n\tif (verbose) {\n\t\tinfo(\n\t\t\t`Encrypting using key alias ${emphasis(awsKeyAlias)} in ${emphasis(\n\t\t\t\tawait kmsClient.config.region(),\n\t\t\t)}`,\n\t\t);\n\n\t\t// describe key *once*\n\n\t\tconst describeKeyCommand = new DescribeKeyCommand({\n\t\t\tKeyId: awsKeyAlias,\n\t\t});\n\n\t\tconst describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n\t\tinfo(\"keyMetaData\", { ...describeKeyResult.KeyMetadata });\n\t}\n\n\tconst encryptionAlgorithm = await getEncryptionAlgorithm(\n\t\tkmsClient,\n\t\tawsKeyAlias,\n\t);\n\n\tconst dotSecFlattened: DotSecPlainTextFlattened = {\n\t\tconfig: { ...dotSecEncrypted.config },\n\t\tplaintext: {},\n\t};\n\tfor (const [key, encryptedValue] of Object.entries(\n\t\tdotSecEncryptedFlattened.encrypted,\n\t)) {\n\t\tconst decryptCommand = new DecryptCommand({\n\t\t\tKeyId: awsKeyAlias,\n\t\t\tCiphertextBlob: Buffer.from(encryptedValue.encryptedValue, \"base64\"),\n\t\t\tEncryptionAlgorithm: encryptionAlgorithm,\n\t\t});\n\n\t\tconst decryptionResult = await kmsClient.send(decryptCommand);\n\n\t\tif (!decryptionResult.Plaintext) {\n\t\t\tthrow new Error(\n\t\t\t\t`Something bad happened: ${JSON.stringify({\n\t\t\t\t\tkey,\n\t\t\t\t\tcipherText: encryptedValue,\n\t\t\t\t\tdecryptCommand: decryptCommand,\n\t\t\t\t})}`,\n\t\t\t);\n\t\t}\n\n\t\tif (verbose) {\n\t\t\tinfo(`Decrypting key ${emphasis(key)} ${strong(\"ok\")}`);\n\t\t}\n\n\t\tconst decryptedValue = Buffer.from(decryptionResult.Plaintext).toString();\n\t\tconst decryptedKeyValue = JSON.parse(decryptedValue) as {\n\t\t\tkey: string;\n\t\t\tvalue: string;\n\t\t};\n\t\t/**\n\t\t * We don't really know for sure if this is JSON or not, so we'll try to parse it\n\t\t * Since we do not accept JSON at top level, we have a nice foot gun here.\n\t\t */\n\t\t// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n\t\t// @ts-ignore\n\t\tdotSecFlattened.plaintext[key] = maybeJson(decryptedKeyValue.value);\n\t}\n\treturn expandPlainText(dotSecFlattened);\n};\n\nexport const encryptPlainText = async (options: {\n\tdotSecPlainText: DotSecPlainText;\n\tcredentials: Credentials;\n\tregion: string;\n\tverbose?: boolean;\n\tkeyAlias?: string;\n}): Promise<DotSecEncrypted> => {\n\tconst { dotSecPlainText, credentials, region, verbose, keyAlias } = options;\n\tconst dotSecFlattened = flattenPlainText(dotSecPlainText);\n\tconst { info } = getLogger();\n\t// create KMS client\n\tconst kmsClient = getKMSClient({\n\t\tconfiguration: {\n\t\t\tcredentials,\n\t\t\tregion,\n\t\t},\n\t\tverbose,\n\t});\n\n\tconst awsKeyAlias = keyAlias || dotSecFlattened.config?.aws?.keyAlias;\n\tif (!awsKeyAlias) {\n\t\tthrow new Error(\"No key alias specified\");\n\t}\n\tif (verbose) {\n\t\tinfo(\n\t\t\t`Encrypting using key alias ${emphasis(awsKeyAlias)} in ${emphasis(\n\t\t\t\tawait kmsClient.config.region(),\n\t\t\t)}`,\n\t\t);\n\n\t\t// describe key *once*\n\n\t\tconst describeKeyCommand = new DescribeKeyCommand({\n\t\t\tKeyId: awsKeyAlias,\n\t\t});\n\n\t\tconst describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n\t\tinfo(\"keyMetaData\", { ...describeKeyResult.KeyMetadata });\n\t}\n\n\tconst encryptionAlgorithm = await getEncryptionAlgorithm(\n\t\tkmsClient,\n\t\tawsKeyAlias,\n\t);\n\n\tconst encryptedDotSecFlattened: DotSecEncryptedFlattened = {\n\t\tconfig: { ...dotSecFlattened.config },\n\t\tencrypted: {},\n\t};\n\tfor (const [key, plainTextValue] of Object.entries(\n\t\tdotSecFlattened.plaintext,\n\t)) {\n\t\tlet plainTextValueCopy = plainTextValue;\n\t\t// check if parameter is string, number or boolean, if not, encode to json\n\t\tif (\n\t\t\ttypeof plainTextValueCopy !== \"string\" &&\n\t\t\ttypeof plainTextValueCopy !== \"number\" &&\n\t\t\ttypeof plainTextValueCopy !== \"boolean\"\n\t\t) {\n\t\t\tplainTextValueCopy = JSON.stringify(plainTextValue);\n\t\t}\n\n\t\tconst damn = JSON.stringify({ key, value: plainTextValueCopy });\n\t\tconst encryptCommand = new EncryptCommand({\n\t\t\tKeyId: awsKeyAlias,\n\t\t\tPlaintext: Buffer.from(String(damn)),\n\t\t\tEncryptionAlgorithm: encryptionAlgorithm,\n\t\t});\n\n\t\tconst encryptionResult = await kmsClient.send(encryptCommand);\n\n\t\tif (!encryptionResult.CiphertextBlob) {\n\t\t\tthrow new Error(\n\t\t\t\t`Something bad happened: ${JSON.stringify({\n\t\t\t\t\tkey,\n\t\t\t\t\tvalue: plainTextValue,\n\t\t\t\t\tencryptCommand,\n\t\t\t\t})}`,\n\t\t\t);\n\t\t}\n\n\t\tif (verbose) {\n\t\t\tinfo(`Encrypting key ${emphasis(key)} ${strong(\"ok\")}`);\n\t\t}\n\n\t\tconst cipherText = Buffer.from(encryptionResult.CiphertextBlob).toString(\n\t\t\t\"base64\",\n\t\t);\n\n\t\tif (isRegularParameter(plainTextValue)) {\n\t\t\tencryptedDotSecFlattened.encrypted[key] = {\n\t\t\t\ttype: \"standard\",\n\t\t\t\tencryptedValue: cipherText,\n\t\t\t};\n\t\t\t// do something ssm\n\t\t} else if (isSSMParameter(plainTextValue)) {\n\t\t\tencryptedDotSecFlattened.encrypted[key] = {\n\t\t\t\ttype: \"ssm\",\n\t\t\t\tencryptedValue: cipherText,\n\t\t\t};\n\t\t\t// do something ssm\n\t\t} else if (isSecretsManagerParameter(plainTextValue)) {\n\t\t\tencryptedDotSecFlattened.encrypted[key] = {\n\t\t\t\ttype: \"secretsManager\",\n\t\t\t\tencryptedValue: cipherText,\n\t\t\t};\n\t\t}\n\t}\n\treturn expandEncrypted(encryptedDotSecFlattened);\n};\n\ntype SyncTasks = {\n\ttotal: number;\n\tputParameterCommands: PutParameterCommand[];\n\tcreateSecretCommands: CreateSecretCommand[];\n\tputSecretValueCommands: PutSecretValueCommand[];\n};\nexport const createStorePlaintextTasks = async (options: {\n\tdotSecPlainText: DotSecPlainText;\n\tcredentials: Credentials;\n\tregion: string;\n\tverbose?: boolean;\n\tkeyAlias?: string;\n}): Promise<SyncTasks> => {\n\tconst { dotSecPlainText, credentials, region, verbose, keyAlias } = options;\n\tconst dotSecPlainTextFlattened = flattenPlainText(dotSecPlainText);\n\t// get logger\n\tconst { info } = getLogger();\n\t// create KMS client\n\t// create ssm client\n\tconst ssmClient = getSSMClient({\n\t\tconfiguration: {\n\t\t\tcredentials,\n\t\t\tregion,\n\t\t},\n\t\tverbose,\n\t});\n\n\tconst secretsManagerClient = getSecretsManagerClient({\n\t\tconfiguration: {\n\t\t\tcredentials,\n\t\t\tregion,\n\t\t},\n\t\tverbose,\n\t});\n\n\t// Array<[secretName: string, arn: string]>\n\tconst secretNameArnTuples = (\n\t\tawait secretsManagerClient.send(new ListSecretsCommand({}))\n\t)?.SecretList?.map((secret) => [secret.Name, secret.ARN]).filter(\n\t\t([name, ARN]) => name && ARN,\n\t) as [string, string][];\n\n\t// { [secretName: string] : arn }\n\tconst existingSecrets = secretNameArnTuples\n\t\t? Object.fromEntries(secretNameArnTuples)\n\t\t: {};\n\n\tconst awsKeyAlias = keyAlias || dotSecPlainText.config?.aws?.keyAlias;\n\tif (!awsKeyAlias) {\n\t\tthrow new Error(`No key alias specified`);\n\t}\n\tif (verbose) {\n\t\tinfo(`Encrypting to SSM and/or SecretsManager in ${emphasis(region)}`);\n\t}\n\n\tconst putParameterCommands: PutParameterCommand[] = [];\n\tconst createSecretCommands: CreateSecretCommand[] = [];\n\tconst putSecretValueCommands: PutSecretValueCommand[] = [];\n\n\tfor (const [keyPath, plainTextValue] of Object.entries(\n\t\tdotSecPlainTextFlattened.plaintext,\n\t)) {\n\t\tlet storageValue: DotSecValue;\n\t\tif (isRegularParameter(plainTextValue)) {\n\t\t\tif (isRegularParameterObject(plainTextValue)) {\n\t\t\t\tstorageValue = plainTextValue.value;\n\t\t\t} else {\n\t\t\t\tstorageValue = plainTextValue;\n\t\t\t}\n\t\t} else if (isSSMParameter(plainTextValue)) {\n\t\t\t// if (isSSMParameterObject(plainTextValue)) {\n\t\t\tstorageValue = plainTextValue.value;\n\t\t\t// } else {\n\t\t\t// storageValue = plainTextValue;\n\t\t\t// }\n\t\t} else if (isSecretsManagerParameter(plainTextValue)) {\n\t\t\tstorageValue = plainTextValue.value;\n\t\t} else {\n\t\t\tthrow new Error(\"Invalid parameter type\");\n\t\t}\n\t\t// check if parameter is string, number or boolean, if not, encode to json\n\t\tif (\n\t\t\t!isString(storageValue) &&\n\t\t\t!isNumber(storageValue) &&\n\t\t\t!isBoolean(storageValue)\n\t\t) {\n\t\t\tstorageValue = JSON.stringify(storageValue);\n\t\t}\n\t\tif (\n\t\t\tisSSMParameter(plainTextValue) ||\n\t\t\t(isRegularParameter(plainTextValue) &&\n\t\t\t\tdotSecPlainText.config?.standardParameterStorageType === \"ssm\" &&\n\t\t\t\t(isRegularParameterObject(plainTextValue)\n\t\t\t\t\t? plainTextValue.dontStore !== true\n\t\t\t\t\t: true))\n\t\t) {\n\t\t\tlet parameterTier: ParameterTier = ParameterTier.STANDARD;\n\t\t\tlet parameterType: ParameterType = ParameterType.STRING;\n\t\t\tlet description: string | undefined;\n\t\t\tif (isSSMParameter(plainTextValue)) {\n\t\t\t\tif (plainTextValue?.ssm?.tier) {\n\t\t\t\t\tparameterTier = plainTextValue.ssm.tier;\n\t\t\t\t}\n\t\t\t\tif (plainTextValue?.ssm?.type) {\n\t\t\t\t\tparameterType = plainTextValue.ssm.type;\n\t\t\t\t}\n\t\t\t\tif (plainTextValue?.description) {\n\t\t\t\t\tdescription = plainTextValue.description;\n\t\t\t\t}\n\t\t\t}\n\t\t\tconst putParameterCommand = new PutParameterCommand({\n\t\t\t\tName: `/${keyPath}`,\n\t\t\t\tValue: String(storageValue),\n\t\t\t\tType: parameterType,\n\t\t\t\tTier: parameterTier,\n\t\t\t\tDescription: description,\n\t\t\t\tOverwrite: true,\n\t\t\t});\n\t\t\tputParameterCommands.push(putParameterCommand);\n\t\t\t// await ssmClient.send(putParameterCommand);\n\t\t} else if (\n\t\t\tisSecretsManagerParameter(plainTextValue) ||\n\t\t\t(isRegularParameter(plainTextValue) &&\n\t\t\t\tdotSecPlainText.config?.standardParameterStorageType ===\n\t\t\t\t\t\"secretsManager\" &&\n\t\t\t\t(isRegularParameterObject(plainTextValue)\n\t\t\t\t\t? plainTextValue.dontStore !== true\n\t\t\t\t\t: true))\n\t\t) {\n\t\t\tconst existingSecretARN = existingSecrets[keyPath];\n\t\t\tif (!existingSecretARN) {\n\t\t\t\tconst createSecretCommand = new CreateSecretCommand({\n\t\t\t\t\tName: keyPath,\n\t\t\t\t\tSecretString: String(storageValue),\n\t\t\t\t});\n\t\t\t\tcreateSecretCommands.push(createSecretCommand);\n\t\t\t\t// await secretsManagerClient.send(createSecretCommand);\n\t\t\t} else {\n\t\t\t\tconst putSecretCommand = new PutSecretValueCommand({\n\t\t\t\t\tSecretId: existingSecretARN,\n\t\t\t\t\tSecretString: String(storageValue),\n\t\t\t\t});\n\t\t\t\tputSecretValueCommands.push(putSecretCommand);\n\t\t\t\t// await secretsManagerClient.send(putSecretCommand);\n\t\t\t}\n\t\t}\n\t}\n\n\treturn {\n\t\ttotal:\n\t\t\tputParameterCommands.length +\n\t\t\tcreateSecretCommands.length +\n\t\t\tputSecretValueCommands.length,\n\t\tputParameterCommands,\n\t\tcreateSecretCommands,\n\t\tputSecretValueCommands,\n\t};\n};\n\nexport const executeStorePlainTextTasks = async (options: {\n\tcredentials: Credentials;\n\tregion: string;\n\tverbose?: boolean;\n\ttasks: SyncTasks;\n}): Promise<void> => {\n\tconst { credentials, region, verbose, tasks } = options;\n\tconst { info } = getLogger();\n\tconst ssmClient = getSSMClient({\n\t\tconfiguration: {\n\t\t\tcredentials,\n\t\t\tregion,\n\t\t},\n\t\tverbose,\n\t});\n\n\tconst secretsManagerClient = getSecretsManagerClient({\n\t\tconfiguration: {\n\t\t\tcredentials,\n\t\t\tregion,\n\t\t},\n\t\tverbose,\n\t});\n\tfor (const putParameterCommand of tasks.putParameterCommands) {\n\t\tprocess.stdout.write(\n\t\t\t`Storing SSM parameter ${emphasis(\n\t\t\t\tputParameterCommand.input.Name || \"<unnamed> \",\n\t\t\t)}... `,\n\t\t);\n\t\tawait ssmClient.send(putParameterCommand);\n\t\tprocess.stdout.write(`done\\n`);\n\t}\n\tfor (const createSecretCommand of tasks.createSecretCommands) {\n\t\tprocess.stdout.write(\n\t\t\t`Creating Secret ${emphasis(\n\t\t\t\tcreateSecretCommand.input.Name || \"<unnamed> \",\n\t\t\t)}... `,\n\t\t);\n\t\tawait secretsManagerClient.send(createSecretCommand);\n\t\tprocess.stdout.write(`done\\n`);\n\t}\n\tfor (const putSecretValueCommand of tasks.putSecretValueCommands) {\n\t\tprocess.stdout.write(\n\t\t\t`Updating Secret ${emphasis(\n\t\t\t\tputSecretValueCommand.input.SecretId || \"<unknown id> \",\n\t\t\t)}... `,\n\t\t);\n\t\tawait secretsManagerClient.send(putSecretValueCommand);\n\t\tprocess.stdout.write(`done\\n`);\n\t}\n};\n\nexport const prettyPrintTasks = (tasks: SyncTasks) => {\n\tconst { info, table } = getLogger();\n\tconst { putParameterCommands, createSecretCommands, putSecretValueCommands } =\n\t\ttasks;\n\n\tconst ssmTasks = putParameterCommands.map((command) => {\n\t\treturn {\n\t\t\tname: command.input.Name,\n\t\t\tdescription: command.input.Description || \"<no description>\",\n\t\t\ttier: command.input.Tier,\n\t\t\ttype: command.input.Type,\n\t\t\tvalue: command.input.Value,\n\t\t};\n\t});\n\tinfo(emphasis(`AWS Systems Manager > Parameter Store: create or update`));\n\ttable(ssmTasks);\n\n\tconst createSecretTasks = createSecretCommands.map((command) => {\n\t\treturn {\n\t\t\tsecretName: command.input.Name,\n\t\t\tdescription: command.input.Description || \"<no description>\",\n\t\t\tvalue: \"**** redacted ****>\",\n\t\t};\n\t});\n\tif (createSecretTasks.length) {\n\t\tinfo(emphasis(`AWS Secrets Manager Secrets: create`));\n\t\ttable(createSecretTasks);\n\t}\n\tconst updateSecretTasks = putSecretValueCommands.map((command) => {\n\t\treturn {\n\t\t\tsecretName: command.input.SecretId,\n\t\t\tvalue: \"**** redacted ****>\",\n\t\t};\n\t});\n\tif (updateSecretTasks.length) {\n\t\tinfo(emphasis(`AWS Secrets Manager Secrets: update`));\n\t\ttable(updateSecretTasks);\n\t}\n};\nexport const decryptRawDotSecValues = async (options: {\n\tdotSecKeysValues: Record<string, string>;\n\tcredentials: Credentials;\n\tregion: string;\n\tverbose?: boolean;\n\tkeyAlias?: string;\n\tsearchPath?: string;\n}): Promise<string> => {\n\tconst { info } = getLogger();\n\n\tconst {\n\t\tdotSecKeysValues: rawDotSec,\n\t\tcredentials,\n\t\tregion,\n\t\tverbose,\n\t\tkeyAlias,\n\t\tsearchPath,\n\t} = options;\n\n\tconst kmsClient = getKMSClient({\n\t\tconfiguration: {\n\t\t\tcredentials,\n\t\t\tregion,\n\t\t},\n\t\tverbose,\n\t});\n\n\tconst s = searchPath\n\t\t?.split(\".\")\n\t\t.map((part) => `${constantCase(part)}_`)\n\t\t.join(\"\");\n\tconst awsKeyAlias = keyAlias;\n\tif (!keyAlias) {\n\t\tthrow new Error(\"No key alias specified\");\n\t}\n\n\tconst encryptionAlgorithm = await getEncryptionAlgorithm(kmsClient, keyAlias);\n\tconst dotEnvLines: string[] = [];\n\n\tconst filtered = s\n\t\t? Object.fromEntries(\n\t\t\t\tObject.entries(rawDotSec)\n\t\t\t\t\t.filter(([key]) => key.startsWith(s))\n\t\t\t\t\t.map(([key, value]) => [key.replace(s, \"\"), value]),\n\t\t )\n\t\t: rawDotSec;\n\tfor (const [key, encryptedValue] of Object.entries(filtered)) {\n\t\tconst decryptCommand = new DecryptCommand({\n\t\t\tKeyId: awsKeyAlias,\n\t\t\tCiphertextBlob: Buffer.from(encryptedValue, \"base64\"),\n\t\t\tEncryptionAlgorithm: encryptionAlgorithm,\n\t\t});\n\n\t\tconst decryptionResult = await kmsClient.send(decryptCommand);\n\n\t\tif (!decryptionResult.Plaintext) {\n\t\t\tthrow new Error(\n\t\t\t\t`Something bad happened: ${JSON.stringify({\n\t\t\t\t\tkey,\n\t\t\t\t\tcipherText: encryptedValue,\n\t\t\t\t\tdecryptCommand: decryptCommand,\n\t\t\t\t})}`,\n\t\t\t);\n\t\t}\n\n\t\tif (verbose) {\n\t\t\tinfo(`Decrypting key ${emphasis(key)} ${strong(\"ok\")}`);\n\t\t}\n\n\t\tconst decryptedValue = Buffer.from(decryptionResult.Plaintext).toString();\n\t\t// this *is* json\n\t\tconst parsedValue = JSON.parse(decryptedValue) as {\n\t\t\tkey: string;\n\t\t\tvalue: string;\n\t\t};\n\n\t\tconst stringOrJson = maybeJson(parsedValue.value);\n\n\t\tif (isRegularParameter(stringOrJson)) {\n\t\t\tif (isRegularParameterObject(stringOrJson)) {\n\t\t\t\tdotEnvLines.push(`${key}=${JSON.stringify(stringOrJson.value)}`);\n\t\t\t} else {\n\t\t\t\tdotEnvLines.push(`${key}=${String(stringOrJson)}`);\n\t\t\t}\n\t\t} else if (isSSMParameter(stringOrJson)) {\n\t\t\t// if (isSSMParameterObject(stringOrJson)) {\n\t\t\tdotEnvLines.push(`${key}=${JSON.stringify(stringOrJson.value)}`);\n\t\t\t// } else {\n\t\t\t// dotEnvLines.push(`${key}=${String(stringOrJson)}`);\n\t\t\t// }\n\t\t} else if (isSecretsManagerParameter(stringOrJson)) {\n\t\t\tdotEnvLines.push(`${key}=${JSON.stringify(stringOrJson.value)}`);\n\t\t}\n\n\t\t// unbox values\n\t}\n\n\treturn dotEnvLines.join(\"\\n\");\n};\n", "import {\n SecretsManagerClient,\n SecretsManagerClientConfig,\n} from '@aws-sdk/client-secrets-manager';\n\nexport const getSecretsManagerClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: SecretsManagerClientConfig;\n}) => {\n const secretsManagerClient = new SecretsManagerClient(configuration);\n return secretsManagerClient;\n};\n", "import { SSMClient, SSMClientConfig } from '@aws-sdk/client-ssm';\n\nexport const getSSMClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: SSMClientConfig;\n}) => {\n const ssmClient = new SSMClient(configuration);\n return ssmClient;\n};\n", "import { ParameterTier, ParameterType } from \"@aws-sdk/client-ssm\";\n\n// type Not<T extends { [key: string]: unknown }> = Id<{ [P in keyof T]?: never }>;\ntype Id<T> = T extends { [key: string]: unknown }\n\t? Record<string, unknown> & { [P in keyof T]: Id<T[P]> }\n\t: T;\nexport const dotSecFileTypes = [\"json\", \"ts\", \"yaml\", \"yml\"] as const;\nexport type DotSecFileType = typeof dotSecFileTypes[number];\nexport type DotSecEncryptedEncoding = \"encrypted\";\nexport type DotSecPlaintextEncoding = \"plaintext\";\nexport type DotSecEncoding = DotSecPlaintextEncoding | DotSecEncryptedEncoding;\nexport type DotSecValue =\n\t| string\n\t| number\n\t| boolean\n\t| { [key: string]: DotSecValue }\n\t| Array<DotSecValue>;\nexport type SSMParameterObject = {\n\ttype: \"ssm\";\n\tdescription?: string;\n\tssm?: {\n\t\ttype?: ParameterType;\n\t\ttier?: ParameterTier;\n\t};\n\tvalue: DotSecValue;\n\tencryptedValue?: never;\n};\nexport type SSMEncryptedParameterObject = {\n\ttype: \"ssm\";\n\tdescription?: string;\n\tvalue?: never;\n\tencryptedValue: string;\n};\nexport type StandardParameterObject = {\n\ttype: \"standard\";\n\tdescription?: string;\n\tvalue: DotSecValue;\n\tdontStore?: boolean;\n\tencryptedValue?: never;\n};\nexport type StandardEncryptedParameterObject = {\n\ttype: \"standard\";\n\tdescription?: string;\n\tvalue?: never;\n\tencryptedValue: string;\n};\nexport type SSMParameter<\n\tEncoding extends DotSecEncoding = DotSecPlaintextEncoding,\n> = Encoding extends DotSecPlaintextEncoding\n\t? SSMParameterObject\n\t: SSMEncryptedParameterObject;\nexport type StandardParameter<\n\tEncoding extends DotSecEncoding = DotSecPlaintextEncoding,\n> = Encoding extends DotSecPlaintextEncoding\n\t? string | number | boolean | StandardParameterObject\n\t: StandardEncryptedParameterObject;\n\nexport type DotSecSecretsManagerParameter = {\n\tvalue: DotSecValue;\n\tencryptedValue?: never;\n};\n\nexport type SecretsManagerParameter<\n\tEncoding extends DotSecEncoding = DotSecPlaintextEncoding,\n> = {\n\ttype: \"secretsManager\";\n\tdescription?: string;\n} & (Encoding extends DotSecPlaintextEncoding\n\t? DotSecSecretsManagerParameter\n\t: {\n\t\t\ttype: \"secretsManager\";\n\n\t\t\tvalue?: never;\n\t\t\tencryptedValue: string;\n\t });\n\nexport type DotSecLeaf<\n\tEncoding extends DotSecEncoding /* = DotSecPlainTextEncoding */,\n> =\n\t| SSMParameter<Encoding>\n\t| SecretsManagerParameter<Encoding>\n\t| StandardParameter<Encoding>;\n\nexport type DotSecTree<\n\tEncoding extends DotSecEncoding,\n\tTreeShape extends DotSecTreeShape,\n> = {\n\t[key: string]: TreeShape extends DotSecExpandedTree\n\t\t? DotSecLeaf<Encoding> | DotSecTree<Encoding, TreeShape>\n\t\t: DotSecLeaf<Encoding>;\n};\ntype DotSecFlatTree<Encoding extends DotSecEncoding = DotSecPlaintextEncoding> =\n\tDotSecTree<Encoding, DotSecExpandedTree>;\n\nexport type DeepPartial<T> = T extends object\n\t? {\n\t\t\t[P in keyof T]?: DeepPartial<T[P]>;\n\t }\n\t: T;\n\nexport type OptionalDeepPartial<\n\tT,\n\tIgnorePartials extends boolean = false,\n> = IgnorePartials extends true\n\t? T\n\t: T extends object\n\t? {\n\t\t\t[P in keyof T]?: DeepPartial<T[P]>;\n\t }\n\t: T;\nexport type DotSecConfig<\n\tConfigDemand extends DotSecConfigDemand = DotSecWithOptionalConfig,\n> = OptionalDeepPartial<\n\t{\n\t\tconfig: {\n\t\t\tpathPrefix?: string;\n\t\t\tuseTopLevelsAsEnvironments?: boolean;\n\t\t\tstandardParameterStorageType?: \"none\" | \"ssm\" | \"secretsManager\";\n\t\t\taws: {\n\t\t\t\tkeyAlias: string;\n\t\t\t\tregions: Array<string>;\n\t\t\t\t// environmentMapping?: {\n\t\t\t\t// [awsEnvironment: string]: {\n\t\t\t\t// accountId: string;\n\t\t\t\t// accessKeyId: string;\n\t\t\t\t// secretAccessKey: string;\n\t\t\t\t// };\n\t\t\t\t// };\n\t\t\t};\n\t\t};\n\t},\n\tConfigDemand extends DotSecWithOptionalConfig ? false : true\n>;\nexport type DotSecPlainTextByFileType = {\n\tfileType: DotSecFileType;\n\tpath: string;\n\tdotSecPlainText: DotSecPlainText;\n\traw: string;\n};\nexport type DotSecEncryptedByFileType = {\n\tfileType: DotSecFileType;\n\tpath: string;\n\tdotSecEncrypted: DotSecEncrypted;\n};\nexport type DotSecRequiredConfig = DotSecConfig<DotSecWithRequiredConfig>;\nexport type DotSecTrees =\n\t| DotSecTree<DotSecPlaintextEncoding, DotSecExpandedTree>\n\t| DotSecTree<DotSecEncryptedEncoding, DotSecExpandedTree>\n\t| DotSecTree<DotSecPlaintextEncoding, DotSecFlattenedTree>\n\t| DotSecTree<DotSecEncryptedEncoding, DotSecFlattenedTree>;\n\nexport type DotSec<\n\tTree extends DotSecTrees = DotSecTree<\n\t\tDotSecPlaintextEncoding,\n\t\tDotSecExpandedTree\n\t>,\n\tEncoding extends DotSecEncoding = DotSecPlaintextEncoding,\n\tFlattened extends DotSecTreeShape = DotSecExpandedTree,\n\tWithRequiredConfig extends DotSecConfigDemand = DotSecWithOptionalConfig,\n> = DS<Tree, Encoding, Flattened, WithRequiredConfig>;\n\nexport type DS<\n\tTree extends DotSecTrees,\n\tEncoding extends DotSecEncoding = DotSecPlaintextEncoding,\n\tFlattened extends DotSecTreeShape = DotSecExpandedTree,\n\tWithRequiredConfig extends DotSecConfigDemand = DotSecWithOptionalConfig,\n> = DotSecConfig<WithRequiredConfig> &\n\t(Encoding extends DotSecPlaintextEncoding\n\t\t? {\n\t\t\t\tplaintext: Tree extends DotSecTree<DotSecPlaintextEncoding, Flattened>\n\t\t\t\t\t? Tree\n\t\t\t\t\t: never;\n\t\t\t\tencrypted?: never;\n\t\t }\n\t\t: {\n\t\t\t\tencrypted: Tree extends DotSecTree<DotSecEncryptedEncoding, Flattened>\n\t\t\t\t\t? Tree\n\t\t\t\t\t: never;\n\t\t\t\tplaintext?: never;\n\t\t });\n\nexport type DotSecFlattenedTree = \"flattened\";\nexport type DotSecExpandedTree = \"expanded\";\nexport type DotSecTreeShape = DotSecFlattenedTree | DotSecExpandedTree;\nexport type DotSecWithOptionalConfig = \"with-optional-config\";\nexport type DotSecWithRequiredConfig = \"with-required-config\";\nexport type DotSecConfigDemand =\n\t| DotSecWithOptionalConfig\n\t| DotSecWithRequiredConfig;\nexport type DotSecEncrypted<\n\tT extends DotSecTree<\n\t\tDotSecEncryptedEncoding,\n\t\tDotSecExpandedTree\n\t> = DotSecTree<DotSecEncryptedEncoding, DotSecExpandedTree>,\n> = DotSec<T, DotSecEncryptedEncoding>;\n\nexport type DotSecPlainText<\n\tT extends DotSecTree<\n\t\tDotSecPlaintextEncoding,\n\t\tDotSecExpandedTree\n\t> = DotSecTree<DotSecPlaintextEncoding, DotSecExpandedTree>,\n> = DotSec<T, DotSecPlaintextEncoding>;\n\nexport type DotSecPlainTextWithOptionalConfig<\n\tT extends DotSecTree<\n\t\tDotSecPlaintextEncoding,\n\t\tDotSecExpandedTree\n\t> = DotSecTree<DotSecPlaintextEncoding, DotSecExpandedTree>,\n> = DotSec<\n\tT,\n\tDotSecPlaintextEncoding,\n\tDotSecExpandedTree,\n\tDotSecWithOptionalConfig\n>;\nexport type DotSecEncryptedWithOptionalConfig<\n\tT extends DotSecTree<\n\t\tDotSecEncryptedEncoding,\n\t\tDotSecExpandedTree\n\t> = DotSecTree<DotSecEncryptedEncoding, DotSecExpandedTree>,\n> = DotSec<\n\tT,\n\tDotSecEncryptedEncoding,\n\tDotSecExpandedTree,\n\tDotSecWithOptionalConfig\n>;\n\n// user types\nexport type DotSecVariables<\n\tT extends DotSecTree<\n\t\tDotSecPlaintextEncoding,\n\t\tDotSecExpandedTree\n\t> = DotSecTree<DotSecPlaintextEncoding, DotSecExpandedTree>,\n> = DotSec<\n\tT,\n\tDotSecPlaintextEncoding,\n\tDotSecExpandedTree,\n\tDotSecWithOptionalConfig\n>;\n\nexport type DotSecPlainTextFlattened<\n\tT extends DotSecTree<\n\t\tDotSecPlaintextEncoding,\n\t\tDotSecFlattenedTree\n\t> = DotSecTree<DotSecPlaintextEncoding, DotSecFlattenedTree>,\n> = DotSec<T, DotSecPlaintextEncoding, DotSecFlattenedTree>;\n\nexport type DotSecEncryptedFlattened<\n\tT extends DotSecTree<\n\t\tDotSecEncryptedEncoding,\n\t\tDotSecFlattenedTree\n\t> = DotSecTree<DotSecEncryptedEncoding, DotSecFlattenedTree>,\n> = DotSec<T, DotSecEncryptedEncoding, DotSecFlattenedTree>;\n\nexport const environments = [\"dev\", \"prod\"] as const;\nexport type Environment = typeof environments[number];\nconst dotSecPlainText: DotSecPlainText = {\n\tplaintext: {\n\t\tfoo: { type: \"ssm\", value: \"asd\" },\n\t\tbar: { foo: { type: \"ssm\", value: \"asd\" } },\n\t},\n};\nconst dotSecEncrypted: DotSecEncrypted = {\n\tencrypted: {\n\t\tfoo: { type: \"ssm\", encryptedValue: \"asd\" },\n\t\tbar: { foo: { type: \"ssm\", encryptedValue: \"asd\" } },\n\t},\n};\nconst dotSecPlainTextFlattened: DotSecPlainTextFlattened = {\n\tplaintext: {\n\t\tfoo: { type: \"ssm\", value: \"asd\" },\n\t},\n};\nconst dotSecEncryptedFlattened: DotSecEncryptedFlattened = {\n\tencrypted: {\n\t\tfoo: { type: \"secretsManager\", encryptedValue: \"asd\" },\n\t},\n};\nconst t: DotSec<\n\t{\n\t\t[key in Environment]: {\n\t\t\tother: {\n\t\t\t\tfoo: StandardParameter;\n\t\t\t\tbar: SSMParameter;\n\t\t\t\tshit: {\n\t\t\t\t\tanother: SecretsManagerParameter;\n\t\t\t\t\tmekker: SSMParameter;\n\t\t\t\t};\n\t\t\t};\n\t\t};\n\t},\n\tDotSecPlaintextEncoding\n> = {\n\tplaintext: {\n\t\tdev: {\n\t\t\tother: {\n\t\t\t\tfoo: \"123\",\n\t\t\t\tbar: { type: \"ssm\", value: \"asd\" },\n\t\t\t\tshit: {\n\t\t\t\t\tanother: { type: \"secretsManager\", value: \"qasd\" },\n\t\t\t\t\tmekker: { type: \"ssm\", value: \"off\" },\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tprod: {\n\t\t\tother: {\n\t\t\t\tfoo: \"123\",\n\t\t\t\tbar: { type: \"ssm\", value: \"asd\" },\n\t\t\t\tshit: {\n\t\t\t\t\tanother: {\n\t\t\t\t\t\ttype: \"secretsManager\",\n\t\t\t\t\t\tvalue: \"asdasd\",\n\t\t\t\t\t},\n\t\t\t\t\tmekker: { type: \"ssm\", value: \"on\" },\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n};\n\nconst tt: DotSec = {\n\tplaintext: {\n\t\tdev: {\n\t\t\tother: {\n\t\t\t\tfoo: \"123\",\n\t\t\t\tbar: { type: \"ssm\", value: \"asd\" },\n\t\t\t\tshit: {\n\t\t\t\t\tanother: { type: \"secretsManager\", value: \"qasd\" },\n\t\t\t\t\tmekker: 123,\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tprod: {\n\t\t\tother: {\n\t\t\t\tfoo: \"123\",\n\t\t\t\tbar: { type: \"ssm\", value: \"asd\" },\n\t\t\t\tshit: {\n\t\t\t\t\tanother: {\n\t\t\t\t\t\ttype: \"secretsManager\",\n\t\t\t\t\t\tvalue: \"asdasd\",\n\t\t\t\t\t},\n\t\t\t\t\tmekker: { type: \"ssm\", value: \"fuck off\" },\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n};\n\nexport const isString = (value: unknown): value is string => {\n\treturn typeof value === \"string\";\n};\n\nexport const isNumber = (value: unknown): value is number => {\n\treturn typeof value === \"number\";\n};\nexport const isBoolean = (value: unknown): value is boolean => {\n\treturn typeof value === \"boolean\";\n};\n\nexport const isSSMParameterObject = (\n\tvalue: unknown,\n): value is SSMParameterObject => {\n\tconst ssmParameter = value as SSMParameter;\n\treturn (\n\t\ttypeof ssmParameter === \"object\" &&\n\t\tssmParameter !== null &&\n\t\t\"type\" in ssmParameter &&\n\t\tssmParameter.type === \"ssm\"\n\t);\n};\n\nexport const isSSMParameter = <Encoding extends DotSecEncoding>(\n\tleafOrTree: unknown,\n): leafOrTree is SSMParameter<Encoding> => {\n\tconst ssmParameter = leafOrTree as SSMParameter<Encoding>;\n\treturn (\n\t\ttypeof ssmParameter === \"object\" &&\n\t\tssmParameter !== null &&\n\t\t\"type\" in ssmParameter &&\n\t\tssmParameter.type === \"ssm\"\n\t);\n};\n\nexport const isRegularParameterObject = (\n\tvalue: unknown,\n): value is StandardParameterObject => {\n\tconst regularParameter = value as StandardParameter;\n\treturn (\n\t\ttypeof regularParameter === \"object\" &&\n\t\tregularParameter !== null &&\n\t\t\"type\" in regularParameter &&\n\t\tregularParameter.type === \"standard\"\n\t);\n};\n\nexport const isRegularParameter = <Encoding extends DotSecEncoding>(\n\tleafOrTree: unknown,\n): leafOrTree is StandardParameter<Encoding> => {\n\tconst leaf = leafOrTree as StandardParameter<Encoding>;\n\treturn (\n\t\tisString(leaf) ||\n\t\tisNumber(leaf) ||\n\t\tisBoolean(leaf) ||\n\t\tisRegularParameterObject(leaf)\n\t);\n};\n\nexport const isEncryptedSSMParameter = (\n\tleafOrTree: unknown,\n): leafOrTree is SSMParameter<DotSecEncryptedEncoding> => {\n\tconst leaf = leafOrTree as SSMParameter<DotSecEncryptedEncoding>;\n\treturn (\n\t\tleaf.type !== undefined &&\n\t\tleaf.type === \"ssm\" &&\n\t\tleaf.encryptedValue !== undefined\n\t);\n};\n\nexport const isEncryptedRegularParameter = (\n\tleafOrTree: unknown,\n): leafOrTree is StandardParameter<DotSecEncryptedEncoding> => {\n\tconst leaf = leafOrTree as StandardParameter<DotSecEncryptedEncoding>;\n\treturn (\n\t\tleaf.type !== undefined &&\n\t\tleaf.type === \"standard\" &&\n\t\tleaf.encryptedValue !== undefined\n\t);\n};\n\nexport const isSecretsManagerParameter = <Encoding extends DotSecEncoding>(\n\tleafOrTree: unknown,\n): leafOrTree is SecretsManagerParameter<Encoding> => {\n\tconst leaf = leafOrTree as SecretsManagerParameter<Encoding>;\n\treturn (\n\t\tleaf.type !== undefined &&\n\t\tleaf.type === \"secretsManager\" &&\n\t\t!(isString(leaf) || isNumber(leaf) || isBoolean(leaf))\n\t);\n};\n\nexport const isDotSecTree = <Encoding extends DotSecEncoding>(\n\tleafOrTree: unknown,\n): leafOrTree is DotSecTree<Encoding, DotSecExpandedTree> => {\n\tif (\n\t\ttypeof leafOrTree === \"object\" &&\n\t\t!Array.isArray(leafOrTree) &&\n\t\tleafOrTree !== null &&\n\t\t!isSSMParameter(leafOrTree) &&\n\t\t!isRegularParameter(leafOrTree) &&\n\t\t!isEncryptedSSMParameter(leafOrTree) &&\n\t\t!isEncryptedRegularParameter(leafOrTree) &&\n\t\t!isSecretsManagerParameter(leafOrTree)\n\t) {\n\t\treturn true;\n\t}\n\n\treturn false;\n};\n\nexport const isDotSecPlaintTextTree = <Encoding extends DotSecEncoding>(\n\tleafOrTree: unknown,\n): leafOrTree is DotSecTree<Encoding, DotSecExpandedTree> => {\n\tif (\n\t\ttypeof leafOrTree === \"object\" &&\n\t\t!Array.isArray(leafOrTree) &&\n\t\tleafOrTree !== null &&\n\t\t!isSSMParameter(leafOrTree) &&\n\t\t!isRegularParameter(leafOrTree) &&\n\t\t!isSecretsManagerParameter(leafOrTree)\n\t) {\n\t\treturn true;\n\t}\n\n\treturn false;\n};\n", "import {\n\tDotSecEncoding,\n\tDotSecEncrypted,\n\tDotSecEncryptedFlattened,\n\tDotSecExpandedTree,\n\tDotSecFlattenedTree,\n\tDotSecLeaf,\n\tDotSecPlainText,\n\tDotSecPlainTextFlattened,\n\tDotSecTree,\n\tisDotSecTree,\n} from \"./types\";\nexport const flattenTree = <\n\tEncoding extends DotSecEncoding,\n\tTree extends DotSecTree<Encoding, DotSecExpandedTree> | DotSecLeaf<Encoding>,\n>(\n\ttree: Tree,\n): DotSecTree<Encoding, DotSecFlattenedTree> => {\n\tconst lazy: DotSecTree<Encoding, DotSecFlattenedTree> = {};\n\n\tconst innerParser = (\n\t\tleafOrTree: DotSecTree<Encoding, DotSecExpandedTree> | DotSecLeaf<Encoding>,\n\t\tpaths: Array<string> = [],\n\t) => {\n\t\tif (isDotSecTree(leafOrTree)) {\n\t\t\tObject.entries(leafOrTree).map(([key, value]) => {\n\t\t\t\tinnerParser(value, [...paths, key]);\n\t\t\t});\n\t\t} else {\n\t\t\tlazy[paths.join(\"/\")] = leafOrTree;\n\t\t}\n\t};\n\n\tinnerParser(tree);\n\treturn lazy;\n};\n\nexport const flattenPlainText = (\n\tdotSec: DotSecPlainText,\n): DotSecPlainTextFlattened => {\n\treturn { ...dotSec, plaintext: flattenTree(dotSec.plaintext) };\n};\n\nexport const flattenEncrypted = (\n\tdotSec: DotSecEncrypted,\n): DotSecEncryptedFlattened => {\n\treturn { ...dotSec, encrypted: flattenTree(dotSec.encrypted) };\n};\n\nconst expandTree = <\n\tEncoding extends DotSecEncoding,\n\tTree extends DotSecTree<Encoding, DotSecFlattenedTree>,\n>(\n\ttree: Tree,\n): DotSecTree<Encoding, DotSecExpandedTree> => {\n\tconst lazy: DotSecTree<Encoding, DotSecExpandedTree> = {};\n\tObject.entries(tree).map(([key, value]) => {\n\t\tconst paths = key.split(\"/\");\n\t\tlet current = lazy;\n\t\tpaths.forEach((pathKey, index) => {\n\t\t\tif (!current[pathKey]) {\n\t\t\t\tif (index === paths.length - 1) {\n\t\t\t\t\tcurrent[pathKey] = value;\n\t\t\t\t} else {\n\t\t\t\t\tcurrent[pathKey] = {};\n\t\t\t\t}\n\t\t\t}\n\t\t\t// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n\t\t\t// @ts-ignore\n\t\t\tcurrent = current[pathKey];\n\t\t});\n\t});\n\n\treturn lazy;\n};\n\nexport const expandPlainText = (\n\tdotSec: DotSecPlainTextFlattened,\n): DotSecPlainText => {\n\treturn { ...dotSec, plaintext: expandTree(dotSec.plaintext) };\n};\n\nexport const expandEncrypted = (\n\tdotSec: DotSecEncryptedFlattened,\n): DotSecEncrypted => {\n\treturn { ...dotSec, encrypted: expandTree(dotSec.encrypted) };\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { bundleRequire } from 'bundle-require';\nimport JoyCon from 'joycon';\n\nimport { getLogger, strong } from '../../utils/logger';\nimport { loadJson } from './json';\nimport {\n DotSecConfig,\n DotSecFileType,\n DotSecRequiredConfig,\n DotSecPlainTextByFileType,\n DotSecPlainTextWithOptionalConfig,\n DotSecEncryptedByFileType,\n DotSecEncryptedWithOptionalConfig,\n DotSec,\n DotSecEncoding,\n DotSecExpandedTree,\n DotSecPlaintextEncoding,\n DotSecTree,\n} from './types';\nimport { loadYml } from './yaml';\n\nexport const getValidatedConfig = (\n partialConfig: DotSecRequiredConfig,\n userConfig?: DotSecConfig,\n): DotSecRequiredConfig => {\n const keyAlias: string | undefined =\n partialConfig?.config?.aws?.keyAlias ||\n userConfig?.config?.aws?.keyAlias;\n\n if (!keyAlias) {\n throw new Error('Expected keyAlias, but gone none');\n }\n const regions: Array<string | undefined> | undefined =\n partialConfig?.config?.aws?.regions || userConfig?.config?.aws?.regions;\n\n if (!regions) {\n throw new Error('Expected regions, but gone none');\n }\n return {\n config: {\n aws: {\n keyAlias,\n regions: regions as Array<string>,\n },\n },\n };\n};\n\nexport const getDotSecPlainText = async ({\n defaultConfig,\n options,\n}: {\n defaultConfig: DotSecRequiredConfig;\n options?: { filename?: string; verbose?: boolean };\n}): Promise<DotSecPlainTextByFileType> => {\n const { info } = getLogger();\n const { filename, verbose } = options || {};\n\n const cwd = process.cwd();\n const configJoycon = new JoyCon();\n const files = filename\n ? [filename]\n : [\n 'secrets.json',\n 'secrets.yaml',\n 'secrets.yml',\n 'secrets.ts',\n // 'secrets.js',\n // 'secrets.cjs',\n // 'secrets.mjs',\n ];\n\n if (verbose) {\n info(\n `Looking for file(s) with the following signature(s): ${strong(\n files.join(', '),\n )}`,\n );\n }\n const configPath = await configJoycon.resolve({\n files,\n cwd,\n stopDir: path.parse(cwd).root,\n packageKey: 'secrets',\n });\n if (configPath) {\n if (verbose) {\n info(`Found plaintext secrets at ${strong(configPath)}`);\n }\n let configType: DotSecFileType | undefined;\n let data: DotSecPlainTextWithOptionalConfig | undefined;\n\n if (configPath.endsWith('.json')) {\n configType = 'json';\n // this is not entirely correct, since it could not contain all the required configuration\n data = (await loadJson(\n configPath,\n )) as DotSecPlainTextWithOptionalConfig;\n } else if (\n configPath.endsWith('.yaml') ||\n configPath.endsWith('.yml')\n ) {\n configType = 'yml';\n // this is not entirely correct, since it could not contain all the required configuration\n data = (await loadYml(\n configPath,\n )) as DotSecPlainTextWithOptionalConfig;\n } else if (configPath.endsWith('.ts')) {\n const bundleRequireResult = await bundleRequire({\n filepath: configPath,\n });\n configType = 'ts';\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n data = (bundleRequireResult.mod.dotsec ||\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n bundleRequireResult.mod.default ||\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n bundleRequireResult.mod) as DotSecPlainTextWithOptionalConfig;\n }\n\n if (!configType) {\n throw new Error(`Expected configType, but got none`);\n }\n if (!data) {\n throw new Error(`Expected data, but got none`);\n }\n const validatedConfig: DotSecRequiredConfig = {\n config: {\n ...data.config,\n aws: {\n regions:\n data?.config?.aws?.regions &&\n Array.isArray(data?.config?.aws?.regions)\n ? (data.config.aws.regions as string[])\n : defaultConfig.config.aws.regions,\n keyAlias:\n data?.config?.aws?.keyAlias ||\n defaultConfig.config.aws.keyAlias,\n },\n },\n };\n return {\n fileType: configType,\n path: configPath,\n dotSecPlainText: {\n ...data,\n ...validatedConfig,\n },\n };\n }\n throw new Error('No secrets file found');\n};\n\nexport const getDotSecEncrypted = async ({\n defaultConfig,\n options,\n}: {\n defaultConfig: DotSecRequiredConfig;\n options?: { filename?: string; verbose?: boolean };\n}): Promise<DotSecEncryptedByFileType> => {\n const { filename, verbose } = options || {};\n\n const cwd = process.cwd();\n const configJoycon = new JoyCon();\n const configPath = await configJoycon.resolve({\n files: filename\n ? [filename]\n : [\n 'secrets.encrypted.json',\n 'secrets.encrypted.yaml',\n 'secrets.encrypted.yml',\n 'secrets.encrypted.ts',\n // 'secrets.cjs',\n // 'secrets.mjs',\n ],\n cwd,\n stopDir: path.parse(cwd).root,\n packageKey: 'secrets',\n });\n if (configPath) {\n if (verbose) {\n console.log(`Found encrypted secrets file at ${configPath}`);\n }\n let configType: DotSecFileType | undefined;\n let data: DotSecEncryptedWithOptionalConfig | undefined;\n if (configPath.endsWith('.json')) {\n configType = 'json';\n data = (await loadJson(\n configPath,\n )) as DotSecEncryptedWithOptionalConfig;\n } else if (\n configPath.endsWith('.yaml') ||\n configPath.endsWith('.yml')\n ) {\n configType = path\n .parse(configPath)\n .ext.substring(1) as DotSecFileType;\n data = (await loadYml(\n configPath,\n )) as DotSecEncryptedWithOptionalConfig;\n }\n if (!configType) {\n throw new Error(`Config file ${configPath} is not supported`);\n }\n if (!data) {\n throw new Error('Did not find any data');\n }\n\n const validatedConfig: DotSecRequiredConfig = {\n config: {\n ...data.config,\n aws: {\n regions:\n data?.config?.aws?.regions &&\n Array.isArray(data?.config?.aws?.regions)\n ? (data.config.aws.regions as string[])\n : defaultConfig.config.aws.regions,\n keyAlias:\n data?.config?.aws?.keyAlias ||\n defaultConfig.config.aws.keyAlias,\n },\n },\n };\n return {\n fileType: configType,\n path: configPath,\n dotSecEncrypted: {\n ...data,\n ...validatedConfig,\n },\n };\n }\n throw new Error('No encrypted secrets file found');\n};\n\nexport const loadFile = async (filepath: string) => {\n try {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-return\n return await fs.promises.readFile(filepath, 'utf8');\n } catch (error) {\n if (error instanceof Error) {\n throw new Error(\n `Failed to parse ${path.relative(process.cwd(), filepath)}: ${\n error.message\n }`,\n );\n } else {\n throw error;\n }\n }\n};\n\nexport const returnSecretsFile = (str: string) => {\n try {\n return JSON.parse(str) as DotSec<\n DotSecTree<DotSecPlaintextEncoding, DotSecExpandedTree>,\n DotSecEncoding\n >;\n } catch (error) {\n return;\n }\n};\n", "import fs from 'fs';\nimport path from 'node:path';\n\nexport function jsoncParse(data: string) {\n try {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-return, @typescript-eslint/no-implied-eval\n return new Function('return ' + data.trim())();\n } catch {\n // Silently ignore any error\n // That's what tsc/jsonc-parser did after all\n return {};\n }\n}\n\nexport const loadJson = async (filepath: string) => {\n try {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-return\n return jsoncParse(await fs.promises.readFile(filepath, 'utf8'));\n } catch (error) {\n if (error instanceof Error) {\n throw new Error(\n `Failed to parse ${path.relative(process.cwd(), filepath)}: ${\n error.message\n }`,\n );\n } else {\n throw error;\n }\n }\n};\n", "import fs from 'fs';\nimport path from 'node:path';\n\nimport YAML from 'yaml';\n\nexport const loadYml = async (filepath: string) => {\n try {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-return\n return YAML.parse(await fs.promises.readFile(filepath, 'utf8'));\n } catch (error) {\n if (error instanceof Error) {\n throw new Error(\n `Failed to parse ${path.relative(process.cwd(), filepath)}: ${\n error.message\n }`,\n );\n } else {\n throw error;\n }\n }\n};\n", "import fs from \"fs\";\nimport path from \"node:path\";\n\nimport { commonCliOptions } from \"../commonCliOptions\";\nimport { getConfig } from \"../lib/config-old\";\nimport { handleCredentialsAndRegion } from \"../lib/partial-commands/handleCredentialsAndRegion\";\nimport { decryptedEncrypted } from \"../lib/wtf/crypto\";\nimport { toDotEnv, toDotEnvPerEnvironment } from \"../lib/wtf/dotenv\";\nimport { getDotSecEncrypted } from \"../lib/wtf/io\";\nimport { YargsHandlerParams } from \"../types\";\nimport { promptOverwriteIfFileExists } from \"../utils/io\";\nimport { getLogger, prettyCode, strong } from \"../utils/logger\";\n\nexport const command = \"encrypted-secrets-to-dot-env\";\nexport const desc = `Creates .env file from an encrypted secrets file.\nIf '--use-top-levels-as-environments' is set, it will create a .env file for each top level key in the encrypted secrets file.`;\n\nexport const builder = {\n\t\"encrypted-secrets-file\": {\n\t\tstring: true,\n\t\tdescribe: \"filename of json file for writing encrypted secrets\",\n\t\tdefault: \"secrets.encrypted.json\",\n\t},\n\t\"env-file\": commonCliOptions.envFile,\n\t\"search-path\": commonCliOptions.searchpath,\n\t\"aws-profile\": commonCliOptions.awsProfile,\n\t\"aws-region\": commonCliOptions.awsRegion,\n\t\"aws-key-alias\": commonCliOptions.awsKeyAlias,\n\t\"aws-assume-role-arn\": commonCliOptions.awsAssumeRoleArn,\n\t\"aws-assume-role-session-duration\":\n\t\tcommonCliOptions.awsAssumeRoleSessionDuration,\n\t\"use-top-levels-as-environments\": commonCliOptions.useTopLevelsAsEnvironments,\n\tverbose: commonCliOptions.verbose,\n\tyes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n\targv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n\tconst config = await getConfig();\n\n\tconst { info, error } = getLogger();\n\ttry {\n\t\tconst defaultRegion = config.aws.region || argv.awsRegion;\n\t\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\t\tawait handleCredentialsAndRegion({\n\t\t\t\targv: {\n\t\t\t\t\t...argv,\n\t\t\t\t\tawsRegion: defaultRegion,\n\t\t\t\t\tawsProfile: config.aws.profile || argv.awsProfile,\n\t\t\t\t\tawsAssumeRoleArn: config.aws.assumeRoleArn || argv.awsAssumeRoleArn,\n\t\t\t\t\tawsAssumeRoleSessionDuration:\n\t\t\t\t\t\tconfig.aws.assumeRoleSessionDuration ||\n\t\t\t\t\t\targv.awsAssumeRoleSessionDuration,\n\t\t\t\t},\n\t\t\t\tenv: { ...process.env },\n\t\t\t});\n\n\t\tconst { fileType, dotSecEncrypted } = await getDotSecEncrypted({\n\t\t\tdefaultConfig: {\n\t\t\t\tconfig: {\n\t\t\t\t\taws: {\n\t\t\t\t\t\tkeyAlias: \"alias/dotsec\",\n\t\t\t\t\t\tregions: [regionAndOrigin.value],\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\toptions: {\n\t\t\t\tverbose: argv.verbose,\n\t\t\t},\n\t\t});\n\t\tif (!dotSecEncrypted.encrypted) {\n\t\t\tthrow new Error(`Expected 'encrypted' property, but got none`);\n\t\t}\n\t\t// const dotSecEncryptedFlattened = flattenEncrypted(dotSecEncrypted);\n\t\t// const expanded = expandEncrypted(dotSecEncryptedFlattened);\n\n\t\tconst dotSecPlainText = await decryptedEncrypted({\n\t\t\tdotSecEncrypted,\n\t\t\tcredentials: credentialsAndOrigin.value,\n\t\t\tregion: regionAndOrigin.value,\n\t\t\tkeyAlias: argv.awsKeyAlias,\n\t\t\tverbose: argv.verbose,\n\t\t});\n\n\t\tif (\n\t\t\targv.useTopLevelsAsEnvironments ||\n\t\t\tdotSecEncrypted.config?.useTopLevelsAsEnvironments\n\t\t) {\n\t\t\tconst dotEnvsPerEnvironment = toDotEnvPerEnvironment({\n\t\t\t\tdotSecPlainText,\n\t\t\t\tverbose: argv.verbose,\n\t\t\t});\n\n\t\t\tfor (const [environment, dotEnv] of Object.entries(\n\t\t\t\tdotEnvsPerEnvironment,\n\t\t\t)) {\n\t\t\t\tconst fileName = `.env.${environment}`;\n\t\t\t\tconst dotEnvPath = path.resolve(process.cwd(), fileName);\n\n\t\t\t\tinfo(`target: ${strong(dotEnvPath)}\\n`);\n\t\t\t\tinfo(prettyCode(dotEnv));\n\t\t\t\tinfo(`\\n`);\n\t\t\t\tconst overwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotEnvPath,\n\t\t\t\t\tskip: argv.yes,\n\t\t\t\t});\n\n\t\t\t\tif (\n\t\t\t\t\toverwriteResponse === undefined ||\n\t\t\t\t\toverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tfs.writeFileSync(dotEnvPath, dotEnv);\n\t\t\t\t}\n\n\t\t\t\t// write to file, prompt if file exists\n\t\t\t}\n\t\t} else {\n\t\t\tconst dotEnv = toDotEnv({\n\t\t\t\tdotSecPlainText,\n\t\t\t\tverbose: argv.verbose,\n\t\t\t\tsearchPath: argv.searchPath,\n\t\t\t});\n\n\t\t\tconst fileName = argv.envFile || `.env`;\n\t\t\tconst dotEnvPath = path.resolve(process.cwd(), fileName);\n\t\t\tinfo(`target: ${strong(dotEnvPath)}\\n`);\n\t\t\tinfo(prettyCode(dotEnv));\n\t\t\tinfo(`\\n`);\n\n\t\t\tconst overwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\tfilePath: dotEnvPath,\n\t\t\t\tskip: argv.yes,\n\t\t\t});\n\n\t\t\tif (\n\t\t\t\toverwriteResponse === undefined ||\n\t\t\t\toverwriteResponse.overwrite === true\n\t\t\t) {\n\t\t\t\tfs.writeFileSync(dotEnvPath, dotEnv);\n\t\t\t}\n\t\t}\n\t} catch (e) {\n\t\terror(e);\n\t}\n};\n", "import { constantCase } from 'constant-case';\n\nimport { getLogger, strong } from '../../utils/logger';\nimport { flattenTree } from './flat';\nimport {\n DotSecExpandedTree,\n DotSecPlainText,\n DotSecPlaintextEncoding,\n DotSecTree,\n DotSecValue,\n isBoolean,\n isNumber,\n isRegularParameter,\n isRegularParameterObject,\n isSecretsManagerParameter,\n isSSMParameter,\n isString,\n} from './types';\n\nconst fromPlainTextLeafsToEnvEntries = (\n leafs: DotSecTree<'plaintext', 'flattened'>,\n) => {\n return Object.entries(leafs).map(([key, plainTextValue]) => {\n const parts = key.split('/');\n\n const dotEnvKeyPath = parts.map((k) => constantCase(k)).join('_');\n\n let storageValue: DotSecValue;\n if (isRegularParameter(plainTextValue)) {\n if (isRegularParameterObject(plainTextValue)) {\n storageValue = plainTextValue.value;\n } else {\n storageValue = plainTextValue;\n }\n } else if (isSSMParameter(plainTextValue)) {\n storageValue = plainTextValue.value;\n } else if (isSecretsManagerParameter(plainTextValue)) {\n storageValue = plainTextValue.value;\n } else {\n throw new Error('Invalid parameter type');\n }\n // check if parameter is string, number or boolean, if not, encode to json\n if (\n !isString(storageValue) &&\n !isNumber(storageValue) &&\n !isBoolean(storageValue)\n ) {\n storageValue = JSON.stringify(storageValue);\n }\n\n return `${dotEnvKeyPath}=${String(storageValue)}`;\n });\n};\n\nexport const toDotEnv = (options: {\n dotSecPlainText: DotSecPlainText;\n verbose?: boolean;\n searchPath?: string;\n}) => {\n const { info } = getLogger();\n const { dotSecPlainText, searchPath, verbose } = options;\n let tree = dotSecPlainText.plaintext;\n if (searchPath) {\n if (verbose) {\n info(`Searching for path: ${strong(searchPath)}`);\n }\n const pathParts = searchPath.split('/');\n for (const pathPart of pathParts) {\n // questionable cast\n tree = tree[pathPart] as DotSecTree<\n DotSecPlaintextEncoding,\n DotSecExpandedTree\n >;\n\n if (tree === undefined) {\n throw new Error(\n `Invalid search path: '${searchPath}', part: '${pathPart}' could not be found`,\n );\n }\n }\n }\n\n const flattenedTree = flattenTree(tree);\n\n return fromPlainTextLeafsToEnvEntries(flattenedTree).join('\\n');\n};\n\nexport const toDotEnvPerEnvironment = (options: {\n dotSecPlainText: DotSecPlainText;\n verbose?: boolean;\n searchPath?: string;\n}) => {\n const { info } = getLogger();\n const { dotSecPlainText, searchPath, verbose } = options;\n\n const environments = Object.keys(dotSecPlainText.plaintext);\n\n return Object.fromEntries(\n environments.map((environment) => {\n let tree = dotSecPlainText.plaintext[environment];\n if (searchPath) {\n if (verbose) {\n info(`Searching for path: ${strong(searchPath)}`);\n }\n const pathParts = searchPath.split('/');\n for (const pathPart of pathParts) {\n // questionable cast\n tree = tree[pathPart] as DotSecTree<\n DotSecPlaintextEncoding,\n DotSecExpandedTree\n >;\n\n if (tree === undefined) {\n throw new Error(\n `Invalid search path: '${searchPath}', part: '${pathPart}' could not be found`,\n );\n }\n }\n }\n return [\n environment,\n fromPlainTextLeafsToEnvEntries(flattenTree(tree)).join('\\n'),\n ];\n }),\n );\n};\n", "import fs from \"fs\";\nimport path from \"node:path\";\n\nimport { commonCliOptions } from \"../commonCliOptions\";\nimport { getConfig } from \"../lib/config-old\";\nimport { handleCredentialsAndRegion } from \"../lib/partial-commands/handleCredentialsAndRegion\";\nimport { decryptedEncrypted } from \"../lib/wtf/crypto\";\nimport { toDotSec, toDotSecPerEnvironment } from \"../lib/wtf/dotsec\";\nimport { getDotSecEncrypted } from \"../lib/wtf/io\";\nimport { YargsHandlerParams } from \"../types\";\nimport { promptOverwriteIfFileExists } from \"../utils/io\";\nimport { getLogger, prettyCode, strong } from \"../utils/logger\";\n\nexport const command = \"encrypted-secrets-to-dot-sec\";\nexport const desc = `Creates .sec file from an encrypted secrets file.\nIf '--use-top-levels-as-environments' is set, it will create a .sec file for each top level key in the encrypted secrets file.`;\n\nexport const builder = {\n\t\"encrypted-secrets-file\": {\n\t\tstring: true,\n\t\tdescribe: \"filename of json file for writing encrypted secrets\",\n\t\tdefault: \"secrets.encrypted.json\",\n\t},\n\t\"sec-file\": commonCliOptions.secFile,\n\t\"search-path\": commonCliOptions.searchpath,\n\t\"aws-profile\": commonCliOptions.awsProfile,\n\t\"aws-region\": commonCliOptions.awsRegion,\n\t\"aws-key-alias\": commonCliOptions.awsKeyAlias,\n\t\"aws-assume-role-arn\": commonCliOptions.awsAssumeRoleArn,\n\t\"aws-assume-role-session-duration\":\n\t\tcommonCliOptions.awsAssumeRoleSessionDuration,\n\t\"use-top-levels-as-environments\": commonCliOptions.useTopLevelsAsEnvironments,\n\tverbose: commonCliOptions.verbose,\n\tyes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n\targv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n\tconst config = await getConfig();\n\n\tconst { info, error } = getLogger();\n\ttry {\n\t\tconst defaultRegion = config.aws.region || argv.awsRegion;\n\t\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\t\tawait handleCredentialsAndRegion({\n\t\t\t\targv: {\n\t\t\t\t\t...argv,\n\t\t\t\t\tawsRegion: defaultRegion,\n\t\t\t\t\tawsProfile: config.aws.profile || argv.awsProfile,\n\t\t\t\t\tawsAssumeRoleArn: config.aws.assumeRoleArn || argv.awsAssumeRoleArn,\n\t\t\t\t\tawsAssumeRoleSessionDuration:\n\t\t\t\t\t\tconfig.aws.assumeRoleSessionDuration ||\n\t\t\t\t\t\targv.awsAssumeRoleSessionDuration,\n\t\t\t\t},\n\t\t\t\tenv: { ...process.env },\n\t\t\t});\n\n\t\tconst { fileType, dotSecEncrypted } = await getDotSecEncrypted({\n\t\t\tdefaultConfig: {\n\t\t\t\tconfig: {\n\t\t\t\t\taws: {\n\t\t\t\t\t\tkeyAlias: \"alias/dotsec\",\n\t\t\t\t\t\tregions: [regionAndOrigin.value],\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\toptions: {\n\t\t\t\tverbose: argv.verbose,\n\t\t\t},\n\t\t});\n\t\tif (!dotSecEncrypted.encrypted) {\n\t\t\tthrow new Error(`Expected 'encrypted' property, but got none`);\n\t\t}\n\t\t// const dotSecEncryptedFlattened = flattenEncrypted(dotSecEncrypted);\n\t\t// const expanded = expandEncrypted(dotSecEncryptedFlattened);\n\n\t\tconst dotSecPlainText = await decryptedEncrypted({\n\t\t\tdotSecEncrypted,\n\t\t\tcredentials: credentialsAndOrigin.value,\n\t\t\tregion: regionAndOrigin.value,\n\t\t\tkeyAlias: argv.awsKeyAlias,\n\t\t\tverbose: argv.verbose,\n\t\t});\n\n\t\tif (\n\t\t\targv.useTopLevelsAsEnvironments ||\n\t\t\tdotSecEncrypted.config?.useTopLevelsAsEnvironments\n\t\t) {\n\t\t\tconst dotSecsPerEnvironment = toDotSecPerEnvironment({\n\t\t\t\tdotSecEncrypted,\n\t\t\t\tsearchPath: argv.searchPath,\n\t\t\t\tverbose: argv.verbose,\n\t\t\t});\n\n\t\t\tfor (const [environment, dotSec] of Object.entries(\n\t\t\t\tdotSecsPerEnvironment,\n\t\t\t)) {\n\t\t\t\tconst fileName = `.sec.${environment}`;\n\t\t\t\tconst dotSecPath = path.resolve(process.cwd(), fileName);\n\n\t\t\t\tinfo(`target: ${strong(dotSecPath)}\\n`);\n\t\t\t\tinfo(prettyCode(dotSec));\n\t\t\t\tinfo(`\\n`);\n\n\t\t\t\tconst overwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotSecPath,\n\t\t\t\t\tskip: argv.yes,\n\t\t\t\t});\n\n\t\t\t\tif (\n\t\t\t\t\toverwriteResponse === undefined ||\n\t\t\t\t\toverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tfs.writeFileSync(dotSecPath, dotSec);\n\t\t\t\t}\n\n\t\t\t\t// write to file, prompt if file exists\n\t\t\t}\n\t\t} else {\n\t\t\tconst dotSec = toDotSec({\n\t\t\t\tdotSecEncrypted,\n\t\t\t\tsearchPath: argv.searchPath,\n\t\t\t\tverbose: argv.verbose,\n\t\t\t});\n\n\t\t\tconst fileName = argv.secFile || `.sec`;\n\t\t\tconst dotSecPath = path.resolve(process.cwd(), fileName);\n\n\t\t\tinfo(`target: ${strong(dotSecPath)}\\n`);\n\t\t\tinfo(prettyCode(dotSec));\n\t\t\tinfo(`\\n`);\n\t\t\tconst overwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\tfilePath: dotSecPath,\n\t\t\t\tskip: argv.yes,\n\t\t\t});\n\n\t\t\tif (\n\t\t\t\toverwriteResponse === undefined ||\n\t\t\t\toverwriteResponse.overwrite === true\n\t\t\t) {\n\t\t\t\tfs.writeFileSync(dotSecPath, dotSec);\n\t\t\t}\n\t\t}\n\t} catch (e) {\n\t\terror(e);\n\t}\n};\n", "import { constantCase } from 'constant-case';\n\nimport { getLogger, strong } from '../../utils/logger';\nimport { flattenTree } from './flat';\nimport {\n DotSecEncrypted,\n DotSecEncryptedEncoding,\n DotSecExpandedTree,\n DotSecTree,\n isEncryptedRegularParameter,\n isEncryptedSSMParameter,\n isSecretsManagerParameter,\n} from './types';\n\nconst fromEncryptedLeafsToEnvEntries = (\n leafs: DotSecTree<'encrypted', 'flattened'>,\n) => {\n return Object.entries(leafs).map(([key, plainTextValue]) => {\n const parts = key.split('/');\n\n const dotEnvKeyPath = parts.map((k) => constantCase(k)).join('_');\n\n let storageValue: string;\n if (isEncryptedRegularParameter(plainTextValue)) {\n storageValue = plainTextValue.encryptedValue;\n } else if (isEncryptedSSMParameter(plainTextValue)) {\n storageValue = plainTextValue.encryptedValue;\n } else if (isSecretsManagerParameter(plainTextValue)) {\n storageValue = plainTextValue.encryptedValue;\n } else {\n throw new Error('Invalid parameter type');\n }\n\n return `${dotEnvKeyPath}=${String(storageValue)}`;\n });\n};\n\nexport const toDotSec = (options: {\n dotSecEncrypted: DotSecEncrypted;\n verbose?: boolean;\n searchPath?: string;\n}) => {\n const { info } = getLogger();\n const { dotSecEncrypted, searchPath, verbose } = options;\n\n let tree = dotSecEncrypted.encrypted;\n if (searchPath) {\n if (verbose) {\n info(`Searching for path: ${strong(searchPath)}`);\n }\n const pathParts = searchPath.split('/');\n for (const pathPart of pathParts) {\n // questionable cast\n tree = tree[pathPart] as DotSecTree<\n DotSecEncryptedEncoding,\n DotSecExpandedTree\n >;\n }\n }\n\n const flattenedTree = flattenTree(tree);\n\n return fromEncryptedLeafsToEnvEntries(flattenedTree).join('\\n');\n};\n\nexport const toDotSecPerEnvironment = (options: {\n dotSecEncrypted: DotSecEncrypted;\n verbose?: boolean;\n searchPath?: string;\n}) => {\n const { info } = getLogger();\n\n const { dotSecEncrypted, searchPath, verbose } = options;\n\n const environments = Object.keys(dotSecEncrypted.encrypted);\n\n return Object.fromEntries(\n environments.map((environment) => {\n let tree = dotSecEncrypted.encrypted[environment];\n if (searchPath) {\n if (verbose) {\n info(`Searching for path: ${strong(searchPath)}`);\n }\n const pathParts = searchPath.split('/');\n for (const pathPart of pathParts) {\n // questionable cast\n tree = tree[pathPart] as DotSecTree<\n DotSecEncryptedEncoding,\n DotSecExpandedTree\n >;\n }\n }\n\n return [\n environment,\n fromEncryptedLeafsToEnvEntries(flattenTree(tree)).join('\\n'),\n ];\n }),\n );\n};\n", "import fs from \"node:fs\";\nimport path from \"node:path\";\n\nimport YAML from \"yaml\";\n\nimport { commonCliOptions } from \"../commonCliOptions\";\nimport { getConfig } from \"../lib/config-old\";\nimport { handleCredentialsAndRegion } from \"../lib/partial-commands/handleCredentialsAndRegion\";\nimport { decryptedEncrypted } from \"../lib/wtf/crypto\";\nimport { getDotSecEncrypted } from \"../lib/wtf/io\";\nimport { YargsHandlerParams } from \"../types\";\nimport { promptOverwriteIfFileExists } from \"../utils/io\";\nimport { getLogger, prettyCode, strong } from \"../utils/logger\";\nexport const command = \"encrypted-secrets-to-plaintext-secrets\";\nexport const desc =\n\t\"Decrypts an encrypted file and stores the result in a plaintext file\";\n\nexport const builder = {\n\t\"secrets-file\": {\n\t\tstring: true,\n\t\tdescribe: \"filename of json file reading secrets\",\n\t\tdefault: \"secrets.json\",\n\t},\n\t\"encrypted-secrets-file\": {\n\t\tstring: true,\n\t\tdescribe: \"filename of json file for writing encrypted secrets\",\n\t\tdefault: \"secrets.encrypted.json\",\n\t},\n\t\"aws-profile\": commonCliOptions.awsProfile,\n\t\"aws-region\": commonCliOptions.awsRegion,\n\t\"aws-key-alias\": commonCliOptions.awsKeyAlias,\n\t\"aws-assume-role-arn\": commonCliOptions.awsAssumeRoleArn,\n\t\"aws-assume-role-session-duration\":\n\t\tcommonCliOptions.awsAssumeRoleSessionDuration,\n\tverbose: commonCliOptions.verbose,\n\tyes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n\targv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n\tconst config = await getConfig();\n\n\tconst { info, error } = getLogger();\n\ttry {\n\t\tconst defaultRegion = config.aws.region || argv.awsRegion;\n\t\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\t\tawait handleCredentialsAndRegion({\n\t\t\t\targv: {\n\t\t\t\t\t...argv,\n\t\t\t\t\tawsRegion: defaultRegion,\n\t\t\t\t\tawsProfile: config.aws.profile || argv.awsProfile,\n\t\t\t\t\tawsAssumeRoleArn: config.aws.assumeRoleArn || argv.awsAssumeRoleArn,\n\t\t\t\t\tawsAssumeRoleSessionDuration:\n\t\t\t\t\t\tconfig.aws.assumeRoleSessionDuration ||\n\t\t\t\t\t\targv.awsAssumeRoleSessionDuration,\n\t\t\t\t},\n\t\t\t\tenv: { ...process.env },\n\t\t\t});\n\n\t\tconst { fileType, dotSecEncrypted } = await getDotSecEncrypted({\n\t\t\tdefaultConfig: {\n\t\t\t\tconfig: {\n\t\t\t\t\taws: {\n\t\t\t\t\t\tkeyAlias: \"alias/dotsec\",\n\t\t\t\t\t\tregions: [regionAndOrigin.value],\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\toptions: {},\n\t\t});\n\t\tif (!dotSecEncrypted.encrypted) {\n\t\t\tthrow new Error(`Expected 'encrypted' property, but got none`);\n\t\t}\n\t\t// const dotSecEncryptedFlattened = flattenEncrypted(dotSecEncrypted);\n\t\t// const expanded = expandEncrypted(dotSecEncryptedFlattened);\n\n\t\tconst dotSecPlainText = await decryptedEncrypted({\n\t\t\tdotSecEncrypted,\n\t\t\tcredentials: credentialsAndOrigin.value,\n\t\t\tregion: regionAndOrigin.value,\n\t\t\tkeyAlias: argv.awsKeyAlias,\n\t\t\tverbose: argv.verbose,\n\t\t});\n\n\t\tif (argv.secretsFile) {\n\t\t\t// let's inspect this one first\n\t\t\tconst secretsFileExtension = path.extname(argv.secretsFile).substring(1);\n\t\t}\n\n\t\tconst secretsPath = path.resolve(\n\t\t\tprocess.cwd(),\n\t\t\tpath.parse(argv.secretsFile || `secrets.json`).name + \".\" + fileType,\n\t\t);\n\n\t\tconsole.log(\n\t\t\t\"secretsPath\",\n\t\t\tfileType,\n\t\t\tpath.parse(argv.secretsFile || `secrets.json`).name,\n\t\t);\n\t\tconst converted =\n\t\t\tfileType === \"yaml\" || fileType === \"yml\"\n\t\t\t\t? YAML.stringify(dotSecPlainText)\n\t\t\t\t: JSON.stringify(dotSecPlainText, null, 2);\n\n\t\tinfo(`target: ${strong(secretsPath)}\\n`);\n\t\tinfo(prettyCode(converted));\n\t\tinfo(`\\n`);\n\n\t\tconst overwriteResponse = await promptOverwriteIfFileExists({\n\t\t\tfilePath: secretsPath,\n\t\t\tskip: argv.yes,\n\t\t});\n\n\t\tif (\n\t\t\toverwriteResponse === undefined ||\n\t\t\toverwriteResponse.overwrite === true\n\t\t) {\n\t\t\tfs.writeFileSync(secretsPath, converted);\n\t\t}\n\t} catch (e) {\n\t\terror(e);\n\t}\n};\n", "import prompts from \"prompts\";\n\nimport { commonCliOptions } from \"../commonCliOptions\";\nimport { getConfig } from \"../lib/config-old\";\nimport { handleCredentialsAndRegion } from \"../lib/partial-commands/handleCredentialsAndRegion\";\nimport {\n\tdecryptedEncrypted,\n\tprettyPrintTasks,\n\tcreateStorePlaintextTasks,\n\texecuteStorePlainTextTasks,\n} from \"../lib/wtf/crypto\";\nimport { getDotSecEncrypted } from \"../lib/wtf/io\";\nimport { YargsHandlerParams } from \"../types\";\nimport { getLogger } from \"../utils/logger\";\nexport const command = \"offload-plaintext-secrets\";\nexport const desc =\n\t\"Decrypts and pushes secret values to AWS SSM and SecretsManager\";\n\nexport const builder = {\n\t\"encrypted-secrets-file\": {\n\t\tstring: true,\n\t\tdescribe: \"filename of json file for writing encrypted secrets\",\n\t\tdefault: \"secrets.encrypted.json\",\n\t},\n\t\"aws-profile\": commonCliOptions.awsProfile,\n\t\"aws-region\": commonCliOptions.awsRegion,\n\t\"aws-key-alias\": commonCliOptions.awsKeyAlias,\n\t\"aws-assume-role-arn\": commonCliOptions.awsAssumeRoleArn,\n\t\"aws-assume-role-session-duration\":\n\t\tcommonCliOptions.awsAssumeRoleSessionDuration,\n\tverbose: commonCliOptions.verbose,\n\tyes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n\targv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n\tconst config = await getConfig();\n\n\tconst { info, error } = getLogger();\n\ttry {\n\t\tconst defaultRegion = config.aws.region || argv.awsRegion;\n\t\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\t\tawait handleCredentialsAndRegion({\n\t\t\t\targv: {\n\t\t\t\t\t...argv,\n\t\t\t\t\tawsRegion: defaultRegion,\n\t\t\t\t\tawsProfile: config.aws.profile || argv.awsProfile,\n\t\t\t\t\tawsAssumeRoleArn: config.aws.assumeRoleArn || argv.awsAssumeRoleArn,\n\t\t\t\t\tawsAssumeRoleSessionDuration:\n\t\t\t\t\t\tconfig.aws.assumeRoleSessionDuration ||\n\t\t\t\t\t\targv.awsAssumeRoleSessionDuration,\n\t\t\t\t},\n\t\t\t\tenv: { ...process.env },\n\t\t\t});\n\n\t\tconst { fileType, dotSecEncrypted } = await getDotSecEncrypted({\n\t\t\tdefaultConfig: {\n\t\t\t\tconfig: {\n\t\t\t\t\taws: {\n\t\t\t\t\t\tkeyAlias: \"alias/dotsec\",\n\t\t\t\t\t\tregions: [regionAndOrigin.value],\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\toptions: {},\n\t\t});\n\t\tif (!dotSecEncrypted.encrypted) {\n\t\t\tthrow new Error(`Expected 'encrypted' property, but got none`);\n\t\t}\n\t\t// const dotSecEncryptedFlattened = flattenEncrypted(dotSecEncrypted);\n\t\t// const expanded = expandEncrypted(dotSecEncryptedFlattened);\n\n\t\tconst dotSecPlainText = await decryptedEncrypted({\n\t\t\tdotSecEncrypted,\n\t\t\tcredentials: credentialsAndOrigin.value,\n\t\t\tregion: regionAndOrigin.value,\n\t\t\tkeyAlias: argv.awsKeyAlias,\n\t\t\tverbose: argv.verbose,\n\t\t});\n\t\tconst tasks = await createStorePlaintextTasks({\n\t\t\tdotSecPlainText,\n\t\t\tcredentials: credentialsAndOrigin.value,\n\t\t\tregion: regionAndOrigin.value,\n\t\t\tkeyAlias: argv.awsKeyAlias,\n\t\t\tverbose: argv.verbose,\n\t\t});\n\t\tif (tasks.total > 0) {\n\t\t\tprettyPrintTasks(tasks);\n\t\t\tlet proceed = argv.yes === true;\n\t\t\tif (proceed === false) {\n\t\t\t\tproceed = await prompts({\n\t\t\t\t\ttype: \"confirm\",\n\t\t\t\t\tname: \"proceed\",\n\t\t\t\t\tmessage: () => {\n\t\t\t\t\t\treturn `Proceed ?`;\n\t\t\t\t\t},\n\t\t\t\t}).then((r) => r.proceed as boolean);\n\t\t\t}\n\n\t\t\tif (proceed) {\n\t\t\t\tawait executeStorePlainTextTasks({\n\t\t\t\t\tcredentials: credentialsAndOrigin.value,\n\t\t\t\t\tregion: regionAndOrigin.value,\n\t\t\t\t\tverbose: argv.verbose,\n\t\t\t\t\ttasks,\n\t\t\t\t});\n\t\t\t}\n\t\t} else {\n\t\t\tinfo(\"Nothing to do\");\n\t\t}\n\t} catch (e) {\n\t\terror(e);\n\t}\n};\n", "import fs from \"fs\";\nimport path from \"node:path\";\n\nimport { commonCliOptions } from \"../commonCliOptions\";\nimport { getConfig } from \"../lib/config-old\";\nimport { handleCredentialsAndRegion } from \"../lib/partial-commands/handleCredentialsAndRegion\";\nimport { toDotEnv, toDotEnvPerEnvironment } from \"../lib/wtf/dotenv\";\nimport { getDotSecPlainText } from \"../lib/wtf/io\";\nimport { YargsHandlerParams } from \"../types\";\nimport { promptOverwriteIfFileExists } from \"../utils/io\";\nimport { emphasis, getLogger, prettyCode, strong } from \"../utils/logger\";\n\nexport const command = \"plaintext-secrets-to-dot-env\";\nexport const desc = `Creates .env file from a secrets file.\nIf '--use-top-levels-as-environments' is set, it will create a .env file for each top level key in the secrets file.`;\n\nexport const builder = {\n\t\"secrets-file\": {\n\t\tstring: true,\n\t\tdescribe: \"filename of json file reading secrets\",\n\t\tdefault: \"secrets.json\",\n\t},\n\t\"env-file\": commonCliOptions.envFile,\n\t\"search-path\": commonCliOptions.searchpath,\n\t\"aws-profile\": commonCliOptions.awsProfile,\n\t\"aws-region\": commonCliOptions.awsRegion,\n\t\"aws-key-alias\": commonCliOptions.awsKeyAlias,\n\t\"aws-assume-role-arn\": commonCliOptions.awsAssumeRoleArn,\n\t\"aws-assume-role-session-duration\":\n\t\tcommonCliOptions.awsAssumeRoleSessionDuration,\n\t\"use-top-levels-as-environments\": commonCliOptions.useTopLevelsAsEnvironments,\n\tverbose: commonCliOptions.verbose,\n\tyes: { ...commonCliOptions.yes },\n\t\"dry-run\": commonCliOptions.dryRun,\n} as const;\n\nexport const handler = async (\n\targv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n\tconst config = await getConfig();\n\tconst { info, error } = getLogger();\n\ttry {\n\t\tconst defaultRegion = config.aws.region || argv.awsRegion;\n\t\tconst { regionAndOrigin } = await handleCredentialsAndRegion({\n\t\t\targv: {\n\t\t\t\t...argv,\n\t\t\t\tawsRegion: defaultRegion,\n\t\t\t\tawsProfile: config.aws.profile || argv.awsProfile,\n\t\t\t\tawsAssumeRoleArn: config.aws.assumeRoleArn || argv.awsAssumeRoleArn,\n\t\t\t\tawsAssumeRoleSessionDuration:\n\t\t\t\t\tconfig.aws.assumeRoleSessionDuration ||\n\t\t\t\t\targv.awsAssumeRoleSessionDuration,\n\t\t\t},\n\t\t\tenv: { ...process.env },\n\t\t});\n\n\t\tconst { dotSecPlainText } = await getDotSecPlainText({\n\t\t\tdefaultConfig: {\n\t\t\t\tconfig: {\n\t\t\t\t\taws: {\n\t\t\t\t\t\tkeyAlias: \"alias/dotsec\",\n\t\t\t\t\t\tregions: [regionAndOrigin.value],\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\toptions: {\n\t\t\t\tfilename: argv.secretsFile,\n\t\t\t\tverbose: argv.verbose,\n\t\t\t},\n\t\t});\n\t\tif (!dotSecPlainText.plaintext) {\n\t\t\tthrow new Error(`Expected 'encrypted' property, but got none`);\n\t\t}\n\n\t\tif (\n\t\t\targv.useTopLevelsAsEnvironments ||\n\t\t\tdotSecPlainText.config?.useTopLevelsAsEnvironments\n\t\t) {\n\t\t\tconst dotEnvsPerEnvironment = toDotEnvPerEnvironment({\n\t\t\t\tdotSecPlainText,\n\t\t\t\tverbose: argv.verbose,\n\t\t\t});\n\n\t\t\tfor (const [environment, dotEnv] of Object.entries(\n\t\t\t\tdotEnvsPerEnvironment,\n\t\t\t)) {\n\t\t\t\tconst fileName = `.env.${environment}`;\n\t\t\t\tconst dotEnvPath = path.resolve(process.cwd(), fileName);\n\t\t\t\tif (argv.dryRun) {\n\t\t\t\t\t// output filename, path and content\n\t\t\t\t\tinfo(strong(`// ${dotEnvPath}`));\n\t\t\t\t\tinfo(emphasis(dotEnv));\n\t\t\t\t} else {\n\t\t\t\t\tconst overwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\t\tfilePath: dotEnvPath,\n\t\t\t\t\t\tskip: argv.yes,\n\t\t\t\t\t});\n\n\t\t\t\t\tif (\n\t\t\t\t\t\toverwriteResponse === undefined ||\n\t\t\t\t\t\toverwriteResponse.overwrite === true\n\t\t\t\t\t) {\n\t\t\t\t\t\tfs.writeFileSync(dotEnvPath, dotEnv);\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t// write to file, prompt if file exists\n\t\t\t}\n\t\t} else {\n\t\t\tconst dotEnv = toDotEnv({\n\t\t\t\tdotSecPlainText,\n\t\t\t\tverbose: argv.verbose,\n\t\t\t\tsearchPath: argv.searchPath,\n\t\t\t});\n\n\t\t\tconst fileName = argv.envFile || `.env`;\n\t\t\tconst dotEnvPath = path.resolve(process.cwd(), fileName);\n\t\t\tinfo(`target: ${strong(dotEnvPath)}\\n`);\n\t\t\tinfo(prettyCode(dotEnv));\n\t\t\tinfo(`\\n`);\n\n\t\t\tconst overwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\tfilePath: dotEnvPath,\n\t\t\t\tskip: argv.yes,\n\t\t\t});\n\n\t\t\tif (\n\t\t\t\toverwriteResponse === undefined ||\n\t\t\t\toverwriteResponse.overwrite === true\n\t\t\t) {\n\t\t\t\tfs.writeFileSync(dotEnvPath, dotEnv);\n\t\t\t}\n\t\t}\n\t} catch (e) {\n\t\terror(e);\n\t}\n};\n", "import fs from \"fs\";\nimport path from \"node:path\";\n\nimport { commonCliOptions } from \"../commonCliOptions\";\nimport { getConfig } from \"../lib/config-old\";\nimport { handleCredentialsAndRegion } from \"../lib/partial-commands/handleCredentialsAndRegion\";\nimport { encryptPlainText } from \"../lib/wtf/crypto\";\nimport { toDotSec, toDotSecPerEnvironment } from \"../lib/wtf/dotsec\";\nimport { getDotSecPlainText } from \"../lib/wtf/io\";\nimport { YargsHandlerParams } from \"../types\";\nimport { promptOverwriteIfFileExists } from \"../utils/io\";\nimport { getLogger, prettyCode, strong } from \"../utils/logger\";\n\nexport const command = \"plaintext-secrets-to-dot-sec\";\nexport const desc = `Creates .sec file from an secrets file.\nIf '--use-top-levels-as-environments' is set, it will create a .sec file for each top level key in the ecrets file.`;\n\nexport const builder = {\n\t\"secrets-file\": {\n\t\tstring: true,\n\t\tdescribe: \"filename of json file reading secrets\",\n\t},\n\t\"sec-file\": commonCliOptions.secFile,\n\t\"aws-profile\": commonCliOptions.awsProfile,\n\t\"aws-region\": commonCliOptions.awsRegion,\n\t\"aws-key-alias\": commonCliOptions.awsKeyAlias,\n\t\"aws-assume-role-arn\": commonCliOptions.awsAssumeRoleArn,\n\t\"aws-assume-role-session-duration\":\n\t\tcommonCliOptions.awsAssumeRoleSessionDuration,\n\t\"use-top-levels-as-environments\": commonCliOptions.useTopLevelsAsEnvironments,\n\tverbose: commonCliOptions.verbose,\n\tyes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n\targv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n\tconst config = await getConfig();\n\tconst { info, error } = getLogger();\n\ttry {\n\t\tconst defaultRegion = config.aws.region || argv.awsRegion;\n\t\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\t\tawait handleCredentialsAndRegion({\n\t\t\t\targv: {\n\t\t\t\t\t...argv,\n\t\t\t\t\tawsRegion: defaultRegion,\n\t\t\t\t\tawsProfile: config.aws.profile || argv.awsProfile,\n\t\t\t\t\tawsAssumeRoleArn: config.aws.assumeRoleArn || argv.awsAssumeRoleArn,\n\t\t\t\t\tawsAssumeRoleSessionDuration:\n\t\t\t\t\t\tconfig.aws.assumeRoleSessionDuration ||\n\t\t\t\t\t\targv.awsAssumeRoleSessionDuration,\n\t\t\t\t},\n\t\t\t\tenv: { ...process.env },\n\t\t\t});\n\n\t\tconst { fileType, dotSecPlainText } = await getDotSecPlainText({\n\t\t\tdefaultConfig: {\n\t\t\t\tconfig: {\n\t\t\t\t\taws: {\n\t\t\t\t\t\tkeyAlias: \"alias/dotsec\",\n\t\t\t\t\t\tregions: [regionAndOrigin.value],\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\toptions: {\n\t\t\t\tfilename: argv.secretsFile,\n\t\t\t\tverbose: argv.verbose,\n\t\t\t},\n\t\t});\n\n\t\tconsole.log(\"dotSecPlainText\", dotSecPlainText);\n\n\t\tconst dotSecEncrypted = await encryptPlainText({\n\t\t\tdotSecPlainText,\n\t\t\tcredentials: credentialsAndOrigin.value,\n\t\t\tregion: regionAndOrigin.value,\n\t\t\tkeyAlias: argv.awsKeyAlias,\n\t\t\tverbose: argv.verbose,\n\t\t});\n\t\tif (!dotSecPlainText.plaintext) {\n\t\t\tthrow new Error(`Expected 'encrypted' property, but got none`);\n\t\t}\n\t\tif (!dotSecEncrypted.encrypted) {\n\t\t\tthrow new Error(`Expected 'encrypted' property, but got none`);\n\t\t}\n\t\t// const dotSecEncryptedFlattened = flattenEncrypted(dotSecEncrypted);\n\t\t// const expanded = expandEncrypted(dotSecEncryptedFlattened);\n\n\t\tif (\n\t\t\targv.useTopLevelsAsEnvironments ||\n\t\t\tdotSecPlainText.config?.useTopLevelsAsEnvironments\n\t\t) {\n\t\t\tconst dotSecsPerEnvironment = toDotSecPerEnvironment({\n\t\t\t\tdotSecEncrypted,\n\t\t\t\tverbose: argv.verbose,\n\t\t\t});\n\n\t\t\tfor (const [environment, dotSec] of Object.entries(\n\t\t\t\tdotSecsPerEnvironment,\n\t\t\t)) {\n\t\t\t\tconst fileName = `.sec.${environment}`;\n\t\t\t\tconst dotSecPath = path.resolve(process.cwd(), fileName);\n\t\t\t\tinfo(`target: ${strong(dotSecPath)}\\n`);\n\t\t\t\tinfo(prettyCode(dotSec));\n\t\t\t\tinfo(`\\n`);\n\t\t\t\tconst overwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotSecPath,\n\t\t\t\t\tskip: argv.yes,\n\t\t\t\t});\n\n\t\t\t\tif (\n\t\t\t\t\toverwriteResponse === undefined ||\n\t\t\t\t\toverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tfs.writeFileSync(dotSecPath, dotSec);\n\t\t\t\t}\n\n\t\t\t\t// write to file, prompt if file exists\n\t\t\t}\n\t\t} else {\n\t\t\tconst dotSec = toDotSec({\n\t\t\t\tdotSecEncrypted,\n\t\t\t\tverbose: argv.verbose,\n\t\t\t});\n\n\t\t\tconst fileName = argv.secFile || `.sec`;\n\t\t\tconst dotSecPath = path.resolve(process.cwd(), fileName);\n\t\t\tinfo(`target: ${strong(dotSecPath)}\\n`);\n\t\t\tinfo(prettyCode(dotSec));\n\t\t\tinfo(`\\n`);\n\t\t\tconst overwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\tfilePath: dotSecPath,\n\t\t\t\tskip: argv.yes,\n\t\t\t});\n\n\t\t\tif (\n\t\t\t\toverwriteResponse === undefined ||\n\t\t\t\toverwriteResponse.overwrite === true\n\t\t\t) {\n\t\t\t\tfs.writeFileSync(dotSecPath, dotSec);\n\t\t\t}\n\t\t}\n\t} catch (e) {\n\t\terror(e);\n\t}\n};\n", "import fs from \"node:fs\";\nimport path from \"node:path\";\n\nimport YAML from \"yaml\";\n\nimport { commonCliOptions } from \"../commonCliOptions\";\nimport { getConfig } from \"../lib/config-old\";\nimport { handleCredentialsAndRegion } from \"../lib/partial-commands/handleCredentialsAndRegion\";\nimport { encryptPlainText } from \"../lib/wtf/crypto\";\nimport { getDotSecPlainText } from \"../lib/wtf/io\";\nimport { YargsHandlerParams } from \"../types\";\nimport { promptOverwriteIfFileExists } from \"../utils/io\";\nimport { getLogger, prettyCode, strong } from \"../utils/logger\";\n\nexport const command = \"plaintext-secrets-to-encrypted-secrets\";\nexport const desc = \"Encrypts an unencrypted secretsfile\";\n\nexport const builder = {\n\t\"secrets-file\": {\n\t\tstring: true,\n\t\tdescribe: \"filename of json file reading secrets\",\n\t},\n\t\"encrypted-secrets-file\": {\n\t\tstring: true,\n\t\tdescribe: \"filename of json file for writing encrypted secrets\",\n\t\tdefault: \"secrets.encrypted.json\",\n\t},\n\t\"aws-profile\": commonCliOptions.awsProfile,\n\t\"aws-region\": commonCliOptions.awsRegion,\n\t\"aws-key-alias\": commonCliOptions.awsKeyAlias,\n\t\"aws-assume-role-arn\": commonCliOptions.awsAssumeRoleArn,\n\t\"aws-assume-role-session-duration\":\n\t\tcommonCliOptions.awsAssumeRoleSessionDuration,\n\tverbose: commonCliOptions.verbose,\n\tyes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n\targv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n\tconst config = await getConfig();\n\n\tconst { info, error } = getLogger();\n\ttry {\n\t\tconst defaultRegion = config.aws.region || argv.awsRegion;\n\t\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\t\tawait handleCredentialsAndRegion({\n\t\t\t\targv: {\n\t\t\t\t\t...argv,\n\t\t\t\t\tawsRegion: defaultRegion,\n\t\t\t\t\tawsProfile: config.aws.profile || argv.awsProfile,\n\t\t\t\t\tawsAssumeRoleArn: config.aws.assumeRoleArn || argv.awsAssumeRoleArn,\n\t\t\t\t\tawsAssumeRoleSessionDuration:\n\t\t\t\t\t\tconfig.aws.assumeRoleSessionDuration ||\n\t\t\t\t\t\targv.awsAssumeRoleSessionDuration,\n\t\t\t\t},\n\t\t\t\tenv: { ...process.env },\n\t\t\t});\n\n\t\tconst { fileType, dotSecPlainText } = await getDotSecPlainText({\n\t\t\tdefaultConfig: {\n\t\t\t\tconfig: {\n\t\t\t\t\taws: {\n\t\t\t\t\t\tkeyAlias: \"alias/dotsec\",\n\t\t\t\t\t\tregions: [regionAndOrigin.value],\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\toptions: {\n\t\t\t\tfilename: argv.secretsFile,\n\t\t\t},\n\t\t});\n\t\tif (!dotSecPlainText.plaintext) {\n\t\t\tthrow new Error(`Expected 'plaintext' property, but got none`);\n\t\t}\n\n\t\tconst dotSecEncrypted = await encryptPlainText({\n\t\t\tdotSecPlainText,\n\t\t\tcredentials: credentialsAndOrigin.value,\n\t\t\tregion: regionAndOrigin.value,\n\t\t\tkeyAlias: argv.awsKeyAlias,\n\t\t\tverbose: argv.verbose,\n\t\t});\n\n\t\tconst encryptedSecretsPath = path.resolve(\n\t\t\tprocess.cwd(),\n\t\t\tpath.parse(argv.encryptedSecretsFile || `secrets.encrypted.json`).name +\n\t\t\t\t\".\" +\n\t\t\t\tfileType,\n\t\t);\n\t\tconst converted =\n\t\t\tfileType === \"yaml\" || fileType === \"yml\"\n\t\t\t\t? YAML.stringify(dotSecEncrypted)\n\t\t\t\t: JSON.stringify(dotSecEncrypted, null, 2);\n\n\t\tinfo(`target: ${strong(encryptedSecretsPath)}\\n`);\n\t\tinfo(prettyCode(converted));\n\t\tinfo(`\\n`);\n\t\tconst overwriteResponse = await promptOverwriteIfFileExists({\n\t\t\tfilePath: encryptedSecretsPath,\n\t\t\tskip: argv.yes,\n\t\t});\n\t\t// easy peasy, write json\n\n\t\tif (\n\t\t\toverwriteResponse === undefined ||\n\t\t\toverwriteResponse.overwrite === true\n\t\t) {\n\t\t\tfs.writeFileSync(encryptedSecretsPath, converted);\n\t\t}\n\t} catch (e) {\n\t\terror(e);\n\t}\n};\n"],
5
- "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;AACA;AACA;;;ACAO,IAAM,mBAAmB;AAAA,EAC5B,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,aAAa;AAAA,IACT,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,sBAAsB;AAAA,IAClB,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,kBAAkB;AAAA,IACd,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAER,8BAA8B;AAAA,IAC1B,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAER,4BAA4B;AAAA,IACxB,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,SAAS;AAAA,IACL,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,sBAAsB;AAAA,IAClB,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAER,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAWd,KAAK;AAAA,IACD,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA;AAAA;;;AC1ElB,IAAM,gBAGF;AAAA,EACA,SAAS;AAAA,EACT,UAAU;AAAA,EACV,SAAS;AAAA,IACL,YAAY,iBAAiB;AAAA,IAC7B,eAAe,iBAAiB;AAAA,IAChC,eAAe,iBAAiB;AAAA,IAChC,cAAc,iBAAiB;AAAA,IAC/B,iBAAiB,iBAAiB;AAAA,IAClC,uBAAuB,iBAAiB;AAAA,IACxC,oCACI,iBAAiB;AAAA,IACrB,kCACI,iBAAiB;AAAA,IACrB,SAAS,iBAAiB;AAAA,IAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAAA,EAE/B,SAAS,CAAC,MAAM;AACZ,YAAQ,IAAI,EAAE;AACd,YAAQ,IAAI,EAAE;AAAA;AAAA;AAItB,IAAO,kBAAQ;;;AClCf;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AACA;AACA;AACA;;;ACRA;AAEA;AACA;;;ACHA;AACA;AAEO,oBAAoB,MAAc;AACrC,MAAI;AAEA,WAAO,IAAI,SAAS,YAAY,KAAK;AAAA,UACvC;AAGE,WAAO;AAAA;AAAA;AAIR,IAAM,WAAW,OAAO,aAAqB;AAChD,MAAI;AAEA,WAAO,WAAW,MAAM,GAAG,SAAS,SAAS,UAAU;AAAA,WAClD,OAAP;AACE,QAAI,iBAAiB,OAAO;AACxB,YAAM,IAAI,MACN,mBAAmB,KAAK,SAAS,QAAQ,OAAO,cAC5C,MAAM;AAAA,WAGX;AACH,YAAM;AAAA;AAAA;AAAA;;;ACxBX,IAAM,gBAA8B;AAAA,EACvC,KAAK;AAAA,IACD,UAAU;AAAA;AAAA;;;AFMX,IAAM,YAAY,YAAmC;AACxD,QAAM,MAAM,QAAQ;AACpB,QAAM,eAAe,IAAI;AACzB,QAAM,aAAa,MAAM,aAAa,QAAQ;AAAA,IAC1C,OAAO;AAAA,MACH;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA;AAAA,IAEJ;AAAA,IACA,SAAS,MAAK,MAAM,KAAK;AAAA,IACzB,YAAY;AAAA;AAGhB,MAAI,YAAY;AACZ,QAAI,WAAW,SAAS,UAAU;AAC9B,YAAM,UAAW,MAAM,SAAS;AAEhC,UAAI;AAEJ,UACI,WAAW,SAAS,mBACnB,QAA8C,WAC3C,QACN;AACE,eAAQ,QAA8C;AAAA,aACnD;AACH,eAAO;AAAA;AAGX,aAAO,gDACA,gBACA,OAFA;AAAA,QAGH,KAAK,kCAAK,cAAc,MAAQ,KAAK;AAAA;AAAA;AAI7C,UAAM,SAAS,MAAM,cAAc;AAAA,MAC/B,UAAU;AAAA;AAGd,UAAM,kBAED,OAAO,IAAI,UAEX,OAAO,IAAI,WACZ,OAAO;AACX,WAAO,kCACA,gBAEA;AAAA;AAIX,SAAO,mBAAK;AAAA;;;AGnEhB;AACA;AAEA;;;ACHA;AAEA;AACA;AAEO,IAAM,aAAa,OAAO,WAAqC;AACrE,MAAI;AACH,UAAM,KAAK;AACX,WAAO;AAAA,UACN;AACD,WAAO;AAAA;AAAA;AAIF,IAAM,8BAA8B,OAAO;AAAA,EACjD;AAAA,EACA;AAAA,MAIK;AACL,MAAI;AAEJ,MAAK,MAAM,WAAW,aAAc,SAAS,MAAM;AAClD,wBAAoB,MAAM,QAAQ;AAAA,MACjC,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,MAAM;AACd,eAAO,gBAAgB,MAAK,SAAS,QAAQ,OAAO;AAAA;AAAA;AAAA,SAGhD;AACN,wBAAoB;AAAA;AAErB,SAAO;AAAA;;;AD1BD,IAAM,uBAAuB,OAAO;AAAA,EACvC;AAAA,MAGE;AACF,QAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR;AAEJ,MAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,UAAM,IAAI,MAAM,kBAAkB,UAAU;AAAA;AAEhD,QAAM,mBAAmB,KAAK,MAC1B,IAAG,aAAa,sBAAsB,EAAE,UAAU;AAEtD,MAAI,CAAC,kBAAkB;AACnB,UAAM,IAAI,MACN,iCAAiC,UAAU;AAAA;AAGnD,MAAI,CAAC,iBAAiB,qBAAqB;AACvC,UAAM,IAAI,MACN;AAAA;AAIR,SAAO;AAAA;;;AElCX;AAAA;AAAA;AAAA;AAAA;AAKA;;;ACLA;AACA;AAEA,IAAI;AACG,IAAM,YAAY,MAAM;AAC3B,MAAI,CAAC,SAAS;AACV,cAAU;AAAA;AAGd,SAAO;AAAA;AAKJ,IAAM,WAAW,CAAC,QAAwB,MAAM,aAAa;AAC7D,IAAM,SAAS,CAAC,QAAwB,MAAM,OAAO,KAAK;AAEjE,IAAM,UAAiB;AAAA,EACnB,MAAM,MAAM,OAAO;AAAA,EACnB,QAAQ,MAAM,aAAa;AAAA,EAC3B,QAAQ,MAAM;AAAA,EACd,UAAU,MAAM,IAAI;AAAA,EACpB,QAAQ;AAAA;AAGL,IAAM,aAAa,CAAC,QAAwB;AAC/C,SAAO,UAAU,KAAK,EAAE,OAAO;AAAA;;;ADZ5B,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAkBE;AAlCN;AAmCI,QAAM,oBAAoB,MAAM;AAChC,MAAI,uBAAyD;AAC7D,MAAI,mBAAiD;AACrD,MAAI,kBAA+C;AACnD,MAAI,KAAK,SAAS;AACd,uBAAmB;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,SAAS,KAAK;AAAA;AAElD,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS,KAAK;AAAA;AAAA,MAElB,QAAQ,GAAG,SAAS,IAAI,KAAK;AAAA;AAAA,aAE1B,IAAI,aAAa;AACxB,uBAAmB;AAAA,MACf,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,SAAS,mBAAmB,OAChD,IAAI;AAAA;AAGZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS,IAAI;AAAA;AAAA,MAEjB,QAAQ,gBAAgB,SAAS,mBAAmB,OAChD,IAAI;AAAA;AAAA,aAGL,IAAI,qBAAqB,IAAI,uBAAuB;AAC3D,2BAAuB;AAAA,MACnB,OAAO,MAAM;AAAA,MACb,QAAQ,iBAAiB,SACrB,4BACK,SAAS;AAAA;AAAA,aAEf,wBAAkB,oBAAlB,mBAAmC,SAAS;AACnD,uBAAmB;AAAA,MACf,OAAO;AAAA,MACP,QAAQ,GAAG,SAAS;AAAA;AAExB,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS;AAAA;AAAA,MAEb,QAAQ,WAAW,SAAS;AAAA;AAAA;AAIpC,MAAI,KAAK,QAAQ;AACb,sBAAkB;AAAA,MACd,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,SAAS,KAAK;AAAA;AAAA,aAE3C,IAAI,YAAY;AACvB,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,SAAS,kBAAkB,OAC/C,IAAI;AAAA;AAAA,aAGL,IAAI,oBAAoB;AAC/B,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,SAAS,0BAA0B,OACvD,IAAI;AAAA;AAAA,aAGL,kBAAkB;AACzB,UAAM,cACF,mEAAmB,eAAnB,mBAAgC,iBAAiB,WAAjD,mBAAyD;AAE7D,QAAI,aAAa;AACb,wBAAkB;AAAA,QACd,OAAO;AAAA,QACP,QAAQ,GAAG,SACP,YAAY,iBAAiB;AAAA;AAAA;AAAA;AAM7C,QAAM,cAAc,KAAK,iBAAiB,IAAI;AAC9C,MAAI,aAAa;AACb,UAAM,SAAS,KAAK,gBACd,wBACA;AACN,2BAAuB;AAAA,MACnB,OAAO,MAAM,yBAAyB;AAAA,QAClC,mBAAmB,6DAAsB;AAAA,QAEzC,QAAQ;AAAA,UACJ,iBACI,KAAK,6BACL,OAAO,IAAI,qCACX;AAAA,UACJ,SAAS;AAAA;AAAA,QAGb,cAAc;AAAA,UACV,QAAQ,mDAAiB;AAAA;AAAA;AAAA,MAGjC,QAAQ,GAAG,UAAU,SAAS,IAAI;AAAA;AAAA;AAI1C,SAAO,EAAE,sBAAsB,iBAAiB;AAAA;AAG7C,IAAM,uCAAuC,CAAC;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,MAKU;AACV,QAAM,MAAgB;AACtB,MAAI,kBAAkB;AAClB,QAAI,KAAK,yBAAyB,iBAAiB;AAAA;AAEvD,MAAI,sBAAsB;AACtB,QAAI,KAAK,6BAA6B,qBAAqB;AAAA;AAE/D,MAAI,iBAAiB;AACjB,QAAI,KAAK,wBAAwB,gBAAgB;AAAA;AAErD,SAAO,IAAI,KAAK;AAAA;;;AEhKb,IAAM,6BAA6B,OAAO;AAAA,EAC7C;AAAA,EACA;AAAA,MAmBE;AACF,QAAM,EAAE,sBAAsB,iBAAiB,qBAC3C,MAAM,4BAA4B;AAAA,IAC9B,MAAM;AAAA,MACF,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,eAAe,KAAK;AAAA,MACpB,2BAA2B,KAAK;AAAA;AAAA,IAEpC,KAAK,mBACE;AAAA;AAIf,MAAI,KAAK,YAAY,MAAM;AACvB,YAAQ,IACJ,qCAAqC;AAAA,MACjC;AAAA,MACA;AAAA,MACA;AAAA;AAAA;AAKZ,MAAI,CAAC,wBAAwB,CAAC,iBAAiB;AAC3C,QAAI,CAAC,sBAAsB;AACvB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAEpB,QAAI,CAAC,iBAAiB;AAClB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAAA;AAIxB,SAAO,EAAE,sBAAsB;AAAA;;;AC7DnC;AAAA;AAAA;AAAA;AAMO,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,UAAU;AAEhC,SAAO;AAAA;AAGJ,IAAM,yBAAyB,OAClC,WACA,gBACC;AApBL;AAsBI,QAAM,qBAAqB,IAAI,mBAAmB;AAAA,IAC9C,OAAO;AAAA;AAGX,QAAM,oBAAoB,MAAM,UAAU,KAAK;AAC/C,QAAM,sBACF,8BAAkB,gBAAlB,mBAA+B,yBAA/B,mBAAsD;AAE1D,MAAI,wBAAwB,QAAW;AACnC,UAAM,IAAI,MAAM;AAAA;AAGpB,SAAO;AAAA;;;ATZJ,IAAM,UAAU;AAChB,IAAM,OACZ;AAEM,IAAM,UAAU;AAAA,EACtB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,2BAA2B,iBAAiB;AAAA,EAC5C,uBAAuB,iBAAiB;AAAA,EACxC,oCACC,iBAAiB;AAAA,EAClB,0BAA0B,iBAAiB;AAAA,EAC3C,eAAe,iBAAiB;AAAA,EAEhC,SAAS,iBAAiB;AAAA,EAE1B,SAAS,EAAE,QAAQ,MAAM,UAAU;AAAA;AAGpC,IAAM,YAAY,OAAO;AAAA,EACxB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAMK;AACL,QAAM,YAAY,MAAK,QAAQ,QAAQ,OAAO;AAC9C,MAAI,CAAE,MAAM,WAAW,YAAa;AACnC,YAAQ,MAAM,kBAAkB,WAAU;AAC1C;AAAA;AAED,QAAM,YAAY,MAAM,IAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,QAAM,YAAY,IAAI,WAAU;AAAA,IAC/B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAGzB,QAAM,sBAAsB,MAAM,uBACjC,WACA;AAGD,QAAM,aAAiC,MAAM,QAAQ,IACpD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AAC1D,UAAM,iBAAiB,IAAI,eAAe;AAAA,MACzC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEtB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AACjC,YAAM,IAAI,MACT,OAAO,KAAK,UAAU;AAAA,QACrB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIH,UAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,WAAO,CAAC,KAAK;AAAA;AAGf,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAER,IAAM,sBAAsB,OAAO;AAAA,EAClC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAOK;AACL,QAAM,mBAAmB,MAAM,qBAAqB;AAAA,IACnD;AAAA;AAGD,QAAM,YAAoC,KAAK,QAC9C,iBAAiB,qBACjB;AAAA,IACC,WAAW;AAAA,IACX,cAAc,CAAC,QAAQ;AACtB,aAAO,aAAa;AAAA;AAAA;AAKvB,QAAM,YAAY,IAAI,WAAU;AAAA,IAC/B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAGzB,QAAM,sBAAsB,MAAM,uBACjC,WACA;AAGD,QAAM,YAAY,yCACf,MAAM,KACP,IAAI,CAAC,SAAS,aAAa,OAC3B,KAAK;AACP,QAAM,aAAiC,MAAM,QAAQ,IACpD,OAAO,QAAQ,WACb,OAAO,CAAC,CAAC,SAAS;AAClB,QAAI,WAAW;AACd,aAAO,IAAI,QAAQ,eAAe;AAAA;AAEnC,WAAO;AAAA,KAEP,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACjC,UAAM,iBAAiB,IAAI,eAAe;AAAA,MACzC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEtB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AACjC,YAAM,IAAI,MACT,OAAO,KAAK,UAAU;AAAA,QACrB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIH,UAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,WAAO,CAAC,KAAK;AAAA;AAGhB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAED,IAAM,UAAU,OACtB,SACmB;AACnB,QAAM,SAAS,MAAM;AAErB,MAAI;AACH,QAAI;AACJ,QAAI;AAEJ,QAAI;AACH,UAAI,KAAK,SAAS;AACjB,cAAM,MAAM,IAAG,aAAa,KAAK,SAAS,EAAE,UAAU;AAEtD,YACC,KAAK,oBACL,QAAQ,IAAI,uBACZ,4BAAK,sBACJ;AACD,gBAAM,EAAE,sBAAsB,oBAC7B,MAAM,2BAA2B;AAAA,YAChC,MAAM,iCACF,OADE;AAAA,cAEL,WAAW,OAAO,IAAI,UAAU,KAAK;AAAA,cACrC,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,cACvC,kBACC,OAAO,IAAI,iBAAiB,KAAK;AAAA,cAClC,8BACC,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,YAEP,KAAK,mBAAK,QAAQ;AAAA;AAGpB,mBAAS;AAAA,YACR,mBAAmB,qBAAqB,MAAM;AAAA,YAC9C,uBAAuB,qBAAqB,MAAM;AAAA;AAGnD,cAAI,qBAAqB,MAAM,cAAc;AAC5C,mBAAO,oBAAoB,qBAAqB,MAAM;AAAA;AAAA;AAAA,aAIlD;AACN,cAAM,EAAE,sBAAsB,oBAC7B,MAAM,2BAA2B;AAAA,UAChC,MAAM,iCACF,OADE;AAAA,YAEL,WAAW,OAAO,IAAI,UAAU,KAAK;AAAA,YACrC,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,YACvC,kBACC,OAAO,IAAI,iBAAiB,KAAK;AAAA,YAClC,8BACC,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,UAEP,KAAK,mBAAK,QAAQ;AAAA;AAGpB,YACE,MAAK,oBACL,QAAQ,IAAI,uBACZ,4BAAK,yBACN,qBAAqB,MAAM,iBAAiB,QAC3C;AACD,mBAAS;AAAA,YACR,mBAAmB,qBAAqB,MAAM;AAAA,YAC9C,uBAAuB,qBAAqB,MAAM;AAAA,YAClD,mBAAmB,qBAAqB,MAAM;AAAA;AAAA;AAIhD,YAAI,KAAK,SAAS;AACjB,kBAAQ,IAAI,EAAE,sBAAsB;AAAA;AAErC,cAAM,cAAc,KAAK,eAAe,OAAO,IAAI;AAEnD,YAAI,KAAK,sBAAsB;AAC9B,gBAAM,MAAM,oBAAoB;AAAA,YAC/B,sBAAsB,KAAK;AAAA,YAC3B,YAAY,KAAK;AAAA,YACjB;AAAA,YACA;AAAA,YACA;AAAA;AAAA,eAwBK;AACN,gBAAM,MAAM,UAAU;AAAA,YACrB,SAAS,KAAK;AAAA,YACd;AAAA,YACA;AAAA,YACA;AAAA;AAAA;AAAA;AAAA,aAIK,GAAP;AACD,UAAI,KAAK,yBAAyB,MAAM;AACvC,cAAM;AAAA;AAAA;AAKR,UAAM,kBAAkB,QAAQ,KAAK,MACpC,QAAQ,KAAK,QAAQ,KAAK,WAAW;AAGtC,QAAI,KAAK,SAAS;AACjB,YAAM,KAAK,SAAS,CAAC,GAAG,kBAAkB;AAAA,QACzC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,KAAK,iDAAK,QAAQ,MAAQ,SAAW;AAAA;AAAA;AAAA,WAG/B,GAAP;AACD,YAAQ,MAAM;AAAA;AAAA;;;AUnThB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AAAA;AAAA;;;ACHA;AAAA;AAAA;AAAA;AAAA;AAKA;AAAA;AAAA;AAAA;AAAA;AAKA;AAAA;AAAA;AAAA;AAAA;AAMA;;;AChBA;AAAA;AAAA;AAKO,IAAM,0BAA0B,CAAC;AAAA,EACpC;AAAA,MAIE;AACF,QAAM,uBAAuB,IAAI,qBAAqB;AACtD,SAAO;AAAA;;;ACZX;AAEO,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,UAAU;AAChC,SAAO;AAAA;;;ACkVJ,IAAM,WAAW,CAAC,UAAoC;AAC5D,SAAO,OAAO,UAAU;AAAA;AAGlB,IAAM,WAAW,CAAC,UAAoC;AAC5D,SAAO,OAAO,UAAU;AAAA;AAElB,IAAM,YAAY,CAAC,UAAqC;AAC9D,SAAO,OAAO,UAAU;AAAA;AAelB,IAAM,iBAAiB,CAC7B,eAC0C;AAC1C,QAAM,eAAe;AACrB,SACC,OAAO,iBAAiB,YACxB,iBAAiB,QACjB,UAAU,gBACV,aAAa,SAAS;AAAA;AAIjB,IAAM,2BAA2B,CACvC,UACsC;AACtC,QAAM,mBAAmB;AACzB,SACC,OAAO,qBAAqB,YAC5B,qBAAqB,QACrB,UAAU,oBACV,iBAAiB,SAAS;AAAA;AAIrB,IAAM,qBAAqB,CACjC,eAC+C;AAC/C,QAAM,OAAO;AACb,SACC,SAAS,SACT,SAAS,SACT,UAAU,SACV,yBAAyB;AAAA;AAIpB,IAAM,0BAA0B,CACtC,eACyD;AACzD,QAAM,OAAO;AACb,SACC,KAAK,SAAS,UACd,KAAK,SAAS,SACd,KAAK,mBAAmB;AAAA;AAInB,IAAM,8BAA8B,CAC1C,eAC8D;AAC9D,QAAM,OAAO;AACb,SACC,KAAK,SAAS,UACd,KAAK,SAAS,cACd,KAAK,mBAAmB;AAAA;AAInB,IAAM,4BAA4B,CACxC,eACqD;AACrD,QAAM,OAAO;AACb,SACC,KAAK,SAAS,UACd,KAAK,SAAS,oBACd,CAAE,UAAS,SAAS,SAAS,SAAS,UAAU;AAAA;AAI3C,IAAM,eAAe,CAC3B,eAC4D;AAC5D,MACC,OAAO,eAAe,YACtB,CAAC,MAAM,QAAQ,eACf,eAAe,QACf,CAAC,eAAe,eAChB,CAAC,mBAAmB,eACpB,CAAC,wBAAwB,eACzB,CAAC,4BAA4B,eAC7B,CAAC,0BAA0B,aAC1B;AACD,WAAO;AAAA;AAGR,SAAO;AAAA;;;AC3bD,IAAM,cAAc,CAI1B,SAC+C;AAC/C,QAAM,OAAkD;AAExD,QAAM,cAAc,CACnB,YACA,QAAuB,OACnB;AACJ,QAAI,aAAa,aAAa;AAC7B,aAAO,QAAQ,YAAY,IAAI,CAAC,CAAC,KAAK,WAAW;AAChD,oBAAY,OAAO,CAAC,GAAG,OAAO;AAAA;AAAA,WAEzB;AACN,WAAK,MAAM,KAAK,QAAQ;AAAA;AAAA;AAI1B,cAAY;AACZ,SAAO;AAAA;AAGD,IAAM,mBAAmB,CAC/B,WAC8B;AAC9B,SAAO,iCAAK,SAAL,EAAa,WAAW,YAAY,OAAO;AAAA;AAG5C,IAAM,mBAAmB,CAC/B,WAC8B;AAC9B,SAAO,iCAAK,SAAL,EAAa,WAAW,YAAY,OAAO;AAAA;AAGnD,IAAM,aAAa,CAIlB,SAC8C;AAC9C,QAAM,OAAiD;AACvD,SAAO,QAAQ,MAAM,IAAI,CAAC,CAAC,KAAK,WAAW;AAC1C,UAAM,QAAQ,IAAI,MAAM;AACxB,QAAI,UAAU;AACd,UAAM,QAAQ,CAAC,SAAS,UAAU;AACjC,UAAI,CAAC,QAAQ,UAAU;AACtB,YAAI,UAAU,MAAM,SAAS,GAAG;AAC/B,kBAAQ,WAAW;AAAA,eACb;AACN,kBAAQ,WAAW;AAAA;AAAA;AAKrB,gBAAU,QAAQ;AAAA;AAAA;AAIpB,SAAO;AAAA;AAGD,IAAM,kBAAkB,CAC9B,WACqB;AACrB,SAAO,iCAAK,SAAL,EAAa,WAAW,WAAW,OAAO;AAAA;AAG3C,IAAM,kBAAkB,CAC9B,WACqB;AACrB,SAAO,iCAAK,SAAL,EAAa,WAAW,WAAW,OAAO;AAAA;;;AJ1ClD,IAAM,YAAY,CAAC,UAAiC;AACnD,MAAI;AACH,WAAO,KAAK,MAAM;AAAA,WACV,GAAP;AACD,WAAO;AAAA;AAAA;AAGF,IAAM,qBAAqB,OAAO,YAMT;AAxDhC;AAyDC,QAAM,EAAE,iBAAiB,aAAa,QAAQ,SAAS,aAAa;AACpE,QAAM,2BAA2B,iBAAiB;AAElD,QAAM,EAAE,MAAM,UAAU;AAExB,QAAM,YAAY,aAAa;AAAA,IAC9B,eAAe;AAAA,MACd;AAAA,MACA;AAAA;AAAA,IAED;AAAA;AAGD,QAAM,cAAc,YAAY,6BAAgB,WAAhB,mBAAwB,QAAxB,mBAA6B;AAC7D,MAAI,CAAC,aAAa;AACjB,UAAM,IAAI,MAAM;AAAA;AAEjB,MAAI,SAAS;AACZ,SACC,8BAA8B,SAAS,mBAAmB,SACzD,MAAM,UAAU,OAAO;AAMzB,UAAM,qBAAqB,IAAI,oBAAmB;AAAA,MACjD,OAAO;AAAA;AAGR,UAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,SAAK,eAAe,mBAAK,kBAAkB;AAAA;AAG5C,QAAM,sBAAsB,MAAM,uBACjC,WACA;AAGD,QAAM,kBAA4C;AAAA,IACjD,QAAQ,mBAAK,gBAAgB;AAAA,IAC7B,WAAW;AAAA;AAEZ,aAAW,CAAC,KAAK,mBAAmB,OAAO,QAC1C,yBAAyB,YACvB;AACF,UAAM,iBAAiB,IAAI,gBAAe;AAAA,MACzC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,eAAe,gBAAgB;AAAA,MAC3D,qBAAqB;AAAA;AAGtB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,iBAAiB,WAAW;AAChC,YAAM,IAAI,MACT,2BAA2B,KAAK,UAAU;AAAA,QACzC;AAAA,QACA,YAAY;AAAA,QACZ;AAAA;AAAA;AAKH,QAAI,SAAS;AACZ,WAAK,kBAAkB,SAAS,QAAQ,OAAO;AAAA;AAGhD,UAAM,iBAAiB,OAAO,KAAK,iBAAiB,WAAW;AAC/D,UAAM,oBAAoB,KAAK,MAAM;AAUrC,oBAAgB,UAAU,OAAO,UAAU,kBAAkB;AAAA;AAE9D,SAAO,gBAAgB;AAAA;AAGjB,IAAM,mBAAmB,OAAO,YAMP;AApJhC;AAqJC,QAAM,EAAE,iBAAiB,aAAa,QAAQ,SAAS,aAAa;AACpE,QAAM,kBAAkB,iBAAiB;AACzC,QAAM,EAAE,SAAS;AAEjB,QAAM,YAAY,aAAa;AAAA,IAC9B,eAAe;AAAA,MACd;AAAA,MACA;AAAA;AAAA,IAED;AAAA;AAGD,QAAM,cAAc,YAAY,6BAAgB,WAAhB,mBAAwB,QAAxB,mBAA6B;AAC7D,MAAI,CAAC,aAAa;AACjB,UAAM,IAAI,MAAM;AAAA;AAEjB,MAAI,SAAS;AACZ,SACC,8BAA8B,SAAS,mBAAmB,SACzD,MAAM,UAAU,OAAO;AAMzB,UAAM,qBAAqB,IAAI,oBAAmB;AAAA,MACjD,OAAO;AAAA;AAGR,UAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,SAAK,eAAe,mBAAK,kBAAkB;AAAA;AAG5C,QAAM,sBAAsB,MAAM,uBACjC,WACA;AAGD,QAAM,2BAAqD;AAAA,IAC1D,QAAQ,mBAAK,gBAAgB;AAAA,IAC7B,WAAW;AAAA;AAEZ,aAAW,CAAC,KAAK,mBAAmB,OAAO,QAC1C,gBAAgB,YACd;AACF,QAAI,qBAAqB;AAEzB,QACC,OAAO,uBAAuB,YAC9B,OAAO,uBAAuB,YAC9B,OAAO,uBAAuB,WAC7B;AACD,2BAAqB,KAAK,UAAU;AAAA;AAGrC,UAAM,OAAO,KAAK,UAAU,EAAE,KAAK,OAAO;AAC1C,UAAM,iBAAiB,IAAI,eAAe;AAAA,MACzC,OAAO;AAAA,MACP,WAAW,OAAO,KAAK,OAAO;AAAA,MAC9B,qBAAqB;AAAA;AAGtB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,iBAAiB,gBAAgB;AACrC,YAAM,IAAI,MACT,2BAA2B,KAAK,UAAU;AAAA,QACzC;AAAA,QACA,OAAO;AAAA,QACP;AAAA;AAAA;AAKH,QAAI,SAAS;AACZ,WAAK,kBAAkB,SAAS,QAAQ,OAAO;AAAA;AAGhD,UAAM,aAAa,OAAO,KAAK,iBAAiB,gBAAgB,SAC/D;AAGD,QAAI,mBAAmB,iBAAiB;AACvC,+BAAyB,UAAU,OAAO;AAAA,QACzC,MAAM;AAAA,QACN,gBAAgB;AAAA;AAAA,eAGP,eAAe,iBAAiB;AAC1C,+BAAyB,UAAU,OAAO;AAAA,QACzC,MAAM;AAAA,QACN,gBAAgB;AAAA;AAAA,eAGP,0BAA0B,iBAAiB;AACrD,+BAAyB,UAAU,OAAO;AAAA,QACzC,MAAM;AAAA,QACN,gBAAgB;AAAA;AAAA;AAAA;AAInB,SAAO,gBAAgB;AAAA;AASjB,IAAM,4BAA4B,OAAO,YAMtB;AA1Q1B;AA2QC,QAAM,EAAE,iBAAiB,aAAa,QAAQ,SAAS,aAAa;AACpE,QAAM,2BAA2B,iBAAiB;AAElD,QAAM,EAAE,SAAS;AAGjB,QAAM,YAAY,aAAa;AAAA,IAC9B,eAAe;AAAA,MACd;AAAA,MACA;AAAA;AAAA,IAED;AAAA;AAGD,QAAM,uBAAuB,wBAAwB;AAAA,IACpD,eAAe;AAAA,MACd;AAAA,MACA;AAAA;AAAA,IAED;AAAA;AAID,QAAM,sBACL,kBAAM,qBAAqB,KAAK,IAAI,mBAAmB,SAAvD,mBACE,eADF,mBACc,IAAI,CAAC,WAAW,CAAC,OAAO,MAAM,OAAO,MAAM,OACzD,CAAC,CAAC,MAAM,SAAS,QAAQ;AAI1B,QAAM,kBAAkB,sBACrB,OAAO,YAAY,uBACnB;AAEH,QAAM,cAAc,YAAY,6BAAgB,WAAhB,mBAAwB,QAAxB,mBAA6B;AAC7D,MAAI,CAAC,aAAa;AACjB,UAAM,IAAI,MAAM;AAAA;AAEjB,MAAI,SAAS;AACZ,SAAK,8CAA8C,SAAS;AAAA;AAG7D,QAAM,uBAA8C;AACpD,QAAM,uBAA8C;AACpD,QAAM,yBAAkD;AAExD,aAAW,CAAC,SAAS,mBAAmB,OAAO,QAC9C,yBAAyB,YACvB;AACF,QAAI;AACJ,QAAI,mBAAmB,iBAAiB;AACvC,UAAI,yBAAyB,iBAAiB;AAC7C,uBAAe,eAAe;AAAA,aACxB;AACN,uBAAe;AAAA;AAAA,eAEN,eAAe,iBAAiB;AAE1C,qBAAe,eAAe;AAAA,eAIpB,0BAA0B,iBAAiB;AACrD,qBAAe,eAAe;AAAA,WACxB;AACN,YAAM,IAAI,MAAM;AAAA;AAGjB,QACC,CAAC,SAAS,iBACV,CAAC,SAAS,iBACV,CAAC,UAAU,eACV;AACD,qBAAe,KAAK,UAAU;AAAA;AAE/B,QACC,eAAe,mBACd,mBAAmB,mBACnB,uBAAgB,WAAhB,mBAAwB,kCAAiC,SACxD,0BAAyB,kBACvB,eAAe,cAAc,OAC7B,OACH;AACD,UAAI,gBAA+B,cAAc;AACjD,UAAI,gBAA+B,cAAc;AACjD,UAAI;AACJ,UAAI,eAAe,iBAAiB;AACnC,YAAI,uDAAgB,QAAhB,mBAAqB,MAAM;AAC9B,0BAAgB,eAAe,IAAI;AAAA;AAEpC,YAAI,uDAAgB,QAAhB,mBAAqB,MAAM;AAC9B,0BAAgB,eAAe,IAAI;AAAA;AAEpC,YAAI,iDAAgB,aAAa;AAChC,wBAAc,eAAe;AAAA;AAAA;AAG/B,YAAM,sBAAsB,IAAI,oBAAoB;AAAA,QACnD,MAAM,IAAI;AAAA,QACV,OAAO,OAAO;AAAA,QACd,MAAM;AAAA,QACN,MAAM;AAAA,QACN,aAAa;AAAA,QACb,WAAW;AAAA;AAEZ,2BAAqB,KAAK;AAAA,eAG1B,0BAA0B,mBACzB,mBAAmB,mBACnB,uBAAgB,WAAhB,mBAAwB,kCACvB,oBACA,0BAAyB,kBACvB,eAAe,cAAc,OAC7B,OACH;AACD,YAAM,oBAAoB,gBAAgB;AAC1C,UAAI,CAAC,mBAAmB;AACvB,cAAM,sBAAsB,IAAI,oBAAoB;AAAA,UACnD,MAAM;AAAA,UACN,cAAc,OAAO;AAAA;AAEtB,6BAAqB,KAAK;AAAA,aAEpB;AACN,cAAM,mBAAmB,IAAI,sBAAsB;AAAA,UAClD,UAAU;AAAA,UACV,cAAc,OAAO;AAAA;AAEtB,+BAAuB,KAAK;AAAA;AAAA;AAAA;AAM/B,SAAO;AAAA,IACN,OACC,qBAAqB,SACrB,qBAAqB,SACrB,uBAAuB;AAAA,IACxB;AAAA,IACA;AAAA,IACA;AAAA;AAAA;AAIK,IAAM,6BAA6B,OAAO,YAK5B;AACpB,QAAM,EAAE,aAAa,QAAQ,SAAS,UAAU;AAChD,QAAM,EAAE,SAAS;AACjB,QAAM,YAAY,aAAa;AAAA,IAC9B,eAAe;AAAA,MACd;AAAA,MACA;AAAA;AAAA,IAED;AAAA;AAGD,QAAM,uBAAuB,wBAAwB;AAAA,IACpD,eAAe;AAAA,MACd;AAAA,MACA;AAAA;AAAA,IAED;AAAA;AAED,aAAW,uBAAuB,MAAM,sBAAsB;AAC7D,YAAQ,OAAO,MACd,yBAAyB,SACxB,oBAAoB,MAAM,QAAQ;AAGpC,UAAM,UAAU,KAAK;AACrB,YAAQ,OAAO,MAAM;AAAA;AAAA;AAEtB,aAAW,uBAAuB,MAAM,sBAAsB;AAC7D,YAAQ,OAAO,MACd,mBAAmB,SAClB,oBAAoB,MAAM,QAAQ;AAGpC,UAAM,qBAAqB,KAAK;AAChC,YAAQ,OAAO,MAAM;AAAA;AAAA;AAEtB,aAAW,yBAAyB,MAAM,wBAAwB;AACjE,YAAQ,OAAO,MACd,mBAAmB,SAClB,sBAAsB,MAAM,YAAY;AAG1C,UAAM,qBAAqB,KAAK;AAChC,YAAQ,OAAO,MAAM;AAAA;AAAA;AAAA;AAIhB,IAAM,mBAAmB,CAAC,UAAqB;AACrD,QAAM,EAAE,MAAM,UAAU;AACxB,QAAM,EAAE,sBAAsB,sBAAsB,2BACnD;AAED,QAAM,WAAW,qBAAqB,IAAI,CAAC,cAAY;AACtD,WAAO;AAAA,MACN,MAAM,UAAQ,MAAM;AAAA,MACpB,aAAa,UAAQ,MAAM,eAAe;AAAA,MAC1C,MAAM,UAAQ,MAAM;AAAA,MACpB,MAAM,UAAQ,MAAM;AAAA,MACpB,OAAO,UAAQ,MAAM;AAAA;AAAA;AAGvB,OAAK,SAAS;AACd,QAAM;AAEN,QAAM,oBAAoB,qBAAqB,IAAI,CAAC,cAAY;AAC/D,WAAO;AAAA,MACN,YAAY,UAAQ,MAAM;AAAA,MAC1B,aAAa,UAAQ,MAAM,eAAe;AAAA,MAC1C,OAAO;AAAA;AAAA;AAGT,MAAI,kBAAkB,QAAQ;AAC7B,SAAK,SAAS;AACd,UAAM;AAAA;AAEP,QAAM,oBAAoB,uBAAuB,IAAI,CAAC,cAAY;AACjE,WAAO;AAAA,MACN,YAAY,UAAQ,MAAM;AAAA,MAC1B,OAAO;AAAA;AAAA;AAGT,MAAI,kBAAkB,QAAQ;AAC7B,SAAK,SAAS;AACd,UAAM;AAAA;AAAA;AAGD,IAAM,yBAAyB,OAAO,YAOtB;AACtB,QAAM,EAAE,SAAS;AAEjB,QAAM;AAAA,IACL,kBAAkB;AAAA,IAClB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,MACG;AAEJ,QAAM,YAAY,aAAa;AAAA,IAC9B,eAAe;AAAA,MACd;AAAA,MACA;AAAA;AAAA,IAED;AAAA;AAGD,QAAM,IAAI,yCACP,MAAM,KACP,IAAI,CAAC,SAAS,GAAG,cAAa,UAC9B,KAAK;AACP,QAAM,cAAc;AACpB,MAAI,CAAC,UAAU;AACd,UAAM,IAAI,MAAM;AAAA;AAGjB,QAAM,sBAAsB,MAAM,uBAAuB,WAAW;AACpE,QAAM,cAAwB;AAE9B,QAAM,WAAW,IACd,OAAO,YACP,OAAO,QAAQ,WACb,OAAO,CAAC,CAAC,SAAS,IAAI,WAAW,IACjC,IAAI,CAAC,CAAC,KAAK,WAAW,CAAC,IAAI,QAAQ,GAAG,KAAK,WAE7C;AACH,aAAW,CAAC,KAAK,mBAAmB,OAAO,QAAQ,WAAW;AAC7D,UAAM,iBAAiB,IAAI,gBAAe;AAAA,MACzC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,gBAAgB;AAAA,MAC5C,qBAAqB;AAAA;AAGtB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,iBAAiB,WAAW;AAChC,YAAM,IAAI,MACT,2BAA2B,KAAK,UAAU;AAAA,QACzC;AAAA,QACA,YAAY;AAAA,QACZ;AAAA;AAAA;AAKH,QAAI,SAAS;AACZ,WAAK,kBAAkB,SAAS,QAAQ,OAAO;AAAA;AAGhD,UAAM,iBAAiB,OAAO,KAAK,iBAAiB,WAAW;AAE/D,UAAM,cAAc,KAAK,MAAM;AAK/B,UAAM,eAAe,UAAU,YAAY;AAE3C,QAAI,mBAAmB,eAAe;AACrC,UAAI,yBAAyB,eAAe;AAC3C,oBAAY,KAAK,GAAG,OAAO,KAAK,UAAU,aAAa;AAAA,aACjD;AACN,oBAAY,KAAK,GAAG,OAAO,OAAO;AAAA;AAAA,eAEzB,eAAe,eAAe;AAExC,kBAAY,KAAK,GAAG,OAAO,KAAK,UAAU,aAAa;AAAA,eAI7C,0BAA0B,eAAe;AACnD,kBAAY,KAAK,GAAG,OAAO,KAAK,UAAU,aAAa;AAAA;AAAA;AAMzD,SAAO,YAAY,KAAK;AAAA;;;AKzlBzB;AACA;AAEA;AACA;;;ACJA;AACA;AAEO,qBAAoB,MAAc;AACrC,MAAI;AAEA,WAAO,IAAI,SAAS,YAAY,KAAK;AAAA,UACvC;AAGE,WAAO;AAAA;AAAA;AAIR,IAAM,YAAW,OAAO,aAAqB;AAChD,MAAI;AAEA,WAAO,YAAW,MAAM,IAAG,SAAS,SAAS,UAAU;AAAA,WAClD,OAAP;AACE,QAAI,iBAAiB,OAAO;AACxB,YAAM,IAAI,MACN,mBAAmB,MAAK,SAAS,QAAQ,OAAO,cAC5C,MAAM;AAAA,WAGX;AACH,YAAM;AAAA;AAAA;AAAA;;;AC1BlB;AACA;AAEA;AAEO,IAAM,UAAU,OAAO,aAAqB;AAC/C,MAAI;AAEA,WAAO,KAAK,MAAM,MAAM,IAAG,SAAS,SAAS,UAAU;AAAA,WAClD,OAAP;AACE,QAAI,iBAAiB,OAAO;AACxB,YAAM,IAAI,MACN,mBAAmB,MAAK,SAAS,QAAQ,OAAO,cAC5C,MAAM;AAAA,WAGX;AACH,YAAM;AAAA;AAAA;AAAA;;;AFkCX,IAAM,qBAAqB,OAAO;AAAA,EACrC;AAAA,EACA;AAAA,MAIsC;AAzD1C;AA0DI,QAAM,EAAE,SAAS;AACjB,QAAM,EAAE,UAAU,YAAY,WAAW;AAEzC,QAAM,MAAM,QAAQ;AACpB,QAAM,eAAe,IAAI;AACzB,QAAM,QAAQ,WACR,CAAC,YACD;AAAA,IACI;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA;AAMV,MAAI,SAAS;AACT,SACI,wDAAwD,OACpD,MAAM,KAAK;AAAA;AAIvB,QAAM,aAAa,MAAM,aAAa,QAAQ;AAAA,IAC1C;AAAA,IACA;AAAA,IACA,SAAS,MAAK,MAAM,KAAK;AAAA,IACzB,YAAY;AAAA;AAEhB,MAAI,YAAY;AACZ,QAAI,SAAS;AACT,WAAK,8BAA8B,OAAO;AAAA;AAE9C,QAAI;AACJ,QAAI;AAEJ,QAAI,WAAW,SAAS,UAAU;AAC9B,mBAAa;AAEb,aAAQ,MAAM,UACV;AAAA,eAGJ,WAAW,SAAS,YACpB,WAAW,SAAS,SACtB;AACE,mBAAa;AAEb,aAAQ,MAAM,QACV;AAAA,eAEG,WAAW,SAAS,QAAQ;AACnC,YAAM,sBAAsB,MAAM,eAAc;AAAA,QAC5C,UAAU;AAAA;AAEd,mBAAa;AAEb,aAAQ,oBAAoB,IAAI,UAE5B,oBAAoB,IAAI,WAExB,oBAAoB;AAAA;AAG5B,QAAI,CAAC,YAAY;AACb,YAAM,IAAI,MAAM;AAAA;AAEpB,QAAI,CAAC,MAAM;AACP,YAAM,IAAI,MAAM;AAAA;AAEpB,UAAM,kBAAwC;AAAA,MAC1C,QAAQ,iCACD,KAAK,SADJ;AAAA,QAEJ,KAAK;AAAA,UACD,SACI,0CAAM,WAAN,mBAAc,QAAd,mBAAmB,YACnB,MAAM,QAAQ,yCAAM,WAAN,mBAAc,QAAd,mBAAmB,WAC1B,KAAK,OAAO,IAAI,UACjB,eAAc,OAAO,IAAI;AAAA,UACnC,UACI,0CAAM,WAAN,mBAAc,QAAd,mBAAmB,aACnB,eAAc,OAAO,IAAI;AAAA;AAAA;AAAA;AAIzC,WAAO;AAAA,MACH,UAAU;AAAA,MACV,MAAM;AAAA,MACN,iBAAiB,kCACV,OACA;AAAA;AAAA;AAIf,QAAM,IAAI,MAAM;AAAA;AAGb,IAAM,qBAAqB,OAAO;AAAA,EACrC;AAAA,EACA;AAAA,MAIsC;AAlK1C;AAmKI,QAAM,EAAE,UAAU,YAAY,WAAW;AAEzC,QAAM,MAAM,QAAQ;AACpB,QAAM,eAAe,IAAI;AACzB,QAAM,aAAa,MAAM,aAAa,QAAQ;AAAA,IAC1C,OAAO,WACD,CAAC,YACD;AAAA,MACI;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA;AAAA,IAIV;AAAA,IACA,SAAS,MAAK,MAAM,KAAK;AAAA,IACzB,YAAY;AAAA;AAEhB,MAAI,YAAY;AACZ,QAAI,SAAS;AACT,cAAQ,IAAI,mCAAmC;AAAA;AAEnD,QAAI;AACJ,QAAI;AACJ,QAAI,WAAW,SAAS,UAAU;AAC9B,mBAAa;AACb,aAAQ,MAAM,UACV;AAAA,eAGJ,WAAW,SAAS,YACpB,WAAW,SAAS,SACtB;AACE,mBAAa,MACR,MAAM,YACN,IAAI,UAAU;AACnB,aAAQ,MAAM,QACV;AAAA;AAGR,QAAI,CAAC,YAAY;AACb,YAAM,IAAI,MAAM,eAAe;AAAA;AAEnC,QAAI,CAAC,MAAM;AACP,YAAM,IAAI,MAAM;AAAA;AAGpB,UAAM,kBAAwC;AAAA,MAC1C,QAAQ,iCACD,KAAK,SADJ;AAAA,QAEJ,KAAK;AAAA,UACD,SACI,0CAAM,WAAN,mBAAc,QAAd,mBAAmB,YACnB,MAAM,QAAQ,yCAAM,WAAN,mBAAc,QAAd,mBAAmB,WAC1B,KAAK,OAAO,IAAI,UACjB,eAAc,OAAO,IAAI;AAAA,UACnC,UACI,0CAAM,WAAN,mBAAc,QAAd,mBAAmB,aACnB,eAAc,OAAO,IAAI;AAAA;AAAA;AAAA;AAIzC,WAAO;AAAA,MACH,UAAU;AAAA,MACV,MAAM;AAAA,MACN,iBAAiB,kCACV,OACA;AAAA;AAAA;AAIf,QAAM,IAAI,MAAM;AAAA;AAGb,IAAM,WAAW,OAAO,aAAqB;AAChD,MAAI;AAEA,WAAO,MAAM,IAAG,SAAS,SAAS,UAAU;AAAA,WACvC,OAAP;AACE,QAAI,iBAAiB,OAAO;AACxB,YAAM,IAAI,MACN,mBAAmB,MAAK,SAAS,QAAQ,OAAO,cAC5C,MAAM;AAAA,WAGX;AACH,YAAM;AAAA;AAAA;AAAA;;;AN7OX,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACtB,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,oCACC,iBAAiB;AAAA,EAClB,kCAAkC,iBAAiB;AAAA,EACnD,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGrB,IAAM,WAAU,OACtB,SACmB;AACnB,QAAM,SAAS,MAAM;AAErB,QAAM,EAAE,UAAU;AAClB,MAAI;AACH,UAAM,gBAAgB,OAAO,IAAI,UAAU,KAAK;AAChD,UAAM,EAAE,sBAAsB,oBAC7B,MAAM,2BAA2B;AAAA,MAChC,MAAM,iCACF,OADE;AAAA,QAEL,WAAW;AAAA,QACX,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,QACvC,kBAAkB,OAAO,IAAI,iBAAiB,KAAK;AAAA,QACnD,8BACC,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,MAEP,KAAK,mBAAK,QAAQ;AAAA;AAIpB,UAAM,iBAAiB,KAAK,WAAW;AACvC,UAAM,aAAa,MAAK,QAAQ,QAAQ,OAAO;AAC/C,UAAM,eAAe,MAAM,SAAS;AACpC,UAAM,mBAAmB,AAAO,OAAM;AACtC,UAAM,eAAe,MAAM,uBAAuB;AAAA,MACjD;AAAA,MACA,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA,MACxB,UAAU,KAAK,eAAe;AAAA,MAC9B,SAAS,KAAK;AAAA;AAGf,UAAM,iBAAiB,KAAK,WAAW;AACvC,UAAM,aAAa,MAAK,QAAQ,QAAQ,OAAO;AAE/C,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MAC3D,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGZ,QACC,sBAAsB,UACtB,kBAAkB,cAAc,MAC/B;AACD,UAAG,cAAc,YAAY;AAAA;AAAA,WAsEtB,GAAP;AACD,UAAM;AAAA;AAAA;;;ASpJR;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;;;ACDA;AAmBA,IAAM,iCAAiC,CACnC,UACC;AACD,SAAO,OAAO,QAAQ,OAAO,IAAI,CAAC,CAAC,KAAK,oBAAoB;AACxD,UAAM,QAAQ,IAAI,MAAM;AAExB,UAAM,gBAAgB,MAAM,IAAI,CAAC,MAAM,cAAa,IAAI,KAAK;AAE7D,QAAI;AACJ,QAAI,mBAAmB,iBAAiB;AACpC,UAAI,yBAAyB,iBAAiB;AAC1C,uBAAe,eAAe;AAAA,aAC3B;AACH,uBAAe;AAAA;AAAA,eAEZ,eAAe,iBAAiB;AACvC,qBAAe,eAAe;AAAA,eACvB,0BAA0B,iBAAiB;AAClD,qBAAe,eAAe;AAAA,WAC3B;AACH,YAAM,IAAI,MAAM;AAAA;AAGpB,QACI,CAAC,SAAS,iBACV,CAAC,SAAS,iBACV,CAAC,UAAU,eACb;AACE,qBAAe,KAAK,UAAU;AAAA;AAGlC,WAAO,GAAG,iBAAiB,OAAO;AAAA;AAAA;AAInC,IAAM,WAAW,CAAC,YAInB;AACF,QAAM,EAAE,SAAS;AACjB,QAAM,EAAE,iBAAiB,YAAY,YAAY;AACjD,MAAI,OAAO,gBAAgB;AAC3B,MAAI,YAAY;AACZ,QAAI,SAAS;AACT,WAAK,uBAAuB,OAAO;AAAA;AAEvC,UAAM,YAAY,WAAW,MAAM;AACnC,eAAW,YAAY,WAAW;AAE9B,aAAO,KAAK;AAKZ,UAAI,SAAS,QAAW;AACpB,cAAM,IAAI,MACN,yBAAyB,uBAAuB;AAAA;AAAA;AAAA;AAMhE,QAAM,gBAAgB,YAAY;AAElC,SAAO,+BAA+B,eAAe,KAAK;AAAA;AAGvD,IAAM,yBAAyB,CAAC,YAIjC;AACF,QAAM,EAAE,SAAS;AACjB,QAAM,EAAE,iBAAiB,YAAY,YAAY;AAEjD,QAAM,eAAe,OAAO,KAAK,gBAAgB;AAEjD,SAAO,OAAO,YACV,aAAa,IAAI,CAAC,gBAAgB;AAC9B,QAAI,OAAO,gBAAgB,UAAU;AACrC,QAAI,YAAY;AACZ,UAAI,SAAS;AACT,aAAK,uBAAuB,OAAO;AAAA;AAEvC,YAAM,YAAY,WAAW,MAAM;AACnC,iBAAW,YAAY,WAAW;AAE9B,eAAO,KAAK;AAKZ,YAAI,SAAS,QAAW;AACpB,gBAAM,IAAI,MACN,yBAAyB,uBAAuB;AAAA;AAAA;AAAA;AAKhE,WAAO;AAAA,MACH;AAAA,MACA,+BAA+B,YAAY,OAAO,KAAK;AAAA;AAAA;AAAA;;;AD5GhE,IAAM,WAAU;AAChB,IAAM,QAAO;AAAA;AAGb,IAAM,WAAU;AAAA,EACtB,0BAA0B;AAAA,IACzB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEV,YAAY,iBAAiB;AAAA,EAC7B,eAAe,iBAAiB;AAAA,EAChC,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,oCACC,iBAAiB;AAAA,EAClB,kCAAkC,iBAAiB;AAAA,EACnD,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGrB,IAAM,WAAU,OACtB,SACmB;AAtCpB;AAuCC,QAAM,SAAS,MAAM;AAErB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACH,UAAM,gBAAgB,OAAO,IAAI,UAAU,KAAK;AAChD,UAAM,EAAE,sBAAsB,oBAC7B,MAAM,2BAA2B;AAAA,MAChC,MAAM,iCACF,OADE;AAAA,QAEL,WAAW;AAAA,QACX,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,QACvC,kBAAkB,OAAO,IAAI,iBAAiB,KAAK;AAAA,QACnD,8BACC,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,MAEP,KAAK,mBAAK,QAAQ;AAAA;AAGpB,UAAM,EAAE,UAAU,oBAAoB,MAAM,mBAAmB;AAAA,MAC9D,eAAe;AAAA,QACd,QAAQ;AAAA,UACP,KAAK;AAAA,YACJ,UAAU;AAAA,YACV,SAAS,CAAC,gBAAgB;AAAA;AAAA;AAAA;AAAA,MAI7B,SAAS;AAAA,QACR,SAAS,KAAK;AAAA;AAAA;AAGhB,QAAI,CAAC,gBAAgB,WAAW;AAC/B,YAAM,IAAI,MAAM;AAAA;AAKjB,UAAM,kBAAkB,MAAM,mBAAmB;AAAA,MAChD;AAAA,MACA,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA,MACxB,UAAU,KAAK;AAAA,MACf,SAAS,KAAK;AAAA;AAGf,QACC,KAAK,8BACL,uBAAgB,WAAhB,mBAAwB,6BACvB;AACD,YAAM,wBAAwB,uBAAuB;AAAA,QACpD;AAAA,QACA,SAAS,KAAK;AAAA;AAGf,iBAAW,CAAC,aAAa,WAAW,OAAO,QAC1C,wBACE;AACF,cAAM,WAAW,QAAQ;AACzB,cAAM,aAAa,OAAK,QAAQ,QAAQ,OAAO;AAE/C,aAAK,WAAW,OAAO;AAAA;AACvB,aAAK,WAAW;AAChB,aAAK;AAAA;AACL,cAAM,oBAAoB,MAAM,4BAA4B;AAAA,UAC3D,UAAU;AAAA,UACV,MAAM,KAAK;AAAA;AAGZ,YACC,sBAAsB,UACtB,kBAAkB,cAAc,MAC/B;AACD,cAAG,cAAc,YAAY;AAAA;AAAA;AAAA,WAKzB;AACN,YAAM,SAAS,SAAS;AAAA,QACvB;AAAA,QACA,SAAS,KAAK;AAAA,QACd,YAAY,KAAK;AAAA;AAGlB,YAAM,WAAW,KAAK,WAAW;AACjC,YAAM,aAAa,OAAK,QAAQ,QAAQ,OAAO;AAC/C,WAAK,WAAW,OAAO;AAAA;AACvB,WAAK,WAAW;AAChB,WAAK;AAAA;AAEL,YAAM,oBAAoB,MAAM,4BAA4B;AAAA,QAC3D,UAAU;AAAA,QACV,MAAM,KAAK;AAAA;AAGZ,UACC,sBAAsB,UACtB,kBAAkB,cAAc,MAC/B;AACD,YAAG,cAAc,YAAY;AAAA;AAAA;AAAA,WAGvB,GAAP;AACD,UAAM;AAAA;AAAA;;;AE/IR;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;;;ACDA;AAcA,IAAM,iCAAiC,CACnC,UACC;AACD,SAAO,OAAO,QAAQ,OAAO,IAAI,CAAC,CAAC,KAAK,oBAAoB;AACxD,UAAM,QAAQ,IAAI,MAAM;AAExB,UAAM,gBAAgB,MAAM,IAAI,CAAC,MAAM,cAAa,IAAI,KAAK;AAE7D,QAAI;AACJ,QAAI,4BAA4B,iBAAiB;AAC7C,qBAAe,eAAe;AAAA,eACvB,wBAAwB,iBAAiB;AAChD,qBAAe,eAAe;AAAA,eACvB,0BAA0B,iBAAiB;AAClD,qBAAe,eAAe;AAAA,WAC3B;AACH,YAAM,IAAI,MAAM;AAAA;AAGpB,WAAO,GAAG,iBAAiB,OAAO;AAAA;AAAA;AAInC,IAAM,WAAW,CAAC,YAInB;AACF,QAAM,EAAE,SAAS;AACjB,QAAM,EAAE,iBAAiB,YAAY,YAAY;AAEjD,MAAI,OAAO,gBAAgB;AAC3B,MAAI,YAAY;AACZ,QAAI,SAAS;AACT,WAAK,uBAAuB,OAAO;AAAA;AAEvC,UAAM,YAAY,WAAW,MAAM;AACnC,eAAW,YAAY,WAAW;AAE9B,aAAO,KAAK;AAAA;AAAA;AAOpB,QAAM,gBAAgB,YAAY;AAElC,SAAO,+BAA+B,eAAe,KAAK;AAAA;AAGvD,IAAM,yBAAyB,CAAC,YAIjC;AACF,QAAM,EAAE,SAAS;AAEjB,QAAM,EAAE,iBAAiB,YAAY,YAAY;AAEjD,QAAM,eAAe,OAAO,KAAK,gBAAgB;AAEjD,SAAO,OAAO,YACV,aAAa,IAAI,CAAC,gBAAgB;AAC9B,QAAI,OAAO,gBAAgB,UAAU;AACrC,QAAI,YAAY;AACZ,UAAI,SAAS;AACT,aAAK,uBAAuB,OAAO;AAAA;AAEvC,YAAM,YAAY,WAAW,MAAM;AACnC,iBAAW,YAAY,WAAW;AAE9B,eAAO,KAAK;AAAA;AAAA;AAOpB,WAAO;AAAA,MACH;AAAA,MACA,+BAA+B,YAAY,OAAO,KAAK;AAAA;AAAA;AAAA;;;ADlFhE,IAAM,WAAU;AAChB,IAAM,QAAO;AAAA;AAGb,IAAM,WAAU;AAAA,EACtB,0BAA0B;AAAA,IACzB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEV,YAAY,iBAAiB;AAAA,EAC7B,eAAe,iBAAiB;AAAA,EAChC,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,oCACC,iBAAiB;AAAA,EAClB,kCAAkC,iBAAiB;AAAA,EACnD,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGrB,IAAM,WAAU,OACtB,SACmB;AAtCpB;AAuCC,QAAM,SAAS,MAAM;AAErB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACH,UAAM,gBAAgB,OAAO,IAAI,UAAU,KAAK;AAChD,UAAM,EAAE,sBAAsB,oBAC7B,MAAM,2BAA2B;AAAA,MAChC,MAAM,iCACF,OADE;AAAA,QAEL,WAAW;AAAA,QACX,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,QACvC,kBAAkB,OAAO,IAAI,iBAAiB,KAAK;AAAA,QACnD,8BACC,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,MAEP,KAAK,mBAAK,QAAQ;AAAA;AAGpB,UAAM,EAAE,UAAU,oBAAoB,MAAM,mBAAmB;AAAA,MAC9D,eAAe;AAAA,QACd,QAAQ;AAAA,UACP,KAAK;AAAA,YACJ,UAAU;AAAA,YACV,SAAS,CAAC,gBAAgB;AAAA;AAAA;AAAA;AAAA,MAI7B,SAAS;AAAA,QACR,SAAS,KAAK;AAAA;AAAA;AAGhB,QAAI,CAAC,gBAAgB,WAAW;AAC/B,YAAM,IAAI,MAAM;AAAA;AAKjB,UAAM,kBAAkB,MAAM,mBAAmB;AAAA,MAChD;AAAA,MACA,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA,MACxB,UAAU,KAAK;AAAA,MACf,SAAS,KAAK;AAAA;AAGf,QACC,KAAK,8BACL,uBAAgB,WAAhB,mBAAwB,6BACvB;AACD,YAAM,wBAAwB,uBAAuB;AAAA,QACpD;AAAA,QACA,YAAY,KAAK;AAAA,QACjB,SAAS,KAAK;AAAA;AAGf,iBAAW,CAAC,aAAa,WAAW,OAAO,QAC1C,wBACE;AACF,cAAM,WAAW,QAAQ;AACzB,cAAM,aAAa,OAAK,QAAQ,QAAQ,OAAO;AAE/C,aAAK,WAAW,OAAO;AAAA;AACvB,aAAK,WAAW;AAChB,aAAK;AAAA;AAEL,cAAM,oBAAoB,MAAM,4BAA4B;AAAA,UAC3D,UAAU;AAAA,UACV,MAAM,KAAK;AAAA;AAGZ,YACC,sBAAsB,UACtB,kBAAkB,cAAc,MAC/B;AACD,cAAG,cAAc,YAAY;AAAA;AAAA;AAAA,WAKzB;AACN,YAAM,SAAS,SAAS;AAAA,QACvB;AAAA,QACA,YAAY,KAAK;AAAA,QACjB,SAAS,KAAK;AAAA;AAGf,YAAM,WAAW,KAAK,WAAW;AACjC,YAAM,aAAa,OAAK,QAAQ,QAAQ,OAAO;AAE/C,WAAK,WAAW,OAAO;AAAA;AACvB,WAAK,WAAW;AAChB,WAAK;AAAA;AACL,YAAM,oBAAoB,MAAM,4BAA4B;AAAA,QAC3D,UAAU;AAAA,QACV,MAAM,KAAK;AAAA;AAGZ,UACC,sBAAsB,UACtB,kBAAkB,cAAc,MAC/B;AACD,YAAG,cAAc,YAAY;AAAA;AAAA;AAAA,WAGvB,GAAP;AACD,UAAM;AAAA;AAAA;;;AEjJR;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AAUO,IAAM,WAAU;AAChB,IAAM,QACZ;AAEM,IAAM,WAAU;AAAA,EACtB,gBAAgB;AAAA,IACf,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEV,0BAA0B;AAAA,IACzB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEV,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,oCACC,iBAAiB;AAAA,EAClB,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGrB,IAAM,WAAU,OACtB,SACmB;AACnB,QAAM,SAAS,MAAM;AAErB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACH,UAAM,gBAAgB,OAAO,IAAI,UAAU,KAAK;AAChD,UAAM,EAAE,sBAAsB,oBAC7B,MAAM,2BAA2B;AAAA,MAChC,MAAM,iCACF,OADE;AAAA,QAEL,WAAW;AAAA,QACX,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,QACvC,kBAAkB,OAAO,IAAI,iBAAiB,KAAK;AAAA,QACnD,8BACC,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,MAEP,KAAK,mBAAK,QAAQ;AAAA;AAGpB,UAAM,EAAE,UAAU,oBAAoB,MAAM,mBAAmB;AAAA,MAC9D,eAAe;AAAA,QACd,QAAQ;AAAA,UACP,KAAK;AAAA,YACJ,UAAU;AAAA,YACV,SAAS,CAAC,gBAAgB;AAAA;AAAA;AAAA;AAAA,MAI7B,SAAS;AAAA;AAEV,QAAI,CAAC,gBAAgB,WAAW;AAC/B,YAAM,IAAI,MAAM;AAAA;AAKjB,UAAM,kBAAkB,MAAM,mBAAmB;AAAA,MAChD;AAAA,MACA,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA,MACxB,UAAU,KAAK;AAAA,MACf,SAAS,KAAK;AAAA;AAGf,QAAI,KAAK,aAAa;AAErB,YAAM,uBAAuB,OAAK,QAAQ,KAAK,aAAa,UAAU;AAAA;AAGvE,UAAM,cAAc,OAAK,QACxB,QAAQ,OACR,OAAK,MAAM,KAAK,eAAe,gBAAgB,OAAO,MAAM;AAG7D,YAAQ,IACP,eACA,UACA,OAAK,MAAM,KAAK,eAAe,gBAAgB;AAEhD,UAAM,YACL,aAAa,UAAU,aAAa,QACjC,MAAK,UAAU,mBACf,KAAK,UAAU,iBAAiB,MAAM;AAE1C,SAAK,WAAW,OAAO;AAAA;AACvB,SAAK,WAAW;AAChB,SAAK;AAAA;AAEL,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MAC3D,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGZ,QACC,sBAAsB,UACtB,kBAAkB,cAAc,MAC/B;AACD,WAAG,cAAc,aAAa;AAAA;AAAA,WAEvB,GAAP;AACD,UAAM;AAAA;AAAA;;;ACzHR;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAcO,IAAM,WAAU;AAChB,IAAM,QACZ;AAEM,IAAM,WAAU;AAAA,EACtB,0BAA0B;AAAA,IACzB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEV,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,oCACC,iBAAiB;AAAA,EAClB,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGrB,IAAM,WAAU,OACtB,SACmB;AACnB,QAAM,SAAS,MAAM;AAErB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACH,UAAM,gBAAgB,OAAO,IAAI,UAAU,KAAK;AAChD,UAAM,EAAE,sBAAsB,oBAC7B,MAAM,2BAA2B;AAAA,MAChC,MAAM,iCACF,OADE;AAAA,QAEL,WAAW;AAAA,QACX,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,QACvC,kBAAkB,OAAO,IAAI,iBAAiB,KAAK;AAAA,QACnD,8BACC,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,MAEP,KAAK,mBAAK,QAAQ;AAAA;AAGpB,UAAM,EAAE,UAAU,oBAAoB,MAAM,mBAAmB;AAAA,MAC9D,eAAe;AAAA,QACd,QAAQ;AAAA,UACP,KAAK;AAAA,YACJ,UAAU;AAAA,YACV,SAAS,CAAC,gBAAgB;AAAA;AAAA;AAAA;AAAA,MAI7B,SAAS;AAAA;AAEV,QAAI,CAAC,gBAAgB,WAAW;AAC/B,YAAM,IAAI,MAAM;AAAA;AAKjB,UAAM,kBAAkB,MAAM,mBAAmB;AAAA,MAChD;AAAA,MACA,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA,MACxB,UAAU,KAAK;AAAA,MACf,SAAS,KAAK;AAAA;AAEf,UAAM,QAAQ,MAAM,0BAA0B;AAAA,MAC7C;AAAA,MACA,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA,MACxB,UAAU,KAAK;AAAA,MACf,SAAS,KAAK;AAAA;AAEf,QAAI,MAAM,QAAQ,GAAG;AACpB,uBAAiB;AACjB,UAAI,UAAU,KAAK,QAAQ;AAC3B,UAAI,YAAY,OAAO;AACtB,kBAAU,MAAM,SAAQ;AAAA,UACvB,MAAM;AAAA,UACN,MAAM;AAAA,UACN,SAAS,MAAM;AACd,mBAAO;AAAA;AAAA,WAEN,KAAK,CAAC,MAAM,EAAE;AAAA;AAGlB,UAAI,SAAS;AACZ,cAAM,2BAA2B;AAAA,UAChC,aAAa,qBAAqB;AAAA,UAClC,QAAQ,gBAAgB;AAAA,UACxB,SAAS,KAAK;AAAA,UACd;AAAA;AAAA;AAAA,WAGI;AACN,WAAK;AAAA;AAAA,WAEE,GAAP;AACD,UAAM;AAAA;AAAA;;;AChHR;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAWO,IAAM,WAAU;AAChB,IAAM,QAAO;AAAA;AAGb,IAAM,WAAU;AAAA,EACtB,gBAAgB;AAAA,IACf,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEV,YAAY,iBAAiB;AAAA,EAC7B,eAAe,iBAAiB;AAAA,EAChC,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,oCACC,iBAAiB;AAAA,EAClB,kCAAkC,iBAAiB;AAAA,EACnD,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA,EAC3B,WAAW,iBAAiB;AAAA;AAGtB,IAAM,WAAU,OACtB,SACmB;AAtCpB;AAuCC,QAAM,SAAS,MAAM;AACrB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACH,UAAM,gBAAgB,OAAO,IAAI,UAAU,KAAK;AAChD,UAAM,EAAE,oBAAoB,MAAM,2BAA2B;AAAA,MAC5D,MAAM,iCACF,OADE;AAAA,QAEL,WAAW;AAAA,QACX,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,QACvC,kBAAkB,OAAO,IAAI,iBAAiB,KAAK;AAAA,QACnD,8BACC,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,MAEP,KAAK,mBAAK,QAAQ;AAAA;AAGnB,UAAM,EAAE,oBAAoB,MAAM,mBAAmB;AAAA,MACpD,eAAe;AAAA,QACd,QAAQ;AAAA,UACP,KAAK;AAAA,YACJ,UAAU;AAAA,YACV,SAAS,CAAC,gBAAgB;AAAA;AAAA;AAAA;AAAA,MAI7B,SAAS;AAAA,QACR,UAAU,KAAK;AAAA,QACf,SAAS,KAAK;AAAA;AAAA;AAGhB,QAAI,CAAC,gBAAgB,WAAW;AAC/B,YAAM,IAAI,MAAM;AAAA;AAGjB,QACC,KAAK,8BACL,uBAAgB,WAAhB,mBAAwB,6BACvB;AACD,YAAM,wBAAwB,uBAAuB;AAAA,QACpD;AAAA,QACA,SAAS,KAAK;AAAA;AAGf,iBAAW,CAAC,aAAa,WAAW,OAAO,QAC1C,wBACE;AACF,cAAM,WAAW,QAAQ;AACzB,cAAM,aAAa,OAAK,QAAQ,QAAQ,OAAO;AAC/C,YAAI,KAAK,QAAQ;AAEhB,eAAK,OAAO,MAAM;AAClB,eAAK,SAAS;AAAA,eACR;AACN,gBAAM,oBAAoB,MAAM,4BAA4B;AAAA,YAC3D,UAAU;AAAA,YACV,MAAM,KAAK;AAAA;AAGZ,cACC,sBAAsB,UACtB,kBAAkB,cAAc,MAC/B;AACD,iBAAG,cAAc,YAAY;AAAA;AAAA;AAAA;AAAA,WAM1B;AACN,YAAM,SAAS,SAAS;AAAA,QACvB;AAAA,QACA,SAAS,KAAK;AAAA,QACd,YAAY,KAAK;AAAA;AAGlB,YAAM,WAAW,KAAK,WAAW;AACjC,YAAM,aAAa,OAAK,QAAQ,QAAQ,OAAO;AAC/C,WAAK,WAAW,OAAO;AAAA;AACvB,WAAK,WAAW;AAChB,WAAK;AAAA;AAEL,YAAM,oBAAoB,MAAM,4BAA4B;AAAA,QAC3D,UAAU;AAAA,QACV,MAAM,KAAK;AAAA;AAGZ,UACC,sBAAsB,UACtB,kBAAkB,cAAc,MAC/B;AACD,aAAG,cAAc,YAAY;AAAA;AAAA;AAAA,WAGvB,GAAP;AACD,UAAM;AAAA;AAAA;;;ACtIR;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAYO,IAAM,WAAU;AAChB,IAAM,QAAO;AAAA;AAGb,IAAM,WAAU;AAAA,EACtB,gBAAgB;AAAA,IACf,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEX,YAAY,iBAAiB;AAAA,EAC7B,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,oCACC,iBAAiB;AAAA,EAClB,kCAAkC,iBAAiB;AAAA,EACnD,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGrB,IAAM,WAAU,OACtB,SACmB;AApCpB;AAqCC,QAAM,SAAS,MAAM;AACrB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACH,UAAM,gBAAgB,OAAO,IAAI,UAAU,KAAK;AAChD,UAAM,EAAE,sBAAsB,oBAC7B,MAAM,2BAA2B;AAAA,MAChC,MAAM,iCACF,OADE;AAAA,QAEL,WAAW;AAAA,QACX,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,QACvC,kBAAkB,OAAO,IAAI,iBAAiB,KAAK;AAAA,QACnD,8BACC,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,MAEP,KAAK,mBAAK,QAAQ;AAAA;AAGpB,UAAM,EAAE,UAAU,oBAAoB,MAAM,mBAAmB;AAAA,MAC9D,eAAe;AAAA,QACd,QAAQ;AAAA,UACP,KAAK;AAAA,YACJ,UAAU;AAAA,YACV,SAAS,CAAC,gBAAgB;AAAA;AAAA;AAAA;AAAA,MAI7B,SAAS;AAAA,QACR,UAAU,KAAK;AAAA,QACf,SAAS,KAAK;AAAA;AAAA;AAIhB,YAAQ,IAAI,mBAAmB;AAE/B,UAAM,kBAAkB,MAAM,iBAAiB;AAAA,MAC9C;AAAA,MACA,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA,MACxB,UAAU,KAAK;AAAA,MACf,SAAS,KAAK;AAAA;AAEf,QAAI,CAAC,gBAAgB,WAAW;AAC/B,YAAM,IAAI,MAAM;AAAA;AAEjB,QAAI,CAAC,gBAAgB,WAAW;AAC/B,YAAM,IAAI,MAAM;AAAA;AAKjB,QACC,KAAK,8BACL,uBAAgB,WAAhB,mBAAwB,6BACvB;AACD,YAAM,wBAAwB,uBAAuB;AAAA,QACpD;AAAA,QACA,SAAS,KAAK;AAAA;AAGf,iBAAW,CAAC,aAAa,WAAW,OAAO,QAC1C,wBACE;AACF,cAAM,WAAW,QAAQ;AACzB,cAAM,aAAa,OAAK,QAAQ,QAAQ,OAAO;AAC/C,aAAK,WAAW,OAAO;AAAA;AACvB,aAAK,WAAW;AAChB,aAAK;AAAA;AACL,cAAM,oBAAoB,MAAM,4BAA4B;AAAA,UAC3D,UAAU;AAAA,UACV,MAAM,KAAK;AAAA;AAGZ,YACC,sBAAsB,UACtB,kBAAkB,cAAc,MAC/B;AACD,eAAG,cAAc,YAAY;AAAA;AAAA;AAAA,WAKzB;AACN,YAAM,SAAS,SAAS;AAAA,QACvB;AAAA,QACA,SAAS,KAAK;AAAA;AAGf,YAAM,WAAW,KAAK,WAAW;AACjC,YAAM,aAAa,OAAK,QAAQ,QAAQ,OAAO;AAC/C,WAAK,WAAW,OAAO;AAAA;AACvB,WAAK,WAAW;AAChB,WAAK;AAAA;AACL,YAAM,oBAAoB,MAAM,4BAA4B;AAAA,QAC3D,UAAU;AAAA,QACV,MAAM,KAAK;AAAA;AAGZ,UACC,sBAAsB,UACtB,kBAAkB,cAAc,MAC/B;AACD,aAAG,cAAc,YAAY;AAAA;AAAA;AAAA,WAGvB,GAAP;AACD,UAAM;AAAA;AAAA;;;AC/IR;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AAWO,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACtB,gBAAgB;AAAA,IACf,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEX,0BAA0B;AAAA,IACzB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEV,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,oCACC,iBAAiB;AAAA,EAClB,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGrB,IAAM,WAAU,OACtB,SACmB;AACnB,QAAM,SAAS,MAAM;AAErB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACH,UAAM,gBAAgB,OAAO,IAAI,UAAU,KAAK;AAChD,UAAM,EAAE,sBAAsB,oBAC7B,MAAM,2BAA2B;AAAA,MAChC,MAAM,iCACF,OADE;AAAA,QAEL,WAAW;AAAA,QACX,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,QACvC,kBAAkB,OAAO,IAAI,iBAAiB,KAAK;AAAA,QACnD,8BACC,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,MAEP,KAAK,mBAAK,QAAQ;AAAA;AAGpB,UAAM,EAAE,UAAU,oBAAoB,MAAM,mBAAmB;AAAA,MAC9D,eAAe;AAAA,QACd,QAAQ;AAAA,UACP,KAAK;AAAA,YACJ,UAAU;AAAA,YACV,SAAS,CAAC,gBAAgB;AAAA;AAAA;AAAA;AAAA,MAI7B,SAAS;AAAA,QACR,UAAU,KAAK;AAAA;AAAA;AAGjB,QAAI,CAAC,gBAAgB,WAAW;AAC/B,YAAM,IAAI,MAAM;AAAA;AAGjB,UAAM,kBAAkB,MAAM,iBAAiB;AAAA,MAC9C;AAAA,MACA,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA,MACxB,UAAU,KAAK;AAAA,MACf,SAAS,KAAK;AAAA;AAGf,UAAM,uBAAuB,OAAK,QACjC,QAAQ,OACR,OAAK,MAAM,KAAK,wBAAwB,0BAA0B,OACjE,MACA;AAEF,UAAM,YACL,aAAa,UAAU,aAAa,QACjC,MAAK,UAAU,mBACf,KAAK,UAAU,iBAAiB,MAAM;AAE1C,SAAK,WAAW,OAAO;AAAA;AACvB,SAAK,WAAW;AAChB,SAAK;AAAA;AACL,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MAC3D,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAIZ,QACC,sBAAsB,UACtB,kBAAkB,cAAc,MAC/B;AACD,WAAG,cAAc,sBAAsB;AAAA;AAAA,WAEhC,GAAP;AACD,UAAM;AAAA;AAAA;;;A9BrFR,KAAK,MAAM,QAAQ,QAAQ,OACtB,QAAQ,iBACR,QAAQ,wBACR,QAAQ,gDACR,QAAQ,gDACR,QAAQ,sCACR,QAAQ,sCACR,QAAQ,sCACR,QAAQ,sCACR,QAAQ,4BACR,QAAQ,mCAaR;",
6
- "names": []
7
- }