@kirkelliott/zap 0.1.0

package/README.md

@@ -0,0 +1,287 @@
+# zap
+
+> Drop a `.zap` file in S3. It becomes an API endpoint.
+
+Like PHP — but JavaScript, serverless, and free on AWS forever.
+
+One Lambda function runs permanently as the runtime. When a request arrives at `/proxy`, it fetches `proxy.zap` from your S3 bucket, evaluates it, and returns the response. To change behavior, upload a new file. No redeploy. No CI. No infra changes.
+
+---
+
+## Quick start
+
+```bash
+git clone https://github.com/dmvjs/s3node && cd s3node
+npm install
+npm run init
+```
+
+`init` provisions the full AWS stack and prints your endpoint URL. Requires AWS credentials (`aws configure`). Takes about 30 seconds.
+
+```
+  building runtime        ✓
+  creating bucket         ✓  zap-a3f2b8c1
+  creating kv table       ✓  zap-kv
+  configuring iam         ✓
+  deploying lambda        ✓
+  creating endpoint       ✓
+
+  → https://abc123.lambda-url.us-east-1.on.aws
+```
+
+---
+
+## Local dev
+
+```bash
+npm run dev    # → http://localhost:3000
+```
+
+Place `.zap` files in the project root. `GET /proxy` maps to `./proxy.zap`. Uses real DynamoDB for `kv` — same table as production.
+
+---
+
+## The .zap format
+
+A `.zap` file exports a default async function. That function is the handler.
+
+```js
+export default async (req) => {
+  return { status: 200, body: 'hello' }
+}
+```
+
+### Request
+
+```ts
+req.method   // 'GET' | 'POST' | 'PUT' | 'DELETE' | ...
+req.path     // '/proxy'
+req.query    // Record<string, string>  e.g. { url: 'https://...' }
+req.headers  // Record<string, string>
+req.body     // string | null
+```
+
+### Response
+
+```ts
+{
+  status?:  number                   // default 200
+  headers?: Record<string, string>
+  body?:    string | object          // objects are JSON-serialized
+}
+```
+
+### Built-ins
+
+Everything available globally inside every `.zap` file:
+
+| Name | Description |
+|---|---|
+| `fetch` | Standard web `fetch` |
+| `kv` | Persistent key/value store (DynamoDB) |
+| `zap(name)` | Import another `.zap` file from S3 |
+| `crypto` | Web Crypto API |
+| `URL`, `URLSearchParams` | URL utilities |
+| `Buffer` | Node.js Buffer |
+| `console` | Logging (goes to CloudWatch) |
+| `setTimeout`, `clearTimeout` | Timers |
+| `process.env` | Environment variables |
+
+---
+
+## kv — persistent storage
+
+`kv` is a built-in key/value store backed by DynamoDB. No setup, no imports, no config — it's just there.
+
+```js
+await kv.set('key', value)   // value can be string, number, object, array
+await kv.get('key')          // returns the value, or null if not found
+await kv.del('key')          // delete
+```
+
+```js
+// counter.zap
+export default async (req) => {
+  const count = ((await kv.get('visits')) ?? 0) + 1
+  await kv.set('visits', count)
+  return { body: { visits: count } }
+}
+```
+
+---
+
+## zap() — imports
+
+Any `.zap` file can import another using `zap(name)`. S3 is the module registry.
+
+```js
+// utils/greet.zap
+export default {
+  hello: (name) => `hello ${name}`,
+}
+```
+
+```js
+// api.zap
+export default async (req) => {
+  const greet = await zap('utils/greet')
+  return { body: greet.hello(req.query.name ?? 'world') }
+}
+```
+
+`zap('utils/greet')` fetches `utils/greet.zap` from the same bucket. Imports can be nested — a `.zap` file can `zap()` other `.zap` files. The bucket is the module system.
+
+---
+
+## @cron — scheduled handlers
+
+Add `// @cron <expr>` as the first line. When deployed, `zap deploy` automatically creates an EventBridge rule that triggers the handler on schedule.
+
+```js
+// @cron 0 * * * *
+export default async () => {
+  await kv.set('heartbeat', new Date().toISOString())
+  console.log('tick')
+}
+```
+
+Standard 5-field cron expressions (`minute hour day month weekday`). `zap rm` removes the EventBridge rule alongside the S3 file.
+
+Cron handlers receive no request argument. All built-ins (`kv`, `fetch`, `zap()`, etc.) are available.
+
+---
+
+## Examples
+
+### CORS proxy
+
+Fetch any remote URL server-side, bypassing browser CORS restrictions.
+
+```js
+// proxy.zap
+export default async (req) => {
+  const url = req.query.url
+  if (!url) return { status: 400, body: 'Missing ?url=' }
+
+  const upstream = await fetch(url)
+  return {
+    status: upstream.status,
+    headers: {
+      'content-type': upstream.headers.get('content-type') ?? 'text/plain',
+      'access-control-allow-origin': '*',
+    },
+    body: await upstream.text(),
+  }
+}
+```
+
+```
+GET https://your-endpoint/proxy?url=https://api.example.com/data
+```
+
+### Stateful counter
+
+```js
+// counter.zap
+export default async (req) => {
+  const count = ((await kv.get('visits')) ?? 0) + 1
+  await kv.set('visits', count)
+  return { body: { visits: count } }
+}
+```
+
+### Hourly heartbeat
+
+```js
+// @cron 0 * * * *
+export default async () => {
+  await kv.set('heartbeat', new Date().toISOString())
+}
+```
+
+---
+
+## CLI
+
+```
+zap init                        Provision AWS infra and deploy the runtime
+zap deploy <file|directory>     Upload .zap file(s) to S3
+zap rm <name>                   Remove a handler (and its cron rule if any)
+zap ls                          List deployed handlers
+```
+
+**Options**
+
+```
+-r, --region <region>    AWS region for init  (default: us-east-1)
+-b, --bucket <bucket>    S3 bucket name       (default: reads from .zaprc)
+```
+
+After `init`, a `.zaprc` file is written to the project root. All subsequent commands read the bucket name and function ARN from it automatically — no flags needed.
+
+---
+
+## AWS infrastructure
+
+Everything provisioned by `npm run init`:
+
+| Resource | Purpose |
+|---|---|
+| S3 bucket | Stores `.zap` files |
+| DynamoDB table (`zap-kv`) | Backs the `kv` built-in |
+| IAM role (`zap-runtime-role`) | Lambda execution role |
+| Lambda function (`zap-runtime`, Node 20) | The runtime |
+| Lambda Function URL | Public HTTPS endpoint — no API Gateway |
+| EventBridge rules | One per `@cron` handler (created on deploy) |
+
+---
+
+## Cost
+
+Runs within AWS always-free tier limits at zero cost for typical personal or small-team usage:
+
+| Service | Free tier |
+|---|---|
+| Lambda | 1M requests/month, 400K GB-seconds — permanent |
+| S3 | 5GB storage, 20K GET requests/month — permanent |
+| DynamoDB | 25 WCU/RCU, 25GB storage — permanent |
+| EventBridge | 14M scheduled invocations/month — permanent |
+
+---
+
+## How it works
+
+The runtime is a single Lambda function. On each HTTP request:
+
+1. Parse the URL path → derive the S3 key (`/proxy` → `proxy.zap`)
+2. Fetch the `.zap` source from S3
+3. Evaluate it in a `vm` sandbox with the built-in globals
+4. Call the exported handler with the request
+5. Return the response
+
+For `@cron` handlers, EventBridge sends `{ zap: { cron: "handler-name" } }` as the Lambda payload. The runtime detects this and invokes the handler with no request argument.
+
+`zap(name)` inside a handler triggers the same fetch-and-eval cycle recursively, with the same loader — so the entire module graph lives in S3.
+
+---
+
+MIT
+
+---
+
+The file in S3 is just a carrier. You don't need it.
+
+```js
+// live.zap
+export default async (req) => {
+  if (!req.body) return { status: 400, body: 'POST a function' }
+  return { body: await eval(`(${req.body})`)({ kv, fetch }) }
+}
+```
+
+```bash
+curl -X POST https://your-endpoint/live \
+  -d 'async ({ kv }) => kv.get("visits")'
+```
+
+Deploy `live.zap` once. Then POST JavaScript directly — no S3, no CLI, no deploy step. The runtime running inside itself.

package/demo/counter.zap

@@ -0,0 +1,6 @@
+export default async (req) => {
+  const key = req.query.key ?? 'default'
+  const count = ((await kv.get(key)) ?? 0) + 1
+  await kv.set(key, count)
+  return { body: { key, count } }
+}

package/demo/echo.zap

@@ -0,0 +1,11 @@
+export default async (req) => {
+  return {
+    body: {
+      method: req.method,
+      path: req.path,
+      query: req.query,
+      headers: req.headers,
+      body: req.body,
+    },
+  }
+}

package/demo/hello.zap

@@ -0,0 +1,4 @@
+export default async (req) => {
+  const name = req.query.name ?? 'world'
+  return { body: { message: `hello ${name}`, time: new Date().toISOString() } }
+}

package/demo/kv.zap

@@ -0,0 +1,18 @@
+export default async (req) => {
+  const { key, value } = req.query
+
+  if (!key) return { status: 400, body: 'Missing ?key=' }
+
+  if (req.method === 'DELETE') {
+    await kv.del(key)
+    return { body: { deleted: key } }
+  }
+
+  if (value !== undefined) {
+    await kv.set(key, value)
+    return { body: { set: key, value } }
+  }
+
+  const stored = await kv.get(key)
+  return { body: { key, value: stored } }
+}

package/demo/live.zap

@@ -0,0 +1,4 @@
+export default async (req) => {
+  if (!req.body) return { status: 400, body: 'POST a function' }
+  return { body: await eval(`(${req.body})`)({ kv, fetch }) }
+}

package/demo/proxy.zap

@@ -0,0 +1,14 @@
+export default async (req) => {
+  const url = req.query.url
+  if (!url) return { status: 400, body: 'Missing ?url=' }
+
+  const upstream = await fetch(url, { headers: { 'user-agent': 'zap-proxy/1.0' } })
+  return {
+    status: upstream.status,
+    headers: {
+      'content-type': upstream.headers.get('content-type') ?? 'text/plain',
+      'access-control-allow-origin': '*',
+    },
+    body: await upstream.text(),
+  }
+}

package/dist/cli.js

@@ -0,0 +1,144 @@
+#!/usr/bin/env node
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+const client_s3_1 = require("@aws-sdk/client-s3");
+const commander_1 = require("commander");
+const promises_1 = require("node:fs/promises");
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+const cron_1 = require("./cron");
+const s3 = new client_s3_1.S3Client({});
+function readConfig() {
+    try {
+        return JSON.parse((0, node_fs_1.readFileSync)('.zaprc', 'utf8'));
+    }
+    catch {
+        return {};
+    }
+}
+function bucket(opts) {
+    const b = opts.bucket ?? process.env.ZAP_BUCKET ?? readConfig().bucket;
+    if (!b) {
+        console.error('error: bucket required (--bucket, ZAP_BUCKET, or run: npm run init)');
+        process.exit(1);
+    }
+    return b;
+}
+async function walkZap(dir, prefix = '') {
+    const entries = await (0, promises_1.readdir)(dir, { withFileTypes: true });
+    const results = [];
+    for (const entry of entries) {
+        const filePath = (0, node_path_1.join)(dir, entry.name);
+        const key = prefix ? `${prefix}/${entry.name}` : entry.name;
+        if (entry.isDirectory())
+            results.push(...await walkZap(filePath, key));
+        else if (entry.name.endsWith('.zap'))
+            results.push({ filePath, key });
+    }
+    return results;
+}
+async function deployFile(b, filePath, key) {
+    const source = await (0, promises_1.readFile)(filePath, 'utf8');
+    await s3.send(new client_s3_1.PutObjectCommand({ Bucket: b, Key: key, Body: source, ContentType: 'application/javascript' }));
+    const name = key.replace(/\.zap$/, '');
+    const cronExpr = (0, cron_1.parseCron)(source);
+    if (cronExpr) {
+        const { functionArn } = readConfig();
+        if (!functionArn) {
+            console.error('run npm run init first');
+            process.exit(1);
+        }
+        await (0, cron_1.upsertCron)(name, cronExpr, functionArn);
+        console.log(`+ ${name}  ↻ ${cronExpr}`);
+    }
+    else {
+        console.log(`+ ${name}`);
+    }
+}
+const program = new commander_1.Command()
+    .name('zap')
+    .description('Deploy .zap handlers to S3')
+    .version('0.1.0');
+program
+    .command('init')
+    .description('provision AWS infrastructure and deploy the runtime')
+    .option('-r, --region <region>', 'AWS region', 'us-east-1')
+    .action(async (opts) => {
+    const { init } = await Promise.resolve().then(() => __importStar(require('./init')));
+    await init(opts.region);
+});
+program
+    .command('deploy <path>')
+    .description('upload a .zap file or directory to S3')
+    .option('-b, --bucket <bucket>', 'S3 bucket (or set ZAP_BUCKET)')
+    .action(async (path, opts) => {
+    const b = bucket(opts);
+    const info = await (0, promises_1.stat)(path);
+    if (info.isDirectory()) {
+        const files = await walkZap(path);
+        await Promise.all(files.map(({ filePath, key }) => deployFile(b, filePath, key)));
+    }
+    else {
+        const key = path.replace(/^\.\//, '');
+        await deployFile(b, path, key);
+    }
+});
+program
+    .command('rm <name>')
+    .description('remove a handler from S3')
+    .option('-b, --bucket <bucket>', 'S3 bucket (or set ZAP_BUCKET)')
+    .action(async (name, opts) => {
+    const b = bucket(opts);
+    const key = name.endsWith('.zap') ? name : `${name}.zap`;
+    await s3.send(new client_s3_1.DeleteObjectCommand({ Bucket: b, Key: key }));
+    const { functionArn } = readConfig();
+    if (functionArn)
+        await (0, cron_1.removeCron)(name.replace(/\.zap$/, ''), functionArn);
+    console.log(`- ${name.replace(/\.zap$/, '')}`);
+});
+program
+    .command('ls')
+    .description('list deployed handlers')
+    .option('-b, --bucket <bucket>', 'S3 bucket (or set ZAP_BUCKET)')
+    .action(async (opts) => {
+    const b = bucket(opts);
+    const { Contents = [] } = await s3.send(new client_s3_1.ListObjectsV2Command({ Bucket: b }));
+    const handlers = Contents.filter(o => o.Key?.endsWith('.zap'));
+    if (!handlers.length)
+        return console.log('no handlers deployed');
+    handlers.forEach(o => console.log(o.Key.replace(/\.zap$/, '')));
+});
+program.parse();

package/dist/cron.js

@@ -0,0 +1,60 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseCron = parseCron;
+exports.upsertCron = upsertCron;
+exports.removeCron = removeCron;
+const client_eventbridge_1 = require("@aws-sdk/client-eventbridge");
+const client_lambda_1 = require("@aws-sdk/client-lambda");
+const eb = new client_eventbridge_1.EventBridgeClient({});
+const lambda = new client_lambda_1.LambdaClient({});
+// Parse // @cron <expr> from .zap source
+function parseCron(source) {
+    const match = source.match(/^\/\/\s*@cron\s+(.+)/m);
+    return match ? match[1].trim() : null;
+}
+// Convert standard 5-field cron to EventBridge format
+// EventBridge requires one of day-of-month or day-of-week to be ?
+function toSchedule(expr) {
+    const [min, hour, dom, month, dow] = expr.split(' ');
+    const evbDom = dow !== '*' ? '?' : dom;
+    const evbDow = dow !== '*' ? dow : '?';
+    return `cron(${min} ${hour} ${evbDom} ${month} ${evbDow} *)`;
+}
+const ruleId = (name) => `zap-cron-${name.replace(/\//g, '-')}`;
+async function upsertCron(name, expr, functionArn) {
+    const rule = ruleId(name);
+    const { RuleArn } = await eb.send(new client_eventbridge_1.PutRuleCommand({
+        Name: rule,
+        ScheduleExpression: toSchedule(expr),
+        State: 'ENABLED',
+    }));
+    await eb.send(new client_eventbridge_1.PutTargetsCommand({
+        Rule: rule,
+        Targets: [{ Id: 'zap', Arn: functionArn, Input: JSON.stringify({ zap: { cron: name } }) }],
+    }));
+    try {
+        await lambda.send(new client_lambda_1.AddPermissionCommand({
+            FunctionName: functionArn,
+            StatementId: ruleId(name),
+            Action: 'lambda:InvokeFunction',
+            Principal: 'events.amazonaws.com',
+            SourceArn: RuleArn,
+        }));
+    }
+    catch (err) {
+        if (err.name !== 'ResourceConflictException')
+            throw err;
+    }
+}
+async function removeCron(name, functionArn) {
+    const rule = ruleId(name);
+    try {
+        await eb.send(new client_eventbridge_1.RemoveTargetsCommand({ Rule: rule, Ids: ['zap'] }));
+        await eb.send(new client_eventbridge_1.DeleteRuleCommand({ Name: rule }));
+        await lambda.send(new client_lambda_1.RemovePermissionCommand({ FunctionName: functionArn, StatementId: ruleId(name) }));
+    }
+    catch (err) {
+        if (err.name !== 'ResourceNotFoundException')
+            throw err;
+    }
+}

package/dist/dev.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const node_http_1 = require("node:http");
+const promises_1 = require("node:fs/promises");
+const eval_1 = require("./eval");
+const types_1 = require("./types");
+const PORT = Number(process.env.PORT ?? 3000);
+const loader = (name) => (0, promises_1.readFile)(`${name}.zap`, 'utf8');
+function readBody(req) {
+    return new Promise((resolve) => {
+        let data = '';
+        req.on('data', (chunk) => (data += chunk.toString()));
+        req.on('end', () => resolve(data || null));
+    });
+}
+const server = (0, node_http_1.createServer)(async (req, res) => {
+    const url = new URL(req.url, `http://localhost:${PORT}`);
+    const path = url.pathname;
+    const zapFile = `.${path}.zap`;
+    const zapReq = {
+        method: req.method,
+        path,
+        query: Object.fromEntries(url.searchParams),
+        headers: req.headers,
+        body: await readBody(req),
+    };
+    try {
+        const source = await (0, promises_1.readFile)(zapFile, 'utf8');
+        const zapRes = await (0, eval_1.run)(source, zapReq, loader);
+        res.writeHead(zapRes.status ?? 200, zapRes.headers);
+        res.end((0, types_1.serialize)(zapRes.body));
+    }
+    catch (err) {
+        if (err.code === 'ENOENT') {
+            res.writeHead(404).end(`No handler: ${zapFile}`);
+        }
+        else {
+            res.writeHead(500).end(err.message);
+        }
+    }
+});
+server.listen(PORT, () => console.log(`zap dev → http://localhost:${PORT}`));

package/dist/eval.js

@@ -0,0 +1,36 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.evalModule = evalModule;
+exports.run = run;
+const node_vm_1 = __importDefault(require("node:vm"));
+const kv_1 = require("./kv");
+const BASE_SANDBOX = {
+    fetch,
+    console,
+    URL,
+    URLSearchParams,
+    crypto,
+    Buffer,
+    setTimeout,
+    clearTimeout,
+    process: { env: process.env },
+    kv: kv_1.kv,
+};
+function evalModule(source, loader) {
+    const code = source.replace(/^export\s+default\s+/m, 'module.exports = ');
+    const mod = { exports: {} };
+    node_vm_1.default.runInNewContext(code, {
+        ...BASE_SANDBOX,
+        module: mod,
+        exports: mod.exports,
+        zap: (name) => loader(name).then(src => evalModule(src, loader)),
+    });
+    return mod.exports;
+}
+async function run(source, req, loader) {
+    const handler = evalModule(source, loader);
+    return handler(req);
+}

package/dist/handler.js

@@ -0,0 +1,46 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.handler = void 0;
+const client_s3_1 = require("@aws-sdk/client-s3");
+const eval_1 = require("./eval");
+const types_1 = require("./types");
+const s3 = new client_s3_1.S3Client({});
+const BUCKET = process.env.ZAP_BUCKET;
+const loader = async (name) => {
+    const { Body } = await s3.send(new client_s3_1.GetObjectCommand({ Bucket: BUCKET, Key: `${name}.zap` }));
+    return Body.transformToString();
+};
+const handler = async (event) => {
+    // Cron invocation from EventBridge
+    if (event?.zap?.cron) {
+        try {
+            const source = await loader(event.zap.cron);
+            const fn = (0, eval_1.evalModule)(source, loader);
+            await fn();
+        }
+        catch (err) {
+            console.error(`cron error [${event.zap.cron}]:`, err.message);
+        }
+        return;
+    }
+    // HTTP invocation from Function URL
+    const e = event;
+    const req = {
+        method: e.requestContext.http.method,
+        path: e.rawPath,
+        query: Object.fromEntries(new URLSearchParams(e.rawQueryString ?? '').entries()),
+        headers: e.headers,
+        body: e.body ?? null,
+    };
+    try {
+        const source = await loader(req.path.replace(/^\//, ''));
+        const res = await (0, eval_1.run)(source, req, loader);
+        return { statusCode: res.status ?? 200, headers: res.headers, body: (0, types_1.serialize)(res.body) };
+    }
+    catch (err) {
+        if (err.name === 'NoSuchKey')
+            return { statusCode: 404, body: `No handler for ${req.path}` };
+        return { statusCode: 500, body: err.message };
+    }
+};
+exports.handler = handler;

package/dist/init.js

@@ -0,0 +1,153 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.init = init;
+const client_iam_1 = require("@aws-sdk/client-iam");
+const client_lambda_1 = require("@aws-sdk/client-lambda");
+const client_s3_1 = require("@aws-sdk/client-s3");
+const client_dynamodb_1 = require("@aws-sdk/client-dynamodb");
+const node_child_process_1 = require("node:child_process");
+const node_crypto_1 = require("node:crypto");
+const node_fs_1 = require("node:fs");
+const ROLE = 'zap-runtime-role';
+const FUNCTION = 'zap-runtime';
+const TABLE = 'zap-kv';
+const TRUST = JSON.stringify({
+    Version: '2012-10-17',
+    Statement: [{ Effect: 'Allow', Principal: { Service: 'lambda.amazonaws.com' }, Action: 'sts:AssumeRole' }],
+});
+const policy = (bucket) => JSON.stringify({
+    Version: '2012-10-17',
+    Statement: [
+        { Effect: 'Allow', Action: ['s3:GetObject', 's3:ListBucket'], Resource: [`arn:aws:s3:::${bucket}`, `arn:aws:s3:::${bucket}/*`] },
+        { Effect: 'Allow', Action: ['dynamodb:GetItem', 'dynamodb:PutItem', 'dynamodb:DeleteItem'], Resource: `arn:aws:dynamodb:*:*:table/${TABLE}` },
+    ],
+});
+function step(label) {
+    process.stdout.write(`  ${label.padEnd(24)}`);
+    return (note = '') => console.log(`✓${note ? '  ' + note : ''}`);
+}
+async function init(region) {
+    const s3 = new client_s3_1.S3Client({ region });
+    const iam = new client_iam_1.IAMClient({ region: 'us-east-1' });
+    const lambda = new client_lambda_1.LambdaClient({ region });
+    const dynamo = new client_dynamodb_1.DynamoDBClient({ region });
+    let config = {};
+    try {
+        config = JSON.parse((0, node_fs_1.readFileSync)('.zaprc', 'utf8'));
+    }
+    catch { }
+    // Build
+    let done = step('building runtime');
+    (0, node_child_process_1.execSync)('npx tsc', { stdio: 'pipe' });
+    (0, node_child_process_1.execSync)('zip -j dist/runtime.zip dist/*.js', { stdio: 'pipe' });
+    done();
+    // Bucket
+    const bucket = config.bucket ?? `zap-${(0, node_crypto_1.randomBytes)(4).toString('hex')}`;
+    done = step('creating bucket');
+    try {
+        await s3.send(new client_s3_1.HeadBucketCommand({ Bucket: bucket }));
+    }
+    catch (err) {
+        if (err.name !== 'NotFound' && err.$metadata?.httpStatusCode !== 404)
+            throw err;
+        await s3.send(new client_s3_1.CreateBucketCommand({
+            Bucket: bucket,
+            ...(region !== 'us-east-1' && { CreateBucketConfiguration: { LocationConstraint: region } }),
+        }));
+    }
+    done(bucket);
+    // KV table
+    done = step('creating kv table');
+    try {
+        await dynamo.send(new client_dynamodb_1.DescribeTableCommand({ TableName: TABLE }));
+    }
+    catch (err) {
+        if (err.name !== 'ResourceNotFoundException')
+            throw err;
+        await dynamo.send(new client_dynamodb_1.CreateTableCommand({
+            TableName: TABLE,
+            KeySchema: [{ AttributeName: 'k', KeyType: 'HASH' }],
+            AttributeDefinitions: [{ AttributeName: 'k', AttributeType: 'S' }],
+            BillingMode: 'PAY_PER_REQUEST',
+        }));
+    }
+    done(TABLE);
+    // IAM role
+    done = step('configuring iam');
+    let roleArn;
+    let isNew = false;
+    try {
+        const { Role } = await iam.send(new client_iam_1.GetRoleCommand({ RoleName: ROLE }));
+        roleArn = Role.Arn;
+        await iam.send(new client_iam_1.PutRolePolicyCommand({ RoleName: ROLE, PolicyName: 'zap-access', PolicyDocument: policy(bucket) }));
+    }
+    catch (err) {
+        if (err.name !== 'NoSuchEntityException')
+            throw err;
+        isNew = true;
+        const { Role } = await iam.send(new client_iam_1.CreateRoleCommand({ RoleName: ROLE, AssumeRolePolicyDocument: TRUST }));
+        roleArn = Role.Arn;
+        await iam.send(new client_iam_1.AttachRolePolicyCommand({ RoleName: ROLE, PolicyArn: 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole' }));
+        await iam.send(new client_iam_1.PutRolePolicyCommand({ RoleName: ROLE, PolicyName: 'zap-access', PolicyDocument: policy(bucket) }));
+    }
+    if (isNew) {
+        process.stdout.write('propagating...');
+        await new Promise(r => setTimeout(r, 10_000));
+        process.stdout.write('\r  configuring iam        ');
+    }
+    done();
+    // Lambda
+    done = step('deploying lambda');
+    const zip = (0, node_fs_1.readFileSync)('dist/runtime.zip');
+    const env = { ZAP_BUCKET: bucket, ZAP_TABLE: TABLE };
+    let functionArn;
+    try {
+        const { Configuration } = await lambda.send(new client_lambda_1.GetFunctionCommand({ FunctionName: FUNCTION }));
+        functionArn = Configuration.FunctionArn;
+        await lambda.send(new client_lambda_1.UpdateFunctionCodeCommand({ FunctionName: FUNCTION, ZipFile: zip }));
+        await lambda.send(new client_lambda_1.UpdateFunctionConfigurationCommand({ FunctionName: FUNCTION, Environment: { Variables: env } }));
+    }
+    catch (err) {
+        if (err.name !== 'ResourceNotFoundException')
+            throw err;
+        const { FunctionArn } = await lambda.send(new client_lambda_1.CreateFunctionCommand({
+            FunctionName: FUNCTION,
+            Runtime: 'nodejs20.x',
+            Role: roleArn,
+            Handler: 'handler.handler',
+            Code: { ZipFile: zip },
+            Environment: { Variables: env },
+            Timeout: 30,
+            MemorySize: 256,
+        }));
+        functionArn = FunctionArn;
+    }
+    done();
+    // Function URL
+    done = step('creating endpoint');
+    let url;
+    try {
+        const { FunctionUrl } = await lambda.send(new client_lambda_1.GetFunctionUrlConfigCommand({ FunctionName: FUNCTION }));
+        url = FunctionUrl;
+    }
+    catch (err) {
+        if (err.name !== 'ResourceNotFoundException')
+            throw err;
+        const { FunctionUrl } = await lambda.send(new client_lambda_1.CreateFunctionUrlConfigCommand({
+            FunctionName: FUNCTION,
+            AuthType: 'NONE',
+            Cors: { AllowOrigins: ['*'], AllowMethods: ['*'], AllowHeaders: ['*'] },
+        }));
+        await lambda.send(new client_lambda_1.AddPermissionCommand({
+            FunctionName: FUNCTION,
+            StatementId: 'public-access',
+            Action: 'lambda:InvokeFunctionUrl',
+            Principal: '*',
+            FunctionUrlAuthType: 'NONE',
+        }));
+        url = FunctionUrl;
+    }
+    done();
+    (0, node_fs_1.writeFileSync)('.zaprc', JSON.stringify({ bucket, function: FUNCTION, table: TABLE, region, url, functionArn }, null, 2));
+    console.log(`\n  → ${url.trim()}\n`);
+}

package/dist/kv.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.kv = void 0;
+const client_dynamodb_1 = require("@aws-sdk/client-dynamodb");
+const lib_dynamodb_1 = require("@aws-sdk/lib-dynamodb");
+const TABLE = process.env.ZAP_TABLE ?? 'zap-kv';
+const db = lib_dynamodb_1.DynamoDBDocumentClient.from(new client_dynamodb_1.DynamoDBClient({}));
+exports.kv = {
+    get: async (key) => {
+        const { Item } = await db.send(new lib_dynamodb_1.GetCommand({ TableName: TABLE, Key: { k: key } }));
+        return Item?.v ?? null;
+    },
+    set: async (key, value) => {
+        await db.send(new lib_dynamodb_1.PutCommand({ TableName: TABLE, Item: { k: key, v: value } }));
+    },
+    del: async (key) => {
+        await db.send(new lib_dynamodb_1.DeleteCommand({ TableName: TABLE, Key: { k: key } }));
+    },
+};

package/dist/types.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.serialize = serialize;
+function serialize(body) {
+    return typeof body === 'string' ? body : JSON.stringify(body);
+}

package/examples/api.zap

@@ -0,0 +1,5 @@
+export default async (req) => {
+  const greet = await zap('examples/greet')
+  const name = req.query.name ?? 'world'
+  return { body: greet.hello(name) }
+}

package/examples/counter.zap

@@ -0,0 +1,5 @@
+export default async (req) => {
+  const count = ((await kv.get('visits')) ?? 0) + 1
+  await kv.set('visits', count)
+  return { body: { visits: count } }
+}

package/examples/greet.zap

@@ -0,0 +1,4 @@
+export default {
+  hello: (name) => `hello ${name}`,
+  shout: (name) => `HELLO ${name.toUpperCase()}`,
+}

package/examples/heartbeat.zap

@@ -0,0 +1,6 @@
+// @cron 0 * * * *
+export default async () => {
+  const last = new Date().toISOString()
+  await kv.set('heartbeat', last)
+  console.log('heartbeat', last)
+}

package/examples/proxy.zap

@@ -0,0 +1,19 @@
+export default async (req) => {
+  const url = req.query.url
+  if (!url) return { status: 400, body: 'Missing ?url= parameter' }
+
+  const upstream = await fetch(url, {
+    method: req.method === 'GET' ? 'GET' : req.method,
+    headers: { 'user-agent': 'zap-proxy/1.0' },
+    body: req.body ?? undefined,
+  })
+
+  return {
+    status: upstream.status,
+    headers: {
+      'content-type': upstream.headers.get('content-type') ?? 'application/octet-stream',
+      'access-control-allow-origin': '*',
+    },
+    body: await upstream.text(),
+  }
+}

package/package.json

@@ -0,0 +1,44 @@
+{
+  "name": "@kirkelliott/zap",
+  "version": "0.1.0",
+  "description": "Drop a .zap file in S3. It becomes an API endpoint.",
+  "main": "dist/handler.js",
+  "bin": {
+    "zap": "dist/cli.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsx src/dev.ts",
+    "init": "tsx src/cli.ts init",
+    "prepublishOnly": "npm run build"
+  },
+  "files": [
+    "dist",
+    "examples",
+    "demo"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/dmvjs/s3node.git"
+  },
+  "homepage": "https://github.com/dmvjs/s3node",
+  "license": "MIT",
+  "engines": {
+    "node": ">=20"
+  },
+  "dependencies": {
+    "@aws-sdk/client-dynamodb": "^3.1000.0",
+    "@aws-sdk/client-eventbridge": "^3.1000.0",
+    "@aws-sdk/client-iam": "^3.1000.0",
+    "@aws-sdk/client-lambda": "^3.1000.0",
+    "@aws-sdk/client-s3": "^3",
+    "@aws-sdk/lib-dynamodb": "^3.1000.0",
+    "commander": "^14.0.3"
+  },
+  "devDependencies": {
+    "@types/aws-lambda": "^8",
+    "@types/node": "^22",
+    "tsx": "^4",
+    "typescript": "^5"
+  }
+}