harperdb 4.7.8 → 4.7.9

package/bin/lite.js

@@ -20,7 +20,7 @@ var WX=Object.create;var hm=Object.defineProperty;var jX=Object.getOwnPropertyDe
 `),xd&&(clearTimeout(o),f())):xd||l<performance.now()+S$?f(E):(l=Math.min(l,performance.now()+S$),c=[E],o=setTimeout(f,1))}function f(h){if(p(),s){let E=performance.now();na.appendFileSync(s,c?c.join(""):h);let _=performance.now();l=Math.max(_,l)+(_-E)*50}else i||console.log(c?c.join(""):h);c&&(c=null)}function m(){try{na.closeSync(s)}catch{}s=null,r&&(kS=null)}function p(h){if(!s){try{s=na.openSync(e,"a"),r&&(kS=s)}catch(E){if(E.code==="ENOENT"&&!h)return na.mkdirpSync(sh.dirname(e)),p(!0);i||(i=!0,console.error(E))}setTimeout(()=>{m()},dle).unref()}}}a(T$,"getFileLogger");function _le(...e){Mt.info(...e)}a(_le,"info");function gle(...e){Mt.trace(...e)}a(gle,"trace");function dC(...e){Mt.error(...e)}a(dC,"error");function Sle(...e){Mt.debug(...e)}a(Sle,"debug");function Tle(...e){Mt.notify(...e)}a(Tle,"notify");function yle(...e){Mt.fatal(...e)}a(yle,"fatal");function Rle(...e){Mt.warn(...e)}a(Rle,"warn");function ble(e,t,r,...n){uC=r.service_name;try{Mt[e](...n)}finally{uC=void 0}}a(ble,"logCustomLevel");function Ale(){let e;try{e=ole.homedir()}catch{e=process.env.HOME}e||(e="~/");let t=sa(e,Vr.HDB_HOME_DIR_NAME,Vr.BOOT_PROPS_FILE_NAME);return na.existsSync(t)||(t=sa(fC,"utility/hdb_boot_properties.file")),t}a(Ale,"getPropsFilePath");function Ile(e){uo=e}a(Ile,"setLogLevel");function wle(e){try{if(e.includes("config/settings.js")){let u=b$(e);return{level:u.get(Vr.HDB_SETTINGS_NAMES.LOG_LEVEL_KEY),configLogPath:sh.dirname(u.get(Vr.HDB_SETTINGS_NAMES.LOG_PATH_KEY)),toFile:u.get(Vr.HDB_SETTINGS_NAMES.LOG_TO_FILE),toStream:u.get(Vr.HDB_SETTINGS_NAMES.LOG_TO_STDSTREAMS)}}let t=R$.parseDocument(na.readFileSync(e,"utf8")),r=t.getIn(["logging","level"]),n=t.getIn(["logging","root"]),s=t.getIn(["logging","file"]),i=t.getIn(["logging","stdStreams"]),o=t.getIn(["logging","console"]),c=t.getIn(["logging","colors"])??!0,l=t.getIn(["logging","rotation"])?.toJSON();return{level:r,configLogPath:n,toFile:s,toStream:i,logConsole:o,colorMode:c,rotation:l}}catch(t){if(t.code===Vr.NODE_ERROR_CODES.ENOENT)throw t;console.error("Error accessing config file for logging"),console.error(t)}}a(wle,"getLogConfig");function Nle(){try{let e=R$.parseDocument(na.readFileSync(ule,"utf8")),t=e.getIn(["logging","level"]),r=e.getIn(["logging","file"]),n=e.getIn(["logging","stdStreams"]);return{defaultLevel:t,defaultToFile:r,defaultToStream:n}}catch(e){console.error("Error accessing default config file for logging"),console.error(e)}}a(Nle,"getDefaultConfig");function Cle(e){return typeof e.message=="string"?`${e.constructor.name}: ${e.message}`:e.toString()}a(Cle,"errorToString");function Ole(e){Mt=e}a(Ole,"setMainLogger");function C$(){try{na.closeSync(kS)}catch{}kS=null}a(C$,"closeLogFile");function Ple(e,t,r,n,s,i){this.username=e,this.status=t,this.type=r,this.originating_ip=n,this.request_method=s,this.path=i}a(Ple,"AuthAuditLog");var{RootConfigWatcher:Lle}=(h$(),D(p$))});var fe=M((D$,v$)=>{"use strict";var mC=require("fs-extra"),ql=require("path"),O$=require("os"),Dle=require("properties-reader"),ch=Q(),ah=ae(),Ge=(G(),D(j)),VS=gt(),vle="Error initializing environment manager",KS="BOOT_PROPS_FILE_PATH",P$=!1,Mle={[Ge.HDB_SETTINGS_NAMES.INSTALL_USER]:!0,[Ge.HDB_SETTINGS_NAMES.SETTINGS_PATH_KEY]:!0,[Ge.HDB_SETTINGS_NAMES.HDB_ROOT_KEY]:!0,BOOT_PROPS_FILE_PATH:!0},ia={};Object.assign(D$,v$.exports={BOOT_PROPS_FILE_PATH:KS,getHdbBasePath:Ule,setHdbBasePath:xle,get:L$,initSync:Fle,setProperty:tt,initTestEnvironment:kle});function Ule(){return ia[Ge.HDB_SETTINGS_NAMES.HDB_ROOT_KEY]}a(Ule,"getHdbBasePath");function xle(e){ia[Ge.HDB_SETTINGS_NAMES.HDB_ROOT_KEY]=e}a(xle,"setHdbBasePath");function L$(e){let t=VS.getConfigValue(e);return t===void 0?ia[e]:t}a(L$,"get");function tt(e,t){Mle[e]&&(ia[e]=t),VS.updateConfigObject(e,t)}a(tt,"setProperty");function Ble(){let e;try{e=ah.getPropsFilePath(),mC.accessSync(e,mC.constants.F_OK|mC.constants.R_OK),P$=!0;let t=Dle(e);return ia[Ge.HDB_SETTINGS_NAMES.INSTALL_USER]=t.get(Ge.HDB_SETTINGS_NAMES.INSTALL_USER),ia[Ge.HDB_SETTINGS_NAMES.SETTINGS_PATH_KEY]=t.get(Ge.HDB_SETTINGS_NAMES.SETTINGS_PATH_KEY),ia[KS]=e,!0}catch{return ch.trace(`Environment manager found no properties file at ${e}`),!1}}a(Ble,"doesPropFileExist");function Fle(e=!1){try{(P$||Ble()||ah.noBootFile()||e)&&(VS.initConfig(e),ia[Ge.HDB_SETTINGS_NAMES.HDB_ROOT_KEY]=VS.getConfigValue(Ge.HDB_SETTINGS_NAMES.HDB_ROOT_KEY))}catch(t){ch.error(vle),ch.error(t),console.error(t),process.exit(1)}}a(Fle,"initSync");function kle(e={}){try{let{keep_alive_timeout:t,headers_timeout:r,server_timeout:n,https_enabled:s,cors_enabled:i,cors_accesslist:o,local_studio_on:c}=e,l=ql.join(__dirname,"../../","unitTests");ia[KS]=ql.join(l,"hdb_boot_properties.file"),tt(Ge.HDB_SETTINGS_NAMES.SETTINGS_PATH_KEY,ql.join(l,"settings.test")),tt(Ge.HDB_SETTINGS_NAMES.INSTALL_USER,O$.userInfo()?O$.userInfo().username:void 0),tt(Ge.HDB_SETTINGS_NAMES.LOG_LEVEL_KEY,"debug"),tt(Ge.HDB_SETTINGS_NAMES.LOG_PATH_KEY,ql.join(l,"envDir","log")),tt(Ge.HDB_SETTINGS_NAMES.LOG_DAILY_ROTATE_KEY,!1),tt(Ge.HDB_SETTINGS_NAMES.CLUSTERING_ENABLED_KEY,!0),tt(Ge.HDB_SETTINGS_NAMES.CLUSTERING_NODE_NAME_KEY,"1231412de213"),tt(Ge.HDB_SETTINGS_NAMES.HDB_ROOT_KEY,ql.join(l,"envDir")),tt(Ge.CONFIG_PARAMS.STORAGE_PATH,ql.join(l,"envDir")),s&&(tt(Ge.CONFIG_PARAMS.HTTP_SECUREPORT,L$(Ge.CONFIG_PARAMS.HTTP_PORT)),tt(Ge.CONFIG_PARAMS.HTTP_PORT,null)),tt(Ge.CONFIG_PARAMS.CUSTOMFUNCTIONS_NETWORK_HTTPS,!!s),tt(Ge.CONFIG_PARAMS.HTTP_PORT,9926),tt(Ge.HDB_SETTINGS_NAMES.SERVER_PORT_KEY,9925),tt(Ge.CONFIG_PARAMS.OPERATIONSAPI_NETWORK_PORT,9925),tt(Ge.HDB_SETTINGS_NAMES.CORS_ENABLED_KEY,ah.isEmpty(i)?!1:i),tt(Ge.CONFIG_PARAMS.HTTP_CORS,ah.isEmpty(i)?!1:i),tt(Ge.HDB_SETTINGS_NAMES.MAX_CUSTOM_FUNCTION_PROCESSES,2),tt(Ge.HDB_SETTINGS_NAMES.MAX_HDB_PROCESSES,4),tt(Ge.HDB_SETTINGS_NAMES.CUSTOM_FUNCTIONS_PORT_KEY,9926),tt(Ge.HDB_SETTINGS_NAMES.CUSTOM_FUNCTIONS_ENABLED_KEY,!0),tt(Ge.HDB_SETTINGS_NAMES.CUSTOM_FUNCTIONS_DIRECTORY_KEY,ql.resolve(__dirname,"../../unitTests/server/fastifyRoutes/custom_functions")),tt(Ge.HDB_SETTINGS_NAMES.LOCAL_STUDIO_ON,ah.isEmpty(c)?!1:c),o&&(tt("CORS_ACCESSLIST",o),tt(Ge.CONFIG_PARAMS.HTTP_CORSACCESSLIST,o)),n&&(tt(Ge.HDB_SETTINGS_NAMES.SERVER_TIMEOUT_KEY,n),tt(Ge.CONFIG_PARAMS.HTTP_TIMEOUT,n)),t&&(tt(Ge.HDB_SETTINGS_NAMES.SERVER_KEEP_ALIVE_TIMEOUT_KEY,t),tt(Ge.CONFIG_PARAMS.HTTP_KEEPALIVETIMEOUT,t)),r&&(tt(Ge.HDB_SETTINGS_NAMES.SERVER_HEADERS_TIMEOUT_KEY,r),tt(Ge.CONFIG_PARAMS.HTTP_HEADERSTIMEOUT,r))}catch(t){let r=`Error reading in HDB environment variables from path ${KS}.  Please check your boot props and settings files`;ch.fatal(r),ch.error(t)}}a(kle,"initTestEnvironment")});var EC={};ye(EC,{loadGQLSchema:()=>qle,start:()=>hC,startOnMainThread:()=>Gle});function hC({ensureTable:e}){return{handleFile:t,setupFile:t};async function t(r,n,s,i){let{parse:o,Source:c,Kind:l,NamedTypeNode:u,StringValueNode:d}=await import("graphql"),f=o(new c(r.toString(),s)),m=new Map,p=[],h;for(let R of f.definitions)switch(R.kind){case l.OBJECT_TYPE_DEFINITION:let H=function(q){if(q.kind==="NonNullType"){let Y=H(q.type);return Y.nullable=!1,Y}if(q.kind==="ListType")return{type:"array",elements:H(q.type)};let z={type:q.name?.value};return Object.defineProperty(z,"location",{value:q.loc.startToken}),z};a(H,"getProperty");let S=R.name.value,y=[],w={table:null,database:null,properties:y};m.set(S,w),i.allTypes.set(S,w);for(let q of R.directives){if(q.name.value==="table"){for(let z of q.arguments)w[z.name.value]=z.value.value;w.schema&&(w.database=w.schema),w.table||(w.table=S),w.audit&&(w.audit=w.audit!=="false"),w.attributes=w.properties,p.push(w)}if(q.name.value==="sealed"&&(w.sealed=!0),q.name.value==="splitSegments"&&(w.splitSegments=!0),q.name.value==="replicate"&&(w.replicate=!0),q.name.value==="export"){w.export=!0;for(let z of q.arguments)typeof w.export!="object"&&(w.export={}),w.export[z.name.value]=z.value.value}}let I=!1,X={};for(let q of R.fields){let k=H(q.type);k.name=q.name.value,y.push(k),X[k.name]=void 0;for(let z of q.directives){let Y=z.name.value;if(Y==="primaryKey")I?console.warn("Can not define two attributes as a primary key at",z.loc):(k.isPrimaryKey=!0,I=!0);else if(Y==="indexed"){let ce={};for(let de of z.arguments||[])ce[de.name.value]=de.value.value;k.indexed=ce}else if(Y==="computed"){for(let ce of z.arguments||[])if(ce.name.value==="from"){let de=ce.value.value;k.computed={from:_(de,ce,X)},k.version==null&&(k.version=de)}else ce.name.value==="version"&&(k.version=ce.value.value);k.computed=k.computed||!0}else if(Y==="relationship"){let ce={};for(let de of z.arguments)ce[de.name.value]=de.value.value;k.relationship=ce}else if(Y==="createdTime")k.assignCreatedTime=!0;else if(Y==="updatedTime")k.assignUpdatedTime=!0;else if(Y==="expiresAt")k.expiresAt=!0;else if(Y==="enumerable")k.enumerable=!0;else if(Y==="allow"){let ce=k.authorizedRoles=[];for(let de of z.arguments)de.name.value==="role"&&ce.push(de.value.value)}else server.knownGraphQLDirectives.includes(Y)&&console.warn(`@${Y} is an unknown directive, at`,z.loc)}}w.type=S,S==="Query"&&(h=w)}function E(R){let S=m.get(R.type);S?(Object.defineProperty(R,"properties",{value:S.properties}),Object.defineProperty(R,"definition",{value:S})):R.type==="array"?E(R.elements):Hle.includes(R.type)||(0,U$.getWorkerIndex)()===0&&console.error(`The type ${R.type} is unknown at line ${R.location.line}, column ${R.location.column}, in ${s}`)}a(E,"connectPropertyType");for(let R of m.values())for(let S of R.properties)E(S);for(let R of p)R.tableClass=e(R),R.export&&(R.export.name===""?i.set((0,pC.dirname)(n),R.tableClass):i.set((0,pC.dirname)(n)+"/"+(R.export.name||R.type),R.tableClass,R.export));function _(R,S,y){return new M$.Script(`function computed(attributes) { return function(record) { with(attributes) { with (record) { return ${R}; } } } } computed;`,{filename:s,lineOffset:S.loc.startToken.line-1,columnOffset:S.loc.startToken.column}).runInThisContext()(y)}a(_,"createComputedFrom")}}var pC,M$,U$,Hle,Gle,qle,x$=se(()=>{pC=require("path"),M$=require("node:vm");Oe();U$=b(st());Za();Hle=["ID","Int","Float","Long","String","Boolean","Date","Bytes","Any","BigInt","Blob"];server.knownGraphQLDirectives||(server.knownGraphQLDirectives=[]);server.knownGraphQLDirectives.push("table","sealed","export","primaryKey","indexed","computed","relationship","createdTime","updatedTime","expiresAt","allow","enumerable");a(hC,"start");Gle=hC,qle=a(e=>hC({ensureTable:ze}).handleFile(e,null,null,new rd),"loadGQLSchema")});var gC={};ye(gC,{start:()=>Qle});function $le(e){if(e.kind!==qe.Kind.OPERATION_DEFINITION&&e.kind!==qe.Kind.FRAGMENT_DEFINITION)throw new Kr(`Unexpected non-executable definition type ${e.kind}.`)}function B$(e){if(typeof e!="object"||e===null)throw new fo("Request body must be an object.");if(!("query"in e))throw new fo("Request body must contain a `query` field.");if(typeof e.query!="string")throw new fo("Request body `query` field must be a string.");if("variables"in e&&(typeof e.variables!="object"||e.variables===null))throw new fo("Request body `variables` field must be an object.");if("operationName"in e&&typeof e.operationName!="string")throw new fo("Request body `operationName` field must be a string.")}function _C(e){return parseInt(e.value,10)}function k$(e){return parseFloat(e.value)}function H$(e,t,r){let n=r.get(e.name.value);return G$(n)?q$(n,t):{attribute:t,value:n}}function G$(e){return typeof e=="object"&&e!=null&&!Array.isArray(e)}function q$(e,t){return t=typeof t=="string"?[t]:t,Object.entries(e).flatMap(([r,n])=>(t=[...t,r],G$(n)?q$(n,t):{attribute:t,value:n}))}function Vle(e,t,r){switch(t=[...t,e.name.value],e.value.kind){case qe.Kind.NULL:return{attribute:t,value:null};case qe.Kind.INT:return{attribute:t,value:_C(e.value)};case qe.Kind.FLOAT:return{attribute:t,value:k$(e.value)};case qe.Kind.BOOLEAN:case qe.Kind.STRING:return{attribute:t,value:e.value.value};case qe.Kind.VARIABLE:return H$(e.value,t,r);case qe.Kind.OBJECT:return $$(e.value,t,r);case qe.Kind.LIST:case qe.Kind.ENUM:default:throw new Kr(`Value type, ${e.value.kind}, is not supported.`)}}function $$(e,t,r){return e.fields.flatMap(n=>Vle(n,t,r))}function Kle(e,t){switch(e.value.kind){case qe.Kind.NULL:return{attribute:e.name.value,value:null};case qe.Kind.INT:return{attribute:e.name.value,value:_C(e.value)};case qe.Kind.FLOAT:return{attribute:e.name.value,value:k$(e.value)};case qe.Kind.BOOLEAN:case qe.Kind.STRING:return{attribute:e.name.value,value:e.value.value};case qe.Kind.VARIABLE:return H$(e.value,e.name.value,t);case qe.Kind.OBJECT:return $$(e.value,[e.name.value],t);case qe.Kind.LIST:case qe.Kind.ENUM:default:throw new Kr(`Argument type, ${e.value.kind}, is not supported.`)}}function Yle(e,t){return e.flatMap(r=>Kle(r,t))}function YS(e,t){return e.selections.flatMap(r=>{switch(r.kind){case qe.Kind.FIELD:return r;case qe.Kind.FRAGMENT_SPREAD:{let n=r.name.value,s=t.get(n);if(s==null)throw new Kr(`Fragment \`${n}\` not found.`);return YS(s.selectionSet,t)}case qe.Kind.INLINE_FRAGMENT:return YS(r.selectionSet,t)}})}function V$(e,t){return YS(e,t).map(r=>r.selectionSet?.selections.length>0?{name:r.name.value,select:V$(r.selectionSet,t)}:r.name.value)}async function Wle(e,t,r,n){let s=xs.getMatch(e.name.value,"graphql");if(s===void 0)throw new Kr(`Resource \`${e.name.value}\` not found.`);let i=s.Resource,o={select:V$(e.selectionSet,r),conditions:Yle(e.arguments,t)},c=[];n.authorize=!0;for await(let l of i.search(o,n))c.push(l);return[e.name.value,c]}function K$(e){switch(e.kind){case qe.Kind.NULL:return null;case qe.Kind.INT:return _C(e);case qe.Kind.FLOAT:return parseFloat(e.value);case qe.Kind.STRING:case qe.Kind.BOOLEAN:return e.value;case qe.Kind.OBJECT:return e.fields.reduce((t,r)=>({[r.name.value]:K$(r.value),...t}),{});case qe.Kind.LIST:case qe.Kind.ENUM:default:throw new Kr(`Value type, ${e.kind}, is not supported.`)}}function jle(e,t){let r=new Map;for(let n of e){let s=n.variable.name.value,i=t?.[s];if(i===void 0&&n.defaultValue!==void 0&&(i=K$(n.defaultValue)),n.type.kind===qe.Kind.NON_NULL_TYPE&&!(s in t)&&i===void 0)throw new Kr(`Variable $${s} is required, but not provided.`);r.set(n.variable.name.value,i??null)}return r}async function zle(e,t,r,n){if(e.operation===qe.OperationTypeNode.SUBSCRIPTION)throw new Kr("Subscriptions are not supported.");if(e.operation===qe.OperationTypeNode.MUTATION)throw new Kr("Mutations are not supported yet.");let s=jle(e.variableDefinitions,t),i=await Promise.all(YS(e.selectionSet,r).map(c=>Wle(c,s,r,n))),o={data:{}};for(let[c,l]of i)o.data[c]=l;return o}async function F$({query:e,variables:t={},operationName:r},n){let s=qe.parse(e),i=new Map,o=new Map;for(let u of s.definitions)if($le(u),u.kind===qe.Kind.FRAGMENT_DEFINITION)o.set(u.name.value,u);else{if(u.name===void 0&&s.definitions.length>1)throw new Kr("Unnamed operations are only allowed when there is a single operation in the document.");let d=u.name?.value??"Unnamed Query";if(i.has(d))throw new Kr(`Duplicate operation definition: ${d}`);i.set(d,u)}let c;if(r==null)if(i.size===1)c=i.entries().next().value[1];else throw new Kr("Operation name is required when there are multiple operations in the document.");else if(c=i.get(r),c==null)throw new Kr(`Operation \`${r}\` not found.`);let l=await zle(c,t,o,n);return{status:200,headers:{"Content-Type":"application/graphql-response+json; charset=utf-8"},body:JSON.stringify(l)}}async function Jle(e){switch(e.method){case"GET":{let t=new URLSearchParams(e.url.split("?")[1]),r={};for(let[n,s]of t)r[n]=n==="variables"||n==="extensions"?JSON.parse(s):s;return B$(r),F$(r,e)}case"POST":{let r=await qo(e.headers.get("content-type"),!0)(e._nodeRequest);return B$(r),F$(r,e)}default:throw new fo("Method Not Allowed",405,{Allow:"GET, POST"})}}function Qle(e){e.server.http(async(t,r)=>{if(!t.url.startsWith("/graphql"))return r(t);try{return await Jle(t)}catch(n){logger.error(n);let s=t.headers.get("accept")??"application/graphql-response+json";switch(s){case"application/json":{if(n instanceof fo)return{status:n.statusCode,body:JSON.stringify({errors:[{message:n.message}]}),headers:{"Content-Type":"application/json",...n.headers}};if(n instanceof qe.GraphQLError)return{status:200,body:JSON.stringify({errors:[n]}),headers:{"Content-Type":"application/json"}};if(n instanceof Kr)return{status:200,body:JSON.stringify({errors:[{message:n.message}]}),headers:{"Content-Type":"application/json"}};if(n instanceof Error)return{status:500,body:JSON.stringify({errors:[{message:n.message}]}),headers:{"Content-Type":"application/json"}};break}default:logger.info(`Unsupported accept header, ${s}, defaulting to application/graphql-response+json`);case"application/graphql-response+json":{if(n instanceof fo)return{status:n.statusCode,body:JSON.stringify({errors:[{message:n.message}]}),headers:{"Content-Type":"application/graphql-response+json",...n.headers}};if(n instanceof qe.GraphQLError)return{status:400,body:JSON.stringify({errors:[n]}),headers:{"Content-Type":"application/graphql-response+json"}};if(n instanceof Kr)return{status:400,body:JSON.stringify({errors:[{message:n.message}]}),headers:{"Content-Type":"application/graphql-response+json"}};if(n instanceof Error)return{status:500,body:JSON.stringify({errors:[{message:n.message}]}),headers:{"Content-Type":"application/graphql-response+json"}};break}}throw n}},{port:e.port,securePort:e.securePort})}var qe,Kr,fo,Y$=se(()=>{qe=b(require("graphql"));$o();Za();a($le,"assertExecutableDefinitionNode");a(B$,"assertRequestParams");a(_C,"processIntValueNode");a(k$,"processFloatValueNode");a(H$,"processVariableNode");a(G$,"isObject");a(q$,"transformObjectIntoQueryCondition");a(Vle,"processObjectFieldNode");a($$,"processObjectValueNode");a(Kle,"processArgumentNode");a(Yle,"buildConditionsQuery");a(YS,"fillInFragments");a(V$,"buildSelectQuery");a(Wle,"processFieldNode");a(K$,"processConstValueNode");a(jle,"resolveVariables");a(zle,"executeOperation");a(F$,"resolver");Kr=class extends Error{static{a(this,"GraphQLQueryingError")}},fo=class extends Error{static{a(this,"HTTPError")}statusCode;headers;constructor(t,r=400,n={}){super(t),this.statusCode=r,this.headers=n}};a(Jle,"graphqlQueryingHandler");a(Qle,"start")});var X$=M((axe,Q$)=>{var Bd=require("validate.js"),j$=pt(),Fd=(G(),D(j)),{handleHDBError:Xle,hdbErrors:Zle}=Ee(),{HDB_ERROR_MSGS:cr,HTTP_STATUS_CODES:eue}=Zle,SC=a(()=>({role:{presence:!0,format:"[\\w\\-\\_]+"},id:{presence:!0,format:"[\\w\\-\\_]+"},permission:{presence:!0}}),"constraintsTemplate"),tue={STRUCTURE_USER:"structure_user"},W$=Object.values(Fd.ROLE_TYPES_ENUM),rue="attribute_permissions",nue="attribute_name",{PERMS_CRUD_ENUM:kd}=Fd,sue=[rue,...Object.values(kd)],z$=[kd.READ,kd.INSERT,kd.UPDATE],iue=[nue,...z$];function oue(e){let t=SC();return t.role.presence=!0,t.id.presence=!1,t.permission.presence=!0,J$(e,t)}a(oue,"addRoleValidation");function aue(e){let t=SC();return t.role.presence=!1,t.id.presence=!0,t.permission.presence=!0,J$(e,t)}a(aue,"alterRoleValidation");function cue(e){let t=SC();return t.role.presence=!1,t.id.presence=!0,t.permission.presence=!1,j$.validateObject(e,t)}a(cue,"dropRoleValidation");var lue=["operation","role","id","permission","hdb_user","access"];function J$(e,t){let r={main_permissions:[],schema_permissions:{}},n=Object.keys(e),s=[];for(let o=0,c=n.length;o<c;o++)lue.includes(n[o])||s.push(n[o]);s.length>0&&Er(cr.INVALID_ROLE_JSON_KEYS(s),r);let i=j$.validateObject(e,t);if(i&&i.message.split(",").forEach(o=>{Er(o,r)}),e.permission){let o=uue(e);o&&Er(o,r),W$.forEach(c=>{e.permission[c]&&!Bd.isBoolean(e.permission[c])&&Er(cr.SU_CU_ROLE_BOOLEAN_ERROR(c),r)})}for(let o in e.permission)if(W$.indexOf(o)<0){if(o===tue.STRUCTURE_USER){let l=e.permission[o];if(typeof l=="boolean")continue;if(Array.isArray(l)){for(let u=0,d=l.length;u<d;u++){let f=l[u];global.hdb_schema[f]||Er(cr.SCHEMA_NOT_FOUND(f),r)}continue}Er(cr.STRUCTURE_USER_ROLE_TYPE_ERROR(o),r);continue}let c=e.permission[o];if(!o||!global.hdb_schema[o]){Er(cr.SCHEMA_NOT_FOUND(o),r);continue}if(c.tables)for(let l in c.tables){let u=c.tables[l];if(!l||!global.hdb_schema[o][l]){Er(cr.TABLE_NOT_FOUND(o,l),r);continue}if(Object.keys(u).forEach(d=>{sue.includes(d)||Er(cr.INVALID_PERM_KEY(d),r,o,l)}),Object.values(kd).forEach(d=>{Bd.isDefined(u[d])?Bd.isBoolean(u[d])||Er(cr.TABLE_PERM_NOT_BOOLEAN(d),r,o,l):Er(cr.TABLE_PERM_MISSING(d),r,o,l)}),u.attribute_permissions===void 0){Er(cr.ATTR_PERMS_ARRAY_MISSING,r,o,l);continue}else if(!(Array.isArray(u.attribute_permissions)||u.attribute_permissions===null)){Er(cr.ATTR_PERMS_NOT_ARRAY,r,o,l);continue}if(u.attribute_permissions){let d=global.hdb_schema[o][l].attributes.map(({attribute:m})=>m),f={read:!1,insert:!1,update:!1};for(let m in u.attribute_permissions){let p=u.attribute_permissions[m];if(Object.keys(p).forEach(E=>{!iue.includes(E)&&E!==kd.DELETE&&Er(cr.INVALID_ATTR_PERM_KEY(E),r,o,l)}),!Bd.isDefined(p.attribute_name)){Er(cr.ATTR_PERM_MISSING_NAME,r,o,l);continue}let h=p.attribute_name;if(!d.includes(h)){Er(cr.INVALID_ATTRIBUTE_IN_PERMS(h),r,o,l);continue}z$.forEach(E=>{Bd.isDefined(p[E])?Bd.isBoolean(p[E])||Er(cr.ATTR_PERM_NOT_BOOLEAN(E,h),r,o,l):Er(cr.ATTR_PERM_MISSING(E,h),r,o,l)}),!f.read&&p.read===!0&&(f.read=!0),!f.insert&&p.insert===!0&&(f.insert=!0),!f.update&&p.update===!0&&(f.update=!0)}if(u.read===!1&&f.read===!0||u.insert===!1&&f.insert===!0||u.update===!1&&f.update===!0){let m=`${o}.${l}`;Er(cr.MISMATCHED_TABLE_ATTR_PERMS(m),r,o,l)}}}}return due(r)}a(J$,"customValidate");Q$.exports={addRoleValidation:oue,alterRoleValidation:aue,dropRoleValidation:cue};function uue(e){let{operation:t,permission:r}=e;if(t===Fd.OPERATIONS_ENUM.ADD_ROLE||t===Fd.OPERATIONS_ENUM.ALTER_ROLE){let n=r.super_user===!0,s=r.cluster_user===!0;if(Object.keys(r).length>1&&(n||s)){if(s&&n)return cr.SU_CU_ROLE_COMBINED_ERROR;{let o=r.super_user?Fd.ROLE_TYPES_ENUM.SUPER_USER:Fd.ROLE_TYPES_ENUM.CLUSTER_USER;return cr.SU_CU_ROLE_NO_PERMS_ALLOWED(o)}}}return null}a(uue,"validateNoSUPerms");function due(e){let{main_permissions:t,schema_permissions:r}=e;if(t.length>0||Object.keys(r).length>0){let n={error:cr.ROLE_PERMS_ERROR,...e};return Xle(new Error,n,eue.BAD_REQUEST)}else return null}a(due,"generateRolePermResponse");function Er(e,t,r,n){if(!r)t.main_permissions.push(e);else{let s=n?r+"_"+n:r;t.schema_permissions[s]?t.schema_permissions[s].push(e):t.schema_permissions[s]=[e]}}a(Er,"addPermError")});var uh=M((uxe,rV)=>{"use strict";var Z$=$n(),eV=gn(),fue=Dl(),yC=X$(),RC=Qo(),lxe=require("uuid").v4,mue=require("util"),WS=(G(),D(j)),pue=ae(),bC=eV.searchByValue,hue=eV.searchByHash,Eue=mue.promisify(fue.delete),_ue=ui(),gue=ud(),{hdbErrors:Sue,handleHDBError:$l}=Ee(),{HDB_ERROR_MSGS:tV,HTTP_STATUS_CODES:lh}=Sue,{UserEventMsg:AC}=cs();rV.exports={addRole:Tue,alterRole:yue,dropRole:Rue,listRoles:bue};function TC(e){try{e.hdb_auth_header&&delete e.hdb_auth_header,e.HDB_INTERNAL_PATH&&delete e.HDB_INTERNAL_PATH,e.operation&&delete e.operation,e.hdb_user&&delete e.hdb_user}catch{}return e}a(TC,"scrubRoleDetails");async function Tue(e){let t=yC.addRoleValidation(e);if(t)throw t;e=TC(e);let r={schema:"system",table:"hdb_role",attribute:"role",value:e.role,hash_attribute:"id",get_attributes:["*"]},n;try{n=Array.from(await bC(r)||[])}catch(i){throw $l(i)}if(n&&n.length>0)throw $l(new Error,tV.ROLE_ALREADY_EXISTS(e.role),lh.CONFLICT,void 0,void 0,!0);e.id||(e.id=e.role);let s={operation:"insert",schema:"system",table:"hdb_role",hash_attribute:"id",records:[e]};return await Z$.insert(s),RC.signalUserChange(new AC(process.pid)),e=TC(e),e}a(Tue,"addRole");async function yue(e){let t=yC.alterRoleValidation(e);if(t)throw t;e=TC(e);let r={operation:"update",schema:"system",table:"hdb_role",records:[e]},n;try{n=await Z$.update(r)}catch(s){throw $l(s)}if(n&&n?.message==="updated 0 of 1 records")throw $l(new Error,"Invalid role id",lh.BAD_REQUEST,void 0,void 0,!0);return await RC.signalUserChange(new AC(process.pid)),e}a(yue,"alterRole");async function Rue(e){let t=yC.dropRoleValidation(e);if(t)throw $l(new Error,t,lh.BAD_REQUEST,void 0,void 0,!0);let r=new gue(WS.SYSTEM_SCHEMA_NAME,WS.SYSTEM_TABLE_NAMES.ROLE_TABLE_NAME,[e.id],["role"]),n=Array.from(await hue(r));if(n.length===0)throw $l(new Error,tV.ROLE_NOT_FOUND,lh.NOT_FOUND,void 0,void 0,!0);let s=new _ue(WS.SYSTEM_SCHEMA_NAME,WS.SYSTEM_TABLE_NAMES.USER_TABLE_NAME,"role",e.id,void 0,["username","active"]),i=Array.from(await bC(s)),o=!1;if(pue.isEmptyOrZeroLength(i)===!1){for(let l=0;l<i.length;l++)if(i[l].active===!0){o=!0;break}}if(o===!0)throw $l(new Error,`Cannot drop role ${n[0].role} as it has active user(s) tied to this role`,lh.CONFLICT,void 0,void 0,!0);let c={table:"hdb_role",schema:"system",hash_values:[e.id]};return await Eue(c),RC.signalUserChange(new AC(process.pid)),`${n[0].role} successfully deleted`}a(Rue,"dropRole");async function bue(){return bC({table:"hdb_role",schema:"system",hash_attribute:"id",attribute:"id",value:"*",get_attributes:["*"]})}a(bue,"listRoles")});var IC={};ye(IC,{start:()=>iV,startOnMainThread:()=>wue});function iV({ensureTable:e}){return{handleFile:t,setupFile:t};async function t(r){let n=(0,nV.parseDocument)(r.toString(),{simpleKeys:!0}).toJSON();for(let s in n){let i=n[s];i.permission||(i={permission:i},i.permission.access&&(i.access=i.permission.access,delete i.permission.access));for(let o in i.permission){if(Aue.includes(o))continue;let c=i.permission[o];c.tables||(i.permission[o]=c={tables:c});for(let l in c.tables){let u=c.tables[l];if(u.read=!!u.read,u.insert=!!u.insert,u.update=!!u.update,u.delete=!!u.delete,u.attributes){let d=[];for(let f in u.attributes){let m=u.attributes[f];m.attribute_name=f,d.push(m)}u.attribute_permissions=d,delete u.attributes}if(u.attribute_permissions){if(!Array.isArray(u.attribute_permissions))throw new Error("attribute_permissions must be an array if defined");for(let d of u.attribute_permissions)d.read=!!d.read,d.insert=!!d.insert,d.update=!!d.update}else u.attribute_permissions=null}}i.role=i.id=s,await Iue(i)}}}async function Iue(e){let t=lt().system.hdb_role;for await(let r of t.search([{attribute:"role",value:e.role}])){let{__createdtime__:n,__updatedtime__:s,...i}=r;return(0,sV.isEqual)(i,e)?void 0:(e.id=r.id,(0,jS.alterRole)(e))}return(0,jS.addRole)(e)}var jS,nV,sV,Aue,wue,oV=se(()=>{Oe();jS=b(uh()),nV=require("yaml"),sV=require("lodash"),Aue=["super_user","cluster_user","structure_user"];a(iV,"start");a(Iue,"ensureRole");wue=iV});async function zS(e){let t=(0,lV.pathToFileURL)(e).toString();if(Nue)return dh||(dh=Cue(Pue)),(await(await dh).import(t)).namespace;try{return await import(t)}catch(r){try{(await import("internal/util")).default.decorateErrorStack(r)}catch{}throw r}}async function Cue(e){let{StaticModuleRecord:t}=await import("@endo/static-module-record");return require("ses"),lockdown({domainTaming:"unsafe",consoleTaming:"unsafe",errorTaming:"unsafe",errorTrapping:"none",stackFiltering:"verbose"}),dh=new Compartment({console,Math,Date,fetch:Oue,...e()},{},{name:"h-dapp",resolveHook(r,n){return r==="harperdb"?"harperdb":(r=new URL(r,n).toString(),(0,cV.extname)(r)||(r+=".js"),r)},importHook:a(async r=>{if(r==="harperdb")return{imports:[],exports:["Resource","tables","databases"],execute(s){s.Resource=Xt,s.tables=yn,s.databases=Me}};let n=await(0,aV.readFile)(new URL(r),{encoding:"utf-8"});return new t(n,r)},"importHook")}),dh}function Oue(e,t){let r=typeof e=="string"||e.url;if(new URL(r).protocol!="https")throw new Error("Only https is allowed in fetch");return fetch(e,t)}function Pue(){return{Resource:Xt,tables:yn}}var aV,cV,lV,Nue,dh,wC=se(()=>{Wi();Oe();aV=require("fs/promises"),cV=require("path"),lV=require("url"),Nue=!1;a(zS,"secureImport");a(Cue,"getCompartment");a(Oue,"secureOnlyFetch");a(Pue,"getGlobalVars")});var NC={};ye(NC,{ResourceLoadError:()=>JS,handleApplication:()=>Lue,suppressHandleApplicationWarning:()=>Due});function dV(e){return typeof e=="function"&&("get"in e||"put"in e||"post"in e||"delete"in e)}async function Lue(e){e.handleEntry(a(async function(r){if(r.entryType!=="file"){e.logger.warn(`jsResource plugin cannot handle entry type ${r.entryType}. Modify the 'files' option in ${e.configFilePath} to only include files.`);return}if(r.eventType!=="add"){e.requestRestart();return}try{let n=await zS(r.absolutePath),s=(0,uV.dirname)(r.urlPath).replace(/\\/g,"/").replace(/^\/$/,"");dV(n.default)&&(e.resources.set(s,n.default),e.logger.debug(`Registered root resource: ${s}`)),fV(e,n,s)}catch(n){throw new JS(r.absolutePath,n)}},"handleResourceEntry"))}function fV(e,t,r){for(let n in t){let s=t[n],i=`${r}/${n}`;dV(s)?(e.resources.set(i,s),e.logger.debug(`Registered resource: ${i}`)):typeof s=="object"&&fV(e,s,i)}}var uV,JS,Due,mV=se(()=>{wC();uV=require("path");a(dV,"isResource");JS=class extends Error{static{a(this,"ResourceLoadError")}filePath;cause;constructor(t,r){super(`Failed to load resource module ${t}${r?`: ${r.message}`:""}`),this.name="ResourceLoadError",this.filePath=t,this.cause=r}};a(Lue,"handleApplication");a(fV,"recurseForResources");Due=!0});var OC={};ye(OC,{start:()=>vue});function vue({resources:e}){e.set("login",CC),e.loginPath=t=>"/login?redirect="+encodeURIComponent(t.url)}var CC,pV=se(()=>{Wi();a(vue,"start");CC=class extends Xt{static{a(this,"Login")}static async get(t,r,n){}static async post(t,r,n){let{username:s,password:i,redirect:o}=r;return{data:await n.login(s,i)}}}});function XS(e,t){let r={openapi:Mue,info:{title:"HarperDB HTTP REST interface",version:TV.packageJson.version},servers:[{description:"REST API",url:t}],paths:{},components:{schemas:{},securitySchemes:{basicAuth:{type:"http",scheme:"basic"},bearerAuth:{type:"http",scheme:"bearer",bearerFormat:"JWT"}}}},n=[{basicAuth:[],bearerAuth:[]}],s=a(i=>{if(i.type&&!r.components.schemas[i.type]){r.components.schemas[i.type]={};let o={},c=[];for(let l of i.properties)QS[l.type]?o[l.name]=new LC(QS[l.type],l.type):l.properties?(o[l.name]=new RV(l.type),s(l)):l.elements?.properties&&(o[l.name]=new Fue(l.elements.type),s(l.elements)),l.nullable===!1&&c.push(l.name);r.components.schemas[i.type]=new SV(o,!i.sealed,c)}},"includeDefinitionInSchema");for(let[,i]of e){if(!i.path||i.Resource.isError)continue;let{path:o}=i,c=o.split("/").pop(),{attributes:l,sealed:u}=i.Resource,{prototype:d,primaryKey:f="id"}=i.Resource;if(!l&&e.allTypes.has(i.path)){let k=e.allTypes.get(i.path);u=k.sealed,l=k.properties}if(!f)continue;let m={},p=[],h=[];if(l)for(let{type:k,name:z,elements:Y,relationship:ce,definition:de,nullable:te}of l){let Se=de??Y?.definition;Se&&s(Se),te===!1&&h.push(z),ce?k==="array"?m[z]={type:"array",items:{$ref:$s+Y.type}}:m[z]={$ref:$s+k}:Se?k==="array"?m[z]={type:"array",items:{$ref:$s+Se.type}}:m[z]={$ref:$s+Se.type}:k==="array"?Y.type==="Any"?m[z]={type:"array",items:{format:Y.type}}:m[z]={type:"array",items:new LC(QS[Y.type],Y.type)}:k==="Any"?m[z]={format:k}:m[z]=new LC(QS[k],k),p.push(new DC(z,"query",m[z]))}let E=Object.keys(m),_=new DC(f,"path",{type:"string",format:"ID"});_.required=!0,_.description="primary key of record";let R=new DC("property","path",{enum:E});R.required=!0,r.components.schemas[c]=new SV(m,!u,h);let S=d.post!==Resource.prototype.post||d.update,y=typeof d.put=="function",w=typeof d.get=="function",I=typeof d.delete=="function",H=typeof d.patch=="function",X=`/${o}/`;r.paths[X]||(r.paths[X]={}),S&&(r.paths[X].post=new Uue(c,n,{200:new Hd({$ref:$s+c},{Location:{description:"primary key of new record",schema:{type:"string",format:"ID"}}})},"create a new record auto-assigning a primary key")),r.paths[X].options=new hV(p,n,{200:new EV},"retrieve information about the communication options available for a target resource or the server as a whole, without performing any resource action"),w&&(r.paths[X].get=new PC(p,n,{200:new Hd({type:"array",items:{$ref:$s+c}})},"search for records by the specified property name and value pairs")),I&&(r.paths[X].delete=new gV(p,n,"delete all the records that match the provided query",{204:new _V}));let q="/"+o+"/{"+f+"}";if(r.paths[q]||(r.paths[q]={}),r.paths[q].options=new hV(p,n,{200:new EV},"retrieve information about the communication options available for a target resource or the server as a whole, without performing any resource action"),w&&(r.paths[q].get=new PC([_],n,{200:new Hd({$ref:$s+c})},"retrieve a record by its primary key")),y&&(r.paths[q].put=new xue([_],n,c,{200:new Hd({$ref:$s+c})},"create or update the record with the URL path that maps to the record's primary key")),H&&(r.paths[q].patch=new Bue([_],n,c,{200:new Hd({$ref:$s+c})},"patch the record with the URL path that maps to the record's primary key")),I&&(r.paths[q].delete=new gV([_],n,"delete a record with the given primary key",{204:new _V})),w&&R.schema.enum.length>0){let k=`/${o}/{${f}}.{property}`;r.paths[k]||(r.paths[k]={}),r.paths[k].get=new PC([_,R],n,{200:new Hd({enum:E})},"used to retrieve the specified property of the specified record")}}for(let[,i]of e.allTypes)s(i),i.sealed&&r.components.schemas[i.type].additionalProperties&&(r.components.schemas[i.type].additionalProperties=!1);return r}function Uue(e,t,r,n){this.description=n,this.requestBody={content:{"application/json":{schema:{$ref:$s+e}}}},this.security=t,this.responses=r}function PC(e,t,r,n){this.description=n,this.parameters=e,this.security=t,this.responses=r}function hV(e,t,r,n){this.description=n,this.parameters=e,this.security=t,this.responses=r}function EV(){this.description=yV,this.headers={},this.content={}}function Hd(e,t){this.description=yV,this.content={"application/json":{schema:e}},this.headers=t}function _V(){this.description="successfully processed request, no content returned to client"}function xue(e,t,r,n,s){this.description=s,this.parameters=e,this.security=t,this.requestBody={content:{"application/json":{schema:{$ref:$s+r}}}},this.responses=n}function Bue(e,t,r,n,s){this.description=s,this.parameters=e,this.security=t,this.requestBody={content:{"application/json":{schema:{$ref:$s+r}}}},this.responses=n}function gV(e,t,r,n){this.description=r,this.parameters=e,this.security=t,this.responses=n}function SV(e,t,r){this.type="object",this.properties=e,this.additionalProperties=t,this.required=r}function LC(e,t){this.type=e,(e==="string"||e==="number"||e==="integer")&&t!=="String"&&(this.format=t)}function RV(e){this.$ref=`#/components/schemas/${e}`}function Fue(e){this.type="array",this.items=new RV(e)}function DC(e,t,r){this.name=e,this.in=t,this.schema=r}var TV,Mue,QS,$s,yV,vC=se(()=>{TV=b(Rt()),Mue="3.0.3",QS={Int:"integer",Float:"number",Long:"integer",ID:"string",String:"string",Boolean:"boolean",Date:"string",Bytes:"string",BigInt:"integer"},$s="#/components/schemas/",yV="successful operation";a(XS,"generateJsonApi");a(Uue,"Post");a(PC,"Get");a(hV,"Options");a(EV,"ResponseOptions200");a(Hd,"Response200");a(_V,"Response204");a(xue,"Put");a(Bue,"Patch");a(gV,"Delete");a(SV,"ResourceSchema");a(LC,"Type");a(RV,"Ref");a(Fue,"ArrayRef");a(DC,"Parameter")});var AV={};ye(AV,{Request:()=>Ec,createReuseportFd:()=>ZS});var bV,Ec,MC,UC,ZS,fh=se(()=>{bV=require("os"),Ec=class{static{a(this,"Request")}#e;#t;_nodeRequest;_nodeResponse;method;url;headers;isWebSocket;user;constructor(t,r){this.method=t.method;let n=t.url;this._nodeRequest=t,this._nodeResponse=r,this.url=n,this.headers=new UC(t.headers)}get absoluteURL(){return this.protocol+"://"+this.host+this.url}get pathname(){let t=this.url.indexOf("?");return t>-1?this.url.slice(0,t):this.url}set pathname(t){let r=this.url.indexOf("?");r>-1?this.url=t+this.url.slice(r):this.url=t}get protocol(){return this._nodeRequest.socket.encrypted?"https":"http"}get ip(){return this._nodeRequest.socket.remoteAddress}get authorized(){return this._nodeRequest.socket.authorized}get peerCertificate(){return this.#t===void 0&&(this.#t=this._nodeRequest.socket.getPeerCertificate?.(!0)||null),this.#t}get mtlsConfig(){return this._nodeRequest.socket.server.mtlsConfig}get body(){return this.#e||(this.#e=new MC(this._nodeRequest))}get host(){return this._nodeRequest.authority||this._nodeRequest.headers.host}get hostname(){return this._nodeRequest.headers.host}get httpVersion(){return this._nodeRequest.httpVersion}get isAborted(){return!1}get nodeRequest(){return this._nodeRequest}sendEarlyHints(t,r={}){r.link=t,this._nodeResponse.writeEarlyHints(r)}},MC=class{static{a(this,"RequestBody")}#e;constructor(t){this.#e=t}on(t,r){return this.#e.on(t,r),this}pipe(t,r){return this.#e.pipe(t,r)}},UC=class{static{a(this,"Headers")}asObject;constructor(t){this.asObject=t}set(t,r){this.asObject[t.toLowerCase()]=r}get(t){return this.asObject[t.toLowerCase()]}has(t){return Object.prototype.hasOwnProperty.call(this.asObject,t.toLowerCase())}[Symbol.iterator](){return Object.entries(this.asObject)[Symbol.iterator]()}keys(){return Object.keys(this.asObject)}values(){return Object.values(this.asObject)}delete(t){delete this.asObject[t.toLowerCase()]}forEach(t){for(let[r,n]of this)t(n,r,this)}};(0,bV.platform)()!="win32"&&(ZS=require("node-unix-socket").createReuseportFd)});var tT={};ye(tT,{parseHeaderValue:()=>BC,start:()=>Gue});async function Hue(e,t){let r=e.headers.asObject,n=r.accept==="text/event-stream",s=n?"CONNECT":e.method;e.search&&gg(e);let i=new Hs;try{e.responseHeaders=i;let o=e.url.slice(1),c,l;if(o!==IV){let _=eT.getMatch(o,n?"sse":"rest");if(!_)return t(e);e.handlerPath=_.path,c=new Us(_.relativeURL),c.async=!0,l=_.Resource}if(l?.isCaching){let _=r["cache-control"];if(_){let R=BC(_);for(let S of R)switch(S.name){case"max-age":e.expiresAt=S.value*1e3+Date.now();break;case"only-if-cached":e.onlyIfCached=!0;break;case"no-cache":e.noCache=!0;break;case"no-store":e.noCacheStore=!0;break;case"stale-if-error":e.staleIfError=!0;break;case"must-revalidate":e.mustRevalidate=!0;break}}}let u=r["x-replicate-to"];if(u){let _=BC(u).map(R=>(R.next?.name==="confirm"&&R.next.value>=0&&(e.replicatedConfirmation=+R.next.value),R.name));e.replicateTo=_.length===1&&+_[0]>=0?+_[0]:_[0]==="*"?void 0:_}r["x-replicate-from"]==="none"&&(e.replicateFrom=!1);let f=await At(e,()=>{if(r["content-length"]||r["transfer-encoding"])try{e.data=qo(r["content-type"],!0)(e.body,e.headers)}catch(_){throw new Gd.ClientError(_,400)}if(e.authorize=!0,o===IV&&s==="GET"){if(e?.user?.role?.permission?.super_user)return XS(eT,`${e.protocol}://${e.hostname}`);throw new Gd.ServerError("Forbidden",403)}switch(c.checkPermission=e.user?.role?.permission??{},s){case"GET":case"HEAD":return l.get(c,e);case"POST":return l.post(c,e.data,e);case"PUT":return l.put(c,e.data,e);case"DELETE":return l.delete(c,e);case"PATCH":return l.patch(c,e.data,e);case"OPTIONS":i.setIfNone("Allow","GET, HEAD, POST, PUT, DELETE, PATCH, OPTIONS, TRACE, QUERY, COPY, MOVE");return;case"CONNECT":return l.connect(c,null,e);case"TRACE":return"HarperDB is the terminating server";case"QUERY":return l.query(c,e.data,e);case"COPY":return l.copy(c,r.destination,e);case"MOVE":return l.move(c,r.destination,e);case"BREW":throw new Gd.ClientError("HarperDB is short and stout and can't brew coffee",418);default:throw new Gd.ServerError(`Method ${s} is not recognized`,501)}}),m=200,p=e.lastModified;if(f==null)m=s==="GET"||s==="HEAD"?404:204,xC.lastModified&&isFinite(p)&&i.setIfNone("Last-Modified",new Date(p).toUTCString());else if(f.status>0&&f.headers){let _=Sq(f.headers,i);return f.headers!==_&&(f.headers=_),f.data!==void 0&&(f.body=xm(f.data,e,f)),f}else if(isFinite(p)){kue[0]=p;let _=String.fromCharCode(34,(sn[0]&63)+62,(sn[0]>>6)+(sn[1]<<2&63)+62,(sn[1]>>4)+(sn[2]<<4&63)+62,(sn[2]>>2)+62,(sn[3]&63)+62,(sn[3]>>6)+(sn[4]<<2&63)+62,(sn[4]>>4)+(sn[5]<<4&63)+62,(sn[5]>>2)+62,(sn[6]&63)+62,(sn[6]>>6)+(sn[7]<<2&63)+62,34),R=r["if-none-match"];R&&_==R?(f?.onDone&&f.onDone(),m=304,f=void 0):i.setIfNone("ETag",_),xC.lastModified&&i.setIfNone("Last-Modified",new Date(p).toUTCString())}e.createdResource&&(m=201),e.newLocation&&i.setIfNone("Location",e.newLocation);let h={status:m,headers:i,body:void 0},E=e.loadedFromSource??f?.wasLoadedFromSource?.();return E!==void 0&&(h.wasCacheMiss=E,!E&&isFinite(p)&&i.setIfNone("Age",Math.round((Date.now()-(e.lastRefreshed||p))/1e3))),f!==void 0&&(h.body=xm(f,e,h),s==="HEAD"&&(h.body=void 0)),h}catch(o){o.statusCode?o.statusCode===500?Ei.warn(o):Ei.info(o):Ei.error(o),o.statusCode===405&&(o.method&&(o.message+=` to handle HTTP method ${o.method.toUpperCase()||""}`),o.allow&&(o.allow.push("trace","head","options"),i.setIfNone("Allow",o.allow.map(l=>l.toUpperCase()).join(", "))));let c={status:o.statusCode||500,headers:i,body:void 0};return c.body=xm(o instanceof Error?CV(o):o,e,c),c}}function Gue(e){xC=e,e.includeExpensiveRecordCountEstimates&&(Ec.prototype.includeExpensiveRecordCountEstimates=!0),!wV&&(wV=!0,eT=e.resources,e.server.http(async(t,r)=>{if(!t.isWebSocket)return Hue(t,r)},e),e.webSocket!==!1&&e.server.ws(async(t,r,n)=>{mh++;let s=new rs;NV||(NV=!0,Xm(l=>{mh>0&&l.push({metric:"ws-connections",connections:mh,byThread:!0})}));let i;t.on("error",l=>{i=!0,Ei.warn(l)});let o;t.on("message",a(function(u){o||(o=qo(r.requestedContentType??r.headers.asObject["content-type"],!1));let d=o(u);Ye(u.length,"bytes-received",r.handlerPath,"message","ws"),s.push(d)},"message"));let c;t.on("close",()=>{mh--,en(!i,"connection","ws","disconnect"),s.emit("close"),c&&c.return()});try{await n;let l=r.url.slice(1),u=eT.getMatch(l,"ws");if(en(!!u,"connection","ws","connect"),u){r.handlerPath=u.path,Ye(h=>({count:h.count,total:mh}),"connections",r.handlerPath,"connect","ws"),r.authorize=!0;let d=new Us(u.relativeURL);d.checkPermission=r.user?.role?.permission??{};let f=u.Resource;c=(await At(r,()=>f.connect(d,s,r)))[Symbol.asyncIterator]();let p;for(;!(p=await c.next()).done;){let h=await Go(p.value,r);t.send(h),Ye(h.length,"bytes-sent",r.handlerPath,"message","ws"),t._socket.writableNeedDrain&&await new Promise(E=>t._socket.once("drain",E))}}else return t.close(1011,`No resource was found to handle ${r.pathname}`)}catch(l){l.statusCode?l.statusCode===500?Ei.warn(l):Ei.info(l):Ei.error(l),t.close(que[l.statusCode]||1011,CV(l))}t.close()},e))}function BC(e){return e.trim().split(",").map(t=>{let r,n=t.trim().split(";"),s;for(;s=n.pop();)if(s.includes("=")){let[i,o]=s.trim().split("=");i=i.trim(),o&&(o=o.trim()),r={name:i.toLowerCase(),value:o,next:r}}else r={name:s.toLowerCase(),next:r};return r})}var Ei,Gd,CV,sn,kue,xC,IV,wV,eT,NV,mh,que,OV=se(()=>{$o();ss();Ei=b(Q()),Gd=b(Ee());Sg();Fu();Ya();Kp();vC();fh();yg();({errorToString:CV}=Ei),sn=new Uint8Array(8),kue=new Float64Array(sn.buffer,0,1),xC={},IV="openapi";a(Hue,"http");mh=0;a(Gue,"start");que={401:3e3,403:3003};a(BC,"parseHeaderValue")});var FC=M((xxe,LV)=>{var{recordAction:rT,recordActionBinary:PV}=(ss(),D(lg)),$ue=require("fastify-plugin"),Vue=200;LV.exports=$ue(function(e,t,r){e.addHook("onResponse",async(n,s)=>{let i=s.elapsedTime}),e.addHook("onSend",async(n,s,i)=>{let o=s.elapsedTime,c=performance.now(),l=s.request.routeOptions,u,d,f;l.config?.isOperation?(u=n.body?.operation,d="operation"):(u=l.url,d="fastify-route",f=l.method),rT(o,"duration",u,f,d),PV(s.raw.statusCode<400,"success",u,f,d),PV(1,"response_"+s.raw.statusCode,u,f,d);let m=Vue;i?.pipe?(i.on("data",_=>{m+=_.length}),i.on("end",()=>{rT(performance.now()-c,"transfer",u,f,d),rT(m,"bytes-sent",u,f,d)})):(m+=i?.length||0,rT(m,"bytes-sent",u,f,d));let p=o.toFixed(3),h=s.getHeader("Server-Timing"),E=`db;dur=${p}`;s.header("Server-Timing",h?`${h}, ${E}`:E)}),r()},{name:"hdb-request-time"})});var vV=M((Bxe,DV)=>{var Kue=pt(),Yue={user:{presence:!0},schema:{presence:!0},table:{presence:!0},operation:{presence:!0}};DV.exports=function(e){return Kue.validateObject(e,Yue)}});var nT=M((Fxe,MV)=>{"use strict";var Wue=(G(),D(j)).OPERATIONS_ENUM,kC=class{static{a(this,"UpdateObject")}constructor(t,r,n,s=void 0){this.operation=Wue.UPDATE,this.schema=t,this.table=r,this.records=n,this.__origin=s}};MV.exports=kC});var Eh={};ye(Eh,{createTokens:()=>GC,getJWTRSAKeys:()=>cT,refreshOperationToken:()=>qC,validateOperationToken:()=>$C,validateRefreshToken:()=>lT});async function cT(){if(sT)return sT;try{let e=ph.default.join(hh.default.getHdbBasePath(),sA),t=await iT.default.readFile(ph.default.join(e,Tm.JWT_PASSPHRASE_NAME),"utf8"),r=await iT.default.readFile(ph.default.join(e,Tm.JWT_PRIVATE_KEY_NAME),"utf8");return sT={publicKey:await iT.default.readFile(ph.default.join(e,Tm.JWT_PUBLIC_KEY_NAME),"utf8"),privateKey:r,passphrase:t},sT}catch(e){throw aT.default.error(e),new _i.ClientError($d.NO_ENCRYPTION_KEYS,qd.INTERNAL_SERVER_ERROR)}}async function GC(e){let t=(0,HC.validateBySchema)(e,mo.default.object({username:mo.default.string().optional(),password:mo.default.string().optional(),role:mo.default.string().optional(),expires_in:mo.default.alternatives(mo.default.string(),mo.default.number()).optional()}));if(t)throw new _i.ClientError(t.message);let r;try{let f=e.bypass_auth!==!0;!e.username&&!e.password&&(e.username=e.hdb_user?.username,f=!1),r=await Td(e.username,e.password,f)}catch(f){throw aT.default.error(f),new _i.ClientError($d.INVALID_CREDENTIALS,qd.UNAUTHORIZED)}if(!r)throw new _i.ClientError($d.INVALID_CREDENTIALS,qd.UNAUTHORIZED);let n=!1,s=!1;r.role?.permission&&(n=r.role.permission.super_user===!0,s=r.role.permission.cluster_user===!0);let i={username:e.username,super_user:n,cluster_user:s};e.role&&(i.role=e.role);let o=await cT(),c=await Vd.default.sign(i,{key:o.privateKey,passphrase:o.passphrase},{expiresIn:e.expires_in??kV,algorithm:oT,subject:Kd.OPERATION}),l=await Vd.default.sign(i,{key:o.privateKey,passphrase:o.passphrase},{expiresIn:jue,algorithm:oT,subject:Kd.REFRESH}),u=Jw(l,$r.SHA256);if((await(0,UV.update)(new xV.default(gm,Uu.USER_TABLE_NAME,[{username:e.username,refresh_token:u}]))).skipped_hashes.length>0)throw new _i.ClientError($d.REFRESH_TOKEN_SAVE_FAILED,qd.INTERNAL_SERVER_ERROR);return BV.default.signalUserChange(new FV.UserEventMsg(process.pid)),{operation_token:c,refresh_token:l}}async function qC(e){let t=(0,HC.validateBySchema)(e,mo.default.object({refresh_token:mo.default.string().required()}).required());if(t)throw new _i.ClientError(t.message);let{refresh_token:r}=e;await lT(r);let n=await cT(),s=await Vd.default.decode(r);return{operation_token:await Vd.default.sign({username:s.username,super_user:s.super_user,cluster_user:s.cluster_user},{key:n.privateKey,passphrase:n.passphrase},{expiresIn:kV,algorithm:oT,subject:Kd.OPERATION})}}async function $C(e){return HV(e,Kd.OPERATION)}async function lT(e){return HV(e,Kd.REFRESH)}async function HV(e,t){try{let r=await cT(),n=await Vd.default.verify(e,r.publicKey,{algorithms:oT,subject:t});if(n.role)throw new Error("Invalid token");let s=await Td(n.username,void 0,!1);if(t===Kd.REFRESH&&!Qw(s.refresh_token,e))throw new Error("Invalid token");return s}catch(r){throw aT.default.warn(r),r?.name==="TokenExpiredError"?new _i.ClientError($d.TOKEN_EXPIRED,qd.FORBIDDEN):new _i.ClientError($d.INVALID_TOKEN,qd.UNAUTHORIZED)}}var Vd,iT,ph,mo,HC,_i,aT,UV,xV,BV,FV,hh,qd,$d,kV,jue,oT,Kd,sT,Yd=se(()=>{Vd=b(require("jsonwebtoken")),iT=b(require("fs-extra")),ph=b(require("node:path")),mo=b(require("joi")),HC=b(pt());G();_i=b(Ee()),aT=b(Q());Zw();hs();UV=b($n()),xV=b(nT()),BV=b(Qo()),FV=b(cs()),hh=b(fe()),{HTTP_STATUS_CODES:qd,AUTHENTICATION_ERROR_MSGS:$d}=_i.hdbErrors;hh.default.initSync();kV=hh.default.get(x.AUTHENTICATION_OPERATIONTOKENTIMEOUT)||"1d",jue=hh.default.get(x.AUTHENTICATION_REFRESHTOKENTIMEOUT)||"30d",oT="RS256",Kd={OPERATION:"operation",REFRESH:"refresh"};a(cT,"getJWTRSAKeys");a(GC,"createTokens");a(qC,"refreshOperationToken");a($C,"validateOperationToken");a(lT,"validateRefreshToken");a(HV,"validateToken")});var VC=M((Vxe,$V)=>{"use strict";var zue=vV(),Wd=require("passport"),Jue=require("passport-local").Strategy,Que=require("passport-http").BasicStrategy,Xue=require("util"),Zue=(hs(),D(oo)),qV=Xue.callbackify(Zue.findAndValidateUser),$xe=Jr(),ede=(G(),D(j)),GV=(Yd(),D(Eh)),{AccessViolation:tde}=Ee();Wd.use(new Jue(function(e,t,r){qV(e,t,r)}));Wd.use(new Que(function(e,t,r){qV(e,t,r)}));Wd.serializeUser(function(e,t){t(null,e)});Wd.deserializeUser(function(e,t){t(null,e)});function rde(e,t,r){if(e.raw?.user!==void 0)return r(null,e.raw.user);let n,s;if(e.headers?.authorization){let o=e.headers.authorization.split(" ");n=o[0],s=o[1]}function i(o,c){return o?r(o):c?r(null,c):r(new tde)}switch(a(i,"handleResponse"),n){case"Basic":Wd.authenticate("basic",{session:!1},(o,c)=>{i(o,c)})(e,t,r);break;case"Bearer":e.body?.operation&&e.body.operation===ede.OPERATIONS_ENUM.REFRESH_OPERATION_TOKEN?GV.validateRefreshToken(s).then(o=>{e.body.refresh_token=s,r(null,o)}).catch(o=>{r(o)}):GV.validateOperationToken(s).then(o=>{r(null,o)}).catch(o=>{r(o)});break;default:Wd.authenticate("local",{session:!1},function(o,c){i(o,c)})(e,t,r);break}}a(rde,"authorize");function nde(e,t){let r=zue(e);if(r){t(r);return}let n={authorized:!0,messages:[]},s=e.user.role;if(!s?.permission)return t("Invalid role");let i=JSON.parse(s.permission);if(i.super_user)return t(null,n);if(!i[e.schema])return n.authorized=!1,n.messages.push(`Not authorized to access ${e.schema} schema`),t(null,n);if(!i[e.schema].tables[e.table])return n.authorized=!1,n.messages.push(`Not authorized to access ${e.table} table`),t(null,n);if(!i[e.schema].tables[e.table][e.operation])return n.authorized=!1,n.messages.push(`Not authorized to access ${e.operation} on ${e.table} table`),t(null,n);if(i[e.schema].tables[e.table].attribute_permissions&&!e.attributes)return n.authorized=!1,n.messages.push(`${e.schema}.${e.table} has attribute permissions. Missing attributes to validate`),t(null,n);if(i[e.schema].tables[e.table].attribute_permissions&&e.attributes){let o=i[e.schema].tables[e.table].attribute_permissions;for(let c in o)e.attributes.indexOf(o[c].attribute_name)>-1&&!o[c][e.operation]&&(n.authorized=!1,n.messages.push(`Not authorized to ${e.operation} ${o[c].attribute_name} `))}return t(null,n)}a(nde,"checkPermissions");$V.exports={authorize:rde,checkPermissions:nde}});var JC=M((jxe,WV)=>{var mT=require("clone"),pT=pt(),sde=ae(),dT=(G(),D(j)),Yxe=Q(),KC=require("fs"),WC=require("joi"),{string:fT}=WC.types(),{hdbErrors:ide,handleHDBError:uT}=Ee(),{HDB_ERROR_MSGS:Wxe,HTTP_STATUS_CODES:YC}=ide,{commonValidators:jd}=zi(),VV=" is required",ode=["insert","update","upsert"],jC={database:{presence:!1,format:jd.schema_format,length:jd.schema_length},schema:{presence:!1,format:jd.schema_format,length:jd.schema_length},table:{presence:!0,format:jd.schema_format,length:jd.schema_length},action:{inclusion:{within:ode,message:"is required and must be either insert, update, or upsert"}},file_path:{},csv_url:{url:{allowLocal:!0}},data:{},passthrough_headers:{}},ade={schema:fT.required(),table:fT.required(),action:fT.valid("insert","update","upsert")},{AWS_ACCESS_KEY:cde,AWS_SECRET:lde,AWS_BUCKET:ude,AWS_FILE_KEY:dde,REGION:fde}=dT.S3_BUCKET_AUTH_KEYS,mde={s3:{presence:!0},[`s3.${cde}`]:{presence:!0,type:"String"},[`s3.${lde}`]:{presence:!0,type:"String"},[`s3.${ude}`]:{presence:!0,type:"String"},[`s3.${dde}`]:{presence:!0,type:"String",hasValidFileExt:[".csv",".json"]},[`s3.${fde}`]:{presence:!0,type:"String"}},KV=mT(jC);KV.data.presence={message:VV};var YV=mT(jC);YV.file_path.presence={message:VV};var pde=Object.assign(mT(jC),mde),zC=mT(ade);zC.csv_url=fT.uri().messages({"string.uri":"'csv_url' must be a valid url"}).required();zC.passthrough_headers=WC.object();function hde(e){let t=pT.validateObject(e,KV);return hT(e,t)}a(hde,"dataObject");function Ede(e){let t=pT.validateBySchema(e,WC.object(zC));return hT(e,t)}a(Ede,"urlObject");function _de(e){let t=pT.validateObject(e,YV);return hT(e,t)}a(_de,"fileObject");function gde(e){let t=pT.validateObject(e,pde);return hT(e,t)}a(gde,"s3FileObject");function hT(e,t){if(!t){let r=sde.checkGlobalSchemaTable(e.schema,e.table);if(r)return uT(new Error,r,YC.BAD_REQUEST);if(e.operation===dT.OPERATIONS_ENUM.CSV_FILE_LOAD)try{KC.accessSync(e.file_path,KC.constants.R_OK|KC.constants.F_OK)}catch(n){return n.code===dT.NODE_ERROR_CODES.ENOENT?uT(n,`No such file or directory ${n.path}`,YC.BAD_REQUEST):n.code===dT.NODE_ERROR_CODES.EACCES?uT(n,`Permission denied ${n.path}`,YC.BAD_REQUEST):uT(n)}}return t}a(hT,"postValidateChecks");WV.exports={dataObject:hde,urlObject:Ede,fileObject:_de,s3FileObject:gde}});var QC=M((Jxe,jV)=>{"use strict";var _h=Q(),ET=(G(),D(j));async function Sde(e,t,r,n=void 0){if(!e||typeof e!="function")throw new Error("Invalid function parameter");let s;try{return s=await e(t),r&&await r(t,s,n),t.operation===ET.OPERATIONS_ENUM.INSERT||t.operation===ET.OPERATIONS_ENUM.UPDATE||t.operation===ET.OPERATIONS_ENUM.UPSERT?(delete s.new_attributes,delete s.txn_time):t.operation===ET.OPERATIONS_ENUM.DELETE&&delete s.txn_time,s}catch(i){throw i.message&&typeof i.message=="string"&&i.message.includes("already exists")?(_h.info(i.message),i):i.http_resp_msg?(_h.error(`Error calling operation: ${e.name}`),_h.error(i.http_resp_msg),i):(_h.error(`Error calling operation: ${e.name}`),_h.error(i),i)}}a(Sde,"callOperationFunctionAsAwait");jV.exports={callOperationFunctionAsAwait:Sde}});var XC=M((Xxe,JV)=>{"use strict";var{S3:Tde,GetObjectCommand:yde}=require("@aws-sdk/client-s3");JV.exports={getFileStreamFromS3:Rde,getS3AuthObj:zV};async function Rde(e){let{s3:t}=e,r={Bucket:t.bucket,Key:t.key};return(await zV(t.aws_access_key_id,t.aws_secret_access_key,t.region).send(new yde(r))).Body}a(Rde,"getFileStreamFromS3");function zV(e,t,r){return new Tde({credentials:{accessKeyId:e,secretAccessKey:t},region:r})}a(zV,"getS3AuthObj")});var XV=M((e0e,QV)=>{"use strict";var ZC=class{static{a(this,"BulkLoadFileObject")}constructor(t,r,n,s,i,o,c=null){this.op=t,this.action=r,this.schema=n,this.table=s,this.file_path=i,this.file_type=o,this.role_perms=c}},eO=class{static{a(this,"BulkLoadDataObject")}constructor(t,r,n,s){this.action=t,this.schema=r,this.table=n,this.data=s}};QV.exports={BulkLoadFileObject:ZC,BulkLoadDataObject:eO}});var e1=M((r0e,ZV)=>{"use strict";var tO=class{static{a(this,"PermissionTableResponseObject")}constructor(t,r,n=[],s=[]){this.schema=t,this.table=r,this.required_table_permissions=n,this.required_attribute_permissions=s}};ZV.exports=tO});var r1=M((s0e,t1)=>{"use strict";var rO=class{static{a(this,"PermissionAttributeResponseObject")}constructor(t,r=[]){this.attribute_name=t,this.required_permissions=r}};t1.exports=rO});var sO=M((o0e,s1)=>{"use strict";var n1=e1(),bde=r1(),{HDB_ERROR_MSGS:Ade}=Jr(),nO=class{static{a(this,"PermissionResponseObject")}constructor(){this.error=Ade.OP_AUTH_PERMS_ERROR,this.unauthorized_access={},this.invalid_schema_items=[]}handleUnauthorizedItem(t){return this.invalid_schema_items=[],this.unauthorized_access=[t],this}handleInvalidItem(t){return this.invalid_schema_items=[t],this.unauthorized_access=[],this}addInvalidItem(t,r,n){if(r&&n){let s=`${r}_${n}`;if(this.unauthorized_access[s])return}this.invalid_schema_items.push(t)}addUnauthorizedTable(t,r,n){let s=new n1(t,r,n),i=`${t}_${r}`;this.unauthorized_access[i]=s}addUnauthorizedAttributes(t,r,n,s){let i=[];t.forEach(c=>{let l=new bde(c,s[c]);i.push(l)});let o=`${r}_${n}`;if(this.unauthorized_access[o])this.unauthorized_access[o].required_attribute_permissions=i;else{let c=new n1(r,n,[],i);this.unauthorized_access[o]=c}}getPermsResponse(){let t=Object.values(this.unauthorized_access);return t.length>0||this.invalid_schema_items.length>0?(this.unauthorized_access=t,this):null}};s1.exports=nO});var Vl=M((l0e,c1)=>{"use strict";var c0e=gn(),gh=Q(),{validateBySchema:i1}=pt(),oa=require("joi"),Ide=ro(),_T=ae(),{handleHDBError:gT,hdbErrors:wde,ClientError:o1}=Ee(),{HDB_ERROR_MSGS:ST,HTTP_STATUS_CODES:iO}=wde,a1=fe();a1.initSync();var{getDatabases:oO}=(Oe(),D(mt)),Nde=require("fs-extra"),Cde=(G(),D(j));c1.exports={describeAll:Ode,describeTable:TT,describeSchema:Pde};async function Ode(e={}){try{let t=_T.isEmptyOrZeroLength(e),r=!!e.bypass_auth,n,s;!t&&!r&&(n=e.hdb_user?.role?.permission,s=n?.super_user||n?.cluster_user);let i=oO(),o={},c={},l=[],u=e?.exact_count,d=e?.include_computed;for(let m in i){o[m]=!0,!t&&!s&&!r&&(c[m]=e.hdb_user?.role?.permission[m]?.describe);let p=i[m];for(let h in p)try{let E;if(t||s||r)E=await TT({schema:m,table:h,exact_count:u,include_computed:d});else if(n&&n[m].describe&&n[m].tables[h].describe){let _=n[m].tables[h].attribute_permissions;E=await TT({schema:m,table:h,exact_count:u,include_computed:d},_)}E&&l.push(E)}catch(E){gh.error(E)}}let f={};for(let m in l)t||s||r?(f[l[m].schema]==null&&(f[l[m].schema]={}),f[l[m].schema][l[m].name]=l[m],o[l[m].schema]&&delete o[l[m].schema]):c[l[m].schema]&&(f[l[m].schema]==null&&(f[l[m].schema]={}),f[l[m].schema][l[m].name]=l[m],o[l[m].schema]&&delete o[l[m].schema]);for(let m in o)t||s||r?f[m]={}:c[m]&&(f[m]={});return f}catch(t){return gh.error("Got an error in describeAll"),gh.error(t),gT(new Error,ST.DESCRIBE_ALL_ERR)}}a(Ode,"describeAll");async function TT(e,t){_T.transformReq(e);let{schema:r,table:n}=e;r=r?.toString(),n=n?.toString();let s=t;e.hdb_user&&!e.hdb_user?.role?.permission?.super_user&&(s=e.hdb_user?.role?.permission[r]?.tables[n]?.attribute_permissions);let i=i1(e,oa.object({database:oa.string(),table:oa.string().required(),exact_count:oa.boolean().strict(),include_computed:oa.boolean().strict()}));if(i)throw new o1(i.message);let c=oO()[r];if(!c)throw gT(new Error,ST.SCHEMA_NOT_FOUND(e.schema),iO.NOT_FOUND);let l=c[n];if(!l)throw gT(new Error,ST.TABLE_NOT_FOUND(e.schema,e.table),iO.NOT_FOUND);function u(p){(!p.computed||e.include_computed)&&d.push({attribute:p.attribute,type:p.type,elements:p.elements?.type,indexed:p.indexed,is_primary_key:p.isPrimaryKey,assigned_created_time:p.assignCreatedTime,assigned_updated_time:p.assignUpdatedTime,nullable:p.nullable,computed:p.computed?!0:void 0,properties:p.properties?p.properties.map(h=>({type:h.type,name:h.name})):void 0})}a(u,"pushAtt");let d=[];if(s){let p={};s.forEach(h=>{h.describe&&(p[h.attribute_name]=!0)}),l.attributes.forEach(h=>{p[h.name]&&u(h)})}else l.attributes?.forEach(p=>u(p));let f;try{f=(await Nde.stat(l.primaryStore.env.path)).size}catch(p){gh.warn("unable to get database size",p)}let m={schema:r,name:l.tableName,hash_attribute:l.attributes.find(p=>p.isPrimaryKey||p.is_hash_attribute)?.name,audit:l.audit,schema_defined:l.schemaDefined,attributes:d,db_size:f};l.replicate!==void 0&&(m.replicate=l.replicate),l.expirationMS!==void 0&&(m.expiration=l.expirationMS/1e3+"s"),l.sealed!==void 0&&(m.sealed=l.sealed),l.sources?.length>0&&(m.sources=l.sources.map(p=>p.name).filter(p=>p&&p!=="NATSReplicator"&&p!=="Replicator")),a1.get(Cde.CONFIG_PARAMS.CLUSTERING_ENABLED)&&(m.clustering_stream_name=Ide.createNatsTableStreamName(m.schema,m.name));try{let p=await l.getRecordCount({exactCount:!!e.exact_count});m.record_count=p.recordCount,m.table_size=l.getSize(),m.db_audit_size=l.getAuditSize(),m.estimated_record_range=p.estimatedRange;let h=l.auditStore;if(h)for(let E of h.getKeys({reverse:!0,limit:1}))m.last_updated_record=E[0];if(!m.last_updated_record&&l.indices.__updatedtime__)for(let E of l.indices.__updatedtime__.getKeys({reverse:!0,limit:1}))m.last_updated_record=E}catch(p){gh.warn(`unable to stat table dbi due to ${p}`)}return m}a(TT,"descTable");async function Pde(e){_T.transformReq(e);let t=i1(e,oa.object({database:oa.string(),exact_count:oa.boolean().strict(),include_computed:oa.boolean().strict()}));if(t)throw new o1(t.message);let r;e.hdb_user&&!e.hdb_user?.role?.permission?.super_user&&(r=e.hdb_user?.role?.permission[e.schema]);let n=e.schema.toString(),i=oO()[n];if(!i)throw gT(new Error,ST.SCHEMA_NOT_FOUND(e.schema),iO.NOT_FOUND);let o={};for(let c in i){let l;if(r&&r.tables[c]&&(l=r.tables[c]),_T.isEmpty(l)||l.describe){let u=await TT({schema:e.schema,table:c,exact_count:e.exact_count,include_computed:e.include_computed},l?l.attribute_permissions:null);u&&(o[u.name]=u)}}return o}a(Pde,"describeSchema")});var m1=M((d0e,f1)=>{"use strict";var Lde=Vl(),{hdbErrors:l1}=Ee(),{getDatabases:u1}=(Oe(),D(mt));f1.exports={checkSchemaExists:d1,checkSchemaTableExists:Dde,schemaDescribe:Lde};async function d1(e){if(!u1()[e])return l1.HDB_ERROR_MSGS.SCHEMA_NOT_FOUND(e)}a(d1,"checkSchemaExists");async function Dde(e,t){let r=await d1(e);if(r)return r;if(!u1()[e][t])return l1.HDB_ERROR_MSGS.TABLE_NOT_FOUND(e,t)}a(Dde,"checkSchemaTableExists")});var yT=M((m0e,p1)=>{"use strict";var vde=ds();p1.exports={writeTransaction:Mde};function Mde(e,t,r){return vde.writeTransaction(e,t,r)}a(Mde,"writeTransaction")});var dO=M((g0e,w1)=>{"use strict";var{decode:Ude}=require("msgpackr"),{isMainThread:h0e,parentPort:E0e,threadId:_0e}=require("worker_threads"),AT=_r(),zd=Lt(),lO=(G(),D(j)),bn=Q(),cO=fe(),xde=(G(),D(j)),{onMessageByType:Bde}=st(),g1=ro(),{recordAction:h1,recordActionBinary:Fde}=(ss(),D(lg)),{publishToStream:kde}=AT,{ConsumerEvents:E1}=require("nats"),Hde=gn(),{promisify:Gde}=require("util"),{decodeBlobsWithWrites:qde}=(ns(),D(j_)),S1=Gde(setTimeout),IT=1e4,wT,bT,$de,Vde,T1,Sh=new Map,Jd=new Map;w1.exports={initialize:y1,ingestConsumer:uO,setSubscription:Kde,setIgnoreOrigin:jde,getDatabaseSubscriptions:Wde,updateConsumer:R1};async function y1(){Bde(lO.ITC_EVENT_TYPES.NATS_CONSUMER_UPDATE,async n=>{await R1(n)}),T1=!0,bn.notify("Initializing clustering ingest service.");let{connection:e,jsm:t,js:r}=await AT.getNATSReferences();wT=e,bT=e.info.server_name,$de=t,Vde=r}a(y1,"initialize");async function R1(e){if(e.status==="start"){let{js:t,jsm:r}=await b1(e.node_domain_name);uO(e.stream_name,t,r,e.node_domain_name)}else if(e.status==="stop"){let t=Sh.get(e.stream_name+e.node_domain_name);t&&(bn.notify("Closing ingest consumer for node:",e.node_domain_name,"stream:",e.stream_name),await t.close?.(),Sh.set(e.stream_name+e.node_domain_name,"close")),Jd.get(e.node_domain_name)==="failed"&&Jd.set(e.node_domain_name,"close")}}a(R1,"updateConsumer");var NT=new Map;function Kde(e,t,r){let n=NT.get(e);n||NT.set(e,n=new Map),n.set(t,r),T1||y1().then(Yde)}a(Kde,"setSubscription");async function Yde(){let e=await Hde.searchByValue({database:"system",table:"hdb_nodes",attribute:"name",value:"*"});for await(let t of e){let r=t.name+zd.SERVER_SUFFIX.LEAF,n,s;for(let i of t.subscriptions||[])if(i.subscribe===!0){if(!n&&({js:n,jsm:s}=await b1(r),!n))break;let{schema:o,table:c}=i,l=g1.createNatsTableStreamName(o,c);uO(l,n,s,r)}}}a(Yde,"accessConsumers");async function b1(e){let t,r,n=1;for(;!r;)try{t=await wT.jetstream({domain:e}),r=await wT.jetstreamManager({domain:e,checkAPI:!1})}catch(s){if(Jd.get(e)==="close")break;Jd.set(e,"failed"),n%10===1&&bn.warn("Nats ingest attempting to connect to:",e,"Nats error:",s.message);let i=n++*100<IT?n++*100:IT;await S1(i)}return{js:t,jsm:r}}a(b1,"connectToRemoteJS");function Wde(){return NT}a(Wde,"getDatabaseSubscriptions");var A1;function jde(e){A1=e}a(jde,"setIgnoreOrigin");var I1=100,_1=new Array(I1),RT=0;async function uO(e,t,r,n){let{connection:s}=await AT.getNATSReferences();wT=s,bT=s.info.server_name;let i,o=1;for(;!i;)try{i=await t.consumers.get(e,bT),bn.notify("Initializing ingest consumer for node:",n,"stream:",e)}catch(u){if(Jd.get(n)==="close")break;o%10===1&&bn.warn("Nats ingest error getting consumer:",n,"stream:",e,"Nats error:",u.message),u.code==="404"&&(bn.notify("Nats ingest creating consumer for node:",n,"stream:",e),i=await AT.createConsumer(r,e,bT,new Date(Date.now()).toISOString()));let d=o++*100<IT?o++*100:IT;await S1(d)}let c=!1,l;for(;!c;){if(Sh.get(e+n)==="close"||Jd.get(n)==="close"){Sh.delete(e+n),c=!0;continue}l=await i.consume({max_messages:cO.get(lO.CONFIG_PARAMS.CLUSTERING_LEAFSERVER_STREAMS_MAXCONSUMEMSGS)??100,bind:!0}),Sh.set(e+n,l);let u=!1;(async()=>{for await(let d of await l.status())if(d.type===E1.ConsumerDeleted&&(await l.close(),c=!0),d.type===E1.HeartbeatsMissed){let f=d.data;bn.trace(`${f} clustering ingest consumer heartbeats missed, node: ${n} stream: ${l.consumer.stream}`),f===100&&(bn.warn(`Restarting clustering ingest consumer due to missed heartbeat threshold being met, node: ${n} stream: ${l.consumer.stream}`),l.stop(),u=!0)}})();try{for await(let d of l)await _1[RT],_1[RT]=zde(d).catch(f=>{bn.error(f)}),++RT>=I1&&(RT=0)}catch(d){d.message==="consumer deleted"?(bn.notify("Nats consumer deleted, closing messages for node:",n,"stream:",l.consumer.stream),await l.close(),c=!0):bn.error("Error consuming clustering ingest, restarting consumer",d)}}}a(uO,"ingestConsumer");async function zde(e){let t;await qde(()=>{t=Ude(e.data)}),h1(e.data.length,"bytes-received",e.subject,t.operation,"ingest"),bn.trace("Nats message processor message size:",e?.msg?._msg?.size,"bytes");let r=e.headers,n=!1,s=cO.get(lO.CONFIG_PARAMS.CLUSTERING_NODENAME);r.has(zd.MSG_HEADERS.TRANSACTED_NODES)&&r.values(zd.MSG_HEADERS.TRANSACTED_NODES).indexOf(s)>-1&&(n=!0);let i=r.get(zd.MSG_HEADERS.ORIGIN);if(n||(n=i===s&&!A1),Fde(n,"echo",e.subject,t.operation,"ingest"),n){e.ack();return}r.append(zd.MSG_HEADERS.TRANSACTED_NODES,s);try{let{operation:o,schema:c,next:l,table:u,records:d,hash_values:f,__origin:m,expiresAt:p}=t;bn.trace("processing message:",o,c,u,(d?"records: "+d.map(I=>I?.id):"")+(f?"ids: "+f:""),"with sequence:",e.seq),bn.trace(`messageProcessor nats msg id: ${e.headers.get(zd.MSG_HEADERS.NATS_MSG_ID)}`);let h;d||(d=f);let E=new Promise(I=>h=I),{timestamp:_,user:R,node_name:S}=m||{},y=NT.get(c)?.get(u);if(!y)throw new Error(`Missing table for replication message: ${u}`);if(o==="define_schema")t.type=o,t.onCommit=h,y.send(t);else if(d.length===1&&!l)y.send({type:aO(o),value:d[0],id:f?.[0],expiresAt:p,timestamp:_,table:u,onCommit:h,user:R,nodeName:S});else{let I=d.map((H,X)=>({type:aO(o),value:H,expiresAt:p,id:f?.[X],table:u}));for(;l;)I.push({type:aO(l.operation),value:l.record,expiresAt:l.expiresAt,id:l.id,table:l.table}),l=l.next;y.send({type:"transaction",writes:I,table:u,timestamp:_,onCommit:h,user:R,nodeName:S})}cO.get(xde.CONFIG_PARAMS.CLUSTERING_REPUBLISHMESSAGES)!==!1&&kde(e.subject.split(".").slice(0,-1).join("."),g1.createNatsTableStreamName(c,u),e.headers,e.data),await E;let w=Date.now()-_;_&&h1(w,"replication-latency",e.subject,o,"ingest")}catch(o){bn.error(o)}e.ack()}a(zde,"messageProcessor");function aO(e){switch(e){case"insert":case"upsert":case"update":return"put"}return e}a(aO,"convertOperation")});var _r=M((I0e,$1)=>{"use strict";var Yr=fe();Yr.initSync();var Jde=require("fs-extra"),Qde=require("semver"),Rh=require("path"),{monotonicFactory:Xde}=require("ulidx"),C1=Xde(),Zde=require("util"),O1=require("child_process"),efe=Zde.promisify(O1.exec),tfe=O1.spawn,on=Lt(),rt=(G(),D(j)),{packageJson:rfe,PACKAGE_ROOT:nfe}=Rt(),CT=ae(),gi=Q(),OT=ro(),sfe=yT(),Th=gt(),{broadcast:ife,onMessageByType:ofe,getWorkerIndex:afe}=st(),{isMainThread:P1}=require("worker_threads"),{Encoder:cfe,decode:hO}=require("msgpackr"),L1=new cfe,{isEmpty:jl}=CT,D1=(hs(),D(oo)),T0e=48*36e11;P1&&ofe(rt.ITC_EVENT_TYPES.RESTART,()=>{An=void 0,Wl=void 0});var{connect:lfe,StorageType:ufe,RetentionPolicy:dfe,AckPolicy:EO,DeliverPolicy:_O,DiscardPolicy:ffe,NatsConnection:y0e,JetStreamManager:R0e,JetStreamClient:b0e,StringCodec:A0e,JSONCodec:mfe,createInbox:gO,headers:pfe,ErrorCode:N1}=require("nats"),{recordAction:hfe}=(ss(),D(lg)),{encodeBlobsAsBuffers:Efe}=(ns(),D(j_)),v1=mfe(),_fe="clustering",gfe=rfe.engines[on.NATS_SERVER_NAME],Sfe=Rh.join(nfe,"dependencies"),pO=Rh.join(Sfe,`${process.platform}-${process.arch}`,on.NATS_BINARY_NAME),fO,mO,yh,Kl,Yl;$1.exports={runCommand:M1,checkNATSServerInstalled:Tfe,createConnection:SO,getConnection:bh,getJetStreamManager:Ah,getJetStream:x1,getNATSReferences:po,getServerList:Rfe,createLocalStream:TO,listStreams:B1,deleteLocalStream:bfe,getServerConfig:Qd,listRemoteStreams:Afe,viewStream:Ife,viewStreamIterator:wfe,publishToStream:Nfe,request:Pfe,reloadNATS:yO,reloadNATSHub:Lfe,reloadNATSLeaf:Dfe,extractServerName:Ofe,requestErrorHandler:vfe,createLocalTableStream:G1,createTableStreams:xfe,purgeTableStream:q1,purgeSchemaTableStreams:Bfe,getStreamInfo:Ffe,updateLocalStreams:Hfe,closeConnection:yfe,getJsmServerName:PT,addNatsMsgHeader:F1,clearClientCache:U1,updateRemoteConsumer:Mfe,createConsumer:k1,updateConsumerIterator:Ufe};async function M1(e,t=void 0){let{stdout:r,stderr:n}=await efe(e,{cwd:t});if(n)throw new Error(n.replace(`
 `,""));return r.replace(`
 `,"")}a(M1,"runCommand");async function Tfe(){try{await Jde.access(pO)}catch{return!1}let e=await M1(`${pO} --version`,void 0),t=e.substring(e.lastIndexOf("v")+1,e.length);return Qde.eq(t,gfe)}a(Tfe,"checkNATSServerInstalled");async function SO(e,t,r,n=!0,s="127.0.0.1"){if(!t&&!r){let o=await D1.getClusterUser();if(jl(o))throw new Error("Unable to get nats connection. Cluster user is undefined.");t=o.username,r=o.decrypt_hash}gi.trace("create nats connection called");let i=await lfe({name:s,port:e,user:t,pass:r,maxReconnectAttempts:-1,waitOnFirstConnect:n,timeout:2e5,tls:{keyFile:Yr.get(rt.CONFIG_PARAMS.CLUSTERING_TLS_PRIVATEKEY),certFile:Yr.get(rt.CONFIG_PARAMS.CLUSTERING_TLS_CERTIFICATE),caFile:Yr.get(rt.CONFIG_PARAMS.CLUSTERING_TLS_CERT_AUTH),rejectUnauthorized:!1}});return i.protocol.transport.socket.unref(),gi.trace("create connection established a nats client connection with id",i?.info?.client_id),i.closed().then(o=>{o&&gi.error("Error with Nats client connection, connection closed",o),i===An&&U1()}),i}a(SO,"createConnection");function U1(){An=void 0,Kl=void 0,Yl=void 0,Wl=void 0}a(U1,"clearClientCache");async function yfe(){An&&(await An.drain(),An=void 0,Kl=void 0,Yl=void 0,Wl=void 0)}a(yfe,"closeConnection");var An,Wl;async function bh(){return Wl||(Wl=SO(Yr.get(rt.CONFIG_PARAMS.CLUSTERING_LEAFSERVER_NETWORK_PORT),void 0,void 0),An=await Wl),An||Wl}a(bh,"getConnection");async function Ah(){if(Kl)return Kl;jl(An)&&await bh();let{domain:e}=Qd(rt.PROCESS_DESCRIPTORS.CLUSTERING_LEAF);if(jl(e))throw new Error("Error getting JetStream domain. Unable to get JetStream manager.");return Kl=await An.jetstreamManager({domain:e,timeout:6e4}),Kl}a(Ah,"getJetStreamManager");async function x1(){if(Yl)return Yl;jl(An)&&await bh();let{domain:e}=Qd(rt.PROCESS_DESCRIPTORS.CLUSTERING_LEAF);if(jl(e))throw new Error("Error getting JetStream domain. Unable to get JetStream manager.");return Yl=An.jetstream({domain:e,timeout:6e4}),Yl}a(x1,"getJetStream");async function po(){let e=An||await bh(),t=Kl||await Ah(),r=Yl||await x1();return{connection:e,jsm:t,js:r}}a(po,"getNATSReferences");async function Rfe(e){let t=Yr.get(rt.CONFIG_PARAMS.CLUSTERING_HUBSERVER_NETWORK_PORT),{sys_name:r,decrypt_hash:n}=await D1.getClusterUser(),s=await SO(t,r,n),i=gO(),o=s.subscribe(i),c=[],l,u=(async()=>{for await(let d of o){let f=v1.decode(d.data);f.response_time=Date.now()-l,c.push(f)}})();return l=Date.now(),await s.publish("$SYS.REQ.SERVER.PING.VARZ",void 0,{reply:i}),await s.publish("$SYS.REQ.SERVER.PING",void 0,{reply:i}),await s.flush(),await CT.asyncSetTimeout(e),await o.drain(),await s.close(),await u,c}a(Rfe,"getServerList");async function TO(e,t){let{jsm:r}=await po(),n=Yr.get(rt.CONFIG_PARAMS.CLUSTERING_LEAFSERVER_STREAMS_MAXAGE);n=n===null?0:n*1e9;let s=Yr.get(rt.CONFIG_PARAMS.CLUSTERING_LEAFSERVER_STREAMS_MAXMSGS);s=s===null?-1:s;let i=Yr.get(rt.CONFIG_PARAMS.CLUSTERING_LEAFSERVER_STREAMS_MAXBYTES);i=i===null?-1:i,await r.streams.add({name:e,storage:ufe.File,retention:dfe.Limits,subjects:t,discard:ffe.Old,maxMsgs:s,maxBytes:i,maxAge:n})}a(TO,"createLocalStream");async function B1(){let{jsm:e}=await po(),t=await e.streams.list().next(),r=[];return t.forEach(n=>{r.push(n)}),r}a(B1,"listStreams");async function bfe(e){let{jsm:t}=await po();await t.streams.delete(e)}a(bfe,"deleteLocalStream");async function Afe(e){let{connection:t}=await po(),r=[],n=gO(),s=t.subscribe(n),i=(async()=>{for await(let o of s)r.push(v1.decode(o.data))})();return await t.publish(`$JS.${e}.API.STREAM.LIST`,void 0,{reply:n}),await t.flush(),await s.drain(),await i,r}a(Afe,"listRemoteStreams");async function Ife(e,t=void 0,r=void 0){let{jsm:n,js:s}=await po(),i=C1(),o={durable_name:i,ack_policy:EO.Explicit};t&&(o.deliver_policy=_O.StartTime,o.opt_start_time=new Date(t).toISOString()),await n.consumers.add(e,o);let c=await s.consumers.get(e,i),l=r?await c.fetch({max_messages:r,expires:2e3}):await c.consume();if(c._info.num_pending===0)return[];let u=[];for await(let d of l){let f=hO(d.data),m={nats_timestamp:d.info.timestampNanos,nats_sequence:d.info.streamSequence,entry:f};if(d.headers&&(m.origin=d.headers.get(on.MSG_HEADERS.ORIGIN)),u.push(m),d.ack(),d.info.pending===0)break}return await c.delete(),u}a(Ife,"viewStream");async function*wfe(e,t=void 0,r=void 0){let{jsm:n,js:s}=await po(),i=C1(),o={durable_name:i,ack_policy:EO.Explicit};t&&(o.deliver_policy=_O.StartTime,o.opt_start_time=new Date(t).toISOString()),await n.consumers.add(e,o);let c=await s.consumers.get(e,i),l=r?await c.fetch({max_messages:r,expires:2e3}):await c.consume();if(c._info.num_pending===0)return[];for await(let u of l){let d=hO(u.data);d[0]||(d=[d]);for(let f of d){let m={nats_timestamp:u.info.timestampNanos,nats_sequence:u.info.streamSequence,entry:f};u.headers&&(m.origin=u.headers.get(on.MSG_HEADERS.ORIGIN)),yield m}if(u.ack(),u.info.pending===0)break}await c.delete()}a(wfe,"viewStreamIterator");async function Nfe(e,t,r,n){gi.trace(`publishToStream called with subject: ${e}, stream: ${t}, entries:`,n.operation),r=F1(n,r);let{js:s}=await po(),i=await PT(),o=`${e}.${i}`,c=await Efe(()=>n instanceof Uint8Array?n:L1.encode(n));try{gi.trace(`publishToStream publishing to subject: ${o}`),hfe(c.length,"bytes-sent",e,n.operation,"replication"),await s.publish(o,c,{headers:r})}catch(l){if(l.code&&l.code.toString()==="503")return H1(async()=>{try{await s.publish(o,c,{headers:r})}catch{if(l.code&&l.code.toString()==="503"){gi.trace(`publishToStream creating stream: ${t}`);let d=o.split(".");d[2]="*",await TO(t,[o]),await s.publish(o,c,{headers:r})}else throw l}});throw l}}a(Nfe,"publishToStream");function F1(e,t){t===void 0&&(t=pfe());let r=Yr.get(rt.CONFIG_PARAMS.CLUSTERING_NODENAME);return!t.has(on.MSG_HEADERS.ORIGIN)&&r&&t.append(on.MSG_HEADERS.ORIGIN,r),t}a(F1,"addNatsMsgHeader");function Qd(e){e=e.toLowerCase();let t=Rh.join(Yr.get(rt.CONFIG_PARAMS.ROOTPATH),_fe);if(e===rt.PROCESS_DESCRIPTORS.CLUSTERING_HUB.toLowerCase())return jl(mO)&&(mO={port:Th.getConfigFromFile(rt.CONFIG_PARAMS.CLUSTERING_HUBSERVER_NETWORK_PORT),server_name:Th.getConfigFromFile(rt.CONFIG_PARAMS.CLUSTERING_NODENAME)+on.SERVER_SUFFIX.HUB,config_file:on.NATS_CONFIG_FILES.HUB_SERVER,pid_file_path:Rh.join(t,on.PID_FILES.HUB),hdbNatsPath:t}),mO;if(e===rt.PROCESS_DESCRIPTORS.CLUSTERING_LEAF.toLowerCase())return jl(fO)&&(fO={port:Th.getConfigFromFile(rt.CONFIG_PARAMS.CLUSTERING_LEAFSERVER_NETWORK_PORT),server_name:Th.getConfigFromFile(rt.CONFIG_PARAMS.CLUSTERING_NODENAME)+on.SERVER_SUFFIX.LEAF,config_file:on.NATS_CONFIG_FILES.LEAF_SERVER,domain:Th.getConfigFromFile(rt.CONFIG_PARAMS.CLUSTERING_NODENAME)+on.SERVER_SUFFIX.LEAF,pid_file_path:Rh.join(t,on.PID_FILES.LEAF),hdbNatsPath:t}),fO;gi.error(`Unable to get Nats server config. Unrecognized process: ${e}`)}a(Qd,"getServerConfig");async function k1(e,t,r,n){try{await e.consumers.add(t,{ack_policy:EO.Explicit,durable_name:r,deliver_policy:_O.StartTime,opt_start_time:n})}catch(s){if(s.message!=="consumer already exists")throw s}}a(k1,"createConsumer");async function Cfe(e,t,r){await e.consumers.delete(t,r)}a(Cfe,"removeConsumer");function Ofe(e){return e.split(".")[1]}a(Ofe,"extractServerName");async function Pfe(e,t,r=6e4,n=gO()){if(!CT.isObject(t))throw new Error("data param must be an object");let s=L1.encode(t),{connection:i}=await po(),o={timeout:r};n&&(o.reply=n,o.noMux=!0);let c=await i.request(e,s,o);return hO(c.data)}a(Pfe,"request");function yO(e){return new Promise(async(t,r)=>{let n=tfe(pO,["--signal",`reload=${e}`],{cwd:__dirname}),s,i;n.on("error",o=>{r(o)}),n.stdout.on("data",o=>{i+=o.toString()}),n.stderr.on("data",o=>{s+=o.toString()}),n.stderr.on("close",o=>{s&&r(s),t(i)})})}a(yO,"reloadNATS");async function Lfe(){let{pid_file_path:e}=Qd(rt.PROCESS_DESCRIPTORS.CLUSTERING_HUB);await yO(e)}a(Lfe,"reloadNATSHub");async function Dfe(){let{pid_file_path:e}=Qd(rt.PROCESS_DESCRIPTORS.CLUSTERING_LEAF);await yO(e)}a(Dfe,"reloadNATSLeaf");function vfe(e,t,r){let n;switch(e.code){case N1.NoResponders:n=`Unable to ${t}, node '${r}' is not listening.`;break;case N1.Timeout:n=`Unable to ${t}, node '${r}' is listening but did not respond.`;break;default:n=e.message;break}return n}a(vfe,"requestErrorHandler");async function Mfe(e,t){let r=t+on.SERVER_SUFFIX.LEAF,{connection:n}=await po(),{jsm:s}=await qfe(r),{schema:i,table:o}=e,c=OT.createNatsTableStreamName(i,o),l=e.start_time?e.start_time:new Date(Date.now()).toISOString();await H1(async()=>{if(e.subscribe===!0)await k1(s,c,n.info.server_name,l);else try{await Cfe(s,c,n.info.server_name)}catch(u){gi.trace(u)}})}a(Mfe,"updateRemoteConsumer");async function Ufe(e,t,r,n){let s=OT.createNatsTableStreamName(e,t),i=r+on.SERVER_SUFFIX.LEAF,o={type:rt.ITC_EVENT_TYPES.NATS_CONSUMER_UPDATE,status:n,stream_name:s,node_domain_name:i};if(!P1&&afe()<Yr.get(rt.CONFIG_PARAMS.CLUSTERING_LEAFSERVER_STREAMS_MAXINGESTTHREADS)){let{updateConsumer:c}=dO();await c(o)}await ife(o),n==="stop"&&await CT.asyncSetTimeout(1e3)}a(Ufe,"updateConsumerIterator");function H1(e){return sfe.writeTransaction(rt.SYSTEM_SCHEMA_NAME,rt.SYSTEM_TABLE_NAMES.NODE_TABLE_NAME,e)}a(H1,"exclusiveLock");async function G1(e,t){let r=OT.createNatsTableStreamName(e,t),n=await PT(),s=kfe(e,t,n);await TO(r,[s])}a(G1,"createLocalTableStream");async function xfe(e){for(let t=0,r=e.length;t<r;t++){let n=e[t].schema,s=e[t].table;await G1(n,s)}}a(xfe,"createTableStreams");async function q1(e,t,r=void 0){if(Yr.get(rt.CONFIG_PARAMS.CLUSTERING_ENABLED))try{let n=OT.createNatsTableStreamName(e,t),{domain:s}=Qd(rt.PROCESS_DESCRIPTORS.CLUSTERING_LEAF);await(await(await bh()).jetstreamManager({domain:s,timeout:24e4})).streams.purge(n,r)}catch(n){if(n.message==="stream not found")gi.warn(n);else throw n}}a(q1,"purgeTableStream");async function Bfe(e,t){if(Yr.get(rt.CONFIG_PARAMS.CLUSTERING_ENABLED))for(let r=0,n=t.length;r<n;r++)await q1(e,t[r])}a(Bfe,"purgeSchemaTableStreams");async function Ffe(e){return(await Ah()).streams.info(e)}a(Ffe,"getStreamInfo");function kfe(e,t,r){return`${on.SUBJECT_PREFIXES.TXN}.${e}${t?"."+t:""}.${r}`}a(kfe,"createSubjectName");async function PT(){if(yh)return yh;if(yh=(await Ah())?.nc?.info?.server_name,yh===void 0)throw new Error("Unable to get jetstream manager server name");return yh}a(PT,"getJsmServerName");async function Hfe(){let e=await Ah(),t=await PT(),r=await B1();for(let n of r){let s=n.config,i=s.subjects[0];if(!i)continue;let o=Gfe(n),c=i.split(".");if(c[c.length-1]===t&&!o||s.name==="__HARPERDB_WORK_QUEUE__")continue;let u=i.split(".");u[u.length-1]=t;let d=u.join(".");gi.trace(`Updating stream subject name from: ${i} to: ${d}`),s.subjects[0]=d,await e.streams.update(s.name,s)}}a(Hfe,"updateLocalStreams");function Gfe(e){let{config:t}=e,r=!1,n=Yr.get(rt.CONFIG_PARAMS.CLUSTERING_LEAFSERVER_STREAMS_MAXAGE);n=n===null?0:n*1e9;let s=Yr.get(rt.CONFIG_PARAMS.CLUSTERING_LEAFSERVER_STREAMS_MAXBYTES);s=s===null?-1:s;let i=Yr.get(rt.CONFIG_PARAMS.CLUSTERING_LEAFSERVER_STREAMS_MAXMSGS);return i=i===null?-1:i,n!==t.max_age&&(t.max_age=n,r=!0),s!==t.max_bytes&&(t.max_bytes=s,r=!0),i!==t.max_msgs&&(t.max_msgs=i,r=!0),r}a(Gfe,"updateStreamLimits");async function qfe(e){let t,r;try{t=await An.jetstream({domain:e}),r=await An.jetstreamManager({domain:e,checkAPI:!1})}catch(n){throw gi.error("Unable to connect to:",e),n}return{js:t,jsm:r}}a(qfe,"connectToRemoteJS")});function RO(e){let t=e.get(LT),r=t?(0,Xd.unpack)(t):null;r||(r={remoteNameToId:{}});let n=nt(),s=!1;r.nodeName=nt();let i=r.remoteNameToId;if(i[n]!==0){let o=0,c;for(let l in i){let u=i[l];u===0?c=l:u>o&&(o=u)}if(c){o++,i[c]=o;let l=[Symbol.for("seq"),o];e.rootStore.dbisDb.transactionSync(()=>{e.rootStore.dbisDb.get(l)||e.rootStore.dbisDb.putSync(l,{seqId:wh(e)??1,nodes:[]})})}i[n]=0,e.putSync(LT,(0,Xd.pack)(r))}return r}function Ih(e){return RO(e).remoteNameToId}function K1(e,t){let r=RO(t),n=r.remoteNameToId,s=new Map,i=!1;for(let o in e){let c=e[o],l=n[o];if(l==null){let u=0;for(let d in n){let f=n[d];f>u&&(u=f)}l=u+1,n[o]=l,i=!0}s.set(c,l)}return i&&t.putSync(LT,(0,Xd.pack)(r)),s}function DT(e,t){let r=RO(t),n=r.remoteNameToId,s=n[e];if(s==null){let i=0;for(let o in n){let c=n[o];c>i&&(i=c)}s=i+1,n[e]=s,t.putSync(LT,(0,Xd.pack)(r))}return V1.trace?.("The remote node name map",e,n,s),s}var V1,Xd,LT,bO=se(()=>{V1=b(sr());Ss();Xd=require("msgpackr"),LT=Symbol.for("remote-ids");a(RO,"getIdMappingRecord");a(Ih,"exportIdMapping");a(K1,"remoteToLocalNodeId");a(DT,"getIdOfRemoteNode")});var Q1={};ye(Q1,{commitsAwaitingReplication:()=>Zd,getHDBNodeTable:()=>Gt,getReplicationSharedStatus:()=>ef,iterateRoutes:()=>Ch,shouldReplicateToNode:()=>Nh,subscribeToNodeUpdates:()=>tf});function Gt(){return Y1||(Y1=ze({table:"hdb_nodes",database:"system",attributes:[{name:"name",isPrimaryKey:!0},{attribute:"subscriptions"},{attribute:"system_info"},{attribute:"url"},{attribute:"routes"},{attribute:"ca"},{attribute:"ca_info"},{attribute:"replicates"},{attribute:"revoked_certificates"},{attribute:"__createdtime__"},{attribute:"__updatedtime__"}]}))}function ef(e,t,r,n){return new Float64Array(e.getUserSharedBuffer(["replicated",t,r],new ArrayBuffer(64),n&&{callback:n}))}function tf(e){Gt().subscribe({}).then(async t=>{for await(let r of t){let n=r?.value?.name;J1.debug?.("adding node",n,"on  node",nt()," on process",process.pid),server.nodes=server.nodes.filter(i=>i.name!==n),r.type==="put"&&n!==nt()&&(r.value?server.nodes.push(r.value):console.error("Invalid node update event",r));let s=new Map;for await(let i of Gt().search({}))if(i.shard!=null){let o=s.get(i.shard);o||s.set(i.shard,o=[]),o.push(i)}server.shards=s,(r.type==="put"||r.type==="delete")&&e(r.value,r.id)}})}function Nh(e,t){let r=_c.default.get(x.REPLICATION_DATABASES);return(e.replicates===!0||e.replicates?.sends)&&databases[t]&&(r==="*"||r?.find?.(n=>(typeof n=="string"?n:n.name)===t&&(!n.sharded||e.shard===_c.default.get(x.REPLICATION_SHARD))))&&Gt().primaryStore.get(nt())?.replicates||e.subscriptions?.some(n=>(n.database||n.schema)===t&&n.subscribe)}function $fe(){tf(e=>{gc({},(t,r)=>{let n=e.name,s=W1.get(n);if(s||W1.set(n,s=new Map),s.has(r))return;let i;for(let o in t)if(i=t[o].auditStore,i)break;if(i){let o=ef(i,r,n,()=>{let c=o[0],l=o.lastTime;for(let{txnTime:u,onConfirm:d}of Zd.get(r)||[])u>l&&u<=c&&d();o.lastTime=c});o.lastTime=0,s.set(r,o)}})})}function*Ch(e){for(let t of e.routes||[]){let r=t.url,n;if(typeof t=="string"?t.includes("://")?r=t:n=t:n=t.hostname??t.host,n&&!r){let s=_c.default.get(x.REPLICATION_SECUREPORT)??(!_c.default.get(x.REPLICATION_PORT)&&_c.default.get(x.OPERATIONSAPI_NETWORK_SECUREPORT)),i;(i=n.match(/:(\d+)$/)?.[1])?n=n.slice(0,-i[0].length-1):t.port?i=t.port:i=s||_c.default.get(x.REPLICATION_PORT)||_c.default.get(x.OPERATIONSAPI_NETWORK_PORT);let o=i?.lastIndexOf?.(":");o>0&&(i=+i.slice(o+1).replace(/[\[\]]/g,"")),r=(s?"wss://":"ws://")+n+":"+i}if(!r){j1.isMainThread&&console.error("Invalid route, must specify a url or host (with port)");continue}yield{replicates:!t.subscriptions,url:r,subscription:t.subscriptions,routes:t.routes,startTime:t.startTime,revoked_certificates:t.revokedCertificates}}}var j1,z1,_c,J1,Y1,W1,Zd,rf=se(()=>{Oe();Ss();Pm();j1=require("worker_threads"),z1=b(Ee()),_c=b(fe());G();J1=b(sr());server.nodes=[];a(Gt,"getHDBNodeTable");a(ef,"getReplicationSharedStatus");a(tf,"subscribeToNodeUpdates");a(Nh,"shouldReplicateToNode");W1=new Map;sx((e,t,r)=>{if(r>server.nodes.length)throw new z1.ClientError(`Cannot confirm replication to more nodes (${r}) than are in the network (${server.nodes.length})`);Zd||(Zd=new Map,$fe());let n=Zd.get(e);return n||(n=[],Zd.set(e,n)),new Promise(s=>{let i=0;n.push({txnTime:t,onConfirm:a(()=>{++i===r&&s()},"onConfirm")})})});a($fe,"startSubscriptionToReplications");a(Ch,"iterateRoutes")});var sK={};ye(sK,{connectedToNode:()=>zl,disconnectedFromNode:()=>sf,ensureNode:()=>aa,requestClusterStatus:()=>nK,startOnMainThread:()=>AO});async function AO(e){let t=0,r=lt();for(let o of Object.getOwnPropertyNames(r)){let c=r[o];for(let l in c){let u=c[l];if(u.auditStore){vT.set(o,wh(u.auditStore));break}}}Si.whenThreadsStarted.then(async()=>{let o=[];for await(let u of r.system.hdb_nodes?.search([])||[])o.push(u);let c=nt();function l(){let u=Gt().primaryStore.get(c);if(u!==null){let d=e.url??Sc();if(u===void 0||u.url!==d||u.shard!==e.shard)return aa(c,{name:c,url:d,shard:e.shard,replicates:!0})}}a(l,"ensureThisNode"),Gt().primaryStore.get(c)&&l();for(let u of Ch(e))try{let d=!u.subscriptions;if(d&&await l(),d&&u.replicates==null&&(u.replicates=!0),X1.push(u),o.find(f=>f.url===u.url))continue;s(u)}catch(d){console.error(d)}tf(s)});let n;function s(o,c=o?.name){let l=nt()&&c===nt()||Sc()&&o?.url===Sc();if(l){let m=!!o?.replicates;if(n!==void 0&&n!==m)for(let p of Gt().search([]))p.replicates&&p.name!==c&&s(p,p.name);n=m}if(ot.trace("Setting up node replication for",o),!o){for(let[m,p]of ho){let h;for(let[E,{worker:_,nodes:R}]of p){let S=R[0];if(S&&S.name==c){h=!0;for(let[y,{worker:w}]of p)p.delete(y),ot.warn("Node was deleted, unsubscribing from node",c,y,m),w?.postMessage({type:"unsubscribe-from-node",node:c,nodes:R,database:y,url:m});break}}if(h){ho.get(m).iterator.remove(),ho.delete(m);return}}return}if(l)return;if(!o.url){ot.info(`Node ${o.name} is missing url`);return}let u=ho.get(o.url);if(u&&u.iterator.remove(),!(o.replicates===!0||o.replicates?.sends)&&!o.subscriptions?.length&&!u)return;if(ot.info(`Added node ${o.name} at ${o.url} for process ${nt()}`),o.replicates&&o.subscriptions&&(o={...o,subscriptions:null}),o.name){for(let[m,p]of nf)if(o.url===p.url){nf.delete(m);break}nf.set(o.name,o)}let d=lt();if(u||(u=new Map,ho.set(o.url,u)),u.iterator=gc(e,(m,p,h)=>{h?f(p,!0):f(p,!1)}),o.subscriptions)for(let m of o.subscriptions){let p=m.database||m.schema;d[p]||(ot.warn(`Database ${p} not found for node ${o.name}, making a subscription anyway`),f(p,!1))}function f(m,p){ot.trace("Setting up replication for database",m,"on node",o.name);let h=u.get(m),E,_=[{replicateByDefault:p,...o}];vT.has(m)&&Oh.default.get(x.REPLICATION_FAILOVER)&&(_.push({replicateByDefault:p,name:nt(),startTime:vT.get(m),endTime:Date.now(),replicates:!0}),vT.delete(m));let R=Nh(o,m),S=Si.workers.filter(y=>y.name==="http");if(h){if(E=h.worker,h.nodes=_,R)return}else R&&(t=t%S.length,E=S[t++],E||ot.warn("No http workers available to subscribe to node",o.name,o.url),u.set(m,{worker:E,nodes:_,url:o.url}),E?.on("exit",()=>{u.get(m)?.worker===E&&(u.delete(m),f(m,p))}));if(R){let y=Vfe.HDB_LEADER_URL??process.env.HDB_LEADER_URL??X1[0]?.url,w=y?new URL(y).hostname:Array.from(Gt().primaryStore.getKeys({}).filter(H=>H!==nt()))[0],I=_[0].name??(_[0].url&&new URL(_[0].url).hostname);ot.warn(`Setting up subscription with leader ${w} for node ${I}`),_[0].isLeader=!w||I===w,setTimeout(()=>{let H={..._[0],type:"subscribe-to-node",database:m,nodes:_};E?E.postMessage(H):Ph(H)},Kfe)}else{ot.info("Node no longer should be used, unsubscribing from node",{replicates:o.replicates,databaseName:m,node:o,subscriptions:o.subscriptions,hasDatabase:!!d[m],thisReplicates:Gt().primaryStore.get(nt())?.replicates}),Gt().primaryStore.get(nt())?.replicates||(n=!1,ot.info("Disabling replication, this node name",nt(),Gt().primaryStore.get(nt()),m));let y={type:"unsubscribe-from-node",database:m,url:o.url,name:o.name,nodes:_};E?E.postMessage(y):UT(y)}}a(f,"onDatabase")}a(s,"onNodeUpdate"),sf=a(function(o){try{ot.info("Disconnected from node",o.name,o.url,"finished",!!o.finished);let c=Array.from(nf.keys()),l=c.sort(),u=l.indexOf(o.name||Ti(o.url));if(u===-1){ot.warn("Disconnected node not found in node map",o.name,c);return}let d=ho.get(o.url),f=d?.get(o.database);if(!f){ot.warn("Disconnected node not found in replication map",o.database,d);return}if(f.connected=!1,o.finished||!Oh.default.get(x.REPLICATION_FAILOVER))return;let m=f.nodes[0];if(!(m.replicates===!0||m.replicates?.sends||m.subscriptions?.length))return;let p=m.shard,h=(u+1)%l.length;for(;u!==h;){let E=l[h],_=nf.get(E);d=ho.get(_.url);let R=d?.get(o.database);if(!R||R.connected===!1||R.nodes[0].shard!==p){h=(h+1)%l.length;continue}let{nodes:S}=R,y=!1;for(let w of f.nodes){if(S.some(I=>I.name===w.name)){ot.info(`Disconnected node is already failing over to ${E} for ${o.database}`);continue}w.endTime<Date.now()||(S.push(w),ot.info(`Failing over ${o.database} from ${o.name} to ${E}`),i(w,o.database,R.nodes[0]),y=!0)}f.nodes=[f.nodes[0]],y||ot.info(`Disconnected node ${o.name} has no nodes to fail over to ${E}`);return}ot.warn("Unable to find any other node to fail over to",o.name,o.url)}catch(c){ot.error("Error failing over node",c)}},"disconnectedFromNode"),zl=a(function(o){let c=ho.get(o.url),l=c?.get(o.database);if(!l){ot.warn("Connected node not found in replication map, this may be because the node is being removed",o.database,c);return}l.connected=!0,l.latency=o.latency;let u=l.nodes[0];if(!u){ot.warn("Newly connected node has no node subscriptions",o.database,l);return}if(!u.name){ot.debug("Connected node is not named yet",o.database,l);return}if(!Oh.default.get(x.REPLICATION_FAILOVER))return;l.nodes=[u];let d=!1;for(let f of ho.values()){let m=f.get(o.database);if(!m||m==l)continue;let{worker:p,nodes:h,connected:E}=m;if(h)if(E===!1&&h[0].shard===u.shard&&node.url===u.url)for(let _ of h)i(_,o.database);else{let _=h.filter(R=>{if(R)return R.name===u.name&&R.worker?(R.worker.postMessage({type:"unsubscribe-to-node",database:o.database,url:o.url,nodes:[R]}),!1):!0});_.length<h.length&&(m.nodes=_)}}},"connectedToNode");function i(o,c,l=o){let u=Si.workers.filter(f=>f.name==="http");t=t%u.length;let d=u[t++];Object.defineProperty(o,"worker",{value:d,configurable:!0}),d?d.postMessage({url:l.url,name:l.name,type:"subscribe-to-node",database:c,nodes:[o]}):Ph({url:l.url,name:l.name,database:c,nodes:[o]})}a(i,"connectToNextWorker"),(0,Si.onMessageByType)("disconnected-from-node",sf),(0,Si.onMessageByType)("connected-to-node",zl),(0,Si.onMessageByType)("request-cluster-status",nK)}function nK(e,t){let r=[];for(let[n,s]of nf)try{let i=ho.get(s.url);ot.info("Getting cluster status for",n,s.url,"has dbs",i?.size);let o=[];if(i){for(let[l,{worker:u,connected:d,nodes:f,latency:m}]of i)o.push({database:l,connected:d,latency:m,threadId:u?.threadId,nodes:f.filter(p=>!(p.endTime<Date.now())).map(p=>p.name)});let c=eK(s);c.database_sockets=o,delete c.ca,delete c.node_name,delete c.__updatedtime__,delete c.__createdtime__,r.push(c)}}catch(i){ot.warn("Error getting cluster status for",s?.url,i)}return t?.postMessage({type:"cluster-status",connections:r}),{connections:r}}async function aa(e,t){let r=Gt();e=e??Ti(t.url),t.name=e;try{if(t.ca){let s=new tK.X509Certificate(t.ca);t.ca_info={issuer:s.issuer.replace(/\n/g," "),subject:s.subject.replace(/\n/g," "),subjectAltName:s.subjectAltName,serialNumber:s.serialNumber,validFrom:s.validFrom,validTo:s.validTo}}}catch(s){ot.error("Error parsing replication CA info for hdb_nodes table",s.message)}let n=r.primaryStore.get(e);if(ot.debug(`Ensuring node ${e} at ${t.url}, existing record:`,n,"new record:",t),!n)await r.patch(t);else{t.replicates&&!Oh.default.get(x.CLUSTERING_ENABLED)&&(t.subscriptions=null);for(let s in t)if(n[s]!==t[s]&&s==="subscriptions"&&t[s]&&n[s]){let i=[],o=eK(n[s]);for(let c of t[s]){let l=!1;for(let u of o)if((c.database??c.schema)===(u.database??u.schema)&&c.table===u.table){u.publish=c.publish,u.subscribe=c.subscribe,l=!0;break}l||i.push(c)}t.subscriptions=[...o,...i];break}if(Array.isArray(t.revoked_certificates)){let s=n.revoked_certificates||[];t.revoked_certificates=[...new Set([...s,...t.revoked_certificates])]}ot.info(`Updating node ${e} at ${t.url}`),await r.patch(t)}}var Si,MT,ot,Z1,Oh,tK,rK,eK,Vfe,Kfe,ho,sf,zl,nf,vT,X1,Lh=se(()=>{Oe();Si=b(st());Ss();MT=require("worker_threads");rf();ot=b(Q()),Z1=b(require("lodash")),Oh=b(fe());G();tK=require("crypto"),rK=b(require("minimist")),{cloneDeep:eK}=Z1.default,Vfe=(0,rK.default)(process.argv),Kfe=200,ho=new Map,nf=new Map,vT=new Map,X1=[];a(AO,"startOnMainThread");a(nK,"requestClusterStatus");MT.parentPort&&(sf=a(e=>{MT.parentPort.postMessage({type:"disconnected-from-node",...e})},"disconnectedFromNode"),zl=a(e=>{MT.parentPort.postMessage({type:"connected-to-node",...e})},"connectedToNode"),(0,Si.onMessageByType)("subscribe-to-node",e=>{Ph(e)}),(0,Si.onMessageByType)("unsubscribe-from-node",e=>{UT(e)}));a(aa,"ensureNode")});var ys=M(qt=>{"use strict";var gr=require("path"),{watch:Yfe}=require("chokidar"),jn=require("fs-extra"),of=require("node-forge"),uK=require("net"),{generateKeyPair:IO,X509Certificate:ca,createPrivateKey:dK,randomBytes:Wfe}=require("node:crypto"),jfe=require("util");IO=jfe.promisify(IO);var Ut=of.pki,yi=require("joi"),{v4:fK}=require("uuid"),{validateBySchema:OO}=pt(),{forComponent:zfe}=Q(),Ts=fe(),Vs=(G(),D(j)),{CONFIG_PARAMS:Ql}=Vs,Ri=fN(),{ClientError:Tc}=Ee(),BT=require("node:tls"),{relative:mK,join:Jfe}=require("node:path"),{CERTIFICATE_VALUES:iK}=Ri,Qfe=el(),wO=gt(),{table:Xfe,getDatabases:Zfe,databases:xT}=(Oe(),D(mt)),{getJWTRSAKeys:oK}=(Yd(),D(Eh)),Xe=zfe("tls").conditional;qt.generateKeys=DO;qt.updateConfigCert=yK;qt.createCsr=ome;qt.signCertificate=ame;qt.setCertTable=af;qt.loadCertificates=gK;qt.reviewSelfSignedCert=MO;qt.createTLSSelector=bK;qt.listCertificates=IK;qt.addCertificate=mme;qt.removeCertificate=hme;qt.createNatsCerts=ume;qt.generateCertsKeys=lme;qt.getReplicationCert=vh;qt.getReplicationCertAuth=ime;qt.renewSelfSigned=dme;qt.hostnamesFromCert=xO;qt.getKey=Eme;qt.getHostnamesFromCertificate=_me;qt.getPrimaryHostName=UO;qt.generateSerialNumber=HT;var{urlToNodeName:pK,getThisNodeUrl:eme,getThisNodeName:kT,clearThisNodeName:tme}=(Ss(),D(la)),{readFileSync:rme,statSync:hK}=require("node:fs"),H0e=fe(),{getTicketKeys:nme,onMessageFromWorkers:sme}=st(),{isMainThread:EK}=require("worker_threads"),{TLSSocket:_K,createSecureContext:G0e}=require("node:tls"),PO=3650,Dh=["127.0.0.1","localhost","::1"],LO=[{name:"countryName",value:"USA"},{name:"stateOrProvinceName",value:"Colorado"},{name:"localityName",value:"Denver"},{name:"organizationName",value:"HarperDB, Inc."}];function HT(){let e=Wfe(8);return e[0]=e[0]&127|1,e.toString("hex")}a(HT,"generateSerialNumber");sme(async e=>{e.type===Vs.ITC_EVENT_TYPES.RESTART&&(Ts.initSync(!0),await MO())});var an;function Rc(){return an||(an=Zfe().system.hdb_certificate,an||(an=Xfe({table:"hdb_certificate",database:"system",attributes:[{name:"name",isPrimaryKey:!0},{attribute:"uses"},{attribute:"certificate"},{attribute:"is_authority"},{attribute:"private_key_name"},{attribute:"details"},{attribute:"is_self_signed"},{attribute:"__updatedtime__"}]}))),an}a(Rc,"getCertTable");async function vh(){let e=bK("operations-api"),t={secureContexts:null,setSecureContext:a(s=>{},"setSecureContext")};await e.initialize(t);let r=t.secureContexts.get(kT());if(!r)return;let n=new ca(r.options.cert);return r.cert_parsed=n,r.issuer=n.issuer,r}a(vh,"getReplicationCert");async function ime(){Rc();let e=(await vh()).options.cert,r=new ca(e).issuer.match(/CN=(.*)/)?.[1];return an.get(r)}a(ime,"getReplicationCertAuth");var aK,yc=new Map;function gK(){if(aK)return;aK=!0;let e=[{configKey:Ql.TLS},{configKey:Ql.OPERATIONSAPI_TLS}];Rc();let t=gr.dirname(wO.getConfigFilePath()),r;for(let{configKey:n}of e){let s=wO.getConfigFromFile(n);if(s){Array.isArray(s)||(s=[s]);for(let i of s){let o=i.privateKey,c=o&&mK(Jfe(t,"keys"),o);c&&cK(o,l=>{yc.set(c,l)},"private key");for(let l of[!1,!0]){let u=i[l?"certificateAuthority":"certificate"];if(u&&EK){let d;cK(u,f=>{if(iK.cert===f)return;let m=i.hostname??i.hostnames??i.host??i.hosts;m&&!Array.isArray(m)&&(m=[m]);let p=RK(u),h=new ca(p),E;try{E=UO(h)}catch(y){Xe.error?.("error extracting host name from certificate",y);return}if(E==null){Xe.error?.("No host name found on certificate");return}if(h.checkIssued(new ca(iK.cert)))return;let _=an.primaryStore.get(E),R=hK(u).mtimeMs,S=!_||_.is_self_signed?1:_.file_timestamp??_.__updatedtime__;if(_&&R<=S){R<S&&Xe.info?.(`Certificate ${E} at ${u} is older (${new Date(R)}) than the certificate in the database (${S>1?new Date(S):"only self signed certificate available"})`);return}r=an.put({name:E,uses:["https",...n.includes("operations")?["operations"]:[]],ciphers:i.ciphers,certificate:p,private_key_name:c,is_authority:l,hostnames:m,fileTimestamp:R,details:{issuer:h.issuer.replace(/\n/g," "),subject:h.subject?.replace(/\n/g," "),subject_alt_name:h.subjectAltName,serial_number:h.serialNumber,valid_from:h.validFrom,valid_to:h.validTo}})},l?"certificate authority":"certificate")}}}}}return r}a(gK,"loadCertificates");function cK(e,t,r){let n,s=a((i,o)=>{try{let c=o.mtimeMs;c&&c!==n&&(n&&EK&&Xe.warn?.(`Reloading ${r}:`,i),n=c,t(RK(i)))}catch(c){Xe.error?.(`Error loading ${r}:`,i,c)}},"loadFile");jn.existsSync(e)?s(e,hK(e)):Xe.error?.(`${r} file not found:`,e),Yfe(e,{persistent:!1}).on("change",s)}a(cK,"loadAndWatch");function NO(){let e=eme();if(e==null){let t=Dh[0];return Xe.info?.("replication url is missing from harperdb-config.yaml, using default host"+t),t}return pK(e)}a(NO,"getHost");function FT(){let e=kT();if(e==null){let t=Dh[0];return Xe.info?.("replication url is missing from harperdb-config.yaml, using default host"+t),t}return e}a(FT,"getCommonName");async function ome(){let e=await vh(),t=Ut.certificateFromPem(e.options.cert),r=Ut.privateKeyFromPem(e.options.key);Xe.info?.("Creating CSR with cert named:",e.name);let n=Ut.createCertificationRequest();n.publicKey=t.publicKey;let s=[{name:"commonName",value:FT()},...LO];Xe.info?.("Creating CSR with subject",s),n.setSubject(s);let i=[{name:"unstructuredName",value:"HarperDB, Inc."},{name:"extensionRequest",extensions:SK()}];return Xe.info?.("Creating CSR with attributes",i),n.setAttributes(i),n.sign(r),of.pki.certificationRequestToPem(n)}a(ome,"createCsr");function SK(){let e=Dh.includes(FT())?Dh:[...Dh,FT()];return e.includes(NO())||e.push(NO()),[{name:"basicConstraints",cA:!1,critical:!0},{name:"keyUsage",digitalSignature:!0,keyEncipherment:!0,critical:!0},{name:"extKeyUsage",serverAuth:!0,clientAuth:!0},{name:"nsCertType",client:!0,server:!0},{name:"subjectAltName",altNames:e.map(t=>uK.isIP(t)?{type:7,ip:t}:{type:2,value:t})}]}a(SK,"certExtensions");async function ame(e){let t={},r=gr.join(Ts.getHdbBasePath(),Vs.LICENSE_KEY_DIR_NAME);if(e.csr){let n,s;Rc();for await(let d of an.search([]))if(d.is_authority&&!d.details.issuer.includes("HarperDB-Certificate-Authority")){if(yc.has(d.private_key_name)){n=yc.get(d.private_key_name),s=d;break}else if(d.private_key_name&&await jn.exists(gr.join(r,d.private_key_name))){n=jn.readFile(gr.join(r,d.private_key_name)),s=d;break}}if(!n){let d=await CO();s=d.ca,n=d.private_key}n=Ut.privateKeyFromPem(n),t.signingCA=s.certificate;let i=Ut.certificateFromPem(s.certificate);Xe.info?.("Signing CSR with cert named",s.name);let o=Ut.certificationRequestFromPem(e.csr);try{o.verify()}catch(d){return Xe.error?.(d),new Error("Error verifying CSR: "+d.message)}let c=of.pki.createCertificate();c.serialNumber=HT(),c.validity.notBefore=new Date;let l=new Date;c.validity.notAfter=l,c.validity.notAfter.setDate(l.getDate()+PO),Xe.info?.("sign cert setting validity:",c.validity),Xe.info?.("sign cert setting subject from CSR:",o.subject.attributes),c.setSubject(o.subject.attributes),Xe.info?.("sign cert setting issuer:",i.subject.attributes),c.setIssuer(i.subject.attributes);let u=o.getAttribute({name:"extensionRequest"}).extensions;Xe.info?.("sign cert adding extensions from CSR:",u),c.setExtensions(u),c.publicKey=o.publicKey,c.sign(n,of.md.sha256.create()),t.certificate=Ut.certificateToPem(c)}else Xe.info?.("Sign cert did not receive a CSR from:",e.url,"only the CA will be returned");return t}a(ame,"signCertificate");async function cme(e,t){await af({name:kT(),uses:["https","wss"],certificate:e,private_key_name:"privateKey.pem",is_authority:!1,is_self_signed:!0}),await af({name:t.subject.getField("CN").value,uses:["https","wss"],certificate:Ut.certificateToPem(t),private_key_name:"privateKey.pem",is_authority:!0,is_self_signed:!0})}a(cme,"createCertificateTable");async function af(e){let t;try{t=new ca(e.certificate)}catch(r){Xe.error?.(`Failed to parse certificate for ${e.name}:`,r.message),Xe.debug?.("Certificate record details:",JSON.stringify(e,null,2));let n=new Error(`Invalid certificate format for ${e.name}: ${r.message}. This may be due to corrupted certificate data during transfer or encoding issues.`);throw n.code="INVALID_CERTIFICATE_FORMAT",n.cause=r,n}e.details={issuer:t.issuer.replace(/\n/g," "),subject:t.subject?.replace(/\n/g," "),subject_alt_name:t.subjectAltName,serial_number:t.serialNumber,valid_from:t.validFrom,valid_to:t.validTo},Rc(),await an.patch(e)}a(af,"setCertTable");async function DO(){let e=await IO("rsa",{modulusLength:4096,publicKeyEncoding:{type:"spki",format:"pem"},privateKeyEncoding:{type:"pkcs8",format:"pem"}});return{publicKey:Ut.publicKeyFromPem(e.publicKey),privateKey:Ut.privateKeyFromPem(e.privateKey)}}a(DO,"generateKeys");async function vO(e,t,r){let n=Ut.createCertificate();if(!t){let o=await vh();t=Ut.certificateFromPem(o.options.cert).publicKey}n.publicKey=t,n.serialNumber=HT(),n.validity.notBefore=new Date;let s=new Date;n.validity.notAfter=s,n.validity.notAfter.setDate(s.getDate()+PO);let i=[{name:"commonName",value:FT()},...LO];return n.setSubject(i),n.setIssuer(r.subject.attributes),n.setExtensions(SK()),n.sign(e,of.md.sha256.create()),Ut.certificateToPem(n)}a(vO,"generateCertificates");async function CO(){let e=await IK(),t;for(let r of e){if(!r.is_authority)continue;let n=await AK(r.private_key_name);if(r.private_key_name&&n&&new ca(r.certificate).checkPrivateKey(dK(n))){Xe.trace?.(`CA named: ${r.name} found with matching private key`),t={ca:r,private_key:n};break}}if(t)return t;Xe.trace?.("No CA found with matching private key")}a(CO,"getCertAuthority");async function TK(e,t,r=!0){let n=Ut.createCertificate();n.publicKey=t,n.serialNumber=HT(),n.validity.notBefore=new Date;let s=new Date;n.validity.notAfter=s,n.validity.notAfter.setDate(s.getDate()+PO);let i=[{name:"commonName",value:`HarperDB-Certificate-Authority-${Ts.get(Ql.REPLICATION_HOSTNAME)??pK(Ts.get(Ql.REPLICATION_URL))??fK().split("-")[0]}`},...LO];n.setSubject(i),n.setIssuer(i),n.setExtensions([{name:"basicConstraints",cA:!0,critical:!0},{name:"keyUsage",keyCertSign:!0,critical:!0},{name:"subjectKeyIdentifier"}]),n.sign(e,of.md.sha256.create());let o=gr.join(Ts.getHdbBasePath(),Vs.LICENSE_KEY_DIR_NAME),c=gr.join(o,Ri.PRIVATEKEY_PEM_NAME);return r&&await jn.writeFile(c,Ut.privateKeyToPem(e)),n}a(TK,"generateCertAuthority");async function lme(){let{privateKey:e,publicKey:t}=await DO(),r=await TK(e,t),n=await vO(e,t,r);await cme(n,r),yK()}a(lme,"generateCertsKeys");async function ume(){let e=await vO(Ut.privateKeyFromPem(Ri.CERTIFICATE_VALUES.key),void 0,Ut.certificateFromPem(Ri.CERTIFICATE_VALUES.cert)),t=gr.join(Ts.getHdbBasePath(),Vs.LICENSE_KEY_DIR_NAME),r=gr.join(t,Ri.NATS_CERTIFICATE_PEM_NAME);await jn.exists(r)||await jn.writeFile(r,e);let n=gr.join(t,Ri.NATS_CA_PEM_NAME);await jn.exists(n)||await jn.writeFile(n,Ri.CERTIFICATE_VALUES.cert)}a(ume,"createNatsCerts");async function dme(){Rc();for await(let e of an.search([{attribute:"is_self_signed",value:!0}]))await an.delete(e.name);await MO()}a(dme,"renewSelfSigned");async function MO(){tme(),await gK(),Rc();let e=await CO();if(!e){Xe.notify?.("A matching Certificate Authority and key was not found. A new CA will be created in advance, so it's available if needed.");let r=a(u=>{try{return{key:Ut.privateKeyFromPem(jn.readFileSync(u)),keyPath:u}}catch(d){return Xe.warn?.(`Failed to parse private key from ${u}:`,d.message),{key:null,keyPath:u}}},"tryToParseKey"),n=Ts.get(Ql.TLS),s,i;if(Array.isArray(n)){for(let u of n)if(u.privateKey){let d=r(u.privateKey);if(s=d.key,i=d.keyPath,d.key)break}}else{let u=Ts.get(Ql.TLS_PRIVATEKEY),d=r(u);s=d.key,i=d.keyPath}let o=gr.join(Ts.getHdbBasePath(),Vs.LICENSE_KEY_DIR_NAME),c=mK(o,i);s||(Xe.warn?.("Unable to parse the TLS key",i,"A new key will be generated and used to create Certificate Authority"),{privateKey:s}=await DO(),jn.existsSync(gr.join(o,Ri.PRIVATEKEY_PEM_NAME))&&(c=`privateKey${fK().split("-")[0]}.pem`),await jn.writeFile(gr.join(o,c),Ut.privateKeyToPem(s)));let l=await TK(s,Ut.setRsaPublicKey(s.n,s.e),!1);await af({name:l.subject.getField("CN").value,uses:["https"],certificate:Ut.certificateToPem(l),private_key_name:c,is_authority:!0,is_self_signed:!0})}if(!await vh()){let r=kT();Xe.notify?.(`A suitable replication certificate was not found, creating new self singed cert named: ${r}`),e=e??await CO();let n=Ut.certificateFromPem(e.ca.certificate),s=n.publicKey,i=await vO(Ut.privateKeyFromPem(e.private_key),s,n);await af({name:r,uses:["https","operations","wss"],certificate:i,is_authority:!1,private_key_name:e.ca.private_key_name,is_self_signed:!0})}}a(MO,"reviewSelfSignedCert");function yK(){let e=Qfe(Object.keys(Vs.CONFIG_PARAM_MAP),!0),t=gr.join(Ts.getHdbBasePath(),Vs.LICENSE_KEY_DIR_NAME),r=gr.join(t,Ri.PRIVATEKEY_PEM_NAME),n=gr.join(t,Ri.NATS_CERTIFICATE_PEM_NAME),s=gr.join(t,Ri.NATS_CA_PEM_NAME),i=Vs.CONFIG_PARAMS,o={[i.TLS_PRIVATEKEY]:e[i.TLS_PRIVATEKEY.toLowerCase()]?e[i.TLS_PRIVATEKEY.toLowerCase()]:r};e[i.TLS_CERTIFICATE.toLowerCase()]&&(o[i.TLS_CERTIFICATE]=e[i.TLS_CERTIFICATE.toLowerCase()]),e[i.TLS_CERTIFICATEAUTHORITY.toLowerCase()]&&(o[i.TLS_CERTIFICATEAUTHORITY]=e[i.TLS_CERTIFICATEAUTHORITY.toLowerCase()]),e[i.OPERATIONSAPI_TLS_CERTIFICATE.toLowerCase()]&&(o[i.OPERATIONSAPI_TLS_CERTIFICATE]=e[i.OPERATIONSAPI_TLS_CERTIFICATE.toLowerCase()]),e[i.OPERATIONSAPI_TLS_PRIVATEKEY.toLowerCase()]&&(o[i.OPERATIONSAPI_TLS_PRIVATEKEY]=e[i.OPERATIONSAPI_TLS_PRIVATEKEY.toLowerCase()]),e[i.OPERATIONSAPI_TLS_CERTIFICATEAUTHORITY.toLowerCase()]&&(o[i.OPERATIONSAPI_TLS_CERTIFICATEAUTHORITY]=e[i.OPERATIONSAPI_TLS_CERTIFICATEAUTHORITY.toLowerCase()]),(e[i.CLUSTERING_ENABLED.toLowerCase()]||e.clustering)&&(o[i.CLUSTERING_TLS_CERTIFICATE]=e[i.CLUSTERING_TLS_CERTIFICATE.toLowerCase()]??n,o[i.CLUSTERING_TLS_CERT_AUTH]=e[i.CLUSTERING_TLS_CERT_AUTH.toLowerCase()]??s,o[i.CLUSTERING_TLS_PRIVATEKEY]=e[i.CLUSTERING_TLS_PRIVATEKEY.toLowerCase()]??r),wO.updateConfigValue(void 0,void 0,o,!1,!0)}a(yK,"updateConfigCert");function RK(e){return e.startsWith("-----BEGIN")?e:rme(e,"utf8")}a(RK,"readPEM");var lK=BT.createSecureContext;BT.createSecureContext=function(e){if(!e.cert||!e.key)return lK(e);let t={...e};delete t.key,delete t.cert;let r=lK(t);return r.context.setCert(e.cert),r.context.setKey(e.key,void 0),r};var fme=_K.prototype._init;_K.prototype._init=function(e,t){fme.call(this,e,t);let r=this;this._handle.oncertcb=function(n){let s=n.servername;r._SNICallback(s,(i,o)=>{this.sni_context=o?.context||o,this.certCbDone()})}};var Jl=new Map;function bK(e,t){let r=new Map,n,s=!1;return i.initialize=o=>i.ready?i.ready:(o&&(o.secureContexts=r,o.secureContextsListeners=[]),i.ready=new Promise((c,l)=>{async function u(){try{r.clear(),Jl.clear();let d=0;if(xT===void 0){c();return}for await(let f of xT.system.hdb_certificate.search([])){let m=f.certificate,p=new ca(m);f.is_authority&&(p.asString=m,Jl.set(p.subject,m))}for await(let f of xT.system.hdb_certificate.search([]))try{if(f.is_authority)continue;let m=e==="operations-api",p=f.is_self_signed?1:3;m&&f.uses?.includes?.("operations")&&(p+=1);let h=await AK(f.private_key_name),E=f.certificate,_=new ca(E);if(Jl.has(_.issuer)&&(E+=`
-`+Jl.get(_.issuer)),!h||!E)throw new Error("Missing private key or certificate for secure server");let R={ciphers:f.ciphers,ticketKeys:nme(),availableCAs:Jl,ca:t&&Array.from(Jl.values()),cert:E,key:h,key_file:f.private_key_name,is_self_signed:f.is_self_signed};o&&(R.sessionIdContext=o.sessionIdContext);let S=f.hostnames??xO(_);Array.isArray(S)||(S=[S]);for(let I of S)I===NO()&&(p+=1);let y=BT.createSecureContext(R);y.name=f.name,y.options=R,y.quality=p,y.certificateAuthorities=Array.from(Jl),y.certStart=E.toString().slice(0,100);let w;for(let I of S)if(I){I[0]==="*"&&(s=!0,I=I.slice(1)),uK.isIP(I)&&(w=!0);let H=r.get(I)?.quality??0;Xe.trace?.("Assigning TLS for hostname",I,"if",p,">",H),p>H&&r.set(I,y)}else Xe.error?.("No hostname found for certificate at",BT.certificate);Xe.trace?.("Adding TLS",y.name,"for",o.ports||"client","cert named",f.name,"hostnames",S,"quality",p,"best quality",d),p>d&&(i.defaultContext=n=y,d=p,o&&(o.defaultContext=y))}catch(m){Xe.error?.("Error applying TLS for",f.name,m)}o?.secureContextsListeners.forEach(f=>f()),c(n)}catch(d){l(d)}}a(u,"updateTLS"),xT?.system.hdb_certificate.subscribe({listener:a(()=>setTimeout(()=>u(),1500).unref(),"listener"),omitCurrent:!0}),u()})),i;function i(o,c){Xe.info?.("TLS requested for",o||"(no SNI)");let l=o;for(;;){let d=r.get(l);if(d)return Xe.debug?.("Found certificate for",o,d.certStart),d.updatedContext&&(d=d.updatedContext),c(null,d);if(s&&l){let f=l.indexOf(".",1);f<0?l="":l=l.slice(f)}else break}o?Xe.debug?.("No certificate found to match",o,"using the default certificate"):Xe.debug?.("No SNI, using the default certificate",n?.name);let u=n;u?u.updatedContext&&(u=u.updatedContext):Xe.info?.("No default certificate found"),c(null,u)}a(i,"SNICallback")}a(bK,"createTLSSelector");async function AK(e){let t=yc.get(e);return!t&&e?await jn.readFile(gr.join(Ts.get(Ql.ROOTPATH),Vs.LICENSE_KEY_DIR_NAME,e),"utf8"):t}a(AK,"getPrivateKeyByName");async function IK(){Rc();let e=[];for await(let t of an.search([]))e.push(t);return e}a(IK,"listCertificates");async function mme(e){let t=OO(e,yi.object({name:yi.string().required(),certificate:yi.string().required(),is_authority:yi.boolean().required(),private_key:yi.string(),hosts:yi.array(),uses:yi.array()}));if(t)throw new Tc(t.message);let{name:r,certificate:n,private_key:s,is_authority:i}=e,o=new ca(n),c=!1,l=!1,u;for(let[p,h]of yc)!s&&!c&&o.checkPrivateKey(dK(h))&&(c=!0,u=p),s&&s===h&&(l=!0,u=p);if(!i&&!s&&!c)throw new Tc("A suitable private key was not found for this certificate");let d;if(!r){try{d=UO(o)}catch(p){Xe.error?.(p)}if(d==null)throw new Tc("Error extracting certificate host name, please provide a name parameter")}let f=pme(r??d);s&&!c&&!l&&(await jn.writeFile(gr.join(Ts.getHdbBasePath(),Vs.LICENSE_KEY_DIR_NAME,f+".pem"),s),yc.set(f,s));let m={name:r??d,certificate:n,is_authority:i,hosts:e.hosts,uses:e.uses};return(!i||i&&u||i&&s)&&(m.private_key_name=u??f+".pem"),e.ciphers&&(m.ciphers=e.ciphers),await af(m),"Successfully added certificate: "+f}a(mme,"addCertificate");function pme(e){return e.replace(/[^a-z0-9\.]/gi,"-")}a(pme,"sanitizeName");async function hme(e){let t=OO(e,yi.object({name:yi.string().required()}));if(t)throw new Tc(t.message);let{name:r}=e;Rc();let n=await an.get(r);if(!n)throw new Tc(r+" not found");let{private_key_name:s}=n;if(s){let i=Array.from(await an.search([{attribute:"private_key_name",value:s}]));i.length===1&&i[0].name===r&&(Xe.info?.("Removing private key named",s),await jn.remove(gr.join(Ts.getHdbBasePath(),Vs.LICENSE_KEY_DIR_NAME,s)))}return await an.delete(r),"Successfully removed "+r}a(hme,"removeCertificate");function UO(e){let t=e.subject?.match(/CN=(.*)/)?.[1];return t||xO(e)[0]}a(UO,"getPrimaryHostName");function xO(e){if(e.subjectAltName)return e.subjectAltName.split(",").map(r=>{let n=r.indexOf(":");if(r=r.slice(n+1),r=r.trim(),r[0]==='"')try{r=JSON.parse(r)}catch{}return r.indexOf("=")>-1?r.match(/CN=([^,]*)/)?.[1]:r}).filter(r=>r);let t=e.subject?.match(/CN=(.*)/)?.[1];return t?[t]:[]}a(xO,"hostnamesFromCert");async function Eme(e){if(e.bypass_auth!==!0)throw new Tc("Unauthorized","401");let t=OO(e,yi.object({name:yi.string().required()}));if(t)throw new Tc(t.message);let{name:r}=e;if(r===".jwtPrivate")return(await oK()).privateKey;if(r===".jwtPublic")return(await oK()).publicKey;if(yc.get(r))return yc.get(e.name);throw new Tc("Key not found")}a(Eme,"getKey");function _me(e){return[e.subject?.CN,...e.subjectaltname.split(",").filter(t=>t.trim().startsWith("DNS:")).map(t=>t.trim().substring(4))]}a(_me,"getHostnamesFromCertificate")});var jK={};ye(jK,{BACK_PRESSURE_RATIO_POSITION:()=>YK,CONFIRMATION_STATUS_POSITION:()=>KK,LATENCY_POSITION:()=>jT,NodeReplicationConnection:()=>lf,OPERATION_REQUEST:()=>GO,RECEIVED_TIME_POSITION:()=>YT,RECEIVED_VERSION_POSITION:()=>KT,RECEIVING_STATUS_POSITION:()=>WT,RECEIVING_STATUS_RECEIVING:()=>WK,RECEIVING_STATUS_WAITING:()=>qO,SENDING_TIME_POSITION:()=>Uh,createWebSocket:()=>zT,databaseSubscriptions:()=>Ac,replicateOverWS:()=>xh,tableUpdateListeners:()=>KO});async function zT(e,t){let{authorization:r,rejectUnauthorized:n}=t||{},s=nt(),i;if(e==null)throw new TypeError(`Invalid URL: Expected a string URL for node "${s}" but received ${e}`);if(e.includes("wss://")){if(!kO){let l=(0,GK.createTLSSelector)("operations-api"),u={secureContexts:null};await l.initialize(u),kO=u.secureContexts}if(i=kO.get(s),i&&le.debug?.("Creating web socket for URL",e,"with certificate named:",i.name),!i&&n!==!1)throw new Error("Unable to find a valid certificate to use for replication to connect to "+e)}let o={};r&&(o.Authorization=r);let c={headers:o,localAddress:s?.startsWith("127.0")?s:void 0,servername:(0,$K.isIP)(t?.serverName)?void 0:t?.serverName,noDelay:!0,highWaterMark:128*1024,rejectUnauthorized:n!==!1,secureContext:void 0};return i&&((cf?.caCount!==ua.size||cf?.derivedFromContext!==i)&&(cf=qK.createSecureContext({...i.options,ca:[...ua,...i.options.availableCAs.values()]}),cf.caCount=ua.size,cf.derivedFromContext=i),c.secureContext=cf),new FK.WebSocket(e,"harperdb-replication-v1",c)}function xh(e,t,r){let n=t.port||t.securePort,s=VO.pid%1e3+"-"+kK.threadId+(n?"s:"+n:"c:"+t.url?.slice(-4))+" "+Math.random().toString().slice(2,3);le.debug?.(s,"Initializing replication connection",r);let i=0,o=Buffer.allocUnsafeSlow(1024),c=0,l=new DataView(o.buffer,0,1024),u=t.database,d=t.databaseSubscriptions||Ac,f,m,p=!1,h=t.subscription;h?.then&&h.then(A=>{h=A,h.auditStore&&(f=h.auditStore)});let E=t.tables||u&&lt()[u],_,R=new Map,S=[];_=r.name,_&&t.connection&&(t.connection.nodeName=_);let y,w,I,H,X,q,k,z=6e4,Y,ce=0,de=0,te=0,Se=BK.default.get(x.REPLICATION_BLOBTIMEOUT)??12e4,Ne=new Map,Ke=[],$e=0,Ir;if(t.url){let A=a(()=>{X&&de===e._socket?.bytesRead&&te===e._socket?.bytesWritten?e.terminate():(X=performance.now(),e.ping(),de=e._socket?.bytesRead,te=e._socket?.bytesWritten)},"sendPing");I=setInterval(A,UK).unref(),A()}else nr();e._socket?.setMaxListeners(200);function nr(){clearTimeout(H),de=e._socket?.bytesRead,te=e._socket?.bytesWritten,H=setTimeout(()=>{de===e._socket?.bytesRead&&te===e._socket?.bytesWritten&&(le.warn?.(`Timeout waiting for ping from ${_}, terminating connection and reconnecting`),e.terminate())},UK*2).unref()}a(nr,"resetPingTimer");let zr=0,xr=0,Ou=!1,zc=3e4;function Ft(){if(pn?.length>0){let A=performance.now(),U=A-xr;zr=(zr*zc+(Ou?U:0))/(zc+U),m&&(m[YK]=zr),xr=A}}a(Ft,"updateBackPressureRatio"),setInterval(Ft,zc).unref();function Ps(){if(!(!_||!u))return m||(m=ef(f,u,_)),m}a(Ps,"getSharedStatus"),u&&Jc(u);let Ha,o_,cm=[],a_=[],lm,ve=[],c_=[],jb=[],Pu=150,ki=25,Ls=0,um=0,dm=!1,xo,Dn,pn,Br;e.on("message",Lu);async function Lu(A){if(r=await r,!r){le.error?.(s,"No authorization provided"),Fr(1008,"Unauthorized");return}fm(A),e.off("message",Lu),e.on("message",fm)}a(Lu,"onWSMessageWhenAuthorized");function fm(A){ce=performance.now();try{let U=A.dataView=new al(A.buffer,A.byteOffset,A.byteLength);if(A[0]>127){let W=(0,at.decode)(A),[J,F,he]=W;switch(J){case NK:{if(F){if(_){if(_!==F){le.error?.(s,`Node name mismatch, expecting to connect to ${_}, but peer reported name as ${F}, disconnecting`),e.send((0,at.encode)([Mh])),Fr(1008,"Node name mismatch");return}}else if(_=F,t.connection?.tentativeNode){let me=t.connection.tentativeNode;me.name=_,t.connection.tentativeNode=null,aa(_,me)}if(t.connection&&(t.connection.nodeName=_),le.debug?.(s,"received node name:",_,"db:",u??W[2]),!u)try{Jc(u=W[2]),u==="system"&&(Ha=gc(t,(me,ie)=>{$a(ie)&&K(ie)}),e.on("close",()=>{Ha?.remove()}))}catch(me){le.warn?.(s,"Error setting database",me),e.send((0,at.encode)([Mh])),Fr(1008,me.message);return}mm()}break}case vK:{le.debug?.(s,"Received table definitions for",F.map(me=>me.table));for(let me of F){let ie=W[2];me.database=ie;let Ce;if($a(ie)){if(u==="system")Me[ie]?.[me.table]||(Ce=v(me,Me[ie]?.[me.table]));else{if(ie!=="data"&&!Me[ie]){le.warn?.("Database not found",ie);return}Ce=v(me,Me[ie]?.[me.table])}f||(f=Ce?.auditStore),E||(E=lt()?.[ie])}}break}case Mh:Fr();break;case GO:try{let me=r?.replicates||r?.subscribers||r?.name;le.debug?.("Received operation request",F,"from",_),server.operation(F,{user:r},!me).then(ie=>{le.debug?.("Requested request from finished",_,ie),Array.isArray(ie)&&(ie={results:ie}),ie.requestId=F.requestId,e.send((0,at.encode)([qT,ie]))},ie=>{le.debug?.("Failed requested operation from",_,ie),e.send((0,at.encode)([qT,{requestId:F.requestId,error:BO(ie)}]))})}catch(me){e.send((0,at.encode)([qT,{requestId:F.requestId,error:BO(me)}]))}break;case qT:let{resolve:ue,reject:_e}=R.get(F.requestId);le.debug?.("Received completed operation request",_,F),F.error?_e(new Error(F.error)):ue(F),R.delete(F.requestId);break;case FO:let re=W[3];if(!E){u?le.error?.(s,"No database found for",u):le.error?.(s,"Database name never received"),Fr();return}let oe=E[re];oe=v({table:re,database:u,attributes:F.attributes,schemaDefined:F.schemaDefined},oe),cm[he]={name:re,decoder:new at.Packr({useBigIntExtension:!0,randomAccessStructure:!0,freezeData:!0,typedStructs:F.typedStructs,structures:F.structures}),getEntry(me){return oe.primaryStore.getEntry(me)},rootStore:oe.primaryStore.rootStore};break;case CK:Br=f?K1(F,f):new Map,lm=W[2],le.debug?.(s,`Acknowledged subscription request, receiving messages for nodes: ${lm}`);break;case OK:let ge=he;jb[ge]=F;break;case DK:Ps()[KK]=F,le.trace?.(s,"received and broadcasting committed update",F),Ps().buffer.notify();break;case LK:y=F,h.send({type:"end_txn",localTime:y,remoteNodeIds:S}),Ps(),replication_shared_status[KT]=last_sequence_id_received,replication_shared_status[YT]=Date.now(),replication_shared_status[WT]=qO;break;case $T:{let me=W[1],{fileId:ie,size:Ce,finished:Be,error:He}=me,Te=Ne.get(ie);le.debug?.("Received blob",ie,"has stream",!!Te,"connectedToBlob",!!Te?.connectedToBlob,"length",W[2].length,"finished",Be),Te||(Te=new HO.PassThrough,Te.expectedSize=Ce,Ne.set(ie,Te)),Te.lastChunk=Date.now();let ht=W[2];Ye(ht.byteLength,"bytes-received",`${_}.${u}`,"replication","blob");try{Be?(He?(Te.on("error",()=>{}),Te.destroy(new Error("Blob error: "+He+" for record "+(Te.recordId??"unknown")+" from "+_))):Te.end(ht),Te.connectedToBlob&&Ne.delete(ie)):Te.write(ht)}catch(Ct){le.error?.(`Error receiving blob for ${Te.recordId} from ${_} and streaming to storage`,Ct),Ne.delete(ie)}break}case PK:{let me=F,ie;try{let Ce=W[3],Be=a_[he]||(a_[he]=E[W[4]]);if(!Be)return le.warn?.("Unknown table id trying to handle record request",he);let He=Be.primaryStore.getBinaryFast(Symbol.for("structures")),Te=He?.length??0;if(Te>0&&Te!==um){um=Te;let Ct=(0,at.decode)(He);e.send((0,at.encode)([FO,{typedStructs:Ct.typed,structures:Ct.named},he,Be.tableName]))}let ht=Be.primaryStore.getBinaryFast(Ce);if(ht){let Ct=Be.primaryStore.decoder.decode(ht,{valueAsBuffer:!0}),Ot=ut||{};Ot.version=(0,VK.getLastVersion)(),ut&&ut[Wu]&Xr&&(Ct=Buffer.from(Ct),Hm(()=>Be.primaryStore.decoder.decode(ht),u_=>Ga(u_,Ce),Be.primaryStore.rootStore)),ie=(0,at.encode)([GT,me,{value:Ct,expiresAt:Ot.expiresAt,version:Ot.version,residencyId:Ot.residencyId,nodeId:Ot.nodeId,user:Ot.user}])}else ie=(0,at.encode)([GT,me])}catch(Ce){ie=(0,at.encode)([GT,me,{error:Ce.message}])}e.send(ie);break}case GT:{let{resolve:me,reject:ie,tableId:Ce,key:Be}=R.get(W[1]),He=W[2];if(He?.error)ie(new Error(He.error));else if(He){let Te;W_(()=>{let ht=cm[Ce].decoder.decode(He.value);He.value=ht,He.key=Be,me(He)||Te&&setTimeout(()=>Te.forEach(V_),6e4).unref()},f?.rootStore,ht=>{let Ct=qa(ht,Be);return Te||(Te=[]),Te.push(Ct),Ct})}else me();R.delete(W[1]);break}case wK:{pn=F;let me,ie,Ce=!1;if(h){if(u!==h.databaseName&&!h.then){le.error?.("Subscription request for wrong database",u,h.databaseName);return}}else h=d.get(u);if(le.debug?.(s,"received subscription request for",u,"at",pn),!h){let De;h=new Promise(ft=>{le.debug?.("Waiting for subscription to database "+u),De=ft}),h.ready=De,Ac.set(u,h)}if(r.name)ie=Gt().subscribe(r.name),ie.then(async De=>{me=De;for await(let ft of me){let kr=ft.value;if(!(kr?.replicates===!0||kr?.replicates?.receives||kr?.subscriptions?.some(fr=>(fr.database||fr.schema)===u&&fr.publish!==!1))){Ce=!0,Fr(1008,`Unauthorized database subscription to ${u}`);return}}},De=>{le.error?.(s,"Error subscribing to HDB nodes",De)});else if(!(r?.role?.permission?.super_user||r.replicates)){e.send((0,at.encode)([Mh])),Fr(1008,`Unauthorized database subscription to ${u}`);return}if(Dn&&(le.debug?.(s,"stopping previous subscription",u),Dn.emit("close")),pn.length===0)return;let Be=pn[0],He=a(De=>{if(De&&(Be.replicateByDefault?!Be.tables.includes(De.tableName):Be.tables.includes(De.tableName)))return{table:De}},"tableToTableEntry"),Te={txnTime:0},ht,Ct,Ot=1/0,u_,d_=a((De,ft)=>{if(De.type==="end_txn"){Te.txnTime&&(o[i]!==66&&le.error?.("Invalid encoding of message"),C(9),C(sg),O(u_=ft),sU()),i=c,Te.txnTime=0;return}let kr=De.nodeId,fr=De.tableId,zt=Ct[fr];if(!zt&&(zt=Ct[fr]=He(h.tableById[fr]),!zt))return le.debug?.("Not subscribed to table",fr);let yt=zt.table,Mu=yt.primaryStore,si=Mu.encoder;(De.extendedType&pg||!si.typedStructs)&&(si._mergeStructures(si.getStructures()),si.typedStructs&&(si.lastTypedStructuresLength=si.typedStructs.length));let f_=ht[kr];if(!(f_&&f_.startTime<ft&&(!f_.endTime||f_.endTime>ft)))return VT&&le.trace?.(s,"skipping replication update",De.recordId,"to:",_,"from:",kr,"subscribed:",ht),iU();VT&&le.trace?.(s,"sending replication update",De.recordId,"to:",_,"from:",kr,"subscribed:",ht);let zb=De.version,Qc=De.residencyId,Jb=l_(Qc,yt),m_;if(Jb&&!Jb.includes(_)){let Hi=l_(De.previousResidencyId,yt);if(Hi&&!Hi.includes(_)&&(De.type==="put"||De.type==="patch")||yt.getResidencyById)return iU();let Xc=De.recordId;le.trace?.(s,"sending invalidation",Xc,_,"from",kr);let pm=0;Qc&&(pm|=cl),De.previousResidencyId&&(pm|=ll);let Zb,p_=null;for(let oU in yt.indices){if(!p_){if(Zb=De.getValue(Mu,!0),!Zb)break;p_={}}p_[oU]=Zb[oU]}m_=ul(De.version,fr,Xc,null,kr,De.user,De.type==="put"||De.type==="patch"?"invalidate":De.type,si.encode(p_),pm,Qc,De.previousResidencyId,De.expiresAt)}function iU(){return le.trace?.(s,"skipping audit record",De.recordId),q||(q=setTimeout(()=>{q=null,(u_||0)+MK/2<Ot&&(VT&&le.trace?.(s,"sending skipped sequence update",Ot),e.send((0,at.encode)([LK,Ot])))},MK).unref()),new Promise(setImmediate)}a(iU,"skipAuditRecord");let Qb=si.typedStructs,Xb=si.structures;if((Qb?.length!=zt.typed_length||Xb?.length!=zt.structure_length)&&(zt.typed_length=Qb?.length,zt.structure_length=Xb.length,le.debug?.(s,"send table struct",zt.typed_length,zt.structure_length),zt.sentName||(zt.sentName=!0),e.send((0,at.encode)([FO,{typedStructs:Qb,structures:Xb,attributes:yt.attributes,schemaDefined:yt.schemaDefined},fr,zt.table.tableName]))),Qc&&!c_[Qc]&&(e.send((0,at.encode)([OK,Jb,Qc])),c_[Qc]=!0),Te.txnTime!==zb&&(Te.txnTime&&(VT&&le.trace?.(s,"new txn time, sending queued txn",Te.txnTime),o[i]!==66&&le.error?.("Invalid encoding of message"),sU()),Te.txnTime=zb,i=c,O(zb)),m_)C(m_.length),P(m_);else{let Hi=De.encoded;De.extendedType&Xr&&Hm(()=>De.getValue(Mu),pm=>Ga(pm,De.recordId),Mu.rootStore);let Xc=Hi[0]===66?8:0;C(Hi.length-Xc),P(Hi,Xc),le.trace?.("wrote record",De.recordId,"length:",Hi.length)}if(e._socket.writableNeedDrain){let Hi=performance.now();return Ou=!0,Ft(),new Promise(Xc=>{le.debug?.(`Waiting for remote node ${_} to allow more commits ${e._socket.writableNeedDrain?"due to network backlog":"due to requested flow directive"}`),e._socket.once("drain",()=>{Xc(),Ou=!1,Ft()})})}else return $e>ki?new Promise(Hi=>{Ir=Hi}):new Promise(setImmediate)},"sendAuditRecord"),sU=a(()=>{c-i>8?(e.send(o.subarray(i,c)),le.debug?.(s,"Sent message, size:",c-i),u!=="system"&&Ye(c-i,"bytes-sent",`${_}.${u}`,"replication","egress")):le.debug?.(s,"skipping empty transaction")},"sendQueuedData");Dn=new $O.EventEmitter,Dn.once("close",()=>{Ce=!0,me?.end()});for(let{startTime:De}of pn)De<Ot&&(Ot=De);(ie||Promise.resolve()).then(async()=>{h=await h,f=h.auditStore,Ct=h.tableById.map(He),ht=[];for(let{name:ft,startTime:kr,endTime:fr}of pn){let zt=DT(ft,f);le.debug?.("subscription to",ft,"using local id",zt,"starting",kr),ht[zt]={startTime:kr,endTime:fr}}K(u),Ha||(Ha=Gl(ft=>{ft.databaseName===u&&K(u)}),o_=th(ft=>{ft===u&&(e.send((0,at.encode)([Mh])),Fr())}),e.on("close",()=>{Ha?.remove(),o_?.remove()})),e.send((0,at.encode)([CK,Ih(h.auditStore),pn.map(({name:ft})=>ft)]));let De=!0;do{if(isFinite(Ot)||(le.warn?.("Invalid sequence id "+Ot),Fr(1008,"Invalid sequence id"+Ot)),De&&!Ce&&(De=!1,Ot===0)){le.info?.("Replicating all tables to",_);let ft=Date.now(),kr=JT(f);for(let fr in E){if(!He(fr))continue;let zt=E[fr];for(let yt of zt.primaryStore.getRange({snapshot:!1,versions:!0})){if(Ce)return;le.trace?.(s,"Copying record from",u,fr,yt.key,yt.localTime),ft=Math.max(yt.localTime??1,ft),Ps()[Uh]=1;let Mu=ul(yt.version,zt.tableId,yt.key,null,kr,null,"put",Hm(()=>zt.primaryStore.encoder.encode(yt.value),si=>Ga(si,yt.key)),yt.metadataFlags&-256,yt.residencyId,null,yt.expiresAt);await d_({recordId:yt.key,tableId:zt.tableId,type:"put",getValue(){return yt.value},encoded:Mu,version:yt.version,residencyId:yt.residencyId,nodeId:kr,extendedType:yt.metadataFlags},yt.localTime)}}Te.txnTime||(Te.txnTime=ft,O(ft)),c-i>8&&d_({type:"end_txn"},Ot),Ps()[Uh]=0,Ot=ft}for(let{key:ft,value:kr}of f.getRange({start:Ot||1,exclusiveStart:!0,snapshot:!1})){if(Ce)return;let fr=It(kr);le.debug?.("sending audit record",ft,fr.recordId),Ps()[Uh]=ft,Ot=ft,await d_(fr,ft),Dn.startTime=ft}c-i>8&&d_({type:"end_txn"},Ot),Ps()[Uh]=0,await rB(f)}while(!Ce)}).catch(De=>{le.error?.(s,"Error handling subscription to node",De),Fr(1008,"Error handling subscription to node")});break}}return}U.position=8;let N=!0,L,$;do{Ps();let W=U.readInt();if(W===9&&U.getUint8(U.position)==sg){U.position++,y=$=U.readFloat64(),m[KT]=y,m[YT]=Date.now(),m[WT]=qO,h.send({type:"end_txn",localTime:y,remoteNodeIds:S}),le.trace?.("received remote sequence update",y,u);break}let J=U.position,F=It(A,J,J+W),he=cm[F.tableId];he||le.error?.(`No table found with an id of ${F.tableId}`);let ue;F.residencyId&&(ue=jb[F.residencyId],le.trace?.(s,"received residency list",ue,F.type,F.recordId));let _e=F.recordId;try{W_(()=>{L={table:he.name,id:F.recordId,type:F.type,nodeId:Br.get(F.nodeId),residencyList:ue,timestamp:F.version,value:F.getValue(he),user:F.user,beginTxn:N,expiresAt:F.expiresAt}},f?.rootStore,re=>qa(re,_e))}catch(re){throw re.message+=" record id: "+_e,re.message+=" typed structures for current decoder"+JSON.stringify(he.decoder.typedStructs),re.message+=" structures for current decoder"+JSON.stringify(he.decoder.structures),re}N=!1,le.debug?.(s,"received replication message",F.type,"id",L.id,"version",new Date(F.version),"nodeId",L.nodeId),m[KT]=F.version,m[YT]=Date.now(),m[WT]=WK,h.send(L),U.position=J+W}while(U.position<A.byteLength);Ls++,u!=="system"&&Ye(A.byteLength,"bytes-received",`${_}.${u}.${L?.table||"unknown_table"}`,"replication","ingest"),Ls>Pu&&!dm&&(dm=!0,e.pause(),le.debug?.(`Commit backlog causing replication back-pressure, requesting that ${_} pause replication`)),h.send({type:"end_txn",localTime:y,remoteNodeIds:S,async onCommit(){if(L){let W=Date.now()-L.timestamp;u!=="system"&&Ye(W,"replication-latency",_+"."+u+"."+L.table,L.type,"ingest")}Ls--,dm&&(dm=!1,e.resume(),le.debug?.(`Replication resuming ${_}`)),Ke.length>0&&await Promise.all(Ke),le.trace?.("All blobs finished"),!w&&$&&(le.trace?.(s,"queuing confirmation of a commit at",$),setTimeout(()=>{e.send((0,at.encode)([DK,w])),le.trace?.(s,"sent confirmation of a commit at",w),w=null},Sme)),w=$,le.debug?.("last sequence committed",new Date($),u)}})}catch(U){le.error?.(s,"Error handling incoming replication message",U)}}a(fm,"onWSMessage"),e.on("ping",nr),e.on("pong",()=>{if(t.connection){let A=performance.now()-X;t.connection.latency=A,Ps()&&(m[jT]=A),t.isSubscriptionConnection&&zl({name:_,database:u,url:t.url,latency:A})}X=null}),e.on("close",(A,U)=>{clearInterval(I),clearTimeout(H),clearInterval(k),Dn&&Dn.emit("close"),xo&&xo.end();for(let[N,{reject:L}]of R)L(new Error(`Connection closed ${U?.toString()} ${A}`));le.debug?.(s,"closed",A,U?.toString())});function Fr(A,U){try{e.isFinished=!0,le.debug?.(s,"closing",_,u,A,U),e.close(A,U),t.connection?.emit("finished")}catch(N){le.error?.(s,"Error closing connection",N)}}a(Fr,"close");let Du=new Set;async function Ga(A,U){let N=K_(A);if(Du.has(N)){le.debug?.("Blob already being sent",N);return}Du.add(N);try{let L;$e++;for await(let $ of A.stream())L&&(le.debug?.("Sending blob chunk",N,"length",L.length),e.send((0,at.encode)([$T,{fileId:N,size:A.size},L]))),L=$,e._socket.writableNeedDrain&&(le.debug?.("draining",N),await new Promise(W=>e._socket.once("drain",W)),le.debug?.("drained",N)),Ye($.length,"bytes-sent",`${_}.${u}`,"replication","blob");le.debug?.("Sending final blob chunk",N,"length",L.length),e.send((0,at.encode)([$T,{fileId:N,size:A.size,finished:!0},L]))}catch(L){le.warn?.("Error sending blob",L,"blob id",N,"for record",U),e.send((0,at.encode)([$T,{fileId:N,finished:!0,error:BO(L)},Buffer.alloc(0)]))}finally{Du.delete(N),$e--,$e<ki&&Ir?.()}}a(Ga,"sendBlobs");function qa(A,U){let N=K_(A),L=Ne.get(N);le.debug?.("Received transaction with blob",N,"has stream",!!L,"ended",!!L?.writableEnded),L?L.writableEnded&&Ne.delete(N):(L=new HO.PassThrough,Ne.set(N,L)),L.connectedToBlob=!0,L.lastChunk=Date.now(),L.recordId=U,A.size===void 0&&L.expectedSize&&(A.size=L.expectedSize);let $=L.blob??createBlob(L,A);L.blob=$;let W=Ko(()=>km($).saving,h.auditStore?.rootStore);return W&&(W.blobId=N,Ke.push(W),W.finally(()=>{le.debug?.(`Finished receiving blob stream ${N}`),Ke.splice(Ke.indexOf(W),1)})),$}a(qa,"receiveBlobs");function mm(){if(p||(p=!0,t.connection?.on("subscriptions-updated",mm)),!f&&h&&(f=h.auditStore),t.connection?.isFinished)throw new Error("Can not make a subscription request on a connection that is already closed");let A=new Map;f||(f=h?.auditStore);try{for(let L of h?.dbisDB?.getRange({start:Symbol.for("seq"),end:[Symbol.for("seq"),Buffer.from([255])]})||[])for(let $ of L.value.nodes||[])$.lastTxnTime>(A.get($.id)??0)&&A.set($.id,$.lastTxnTime)}catch(L){if(!L.message.includes("Can not re"))throw L}let U=t.connection?.nodeSubscriptions?.[0];S=[];let N=t.connection?.nodeSubscriptions.map((L,$)=>{let W=[],{replicateByDefault:J}=L;if(L.subscriptions){for(let _e of L.subscriptions)if(_e.subscribe&&(_e.schema||_e.database)===u){let re=_e.table;E?.[re]?.replicate!==!1&&W.push(re)}J=!1}else for(let _e in E)(J?E[_e].replicate===!1:E[_e].replicate)&&W.push(_e);let F=f&&DT(L.name,f),he=h?.dbisDB?.get([Symbol.for("seq"),F])??1,ue=Math.max(he?.seqId??1,(typeof L.startTime=="string"?new Date(L.startTime).getTime():L.startTime)??1);if(le.debug?.("Starting time recorded in db",L.name,F,u,he?.seqId,"start time:",ue,new Date(ue)),U!==L){let _e=f&&DT(U.name,f),re=h?.dbisDB?.get([Symbol.for("seq"),_e])??1;for(let oe of re?.nodes||[])oe.name===L.name&&(ue=oe.seqId,le.debug?.("Using sequence id from proxy node",U.name,ue))}return F===void 0?le.warn("Starting subscription request from node",L,"but no node id found"):S.push(F),A.get(F)>ue&&(ue=A.get(F),le.debug?.("Updating start time from more recent txn recorded",U.name,ue)),ue===1&&(L.isLeader?(le.warn?.(`Requesting full copy of database ${u} from ${L.url}`),ue=0):ue=Date.now()-6e4),le.trace?.(s,"defining subscription request",L.name,u,new Date(ue)),{name:L.name,replicateByDefault:J,tables:W,startTime:ue,isLeader:L.isLeader,endTime:L.endTime}});if(N)if(le.debug?.(s,"sending subscription request",N,h?.dbisDB?.path),clearTimeout(Y),N.length>0)e.send((0,at.encode)([wK,N]));else{let L=a(()=>{let $=performance.now();Y=setTimeout(()=>{ce<=$?Fr(1008,"Connection has no subscriptions and is no longer used"):L()},z).unref()},"scheduleClose");L()}}a(mm,"sendSubscriptionRequestUpdate");function l_(A,U){if(!A)return;let N=ve[A];return N||(N=U.getResidencyRecord(A),ve[A]=N),N}a(l_,"getResidence");function $a(A){return!(bc&&bc!="*"&&!bc[A]&&!bc.includes?.(A)&&!bc.some?.(U=>U.name===A))}a($a,"checkDatabaseAccess");function Jc(A){if(h=h||d.get(A),!$a(A))throw new Error(`Access to database "${A}" is not permitted`);h||le.warn?.(`No database named "${A}" was declared and registered`),f=h?.auditStore,E||(E=lt()?.[A]);let U=nt();if(U===_)throw U?new Error("Should not connect to self",U):new Error("Node name not defined");return vu(U,A),!0}a(Jc,"setDatabase");function vu(A,U){let N=lt()?.[U],L=[];for(let $ in N){let W=N[$];L.push({table:$,schemaDefined:W.schemaDefined,attributes:W.attributes.map(J=>({name:J.name,type:J.type,isPrimaryKey:J.isPrimaryKey}))})}le.trace?.("Sending database info for node",A,"database name",U),e.send((0,at.encode)([NK,A,U,L]))}a(vu,"sendNodeDBName");function K(A){let U=lt()?.[A],N=[];for(let L in U){if(pn&&!pn.some(W=>W.replicateByDefault?!W.tables.includes(L):W.tables.includes(L)))continue;let $=U[L];N.push({table:L,schemaDefined:$.schemaDefined,attributes:$.attributes.map(W=>({name:W.name,type:W.type,isPrimaryKey:W.isPrimaryKey}))})}e.send((0,at.encode)([vK,N,A]))}a(K,"sendDBSchema"),k=setInterval(()=>{for(let[A,U]of Ne)U.lastChunk+Se<Date.now()&&(le.warn?.(`Timeout waiting for blob stream to finish ${A} for record ${U.recordId??"unknown"} from ${_}`),Ne.delete(A),U.end())},Se).unref();let g=1,T=[];return{end(){xo&&xo.end(),Dn&&Dn.emit("close")},getRecord(A){let U=g++;return new Promise((N,L)=>{let $=[PK,U,A.table.tableId,A.id];T[A.table.tableId]||($.push(A.table.tableName),T[A.table.tableId]=!0),e.send((0,at.encode)($)),ce=performance.now(),R.set(U,{tableId:A.table.tableId,key:A.id,resolve(W){let{table:J,entry:F}=A;if(N(W),W)return J._recordRelocate(F,W)},reject:L})})},sendOperation(A){let U=g++;return A.requestId=U,e.send((0,at.encode)([GO,A])),new Promise((N,L)=>{R.set(U,{resolve:N,reject:L})})}};function C(A){B(5),A<128?o[c++]=A:A<16384?(l.setUint16(c,A|32768),c+=2):A<1056964608?(l.setUint32(c,A|3221225472),c+=4):(o[c]=255,l.setUint32(c+1,A),c+=5)}function P(A,U=0,N=A.length){let L=N-U;B(L),A.copy(o,c,U,N),c+=L}function O(A){B(8),l.setFloat64(c,A),c+=8}function B(A){if(A+16>o.length-c){let U=Buffer.allocUnsafeSlow(c+A-i+65536>>10<<11);o.copy(U,0,i,c),c=c-i,i=0,o=U,l=new DataView(o.buffer,0,o.length)}}function v(A,U){let N=A.database??"data";U||(U={});let L=U.schemaDefined,$=!1,W=A.schemaDefined,J=U.attributes||[];for(let F=0;F<A.attributes?.length;F++){let he=A.attributes[F],ue=J.find(_e=>_e.name===he.name);(!ue||ue.type!==he.type)&&(L?le.error?.(`Schema for '${u}.${A.table}' is defined locally, but attribute '${he.name}: ${he.type}' from '${_}' does not match local attribute ${ue?"'"+ue.name+": "+ue.type+"'":"which does not exist"}`):($=!0,W||(he.indexed=!0),ue?J[J.indexOf(ue)]=he:J.push(he)))}return $?(le.debug?.("(Re)creating",A),ze({table:A.table,database:A.database,schemaDefined:A.schemaDefined,attributes:J,...U})):U}}var BK,at,FK,kK,HK,$O,GK,qK,VO,$K,HO,VK,gme,BO,le,wK,NK,CK,Mh,OK,FO,PK,GT,GO,qT,LK,DK,vK,$T,KK,KT,YT,Uh,jT,WT,YK,qO,WK,KO,Ac,VT,MK,Sme,UK,kO,cf,xK,lf,YO=se(()=>{Oe();Gi();bO();II();Ss();BK=b(fe());G();dl();at=require("msgpackr"),FK=require("ws"),kK=require("worker_threads"),HK=b(Q());Lh();$O=require("events"),GK=b(ys()),qK=b(require("node:tls"));rf();VO=b(require("node:process")),$K=require("node:net");ss();ns();HO=require("node:stream"),VK=require("lmdb"),{forComponent:gme,errorToString:BO}=HK.default,le=gme("replication").conditional,wK=129,NK=140,CK=141,Mh=142,OK=130,FO=132,PK=133,GT=134,GO=136,qT=137,LK=143,DK=144,vK=145,$T=146,KK=0,KT=1,YT=2,Uh=3,jT=4,WT=5,YK=6,qO=0,WK=1,KO=new Map,Ac=new Map,VT=!0,MK=300,Sme=2,UK=3e4;a(zT,"createWebSocket");xK=500,lf=class extends $O.EventEmitter{static{a(this,"NodeReplicationConnection")}socket;startTime;retryTime=xK;retries=0;isConnected=!0;isFinished=!1;nodeSubscriptions;latency=0;replicateTablesByDefault;session;sessionResolve;sessionReject;url;subscription;databaseName;nodeName;authorization;constructor(t,r,n,s,i){super(),this.url=t,this.subscription=r,this.databaseName=n,this.authorization=i,this.nodeName=this.nodeName??Ti(t)}async connect(){this.session||this.resetSession();let t=[];this.socket=await zT(this.url,{serverName:this.nodeName,authorization:this.authorization});let r;le.debug?.(`Connecting to ${this.url}, db: ${this.databaseName}, process ${VO.pid}`),this.socket.on("open",()=>{this.socket._socket.unref(),le[this.isConnected?"info":"warn"]?.(`Connected to ${this.url}, db: ${this.databaseName}`),this.retries=0,this.retryTime=xK,this.nodeSubscriptions&&zl({name:this.nodeName,database:this.databaseName,url:this.url}),this.isConnected=!0,r=xh(this.socket,{database:this.databaseName,subscription:this.subscription,url:this.url,connection:this,isSubscriptionConnection:this.nodeSubscriptions!==void 0},{replicates:!0}),this.sessionResolve(r)}),this.socket.on("error",n=>{n.code==="SELF_SIGNED_CERT_IN_CHAIN"?(le.warn?.(`Can not connect to ${this.url}, this server does not have a certificate authority for the certificate provided by ${this.url}`),n.isHandled=!0):n.code!=="ECONNREFUSED"&&(n.code==="UNABLE_TO_VERIFY_LEAF_SIGNATURE"?le.error?.(`Can not connect to ${this.url}, the certificate provided by ${this.url} is not trusted, this node needs to be added to the cluster, or a certificate authority needs to be added`):le.error?.(`Error in connection to ${this.url} due to ${n.message}`)),this.sessionReject(n)}),this.socket.on("close",(n,s)=>{if(this.isConnected&&(this.nodeSubscriptions&&sf({name:this.nodeName,database:this.databaseName,url:this.url,finished:this.socket.isFinished}),this.isConnected=!1),this.removeAllListeners("subscriptions-updated"),this.socket.isFinished){this.isFinished=!0,r?.end(),this.emit("finished");return}if(++this.retries%20===1){let i=s?.toString();le.warn?.(`${r?"Disconnected from":"Failed to connect to"} ${this.url} (db: "${this.databaseName}"), due to ${i?'"'+i+'" ':""}(code: ${n})`)}r=null,this.resetSession(),setTimeout(()=>{this.connect()},this.retryTime).unref(),this.retryTime+=this.retryTime>>8})}resetSession(){this.session=new Promise((t,r)=>{this.sessionResolve=t,this.sessionReject=r})}subscribe(t,r){this.nodeSubscriptions=t,this.replicateTablesByDefault=r,this.emit("subscriptions-updated",t)}unsubscribe(){this.socket.isFinished=!0,this.socket.close(1008,"No longer subscribed")}getRecord(t){return this.session.then(r=>r.getRecord(t))}};a(xh,"replicateOverWS")});function Ic(e,t){let r=e.toString("base64"),n=[`-----BEGIN ${t}-----`];for(let s=0;s<r.length;s+=64)n.push(r.substring(s,s+64));return n.push(`-----END ${t}-----`),n.join(`
+`+Jl.get(_.issuer)),!h||!E)throw new Error("Missing private key or certificate for secure server");let R={ciphers:f.ciphers,ticketKeys:nme(),availableCAs:Jl,ca:t&&Array.from(Jl.values()),cert:E,key:h,key_file:f.private_key_name,is_self_signed:f.is_self_signed};o&&(R.sessionIdContext=o.sessionIdContext);let S=f.hostnames??xO(_);Array.isArray(S)||(S=[S]);for(let I of S)I===NO()&&(p+=1);let y=BT.createSecureContext(R);y.name=f.name,y.options=R,y.quality=p,y.certificateAuthorities=Array.from(Jl),y.certStart=E.toString().slice(0,100);let w;for(let I of S)if(I){I[0]==="*"&&(s=!0,I=I.slice(1)),uK.isIP(I)&&(w=!0);let H=r.get(I)?.quality??0;Xe.trace?.("Assigning TLS for hostname",I,"if",p,">",H),p>H&&r.set(I,y)}else Xe.error?.("No hostname found for certificate at",BT.certificate);Xe.trace?.("Adding TLS",y.name,"for",o.ports||"client","cert named",f.name,"hostnames",S,"quality",p,"best quality",d),p>d&&(i.defaultContext=n=y,d=p,o&&(o.defaultContext=y))}catch(m){Xe.error?.("Error applying TLS for",f.name,m)}o?.secureContextsListeners.forEach(f=>f()),c(n)}catch(d){l(d)}}a(u,"updateTLS"),xT?.system.hdb_certificate.subscribe({listener:a(()=>setTimeout(()=>u(),1500).unref(),"listener"),omitCurrent:!0}),u()})),i;function i(o,c){Xe.info?.("TLS requested for",o||"(no SNI)");let l=o;for(;;){let d=r.get(l);if(d)return Xe.debug?.("Found certificate for",o,d.certStart),d.updatedContext&&(d=d.updatedContext),c(null,d);if(s&&l){let f=l.indexOf(".",1);f<0?l="":l=l.slice(f)}else break}o?Xe.debug?.("No certificate found to match",o,"using the default certificate"):Xe.debug?.("No SNI, using the default certificate",n?.name);let u=n;u?u.updatedContext&&(u=u.updatedContext):Xe.info?.("No default certificate found"),c(null,u)}a(i,"SNICallback")}a(bK,"createTLSSelector");async function AK(e){let t=yc.get(e);return!t&&e?await jn.readFile(gr.join(Ts.get(Ql.ROOTPATH),Vs.LICENSE_KEY_DIR_NAME,e),"utf8"):t}a(AK,"getPrivateKeyByName");async function IK(){Rc();let e=[];for await(let t of an.search([]))e.push(t);return e}a(IK,"listCertificates");async function mme(e){let t=OO(e,yi.object({name:yi.string().required(),certificate:yi.string().required(),is_authority:yi.boolean().required(),private_key:yi.string(),hosts:yi.array(),uses:yi.array()}));if(t)throw new Tc(t.message);let{name:r,certificate:n,private_key:s,is_authority:i}=e,o=new ca(n),c=!1,l=!1,u;for(let[p,h]of yc)!s&&!c&&o.checkPrivateKey(dK(h))&&(c=!0,u=p),s&&s===h&&(l=!0,u=p);if(!i&&!s&&!c)throw new Tc("A suitable private key was not found for this certificate");let d;if(!r){try{d=UO(o)}catch(p){Xe.error?.(p)}if(d==null)throw new Tc("Error extracting certificate host name, please provide a name parameter")}let f=pme(r??d);s&&!c&&!l&&(await jn.writeFile(gr.join(Ts.getHdbBasePath(),Vs.LICENSE_KEY_DIR_NAME,f+".pem"),s),yc.set(f,s));let m={name:r??d,certificate:n,is_authority:i,hosts:e.hosts,uses:e.uses};return(!i||i&&u||i&&s)&&(m.private_key_name=u??f+".pem"),e.ciphers&&(m.ciphers=e.ciphers),await af(m),"Successfully added certificate: "+f}a(mme,"addCertificate");function pme(e){return e.replace(/[^a-z0-9\.]/gi,"-")}a(pme,"sanitizeName");async function hme(e){let t=OO(e,yi.object({name:yi.string().required()}));if(t)throw new Tc(t.message);let{name:r}=e;Rc();let n=await an.get(r);if(!n)throw new Tc(r+" not found");let{private_key_name:s}=n;if(s){let i=Array.from(await an.search([{attribute:"private_key_name",value:s}]));i.length===1&&i[0].name===r&&(Xe.info?.("Removing private key named",s),await jn.remove(gr.join(Ts.getHdbBasePath(),Vs.LICENSE_KEY_DIR_NAME,s)))}return await an.delete(r),"Successfully removed "+r}a(hme,"removeCertificate");function UO(e){let t=e.subject?.match(/CN=(.*)/)?.[1];return t||xO(e)[0]}a(UO,"getPrimaryHostName");function xO(e){if(e.subjectAltName)return e.subjectAltName.split(",").map(r=>{let n=r.indexOf(":");if(r=r.slice(n+1),r=r.trim(),r[0]==='"')try{r=JSON.parse(r)}catch{}return r.indexOf("=")>-1?r.match(/CN=([^,]*)/)?.[1]:r}).filter(r=>r);let t=e.subject?.match(/CN=(.*)/)?.[1];return t?[t]:[]}a(xO,"hostnamesFromCert");async function Eme(e){if(e.bypass_auth!==!0)throw new Tc("Unauthorized","401");let t=OO(e,yi.object({name:yi.string().required()}));if(t)throw new Tc(t.message);let{name:r}=e;if(r===".jwtPrivate")return(await oK()).privateKey;if(r===".jwtPublic")return(await oK()).publicKey;if(yc.get(r))return yc.get(e.name);throw new Tc("Key not found")}a(Eme,"getKey");function _me(e){return[e.subject?.CN,...e.subjectaltname.split(",").filter(t=>t.trim().startsWith("DNS:")).map(t=>t.trim().substring(4))]}a(_me,"getHostnamesFromCertificate")});var jK={};ye(jK,{BACK_PRESSURE_RATIO_POSITION:()=>YK,CONFIRMATION_STATUS_POSITION:()=>KK,LATENCY_POSITION:()=>jT,NodeReplicationConnection:()=>lf,OPERATION_REQUEST:()=>GO,RECEIVED_TIME_POSITION:()=>YT,RECEIVED_VERSION_POSITION:()=>KT,RECEIVING_STATUS_POSITION:()=>WT,RECEIVING_STATUS_RECEIVING:()=>WK,RECEIVING_STATUS_WAITING:()=>qO,SENDING_TIME_POSITION:()=>Uh,createWebSocket:()=>zT,databaseSubscriptions:()=>Ac,replicateOverWS:()=>xh,tableUpdateListeners:()=>KO});async function zT(e,t){let{authorization:r,rejectUnauthorized:n}=t||{},s=nt(),i;if(e==null)throw new TypeError(`Invalid URL: Expected a string URL for node "${s}" but received ${e}`);if(e.includes("wss://")){if(!kO){let l=(0,GK.createTLSSelector)("operations-api"),u={secureContexts:null};await l.initialize(u),kO=u.secureContexts}if(i=kO.get(s),i&&le.debug?.("Creating web socket for URL",e,"with certificate named:",i.name),!i&&n!==!1)throw new Error("Unable to find a valid certificate to use for replication to connect to "+e)}let o={};r&&(o.Authorization=r);let c={headers:o,localAddress:s?.startsWith("127.0")?s:void 0,servername:(0,$K.isIP)(t?.serverName)?void 0:t?.serverName,noDelay:!0,highWaterMark:128*1024,rejectUnauthorized:n!==!1,secureContext:void 0};return i&&((cf?.caCount!==ua.size||cf?.derivedFromContext!==i)&&(cf=qK.createSecureContext({...i.options,ca:[...ua,...i.options.availableCAs.values()]}),cf.caCount=ua.size,cf.derivedFromContext=i),c.secureContext=cf),new FK.WebSocket(e,"harperdb-replication-v1",c)}function xh(e,t,r){let n=t.port||t.securePort,s=VO.pid%1e3+"-"+kK.threadId+(n?"s:"+n:"c:"+t.url?.slice(-4))+" "+Math.random().toString().slice(2,3);le.debug?.(s,"Initializing replication connection",r);let i=0,o=Buffer.allocUnsafeSlow(1024),c=0,l=new DataView(o.buffer,0,1024),u=t.database,d=t.databaseSubscriptions||Ac,f,m,p=!1,h=t.subscription;h?.then&&h.then(A=>{h=A,h.auditStore&&(f=h.auditStore)});let E=t.tables||u&&lt()[u],_,R=new Map,S=[];_=r.name,_&&t.connection&&(t.connection.nodeName=_);let y,w,I,H,X,q,k,z=6e4,Y,ce=0,de=0,te=0,Se=BK.default.get(x.REPLICATION_BLOBTIMEOUT)??12e4,Ne=new Map,Ke=[],$e=0,Ir;if(t.url){let A=a(()=>{X&&de===e._socket?.bytesRead&&te===e._socket?.bytesWritten?e.terminate():(X=performance.now(),e.ping(),de=e._socket?.bytesRead,te=e._socket?.bytesWritten)},"sendPing");I=setInterval(A,UK).unref(),A()}else nr();e._socket?.setMaxListeners(200);function nr(){clearTimeout(H),de=e._socket?.bytesRead,te=e._socket?.bytesWritten,H=setTimeout(()=>{de===e._socket?.bytesRead&&te===e._socket?.bytesWritten&&(le.warn?.(`Timeout waiting for ping from ${_}, terminating connection and reconnecting`),e.terminate())},UK*2).unref()}a(nr,"resetPingTimer");let zr=0,xr=0,Ou=!1,zc=3e4;function Ft(){if(pn?.length>0){let A=performance.now(),U=A-xr;zr=(zr*zc+(Ou?U:0))/(zc+U),m&&(m[YK]=zr),xr=A}}a(Ft,"updateBackPressureRatio"),setInterval(Ft,zc).unref();function Ps(){if(!(!_||!u))return m||(m=ef(f,u,_)),m}a(Ps,"getSharedStatus"),u&&Jc(u);let Ha,o_,cm=[],a_=[],lm,ve=[],c_=[],jb=[],Pu=150,ki=25,Ls=0,um=0,dm=!1,xo,Dn,pn,Br;e.on("message",Lu);async function Lu(A){if(r=await r,!r){le.error?.(s,"No authorization provided"),Fr(1008,"Unauthorized");return}fm(A),e.off("message",Lu),e.on("message",fm)}a(Lu,"onWSMessageWhenAuthorized");function fm(A){ce=performance.now();try{let U=A.dataView=new al(A.buffer,A.byteOffset,A.byteLength);if(A[0]>127){let W=(0,at.decode)(A),[J,F,he]=W;switch(J){case NK:{if(F){if(_){if(_!==F){le.error?.(s,`Node name mismatch, expecting to connect to ${_}, but peer reported name as ${F}, disconnecting`),e.send((0,at.encode)([Mh])),Fr(1008,"Node name mismatch");return}}else if(_=F,t.connection?.tentativeNode){let me=t.connection.tentativeNode;me.name=_,t.connection.tentativeNode=null,aa(_,me)}if(t.connection&&(t.connection.nodeName=_),le.debug?.(s,"received node name:",_,"db:",u??W[2]),!u)try{Jc(u=W[2]),u==="system"&&(Ha=gc(t,(me,ie)=>{$a(ie)&&K(ie)}),e.on("close",()=>{Ha?.remove()}))}catch(me){le.warn?.(s,"Error setting database",me),e.send((0,at.encode)([Mh])),Fr(1008,me.message);return}mm()}break}case vK:{le.debug?.(s,"Received table definitions for",F.map(me=>me.table));for(let me of F){let ie=W[2];me.database=ie;let Ce;if($a(ie)){if(u==="system")Me[ie]?.[me.table]||(Ce=v(me,Me[ie]?.[me.table]));else{if(ie!=="data"&&!Me[ie]){le.warn?.("Database not found",ie);return}Ce=v(me,Me[ie]?.[me.table])}f||(f=Ce?.auditStore),E||(E=lt()?.[ie])}}break}case Mh:Fr();break;case GO:try{let me=r?.replicates||r?.subscribers||r?.name;le.debug?.("Received operation request",F,"from",_),server.operation(F,{user:r},!me).then(ie=>{le.debug?.("Requested request from finished",_,ie),Array.isArray(ie)&&(ie={results:ie}),ie.requestId=F.requestId,e.send((0,at.encode)([qT,ie]))},ie=>{le.debug?.("Failed requested operation from",_,ie),e.send((0,at.encode)([qT,{requestId:F.requestId,error:BO(ie)}]))})}catch(me){e.send((0,at.encode)([qT,{requestId:F.requestId,error:BO(me)}]))}break;case qT:let{resolve:ue,reject:_e}=R.get(F.requestId);le.debug?.("Received completed operation request",_,F),F.error?_e(new Error(F.error)):ue(F),R.delete(F.requestId);break;case FO:let re=W[3];if(!E){u?le.error?.(s,"No database found for",u):le.error?.(s,"Database name never received"),Fr();return}let oe=E[re];oe=v({table:re,database:u,attributes:F.attributes,schemaDefined:F.schemaDefined},oe),cm[he]={name:re,decoder:new at.Packr({useBigIntExtension:!0,randomAccessStructure:!0,freezeData:!0,typedStructs:F.typedStructs,structures:F.structures}),getEntry(me){return oe.primaryStore.getEntry(me)},rootStore:oe.primaryStore.rootStore};break;case CK:Br=f?K1(F,f):new Map,lm=W[2],le.debug?.(s,`Acknowledged subscription request, receiving messages for nodes: ${lm}`);break;case OK:let ge=he;jb[ge]=F;break;case DK:Ps()[KK]=F,le.trace?.(s,"received and broadcasting committed update",F),Ps().buffer.notify();break;case LK:y=F,h.send({type:"end_txn",localTime:y,remoteNodeIds:S}),Ps(),m[KT]=last_sequence_id_received,m[YT]=Date.now(),m[WT]=qO;break;case $T:{let me=W[1],{fileId:ie,size:Ce,finished:Be,error:He}=me,Te=Ne.get(ie);le.debug?.("Received blob",ie,"has stream",!!Te,"connectedToBlob",!!Te?.connectedToBlob,"length",W[2].length,"finished",Be),Te||(Te=new HO.PassThrough,Te.expectedSize=Ce,Ne.set(ie,Te)),Te.lastChunk=Date.now();let ht=W[2];Ye(ht.byteLength,"bytes-received",`${_}.${u}`,"replication","blob");try{Be?(He?(Te.on("error",()=>{}),Te.destroy(new Error("Blob error: "+He+" for record "+(Te.recordId??"unknown")+" from "+_))):Te.end(ht),Te.connectedToBlob&&Ne.delete(ie)):Te.write(ht)}catch(Ct){le.error?.(`Error receiving blob for ${Te.recordId} from ${_} and streaming to storage`,Ct),Ne.delete(ie)}break}case PK:{let me=F,ie;try{let Ce=W[3],Be=a_[he]||(a_[he]=E[W[4]]);if(!Be)return le.warn?.("Unknown table id trying to handle record request",he);let He=Be.primaryStore.getBinaryFast(Symbol.for("structures")),Te=He?.length??0;if(Te>0&&Te!==um){um=Te;let Ct=(0,at.decode)(He);e.send((0,at.encode)([FO,{typedStructs:Ct.typed,structures:Ct.named},he,Be.tableName]))}let ht=Be.primaryStore.getBinaryFast(Ce);if(ht){let Ct=Be.primaryStore.decoder.decode(ht,{valueAsBuffer:!0}),Ot=ut||{};Ot.version=(0,VK.getLastVersion)(),ut&&ut[Wu]&Xr&&(Ct=Buffer.from(Ct),Hm(()=>Be.primaryStore.decoder.decode(ht),u_=>Ga(u_,Ce),Be.primaryStore.rootStore)),ie=(0,at.encode)([GT,me,{value:Ct,expiresAt:Ot.expiresAt,version:Ot.version,residencyId:Ot.residencyId,nodeId:Ot.nodeId,user:Ot.user}])}else ie=(0,at.encode)([GT,me])}catch(Ce){ie=(0,at.encode)([GT,me,{error:Ce.message}])}e.send(ie);break}case GT:{let{resolve:me,reject:ie,tableId:Ce,key:Be}=R.get(W[1]),He=W[2];if(He?.error)ie(new Error(He.error));else if(He){let Te;W_(()=>{let ht=cm[Ce].decoder.decode(He.value);He.value=ht,He.key=Be,me(He)||Te&&setTimeout(()=>Te.forEach(V_),6e4).unref()},f?.rootStore,ht=>{let Ct=qa(ht,Be);return Te||(Te=[]),Te.push(Ct),Ct})}else me();R.delete(W[1]);break}case wK:{pn=F;let me,ie,Ce=!1;if(h){if(u!==h.databaseName&&!h.then){le.error?.("Subscription request for wrong database",u,h.databaseName);return}}else h=d.get(u);if(le.debug?.(s,"received subscription request for",u,"at",pn),!h){let De;h=new Promise(ft=>{le.debug?.("Waiting for subscription to database "+u),De=ft}),h.ready=De,Ac.set(u,h)}if(r.name)ie=Gt().subscribe(r.name),ie.then(async De=>{me=De;for await(let ft of me){let kr=ft.value;if(!(kr?.replicates===!0||kr?.replicates?.receives||kr?.subscriptions?.some(fr=>(fr.database||fr.schema)===u&&fr.publish!==!1))){Ce=!0,Fr(1008,`Unauthorized database subscription to ${u}`);return}}},De=>{le.error?.(s,"Error subscribing to HDB nodes",De)});else if(!(r?.role?.permission?.super_user||r.replicates)){e.send((0,at.encode)([Mh])),Fr(1008,`Unauthorized database subscription to ${u}`);return}if(Dn&&(le.debug?.(s,"stopping previous subscription",u),Dn.emit("close")),pn.length===0)return;let Be=pn[0],He=a(De=>{if(De&&(Be.replicateByDefault?!Be.tables.includes(De.tableName):Be.tables.includes(De.tableName)))return{table:De}},"tableToTableEntry"),Te={txnTime:0},ht,Ct,Ot=1/0,u_,d_=a((De,ft)=>{if(De.type==="end_txn"){Te.txnTime&&(o[i]!==66&&le.error?.("Invalid encoding of message"),C(9),C(sg),O(u_=ft),sU()),i=c,Te.txnTime=0;return}let kr=De.nodeId,fr=De.tableId,zt=Ct[fr];if(!zt&&(zt=Ct[fr]=He(h.tableById[fr]),!zt))return le.debug?.("Not subscribed to table",fr);let yt=zt.table,Mu=yt.primaryStore,si=Mu.encoder;(De.extendedType&pg||!si.typedStructs)&&(si._mergeStructures(si.getStructures()),si.typedStructs&&(si.lastTypedStructuresLength=si.typedStructs.length));let f_=ht[kr];if(!(f_&&f_.startTime<ft&&(!f_.endTime||f_.endTime>ft)))return VT&&le.trace?.(s,"skipping replication update",De.recordId,"to:",_,"from:",kr,"subscribed:",ht),iU();VT&&le.trace?.(s,"sending replication update",De.recordId,"to:",_,"from:",kr,"subscribed:",ht);let zb=De.version,Qc=De.residencyId,Jb=l_(Qc,yt),m_;if(Jb&&!Jb.includes(_)){let Hi=l_(De.previousResidencyId,yt);if(Hi&&!Hi.includes(_)&&(De.type==="put"||De.type==="patch")||yt.getResidencyById)return iU();let Xc=De.recordId;le.trace?.(s,"sending invalidation",Xc,_,"from",kr);let pm=0;Qc&&(pm|=cl),De.previousResidencyId&&(pm|=ll);let Zb,p_=null;for(let oU in yt.indices){if(!p_){if(Zb=De.getValue(Mu,!0),!Zb)break;p_={}}p_[oU]=Zb[oU]}m_=ul(De.version,fr,Xc,null,kr,De.user,De.type==="put"||De.type==="patch"?"invalidate":De.type,si.encode(p_),pm,Qc,De.previousResidencyId,De.expiresAt)}function iU(){return le.trace?.(s,"skipping audit record",De.recordId),q||(q=setTimeout(()=>{q=null,(u_||0)+MK/2<Ot&&(VT&&le.trace?.(s,"sending skipped sequence update",Ot),e.send((0,at.encode)([LK,Ot])))},MK).unref()),new Promise(setImmediate)}a(iU,"skipAuditRecord");let Qb=si.typedStructs,Xb=si.structures;if((Qb?.length!=zt.typed_length||Xb?.length!=zt.structure_length)&&(zt.typed_length=Qb?.length,zt.structure_length=Xb.length,le.debug?.(s,"send table struct",zt.typed_length,zt.structure_length),zt.sentName||(zt.sentName=!0),e.send((0,at.encode)([FO,{typedStructs:Qb,structures:Xb,attributes:yt.attributes,schemaDefined:yt.schemaDefined},fr,zt.table.tableName]))),Qc&&!c_[Qc]&&(e.send((0,at.encode)([OK,Jb,Qc])),c_[Qc]=!0),Te.txnTime!==zb&&(Te.txnTime&&(VT&&le.trace?.(s,"new txn time, sending queued txn",Te.txnTime),o[i]!==66&&le.error?.("Invalid encoding of message"),sU()),Te.txnTime=zb,i=c,O(zb)),m_)C(m_.length),P(m_);else{let Hi=De.encoded;De.extendedType&Xr&&Hm(()=>De.getValue(Mu),pm=>Ga(pm,De.recordId),Mu.rootStore);let Xc=Hi[0]===66?8:0;C(Hi.length-Xc),P(Hi,Xc),le.trace?.("wrote record",De.recordId,"length:",Hi.length)}if(e._socket.writableNeedDrain){let Hi=performance.now();return Ou=!0,Ft(),new Promise(Xc=>{le.debug?.(`Waiting for remote node ${_} to allow more commits ${e._socket.writableNeedDrain?"due to network backlog":"due to requested flow directive"}`),e._socket.once("drain",()=>{Xc(),Ou=!1,Ft()})})}else return $e>ki?new Promise(Hi=>{Ir=Hi}):new Promise(setImmediate)},"sendAuditRecord"),sU=a(()=>{c-i>8?(e.send(o.subarray(i,c)),le.debug?.(s,"Sent message, size:",c-i),u!=="system"&&Ye(c-i,"bytes-sent",`${_}.${u}`,"replication","egress")):le.debug?.(s,"skipping empty transaction")},"sendQueuedData");Dn=new $O.EventEmitter,Dn.once("close",()=>{Ce=!0,me?.end()});for(let{startTime:De}of pn)De<Ot&&(Ot=De);(ie||Promise.resolve()).then(async()=>{h=await h,f=h.auditStore,Ct=h.tableById.map(He),ht=[];for(let{name:ft,startTime:kr,endTime:fr}of pn){let zt=DT(ft,f);le.debug?.("subscription to",ft,"using local id",zt,"starting",kr),ht[zt]={startTime:kr,endTime:fr}}K(u),Ha||(Ha=Gl(ft=>{ft.databaseName===u&&K(u)}),o_=th(ft=>{ft===u&&(e.send((0,at.encode)([Mh])),Fr())}),e.on("close",()=>{Ha?.remove(),o_?.remove()})),e.send((0,at.encode)([CK,Ih(h.auditStore),pn.map(({name:ft})=>ft)]));let De=!0;do{if(isFinite(Ot)||(le.warn?.("Invalid sequence id "+Ot),Fr(1008,"Invalid sequence id"+Ot)),De&&!Ce&&(De=!1,Ot===0)){le.info?.("Replicating all tables to",_);let ft=Date.now(),kr=JT(f);for(let fr in E){if(!He(fr))continue;let zt=E[fr];for(let yt of zt.primaryStore.getRange({snapshot:!1,versions:!0})){if(Ce)return;le.trace?.(s,"Copying record from",u,fr,yt.key,yt.localTime),ft=Math.max(yt.localTime??1,ft),Ps()[Uh]=1;let Mu=ul(yt.version,zt.tableId,yt.key,null,kr,null,"put",Hm(()=>zt.primaryStore.encoder.encode(yt.value),si=>Ga(si,yt.key)),yt.metadataFlags&-256,yt.residencyId,null,yt.expiresAt);await d_({recordId:yt.key,tableId:zt.tableId,type:"put",getValue(){return yt.value},encoded:Mu,version:yt.version,residencyId:yt.residencyId,nodeId:kr,extendedType:yt.metadataFlags},yt.localTime)}}Te.txnTime||(Te.txnTime=ft,O(ft)),c-i>8&&d_({type:"end_txn"},Ot),Ps()[Uh]=0,Ot=ft}for(let{key:ft,value:kr}of f.getRange({start:Ot||1,exclusiveStart:!0,snapshot:!1})){if(Ce)return;let fr=It(kr);le.debug?.("sending audit record",ft,fr.recordId),Ps()[Uh]=ft,Ot=ft,await d_(fr,ft),Dn.startTime=ft}c-i>8&&d_({type:"end_txn"},Ot),Ps()[Uh]=0,await rB(f)}while(!Ce)}).catch(De=>{le.error?.(s,"Error handling subscription to node",De),Fr(1008,"Error handling subscription to node")});break}}return}U.position=8;let N=!0,L,$;do{Ps();let W=U.readInt();if(W===9&&U.getUint8(U.position)==sg){U.position++,y=$=U.readFloat64(),m[KT]=y,m[YT]=Date.now(),m[WT]=qO,h.send({type:"end_txn",localTime:y,remoteNodeIds:S}),le.trace?.("received remote sequence update",y,u);break}let J=U.position,F=It(A,J,J+W),he=cm[F.tableId];he||le.error?.(`No table found with an id of ${F.tableId}`);let ue;F.residencyId&&(ue=jb[F.residencyId],le.trace?.(s,"received residency list",ue,F.type,F.recordId));let _e=F.recordId;try{W_(()=>{L={table:he.name,id:F.recordId,type:F.type,nodeId:Br.get(F.nodeId),residencyList:ue,timestamp:F.version,value:F.getValue(he),user:F.user,beginTxn:N,expiresAt:F.expiresAt}},f?.rootStore,re=>qa(re,_e))}catch(re){throw re.message+=" record id: "+_e,re.message+=" typed structures for current decoder"+JSON.stringify(he.decoder.typedStructs),re.message+=" structures for current decoder"+JSON.stringify(he.decoder.structures),re}N=!1,le.debug?.(s,"received replication message",F.type,"id",L.id,"version",new Date(F.version),"nodeId",L.nodeId),m[KT]=F.version,m[YT]=Date.now(),m[WT]=WK,h.send(L),U.position=J+W}while(U.position<A.byteLength);Ls++,u!=="system"&&Ye(A.byteLength,"bytes-received",`${_}.${u}.${L?.table||"unknown_table"}`,"replication","ingest"),Ls>Pu&&!dm&&(dm=!0,e.pause(),le.debug?.(`Commit backlog causing replication back-pressure, requesting that ${_} pause replication`)),h.send({type:"end_txn",localTime:y,remoteNodeIds:S,async onCommit(){if(L){let W=Date.now()-L.timestamp;u!=="system"&&Ye(W,"replication-latency",_+"."+u+"."+L.table,L.type,"ingest")}Ls--,dm&&(dm=!1,e.resume(),le.debug?.(`Replication resuming ${_}`)),Ke.length>0&&await Promise.all(Ke),le.trace?.("All blobs finished"),!w&&$&&(le.trace?.(s,"queuing confirmation of a commit at",$),setTimeout(()=>{e.send((0,at.encode)([DK,w])),le.trace?.(s,"sent confirmation of a commit at",w),w=null},Sme)),w=$,le.debug?.("last sequence committed",new Date($),u)}})}catch(U){le.error?.(s,"Error handling incoming replication message",U)}}a(fm,"onWSMessage"),e.on("ping",nr),e.on("pong",()=>{if(t.connection){let A=performance.now()-X;t.connection.latency=A,Ps()&&(m[jT]=A),t.isSubscriptionConnection&&zl({name:_,database:u,url:t.url,latency:A})}X=null}),e.on("close",(A,U)=>{clearInterval(I),clearTimeout(H),clearInterval(k),Dn&&Dn.emit("close"),xo&&xo.end();for(let[N,{reject:L}]of R)L(new Error(`Connection closed ${U?.toString()} ${A}`));le.debug?.(s,"closed",A,U?.toString())});function Fr(A,U){try{e.isFinished=!0,le.debug?.(s,"closing",_,u,A,U),e.close(A,U),t.connection?.emit("finished")}catch(N){le.error?.(s,"Error closing connection",N)}}a(Fr,"close");let Du=new Set;async function Ga(A,U){let N=K_(A);if(Du.has(N)){le.debug?.("Blob already being sent",N);return}Du.add(N);try{let L;$e++;for await(let $ of A.stream())L&&(le.debug?.("Sending blob chunk",N,"length",L.length),e.send((0,at.encode)([$T,{fileId:N,size:A.size},L]))),L=$,e._socket.writableNeedDrain&&(le.debug?.("draining",N),await new Promise(W=>e._socket.once("drain",W)),le.debug?.("drained",N)),Ye($.length,"bytes-sent",`${_}.${u}`,"replication","blob");le.debug?.("Sending final blob chunk",N,"length",L.length),e.send((0,at.encode)([$T,{fileId:N,size:A.size,finished:!0},L]))}catch(L){le.warn?.("Error sending blob",L,"blob id",N,"for record",U),e.send((0,at.encode)([$T,{fileId:N,finished:!0,error:BO(L)},Buffer.alloc(0)]))}finally{Du.delete(N),$e--,$e<ki&&Ir?.()}}a(Ga,"sendBlobs");function qa(A,U){let N=K_(A),L=Ne.get(N);le.debug?.("Received transaction with blob",N,"has stream",!!L,"ended",!!L?.writableEnded),L?L.writableEnded&&Ne.delete(N):(L=new HO.PassThrough,Ne.set(N,L)),L.connectedToBlob=!0,L.lastChunk=Date.now(),L.recordId=U,A.size===void 0&&L.expectedSize&&(A.size=L.expectedSize);let $=L.blob??createBlob(L,A);L.blob=$;let W=Ko(()=>km($).saving,h.auditStore?.rootStore);return W&&(W.blobId=N,Ke.push(W),W.finally(()=>{le.debug?.(`Finished receiving blob stream ${N}`),Ke.splice(Ke.indexOf(W),1)})),$}a(qa,"receiveBlobs");function mm(){if(p||(p=!0,t.connection?.on("subscriptions-updated",mm)),!f&&h&&(f=h.auditStore),t.connection?.isFinished)throw new Error("Can not make a subscription request on a connection that is already closed");let A=new Map;f||(f=h?.auditStore);try{for(let L of h?.dbisDB?.getRange({start:Symbol.for("seq"),end:[Symbol.for("seq"),Buffer.from([255])]})||[])for(let $ of L.value.nodes||[])$.lastTxnTime>(A.get($.id)??0)&&A.set($.id,$.lastTxnTime)}catch(L){if(!L.message.includes("Can not re"))throw L}let U=t.connection?.nodeSubscriptions?.[0];S=[];let N=t.connection?.nodeSubscriptions.map((L,$)=>{let W=[],{replicateByDefault:J}=L;if(L.subscriptions){for(let _e of L.subscriptions)if(_e.subscribe&&(_e.schema||_e.database)===u){let re=_e.table;E?.[re]?.replicate!==!1&&W.push(re)}J=!1}else for(let _e in E)(J?E[_e].replicate===!1:E[_e].replicate)&&W.push(_e);let F=f&&DT(L.name,f),he=h?.dbisDB?.get([Symbol.for("seq"),F])??1,ue=Math.max(he?.seqId??1,(typeof L.startTime=="string"?new Date(L.startTime).getTime():L.startTime)??1);if(le.debug?.("Starting time recorded in db",L.name,F,u,he?.seqId,"start time:",ue,new Date(ue)),U!==L){let _e=f&&DT(U.name,f),re=h?.dbisDB?.get([Symbol.for("seq"),_e])??1;for(let oe of re?.nodes||[])oe.name===L.name&&(ue=oe.seqId,le.debug?.("Using sequence id from proxy node",U.name,ue))}return F===void 0?le.warn("Starting subscription request from node",L,"but no node id found"):S.push(F),A.get(F)>ue&&(ue=A.get(F),le.debug?.("Updating start time from more recent txn recorded",U.name,ue)),ue===1&&(L.isLeader?(le.warn?.(`Requesting full copy of database ${u} from ${L.url}`),ue=0):ue=Date.now()-6e4),le.trace?.(s,"defining subscription request",L.name,u,new Date(ue)),{name:L.name,replicateByDefault:J,tables:W,startTime:ue,isLeader:L.isLeader,endTime:L.endTime}});if(N)if(le.debug?.(s,"sending subscription request",N,h?.dbisDB?.path),clearTimeout(Y),N.length>0)e.send((0,at.encode)([wK,N]));else{let L=a(()=>{let $=performance.now();Y=setTimeout(()=>{ce<=$?Fr(1008,"Connection has no subscriptions and is no longer used"):L()},z).unref()},"scheduleClose");L()}}a(mm,"sendSubscriptionRequestUpdate");function l_(A,U){if(!A)return;let N=ve[A];return N||(N=U.getResidencyRecord(A),ve[A]=N),N}a(l_,"getResidence");function $a(A){return!(bc&&bc!="*"&&!bc[A]&&!bc.includes?.(A)&&!bc.some?.(U=>U.name===A))}a($a,"checkDatabaseAccess");function Jc(A){if(h=h||d.get(A),!$a(A))throw new Error(`Access to database "${A}" is not permitted`);h||le.warn?.(`No database named "${A}" was declared and registered`),f=h?.auditStore,E||(E=lt()?.[A]);let U=nt();if(U===_)throw U?new Error("Should not connect to self",U):new Error("Node name not defined");return vu(U,A),!0}a(Jc,"setDatabase");function vu(A,U){let N=lt()?.[U],L=[];for(let $ in N){let W=N[$];L.push({table:$,schemaDefined:W.schemaDefined,attributes:W.attributes.map(J=>({name:J.name,type:J.type,isPrimaryKey:J.isPrimaryKey}))})}le.trace?.("Sending database info for node",A,"database name",U),e.send((0,at.encode)([NK,A,U,L]))}a(vu,"sendNodeDBName");function K(A){let U=lt()?.[A],N=[];for(let L in U){if(pn&&!pn.some(W=>W.replicateByDefault?!W.tables.includes(L):W.tables.includes(L)))continue;let $=U[L];N.push({table:L,schemaDefined:$.schemaDefined,attributes:$.attributes.map(W=>({name:W.name,type:W.type,isPrimaryKey:W.isPrimaryKey}))})}e.send((0,at.encode)([vK,N,A]))}a(K,"sendDBSchema"),k=setInterval(()=>{for(let[A,U]of Ne)U.lastChunk+Se<Date.now()&&(le.warn?.(`Timeout waiting for blob stream to finish ${A} for record ${U.recordId??"unknown"} from ${_}`),Ne.delete(A),U.end())},Se).unref();let g=1,T=[];return{end(){xo&&xo.end(),Dn&&Dn.emit("close")},getRecord(A){let U=g++;return new Promise((N,L)=>{let $=[PK,U,A.table.tableId,A.id];T[A.table.tableId]||($.push(A.table.tableName),T[A.table.tableId]=!0),e.send((0,at.encode)($)),ce=performance.now(),R.set(U,{tableId:A.table.tableId,key:A.id,resolve(W){let{table:J,entry:F}=A;if(N(W),W)return J._recordRelocate(F,W)},reject:L})})},sendOperation(A){let U=g++;return A.requestId=U,e.send((0,at.encode)([GO,A])),new Promise((N,L)=>{R.set(U,{resolve:N,reject:L})})}};function C(A){B(5),A<128?o[c++]=A:A<16384?(l.setUint16(c,A|32768),c+=2):A<1056964608?(l.setUint32(c,A|3221225472),c+=4):(o[c]=255,l.setUint32(c+1,A),c+=5)}function P(A,U=0,N=A.length){let L=N-U;B(L),A.copy(o,c,U,N),c+=L}function O(A){B(8),l.setFloat64(c,A),c+=8}function B(A){if(A+16>o.length-c){let U=Buffer.allocUnsafeSlow(c+A-i+65536>>10<<11);o.copy(U,0,i,c),c=c-i,i=0,o=U,l=new DataView(o.buffer,0,o.length)}}function v(A,U){let N=A.database??"data";U||(U={});let L=U.schemaDefined,$=!1,W=A.schemaDefined,J=U.attributes||[];for(let F=0;F<A.attributes?.length;F++){let he=A.attributes[F],ue=J.find(_e=>_e.name===he.name);(!ue||ue.type!==he.type)&&(L?le.error?.(`Schema for '${u}.${A.table}' is defined locally, but attribute '${he.name}: ${he.type}' from '${_}' does not match local attribute ${ue?"'"+ue.name+": "+ue.type+"'":"which does not exist"}`):($=!0,W||(he.indexed=!0),ue?J[J.indexOf(ue)]=he:J.push(he)))}return $?(le.debug?.("(Re)creating",A),ze({table:A.table,database:A.database,schemaDefined:A.schemaDefined,attributes:J,...U})):U}}var BK,at,FK,kK,HK,$O,GK,qK,VO,$K,HO,VK,gme,BO,le,wK,NK,CK,Mh,OK,FO,PK,GT,GO,qT,LK,DK,vK,$T,KK,KT,YT,Uh,jT,WT,YK,qO,WK,KO,Ac,VT,MK,Sme,UK,kO,cf,xK,lf,YO=se(()=>{Oe();Gi();bO();II();Ss();BK=b(fe());G();dl();at=require("msgpackr"),FK=require("ws"),kK=require("worker_threads"),HK=b(Q());Lh();$O=require("events"),GK=b(ys()),qK=b(require("node:tls"));rf();VO=b(require("node:process")),$K=require("node:net");ss();ns();HO=require("node:stream"),VK=require("lmdb"),{forComponent:gme,errorToString:BO}=HK.default,le=gme("replication").conditional,wK=129,NK=140,CK=141,Mh=142,OK=130,FO=132,PK=133,GT=134,GO=136,qT=137,LK=143,DK=144,vK=145,$T=146,KK=0,KT=1,YT=2,Uh=3,jT=4,WT=5,YK=6,qO=0,WK=1,KO=new Map,Ac=new Map,VT=!0,MK=300,Sme=2,UK=3e4;a(zT,"createWebSocket");xK=500,lf=class extends $O.EventEmitter{static{a(this,"NodeReplicationConnection")}socket;startTime;retryTime=xK;retries=0;isConnected=!0;isFinished=!1;nodeSubscriptions;latency=0;replicateTablesByDefault;session;sessionResolve;sessionReject;url;subscription;databaseName;nodeName;authorization;constructor(t,r,n,s,i){super(),this.url=t,this.subscription=r,this.databaseName=n,this.authorization=i,this.nodeName=this.nodeName??Ti(t)}async connect(){this.session||this.resetSession();let t=[];this.socket=await zT(this.url,{serverName:this.nodeName,authorization:this.authorization});let r;le.debug?.(`Connecting to ${this.url}, db: ${this.databaseName}, process ${VO.pid}`),this.socket.on("open",()=>{this.socket._socket.unref(),le[this.isConnected?"info":"warn"]?.(`Connected to ${this.url}, db: ${this.databaseName}`),this.retries=0,this.retryTime=xK,this.nodeSubscriptions&&zl({name:this.nodeName,database:this.databaseName,url:this.url}),this.isConnected=!0,r=xh(this.socket,{database:this.databaseName,subscription:this.subscription,url:this.url,connection:this,isSubscriptionConnection:this.nodeSubscriptions!==void 0},{replicates:!0}),this.sessionResolve(r)}),this.socket.on("error",n=>{n.code==="SELF_SIGNED_CERT_IN_CHAIN"?(le.warn?.(`Can not connect to ${this.url}, this server does not have a certificate authority for the certificate provided by ${this.url}`),n.isHandled=!0):n.code!=="ECONNREFUSED"&&(n.code==="UNABLE_TO_VERIFY_LEAF_SIGNATURE"?le.error?.(`Can not connect to ${this.url}, the certificate provided by ${this.url} is not trusted, this node needs to be added to the cluster, or a certificate authority needs to be added`):le.error?.(`Error in connection to ${this.url} due to ${n.message}`)),this.sessionReject(n)}),this.socket.on("close",(n,s)=>{if(this.isConnected&&(this.nodeSubscriptions&&sf({name:this.nodeName,database:this.databaseName,url:this.url,finished:this.socket.isFinished}),this.isConnected=!1),this.removeAllListeners("subscriptions-updated"),this.socket.isFinished){this.isFinished=!0,r?.end(),this.emit("finished");return}if(++this.retries%20===1){let i=s?.toString();le.warn?.(`${r?"Disconnected from":"Failed to connect to"} ${this.url} (db: "${this.databaseName}"), due to ${i?'"'+i+'" ':""}(code: ${n})`)}r=null,this.resetSession(),setTimeout(()=>{this.connect()},this.retryTime).unref(),this.retryTime+=this.retryTime>>8})}resetSession(){this.session=new Promise((t,r)=>{this.sessionResolve=t,this.sessionReject=r})}subscribe(t,r){this.nodeSubscriptions=t,this.replicateTablesByDefault=r,this.emit("subscriptions-updated",t)}unsubscribe(){this.socket.isFinished=!0,this.socket.close(1008,"No longer subscribed")}getRecord(t){return this.session.then(r=>r.getRecord(t))}};a(xh,"replicateOverWS")});function Ic(e,t){let r=e.toString("base64"),n=[`-----BEGIN ${t}-----`];for(let s=0;s<r.length;s+=64)n.push(r.substring(s,s+64));return n.push(`-----END ${t}-----`),n.join(`
 `)}function JK(e){let t=[],r=e;for(;r?.raw;){let n={cert:r.raw};if(r.issuerCertificate&&r.issuerCertificate!==r&&r.issuerCertificate.raw&&(n.issuer=r.issuerCertificate.raw),t.push(n),r.issuerCertificate&&r.issuerCertificate!==r)r=r.issuerCertificate;else break}return t}function zO(e){try{let t=Xl(e),n=go.Certificate.fromBER(t).extensions?.find(c=>c.extnID==="2.5.29.31");if(!n)return Eo.debug?.("Certificate has no CRL Distribution Points extension"),[];let s=_o.fromBER(n.extnValue.valueBlock.valueHexView);if(s.offset===-1)throw new Error("Failed to parse ASN.1 structure in CRL Distribution Points extension");let i=new go.CRLDistributionPoints({schema:s.result}),o=[];for(let c of i.distributionPoints)if(c.distributionPoint&&Array.isArray(c.distributionPoint)){for(let l of c.distributionPoint)if(l.type===6&&typeof l.value=="string"){let u=l.value;(u.startsWith("http://")||u.startsWith("https://"))&&o.push(u)}}return Eo.debug?.(`Found ${o.length} CRL distribution points: ${o}`),o}catch(t){return Eo.warn?.(`Failed to extract CRL distribution points: ${t}`),[]}}function QK(e){try{let t=Xl(e),r=go.Certificate.fromBER(t),n=[],s=[];for(let i of r.extensions||[])if(i.extnID==="2.5.29.31")try{let o=_o.fromBER(i.extnValue.valueBlock.valueHexView);if(o.offset!==-1){let c=new go.CRLDistributionPoints({schema:o.result});for(let l of c.distributionPoints)if(l.distributionPoint&&Array.isArray(l.distributionPoint)){for(let u of l.distributionPoint)if(u.type===6&&typeof u.value=="string"){let d=u.value;(d.startsWith("http://")||d.startsWith("https://"))&&n.push(d)}}}}catch(o){Eo.warn?.(`Failed to parse CRL Distribution Points extension: ${o}`)}else if(i.extnID==="1.3.6.1.5.5.7.1.1")try{let o=_o.fromBER(i.extnValue.valueBlock.valueHexView);if(o.offset!==-1&&o.result instanceof _o.Sequence){for(let c of o.result.valueBlock.value)if(c instanceof _o.Sequence&&c.valueBlock.value.length>=2){let l=c.valueBlock.value[0],u=c.valueBlock.value[1];if(l instanceof _o.ObjectIdentifier&&l.valueBlock.toString()==="1.3.6.1.5.5.7.48.1"&&u.idBlock.tagNumber===6){let d=String.fromCharCode(...Array.from(u.valueBlock.valueHexView));(d.startsWith("http://")||d.startsWith("https://"))&&s.push(d)}}}}catch(o){Eo.warn?.(`Failed to parse Authority Information Access extension: ${o}`)}return Eo.debug?.(`Found ${n.length} CRL distribution points and ${s.length} OCSP responder URLs`),{crlUrls:n,ocspUrls:s}}catch(t){return Eo.warn?.(`Failed to extract revocation URLs: ${t}`),{crlUrls:[],ocspUrls:[]}}}function Xl(e){let t=e.replace(/-----BEGIN [^-]+-----/g,"").replace(/-----END [^-]+-----/g,"").replace(/\s/g,""),r=atob(t),n=new ArrayBuffer(r.length),s=new Uint8Array(n);for(let i=0;i<r.length;i++)s[i]=r.charCodeAt(i);return n}function QT(e,t,r,n){let s={certPem:e,issuerPem:t,method:r,...n},i=(0,jO.createHash)("sha256").update(JSON.stringify(s)).digest("hex");return`${r}:${i}`}function JO(e,t){return`${e}:${t}`}function XK(e){try{let t=Xl(e),n=go.Certificate.fromBER(t).serialNumber.valueBlock.valueHexView;return Array.from(n).map(s=>s.toString(16).padStart(2,"0")).join("")}catch(t){throw Eo.error?.(`Failed to extract serial number: ${t}`),new Error(`Failed to extract certificate serial number: ${t.message}`)}}function QO(e){try{let t=Xl(e),r=go.Certificate.fromBER(t),n=r.extensions?.find(i=>i.extnID==="2.5.29.35");if(n)try{let i=_o.fromBER(n.extnValue.valueBlock.valueHexView);if(i.offset!==-1){let o=new go.AuthorityKeyIdentifier({schema:i.result});if(o.keyIdentifier){let c=o.keyIdentifier.valueBlock.valueHexView;return Array.from(c).map(l=>l.toString(16).padStart(2,"0")).join("")}}}catch(i){Eo.debug?.(`Failed to parse Authority Key Identifier: ${i}, falling back to hash`)}let s=r.issuer.typesAndValues.map(i=>`${i.type}=${i.value.valueBlock.value}`).join(",");return(0,jO.createHash)("sha256").update(s).digest("hex")}catch(t){throw Eo.error?.(`Failed to extract issuer key ID: ${t}`),new Error(`Failed to extract issuer key ID: ${t.message}`)}}function XT(){return WO||(WO=ze({table:"hdb_certificate_cache",database:"system",attributes:[{name:"certificate_id",isPrimaryKey:!0},{name:"status"},{name:"reason"},{name:"checked_at"},{name:"expiresAt",expiresAt:!0,indexed:!0},{name:"method"}]})),WO}var jO,go,_o,zK,Eo,WO,ZT=se(()=>{jO=require("node:crypto"),go=b(require("pkijs")),_o=b(require("asn1js")),zK=b(sr());Oe();Eo=(0,zK.loggerWithTag)("cert-verification-utils");a(Ic,"bufferToPem");a(JK,"extractCertificateChain");a(zO,"extractCRLDistributionPoints");a(QK,"extractRevocationUrls");a(Xl,"pemToBuffer");a(QT,"createCacheKey");a(JO,"createRevokedCertificateId");a(XK,"extractSerialNumber");a(QO,"extractIssuerKeyId");WO=null;a(XT,"getCertificateCacheTable")});function ZK(e){let{error:t,value:r}=bme.validate(e,{abortEarly:!1,allowUnknown:!1});if(t){let n=t.details.map(s=>s.message).join("; ");throw new Error(`Invalid certificate verification configuration: ${n}`)}return r}var Wr,Tme,uf,df,XO,yme,Rme,bme,eY=se(()=>{Wr=b(require("joi")),Tme="fail-closed",uf={timeout:5e3,cacheTtl:36e5,errorCacheTtl:3e5,failureMode:"fail-closed"},df={timeout:1e4,cacheTtl:864e5,failureMode:"fail-closed",gracePeriod:864e5},XO=Wr.default.string().valid("fail-open","fail-closed"),yme=Wr.default.alternatives().try(Wr.default.boolean().custom(e=>e===!1?{enabled:!1}:{enabled:!0,...df}),Wr.default.object({enabled:Wr.default.boolean().default(!0),timeout:Wr.default.number().min(1e3).default(df.timeout).messages({"number.min":"CRL timeout must be at least 1000ms (1 second)"}),cacheTtl:Wr.default.number().min(1e3).default(df.cacheTtl).messages({"number.min":"CRL cacheTtl must be at least 1000ms (1 second)"}),failureMode:XO.default(df.failureMode),gracePeriod:Wr.default.number().min(0).default(df.gracePeriod).messages({"number.min":"CRL gracePeriod must be at least 0ms"})})),Rme=Wr.default.alternatives().try(Wr.default.boolean().custom(e=>e===!1?{enabled:!1}:{enabled:!0,...uf}),Wr.default.object({enabled:Wr.default.boolean().default(!0),timeout:Wr.default.number().min(1e3).default(uf.timeout).messages({"number.min":"OCSP timeout must be at least 1000ms (1 second)"}),cacheTtl:Wr.default.number().min(1e3).default(uf.cacheTtl).messages({"number.min":"OCSP cacheTtl must be at least 1000ms (1 second)"}),errorCacheTtl:Wr.default.number().min(1e3).default(uf.errorCacheTtl).messages({"number.min":"OCSP errorCacheTtl must be at least 1000ms (1 second)"}),failureMode:XO.default(uf.failureMode)})),bme=Wr.default.object({failureMode:XO.default(Tme),crl:yme.default({enabled:!0,...df}),ocsp:Rme.default({enabled:!0,...uf})});a(ZK,"validateAndParseCertificateVerificationConfig")});function lY(e){if(typeof e=="boolean"||e==null){if(e===ZO&&eP)return So.trace?.("Using cached validation error result (primitive) - returning disabled"),!1;if(e===ZO&&ey!==null)return So.trace?.("Using cached certificate verification config (primitive)"),ey;So.trace?.("Parsing and caching certificate verification config (primitive)"),ZO=e;try{return ey=nY(e),eP=null,ey}catch(n){return eP=n,So.error?.(`Certificate verification config validation failed - defaulting to disabled: ${n.message}`),!1}}if(rY.get(e))return So.trace?.("Using cached validation error result (object) - returning disabled"),!1;let r=tY.get(e);if(r!==void 0)return So.trace?.("Using cached certificate verification config (object)"),r;So.trace?.("Parsing and caching certificate verification config (object)");try{let n=nY(e);return tY.set(e,n),n}catch(n){return rY.set(e,n),So.error?.(`Certificate verification config validation failed - defaulting to disabled: ${n.message}`),!1}}function nY(e){if(So.trace?.(`getCertificateVerificationConfig called with: ${JSON.stringify({mtlsConfig:e})}`),!e)return!1;let t=e===!0?void 0:e.certificateVerification;return So.trace?.(`Certificate verification config: ${JSON.stringify({verificationConfig:t})}`),t==null||t===!1?!1:ZK(t===!0?{}:t)}var sY,iY,So,oY,aY,cY,tY,ZO,ey,rY,eP,tP=se(()=>{sY=b(sr()),iY=b(Rt());eY();So=(0,sY.loggerWithTag)("cert-verification-config"),oY=10080*60*1e3,aY=3e5,cY=`Harper/${iY.packageJson.version} CRL-Client`,tY=new WeakMap,ZO=null,ey=null,rY=new WeakMap,eP=null;a(lY,"getCachedCertificateVerificationConfig");a(nY,"getCertificateVerificationConfig")});function Bh(e){return e===dY||e===Ame}function Ime(e){return e===fY||e===mY}function rP(e){return e===dY?fY:mY}function wme(){if(uY)return;uY=!0;let e=Zl.CryptoEngine.prototype,t=Zl.Certificate.prototype,r={getHashAlgorithm:e.getHashAlgorithm,getAlgorithmByOID:e.getAlgorithmByOID,getAlgorithmParameters:e.getAlgorithmParameters,verifyWithPublicKey:e.verifyWithPublicKey,certificateVerify:t.verify,getPublicKey:t.getPublicKey};e.getHashAlgorithm=function(...n){let[s]=n;return Bh(s.algorithmId)?"UNUSED-EDDSA-BUILTIN-HASH":r.getHashAlgorithm.call(this,s)},e.getAlgorithmByOID=function(...n){let[s]=n;return Bh(s)?{name:rP(s)}:r.getAlgorithmByOID.call(this,...n)},e.getAlgorithmParameters=function(...n){let[s,i]=n;return Ime(s)?{algorithm:{name:s},usages:i==="sign"?["sign"]:["verify"]}:r.getAlgorithmParameters.call(this,...n)},t.getPublicKey=async function(...n){let[,s=Zl.getCrypto(!0)]=n,i=this.subjectPublicKeyInfo.algorithm.algorithmId;if(Bh(i)){let o=rP(i);return s.importKey("spki",this.subjectPublicKeyInfo.toSchema().toBER(!1),o,!0,["verify"])}return r.getPublicKey.call(this,...n)},t.verify=async function(...n){let[s]=n;if(Bh(this.signatureAlgorithm.algorithmId))try{let i=this.toSchema().toBER(!1),o=s.toSchema().toBER(!1),c=new Fh.X509Certificate(Buffer.from(i)),l=new Fh.X509Certificate(Buffer.from(o));return c.verify(l.publicKey)}catch{return!1}return r.certificateVerify.call(this,...n)},r.verifyWithPublicKey&&(e.verifyWithPublicKey=async function(...n){let[s,i,o]=n,c=o.algorithm.algorithmId;if(Bh(c)){let l=rP(c);try{let u=this.crypto?.subtle||this.subtle||Zl.getCrypto(!0)?.subtle||Fh.webcrypto?.subtle;if(!u)throw new Error("No crypto.subtle available");let d=await u.importKey("spki",o.toSchema().toBER(!1),l,!1,["verify"]),f=i.valueBlock.valueHexView;return"unusedBits"in i.valueBlock&&i.valueBlock.unusedBits>0&&(f=f.slice(0,f.length-1)),await u.verify(l,d,f,s)}catch{return!1}}return r.verifyWithPublicKey.call(this,...n)})}var Zl,Fh,dY,Ame,fY,mY,uY,pY=se(()=>{Zl=b(require("pkijs")),Fh=require("node:crypto"),dY="1.3.101.112",Ame="1.3.101.113",fY="Ed25519",mY="Ed448",uY=!1;a(Bh,"isEd25519OrEd448");a(Ime,"isEdDSAAlgorithmName");a(rP,"getEdDSAAlgorithmName");a(wme,"applyEd25519Patch");wme()});var gY={};ye(gY,{CRLSignatureVerificationError:()=>kh,performCRLCheck:()=>Ome,verifyCRL:()=>iP});function Nme(){return ty||(ty=XT(),ty.sourcedFrom(ff)),ty}function Cme(){return ry||(ry=ze({table:"hdb_crl_cache",database:"system",attributes:[{name:"distribution_point",isPrimaryKey:!0},{name:"issuer_dn"},{name:"crl_blob"},{name:"this_update"},{name:"next_update"},{name:"signature_valid"},{name:"expiresAt",expiresAt:!0,indexed:!0}]}),ry.sourcedFrom(sP)),ry}function EY(){return nP||(nP=ze({table:"hdb_revoked_certificates",database:"system",attributes:[{name:"composite_id",isPrimaryKey:!0},{name:"serial_number",indexed:!0},{name:"issuer_key_id",indexed:!0},{name:"revocation_date"},{name:"revocation_reason"},{name:"crl_source",indexed:!0},{name:"crl_next_update"},{name:"expiresAt",expiresAt:!0,indexed:!0}]})),nP}async function iP(e,t,r,n){if(r?.enabled===!1)return{valid:!0,status:"disabled",method:"disabled"};try{let s=Ic(e,"CERTIFICATE"),i=Ic(t,"CERTIFICATE"),o=n??zO(s);if(o.length===0)return{valid:!0,status:"no-crl-distribution-points",method:"crl"};let c=QT(s,i,"crl"),l=await Nme().get(c,{certPem:s,issuerPem:i,distributionPoint:o[0],config:{crl:r??{}}});if(!l)return Pr.error?.("Cache fetch returned null - this indicates a source configuration issue"),r.failureMode==="fail-closed"?{valid:!1,status:"error",error:"Cache fetch failed",method:"crl"}:(Pr.warn?.("CRL cache fetch failed, allowing connection (fail-open mode)"),{valid:!0,status:"error-allowed",method:"crl"});let u=l,d=l.wasLoadedFromSource?.();return Pr.trace?.(`CRL ${d?"source fetch":"cache hit"} for certificate`),{valid:u.status==="good",status:u.status,cached:!d,method:u.method||"crl"}}catch(s){return Pr.error?.(`CRL verification error: ${s}`),r.failureMode==="fail-closed"?{valid:!1,status:"error",error:s.message,method:"crl"}:(Pr.warn?.("CRL check failed, allowing connection (fail-open mode)"),{valid:!0,status:"error-allowed",method:"crl"})}}async function Ome(e,t,r,n){let s=n??zO(e);if(s.length===0)return{status:"good"};let i=XK(e),o=QO(t),c=JO(o,i);try{let u=await EY().get(c);if(u){let f=Date.now(),m=u;return m.crl_next_update>f?{status:"revoked",reason:m.revocation_reason||"unspecified",source:m.crl_source}:m.crl_next_update+r.gracePeriod>f?(Pr.warn?.("Using expired CRL data within grace period"),{status:"revoked",reason:m.revocation_reason||"unspecified",source:m.crl_source}):(Pr.warn?.("CRL data is too old, treating as unknown"),{status:"unknown",reason:"crl-expired"})}let d=await Pme(s,t,r);return d.upToDate?{status:"good",source:d.source}:(Pr.warn?.("CRL data is stale or missing, treating as unknown"),{status:"unknown",reason:d.reason||"crl-unavailable"})}catch(l){return Pr.error?.(`CRL lookup error: ${l}`),{status:"unknown",reason:l.message}}}async function Pme(e,t,r){let n=Date.now();for(let s of e)try{let i=Cme(),o=null,c=null;try{c=await i.get(s),(c&&c.next_update>n||c&&c.next_update+r.gracePeriod>n)&&(o=c)}catch{}o||(o=await _Y(s,t,r.timeout));let l=o.next_update;if(l>n){if(!c)try{await i.put(s,o)}catch{}return{upToDate:!0,source:s}}else return l+r.gracePeriod>n?{upToDate:!0,source:s}:{upToDate:!1,reason:"crl-expired"}}catch(i){if(i instanceof kh)throw i}return{upToDate:!1,reason:"no-current-crl-data"}}async function _Y(e,t,r){let n=new AbortController,s=setTimeout(()=>n.abort(),r);try{let i=await fetch(e,{signal:n.signal,headers:{"User-Agent":cY}});if(clearTimeout(s),!i.ok)throw new Error(`CRL download failed: ${i.status}`);let o=Buffer.from(await i.arrayBuffer()),c,l=o.toString("utf8");l.includes("-----BEGIN X509 CRL-----")?c=Buffer.from(Xl(l)):c=o;let u=ny.CertificateRevocationList.fromBER(c),d=ny.Certificate.fromBER(Xl(t)),f=await u.verify({issuerCertificate:d});if(!f){let _=`CRL signature verification failed for: ${e}`;throw Pr.error?.(_),new kh(_)}let m=u.thisUpdate.value.getTime(),p=u.nextUpdate?.value.getTime()??m+oY,h=d.issuer.typesAndValues.map(_=>`${_.type}=${_.value.valueBlock.value}`).join(","),E={distribution_point:e,issuer_dn:h,crl_blob:o,this_update:m,next_update:p,signature_valid:f,expiresAt:p};return Lme(u,t,e,p).catch(_=>{Pr.error?.(`Error processing revoked certificates: ${_}`)}),E}finally{clearTimeout(s)}}async function Lme(e,t,r,n){let s=EY(),i=QO(t),o=r;try{await Dme(s,o)}catch(c){Pr.warn?.(`Failed to clear existing CRL entries: ${c}`)}if(e.revokedCertificates)for(let c of e.revokedCertificates)try{let l=c.userCertificate.valueBlock.valueHexView;if(!l){Pr.warn?.("Could not extract serial number from revoked certificate");continue}let u=Array.from(l).map(h=>h.toString(16).padStart(2,"0")).join(""),d=JO(i,u),f=c.revocationDate.value.getTime(),p={composite_id:d,serial_number:u,issuer_key_id:i,revocation_date:f,revocation_reason:"unspecified",crl_source:o,crl_next_update:n,expiresAt:n};await s.create(p.composite_id,p)}catch(l){Pr.warn?.(`Failed to process revoked certificate: ${l}`)}}async function Dme(e,t){try{let r=e.search([{attribute:"crl_source",value:t}]);for await(let n of r)try{await e.delete(n.composite_id)}catch(s){Pr.warn?.(`Failed to delete revoked certificate entry: ${s}`)}}catch(r){throw Pr.error?.(`Failed to search for existing CRL entries: ${r}`),r}}var ny,hY,kh,Pr,ty,sP,ry,nP,oP=se(()=>{ny=b(require("pkijs")),hY=b(sr());Oe();Wi();ZT();tP();aP();kh=class extends Error{static{a(this,"CRLSignatureVerificationError")}constructor(t){super(t),this.name="CRLSignatureVerificationError"}},Pr=(0,hY.loggerWithTag)("crl-verification");a(Nme,"getCertificateCacheTable");sP=class extends Xt{static{a(this,"CertificateRevocationListSource")}async get(t){let n=this.getContext()?.requestContext;if(!n?.distributionPoint||!n?.issuerPem)throw new Error(`No CRL data provided for cache key: ${t}`);let{distributionPoint:s,issuerPem:i,config:o}=n;try{let c=await _Y(s,i,o.timeout),l=c.next_update,u=Date.now()+o.cacheTtl,d=Math.min(l,u);return{...c,expiresAt:d}}catch(c){if(Pr.error?.(`CRL fetch error for: ${s} - ${c}`),o.failureMode==="fail-closed"){let l=Date.now()+aY;return{crl_id:t,distribution_point:s,issuer_dn:"unknown",crl_blob:Buffer.alloc(0),this_update:Date.now(),next_update:l,signature_valid:!1,expiresAt:l}}return Pr.warn?.("CRL fetch failed, not caching (fail-open mode)"),null}}};a(Cme,"getCRLCacheTable");a(EY,"getRevokedCertificateTable");a(iP,"verifyCRL");a(Ome,"performCRLCheck");a(Pme,"checkCRLFreshness");a(_Y,"downloadAndParseCRL");a(Lme,"processRevokedCertificates");a(Dme,"clearExistingCRLEntries")});async function vme(){cP||(cP=(await Promise.resolve().then(()=>(oP(),gY))).performCRLCheck),lP||(lP=(await Promise.resolve().then(()=>(uP(),TY))).performOCSPCheck)}var SY,SBe,cP,lP,ff,aP=se(()=>{Wi();SY=b(sr()),SBe=(0,SY.loggerWithTag)("cert-verification-source");a(vme,"loadVerificationFunctions");ff=class extends Xt{static{a(this,"CertificateVerificationSource")}async get(t){let r=t.id,s=this.getContext()?.requestContext;if(!s||!s.certPem||!s.issuerPem)return null;let{certPem:i,issuerPem:o,ocspUrls:c,config:l}=s,u;r.startsWith("crl:")?u="crl":r.startsWith("ocsp:")?u="ocsp":u="unknown",await vme();let d,f;if(u==="crl"){f=l.crl;let p=s.distributionPoint?[s.distributionPoint]:void 0;d=await cP(i,o,f,p)}else if(u==="ocsp")f=l.ocsp,d=await lP(i,o,f,c);else throw new Error(`Unsupported verification method: ${u} for ID: ${r}`);let m=Date.now()+f.cacheTtl;return{certificate_id:r,status:d.status,reason:d.reason,checked_at:Date.now(),expiresAt:m,method:u}}}});var TY={};ye(TY,{performOCSPCheck:()=>Ume,verifyOCSP:()=>dP});function Mme(){return iy||(iy=XT(),iy.sourcedFrom(ff)),iy}async function dP(e,t,r,n){if(r?.enabled===!1)return{valid:!0,status:"disabled",method:"disabled"};try{let s=Ic(e,"CERTIFICATE"),i=Ic(t,"CERTIFICATE"),o=QT(s,i,"ocsp"),c=await Mme().get(o,{certPem:s,issuerPem:i,ocspUrls:n,config:{ocsp:r??{}}});if(!c)return r.failureMode==="fail-closed"?{valid:!1,status:"error",error:"Cache fetch failed",method:"ocsp"}:(sy.warn?.("OCSP cache fetch failed, allowing connection (fail-open mode)"),{valid:!0,status:"error-allowed",method:"ocsp"});let l=c,u=c.wasLoadedFromSource?.();return sy.trace?.(`OCSP ${u?"source fetch":"cache hit"} for certificate`),{valid:l.status==="good",status:l.status,cached:!u,method:l.method||"ocsp"}}catch(s){return sy.error?.(`OCSP verification error: ${s}`),r.failureMode==="fail-closed"?{valid:!1,status:"error",error:s.message,method:"ocsp"}:(sy.warn?.("OCSP check failed, allowing connection (fail-open mode)"),{valid:!0,status:"error-allowed",method:"ocsp"})}}async function Ume(e,t,r,n){try{let s=await(0,yY.getCertStatus)(e,{ca:t,timeout:r.timeout,...n?.length&&{ocspUrl:n[0]}});switch(s.status){case"good":return{status:"good"};case"revoked":return{status:"revoked",reason:s.revocationReason?.toString()||"unspecified"};default:return{status:"unknown",reason:"unknown-status"}}}catch(s){return{status:"unknown",reason:s.name==="AbortError"?"timeout":"ocsp-error"}}}var yY,RY,sy,iy,uP=se(()=>{pY();yY=require("easy-ocsp"),RY=b(sr());ZT();aP();sy=(0,RY.loggerWithTag)("ocsp-verification");a(Mme,"getCertificateCacheTable");a(dP,"verifyOCSP");a(Ume,"performOCSPCheck")});async function mf(e,t){cn.debug?.(`verifyCertificate called for: ${e.subject?.CN||"unknown"}`);let r=lY(t);if(r===!1)return cn.debug?.("Certificate verification disabled"),{valid:!0,status:"disabled",method:"disabled"};let n=JK(e);if(cn.trace?.(`Certificate chain length: ${n.length}`),n.length<2||!n[0].issuer)return cn.debug?.("Certificate chain insufficient for revocation checking - need certificate and issuer"),{valid:!0,status:"no-issuer-cert",method:"disabled"};let s=Ic(n[0].cert,"CERTIFICATE"),{crlUrls:i,ocspUrls:o}=QK(s);if(cn.debug?.(`Certificate extensions: CRL distribution points=${i.length}, OCSP URLs=${o.length}`),i.length>0)if(r.crl.enabled)try{cn.debug?.("Attempting CRL verification");let c=await iP(n[0].cert,n[0].issuer,r.crl,i);if(c.status==="good"||c.status==="revoked")return cn.debug?.(`CRL verification result: ${c.status}`),c;cn.debug?.(`CRL verification inconclusive: ${c.status}, trying OCSP fallback`)}catch(c){cn.warn?.(`CRL verification failed: ${c}`)}else cn.debug?.("Skipping CRL - disabled in configuration");else cn.debug?.("Skipping CRL - no distribution points in certificate");if(o.length>0)if(r.ocsp.enabled)try{cn.debug?.("Attempting OCSP verification");let c=await dP(n[0].cert,n[0].issuer,r.ocsp,o);return cn.debug?.(`OCSP verification result: ${c.status}`),c}catch(c){cn.warn?.(`OCSP verification failed: ${c}`)}else cn.debug?.("Skipping OCSP - disabled in configuration");else cn.debug?.("Skipping OCSP - no responder URLs in certificate");return r.failureMode==="fail-closed"?{valid:!1,status:"no-verification-available",method:"disabled"}:{valid:!0,status:"verification-unavailable-allowed",method:"disabled"}}var bY,cn,oy=se(()=>{bY=b(sr());ZT();tP();uP();oP();cn=(0,bY.loggerWithTag)("cert-verification");a(mf,"verifyCertificate")});var la={};ye(la,{buildReplicationMtlsConfig:()=>DY,clearThisNodeName:()=>Vme,disableReplication:()=>kme,enabledDatabases:()=>bc,forEachReplicatedDatabase:()=>gc,getThisNodeId:()=>JT,getThisNodeName:()=>nt,getThisNodeUrl:()=>Sc,hostnameToUrl:()=>dy,lastTimeInAuditStore:()=>wh,monitorNodeCAs:()=>vY,replicateOperation:()=>Yme,replicationCertificateAuthorities:()=>ua,sendOperationToNode:()=>Hh,servers:()=>Bme,setReplicator:()=>UY,start:()=>Fme,startOnMainThread:()=>AO,subscribeToNode:()=>Ph,unsubscribeFromNode:()=>UT,urlToNodeName:()=>Ti});function DY(e){return e?.mtls&&typeof e.mtls=="object"?e.mtls:!0}function Fme(e){if(!e.port&&!e.securePort&&(e.port=Ks.default.get(x.OPERATIONSAPI_NETWORK_PORT),e.securePort=Ks.default.get(x.OPERATIONSAPI_NETWORK_SECUREPORT)),!nt())throw new Error("Can not load replication without a url (see replication.url in the config)");let t=new Map;for(let i of Ch(e))t.set(Ti(i.url),i);Hme(e);let r=DY(e);e={isOperationsServer:!0,maxPayload:10*1024*1024*1024,...e,mtls:r};let n=Ue.ws(async(i,o,c,l)=>{if(wt.debug("Incoming WS connection received "+o.url),o.headers.get("sec-websocket-protocol")!=="harperdb-replication-v1")return l(i,o,c);i._socket.unref(),xh(i,e,c.then(()=>o?.user)),i.on("error",u=>{u.code!=="ECONNREFUSED"&&wt.error("Error in connection to "+this.url,u.message)})},e);e.runFirst=!0,Ue.http(async(i,o)=>{if(i.isWebSocket&&i.headers.get("Sec-WebSocket-Protocol")==="harperdb-replication-v1"){wt.debug("Incoming replication WS connection received, authorized: "+i.authorized),!i.authorized&&i._nodeRequest.socket.authorizationError&&wt.error(`Incoming client connection from ${i.ip} did not have valid certificate, you may need turn on enableRootCAs in the config if you are using a publicly signed certificate, or add the CA to the server's trusted CAs`,i._nodeRequest.socket.authorizationError);let c=Gt().primaryStore;if(i.authorized&&i.peerCertificate.subjectaltname){let l=(0,PY.getHostnamesFromCertificate)(i.peerCertificate),u;for(let d of l)if(u=d&&(c.get(d)||t.get(d)),u)break;if(u){let d=await mf(i.peerCertificate,e.mtls);if(!d.valid){wt.warn("Certificate verification failed:",d.status,"for node",u.name,"certificate serial number",i.peerCertificate.serialNumber);return}if(u?.revoked_certificates?.includes(i.peerCertificate.serialNumber)){wt.warn("Revoked certificate used in attempt to connect to node",u.name,"certificate serial number",i.peerCertificate.serialNumber);return}else i.user=u}else wt.warn(`No node found for certificate common name/SANs: ${l}, available nodes are ${Array.from(c.getRange({}).filter(({value:d})=>d).map(({key:d})=>d)).join(", ")} and routes ${Array.from(t.keys()).join(", ")}, connection will require credentials.`)}else{let l=c.get(i.ip)||t.get(i.ip);l?i.user=l:wt.warn(`No node found for IP address ${i.ip}, available nodes are ${Array.from(new Set([...c.getKeys(),...t.keys()])).join(", ")}, connection will require credentials.`)}}return o(i)},e);let s=[];for(let i of n)if(i.secureContexts){let o=a(()=>{let c=new Set(i.secureContexts.values());i.defaultContext&&c.add(i.defaultContext);for(let l of c)try{let u=Array.from(ua);l.options.availableCAs&&u.push(...l.options.availableCAs.values());let d={...l.options,ca:u};l.updatedContext=uy.createSecureContext(d)}catch(u){wt.error("Error creating replication TLS config",u)}},"updateContexts");i.secureContextsListeners.push(o),s.push(o),Ks.default.get(x.REPLICATION_ENABLEROOTCAS)!==!1&&o()}vY(()=>{for(let i of s)i()})}function vY(e){let t=0;tf(r=>{r?.ca&&(ua.add(r.ca),ua.size!==t&&(t=ua.size,e?.()))})}function kme(e=!0){LY=e}function Hme(e){LY||(lt(),bc=e.databases,gc(e,(t,r)=>{if(!t){let n=e.databaseSubscriptions||Ac;for(let[s,i]of cy){let o=i.get(r);o&&(o.subscribe([],!1),i.delete(r))}n.delete(r);return}for(let n in t){let s=t[n];UY(r,s,e),KO.get(s)?.forEach(i=>i(s))}}))}function UY(e,t,r){if(!t)return console.error(`Attempt to replicate non-existent table ${t.name} from database ${e}`);if(t.replicate===!1||t.sources?.some(s=>s.isReplicator))return;let n;t.sourcedFrom(class MY extends Xt{static{a(this,"Replicator")}static connection;static subscription;static async subscribe(){let i=r.databaseSubscriptions||Ac,o=i.get(e),c=o?.tableById||[];c[t.tableId]=t;let l=o?.ready;if(wt.trace("Setting up replicator subscription to database",e),!o?.auditStore)return this.subscription=o=new rs,i.set(e,o),o.tableById=c,o.auditStore=t.auditStore,o.dbisDB=t.dbisDB,o.databaseName=e,l&&l(o),o;this.subscription=o}static subscribeOnThisThread(i,o){return!0}static async load(i){if(i){let o=i.residencyId,c=i.residency||t.dbisDB.get([Symbol.for("residency_by_id"),o]);if(c){let l,u=new Set;do{let d,f="",m=1/0;for(let h of c){if(u.has(h)||h===Ue.hostname)continue;let E=qme(h,MY.subscription,e);if(E?.isConnected){let _=ef(t.auditStore,e,h)[jT];(!d||_<m)&&(d=E,f=h,m=_)}}if(!d)throw l||new CY.ServerError(`No connection to any other nodes are available: ${c}`,502);let p={requestId:xme++,table:t,entry:i,id:i.key};u.add(f);try{return await d.getRecord(p)}catch(h){if(d.isConnected)throw h;wt.warn("Error in load from node",ly,h),l||(l=h)}}while(!0)}}}static isReplicator=!0},{intermediateSource:!0})}function Gme(e,t,r,n,s,i){let o=t+"-"+e,c=cy.get(o);c||(c=new Map,cy.set(o,c));let l=c.get(n);if(l)return l;if(r)return c.set(n,l=new lf(t,r,n,s,i)),l.connect(),l.once("finished",()=>c.delete(n)),l}function qme(e,t,r){let n=AY.get(e);n||(n=new Map,AY.set(e,n));let s=n.get(r);if(s)return s;let i=Gt().primaryStore.get(e);return i?.url&&(s=new lf(i.url,t,r,e,i.authorization),n.set(r,s),s.connect(),s.once("finished",()=>n.delete(r))),s}async function Hh(e,t,r){r||(r={}),r.serverName=e.name;let n=await zT(e.url,r),s=xh(n,{},{});return new Promise((i,o)=>{n.on("open",()=>{wt.debug("Sending operation connection to "+e.url+" opened",t),i(s.sendOperation(t))}),n.on("error",c=>{o(c)}),n.on("close",c=>{wt.info("Sending operation connection to "+e.url+" closed",c)})}).finally(()=>{n.close()})}function Ph(e){try{OY.isMainThread&&wt.warn("Subscribing on main thread (should not happen in multi-threaded instance)",e.nodes[0].url,e.database);let t=Ac.get(e.database);if(!t){let n;t=new Promise(s=>{wt.info("Waiting for subscription to database "+e.database),n=s}),t.ready=n,Ac.set(e.database,t)}let r=Gme(e.nodes[0].url,e.url,t,e.database,e.name,e.nodes[0].authorization);e.nodes[0].name===void 0?r.tentativeNode=e.nodes[0]:r.nodeName=e.nodes[0].name,r.subscribe(e.nodes.filter(n=>Nh(n,e.database)),e.replicateByDefault)}catch(t){wt.error("Error in subscription to node",e.nodes[0]?.url,t)}}async function UT({url:e,nodes:t,database:r}){wt.trace("Unsubscribing from node",e,r,"nodes",Array.from(Gt().primaryStore.getRange({})));let n=e+"-"+(t[0]?.url??e),s=cy.get(n);if(s){let i=s.get(r);i&&(i.unsubscribe(),s.delete(r))}}function $me(){if(fP!==void 0)return fP;let e=Ks.default.get(x.OPERATIONSAPI_TLS_CERTIFICATE)||Ks.default.get(x.TLS_CERTIFICATE);if(e)return fP=new wY.X509Certificate((0,NY.readFileSync)(e)).subject?.match(/CN=(.*)/)?.[1]??null}function nt(){return ly||(ly=Ks.default.get("replication_hostname")??Ti(Ks.default.get("replication_url"))??$me()??IY("operationsapi_network_secureport")??IY("operationsapi_network_port")??"127.0.0.1")}function Vme(){ly=void 0}function IY(e){let t=Ks.default.get(e),r=t?.lastIndexOf?.(":");if(r>0)return t.slice(0,r)}function ay(e){let t=Ks.default.get(e),r=t?.lastIndexOf?.(":");return r>0?+t.slice(r+1).replace(/[\[\]]/g,""):+t}function JT(e){return Ih(e)?.[nt()]}function Sc(){let e=Ks.default.get("replication_url");return e||dy(nt())}function dy(e){let t=ay("replication_port");if(t)return`ws://${e}:${t}`;if(t=ay("replication_secureport"),t)return`wss://${e}:${t}`;if(t=ay("operationsapi_network_port"),t)return`ws://${e}:${t}`;if(t=ay("operationsapi_network_secureport"),t)return`wss://${e}:${t}`}function Ti(e){if(e)return new URL(e).hostname}function gc(e,t){for(let n of Object.getOwnPropertyNames(Me))r(n);return th(n=>{r(n)}),Gl((n,s)=>{r(n.databaseName)});function r(n){let s=Me[n];wt.trace("Checking replication status of ",n,e?.databases),e?.databases===void 0||e.databases==="*"||e.databases.includes(n)||e.databases.some?.(i=>i.name===n)||!s?t(s,n,!0):Kme(n)&&t(s,n,!1)}a(r,"forDatabase")}function Kme(e){let t=Me[e];for(let r in t)if(t[r].replicate)return!0}function wh(e){for(let t of e.getKeys({limit:1,reverse:!0}))return t}async function Yme(e){let t={message:""};if(e.replicated){e.replicated=!1,wt.trace?.("Replicating operation",e.operation,"to nodes",Ue.nodes.map(n=>n.name));let r=await Promise.allSettled(Ue.nodes.map(n=>Hh(n,e)));t.replicated=r.map((n,s)=>{let i=n.status==="rejected"?{status:"failed",reason:n.reason.toString()}:n.value;return i.node=Ue.nodes[s]?.name,i})}return t}var Ks,wt,wY,NY,uy,CY,OY,PY,LY,xme,Bme,ua,bc,cy,AY,fP,ly,Ss=se(()=>{Oe();Wi();Fu();YO();Hr();Ks=b(fe()),wt=b(Q()),wY=require("crypto");oy();NY=require("fs");Lh();rf();G();bO();uy=b(require("node:tls")),CY=b(Ee()),OY=require("worker_threads"),PY=b(ys()),xme=1,Bme=[],ua=Ks.default.get(x.REPLICATION_ENABLEROOTCAS)!==!1?new Set(uy.rootCertificates):new Set;a(DY,"buildReplicationMtlsConfig");a(Fme,"start");a(vY,"monitorNodeCAs");a(kme,"disableReplication");a(Hme,"assignReplicationSource");a(UY,"setReplicator");cy=new Map;a(Gme,"getSubscriptionConnection");AY=new Map;a(qme,"getRetrievalConnectionByName");a(Hh,"sendOperationToNode");a(Ph,"subscribeToNode");a(UT,"unsubscribeFromNode");a($me,"getCommonNameFromCert");a(nt,"getThisNodeName");a(Vme,"clearThisNodeName");Object.defineProperty(Ue,"hostname",{get(){return nt()}});a(IY,"getHostFromListeningPort");a(ay,"getPortFromListeningPort");a(JT,"getThisNodeId");Ue.replication={getThisNodeId:JT,exportIdMapping:Ih};a(Sc,"getThisNodeUrl");a(dy,"hostnameToUrl");a(Ti,"urlToNodeName");a(gc,"forEachReplicatedDatabase");a(Kme,"hasExplicitlyReplicatedTable");a(wh,"lastTimeInAuditStore");a(Yme,"replicateOperation")});var Ey=M(($Be,HY)=>{"use strict";var pf=m1(),{validateBySchema:Gh}=pt(),{commonValidators:hf,schemaRegex:mP}=zi(),Sr=require("joi"),Wme=Q(),jme=require("uuid").v4,py=Qo(),Ef=(G(),D(j)),zme=require("util"),wc=ds(),{handleHDBError:da,hdbErrors:Jme,ClientError:eu}=Ee(),{HDB_ERROR_MSGS:fy,HTTP_STATUS_CODES:fa}=Jme,{SchemaEventMsg:hy}=cs(),xY=_r(),{getDatabases:Qme}=(Oe(),D(mt)),{transformReq:_f}=ae(),{replicateOperation:BY}=(Ss(),D(la)),{cleanupOrphans:Xme}=(ns(),D(j_)),my=Sr.string().min(1).max(hf.schema_length.maximum).pattern(mP).messages({"string.pattern.base":"{:#label} "+hf.schema_format.message}),Zme=Sr.string().min(1).max(hf.schema_length.maximum).pattern(mP).messages({"string.pattern.base":"{:#label} "+hf.schema_format.message}).required(),epe=Sr.string().min(1).max(hf.schema_length.maximum).pattern(mP).messages({"string.pattern.base":"{:#label} "+hf.schema_format.message,"any.required":"'primary_key' is required","string.base":"'primary_key' must be a string"}).required();HY.exports={createSchema:tpe,createSchemaStructure:FY,createTable:rpe,createTableStructure:kY,createAttribute:ape,dropSchema:npe,dropTable:spe,dropAttribute:ipe,getBackup:cpe,cleanupOrphanBlobs:lpe};async function tpe(e){let t=await FY(e);return py.signalSchemaChange(new hy(process.pid,e.operation,e.schema)),t}a(tpe,"createSchema");async function FY(e){let t=Gh(e,Sr.object({database:my,schema:my}));if(t)throw new eu(t.message);if(_f(e),!await pf.checkSchemaExists(e.schema))throw da(new Error,fy.SCHEMA_EXISTS_ERR(e.schema),fa.BAD_REQUEST,Ef.LOG_LEVELS.ERROR,fy.SCHEMA_EXISTS_ERR(e.schema),!0);return await wc.createSchema(e),`database '${e.schema}' successfully created`}a(FY,"createSchemaStructure");async function rpe(e){return _f(e),e.hash_attribute=e.primary_key??e.hash_attribute,await kY(e)}a(rpe,"createTable");async function kY(e){let t=Gh(e,Sr.object({database:my,schema:my,table:Zme,residence:Sr.array().items(Sr.string().min(1)).optional(),hash_attribute:epe}));if(t)throw new eu(t.message);if(!await pf.checkSchemaTableExists(e.schema,e.table))throw da(new Error,fy.TABLE_EXISTS_ERR(e.schema,e.table),fa.BAD_REQUEST,Ef.LOG_LEVELS.ERROR,fy.TABLE_EXISTS_ERR(e.schema,e.table),!0);let n={name:e.table,schema:e.schema,id:jme(),hash_attribute:e.hash_attribute};try{if(e.residence)if(global.clustering_on)n.residence=e.residence,await wc.createTable(n,e);else throw da(new Error,"Clustering does not appear to be enabled. Cannot insert table with property 'residence'.",fa.BAD_REQUEST);else await wc.createTable(n,e);return`table '${e.schema}.${e.table}' successfully created.`}catch(s){throw s}}a(kY,"createTableStructure");async function npe(e){let t=Gh(e,Sr.object({database:Sr.string(),schema:Sr.string()}).or("database","schema").messages({"object.missing":"'database' is required"}));if(t)throw new eu(t.message);_f(e);let r=await pf.checkSchemaExists(e.schema);if(r)throw da(new Error,r,fa.NOT_FOUND,Ef.LOG_LEVELS.ERROR,r,!0);let n=await pf.schemaDescribe.describeSchema({schema:e.schema}),s=Object.keys(global.hdb_schema[e.schema]);await wc.dropSchema(e),py.signalSchemaChange(new hy(process.pid,e.operation,e.schema)),await xY.purgeSchemaTableStreams(e.schema,s);let i=await BY(e);return i.message=`successfully deleted '${e.schema}'`,i}a(npe,"dropSchema");async function spe(e){let t=Gh(e,Sr.object({database:Sr.string(),schema:Sr.string(),table:Sr.string().required()}));if(t)throw new eu(t.message);_f(e);let r=await pf.checkSchemaTableExists(e.schema,e.table);if(r)throw da(new Error,r,fa.NOT_FOUND,Ef.LOG_LEVELS.ERROR,r,!0);await wc.dropTable(e),await xY.purgeTableStream(e.schema,e.table);let n=await BY(e);return n.message=`successfully deleted table '${e.schema}.${e.table}'`,n}a(spe,"dropTable");async function ipe(e){let t=Gh(e,Sr.object({database:Sr.string(),schema:Sr.string(),table:Sr.string().required(),attribute:Sr.string().required()}));if(t)throw new eu(t.message);_f(e);let r=await pf.checkSchemaTableExists(e.schema,e.table);if(r)throw da(new Error,r,fa.NOT_FOUND,Ef.LOG_LEVELS.ERROR,r,!0);if(e.attribute===global.hdb_schema[e.schema][e.table].hash_attribute)throw da(new Error,"You cannot drop a hash attribute",fa.BAD_REQUEST,void 0,void 0,!0);if(Ef.TIME_STAMP_NAMES.indexOf(e.attribute)>=0)throw da(new Error,`cannot drop internal timestamp attribute: ${e.attribute}`,fa.BAD_REQUEST,void 0,void 0,!0);try{return await wc.dropAttribute(e),ope(e),py.signalSchemaChange(new hy(process.pid,e.operation,e.schema,e.table,e.attribute)),`successfully deleted attribute '${e.attribute}'`}catch(n){throw Wme.error(`Got an error deleting attribute ${zme.inspect(e)}.`),n}}a(ipe,"dropAttribute");function ope(e){let t=Object.values(global.hdb_schema[e.schema][e.table].attributes);for(let r=0;r<t.length;r++)t[r].attribute===e.attribute&&global.hdb_schema[e.schema][e.table].attributes.splice(r,1)}a(ope,"dropAttributeFromGlobal");async function ape(e){_f(e);let t=Qme()[e.schema][e.table].attributes;for(let{name:r}of t)if(r===e.attribute)throw da(new Error,`attribute '${e.attribute}' already exists in ${e.schema}.${e.table}`,fa.BAD_REQUEST,void 0,void 0,!0);return await wc.createAttribute(e),py.signalSchemaChange(new hy(process.pid,e.operation,e.schema,e.table,e.attribute)),`attribute '${e.schema}.${e.table}.${e.attribute}' successfully created.`}a(ape,"createAttribute");function cpe(e){return wc.getBackup(e)}a(cpe,"getBackup");function lpe(e){if(!e.database)throw new eu('Must provide "database" name for search for orphaned blobs');if(!databases[e.database])throw new eu(`Unknown database '${e.database}'`);return Xme(databases[e.database],e.database),{message:"Orphaned blobs cleanup started, check logs for progress"}}a(lpe,"cleanupOrphanBlobs")});var qY=M((KBe,GY)=>{"use strict";var{OPERATIONS_ENUM:upe}=(G(),D(j)),pP=class{static{a(this,"ReadAuditLogObject")}constructor(t,r,n=void 0,s=void 0){this.operation=upe.READ_AUDIT_LOG,this.schema=t,this.table=r,this.search_type=n,this.search_values=s}};GY.exports=pP});var hP=M((jBe,WY)=>{"use strict";var dpe=ds(),WBe=qY(),_y=ae(),gy=(G(),D(j)),fpe=fe(),{handleHDBError:$Y,hdbErrors:mpe}=Ee(),{HDB_ERROR_MSGS:VY,HTTP_STATUS_CODES:KY}=mpe,ppe=Object.values(gy.READ_AUDIT_LOG_SEARCH_TYPES_ENUM),YY="To use this operation audit log must be enabled in harperdb-config.yaml";WY.exports=hpe;async function hpe(e){if(_y.isEmpty(e.schema))throw new Error(VY.SCHEMA_REQUIRED_ERR);if(_y.isEmpty(e.table))throw new Error(VY.TABLE_REQUIRED_ERR);if(!fpe.get(gy.CONFIG_PARAMS.LOGGING_AUDITLOG))throw $Y(new Error,YY,KY.BAD_REQUEST,gy.LOG_LEVELS.ERROR,YY,!0);let t=_y.checkSchemaTableExist(e.schema,e.table);if(t)throw $Y(new Error,t,KY.NOT_FOUND,gy.LOG_LEVELS.ERROR,t,!0);if(!_y.isEmpty(e.search_type)&&ppe.indexOf(e.search_type)<0)throw new Error(`Invalid searchType '${read_audit_log_object.search_type}'`);return await dpe.readAuditLog(e)}a(hpe,"readAuditLog")});var zY=M((JBe,jY)=>{"use strict";var{OPERATIONS_ENUM:Epe}=(G(),D(j)),EP=class{static{a(this,"GetBackupObject")}constructor(t,r,n=void 0,s=void 0){this.operation=Epe.GET_BACKUP,this.schema=t,this.table=r}};jY.exports=EP});var XY=M((eFe,QY)=>{"use strict";var _pe=ds(),XBe=zY(),_P=ae(),gpe=(G(),D(j)),ZBe=fe(),{handleHDBError:Spe,hdbErrors:Tpe}=Ee(),{HDB_ERROR_MSGS:JY,HTTP_STATUS_CODES:ype}=Tpe;QY.exports=Rpe;async function Rpe(e){if(_P.isEmpty(e.schema))throw new Error(JY.SCHEMA_REQUIRED_ERR);if(_P.isEmpty(e.table))throw new Error(JY.TABLE_REQUIRED_ERR);let t=_P.checkSchemaTableExist(e.schema,e.table);if(t)throw Spe(new Error,t,ype.NOT_FOUND,gpe.LOG_LEVELS.ERROR,t,!0);return await _pe.getBackup(readAuditLogObject)}a(Rpe,"getBackup")});var tW=M((rFe,eW)=>{"use strict";var bpe=fe(),ma=require("joi"),Ape=pt(),ZY=require("moment"),Ipe=require("fs-extra"),SP=require("path"),wpe=require("lodash"),qh=(G(),D(j)),{LOG_LEVELS:tu}=(G(),D(j)),Npe="YYYY-MM-DD hh:mm:ss",Cpe=SP.resolve(__dirname,"../logs");eW.exports=function(e){return Ape.validateBySchema(e,Ope)};var Ope=ma.object({from:ma.custom(gP),until:ma.custom(gP),to:ma.custom(gP),level:ma.valid(tu.NOTIFY,tu.FATAL,tu.ERROR,tu.WARN,tu.INFO,tu.DEBUG,tu.TRACE),order:ma.valid("asc","desc"),limit:ma.number().min(1),start:ma.number().min(0),log_name:ma.custom(Ppe)});function gP(e,t){if(ZY(e,ZY.ISO_8601).format(Npe)==="Invalid date")return t.message(`'${t.state.path[0]}' date '${e}' is invalid.`)}a(gP,"validateDatetime");function Ppe(e,t){if(wpe.invert(qh.LOG_NAMES)[e]===void 0)return t.message(`'log_name' '${e}' is invalid.`);let n=bpe.get(qh.HDB_SETTINGS_NAMES.LOG_PATH_KEY),s=e===void 0?qh.LOG_NAMES.HDB:e,i=s===qh.LOG_NAMES.INSTALL?SP.join(Cpe,qh.LOG_NAMES.INSTALL):SP.join(n,s);return Ipe.existsSync(i)?null:t.message(`'log_name' '${e}' does not exist.`)}a(Ppe,"validateReadLogPath")});var yP=M((sFe,nW)=>{"use strict";var Sy=(G(),D(j)),Lpe=Q(),Dpe=fe(),vpe=tW(),TP=require("path"),rW=require("fs-extra"),{once:Mpe}=require("events"),{handleHDBError:Upe,hdbErrors:xpe}=Ee(),{PACKAGE_ROOT:Bpe}=Rt(),{replicateOperation:Fpe}=(Ss(),D(la)),kpe=TP.join(Bpe,"logs"),Hpe=1e3,Gpe=200;nW.exports=qpe;async function qpe(e){let t=vpe(e);if(t)throw Upe(t,t.message,xpe.HTTP_STATUS_CODES.BAD_REQUEST,void 0,void 0,!0);let r=Fpe(e),n=Dpe.get(Sy.HDB_SETTINGS_NAMES.LOG_PATH_KEY),s=e.log_name===void 0?Sy.LOG_NAMES.HDB:e.log_name,i=s===Sy.LOG_NAMES.INSTALL?TP.join(kpe,Sy.LOG_NAMES.INSTALL):TP.join(n,s);e.to===void 0&&e.until!==void 0&&(e.to=e.until);let o=e.level!==void 0,c=o?e.level:void 0,l=e.from!==void 0,u=l?new Date(e.from):void 0,d=e.to!==void 0,f=d?new Date(e.to):void 0,m=e.limit===void 0?Hpe:e.limit,p=e.order===void 0?void 0:e.order,h=e.start===void 0?0:e.start,E=h+m,_=0;p==="desc"&&!u&&!f&&(_=Math.max(rW.statSync(i).size-(E+5)*Gpe,0));let R=rW.createReadStream(i,{start:_});R.on("error",q=>{Lpe.error(q)});let S=0,y=[],w="",I;R.on("data",q=>{let k=/(?:^|\n)(\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:[\d.]+Z) \[(.+?)]: /g;q=w+q;let z=0,Y;for(;(Y=k.exec(q))&&!R.destroyed;){I&&(I.message=q.slice(z,Y.index),H(I));let[ce,de,te]=Y,Se=te.split("] ["),Ne=Se[0],Ke=Se[1];Se.splice(0,2),I={timestamp:de,thread:Ne,level:Ke,tags:Se,message:""},z=Y.index+ce.length}w=q.slice(z)}),R.on("end",q=>{R.destroyed||I&&(I.message=w.trim(),H(I))}),R.resume();function H(q){let k,z,Y;switch(!0){case(o&&l&&d):k=new Date(q.timestamp),z=new Date(u),Y=new Date(f),q.level===c&&k>=z&&k<=Y&&S<h?S++:q.level===c&&k>=z&&k<=Y&&(To(q,p,y),S++,S===E&&R.destroy());break;case(o&&l):k=new Date(q.timestamp),z=new Date(u),q.level===c&&k>=z&&S<h?S++:q.level===c&&k>=z&&(To(q,p,y),S++,S===E&&R.destroy());break;case(o&&d):k=new Date(q.timestamp),Y=new Date(f),q.level===c&&k<=Y&&S<h?S++:q.level===c&&k<=Y&&(To(q,p,y),S++,S===E&&R.destroy());break;case(l&&d):k=new Date(q.timestamp),z=new Date(u),Y=new Date(f),k>=z&&k<=Y&&S<h?S++:k>=z&&k<=Y&&(To(q,p,y),S++,S===E&&R.destroy());break;case o:q.level===c&&S<h?S++:q.level===c&&(To(q,p,y),S++,S===E&&R.destroy());break;case l:k=new Date(q.timestamp),z=new Date(u),k>=z&&S<h?S++:k>=z&&S>=h&&(To(q,p,y),S++,S===E&&R.destroy());break;case d:k=new Date(q.timestamp),Y=new Date(f),k<=Y&&S<h?S++:k<=Y&&S>=h&&(To(q,p,y),S++,S===E&&R.destroy());break;default:S<h?S++:(To(q,p,y),S++,S===E&&R.destroy())}}a(H,"onLogMessage"),await Mpe(R,"close");let X=await r;if(X.replicated){for(let q of y)q.node=server.hostname;for(let q of X.replicated){let k=q.node;if(q.status==="failed")To({timestamp:new Date().toISOString(),level:"error",node:k,message:`Error retrieving logs: ${q.reason}`},p,y);else for(let z of q.results)z.node=k,To(z,p,y)}}return y}a(qpe,"readLog");function To(e,t,r){t==="desc"?$pe(e,r):t==="asc"?Vpe(e,r):r.push(e)}a(To,"pushLineToResult");function $pe(e,t){let r=new Date(e.timestamp),n=0,s=t.length;for(;n<s;){let i=n+s>>>1;new Date(t[i].timestamp)>r?n=i+1:s=i}t.splice(n,0,e)}a($pe,"insertDescending");function Vpe(e,t){let r=new Date(e.timestamp),n=0,s=t.length;for(;n<s;){let i=n+s>>>1;new Date(t[i].timestamp)<r?n=i+1:s=i}t.splice(n,0,e)}a(Vpe,"insertAscending")});var Ty=M((uFe,aW)=>{"use strict";var RP=require("joi"),{string:gf,boolean:sW,date:Kpe}=RP.types(),Ype=pt(),{validateSchemaExists:oFe,validateTableExists:aFe,validateSchemaName:cFe}=zi(),Wpe=(G(),D(j)),jpe=Lt(),iW=fe();iW.initSync();var lFe=gf.invalid(iW.get(Wpe.CONFIG_PARAMS.CLUSTERING_NODENAME)??"node_name").pattern(jpe.NATS_TERM_CONSTRAINTS_RX).messages({"string.pattern.base":"{:#label} invalid, must not contain ., * or >","any.invalid":"'node_name' cannot be this nodes name"}).empty(null),oW={operation:gf.valid("add_node","update_node","set_node_replication"),node_name:gf.optional(),subscriptions:RP.array().items({table:gf.optional(),schema:gf.optional(),database:gf.optional(),subscribe:sW.required(),publish:sW.required().custom(Jpe),start_time:Kpe.iso()})};function zpe(e){return Ype.validateBySchema(e,RP.object(oW))}a(zpe,"addUpdateNodeValidator");function Jpe(e,t){if(t.state.ancestors[2].operation==="add_node"&&e===!1&&t.state.ancestors[0].subscribe===!1)return t.message(`'subscriptions[${t.state.path[1]}]' subscribe and/or publish must be set to true when adding a node`)}a(Jpe,"checkForFalsy");aW.exports={addUpdateNodeValidator:zpe,validationSchema:oW}});var Sf=M((fFe,cW)=>{"use strict";var bP=class{static{a(this,"Node")}constructor(t,r,n){this.name=t,this.subscriptions=r,this.system_info=n}},AP=class{static{a(this,"NodeSubscription")}constructor(t,r,n,s){this.schema=t,this.table=r,this.publish=n,this.subscribe=s}};cW.exports={Node:bP,NodeSubscription:AP}});var uW=M((pFe,lW)=>{"use strict";var Qpe=(G(),D(j)).OPERATIONS_ENUM,IP=class{static{a(this,"UpsertObject")}constructor(t,r,n,s=void 0){this.operation=Qpe.UPSERT,this.schema=t,this.table=r,this.records=n,this.__origin=s}};lW.exports=IP});var $h=M((EFe,dW)=>{"use strict";var wP=class{static{a(this,"RemotePayloadObject")}constructor(t,r,n,s){this.operation=t,this.node_name=r,this.subscriptions=n,this.system_info=s}},NP=class{static{a(this,"RemotePayloadSubscription")}constructor(t,r,n,s,i,o,c){this.schema=t,this.table=r,this.hash_attribute=n,this.publish=s,this.subscribe=i,this.start_time=o,c!==void 0&&(this.attributes=c)}};dW.exports={RemotePayloadObject:wP,RemotePayloadSubscription:NP}});var mW=M((gFe,fW)=>{"use strict";var CP=class{static{a(this,"TableSizeObject")}constructor(t,r,n=0,s=0,i=0,o=0){this.schema=t,this.table=r,this.table_size=n,this.record_count=s,this.transaction_log_size=i,this.transaction_log_record_count=o}};fW.exports=CP});var hW=M((AFe,pW)=>{"use strict";var Xpe=mW(),TFe=Jt(),yFe=Et(),Zpe=Q(),{getSchemaPath:RFe,getTransactionAuditStorePath:bFe}=bt(),{getDatabases:ehe}=(Oe(),D(mt));pW.exports=the;async function the(e){let t=new Xpe;try{let r=ehe()[e.schema]?.[e.name],n=r.primaryStore.getStats(),s=r.auditStore?.getStats();t.schema=e.schema,t.table=e.name,t.record_count=n.entryCount,t.transaction_log_record_count=s.entryCount}catch(r){Zpe.warn(`unable to stat table dbi due to ${r}`)}return t}a(the,"lmdbGetTableSize")});var _W=M((wFe,EW)=>{"use strict";var OP=class{static{a(this,"SystemInformationObject")}constructor(t,r,n,s,i,o,c){this.system=t,this.time=r,this.cpu=n,this.memory=s,this.disk=i,this.network=o,this.harperdb_processes=c}};EW.exports=OP});var Kh=M((DFe,yW)=>{"use strict";var rhe=require("fs-extra"),nhe=require("path"),In=require("systeminformation"),Nc=Q(),gW=_r(),CFe=Lt(),Tf=(G(),D(j)),she=hW(),ihe=Vl(),{getThreadInfo:SW}=st(),Vh=fe();Vh.initSync();var ohe=_W(),{openEnvironment:OFe}=Et(),{getSchemaPath:PFe}=bt(),{database:LFe,databases:PP}=(Oe(),D(mt)),yy;yW.exports={getHDBProcessInfo:MP,getNetworkInfo:xP,getDiskInfo:UP,getMemoryInfo:vP,getCPUInfo:DP,getTimeInfo:LP,getSystemInformation:BP,systemInformation:ahe,getTableSize:FP,getMetrics:kP};function LP(){return In.time()}a(LP,"getTimeInfo");async function DP(){try{let{family:e,model:t,stepping:r,revision:n,voltage:s,speedmin:i,speedmax:o,governor:c,socket:l,cache:u,...d}=await In.cpu();d.cpu_speed=await In.cpuCurrentSpeed();let{rawCurrentload:f,rawCurrentloadIdle:m,rawCurrentloadIrq:p,rawCurrentloadNice:h,rawCurrentloadSystem:E,rawCurrentloadUser:_,cpus:R,...S}=await In.currentLoad();return S.cpus=[],R.forEach(y=>{let{rawLoad:w,rawLoadIdle:I,rawLoadIrq:H,rawLoadNice:X,rawLoadSystem:q,rawLoadUser:k,...z}=y;S.cpus.push(z)}),d.current_load=S,d}catch(e){return Nc.error(`error in getCPUInfo: ${e}`),{}}}a(DP,"getCPUInfo");async function vP(){try{let{buffers:e,cached:t,slab:r,buffcache:n,...s}=await In.mem();return Object.assign(s,process.memoryUsage())}catch(e){return Nc.error(`error in getMemoryInfo: ${e}`),{}}}a(vP,"getMemoryInfo");async function MP(){let e={core:[],clustering:[]};try{let t=await In.processes(),r;try{r=Number.parseInt(await rhe.readFile(nhe.join(Vh.get(Tf.CONFIG_PARAMS.ROOTPATH),Tf.HDB_PID_FILE),"utf8"))}catch(n){if(n.code===Tf.NODE_ERROR_CODES.ENOENT)Nc.warn("Unable to locate 'hdb.pid' file, try stopping and starting HarperDB. This could be because HarperDB is not running.");else throw n}t.list.forEach(n=>{n.pid===r?e.core.push(n):n.name==="nats-server"&&e.clustering.push(n)});for(let n of e.core)for(let s of t.list)s.pid===n.parentPid&&(s.name==="PM2"||s.command==="PM2")&&(n.parent="PM2");return e}catch(t){return Nc.error(`error in getHDBProcessInfo: ${t}`),e}}a(MP,"getHDBProcessInfo");async function UP(){let e={};try{if(!Vh.get(Tf.CONFIG_PARAMS.OPERATIONSAPI_SYSINFO_DISK))return e;let{rIO_sec:t,wIO_sec:r,tIO_sec:n,ms:s,...i}=await In.disksIO();e.io=i;let{rxSec:o,txSec:c,wxSec:l,...u}=await In.fsStats();return e.read_write=u,e.size=await In.fsSize(),e}catch(t){return Nc.error(`error in getDiskInfo: ${t}`),e}}a(UP,"getDiskInfo");async function xP(){let e={default_interface:null,latency:{},interfaces:[],stats:[],connections:[]};try{return Vh.get(Tf.CONFIG_PARAMS.OPERATIONSAPI_SYSINFO_NETWORK)&&(e.default_interface=await In.networkInterfaceDefault(),e.latency=await In.inetChecksite("google.com"),(await In.networkInterfaces()).forEach(n=>{let{internal:s,virtual:i,mtu:o,dhcp:c,dnsSuffix:l,ieee8021xAuth:u,ieee8021xState:d,carrierChanges:f,...m}=n;e.interfaces.push(m)}),(await In.networkStats()).forEach(n=>{let{rxSec:s,txSec:i,ms:o,...c}=n;e.stats.push(c)})),e}catch(t){return Nc.error(`error in getNetworkInfo: ${t}`),e}}a(xP,"getNetworkInfo");async function BP(){if(yy!==void 0)return yy;let e={};try{let{codepage:t,logofile:r,serial:n,build:s,servicepack:i,uefi:o,...c}=await In.osInfo();e=c;let l=await In.versions("node, npm");return e.node_version=l.node,e.npm_version=l.npm,yy=e,yy}catch(t){return Nc.error(`error in getSystemInformation: ${t}`),e}}a(BP,"getSystemInformation");async function FP(){let e=[],t=await ihe.describeAll();for(let r of Object.values(t))for(let n of Object.values(r))e.push(await she(n));return e}a(FP,"getTableSize");async function kP(){let e={};for(let t in PP){let r=e[t]={},n=r.tables={};for(let s in PP[t])try{let i=PP[t][s];if(!r.readers&&(Object.assign(r,i.primaryStore.rootStore.getStats()),delete r.root,r.readers=i.primaryStore.rootStore.readerList().split(/\n\s+/).slice(1).map(l=>{let[u,d,f]=l.trim().split(" ");return{pid:u,thread:d,txnid:f}}),i.auditStore)){let{treeDepth:l,treeBranchPageCount:u,treeLeafPageCount:d,entryCount:f,overflowPages:m}=i.auditStore.getStats();r.audit={treeDepth:l,treeBranchPageCount:u,treeLeafPageCount:d,entryCount:f,overflowPages:m}}let o=i.primaryStore.getStats(),c={};for(let l of["treeDepth","treeBranchPageCount","treeLeafPageCount","entryCount","overflowPages"])c[l]=o[l];n[s]=c}catch(i){Nc.notify(`Error getting stats for table ${s}: ${i}`)}}return e}a(kP,"getMetrics");async function TW(){if(Vh.get(Tf.CONFIG_PARAMS.CLUSTERING_ENABLED)){let{jsm:e}=await gW.getNATSReferences(),t=await gW.listStreams(),r=[];for(let n of t){let s=[],i=await e.consumers.list(n.config.name);for await(let c of i)s.push({name:c.name,created:c.created,num_ack_pending:c.num_ack_pending,num_redelivered:c.num_redelivered,num_waiting:c.num_waiting,num_pending:c.num_pending});let o={stream_name:n.config.name,database:n.config.subjects[0].split(".")[1],table:n.config.subjects[0].split(".")[2],state:n.state,consumers:s};r.push(o)}return r}}a(TW,"getNatsStreamInfo");async function ahe(e){let t=new ohe;if(!Array.isArray(e.attributes)||e.attributes.length===0)return t.system=await BP(),t.time=LP(),t.cpu=await DP(),t.memory=await vP(),t.disk=await UP(),t.network=await xP(),t.harperdb_processes=await MP(),t.table_size=await FP(),t.metrics=await kP(),t.threads=await SW(),t.replication=await TW(),t;for(let r=0;r<e.attributes.length;r++)switch(e.attributes[r]){case"system":t.system=await BP();break;case"time":t.time=LP();break;case"cpu":t.cpu=await DP();break;case"memory":t.memory=await vP();break;case"disk":t.disk=await UP();break;case"network":t.network=await xP();break;case"harperdb_processes":t.harperdb_processes=await MP();break;case"table_size":t.table_size=await FP();break;case"database_metrics":case"metrics":t.metrics=await kP();break;case"threads":t.threads=await SW();break;case"replication":t.replication=await TW();break;default:break}return t}a(ahe,"systemInformation")});var pa=M((BFe,IW)=>{"use strict";var che=$n(),HP=ae(),lhe=require("util"),ru=(G(),D(j)),RW=fe();RW.initSync();var uhe=VC(),bW=gn(),{Node:MFe,NodeSubscription:UFe}=Sf(),dhe=ud(),fhe=uW(),{RemotePayloadObject:mhe,RemotePayloadSubscription:phe}=$h(),{handleHDBError:hhe,hdbErrors:Ehe}=Ee(),{HTTP_STATUS_CODES:_he,HDB_ERROR_MSGS:ghe}=Ehe,She=ui(),The=Kh(),{packageJson:yhe}=Rt(),{getDatabases:Rhe}=(Oe(),D(mt)),xFe=lhe.promisify(uhe.authorize),bhe=bW.searchByHash,Ahe=bW.searchByValue;IW.exports={isEmpty:Ihe,getNodeRecord:whe,upsertNodeRecord:Nhe,buildNodePayloads:Che,checkClusteringEnabled:Ohe,getAllNodeRecords:Phe,getSystemInfo:Lhe,reverseSubscription:AW};function Ihe(e){return e==null}a(Ihe,"isEmpty");async function whe(e){let t=new dhe(ru.SYSTEM_SCHEMA_NAME,ru.SYSTEM_TABLE_NAMES.NODE_TABLE_NAME,[e],["*"]);return bhe(t)}a(whe,"getNodeRecord");async function Nhe(e){let t=new fhe(ru.SYSTEM_SCHEMA_NAME,ru.SYSTEM_TABLE_NAMES.NODE_TABLE_NAME,[e]);return che.upsert(t)}a(Nhe,"upsertNodeRecord");function AW(e){if(HP.isEmpty(e.subscribe)||HP.isEmpty(e.publish))throw new Error("Received invalid subscription object");let{schema:t,table:r,hash_attribute:n}=e,s={schema:t,table:r,hash_attribute:n};return e.subscribe===!0&&e.publish===!1?(s.subscribe=!1,s.publish=!0):e.subscribe===!1&&e.publish===!0?(s.subscribe=!0,s.publish=!1):(s.subscribe=e.subscribe,s.publish=e.publish),s}a(AW,"reverseSubscription");function Che(e,t,r,n){let s=[];for(let i=0,o=e.length;i<o;i++){let c=e[i],{schema:l,table:u}=c,d=HP.getTableHashAttribute(l,u),{subscribe:f,publish:m}=AW(c),p=Rhe()[l]?.[u],h=new phe(l,u,d,m,f,c.start_time,p.schemaDefined?p.attributes:void 0);s.push(h)}return new mhe(r,t,s,n)}a(Che,"buildNodePayloads");function Ohe(){if(!RW.get(ru.CONFIG_PARAMS.CLUSTERING_ENABLED))throw hhe(new Error,ghe.CLUSTERING_NOT_ENABLED,_he.BAD_REQUEST,void 0,void 0,!0)}a(Ohe,"checkClusteringEnabled");async function Phe(){let e=new She(ru.SYSTEM_SCHEMA_NAME,ru.SYSTEM_TABLE_NAMES.NODE_TABLE_NAME,"name","*",void 0,["*"]);return Array.from(await Ahe(e))}a(Phe,"getAllNodeRecords");async function Lhe(){let e=await The.getSystemInformation();return{hdb_version:yhe.version,node_version:e.node_version,platform:e.platform}}a(Lhe,"getSystemInfo")});var GP=M((kFe,vW)=>{"use strict";var Ry=_r(),wW=ae(),NW=Lt(),CW=(G(),D(j)),by=Q(),OW=Ey(),Dhe=_p(),{RemotePayloadObject:vhe}=$h(),{handleHDBError:PW,hdbErrors:Mhe}=Ee(),{HTTP_STATUS_CODES:LW}=Mhe,{NodeSubscription:DW}=Sf();vW.exports=Uhe;async function Uhe(e,t){let r;try{r=await Ry.request(`${t}.${NW.REQUEST_SUFFIX}`,new vhe(CW.OPERATIONS_ENUM.DESCRIBE_ALL,t,void 0,void 0)),by.trace("Response from remote describe all request:",r)}catch(o){by.error(`addNode received error from describe all request to remote node: ${o}`);let c=Ry.requestErrorHandler(o,"add_node",t);throw PW(new Error,c,LW.INTERNAL_SERVER_ERROR,"error",c)}if(r.status===NW.UPDATE_REMOTE_RESPONSE_STATUSES.ERROR){let o=`Error returned from remote node ${t}: ${r.message}`;throw PW(new Error,o,LW.INTERNAL_SERVER_ERROR,"error",o)}let n=r.message,s=[],i=[];for(let o of e){let{table:c}=o,l=o.database??o.schema??"data";if(l===CW.SYSTEM_SCHEMA_NAME){await Ry.createLocalTableStream(l,c);let h=new DW(l,c,o.publish,o.subscribe);h.start_time=o.start_time,i.push(h);continue}let u=wW.doesSchemaExist(l),d=n[l]!==void 0,f=c?wW.doesTableExist(l,c):!0,m=c?n?.[l]?.[c]!==void 0:!0;if(!u&&!d||!f&&!m){s.push(o);continue}if(!u&&d&&(by.trace(`addNode creating schema: ${l}`),await OW.createSchema({operation:"create_schema",schema:l})),!f&&m){by.trace(`addNode creating table: ${c} in schema: ${l} with attributes ${JSON.stringify(n[l][c].attributes)}`);let h=new Dhe(l,c,n[l][c].hash_attribute);n[l][c].attributes&&(h.attributes=n[l][c].attributes),await OW.createTable(h)}await Ry.createLocalTableStream(l,c);let p=new DW(l,c,o.publish,o.subscribe);p.start_time=o.start_time,i.push(p)}return{added:i,skipped:s}}a(Uhe,"reviewSubscriptions")});var yf={};ye(yf,{addNodeBack:()=>qP,removeNodeBack:()=>$P,setNode:()=>khe});async function khe(e){e.node_name&&!e.hostname&&(e.hostname=e.node_name),e.verify_tls!==void 0&&(e.rejectUnauthorized=e.verify_tls);let{url:t,hostname:r}=e;t?r||(r=e.hostname=Ti(t)):t=dy(r);let n=(0,UW.validateBySchema)(e,Fhe);if(n)throw(0,ha.handleHDBError)(n,n.message,Bhe.BAD_REQUEST,void 0,void 0,!0);if(e.operation==="remove_node"){if(!t&&!r)throw new ha.ClientError("url or hostname is required for remove_node operation");let p=r,h=Gt(),E=await h.get(p);if(!E)throw new ha.ClientError(p+" does not exist");try{await Hh({url:E.url},{operation:V.REMOVE_NODE_BACK,name:E?.subscriptions?.length>0?nt():p},void 0)}catch(_){Rs.warn(`Error removing node from target node ${p}, if it is offline and we be online in the future, you may need to clean up this node manually, or retry:`,_)}return await h.delete(p),`Successfully removed '${p}' from cluster`}if(!t)throw new ha.ClientError("url required for this operation");let s=Sc();if(s==null)throw new ha.ClientError("replication url is missing from harperdb-config.yaml");let i,o,c;if(t?.startsWith("wss:")){i=await(0,Ys.getReplicationCert)();let p=await(0,Ys.getReplicationCertAuth)();if(!i)throw new Error("Unable to find a certificate to use for replication");i.options.is_self_signed?(o=await(0,Ys.createCsr)(),Rs.info("Sending CSR to target node:",t)):p&&(c=p.certificate,Rs.info("Sending CA named",p.name,"to target node",t))}let l={operation:V.ADD_NODE_BACK,hostname:(0,Oc.get)(x.REPLICATION_HOSTNAME),target_hostname:r,url:s,csr:o,cert_auth:c,authorization:e.retain_authorization?e.authorization:null};if((0,Oc.get)(x.REPLICATION_SHARD)!==void 0&&(l.shard=(0,Oc.get)(x.REPLICATION_SHARD)),e.subscriptions?l.subscriptions=e.subscriptions.map(MW):l.subscriptions=null,e.hasOwnProperty("subscribe")||e.hasOwnProperty("publish")){let p=MW(e);l.subscribe=p.subscribe,l.publish=p.publish}e?.authorization?.username&&e?.authorization?.password&&(e.authorization="Basic "+Buffer.from(e.authorization.username+":"+e.authorization.password).toString("base64"));let u,d;try{u=await Hh({url:t},l,e)}catch(p){p.message=`Error returned from ${t}: `+p.message,Rs.warn("Error adding node:",t,"to cluster:",p),d=p}if(o&&(!u?.certificate||!u?.certificate?.includes?.("BEGIN CERTIFICATE")))throw d?(d.message+=" and connection was required to sign certificate",d):new Error(`Unexpected certificate signature response from node ${t} response: ${JSON.stringify(u)}`);o&&(Rs.info("CSR response received from node:",t,"saving certificate and CA in hdb_certificate"),await(0,Ys.setCertTable)({name:xhe.certificateFromPem(u.signingCA).issuer.getField("CN").value,certificate:u.signingCA,is_authority:!0}),u.certificate&&await(0,Ys.setCertTable)({name:nt(),uses:["https","operations","wss"],certificate:u.certificate,private_key_name:i?.options?.key_file,is_authority:!1,is_self_signed:!1}),c=u.signingCA);let f={url:t,ca:u?.usingCA};if(e.hostname&&(f.name=e.hostname),e.subscriptions?f.subscriptions=e.subscriptions:f.replicates=!0,e.start_time&&(f.start_time=typeof e.start_time=="string"?new Date(e.start_time).getTime():e.start_time),e.retain_authorization&&(f.authorization=e.authorization),e.revoked_certificates&&(f.revoked_certificates=e.revoked_certificates),u?.shard!==void 0?f.shard=u.shard:e.shard!==void 0&&(f.shard=e.shard),f.replicates){let p={url:s,ca:c,replicates:!0,subscriptions:null};(0,Oc.get)(x.REPLICATION_SHARD)!==void 0&&(p.shard=(0,Oc.get)(x.REPLICATION_SHARD)),e.retain_authorization&&(p.authorization=e.authorization),e.start_time&&(p.start_time=e.start_time),await aa(nt(),p)}await aa(u?u.nodeName:f.name??Ti(t),f);let m;return e.operation==="update_node"?m=`Successfully updated '${t}'`:m=`Successfully added '${t}' to cluster`,d&&(m+=" but there was an error updating target node: "+d.message),m}async function qP(e){Rs.trace("addNodeBack received request:",e);let t=await(0,Ys.signCertificate)(e),r;e.csr?(r=t.signingCA,Rs.info("addNodeBack received CSR from node:",e.url,"this node will use and respond with CA that was used to issue CSR")):(r=e?.cert_auth,Rs.info("addNodeBack received CA from node:",e.url));let n={url:e.url,ca:r};e.subscriptions?n.subscriptions=e.subscriptions:(n.replicates=!0,n.subscriptions=null),e.start_time&&(n.start_time=e.start_time),e.authorization&&(n.authorization=e.authorization),e.shard!==void 0&&(n.shard=e.shard);let s=await(0,Ys.getReplicationCertAuth)();if(n.replicates){let i={url:Sc(),ca:s?.certificate,replicates:!0,subscriptions:null};(0,Oc.get)(x.REPLICATION_SHARD)!==void 0&&(i.shard=(0,Oc.get)(x.REPLICATION_SHARD),t.shard=i.shard),e.start_time&&(i.start_time=e.start_time),e.authorization&&(i.authorization=e.authorization),await aa(nt(),i)}return await aa(e.hostname,n),t.nodeName=nt(),t.usingCA=s?.certificate,Rs.info("addNodeBack responding to:",e.url,"with CA named:",s?.name),t}async function $P(e){Rs.trace("removeNodeBack received request:",e),await Gt().delete(e.name)}function MW(e){let{subscribe:t,publish:r}=e;return{...e,subscribe:r,publish:t}}var Ys,UW,Cc,Oc,Rs,ha,xhe,Bhe,Fhe,Rf=se(()=>{Ys=b(ys()),UW=b(pt()),Cc=b(require("joi")),Oc=b(fe());G();Lh();rf();Ss();Rs=b(Q()),ha=b(Ee()),{pki:xhe}=require("node-forge"),{HTTP_STATUS_CODES:Bhe}=ha.hdbErrors,Fhe=Cc.default.object({hostname:Cc.default.string(),verify_tls:Cc.default.boolean(),replicates:Cc.default.boolean(),subscriptions:Cc.default.array(),revoked_certificates:Cc.default.array(),shard:Cc.default.number()});a(khe,"setNode");a(qP,"addNodeBack");a($P,"removeNodeBack");a(MW,"reverseSubscription")});var Cy=M((jFe,BW)=>{"use strict";var{handleHDBError:Ay,hdbErrors:Hhe}=Ee(),{HTTP_STATUS_CODES:Iy}=Hhe,{addUpdateNodeValidator:Ghe}=Ty(),wy=Q(),Ny=(G(),D(j)),xW=Lt(),qhe=ae(),Yh=_r(),Wh=pa(),VP=fe(),$he=GP(),{Node:Vhe,NodeSubscription:Khe}=Sf(),{broadcast:Yhe}=st(),{setNode:Whe}=(Rf(),D(yf)),YFe=fe(),WFe=(G(),D(j)),jhe="Unable to create subscriptions due to schema and/or tables not existing on the local or remote node",zhe="Some subscriptions were unsuccessful due to schema and/or tables not existing on the local or remote node",Jhe=VP.get(Ny.CONFIG_PARAMS.CLUSTERING_NODENAME);BW.exports=Qhe;async function Qhe(e,t=!1){if(wy.trace("addNode called with:",e),VP.get(Ny.CONFIG_PARAMS.REPLICATION_URL)||VP.get(Ny.CONFIG_PARAMS.REPLICATION_HOSTNAME))return Whe(e);Wh.checkClusteringEnabled();let r=Ghe(e);if(r)throw Ay(r,r.message,Iy.BAD_REQUEST,void 0,void 0,!0);let n=e.node_name;if(!t){let f=await Wh.getNodeRecord(n);if(!qhe.isEmptyOrZeroLength(f))throw Ay(new Error,`Node '${n}' has already been added, perform update_node to proceed.`,Iy.BAD_REQUEST,void 0,void 0,!0)}let{added:s,skipped:i}=await $he(e.subscriptions,n),o={message:void 0,added:s,skipped:i};if(s.length===0)return o.message=jhe,o;let c=Wh.buildNodePayloads(s,Jhe,Ny.OPERATIONS_ENUM.ADD_NODE,await Wh.getSystemInfo()),l=[];for(let f=0,m=s.length;f<m;f++){let p=s[f];s[f].start_time===void 0&&delete s[f].start_time,l.push(new Khe(p.schema,p.table,p.publish,p.subscribe))}wy.trace("addNode sending remote payload:",c);let u;try{u=await Yh.request(`${n}.${xW.REQUEST_SUFFIX}`,c)}catch(f){wy.error(`addNode received error from request: ${f}`);for(let p=0,h=s.length;p<h;p++){let E=s[p];E.publish=!1,E.subscribe=!1,await Yh.updateRemoteConsumer(E,n)}let m=Yh.requestErrorHandler(f,"add_node",n);throw Ay(new Error,m,Iy.INTERNAL_SERVER_ERROR,"error",m)}if(u.status===xW.UPDATE_REMOTE_RESPONSE_STATUSES.ERROR){let f=`Error returned from remote node ${n}: ${u.message}`;throw Ay(new Error,f,Iy.INTERNAL_SERVER_ERROR,"error",f)}wy.trace(u);for(let f=0,m=s.length;f<m;f++){let p=s[f];await Yh.updateRemoteConsumer(p,n),p.subscribe===!0&&await Yh.updateConsumerIterator(p.schema,p.table,n,"start")}let d=new Vhe(n,l,u.system_info);return await Wh.upsertNodeRecord(d),Yhe({type:"nats_update"}),i.length>0?o.message=zhe:o.message=`Successfully added '${n}' to manifest`,o}a(Qhe,"addNode")});var jP=M((QFe,kW)=>{"use strict";var{handleHDBError:KP,hdbErrors:Xhe}=Ee(),{HTTP_STATUS_CODES:YP}=Xhe,{addUpdateNodeValidator:Zhe}=Ty(),jh=Q(),Oy=(G(),D(j)),FW=Lt(),JFe=ae(),zh=_r(),Jh=pa(),WP=fe(),{cloneDeep:eEe}=require("lodash"),tEe=GP(),{Node:rEe,NodeSubscription:nEe}=Sf(),{broadcast:sEe}=st(),{setNode:iEe}=(Rf(),D(yf)),oEe="Unable to update subscriptions due to schema and/or tables not existing on the local or remote node",aEe="Some subscriptions were unsuccessful due to schema and/or tables not existing on the local or remote node",cEe=WP.get(Oy.CONFIG_PARAMS.CLUSTERING_NODENAME);kW.exports=lEe;async function lEe(e){if(jh.trace("updateNode called with:",e),WP.get(Oy.CONFIG_PARAMS.REPLICATION_URL)??WP.get(Oy.CONFIG_PARAMS.REPLICATION_HOSTNAME))return iEe(e);Jh.checkClusteringEnabled();let t=Zhe(e);if(t)throw KP(t,t.message,YP.BAD_REQUEST,void 0,void 0,!0);let r=e.node_name,n,s=await Jh.getNodeRecord(r);s.length>0&&(n=eEe(s));let{added:i,skipped:o}=await tEe(e.subscriptions,r),c={message:void 0,updated:i,skipped:o};if(i.length===0)return c.message=oEe,c;let l=Jh.buildNodePayloads(i,cEe,Oy.OPERATIONS_ENUM.UPDATE_NODE,await Jh.getSystemInfo());for(let d=0,f=i.length;d<f;d++){let m=i[d];jh.trace(`updateNode updating work stream for node: ${r} subscription:`,m),i[d].start_time===void 0&&delete i[d].start_time}jh.trace("updateNode sending remote payload:",l);let u;try{u=await zh.request(`${r}.${FW.REQUEST_SUFFIX}`,l)}catch(d){jh.error(`updateNode received error from request: ${d}`);let f=zh.requestErrorHandler(d,"update_node",r);throw KP(new Error,f,YP.INTERNAL_SERVER_ERROR,"error",f)}if(u.status===FW.UPDATE_REMOTE_RESPONSE_STATUSES.ERROR){let d=`Error returned from remote node ${r}: ${u.message}`;throw KP(new Error,d,YP.INTERNAL_SERVER_ERROR,"error",d)}jh.trace(u);for(let d=0,f=i.length;d<f;d++){let m=i[d];await zh.updateRemoteConsumer(m,r),m.subscribe===!0?await zh.updateConsumerIterator(m.schema,m.table,r,"start"):await zh.updateConsumerIterator(m.schema,m.table,r,"stop")}return n||(n=[new rEe(r,[],u.system_info)]),await uEe(n[0],i,u.system_info),o.length>0?c.message=aEe:c.message=`Successfully updated '${r}'`,c}a(lEe,"updateNode");async function uEe(e,t,r){let n=e;for(let s=0,i=t.length;s<i;s++){let o=t[s],c=!1;for(let l=0,u=e.subscriptions.length;l<u;l++){let d=n.subscriptions[l];if(d.schema===o.schema&&d.table===o.table){d.publish=o.publish,d.subscribe=o.subscribe,c=!0;break}}c||n.subscriptions.push(new nEe(o.schema,o.table,o.publish,o.subscribe))}n.system_info=r,await Jh.upsertNodeRecord(n),sEe({type:"nats_update"})}a(uEe,"updateNodeTable")});var VW=M((ZFe,$W)=>{"use strict";var qW=require("joi"),{string:HW}=qW.types(),dEe=pt(),GW=(G(),D(j)),fEe=fe(),mEe=Lt();$W.exports=pEe;function pEe(e){let t=HW.invalid(fEe.get(GW.CONFIG_PARAMS.CLUSTERING_NODENAME)).pattern(mEe.NATS_TERM_CONSTRAINTS_RX).messages({"string.pattern.base":"{:#label} invalid, must not contain ., * or >","any.invalid":"'node_name' cannot be this nodes name"}).empty(null),r=qW.object({operation:HW.valid(GW.OPERATIONS_ENUM.REMOVE_NODE).required(),node_name:t});return dEe.validateBySchema(e,r)}a(pEe,"removeNodeValidator")});var Py=M((tke,zW)=>{"use strict";var{handleHDBError:KW,hdbErrors:hEe}=Ee(),{HTTP_STATUS_CODES:YW}=hEe,EEe=VW(),Qh=Q(),WW=pa(),_Ee=ae(),bf=(G(),D(j)),jW=Lt(),zP=_r(),JP=fe(),{RemotePayloadObject:gEe}=$h(),{NodeSubscription:SEe}=Sf(),TEe=Ep(),yEe=Dl(),{broadcast:REe}=st(),{setNode:bEe}=(Rf(),D(yf)),AEe=JP.get(bf.CONFIG_PARAMS.CLUSTERING_NODENAME);zW.exports=IEe;async function IEe(e){if(Qh.trace("removeNode called with:",e),JP.get(bf.CONFIG_PARAMS.REPLICATION_URL)??JP.get(bf.CONFIG_PARAMS.REPLICATION_HOSTNAME))return bEe(e);WW.checkClusteringEnabled();let t=EEe(e);if(t)throw KW(t,t.message,YW.BAD_REQUEST,void 0,void 0,!0);let r=e.node_name,n=await WW.getNodeRecord(r);if(_Ee.isEmptyOrZeroLength(n))throw KW(new Error,`Node '${r}' was not found.`,YW.BAD_REQUEST,void 0,void 0,!0);n=n[0];let s=new gEe(bf.OPERATIONS_ENUM.REMOVE_NODE,AEe,[]),i,o=!1;for(let l=0,u=n.subscriptions.length;l<u;l++){let d=n.subscriptions[l];d.subscribe===!0&&await zP.updateConsumerIterator(d.schema,d.table,r,"stop");try{await zP.updateRemoteConsumer(new SEe(d.schema,d.table,!1,!1),r)}catch(f){Qh.error(f)}}try{i=await zP.request(`${r}.${jW.REQUEST_SUFFIX}`,s),Qh.trace("Remove node reply from remote node:",r,i)}catch(l){Qh.error("removeNode received error from request:",l),o=!0}let c=new TEe(bf.SYSTEM_SCHEMA_NAME,bf.SYSTEM_TABLE_NAMES.NODE_TABLE_NAME,[r]);return await yEe.deleteRecord(c),REe({type:"nats_update"}),i?.status===jW.UPDATE_REMOTE_RESPONSE_STATUSES.ERROR||o?(Qh.error("Error returned from remote node:",r,i?.message),`Successfully removed '${r}' from local manifest, however there was an error reaching remote node. Check the logs for more details.`):`Successfully removed '${r}' from manifest`}a(IEe,"removeNode")});var XW=M((nke,QW)=>{"use strict";var JW=require("joi"),{string:wEe,array:NEe}=JW.types(),CEe=pt(),OEe=Ty();QW.exports=PEe;function PEe(e){let t=JW.object({operation:wEe.valid("configure_cluster").required(),connections:NEe.items(OEe.validationSchema).required()});return CEe.validateBySchema(e,t)}a(PEe,"configureClusterValidator")});var QP=M((ike,nj)=>{"use strict";var ZW=(G(),D(j)),Ly=Q(),LEe=ae(),DEe=fe(),vEe=Py(),MEe=Cy(),UEe=pa(),xEe=XW(),{handleHDBError:ej,hdbErrors:BEe}=Ee(),{HTTP_STATUS_CODES:tj}=BEe,FEe="Configure cluster complete.",kEe="Failed to configure the cluster. Check the logs for more details.",HEe="Configure cluster was partially successful. Errors occurred when attempting to configure the following nodes. Check the logs for more details.";nj.exports=GEe;async function GEe(e){Ly.trace("configure cluster called with:",e);let t=xEe(e);if(t)throw ej(t,t.message,tj.BAD_REQUEST,void 0,void 0,!0);let r=await UEe.getAllNodeRecords(),n=[];if(DEe.get(ZW.CONFIG_PARAMS.CLUSTERING_ENABLED)){for(let d=0,f=r.length;d<f;d++){let m=await rj(vEe,{operation:ZW.OPERATIONS_ENUM.REMOVE_NODE,node_name:r[d].name},r[d].name);n.push(m)}Ly.trace("All results from configure_cluster remove node:",n)}let s=[],i=e.connections.length;for(let d=0;d<i;d++){let f=e.connections[d],m=await rj(MEe,f,f.node_name);s.push(m)}Ly.trace("All results from configure_cluster add node:",s);let o=[],c=[],l=!1,u=n.concat(s);for(let d=0,f=u.length;d<f;d++){let m=u[d];m.status==="rejected"&&(Ly.error(m.node_name,m?.error?.message,m?.error?.stack),o.includes(m.node_name)||o.push(m.node_name)),(m?.result?.message?.includes?.("Successfully")||m?.result?.includes?.("Successfully"))&&(l=!0),!(typeof m.result=="string"&&m.result.includes("Successfully removed")||m.status==="rejected")&&c.push({node_name:m?.node_name,response:m?.result})}if(LEe.isEmptyOrZeroLength(o))return{message:FEe,connections:c};if(l)return{message:HEe,failed_nodes:o,connections:c};throw ej(new Error,kEe,tj.INTERNAL_SERVER_ERROR,void 0,void 0,!0)}a(GEe,"configureCluster");async function rj(e,t,r){try{return{node_name:r,result:await e(t)}}catch(n){return{node_name:r,error:n,status:"rejected"}}}a(rj,"functionWrapper")});var aj=M((ake,oj)=>{"use strict";var Xh=require("joi"),qEe=pt(),{validateSchemaExists:sj,validateTableExists:$Ee,validateSchemaName:ij}=zi(),VEe=Xh.object({operation:Xh.string().valid("purge_stream"),schema:Xh.string().custom(sj).custom(ij).optional(),database:Xh.string().custom(sj).custom(ij).optional(),table:Xh.string().custom($Ee).required()});function KEe(e){return qEe.validateBySchema(e,VEe)}a(KEe,"purgeStreamValidator");oj.exports=KEe});var XP=M((lke,cj)=>{"use strict";var{handleHDBError:YEe,hdbErrors:WEe}=Ee(),{HTTP_STATUS_CODES:jEe}=WEe,zEe=aj(),JEe=_r(),QEe=pa();cj.exports=XEe;async function XEe(e){e.schema=e.schema??e.database;let t=zEe(e);if(t)throw YEe(t,t.message,jEe.BAD_REQUEST,void 0,void 0,!0);QEe.checkClusteringEnabled();let{schema:r,table:n,options:s}=e;return await JEe.purgeTableStream(r,n,s),`Successfully purged table '${r}.${n}'`}a(XEe,"purgeStream")});var tL=M((dke,Ej)=>{"use strict";var eL=pa(),ZEe=_r(),vy=fe(),Af=(G(),D(j)),nu=Lt(),e_e=ae(),ZP=Q(),{RemotePayloadObject:t_e}=$h(),{ErrorCode:lj}=require("nats"),{parentPort:uj}=require("worker_threads"),{onMessageByType:r_e}=st(),{getThisNodeName:n_e}=(Ss(),D(la)),{requestClusterStatus:s_e}=(Lh(),D(sK)),{getReplicationSharedStatus:i_e,getHDBNodeTable:o_e}=(rf(),D(Q1)),{CONFIRMATION_STATUS_POSITION:a_e,RECEIVED_VERSION_POSITION:dj,RECEIVED_TIME_POSITION:c_e,SENDING_TIME_POSITION:l_e,RECEIVING_STATUS_POSITION:u_e,RECEIVING_STATUS_RECEIVING:d_e,BACK_PRESSURE_RATIO_POSITION:f_e}=(YO(),D(jK)),fj=vy.get(Af.CONFIG_PARAMS.CLUSTERING_ENABLED),mj=vy.get(Af.CONFIG_PARAMS.CLUSTERING_NODENAME);Ej.exports={clusterStatus:m_e,buildNodeStatus:hj};var pj;r_e("cluster-status",async e=>{pj(e)});async function m_e(){if(vy.get(Af.CONFIG_PARAMS.REPLICATION_URL)||vy.get(Af.CONFIG_PARAMS.REPLICATION_HOSTNAME)){let n;uj?(uj.postMessage({type:"request-cluster-status"}),n=await new Promise(i=>{pj=i})):n=s_e();for(let i of n.connections){let o=i.name;for(let c of i.database_sockets){let l=c.database,u;for(let f of Object.values(databases[l]||{}))if(u=f.auditStore,u)break;if(!u)continue;let d=i_e(u,l,o);c.lastCommitConfirmed=Dy(d[a_e]),c.lastReceivedRemoteTime=Dy(d[dj]),c.lastReceivedLocalTime=Dy(d[c_e]),c.lastReceivedVersion=d[dj],c.sendingMessage=Dy(d[l_e]),c.backPressurePercent=d[f_e]*100,c.lastReceivedStatus=d[u_e]===d_e?"Receiving":"Waiting"}}n.node_name=n_e();let s=o_e().primaryStore.get(n.node_name);return s?.shard&&(n.shard=s.shard),s?.url&&(n.url=s.url),n.is_enabled=!0,n}let e={node_name:mj,is_enabled:fj,connections:[]};if(!fj)return e;let t=await eL.getAllNodeRecords();if(e_e.isEmptyOrZeroLength(t))return e;let r=[];for(let n=0,s=t.length;n<s;n++)r.push(hj(t[n],e.connections));return await Promise.allSettled(r),e}a(m_e,"clusterStatus");function Dy(e){return e?e===1?"Copying":new Date(e).toUTCString():void 0}a(Dy,"asDate");async function hj(e,t){let r=e.name,n=new t_e(Af.OPERATIONS_ENUM.CLUSTER_STATUS,mj,void 0,await eL.getSystemInfo()),s,i,o=nu.CLUSTER_STATUS_STATUSES.OPEN;try{let l=Date.now();s=await ZEe.request(nu.REQUEST_SUBJECT(r),n),i=Date.now()-l,s.status===nu.UPDATE_REMOTE_RESPONSE_STATUSES.ERROR&&(o=nu.CLUSTER_STATUS_STATUSES.CLOSED,ZP.error(`Error getting node status from ${r} `,s))}catch(l){ZP.warn(`Error getting node status from ${r}`,l),l.code===lj.NoResponders?o=nu.CLUSTER_STATUS_STATUSES.NO_RESPONDERS:l.code===lj.Timeout?o=nu.CLUSTER_STATUS_STATUSES.TIMEOUT:o=nu.CLUSTER_STATUS_STATUSES.CLOSED}let c=new p_e(r,o,s?.message?.ports?.clustering,s?.message?.ports?.operations_api,i,s?.message?.uptime,e.subscriptions,s?.message?.system_info);try{let l={name:r,system_info:s?.message?.system_info};e.system_info?.hdb_version!==Af.PRE_4_0_0_VERSION&&await eL.upsertNodeRecord(l)}catch(l){ZP.error("Cluster status encountered an error updating system info for node:",r,l)}t.push(c)}a(hj,"buildNodeStatus");function p_e(e,t,r,n,s,i,o,c){this.node_name=e,this.status=t,this.ports={clustering:r,operations_api:n},this.latency_ms=s,this.uptime=i,this.subscriptions=o,this.system_info=c}a(p_e,"NodeStatusObject")});var nL=M((mke,_j)=>{"use strict";var{handleHDBError:h_e,hdbErrors:E_e}=Ee(),{HTTP_STATUS_CODES:__e}=E_e,g_e=_r(),S_e=pa(),rL=ae(),My=require("joi"),T_e=pt(),y_e=2e3,R_e=My.object({timeout:My.number().min(1),connected_nodes:My.boolean(),routes:My.boolean()});_j.exports=b_e;async function b_e(e){S_e.checkClusteringEnabled();let t=T_e.validateBySchema(e,R_e);if(t)throw h_e(t,t.message,__e.BAD_REQUEST,void 0,void 0,!0);let{timeout:r,connected_nodes:n,routes:s}=e,i=n===void 0||rL.autoCastBoolean(n),o=s===void 0||rL.autoCastBoolean(s),c={nodes:[]},l=await g_e.getServerList(r??y_e),u={};if(i)for(let d=0,f=l.length;d<f;d++){let m=l[d].statsz;m&&(u[l[d].server.name]=m.routes)}for(let d=0,f=l.length;d<f;d++){if(l[d].statsz)continue;let m=l[d].server,p=l[d].data;if(m.name.endsWith("-hub")){let h={name:m.name.slice(0,-4),response_time:l[d].response_time};i&&(h.connected_nodes=[],u[m.name]&&u[m.name].forEach(E=>{h.connected_nodes.includes(E.name.slice(0,-4))||h.connected_nodes.push(E.name.slice(0,-4))})),o&&(h.routes=p.cluster?.urls?p.cluster?.urls.map(E=>({host:E.split(":")[0],port:rL.autoCast(E.split(":")[1])})):[]),c.nodes.push(h)}}return c}a(b_e,"clusterNetwork")});var yj=M((hke,Tj)=>{"use strict";var sL=require("joi"),gj=pt(),{routeConstraints:Sj}=pN();Tj.exports={setRoutesValidator:A_e,deleteRoutesValidator:I_e};function A_e(e){let t=sL.object({server:sL.valid("hub","leaf"),routes:Sj.required()});return gj.validateBySchema(e,t)}a(A_e,"setRoutesValidator");function I_e(e){let t=sL.object({routes:Sj.required()});return gj.validateBySchema(e,t)}a(I_e,"deleteRoutesValidator")});var Uy=M((_ke,Cj)=>{"use strict";var Ea=gt(),iL=ae(),Ws=(G(),D(j)),If=fe(),Rj=yj(),{handleHDBError:bj,hdbErrors:w_e}=Ee(),{HTTP_STATUS_CODES:Aj}=w_e,Ij="cluster routes successfully set",wj="cluster routes successfully deleted";Cj.exports={setRoutes:C_e,getRoutes:O_e,deleteRoutes:P_e};function N_e(e){let t=Ea.getClusteringRoutes(),r=e.server==="hub"?t.hub_routes:t.leaf_routes,n=e.server==="hub"?t.leaf_routes:t.hub_routes,s=[],i=[];for(let o=0,c=e.routes.length;o<c;o++){let l=e.routes[o];l.port=iL.autoCast(l.port);let u=r.some(f=>f.host===l.host&&f.port===l.port),d=n.some(f=>f.host===l.host&&f.port===l.port);u||d?s.push(l):(r.push(l),i.push(l))}return e.server==="hub"?Ea.updateConfigValue(Ws.CONFIG_PARAMS.CLUSTERING_HUBSERVER_CLUSTER_NETWORK_ROUTES,r):Ea.updateConfigValue(Ws.CONFIG_PARAMS.CLUSTERING_LEAFSERVER_NETWORK_ROUTES,r),{message:Ij,set:i,skipped:s}}a(N_e,"setRoutesNats");function C_e(e){let t=Rj.setRoutesValidator(e);if(t)throw bj(t,t.message,Aj.BAD_REQUEST,void 0,void 0,!0);if(If.get(Ws.CONFIG_PARAMS.CLUSTERING_ENABLED))return N_e(e);let r=[],n=[],s=If.get(Ws.CONFIG_PARAMS.REPLICATION_ROUTES)??[];return e.routes.forEach(i=>{Nj(s,i)?n.push(i):(s.push(i),r.push(i))}),Ea.updateConfigValue(Ws.CONFIG_PARAMS.REPLICATION_ROUTES,s),{message:Ij,set:r,skipped:n}}a(C_e,"setRoutes");function Nj(e,t){return typeof t=="string"?e.includes(t):typeof t=="object"&&t!==null?e.some(r=>(r.host===t.host||r.hostname===t.hostname)&&r.port===t.port):!1}a(Nj,"existsInArray");function O_e(){if(If.get(Ws.CONFIG_PARAMS.CLUSTERING_ENABLED)){let e=Ea.getClusteringRoutes();return{hub:e.hub_routes,leaf:e.leaf_routes}}else return If.get(Ws.CONFIG_PARAMS.REPLICATION_ROUTES)??[]}a(O_e,"getRoutes");function P_e(e){let t=Rj.deleteRoutesValidator(e);if(t)throw bj(t,t.message,Aj.BAD_REQUEST,void 0,void 0,!0);if(If.get(Ws.CONFIG_PARAMS.CLUSTERING_ENABLED))return L_e(e);let r=[],n=[],s=If.get(Ws.CONFIG_PARAMS.REPLICATION_ROUTES)??[],i=[];return s.forEach(o=>{Nj(e.routes,o)?r.push(o):(i.push(o),n.push(o))}),Ea.updateConfigValue(Ws.CONFIG_PARAMS.REPLICATION_ROUTES,i),{message:wj,deleted:r,skipped:n}}a(P_e,"deleteRoutes");function L_e(e){let t=Ea.getClusteringRoutes(),r=t.hub_routes,n=t.leaf_routes,s=[],i=[],o=!1,c=!1;for(let l=0,u=e.routes.length;l<u;l++){let d=e.routes[l],f=!1;for(let m=0,p=r.length;m<p;m++){let h=r[m];if(d.host===h.host&&d.port===h.port){r.splice(m,1),f=!0,o=!0,s.push(d);break}}if(!f){let m=!0;for(let p=0,h=n.length;p<h;p++){let E=n[p];if(d.host===E.host&&d.port===E.port){n.splice(p,1),c=!0,m=!1,s.push(d);break}}m&&i.push(d)}}return o&&(r=iL.isEmptyOrZeroLength(r)?null:r,Ea.updateConfigValue(Ws.CONFIG_PARAMS.CLUSTERING_HUBSERVER_CLUSTER_NETWORK_ROUTES,r)),c&&(n=iL.isEmptyOrZeroLength(n)?null:n,Ea.updateConfigValue(Ws.CONFIG_PARAMS.CLUSTERING_LEAFSERVER_NETWORK_ROUTES,n)),{message:wj,deleted:s,skipped:i}}a(L_e,"deleteRoutesNats")});var Pj=M((Ske,Oj)=>{"use strict";var D_e=Lt(),oL=class{static{a(this,"HubConfigObject")}constructor(t,r,n,s,i,o,c,l,u,d,f,m,p,h){this.port=t,o===null&&(o=void 0),this.server_name=r+D_e.SERVER_SUFFIX.HUB,this.pid_file=n,this.max_payload=67108864,this.reconnect_error_reports=100,this.jetstream={enabled:!1},this.tls={cert_file:s,key_file:i,ca_file:o,insecure:c,verify:l},this.leafnodes={port:u,tls:{cert_file:s,key_file:i,ca_file:o,insecure:c}},this.cluster={name:d,port:f,routes:m,tls:{cert_file:s,key_file:i,ca_file:o,insecure:c,verify:l}},this.accounts={SYS:{users:p},HDB:{users:h}},this.system_account="SYS"}};Oj.exports=oL});var vj=M((yke,Dj)=>{"use strict";var Lj=Lt(),aL=class{static{a(this,"LeafConfigObject")}constructor(t,r,n,s,i,o,c,l,u,d,f){this.port=t,f===null&&(f=void 0),this.server_name=r+Lj.SERVER_SUFFIX.LEAF,this.pid_file=n,this.max_payload=67108864,this.jetstream={enabled:!0,store_dir:s,domain:r+Lj.SERVER_SUFFIX.LEAF},this.tls={cert_file:u,key_file:d,ca_file:f,insecure:!0},this.leafnodes={remotes:[{tls:{ca_file:f,insecure:!0},urls:i,account:"SYS"},{tls:{ca_file:f,insecure:!0},urls:o,account:"HDB"}]},this.accounts={SYS:{users:c},HDB:{users:l,jetstream:"enabled"}},this.system_account="SYS"}};Dj.exports=aL});var Uj=M((bke,Mj)=>{"use strict";var cL=class{static{a(this,"HdbUserObject")}constructor(t,r){this.user=t,this.password=r}};Mj.exports=cL});var Bj=M((Ike,xj)=>{"use strict";var v_e=Lt(),lL=class{static{a(this,"SysUserObject")}constructor(t,r){this.user=t+v_e.SERVER_SUFFIX.ADMIN,this.password=r}};xj.exports=lL});var ky=M((Nke,Hj)=>{"use strict";var su=require("path"),iu=require("fs-extra"),M_e=Pj(),U_e=vj(),x_e=Uj(),B_e=Bj(),uL=(hs(),D(oo)),Nf=ae(),zn=gt(),By=(G(),D(j)),Zh=Lt(),{CONFIG_PARAMS:lr}=By,Cf=Q(),eE=fe(),Fj=ro(),dL=_r(),F_e=ys(),wf="clustering",k_e=1e4,kj=50;Hj.exports={generateNatsConfig:G_e,removeNatsConfig:q_e,getHubConfigPath:H_e};function H_e(){let e=eE.get(lr.ROOTPATH);return su.join(e,wf,Zh.NATS_CONFIG_FILES.HUB_SERVER)}a(H_e,"getHubConfigPath");async function G_e(e=!1,t=void 0){console.error("Warning: NATS replication is deprecated and will be removed in version 5.0 of Harper");let r=eE.get(lr.ROOTPATH);iu.ensureDirSync(su.join(r,"clustering","leaf")),eE.initSync();let n=zn.getConfigFromFile(lr.CLUSTERING_TLS_CERT_AUTH),s=zn.getConfigFromFile(lr.CLUSTERING_TLS_PRIVATEKEY),i=zn.getConfigFromFile(lr.CLUSTERING_TLS_CERTIFICATE);!await iu.exists(i)&&!await iu.exists(!n)&&await F_e.createNatsCerts();let o=su.join(r,wf,Zh.PID_FILES.HUB),c=su.join(r,wf,Zh.PID_FILES.LEAF),l=zn.getConfigFromFile(lr.CLUSTERING_LEAFSERVER_STREAMS_PATH),u=su.join(r,wf,Zh.NATS_CONFIG_FILES.HUB_SERVER),d=su.join(r,wf,Zh.NATS_CONFIG_FILES.LEAF_SERVER),f=zn.getConfigFromFile(lr.CLUSTERING_TLS_INSECURE),m=zn.getConfigFromFile(lr.CLUSTERING_TLS_VERIFY),p=zn.getConfigFromFile(lr.CLUSTERING_NODENAME),h=zn.getConfigFromFile(lr.CLUSTERING_HUBSERVER_LEAFNODES_NETWORK_PORT);await dL.checkNATSServerInstalled()||Fy("nats-server dependency is either missing or the wrong version. Run 'npm install' to fix");let E=await uL.listUsers(),_=zn.getConfigFromFile(lr.CLUSTERING_USER),R=await uL.getClusterUser();(Nf.isEmpty(R)||R.active!==!0)&&Fy(`Invalid cluster user '${_}'. A valid user with the role 'cluster_user' must be defined under clustering.user in harperdb-config.yaml`),e||(await xy(lr.CLUSTERING_HUBSERVER_CLUSTER_NETWORK_PORT),await xy(lr.CLUSTERING_HUBSERVER_LEAFNODES_NETWORK_PORT),await xy(lr.CLUSTERING_HUBSERVER_NETWORK_PORT),await xy(lr.CLUSTERING_LEAFSERVER_NETWORK_PORT));let S=[],y=[];for(let[z,Y]of E.entries())Y.role?.role===By.ROLE_TYPES_ENUM.CLUSTER_USER&&Y.active&&(S.push(new B_e(Y.username,Fj.decrypt(Y.hash))),y.push(new x_e(Y.username,Fj.decrypt(Y.hash))));let w=[],{hub_routes:I}=zn.getClusteringRoutes();if(!Nf.isEmptyOrZeroLength(I))for(let z of I)w.push(`tls://${R.sys_name_encoded}:${R.uri_encoded_d_hash}@${z.host}:${z.port}`);let H=new M_e(zn.getConfigFromFile(lr.CLUSTERING_HUBSERVER_NETWORK_PORT),p,o,i,s,n,f,m,h,zn.getConfigFromFile(lr.CLUSTERING_HUBSERVER_CLUSTER_NAME),zn.getConfigFromFile(lr.CLUSTERING_HUBSERVER_CLUSTER_NETWORK_PORT),w,S,y);n==null&&(delete H.tls.ca_file,delete H.leafnodes.tls.ca_file),t=Nf.isEmpty(t)?void 0:t.toLowerCase(),(t===void 0||t===By.PROCESS_DESCRIPTORS.CLUSTERING_HUB.toLowerCase())&&(await iu.writeJson(u,H),Cf.trace(`Hub server config written to ${u}`));let X=`tls://${R.sys_name_encoded}:${R.uri_encoded_d_hash}@0.0.0.0:${h}`,q=`tls://${R.uri_encoded_name}:${R.uri_encoded_d_hash}@0.0.0.0:${h}`,k=new U_e(zn.getConfigFromFile(lr.CLUSTERING_LEAFSERVER_NETWORK_PORT),p,c,l,[X],[q],S,y,i,s,n,f);n==null&&delete k.tls.ca_file,(t===void 0||t===By.PROCESS_DESCRIPTORS.CLUSTERING_LEAF.toLowerCase())&&(await iu.writeJson(d,k),Cf.trace(`Leaf server config written to ${d}`))}a(G_e,"generateNatsConfig");async function xy(e){let t=eE.get(e);return Nf.isEmpty(t)&&Fy(`port undefined for '${e}'`),await Nf.isPortTaken(t)&&Fy(`'${e}' port '${t}' is is in use by another process, check to see if HarperDB is already running or another process is using this port.`),!0}a(xy,"isPortAvailable");function Fy(e){let t=`Error generating clustering config: ${e}`;Cf.error(t),console.error(t),process.exit(1)}a(Fy,"generateNatsConfigError");async function q_e(e){let{port:t,config_file:r}=dL.getServerConfig(e),{username:n,decrypt_hash:s}=await uL.getClusterUser(),i=0,o=2e3;for(;i<kj;){try{let d=await dL.createConnection(t,n,s,!1);if(d.protocol.connected===!0){d.close();break}}catch(d){Cf.trace(`removeNatsConfig waiting for ${e}. Caught and swallowed error ${d}`)}if(i++,i>=kj)throw new Error(`Operations API timed out attempting to connect to ${e}. This is commonly caused by incorrect clustering config. Check hdb.log for further details.`);let u=o*(i*2);u>3e4&&Cf.notify("Operations API waiting for Nats server connection. This could be caused by large Nats streams or incorrect clustering config."),await Nf.asyncSetTimeout(u)}let c="0".repeat(k_e),l=su.join(eE.get(lr.ROOTPATH),wf,r);await iu.writeFile(l,c),await iu.remove(l),Cf.notify(e,"started.")}a(q_e,"removeNatsConfig")});var Yj=M((Oke,Kj)=>{"use strict";var bs=fe(),et=(G(),D(j)),tE=Lt(),_a=require("path"),{PACKAGE_ROOT:Gy}=Rt(),Gj=fe(),Hy=ae(),Of="/dev/null",$_e=_a.join(Gy,"launchServiceScripts"),qj=_a.join(Gy,"utility/scripts"),V_e=_a.join(qj,et.HDB_RESTART_SCRIPT),$j=_a.resolve(Gy,"dependencies",`${process.platform}-${process.arch}`,tE.NATS_BINARY_NAME);function Vj(){let e={[et.PROCESS_NAME_ENV_PROP]:et.PROCESS_DESCRIPTORS.HDB,IS_SCRIPTED_SERVICE:!0,...process.env};return Hy.noBootFile()&&(e[et.CONFIG_PARAMS.ROOTPATH.toUpperCase()]=Hy.getEnvCliRootPath()),{name:et.PROCESS_DESCRIPTORS.HDB,script:et.LAUNCH_SERVICE_SCRIPTS.MAIN,exec_mode:"fork",env:e,execArgv:process.execArgv,cwd:Gy}}a(Vj,"generateMainServerConfig");var K_e=9930;function Y_e(){bs.initSync(!0);let e=bs.get(et.CONFIG_PARAMS.ROOTPATH),t=_a.join(e,"clustering",tE.NATS_CONFIG_FILES.HUB_SERVER),r=_a.join(bs.get(et.HDB_SETTINGS_NAMES.LOG_PATH_KEY),et.LOG_NAMES.HDB),n=Gj.get(et.CONFIG_PARAMS.CLUSTERING_HUBSERVER_NETWORK_PORT),s=tE.LOG_LEVEL_FLAGS[bs.get(et.CONFIG_PARAMS.CLUSTERING_LOGLEVEL)]??void 0,i={name:et.PROCESS_DESCRIPTORS.CLUSTERING_HUB+(n!==K_e?"-"+n:""),binFile:$j,args:s?`${s} -c ${t}`:`-c ${t}`,exec_mode:"fork",env:{[et.PROCESS_NAME_ENV_PROP]:et.PROCESS_DESCRIPTORS.CLUSTERING_HUB},merge_logs:!0,out_file:r,error_file:r,instances:1};return bs.get(et.HDB_SETTINGS_NAMES.LOG_TO_FILE)||(i.out_file=Of,i.error_file=Of),i}a(Y_e,"generateNatsHubServerConfig");var W_e=9940;function j_e(){bs.initSync(!0);let e=bs.get(et.CONFIG_PARAMS.ROOTPATH),t=_a.join(e,"clustering",tE.NATS_CONFIG_FILES.LEAF_SERVER),r=_a.join(bs.get(et.HDB_SETTINGS_NAMES.LOG_PATH_KEY),et.LOG_NAMES.HDB),n=Gj.get(et.CONFIG_PARAMS.CLUSTERING_LEAFSERVER_NETWORK_PORT),s=tE.LOG_LEVEL_FLAGS[bs.get(et.CONFIG_PARAMS.CLUSTERING_LOGLEVEL)]??void 0,i={name:et.PROCESS_DESCRIPTORS.CLUSTERING_LEAF+(n!==W_e?"-"+n:""),binFile:$j,args:s?`${s} -c ${t}`:`-c ${t}`,exec_mode:"fork",env:{[et.PROCESS_NAME_ENV_PROP]:et.PROCESS_DESCRIPTORS.CLUSTERING_LEAF},merge_logs:!0,out_file:r,error_file:r,instances:1};return bs.get(et.HDB_SETTINGS_NAMES.LOG_TO_FILE)||(i.out_file=Of,i.error_file=Of),i}a(j_e,"generateNatsLeafServerConfig");function z_e(){bs.initSync();let e=_a.join(bs.get(et.CONFIG_PARAMS.LOGGING_ROOT),et.LOG_NAMES.HDB),t={name:et.PROCESS_DESCRIPTORS.CLUSTERING_UPGRADE_4_0_0,binFile:et.LAUNCH_SERVICE_SCRIPTS.NODES_UPGRADE_4_0_0,exec_mode:"fork",env:{[et.PROCESS_NAME_ENV_PROP]:et.PROCESS_DESCRIPTORS.CLUSTERING_UPGRADE_4_0_0},merge_logs:!0,out_file:e,error_file:e,instances:1,cwd:$_e,autorestart:!1};return bs.get(et.HDB_SETTINGS_NAMES.LOG_TO_FILE)||(t.out_file=Of,t.error_file=Of),t}a(z_e,"generateClusteringUpgradeV4ServiceConfig");function J_e(){let e={[et.PROCESS_NAME_ENV_PROP]:et.PROCESS_DESCRIPTORS.RESTART_HDB};return Hy.noBootFile()&&(e[et.CONFIG_PARAMS.ROOTPATH.toUpperCase()]=Hy.getEnvCliRootPath()),{...{name:et.PROCESS_DESCRIPTORS.RESTART_HDB,exec_mode:"fork",env:e,instances:1,autorestart:!1,cwd:qj},script:V_e}}a(J_e,"generateRestart");function Q_e(){return{apps:[Vj()]}}a(Q_e,"generateAllServiceConfigs");Kj.exports={generateAllServiceConfigs:Q_e,generateMainServerConfig:Vj,generateRestart:J_e,generateNatsHubServerConfig:Y_e,generateNatsLeafServerConfig:j_e,generateClusteringUpgradeV4ServiceConfig:z_e}});var Pf=M((Dke,Zj)=>{"use strict";var Lr=(G(),D(j)),Lke=ae(),Sa=ky(),qy=_r(),ga=Lt(),Pc=Yj(),mL=fe(),Lc=Q(),X_e=pa(),{startWorker:Wj,onMessageFromWorkers:Z_e}=st(),jj=require("fs"),ege=require("node:path"),tge=(G(),D(j)),{setTimeout:rge}=require("node:timers/promises"),{execFile:nge,fork:sge}=require("node:child_process");Zj.exports={start:Dc,restart:oge,kill:uge,startAllServices:dge,startService:Jj,restartHdb:age,startClusteringProcesses:Qj,startClusteringThreads:Xj,isHdbRestartRunning:cge,getHdbPid:lge,cleanupChildrenProcesses:rE,reloadClustering:mge,expectedRestartOfChildren:zj};Z_e(e=>{e.type==="restart"&&mL.initSync(!0)});var yo=[],ige=10,fL;function Dc(e,t=!1){let r=typeof e.args=="string"?e.args.split(" "):e.args;e.silent=!0,e.detached=!0;let n=e.script?sge(e.script,r,e):nge(e.binFile,r,e);n.name=e.name,n.config=e,n.on("error",(o,c)=>{console.error(o,c)}),n.on("exit",async o=>{let c=yo.indexOf(n);c>-1&&yo.splice(c,1),!fL&&o!==0&&(e.restarts=(e.restarts||0)+1,e.restarts<ige&&(jj.existsSync(Sa.getHubConfigPath())?Dc(e):(await Sa.generateNatsConfig(!0),Dc(e),await new Promise(l=>setTimeout(l,3e3)),await Sa.removeNatsConfig(Lr.PROCESS_DESCRIPTORS.CLUSTERING_HUB),await Sa.removeNatsConfig(Lr.PROCESS_DESCRIPTORS.CLUSTERING_LEAF))))});let s={serviceName:e.name.replace(/ /g,"-")};function i(o){let c=mL.get(Lr.CONFIG_PARAMS.CLUSTERING_LOGLEVEL),l=/\[\d+][^\[]+\[(\w+)]/g,u,d=0,f;for(;u=l.exec(o);){if(u.index&&ga.LOG_LEVEL_HIERARCHY[c]>=ga.LOG_LEVEL_HIERARCHY[f||"info"]){let h=f===ga.LOG_LEVELS.ERR||f===ga.LOG_LEVELS.WRN?Lc.OUTPUTS.STDERR:Lc.OUTPUTS.STDOUT;Lc.logCustomLevel(f||"info",h,s,o.slice(d,u.index).trim())}let[m,p]=u;d=u.index+m.length,f=ga.LOG_LEVELS[p]}if(ga.LOG_LEVEL_HIERARCHY[c]>=ga.LOG_LEVEL_HIERARCHY[f||"info"]){let m=f===ga.LOG_LEVELS.ERR||f===ga.LOG_LEVELS.WRN?Lc.OUTPUTS.STDERR:Lc.OUTPUTS.STDOUT;Lc.logCustomLevel(f||"info",m,s,o.toString().slice(d).trim())}}a(i,"extractMessages"),n.stdout.on("data",i),n.stderr.on("data",i),n.unref(),yo.length===0&&(t||(process.on("exit",rE),process.on("SIGINT",rE),process.on("SIGQUIT",rE),process.on("SIGTERM",rE))),yo.push(n)}a(Dc,"start");function rE(e=!0){if(!fL&&(fL=!0,yo.length!==0))if(Lc.info("Killing child processes..."),yo.map(t=>t.kill()),e)process.exit(0);else return rge(2e3)}a(rE,"cleanupChildrenProcesses");function oge(e){zj();for(let t of yo)t.name===e&&t.kill()}a(oge,"restart");function zj(){for(let e of yo)e.config&&(e.config.restarts=0)}a(zj,"expectedRestartOfChildren");async function age(){await Dc(Pc.generateRestart())}a(age,"restartHdb");async function cge(){let e=await list();for(let t in e)if(e[t].name===Lr.PROCESS_DESCRIPTORS.RESTART_HDB)return!0;return!1}a(cge,"isHdbRestartRunning");function lge(){let e=mL.getHdbBasePath();if(!e)return;let t=ege.join(e,tge.HDB_PID_FILE),r=pge(t);if(!(!r||r===process.pid)&&hge(r))return r}a(lge,"getHdbPid");function uge(){for(let e of yo)e.kill();yo=[]}a(uge,"kill");async function dge(){await Qj(),await Xj(),await Dc(Pc.generateAllServiceConfigs())}a(dge,"startAllServices");async function Jj(e,t=!1){let r;switch(e=e.toLowerCase(),e){case Lr.PROCESS_DESCRIPTORS.HDB.toLowerCase():r=Pc.generateMainServerConfig();break;case Lr.PROCESS_DESCRIPTORS.CLUSTERING_INGEST_SERVICE.toLowerCase():r=Pc.generateNatsIngestServiceConfig();break;case Lr.PROCESS_DESCRIPTORS.CLUSTERING_REPLY_SERVICE.toLowerCase():r=Pc.generateNatsReplyServiceConfig();break;case Lr.PROCESS_DESCRIPTORS.CLUSTERING_HUB.toLowerCase():r=Pc.generateNatsHubServerConfig(),await Dc(r,t),await Sa.removeNatsConfig(e);return;case Lr.PROCESS_DESCRIPTORS.CLUSTERING_LEAF.toLowerCase():r=Pc.generateNatsLeafServerConfig(),await Dc(r,t),await Sa.removeNatsConfig(e);return;case Lr.PROCESS_DESCRIPTORS.CLUSTERING_UPGRADE_4_0_0.toLowerCase():r=Pc.generateClusteringUpgradeV4ServiceConfig();break;default:throw new Error(`Start service called with unknown service config: ${e}`)}Dc(r,t)}a(Jj,"startService");var fge;async function Qj(e=!1){for(let t in Lr.CLUSTERING_PROCESSES){let r=Lr.CLUSTERING_PROCESSES[t];await Jj(r,e)}}a(Qj,"startClusteringProcesses");async function Xj(){fge=Wj(Lr.LAUNCH_SERVICE_SCRIPTS.NATS_REPLY_SERVICE,{name:Lr.PROCESS_DESCRIPTORS.CLUSTERING_REPLY_SERVICE});try{await qy.deleteLocalStream("__HARPERDB_WORK_QUEUE__")}catch{}await qy.updateLocalStreams();let e=await X_e.getAllNodeRecords();for(let t=0,r=e.length;t<r;t++)if(e[t].system_info?.hdb_version===Lr.PRE_4_0_0_VERSION){Lc.info("Starting clustering upgrade 4.0.0 process"),Wj(Lr.LAUNCH_SERVICE_SCRIPTS.NODES_UPGRADE_4_0_0,{name:"Upgrade-4-0-0"});break}}a(Xj,"startClusteringThreads");async function mge(){await Sa.generateNatsConfig(!0),await qy.reloadNATSHub(),await qy.reloadNATSLeaf(),await Sa.removeNatsConfig(Lr.PROCESS_DESCRIPTORS.CLUSTERING_HUB.toLowerCase()),await Sa.removeNatsConfig(Lr.PROCESS_DESCRIPTORS.CLUSTERING_LEAF.toLowerCase())}a(mge,"reloadClustering");function pge(e){try{return Number.parseInt(jj.readFileSync(e,"utf8"),10)}catch{return null}}a(pge,"readPidFile");function hge(e){try{return process.kill(e,0),!0}catch(t){return t.code==="EPERM"}}a(hge,"isProcessRunning")});var EL={};ye(EL,{compactOnStart:()=>Ege,copyDb:()=>iz});async function Ege(){Ta.notify("Running compact on start"),console.log("Running compact on start");let e=(0,pL.get)(x.ROOTPATH),t=new Map,r=lt();(0,hL.updateConfigValue)(x.STORAGE_COMPACTONSTART,!1);try{for(let n in r){if(n==="system"||n.endsWith("-copy"))continue;let s;for(let l in r[n]){s=r[n][l].primaryStore.path;break}if(!s){console.log("Couldn't find any tables in database",n);continue}let i=(0,$y.join)(e,"backup",n+".mdb"),o=(0,$y.join)(e,Zc,n+"-copy.mdb"),c=0;try{c=await ez(n),console.log("Database",n,"before compact has a total record count of",c)}catch(l){Ta.error("Error getting record count for database",n,l),console.error("Error getting record count for database",n,l)}t.set(n,{dbPath:s,copyDest:o,backupDest:i,recordCount:c}),await iz(n,o),console.log("Backing up",n,"to",i);try{await(0,ou.move)(s,i,{overwrite:!0})}catch(l){console.log("Error moving database",s,"to",i,l)}console.log("Moving copy compacted",n,"to",s),await(0,ou.move)(o,s,{overwrite:!0}),await(0,ou.remove)((0,$y.join)(e,Zc,`${n}-copy.mdb-lock`))}try{Md()}catch(n){Ta.error("Error resetting databases after backup",n),console.error("Error resetting databases after backup",n)}try{Md()}catch(n){Ta.error("Error resetting databases after backup",n),console.error("Error resetting databases after backup",n),process.exit(0)}}catch(n){Ta.error("Error compacting database, rolling back operation",n),console.error("Error compacting database, rolling back operation",n),(0,hL.updateConfigValue)(x.STORAGE_COMPACTONSTART,!1);for(let[s,{dbPath:i,backupDest:o}]of t){console.error("Moving backup database",o,"back to",i);try{await(0,ou.move)(o,i,{overwrite:!0})}catch(c){console.error(c)}}throw Md(),n}for(let[n,{backupDest:s,recordCount:i}]of t){let o=await ez(n);if(console.log("Database",n,"after compact has a total record count of",o),i!==o){let c=`There is a discrepancy between pre and post compact record count for database ${n}.
 Total record count before compaction: ${i}, total after: ${o}.
 Database backup has not been removed and can be found here: ${s}`;Ta.warn(c),console.warn(c)}(0,pL.get)(x.STORAGE_COMPACTONSTARTKEEPBACKUP)!==!0&&(console.log("Removing backup",s),await(0,ou.remove)(s))}}async function ez(e){let t=await(0,sz.describeSchema)({database:e}),r=0;for(let n in t)r+=t[n].record_count;return r}function Lf(){}async function iz(e,t){console.log(`Copying database ${e} to ${t}`);let r=lt()[e];if(!r)throw new Error(`Source database not found: ${e}`);let n;for(let f in r){let m=r[f];m.primaryStore.put=Lf,m.primaryStore.remove=Lf;for(let p in m.indices){let h=m.indices[p];h.put=Lf,h.remove=Lf}m.auditStore&&(m.auditStore.put=Lf,m.auditStore.remove=Lf),n=m.primaryStore.rootStore}if(!n)throw new Error(`Source database does not have any tables: ${e}`);let s=n.dbisDb,i=n.auditStore,o=(0,tz.open)(new rz.default(t)),c=o.openDB(Vy.INTERNAL_DBIS_NAME),l,u=0,d=s.useReadTransaction();try{for(let{key:m,value:p}of s.getRange({transaction:d})){let h=p.is_hash_attribute||p.isPrimaryKey,E,_;if(h&&(E=p.compression,_=PS(),_?p.compression=_:delete p.compression,E?.dictionary?.toString()===_?.dictionary?.toString()&&(E=null,_=null)),c.put(m,p),!(h||p.indexed))continue;let R=new nz.OpenDBIObject(!h,h);R.encoding="binary",R.compression=E;let S=n.openDB(m,R);S.decoder=null,S.decoderCopies=!1,S.encoding="binary",R.compression=_;let y=o.openDB(m,R);y.encoder=null,console.log("copying",m,"from",e,"to",t),await f(S,y,h,d)}if(i){let m=n.openDB(Vy.AUDIT_STORE_NAME,Vm);console.log("copying audit log for",e,"to",t),f(i,m,!1,d)}async function f(m,p,h,E){let _=0,R=0,S=0,y=1e7,w=null;for(;y-- >0;)try{for(let I of m.getKeys({start:w,transaction:E}))try{w=I;let{value:H,version:X}=m.getEntry(I,{transaction:E});if(H?.length<14&&h){S++;continue}l=p.put(I,H,h?X:void 0),_++,E.openTimer&&(E.openTimer=0),R+=(I?.length||10)+H.length,u++>5e3&&(await l,console.log("copied",_,"entries",S,"delete records,",R,"bytes"),u=0)}catch(H){console.error("Error copying record",typeof I=="symbol"?"symbol":I,"from",e,"to",t,H)}console.log("finish copying, copied",_,"entries",S,"delete records,",R,"bytes");return}catch{if(typeof w=="string"){if(w==="z")return console.error("Reached end of dbi",w,"for",e,"to",t);w=w.slice(0,-2)+"z"}else if(typeof w=="number")w++;else return console.error("Unknown key type",w,"for",e,"to",t)}}a(f,"copyDbi"),await l,console.log("copied database "+e+" to "+t)}finally{d.done(),o.close()}}var tz,$y,ou,pL,rz,nz,Vy,sz,hL,Ta,_L=se(()=>{Oe();tz=require("lmdb"),$y=require("path"),ou=require("fs-extra"),pL=b(fe()),rz=b(sp()),nz=b(np()),Vy=b(Jt());G();Gi();sz=b(Vl()),hL=b(gt()),Ta=b(Q());a(Ege,"compactOnStart");a(ez,"getTotalDBRecordCount");a(Lf,"noop");a(iz,"copyDb")});var SL=M((Fke,oz)=>{"use strict";var nE=fe();nE.initSync();var Df=require("fs-extra"),gL=require("path"),vf=(G(),D(j)),_ge=require("crypto"),gge=require("uuid").v4;oz.exports=Sge;function Sge(){if(nE.getHdbBasePath()!==void 0){let e=gL.join(nE.getHdbBasePath(),vf.LICENSE_KEY_DIR_NAME,vf.JWT_ENUM.JWT_PRIVATE_KEY_NAME),t=gL.join(nE.getHdbBasePath(),vf.LICENSE_KEY_DIR_NAME,vf.JWT_ENUM.JWT_PUBLIC_KEY_NAME),r=gL.join(nE.getHdbBasePath(),vf.LICENSE_KEY_DIR_NAME,vf.JWT_ENUM.JWT_PASSPHRASE_NAME);try{Df.accessSync(r),Df.accessSync(e),Df.accessSync(t)}catch(n){if(n.code==="ENOENT"){let s=gge(),i=_ge.generateKeyPairSync("rsa",{modulusLength:4096,publicKeyEncoding:{type:"spki",format:"pem"},privateKeyEncoding:{type:"pkcs8",format:"pem",cipher:"aes-256-cbc",passphrase:s}});Df.writeFileSync(r,s),Df.writeFileSync(e,i.privateKey),Df.writeFileSync(t,i.publicKey)}else throw n}}}a(Sge,"checkJWTTokenExist")});var cz=M((Hke,az)=>{"use strict";var TL=class{static{a(this,"HdbInfoInsertObject")}constructor(t,r,n){this.info_id=t,this.data_version_num=r,this.hdb_version_num=n}};az.exports={HdbInfoInsertObject:TL}});var dz=M((qke,uz)=>{"use strict";var lz=(G(),D(j)),yL=class{static{a(this,"UpgradeObject")}constructor(t,r){this[lz.UPGRADE_JSON_FIELD_NAMES_ENUM.DATA_VERSION]=t,this[lz.UPGRADE_JSON_FIELD_NAMES_ENUM.UPGRADE_VERSION]=r}};uz.exports={UpgradeObject:yL}});var Ky=M((Vke,mz)=>{"use strict";var js=require("prompt"),Mf=require("chalk"),fz=Q(),bi=require("os"),RL=el(),bL=["yes","y"];async function Tge(e){let t=`${bi.EOL}`+Mf.bold.green("Your current HarperDB version requires that we complete an update process.")+`${bi.EOL}If a backup of your data has not been created, we recommend you cancel this process and backup before proceeding.${bi.EOL}${bi.EOL}You can read more about the changes in this upgrade at https://harperdb.io/developers/release-notes/${bi.EOL}`;js.override=RL(["CONFIRM_UPGRADE"]),js.start(),js.message=t;let r={properties:{CONFIRM_UPGRADE:{description:Mf.magenta(`${bi.EOL}[CONFIRM_UPGRADE] Do you want to upgrade your HDB instance now? (yes/no)`),pattern:/y(es)?$|n(o)?$/,message:"Must respond 'yes' or 'no'",default:"no",required:!0}}},n;try{n=await js.get([r])}catch(s){return fz.error("There was an error when prompting user about an upgrade."),fz.error(s),!1}return bL.includes(n.CONFIRM_UPGRADE)}a(Tge,"forceUpdatePrompt");async function yge(e){let t=`${bi.EOL}`+Mf.bold.green(`Your installed HarperDB version is older than the version used to create your data. Downgrading is not recommended as it is not tested and guaranteed to work. However, if you need to downgrade, and a backup of your data has not been created, we recommend you cancel this process and backup before proceeding.${bi.EOL}`);js.override=RL(["CONFIRM_DOWNGRADE"]),js.start(),js.message=t;let r={properties:{CONFIRM_DOWNGRADE:{description:Mf.magenta(`${bi.EOL}[CONFIRM_DOWNGRADE] Do you want to proceed with using your downgraded HDB instance now? (yes/no)`),pattern:/y(es)?$|n(o)?$/,message:"Must respond 'yes' or 'no'",default:"no",required:!0}}},n=await js.get([r]);return bL.includes(n.CONFIRM_DOWNGRADE)}a(yge,"forceDowngradePrompt");async function Rge(){let e=`${bi.EOL}`+Mf.bold.green("We now require a Certifacte Authority certificate. HarperDB can generate all new certificates for you (your existing certificates will be backed up) or you can keep any existing certificates and add your own CA certificate. To add your own CA certificate set the <certificateAuthority> parameter in harperdb-config.yaml");js.override=RL(["GENERATE_CERTS"]),js.start(),js.message=e;let t={properties:{GENERATE_CERTS:{description:Mf.magenta(`${bi.EOL}[GENERATE_CERTS] Do you want HarperDB to generate all new certificates? (yes/no)`),pattern:/y(es)?$|n(o)?$/,message:"Must respond 'yes' or 'no'",default:"yes",required:!0}}},r=await js.get([t]);return bL.includes(r.GENERATE_CERTS)}a(Rge,"upgradeCertsPrompt");mz.exports={forceUpdatePrompt:Tge,forceDowngradePrompt:yge,upgradeCertsPrompt:Rge}});var Yy=M((Yke,pz)=>{"use strict";var AL=class{static{a(this,"UpgradeDirective")}constructor(t){this.version=t,this.sync_functions=[],this.async_functions=[]}};pz.exports=AL});var Ez=M((Xke,hz)=>{"use strict";var bge=ae(),Age=gt(),jke=Q(),zke=require("path"),Jke=require("fs"),Qke=(G(),D(j));hz.exports={getOldPropsValue:Ige};function Ige(e,t,r=!1){let n=t.getRaw(e);return bge.isNotEmptyAndHasValue(n)?n:r?Age.getDefaultConfig(e):""}a(Ige,"getOldPropsValue")});var Tz=M((eHe,Sz)=>{"use strict";var vc=require("path"),Mc=require("fs-extra"),wge=require("properties-reader"),Nge=Yy(),Tr=Q(),{getOldPropsValue:St}=Ez(),{HDB_SETTINGS_NAMES:be,CONFIG_PARAMS:au}=(G(),D(j)),cu=gt(),Wy=fe(),_z=ae(),Ro=(G(),D(j)),IL=new Nge("3.1.0"),gz=[];function Cge(){let e=wge(Wy.get(be.SETTINGS_PATH_KEY)),t="Updating settings file for version 3.1.0";console.log(t),Tr.info(t);let r=`   ;Settings for the HarperDB process.