piclaw 0.0.20 → 0.0.21

package/.output/server/_libs/@aws-sdk/credential-provider-http+[...].mjs

@@ -1,122 +0,0 @@
-import { At as init_dist_es, Ft as require_client, Nt as CredentialsProviderError, St as HttpRequest, at as init_dist_es$2, gt as init_dist_es$4, it as dist_es_exports, lt as init_dist_es$3, ut as sdkStreamMixin, xt as init_dist_es$1, yt as NodeHttpHandler } from "./client-bedrock-runtime+[...].mjs";
-import fs from "node:fs/promises";
-init_dist_es();
-var ECS_CONTAINER_HOST = "169.254.170.2";
-var EKS_CONTAINER_HOST_IPv4 = "169.254.170.23";
-var EKS_CONTAINER_HOST_IPv6 = "[fd00:ec2::23]";
-const checkUrl = (url, logger) => {
-	if (url.protocol === "https:") return;
-	if (url.hostname === ECS_CONTAINER_HOST || url.hostname === EKS_CONTAINER_HOST_IPv4 || url.hostname === EKS_CONTAINER_HOST_IPv6) return;
-	if (url.hostname.includes("[")) {
-		if (url.hostname === "[::1]" || url.hostname === "[0000:0000:0000:0000:0000:0000:0000:0001]") return;
-	} else {
-		if (url.hostname === "localhost") return;
-		const ipComponents = url.hostname.split(".");
-		const inRange = (component) => {
-			const num = parseInt(component, 10);
-			return 0 <= num && num <= 255;
-		};
-		if (ipComponents[0] === "127" && inRange(ipComponents[1]) && inRange(ipComponents[2]) && inRange(ipComponents[3]) && ipComponents.length === 4) return;
-	}
-	throw new CredentialsProviderError(`URL not accepted. It must either be HTTPS or match one of the following:
-  - loopback CIDR 127.0.0.0/8 or [::1/128]
-  - ECS container host 169.254.170.2
-  - EKS container host 169.254.170.23 or [fd00:ec2::23]`, { logger });
-};
-init_dist_es();
-init_dist_es$1();
-init_dist_es$2();
-init_dist_es$3();
-function createGetRequest(url) {
-	return new HttpRequest({
-		protocol: url.protocol,
-		hostname: url.hostname,
-		port: Number(url.port),
-		path: url.pathname,
-		query: Array.from(url.searchParams.entries()).reduce((acc, [k, v]) => {
-			acc[k] = v;
-			return acc;
-		}, {}),
-		fragment: url.hash
-	});
-}
-async function getCredentials(response, logger) {
-	const str = await sdkStreamMixin(response.body).transformToString();
-	if (response.statusCode === 200) {
-		const parsed = JSON.parse(str);
-		if (typeof parsed.AccessKeyId !== "string" || typeof parsed.SecretAccessKey !== "string" || typeof parsed.Token !== "string" || typeof parsed.Expiration !== "string") throw new CredentialsProviderError("HTTP credential provider response not of the required format, an object matching: { AccessKeyId: string, SecretAccessKey: string, Token: string, Expiration: string(rfc3339) }", { logger });
-		return {
-			accessKeyId: parsed.AccessKeyId,
-			secretAccessKey: parsed.SecretAccessKey,
-			sessionToken: parsed.Token,
-			expiration: (0, dist_es_exports.parseRfc3339DateTime)(parsed.Expiration)
-		};
-	}
-	if (response.statusCode >= 400 && response.statusCode < 500) {
-		let parsedBody = {};
-		try {
-			parsedBody = JSON.parse(str);
-		} catch (e) {}
-		throw Object.assign(new CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger }), {
-			Code: parsedBody.Code,
-			Message: parsedBody.Message
-		});
-	}
-	throw new CredentialsProviderError(`Server responded with status: ${response.statusCode}`, { logger });
-}
-const retryWrapper = (toRetry, maxRetries, delayMs) => {
-	return async () => {
-		for (let i = 0; i < maxRetries; ++i) try {
-			return await toRetry();
-		} catch (e) {
-			await new Promise((resolve) => setTimeout(resolve, delayMs));
-		}
-		return await toRetry();
-	};
-};
-var import_client = require_client();
-init_dist_es$4();
-init_dist_es();
-var AWS_CONTAINER_CREDENTIALS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI";
-var DEFAULT_LINK_LOCAL_HOST = "http://169.254.170.2";
-var AWS_CONTAINER_CREDENTIALS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI";
-var AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE";
-var AWS_CONTAINER_AUTHORIZATION_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN";
-const fromHttp = (options = {}) => {
-	options.logger?.debug("@aws-sdk/credential-provider-http - fromHttp");
-	let host;
-	const relative = options.awsContainerCredentialsRelativeUri ?? process.env[AWS_CONTAINER_CREDENTIALS_RELATIVE_URI];
-	const full = options.awsContainerCredentialsFullUri ?? process.env[AWS_CONTAINER_CREDENTIALS_FULL_URI];
-	const token = options.awsContainerAuthorizationToken ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN];
-	const tokenFile = options.awsContainerAuthorizationTokenFile ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE];
-	const warn = options.logger?.constructor?.name === "NoOpLogger" || !options.logger?.warn ? console.warn : options.logger.warn.bind(options.logger);
-	if (relative && full) {
-		warn("@aws-sdk/credential-provider-http: you have set both awsContainerCredentialsRelativeUri and awsContainerCredentialsFullUri.");
-		warn("awsContainerCredentialsFullUri will take precedence.");
-	}
-	if (token && tokenFile) {
-		warn("@aws-sdk/credential-provider-http: you have set both awsContainerAuthorizationToken and awsContainerAuthorizationTokenFile.");
-		warn("awsContainerAuthorizationToken will take precedence.");
-	}
-	if (full) host = full;
-	else if (relative) host = `${DEFAULT_LINK_LOCAL_HOST}${relative}`;
-	else throw new CredentialsProviderError(`No HTTP credential provider host provided.
-Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.`, { logger: options.logger });
-	const url = new URL(host);
-	checkUrl(url, options.logger);
-	const requestHandler = NodeHttpHandler.create({
-		requestTimeout: options.timeout ?? 1e3,
-		connectionTimeout: options.timeout ?? 1e3
-	});
-	return retryWrapper(async () => {
-		const request = createGetRequest(url);
-		if (token) request.headers.Authorization = token;
-		else if (tokenFile) request.headers.Authorization = (await fs.readFile(tokenFile)).toString();
-		try {
-			return getCredentials((await requestHandler.handle(request)).response).then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_HTTP", "z"));
-		} catch (e) {
-			throw new CredentialsProviderError(String(e), { logger: options.logger });
-		}
-	}, options.maxRetries ?? 3, options.timeout ?? 1e3);
-};
-export { fromHttp as t };

package/.output/server/_libs/@aws-sdk/credential-provider-ini+[...].mjs

@@ -1,417 +0,0 @@
-import { s as __toESM } from "../../_runtime.mjs";
-import { At as init_dist_es, Ft as require_client, Nt as CredentialsProviderError, Q as parseKnownFiles, St as HttpRequest, X as init_dist_es$1, et as readFile, jt as chain, rt as getProfileName, xt as init_dist_es$2 } from "./client-bedrock-runtime+[...].mjs";
-import { promises } from "node:fs";
-import { dirname, join } from "node:path";
-import { createHash, createPrivateKey, createPublicKey, sign } from "node:crypto";
-import { homedir } from "node:os";
-var import_client = require_client();
-init_dist_es();
-const resolveCredentialSource = (credentialSource, profileName, logger) => {
-	const sourceProvidersMap = {
-		EcsContainer: async (options) => {
-			const { fromHttp } = await import("../_3.mjs");
-			const { fromContainerMetadata } = await import("../_15.mjs");
-			logger?.debug("@aws-sdk/credential-provider-ini - credential_source is EcsContainer");
-			return async () => chain(fromHttp(options ?? {}), fromContainerMetadata(options))().then(setNamedProvider);
-		},
-		Ec2InstanceMetadata: async (options) => {
-			logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata");
-			const { fromInstanceMetadata } = await import("../_15.mjs");
-			return async () => fromInstanceMetadata(options)().then(setNamedProvider);
-		},
-		Environment: async (options) => {
-			logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Environment");
-			const { fromEnv } = await import("../_.mjs");
-			return async () => fromEnv(options)().then(setNamedProvider);
-		}
-	};
-	if (credentialSource in sourceProvidersMap) return sourceProvidersMap[credentialSource];
-	else throw new CredentialsProviderError(`Unsupported credential source in profile ${profileName}. Got ${credentialSource}, expected EcsContainer or Ec2InstanceMetadata or Environment.`, { logger });
-};
-var setNamedProvider = (creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_NAMED_PROVIDER", "p");
-init_dist_es();
-init_dist_es$1();
-const isAssumeRoleProfile = (arg, { profile = "default", logger } = {}) => {
-	return Boolean(arg) && typeof arg === "object" && typeof arg.role_arn === "string" && ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1 && ["undefined", "string"].indexOf(typeof arg.external_id) > -1 && ["undefined", "string"].indexOf(typeof arg.mfa_serial) > -1 && (isAssumeRoleWithSourceProfile(arg, {
-		profile,
-		logger
-	}) || isCredentialSourceProfile(arg, {
-		profile,
-		logger
-	}));
-};
-var isAssumeRoleWithSourceProfile = (arg, { profile, logger }) => {
-	const withSourceProfile = typeof arg.source_profile === "string" && typeof arg.credential_source === "undefined";
-	if (withSourceProfile) logger?.debug?.(`    ${profile} isAssumeRoleWithSourceProfile source_profile=${arg.source_profile}`);
-	return withSourceProfile;
-};
-var isCredentialSourceProfile = (arg, { profile, logger }) => {
-	const withProviderProfile = typeof arg.credential_source === "string" && typeof arg.source_profile === "undefined";
-	if (withProviderProfile) logger?.debug?.(`    ${profile} isCredentialSourceProfile credential_source=${arg.credential_source}`);
-	return withProviderProfile;
-};
-const resolveAssumeRoleCredentials = async (profileName, profiles, options, callerClientConfig, visitedProfiles = {}, resolveProfileData) => {
-	options.logger?.debug("@aws-sdk/credential-provider-ini - resolveAssumeRoleCredentials (STS)");
-	const profileData = profiles[profileName];
-	const { source_profile, region } = profileData;
-	if (!options.roleAssumer) {
-		const { getDefaultRoleAssumer } = await import("../_11.mjs").then((m) => /* @__PURE__ */ __toESM(m.default));
-		options.roleAssumer = getDefaultRoleAssumer({
-			...options.clientConfig,
-			credentialProviderLogger: options.logger,
-			parentClientConfig: {
-				...callerClientConfig,
-				...options?.parentClientConfig,
-				region: region ?? options?.parentClientConfig?.region ?? callerClientConfig?.region
-			}
-		}, options.clientPlugins);
-	}
-	if (source_profile && source_profile in visitedProfiles) throw new CredentialsProviderError(`Detected a cycle attempting to resolve credentials for profile ${getProfileName(options)}. Profiles visited: ` + Object.keys(visitedProfiles).join(", "), { logger: options.logger });
-	options.logger?.debug(`@aws-sdk/credential-provider-ini - finding credential resolver using ${source_profile ? `source_profile=[${source_profile}]` : `profile=[${profileName}]`}`);
-	const sourceCredsProvider = source_profile ? resolveProfileData(source_profile, profiles, options, callerClientConfig, {
-		...visitedProfiles,
-		[source_profile]: true
-	}, isCredentialSourceWithoutRoleArn(profiles[source_profile] ?? {})) : (await resolveCredentialSource(profileData.credential_source, profileName, options.logger)(options))();
-	if (isCredentialSourceWithoutRoleArn(profileData)) return sourceCredsProvider.then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SOURCE_PROFILE", "o"));
-	else {
-		const params = {
-			RoleArn: profileData.role_arn,
-			RoleSessionName: profileData.role_session_name || `aws-sdk-js-${Date.now()}`,
-			ExternalId: profileData.external_id,
-			DurationSeconds: parseInt(profileData.duration_seconds || "3600", 10)
-		};
-		const { mfa_serial } = profileData;
-		if (mfa_serial) {
-			if (!options.mfaCodeProvider) throw new CredentialsProviderError(`Profile ${profileName} requires multi-factor authentication, but no MFA code callback was provided.`, {
-				logger: options.logger,
-				tryNextLink: false
-			});
-			params.SerialNumber = mfa_serial;
-			params.TokenCode = await options.mfaCodeProvider(mfa_serial);
-		}
-		const sourceCreds = await sourceCredsProvider;
-		return options.roleAssumer(sourceCreds, params).then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SOURCE_PROFILE", "o"));
-	}
-};
-var isCredentialSourceWithoutRoleArn = (section) => {
-	return !section.role_arn && !!section.credential_source;
-};
-init_dist_es();
-init_dist_es$2();
-init_dist_es$1();
-var LoginCredentialsFetcher = class LoginCredentialsFetcher {
-	profileData;
-	init;
-	callerClientConfig;
-	static REFRESH_THRESHOLD = 300 * 1e3;
-	constructor(profileData, init, callerClientConfig) {
-		this.profileData = profileData;
-		this.init = init;
-		this.callerClientConfig = callerClientConfig;
-	}
-	async loadCredentials() {
-		const token = await this.loadToken();
-		if (!token) throw new CredentialsProviderError(`Failed to load a token for session ${this.loginSession}, please re-authenticate using aws login`, {
-			tryNextLink: false,
-			logger: this.logger
-		});
-		const accessToken = token.accessToken;
-		const now = Date.now();
-		if (new Date(accessToken.expiresAt).getTime() - now <= LoginCredentialsFetcher.REFRESH_THRESHOLD) return this.refresh(token);
-		return {
-			accessKeyId: accessToken.accessKeyId,
-			secretAccessKey: accessToken.secretAccessKey,
-			sessionToken: accessToken.sessionToken,
-			accountId: accessToken.accountId,
-			expiration: new Date(accessToken.expiresAt)
-		};
-	}
-	get logger() {
-		return this.init?.logger;
-	}
-	get loginSession() {
-		return this.profileData.login_session;
-	}
-	async refresh(token) {
-		const { SigninClient, CreateOAuth2TokenCommand } = await import("../_9.mjs").then((m) => /* @__PURE__ */ __toESM(m.default));
-		const { logger, userAgentAppId } = this.callerClientConfig ?? {};
-		const isH2 = (requestHandler) => {
-			return requestHandler?.metadata?.handlerProtocol === "h2";
-		};
-		const requestHandler = isH2(this.callerClientConfig?.requestHandler) ? void 0 : this.callerClientConfig?.requestHandler;
-		const client = new SigninClient({
-			credentials: {
-				accessKeyId: "",
-				secretAccessKey: ""
-			},
-			region: this.profileData.region ?? await this.callerClientConfig?.region?.() ?? process.env.AWS_REGION,
-			requestHandler,
-			logger,
-			userAgentAppId,
-			...this.init?.clientConfig
-		});
-		this.createDPoPInterceptor(client.middlewareStack);
-		const commandInput = { tokenInput: {
-			clientId: token.clientId,
-			refreshToken: token.refreshToken,
-			grantType: "refresh_token"
-		} };
-		try {
-			const response = await client.send(new CreateOAuth2TokenCommand(commandInput));
-			const { accessKeyId, secretAccessKey, sessionToken } = response.tokenOutput?.accessToken ?? {};
-			const { refreshToken, expiresIn } = response.tokenOutput ?? {};
-			if (!accessKeyId || !secretAccessKey || !sessionToken || !refreshToken) throw new CredentialsProviderError("Token refresh response missing required fields", {
-				logger: this.logger,
-				tryNextLink: false
-			});
-			const expiresInMs = (expiresIn ?? 900) * 1e3;
-			const expiration = new Date(Date.now() + expiresInMs);
-			const updatedToken = {
-				...token,
-				accessToken: {
-					...token.accessToken,
-					accessKeyId,
-					secretAccessKey,
-					sessionToken,
-					expiresAt: expiration.toISOString()
-				},
-				refreshToken
-			};
-			await this.saveToken(updatedToken);
-			const newAccessToken = updatedToken.accessToken;
-			return {
-				accessKeyId: newAccessToken.accessKeyId,
-				secretAccessKey: newAccessToken.secretAccessKey,
-				sessionToken: newAccessToken.sessionToken,
-				accountId: newAccessToken.accountId,
-				expiration
-			};
-		} catch (error) {
-			if (error.name === "AccessDeniedException") {
-				const errorType = error.error;
-				let message;
-				switch (errorType) {
-					case "TOKEN_EXPIRED":
-						message = "Your session has expired. Please reauthenticate.";
-						break;
-					case "USER_CREDENTIALS_CHANGED":
-						message = "Unable to refresh credentials because of a change in your password. Please reauthenticate with your new password.";
-						break;
-					case "INSUFFICIENT_PERMISSIONS":
-						message = "Unable to refresh credentials due to insufficient permissions. You may be missing permission for the 'CreateOAuth2Token' action.";
-						break;
-					default: message = `Failed to refresh token: ${String(error)}. Please re-authenticate using \`aws login\``;
-				}
-				throw new CredentialsProviderError(message, {
-					logger: this.logger,
-					tryNextLink: false
-				});
-			}
-			throw new CredentialsProviderError(`Failed to refresh token: ${String(error)}. Please re-authenticate using aws login`, { logger: this.logger });
-		}
-	}
-	async loadToken() {
-		const tokenFilePath = this.getTokenFilePath();
-		try {
-			let tokenData;
-			try {
-				tokenData = await readFile(tokenFilePath, { ignoreCache: this.init?.ignoreCache });
-			} catch {
-				tokenData = await promises.readFile(tokenFilePath, "utf8");
-			}
-			const token = JSON.parse(tokenData);
-			const missingFields = [
-				"accessToken",
-				"clientId",
-				"refreshToken",
-				"dpopKey"
-			].filter((k) => !token[k]);
-			if (!token.accessToken?.accountId) missingFields.push("accountId");
-			if (missingFields.length > 0) throw new CredentialsProviderError(`Token validation failed, missing fields: ${missingFields.join(", ")}`, {
-				logger: this.logger,
-				tryNextLink: false
-			});
-			return token;
-		} catch (error) {
-			throw new CredentialsProviderError(`Failed to load token from ${tokenFilePath}: ${String(error)}`, {
-				logger: this.logger,
-				tryNextLink: false
-			});
-		}
-	}
-	async saveToken(token) {
-		const tokenFilePath = this.getTokenFilePath();
-		const directory = dirname(tokenFilePath);
-		try {
-			await promises.mkdir(directory, { recursive: true });
-		} catch (error) {}
-		await promises.writeFile(tokenFilePath, JSON.stringify(token, null, 2), "utf8");
-	}
-	getTokenFilePath() {
-		const directory = process.env.AWS_LOGIN_CACHE_DIRECTORY ?? join(homedir(), ".aws", "login", "cache");
-		const loginSessionBytes = Buffer.from(this.loginSession, "utf8");
-		return join(directory, `${createHash("sha256").update(loginSessionBytes).digest("hex")}.json`);
-	}
-	derToRawSignature(derSignature) {
-		let offset = 2;
-		if (derSignature[offset] !== 2) throw new Error("Invalid DER signature");
-		offset++;
-		const rLength = derSignature[offset++];
-		let r = derSignature.subarray(offset, offset + rLength);
-		offset += rLength;
-		if (derSignature[offset] !== 2) throw new Error("Invalid DER signature");
-		offset++;
-		const sLength = derSignature[offset++];
-		let s = derSignature.subarray(offset, offset + sLength);
-		r = r[0] === 0 ? r.subarray(1) : r;
-		s = s[0] === 0 ? s.subarray(1) : s;
-		const rPadded = Buffer.concat([Buffer.alloc(32 - r.length), r]);
-		const sPadded = Buffer.concat([Buffer.alloc(32 - s.length), s]);
-		return Buffer.concat([rPadded, sPadded]);
-	}
-	createDPoPInterceptor(middlewareStack) {
-		middlewareStack.add((next) => async (args) => {
-			if (HttpRequest.isInstance(args.request)) {
-				const request = args.request;
-				const actualEndpoint = `${request.protocol}//${request.hostname}${request.port ? `:${request.port}` : ""}${request.path}`;
-				const dpop = await this.generateDpop(request.method, actualEndpoint);
-				request.headers = {
-					...request.headers,
-					DPoP: dpop
-				};
-			}
-			return next(args);
-		}, {
-			step: "finalizeRequest",
-			name: "dpopInterceptor",
-			override: true
-		});
-	}
-	async generateDpop(method = "POST", endpoint) {
-		const token = await this.loadToken();
-		try {
-			const privateKey = createPrivateKey({
-				key: token.dpopKey,
-				format: "pem",
-				type: "sec1"
-			});
-			const publicDer = createPublicKey(privateKey).export({
-				format: "der",
-				type: "spki"
-			});
-			let pointStart = -1;
-			for (let i = 0; i < publicDer.length; i++) if (publicDer[i] === 4) {
-				pointStart = i;
-				break;
-			}
-			const x = publicDer.slice(pointStart + 1, pointStart + 33);
-			const y = publicDer.slice(pointStart + 33, pointStart + 65);
-			const header = {
-				alg: "ES256",
-				typ: "dpop+jwt",
-				jwk: {
-					kty: "EC",
-					crv: "P-256",
-					x: x.toString("base64url"),
-					y: y.toString("base64url")
-				}
-			};
-			const payload = {
-				jti: crypto.randomUUID(),
-				htm: method,
-				htu: endpoint,
-				iat: Math.floor(Date.now() / 1e3)
-			};
-			const message = `${Buffer.from(JSON.stringify(header)).toString("base64url")}.${Buffer.from(JSON.stringify(payload)).toString("base64url")}`;
-			const asn1Signature = sign("sha256", Buffer.from(message), privateKey);
-			return `${message}.${this.derToRawSignature(asn1Signature).toString("base64url")}`;
-		} catch (error) {
-			throw new CredentialsProviderError(`Failed to generate Dpop proof: ${error instanceof Error ? error.message : String(error)}`, {
-				logger: this.logger,
-				tryNextLink: false
-			});
-		}
-	}
-};
-init_dist_es();
-init_dist_es$1();
-const fromLoginCredentials = (init) => async ({ callerClientConfig } = {}) => {
-	init?.logger?.debug?.("@aws-sdk/credential-providers - fromLoginCredentials");
-	const profiles = await parseKnownFiles(init || {});
-	const profileName = getProfileName({ profile: init?.profile ?? callerClientConfig?.profile });
-	const profile = profiles[profileName];
-	if (!profile?.login_session) throw new CredentialsProviderError(`Profile ${profileName} does not contain login_session.`, {
-		tryNextLink: true,
-		logger: init?.logger
-	});
-	return (0, import_client.setCredentialFeature)(await new LoginCredentialsFetcher(profile, init, callerClientConfig).loadCredentials(), "CREDENTIALS_LOGIN", "AD");
-};
-const isLoginProfile = (data) => {
-	return Boolean(data && data.login_session);
-};
-const resolveLoginCredentials = async (profileName, options, callerClientConfig) => {
-	return (0, import_client.setCredentialFeature)(await fromLoginCredentials({
-		...options,
-		profile: profileName
-	})({ callerClientConfig }), "CREDENTIALS_PROFILE_LOGIN", "AC");
-};
-const isProcessProfile = (arg) => Boolean(arg) && typeof arg === "object" && typeof arg.credential_process === "string";
-const resolveProcessCredentials = async (options, profile) => import("../_5.mjs").then(({ fromProcess }) => fromProcess({
-	...options,
-	profile
-})().then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_PROCESS", "v")));
-const resolveSsoCredentials = async (profile, profileData, options = {}, callerClientConfig) => {
-	const { fromSSO } = await import("../_6.mjs");
-	return fromSSO({
-		profile,
-		logger: options.logger,
-		parentClientConfig: options.parentClientConfig,
-		clientConfig: options.clientConfig
-	})({ callerClientConfig }).then((creds) => {
-		if (profileData.sso_session) return (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SSO", "r");
-		else return (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_SSO_LEGACY", "t");
-	});
-};
-const isSsoProfile = (arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string");
-const isStaticCredsProfile = (arg) => Boolean(arg) && typeof arg === "object" && typeof arg.aws_access_key_id === "string" && typeof arg.aws_secret_access_key === "string" && ["undefined", "string"].indexOf(typeof arg.aws_session_token) > -1 && ["undefined", "string"].indexOf(typeof arg.aws_account_id) > -1;
-const resolveStaticCredentials = async (profile, options) => {
-	options?.logger?.debug("@aws-sdk/credential-provider-ini - resolveStaticCredentials");
-	return (0, import_client.setCredentialFeature)({
-		accessKeyId: profile.aws_access_key_id,
-		secretAccessKey: profile.aws_secret_access_key,
-		sessionToken: profile.aws_session_token,
-		...profile.aws_credential_scope && { credentialScope: profile.aws_credential_scope },
-		...profile.aws_account_id && { accountId: profile.aws_account_id }
-	}, "CREDENTIALS_PROFILE", "n");
-};
-const isWebIdentityProfile = (arg) => Boolean(arg) && typeof arg === "object" && typeof arg.web_identity_token_file === "string" && typeof arg.role_arn === "string" && ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1;
-const resolveWebIdentityCredentials = async (profile, options, callerClientConfig) => import("../_8.mjs").then(({ fromTokenFile }) => fromTokenFile({
-	webIdentityTokenFile: profile.web_identity_token_file,
-	roleArn: profile.role_arn,
-	roleSessionName: profile.role_session_name,
-	roleAssumerWithWebIdentity: options.roleAssumerWithWebIdentity,
-	logger: options.logger,
-	parentClientConfig: options.parentClientConfig
-})({ callerClientConfig }).then((creds) => (0, import_client.setCredentialFeature)(creds, "CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN", "q")));
-init_dist_es();
-const resolveProfileData = async (profileName, profiles, options, callerClientConfig, visitedProfiles = {}, isAssumeRoleRecursiveCall = false) => {
-	const data = profiles[profileName];
-	if (Object.keys(visitedProfiles).length > 0 && isStaticCredsProfile(data)) return resolveStaticCredentials(data, options);
-	if (isAssumeRoleRecursiveCall || isAssumeRoleProfile(data, {
-		profile: profileName,
-		logger: options.logger
-	})) return resolveAssumeRoleCredentials(profileName, profiles, options, callerClientConfig, visitedProfiles, resolveProfileData);
-	if (isStaticCredsProfile(data)) return resolveStaticCredentials(data, options);
-	if (isWebIdentityProfile(data)) return resolveWebIdentityCredentials(data, options, callerClientConfig);
-	if (isProcessProfile(data)) return resolveProcessCredentials(options, profileName);
-	if (isSsoProfile(data)) return await resolveSsoCredentials(profileName, data, options, callerClientConfig);
-	if (isLoginProfile(data)) return resolveLoginCredentials(profileName, options, callerClientConfig);
-	throw new CredentialsProviderError(`Could not resolve credentials using profile: [${profileName}] in configuration/credentials file(s).`, { logger: options.logger });
-};
-init_dist_es$1();
-const fromIni = (init = {}) => async ({ callerClientConfig } = {}) => {
-	init.logger?.debug("@aws-sdk/credential-provider-ini - fromIni");
-	const profiles = await parseKnownFiles(init);
-	return resolveProfileData(getProfileName({ profile: init.profile ?? callerClientConfig?.profile }), profiles, init, callerClientConfig);
-};
-export { fromIni as t };

package/.output/server/_libs/@aws-sdk/credential-provider-process+[...].mjs

@@ -1,54 +0,0 @@
-import { At as init_dist_es, Ft as require_client, Nt as CredentialsProviderError, Q as parseKnownFiles, X as init_dist_es$1, Z as externalDataInterceptor, rt as getProfileName } from "./client-bedrock-runtime+[...].mjs";
-import { exec } from "node:child_process";
-import { promisify } from "node:util";
-var import_client = require_client();
-const getValidatedProcessCredentials = (profileName, data, profiles) => {
-	if (data.Version !== 1) throw Error(`Profile ${profileName} credential_process did not return Version 1.`);
-	if (data.AccessKeyId === void 0 || data.SecretAccessKey === void 0) throw Error(`Profile ${profileName} credential_process returned invalid credentials.`);
-	if (data.Expiration) {
-		const currentTime = /* @__PURE__ */ new Date();
-		if (new Date(data.Expiration) < currentTime) throw Error(`Profile ${profileName} credential_process returned expired credentials.`);
-	}
-	let accountId = data.AccountId;
-	if (!accountId && profiles?.[profileName]?.aws_account_id) accountId = profiles[profileName].aws_account_id;
-	const credentials = {
-		accessKeyId: data.AccessKeyId,
-		secretAccessKey: data.SecretAccessKey,
-		...data.SessionToken && { sessionToken: data.SessionToken },
-		...data.Expiration && { expiration: new Date(data.Expiration) },
-		...data.CredentialScope && { credentialScope: data.CredentialScope },
-		...accountId && { accountId }
-	};
-	(0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_PROCESS", "w");
-	return credentials;
-};
-init_dist_es();
-init_dist_es$1();
-const resolveProcessCredentials = async (profileName, profiles, logger) => {
-	const profile = profiles[profileName];
-	if (profiles[profileName]) {
-		const credentialProcess = profile["credential_process"];
-		if (credentialProcess !== void 0) {
-			const execPromise = promisify(externalDataInterceptor?.getTokenRecord?.().exec ?? exec);
-			try {
-				const { stdout } = await execPromise(credentialProcess);
-				let data;
-				try {
-					data = JSON.parse(stdout.trim());
-				} catch {
-					throw Error(`Profile ${profileName} credential_process returned invalid JSON.`);
-				}
-				return getValidatedProcessCredentials(profileName, data, profiles);
-			} catch (error) {
-				throw new CredentialsProviderError(error.message, { logger });
-			}
-		} else throw new CredentialsProviderError(`Profile ${profileName} did not contain credential_process.`, { logger });
-	} else throw new CredentialsProviderError(`Profile ${profileName} could not be found in shared credentials file.`, { logger });
-};
-init_dist_es$1();
-const fromProcess = (init = {}) => async ({ callerClientConfig } = {}) => {
-	init.logger?.debug("@aws-sdk/credential-provider-process - fromProcess");
-	const profiles = await parseKnownFiles(init);
-	return resolveProcessCredentials(getProfileName({ profile: init.profile ?? callerClientConfig?.profile }), profiles, init.logger);
-};
-export { fromProcess as t };