@digitraffic/common 2026.4.17-3 → 2026.4.20-2

package/dist/aws/infra/canaries/canary-role.d.ts

@@ -11,4 +11,9 @@ export declare class DigitrafficCanaryRole extends Role {
      * A UrlCanary needs these permissions to e.g. access a private API Gateway endpoint in a VPC.
      */
     withVpcAccess(): this;
+    /**
+     * Provides permissions to read API keys from API Gateway.
+     * Required for URL canaries that validate API-key-protected endpoints.
+     */
+    withApiGatewayAccess(): this;
 }

package/dist/aws/infra/canaries/canary-role.js

@@ -47,5 +47,16 @@ export class DigitrafficCanaryRole extends Role {
         this.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaVPCAccessExecutionRole"));
         return this;
     }
+    /**
+     * Provides permissions to read API keys from API Gateway.
+     * Required for URL canaries that validate API-key-protected endpoints.
+     */
+    withApiGatewayAccess() {
+        this.addToPolicy(new PolicyStatement({
+            actions: ["apigateway:GET"],
+            resources: ["arn:aws:apigateway:*::/apikeys/*"],
+        }));
+        return this;
+    }
 }
 //# sourceMappingURL=canary-role.js.map

package/dist/aws/infra/canaries/url-canary.js

@@ -1,6 +1,7 @@
 import { CfnCanary } from "aws-cdk-lib/aws-synthetics";
 import { DigitrafficCanary } from "./canary.js";
 import { ENV_API_KEY, ENV_HOSTNAME, ENV_SECRET } from "./canary-keys.js";
+import { DigitrafficCanaryRole } from "./canary-role.js";
 export class UrlCanary extends DigitrafficCanary {
     constructor(stack, role, params, secret) {
         const canaryName = `${params.name}-url`;
@@ -32,6 +33,9 @@ export class UrlCanary extends DigitrafficCanary {
         }
     }
     static create(stack, role, publicApi, params, secret) {
+        if (role instanceof DigitrafficCanaryRole) {
+            role.withApiGatewayAccess();
+        }
         return new UrlCanary(stack, role, {
             handler: `${params.name ?? undefined}.handler`,
             hostname: publicApi.hostname(),

package/dist/aws/infra/stack/dt-function.d.ts

@@ -1,3 +1,4 @@
+import type { Stack } from "aws-cdk-lib";
 import { Duration } from "aws-cdk-lib";
 import type { ISecurityGroup } from "aws-cdk-lib/aws-ec2";
 import type { IRole } from "aws-cdk-lib/aws-iam";
@@ -6,7 +7,7 @@ import type { ILayerVersion } from "aws-cdk-lib/aws-lambda";
 import { Architecture, Function as AwsFunction, Code, Runtime } from "aws-cdk-lib/aws-lambda";
 import { DtFunctionAlarms } from "./dt-function-alarms.js";
 import type { LambdaEnvironment } from "./lambda-configs.js";
-import type { DigitrafficStack } from "./stack.js";
+import type { DigitrafficStackInterface } from "./stack.js";
 export declare class FunctionBuilder {
     private readonly _stack;
     private readonly _name;
@@ -28,20 +29,16 @@ export declare class FunctionBuilder {
     private readonly policyStatements;
     private readonly allowedActions;
     private readonly _features;
-    constructor(stack: DigitrafficStack, lambdaName: string);
+    constructor(stack: Stack & DigitrafficStackInterface, lambdaName: string);
     /**
      * Creates a new builder with defaults, using the lambdaName as a source for the lambda implementation (dist/lambdaName/lambdaName.js).
      * Database access is given by default.
      */
-    static create(stack: DigitrafficStack, lambdaName: string): FunctionBuilder;
+    static create(stack: Stack & DigitrafficStackInterface, lambdaName: string): FunctionBuilder;
     /**
      * Creates a new builder with defaults, but without database or secret access.
      */
-    static plain(stack: DigitrafficStack, lambdaName: string): FunctionBuilder;
-    /**
-     * Stack only has one lambda.  Default is that it has multiple lambdas.
-     */
-    singleLambda(): this;
+    static plain(stack: Stack & DigitrafficStackInterface, lambdaName: string): FunctionBuilder;
     /**
      * Use AssetCode from given path(dist/lambda/${path}).  Default path is lambdaName. Also calls withHandler with the same value.
      */

package/dist/aws/infra/stack/dt-function.js

@@ -30,7 +30,6 @@ export class FunctionBuilder {
     policyStatements = [];
     allowedActions = [];
     _features = {
-        singleLambda: false,
         databaseAccess: true,
         secretAccess: true,
     };
@@ -63,21 +62,11 @@ export class FunctionBuilder {
             .withoutDatabaseAccess()
             .withoutSecretAccess();
     }
-    /**
-     * Stack only has one lambda.  Default is that it has multiple lambdas.
-     */
-    singleLambda() {
-        this._features.singleLambda = true;
-        return this;
-    }
     /**
      * Use AssetCode from given path(dist/lambda/${path}).  Default path is lambdaName. Also calls withHandler with the same value.
      */
     withAssetCode(path = this._name) {
-        const lambdaPath = this._features.singleLambda
-            ? `dist/lambda/`
-            : `dist/lambda/${path}`;
-        this.code = new AssetCode(lambdaPath);
+        this.code = new AssetCode(`dist/lambda/${path}`);
         this.withHandler(path);
         return this;
     }

package/dist/aws/infra/stack/lambda-configs.d.ts

@@ -34,7 +34,6 @@ export interface FunctionParameters {
     vpcSubnets?: SubnetSelection;
     runtime?: Runtime;
     architecture?: Architecture;
-    singleLambda?: boolean;
 }
 export type MonitoredFunctionParameters = FunctionParameters & {
     readonly durationAlarmProps?: MonitoredFunctionAlarmProps;

package/dist/aws/infra/stack/lambda-configs.js

@@ -31,16 +31,13 @@ export function lambdaFunctionProps(_, environment, lambdaName, simpleLambdaName
         timeout: Duration.seconds(config?.timeout ?? 60),
         logGroup: logGroup,
         reservedConcurrentExecutions: config?.reservedConcurrentExecutions ?? 2,
-        code: getAssetCode(simpleLambdaName, config?.singleLambda ?? false),
+        code: getAssetCode(simpleLambdaName),
         handler: `${simpleLambdaName}.handler`,
         environment,
     };
 }
-function getAssetCode(simpleLambdaName, isSingleLambda) {
-    const lambdaPath = isSingleLambda
-        ? `dist/lambda/`
-        : `dist/lambda/${simpleLambdaName}`;
-    return new AssetCode(lambdaPath);
+function getAssetCode(simpleLambdaName) {
+    return new AssetCode(`dist/lambda/${simpleLambdaName}`);
 }
 export function defaultLambdaConfiguration(config) {
     const props = {

package/dist/aws/infra/stack/lambda-log-group.d.ts

@@ -1,6 +1,6 @@
 import type { Stack } from "aws-cdk-lib";
 import { LogGroup, RetentionDays } from "aws-cdk-lib/aws-logs";
-import type { DigitrafficStack } from "./stack.js";
+import type { DigitrafficStackInterface } from "./stack.js";
 export interface CreateLambdaLogGroupParams {
     functionName: string;
     retention?: RetentionDays;
@@ -10,6 +10,6 @@ export interface CreateLambdaLogGroupParamsForStack extends CreateLambdaLogGroup
     shortName: string;
 }
 export interface CreateLambdaLogGroupParamsForDigitrafficStack extends CreateLambdaLogGroupParams {
-    stack: DigitrafficStack;
+    stack: Stack & DigitrafficStackInterface;
 }
 export declare function createLambdaLogGroup(params: CreateLambdaLogGroupParamsForStack | CreateLambdaLogGroupParamsForDigitrafficStack): LogGroup;

package/dist/aws/infra/stack/rest-api.d.ts

@@ -1,3 +1,4 @@
+import type { Stack } from "aws-cdk-lib";
 import type { IResource, JsonSchema, Resource, ResourceOptions, RestApiProps } from "aws-cdk-lib/aws-apigateway";
 import { RestApi } from "aws-cdk-lib/aws-apigateway";
 import { PolicyDocument } from "aws-cdk-lib/aws-iam";
@@ -5,7 +6,7 @@ import { StringParameter } from "aws-cdk-lib/aws-ssm";
 import type { Construct } from "constructs";
 import type { ModelWithReference } from "../../types/model-with-reference.js";
 import type { DocumentationPart } from "../documentation.js";
-import type { DigitrafficStack } from "./stack.js";
+import type { DigitrafficStackInterface } from "./stack.js";
 export declare const PUBLIC_REST_API_CORS_CONFIG: {
     readonly defaultCorsPreflightOptions: {
         readonly allowOrigins: string[];
@@ -23,7 +24,7 @@ export declare class DigitrafficRestApi extends RestApi {
     readonly apiKeyIds: string[];
     readonly enableDocumentation: boolean;
     private readonly _stack;
-    constructor(stack: DigitrafficStack, apiId: string, apiName: string, allowFromIpAddresses?: string[] | undefined, config?: Partial<RestApiProps>);
+    constructor(stack: Stack & DigitrafficStackInterface, apiId: string, apiName: string, allowFromIpAddresses?: string[] | undefined, config?: Partial<RestApiProps>);
     hostname(): string;
     /** Export end point and api key to Parameter store */
     exportEndpoint(): [StringParameter, StringParameter];

package/dist/aws/infra/stack/stack.d.ts

@@ -29,7 +29,18 @@ export interface StackConfiguration {
     };
     readonly whitelistedResources?: string[];
 }
-export declare class DigitrafficStack extends Stack {
+export interface DigitrafficStackInterface {
+    readonly configuration: StackConfiguration;
+    readonly vpc?: IVpc;
+    readonly lambdaDbSg?: ISecurityGroup;
+    readonly alarmTopic: ITopic;
+    readonly warningTopic: ITopic;
+    createLambdaEnvironment(): DBLambdaEnvironment;
+    createDefaultLambdaEnvironment(dbApplication: string): DBLambdaEnvironment;
+    getSecret(): ISecret;
+    grantSecret(...lambdas: AWSFunction[]): void;
+}
+export declare class DigitrafficStack extends Stack implements DigitrafficStackInterface {
     readonly vpc?: IVpc;
     readonly lambdaDbSg?: ISecurityGroup;
     readonly alarmTopic: ITopic;

package/dist/aws/infra/stacks/network-stack.d.ts

@@ -6,7 +6,9 @@ import type { InfraStackConfiguration } from "./intra-stack-configuration.js";
 export interface NetworkConfiguration {
     readonly vpcName: string;
     readonly cidr: string;
+    readonly transitGatewayId?: string;
 }
+/** Creates a network stack with VPC and optional transit gateway routing */
 export declare class NetworkStack extends Stack {
     readonly vpc: IVpc;
     constructor(scope: Construct, id: string, isc: InfraStackConfiguration, configuration: NetworkConfiguration);

package/dist/aws/infra/stacks/network-stack.js

@@ -1,6 +1,7 @@
-import { IpAddresses, SubnetType, Vpc } from "aws-cdk-lib/aws-ec2";
+import { CfnRoute, IpAddresses, SubnetType, Vpc } from "aws-cdk-lib/aws-ec2";
 import { Stack } from "aws-cdk-lib/core";
 import { exportValue } from "../import-util.js";
+/** Creates a network stack with VPC and optional transit gateway routing */
 export class NetworkStack extends Stack {
     vpc;
     constructor(scope, id, isc, configuration) {
@@ -21,11 +22,13 @@ export class NetworkStack extends Stack {
         exportValue(this, isc.environmentName, "digitrafficprivateBSubnet", this.vpc.privateSubnets[1].subnetId);
     }
     createVpc(configuration) {
-        return new Vpc(this, "DigitrafficVPC", {
+        const vpc = new Vpc(this, "DigitrafficVPC", {
             vpcName: configuration.vpcName,
+            restrictDefaultSecurityGroup: false,
             availabilityZones: Stack.of(this).availabilityZones.sort().slice(0, 2), // take two first azs
             enableDnsHostnames: true,
             enableDnsSupport: true,
+            natGateways: configuration.transitGatewayId ? 0 : 2, // one for each AZ, or none if using transit gateway
             ipAddresses: IpAddresses.cidr(configuration.cidr),
             subnetConfiguration: [
                 {
@@ -40,6 +43,17 @@ export class NetworkStack extends Stack {
                 },
             ],
         });
+        // route traffic to transit gateway
+        if (configuration.transitGatewayId) {
+            vpc.selectSubnets(undefined).subnets.forEach((subnet) => {
+                new CfnRoute(this, `SubnetRouteToTgw${subnet.node.id}`, {
+                    routeTableId: subnet.routeTable.routeTableId,
+                    destinationCidrBlock: "0.0.0.0/0",
+                    transitGatewayId: configuration.transitGatewayId,
+                });
+            });
+        }
+        return vpc;
     }
 }
 //# sourceMappingURL=network-stack.js.map

package/dist/aws/runtime/dt-logger.js

@@ -88,9 +88,8 @@ export class DtLogger {
      */
     log(message) {
         // Append always method to message
-        if (!message.message ||
-            !message.message.length ||
-            !message.message.includes(message.method)) {
+        if (!message.message?.length ||
+            !message.message?.includes(message.method)) {
             message.message = `${message.method} ${message.message ?? ""}`;
         }
         const error = message.error

package/dist/index.d.ts

@@ -1 +1,2 @@
+export type { DigitrafficStackInterface } from "./aws/infra/stack/stack.js";
 export { DigitrafficStack } from "./aws/infra/stack/stack.js";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@digitraffic/common",
-  "version": "2026.4.17-3",
+  "version": "2026.4.20-2",
   "private": false,
   "description": "",
   "repository": {
@@ -124,7 +124,6 @@
     "@types/etag": "1.8.4",
     "@types/geojson": "7946.0.16",
     "@types/geojson-validation": "1.0.3",
-    "@types/lodash-es": "4.17.12",
     "@types/madge": "5.0.3",
     "@types/node": "24.12.2",
     "@vitest/coverage-v8": "4.1.4",
@@ -137,7 +136,6 @@
     "geojson-validation": "1.0.2",
     "ky": "1.14.3",
     "lefthook": "2.1.5",
-    "lodash-es": "4.18.1",
     "madge": "8.0.0",
     "pg-native": "3.7.0",
     "pg-promise": "12.6.2",
@@ -165,7 +163,6 @@
     "es-toolkit": "1.45.1",
     "geojson-validation": "1.0.2",
     "ky": "1.14.3",
-    "lodash-es": "4.18.1",
     "pg-native": "3.7.0",
     "pg-promise": "12.6.2",
     "zod": "4.3.6"