@anvil-cloud/sdk 0.0.9 → 0.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +42 -34
  2. package/bin/package.json +1 -1
  3. package/package.json +1 -1
package/README.md CHANGED
@@ -4,69 +4,80 @@
4
4
 
5
5
  Anvil wraps raw cloud resources into opinionated, production-ready components. No 200-line Terraform modules. No copy-pasting security configs. Just declare what you need and Anvil handles the rest.
6
6
 
7
+ Built on [Pulumi](https://www.pulumi.com/).
8
+
7
9
  ## Install
8
10
 
9
11
  ```bash
10
12
  npm install @anvil-cloud/sdk
11
13
  ```
12
14
 
13
- ## Quick start
15
+ ## Secure by default
14
16
 
15
- Create `anvil.config.ts` at your project root:
17
+ Every Anvil component ships with defaults aligned to production from day one — public access blocked, encryption enforced, cost tags applied. The goal isn't to make compliance automatic, but to make it a platform you can actually build on.
16
18
 
17
- ```typescript
18
- import { App } from '@anvil-cloud/sdk';
19
- import * as anvil from '@anvil-cloud/sdk';
19
+ ## The App class
20
+
21
+ Every Anvil program starts with `new App()`. The `run` callback receives a `Context` with:
22
+
23
+ - `ctx.stage` — current deployment stage (defaults to your OS username for dev isolation)
24
+ - `ctx.project` — project name from `anvil.yaml`
25
+ - `ctx.export(name, value)` — export stack outputs
26
+ - `ctx.providers` — named cloud providers for multi-region / multi-account
27
+
28
+ ## Grants
29
+
30
+ Grants are how Anvil wires permissions between resources. Instead of writing IAM policies by hand, you call `.grant()` on a resource and Anvil handles both the IAM role policy and the environment variable injection automatically.
31
+
32
+ A Lambda reading from a Bucket:
20
33
 
34
+ ```typescript
21
35
  export default new App({
22
36
  run(ctx) {
23
37
  const bucket = new anvil.aws.Bucket('uploads', {
24
38
  dataClassification: 'sensitive',
25
39
  });
26
- ctx.export('bucketName', bucket.bucketName);
27
- },
28
- });
29
- ```
30
40
 
31
- Deploy:
41
+ const fn = new anvil.aws.Lambda('processor', {
42
+ runtime: 'nodejs20.x',
43
+ handler: 'index.handler',
44
+ code: './src',
45
+ });
32
46
 
33
- ```bash
34
- anvil deploy
47
+ // Grants the Lambda read access to the bucket and scopes down to specific bucket paths
48
+ // Anvil creates the IAM policy and injects UPLOADS_BUCKET_NAME
49
+ // into the Lambda's environment automatically.
50
+ //
51
+ bucket.grant(fn, { actions: ['read'], path: ['user/*'] });
52
+ },
53
+ });
35
54
  ```
36
55
 
37
- That S3 bucket ships with public access blocked, encryption enabled, and versioning on — because that's how every bucket should start. You opt _in_ to risk, not out of it.
38
-
39
- ## The App class
56
+ What Anvil does under the hood:
40
57
 
41
- Every Anvil program starts with `new App()`. The `run` callback receives a `Context` with:
58
+ - Creates an IAM `RolePolicy` scoped to the exact actions requested
59
+ - Injects the resource identifier as an environment variable on the target (e.g. `UPLOADS_BUCKET_NAME`)
60
+ - No manual ARN wiring, no forgotten permissions
42
61
 
43
- - `ctx.stage` — the current deployment stage (defaults to your OS username for dev isolation)
44
- - `ctx.project` — the project name from `anvil.yaml`
45
- - `ctx.export(name, value)` — export stack outputs
46
- - `ctx.providers` — named cloud providers for multi-region / multi-account
62
+ ## SvelteKit deployment
47
63
 
48
- ## Multi-cloud
64
+ Deploy a SvelteKit app to AWS with a single component. Anvil provisions S3, CloudFront, ACM, Lambda (via Lambda Web Adapter), and Route53 — with HTTPS and a custom domain out of the box:
49
65
 
50
66
  ```typescript
51
67
  export default new App({
52
68
  run(ctx) {
53
- // AWS
54
- const bucket = new anvil.aws.Bucket('data', {
55
- dataClassification: 'sensitive',
69
+ const site = new anvil.aws.SvelteKitSite('web', {
70
+ domain: 'myapp.com',
56
71
  });
57
72
 
58
- // GCP
59
- const gcsBucket = new anvil.gcp.StorageBucket('backup', {
60
- dataClassification: 'internal',
61
- location: 'US',
62
- });
73
+ ctx.export('url', site.url);
63
74
  },
64
75
  });
65
76
  ```
66
77
 
67
78
  ## Overrides
68
79
 
69
- Every component accepts a `transform` argument to override the underlying resource config:
80
+ Every component accepts a `transform` argument to override the underlying resource config when you need to break from the defaults:
70
81
 
71
82
  ```typescript
72
83
  const bucket = new anvil.aws.Bucket('custom', {
@@ -77,12 +88,9 @@ const bucket = new anvil.aws.Bucket('custom', {
77
88
  });
78
89
  ```
79
90
 
80
- ## How it works
81
-
82
- Anvil is built on [Pulumi](https://www.pulumi.com/). Each component wraps one or more cloud resources with secure defaults. The `App` class handles config, providers, and exports so you write infrastructure — not boilerplate.
83
-
84
91
  ## Links
85
92
 
93
+ - [Docs](https://anvilcloud.dev)
86
94
  - [GitHub](https://github.com/DamienPace15/anvil)
87
95
  - [Python SDK](https://pypi.org/project/anvil-cloud/)
88
96
  - [Go SDK](https://pkg.go.dev/github.com/DamienPace15/anvil/sdk/go/anvil)
package/bin/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@anvil-cloud/sdk",
3
- "version": "0.0.9",
3
+ "version": "0.0.11",
4
4
  "scripts": {
5
5
  "build": "tsc && cp package.json bin/"
6
6
  },
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@anvil-cloud/sdk",
3
- "version": "0.0.9",
3
+ "version": "0.0.11",
4
4
  "scripts": {
5
5
  "build": "tsc && cp package.json bin/"
6
6
  },