varlock 0.0.8 → 0.0.9

package/dist/env-KH4bPru7.d.ts

@@ -0,0 +1,356 @@
+import { ParsedEnvSpecDecorator, ParsedEnvSpecFile, ParsedEnvSpecStaticValue, ParsedEnvSpecFunctionCall } from '@env-spec/parser';
+import { FallbackIfUnknown } from '@env-spec/utils/type-utils';
+
+declare class VarlockError extends Error {
+    readonly more?: {
+        tip?: string | Array<string>;
+        err?: Error;
+        isWarning?: boolean;
+        /** machine-friendly error code if needed for anything else */
+        code?: string;
+        /** free-form additional metadata */
+        extraMetadata?: Record<string, any>;
+    } | undefined;
+    originalError?: Error;
+    get isUnexpected(): boolean;
+    get type(): string;
+    static defaultIcon: string;
+    icon: string;
+    _isWarning: boolean;
+    constructor(errOrMessage: string | Error, more?: {
+        tip?: string | Array<string>;
+        err?: Error;
+        isWarning?: boolean;
+        /** machine-friendly error code if needed for anything else */
+        code?: string;
+        /** free-form additional metadata */
+        extraMetadata?: Record<string, any>;
+    } | undefined);
+    get tip(): string | undefined;
+    get code(): string | undefined;
+    get extraMetadata(): Record<string, any> | undefined;
+    set isWarning(w: boolean);
+    get isWarning(): boolean;
+    toJSON(): {
+        isWarning?: true | undefined;
+        tip?: string | undefined;
+        icon: string;
+        type: string;
+        name: string;
+        message: string;
+        isUnexpected: boolean;
+    };
+}
+declare class ConfigLoadError extends VarlockError {
+    readonly cleanedStack: Array<string>;
+    constructor(err: Error);
+    toJSON(): {
+        cleanedStack: string[];
+        isWarning?: true | undefined;
+        tip?: string | undefined;
+        icon: string;
+        type: string;
+        name: string;
+        message: string;
+        isUnexpected: boolean;
+    };
+}
+declare class SchemaError extends VarlockError {
+    static defaultIcon: string;
+}
+declare class ValidationError extends VarlockError {
+    static defaultIcon: string;
+}
+declare class CoercionError extends VarlockError {
+    static defaultIcon: string;
+}
+declare class ResolutionError extends VarlockError {
+    static defaultIcon: string;
+    protected _retryable?: boolean;
+    set retryable(val: boolean);
+    get retryable(): boolean;
+}
+
+type EnvGraphDataTypeDef<CoerceReturnType, ValidateInputType = FallbackIfUnknown<CoerceReturnType, string>> = {
+    /** this will be the name of the type, used to reference it when using it in a schema */
+    name: string;
+    /** optional description of the type itself */
+    typeDescription?: string;
+    /** icon see https://icones.js.org for available options
+     * @example mdi:aws
+     * */
+    icon?: string;
+    /** coerce function - should take in any value and return a value of the correct type if possible */
+    coerce?: (value: any) => CoerceReturnType | CoercionError | undefined;
+    /**
+     * validate function - we can assume that coercion has already succeded, or this will not be called
+     * - if validation passes, should return true
+     * - if validation fails, should return a ValidationError or array of errors - or throw an error
+     * */
+    validate: (value: ValidateInputType) => (true | undefined | void | Error | Array<Error>);
+};
+/**
+ * holds a specific instance of a data type, along with specific settings which affect validation/coercion etc
+ */
+declare class EnvGraphDataType {
+    private def;
+    /** reference back to the factory function, which we can use like a constructor to check the type of the instance */
+    private factory;
+    constructor(def: EnvGraphDataTypeDef<any, any>, 
+    /** reference back to the factory function, which we can use like a constructor to check the type of the instance */
+    factory: any);
+    get name(): string;
+    get icon(): string | undefined;
+    /** @internal */
+    get _rawDef(): EnvGraphDataTypeDef<any, any>;
+    coerce(val: any): any;
+    validate(val: any): true | void | Error | Error[];
+}
+declare function createEnvGraphDataType<TsType, InstanceSettingsArgs extends Array<any>>(dataTypeDef: EnvGraphDataTypeDef<TsType> | ((...args: InstanceSettingsArgs) => EnvGraphDataTypeDef<TsType>)): {
+    (...usageOpts: InstanceSettingsArgs): EnvGraphDataType;
+    _isEnvGraphDataTypeFactory: boolean;
+    dataTypeName: string;
+};
+type EnvGraphDataTypeFactory = ReturnType<typeof createEnvGraphDataType>;
+
+declare const DATA_SOURCE_TYPES: Readonly<{
+    schema: {
+        fileSuffixes: string[];
+        precedence: number;
+    };
+    example: {
+        fileSuffixes: string[];
+        precedence: number;
+    };
+    defaults: {
+        fileSuffixes: string[];
+        precedence: number;
+    };
+    values: {
+        fileSuffixes: Array<string>;
+        precedence: number;
+    };
+    overrides: {
+        fileSuffixes: string[];
+        precedence: number;
+    };
+}>;
+type DataSourceType = keyof typeof DATA_SOURCE_TYPES;
+declare abstract class EnvGraphDataSource {
+    static DATA_SOURCE_TYPES: Readonly<{
+        schema: {
+            fileSuffixes: string[];
+            precedence: number;
+        };
+        example: {
+            fileSuffixes: string[];
+            precedence: number;
+        };
+        defaults: {
+            fileSuffixes: string[];
+            precedence: number;
+        };
+        values: {
+            fileSuffixes: Array<string>;
+            precedence: number;
+        };
+        overrides: {
+            fileSuffixes: string[];
+            precedence: number;
+        };
+    }>;
+    graph?: EnvGraph;
+    abstract typeLabel: string;
+    type: DataSourceType;
+    applyForEnv?: string;
+    disabled?: boolean;
+    ignoreNewDefs: boolean;
+    abstract get label(): string;
+    /** an error encountered while loading/parsing the data source */
+    loadingError?: Error;
+    get isValid(): boolean;
+    configItemDefs: Record<string, ConfigItemDef>;
+    decorators: Record<string, ParsedEnvSpecDecorator>;
+    getStaticValues(): Record<string, string>;
+}
+declare class ProcessEnvDataSource extends EnvGraphDataSource {
+    type: "overrides";
+    typeLabel: string;
+    label: string;
+    ignoreNewDefs: boolean;
+    static processEnvValues: Record<string, string | undefined> | undefined;
+    constructor();
+}
+declare abstract class FileBasedDataSource extends EnvGraphDataSource {
+    isGitIgnored?: boolean;
+    fullPath: string;
+    fileName: string;
+    rawContents?: string;
+    get typeLabel(): string;
+    get label(): string;
+    static format: string;
+    static validFileExtensions: Array<string>;
+    get validFileExtensions(): string[];
+    constructor(fullPath: string, opts?: {
+        overrideContents?: string;
+        overrideGitIgnored?: boolean;
+    });
+    finishInit(): Promise<void>;
+    abstract _parseContents(): Promise<void>;
+}
+declare class DotEnvFileDataSource extends FileBasedDataSource {
+    static format: string;
+    static validFileExtensions: never[];
+    parsedFile?: ParsedEnvSpecFile;
+    private convertParserValueToResolvers;
+    _parseContents(): Promise<void>;
+}
+
+type ResolvedValue = undefined | string | number | boolean | RegExp;
+type ResolverFunctionArgs = Array<Resolver | Record<string, Resolver>>;
+declare abstract class Resolver {
+    readonly fnArgs: ResolverFunctionArgs;
+    static fnName?: string;
+    constructor(fnArgs: ResolverFunctionArgs);
+    abstract label: string;
+    abstract icon: string;
+    inferredType?: string;
+    _schemaErrors: Array<SchemaError>;
+    private _depsObj;
+    get childResolvers(): Array<Resolver>;
+    get schemaErrors(): Array<SchemaError>;
+    get depsObj(): Record<string, boolean>;
+    get deps(): string[];
+    protected abstract _process(ctx?: any): Promise<void | (() => void)>;
+    private configItem?;
+    process(configItem: ConfigItem): Promise<void>;
+    protected addDep(key: string): void;
+    protected abstract _resolve(): Promise<ResolvedValue>;
+    resolve(): Promise<ResolvedValue>;
+    protected getDepValue(key: string): ResolvedValue;
+}
+type ResolverChildClass<ChildClass extends Resolver = Resolver> = ({
+    new (...args: Array<any>): ChildClass;
+} & typeof Resolver);
+
+type ConfigItemDef = {
+    description?: string;
+    resolver?: Resolver;
+    decorators?: Record<string, ParsedEnvSpecDecorator>;
+};
+type ConfigItemDefAndSource = {
+    itemDef: ConfigItemDef;
+    source: EnvGraphDataSource;
+};
+declare class ConfigItem {
+    #private;
+    constructor(_envGraph: EnvGraph, _key: string);
+    get envGraph(): EnvGraph;
+    get key(): string;
+    defs: Array<ConfigItemDefAndSource>;
+    addDef(itemDef: ConfigItemDef, source: EnvGraphDataSource): void;
+    get description(): string | undefined;
+    get icon(): string | undefined;
+    get docsLinks(): {
+        url: string;
+        description?: string;
+    }[];
+    get valueResolver(): Resolver | undefined;
+    getDecorator(decoratorName: string): ParsedEnvSpecDecorator | undefined;
+    getDecoratorValueRaw(decoratorName: string): ParsedEnvSpecStaticValue | ParsedEnvSpecFunctionCall | undefined;
+    getDecoratorValueString(decoratorName: string): string | undefined;
+    dataType?: EnvGraphDataType;
+    schemaErrors: Array<SchemaError>;
+    get resolverSchemaErrors(): SchemaError[];
+    process(): Promise<void>;
+    get isRequired(): any;
+    get isSensitive(): any;
+    get errors(): (SchemaError | ValidationError | CoercionError | ResolutionError)[];
+    get validationState(): 'warn' | 'error' | 'valid';
+    /** resolved value _before coercion_ */
+    resolvedRawValue?: ResolvedValue;
+    isResolved: boolean;
+    /** resolved value after coercion */
+    resolvedValue?: ResolvedValue;
+    isValidated: boolean;
+    resolutionError?: ResolutionError;
+    coercionError?: CoercionError;
+    validationErrors?: Array<ValidationError>;
+    get isCoerced(): boolean;
+    resolve(): Promise<void>;
+    get isValid(): boolean;
+}
+
+type GraphNodeId = string;
+type GraphAdjacencyList = Record<GraphNodeId, Array<GraphNodeId>>;
+
+type SerializedEnvGraph = {
+    basePath?: string;
+    sources: Array<{
+        label: string;
+        enabled: boolean;
+        path?: string;
+    }>;
+    settings: {
+        redactLogs?: boolean;
+        preventLeaks?: boolean;
+    };
+    config: Record<string, {
+        value: any;
+        isSensitive: boolean;
+    }>;
+};
+/** container of the overall graph and current resolution attempt / values */
+declare class EnvGraph {
+    basePath?: string;
+    /** array of data sources */
+    dataSources: Array<EnvGraphDataSource>;
+    finalOverridesDataSource?: EnvGraphDataSource;
+    /** config item key of env flag (toggles env-specific data sources enabled) */
+    envFlagKey?: string;
+    /** current value of the environment flag */
+    envFlagValue?: string;
+    configSchema: Record<string, ConfigItem>;
+    addDataSource(dataSource: EnvGraphDataSource): void;
+    get schemaDataSource(): EnvGraphDataSource | undefined;
+    get sortedDataSources(): EnvGraphDataSource[];
+    registeredResolverFunctions: Record<string, ResolverChildClass>;
+    registerResolver(resolverClass: ResolverChildClass): void;
+    dataTypesRegistry: Record<string, EnvGraphDataTypeFactory>;
+    registerDataType(factory: EnvGraphDataTypeFactory): void;
+    constructor();
+    finishLoad(): Promise<void>;
+    get graphAdjacencyList(): GraphAdjacencyList;
+    resolveEnvValues(): Promise<void>;
+    getResolvedEnvObject(): Record<string, any>;
+    getSerializedGraph(): SerializedEnvGraph;
+    get isInvalid(): boolean;
+    generateTypes(lang: string, outputPath: string): Promise<void>;
+    getRootDecoratorValue(decoratorName: string): any;
+}
+
+declare function resetRedactionMap(graph: SerializedEnvGraph): void;
+/**
+ * Redacts senstive config values from any string/array/object/etc
+ *
+ * NOTE - must be used only after varlock has loaded config
+ * */
+declare function redactSensitiveConfig(o: any): any;
+/**
+ * utility to unmask a secret/sensitive value when logging to the console
+ * currently this only works on a single secret, not objects or aggregated strings
+ * */
+declare function revealSensitiveConfig(secretStr: string): string;
+declare function scanForLeaks(toScan: string | ReadableStream | null, meta?: {
+    method?: string;
+    file?: string;
+}): string | ReadableStream<any> | null;
+declare const varlockSettings: Record<string, any>;
+declare function initVarlockEnv(opts?: {
+    allowFail?: boolean;
+}): void;
+interface TypedEnvSchema {
+}
+declare const ENV: TypedEnvSchema;
+
+export { ConfigLoadError as C, DotEnvFileDataSource as D, EnvGraph as E, ProcessEnvDataSource as P, ResolutionError as R, SchemaError as S, type TypedEnvSchema as T, ValidationError as V, CoercionError as a, type SerializedEnvGraph as b, ENV as c, redactSensitiveConfig as d, revealSensitiveConfig as e, initVarlockEnv as i, resetRedactionMap as r, scanForLeaks as s, varlockSettings as v };

package/dist/index.d.ts

@@ -1,10 +1,19 @@
-import { i as initVarlockEnv } from './env-k8iRuXIH.js';
-export { E as ENV, S as SerializedEnvGraph } from './env-k8iRuXIH.js';
-import * as _env_spec_env_graph from '@env-spec/env-graph';
-import { EnvGraph, DotEnvFileDataSource, ProcessEnvDataSource, loadEnvGraph, ConfigLoadError, SchemaError, ValidationError, CoercionError, ResolutionError } from '@env-spec/env-graph';
+import { E as EnvGraph, D as DotEnvFileDataSource, P as ProcessEnvDataSource, C as ConfigLoadError, S as SchemaError, V as ValidationError, a as CoercionError, R as ResolutionError, i as initVarlockEnv } from './env-KH4bPru7.js';
+export { c as ENV, b as SerializedEnvGraph } from './env-KH4bPru7.js';
 export { patchGlobalConsole } from './runtime/patch-console.js';
 export { patchGlobalServerResponse } from './runtime/patch-server-response.js';
 export { patchGlobalResponse } from './runtime/patch-response.js';
+import '@env-spec/parser';
+import '@env-spec/utils/type-utils';
+
+declare function loadEnvGraph(opts?: {
+    basePath?: string;
+    relativePaths?: Array<string>;
+    checkGitIgnored?: boolean;
+    excludeDirs?: Array<string>;
+    currentEnvFallback?: string;
+    afterInit?: (graph: EnvGraph) => Promise<void>;
+}): Promise<EnvGraph>;
 
 declare function checkForConfigErrors(envGraph: EnvGraph, opts?: {
     showAll?: boolean;
@@ -12,7 +21,7 @@ declare function checkForConfigErrors(envGraph: EnvGraph, opts?: {
 
 declare function loadVarlockEnvGraph(opts?: {
     currentEnvFallback?: string;
-}): Promise<_env_spec_env_graph.EnvGraph>;
+}): Promise<EnvGraph>;
 
 declare function load(): Promise<void>;
 declare function getBuildTimeReplacements(opts?: {

package/dist/index.js

@@ -1,12 +1,11 @@
-import { checkForConfigErrors } from './chunk-UFPWQAFZ.js';
-import { loadVarlockEnvGraph, loadEnvGraph } from './chunk-MPS3IXAW.js';
-import { ResolutionError, CoercionError, ValidationError, SchemaError, ConfigLoadError, ProcessEnvDataSource, DotEnvFileDataSource, EnvGraph } from './chunk-Y2RFMQ5X.js';
-export { patchGlobalConsole } from './chunk-7OHVYEDG.js';
-export { patchGlobalResponse } from './chunk-P74HB2II.js';
-export { patchGlobalServerResponse } from './chunk-5B7JZEDE.js';
-import './chunk-LZ45SLAI.js';
-import { initVarlockEnv } from './chunk-SHQHITWV.js';
-export { ENV } from './chunk-SHQHITWV.js';
+import { checkForConfigErrors } from './chunk-PB7RWVE6.js';
+import { loadVarlockEnvGraph } from './chunk-ZUG7BEY5.js';
+import { ResolutionError, CoercionError, ValidationError, SchemaError, ConfigLoadError, loadEnvGraph, ProcessEnvDataSource, DotEnvFileDataSource, EnvGraph } from './chunk-ZW2T4C6A.js';
+export { patchGlobalConsole } from './chunk-CYYLAV42.js';
+export { patchGlobalResponse } from './chunk-ELJZUQX3.js';
+export { patchGlobalServerResponse } from './chunk-FLO6F7B6.js';
+import { initVarlockEnv } from './chunk-2CM4YUFY.js';
+export { ENV } from './chunk-2CM4YUFY.js';
 import './chunk-FGMXIEFA.js';
 import { __name } from './chunk-XN24GZXQ.js';
 

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAoBA,eAAsB,IAAA,GAAO;AAE3B,EAAA,MAAM,QAAA,GAAW,MAAM,mBAAA,EAAoB;AAC3C,EAAA,MAAM,SAAS,gBAAA,EAAiB;AAChC,EAAA,oBAAA,CAAqB,QAAQ,CAAA;AAG7B,EAAA,OAAA,CAAQ,IAAI,aAAA,GAAgB,IAAA,CAAK,SAAA,CAAU,QAAA,CAAS,oBAAoB,CAAA;AACxE,EAAA,cAAA,EAAe;AAEjB;AAVsB,MAAA,CAAA,IAAA,EAAA,MAAA,CAAA;AAaf,SAAS,yBAAyB,IAAA,EAGtC;AACD,EAAA,IAAI,CAAC,OAAA,CAAQ,GAAA,CAAI,aAAA,SAAsB,EAAC;AACxC,EAAA,MAAM,OAAA,GAAU,IAAA,CAAK,KAAA,CAAM,OAAA,CAAQ,IAAI,aAAa,CAAA;AACpD,EAAA,MAAM,eAAe,EAAC;AACtB,EAAA,KAAA,MAAW,GAAA,IAAO,QAAQ,MAAA,EAAQ;AAChC,IAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,MAAA,CAAO,GAAG,CAAA;AACnC,IAAA,MAAM,WAAA,GAAc,CAAC,QAAA,CAAS,WAAA,IAAe,IAAA,EAAM,gBAAA;AACnD,IAAA,IAAI,CAAC,WAAA,EAAa;AAClB,IAAA,YAAA,CAAa,CAAA,EAAG,IAAA,EAAM,SAAA,IAAa,KAAK,IAAI,GAAG,CAAA,CAAE,CAAA,GAAI,IAAA,CAAK,SAAA,CAAU,OAAA,CAAQ,MAAA,CAAO,GAAG,EAAE,KAAK,CAAA;AAAA,EAC/F;AACA,EAAA,OAAO,YAAA;AACT;AAdgB,MAAA,CAAA,wBAAA,EAAA,0BAAA,CAAA;AAiBT,IAAM,QAAA,GAAW;AAAA;AAAA,EAEtB,QAAA;AAAA,EACA,oBAAA;AAAA,EACA,oBAAA;AAAA;AAAA,EAGA,YAAA;AAAA;AAAA,EAGA,eAAA;AAAA,EACA,WAAA;AAAA,EACA,eAAA;AAAA,EACA,aAAA;AAAA,EACA,eAAA;AAAA;AAAA,EAGA,mBAAA;AAAA,EACA,oBAAA;AAAA,EACA;AACF","file":"index.js","sourcesContent":["import { type SerializedEnvGraph } from './serialized-env-graph';\nexport { type SerializedEnvGraph };\n\nimport { checkForConfigErrors } from './cli/helpers/error-checks';\nimport { loadVarlockEnvGraph } from './lib/load-graph';\nimport { initVarlockEnv } from './runtime/env';\n\n// Import env-graph components for internal API\nimport {\n  EnvGraph,\n  loadEnvGraph,\n  DotEnvFileDataSource,\n  ProcessEnvDataSource,\n  ConfigLoadError,\n  SchemaError,\n  ValidationError,\n  CoercionError,\n  ResolutionError,\n} from '@env-spec/env-graph';\n\nexport async function load() {\n  // TODO: add some options\n  const envGraph = await loadVarlockEnvGraph();\n  await envGraph.resolveEnvValues();\n  checkForConfigErrors(envGraph);\n\n  // loadFromSerializedGraph(envGraph.getSerializedGraph());\n  process.env.__VARLOCK_ENV = JSON.stringify(envGraph.getSerializedGraph());\n  initVarlockEnv();\n  // TODO: return resolved env and schema / meta info\n}\n\n\nexport function getBuildTimeReplacements(opts?: {\n  objectKey?: string,\n  includeSensitive?: boolean,\n}) {\n  if (!process.env.__VARLOCK_ENV) return {};\n  const envInfo = JSON.parse(process.env.__VARLOCK_ENV) as SerializedEnvGraph;\n  const replacements = {} as Record<string, string>;\n  for (const key in envInfo.config) {\n    const itemInfo = envInfo.config[key];\n    const replaceItem = !itemInfo.isSensitive || opts?.includeSensitive;\n    if (!replaceItem) continue;\n    replacements[`${opts?.objectKey || 'ENV'}.${key}`] = JSON.stringify(envInfo.config[key].value);\n  }\n  return replacements;\n}\n\n// Internal API for direct env graph manipulation\nexport const internal = {\n  // Core classes\n  EnvGraph,\n  DotEnvFileDataSource,\n  ProcessEnvDataSource,\n\n  // Loader function\n  loadEnvGraph,\n\n  // Error classes\n  ConfigLoadError,\n  SchemaError,\n  ValidationError,\n  CoercionError,\n  ResolutionError,\n\n  // Varlock-specific utilities\n  loadVarlockEnvGraph,\n  checkForConfigErrors,\n  initVarlockEnv,\n};\n\nexport { patchGlobalConsole } from './runtime/patch-console';\nexport { patchGlobalServerResponse } from './runtime/patch-server-response';\nexport { patchGlobalResponse } from './runtime/patch-response';\nexport { ENV } from './runtime/env';\n"]}
+{"version":3,"sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAkBA,eAAsB,IAAA,GAAO;AAE3B,EAAA,MAAM,QAAA,GAAW,MAAM,mBAAA,EAAoB;AAC3C,EAAA,MAAM,SAAS,gBAAA,EAAiB;AAChC,EAAA,oBAAA,CAAqB,QAAQ,CAAA;AAG7B,EAAA,OAAA,CAAQ,IAAI,aAAA,GAAgB,IAAA,CAAK,SAAA,CAAU,QAAA,CAAS,oBAAoB,CAAA;AACxE,EAAA,cAAA,EAAe;AAEjB;AAVsB,MAAA,CAAA,IAAA,EAAA,MAAA,CAAA;AAaf,SAAS,yBAAyB,IAAA,EAGtC;AACD,EAAA,IAAI,CAAC,OAAA,CAAQ,GAAA,CAAI,aAAA,SAAsB,EAAC;AACxC,EAAA,MAAM,OAAA,GAAU,IAAA,CAAK,KAAA,CAAM,OAAA,CAAQ,IAAI,aAAa,CAAA;AACpD,EAAA,MAAM,eAAe,EAAC;AACtB,EAAA,KAAA,MAAW,GAAA,IAAO,QAAQ,MAAA,EAAQ;AAChC,IAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,MAAA,CAAO,GAAG,CAAA;AACnC,IAAA,MAAM,WAAA,GAAc,CAAC,QAAA,CAAS,WAAA,IAAe,IAAA,EAAM,gBAAA;AACnD,IAAA,IAAI,CAAC,WAAA,EAAa;AAClB,IAAA,YAAA,CAAa,CAAA,EAAG,IAAA,EAAM,SAAA,IAAa,KAAK,IAAI,GAAG,CAAA,CAAE,CAAA,GAAI,IAAA,CAAK,SAAA,CAAU,OAAA,CAAQ,MAAA,CAAO,GAAG,EAAE,KAAK,CAAA;AAAA,EAC/F;AACA,EAAA,OAAO,YAAA;AACT;AAdgB,MAAA,CAAA,wBAAA,EAAA,0BAAA,CAAA;AAiBT,IAAM,QAAA,GAAW;AAAA;AAAA,EAEtB,QAAA;AAAA,EACA,oBAAA;AAAA,EACA,oBAAA;AAAA;AAAA,EAGA,YAAA;AAAA;AAAA,EAGA,eAAA;AAAA,EACA,WAAA;AAAA,EACA,eAAA;AAAA,EACA,aAAA;AAAA,EACA,eAAA;AAAA;AAAA,EAGA,mBAAA;AAAA,EACA,oBAAA;AAAA,EACA;AACF","file":"index.js","sourcesContent":["import { checkForConfigErrors } from './cli/helpers/error-checks';\nimport { loadVarlockEnvGraph } from './lib/load-graph';\nimport { initVarlockEnv } from './runtime/env';\n\n// Import env-graph components for internal API\nimport {\n  EnvGraph,\n  loadEnvGraph,\n  DotEnvFileDataSource,\n  ProcessEnvDataSource,\n  ConfigLoadError,\n  SchemaError,\n  ValidationError,\n  CoercionError,\n  ResolutionError,\n  type SerializedEnvGraph,\n} from '../env-graph';\n\nexport async function load() {\n  // TODO: add some options\n  const envGraph = await loadVarlockEnvGraph();\n  await envGraph.resolveEnvValues();\n  checkForConfigErrors(envGraph);\n\n  // loadFromSerializedGraph(envGraph.getSerializedGraph());\n  process.env.__VARLOCK_ENV = JSON.stringify(envGraph.getSerializedGraph());\n  initVarlockEnv();\n  // TODO: return resolved env and schema / meta info\n}\n\n\nexport function getBuildTimeReplacements(opts?: {\n  objectKey?: string,\n  includeSensitive?: boolean,\n}) {\n  if (!process.env.__VARLOCK_ENV) return {};\n  const envInfo = JSON.parse(process.env.__VARLOCK_ENV) as SerializedEnvGraph;\n  const replacements = {} as Record<string, string>;\n  for (const key in envInfo.config) {\n    const itemInfo = envInfo.config[key];\n    const replaceItem = !itemInfo.isSensitive || opts?.includeSensitive;\n    if (!replaceItem) continue;\n    replacements[`${opts?.objectKey || 'ENV'}.${key}`] = JSON.stringify(envInfo.config[key].value);\n  }\n  return replacements;\n}\n\n// Internal API for direct env graph manipulation\nexport const internal = {\n  // Core classes\n  EnvGraph,\n  DotEnvFileDataSource,\n  ProcessEnvDataSource,\n\n  // Loader function\n  loadEnvGraph,\n\n  // Error classes\n  ConfigLoadError,\n  SchemaError,\n  ValidationError,\n  CoercionError,\n  ResolutionError,\n\n  // Varlock-specific utilities\n  loadVarlockEnvGraph,\n  checkForConfigErrors,\n  initVarlockEnv,\n};\n\nexport { patchGlobalConsole } from './runtime/patch-console';\nexport { patchGlobalServerResponse } from './runtime/patch-server-response';\nexport { patchGlobalResponse } from './runtime/patch-response';\nexport { ENV } from './runtime/env';\nexport type { SerializedEnvGraph };\n"]}

package/dist/init.command-ZRQOE2OK.js

@@ -0,0 +1,9 @@
+export { commandFn, commandSpec } from './chunk-4WMY2EW3.js';
+import './chunk-FYLMYWUF.js';
+import './chunk-33ROL4J5.js';
+import './chunk-ZUG7BEY5.js';
+import './chunk-ZW2T4C6A.js';
+import './chunk-FGMXIEFA.js';
+import './chunk-XN24GZXQ.js';
+//# sourceMappingURL=init.command-ZRQOE2OK.js.map
+//# sourceMappingURL=init.command-ZRQOE2OK.js.map

package/dist/{init.command-L4HF4372.js.map → init.command-ZRQOE2OK.js.map}

@@ -1 +1 @@
-{"version":3,"sources":[],"names":[],"mappings":"","file":"init.command-L4HF4372.js"}
+{"version":3,"sources":[],"names":[],"mappings":"","file":"init.command-ZRQOE2OK.js"}

package/dist/load.command-YBN3BW6U.js

@@ -0,0 +1,9 @@
+export { commandFn, commandSpec } from './chunk-4CE75BSX.js';
+import './chunk-33ROL4J5.js';
+import './chunk-PB7RWVE6.js';
+import './chunk-ZUG7BEY5.js';
+import './chunk-ZW2T4C6A.js';
+import './chunk-FGMXIEFA.js';
+import './chunk-XN24GZXQ.js';
+//# sourceMappingURL=load.command-YBN3BW6U.js.map
+//# sourceMappingURL=load.command-YBN3BW6U.js.map

package/dist/{load.command-VHNPXTDI.js.map → load.command-YBN3BW6U.js.map}

@@ -1 +1 @@
-{"version":3,"sources":[],"names":[],"mappings":"","file":"load.command-VHNPXTDI.js"}
+{"version":3,"sources":[],"names":[],"mappings":"","file":"load.command-YBN3BW6U.js"}

package/dist/login.command-F5AWKZKA.js

@@ -0,0 +1,8 @@
+export { commandFn, commandSpec } from './chunk-GWQT5VGW.js';
+import './chunk-FYLMYWUF.js';
+import './chunk-33ROL4J5.js';
+import './chunk-ZW2T4C6A.js';
+import './chunk-FGMXIEFA.js';
+import './chunk-XN24GZXQ.js';
+//# sourceMappingURL=login.command-F5AWKZKA.js.map
+//# sourceMappingURL=login.command-F5AWKZKA.js.map

package/dist/{login.command-OIQBNMNZ.js.map → login.command-F5AWKZKA.js.map}

@@ -1 +1 @@
-{"version":3,"sources":[],"names":[],"mappings":"","file":"login.command-OIQBNMNZ.js"}
+{"version":3,"sources":[],"names":[],"mappings":"","file":"login.command-F5AWKZKA.js"}

package/dist/run.command-WWJ6ZE26.js

@@ -0,0 +1,9 @@
+export { commandFn, commandSpec } from './chunk-KCX4NC7Q.js';
+import './chunk-33ROL4J5.js';
+import './chunk-PB7RWVE6.js';
+import './chunk-ZUG7BEY5.js';
+import './chunk-ZW2T4C6A.js';
+import './chunk-FGMXIEFA.js';
+import './chunk-XN24GZXQ.js';
+//# sourceMappingURL=run.command-WWJ6ZE26.js.map
+//# sourceMappingURL=run.command-WWJ6ZE26.js.map

package/dist/{run.command-2OE432A5.js.map → run.command-WWJ6ZE26.js.map}

@@ -1 +1 @@
-{"version":3,"sources":[],"names":[],"mappings":"","file":"run.command-2OE432A5.js"}
+{"version":3,"sources":[],"names":[],"mappings":"","file":"run.command-WWJ6ZE26.js"}

package/dist/runtime/env.d.ts

@@ -1 +1,3 @@
-export { E as ENV, T as TypedEnvSchema, i as initVarlockEnv, a as redactSensitiveConfig, r as resetRedactionMap, b as revealSensitiveConfig, s as scanForLeaks, v as varlockSettings } from '../env-k8iRuXIH.js';
+export { c as ENV, T as TypedEnvSchema, i as initVarlockEnv, d as redactSensitiveConfig, r as resetRedactionMap, e as revealSensitiveConfig, s as scanForLeaks, v as varlockSettings } from '../env-KH4bPru7.js';
+import '@env-spec/parser';
+import '@env-spec/utils/type-utils';

package/dist/runtime/env.js

@@ -1,4 +1,4 @@
-export { ENV, initVarlockEnv, redactSensitiveConfig, resetRedactionMap, revealSensitiveConfig, scanForLeaks, varlockSettings } from '../chunk-SHQHITWV.js';
+export { ENV, initVarlockEnv, redactSensitiveConfig, resetRedactionMap, revealSensitiveConfig, scanForLeaks, varlockSettings } from '../chunk-2CM4YUFY.js';
 import '../chunk-FGMXIEFA.js';
 import '../chunk-XN24GZXQ.js';
 //# sourceMappingURL=env.js.map

package/dist/runtime/patch-console.js

@@ -1,6 +1,5 @@
-export { patchGlobalConsole, unpatchGlobalConsole } from '../chunk-7OHVYEDG.js';
-import '../chunk-LZ45SLAI.js';
-import '../chunk-SHQHITWV.js';
+export { patchGlobalConsole, unpatchGlobalConsole } from '../chunk-CYYLAV42.js';
+import '../chunk-2CM4YUFY.js';
 import '../chunk-FGMXIEFA.js';
 import '../chunk-XN24GZXQ.js';
 //# sourceMappingURL=patch-console.js.map

package/dist/runtime/patch-response.js

@@ -1,6 +1,5 @@
-export { patchGlobalResponse } from '../chunk-P74HB2II.js';
-import '../chunk-LZ45SLAI.js';
-import '../chunk-SHQHITWV.js';
+export { patchGlobalResponse } from '../chunk-ELJZUQX3.js';
+import '../chunk-2CM4YUFY.js';
 import '../chunk-FGMXIEFA.js';
 import '../chunk-XN24GZXQ.js';
 //# sourceMappingURL=patch-response.js.map

package/dist/runtime/patch-server-response.js

@@ -1,6 +1,5 @@
-export { patchGlobalServerResponse } from '../chunk-5B7JZEDE.js';
-import '../chunk-LZ45SLAI.js';
-import '../chunk-SHQHITWV.js';
+export { patchGlobalServerResponse } from '../chunk-FLO6F7B6.js';
+import '../chunk-2CM4YUFY.js';
 import '../chunk-FGMXIEFA.js';
 import '../chunk-XN24GZXQ.js';
 //# sourceMappingURL=patch-server-response.js.map

package/dist/telemetry.command-IS2JLIZM.js

@@ -0,0 +1,8 @@
+export { commandFn, commandSpec } from './chunk-LS6F7BSZ.js';
+import './chunk-FYLMYWUF.js';
+import './chunk-33ROL4J5.js';
+import './chunk-ZW2T4C6A.js';
+import './chunk-FGMXIEFA.js';
+import './chunk-XN24GZXQ.js';
+//# sourceMappingURL=telemetry.command-IS2JLIZM.js.map
+//# sourceMappingURL=telemetry.command-IS2JLIZM.js.map

package/dist/{telemetry.command-MYQU7FPB.js.map → telemetry.command-IS2JLIZM.js.map}

@@ -1 +1 @@
-{"version":3,"sources":[],"names":[],"mappings":"","file":"telemetry.command-MYQU7FPB.js"}
+{"version":3,"sources":[],"names":[],"mappings":"","file":"telemetry.command-IS2JLIZM.js"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "varlock",
-  "version": "0.0.8",
+  "version": "0.0.9",
   "description": "",
   "main": "index.js",
   "type": "module",
@@ -89,7 +89,6 @@
     "outdent": "^0.8.0",
     "tsup": "^8.5.0",
     "vitest": "^3.2.4",
-    "@env-spec/env-graph": "0.0.0",
     "@env-spec/utils": "0.0.0"
   },
   "scripts": {

package/dist/chunk-5B7JZEDE.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/runtime/patch-server-response.ts"],"names":[],"mappings":";;;;;;AAUA,IAAM,UAAA,GAAa,mBAAA;AACZ,SAAS,0BAA0B,IAAA,EAGvC;AACD,EAAA,KAAA,CAAM,6CAAmC,CAAA;AACzC,EAAA,IAAI,MAAA,CAAO,wBAAA,CAAyB,cAAA,CAAe,SAAA,EAAW,UAAU,CAAA,EAAG;AACzE,IAAA,KAAA,CAAM,mBAAmB,CAAA;AACzB,IAAA;AAAA,EACF;AACA,EAAA,IAAI,eAAA,CAAgB,iBAAiB,KAAA,EAAO;AAC1C,IAAA,KAAA,CAAM,wBAAwB,CAAA;AAC9B,IAAA;AAAA,EACF;AAEA,EAAA,MAAA,CAAO,eAAe,cAAA,CAAe,SAAA,EAAW,YAAY,EAAE,KAAA,EAAO,MAAM,CAAA;AAE3E,EAAA,MAAM,mBAAA,GAAsB,eAAe,SAAA,CAAU,KAAA;AAGrD,EAAA,cAAA,CAAe,SAAA,CAAU,KAAA,mBAAQ,MAAA,CAAA,SAAS,iCAAA,CAAA,GAAqC,IAAA,EAAM;AAInF,IAAA,MAAM,QAAA,GAAW,KAAK,CAAC,CAAA;AAIvB,IAAA,MAAM,cAAc,IAAA,CAAK,SAAA,CAAU,cAAc,CAAA,EAAG,UAAS,IAAK,EAAA;AAElE,IAAA,IAAI,UACF,WAAA,CAAY,UAAA,CAAW,OAAO,CAAA,IAC3B,WAAA,CAAY,WAAW,kBAAkB,CAAA;AAI9C,IAAA,MAAM,MAAA,GAAU,KAAa,GAAA,CAAI,GAAA;AAEjC,IAAA,IAAI,OAAA,IAAW,MAAA,IAAU,IAAA,EAAM,iBAAA,EAAmB,IAAA,CAAK,CAAC,OAAA,KAAY,OAAA,CAAQ,IAAA,CAAK,MAAM,CAAC,CAAA,EAAG;AACzF,MAAA,OAAA,GAAU,KAAA;AAAA,IACZ;AAIA,IAAA,IAAI,CAAC,OAAA,EAAS;AAEZ,MAAA,OAAO,mBAAA,CAAoB,KAAA,CAAM,IAAA,EAAM,IAAI,CAAA;AAAA,IAC7C;AAGA,IAAA,MAAM,eAAA,GAAkB,IAAA,CAAK,SAAA,CAAU,kBAAkB,CAAA;AACzD,IAAA,IAAI,QAAA;AACJ,IAAA,IAAI,SAAA,GAAkD,IAAA;AACtD,IAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AAChC,MAAA,SAAA,GAAY,QAAA;AACZ,MAAA,QAAA,GAAW,QAAA;AAAA,IACb,CAAA,MAAA,IAAW,CAAC,eAAA,EAAiB;AAC3B,MAAA,SAAA,GAAY,SAAA;AACZ,MAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,MAAA,QAAA,GAAW,OAAA,CAAQ,OAAO,QAAQ,CAAA;AAAA,IACpC,CAAA,MAAA,IAAW,oBAAoB,MAAA,EAAQ;AACrC,MAAA,SAAA,GAAY,MAAA;AAEZ,MAAA,IAAI,CAAE,KAAa,WAAA,EAAa;AAE9B,QAAC,IAAA,CAAa,WAAA,GAAc,CAAC,QAAQ,CAAA;AAAA,MACvC,CAAA,MAAO;AAEL,QAAC,IAAA,CAAa,WAAA,EAAa,IAAA,CAAK,QAAQ,CAAA;AACxC,QAAA,IAAI;AACF,UAAA,MAAM,aAAA,GAAgB,KAAK,SAAA,CAAU,MAAA,CAAO,OAAQ,IAAA,CAAa,WAAA,IAAe,EAAE,CAAA,EAAG;AAAA,YACnF,KAAA,EAAO,KAAK,SAAA,CAAU,YAAA;AAAA,YACtB,WAAA,EAAa,KAAK,SAAA,CAAU;AAAA,WAC7B,CAAA;AACD,UAAA,MAAM,gBAAA,GAAmB,aAAA,CAAc,QAAA,CAAS,OAAO,CAAA;AACvD,UAAA,QAAA,GAAW,gBAAA,CAAiB,SAAA,CAAW,IAAA,CAAa,kBAAA,IAAsB,CAAC,CAAA;AAC3E,UAAC,IAAA,CAAa,qBAAqB,gBAAA,CAAiB,MAAA;AAAA,QACtD,SAAS,GAAA,EAAK;AAAA,QAEd;AAAA,MACF;AAAA,IACF;AAEA,IAAA,IAAI,QAAA,EAAU;AAIZ,MAAA,IAAI;AACF,QAAA,YAAA,CAAa,QAAA,EAAU,EAAE,MAAA,EAAQ,8BAAA,EAAgC,MAAO,IAAA,CAAa,GAAA,CAAI,KAAK,CAAA;AAAA,MAChG,SAAS,GAAA,EAAK;AAGZ,QAAA,IAAI,MAAM,oBAAA,EAAsB;AAC9B,UAAA,QAAA,GAAW,sBAAsB,QAAQ,CAAA;AACzC,UAAA,IAAI,cAAc,QAAA,EAAU;AAC1B,YAAA,IAAA,CAAK,CAAC,CAAA,GAAI,QAAA;AAAA,UACZ,CAAA,MAAA,IAAW,cAAc,SAAA,EAAW;AAClC,YAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,YAAA,IAAA,CAAK,CAAC,CAAA,GAAI,OAAA,CAAQ,MAAA,CAAO,QAAQ,CAAA;AAAA,UACnC,CAAA,MAAA,IAAW,cAAc,MAAA,EAAQ,CAQjC,MAAO;AACL,YAAA,MAAM,IAAI,KAAA,CAAM,CAAA,qCAAA,EAAwC,SAAS,CAAA,CAAE,CAAA;AAAA,UACrE;AAAA,QACF,CAAA,MAAO;AACL,UAAA,MAAM,GAAA;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAGA,IAAA,OAAO,mBAAA,CAAoB,KAAA,CAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EAC7C,CAAA,EAlGiC,mCAAA,CAAA;AAsGjC,EAAA,MAAM,iBAAA,GAAoB,eAAe,SAAA,CAAU,GAAA;AAEnD,EAAA,cAAA,CAAe,SAAA,CAAU,GAAA,mBAAM,MAAA,CAAA,SAAS,wBAAA,CAAA,GAA4B,IAAA,EAAM;AAExE,IAAA,MAAM,QAAA,GAAW,KAAK,CAAC,CAAA;AAGvB,IAAA,IAAI,QAAA,IAAY,OAAO,QAAA,KAAa,QAAA,EAAU;AAE5C,MAAA,YAAA,CAAa,QAAA,EAAU,EAAE,MAAA,EAAQ,4BAAA,EAA8B,CAAA;AAAA,IACjE;AAEA,IAAA,OAAO,iBAAA,CAAkB,KAAA,CAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EAC3C,CAAA,EAX+B,0BAAA,CAAA;AAYjC;AAvIgB,MAAA,CAAA,yBAAA,EAAA,2BAAA,CAAA","file":"chunk-5B7JZEDE.js","sourcesContent":["/*\n  This patches the global ServerResponse object to scan for secret leaks - currently used for next.js and remix\n*/\n\nimport zlib from 'node:zlib';\nimport { ServerResponse } from 'node:http';\nimport { redactSensitiveConfig, scanForLeaks, varlockSettings } from './env';\nimport { debug } from './lib/debug';\n\n// NOTE - previously was using a symbol but got weird because of multiple builds and contexts...\nconst patchedKey = '_patchedByVarlock';\nexport function patchGlobalServerResponse(opts?: {\n  ignoreUrlPatterns?: Array<RegExp>,\n  redactInsteadOfThrow?: boolean,\n}) {\n  debug('⚡️ PATCHING global ServerResponse');\n  if (Object.getOwnPropertyDescriptor(ServerResponse.prototype, patchedKey)) {\n    debug('> already patched');\n    return;\n  }\n  if (varlockSettings.preventLeaks === false) {\n    debug('> disabled by settings');\n    return;\n  }\n\n  Object.defineProperty(ServerResponse.prototype, patchedKey, { value: true });\n\n  const serverResponseWrite = ServerResponse.prototype.write;\n\n  // @ts-ignore\n  ServerResponse.prototype.write = function varlockPatchedServerResponseWrite(...args) {\n    // console.log('⚡️ patched ServerResponse.write');\n    // TODO: do we want to filter out some requests here? maybe based on the file type?\n\n    const rawChunk = args[0];\n\n    // for now, we only scan rendered html... may need to change this though for server components?\n    // so we bail if it looks like this response does not contain html\n    const contentType = this.getHeader('content-type')?.toString() || '';\n    // console.log('patched ServerResponse.write', contentType);\n    let runScan = (\n      contentType.startsWith('text/')\n      || contentType.startsWith('application/json')\n      // || contentType.startsWith('application/javascript')\n    );\n\n    const reqUrl = (this as any).req.url;\n    // console.log('> scan ServerResponse.write', contentType, reqUrl);\n    if (runScan && reqUrl && opts?.ignoreUrlPatterns?.some((pattern) => pattern.test(reqUrl))) {\n      runScan = false;\n    }\n\n    // we want to run the scanner on text/html and text/x-component (server actions)\n    // TODO: anything else?\n    if (!runScan) {\n      // @ts-ignore\n      return serverResponseWrite.apply(this, args);\n    }\n\n    // have to deal with compressed data, which is awkward but possible\n    const compressionType = this.getHeader('Content-Encoding');\n    let chunkStr;\n    let chunkType: 'string' | 'encoded' | 'gzip' | null = null;\n    if (typeof rawChunk === 'string') {\n      chunkType = 'string';\n      chunkStr = rawChunk;\n    } else if (!compressionType) {\n      chunkType = 'encoded';\n      const decoder = new TextDecoder();\n      chunkStr = decoder.decode(rawChunk);\n    } else if (compressionType === 'gzip') {\n      chunkType = 'gzip';\n      // first chunk of data contains only compression headers\n      if (!(this as any)._zlibChunks) {\n        // (this as any)._zlibHeadersChunk = rawChunk;\n        (this as any)._zlibChunks = [rawChunk];\n      } else {\n        // TODO: figure out how we can unzip one chunk at a time instead of storing everything\n        (this as any)._zlibChunks?.push(rawChunk);\n        try {\n          const unzippedChunk = zlib.unzipSync(Buffer.concat((this as any)._zlibChunks || []), {\n            flush: zlib.constants.Z_SYNC_FLUSH,\n            finishFlush: zlib.constants.Z_SYNC_FLUSH,\n          });\n          const fullUnzippedData = unzippedChunk.toString('utf-8');\n          chunkStr = fullUnzippedData.substring((this as any)._lastChunkEndIndex || 0);\n          (this as any)._lastChunkEndIndex = fullUnzippedData.length;\n        } catch (err) {\n          // console.log('error unzipping chunk', err);\n        }\n      }\n    }\n    // TODO: we may want to support other compression schemes? but currently only used in nextjs which is using gzip\n    if (chunkStr) {\n      // console.log('scanning!', chunkStr.substring(0, 1000));\n\n\n      try {\n        scanForLeaks(chunkStr, { method: 'patched ServerResponse.write', file: (this as any).req.url });\n      } catch (err) {\n        // console.log('found secret in chunk', chunkType, chunkStr);\n        // console.log(this)\n        if (opts?.redactInsteadOfThrow) {\n          chunkStr = redactSensitiveConfig(chunkStr);\n          if (chunkType === 'string') {\n            args[0] = chunkStr;\n          } else if (chunkType === 'encoded') {\n            const encoder = new TextEncoder();\n            args[0] = encoder.encode(chunkStr);\n          } else if (chunkType === 'gzip') {\n            // currently unable to scrub gzip chunks\n            // this works sometimes, but othertimes causes decoding error\n            // we'll need to pass through chunks from a new gzip stream, because we don't have access to the underlying one\n            // args[0] = zlib.gzipSync(chunkStr, {\n            //   flush: zlib.constants.Z_SYNC_FLUSH,\n            //   finishFlush: zlib.constants.Z_SYNC_FLUSH,\n            // });\n          } else {\n            throw new Error(`unable to scrub - unknown chunk type ${chunkType}`);\n          }\n        } else {\n          throw err;\n        }\n      }\n    }\n\n    // @ts-ignore\n    return serverResponseWrite.apply(this, args);\n  };\n\n\n  // calling `res.json()` in the api routes on pages router calls `res.end` without called `res.write`\n  const serverResponseEnd = ServerResponse.prototype.end;\n  // @ts-ignore\n  ServerResponse.prototype.end = function patchedServerResponseEnd(...args) {\n    // console.log('⚡️ patched ServerResponse.end');\n    const endChunk = args[0];\n    // console.log('patched ServerResponse.end', endChunk);\n    // this just needs to work (so far) for nextjs sending json bodies, so does not need to handle all cases...\n    if (endChunk && typeof endChunk === 'string') {\n      // TODO: currently this throws the error and then things just hang... do we want to try to return an error type response instead?\n      scanForLeaks(endChunk, { method: 'patched ServerResponse.end' });\n    }\n    // @ts-ignore\n    return serverResponseEnd.apply(this, args);\n  };\n}\n\n// ---\n// patchGlobalServerResponse();\n"]}

package/dist/chunk-7OHVYEDG.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/runtime/patch-console.ts"],"names":[],"mappings":";;;;;AAWO,SAAS,kBAAA,GAAqB;AACnC,EAAA,KAAA,CAAM,8CAAoC,CAAA;AAC1C,EAAA,IAAK,OAAA,CAAQ,IAAY,iBAAA,EAAmB;AAC1C,IAAA,KAAA,CAAM,mBAAmB,CAAA;AACzB,IAAA;AAAA,EACF;AACA,EAAA,IAAI,eAAA,CAAgB,eAAe,KAAA,EAAO;AACxC,IAAA,KAAA,CAAM,wBAAwB,CAAA;AAC9B,IAAA;AAAA,EACF;AAQA,EAAA,MAAM,qBAAA,GAAwB,MAAA,CAAO,qBAAA,CAAsB,UAAA,CAAW,OAAO,CAAA,CAAE,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,WAAA,KAAgB,iBAAiB,CAAA;AAG9H,EAAC,UAAA,CAAmB,4BAAA,KAAiC,UAAA,CAAW,OAAA,CAAQ,qBAAqB,CAAA;AAE7F,EAAA,UAAA,CAAW,OAAA,CAAQ,qBAAqB,CAAA,GAAI,WAAY;AACtD,IAAC,UAAA,CAAmB,4BAAA,CAA6B,KAAA,CAAM,IAAA,EAAM;AAAA,MAC3D,UAAU,CAAC,CAAA;AAAA,MACX,qBAAA,CAAsB,SAAA,CAAU,CAAC,CAAC,CAAA;AAAA,MAClC,UAAU,CAAC;AAAA,KACZ,CAAA;AAAA,EACH,CAAA;AAOA,EAAA,KAAA,MAAW,aAAA,IAAiB,CAAC,OAAA,EAAS,OAAA,EAAS,QAAQ,KAAA,EAAO,MAAA,EAAQ,MAAA,EAAQ,OAAO,CAAA,EAAG;AAEtF,IAAA,MAAM,iBAAA,GAAoB,UAAA,CAAW,OAAA,CAAQ,aAAa,CAAA;AAE1D,IAAA,MAAM,4BAAY,MAAA,CAAA,WAAY;AAE5B,MAAA,iBAAA,CAAkB,KAAA,CAAM,MAAM,KAAA,CAAM,IAAA,CAAK,SAAS,CAAA,CAAE,GAAA,CAAI,qBAAqB,CAAC,CAAA;AAAA,IAChF,CAAA,EAHkB,WAAA,CAAA;AAIlB,IAAA,SAAA,CAAU,iBAAA,GAAoB,IAAA;AAG9B,IAAA,UAAA,CAAW,OAAA,CAAQ,aAAa,CAAA,GAAI,SAAA;AAAA,EACtC;AACF;AAhDgB,MAAA,CAAA,kBAAA,EAAA,oBAAA,CAAA;AAuDT,SAAS,oBAAA,GAAuB;AAErC,EAAA,IAAI,CAAE,WAAmB,4BAAA,EAA8B;AAEvD,EAAA,MAAM,qBAAA,GAAwB,MAAA,CAAO,qBAAA,CAAsB,UAAA,CAAW,OAAO,CAAA,CAAE,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,WAAA,KAAgB,iBAAiB,CAAA;AAE9H,EAAA,UAAA,CAAW,OAAA,CAAQ,qBAAqB,CAAA,GAAK,UAAA,CAAmB,4BAAA;AAChE,EAAA,OAAQ,UAAA,CAAmB,4BAAA;AAC7B;AARgB,MAAA,CAAA,oBAAA,EAAA,sBAAA,CAAA","file":"chunk-7OHVYEDG.js","sourcesContent":["/* eslint-disable func-names, no-console, prefer-rest-params */\n\nimport { redactSensitiveConfig, varlockSettings } from './env';\nimport { debug } from './lib/debug';\n\n\n/**\n * patches global console methods to redact sensitive config\n *\n * NOTE - this may not be 100% foolproof depending on the platform\n * */\nexport function patchGlobalConsole() {\n  debug('⚡️ PATCHING global console methods');\n  if ((console.log as any)._varlockPatchedFn) {\n    debug('> already patched');\n    return;\n  }\n  if (varlockSettings.redactLogs === false) {\n    debug('> disabled by settings');\n    return;\n  }\n\n  // our method of patching involves replacing an internal node method which may not be called if console.log itself has also been patched\n  // for example AWS lambdas patches this to write the logs to a file which then is pushed to the rest of their system\n\n  // so first we'll just patch the internal method do deal with normal stdout/stderr logs -------------------------------------\n\n  // we need the internal symbol name to access the internal method\n  const kWriteToConsoleSymbol = Object.getOwnPropertySymbols(globalThis.console).find((s) => s.description === 'kWriteToConsole');\n\n  // @ts-ignore\n  (globalThis as any)._varlockOrigWriteToConsoleFn ||= globalThis.console[kWriteToConsoleSymbol];\n  // @ts-ignore\n  globalThis.console[kWriteToConsoleSymbol] = function () {\n    (globalThis as any)._varlockOrigWriteToConsoleFn.apply(this, [\n      arguments[0],\n      redactSensitiveConfig(arguments[1]),\n      arguments[2],\n    ]);\n  };\n\n  // and now we'll wrap console.log (and the other methods) if it looks like they have been patched already ------------------\n  // NOTE - this will not fully redact from everything since we can't safely reach deep into objects\n  // ideally we would only turn this when the above method does not work, but it's not trivial to detect when it that is the case\n  // so we'll turn it on all the time for now...\n\n  for (const logMethodName of ['trace', 'debug', 'info', 'log', 'info', 'warn', 'error']) {\n    // @ts-ignore\n    const originalLogMethod = globalThis.console[logMethodName];\n\n    const patchedFn = function () {\n      // @ts-ignore\n      originalLogMethod.apply(this, Array.from(arguments).map(redactSensitiveConfig));\n    };\n    patchedFn._varlockPatchedFn = true;\n\n    // @ts-ignore\n    globalThis.console[logMethodName] = patchedFn;\n  }\n}\n\n/**\n * restore's original global console methods to stop redacting secrets\n *\n * (only needed during local development when switching settings on/off in a process that does not reload)\n * */\nexport function unpatchGlobalConsole() {\n  // we'll only care about the normal case where console.log has NOT been patched by something else... (see above)\n  if (!(globalThis as any)._varlockOrigWriteToConsoleFn) return;\n\n  const kWriteToConsoleSymbol = Object.getOwnPropertySymbols(globalThis.console).find((s) => s.description === 'kWriteToConsole');\n  // @ts-ignore\n  globalThis.console[kWriteToConsoleSymbol] = (globalThis as any)._varlockOrigWriteToConsoleFn;\n  delete (globalThis as any)._varlockOrigWriteToConsoleFn;\n}\n\n// ---\n\n// patchGlobalConsole();\n"]}

package/dist/chunk-CQHOPN6M.js

@@ -1,14 +0,0 @@
-import { patchGlobalConsole } from './chunk-7OHVYEDG.js';
-import { patchGlobalResponse } from './chunk-P74HB2II.js';
-import { patchGlobalServerResponse } from './chunk-5B7JZEDE.js';
-import { initVarlockEnv } from './chunk-SHQHITWV.js';
-import { execSync } from 'child_process';
-
-var execResult = execSync("varlock load --format json-full");
-process.env.__VARLOCK_ENV = execResult.toString();
-initVarlockEnv();
-patchGlobalConsole();
-patchGlobalServerResponse();
-patchGlobalResponse();
-//# sourceMappingURL=chunk-CQHOPN6M.js.map
-//# sourceMappingURL=chunk-CQHOPN6M.js.map

package/dist/chunk-LZ45SLAI.js

@@ -1,12 +0,0 @@
-import { __name } from './chunk-XN24GZXQ.js';
-
-// src/runtime/lib/debug.ts
-function debug(...args) {
-  if (!process.env.DEBUG_VARLOCK) return;
-  console.log(...args);
-}
-__name(debug, "debug");
-
-export { debug };
-//# sourceMappingURL=chunk-LZ45SLAI.js.map
-//# sourceMappingURL=chunk-LZ45SLAI.js.map

package/dist/chunk-LZ45SLAI.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/runtime/lib/debug.ts"],"names":[],"mappings":";;;AACO,SAAS,SAAS,IAAA,EAAkB;AACzC,EAAA,IAAI,CAAC,OAAA,CAAQ,GAAA,CAAI,aAAA,EAAe;AAChC,EAAA,OAAA,CAAQ,GAAA,CAAI,GAAG,IAAI,CAAA;AACrB;AAHgB,MAAA,CAAA,KAAA,EAAA,OAAA,CAAA","file":"chunk-LZ45SLAI.js","sourcesContent":["/* eslint-disable no-console */\nexport function debug(...args: Array<any>) {\n  if (!process.env.DEBUG_VARLOCK) return;\n  console.log(...args);\n}\n"]}