varlock 0.0.15 → 0.1.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "varlock",
-  "version": "0.0.15",
+  "version": "0.1.1",
   "description": "",
   "main": "index.js",
   "type": "module",
@@ -67,33 +67,40 @@
       "ts-src": "./src/config.ts",
       "types": "./dist/dotenv-compat.d.ts",
       "default": "./dist/dotenv-compat.js"
+    },
+    "./plugin-lib": {
+      "ts-src": "./src/plugin-lib.ts",
+      "types": "./dist/plugin-lib.d.ts",
+      "default": "./dist/plugin-lib.js"
     }
   },
   "dependencies": {
-    "debug": "^4.4.1",
+    "debug": "^4.4.3",
     "execa": "^9.6.0",
+    "semver": "^7.7.3",
     "which": "^5.0.0",
-    "@env-spec/parser": "^0.0.6"
+    "@env-spec/parser": "^0.0.7"
   },
   "devDependencies": {
     "@clack/core": "^0.5.0",
     "@clack/prompts": "^0.11.0",
-    "@sindresorhus/is": "^7.0.2",
+    "@sindresorhus/is": "^7.1.1",
     "@types/debug": "^4.1.12",
-    "@types/node": "^24.3.0",
+    "@types/node": "24.9.2",
+    "@types/semver": "^7.7.1",
     "@types/which": "^3.0.4",
-    "@yao-pkg/pkg": "^6.6.0",
-    "ansis": "^4.1.0",
+    "@yao-pkg/pkg": "^6.10.0",
+    "ansis": "^4.2.0",
     "browser-or-node": "^3.0.0",
-    "ci-info": "^4.3.0",
+    "ci-info": "^4.3.1",
     "exit-hook": "^4.0.0",
     "gunshi": "^0.26.3",
-    "is-docker": "^3.0.0",
+    "is-docker": "^4.0.0",
     "is-unicode-supported": "^2.1.0",
     "is-wsl": "^3.1.0",
     "outdent": "^0.8.0",
     "tsup": "^8.5.0",
-    "vitest": "^3.2.4",
+    "vitest": "^4.0.6",
     "@env-spec/utils": "0.0.0"
   },
   "scripts": {
@@ -101,6 +108,7 @@
     "build:sea": "tsup --config tsup-sea.config.ts",
     "dev": "tsup",
     "test": "vitest",
+    "test:ci": "vitest --run",
     "lint": "eslint .",
     "lint:fix": "pnpm run lint --fix"
   }

package/dist/chunk-2SPIWTVE.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/lib/detect-runtime.ts","../src/runtime/lib/debug.ts","../src/runtime/env.ts"],"names":[],"mappings":";;;;AAO+B,OAAO,OAAA,KAAY,WAAA,IAC7C,QAAQ,QAAA,IAAY,IAAA,IACpB,OAAA,CAAQ,QAAA,CAAS,IAAA,IAAQ;AAOG,OAAO,MAAA,KAAW,WAAA,IAAe,MAAA,CAAO,SAAS,QAAA,IAC5E,OAAO,SAAA,KAAc,WAAA,IACpB,WAAA,IAAe,SAAA,IACf,OAAO,SAAA,CAAU,SAAA,KAAc,QAAA,KAC9B,SAAA,CAAU,SAAA,CAAU,QAAA,CAAS,SAAS,CAAA,IACrC,SAAA,CAAU,SAAA,CAAU,QAAA,CAAS,OAAO,CAAA;AAEd,OAAO,IAAA,KAAS,WAAA,IAC1C,OAAO,IAAA,CAAK,OAAA,KAAY,WAAA,IACxB,OAAO,IAAA,CAAK,OAAA,CAAQ,IAAA,KAAS;AAGb,OAAO,OAAA,KAAY,WAAA,IAAe,QAAQ,QAAA,IAAY,IAAA,IAAQ,OAAA,CAAQ,QAAA,CAAS,GAAA,IAAO;AAIpG,IAAM,YAAY,OAAO,MAAA,KAAW,eACtC,OAAO,MAAA,CAAO,aAAa,WAAA,IAC3B,OAAO,MAAA,CAAO,QAAA,CAAS,kBAAkB,UAAA,IACzC,OAAO,cAAc,WAAA,IACrB,OAAO,UAAU,SAAA,KAAc,QAAA;;;ACnC7B,SAAS,SAAS,IAAA,EAAkB;AACzC,EAAA,IAAI,CAAC,OAAA,CAAQ,GAAA,CAAI,aAAA,EAAe;AAChC,EAAA,OAAA,CAAQ,GAAA,CAAI,GAAG,IAAI,CAAA;AACrB;AAHgB,MAAA,CAAA,KAAA,EAAA,OAAA,CAAA;;;ACUhB,SAAS,SAAS,CAAA,EAAQ;AACxB,EAAA,OAAO,MAAA,CAAO,SAAA,CAAU,QAAA,CAAS,IAAA,CAAK,CAAC,CAAA,KAAM,iBAAA;AAC/C;AAFS,MAAA,CAAA,QAAA,EAAA,UAAA,CAAA;AAIT,IAAM,UAAA,GAAa,WAAA;AAInB,IAAI,sBAAyE,EAAC;AAG9E,IAAI,mBAAA;AAEG,SAAS,kBAAkB,KAAA,EAA2B;AAE3D,EAAA,mBAAA,GAAsB,EAAC;AACvB,EAAA,KAAA,MAAW,OAAA,IAAW,MAAM,MAAA,EAAQ;AAClC,IAAA,MAAM,IAAA,GAAO,KAAA,CAAM,MAAA,CAAO,OAAO,CAAA;AACjC,IAAA,IAAI,KAAK,WAAA,IAAe,IAAA,CAAK,SAAS,QAAA,CAAS,IAAA,CAAK,KAAK,CAAA,EAAG;AAE1D,MAAA,MAAM,QAAA,GAAW,YAAA,CAAa,IAAA,CAAK,KAAK,CAAA;AACxC,MAAA,IAAI,QAAA,sBAA8B,IAAA,CAAK,KAAK,IAAI,EAAE,GAAA,EAAK,SAAS,QAAA,EAAS;AAAA,IAC3E;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,MAAA,CAAO,IAAA,CAAK,mBAAmB,EAAE,MAAA,EAAQ;AAC5C,IAAA,mBAAA,GAAsB,MAAA;AACtB,IAAA;AAAA,EACF;AAGA,EAAA,MAAM,YAAY,IAAI,MAAA;AAAA,IACpB;AAAA,MACE,IAAI,UAAU,CAAA,GAAA,CAAA;AAAA,MACd,GAAA;AAAA,MACA,MAAA,CAAO,KAAK,mBAAmB,CAAA,CAE5B,IAAI,CAAC,CAAA,KAAM,CAAA,CAAE,OAAA,CAAQ,2BAAA,EAA6B,MAAM,CAAC,CAAA,CAEzD,IAAA,CAAK,CAAC,CAAA,EAAG,CAAA,KAAM,CAAA,CAAE,SAAS,CAAA,CAAE,MAAM,CAAA,CAClC,IAAA,CAAK,GAAG,CAAA;AAAA,MACX,GAAA;AAAA,MACA,KAAK,UAAU,CAAA,EAAA;AAAA,KACjB,CAAE,KAAK,EAAE,CAAA;AAAA,IACT;AAAA,GACF;AAEA,EAAA,MAAM,SAAA,mBAAuB,MAAA,CAAA,CAAC,KAAA,EAAO,GAAA,EAAK,KAAK,IAAA,KAAS;AAGtD,IAAA,IAAI,GAAA,IAAO,MAAM,OAAO,KAAA;AACxB,IAAA,OAAO,mBAAA,CAAoB,GAAG,CAAA,CAAE,QAAA;AAAA,EAClC,CAAA,EAL6B,WAAA,CAAA;AAM7B,EAAA,mBAAA,GAAsB,EAAE,IAAA,EAAM,SAAA,EAAW,OAAA,EAAS,SAAA,EAAU;AAC9D;AAzCgB,MAAA,CAAA,iBAAA,EAAA,mBAAA,CAAA;AAqDT,SAAS,sBAAsB,CAAA,EAAa;AACjD,EAAA,IAAI,CAAC,qBAAqB,OAAO,CAAA;AACjC,EAAA,IAAI,CAAC,GAAG,OAAO,CAAA;AAKf,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,CAAC,CAAA,EAAG;AACpB,IAAA,OAAO,CAAA,CAAE,IAAI,qBAAqB,CAAA;AAAA,EACpC;AAEA,EAAA,IAAI,CAAA,IAAK,OAAQ,CAAA,KAAO,QAAA,IAAY,OAAO,cAAA,CAAe,CAAC,CAAA,KAAM,MAAA,CAAO,SAAA,EAAW;AACjF,IAAA,IAAI;AACF,MAAA,OAAO,KAAK,KAAA,CAAM,qBAAA,CAAsB,KAAK,SAAA,CAAU,CAAC,CAAC,CAAC,CAAA;AAAA,IAC5D,SAAS,GAAA,EAAK;AACZ,MAAA,OAAO,CAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,MAAM,OAAO,OAAO,CAAA;AACpB,EAAA,IAAI,IAAA,KAAS,QAAA,IAAa,IAAA,KAAS,QAAA,IAAY,MAAA,CAAO,UAAU,QAAA,CAAS,IAAA,CAAK,CAAC,CAAA,KAAM,iBAAA,EAAoB;AACvG,IAAA,OAAQ,CAAA,CAAa,UAAA,CAAW,mBAAA,CAAoB,IAAA,EAAM,oBAAoB,OAAO,CAAA;AAAA,EACvF;AAEA,EAAA,OAAO,CAAA;AACT;AAzBgB,MAAA,CAAA,qBAAA,EAAA,uBAAA,CAAA;AA+BT,SAAS,sBAAsB,SAAA,EAAmB;AAEvD,EAAA,IAAI,CAAE,UAAA,CAAmB,4BAAA,EAA8B,OAAO,SAAA;AAE9D,EAAA,OAAO,CAAA,EAAG,UAAU,CAAA,CAAA,EAAI,SAAS,IAAI,UAAU,CAAA,CAAA;AACjD;AALgB,MAAA,CAAA,qBAAA,EAAA,uBAAA,CAAA;AAYT,SAAS,YAAA,CACd,QAEA,IAAA,EAIA;AACA,EAAA,KAAA,CAAM,yCAA+B,CAAA;AACrC,EAAA,IAAI,CAAC,QAAQ,OAAO,MAAA;AAEpB,EAAA,SAAS,gBAAgB,SAAA,EAAmB;AAI1C,IAAA,KAAA,MAAW,kBAAkB,mBAAA,EAAqB;AAChD,MAAA,IAAI,SAAA,CAAU,QAAA,CAAS,cAAc,CAAA,EAAG;AACtC,QAAA,MAAM,OAAA,GAAU,mBAAA,CAAoB,cAAc,CAAA,CAAE,GAAA;AAKpD,QAAA,OAAA,CAAQ,KAAA,CAAM;AAAA,UACZ,EAAA;AAAA,UACA,aAAM,kCAAkC,CAAA,UAAA,CAAA;AAAA,UACxC,sBAAsB,OAAO,CAAA,CAAA;AAAA,UAC7B,GAAG,MAAM,MAAA,GAAS,CAAC,kBAAkB,IAAA,CAAK,MAAM,CAAA,CAAE,CAAA,GAAI,EAAC;AAAA,UACvD,GAAG,MAAM,IAAA,GAAO,CAAC,WAAW,IAAA,CAAK,IAAI,CAAA,CAAE,CAAA,GAAI,EAAC;AAAA,UAC5C;AAAA,SACF,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA;AAEZ,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,6CAAA,EAAyC,OAAO,CAAA,CAAE,CAAA;AAAA,MACpE;AAAA,IACF;AAAA,EACF;AAvBS,EAAA,MAAA,CAAA,eAAA,EAAA,iBAAA,CAAA;AA0BT,EAAA,IAAI,QAAA,CAAS,MAAM,CAAA,EAAG;AACpB,IAAA,eAAA,CAAgB,MAAgB,CAAA;AAChC,IAAA,OAAO,MAAA;AAAA,EACT,CAAA,MAAA,IAAW,kBAAkB,MAAA,EAAQ;AACnC,IAAA,eAAA,CAAgB,MAAA,CAAO,UAAU,CAAA;AACjC,IAAA,OAAO,MAAA;AAAA,EAET,CAAA,MAAA,IAAW,kBAAkB,cAAA,EAAgB;AAC3C,IAAA,IAAI,OAAO,MAAA,EAAQ;AAEjB,MAAA,OAAO,MAAA;AAAA,IACT;AAGA,IAAA,MAAM,YAAA,GAAe,IAAI,WAAA,EAAY;AACrC,IAAA,OAAO,MAAA,CAAO,WAAA;AAAA,MACZ,IAAI,eAAA,CAAgB;AAAA,QAClB,SAAA,CAAU,OAAO,UAAA,EAAY;AAC3B,UAAA,MAAM,QAAA,GAAW,YAAA,CAAa,MAAA,CAAO,KAAK,CAAA;AAC1C,UAAA,eAAA,CAAgB,QAAQ,CAAA;AACxB,UAAA,UAAA,CAAW,QAAQ,KAAK,CAAA;AAAA,QAC1B;AAAA,OACD;AAAA,KACH;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT;AAhEgB,MAAA,CAAA,YAAA,EAAA,cAAA,CAAA;AAyEhB,IAAI,cAAA,GAAiB,KAAA;AACrB,IAAM,YAAY,EAAC;AACZ,IAAM,kBAAkB;AAE/B,IAAM,aAAA,GAAgB,CAAC,CAAC,UAAA,CAAW,OAAA;AACnC,IAAM,kBAAA,GAAqB,EAAE,GAAG,aAAA,IAAiB,QAAQ,GAAA,EAAI;AAC7D,IAAI,6BAAA;AAEG,SAAS,eAAe,IAAA,EAE5B;AACD,EAAA,KAAA,CAAM,gCAAA,EAAwB,cAAA,EAAgB,CAAC,CAAE,UAAA,CAAmB,kBAAA,EAAoB,aAAA,IAAiB,CAAC,CAAC,OAAA,CAAQ,GAAA,CAAI,aAAa,CAAA;AAEpI,EAAA,IAAI,SAAA,EAAW;AACb,IAAA;AAAA,EACF;AAGA,EAAA,IAAI,iBAAA;AAEJ,EAAA,IAAK,WAAmB,kBAAA,EAAoB;AAC1C,IAAA,iBAAA,GAAqB,UAAA,CAAmB,kBAAA;AAAA,EAG1C,CAAA,MAAA,IAAW,aAAA,IAAiB,OAAA,CAAQ,GAAA,CAAI,aAAA,EAAe;AACrD,IAAA,iBAAA,GAAoB,IAAA,CAAK,KAAA,CAAM,OAAA,CAAQ,GAAA,CAAI,aAAa,CAAA;AAAA,EAC1D,CAAA,MAAO;AACL,IAAA,IAAI,MAAM,SAAA,EAAW;AAErB,IAAA,OAAA,CAAQ,KAAA,CAAM;AAAA,MACZ,EAAA;AAAA,MACA,4CAAA;AAAA,MACA,8CAAA;AAAA,MACA;AAAA,KACF,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA;AACZ,IAAA,MAAM,IAAI,MAAM,uBAAuB,CAAA;AAAA,EACzC;AACA,EAAA,MAAA,CAAO,MAAA,CAAO,eAAA,EAAiB,iBAAA,CAAkB,QAAQ,CAAA;AACzD,EAAA,iBAAA,CAAkB,iBAAiB,CAAA;AAEnC,EAAA,MAAM,aAAA,GAAgB,aAAA;AAGtB,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,IAAI,6BAAA,EAA+B;AACjC,MAAA,KAAA,MAAW,GAAA,IAAO,6BAAA,EAA+B,OAAO,OAAA,CAAQ,IAAI,GAAG,CAAA;AACvE,MAAA,KAAA,MAAW,GAAA,IAAO,MAAA,CAAO,IAAA,CAAK,kBAAkB,CAAA,UAAW,GAAA,CAAI,GAAG,CAAA,GAAI,kBAAA,CAAmB,GAAG,CAAA;AAAA,IAC9F;AACA,IAAA,6BAAA,GAAgC,EAAC;AAAA,EACnC;AAEA,EAAA,KAAA,MAAW,OAAA,IAAW,kBAAkB,MAAA,EAAQ;AAC9C,IAAA,MAAM,SAAA,GAAY,iBAAA,CAAkB,MAAA,CAAO,OAAO,CAAA,CAAE,KAAA;AACpD,IAAA,SAAA,CAAU,OAAO,CAAA,GAAI,SAAA;AACrB,IAAA,IAAI,aAAA,EAAe;AACjB,MAAA,6BAAA,EAA+B,KAAK,OAAO,CAAA;AAG3C,MAAA,OAAA,CAAQ,IAAI,OAAO,CAAA,GAAI,cAAc,MAAA,GAAY,EAAA,GAAK,OAAO,SAAS,CAAA;AAAA,IACxE;AAAA,EACF;AACA,EAAA,cAAA,GAAiB,IAAA;AACnB;AAtDgB,MAAA,CAAA,cAAA,EAAA,gBAAA,CAAA;AA0DhB,IAAI;AACF,EAAA,IAAI,CAAC,cAAA,EAAgB;AAGnB,IAAA,cAAA,CAAe,EAAE,SAAA,EAAW,IAAA,EAAM,CAAA;AAAA,EACpC;AACF,CAAA,CAAA,OAAS,GAAA,EAAK;AAGd;AAQA,IAAM,kBAAA,GAAqB;AAAA;AAAA,EAEzB;AACF,CAAA;AAUA,IAAM,QAAA,GAAW,IAAI,KAAA,CAAsB,EAAC,EAAG;AAAA,EAC7C,GAAA,CAAI,QAAQ,IAAA,EAAM;AAEhB,IAAA,IAAI,OAAO,SAAS,QAAA,EAAU;AAE9B,IAAA,IAAI,kBAAA,CAAmB,QAAA,CAAS,IAAI,CAAA,EAAG;AAEvC,IAAA,IAAI,CAAC,SAAA,IAAa,CAAC,cAAA,EAAgB;AACjC,MAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,IAC/C;AAEA,IAAA,IAAI,IAAA,IAAQ,SAAA,EAAW,OAAO,SAAA,CAAU,IAAI,CAAA;AAC5C,IAAA,IAAK,WAAmB,2BAAA,EAA6B;AAEnD,MAAA,IAAK,WAAmB,kBAAA,IAAuB,UAAA,CAAmB,kBAAA,CAAmB,QAAA,CAAS,IAAI,CAAA,EAAG;AACnG,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,MAAA,EAAS,IAAI,CAAA,mDAAA,CAAqD,CAAA;AAAA,MACpF,CAAA,MAAO;AACL,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,MAAA,EAAS,IAAI,CAAA,iBAAA,CAAmB,CAAA;AAAA,MAClD;AAAA,IACF;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AACF,CAAC,CAAA;AAEM,IAAM,GAAA,GAAM","file":"chunk-2SPIWTVE.js","sourcesContent":["declare const Deno: any;\ndeclare const navigator: any;\ndeclare const window: any;\ndeclare const self: any;\n// declare const process: any;\n\n\nexport const isNode: boolean = typeof process !== 'undefined'\n  && process.versions != null\n  && process.versions.node != null;\n\nexport const isWebWorker: boolean = typeof self === 'object'\n  && self.constructor\n  && self.constructor.name === 'DedicatedWorkerGlobalScope';\n\n// https://github.com/jsdom/jsdom/issues/1537#issuecomment-229405327\nexport const isJsDom: boolean = (typeof window !== 'undefined' && window.name === 'nodejs')\n  || (typeof navigator !== 'undefined'\n    && 'userAgent' in navigator\n    && typeof navigator.userAgent === 'string'\n    && (navigator.userAgent.includes('Node.js')\n      || navigator.userAgent.includes('jsdom')));\n\nexport const isDeno: boolean = typeof Deno !== 'undefined'\n  && typeof Deno.version !== 'undefined'\n  && typeof Deno.version.deno !== 'undefined';\n\n/** @see {@link https://bun.sh/guides/util/detect-bun} */\nexport const isBun = typeof process !== 'undefined' && process.versions != null && process.versions.bun != null;\n\n\n\nexport const isBrowser = typeof window !== 'undefined'\n  && typeof window.document !== 'undefined'\n  && typeof window.document.createElement === 'function'\n  && typeof navigator !== 'undefined'\n  && typeof navigator.userAgent === 'string';\n","/* eslint-disable no-console */\nexport function debug(...args: Array<any>) {\n  if (!process.env.DEBUG_VARLOCK) return;\n  console.log(...args);\n}\n","import { redactString } from './lib/redaction';\n\nimport type { SerializedEnvGraph } from '../../env-graph';\nimport { isBrowser } from '../lib/detect-runtime';\nimport { debug } from './lib/debug';\n\n// TODO: would like to move all of the redaction utils out of this file\n// but its complicated since it is imported by code that may be run in the backend and frontend\n// but the patching code (which only runs in the backend) use these helper functions\n\n// this does not cover all cases, but serves our needs so far for Next.js\nfunction isString(s: any) {\n  return Object.prototype.toString.call(s) === '[object String]';\n}\n\nconst UNMASK_STR = '👁';\n\n\n/** key value lookup of sensitive values to their redacted version */\nlet sensitiveSecretsMap: Record<string, { key: string, redacted: string }> = {};\n\ntype ReplaceFn = (match: string, pre: string, val: string, post: string) => string;\nlet redactorFindReplace: undefined | { find: RegExp, replace: ReplaceFn };\n\nexport function resetRedactionMap(graph: SerializedEnvGraph) {\n  // reset map of { [sensitive] => redacted }\n  sensitiveSecretsMap = {};\n  for (const itemKey in graph.config) {\n    const item = graph.config[itemKey];\n    if (item.isSensitive && item.value && isString(item.value)) {\n      // TODO: we want to respect masking settings from the schema (once added)\n      const redacted = redactString(item.value);\n      if (redacted) sensitiveSecretsMap[item.value] = { key: itemKey, redacted };\n    }\n  }\n  // if no sensitive items exist, we dont need to do any redaction, but the redact fn is checking for undefined\n  if (!Object.keys(sensitiveSecretsMap).length) {\n    redactorFindReplace = undefined;\n    return;\n  }\n\n  // reset find/replace regex+fn used for redacting secrets in strings\n  const findRegex = new RegExp(\n    [\n      `(${UNMASK_STR} )?`,\n      '(',\n      Object.keys(sensitiveSecretsMap)\n        // Escape special characters\n        .map((s) => s.replace(/[()[\\]{}*+?^$|#.,/\\\\\\s-]/g, '\\\\$&'))\n        // Sort for maximal munch\n        .sort((a, b) => b.length - a.length)\n        .join('|'),\n      ')',\n      `( ${UNMASK_STR})?`,\n    ].join(''),\n    'g',\n  );\n\n  const replaceFn: ReplaceFn = (match, pre, val, post) => {\n    // the pre and post matches only will be populated if they were present\n    // and they are used to unmask the secret - so we do not want to replace in this case\n    if (pre && post) return match;\n    return sensitiveSecretsMap[val].redacted;\n  };\n  redactorFindReplace = { find: findRegex, replace: replaceFn };\n}\n\n\n// While the module itself acts as a singleton to hold the current map of redacted values\n// we expose only the below const to end users\n\n\n/**\n * Redacts senstive config values from any string/array/object/etc\n *\n * NOTE - must be used only after varlock has loaded config\n * */\nexport function redactSensitiveConfig(o: any): any {\n  if (!redactorFindReplace) return o;\n  if (!o) return o;\n\n  // TODO: handle more cases?\n  // we can probably redact safely from a few other datatypes - like set,map,etc?\n  // objects are a bit tougher\n  if (Array.isArray(o)) {\n    return o.map(redactSensitiveConfig);\n  }\n  // try to redact if it's a plain object - not necessarily great for perf...\n  if (o && typeof (o) === 'object' && Object.getPrototypeOf(o) === Object.prototype) {\n    try {\n      return JSON.parse(redactSensitiveConfig(JSON.stringify(o)));\n    } catch (err) {\n      return o;\n    }\n  }\n\n  const type = typeof o;\n  if (type === 'string' || (type === 'object' && Object.prototype.toString.call(o) === '[object String]')) {\n    return (o as string).replaceAll(redactorFindReplace.find, redactorFindReplace.replace);\n  }\n\n  return o;\n}\n\n/**\n * utility to unmask a secret/sensitive value when logging to the console\n * currently this only works on a single secret, not objects or aggregated strings\n * */\nexport function revealSensitiveConfig(secretStr: string) {\n  // if redaction not enabled, we just return the secret itself\n  if (!(globalThis as any)._varlockOrigWriteToConsoleFn) return secretStr;\n  // otherwise we add some wrapper characters which will be removed by the patched console behaviour\n  return `${UNMASK_STR} ${secretStr} ${UNMASK_STR}`;\n}\n\n\n\n\n\n// reusable leak scanning helper function, used by various integrations\nexport function scanForLeaks(\n  toScan: string | ReadableStream | null,\n  // optional additional information about what is being scanned to be used in error messages\n  meta?: {\n    method?: string,\n    file?: string,\n  },\n) {\n  debug('⚡️ varlock scanning for leaks');\n  if (!toScan) return toScan;\n\n  function scanStrForLeaks(strToScan: string) {\n    // console.log('[varlock leak scanner] ', strToScan.substr(0, 100));\n\n    // TODO: probably should use a single regex\n    for (const sensitiveValue in sensitiveSecretsMap) {\n      if (strToScan.includes(sensitiveValue)) {\n        const itemKey = sensitiveSecretsMap[sensitiveValue].key;\n\n        // error stack can gets awkwardly buried since we're so deep in the internals\n        // so we'll write a nicer error message to help the user debug\n        // eslint-disable-next-line no-console\n        console.error([\n          '',\n          `🚨 ${'DETECTED LEAKED SENSITIVE CONFIG'} 🚨`,\n          `> Config item key: ${itemKey}`,\n          ...meta?.method ? [`> Scan method: ${meta.method}`] : [],\n          ...meta?.file ? [`> File: ${meta.file}`] : [],\n          '',\n        ].join('\\n'));\n\n        throw new Error(`🚨 DETECTED LEAKED SENSITIVE CONFIG - ${itemKey}`);\n      }\n    }\n  }\n\n  // scan a string\n  if (isString(toScan)) {\n    scanStrForLeaks(toScan as string);\n    return toScan;\n  } else if (toScan instanceof Buffer) {\n    scanStrForLeaks(toScan.toString());\n    return toScan;\n  // scan a ReadableStream by piping it through a scanner\n  } else if (toScan instanceof ReadableStream) {\n    if (toScan.locked) {\n      // console.log('> stream already locked');\n      return toScan;\n    } else {\n      // console.log('> stream will be scanned!');\n    }\n    const chunkDecoder = new TextDecoder();\n    return toScan.pipeThrough(\n      new TransformStream({\n        transform(chunk, controller) {\n          const chunkStr = chunkDecoder.decode(chunk);\n          scanStrForLeaks(chunkStr);\n          controller.enqueue(chunk);\n        },\n      }),\n    );\n  }\n  // other things may be passed in like Buffer... but we'll ignore for now\n  return toScan;\n}\n\n// -----------\n\n\n\n\n// --------------\n\nlet initializedEnv = false;\nconst envValues = {} as Record<string, any>;\nexport const varlockSettings = {} as Record<string, any>;\n\nconst processExists = !!globalThis.process;\nconst originalProcessEnv = { ...processExists && process.env };\nlet varlockInjectedProcessEnvKeys: Array<string> | undefined;\n\nexport function initVarlockEnv(opts?: {\n  allowFail?: boolean,\n}) {\n  debug('⚡️ INIT VARLOCK ENV!', initializedEnv, !!(globalThis as any).__varlockLoadedEnv, processExists && !!process.env.__VARLOCK_ENV);\n\n  if (isBrowser) {\n    return;\n  }\n\n\n  let serializedEnvData: SerializedEnvGraph;\n  // when we inject resolved config at build time, we store it here\n  if ((globalThis as any).__varlockLoadedEnv) {\n    serializedEnvData = (globalThis as any).__varlockLoadedEnv;\n\n  // otherwise if we inject via `varlock run` or have already loaded, it will be in process.env\n  } else if (processExists && process.env.__VARLOCK_ENV) {\n    serializedEnvData = JSON.parse(process.env.__VARLOCK_ENV);\n  } else {\n    if (opts?.allowFail) return;\n    // eslint-disable-next-line no-console\n    console.error([\n      '',\n      '🚨 initVarlockEnv failed  🚨',\n      'try rerunning your command via `varlock run`',\n      '',\n    ].join('\\n'));\n    throw new Error('initVarlockEnv failed');\n  }\n  Object.assign(varlockSettings, serializedEnvData.settings);\n  resetRedactionMap(serializedEnvData);\n\n  const setProcessEnv = processExists;\n\n  // if we've already injected process.env vars in the past, we'll reset those now\n  if (setProcessEnv) {\n    if (varlockInjectedProcessEnvKeys) {\n      for (const key of varlockInjectedProcessEnvKeys) delete process.env[key];\n      for (const key of Object.keys(originalProcessEnv)) process.env[key] = originalProcessEnv[key];\n    }\n    varlockInjectedProcessEnvKeys = [];\n  }\n\n  for (const itemKey in serializedEnvData.config) {\n    const itemValue = serializedEnvData.config[itemKey].value;\n    envValues[itemKey] = itemValue;\n    if (setProcessEnv) {\n      varlockInjectedProcessEnvKeys?.push(itemKey);\n      // when re-injecting into process.env, we treat undefined as empty string\n      // this more closely matches expected behaviour from other .env loaders\n      process.env[itemKey] = itemValue === undefined ? '' : String(itemValue);\n    }\n  }\n  initializedEnv = true;\n}\n\n// we will attempt to call initVarlockEnv automatically, but in most cases it should be called explicitly\n// note that if this is being imported in the browser, process.env may not exist, so we do this in a try/catch\ntry {\n  if (!initializedEnv) {\n    // if we are automatically loading because __VARLOCK_ENV is already set\n    // then we assume process.env vars have also already been set (although might not harm anything?)\n    initVarlockEnv({ allowFail: true });\n  }\n} catch (err) {\n  // expected that this will fail when process.env does not exist\n  // but we may want to look for specific errors\n}\n\n\n\n// some object keys are checked by various tools when handling arbitrary data, especially in templates\n// because our proxy objects throw errors when unknown keys are accessed, this causes problems\n// for now we can just filter out a these keys and it should be fairly harmless\n// TODO: ideally this could be customized by the user, and not specific to vue\nconst IGNORED_PROXY_KEYS = [\n  // vue - see https://github.com/vuejs/core/blob/70773d00985135a50556c61fb9855ed6b930cb82/packages/reactivity/src/ref.ts#L101\n  '__v_isRef',\n];\n\n\n// this gets exported and then augmented by our type generation\n// ideally we'd start with a loose type `Record<string,any>` and then override it with the actual schema\n// so that if type generation was disabled, a user could still use `ENV`\n// but TS wont let us, so instead we start with it being empty, which will cause type errors\n// unless type generation is enabled\nexport interface TypedEnvSchema {}\n\nconst EnvProxy = new Proxy<TypedEnvSchema>({}, {\n  get(target, prop) {\n    // ignore symbols, as it likely an external tool checking something\n    if (typeof prop === 'symbol') return;\n    // special cases to avoid throwing on invalid keys\n    if (IGNORED_PROXY_KEYS.includes(prop)) return;\n\n    if (!isBrowser && !initializedEnv) {\n      throw new Error('varlock ENV not initialized');\n    }\n\n    if (prop in envValues) return envValues[prop];\n    if ((globalThis as any).__varlockThrowOnMissingKeys) {\n      // during development, we can feed in extra metadata and show more helpful errors\n      if ((globalThis as any).__varlockValidKeys && (globalThis as any).__varlockValidKeys.includes(prop)) {\n        throw new Error(`\\`ENV.${prop}\\` exists, but is not available in this environment`);\n      } else {\n        throw new Error(`\\`ENV.${prop}\\` does not exist`);\n      }\n    }\n    return undefined;\n  },\n});\n\nexport const ENV = EnvProxy;\n"]}

package/dist/chunk-EPKIAPPA.js

@@ -1,146 +0,0 @@
-import { logLines } from './chunk-LYSRVOTA.js';
-import { define } from './chunk-33ROL4J5.js';
-import { gracefulExit, ansis_default } from './chunk-IWQ4BDSW.js';
-import { __name } from './chunk-XN24GZXQ.js';
-import { setTimeout } from 'timers/promises';
-import os from 'os';
-import { spawn } from 'child_process';
-
-// src/config.ts
-var CONFIG = {
-  // VARLOCK_API_URL: 'http://localhost:8888',
-  VARLOCK_API_URL: "https://api.varlock.dev",
-  GITHUB_APP_CLIENT_ID: "Iv23li50gB8bMxLauiJQ",
-  // varlock.dev app
-  POSTHOG_API_KEY: "phc_bfzH97VIta8yQa8HrsgmitqS6rTydjMISs0m8aqJTnq",
-  POSTHOG_HOST: "https://ph.varlock.dev"
-};
-var platform = os.platform();
-var isWindows = platform.match(/^win/i);
-var isMac = platform.match(/^darwin/i);
-var isLinux = !isWindows && !isMac;
-function openUrl(url) {
-  if (isWindows) {
-    spawn("cmd", ["/c", "start", " ", url], { detached: true });
-  } else if (isMac) {
-    spawn("open", [url], { detached: true });
-  } else if (isLinux) {
-    spawn("xdg-open", [url], { detached: true });
-  }
-}
-__name(openUrl, "openUrl");
-
-// src/cli/helpers/key-press.ts
-async function keyPressed(keys = true) {
-  process.stdin.setRawMode(true);
-  return new Promise((resolve) => {
-    function keyPressHandler(d) {
-      const keyStr = d.toString();
-      if (["", ""].includes(keyStr)) {
-        return gracefulExit(1);
-      }
-      if (keys === true || keys.includes(keyStr)) {
-        process.stdin.setRawMode(false);
-        process.stdin.off("data", keyPressHandler);
-        resolve();
-      }
-    }
-    __name(keyPressHandler, "keyPressHandler");
-    process.stdin.on("data", keyPressHandler);
-  });
-}
-__name(keyPressed, "keyPressed");
-
-// src/cli/commands/login.command.ts
-var commandSpec = define({
-  name: "login",
-  description: "Authenticate (using GitHub)",
-  args: {}
-});
-var commandFn = /* @__PURE__ */ __name(async (ctx) => {
-  const codeReq = await fetch("https://github.com/login/device/code", {
-    method: "POST",
-    body: JSON.stringify({
-      client_id: CONFIG.GITHUB_APP_CLIENT_ID
-    }),
-    headers: {
-      "Content-Type": "application/json",
-      Accept: "application/json"
-    }
-  });
-  if (codeReq.status !== 200) {
-    console.log("Failed to initiate GitHub device flow login!");
-    return gracefulExit(1);
-  }
-  const ghCodeInfo = await codeReq.json();
-  logLines([
-    "\u{1F511} Authenticating using GitHub:",
-    "",
-    `First please copy this code: ${ansis_default.bold.magenta(ghCodeInfo.user_code)}`,
-    "",
-    `Log in @ ${ghCodeInfo.verification_uri}`,
-    "",
-    "Press ENTER to open in your default browser..."
-  ]);
-  await keyPressed(["\r"]);
-  console.log(ansis_default.italic.gray("... please complete login on github.com ..."));
-  openUrl(ghCodeInfo.verification_uri);
-  const pollMs = ghCodeInfo.interval * 1e3;
-  const expiresMs = ghCodeInfo.expires_in * 1e3;
-  const startAt = /* @__PURE__ */ new Date();
-  let oauthStatus;
-  while (true) {
-    await setTimeout(pollMs);
-    try {
-      const oauthStatusReq = await fetch("https://github.com/login/oauth/access_token", {
-        method: "POST",
-        body: JSON.stringify({
-          client_id: CONFIG.GITHUB_APP_CLIENT_ID,
-          device_code: ghCodeInfo.device_code,
-          grant_type: "urn:ietf:params:oauth:grant-type:device_code"
-        }),
-        headers: {
-          "Content-Type": "application/json",
-          Accept: "application/json"
-        }
-      });
-      oauthStatus = await oauthStatusReq.json();
-    } catch (err) {
-      console.log(err);
-    }
-    if (oauthStatus.error === "access_denied") {
-      console.log("\u274C Login attempt was cancelled! Please try again.");
-      return gracefulExit(1);
-    }
-    if (oauthStatus.access_token) break;
-    if ((/* @__PURE__ */ new Date()).getTime() - startAt.getTime() > expiresMs) {
-      console.log("\u274C Login timed out! Please try again.");
-      return gracefulExit(1);
-    }
-  }
-  const authReq = await fetch(`${CONFIG.VARLOCK_API_URL}/github/auth-from-device-flow`, {
-    method: "POST",
-    body: JSON.stringify({
-      accessToken: oauthStatus.access_token,
-      refreshToken: oauthStatus.refresh_token,
-      accessTokenExpiresAt: new Date(Date.now() + oauthStatus.expires_in * 1e3).toISOString(),
-      refreshTokenExpiresAt: new Date(Date.now() + oauthStatus.refresh_token_expires_in * 1e3).toISOString(),
-      tokenType: oauthStatus.token_type,
-      scope: oauthStatus.scope
-    }),
-    headers: {
-      "Content-Type": "application/json",
-      Accept: "application/json"
-    }
-  });
-  if (authReq.status !== 200) {
-    console.log(await authReq.json());
-    return gracefulExit(1);
-  }
-  const authRes = await authReq.json();
-  console.log(`\u2705 Logged in as ${authRes.user.githubUsername} (${authRes.user.name})!`);
-}, "commandFn");
-
-export { CONFIG, commandFn, commandSpec };
-//# sourceMappingURL=chunk-EPKIAPPA.js.map
-//# sourceMappingURL=chunk-EPKIAPPA.js.map

package/dist/chunk-EPKIAPPA.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/config.ts","../src/cli/helpers/open-url.ts","../src/cli/helpers/key-press.ts","../src/cli/commands/login.command.ts"],"names":["delay"],"mappings":";;;;;;;;;AAIO,IAAM,MAAA,GAAS;AAAA;AAAA,EAEpB,eAAA,EAAiB,yBAAA;AAAA,EACjB,oBAAA,EAAsB,sBAAA;AAAA;AAAA,EACtB,eAAA,EAAiB,iDAAA;AAAA,EACjB,YAAA,EAAc;AAChB;ACPA,IAAM,QAAA,GAAW,GAAG,QAAA,EAAS;AAE7B,IAAM,SAAA,GAAY,QAAA,CAAS,KAAA,CAAM,OAAO,CAAA;AACxC,IAAM,KAAA,GAAQ,QAAA,CAAS,KAAA,CAAM,UAAU,CAAA;AACvC,IAAM,OAAA,GAAW,CAAC,SAAA,IAAa,CAAC,KAAA;AAGzB,SAAS,QAAQ,GAAA,EAAa;AACnC,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,KAAA,CAAM,KAAA,EAAO,CAAC,IAAA,EAAM,OAAA,EAAS,GAAA,EAAK,GAAG,CAAA,EAAG,EAAE,QAAA,EAAU,IAAA,EAAM,CAAA;AAAA,EAC5D,WAAW,KAAA,EAAO;AAChB,IAAA,KAAA,CAAM,QAAQ,CAAC,GAAG,GAAG,EAAE,QAAA,EAAU,MAAM,CAAA;AAAA,EACzC,WAAW,OAAA,EAAS;AAElB,IAAA,KAAA,CAAM,YAAY,CAAC,GAAG,GAAG,EAAE,QAAA,EAAU,MAAM,CAAA;AAAA,EAC7C;AACF;AATgB,MAAA,CAAA,OAAA,EAAA,SAAA,CAAA;;;ACRhB,eAAsB,UAAA,CAAW,OAA6B,IAAA,EAAM;AAClE,EAAA,OAAA,CAAQ,KAAA,CAAM,WAAW,IAAI,CAAA;AAC7B,EAAA,OAAO,IAAI,OAAA,CAAc,CAAC,OAAA,KAAY;AACpC,IAAA,SAAS,gBAAgB,CAAA,EAAW;AAClC,MAAA,MAAM,MAAA,GAAS,EAAE,QAAA,EAAS;AAE1B,MAAA,IAAI,CAAC,GAAA,EAAU,GAAQ,CAAA,CAAE,QAAA,CAAS,MAAM,CAAA,EAAG;AACzC,QAAA,OAAO,aAAa,CAAC,CAAA;AAAA,MACvB;AACA,MAAA,IAAI,IAAA,KAAS,IAAA,IAAQ,IAAA,CAAK,QAAA,CAAS,MAAM,CAAA,EAAG;AAC1C,QAAA,OAAA,CAAQ,KAAA,CAAM,WAAW,KAAK,CAAA;AAC9B,QAAA,OAAA,CAAQ,KAAA,CAAM,GAAA,CAAI,MAAA,EAAQ,eAAe,CAAA;AACzC,QAAA,OAAA,EAAQ;AAAA,MACV;AAAA,IACF;AAXS,IAAA,MAAA,CAAA,eAAA,EAAA,iBAAA,CAAA;AAYT,IAAA,OAAA,CAAQ,KAAA,CAAM,EAAA,CAAG,MAAA,EAAQ,eAAe,CAAA;AAAA,EAC1C,CAAC,CAAA;AACH;AAjBsB,MAAA,CAAA,UAAA,EAAA,YAAA,CAAA;;;ACUf,IAAM,cAAc,MAAA,CAAO;AAAA,EAChC,IAAA,EAAM,OAAA;AAAA,EACN,WAAA,EAAa,6BAAA;AAAA,EACb,MAAM;AACR,CAAC;AAGM,IAAM,SAAA,iCAA6D,GAAA,KAAQ;AAChF,EAAA,MAAM,OAAA,GAAU,MAAM,KAAA,CAAM,sCAAA,EAAwC;AAAA,IAClE,MAAA,EAAQ,MAAA;AAAA,IACR,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,MACnB,WAAW,MAAA,CAAO;AAAA,KACnB,CAAA;AAAA,IACD,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA;AACV,GACD,CAAA;AACD,EAAA,IAAI,OAAA,CAAQ,WAAW,GAAA,EAAK;AAC1B,IAAA,OAAA,CAAQ,IAAI,8CAA8C,CAAA;AAC1D,IAAA,OAAO,aAAa,CAAC,CAAA;AAAA,EACvB;AAEA,EAAA,MAAM,UAAA,GAAa,MAAM,OAAA,CAAQ,IAAA,EAAK;AAQtC,EAAA,QAAA,CAAS;AAAA,IACP,wCAAA;AAAA,IACA,EAAA;AAAA,IACA,gCAAgC,aAAA,CAAM,IAAA,CAAK,OAAA,CAAQ,UAAA,CAAW,SAAS,CAAC,CAAA,CAAA;AAAA,IACxE,EAAA;AAAA,IACA,CAAA,SAAA,EAAY,WAAW,gBAAgB,CAAA,CAAA;AAAA,IACvC,EAAA;AAAA,IACA;AAAA,GACD,CAAA;AACD,EAAA,MAAM,UAAA,CAAW,CAAC,IAAI,CAAC,CAAA;AACvB,EAAA,OAAA,CAAQ,GAAA,CAAI,aAAA,CAAM,MAAA,CAAO,IAAA,CAAK,6CAA6C,CAAC,CAAA;AAC5E,EAAA,OAAA,CAAQ,WAAW,gBAAgB,CAAA;AAEnC,EAAA,MAAM,MAAA,GAAS,WAAW,QAAA,GAAW,GAAA;AACrC,EAAA,MAAM,SAAA,GAAY,WAAW,UAAA,GAAa,GAAA;AAC1C,EAAA,MAAM,OAAA,uBAAc,IAAA,EAAK;AAEzB,EAAA,IAAI,WAAA;AACJ,EAAA,OAAO,IAAA,EAAM;AACX,IAAA,MAAMA,WAAM,MAAM,CAAA;AAClB,IAAA,IAAI;AACF,MAAA,MAAM,cAAA,GAAiB,MAAM,KAAA,CAAM,6CAAA,EAA+C;AAAA,QAChF,MAAA,EAAQ,MAAA;AAAA,QACR,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,UACnB,WAAW,MAAA,CAAO,oBAAA;AAAA,UAClB,aAAa,UAAA,CAAW,WAAA;AAAA,UACxB,UAAA,EAAY;AAAA,SACb,CAAA;AAAA,QACD,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB,kBAAA;AAAA,UAChB,MAAA,EAAQ;AAAA;AACV,OACD,CAAA;AACD,MAAA,WAAA,GAAc,MAAM,eAAe,IAAA,EAAK;AAAA,IAC1C,SAAS,GAAA,EAAK;AACZ,MAAA,OAAA,CAAQ,IAAI,GAAG,CAAA;AAAA,IACjB;AAIA,IAAA,IAAI,WAAA,CAAY,UAAU,eAAA,EAAiB;AACzC,MAAA,OAAA,CAAQ,IAAI,uDAAkD,CAAA;AAC9D,MAAA,OAAO,aAAa,CAAC,CAAA;AAAA,IACvB;AAGA,IAAA,IAAI,YAAY,YAAA,EAAc;AAG9B,IAAA,IAAA,iBAAI,IAAI,MAAK,EAAE,OAAA,KAAY,OAAA,CAAQ,OAAA,KAAY,SAAA,EAAW;AACxD,MAAA,OAAA,CAAQ,IAAI,2CAAsC,CAAA;AAClD,MAAA,OAAO,aAAa,CAAC,CAAA;AAAA,IACvB;AAAA,EACF;AAaA,EAAA,MAAM,UAAU,MAAM,KAAA,CAAM,CAAA,EAAG,MAAA,CAAO,eAAe,CAAA,6BAAA,CAAA,EAAiC;AAAA,IACpF,MAAA,EAAQ,MAAA;AAAA,IACR,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,MACnB,aAAa,WAAA,CAAY,YAAA;AAAA,MACzB,cAAc,WAAA,CAAY,aAAA;AAAA,MAC1B,oBAAA,EAAsB,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,KAAQ,WAAA,CAAY,UAAA,GAAa,GAAI,CAAA,CAAE,WAAA,EAAY;AAAA,MACvF,qBAAA,EAAuB,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,KAAQ,WAAA,CAAY,wBAAA,GAA2B,GAAI,CAAA,CAAE,WAAA,EAAY;AAAA,MACtG,WAAW,WAAA,CAAY,UAAA;AAAA,MACvB,OAAO,WAAA,CAAY;AAAA,KACpB,CAAA;AAAA,IACD,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,MAAA,EAAQ;AAAA;AACV,GACD,CAAA;AACD,EAAA,IAAI,OAAA,CAAQ,WAAW,GAAA,EAAK;AAC1B,IAAA,OAAA,CAAQ,GAAA,CAAI,MAAM,OAAA,CAAQ,IAAA,EAAM,CAAA;AAChC,IAAA,OAAO,aAAa,CAAC,CAAA;AAAA,EACvB;AAEA,EAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,IAAA,EAAK;AAenC,EAAA,OAAA,CAAQ,GAAA,CAAI,uBAAkB,OAAA,CAAQ,IAAA,CAAK,cAAc,CAAA,EAAA,EAAK,OAAA,CAAQ,IAAA,CAAK,IAAI,CAAA,EAAA,CAAI,CAAA;AACrF,CAAA,EA9HmE,WAAA","file":"chunk-EPKIAPPA.js","sourcesContent":["// TODO: figure out dev vs prod env vars... would be great to use varlock here!\n\n// NOTE - these keys are safe to publish\n\nexport const CONFIG = {\n  // VARLOCK_API_URL: 'http://localhost:8888',\n  VARLOCK_API_URL: 'https://api.varlock.dev',\n  GITHUB_APP_CLIENT_ID: 'Iv23li50gB8bMxLauiJQ', // varlock.dev app\n  POSTHOG_API_KEY: 'phc_bfzH97VIta8yQa8HrsgmitqS6rTydjMISs0m8aqJTnq',\n  POSTHOG_HOST: 'https://ph.varlock.dev',\n};\n","import os from 'node:os';\nimport { spawn } from 'node:child_process';\n\nconst platform = os.platform();\n\nconst isWindows = platform.match(/^win/i);\nconst isMac = platform.match(/^darwin/i);\nconst isLinux = (!isWindows && !isMac);\n\n/** opens a url using the default browser */\nexport function openUrl(url: string) {\n  if (isWindows) {\n    spawn('cmd', ['/c', 'start', ' ', url], { detached: true });\n  } else if (isMac) {\n    spawn('open', [url], { detached: true });\n  } else if (isLinux) {\n    // TODO: maybe check for x-www-browser instead?\n    spawn('xdg-open', [url], { detached: true });\n  }\n}\n","import { gracefulExit } from 'exit-hook';\n\nexport async function keyPressed(keys: Array<string> | true = true) {\n  process.stdin.setRawMode(true);\n  return new Promise<void>((resolve) => {\n    function keyPressHandler(d: Buffer) {\n      const keyStr = d.toString();\n      // exit on ctrl+c or ctrl+d\n      if (['\\u0003', '\\u0004'].includes(keyStr)) {\n        return gracefulExit(1);\n      }\n      if (keys === true || keys.includes(keyStr)) {\n        process.stdin.setRawMode(false);\n        process.stdin.off('data', keyPressHandler);\n        resolve();\n      }\n    }\n    process.stdin.on('data', keyPressHandler);\n  });\n}\n","\nimport { setTimeout as delay } from 'node:timers/promises';\nimport ansis from 'ansis';\nimport { define } from 'gunshi';\nimport { logLines } from '../helpers/pretty-format';\nimport { CONFIG } from '../../config';\nimport { openUrl } from '../helpers/open-url';\nimport { keyPressed } from '../helpers/key-press';\nimport { type TypedGunshiCommandFn } from '../helpers/gunshi-type-utils';\nimport { gracefulExit } from 'exit-hook';\n\n\nexport const commandSpec = define({\n  name: 'login',\n  description: 'Authenticate (using GitHub)',\n  args: {},\n});\n\n\nexport const commandFn: TypedGunshiCommandFn<typeof commandSpec> = async (ctx) => {\n  const codeReq = await fetch('https://github.com/login/device/code', {\n    method: 'POST',\n    body: JSON.stringify({\n      client_id: CONFIG.GITHUB_APP_CLIENT_ID,\n    }),\n    headers: {\n      'Content-Type': 'application/json',\n      Accept: 'application/json',\n    },\n  });\n  if (codeReq.status !== 200) {\n    console.log('Failed to initiate GitHub device flow login!');\n    return gracefulExit(1);\n  }\n\n  const ghCodeInfo = await codeReq.json() as {\n    device_code: string;\n    user_code: string;\n    verification_uri: string;\n    expires_in: number;\n    interval: number;\n  };\n\n  logLines([\n    '🔑 Authenticating using GitHub:',\n    '',\n    `First please copy this code: ${ansis.bold.magenta(ghCodeInfo.user_code)}`,\n    '',\n    `Log in @ ${ghCodeInfo.verification_uri}`,\n    '',\n    'Press ENTER to open in your default browser...',\n  ]);\n  await keyPressed(['\\r']);\n  console.log(ansis.italic.gray('... please complete login on github.com ...'));\n  openUrl(ghCodeInfo.verification_uri);\n\n  const pollMs = ghCodeInfo.interval * 1000;\n  const expiresMs = ghCodeInfo.expires_in * 1000;\n  const startAt = new Date();\n\n  let oauthStatus: any;\n  while (true) {\n    await delay(pollMs);\n    try {\n      const oauthStatusReq = await fetch('https://github.com/login/oauth/access_token', {\n        method: 'POST',\n        body: JSON.stringify({\n          client_id: CONFIG.GITHUB_APP_CLIENT_ID,\n          device_code: ghCodeInfo.device_code,\n          grant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n        }),\n        headers: {\n          'Content-Type': 'application/json',\n          Accept: 'application/json',\n        },\n      });\n      oauthStatus = await oauthStatusReq.json();\n    } catch (err) {\n      console.log(err);\n    }\n\n    // we are expecting to see { error: 'authorization_pending' }\n    // probably a few more error types we could bail early on\n    if (oauthStatus.error === 'access_denied') {\n      console.log('❌ Login attempt was cancelled! Please try again.');\n      return gracefulExit(1);\n    }\n\n    // if we got the token, we break and continue\n    if (oauthStatus.access_token) break;\n\n    // if we've been polling for too long, give up\n    if (new Date().getTime() - startAt.getTime() > expiresMs) {\n      console.log('❌ Login timed out! Please try again.');\n      return gracefulExit(1);\n    }\n  }\n\n  // oauthStatus when completed looks like:\n  // {\n  //   access_token: 'ghu_abcxyz',\n  //   expires_in: 28800,\n  //   refresh_token: 'ghr_abcxyz',\n  //   refresh_token_expires_in: 15897600,\n  //   token_type: 'bearer',\n  //   scope: ''\n  // }\n\n  // pass along github auth info to API, which will fetch info from HG, handle login/signup, return JWT\n  const authReq = await fetch(`${CONFIG.VARLOCK_API_URL}/github/auth-from-device-flow`, {\n    method: 'POST',\n    body: JSON.stringify({\n      accessToken: oauthStatus.access_token,\n      refreshToken: oauthStatus.refresh_token,\n      accessTokenExpiresAt: new Date(Date.now() + oauthStatus.expires_in * 1000).toISOString(),\n      refreshTokenExpiresAt: new Date(Date.now() + oauthStatus.refresh_token_expires_in * 1000).toISOString(),\n      tokenType: oauthStatus.token_type,\n      scope: oauthStatus.scope,\n    }),\n    headers: {\n      'Content-Type': 'application/json',\n      Accept: 'application/json',\n    },\n  });\n  if (authReq.status !== 200) {\n    console.log(await authReq.json());\n    return gracefulExit(1);\n  }\n\n  const authRes = await authReq.json() as {\n    user: {\n      githubUserId: string;\n      githubUsername: string;\n      name: string;\n    },\n    token: string;\n    isNewUser: boolean;\n    publicKey?: string;\n  };\n\n  // TODO: if app exists, pass off login info to it instead of storing in home folder\n  // otherwise save login info in ~/.varlock/identity.json\n  // also save it along with a new keypair if necessary, and send the public key to the api\n\n  console.log(`✅ Logged in as ${authRes.user.githubUsername} (${authRes.user.name})!`);\n};\n"]}

package/dist/chunk-IH74UIYN.js

@@ -1,18 +0,0 @@
-import { patchGlobalServerResponse } from './chunk-7JMYT62X.js';
-import { execSyncVarlock } from './chunk-LBV2UW3I.js';
-import { patchGlobalConsole } from './chunk-C5BEZMSO.js';
-import { patchGlobalResponse } from './chunk-OM3JCP4E.js';
-import { initVarlockEnv } from './chunk-2SPIWTVE.js';
-
-// src/auto-load.ts
-var execResult = execSyncVarlock("load --format json-full", {
-  exitOnError: true,
-  showLogsOnError: true
-});
-process.env.__VARLOCK_ENV = execResult;
-initVarlockEnv();
-patchGlobalConsole();
-patchGlobalServerResponse();
-patchGlobalResponse();
-//# sourceMappingURL=chunk-IH74UIYN.js.map
-//# sourceMappingURL=chunk-IH74UIYN.js.map