@fnd-platform/cli 1.0.0-alpha.2 → 1.0.0-alpha.20

package/lib/lib/infra-generator.js

@@ -1,6 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.generateInfraPackage = generateInfraPackage;
+exports.getFrontendStackTemplate = getFrontendStackTemplate;
+exports.getCmsStackTemplate = getCmsStackTemplate;
+exports.updateAppTsForStack = updateAppTsForStack;
+exports.generateFrontendStack = generateFrontendStack;
+exports.generateCmsStack = generateCmsStack;
 const fs_1 = require("fs");
 const path_1 = require("path");
 const logger_js_1 = require("./logger.js");
@@ -20,13 +25,19 @@ function generateInfraPackage(options) {
     logger_js_1.logger.info('Generating infrastructure package...');
     // Create directory structure
     (0, fs_1.mkdirSync)((0, path_1.join)(infraDir, 'src/stacks'), { recursive: true });
-    // Generate files
+    // Generate package config files
     (0, fs_1.writeFileSync)((0, path_1.join)(infraDir, 'package.json'), getPackageJsonTemplate(options));
     (0, fs_1.writeFileSync)((0, path_1.join)(infraDir, 'tsconfig.json'), getTsconfigTemplate());
     (0, fs_1.writeFileSync)((0, path_1.join)(infraDir, 'cdk.json'), getCdkJsonTemplate());
+    // Generate app entry point
     (0, fs_1.writeFileSync)((0, path_1.join)(infraDir, 'src/app.ts'), getAppTemplate(options));
+    // Generate stack files
+    (0, fs_1.writeFileSync)((0, path_1.join)(infraDir, 'src/stacks/database-stack.ts'), getDatabaseStackTemplate(options));
+    (0, fs_1.writeFileSync)((0, path_1.join)(infraDir, 'src/stacks/media-stack.ts'), getMediaStackTemplate(options));
     (0, fs_1.writeFileSync)((0, path_1.join)(infraDir, 'src/stacks/api-stack.ts'), getApiStackTemplate(options));
+    (0, fs_1.writeFileSync)((0, path_1.join)(infraDir, 'src/stacks/auth-stack.ts'), getAuthStackTemplate(options));
     logger_js_1.logger.success('Infrastructure package generated at packages/infra');
+    logger_js_1.logger.info('Generated stacks: AuthStack, DatabaseStack, MediaStack, ApiStack');
 }
 /**
  * Returns the package.json template.
@@ -45,13 +56,16 @@ function getPackageJsonTemplate(options) {
             diff: 'cdk diff',
         },
         dependencies: {
-            '@fnd-platform/constructs': 'workspace:*',
+            '@fnd-platform/constructs': '^1.0.0-alpha.4',
             'aws-cdk-lib': '^2.130.0',
             constructs: '^10.3.0',
+            'source-map-support': '^0.5.21',
         },
         devDependencies: {
             '@types/node': '^20.0.0',
+            '@types/source-map-support': '^0.5.10',
             'aws-cdk': '^2.130.0',
+            esbuild: '^0.20.0',
             typescript: '^5.6.3',
         },
     }, null, 2);
@@ -103,80 +117,378 @@ function getCdkJsonTemplate() {
  * Returns the app.ts template.
  */
 function getAppTemplate(options) {
-    // Convert project name to PascalCase for class naming
-    const stackClassName = toPascalCase(options.projectName) + 'Api';
-    return `#!/usr/bin/env npx ts-node
-import { App } from 'aws-cdk-lib';
-import { ApiStack } from './stacks/api-stack.js';
+    const pascalName = toPascalCase(options.projectName);
+    return `#!/usr/bin/env node
+/**
+ * CDK Application Entry Point for ${options.projectName}
+ */
+
+import 'source-map-support/register';
+import * as cdk from 'aws-cdk-lib';
 
-const app = new App();
+import { AuthStack } from './stacks/auth-stack';
+import { DatabaseStack } from './stacks/database-stack';
+import { MediaStack } from './stacks/media-stack';
+import { ApiStack } from './stacks/api-stack';
 
-// Get stage from context (default to 'dev')
+// Create the CDK app
+const app = new cdk.App();
+
+// Get deployment stage from context (default: dev)
 const stage = app.node.tryGetContext('stage') || 'dev';
 
-new ApiStack(app, '${stackClassName}', {
+// Validate stage
+const validStages = ['dev', 'staging', 'prod'];
+if (!validStages.includes(stage)) {
+  throw new Error(\`Invalid stage '\${stage}'. Must be one of: \${validStages.join(', ')}\`);
+}
+
+// Environment configuration
+const env: cdk.Environment = {
+  account: process.env.CDK_DEFAULT_ACCOUNT,
+  region: process.env.CDK_DEFAULT_REGION || 'us-east-1',
+};
+
+// Stack naming convention
+const stackName = (name: string) => \`${pascalName}\${name}Stack-\${stage}\`;
+
+/**
+ * Auth Stack
+ * Creates Cognito User Pool for authentication
+ */
+const authStack = new AuthStack(app, stackName('Auth'), {
+  env,
+  stage,
+  description: '${options.projectName}: Authentication',
+});
+
+/**
+ * Database Stack
+ * Creates DynamoDB table with GSIs
+ */
+const databaseStack = new DatabaseStack(app, stackName('Database'), {
+  env,
   stage,
-  env: {
-    account: process.env.CDK_DEFAULT_ACCOUNT,
-    region: process.env.CDK_DEFAULT_REGION,
-  },
+  description: '${options.projectName}: DynamoDB table',
 });
 
-app.synth();
+/**
+ * Media Stack
+ * Creates S3 bucket and CloudFront for media
+ */
+const mediaStack = new MediaStack(app, stackName('Media'), {
+  env,
+  stage,
+  description: '${options.projectName}: Media storage',
+});
+
+/**
+ * API Stack
+ * Creates Lambda functions and API Gateway
+ */
+const apiStack = new ApiStack(app, stackName('Api'), {
+  env,
+  stage,
+  table: databaseStack.table,
+  mediaBucket: mediaStack.bucket,
+  userPool: authStack.userPool,
+  description: '${options.projectName}: API',
+});
+
+// API depends on database, media, and auth
+apiStack.addDependency(databaseStack);
+apiStack.addDependency(mediaStack);
+apiStack.addDependency(authStack);
+
+// Add tags to all stacks
+const tags = {
+  Project: '${options.projectName}',
+  Stage: stage,
+  ManagedBy: 'cdk',
+  CreatedBy: 'fnd-platform',
+};
+
+Object.entries(tags).forEach(([key, value]) => {
+  cdk.Tags.of(app).add(key, value);
+});
+
+// Output summary
+console.log(\`
+╔════════════════════════════════════════════════════════════╗
+║                    ${options.projectName} Infrastructure
+╠════════════════════════════════════════════════════════════╣
+║  Stage: \${stage}
+║  Region: \${env.region || 'us-east-1'}
+║
+║  Stacks:
+║    - \${stackName('Auth')}
+║    - \${stackName('Database')}
+║    - \${stackName('Media')}
+║    - \${stackName('Api')}
+╚════════════════════════════════════════════════════════════╝
+\`);
 `;
 }
 /**
  * Returns the api-stack.ts template.
  */
 function getApiStackTemplate(options) {
-    const apiName = options.projectName.replace(/-/g, '_');
-    return `import {
-  FndApiStack,
-  FndApiStackProps,
+    const pascalName = toPascalCase(options.projectName);
+    const lowerName = options.projectName.toLowerCase();
+    return `/**
+ * API Stack for ${options.projectName}
+ *
+ * Creates Lambda functions and API Gateway with content CRUD endpoints.
+ */
+
+import * as cdk from 'aws-cdk-lib';
+import * as apigateway from 'aws-cdk-lib/aws-apigateway';
+import * as cognito from 'aws-cdk-lib/aws-cognito';
+import * as dynamodb from 'aws-cdk-lib/aws-dynamodb';
+import * as s3 from 'aws-cdk-lib/aws-s3';
+import * as path from 'path';
+import { Construct } from 'constructs';
+import {
   FndLambdaFunction,
   FndApiGateway,
 } from '@fnd-platform/constructs';
-import { Construct } from 'constructs';
-import * as path from 'path';
 
-/**
- * API Stack for ${options.projectName}.
- *
- * This stack creates:
- * - Lambda functions for API handlers
- * - API Gateway REST API with routes
- */
-export class ApiStack extends FndApiStack {
-  constructor(scope: Construct, id: string, props: FndApiStackProps) {
+export interface ApiStackProps extends cdk.StackProps {
+  stage: string;
+  table: dynamodb.ITable;
+  mediaBucket: s3.IBucket;
+  userPool: cognito.IUserPool;
+}
+
+export class ApiStack extends cdk.Stack {
+  /**
+   * The API URL
+   */
+  public readonly apiUrl: string;
+
+  constructor(scope: Construct, id: string, props: ApiStackProps) {
     super(scope, id, props);
 
-    // Path to the API package
-    const apiPackagePath = path.resolve(__dirname, '../../${options.apiPackageName}');
+    const { stage, table, mediaBucket, userPool } = props;
+
+    // Create Cognito authorizer for authenticated routes
+    const authorizer = new apigateway.CognitoUserPoolsAuthorizer(this, 'CognitoAuthorizer', {
+      cognitoUserPools: [userPool],
+      authorizerName: '${lowerName}-authorizer',
+      identitySource: 'method.request.header.Authorization',
+    });
 
     // Health check handler
     const healthHandler = new FndLambdaFunction(this, 'HealthHandler', {
-      entry: path.join(apiPackagePath, 'src/handlers/health.ts'),
-      stage: this.stage,
+      entry: path.join(__dirname, '../../../${options.apiPackageName}/src/handlers/health.ts'),
+      stage,
       description: 'Health check endpoint',
+      environment: {
+        TABLE_NAME: table.tableName,
+        MEDIA_BUCKET: mediaBucket.bucketName,
+      },
+    });
+
+    // Content CRUD handler (single handler for all content operations)
+    const contentHandler = new FndLambdaFunction(this, 'ContentHandler', {
+      entry: path.join(__dirname, '../../../${options.apiPackageName}/src/handlers/content.ts'),
+      stage,
+      description: 'Content CRUD operations',
+      environment: {
+        TABLE_NAME: table.tableName,
+        MEDIA_BUCKET: mediaBucket.bucketName,
+      },
     });
 
-    // API Gateway
+    // Grant DynamoDB access to handlers
+    table.grantReadWriteData(healthHandler.function);
+    table.grantReadWriteData(contentHandler.function);
+
+    // Grant S3 access for media operations
+    mediaBucket.grantReadWrite(healthHandler.function);
+    mediaBucket.grantReadWrite(contentHandler.function);
+
+    // API Gateway with all routes
     const api = new FndApiGateway(this, 'Api', {
-      name: '${apiName}',
-      stage: this.stage,
+      name: '${lowerName}-api',
+      stage,
+      authorizer,
       routes: [
+        // Health check (public)
         {
           method: 'GET',
           path: '/health',
           handler: healthHandler.function,
           requiresAuth: false,
         },
-        // Add more routes here as you create handlers
+        // Content routes
+        {
+          method: 'GET',
+          path: '/content',
+          handler: contentHandler.function,
+          requiresAuth: false,
+        },
+        {
+          method: 'POST',
+          path: '/content',
+          handler: contentHandler.function,
+          requiresAuth: true,
+        },
+        {
+          method: 'GET',
+          path: '/content/{id}',
+          handler: contentHandler.function,
+          requiresAuth: false,
+        },
+        {
+          method: 'PUT',
+          path: '/content/{id}',
+          handler: contentHandler.function,
+          requiresAuth: true,
+        },
+        {
+          method: 'DELETE',
+          path: '/content/{id}',
+          handler: contentHandler.function,
+          requiresAuth: true,
+        },
+        {
+          method: 'GET',
+          path: '/content/slug/{slug}',
+          handler: contentHandler.function,
+          requiresAuth: false,
+        },
       ],
     });
 
-    // Stack outputs
-    this.addOutput('ApiUrl', api.url, 'API Gateway URL');
+    this.apiUrl = api.url;
+
+    // Outputs
+    new cdk.CfnOutput(this, 'ApiUrl', {
+      value: api.url,
+      description: 'API Gateway URL',
+      exportName: \`${pascalName}-ApiUrl-\${stage}\`,
+    });
+  }
+}
+`;
+}
+/**
+ * Returns the auth-stack.ts template.
+ */
+function getAuthStackTemplate(options) {
+    const pascalName = toPascalCase(options.projectName);
+    const lowerName = options.projectName.toLowerCase();
+    return `/**
+ * Auth Stack for ${options.projectName}
+ *
+ * Creates Cognito User Pool for authentication.
+ */
+
+import * as cdk from 'aws-cdk-lib';
+import * as cognito from 'aws-cdk-lib/aws-cognito';
+import { Construct } from 'constructs';
+
+export interface AuthStackProps extends cdk.StackProps {
+  stage: string;
+}
+
+export class AuthStack extends cdk.Stack {
+  /**
+   * The Cognito User Pool
+   */
+  public readonly userPool: cognito.UserPool;
+
+  /**
+   * The User Pool ID
+   */
+  public readonly userPoolId: string;
+
+  /**
+   * The User Pool Client
+   */
+  public readonly userPoolClient: cognito.UserPoolClient;
+
+  /**
+   * The User Pool Client ID
+   */
+  public readonly userPoolClientId: string;
+
+  constructor(scope: Construct, id: string, props: AuthStackProps) {
+    super(scope, id, props);
+
+    const { stage } = props;
+    const isProd = stage === 'prod';
+
+    // Create Cognito User Pool
+    this.userPool = new cognito.UserPool(this, 'UserPool', {
+      userPoolName: \`${lowerName}-users-\${stage}\`,
+      selfSignUpEnabled: false, // Admin creates users
+      signInAliases: {
+        email: true,
+      },
+      autoVerify: {
+        email: true,
+      },
+      standardAttributes: {
+        email: {
+          required: true,
+          mutable: true,
+        },
+      },
+      passwordPolicy: {
+        minLength: 8,
+        requireLowercase: true,
+        requireUppercase: true,
+        requireDigits: true,
+        requireSymbols: false,
+      },
+      accountRecovery: cognito.AccountRecovery.EMAIL_ONLY,
+      removalPolicy: isProd ? cdk.RemovalPolicy.RETAIN : cdk.RemovalPolicy.DESTROY,
+    });
+
+    this.userPoolId = this.userPool.userPoolId;
+
+    // Create User Pool Client
+    this.userPoolClient = this.userPool.addClient('WebClient', {
+      userPoolClientName: \`${lowerName}-web-client-\${stage}\`,
+      authFlows: {
+        userPassword: true,
+        userSrp: true,
+      },
+      preventUserExistenceErrors: true,
+      accessTokenValidity: cdk.Duration.hours(1),
+      idTokenValidity: cdk.Duration.hours(1),
+      refreshTokenValidity: cdk.Duration.days(30),
+    });
+
+    this.userPoolClientId = this.userPoolClient.userPoolClientId;
+
+    // Create admin group
+    new cognito.CfnUserPoolGroup(this, 'AdminGroup', {
+      userPoolId: this.userPool.userPoolId,
+      groupName: 'admin',
+      description: 'Administrator group with full CMS access',
+    });
+
+    // Outputs
+    new cdk.CfnOutput(this, 'UserPoolId', {
+      value: this.userPoolId,
+      description: 'Cognito User Pool ID',
+      exportName: \`${pascalName}-UserPoolId-\${stage}\`,
+    });
+
+    new cdk.CfnOutput(this, 'UserPoolClientId', {
+      value: this.userPoolClientId,
+      description: 'Cognito User Pool Client ID',
+      exportName: \`${pascalName}-UserPoolClientId-\${stage}\`,
+    });
+
+    new cdk.CfnOutput(this, 'UserPoolArn', {
+      value: this.userPool.userPoolArn,
+      description: 'Cognito User Pool ARN',
+      exportName: \`${pascalName}-UserPoolArn-\${stage}\`,
+    });
   }
 }
 `;
@@ -190,4 +502,645 @@ function toPascalCase(str) {
         .map((word) => word.charAt(0).toUpperCase() + word.slice(1).toLowerCase())
         .join('');
 }
+/**
+ * Returns the database-stack.ts template.
+ */
+function getDatabaseStackTemplate(options) {
+    const pascalName = toPascalCase(options.projectName);
+    const lowerName = options.projectName.toLowerCase();
+    return `/**
+ * Database Stack for ${options.projectName}
+ *
+ * Creates DynamoDB table with GSIs for single-table design.
+ */
+
+import * as cdk from 'aws-cdk-lib';
+import * as dynamodb from 'aws-cdk-lib/aws-dynamodb';
+import { Construct } from 'constructs';
+
+export interface DatabaseStackProps extends cdk.StackProps {
+  stage: string;
+}
+
+export class DatabaseStack extends cdk.Stack {
+  /**
+   * The main DynamoDB table
+   */
+  public readonly table: dynamodb.Table;
+
+  constructor(scope: Construct, id: string, props: DatabaseStackProps) {
+    super(scope, id, props);
+
+    const { stage } = props;
+    const isProd = stage === 'prod';
+
+    // Create the main table with single-table design
+    this.table = new dynamodb.Table(this, 'Table', {
+      tableName: \`${lowerName}-\${stage}\`,
+      partitionKey: {
+        name: 'PK',
+        type: dynamodb.AttributeType.STRING,
+      },
+      sortKey: {
+        name: 'SK',
+        type: dynamodb.AttributeType.STRING,
+      },
+      billingMode: isProd
+        ? dynamodb.BillingMode.PROVISIONED
+        : dynamodb.BillingMode.PAY_PER_REQUEST,
+      ...(isProd && {
+        readCapacity: 5,
+        writeCapacity: 5,
+      }),
+      removalPolicy: isProd
+        ? cdk.RemovalPolicy.RETAIN
+        : cdk.RemovalPolicy.DESTROY,
+      pointInTimeRecovery: isProd,
+      encryption: dynamodb.TableEncryption.AWS_MANAGED,
+    });
+
+    // GSI1: Lookup by slug or secondary key
+    this.table.addGlobalSecondaryIndex({
+      indexName: 'GSI1',
+      partitionKey: {
+        name: 'GSI1PK',
+        type: dynamodb.AttributeType.STRING,
+      },
+      sortKey: {
+        name: 'GSI1SK',
+        type: dynamodb.AttributeType.STRING,
+      },
+      projectionType: dynamodb.ProjectionType.ALL,
+    });
+
+    // GSI2: List by type/status with timestamp sorting
+    this.table.addGlobalSecondaryIndex({
+      indexName: 'GSI2',
+      partitionKey: {
+        name: 'GSI2PK',
+        type: dynamodb.AttributeType.STRING,
+      },
+      sortKey: {
+        name: 'GSI2SK',
+        type: dynamodb.AttributeType.STRING,
+      },
+      projectionType: dynamodb.ProjectionType.ALL,
+    });
+
+    // Enable auto-scaling for production
+    if (isProd) {
+      const readScaling = this.table.autoScaleReadCapacity({
+        minCapacity: 5,
+        maxCapacity: 100,
+      });
+      readScaling.scaleOnUtilization({
+        targetUtilizationPercent: 70,
+      });
+
+      const writeScaling = this.table.autoScaleWriteCapacity({
+        minCapacity: 5,
+        maxCapacity: 100,
+      });
+      writeScaling.scaleOnUtilization({
+        targetUtilizationPercent: 70,
+      });
+    }
+
+    // Outputs
+    new cdk.CfnOutput(this, 'TableName', {
+      value: this.table.tableName,
+      description: 'DynamoDB table name',
+      exportName: \`${pascalName}-TableName-\${stage}\`,
+    });
+
+    new cdk.CfnOutput(this, 'TableArn', {
+      value: this.table.tableArn,
+      description: 'DynamoDB table ARN',
+      exportName: \`${pascalName}-TableArn-\${stage}\`,
+    });
+  }
+}
+`;
+}
+/**
+ * Returns the media-stack.ts template.
+ */
+function getMediaStackTemplate(options) {
+    const pascalName = toPascalCase(options.projectName);
+    const lowerName = options.projectName.toLowerCase();
+    return `/**
+ * Media Stack for ${options.projectName}
+ *
+ * Creates S3 bucket and CloudFront distribution for media uploads.
+ */
+
+import * as cdk from 'aws-cdk-lib';
+import * as s3 from 'aws-cdk-lib/aws-s3';
+import * as cloudfront from 'aws-cdk-lib/aws-cloudfront';
+import * as origins from 'aws-cdk-lib/aws-cloudfront-origins';
+import { Construct } from 'constructs';
+
+export interface MediaStackProps extends cdk.StackProps {
+  stage: string;
+}
+
+export class MediaStack extends cdk.Stack {
+  /**
+   * The S3 bucket for media storage
+   */
+  public readonly bucket: s3.Bucket;
+
+  /**
+   * The CloudFront distribution for media delivery
+   */
+  public readonly distribution: cloudfront.Distribution;
+
+  /**
+   * The media CDN URL
+   */
+  public readonly mediaUrl: string;
+
+  constructor(scope: Construct, id: string, props: MediaStackProps) {
+    super(scope, id, props);
+
+    const { stage } = props;
+    const isProd = stage === 'prod';
+
+    // Create S3 bucket for media storage
+    this.bucket = new s3.Bucket(this, 'MediaBucket', {
+      bucketName: \`${lowerName}-media-\${stage}-\${this.account}\`,
+      removalPolicy: isProd
+        ? cdk.RemovalPolicy.RETAIN
+        : cdk.RemovalPolicy.DESTROY,
+      autoDeleteObjects: !isProd,
+      blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,
+      encryption: s3.BucketEncryption.S3_MANAGED,
+      cors: [
+        {
+          allowedMethods: [
+            s3.HttpMethods.GET,
+            s3.HttpMethods.PUT,
+            s3.HttpMethods.POST,
+          ],
+          allowedOrigins: ['*'],
+          allowedHeaders: ['*'],
+          maxAge: 3000,
+        },
+      ],
+      lifecycleRules: [
+        {
+          id: 'DeleteIncompleteUploads',
+          abortIncompleteMultipartUploadAfter: cdk.Duration.days(7),
+        },
+      ],
+    });
+
+    // Create CloudFront distribution for media
+    this.distribution = new cloudfront.Distribution(this, 'Distribution', {
+      comment: \`${options.projectName} Media CDN (\${stage})\`,
+      defaultBehavior: {
+        origin: origins.S3BucketOrigin.withOriginAccessControl(this.bucket),
+        viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+        cachePolicy: new cloudfront.CachePolicy(this, 'MediaCachePolicy', {
+          cachePolicyName: \`${lowerName}-media-cache-\${stage}\`,
+          defaultTtl: cdk.Duration.days(30),
+          maxTtl: cdk.Duration.days(365),
+          minTtl: cdk.Duration.days(1),
+          headerBehavior: cloudfront.CacheHeaderBehavior.none(),
+          queryStringBehavior: cloudfront.CacheQueryStringBehavior.none(),
+          cookieBehavior: cloudfront.CacheCookieBehavior.none(),
+          enableAcceptEncodingGzip: true,
+          enableAcceptEncodingBrotli: true,
+        }),
+        allowedMethods: cloudfront.AllowedMethods.ALLOW_GET_HEAD_OPTIONS,
+        compress: true,
+      },
+      priceClass: isProd
+        ? cloudfront.PriceClass.PRICE_CLASS_ALL
+        : cloudfront.PriceClass.PRICE_CLASS_100,
+      enabled: true,
+      httpVersion: cloudfront.HttpVersion.HTTP2_AND_3,
+    });
+
+    // Store media URL
+    this.mediaUrl = \`https://\${this.distribution.distributionDomainName}\`;
+
+    // Outputs
+    new cdk.CfnOutput(this, 'MediaUrl', {
+      value: this.mediaUrl,
+      description: 'Media CDN URL',
+      exportName: \`${pascalName}-MediaUrl-\${stage}\`,
+    });
+
+    new cdk.CfnOutput(this, 'MediaBucketName', {
+      value: this.bucket.bucketName,
+      description: 'Media S3 bucket name',
+      exportName: \`${pascalName}-MediaBucket-\${stage}\`,
+    });
+
+    new cdk.CfnOutput(this, 'MediaBucketArn', {
+      value: this.bucket.bucketArn,
+      description: 'Media S3 bucket ARN',
+      exportName: \`${pascalName}-MediaBucketArn-\${stage}\`,
+    });
+
+    new cdk.CfnOutput(this, 'MediaDistributionId', {
+      value: this.distribution.distributionId,
+      description: 'Media CloudFront distribution ID',
+      exportName: \`${pascalName}-MediaDistributionId-\${stage}\`,
+    });
+  }
+}
+`;
+}
+/**
+ * Returns the frontend-stack.ts template using FndRemixSite for Lambda-based SSR.
+ *
+ * @param projectName - Name of the project
+ * @param frontendPackageName - Name of the frontend package (default: 'frontend')
+ * @returns Generated TypeScript code for frontend stack
+ */
+function getFrontendStackTemplate(projectName, frontendPackageName = 'frontend') {
+    const pascalName = toPascalCase(projectName);
+    const lowerName = projectName.toLowerCase();
+    return `/**
+ * Frontend Stack for ${projectName}
+ *
+ * Creates Lambda-based SSR deployment using FndRemixSite construct.
+ */
+
+import * as cdk from 'aws-cdk-lib';
+import * as crypto from 'crypto';
+import * as path from 'path';
+import { Construct } from 'constructs';
+import { FndRemixSite } from '@fnd-platform/constructs';
+
+export interface FrontendStackProps extends cdk.StackProps {
+  stage: string;
+  apiUrl: string;
+}
+
+export class FrontendStack extends cdk.Stack {
+  /**
+   * The frontend URL
+   */
+  public readonly url: string;
+
+  /**
+   * The CloudFront distribution ID
+   */
+  public readonly distributionId: string;
+
+  constructor(scope: Construct, id: string, props: FrontendStackProps) {
+    super(scope, id, props);
+
+    const { stage, apiUrl } = props;
+
+    // Generate deterministic session secret for dev/staging
+    // For production, consider using AWS Secrets Manager instead
+    const sessionSecret = crypto
+      .createHash('sha256')
+      .update(\`fnd-session-${lowerName}-frontend-\${stage}\`)
+      .digest('hex');
+
+    // Create Lambda-based SSR site using FndRemixSite
+    const site = new FndRemixSite(this, 'Site', {
+      name: '${lowerName}-frontend',
+      stage,
+      serverEntry: path.join(__dirname, '../../../${frontendPackageName}/app/entry.server.lambda.ts'),
+      clientBuildPath: path.join(__dirname, '../../../${frontendPackageName}/build/client'),
+      environment: {
+        API_URL: apiUrl,
+        SESSION_SECRET: sessionSecret,
+      },
+      description: '${projectName} Frontend',
+    });
+
+    this.url = site.url;
+    this.distributionId = site.distributionId;
+
+    // Outputs
+    new cdk.CfnOutput(this, 'FrontendUrl', {
+      value: this.url,
+      description: 'Frontend URL',
+      exportName: \`${pascalName}-FrontendUrl-\${stage}\`,
+    });
+
+    new cdk.CfnOutput(this, 'FrontendDistributionId', {
+      value: this.distributionId,
+      description: 'Frontend CloudFront distribution ID',
+      exportName: \`${pascalName}-FrontendDistributionId-\${stage}\`,
+    });
+
+    new cdk.CfnOutput(this, 'ApiUrl', {
+      value: apiUrl,
+      description: 'API URL (for reference)',
+      exportName: \`${pascalName}-Frontend-ApiUrl-\${stage}\`,
+    });
+  }
+}
+`;
+}
+/**
+ * Returns the cms-stack.ts template using FndRemixSite for Lambda-based SSR.
+ *
+ * @param projectName - Name of the project
+ * @param cmsPackageName - Name of the CMS package (default: 'cms')
+ * @returns Generated TypeScript code for CMS stack
+ */
+function getCmsStackTemplate(projectName, cmsPackageName = 'cms') {
+    const pascalName = toPascalCase(projectName);
+    const lowerName = projectName.toLowerCase();
+    return `/**
+ * CMS Stack for ${projectName}
+ *
+ * Creates Lambda-based SSR deployment using FndRemixSite construct for CMS admin interface.
+ */
+
+import * as cdk from 'aws-cdk-lib';
+import * as crypto from 'crypto';
+import * as path from 'path';
+import { Construct } from 'constructs';
+import { FndRemixSite } from '@fnd-platform/constructs';
+
+export interface CmsStackProps extends cdk.StackProps {
+  stage: string;
+  apiUrl: string;
+  userPoolId: string;
+  userPoolClientId: string;
+}
+
+export class CmsStack extends cdk.Stack {
+  /**
+   * The CMS URL
+   */
+  public readonly url: string;
+
+  /**
+   * The CloudFront distribution ID
+   */
+  public readonly distributionId: string;
+
+  constructor(scope: Construct, id: string, props: CmsStackProps) {
+    super(scope, id, props);
+
+    const { stage, apiUrl, userPoolId, userPoolClientId } = props;
+
+    // Generate deterministic session secret for dev/staging
+    // For production, consider using AWS Secrets Manager instead
+    const sessionSecret = crypto
+      .createHash('sha256')
+      .update(\`fnd-session-${lowerName}-cms-\${stage}\`)
+      .digest('hex');
+
+    // Create Lambda-based SSR site using FndRemixSite
+    const site = new FndRemixSite(this, 'Site', {
+      name: '${lowerName}-cms',
+      stage,
+      serverEntry: path.join(__dirname, '../../../${cmsPackageName}/app/entry.server.lambda.ts'),
+      clientBuildPath: path.join(__dirname, '../../../${cmsPackageName}/build/client'),
+      environment: {
+        API_URL: apiUrl,
+        SESSION_SECRET: sessionSecret,
+        COGNITO_USER_POOL_ID: userPoolId,
+        COGNITO_CLIENT_ID: userPoolClientId,
+      },
+      description: '${projectName} CMS',
+    });
+
+    this.url = site.url;
+    this.distributionId = site.distributionId;
+
+    // Outputs
+    new cdk.CfnOutput(this, 'CmsUrl', {
+      value: this.url,
+      description: 'CMS URL',
+      exportName: \`${pascalName}-CmsUrl-\${stage}\`,
+    });
+
+    new cdk.CfnOutput(this, 'CmsDistributionId', {
+      value: this.distributionId,
+      description: 'CMS CloudFront distribution ID',
+      exportName: \`${pascalName}-CmsDistributionId-\${stage}\`,
+    });
+
+    new cdk.CfnOutput(this, 'ApiUrl', {
+      value: apiUrl,
+      description: 'API URL (for reference)',
+      exportName: \`${pascalName}-Cms-ApiUrl-\${stage}\`,
+    });
+  }
+}
+`;
+}
+/**
+ * Updates app.ts to add a new stack.
+ *
+ * This function performs incremental updates to the existing app.ts file:
+ * 1. Adds import statement for the new stack
+ * 2. Adds stack instantiation code
+ * 3. Adds dependency declarations
+ * 4. Updates the output summary if present
+ *
+ * @param appTsPath - Path to the app.ts file
+ * @param config - Stack configuration
+ * @param projectName - Name of the project (for console output)
+ * @returns true if update was successful, false if stack already exists
+ */
+function updateAppTsForStack(appTsPath, config, projectName) {
+    if (!(0, fs_1.existsSync)(appTsPath)) {
+        throw new Error(`app.ts not found at ${appTsPath}`);
+    }
+    const content = (0, fs_1.readFileSync)(appTsPath, 'utf-8');
+    // Check if stack already exists (prevent duplicates)
+    if (content.includes(`import { ${config.className} }`)) {
+        logger_js_1.logger.warn(`${config.className} is already imported in app.ts`);
+        return false;
+    }
+    const lines = content.split('\n');
+    const result = [];
+    let importInserted = false;
+    let stackInstantiated = false;
+    let summaryUpdated = false;
+    // Find the last stack import to insert after it
+    let lastStackImportIndex = -1;
+    for (let i = 0; i < lines.length; i++) {
+        if (lines[i].match(/import \{ \w+Stack \} from '\.\/stacks\/[\w-]+';/)) {
+            lastStackImportIndex = i;
+        }
+    }
+    // Find the apiStack variable name (might be renamed by user)
+    const apiStackMatch = content.match(/const\s+(\w+)\s*=\s*new\s+ApiStack/);
+    const apiStackVarName = apiStackMatch ? apiStackMatch[1] : 'apiStack';
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        // Insert import after last stack import
+        if (!importInserted && i === lastStackImportIndex) {
+            result.push(line);
+            result.push(`import { ${config.className} } from '${config.importPath}';`);
+            importInserted = true;
+            continue;
+        }
+        // Insert stack instantiation after apiStack dependency declarations
+        // Look for the pattern: apiStack.addDependency(mediaStack);
+        if (!stackInstantiated &&
+            line.includes(`${apiStackVarName}.addDependency(mediaStack)`)) {
+            result.push(line);
+            result.push('');
+            result.push(`/**`);
+            result.push(` * ${config.name} Stack`);
+            result.push(` * ${config.description}`);
+            result.push(` */`);
+            result.push(`const ${config.variableName} = new ${config.className}(app, stackName('${config.name}'), ${config.props});`);
+            result.push('');
+            // Add dependencies
+            for (const dep of config.dependsOn) {
+                result.push(`${config.variableName}.addDependency(${dep});`);
+            }
+            stackInstantiated = true;
+            continue;
+        }
+        // Update summary output if present
+        if (!summaryUpdated && line.includes('║  Stacks:')) {
+            result.push(line);
+            // Find the next lines with stack names and add our stack after ApiStack
+            let j = i + 1;
+            while (j < lines.length && lines[j].includes('║    -')) {
+                result.push(lines[j]);
+                if (lines[j].includes("stackName('Api')")) {
+                    result.push(`║    - \${stackName('${config.name}')}`);
+                    summaryUpdated = true;
+                }
+                j++;
+            }
+            // Skip the lines we've already processed
+            i = j - 1;
+            continue;
+        }
+        result.push(line);
+    }
+    // Write the updated content
+    (0, fs_1.writeFileSync)(appTsPath, result.join('\n'));
+    return true;
+}
+/**
+ * Validates that all required dependencies exist in app.ts content.
+ *
+ * @param content - app.ts file content
+ * @param requiredVars - Array of variable names that must exist
+ * @throws Error if any required variable is not found
+ */
+function validateDependencies(content, requiredVars) {
+    const missingDeps = [];
+    for (const varName of requiredVars) {
+        const pattern = new RegExp(`const\\s+${varName}\\s*=`);
+        if (!pattern.test(content)) {
+            missingDeps.push(varName);
+        }
+    }
+    if (missingDeps.length > 0) {
+        throw new Error(`Missing required dependencies: ${missingDeps.join(', ')}. ` +
+            `Ensure these stacks are created before adding dependent stacks.`);
+    }
+}
+/**
+ * Generates the frontend stack and updates app.ts.
+ *
+ * @param options - Generation options
+ */
+async function generateFrontendStack(options) {
+    const infraDir = (0, path_1.join)(options.projectPath, 'packages/infra');
+    const stacksDir = (0, path_1.join)(infraDir, 'src/stacks');
+    const appTsPath = (0, path_1.join)(infraDir, 'src/app.ts');
+    // Check if infra directory exists
+    if (!(0, fs_1.existsSync)(infraDir)) {
+        throw new Error('Infrastructure package not found at packages/infra. Run `fnd add api` first.');
+    }
+    // Validate apiStack exists in app.ts
+    const appTsContent = (0, fs_1.readFileSync)(appTsPath, 'utf-8');
+    validateDependencies(appTsContent, ['apiStack']);
+    // Ensure stacks directory exists
+    if (!(0, fs_1.existsSync)(stacksDir)) {
+        (0, fs_1.mkdirSync)(stacksDir, { recursive: true });
+    }
+    // Write frontend-stack.ts
+    const stackPath = (0, path_1.join)(stacksDir, 'frontend-stack.ts');
+    if ((0, fs_1.existsSync)(stackPath)) {
+        logger_js_1.logger.warn('frontend-stack.ts already exists, skipping creation');
+    }
+    else {
+        (0, fs_1.writeFileSync)(stackPath, getFrontendStackTemplate(options.projectName, options.frontendName));
+        logger_js_1.logger.success('Created frontend-stack.ts');
+    }
+    // Update app.ts
+    const stackConfig = {
+        name: 'Frontend',
+        className: 'FrontendStack',
+        importPath: './stacks/frontend-stack',
+        variableName: 'frontendStack',
+        dependsOn: ['apiStack'],
+        props: `{
+    env,
+    stage,
+    apiUrl: apiStack.apiUrl,
+    description: '${options.projectName}: Frontend',
+  }`,
+        description: 'Creates Lambda SSR for Remix frontend',
+    };
+    const updated = updateAppTsForStack(appTsPath, stackConfig, options.projectName);
+    if (updated) {
+        logger_js_1.logger.success('Updated app.ts with FrontendStack');
+    }
+}
+/**
+ * Generates the CMS stack and updates app.ts.
+ *
+ * @param options - Generation options
+ */
+async function generateCmsStack(options) {
+    const infraDir = (0, path_1.join)(options.projectPath, 'packages/infra');
+    const stacksDir = (0, path_1.join)(infraDir, 'src/stacks');
+    const appTsPath = (0, path_1.join)(infraDir, 'src/app.ts');
+    // Check if infra directory exists
+    if (!(0, fs_1.existsSync)(infraDir)) {
+        throw new Error('Infrastructure package not found at packages/infra. Run `fnd add api` first.');
+    }
+    // Validate apiStack and authStack exist in app.ts
+    const appTsContent = (0, fs_1.readFileSync)(appTsPath, 'utf-8');
+    validateDependencies(appTsContent, ['apiStack', 'authStack']);
+    // Ensure stacks directory exists
+    if (!(0, fs_1.existsSync)(stacksDir)) {
+        (0, fs_1.mkdirSync)(stacksDir, { recursive: true });
+    }
+    // Write cms-stack.ts
+    const stackPath = (0, path_1.join)(stacksDir, 'cms-stack.ts');
+    if ((0, fs_1.existsSync)(stackPath)) {
+        logger_js_1.logger.warn('cms-stack.ts already exists, skipping creation');
+    }
+    else {
+        (0, fs_1.writeFileSync)(stackPath, getCmsStackTemplate(options.projectName, options.cmsName));
+        logger_js_1.logger.success('Created cms-stack.ts');
+    }
+    // Update app.ts
+    const stackConfig = {
+        name: 'Cms',
+        className: 'CmsStack',
+        importPath: './stacks/cms-stack',
+        variableName: 'cmsStack',
+        dependsOn: ['apiStack', 'authStack'],
+        props: `{
+    env,
+    stage,
+    apiUrl: apiStack.apiUrl,
+    userPoolId: authStack.userPoolId,
+    userPoolClientId: authStack.userPoolClientId,
+    description: '${options.projectName}: CMS',
+  }`,
+        description: 'Creates Lambda SSR for Remix CMS admin',
+    };
+    const updated = updateAppTsForStack(appTsPath, stackConfig, options.projectName);
+    if (updated) {
+        logger_js_1.logger.success('Updated app.ts with CmsStack');
+    }
+}
 //# sourceMappingURL=infra-generator.js.map