dotsec 1.0.0-alpha.8 → 2.0.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
- "sources": ["../../src/cli/index.ts", "../../src/lib/aws/AwsKmsEncryptionEngine.ts", "../../src/lib/aws/getCredentialsProfileRegion.ts", "../../src/utils/logger.ts", "../../src/lib/aws/handleCredentialsAndRegion.ts", "../../src/lib/io.ts", "../../src/cli/commands/init.ts", "../../src/lib/transformer.ts", "../../src/constants.ts", "../../src/cli/options.ts", "../../src/cli/commands/run.ts", "../../src/lib/config/index.ts", "../../src/lib/json.ts", "../../src/cli/commands/decrypt.ts", "../../src/cli/commands/encrypt.ts", "../../src/types.ts", "../../src/cli/commands/push.ts", "../../src/utils/prompts.ts", "../../src/lib/aws/AwsSsm.ts", "../../src/lib/aws/AwsSecretsManager.ts"],
4
- "sourcesContent": ["import { Command } from \"commander\";\n\nimport addInitCommand from \"./commands/init\";\nimport addRunCommand from \"./commands/run\";\nimport addDecryptCommand from \"./commands/decrypt\";\nimport addEncryptCommand from \"./commands/encrypt\";\nimport addPushProgram from \"./commands/push\";\nimport { setProgramOptions } from \"./options\";\nconst program = new Command();\n\nprogram\n\t.name(\"dotsec\")\n\t.description(\".env, but secure\")\n\t.version(\"1.0.0\")\n\t.enablePositionalOptions()\n\t.action((_options, other: Command) => {\n\t\tother.help();\n\t});\n\nsetProgramOptions(program);\n(async () => {\n\tawait addInitCommand(program);\n\tawait addRunCommand(program);\n\tawait addDecryptCommand(program);\n\tawait addEncryptCommand(program);\n\tawait addPushProgram(program);\n\n\tprogram.parse();\n})();\n", "import {\n\tDecryptCommand,\n\tDescribeKeyCommand,\n\tEncryptCommand,\n\tKMSClient,\n} from \"@aws-sdk/client-kms\";\nimport { EncryptionEngineFactory } from \"../../types\";\nimport { handleCredentialsAndRegion } from \"./handleCredentialsAndRegion\";\n\nexport type AwsEncryptionEngineFactory = EncryptionEngineFactory<\n\t{ region?: string; kms?: { keyAlias?: string } },\n\t{ other: () => void }\n>;\n\nexport const awsEncryptionEngineFactory: AwsEncryptionEngineFactory = async (\n\toptions,\n) => {\n\tconst {\n\t\tkms: { keyAlias } = {},\n\t\tregion,\n\t} = options;\n\n\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\tawait handleCredentialsAndRegion({\n\t\t\targv: {},\n\t\t\tenv: { ...process.env },\n\t\t});\n\n\tconst kmsClient = new KMSClient({\n\t\tcredentials: credentialsAndOrigin.value,\n\t\tregion: region || regionAndOrigin.value,\n\t});\n\n\tconst describeKeyCommand = new DescribeKeyCommand({\n\t\tKeyId: keyAlias,\n\t});\n\n\tconst describeKeyResult = await kmsClient.send(describeKeyCommand);\n\tconst encryptionAlgorithm =\n\t\tdescribeKeyResult.KeyMetadata?.EncryptionAlgorithms?.[0];\n\n\tif (encryptionAlgorithm === undefined) {\n\t\tthrow new Error(\"Could not determine encryption algorithm\");\n\t}\n\n\treturn {\n\t\tasync encrypt(plaintext: string): Promise<string> {\n\t\t\tconst encryptCommand = new EncryptCommand({\n\t\t\t\tKeyId: keyAlias,\n\t\t\t\tPlaintext: Buffer.from(plaintext),\n\t\t\t\tEncryptionAlgorithm: encryptionAlgorithm,\n\t\t\t});\n\t\t\tconst encryptionResult = await kmsClient.send(encryptCommand);\n\n\t\t\tif (!encryptionResult.CiphertextBlob) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`Something bad happened: ${JSON.stringify({\n\t\t\t\t\t\tencryptCommand,\n\t\t\t\t\t})}`,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst cipherText = Buffer.from(encryptionResult.CiphertextBlob).toString(\n\t\t\t\t\"base64\",\n\t\t\t);\n\n\t\t\treturn cipherText;\n\t\t},\n\t\tasync decrypt(cipherText: string): Promise<string> {\n\t\t\tconst decryptCommand = new DecryptCommand({\n\t\t\t\tKeyId: keyAlias,\n\t\t\t\tCiphertextBlob: Buffer.from(cipherText, \"base64\"),\n\t\t\t\tEncryptionAlgorithm: encryptionAlgorithm,\n\t\t\t});\n\n\t\t\tconst decryptionResult = await kmsClient.send(decryptCommand);\n\n\t\t\tif (!decryptionResult.Plaintext) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`Something bad happened: ${JSON.stringify({\n\t\t\t\t\t\tcipherText: cipherText,\n\t\t\t\t\t\tdecryptCommand: decryptCommand,\n\t\t\t\t\t})}`,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst decryptedValue = Buffer.from(decryptionResult.Plaintext).toString();\n\n\t\t\tif (this.verbose) {\n\t\t\t\tconsole.info(`Decrypting key '${cipherText}'`);\n\t\t\t}\n\n\t\t\treturn decryptedValue;\n\t\t},\n\t\tother: () => {},\n\t};\n};\n", "import {\n\tfromEnv,\n\tfromIni,\n\tfromTemporaryCredentials,\n} from \"@aws-sdk/credential-providers\";\nimport { loadSharedConfigFiles } from \"@aws-sdk/shared-ini-file-loader\";\nimport { emphasis, strong } from \"../../utils/logger\";\n\nimport {\n\tCredentialsAndOrigin,\n\tProfileAndOrigin,\n\tRegionAndOrigin,\n} from \"./types\";\n\nexport const getCredentialsProfileRegion = async ({\n\targv,\n\tenv,\n}: {\n\targv: {\n\t\tprofile?: string;\n\t\tregion?: string;\n\t\tassumeRoleArn?: string;\n\t\tassumeRoleSessionDuration?: number;\n\t};\n\tenv: {\n\t\tAWS_PROFILE?: string;\n\t\tAWS_ACCESS_KEY_ID?: string;\n\t\tAWS_SECRET_ACCESS_KEY?: string;\n\t\tAWS_REGION?: string;\n\t\tAWS_DEFAULT_REGION?: string;\n\t\tAWS_ASSUME_ROLE_ARN?: string | undefined;\n\t\tAWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n\t\tTZ?: string;\n\t};\n}) => {\n\tconst sharedConfigFiles = await loadSharedConfigFiles();\n\tlet credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n\tlet profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n\tlet regionAndOrigin: RegionAndOrigin | undefined = undefined;\n\tif (argv.profile) {\n\t\tprofileAndOrigin = {\n\t\t\tvalue: argv.profile,\n\t\t\torigin: `command line option: ${emphasis(argv.profile)}`,\n\t\t};\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromIni({\n\t\t\t\tprofile: argv.profile,\n\t\t\t})(),\n\t\t\torigin: `${emphasis(`[${argv.profile}]`)} in credentials file`,\n\t\t};\n\t} else if (env.AWS_PROFILE) {\n\t\tprofileAndOrigin = {\n\t\t\tvalue: env.AWS_PROFILE,\n\t\t\torigin: `env variable ${emphasis(\"AWS_PROFILE\")}: ${strong(\n\t\t\t\tenv.AWS_PROFILE,\n\t\t\t)}`,\n\t\t};\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromIni({\n\t\t\t\tprofile: env.AWS_PROFILE,\n\t\t\t})(),\n\t\t\torigin: `env variable ${emphasis(\"AWS_PROFILE\")}: ${strong(\n\t\t\t\tenv.AWS_PROFILE,\n\t\t\t)}`,\n\t\t};\n\t} else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromEnv()(),\n\t\t\torigin: `env variables ${emphasis(\"AWS_ACCESS_KEY_ID\")} and ${emphasis(\n\t\t\t\t\"AWS_SECRET_ACCESS_KEY\",\n\t\t\t)}`,\n\t\t};\n\t} else if (sharedConfigFiles.credentialsFile?.default) {\n\t\tprofileAndOrigin = {\n\t\t\tvalue: \"default\",\n\t\t\torigin: `${emphasis(\"[default]\")} in credentials file`,\n\t\t};\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromIni({\n\t\t\t\tprofile: \"default\",\n\t\t\t})(),\n\t\t\torigin: `profile ${emphasis(\"[default]\")}`,\n\t\t};\n\t}\n\n\tif (argv.region) {\n\t\tregionAndOrigin = {\n\t\t\tvalue: argv.region,\n\t\t\torigin: `command line option: ${emphasis(argv.region)}`,\n\t\t};\n\t} else if (env.AWS_REGION) {\n\t\tregionAndOrigin = {\n\t\t\tvalue: env.AWS_REGION,\n\t\t\torigin: `env variable ${emphasis(\"AWS_REGION\")}: ${strong(\n\t\t\t\tenv.AWS_REGION,\n\t\t\t)}`,\n\t\t};\n\t} else if (env.AWS_DEFAULT_REGION) {\n\t\tregionAndOrigin = {\n\t\t\tvalue: env.AWS_DEFAULT_REGION,\n\t\t\torigin: `env variable ${emphasis(\"AWS_DEFAULT_REGION\")}: ${strong(\n\t\t\t\tenv.AWS_DEFAULT_REGION,\n\t\t\t)}`,\n\t\t};\n\t} else if (profileAndOrigin) {\n\t\tconst foundRegion =\n\t\t\tsharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n\t\tif (foundRegion) {\n\t\t\tregionAndOrigin = {\n\t\t\t\tvalue: foundRegion,\n\t\t\t\torigin: `${emphasis(\n\t\t\t\t\t`[profile ${profileAndOrigin.value}]`,\n\t\t\t\t)} in config file`,\n\t\t\t};\n\t\t}\n\t}\n\n\tconst assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;\n\tif (assumedRole) {\n\t\tconst origin = argv.assumeRoleArn ? \"command line option\" : \"env variable\";\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromTemporaryCredentials({\n\t\t\t\tmasterCredentials: credentialsAndOrigin?.value,\n\n\t\t\t\tparams: {\n\t\t\t\t\tDurationSeconds:\n\t\t\t\t\t\targv.assumeRoleSessionDuration ||\n\t\t\t\t\t\tNumber(env.AWS_ASSUME_ROLE_SESSION_DURATION) ||\n\t\t\t\t\t\t3600,\n\t\t\t\t\tRoleArn: assumedRole,\n\t\t\t\t},\n\n\t\t\t\tclientConfig: {\n\t\t\t\t\tregion: regionAndOrigin?.value,\n\t\t\t\t},\n\t\t\t})(),\n\t\t\torigin: `${origin} ${emphasis(`[${assumedRole}]`)}`,\n\t\t};\n\t}\n\n\treturn { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n\tcredentialsAndOrigin,\n\tregionAndOrigin,\n\tprofileAndOrigin,\n}: {\n\tcredentialsAndOrigin?: CredentialsAndOrigin;\n\tregionAndOrigin?: RegionAndOrigin;\n\tprofileAndOrigin?: ProfileAndOrigin;\n}): string => {\n\tconst out: string[] = [];\n\tif (profileAndOrigin) {\n\t\tout.push(`Got profile name from ${profileAndOrigin.origin}`);\n\t}\n\tif (credentialsAndOrigin) {\n\t\tout.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n\t}\n\tif (regionAndOrigin) {\n\t\tout.push(`Resolved region from ${regionAndOrigin.origin}`);\n\t}\n\treturn out.join(\"\\n\");\n};\n", "import chalk from \"chalk\";\nlet _logger: Pick<Console, \"info\" | \"error\" | \"table\">;\nexport const getLogger = () => {\n\tif (!_logger) {\n\t\t_logger = console;\n\t}\n\n\treturn _logger;\n};\nexport const writeLine = (str: string) => {\n\tprocess.stdout.write(str);\n};\nexport const emphasis = (str: string): string => chalk.yellowBright(str);\nexport const strong = (str: string): string => chalk.yellow.bold(str);\n\nexport const clientLogger = {\n\tdebug(content: object) {\n\t\tconsole.log(content);\n\t},\n\tinfo(content: object) {\n\t\tconsole.log(content);\n\t},\n\twarn(content: object) {\n\t\tconsole.log(content);\n\t},\n\terror(content: object) {\n\t\tconsole.error(content);\n\t},\n};\n", "import {\n\tgetCredentialsProfileRegion,\n\tprintVerboseCredentialsProfileRegion,\n} from \"./getCredentialsProfileRegion\";\n\nexport const handleCredentialsAndRegion = async ({\n\targv,\n\tenv,\n}: {\n\targv: {\n\t\tawsRegion?: string;\n\t\tawsProfile?: string;\n\t\tverbose?: boolean;\n\t\tawsAssumeRoleArn?: string;\n\t\tawsAssumeRoleSessionDuration?: number;\n\t};\n\tenv: {\n\t\tAWS_PROFILE?: string | undefined;\n\t\tAWS_ACCESS_KEY_ID?: string | undefined;\n\t\tAWS_SECRET_ACCESS_KEY?: string | undefined;\n\t\tAWS_REGION?: string | undefined;\n\t\tAWS_DEFAULT_REGION?: string | undefined;\n\t\tAWS_ASSUME_ROLE_ARN?: string | undefined;\n\t\tAWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n\t\tTZ?: string;\n\t};\n}) => {\n\tconst { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n\t\tawait getCredentialsProfileRegion({\n\t\t\targv: {\n\t\t\t\tregion: argv.awsRegion,\n\t\t\t\tprofile: argv.awsProfile,\n\t\t\t\tassumeRoleArn: argv.awsAssumeRoleArn,\n\t\t\t\tassumeRoleSessionDuration: argv.awsAssumeRoleSessionDuration,\n\t\t\t},\n\t\t\tenv: {\n\t\t\t\t...env,\n\t\t\t},\n\t\t});\n\n\tif (argv.verbose === true) {\n\t\tconsole.log(\n\t\t\tprintVerboseCredentialsProfileRegion({\n\t\t\t\tcredentialsAndOrigin,\n\t\t\t\tregionAndOrigin,\n\t\t\t\tprofileAndOrigin,\n\t\t\t}),\n\t\t);\n\t}\n\n\tif (!(credentialsAndOrigin && regionAndOrigin)) {\n\t\tif (!credentialsAndOrigin) {\n\t\t\tconsole.error(\"Could not find credentials\");\n\t\t\tthrow new Error(\"Could not find credentials\");\n\t\t}\n\t\tif (!regionAndOrigin) {\n\t\t\tconsole.error(\"Could not find region\");\n\t\t\tthrow new Error(\"Could not find region\");\n\t\t}\n\t}\n\n\treturn { credentialsAndOrigin, regionAndOrigin };\n};\n", "import fs, { stat } from \"node:fs/promises\";\nimport prompts from \"prompts\";\nimport path from \"node:path\";\n\nexport const readContentsFromFile = async (\n\tfilePath: string,\n): Promise<string> => {\n\treturn await fs.readFile(filePath, \"utf-8\");\n};\n\nexport const writeContentsToFile = async (\n\tfilePath: string,\n\tcontents: string,\n): Promise<void> => {\n\treturn await fs.writeFile(filePath, contents, \"utf-8\");\n};\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n\ttry {\n\t\tawait stat(source);\n\t\treturn true;\n\t} catch {\n\t\treturn false;\n\t}\n};\n\nexport const promptOverwriteIfFileExists = async ({\n\tfilePath,\n\tskip,\n}: {\n\tfilePath: string;\n\tskip?: boolean;\n}) => {\n\tlet overwriteResponse: prompts.Answers<\"overwrite\"> | undefined;\n\n\tif ((await fileExists(filePath)) && skip !== true) {\n\t\toverwriteResponse = await prompts({\n\t\t\ttype: \"confirm\",\n\t\t\tname: \"overwrite\",\n\t\t\tmessage: () => {\n\t\t\t\treturn `Overwrite './${path.relative(process.cwd(), filePath)}' ?`;\n\t\t\t},\n\t\t});\n\t} else {\n\t\toverwriteResponse = undefined;\n\t}\n\treturn overwriteResponse;\n};\n", "import { Command } from \"commander\";\nimport { awsEncryptionEngineFactory } from \"../../lib/aws/AwsKmsEncryptionEngine\";\nimport {\n\tpromptOverwriteIfFileExists,\n\treadContentsFromFile,\n\twriteContentsToFile,\n} from \"../../lib/io\";\nimport { EncryptionEngine, Init2CommandOptions } from \"../../types\";\n\nimport path from \"node:path\";\nimport { patchConfigFile } from \"../../lib/transformer\";\nimport { setProgramOptions } from \"../options\";\nimport { strong } from \"../../utils/logger\";\nimport {\n\tdefaultConfig,\n\tDOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS,\n} from \"../../constants\";\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n};\n\nconst addInitProgram = async (program: Command) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"init\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\tconst {\n\t\t\t\tverbose,\n\t\t\t\tconfigFile,\n\t\t\t\tenv: dotenvFilename,\n\t\t\t\tsec: dotsecFilename,\n\t\t\t\tawskeyAlias,\n\t\t\t\tawsRegion,\n\t\t\t\tyes,\n\t\t\t} = command.optsWithGlobals<Init2CommandOptions>();\n\t\t\t// get dotsec config\n\n\t\t\ttry {\n\t\t\t\tlet encryptionEngine: EncryptionEngine;\n\n\t\t\t\tencryptionEngine = await awsEncryptionEngineFactory({\n\t\t\t\t\tverbose,\n\t\t\t\t\tregion:\n\t\t\t\t\t\tawsRegion ||\n\t\t\t\t\t\tprocess.env.AWS_REGION ||\n\t\t\t\t\t\tdefaultConfig.config?.aws?.region,\n\t\t\t\t\tkms: {\n\t\t\t\t\t\tkeyAlias: awskeyAlias || defaultConfig?.config?.aws?.kms?.keyAlias,\n\t\t\t\t\t},\n\t\t\t\t});\n\n\t\t\t\t// get current dot env file\n\t\t\t\tconst dotenvString = await readContentsFromFile(dotenvFilename);\n\n\t\t\t\t// encrypt\n\t\t\t\tconst cipherText = await encryptionEngine.encrypt(dotenvString);\n\n\t\t\t\tconst dotsecOverwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotsecFilename,\n\t\t\t\t\tskip: yes,\n\t\t\t\t});\n\t\t\t\tif (\n\t\t\t\t\tdotsecOverwriteResponse === undefined ||\n\t\t\t\t\tdotsecOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(dotsecFilename, cipherText);\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`Wrote encrypted contents of ${strong(\n\t\t\t\t\t\t\tdotenvFilename,\n\t\t\t\t\t\t)} contents file to ${strong(dotsecFilename)}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst patchedConfigTemplate = patchConfigFile({\n\t\t\t\t\tconfigFile: path.resolve(\n\t\t\t\t\t\t__dirname,\n\t\t\t\t\t\t\"../src/templates/dotsec.config.ts\",\n\t\t\t\t\t),\n\t\t\t\t\tconfig: {\n\t\t\t\t\t\taws: {\n\t\t\t\t\t\t\tkms: {\n\t\t\t\t\t\t\t\tkeyAlias: awskeyAlias || DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tregion: awsRegion || process.env.AWS_REGION,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tconst dotsecConfigOverwriteResponse = await promptOverwriteIfFileExists(\n\t\t\t\t\t{\n\t\t\t\t\t\tfilePath: configFile,\n\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tif (\n\t\t\t\t\tdotsecConfigOverwriteResponse === undefined ||\n\t\t\t\t\tdotsecConfigOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(configFile, patchedConfigTemplate);\n\t\t\t\t\tconsole.log(`Wrote config file to ${strong(configFile)}`);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tcommand.error(e);\n\t\t\t}\n\t\t});\n\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addInitProgram;\n", "import * as ts from \"typescript\";\nimport fs from \"node:fs\";\n\nexport const patchConfigFile = (options: {\n\tconfigFile: string;\n\tconfig?: {\n\t\taws?: {\n\t\t\tregion?: string;\n\t\t\tkms?: {\n\t\t\t\tkeyAlias?: string;\n\t\t\t};\n\t\t};\n\t};\n}) => {\n\tconst printer: ts.Printer = ts.createPrinter();\n\tconst source = fs.readFileSync(options.configFile, \"utf8\");\n\n\tconst transformer =\n\t\t<T extends ts.Node>(context: ts.TransformationContext) =>\n\t\t(rootNode: T) => {\n\t\t\tfunction visit(node: ts.Node): ts.Node {\n\t\t\t\tnode = ts.visitEachChild(node, visit, context);\n\t\t\t\tif (node.kind === ts.SyntaxKind.StringLiteral) {\n\t\t\t\t\tconst kmsNode = node?.parent?.parent?.parent;\n\t\t\t\t\tif (options.config?.aws?.kms?.keyAlias) {\n\t\t\t\t\t\tif (kmsNode?.getChildAt(0)?.getText() === \"kms\") {\n\t\t\t\t\t\t\tconst awsNode = kmsNode?.parent?.parent;\n\t\t\t\t\t\t\tif (awsNode?.getChildAt(0).getText() === \"aws\") {\n\t\t\t\t\t\t\t\t// console.log(\n\t\t\t\t\t\t\t\t// \t\"parent is aws\",\n\t\t\t\t\t\t\t\t// \tnode.parent?.getChildAt(2).getText(),\n\t\t\t\t\t\t\t\t// );\n\t\t\t\t\t\t\t\treturn ts.createStringLiteral(\n\t\t\t\t\t\t\t\t\toptions.config?.aws?.kms?.keyAlias,\n\t\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif (options.config?.aws?.region) {\n\t\t\t\t\t\tif (node?.parent?.getChildAt(0)?.getText() === \"region\") {\n\t\t\t\t\t\t\tconst awsNode = node?.parent?.parent?.parent;\n\n\t\t\t\t\t\t\t// const awsNode = kmsNode?.parent?.parent;\n\t\t\t\t\t\t\tif (awsNode?.getChildAt(0).getText() === \"aws\") {\n\t\t\t\t\t\t\t\treturn ts.createStringLiteral(options.config?.aws?.region);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\treturn node;\n\t\t\t}\n\t\t\treturn ts.visitNode(rootNode, visit);\n\t\t};\n\n\tconst sourceFile: ts.SourceFile = ts.createSourceFile(\n\t\t\"test.ts\",\n\t\tsource,\n\t\tts.ScriptTarget.ES2015,\n\t\ttrue,\n\t\tts.ScriptKind.TS,\n\t);\n\n\t// Options may be passed to transform\n\tconst result: ts.TransformationResult<ts.SourceFile> =\n\t\tts.transform<ts.SourceFile>(sourceFile, [transformer]);\n\n\tconst transformedSourceFile: ts.SourceFile = result.transformed[0];\n\n\tconst transformedSource = printer.printFile(transformedSourceFile);\n\tresult.dispose();\n\n\treturn transformedSource;\n};\n", "import { DotsecConfig } from \"./types\";\n\nexport const DOTSEC_DEFAULT_CONFIG_FILE = \"dotsec.config.ts\";\nexport const DOTSEC_CONFIG_FILES = [DOTSEC_DEFAULT_CONFIG_FILE];\nexport const DOTSEC_DEFAULT_DOTSEC_FILENAME = \".sec\";\nexport const DOTSEC_DEFAULT_DOTENV_FILENAME = \".env\";\nexport const DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS = \"alias/dotsec\";\nexport const DOTSEC_DEFAULT_AWS_SSM_PARAMETER_TYPE = \"SecureString\";\n\nexport const defaultConfig: DotsecConfig = {\n\tconfig: {\n\t\taws: {\n\t\t\tkms: {\n\t\t\t\tkeyAlias: DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS,\n\t\t\t},\n\t\t\tssm: {\n\t\t\t\tparameterType: DOTSEC_DEFAULT_AWS_SSM_PARAMETER_TYPE,\n\t\t\t},\n\t\t},\n\t},\n};\n", "import { Command } from \"commander\";\nimport {\n\tDOTSEC_DEFAULT_CONFIG_FILE,\n\tDOTSEC_DEFAULT_DOTENV_FILENAME,\n\tDOTSEC_DEFAULT_DOTSEC_FILENAME,\n} from \"../constants\";\n\ntype Options = {\n\t[optionName: string]:\n\t\t| [string, string]\n\t\t| [string, string, string | boolean | string[]];\n};\n\ntype CommandOptions = {\n\t[commandName: string]: {\n\t\tinheritsFrom?: string[];\n\t\toptions?: Options;\n\t\trequiredOptions?: Options;\n\t};\n};\nexport const commandOptions: CommandOptions = {\n\tdotsec: {\n\t\toptions: {\n\t\t\tverbose: [\"--verbose\", \"Verbose output\", false],\n\t\t\tconfigFile: [\n\t\t\t\t\"-c, --config-file, --configFile <configFile>\",\n\t\t\t\t\"Config file\",\n\t\t\t\tDOTSEC_DEFAULT_CONFIG_FILE,\n\t\t\t],\n\t\t},\n\t},\n\tinit: {\n\t\toptions: {\n\t\t\tverbose: [\"--verbose\", \"Verbose output\", false],\n\t\t\tconfigFile: [\n\t\t\t\t\"-c, --config-file, --configFile <configFile>\",\n\t\t\t\t\"Config file\",\n\t\t\t\tDOTSEC_DEFAULT_CONFIG_FILE,\n\t\t\t],\n\n\t\t\tenv: [\"--env\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t\tawsKeyAlias: [\n\t\t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t\t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t\t\t\t\"alias/dotsec\",\n\t\t\t],\n\t\t\tawsRegion: [\n\t\t\t\t\"--aws-region <awsRegion>\",\n\t\t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t\t\t],\n\t\t},\n\t},\n\tdecrypt: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t\tawsKeyAlias: [\n\t\t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t\t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t\t\t\t\"alias/dotsec\",\n\t\t\t],\n\t\t\tawsRegion: [\n\t\t\t\t\"--aws-region <awsRegion>\",\n\t\t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t\t\t],\n\t\t},\n\t},\n\tencrypt: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t\tawsKeyAlias: [\n\t\t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t\t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t\t\t\t\"alias/dotsec\",\n\t\t\t],\n\t\t\tawsRegion: [\n\t\t\t\t\"--aws-region <awsRegion>\",\n\t\t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t\t\t],\n\t\t},\n\t},\n\n\trun: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\"],\n\t\t\tsec: [\"--sec [sec]\", \"Path to .sec file\"],\n\t\t\tawsKeyAlias: [\n\t\t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t\t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t\t\t\t\"alias/dotsec\",\n\t\t\t],\n\t\t\tawsRegion: [\n\t\t\t\t\"--aws-region <awsRegion>\",\n\t\t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t\t\t],\n\t\t},\n\t},\n\tpush: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\ttoAwsSsm: [\"--to-aws-ssm, --toAwsSsm\", \"Push to AWS SSM\"],\n\t\t\ttoAwsSecretsManager: [\n\t\t\t\t\"--to-aws-secrets-manager, --toAwsSecretsManager\",\n\t\t\t\t\"Push to AWS Secrets Manager\",\n\t\t\t],\n\n\t\t\t// toGitHubSecrets: [\n\t\t\t// \t\"--to-github-secrets, --toGitHubSecrets <toGitHubSecrets>\",\n\t\t\t// \t\"Push to GitHub Secrets\",\n\t\t\t// ],\n\n\t\t\tenv: [\"--env [env]\", \"Path to .env file\"],\n\t\t\tsec: [\"--sec [sec]\", \"Path to .sec file\"],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t\tawsKeyAlias: [\n\t\t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t\t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t\t\t\t\"alias/dotsec\",\n\t\t\t],\n\t\t\tawsRegion: [\n\t\t\t\t\"--aws-region <awsRegion>\",\n\t\t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t\t\t],\n\t\t},\n\t},\n};\n\nconst getInheritedOptions = (\n\tcopts: CommandOptions,\n\tcommandName: string,\n\tresult: { options?: Options; requiredOptions?: Options } = {},\n): { options?: Options; requiredOptions?: Options } | undefined => {\n\tconst command = copts[commandName];\n\tif (command) {\n\t\tif (command.inheritsFrom) {\n\t\t\treturn command?.inheritsFrom.reduce(\n\t\t\t\t(acc, inheritedCommandName) => {\n\t\t\t\t\tconst r = getInheritedOptions(copts, inheritedCommandName, acc);\n\t\t\t\t\treturn { ...r };\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\toptions: { ...result.options, ...command.options },\n\t\t\t\t\trequiredOptions: {\n\t\t\t\t\t\t...result.requiredOptions,\n\t\t\t\t\t\t...command.requiredOptions,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t} else {\n\t\t\treturn {\n\t\t\t\toptions: { ...result.options, ...command.options },\n\t\t\t\trequiredOptions: {\n\t\t\t\t\t...result.requiredOptions,\n\t\t\t\t\t...command.requiredOptions,\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n};\n\nexport const setProgramOptions = (program: Command, commandName?: string) => {\n\tconst programOptions = getInheritedOptions(\n\t\tcommandOptions,\n\t\tcommandName || program.name(),\n\t);\n\n\tif (programOptions?.options) {\n\t\tObject.values(programOptions.options).forEach(\n\t\t\t([option, description, defaultValue]) => {\n\t\t\t\tprogram.option(option, description, defaultValue);\n\t\t\t},\n\t\t);\n\t}\n\tif (programOptions?.requiredOptions) {\n\t\tObject.values(programOptions.requiredOptions).forEach(\n\t\t\t([option, description, defaultValue]) => {\n\t\t\t\tprogram.requiredOption(option, description, defaultValue);\n\t\t\t},\n\t\t);\n\t}\n};\n", "import fs from \"node:fs\";\n\nimport { Command } from \"commander\";\nimport spawn from \"cross-spawn\";\nimport { parse } from \"dotenv\";\n\nimport { DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS } from \"../../constants\";\nimport { awsEncryptionEngineFactory } from \"../../lib/aws/AwsKmsEncryptionEngine\";\nimport { RunCommandOptions } from \"../../types\";\nimport { setProgramOptions } from \"../options\";\nimport { getConfig } from \"../../lib/config\";\nconst addRunProgam = (program: Command) => {\n\tconst subProgram = program\n\t\t.command(\"run <command...>\")\n\t\t.allowUnknownOption()\n\t\t.description(\n\t\t\t\"Run a command in a separate process and populate env with decrypted .env or encrypted .sec values\",\n\t\t)\n\t\t.action(\n\t\t\tasync (\n\t\t\t\tcommands: string[],\n\t\t\t\t_options: Record<string, string>,\n\t\t\t\tcommand: Command,\n\t\t\t) => {\n\t\t\t\tconst {\n\t\t\t\t\tconfigFile,\n\t\t\t\t\tenv: dotenv,\n\t\t\t\t\tsec: dotsec,\n\t\t\t\t\tkeyAlias,\n\t\t\t\t\tregion,\n\t\t\t\t} = command.optsWithGlobals<RunCommandOptions>();\n\n\t\t\t\tconst {\n\t\t\t\t\tcontents: { config } = {},\n\t\t\t\t} = await getConfig(configFile);\n\n\t\t\t\tconst encryptionPlugin = await awsEncryptionEngineFactory({\n\t\t\t\t\tverbose: true,\n\t\t\t\t\tkms: {\n\t\t\t\t\t\tkeyAlias:\n\t\t\t\t\t\t\tkeyAlias ||\n\t\t\t\t\t\t\tconfig?.aws?.kms?.keyAlias ||\n\t\t\t\t\t\t\tDOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS,\n\t\t\t\t\t},\n\t\t\t\t\tregion: region || config?.aws?.region,\n\t\t\t\t});\n\n\t\t\t\tlet envContents: string | undefined;\n\n\t\t\t\tif (dotenv) {\n\t\t\t\t\tenvContents = fs.readFileSync(dotenv, \"utf8\");\n\t\t\t\t} else if (dotsec) {\n\t\t\t\t\tconst dotSecContents = fs.readFileSync(dotsec, \"utf8\");\n\t\t\t\t\tenvContents = await encryptionPlugin.decrypt(dotSecContents);\n\t\t\t\t} else {\n\t\t\t\t\tthrow new Error('Must provide either \"--env\" or \"--sec\"');\n\t\t\t\t}\n\t\t\t\tif (envContents) {\n\t\t\t\t\tconst dotenvVars = parse(envContents);\n\t\t\t\t\tconst [userCommand, ...userCommandArgs] = commands;\n\t\t\t\t\tspawn(userCommand, [...userCommandArgs], {\n\t\t\t\t\t\tstdio: \"inherit\",\n\t\t\t\t\t\tshell: false,\n\t\t\t\t\t\tenv: {\n\t\t\t\t\t\t\t...process.env,\n\t\t\t\t\t\t\t...dotenvVars,\n\t\t\t\t\t\t\t__DOTSEC_ENV__: JSON.stringify(Object.keys(dotenvVars)),\n\t\t\t\t\t\t},\n\t\t\t\t\t});\n\n\t\t\t\t\tcommand.help();\n\t\t\t\t} else {\n\t\t\t\t\tthrow new Error(\"No .env or .sec file provided\");\n\t\t\t\t}\n\t\t\t},\n\t\t);\n\n\tsetProgramOptions(subProgram, \"run\");\n\n\treturn subProgram;\n};\n\nexport default addRunProgam;\n", "import path from \"node:path\";\n\nimport { bundleRequire } from \"bundle-require\";\nimport JoyCon from \"joycon\";\n\nimport { loadJson } from \"../json\";\nimport { DotsecConfig, DotsecConfigAndSource } from \"../../types\";\nimport { defaultConfig, DOTSEC_CONFIG_FILES } from \"../../constants\";\n\nexport const getConfig = async (\n\tfilename?: string,\n): Promise<DotsecConfigAndSource> => {\n\tconst cwd = process.cwd();\n\tconst configJoycon = new JoyCon();\n\tconst configPath = await configJoycon.resolve({\n\t\tfiles: filename ? [filename] : [...DOTSEC_CONFIG_FILES, \"package.json\"],\n\t\tcwd,\n\t\tstopDir: path.parse(cwd).root,\n\t\tpackageKey: \"dotsec\",\n\t});\n\tif (filename && configPath === null) {\n\t\tthrow new Error(`Could not find config file ${filename}`);\n\t}\n\tif (configPath) {\n\t\tif (configPath.endsWith(\".json\")) {\n\t\t\tconst rawData = (await loadJson(configPath)) as Partial<DotsecConfig>;\n\n\t\t\tlet data: Partial<DotsecConfig>;\n\n\t\t\tif (\n\t\t\t\tconfigPath.endsWith(\"package.json\") &&\n\t\t\t\t(rawData as { dotsec: Partial<DotsecConfig> }).dotsec !== undefined\n\t\t\t) {\n\t\t\t\tdata = (rawData as { dotsec: Partial<DotsecConfig> }).dotsec;\n\t\t\t} else {\n\t\t\t\tdata = rawData as Partial<DotsecConfig>;\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tsource: \"json\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tconfig: {\n\t\t\t\t\t\t...data?.config,\n\t\t\t\t\t\t...defaultConfig.config,\n\t\t\t\t\t\taws: {\n\t\t\t\t\t\t\t...data?.config?.aws,\n\t\t\t\t\t\t\t...defaultConfig?.config?.aws,\n\t\t\t\t\t\t\tkms: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.kms,\n\t\t\t\t\t\t\t\t...data.config?.aws?.kms,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tssm: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.ssm,\n\t\t\t\t\t\t\t\t...data.config?.aws?.ssm,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tsecretsManager: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.secretsManager,\n\t\t\t\t\t\t\t\t...data.config?.aws?.secretsManager,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t} else if (configPath.endsWith(\".ts\")) {\n\t\t\tconst bundleRequireResult = await bundleRequire({\n\t\t\t\tfilepath: configPath,\n\t\t\t});\n\t\t\tconst data = (bundleRequireResult.mod.dotsec ||\n\t\t\t\tbundleRequireResult.mod.default ||\n\t\t\t\tbundleRequireResult.mod) as Partial<DotsecConfig>;\n\n\t\t\treturn {\n\t\t\t\tsource: \"ts\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tconfig: {\n\t\t\t\t\t\t...data?.config,\n\t\t\t\t\t\t...defaultConfig.config,\n\t\t\t\t\t\taws: {\n\t\t\t\t\t\t\t...data?.config?.aws,\n\t\t\t\t\t\t\t...defaultConfig?.config?.aws,\n\t\t\t\t\t\t\tkms: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.kms,\n\t\t\t\t\t\t\t\t...data.config?.aws?.kms,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tssm: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.ssm,\n\t\t\t\t\t\t\t\t...data.config?.aws?.ssm,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tsecretsManager: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.secretsManager,\n\t\t\t\t\t\t\t\t...data.config?.aws?.secretsManager,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n\n\treturn { source: \"defaultConfig\", contents: defaultConfig };\n};\n", "import fs from \"fs\";\nimport path from \"node:path\";\n\nexport function jsoncParse(data: string) {\n\ttry {\n\t\treturn new Function(`return ${data.trim()}`)();\n\t} catch {\n\t\t// Silently ignore any error\n\t\t// That's what tsc/jsonc-parser did after all\n\t\treturn {};\n\t}\n}\n\nexport const loadJson = async (filepath: string) => {\n\ttry {\n\t\treturn jsoncParse(await fs.promises.readFile(filepath, \"utf8\"));\n\t} catch (error) {\n\t\tif (error instanceof Error) {\n\t\t\tthrow new Error(\n\t\t\t\t`Failed to parse ${path.relative(process.cwd(), filepath)}: ${\n\t\t\t\t\terror.message\n\t\t\t\t}`,\n\t\t\t);\n\t\t} else {\n\t\t\tthrow error;\n\t\t}\n\t}\n};\n", "import { Command } from \"commander\";\nimport { awsEncryptionEngineFactory } from \"../../lib/aws/AwsKmsEncryptionEngine\";\nimport {\n\tpromptOverwriteIfFileExists,\n\treadContentsFromFile,\n\twriteContentsToFile,\n} from \"../../lib/io\";\nimport { EncryptionEngine, Init2CommandOptions } from \"../../types\";\n\nimport { getConfig } from \"../../lib/config\";\nimport { setProgramOptions } from \"../options\";\nimport { strong } from \"../../utils/logger\";\n\nconst addDecryptProgram = async (program: Command) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"decrypt\")\n\t\t.action(async (_options, command: Command) => {\n\t\t\tconst {\n\t\t\t\tconfigFile,\n\t\t\t\tverbose,\n\t\t\t\tenv: dotenvFilename,\n\t\t\t\tsec: dotsecFilename,\n\t\t\t\tawskeyAlias,\n\t\t\t\tawsRegion,\n\t\t\t\tyes,\n\t\t\t} = command.optsWithGlobals<Init2CommandOptions>();\n\n\t\t\t// get dotsec config\n\t\t\tconst { contents: dotsecConfig } = await getConfig(configFile);\n\t\t\ttry {\n\t\t\t\tlet encryptionEngine: EncryptionEngine;\n\n\t\t\t\tencryptionEngine = await awsEncryptionEngineFactory({\n\t\t\t\t\tverbose,\n\t\t\t\t\tregion:\n\t\t\t\t\t\tawsRegion ||\n\t\t\t\t\t\tprocess.env.AWS_REGION ||\n\t\t\t\t\t\tdotsecConfig.config?.aws?.region,\n\t\t\t\t\tkms: {\n\t\t\t\t\t\tkeyAlias: awskeyAlias || dotsecConfig?.config?.aws?.kms?.keyAlias,\n\t\t\t\t\t},\n\t\t\t\t});\n\n\t\t\t\t// get current dot env file\n\t\t\t\tconst dotsecString = await readContentsFromFile(dotsecFilename);\n\n\t\t\t\t// encrypt\n\t\t\t\tconst plaintext = await encryptionEngine.decrypt(dotsecString);\n\n\t\t\t\tconst dotenvOverwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotenvFilename,\n\t\t\t\t\tskip: yes,\n\t\t\t\t});\n\t\t\t\tif (\n\t\t\t\t\tdotenvOverwriteResponse === undefined ||\n\t\t\t\t\tdotenvOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(dotenvFilename, plaintext);\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`Wrote plaintext contents of ${strong(\n\t\t\t\t\t\t\tdotsecFilename,\n\t\t\t\t\t\t)} file to ${strong(dotenvFilename)}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tcommand.error(e);\n\t\t\t}\n\t\t});\n\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addDecryptProgram;\n", "import { Command } from \"commander\";\nimport { awsEncryptionEngineFactory } from \"../../lib/aws/AwsKmsEncryptionEngine\";\nimport {\n\tpromptOverwriteIfFileExists,\n\treadContentsFromFile,\n\twriteContentsToFile,\n} from \"../../lib/io\";\nimport { EncryptionEngine, Init2CommandOptions } from \"../../types\";\n\nimport { getConfig } from \"../../lib/config\";\nimport { setProgramOptions } from \"../options\";\nimport { strong } from \"../../utils/logger\";\n\nconst addEncryptProgram = async (program: Command) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"encrypt\")\n\t\t.action(async (_options, command: Command) => {\n\t\t\tconst {\n\t\t\t\tverbose,\n\t\t\t\tconfigFile,\n\t\t\t\tenv: dotenvFilename,\n\t\t\t\tsec: dotsecFilename,\n\t\t\t\tawskeyAlias,\n\t\t\t\tawsRegion,\n\t\t\t\tyes,\n\t\t\t} = command.optsWithGlobals<Init2CommandOptions>();\n\n\t\t\t// get dotsec config\n\t\t\tconst { contents: dotsecConfig } = await getConfig(configFile);\n\t\t\ttry {\n\t\t\t\tlet encryptionEngine: EncryptionEngine;\n\n\t\t\t\tencryptionEngine = await awsEncryptionEngineFactory({\n\t\t\t\t\tverbose,\n\t\t\t\t\tregion:\n\t\t\t\t\t\tawsRegion ||\n\t\t\t\t\t\tprocess.env.AWS_REGION ||\n\t\t\t\t\t\tdotsecConfig.config?.aws?.region,\n\t\t\t\t\tkms: {\n\t\t\t\t\t\tkeyAlias: awskeyAlias || dotsecConfig?.config?.aws?.kms?.keyAlias,\n\t\t\t\t\t},\n\t\t\t\t});\n\n\t\t\t\t// get current dot env file\n\t\t\t\tconst dotenvString = await readContentsFromFile(dotenvFilename);\n\n\t\t\t\t// encrypt\n\t\t\t\tconst cipherText = await encryptionEngine.encrypt(dotenvString);\n\n\t\t\t\tconst dotsecOverwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotsecFilename,\n\t\t\t\t\tskip: yes,\n\t\t\t\t});\n\t\t\t\tif (\n\t\t\t\t\tdotsecOverwriteResponse === undefined ||\n\t\t\t\t\tdotsecOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(dotsecFilename, cipherText);\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`Wrote encrypted contents of ${strong(\n\t\t\t\t\t\t\tdotenvFilename,\n\t\t\t\t\t\t)} file to ${strong(dotsecFilename)}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tcommand.error(e);\n\t\t\t}\n\t\t});\n\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addEncryptProgram;\n", "import { PutParameterRequest } from \"@aws-sdk/client-ssm\";\n\n// utility types\nexport type DeepPartial<T> = T extends object\n\t? {\n\t\t\t[P in keyof T]?: DeepPartial<T[P]>;\n\t }\n\t: T;\n\nexport type EncryptionEngineFactoryProps = { verbose?: boolean };\nexport type EncryptionEngine<T = {}> = {\n\tencrypt(plaintext: string): Promise<string>;\n\tdecrypt(ciphertext: string): Promise<string>;\n} & T;\n\nexport type EncryptionEngineFactory<\n\tT = {},\n\tV extends Record<string, unknown> = {},\n> = {\n\t(options: EncryptionEngineFactoryProps & T): Promise<EncryptionEngine<V>>;\n};\n\nexport abstract class EncryptionPlugin {\n\tprotected verbose: boolean | undefined;\n\tconstructor(options: EncryptionEngineFactoryProps) {\n\t\tthis.verbose = options?.verbose;\n\t}\n\tabstract encrypt(plaintext: string): Promise<string>;\n\tabstract decrypt(ciphertext: string): Promise<string>;\n}\n\nexport type DotsecConfig = {\n\tconfig?: {\n\t\taws?: {\n\t\t\tregion?: string;\n\t\t\tkms?: {\n\t\t\t\tkeyAlias?: string;\n\t\t\t\tencryptionAlgorithm?:\n\t\t\t\t\t| \"RSAES_OAEP_SHA_1\"\n\t\t\t\t\t| \"RSAES_OAEP_SHA_256\"\n\t\t\t\t\t| \"SYMMETRIC_DEFAULT\";\n\t\t\t};\n\t\t\tssm?: {\n\t\t\t\tpathPrefix?: string;\n\t\t\t\tparameterType?: \"String\" | \"SecureString\";\n\t\t\t};\n\t\t\tsecretsManager?: {\n\t\t\t\tpathPrefix?: string;\n\t\t\t};\n\t\t};\n\t};\n\tvariables?: {\n\t\t[key: string]: {\n\t\t\tpush?: {\n\t\t\t\taws?: {\n\t\t\t\t\tssm?:\n\t\t\t\t\t\t| boolean\n\t\t\t\t\t\t| (Omit<PutParameterRequest, \"Name\" | \"Value\"> & { Name?: string });\n\t\t\t\t\tsecretsManager?: boolean;\n\t\t\t\t};\n\t\t\t\t// githubSecrets?: boolean;\n\t\t\t};\n\t\t};\n\t};\n};\n\n// Dotsec config file\nexport type DotsecConfigAndSource = {\n\tsource: \"json\" | \"ts\" | \"defaultConfig\";\n\tcontents: DotsecConfig;\n};\n\n// CLI types\nexport type GlobalCommandOptions = {\n\tconfigFile: string;\n\tverbose: false;\n};\n\nexport type Init2CommandOptions = {\n\tconfigFile: string;\n\tverbose: false;\n\tenv: string;\n\tsec: string;\n\tyes: boolean;\n\tawskeyAlias: string;\n\tawsRegion?: string;\n\tperformInit: (encryptionEngine: EncryptionEngine) => Promise<void>;\n};\n\nexport type RunCommandOptions = GlobalCommandOptions & {\n\tenv?: string;\n\tsec?: string;\n\tkeyAlias?: string;\n\tregion?: string;\n};\n\nexport type PushCommandOptions = {\n\tconfigFile: string;\n\tverbose: false;\n\tenv: string | boolean;\n\tsec: string | boolean;\n\tyes: boolean;\n\tawskeyAlias: string;\n\tawsRegion?: string;\n\ttoAwsSsm?: boolean;\n\ttoAwsSecretsManager?: boolean;\n};\n\nexport const isString = (value: unknown): value is string => {\n\treturn typeof value === \"string\";\n};\n\nexport const isNumber = (value: unknown): value is number => {\n\treturn typeof value === \"number\";\n};\nexport const isBoolean = (value: unknown): value is boolean => {\n\treturn typeof value === \"boolean\";\n};\n", "import { Command } from \"commander\";\nimport { awsEncryptionEngineFactory } from \"../../lib/aws/AwsKmsEncryptionEngine\";\nimport { EncryptionEngine, isBoolean, PushCommandOptions } from \"../../types\";\nimport fs from \"node:fs\";\n\nimport { getConfig } from \"../../lib/config\";\nimport { setProgramOptions } from \"../options\";\nimport {\n\tDOTSEC_DEFAULT_DOTENV_FILENAME,\n\tDOTSEC_DEFAULT_DOTSEC_FILENAME,\n} from \"../../constants\";\nimport { parse } from \"dotenv\";\nimport { PutParameterRequest } from \"@aws-sdk/client-ssm\";\nimport { strong } from \"../../utils/logger\";\nimport { promptConfirm } from \"../../utils/prompts\";\nimport { AwsSsm } from \"../../lib/aws/AwsSsm\";\nimport { AwsSecretsManager } from \"../../lib/aws/AwsSecretsManager\";\nimport { CreateSecretRequest } from \"@aws-sdk/client-secrets-manager\";\n\nconst addPushProgram = async (program: Command) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"push\")\n\t\t.action(async (_options, command: Command) => {\n\t\t\tconst {\n\t\t\t\tconfigFile,\n\t\t\t\tverbose,\n\t\t\t\tenv,\n\t\t\t\tsec,\n\t\t\t\tawskeyAlias,\n\t\t\t\tawsRegion,\n\t\t\t\tyes,\n\t\t\t\ttoAwsSsm,\n\t\t\t\ttoAwsSecretsManager,\n\t\t\t} = command.optsWithGlobals<PushCommandOptions>();\n\n\t\t\tif (!(toAwsSsm || toAwsSecretsManager)) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t\"You must specify at least one of --to-aws-ssm or --to-aws-secrets-manager\",\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst { contents: dotsecConfig } = await getConfig(configFile);\n\n\t\t\tlet encryptionEngine: EncryptionEngine;\n\t\t\tlet envContents: string | undefined;\n\t\t\tencryptionEngine = await awsEncryptionEngineFactory({\n\t\t\t\tverbose,\n\t\t\t\tregion:\n\t\t\t\t\tawsRegion ||\n\t\t\t\t\tprocess.env.AWS_REGION ||\n\t\t\t\t\tdotsecConfig.config?.aws?.region,\n\t\t\t\tkms: {\n\t\t\t\t\tkeyAlias: awskeyAlias || dotsecConfig?.config?.aws?.kms?.keyAlias,\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (env) {\n\t\t\t\tconst dotenvFilename = isBoolean(env)\n\t\t\t\t\t? DOTSEC_DEFAULT_DOTENV_FILENAME\n\t\t\t\t\t: env;\n\t\t\t\tenvContents = fs.readFileSync(dotenvFilename, \"utf8\");\n\t\t\t} else if (sec) {\n\t\t\t\tconst dotsecFilename = isBoolean(sec)\n\t\t\t\t\t? DOTSEC_DEFAULT_DOTSEC_FILENAME\n\t\t\t\t\t: sec;\n\t\t\t\tconst dotSecContents = fs.readFileSync(dotsecFilename, \"utf8\");\n\t\t\t\tenvContents = await encryptionEngine.decrypt(dotSecContents);\n\t\t\t} else {\n\t\t\t\tthrow new Error('Must provide either \"--env\" or \"--sec\"');\n\t\t\t}\n\n\t\t\tconst envObject = parse(envContents);\n\n\t\t\t// get dotsec config\n\t\t\ttry {\n\t\t\t\tif (toAwsSsm) {\n\t\t\t\t\tconst ssmDefaults = dotsecConfig?.config?.aws?.ssm;\n\t\t\t\t\tconst ssmType = ssmDefaults?.parameterType || \"SecureString\";\n\n\t\t\t\t\tconst pathPrefix = ssmDefaults?.pathPrefix || \"\";\n\t\t\t\t\tconst putParameterRequests = Object.entries(envObject).reduce<\n\t\t\t\t\t\tPutParameterRequest[]\n\t\t\t\t\t>((acc, [key, value]) => {\n\t\t\t\t\t\tif (dotsecConfig.variables?.[key]) {\n\t\t\t\t\t\t\tconst entry = dotsecConfig.variables?.[key];\n\t\t\t\t\t\t\tif (entry) {\n\t\t\t\t\t\t\t\tconst keyName = `${pathPrefix}${key}`;\n\t\t\t\t\t\t\t\tif (entry.push?.aws?.ssm) {\n\t\t\t\t\t\t\t\t\tconst putParameterRequest: PutParameterRequest = isBoolean(\n\t\t\t\t\t\t\t\t\t\tentry.push.aws.ssm,\n\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t\t\t\t\t\t\t\t\tValue: value,\n\t\t\t\t\t\t\t\t\t\t\t\tType: ssmType,\n\t\t\t\t\t\t\t\t\t\t }\n\t\t\t\t\t\t\t\t\t\t: {\n\t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t\t\t\t\t\t\t\t\tType: ssmType,\n\t\t\t\t\t\t\t\t\t\t\t\t...entry.push.aws.ssm,\n\t\t\t\t\t\t\t\t\t\t\t\tValue: value,\n\t\t\t\t\t\t\t\t\t\t };\n\n\t\t\t\t\t\t\t\t\tacc.push(putParameterRequest);\n\t\t\t\t\t\t\t\t\t// return putParameterRequest;\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\treturn acc;\n\t\t\t\t\t}, []);\n\n\t\t\t\t\tconst { confirm } = await promptConfirm({\n\t\t\t\t\t\tmessage: `Are you sure you want to push the following variables to AWS SSM Parameter Store?\n${putParameterRequests\n\t.map(({ Name }) => `- ${strong(Name || \"[no name]\")}`)\n\t.join(\"\\n\")}`,\n\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t});\n\n\t\t\t\t\tif (confirm === true) {\n\t\t\t\t\t\tconsole.log(\"pushing to AWS SSM Parameter Store\");\n\t\t\t\t\t\tconst meh = await AwsSsm({\n\t\t\t\t\t\t\tregion: awsRegion || dotsecConfig?.config?.aws?.region,\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tawait meh.put(putParameterRequests);\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t// secrets manager\n\t\t\t\tif (toAwsSecretsManager) {\n\t\t\t\t\t// create secretss\n\t\t\t\t\tconst secretsManagerDefaults =\n\t\t\t\t\t\tdotsecConfig?.config?.aws?.secretsManager;\n\t\t\t\t\tconst pathPrefix = secretsManagerDefaults?.pathPrefix || \"\";\n\t\t\t\t\tconst awsSecretsMananger = await AwsSecretsManager({\n\t\t\t\t\t\tregion:\n\t\t\t\t\t\t\tawsRegion ||\n\t\t\t\t\t\t\tprocess.env.AWS_REGION ||\n\t\t\t\t\t\t\tdotsecConfig.config?.aws?.region,\n\t\t\t\t\t});\n\n\t\t\t\t\tconst createSecretRequests = Object.entries(envObject).reduce<\n\t\t\t\t\t\tCreateSecretRequest[]\n\t\t\t\t\t>((acc, [key, value]) => {\n\t\t\t\t\t\tif (dotsecConfig.variables?.[key]) {\n\t\t\t\t\t\t\tconst entry = dotsecConfig.variables?.[key];\n\t\t\t\t\t\t\tif (entry) {\n\t\t\t\t\t\t\t\tconst keyName = `${pathPrefix}${key}`;\n\t\t\t\t\t\t\t\tif (entry.push?.aws?.ssm) {\n\t\t\t\t\t\t\t\t\tconst createSecretRequest: CreateSecretRequest = isBoolean(\n\t\t\t\t\t\t\t\t\t\tentry.push.aws.ssm,\n\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t\t\t\t\t\t\t\t\tSecretString: value,\n\t\t\t\t\t\t\t\t\t\t }\n\t\t\t\t\t\t\t\t\t\t: {\n\t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t\t\t\t\t\t\t\t\t...entry.push.aws.ssm,\n\t\t\t\t\t\t\t\t\t\t\t\tSecretString: value,\n\t\t\t\t\t\t\t\t\t\t };\n\n\t\t\t\t\t\t\t\t\tacc.push(createSecretRequest);\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\treturn acc;\n\t\t\t\t\t}, []);\n\t\t\t\t\tconst { push, updateSecretCommands, createSecretCommands } =\n\t\t\t\t\t\tawait awsSecretsMananger.push(createSecretRequests);\n\t\t\t\t\tconst confirmations: boolean[] = [];\n\t\t\t\t\tif (updateSecretCommands.length > 0) {\n\t\t\t\t\t\tconst { confirm: confirmUpdate } = await promptConfirm({\n\t\t\t\t\t\t\tmessage: `Are you sure you want to update the following variables to AWS SSM Secrets Manager?\n${updateSecretCommands\n\t.map(({ input: { SecretId } }) => `- ${strong(SecretId || \"[no name]\")}`)\n\t.join(\"\\n\")}`,\n\t\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tconfirmations.push(confirmUpdate);\n\t\t\t\t\t}\n\n\t\t\t\t\tif (createSecretCommands.length > 0) {\n\t\t\t\t\t\tconst { confirm: confirmCreate } = await promptConfirm({\n\t\t\t\t\t\t\tmessage: `Are you sure you want to create the following variables to AWS SSM Secrets Manager?\n${createSecretCommands\n\t.map(({ input: { Name } }) => `- ${strong(Name || \"[no name]\")}`)\n\t.join(\"\\n\")}`,\n\t\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tconfirmations.push(confirmCreate);\n\t\t\t\t\t}\n\n\t\t\t\t\tif (!confirmations.find((c) => c === false)) {\n\t\t\t\t\t\tconsole.log(\"pushing to AWS Secrets Manager\");\n\n\t\t\t\t\t\tawait push();\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tcommand.error(e);\n\t\t\t}\n\t\t});\n\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addPushProgram;\n", "import prompts from \"prompts\";\nexport const promptConfirm = async ({\n\tpredicate,\n\tskip,\n\tmessage,\n}: {\n\tpredicate?: (...args: unknown[]) => Promise<boolean> | boolean;\n\tskip?: boolean;\n\tmessage: string;\n}): Promise<{ confirm: boolean }> => {\n\tif (skip === true) {\n\t\treturn { confirm: true };\n\t} else {\n\t\tconst result = predicate ? await predicate() : true;\n\t\tif (result) {\n\t\t\treturn await prompts({\n\t\t\t\ttype: \"confirm\",\n\t\t\t\tname: \"confirm\",\n\t\t\t\tmessage: () => {\n\t\t\t\t\treturn message;\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t}\n\treturn { confirm: true };\n};\n", "import {\n\tPutParameterCommand,\n\tPutParameterRequest,\n\tSSMClient,\n} from \"@aws-sdk/client-ssm\";\nimport { handleCredentialsAndRegion } from \"./handleCredentialsAndRegion\";\n\nexport const AwsSsm = async (options?: {\n\tregion?: string;\n}) => {\n\tconst { region } = options || {};\n\n\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\tawait handleCredentialsAndRegion({\n\t\t\targv: {},\n\t\t\tenv: { ...process.env },\n\t\t});\n\n\tconst ssmClient = new SSMClient({\n\t\tcredentials: credentialsAndOrigin.value,\n\t\tregion: region || regionAndOrigin.value,\n\t});\n\n\treturn {\n\t\tasync put(putParameterRequests: PutParameterRequest[]): Promise<void> {\n\t\t\tfor (const putParameterRequest of putParameterRequests) {\n\t\t\t\tconst command = new PutParameterCommand({\n\t\t\t\t\t...putParameterRequest,\n\t\t\t\t\tOverwrite: true,\n\t\t\t\t});\n\t\t\t\tawait ssmClient.send(command);\n\t\t\t}\n\t\t},\n\t};\n};\n", "import {\n\tCreateSecretCommand,\n\tDescribeSecretCommand,\n\tUpdateSecretCommand,\n\tCreateSecretRequest,\n\tSecretsManagerClient,\n\tResourceNotFoundException,\n} from \"@aws-sdk/client-secrets-manager\";\nimport { handleCredentialsAndRegion } from \"./handleCredentialsAndRegion\";\n\nexport const AwsSecretsManager = async (options?: {\n\tregion?: string;\n}) => {\n\tconst { region } = options || {};\n\n\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\tawait handleCredentialsAndRegion({\n\t\t\targv: {},\n\t\t\tenv: { ...process.env },\n\t\t});\n\n\tconst secretsManagerClient = new SecretsManagerClient({\n\t\tcredentials: credentialsAndOrigin.value,\n\t\tregion: region || regionAndOrigin.value,\n\t});\n\n\treturn {\n\t\tasync push(createSecretRequests: CreateSecretRequest[]) {\n\t\t\tconst createSecretCommands: CreateSecretCommand[] = [];\n\n\t\t\tconst updateSecretCommands: UpdateSecretCommand[] = [];\n\t\t\tfor (const createSecretRequest of createSecretRequests) {\n\t\t\t\t// create secret\n\t\t\t\t// check if secret exists\n\t\t\t\tconst describeSecretCommand = new DescribeSecretCommand({\n\t\t\t\t\tSecretId: createSecretRequest.Name,\n\t\t\t\t});\n\t\t\t\ttry {\n\t\t\t\t\tconst result = await secretsManagerClient.send(describeSecretCommand);\n\t\t\t\t\t// update secret\n\t\t\t\t\tupdateSecretCommands.push(\n\t\t\t\t\t\tnew UpdateSecretCommand({\n\t\t\t\t\t\t\tSecretId: result.ARN,\n\t\t\t\t\t\t\tSecretString: createSecretRequest.SecretString,\n\t\t\t\t\t\t}),\n\t\t\t\t\t);\n\t\t\t\t} catch (e) {\n\t\t\t\t\tif (e instanceof ResourceNotFoundException) {\n\t\t\t\t\t\t// create secret\n\t\t\t\t\t\tcreateSecretCommands.push(\n\t\t\t\t\t\t\tnew CreateSecretCommand({\n\t\t\t\t\t\t\t\tName: createSecretRequest.Name,\n\t\t\t\t\t\t\t\tSecretString: createSecretRequest.SecretString,\n\t\t\t\t\t\t\t}),\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tcreateSecretCommands,\n\t\t\t\tupdateSecretCommands,\n\t\t\t\tpush: async () => {\n\t\t\t\t\tfor (const createSecretCommand of createSecretCommands) {\n\t\t\t\t\t\tawait secretsManagerClient.send(createSecretCommand);\n\t\t\t\t\t}\n\n\t\t\t\t\tfor (const updateSecretCommand of updateSecretCommands) {\n\t\t\t\t\t\tawait secretsManagerClient.send(updateSecretCommand);\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t};\n\t\t},\n\t};\n};\n"],
5
- "mappings": "u4BAAA,OAAwB,wBCAxB,MAKO,kCCLP,MAIO,4CACP,GAAsC,8CCLtC,OAAkB,oBAYX,GAAM,GAAW,AAAC,GAAwB,WAAM,aAAa,GACvD,EAAS,AAAC,GAAwB,WAAM,OAAO,KAAK,GDC1D,GAAM,IAA8B,MAAO,CACjD,OACA,SAkBK,CAlCN,UAmCC,GAAM,GAAoB,KAAM,+BAC5B,EACA,EACA,EA+CJ,GA9CA,AAAI,EAAK,QACR,GAAmB,CAClB,MAAO,EAAK,QACZ,OAAQ,wBAAwB,EAAS,EAAK,YAE/C,EAAuB,CACtB,MAAO,KAAM,cAAQ,CACpB,QAAS,EAAK,YAEf,OAAQ,GAAG,EAAS,IAAI,EAAK,oCAExB,AAAI,EAAI,YACd,GAAmB,CAClB,MAAO,EAAI,YACX,OAAQ,gBAAgB,EAAS,mBAAmB,EACnD,EAAI,gBAGN,EAAuB,CACtB,MAAO,KAAM,cAAQ,CACpB,QAAS,EAAI,gBAEd,OAAQ,gBAAgB,EAAS,mBAAmB,EACnD,EAAI,iBAGA,AAAI,EAAI,mBAAqB,EAAI,sBACvC,EAAuB,CACtB,MAAO,KAAM,kBACb,OAAQ,iBAAiB,EAAS,4BAA4B,EAC7D,4BAGQ,MAAkB,kBAAlB,cAAmC,UAC7C,GAAmB,CAClB,MAAO,UACP,OAAQ,GAAG,EAAS,oCAErB,EAAuB,CACtB,MAAO,KAAM,cAAQ,CACpB,QAAS,cAEV,OAAQ,WAAW,EAAS,iBAI1B,EAAK,OACR,EAAkB,CACjB,MAAO,EAAK,OACZ,OAAQ,wBAAwB,EAAS,EAAK,mBAErC,EAAI,WACd,EAAkB,CACjB,MAAO,EAAI,WACX,OAAQ,gBAAgB,EAAS,kBAAkB,EAClD,EAAI,uBAGI,EAAI,mBACd,EAAkB,CACjB,MAAO,EAAI,mBACX,OAAQ,gBAAgB,EAAS,0BAA0B,EAC1D,EAAI,+BAGI,EAAkB,CAC5B,GAAM,GACL,uBAAmB,aAAnB,cAAgC,EAAiB,SAAjD,cAAyD,OAE1D,AAAI,GACH,GAAkB,CACjB,MAAO,EACP,OAAQ,GAAG,EACV,YAAY,EAAiB,6BAMjC,GAAM,GAAc,EAAK,eAAiB,EAAI,oBAC9C,GAAI,EAAa,CAChB,GAAM,GAAS,EAAK,cAAgB,sBAAwB,eAC5D,EAAuB,CACtB,MAAO,KAAM,+BAAyB,CACrC,kBAAmB,iBAAsB,MAEzC,OAAQ,CACP,gBACC,EAAK,2BACL,OAAO,EAAI,mCACX,KACD,QAAS,GAGV,aAAc,CACb,OAAQ,iBAAiB,WAG3B,OAAQ,GAAG,KAAU,EAAS,IAAI,SAIpC,MAAO,CAAE,uBAAsB,kBAAiB,qBAGpC,GAAuC,CAAC,CACpD,uBACA,kBACA,sBAKa,CACb,GAAM,GAAgB,GACtB,MAAI,IACH,EAAI,KAAK,yBAAyB,EAAiB,UAEhD,GACH,EAAI,KAAK,6BAA6B,EAAqB,UAExD,GACH,EAAI,KAAK,wBAAwB,EAAgB,UAE3C,EAAI,KAAK;IE9JV,GAAM,IAA6B,MAAO,CAChD,OACA,SAmBK,CACL,GAAM,CAAE,uBAAsB,kBAAiB,oBAC9C,KAAM,IAA4B,CACjC,KAAM,CACL,OAAQ,EAAK,UACb,QAAS,EAAK,WACd,cAAe,EAAK,iBACpB,0BAA2B,EAAK,8BAEjC,IAAK,KACD,KAcN,GAVI,EAAK,UAAY,IACpB,QAAQ,IACP,GAAqC,CACpC,uBACA,kBACA,sBAKC,CAAE,IAAwB,GAAkB,CAC/C,GAAI,CAAC,EACJ,cAAQ,MAAM,8BACR,GAAI,OAAM,8BAEjB,GAAI,CAAC,EACJ,cAAQ,MAAM,yBACR,GAAI,OAAM,yBAIlB,MAAO,CAAE,uBAAsB,oBH/CzB,GAAM,GAAyD,KACrE,IACI,CAhBL,QAiBC,GAAM,CACL,IAAK,CAAE,YAAa,GACpB,UACG,EAEE,CAAE,uBAAsB,mBAC7B,KAAM,IAA2B,CAChC,KAAM,GACN,IAAK,KAAK,QAAQ,OAGd,EAAY,GAAI,aAAU,CAC/B,YAAa,EAAqB,MAClC,OAAQ,GAAU,EAAgB,QAG7B,EAAqB,GAAI,sBAAmB,CACjD,MAAO,IAIF,EACL,MAFyB,MAAM,GAAU,KAAK,IAE5B,cAAlB,cAA+B,uBAA/B,cAAsD,GAEvD,GAAI,IAAwB,OAC3B,KAAM,IAAI,OAAM,4CAGjB,MAAO,MACA,SAAQ,EAAoC,CACjD,GAAM,GAAiB,GAAI,kBAAe,CACzC,MAAO,EACP,UAAW,OAAO,KAAK,GACvB,oBAAqB,IAEhB,EAAmB,KAAM,GAAU,KAAK,GAE9C,GAAI,CAAC,EAAiB,eACrB,KAAM,IAAI,OACT,2BAA2B,KAAK,UAAU,CACzC,sBASH,MAJmB,QAAO,KAAK,EAAiB,gBAAgB,SAC/D,gBAKI,SAAQ,EAAqC,CAClD,GAAM,GAAiB,GAAI,kBAAe,CACzC,MAAO,EACP,eAAgB,OAAO,KAAK,EAAY,UACxC,oBAAqB,IAGhB,EAAmB,KAAM,GAAU,KAAK,GAE9C,GAAI,CAAC,EAAiB,UACrB,KAAM,IAAI,OACT,2BAA2B,KAAK,UAAU,CACzC,WAAY,EACZ,eAAgB,OAKnB,GAAM,GAAiB,OAAO,KAAK,EAAiB,WAAW,WAE/D,MAAI,MAAK,SACR,QAAQ,KAAK,mBAAmB,MAG1B,GAER,MAAO,IAAM,KI9Ff,OAAyB,+BACzB,GAAoB,sBACpB,GAAiB,wBAEJ,GAAuB,KACnC,IAEO,KAAM,YAAG,SAAS,EAAU,SAGvB,GAAsB,MAClC,EACA,IAEO,KAAM,YAAG,UAAU,EAAU,EAAU,SAGlC,GAAa,KAAO,IAAqC,CACrE,GAAI,CACH,YAAM,YAAK,GACJ,QACN,CACD,MAAO,KAII,GAA8B,MAAO,CACjD,WACA,UAIK,CACL,GAAI,GAEJ,MAAK,MAAM,IAAW,IAAc,IAAS,GAC5C,EAAoB,KAAM,eAAQ,CACjC,KAAM,UACN,KAAM,YACN,QAAS,IACD,gBAAgB,WAAK,SAAS,QAAQ,MAAO,UAItD,EAAoB,OAEd,GCrCR,OAAiB,wBCTjB,MAAoB,yBACpB,GAAe,sBAEF,GAAkB,AAAC,GAU1B,CACL,GAAM,GAAsB,AAAG,kBACzB,EAAS,WAAG,aAAa,EAAQ,WAAY,QAE7C,EACL,AAAoB,GACpB,AAAC,GAAgB,CAChB,WAAe,EAAwB,CApB1C,wCAsBI,GADA,EAAO,AAAG,iBAAe,EAAM,EAAO,GAClC,EAAK,OAAS,AAAG,aAAW,cAAe,CAC9C,GAAM,GAAU,uBAAM,SAAN,cAAc,SAAd,cAAsB,OACtC,GAAI,YAAQ,SAAR,cAAgB,MAAhB,cAAqB,MAArB,cAA0B,WACzB,qBAAS,WAAW,KAApB,cAAwB,aAAc,MAAO,CAChD,GAAM,GAAU,oBAAS,SAAT,cAAiB,OACjC,GAAI,kBAAS,WAAW,GAAG,aAAc,MAKxC,MAAO,AAAG,uBACT,WAAQ,SAAR,cAAgB,MAAhB,cAAqB,MAArB,cAA0B,UAK9B,GAAI,SAAQ,SAAR,cAAgB,MAAhB,cAAqB,SACpB,wBAAM,SAAN,cAAc,WAAW,KAAzB,cAA6B,aAAc,SAAU,CACxD,GAAM,GAAU,uBAAM,SAAN,cAAc,SAAd,cAAsB,OAGtC,GAAI,kBAAS,WAAW,GAAG,aAAc,MACxC,MAAO,AAAG,uBAAoB,QAAQ,SAAR,cAAgB,MAAhB,cAAqB,SAMvD,MAAO,GAER,MAAO,AAAG,aAAU,EAAU,IAG1B,EAA4B,AAAG,mBACpC,UACA,EACA,AAAG,eAAa,OAChB,GACA,AAAG,aAAW,IAIT,EACL,AAAG,YAAyB,EAAY,CAAC,IAEpC,EAAuC,EAAO,YAAY,GAE1D,EAAoB,EAAQ,UAAU,GAC5C,SAAO,UAEA,GCtED,GAAM,IAA6B,mBAC7B,GAAsB,CAAC,IACvB,GAAiC,OACjC,GAAiC,OACjC,GAAmC,eACnC,GAAwC,eAExC,EAA8B,CAC1C,OAAQ,CACP,IAAK,CACJ,IAAK,CACJ,SAAU,IAEX,IAAK,CACJ,cAAe,OCIZ,GAAM,IAAiC,CAC7C,OAAQ,CACP,QAAS,CACR,QAAS,CAAC,YAAa,iBAAkB,IACzC,WAAY,CACX,+CACA,cACA,MAIH,KAAM,CACL,QAAS,CACR,QAAS,CAAC,YAAa,iBAAkB,IACzC,WAAY,CACX,+CACA,cACA,IAGD,IAAK,CAAC,QAAS,oBAAqB,IACpC,IAAK,CAAC,QAAS,oBAAqB,IACpC,IAAK,CAAC,QAAS,4BAA6B,IAC5C,YAAa,CACZ,gCACA,6FACA,gBAED,UAAW,CACV,2BACA,kGAIH,QAAS,CACR,aAAc,CAAC,UACf,QAAS,CACR,IAAK,CAAC,cAAe,oBAAqB,IAC1C,IAAK,CAAC,cAAe,oBAAqB,IAC1C,IAAK,CAAC,QAAS,4BAA6B,IAC5C,YAAa,CACZ,gCACA,6FACA,gBAED,UAAW,CACV,2BACA,kGAIH,QAAS,CACR,aAAc,CAAC,UACf,QAAS,CACR,IAAK,CAAC,cAAe,oBAAqB,IAC1C,IAAK,CAAC,cAAe,oBAAqB,IAC1C,IAAK,CAAC,QAAS,4BAA6B,IAC5C,YAAa,CACZ,gCACA,6FACA,gBAED,UAAW,CACV,2BACA,kGAKH,IAAK,CACJ,aAAc,CAAC,UACf,QAAS,CACR,IAAK,CAAC,cAAe,qBACrB,IAAK,CAAC,cAAe,qBACrB,YAAa,CACZ,gCACA,6FACA,gBAED,UAAW,CACV,2BACA,kGAIH,KAAM,CACL,aAAc,CAAC,UACf,QAAS,CACR,SAAU,CAAC,2BAA4B,mBACvC,oBAAqB,CACpB,kDACA,+BAQD,IAAK,CAAC,cAAe,qBACrB,IAAK,CAAC,cAAe,qBACrB,IAAK,CAAC,QAAS,4BAA6B,IAC5C,YAAa,CACZ,gCACA,6FACA,gBAED,UAAW,CACV,2BACA,mGAME,GAAsB,CAC3B,EACA,EACA,EAA2D,KACO,CAClE,GAAM,GAAU,EAAM,GACtB,GAAI,EACH,MAAI,GAAQ,aACJ,iBAAS,aAAa,OAC5B,CAAC,EAAK,IAAyB,CAC9B,GAAM,GAAI,GAAoB,EAAO,EAAsB,GAC3D,MAAO,MAAK,IAEb,CACC,QAAS,OAAK,EAAO,SAAY,EAAQ,SACzC,gBAAiB,OACb,EAAO,iBACP,EAAQ,mBAKP,CACN,QAAS,OAAK,EAAO,SAAY,EAAQ,SACzC,gBAAiB,OACb,EAAO,iBACP,EAAQ,mBAOH,EAAoB,CAAC,EAAkB,IAAyB,CAC5E,GAAM,GAAiB,GACtB,GACA,GAAe,EAAQ,QAGxB,AAAI,kBAAgB,UACnB,OAAO,OAAO,EAAe,SAAS,QACrC,CAAC,CAAC,EAAQ,EAAa,KAAkB,CACxC,EAAQ,OAAO,EAAQ,EAAa,KAInC,kBAAgB,kBACnB,OAAO,OAAO,EAAe,iBAAiB,QAC7C,CAAC,CAAC,EAAQ,EAAa,KAAkB,CACxC,EAAQ,eAAe,EAAQ,EAAa,MHlKhD,GAAM,IAAiB,KAAO,IAAqB,CAClD,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,QACR,OAAO,MAAO,EAAmB,IAAqB,CA3BzD,gBA4BG,GAAM,CACL,UACA,aACA,IAAK,EACL,IAAK,EACL,cACA,YACA,OACG,EAAQ,kBAGZ,GAAI,CACH,GAAI,GAEJ,EAAmB,KAAM,GAA2B,CACnD,UACA,OACC,GACA,QAAQ,IAAI,YACZ,SAAc,SAAd,cAAsB,MAAtB,cAA2B,QAC5B,IAAK,CACJ,SAAU,GAAe,+BAAe,SAAf,cAAuB,MAAvB,cAA4B,MAA5B,cAAiC,aAK5D,GAAM,GAAe,KAAM,IAAqB,GAG1C,EAAa,KAAM,GAAiB,QAAQ,GAE5C,EAA0B,KAAM,IAA4B,CACjE,SAAU,EACV,KAAM,IAEP,AACC,KAA4B,QAC5B,EAAwB,YAAc,KAEtC,MAAM,IAAoB,EAAgB,GAC1C,QAAQ,IACP,+BAA+B,EAC9B,uBACqB,EAAO,OAI/B,GAAM,GAAwB,GAAgB,CAC7C,WAAY,WAAK,QAChB,UACA,qCAED,OAAQ,CACP,IAAK,CACJ,IAAK,CACJ,SAAU,GAAe,IAE1B,OAAQ,GAAa,QAAQ,IAAI,eAI9B,EAAgC,KAAM,IAC3C,CACC,SAAU,EACV,KAAM,IAGR,AACC,KAAkC,QAClC,EAA8B,YAAc,KAE5C,MAAM,IAAoB,EAAY,GACtC,QAAQ,IAAI,wBAAwB,EAAO,aAEpC,EAAP,CACD,EAAQ,MAAM,MAIjB,SAAkB,GAEX,GAGD,GAAQ,GIhHf,OAAe,sBAGf,GAAkB,0BAClB,GAAsB,qBCJtB,OAAiB,wBAEjB,GAA8B,6BAC9B,GAAmB,qBCHnB,OAAe,iBACf,GAAiB,wBAEV,YAAoB,EAAc,CACxC,GAAI,CACH,MAAO,IAAI,UAAS,UAAU,EAAK,iBAClC,CAGD,MAAO,IAIF,GAAM,IAAW,KAAO,IAAqB,CACnD,GAAI,CACH,MAAO,IAAW,KAAM,YAAG,SAAS,SAAS,EAAU,eAC/C,EAAP,CACD,KAAI,aAAiB,OACd,GAAI,OACT,mBAAmB,WAAK,SAAS,QAAQ,MAAO,OAC/C,EAAM,WAIF,IDfF,GAAM,GAAY,KACxB,IACoC,CAXrC,8EAYC,GAAM,GAAM,QAAQ,MAEd,EAAa,KAAM,AADJ,IAAI,cACa,QAAQ,CAC7C,MAAO,EAAW,CAAC,GAAY,CAAC,GAAG,GAAqB,gBACxD,MACA,QAAS,WAAK,MAAM,GAAK,KACzB,WAAY,WAEb,GAAI,GAAY,IAAe,KAC9B,KAAM,IAAI,OAAM,8BAA8B,KAE/C,GAAI,GACH,GAAI,EAAW,SAAS,SAAU,CACjC,GAAM,GAAW,KAAM,IAAS,GAE5B,EAEJ,MACC,GAAW,SAAS,iBACnB,EAA8C,SAAW,OAE1D,EAAQ,EAA8C,OAEtD,EAAO,EAGD,CACN,OAAQ,OACR,SAAU,SACN,GACA,GAFM,CAGT,OAAQ,SACJ,iBAAM,QACN,EAAc,QAFV,CAGP,IAAK,SACD,oBAAM,SAAN,cAAc,KACd,wBAAe,SAAf,cAAuB,KAFtB,CAGJ,IAAK,OACD,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,KAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,KAEtB,IAAK,OACD,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,KAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,KAEtB,eAAgB,OACZ,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,gBAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,+BAMhB,EAAW,SAAS,OAAQ,CACtC,GAAM,GAAsB,KAAM,qBAAc,CAC/C,SAAU,IAEL,EAAQ,EAAoB,IAAI,QACrC,EAAoB,IAAI,SACxB,EAAoB,IAErB,MAAO,CACN,OAAQ,KACR,SAAU,SACN,GACA,GAFM,CAGT,OAAQ,SACJ,iBAAM,QACN,EAAc,QAFV,CAGP,IAAK,SACD,oBAAM,SAAN,cAAc,KACd,wBAAe,SAAf,cAAuB,KAFtB,CAGJ,IAAK,OACD,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,KAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,KAEtB,IAAK,OACD,4BAAe,SAAf,cAAuB,MAAvB,eAA4B,KAC5B,SAAK,SAAL,cAAa,MAAb,eAAkB,KAEtB,eAAgB,OACZ,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,gBAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,wBAS5B,MAAO,CAAE,OAAQ,gBAAiB,SAAU,ID5F7C,GAAM,IAAe,AAAC,GAAqB,CAC1C,GAAM,GAAa,EACjB,QAAQ,oBACR,qBACA,YACA,qGAEA,OACA,MACC,EACA,EACA,IACI,CAvBR,UAwBI,GAAM,CACL,aACA,IAAK,EACL,IAAK,EACL,WACA,UACG,EAAQ,kBAEN,CACL,SAAU,CAAE,UAAW,IACpB,KAAM,GAAU,GAEd,EAAmB,KAAM,GAA2B,CACzD,QAAS,GACT,IAAK,CACJ,SACC,GACA,wBAAQ,MAAR,cAAa,MAAb,cAAkB,WAClB,IAEF,OAAQ,GAAU,qBAAQ,MAAR,cAAa,UAG5B,EAEJ,GAAI,EACH,EAAc,WAAG,aAAa,EAAQ,gBAC5B,EAAQ,CAClB,GAAM,GAAiB,WAAG,aAAa,EAAQ,QAC/C,EAAc,KAAM,GAAiB,QAAQ,OAE7C,MAAM,IAAI,OAAM,0CAEjB,GAAI,EAAa,CAChB,GAAM,GAAa,aAAM,GACnB,CAAC,KAAgB,GAAmB,EAC1C,eAAM,EAAa,CAAC,GAAG,GAAkB,CACxC,MAAO,UACP,MAAO,GACP,IAAK,SACD,QAAQ,KACR,GAFC,CAGJ,eAAgB,KAAK,UAAU,OAAO,KAAK,QAI7C,EAAQ,WAER,MAAM,IAAI,OAAM,mCAKpB,SAAkB,EAAY,OAEvB,GAGD,GAAQ,GGrEf,GAAM,IAAoB,KAAO,IAAqB,CACrD,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,WACR,OAAO,MAAO,EAAU,IAAqB,CAlBhD,cAmBG,GAAM,CACL,aACA,UACA,IAAK,EACL,IAAK,EACL,cACA,YACA,OACG,EAAQ,kBAGN,CAAE,SAAU,GAAiB,KAAM,GAAU,GACnD,GAAI,CACH,GAAI,GAEJ,EAAmB,KAAM,GAA2B,CACnD,UACA,OACC,GACA,QAAQ,IAAI,YACZ,SAAa,SAAb,cAAqB,MAArB,cAA0B,QAC3B,IAAK,CACJ,SAAU,GAAe,2BAAc,SAAd,cAAsB,MAAtB,cAA2B,MAA3B,cAAgC,aAK3D,GAAM,GAAe,KAAM,IAAqB,GAG1C,EAAY,KAAM,GAAiB,QAAQ,GAE3C,EAA0B,KAAM,IAA4B,CACjE,SAAU,EACV,KAAM,IAEP,AACC,KAA4B,QAC5B,EAAwB,YAAc,KAEtC,MAAM,IAAoB,EAAgB,GAC1C,QAAQ,IACP,+BAA+B,EAC9B,cACY,EAAO,aAGd,EAAP,CACD,EAAQ,MAAM,MAIjB,SAAkB,GAEX,GAGD,GAAQ,GC/Df,GAAM,IAAoB,KAAO,IAAqB,CACrD,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,WACR,OAAO,MAAO,EAAU,IAAqB,CAlBhD,cAmBG,GAAM,CACL,UACA,aACA,IAAK,EACL,IAAK,EACL,cACA,YACA,OACG,EAAQ,kBAGN,CAAE,SAAU,GAAiB,KAAM,GAAU,GACnD,GAAI,CACH,GAAI,GAEJ,EAAmB,KAAM,GAA2B,CACnD,UACA,OACC,GACA,QAAQ,IAAI,YACZ,SAAa,SAAb,cAAqB,MAArB,cAA0B,QAC3B,IAAK,CACJ,SAAU,GAAe,2BAAc,SAAd,cAAsB,MAAtB,cAA2B,MAA3B,cAAgC,aAK3D,GAAM,GAAe,KAAM,IAAqB,GAG1C,EAAa,KAAM,GAAiB,QAAQ,GAE5C,EAA0B,KAAM,IAA4B,CACjE,SAAU,EACV,KAAM,IAEP,AACC,KAA4B,QAC5B,EAAwB,YAAc,KAEtC,MAAM,IAAoB,EAAgB,GAC1C,QAAQ,IACP,+BAA+B,EAC9B,cACY,EAAO,aAGd,EAAP,CACD,EAAQ,MAAM,MAIjB,SAAkB,GAEX,GAGD,GAAQ,GCuCR,GAAM,IAAY,AAAC,GAClB,MAAO,IAAU,UCjHzB,OAAe,sBAQf,OAAsB,qBCXtB,OAAoB,sBACP,GAAgB,MAAO,CACnC,YACA,OACA,aAMI,IAAS,GACL,CAAE,QAAS,IAEH,GAAY,KAAM,KAAc,IAEvC,KAAM,eAAQ,CACpB,KAAM,UACN,KAAM,UACN,QAAS,IACD,IAKJ,CAAE,QAAS,ICxBnB,OAIO,kCAGA,GAAM,IAAS,KAAO,IAEvB,CACL,GAAM,CAAE,UAAW,GAAW,GAExB,CAAE,uBAAsB,mBAC7B,KAAM,IAA2B,CAChC,KAAM,GACN,IAAK,KAAK,QAAQ,OAGd,EAAY,GAAI,cAAU,CAC/B,YAAa,EAAqB,MAClC,OAAQ,GAAU,EAAgB,QAGnC,MAAO,MACA,KAAI,EAA4D,CACrE,OAAW,KAAuB,GAAsB,CACvD,GAAM,GAAU,GAAI,wBAAoB,OACpC,GADoC,CAEvC,UAAW,MAEZ,KAAM,GAAU,KAAK,OC9BzB,MAOO,8CAGA,GAAM,IAAoB,KAAO,IAElC,CACL,GAAM,CAAE,UAAW,GAAW,GAExB,CAAE,uBAAsB,mBAC7B,KAAM,IAA2B,CAChC,KAAM,GACN,IAAK,KAAK,QAAQ,OAGd,EAAuB,GAAI,wBAAqB,CACrD,YAAa,EAAqB,MAClC,OAAQ,GAAU,EAAgB,QAGnC,MAAO,MACA,MAAK,EAA6C,CACvD,GAAM,GAA8C,GAE9C,EAA8C,GACpD,OAAW,KAAuB,GAAsB,CAGvD,GAAM,GAAwB,GAAI,yBAAsB,CACvD,SAAU,EAAoB,OAE/B,GAAI,CACH,GAAM,GAAS,KAAM,GAAqB,KAAK,GAE/C,EAAqB,KACpB,GAAI,uBAAoB,CACvB,SAAU,EAAO,IACjB,aAAc,EAAoB,sBAG5B,EAAP,CACD,AAAI,YAAa,8BAEhB,EAAqB,KACpB,GAAI,uBAAoB,CACvB,KAAM,EAAoB,KAC1B,aAAc,EAAoB,iBAOvC,MAAO,CACN,uBACA,uBACA,KAAM,SAAY,CACjB,OAAW,KAAuB,GACjC,KAAM,GAAqB,KAAK,GAGjC,OAAW,KAAuB,GACjC,KAAM,GAAqB,KAAK,QHjDtC,GAAM,IAAiB,KAAO,IAAqB,CAClD,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,QACR,OAAO,MAAO,EAAU,IAAqB,CAxBhD,8BAyBG,GAAM,CACL,aACA,UACA,MACA,MACA,cACA,YACA,MACA,WACA,uBACG,EAAQ,kBAEZ,GAAI,CAAE,IAAY,GACjB,KAAM,IAAI,OACT,6EAGF,GAAM,CAAE,SAAU,GAAiB,KAAM,GAAU,GAE/C,EACA,EAWJ,GAVA,EAAmB,KAAM,GAA2B,CACnD,UACA,OACC,GACA,QAAQ,IAAI,YACZ,SAAa,SAAb,cAAqB,MAArB,cAA0B,QAC3B,IAAK,CACJ,SAAU,GAAe,2BAAc,SAAd,cAAsB,MAAtB,cAA2B,MAA3B,cAAgC,aAGvD,EAAK,CACR,GAAM,GAAiB,GAAU,GAC9B,GACA,EACH,EAAc,WAAG,aAAa,EAAgB,gBACpC,EAAK,CACf,GAAM,GAAiB,GAAU,GAC9B,GACA,EACG,EAAiB,WAAG,aAAa,EAAgB,QACvD,EAAc,KAAM,GAAiB,QAAQ,OAE7C,MAAM,IAAI,OAAM,0CAGjB,GAAM,GAAY,aAAM,GAGxB,GAAI,CACH,GAAI,EAAU,CACb,GAAM,GAAc,uBAAc,SAAd,cAAsB,MAAtB,cAA2B,IACzC,EAAU,kBAAa,gBAAiB,eAExC,GAAa,kBAAa,aAAc,GACxC,EAAuB,OAAO,QAAQ,GAAW,OAErD,CAAC,EAAK,CAAC,EAAK,KAAW,CAlF9B,YAmFM,GAAI,KAAa,YAAb,cAAyB,GAAM,CAClC,GAAM,IAAQ,KAAa,YAAb,cAAyB,GACvC,GAAI,GAAO,CACV,GAAM,IAAU,GAAG,KAAa,IAChC,GAAI,SAAM,OAAN,cAAY,MAAZ,cAAiB,IAAK,CACzB,GAAM,IAA2C,GAChD,GAAM,KAAK,IAAI,KAEb,CACA,KAAM,GACN,MAAO,EACP,KAAM,GAEN,KACA,KAAM,GACN,KAAM,GACH,GAAM,KAAK,IAAI,KAHlB,CAIA,MAAO,IAGV,EAAI,KAAK,MAMZ,MAAO,IACL,IAEG,CAAE,YAAY,KAAM,IAAc,CACvC,QAAS;AAAA,EACb,EACA,IAAI,CAAC,CAAE,UAAW,KAAK,EAAO,GAAQ,gBACtC,KAAK;AAAA,KACD,KAAM,IAGP,AAAI,KAAY,IACf,SAAQ,IAAI,sCAKZ,KAAM,AAJM,MAAM,IAAO,CACxB,OAAQ,GAAa,wBAAc,SAAd,cAAsB,MAAtB,cAA2B,WAGvC,IAAI,IAKhB,GAAI,EAAqB,CAExB,GAAM,GACL,uBAAc,SAAd,cAAsB,MAAtB,cAA2B,eACtB,EAAa,kBAAwB,aAAc,GACnD,GAAqB,KAAM,IAAkB,CAClD,OACC,GACA,QAAQ,IAAI,YACZ,SAAa,SAAb,cAAqB,MAArB,cAA0B,UAGtB,EAAuB,OAAO,QAAQ,GAAW,OAErD,CAAC,EAAK,CAAC,EAAK,KAAW,CAjJ9B,eAkJM,GAAI,KAAa,YAAb,cAAyB,GAAM,CAClC,GAAM,IAAQ,MAAa,YAAb,eAAyB,GACvC,GAAI,GAAO,CACV,GAAM,IAAU,GAAG,IAAa,IAChC,GAAI,WAAM,OAAN,eAAY,MAAZ,eAAiB,IAAK,CACzB,GAAM,IAA2C,GAChD,GAAM,KAAK,IAAI,KAEb,CACA,KAAM,GACN,aAAc,GAEd,KACA,KAAM,IACH,GAAM,KAAK,IAAI,KAFlB,CAGA,aAAc,IAGjB,EAAI,KAAK,MAKZ,MAAO,IACL,IACG,CAAE,QAAM,uBAAsB,wBACnC,KAAM,IAAmB,KAAK,GACzB,EAA2B,GACjC,GAAI,EAAqB,OAAS,EAAG,CACpC,GAAM,CAAE,QAAS,GAAkB,KAAM,IAAc,CACtD,QAAS;AAAA,EACd,EACA,IAAI,CAAC,CAAE,MAAO,CAAE,eAAiB,KAAK,EAAO,GAAY,gBACzD,KAAK;AAAA,KACA,KAAM,IAGP,EAAc,KAAK,GAGpB,GAAI,EAAqB,OAAS,EAAG,CACpC,GAAM,CAAE,QAAS,GAAkB,KAAM,IAAc,CACtD,QAAS;AAAA,EACd,EACA,IAAI,CAAC,CAAE,MAAO,CAAE,WAAa,KAAK,EAAO,GAAQ,gBACjD,KAAK;AAAA,KACA,KAAM,IAGP,EAAc,KAAK,GAGpB,AAAK,EAAc,KAAK,AAAC,GAAM,IAAM,KACpC,SAAQ,IAAI,kCAEZ,KAAM,cAGA,EAAP,CACD,EAAQ,MAAM,MAIjB,SAAkB,GAEX,GAGD,GAAQ,GhB9Mf,GAAM,GAAU,GAAI,YAEpB,EACE,KAAK,UACL,YAAY,oBACZ,QAAQ,SACR,0BACA,OAAO,CAAC,EAAU,IAAmB,CACrC,EAAM,SAGR,EAAkB,GAClB,AAAC,UAAY,CACZ,KAAM,IAAe,GACrB,KAAM,IAAc,GACpB,KAAM,IAAkB,GACxB,KAAM,IAAkB,GACxB,KAAM,IAAe,GAErB,EAAQ",
3
+ "sources": ["../../src/cli/index.ts", "../../src/constants.ts", "../../src/lib/json.ts", "../../src/lib/getConfig.ts", "../../src/lib/loadDotsecPlugin.ts", "../../src/lib/addPluginOptions.ts", "../../src/lib/io.ts", "../../src/utils/logging.ts", "../../src/cli/options/index.ts", "../../src/cli/options/sharedOptions.ts", "../../src/cli/options/decrypt.ts", "../../src/cli/options/dotsec.ts", "../../src/cli/options/encrypt.ts", "../../src/cli/options/init.ts", "../../src/cli/options/push.ts", "../../src/cli/options/run.ts", "../../src/cli/commands/decrypt.ts", "../../src/cli/commands/encrypt.ts", "../../src/lib/transformer.ts", "../../src/cli/commands/init.ts", "../../src/cli/commands/push.ts", "../../src/cli/commands/run.ts"],
4
+ "sourcesContent": ["import { Command } from \"commander\";\n\nimport { getMagicalConfig } from \"../lib/getConfig\";\nimport { loadDotsecPlugin } from \"../lib/loadDotsecPlugin\";\nimport {\n\tDotsecCliPluginDecryptHandler,\n\tDotsecCliPluginEncryptHandler,\n\tDotsecCliPluginPushHandler,\n\tDotsecPluginConfig,\n} from \"../types/plugin\";\nimport addDecryptProgram from \"./commands/decrypt\";\nimport addEncryptProgram from \"./commands/encrypt\";\nimport addInitCommand from \"./commands/init\";\nimport addPushProgram from \"./commands/push\";\nimport addRunCommand from \"./commands/run\";\nimport { setProgramOptions } from \"./options\";\nimport Ajv, { KeywordDefinition } from \"ajv\";\nimport yargsParser from \"yargs-parser\";\n\nconst separator: KeywordDefinition = {\n\tkeyword: \"separator\",\n\ttype: \"string\",\n\tmetaSchema: {\n\t\ttype: \"string\",\n\t\tdescription: \"value separator\",\n\t},\n\tmodifying: true,\n\tvalid: true,\n\terrors: false,\n\tcompile: (schema) => (data, ctx) => {\n\t\tif (ctx) {\n\t\t\tconst { parentData, parentDataProperty } = ctx;\n\t\t\tparentData[parentDataProperty] = data === \"\" ? [] : data.split(schema);\n\t\t\treturn true;\n\t\t} else {\n\t\t\treturn false;\n\t\t}\n\t},\n};\n\nconst program = new Command();\n\n(async () => {\n\tconst parsedOptions = yargsParser(process.argv);\n\tconst argvPluginModules: string[] = [];\n\tif (parsedOptions.plugin) {\n\t\tif (Array.isArray(parsedOptions.plugin)) {\n\t\t\targvPluginModules.push(...parsedOptions.plugin);\n\t\t} else {\n\t\t\targvPluginModules.push(parsedOptions.plugin);\n\t\t}\n\t}\n\t// if (parsedOptions.p) {\n\t// \tif (Array.isArray(parsedOptions.p)) {\n\t// \t\targvPluginModules.push(...parsedOptions.p);\n\t// \t} else {\n\t// \t\targvPluginModules.push(parsedOptions.p);\n\t// \t}\n\t// }\n\tconst configFile = [\n\t\t...(Array.isArray(parsedOptions.config)\n\t\t\t? parsedOptions.config\n\t\t\t: [parsedOptions.config]),\n\t\t...(Array.isArray(parsedOptions.c) ? parsedOptions.c : [parsedOptions.c]),\n\t]?.[0];\n\n\tconst { contents: dotsecConfig = {} } = await getMagicalConfig(configFile);\n\tconst { defaults, push: pushVariables } = dotsecConfig;\n\n\tprogram\n\t\t.name(\"dotsec\")\n\t\t.description(\".env, but secure\")\n\t\t.version(\"1.0.0\")\n\t\t.enablePositionalOptions()\n\t\t.action((_options, other: Command) => {\n\t\t\tother.help();\n\t\t});\n\tsetProgramOptions({ program, dotsecConfig: dotsecConfig });\n\tconst ajv = new Ajv({\n\t\tallErrors: true,\n\t\tremoveAdditional: true,\n\t\tuseDefaults: true,\n\t\tcoerceTypes: true,\n\t\tallowUnionTypes: true,\n\t\taddUsedSchema: false,\n\t\tkeywords: [separator],\n\t});\n\t// if we have plugins in the cli, we need to define them in pluginModules\n\tconst pluginModules: { [key: string]: string } = {};\n\tif (argvPluginModules.length > 0) {\n\t\tfor (const pluginModule of argvPluginModules) {\n\t\t\t// let's load em up\n\t\t\tconst plugin = await loadDotsecPlugin({ name: pluginModule });\n\n\t\t\t// good, let's fire 'em up\n\t\t\tconst loadedPlugin = await plugin({\n\t\t\t\tdotsecConfig: dotsecConfig,\n\t\t\t\tajv,\n\t\t\t\tconfigFile,\n\t\t\t});\n\t\t\tpluginModules[loadedPlugin.name] = pluginModule;\n\n\t\t\tif (argvPluginModules.length === 1) {\n\t\t\t\t// if we only have one plugin, let's set it as the default\n\t\t\t\tdotsecConfig.defaults = {\n\t\t\t\t\t...dotsecConfig.defaults,\n\t\t\t\t\tencryptionEngine: String(loadedPlugin.name),\n\t\t\t\t\tplugins: {\n\t\t\t\t\t\t...dotsecConfig.defaults?.plugins,\n\t\t\t\t\t\t[loadedPlugin.name]: {\n\t\t\t\t\t\t\t...dotsecConfig.defaults?.plugins?.[loadedPlugin.name],\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t};\n\t\t\t}\n\t\t}\n\t}\n\n\tif (defaults?.encryptionEngine) {\n\t\tif (!defaults?.plugins?.[defaults.encryptionEngine]) {\n\t\t\tdefaults.plugins = {\n\t\t\t\t...defaults.plugins,\n\t\t\t\t[defaults.encryptionEngine]: {},\n\t\t\t};\n\t\t}\n\t}\n\tif (defaults?.plugins) {\n\t\tObject.entries(defaults?.plugins).forEach(\n\t\t\t([pluginName, pluginModule]: [string, DotsecPluginConfig]) => {\n\t\t\t\tif (pluginModule?.module) {\n\t\t\t\t\tpluginModules[pluginName] = pluginModule?.module;\n\t\t\t\t} else {\n\t\t\t\t\tpluginModules[pluginName] = `@dotsec/plugin-${pluginName}`;\n\t\t\t\t}\n\t\t\t},\n\t\t);\n\t}\n\n\tObject.values(pushVariables || {}).forEach((pushVariable) => {\n\t\tObject.keys(pushVariable).forEach((pluginName) => {\n\t\t\tif (!pluginModules[pluginName]) {\n\t\t\t\tpluginModules[pluginName] = `@dotsec/plugin-${pluginName}`;\n\t\t\t}\n\t\t});\n\t});\n\n\t// configure encryption command\n\tconst cliPluginEncryptHandlers: DotsecCliPluginEncryptHandler[] = [];\n\tconst cliPluginDecryptHandlers: DotsecCliPluginDecryptHandler[] = [];\n\tconst cliPluginPushHandlers: {\n\t\tpush: DotsecCliPluginPushHandler;\n\t\tdecrypt: DotsecCliPluginDecryptHandler;\n\t}[] = [];\n\n\tfor (const pluginName of Object.keys(pluginModules)) {\n\t\tconst pluginModule = pluginModules[pluginName];\n\t\tconst initDotsecPlugin = await loadDotsecPlugin({ name: pluginModule });\n\t\tconst { addCliCommand, cliHandlers: cli } = await initDotsecPlugin({\n\t\t\tajv,\n\t\t\tdotsecConfig: dotsecConfig,\n\t\t\tconfigFile,\n\t\t});\n\n\t\tif (cli?.encrypt) {\n\t\t\tcliPluginEncryptHandlers.push(cli.encrypt);\n\t\t}\n\t\tif (cli?.decrypt) {\n\t\t\tcliPluginDecryptHandlers.push(cli.decrypt);\n\t\t\tif (cli?.push) {\n\t\t\t\tcliPluginPushHandlers.push({ push: cli.push, decrypt: cli.decrypt });\n\t\t\t}\n\t\t}\n\n\t\tif (addCliCommand) {\n\t\t\taddCliCommand({ program });\n\t\t}\n\t}\n\tif (cliPluginEncryptHandlers.length) {\n\t\tawait addEncryptProgram(program, {\n\t\t\tdotsecConfig: dotsecConfig,\n\t\t\tencryptHandlers: cliPluginEncryptHandlers,\n\t\t});\n\t}\n\tif (cliPluginDecryptHandlers.length) {\n\t\tawait addDecryptProgram(program, {\n\t\t\tdotsecConfig: dotsecConfig,\n\t\t\tdecryptHandlers: cliPluginDecryptHandlers,\n\t\t});\n\t}\n\tif (cliPluginPushHandlers.length) {\n\t\tawait addPushProgram(program, {\n\t\t\tdotsecConfig: dotsecConfig,\n\t\t\thandlers: cliPluginPushHandlers,\n\t\t});\n\t}\n\n\t// add other commands\n\tawait addInitCommand(program, { dotsecConfig: dotsecConfig });\n\tawait addRunCommand(program, {\n\t\tdotsecConfig: dotsecConfig,\n\t\tdecryptHandlers: cliPluginDecryptHandlers,\n\t});\n\tawait program.parse();\n})();\n", "import { DotsecConfig } from \"./types/config\";\n\nexport const DOTSEC_DEFAULT_CONFIG_FILE = \"dotsec.config.ts\";\nexport const DOTSEC_CONFIG_FILES = [DOTSEC_DEFAULT_CONFIG_FILE];\nexport const DOTSEC_DEFAULT_DOTSEC_FILENAME = \".sec\";\nexport const DOTSEC_DEFAULT_DOTENV_FILENAME = \".env\";\nexport const defaultConfig: DotsecConfig = {};\n", "import fs from \"fs\";\nimport path from \"node:path\";\n\n/**\n * Parse JSONC\n * @date 12/7/2022 - 12:48:45 PM\n *\n * @export\n * @param {string} data\n * @returns {*}\n */\nexport function jsoncParse(data: string) {\n\ttry {\n\t\treturn new Function(`return ${data.trim()}`)();\n\t} catch {\n\t\t// Silently ignore any error\n\t\t// That's what tsc/jsonc-parser did after all\n\t\treturn {};\n\t}\n}\n\n/**\n * Load JSON\n * @date 12/7/2022 - 12:48:57 PM\n *\n * @async\n * @param {string} filepath\n * @returns {unknown}\n */\nexport const loadJson = async (filepath: string) => {\n\ttry {\n\t\treturn jsoncParse(await fs.promises.readFile(filepath, \"utf8\"));\n\t} catch (error) {\n\t\tif (error instanceof Error) {\n\t\t\tthrow new Error(\n\t\t\t\t`Failed to parse ${path.relative(process.cwd(), filepath)}: ${\n\t\t\t\t\terror.message\n\t\t\t\t}`,\n\t\t\t);\n\t\t} else {\n\t\t\tthrow error;\n\t\t}\n\t}\n};\n", "import { DOTSEC_CONFIG_FILES, defaultConfig } from \"../constants\";\nimport { DotsecConfig } from \"../types/config\";\nimport { DotsecConfigAndSource } from \"../types/plugin\";\nimport { loadJson } from \"./json\";\nimport { bundleRequire } from \"bundle-require\";\nimport JoyCon from \"joycon\";\nimport path from \"path\";\n\nexport const getMagicalConfig = async (\n\tfilename?: string,\n): Promise<DotsecConfigAndSource> => {\n\tconst cwd = process.cwd();\n\tconst configJoycon = new JoyCon();\n\tconst configPath = await configJoycon.resolve({\n\t\tfiles: filename ? [filename] : [...DOTSEC_CONFIG_FILES, \"package.json\"],\n\t\tcwd,\n\t\tstopDir: path.parse(cwd).root,\n\t\tpackageKey: \"dotsec\",\n\t});\n\tif (filename && configPath === null) {\n\t\tthrow new Error(`Could not find config file ${filename}`);\n\t}\n\tif (configPath) {\n\t\tif (configPath.endsWith(\".json\")) {\n\t\t\tconst rawData = (await loadJson(configPath)) as Partial<DotsecConfig>;\n\n\t\t\tlet data: Partial<DotsecConfig>;\n\n\t\t\tif (\n\t\t\t\tconfigPath.endsWith(\"package.json\") &&\n\t\t\t\t(rawData as { dotsec: Partial<DotsecConfig> }).dotsec !== undefined\n\t\t\t) {\n\t\t\t\tdata = (rawData as { dotsec: Partial<DotsecConfig> }).dotsec;\n\t\t\t} else {\n\t\t\t\tdata = rawData as Partial<DotsecConfig>;\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tsource: \"json\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tdefaults: {\n\t\t\t\t\t\t...data?.defaults,\n\t\t\t\t\t\t...defaultConfig.defaults,\n\t\t\t\t\t\tplugins: {\n\t\t\t\t\t\t\t...data?.defaults?.plugins,\n\t\t\t\t\t\t\t...defaultConfig.defaults?.plugins,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tpush: {\n\t\t\t\t\t\t...data?.push,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t} else if (configPath.endsWith(\".ts\")) {\n\t\t\tconst bundleRequireResult = await bundleRequire({\n\t\t\t\tfilepath: configPath,\n\t\t\t});\n\t\t\tconst data = (bundleRequireResult.mod.dotsec ||\n\t\t\t\tbundleRequireResult.mod.default ||\n\t\t\t\tbundleRequireResult.mod) as Partial<DotsecConfig>;\n\n\t\t\treturn {\n\t\t\t\tsource: \"ts\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tdefaults: {\n\t\t\t\t\t\t...data?.defaults,\n\t\t\t\t\t\t...defaultConfig.defaults,\n\t\t\t\t\t\tplugins: {\n\t\t\t\t\t\t\t...data?.defaults?.plugins,\n\t\t\t\t\t\t\t...defaultConfig.defaults?.plugins,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tpush: {\n\t\t\t\t\t\t...data?.push,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n\n\treturn { source: \"defaultConfig\", contents: defaultConfig };\n};\n", "import { DotsecPluginModule } from \"../types/plugin\";\n\nexport const loadDotsecPlugin = async (options: {\n\tname: string;\n}): Promise<DotsecPluginModule> => {\n\treturn import(options.name).then((imported) => {\n\t\treturn imported.default;\n\t});\n};\n", "import { DotsecCliOption } from \"../types/plugin\";\nimport { Command, Option } from \"commander\";\n\nexport const addPluginOptions = (\n\toptions:\n\t\t| {\n\t\t\t\t[x: string]: DotsecCliOption;\n\t\t }\n\t\t| undefined,\n\tcommand: Command,\n\tmandatory?: boolean,\n) => {\n\tif (options) {\n\t\tObject.values(options).map((option) => {\n\t\t\tlet optionProps:\n\t\t\t\t| {\n\t\t\t\t\t\tflags: string;\n\t\t\t\t\t\tdescription?: string;\n\t\t\t\t\t\tdefaultValue?: string | boolean | string[];\n\t\t\t\t\t\tfn?: (value: string, previous: unknown) => unknown;\n\t\t\t\t\t\tregexp?: RegExp;\n\t\t\t\t\t\tenv?: string;\n\t\t\t\t }\n\t\t\t\t| undefined;\n\t\t\tif (Array.isArray(option)) {\n\t\t\t\tconst [flags, description, defaultValue] = option;\n\t\t\t\toptionProps = {\n\t\t\t\t\tflags,\n\t\t\t\t\tdescription,\n\t\t\t\t\tdefaultValue,\n\t\t\t\t};\n\t\t\t} else {\n\t\t\t\tconst { flags, description, defaultValue, env, fn } = option;\n\t\t\t\toptionProps = {\n\t\t\t\t\tflags,\n\t\t\t\t\tdescription,\n\t\t\t\t\tdefaultValue,\n\t\t\t\t\tenv,\n\t\t\t\t\tfn,\n\t\t\t\t};\n\t\t\t}\n\n\t\t\tif (optionProps) {\n\t\t\t\tconst newOption = new Option(\n\t\t\t\t\toptionProps.flags,\n\t\t\t\t\toptionProps.description,\n\t\t\t\t);\n\t\t\t\tif (optionProps.fn) {\n\t\t\t\t\tnewOption.argParser(optionProps.fn);\n\t\t\t\t}\n\t\t\t\tif (optionProps.defaultValue) {\n\t\t\t\t\tnewOption.default(optionProps.defaultValue);\n\t\t\t\t}\n\t\t\t\tif (optionProps.env) {\n\t\t\t\t\tnewOption.env(optionProps.env);\n\t\t\t\t}\n\t\t\t\tif (mandatory) {\n\t\t\t\t\tnewOption.makeOptionMandatory(true);\n\t\t\t\t}\n\t\t\t\tcommand.addOption(newOption);\n\t\t\t}\n\t\t});\n\t}\n};\n", "import fs, { stat } from \"node:fs/promises\";\nimport path from \"node:path\";\nimport prompts from \"prompts\";\n\nexport const readContentsFromFile = async (\n\tfilePath: string,\n): Promise<string> => {\n\treturn await fs.readFile(filePath, \"utf-8\");\n};\n\nexport const writeContentsToFile = async (\n\tfilePath: string,\n\tcontents: string,\n): Promise<void> => {\n\treturn await fs.writeFile(filePath, contents, \"utf-8\");\n};\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n\ttry {\n\t\tawait stat(source);\n\t\treturn true;\n\t} catch {\n\t\treturn false;\n\t}\n};\n\nexport const promptOverwriteIfFileExists = async ({\n\tfilePath,\n\tskip,\n}: {\n\tfilePath: string;\n\tskip?: boolean;\n}) => {\n\tlet overwriteResponse: prompts.Answers<\"overwrite\"> | undefined;\n\n\tif ((await fileExists(filePath)) && skip !== true) {\n\t\toverwriteResponse = await prompts({\n\t\t\ttype: \"confirm\",\n\t\t\tname: \"overwrite\",\n\t\t\tmessage: () => {\n\t\t\t\treturn `Overwrite './${path.relative(process.cwd(), filePath)}' ?`;\n\t\t\t},\n\t\t});\n\t} else {\n\t\toverwriteResponse = undefined;\n\t}\n\treturn overwriteResponse;\n};\n", "import chalk from \"chalk\"\nimport Table = require(\"cli-table\")\nexport { Table }\n\nlet _logger: Pick<Console, \"info\" | \"error\" | \"table\">\nexport const getLogger = () => {\n\tif (!_logger) {\n\t\t_logger = console\n\t}\n\n\treturn _logger\n}\nexport const writeLine = (str: string) => {\n\tprocess.stdout.write(str)\n}\nexport const emphasis = (str: string): string => chalk.yellowBright(str)\nexport const strong = (str: string): string => chalk.yellow.bold(str)\n\nexport const clientLogger = {\n\tdebug(content: object) {\n\t\tconsole.log(content)\n\t},\n\tinfo(content: object) {\n\t\tconsole.log(content)\n\t},\n\twarn(content: object) {\n\t\tconsole.log(content)\n\t},\n\terror(content: object) {\n\t\tconsole.error(content)\n\t},\n}\n", "import { DotsecConfig } from \"../../types/index\";\nimport { Command, Option } from \"commander\";\n\nimport decryptCommandDefaults from \"./decrypt\";\nimport dotsecCommandDefaults from \"./dotsec\";\nimport encryptCommandDefaults from \"./encrypt\";\nimport initCommandDefaults from \"./init\";\nimport pullCommandDefaults from \"./push\";\nimport pushCommandDefaults from \"./push\";\nimport runCommandDefaults from \"./run\";\nimport {\n\tCommandOption,\n\tDotSecCommandDefaults,\n\tDotSecCommandOptions,\n\tDotSecCommandsDefaults,\n\tExpandedCommandOption,\n} from \"./types\";\n\nexport const commandOptions: DotSecCommandsDefaults = {\n\t...dotsecCommandDefaults,\n\t...initCommandDefaults,\n\t...encryptCommandDefaults,\n\t...decryptCommandDefaults,\n\t...runCommandDefaults,\n\t...pushCommandDefaults,\n\t...pullCommandDefaults,\n};\n\nconst getInheritedOptions = (\n\tcopts: DotSecCommandsDefaults,\n\tcommandName: string,\n\tresult: {\n\t\toptions?: DotSecCommandOptions;\n\t\trequiredOptions?: DotSecCommandOptions;\n\t} = {},\n): DotSecCommandDefaults | undefined => {\n\tconst command = copts[commandName];\n\tif (command) {\n\t\tif (command.inheritsFrom) {\n\t\t\treturn command?.inheritsFrom.reduce(\n\t\t\t\t(acc, inheritedCommandName) => {\n\t\t\t\t\treturn getInheritedOptions(copts, inheritedCommandName, acc);\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\t...command,\n\t\t\t\t\toptions: { ...result.options, ...command.options },\n\t\t\t\t\trequiredOptions: {\n\t\t\t\t\t\t...result.requiredOptions,\n\t\t\t\t\t\t...command.requiredOptions,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t} else {\n\t\t\treturn {\n\t\t\t\t...command,\n\t\t\t\toptions: { ...result.options, ...command.options },\n\t\t\t\trequiredOptions: {\n\t\t\t\t\t...result.requiredOptions,\n\t\t\t\t\t...command.requiredOptions,\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n};\n\nconst expandCommandOption = (\n\tcommandOption: CommandOption | ExpandedCommandOption,\n): ExpandedCommandOption => {\n\tif (Array.isArray(commandOption)) {\n\t\treturn {\n\t\t\toption: commandOption,\n\t\t};\n\t} else {\n\t\treturn commandOption;\n\t}\n};\n\nconst createOption = (\n\tcommandOption: CommandOption | ExpandedCommandOption,\n\toptions: {\n\t\trequired?: boolean;\n\t\tdotsecConfig?: DotsecConfig;\n\t\toptionKey: string;\n\t},\n): Option => {\n\tconst expandedCommandOption = expandCommandOption(commandOption);\n\tconst [option, description, defaultValue] = expandedCommandOption.option;\n\tconst defaultOptionValueFromConfig =\n\t\toptions?.dotsecConfig?.defaults?.options?.[options?.optionKey];\n\n\tconst newOption = new Option(\n\t\toption,\n\t\tdescription +\n\t\t\t(defaultOptionValueFromConfig ? \". Default from config.\" : \"\"),\n\t);\n\tif (defaultValue) {\n\t\tnewOption.default(defaultOptionValueFromConfig || defaultValue);\n\t}\n\tif (expandedCommandOption.env) {\n\t\tnewOption.env(expandedCommandOption.env);\n\t}\n\tif (options?.required) {\n\t\tnewOption.makeOptionMandatory(true);\n\t}\n\treturn newOption;\n};\nexport const setProgramOptions = (params: {\n\tprogram: Command;\n\tcommandName?: string;\n\tdotsecConfig: DotsecConfig;\n}) => {\n\tconst { program, commandName, dotsecConfig } = params;\n\tconst programOptions = commandOptions[commandName || program.name()];\n\n\tif (programOptions) {\n\t\tconst { options, requiredOptions, description, usage, helpText } =\n\t\t\tprogramOptions;\n\t\tif (options) {\n\t\t\tObject.keys(options).forEach((optionKey) => {\n\t\t\t\tconst commandOption = options[optionKey];\n\t\t\t\tconst newOption = createOption(commandOption, {\n\t\t\t\t\tdotsecConfig,\n\t\t\t\t\toptionKey,\n\t\t\t\t});\n\n\t\t\t\tprogram.addOption(newOption);\n\t\t\t});\n\t\t}\n\t\tif (requiredOptions) {\n\t\t\tObject.keys(requiredOptions).forEach((requiredOptionKey) => {\n\t\t\t\tconst requiredOption = requiredOptions[requiredOptionKey];\n\t\t\t\tconst newOption = createOption(requiredOption, {\n\t\t\t\t\trequired: true,\n\t\t\t\t\tdotsecConfig,\n\t\t\t\t\toptionKey: requiredOptionKey,\n\t\t\t\t});\n\n\t\t\t\tprogram.addOption(newOption);\n\t\t\t});\n\t\t}\n\t\tif (description) {\n\t\t\tprogram.description(description);\n\t\t}\n\t\tif (usage) {\n\t\t\tprogram.description(usage);\n\t\t}\n\t\tif (helpText) {\n\t\t\tprogram.description(helpText);\n\t\t}\n\t}\n};\n", "import {\n\tDOTSEC_DEFAULT_DOTENV_FILENAME,\n\tDOTSEC_DEFAULT_DOTSEC_FILENAME,\n} from \"../../constants\";\nimport { ExpandedCommandOption } from \"./types\";\n\nexport const envFileOption: ExpandedCommandOption = {\n\toption: [\n\t\t\"--env-file <envFile>\",\n\t\t`Path to .env file. If not provided, will look for value in 'ENV_FILE' environment variable. If not provided, will look for '${DOTSEC_DEFAULT_DOTENV_FILENAME}' file in current directory.`,\n\t\tDOTSEC_DEFAULT_DOTENV_FILENAME,\n\t],\n\tenv: \"ENV_FILE\",\n};\nexport const secFileOption: ExpandedCommandOption = {\n\toption: [\n\t\t\"--sec-file, <secFile>\",\n\t\t`Path to .sec file. If not provided, will look for value in 'SEC_FILE' environment variable. If not provided, will look for '${DOTSEC_DEFAULT_DOTSEC_FILENAME}' file in current directory.`,\n\t\tDOTSEC_DEFAULT_DOTSEC_FILENAME,\n\t],\n\tenv: \"SEC_FILE\",\n};\n\nexport const withEnvOption: ExpandedCommandOption = {\n\toption: [\"--with-env, --withEnv\", \"Run command using a dot env file\"],\n};\n\nexport const withSecOption: ExpandedCommandOption = {\n\toption: [\"--with-sec, --withSec\", \"Run command with a dotsec file\"],\n};\n\nexport const yesOption: ExpandedCommandOption = {\n\toption: [\"--yes\", \"Skip confirmation prompts\"],\n};\n", "import { envFileOption, secFileOption, yesOption } from \"./sharedOptions\";\nimport { DotSecCommandsDefaults } from \"./types\";\n\nconst decryptCommandDefaults: DotSecCommandsDefaults = {\n\tdecrypt: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\tenvFile: envFileOption,\n\t\t\tsecFile: secFileOption,\n\t\t\tyes: yesOption,\n\t\t},\n\t},\n};\n\nexport default decryptCommandDefaults;\n", "import { DOTSEC_DEFAULT_CONFIG_FILE } from \"../../constants\";\nimport { DotSecCommandsDefaults } from \"./types\";\n\nconst dotsecCommandDefaults: DotSecCommandsDefaults = {\n\tdotsec: {\n\t\toptions: {\n\t\t\tverbose: [\"--verbose\", \"Verbose output\", false],\n\t\t\tconfigFile: [\n\t\t\t\t\"-c, --config-file, --configFile <configFile>\",\n\t\t\t\t\"Config file\",\n\t\t\t\tDOTSEC_DEFAULT_CONFIG_FILE,\n\t\t\t],\n\t\t\tplugin: [\"--plugin <plugin>\", \"Comma-separated list of plugins to use\"],\n\t\t},\n\t},\n};\n\nexport default dotsecCommandDefaults;\n", "import { envFileOption, secFileOption, yesOption } from \"./sharedOptions\";\nimport { DotSecCommandsDefaults } from \"./types\";\n\nconst encryptCommandDefaults: DotSecCommandsDefaults = {\n\tencrypt: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\tenvFile: envFileOption,\n\t\t\tsecFile: secFileOption,\n\t\t\tyes: yesOption,\n\t\t},\n\t},\n};\n\nexport default encryptCommandDefaults;\n", "import { DOTSEC_DEFAULT_CONFIG_FILE } from \"../../constants\";\nimport { envFileOption, secFileOption, yesOption } from \"./sharedOptions\";\nimport { DotSecCommandsDefaults } from \"./types\";\n\nconst initCommandDefaults: DotSecCommandsDefaults = {\n\tinit: {\n\t\toptions: {\n\t\t\tverbose: [\"--verbose\", \"Verbose output\", false],\n\t\t\tconfigFile: [\n\t\t\t\t\"-c, --config-file, --configFile <configFile>\",\n\t\t\t\t\"Config file\",\n\t\t\t\tDOTSEC_DEFAULT_CONFIG_FILE,\n\t\t\t],\n\n\t\t\tenvFile: envFileOption,\n\t\t\tsecFile: secFileOption,\n\t\t\tyes: yesOption,\n\t\t},\n\t},\n};\n\nexport default initCommandDefaults;\n", "import {\n\tenvFileOption,\n\tsecFileOption,\n\twithEnvOption,\n\twithSecOption,\n\tyesOption,\n} from \"./sharedOptions\";\nimport { DotSecCommandsDefaults } from \"./types\";\n\nconst pullCommandDefaults: DotSecCommandsDefaults = {\n\tpull: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\twithEnv: withEnvOption,\n\t\t\twithSec: withSecOption,\n\t\t\tenvFile: envFileOption,\n\t\t\tsecFile: secFileOption,\n\t\t\tyes: yesOption,\n\t\t},\n\t},\n};\n\nexport default pullCommandDefaults;\n", "import dotsecCommandDefaults from \"./dotsec\";\nimport {\n\tenvFileOption,\n\tsecFileOption,\n\twithEnvOption,\n\twithSecOption,\n\tyesOption,\n} from \"./sharedOptions\";\nimport { DotSecCommandsDefaults } from \"./types\";\n\nconst runCommandDefaults: DotSecCommandsDefaults = {\n\trunEnvOnly: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\tusage: \"[commandArgs...]\",\n\t\toptions: {\n\t\t\tenvFile: envFileOption,\n\t\t\tyes: yesOption,\n\t\t},\n\n\t\tdescription:\n\t\t\t\"Run a command in a separate process and populate env with contents of a dotenv file.\",\n\t\thelpText: `${\"Examples:\"}\n\n${\"Run a command with a .env file\"}\n\n$ dotsec run echo \"hello world\"\n\n\n${\"Run a command with a specific .env file\"}\n\n$ dotsec run --env-file .env.dev echo \"hello world\"\n\n${\"Run a command with a specific ENV_FILE variable\"}\n\n$ ENV_FILE=.env.dev dotsec run echo \"hello world\"\n\n`,\n\t},\n\trun: {\n\t\tinheritsFrom: [\"dotsec\"],\n\n\t\toptions: {\n\t\t\twithEnv: withEnvOption,\n\t\t\twithSec: withSecOption,\n\t\t\tenvFile: envFileOption,\n\t\t\tsecFile: secFileOption,\n\t\t\tyes: yesOption,\n\t\t},\n\n\t\tusage:\n\t\t\t\"[--with-env --env-file .env] [--with-sec --sec-file .sec] [commandArgs...]\",\n\t\tdescription: `Run a command in a separate process and populate env with either \n\t\t\t- contents of a dotenv file\n\t\t\t- decrypted values of a dotsec file.\n\nThe --withEnv option will take precedence over the --withSec option. If neither are specified, the --withEnv option will be used by default.`,\n\t\thelpText: `${\"Examples:\"}\n\n${\"Run a command with a .env file\"}\n\n$ dotsec run echo \"hello world\"\n\n\n${\"Run a command with a specific .env file\"}\n\n$ dotsec run --with-env --env-file .env.dev echo \"hello world\"\n\n\n${\"Run a command with a .sec file\"}\n\n$ dotsec run --with-sec echo \"hello world\"\n\n\n${\"Run a command with a specific .sec file\"}\n\n$ dotsec run --with-sec --sec-file .sec.dev echo \"hello world\"\n`,\n\t},\n\tpush: {\n\t\toptions: {\n\t\t\t...dotsecCommandDefaults.dotsec.options,\n\t\t\twithEnv: withEnvOption,\n\t\t\twithSec: withSecOption,\n\t\t\tenvFile: envFileOption,\n\t\t\tsecFile: secFileOption,\n\t\t\tyes: yesOption,\n\t\t},\n\t\trequiredOptions: {\n\t\t\t...dotsecCommandDefaults.dotsec.requiredOptions,\n\t\t},\n\t},\n};\n\nexport default runCommandDefaults;\n", "import { addPluginOptions } from \"../../lib/addPluginOptions\";\nimport {\n\tpromptOverwriteIfFileExists,\n\treadContentsFromFile,\n\twriteContentsToFile,\n} from \"../../lib/io\";\nimport { DecryptCommandOptions } from \"../../types\";\nimport { DotsecConfig } from \"../../types/config\";\nimport { DotsecCliPluginDecryptHandler } from \"../../types/plugin\";\nimport { strong } from \"../../utils/logging\";\nimport { setProgramOptions } from \"../options\";\nimport { Command } from \"commander\";\n\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n} & Record<string, unknown>;\n\nconst addEncryptProgram = async (\n\tprogram: Command,\n\toptions: {\n\t\tdotsecConfig: DotsecConfig;\n\t\tdecryptHandlers: DotsecCliPluginDecryptHandler[];\n\t},\n) => {\n\tconst { dotsecConfig, decryptHandlers } = options;\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"decrypt\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\ttry {\n\t\t\t\tconst {\n\t\t\t\t\t// verbose,\n\t\t\t\t\tenvFile,\n\t\t\t\t\tsecFile,\n\t\t\t\t\tengine,\n\t\t\t\t\tyes,\n\t\t\t\t} = command.optsWithGlobals<DecryptCommandOptions>();\n\n\t\t\t\tconst encryptionEngine =\n\t\t\t\t\tengine || dotsecConfig?.defaults?.encryptionEngine;\n\n\t\t\t\tconst pluginCliDecrypt = (decryptHandlers || []).find((handler) => {\n\t\t\t\t\treturn handler.triggerOptionValue === encryptionEngine;\n\t\t\t\t});\n\n\t\t\t\tif (!pluginCliDecrypt) {\n\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t`No decryption plugin found, available decryption engine(s): ${options.decryptHandlers\n\t\t\t\t\t\t\t.map((e) => `--${e.triggerOptionValue}`)\n\t\t\t\t\t\t\t.join(\", \")}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconsole.log(\n\t\t\t\t\t\"Decrypting with\",\n\t\t\t\t\tstrong(\n\t\t\t\t\t\tpluginCliDecrypt.encryptionEngineName ||\n\t\t\t\t\t\t\tpluginCliDecrypt.triggerOptionValue,\n\t\t\t\t\t),\n\t\t\t\t\t\"engine\",\n\t\t\t\t);\n\n\t\t\t\tconst allOptionKeys = [\n\t\t\t\t\t...Object.keys(pluginCliDecrypt.options || {}),\n\t\t\t\t\t...Object.keys(pluginCliDecrypt.requiredOptions || {}),\n\t\t\t\t];\n\n\t\t\t\tconst allOptionsValues = Object.fromEntries(\n\t\t\t\t\tallOptionKeys.map((key) => {\n\t\t\t\t\t\treturn [key, _options[key]];\n\t\t\t\t\t}),\n\t\t\t\t);\n\t\t\t\t// get current dot env file\n\t\t\t\tconst dotsecString = await readContentsFromFile(secFile);\n\n\t\t\t\tconst plaintext = await pluginCliDecrypt.handler({\n\t\t\t\t\tciphertext: dotsecString,\n\t\t\t\t\t...allOptionsValues,\n\t\t\t\t});\n\n\t\t\t\tconst dotenvOverwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: envFile,\n\t\t\t\t\tskip: yes,\n\t\t\t\t});\n\t\t\t\tif (\n\t\t\t\t\tdotenvOverwriteResponse === undefined ||\n\t\t\t\t\tdotenvOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(envFile, plaintext);\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`Wrote plaintext contents of ${strong(secFile)} file to ${strong(\n\t\t\t\t\t\t\tenvFile,\n\t\t\t\t\t\t)}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tconsole.error(strong(e.message));\n\t\t\t\tcommand.help();\n\t\t\t}\n\t\t});\n\n\toptions.decryptHandlers.map((decryption) => {\n\t\tconst { options, requiredOptions } = decryption;\n\t\taddPluginOptions(options, subProgram);\n\t\taddPluginOptions(requiredOptions, subProgram, true);\n\t});\n\n\tconst engines = options.decryptHandlers.map((e) => e.triggerOptionValue);\n\tsubProgram.option(\n\t\t\"--engine <engine>\",\n\t\t`Encryption engine${engines.length > 0 ? \"s\" : \"\"} to use: ${\n\t\t\tengines.length === 1 ? engines[0] : engines.join(\", \")\n\t\t}`,\n\t\tengines.length === 1 ? engines[0] : undefined,\n\t);\n\tsetProgramOptions({ program: subProgram, dotsecConfig });\n\n\treturn subProgram;\n};\n\nexport default addEncryptProgram;\n", "import { addPluginOptions } from \"../../lib/addPluginOptions\";\nimport {\n\tpromptOverwriteIfFileExists,\n\treadContentsFromFile,\n\twriteContentsToFile,\n} from \"../../lib/io\";\nimport { EncryptCommandOptions } from \"../../types\";\nimport { DotsecConfig } from \"../../types/config\";\nimport { DotsecCliPluginEncryptHandler } from \"../../types/plugin\";\nimport { strong } from \"../../utils/logging\";\nimport { setProgramOptions } from \"../options\";\nimport { Command } from \"commander\";\n\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n} & Record<string, unknown>;\n\nconst addEncryptProgram = async (\n\tprogram: Command,\n\toptions: {\n\t\tencryptHandlers: DotsecCliPluginEncryptHandler[];\n\t\tdotsecConfig: DotsecConfig;\n\t},\n) => {\n\tconst { encryptHandlers, dotsecConfig } = options;\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"encrypt\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\ttry {\n\t\t\t\tconst {\n\t\t\t\t\t// verbose,\n\t\t\t\t\tenvFile,\n\t\t\t\t\tsecFile,\n\t\t\t\t\tengine,\n\t\t\t\t\tyes,\n\t\t\t\t} = command.optsWithGlobals<EncryptCommandOptions>();\n\n\t\t\t\tconst encryptionEngine =\n\t\t\t\t\tengine || dotsecConfig?.defaults?.encryptionEngine;\n\t\t\t\tconst pluginCliEncrypt = (encryptHandlers || []).find((handler) => {\n\t\t\t\t\treturn handler.triggerOptionValue === encryptionEngine;\n\t\t\t\t});\n\n\t\t\t\tif (!pluginCliEncrypt) {\n\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t`No encryption plugin found, available encryption engine(s): ${options.encryptHandlers\n\t\t\t\t\t\t\t.map((e) => e.triggerOptionValue)\n\t\t\t\t\t\t\t.join(\", \")}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconsole.log(\n\t\t\t\t\t\"Encrypting with\",\n\t\t\t\t\tstrong(\n\t\t\t\t\t\tpluginCliEncrypt.encryptionEngineName ||\n\t\t\t\t\t\t\tpluginCliEncrypt.triggerOptionValue,\n\t\t\t\t\t),\n\t\t\t\t\t\"engine\",\n\t\t\t\t);\n\t\t\t\tconst allOptionKeys = [\n\t\t\t\t\t...Object.keys(pluginCliEncrypt.options || {}),\n\t\t\t\t\t...Object.keys(pluginCliEncrypt.requiredOptions || {}),\n\t\t\t\t];\n\n\t\t\t\tconst allOptionsValues = Object.fromEntries(\n\t\t\t\t\tallOptionKeys.map((key) => {\n\t\t\t\t\t\treturn [key, _options[key]];\n\t\t\t\t\t}),\n\t\t\t\t);\n\n\t\t\t\tconst dotenvString = await readContentsFromFile(envFile);\n\n\t\t\t\tconst cipherText = await pluginCliEncrypt.handler({\n\t\t\t\t\tplaintext: dotenvString,\n\t\t\t\t\t...allOptionsValues,\n\t\t\t\t});\n\n\t\t\t\tconst dotsecOverwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: secFile,\n\t\t\t\t\tskip: yes,\n\t\t\t\t});\n\t\t\t\tif (\n\t\t\t\t\tdotsecOverwriteResponse === undefined ||\n\t\t\t\t\tdotsecOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(secFile, cipherText);\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`Wrote encrypted contents of ${strong(envFile)} file to ${strong(\n\t\t\t\t\t\t\tsecFile,\n\t\t\t\t\t\t)}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tconsole.error(strong(e.message));\n\t\t\t\tcommand.help();\n\t\t\t}\n\t\t});\n\n\toptions.encryptHandlers.map((encryptionHandler) => {\n\t\tconst { options, requiredOptions } = encryptionHandler;\n\t\taddPluginOptions(options, subProgram);\n\t\taddPluginOptions(requiredOptions, subProgram, true);\n\t});\n\tconst engines = options.encryptHandlers.map((e) => e.triggerOptionValue);\n\tconst encryptionEngineNames = options.encryptHandlers.map(\n\t\t(e) => e.encryptionEngineName,\n\t);\n\n\tsubProgram.option(\n\t\t\"--engine <engine>\",\n\t\t`Encryption engine${engines.length > 0 ? \"s\" : \"\"}: ${\n\t\t\tengines.length === 1 ? engines[0] : engines.join(\", \")\n\t\t}`,\n\t);\n\tsetProgramOptions({ program: subProgram, dotsecConfig });\n\tsubProgram.description(\n\t\t`Encrypt .env file using ${encryptionEngineNames.join(\", \")}`,\n\t);\n\treturn subProgram;\n};\n\nexport default addEncryptProgram;\n", "import fs from \"node:fs\";\nimport * as ts from \"typescript\";\n\nexport const patchConfigFile = (options: {\n\tconfigFile: string;\n\tconfig?: {\n\t\taws?: {\n\t\t\tregion?: string;\n\t\t\tkms?: {\n\t\t\t\tkeyAlias?: string;\n\t\t\t};\n\t\t};\n\t};\n}) => {\n\tconst printer: ts.Printer = ts.createPrinter();\n\tconst source = fs.readFileSync(options.configFile, \"utf8\");\n\n\tconst transformer =\n\t\t<T extends ts.Node>(context: ts.TransformationContext) =>\n\t\t(rootNode: T) => {\n\t\t\tfunction visit(node: ts.Node): ts.Node {\n\t\t\t\tnode = ts.visitEachChild(node, visit, context);\n\t\t\t\tif (node.kind === ts.SyntaxKind.StringLiteral) {\n\t\t\t\t\tconst kmsNode = node?.parent?.parent?.parent;\n\t\t\t\t\tif (options.config?.aws?.kms?.keyAlias) {\n\t\t\t\t\t\tif (kmsNode?.getChildAt(0)?.getText() === \"kms\") {\n\t\t\t\t\t\t\tconst awsNode = kmsNode?.parent?.parent;\n\t\t\t\t\t\t\tif (awsNode?.getChildAt(0).getText() === \"aws\") {\n\t\t\t\t\t\t\t\treturn ts.createStringLiteral(\n\t\t\t\t\t\t\t\t\toptions.config?.aws?.kms?.keyAlias,\n\t\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif (options.config?.aws?.region) {\n\t\t\t\t\t\tif (node?.parent?.getChildAt(0)?.getText() === \"region\") {\n\t\t\t\t\t\t\tconst awsNode = node?.parent?.parent?.parent;\n\n\t\t\t\t\t\t\t// const awsNode = kmsNode?.parent?.parent;\n\t\t\t\t\t\t\tif (awsNode?.getChildAt(0).getText() === \"aws\") {\n\t\t\t\t\t\t\t\treturn ts.createStringLiteral(options.config?.aws?.region);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\treturn node;\n\t\t\t}\n\t\t\treturn ts.visitNode(rootNode, visit);\n\t\t};\n\n\tconst sourceFile: ts.SourceFile = ts.createSourceFile(\n\t\t\"test.ts\",\n\t\tsource,\n\t\tts.ScriptTarget.ES2015,\n\t\ttrue,\n\t\tts.ScriptKind.TS,\n\t);\n\n\t// Options may be passed to transform\n\tconst result: ts.TransformationResult<ts.SourceFile> =\n\t\tts.transform<ts.SourceFile>(sourceFile, [transformer]);\n\n\tconst transformedSourceFile: ts.SourceFile = result.transformed[0];\n\n\tconst transformedSource = printer.printFile(transformedSourceFile);\n\tresult.dispose();\n\n\treturn transformedSource;\n};\n", "import { promptOverwriteIfFileExists, writeContentsToFile } from \"../../lib/io\";\nimport { DotsecConfig, InitCommandOptions } from \"../../types\";\nimport { Command } from \"commander\";\n\nimport { patchConfigFile } from \"../../lib/transformer\";\nimport { strong } from \"../../utils/logging\";\nimport { setProgramOptions } from \"../options\";\nimport path from \"node:path\";\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n};\n\nconst addInitProgram = async (\n\tprogram: Command,\n\toptions: { dotsecConfig: DotsecConfig },\n) => {\n\tconst { dotsecConfig } = options;\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"init\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\tconst { configFile, yes } = command.optsWithGlobals<InitCommandOptions>();\n\n\t\t\ttry {\n\t\t\t\tconst patchedConfigTemplate = patchConfigFile({\n\t\t\t\t\tconfigFile: path.resolve(\n\t\t\t\t\t\t__dirname,\n\t\t\t\t\t\t\"../../src/templates/dotsec.config.ts\",\n\t\t\t\t\t),\n\t\t\t\t});\n\t\t\t\tconst dotsecConfigOverwriteResponse = await promptOverwriteIfFileExists(\n\t\t\t\t\t{\n\t\t\t\t\t\tfilePath: configFile,\n\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tif (\n\t\t\t\t\tdotsecConfigOverwriteResponse === undefined ||\n\t\t\t\t\tdotsecConfigOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(configFile, patchedConfigTemplate);\n\t\t\t\t\tconsole.log(`Wrote config file to ${strong(configFile)}`);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tcommand.error(e);\n\t\t\t}\n\t\t});\n\n\tsetProgramOptions({ program: subProgram, dotsecConfig });\n\n\treturn subProgram;\n};\n\nexport default addInitProgram;\n", "import { PushCommandOptions } from \"../../types\";\nimport { DotsecConfig } from \"../../types/config\";\nimport {\n\tDotsecCliPluginDecryptHandler,\n\tDotsecCliPluginPushHandler,\n} from \"../../types/plugin\";\nimport { setProgramOptions } from \"../options\";\nimport { Command } from \"commander\";\nimport { parse } from \"dotenv\";\nimport { expand } from \"dotenv-expand\";\nimport fs from \"node:fs\";\n\n/**\n * Decrypts, and pushes the contents of a .env file to AWS SSM, AWS Secrets Manager or GitHub Actions Secrets\n * @date 12/7/2022 - 9:16:48 AM\n *\n * @async\n * @param {Command} program\n * @returns {unknown}\n */\nconst addPushProgram = async (\n\tprogram: Command,\n\toptions: {\n\t\tdotsecConfig: DotsecConfig;\n\t\thandlers: {\n\t\t\tpush: DotsecCliPluginPushHandler;\n\t\t\tdecrypt: DotsecCliPluginDecryptHandler;\n\t\t}[];\n\t},\n) => {\n\tconst { dotsecConfig, handlers } = options;\n\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"push\")\n\t\t.action(async (_options: Record<string, string>, command: Command) => {\n\t\t\ttry {\n\t\t\t\tconst {\n\t\t\t\t\t// verbose,\n\t\t\t\t\tenvFile,\n\t\t\t\t\tsecFile,\n\t\t\t\t\twithEnv,\n\t\t\t\t\twithSec,\n\t\t\t\t\tengine,\n\t\t\t\t\tyes,\n\t\t\t\t} = command.optsWithGlobals<PushCommandOptions>();\n\n\t\t\t\tconst encryptionEngine =\n\t\t\t\t\tengine || dotsecConfig?.defaults?.encryptionEngine;\n\n\t\t\t\tconst pluginCliDecrypt = (handlers || []).find((handler) => {\n\t\t\t\t\treturn handler.decrypt?.triggerOptionValue === encryptionEngine;\n\t\t\t\t})?.decrypt;\n\n\t\t\t\tconst pluginCliPush = (handlers || []).find((handler) => {\n\t\t\t\t\treturn handler.push?.triggerOptionValue === encryptionEngine;\n\t\t\t\t})?.push;\n\n\t\t\t\tif (!pluginCliPush) {\n\t\t\t\t\tthrow new Error(\"No push plugin found!\");\n\t\t\t\t}\n\n\t\t\t\tconst allOptionKeys = [\n\t\t\t\t\t...Object.keys(pluginCliDecrypt?.options || {}),\n\t\t\t\t\t...Object.keys(pluginCliDecrypt?.requiredOptions || {}),\n\t\t\t\t\t...Object.keys(pluginCliPush?.options || {}),\n\t\t\t\t\t...Object.keys(pluginCliPush?.requiredOptions || {}),\n\t\t\t\t];\n\n\t\t\t\tconst allOptionsValues = Object.fromEntries(\n\t\t\t\t\tallOptionKeys.map((key) => {\n\t\t\t\t\t\treturn [key, _options[key]];\n\t\t\t\t\t}),\n\t\t\t\t);\n\n\t\t\t\tif (withEnv && withSec) {\n\t\t\t\t\tthrow new Error(\"Cannot use both --with-env and --with-sec\");\n\t\t\t\t}\n\n\t\t\t\tlet envContents: string | undefined;\n\n\t\t\t\tif (withEnv || !(withEnv || withSec)) {\n\t\t\t\t\tif (!envFile) {\n\t\t\t\t\t\tthrow new Error(\"No dotenv file specified in --env-file option\");\n\t\t\t\t\t}\n\t\t\t\t\tenvContents = fs.readFileSync(envFile, \"utf8\");\n\t\t\t\t} else if (withSec) {\n\t\t\t\t\tif (!secFile) {\n\t\t\t\t\t\tthrow new Error(\"No dotsec file specified in --sec-file option\");\n\t\t\t\t\t}\n\n\t\t\t\t\tif (!pluginCliDecrypt) {\n\t\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t\t`No decryption plugin found, available decryption engine(s): ${handlers\n\t\t\t\t\t\t\t\t.map((e) => `--${e.decrypt?.triggerOptionValue}`)\n\t\t\t\t\t\t\t\t.join(\", \")}`,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\n\t\t\t\t\tconst dotSecContents = fs.readFileSync(secFile, \"utf8\");\n\t\t\t\t\tenvContents = await pluginCliDecrypt.handler({\n\t\t\t\t\t\tciphertext: dotSecContents,\n\t\t\t\t\t\t...allOptionsValues,\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t\tif (envContents) {\n\t\t\t\t\t// convert to object\n\t\t\t\t\tconst dotenvVars = parse(envContents);\n\t\t\t\t\t// expand env vars\n\t\t\t\t\tconst expandedEnvVars = expand({\n\t\t\t\t\t\tignoreProcessEnv: true,\n\t\t\t\t\t\tparsed: {\n\t\t\t\t\t\t\t// add standard env variables\n\t\t\t\t\t\t\t...(process.env as Record<string, string>),\n\t\t\t\t\t\t\t// add custom env variables, either from .env or .sec, (or empty object if none)\n\t\t\t\t\t\t\t...dotenvVars,\n\t\t\t\t\t\t},\n\t\t\t\t\t});\n\n\t\t\t\t\tif (expandedEnvVars.parsed) {\n\t\t\t\t\t\tawait pluginCliPush.handler({\n\t\t\t\t\t\t\tpush: expandedEnvVars.parsed,\n\t\t\t\t\t\t\tyes,\n\t\t\t\t\t\t\t...allOptionsValues,\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\tthrow new Error(\"No .env or .sec file provided\");\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tconsole.error(e);\n\t\t\t\tprocess.exit(1);\n\t\t\t}\n\t\t});\n\n\tsetProgramOptions({ program: subProgram, dotsecConfig });\n\n\treturn subProgram;\n};\n\nexport default addPushProgram;\n", "import fs from \"node:fs\";\n\nimport { Command } from \"commander\";\nimport { parse } from \"dotenv\";\nimport { expand } from \"dotenv-expand\";\n\nimport { addPluginOptions } from \"../../lib/addPluginOptions\";\nimport { RunCommandOptions } from \"../../types\";\nimport { DotsecConfig } from \"../../types/config\";\nimport { DotsecCliPluginDecryptHandler } from \"../../types/plugin\";\nimport { strong } from \"../../utils/logging\";\nimport { setProgramOptions } from \"../options\";\nimport { spawnSync } from \"node:child_process\";\nconst addRunProgam = (\n\tprogram: Command,\n\toptions: {\n\t\tdotsecConfig: DotsecConfig;\n\t\tdecryptHandlers?: DotsecCliPluginDecryptHandler[];\n\t},\n) => {\n\tconst { dotsecConfig, decryptHandlers } = options || {};\n\n\t// is there an encryption engine?\n\tconst hasDecryptEngine =\n\t\tdecryptHandlers !== undefined && decryptHandlers.length > 0;\n\n\tconst subProgram = program\n\t\t.command(\"run <command...>\")\n\t\t.allowUnknownOption(true)\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.showHelpAfterError(true)\n\t\t.action(\n\t\t\tasync (\n\t\t\t\tcommands: string[],\n\t\t\t\t_options: Record<string, string>,\n\t\t\t\tcommand: Command,\n\t\t\t) => {\n\t\t\t\ttry {\n\t\t\t\t\tconst { envFile, secFile, withEnv, withSec, engine } =\n\t\t\t\t\t\tcommand.optsWithGlobals<RunCommandOptions>();\n\t\t\t\t\tif (withEnv && withSec) {\n\t\t\t\t\t\tthrow new Error(\"Cannot use both --with-env and --with-sec\");\n\t\t\t\t\t}\n\n\t\t\t\t\tlet envContents: string | undefined;\n\n\t\t\t\t\tif (withEnv || !(withEnv || withSec) || hasDecryptEngine === false) {\n\t\t\t\t\t\tif (!envFile) {\n\t\t\t\t\t\t\tthrow new Error(\"No dotenv file specified in --env-file option\");\n\t\t\t\t\t\t}\n\t\t\t\t\t\tenvContents = fs.readFileSync(envFile, \"utf8\");\n\t\t\t\t\t} else if (withSec) {\n\t\t\t\t\t\tif (!secFile) {\n\t\t\t\t\t\t\tthrow new Error(\"No dotsec file specified in --sec-file option\");\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tconst encryptionEngine =\n\t\t\t\t\t\t\tengine || dotsecConfig?.defaults?.encryptionEngine;\n\n\t\t\t\t\t\tconst pluginCliDecrypt = (decryptHandlers || []).find((handler) => {\n\t\t\t\t\t\t\treturn handler.triggerOptionValue === encryptionEngine;\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tif (!pluginCliDecrypt) {\n\t\t\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t\t\t`No decryption plugin found, available decryption engine(s): ${(\n\t\t\t\t\t\t\t\t\tdecryptHandlers || []\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t.map((e) => `--${e.triggerOptionValue}`)\n\t\t\t\t\t\t\t\t\t.join(\", \")}`,\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tconst allOptionKeys = [\n\t\t\t\t\t\t\t...Object.keys(pluginCliDecrypt.options || {}),\n\t\t\t\t\t\t\t...Object.keys(pluginCliDecrypt.requiredOptions || {}),\n\t\t\t\t\t\t];\n\n\t\t\t\t\t\tconst allOptionsValues = Object.fromEntries(\n\t\t\t\t\t\t\tallOptionKeys.map((key) => {\n\t\t\t\t\t\t\t\treturn [key, _options[key]];\n\t\t\t\t\t\t\t}),\n\t\t\t\t\t\t);\n\n\t\t\t\t\t\tconst dotSecContents = fs.readFileSync(secFile, \"utf8\");\n\t\t\t\t\t\tenvContents = await pluginCliDecrypt.handler({\n\t\t\t\t\t\t\tciphertext: dotSecContents,\n\t\t\t\t\t\t\t...allOptionsValues,\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tif (envContents) {\n\t\t\t\t\t\tconst dotenvVars = parse(envContents);\n\t\t\t\t\t\t// expand env vars\n\t\t\t\t\t\tconst expandedEnvVars = expand({\n\t\t\t\t\t\t\tignoreProcessEnv: true,\n\t\t\t\t\t\t\tparsed: {\n\t\t\t\t\t\t\t\t// add standard env variables\n\t\t\t\t\t\t\t\t...(process.env as Record<string, string>),\n\t\t\t\t\t\t\t\t// add custom env variables, either from .env or .sec, (or empty object if none)\n\t\t\t\t\t\t\t\t...dotenvVars,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tconst [userCommand, ...userCommandArgs] = commands;\n\t\t\t\t\t\tconst spawn = spawnSync(userCommand, [...userCommandArgs], {\n\t\t\t\t\t\t\tstdio: \"inherit\",\n\t\t\t\t\t\t\tshell: false,\n\t\t\t\t\t\t\tencoding: \"utf-8\",\n\t\t\t\t\t\t\tenv: {\n\t\t\t\t\t\t\t\t...expandedEnvVars.parsed,\n\t\t\t\t\t\t\t\t...process.env,\n\t\t\t\t\t\t\t\t__DOTSEC_ENV__: JSON.stringify(Object.keys(dotenvVars)),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tif (spawn.status !== 0) {\n\t\t\t\t\t\t\tprocess.exit(spawn.status || 1);\n\t\t\t\t\t\t}\n\t\t\t\t\t} else {\n\t\t\t\t\t\tthrow new Error(\"No .env or .sec file provided\");\n\t\t\t\t\t}\n\t\t\t\t} catch (e) {\n\t\t\t\t\tconsole.error(strong(e.message));\n\t\t\t\t\tcommand.help();\n\t\t\t\t}\n\t\t\t},\n\t\t);\n\n\tsetProgramOptions({\n\t\tprogram: subProgram,\n\t\tcommandName: hasDecryptEngine ? \"run\" : \"runEnvOnly\",\n\t\tdotsecConfig,\n\t});\n\n\tif (hasDecryptEngine) {\n\t\tdecryptHandlers?.map((run) => {\n\t\t\tconst { options, requiredOptions } = run;\n\t\t\taddPluginOptions(options, subProgram);\n\t\t\taddPluginOptions(requiredOptions, subProgram, true);\n\t\t});\n\t\tconst engines = decryptHandlers?.map((e) => e.triggerOptionValue);\n\n\t\tsubProgram.option(\n\t\t\t\"--engine <engine>\",\n\t\t\t`Encryption engine${engines.length > 0 ? \"s\" : \"\"}: ${\n\t\t\t\t(engines.join(\", \"), engines.length === 1 ? engines[0] : undefined)\n\t\t\t}`,\n\t\t\t// engines.length === 1 ? engines[0] : undefined,\n\t\t);\n\t}\n\treturn subProgram;\n};\n\nexport default addRunProgam;\n"],
5
+ "mappings": "k4BAAA,OAAwB,wBCEjB,GAAM,GAA6B,mBAC7B,GAAsB,CAAC,GACvB,EAAiC,OACjC,EAAiC,OACjC,EAA8B,GCN3C,OAAe,iBACf,GAAiB,wBAUV,YAAoB,EAAc,CACxC,GAAI,CACH,MAAO,IAAI,UAAS,UAAU,EAAK,iBAClC,CAGD,MAAO,IAYF,GAAM,IAAW,KAAO,IAAqB,CACnD,GAAI,CACH,MAAO,IAAW,KAAM,YAAG,SAAS,SAAS,EAAU,eAC/C,EAAP,CACD,KAAI,aAAiB,OACd,GAAI,OACT,mBAAmB,WAAK,SAAS,QAAQ,MAAO,OAC/C,EAAM,WAIF,ICpCT,OAA8B,6BAC9B,GAAmB,qBACnB,GAAiB,mBAEJ,GAAmB,KAC/B,IACoC,CAVrC,YAWC,GAAM,GAAM,QAAQ,MAEd,EAAa,KAAM,AADJ,IAAI,cACa,QAAQ,CAC7C,MAAO,EAAW,CAAC,GAAY,CAAC,GAAG,GAAqB,gBACxD,MACA,QAAS,WAAK,MAAM,GAAK,KACzB,WAAY,WAEb,GAAI,GAAY,IAAe,KAC9B,KAAM,IAAI,OAAM,8BAA8B,KAE/C,GAAI,GACH,GAAI,EAAW,SAAS,SAAU,CACjC,GAAM,GAAW,KAAM,IAAS,GAE5B,EAEJ,MACC,GAAW,SAAS,iBACnB,EAA8C,SAAW,OAE1D,EAAQ,EAA8C,OAEtD,EAAO,EAGD,CACN,OAAQ,OACR,SAAU,SACN,GACA,GAFM,CAGT,SAAU,SACN,iBAAM,UACN,EAAc,UAFR,CAGT,QAAS,OACL,oBAAM,WAAN,cAAgB,SAChB,KAAc,WAAd,cAAwB,WAG7B,KAAM,KACF,iBAAM,iBAIF,EAAW,SAAS,OAAQ,CACtC,GAAM,GAAsB,KAAM,qBAAc,CAC/C,SAAU,IAEL,EAAQ,EAAoB,IAAI,QACrC,EAAoB,IAAI,SACxB,EAAoB,IAErB,MAAO,CACN,OAAQ,KACR,SAAU,SACN,GACA,GAFM,CAGT,SAAU,SACN,iBAAM,UACN,EAAc,UAFR,CAGT,QAAS,OACL,oBAAM,WAAN,cAAgB,SAChB,KAAc,WAAd,cAAwB,WAG7B,KAAM,KACF,iBAAM,UAOd,MAAO,CAAE,OAAQ,gBAAiB,SAAU,IClFtC,GAAM,GAAmB,KAAO,IAG/B,2BAAO,EAAP,QAAO,EAAQ,QAAM,KAAK,AAAC,GAC1B,EAAS,SCLlB,OAAgC,wBAEnB,EAAmB,CAC/B,EAKA,EACA,IACI,CACJ,AAAI,GACH,OAAO,OAAO,GAAS,IAAI,AAAC,GAAW,CACtC,GAAI,GAUJ,GAAI,MAAM,QAAQ,GAAS,CAC1B,GAAM,CAAC,EAAO,EAAa,GAAgB,EAC3C,EAAc,CACb,QACA,cACA,oBAEK,CACN,GAAM,CAAE,QAAO,cAAa,eAAc,MAAK,MAAO,EACtD,EAAc,CACb,QACA,cACA,eACA,MACA,MAIF,GAAI,EAAa,CAChB,GAAM,GAAY,GAAI,WACrB,EAAY,MACZ,EAAY,aAEb,AAAI,EAAY,IACf,EAAU,UAAU,EAAY,IAE7B,EAAY,cACf,EAAU,QAAQ,EAAY,cAE3B,EAAY,KACf,EAAU,IAAI,EAAY,KAEvB,GACH,EAAU,oBAAoB,IAE/B,EAAQ,UAAU,OC3DtB,MAAyB,+BACzB,GAAiB,wBACjB,GAAoB,sBAEP,EAAuB,KACnC,IAEO,KAAM,WAAG,SAAS,EAAU,SAGvB,EAAsB,MAClC,EACA,IAEO,KAAM,WAAG,UAAU,EAAU,EAAU,SAGlC,GAAa,KAAO,IAAqC,CACrE,GAAI,CACH,YAAM,WAAK,GACJ,QACN,CACD,MAAO,KAII,EAA8B,MAAO,CACjD,WACA,UAIK,CACL,GAAI,GAEJ,MAAK,MAAM,IAAW,IAAc,IAAS,GAC5C,EAAoB,KAAM,eAAQ,CACjC,KAAM,UACN,KAAM,YACN,QAAS,IACD,gBAAgB,WAAK,SAAS,QAAQ,MAAO,UAItD,EAAoB,OAEd,GC9CR,OAAkB,oBACX,GAAQ,QAAQ,aAehB,GAAM,GAAS,AAAC,GAAwB,WAAM,OAAO,KAAK,GCfjE,OAAgC,wBCKzB,GAAM,GAAuC,CACnD,OAAQ,CACP,uBACA,+HAA+H,gCAC/H,GAED,IAAK,YAEO,EAAuC,CACnD,OAAQ,CACP,wBACA,+HAA+H,gCAC/H,GAED,IAAK,YAGO,EAAuC,CACnD,OAAQ,CAAC,wBAAyB,qCAGtB,EAAuC,CACnD,OAAQ,CAAC,wBAAyB,mCAGtB,EAAmC,CAC/C,OAAQ,CAAC,QAAS,8BC7BnB,GAAM,IAAiD,CACtD,QAAS,CACR,aAAc,CAAC,UACf,QAAS,CACR,QAAS,EACT,QAAS,EACT,IAAK,KAKD,GAAQ,GCXf,GAAM,IAAgD,CACrD,OAAQ,CACP,QAAS,CACR,QAAS,CAAC,YAAa,iBAAkB,IACzC,WAAY,CACX,+CACA,cACA,GAED,OAAQ,CAAC,oBAAqB,6CAK1B,EAAQ,GCdf,GAAM,IAAiD,CACtD,QAAS,CACR,aAAc,CAAC,UACf,QAAS,CACR,QAAS,EACT,QAAS,EACT,IAAK,KAKD,GAAQ,GCVf,GAAM,IAA8C,CACnD,KAAM,CACL,QAAS,CACR,QAAS,CAAC,YAAa,iBAAkB,IACzC,WAAY,CACX,+CACA,cACA,GAGD,QAAS,EACT,QAAS,EACT,IAAK,KAKD,GAAQ,GCZf,GAAM,IAA8C,CACnD,KAAM,CACL,aAAc,CAAC,UACf,QAAS,CACR,QAAS,EACT,QAAS,EACT,QAAS,EACT,QAAS,EACT,IAAK,KAKD,EAAQ,GCZf,GAAM,IAA6C,CAClD,WAAY,CACX,aAAc,CAAC,UACf,MAAO,mBACP,QAAS,CACR,QAAS,EACT,IAAK,GAGN,YACC,uFACD,SAAU;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAiBX,IAAK,CACJ,aAAc,CAAC,UAEf,QAAS,CACR,QAAS,EACT,QAAS,EACT,QAAS,EACT,QAAS,EACT,IAAK,GAGN,MACC,6EACD,YAAa;AAAA;AAAA;AAAA;AAAA,8IAKb,SAAU;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAsBX,KAAM,CACL,QAAS,OACL,EAAsB,OAAO,SADxB,CAER,QAAS,EACT,QAAS,EACT,QAAS,EACT,QAAS,EACT,IAAK,IAEN,gBAAiB,KACb,EAAsB,OAAO,mBAK5B,GAAQ,GP3ER,GAAM,IAAyC,iBAClD,GACA,IACA,IACA,IACA,IACA,GACA,GAwCJ,GAAM,IAAsB,AAC3B,GAEI,MAAM,QAAQ,GACV,CACN,OAAQ,GAGF,EAIH,GAAe,CACpB,EACA,IAKY,CApFb,UAqFC,GAAM,GAAwB,GAAoB,GAC5C,CAAC,EAAQ,EAAa,GAAgB,EAAsB,OAC5D,EACL,0BAAS,eAAT,cAAuB,WAAvB,cAAiC,UAAjC,cAA2C,iBAAS,WAE/C,EAAY,GAAI,WACrB,EACA,EACE,GAA+B,yBAA2B,KAE7D,MAAI,IACH,EAAU,QAAQ,GAAgC,GAE/C,EAAsB,KACzB,EAAU,IAAI,EAAsB,KAEjC,kBAAS,WACZ,EAAU,oBAAoB,IAExB,GAEK,EAAoB,AAAC,GAI5B,CACL,GAAM,CAAE,UAAS,cAAa,gBAAiB,EACzC,EAAiB,GAAe,GAAe,EAAQ,QAE7D,GAAI,EAAgB,CACnB,GAAM,CAAE,UAAS,kBAAiB,cAAa,QAAO,YACrD,EACD,AAAI,GACH,OAAO,KAAK,GAAS,QAAQ,AAAC,GAAc,CAC3C,GAAM,GAAgB,EAAQ,GACxB,EAAY,GAAa,EAAe,CAC7C,eACA,cAGD,EAAQ,UAAU,KAGhB,GACH,OAAO,KAAK,GAAiB,QAAQ,AAAC,GAAsB,CAC3D,GAAM,GAAiB,EAAgB,GACjC,EAAY,GAAa,EAAgB,CAC9C,SAAU,GACV,eACA,UAAW,IAGZ,EAAQ,UAAU,KAGhB,GACH,EAAQ,YAAY,GAEjB,GACH,EAAQ,YAAY,GAEjB,GACH,EAAQ,YAAY,KQjIvB,GAAM,IAAoB,MACzB,EACA,IAII,CACJ,GAAM,CAAE,eAAc,mBAAoB,EACpC,EAAa,EACjB,0BACA,qBACA,QAAQ,WACR,OAAO,MAAO,EAAmB,IAAqB,CA9BzD,MA+BG,GAAI,CACH,GAAM,CAEL,UACA,UACA,SACA,OACG,EAAQ,kBAEN,EACL,GAAU,qBAAc,WAAd,cAAwB,kBAE7B,EAAoB,IAAmB,IAAI,KAAK,AAAC,GAC/C,EAAQ,qBAAuB,GAGvC,GAAI,CAAC,EACJ,KAAM,IAAI,OACT,+DAA+D,EAAQ,gBACrE,IAAI,AAAC,GAAM,KAAK,EAAE,sBAClB,KAAK,SAIT,QAAQ,IACP,kBACA,EACC,EAAiB,sBAChB,EAAiB,oBAEnB,UAGD,GAAM,GAAgB,CACrB,GAAG,OAAO,KAAK,EAAiB,SAAW,IAC3C,GAAG,OAAO,KAAK,EAAiB,iBAAmB,KAG9C,EAAmB,OAAO,YAC/B,EAAc,IAAI,AAAC,GACX,CAAC,EAAK,EAAS,MAIlB,EAAe,KAAM,GAAqB,GAE1C,EAAY,KAAM,GAAiB,QAAQ,GAChD,WAAY,GACT,IAGE,EAA0B,KAAM,GAA4B,CACjE,SAAU,EACV,KAAM,IAEP,AACC,KAA4B,QAC5B,EAAwB,YAAc,KAEtC,MAAM,GAAoB,EAAS,GACnC,QAAQ,IACP,+BAA+B,EAAO,cAAoB,EACzD,aAIK,EAAP,CACD,QAAQ,MAAM,EAAO,EAAE,UACvB,EAAQ,UAIX,EAAQ,gBAAgB,IAAI,AAAC,GAAe,CAC3C,GAAM,CAAE,UAAS,mBAAoB,EACrC,EAAiB,EAAS,GAC1B,EAAiB,EAAiB,EAAY,MAG/C,GAAM,GAAU,EAAQ,gBAAgB,IAAI,AAAC,GAAM,EAAE,oBACrD,SAAW,OACV,oBACA,oBAAoB,EAAQ,OAAS,EAAI,IAAM,cAC9C,EAAQ,SAAW,EAAI,EAAQ,GAAK,EAAQ,KAAK,QAElD,EAAQ,SAAW,EAAI,EAAQ,GAAK,QAErC,EAAkB,CAAE,QAAS,EAAY,iBAElC,GAGD,GAAQ,GCxGf,GAAM,IAAoB,MACzB,EACA,IAII,CACJ,GAAM,CAAE,kBAAiB,gBAAiB,EACpC,EAAa,EACjB,0BACA,qBACA,QAAQ,WACR,OAAO,MAAO,EAAmB,IAAqB,CA9BzD,MA+BG,GAAI,CACH,GAAM,CAEL,UACA,UACA,SACA,OACG,EAAQ,kBAEN,EACL,GAAU,qBAAc,WAAd,cAAwB,kBAC7B,EAAoB,IAAmB,IAAI,KAAK,AAAC,GAC/C,EAAQ,qBAAuB,GAGvC,GAAI,CAAC,EACJ,KAAM,IAAI,OACT,+DAA+D,EAAQ,gBACrE,IAAI,AAAC,GAAM,EAAE,oBACb,KAAK,SAIT,QAAQ,IACP,kBACA,EACC,EAAiB,sBAChB,EAAiB,oBAEnB,UAED,GAAM,GAAgB,CACrB,GAAG,OAAO,KAAK,EAAiB,SAAW,IAC3C,GAAG,OAAO,KAAK,EAAiB,iBAAmB,KAG9C,EAAmB,OAAO,YAC/B,EAAc,IAAI,AAAC,GACX,CAAC,EAAK,EAAS,MAIlB,EAAe,KAAM,GAAqB,GAE1C,EAAa,KAAM,GAAiB,QAAQ,GACjD,UAAW,GACR,IAGE,EAA0B,KAAM,GAA4B,CACjE,SAAU,EACV,KAAM,IAEP,AACC,KAA4B,QAC5B,EAAwB,YAAc,KAEtC,MAAM,GAAoB,EAAS,GACnC,QAAQ,IACP,+BAA+B,EAAO,cAAoB,EACzD,aAIK,EAAP,CACD,QAAQ,MAAM,EAAO,EAAE,UACvB,EAAQ,UAIX,EAAQ,gBAAgB,IAAI,AAAC,GAAsB,CAClD,GAAM,CAAE,UAAS,mBAAoB,EACrC,EAAiB,EAAS,GAC1B,EAAiB,EAAiB,EAAY,MAE/C,GAAM,GAAU,EAAQ,gBAAgB,IAAI,AAAC,GAAM,EAAE,oBAC/C,EAAwB,EAAQ,gBAAgB,IACrD,AAAC,GAAM,EAAE,sBAGV,SAAW,OACV,oBACA,oBAAoB,EAAQ,OAAS,EAAI,IAAM,OAC9C,EAAQ,SAAW,EAAI,EAAQ,GAAK,EAAQ,KAAK,SAGnD,EAAkB,CAAE,QAAS,EAAY,iBACzC,EAAW,YACV,2BAA2B,EAAsB,KAAK,SAEhD,GAGD,GAAQ,GC5Hf,OAAe,sBACf,EAAoB,yBAEP,GAAkB,AAAC,GAU1B,CACL,GAAM,GAAsB,AAAG,kBACzB,EAAS,WAAG,aAAa,EAAQ,WAAY,QAE7C,EACL,AAAoB,GACpB,AAAC,GAAgB,CAChB,WAAe,EAAwB,CApB1C,6CAsBI,GADA,EAAO,AAAG,iBAAe,EAAM,EAAO,GAClC,EAAK,OAAS,AAAG,aAAW,cAAe,CAC9C,GAAM,GAAU,uBAAM,SAAN,cAAc,SAAd,cAAsB,OACtC,GAAI,YAAQ,SAAR,cAAgB,MAAhB,cAAqB,MAArB,cAA0B,WACzB,qBAAS,WAAW,KAApB,cAAwB,aAAc,MAAO,CAChD,GAAM,GAAU,oBAAS,SAAT,cAAiB,OACjC,GAAI,kBAAS,WAAW,GAAG,aAAc,MACxC,MAAO,AAAG,uBACT,WAAQ,SAAR,cAAgB,MAAhB,cAAqB,MAArB,cAA0B,UAK9B,GAAI,SAAQ,SAAR,cAAgB,MAAhB,cAAqB,SACpB,yBAAM,SAAN,cAAc,WAAW,KAAzB,eAA6B,aAAc,SAAU,CACxD,GAAM,GAAU,yBAAM,SAAN,eAAc,SAAd,eAAsB,OAGtC,GAAI,kBAAS,WAAW,GAAG,aAAc,MACxC,MAAO,AAAG,uBAAoB,UAAQ,SAAR,eAAgB,MAAhB,eAAqB,SAMvD,MAAO,GAER,MAAO,AAAG,aAAU,EAAU,IAG1B,EAA4B,AAAG,mBACpC,UACA,EACA,AAAG,eAAa,OAChB,GACA,AAAG,aAAW,IAIT,EACL,AAAG,YAAyB,EAAY,CAAC,IAEpC,EAAuC,EAAO,YAAY,GAE1D,EAAoB,EAAQ,UAAU,GAC5C,SAAO,UAEA,GC7DR,OAAiB,wBAMX,GAAiB,MACtB,EACA,IACI,CACJ,GAAM,CAAE,gBAAiB,EACnB,EAAa,EACjB,0BACA,qBACA,QAAQ,QACR,OAAO,MAAO,EAAmB,IAAqB,CACtD,GAAM,CAAE,aAAY,OAAQ,EAAQ,kBAEpC,GAAI,CACH,GAAM,GAAwB,GAAgB,CAC7C,WAAY,WAAK,QAChB,UACA,0CAGI,EAAgC,KAAM,GAC3C,CACC,SAAU,EACV,KAAM,IAGR,AACC,KAAkC,QAClC,EAA8B,YAAc,KAE5C,MAAM,GAAoB,EAAY,GACtC,QAAQ,IAAI,wBAAwB,EAAO,aAEpC,EAAP,CACD,EAAQ,MAAM,MAIjB,SAAkB,CAAE,QAAS,EAAY,iBAElC,GAGD,GAAQ,GC/Cf,OAAsB,qBACtB,GAAuB,4BACvB,EAAe,sBAUT,GAAiB,MACtB,EACA,IAOI,CACJ,GAAM,CAAE,eAAc,YAAa,EAE7B,EAAa,EACjB,0BACA,qBACA,QAAQ,QACR,OAAO,MAAO,EAAkC,IAAqB,CApCxE,UAqCG,GAAI,CACH,GAAM,CAEL,UACA,UACA,UACA,UACA,SACA,OACG,EAAQ,kBAEN,EACL,GAAU,qBAAc,WAAd,cAAwB,kBAE7B,EAAoB,OAAY,IAAI,KAAK,AAAC,GAAY,CAnDhE,MAoDK,MAAO,MAAQ,UAAR,cAAiB,sBAAuB,MADtB,cAEtB,QAEE,EAAiB,OAAY,IAAI,KAAK,AAAC,GAAY,CAvD7D,MAwDK,MAAO,MAAQ,OAAR,cAAc,sBAAuB,MADtB,cAEnB,KAEJ,GAAI,CAAC,EACJ,KAAM,IAAI,OAAM,yBAGjB,GAAM,GAAgB,CACrB,GAAG,OAAO,KAAK,kBAAkB,UAAW,IAC5C,GAAG,OAAO,KAAK,kBAAkB,kBAAmB,IACpD,GAAG,OAAO,KAAK,kBAAe,UAAW,IACzC,GAAG,OAAO,KAAK,kBAAe,kBAAmB,KAG5C,EAAmB,OAAO,YAC/B,EAAc,IAAI,AAAC,GACX,CAAC,EAAK,EAAS,MAIxB,GAAI,GAAW,EACd,KAAM,IAAI,OAAM,6CAGjB,GAAI,GAEJ,GAAI,GAAW,CAAE,IAAW,GAAU,CACrC,GAAI,CAAC,EACJ,KAAM,IAAI,OAAM,iDAEjB,EAAc,UAAG,aAAa,EAAS,gBAC7B,EAAS,CACnB,GAAI,CAAC,EACJ,KAAM,IAAI,OAAM,iDAGjB,GAAI,CAAC,EACJ,KAAM,IAAI,OACT,+DAA+D,EAC7D,IAAI,AAAC,GAAG,CA/FjB,MA+FoB,WAAK,KAAE,UAAF,cAAW,uBAC3B,KAAK,SAIT,GAAM,GAAiB,UAAG,aAAa,EAAS,QAChD,EAAc,KAAM,GAAiB,QAAQ,GAC5C,WAAY,GACT,IAGL,GAAI,EAAa,CAEhB,GAAM,GAAa,aAAM,GAEnB,EAAkB,cAAO,CAC9B,iBAAkB,GAClB,OAAQ,OAEH,QAAQ,KAET,KAIL,AAAI,EAAgB,QACnB,KAAM,GAAc,QAAQ,GAC3B,KAAM,EAAgB,OACtB,OACG,QAIL,MAAM,IAAI,OAAM,uCAET,EAAP,CACD,QAAQ,MAAM,GACd,QAAQ,KAAK,MAIhB,SAAkB,CAAE,QAAS,EAAY,iBAElC,GAGD,GAAQ,GC7If,MAAe,sBAGf,GAAsB,qBACtB,GAAuB,4BAQvB,OAA0B,iCACpB,GAAe,CACpB,EACA,IAII,CACJ,GAAM,CAAE,eAAc,mBAAoB,GAAW,GAG/C,EACL,IAAoB,QAAa,EAAgB,OAAS,EAErD,EAAa,EACjB,QAAQ,oBACR,mBAAmB,IACnB,0BACA,qBACA,mBAAmB,IACnB,OACA,MACC,EACA,EACA,IACI,CArCR,MAsCI,GAAI,CACH,GAAM,CAAE,UAAS,UAAS,UAAS,UAAS,UAC3C,EAAQ,kBACT,GAAI,GAAW,EACd,KAAM,IAAI,OAAM,6CAGjB,GAAI,GAEJ,GAAI,GAAW,CAAE,IAAW,IAAY,IAAqB,GAAO,CACnE,GAAI,CAAC,EACJ,KAAM,IAAI,OAAM,iDAEjB,EAAc,UAAG,aAAa,EAAS,gBAC7B,EAAS,CACnB,GAAI,CAAC,EACJ,KAAM,IAAI,OAAM,iDAGjB,GAAM,GACL,GAAU,qBAAc,WAAd,cAAwB,kBAE7B,EAAoB,IAAmB,IAAI,KAAK,AAAC,GAC/C,EAAQ,qBAAuB,GAGvC,GAAI,CAAC,EACJ,KAAM,IAAI,OACT,+DACC,IAAmB,IAElB,IAAI,AAAC,GAAM,KAAK,EAAE,sBAClB,KAAK,SAIT,GAAM,GAAgB,CACrB,GAAG,OAAO,KAAK,EAAiB,SAAW,IAC3C,GAAG,OAAO,KAAK,EAAiB,iBAAmB,KAG9C,EAAmB,OAAO,YAC/B,EAAc,IAAI,AAAC,GACX,CAAC,EAAK,EAAS,MAIlB,EAAiB,UAAG,aAAa,EAAS,QAChD,EAAc,KAAM,GAAiB,QAAQ,GAC5C,WAAY,GACT,IAGL,GAAI,EAAa,CAChB,GAAM,GAAa,aAAM,GAEnB,EAAkB,cAAO,CAC9B,iBAAkB,GAClB,OAAQ,OAEH,QAAQ,KAET,KAIC,CAAC,KAAgB,GAAmB,EACpC,EAAQ,iBAAU,EAAa,CAAC,GAAG,GAAkB,CAC1D,MAAO,UACP,MAAO,GACP,SAAU,QACV,IAAK,SACD,EAAgB,QAChB,QAAQ,KAFP,CAGJ,eAAgB,KAAK,UAAU,OAAO,KAAK,QAI7C,AAAI,EAAM,SAAW,GACpB,QAAQ,KAAK,EAAM,QAAU,OAG9B,MAAM,IAAI,OAAM,uCAET,EAAP,CACD,QAAQ,MAAM,EAAO,EAAE,UACvB,EAAQ,UAWZ,GANA,EAAkB,CACjB,QAAS,EACT,YAAa,EAAmB,MAAQ,aACxC,iBAGG,EAAkB,CACrB,WAAiB,IAAI,AAAC,GAAQ,CAC7B,GAAM,CAAE,UAAS,mBAAoB,EACrC,EAAiB,EAAS,GAC1B,EAAiB,EAAiB,EAAY,MAE/C,GAAM,GAAU,iBAAiB,IAAI,AAAC,GAAM,EAAE,oBAE9C,EAAW,OACV,oBACA,oBAAoB,EAAQ,OAAS,EAAI,IAAM,OAC7C,EAAQ,KAAK,MAAO,EAAQ,SAAW,EAAI,EAAQ,GAAK,UAK5D,MAAO,IAGD,GAAQ,GrB1If,OAAuC,kBACvC,GAAwB,2BAElB,GAA+B,CACpC,QAAS,YACT,KAAM,SACN,WAAY,CACX,KAAM,SACN,YAAa,mBAEd,UAAW,GACX,MAAO,GACP,OAAQ,GACR,QAAS,AAAC,GAAW,CAAC,EAAM,IAAQ,CACnC,GAAI,EAAK,CACR,GAAM,CAAE,aAAY,sBAAuB,EAC3C,SAAW,GAAsB,IAAS,GAAK,GAAK,EAAK,MAAM,GACxD,OAEP,OAAO,KAKJ,EAAU,GAAI,YAEpB,AAAC,UAAY,CA1Cb,YA2CC,GAAM,GAAgB,eAAY,QAAQ,MACpC,EAA8B,GACpC,AAAI,EAAc,QACjB,CAAI,MAAM,QAAQ,EAAc,QAC/B,EAAkB,KAAK,GAAG,EAAc,QAExC,EAAkB,KAAK,EAAc,SAUvC,GAAM,GAAa,CAClB,GAAI,MAAM,QAAQ,EAAc,QAC7B,EAAc,OACd,CAAC,EAAc,QAClB,GAAI,MAAM,QAAQ,EAAc,GAAK,EAAc,EAAI,CAAC,EAAc,IACnE,GAEE,CAAE,SAAU,EAAe,IAAO,KAAM,IAAiB,GACzD,CAAE,WAAU,KAAM,GAAkB,EAE1C,EACE,KAAK,UACL,YAAY,oBACZ,QAAQ,SACR,0BACA,OAAO,CAAC,EAAU,IAAmB,CACrC,EAAM,SAER,EAAkB,CAAE,UAAS,aAAc,IAC3C,GAAM,GAAM,GAAI,YAAI,CACnB,UAAW,GACX,iBAAkB,GAClB,YAAa,GACb,YAAa,GACb,gBAAiB,GACjB,cAAe,GACf,SAAU,CAAC,MAGN,EAA2C,GACjD,GAAI,EAAkB,OAAS,EAC9B,OAAW,KAAgB,GAAmB,CAK7C,GAAM,GAAe,KAAM,AAHZ,MAAM,GAAiB,CAAE,KAAM,KAGZ,CACjC,aAAc,EACd,MACA,eAED,EAAc,EAAa,MAAQ,EAE/B,EAAkB,SAAW,GAEhC,GAAa,SAAW,OACpB,EAAa,UADO,CAEvB,iBAAkB,OAAO,EAAa,MACtC,QAAS,OACL,KAAa,WAAb,cAAuB,SADlB,EAEP,EAAa,MAAO,KACjB,QAAa,WAAb,cAAuB,UAAvB,cAAiC,EAAa,YAQvD,AAAI,kBAAU,mBACR,sBAAU,UAAV,cAAoB,EAAS,oBACjC,GAAS,QAAU,OACf,EAAS,SADM,EAEjB,EAAS,kBAAmB,OAI5B,kBAAU,UACb,OAAO,QAAQ,iBAAU,SAAS,QACjC,CAAC,CAAC,EAAY,KAAgD,CAC7D,AAAI,kBAAc,QACjB,EAAc,GAAc,iBAAc,OAE1C,EAAc,GAAc,kBAAkB,MAMlD,OAAO,OAAO,GAAiB,IAAI,QAAQ,AAAC,GAAiB,CAC5D,OAAO,KAAK,GAAc,QAAQ,AAAC,GAAe,CACjD,AAAK,EAAc,IAClB,GAAc,GAAc,kBAAkB,SAMjD,GAAM,GAA4D,GAC5D,EAA4D,GAC5D,EAGA,GAEN,OAAW,KAAc,QAAO,KAAK,GAAgB,CACpD,GAAM,GAAe,EAAc,GAC7B,EAAmB,KAAM,GAAiB,CAAE,KAAM,IAClD,CAAE,gBAAe,YAAa,GAAQ,KAAM,GAAiB,CAClE,MACA,aAAc,EACd,eAGD,AAAI,kBAAK,UACR,EAAyB,KAAK,EAAI,SAE/B,kBAAK,UACR,GAAyB,KAAK,EAAI,SAC9B,kBAAK,OACR,EAAsB,KAAK,CAAE,KAAM,EAAI,KAAM,QAAS,EAAI,WAIxD,GACH,EAAc,CAAE,YAGlB,AAAI,EAAyB,QAC5B,KAAM,IAAkB,EAAS,CAChC,aAAc,EACd,gBAAiB,IAGf,EAAyB,QAC5B,KAAM,IAAkB,EAAS,CAChC,aAAc,EACd,gBAAiB,IAGf,EAAsB,QACzB,KAAM,IAAe,EAAS,CAC7B,aAAc,EACd,SAAU,IAKZ,KAAM,IAAe,EAAS,CAAE,aAAc,IAC9C,KAAM,IAAc,EAAS,CAC5B,aAAc,EACd,gBAAiB,IAElB,KAAM,GAAQ",
6
6
  "names": []
7
7
  }
@@ -1,9 +1,41 @@
1
- var We=Object.defineProperty,De=Object.defineProperties;var Ne=Object.getOwnPropertyDescriptors;var fe=Object.getOwnPropertySymbols;var Me=Object.prototype.hasOwnProperty,Le=Object.prototype.propertyIsEnumerable;var de=(e,n,t)=>n in e?We(e,n,{enumerable:!0,configurable:!0,writable:!0,value:t}):e[n]=t,r=(e,n)=>{for(var t in n||(n={}))Me.call(n,t)&&de(e,t,n[t]);if(fe)for(var t of fe(n))Le.call(n,t)&&de(e,t,n[t]);return e},b=(e,n)=>De(e,Ne(n));import{Command as Tn}from"commander";import{DecryptCommand as qe,DescribeKeyCommand as Ue,EncryptCommand as je,KMSClient as Ve}from"@aws-sdk/client-kms";import{fromEnv as $e,fromIni as le,fromTemporaryCredentials as Ke}from"@aws-sdk/credential-providers";import{loadSharedConfigFiles as Ge}from"@aws-sdk/shared-ini-file-loader";import ue from"chalk";var F=e=>ue.yellowBright(e),C=e=>ue.yellow.bold(e);var we=async({argv:e,env:n})=>{var l,g,w;let t=await Ge(),o,c,s;if(e.profile?(c={value:e.profile,origin:`command line option: ${F(e.profile)}`},o={value:await le({profile:e.profile})(),origin:`${F(`[${e.profile}]`)} in credentials file`}):n.AWS_PROFILE?(c={value:n.AWS_PROFILE,origin:`env variable ${F("AWS_PROFILE")}: ${C(n.AWS_PROFILE)}`},o={value:await le({profile:n.AWS_PROFILE})(),origin:`env variable ${F("AWS_PROFILE")}: ${C(n.AWS_PROFILE)}`}):n.AWS_ACCESS_KEY_ID&&n.AWS_SECRET_ACCESS_KEY?o={value:await $e()(),origin:`env variables ${F("AWS_ACCESS_KEY_ID")} and ${F("AWS_SECRET_ACCESS_KEY")}`}:((l=t.credentialsFile)==null?void 0:l.default)&&(c={value:"default",origin:`${F("[default]")} in credentials file`},o={value:await le({profile:"default"})(),origin:`profile ${F("[default]")}`}),e.region)s={value:e.region,origin:`command line option: ${F(e.region)}`};else if(n.AWS_REGION)s={value:n.AWS_REGION,origin:`env variable ${F("AWS_REGION")}: ${C(n.AWS_REGION)}`};else if(n.AWS_DEFAULT_REGION)s={value:n.AWS_DEFAULT_REGION,origin:`env variable ${F("AWS_DEFAULT_REGION")}: ${C(n.AWS_DEFAULT_REGION)}`};else if(c){let p=(w=(g=t==null?void 0:t.configFile)==null?void 0:g[c.value])==null?void 0:w.region;p&&(s={value:p,origin:`${F(`[profile ${c.value}]`)} in config file`})}let m=e.assumeRoleArn||n.AWS_ASSUME_ROLE_ARN;if(m){let p=e.assumeRoleArn?"command line option":"env variable";o={value:await Ke({masterCredentials:o==null?void 0:o.value,params:{DurationSeconds:e.assumeRoleSessionDuration||Number(n.AWS_ASSUME_ROLE_SESSION_DURATION)||3600,RoleArn:m},clientConfig:{region:s==null?void 0:s.value}})(),origin:`${p} ${F(`[${m}]`)}`}}return{credentialsAndOrigin:o,regionAndOrigin:s,profileAndOrigin:c}},Se=({credentialsAndOrigin:e,regionAndOrigin:n,profileAndOrigin:t})=>{let o=[];return t&&o.push(`Got profile name from ${t.origin}`),e&&o.push(`Resolved credentials from ${e.origin}`),n&&o.push(`Resolved region from ${n.origin}`),o.join(`
2
- `)};var ee=async({argv:e,env:n})=>{let{credentialsAndOrigin:t,regionAndOrigin:o,profileAndOrigin:c}=await we({argv:{region:e.awsRegion,profile:e.awsProfile,assumeRoleArn:e.awsAssumeRoleArn,assumeRoleSessionDuration:e.awsAssumeRoleSessionDuration},env:r({},n)});if(e.verbose===!0&&console.log(Se({credentialsAndOrigin:t,regionAndOrigin:o,profileAndOrigin:c})),!(t&&o)){if(!t)throw console.error("Could not find credentials"),new Error("Could not find credentials");if(!o)throw console.error("Could not find region"),new Error("Could not find region")}return{credentialsAndOrigin:t,regionAndOrigin:o}};var N=async e=>{var w,p;let{kms:{keyAlias:n}={},region:t}=e,{credentialsAndOrigin:o,regionAndOrigin:c}=await ee({argv:{},env:r({},process.env)}),s=new Ve({credentials:o.value,region:t||c.value}),m=new Ue({KeyId:n}),g=(p=(w=(await s.send(m)).KeyMetadata)==null?void 0:w.EncryptionAlgorithms)==null?void 0:p[0];if(g===void 0)throw new Error("Could not determine encryption algorithm");return{async encrypt(a){let d=new je({KeyId:n,Plaintext:Buffer.from(a),EncryptionAlgorithm:g}),i=await s.send(d);if(!i.CiphertextBlob)throw new Error(`Something bad happened: ${JSON.stringify({encryptCommand:d})}`);return Buffer.from(i.CiphertextBlob).toString("base64")},async decrypt(a){let d=new qe({KeyId:n,CiphertextBlob:Buffer.from(a,"base64"),EncryptionAlgorithm:g}),i=await s.send(d);if(!i.Plaintext)throw new Error(`Something bad happened: ${JSON.stringify({cipherText:a,decryptCommand:d})}`);let y=Buffer.from(i.Plaintext).toString();return this.verbose&&console.info(`Decrypting key '${a}'`),y},other:()=>{}}};import ye,{stat as Ye}from"node:fs/promises";import Be from"prompts";import Je from"node:path";var ne=async e=>await ye.readFile(e,"utf-8"),Z=async(e,n)=>await ye.writeFile(e,n,"utf-8"),He=async e=>{try{return await Ye(e),!0}catch{return!1}},z=async({filePath:e,skip:n})=>{let t;return await He(e)&&n!==!0?t=await Be({type:"confirm",name:"overwrite",message:()=>`Overwrite './${Je.relative(process.cwd(),e)}' ?`}):t=void 0,t};import cn from"node:path";import{ScriptKind as tn,ScriptTarget as on,SyntaxKind as Xe,createPrinter as ze,createSourceFile as nn,createStringLiteral as Ee,transform as rn,visitEachChild as Qe,visitNode as en}from"typescript";import Ze from"node:fs";var Ae=e=>{let n=ze(),t=Ze.readFileSync(e.configFile,"utf8"),o=g=>w=>{function p(a){var d,i,y,E,A,S,_,R,h,D,I,$,K,G,q,U,j,V;if(a=Qe(a,p,g),a.kind===Xe.StringLiteral){let u=(i=(d=a==null?void 0:a.parent)==null?void 0:d.parent)==null?void 0:i.parent;if(((A=(E=(y=e.config)==null?void 0:y.aws)==null?void 0:E.kms)==null?void 0:A.keyAlias)&&((S=u==null?void 0:u.getChildAt(0))==null?void 0:S.getText())==="kms"){let v=(_=u==null?void 0:u.parent)==null?void 0:_.parent;if((v==null?void 0:v.getChildAt(0).getText())==="aws")return Ee((D=(h=(R=e.config)==null?void 0:R.aws)==null?void 0:h.kms)==null?void 0:D.keyAlias)}if((($=(I=e.config)==null?void 0:I.aws)==null?void 0:$.region)&&((G=(K=a==null?void 0:a.parent)==null?void 0:K.getChildAt(0))==null?void 0:G.getText())==="region"){let v=(U=(q=a==null?void 0:a.parent)==null?void 0:q.parent)==null?void 0:U.parent;if((v==null?void 0:v.getChildAt(0).getText())==="aws")return Ee((V=(j=e.config)==null?void 0:j.aws)==null?void 0:V.region)}}return a}return en(w,p)},c=nn("test.ts",t,on.ES2015,!0,tn.TS),s=rn(c,[o]),m=s.transformed[0],l=n.printFile(m);return s.dispose(),l};var me="dotsec.config.ts",Ce=[me],oe=".sec",te=".env",ie="alias/dotsec",sn="SecureString",O={config:{aws:{kms:{keyAlias:ie},ssm:{parameterType:sn}}}};var an={dotsec:{options:{verbose:["--verbose","Verbose output",!1],configFile:["-c, --config-file, --configFile <configFile>","Config file",me]}},init:{options:{verbose:["--verbose","Verbose output",!1],configFile:["-c, --config-file, --configFile <configFile>","Config file",me],env:["--env","Path to .env file",te],sec:["--sec","Path to .sec file",oe],yes:["--yes","Skip confirmation prompts",!1],awsKeyAlias:["--aws-key-alias <awsKeyAlias>","AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)","alias/dotsec"],awsRegion:["--aws-region <awsRegion>","AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION"]}},decrypt:{inheritsFrom:["dotsec"],options:{env:["--env <env>","Path to .env file",te],sec:["--sec <sec>","Path to .sec file",oe],yes:["--yes","Skip confirmation prompts",!1],awsKeyAlias:["--aws-key-alias <awsKeyAlias>","AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)","alias/dotsec"],awsRegion:["--aws-region <awsRegion>","AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION"]}},encrypt:{inheritsFrom:["dotsec"],options:{env:["--env <env>","Path to .env file",te],sec:["--sec <sec>","Path to .sec file",oe],yes:["--yes","Skip confirmation prompts",!1],awsKeyAlias:["--aws-key-alias <awsKeyAlias>","AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)","alias/dotsec"],awsRegion:["--aws-region <awsRegion>","AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION"]}},run:{inheritsFrom:["dotsec"],options:{env:["--env <env>","Path to .env file"],sec:["--sec [sec]","Path to .sec file"],awsKeyAlias:["--aws-key-alias <awsKeyAlias>","AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)","alias/dotsec"],awsRegion:["--aws-region <awsRegion>","AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION"]}},push:{inheritsFrom:["dotsec"],options:{toAwsSsm:["--to-aws-ssm, --toAwsSsm","Push to AWS SSM"],toAwsSecretsManager:["--to-aws-secrets-manager, --toAwsSecretsManager","Push to AWS Secrets Manager"],env:["--env [env]","Path to .env file"],sec:["--sec [sec]","Path to .sec file"],yes:["--yes","Skip confirmation prompts",!1],awsKeyAlias:["--aws-key-alias <awsKeyAlias>","AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)","alias/dotsec"],awsRegion:["--aws-region <awsRegion>","AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION"]}}},he=(e,n,t={})=>{let o=e[n];if(o)return o.inheritsFrom?o==null?void 0:o.inheritsFrom.reduce((c,s)=>{let m=he(e,s,c);return r({},m)},{options:r(r({},t.options),o.options),requiredOptions:r(r({},t.requiredOptions),o.requiredOptions)}):{options:r(r({},t.options),o.options),requiredOptions:r(r({},t.requiredOptions),o.requiredOptions)}},x=(e,n)=>{let t=he(an,n||e.name());(t==null?void 0:t.options)&&Object.values(t.options).forEach(([o,c,s])=>{e.option(o,c,s)}),(t==null?void 0:t.requiredOptions)&&Object.values(t.requiredOptions).forEach(([o,c,s])=>{e.requiredOption(o,c,s)})};var mn=async e=>{let n=e.enablePositionalOptions().passThroughOptions().command("init").action(async(t,o)=>{var a,d,i,y,E,A;let{verbose:c,configFile:s,env:m,sec:l,awskeyAlias:g,awsRegion:w,yes:p}=o.optsWithGlobals();try{let S;S=await N({verbose:c,region:w||process.env.AWS_REGION||((d=(a=O.config)==null?void 0:a.aws)==null?void 0:d.region),kms:{keyAlias:g||((A=(E=(y=(i=O)==null?void 0:i.config)==null?void 0:y.aws)==null?void 0:E.kms)==null?void 0:A.keyAlias)}});let _=await ne(m),R=await S.encrypt(_),h=await z({filePath:l,skip:p});(h===void 0||h.overwrite===!0)&&(await Z(l,R),console.log(`Wrote encrypted contents of ${C(m)} contents file to ${C(l)}`));let D=Ae({configFile:cn.resolve(__dirname,"../src/templates/dotsec.config.ts"),config:{aws:{kms:{keyAlias:g||ie},region:w||process.env.AWS_REGION}}}),I=await z({filePath:s,skip:p});(I===void 0||I.overwrite===!0)&&(await Z(s,D),console.log(`Wrote config file to ${C(s)}`))}catch(S){o.error(S)}});return x(n),n},ve=mn;import _e from"node:fs";import wn from"cross-spawn";import{parse as Sn}from"dotenv";import fn from"node:path";import{bundleRequire as dn}from"bundle-require";import un from"joycon";import pn from"fs";import ln from"node:path";function gn(e){try{return new Function(`return ${e.trim()}`)()}catch{return{}}}var Oe=async e=>{try{return gn(await pn.promises.readFile(e,"utf8"))}catch(n){throw n instanceof Error?new Error(`Failed to parse ${ln.relative(process.cwd(),e)}: ${n.message}`):n}};var Y=async e=>{var c,s,m,l,g,w,p,a,d,i,y,E,A,S,_,R,h,D,I,$,K,G,q,U,j,V,u,v,Q,J,X,W,M,L,P,k;let n=process.cwd(),o=await new un().resolve({files:e?[e]:[...Ce,"package.json"],cwd:n,stopDir:fn.parse(n).root,packageKey:"dotsec"});if(e&&o===null)throw new Error(`Could not find config file ${e}`);if(o){if(o.endsWith(".json")){let T=await Oe(o),f;return o.endsWith("package.json")&&T.dotsec!==void 0?f=T.dotsec:f=T,{source:"json",contents:b(r(r({},O),f),{config:b(r(r({},f==null?void 0:f.config),O.config),{aws:b(r(r({},(c=f==null?void 0:f.config)==null?void 0:c.aws),(m=(s=O)==null?void 0:s.config)==null?void 0:m.aws),{kms:r(r({},(w=(g=(l=O)==null?void 0:l.config)==null?void 0:g.aws)==null?void 0:w.kms),(a=(p=f.config)==null?void 0:p.aws)==null?void 0:a.kms),ssm:r(r({},(y=(i=(d=O)==null?void 0:d.config)==null?void 0:i.aws)==null?void 0:y.ssm),(A=(E=f.config)==null?void 0:E.aws)==null?void 0:A.ssm),secretsManager:r(r({},(R=(_=(S=O)==null?void 0:S.config)==null?void 0:_.aws)==null?void 0:R.secretsManager),(D=(h=f.config)==null?void 0:h.aws)==null?void 0:D.secretsManager)})})})}}else if(o.endsWith(".ts")){let T=await dn({filepath:o}),f=T.mod.dotsec||T.mod.default||T.mod;return{source:"ts",contents:b(r(r({},O),f),{config:b(r(r({},f==null?void 0:f.config),O.config),{aws:b(r(r({},(I=f==null?void 0:f.config)==null?void 0:I.aws),(K=($=O)==null?void 0:$.config)==null?void 0:K.aws),{kms:r(r({},(U=(q=(G=O)==null?void 0:G.config)==null?void 0:q.aws)==null?void 0:U.kms),(V=(j=f.config)==null?void 0:j.aws)==null?void 0:V.kms),ssm:r(r({},(Q=(v=(u=O)==null?void 0:u.config)==null?void 0:v.aws)==null?void 0:Q.ssm),(X=(J=f.config)==null?void 0:J.aws)==null?void 0:X.ssm),secretsManager:r(r({},(L=(M=(W=O)==null?void 0:W.config)==null?void 0:M.aws)==null?void 0:L.secretsManager),(k=(P=f.config)==null?void 0:P.aws)==null?void 0:k.secretsManager)})})})}}}return{source:"defaultConfig",contents:O}};var yn=e=>{let n=e.command("run <command...>").allowUnknownOption().description("Run a command in a separate process and populate env with decrypted .env or encrypted .sec values").action(async(t,o,c)=>{var i,y,E;let{configFile:s,env:m,sec:l,keyAlias:g,region:w}=c.optsWithGlobals(),{contents:{config:p}={}}=await Y(s),a=await N({verbose:!0,kms:{keyAlias:g||((y=(i=p==null?void 0:p.aws)==null?void 0:i.kms)==null?void 0:y.keyAlias)||ie},region:w||((E=p==null?void 0:p.aws)==null?void 0:E.region)}),d;if(m)d=_e.readFileSync(m,"utf8");else if(l){let A=_e.readFileSync(l,"utf8");d=await a.decrypt(A)}else throw new Error('Must provide either "--env" or "--sec"');if(d){let A=Sn(d),[S,..._]=t;wn(S,[..._],{stdio:"inherit",shell:!1,env:b(r(r({},process.env),A),{__DOTSEC_ENV__:JSON.stringify(Object.keys(A))})}),c.help()}else throw new Error("No .env or .sec file provided")});return x(n,"run"),n},Re=yn;var An=async e=>{let n=e.enablePositionalOptions().passThroughOptions().command("decrypt").action(async(t,o)=>{var d,i,y,E,A;let{configFile:c,verbose:s,env:m,sec:l,awskeyAlias:g,awsRegion:w,yes:p}=o.optsWithGlobals(),{contents:a}=await Y(c);try{let S;S=await N({verbose:s,region:w||process.env.AWS_REGION||((i=(d=a.config)==null?void 0:d.aws)==null?void 0:i.region),kms:{keyAlias:g||((A=(E=(y=a==null?void 0:a.config)==null?void 0:y.aws)==null?void 0:E.kms)==null?void 0:A.keyAlias)}});let _=await ne(l),R=await S.decrypt(_),h=await z({filePath:m,skip:p});(h===void 0||h.overwrite===!0)&&(await Z(m,R),console.log(`Wrote plaintext contents of ${C(l)} file to ${C(m)}`))}catch(S){o.error(S)}});return x(n),n},Pe=An;var En=async e=>{let n=e.enablePositionalOptions().passThroughOptions().command("encrypt").action(async(t,o)=>{var d,i,y,E,A;let{verbose:c,configFile:s,env:m,sec:l,awskeyAlias:g,awsRegion:w,yes:p}=o.optsWithGlobals(),{contents:a}=await Y(s);try{let S;S=await N({verbose:c,region:w||process.env.AWS_REGION||((i=(d=a.config)==null?void 0:d.aws)==null?void 0:i.region),kms:{keyAlias:g||((A=(E=(y=a==null?void 0:a.config)==null?void 0:y.aws)==null?void 0:E.kms)==null?void 0:A.keyAlias)}});let _=await ne(m),R=await S.encrypt(_),h=await z({filePath:l,skip:p});(h===void 0||h.overwrite===!0)&&(await Z(l,R),console.log(`Wrote encrypted contents of ${C(m)} file to ${C(l)}`))}catch(S){o.error(S)}});return x(n),n},be=En;var se=e=>typeof e=="boolean";import Te from"node:fs";import{parse as Fn}from"dotenv";import Cn from"prompts";var pe=async({predicate:e,skip:n,message:t})=>n===!0?{confirm:!0}:(e?await e():!0)?await Cn({type:"confirm",name:"confirm",message:()=>t}):{confirm:!0};import{PutParameterCommand as hn,SSMClient as vn}from"@aws-sdk/client-ssm";var Fe=async e=>{let{region:n}=e||{},{credentialsAndOrigin:t,regionAndOrigin:o}=await ee({argv:{},env:r({},process.env)}),c=new vn({credentials:t.value,region:n||o.value});return{async put(s){for(let m of s){let l=new hn(b(r({},m),{Overwrite:!0}));await c.send(l)}}}};import{CreateSecretCommand as On,DescribeSecretCommand as _n,UpdateSecretCommand as Rn,SecretsManagerClient as Pn,ResourceNotFoundException as bn}from"@aws-sdk/client-secrets-manager";var ke=async e=>{let{region:n}=e||{},{credentialsAndOrigin:t,regionAndOrigin:o}=await ee({argv:{},env:r({},process.env)}),c=new Pn({credentials:t.value,region:n||o.value});return{async push(s){let m=[],l=[];for(let g of s){let w=new _n({SecretId:g.Name});try{let p=await c.send(w);l.push(new Rn({SecretId:p.ARN,SecretString:g.SecretString}))}catch(p){p instanceof bn&&m.push(new On({Name:g.Name,SecretString:g.SecretString}))}}return{createSecretCommands:m,updateSecretCommands:l,push:async()=>{for(let g of m)await c.send(g);for(let g of l)await c.send(g)}}}}};var kn=async e=>{let n=e.enablePositionalOptions().passThroughOptions().command("push").action(async(t,o)=>{var S,_,R,h,D,I,$,K,G,q,U,j,V;let{configFile:c,verbose:s,env:m,sec:l,awskeyAlias:g,awsRegion:w,yes:p,toAwsSsm:a,toAwsSecretsManager:d}=o.optsWithGlobals();if(!(a||d))throw new Error("You must specify at least one of --to-aws-ssm or --to-aws-secrets-manager");let{contents:i}=await Y(c),y,E;if(y=await N({verbose:s,region:w||process.env.AWS_REGION||((_=(S=i.config)==null?void 0:S.aws)==null?void 0:_.region),kms:{keyAlias:g||((D=(h=(R=i==null?void 0:i.config)==null?void 0:R.aws)==null?void 0:h.kms)==null?void 0:D.keyAlias)}}),m){let u=se(m)?te:m;E=Te.readFileSync(u,"utf8")}else if(l){let u=se(l)?oe:l,v=Te.readFileSync(u,"utf8");E=await y.decrypt(v)}else throw new Error('Must provide either "--env" or "--sec"');let A=Fn(E);try{if(a){let u=($=(I=i==null?void 0:i.config)==null?void 0:I.aws)==null?void 0:$.ssm,v=(u==null?void 0:u.parameterType)||"SecureString",Q=(u==null?void 0:u.pathPrefix)||"",J=Object.entries(A).reduce((W,[M,L])=>{var P,k,T,f;if((P=i.variables)==null?void 0:P[M]){let H=(k=i.variables)==null?void 0:k[M];if(H){let re=`${Q}${M}`;if((f=(T=H.push)==null?void 0:T.aws)==null?void 0:f.ssm){let ae=se(H.push.aws.ssm)?{Name:re,Value:L,Type:v}:b(r({Name:re,Type:v},H.push.aws.ssm),{Value:L});W.push(ae)}}}return W},[]),{confirm:X}=await pe({message:`Are you sure you want to push the following variables to AWS SSM Parameter Store?
3
- ${J.map(({Name:W})=>`- ${C(W||"[no name]")}`).join(`
4
- `)}`,skip:p});X===!0&&(console.log("pushing to AWS SSM Parameter Store"),await(await Fe({region:w||((G=(K=i==null?void 0:i.config)==null?void 0:K.aws)==null?void 0:G.region)})).put(J))}if(d){let u=(U=(q=i==null?void 0:i.config)==null?void 0:q.aws)==null?void 0:U.secretsManager,v=(u==null?void 0:u.pathPrefix)||"",Q=await ke({region:w||process.env.AWS_REGION||((V=(j=i.config)==null?void 0:j.aws)==null?void 0:V.region)}),J=Object.entries(A).reduce((P,[k,T])=>{var f,H,re,ae;if((f=i.variables)==null?void 0:f[k]){let ce=(H=i.variables)==null?void 0:H[k];if(ce){let ge=`${v}${k}`;if((ae=(re=ce.push)==null?void 0:re.aws)==null?void 0:ae.ssm){let Ie=se(ce.push.aws.ssm)?{Name:ge,SecretString:T}:b(r({Name:ge},ce.push.aws.ssm),{SecretString:T});P.push(Ie)}}}return P},[]),{push:X,updateSecretCommands:W,createSecretCommands:M}=await Q.push(J),L=[];if(W.length>0){let{confirm:P}=await pe({message:`Are you sure you want to update the following variables to AWS SSM Secrets Manager?
5
- ${W.map(({input:{SecretId:k}})=>`- ${C(k||"[no name]")}`).join(`
6
- `)}`,skip:p});L.push(P)}if(M.length>0){let{confirm:P}=await pe({message:`Are you sure you want to create the following variables to AWS SSM Secrets Manager?
7
- ${M.map(({input:{Name:k}})=>`- ${C(k||"[no name]")}`).join(`
8
- `)}`,skip:p});L.push(P)}L.find(P=>P===!1)||(console.log("pushing to AWS Secrets Manager"),await X())}}catch(u){o.error(u)}});return x(n),n},xe=kn;var B=new Tn;B.name("dotsec").description(".env, but secure").version("1.0.0").enablePositionalOptions().action((e,n)=>{n.help()});x(B);(async()=>{await ve(B),await Re(B),await Pe(B),await be(B),await xe(B),B.parse()})();
1
+ var Ee=Object.create;var W=Object.defineProperty,Fe=Object.defineProperties,Pe=Object.getOwnPropertyDescriptor,xe=Object.getOwnPropertyDescriptors,be=Object.getOwnPropertyNames,te=Object.getOwnPropertySymbols,Se=Object.getPrototypeOf,oe=Object.prototype.hasOwnProperty,Te=Object.prototype.propertyIsEnumerable;var ne=(e,t,r)=>t in e?W(e,t,{enumerable:!0,configurable:!0,writable:!0,value:r}):e[t]=r,c=(e,t)=>{for(var r in t||(t={}))oe.call(t,r)&&ne(e,r,t[r]);if(te)for(var r of te(t))Te.call(t,r)&&ne(e,r,t[r]);return e},E=(e,t)=>Fe(e,xe(t)),je=e=>W(e,"__esModule",{value:!0});var J=(e=>typeof require!="undefined"?require:typeof Proxy!="undefined"?new Proxy(e,{get:(t,r)=>(typeof require!="undefined"?require:t)[r]}):e)(function(e){if(typeof require!="undefined")return require.apply(this,arguments);throw new Error('Dynamic require of "'+e+'" is not supported')});var $e=(e,t,r)=>{if(t&&typeof t=="object"||typeof t=="function")for(let o of be(t))!oe.call(e,o)&&o!=="default"&&W(e,o,{get:()=>t[o],enumerable:!(r=Pe(t,o))||r.enumerable});return e},ie=e=>$e(je(W(e!=null?Ee(Se(e)):{},"default",e&&e.__esModule&&"default"in e?{get:()=>e.default,enumerable:!0}:{value:e,enumerable:!0})),e);import{Command as Ot}from"commander";var R="dotsec.config.ts",re=[R],M=".sec",B=".env",_={};import ke from"fs";import _e from"node:path";function Ae(e){try{return new Function(`return ${e.trim()}`)()}catch{return{}}}var se=async e=>{try{return Ae(await ke.promises.readFile(e,"utf8"))}catch(t){throw t instanceof Error?new Error(`Failed to parse ${_e.relative(process.cwd(),e)}: ${t.message}`):t}};import{bundleRequire as Ve}from"bundle-require";import He from"joycon";import Ie from"path";var ae=async e=>{var n,a,l,s;let t=process.cwd(),o=await new He().resolve({files:e?[e]:[...re,"package.json"],cwd:t,stopDir:Ie.parse(t).root,packageKey:"dotsec"});if(e&&o===null)throw new Error(`Could not find config file ${e}`);if(o){if(o.endsWith(".json")){let p=await se(o),i;return o.endsWith("package.json")&&p.dotsec!==void 0?i=p.dotsec:i=p,{source:"json",contents:E(c(c({},_),i),{defaults:E(c(c({},i==null?void 0:i.defaults),_.defaults),{plugins:c(c({},(n=i==null?void 0:i.defaults)==null?void 0:n.plugins),(a=_.defaults)==null?void 0:a.plugins)}),push:c({},i==null?void 0:i.push)})}}else if(o.endsWith(".ts")){let p=await Ve({filepath:o}),i=p.mod.dotsec||p.mod.default||p.mod;return{source:"ts",contents:E(c(c({},_),i),{defaults:E(c(c({},i==null?void 0:i.defaults),_.defaults),{plugins:c(c({},(l=i==null?void 0:i.defaults)==null?void 0:l.plugins),(s=_.defaults)==null?void 0:s.plugins)}),push:c({},i==null?void 0:i.push)})}}}return{source:"defaultConfig",contents:_}};var z=async e=>Promise.resolve().then(()=>ie(J(e.name))).then(t=>t.default);import{Option as Ne}from"commander";var $=(e,t,r)=>{e&&Object.values(e).map(o=>{let n;if(Array.isArray(o)){let[a,l,s]=o;n={flags:a,description:l,defaultValue:s}}else{let{flags:a,description:l,defaultValue:s,env:p,fn:i}=o;n={flags:a,description:l,defaultValue:s,env:p,fn:i}}if(n){let a=new Ne(n.flags,n.description);n.fn&&a.argParser(n.fn),n.defaultValue&&a.default(n.defaultValue),n.env&&a.env(n.env),r&&a.makeOptionMandatory(!0),t.addOption(a)}})};import ce,{stat as Re}from"node:fs/promises";import Le from"node:path";import qe from"prompts";var G=async e=>await ce.readFile(e,"utf-8"),H=async(e,t)=>await ce.writeFile(e,t,"utf-8"),Ke=async e=>{try{return await Re(e),!0}catch{return!1}},I=async({filePath:e,skip:t})=>{let r;return await Ke(e)&&t!==!0?r=await qe({type:"confirm",name:"overwrite",message:()=>`Overwrite './${Le.relative(process.cwd(),e)}' ?`}):r=void 0,r};import We from"chalk";var Wt=J("cli-table");var F=e=>We.yellow.bold(e);import{Option as Qe}from"commander";var b={option:["--env-file <envFile>",`Path to .env file. If not provided, will look for value in 'ENV_FILE' environment variable. If not provided, will look for '${B}' file in current directory.`,B],env:"ENV_FILE"},j={option:["--sec-file, <secFile>",`Path to .sec file. If not provided, will look for value in 'SEC_FILE' environment variable. If not provided, will look for '${M}' file in current directory.`,M],env:"SEC_FILE"},L={option:["--with-env, --withEnv","Run command using a dot env file"]},q={option:["--with-sec, --withSec","Run command with a dotsec file"]},S={option:["--yes","Skip confirmation prompts"]};var Ge={decrypt:{inheritsFrom:["dotsec"],options:{envFile:b,secFile:j,yes:S}}},pe=Ge;var Ue={dotsec:{options:{verbose:["--verbose","Verbose output",!1],configFile:["-c, --config-file, --configFile <configFile>","Config file",R],plugin:["--plugin <plugin>","Comma-separated list of plugins to use"]}}},K=Ue;var Je={encrypt:{inheritsFrom:["dotsec"],options:{envFile:b,secFile:j,yes:S}}},le=Je;var Me={init:{options:{verbose:["--verbose","Verbose output",!1],configFile:["-c, --config-file, --configFile <configFile>","Config file",R],envFile:b,secFile:j,yes:S}}},me=Me;var Be={pull:{inheritsFrom:["dotsec"],options:{withEnv:L,withSec:q,envFile:b,secFile:j,yes:S}}},U=Be;var ze={runEnvOnly:{inheritsFrom:["dotsec"],usage:"[commandArgs...]",options:{envFile:b,yes:S},description:"Run a command in a separate process and populate env with contents of a dotenv file.",helpText:`Examples:
2
+
3
+ Run a command with a .env file
4
+
5
+ $ dotsec run echo "hello world"
6
+
7
+
8
+ Run a command with a specific .env file
9
+
10
+ $ dotsec run --env-file .env.dev echo "hello world"
11
+
12
+ Run a command with a specific ENV_FILE variable
13
+
14
+ $ ENV_FILE=.env.dev dotsec run echo "hello world"
15
+
16
+ `},run:{inheritsFrom:["dotsec"],options:{withEnv:L,withSec:q,envFile:b,secFile:j,yes:S},usage:"[--with-env --env-file .env] [--with-sec --sec-file .sec] [commandArgs...]",description:`Run a command in a separate process and populate env with either
17
+ - contents of a dotenv file
18
+ - decrypted values of a dotsec file.
19
+
20
+ The --withEnv option will take precedence over the --withSec option. If neither are specified, the --withEnv option will be used by default.`,helpText:`Examples:
21
+
22
+ Run a command with a .env file
23
+
24
+ $ dotsec run echo "hello world"
25
+
26
+
27
+ Run a command with a specific .env file
28
+
29
+ $ dotsec run --with-env --env-file .env.dev echo "hello world"
30
+
31
+
32
+ Run a command with a .sec file
33
+
34
+ $ dotsec run --with-sec echo "hello world"
35
+
36
+
37
+ Run a command with a specific .sec file
38
+
39
+ $ dotsec run --with-sec --sec-file .sec.dev echo "hello world"
40
+ `},push:{options:E(c({},K.dotsec.options),{withEnv:L,withSec:q,envFile:b,secFile:j,yes:S}),requiredOptions:c({},K.dotsec.requiredOptions)}},de=ze;var Xe=c(c(c(c(c(c(c({},K),me),le),pe),de),U),U);var Ye=e=>Array.isArray(e)?{option:e}:e,fe=(e,t)=>{var p,i,m;let r=Ye(e),[o,n,a]=r.option,l=(m=(i=(p=t==null?void 0:t.dotsecConfig)==null?void 0:p.defaults)==null?void 0:i.options)==null?void 0:m[t==null?void 0:t.optionKey],s=new Qe(o,n+(l?". Default from config.":""));return a&&s.default(l||a),r.env&&s.env(r.env),(t==null?void 0:t.required)&&s.makeOptionMandatory(!0),s},T=e=>{let{program:t,commandName:r,dotsecConfig:o}=e,n=Xe[r||t.name()];if(n){let{options:a,requiredOptions:l,description:s,usage:p,helpText:i}=n;a&&Object.keys(a).forEach(m=>{let d=a[m],C=fe(d,{dotsecConfig:o,optionKey:m});t.addOption(C)}),l&&Object.keys(l).forEach(m=>{let d=l[m],C=fe(d,{required:!0,dotsecConfig:o,optionKey:m});t.addOption(C)}),s&&t.description(s),p&&t.description(p),i&&t.description(i)}};var Ze=async(e,t)=>{let{dotsecConfig:r,decryptHandlers:o}=t,n=e.enablePositionalOptions().passThroughOptions().command("decrypt").action(async(l,s)=>{var p;try{let{envFile:i,secFile:m,engine:d,yes:C}=s.optsWithGlobals(),D=d||((p=r==null?void 0:r.defaults)==null?void 0:p.encryptionEngine),v=(o||[]).find(w=>w.triggerOptionValue===D);if(!v)throw new Error(`No decryption plugin found, available decryption engine(s): ${t.decryptHandlers.map(w=>`--${w.triggerOptionValue}`).join(", ")}`);console.log("Decrypting with",F(v.encryptionEngineName||v.triggerOptionValue),"engine");let f=[...Object.keys(v.options||{}),...Object.keys(v.requiredOptions||{})],u=Object.fromEntries(f.map(w=>[w,l[w]])),g=await G(m),h=await v.handler(c({ciphertext:g},u)),y=await I({filePath:i,skip:C});(y===void 0||y.overwrite===!0)&&(await H(i,h),console.log(`Wrote plaintext contents of ${F(m)} file to ${F(i)}`))}catch(i){console.error(F(i.message)),s.help()}});t.decryptHandlers.map(l=>{let{options:s,requiredOptions:p}=l;$(s,n),$(p,n,!0)});let a=t.decryptHandlers.map(l=>l.triggerOptionValue);return n.option("--engine <engine>",`Encryption engine${a.length>0?"s":""} to use: ${a.length===1?a[0]:a.join(", ")}`,a.length===1?a[0]:void 0),T({program:n,dotsecConfig:r}),n},ue=Ze;var et=async(e,t)=>{let{encryptHandlers:r,dotsecConfig:o}=t,n=e.enablePositionalOptions().passThroughOptions().command("encrypt").action(async(s,p)=>{var i;try{let{envFile:m,secFile:d,engine:C,yes:D}=p.optsWithGlobals(),v=C||((i=o==null?void 0:o.defaults)==null?void 0:i.encryptionEngine),f=(r||[]).find(O=>O.triggerOptionValue===v);if(!f)throw new Error(`No encryption plugin found, available encryption engine(s): ${t.encryptHandlers.map(O=>O.triggerOptionValue).join(", ")}`);console.log("Encrypting with",F(f.encryptionEngineName||f.triggerOptionValue),"engine");let u=[...Object.keys(f.options||{}),...Object.keys(f.requiredOptions||{})],g=Object.fromEntries(u.map(O=>[O,s[O]])),h=await G(m),y=await f.handler(c({plaintext:h},g)),w=await I({filePath:d,skip:D});(w===void 0||w.overwrite===!0)&&(await H(d,y),console.log(`Wrote encrypted contents of ${F(m)} file to ${F(d)}`))}catch(m){console.error(F(m.message)),p.help()}});t.encryptHandlers.map(s=>{let{options:p,requiredOptions:i}=s;$(p,n),$(i,n,!0)});let a=t.encryptHandlers.map(s=>s.triggerOptionValue),l=t.encryptHandlers.map(s=>s.encryptionEngineName);return n.option("--engine <engine>",`Encryption engine${a.length>0?"s":""}: ${a.length===1?a[0]:a.join(", ")}`),T({program:n,dotsecConfig:o}),n.description(`Encrypt .env file using ${l.join(", ")}`),n},ge=et;import tt from"node:fs";import{ScriptKind as ct,ScriptTarget as at,SyntaxKind as it,createPrinter as ot,createSourceFile as st,createStringLiteral as he,transform as pt,visitEachChild as nt,visitNode as rt}from"typescript";var ye=e=>{let t=ot(),r=tt.readFileSync(e.configFile,"utf8"),o=p=>i=>{function m(d){var C,D,v,f,u,g,h,y,w,O,P,x,N,Q,X,Y,Z,ee;if(d=nt(d,m,p),d.kind===it.StringLiteral){let V=(D=(C=d==null?void 0:d.parent)==null?void 0:C.parent)==null?void 0:D.parent;if(((u=(f=(v=e.config)==null?void 0:v.aws)==null?void 0:f.kms)==null?void 0:u.keyAlias)&&((g=V==null?void 0:V.getChildAt(0))==null?void 0:g.getText())==="kms"){let A=(h=V==null?void 0:V.parent)==null?void 0:h.parent;if((A==null?void 0:A.getChildAt(0).getText())==="aws")return he((O=(w=(y=e.config)==null?void 0:y.aws)==null?void 0:w.kms)==null?void 0:O.keyAlias)}if(((x=(P=e.config)==null?void 0:P.aws)==null?void 0:x.region)&&((Q=(N=d==null?void 0:d.parent)==null?void 0:N.getChildAt(0))==null?void 0:Q.getText())==="region"){let A=(Y=(X=d==null?void 0:d.parent)==null?void 0:X.parent)==null?void 0:Y.parent;if((A==null?void 0:A.getChildAt(0).getText())==="aws")return he((ee=(Z=e.config)==null?void 0:Z.aws)==null?void 0:ee.region)}}return d}return rt(i,m)},n=st("test.ts",r,at.ES2015,!0,ct.TS),a=pt(n,[o]),l=a.transformed[0],s=t.printFile(l);return a.dispose(),s};import lt from"node:path";var mt=async(e,t)=>{let{dotsecConfig:r}=t,o=e.enablePositionalOptions().passThroughOptions().command("init").action(async(n,a)=>{let{configFile:l,yes:s}=a.optsWithGlobals();try{let p=ye({configFile:lt.resolve(__dirname,"../../src/templates/dotsec.config.ts")}),i=await I({filePath:l,skip:s});(i===void 0||i.overwrite===!0)&&(await H(l,p),console.log(`Wrote config file to ${F(l)}`))}catch(p){a.error(p)}});return T({program:o,dotsecConfig:r}),o},Ce=mt;import{parse as dt}from"dotenv";import{expand as ft}from"dotenv-expand";import Oe from"node:fs";var ut=async(e,t)=>{let{dotsecConfig:r,handlers:o}=t,n=e.enablePositionalOptions().passThroughOptions().command("push").action(async(a,l)=>{var s,p,i;try{let{envFile:m,secFile:d,withEnv:C,withSec:D,engine:v,yes:f}=l.optsWithGlobals(),u=v||((s=r==null?void 0:r.defaults)==null?void 0:s.encryptionEngine),g=(p=(o||[]).find(P=>{var x;return((x=P.decrypt)==null?void 0:x.triggerOptionValue)===u}))==null?void 0:p.decrypt,h=(i=(o||[]).find(P=>{var x;return((x=P.push)==null?void 0:x.triggerOptionValue)===u}))==null?void 0:i.push;if(!h)throw new Error("No push plugin found!");let y=[...Object.keys((g==null?void 0:g.options)||{}),...Object.keys((g==null?void 0:g.requiredOptions)||{}),...Object.keys((h==null?void 0:h.options)||{}),...Object.keys((h==null?void 0:h.requiredOptions)||{})],w=Object.fromEntries(y.map(P=>[P,a[P]]));if(C&&D)throw new Error("Cannot use both --with-env and --with-sec");let O;if(C||!(C||D)){if(!m)throw new Error("No dotenv file specified in --env-file option");O=Oe.readFileSync(m,"utf8")}else if(D){if(!d)throw new Error("No dotsec file specified in --sec-file option");if(!g)throw new Error(`No decryption plugin found, available decryption engine(s): ${o.map(x=>{var N;return`--${(N=x.decrypt)==null?void 0:N.triggerOptionValue}`}).join(", ")}`);let P=Oe.readFileSync(d,"utf8");O=await g.handler(c({ciphertext:P},w))}if(O){let P=dt(O),x=ft({ignoreProcessEnv:!0,parsed:c(c({},process.env),P)});x.parsed&&await h.handler(c({push:x.parsed,yes:f},w))}else throw new Error("No .env or .sec file provided")}catch(m){console.error(m),process.exit(1)}});return T({program:n,dotsecConfig:r}),n},we=ut;import ve from"node:fs";import{parse as gt}from"dotenv";import{expand as yt}from"dotenv-expand";import{spawnSync as ht}from"node:child_process";var Ct=(e,t)=>{let{dotsecConfig:r,decryptHandlers:o}=t||{},n=o!==void 0&&o.length>0,a=e.command("run <command...>").allowUnknownOption(!0).enablePositionalOptions().passThroughOptions().showHelpAfterError(!0).action(async(l,s,p)=>{var i;try{let{envFile:m,secFile:d,withEnv:C,withSec:D,engine:v}=p.optsWithGlobals();if(C&&D)throw new Error("Cannot use both --with-env and --with-sec");let f;if(C||!(C||D)||n===!1){if(!m)throw new Error("No dotenv file specified in --env-file option");f=ve.readFileSync(m,"utf8")}else if(D){if(!d)throw new Error("No dotsec file specified in --sec-file option");let u=v||((i=r==null?void 0:r.defaults)==null?void 0:i.encryptionEngine),g=(o||[]).find(O=>O.triggerOptionValue===u);if(!g)throw new Error(`No decryption plugin found, available decryption engine(s): ${(o||[]).map(O=>`--${O.triggerOptionValue}`).join(", ")}`);let h=[...Object.keys(g.options||{}),...Object.keys(g.requiredOptions||{})],y=Object.fromEntries(h.map(O=>[O,s[O]])),w=ve.readFileSync(d,"utf8");f=await g.handler(c({ciphertext:w},y))}if(f){let u=gt(f),g=yt({ignoreProcessEnv:!0,parsed:c(c({},process.env),u)}),[h,...y]=l,w=ht(h,[...y],{stdio:"inherit",shell:!1,encoding:"utf-8",env:E(c(c({},g.parsed),process.env),{__DOTSEC_ENV__:JSON.stringify(Object.keys(u))})});w.status!==0&&process.exit(w.status||1)}else throw new Error("No .env or .sec file provided")}catch(m){console.error(F(m.message)),p.help()}});if(T({program:a,commandName:n?"run":"runEnvOnly",dotsecConfig:r}),n){o==null||o.map(s=>{let{options:p,requiredOptions:i}=s;$(p,a),$(i,a,!0)});let l=o==null?void 0:o.map(s=>s.triggerOptionValue);a.option("--engine <engine>",`Encryption engine${l.length>0?"s":""}: ${l.join(", "),l.length===1?l[0]:void 0}`)}return a},De=Ct;import wt from"ajv";import vt from"yargs-parser";var Dt={keyword:"separator",type:"string",metaSchema:{type:"string",description:"value separator"},modifying:!0,valid:!0,errors:!1,compile:e=>(t,r)=>{if(r){let{parentData:o,parentDataProperty:n}=r;return o[n]=t===""?[]:t.split(e),!0}else return!1}},k=new Ot;(async()=>{var d,C,D,v;let e=vt(process.argv),t=[];e.plugin&&(Array.isArray(e.plugin)?t.push(...e.plugin):t.push(e.plugin));let r=[...Array.isArray(e.config)?e.config:[e.config],...Array.isArray(e.c)?e.c:[e.c]][0],{contents:o={}}=await ae(r),{defaults:n,push:a}=o;k.name("dotsec").description(".env, but secure").version("1.0.0").enablePositionalOptions().action((f,u)=>{u.help()}),T({program:k,dotsecConfig:o});let l=new wt({allErrors:!0,removeAdditional:!0,useDefaults:!0,coerceTypes:!0,allowUnionTypes:!0,addUsedSchema:!1,keywords:[Dt]}),s={};if(t.length>0)for(let f of t){let g=await(await z({name:f}))({dotsecConfig:o,ajv:l,configFile:r});s[g.name]=f,t.length===1&&(o.defaults=E(c({},o.defaults),{encryptionEngine:String(g.name),plugins:E(c({},(d=o.defaults)==null?void 0:d.plugins),{[g.name]:c({},(D=(C=o.defaults)==null?void 0:C.plugins)==null?void 0:D[g.name])})}))}(n==null?void 0:n.encryptionEngine)&&(((v=n==null?void 0:n.plugins)==null?void 0:v[n.encryptionEngine])||(n.plugins=E(c({},n.plugins),{[n.encryptionEngine]:{}}))),(n==null?void 0:n.plugins)&&Object.entries(n==null?void 0:n.plugins).forEach(([f,u])=>{(u==null?void 0:u.module)?s[f]=u==null?void 0:u.module:s[f]=`@dotsec/plugin-${f}`}),Object.values(a||{}).forEach(f=>{Object.keys(f).forEach(u=>{s[u]||(s[u]=`@dotsec/plugin-${u}`)})});let p=[],i=[],m=[];for(let f of Object.keys(s)){let u=s[f],g=await z({name:u}),{addCliCommand:h,cliHandlers:y}=await g({ajv:l,dotsecConfig:o,configFile:r});(y==null?void 0:y.encrypt)&&p.push(y.encrypt),(y==null?void 0:y.decrypt)&&(i.push(y.decrypt),(y==null?void 0:y.push)&&m.push({push:y.push,decrypt:y.decrypt})),h&&h({program:k})}p.length&&await ge(k,{dotsecConfig:o,encryptHandlers:p}),i.length&&await ue(k,{dotsecConfig:o,decryptHandlers:i}),m.length&&await we(k,{dotsecConfig:o,handlers:m}),await Ce(k,{dotsecConfig:o}),await De(k,{dotsecConfig:o,decryptHandlers:i}),await k.parse()})();
9
41
  //# sourceMappingURL=index.mjs.map