npm - @friggframework/devtools - Versions diffs - 2.0.0--canary.454.25d396a.0 → 2.0.0--canary.463.62579dd.0 - Mend

@friggframework/devtools 2.0.0--canary.454.25d396a.0 → 2.0.0--canary.463.62579dd.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/frigg-cli/__tests__/unit/commands/db-setup.test.js +1 -1
package/frigg-cli/__tests__/unit/utils/prisma-runner.test.js +486 -0
package/frigg-cli/db-setup-command/index.js +1 -1
package/frigg-cli/utils/prisma-runner.js +280 -0
package/infrastructure/README.md +0 -51
package/infrastructure/aws-discovery.js +2 -504
package/infrastructure/aws-discovery.test.js +1 -447
package/infrastructure/serverless-template.js +80 -465
package/infrastructure/serverless-template.test.js +0 -91
package/package.json +6 -8
package/infrastructure/POSTGRES-CONFIGURATION.md +0 -630
package/infrastructure/__tests__/postgres-config.test.js +0 -914
package/infrastructure/scripts/build-prisma-layer.js +0 -394

package/infrastructure/serverless-template.js CHANGED Viewed

@@ -1,7 +1,6 @@
 const path = require('path');
 const fs = require('fs');
 const { AWSDiscovery } = require('./aws-discovery');
-const { buildPrismaLayer } = require('./scripts/build-prisma-layer');
 const shouldRunDiscovery = (AppDefinition) => {
     console.log(
@@ -18,8 +17,7 @@ const shouldRunDiscovery = (AppDefinition) => {
     return (
         AppDefinition.vpc?.enable === true ||
         AppDefinition.encryption?.fieldLevelEncryptionMethod === 'kms' ||
-        AppDefinition.ssm?.enable === true ||
-        AppDefinition.database?.postgres?.enable === true
+        AppDefinition.ssm?.enable === true
     );
 };
@@ -70,7 +68,8 @@ const getAppEnvironmentVars = (AppDefinition) => {
     }
     if (skippedKeys.length > 0) {
         console.log(
-            `   ⚠️  Skipped ${skippedKeys.length
+            `   ⚠️  Skipped ${
+                skippedKeys.length
             } reserved AWS Lambda variables: ${skippedKeys.join(', ')}`
         );
     }
@@ -545,17 +544,10 @@ const gatherDiscoveredResources = async (AppDefinition) => {
     try {
         const region = process.env.AWS_REGION || 'us-east-1';
         const discovery = new AWSDiscovery(region);
-        // Use Serverless Framework's stage resolution (opt:stage with 'dev' as default)
-        // This matches how serverless.yml resolves ${opt:stage, "dev"}
-        // IMPORTANT: Use SLS_STAGE (not STAGE) to match actual deployment stage
-        const stage = process.env.SLS_STAGE || 'dev';
         const config = {
             vpc: AppDefinition.vpc || {},
             encryption: AppDefinition.encryption || {},
             ssm: AppDefinition.ssm || {},
-            serviceName: AppDefinition.name || 'create-frigg-app',
-            stage: stage,
         };
         const discoveredResources = await discovery.discoverResources(config);
@@ -611,22 +603,6 @@ const buildEnvironment = (appEnvironmentVars, discoveredResources) => {
         }
     }
-    // Add Aurora discovery mappings
-    if (discoveredResources.aurora) {
-        if (discoveredResources.aurora.clusterIdentifier) {
-            environment.AWS_DISCOVERY_AURORA_CLUSTER_ID = discoveredResources.aurora.clusterIdentifier;
-        }
-        if (discoveredResources.aurora.endpoint) {
-            environment.AWS_DISCOVERY_AURORA_ENDPOINT = discoveredResources.aurora.endpoint;
-        }
-        if (discoveredResources.aurora.port) {
-            environment.AWS_DISCOVERY_AURORA_PORT = discoveredResources.aurora.port.toString();
-        }
-        if (discoveredResources.aurora.secretArn) {
-            environment.AWS_DISCOVERY_AURORA_SECRET_ARN = discoveredResources.aurora.secretArn;
-        }
-    }
     return environment;
 };
@@ -642,27 +618,15 @@ const createBaseDefinition = (
         service: AppDefinition.name || 'create-frigg-app',
         package: {
             individually: true,
-            patterns: [
-                // Existing AWS SDK exclusions
+            exclude: [
                 '!**/node_modules/aws-sdk/**',
                 '!**/node_modules/@aws-sdk/**',
                 '!package.json',
-                // GLOBAL Prisma exclusions - all Prisma packages moved to Lambda Layer
-                // This reduces each function from ~120MB to ~45MB (60% reduction)
-                '!node_modules/@prisma/**',
-                '!node_modules/.prisma/**',
-                '!node_modules/@prisma-mongodb/**',
-                '!node_modules/@prisma-postgresql/**',
-                '!node_modules/prisma/**',
-                // Prisma packages will be provided at runtime via Lambda Layer
-                // See: LAMBDA-LAYER-PRISMA.md for complete documentation
             ],
         },
         useDotenv: true,
         provider: {
             name: AppDefinition.provider || 'aws',
-            ...(process.env.AWS_PROFILE && { profile: process.env.AWS_PROFILE }),
             runtime: 'nodejs20.x',
             timeout: 30,
             region,
@@ -711,8 +675,7 @@ const createBaseDefinition = (
             },
         },
         plugins: [
-            // Temporarily disabled Jetpack - it ignores package.patterns in dependency mode
-            // 'serverless-jetpack',
+            'serverless-jetpack',
             'serverless-dotenv-plugin',
             'serverless-offline-sqs',
             'serverless-offline',
@@ -733,15 +696,14 @@ const createBaseDefinition = (
                 secretAccessKey: 'root',
                 skipCacheInvalidation: false,
             },
-            // Jetpack config removed - testing with standard Serverless packaging
-            // jetpack: {
-            //     base: '..',
-            // },
+            jetpack: {
+                base: '..',
+            },
         },
         functions: {
             auth: {
-                handler: 'node_modules/@friggframework/core/handlers/routers/auth.handler',
-                layers: [{ Ref: 'PrismaLambdaLayer' }],
+                handler:
+                    'node_modules/@friggframework/core/handlers/routers/auth.handler',
                 events: [
                     { httpApi: { path: '/api/integrations', method: 'ANY' } },
                     {
@@ -754,57 +716,20 @@ const createBaseDefinition = (
                 ],
             },
             user: {
-                handler: 'node_modules/@friggframework/core/handlers/routers/user.handler',
-                layers: [{ Ref: 'PrismaLambdaLayer' }],
-                events: [{ httpApi: { path: '/user/{proxy+}', method: 'ANY' } }],
+                handler:
+                    'node_modules/@friggframework/core/handlers/routers/user.handler',
+                events: [
+                    { httpApi: { path: '/user/{proxy+}', method: 'ANY' } },
+                ],
             },
             health: {
-                handler: 'node_modules/@friggframework/core/handlers/routers/health.handler',
-                layers: [{ Ref: 'PrismaLambdaLayer' }],
+                handler:
+                    'node_modules/@friggframework/core/handlers/routers/health.handler',
                 events: [
                     { httpApi: { path: '/health', method: 'GET' } },
                     { httpApi: { path: '/health/{proxy+}', method: 'GET' } },
                 ],
             },
-            dbMigrate: {
-                handler: 'node_modules/@friggframework/core/handlers/workers/db-migration.handler',
-                layers: [{ Ref: 'PrismaLambdaLayer' }],
-                timeout: 300,  // 5 minutes for long-running migrations
-                memorySize: 512,  // Extra memory for Prisma CLI operations
-                reservedConcurrency: 1,  // Prevent concurrent migrations
-                description: 'Runs database migrations via Prisma (invoke manually from CI/CD)',
-                // No events - this function is invoked manually via AWS CLI
-                maximumEventAge: 60,  // Don't retry old migration requests (60 seconds)
-                maximumRetryAttempts: 0,  // Don't auto-retry failed migrations
-                tags: {
-                    Purpose: 'DatabaseMigration',
-                    ManagedBy: 'Frigg',
-                },
-                // Environment variables for non-interactive Prisma CLI operation
-                environment: {
-                    CI: '1',  // Forces Prisma to non-interactive mode
-                    PRISMA_HIDE_UPDATE_MESSAGE: '1',  // Suppress update messages
-                    PRISMA_MIGRATE_SKIP_SEED: '1',  // Skip seeding during migrations
-                },
-                // Function-specific packaging: Include Prisma schemas (CLI from layer)
-                package: {
-                    patterns: [
-                        // Include Prisma schemas from @friggframework/core
-                        // Note: Prisma CLI and clients come from Lambda Layer
-                        'node_modules/@friggframework/core/prisma-mongodb/**',
-                        'node_modules/@friggframework/core/prisma-postgresql/**',
-                    ],
-                },
-            },
-        },
-        layers: {
-            prisma: {
-                path: 'layers/prisma',
-                name: '${self:service}-prisma-${sls:stage}',
-                description: 'Prisma ORM clients for MongoDB and PostgreSQL with rhel-openssl-3.0.x binaries. Reduces function sizes by ~60% (120MB → 45MB). See LAMBDA-LAYER-PRISMA.md for details.',
-                compatibleRuntimes: ['nodejs18.x', 'nodejs20.x'],
-                retain: false,  // Don't retain old layer versions
-            },
         },
         resources: {
             Resources: {
@@ -903,22 +828,18 @@ const applyKmsConfiguration = (
     }
     if (discoveredResources.defaultKmsKeyId) {
-        console.log(`Using existing KMS key: ${discoveredResources.defaultKmsKeyId}`);
-        // Only create alias if it doesn't already exist
-        if (!discoveredResources.kmsAliasExists) {
-            console.log('Creating KMS alias for discovered key...');
-            definition.resources.Resources.FriggKMSKeyAlias = {
-                Type: 'AWS::KMS::Alias',
-                DeletionPolicy: 'Retain',
-                Properties: {
-                    AliasName: 'alias/${self:service}-${self:provider.stage}-frigg-kms',
-                    TargetKeyId: discoveredResources.defaultKmsKeyId,
-                },
-            };
-        } else {
-            console.log('KMS alias already exists, skipping alias creation');
-        }
+        console.log(
+            `Using existing KMS key: ${discoveredResources.defaultKmsKeyId}`
+        );
+        definition.resources.Resources.FriggKMSKeyAlias = {
+            Type: 'AWS::KMS::Alias',
+            DeletionPolicy: 'Retain',
+            Properties: {
+                AliasName:
+                    'alias/${self:service}-${self:provider.stage}-frigg-kms',
+                TargetKeyId: discoveredResources.defaultKmsKeyId,
+            },
+        };
         definition.provider.iamRoleStatements.push({
             Effect: 'Allow',
@@ -929,7 +850,7 @@ const applyKmsConfiguration = (
         if (AppDefinition.encryption?.createResourceIfNoneFound !== true) {
             throw new Error(
                 'KMS field-level encryption is enabled but no KMS key was found. ' +
-                'Either provide an existing KMS key or set encryption.createResourceIfNoneFound to true to create a new key.'
+                    'Either provide an existing KMS key or set encryption.createResourceIfNoneFound to true to create a new key.'
             );
         }
@@ -968,8 +889,9 @@ const applyKmsConfiguration = (
                             Resource: '*',
                             Condition: {
                                 StringEquals: {
-                                    'kms:ViaService': `lambda.${process.env.AWS_REGION || 'us-east-1'
-                                        }.amazonaws.com`,
+                                    'kms:ViaService': `lambda.${
+                                        process.env.AWS_REGION || 'us-east-1'
+                                    }.amazonaws.com`,
                                 },
                             },
                         },
@@ -1371,13 +1293,13 @@ const configureVpc = (definition, AppDefinition, discoveredResources) => {
             };
             definition.resources.Resources.FriggPublicSubnetRouteTableAssociation =
-            {
-                Type: 'AWS::EC2::SubnetRouteTableAssociation',
-                Properties: {
-                    SubnetId: { Ref: 'FriggPublicSubnet' },
-                    RouteTableId: { Ref: 'FriggPublicRouteTable' },
-                },
-            };
+                {
+                    Type: 'AWS::EC2::SubnetRouteTableAssociation',
+                    Properties: {
+                        SubnetId: { Ref: 'FriggPublicSubnet' },
+                        RouteTableId: { Ref: 'FriggPublicRouteTable' },
+                    },
+                };
             definition.resources.Resources.FriggLambdaRouteTable = {
                 Type: 'AWS::EC2::RouteTable',
@@ -1394,22 +1316,22 @@ const configureVpc = (definition, AppDefinition, discoveredResources) => {
             };
             definition.resources.Resources.FriggPrivateSubnet1RouteTableAssociation =
-            {
-                Type: 'AWS::EC2::SubnetRouteTableAssociation',
-                Properties: {
-                    SubnetId: { Ref: 'FriggPrivateSubnet1' },
-                    RouteTableId: { Ref: 'FriggLambdaRouteTable' },
-                },
-            };
+                {
+                    Type: 'AWS::EC2::SubnetRouteTableAssociation',
+                    Properties: {
+                        SubnetId: { Ref: 'FriggPrivateSubnet1' },
+                        RouteTableId: { Ref: 'FriggLambdaRouteTable' },
+                    },
+                };
             definition.resources.Resources.FriggPrivateSubnet2RouteTableAssociation =
-            {
-                Type: 'AWS::EC2::SubnetRouteTableAssociation',
-                Properties: {
-                    SubnetId: { Ref: 'FriggPrivateSubnet2' },
-                    RouteTableId: { Ref: 'FriggLambdaRouteTable' },
-                },
-            };
+                {
+                    Type: 'AWS::EC2::SubnetRouteTableAssociation',
+                    Properties: {
+                        SubnetId: { Ref: 'FriggPrivateSubnet2' },
+                        RouteTableId: { Ref: 'FriggLambdaRouteTable' },
+                    },
+                };
         }
     } else if (subnetManagement === 'use-existing') {
         if (
@@ -1426,12 +1348,12 @@ const configureVpc = (definition, AppDefinition, discoveredResources) => {
             AppDefinition.vpc.subnets?.ids?.length > 0
                 ? AppDefinition.vpc.subnets.ids
                 : discoveredResources.privateSubnetId1 &&
-                    discoveredResources.privateSubnetId2
-                    ? [
-                        discoveredResources.privateSubnetId1,
-                        discoveredResources.privateSubnetId2,
-                    ]
-                    : [];
+                  discoveredResources.privateSubnetId2
+                ? [
+                      discoveredResources.privateSubnetId1,
+                      discoveredResources.privateSubnetId2,
+                  ]
+                : [];
         if (vpcConfig.subnetIds.length < 2) {
             if (AppDefinition.vpc.selfHeal) {
@@ -1638,13 +1560,13 @@ const configureVpc = (definition, AppDefinition, discoveredResources) => {
                     };
                     definition.resources.Resources.FriggPublicSubnetRouteTableAssociation =
-                    {
-                        Type: 'AWS::EC2::SubnetRouteTableAssociation',
-                        Properties: {
-                            SubnetId: { Ref: 'FriggPublicSubnet' },
-                            RouteTableId: { Ref: 'FriggPublicRouteTable' },
-                        },
-                    };
+                        {
+                            Type: 'AWS::EC2::SubnetRouteTableAssociation',
+                            Properties: {
+                                SubnetId: { Ref: 'FriggPublicSubnet' },
+                                RouteTableId: { Ref: 'FriggPublicRouteTable' },
+                            },
+                        };
                 }
                 definition.resources.Resources.FriggNATGateway = {
@@ -1655,11 +1577,11 @@ const configureVpc = (definition, AppDefinition, discoveredResources) => {
                         AllocationId: useExistingEip
                             ? discoveredResources.existingElasticIpAllocationId
                             : {
-                                'Fn::GetAtt': [
-                                    'FriggNATGatewayEIP',
-                                    'AllocationId',
-                                ],
-                            },
+                                  'Fn::GetAtt': [
+                                      'FriggNATGatewayEIP',
+                                      'AllocationId',
+                                  ],
+                              },
                         SubnetId: discoveredResources.publicSubnetId || {
                             Ref: 'FriggPublicSubnet',
                         },
@@ -1972,9 +1894,7 @@ const configureVpc = (definition, AppDefinition, discoveredResources) => {
                 },
             };
-            // Create Secrets Manager VPC Endpoint if explicitly enabled OR if Aurora is enabled
-            // (Aurora requires Secrets Manager access for credential retrieval)
-            if (AppDefinition.secretsManager?.enable === true || AppDefinition.database?.postgres?.enable === true) {
+            if (AppDefinition.secretsManager?.enable === true) {
                 definition.resources.Resources.VPCEndpointSecretsManager = {
                     Type: 'AWS::EC2::VPCEndpoint',
                     Properties: {
@@ -1992,283 +1912,6 @@ const configureVpc = (definition, AppDefinition, discoveredResources) => {
     }
 };
-const createAuroraInfrastructure = (definition, AppDefinition, discoveredResources) => {
-    const dbConfig = AppDefinition.database.postgres;
-    console.log('🔧 Creating Aurora Serverless v2 infrastructure...');
-    // 1. DB Subnet Group (using Lambda private subnets)
-    definition.resources.Resources.FriggDBSubnetGroup = {
-        Type: 'AWS::RDS::DBSubnetGroup',
-        Properties: {
-            DBSubnetGroupDescription: 'Subnet group for Frigg Aurora cluster',
-            SubnetIds: [
-                discoveredResources.privateSubnetId1,
-                discoveredResources.privateSubnetId2
-            ],
-            Tags: [
-                { Key: 'Name', Value: '${self:service}-${self:provider.stage}-db-subnet-group' },
-                { Key: 'ManagedBy', Value: 'Frigg' },
-                { Key: 'Service', Value: '${self:service}' },
-                { Key: 'Stage', Value: '${self:provider.stage}' },
-            ]
-        }
-    };
-    // 2. Security Group (allow Lambda SG to access 5432)
-    // In create-new VPC mode, Lambda uses FriggLambdaSecurityGroup
-    // In other modes, use discovered default security group
-    const lambdaSecurityGroupId = AppDefinition.vpc?.management === 'create-new'
-        ? { Ref: 'FriggLambdaSecurityGroup' }
-        : discoveredResources.defaultSecurityGroupId;
-    definition.resources.Resources.FriggAuroraSecurityGroup = {
-        Type: 'AWS::EC2::SecurityGroup',
-        Properties: {
-            GroupDescription: 'Security group for Frigg Aurora PostgreSQL',
-            VpcId: discoveredResources.defaultVpcId,
-            SecurityGroupIngress: [
-                {
-                    IpProtocol: 'tcp',
-                    FromPort: 5432,
-                    ToPort: 5432,
-                    SourceSecurityGroupId: lambdaSecurityGroupId,
-                    Description: 'PostgreSQL access from Lambda functions'
-                }
-            ],
-            Tags: [
-                { Key: 'Name', Value: '${self:service}-${self:provider.stage}-aurora-sg' },
-                { Key: 'ManagedBy', Value: 'Frigg' },
-                { Key: 'Service', Value: '${self:service}' },
-                { Key: 'Stage', Value: '${self:provider.stage}' },
-            ]
-        }
-    };
-    // 3. Secrets Manager Secret (database credentials)
-    definition.resources.Resources.FriggDatabaseSecret = {
-        Type: 'AWS::SecretsManager::Secret',
-        Properties: {
-            Name: '${self:service}-${self:provider.stage}-aurora-credentials',
-            Description: 'Aurora PostgreSQL credentials for Frigg application',
-            GenerateSecretString: {
-                SecretStringTemplate: JSON.stringify({
-                    username: dbConfig.masterUsername || 'frigg_admin'
-                }),
-                GenerateStringKey: 'password',
-                PasswordLength: 32,
-                ExcludeCharacters: '"@/\\'
-            },
-            Tags: [
-                { Key: 'ManagedBy', Value: 'Frigg' },
-                { Key: 'Service', Value: '${self:service}' },
-                { Key: 'Stage', Value: '${self:provider.stage}' },
-            ]
-        }
-    };
-    // 4. Aurora Serverless v2 Cluster
-    definition.resources.Resources.FriggAuroraCluster = {
-        Type: 'AWS::RDS::DBCluster',
-        DeletionPolicy: 'Snapshot',
-        UpdateReplacePolicy: 'Snapshot',
-        Properties: {
-            Engine: 'aurora-postgresql',
-            EngineVersion: dbConfig.engineVersion || '15.3',
-            EngineMode: 'provisioned',  // Required for Serverless v2
-            DatabaseName: dbConfig.databaseName || 'frigg_db',
-            MasterUsername: { 'Fn::Sub': '{{resolve:secretsmanager:${FriggDatabaseSecret}:SecretString:username}}' },
-            MasterUserPassword: { 'Fn::Sub': '{{resolve:secretsmanager:${FriggDatabaseSecret}:SecretString:password}}' },
-            DBSubnetGroupName: { Ref: 'FriggDBSubnetGroup' },
-            VpcSecurityGroupIds: [{ Ref: 'FriggAuroraSecurityGroup' }],
-            ServerlessV2ScalingConfiguration: {
-                MinCapacity: dbConfig.scaling?.minCapacity || 0.5,
-                MaxCapacity: dbConfig.scaling?.maxCapacity || 1.0
-            },
-            BackupRetentionPeriod: dbConfig.backupRetentionDays || 7,
-            PreferredBackupWindow: dbConfig.preferredBackupWindow || '03:00-04:00',
-            DeletionProtection: dbConfig.deletionProtection !== false,
-            EnableCloudwatchLogsExports: ['postgresql'],
-            Tags: [
-                { Key: 'Name', Value: '${self:service}-${self:provider.stage}-aurora-cluster' },
-                { Key: 'ManagedBy', Value: 'Frigg' },
-                { Key: 'Service', Value: '${self:service}' },
-                { Key: 'Stage', Value: '${self:provider.stage}' },
-            ]
-        }
-    };
-    // 5. Aurora Serverless v2 Instance
-    definition.resources.Resources.FriggAuroraInstance = {
-        Type: 'AWS::RDS::DBInstance',
-        Properties: {
-            Engine: 'aurora-postgresql',
-            DBInstanceClass: 'db.serverless',
-            DBClusterIdentifier: { Ref: 'FriggAuroraCluster' },
-            PubliclyAccessible: false,
-            EnablePerformanceInsights: dbConfig.enablePerformanceInsights || false,
-            Tags: [
-                { Key: 'Name', Value: '${self:service}-${self:provider.stage}-aurora-instance' },
-                { Key: 'ManagedBy', Value: 'Frigg' },
-                { Key: 'Service', Value: '${self:service}' },
-                { Key: 'Stage', Value: '${self:provider.stage}' },
-            ]
-        }
-    };
-    // 6. Secret Attachment (links cluster to secret)
-    definition.resources.Resources.FriggSecretAttachment = {
-        Type: 'AWS::SecretsManager::SecretTargetAttachment',
-        Properties: {
-            SecretId: { Ref: 'FriggDatabaseSecret' },
-            TargetId: { Ref: 'FriggAuroraCluster' },
-            TargetType: 'AWS::RDS::DBCluster'
-        }
-    };
-    // 7. Add IAM permissions for Secrets Manager
-    definition.provider.iamRoleStatements.push({
-        Effect: 'Allow',
-        Action: [
-            'secretsmanager:GetSecretValue',
-            'secretsmanager:DescribeSecret'
-        ],
-        Resource: { Ref: 'FriggDatabaseSecret' }
-    });
-    // 8. Set DATABASE_URL environment variable
-    definition.provider.environment.DATABASE_URL = {
-        'Fn::Sub': [
-            'postgresql://${Username}:${Password}@${Endpoint}:${Port}/${DatabaseName}',
-            {
-                Username: { 'Fn::Sub': '{{resolve:secretsmanager:${FriggDatabaseSecret}:SecretString:username}}' },
-                Password: { 'Fn::Sub': '{{resolve:secretsmanager:${FriggDatabaseSecret}:SecretString:password}}' },
-                Endpoint: { 'Fn::GetAtt': ['FriggAuroraCluster', 'Endpoint'] },
-                Port: { 'Fn::GetAtt': ['FriggAuroraCluster', 'Port'] },
-                DatabaseName: dbConfig.databaseName || 'frigg_db'
-            }
-        ]
-    };
-    // 9. Set DB_TYPE for Prisma client selection
-    definition.provider.environment.DB_TYPE = 'postgresql';
-    console.log('✅ Aurora infrastructure resources created');
-};
-const useExistingAurora = (definition, AppDefinition, discoveredResources) => {
-    const dbConfig = AppDefinition.database.postgres;
-    console.log(`🔗 Using existing Aurora cluster: ${discoveredResources.aurora.clusterIdentifier}`);
-    // Add IAM permissions for Secrets Manager if secret exists
-    if (discoveredResources.aurora.secretArn) {
-        definition.provider.iamRoleStatements.push({
-            Effect: 'Allow',
-            Action: [
-                'secretsmanager:GetSecretValue',
-                'secretsmanager:DescribeSecret'
-            ],
-            Resource: discoveredResources.aurora.secretArn
-        });
-        // Set DATABASE_URL from discovered secret
-        definition.provider.environment.DATABASE_URL = {
-            'Fn::Sub': [
-                'postgresql://${Username}:${Password}@${Endpoint}:${Port}/${DatabaseName}',
-                {
-                    Username: { 'Fn::Sub': `{{resolve:secretsmanager:${discoveredResources.aurora.secretArn}:SecretString:username}}` },
-                    Password: { 'Fn::Sub': `{{resolve:secretsmanager:${discoveredResources.aurora.secretArn}:SecretString:password}}` },
-                    Endpoint: discoveredResources.aurora.endpoint,
-                    Port: discoveredResources.aurora.port,
-                    DatabaseName: dbConfig.databaseName || 'frigg_db'
-                }
-            ]
-        };
-    } else if (dbConfig.secretArn) {
-        // Use user-provided secret ARN
-        definition.provider.iamRoleStatements.push({
-            Effect: 'Allow',
-            Action: [
-                'secretsmanager:GetSecretValue',
-                'secretsmanager:DescribeSecret'
-            ],
-            Resource: dbConfig.secretArn
-        });
-        definition.provider.environment.DATABASE_URL = {
-            'Fn::Sub': [
-                'postgresql://${Username}:${Password}@${Endpoint}:${Port}/${DatabaseName}',
-                {
-                    Username: { 'Fn::Sub': `{{resolve:secretsmanager:${dbConfig.secretArn}:SecretString:username}}` },
-                    Password: { 'Fn::Sub': `{{resolve:secretsmanager:${dbConfig.secretArn}:SecretString:password}}` },
-                    Endpoint: discoveredResources.aurora.endpoint,
-                    Port: discoveredResources.aurora.port,
-                    DatabaseName: dbConfig.databaseName || 'frigg_db'
-                }
-            ]
-        };
-    } else {
-        throw new Error('No database secret found. Provide secretArn in database.postgres configuration or ensure Secrets Manager secret exists.');
-    }
-    // Set DB_TYPE for Prisma client selection
-    definition.provider.environment.DB_TYPE = 'postgresql';
-    console.log('✅ Existing Aurora cluster configured');
-};
-const useDiscoveredAurora = (definition, AppDefinition, discoveredResources) => {
-    console.log(`🔍 Using discovered Aurora cluster: ${discoveredResources.aurora.clusterIdentifier}`);
-    useExistingAurora(definition, AppDefinition, discoveredResources);
-};
-const configurePostgres = (definition, AppDefinition, discoveredResources) => {
-    if (!AppDefinition.database?.postgres?.enable) {
-        return;
-    }
-    // Validate VPC is enabled (required for Aurora deployment)
-    if (!AppDefinition.vpc?.enable) {
-        throw new Error(
-            'Aurora PostgreSQL requires VPC deployment. ' +
-            'Set vpc.enable to true in your app definition.'
-        );
-    }
-    // Validate private subnets exist (Aurora requires at least 2 subnets in different AZs)
-    // Skip validation if VPC management is 'create-new' (subnets will be created)
-    const vpcManagement = AppDefinition.vpc?.management || 'discover';
-    if (vpcManagement !== 'create-new' && (!discoveredResources.privateSubnetId1 || !discoveredResources.privateSubnetId2)) {
-        throw new Error(
-            'Aurora PostgreSQL requires at least 2 private subnets in different availability zones. ' +
-            'No private subnets were discovered in your VPC. ' +
-            'Please create private subnets or use VPC management mode "create-new".'
-        );
-    }
-    const dbConfig = AppDefinition.database.postgres;
-    const management = dbConfig.management || 'discover';
-    console.log(`\n🐘 PostgreSQL Management Mode: ${management}`);
-    if (management === 'create-new' || discoveredResources.aurora?.needsCreation) {
-        createAuroraInfrastructure(definition, AppDefinition, discoveredResources);
-    } else if (management === 'use-existing') {
-        if (!discoveredResources.aurora?.clusterIdentifier && !dbConfig.clusterIdentifier) {
-            throw new Error('PostgreSQL management is set to "use-existing" but no clusterIdentifier was found or provided');
-        }
-        useExistingAurora(definition, AppDefinition, discoveredResources);
-    } else {
-        // discover mode
-        if (discoveredResources.aurora?.clusterIdentifier) {
-            useDiscoveredAurora(definition, AppDefinition, discoveredResources);
-        } else {
-            throw new Error('No Aurora cluster found in discovery mode. Set management to "create-new" or provide clusterIdentifier with "use-existing".');
-        }
-    }
-};
 const configureSsm = (definition, AppDefinition) => {
     if (AppDefinition.ssm?.enable !== true) {
         return;
@@ -2312,8 +1955,9 @@ const attachIntegrations = (definition, AppDefinition) => {
         }
         const integrationName = integration.Definition.name;
-        const queueReference = `${integrationName.charAt(0).toUpperCase() + integrationName.slice(1)
-            }Queue`;
+        const queueReference = `${
+            integrationName.charAt(0).toUpperCase() + integrationName.slice(1)
+        }Queue`;
         const queueName = `\${self:service}--\${self:provider.stage}-${queueReference}`;
         definition.functions[integrationName] = {
@@ -2369,7 +2013,10 @@ const attachIntegrations = (definition, AppDefinition) => {
         // Add webhook handler if enabled
         const webhookConfig = integration.Definition.webhooks;
-        if (webhookConfig && (webhookConfig === true || webhookConfig.enabled === true)) {
+        if (
+            webhookConfig &&
+            (webhookConfig === true || webhookConfig.enabled === true)
+        ) {
             const webhookFunctionName = `${integrationName}Webhook`;
             definition.functions[webhookFunctionName] = {
@@ -2409,40 +2056,9 @@ const configureWebsockets = (definition, AppDefinition) => {
     };
 };
-/**
- * Ensure Prisma Lambda Layer exists
- * Automatically builds the layer if it doesn't exist in the project root
- */
-async function ensurePrismaLayerExists() {
-    const projectRoot = process.cwd();
-    const layerPath = path.join(projectRoot, 'layers/prisma');
-    // Check if layer already exists
-    if (fs.existsSync(layerPath)) {
-        console.log('✓ Prisma Lambda Layer already exists at', layerPath);
-        return;
-    }
-    // Layer doesn't exist - build it automatically
-    console.log('📦 Prisma Lambda Layer not found - building automatically...');
-    console.log('   This may take a minute on first deployment.\n');
-    try {
-        await buildPrismaLayer();
-        console.log('✓ Prisma Lambda Layer built successfully\n');
-    } catch (error) {
-        console.error('✗ Failed to build Prisma Lambda Layer:', error.message);
-        console.error('  You may need to run: npm install @friggframework/core\n');
-        throw error;
-    }
-}
 const composeServerlessDefinition = async (AppDefinition) => {
     console.log('composeServerlessDefinition', AppDefinition);
-    // Ensure Prisma layer exists before generating serverless config
-    await ensurePrismaLayerExists();
     const discoveredResources = await gatherDiscoveredResources(AppDefinition);
     const appEnvironmentVars = getAppEnvironmentVars(AppDefinition);
     const definition = createBaseDefinition(
@@ -2464,7 +2080,6 @@ const composeServerlessDefinition = async (AppDefinition) => {
     if (!isLocalBuild) {
         applyKmsConfiguration(definition, AppDefinition, discoveredResources);
         configureVpc(definition, AppDefinition, discoveredResources);
-        configurePostgres(definition, AppDefinition, discoveredResources);
         configureSsm(definition, AppDefinition);
     } else {
         console.log(