@fjall/components-infrastructure 0.89.4 → 0.89.6

package/dist/lib/patterns/aws/domainValidation.js

@@ -0,0 +1,145 @@
+import { Annotations } from "aws-cdk-lib";
+import { DNS_APEX } from "@fjall/util";
+const VALID_REGISTRARS = [
+    "route53",
+    "external-delegated",
+    "external-records"
+];
+/**
+ * Synchronous synth-time validator for `DomainProps`. Throws on hard errors
+ * (CDK catches and surfaces the stack trace pointing at the `new Domain(...)`
+ * call site). Emits CDK warnings (non-fatal) for advisories such as alias
+ * records carrying a runtime TTL that Route53 silently ignores.
+ *
+ * Pure: no I/O, no CDK side effects other than `Annotations.of(scope).addWarning`.
+ */
+export function validateDomainProps(scope, props) {
+    validateRegistrar(props);
+    const effectiveZone = resolveEffectiveZoneName(props);
+    validateRecords(scope, props, effectiveZone);
+    validateCertificates(props, effectiveZone);
+    validateDelegations(props);
+}
+function validateRegistrar(props) {
+    const registrar = props.registrar;
+    if (typeof registrar !== "string" ||
+        !VALID_REGISTRARS.includes(registrar)) {
+        throw new Error(`Domain registrar must be one of ${VALID_REGISTRARS.join(", ")}; received: ${String(registrar)}`);
+    }
+    // Runtime defence — TS forbids `delegations` on external-records, but a JS
+    // caller could still pass it. Surface the mistake loudly.
+    if (registrar === "external-records" &&
+        props.delegations !== undefined) {
+        throw new Error("Domain: 'delegations' is not supported with registrar: 'external-records' — there is no Fjall-managed hosted zone to cascade from.");
+    }
+}
+function resolveEffectiveZoneName(props) {
+    if (props.registrar === "external-delegated") {
+        const delegated = props;
+        if (!delegated.delegatedSubdomain) {
+            throw new Error("Domain: 'external-delegated' registrar requires a non-empty 'delegatedSubdomain'.");
+        }
+        return `${delegated.delegatedSubdomain}.${props.zoneName}`;
+    }
+    return props.zoneName;
+}
+function validateRecords(scope, props, effectiveZone) {
+    const records = props.records ?? [];
+    const seen = new Map();
+    for (const record of records) {
+        const fqdn = recordFqdn(record.name, effectiveZone);
+        if (!isWithinZone(fqdn, effectiveZone)) {
+            throw new Error(`Record '${fqdn}' falls outside managed zone '${effectiveZone}'. Use a separate Domain construct or a SubdomainDelegation.`);
+        }
+        if ("target" in record) {
+            if (record.name === DNS_APEX && props.registrar === "external-records") {
+                throw new Error("Apex A records with Fjall targets require registrar: 'route53' or 'external-delegated' because RFC 1035 forbids CNAME at apex. Use a subdomain or change registrar.");
+            }
+            // TTL on alias records is silently dropped by Route53 — warn so the user
+            // understands their TTL will not apply.
+            const runtimeTtl = record.ttl;
+            if (runtimeTtl !== undefined) {
+                Annotations.of(scope).addWarning(`TTL ignored on alias record '${fqdn}' — Route53 aliases inherit the target's TTL.`);
+            }
+        }
+        const dedupeKey = `${record.type}::${record.name}`;
+        const existing = seen.get(dedupeKey);
+        if (existing) {
+            // Two declarations at the same (type, name) are only legal if the first
+            // one is a StandardRecord with an array-valued `value`. Otherwise one
+            // record will overwrite the other at synth.
+            const existingValue = existing.value;
+            if (!Array.isArray(existingValue)) {
+                throw new Error(`Duplicate (${record.type}, ${record.name}) records declared. ` +
+                    `Merge into a single record with an array-valued 'value' to declare multiple values.`);
+            }
+        }
+        else {
+            seen.set(dedupeKey, record);
+        }
+    }
+}
+function validateCertificates(props, effectiveZone) {
+    const certificates = props.certificates ?? [];
+    for (const cert of certificates) {
+        const resolved = normaliseCertificate(cert);
+        assertWithinZone(resolved.domainName, effectiveZone);
+        for (const san of resolved.subjectAlternativeNames ?? []) {
+            assertWithinZone(san, effectiveZone);
+        }
+    }
+}
+function validateDelegations(props) {
+    if (props.registrar === "external-records") {
+        return;
+    }
+    const delegations = props
+        .delegations;
+    if (!delegations) {
+        return;
+    }
+    for (const delegation of delegations) {
+        if (delegation.auto === true && !delegation.toAccount) {
+            throw new Error(`Delegation '${delegation.subdomain}' has auto: true but no 'toAccount' set. Provide the child Fjall account name.`);
+        }
+    }
+}
+function normaliseCertificate(cert) {
+    if (typeof cert === "string") {
+        return { domainName: cert };
+    }
+    return {
+        domainName: cert.domainName,
+        subjectAlternativeNames: cert.subjectAlternativeNames
+    };
+}
+function recordFqdn(recordName, zoneName) {
+    if (recordName === DNS_APEX) {
+        return zoneName;
+    }
+    // A user may already provide a FQDN (e.g. "api.example.com") or a single
+    // label ("api"). If the name contains a dot, treat it as an FQDN — the
+    // zone-boundary check then decides whether it is within the managed zone.
+    // A bare label is always appended to the zone.
+    if (recordName.includes(".")) {
+        return recordName;
+    }
+    return `${recordName}.${zoneName}`;
+}
+function assertWithinZone(candidate, zoneName) {
+    if (!isWithinZone(candidate, zoneName)) {
+        throw new Error(`'${candidate}' falls outside managed zone '${zoneName}'. Use a separate Domain construct or a SubdomainDelegation.`);
+    }
+}
+/**
+ * Dot-boundary suffix matching. Rejects pathological cases where a user-supplied
+ * zone appears as a suffix of another zone (e.g. 'evilexample.com' against
+ * zone 'example.com' — `endsWith('example.com')` returns true without the
+ * leading dot).
+ */
+function isWithinZone(candidate, zoneName) {
+    if (candidate === zoneName) {
+        return true;
+    }
+    return candidate.endsWith(`.${zoneName}`);
+}

package/dist/lib/patterns/aws/externalRecordsPattern.d.ts

@@ -0,0 +1,18 @@
+import type { Construct } from "constructs";
+import { type ICertificate } from "aws-cdk-lib/aws-certificatemanager";
+import type { ExternalRecordsProps, ManualRecord } from "./interfaces/domain.js";
+export interface ExternalRecordsPatternResult {
+    readonly certificates: Map<string, ICertificate>;
+    readonly manualRecords: ManualRecord[];
+}
+/**
+ * Composition for `registrar: "external-records"`. No Route53 hosted zone is
+ * created; certificates still use ACM DNS validation (the user must paste the
+ * validation records at their external registrar) and any user-declared
+ * records are emitted as `ManualRecord` entries with per-record `CfnOutput`s
+ * so Phase 2 can resolve token values after deploy.
+ *
+ * Ordering invariant: certificate-validation entries come first so the user
+ * adds them before the app records (ACM can't issue until validation resolves).
+ */
+export declare function composeExternalRecords(scope: Construct, props: ExternalRecordsProps): ExternalRecordsPatternResult;

package/dist/lib/patterns/aws/externalRecordsPattern.js

@@ -0,0 +1,141 @@
+import { CfnOutput } from "aws-cdk-lib";
+import { Certificate as AcmCertificate, CertificateValidation } from "aws-cdk-lib/aws-certificatemanager";
+import { resolveTargetToDnsName } from "./targets/targetResolution.js";
+import { toPascalCase, getSafeZoneName } from "../../utils/capitaliseString.js";
+import { DNS_APEX } from "@fjall/util";
+const MANUAL_RECORD_TTL_SECONDS = 300;
+/**
+ * Composition for `registrar: "external-records"`. No Route53 hosted zone is
+ * created; certificates still use ACM DNS validation (the user must paste the
+ * validation records at their external registrar) and any user-declared
+ * records are emitted as `ManualRecord` entries with per-record `CfnOutput`s
+ * so Phase 2 can resolve token values after deploy.
+ *
+ * Ordering invariant: certificate-validation entries come first so the user
+ * adds them before the app records (ACM can't issue until validation resolves).
+ */
+export function composeExternalRecords(scope, props) {
+    const safeZone = toPascalCase(getSafeZoneName(props.zoneName));
+    const certificates = new Map();
+    const manualRecords = [];
+    // 1. Certificates — ACM DNS validation emits CNAMEs the user must paste at
+    //    their registrar. Capture the validation records as ManualRecord
+    //    entries (cert-validation first per ordering invariant).
+    const normalisedCerts = (props.certificates ?? []).map(normaliseCertificate);
+    normalisedCerts.forEach((cert, index) => {
+        const safeCertName = toPascalCase(cert.domainName.split(".").join(""));
+        const acm = new AcmCertificate(scope, `${safeZone}${safeCertName}Cert${index}`, {
+            domainName: cert.domainName,
+            subjectAlternativeNames: cert.subjectAlternativeNames,
+            // No hosted zone to validate against — ACM emits tokens for the user
+            // to resolve via `describeStackResources` or deploy output.
+            validation: CertificateValidation.fromDns(),
+            transparencyLoggingEnabled: cert.transparencyLogging ?? true
+        });
+        certificates.set(cert.domainName, acm);
+        const certNames = [
+            cert.domainName,
+            ...(cert.subjectAlternativeNames ?? [])
+        ];
+        certNames.forEach((name, nameIndex) => {
+            // `domainValidationOption` returns a token CNAME name/value pair. Using
+            // `attrDomainValidationOptions` returns an array token; per-name lookup
+            // uses index. CDK exposes the first validation option via
+            // `certificate.certificateArn` only — we fall back to emitting a
+            // predictable CfnOutput pointing to the attribute for Phase 2.
+            const record = {
+                name: `_acme-challenge.${name}`,
+                type: "CNAME",
+                value: `<ACM-validation-token-for-${name}>`,
+                ttl: MANUAL_RECORD_TTL_SECONDS,
+                reason: "certificate-validation"
+            };
+            manualRecords.push(record);
+            emitManualRecordOutputs(scope, safeZone, manualRecords.length - 1, record, `CertValidation${safeCertName}${nameIndex}`);
+        });
+    });
+    // 2. User-declared records. Typed targets resolve to token strings via
+    //    `resolveTargetToDnsName`. Apex ALIAS was already rejected by
+    //    `validateDomainProps`, so all records here are safe to emit as manual
+    //    entries.
+    const records = props.records ?? [];
+    records.forEach((record, index) => {
+        const fqdn = toFqdn(record.name, props.zoneName);
+        if ("target" in record) {
+            const value = resolveTargetToDnsName(record.target);
+            const manual = {
+                name: fqdn,
+                type: "CNAME",
+                value,
+                ttl: MANUAL_RECORD_TTL_SECONDS,
+                reason: "user-declared"
+            };
+            manualRecords.push(manual);
+            emitManualRecordOutputs(scope, safeZone, manualRecords.length - 1, manual, `UserRecord${index}`);
+            return;
+        }
+        const rawValue = record.value;
+        const joined = Array.isArray(rawValue) ? rawValue.join(", ") : rawValue;
+        const manual = {
+            name: fqdn,
+            type: narrowManualType(record.type),
+            value: joined,
+            ttl: record.ttl ?? MANUAL_RECORD_TTL_SECONDS,
+            reason: "user-declared"
+        };
+        manualRecords.push(manual);
+        emitManualRecordOutputs(scope, safeZone, manualRecords.length - 1, manual, `UserRecord${index}`);
+    });
+    return { certificates, manualRecords };
+}
+function normaliseCertificate(cert) {
+    if (typeof cert === "string") {
+        return { domainName: cert };
+    }
+    return {
+        domainName: cert.domainName,
+        subjectAlternativeNames: cert.subjectAlternativeNames,
+        transparencyLogging: cert.transparencyLogging
+    };
+}
+function toFqdn(recordName, zoneName) {
+    if (recordName === DNS_APEX) {
+        return zoneName;
+    }
+    if (recordName === zoneName || recordName.endsWith(`.${zoneName}`)) {
+        return recordName;
+    }
+    return `${recordName}.${zoneName}`;
+}
+function narrowManualType(type) {
+    switch (type) {
+        case "A":
+        case "AAAA":
+        case "CNAME":
+        case "TXT":
+            return type;
+        case "MX":
+        case "NS":
+        case "SRV":
+        case "CAA":
+            // External-records mode can only describe A/AAAA/CNAME/TXT to the user
+            // in a paste-ready form; other types still surface their value under a
+            // TXT-style hint so the user knows the raw content.
+            return "TXT";
+    }
+}
+function emitManualRecordOutputs(scope, safeZone, index, record, discriminator) {
+    new CfnOutput(scope, `${safeZone}ManualRecord${discriminator}Name`, {
+        key: `${safeZone}ManualRecord${index}Name`,
+        value: record.name,
+        description: `External-records manual DNS entry (${record.reason})`
+    });
+    new CfnOutput(scope, `${safeZone}ManualRecord${discriminator}Type`, {
+        key: `${safeZone}ManualRecord${index}Type`,
+        value: record.type
+    });
+    new CfnOutput(scope, `${safeZone}ManualRecord${discriminator}Value`, {
+        key: `${safeZone}ManualRecord${index}Value`,
+        value: record.value
+    });
+}

package/dist/lib/patterns/aws/fivetranProxy.d.ts

@@ -1,6 +1,6 @@
 import { Stack, type StackProps } from "aws-cdk-lib";
 import { type Construct } from "constructs";
-import { type KeyValue } from "../../types";
+import { type KeyValue } from "../../types.js";
 import { type Connections } from "aws-cdk-lib/aws-ec2";
 import { type IVpc } from "aws-cdk-lib/aws-ec2";
 interface ProxyAgentProps extends StackProps {

package/dist/lib/patterns/aws/fivetranProxy.js

@@ -1,15 +1,12 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.FivetranProxy = void 0;
-const aws_cdk_lib_1 = require("aws-cdk-lib");
-const ec2_1 = require("../../resources/aws/compute/ec2");
-const aws_ec2_1 = require("aws-cdk-lib/aws-ec2");
-class FivetranProxy extends aws_cdk_lib_1.Stack {
+import { Stack } from "aws-cdk-lib";
+import { Ec2Instance } from "../../resources/aws/compute/ec2.js";
+import { UserData } from "aws-cdk-lib/aws-ec2";
+export class FivetranProxy extends Stack {
     constructor(scope, id, props) {
         super(scope, id, props);
-        const userData = aws_ec2_1.UserData.forLinux();
+        const userData = UserData.forLinux();
         userData.addCommands("groupadd fivetran", "useradd -m -g fivetran fivetran", "mkdir -p /home/fivetran/.ssh", "chown fivetran:fivetran /home/fivetran/.ssh", "chmod 700 /home/fivetran/.ssh", `echo "${props.publicKey}" > /home/fivetran/.ssh/authorized_keys`, "chown fivetran:fivetran /home/fivetran/.ssh/authorized_keys", "chmod 600 /home/fivetran/.ssh/authorized_keys");
-        new ec2_1.Ec2Instance(this, "FivetranProxy", {
+        new Ec2Instance(this, "FivetranProxy", {
             accountId: props.accountId,
             serviceName: "fivetranProxy",
             vpc: props.vpc,
@@ -29,5 +26,3 @@ class FivetranProxy extends aws_cdk_lib_1.Stack {
         });
     }
 }
-exports.FivetranProxy = FivetranProxy;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZml2ZXRyYW5Qcm94eS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL2xpYi9wYXR0ZXJucy9hd3MvZml2ZXRyYW5Qcm94eS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSw2Q0FBcUQ7QUFDckQseURBQThEO0FBRzlELGlEQUFpRTtBQWFqRSxNQUFhLGFBQWMsU0FBUSxtQkFBSztJQUN0QyxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQXNCO1FBQzlELEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBRXhCLE1BQU0sUUFBUSxHQUFHLGtCQUFRLENBQUMsUUFBUSxFQUFFLENBQUM7UUFFckMsUUFBUSxDQUFDLFdBQVcsQ0FDbEIsbUJBQW1CLEVBQ25CLGlDQUFpQyxFQUNqQyw4QkFBOEIsRUFDOUIsNkNBQTZDLEVBQzdDLCtCQUErQixFQUMvQixTQUFTLEtBQUssQ0FBQyxTQUFTLHlDQUF5QyxFQUNqRSw2REFBNkQsRUFDN0QsK0NBQStDLENBQ2hELENBQUM7UUFFRixJQUFJLGlCQUFXLENBQUMsSUFBSSxFQUFFLGVBQWUsRUFBRTtZQUNyQyxTQUFTLEVBQUUsS0FBSyxDQUFDLFNBQVM7WUFDMUIsV0FBVyxFQUFFLGVBQWU7WUFDNUIsR0FBRyxFQUFFLEtBQUssQ0FBQyxHQUFHO1lBQ2QsWUFBWSxFQUFFLEtBQUssQ0FBQyxZQUFZLElBQUksVUFBVTtZQUM5QyxTQUFTLEVBQUUsS0FBSyxDQUFDLFNBQVMsSUFBSSxJQUFJO1lBQ2xDLEdBQUcsRUFBRTtnQkFDSCxPQUFPLEVBQUUsS0FBSyxDQUFDLEdBQUcsRUFBRSxPQUFPO2dCQUMzQixNQUFNLEVBQUUsS0FBSyxDQUFDLEdBQUcsRUFBRSxNQUFNO2FBQzFCO1lBQ0QsUUFBUSxFQUFFLFFBQVE7WUFDbEIsSUFBSSxFQUFFO2dCQUNKLEdBQUcsS0FBSyxDQUFDLElBQUk7Z0JBQ2Isa0NBQWtDLEVBQUUsWUFBWTtnQkFDaEQsOEJBQThCLEVBQUUsVUFBVTtnQkFDMUMsNEJBQTRCLEVBQUUsTUFBTTthQUNyQztTQUNGLENBQUMsQ0FBQztJQUNMLENBQUM7Q0FDRjtBQXBDRCxzQ0FvQ0MiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBTdGFjaywgdHlwZSBTdGFja1Byb3BzIH0gZnJvbSBcImF3cy1jZGstbGliXCI7XG5pbXBvcnQgeyBFYzJJbnN0YW5jZSB9IGZyb20gXCIuLi8uLi9yZXNvdXJjZXMvYXdzL2NvbXB1dGUvZWMyXCI7XG5pbXBvcnQgeyB0eXBlIENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQgeyB0eXBlIEtleVZhbHVlIH0gZnJvbSBcIi4uLy4uL3R5cGVzXCI7XG5pbXBvcnQgeyB0eXBlIENvbm5lY3Rpb25zLCBVc2VyRGF0YSB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtZWMyXCI7XG5pbXBvcnQgeyB0eXBlIElWcGMgfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWVjMlwiO1xuXG5pbnRlcmZhY2UgUHJveHlBZ2VudFByb3BzIGV4dGVuZHMgU3RhY2tQcm9wcyB7XG4gIGFjY291bnRJZD86IHN0cmluZztcbiAgdnBjPzogSVZwYztcbiAgcHVibGljS2V5OiBzdHJpbmc7XG4gIGVuYWJsZVNTSD86IGJvb2xlYW47XG4gIGluc3RhbmNlVHlwZTogc3RyaW5nO1xuICBkYXRhYmFzZUNvbm5lY3Rpb24/OiBDb25uZWN0aW9ucztcbiAgdGFncz86IEtleVZhbHVlO1xufVxuXG5leHBvcnQgY2xhc3MgRml2ZXRyYW5Qcm94eSBleHRlbmRzIFN0YWNrIHtcbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IFByb3h5QWdlbnRQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCwgcHJvcHMpO1xuXG4gICAgY29uc3QgdXNlckRhdGEgPSBVc2VyRGF0YS5mb3JMaW51eCgpO1xuXG4gICAgdXNlckRhdGEuYWRkQ29tbWFuZHMoXG4gICAgICBcImdyb3VwYWRkIGZpdmV0cmFuXCIsXG4gICAgICBcInVzZXJhZGQgLW0gLWcgZml2ZXRyYW4gZml2ZXRyYW5cIixcbiAgICAgIFwibWtkaXIgLXAgL2hvbWUvZml2ZXRyYW4vLnNzaFwiLFxuICAgICAgXCJjaG93biBmaXZldHJhbjpmaXZldHJhbiAvaG9tZS9maXZldHJhbi8uc3NoXCIsXG4gICAgICBcImNobW9kIDcwMCAvaG9tZS9maXZldHJhbi8uc3NoXCIsXG4gICAgICBgZWNobyBcIiR7cHJvcHMucHVibGljS2V5fVwiID4gL2hvbWUvZml2ZXRyYW4vLnNzaC9hdXRob3JpemVkX2tleXNgLFxuICAgICAgXCJjaG93biBmaXZldHJhbjpmaXZldHJhbiAvaG9tZS9maXZldHJhbi8uc3NoL2F1dGhvcml6ZWRfa2V5c1wiLFxuICAgICAgXCJjaG1vZCA2MDAgL2hvbWUvZml2ZXRyYW4vLnNzaC9hdXRob3JpemVkX2tleXNcIlxuICAgICk7XG5cbiAgICBuZXcgRWMySW5zdGFuY2UodGhpcywgXCJGaXZldHJhblByb3h5XCIsIHtcbiAgICAgIGFjY291bnRJZDogcHJvcHMuYWNjb3VudElkLFxuICAgICAgc2VydmljZU5hbWU6IFwiZml2ZXRyYW5Qcm94eVwiLFxuICAgICAgdnBjOiBwcm9wcy52cGMsXG4gICAgICBpbnN0YW5jZVR5cGU6IHByb3BzLmluc3RhbmNlVHlwZSB8fCBcInQyLm1pY3JvXCIsXG4gICAgICBlbmFibGVTU0g6IHByb3BzLmVuYWJsZVNTSCB8fCB0cnVlLFxuICAgICAgZW52OiB7XG4gICAgICAgIGFjY291bnQ6IHByb3BzLmVudj8uYWNjb3VudCxcbiAgICAgICAgcmVnaW9uOiBwcm9wcy5lbnY/LnJlZ2lvblxuICAgICAgfSxcbiAgICAgIHVzZXJEYXRhOiB1c2VyRGF0YSxcbiAgICAgIHRhZ3M6IHtcbiAgICAgICAgLi4ucHJvcHMudGFncyxcbiAgICAgICAgXCJmamFsbDpjb3N0QWxsb2NhdGlvbjplbnZpcm9ubWVudFwiOiBcInByb2R1Y3Rpb25cIixcbiAgICAgICAgXCJmamFsbDpjb3N0QWxsb2NhdGlvbjpzZXJ2aWNlXCI6IFwiZml2ZXRyYW5cIixcbiAgICAgICAgXCJmamFsbDpjb3N0QWxsb2NhdGlvbjpvd25lclwiOiBcImRhdGFcIlxuICAgICAgfVxuICAgIH0pO1xuICB9XG59XG4iXX0=

package/dist/lib/patterns/aws/index.d.ts

@@ -1,19 +1,21 @@
-export * from "./organisation";
-export * from "./platform";
-export * from "./account";
-export * from "./organisationFactory";
-export * from "./buildkite";
-export * from "../../resources/aws/compute/ec2";
-export * from "./fivetranProxy";
-export * from "./database";
-export * from "../../resources/aws/networking/hostedZone";
-export * from "./domainFactory";
-export * from "./domainDelegation";
-export * from "./interfaces/domain";
-export * from "./compute";
-export * from "./storage";
-export * from "./auditRole";
-export * from "./network";
-export * from "./cdn";
-export * from "./messaging";
-export * from "./pattern";
+export * from "./organisation.js";
+export * from "./platform.js";
+export * from "./account.js";
+export * from "./organisationFactory.js";
+export * from "./buildkite.js";
+export * from "./fivetranProxy.js";
+export * from "./database.js";
+export * from "../../resources/aws/compute/ec2.js";
+export * from "../../resources/aws/networking/hostedZone.js";
+export * from "./domainFactory.js";
+export * from "./domainDelegation.js";
+export { Domain } from "./domain.js";
+export * from "./targets/index.js";
+export { getDomainExportNames, type DnsRecordInput, type DelegationInput, type CertificateInput, type DomainApexProps, type DomainDelegatedProps, type IDomainProps, type ManagedDomainExports, type FjallTarget, type StandardRecord, type DnsRecord, type Certificate, type SubdomainDelegation, type DomainCommonProps, type Route53ApexProps, type ExternalDelegatedProps, type ExternalRecordsProps, type DomainProps, type ManualRecord } from "./interfaces/domain.js";
+export * from "./compute.js";
+export * from "./storage.js";
+export * from "./auditRole.js";
+export * from "./network.js";
+export * from "./cdn.js";
+export * from "./messaging.js";
+export * from "./pattern.js";

package/dist/lib/patterns/aws/index.js

@@ -1,39 +1,28 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
 // Organisation patterns
-__exportStar(require("./organisation"), exports);
-__exportStar(require("./platform"), exports);
-__exportStar(require("./account"), exports);
-__exportStar(require("./organisationFactory"), exports);
-__exportStar(require("./buildkite"), exports);
-__exportStar(require("../../resources/aws/compute/ec2"), exports);
-__exportStar(require("./fivetranProxy"), exports);
-__exportStar(require("./database"), exports);
-__exportStar(require("../../resources/aws/networking/hostedZone"), exports);
+export * from "./organisation.js";
+export * from "./platform.js";
+export * from "./account.js";
+export * from "./organisationFactory.js";
+export * from "./buildkite.js";
+export * from "./fivetranProxy.js";
+export * from "./database.js";
+// Resource-layer re-exports — consumed by patterns that compose these primitives
+export * from "../../resources/aws/compute/ec2.js";
+export * from "../../resources/aws/networking/hostedZone.js";
 // Domain patterns
-__exportStar(require("./domainFactory"), exports);
-__exportStar(require("./domainDelegation"), exports);
-__exportStar(require("./interfaces/domain"), exports);
+export * from "./domainFactory.js";
+export * from "./domainDelegation.js";
+export { Domain } from "./domain.js";
+export * from "./targets/index.js";
+// Explicit exports from the interfaces barrel — avoids collision between the
+// `AliasRecord` DNS-record construct re-exported via `resources/aws/networking`
+// and the `AliasRecord` TypeScript type declared in `interfaces/domain.ts`.
+export { getDomainExportNames } from "./interfaces/domain.js";
 // Patterns
-__exportStar(require("./compute"), exports);
-__exportStar(require("./storage"), exports);
-__exportStar(require("./auditRole"), exports);
-__exportStar(require("./network"), exports);
-__exportStar(require("./cdn"), exports);
-__exportStar(require("./messaging"), exports);
-__exportStar(require("./pattern"), exports);
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9saWIvcGF0dGVybnMvYXdzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSx3QkFBd0I7QUFDeEIsaURBQStCO0FBQy9CLDZDQUEyQjtBQUMzQiw0Q0FBMEI7QUFDMUIsd0RBQXNDO0FBRXRDLDhDQUE0QjtBQUM1QixrRUFBZ0Q7QUFDaEQsa0RBQWdDO0FBQ2hDLDZDQUEyQjtBQUMzQiw0RUFBMEQ7QUFFMUQsa0JBQWtCO0FBQ2xCLGtEQUFnQztBQUNoQyxxREFBbUM7QUFDbkMsc0RBQW9DO0FBRXBDLFdBQVc7QUFDWCw0Q0FBMEI7QUFDMUIsNENBQTBCO0FBQzFCLDhDQUE0QjtBQUM1Qiw0Q0FBMEI7QUFDMUIsd0NBQXNCO0FBQ3RCLDhDQUE0QjtBQUM1Qiw0Q0FBMEIiLCJzb3VyY2VzQ29udGVudCI6WyIvLyBPcmdhbmlzYXRpb24gcGF0dGVybnNcbmV4cG9ydCAqIGZyb20gXCIuL29yZ2FuaXNhdGlvblwiO1xuZXhwb3J0ICogZnJvbSBcIi4vcGxhdGZvcm1cIjtcbmV4cG9ydCAqIGZyb20gXCIuL2FjY291bnRcIjtcbmV4cG9ydCAqIGZyb20gXCIuL29yZ2FuaXNhdGlvbkZhY3RvcnlcIjtcblxuZXhwb3J0ICogZnJvbSBcIi4vYnVpbGRraXRlXCI7XG5leHBvcnQgKiBmcm9tIFwiLi4vLi4vcmVzb3VyY2VzL2F3cy9jb21wdXRlL2VjMlwiO1xuZXhwb3J0ICogZnJvbSBcIi4vZml2ZXRyYW5Qcm94eVwiO1xuZXhwb3J0ICogZnJvbSBcIi4vZGF0YWJhc2VcIjtcbmV4cG9ydCAqIGZyb20gXCIuLi8uLi9yZXNvdXJjZXMvYXdzL25ldHdvcmtpbmcvaG9zdGVkWm9uZVwiO1xuXG4vLyBEb21haW4gcGF0dGVybnNcbmV4cG9ydCAqIGZyb20gXCIuL2RvbWFpbkZhY3RvcnlcIjtcbmV4cG9ydCAqIGZyb20gXCIuL2RvbWFpbkRlbGVnYXRpb25cIjtcbmV4cG9ydCAqIGZyb20gXCIuL2ludGVyZmFjZXMvZG9tYWluXCI7XG5cbi8vIFBhdHRlcm5zXG5leHBvcnQgKiBmcm9tIFwiLi9jb21wdXRlXCI7XG5leHBvcnQgKiBmcm9tIFwiLi9zdG9yYWdlXCI7XG5leHBvcnQgKiBmcm9tIFwiLi9hdWRpdFJvbGVcIjtcbmV4cG9ydCAqIGZyb20gXCIuL25ldHdvcmtcIjtcbmV4cG9ydCAqIGZyb20gXCIuL2NkblwiO1xuZXhwb3J0ICogZnJvbSBcIi4vbWVzc2FnaW5nXCI7XG5leHBvcnQgKiBmcm9tIFwiLi9wYXR0ZXJuXCI7XG4iXX0=
+export * from "./compute.js";
+export * from "./storage.js";
+export * from "./auditRole.js";
+export * from "./network.js";
+export * from "./cdn.js";
+export * from "./messaging.js";
+export * from "./pattern.js";

package/dist/lib/patterns/aws/interfaces/cdn.js

@@ -1,14 +1,10 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.isCdn = isCdn;
 /**
  * Type guard to check if a resource is a CDN distribution.
  */
-function isCdn(resource) {
+export function isCdn(resource) {
     return (typeof resource === "object" &&
         resource !== null &&
         "getDistributionDomainName" in resource &&
         "getDistributionId" in resource &&
         "getDistribution" in resource);
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2RuLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vbGliL3BhdHRlcm5zL2F3cy9pbnRlcmZhY2VzL2Nkbi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQThCQSxzQkFRQztBQVhEOztHQUVHO0FBQ0gsU0FBZ0IsS0FBSyxDQUFDLFFBQWlCO0lBQ3JDLE9BQU8sQ0FDTCxPQUFPLFFBQVEsS0FBSyxRQUFRO1FBQzVCLFFBQVEsS0FBSyxJQUFJO1FBQ2pCLDJCQUEyQixJQUFJLFFBQVE7UUFDdkMsbUJBQW1CLElBQUksUUFBUTtRQUMvQixpQkFBaUIsSUFBSSxRQUFRLENBQzlCLENBQUM7QUFDSixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHR5cGUgeyBDb25zdHJ1Y3QgfSBmcm9tIFwiY29uc3RydWN0c1wiO1xuaW1wb3J0IHR5cGUgeyBEaXN0cmlidXRpb24gfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWNsb3VkZnJvbnRcIjtcblxuLyoqXG4gKiBDRE4gdHlwZSBkaXNjcmltaW5hdG9yLlxuICogQ3VycmVudGx5IG9ubHkgQ2xvdWRGcm9udCBpcyBzdXBwb3J0ZWQuXG4gKi9cbmV4cG9ydCB0eXBlIENkblR5cGUgPSBcImNsb3VkZnJvbnRcIjtcblxuLyoqXG4gKiBSdW50aW1lIGludGVyZmFjZSBmb3IgQ0ROIGRpc3RyaWJ1dGlvbnMuXG4gKiBQcm92aWRlcyBhY2Nlc3MgdG8gdGhlIHVuZGVybHlpbmcgQ2xvdWRGcm9udCBkaXN0cmlidXRpb24uXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgSUNkbiB7XG4gIHJlYWRvbmx5IG5vZGU6IENvbnN0cnVjdFtcIm5vZGVcIl07XG5cbiAgZ2V0RGlzdHJpYnV0aW9uRG9tYWluTmFtZSgpOiBzdHJpbmc7XG4gIGdldERpc3RyaWJ1dGlvbklkKCk6IHN0cmluZztcbiAgZ2V0RGlzdHJpYnV0aW9uKCk6IERpc3RyaWJ1dGlvbjtcbn1cblxuLyoqXG4gKiBVbmlvbiB0eXBlIHJlcHJlc2VudGluZyBhbnkgQ0ROIGludGVyZmFjZS5cbiAqIEN1cnJlbnRseSBvbmx5IENsb3VkRnJvbnQsIGJ1dCBleHRlbnNpYmxlIGZvciBmdXR1cmUgQ0ROIHR5cGVzLlxuICovXG5leHBvcnQgdHlwZSBBbnlDZG4gPSBJQ2RuO1xuXG4vKipcbiAqIFR5cGUgZ3VhcmQgdG8gY2hlY2sgaWYgYSByZXNvdXJjZSBpcyBhIENETiBkaXN0cmlidXRpb24uXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiBpc0NkbihyZXNvdXJjZTogdW5rbm93bik6IHJlc291cmNlIGlzIElDZG4ge1xuICByZXR1cm4gKFxuICAgIHR5cGVvZiByZXNvdXJjZSA9PT0gXCJvYmplY3RcIiAmJlxuICAgIHJlc291cmNlICE9PSBudWxsICYmXG4gICAgXCJnZXREaXN0cmlidXRpb25Eb21haW5OYW1lXCIgaW4gcmVzb3VyY2UgJiZcbiAgICBcImdldERpc3RyaWJ1dGlvbklkXCIgaW4gcmVzb3VyY2UgJiZcbiAgICBcImdldERpc3RyaWJ1dGlvblwiIGluIHJlc291cmNlXG4gICk7XG59XG4iXX0=

package/dist/lib/patterns/aws/interfaces/compute.js

@@ -1,4 +1,3 @@
-"use strict";
 /**
  * Type-safe compute interfaces.
  *
@@ -13,36 +12,30 @@
  * lambda.getFunctionUrl(); // ✓ Available on ILambdaCompute
  * lambda.getLoadBalancer(); // ✗ Compile error - not on ILambdaCompute
  */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.isEcsCompute = isEcsCompute;
-exports.isLambdaCompute = isLambdaCompute;
-exports.isEc2Compute = isEc2Compute;
-exports.isCompute = isCompute;
 /**
  * Type guard to check if a compute is ECS.
  */
-function isEcsCompute(compute) {
+export function isEcsCompute(compute) {
     return compute.computeType === "ecs";
 }
 /**
  * Type guard to check if a compute is Lambda.
  */
-function isLambdaCompute(compute) {
+export function isLambdaCompute(compute) {
     return compute.computeType === "lambda";
 }
 /**
  * Type guard to check if a compute is EC2.
  */
-function isEc2Compute(compute) {
+export function isEc2Compute(compute) {
     return compute.computeType === "ec2";
 }
 /**
  * Type guard to check if a resource is any compute type.
  */
-function isCompute(resource) {
+export function isCompute(resource) {
     return (resource !== null &&
         typeof resource === "object" &&
         "computeType" in resource &&
         typeof resource.computeType === "string");
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29tcHV0ZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uL2xpYi9wYXR0ZXJucy9hd3MvaW50ZXJmYWNlcy9jb21wdXRlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQTs7Ozs7Ozs7Ozs7OztHQWFHOztBQW9ISCxvQ0FFQztBQUtELDBDQUVDO0FBS0Qsb0NBRUM7QUFLRCw4QkFPQztBQS9CRDs7R0FFRztBQUNILFNBQWdCLFlBQVksQ0FBQyxPQUFpQjtJQUM1QyxPQUFPLE9BQU8sQ0FBQyxXQUFXLEtBQUssS0FBSyxDQUFDO0FBQ3ZDLENBQUM7QUFFRDs7R0FFRztBQUNILFNBQWdCLGVBQWUsQ0FBQyxPQUFpQjtJQUMvQyxPQUFPLE9BQU8sQ0FBQyxXQUFXLEtBQUssUUFBUSxDQUFDO0FBQzFDLENBQUM7QUFFRDs7R0FFRztBQUNILFNBQWdCLFlBQVksQ0FBQyxPQUFpQjtJQUM1QyxPQUFPLE9BQU8sQ0FBQyxXQUFXLEtBQUssS0FBSyxDQUFDO0FBQ3ZDLENBQUM7QUFFRDs7R0FFRztBQUNILFNBQWdCLFNBQVMsQ0FBQyxRQUFpQjtJQUN6QyxPQUFPLENBQ0wsUUFBUSxLQUFLLElBQUk7UUFDakIsT0FBTyxRQUFRLEtBQUssUUFBUTtRQUM1QixhQUFhLElBQUksUUFBUTtRQUN6QixPQUFRLFFBQXFCLENBQUMsV0FBVyxLQUFLLFFBQVEsQ0FDdkQsQ0FBQztBQUNKLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIvKipcbiAqIFR5cGUtc2FmZSBjb21wdXRlIGludGVyZmFjZXMuXG4gKlxuICogVGhlc2UgaW50ZXJmYWNlcyBwcm92aWRlIGNvbXBpbGUtdGltZSB0eXBlIHNhZmV0eSBmb3IgY29tcHV0ZSByZXNvdXJjZXMuXG4gKiBFYWNoIGNvbXB1dGUgdHlwZSBoYXMgYSBzcGVjaWZpYyBpbnRlcmZhY2Ugd2l0aCBvbmx5IHRoZSBtZXRob2RzIHRoYXQgYXBwbHkgdG8gaXQuXG4gKlxuICogQGV4YW1wbGVcbiAqIGNvbnN0IGVjcyA9IGFwcC5hZGRDb21wdXRlKENvbXB1dGVGYWN0b3J5LmJ1aWxkKFwiQXBpXCIsIHsgdHlwZTogXCJlY3NcIiwgLi4uIH0pKTtcbiAqIGVjcy5nZXRMb2FkQmFsYW5jZXIoKTsgLy8g4pyTIEF2YWlsYWJsZSBvbiBJRWNzQ29tcHV0ZVxuICpcbiAqIGNvbnN0IGxhbWJkYSA9IGFwcC5hZGRDb21wdXRlKENvbXB1dGVGYWN0b3J5LmJ1aWxkKFwiRm5cIiwgeyB0eXBlOiBcImxhbWJkYVwiLCAuLi4gfSkpO1xuICogbGFtYmRhLmdldEZ1bmN0aW9uVXJsKCk7IC8vIOKckyBBdmFpbGFibGUgb24gSUxhbWJkYUNvbXB1dGVcbiAqIGxhbWJkYS5nZXRMb2FkQmFsYW5jZXIoKTsgLy8g4pyXIENvbXBpbGUgZXJyb3IgLSBub3Qgb24gSUxhbWJkYUNvbXB1dGVcbiAqL1xuXG5pbXBvcnQgeyB0eXBlIElDbHVzdGVyLCB0eXBlIElCYXNlU2VydmljZSB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtZWNzXCI7XG5pbXBvcnQgeyB0eXBlIElBcHBsaWNhdGlvbkxvYWRCYWxhbmNlciB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtZWxhc3RpY2xvYWRiYWxhbmNpbmd2MlwiO1xuaW1wb3J0IHsgdHlwZSBJRnVuY3Rpb24gfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWxhbWJkYVwiO1xuaW1wb3J0IHsgdHlwZSBJQXV0b1NjYWxpbmdHcm91cCB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtYXV0b3NjYWxpbmdcIjtcbmltcG9ydCB7IHR5cGUgSVNlY3VyaXR5R3JvdXAsIHR5cGUgSUNvbm5lY3RhYmxlIH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1lYzJcIjtcbmltcG9ydCB7IHR5cGUgSUdyYW50YWJsZSwgdHlwZSBHcmFudCB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtaWFtXCI7XG5pbXBvcnQgeyB0eXBlIENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5cbi8qKlxuICogQ29tcHV0ZSB0eXBlIGRpc2NyaW1pbmF0b3IuXG4gKiBVc2VkIHRvIGRldGVybWluZSB3aGljaCBzcGVjaWZpYyBpbnRlcmZhY2UgYXBwbGllcy5cbiAqL1xuZXhwb3J0IHR5cGUgQ29tcHV0ZVR5cGUgPSBcImVjc1wiIHwgXCJsYW1iZGFcIiB8IFwiZWMyXCI7XG5cbi8qKlxuICogQmFzZSBjb21wdXRlIGludGVyZmFjZS5cbiAqIEFsbCBjb21wdXRlIHR5cGVzIGltcGxlbWVudCB0aGlzIGludGVyZmFjZS5cbiAqL1xuZXhwb3J0IGludGVyZmFjZSBJQ29tcHV0ZSB7XG4gIC8qKiBUaGUgdHlwZSBvZiBjb21wdXRlIHJlc291cmNlLiBVc2VkIGZvciBydW50aW1lIHR5cGUgbmFycm93aW5nLiAqL1xuICByZWFkb25seSBjb21wdXRlVHlwZTogQ29tcHV0ZVR5cGU7XG5cbiAgLyoqIFRoZSB1bmRlcmx5aW5nIENESyBjb25zdHJ1Y3Qgbm9kZS4gKi9cbiAgcmVhZG9ubHkgbm9kZTogQ29uc3RydWN0W1wibm9kZVwiXTtcbn1cblxuLyoqXG4gKiBFQ1MgY29tcHV0ZSBpbnRlcmZhY2UuXG4gKiBQcm92aWRlcyBhY2Nlc3MgdG8gRUNTLXNwZWNpZmljIHJlc291cmNlcyBsaWtlIGNsdXN0ZXJzLCBsb2FkIGJhbGFuY2VycywgYW5kIHNlcnZpY2VzLlxuICovXG5leHBvcnQgaW50ZXJmYWNlIElFY3NDb21wdXRlIGV4dGVuZHMgSUNvbXB1dGUsIElDb25uZWN0YWJsZSB7XG4gIHJlYWRvbmx5IGNvbXB1dGVUeXBlOiBcImVjc1wiO1xuXG4gIC8qKiBHZXQgdGhlIEVDUyBjbHVzdGVyLiAqL1xuICBnZXRDbHVzdGVyKCk6IElDbHVzdGVyO1xuXG4gIC8qKiBHZXQgdGhlIEFwcGxpY2F0aW9uIExvYWQgQmFsYW5jZXIgaWYgb25lIHdhcyBjcmVhdGVkLiAqL1xuICBnZXRMb2FkQmFsYW5jZXIoKTogSUFwcGxpY2F0aW9uTG9hZEJhbGFuY2VyIHwgdW5kZWZpbmVkO1xuXG4gIC8qKlxuICAgKiBHZXQgYSBzcGVjaWZpYyBzZXJ2aWNlIGJ5IG5hbWUuXG4gICAqIFJldHVybnMgSUJhc2VTZXJ2aWNlIHdoaWNoIGlzIHRoZSBjb21tb24gaW50ZXJmYWNlIGZvciBib3RoIEZhcmdhdGUgYW5kIEVDMiBzZXJ2aWNlcy5cbiAgICogQHBhcmFtIG5hbWUgVGhlIHNlcnZpY2UgbmFtZVxuICAgKi9cbiAgZ2V0U2VydmljZShuYW1lOiBzdHJpbmcpOiBJQmFzZVNlcnZpY2UgfCB1bmRlZmluZWQ7XG5cbiAgLyoqIEdldCBhbGwgc2VydmljZXMgaW4gdGhlIGNsdXN0ZXIuICovXG4gIGdldEFsbFNlcnZpY2VzKCk6IElCYXNlU2VydmljZVtdO1xuXG4gIC8qKiBHZXQgdGhlIHNlY3VyaXR5IGdyb3VwIGZvciB0aGUgY2x1c3Rlci4gKi9cbiAgZ2V0U2VjdXJpdHlHcm91cCgpOiBJU2VjdXJpdHlHcm91cDtcbn1cblxuLyoqXG4gKiBMYW1iZGEgY29tcHV0ZSBpbnRlcmZhY2UuXG4gKiBQcm92aWRlcyBhY2Nlc3MgdG8gTGFtYmRhLXNwZWNpZmljIHJlc291cmNlcyBsaWtlIGZ1bmN0aW9ucyBhbmQgZnVuY3Rpb24gVVJMcy5cbiAqIEV4dGVuZHMgSUNvbm5lY3RhYmxlIGZvciBWUEMtYmFzZWQgTGFtYmRhcyB0aGF0IG5lZWQgc2VjdXJpdHkgZ3JvdXAgY29ubmVjdGlvbnMuXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgSUxhbWJkYUNvbXB1dGUgZXh0ZW5kcyBJQ29tcHV0ZSwgSUNvbm5lY3RhYmxlIHtcbiAgcmVhZG9ubHkgY29tcHV0ZVR5cGU6IFwibGFtYmRhXCI7XG5cbiAgLyoqXG4gICAqIEdldCBhIExhbWJkYSBmdW5jdGlvbiBieSBuYW1lLlxuICAgKiBJZiBubyBuYW1lIGlzIHByb3ZpZGVkIGFuZCB0aGVyZSdzIGEgc2luZ2xlIGZ1bmN0aW9uLCByZXR1cm5zIHRoYXQgZnVuY3Rpb24uXG4gICAqIEBwYXJhbSBuYW1lIE9wdGlvbmFsIGZ1bmN0aW9uIG5hbWVcbiAgICovXG4gIGdldEZ1bmN0aW9uKG5hbWU/OiBzdHJpbmcpOiBJRnVuY3Rpb24gfCB1bmRlZmluZWQ7XG5cbiAgLyoqIEdldCBhbGwgTGFtYmRhIGZ1bmN0aW9ucy4gKi9cbiAgZ2V0QWxsRnVuY3Rpb25zKCk6IElGdW5jdGlvbltdO1xuXG4gIC8qKlxuICAgKiBHZXQgdGhlIGZ1bmN0aW9uIFVSTCBmb3IgYSBMYW1iZGEgZnVuY3Rpb24uXG4gICAqIEBwYXJhbSBuYW1lIE9wdGlvbmFsIGZ1bmN0aW9uIG5hbWVcbiAgICovXG4gIGdldEZ1bmN0aW9uVXJsKG5hbWU/OiBzdHJpbmcpOiBzdHJpbmcgfCB1bmRlZmluZWQ7XG5cbiAgLyoqXG4gICAqIEdldCB0aGUgc2VjdXJpdHkgZ3JvdXAgZm9yIFZQQy1lbmFibGVkIExhbWJkYSBmdW5jdGlvbnMuXG4gICAqIFJldHVybnMgdW5kZWZpbmVkIGlmIHRoZSBMYW1iZGEgaXMgbm90IFZQQy1lbmFibGVkLlxuICAgKi9cbiAgZ2V0U2VjdXJpdHlHcm91cCgpOiBJU2VjdXJpdHlHcm91cCB8IHVuZGVmaW5lZDtcblxuICAvKipcbiAgICogR3JhbnQgaW52b2tlIHBlcm1pc3Npb25zIHRvIGEgZ3JhbnRlZS5cbiAgICogQHBhcmFtIGdyYW50ZWUgVGhlIHByaW5jaXBhbCB0byBncmFudCBpbnZva2UgcGVybWlzc2lvbnMgdG9cbiAgICogQHBhcmFtIGZ1bmN0aW9uTmFtZSBPcHRpb25hbCBzcGVjaWZpYyBmdW5jdGlvbiBuYW1lXG4gICAqL1xuICBncmFudEludm9rZShncmFudGVlOiBJR3JhbnRhYmxlLCBmdW5jdGlvbk5hbWU/OiBzdHJpbmcpOiBHcmFudDtcbn1cblxuLyoqXG4gKiBFQzIgY29tcHV0ZSBpbnRlcmZhY2UuXG4gKiBQcm92aWRlcyBhY2Nlc3MgdG8gRUMyLXNwZWNpZmljIHJlc291cmNlcyBsaWtlIEF1dG8gU2NhbGluZyBHcm91cHMgYW5kIHNlY3VyaXR5IGdyb3Vwcy5cbiAqL1xuZXhwb3J0IGludGVyZmFjZSBJRWMyQ29tcHV0ZSBleHRlbmRzIElDb21wdXRlLCBJQ29ubmVjdGFibGUge1xuICByZWFkb25seSBjb21wdXRlVHlwZTogXCJlYzJcIjtcblxuICAvKiogR2V0IHRoZSBBdXRvIFNjYWxpbmcgR3JvdXAuICovXG4gIGdldEF1dG9TY2FsaW5nR3JvdXAoKTogSUF1dG9TY2FsaW5nR3JvdXA7XG5cbiAgLyoqIEdldCB0aGUgc2VjdXJpdHkgZ3JvdXAuICovXG4gIGdldFNlY3VyaXR5R3JvdXAoKTogSVNlY3VyaXR5R3JvdXA7XG59XG5cbi8qKlxuICogVW5pb24gdHlwZSByZXByZXNlbnRpbmcgYW55IGNvbXB1dGUgaW50ZXJmYWNlLlxuICogVXNlIHdpdGggdHlwZSBndWFyZHMgZm9yIGdlbmVyaWMgaGFuZGxpbmcuXG4gKi9cbmV4cG9ydCB0eXBlIEFueUNvbXB1dGUgPSBJRWNzQ29tcHV0ZSB8IElMYW1iZGFDb21wdXRlIHwgSUVjMkNvbXB1dGU7XG5cbi8qKlxuICogVHlwZSBndWFyZCB0byBjaGVjayBpZiBhIGNvbXB1dGUgaXMgRUNTLlxuICovXG5leHBvcnQgZnVuY3Rpb24gaXNFY3NDb21wdXRlKGNvbXB1dGU6IElDb21wdXRlKTogY29tcHV0ZSBpcyBJRWNzQ29tcHV0ZSB7XG4gIHJldHVybiBjb21wdXRlLmNvbXB1dGVUeXBlID09PSBcImVjc1wiO1xufVxuXG4vKipcbiAqIFR5cGUgZ3VhcmQgdG8gY2hlY2sgaWYgYSBjb21wdXRlIGlzIExhbWJkYS5cbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIGlzTGFtYmRhQ29tcHV0ZShjb21wdXRlOiBJQ29tcHV0ZSk6IGNvbXB1dGUgaXMgSUxhbWJkYUNvbXB1dGUge1xuICByZXR1cm4gY29tcHV0ZS5jb21wdXRlVHlwZSA9PT0gXCJsYW1iZGFcIjtcbn1cblxuLyoqXG4gKiBUeXBlIGd1YXJkIHRvIGNoZWNrIGlmIGEgY29tcHV0ZSBpcyBFQzIuXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiBpc0VjMkNvbXB1dGUoY29tcHV0ZTogSUNvbXB1dGUpOiBjb21wdXRlIGlzIElFYzJDb21wdXRlIHtcbiAgcmV0dXJuIGNvbXB1dGUuY29tcHV0ZVR5cGUgPT09IFwiZWMyXCI7XG59XG5cbi8qKlxuICogVHlwZSBndWFyZCB0byBjaGVjayBpZiBhIHJlc291cmNlIGlzIGFueSBjb21wdXRlIHR5cGUuXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiBpc0NvbXB1dGUocmVzb3VyY2U6IHVua25vd24pOiByZXNvdXJjZSBpcyBJQ29tcHV0ZSB7XG4gIHJldHVybiAoXG4gICAgcmVzb3VyY2UgIT09IG51bGwgJiZcbiAgICB0eXBlb2YgcmVzb3VyY2UgPT09IFwib2JqZWN0XCIgJiZcbiAgICBcImNvbXB1dGVUeXBlXCIgaW4gcmVzb3VyY2UgJiZcbiAgICB0eXBlb2YgKHJlc291cmNlIGFzIElDb21wdXRlKS5jb21wdXRlVHlwZSA9PT0gXCJzdHJpbmdcIlxuICApO1xufVxuIl19

package/dist/lib/patterns/aws/interfaces/connector.js

@@ -1,20 +1,6 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.isSecurityGroupConnector = exports.isQueueConnector = exports.isDynamoDBConnector = exports.isStorageConnector = exports.isConnectionConfig = exports.isConnectable = exports.isConnector = exports.isMessagingAccess = exports.isConnectionAccess = exports.CONNECTION_TYPE = void 0;
 /**
  * Re-export from canonical location in lib/utils/.
  * Connector types are shared between resources and patterns layers,
  * so they belong in utils per the infrastructure layer boundary rules.
  */
-var connector_js_1 = require("../../../utils/connector.js");
-Object.defineProperty(exports, "CONNECTION_TYPE", { enumerable: true, get: function () { return connector_js_1.CONNECTION_TYPE; } });
-Object.defineProperty(exports, "isConnectionAccess", { enumerable: true, get: function () { return connector_js_1.isConnectionAccess; } });
-Object.defineProperty(exports, "isMessagingAccess", { enumerable: true, get: function () { return connector_js_1.isMessagingAccess; } });
-Object.defineProperty(exports, "isConnector", { enumerable: true, get: function () { return connector_js_1.isConnector; } });
-Object.defineProperty(exports, "isConnectable", { enumerable: true, get: function () { return connector_js_1.isConnectable; } });
-Object.defineProperty(exports, "isConnectionConfig", { enumerable: true, get: function () { return connector_js_1.isConnectionConfig; } });
-Object.defineProperty(exports, "isStorageConnector", { enumerable: true, get: function () { return connector_js_1.isStorageConnector; } });
-Object.defineProperty(exports, "isDynamoDBConnector", { enumerable: true, get: function () { return connector_js_1.isDynamoDBConnector; } });
-Object.defineProperty(exports, "isQueueConnector", { enumerable: true, get: function () { return connector_js_1.isQueueConnector; } });
-Object.defineProperty(exports, "isSecurityGroupConnector", { enumerable: true, get: function () { return connector_js_1.isSecurityGroupConnector; } });
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29ubmVjdG9yLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vbGliL3BhdHRlcm5zL2F3cy9pbnRlcmZhY2VzL2Nvbm5lY3Rvci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQTs7OztHQUlHO0FBQ0gsNERBd0JxQztBQVpuQywrR0FBQSxlQUFlLE9BQUE7QUFHZixrSEFBQSxrQkFBa0IsT0FBQTtBQUNsQixpSEFBQSxpQkFBaUIsT0FBQTtBQUNqQiwyR0FBQSxXQUFXLE9BQUE7QUFDWCw2R0FBQSxhQUFhLE9BQUE7QUFDYixrSEFBQSxrQkFBa0IsT0FBQTtBQUNsQixrSEFBQSxrQkFBa0IsT0FBQTtBQUNsQixtSEFBQSxtQkFBbUIsT0FBQTtBQUNuQixnSEFBQSxnQkFBZ0IsT0FBQTtBQUNoQix3SEFBQSx3QkFBd0IsT0FBQSIsInNvdXJjZXNDb250ZW50IjpbIi8qKlxuICogUmUtZXhwb3J0IGZyb20gY2Fub25pY2FsIGxvY2F0aW9uIGluIGxpYi91dGlscy8uXG4gKiBDb25uZWN0b3IgdHlwZXMgYXJlIHNoYXJlZCBiZXR3ZWVuIHJlc291cmNlcyBhbmQgcGF0dGVybnMgbGF5ZXJzLFxuICogc28gdGhleSBiZWxvbmcgaW4gdXRpbHMgcGVyIHRoZSBpbmZyYXN0cnVjdHVyZSBsYXllciBib3VuZGFyeSBydWxlcy5cbiAqL1xuZXhwb3J0IHtcbiAgdHlwZSBDb25uZWN0b3JUeXBlLFxuICB0eXBlIENvbm5lY3Rpb25BY2Nlc3MsXG4gIHR5cGUgTWVzc2FnaW5nQWNjZXNzLFxuICB0eXBlIElDb25uZWN0b3IsXG4gIHR5cGUgSVN0b3JhZ2VDb25uZWN0b3IsXG4gIHR5cGUgSUR5bmFtb0RCQ29ubmVjdG9yLFxuICB0eXBlIElRdWV1ZUNvbm5lY3RvcixcbiAgdHlwZSBJU2VjdXJpdHlHcm91cENvbm5lY3RvcixcbiAgdHlwZSBBbnlDb25uZWN0b3IsXG4gIHR5cGUgQ29ubmVjdGlvbkNvbmZpZyxcbiAgdHlwZSBDb25uZWN0aW9uU3BlYyxcbiAgQ09OTkVDVElPTl9UWVBFLFxuICB0eXBlIENvbm5lY3Rpb25UeXBlLFxuICB0eXBlIENvbm5lY3Rpb25SZXN1bHQsXG4gIGlzQ29ubmVjdGlvbkFjY2VzcyxcbiAgaXNNZXNzYWdpbmdBY2Nlc3MsXG4gIGlzQ29ubmVjdG9yLFxuICBpc0Nvbm5lY3RhYmxlLFxuICBpc0Nvbm5lY3Rpb25Db25maWcsXG4gIGlzU3RvcmFnZUNvbm5lY3RvcixcbiAgaXNEeW5hbW9EQkNvbm5lY3RvcixcbiAgaXNRdWV1ZUNvbm5lY3RvcixcbiAgaXNTZWN1cml0eUdyb3VwQ29ubmVjdG9yXG59IGZyb20gXCIuLi8uLi8uLi91dGlscy9jb25uZWN0b3IuanNcIjtcbiJdfQ==
+export { CONNECTION_TYPE, isConnectionAccess, isMessagingAccess, isConnector, isConnectable, isConnectionConfig, isStorageConnector, isDynamoDBConnector, isQueueConnector, isSecurityGroupConnector } from "../../../utils/connector.js";

package/dist/lib/patterns/aws/interfaces/database.d.ts

@@ -17,7 +17,7 @@ import { type ITable } from "aws-cdk-lib/aws-dynamodb";
 import { type IConnectable } from "aws-cdk-lib/aws-ec2";
 import { type IGrantable, type Grant } from "aws-cdk-lib/aws-iam";
 import { type Construct } from "constructs";
-import { type Secret } from "../../../resources/aws/secrets";
+import { type Secret } from "../../../resources/aws/secrets/index.js";
 /**
  * Database type discriminator.
  * Relational types share the IRelationalDatabase interface.