varlock 0.0.13 → 0.0.15

package/dist/auto-load.js

@@ -1,7 +1,8 @@
-import './chunk-TWKAUCTT.js';
-import './chunk-UPKIHHPE.js';
+import './chunk-IH74UIYN.js';
+import './chunk-7JMYT62X.js';
+import './chunk-LBV2UW3I.js';
+import './chunk-C5BEZMSO.js';
 import './chunk-OM3JCP4E.js';
-import './chunk-POJECYSY.js';
 import './chunk-2SPIWTVE.js';
 import './chunk-FGMXIEFA.js';
 import './chunk-XN24GZXQ.js';

package/dist/{chunk-POJECYSY.js → chunk-7JMYT62X.js}

@@ -19,7 +19,7 @@ function patchGlobalServerResponse(opts) {
   ServerResponse.prototype.write = /* @__PURE__ */ __name(function varlockPatchedServerResponseWrite(...args) {
     const rawChunk = args[0];
     const contentType = this.getHeader("content-type")?.toString() || "";
-    let runScan = contentType.startsWith("text/") || contentType.startsWith("application/json");
+    let runScan = contentType.startsWith("text/") || contentType.startsWith("application/json") || !contentType && typeof rawChunk === "string";
     const reqUrl = this.req.url;
     if (runScan && reqUrl && opts?.ignoreUrlPatterns?.some((pattern) => pattern.test(reqUrl))) {
       runScan = false;
@@ -88,5 +88,5 @@ function patchGlobalServerResponse(opts) {
 __name(patchGlobalServerResponse, "patchGlobalServerResponse");
 
 export { patchGlobalServerResponse };
-//# sourceMappingURL=chunk-POJECYSY.js.map
-//# sourceMappingURL=chunk-POJECYSY.js.map
+//# sourceMappingURL=chunk-7JMYT62X.js.map
+//# sourceMappingURL=chunk-7JMYT62X.js.map

package/dist/chunk-7JMYT62X.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/runtime/patch-server-response.ts"],"names":[],"mappings":";;;;;AAUA,IAAM,UAAA,GAAa,mBAAA;AACZ,SAAS,0BAA0B,IAAA,EAGvC;AACD,EAAA,KAAA,CAAM,6CAAmC,CAAA;AACzC,EAAA,IAAI,MAAA,CAAO,wBAAA,CAAyB,cAAA,CAAe,SAAA,EAAW,UAAU,CAAA,EAAG;AACzE,IAAA,KAAA,CAAM,mBAAmB,CAAA;AACzB,IAAA;AAAA,EACF;AACA,EAAA,IAAI,eAAA,CAAgB,iBAAiB,KAAA,EAAO;AAC1C,IAAA,KAAA,CAAM,wBAAwB,CAAA;AAC9B,IAAA;AAAA,EACF;AAEA,EAAA,MAAA,CAAO,eAAe,cAAA,CAAe,SAAA,EAAW,YAAY,EAAE,KAAA,EAAO,MAAM,CAAA;AAE3E,EAAA,MAAM,mBAAA,GAAsB,eAAe,SAAA,CAAU,KAAA;AAGrD,EAAA,cAAA,CAAe,SAAA,CAAU,KAAA,mBAAQ,MAAA,CAAA,SAAS,iCAAA,CAAA,GAAqC,IAAA,EAAM;AAGnF,IAAA,MAAM,QAAA,GAAW,KAAK,CAAC,CAAA;AAKvB,IAAA,MAAM,cAAc,IAAA,CAAK,SAAA,CAAU,cAAc,CAAA,EAAG,UAAS,IAAK,EAAA;AAElE,IAAA,IAAI,OAAA,GACF,WAAA,CAAY,UAAA,CAAW,OAAO,CAAA,IAC3B,WAAA,CAAY,UAAA,CAAW,kBAAkB,CAAA,IACxC,CAAC,WAAA,IAAe,OAAO,QAAA,KAAa,QAAA;AAI1C,IAAA,MAAM,MAAA,GAAU,KAAa,GAAA,CAAI,GAAA;AAEjC,IAAA,IAAI,OAAA,IAAW,MAAA,IAAU,IAAA,EAAM,iBAAA,EAAmB,IAAA,CAAK,CAAC,OAAA,KAAY,OAAA,CAAQ,IAAA,CAAK,MAAM,CAAC,CAAA,EAAG;AACzF,MAAA,OAAA,GAAU,KAAA;AAAA,IACZ;AAIA,IAAA,IAAI,CAAC,OAAA,EAAS;AAEZ,MAAA,OAAO,mBAAA,CAAoB,KAAA,CAAM,IAAA,EAAM,IAAI,CAAA;AAAA,IAC7C;AAGA,IAAA,MAAM,eAAA,GAAkB,IAAA,CAAK,SAAA,CAAU,kBAAkB,CAAA;AACzD,IAAA,IAAI,QAAA;AACJ,IAAA,IAAI,SAAA,GAAkD,IAAA;AACtD,IAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AAChC,MAAA,SAAA,GAAY,QAAA;AACZ,MAAA,QAAA,GAAW,QAAA;AAAA,IACb,CAAA,MAAA,IAAW,CAAC,eAAA,EAAiB;AAC3B,MAAA,SAAA,GAAY,SAAA;AACZ,MAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,MAAA,QAAA,GAAW,OAAA,CAAQ,OAAO,QAAQ,CAAA;AAAA,IACpC,CAAA,MAAA,IAAW,oBAAoB,MAAA,EAAQ;AACrC,MAAA,SAAA,GAAY,MAAA;AAEZ,MAAA,IAAI,CAAE,KAAa,WAAA,EAAa;AAE9B,QAAC,IAAA,CAAa,WAAA,GAAc,CAAC,QAAQ,CAAA;AAAA,MACvC,CAAA,MAAO;AAEL,QAAC,IAAA,CAAa,WAAA,EAAa,IAAA,CAAK,QAAQ,CAAA;AACxC,QAAA,IAAI;AACF,UAAA,MAAM,aAAA,GAAgB,KAAK,SAAA,CAAU,MAAA,CAAO,OAAQ,IAAA,CAAa,WAAA,IAAe,EAAE,CAAA,EAAG;AAAA,YACnF,KAAA,EAAO,KAAK,SAAA,CAAU,YAAA;AAAA,YACtB,WAAA,EAAa,KAAK,SAAA,CAAU;AAAA,WAC7B,CAAA;AACD,UAAA,MAAM,gBAAA,GAAmB,aAAA,CAAc,QAAA,CAAS,OAAO,CAAA;AACvD,UAAA,QAAA,GAAW,gBAAA,CAAiB,SAAA,CAAW,IAAA,CAAa,kBAAA,IAAsB,CAAC,CAAA;AAC3E,UAAC,IAAA,CAAa,qBAAqB,gBAAA,CAAiB,MAAA;AAAA,QACtD,SAAS,GAAA,EAAK;AAAA,QAEd;AAAA,MACF;AAAA,IACF;AAEA,IAAA,IAAI,QAAA,EAAU;AAIZ,MAAA,IAAI;AACF,QAAA,YAAA,CAAa,QAAA,EAAU,EAAE,MAAA,EAAQ,8BAAA,EAAgC,MAAO,IAAA,CAAa,GAAA,CAAI,KAAK,CAAA;AAAA,MAChG,SAAS,GAAA,EAAK;AAGZ,QAAA,IAAI,MAAM,oBAAA,EAAsB;AAC9B,UAAA,QAAA,GAAW,sBAAsB,QAAQ,CAAA;AACzC,UAAA,IAAI,cAAc,QAAA,EAAU;AAC1B,YAAA,IAAA,CAAK,CAAC,CAAA,GAAI,QAAA;AAAA,UACZ,CAAA,MAAA,IAAW,cAAc,SAAA,EAAW;AAClC,YAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,YAAA,IAAA,CAAK,CAAC,CAAA,GAAI,OAAA,CAAQ,MAAA,CAAO,QAAQ,CAAA;AAAA,UACnC,CAAA,MAAA,IAAW,cAAc,MAAA,EAAQ,CAQjC,MAAO;AACL,YAAA,MAAM,IAAI,KAAA,CAAM,CAAA,qCAAA,EAAwC,SAAS,CAAA,CAAE,CAAA;AAAA,UACrE;AAAA,QACF,CAAA,MAAO;AACL,UAAA,MAAM,GAAA;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAGA,IAAA,OAAO,mBAAA,CAAoB,KAAA,CAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EAC7C,CAAA,EAnGiC,mCAAA,CAAA;AAsGjC,EAAA,MAAM,iBAAA,GAAoB,eAAe,SAAA,CAAU,GAAA;AAEnD,EAAA,cAAA,CAAe,SAAA,CAAU,GAAA,mBAAM,MAAA,CAAA,SAAS,wBAAA,CAAA,GAA4B,IAAA,EAAM;AAExE,IAAA,MAAM,QAAA,GAAW,KAAK,CAAC,CAAA;AAEvB,IAAA,IAAI,QAAA,IAAY,OAAO,QAAA,KAAa,QAAA,EAAU;AAE5C,MAAA,YAAA,CAAa,QAAA,EAAU,EAAE,MAAA,EAAQ,4BAAA,EAA8B,CAAA;AAAA,IACjE;AAEA,IAAA,OAAO,iBAAA,CAAkB,KAAA,CAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EAC3C,CAAA,EAV+B,0BAAA,CAAA;AAWjC;AAtIgB,MAAA,CAAA,yBAAA,EAAA,2BAAA,CAAA","file":"chunk-7JMYT62X.js","sourcesContent":["/*\n  This patches the global ServerResponse object to scan for secret leaks - currently used for next.js and remix\n*/\n\nimport zlib from 'node:zlib';\nimport { ServerResponse } from 'node:http';\nimport { redactSensitiveConfig, scanForLeaks, varlockSettings } from './env';\nimport { debug } from './lib/debug';\n\n// NOTE - previously was using a symbol but got weird because of multiple builds and contexts...\nconst patchedKey = '_patchedByVarlock';\nexport function patchGlobalServerResponse(opts?: {\n  ignoreUrlPatterns?: Array<RegExp>,\n  redactInsteadOfThrow?: boolean,\n}) {\n  debug('⚡️ PATCHING global ServerResponse');\n  if (Object.getOwnPropertyDescriptor(ServerResponse.prototype, patchedKey)) {\n    debug('> already patched');\n    return;\n  }\n  if (varlockSettings.preventLeaks === false) {\n    debug('> disabled by settings');\n    return;\n  }\n\n  Object.defineProperty(ServerResponse.prototype, patchedKey, { value: true });\n\n  const serverResponseWrite = ServerResponse.prototype.write;\n\n  // @ts-ignore\n  ServerResponse.prototype.write = function varlockPatchedServerResponseWrite(...args) {\n    // TODO: do we want to filter out some requests here? maybe based on the file type?\n\n    const rawChunk = args[0];\n    // console.log('⚡️ patched ServerResponse.write', rawChunk);\n\n    // for now, we only scan rendered html... may need to change this though for server components?\n    // so we bail if it looks like this response does not contain html\n    const contentType = this.getHeader('content-type')?.toString() || '';\n    // console.log('patched ServerResponse.write', contentType);\n    let runScan = (\n      contentType.startsWith('text/')\n      || contentType.startsWith('application/json')\n      || (!contentType && typeof rawChunk === 'string')\n      // || contentType.startsWith('application/javascript')\n    );\n\n    const reqUrl = (this as any).req.url;\n    // console.log('> scan ServerResponse.write', contentType, reqUrl);\n    if (runScan && reqUrl && opts?.ignoreUrlPatterns?.some((pattern) => pattern.test(reqUrl))) {\n      runScan = false;\n    }\n\n    // we want to run the scanner on text/html and text/x-component (server actions)\n    // TODO: anything else?\n    if (!runScan) {\n      // @ts-ignore\n      return serverResponseWrite.apply(this, args);\n    }\n\n    // have to deal with compressed data, which is awkward but possible\n    const compressionType = this.getHeader('Content-Encoding');\n    let chunkStr;\n    let chunkType: 'string' | 'encoded' | 'gzip' | null = null;\n    if (typeof rawChunk === 'string') {\n      chunkType = 'string';\n      chunkStr = rawChunk;\n    } else if (!compressionType) {\n      chunkType = 'encoded';\n      const decoder = new TextDecoder();\n      chunkStr = decoder.decode(rawChunk);\n    } else if (compressionType === 'gzip') {\n      chunkType = 'gzip';\n      // first chunk of data contains only compression headers\n      if (!(this as any)._zlibChunks) {\n        // (this as any)._zlibHeadersChunk = rawChunk;\n        (this as any)._zlibChunks = [rawChunk];\n      } else {\n        // TODO: figure out how we can unzip one chunk at a time instead of storing everything\n        (this as any)._zlibChunks?.push(rawChunk);\n        try {\n          const unzippedChunk = zlib.unzipSync(Buffer.concat((this as any)._zlibChunks || []), {\n            flush: zlib.constants.Z_SYNC_FLUSH,\n            finishFlush: zlib.constants.Z_SYNC_FLUSH,\n          });\n          const fullUnzippedData = unzippedChunk.toString('utf-8');\n          chunkStr = fullUnzippedData.substring((this as any)._lastChunkEndIndex || 0);\n          (this as any)._lastChunkEndIndex = fullUnzippedData.length;\n        } catch (err) {\n          // console.log('error unzipping chunk', err);\n        }\n      }\n    }\n    // TODO: we may want to support other compression schemes? but currently only used in nextjs which is using gzip\n    if (chunkStr) {\n      // console.log('scanning!', chunkStr.substring(0, 1000));\n\n\n      try {\n        scanForLeaks(chunkStr, { method: 'patched ServerResponse.write', file: (this as any).req.url });\n      } catch (err) {\n        // console.log('found secret in chunk', chunkType, chunkStr);\n        // console.log(this)\n        if (opts?.redactInsteadOfThrow) {\n          chunkStr = redactSensitiveConfig(chunkStr);\n          if (chunkType === 'string') {\n            args[0] = chunkStr;\n          } else if (chunkType === 'encoded') {\n            const encoder = new TextEncoder();\n            args[0] = encoder.encode(chunkStr);\n          } else if (chunkType === 'gzip') {\n            // currently unable to scrub gzip chunks\n            // this works sometimes, but othertimes causes decoding error\n            // we'll need to pass through chunks from a new gzip stream, because we don't have access to the underlying one\n            // args[0] = zlib.gzipSync(chunkStr, {\n            //   flush: zlib.constants.Z_SYNC_FLUSH,\n            //   finishFlush: zlib.constants.Z_SYNC_FLUSH,\n            // });\n          } else {\n            throw new Error(`unable to scrub - unknown chunk type ${chunkType}`);\n          }\n        } else {\n          throw err;\n        }\n      }\n    }\n\n    // @ts-ignore\n    return serverResponseWrite.apply(this, args);\n  };\n\n  // calling `res.json()` in the api routes on pages router calls `res.end` without called `res.write`\n  const serverResponseEnd = ServerResponse.prototype.end;\n  // @ts-ignore\n  ServerResponse.prototype.end = function patchedServerResponseEnd(...args) {\n    // console.log('⚡️ patched ServerResponse.end');\n    const endChunk = args[0];\n    // this just needs to work (so far) for nextjs sending json bodies, so does not need to handle all cases...\n    if (endChunk && typeof endChunk === 'string') {\n      // TODO: currently this throws the error and then things just hang... do we want to try to return an error type response instead?\n      scanForLeaks(endChunk, { method: 'patched ServerResponse.end' });\n    }\n    // @ts-ignore\n    return serverResponseEnd.apply(this, args);\n  };\n}\n\n"]}

package/dist/{chunk-UPKIHHPE.js → chunk-C5BEZMSO.js}

@@ -40,5 +40,5 @@ function unpatchGlobalConsole() {
 __name(unpatchGlobalConsole, "unpatchGlobalConsole");
 
 export { patchGlobalConsole, unpatchGlobalConsole };
-//# sourceMappingURL=chunk-UPKIHHPE.js.map
-//# sourceMappingURL=chunk-UPKIHHPE.js.map
+//# sourceMappingURL=chunk-C5BEZMSO.js.map
+//# sourceMappingURL=chunk-C5BEZMSO.js.map

package/dist/{chunk-UPKIHHPE.js.map → chunk-C5BEZMSO.js.map}

@@ -1 +1 @@
-{"version":3,"sources":["../src/runtime/patch-console.ts"],"names":[],"mappings":";;;;AAWO,SAAS,kBAAA,GAAqB;AACnC,EAAA,KAAA,CAAM,8CAAoC,CAAA;AAC1C,EAAA,IAAK,OAAA,CAAQ,IAAY,iBAAA,EAAmB;AAC1C,IAAA,KAAA,CAAM,mBAAmB,CAAA;AACzB,IAAA;AAAA,EACF;AACA,EAAA,IAAI,eAAA,CAAgB,eAAe,KAAA,EAAO;AACxC,IAAA,KAAA,CAAM,wBAAwB,CAAA;AAC9B,IAAA;AAAA,EACF;AAQA,EAAA,MAAM,qBAAA,GAAwB,MAAA,CAAO,qBAAA,CAAsB,UAAA,CAAW,OAAO,CAAA,CAAE,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,WAAA,KAAgB,iBAAiB,CAAA;AAG9H,EAAC,UAAA,CAAmB,4BAAA,KAAiC,UAAA,CAAW,OAAA,CAAQ,qBAAqB,CAAA;AAE7F,EAAA,UAAA,CAAW,OAAA,CAAQ,qBAAqB,CAAA,GAAI,WAAY;AACtD,IAAC,UAAA,CAAmB,4BAAA,CAA6B,KAAA,CAAM,IAAA,EAAM;AAAA,MAC3D,UAAU,CAAC,CAAA;AAAA,MACX,qBAAA,CAAsB,SAAA,CAAU,CAAC,CAAC,CAAA;AAAA,MAClC,UAAU,CAAC;AAAA,KACZ,CAAA;AAAA,EACH,CAAA;AAOA,EAAA,KAAA,MAAW,aAAA,IAAiB,CAAC,OAAA,EAAS,OAAA,EAAS,QAAQ,KAAA,EAAO,MAAA,EAAQ,MAAA,EAAQ,OAAO,CAAA,EAAG;AAEtF,IAAA,MAAM,iBAAA,GAAoB,UAAA,CAAW,OAAA,CAAQ,aAAa,CAAA;AAE1D,IAAA,MAAM,4BAAY,MAAA,CAAA,WAAY;AAE5B,MAAA,iBAAA,CAAkB,KAAA,CAAM,MAAM,KAAA,CAAM,IAAA,CAAK,SAAS,CAAA,CAAE,GAAA,CAAI,qBAAqB,CAAC,CAAA;AAAA,IAChF,CAAA,EAHkB,WAAA,CAAA;AAIlB,IAAA,SAAA,CAAU,iBAAA,GAAoB,IAAA;AAG9B,IAAA,UAAA,CAAW,OAAA,CAAQ,aAAa,CAAA,GAAI,SAAA;AAAA,EACtC;AACF;AAhDgB,MAAA,CAAA,kBAAA,EAAA,oBAAA,CAAA;AAuDT,SAAS,oBAAA,GAAuB;AAErC,EAAA,IAAI,CAAE,WAAmB,4BAAA,EAA8B;AAEvD,EAAA,MAAM,qBAAA,GAAwB,MAAA,CAAO,qBAAA,CAAsB,UAAA,CAAW,OAAO,CAAA,CAAE,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,WAAA,KAAgB,iBAAiB,CAAA;AAE9H,EAAA,UAAA,CAAW,OAAA,CAAQ,qBAAqB,CAAA,GAAK,UAAA,CAAmB,4BAAA;AAChE,EAAA,OAAQ,UAAA,CAAmB,4BAAA;AAC7B;AARgB,MAAA,CAAA,oBAAA,EAAA,sBAAA,CAAA","file":"chunk-UPKIHHPE.js","sourcesContent":["/* eslint-disable func-names, no-console, prefer-rest-params */\n\nimport { redactSensitiveConfig, varlockSettings } from './env';\nimport { debug } from './lib/debug';\n\n\n/**\n * patches global console methods to redact sensitive config\n *\n * NOTE - this may not be 100% foolproof depending on the platform\n * */\nexport function patchGlobalConsole() {\n  debug('⚡️ PATCHING global console methods');\n  if ((console.log as any)._varlockPatchedFn) {\n    debug('> already patched');\n    return;\n  }\n  if (varlockSettings.redactLogs === false) {\n    debug('> disabled by settings');\n    return;\n  }\n\n  // our method of patching involves replacing an internal node method which may not be called if console.log itself has also been patched\n  // for example AWS lambdas patches this to write the logs to a file which then is pushed to the rest of their system\n\n  // so first we'll just patch the internal method do deal with normal stdout/stderr logs -------------------------------------\n\n  // we need the internal symbol name to access the internal method\n  const kWriteToConsoleSymbol = Object.getOwnPropertySymbols(globalThis.console).find((s) => s.description === 'kWriteToConsole');\n\n  // @ts-ignore\n  (globalThis as any)._varlockOrigWriteToConsoleFn ||= globalThis.console[kWriteToConsoleSymbol];\n  // @ts-ignore\n  globalThis.console[kWriteToConsoleSymbol] = function () {\n    (globalThis as any)._varlockOrigWriteToConsoleFn.apply(this, [\n      arguments[0],\n      redactSensitiveConfig(arguments[1]),\n      arguments[2],\n    ]);\n  };\n\n  // and now we'll wrap console.log (and the other methods) if it looks like they have been patched already ------------------\n  // NOTE - this will not fully redact from everything since we can't safely reach deep into objects\n  // ideally we would only turn this when the above method does not work, but it's not trivial to detect when it that is the case\n  // so we'll turn it on all the time for now...\n\n  for (const logMethodName of ['trace', 'debug', 'info', 'log', 'info', 'warn', 'error']) {\n    // @ts-ignore\n    const originalLogMethod = globalThis.console[logMethodName];\n\n    const patchedFn = function () {\n      // @ts-ignore\n      originalLogMethod.apply(this, Array.from(arguments).map(redactSensitiveConfig));\n    };\n    patchedFn._varlockPatchedFn = true;\n\n    // @ts-ignore\n    globalThis.console[logMethodName] = patchedFn;\n  }\n}\n\n/**\n * restore's original global console methods to stop redacting secrets\n *\n * (only needed during local development when switching settings on/off in a process that does not reload)\n * */\nexport function unpatchGlobalConsole() {\n  // we'll only care about the normal case where console.log has NOT been patched by something else... (see above)\n  if (!(globalThis as any)._varlockOrigWriteToConsoleFn) return;\n\n  const kWriteToConsoleSymbol = Object.getOwnPropertySymbols(globalThis.console).find((s) => s.description === 'kWriteToConsole');\n  // @ts-ignore\n  globalThis.console[kWriteToConsoleSymbol] = (globalThis as any)._varlockOrigWriteToConsoleFn;\n  delete (globalThis as any)._varlockOrigWriteToConsoleFn;\n}\n\n// ---\n\n// patchGlobalConsole();\n"]}
+{"version":3,"sources":["../src/runtime/patch-console.ts"],"names":[],"mappings":";;;;AAWO,SAAS,kBAAA,GAAqB;AACnC,EAAA,KAAA,CAAM,8CAAoC,CAAA;AAC1C,EAAA,IAAK,OAAA,CAAQ,IAAY,iBAAA,EAAmB;AAC1C,IAAA,KAAA,CAAM,mBAAmB,CAAA;AACzB,IAAA;AAAA,EACF;AACA,EAAA,IAAI,eAAA,CAAgB,eAAe,KAAA,EAAO;AACxC,IAAA,KAAA,CAAM,wBAAwB,CAAA;AAC9B,IAAA;AAAA,EACF;AAQA,EAAA,MAAM,qBAAA,GAAwB,MAAA,CAAO,qBAAA,CAAsB,UAAA,CAAW,OAAO,CAAA,CAAE,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,WAAA,KAAgB,iBAAiB,CAAA;AAG9H,EAAC,UAAA,CAAmB,4BAAA,KAAiC,UAAA,CAAW,OAAA,CAAQ,qBAAqB,CAAA;AAE7F,EAAA,UAAA,CAAW,OAAA,CAAQ,qBAAqB,CAAA,GAAI,WAAY;AACtD,IAAC,UAAA,CAAmB,4BAAA,CAA6B,KAAA,CAAM,IAAA,EAAM;AAAA,MAC3D,UAAU,CAAC,CAAA;AAAA,MACX,qBAAA,CAAsB,SAAA,CAAU,CAAC,CAAC,CAAA;AAAA,MAClC,UAAU,CAAC;AAAA,KACZ,CAAA;AAAA,EACH,CAAA;AAOA,EAAA,KAAA,MAAW,aAAA,IAAiB,CAAC,OAAA,EAAS,OAAA,EAAS,QAAQ,KAAA,EAAO,MAAA,EAAQ,MAAA,EAAQ,OAAO,CAAA,EAAG;AAEtF,IAAA,MAAM,iBAAA,GAAoB,UAAA,CAAW,OAAA,CAAQ,aAAa,CAAA;AAE1D,IAAA,MAAM,4BAAY,MAAA,CAAA,WAAY;AAE5B,MAAA,iBAAA,CAAkB,KAAA,CAAM,MAAM,KAAA,CAAM,IAAA,CAAK,SAAS,CAAA,CAAE,GAAA,CAAI,qBAAqB,CAAC,CAAA;AAAA,IAChF,CAAA,EAHkB,WAAA,CAAA;AAIlB,IAAA,SAAA,CAAU,iBAAA,GAAoB,IAAA;AAG9B,IAAA,UAAA,CAAW,OAAA,CAAQ,aAAa,CAAA,GAAI,SAAA;AAAA,EACtC;AACF;AAhDgB,MAAA,CAAA,kBAAA,EAAA,oBAAA,CAAA;AAuDT,SAAS,oBAAA,GAAuB;AAErC,EAAA,IAAI,CAAE,WAAmB,4BAAA,EAA8B;AAEvD,EAAA,MAAM,qBAAA,GAAwB,MAAA,CAAO,qBAAA,CAAsB,UAAA,CAAW,OAAO,CAAA,CAAE,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,WAAA,KAAgB,iBAAiB,CAAA;AAE9H,EAAA,UAAA,CAAW,OAAA,CAAQ,qBAAqB,CAAA,GAAK,UAAA,CAAmB,4BAAA;AAChE,EAAA,OAAQ,UAAA,CAAmB,4BAAA;AAC7B;AARgB,MAAA,CAAA,oBAAA,EAAA,sBAAA,CAAA","file":"chunk-C5BEZMSO.js","sourcesContent":["/* eslint-disable func-names, no-console, prefer-rest-params */\n\nimport { redactSensitiveConfig, varlockSettings } from './env';\nimport { debug } from './lib/debug';\n\n\n/**\n * patches global console methods to redact sensitive config\n *\n * NOTE - this may not be 100% foolproof depending on the platform\n * */\nexport function patchGlobalConsole() {\n  debug('⚡️ PATCHING global console methods');\n  if ((console.log as any)._varlockPatchedFn) {\n    debug('> already patched');\n    return;\n  }\n  if (varlockSettings.redactLogs === false) {\n    debug('> disabled by settings');\n    return;\n  }\n\n  // our method of patching involves replacing an internal node method which may not be called if console.log itself has also been patched\n  // for example AWS lambdas patches this to write the logs to a file which then is pushed to the rest of their system\n\n  // so first we'll just patch the internal method do deal with normal stdout/stderr logs -------------------------------------\n\n  // we need the internal symbol name to access the internal method\n  const kWriteToConsoleSymbol = Object.getOwnPropertySymbols(globalThis.console).find((s) => s.description === 'kWriteToConsole');\n\n  // @ts-ignore\n  (globalThis as any)._varlockOrigWriteToConsoleFn ||= globalThis.console[kWriteToConsoleSymbol];\n  // @ts-ignore\n  globalThis.console[kWriteToConsoleSymbol] = function () {\n    (globalThis as any)._varlockOrigWriteToConsoleFn.apply(this, [\n      arguments[0],\n      redactSensitiveConfig(arguments[1]),\n      arguments[2],\n    ]);\n  };\n\n  // and now we'll wrap console.log (and the other methods) if it looks like they have been patched already ------------------\n  // NOTE - this will not fully redact from everything since we can't safely reach deep into objects\n  // ideally we would only turn this when the above method does not work, but it's not trivial to detect when it that is the case\n  // so we'll turn it on all the time for now...\n\n  for (const logMethodName of ['trace', 'debug', 'info', 'log', 'info', 'warn', 'error']) {\n    // @ts-ignore\n    const originalLogMethod = globalThis.console[logMethodName];\n\n    const patchedFn = function () {\n      // @ts-ignore\n      originalLogMethod.apply(this, Array.from(arguments).map(redactSensitiveConfig));\n    };\n    patchedFn._varlockPatchedFn = true;\n\n    // @ts-ignore\n    globalThis.console[logMethodName] = patchedFn;\n  }\n}\n\n/**\n * restore's original global console methods to stop redacting secrets\n *\n * (only needed during local development when switching settings on/off in a process that does not reload)\n * */\nexport function unpatchGlobalConsole() {\n  // we'll only care about the normal case where console.log has NOT been patched by something else... (see above)\n  if (!(globalThis as any)._varlockOrigWriteToConsoleFn) return;\n\n  const kWriteToConsoleSymbol = Object.getOwnPropertySymbols(globalThis.console).find((s) => s.description === 'kWriteToConsole');\n  // @ts-ignore\n  globalThis.console[kWriteToConsoleSymbol] = (globalThis as any)._varlockOrigWriteToConsoleFn;\n  delete (globalThis as any)._varlockOrigWriteToConsoleFn;\n}\n"]}

package/dist/{chunk-UA3DMAAQ.js → chunk-EPKIAPPA.js}

@@ -1,6 +1,6 @@
-import { logLines } from './chunk-5EBVEGDW.js';
+import { logLines } from './chunk-LYSRVOTA.js';
 import { define } from './chunk-33ROL4J5.js';
-import { gracefulExit, ansis_default } from './chunk-MV5ZAKN7.js';
+import { gracefulExit, ansis_default } from './chunk-IWQ4BDSW.js';
 import { __name } from './chunk-XN24GZXQ.js';
 import { setTimeout } from 'timers/promises';
 import os from 'os';
@@ -142,5 +142,5 @@ var commandFn = /* @__PURE__ */ __name(async (ctx) => {
 }, "commandFn");
 
 export { CONFIG, commandFn, commandSpec };
-//# sourceMappingURL=chunk-UA3DMAAQ.js.map
-//# sourceMappingURL=chunk-UA3DMAAQ.js.map
+//# sourceMappingURL=chunk-EPKIAPPA.js.map
+//# sourceMappingURL=chunk-EPKIAPPA.js.map

package/dist/{chunk-UA3DMAAQ.js.map → chunk-EPKIAPPA.js.map}

@@ -1 +1 @@
-{"version":3,"sources":["../src/config.ts","../src/cli/helpers/open-url.ts","../src/cli/helpers/key-press.ts","../src/cli/commands/login.command.ts"],"names":["delay"],"mappings":";;;;;;;;;AAIO,IAAM,MAAA,GAAS;AAAA;AAAA,EAEpB,eAAA,EAAiB,yBAAA;AAAA,EACjB,oBAAA,EAAsB,sBAAA;AAAA;AAAA,EACtB,eAAA,EAAiB,iDAAA;AAAA,EACjB,YAAA,EAAc;AAChB;ACPA,IAAM,QAAA,GAAW,GAAG,QAAA,EAAS;AAE7B,IAAM,SAAA,GAAY,QAAA,CAAS,KAAA,CAAM,OAAO,CAAA;AACxC,IAAM,KAAA,GAAQ,QAAA,CAAS,KAAA,CAAM,UAAU,CAAA;AACvC,IAAM,OAAA,GAAW,CAAC,SAAA,IAAa,CAAC,KAAA;AAGzB,SAAS,QAAQ,GAAA,EAAa;AACnC,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,KAAA,CAAM,KAAA,EAAO,CAAC,IAAA,EAAM,OAAA,EAAS,GAAA,EAAK,GAAG,CAAA,EAAG,EAAE,QAAA,EAAU,IAAA,EAAM,CAAA;AAAA,EAC5D,WAAW,KAAA,EAAO;AAChB,IAAA,KAAA,CAAM,QAAQ,CAAC,GAAG,GAAG,EAAE,QAAA,EAAU,MAAM,CAAA;AAAA,EACzC,WAAW,OAAA,EAAS;AAElB,IAAA,KAAA,CAAM,YAAY,CAAC,GAAG,GAAG,EAAE,QAAA,EAAU,MAAM,CAAA;AAAA,EAC7C;AACF;AATgB,MAAA,CAAA,OAAA,EAAA,SAAA,CAAA;;;ACRhB,eAAsB,UAAA,CAAW,OAA6B,IAAA,EAAM;AAClE,EAAA,OAAA,CAAQ,KAAA,CAAM,WAAW,IAAI,CAAA;AAC7B,EAAA,OAAO,IAAI,OAAA,CAAc,CAAC,OAAA,KAAY;AACpC,IAAA,SAAS,gBAAgB,CAAA,EAAW;AAClC,MAAA,MAAM,MAAA,GAAS,EAAE,QAAA,EAAS;AAE1B,MAAA,IAAI,CAAC,GAAA,EAAU,GAAQ,CAAA,CAAE,QAAA,CAAS,MAAM,CAAA,EAAG;AACzC,QAAA,OAAO,aAAa,CAAC,CAAA;AAAA,MACvB;AACA,MAAA,IAAI,IAAA,KAAS,IAAA,IAAQ,IAAA,CAAK,QAAA,CAAS,MAAM,CAAA,EAAG;AAC1C,QAAA,OAAA,CAAQ,KAAA,CAAM,WAAW,KAAK,CAAA;AAC9B,QAAA,OAAA,CAAQ,KAAA,CAAM,GAAA,CAAI,MAAA,EAAQ,eAAe,CAAA;AACzC,QAAA,OAAA,EAAQ;AAAA,MACV;AAAA,IACF;AAXS,IAAA,MAAA,CAAA,eAAA,EAAA,iBAAA,CAAA;AAYT,IAAA,OAAA,CAAQ,KAAA,CAAM,EAAA,CAAG,MAAA,EAAQ,eAAe,CAAA;AAAA,EAC1C,CAAC,CAAA;AACH;AAjBsB,MAAA,CAAA,UAAA,EAAA,YAAA,CAAA;;;ACUf,IAAM,cAAc,MAAA,CAAO;AAAA,EAChC,IAAA,EAAM,OAAA;AAAA,EACN,WAAA,EAAa,6BAAA;AAAA,EACb,MAAM;AACR,CAAC;AAGM,IAAM,SAAA,iCAA6D,GAAA,KAAQ;AAChF,EAAA,MAAM,OAAA,GAAU,MAAM,KAAA,CAAM,sCAAA,EAAwC;AAAA,IAClE,MAAA,EAAQ,MAAA;AAAA,IACR,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,MACnB,WAAW,MAAA,CAAO;AAAA,KACnB,CAAA;AAAA,IACD,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA;AACV,GACD,CAAA;AACD,EAAA,IAAI,OAAA,CAAQ,WAAW,GAAA,EAAK;AAC1B,IAAA,OAAA,CAAQ,IAAI,8CAA8C,CAAA;AAC1D,IAAA,OAAO,aAAa,CAAC,CAAA;AAAA,EACvB;AAEA,EAAA,MAAM,UAAA,GAAa,MAAM,OAAA,CAAQ,IAAA,EAAK;AAQtC,EAAA,QAAA,CAAS;AAAA,IACP,wCAAA;AAAA,IACA,EAAA;AAAA,IACA,gCAAgC,aAAA,CAAM,IAAA,CAAK,OAAA,CAAQ,UAAA,CAAW,SAAS,CAAC,CAAA,CAAA;AAAA,IACxE,EAAA;AAAA,IACA,CAAA,SAAA,EAAY,WAAW,gBAAgB,CAAA,CAAA;AAAA,IACvC,EAAA;AAAA,IACA;AAAA,GACD,CAAA;AACD,EAAA,MAAM,UAAA,CAAW,CAAC,IAAI,CAAC,CAAA;AACvB,EAAA,OAAA,CAAQ,GAAA,CAAI,aAAA,CAAM,MAAA,CAAO,IAAA,CAAK,6CAA6C,CAAC,CAAA;AAC5E,EAAA,OAAA,CAAQ,WAAW,gBAAgB,CAAA;AAEnC,EAAA,MAAM,MAAA,GAAS,WAAW,QAAA,GAAW,GAAA;AACrC,EAAA,MAAM,SAAA,GAAY,WAAW,UAAA,GAAa,GAAA;AAC1C,EAAA,MAAM,OAAA,uBAAc,IAAA,EAAK;AAEzB,EAAA,IAAI,WAAA;AACJ,EAAA,OAAO,IAAA,EAAM;AACX,IAAA,MAAMA,WAAM,MAAM,CAAA;AAClB,IAAA,IAAI;AACF,MAAA,MAAM,cAAA,GAAiB,MAAM,KAAA,CAAM,6CAAA,EAA+C;AAAA,QAChF,MAAA,EAAQ,MAAA;AAAA,QACR,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,UACnB,WAAW,MAAA,CAAO,oBAAA;AAAA,UAClB,aAAa,UAAA,CAAW,WAAA;AAAA,UACxB,UAAA,EAAY;AAAA,SACb,CAAA;AAAA,QACD,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB,kBAAA;AAAA,UAChB,MAAA,EAAQ;AAAA;AACV,OACD,CAAA;AACD,MAAA,WAAA,GAAc,MAAM,eAAe,IAAA,EAAK;AAAA,IAC1C,SAAS,GAAA,EAAK;AACZ,MAAA,OAAA,CAAQ,IAAI,GAAG,CAAA;AAAA,IACjB;AAIA,IAAA,IAAI,WAAA,CAAY,UAAU,eAAA,EAAiB;AACzC,MAAA,OAAA,CAAQ,IAAI,uDAAkD,CAAA;AAC9D,MAAA,OAAO,aAAa,CAAC,CAAA;AAAA,IACvB;AAGA,IAAA,IAAI,YAAY,YAAA,EAAc;AAG9B,IAAA,IAAA,iBAAI,IAAI,MAAK,EAAE,OAAA,KAAY,OAAA,CAAQ,OAAA,KAAY,SAAA,EAAW;AACxD,MAAA,OAAA,CAAQ,IAAI,2CAAsC,CAAA;AAClD,MAAA,OAAO,aAAa,CAAC,CAAA;AAAA,IACvB;AAAA,EACF;AAaA,EAAA,MAAM,UAAU,MAAM,KAAA,CAAM,CAAA,EAAG,MAAA,CAAO,eAAe,CAAA,6BAAA,CAAA,EAAiC;AAAA,IACpF,MAAA,EAAQ,MAAA;AAAA,IACR,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,MACnB,aAAa,WAAA,CAAY,YAAA;AAAA,MACzB,cAAc,WAAA,CAAY,aAAA;AAAA,MAC1B,oBAAA,EAAsB,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,KAAQ,WAAA,CAAY,UAAA,GAAa,GAAI,CAAA,CAAE,WAAA,EAAY;AAAA,MACvF,qBAAA,EAAuB,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,KAAQ,WAAA,CAAY,wBAAA,GAA2B,GAAI,CAAA,CAAE,WAAA,EAAY;AAAA,MACtG,WAAW,WAAA,CAAY,UAAA;AAAA,MACvB,OAAO,WAAA,CAAY;AAAA,KACpB,CAAA;AAAA,IACD,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA;AACV,GACD,CAAA;AACD,EAAA,IAAI,OAAA,CAAQ,WAAW,GAAA,EAAK;AAC1B,IAAA,OAAA,CAAQ,GAAA,CAAI,MAAM,OAAA,CAAQ,IAAA,EAAM,CAAA;AAChC,IAAA,OAAO,aAAa,CAAC,CAAA;AAAA,EACvB;AAEA,EAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,IAAA,EAAK;AAenC,EAAA,OAAA,CAAQ,GAAA,CAAI,uBAAkB,OAAA,CAAQ,IAAA,CAAK,cAAc,CAAA,EAAA,EAAK,OAAA,CAAQ,IAAA,CAAK,IAAI,CAAA,EAAA,CAAI,CAAA;AACrF,CAAA,EA9HmE,WAAA","file":"chunk-UA3DMAAQ.js","sourcesContent":["// TODO: figure out dev vs prod env vars... would be great to use varlock here!\n\n// NOTE - these keys are safe to publish\n\nexport const CONFIG = {\n  // VARLOCK_API_URL: 'http://localhost:8888',\n  VARLOCK_API_URL: 'https://api.varlock.dev',\n  GITHUB_APP_CLIENT_ID: 'Iv23li50gB8bMxLauiJQ', // varlock.dev app\n  POSTHOG_API_KEY: 'phc_bfzH97VIta8yQa8HrsgmitqS6rTydjMISs0m8aqJTnq',\n  POSTHOG_HOST: 'https://ph.varlock.dev',\n};\n","import os from 'node:os';\nimport { spawn } from 'node:child_process';\n\nconst platform = os.platform();\n\nconst isWindows = platform.match(/^win/i);\nconst isMac = platform.match(/^darwin/i);\nconst isLinux = (!isWindows && !isMac);\n\n/** opens a url using the default browser */\nexport function openUrl(url: string) {\n  if (isWindows) {\n    spawn('cmd', ['/c', 'start', ' ', url], { detached: true });\n  } else if (isMac) {\n    spawn('open', [url], { detached: true });\n  } else if (isLinux) {\n    // TODO: maybe check for x-www-browser instead?\n    spawn('xdg-open', [url], { detached: true });\n  }\n}\n","import { gracefulExit } from 'exit-hook';\n\nexport async function keyPressed(keys: Array<string> | true = true) {\n  process.stdin.setRawMode(true);\n  return new Promise<void>((resolve) => {\n    function keyPressHandler(d: Buffer) {\n      const keyStr = d.toString();\n      // exit on ctrl+c or ctrl+d\n      if (['\\u0003', '\\u0004'].includes(keyStr)) {\n        return gracefulExit(1);\n      }\n      if (keys === true || keys.includes(keyStr)) {\n        process.stdin.setRawMode(false);\n        process.stdin.off('data', keyPressHandler);\n        resolve();\n      }\n    }\n    process.stdin.on('data', keyPressHandler);\n  });\n}\n","\nimport { setTimeout as delay } from 'node:timers/promises';\nimport ansis from 'ansis';\nimport { define } from 'gunshi';\nimport { logLines } from '../helpers/pretty-format';\nimport { CONFIG } from '../../config';\nimport { openUrl } from '../helpers/open-url';\nimport { keyPressed } from '../helpers/key-press';\nimport { type TypedGunshiCommandFn } from '../helpers/gunshi-type-utils';\nimport { gracefulExit } from 'exit-hook';\n\n\nexport const commandSpec = define({\n  name: 'login',\n  description: 'Authenticate (using GitHub)',\n  args: {},\n});\n\n\nexport const commandFn: TypedGunshiCommandFn<typeof commandSpec> = async (ctx) => {\n  const codeReq = await fetch('https://github.com/login/device/code', {\n    method: 'POST',\n    body: JSON.stringify({\n      client_id: CONFIG.GITHUB_APP_CLIENT_ID,\n    }),\n    headers: {\n      'Content-Type': 'application/json',\n      Accept: 'application/json',\n    },\n  });\n  if (codeReq.status !== 200) {\n    console.log('Failed to initiate GitHub device flow login!');\n    return gracefulExit(1);\n  }\n\n  const ghCodeInfo = await codeReq.json() as {\n    device_code: string;\n    user_code: string;\n    verification_uri: string;\n    expires_in: number;\n    interval: number;\n  };\n\n  logLines([\n    '🔑 Authenticating using GitHub:',\n    '',\n    `First please copy this code: ${ansis.bold.magenta(ghCodeInfo.user_code)}`,\n    '',\n    `Log in @ ${ghCodeInfo.verification_uri}`,\n    '',\n    'Press ENTER to open in your default browser...',\n  ]);\n  await keyPressed(['\\r']);\n  console.log(ansis.italic.gray('... please complete login on github.com ...'));\n  openUrl(ghCodeInfo.verification_uri);\n\n  const pollMs = ghCodeInfo.interval * 1000;\n  const expiresMs = ghCodeInfo.expires_in * 1000;\n  const startAt = new Date();\n\n  let oauthStatus: any;\n  while (true) {\n    await delay(pollMs);\n    try {\n      const oauthStatusReq = await fetch('https://github.com/login/oauth/access_token', {\n        method: 'POST',\n        body: JSON.stringify({\n          client_id: CONFIG.GITHUB_APP_CLIENT_ID,\n          device_code: ghCodeInfo.device_code,\n          grant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n        }),\n        headers: {\n          'Content-Type': 'application/json',\n          Accept: 'application/json',\n        },\n      });\n      oauthStatus = await oauthStatusReq.json();\n    } catch (err) {\n      console.log(err);\n    }\n\n    // we are expecting to see { error: 'authorization_pending' }\n    // probably a few more error types we could bail early on\n    if (oauthStatus.error === 'access_denied') {\n      console.log('❌ Login attempt was cancelled! Please try again.');\n      return gracefulExit(1);\n    }\n\n    // if we got the token, we break and continue\n    if (oauthStatus.access_token) break;\n\n    // if we've been polling for too long, give up\n    if (new Date().getTime() - startAt.getTime() > expiresMs) {\n      console.log('❌ Login timed out! Please try again.');\n      return gracefulExit(1);\n    }\n  }\n\n  // oauthStatus when completed looks like:\n  // {\n  //   access_token: 'ghu_abcxyz',\n  //   expires_in: 28800,\n  //   refresh_token: 'ghr_abcxyz',\n  //   refresh_token_expires_in: 15897600,\n  //   token_type: 'bearer',\n  //   scope: ''\n  // }\n\n  // pass along github auth info to API, which will fetch info from HG, handle login/signup, return JWT\n  const authReq = await fetch(`${CONFIG.VARLOCK_API_URL}/github/auth-from-device-flow`, {\n    method: 'POST',\n    body: JSON.stringify({\n      accessToken: oauthStatus.access_token,\n      refreshToken: oauthStatus.refresh_token,\n      accessTokenExpiresAt: new Date(Date.now() + oauthStatus.expires_in * 1000).toISOString(),\n      refreshTokenExpiresAt: new Date(Date.now() + oauthStatus.refresh_token_expires_in * 1000).toISOString(),\n      tokenType: oauthStatus.token_type,\n      scope: oauthStatus.scope,\n    }),\n    headers: {\n      'Content-Type': 'application/json',\n      Accept: 'application/json',\n    },\n  });\n  if (authReq.status !== 200) {\n    console.log(await authReq.json());\n    return gracefulExit(1);\n  }\n\n  const authRes = await authReq.json() as {\n    user: {\n      githubUserId: string;\n      githubUsername: string;\n      name: string;\n    },\n    token: string;\n    isNewUser: boolean;\n    publicKey?: string;\n  };\n\n  // TODO: if app exists, pass off login info to it instead of storing in home folder\n  // otherwise save login info in ~/.varlock/identity.json\n  // also save it along with a new keypair if necessary, and send the public key to the api\n\n  console.log(`✅ Logged in as ${authRes.user.githubUsername} (${authRes.user.name})!`);\n};\n"]}
+{"version":3,"sources":["../src/config.ts","../src/cli/helpers/open-url.ts","../src/cli/helpers/key-press.ts","../src/cli/commands/login.command.ts"],"names":["delay"],"mappings":";;;;;;;;;AAIO,IAAM,MAAA,GAAS;AAAA;AAAA,EAEpB,eAAA,EAAiB,yBAAA;AAAA,EACjB,oBAAA,EAAsB,sBAAA;AAAA;AAAA,EACtB,eAAA,EAAiB,iDAAA;AAAA,EACjB,YAAA,EAAc;AAChB;ACPA,IAAM,QAAA,GAAW,GAAG,QAAA,EAAS;AAE7B,IAAM,SAAA,GAAY,QAAA,CAAS,KAAA,CAAM,OAAO,CAAA;AACxC,IAAM,KAAA,GAAQ,QAAA,CAAS,KAAA,CAAM,UAAU,CAAA;AACvC,IAAM,OAAA,GAAW,CAAC,SAAA,IAAa,CAAC,KAAA;AAGzB,SAAS,QAAQ,GAAA,EAAa;AACnC,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,KAAA,CAAM,KAAA,EAAO,CAAC,IAAA,EAAM,OAAA,EAAS,GAAA,EAAK,GAAG,CAAA,EAAG,EAAE,QAAA,EAAU,IAAA,EAAM,CAAA;AAAA,EAC5D,WAAW,KAAA,EAAO;AAChB,IAAA,KAAA,CAAM,QAAQ,CAAC,GAAG,GAAG,EAAE,QAAA,EAAU,MAAM,CAAA;AAAA,EACzC,WAAW,OAAA,EAAS;AAElB,IAAA,KAAA,CAAM,YAAY,CAAC,GAAG,GAAG,EAAE,QAAA,EAAU,MAAM,CAAA;AAAA,EAC7C;AACF;AATgB,MAAA,CAAA,OAAA,EAAA,SAAA,CAAA;;;ACRhB,eAAsB,UAAA,CAAW,OAA6B,IAAA,EAAM;AAClE,EAAA,OAAA,CAAQ,KAAA,CAAM,WAAW,IAAI,CAAA;AAC7B,EAAA,OAAO,IAAI,OAAA,CAAc,CAAC,OAAA,KAAY;AACpC,IAAA,SAAS,gBAAgB,CAAA,EAAW;AAClC,MAAA,MAAM,MAAA,GAAS,EAAE,QAAA,EAAS;AAE1B,MAAA,IAAI,CAAC,GAAA,EAAU,GAAQ,CAAA,CAAE,QAAA,CAAS,MAAM,CAAA,EAAG;AACzC,QAAA,OAAO,aAAa,CAAC,CAAA;AAAA,MACvB;AACA,MAAA,IAAI,IAAA,KAAS,IAAA,IAAQ,IAAA,CAAK,QAAA,CAAS,MAAM,CAAA,EAAG;AAC1C,QAAA,OAAA,CAAQ,KAAA,CAAM,WAAW,KAAK,CAAA;AAC9B,QAAA,OAAA,CAAQ,KAAA,CAAM,GAAA,CAAI,MAAA,EAAQ,eAAe,CAAA;AACzC,QAAA,OAAA,EAAQ;AAAA,MACV;AAAA,IACF;AAXS,IAAA,MAAA,CAAA,eAAA,EAAA,iBAAA,CAAA;AAYT,IAAA,OAAA,CAAQ,KAAA,CAAM,EAAA,CAAG,MAAA,EAAQ,eAAe,CAAA;AAAA,EAC1C,CAAC,CAAA;AACH;AAjBsB,MAAA,CAAA,UAAA,EAAA,YAAA,CAAA;;;ACUf,IAAM,cAAc,MAAA,CAAO;AAAA,EAChC,IAAA,EAAM,OAAA;AAAA,EACN,WAAA,EAAa,6BAAA;AAAA,EACb,MAAM;AACR,CAAC;AAGM,IAAM,SAAA,iCAA6D,GAAA,KAAQ;AAChF,EAAA,MAAM,OAAA,GAAU,MAAM,KAAA,CAAM,sCAAA,EAAwC;AAAA,IAClE,MAAA,EAAQ,MAAA;AAAA,IACR,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,MACnB,WAAW,MAAA,CAAO;AAAA,KACnB,CAAA;AAAA,IACD,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA;AACV,GACD,CAAA;AACD,EAAA,IAAI,OAAA,CAAQ,WAAW,GAAA,EAAK;AAC1B,IAAA,OAAA,CAAQ,IAAI,8CAA8C,CAAA;AAC1D,IAAA,OAAO,aAAa,CAAC,CAAA;AAAA,EACvB;AAEA,EAAA,MAAM,UAAA,GAAa,MAAM,OAAA,CAAQ,IAAA,EAAK;AAQtC,EAAA,QAAA,CAAS;AAAA,IACP,wCAAA;AAAA,IACA,EAAA;AAAA,IACA,gCAAgC,aAAA,CAAM,IAAA,CAAK,OAAA,CAAQ,UAAA,CAAW,SAAS,CAAC,CAAA,CAAA;AAAA,IACxE,EAAA;AAAA,IACA,CAAA,SAAA,EAAY,WAAW,gBAAgB,CAAA,CAAA;AAAA,IACvC,EAAA;AAAA,IACA;AAAA,GACD,CAAA;AACD,EAAA,MAAM,UAAA,CAAW,CAAC,IAAI,CAAC,CAAA;AACvB,EAAA,OAAA,CAAQ,GAAA,CAAI,aAAA,CAAM,MAAA,CAAO,IAAA,CAAK,6CAA6C,CAAC,CAAA;AAC5E,EAAA,OAAA,CAAQ,WAAW,gBAAgB,CAAA;AAEnC,EAAA,MAAM,MAAA,GAAS,WAAW,QAAA,GAAW,GAAA;AACrC,EAAA,MAAM,SAAA,GAAY,WAAW,UAAA,GAAa,GAAA;AAC1C,EAAA,MAAM,OAAA,uBAAc,IAAA,EAAK;AAEzB,EAAA,IAAI,WAAA;AACJ,EAAA,OAAO,IAAA,EAAM;AACX,IAAA,MAAMA,WAAM,MAAM,CAAA;AAClB,IAAA,IAAI;AACF,MAAA,MAAM,cAAA,GAAiB,MAAM,KAAA,CAAM,6CAAA,EAA+C;AAAA,QAChF,MAAA,EAAQ,MAAA;AAAA,QACR,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,UACnB,WAAW,MAAA,CAAO,oBAAA;AAAA,UAClB,aAAa,UAAA,CAAW,WAAA;AAAA,UACxB,UAAA,EAAY;AAAA,SACb,CAAA;AAAA,QACD,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB,kBAAA;AAAA,UAChB,MAAA,EAAQ;AAAA;AACV,OACD,CAAA;AACD,MAAA,WAAA,GAAc,MAAM,eAAe,IAAA,EAAK;AAAA,IAC1C,SAAS,GAAA,EAAK;AACZ,MAAA,OAAA,CAAQ,IAAI,GAAG,CAAA;AAAA,IACjB;AAIA,IAAA,IAAI,WAAA,CAAY,UAAU,eAAA,EAAiB;AACzC,MAAA,OAAA,CAAQ,IAAI,uDAAkD,CAAA;AAC9D,MAAA,OAAO,aAAa,CAAC,CAAA;AAAA,IACvB;AAGA,IAAA,IAAI,YAAY,YAAA,EAAc;AAG9B,IAAA,IAAA,iBAAI,IAAI,MAAK,EAAE,OAAA,KAAY,OAAA,CAAQ,OAAA,KAAY,SAAA,EAAW;AACxD,MAAA,OAAA,CAAQ,IAAI,2CAAsC,CAAA;AAClD,MAAA,OAAO,aAAa,CAAC,CAAA;AAAA,IACvB;AAAA,EACF;AAaA,EAAA,MAAM,UAAU,MAAM,KAAA,CAAM,CAAA,EAAG,MAAA,CAAO,eAAe,CAAA,6BAAA,CAAA,EAAiC;AAAA,IACpF,MAAA,EAAQ,MAAA;AAAA,IACR,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,MACnB,aAAa,WAAA,CAAY,YAAA;AAAA,MACzB,cAAc,WAAA,CAAY,aAAA;AAAA,MAC1B,oBAAA,EAAsB,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,KAAQ,WAAA,CAAY,UAAA,GAAa,GAAI,CAAA,CAAE,WAAA,EAAY;AAAA,MACvF,qBAAA,EAAuB,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,KAAQ,WAAA,CAAY,wBAAA,GAA2B,GAAI,CAAA,CAAE,WAAA,EAAY;AAAA,MACtG,WAAW,WAAA,CAAY,UAAA;AAAA,MACvB,OAAO,WAAA,CAAY;AAAA,KACpB,CAAA;AAAA,IACD,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA;AACV,GACD,CAAA;AACD,EAAA,IAAI,OAAA,CAAQ,WAAW,GAAA,EAAK;AAC1B,IAAA,OAAA,CAAQ,GAAA,CAAI,MAAM,OAAA,CAAQ,IAAA,EAAM,CAAA;AAChC,IAAA,OAAO,aAAa,CAAC,CAAA;AAAA,EACvB;AAEA,EAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,IAAA,EAAK;AAenC,EAAA,OAAA,CAAQ,GAAA,CAAI,uBAAkB,OAAA,CAAQ,IAAA,CAAK,cAAc,CAAA,EAAA,EAAK,OAAA,CAAQ,IAAA,CAAK,IAAI,CAAA,EAAA,CAAI,CAAA;AACrF,CAAA,EA9HmE,WAAA","file":"chunk-EPKIAPPA.js","sourcesContent":["// TODO: figure out dev vs prod env vars... would be great to use varlock here!\n\n// NOTE - these keys are safe to publish\n\nexport const CONFIG = {\n  // VARLOCK_API_URL: 'http://localhost:8888',\n  VARLOCK_API_URL: 'https://api.varlock.dev',\n  GITHUB_APP_CLIENT_ID: 'Iv23li50gB8bMxLauiJQ', // varlock.dev app\n  POSTHOG_API_KEY: 'phc_bfzH97VIta8yQa8HrsgmitqS6rTydjMISs0m8aqJTnq',\n  POSTHOG_HOST: 'https://ph.varlock.dev',\n};\n","import os from 'node:os';\nimport { spawn } from 'node:child_process';\n\nconst platform = os.platform();\n\nconst isWindows = platform.match(/^win/i);\nconst isMac = platform.match(/^darwin/i);\nconst isLinux = (!isWindows && !isMac);\n\n/** opens a url using the default browser */\nexport function openUrl(url: string) {\n  if (isWindows) {\n    spawn('cmd', ['/c', 'start', ' ', url], { detached: true });\n  } else if (isMac) {\n    spawn('open', [url], { detached: true });\n  } else if (isLinux) {\n    // TODO: maybe check for x-www-browser instead?\n    spawn('xdg-open', [url], { detached: true });\n  }\n}\n","import { gracefulExit } from 'exit-hook';\n\nexport async function keyPressed(keys: Array<string> | true = true) {\n  process.stdin.setRawMode(true);\n  return new Promise<void>((resolve) => {\n    function keyPressHandler(d: Buffer) {\n      const keyStr = d.toString();\n      // exit on ctrl+c or ctrl+d\n      if (['\\u0003', '\\u0004'].includes(keyStr)) {\n        return gracefulExit(1);\n      }\n      if (keys === true || keys.includes(keyStr)) {\n        process.stdin.setRawMode(false);\n        process.stdin.off('data', keyPressHandler);\n        resolve();\n      }\n    }\n    process.stdin.on('data', keyPressHandler);\n  });\n}\n","\nimport { setTimeout as delay } from 'node:timers/promises';\nimport ansis from 'ansis';\nimport { define } from 'gunshi';\nimport { logLines } from '../helpers/pretty-format';\nimport { CONFIG } from '../../config';\nimport { openUrl } from '../helpers/open-url';\nimport { keyPressed } from '../helpers/key-press';\nimport { type TypedGunshiCommandFn } from '../helpers/gunshi-type-utils';\nimport { gracefulExit } from 'exit-hook';\n\n\nexport const commandSpec = define({\n  name: 'login',\n  description: 'Authenticate (using GitHub)',\n  args: {},\n});\n\n\nexport const commandFn: TypedGunshiCommandFn<typeof commandSpec> = async (ctx) => {\n  const codeReq = await fetch('https://github.com/login/device/code', {\n    method: 'POST',\n    body: JSON.stringify({\n      client_id: CONFIG.GITHUB_APP_CLIENT_ID,\n    }),\n    headers: {\n      'Content-Type': 'application/json',\n      Accept: 'application/json',\n    },\n  });\n  if (codeReq.status !== 200) {\n    console.log('Failed to initiate GitHub device flow login!');\n    return gracefulExit(1);\n  }\n\n  const ghCodeInfo = await codeReq.json() as {\n    device_code: string;\n    user_code: string;\n    verification_uri: string;\n    expires_in: number;\n    interval: number;\n  };\n\n  logLines([\n    '🔑 Authenticating using GitHub:',\n    '',\n    `First please copy this code: ${ansis.bold.magenta(ghCodeInfo.user_code)}`,\n    '',\n    `Log in @ ${ghCodeInfo.verification_uri}`,\n    '',\n    'Press ENTER to open in your default browser...',\n  ]);\n  await keyPressed(['\\r']);\n  console.log(ansis.italic.gray('... please complete login on github.com ...'));\n  openUrl(ghCodeInfo.verification_uri);\n\n  const pollMs = ghCodeInfo.interval * 1000;\n  const expiresMs = ghCodeInfo.expires_in * 1000;\n  const startAt = new Date();\n\n  let oauthStatus: any;\n  while (true) {\n    await delay(pollMs);\n    try {\n      const oauthStatusReq = await fetch('https://github.com/login/oauth/access_token', {\n        method: 'POST',\n        body: JSON.stringify({\n          client_id: CONFIG.GITHUB_APP_CLIENT_ID,\n          device_code: ghCodeInfo.device_code,\n          grant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n        }),\n        headers: {\n          'Content-Type': 'application/json',\n          Accept: 'application/json',\n        },\n      });\n      oauthStatus = await oauthStatusReq.json();\n    } catch (err) {\n      console.log(err);\n    }\n\n    // we are expecting to see { error: 'authorization_pending' }\n    // probably a few more error types we could bail early on\n    if (oauthStatus.error === 'access_denied') {\n      console.log('❌ Login attempt was cancelled! Please try again.');\n      return gracefulExit(1);\n    }\n\n    // if we got the token, we break and continue\n    if (oauthStatus.access_token) break;\n\n    // if we've been polling for too long, give up\n    if (new Date().getTime() - startAt.getTime() > expiresMs) {\n      console.log('❌ Login timed out! Please try again.');\n      return gracefulExit(1);\n    }\n  }\n\n  // oauthStatus when completed looks like:\n  // {\n  //   access_token: 'ghu_abcxyz',\n  //   expires_in: 28800,\n  //   refresh_token: 'ghr_abcxyz',\n  //   refresh_token_expires_in: 15897600,\n  //   token_type: 'bearer',\n  //   scope: ''\n  // }\n\n  // pass along github auth info to API, which will fetch info from HG, handle login/signup, return JWT\n  const authReq = await fetch(`${CONFIG.VARLOCK_API_URL}/github/auth-from-device-flow`, {\n    method: 'POST',\n    body: JSON.stringify({\n      accessToken: oauthStatus.access_token,\n      refreshToken: oauthStatus.refresh_token,\n      accessTokenExpiresAt: new Date(Date.now() + oauthStatus.expires_in * 1000).toISOString(),\n      refreshTokenExpiresAt: new Date(Date.now() + oauthStatus.refresh_token_expires_in * 1000).toISOString(),\n      tokenType: oauthStatus.token_type,\n      scope: oauthStatus.scope,\n    }),\n    headers: {\n      'Content-Type': 'application/json',\n      Accept: 'application/json',\n    },\n  });\n  if (authReq.status !== 200) {\n    console.log(await authReq.json());\n    return gracefulExit(1);\n  }\n\n  const authRes = await authReq.json() as {\n    user: {\n      githubUserId: string;\n      githubUsername: string;\n      name: string;\n    },\n    token: string;\n    isNewUser: boolean;\n    publicKey?: string;\n  };\n\n  // TODO: if app exists, pass off login info to it instead of storing in home folder\n  // otherwise save login info in ~/.varlock/identity.json\n  // also save it along with a new keypair if necessary, and send the public key to the api\n\n  console.log(`✅ Logged in as ${authRes.user.githubUsername} (${authRes.user.name})!`);\n};\n"]}

package/dist/chunk-IH74UIYN.js

@@ -0,0 +1,18 @@
+import { patchGlobalServerResponse } from './chunk-7JMYT62X.js';
+import { execSyncVarlock } from './chunk-LBV2UW3I.js';
+import { patchGlobalConsole } from './chunk-C5BEZMSO.js';
+import { patchGlobalResponse } from './chunk-OM3JCP4E.js';
+import { initVarlockEnv } from './chunk-2SPIWTVE.js';
+
+// src/auto-load.ts
+var execResult = execSyncVarlock("load --format json-full", {
+  exitOnError: true,
+  showLogsOnError: true
+});
+process.env.__VARLOCK_ENV = execResult;
+initVarlockEnv();
+patchGlobalConsole();
+patchGlobalServerResponse();
+patchGlobalResponse();
+//# sourceMappingURL=chunk-IH74UIYN.js.map
+//# sourceMappingURL=chunk-IH74UIYN.js.map

package/dist/chunk-IH74UIYN.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/auto-load.ts"],"names":[],"mappings":";;;;;;;AAaA,IAAM,UAAA,GAAa,gBAAgB,yBAAA,EAA2B;AAAA,EAC5D,WAAA,EAAa,IAAA;AAAA,EACb,eAAA,EAAiB;AACnB,CAAC,CAAA;AACD,OAAA,CAAQ,IAAI,aAAA,GAAgB,UAAA;AAG5B,cAAA,EAAe;AAEf,kBAAA,EAAmB;AACnB,yBAAA,EAA0B;AAC1B,mBAAA,EAAoB","file":"chunk-IH74UIYN.js","sourcesContent":["import { execSyncVarlock } from './lib/exec-sync-varlock';\n\nimport { initVarlockEnv } from './runtime/env';\nimport { patchGlobalConsole } from './runtime/patch-console';\nimport { patchGlobalServerResponse } from './runtime/patch-server-response';\nimport { patchGlobalResponse } from './runtime/patch-response';\n\n// The varlock loading process uses async calls, but we need this to run synchronously.\n// because even with top level await, we run into hoisting issues where things happen out of order\n// so we call out to the CLI using execSync\n// this also isolates the varlock loading process from the end user process\n\n\nconst execResult = execSyncVarlock('load --format json-full', {\n  exitOnError: true,\n  showLogsOnError: true,\n});\nprocess.env.__VARLOCK_ENV = execResult;\n\n// initialize varlock and patch globals as necessary\ninitVarlockEnv();\n// these will be no-ops if these are disabled by settings\npatchGlobalConsole();\npatchGlobalServerResponse();\npatchGlobalResponse();\n\n"]}

package/dist/{chunk-MV5ZAKN7.js → chunk-IWQ4BDSW.js}

@@ -981,7 +981,7 @@ async function checkIsFileGitIgnored(path3, warnIfNotGitRepo = false) {
     return true;
   } catch (err) {
     const stderr = err.stderr;
-    if (stderr.includes("not found")) return void 0;
+    if (err.status === 127 || stderr.includes("not found")) return void 0;
     if (err.code === "ENOENT") return void 0;
     if (stderr === "") return false;
     if (stderr.includes("not a git repository")) {
@@ -1185,7 +1185,12 @@ var UrlDataType = createEnvGraphDataType(
       return val;
     },
     validate(val) {
-      const url = new URL(val);
+      let url;
+      try {
+        url = new URL(val);
+      } catch (err) {
+        throw new ValidationError("Invalid URL");
+      }
       if (settings?.allowedDomains && !settings.allowedDomains.includes(url.host.toLowerCase())) {
         return new ValidationError(`Domain (${url.host}) is not in allowed list: ${settings.allowedDomains.join(",")}`);
       }
@@ -2045,7 +2050,7 @@ var EnvGraph2 = class {
     const sources = Array.from(this.sortedDataSources).reverse();
     for (const s of sources) {
       if (s.disabled) continue;
-      if (s.importKeys) continue;
+      if (s.isPartialImport) continue;
       const decs = s.getRootDecorators(decoratorName);
       if (decs.length) return decs[0].simplifiedValue;
     }
@@ -2056,7 +2061,7 @@ var EnvGraph2 = class {
     const combinedDecsWithSources = [];
     for (const source of sources) {
       if (source.disabled) continue;
-      if (source.importKeys) continue;
+      if (source.isPartialImport) continue;
       const decs = source.getRootDecorators(decoratorName);
       combinedDecsWithSources.push([source, decs]);
     }
@@ -2429,6 +2434,9 @@ var EnvGraphDataSource3 = class {
   get isImport() {
     return !!this.importMeta?.isImport || !!this.parent?.isImport;
   }
+  get isPartialImport() {
+    return (this.importMeta?.importKeys || []).length > 0;
+  }
   get importKeys() {
     const importKeysArrays = [];
     let currentSource = this;
@@ -2458,6 +2466,13 @@ var EnvGraphDataSource3 = class {
   get envFlagKey() {
     return this._envFlagKey || this.parent?.envFlagKey;
   }
+  /** helper to set the current envFlag key, also propogating upwards */
+  setEnvFlag(key) {
+    this._envFlagKey = key;
+    if (this.parent && !this.isPartialImport && !this.parent._envFlagKey) {
+      this.parent.setEnvFlag(key);
+    }
+  }
   /** environment flag config item getter (follows up the parent chain) */
   get envFlagConfigItem() {
     const envFlagKey = this.envFlagKey;
@@ -2513,7 +2528,7 @@ var EnvGraphDataSource3 = class {
         this._loadingError = new Error(`@envFlag key ${envFlagDecoratorValue} must be an item within this schema`);
         return;
       }
-      this._envFlagKey = envFlagDecoratorValue;
+      this.setEnvFlag(envFlagDecoratorValue);
     }
     for (const itemKey of this.importKeys || my_dash_default.keys(this.configItemDefs)) {
       const itemDef = this.configItemDefs[itemKey];
@@ -2561,7 +2576,7 @@ var EnvGraphDataSource3 = class {
               await this.addChild(source, { isImport: true, importKeys });
             }
           } else {
-            const fsStat = await tryCatch(async () => fs2.stat(importPath), (_err) => {
+            const fsStat = await tryCatch(async () => fs2.stat(fullImportPath), (_err) => {
             });
             if (!fsStat) {
               this._loadingError = new Error(`Import path does not exist: ${fullImportPath}`);
@@ -2600,18 +2615,6 @@ var EnvGraphDataSource3 = class {
         }
       }
     }
-    if (envFlagDecoratorValue) {
-      const envFlagItem = this.envFlagConfigItem;
-      await envFlagItem.earlyResolve();
-      if (!envFlagItem.isValid) {
-        const err = new Error("resolved @envFlag value is not valid");
-        err.cause = envFlagItem.errors[0];
-        throw err;
-      }
-      if (!my_dash_default.isString(envFlagItem.resolvedValue)) {
-        throw new Error("expected resolved @envFlag value to be a string");
-      }
-    }
   }
   /**
    * called by the finishInit - meant to be overridden by subclasses
@@ -2804,12 +2807,6 @@ var DirectoryDataSource = class extends EnvGraphDataSource3 {
     return `directory - ${this.basePath}`;
   }
   schemaDataSource;
-  get loadingError() {
-    return this._loadingError || this.schemaDataSource?.loadingError;
-  }
-  get envFlagKey() {
-    return this.schemaDataSource?._envFlagKey || this.parent?.envFlagKey;
-  }
   async addAutoLoadedFile(fileName) {
     if (!this.graph) throw new Error("expected graph to be set");
     const filePath = path2.join(this.basePath, fileName);
@@ -3048,5 +3045,5 @@ __name(gracefulExit, "gracefulExit");
 //! these are probably not relevant anymore, or needs to move to a plugin layer?
 
 export { CoercionError, ConfigLoadError, DotEnvFileDataSource, EnvGraph2 as EnvGraph, EnvSourceParseError, FileBasedDataSource, ResolutionError, SchemaError, ValidationError, ansis_default, asyncExitHook, checkIsFileGitIgnored, getItemSummary, gracefulExit, joinAndCompact, loadEnvGraph, my_dash_default, pathExists, pathExistsSync, tryCatch };
-//# sourceMappingURL=chunk-MV5ZAKN7.js.map
-//# sourceMappingURL=chunk-MV5ZAKN7.js.map
+//# sourceMappingURL=chunk-IWQ4BDSW.js.map
+//# sourceMappingURL=chunk-IWQ4BDSW.js.map