varlock 1.2.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/audit.command-LLD5UIAW.js +16 -0
- package/dist/{audit.command-6TUJY57M.js.map → audit.command-LLD5UIAW.js.map} +1 -1
- package/dist/auto-load.js +5 -5
- package/dist/{chunk-QSYH5IDD.js → chunk-5DRCCFKV.js} +3 -3
- package/dist/{chunk-QSYH5IDD.js.map → chunk-5DRCCFKV.js.map} +1 -1
- package/dist/{chunk-H2JVYUHZ.js → chunk-C5LW5EET.js} +6 -6
- package/dist/{chunk-H2JVYUHZ.js.map → chunk-C5LW5EET.js.map} +1 -1
- package/dist/{chunk-35LTPRXV.js → chunk-CESFJIM4.js} +6 -6
- package/dist/{chunk-35LTPRXV.js.map → chunk-CESFJIM4.js.map} +1 -1
- package/dist/{chunk-5DUWGI2N.js → chunk-DIPEXEIL.js} +3 -3
- package/dist/{chunk-5DUWGI2N.js.map → chunk-DIPEXEIL.js.map} +1 -1
- package/dist/{chunk-26E4E2MY.js → chunk-F6ZYIWAR.js} +5 -5
- package/dist/{chunk-26E4E2MY.js.map → chunk-F6ZYIWAR.js.map} +1 -1
- package/dist/{chunk-6CCHLM3U.js → chunk-FA5SNEKN.js} +30 -12
- package/dist/chunk-FA5SNEKN.js.map +1 -0
- package/dist/{chunk-6CRDPEUT.js → chunk-GKN3UJNE.js} +583 -729
- package/dist/chunk-GKN3UJNE.js.map +1 -0
- package/dist/{chunk-YHN6GZHR.js → chunk-HH647LSU.js} +5 -5
- package/dist/{chunk-YHN6GZHR.js.map → chunk-HH647LSU.js.map} +1 -1
- package/dist/{chunk-CWC3IAQM.js → chunk-HMWAOBZR.js} +29 -14
- package/dist/chunk-HMWAOBZR.js.map +1 -0
- package/dist/{chunk-6PZXN47A.js → chunk-INGOLNLE.js} +4 -4
- package/dist/{chunk-6PZXN47A.js.map → chunk-INGOLNLE.js.map} +1 -1
- package/dist/{chunk-2PBFWISH.js → chunk-IO2OGZQU.js} +8 -8
- package/dist/chunk-IO2OGZQU.js.map +1 -0
- package/dist/{chunk-LGEHJHB2.js → chunk-JOGGSYT2.js} +6 -5
- package/dist/{chunk-LGEHJHB2.js.map → chunk-JOGGSYT2.js.map} +1 -1
- package/dist/{chunk-F6RTQ5QX.js → chunk-KFALDUEO.js} +3 -3
- package/dist/{chunk-F6RTQ5QX.js.map → chunk-KFALDUEO.js.map} +1 -1
- package/dist/{chunk-A2JUQ2GK.js → chunk-KI5QLKPU.js} +6 -6
- package/dist/{chunk-A2JUQ2GK.js.map → chunk-KI5QLKPU.js.map} +1 -1
- package/dist/{chunk-OA6PRICO.js → chunk-M6QE3D2O.js} +6 -6
- package/dist/{chunk-OA6PRICO.js.map → chunk-M6QE3D2O.js.map} +1 -1
- package/dist/{chunk-BR3DT5Z5.js → chunk-MPHVA4WC.js} +3 -3
- package/dist/{chunk-BR3DT5Z5.js.map → chunk-MPHVA4WC.js.map} +1 -1
- package/dist/{chunk-VIUMRSUR.js → chunk-NW4KR67N.js} +8 -8
- package/dist/{chunk-VIUMRSUR.js.map → chunk-NW4KR67N.js.map} +1 -1
- package/dist/{chunk-EE4UNY25.js → chunk-OGGTDFVX.js} +8 -8
- package/dist/{chunk-EE4UNY25.js.map → chunk-OGGTDFVX.js.map} +1 -1
- package/dist/{chunk-R73FENLU.js → chunk-QDEAHBCB.js} +3 -3
- package/dist/{chunk-R73FENLU.js.map → chunk-QDEAHBCB.js.map} +1 -1
- package/dist/{chunk-KCUEK4TX.js → chunk-RQZZDYWL.js} +7 -7
- package/dist/{chunk-KCUEK4TX.js.map → chunk-RQZZDYWL.js.map} +1 -1
- package/dist/{chunk-MGWUDHT5.js → chunk-UUJK65RS.js} +11 -3
- package/dist/chunk-UUJK65RS.js.map +1 -0
- package/dist/{chunk-FCSQRLIC.js → chunk-WJLMLKSG.js} +5 -5
- package/dist/{chunk-FCSQRLIC.js.map → chunk-WJLMLKSG.js.map} +1 -1
- package/dist/{chunk-2NQLWXPX.js → chunk-WTBUNHUJ.js} +5 -5
- package/dist/{chunk-2NQLWXPX.js.map → chunk-WTBUNHUJ.js.map} +1 -1
- package/dist/chunk-XUY3HAO2.js +171 -0
- package/dist/chunk-XUY3HAO2.js.map +1 -0
- package/dist/{chunk-2OIOYMYO.js → chunk-XXSPHSF7.js} +6 -6
- package/dist/{chunk-2OIOYMYO.js.map → chunk-XXSPHSF7.js.map} +1 -1
- package/dist/{chunk-GURKQO4J.js → chunk-YWTIKDGU.js} +7 -2
- package/dist/chunk-YWTIKDGU.js.map +1 -0
- package/dist/cli/cli-executable.js +37 -37
- package/dist/cli/cli-executable.js.map +1 -1
- package/dist/config-item-SQFJ2BJ2.js +7 -0
- package/dist/{config-item-7X6PUXJF.js.map → config-item-SQFJ2BJ2.js.map} +1 -1
- package/dist/dotenv-compat.js +5 -5
- package/dist/encrypt.command-WISNYCTG.js +14 -0
- package/dist/{encrypt.command-4E5SM5M6.js.map → encrypt.command-WISNYCTG.js.map} +1 -1
- package/dist/{env-graph-iNQyTcya.d.ts → env-graph-DImkUkjl.d.ts} +30 -19
- package/dist/explain.command-THO6CRHD.js +15 -0
- package/dist/{explain.command-7FRFYSJJ.js.map → explain.command-THO6CRHD.js.map} +1 -1
- package/dist/index.d.ts +2 -2
- package/dist/index.js +13 -14
- package/dist/index.js.map +1 -1
- package/dist/init.command-3EDACW36.js +14 -0
- package/dist/{init.command-EMPZK5D3.js.map → init.command-3EDACW36.js.map} +1 -1
- package/dist/install-plugin.command-MXBZTBTE.js +13 -0
- package/dist/{install-plugin.command-SYQAPBII.js.map → install-plugin.command-MXBZTBTE.js.map} +1 -1
- package/dist/load.command-XRABTXAE.js +15 -0
- package/dist/{load.command-R7UTXX2X.js.map → load.command-XRABTXAE.js.map} +1 -1
- package/dist/lock.command-O5MPBQ2I.js +7 -0
- package/dist/{lock.command-4LTGMJA3.js.map → lock.command-O5MPBQ2I.js.map} +1 -1
- package/dist/plugin-lib.d.ts +2 -2
- package/dist/plugin-lib.js +2 -2
- package/dist/printenv.command-DLCI4IPZ.js +15 -0
- package/dist/{printenv.command-EVYMVYEZ.js.map → printenv.command-DLCI4IPZ.js.map} +1 -1
- package/dist/reveal.command-6BTK3FJZ.js +15 -0
- package/dist/{reveal.command-6IH7XDVT.js.map → reveal.command-6BTK3FJZ.js.map} +1 -1
- package/dist/run.command-5CIHZECD.js +16 -0
- package/dist/{run.command-WW2YKPUP.js.map → run.command-5CIHZECD.js.map} +1 -1
- package/dist/runtime/env.d.ts +1 -1
- package/dist/runtime/env.js +1 -1
- package/dist/runtime/init-edge.cjs +9 -1
- package/dist/runtime/init-server.cjs +9 -1
- package/dist/runtime/patch-console.js +2 -2
- package/dist/runtime/patch-response.js +2 -2
- package/dist/runtime/patch-server-response.js +2 -2
- package/dist/{scan.command-6PSWFMI5.js → scan.command-PW3OOLQY.js} +10 -10
- package/dist/{scan.command-6PSWFMI5.js.map → scan.command-PW3OOLQY.js.map} +1 -1
- package/dist/telemetry.command-TZDNG2WR.js +13 -0
- package/dist/{telemetry.command-ZD6XCRBZ.js.map → telemetry.command-TZDNG2WR.js.map} +1 -1
- package/dist/typegen.command-QD26Q3MP.js +14 -0
- package/dist/{typegen.command-IKXM7OSU.js.map → typegen.command-QD26Q3MP.js.map} +1 -1
- package/native-bins/darwin/VarlockEnclave.app/Contents/CodeResources +0 -0
- package/native-bins/darwin/VarlockEnclave.app/Contents/MacOS/varlock-local-encrypt +0 -0
- package/native-bins/win32-x64/varlock-local-encrypt.exe +0 -0
- package/package.json +2 -2
- package/dist/audit.command-6TUJY57M.js +0 -16
- package/dist/chunk-2PBFWISH.js.map +0 -1
- package/dist/chunk-45N5EFNL.js +0 -136
- package/dist/chunk-45N5EFNL.js.map +0 -1
- package/dist/chunk-6CCHLM3U.js.map +0 -1
- package/dist/chunk-6CRDPEUT.js.map +0 -1
- package/dist/chunk-CWC3IAQM.js.map +0 -1
- package/dist/chunk-GURKQO4J.js.map +0 -1
- package/dist/chunk-MGWUDHT5.js.map +0 -1
- package/dist/config-item-7X6PUXJF.js +0 -7
- package/dist/encrypt.command-4E5SM5M6.js +0 -14
- package/dist/explain.command-7FRFYSJJ.js +0 -15
- package/dist/init.command-EMPZK5D3.js +0 -14
- package/dist/install-plugin.command-SYQAPBII.js +0 -13
- package/dist/load.command-R7UTXX2X.js +0 -15
- package/dist/lock.command-4LTGMJA3.js +0 -7
- package/dist/printenv.command-EVYMVYEZ.js +0 -15
- package/dist/reveal.command-6IH7XDVT.js +0 -15
- package/dist/run.command-WW2YKPUP.js +0 -16
- package/dist/telemetry.command-ZD6XCRBZ.js +0 -13
- package/dist/typegen.command-IKXM7OSU.js +0 -15
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
export { commandFn, commandSpec } from './chunk-CESFJIM4.js';
|
|
2
|
+
import './chunk-P33JXOU6.js';
|
|
3
|
+
import './chunk-CHQDS2PI.js';
|
|
4
|
+
import './chunk-4A54P4EM.js';
|
|
5
|
+
import './chunk-XUY3HAO2.js';
|
|
6
|
+
import './chunk-C5LW5EET.js';
|
|
7
|
+
import './chunk-YWTIKDGU.js';
|
|
8
|
+
import './chunk-JOGGSYT2.js';
|
|
9
|
+
import './chunk-GKN3UJNE.js';
|
|
10
|
+
import './chunk-O3WTD6L4.js';
|
|
11
|
+
import './chunk-IRXBCLL2.js';
|
|
12
|
+
import './chunk-FA5SNEKN.js';
|
|
13
|
+
import './chunk-XLYSNOR3.js';
|
|
14
|
+
import './chunk-6PEHRAEP.js';
|
|
15
|
+
//# sourceMappingURL=audit.command-LLD5UIAW.js.map
|
|
16
|
+
//# sourceMappingURL=audit.command-LLD5UIAW.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":[],"names":[],"mappings":"","file":"audit.command-
|
|
1
|
+
{"version":3,"sources":[],"names":[],"mappings":"","file":"audit.command-LLD5UIAW.js"}
|
package/dist/auto-load.js
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
import './chunk-
|
|
2
|
-
import './chunk-
|
|
3
|
-
import './chunk-
|
|
1
|
+
import './chunk-M6QE3D2O.js';
|
|
2
|
+
import './chunk-KFALDUEO.js';
|
|
3
|
+
import './chunk-DIPEXEIL.js';
|
|
4
4
|
import './chunk-ZTFQ7ZVH.js';
|
|
5
|
-
import './chunk-
|
|
6
|
-
import './chunk-
|
|
5
|
+
import './chunk-QDEAHBCB.js';
|
|
6
|
+
import './chunk-UUJK65RS.js';
|
|
7
7
|
import './chunk-XLYSNOR3.js';
|
|
8
8
|
import './chunk-6PEHRAEP.js';
|
|
9
9
|
//# sourceMappingURL=auto-load.js.map
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { define } from './chunk-4A54P4EM.js';
|
|
2
|
-
import { getBackendInfo, lockSession } from './chunk-
|
|
2
|
+
import { getBackendInfo, lockSession } from './chunk-YWTIKDGU.js';
|
|
3
3
|
import { __name } from './chunk-6PEHRAEP.js';
|
|
4
4
|
|
|
5
5
|
// src/cli/commands/lock.command.ts
|
|
@@ -22,5 +22,5 @@ var commandFn = /* @__PURE__ */ __name(async () => {
|
|
|
22
22
|
}, "commandFn");
|
|
23
23
|
|
|
24
24
|
export { commandFn, commandSpec };
|
|
25
|
-
//# sourceMappingURL=chunk-
|
|
26
|
-
//# sourceMappingURL=chunk-
|
|
25
|
+
//# sourceMappingURL=chunk-5DRCCFKV.js.map
|
|
26
|
+
//# sourceMappingURL=chunk-5DRCCFKV.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/cli/commands/lock.command.ts"],"names":[],"mappings":";;;;;AAMO,IAAM,cAAc,MAAA,CAAO;AAAA,EAChC,IAAA,EAAM,MAAA;AAAA,EACN,WAAA,EAAa;AACf,CAAC;AAEM,IAAM,4BAAsD,MAAA,CAAA,YAAY;AAC7E,EAAA,MAAM,UAAuB,cAAA,EAAe;AAE5C,EAAA,IAAI,CAAC,QAAQ,kBAAA,EAAoB;AAC/B,IAAA,OAAA,CAAQ,GAAA,CAAI,CAAA,IAAA,EAAO,OAAA,CAAQ,IAAI,CAAA,yCAAA,CAA2C,CAAA;AAC1E,IAAA;AAAA,EACF;AAEA,EAAA,IAAI;AACF,IAAA,MAAmB,WAAA,EAAY;AAC/B,IAAA,OAAA,CAAQ,IAAI,wFAAwF,CAAA;AAAA,EACtG,CAAA,CAAA,MAAQ;AACN,IAAA,OAAA,CAAQ,IAAI,yDAAoD,CAAA;AAAA,EAClE;AACF,CAAA,EAdmE,WAAA","file":"chunk-
|
|
1
|
+
{"version":3,"sources":["../src/cli/commands/lock.command.ts"],"names":[],"mappings":";;;;;AAMO,IAAM,cAAc,MAAA,CAAO;AAAA,EAChC,IAAA,EAAM,MAAA;AAAA,EACN,WAAA,EAAa;AACf,CAAC;AAEM,IAAM,4BAAsD,MAAA,CAAA,YAAY;AAC7E,EAAA,MAAM,UAAuB,cAAA,EAAe;AAE5C,EAAA,IAAI,CAAC,QAAQ,kBAAA,EAAoB;AAC/B,IAAA,OAAA,CAAQ,GAAA,CAAI,CAAA,IAAA,EAAO,OAAA,CAAQ,IAAI,CAAA,yCAAA,CAA2C,CAAA;AAC1E,IAAA;AAAA,EACF;AAEA,EAAA,IAAI;AACF,IAAA,MAAmB,WAAA,EAAY;AAC/B,IAAA,OAAA,CAAQ,IAAI,wFAAwF,CAAA;AAAA,EACtG,CAAA,CAAA,MAAQ;AACN,IAAA,OAAA,CAAQ,IAAI,yDAAoD,CAAA;AAAA,EAClE;AACF,CAAA,EAdmE,WAAA","file":"chunk-5DRCCFKV.js","sourcesContent":["\nimport { define } from 'gunshi';\n\nimport { type TypedGunshiCommandFn } from '../helpers/gunshi-type-utils';\nimport * as localEncrypt from '../../lib/local-encrypt';\n\nexport const commandSpec = define({\n name: 'lock',\n description: 'Lock the encryption daemon, requiring biometric for next decrypt',\n});\n\nexport const commandFn: TypedGunshiCommandFn<typeof commandSpec> = async () => {\n const backend = localEncrypt.getBackendInfo();\n\n if (!backend.biometricAvailable) {\n console.log(`The ${backend.type} backend does not support biometric lock.`);\n return;\n }\n\n try {\n await localEncrypt.lockSession();\n console.log('Encryption session locked. Biometric authentication will be required for next decrypt.');\n } catch {\n console.log('No encryption daemon is running — nothing to lock.');\n }\n};\n"]}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import { getBackendInfo, getDaemonClient, ensureKey, decryptValue, encryptValue } from './chunk-
|
|
2
|
-
import { CliExitError, loadEnvGraph } from './chunk-
|
|
3
|
-
import { createResolver, parseEnvSpecDotEnvFile, runWithWorkspaceInfo, prompts_default } from './chunk-
|
|
4
|
-
import { ResolutionError, SchemaError, createDebug } from './chunk-
|
|
1
|
+
import { getBackendInfo, getDaemonClient, ensureKey, decryptValue, encryptValue } from './chunk-YWTIKDGU.js';
|
|
2
|
+
import { CliExitError, loadEnvGraph } from './chunk-JOGGSYT2.js';
|
|
3
|
+
import { createResolver, parseEnvSpecDotEnvFile, runWithWorkspaceInfo, prompts_default } from './chunk-GKN3UJNE.js';
|
|
4
|
+
import { ResolutionError, SchemaError, createDebug } from './chunk-FA5SNEKN.js';
|
|
5
5
|
import { __name } from './chunk-6PEHRAEP.js';
|
|
6
6
|
import fs from 'fs';
|
|
7
7
|
import path from 'path';
|
|
@@ -422,5 +422,5 @@ function loadVarlockEnvGraph(opts) {
|
|
|
422
422
|
__name(loadVarlockEnvGraph, "loadVarlockEnvGraph");
|
|
423
423
|
|
|
424
424
|
export { loadVarlockEnvGraph, writeBackValue };
|
|
425
|
-
//# sourceMappingURL=chunk-
|
|
426
|
-
//# sourceMappingURL=chunk-
|
|
425
|
+
//# sourceMappingURL=chunk-C5LW5EET.js.map
|
|
426
|
+
//# sourceMappingURL=chunk-C5LW5EET.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/lib/local-encrypt/write-back.ts","../src/lib/local-encrypt/builtin-resolver.ts","../src/lib/local-encrypt/keychain-resolver.ts","../src/lib/package-json-config.ts","../src/lib/load-graph.ts"],"names":["ciphertext","writeBackResult","fs","path"],"mappings":";;;;;;;;AAcO,SAAS,cAAA,CACd,OAAA,EACA,WAAA,EACA,cAAA,EACiB;AACjB,EAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,IAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,MAAA,EAAQ,qBAAA,EAAsB;AAAA,EACzD;AAEA,EAAA,MAAM,eAAA,GAAkB,EAAA,CAAG,YAAA,CAAa,cAAA,EAAgB,OAAO,CAAA;AAC/D,EAAA,MAAM,IAAA,GAAO,uBAAuB,eAAe,CAAA;AAEnD,EAAA,MAAM,IAAA,GAAO,KAAK,WAAA,CAAY,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,QAAQ,OAAO,CAAA;AAC3D,EAAA,IAAI,CAAC,IAAA,EAAM;AACT,IAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,MAAA,EAAQ,gBAAA,EAAiB;AAAA,EACpD;AAGA,EAAA,MAAM,SAAA,GAAY,sBAAA,CAAuB,CAAA,EAAA,EAAK,WAAW,CAAA,CAAE,CAAA;AAC3D,EAAA,MAAM,SAAA,GAAY,SAAA,CAAU,WAAA,CAAY,CAAC,CAAA;AACzC,EAAA,IAAI,CAAC,WAAW,KAAA,EAAO;AACrB,IAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,MAAA,EAAQ,gBAAA,EAAiB;AAAA,EACpD;AAGA,EAAA,IAAA,CAAK,IAAA,CAAK,QAAQ,SAAA,CAAU,KAAA;AAC5B,EAAA,IAAA,CAAK,QAAQ,SAAA,CAAU,KAAA;AAEvB,EAAA,EAAA,CAAG,aAAA,CAAc,cAAA,EAAgB,IAAA,CAAK,QAAA,EAAU,CAAA;AAChD,EAAA,OAAO,EAAE,SAAS,IAAA,EAAK;AACzB;AA9BgB,MAAA,CAAA,cAAA,EAAA,gBAAA,CAAA;;;ACDhB,IAAM,YAAA,GAAe,QAAA;AACrB,IAAM,WAAA,GAAc,iBAAA;AAkBpB,IAAI,YAAA;AAEJ,SAAS,kBAAkB,KAAA,EAA0B;AACnD,EAAA,IAAI,YAAA,GAAe,KAAA;AACnB,EAAA,IAAI,CAAC,YAAA,EAAc;AACjB,IAAA,YAAA,GAAe,EAAC;AAChB,IAAA,YAAA,GAAe,IAAA;AAAA,EACjB;AACA,EAAA,YAAA,CAAa,KAAK,KAAK,CAAA;AAEvB,EAAA,IAAI,YAAA,EAAc;AAEhB,IAAA,YAAA,CAAa,MAAM,cAAc,CAAA;AAAA,EACnC;AACF;AAZS,MAAA,CAAA,iBAAA,EAAA,mBAAA,CAAA;AAcT,SAAS,eAAe,UAAA,EAAqC;AAC3D,EAAA,OAAO,IAAI,OAAA,CAAgB,CAAC,OAAA,EAAS,MAAA,KAAW;AAC9C,IAAA,iBAAA,CAAkB;AAAA,MAChB,IAAA,EAAM,SAAA;AAAA,MAAW,UAAA;AAAA,MAAY,OAAA;AAAA,MAAS;AAAA,KACvC,CAAA;AAAA,EACH,CAAC,CAAA;AACH;AANS,MAAA,CAAA,cAAA,EAAA,gBAAA,CAAA;AAQT,SAAS,cAAc,OAAA,EAAiD;AACtE,EAAA,OAAO,IAAI,OAAA,CAAgB,CAAC,OAAA,EAAS,MAAA,KAAW;AAC9C,IAAA,iBAAA,CAAkB;AAAA,MAChB,IAAA,EAAM,QAAA;AAAA,MAAU,OAAA;AAAA,MAAS,OAAA;AAAA,MAAS;AAAA,KACnC,CAAA;AAAA,EACH,CAAC,CAAA;AACH;AANS,MAAA,CAAA,aAAA,EAAA,eAAA,CAAA;AAQT,SAAS,aAAA,CAAc,KAAA,EAAiC,UAAA,EAAoB,KAAA,EAAc;AACxF,EAAA,KAAA,IAAS,CAAA,GAAI,UAAA,EAAY,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AAC9C,IAAA,KAAA,CAAM,CAAC,CAAA,CAAE,MAAA,CAAO,KAAK,CAAA;AAAA,EACvB;AACF;AAJS,MAAA,CAAA,aAAA,EAAA,eAAA,CAAA;AAMT,eAAe,YAAA,GAAe;AAC5B,EAAA,MAAM,KAAA,GAAQ,YAAA;AACd,EAAA,YAAA,GAAe,MAAA;AACf,EAAA,IAAI,CAAC,OAAO,MAAA,EAAQ;AAGpB,EAAA,KAAA,CAAM,IAAA,CAAK,CAAC,CAAA,EAAG,CAAA,KAAM;AACnB,IAAA,IAAI,CAAA,CAAE,IAAA,KAAS,CAAA,CAAE,IAAA,EAAM,OAAO,CAAA;AAC9B,IAAA,OAAO,CAAA,CAAE,IAAA,KAAS,QAAA,GAAW,EAAA,GAAK,CAAA;AAAA,EACpC,CAAC,CAAA;AAGD,EAAA,MAAmB,SAAA,EAAU;AAE7B,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,MAAM,KAAA,GAAQ,MAAM,CAAC,CAAA;AACrB,IAAA,IAAI;AACF,MAAA,IAAI,KAAA,CAAM,SAAS,SAAA,EAAW;AAC5B,QAAA,MAAM,SAAA,GAAY,MAAmB,YAAA,CAAa,KAAA,CAAM,UAAU,CAAA;AAClE,QAAA,KAAA,CAAM,QAAQ,SAAS,CAAA;AAAA,MACzB,CAAA,MAAO;AACL,QAAA,MAAM,MAAA,GAAS,MAAM,KAAA,CAAM,OAAA,EAAQ;AACnC,QAAA,KAAA,CAAM,QAAQ,MAAM,CAAA;AAAA,MACtB;AAAA,IACF,SAAS,GAAA,EAAK;AACZ,MAAA,KAAA,CAAM,OAAO,GAAG,CAAA;AAGhB,MAAA,MAAM,MAAM,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,OAAO,GAAG,CAAA;AAC3D,MAAA,IACE,GAAA,CAAI,QAAA,CAAS,WAAW,CAAA,IAAK,GAAA,CAAI,QAAA,CAAS,UAAU,CAAA,IACjD,GAAA,CAAI,QAAA,CAAS,qBAAqB,CAAA,EACrC;AACA,QAAA,aAAA,CAAc,OAAO,CAAA,GAAI,CAAA,EAAG,IAAI,eAAA,CAAgB,+BAA0B,CAAC,CAAA;AAC3E,QAAA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAtCe,MAAA,CAAA,YAAA,EAAA,cAAA,CAAA;AAiDf,SAAS,uBAAA,CACP,OAAA,EACA,UAAA,EACA,cAAA,EACA;AACA,EAAA,MAAM,kBAAA,GAAqB,CAAA,EAAG,YAAY,CAAA,EAAG,UAAU,CAAA,CAAA;AACvD,EAAA,OAAO,cAAA,CAAe,OAAA,EAAS,CAAA,SAAA,EAAY,kBAAkB,MAAM,cAAc,CAAA;AACnF;AAPS,MAAA,CAAA,uBAAA,EAAA,yBAAA,CAAA;AAUF,IAAM,kBAAmC,cAAA,CAAqC;AAAA,EACnF,IAAA,EAAM,SAAA;AAAA,EACN,KAAA,EAAO,iCAAA;AAAA,EACP,IAAA,EAAM,WAAA;AAAA,EACN,gBAAA,EAAkB,IAAA;AAAA,EAClB,UAAA,EAAY;AAAA,IACV,IAAA,EAAM,OAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,OAAA,GAAgC;AAE9B,IAAA,MAAM,SAAA,GAAY,KAAK,OAAA,EAAS,MAAA;AAChC,IAAA,MAAM,kBAAA,GAAqB,IAAA,CAAK,OAAA,EAAS,MAAA,KAAW,KAC/C,IAAA,CAAK,OAAA,CAAQ,CAAC,CAAA,EAAG,QAAA,IACjB,IAAA,CAAK,OAAA,CAAQ,CAAC,EAAE,WAAA,KAAgB,QAAA;AACrC,IAAA,IAAI,aAAa,kBAAA,EAAoB;AAEnC,MAAA,MAAM,SAAU,IAAA,CAAa,MAAA;AAC7B,MAAA,MAAM,OAAA,GAAU,QAAQ,GAAA,IAAO,SAAA;AAC/B,MAAA,MAAM,aAAa,IAAA,CAAK,UAAA;AACxB,MAAA,MAAM,iBAAiB,UAAA,EAAY,QAAA;AACnC,MAAA,OAAO,EAAE,IAAA,EAAM,QAAA,EAAU,OAAA,EAAS,cAAA,EAAe;AAAA,IACnD;AAGA,IAAA,IAAI,CAAC,IAAA,CAAK,OAAA,IAAW,IAAA,CAAK,OAAA,CAAQ,WAAW,CAAA,EAAG;AAC9C,MAAA,MAAM,IAAI,YAAY,qFAAqF,CAAA;AAAA,IAC7G;AACA,IAAA,IAAI,CAAC,IAAA,CAAK,OAAA,CAAQ,CAAC,GAAG,QAAA,EAAU;AAC9B,MAAA,MAAM,IAAI,YAAY,4DAA4D,CAAA;AAAA,IACpF;AACA,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,OAAA,CAAQ,CAAC,CAAA,CAAE,WAAA;AAChC,IAAA,IAAI,OAAO,YAAY,QAAA,EAAU;AAC/B,MAAA,MAAM,IAAI,YAAY,qCAAqC,CAAA;AAAA,IAC7D;AACA,IAAA,OAAO,EAAE,IAAA,EAAM,SAAA,EAAW,OAAA,EAAQ;AAAA,EACpC,CAAA;AAAA,EACA,MAAM,QAAQ,KAAA,EAA6B;AACzC,IAAA,IAAI,KAAA,CAAM,SAAS,SAAA,EAAW;AAC5B,MAAA,IAAI,aAAa,KAAA,CAAM,OAAA;AACvB,MAAA,IAAI,UAAA,CAAW,UAAA,CAAW,YAAY,CAAA,EAAG;AACvC,QAAA,UAAA,GAAa,UAAA,CAAW,KAAA,CAAM,YAAA,CAAa,MAAM,CAAA;AAAA,MACnD;AACA,MAAA,IAAI;AACF,QAAA,OAAO,MAAM,eAAe,UAAU,CAAA;AAAA,MACxC,SAAS,GAAA,EAAK;AAEZ,QAAA,IAAI,GAAA,YAAe,iBAAiB,MAAM,GAAA;AAE1C,QAAA,MAAM,UAAuB,cAAA,EAAe;AAC5C,QAAA,MAAM,IAAI,eAAA;AAAA,UACR,CAAA,mBAAA,EAAsB,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,UAAU,GAAG,CAAA,CAAA;AAAA,UAC9D;AAAA,YACE,GAAA,EAAK;AAAA,cACH,YAAY,OAAA,CAAQ,IAAI,KAAK,OAAA,CAAQ,cAAA,GAAiB,oBAAoB,YAAY,CAAA,CAAA,CAAA;AAAA,cACtF,6EAAA;AAAA,cACA;AAAA,aACF,CAAE,KAAK,IAAI;AAAA;AACb,SACF;AAAA,MACF;AAAA,IACF;AAIA,IAAA,MAAM,EAAE,OAAA,EAAS,cAAA,EAAe,GAAI,KAAA;AACpC,IAAA,OAAO,cAAc,YAAY;AAC/B,MAAA,MAAM,UAAuB,cAAA,EAAe;AAG5C,MAAA,IAAI,OAAA,CAAQ,IAAA,KAAS,gBAAA,IAAoB,OAAA,CAAQ,kBAAA,EAAoB;AACnE,QAAA,MAAM,SAAsB,eAAA,EAAgB;AAC5C,QAAA,MAAMA,WAAAA,GAAa,MAAM,MAAA,CAAO,YAAA,CAAa;AAAA,UAC3C,OAAA;AAAA,UACA,OAAA,EAAS,8BAA8B,OAAO,CAAA,CAAA;AAAA,SAC/C,CAAA;AAED,QAAA,IAAI,CAACA,WAAAA,EAAY;AACf,UAAA,MAAM,IAAI,gBAAgB,4BAAA,EAA8B;AAAA,YACtD,GAAA,EAAK;AAAA,WACN,CAAA;AAAA,QACH;AAEA,QAAA,MAAMC,gBAAAA,GAAkB,uBAAA,CAAwB,OAAA,EAASD,WAAAA,EAAY,cAAc,CAAA;AACnF,QAAA,IAAI,CAACC,iBAAgB,OAAA,EAAS;AAC5B,UAAA,IAAIA,gBAAAA,CAAgB,WAAW,qBAAA,EAAuB;AACpD,YAAA,MAAM,IAAI,eAAA,CAAgB,CAAA,sCAAA,EAAyC,OAAO,CAAA,CAAA,EAAI;AAAA,cAC5E,GAAA,EAAK;AAAA,aACN,CAAA;AAAA,UACH;AAEA,UAAA,MAAM,IAAI,eAAA,CAAgB,CAAA,sCAAA,EAAyC,OAAO,CAAA,CAAA,EAAI;AAAA,YAC5E,GAAA,EAAK,CAAA,4BAAA,EAA+B,OAAO,CAAA,mCAAA,EAAsC,cAAc,CAAA,CAAA;AAAA,WAChG,CAAA;AAAA,QACH;AAEA,QAAA,OAAoB,aAAaD,WAAU,CAAA;AAAA,MAC7C;AAGA,MAAA,IAAI,CAAC,OAAA,CAAQ,MAAA,CAAO,SAAS,CAAC,OAAA,CAAQ,MAAM,KAAA,EAAO;AACjD,QAAA,MAAM,IAAI,eAAA;AAAA,UACR,gCAAgC,OAAO,CAAA,CAAA;AAAA,UACvC;AAAA,YACE,GAAA,EAAK,CAAA,6BAAA,EAAgC,cAAA,IAAkB,iBAAiB,CAAA,uCAAA;AAAA;AAC1E,SACF;AAAA,MACF;AAEA,MAAA,MAAM,QAAA,GAAW,MAAM,eAAA,CAAQ,QAAA,CAAS,EAAE,OAAA,EAAS,CAAA,2BAAA,EAA8B,OAAO,CAAA,CAAA,CAAA,EAAK,IAAA,EAAM,8CAAA,EAAgD,CAAA;AACnJ,MAAA,MAAM,UAAA,GAAa,OAAO,QAAA,KAAa,QAAA;AACvC,MAAA,IAAI,UAAA,IAAc,CAAC,QAAA,EAAU;AAC3B,QAAA,MAAM,IAAI,gBAAgB,4BAAA,EAA8B;AAAA,UACtD,GAAA,EAAK;AAAA,SACN,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,UAAA,GAAa,MAAmB,YAAA,CAAa,QAAQ,CAAA;AAC3D,MAAA,MAAM,eAAA,GAAkB,uBAAA,CAAwB,OAAA,EAAS,UAAA,EAAY,cAAc,CAAA;AAEnF,MAAA,IAAI,CAAC,gBAAgB,OAAA,EAAS;AAC5B,QAAA,IAAI,eAAA,CAAgB,WAAW,qBAAA,EAAuB;AACpD,UAAA,MAAM,IAAI,eAAA,CAAgB,CAAA,sCAAA,EAAyC,OAAO,CAAA,CAAA,EAAI;AAAA,YAC5E,GAAA,EAAK;AAAA,WACN,CAAA;AAAA,QACH;AAEA,QAAA,MAAM,IAAI,eAAA,CAAgB,CAAA,sCAAA,EAAyC,OAAO,CAAA,CAAA,EAAI;AAAA,UAC5E,GAAA,EAAK,CAAA,4BAAA,EAA+B,OAAO,CAAA,mCAAA,EAAsC,cAAc,CAAA,CAAA;AAAA,SAChG,CAAA;AAAA,MACH;AAEA,MAAA,OAAO,QAAA;AAAA,IACT,CAAC,CAAA;AAAA,EACH;AACF,CAAC,CAAA;;;ACxOD,SAAS,oBAAA,CACP,OAAA,EACA,GAAA,EACA,cAAA,EACA;AAEA,EAAA,IAAI,OAAA;AACJ,EAAA,IAAI,CAAC,GAAA,CAAI,OAAA,IAAW,CAAC,IAAI,QAAA,EAAU;AACjC,IAAA,OAAA,GAAU,CAAA,CAAA,EAAI,IAAI,OAAO,CAAA,CAAA,CAAA;AAAA,EAC3B,CAAA,MAAO;AACL,IAAA,MAAM,KAAA,GAAuB,CAAC,CAAA,SAAA,EAAY,GAAA,CAAI,OAAO,CAAA,CAAA,CAAG,CAAA;AACxD,IAAA,IAAI,IAAI,OAAA,EAAS,KAAA,CAAM,KAAK,CAAA,SAAA,EAAY,GAAA,CAAI,OAAO,CAAA,CAAA,CAAG,CAAA;AACtD,IAAA,IAAI,IAAI,QAAA,EAAU,KAAA,CAAM,KAAK,CAAA,UAAA,EAAa,GAAA,CAAI,QAAQ,CAAA,CAAA,CAAG,CAAA;AACzD,IAAA,OAAA,GAAU,KAAA,CAAM,KAAK,IAAI,CAAA;AAAA,EAC3B;AAEA,EAAA,cAAA,CAAe,OAAA,EAAS,CAAA,SAAA,EAAY,OAAO,CAAA,CAAA,CAAA,EAAK,cAAc,CAAA;AAChE;AAjBS,MAAA,CAAA,oBAAA,EAAA,sBAAA,CAAA;AAmBF,IAAM,mBAAoC,cAAA,CAAsC;AAAA,EACrF,IAAA,EAAM,UAAA;AAAA,EACN,KAAA,EAAO,0BAAA;AAAA,EACP,IAAA,EAAM,eAAA;AAAA,EACN,gBAAA,EAAkB,IAAA;AAAA,EAClB,UAAA,EAAY;AAAA,IACV,IAAA,EAAM,OAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,OAAA,GAAiC;AAC/B,IAAA,IAAI,OAAA,CAAQ,aAAa,QAAA,EAAU;AACjC,MAAA,MAAM,IAAI,YAAY,uCAAuC,CAAA;AAAA,IAC/D;AAGA,IAAA,MAAM,SAAA,GAAY,KAAK,OAAA,EAAS,MAAA;AAChC,IAAA,MAAM,kBAAA,GAAqB,IAAA,CAAK,OAAA,EAAS,MAAA,KAAW,KAC/C,IAAA,CAAK,OAAA,CAAQ,CAAC,CAAA,EAAG,QAAA,IACjB,IAAA,CAAK,OAAA,CAAQ,CAAC,EAAE,WAAA,KAAgB,QAAA;AAErC,IAAA,IAAI,aAAa,kBAAA,EAAoB;AACnC,MAAA,MAAM,SAAU,IAAA,CAAa,MAAA;AAC7B,MAAA,MAAM,OAAA,GAAU,QAAQ,GAAA,IAAO,SAAA;AAC/B,MAAA,MAAM,aAAa,IAAA,CAAK,UAAA;AACxB,MAAA,MAAM,iBAAiB,UAAA,EAAY,QAAA;AACnC,MAAA,OAAO,EAAE,IAAA,EAAM,QAAA,EAAU,OAAA,EAAS,cAAA,EAAe;AAAA,IACnD;AAGA,IAAA,MAAM,UAAA,GAAa,KAAK,OAAA,EAAS,OAAA;AACjC,IAAA,MAAM,UAAA,GAAa,KAAK,OAAA,EAAS,OAAA;AACjC,IAAA,MAAM,WAAA,GAAc,KAAK,OAAA,EAAS,QAAA;AAClC,IAAA,MAAM,QAAA,GAAW,KAAK,OAAA,EAAS,KAAA;AAE/B,IAAA,MAAM,OAAA,GAAU,UAAA,EAAY,QAAA,GAAW,UAAA,CAAW,WAAA,GAAwB,MAAA;AAC1E,IAAA,MAAM,QAAA,GAAW,WAAA,EAAa,QAAA,GAAW,WAAA,CAAY,WAAA,GAAwB,MAAA;AAC7E,IAAA,MAAM,KAAA,GAAQ,QAAA,EAAU,QAAA,GAAW,QAAA,CAAS,WAAA,GAAwB,MAAA;AAEpE,IAAA,IAAI,UAAA,EAAY;AACd,MAAA,IAAI,CAAC,UAAA,CAAW,QAAA,IAAY,OAAO,UAAA,CAAW,gBAAgB,QAAA,EAAU;AACtE,QAAA,MAAM,IAAI,YAAY,4CAA4C,CAAA;AAAA,MACpE;AACA,MAAA,OAAO;AAAA,QACL,IAAA,EAAM,KAAA;AAAA,QAAO,SAAS,UAAA,CAAW,WAAA;AAAA,QAAa,OAAA;AAAA,QAAS,QAAA;AAAA,QAAU;AAAA,OACnE;AAAA,IACF;AAGA,IAAA,IAAI,UAAA,EAAY;AACd,MAAA,OAAO;AAAA,QACL,IAAA,EAAM,KAAA;AAAA,QAAO,OAAA;AAAA,QAAS,QAAA;AAAA,QAAU;AAAA,OAClC;AAAA,IACF;AAGA,IAAA,IAAI,IAAA,CAAK,SAAS,MAAA,KAAW,CAAA,IAAK,KAAK,OAAA,CAAQ,CAAC,GAAG,QAAA,EAAU;AAC3D,MAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,OAAA,CAAQ,CAAC,CAAA,CAAE,WAAA;AAC9B,MAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC7B,QAAA,MAAM,IAAI,YAAY,0CAA0C,CAAA;AAAA,MAClE;AACA,MAAA,OAAO,EAAE,IAAA,EAAM,KAAA,EAAO,OAAA,EAAS,OAAO,KAAA,EAAM;AAAA,IAC9C;AAEA,IAAA,MAAM,IAAI,WAAA;AAAA,MACR;AAAA,KAEF;AAAA,EACF,CAAA;AAAA,EACA,MAAM,QAAQ,KAAA,EAA8B;AAC1C,IAAA,MAAM,SAAS,eAAA,EAAgB;AAE/B,IAAA,IAAI,KAAA,CAAM,SAAS,KAAA,EAAO;AACxB,MAAA,IAAI;AACF,QAAA,OAAO,MAAM,OAAO,WAAA,CAAY;AAAA,UAC9B,SAAS,KAAA,CAAM,OAAA;AAAA,UACf,SAAS,KAAA,CAAM,OAAA;AAAA,UACf,UAAU,KAAA,CAAM,QAAA;AAAA,UAChB,OAAO,KAAA,CAAM;AAAA,SACd,CAAA;AAAA,MACH,SAAS,GAAA,EAAK;AACZ,QAAA,MAAM,IAAI,eAAA;AAAA,UACR,CAAA,8BAAA,EAAiC,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,UAAU,GAAG,CAAA,CAAA;AAAA,UACzE;AAAA,YACE,GAAA,EAAK;AAAA,cACH,KAAA,CAAM,OAAA,GAAU,CAAA,SAAA,EAAY,KAAA,CAAM,OAAO,CAAA,CAAA,GAAK,IAAA;AAAA,cAC9C,KAAA,CAAM,OAAA,GAAU,CAAA,SAAA,EAAY,KAAA,CAAM,OAAO,CAAA,CAAA,GAAK,IAAA;AAAA,cAC9C,KAAA,CAAM,QAAA,GAAW,CAAA,UAAA,EAAa,KAAA,CAAM,QAAQ,CAAA,CAAA,GAAK,IAAA;AAAA,cACjD,KAAA,CAAM,KAAA,GAAQ,CAAA,OAAA,EAAU,KAAA,CAAM,KAAK,CAAA,CAAA,GAAK,IAAA;AAAA,cACxC,2EAAA;AAAA,cACA;AAAA,aACF,CAAE,MAAA,CAAO,OAAO,CAAA,CAAE,KAAK,IAAI;AAAA;AAC7B,SACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,MAAM,EAAE,OAAA,EAAS,cAAA,EAAe,GAAI,KAAA;AAEpC,IAAA,MAAM,WAAW,MAAM,MAAA,CAAO,YAAA,CAAa,EAAE,SAAS,CAAA;AACtD,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,gBAAgB,uCAAA,EAAyC;AAAA,QACjE,GAAA,EAAK;AAAA,OACN,CAAA;AAAA,IACH;AAEA,IAAA,oBAAA,CAAqB,OAAA,EAAS,UAAU,cAAc,CAAA;AAGtD,IAAA,IAAI;AACF,MAAA,OAAO,MAAM,OAAO,WAAA,CAAY;AAAA,QAC9B,SAAS,QAAA,CAAS,OAAA;AAAA,QAClB,SAAS,QAAA,CAAS,OAAA;AAAA,QAClB,UAAU,QAAA,CAAS;AAAA,OACpB,CAAA;AAAA,IACH,SAAS,GAAA,EAAK;AACZ,MAAA,MAAM,IAAI,eAAA;AAAA,QACR,CAAA,iDAAA,EAAoD,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,UAAU,GAAG,CAAA,CAAA;AAAA,QAC5F;AAAA,UACE,GAAA,EAAK;AAAA;AACP,OACF;AAAA,IACF;AAAA,EACF;AACF,CAAC,CAAA;ACnKM,SAAS,6BAA6B,IAAA,EAA+D;AAC1G,EAAA,MAAM,GAAA,GAAM,IAAA,EAAM,GAAA,IAAO,OAAA,CAAQ,GAAA,EAAI;AACrC,EAAA,MAAM,OAAA,GAAU,IAAA,CAAK,IAAA,CAAK,GAAA,EAAK,cAAc,CAAA;AAC7C,EAAA,IAAI,CAACE,EAAAA,CAAG,UAAA,CAAW,OAAO,GAAG,OAAO,MAAA;AACpC,EAAA,IAAI;AACF,IAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAMA,GAAG,YAAA,CAAa,OAAA,EAAS,OAAO,CAAC,CAAA;AACxD,IAAA,IAAI,GAAA,CAAI,OAAA,IAAW,OAAO,GAAA,CAAI,YAAY,QAAA,EAAU;AAClD,MAAA,OAAO,GAAA,CAAI,OAAA;AAAA,IACb;AAAA,EACF,CAAA,CAAA,MAAQ;AAAA,EAA4B;AACpC,EAAA,OAAO,MAAA;AACT;AAXgB,MAAA,CAAA,4BAAA,EAAA,8BAAA,CAAA;;;ACFhB,IAAM,KAAA,GAAQ,YAAY,cAAc,CAAA;AAExC,SAAS,qBAAqB,WAAA,EAAoD;AAChF,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,WAAW,CAAA,EAAG,OAAO,WAAA;AACvC,EAAA,OAAO,CAAC,WAAW,CAAA;AACrB;AAHS,MAAA,CAAA,oBAAA,EAAA,sBAAA,CAAA;AAKT,SAAS,aAAA,CACP,UACA,MAAA,EAMA;AACA,EAAA,MAAM,aAAA,GAAgB,SAAS,GAAA,CAAI,CAAC,MAAMC,IAAAA,CAAK,OAAA,CAAQ,CAAC,CAAC,CAAA;AAEzD,EAAA,IAAI,aAAA,CAAc,WAAW,CAAA,EAAG;AAC9B,IAAA,KAAA,CAAM,wBAAA,EAA0B,MAAA,CAAO,MAAA,EAAQ,aAAA,CAAc,CAAC,CAAC,CAAA;AAAA,EACjE,CAAA,MAAO;AACL,IAAA,KAAA,CAAM,4BAAA,EAA8B,cAAc,MAAA,EAAQ,MAAA,CAAO,QAAQ,aAAA,CAAc,IAAA,CAAK,IAAI,CAAC,CAAA;AAAA,EACnG;AAEA,EAAA,KAAA,MAAW,gBAAgB,aAAA,EAAe;AACxC,IAAA,IAAI,CAACD,EAAAA,CAAG,UAAA,CAAW,YAAY,CAAA,EAAG;AAChC,MAAA,MAAM,IAAI,YAAA,CAAa,CAAA,EAAG,OAAO,WAAW,CAAA,EAAA,EAAK,YAAY,CAAA,CAAA,EAAI;AAAA,QAC/D,YAAY,MAAA,CAAO;AAAA,OACpB,CAAA;AAAA,IACH;AAAA,EACF;AAEA,EAAA,OAAO,oBAAA,CAAqB,MAAM,YAAA,CAAa;AAAA,IAC7C,oBAAoB,MAAA,CAAO,kBAAA;AAAA,IAC3B,cAAA,EAAgB,aAAA;AAAA,IAChB,SAAA,gCAAkB,CAAA,KAAM;AACtB,MAAA,CAAA,CAAE,iBAAiB,eAAe,CAAA;AAClC,MAAA,CAAA,CAAE,iBAAiB,gBAAgB,CAAA;AAAA,IACrC,CAAA,EAHW,WAAA;AAAA,GAIZ,CAAC,CAAA;AACJ;AAjCS,MAAA,CAAA,aAAA,EAAA,eAAA,CAAA;AAmCF,SAAS,oBAAoB,IAAA,EAIjC;AACD,EAAA,MAAM,QAAA,GAAW,IAAA,EAAM,cAAA,EAAgB,MAAA,CAAO,OAAO,CAAA;AAGrD,EAAA,IAAI,QAAA,IAAY,QAAA,CAAS,MAAA,GAAS,CAAA,EAAG;AAEnC,IAAA,OAAO,cAAc,QAAA,EAAU;AAAA,MAC7B,MAAA,EAAQ,aAAA;AAAA,MACR,WAAA,EAAa,iCAAA;AAAA,MACb,eAAA,EAAiB,oDAAA;AAAA,MACjB,oBAAoB,IAAA,EAAM;AAAA,KAC3B,CAAA;AAAA,EACH;AAGA,EAAA,MAAM,WAAA,GAAc,8BAA6B,EAAG,QAAA;AACpD,EAAA,MAAM,YAAA,GAAe,WAAA,GAAc,oBAAA,CAAqB,WAAW,CAAA,GAAI,MAAA;AAEvE,EAAA,IAAI,YAAA,EAAc;AAChB,IAAA,OAAO,cAAc,YAAA,EAAc;AAAA,MACjC,MAAA,EAAQ,+BAAA;AAAA,MACR,WAAA,EAAa,wEAAA;AAAA,MACb,eAAA,EAAiB,wFAAA;AAAA,MACjB,oBAAoB,IAAA,EAAM;AAAA,KAC3B,CAAA;AAAA,EACH;AAEA,EAAA,KAAA,CAAM,mCAAA,EAAqC,OAAA,CAAQ,GAAA,EAAK,CAAA;AAExD,EAAA,OAAO,oBAAA,CAAqB,MAAM,YAAA,CAAa;AAAA,IAC7C,oBAAoB,IAAA,EAAM,kBAAA;AAAA,IAC1B,SAAA,gCAAkB,CAAA,KAAM;AACtB,MAAA,CAAA,CAAE,iBAAiB,eAAe,CAAA;AAClC,MAAA,CAAA,CAAE,iBAAiB,gBAAgB,CAAA;AAAA,IACrC,CAAA,EAHW,WAAA;AAAA,GAIZ,CAAC,CAAA;AACJ;AAxCgB,MAAA,CAAA,mBAAA,EAAA,qBAAA,CAAA","file":"chunk-H2JVYUHZ.js","sourcesContent":["/**\n * Shared utilities for writing back encrypted/resolved values to .env files.\n *\n * Uses the env-spec AST parser to safely update values.\n */\n\nimport fs from 'node:fs';\nimport { parseEnvSpecDotEnvFile } from '@env-spec/parser';\n\ntype WriteBackResult = { updated: boolean; reason?: 'missing-source-file' | 'item-not-found' };\n\n/**\n * Update a config item's value in a .env file using AST-based replacement.\n */\nexport function writeBackValue(\n itemKey: string,\n newValueStr: string,\n sourceFilePath: string | undefined,\n): WriteBackResult {\n if (!sourceFilePath) {\n return { updated: false, reason: 'missing-source-file' };\n }\n\n const currentContents = fs.readFileSync(sourceFilePath, 'utf-8');\n const file = parseEnvSpecDotEnvFile(currentContents);\n\n const item = file.configItems.find((i) => i.key === itemKey);\n if (!item) {\n return { updated: false, reason: 'item-not-found' };\n }\n\n // Parse a dummy line to get the correct AST value node\n const dummyFile = parseEnvSpecDotEnvFile(`_=${newValueStr}`);\n const dummyItem = dummyFile.configItems[0];\n if (!dummyItem?.value) {\n return { updated: false, reason: 'item-not-found' };\n }\n\n // Replace the value\n item.data.value = dummyItem.value;\n item.value = dummyItem.value;\n\n fs.writeFileSync(sourceFilePath, file.toString());\n return { updated: true };\n}\n\n","/**\n * Built-in varlock() resolver function.\n *\n * Replaces the plugin-based resolver from @varlock/secure-enclave-plugin.\n * Works cross-platform using the local-encrypt abstraction layer.\n */\n\nimport { createResolver, Resolver } from '../../env-graph/lib/resolver';\nimport { ResolutionError, SchemaError } from '../../env-graph/lib/errors';\nimport prompts from '../../cli/helpers/prompts';\nimport * as localEncrypt from './index';\nimport { writeBackValue } from './write-back';\n\nconst LOCAL_PREFIX = 'local:';\nconst PLUGIN_ICON = 'mdi:fingerprint';\n\n// ── Unified varlock() batch queue ──────────────────────────────\n// Collects all concurrent varlock() calls (both prompt and decrypt) into a\n// single batch using setImmediate, then processes them sequentially.\n// Prompts are sorted first so the user enters values before biometric decrypts.\n// If the user cancels a prompt or biometric auth, all remaining items in the\n// batch are rejected immediately.\n\ntype VarlockBatchEntry = {\n kind: 'prompt' | 'decrypt';\n resolve: (value: string) => void;\n reject: (reason: unknown) => void;\n} & (\n | { kind: 'decrypt'; ciphertext: string }\n | { kind: 'prompt'; execute: () => Promise<string> }\n);\n\nlet pendingBatch: Array<VarlockBatchEntry> | undefined;\n\nfunction enqueueBatchEntry(entry: VarlockBatchEntry) {\n let triggerBatch = false;\n if (!pendingBatch) {\n pendingBatch = [];\n triggerBatch = true;\n }\n pendingBatch.push(entry);\n\n if (triggerBatch) {\n // eslint-disable-next-line no-use-before-define\n setImmediate(() => executeBatch());\n }\n}\n\nfunction enqueueDecrypt(ciphertext: string): Promise<string> {\n return new Promise<string>((resolve, reject) => {\n enqueueBatchEntry({\n kind: 'decrypt', ciphertext, resolve, reject,\n });\n });\n}\n\nfunction enqueuePrompt(execute: () => Promise<string>): Promise<string> {\n return new Promise<string>((resolve, reject) => {\n enqueueBatchEntry({\n kind: 'prompt', execute, resolve, reject,\n });\n });\n}\n\nfunction bailRemaining(batch: Array<VarlockBatchEntry>, startIndex: number, error: Error) {\n for (let j = startIndex; j < batch.length; j++) {\n batch[j].reject(error);\n }\n}\n\nasync function executeBatch() {\n const batch = pendingBatch;\n pendingBatch = undefined;\n if (!batch?.length) return;\n\n // Sort prompts before decrypts so the user enters values first\n batch.sort((a, b) => {\n if (a.kind === b.kind) return 0;\n return a.kind === 'prompt' ? -1 : 1;\n });\n\n // Ensure encryption key exists before processing any items\n await localEncrypt.ensureKey();\n\n for (let i = 0; i < batch.length; i++) {\n const entry = batch[i];\n try {\n if (entry.kind === 'decrypt') {\n const plaintext = await localEncrypt.decryptValue(entry.ciphertext);\n entry.resolve(plaintext);\n } else {\n const result = await entry.execute();\n entry.resolve(result);\n }\n } catch (err) {\n entry.reject(err);\n\n // If this looks like a user cancellation or auth failure, bail on remaining items\n const msg = err instanceof Error ? err.message : String(err);\n if (\n msg.includes('cancelled') || msg.includes('canceled')\n || msg.includes('verification failed')\n ) {\n bailRemaining(batch, i + 1, new ResolutionError('Skipped — user cancelled'));\n return;\n }\n }\n }\n}\n\ntype VarlockResolverState = {\n mode: 'decrypt';\n payload: string;\n} | {\n mode: 'prompt';\n itemKey: string;\n sourceFilePath: string | undefined;\n};\n\nfunction writeBackEncryptedValue(\n itemKey: string,\n ciphertext: string,\n sourceFilePath: string | undefined,\n) {\n const prefixedCiphertext = `${LOCAL_PREFIX}${ciphertext}`;\n return writeBackValue(itemKey, `varlock(\"${prefixedCiphertext}\")`, sourceFilePath);\n}\n\n\nexport const VarlockResolver: typeof Resolver = createResolver<VarlockResolverState>({\n name: 'varlock',\n label: 'Decrypt locally encrypted value',\n icon: PLUGIN_ICON,\n impliesSensitive: true,\n argsSchema: {\n type: 'mixed',\n arrayMinLength: 0,\n },\n process(): VarlockResolverState {\n // Check for prompt mode: varlock(prompt=1) or varlock(prompt)\n const promptArg = this.objArgs?.prompt;\n const isPromptPositional = this.arrArgs?.length === 1\n && this.arrArgs[0]?.isStatic\n && this.arrArgs[0].staticValue === 'prompt';\n if (promptArg || isPromptPositional) {\n // Resolver doesn't expose parent item in its type, but it's available at runtime\n const parent = (this as any).parent;\n const itemKey = parent?.key || 'unknown';\n const dataSource = this.dataSource as any;\n const sourceFilePath = dataSource?.fullPath as string | undefined;\n return { mode: 'prompt', itemKey, sourceFilePath };\n }\n\n // Normal mode: varlock(\"encrypted-payload\")\n if (!this.arrArgs || this.arrArgs.length !== 1) {\n throw new SchemaError('varlock() expects a single encrypted payload string, or prompt to enter a new value');\n }\n if (!this.arrArgs[0]?.isStatic) {\n throw new SchemaError('varlock() expects a single static encrypted payload string');\n }\n const payload = this.arrArgs[0].staticValue;\n if (typeof payload !== 'string') {\n throw new SchemaError('varlock() expects a string argument');\n }\n return { mode: 'decrypt', payload };\n },\n async resolve(state: VarlockResolverState) {\n if (state.mode === 'decrypt') {\n let ciphertext = state.payload;\n if (ciphertext.startsWith(LOCAL_PREFIX)) {\n ciphertext = ciphertext.slice(LOCAL_PREFIX.length);\n }\n try {\n return await enqueueDecrypt(ciphertext);\n } catch (err) {\n // Re-throw ResolutionErrors (e.g. batch cancellation) as-is\n if (err instanceof ResolutionError) throw err;\n\n const backend = localEncrypt.getBackendInfo();\n throw new ResolutionError(\n `Decryption failed: ${err instanceof Error ? err.message : err}`,\n {\n tip: [\n `Backend: ${backend.type} (${backend.hardwareBacked ? 'hardware-backed' : 'file-based'})`,\n 'This usually means the value was encrypted with a different key or backend.',\n 'Set a new value using `varlock encrypt` or `KEY=varlock(prompt)`.',\n ].join('\\n'),\n },\n );\n }\n }\n\n // Prompt mode: enqueued into the unified batch so prompts run before decrypts\n // and cancellation propagates to all remaining items.\n const { itemKey, sourceFilePath } = state;\n return enqueuePrompt(async () => {\n const backend = localEncrypt.getBackendInfo();\n\n // Use daemon's native dialog on macOS Secure Enclave\n if (backend.type === 'secure-enclave' && backend.biometricAvailable) {\n const client = localEncrypt.getDaemonClient();\n const ciphertext = await client.promptSecret({\n itemKey,\n message: `Enter the secret value for ${itemKey}:`,\n });\n\n if (!ciphertext) {\n throw new ResolutionError('Secret input was cancelled', {\n tip: 'Run varlock again and enter a value, or replace prompt=1 with an encrypted value',\n });\n }\n\n const writeBackResult = writeBackEncryptedValue(itemKey, ciphertext, sourceFilePath);\n if (!writeBackResult.updated) {\n if (writeBackResult.reason === 'missing-source-file') {\n throw new ResolutionError(`Unable to persist encrypted value for ${itemKey}`, {\n tip: 'varlock(prompt=1) can only persist values from file-backed sources. Use `varlock encrypt` to generate an encrypted value manually.',\n });\n }\n\n throw new ResolutionError(`Unable to persist encrypted value for ${itemKey}`, {\n tip: `Could not find a writable \\`${itemKey}=varlock(...)\\` entry to update in ${sourceFilePath}.`,\n });\n }\n\n return localEncrypt.decryptValue(ciphertext);\n }\n\n // Terminal prompt for file-based backend\n if (!process.stdout.isTTY || !process.stdin.isTTY) {\n throw new ResolutionError(\n `No encrypted value found for ${itemKey}`,\n {\n tip: `Run \\`varlock encrypt --file ${sourceFilePath || '<your-env-file>'}\\` to encrypt this value interactively.`,\n },\n );\n }\n\n const rawValue = await prompts.password({ message: `Enter the secret value for ${itemKey}:`, hint: 'for multi-line values, use `varlock encrypt`' });\n const isCanceled = typeof rawValue !== 'string';\n if (isCanceled || !rawValue) {\n throw new ResolutionError('Secret input was cancelled', {\n tip: 'Run varlock again and enter a value, or replace prompt=1 with an encrypted value',\n });\n }\n\n const ciphertext = await localEncrypt.encryptValue(rawValue);\n const writeBackResult = writeBackEncryptedValue(itemKey, ciphertext, sourceFilePath);\n\n if (!writeBackResult.updated) {\n if (writeBackResult.reason === 'missing-source-file') {\n throw new ResolutionError(`Unable to persist encrypted value for ${itemKey}`, {\n tip: 'varlock(prompt=1) can only persist values from file-backed sources. Use `varlock encrypt` to generate an encrypted value manually.',\n });\n }\n\n throw new ResolutionError(`Unable to persist encrypted value for ${itemKey}`, {\n tip: `Could not find a writable \\`${itemKey}=varlock(...)\\` entry to update in ${sourceFilePath}.`,\n });\n }\n\n return rawValue;\n });\n },\n});\n","/**\n * Built-in keychain() resolver function.\n *\n * Reads secrets from the macOS Keychain via the Swift daemon binary.\n * Always goes through the daemon to enforce biometric gating (per-TTY sessions)\n * and to make VarlockEnclave the authorized keychain accessor.\n *\n * Syntax:\n * keychain(service=\"com.company.db\")\n * keychain(service=\"com.company.db\", account=\"admin\")\n * keychain(service=\"com.company.db\", keychain=\"System\")\n * keychain(\"com.company.db\") — shorthand for service\n * keychain(prompt) — interactive picker, writes back reference\n */\n\nimport { createResolver, Resolver } from '../../env-graph/lib/resolver';\nimport { ResolutionError, SchemaError } from '../../env-graph/lib/errors';\nimport { getDaemonClient } from './index';\nimport { writeBackValue } from './write-back';\n\ntype KeychainResolverState = {\n mode: 'get';\n service?: string;\n account?: string;\n keychain?: string;\n field?: string;\n} | {\n mode: 'prompt';\n itemKey: string;\n sourceFilePath: string | undefined;\n};\n\nfunction writeBackKeychainRef(\n itemKey: string,\n ref: { service: string; account?: string; keychain?: string },\n sourceFilePath: string | undefined,\n) {\n // Use positional shorthand when only service is needed, named args when disambiguating\n let argsStr: string;\n if (!ref.account && !ref.keychain) {\n argsStr = `\"${ref.service}\"`;\n } else {\n const parts: Array<string> = [`service=\"${ref.service}\"`];\n if (ref.account) parts.push(`account=\"${ref.account}\"`);\n if (ref.keychain) parts.push(`keychain=\"${ref.keychain}\"`);\n argsStr = parts.join(', ');\n }\n\n writeBackValue(itemKey, `keychain(${argsStr})`, sourceFilePath);\n}\n\nexport const KeychainResolver: typeof Resolver = createResolver<KeychainResolverState>({\n name: 'keychain',\n label: 'Read from macOS Keychain',\n icon: 'mdi:key-chain',\n impliesSensitive: true,\n argsSchema: {\n type: 'mixed',\n arrayMinLength: 0,\n },\n process(): KeychainResolverState {\n if (process.platform !== 'darwin') {\n throw new SchemaError('keychain() is only supported on macOS');\n }\n\n // Check for prompt mode: keychain(prompt) or keychain(prompt=1)\n const promptArg = this.objArgs?.prompt;\n const isPromptPositional = this.arrArgs?.length === 1\n && this.arrArgs[0]?.isStatic\n && this.arrArgs[0].staticValue === 'prompt';\n\n if (promptArg || isPromptPositional) {\n const parent = (this as any).parent;\n const itemKey = parent?.key || 'unknown';\n const dataSource = this.dataSource as any;\n const sourceFilePath = dataSource?.fullPath as string | undefined;\n return { mode: 'prompt', itemKey, sourceFilePath };\n }\n\n // Named args mode: keychain(service=\"...\", account=\"...\", keychain=\"...\", field=\"...\")\n const serviceArg = this.objArgs?.service;\n const accountArg = this.objArgs?.account;\n const keychainArg = this.objArgs?.keychain;\n const fieldArg = this.objArgs?.field;\n\n const account = accountArg?.isStatic ? accountArg.staticValue as string : undefined;\n const keychain = keychainArg?.isStatic ? keychainArg.staticValue as string : undefined;\n const field = fieldArg?.isStatic ? fieldArg.staticValue as string : undefined;\n\n if (serviceArg) {\n if (!serviceArg.isStatic || typeof serviceArg.staticValue !== 'string') {\n throw new SchemaError('keychain() service must be a static string');\n }\n return {\n mode: 'get', service: serviceArg.staticValue, account, keychain, field,\n };\n }\n\n // account-only lookup: keychain(account=\"admin@corp.com\", field=\"account\")\n if (accountArg) {\n return {\n mode: 'get', account, keychain, field,\n };\n }\n\n // Positional shorthand: keychain(\"com.company.service\")\n if (this.arrArgs?.length === 1 && this.arrArgs[0]?.isStatic) {\n const value = this.arrArgs[0].staticValue;\n if (typeof value !== 'string') {\n throw new SchemaError('keychain() expects a string service name');\n }\n return { mode: 'get', service: value, field };\n }\n\n throw new SchemaError(\n 'keychain() requires service name, account, or prompt mode. '\n + 'Usage: keychain(service=\"com.example\"), keychain(\"com.example\"), or keychain(prompt)',\n );\n },\n async resolve(state: KeychainResolverState) {\n const client = getDaemonClient();\n\n if (state.mode === 'get') {\n try {\n return await client.keychainGet({\n service: state.service,\n account: state.account,\n keychain: state.keychain,\n field: state.field,\n });\n } catch (err) {\n throw new ResolutionError(\n `Failed to read keychain item: ${err instanceof Error ? err.message : err}`,\n {\n tip: [\n state.service ? `Service: ${state.service}` : null,\n state.account ? `Account: ${state.account}` : null,\n state.keychain ? `Keychain: ${state.keychain}` : null,\n state.field ? `Field: ${state.field}` : null,\n 'Make sure the item exists in your Keychain and VarlockEnclave has access.',\n 'You can grant access via: keychain(prompt)',\n ].filter(Boolean).join('\\n'),\n },\n );\n }\n }\n\n // Prompt mode: show native picker, write back reference\n const { itemKey, sourceFilePath } = state;\n\n const selected = await client.keychainPick({ itemKey });\n if (!selected) {\n throw new ResolutionError('Keychain item selection was cancelled', {\n tip: 'Run varlock again and select an item, or use keychain(service=\"...\") with an explicit service name',\n });\n }\n\n writeBackKeychainRef(itemKey, selected, sourceFilePath);\n\n // Now fetch the actual value\n try {\n return await client.keychainGet({\n service: selected.service,\n account: selected.account,\n keychain: selected.keychain,\n });\n } catch (err) {\n throw new ResolutionError(\n `Selected keychain item but failed to read value: ${err instanceof Error ? err.message : err}`,\n {\n tip: 'The item reference has been written to your config. Try running varlock again.',\n },\n );\n }\n },\n});\n","import path from 'node:path';\nimport fs from 'node:fs';\n\nexport type VarlockPackageJsonConfig = {\n /** Path (or array of paths) to a specific .env file or directory to use as the entry point for loading */\n loadPath?: string | Array<string>;\n};\n\n/**\n * Reads varlock configuration from the `package.json` in `cwd`.\n * Returns undefined if no `package.json` exists or it has no `varlock` key.\n */\nexport function readVarlockPackageJsonConfig(opts?: { cwd?: string }): VarlockPackageJsonConfig | undefined {\n const cwd = opts?.cwd ?? process.cwd();\n const pkgPath = path.join(cwd, 'package.json');\n if (!fs.existsSync(pkgPath)) return undefined;\n try {\n const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf-8'));\n if (pkg.varlock && typeof pkg.varlock === 'object') {\n return pkg.varlock as VarlockPackageJsonConfig;\n }\n } catch { /* ignore parse errors */ }\n return undefined;\n}\n","import fs from 'node:fs';\nimport path from 'node:path';\nimport { loadEnvGraph } from '../env-graph';\nimport { VarlockResolver } from './local-encrypt/builtin-resolver';\nimport { KeychainResolver } from './local-encrypt/keychain-resolver';\nimport { CliExitError } from '../cli/helpers/exit-error';\nimport { runWithWorkspaceInfo } from './workspace-utils';\nimport { readVarlockPackageJsonConfig } from './package-json-config';\nimport { createDebug } from './debug';\n\nconst debug = createDebug('varlock:load');\n\nfunction normalizePkgLoadPath(pkgLoadPath: string | Array<string>): Array<string> {\n if (Array.isArray(pkgLoadPath)) return pkgLoadPath;\n return [pkgLoadPath];\n}\n\nfunction loadFromPaths(\n rawPaths: Array<string>,\n config: {\n source: string,\n errorPrefix: string,\n errorSuggestion: string,\n currentEnvFallback?: string,\n },\n) {\n const resolvedPaths = rawPaths.map((p) => path.resolve(p));\n\n if (resolvedPaths.length === 1) {\n debug('using path from %s: %s', config.source, resolvedPaths[0]);\n } else {\n debug('using %d paths from %s: %s', resolvedPaths.length, config.source, resolvedPaths.join(', '));\n }\n\n for (const resolvedPath of resolvedPaths) {\n if (!fs.existsSync(resolvedPath)) {\n throw new CliExitError(`${config.errorPrefix}: ${resolvedPath}`, {\n suggestion: config.errorSuggestion,\n });\n }\n }\n\n return runWithWorkspaceInfo(() => loadEnvGraph({\n currentEnvFallback: config.currentEnvFallback,\n entryFilePaths: resolvedPaths,\n afterInit: async (g) => {\n g.registerResolver(VarlockResolver);\n g.registerResolver(KeychainResolver);\n },\n }));\n}\n\nexport function loadVarlockEnvGraph(opts?: {\n currentEnvFallback?: string,\n /** Explicit entry file paths from --path flag(s) - overrides package.json config */\n entryFilePaths?: Array<string>,\n}) {\n const cliPaths = opts?.entryFilePaths?.filter(Boolean);\n\n // If --path flag(s) provided, they take precedence over package.json config\n if (cliPaths && cliPaths.length > 0) {\n // Return early and ignore pkgLoadPaths\n return loadFromPaths(cliPaths, {\n source: '--path flag',\n errorPrefix: 'The --path value does not exist',\n errorSuggestion: 'Use `--path` to specify a valid file or directory.',\n currentEnvFallback: opts?.currentEnvFallback,\n });\n }\n\n // Fall back to package.json varlock.loadPath\n const pkgLoadPath = readVarlockPackageJsonConfig()?.loadPath;\n const pkgLoadPaths = pkgLoadPath ? normalizePkgLoadPath(pkgLoadPath) : undefined;\n\n if (pkgLoadPaths) {\n return loadFromPaths(pkgLoadPaths, {\n source: 'package.json varlock.loadPath',\n errorPrefix: 'A path in `varlock.loadPath` configured in package.json does not exist',\n errorSuggestion: 'Update `varlock.loadPath` in your package.json to point to valid files or directories.',\n currentEnvFallback: opts?.currentEnvFallback,\n });\n }\n\n debug('no path configured, using cwd: %s', process.cwd());\n\n return runWithWorkspaceInfo(() => loadEnvGraph({\n currentEnvFallback: opts?.currentEnvFallback,\n afterInit: async (g) => {\n g.registerResolver(VarlockResolver);\n g.registerResolver(KeychainResolver);\n },\n }));\n}\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/lib/local-encrypt/write-back.ts","../src/lib/local-encrypt/builtin-resolver.ts","../src/lib/local-encrypt/keychain-resolver.ts","../src/lib/package-json-config.ts","../src/lib/load-graph.ts"],"names":["ciphertext","writeBackResult","fs","path"],"mappings":";;;;;;;;AAcO,SAAS,cAAA,CACd,OAAA,EACA,WAAA,EACA,cAAA,EACiB;AACjB,EAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,IAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,MAAA,EAAQ,qBAAA,EAAsB;AAAA,EACzD;AAEA,EAAA,MAAM,eAAA,GAAkB,EAAA,CAAG,YAAA,CAAa,cAAA,EAAgB,OAAO,CAAA;AAC/D,EAAA,MAAM,IAAA,GAAO,uBAAuB,eAAe,CAAA;AAEnD,EAAA,MAAM,IAAA,GAAO,KAAK,WAAA,CAAY,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,QAAQ,OAAO,CAAA;AAC3D,EAAA,IAAI,CAAC,IAAA,EAAM;AACT,IAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,MAAA,EAAQ,gBAAA,EAAiB;AAAA,EACpD;AAGA,EAAA,MAAM,SAAA,GAAY,sBAAA,CAAuB,CAAA,EAAA,EAAK,WAAW,CAAA,CAAE,CAAA;AAC3D,EAAA,MAAM,SAAA,GAAY,SAAA,CAAU,WAAA,CAAY,CAAC,CAAA;AACzC,EAAA,IAAI,CAAC,WAAW,KAAA,EAAO;AACrB,IAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,MAAA,EAAQ,gBAAA,EAAiB;AAAA,EACpD;AAGA,EAAA,IAAA,CAAK,IAAA,CAAK,QAAQ,SAAA,CAAU,KAAA;AAC5B,EAAA,IAAA,CAAK,QAAQ,SAAA,CAAU,KAAA;AAEvB,EAAA,EAAA,CAAG,aAAA,CAAc,cAAA,EAAgB,IAAA,CAAK,QAAA,EAAU,CAAA;AAChD,EAAA,OAAO,EAAE,SAAS,IAAA,EAAK;AACzB;AA9BgB,MAAA,CAAA,cAAA,EAAA,gBAAA,CAAA;;;ACDhB,IAAM,YAAA,GAAe,QAAA;AACrB,IAAM,WAAA,GAAc,iBAAA;AAkBpB,IAAI,YAAA;AAEJ,SAAS,kBAAkB,KAAA,EAA0B;AACnD,EAAA,IAAI,YAAA,GAAe,KAAA;AACnB,EAAA,IAAI,CAAC,YAAA,EAAc;AACjB,IAAA,YAAA,GAAe,EAAC;AAChB,IAAA,YAAA,GAAe,IAAA;AAAA,EACjB;AACA,EAAA,YAAA,CAAa,KAAK,KAAK,CAAA;AAEvB,EAAA,IAAI,YAAA,EAAc;AAEhB,IAAA,YAAA,CAAa,MAAM,cAAc,CAAA;AAAA,EACnC;AACF;AAZS,MAAA,CAAA,iBAAA,EAAA,mBAAA,CAAA;AAcT,SAAS,eAAe,UAAA,EAAqC;AAC3D,EAAA,OAAO,IAAI,OAAA,CAAgB,CAAC,OAAA,EAAS,MAAA,KAAW;AAC9C,IAAA,iBAAA,CAAkB;AAAA,MAChB,IAAA,EAAM,SAAA;AAAA,MAAW,UAAA;AAAA,MAAY,OAAA;AAAA,MAAS;AAAA,KACvC,CAAA;AAAA,EACH,CAAC,CAAA;AACH;AANS,MAAA,CAAA,cAAA,EAAA,gBAAA,CAAA;AAQT,SAAS,cAAc,OAAA,EAAiD;AACtE,EAAA,OAAO,IAAI,OAAA,CAAgB,CAAC,OAAA,EAAS,MAAA,KAAW;AAC9C,IAAA,iBAAA,CAAkB;AAAA,MAChB,IAAA,EAAM,QAAA;AAAA,MAAU,OAAA;AAAA,MAAS,OAAA;AAAA,MAAS;AAAA,KACnC,CAAA;AAAA,EACH,CAAC,CAAA;AACH;AANS,MAAA,CAAA,aAAA,EAAA,eAAA,CAAA;AAQT,SAAS,aAAA,CAAc,KAAA,EAAiC,UAAA,EAAoB,KAAA,EAAc;AACxF,EAAA,KAAA,IAAS,CAAA,GAAI,UAAA,EAAY,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AAC9C,IAAA,KAAA,CAAM,CAAC,CAAA,CAAE,MAAA,CAAO,KAAK,CAAA;AAAA,EACvB;AACF;AAJS,MAAA,CAAA,aAAA,EAAA,eAAA,CAAA;AAMT,eAAe,YAAA,GAAe;AAC5B,EAAA,MAAM,KAAA,GAAQ,YAAA;AACd,EAAA,YAAA,GAAe,MAAA;AACf,EAAA,IAAI,CAAC,OAAO,MAAA,EAAQ;AAGpB,EAAA,KAAA,CAAM,IAAA,CAAK,CAAC,CAAA,EAAG,CAAA,KAAM;AACnB,IAAA,IAAI,CAAA,CAAE,IAAA,KAAS,CAAA,CAAE,IAAA,EAAM,OAAO,CAAA;AAC9B,IAAA,OAAO,CAAA,CAAE,IAAA,KAAS,QAAA,GAAW,EAAA,GAAK,CAAA;AAAA,EACpC,CAAC,CAAA;AAGD,EAAA,MAAmB,SAAA,EAAU;AAE7B,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,MAAM,KAAA,GAAQ,MAAM,CAAC,CAAA;AACrB,IAAA,IAAI;AACF,MAAA,IAAI,KAAA,CAAM,SAAS,SAAA,EAAW;AAC5B,QAAA,MAAM,SAAA,GAAY,MAAmB,YAAA,CAAa,KAAA,CAAM,UAAU,CAAA;AAClE,QAAA,KAAA,CAAM,QAAQ,SAAS,CAAA;AAAA,MACzB,CAAA,MAAO;AACL,QAAA,MAAM,MAAA,GAAS,MAAM,KAAA,CAAM,OAAA,EAAQ;AACnC,QAAA,KAAA,CAAM,QAAQ,MAAM,CAAA;AAAA,MACtB;AAAA,IACF,SAAS,GAAA,EAAK;AACZ,MAAA,KAAA,CAAM,OAAO,GAAG,CAAA;AAGhB,MAAA,MAAM,MAAM,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,OAAO,GAAG,CAAA;AAC3D,MAAA,IACE,GAAA,CAAI,QAAA,CAAS,WAAW,CAAA,IAAK,GAAA,CAAI,QAAA,CAAS,UAAU,CAAA,IACjD,GAAA,CAAI,QAAA,CAAS,qBAAqB,CAAA,EACrC;AACA,QAAA,aAAA,CAAc,OAAO,CAAA,GAAI,CAAA,EAAG,IAAI,eAAA,CAAgB,+BAA0B,CAAC,CAAA;AAC3E,QAAA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAtCe,MAAA,CAAA,YAAA,EAAA,cAAA,CAAA;AAiDf,SAAS,uBAAA,CACP,OAAA,EACA,UAAA,EACA,cAAA,EACA;AACA,EAAA,MAAM,kBAAA,GAAqB,CAAA,EAAG,YAAY,CAAA,EAAG,UAAU,CAAA,CAAA;AACvD,EAAA,OAAO,cAAA,CAAe,OAAA,EAAS,CAAA,SAAA,EAAY,kBAAkB,MAAM,cAAc,CAAA;AACnF;AAPS,MAAA,CAAA,uBAAA,EAAA,yBAAA,CAAA;AAUF,IAAM,kBAAmC,cAAA,CAAqC;AAAA,EACnF,IAAA,EAAM,SAAA;AAAA,EACN,KAAA,EAAO,iCAAA;AAAA,EACP,IAAA,EAAM,WAAA;AAAA,EACN,gBAAA,EAAkB,IAAA;AAAA,EAClB,UAAA,EAAY;AAAA,IACV,IAAA,EAAM,OAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,OAAA,GAAgC;AAE9B,IAAA,MAAM,SAAA,GAAY,KAAK,OAAA,EAAS,MAAA;AAChC,IAAA,MAAM,kBAAA,GAAqB,IAAA,CAAK,OAAA,EAAS,MAAA,KAAW,KAC/C,IAAA,CAAK,OAAA,CAAQ,CAAC,CAAA,EAAG,QAAA,IACjB,IAAA,CAAK,OAAA,CAAQ,CAAC,EAAE,WAAA,KAAgB,QAAA;AACrC,IAAA,IAAI,aAAa,kBAAA,EAAoB;AAEnC,MAAA,MAAM,SAAU,IAAA,CAAa,MAAA;AAC7B,MAAA,MAAM,OAAA,GAAU,QAAQ,GAAA,IAAO,SAAA;AAC/B,MAAA,MAAM,aAAa,IAAA,CAAK,UAAA;AACxB,MAAA,MAAM,iBAAiB,UAAA,EAAY,QAAA;AACnC,MAAA,OAAO,EAAE,IAAA,EAAM,QAAA,EAAU,OAAA,EAAS,cAAA,EAAe;AAAA,IACnD;AAGA,IAAA,IAAI,CAAC,IAAA,CAAK,OAAA,IAAW,IAAA,CAAK,OAAA,CAAQ,WAAW,CAAA,EAAG;AAC9C,MAAA,MAAM,IAAI,YAAY,qFAAqF,CAAA;AAAA,IAC7G;AACA,IAAA,IAAI,CAAC,IAAA,CAAK,OAAA,CAAQ,CAAC,GAAG,QAAA,EAAU;AAC9B,MAAA,MAAM,IAAI,YAAY,4DAA4D,CAAA;AAAA,IACpF;AACA,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,OAAA,CAAQ,CAAC,CAAA,CAAE,WAAA;AAChC,IAAA,IAAI,OAAO,YAAY,QAAA,EAAU;AAC/B,MAAA,MAAM,IAAI,YAAY,qCAAqC,CAAA;AAAA,IAC7D;AACA,IAAA,OAAO,EAAE,IAAA,EAAM,SAAA,EAAW,OAAA,EAAQ;AAAA,EACpC,CAAA;AAAA,EACA,MAAM,QAAQ,KAAA,EAA6B;AACzC,IAAA,IAAI,KAAA,CAAM,SAAS,SAAA,EAAW;AAC5B,MAAA,IAAI,aAAa,KAAA,CAAM,OAAA;AACvB,MAAA,IAAI,UAAA,CAAW,UAAA,CAAW,YAAY,CAAA,EAAG;AACvC,QAAA,UAAA,GAAa,UAAA,CAAW,KAAA,CAAM,YAAA,CAAa,MAAM,CAAA;AAAA,MACnD;AACA,MAAA,IAAI;AACF,QAAA,OAAO,MAAM,eAAe,UAAU,CAAA;AAAA,MACxC,SAAS,GAAA,EAAK;AAEZ,QAAA,IAAI,GAAA,YAAe,iBAAiB,MAAM,GAAA;AAE1C,QAAA,MAAM,UAAuB,cAAA,EAAe;AAC5C,QAAA,MAAM,IAAI,eAAA;AAAA,UACR,CAAA,mBAAA,EAAsB,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,UAAU,GAAG,CAAA,CAAA;AAAA,UAC9D;AAAA,YACE,GAAA,EAAK;AAAA,cACH,YAAY,OAAA,CAAQ,IAAI,KAAK,OAAA,CAAQ,cAAA,GAAiB,oBAAoB,YAAY,CAAA,CAAA,CAAA;AAAA,cACtF,6EAAA;AAAA,cACA;AAAA,aACF,CAAE,KAAK,IAAI;AAAA;AACb,SACF;AAAA,MACF;AAAA,IACF;AAIA,IAAA,MAAM,EAAE,OAAA,EAAS,cAAA,EAAe,GAAI,KAAA;AACpC,IAAA,OAAO,cAAc,YAAY;AAC/B,MAAA,MAAM,UAAuB,cAAA,EAAe;AAG5C,MAAA,IAAI,OAAA,CAAQ,IAAA,KAAS,gBAAA,IAAoB,OAAA,CAAQ,kBAAA,EAAoB;AACnE,QAAA,MAAM,SAAsB,eAAA,EAAgB;AAC5C,QAAA,MAAMA,WAAAA,GAAa,MAAM,MAAA,CAAO,YAAA,CAAa;AAAA,UAC3C,OAAA;AAAA,UACA,OAAA,EAAS,8BAA8B,OAAO,CAAA,CAAA;AAAA,SAC/C,CAAA;AAED,QAAA,IAAI,CAACA,WAAAA,EAAY;AACf,UAAA,MAAM,IAAI,gBAAgB,4BAAA,EAA8B;AAAA,YACtD,GAAA,EAAK;AAAA,WACN,CAAA;AAAA,QACH;AAEA,QAAA,MAAMC,gBAAAA,GAAkB,uBAAA,CAAwB,OAAA,EAASD,WAAAA,EAAY,cAAc,CAAA;AACnF,QAAA,IAAI,CAACC,iBAAgB,OAAA,EAAS;AAC5B,UAAA,IAAIA,gBAAAA,CAAgB,WAAW,qBAAA,EAAuB;AACpD,YAAA,MAAM,IAAI,eAAA,CAAgB,CAAA,sCAAA,EAAyC,OAAO,CAAA,CAAA,EAAI;AAAA,cAC5E,GAAA,EAAK;AAAA,aACN,CAAA;AAAA,UACH;AAEA,UAAA,MAAM,IAAI,eAAA,CAAgB,CAAA,sCAAA,EAAyC,OAAO,CAAA,CAAA,EAAI;AAAA,YAC5E,GAAA,EAAK,CAAA,4BAAA,EAA+B,OAAO,CAAA,mCAAA,EAAsC,cAAc,CAAA,CAAA;AAAA,WAChG,CAAA;AAAA,QACH;AAEA,QAAA,OAAoB,aAAaD,WAAU,CAAA;AAAA,MAC7C;AAGA,MAAA,IAAI,CAAC,OAAA,CAAQ,MAAA,CAAO,SAAS,CAAC,OAAA,CAAQ,MAAM,KAAA,EAAO;AACjD,QAAA,MAAM,IAAI,eAAA;AAAA,UACR,gCAAgC,OAAO,CAAA,CAAA;AAAA,UACvC;AAAA,YACE,GAAA,EAAK,CAAA,6BAAA,EAAgC,cAAA,IAAkB,iBAAiB,CAAA,uCAAA;AAAA;AAC1E,SACF;AAAA,MACF;AAEA,MAAA,MAAM,QAAA,GAAW,MAAM,eAAA,CAAQ,QAAA,CAAS,EAAE,OAAA,EAAS,CAAA,2BAAA,EAA8B,OAAO,CAAA,CAAA,CAAA,EAAK,IAAA,EAAM,8CAAA,EAAgD,CAAA;AACnJ,MAAA,MAAM,UAAA,GAAa,OAAO,QAAA,KAAa,QAAA;AACvC,MAAA,IAAI,UAAA,IAAc,CAAC,QAAA,EAAU;AAC3B,QAAA,MAAM,IAAI,gBAAgB,4BAAA,EAA8B;AAAA,UACtD,GAAA,EAAK;AAAA,SACN,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,UAAA,GAAa,MAAmB,YAAA,CAAa,QAAQ,CAAA;AAC3D,MAAA,MAAM,eAAA,GAAkB,uBAAA,CAAwB,OAAA,EAAS,UAAA,EAAY,cAAc,CAAA;AAEnF,MAAA,IAAI,CAAC,gBAAgB,OAAA,EAAS;AAC5B,QAAA,IAAI,eAAA,CAAgB,WAAW,qBAAA,EAAuB;AACpD,UAAA,MAAM,IAAI,eAAA,CAAgB,CAAA,sCAAA,EAAyC,OAAO,CAAA,CAAA,EAAI;AAAA,YAC5E,GAAA,EAAK;AAAA,WACN,CAAA;AAAA,QACH;AAEA,QAAA,MAAM,IAAI,eAAA,CAAgB,CAAA,sCAAA,EAAyC,OAAO,CAAA,CAAA,EAAI;AAAA,UAC5E,GAAA,EAAK,CAAA,4BAAA,EAA+B,OAAO,CAAA,mCAAA,EAAsC,cAAc,CAAA,CAAA;AAAA,SAChG,CAAA;AAAA,MACH;AAEA,MAAA,OAAO,QAAA;AAAA,IACT,CAAC,CAAA;AAAA,EACH;AACF,CAAC,CAAA;;;ACxOD,SAAS,oBAAA,CACP,OAAA,EACA,GAAA,EACA,cAAA,EACA;AAEA,EAAA,IAAI,OAAA;AACJ,EAAA,IAAI,CAAC,GAAA,CAAI,OAAA,IAAW,CAAC,IAAI,QAAA,EAAU;AACjC,IAAA,OAAA,GAAU,CAAA,CAAA,EAAI,IAAI,OAAO,CAAA,CAAA,CAAA;AAAA,EAC3B,CAAA,MAAO;AACL,IAAA,MAAM,KAAA,GAAuB,CAAC,CAAA,SAAA,EAAY,GAAA,CAAI,OAAO,CAAA,CAAA,CAAG,CAAA;AACxD,IAAA,IAAI,IAAI,OAAA,EAAS,KAAA,CAAM,KAAK,CAAA,SAAA,EAAY,GAAA,CAAI,OAAO,CAAA,CAAA,CAAG,CAAA;AACtD,IAAA,IAAI,IAAI,QAAA,EAAU,KAAA,CAAM,KAAK,CAAA,UAAA,EAAa,GAAA,CAAI,QAAQ,CAAA,CAAA,CAAG,CAAA;AACzD,IAAA,OAAA,GAAU,KAAA,CAAM,KAAK,IAAI,CAAA;AAAA,EAC3B;AAEA,EAAA,cAAA,CAAe,OAAA,EAAS,CAAA,SAAA,EAAY,OAAO,CAAA,CAAA,CAAA,EAAK,cAAc,CAAA;AAChE;AAjBS,MAAA,CAAA,oBAAA,EAAA,sBAAA,CAAA;AAmBF,IAAM,mBAAoC,cAAA,CAAsC;AAAA,EACrF,IAAA,EAAM,UAAA;AAAA,EACN,KAAA,EAAO,0BAAA;AAAA,EACP,IAAA,EAAM,eAAA;AAAA,EACN,gBAAA,EAAkB,IAAA;AAAA,EAClB,UAAA,EAAY;AAAA,IACV,IAAA,EAAM,OAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,OAAA,GAAiC;AAC/B,IAAA,IAAI,OAAA,CAAQ,aAAa,QAAA,EAAU;AACjC,MAAA,MAAM,IAAI,YAAY,uCAAuC,CAAA;AAAA,IAC/D;AAGA,IAAA,MAAM,SAAA,GAAY,KAAK,OAAA,EAAS,MAAA;AAChC,IAAA,MAAM,kBAAA,GAAqB,IAAA,CAAK,OAAA,EAAS,MAAA,KAAW,KAC/C,IAAA,CAAK,OAAA,CAAQ,CAAC,CAAA,EAAG,QAAA,IACjB,IAAA,CAAK,OAAA,CAAQ,CAAC,EAAE,WAAA,KAAgB,QAAA;AAErC,IAAA,IAAI,aAAa,kBAAA,EAAoB;AACnC,MAAA,MAAM,SAAU,IAAA,CAAa,MAAA;AAC7B,MAAA,MAAM,OAAA,GAAU,QAAQ,GAAA,IAAO,SAAA;AAC/B,MAAA,MAAM,aAAa,IAAA,CAAK,UAAA;AACxB,MAAA,MAAM,iBAAiB,UAAA,EAAY,QAAA;AACnC,MAAA,OAAO,EAAE,IAAA,EAAM,QAAA,EAAU,OAAA,EAAS,cAAA,EAAe;AAAA,IACnD;AAGA,IAAA,MAAM,UAAA,GAAa,KAAK,OAAA,EAAS,OAAA;AACjC,IAAA,MAAM,UAAA,GAAa,KAAK,OAAA,EAAS,OAAA;AACjC,IAAA,MAAM,WAAA,GAAc,KAAK,OAAA,EAAS,QAAA;AAClC,IAAA,MAAM,QAAA,GAAW,KAAK,OAAA,EAAS,KAAA;AAE/B,IAAA,MAAM,OAAA,GAAU,UAAA,EAAY,QAAA,GAAW,UAAA,CAAW,WAAA,GAAwB,MAAA;AAC1E,IAAA,MAAM,QAAA,GAAW,WAAA,EAAa,QAAA,GAAW,WAAA,CAAY,WAAA,GAAwB,MAAA;AAC7E,IAAA,MAAM,KAAA,GAAQ,QAAA,EAAU,QAAA,GAAW,QAAA,CAAS,WAAA,GAAwB,MAAA;AAEpE,IAAA,IAAI,UAAA,EAAY;AACd,MAAA,IAAI,CAAC,UAAA,CAAW,QAAA,IAAY,OAAO,UAAA,CAAW,gBAAgB,QAAA,EAAU;AACtE,QAAA,MAAM,IAAI,YAAY,4CAA4C,CAAA;AAAA,MACpE;AACA,MAAA,OAAO;AAAA,QACL,IAAA,EAAM,KAAA;AAAA,QAAO,SAAS,UAAA,CAAW,WAAA;AAAA,QAAa,OAAA;AAAA,QAAS,QAAA;AAAA,QAAU;AAAA,OACnE;AAAA,IACF;AAGA,IAAA,IAAI,UAAA,EAAY;AACd,MAAA,OAAO;AAAA,QACL,IAAA,EAAM,KAAA;AAAA,QAAO,OAAA;AAAA,QAAS,QAAA;AAAA,QAAU;AAAA,OAClC;AAAA,IACF;AAGA,IAAA,IAAI,IAAA,CAAK,SAAS,MAAA,KAAW,CAAA,IAAK,KAAK,OAAA,CAAQ,CAAC,GAAG,QAAA,EAAU;AAC3D,MAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,OAAA,CAAQ,CAAC,CAAA,CAAE,WAAA;AAC9B,MAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC7B,QAAA,MAAM,IAAI,YAAY,0CAA0C,CAAA;AAAA,MAClE;AACA,MAAA,OAAO,EAAE,IAAA,EAAM,KAAA,EAAO,OAAA,EAAS,OAAO,KAAA,EAAM;AAAA,IAC9C;AAEA,IAAA,MAAM,IAAI,WAAA;AAAA,MACR;AAAA,KAEF;AAAA,EACF,CAAA;AAAA,EACA,MAAM,QAAQ,KAAA,EAA8B;AAC1C,IAAA,MAAM,SAAS,eAAA,EAAgB;AAE/B,IAAA,IAAI,KAAA,CAAM,SAAS,KAAA,EAAO;AACxB,MAAA,IAAI;AACF,QAAA,OAAO,MAAM,OAAO,WAAA,CAAY;AAAA,UAC9B,SAAS,KAAA,CAAM,OAAA;AAAA,UACf,SAAS,KAAA,CAAM,OAAA;AAAA,UACf,UAAU,KAAA,CAAM,QAAA;AAAA,UAChB,OAAO,KAAA,CAAM;AAAA,SACd,CAAA;AAAA,MACH,SAAS,GAAA,EAAK;AACZ,QAAA,MAAM,IAAI,eAAA;AAAA,UACR,CAAA,8BAAA,EAAiC,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,UAAU,GAAG,CAAA,CAAA;AAAA,UACzE;AAAA,YACE,GAAA,EAAK;AAAA,cACH,KAAA,CAAM,OAAA,GAAU,CAAA,SAAA,EAAY,KAAA,CAAM,OAAO,CAAA,CAAA,GAAK,IAAA;AAAA,cAC9C,KAAA,CAAM,OAAA,GAAU,CAAA,SAAA,EAAY,KAAA,CAAM,OAAO,CAAA,CAAA,GAAK,IAAA;AAAA,cAC9C,KAAA,CAAM,QAAA,GAAW,CAAA,UAAA,EAAa,KAAA,CAAM,QAAQ,CAAA,CAAA,GAAK,IAAA;AAAA,cACjD,KAAA,CAAM,KAAA,GAAQ,CAAA,OAAA,EAAU,KAAA,CAAM,KAAK,CAAA,CAAA,GAAK,IAAA;AAAA,cACxC,2EAAA;AAAA,cACA;AAAA,aACF,CAAE,MAAA,CAAO,OAAO,CAAA,CAAE,KAAK,IAAI;AAAA;AAC7B,SACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,MAAM,EAAE,OAAA,EAAS,cAAA,EAAe,GAAI,KAAA;AAEpC,IAAA,MAAM,WAAW,MAAM,MAAA,CAAO,YAAA,CAAa,EAAE,SAAS,CAAA;AACtD,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,gBAAgB,uCAAA,EAAyC;AAAA,QACjE,GAAA,EAAK;AAAA,OACN,CAAA;AAAA,IACH;AAEA,IAAA,oBAAA,CAAqB,OAAA,EAAS,UAAU,cAAc,CAAA;AAGtD,IAAA,IAAI;AACF,MAAA,OAAO,MAAM,OAAO,WAAA,CAAY;AAAA,QAC9B,SAAS,QAAA,CAAS,OAAA;AAAA,QAClB,SAAS,QAAA,CAAS,OAAA;AAAA,QAClB,UAAU,QAAA,CAAS;AAAA,OACpB,CAAA;AAAA,IACH,SAAS,GAAA,EAAK;AACZ,MAAA,MAAM,IAAI,eAAA;AAAA,QACR,CAAA,iDAAA,EAAoD,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,UAAU,GAAG,CAAA,CAAA;AAAA,QAC5F;AAAA,UACE,GAAA,EAAK;AAAA;AACP,OACF;AAAA,IACF;AAAA,EACF;AACF,CAAC,CAAA;ACnKM,SAAS,6BAA6B,IAAA,EAA+D;AAC1G,EAAA,MAAM,GAAA,GAAM,IAAA,EAAM,GAAA,IAAO,OAAA,CAAQ,GAAA,EAAI;AACrC,EAAA,MAAM,OAAA,GAAU,IAAA,CAAK,IAAA,CAAK,GAAA,EAAK,cAAc,CAAA;AAC7C,EAAA,IAAI,CAACE,EAAAA,CAAG,UAAA,CAAW,OAAO,GAAG,OAAO,MAAA;AACpC,EAAA,IAAI;AACF,IAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAMA,GAAG,YAAA,CAAa,OAAA,EAAS,OAAO,CAAC,CAAA;AACxD,IAAA,IAAI,GAAA,CAAI,OAAA,IAAW,OAAO,GAAA,CAAI,YAAY,QAAA,EAAU;AAClD,MAAA,OAAO,GAAA,CAAI,OAAA;AAAA,IACb;AAAA,EACF,CAAA,CAAA,MAAQ;AAAA,EAA4B;AACpC,EAAA,OAAO,MAAA;AACT;AAXgB,MAAA,CAAA,4BAAA,EAAA,8BAAA,CAAA;;;ACFhB,IAAM,KAAA,GAAQ,YAAY,cAAc,CAAA;AAExC,SAAS,qBAAqB,WAAA,EAAoD;AAChF,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,WAAW,CAAA,EAAG,OAAO,WAAA;AACvC,EAAA,OAAO,CAAC,WAAW,CAAA;AACrB;AAHS,MAAA,CAAA,oBAAA,EAAA,sBAAA,CAAA;AAKT,SAAS,aAAA,CACP,UACA,MAAA,EAMA;AACA,EAAA,MAAM,aAAA,GAAgB,SAAS,GAAA,CAAI,CAAC,MAAMC,IAAAA,CAAK,OAAA,CAAQ,CAAC,CAAC,CAAA;AAEzD,EAAA,IAAI,aAAA,CAAc,WAAW,CAAA,EAAG;AAC9B,IAAA,KAAA,CAAM,wBAAA,EAA0B,MAAA,CAAO,MAAA,EAAQ,aAAA,CAAc,CAAC,CAAC,CAAA;AAAA,EACjE,CAAA,MAAO;AACL,IAAA,KAAA,CAAM,4BAAA,EAA8B,cAAc,MAAA,EAAQ,MAAA,CAAO,QAAQ,aAAA,CAAc,IAAA,CAAK,IAAI,CAAC,CAAA;AAAA,EACnG;AAEA,EAAA,KAAA,MAAW,gBAAgB,aAAA,EAAe;AACxC,IAAA,IAAI,CAACD,EAAAA,CAAG,UAAA,CAAW,YAAY,CAAA,EAAG;AAChC,MAAA,MAAM,IAAI,YAAA,CAAa,CAAA,EAAG,OAAO,WAAW,CAAA,EAAA,EAAK,YAAY,CAAA,CAAA,EAAI;AAAA,QAC/D,YAAY,MAAA,CAAO;AAAA,OACpB,CAAA;AAAA,IACH;AAAA,EACF;AAEA,EAAA,OAAO,oBAAA,CAAqB,MAAM,YAAA,CAAa;AAAA,IAC7C,oBAAoB,MAAA,CAAO,kBAAA;AAAA,IAC3B,cAAA,EAAgB,aAAA;AAAA,IAChB,SAAA,gCAAkB,CAAA,KAAM;AACtB,MAAA,CAAA,CAAE,iBAAiB,eAAe,CAAA;AAClC,MAAA,CAAA,CAAE,iBAAiB,gBAAgB,CAAA;AAAA,IACrC,CAAA,EAHW,WAAA;AAAA,GAIZ,CAAC,CAAA;AACJ;AAjCS,MAAA,CAAA,aAAA,EAAA,eAAA,CAAA;AAmCF,SAAS,oBAAoB,IAAA,EAIjC;AACD,EAAA,MAAM,QAAA,GAAW,IAAA,EAAM,cAAA,EAAgB,MAAA,CAAO,OAAO,CAAA;AAGrD,EAAA,IAAI,QAAA,IAAY,QAAA,CAAS,MAAA,GAAS,CAAA,EAAG;AAEnC,IAAA,OAAO,cAAc,QAAA,EAAU;AAAA,MAC7B,MAAA,EAAQ,aAAA;AAAA,MACR,WAAA,EAAa,iCAAA;AAAA,MACb,eAAA,EAAiB,oDAAA;AAAA,MACjB,oBAAoB,IAAA,EAAM;AAAA,KAC3B,CAAA;AAAA,EACH;AAGA,EAAA,MAAM,WAAA,GAAc,8BAA6B,EAAG,QAAA;AACpD,EAAA,MAAM,YAAA,GAAe,WAAA,GAAc,oBAAA,CAAqB,WAAW,CAAA,GAAI,MAAA;AAEvE,EAAA,IAAI,YAAA,EAAc;AAChB,IAAA,OAAO,cAAc,YAAA,EAAc;AAAA,MACjC,MAAA,EAAQ,+BAAA;AAAA,MACR,WAAA,EAAa,wEAAA;AAAA,MACb,eAAA,EAAiB,wFAAA;AAAA,MACjB,oBAAoB,IAAA,EAAM;AAAA,KAC3B,CAAA;AAAA,EACH;AAEA,EAAA,KAAA,CAAM,mCAAA,EAAqC,OAAA,CAAQ,GAAA,EAAK,CAAA;AAExD,EAAA,OAAO,oBAAA,CAAqB,MAAM,YAAA,CAAa;AAAA,IAC7C,oBAAoB,IAAA,EAAM,kBAAA;AAAA,IAC1B,SAAA,gCAAkB,CAAA,KAAM;AACtB,MAAA,CAAA,CAAE,iBAAiB,eAAe,CAAA;AAClC,MAAA,CAAA,CAAE,iBAAiB,gBAAgB,CAAA;AAAA,IACrC,CAAA,EAHW,WAAA;AAAA,GAIZ,CAAC,CAAA;AACJ;AAxCgB,MAAA,CAAA,mBAAA,EAAA,qBAAA,CAAA","file":"chunk-C5LW5EET.js","sourcesContent":["/**\n * Shared utilities for writing back encrypted/resolved values to .env files.\n *\n * Uses the env-spec AST parser to safely update values.\n */\n\nimport fs from 'node:fs';\nimport { parseEnvSpecDotEnvFile } from '@env-spec/parser';\n\ntype WriteBackResult = { updated: boolean; reason?: 'missing-source-file' | 'item-not-found' };\n\n/**\n * Update a config item's value in a .env file using AST-based replacement.\n */\nexport function writeBackValue(\n itemKey: string,\n newValueStr: string,\n sourceFilePath: string | undefined,\n): WriteBackResult {\n if (!sourceFilePath) {\n return { updated: false, reason: 'missing-source-file' };\n }\n\n const currentContents = fs.readFileSync(sourceFilePath, 'utf-8');\n const file = parseEnvSpecDotEnvFile(currentContents);\n\n const item = file.configItems.find((i) => i.key === itemKey);\n if (!item) {\n return { updated: false, reason: 'item-not-found' };\n }\n\n // Parse a dummy line to get the correct AST value node\n const dummyFile = parseEnvSpecDotEnvFile(`_=${newValueStr}`);\n const dummyItem = dummyFile.configItems[0];\n if (!dummyItem?.value) {\n return { updated: false, reason: 'item-not-found' };\n }\n\n // Replace the value\n item.data.value = dummyItem.value;\n item.value = dummyItem.value;\n\n fs.writeFileSync(sourceFilePath, file.toString());\n return { updated: true };\n}\n\n","/**\n * Built-in varlock() resolver function.\n *\n * Replaces the plugin-based resolver from @varlock/secure-enclave-plugin.\n * Works cross-platform using the local-encrypt abstraction layer.\n */\n\nimport { createResolver, Resolver } from '../../env-graph/lib/resolver';\nimport { ResolutionError, SchemaError } from '../../env-graph/lib/errors';\nimport prompts from '../../cli/helpers/prompts';\nimport * as localEncrypt from './index';\nimport { writeBackValue } from './write-back';\n\nconst LOCAL_PREFIX = 'local:';\nconst PLUGIN_ICON = 'mdi:fingerprint';\n\n// ── Unified varlock() batch queue ──────────────────────────────\n// Collects all concurrent varlock() calls (both prompt and decrypt) into a\n// single batch using setImmediate, then processes them sequentially.\n// Prompts are sorted first so the user enters values before biometric decrypts.\n// If the user cancels a prompt or biometric auth, all remaining items in the\n// batch are rejected immediately.\n\ntype VarlockBatchEntry = {\n kind: 'prompt' | 'decrypt';\n resolve: (value: string) => void;\n reject: (reason: unknown) => void;\n} & (\n | { kind: 'decrypt'; ciphertext: string }\n | { kind: 'prompt'; execute: () => Promise<string> }\n);\n\nlet pendingBatch: Array<VarlockBatchEntry> | undefined;\n\nfunction enqueueBatchEntry(entry: VarlockBatchEntry) {\n let triggerBatch = false;\n if (!pendingBatch) {\n pendingBatch = [];\n triggerBatch = true;\n }\n pendingBatch.push(entry);\n\n if (triggerBatch) {\n // eslint-disable-next-line no-use-before-define\n setImmediate(() => executeBatch());\n }\n}\n\nfunction enqueueDecrypt(ciphertext: string): Promise<string> {\n return new Promise<string>((resolve, reject) => {\n enqueueBatchEntry({\n kind: 'decrypt', ciphertext, resolve, reject,\n });\n });\n}\n\nfunction enqueuePrompt(execute: () => Promise<string>): Promise<string> {\n return new Promise<string>((resolve, reject) => {\n enqueueBatchEntry({\n kind: 'prompt', execute, resolve, reject,\n });\n });\n}\n\nfunction bailRemaining(batch: Array<VarlockBatchEntry>, startIndex: number, error: Error) {\n for (let j = startIndex; j < batch.length; j++) {\n batch[j].reject(error);\n }\n}\n\nasync function executeBatch() {\n const batch = pendingBatch;\n pendingBatch = undefined;\n if (!batch?.length) return;\n\n // Sort prompts before decrypts so the user enters values first\n batch.sort((a, b) => {\n if (a.kind === b.kind) return 0;\n return a.kind === 'prompt' ? -1 : 1;\n });\n\n // Ensure encryption key exists before processing any items\n await localEncrypt.ensureKey();\n\n for (let i = 0; i < batch.length; i++) {\n const entry = batch[i];\n try {\n if (entry.kind === 'decrypt') {\n const plaintext = await localEncrypt.decryptValue(entry.ciphertext);\n entry.resolve(plaintext);\n } else {\n const result = await entry.execute();\n entry.resolve(result);\n }\n } catch (err) {\n entry.reject(err);\n\n // If this looks like a user cancellation or auth failure, bail on remaining items\n const msg = err instanceof Error ? err.message : String(err);\n if (\n msg.includes('cancelled') || msg.includes('canceled')\n || msg.includes('verification failed')\n ) {\n bailRemaining(batch, i + 1, new ResolutionError('Skipped — user cancelled'));\n return;\n }\n }\n }\n}\n\ntype VarlockResolverState = {\n mode: 'decrypt';\n payload: string;\n} | {\n mode: 'prompt';\n itemKey: string;\n sourceFilePath: string | undefined;\n};\n\nfunction writeBackEncryptedValue(\n itemKey: string,\n ciphertext: string,\n sourceFilePath: string | undefined,\n) {\n const prefixedCiphertext = `${LOCAL_PREFIX}${ciphertext}`;\n return writeBackValue(itemKey, `varlock(\"${prefixedCiphertext}\")`, sourceFilePath);\n}\n\n\nexport const VarlockResolver: typeof Resolver = createResolver<VarlockResolverState>({\n name: 'varlock',\n label: 'Decrypt locally encrypted value',\n icon: PLUGIN_ICON,\n impliesSensitive: true,\n argsSchema: {\n type: 'mixed',\n arrayMinLength: 0,\n },\n process(): VarlockResolverState {\n // Check for prompt mode: varlock(prompt=1) or varlock(prompt)\n const promptArg = this.objArgs?.prompt;\n const isPromptPositional = this.arrArgs?.length === 1\n && this.arrArgs[0]?.isStatic\n && this.arrArgs[0].staticValue === 'prompt';\n if (promptArg || isPromptPositional) {\n // Resolver doesn't expose parent item in its type, but it's available at runtime\n const parent = (this as any).parent;\n const itemKey = parent?.key || 'unknown';\n const dataSource = this.dataSource as any;\n const sourceFilePath = dataSource?.fullPath as string | undefined;\n return { mode: 'prompt', itemKey, sourceFilePath };\n }\n\n // Normal mode: varlock(\"encrypted-payload\")\n if (!this.arrArgs || this.arrArgs.length !== 1) {\n throw new SchemaError('varlock() expects a single encrypted payload string, or prompt to enter a new value');\n }\n if (!this.arrArgs[0]?.isStatic) {\n throw new SchemaError('varlock() expects a single static encrypted payload string');\n }\n const payload = this.arrArgs[0].staticValue;\n if (typeof payload !== 'string') {\n throw new SchemaError('varlock() expects a string argument');\n }\n return { mode: 'decrypt', payload };\n },\n async resolve(state: VarlockResolverState) {\n if (state.mode === 'decrypt') {\n let ciphertext = state.payload;\n if (ciphertext.startsWith(LOCAL_PREFIX)) {\n ciphertext = ciphertext.slice(LOCAL_PREFIX.length);\n }\n try {\n return await enqueueDecrypt(ciphertext);\n } catch (err) {\n // Re-throw ResolutionErrors (e.g. batch cancellation) as-is\n if (err instanceof ResolutionError) throw err;\n\n const backend = localEncrypt.getBackendInfo();\n throw new ResolutionError(\n `Decryption failed: ${err instanceof Error ? err.message : err}`,\n {\n tip: [\n `Backend: ${backend.type} (${backend.hardwareBacked ? 'hardware-backed' : 'file-based'})`,\n 'This usually means the value was encrypted with a different key or backend.',\n 'Set a new value using `varlock encrypt` or `KEY=varlock(prompt)`.',\n ].join('\\n'),\n },\n );\n }\n }\n\n // Prompt mode: enqueued into the unified batch so prompts run before decrypts\n // and cancellation propagates to all remaining items.\n const { itemKey, sourceFilePath } = state;\n return enqueuePrompt(async () => {\n const backend = localEncrypt.getBackendInfo();\n\n // Use daemon's native dialog on macOS Secure Enclave\n if (backend.type === 'secure-enclave' && backend.biometricAvailable) {\n const client = localEncrypt.getDaemonClient();\n const ciphertext = await client.promptSecret({\n itemKey,\n message: `Enter the secret value for ${itemKey}:`,\n });\n\n if (!ciphertext) {\n throw new ResolutionError('Secret input was cancelled', {\n tip: 'Run varlock again and enter a value, or replace prompt=1 with an encrypted value',\n });\n }\n\n const writeBackResult = writeBackEncryptedValue(itemKey, ciphertext, sourceFilePath);\n if (!writeBackResult.updated) {\n if (writeBackResult.reason === 'missing-source-file') {\n throw new ResolutionError(`Unable to persist encrypted value for ${itemKey}`, {\n tip: 'varlock(prompt=1) can only persist values from file-backed sources. Use `varlock encrypt` to generate an encrypted value manually.',\n });\n }\n\n throw new ResolutionError(`Unable to persist encrypted value for ${itemKey}`, {\n tip: `Could not find a writable \\`${itemKey}=varlock(...)\\` entry to update in ${sourceFilePath}.`,\n });\n }\n\n return localEncrypt.decryptValue(ciphertext);\n }\n\n // Terminal prompt for file-based backend\n if (!process.stdout.isTTY || !process.stdin.isTTY) {\n throw new ResolutionError(\n `No encrypted value found for ${itemKey}`,\n {\n tip: `Run \\`varlock encrypt --file ${sourceFilePath || '<your-env-file>'}\\` to encrypt this value interactively.`,\n },\n );\n }\n\n const rawValue = await prompts.password({ message: `Enter the secret value for ${itemKey}:`, hint: 'for multi-line values, use `varlock encrypt`' });\n const isCanceled = typeof rawValue !== 'string';\n if (isCanceled || !rawValue) {\n throw new ResolutionError('Secret input was cancelled', {\n tip: 'Run varlock again and enter a value, or replace prompt=1 with an encrypted value',\n });\n }\n\n const ciphertext = await localEncrypt.encryptValue(rawValue);\n const writeBackResult = writeBackEncryptedValue(itemKey, ciphertext, sourceFilePath);\n\n if (!writeBackResult.updated) {\n if (writeBackResult.reason === 'missing-source-file') {\n throw new ResolutionError(`Unable to persist encrypted value for ${itemKey}`, {\n tip: 'varlock(prompt=1) can only persist values from file-backed sources. Use `varlock encrypt` to generate an encrypted value manually.',\n });\n }\n\n throw new ResolutionError(`Unable to persist encrypted value for ${itemKey}`, {\n tip: `Could not find a writable \\`${itemKey}=varlock(...)\\` entry to update in ${sourceFilePath}.`,\n });\n }\n\n return rawValue;\n });\n },\n});\n","/**\n * Built-in keychain() resolver function.\n *\n * Reads secrets from the macOS Keychain via the Swift daemon binary.\n * Always goes through the daemon to enforce biometric gating (per-TTY sessions)\n * and to make VarlockEnclave the authorized keychain accessor.\n *\n * Syntax:\n * keychain(service=\"com.company.db\")\n * keychain(service=\"com.company.db\", account=\"admin\")\n * keychain(service=\"com.company.db\", keychain=\"System\")\n * keychain(\"com.company.db\") — shorthand for service\n * keychain(prompt) — interactive picker, writes back reference\n */\n\nimport { createResolver, Resolver } from '../../env-graph/lib/resolver';\nimport { ResolutionError, SchemaError } from '../../env-graph/lib/errors';\nimport { getDaemonClient } from './index';\nimport { writeBackValue } from './write-back';\n\ntype KeychainResolverState = {\n mode: 'get';\n service?: string;\n account?: string;\n keychain?: string;\n field?: string;\n} | {\n mode: 'prompt';\n itemKey: string;\n sourceFilePath: string | undefined;\n};\n\nfunction writeBackKeychainRef(\n itemKey: string,\n ref: { service: string; account?: string; keychain?: string },\n sourceFilePath: string | undefined,\n) {\n // Use positional shorthand when only service is needed, named args when disambiguating\n let argsStr: string;\n if (!ref.account && !ref.keychain) {\n argsStr = `\"${ref.service}\"`;\n } else {\n const parts: Array<string> = [`service=\"${ref.service}\"`];\n if (ref.account) parts.push(`account=\"${ref.account}\"`);\n if (ref.keychain) parts.push(`keychain=\"${ref.keychain}\"`);\n argsStr = parts.join(', ');\n }\n\n writeBackValue(itemKey, `keychain(${argsStr})`, sourceFilePath);\n}\n\nexport const KeychainResolver: typeof Resolver = createResolver<KeychainResolverState>({\n name: 'keychain',\n label: 'Read from macOS Keychain',\n icon: 'mdi:key-chain',\n impliesSensitive: true,\n argsSchema: {\n type: 'mixed',\n arrayMinLength: 0,\n },\n process(): KeychainResolverState {\n if (process.platform !== 'darwin') {\n throw new SchemaError('keychain() is only supported on macOS');\n }\n\n // Check for prompt mode: keychain(prompt) or keychain(prompt=1)\n const promptArg = this.objArgs?.prompt;\n const isPromptPositional = this.arrArgs?.length === 1\n && this.arrArgs[0]?.isStatic\n && this.arrArgs[0].staticValue === 'prompt';\n\n if (promptArg || isPromptPositional) {\n const parent = (this as any).parent;\n const itemKey = parent?.key || 'unknown';\n const dataSource = this.dataSource as any;\n const sourceFilePath = dataSource?.fullPath as string | undefined;\n return { mode: 'prompt', itemKey, sourceFilePath };\n }\n\n // Named args mode: keychain(service=\"...\", account=\"...\", keychain=\"...\", field=\"...\")\n const serviceArg = this.objArgs?.service;\n const accountArg = this.objArgs?.account;\n const keychainArg = this.objArgs?.keychain;\n const fieldArg = this.objArgs?.field;\n\n const account = accountArg?.isStatic ? accountArg.staticValue as string : undefined;\n const keychain = keychainArg?.isStatic ? keychainArg.staticValue as string : undefined;\n const field = fieldArg?.isStatic ? fieldArg.staticValue as string : undefined;\n\n if (serviceArg) {\n if (!serviceArg.isStatic || typeof serviceArg.staticValue !== 'string') {\n throw new SchemaError('keychain() service must be a static string');\n }\n return {\n mode: 'get', service: serviceArg.staticValue, account, keychain, field,\n };\n }\n\n // account-only lookup: keychain(account=\"admin@corp.com\", field=\"account\")\n if (accountArg) {\n return {\n mode: 'get', account, keychain, field,\n };\n }\n\n // Positional shorthand: keychain(\"com.company.service\")\n if (this.arrArgs?.length === 1 && this.arrArgs[0]?.isStatic) {\n const value = this.arrArgs[0].staticValue;\n if (typeof value !== 'string') {\n throw new SchemaError('keychain() expects a string service name');\n }\n return { mode: 'get', service: value, field };\n }\n\n throw new SchemaError(\n 'keychain() requires service name, account, or prompt mode. '\n + 'Usage: keychain(service=\"com.example\"), keychain(\"com.example\"), or keychain(prompt)',\n );\n },\n async resolve(state: KeychainResolverState) {\n const client = getDaemonClient();\n\n if (state.mode === 'get') {\n try {\n return await client.keychainGet({\n service: state.service,\n account: state.account,\n keychain: state.keychain,\n field: state.field,\n });\n } catch (err) {\n throw new ResolutionError(\n `Failed to read keychain item: ${err instanceof Error ? err.message : err}`,\n {\n tip: [\n state.service ? `Service: ${state.service}` : null,\n state.account ? `Account: ${state.account}` : null,\n state.keychain ? `Keychain: ${state.keychain}` : null,\n state.field ? `Field: ${state.field}` : null,\n 'Make sure the item exists in your Keychain and VarlockEnclave has access.',\n 'You can grant access via: keychain(prompt)',\n ].filter(Boolean).join('\\n'),\n },\n );\n }\n }\n\n // Prompt mode: show native picker, write back reference\n const { itemKey, sourceFilePath } = state;\n\n const selected = await client.keychainPick({ itemKey });\n if (!selected) {\n throw new ResolutionError('Keychain item selection was cancelled', {\n tip: 'Run varlock again and select an item, or use keychain(service=\"...\") with an explicit service name',\n });\n }\n\n writeBackKeychainRef(itemKey, selected, sourceFilePath);\n\n // Now fetch the actual value\n try {\n return await client.keychainGet({\n service: selected.service,\n account: selected.account,\n keychain: selected.keychain,\n });\n } catch (err) {\n throw new ResolutionError(\n `Selected keychain item but failed to read value: ${err instanceof Error ? err.message : err}`,\n {\n tip: 'The item reference has been written to your config. Try running varlock again.',\n },\n );\n }\n },\n});\n","import path from 'node:path';\nimport fs from 'node:fs';\n\nexport type VarlockPackageJsonConfig = {\n /** Path (or array of paths) to a specific .env file or directory to use as the entry point for loading */\n loadPath?: string | Array<string>;\n};\n\n/**\n * Reads varlock configuration from the `package.json` in `cwd`.\n * Returns undefined if no `package.json` exists or it has no `varlock` key.\n */\nexport function readVarlockPackageJsonConfig(opts?: { cwd?: string }): VarlockPackageJsonConfig | undefined {\n const cwd = opts?.cwd ?? process.cwd();\n const pkgPath = path.join(cwd, 'package.json');\n if (!fs.existsSync(pkgPath)) return undefined;\n try {\n const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf-8'));\n if (pkg.varlock && typeof pkg.varlock === 'object') {\n return pkg.varlock as VarlockPackageJsonConfig;\n }\n } catch { /* ignore parse errors */ }\n return undefined;\n}\n","import fs from 'node:fs';\nimport path from 'node:path';\nimport { loadEnvGraph } from '../env-graph';\nimport { VarlockResolver } from './local-encrypt/builtin-resolver';\nimport { KeychainResolver } from './local-encrypt/keychain-resolver';\nimport { CliExitError } from '../cli/helpers/exit-error';\nimport { runWithWorkspaceInfo } from './workspace-utils';\nimport { readVarlockPackageJsonConfig } from './package-json-config';\nimport { createDebug } from './debug';\n\nconst debug = createDebug('varlock:load');\n\nfunction normalizePkgLoadPath(pkgLoadPath: string | Array<string>): Array<string> {\n if (Array.isArray(pkgLoadPath)) return pkgLoadPath;\n return [pkgLoadPath];\n}\n\nfunction loadFromPaths(\n rawPaths: Array<string>,\n config: {\n source: string,\n errorPrefix: string,\n errorSuggestion: string,\n currentEnvFallback?: string,\n },\n) {\n const resolvedPaths = rawPaths.map((p) => path.resolve(p));\n\n if (resolvedPaths.length === 1) {\n debug('using path from %s: %s', config.source, resolvedPaths[0]);\n } else {\n debug('using %d paths from %s: %s', resolvedPaths.length, config.source, resolvedPaths.join(', '));\n }\n\n for (const resolvedPath of resolvedPaths) {\n if (!fs.existsSync(resolvedPath)) {\n throw new CliExitError(`${config.errorPrefix}: ${resolvedPath}`, {\n suggestion: config.errorSuggestion,\n });\n }\n }\n\n return runWithWorkspaceInfo(() => loadEnvGraph({\n currentEnvFallback: config.currentEnvFallback,\n entryFilePaths: resolvedPaths,\n afterInit: async (g) => {\n g.registerResolver(VarlockResolver);\n g.registerResolver(KeychainResolver);\n },\n }));\n}\n\nexport function loadVarlockEnvGraph(opts?: {\n currentEnvFallback?: string,\n /** Explicit entry file paths from --path flag(s) - overrides package.json config */\n entryFilePaths?: Array<string>,\n}) {\n const cliPaths = opts?.entryFilePaths?.filter(Boolean);\n\n // If --path flag(s) provided, they take precedence over package.json config\n if (cliPaths && cliPaths.length > 0) {\n // Return early and ignore pkgLoadPaths\n return loadFromPaths(cliPaths, {\n source: '--path flag',\n errorPrefix: 'The --path value does not exist',\n errorSuggestion: 'Use `--path` to specify a valid file or directory.',\n currentEnvFallback: opts?.currentEnvFallback,\n });\n }\n\n // Fall back to package.json varlock.loadPath\n const pkgLoadPath = readVarlockPackageJsonConfig()?.loadPath;\n const pkgLoadPaths = pkgLoadPath ? normalizePkgLoadPath(pkgLoadPath) : undefined;\n\n if (pkgLoadPaths) {\n return loadFromPaths(pkgLoadPaths, {\n source: 'package.json varlock.loadPath',\n errorPrefix: 'A path in `varlock.loadPath` configured in package.json does not exist',\n errorSuggestion: 'Update `varlock.loadPath` in your package.json to point to valid files or directories.',\n currentEnvFallback: opts?.currentEnvFallback,\n });\n }\n\n debug('no path configured, using cwd: %s', process.cwd());\n\n return runWithWorkspaceInfo(() => loadEnvGraph({\n currentEnvFallback: opts?.currentEnvFallback,\n afterInit: async (g) => {\n g.registerResolver(VarlockResolver);\n g.registerResolver(KeychainResolver);\n },\n }));\n}\n"]}
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
import { scanCodeForEnvVars } from './chunk-P33JXOU6.js';
|
|
2
|
-
import { define } from './chunk-4A54P4EM.js';
|
|
3
|
-
import { checkForSchemaErrors, checkForNoEnvFiles } from './chunk-45N5EFNL.js';
|
|
4
|
-
import { loadVarlockEnvGraph } from './chunk-H2JVYUHZ.js';
|
|
5
2
|
import { gracefulExit } from './chunk-CHQDS2PI.js';
|
|
6
|
-
import {
|
|
3
|
+
import { define } from './chunk-4A54P4EM.js';
|
|
4
|
+
import { checkForSchemaErrors, checkForNoEnvFiles } from './chunk-XUY3HAO2.js';
|
|
5
|
+
import { loadVarlockEnvGraph } from './chunk-C5LW5EET.js';
|
|
6
|
+
import { FileBasedDataSource, ansis_default } from './chunk-GKN3UJNE.js';
|
|
7
7
|
import { __name } from './chunk-6PEHRAEP.js';
|
|
8
8
|
import fs from 'fs/promises';
|
|
9
9
|
import path from 'path';
|
|
@@ -194,5 +194,5 @@ var commandFn = /* @__PURE__ */ __name(async (ctx) => {
|
|
|
194
194
|
}, "commandFn");
|
|
195
195
|
|
|
196
196
|
export { commandFn, commandSpec };
|
|
197
|
-
//# sourceMappingURL=chunk-
|
|
198
|
-
//# sourceMappingURL=chunk-
|
|
197
|
+
//# sourceMappingURL=chunk-CESFJIM4.js.map
|
|
198
|
+
//# sourceMappingURL=chunk-CESFJIM4.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/cli/helpers/audit-diff.ts","../src/cli/commands/audit.command.ts"],"names":[],"mappings":";;;;;;;;;;;AAAO,SAAS,qBAAA,CAAsB,YAA2B,QAAA,EAAyB;AACxF,EAAA,MAAM,SAAA,GAAY,IAAI,GAAA,CAAI,UAAU,CAAA;AACpC,EAAA,MAAM,OAAA,GAAU,IAAI,GAAA,CAAI,QAAQ,CAAA;AAEhC,EAAA,MAAM,eAAA,GAAkB,CAAC,GAAG,OAAO,EAAE,MAAA,CAAO,CAAC,MAAM,CAAC,SAAA,CAAU,IAAI,CAAC,CAAC,EAAE,IAAA,CAAK,CAAC,GAAG,CAAA,KAAM,CAAA,CAAE,aAAA,CAAc,CAAC,CAAC,CAAA;AACvG,EAAA,MAAM,cAAA,GAAiB,CAAC,GAAG,SAAS,EAAE,MAAA,CAAO,CAAC,MAAM,CAAC,OAAA,CAAQ,IAAI,CAAC,CAAC,EAAE,IAAA,CAAK,CAAC,GAAG,CAAA,KAAM,CAAA,CAAE,aAAA,CAAc,CAAC,CAAC,CAAA;AAEtG,EAAA,OAAO;AAAA,IACL,eAAA;AAAA,IACA;AAAA,GACF;AACF;AAXgB,MAAA,CAAA,qBAAA,EAAA,uBAAA,CAAA;;;ACiBT,IAAM,cAAc,MAAA,CAAO;AAAA,EAChC,IAAA,EAAM,OAAA;AAAA,EACN,WAAA,EAAa,mDAAA;AAAA,EACb,IAAA,EAAM;AAAA,IACJ,IAAA,EAAM;AAAA,MACJ,IAAA,EAAM,QAAA;AAAA,MACN,KAAA,EAAO,GAAA;AAAA,MACP,WAAA,EAAa;AAAA,KACf;AAAA,IACA,MAAA,EAAQ;AAAA,MACN,IAAA,EAAM,QAAA;AAAA,MACN,KAAA,EAAO,GAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,WAAA,EAAa;AAAA;AACf,GACF;AAAA,EACA,QAAA,EAAU;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,CAAA,CAUV,IAAA;AACF,CAAC;AAED,SAAS,eAAA,CAAgB,KAAa,GAAA,EAA8B;AAClE,EAAA,MAAM,OAAA,GAAU,IAAA,CAAK,QAAA,CAAS,GAAA,EAAK,IAAI,QAAQ,CAAA;AAC/C,EAAA,OAAO,GAAG,OAAO,CAAA,CAAA,EAAI,IAAI,UAAU,CAAA,CAAA,EAAI,IAAI,YAAY,CAAA,CAAA;AACzD;AAHS,MAAA,CAAA,eAAA,EAAA,iBAAA,CAAA;AAKT,eAAe,yBAAyB,iBAAA,EAA4C;AAClF,EAAA,MAAM,QAAA,GAAW,IAAA,CAAK,OAAA,CAAQ,iBAAiB,CAAA;AAC/C,EAAA,IAAI;AACF,IAAA,MAAM,SAAA,GAAY,MAAM,EAAA,CAAG,IAAA,CAAK,QAAQ,CAAA;AACxC,IAAA,IAAI,SAAA,CAAU,WAAA,EAAY,EAAG,OAAO,QAAA;AAAA,EACtC,CAAA,CAAA,MAAQ;AAAA,EAER;AAEA,EAAA,IAAI,iBAAA,CAAkB,SAAS,GAAG,CAAA,IAAK,kBAAkB,QAAA,CAAS,IAAA,CAAK,GAAG,CAAA,EAAG;AAC3E,IAAA,OAAO,QAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAA,CAAK,QAAQ,QAAQ,CAAA;AAC9B;AAbe,MAAA,CAAA,wBAAA,EAAA,0BAAA,CAAA;AAef,SAAS,iBAAA,CAAkB,OAAgB,GAAA,EAAoB;AAC7D,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AACxB,IAAA,KAAA,MAAW,KAAA,IAAS,KAAA,EAAO,iBAAA,CAAkB,KAAA,EAAO,GAAG,CAAA;AACvD,IAAA;AAAA,EACF;AACA,EAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAE/B,EAAA,MAAM,UAAA,GAAa,KAAA,CAAM,IAAA,EAAK,CAAE,OAAA,CAAQ,SAAS,EAAE,CAAA,CAAE,OAAA,CAAQ,SAAA,EAAW,EAAE,CAAA;AAC1E,EAAA,IAAI,CAAC,UAAA,EAAY;AACjB,EAAA,GAAA,CAAI,KAAK,UAAU,CAAA;AACrB;AAVS,MAAA,CAAA,iBAAA,EAAA,mBAAA,CAAA;AAaT,SAAS,4BAA4B,QAAA,EAA4B;AAC/D,EAAA,MAAM,UAAA,uBAAiB,GAAA,EAAY;AAGnC,EAAA,MAAM,UAAU,QAAA,CAAS,kBAAA;AACzB,EAAA,IAAI,OAAA,EAAS;AACX,IAAA,KAAA,MAAW,WAAW,OAAA,EAAS;AAC7B,MAAA,KAAA,MAAW,GAAA,IAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClC,QAAA,UAAA,CAAW,IAAI,GAAG,CAAA;AAAA,MACpB;AAAA,IACF;AAAA,EACF;AAGA,EAAA,KAAA,MAAW,MAAA,IAAU,QAAA,CAAS,iBAAA,IAAqB,EAAC,EAAG;AACrD,IAAA,KAAA,MAAW,GAAA,IAAO,MAAA,CAAO,cAAA,IAAkB,EAAC,EAAG;AAC7C,MAAA,KAAA,MAAW,GAAA,IAAO,GAAA,CAAI,gBAAA,EAAkB,IAAA,IAAQ,EAAC,EAAG;AAClD,QAAA,UAAA,CAAW,IAAI,GAAG,CAAA;AAAA,MACpB;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,UAAA;AACT;AAvBS,MAAA,CAAA,2BAAA,EAAA,6BAAA,CAAA;AAyBT,eAAe,0BAA0B,QAAA,EAAuC;AAC9E,EAAA,MAAM,UAAA,GAAa,OAAO,QAAA,EAAU,aAAA,KAAkB,aAClD,QAAA,CAAS,aAAA,CAAc,kBAAkB,CAAA,GACzC,EAAC;AAEL,EAAA,MAAM,cAA6B,EAAC;AACpC,EAAA,KAAA,MAAW,GAAA,IAAO,UAAA,IAAc,EAAC,EAAG;AAClC,IAAA,MAAM,QAAA,GAAW,MAAM,GAAA,CAAI,OAAA,EAAQ;AACnC,IAAA,iBAAA,CAAkB,QAAA,EAAU,KAAK,WAAW,CAAA;AAAA,EAC9C;AAEA,EAAA,OAAO,CAAC,GAAG,IAAI,GAAA,CAAI,WAAW,CAAC,CAAA;AACjC;AAZe,MAAA,CAAA,yBAAA,EAAA,2BAAA,CAAA;AAcR,IAAM,SAAA,iCAA6D,GAAA,KAAQ;AAChF,EAAA,MAAM,iBAAA,GAAoB,IAAI,MAAA,CAAO,IAAA;AACrC,EAAA,MAAM,aAAA,GAAiB,GAAA,CAAI,MAAA,CAAO,MAAA,IAAU,EAAC;AAC7C,EAAA,MAAM,WAAA,GAAA,CAAe,IAAI,WAAA,IAAe,IAAI,KAAA,CAAM,GAAA,CAAI,WAAA,EAAa,MAAA,IAAU,CAAC,CAAA;AAE9E,EAAA,MAAM,QAAA,GAAW,MAAM,mBAAA,CAAoB;AAAA,IACzC,cAAA,EAAgB,iBAAA,GAAoB,CAAC,iBAAiB,CAAA,GAAI;AAAA,GAC3D,CAAA;AAED,EAAA,oBAAA,CAAqB,QAAQ,CAAA;AAC7B,EAAA,kBAAA,CAAmB,QAAQ,CAAA;AAE3B,EAAA,MAAM,kBAAkB,MAAM;AAC5B,IAAA,IAAI,iBAAA,EAAmB;AACrB,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,MAAM,aAAa,QAAA,CAAS,cAAA;AAC5B,IAAA,IAAI,sBAAsB,mBAAA,EAAqB;AAC7C,MAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,UAAA,CAAW,QAAQ,CAAA;AAAA,IACzC;AACA,IAAA,OAAO,QAAA,CAAS,QAAA,IAAY,OAAA,CAAQ,GAAA,EAAI;AAAA,EAC1C,CAAA,GAAG;AAEH,EAAA,MAAM,aAAA,GAAgB,oBAClB,MAAM,wBAAA,CAAyB,iBAAiB,CAAA,GAC/C,cAAA,IAAkB,QAAQ,GAAA,EAAI;AAEnC,EAAA,MAAM,kBAAA,GAAqB,MAAM,yBAAA,CAA0B,QAAQ,CAAA;AAEnE,EAAA,MAAM,eAAA,GAAkB,CAAC,GAAG,kBAAA,EAAoB,GAAG,aAAa,CAAA;AAChE,EAAA,IAAI,eAAA,CAAgB,SAAS,CAAA,EAAG;AAC9B,IAAA,OAAA,CAAQ,IAAI,CAAA,qCAAA,EAA8B,eAAA,CAAgB,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,CAAA;AAAA,EACxE;AAGA,EAAA,IAAI,UAAA;AACJ,EAAA,IAAI,WAAA,CAAY,SAAS,CAAA,EAAG;AAC1B,IAAA,MAAM,aAAqC,EAAC;AAC5C,IAAA,IAAI,iBAAA,GAAoB,CAAA;AACxB,IAAA,KAAA,MAAW,UAAU,WAAA,EAAa;AAChC,MAAA,MAAM,cAAA,GAAiB,IAAA,CAAK,OAAA,CAAQ,aAAA,EAAe,MAAM,CAAA;AACzD,MAAA,MAAM,SAAS,MAAM,kBAAA;AAAA,QACnB,EAAE,KAAK,cAAA,EAAe;AAAA,QACtB;AAAA,OACF;AACA,MAAA,UAAA,CAAW,IAAA,CAAK,GAAG,MAAA,CAAO,UAAU,CAAA;AACpC,MAAA,iBAAA,IAAqB,MAAA,CAAO,iBAAA;AAAA,IAC9B;AACA,IAAA,MAAM,UAAA,GAAa,CAAC,GAAG,IAAI,IAAI,UAAA,CAAW,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,GAAG,CAAC,CAAC,EAAE,IAAA,CAAK,CAAC,GAAG,CAAA,KAAM,CAAA,CAAE,aAAA,CAAc,CAAC,CAAC,CAAA;AAC/F,IAAA,UAAA,GAAa,EAAE,IAAA,EAAM,UAAA,EAAY,UAAA,EAAY,UAAA,EAAY,mBAAmB,iBAAA,EAAkB;AAAA,EAChG,CAAA,MAAO;AACL,IAAA,UAAA,GAAa,MAAM,kBAAA;AAAA,MACjB,EAAE,KAAK,aAAA,EAAc;AAAA,MACrB;AAAA,KACF;AAAA,EACF;AACA,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,IAAA,CAAK,QAAA,CAAS,YAAY,CAAA;AAEpD,EAAA,MAAM,IAAA,GAAO,qBAAA,CAAsB,UAAA,EAAY,UAAA,CAAW,IAAI,CAAA;AAC9D,EAAA,MAAM,oBAAA,GAAuB,4BAA4B,QAAQ,CAAA;AACjE,EAAA,MAAM,iBAAgC,EAAC;AACvC,EAAA,KAAA,MAAW,GAAA,IAAO,KAAK,cAAA,EAAgB;AAErC,IAAA,IAAI,oBAAA,CAAqB,GAAA,CAAI,GAAG,CAAA,EAAG;AAEnC,IAAA,MAAM,IAAA,GAAO,QAAA,CAAS,YAAA,CAAa,GAAG,CAAA;AACtC,IAAA,MAAM,iBAAkB,IAAA,EAAc,UAAA;AACtC,IAAA,MAAM,SAAA,GAAa,OAAO,IAAA,EAAM,MAAA,KAAW,UAAA,IAAe,IAAA,CAAK,MAAA,CAAO,aAAa,CAAA,KAAkB,IAAA,IAC/F,cAAA,EAAgB,WAAA,KAAgB,IAAA;AACtC,IAAA,IAAI,SAAA,EAAW;AACf,IAAA,cAAA,CAAe,KAAK,GAAG,CAAA;AAAA,EACzB;AAEA,EAAA,IAAI,KAAK,eAAA,CAAgB,MAAA,KAAW,CAAA,IAAK,cAAA,CAAe,WAAW,CAAA,EAAG;AACpE,IAAA,OAAA,CAAQ,GAAA,CAAI,aAAA,CAAM,KAAA,CAAM,CAAA,wDAAA,EAAsD,UAAA,CAAW,iBAAiB,CAAA,KAAA,EAAQ,UAAA,CAAW,iBAAA,KAAsB,CAAA,GAAI,EAAA,GAAK,GAAG,GAAG,CAAC,CAAA;AACnK,IAAA,YAAA,CAAa,CAAC,CAAA;AACd,IAAA;AAAA,EACF;AAEA,EAAA,OAAA,CAAQ,KAAA,CAAM,aAAA,CAAM,GAAA,CAAI,8CAAuC,CAAC,CAAA;AAEhE,EAAA,IAAI,IAAA,CAAK,eAAA,CAAgB,MAAA,GAAS,CAAA,EAAG;AACnC,IAAA,OAAA,CAAQ,KAAA,CAAM,cAAM,GAAA,CAAI,CAAA,mBAAA,EAAsB,KAAK,eAAA,CAAgB,MAAM,IAAI,CAAC,CAAA;AAC9E,IAAA,KAAA,MAAW,GAAA,IAAO,KAAK,eAAA,EAAiB;AACtC,MAAA,MAAM,IAAA,GAAO,UAAA,CAAW,UAAA,CAAW,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,GAAA,KAAQ,GAAG,CAAA,CAAE,KAAA,CAAM,CAAA,EAAG,CAAC,CAAA;AAC1E,MAAA,MAAM,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,CAAC,CAAA,KAAM,eAAA,CAAgB,aAAA,EAAe,CAAC,CAAC,CAAA,CAAE,IAAA,CAAK,IAAI,CAAA;AAC/E,MAAA,OAAA,CAAQ,KAAA,CAAM,CAAA,IAAA,EAAO,aAAA,CAAM,IAAA,CAAK,GAAG,CAAC,CAAA,EAAG,UAAA,GAAa,aAAA,CAAM,IAAI,CAAA,UAAA,EAAa,UAAU,CAAA,CAAA,CAAG,CAAA,GAAI,EAAE,CAAA,CAAE,CAAA;AAAA,IAClG;AACA,IAAA,OAAA,CAAQ,MAAM,EAAE,CAAA;AAAA,EAClB;AAEA,EAAA,IAAI,cAAA,CAAe,SAAS,CAAA,EAAG;AAC7B,IAAA,OAAA,CAAQ,MAAM,aAAA,CAAM,MAAA,CAAO,qBAAqB,cAAA,CAAe,MAAM,IAAI,CAAC,CAAA;AAC1E,IAAA,KAAA,MAAW,OAAO,cAAA,EAAgB;AAChC,MAAA,OAAA,CAAQ,MAAM,CAAA,IAAA,EAAO,aAAA,CAAM,IAAA,CAAK,GAAG,CAAC,CAAA,CAAE,CAAA;AAAA,IACxC;AACA,IAAA,OAAA,CAAQ,KAAA,CAAM,aAAA,CAAM,GAAA,CAAI,6EAA6E,CAAC,CAAA;AACtG,IAAA,OAAA,CAAQ,MAAM,EAAE,CAAA;AAAA,EAClB;AAEA,EAAA,YAAA,CAAa,CAAC,CAAA;AAChB,CAAA,EAtGmE,WAAA","file":"chunk-35LTPRXV.js","sourcesContent":["export function diffSchemaAndCodeKeys(schemaKeys: Array<string>, codeKeys: Array<string>) {\n const schemaSet = new Set(schemaKeys);\n const codeSet = new Set(codeKeys);\n\n const missingInSchema = [...codeSet].filter((k) => !schemaSet.has(k)).sort((a, b) => a.localeCompare(b));\n const unusedInSchema = [...schemaSet].filter((k) => !codeSet.has(k)).sort((a, b) => a.localeCompare(b));\n\n return {\n missingInSchema,\n unusedInSchema,\n };\n}\n","import fs from 'node:fs/promises';\nimport path from 'node:path';\nimport ansis from 'ansis';\nimport { define } from 'gunshi';\n\nimport { FileBasedDataSource } from '../../env-graph';\nimport { loadVarlockEnvGraph } from '../../lib/load-graph';\nimport { checkForNoEnvFiles, checkForSchemaErrors } from '../helpers/error-checks';\nimport { type TypedGunshiCommandFn } from '../helpers/gunshi-type-utils';\nimport {\n scanCodeForEnvVars,\n type EnvVarReference,\n type ScanCodeEnvVarsResult,\n} from '../helpers/env-var-scanner';\nimport { gracefulExit } from 'exit-hook';\nimport { diffSchemaAndCodeKeys } from '../helpers/audit-diff';\n\nexport const commandSpec = define({\n name: 'audit',\n description: 'Audit code env var usage against your .env.schema',\n args: {\n path: {\n type: 'string',\n short: 'p',\n description: 'Path to a specific .env file or directory to use as the schema entry point',\n },\n ignore: {\n type: 'string',\n short: 'i',\n multiple: true,\n description: 'Directory to exclude from code scanning (can be specified multiple times)',\n },\n },\n examples: `\nScans your source code for environment variable references and compares them\nto keys defined in your varlock schema.\n\nExamples:\n varlock audit # Audit current project\n varlock audit --path .env.prod # Audit using a specific env entry point\n varlock audit ./src ./lib # Only scan specific directories\n varlock audit --ignore vendor # Exclude a directory from scanning\n varlock audit -i vendor -i generated # Exclude multiple directories\n`.trim(),\n});\n\nfunction formatReference(cwd: string, ref: EnvVarReference): string {\n const relPath = path.relative(cwd, ref.filePath);\n return `${relPath}:${ref.lineNumber}:${ref.columnNumber}`;\n}\n\nasync function getScanRootFromEntryPath(providedEntryPath: string): Promise<string> {\n const resolved = path.resolve(providedEntryPath);\n try {\n const entryStat = await fs.stat(resolved);\n if (entryStat.isDirectory()) return resolved;\n } catch {\n // loadVarlockEnvGraph validates path before this point; fallback keeps behavior predictable\n }\n\n if (providedEntryPath.endsWith('/') || providedEntryPath.endsWith(path.sep)) {\n return resolved;\n }\n return path.dirname(resolved);\n}\n\nfunction collectStringArgs(input: unknown, out: Array<string>) {\n if (Array.isArray(input)) {\n for (const entry of input) collectStringArgs(entry, out);\n return;\n }\n if (typeof input !== 'string') return;\n\n const normalized = input.trim().replace(/^\\.\\//, '').replace(/[/\\\\]+$/, '');\n if (!normalized) return;\n out.push(normalized);\n}\n\n/** Collect all config keys that are depended on by other items or root decorators */\nfunction getInternallyReferencedKeys(envGraph: any): Set<string> {\n const referenced = new Set<string>();\n\n // Keys referenced by other config items (via $REF, concat, fallback, etc.)\n const adjList = envGraph.graphAdjacencyList;\n if (adjList) {\n for (const itemKey in adjList) {\n for (const dep of adjList[itemKey]) {\n referenced.add(dep);\n }\n }\n }\n\n // Keys referenced by root decorators (e.g., @currentEnv=$APP_ENV)\n for (const source of envGraph.sortedDataSources ?? []) {\n for (const dec of source.rootDecorators ?? []) {\n for (const dep of dec.decValueResolver?.deps ?? []) {\n referenced.add(dep);\n }\n }\n }\n\n return referenced;\n}\n\nasync function getCustomAuditIgnorePaths(envGraph: any): Promise<Array<string>> {\n const rootDecFns = typeof envGraph?.getRootDecFns === 'function'\n ? envGraph.getRootDecFns('auditIgnorePaths')\n : [];\n\n const mergedPaths: Array<string> = [];\n for (const dec of rootDecFns || []) {\n const resolved = await dec.resolve();\n collectStringArgs(resolved?.arr, mergedPaths);\n }\n\n return [...new Set(mergedPaths)];\n}\n\nexport const commandFn: TypedGunshiCommandFn<typeof commandSpec> = async (ctx) => {\n const providedEntryPath = ctx.values.path as string | undefined;\n const cliIgnoreDirs = (ctx.values.ignore ?? []) as Array<string>;\n const scanTargets = (ctx.positionals ?? []).slice(ctx.commandPath?.length ?? 0);\n\n const envGraph = await loadVarlockEnvGraph({\n entryFilePaths: providedEntryPath ? [providedEntryPath] : undefined,\n });\n\n checkForSchemaErrors(envGraph);\n checkForNoEnvFiles(envGraph);\n\n const schemaScanRoot = (() => {\n if (providedEntryPath) {\n return undefined;\n }\n\n const rootSource = envGraph.rootDataSource;\n if (rootSource instanceof FileBasedDataSource) {\n return path.dirname(rootSource.fullPath);\n }\n return envGraph.basePath ?? process.cwd();\n })();\n\n const finalScanRoot = providedEntryPath\n ? await getScanRootFromEntryPath(providedEntryPath)\n : (schemaScanRoot ?? process.cwd());\n\n const customIgnoredPaths = await getCustomAuditIgnorePaths(envGraph);\n // Merge CLI --ignore dirs with schema @auditIgnorePaths\n const allIgnoredPaths = [...customIgnoredPaths, ...cliIgnoreDirs];\n if (allIgnoredPaths.length > 0) {\n console.log(`ℹ️ Skipping ignored paths: ${allIgnoredPaths.join(', ')}`);\n }\n\n // If positional scan targets are provided, scan each one individually and merge results\n let scanResult: ScanCodeEnvVarsResult;\n if (scanTargets.length > 0) {\n const mergedRefs: Array<EnvVarReference> = [];\n let totalFilesScanned = 0;\n for (const target of scanTargets) {\n const resolvedTarget = path.resolve(finalScanRoot, target);\n const result = await scanCodeForEnvVars(\n { cwd: resolvedTarget },\n allIgnoredPaths,\n );\n mergedRefs.push(...result.references);\n totalFilesScanned += result.scannedFilesCount;\n }\n const uniqueKeys = [...new Set(mergedRefs.map((r) => r.key))].sort((a, b) => a.localeCompare(b));\n scanResult = { keys: uniqueKeys, references: mergedRefs, scannedFilesCount: totalFilesScanned };\n } else {\n scanResult = await scanCodeForEnvVars(\n { cwd: finalScanRoot },\n allIgnoredPaths,\n );\n }\n const schemaKeys = Object.keys(envGraph.configSchema);\n\n const diff = diffSchemaAndCodeKeys(schemaKeys, scanResult.keys);\n const internallyReferenced = getInternallyReferencedKeys(envGraph);\n const unusedInSchema: Array<string> = [];\n for (const key of diff.unusedInSchema) {\n // Skip keys that are referenced internally by other items or root decorators\n if (internallyReferenced.has(key)) continue;\n\n const item = envGraph.configSchema[key];\n const itemDecorators = (item as any)?.decorators as Record<string, unknown> | undefined;\n const isIgnored = (typeof item?.getDec === 'function' && (item.getDec('auditIgnore') as unknown) === true)\n || (itemDecorators?.auditIgnore === true);\n if (isIgnored) continue;\n unusedInSchema.push(key);\n }\n\n if (diff.missingInSchema.length === 0 && unusedInSchema.length === 0) {\n console.log(ansis.green(`✅ Schema and code references are in sync. (scanned ${scanResult.scannedFilesCount} file${scanResult.scannedFilesCount === 1 ? '' : 's'})`));\n gracefulExit(0);\n return;\n }\n\n console.error(ansis.red('\\n🚨 Schema/code mismatch detected:\\n'));\n\n if (diff.missingInSchema.length > 0) {\n console.error(ansis.red(`Missing in schema (${diff.missingInSchema.length}):`));\n for (const key of diff.missingInSchema) {\n const refs = scanResult.references.filter((r) => r.key === key).slice(0, 3);\n const refPreview = refs.map((r) => formatReference(finalScanRoot, r)).join(', ');\n console.error(` - ${ansis.bold(key)}${refPreview ? ansis.dim(` (seen at ${refPreview})`) : ''}`);\n }\n console.error('');\n }\n\n if (unusedInSchema.length > 0) {\n console.error(ansis.yellow(`Unused in schema (${unusedInSchema.length}):`));\n for (const key of unusedInSchema) {\n console.error(` - ${ansis.bold(key)}`);\n }\n console.error(ansis.dim('(Hint: If this is used by an external tool, add # @auditIgnore to the item)'));\n console.error('');\n }\n\n gracefulExit(1);\n};\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/cli/helpers/audit-diff.ts","../src/cli/commands/audit.command.ts"],"names":[],"mappings":";;;;;;;;;;;AAAO,SAAS,qBAAA,CAAsB,YAA2B,QAAA,EAAyB;AACxF,EAAA,MAAM,SAAA,GAAY,IAAI,GAAA,CAAI,UAAU,CAAA;AACpC,EAAA,MAAM,OAAA,GAAU,IAAI,GAAA,CAAI,QAAQ,CAAA;AAEhC,EAAA,MAAM,eAAA,GAAkB,CAAC,GAAG,OAAO,EAAE,MAAA,CAAO,CAAC,MAAM,CAAC,SAAA,CAAU,IAAI,CAAC,CAAC,EAAE,IAAA,CAAK,CAAC,GAAG,CAAA,KAAM,CAAA,CAAE,aAAA,CAAc,CAAC,CAAC,CAAA;AACvG,EAAA,MAAM,cAAA,GAAiB,CAAC,GAAG,SAAS,EAAE,MAAA,CAAO,CAAC,MAAM,CAAC,OAAA,CAAQ,IAAI,CAAC,CAAC,EAAE,IAAA,CAAK,CAAC,GAAG,CAAA,KAAM,CAAA,CAAE,aAAA,CAAc,CAAC,CAAC,CAAA;AAEtG,EAAA,OAAO;AAAA,IACL,eAAA;AAAA,IACA;AAAA,GACF;AACF;AAXgB,MAAA,CAAA,qBAAA,EAAA,uBAAA,CAAA;;;ACiBT,IAAM,cAAc,MAAA,CAAO;AAAA,EAChC,IAAA,EAAM,OAAA;AAAA,EACN,WAAA,EAAa,mDAAA;AAAA,EACb,IAAA,EAAM;AAAA,IACJ,IAAA,EAAM;AAAA,MACJ,IAAA,EAAM,QAAA;AAAA,MACN,KAAA,EAAO,GAAA;AAAA,MACP,WAAA,EAAa;AAAA,KACf;AAAA,IACA,MAAA,EAAQ;AAAA,MACN,IAAA,EAAM,QAAA;AAAA,MACN,KAAA,EAAO,GAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,WAAA,EAAa;AAAA;AACf,GACF;AAAA,EACA,QAAA,EAAU;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,CAAA,CAUV,IAAA;AACF,CAAC;AAED,SAAS,eAAA,CAAgB,KAAa,GAAA,EAA8B;AAClE,EAAA,MAAM,OAAA,GAAU,IAAA,CAAK,QAAA,CAAS,GAAA,EAAK,IAAI,QAAQ,CAAA;AAC/C,EAAA,OAAO,GAAG,OAAO,CAAA,CAAA,EAAI,IAAI,UAAU,CAAA,CAAA,EAAI,IAAI,YAAY,CAAA,CAAA;AACzD;AAHS,MAAA,CAAA,eAAA,EAAA,iBAAA,CAAA;AAKT,eAAe,yBAAyB,iBAAA,EAA4C;AAClF,EAAA,MAAM,QAAA,GAAW,IAAA,CAAK,OAAA,CAAQ,iBAAiB,CAAA;AAC/C,EAAA,IAAI;AACF,IAAA,MAAM,SAAA,GAAY,MAAM,EAAA,CAAG,IAAA,CAAK,QAAQ,CAAA;AACxC,IAAA,IAAI,SAAA,CAAU,WAAA,EAAY,EAAG,OAAO,QAAA;AAAA,EACtC,CAAA,CAAA,MAAQ;AAAA,EAER;AAEA,EAAA,IAAI,iBAAA,CAAkB,SAAS,GAAG,CAAA,IAAK,kBAAkB,QAAA,CAAS,IAAA,CAAK,GAAG,CAAA,EAAG;AAC3E,IAAA,OAAO,QAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAA,CAAK,QAAQ,QAAQ,CAAA;AAC9B;AAbe,MAAA,CAAA,wBAAA,EAAA,0BAAA,CAAA;AAef,SAAS,iBAAA,CAAkB,OAAgB,GAAA,EAAoB;AAC7D,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AACxB,IAAA,KAAA,MAAW,KAAA,IAAS,KAAA,EAAO,iBAAA,CAAkB,KAAA,EAAO,GAAG,CAAA;AACvD,IAAA;AAAA,EACF;AACA,EAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAE/B,EAAA,MAAM,UAAA,GAAa,KAAA,CAAM,IAAA,EAAK,CAAE,OAAA,CAAQ,SAAS,EAAE,CAAA,CAAE,OAAA,CAAQ,SAAA,EAAW,EAAE,CAAA;AAC1E,EAAA,IAAI,CAAC,UAAA,EAAY;AACjB,EAAA,GAAA,CAAI,KAAK,UAAU,CAAA;AACrB;AAVS,MAAA,CAAA,iBAAA,EAAA,mBAAA,CAAA;AAaT,SAAS,4BAA4B,QAAA,EAA4B;AAC/D,EAAA,MAAM,UAAA,uBAAiB,GAAA,EAAY;AAGnC,EAAA,MAAM,UAAU,QAAA,CAAS,kBAAA;AACzB,EAAA,IAAI,OAAA,EAAS;AACX,IAAA,KAAA,MAAW,WAAW,OAAA,EAAS;AAC7B,MAAA,KAAA,MAAW,GAAA,IAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClC,QAAA,UAAA,CAAW,IAAI,GAAG,CAAA;AAAA,MACpB;AAAA,IACF;AAAA,EACF;AAGA,EAAA,KAAA,MAAW,MAAA,IAAU,QAAA,CAAS,iBAAA,IAAqB,EAAC,EAAG;AACrD,IAAA,KAAA,MAAW,GAAA,IAAO,MAAA,CAAO,cAAA,IAAkB,EAAC,EAAG;AAC7C,MAAA,KAAA,MAAW,GAAA,IAAO,GAAA,CAAI,gBAAA,EAAkB,IAAA,IAAQ,EAAC,EAAG;AAClD,QAAA,UAAA,CAAW,IAAI,GAAG,CAAA;AAAA,MACpB;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,UAAA;AACT;AAvBS,MAAA,CAAA,2BAAA,EAAA,6BAAA,CAAA;AAyBT,eAAe,0BAA0B,QAAA,EAAuC;AAC9E,EAAA,MAAM,UAAA,GAAa,OAAO,QAAA,EAAU,aAAA,KAAkB,aAClD,QAAA,CAAS,aAAA,CAAc,kBAAkB,CAAA,GACzC,EAAC;AAEL,EAAA,MAAM,cAA6B,EAAC;AACpC,EAAA,KAAA,MAAW,GAAA,IAAO,UAAA,IAAc,EAAC,EAAG;AAClC,IAAA,MAAM,QAAA,GAAW,MAAM,GAAA,CAAI,OAAA,EAAQ;AACnC,IAAA,iBAAA,CAAkB,QAAA,EAAU,KAAK,WAAW,CAAA;AAAA,EAC9C;AAEA,EAAA,OAAO,CAAC,GAAG,IAAI,GAAA,CAAI,WAAW,CAAC,CAAA;AACjC;AAZe,MAAA,CAAA,yBAAA,EAAA,2BAAA,CAAA;AAcR,IAAM,SAAA,iCAA6D,GAAA,KAAQ;AAChF,EAAA,MAAM,iBAAA,GAAoB,IAAI,MAAA,CAAO,IAAA;AACrC,EAAA,MAAM,aAAA,GAAiB,GAAA,CAAI,MAAA,CAAO,MAAA,IAAU,EAAC;AAC7C,EAAA,MAAM,WAAA,GAAA,CAAe,IAAI,WAAA,IAAe,IAAI,KAAA,CAAM,GAAA,CAAI,WAAA,EAAa,MAAA,IAAU,CAAC,CAAA;AAE9E,EAAA,MAAM,QAAA,GAAW,MAAM,mBAAA,CAAoB;AAAA,IACzC,cAAA,EAAgB,iBAAA,GAAoB,CAAC,iBAAiB,CAAA,GAAI;AAAA,GAC3D,CAAA;AAED,EAAA,oBAAA,CAAqB,QAAQ,CAAA;AAC7B,EAAA,kBAAA,CAAmB,QAAQ,CAAA;AAE3B,EAAA,MAAM,kBAAkB,MAAM;AAC5B,IAAA,IAAI,iBAAA,EAAmB;AACrB,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,MAAM,aAAa,QAAA,CAAS,cAAA;AAC5B,IAAA,IAAI,sBAAsB,mBAAA,EAAqB;AAC7C,MAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,UAAA,CAAW,QAAQ,CAAA;AAAA,IACzC;AACA,IAAA,OAAO,QAAA,CAAS,QAAA,IAAY,OAAA,CAAQ,GAAA,EAAI;AAAA,EAC1C,CAAA,GAAG;AAEH,EAAA,MAAM,aAAA,GAAgB,oBAClB,MAAM,wBAAA,CAAyB,iBAAiB,CAAA,GAC/C,cAAA,IAAkB,QAAQ,GAAA,EAAI;AAEnC,EAAA,MAAM,kBAAA,GAAqB,MAAM,yBAAA,CAA0B,QAAQ,CAAA;AAEnE,EAAA,MAAM,eAAA,GAAkB,CAAC,GAAG,kBAAA,EAAoB,GAAG,aAAa,CAAA;AAChE,EAAA,IAAI,eAAA,CAAgB,SAAS,CAAA,EAAG;AAC9B,IAAA,OAAA,CAAQ,IAAI,CAAA,qCAAA,EAA8B,eAAA,CAAgB,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,CAAA;AAAA,EACxE;AAGA,EAAA,IAAI,UAAA;AACJ,EAAA,IAAI,WAAA,CAAY,SAAS,CAAA,EAAG;AAC1B,IAAA,MAAM,aAAqC,EAAC;AAC5C,IAAA,IAAI,iBAAA,GAAoB,CAAA;AACxB,IAAA,KAAA,MAAW,UAAU,WAAA,EAAa;AAChC,MAAA,MAAM,cAAA,GAAiB,IAAA,CAAK,OAAA,CAAQ,aAAA,EAAe,MAAM,CAAA;AACzD,MAAA,MAAM,SAAS,MAAM,kBAAA;AAAA,QACnB,EAAE,KAAK,cAAA,EAAe;AAAA,QACtB;AAAA,OACF;AACA,MAAA,UAAA,CAAW,IAAA,CAAK,GAAG,MAAA,CAAO,UAAU,CAAA;AACpC,MAAA,iBAAA,IAAqB,MAAA,CAAO,iBAAA;AAAA,IAC9B;AACA,IAAA,MAAM,UAAA,GAAa,CAAC,GAAG,IAAI,IAAI,UAAA,CAAW,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,GAAG,CAAC,CAAC,EAAE,IAAA,CAAK,CAAC,GAAG,CAAA,KAAM,CAAA,CAAE,aAAA,CAAc,CAAC,CAAC,CAAA;AAC/F,IAAA,UAAA,GAAa,EAAE,IAAA,EAAM,UAAA,EAAY,UAAA,EAAY,UAAA,EAAY,mBAAmB,iBAAA,EAAkB;AAAA,EAChG,CAAA,MAAO;AACL,IAAA,UAAA,GAAa,MAAM,kBAAA;AAAA,MACjB,EAAE,KAAK,aAAA,EAAc;AAAA,MACrB;AAAA,KACF;AAAA,EACF;AACA,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,IAAA,CAAK,QAAA,CAAS,YAAY,CAAA;AAEpD,EAAA,MAAM,IAAA,GAAO,qBAAA,CAAsB,UAAA,EAAY,UAAA,CAAW,IAAI,CAAA;AAC9D,EAAA,MAAM,oBAAA,GAAuB,4BAA4B,QAAQ,CAAA;AACjE,EAAA,MAAM,iBAAgC,EAAC;AACvC,EAAA,KAAA,MAAW,GAAA,IAAO,KAAK,cAAA,EAAgB;AAErC,IAAA,IAAI,oBAAA,CAAqB,GAAA,CAAI,GAAG,CAAA,EAAG;AAEnC,IAAA,MAAM,IAAA,GAAO,QAAA,CAAS,YAAA,CAAa,GAAG,CAAA;AACtC,IAAA,MAAM,iBAAkB,IAAA,EAAc,UAAA;AACtC,IAAA,MAAM,SAAA,GAAa,OAAO,IAAA,EAAM,MAAA,KAAW,UAAA,IAAe,IAAA,CAAK,MAAA,CAAO,aAAa,CAAA,KAAkB,IAAA,IAC/F,cAAA,EAAgB,WAAA,KAAgB,IAAA;AACtC,IAAA,IAAI,SAAA,EAAW;AACf,IAAA,cAAA,CAAe,KAAK,GAAG,CAAA;AAAA,EACzB;AAEA,EAAA,IAAI,KAAK,eAAA,CAAgB,MAAA,KAAW,CAAA,IAAK,cAAA,CAAe,WAAW,CAAA,EAAG;AACpE,IAAA,OAAA,CAAQ,GAAA,CAAI,aAAA,CAAM,KAAA,CAAM,CAAA,wDAAA,EAAsD,UAAA,CAAW,iBAAiB,CAAA,KAAA,EAAQ,UAAA,CAAW,iBAAA,KAAsB,CAAA,GAAI,EAAA,GAAK,GAAG,GAAG,CAAC,CAAA;AACnK,IAAA,YAAA,CAAa,CAAC,CAAA;AACd,IAAA;AAAA,EACF;AAEA,EAAA,OAAA,CAAQ,KAAA,CAAM,aAAA,CAAM,GAAA,CAAI,8CAAuC,CAAC,CAAA;AAEhE,EAAA,IAAI,IAAA,CAAK,eAAA,CAAgB,MAAA,GAAS,CAAA,EAAG;AACnC,IAAA,OAAA,CAAQ,KAAA,CAAM,cAAM,GAAA,CAAI,CAAA,mBAAA,EAAsB,KAAK,eAAA,CAAgB,MAAM,IAAI,CAAC,CAAA;AAC9E,IAAA,KAAA,MAAW,GAAA,IAAO,KAAK,eAAA,EAAiB;AACtC,MAAA,MAAM,IAAA,GAAO,UAAA,CAAW,UAAA,CAAW,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,GAAA,KAAQ,GAAG,CAAA,CAAE,KAAA,CAAM,CAAA,EAAG,CAAC,CAAA;AAC1E,MAAA,MAAM,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,CAAC,CAAA,KAAM,eAAA,CAAgB,aAAA,EAAe,CAAC,CAAC,CAAA,CAAE,IAAA,CAAK,IAAI,CAAA;AAC/E,MAAA,OAAA,CAAQ,KAAA,CAAM,CAAA,IAAA,EAAO,aAAA,CAAM,IAAA,CAAK,GAAG,CAAC,CAAA,EAAG,UAAA,GAAa,aAAA,CAAM,IAAI,CAAA,UAAA,EAAa,UAAU,CAAA,CAAA,CAAG,CAAA,GAAI,EAAE,CAAA,CAAE,CAAA;AAAA,IAClG;AACA,IAAA,OAAA,CAAQ,MAAM,EAAE,CAAA;AAAA,EAClB;AAEA,EAAA,IAAI,cAAA,CAAe,SAAS,CAAA,EAAG;AAC7B,IAAA,OAAA,CAAQ,MAAM,aAAA,CAAM,MAAA,CAAO,qBAAqB,cAAA,CAAe,MAAM,IAAI,CAAC,CAAA;AAC1E,IAAA,KAAA,MAAW,OAAO,cAAA,EAAgB;AAChC,MAAA,OAAA,CAAQ,MAAM,CAAA,IAAA,EAAO,aAAA,CAAM,IAAA,CAAK,GAAG,CAAC,CAAA,CAAE,CAAA;AAAA,IACxC;AACA,IAAA,OAAA,CAAQ,KAAA,CAAM,aAAA,CAAM,GAAA,CAAI,6EAA6E,CAAC,CAAA;AACtG,IAAA,OAAA,CAAQ,MAAM,EAAE,CAAA;AAAA,EAClB;AAEA,EAAA,YAAA,CAAa,CAAC,CAAA;AAChB,CAAA,EAtGmE,WAAA","file":"chunk-CESFJIM4.js","sourcesContent":["export function diffSchemaAndCodeKeys(schemaKeys: Array<string>, codeKeys: Array<string>) {\n const schemaSet = new Set(schemaKeys);\n const codeSet = new Set(codeKeys);\n\n const missingInSchema = [...codeSet].filter((k) => !schemaSet.has(k)).sort((a, b) => a.localeCompare(b));\n const unusedInSchema = [...schemaSet].filter((k) => !codeSet.has(k)).sort((a, b) => a.localeCompare(b));\n\n return {\n missingInSchema,\n unusedInSchema,\n };\n}\n","import fs from 'node:fs/promises';\nimport path from 'node:path';\nimport ansis from 'ansis';\nimport { define } from 'gunshi';\n\nimport { FileBasedDataSource } from '../../env-graph';\nimport { loadVarlockEnvGraph } from '../../lib/load-graph';\nimport { checkForNoEnvFiles, checkForSchemaErrors } from '../helpers/error-checks';\nimport { type TypedGunshiCommandFn } from '../helpers/gunshi-type-utils';\nimport {\n scanCodeForEnvVars,\n type EnvVarReference,\n type ScanCodeEnvVarsResult,\n} from '../helpers/env-var-scanner';\nimport { gracefulExit } from 'exit-hook';\nimport { diffSchemaAndCodeKeys } from '../helpers/audit-diff';\n\nexport const commandSpec = define({\n name: 'audit',\n description: 'Audit code env var usage against your .env.schema',\n args: {\n path: {\n type: 'string',\n short: 'p',\n description: 'Path to a specific .env file or directory to use as the schema entry point',\n },\n ignore: {\n type: 'string',\n short: 'i',\n multiple: true,\n description: 'Directory to exclude from code scanning (can be specified multiple times)',\n },\n },\n examples: `\nScans your source code for environment variable references and compares them\nto keys defined in your varlock schema.\n\nExamples:\n varlock audit # Audit current project\n varlock audit --path .env.prod # Audit using a specific env entry point\n varlock audit ./src ./lib # Only scan specific directories\n varlock audit --ignore vendor # Exclude a directory from scanning\n varlock audit -i vendor -i generated # Exclude multiple directories\n`.trim(),\n});\n\nfunction formatReference(cwd: string, ref: EnvVarReference): string {\n const relPath = path.relative(cwd, ref.filePath);\n return `${relPath}:${ref.lineNumber}:${ref.columnNumber}`;\n}\n\nasync function getScanRootFromEntryPath(providedEntryPath: string): Promise<string> {\n const resolved = path.resolve(providedEntryPath);\n try {\n const entryStat = await fs.stat(resolved);\n if (entryStat.isDirectory()) return resolved;\n } catch {\n // loadVarlockEnvGraph validates path before this point; fallback keeps behavior predictable\n }\n\n if (providedEntryPath.endsWith('/') || providedEntryPath.endsWith(path.sep)) {\n return resolved;\n }\n return path.dirname(resolved);\n}\n\nfunction collectStringArgs(input: unknown, out: Array<string>) {\n if (Array.isArray(input)) {\n for (const entry of input) collectStringArgs(entry, out);\n return;\n }\n if (typeof input !== 'string') return;\n\n const normalized = input.trim().replace(/^\\.\\//, '').replace(/[/\\\\]+$/, '');\n if (!normalized) return;\n out.push(normalized);\n}\n\n/** Collect all config keys that are depended on by other items or root decorators */\nfunction getInternallyReferencedKeys(envGraph: any): Set<string> {\n const referenced = new Set<string>();\n\n // Keys referenced by other config items (via $REF, concat, fallback, etc.)\n const adjList = envGraph.graphAdjacencyList;\n if (adjList) {\n for (const itemKey in adjList) {\n for (const dep of adjList[itemKey]) {\n referenced.add(dep);\n }\n }\n }\n\n // Keys referenced by root decorators (e.g., @currentEnv=$APP_ENV)\n for (const source of envGraph.sortedDataSources ?? []) {\n for (const dec of source.rootDecorators ?? []) {\n for (const dep of dec.decValueResolver?.deps ?? []) {\n referenced.add(dep);\n }\n }\n }\n\n return referenced;\n}\n\nasync function getCustomAuditIgnorePaths(envGraph: any): Promise<Array<string>> {\n const rootDecFns = typeof envGraph?.getRootDecFns === 'function'\n ? envGraph.getRootDecFns('auditIgnorePaths')\n : [];\n\n const mergedPaths: Array<string> = [];\n for (const dec of rootDecFns || []) {\n const resolved = await dec.resolve();\n collectStringArgs(resolved?.arr, mergedPaths);\n }\n\n return [...new Set(mergedPaths)];\n}\n\nexport const commandFn: TypedGunshiCommandFn<typeof commandSpec> = async (ctx) => {\n const providedEntryPath = ctx.values.path as string | undefined;\n const cliIgnoreDirs = (ctx.values.ignore ?? []) as Array<string>;\n const scanTargets = (ctx.positionals ?? []).slice(ctx.commandPath?.length ?? 0);\n\n const envGraph = await loadVarlockEnvGraph({\n entryFilePaths: providedEntryPath ? [providedEntryPath] : undefined,\n });\n\n checkForSchemaErrors(envGraph);\n checkForNoEnvFiles(envGraph);\n\n const schemaScanRoot = (() => {\n if (providedEntryPath) {\n return undefined;\n }\n\n const rootSource = envGraph.rootDataSource;\n if (rootSource instanceof FileBasedDataSource) {\n return path.dirname(rootSource.fullPath);\n }\n return envGraph.basePath ?? process.cwd();\n })();\n\n const finalScanRoot = providedEntryPath\n ? await getScanRootFromEntryPath(providedEntryPath)\n : (schemaScanRoot ?? process.cwd());\n\n const customIgnoredPaths = await getCustomAuditIgnorePaths(envGraph);\n // Merge CLI --ignore dirs with schema @auditIgnorePaths\n const allIgnoredPaths = [...customIgnoredPaths, ...cliIgnoreDirs];\n if (allIgnoredPaths.length > 0) {\n console.log(`ℹ️ Skipping ignored paths: ${allIgnoredPaths.join(', ')}`);\n }\n\n // If positional scan targets are provided, scan each one individually and merge results\n let scanResult: ScanCodeEnvVarsResult;\n if (scanTargets.length > 0) {\n const mergedRefs: Array<EnvVarReference> = [];\n let totalFilesScanned = 0;\n for (const target of scanTargets) {\n const resolvedTarget = path.resolve(finalScanRoot, target);\n const result = await scanCodeForEnvVars(\n { cwd: resolvedTarget },\n allIgnoredPaths,\n );\n mergedRefs.push(...result.references);\n totalFilesScanned += result.scannedFilesCount;\n }\n const uniqueKeys = [...new Set(mergedRefs.map((r) => r.key))].sort((a, b) => a.localeCompare(b));\n scanResult = { keys: uniqueKeys, references: mergedRefs, scannedFilesCount: totalFilesScanned };\n } else {\n scanResult = await scanCodeForEnvVars(\n { cwd: finalScanRoot },\n allIgnoredPaths,\n );\n }\n const schemaKeys = Object.keys(envGraph.configSchema);\n\n const diff = diffSchemaAndCodeKeys(schemaKeys, scanResult.keys);\n const internallyReferenced = getInternallyReferencedKeys(envGraph);\n const unusedInSchema: Array<string> = [];\n for (const key of diff.unusedInSchema) {\n // Skip keys that are referenced internally by other items or root decorators\n if (internallyReferenced.has(key)) continue;\n\n const item = envGraph.configSchema[key];\n const itemDecorators = (item as any)?.decorators as Record<string, unknown> | undefined;\n const isIgnored = (typeof item?.getDec === 'function' && (item.getDec('auditIgnore') as unknown) === true)\n || (itemDecorators?.auditIgnore === true);\n if (isIgnored) continue;\n unusedInSchema.push(key);\n }\n\n if (diff.missingInSchema.length === 0 && unusedInSchema.length === 0) {\n console.log(ansis.green(`✅ Schema and code references are in sync. (scanned ${scanResult.scannedFilesCount} file${scanResult.scannedFilesCount === 1 ? '' : 's'})`));\n gracefulExit(0);\n return;\n }\n\n console.error(ansis.red('\\n🚨 Schema/code mismatch detected:\\n'));\n\n if (diff.missingInSchema.length > 0) {\n console.error(ansis.red(`Missing in schema (${diff.missingInSchema.length}):`));\n for (const key of diff.missingInSchema) {\n const refs = scanResult.references.filter((r) => r.key === key).slice(0, 3);\n const refPreview = refs.map((r) => formatReference(finalScanRoot, r)).join(', ');\n console.error(` - ${ansis.bold(key)}${refPreview ? ansis.dim(` (seen at ${refPreview})`) : ''}`);\n }\n console.error('');\n }\n\n if (unusedInSchema.length > 0) {\n console.error(ansis.yellow(`Unused in schema (${unusedInSchema.length}):`));\n for (const key of unusedInSchema) {\n console.error(` - ${ansis.bold(key)}`);\n }\n console.error(ansis.dim('(Hint: If this is used by an external tool, add # @auditIgnore to the item)'));\n console.error('');\n }\n\n gracefulExit(1);\n};\n"]}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { debug, varlockSettings, scanForLeaks, redactSensitiveConfig } from './chunk-
|
|
1
|
+
import { debug, varlockSettings, scanForLeaks, redactSensitiveConfig } from './chunk-UUJK65RS.js';
|
|
2
2
|
import { __name } from './chunk-6PEHRAEP.js';
|
|
3
3
|
import zlib from 'zlib';
|
|
4
4
|
import { ServerResponse } from 'http';
|
|
@@ -88,5 +88,5 @@ function patchGlobalServerResponse(opts) {
|
|
|
88
88
|
__name(patchGlobalServerResponse, "patchGlobalServerResponse");
|
|
89
89
|
|
|
90
90
|
export { patchGlobalServerResponse };
|
|
91
|
-
//# sourceMappingURL=chunk-
|
|
92
|
-
//# sourceMappingURL=chunk-
|
|
91
|
+
//# sourceMappingURL=chunk-DIPEXEIL.js.map
|
|
92
|
+
//# sourceMappingURL=chunk-DIPEXEIL.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/runtime/patch-server-response.ts"],"names":[],"mappings":";;;;;AAUA,IAAM,UAAA,GAAa,mBAAA;AACZ,SAAS,0BAA0B,IAAA,EAGvC;AACD,EAAA,KAAA,CAAM,6CAAmC,CAAA;AACzC,EAAA,IAAI,MAAA,CAAO,wBAAA,CAAyB,cAAA,CAAe,SAAA,EAAW,UAAU,CAAA,EAAG;AACzE,IAAA,KAAA,CAAM,mBAAmB,CAAA;AACzB,IAAA;AAAA,EACF;AACA,EAAA,IAAI,eAAA,CAAgB,iBAAiB,KAAA,EAAO;AAC1C,IAAA,KAAA,CAAM,wBAAwB,CAAA;AAC9B,IAAA;AAAA,EACF;AAEA,EAAA,MAAA,CAAO,eAAe,cAAA,CAAe,SAAA,EAAW,YAAY,EAAE,KAAA,EAAO,MAAM,CAAA;AAE3E,EAAA,MAAM,mBAAA,GAAsB,eAAe,SAAA,CAAU,KAAA;AAGrD,EAAA,cAAA,CAAe,SAAA,CAAU,KAAA,mBAAQ,MAAA,CAAA,SAAS,iCAAA,CAAA,GAAqC,IAAA,EAAM;AAGnF,IAAA,MAAM,QAAA,GAAW,KAAK,CAAC,CAAA;AAKvB,IAAA,MAAM,cAAc,IAAA,CAAK,SAAA,CAAU,cAAc,CAAA,EAAG,UAAS,IAAK,EAAA;AAElE,IAAA,IAAI,OAAA,GACF,WAAA,CAAY,UAAA,CAAW,OAAO,CAAA,IAC3B,WAAA,CAAY,UAAA,CAAW,kBAAkB,CAAA,IACxC,CAAC,WAAA,IAAe,OAAO,QAAA,KAAa,QAAA;AAI1C,IAAA,MAAM,MAAA,GAAU,KAAa,GAAA,CAAI,GAAA;AAEjC,IAAA,IAAI,OAAA,IAAW,MAAA,IAAU,IAAA,EAAM,iBAAA,EAAmB,IAAA,CAAK,CAAC,OAAA,KAAY,OAAA,CAAQ,IAAA,CAAK,MAAM,CAAC,CAAA,EAAG;AACzF,MAAA,OAAA,GAAU,KAAA;AAAA,IACZ;AAIA,IAAA,IAAI,CAAC,OAAA,EAAS;AAEZ,MAAA,OAAO,mBAAA,CAAoB,KAAA,CAAM,IAAA,EAAM,IAAI,CAAA;AAAA,IAC7C;AAGA,IAAA,MAAM,eAAA,GAAkB,IAAA,CAAK,SAAA,CAAU,kBAAkB,CAAA;AACzD,IAAA,IAAI,QAAA;AACJ,IAAA,IAAI,SAAA,GAAkD,IAAA;AACtD,IAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AAChC,MAAA,SAAA,GAAY,QAAA;AACZ,MAAA,QAAA,GAAW,QAAA;AAAA,IACb,CAAA,MAAA,IAAW,CAAC,eAAA,EAAiB;AAC3B,MAAA,SAAA,GAAY,SAAA;AACZ,MAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,MAAA,QAAA,GAAW,OAAA,CAAQ,OAAO,QAAQ,CAAA;AAAA,IACpC,CAAA,MAAA,IAAW,oBAAoB,MAAA,EAAQ;AACrC,MAAA,SAAA,GAAY,MAAA;AAEZ,MAAA,IAAI,CAAE,KAAa,WAAA,EAAa;AAE9B,QAAC,IAAA,CAAa,WAAA,GAAc,CAAC,QAAQ,CAAA;AAAA,MACvC,CAAA,MAAO;AAEL,QAAC,IAAA,CAAa,WAAA,EAAa,IAAA,CAAK,QAAQ,CAAA;AACxC,QAAA,IAAI;AACF,UAAA,MAAM,aAAA,GAAgB,KAAK,SAAA,CAAU,MAAA,CAAO,OAAQ,IAAA,CAAa,WAAA,IAAe,EAAE,CAAA,EAAG;AAAA,YACnF,KAAA,EAAO,KAAK,SAAA,CAAU,YAAA;AAAA,YACtB,WAAA,EAAa,KAAK,SAAA,CAAU;AAAA,WAC7B,CAAA;AACD,UAAA,MAAM,gBAAA,GAAmB,aAAA,CAAc,QAAA,CAAS,OAAO,CAAA;AACvD,UAAA,QAAA,GAAW,gBAAA,CAAiB,SAAA,CAAW,IAAA,CAAa,kBAAA,IAAsB,CAAC,CAAA;AAC3E,UAAC,IAAA,CAAa,qBAAqB,gBAAA,CAAiB,MAAA;AAAA,QACtD,SAAS,GAAA,EAAK;AAAA,QAEd;AAAA,MACF;AAAA,IACF;AAEA,IAAA,IAAI,QAAA,EAAU;AAIZ,MAAA,IAAI;AACF,QAAA,YAAA,CAAa,QAAA,EAAU,EAAE,MAAA,EAAQ,8BAAA,EAAgC,MAAO,IAAA,CAAa,GAAA,CAAI,KAAK,CAAA;AAAA,MAChG,SAAS,GAAA,EAAK;AAGZ,QAAA,IAAI,MAAM,oBAAA,EAAsB;AAC9B,UAAA,QAAA,GAAW,sBAAsB,QAAQ,CAAA;AACzC,UAAA,IAAI,cAAc,QAAA,EAAU;AAC1B,YAAA,IAAA,CAAK,CAAC,CAAA,GAAI,QAAA;AAAA,UACZ,CAAA,MAAA,IAAW,cAAc,SAAA,EAAW;AAClC,YAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,YAAA,IAAA,CAAK,CAAC,CAAA,GAAI,OAAA,CAAQ,MAAA,CAAO,QAAQ,CAAA;AAAA,UACnC,CAAA,MAAA,IAAW,cAAc,MAAA,EAAQ,CAQjC,MAAO;AACL,YAAA,MAAM,IAAI,KAAA,CAAM,CAAA,qCAAA,EAAwC,SAAS,CAAA,CAAE,CAAA;AAAA,UACrE;AAAA,QACF,CAAA,MAAO;AACL,UAAA,MAAM,GAAA;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAGA,IAAA,OAAO,mBAAA,CAAoB,KAAA,CAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EAC7C,CAAA,EAnGiC,mCAAA,CAAA;AAsGjC,EAAA,MAAM,iBAAA,GAAoB,eAAe,SAAA,CAAU,GAAA;AAEnD,EAAA,cAAA,CAAe,SAAA,CAAU,GAAA,mBAAM,MAAA,CAAA,SAAS,wBAAA,CAAA,GAA4B,IAAA,EAAM;AAExE,IAAA,MAAM,QAAA,GAAW,KAAK,CAAC,CAAA;AAEvB,IAAA,IAAI,QAAA,IAAY,OAAO,QAAA,KAAa,QAAA,EAAU;AAE5C,MAAA,YAAA,CAAa,QAAA,EAAU,EAAE,MAAA,EAAQ,4BAAA,EAA8B,CAAA;AAAA,IACjE;AAEA,IAAA,OAAO,iBAAA,CAAkB,KAAA,CAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EAC3C,CAAA,EAV+B,0BAAA,CAAA;AAWjC;AAtIgB,MAAA,CAAA,yBAAA,EAAA,2BAAA,CAAA","file":"chunk-
|
|
1
|
+
{"version":3,"sources":["../src/runtime/patch-server-response.ts"],"names":[],"mappings":";;;;;AAUA,IAAM,UAAA,GAAa,mBAAA;AACZ,SAAS,0BAA0B,IAAA,EAGvC;AACD,EAAA,KAAA,CAAM,6CAAmC,CAAA;AACzC,EAAA,IAAI,MAAA,CAAO,wBAAA,CAAyB,cAAA,CAAe,SAAA,EAAW,UAAU,CAAA,EAAG;AACzE,IAAA,KAAA,CAAM,mBAAmB,CAAA;AACzB,IAAA;AAAA,EACF;AACA,EAAA,IAAI,eAAA,CAAgB,iBAAiB,KAAA,EAAO;AAC1C,IAAA,KAAA,CAAM,wBAAwB,CAAA;AAC9B,IAAA;AAAA,EACF;AAEA,EAAA,MAAA,CAAO,eAAe,cAAA,CAAe,SAAA,EAAW,YAAY,EAAE,KAAA,EAAO,MAAM,CAAA;AAE3E,EAAA,MAAM,mBAAA,GAAsB,eAAe,SAAA,CAAU,KAAA;AAGrD,EAAA,cAAA,CAAe,SAAA,CAAU,KAAA,mBAAQ,MAAA,CAAA,SAAS,iCAAA,CAAA,GAAqC,IAAA,EAAM;AAGnF,IAAA,MAAM,QAAA,GAAW,KAAK,CAAC,CAAA;AAKvB,IAAA,MAAM,cAAc,IAAA,CAAK,SAAA,CAAU,cAAc,CAAA,EAAG,UAAS,IAAK,EAAA;AAElE,IAAA,IAAI,OAAA,GACF,WAAA,CAAY,UAAA,CAAW,OAAO,CAAA,IAC3B,WAAA,CAAY,UAAA,CAAW,kBAAkB,CAAA,IACxC,CAAC,WAAA,IAAe,OAAO,QAAA,KAAa,QAAA;AAI1C,IAAA,MAAM,MAAA,GAAU,KAAa,GAAA,CAAI,GAAA;AAEjC,IAAA,IAAI,OAAA,IAAW,MAAA,IAAU,IAAA,EAAM,iBAAA,EAAmB,IAAA,CAAK,CAAC,OAAA,KAAY,OAAA,CAAQ,IAAA,CAAK,MAAM,CAAC,CAAA,EAAG;AACzF,MAAA,OAAA,GAAU,KAAA;AAAA,IACZ;AAIA,IAAA,IAAI,CAAC,OAAA,EAAS;AAEZ,MAAA,OAAO,mBAAA,CAAoB,KAAA,CAAM,IAAA,EAAM,IAAI,CAAA;AAAA,IAC7C;AAGA,IAAA,MAAM,eAAA,GAAkB,IAAA,CAAK,SAAA,CAAU,kBAAkB,CAAA;AACzD,IAAA,IAAI,QAAA;AACJ,IAAA,IAAI,SAAA,GAAkD,IAAA;AACtD,IAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AAChC,MAAA,SAAA,GAAY,QAAA;AACZ,MAAA,QAAA,GAAW,QAAA;AAAA,IACb,CAAA,MAAA,IAAW,CAAC,eAAA,EAAiB;AAC3B,MAAA,SAAA,GAAY,SAAA;AACZ,MAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,MAAA,QAAA,GAAW,OAAA,CAAQ,OAAO,QAAQ,CAAA;AAAA,IACpC,CAAA,MAAA,IAAW,oBAAoB,MAAA,EAAQ;AACrC,MAAA,SAAA,GAAY,MAAA;AAEZ,MAAA,IAAI,CAAE,KAAa,WAAA,EAAa;AAE9B,QAAC,IAAA,CAAa,WAAA,GAAc,CAAC,QAAQ,CAAA;AAAA,MACvC,CAAA,MAAO;AAEL,QAAC,IAAA,CAAa,WAAA,EAAa,IAAA,CAAK,QAAQ,CAAA;AACxC,QAAA,IAAI;AACF,UAAA,MAAM,aAAA,GAAgB,KAAK,SAAA,CAAU,MAAA,CAAO,OAAQ,IAAA,CAAa,WAAA,IAAe,EAAE,CAAA,EAAG;AAAA,YACnF,KAAA,EAAO,KAAK,SAAA,CAAU,YAAA;AAAA,YACtB,WAAA,EAAa,KAAK,SAAA,CAAU;AAAA,WAC7B,CAAA;AACD,UAAA,MAAM,gBAAA,GAAmB,aAAA,CAAc,QAAA,CAAS,OAAO,CAAA;AACvD,UAAA,QAAA,GAAW,gBAAA,CAAiB,SAAA,CAAW,IAAA,CAAa,kBAAA,IAAsB,CAAC,CAAA;AAC3E,UAAC,IAAA,CAAa,qBAAqB,gBAAA,CAAiB,MAAA;AAAA,QACtD,SAAS,GAAA,EAAK;AAAA,QAEd;AAAA,MACF;AAAA,IACF;AAEA,IAAA,IAAI,QAAA,EAAU;AAIZ,MAAA,IAAI;AACF,QAAA,YAAA,CAAa,QAAA,EAAU,EAAE,MAAA,EAAQ,8BAAA,EAAgC,MAAO,IAAA,CAAa,GAAA,CAAI,KAAK,CAAA;AAAA,MAChG,SAAS,GAAA,EAAK;AAGZ,QAAA,IAAI,MAAM,oBAAA,EAAsB;AAC9B,UAAA,QAAA,GAAW,sBAAsB,QAAQ,CAAA;AACzC,UAAA,IAAI,cAAc,QAAA,EAAU;AAC1B,YAAA,IAAA,CAAK,CAAC,CAAA,GAAI,QAAA;AAAA,UACZ,CAAA,MAAA,IAAW,cAAc,SAAA,EAAW;AAClC,YAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,YAAA,IAAA,CAAK,CAAC,CAAA,GAAI,OAAA,CAAQ,MAAA,CAAO,QAAQ,CAAA;AAAA,UACnC,CAAA,MAAA,IAAW,cAAc,MAAA,EAAQ,CAQjC,MAAO;AACL,YAAA,MAAM,IAAI,KAAA,CAAM,CAAA,qCAAA,EAAwC,SAAS,CAAA,CAAE,CAAA;AAAA,UACrE;AAAA,QACF,CAAA,MAAO;AACL,UAAA,MAAM,GAAA;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAGA,IAAA,OAAO,mBAAA,CAAoB,KAAA,CAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EAC7C,CAAA,EAnGiC,mCAAA,CAAA;AAsGjC,EAAA,MAAM,iBAAA,GAAoB,eAAe,SAAA,CAAU,GAAA;AAEnD,EAAA,cAAA,CAAe,SAAA,CAAU,GAAA,mBAAM,MAAA,CAAA,SAAS,wBAAA,CAAA,GAA4B,IAAA,EAAM;AAExE,IAAA,MAAM,QAAA,GAAW,KAAK,CAAC,CAAA;AAEvB,IAAA,IAAI,QAAA,IAAY,OAAO,QAAA,KAAa,QAAA,EAAU;AAE5C,MAAA,YAAA,CAAa,QAAA,EAAU,EAAE,MAAA,EAAQ,4BAAA,EAA8B,CAAA;AAAA,IACjE;AAEA,IAAA,OAAO,iBAAA,CAAkB,KAAA,CAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EAC3C,CAAA,EAV+B,0BAAA,CAAA;AAWjC;AAtIgB,MAAA,CAAA,yBAAA,EAAA,2BAAA,CAAA","file":"chunk-DIPEXEIL.js","sourcesContent":["/*\n This patches the global ServerResponse object to scan for secret leaks - currently used for next.js and remix\n*/\n\nimport zlib from 'node:zlib';\nimport { ServerResponse } from 'node:http';\nimport { redactSensitiveConfig, scanForLeaks, varlockSettings } from './env';\nimport { debug } from './lib/debug';\n\n// NOTE - previously was using a symbol but got weird because of multiple builds and contexts...\nconst patchedKey = '_patchedByVarlock';\nexport function patchGlobalServerResponse(opts?: {\n ignoreUrlPatterns?: Array<RegExp>,\n redactInsteadOfThrow?: boolean,\n}) {\n debug('⚡️ PATCHING global ServerResponse');\n if (Object.getOwnPropertyDescriptor(ServerResponse.prototype, patchedKey)) {\n debug('> already patched');\n return;\n }\n if (varlockSettings.preventLeaks === false) {\n debug('> disabled by settings');\n return;\n }\n\n Object.defineProperty(ServerResponse.prototype, patchedKey, { value: true });\n\n const serverResponseWrite = ServerResponse.prototype.write;\n\n // @ts-ignore\n ServerResponse.prototype.write = function varlockPatchedServerResponseWrite(...args) {\n // TODO: do we want to filter out some requests here? maybe based on the file type?\n\n const rawChunk = args[0];\n // console.log('⚡️ patched ServerResponse.write', rawChunk);\n\n // for now, we only scan rendered html... may need to change this though for server components?\n // so we bail if it looks like this response does not contain html\n const contentType = this.getHeader('content-type')?.toString() || '';\n // console.log('patched ServerResponse.write', contentType);\n let runScan = (\n contentType.startsWith('text/')\n || contentType.startsWith('application/json')\n || (!contentType && typeof rawChunk === 'string')\n // || contentType.startsWith('application/javascript')\n );\n\n const reqUrl = (this as any).req.url;\n // console.log('> scan ServerResponse.write', contentType, reqUrl);\n if (runScan && reqUrl && opts?.ignoreUrlPatterns?.some((pattern) => pattern.test(reqUrl))) {\n runScan = false;\n }\n\n // we want to run the scanner on text/html and text/x-component (server actions)\n // TODO: anything else?\n if (!runScan) {\n // @ts-ignore\n return serverResponseWrite.apply(this, args);\n }\n\n // have to deal with compressed data, which is awkward but possible\n const compressionType = this.getHeader('Content-Encoding');\n let chunkStr;\n let chunkType: 'string' | 'encoded' | 'gzip' | null = null;\n if (typeof rawChunk === 'string') {\n chunkType = 'string';\n chunkStr = rawChunk;\n } else if (!compressionType) {\n chunkType = 'encoded';\n const decoder = new TextDecoder();\n chunkStr = decoder.decode(rawChunk);\n } else if (compressionType === 'gzip') {\n chunkType = 'gzip';\n // first chunk of data contains only compression headers\n if (!(this as any)._zlibChunks) {\n // (this as any)._zlibHeadersChunk = rawChunk;\n (this as any)._zlibChunks = [rawChunk];\n } else {\n // TODO: figure out how we can unzip one chunk at a time instead of storing everything\n (this as any)._zlibChunks?.push(rawChunk);\n try {\n const unzippedChunk = zlib.unzipSync(Buffer.concat((this as any)._zlibChunks || []), {\n flush: zlib.constants.Z_SYNC_FLUSH,\n finishFlush: zlib.constants.Z_SYNC_FLUSH,\n });\n const fullUnzippedData = unzippedChunk.toString('utf-8');\n chunkStr = fullUnzippedData.substring((this as any)._lastChunkEndIndex || 0);\n (this as any)._lastChunkEndIndex = fullUnzippedData.length;\n } catch (err) {\n // console.log('error unzipping chunk', err);\n }\n }\n }\n // TODO: we may want to support other compression schemes? but currently only used in nextjs which is using gzip\n if (chunkStr) {\n // console.log('scanning!', chunkStr.substring(0, 1000));\n\n\n try {\n scanForLeaks(chunkStr, { method: 'patched ServerResponse.write', file: (this as any).req.url });\n } catch (err) {\n // console.log('found secret in chunk', chunkType, chunkStr);\n // console.log(this)\n if (opts?.redactInsteadOfThrow) {\n chunkStr = redactSensitiveConfig(chunkStr);\n if (chunkType === 'string') {\n args[0] = chunkStr;\n } else if (chunkType === 'encoded') {\n const encoder = new TextEncoder();\n args[0] = encoder.encode(chunkStr);\n } else if (chunkType === 'gzip') {\n // currently unable to scrub gzip chunks\n // this works sometimes, but othertimes causes decoding error\n // we'll need to pass through chunks from a new gzip stream, because we don't have access to the underlying one\n // args[0] = zlib.gzipSync(chunkStr, {\n // flush: zlib.constants.Z_SYNC_FLUSH,\n // finishFlush: zlib.constants.Z_SYNC_FLUSH,\n // });\n } else {\n throw new Error(`unable to scrub - unknown chunk type ${chunkType}`);\n }\n } else {\n throw err;\n }\n }\n }\n\n // @ts-ignore\n return serverResponseWrite.apply(this, args);\n };\n\n // calling `res.json()` in the api routes on pages router calls `res.end` without called `res.write`\n const serverResponseEnd = ServerResponse.prototype.end;\n // @ts-ignore\n ServerResponse.prototype.end = function patchedServerResponseEnd(...args) {\n // console.log('⚡️ patched ServerResponse.end');\n const endChunk = args[0];\n // this just needs to work (so far) for nextjs sending json bodies, so does not need to handle all cases...\n if (endChunk && typeof endChunk === 'string') {\n // TODO: currently this throws the error and then things just hang... do we want to try to return an error type response instead?\n scanForLeaks(endChunk, { method: 'patched ServerResponse.end' });\n }\n // @ts-ignore\n return serverResponseEnd.apply(this, args);\n };\n}\n\n"]}
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import { scanCodeForEnvVars } from './chunk-P33JXOU6.js';
|
|
2
|
-
import { detectJsPackageManager, logLines, fmt, installJsDependency } from './chunk-
|
|
3
|
-
import { define } from './chunk-4A54P4EM.js';
|
|
2
|
+
import { detectJsPackageManager, logLines, fmt, installJsDependency } from './chunk-INGOLNLE.js';
|
|
4
3
|
import { gracefulExit } from './chunk-CHQDS2PI.js';
|
|
5
|
-
import {
|
|
4
|
+
import { define } from './chunk-4A54P4EM.js';
|
|
5
|
+
import { spawnAsync, envSpecUpdater, ParsedEnvSpecStaticValue, ansis_default, tryCatch, parseEnvSpecDotEnvFile, prompts_default, pathExists } from './chunk-GKN3UJNE.js';
|
|
6
6
|
import { Ee, q } from './chunk-IRXBCLL2.js';
|
|
7
7
|
import { __name } from './chunk-6PEHRAEP.js';
|
|
8
8
|
import path2, { dirname } from 'path';
|
|
@@ -471,5 +471,5 @@ ${bunfigContents}`);
|
|
|
471
471
|
}, "commandFn");
|
|
472
472
|
|
|
473
473
|
export { commandFn, commandSpec };
|
|
474
|
-
//# sourceMappingURL=chunk-
|
|
475
|
-
//# sourceMappingURL=chunk-
|
|
474
|
+
//# sourceMappingURL=chunk-F6ZYIWAR.js.map
|
|
475
|
+
//# sourceMappingURL=chunk-F6ZYIWAR.js.map
|