replicas-engine 0.1.338 → 0.1.340

package/dist/src/{sts-IAUEUXEW.js → sts-2O2TZS6K.js}

@@ -17,10 +17,10 @@ import {
   resolveAwsSdkSigV4AConfig,
   resolveAwsSdkSigV4Config,
   streamCollector
-} from "./chunk-YY2DS5UJ.js";
+} from "./chunk-JWM4YXMZ.js";
 import {
   NodeHttpHandler
-} from "./chunk-B5KEKENG.js";
+} from "./chunk-A6ZHMNK4.js";
 import {
   BinaryDecisionDiagram,
   Client,
@@ -58,7 +58,7 @@ import {
   resolveUserAgentConfig,
   setCredentialFeature,
   stsRegionDefaultResolver
-} from "./chunk-MHJJJ2VP.js";
+} from "./chunk-6NGTYZPX.js";
 import {
   FromStringShapeDeserializer,
   NODE_REGION_CONFIG_FILE_OPTIONS,
@@ -81,7 +81,7 @@ import {
   resolveDefaultsModeConfig,
   resolveHttpHandlerRuntimeConfig,
   resolveRegionConfig
-} from "./chunk-ATF5CAZW.js";
+} from "./chunk-QE4MMXQA.js";
 import {
   Hash,
   NumericValue,
@@ -92,19 +92,19 @@ import {
   generateIdempotencyToken,
   toBase64,
   toUtf8
-} from "./chunk-C6IOMGXW.js";
+} from "./chunk-B7L4ZPGB.js";
 
-// ../node_modules/.bun/@smithy+signature-v4@5.4.6/node_modules/@smithy/signature-v4/dist-es/signature-v4a-container.js
+// ../node_modules/.bun/@smithy+signature-v4@5.5.1/node_modules/@smithy/signature-v4/dist-es/signature-v4a-container.js
 var signatureV4aContainer = {
   SignatureV4a: null
 };
 
-// ../node_modules/.bun/@aws-sdk+signature-v4-multi-region@3.996.32/node_modules/@aws-sdk/signature-v4-multi-region/dist-es/signature-v4-crt-container.js
+// ../node_modules/.bun/@aws-sdk+signature-v4-multi-region@3.996.35/node_modules/@aws-sdk/signature-v4-multi-region/dist-es/signature-v4-crt-container.js
 var signatureV4CrtContainer = {
   CrtSignerV4: null
 };
 
-// ../node_modules/.bun/@aws-sdk+signature-v4-multi-region@3.996.32/node_modules/@aws-sdk/signature-v4-multi-region/dist-es/SignatureV4SignWithCredentials.js
+// ../node_modules/.bun/@aws-sdk+signature-v4-multi-region@3.996.35/node_modules/@aws-sdk/signature-v4-multi-region/dist-es/SignatureV4SignWithCredentials.js
 var SESSION_TOKEN_QUERY_PARAM = "X-Amz-S3session-Token";
 var SESSION_TOKEN_HEADER = SESSION_TOKEN_QUERY_PARAM.toLowerCase();
 var SignatureV4SignWithCredentials = class extends SignatureV4 {
@@ -141,7 +141,7 @@ function setSingleOverride(privateAccess, credentialsWithoutSessionToken) {
   };
 }
 
-// ../node_modules/.bun/@aws-sdk+signature-v4-multi-region@3.996.32/node_modules/@aws-sdk/signature-v4-multi-region/dist-es/SignatureV4MultiRegion.js
+// ../node_modules/.bun/@aws-sdk+signature-v4-multi-region@3.996.35/node_modules/@aws-sdk/signature-v4-multi-region/dist-es/SignatureV4MultiRegion.js
 var SignatureV4MultiRegion = class {
   sigv4aSigner;
   sigv4Signer;
@@ -227,7 +227,7 @@ var SignatureV4MultiRegion = class {
   }
 };
 
-// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.17/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/endpoint/bdd.js
+// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.22/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/endpoint/bdd.js
 var q = "ref";
 var a = -1;
 var b = true;
@@ -390,7 +390,7 @@ var nodes = new Int32Array([
 ]);
 var bdd = BinaryDecisionDiagram.from(nodes, root, _data.conditions, _data.results);
 
-// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.17/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/endpoint/endpointResolver.js
+// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.22/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/endpoint/endpointResolver.js
 var cache = new EndpointCache({
   size: 50,
   params: ["Endpoint", "Region", "UseDualStack", "UseFIPS", "UseGlobalEndpoint"]
@@ -403,7 +403,7 @@ var defaultEndpointResolver = (endpointParams, context = {}) => {
 };
 customEndpointFunctions.aws = awsEndpointFunctions;
 
-// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.17/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/auth/httpAuthSchemeProvider.js
+// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.22/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/auth/httpAuthSchemeProvider.js
 var createEndpointRuleSetHttpAuthSchemeParametersProvider = (defaultHttpAuthSchemeParametersProvider) => async (config, context, input) => {
   if (!input) {
     throw new Error("Could not find `input` for `defaultEndpointRuleSetHttpAuthSchemeParametersProvider`");
@@ -530,7 +530,7 @@ var resolveHttpAuthSchemeConfig = (config) => {
   });
 };
 
-// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.17/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/endpoint/EndpointParameters.js
+// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.22/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/endpoint/EndpointParameters.js
 var resolveClientEndpointParameters = (options) => {
   return Object.assign(options, {
     useDualstackEndpoint: options.useDualstackEndpoint ?? false,
@@ -894,7 +894,7 @@ function getPositionFromMatch(match) {
   return match.startIndex + match[1].length;
 }
 
-// ../node_modules/.bun/@nodable+entities@2.1.1/node_modules/@nodable/entities/src/entities.js
+// ../node_modules/.bun/@nodable+entities@2.2.0/node_modules/@nodable/entities/src/entities.js
 var BASIC_LATIN = {
   amp: "&",
   AMP: "&",
@@ -1976,7 +1976,15 @@ var COMMON_HTML = {
   frac34: "\xBE"
 };
 
-// ../node_modules/.bun/@nodable+entities@2.1.1/node_modules/@nodable/entities/src/EntityDecoder.js
+// ../node_modules/.bun/@nodable+entities@2.2.0/node_modules/@nodable/entities/src/EntityDecoder.js
+var ENTITY_ACTION = Object.freeze({
+  /** Resolve and expand the entity normally. */
+  ALLOW: "allow",
+  /** Silently skip this entity — it will not be registered. */
+  BLOCK: "block",
+  /** Throw an error, aborting entity registration entirely. */
+  THROW: "throw"
+});
 var SPECIAL_CHARS = new Set("!?\\\\/[]$%{}^&*()<>|+");
 function validateEntityName(name) {
   if (name[0] === "#") {
@@ -2056,6 +2064,14 @@ var EntityDecoder = class {
    *   the effective action is max(onNCR, rangeMinimum).
    * @param {'remove'|'throw'} [options.ncr.nullNCR='remove']
    *   Action for U+0000 (null). 'allow' and 'leave' are clamped to 'remove' since null is never safe.
+   * @param {((name: string, value: string) => 'allow'|'block'|'throw')|null} [options.onExternalEntity=null]
+   *   Hook called when an external entity is registered via `setExternalEntities()` or
+   *   `addExternalEntity()`. Return `ENTITY_ACTION.ALLOW` to accept the entity,
+   *   `ENTITY_ACTION.BLOCK` to silently skip it, or `ENTITY_ACTION.THROW` to abort with an error.
+   * @param {((name: string, value: string) => 'allow'|'block'|'throw')|null} [options.onInputEntity=null]
+   *   Hook called when an input entity is registered via `addInputEntities()`. Return
+   *   `ENTITY_ACTION.ALLOW` to accept, `ENTITY_ACTION.BLOCK` to silently skip, or
+   *   `ENTITY_ACTION.THROW` to abort with an error.
    */
   constructor(options = {}) {
     this._limit = options.limit || {};
@@ -2075,6 +2091,33 @@ var EntityDecoder = class {
     this._ncrXmlVersion = ncrCfg.xmlVersion;
     this._ncrOnLevel = ncrCfg.onLevel;
     this._ncrNullLevel = ncrCfg.nullLevel;
+    this._onExternalEntity = typeof options.onExternalEntity === "function" ? options.onExternalEntity : null;
+    this._onInputEntity = typeof options.onInputEntity === "function" ? options.onInputEntity : null;
+  }
+  // -------------------------------------------------------------------------
+  // Private: registration hook dispatch
+  // -------------------------------------------------------------------------
+  /**
+   * Invoke a registration hook for a single entity name/value pair.
+   * Returns true when the entity should be accepted, false when it should be
+   * silently skipped (BLOCK), and throws when the hook returns THROW.
+   *
+   * @param {((name: string, value: string) => 'allow'|'block'|'throw')|null} hook
+   * @param {string} name
+   * @param {string} value
+   * @param {string} context  — used in error messages ('external' | 'input')
+   * @returns {boolean}  true = accept, false = skip
+   */
+  _applyRegistrationHook(hook, name, value, context) {
+    if (!hook) return true;
+    const action = hook(name, value);
+    if (action === ENTITY_ACTION.BLOCK) return false;
+    if (action === ENTITY_ACTION.THROW) {
+      throw new Error(
+        `[EntityDecoder] Registration of ${context} entity "&${name};" was rejected by hook`
+      );
+    }
+    return true;
   }
   // -------------------------------------------------------------------------
   // Persistent external entity registration
@@ -2082,6 +2125,9 @@ var EntityDecoder = class {
   /**
    * Replace the full set of persistent external entities.
    * All keys are validated — throws on invalid characters.
+   * If `onExternalEntity` is set, it is called once per entry; entries that
+   * return `ENTITY_ACTION.BLOCK` are silently omitted, `ENTITY_ACTION.THROW`
+   * aborts the whole call.
    * @param {Record<string, string | { regex?: RegExp, val: string }>} map
    */
   setExternalEntities(map) {
@@ -2090,17 +2136,32 @@ var EntityDecoder = class {
         validateEntityName(key);
       }
     }
-    this._externalMap = mergeEntityMaps(map);
+    if (!this._onExternalEntity) {
+      this._externalMap = mergeEntityMaps(map);
+      return;
+    }
+    const flat = mergeEntityMaps(map);
+    const filtered = /* @__PURE__ */ Object.create(null);
+    for (const [name, value] of Object.entries(flat)) {
+      if (this._applyRegistrationHook(this._onExternalEntity, name, value, "external")) {
+        filtered[name] = value;
+      }
+    }
+    this._externalMap = filtered;
   }
   /**
    * Add a single persistent external entity.
+   * If `onExternalEntity` is set it is called before the entity is stored;
+   * `ENTITY_ACTION.BLOCK` silently skips storage, `ENTITY_ACTION.THROW` raises.
    * @param {string} key
    * @param {string} value
    */
   addExternalEntity(key, value) {
     validateEntityName(key);
     if (typeof value === "string" && value.indexOf("&") === -1) {
-      this._externalMap[key] = value;
+      if (this._applyRegistrationHook(this._onExternalEntity, key, value, "external")) {
+        this._externalMap[key] = value;
+      }
     }
   }
   // -------------------------------------------------------------------------
@@ -2109,12 +2170,25 @@ var EntityDecoder = class {
   /**
    * Inject DOCTYPE entities for the current document.
    * Also resets per-document expansion counters.
+   * If `onInputEntity` is set it is called once per entry; entries returning
+   * `ENTITY_ACTION.BLOCK` are silently omitted, `ENTITY_ACTION.THROW` aborts.
    * @param {Record<string, string | { regx?: RegExp, regex?: RegExp, val: string }>} map
    */
   addInputEntities(map) {
     this._totalExpansions = 0;
     this._expandedLength = 0;
-    this._inputMap = mergeEntityMaps(map);
+    if (!this._onInputEntity) {
+      this._inputMap = mergeEntityMaps(map);
+      return;
+    }
+    const flat = mergeEntityMaps(map);
+    const filtered = /* @__PURE__ */ Object.create(null);
+    for (const [name, value] of Object.entries(flat)) {
+      if (this._applyRegistrationHook(this._onInputEntity, name, value, "input")) {
+        filtered[name] = value;
+      }
+    }
+    this._inputMap = filtered;
   }
   // -------------------------------------------------------------------------
   // Per-document reset
@@ -2790,7 +2864,235 @@ function validateEntityName2(name) {
     throw new Error(`Invalid entity name ${name}`);
 }
 
-// ../node_modules/.bun/strnum@2.3.0/node_modules/strnum/strnum.js
+// ../node_modules/.bun/anynum@1.0.1/node_modules/anynum/digitTable.js
+var SCRIPT_ZEROS = [
+  // Basic Latin (ASCII) — included for completeness / pass-through
+  48,
+  // 0-9
+  // Arabic scripts
+  1632,
+  // Arabic-Indic ٠١٢٣٤٥٦٧٨٩
+  1776,
+  // Extended Arabic-Indic (Urdu/Persian/Sindhi) ۰۱۲۳
+  // Indic scripts
+  2406,
+  // Devanagari ०१२३४५६७८९
+  2534,
+  // Bengali ০১২৩৪৫৬৭৮৯
+  2662,
+  // Gurmukhi ੦੧੨੩੪੫੬੭੮੯
+  2790,
+  // Gujarati ૦૧૨૩૪૫૬૭૮૯
+  2918,
+  // Odia ୦୧୨୩୪୫୬୭୮୯
+  3046,
+  // Tamil ௦௧௨௩௪௫௬௭௮௯
+  3174,
+  // Telugu ౦౧౨౩౪౫౬౭౮౯
+  3302,
+  // Kannada ೦೧೨೩೪೫೬೭೮೯
+  3430,
+  // Malayalam ൦൧൨൩൪൫൬൭൮൯
+  3558,
+  // Sinhala Archaic ෦෧෨෩෪෫෬෭෮෯
+  // Southeast Asian scripts
+  3664,
+  // Thai ๐๑๒๓๔๕๖๗๘๙
+  3792,
+  // Lao ໐໑໒໓໔໕໖໗໘໙
+  3872,
+  // Tibetan ༠༡༢༣༤༥༦༧༨༩
+  4160,
+  // Myanmar ၀၁၂၃၄၅၆၇၈၉
+  4240,
+  // Myanmar Shan ႐႑႒႓႔႕႖႗႘႙
+  6112,
+  // Khmer ០១២៣៤៥៦៧៨៩
+  6160,
+  // Mongolian ᠐᠑᠒᠓᠔᠕᠖᠗᠘᠙
+  6470,
+  // Limbu ᥆᥇᥈᥉᥊᥋᥌᥍᥎᥏
+  6608,
+  // New Tai Lue ᧐᧑᧒᧓᧔᧕᧖᧗᧘᧙
+  6784,
+  // Tai Tham Hora ᪀᪁᪂᪃᪄᪅᪆᪇᪈᪉
+  6800,
+  // Tai Tham Tham ᪐᪑᪒᪓᪔᪕᪖᪗᪘᪙
+  6992,
+  // Balinese ᭐᭑᭒᭓᭔᭕᭖᭗᭘᭙
+  7088,
+  // Sundanese ᮰᮱᮲᮳᮴᮵᮶᮷᮸᮹
+  7232,
+  // Lepcha ᱀᱁᱂᱃᱄᱅᱆᱇᱈᱉
+  7248,
+  // Ol Chiki ᱐᱑᱒᱓᱔᱕᱖᱗᱘᱙
+  // Fullwidth (CJK context)
+  65296,
+  // Fullwidth ０１２３４５６７８９
+  // Mathematical digit variants (Unicode math block)
+  120782,
+  // Mathematical Bold
+  120792,
+  // Mathematical Double-Struck
+  120802,
+  // Mathematical Sans-Serif
+  120812,
+  // Mathematical Sans-Serif Bold
+  120822,
+  // Mathematical Monospace
+  // Other scripts
+  66720,
+  // Osmanya 𐒠𐒡𐒢𐒣𐒤𐒥𐒦𐒧𐒨𐒩
+  68912,
+  // Hanifi Rohingya 𐴰𐴱𐴲𐴳𐴴𐴵𐴶𐴷𐴸𐴹
+  69734,
+  // Brahmi 𑁦𑁧𑁨𑁩𑁪𑁫𑁬𑁭𑁮𑁯
+  69872,
+  // Sora Sompeng 𑃰𑃱𑃲𑃳𑃴𑃵𑃶𑃷𑃸𑃹
+  69942,
+  // Chakma 𑄶𑄷𑄸𑄹𑄺𑄻𑄼𑄽𑄾𑄿
+  70096,
+  // Sharada 𑇐𑇑𑇒𑇓𑇔𑇕𑇖𑇗𑇘𑇙
+  70384,
+  // Khudawadi 𑋰𑋱𑋲𑋳𑋴𑋵𑋶𑋷𑋸𑋹
+  70736,
+  // Newa 𑑐𑑑𑑒𑑓𑑔𑑕𑑖𑑗𑑘𑑙
+  70864,
+  // Tirhuta 𑓐𑓑𑓒𑓓𑓔𑓕𑓖𑓗𑓘𑓙
+  71248,
+  // Modi 𑙐𑙑𑙒𑙓𑙔𑙕𑙖𑙗𑙘𑙙
+  71360,
+  // Takri 𑛀𑛁𑛂𑛃𑛄𑛅𑛆𑛇𑛈𑛉
+  71472,
+  // Ahom 𑜰𑜱𑜲𑜳𑜴𑜵𑜶𑜷𑜸𑜹
+  71904,
+  // Warang Citi 𑣠𑣡𑣢𑣣𑣤𑣥𑣦𑣧𑣨𑣩
+  72016,
+  // Dives Akuru 𑥐𑥑𑥒𑥓𑥔𑥕𑥖𑥗𑥘𑥙
+  72688,
+  // Khitan Small Script 𑯰𑯱𑯲𑯳𑯴𑯵𑯶𑯷𑯸𑯹
+  72784,
+  // Bhaiksuki 𑱐𑱑𑱒𑱓𑱔𑱕𑱖𑱗𑱘𑱙
+  73040,
+  // Masaram Gondi 𑵐𑵑𑵒𑵓𑵔𑵕𑵖𑵗𑵘𑵙
+  73120,
+  // Gunjala Gondi 𑶠𑶡𑶢𑶣𑶤𑶥𑶦𑶧𑶨𑶩
+  73552,
+  // Kawi 𑽐𑽑𑽒𑽓𑽔𑽕𑽖𑽗𑽘𑽙
+  92768,
+  // Mro 𖩠𖩡𖩢𖩣𖩤𖩥𖩦𖩧𖩨𖩩
+  92864,
+  // Tangsa 𖫀𖫁𖫂𖫃𖫄𖫅𖫆𖫇𖫈𖫉
+  93008,
+  // Pahawh Hmong 𖭐𖭑𖭒𖭓𖭔𖭕𖭖𖭗𖭘𖭙
+  123200,
+  // Nyiakeng Puachue Hmong 𞅀𞅁𞅂𞅃𞅄𞅅𞅆𞅇𞅈𞅉
+  123632,
+  // Wancho 𞋰𞋱𞋲𞋳𞋴𞋵𞋶𞋷𞋸𞋹
+  124144,
+  // Nag Mundari 𞓰𞓱𞓲𞓳𞓴𞓵𞓶𞓷𞓸𞓹
+  125264,
+  // Adlam 𞥐𞥑𞥒𞥓𞥔𞥕𞥖𞥗𞥘𞥙
+  130032
+  // Segmented digit symbols 🯰🯱🯲🯳🯴🯵🯶🯷🯸🯹
+];
+var NOT_DIGIT = 255;
+var HIGH_MAP = /* @__PURE__ */ new Map();
+var LOW_MAX = 65535;
+var LOW_MIN = 1632;
+var TABLE_OFFSET = LOW_MIN;
+var TABLE_SIZE = LOW_MAX - LOW_MIN + 1;
+var TABLE = new Uint8Array(TABLE_SIZE).fill(NOT_DIGIT);
+for (const zero of SCRIPT_ZEROS) {
+  for (let d2 = 0; d2 < 10; d2++) {
+    const cp = zero + d2;
+    if (cp <= LOW_MAX) {
+      TABLE[cp - TABLE_OFFSET] = d2;
+    } else {
+      HIGH_MAP.set(cp, d2);
+    }
+  }
+}
+
+// ../node_modules/.bun/anynum@1.0.1/node_modules/anynum/anynum.js
+var CHAR_0 = 48;
+var CHAR_9 = 57;
+var CHAR_MINUS = 45;
+var MINUS_SET = /* @__PURE__ */ new Set([8722, 65293, 65123]);
+function anynum(str) {
+  if (typeof str !== "string") return str;
+  const len = str.length;
+  if (len === 0) return str;
+  let firstHit = -1;
+  for (let i2 = 0; i2 < len; i2++) {
+    const cc = str.charCodeAt(i2);
+    if (cc >= CHAR_0 && cc <= CHAR_9 || cc === CHAR_MINUS) continue;
+    if (cc < TABLE_OFFSET) {
+      if (MINUS_SET.has(cc)) {
+        firstHit = i2;
+        break;
+      }
+      continue;
+    }
+    if (cc >= 55296 && cc <= 56319) {
+      if (i2 + 1 < len) {
+        const low = str.charCodeAt(i2 + 1);
+        if (low >= 56320 && low <= 57343) {
+          const cp = 65536 + (cc - 55296 << 10) + (low - 56320);
+          if (HIGH_MAP.has(cp)) {
+            firstHit = i2;
+            break;
+          }
+        }
+      }
+      continue;
+    }
+    if (TABLE[cc - TABLE_OFFSET] !== NOT_DIGIT || MINUS_SET.has(cc)) {
+      firstHit = i2;
+      break;
+    }
+  }
+  if (firstHit === -1) return str;
+  const chars = [];
+  if (firstHit > 0) chars.push(str.slice(0, firstHit));
+  for (let i2 = firstHit; i2 < len; i2++) {
+    const cc = str.charCodeAt(i2);
+    if (cc >= CHAR_0 && cc <= CHAR_9 || cc === CHAR_MINUS) {
+      chars.push(str[i2]);
+      continue;
+    }
+    if (cc < TABLE_OFFSET) {
+      chars.push(MINUS_SET.has(cc) ? "-" : str[i2]);
+      continue;
+    }
+    if (cc >= 55296 && cc <= 56319) {
+      if (i2 + 1 < len) {
+        const low = str.charCodeAt(i2 + 1);
+        if (low >= 56320 && low <= 57343) {
+          const cp = 65536 + (cc - 55296 << 10) + (low - 56320);
+          const d3 = HIGH_MAP.get(cp);
+          if (d3 !== void 0) {
+            chars.push(String.fromCharCode(d3 + 48));
+            i2++;
+            continue;
+          }
+        }
+      }
+      chars.push(str[i2]);
+      continue;
+    }
+    if (MINUS_SET.has(cc)) {
+      chars.push("-");
+      continue;
+    }
+    const d2 = TABLE[cc - TABLE_OFFSET];
+    chars.push(d2 !== NOT_DIGIT ? String.fromCharCode(d2 + 48) : str[i2]);
+  }
+  return chars.join("");
+}
+var anynum_default = anynum;
+
+// ../node_modules/.bun/strnum@2.4.1/node_modules/strnum/strnum.js
 var hexRegex = /^[-+]?0x[a-fA-F0-9]+$/;
 var binRegex = /^0b[01]+$/;
 var octRegex = /^0o[0-7]+$/;
@@ -2803,8 +3105,9 @@ var consider = {
   decimalPoint: ".",
   eNotation: true,
   //skipLike: /regex/,
-  infinity: "original"
+  infinity: "original",
   // "null", "infinity" (Infinity type), "string" ("Infinity" (the string literal))
+  unicode: false
 };
 function toNumber(str, options = {}) {
   options = Object.assign({}, consider, options);
@@ -2813,7 +3116,11 @@ function toNumber(str, options = {}) {
   if (trimmedStr.length === 0) return str;
   else if (options.skipLike !== void 0 && options.skipLike.test(trimmedStr)) return str;
   else if (trimmedStr === "0") return 0;
-  else if (options.hex && hexRegex.test(trimmedStr)) {
+  if (options.unicode) {
+    trimmedStr = anynum_default(trimmedStr);
+    if (trimmedStr === "0") return 0;
+  }
+  if (options.hex && hexRegex.test(trimmedStr)) {
     return parse_int(trimmedStr, 16);
   } else if (options.binary && binRegex.test(trimmedStr)) {
     return parse_int(trimmedStr, 2);
@@ -2941,7 +3248,7 @@ function getIgnoreAttributesFn(ignoreAttributes) {
   return () => false;
 }
 
-// ../node_modules/.bun/path-expression-matcher@1.5.0/node_modules/path-expression-matcher/src/Expression.js
+// ../node_modules/.bun/path-expression-matcher@1.6.0/node_modules/path-expression-matcher/src/Expression.js
 var Expression = class {
   /**
    * Create a new Expression
@@ -3104,12 +3411,13 @@ var Expression = class {
   }
 };
 
-// ../node_modules/.bun/path-expression-matcher@1.5.0/node_modules/path-expression-matcher/src/ExpressionSet.js
+// ../node_modules/.bun/path-expression-matcher@1.6.0/node_modules/path-expression-matcher/src/ExpressionSet.js
 var ExpressionSet = class {
   constructor() {
     this._byDepthAndTag = /* @__PURE__ */ new Map();
     this._wildcardByDepth = /* @__PURE__ */ new Map();
     this._deepWildcards = [];
+    this._deepByTerminalTag = /* @__PURE__ */ new Map();
     this._patterns = /* @__PURE__ */ new Set();
     this._sealed = false;
   }
@@ -3134,7 +3442,14 @@ var ExpressionSet = class {
     if (this._patterns.has(expression.pattern)) return this;
     this._patterns.add(expression.pattern);
     if (expression.hasDeepWildcard()) {
-      this._deepWildcards.push(expression);
+      const lastSeg2 = expression.segments[expression.segments.length - 1];
+      if (lastSeg2 && lastSeg2.type !== "deep-wildcard" && lastSeg2.tag !== "*") {
+        const tag2 = lastSeg2.tag;
+        if (!this._deepByTerminalTag.has(tag2)) this._deepByTerminalTag.set(tag2, []);
+        this._deepByTerminalTag.get(tag2).push(expression);
+      } else {
+        this._deepWildcards.push(expression);
+      }
       return this;
     }
     const depth = expression.length;
@@ -3252,6 +3567,12 @@ var ExpressionSet = class {
         if (matcher.matches(wildcardBucket[i2])) return wildcardBucket[i2];
       }
     }
+    const deepBucket = this._deepByTerminalTag.get(tag);
+    if (deepBucket) {
+      for (let i2 = 0; i2 < deepBucket.length; i2++) {
+        if (matcher.matches(deepBucket[i2])) return deepBucket[i2];
+      }
+    }
     for (let i2 = 0; i2 < this._deepWildcards.length; i2++) {
       if (matcher.matches(this._deepWildcards[i2])) return this._deepWildcards[i2];
     }
@@ -3259,7 +3580,7 @@ var ExpressionSet = class {
   }
 };
 
-// ../node_modules/.bun/path-expression-matcher@1.5.0/node_modules/path-expression-matcher/src/Matcher.js
+// ../node_modules/.bun/path-expression-matcher@1.6.0/node_modules/path-expression-matcher/src/Matcher.js
 var MatcherView = class {
   /**
    * @param {Matcher} matcher - The parent Matcher instance to read from.
@@ -3311,6 +3632,24 @@ var MatcherView = class {
     const current = path[path.length - 1];
     return current.values !== void 0 && attrName in current.values;
   }
+  /**
+   * Get the value of a "kept" attribute from the nearest ancestor (or
+   * current node) that declared it via `push(tag, attrs, ns, { keep: [...] })`.
+   * @param {string} attrName
+   * @returns {*}
+   */
+  getAnyParentAttr(attrName) {
+    return this._matcher.getAnyParentAttr(attrName);
+  }
+  /**
+   * Check whether any ancestor (or the current node) kept the given
+   * attribute via `push(tag, attrs, ns, { keep: [...] })`.
+   * @param {string} attrName
+   * @returns {boolean}
+   */
+  hasAnyParentAttr(attrName) {
+    return this._matcher.hasAnyParentAttr(attrName);
+  }
   /**
    * Get current node's sibling position (child index in parent).
    * @returns {number}
@@ -3389,14 +3728,17 @@ var Matcher = class {
     this.siblingStacks = [];
     this._pathStringCache = null;
     this._view = new MatcherView(this);
+    this._keptAttrs = [];
   }
   /**
    * Push a new tag onto the path.
    * @param {string} tagName
    * @param {Object|null} [attrValues=null]
    * @param {string|null} [namespace=null]
+   * @param {Object|null} [options=null]
+   * @param {string[]} [options.keep] - Names of attributes (from attrValues)
    */
-  push(tagName, attrValues = null, namespace = null) {
+  push(tagName, attrValues = null, namespace = null, options = null) {
     this._pathStringCache = null;
     if (this.path.length > 0) {
       this.path[this.path.length - 1].values = void 0;
@@ -3425,6 +3767,16 @@ var Matcher = class {
       node.values = attrValues;
     }
     this.path.push(node);
+    const depth = this.path.length;
+    const keep = options !== null ? options.keep : null;
+    if (keep !== null && keep !== void 0 && keep.length > 0 && attrValues) {
+      for (let i2 = 0; i2 < keep.length; i2++) {
+        const name = keep[i2];
+        if (attrValues[name] !== void 0) {
+          this._keptAttrs.push({ depth, name, value: attrValues[name] });
+        }
+      }
+    }
   }
   /**
    * Pop the last tag from the path.
@@ -3437,6 +3789,10 @@ var Matcher = class {
     if (this.siblingStacks.length > this.path.length + 1) {
       this.siblingStacks.length = this.path.length + 1;
     }
+    const poppedDepth = this.path.length + 1;
+    while (this._keptAttrs.length > 0 && this._keptAttrs[this._keptAttrs.length - 1].depth >= poppedDepth) {
+      this._keptAttrs.pop();
+    }
     return node;
   }
   /**
@@ -3485,6 +3841,36 @@ var Matcher = class {
     const current = this.path[this.path.length - 1];
     return current.values !== void 0 && attrName in current.values;
   }
+  /**
+   * Get the value of a "kept" attribute from the nearest ancestor (or
+   * current node) that declared it via `push(tag, attrs, ns, { keep: [...] })`.
+   * Unlike getAttrValue(), this works regardless of how deep the path has
+   * gone since the attribute was pushed — but only for attribute names that
+   * were explicitly marked with `keep` at push time. Cost is proportional to
+   * the number of currently-kept attributes (typically 0-3), not path depth.
+   * @param {string} attrName
+   * @returns {*} the value, or undefined if no ancestor kept this attribute
+   */
+  getAnyParentAttr(attrName) {
+    const kept = this._keptAttrs;
+    for (let i2 = kept.length - 1; i2 >= 0; i2--) {
+      if (kept[i2].name === attrName) return kept[i2].value;
+    }
+    return void 0;
+  }
+  /**
+   * Check whether any ancestor (or the current node) kept the given
+   * attribute via `push(tag, attrs, ns, { keep: [...] })`.
+   * @param {string} attrName
+   * @returns {boolean}
+   */
+  hasAnyParentAttr(attrName) {
+    const kept = this._keptAttrs;
+    for (let i2 = kept.length - 1; i2 >= 0; i2--) {
+      if (kept[i2].name === attrName) return true;
+    }
+    return false;
+  }
   /**
    * Get current node's sibling position (child index in parent).
    * @returns {number}
@@ -3553,6 +3939,7 @@ var Matcher = class {
     this._pathStringCache = null;
     this.path = [];
     this.siblingStacks = [];
+    this._keptAttrs = [];
   }
   /**
    * Match current path against an Expression.
@@ -3676,7 +4063,8 @@ var Matcher = class {
   snapshot() {
     return {
       path: this.path.map((node) => ({ ...node })),
-      siblingStacks: this.siblingStacks.map((map) => new Map(map))
+      siblingStacks: this.siblingStacks.map((map) => new Map(map)),
+      keptAttrs: this._keptAttrs.map((entry) => ({ ...entry }))
     };
   }
   /**
@@ -3687,6 +4075,7 @@ var Matcher = class {
     this._pathStringCache = null;
     this.path = snapshot.path.map((node) => ({ ...node }));
     this.siblingStacks = snapshot.siblingStacks.map((map) => new Map(map));
+    this._keptAttrs = (snapshot.keptAttrs || []).map((entry) => ({ ...entry }));
   }
   /**
    * Return the read-only {@link MatcherView} for this matcher.
@@ -4461,7 +4850,7 @@ var XMLParser = class {
   }
 };
 
-// ../node_modules/.bun/@aws-sdk+xml-builder@3.972.28/node_modules/@aws-sdk/xml-builder/dist-es/xml-external/nodable_entities.js
+// ../node_modules/.bun/@aws-sdk+xml-builder@3.972.30/node_modules/@aws-sdk/xml-builder/dist-es/xml-external/nodable_entities.js
 var XML2 = {
   amp: "&",
   apos: "'",
@@ -4787,7 +5176,7 @@ var EntityDecoderImpl = class EntityDecoderImpl2 {
   }
 };
 
-// ../node_modules/.bun/@aws-sdk+xml-builder@3.972.28/node_modules/@aws-sdk/xml-builder/dist-es/xml-parser.js
+// ../node_modules/.bun/@aws-sdk+xml-builder@3.972.30/node_modules/@aws-sdk/xml-builder/dist-es/xml-parser.js
 var entityDecoder = new EntityDecoderImpl({
   namedEntities: { ...XML2, ...COMMON_HTML2, ...CURRENCY2 },
   numericAllowed: true,
@@ -4831,7 +5220,7 @@ function parseXML(xmlString) {
   return parser.parse(xmlString, true);
 }
 
-// ../node_modules/.bun/@aws-sdk+core@3.974.18/node_modules/@aws-sdk/core/dist-es/submodules/protocols/xml/XmlShapeDeserializer.js
+// ../node_modules/.bun/@aws-sdk+core@3.974.22/node_modules/@aws-sdk/core/dist-es/submodules/protocols/xml/XmlShapeDeserializer.js
 var XmlShapeDeserializer = class extends SerdeContextConfig {
   settings;
   stringDeserializer;
@@ -4972,7 +5361,7 @@ var XmlShapeDeserializer = class extends SerdeContextConfig {
   }
 };
 
-// ../node_modules/.bun/@aws-sdk+core@3.974.18/node_modules/@aws-sdk/core/dist-es/submodules/protocols/query/QueryShapeSerializer.js
+// ../node_modules/.bun/@aws-sdk+core@3.974.22/node_modules/@aws-sdk/core/dist-es/submodules/protocols/query/QueryShapeSerializer.js
 var QueryShapeSerializer = class extends SerdeContextConfig {
   settings;
   buffer;
@@ -5142,7 +5531,7 @@ var QueryShapeSerializer = class extends SerdeContextConfig {
   }
 };
 
-// ../node_modules/.bun/@aws-sdk+core@3.974.18/node_modules/@aws-sdk/core/dist-es/submodules/protocols/query/AwsQueryProtocol.js
+// ../node_modules/.bun/@aws-sdk+core@3.974.22/node_modules/@aws-sdk/core/dist-es/submodules/protocols/query/AwsQueryProtocol.js
 var AwsQueryProtocol = class extends RpcProtocol {
   options;
   serializer;
@@ -5272,7 +5661,7 @@ var AwsQueryProtocol = class extends RpcProtocol {
   }
 };
 
-// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.17/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/models/STSServiceException.js
+// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.22/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/models/STSServiceException.js
 var STSServiceException = class _STSServiceException extends ServiceException {
   constructor(options) {
     super(options);
@@ -5280,7 +5669,7 @@ var STSServiceException = class _STSServiceException extends ServiceException {
   }
 };
 
-// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.17/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/models/errors.js
+// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.22/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/models/errors.js
 var ExpiredTokenException = class _ExpiredTokenException extends STSServiceException {
   name = "ExpiredTokenException";
   $fault = "client";
@@ -5367,7 +5756,7 @@ var IDPCommunicationErrorException = class _IDPCommunicationErrorException exten
   }
 };
 
-// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.17/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/schemas/schemas_0.js
+// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.22/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/schemas/schemas_0.js
 var _A = "Arn";
 var _AKI = "AccessKeyId";
 var _AR = "AssumeRole";
@@ -5616,7 +6005,7 @@ var AssumeRoleWithWebIdentity$ = [
   () => AssumeRoleWithWebIdentityResponse$
 ];
 
-// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.17/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/runtimeConfig.shared.js
+// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.22/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/runtimeConfig.shared.js
 var getRuntimeConfig = (config) => {
   return {
     apiVersion: "2011-06-15",
@@ -5660,7 +6049,7 @@ var getRuntimeConfig = (config) => {
   };
 };
 
-// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.17/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/runtimeConfig.js
+// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.22/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/runtimeConfig.js
 var getRuntimeConfig2 = (config) => {
   emitWarningIfUnsupportedVersion2(process.version);
   const defaultsMode = resolveDefaultsModeConfig(config);
@@ -5712,7 +6101,7 @@ var getRuntimeConfig2 = (config) => {
   };
 };
 
-// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.17/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/auth/httpAuthExtensionConfiguration.js
+// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.22/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/auth/httpAuthExtensionConfiguration.js
 var getHttpAuthExtensionConfiguration = (runtimeConfig) => {
   const _httpAuthSchemes = runtimeConfig.httpAuthSchemes;
   let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider;
@@ -5751,14 +6140,14 @@ var resolveHttpAuthRuntimeConfig = (config) => {
   };
 };
 
-// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.17/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/runtimeExtensions.js
+// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.22/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/runtimeExtensions.js
 var resolveRuntimeExtensions = (runtimeConfig, extensions) => {
   const extensionConfiguration = Object.assign(getAwsRegionExtensionConfiguration(runtimeConfig), getDefaultExtensionConfiguration(runtimeConfig), getHttpHandlerExtensionConfiguration(runtimeConfig), getHttpAuthExtensionConfiguration(runtimeConfig));
   extensions.forEach((extension) => extension.configure(extensionConfiguration));
   return Object.assign(runtimeConfig, resolveAwsRegionExtensionConfiguration(extensionConfiguration), resolveDefaultRuntimeConfig(extensionConfiguration), resolveHttpHandlerRuntimeConfig(extensionConfiguration), resolveHttpAuthRuntimeConfig(extensionConfiguration));
 };
 
-// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.17/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/STSClient.js
+// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.22/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/STSClient.js
 var STSClient = class extends Client {
   config;
   constructor(...[configuration]) {
@@ -5795,19 +6184,19 @@ var STSClient = class extends Client {
   }
 };
 
-// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.17/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/commands/AssumeRoleCommand.js
+// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.22/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/commands/AssumeRoleCommand.js
 var AssumeRoleCommand = class extends Command.classBuilder().ep(commonParams).m(function(Command2, cs, config, o2) {
   return [getEndpointPlugin(config, Command2.getEndpointParameterInstructions())];
 }).s("AWSSecurityTokenServiceV20110615", "AssumeRole", {}).n("STSClient", "AssumeRoleCommand").sc(AssumeRole$).build() {
 };
 
-// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.17/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/commands/AssumeRoleWithWebIdentityCommand.js
+// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.22/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/commands/AssumeRoleWithWebIdentityCommand.js
 var AssumeRoleWithWebIdentityCommand = class extends Command.classBuilder().ep(commonParams).m(function(Command2, cs, config, o2) {
   return [getEndpointPlugin(config, Command2.getEndpointParameterInstructions())];
 }).s("AWSSecurityTokenServiceV20110615", "AssumeRoleWithWebIdentity", {}).n("STSClient", "AssumeRoleWithWebIdentityCommand").sc(AssumeRoleWithWebIdentity$).build() {
 };
 
-// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.17/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/STS.js
+// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.22/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/STS.js
 var commands = {
   AssumeRoleCommand,
   AssumeRoleWithWebIdentityCommand
@@ -5816,7 +6205,7 @@ var STS = class extends STSClient {
 };
 createAggregatedClient(commands, STS);
 
-// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.17/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/defaultStsRoleAssumers.js
+// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.22/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/defaultStsRoleAssumers.js
 var getAccountIdFromAssumedRoleUser = (assumedRoleUser) => {
   if (typeof assumedRoleUser?.Arn === "string") {
     const arnComponents = assumedRoleUser.Arn.split(":");
@@ -5916,7 +6305,7 @@ var isH2 = (requestHandler) => {
   return requestHandler?.metadata?.handlerProtocol === "h2";
 };
 
-// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.17/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/defaultRoleAssumers.js
+// ../node_modules/.bun/@aws-sdk+nested-clients@3.997.22/node_modules/@aws-sdk/nested-clients/dist-es/submodules/sts/defaultRoleAssumers.js
 var getCustomizableStsClientCtor = (baseCtor, customizations) => {
   if (!customizations)
     return baseCtor;