middleman-s3_sync 4.6.5 → 4.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ae6310b6bdcb35bb9bdeb6b35b5a5471321cd2aa31e2301cb2b85bb40f06c6d8
-  data.tar.gz: d0a22baf1a2f20e5e2ea4ffa0a727042ad42b8d0234ee058925a83c85557705a
+  metadata.gz: 1ca1bccd213b5e15c13b3c24763c20164493043d5ed3772b90ac38dc8391293d
+  data.tar.gz: 5f2b316721b80826dfe8b33f96ba3b5389b455260a256ff8cf7562cd563a1d28
 SHA512:
-  metadata.gz: 133e5c9a90cd90800cb4c63e443a529b5ea7d0c3d2f803972b58b0ccc01a0af4c0188932f7d0bb3030e42d157c7722f3e8e2cc8c0757c9d5207075fe016653ad
-  data.tar.gz: 0d1438c52b583df33a8bce0ac0faab99d13675470092c70facd356508e096c55fdfc4d64e4bb2a58bdc03ba3cda88afcc7b378f3f5f58374939bd678b46f1de2
+  metadata.gz: 3ce61465bdc1d5986030e772d632fc425bc7d97b3d2d948ae5afee9bda9f5b92edb44cfd7bef8ad9d3f435a5c111945091f1e62428d3fd20d803a06a5e4f8e7d
+  data.tar.gz: a97276e8b0246ca38c8e5f95a0628b18d980185b366b558979dddeeb414ef2538201f3ce8697d9294390154d096676a71d2545b3fb1f84836d86d72feb53483f

data/.github/workflows/ci.yml

@@ -0,0 +1,29 @@
+name: CI
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby-version: ['3.1', '3.2', '3.3', '3.4']
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Ruby ${{ matrix.ruby-version }}
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby-version }}
+          bundler-cache: true
+
+      - name: Run tests
+        run: bundle exec rspec
+
+      - name: Build gem
+        run: gem build middleman-s3_sync.gemspec

data/.github/workflows/release.yml

@@ -0,0 +1,53 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write  # For creating GitHub releases
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.4'
+          bundler-cache: true
+
+      - name: Run tests
+        run: bundle exec rspec
+
+      - name: Build gem
+        run: gem build middleman-s3_sync.gemspec
+
+      - name: Get version
+        id: version
+        run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
+
+      - name: Generate checksums
+        run: |
+          sha256sum middleman-s3_sync-*.gem > checksums.txt
+          cat checksums.txt
+
+      - name: Publish to RubyGems
+        run: |
+          mkdir -p ~/.gem
+          echo -e "---\n:rubygems_api_key: ${RUBYGEMS_API_KEY}" > ~/.gem/credentials
+          chmod 0600 ~/.gem/credentials
+          gem push middleman-s3_sync-*.gem
+        env:
+          RUBYGEMS_API_KEY: ${{ secrets.RUBYGEMS_API_KEY }}
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: |
+            middleman-s3_sync-*.gem
+            checksums.txt
+          generate_release_notes: true

data/Changelog.md

@@ -2,6 +2,60 @@
 
 The gem that tries really hard not to push files to S3.
 
+## v4.8.0
+- Add `immutable` directive to caching policies. Pair with a long `max_age` on
+  fingerprinted assets (e.g. those produced by Middleman's `asset_hash`
+  extension) to tell browsers they never need to revalidate:
+  `caching_policy 'text/css', max_age: 1.year, public: true, immutable: true`.
+- Prefer `Cache-Control: max-age` over the `Expires` header. When a policy sets
+  `max_age:`, the `Expires` header is now suppressed even if `expires:` is also
+  set. Per RFC 7234 §5.3, `max-age` overrides `Expires` for HTTP/1.1 caches, so
+  emitting both adds no information and forces a metadata update on every build
+  as the `expires:` timestamp drifts forward. Existing configs that rely solely
+  on `expires:` (without `max_age:`) continue to work unchanged.
+- Resource uploads no longer include empty `cache_control` or `expires` keys
+  when the caching policy yields `nil` for them.
+- Drop `timerizer` development dependency. Its monkey-patch of `Time.new` was
+  incompatible with Ruby 3.1.7's keyword-argument changes and crashed RSpec at
+  startup on the 3.1 CI matrix. The three test usages were replaced with plain
+  `Time` literals.
+
+## v4.7.0
+- Add `after_s3_sync` callback hook that runs after sync completes (#138).
+  Accepts a lambda/proc — optionally receiving a results hash with `created`,
+  `updated`, `deleted` counts and invalidation paths — or a symbol referencing
+  a method on the Middleman app. Zero-arg callbacks work without modification
+  via arity detection. Callback failures are logged but do not abort the sync.
+- Add `scan_build_dir` option (default: `false`) to sync files in the build
+  directory that aren't in the Middleman sitemap (#108, #137). Useful for
+  output from `after_build` callbacks, image optimizers, or anything placed
+  in `build/` outside the sitemap.
+- Add `routing_rules` option to configure S3 website routing rules at sync
+  time, so deployments don't overwrite manually-configured rules (#142).
+  Supports `condition.key_prefix_equals`,
+  `condition.http_error_code_returned_equals`, and the
+  `redirect.{host_name, http_redirect_code, protocol, replace_key_prefix_with,
+  replace_key_with}` keys. Requires `index_document` to also be set.
+- Improve content type detection with a `mime-types` fallback for files
+  Middleman doesn't classify (e.g. orphan files, WebP, woff2). The
+  `content_types` option is now checked first, and unknown extensions default
+  to `application/octet-stream`. Bumped `mime-types` constraint to `~> 3.4`.
+  (#161)
+- Fix sitemap population for build-mode extensions (#116, #128). The sync
+  now calls `ensure_resource_list_updated!` so extensions like blog and
+  asset_hash populate the sitemap, and always runs in `:build` mode so
+  `configure :build` blocks are active. Files emitted by `after_build`
+  callbacks still aren't visible to the sitemap — use `scan_build_dir` for
+  those.
+- Fix `Resource#redirect?` to return `true`/`false` instead of a truthy URL
+  string (#143). The status logic was already correct; this just normalizes
+  the boolean contract.
+- Tighten gemspec dependency bounds and require Ruby `>= 3.0` (#167).
+  Pessimistic constraints on all runtime and development deps to resolve the
+  open-ended-dependency warnings on `gem build`.
+- Add GitHub Actions CI matrix (Ruby 3.1, 3.2, 3.3, 3.4) and an automated
+  RubyGems release workflow that publishes on `v*` tags (#169).
+
 ## v4.6.5
 - Performance and stability improvements
   - Thread-safe invalidation path tracking (use Set + mutex) when running in parallel

data/README.md

@@ -19,6 +19,33 @@ that are no longer needed.
 * Use middleman-s3_sync version 4.x for Middleman 4.x
 * Use middleman-s3_sync version 3.x for Middleman 3.x
 
+## What's New in 4.7.0
+
+**New Features**
+- `after_s3_sync` callback for post-sync hooks (notifications, custom actions)
+- `scan_build_dir` option to sync files outside the Middleman sitemap
+- `routing_rules` option for S3 website redirect configuration
+- Improved content type detection with mime-types gem fallback
+
+**Performance & Efficiency**
+- Batch deletes using S3 `delete_objects` (up to 1,000 keys per request)
+- Streaming uploads to reduce memory usage on large files
+- Single-pass MD5 computation avoids redundant file reads
+- Single-pass resource categorization (create/update/delete)
+- Faster redundant-path pruning for CloudFront invalidations
+
+**Reliability**
+- Thread-safe CloudFront invalidation path tracking (mutex-protected Set)
+- Cached CloudFront client to reduce re-instantiation overhead
+- Proper sitemap population before sync (`ensure_resource_list_updated!`)
+- Fixed redirect detection to return boolean values
+
+**Developer Experience**
+- Extension now properly delegates option writers (`verbose=`, `dry_run=`, etc.)
+- GitHub Actions CI and release workflows
+- Tightened gemspec with bounded dependency versions
+- Ruby >= 3.0 requirement
+
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -258,6 +285,57 @@ Your AWS credentials need CloudFront permissions in addition to S3:
 - Use `cloudfront_invalidate_all: true` for major updates to minimize costs (counts as 1 path)
 - Consider the trade-off between immediate cache invalidation and cost
 
+## Callbacks
+
+### after_s3_sync
+
+You can configure a callback that runs after the sync completes. This is useful for triggering notifications, updating external services, or running post-deployment tasks.
+
+```ruby
+activate :s3_sync do |s3_sync|
+  # ... other configuration ...
+  
+  # Using a lambda/proc
+  s3_sync.after_s3_sync = ->(results) {
+    puts "Created: #{results[:created]} files"
+    puts "Updated: #{results[:updated]} files"
+    puts "Deleted: #{results[:deleted]} files"
+    puts "Invalidation paths: #{results[:invalidation_paths].join(', ')}"
+  }
+end
+```
+
+The callback receives a hash with sync results:
+
+| Key                   | Type    | Description |
+| --------------------- | ------- | ----------- |
+| `:created`            | Integer | Number of files created |
+| `:updated`            | Integer | Number of files updated |
+| `:deleted`            | Integer | Number of files deleted |
+| `:invalidation_paths` | Array   | CloudFront paths that were invalidated |
+
+You can also use a symbol to call a method on the Middleman app:
+
+```ruby
+# In config.rb
+def notify_slack(results)
+  # Send deployment notification to Slack
+end
+
+activate :s3_sync do |s3_sync|
+  # ... other configuration ...
+  s3_sync.after_s3_sync = :notify_slack
+end
+```
+
+Callbacks that take no arguments are also supported:
+
+```ruby
+activate :s3_sync do |s3_sync|
+  s3_sync.after_s3_sync = -> { puts "Sync complete!" }
+end
+```
+
 #### IAM Policy
 
 Here's a sample IAM policy with least-privilege permissions that will allow syncing to a bucket named "mysite.com":
@@ -468,6 +546,21 @@ The following keys can be set:
 | `no_store`         | boolean | `no-store`         | Instructs caches not to keep a copy of the representation under any conditions.                                                        |
 | `must_revalidate`  | boolean | `must-revalidate`  | Tells the caches that they must obey any freshness information you give them about a representation.                                   |
 | `proxy_revalidate` | boolean | `proxy-revalidate` | Similar as `must-revalidate`, but only for proxies.                                                                                    |
+| `immutable`        | boolean | `immutable`        | Tells browsers the response body will never change for this URL, so they should not revalidate even on a user-initiated reload. Pair with a long `max_age` for content-addressed (fingerprinted) assets. |
+
+#### Hashed Assets
+
+If you use Middleman's `asset_hash` extension, fingerprinted asset URLs
+are content-addressed and never need to be revalidated. Combining a
+long `max_age` with `immutable` is the strongest browser cache hint
+you can give:
+
+```ruby
+caching_policy 'text/css',               max_age: 1.year, public: true, immutable: true
+caching_policy 'application/javascript', max_age: 1.year, public: true, immutable: true
+caching_policy 'image/png',              max_age: 1.year, public: true, immutable: true
+caching_policy 'image/jpeg',             max_age: 1.year, public: true, immutable: true
+```
 
 #### Setting `Expires` Header
 
@@ -476,8 +569,11 @@ You can pass the `expires` key to the `caching_policy` and
 header on a results. You will need to pass it a Time object indicating
 when the resource is set to expire.
 
-> Note that the `Cache-Control` header will take precedence over the
-> `Expires` header if both are present.
+> Note that the `Cache-Control` header takes precedence over `Expires`
+> for HTTP/1.1 caches (RFC 7234 §5.3). For that reason, when a policy
+> sets `max_age:`, the `Expires` header is suppressed entirely — even
+> if `expires:` is also set. This avoids redundant metadata churn from
+> the `expires:` timestamp drifting forward on every build.
 
 #### A Note About Browser Caching
 
@@ -514,6 +610,16 @@ The full values and their semantics are [documented on AWS's
 documentation
 site](http://docs.aws.amazon.com/AmazonS3/latest/dev/ACLOverview.html#CannedACL).
 
+##### Buckets with ACLs Disabled
+
+If your bucket uses "Object Ownership: Bucket owner enforced" (ACLs disabled), set:
+
+```ruby
+s3_sync.acl = ''   # or: s3_sync.acl = nil
+```
+
+The gem will also auto-detect buckets that reject ACL headers and transparently retry uploads without the `:acl` parameter.
+
 #### Encryption
 
 You can ask Amazon to encrypt your files at rest by setting the

data/lib/middleman/s3_sync/caching_policy.rb

@@ -38,6 +38,7 @@ module Middleman
         policy << "no-store" if policies.fetch(:no_store, false)
         policy << "must-revalidate" if policies.fetch(:must_revalidate, false)
         policy << "proxy-revalidate" if policies.fetch(:proxy_revalidate, false)
+        policy << "immutable" if policies.fetch(:immutable, false)
         if policy.empty?
           nil
         else
@@ -49,7 +50,12 @@ module Middleman
         cache_control
       end
 
+      # Returns an RFC 1123 date for the Expires header.
+      # When :max_age is set we suppress Expires entirely: per RFC 7234 §5.3
+      # max-age takes precedence over Expires for HTTP/1.1 caches, so emitting
+      # both adds no information and forces a metadata update on every build.
       def expires
+        return nil if policies.has_key?(:max_age)
         if expiration = policies.fetch(:expires, nil)
           CGI.rfc1123_date(expiration)
         end

data/lib/middleman/s3_sync/options.rb

@@ -26,13 +26,16 @@ module Middleman
         :ignore_paths,
         :index_document,
         :error_document,
+        :routing_rules,
+        :scan_build_dir,
         :cloudfront_distribution_id,
         :cloudfront_invalidate,
         :cloudfront_invalidate_all,
         :cloudfront_invalidation_batch_size,
         :cloudfront_invalidation_max_retries,
         :cloudfront_invalidation_batch_delay,
-        :cloudfront_wait
+        :cloudfront_wait,
+        :after_s3_sync
       ]
       attr_accessor *OPTIONS
 
@@ -113,6 +116,14 @@ module Middleman
         @version_bucket.nil? ? false : @version_bucket
       end
 
+      def routing_rules
+        @routing_rules || []
+      end
+
+      def scan_build_dir
+        @scan_build_dir.nil? ? false : @scan_build_dir
+      end
+
     end
   end
 end

data/lib/middleman/s3_sync/resource.rb

@@ -6,9 +6,11 @@ module Middleman
 
       include Status
 
-      def initialize(resource, partial_s3_resource)
+      def initialize(resource, partial_s3_resource, path: nil)
         @resource = resource
-        @path = if resource
+        @path = if path
+                  path.sub(/^\//, '')
+                elsif resource
                   resource.destination_path.sub(/^\//, '')
                 elsif partial_s3_resource&.key
                   partial_s3_resource.key.sub(/^\//, '')
@@ -62,8 +64,8 @@ module Middleman
         attributes[:acl] = options.acl if options.acl_enabled?
 
         if caching_policy
-          attributes[:cache_control] = caching_policy.cache_control
-          attributes[:expires] = caching_policy.expires
+          attributes[:cache_control] = caching_policy.cache_control if caching_policy.cache_control
+          attributes[:expires] = caching_policy.expires if caching_policy.expires
         end
 
         if options.prefer_gzip && gzipped
@@ -224,7 +226,8 @@ module Middleman
       end
 
       def local?
-        File.exist?(local_path) && resource
+        # For orphan files (scan_build_dir), resource is nil but file exists
+        File.exist?(local_path)
       end
 
       def remote?
@@ -232,8 +235,8 @@ module Middleman
       end
 
       def redirect?
-        (resource && resource.respond_to?(:redirect?) && resource.redirect?) || 
-          (full_s3_resource && full_s3_resource.respond_to?(:website_redirect_location) && full_s3_resource.website_redirect_location)
+        !!(resource && resource.respond_to?(:redirect?) && resource.redirect?) || 
+          !!(full_s3_resource && full_s3_resource.respond_to?(:website_redirect_location) && full_s3_resource.website_redirect_location)
       end
 
       def metadata_match?
@@ -323,8 +326,24 @@ module Middleman
       end
 
       def content_type
-        @content_type ||= Middleman::S3Sync.content_types[local_path]
-        @content_type ||= !resource.nil? && resource.respond_to?(:content_type) ? resource.content_type : nil
+        @content_type ||= begin
+          # Priority: content_types option > mm_resource > mime-types > default
+          ct = options.content_types[local_path] if options.content_types
+          ct ||= options.content_types[path] if options.content_types
+          ct ||= Middleman::S3Sync.content_types[local_path]
+          ct ||= Middleman::S3Sync.content_types[path]
+          ct ||= resource.content_type if resource&.respond_to?(:content_type)
+          ct ||= detect_content_type_from_extension
+          ct || 'application/octet-stream'
+        end
+      end
+
+      def detect_content_type_from_extension
+        return nil unless defined?(MIME::Types)
+        extension = File.extname(original_path).delete_prefix('.')
+        return nil if extension.empty?
+        types = MIME::Types.type_for(extension)
+        types.first&.content_type
       end
 
       def caching_policy
@@ -363,8 +382,8 @@ module Middleman
 
         # Add cache control and expires if present
         if caching_policy
-          upload_options[:cache_control] = caching_policy.cache_control
-          upload_options[:expires] = caching_policy.expires
+          upload_options[:cache_control] = caching_policy.cache_control if caching_policy.cache_control
+          upload_options[:expires] = caching_policy.expires if caching_policy.expires
         end
 
         # Add storage class if needed

data/lib/middleman/s3_sync/version.rb

@@ -1,5 +1,5 @@
 module Middleman
   module S3Sync
-    VERSION = "4.6.5"
+    VERSION = "4.8.0"
   end
 end

data/lib/middleman/s3_sync.rb

@@ -1,5 +1,6 @@
 require 'aws-sdk-s3'
 require 'digest/md5'
+require 'mime/types'
 require 'middleman/s3_sync/version'
 require 'middleman/s3_sync/options'
 require 'middleman/s3_sync/caching_policy'
@@ -37,6 +38,12 @@ module Middleman
         @app ||= ::Middleman::Application.new
         @invalidation_paths = Set.new
 
+        # Ensure sitemap is fully populated before syncing
+        # This catches resources from extensions activated in :build mode
+        if @app.respond_to?(:sitemap) && @app.sitemap.respond_to?(:ensure_resource_list_updated!)
+          @app.sitemap.ensure_resource_list_updated!
+        end
+
         say_status "Let's see if there's work to be done..."
         unless work_to_be_done?
           say_status "All S3 files are up to date."
@@ -63,6 +70,9 @@ module Middleman
         if s3_sync_options.cloudfront_invalidate
           CloudFront.invalidate(@invalidation_paths.to_a, s3_sync_options)
         end
+
+        # Run after_s3_sync callback if provided
+        run_after_s3_sync_callback
       end
 
       def bucket
@@ -100,6 +110,44 @@ module Middleman
         @content_types || {}
       end
 
+      # Run the after_s3_sync callback if configured
+      def run_after_s3_sync_callback
+        callback = s3_sync_options.after_s3_sync
+        return unless callback
+
+        say_status 'callback', 'Running after_s3_sync callback...'
+        
+        # Build sync results hash
+        results = {
+          created: files_to_create.size,
+          updated: files_to_update.size,
+          deleted: files_to_delete.size,
+          invalidation_paths: @invalidation_paths.to_a
+        }
+
+        begin
+          if callback.respond_to?(:call)
+            # Lambda/Proc callback - check arity to decide whether to pass results
+            if callback.arity == 0 || callback.arity == -1 && callback.parameters.empty?
+              callback.call
+            else
+              callback.call(results)
+            end
+          elsif callback.is_a?(Symbol) && @app.respond_to?(callback)
+            # Symbol method name - call on app
+            if @app.method(callback).arity == 0
+              @app.send(callback)
+            else
+              @app.send(callback, results)
+            end
+          end
+          
+          say_status 'callback', 'after_s3_sync completed successfully'
+        rescue => e
+          say_status 'error', "after_s3_sync callback failed: #{e.message}"
+        end
+      end
+
       protected
       def update_bucket_versioning
         s3_client.put_bucket_versioning({
@@ -115,10 +163,41 @@ module Middleman
         opts[:index_document] = { suffix: s3_sync_options.index_document } if s3_sync_options.index_document
         opts[:error_document] = { key: s3_sync_options.error_document } if s3_sync_options.error_document
 
+        # Add routing rules if specified
+        if s3_sync_options.routing_rules && !s3_sync_options.routing_rules.empty?
+          opts[:routing_rules] = s3_sync_options.routing_rules.map do |rule|
+            routing_rule = {}
+            
+            # Handle condition (optional)
+            if rule[:condition] || rule['condition']
+              condition = rule[:condition] || rule['condition']
+              routing_rule[:condition] = {}
+              routing_rule[:condition][:key_prefix_equals] = condition[:key_prefix_equals] || condition['key_prefix_equals'] if condition[:key_prefix_equals] || condition['key_prefix_equals']
+              routing_rule[:condition][:http_error_code_returned_equals] = condition[:http_error_code_returned_equals] || condition['http_error_code_returned_equals'] if condition[:http_error_code_returned_equals] || condition['http_error_code_returned_equals']
+            end
+            
+            # Handle redirect (required)
+            redirect = rule[:redirect] || rule['redirect']
+            routing_rule[:redirect] = {}
+            routing_rule[:redirect][:host_name] = redirect[:host_name] || redirect['host_name'] if redirect[:host_name] || redirect['host_name']
+            routing_rule[:redirect][:http_redirect_code] = redirect[:http_redirect_code] || redirect['http_redirect_code'] if redirect[:http_redirect_code] || redirect['http_redirect_code']
+            routing_rule[:redirect][:protocol] = redirect[:protocol] || redirect['protocol'] if redirect[:protocol] || redirect['protocol']
+            routing_rule[:redirect][:replace_key_prefix_with] = redirect[:replace_key_prefix_with] || redirect['replace_key_prefix_with'] if redirect[:replace_key_prefix_with] || redirect['replace_key_prefix_with']
+            routing_rule[:redirect][:replace_key_with] = redirect[:replace_key_with] || redirect['replace_key_with'] if redirect[:replace_key_with] || redirect['replace_key_with']
+            
+            routing_rule
+          end
+        end
+
         if opts[:error_document] && !opts[:index_document]
           raise 'S3 requires `index_document` if `error_document` is specified'
         end
 
+        # S3 requires index_document if routing_rules are specified
+        if opts[:routing_rules] && !opts[:index_document]
+          raise 'S3 requires `index_document` if `routing_rules` are specified'
+        end
+
         unless opts.empty?
           say_status "Putting bucket website: #{opts.to_json}"
           s3_client.put_bucket_website({
@@ -234,6 +313,11 @@ module Middleman
       def work_to_be_done?
         Parallel.each(mm_resources, in_threads: THREADS_COUNT, progress: "Processing sitemap") { |mm_resource| add_local_resource(mm_resource) }
 
+        # Scan build directory for orphan files (not in sitemap)
+        if s3_sync_options.scan_build_dir
+          discover_orphan_files
+        end
+
         Parallel.each(remote_only_paths, in_threads: THREADS_COUNT, progress: "Processing remote files") do |remote_path|
           s3_sync_resources[remote_path] ||= S3Sync::Resource.new(nil, remote_resource_for_path(remote_path)).tap(&:status)
         end
@@ -241,6 +325,38 @@ module Middleman
         !(files_to_create.empty? && files_to_update.empty? && files_to_delete.empty?)
       end
 
+      # Discover files in build directory that are not in the sitemap
+      # This handles files generated by after_build callbacks, image optimizers, etc.
+      def discover_orphan_files
+        return unless build_dir && File.directory?(build_dir)
+
+        orphan_files = []
+        
+        Dir.glob(File.join(build_dir, '**', '*')).each do |file_path|
+          next if File.directory?(file_path)
+          
+          # Get path relative to build_dir
+          relative_path = file_path.sub(/^#{Regexp.escape(build_dir)}\/?/, '')
+          
+          # Skip if already in sitemap resources
+          next if s3_sync_resources.key?(relative_path)
+          
+          orphan_files << relative_path
+        end
+
+        return if orphan_files.empty?
+
+        say_status "Found #{orphan_files.size} files outside sitemap"
+        
+        Parallel.each(orphan_files, in_threads: THREADS_COUNT, progress: "Processing orphan files") do |relative_path|
+          # Create a Resource with nil mm_resource but explicit path
+          # It will use mime-types for content type detection
+          remote = remote_resource_for_path(relative_path)
+          resource = S3Sync::Resource.new(nil, remote, path: relative_path)
+          s3_sync_resources[relative_path] = resource.tap(&:status)
+        end
+      end
+
       # Single-pass categorization of resources by status
       # Avoids multiple iterations over s3_sync_resources
       def categorized_resources

data/lib/middleman-s3_sync/commands.rb

@@ -102,7 +102,9 @@ module Middleman
         verbose = options[:verbose] ? 0 : 1
         instrument = options[:instrument]
 
-        mode = options[:build] ? :build : :config
+        # Always use :build mode to ensure build-time extensions are active
+        # (e.g., asset_hash in `configure :build` blocks)
+        mode = :build
 
         ::Middleman::S3Sync.app = ::Middleman::Application.new do
           config[:mode] = mode

data/lib/middleman-s3_sync/extension.rb

@@ -26,8 +26,10 @@ module Middleman
     option :dry_run, false, 'Whether to perform a dry-run'
     option :index_document, nil, 'S3 custom index document path'
     option :error_document, nil, 'S3 custom error document path'
+    option :routing_rules, [], 'S3 website routing rules (array of rule hashes)'
     option :content_types, {}, 'Custom content types'
     option :ignore_paths, [], 'Paths that should be ignored during sync, strings or regex are allowed'
+    option :scan_build_dir, false, 'Scan build directory for files not in sitemap (e.g., after_build files)'
     option :cloudfront_distribution_id, nil, 'CloudFront distribution ID for invalidation'
     option :cloudfront_invalidate, false, 'Whether to invalidate CloudFront cache after sync'
     option :cloudfront_invalidate_all, false, 'Whether to invalidate all paths (/*) or only changed files'
@@ -35,6 +37,7 @@ module Middleman
     option :cloudfront_invalidation_max_retries, 5, 'Maximum number of retries for rate-limited invalidation requests'
     option :cloudfront_invalidation_batch_delay, 2, 'Delay in seconds between invalidation batches'
     option :cloudfront_wait, false, 'Whether to wait for CloudFront invalidation to complete'
+    option :after_s3_sync, nil, 'Proc/lambda to call after sync completes (receives changed_paths array)'
 
     expose_to_config :s3_sync_options, :default_caching_policy, :caching_policy