@hot-updater/aws 0.28.0 → 0.29.0

package/dist/index.cjs

@@ -1,4 +1,5 @@
-//#region rolldown:runtime
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+//#region \0rolldown/runtime.js
 var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
@@ -19,23 +20,18 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 	value: mod,
 	enumerable: true
 }) : target, mod));
-
 //#endregion
-let __aws_sdk_client_cloudfront = require("@aws-sdk/client-cloudfront");
-__aws_sdk_client_cloudfront = __toESM(__aws_sdk_client_cloudfront);
-let __aws_sdk_client_s3 = require("@aws-sdk/client-s3");
-__aws_sdk_client_s3 = __toESM(__aws_sdk_client_s3);
-let __aws_sdk_lib_storage = require("@aws-sdk/lib-storage");
-__aws_sdk_lib_storage = __toESM(__aws_sdk_lib_storage);
-let __hot_updater_plugin_core = require("@hot-updater/plugin-core");
-__hot_updater_plugin_core = __toESM(__hot_updater_plugin_core);
-let __aws_sdk_s3_request_presigner = require("@aws-sdk/s3-request-presigner");
-__aws_sdk_s3_request_presigner = __toESM(__aws_sdk_s3_request_presigner);
+let _aws_sdk_client_cloudfront = require("@aws-sdk/client-cloudfront");
+let _aws_sdk_client_s3 = require("@aws-sdk/client-s3");
+let _aws_sdk_lib_storage = require("@aws-sdk/lib-storage");
+let _hot_updater_plugin_core = require("@hot-updater/plugin-core");
+let _aws_sdk_s3_request_presigner = require("@aws-sdk/s3-request-presigner");
 let fs_promises = require("fs/promises");
 fs_promises = __toESM(fs_promises);
 let path = require("path");
 path = __toESM(path);
-
+let _aws_sdk_client_ssm = require("@aws-sdk/client-ssm");
+let _aws_sdk_cloudfront_signer = require("@aws-sdk/cloudfront-signer");
 //#region ../../node_modules/.pnpm/mime@4.0.4/node_modules/mime/dist/types/other.js
 const types$1 = {
 	"application/prs.cww": ["cww"],
@@ -849,8 +845,6 @@ const types$1 = {
 	"x-conference/x-cooltalk": ["ice"]
 };
 Object.freeze(types$1);
-var other_default = types$1;
-
 //#endregion
 //#region ../../node_modules/.pnpm/mime@4.0.4/node_modules/mime/dist/types/standard.js
 const types = {
@@ -1296,11 +1290,9 @@ const types = {
 	"video/webm": ["webm"]
 };
 Object.freeze(types);
-var standard_default = types;
-
 //#endregion
 //#region ../../node_modules/.pnpm/mime@4.0.4/node_modules/mime/dist/src/Mime.js
-var __classPrivateFieldGet = void 0 && (void 0).__classPrivateFieldGet || function(receiver, state, kind, f) {
+var __classPrivateFieldGet = function(receiver, state, kind, f) {
 	if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
 	if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
 	return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
@@ -1334,11 +1326,11 @@ var Mime = class {
 		}
 		return this;
 	}
-	getType(path$2) {
-		if (typeof path$2 !== "string") return null;
-		const last = path$2.replace(/^.*[/\\]/, "").toLowerCase();
+	getType(path) {
+		if (typeof path !== "string") return null;
+		const last = path.replace(/^.*[/\\]/, "").toLowerCase();
 		const ext = last.replace(/^.*\./, "").toLowerCase();
-		const hasPath = last.length < path$2.length;
+		const hasPath = last.length < path.length;
 		if (!(ext.length < last.length - 1) && hasPath) return null;
 		return __classPrivateFieldGet(this, _Mime_extensionToType, "f").get(ext) ?? null;
 	}
@@ -1367,12 +1359,44 @@ var Mime = class {
 	}
 };
 _Mime_extensionToType = /* @__PURE__ */ new WeakMap(), _Mime_typeToExtension = /* @__PURE__ */ new WeakMap(), _Mime_typeToExtensions = /* @__PURE__ */ new WeakMap();
-var Mime_default = Mime;
-
 //#endregion
 //#region ../../node_modules/.pnpm/mime@4.0.4/node_modules/mime/dist/src/index.js
-var src_default = new Mime_default(standard_default, other_default)._freeze();
-
+var src_default = new Mime(types, types$1)._freeze();
+//#endregion
+//#region src/runtimeAwsConfig.ts
+const truthyValues = new Set([
+	"1",
+	"true",
+	"yes",
+	"on"
+]);
+const isTruthy = (value) => {
+	if (!value) return false;
+	return truthyValues.has(value.toLowerCase());
+};
+const getAwsEndpointUrl = () => {
+	return process.env.AWS_ENDPOINT_URL?.trim() || void 0;
+};
+const shouldForcePathStyle = (forcePathStyle, endpoint) => {
+	if (forcePathStyle !== void 0) return forcePathStyle;
+	if (isTruthy(process.env.AWS_S3_FORCE_PATH_STYLE)) return true;
+	return endpoint !== void 0;
+};
+const applyS3RuntimeAwsConfig = (config) => {
+	const endpoint = config.endpoint ?? getAwsEndpointUrl();
+	return {
+		...config,
+		endpoint,
+		forcePathStyle: shouldForcePathStyle(config.forcePathStyle, endpoint)
+	};
+};
+const applySsmRuntimeAwsConfig = (config) => {
+	const endpoint = config.endpoint ?? getAwsEndpointUrl();
+	return {
+		...config,
+		endpoint
+	};
+};
 //#endregion
 //#region src/utils/streamToString.ts
 const streamToString = (stream) => {
@@ -1383,16 +1407,18 @@ const streamToString = (stream) => {
 		stream.on("end", () => resolve(Buffer.concat(chunks).toString("utf8")));
 	});
 };
-
 //#endregion
 //#region src/s3Database.ts
+const DEFAULT_INVALIDATION_POLL_INTERVAL_MS = 2e3;
+const DEFAULT_INVALIDATION_TIMEOUT_MS = 300 * 1e3;
+const sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
 /**
 * Loads JSON data from S3.
 * Returns null if NoSuchKey error occurs.
 */
 async function loadJsonFromS3(client, bucket, key) {
 	try {
-		const { Body } = await client.send(new __aws_sdk_client_s3.GetObjectCommand({
+		const { Body } = await client.send(new _aws_sdk_client_s3.GetObjectCommand({
 			Bucket: bucket,
 			Key: key
 		}));
@@ -1400,7 +1426,7 @@ async function loadJsonFromS3(client, bucket, key) {
 		const bodyContents = await streamToString(Body);
 		return JSON.parse(bodyContents);
 	} catch (e) {
-		if (e instanceof __aws_sdk_client_s3.NoSuchKey) return null;
+		if (e instanceof _aws_sdk_client_s3.NoSuchKey) return null;
 		throw e;
 	}
 }
@@ -1408,7 +1434,7 @@ async function loadJsonFromS3(client, bucket, key) {
 * Converts data to JSON string and uploads to S3.
 */
 async function uploadJsonToS3(client, bucket, key, data) {
-	await new __aws_sdk_lib_storage.Upload({
+	await new _aws_sdk_lib_storage.Upload({
 		client,
 		params: {
 			Bucket: bucket,
@@ -1423,7 +1449,7 @@ async function listObjectsInS3(client, bucketName, prefix) {
 	let continuationToken;
 	const keys = [];
 	do {
-		const response = await client.send(new __aws_sdk_client_s3.ListObjectsV2Command({
+		const response = await client.send(new _aws_sdk_client_s3.ListObjectsV2Command({
 			Bucket: bucketName,
 			Prefix: prefix,
 			ContinuationToken: continuationToken
@@ -1435,7 +1461,7 @@ async function listObjectsInS3(client, bucketName, prefix) {
 	return keys;
 }
 async function deleteObjectInS3(client, bucketName, key) {
-	await client.send(new __aws_sdk_client_s3.DeleteObjectCommand({
+	await client.send(new _aws_sdk_client_s3.DeleteObjectCommand({
 		Bucket: bucketName,
 		Key: key
 	}));
@@ -1443,26 +1469,50 @@ async function deleteObjectInS3(client, bucketName, key) {
 /**
 * Invalidates CloudFront cache for the given paths.
 */
-async function invalidateCloudFront(client, distributionId, paths) {
+async function invalidateCloudFront(client, distributionId, paths, options) {
 	if (paths.length === 0) return;
 	const timestamp = Date.now();
-	await client.send(new __aws_sdk_client_cloudfront.CreateInvalidationCommand({
-		DistributionId: distributionId,
-		InvalidationBatch: {
-			CallerReference: `invalidation-${timestamp}`,
-			Paths: {
-				Quantity: paths.length,
-				Items: paths
+	try {
+		const response = await client.send(new _aws_sdk_client_cloudfront.CreateInvalidationCommand({
+			DistributionId: distributionId,
+			InvalidationBatch: {
+				CallerReference: `invalidation-${timestamp}`,
+				Paths: {
+					Quantity: paths.length,
+					Items: paths
+				}
 			}
+		}));
+		if (!options?.shouldWaitForInvalidation) return;
+		const invalidationId = response.Invalidation?.Id;
+		if (!invalidationId) throw new Error("CloudFront invalidation response is missing Invalidation.Id");
+		if (response.Invalidation?.Status === "Completed") return;
+		const timeoutMs = DEFAULT_INVALIDATION_TIMEOUT_MS;
+		const pollIntervalMs = DEFAULT_INVALIDATION_POLL_INTERVAL_MS;
+		const deadline = Date.now() + timeoutMs;
+		while (Date.now() < deadline) {
+			await sleep(pollIntervalMs);
+			if ((await client.send(new _aws_sdk_client_cloudfront.GetInvalidationCommand({
+				DistributionId: distributionId,
+				Id: invalidationId
+			}))).Invalidation?.Status === "Completed") return;
 		}
-	}));
+		throw new Error(`Timed out waiting for CloudFront invalidation ${invalidationId} to complete after ${timeoutMs}ms`);
+	} catch (error) {
+		if (options?.shouldWaitForInvalidation) throw error;
+		const message = error instanceof Error ? error.message : "Unknown invalidation error";
+		console.warn(`[hot-updater/aws] CloudFront invalidation failed for distribution ${distributionId}; continuing without cache invalidation.`, {
+			error: message,
+			paths
+		});
+	}
 }
-const s3Database = (0, __hot_updater_plugin_core.createBlobDatabasePlugin)({
+const s3Database = (0, _hot_updater_plugin_core.createBlobDatabasePlugin)({
 	name: "s3Database",
 	factory: (config) => {
-		const { bucketName, cloudfrontDistributionId, apiBasePath = "/api/check-update",...s3Config } = config;
-		const client = new __aws_sdk_client_s3.S3Client(s3Config);
-		const cloudfrontClient = cloudfrontDistributionId ? new __aws_sdk_client_cloudfront.CloudFrontClient({
+		const { bucketName, cloudfrontDistributionId, apiBasePath = "/api/check-update", shouldWaitForInvalidation = false, ...s3Config } = config;
+		const client = new _aws_sdk_client_s3.S3Client(applyS3RuntimeAwsConfig(s3Config));
+		const cloudfrontClient = cloudfrontDistributionId ? new _aws_sdk_client_cloudfront.CloudFrontClient({
 			credentials: s3Config.credentials,
 			region: s3Config.region
 		}) : void 0;
@@ -1473,33 +1523,32 @@ const s3Database = (0, __hot_updater_plugin_core.createBlobDatabasePlugin)({
 			uploadObject: (key, data) => uploadJsonToS3(client, bucketName, key, data),
 			deleteObject: (key) => deleteObjectInS3(client, bucketName, key),
 			invalidatePaths: (pathsToInvalidate) => {
-				if (cloudfrontClient && cloudfrontDistributionId && pathsToInvalidate.length > 0) return invalidateCloudFront(cloudfrontClient, cloudfrontDistributionId, pathsToInvalidate);
+				if (cloudfrontClient && cloudfrontDistributionId && pathsToInvalidate.length > 0) return invalidateCloudFront(cloudfrontClient, cloudfrontDistributionId, pathsToInvalidate, { shouldWaitForInvalidation });
 				return Promise.resolve();
 			}
 		};
 	}
 });
-
 //#endregion
 //#region src/s3Storage.ts
-const s3Storage = (0, __hot_updater_plugin_core.createStoragePlugin)({
+const s3Storage = (0, _hot_updater_plugin_core.createStoragePlugin)({
 	name: "s3Storage",
 	supportedProtocol: "s3",
 	factory: (config) => {
-		const { bucketName,...s3Config } = config;
-		const client = new __aws_sdk_client_s3.S3Client(s3Config);
-		const getStorageKey = (0, __hot_updater_plugin_core.createStorageKeyBuilder)(config.basePath);
+		const { bucketName, ...s3Config } = config;
+		const client = new _aws_sdk_client_s3.S3Client(applyS3RuntimeAwsConfig(s3Config));
+		const getStorageKey = (0, _hot_updater_plugin_core.createStorageKeyBuilder)(config.basePath);
 		return {
 			async delete(storageUri) {
-				const { bucket, key } = (0, __hot_updater_plugin_core.parseStorageUri)(storageUri, "s3");
+				const { bucket, key } = (0, _hot_updater_plugin_core.parseStorageUri)(storageUri, "s3");
 				if (bucket !== bucketName) throw new Error(`Bucket name mismatch: expected "${bucketName}", but found "${bucket}".`);
-				const listCommand = new __aws_sdk_client_s3.ListObjectsV2Command({
+				const listCommand = new _aws_sdk_client_s3.ListObjectsV2Command({
 					Bucket: bucketName,
 					Prefix: key
 				});
 				const listResponse = await client.send(listCommand);
 				if (listResponse.Contents && listResponse.Contents.length > 0) {
-					const deleteCommand = new __aws_sdk_client_s3.DeleteObjectsCommand({
+					const deleteCommand = new _aws_sdk_client_s3.DeleteObjectsCommand({
 						Bucket: bucketName,
 						Delete: {
 							Objects: listResponse.Contents.map((obj) => ({ Key: obj.Key })),
@@ -1513,9 +1562,9 @@ const s3Storage = (0, __hot_updater_plugin_core.createStoragePlugin)({
 			},
 			async upload(key, filePath) {
 				const Body = await fs_promises.default.readFile(filePath);
-				const ContentType = (0, __hot_updater_plugin_core.getContentType)(filePath);
+				const ContentType = (0, _hot_updater_plugin_core.getContentType)(filePath);
 				const Key = getStorageKey(key, path.default.basename(filePath));
-				const response = await new __aws_sdk_lib_storage.Upload({
+				const response = await new _aws_sdk_lib_storage.Upload({
 					client,
 					params: {
 						ContentType,
@@ -1535,7 +1584,7 @@ const s3Storage = (0, __hot_updater_plugin_core.createStoragePlugin)({
 				const key = u.pathname.slice(1);
 				if (!bucket || !key) throw new Error("Invalid S3 storage URI: missing bucket or key");
 				try {
-					const signedUrl = await (0, __aws_sdk_s3_request_presigner.getSignedUrl)(client, new __aws_sdk_client_s3.GetObjectCommand({
+					const signedUrl = await (0, _aws_sdk_s3_request_presigner.getSignedUrl)(client, new _aws_sdk_client_s3.GetObjectCommand({
 						Bucket: bucket,
 						Key: key
 					}), { expiresIn: 3600 });
@@ -1548,7 +1597,78 @@ const s3Storage = (0, __hot_updater_plugin_core.createStoragePlugin)({
 		};
 	}
 });
-
 //#endregion
+//#region src/withCloudFrontSignedUrl.ts
+const ONE_YEAR_IN_SECONDS = 3600 * 24 * 365;
+const privateKeyCache = /* @__PURE__ */ new Map();
+const getPrivateKeyFromSsm = async (region, parameterName) => {
+	if (!region) throw new Error(`Invalid AWS region format: ${region}. Expected format like 'us-east-1' or 'ap-southeast-1'`);
+	const parameter = (await new _aws_sdk_client_ssm.SSM(applySsmRuntimeAwsConfig({ region })).getParameter({
+		Name: parameterName,
+		WithDecryption: true
+	})).Parameter;
+	if (!parameter) throw new Error(`Failed to retrieve private key from SSM parameter: ${parameterName}`);
+	const parameterValue = parameter.Value;
+	if (!parameterValue) throw new Error(`Failed to retrieve private key from SSM parameter: ${parameterName}`);
+	let keyPair;
+	try {
+		keyPair = JSON.parse(parameterValue);
+	} catch (error) {
+		throw new Error(`Invalid JSON format in SSM parameter: ${parameterName}. ${error instanceof Error ? error.message : String(error)}`);
+	}
+	const privateKey = keyPair.privateKey;
+	if (!privateKey || typeof privateKey !== "string") throw new Error(`Invalid private key format in SSM parameter: ${parameterName}`);
+	return privateKey;
+};
+const resolvePrivateKey = (config) => {
+	if ("getPrivateKey" in config && typeof config.getPrivateKey === "function") return config.getPrivateKey();
+	const cacheKey = `${config.ssmRegion}:${config.ssmParameterName}`;
+	const cachedPrivateKey = privateKeyCache.get(cacheKey);
+	if (cachedPrivateKey) return cachedPrivateKey;
+	const privateKeyPromise = getPrivateKeyFromSsm(config.ssmRegion, config.ssmParameterName).catch((error) => {
+		privateKeyCache.delete(cacheKey);
+		throw error;
+	});
+	privateKeyCache.set(cacheKey, privateKeyPromise);
+	return privateKeyPromise;
+};
+const resolvePublicBaseUrl = async (config, context) => {
+	const publicBaseUrl = typeof config.publicBaseUrl === "function" ? await config.publicBaseUrl(context) : config.publicBaseUrl;
+	if (!publicBaseUrl) throw new Error("CloudFront publicBaseUrl resolver returned an empty URL");
+	return publicBaseUrl;
+};
+const withCloudFrontSignedUrl = (storageFactory, config) => {
+	return () => {
+		const baseStorage = storageFactory();
+		return {
+			...baseStorage,
+			name: `${baseStorage.name}WithCloudFrontSignedUrl`,
+			async getDownloadUrl(storageUri, context) {
+				const storageUrl = new URL(storageUri);
+				if (storageUrl.protocol !== "s3:") return baseStorage.getDownloadUrl(storageUri, context);
+				const [privateKey, publicBaseUrl] = await Promise.all([resolvePrivateKey(config), resolvePublicBaseUrl(config, context)]);
+				const url = new URL(publicBaseUrl);
+				url.pathname = storageUrl.pathname;
+				url.search = "";
+				return { fileUrl: (0, _aws_sdk_cloudfront_signer.getSignedUrl)({
+					url: url.toString(),
+					keyPairId: config.keyPairId,
+					privateKey,
+					dateLessThan: new Date(Date.now() + (config.expiresSeconds ?? ONE_YEAR_IN_SECONDS) * 1e3).toISOString()
+				}) };
+			}
+		};
+	};
+};
+//#endregion
+//#region src/s3LambdaEdgeStorage.ts
+const awsLambdaEdgeStorage = (config, hooks) => {
+	return withCloudFrontSignedUrl(s3Storage(config, hooks), config);
+};
+const s3LambdaEdgeStorage = awsLambdaEdgeStorage;
+//#endregion
+exports.awsLambdaEdgeStorage = awsLambdaEdgeStorage;
 exports.s3Database = s3Database;
-exports.s3Storage = s3Storage;
+exports.s3LambdaEdgeStorage = s3LambdaEdgeStorage;
+exports.s3Storage = s3Storage;
+exports.withCloudFrontSignedUrl = withCloudFrontSignedUrl;

package/dist/index.d.cts

@@ -1,4 +1,5 @@
-import * as _hot_updater_plugin_core1 from "@hot-updater/plugin-core";
+import * as _$_hot_updater_plugin_core0 from "@hot-updater/plugin-core";
+import { StoragePlugin, StoragePluginHooks, StorageResolveContext } from "@hot-updater/plugin-core";
 import { S3ClientConfig } from "@aws-sdk/client-s3";
 
 //#region src/s3Database.d.ts
@@ -12,9 +13,16 @@ interface S3DatabaseConfig extends S3ClientConfig {
    * where CloudFront is not available.
    */
   cloudfrontDistributionId?: string;
+  /**
+   * Wait for CloudFront invalidations to reach `Completed` before finishing.
+   *
+   * When enabled, invalidation failures and timeouts are surfaced to callers
+   * instead of being logged and ignored.
+   */
+  shouldWaitForInvalidation?: boolean;
   apiBasePath?: string;
 }
-declare const s3Database: (config: S3DatabaseConfig, hooks?: _hot_updater_plugin_core1.DatabasePluginHooks) => () => _hot_updater_plugin_core1.DatabasePlugin;
+declare const s3Database: (config: S3DatabaseConfig, hooks?: _$_hot_updater_plugin_core0.DatabasePluginHooks) => () => _$_hot_updater_plugin_core0.DatabasePlugin<unknown>;
 //#endregion
 //#region src/s3Storage.d.ts
 interface S3StorageConfig extends S3ClientConfig {
@@ -24,6 +32,31 @@ interface S3StorageConfig extends S3ClientConfig {
    */
   basePath?: string;
 }
-declare const s3Storage: (config: S3StorageConfig, hooks?: _hot_updater_plugin_core1.StoragePluginHooks) => () => _hot_updater_plugin_core1.StoragePlugin;
+declare const s3Storage: (config: S3StorageConfig, hooks?: _$_hot_updater_plugin_core0.StoragePluginHooks) => () => _$_hot_updater_plugin_core0.StoragePlugin<unknown>;
+//#endregion
+//#region src/withCloudFrontSignedUrl.d.ts
+interface CloudFrontPrivateKeyFromGetter {
+  getPrivateKey: () => Promise<string>;
+  ssmParameterName?: never;
+  ssmRegion?: never;
+}
+interface CloudFrontPrivateKeyFromSsm {
+  getPrivateKey?: never;
+  ssmParameterName: string;
+  ssmRegion: string;
+}
+type PublicBaseUrlResolver<TContext = unknown> = (context?: StorageResolveContext<TContext>) => string | Promise<string>;
+type CloudFrontSignedUrlConfig = CloudFrontPrivateKeyFromGetter | CloudFrontPrivateKeyFromSsm;
+type WithCloudFrontSignedUrlOptions<TContext = unknown> = CloudFrontSignedUrlConfig & {
+  keyPairId: string;
+  publicBaseUrl: string | PublicBaseUrlResolver<TContext>;
+  expiresSeconds?: number;
+};
+declare const withCloudFrontSignedUrl: <TContext = unknown>(storageFactory: () => StoragePlugin<TContext>, config: WithCloudFrontSignedUrlOptions<TContext>) => () => StoragePlugin<TContext>;
+//#endregion
+//#region src/s3LambdaEdgeStorage.d.ts
+type AwsLambdaEdgeStorageConfig = S3StorageConfig & WithCloudFrontSignedUrlOptions;
+declare const awsLambdaEdgeStorage: (config: AwsLambdaEdgeStorageConfig, hooks?: StoragePluginHooks) => () => _$_hot_updater_plugin_core0.StoragePlugin<unknown>;
+declare const s3LambdaEdgeStorage: (config: AwsLambdaEdgeStorageConfig, hooks?: StoragePluginHooks) => () => _$_hot_updater_plugin_core0.StoragePlugin<unknown>;
 //#endregion
-export { S3DatabaseConfig, S3StorageConfig, s3Database, s3Storage };
+export { AwsLambdaEdgeStorageConfig, CloudFrontSignedUrlConfig, PublicBaseUrlResolver, S3DatabaseConfig, S3StorageConfig, WithCloudFrontSignedUrlOptions, awsLambdaEdgeStorage, s3Database, s3LambdaEdgeStorage, s3Storage, withCloudFrontSignedUrl };

package/dist/index.d.mts

@@ -0,0 +1,62 @@
+import { S3ClientConfig } from "@aws-sdk/client-s3";
+import * as _$_hot_updater_plugin_core0 from "@hot-updater/plugin-core";
+import { StoragePlugin, StoragePluginHooks, StorageResolveContext } from "@hot-updater/plugin-core";
+
+//#region src/s3Database.d.ts
+interface S3DatabaseConfig extends S3ClientConfig {
+  bucketName: string;
+  /**
+   * CloudFront distribution ID used for cache invalidation.
+   *
+   * If omitted or an empty string, CloudFront invalidation is skipped.
+   * This is useful for local development environments (e.g. Localstack)
+   * where CloudFront is not available.
+   */
+  cloudfrontDistributionId?: string;
+  /**
+   * Wait for CloudFront invalidations to reach `Completed` before finishing.
+   *
+   * When enabled, invalidation failures and timeouts are surfaced to callers
+   * instead of being logged and ignored.
+   */
+  shouldWaitForInvalidation?: boolean;
+  apiBasePath?: string;
+}
+declare const s3Database: (config: S3DatabaseConfig, hooks?: _$_hot_updater_plugin_core0.DatabasePluginHooks) => () => _$_hot_updater_plugin_core0.DatabasePlugin<unknown>;
+//#endregion
+//#region src/s3Storage.d.ts
+interface S3StorageConfig extends S3ClientConfig {
+  bucketName: string;
+  /**
+   * Base path where bundles will be stored in the bucket
+   */
+  basePath?: string;
+}
+declare const s3Storage: (config: S3StorageConfig, hooks?: _$_hot_updater_plugin_core0.StoragePluginHooks) => () => _$_hot_updater_plugin_core0.StoragePlugin<unknown>;
+//#endregion
+//#region src/withCloudFrontSignedUrl.d.ts
+interface CloudFrontPrivateKeyFromGetter {
+  getPrivateKey: () => Promise<string>;
+  ssmParameterName?: never;
+  ssmRegion?: never;
+}
+interface CloudFrontPrivateKeyFromSsm {
+  getPrivateKey?: never;
+  ssmParameterName: string;
+  ssmRegion: string;
+}
+type PublicBaseUrlResolver<TContext = unknown> = (context?: StorageResolveContext<TContext>) => string | Promise<string>;
+type CloudFrontSignedUrlConfig = CloudFrontPrivateKeyFromGetter | CloudFrontPrivateKeyFromSsm;
+type WithCloudFrontSignedUrlOptions<TContext = unknown> = CloudFrontSignedUrlConfig & {
+  keyPairId: string;
+  publicBaseUrl: string | PublicBaseUrlResolver<TContext>;
+  expiresSeconds?: number;
+};
+declare const withCloudFrontSignedUrl: <TContext = unknown>(storageFactory: () => StoragePlugin<TContext>, config: WithCloudFrontSignedUrlOptions<TContext>) => () => StoragePlugin<TContext>;
+//#endregion
+//#region src/s3LambdaEdgeStorage.d.ts
+type AwsLambdaEdgeStorageConfig = S3StorageConfig & WithCloudFrontSignedUrlOptions;
+declare const awsLambdaEdgeStorage: (config: AwsLambdaEdgeStorageConfig, hooks?: StoragePluginHooks) => () => _$_hot_updater_plugin_core0.StoragePlugin<unknown>;
+declare const s3LambdaEdgeStorage: (config: AwsLambdaEdgeStorageConfig, hooks?: StoragePluginHooks) => () => _$_hot_updater_plugin_core0.StoragePlugin<unknown>;
+//#endregion
+export { AwsLambdaEdgeStorageConfig, CloudFrontSignedUrlConfig, PublicBaseUrlResolver, S3DatabaseConfig, S3StorageConfig, WithCloudFrontSignedUrlOptions, awsLambdaEdgeStorage, s3Database, s3LambdaEdgeStorage, s3Storage, withCloudFrontSignedUrl };