@rawdash/connector-aws-cloudwatch 0.16.0 → 0.17.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +46 -1
- package/dist/index.js +11 -6
- package/dist/index.js.map +1 -1
- package/package.json +4 -3
package/dist/index.d.ts
CHANGED
|
@@ -35,6 +35,51 @@ interface CloudWatchSettings extends BaseAWSSettings {
|
|
|
35
35
|
metricQueries: CloudWatchMetricQuery[];
|
|
36
36
|
lookbackMinutes?: number;
|
|
37
37
|
}
|
|
38
|
+
declare const awsCloudwatchResources: {
|
|
39
|
+
readonly '<namespace>/<metric>': {
|
|
40
|
+
readonly shape: "metric";
|
|
41
|
+
readonly dynamic: true;
|
|
42
|
+
readonly description: "One metric series per declared metric query. The series name is the query namespace/metric (e.g. `AWS/EC2/CPUUtilization`), so the actual keys depend on the configured `metricQueries`. Each sample carries the query statistic, period, query id, the upstream status code, and label as attributes.";
|
|
43
|
+
readonly endpoint: "POST / (GetMetricData)";
|
|
44
|
+
readonly granularity: "Per query period (periodSeconds, a multiple of 60)";
|
|
45
|
+
readonly notes: "Each sync replaces the full set of samples for the metric names it owns (idempotent).";
|
|
46
|
+
readonly dimensions: [{
|
|
47
|
+
readonly name: "stat";
|
|
48
|
+
readonly description: "The CloudWatch statistic requested for the query, e.g. Average, Sum, or p99.";
|
|
49
|
+
}, {
|
|
50
|
+
readonly name: "period";
|
|
51
|
+
readonly description: "The aggregation period in seconds for the data points.";
|
|
52
|
+
}, {
|
|
53
|
+
readonly name: "queryId";
|
|
54
|
+
readonly description: "The configured id of the metric query that produced the sample.";
|
|
55
|
+
}, {
|
|
56
|
+
readonly name: "statusCode";
|
|
57
|
+
readonly description: "GetMetricData result status for the series (Complete, PartialData, InternalError, or Forbidden).";
|
|
58
|
+
}, {
|
|
59
|
+
readonly name: "label";
|
|
60
|
+
readonly description: "The human-readable label CloudWatch returned for the series.";
|
|
61
|
+
}];
|
|
62
|
+
readonly responses: {
|
|
63
|
+
readonly metric_data: z.ZodObject<{
|
|
64
|
+
MetricDataResults: z.ZodArray<z.ZodObject<{
|
|
65
|
+
Id: z.ZodString;
|
|
66
|
+
Label: z.ZodString;
|
|
67
|
+
Timestamps: z.ZodArray<z.ZodISODateTime>;
|
|
68
|
+
Values: z.ZodArray<z.ZodNumber>;
|
|
69
|
+
StatusCode: z.ZodEnum<{
|
|
70
|
+
Complete: "Complete";
|
|
71
|
+
InternalError: "InternalError";
|
|
72
|
+
PartialData: "PartialData";
|
|
73
|
+
Forbidden: "Forbidden";
|
|
74
|
+
}>;
|
|
75
|
+
}, z.core.$strip>>;
|
|
76
|
+
NextToken: z.ZodOptional<z.ZodString>;
|
|
77
|
+
}, z.core.$strip>;
|
|
78
|
+
};
|
|
79
|
+
};
|
|
80
|
+
};
|
|
81
|
+
declare const id = "aws-cloudwatch";
|
|
82
|
+
declare const cost: ConnectorCost;
|
|
38
83
|
declare class CloudWatchConnector extends BaseAWSConnector<CloudWatchSettings> {
|
|
39
84
|
static readonly id = "aws-cloudwatch";
|
|
40
85
|
static readonly resources: {
|
|
@@ -106,4 +151,4 @@ declare class CloudWatchConnector extends BaseAWSConnector<CloudWatchSettings> {
|
|
|
106
151
|
private collectSamples;
|
|
107
152
|
}
|
|
108
153
|
|
|
109
|
-
export { CloudWatchConnector, type CloudWatchMetricQuery, type CloudWatchSettings, configFields, CloudWatchConnector as default, doc };
|
|
154
|
+
export { CloudWatchConnector, type CloudWatchMetricQuery, type CloudWatchSettings, configFields, cost, CloudWatchConnector as default, doc, id, awsCloudwatchResources as resources };
|
package/dist/index.js
CHANGED
|
@@ -566,13 +566,15 @@ var CLOUDWATCH_API_VERSION = "2010-08-01";
|
|
|
566
566
|
var MAX_QUERIES_PER_CALL = 500;
|
|
567
567
|
var DEFAULT_LOOKBACK_MINUTES = 180;
|
|
568
568
|
var MS_PER_MINUTE = 6e4;
|
|
569
|
+
var id = "aws-cloudwatch";
|
|
570
|
+
var cost = {
|
|
571
|
+
warning: "CloudWatch GetMetricData is billed per metric requested on the paid tier; high-frequency syncs over many metrics add up."
|
|
572
|
+
};
|
|
569
573
|
var CloudWatchConnector = class _CloudWatchConnector extends BaseAWSConnector {
|
|
570
|
-
static id =
|
|
574
|
+
static id = id;
|
|
571
575
|
static resources = awsCloudwatchResources;
|
|
572
576
|
static schemas = schemasFromResources(awsCloudwatchResources);
|
|
573
|
-
static cost =
|
|
574
|
-
warning: "CloudWatch GetMetricData is billed per metric requested on the paid tier; high-frequency syncs over many metrics add up."
|
|
575
|
-
};
|
|
577
|
+
static cost = cost;
|
|
576
578
|
static create(input, ctx) {
|
|
577
579
|
const parsed = configFields.parse(input);
|
|
578
580
|
return new _CloudWatchConnector(
|
|
@@ -590,7 +592,7 @@ var CloudWatchConnector = class _CloudWatchConnector extends BaseAWSConnector {
|
|
|
590
592
|
ctx
|
|
591
593
|
);
|
|
592
594
|
}
|
|
593
|
-
id =
|
|
595
|
+
id = id;
|
|
594
596
|
computeWindow(options) {
|
|
595
597
|
const endMs = Date.now();
|
|
596
598
|
if (options.since) {
|
|
@@ -721,7 +723,10 @@ var index_default = CloudWatchConnector;
|
|
|
721
723
|
export {
|
|
722
724
|
CloudWatchConnector,
|
|
723
725
|
configFields,
|
|
726
|
+
cost,
|
|
724
727
|
index_default as default,
|
|
725
|
-
doc
|
|
728
|
+
doc,
|
|
729
|
+
id,
|
|
730
|
+
awsCloudwatchResources as resources
|
|
726
731
|
};
|
|
727
732
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../aws-shared/src/sigv4.ts","../../aws-shared/src/xml.ts","../../../connector-shared/src/errors.ts","../../../connector-shared/src/retry.ts","../../../connector-shared/src/version.ts","../../../connector-shared/src/request.ts","../../../connector-shared/src/rate-limit.ts","../../../connector-shared/src/sanitize.ts","../../../connector-shared/src/epoch.ts","../../../connector-shared/src/pagination.ts","../../../connector-shared/src/logger.ts","../../aws-shared/src/base-aws-connector.ts","../../aws-shared/src/config.ts","../../../connector-shared/src/errors.ts","../../../connector-shared/src/retry.ts","../../../connector-shared/src/version.ts","../../../connector-shared/src/request.ts","../../../connector-shared/src/rate-limit.ts","../../../connector-shared/src/sanitize.ts","../../../connector-shared/src/epoch.ts","../../../connector-shared/src/pagination.ts","../../../connector-shared/src/logger.ts","../src/aws-cloudwatch.ts","../src/index.ts"],"sourcesContent":["// AWS Signature Version 4 signing, implemented against the Web Crypto API so\n// the connector carries no AWS SDK dependency. See\n// https://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html.\n\nconst encoder = new TextEncoder();\n\nconst ALGORITHM = 'AWS4-HMAC-SHA256';\n\n// Encode to a fresh ArrayBuffer-backed view so the result is a valid\n// `BufferSource` for the Web Crypto APIs under TypeScript's generic typing.\nfunction u8(data: string): Uint8Array<ArrayBuffer> {\n return new Uint8Array(encoder.encode(data));\n}\n\nfunction toHex(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer);\n let hex = '';\n for (let i = 0; i < bytes.length; i++) {\n hex += bytes[i]!.toString(16).padStart(2, '0');\n }\n return hex;\n}\n\nexport async function sha256Hex(data: string): Promise<string> {\n const digest = await globalThis.crypto.subtle.digest('SHA-256', u8(data));\n return toHex(digest);\n}\n\nasync function hmac(key: BufferSource, data: string): Promise<ArrayBuffer> {\n const cryptoKey = await globalThis.crypto.subtle.importKey(\n 'raw',\n key,\n { name: 'HMAC', hash: 'SHA-256' },\n false,\n ['sign'],\n );\n return globalThis.crypto.subtle.sign('HMAC', cryptoKey, u8(data));\n}\n\nasync function deriveSigningKey(\n secretAccessKey: string,\n dateStamp: string,\n region: string,\n service: string,\n): Promise<ArrayBuffer> {\n const kDate = await hmac(u8(`AWS4${secretAccessKey}`), dateStamp);\n const kRegion = await hmac(kDate, region);\n const kService = await hmac(kRegion, service);\n return hmac(kService, 'aws4_request');\n}\n\nexport interface AmzDate {\n amzDate: string;\n dateStamp: string;\n}\n\n// \"2015-08-30T12:36:00.000Z\" -> { amzDate: \"20150830T123600Z\", dateStamp: \"20150830\" }\nexport function formatAmzDate(date: Date): AmzDate {\n const amzDate = date.toISOString().replace(/[:-]|\\.\\d{3}/g, '');\n return { amzDate, dateStamp: amzDate.slice(0, 8) };\n}\n\nexport interface SignParams {\n method: string;\n host: string;\n path: string;\n query: string;\n headers: Record<string, string>;\n payloadHash: string;\n accessKeyId: string;\n secretAccessKey: string;\n region: string;\n service: string;\n amzDate: string;\n dateStamp: string;\n}\n\n// Returns the value for the `Authorization` header. The `headers` map must\n// contain every header that is part of the signature (at minimum `host` and\n// `x-amz-date`); extra unsigned headers sent on the wire are allowed.\nexport async function createAuthorizationHeader(\n params: SignParams,\n): Promise<string> {\n const lowerHeaders: Record<string, string> = {};\n for (const [key, value] of Object.entries(params.headers)) {\n lowerHeaders[key.toLowerCase()] = value.trim().replace(/\\s+/g, ' ');\n }\n const sortedNames = Object.keys(lowerHeaders).sort();\n\n const canonicalHeaders = sortedNames\n .map((name) => `${name}:${lowerHeaders[name]}\\n`)\n .join('');\n const signedHeaders = sortedNames.join(';');\n\n const canonicalRequest = [\n params.method,\n params.path,\n params.query,\n canonicalHeaders,\n signedHeaders,\n params.payloadHash,\n ].join('\\n');\n\n const credentialScope = `${params.dateStamp}/${params.region}/${params.service}/aws4_request`;\n const stringToSign = [\n ALGORITHM,\n params.amzDate,\n credentialScope,\n await sha256Hex(canonicalRequest),\n ].join('\\n');\n\n const signingKey = await deriveSigningKey(\n params.secretAccessKey,\n params.dateStamp,\n params.region,\n params.service,\n );\n const signature = toHex(await hmac(signingKey, stringToSign));\n\n return (\n `${ALGORITHM} Credential=${params.accessKeyId}/${credentialScope}, ` +\n `SignedHeaders=${signedHeaders}, Signature=${signature}`\n );\n}\n","// Minimal parser for the handful of AWS Query-protocol (XML) responses this\n// connector consumes: GetMetricData, STS AssumeRole, and error envelopes. It\n// is deliberately narrow — it understands the specific element nesting these\n// responses use rather than being a general-purpose XML parser.\n\nfunction decodeEntities(value: string): string {\n return value\n .replace(/</g, '<')\n .replace(/>/g, '>')\n .replace(/"/g, '\"')\n .replace(/'/g, \"'\")\n .replace(/'/g, \"'\")\n .replace(/&/g, '&');\n}\n\n// Inner text of the first `<tag>...</tag>` in `xml`. Returns '' for a\n// self-closing `<tag/>`, and null when the tag is absent. Tags that contain\n// repeated `<member>` children (Timestamps, Values, MetricDataResults) do not\n// nest within themselves, so the first matching close tag is the correct one.\nexport function firstInner(xml: string, tag: string): string | null {\n const escapedTag = tag.replace(/[.*+?^${}()|[\\]\\\\]/g, '\\\\$&');\n const open = new RegExp(`<${escapedTag}(?:\\\\s[^>]*)?>`).exec(xml);\n if (!open) {\n return new RegExp(`<${escapedTag}\\\\s*/>`).test(xml) ? '' : null;\n }\n const start = open.index + open[0].length;\n const closeIdx = xml.indexOf(`</${tag}>`, start);\n if (closeIdx === -1) {\n return null;\n }\n return xml.slice(start, closeIdx);\n}\n\nexport function firstText(xml: string, tag: string): string | null {\n const inner = firstInner(xml, tag);\n return inner === null ? null : decodeEntities(inner).trim();\n}\n\n// Inner content of each top-level `<member>...</member>`, tracking nesting so\n// that a result member's nested Timestamps/Values members are not mistaken for\n// top-level entries.\nexport function topLevelMembers(xml: string): string[] {\n const results: string[] = [];\n const re = /<member(?:\\s[^>]*)?>|<\\/member>/g;\n let depth = 0;\n let contentStart = -1;\n let match: RegExpExecArray | null;\n while ((match = re.exec(xml)) !== null) {\n if (match[0].startsWith('</')) {\n depth--;\n if (depth === 0 && contentStart !== -1) {\n results.push(xml.slice(contentStart, match.index));\n contentStart = -1;\n }\n } else {\n if (depth === 0) {\n contentStart = match.index + match[0].length;\n }\n depth++;\n }\n }\n return results;\n}\n\nexport interface MetricDataResult {\n id: string;\n label: string;\n statusCode: string;\n timestamps: string[];\n values: number[];\n}\n\nexport interface GetMetricDataParsed {\n results: MetricDataResult[];\n nextToken: string | null;\n}\n\nexport function parseGetMetricData(xml: string): GetMetricDataParsed {\n const resultsBlock = firstInner(xml, 'MetricDataResults') ?? '';\n const results = topLevelMembers(resultsBlock).map((member) => {\n const tsBlock = firstInner(member, 'Timestamps') ?? '';\n const valBlock = firstInner(member, 'Values') ?? '';\n return {\n id: firstText(member, 'Id') ?? '',\n label: firstText(member, 'Label') ?? '',\n statusCode: firstText(member, 'StatusCode') ?? '',\n timestamps: topLevelMembers(tsBlock).map((t) => decodeEntities(t).trim()),\n values: topLevelMembers(valBlock).map((v) =>\n Number(decodeEntities(v).trim()),\n ),\n };\n });\n const nextToken = firstText(xml, 'NextToken');\n return { results, nextToken: nextToken === '' ? null : nextToken };\n}\n\nexport interface StsCredentials {\n accessKeyId: string;\n secretAccessKey: string;\n sessionToken: string;\n expiration: string;\n}\n\nexport function parseAssumeRole(xml: string): StsCredentials | null {\n const credBlock = firstInner(xml, 'Credentials');\n if (credBlock === null) {\n return null;\n }\n const accessKeyId = firstText(credBlock, 'AccessKeyId') ?? '';\n const secretAccessKey = firstText(credBlock, 'SecretAccessKey') ?? '';\n if (accessKeyId === '' || secretAccessKey === '') {\n return null;\n }\n return {\n accessKeyId,\n secretAccessKey,\n sessionToken: firstText(credBlock, 'SessionToken') ?? '',\n expiration: firstText(credBlock, 'Expiration') ?? '',\n };\n}\n\n// AWS Query-protocol error envelopes carry the machine-readable error code in\n// an `<Error><Code>...</Code></Error>` element.\nexport function parseErrorCode(xml: string): string | null {\n return firstText(xml, 'Code');\n}\n","import type { HttpResponse } from './types';\n\nexport type HttpErrorKind =\n | 'transient'\n | 'rate_limit'\n | 'auth'\n | 'upstream_bug'\n | 'client_bug';\n\nexport abstract class HttpClientError extends Error {\n abstract readonly kind: HttpErrorKind;\n readonly response?: HttpResponse;\n\n constructor(message: string, response?: HttpResponse) {\n super(message);\n this.name = new.target.name;\n this.response = response;\n }\n}\n\nexport class TransientError extends HttpClientError {\n readonly kind = 'transient' as const;\n}\n\nexport class RateLimitError extends HttpClientError {\n readonly kind = 'rate_limit' as const;\n readonly retryAfter?: Date;\n\n constructor(message: string, response?: HttpResponse, retryAfter?: Date) {\n super(message, response);\n this.retryAfter = retryAfter;\n }\n}\n\nexport class AuthError extends HttpClientError {\n readonly kind = 'auth' as const;\n}\n\nexport class UpstreamBugError extends HttpClientError {\n readonly kind = 'upstream_bug' as const;\n}\n\nexport class ClientBugError extends HttpClientError {\n readonly kind = 'client_bug' as const;\n}\n\nexport function classifyStatus(status: number): HttpErrorKind {\n if (status === 429) {\n return 'rate_limit';\n }\n if (status === 401 || status === 403) {\n return 'auth';\n }\n if (status === 408) {\n return 'transient';\n }\n if (status >= 500) {\n return 'upstream_bug';\n }\n if (status >= 400) {\n return 'client_bug';\n }\n return 'client_bug';\n}\n\nexport function errorForStatus(\n message: string,\n response: HttpResponse,\n retryAfter?: Date,\n): HttpClientError {\n const kind = classifyStatus(response.status);\n switch (kind) {\n case 'rate_limit':\n return new RateLimitError(message, response, retryAfter);\n case 'auth':\n return new AuthError(message, response);\n case 'transient':\n return new TransientError(message, response);\n case 'upstream_bug':\n return new UpstreamBugError(message, response);\n case 'client_bug':\n return new ClientBugError(message, response);\n }\n}\n","import { HttpClientError, RateLimitError, TransientError } from './errors';\n\nexport interface RetryPolicy {\n maxAttempts?: number;\n initialDelayMs?: number;\n maxDelayMs?: number;\n retryOn?: (status: number | null, err?: Error) => boolean;\n}\n\nexport const defaultRetryOn = (status: number | null, err?: Error): boolean => {\n if (err instanceof RateLimitError) {\n return true;\n }\n if (err instanceof TransientError) {\n return true;\n }\n if (status === null) {\n return err instanceof Error && !(err instanceof HttpClientError);\n }\n if (status === 408 || status === 429) {\n return true;\n }\n if (status >= 500) {\n return true;\n }\n return false;\n};\n\nexport function backoffDelayMs(\n attempt: number,\n policy: Required<Pick<RetryPolicy, 'initialDelayMs' | 'maxDelayMs'>>,\n): number {\n const base = policy.initialDelayMs * 2 ** attempt;\n const jitter = base * 0.25 * Math.random();\n return Math.min(base + jitter, policy.maxDelayMs);\n}\n\nexport function parseRetryAfter(\n headerValue: string | null,\n now: Date = new Date(),\n): Date | undefined {\n if (!headerValue) {\n return undefined;\n }\n const trimmed = headerValue.trim();\n if (/^\\d+$/.test(trimmed)) {\n return new Date(now.getTime() + Number(trimmed) * 1000);\n }\n const parsed = Date.parse(trimmed);\n if (Number.isNaN(parsed)) {\n return undefined;\n }\n return new Date(parsed);\n}\n\nexport function sleep(ms: number, signal?: AbortSignal): Promise<void> {\n if (signal?.aborted) {\n return Promise.reject(signal.reason ?? new Error('Aborted'));\n }\n return new Promise<void>((resolve, reject) => {\n const onAbort = () => {\n clearTimeout(timer);\n reject(signal!.reason ?? new Error('Aborted'));\n };\n const timer = setTimeout(() => {\n signal?.removeEventListener('abort', onAbort);\n resolve();\n }, ms);\n signal?.addEventListener('abort', onAbort, { once: true });\n });\n}\n","export const HTTP_CLIENT_VERSION = '0.0.0';\n\nexport const DEFAULT_USER_AGENT = `rawdash-connector/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;\n\nexport function connectorUserAgent(connectorId: string): string {\n return `rawdash-connector-${connectorId}/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;\n}\n","import {\n AuthError,\n ClientBugError,\n HttpClientError,\n RateLimitError,\n TransientError,\n UpstreamBugError,\n errorForStatus,\n} from './errors';\nimport { defaultRetryOn, parseRetryAfter, sleep } from './retry';\nimport type { FetchLike, HttpMethod, HttpRequest, HttpResponse } from './types';\nimport { DEFAULT_USER_AGENT } from './version';\n\nconst DEFAULT_TIMEOUT_MS = 10_000;\nconst DEFAULT_MAX_ATTEMPTS = 3;\nconst DEFAULT_INITIAL_DELAY_MS = 1000;\nconst DEFAULT_MAX_DELAY_MS = 60_000;\nconst OBSERVER_TIMEOUT_MS = 250;\n\nexport interface RequestObservation {\n url: string;\n method: HttpMethod;\n status: number;\n resource: string;\n requestId: string;\n body: unknown;\n}\n\nexport type RequestObserver = (\n event: RequestObservation,\n) => void | Promise<void>;\n\nexport interface RequestOptions {\n fetch?: FetchLike;\n observer?: RequestObserver;\n resource: string;\n requestId?: string;\n}\n\nasync function notifyObserver(\n observer: RequestObserver,\n event: RequestObservation,\n): Promise<void> {\n let result: void | Promise<void>;\n try {\n result = observer(event);\n } catch (err) {\n console.warn('[connector-shared] request observer threw:', err);\n return;\n }\n if (!(result instanceof Promise)) {\n return;\n }\n const guarded = result.catch((err) => {\n console.warn('[connector-shared] request observer rejected:', err);\n });\n let timer: ReturnType<typeof setTimeout> | undefined;\n const timeout = new Promise<void>((resolve) => {\n timer = setTimeout(resolve, OBSERVER_TIMEOUT_MS);\n });\n try {\n await Promise.race([guarded, timeout]);\n } finally {\n if (timer) {\n clearTimeout(timer);\n }\n }\n}\n\nfunction newRequestId(): string {\n const c = (globalThis as { crypto?: { randomUUID?: () => string } }).crypto;\n if (c?.randomUUID) {\n return c.randomUUID();\n }\n return `${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 10)}`;\n}\n\nfunction mergeHeaders(\n defaults: Record<string, string>,\n overrides: Record<string, string> | undefined,\n): Record<string, string> {\n const merged: Record<string, string> = {};\n for (const [k, v] of Object.entries(defaults)) {\n merged[k.toLowerCase()] = v;\n }\n if (overrides) {\n for (const [k, v] of Object.entries(overrides)) {\n merged[k.toLowerCase()] = v;\n }\n }\n return merged;\n}\n\nfunction linkTimeoutSignal(\n parent: AbortSignal | undefined,\n timeoutMs: number,\n): { signal: AbortSignal; cancel: () => void } {\n const controller = new AbortController();\n const onParentAbort = () => {\n controller.abort(parent?.reason);\n };\n if (parent) {\n if (parent.aborted) {\n controller.abort(parent.reason);\n } else {\n parent.addEventListener('abort', onParentAbort, { once: true });\n }\n }\n const timer = setTimeout(() => {\n controller.abort(new Error(`Request timed out after ${timeoutMs}ms`));\n }, timeoutMs);\n return {\n signal: controller.signal,\n cancel: () => {\n clearTimeout(timer);\n if (parent) {\n parent.removeEventListener('abort', onParentAbort);\n }\n },\n };\n}\n\nasync function readBody(res: Response, parseJson: boolean): Promise<unknown> {\n if (res.status === 204 || res.status === 205) {\n return null;\n }\n const contentType = res.headers.get('content-type') ?? '';\n if (parseJson && contentType.includes('application/json')) {\n const text = await res.text();\n if (text.length === 0) {\n return null;\n }\n return JSON.parse(text);\n }\n return res.text();\n}\n\nexport async function request<T = unknown>(\n req: HttpRequest,\n options: RequestOptions,\n): Promise<HttpResponse<T>> {\n const fetchImpl: FetchLike = options.fetch ?? (globalThis.fetch as FetchLike);\n const retry = req.retry ?? {};\n const maxAttempts = retry.maxAttempts ?? DEFAULT_MAX_ATTEMPTS;\n const initialDelayMs = retry.initialDelayMs ?? DEFAULT_INITIAL_DELAY_MS;\n const maxDelayMs = retry.maxDelayMs ?? DEFAULT_MAX_DELAY_MS;\n const retryOn = retry.retryOn ?? defaultRetryOn;\n const timeoutMs = req.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n const parseJson = req.parseJson ?? true;\n\n const headers = mergeHeaders(\n {\n 'User-Agent': DEFAULT_USER_AGENT,\n Accept: 'application/json',\n },\n req.headers,\n );\n\n let lastErr: Error | undefined;\n\n for (let attempt = 0; attempt < maxAttempts; attempt++) {\n req.signal?.throwIfAborted();\n\n const { signal, cancel } = linkTimeoutSignal(req.signal, timeoutMs);\n let res: Response;\n try {\n res = await fetchImpl(req.url, {\n method: req.method ?? 'GET',\n headers,\n body: req.body as RequestInit['body'],\n signal,\n });\n } catch (err) {\n cancel();\n if (req.signal?.aborted) {\n throw req.signal.reason ?? err;\n }\n const error = err instanceof Error ? err : new Error(String(err));\n lastErr = error;\n if (attempt < maxAttempts - 1 && retryOn(null, error)) {\n const delay = computeDelay(attempt, initialDelayMs, maxDelayMs);\n await sleep(delay, req.signal);\n continue;\n }\n throw new TransientError(error.message);\n }\n cancel();\n\n const body = await readBody(res, parseJson);\n const httpResponse: HttpResponse<T> = {\n status: res.status,\n headers: res.headers,\n body: body as T,\n };\n if (req.rateLimit) {\n const state = req.rateLimit.parse(res.headers);\n if (state) {\n httpResponse.rateLimitState = state;\n }\n }\n\n if (options.observer) {\n await notifyObserver(options.observer, {\n url: req.url,\n method: req.method ?? 'GET',\n status: res.status,\n resource: options.resource,\n requestId: options.requestId ?? newRequestId(),\n body,\n });\n }\n\n if (res.ok) {\n return httpResponse;\n }\n\n const retryAfter = parseRetryAfter(res.headers.get('retry-after'));\n const message = `HTTP ${res.status} ${res.statusText} for ${req.method ?? 'GET'} ${req.url}`;\n const err = errorForStatus(message, httpResponse, retryAfter);\n\n if (\n attempt < maxAttempts - 1 &&\n retryOn(res.status, err) &&\n !(err instanceof AuthError) &&\n !(err instanceof ClientBugError)\n ) {\n lastErr = err;\n let delay = computeDelay(attempt, initialDelayMs, maxDelayMs);\n if (err instanceof RateLimitError && retryAfter) {\n const wait = retryAfter.getTime() - Date.now();\n if (wait > 0) {\n delay = Math.min(wait, maxDelayMs);\n }\n }\n await sleep(delay, req.signal);\n continue;\n }\n\n throw err;\n }\n\n throw lastErr ?? new UpstreamBugError('Exhausted retry attempts');\n}\n\nfunction computeDelay(\n attempt: number,\n initialDelayMs: number,\n maxDelayMs: number,\n): number {\n const base = initialDelayMs * 2 ** attempt;\n const jitter = base * 0.25 * Math.random();\n return Math.min(base + jitter, maxDelayMs);\n}\n\nexport { HttpClientError };\n","export interface RateLimitState {\n remaining: number;\n resetAt: Date;\n}\n\nexport interface RateLimitPolicy {\n parse(headers: Headers): RateLimitState | null;\n}\n\nexport interface StandardRateLimitPolicyConfig {\n remainingHeader: string;\n resetHeader: string;\n resetUnit: 's' | 'ms';\n resetFallbackMs?: number;\n}\n\nexport function standardRateLimitPolicy(\n config: StandardRateLimitPolicyConfig,\n): RateLimitPolicy {\n const { remainingHeader, resetHeader, resetUnit, resetFallbackMs } = config;\n const multiplier = resetUnit === 's' ? 1000 : 1;\n return {\n parse(h) {\n const remainingRaw = h.get(remainingHeader);\n if (remainingRaw === null || remainingRaw.trim() === '') {\n return null;\n }\n const remaining = Number(remainingRaw);\n if (!Number.isFinite(remaining)) {\n return null;\n }\n const resetRaw = h.get(resetHeader);\n if (resetRaw === null) {\n if (resetFallbackMs === undefined) {\n return null;\n }\n return {\n remaining,\n resetAt: new Date(Date.now() + resetFallbackMs),\n };\n }\n if (resetRaw.trim() === '') {\n return null;\n }\n const reset = Number(resetRaw);\n if (!Number.isFinite(reset) || reset < 0) {\n return null;\n }\n const resetMs = reset * multiplier;\n if (!Number.isFinite(resetMs)) {\n return null;\n }\n return { remaining, resetAt: new Date(resetMs) };\n },\n };\n}\n","export interface SanitizeAllowedUrlOptions {\n url: string | null;\n host: string;\n pathname: string;\n protocol?: 'https:' | 'http:';\n}\n\nexport function sanitizeAllowedUrl(\n options: SanitizeAllowedUrlOptions,\n): string | null {\n const { url, host, pathname, protocol = 'https:' } = options;\n if (url === null) {\n return null;\n }\n try {\n const u = new URL(url);\n if (u.protocol !== protocol || u.host !== host || u.pathname !== pathname) {\n return null;\n }\n return u.toString();\n } catch {\n return null;\n }\n}\n","export type EpochUnit = 'ms' | 's' | 'iso';\n\nexport function parseEpoch(\n value: number | string | null | undefined,\n unit: EpochUnit,\n): number | null {\n if (value === null || value === undefined) {\n return null;\n }\n if (unit === 'iso') {\n if (typeof value !== 'string') {\n return null;\n }\n const ms = new Date(value).getTime();\n return Number.isFinite(ms) ? ms : null;\n }\n if (typeof value === 'string' && value.trim() === '') {\n return null;\n }\n const n = typeof value === 'number' ? value : Number(value);\n if (!Number.isFinite(n)) {\n return null;\n }\n const result = unit === 's' ? n * 1000 : n;\n return Number.isFinite(result) ? result : null;\n}\n","import { request } from './request';\nimport type { HttpRequest } from './types';\n\nexport function parseLinkHeader(header: string | null): Record<string, string> {\n if (!header) {\n return {};\n }\n const result: Record<string, string> = {};\n for (const part of header.split(',')) {\n const match = part.match(/<([^>]+)>\\s*;\\s*rel=\"([^\"]+)\"/);\n if (match) {\n result[match[2]!] = match[1]!;\n }\n }\n return result;\n}\n\nexport async function* paginateLink<T>(\n initial: HttpRequest,\n parse: (body: unknown) => T[],\n options: { resource: string },\n): AsyncIterable<T> {\n let next: string | null = initial.url;\n while (next) {\n const res: Awaited<ReturnType<typeof request>> = await request(\n {\n ...initial,\n url: next,\n },\n { resource: options.resource },\n );\n for (const item of parse(res.body)) {\n yield item;\n }\n const links = parseLinkHeader(res.headers.get('link'));\n next = links['next'] ?? null;\n }\n}\n\nexport async function* paginateCursor<T>(\n initial: HttpRequest,\n parse: (body: unknown) => { items: T[]; nextCursor: string | null },\n buildNext: (req: HttpRequest, cursor: string) => HttpRequest,\n options: { resource: string },\n): AsyncIterable<T> {\n let req: HttpRequest = initial;\n while (true) {\n const res = await request(req, { resource: options.resource });\n const { items, nextCursor } = parse(res.body);\n for (const item of items) {\n yield item;\n }\n if (!nextCursor) {\n return;\n }\n req = buildNext(req, nextCursor);\n }\n}\n\nexport async function* paginatePage<T>(\n initial: HttpRequest,\n parse: (body: unknown) => { items: T[]; hasMore: boolean },\n buildPage: (req: HttpRequest, page: number) => HttpRequest,\n options: { resource: string },\n): AsyncIterable<T> {\n let page = 1;\n while (true) {\n const req = page === 1 ? initial : buildPage(initial, page);\n const res = await request(req, { resource: options.resource });\n const { items, hasMore } = parse(res.body);\n for (const item of items) {\n yield item;\n }\n if (!hasMore || items.length === 0) {\n return;\n }\n page++;\n }\n}\n","export type LogFields = Record<string, unknown>;\n\nexport interface ConnectorLogger {\n info(event: string, fields?: LogFields): void;\n warn(event: string, fields?: LogFields): void;\n}\n\nexport interface ConnectorLoggerOptions {\n scope: string;\n}\n\nconst MAX_VALUE_LEN = 120;\n\nfunction truncate(s: string, max = MAX_VALUE_LEN): string {\n if (s.length <= max) {\n return s;\n }\n return `${s.slice(0, max - 1)}…`;\n}\n\nfunction formatValue(value: unknown): string {\n if (value === null) {\n return 'null';\n }\n if (value === undefined) {\n return '';\n }\n if (typeof value === 'number' || typeof value === 'boolean') {\n return String(value);\n }\n if (typeof value === 'string') {\n const t = truncate(value);\n if (/[\\s\"=]/.test(t)) {\n return JSON.stringify(t);\n }\n return t;\n }\n if (typeof value === 'bigint') {\n return value.toString();\n }\n let json: string | undefined;\n try {\n json = JSON.stringify(value);\n } catch {\n json = undefined;\n }\n return truncate(json ?? String(value));\n}\n\nexport function formatLogFields(fields?: LogFields): string {\n if (!fields) {\n return '';\n }\n const parts: string[] = [];\n for (const [k, v] of Object.entries(fields)) {\n if (v === undefined) {\n continue;\n }\n parts.push(`${k}=${formatValue(v)}`);\n }\n return parts.length > 0 ? ` ${parts.join(' ')}` : '';\n}\n\nexport function formatLogLine(\n scope: string,\n event: string,\n fields?: LogFields,\n): string {\n return `[${scope}] ${event}${formatLogFields(fields)}`;\n}\n\nexport function createDefaultConnectorLogger(\n opts: ConnectorLoggerOptions,\n): ConnectorLogger {\n return {\n info(event, fields) {\n console.info(formatLogLine(opts.scope, event, fields));\n },\n warn(event, fields) {\n console.warn(formatLogLine(opts.scope, event, fields));\n },\n };\n}\n\nconst NOOP_LOGGER: ConnectorLogger = {\n info() {},\n warn() {},\n};\n\nexport function noopConnectorLogger(): ConnectorLogger {\n return NOOP_LOGGER;\n}\n","import {\n AuthError,\n type HttpClientError,\n type HttpResponse,\n RateLimitError,\n TransientError,\n connectorUserAgent,\n parseEpoch,\n} from '@rawdash/connector-shared';\nimport { BaseConnector, type CredentialsSchema } from '@rawdash/core';\n\nimport { createAuthorizationHeader, formatAmzDate, sha256Hex } from './sigv4';\nimport { type StsCredentials, parseAssumeRole, parseErrorCode } from './xml';\n\nexport interface BaseAWSSettings {\n region: string;\n roleArn?: string;\n externalId?: string;\n}\n\nexport const awsCredentialsSchema = {\n accessKeyId: {\n description: 'AWS access key ID',\n auth: 'optional' as const,\n },\n secretAccessKey: {\n description: 'AWS secret access key',\n auth: 'optional' as const,\n },\n} satisfies CredentialsSchema;\n\nexport type AwsCredentials = typeof awsCredentialsSchema;\n\nexport interface SigningCredentials {\n accessKeyId: string;\n secretAccessKey: string;\n sessionToken?: string;\n}\n\nconst STS_SERVICE = 'sts';\nconst STS_API_VERSION = '2011-06-15';\nconst ASSUMED_ROLE_TTL_BUFFER_MS = 60_000;\nconst ASSUME_ROLE_DURATION_SECONDS = 3600;\nconst FORM_CONTENT_TYPE = 'application/x-www-form-urlencoded; charset=utf-8';\n\nfunction readEnv(name: string): string | undefined {\n const env = (\n globalThis as {\n process?: { env?: Record<string, string | undefined> };\n }\n ).process?.env;\n return env?.[name];\n}\n\nexport abstract class BaseAWSConnector<\n TSettings extends BaseAWSSettings,\n> extends BaseConnector<TSettings, AwsCredentials> {\n override readonly credentials = awsCredentialsSchema;\n\n private assumedCreds: {\n value: SigningCredentials;\n expiresAt: number;\n } | null = null;\n\n protected baseCredentials(): SigningCredentials {\n const { accessKeyId, secretAccessKey } = this.creds;\n if (accessKeyId && secretAccessKey) {\n return { accessKeyId, secretAccessKey };\n }\n const envAccessKeyId = readEnv('AWS_ACCESS_KEY_ID');\n const envSecretAccessKey = readEnv('AWS_SECRET_ACCESS_KEY');\n if (envAccessKeyId && envSecretAccessKey) {\n return {\n accessKeyId: envAccessKeyId,\n secretAccessKey: envSecretAccessKey,\n sessionToken: readEnv('AWS_SESSION_TOKEN') || undefined,\n };\n }\n throw new AuthError(\n `${this.id}: no AWS credentials available — provide accessKeyId + secretAccessKey, or set them in the environment for role assumption`,\n );\n }\n\n protected async resolveSigningCredentials(\n signal?: AbortSignal,\n ): Promise<SigningCredentials> {\n if (this.settings.roleArn === undefined) {\n const { accessKeyId, secretAccessKey } = this.creds;\n if (!accessKeyId || !secretAccessKey) {\n throw new AuthError(\n `${this.id}: static-credential auth requires both accessKeyId and secretAccessKey`,\n );\n }\n return { accessKeyId, secretAccessKey };\n }\n\n if (this.assumedCreds && Date.now() < this.assumedCreds.expiresAt) {\n return this.assumedCreds.value;\n }\n return this.assumeRole(this.settings.roleArn, signal);\n }\n\n private async assumeRole(\n roleArn: string,\n signal?: AbortSignal,\n ): Promise<SigningCredentials> {\n const params = new URLSearchParams();\n params.set('Action', 'AssumeRole');\n params.set('Version', STS_API_VERSION);\n params.set('RoleArn', roleArn);\n params.set('RoleSessionName', `rawdash-${this.id}`);\n params.set('DurationSeconds', String(ASSUME_ROLE_DURATION_SECONDS));\n if (this.settings.externalId !== undefined) {\n params.set('ExternalId', this.settings.externalId);\n }\n\n const host = `sts.${this.settings.region}.amazonaws.com`;\n const xml = await this.signedPost({\n host,\n service: STS_SERVICE,\n body: params.toString(),\n signingCredentials: this.baseCredentials(),\n resource: 'assume_role',\n signal,\n });\n\n const parsed = parseAssumeRole(xml);\n if (parsed === null) {\n throw new AuthError(\n `${this.id}: STS AssumeRole returned no usable credentials`,\n );\n }\n this.cacheAssumedCredentials(parsed);\n return {\n accessKeyId: parsed.accessKeyId,\n secretAccessKey: parsed.secretAccessKey,\n sessionToken: parsed.sessionToken || undefined,\n };\n }\n\n private cacheAssumedCredentials(parsed: StsCredentials): void {\n const expirationMs = parseEpoch(parsed.expiration, 'iso');\n const expiresAt =\n expirationMs !== null\n ? expirationMs - ASSUMED_ROLE_TTL_BUFFER_MS\n : Date.now() + (ASSUME_ROLE_DURATION_SECONDS - 60) * 1000;\n this.assumedCreds = {\n value: {\n accessKeyId: parsed.accessKeyId,\n secretAccessKey: parsed.secretAccessKey,\n sessionToken: parsed.sessionToken || undefined,\n },\n expiresAt,\n };\n }\n\n protected async signedPost(args: {\n host: string;\n service: string;\n body: string;\n signingCredentials: SigningCredentials;\n resource: string;\n signal?: AbortSignal;\n }): Promise<string> {\n const { amzDate, dateStamp } = formatAmzDate(new Date());\n const payloadHash = await sha256Hex(args.body);\n\n const signedHeaders: Record<string, string> = {\n host: args.host,\n 'content-type': FORM_CONTENT_TYPE,\n 'x-amz-content-sha256': payloadHash,\n 'x-amz-date': amzDate,\n };\n if (args.signingCredentials.sessionToken !== undefined) {\n signedHeaders['x-amz-security-token'] =\n args.signingCredentials.sessionToken;\n }\n\n const authorization = await createAuthorizationHeader({\n method: 'POST',\n host: args.host,\n path: '/',\n query: '',\n headers: signedHeaders,\n payloadHash,\n accessKeyId: args.signingCredentials.accessKeyId,\n secretAccessKey: args.signingCredentials.secretAccessKey,\n region: this.settings.region,\n service: args.service,\n amzDate,\n dateStamp,\n });\n\n const sendHeaders: Record<string, string> = {\n 'content-type': FORM_CONTENT_TYPE,\n 'x-amz-content-sha256': payloadHash,\n 'x-amz-date': amzDate,\n 'user-agent': connectorUserAgent(this.id),\n Authorization: authorization,\n };\n if (args.signingCredentials.sessionToken !== undefined) {\n sendHeaders['x-amz-security-token'] =\n args.signingCredentials.sessionToken;\n }\n\n try {\n const res: HttpResponse<string> = await this.request<string>(\n {\n url: `https://${args.host}/`,\n method: 'POST',\n headers: sendHeaders,\n body: args.body,\n parseJson: false,\n signal: args.signal,\n },\n { resource: args.resource },\n );\n return res.body;\n } catch (err) {\n throw this.classifyAwsError(err);\n }\n }\n\n protected classifyAwsError(err: unknown): unknown {\n if (!(err instanceof Error) || !('kind' in err)) {\n return err;\n }\n const httpErr = err as HttpClientError;\n const body =\n typeof httpErr.response?.body === 'string' ? httpErr.response.body : '';\n const code = parseErrorCode(body) ?? '';\n const status = httpErr.response?.status ?? 0;\n\n if (\n /throttl|RequestLimitExceeded|TooManyRequests|LimitExceeded/i.test(code)\n ) {\n return new RateLimitError(httpErr.message, httpErr.response);\n }\n if (\n /AccessDenied|UnrecognizedClient|InvalidClientTokenId|SignatureDoesNotMatch|AuthFailure|InvalidAccessKeyId|Forbidden/i.test(\n code,\n )\n ) {\n return new AuthError(httpErr.message, httpErr.response);\n }\n if (status >= 500) {\n return new TransientError(httpErr.message, httpErr.response);\n }\n return err;\n }\n}\n","import { z } from 'zod';\n\nexport const awsAuthConfigShape = {\n region: z\n .string()\n .regex(\n /^[a-z0-9-]+$/,\n 'region must look like an AWS region, e.g. us-east-1',\n )\n .meta({\n label: 'AWS Region',\n description:\n 'The AWS region whose service endpoint you want to call, e.g. us-east-1.',\n placeholder: 'us-east-1',\n }),\n accessKeyId: z.object({ $secret: z.string() }).optional().meta({\n label: 'Access Key ID',\n description:\n 'AWS access key ID for an IAM principal with permission to call the relevant service. Use together with the secret access key for static-credential auth.',\n secret: true,\n }),\n secretAccessKey: z.object({ $secret: z.string() }).optional().meta({\n label: 'Secret Access Key',\n description: 'AWS secret access key paired with the access key ID above.',\n secret: true,\n }),\n roleArn: z\n .string()\n .regex(\n /^arn:aws:iam::\\d{12}:role\\/.+/,\n 'roleArn must be a full IAM role ARN, e.g. arn:aws:iam::123456789012:role/rawdash',\n )\n .optional()\n .meta({\n label: 'Role ARN',\n description:\n 'IAM role to assume via STS instead of using static keys. The base credentials (the access key above, or the ambient AWS environment) must be allowed to sts:AssumeRole this role.',\n placeholder: 'arn:aws:iam::123456789012:role/rawdash',\n }),\n externalId: z.string().min(1).optional().meta({\n label: 'External ID',\n description:\n 'External ID required by the trust policy of the role being assumed. Only used with Role ARN.',\n }),\n} as const;\n\nexport interface AwsAuthConfig {\n region: string;\n accessKeyId?: { $secret: string };\n secretAccessKey?: { $secret: string };\n roleArn?: string;\n externalId?: string;\n}\n\nexport const awsAuthRefine = {\n predicate: (val: AwsAuthConfig): boolean => {\n const hasRole = val.roleArn !== undefined;\n const hasStatic =\n val.accessKeyId !== undefined && val.secretAccessKey !== undefined;\n if (val.externalId !== undefined && !hasRole) {\n return false;\n }\n return hasRole || hasStatic;\n },\n message:\n 'Provide either accessKeyId + secretAccessKey (static credentials) or roleArn (role assumption). externalId requires roleArn.',\n} as const;\n","import type { HttpResponse } from './types';\n\nexport type HttpErrorKind =\n | 'transient'\n | 'rate_limit'\n | 'auth'\n | 'upstream_bug'\n | 'client_bug';\n\nexport abstract class HttpClientError extends Error {\n abstract readonly kind: HttpErrorKind;\n readonly response?: HttpResponse;\n\n constructor(message: string, response?: HttpResponse) {\n super(message);\n this.name = new.target.name;\n this.response = response;\n }\n}\n\nexport class TransientError extends HttpClientError {\n readonly kind = 'transient' as const;\n}\n\nexport class RateLimitError extends HttpClientError {\n readonly kind = 'rate_limit' as const;\n readonly retryAfter?: Date;\n\n constructor(message: string, response?: HttpResponse, retryAfter?: Date) {\n super(message, response);\n this.retryAfter = retryAfter;\n }\n}\n\nexport class AuthError extends HttpClientError {\n readonly kind = 'auth' as const;\n}\n\nexport class UpstreamBugError extends HttpClientError {\n readonly kind = 'upstream_bug' as const;\n}\n\nexport class ClientBugError extends HttpClientError {\n readonly kind = 'client_bug' as const;\n}\n\nexport function classifyStatus(status: number): HttpErrorKind {\n if (status === 429) {\n return 'rate_limit';\n }\n if (status === 401 || status === 403) {\n return 'auth';\n }\n if (status === 408) {\n return 'transient';\n }\n if (status >= 500) {\n return 'upstream_bug';\n }\n if (status >= 400) {\n return 'client_bug';\n }\n return 'client_bug';\n}\n\nexport function errorForStatus(\n message: string,\n response: HttpResponse,\n retryAfter?: Date,\n): HttpClientError {\n const kind = classifyStatus(response.status);\n switch (kind) {\n case 'rate_limit':\n return new RateLimitError(message, response, retryAfter);\n case 'auth':\n return new AuthError(message, response);\n case 'transient':\n return new TransientError(message, response);\n case 'upstream_bug':\n return new UpstreamBugError(message, response);\n case 'client_bug':\n return new ClientBugError(message, response);\n }\n}\n","import { HttpClientError, RateLimitError, TransientError } from './errors';\n\nexport interface RetryPolicy {\n maxAttempts?: number;\n initialDelayMs?: number;\n maxDelayMs?: number;\n retryOn?: (status: number | null, err?: Error) => boolean;\n}\n\nexport const defaultRetryOn = (status: number | null, err?: Error): boolean => {\n if (err instanceof RateLimitError) {\n return true;\n }\n if (err instanceof TransientError) {\n return true;\n }\n if (status === null) {\n return err instanceof Error && !(err instanceof HttpClientError);\n }\n if (status === 408 || status === 429) {\n return true;\n }\n if (status >= 500) {\n return true;\n }\n return false;\n};\n\nexport function backoffDelayMs(\n attempt: number,\n policy: Required<Pick<RetryPolicy, 'initialDelayMs' | 'maxDelayMs'>>,\n): number {\n const base = policy.initialDelayMs * 2 ** attempt;\n const jitter = base * 0.25 * Math.random();\n return Math.min(base + jitter, policy.maxDelayMs);\n}\n\nexport function parseRetryAfter(\n headerValue: string | null,\n now: Date = new Date(),\n): Date | undefined {\n if (!headerValue) {\n return undefined;\n }\n const trimmed = headerValue.trim();\n if (/^\\d+$/.test(trimmed)) {\n return new Date(now.getTime() + Number(trimmed) * 1000);\n }\n const parsed = Date.parse(trimmed);\n if (Number.isNaN(parsed)) {\n return undefined;\n }\n return new Date(parsed);\n}\n\nexport function sleep(ms: number, signal?: AbortSignal): Promise<void> {\n if (signal?.aborted) {\n return Promise.reject(signal.reason ?? new Error('Aborted'));\n }\n return new Promise<void>((resolve, reject) => {\n const onAbort = () => {\n clearTimeout(timer);\n reject(signal!.reason ?? new Error('Aborted'));\n };\n const timer = setTimeout(() => {\n signal?.removeEventListener('abort', onAbort);\n resolve();\n }, ms);\n signal?.addEventListener('abort', onAbort, { once: true });\n });\n}\n","export const HTTP_CLIENT_VERSION = '0.0.0';\n\nexport const DEFAULT_USER_AGENT = `rawdash-connector/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;\n\nexport function connectorUserAgent(connectorId: string): string {\n return `rawdash-connector-${connectorId}/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;\n}\n","import {\n AuthError,\n ClientBugError,\n HttpClientError,\n RateLimitError,\n TransientError,\n UpstreamBugError,\n errorForStatus,\n} from './errors';\nimport { defaultRetryOn, parseRetryAfter, sleep } from './retry';\nimport type { FetchLike, HttpMethod, HttpRequest, HttpResponse } from './types';\nimport { DEFAULT_USER_AGENT } from './version';\n\nconst DEFAULT_TIMEOUT_MS = 10_000;\nconst DEFAULT_MAX_ATTEMPTS = 3;\nconst DEFAULT_INITIAL_DELAY_MS = 1000;\nconst DEFAULT_MAX_DELAY_MS = 60_000;\nconst OBSERVER_TIMEOUT_MS = 250;\n\nexport interface RequestObservation {\n url: string;\n method: HttpMethod;\n status: number;\n resource: string;\n requestId: string;\n body: unknown;\n}\n\nexport type RequestObserver = (\n event: RequestObservation,\n) => void | Promise<void>;\n\nexport interface RequestOptions {\n fetch?: FetchLike;\n observer?: RequestObserver;\n resource: string;\n requestId?: string;\n}\n\nasync function notifyObserver(\n observer: RequestObserver,\n event: RequestObservation,\n): Promise<void> {\n let result: void | Promise<void>;\n try {\n result = observer(event);\n } catch (err) {\n console.warn('[connector-shared] request observer threw:', err);\n return;\n }\n if (!(result instanceof Promise)) {\n return;\n }\n const guarded = result.catch((err) => {\n console.warn('[connector-shared] request observer rejected:', err);\n });\n let timer: ReturnType<typeof setTimeout> | undefined;\n const timeout = new Promise<void>((resolve) => {\n timer = setTimeout(resolve, OBSERVER_TIMEOUT_MS);\n });\n try {\n await Promise.race([guarded, timeout]);\n } finally {\n if (timer) {\n clearTimeout(timer);\n }\n }\n}\n\nfunction newRequestId(): string {\n const c = (globalThis as { crypto?: { randomUUID?: () => string } }).crypto;\n if (c?.randomUUID) {\n return c.randomUUID();\n }\n return `${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 10)}`;\n}\n\nfunction mergeHeaders(\n defaults: Record<string, string>,\n overrides: Record<string, string> | undefined,\n): Record<string, string> {\n const merged: Record<string, string> = {};\n for (const [k, v] of Object.entries(defaults)) {\n merged[k.toLowerCase()] = v;\n }\n if (overrides) {\n for (const [k, v] of Object.entries(overrides)) {\n merged[k.toLowerCase()] = v;\n }\n }\n return merged;\n}\n\nfunction linkTimeoutSignal(\n parent: AbortSignal | undefined,\n timeoutMs: number,\n): { signal: AbortSignal; cancel: () => void } {\n const controller = new AbortController();\n const onParentAbort = () => {\n controller.abort(parent?.reason);\n };\n if (parent) {\n if (parent.aborted) {\n controller.abort(parent.reason);\n } else {\n parent.addEventListener('abort', onParentAbort, { once: true });\n }\n }\n const timer = setTimeout(() => {\n controller.abort(new Error(`Request timed out after ${timeoutMs}ms`));\n }, timeoutMs);\n return {\n signal: controller.signal,\n cancel: () => {\n clearTimeout(timer);\n if (parent) {\n parent.removeEventListener('abort', onParentAbort);\n }\n },\n };\n}\n\nasync function readBody(res: Response, parseJson: boolean): Promise<unknown> {\n if (res.status === 204 || res.status === 205) {\n return null;\n }\n const contentType = res.headers.get('content-type') ?? '';\n if (parseJson && contentType.includes('application/json')) {\n const text = await res.text();\n if (text.length === 0) {\n return null;\n }\n return JSON.parse(text);\n }\n return res.text();\n}\n\nexport async function request<T = unknown>(\n req: HttpRequest,\n options: RequestOptions,\n): Promise<HttpResponse<T>> {\n const fetchImpl: FetchLike = options.fetch ?? (globalThis.fetch as FetchLike);\n const retry = req.retry ?? {};\n const maxAttempts = retry.maxAttempts ?? DEFAULT_MAX_ATTEMPTS;\n const initialDelayMs = retry.initialDelayMs ?? DEFAULT_INITIAL_DELAY_MS;\n const maxDelayMs = retry.maxDelayMs ?? DEFAULT_MAX_DELAY_MS;\n const retryOn = retry.retryOn ?? defaultRetryOn;\n const timeoutMs = req.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n const parseJson = req.parseJson ?? true;\n\n const headers = mergeHeaders(\n {\n 'User-Agent': DEFAULT_USER_AGENT,\n Accept: 'application/json',\n },\n req.headers,\n );\n\n let lastErr: Error | undefined;\n\n for (let attempt = 0; attempt < maxAttempts; attempt++) {\n req.signal?.throwIfAborted();\n\n const { signal, cancel } = linkTimeoutSignal(req.signal, timeoutMs);\n let res: Response;\n try {\n res = await fetchImpl(req.url, {\n method: req.method ?? 'GET',\n headers,\n body: req.body as RequestInit['body'],\n signal,\n });\n } catch (err) {\n cancel();\n if (req.signal?.aborted) {\n throw req.signal.reason ?? err;\n }\n const error = err instanceof Error ? err : new Error(String(err));\n lastErr = error;\n if (attempt < maxAttempts - 1 && retryOn(null, error)) {\n const delay = computeDelay(attempt, initialDelayMs, maxDelayMs);\n await sleep(delay, req.signal);\n continue;\n }\n throw new TransientError(error.message);\n }\n cancel();\n\n const body = await readBody(res, parseJson);\n const httpResponse: HttpResponse<T> = {\n status: res.status,\n headers: res.headers,\n body: body as T,\n };\n if (req.rateLimit) {\n const state = req.rateLimit.parse(res.headers);\n if (state) {\n httpResponse.rateLimitState = state;\n }\n }\n\n if (options.observer) {\n await notifyObserver(options.observer, {\n url: req.url,\n method: req.method ?? 'GET',\n status: res.status,\n resource: options.resource,\n requestId: options.requestId ?? newRequestId(),\n body,\n });\n }\n\n if (res.ok) {\n return httpResponse;\n }\n\n const retryAfter = parseRetryAfter(res.headers.get('retry-after'));\n const message = `HTTP ${res.status} ${res.statusText} for ${req.method ?? 'GET'} ${req.url}`;\n const err = errorForStatus(message, httpResponse, retryAfter);\n\n if (\n attempt < maxAttempts - 1 &&\n retryOn(res.status, err) &&\n !(err instanceof AuthError) &&\n !(err instanceof ClientBugError)\n ) {\n lastErr = err;\n let delay = computeDelay(attempt, initialDelayMs, maxDelayMs);\n if (err instanceof RateLimitError && retryAfter) {\n const wait = retryAfter.getTime() - Date.now();\n if (wait > 0) {\n delay = Math.min(wait, maxDelayMs);\n }\n }\n await sleep(delay, req.signal);\n continue;\n }\n\n throw err;\n }\n\n throw lastErr ?? new UpstreamBugError('Exhausted retry attempts');\n}\n\nfunction computeDelay(\n attempt: number,\n initialDelayMs: number,\n maxDelayMs: number,\n): number {\n const base = initialDelayMs * 2 ** attempt;\n const jitter = base * 0.25 * Math.random();\n return Math.min(base + jitter, maxDelayMs);\n}\n\nexport { HttpClientError };\n","export interface RateLimitState {\n remaining: number;\n resetAt: Date;\n}\n\nexport interface RateLimitPolicy {\n parse(headers: Headers): RateLimitState | null;\n}\n\nexport interface StandardRateLimitPolicyConfig {\n remainingHeader: string;\n resetHeader: string;\n resetUnit: 's' | 'ms';\n resetFallbackMs?: number;\n}\n\nexport function standardRateLimitPolicy(\n config: StandardRateLimitPolicyConfig,\n): RateLimitPolicy {\n const { remainingHeader, resetHeader, resetUnit, resetFallbackMs } = config;\n const multiplier = resetUnit === 's' ? 1000 : 1;\n return {\n parse(h) {\n const remainingRaw = h.get(remainingHeader);\n if (remainingRaw === null || remainingRaw.trim() === '') {\n return null;\n }\n const remaining = Number(remainingRaw);\n if (!Number.isFinite(remaining)) {\n return null;\n }\n const resetRaw = h.get(resetHeader);\n if (resetRaw === null) {\n if (resetFallbackMs === undefined) {\n return null;\n }\n return {\n remaining,\n resetAt: new Date(Date.now() + resetFallbackMs),\n };\n }\n if (resetRaw.trim() === '') {\n return null;\n }\n const reset = Number(resetRaw);\n if (!Number.isFinite(reset) || reset < 0) {\n return null;\n }\n const resetMs = reset * multiplier;\n if (!Number.isFinite(resetMs)) {\n return null;\n }\n return { remaining, resetAt: new Date(resetMs) };\n },\n };\n}\n","export interface SanitizeAllowedUrlOptions {\n url: string | null;\n host: string;\n pathname: string;\n protocol?: 'https:' | 'http:';\n}\n\nexport function sanitizeAllowedUrl(\n options: SanitizeAllowedUrlOptions,\n): string | null {\n const { url, host, pathname, protocol = 'https:' } = options;\n if (url === null) {\n return null;\n }\n try {\n const u = new URL(url);\n if (u.protocol !== protocol || u.host !== host || u.pathname !== pathname) {\n return null;\n }\n return u.toString();\n } catch {\n return null;\n }\n}\n","export type EpochUnit = 'ms' | 's' | 'iso';\n\nexport function parseEpoch(\n value: number | string | null | undefined,\n unit: EpochUnit,\n): number | null {\n if (value === null || value === undefined) {\n return null;\n }\n if (unit === 'iso') {\n if (typeof value !== 'string') {\n return null;\n }\n const ms = new Date(value).getTime();\n return Number.isFinite(ms) ? ms : null;\n }\n if (typeof value === 'string' && value.trim() === '') {\n return null;\n }\n const n = typeof value === 'number' ? value : Number(value);\n if (!Number.isFinite(n)) {\n return null;\n }\n const result = unit === 's' ? n * 1000 : n;\n return Number.isFinite(result) ? result : null;\n}\n","import { request } from './request';\nimport type { HttpRequest } from './types';\n\nexport function parseLinkHeader(header: string | null): Record<string, string> {\n if (!header) {\n return {};\n }\n const result: Record<string, string> = {};\n for (const part of header.split(',')) {\n const match = part.match(/<([^>]+)>\\s*;\\s*rel=\"([^\"]+)\"/);\n if (match) {\n result[match[2]!] = match[1]!;\n }\n }\n return result;\n}\n\nexport async function* paginateLink<T>(\n initial: HttpRequest,\n parse: (body: unknown) => T[],\n options: { resource: string },\n): AsyncIterable<T> {\n let next: string | null = initial.url;\n while (next) {\n const res: Awaited<ReturnType<typeof request>> = await request(\n {\n ...initial,\n url: next,\n },\n { resource: options.resource },\n );\n for (const item of parse(res.body)) {\n yield item;\n }\n const links = parseLinkHeader(res.headers.get('link'));\n next = links['next'] ?? null;\n }\n}\n\nexport async function* paginateCursor<T>(\n initial: HttpRequest,\n parse: (body: unknown) => { items: T[]; nextCursor: string | null },\n buildNext: (req: HttpRequest, cursor: string) => HttpRequest,\n options: { resource: string },\n): AsyncIterable<T> {\n let req: HttpRequest = initial;\n while (true) {\n const res = await request(req, { resource: options.resource });\n const { items, nextCursor } = parse(res.body);\n for (const item of items) {\n yield item;\n }\n if (!nextCursor) {\n return;\n }\n req = buildNext(req, nextCursor);\n }\n}\n\nexport async function* paginatePage<T>(\n initial: HttpRequest,\n parse: (body: unknown) => { items: T[]; hasMore: boolean },\n buildPage: (req: HttpRequest, page: number) => HttpRequest,\n options: { resource: string },\n): AsyncIterable<T> {\n let page = 1;\n while (true) {\n const req = page === 1 ? initial : buildPage(initial, page);\n const res = await request(req, { resource: options.resource });\n const { items, hasMore } = parse(res.body);\n for (const item of items) {\n yield item;\n }\n if (!hasMore || items.length === 0) {\n return;\n }\n page++;\n }\n}\n","export type LogFields = Record<string, unknown>;\n\nexport interface ConnectorLogger {\n info(event: string, fields?: LogFields): void;\n warn(event: string, fields?: LogFields): void;\n}\n\nexport interface ConnectorLoggerOptions {\n scope: string;\n}\n\nconst MAX_VALUE_LEN = 120;\n\nfunction truncate(s: string, max = MAX_VALUE_LEN): string {\n if (s.length <= max) {\n return s;\n }\n return `${s.slice(0, max - 1)}…`;\n}\n\nfunction formatValue(value: unknown): string {\n if (value === null) {\n return 'null';\n }\n if (value === undefined) {\n return '';\n }\n if (typeof value === 'number' || typeof value === 'boolean') {\n return String(value);\n }\n if (typeof value === 'string') {\n const t = truncate(value);\n if (/[\\s\"=]/.test(t)) {\n return JSON.stringify(t);\n }\n return t;\n }\n if (typeof value === 'bigint') {\n return value.toString();\n }\n let json: string | undefined;\n try {\n json = JSON.stringify(value);\n } catch {\n json = undefined;\n }\n return truncate(json ?? String(value));\n}\n\nexport function formatLogFields(fields?: LogFields): string {\n if (!fields) {\n return '';\n }\n const parts: string[] = [];\n for (const [k, v] of Object.entries(fields)) {\n if (v === undefined) {\n continue;\n }\n parts.push(`${k}=${formatValue(v)}`);\n }\n return parts.length > 0 ? ` ${parts.join(' ')}` : '';\n}\n\nexport function formatLogLine(\n scope: string,\n event: string,\n fields?: LogFields,\n): string {\n return `[${scope}] ${event}${formatLogFields(fields)}`;\n}\n\nexport function createDefaultConnectorLogger(\n opts: ConnectorLoggerOptions,\n): ConnectorLogger {\n return {\n info(event, fields) {\n console.info(formatLogLine(opts.scope, event, fields));\n },\n warn(event, fields) {\n console.warn(formatLogLine(opts.scope, event, fields));\n },\n };\n}\n\nconst NOOP_LOGGER: ConnectorLogger = {\n info() {},\n warn() {},\n};\n\nexport function noopConnectorLogger(): ConnectorLogger {\n return NOOP_LOGGER;\n}\n","import {\n BaseAWSConnector,\n type BaseAWSSettings,\n awsAuthConfigShape,\n awsAuthRefine,\n parseGetMetricData,\n} from '@rawdash/connector-aws-shared';\nimport { parseEpoch } from '@rawdash/connector-shared';\nimport {\n type ConnectorContext,\n type ConnectorCost,\n type ConnectorDoc,\n type JSONValue,\n type MetricSample,\n type StorageHandle,\n type SyncOptions,\n type SyncResult,\n defineConfigFields,\n defineConnectorDoc,\n defineResources,\n schemasFromResources,\n} from '@rawdash/core';\nimport { z } from 'zod';\n\nconst metricQuerySchema = z.object({\n id: z\n .string()\n .regex(\n /^[a-z][a-zA-Z0-9_]*$/,\n 'CloudWatch query id must start with a lowercase letter and contain only letters, digits, and underscores',\n ),\n namespace: z.string().min(1),\n metric: z.string().min(1),\n stat: z.string().min(1),\n periodSeconds: z\n .number()\n .int()\n .min(60)\n .refine((n) => n % 60 === 0, {\n message: 'periodSeconds must be a multiple of 60 (1 minute)',\n }),\n dimensions: z.record(z.string(), z.string()).optional(),\n});\n\nexport const configFields = defineConfigFields(\n z\n .object({\n ...awsAuthConfigShape,\n metricQueries: z.array(metricQuerySchema).nonempty().meta({\n label: 'Metric queries',\n description:\n 'CloudWatch is too broad to mirror wholesale; declare the specific metrics to pull. Each query needs an id, namespace, metric name, statistic, and period (seconds, multiple of 60), with optional dimensions.',\n }),\n lookbackMinutes: z.number().int().positive().max(40_320).optional().meta({\n label: 'Lookback (minutes)',\n description:\n 'How far back to pull data points on a full sync when the host does not supply a since bound. Defaults to 180.',\n placeholder: '180',\n }),\n })\n .refine(awsAuthRefine.predicate, { message: awsAuthRefine.message })\n .refine(\n (cfg) =>\n new Set(cfg.metricQueries.map((q) => q.id)).size ===\n cfg.metricQueries.length,\n {\n path: ['metricQueries'],\n message: 'Each metric query id must be unique',\n },\n ),\n);\n\nexport const doc: ConnectorDoc = defineConnectorDoc({\n displayName: 'AWS CloudWatch',\n category: 'infrastructure',\n brandColor: '#FF4F8B',\n tagline:\n 'Pull declared CloudWatch metric time series (any namespace, statistic, and period) into a single metric series per query.',\n rateLimit:\n 'GetMetricData is batched at most 500 metrics per call with NextToken pagination; throttling (Throttling / RequestLimitExceeded / TooManyRequests) is retried with backoff.',\n vendor: {\n name: 'Amazon Web Services',\n apiDocs:\n 'https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricData.html',\n website: 'https://aws.amazon.com/cloudwatch/',\n },\n auth: {\n summary:\n 'Authenticate with either static IAM access keys or an assumed IAM role (STS). The principal needs cloudwatch:GetMetricData on the target region.',\n setup: [\n 'Create an IAM user or role with a policy granting `cloudwatch:GetMetricData`.',\n 'For static credentials, generate an access key ID and secret access key for that IAM user and store them as secrets.',\n 'For role assumption, set `roleArn` to the role to assume (and `externalId` if its trust policy requires one); the base credentials must be allowed to `sts:AssumeRole` it.',\n 'Set `region` to the AWS region whose CloudWatch endpoint holds the metrics, e.g. `us-east-1`.',\n 'Reference the keys from config, e.g. `accessKeyId: secret(\"AWS_ACCESS_KEY_ID\")` and `secretAccessKey: secret(\"AWS_SECRET_ACCESS_KEY\")`.',\n ],\n },\n limitations: [\n 'CloudWatch is too broad to mirror wholesale; only the metrics declared in `metricQueries` are synced; there is no automatic metric discovery.',\n 'The series name is derived from the query namespace/metric, so two queries against the same metric with different statistics or dimensions share one series name and are distinguished only by sample attributes.',\n 'Each query period must be a multiple of 60 seconds; sub-minute resolution is not supported.',\n 'A full sync uses lookbackMinutes; a latest sync uses a short window covering the last few periods.',\n ],\n});\n\nexport interface CloudWatchMetricQuery {\n id: string;\n namespace: string;\n metric: string;\n stat: string;\n periodSeconds: number;\n dimensions?: Record<string, string>;\n}\n\nexport interface CloudWatchSettings extends BaseAWSSettings {\n metricQueries: CloudWatchMetricQuery[];\n lookbackMinutes?: number;\n}\n\nconst metricDataResponseSchema = z.object({\n MetricDataResults: z.array(\n z.object({\n Id: z.string(),\n Label: z.string(),\n Timestamps: z.array(z.iso.datetime()),\n Values: z.array(z.number()),\n StatusCode: z.enum([\n 'Complete',\n 'InternalError',\n 'PartialData',\n 'Forbidden',\n ]),\n }),\n ),\n NextToken: z.string().optional(),\n});\n\nconst awsCloudwatchResources = defineResources({\n '<namespace>/<metric>': {\n shape: 'metric',\n dynamic: true,\n description:\n 'One metric series per declared metric query. The series name is the query namespace/metric (e.g. `AWS/EC2/CPUUtilization`), so the actual keys depend on the configured `metricQueries`. Each sample carries the query statistic, period, query id, the upstream status code, and label as attributes.',\n endpoint: 'POST / (GetMetricData)',\n granularity: 'Per query period (periodSeconds, a multiple of 60)',\n notes:\n 'Each sync replaces the full set of samples for the metric names it owns (idempotent).',\n dimensions: [\n {\n name: 'stat',\n description:\n 'The CloudWatch statistic requested for the query, e.g. Average, Sum, or p99.',\n },\n {\n name: 'period',\n description: 'The aggregation period in seconds for the data points.',\n },\n {\n name: 'queryId',\n description:\n 'The configured id of the metric query that produced the sample.',\n },\n {\n name: 'statusCode',\n description:\n 'GetMetricData result status for the series (Complete, PartialData, InternalError, or Forbidden).',\n },\n {\n name: 'label',\n description:\n 'The human-readable label CloudWatch returned for the series.',\n },\n ],\n responses: { metric_data: metricDataResponseSchema },\n },\n});\n\nconst CLOUDWATCH_SERVICE = 'monitoring';\nconst CLOUDWATCH_API_VERSION = '2010-08-01';\nconst MAX_QUERIES_PER_CALL = 500;\nconst DEFAULT_LOOKBACK_MINUTES = 180;\nconst MS_PER_MINUTE = 60_000;\n\nexport class CloudWatchConnector extends BaseAWSConnector<CloudWatchSettings> {\n static readonly id = 'aws-cloudwatch';\n\n static readonly resources = awsCloudwatchResources;\n\n static readonly schemas = schemasFromResources(awsCloudwatchResources);\n\n static readonly cost: ConnectorCost = {\n warning:\n 'CloudWatch GetMetricData is billed per metric requested on the paid tier; high-frequency syncs over many metrics add up.',\n };\n\n static create(input: unknown, ctx?: ConnectorContext): CloudWatchConnector {\n const parsed = configFields.parse(input);\n return new CloudWatchConnector(\n {\n region: parsed.region,\n roleArn: parsed.roleArn,\n externalId: parsed.externalId,\n metricQueries: parsed.metricQueries,\n lookbackMinutes: parsed.lookbackMinutes,\n },\n {\n accessKeyId: parsed.accessKeyId,\n secretAccessKey: parsed.secretAccessKey,\n },\n ctx,\n );\n }\n\n readonly id = 'aws-cloudwatch';\n\n private computeWindow(options: SyncOptions): {\n startMs: number;\n endMs: number;\n } {\n const endMs = Date.now();\n if (options.since) {\n const sinceMs = parseEpoch(options.since, 'iso');\n if (sinceMs !== null) {\n return { startMs: Math.min(sinceMs, endMs), endMs };\n }\n }\n if (options.mode === 'latest') {\n const maxPeriod = Math.max(\n ...this.settings.metricQueries.map((q) => q.periodSeconds),\n 60,\n );\n return { startMs: endMs - maxPeriod * 3 * 1000, endMs };\n }\n const lookback = this.settings.lookbackMinutes ?? DEFAULT_LOOKBACK_MINUTES;\n return { startMs: endMs - lookback * MS_PER_MINUTE, endMs };\n }\n\n private buildGetMetricDataBody(\n queries: CloudWatchMetricQuery[],\n startMs: number,\n endMs: number,\n nextToken: string | undefined,\n ): string {\n const params = new URLSearchParams();\n params.set('Action', 'GetMetricData');\n params.set('Version', CLOUDWATCH_API_VERSION);\n params.set('StartTime', new Date(startMs).toISOString());\n params.set('EndTime', new Date(endMs).toISOString());\n params.set('ScanBy', 'TimestampAscending');\n if (nextToken !== undefined) {\n params.set('NextToken', nextToken);\n }\n\n queries.forEach((query, index) => {\n const prefix = `MetricDataQueries.member.${index + 1}`;\n params.set(`${prefix}.Id`, query.id);\n params.set(`${prefix}.ReturnData`, 'true');\n params.set(`${prefix}.MetricStat.Metric.Namespace`, query.namespace);\n params.set(`${prefix}.MetricStat.Metric.MetricName`, query.metric);\n params.set(`${prefix}.MetricStat.Period`, String(query.periodSeconds));\n params.set(`${prefix}.MetricStat.Stat`, query.stat);\n const dimensions = Object.entries(query.dimensions ?? {});\n dimensions.forEach(([name, value], dimIndex) => {\n const dimPrefix = `${prefix}.MetricStat.Metric.Dimensions.member.${dimIndex + 1}`;\n params.set(`${dimPrefix}.Name`, name);\n params.set(`${dimPrefix}.Value`, value);\n });\n });\n\n return params.toString();\n }\n\n async sync(\n options: SyncOptions,\n storage: StorageHandle,\n signal?: AbortSignal,\n ): Promise<SyncResult> {\n const queries = this.settings.metricQueries;\n const names = new Set(queries.map((q) => `${q.namespace}/${q.metric}`));\n\n if (queries.length === 0) {\n return { done: true };\n }\n\n const queriesById = new Map(queries.map((q) => [q.id, q]));\n const { startMs, endMs } = this.computeWindow(options);\n\n const samples: MetricSample[] = [];\n const host = `${CLOUDWATCH_SERVICE}.${this.settings.region}.amazonaws.com`;\n\n for (let i = 0; i < queries.length; i += MAX_QUERIES_PER_CALL) {\n const chunk = queries.slice(i, i + MAX_QUERIES_PER_CALL);\n let nextToken: string | undefined;\n let page = 0;\n do {\n if (signal?.aborted) {\n return { done: false };\n }\n const body = this.buildGetMetricDataBody(\n chunk,\n startMs,\n endMs,\n nextToken,\n );\n const signingCredentials = await this.resolveSigningCredentials(signal);\n const xml = await this.signedPost({\n host,\n service: CLOUDWATCH_SERVICE,\n body,\n signingCredentials,\n resource: 'metric_data',\n signal,\n });\n const parsed = parseGetMetricData(xml);\n for (const result of parsed.results) {\n const query = queriesById.get(result.id);\n if (query === undefined) {\n continue;\n }\n this.collectSamples(samples, query, result);\n }\n nextToken = parsed.nextToken ?? undefined;\n page += 1;\n this.logger.info('fetched page', {\n resource: 'metric_data',\n page,\n items: parsed.results.length,\n next: nextToken ?? null,\n });\n } while (nextToken !== undefined);\n }\n\n await storage.metrics(samples, { names: [...names] });\n this.logger.info('resource done', {\n resource: 'metric_data',\n items: samples.length,\n });\n return { done: true };\n }\n\n private collectSamples(\n samples: MetricSample[],\n query: CloudWatchMetricQuery,\n result: {\n timestamps: string[];\n values: number[];\n statusCode: string;\n label: string;\n },\n ): void {\n const name = `${query.namespace}/${query.metric}`;\n const baseAttributes: Record<string, JSONValue> = {\n ...(query.dimensions ?? {}),\n stat: query.stat,\n period: query.periodSeconds,\n queryId: query.id,\n statusCode: result.statusCode,\n label: result.label,\n };\n const count = Math.min(result.timestamps.length, result.values.length);\n for (let i = 0; i < count; i++) {\n const ts = parseEpoch(result.timestamps[i]!, 'iso');\n const value = result.values[i]!;\n if (ts === null || !Number.isFinite(value)) {\n continue;\n }\n samples.push({ name, ts, value, attributes: { ...baseAttributes } });\n }\n }\n}\n","import { CloudWatchConnector } from './aws-cloudwatch';\n\nexport { CloudWatchConnector, configFields, doc } from './aws-cloudwatch';\nexport type {\n CloudWatchMetricQuery,\n CloudWatchSettings,\n} from './aws-cloudwatch';\nexport default CloudWatchConnector;\n"],"mappings":";AWSA,SAAS,qBAA6C;ACTtD,SAAS,SAAS;AZIlB,IAAM,UAAU,IAAI,YAAY;AAEhC,IAAM,YAAY;AAIlB,SAAS,GAAG,MAAuC;AACjD,SAAO,IAAI,WAAW,QAAQ,OAAO,IAAI,CAAC;AAC5C;AAEA,SAAS,MAAM,QAA6B;AAC1C,QAAM,QAAQ,IAAI,WAAW,MAAM;AACnC,MAAI,MAAM;AACV,WAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,WAAO,MAAM,CAAC,EAAG,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG;EAC/C;AACA,SAAO;AACT;AAEA,eAAsB,UAAU,MAA+B;AAC7D,QAAM,SAAS,MAAM,WAAW,OAAO,OAAO,OAAO,WAAW,GAAG,IAAI,CAAC;AACxE,SAAO,MAAM,MAAM;AACrB;AAEA,eAAe,KAAK,KAAmB,MAAoC;AACzE,QAAM,YAAY,MAAM,WAAW,OAAO,OAAO;IAC/C;IACA;IACA,EAAE,MAAM,QAAQ,MAAM,UAAU;IAChC;IACA,CAAC,MAAM;EACT;AACA,SAAO,WAAW,OAAO,OAAO,KAAK,QAAQ,WAAW,GAAG,IAAI,CAAC;AAClE;AAEA,eAAe,iBACb,iBACA,WACA,QACA,SACsB;AACtB,QAAM,QAAQ,MAAM,KAAK,GAAG,OAAO,eAAe,EAAE,GAAG,SAAS;AAChE,QAAM,UAAU,MAAM,KAAK,OAAO,MAAM;AACxC,QAAM,WAAW,MAAM,KAAK,SAAS,OAAO;AAC5C,SAAO,KAAK,UAAU,cAAc;AACtC;AAQO,SAAS,cAAc,MAAqB;AACjD,QAAM,UAAU,KAAK,YAAY,EAAE,QAAQ,iBAAiB,EAAE;AAC9D,SAAO,EAAE,SAAS,WAAW,QAAQ,MAAM,GAAG,CAAC,EAAE;AACnD;AAoBA,eAAsB,0BACpB,QACiB;AACjB,QAAM,eAAuC,CAAC;AAC9C,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,OAAO,OAAO,GAAG;AACzD,iBAAa,IAAI,YAAY,CAAC,IAAI,MAAM,KAAK,EAAE,QAAQ,QAAQ,GAAG;EACpE;AACA,QAAM,cAAc,OAAO,KAAK,YAAY,EAAE,KAAK;AAEnD,QAAM,mBAAmB,YACtB,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,aAAa,IAAI,CAAC;CAAI,EAC/C,KAAK,EAAE;AACV,QAAM,gBAAgB,YAAY,KAAK,GAAG;AAE1C,QAAM,mBAAmB;IACvB,OAAO;IACP,OAAO;IACP,OAAO;IACP;IACA;IACA,OAAO;EACT,EAAE,KAAK,IAAI;AAEX,QAAM,kBAAkB,GAAG,OAAO,SAAS,IAAI,OAAO,MAAM,IAAI,OAAO,OAAO;AAC9E,QAAM,eAAe;IACnB;IACA,OAAO;IACP;IACA,MAAM,UAAU,gBAAgB;EAClC,EAAE,KAAK,IAAI;AAEX,QAAM,aAAa,MAAM;IACvB,OAAO;IACP,OAAO;IACP,OAAO;IACP,OAAO;EACT;AACA,QAAM,YAAY,MAAM,MAAM,KAAK,YAAY,YAAY,CAAC;AAE5D,SACE,GAAG,SAAS,eAAe,OAAO,WAAW,IAAI,eAAe,mBAC/C,aAAa,eAAe,SAAS;AAE1D;ACtHA,SAAS,eAAe,OAAuB;AAC7C,SAAO,MACJ,QAAQ,SAAS,GAAG,EACpB,QAAQ,SAAS,GAAG,EACpB,QAAQ,WAAW,GAAG,EACtB,QAAQ,UAAU,GAAG,EACrB,QAAQ,WAAW,GAAG,EACtB,QAAQ,UAAU,GAAG;AAC1B;AAMO,SAAS,WAAW,KAAa,KAA4B;AAClE,QAAM,aAAa,IAAI,QAAQ,uBAAuB,MAAM;AAC5D,QAAM,OAAO,IAAI,OAAO,IAAI,UAAU,gBAAgB,EAAE,KAAK,GAAG;AAChE,MAAI,CAAC,MAAM;AACT,WAAO,IAAI,OAAO,IAAI,UAAU,QAAQ,EAAE,KAAK,GAAG,IAAI,KAAK;EAC7D;AACA,QAAM,QAAQ,KAAK,QAAQ,KAAK,CAAC,EAAE;AACnC,QAAM,WAAW,IAAI,QAAQ,KAAK,GAAG,KAAK,KAAK;AAC/C,MAAI,aAAa,IAAI;AACnB,WAAO;EACT;AACA,SAAO,IAAI,MAAM,OAAO,QAAQ;AAClC;AAEO,SAAS,UAAU,KAAa,KAA4B;AACjE,QAAM,QAAQ,WAAW,KAAK,GAAG;AACjC,SAAO,UAAU,OAAO,OAAO,eAAe,KAAK,EAAE,KAAK;AAC5D;AAKO,SAAS,gBAAgB,KAAuB;AACrD,QAAM,UAAoB,CAAC;AAC3B,QAAM,KAAK;AACX,MAAI,QAAQ;AACZ,MAAI,eAAe;AACnB,MAAI;AACJ,UAAQ,QAAQ,GAAG,KAAK,GAAG,OAAO,MAAM;AACtC,QAAI,MAAM,CAAC,EAAE,WAAW,IAAI,GAAG;AAC7B;AACA,UAAI,UAAU,KAAK,iBAAiB,IAAI;AACtC,gBAAQ,KAAK,IAAI,MAAM,cAAc,MAAM,KAAK,CAAC;AACjD,uBAAe;MACjB;IACF,OAAO;AACL,UAAI,UAAU,GAAG;AACf,uBAAe,MAAM,QAAQ,MAAM,CAAC,EAAE;MACxC;AACA;IACF;EACF;AACA,SAAO;AACT;AAeO,SAAS,mBAAmB,KAAkC;AACnE,QAAM,eAAe,WAAW,KAAK,mBAAmB,KAAK;AAC7D,QAAM,UAAU,gBAAgB,YAAY,EAAE,IAAI,CAAC,WAAW;AAC5D,UAAM,UAAU,WAAW,QAAQ,YAAY,KAAK;AACpD,UAAM,WAAW,WAAW,QAAQ,QAAQ,KAAK;AACjD,WAAO;MACL,IAAI,UAAU,QAAQ,IAAI,KAAK;MAC/B,OAAO,UAAU,QAAQ,OAAO,KAAK;MACrC,YAAY,UAAU,QAAQ,YAAY,KAAK;MAC/C,YAAY,gBAAgB,OAAO,EAAE,IAAI,CAAC,MAAM,eAAe,CAAC,EAAE,KAAK,CAAC;MACxE,QAAQ,gBAAgB,QAAQ,EAAE;QAAI,CAAC,MACrC,OAAO,eAAe,CAAC,EAAE,KAAK,CAAC;MACjC;IACF;EACF,CAAC;AACD,QAAM,YAAY,UAAU,KAAK,WAAW;AAC5C,SAAO,EAAE,SAAS,WAAW,cAAc,KAAK,OAAO,UAAU;AACnE;AASO,SAAS,gBAAgB,KAAoC;AAClE,QAAM,YAAY,WAAW,KAAK,aAAa;AAC/C,MAAI,cAAc,MAAM;AACtB,WAAO;EACT;AACA,QAAM,cAAc,UAAU,WAAW,aAAa,KAAK;AAC3D,QAAM,kBAAkB,UAAU,WAAW,iBAAiB,KAAK;AACnE,MAAI,gBAAgB,MAAM,oBAAoB,IAAI;AAChD,WAAO;EACT;AACA,SAAO;IACL;IACA;IACA,cAAc,UAAU,WAAW,cAAc,KAAK;IACtD,YAAY,UAAU,WAAW,YAAY,KAAK;EACpD;AACF;AAIO,SAAS,eAAe,KAA4B;AACzD,SAAO,UAAU,KAAK,MAAM;AAC9B;ACpHO,IAAe,kBAAf,cAAuC,MAAM;EAEzC;EAET,YAAY,SAAiB,UAAyB;AACpD,UAAM,OAAO;AACb,SAAK,OAAO,WAAW;AACvB,SAAK,WAAW;EAClB;AACF;AAEO,IAAM,iBAAN,cAA6B,gBAAgB;EACzC,OAAO;AAClB;AAEO,IAAM,iBAAN,cAA6B,gBAAgB;EACzC,OAAO;EACP;EAET,YAAY,SAAiB,UAAyB,YAAmB;AACvE,UAAM,SAAS,QAAQ;AACvB,SAAK,aAAa;EACpB;AACF;AAEO,IAAM,YAAN,cAAwB,gBAAgB;EACpC,OAAO;AAClB;AEpCO,IAAM,sBAAsB;AAE5B,IAAM,qBAAqB,qBAAqB,mBAAmB;AAEnE,SAAS,mBAAmB,aAA6B;AAC9D,SAAO,qBAAqB,WAAW,IAAI,mBAAmB;AAChE;AIJO,SAAS,WACd,OACA,MACe;AACf,MAAI,UAAU,QAAQ,UAAU,QAAW;AACzC,WAAO;EACT;AACA,MAAI,SAAS,OAAO;AAClB,QAAI,OAAO,UAAU,UAAU;AAC7B,aAAO;IACT;AACA,UAAM,KAAK,IAAI,KAAK,KAAK,EAAE,QAAQ;AACnC,WAAO,OAAO,SAAS,EAAE,IAAI,KAAK;EACpC;AACA,MAAI,OAAO,UAAU,YAAY,MAAM,KAAK,MAAM,IAAI;AACpD,WAAO;EACT;AACA,QAAM,IAAI,OAAO,UAAU,WAAW,QAAQ,OAAO,KAAK;AAC1D,MAAI,CAAC,OAAO,SAAS,CAAC,GAAG;AACvB,WAAO;EACT;AACA,QAAM,SAAS,SAAS,MAAM,IAAI,MAAO;AACzC,SAAO,OAAO,SAAS,MAAM,IAAI,SAAS;AAC5C;AGLO,IAAM,uBAAuB;EAClC,aAAa;IACX,aAAa;IACb,MAAM;EACR;EACA,iBAAiB;IACf,aAAa;IACb,MAAM;EACR;AACF;AAUA,IAAM,cAAc;AACpB,IAAM,kBAAkB;AACxB,IAAM,6BAA6B;AACnC,IAAM,+BAA+B;AACrC,IAAM,oBAAoB;AAE1B,SAAS,QAAQ,MAAkC;AACjD,QAAM,MACJ,WAGA,SAAS;AACX,SAAO,MAAM,IAAI;AACnB;AAEO,IAAe,mBAAf,cAEG,cAAyC;EAC/B,cAAc;EAExB,eAGG;EAED,kBAAsC;AAC9C,UAAM,EAAE,aAAa,gBAAgB,IAAI,KAAK;AAC9C,QAAI,eAAe,iBAAiB;AAClC,aAAO,EAAE,aAAa,gBAAgB;IACxC;AACA,UAAM,iBAAiB,QAAQ,mBAAmB;AAClD,UAAM,qBAAqB,QAAQ,uBAAuB;AAC1D,QAAI,kBAAkB,oBAAoB;AACxC,aAAO;QACL,aAAa;QACb,iBAAiB;QACjB,cAAc,QAAQ,mBAAmB,KAAK;MAChD;IACF;AACA,UAAM,IAAI;MACR,GAAG,KAAK,EAAE;IACZ;EACF;EAEA,MAAgB,0BACd,QAC6B;AAC7B,QAAI,KAAK,SAAS,YAAY,QAAW;AACvC,YAAM,EAAE,aAAa,gBAAgB,IAAI,KAAK;AAC9C,UAAI,CAAC,eAAe,CAAC,iBAAiB;AACpC,cAAM,IAAI;UACR,GAAG,KAAK,EAAE;QACZ;MACF;AACA,aAAO,EAAE,aAAa,gBAAgB;IACxC;AAEA,QAAI,KAAK,gBAAgB,KAAK,IAAI,IAAI,KAAK,aAAa,WAAW;AACjE,aAAO,KAAK,aAAa;IAC3B;AACA,WAAO,KAAK,WAAW,KAAK,SAAS,SAAS,MAAM;EACtD;EAEA,MAAc,WACZ,SACA,QAC6B;AAC7B,UAAM,SAAS,IAAI,gBAAgB;AACnC,WAAO,IAAI,UAAU,YAAY;AACjC,WAAO,IAAI,WAAW,eAAe;AACrC,WAAO,IAAI,WAAW,OAAO;AAC7B,WAAO,IAAI,mBAAmB,WAAW,KAAK,EAAE,EAAE;AAClD,WAAO,IAAI,mBAAmB,OAAO,4BAA4B,CAAC;AAClE,QAAI,KAAK,SAAS,eAAe,QAAW;AAC1C,aAAO,IAAI,cAAc,KAAK,SAAS,UAAU;IACnD;AAEA,UAAM,OAAO,OAAO,KAAK,SAAS,MAAM;AACxC,UAAM,MAAM,MAAM,KAAK,WAAW;MAChC;MACA,SAAS;MACT,MAAM,OAAO,SAAS;MACtB,oBAAoB,KAAK,gBAAgB;MACzC,UAAU;MACV;IACF,CAAC;AAED,UAAM,SAAS,gBAAgB,GAAG;AAClC,QAAI,WAAW,MAAM;AACnB,YAAM,IAAI;QACR,GAAG,KAAK,EAAE;MACZ;IACF;AACA,SAAK,wBAAwB,MAAM;AACnC,WAAO;MACL,aAAa,OAAO;MACpB,iBAAiB,OAAO;MACxB,cAAc,OAAO,gBAAgB;IACvC;EACF;EAEQ,wBAAwB,QAA8B;AAC5D,UAAM,eAAe,WAAW,OAAO,YAAY,KAAK;AACxD,UAAM,YACJ,iBAAiB,OACb,eAAe,6BACf,KAAK,IAAI,KAAK,+BAA+B,MAAM;AACzD,SAAK,eAAe;MAClB,OAAO;QACL,aAAa,OAAO;QACpB,iBAAiB,OAAO;QACxB,cAAc,OAAO,gBAAgB;MACvC;MACA;IACF;EACF;EAEA,MAAgB,WAAW,MAOP;AAClB,UAAM,EAAE,SAAS,UAAU,IAAI,cAAc,oBAAI,KAAK,CAAC;AACvD,UAAM,cAAc,MAAM,UAAU,KAAK,IAAI;AAE7C,UAAM,gBAAwC;MAC5C,MAAM,KAAK;MACX,gBAAgB;MAChB,wBAAwB;MACxB,cAAc;IAChB;AACA,QAAI,KAAK,mBAAmB,iBAAiB,QAAW;AACtD,oBAAc,sBAAsB,IAClC,KAAK,mBAAmB;IAC5B;AAEA,UAAM,gBAAgB,MAAM,0BAA0B;MACpD,QAAQ;MACR,MAAM,KAAK;MACX,MAAM;MACN,OAAO;MACP,SAAS;MACT;MACA,aAAa,KAAK,mBAAmB;MACrC,iBAAiB,KAAK,mBAAmB;MACzC,QAAQ,KAAK,SAAS;MACtB,SAAS,KAAK;MACd;MACA;IACF,CAAC;AAED,UAAM,cAAsC;MAC1C,gBAAgB;MAChB,wBAAwB;MACxB,cAAc;MACd,cAAc,mBAAmB,KAAK,EAAE;MACxC,eAAe;IACjB;AACA,QAAI,KAAK,mBAAmB,iBAAiB,QAAW;AACtD,kBAAY,sBAAsB,IAChC,KAAK,mBAAmB;IAC5B;AAEA,QAAI;AACF,YAAM,MAA4B,MAAM,KAAK;QAC3C;UACE,KAAK,WAAW,KAAK,IAAI;UACzB,QAAQ;UACR,SAAS;UACT,MAAM,KAAK;UACX,WAAW;UACX,QAAQ,KAAK;QACf;QACA,EAAE,UAAU,KAAK,SAAS;MAC5B;AACA,aAAO,IAAI;IACb,SAAS,KAAK;AACZ,YAAM,KAAK,iBAAiB,GAAG;IACjC;EACF;EAEU,iBAAiB,KAAuB;AAChD,QAAI,EAAE,eAAe,UAAU,EAAE,UAAU,MAAM;AAC/C,aAAO;IACT;AACA,UAAM,UAAU;AAChB,UAAM,OACJ,OAAO,QAAQ,UAAU,SAAS,WAAW,QAAQ,SAAS,OAAO;AACvE,UAAM,OAAO,eAAe,IAAI,KAAK;AACrC,UAAM,SAAS,QAAQ,UAAU,UAAU;AAE3C,QACE,8DAA8D,KAAK,IAAI,GACvE;AACA,aAAO,IAAI,eAAe,QAAQ,SAAS,QAAQ,QAAQ;IAC7D;AACA,QACE,uHAAuH;MACrH;IACF,GACA;AACA,aAAO,IAAI,UAAU,QAAQ,SAAS,QAAQ,QAAQ;IACxD;AACA,QAAI,UAAU,KAAK;AACjB,aAAO,IAAI,eAAe,QAAQ,SAAS,QAAQ,QAAQ;IAC7D;AACA,WAAO;EACT;AACF;ACxPO,IAAM,qBAAqB;EAChC,QAAQ,EACL,OAAO,EACP;IACC;IACA;EACF,EACC,KAAK;IACJ,OAAO;IACP,aACE;IACF,aAAa;EACf,CAAC;EACH,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,SAAS,EAAE,KAAK;IAC7D,OAAO;IACP,aACE;IACF,QAAQ;EACV,CAAC;EACD,iBAAiB,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,SAAS,EAAE,KAAK;IACjE,OAAO;IACP,aAAa;IACb,QAAQ;EACV,CAAC;EACD,SAAS,EACN,OAAO,EACP;IACC;IACA;EACF,EACC,SAAS,EACT,KAAK;IACJ,OAAO;IACP,aACE;IACF,aAAa;EACf,CAAC;EACH,YAAY,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,EAAE,KAAK;IAC5C,OAAO;IACP,aACE;EACJ,CAAC;AACH;AAUO,IAAM,gBAAgB;EAC3B,WAAW,CAAC,QAAgC;AAC1C,UAAM,UAAU,IAAI,YAAY;AAChC,UAAM,YACJ,IAAI,gBAAgB,UAAa,IAAI,oBAAoB;AAC3D,QAAI,IAAI,eAAe,UAAa,CAAC,SAAS;AAC5C,aAAO;IACT;AACA,WAAO,WAAW;EACpB;EACA,SACE;AACJ;;;AGlEO,IAAMA,uBAAsB;AAE5B,IAAMC,sBAAqB,qBAAqBD,oBAAmB;AIAnE,SAASE,YACd,OACA,MACe;AACf,MAAI,UAAU,QAAQ,UAAU,QAAW;AACzC,WAAO;EACT;AACA,MAAI,SAAS,OAAO;AAClB,QAAI,OAAO,UAAU,UAAU;AAC7B,aAAO;IACT;AACA,UAAM,KAAK,IAAI,KAAK,KAAK,EAAE,QAAQ;AACnC,WAAO,OAAO,SAAS,EAAE,IAAI,KAAK;EACpC;AACA,MAAI,OAAO,UAAU,YAAY,MAAM,KAAK,MAAM,IAAI;AACpD,WAAO;EACT;AACA,QAAM,IAAI,OAAO,UAAU,WAAW,QAAQ,OAAO,KAAK;AAC1D,MAAI,CAAC,OAAO,SAAS,CAAC,GAAG;AACvB,WAAO;EACT;AACA,QAAM,SAAS,SAAS,MAAM,IAAI,MAAO;AACzC,SAAO,OAAO,SAAS,MAAM,IAAI,SAAS;AAC5C;;;AGjBA;AAAA,EASE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,KAAAC,UAAS;AAElB,IAAM,oBAAoBA,GAAE,OAAO;AAAA,EACjC,IAAIA,GACD,OAAO,EACP;AAAA,IACC;AAAA,IACA;AAAA,EACF;AAAA,EACF,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC3B,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACxB,MAAMA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACtB,eAAeA,GACZ,OAAO,EACP,IAAI,EACJ,IAAI,EAAE,EACN,OAAO,CAAC,MAAM,IAAI,OAAO,GAAG;AAAA,IAC3B,SAAS;AAAA,EACX,CAAC;AAAA,EACH,YAAYA,GAAE,OAAOA,GAAE,OAAO,GAAGA,GAAE,OAAO,CAAC,EAAE,SAAS;AACxD,CAAC;AAEM,IAAM,eAAe;AAAA,EAC1BA,GACG,OAAO;AAAA,IACN,GAAG;AAAA,IACH,eAAeA,GAAE,MAAM,iBAAiB,EAAE,SAAS,EAAE,KAAK;AAAA,MACxD,OAAO;AAAA,MACP,aACE;AAAA,IACJ,CAAC;AAAA,IACD,iBAAiBA,GAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,KAAM,EAAE,SAAS,EAAE,KAAK;AAAA,MACvE,OAAO;AAAA,MACP,aACE;AAAA,MACF,aAAa;AAAA,IACf,CAAC;AAAA,EACH,CAAC,EACA,OAAO,cAAc,WAAW,EAAE,SAAS,cAAc,QAAQ,CAAC,EAClE;AAAA,IACC,CAAC,QACC,IAAI,IAAI,IAAI,cAAc,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,SAC5C,IAAI,cAAc;AAAA,IACpB;AAAA,MACE,MAAM,CAAC,eAAe;AAAA,MACtB,SAAS;AAAA,IACX;AAAA,EACF;AACJ;AAEO,IAAM,MAAoB,mBAAmB;AAAA,EAClD,aAAa;AAAA,EACb,UAAU;AAAA,EACV,YAAY;AAAA,EACZ,SACE;AAAA,EACF,WACE;AAAA,EACF,QAAQ;AAAA,IACN,MAAM;AAAA,IACN,SACE;AAAA,IACF,SAAS;AAAA,EACX;AAAA,EACA,MAAM;AAAA,IACJ,SACE;AAAA,IACF,OAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EACA,aAAa;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF,CAAC;AAgBD,IAAM,2BAA2BA,GAAE,OAAO;AAAA,EACxC,mBAAmBA,GAAE;AAAA,IACnBA,GAAE,OAAO;AAAA,MACP,IAAIA,GAAE,OAAO;AAAA,MACb,OAAOA,GAAE,OAAO;AAAA,MAChB,YAAYA,GAAE,MAAMA,GAAE,IAAI,SAAS,CAAC;AAAA,MACpC,QAAQA,GAAE,MAAMA,GAAE,OAAO,CAAC;AAAA,MAC1B,YAAYA,GAAE,KAAK;AAAA,QACjB;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AAAA,EACA,WAAWA,GAAE,OAAO,EAAE,SAAS;AACjC,CAAC;AAED,IAAM,yBAAyB,gBAAgB;AAAA,EAC7C,wBAAwB;AAAA,IACtB,OAAO;AAAA,IACP,SAAS;AAAA,IACT,aACE;AAAA,IACF,UAAU;AAAA,IACV,aAAa;AAAA,IACb,OACE;AAAA,IACF,YAAY;AAAA,MACV;AAAA,QACE,MAAM;AAAA,QACN,aACE;AAAA,MACJ;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,aAAa;AAAA,MACf;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,aACE;AAAA,MACJ;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,aACE;AAAA,MACJ;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,aACE;AAAA,MACJ;AAAA,IACF;AAAA,IACA,WAAW,EAAE,aAAa,yBAAyB;AAAA,EACrD;AACF,CAAC;AAED,IAAM,qBAAqB;AAC3B,IAAM,yBAAyB;AAC/B,IAAM,uBAAuB;AAC7B,IAAM,2BAA2B;AACjC,IAAM,gBAAgB;AAEf,IAAM,sBAAN,MAAM,6BAA4B,iBAAqC;AAAA,EAC5E,OAAgB,KAAK;AAAA,EAErB,OAAgB,YAAY;AAAA,EAE5B,OAAgB,UAAU,qBAAqB,sBAAsB;AAAA,EAErE,OAAgB,OAAsB;AAAA,IACpC,SACE;AAAA,EACJ;AAAA,EAEA,OAAO,OAAO,OAAgB,KAA6C;AACzE,UAAM,SAAS,aAAa,MAAM,KAAK;AACvC,WAAO,IAAI;AAAA,MACT;AAAA,QACE,QAAQ,OAAO;AAAA,QACf,SAAS,OAAO;AAAA,QAChB,YAAY,OAAO;AAAA,QACnB,eAAe,OAAO;AAAA,QACtB,iBAAiB,OAAO;AAAA,MAC1B;AAAA,MACA;AAAA,QACE,aAAa,OAAO;AAAA,QACpB,iBAAiB,OAAO;AAAA,MAC1B;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAES,KAAK;AAAA,EAEN,cAAc,SAGpB;AACA,UAAM,QAAQ,KAAK,IAAI;AACvB,QAAI,QAAQ,OAAO;AACjB,YAAM,UAAUC,YAAW,QAAQ,OAAO,KAAK;AAC/C,UAAI,YAAY,MAAM;AACpB,eAAO,EAAE,SAAS,KAAK,IAAI,SAAS,KAAK,GAAG,MAAM;AAAA,MACpD;AAAA,IACF;AACA,QAAI,QAAQ,SAAS,UAAU;AAC7B,YAAM,YAAY,KAAK;AAAA,QACrB,GAAG,KAAK,SAAS,cAAc,IAAI,CAAC,MAAM,EAAE,aAAa;AAAA,QACzD;AAAA,MACF;AACA,aAAO,EAAE,SAAS,QAAQ,YAAY,IAAI,KAAM,MAAM;AAAA,IACxD;AACA,UAAM,WAAW,KAAK,SAAS,mBAAmB;AAClD,WAAO,EAAE,SAAS,QAAQ,WAAW,eAAe,MAAM;AAAA,EAC5D;AAAA,EAEQ,uBACN,SACA,SACA,OACA,WACQ;AACR,UAAM,SAAS,IAAI,gBAAgB;AACnC,WAAO,IAAI,UAAU,eAAe;AACpC,WAAO,IAAI,WAAW,sBAAsB;AAC5C,WAAO,IAAI,aAAa,IAAI,KAAK,OAAO,EAAE,YAAY,CAAC;AACvD,WAAO,IAAI,WAAW,IAAI,KAAK,KAAK,EAAE,YAAY,CAAC;AACnD,WAAO,IAAI,UAAU,oBAAoB;AACzC,QAAI,cAAc,QAAW;AAC3B,aAAO,IAAI,aAAa,SAAS;AAAA,IACnC;AAEA,YAAQ,QAAQ,CAAC,OAAO,UAAU;AAChC,YAAM,SAAS,4BAA4B,QAAQ,CAAC;AACpD,aAAO,IAAI,GAAG,MAAM,OAAO,MAAM,EAAE;AACnC,aAAO,IAAI,GAAG,MAAM,eAAe,MAAM;AACzC,aAAO,IAAI,GAAG,MAAM,gCAAgC,MAAM,SAAS;AACnE,aAAO,IAAI,GAAG,MAAM,iCAAiC,MAAM,MAAM;AACjE,aAAO,IAAI,GAAG,MAAM,sBAAsB,OAAO,MAAM,aAAa,CAAC;AACrE,aAAO,IAAI,GAAG,MAAM,oBAAoB,MAAM,IAAI;AAClD,YAAM,aAAa,OAAO,QAAQ,MAAM,cAAc,CAAC,CAAC;AACxD,iBAAW,QAAQ,CAAC,CAAC,MAAM,KAAK,GAAG,aAAa;AAC9C,cAAM,YAAY,GAAG,MAAM,wCAAwC,WAAW,CAAC;AAC/E,eAAO,IAAI,GAAG,SAAS,SAAS,IAAI;AACpC,eAAO,IAAI,GAAG,SAAS,UAAU,KAAK;AAAA,MACxC,CAAC;AAAA,IACH,CAAC;AAED,WAAO,OAAO,SAAS;AAAA,EACzB;AAAA,EAEA,MAAM,KACJ,SACA,SACA,QACqB;AACrB,UAAM,UAAU,KAAK,SAAS;AAC9B,UAAM,QAAQ,IAAI,IAAI,QAAQ,IAAI,CAAC,MAAM,GAAG,EAAE,SAAS,IAAI,EAAE,MAAM,EAAE,CAAC;AAEtE,QAAI,QAAQ,WAAW,GAAG;AACxB,aAAO,EAAE,MAAM,KAAK;AAAA,IACtB;AAEA,UAAM,cAAc,IAAI,IAAI,QAAQ,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;AACzD,UAAM,EAAE,SAAS,MAAM,IAAI,KAAK,cAAc,OAAO;AAErD,UAAM,UAA0B,CAAC;AACjC,UAAM,OAAO,GAAG,kBAAkB,IAAI,KAAK,SAAS,MAAM;AAE1D,aAAS,IAAI,GAAG,IAAI,QAAQ,QAAQ,KAAK,sBAAsB;AAC7D,YAAM,QAAQ,QAAQ,MAAM,GAAG,IAAI,oBAAoB;AACvD,UAAI;AACJ,UAAI,OAAO;AACX,SAAG;AACD,YAAI,QAAQ,SAAS;AACnB,iBAAO,EAAE,MAAM,MAAM;AAAA,QACvB;AACA,cAAM,OAAO,KAAK;AAAA,UAChB;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AACA,cAAM,qBAAqB,MAAM,KAAK,0BAA0B,MAAM;AACtE,cAAM,MAAM,MAAM,KAAK,WAAW;AAAA,UAChC;AAAA,UACA,SAAS;AAAA,UACT;AAAA,UACA;AAAA,UACA,UAAU;AAAA,UACV;AAAA,QACF,CAAC;AACD,cAAM,SAAS,mBAAmB,GAAG;AACrC,mBAAW,UAAU,OAAO,SAAS;AACnC,gBAAM,QAAQ,YAAY,IAAI,OAAO,EAAE;AACvC,cAAI,UAAU,QAAW;AACvB;AAAA,UACF;AACA,eAAK,eAAe,SAAS,OAAO,MAAM;AAAA,QAC5C;AACA,oBAAY,OAAO,aAAa;AAChC,gBAAQ;AACR,aAAK,OAAO,KAAK,gBAAgB;AAAA,UAC/B,UAAU;AAAA,UACV;AAAA,UACA,OAAO,OAAO,QAAQ;AAAA,UACtB,MAAM,aAAa;AAAA,QACrB,CAAC;AAAA,MACH,SAAS,cAAc;AAAA,IACzB;AAEA,UAAM,QAAQ,QAAQ,SAAS,EAAE,OAAO,CAAC,GAAG,KAAK,EAAE,CAAC;AACpD,SAAK,OAAO,KAAK,iBAAiB;AAAA,MAChC,UAAU;AAAA,MACV,OAAO,QAAQ;AAAA,IACjB,CAAC;AACD,WAAO,EAAE,MAAM,KAAK;AAAA,EACtB;AAAA,EAEQ,eACN,SACA,OACA,QAMM;AACN,UAAM,OAAO,GAAG,MAAM,SAAS,IAAI,MAAM,MAAM;AAC/C,UAAM,iBAA4C;AAAA,MAChD,GAAI,MAAM,cAAc,CAAC;AAAA,MACzB,MAAM,MAAM;AAAA,MACZ,QAAQ,MAAM;AAAA,MACd,SAAS,MAAM;AAAA,MACf,YAAY,OAAO;AAAA,MACnB,OAAO,OAAO;AAAA,IAChB;AACA,UAAM,QAAQ,KAAK,IAAI,OAAO,WAAW,QAAQ,OAAO,OAAO,MAAM;AACrE,aAAS,IAAI,GAAG,IAAI,OAAO,KAAK;AAC9B,YAAM,KAAKA,YAAW,OAAO,WAAW,CAAC,GAAI,KAAK;AAClD,YAAM,QAAQ,OAAO,OAAO,CAAC;AAC7B,UAAI,OAAO,QAAQ,CAAC,OAAO,SAAS,KAAK,GAAG;AAC1C;AAAA,MACF;AACA,cAAQ,KAAK,EAAE,MAAM,IAAI,OAAO,YAAY,EAAE,GAAG,eAAe,EAAE,CAAC;AAAA,IACrE;AAAA,EACF;AACF;;;AC1WA,IAAO,gBAAQ;","names":["HTTP_CLIENT_VERSION","DEFAULT_USER_AGENT","parseEpoch","z","parseEpoch"]}
|
|
1
|
+
{"version":3,"sources":["../../aws-shared/src/sigv4.ts","../../aws-shared/src/xml.ts","../../../connector-shared/src/errors.ts","../../../connector-shared/src/retry.ts","../../../connector-shared/src/version.ts","../../../connector-shared/src/request.ts","../../../connector-shared/src/rate-limit.ts","../../../connector-shared/src/sanitize.ts","../../../connector-shared/src/epoch.ts","../../../connector-shared/src/pagination.ts","../../../connector-shared/src/logger.ts","../../aws-shared/src/base-aws-connector.ts","../../aws-shared/src/config.ts","../../../connector-shared/src/errors.ts","../../../connector-shared/src/retry.ts","../../../connector-shared/src/version.ts","../../../connector-shared/src/request.ts","../../../connector-shared/src/rate-limit.ts","../../../connector-shared/src/sanitize.ts","../../../connector-shared/src/epoch.ts","../../../connector-shared/src/pagination.ts","../../../connector-shared/src/logger.ts","../src/aws-cloudwatch.ts","../src/index.ts"],"sourcesContent":["// AWS Signature Version 4 signing, implemented against the Web Crypto API so\n// the connector carries no AWS SDK dependency. See\n// https://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html.\n\nconst encoder = new TextEncoder();\n\nconst ALGORITHM = 'AWS4-HMAC-SHA256';\n\n// Encode to a fresh ArrayBuffer-backed view so the result is a valid\n// `BufferSource` for the Web Crypto APIs under TypeScript's generic typing.\nfunction u8(data: string): Uint8Array<ArrayBuffer> {\n return new Uint8Array(encoder.encode(data));\n}\n\nfunction toHex(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer);\n let hex = '';\n for (let i = 0; i < bytes.length; i++) {\n hex += bytes[i]!.toString(16).padStart(2, '0');\n }\n return hex;\n}\n\nexport async function sha256Hex(data: string): Promise<string> {\n const digest = await globalThis.crypto.subtle.digest('SHA-256', u8(data));\n return toHex(digest);\n}\n\nasync function hmac(key: BufferSource, data: string): Promise<ArrayBuffer> {\n const cryptoKey = await globalThis.crypto.subtle.importKey(\n 'raw',\n key,\n { name: 'HMAC', hash: 'SHA-256' },\n false,\n ['sign'],\n );\n return globalThis.crypto.subtle.sign('HMAC', cryptoKey, u8(data));\n}\n\nasync function deriveSigningKey(\n secretAccessKey: string,\n dateStamp: string,\n region: string,\n service: string,\n): Promise<ArrayBuffer> {\n const kDate = await hmac(u8(`AWS4${secretAccessKey}`), dateStamp);\n const kRegion = await hmac(kDate, region);\n const kService = await hmac(kRegion, service);\n return hmac(kService, 'aws4_request');\n}\n\nexport interface AmzDate {\n amzDate: string;\n dateStamp: string;\n}\n\n// \"2015-08-30T12:36:00.000Z\" -> { amzDate: \"20150830T123600Z\", dateStamp: \"20150830\" }\nexport function formatAmzDate(date: Date): AmzDate {\n const amzDate = date.toISOString().replace(/[:-]|\\.\\d{3}/g, '');\n return { amzDate, dateStamp: amzDate.slice(0, 8) };\n}\n\nexport interface SignParams {\n method: string;\n host: string;\n path: string;\n query: string;\n headers: Record<string, string>;\n payloadHash: string;\n accessKeyId: string;\n secretAccessKey: string;\n region: string;\n service: string;\n amzDate: string;\n dateStamp: string;\n}\n\n// Returns the value for the `Authorization` header. The `headers` map must\n// contain every header that is part of the signature (at minimum `host` and\n// `x-amz-date`); extra unsigned headers sent on the wire are allowed.\nexport async function createAuthorizationHeader(\n params: SignParams,\n): Promise<string> {\n const lowerHeaders: Record<string, string> = {};\n for (const [key, value] of Object.entries(params.headers)) {\n lowerHeaders[key.toLowerCase()] = value.trim().replace(/\\s+/g, ' ');\n }\n const sortedNames = Object.keys(lowerHeaders).sort();\n\n const canonicalHeaders = sortedNames\n .map((name) => `${name}:${lowerHeaders[name]}\\n`)\n .join('');\n const signedHeaders = sortedNames.join(';');\n\n const canonicalRequest = [\n params.method,\n params.path,\n params.query,\n canonicalHeaders,\n signedHeaders,\n params.payloadHash,\n ].join('\\n');\n\n const credentialScope = `${params.dateStamp}/${params.region}/${params.service}/aws4_request`;\n const stringToSign = [\n ALGORITHM,\n params.amzDate,\n credentialScope,\n await sha256Hex(canonicalRequest),\n ].join('\\n');\n\n const signingKey = await deriveSigningKey(\n params.secretAccessKey,\n params.dateStamp,\n params.region,\n params.service,\n );\n const signature = toHex(await hmac(signingKey, stringToSign));\n\n return (\n `${ALGORITHM} Credential=${params.accessKeyId}/${credentialScope}, ` +\n `SignedHeaders=${signedHeaders}, Signature=${signature}`\n );\n}\n","// Minimal parser for the handful of AWS Query-protocol (XML) responses this\n// connector consumes: GetMetricData, STS AssumeRole, and error envelopes. It\n// is deliberately narrow — it understands the specific element nesting these\n// responses use rather than being a general-purpose XML parser.\n\nfunction decodeEntities(value: string): string {\n return value\n .replace(/</g, '<')\n .replace(/>/g, '>')\n .replace(/"/g, '\"')\n .replace(/'/g, \"'\")\n .replace(/'/g, \"'\")\n .replace(/&/g, '&');\n}\n\n// Inner text of the first `<tag>...</tag>` in `xml`. Returns '' for a\n// self-closing `<tag/>`, and null when the tag is absent. Tags that contain\n// repeated `<member>` children (Timestamps, Values, MetricDataResults) do not\n// nest within themselves, so the first matching close tag is the correct one.\nexport function firstInner(xml: string, tag: string): string | null {\n const escapedTag = tag.replace(/[.*+?^${}()|[\\]\\\\]/g, '\\\\$&');\n const open = new RegExp(`<${escapedTag}(?:\\\\s[^>]*)?>`).exec(xml);\n if (!open) {\n return new RegExp(`<${escapedTag}\\\\s*/>`).test(xml) ? '' : null;\n }\n const start = open.index + open[0].length;\n const closeIdx = xml.indexOf(`</${tag}>`, start);\n if (closeIdx === -1) {\n return null;\n }\n return xml.slice(start, closeIdx);\n}\n\nexport function firstText(xml: string, tag: string): string | null {\n const inner = firstInner(xml, tag);\n return inner === null ? null : decodeEntities(inner).trim();\n}\n\n// Inner content of each top-level `<member>...</member>`, tracking nesting so\n// that a result member's nested Timestamps/Values members are not mistaken for\n// top-level entries.\nexport function topLevelMembers(xml: string): string[] {\n const results: string[] = [];\n const re = /<member(?:\\s[^>]*)?>|<\\/member>/g;\n let depth = 0;\n let contentStart = -1;\n let match: RegExpExecArray | null;\n while ((match = re.exec(xml)) !== null) {\n if (match[0].startsWith('</')) {\n depth--;\n if (depth === 0 && contentStart !== -1) {\n results.push(xml.slice(contentStart, match.index));\n contentStart = -1;\n }\n } else {\n if (depth === 0) {\n contentStart = match.index + match[0].length;\n }\n depth++;\n }\n }\n return results;\n}\n\nexport interface MetricDataResult {\n id: string;\n label: string;\n statusCode: string;\n timestamps: string[];\n values: number[];\n}\n\nexport interface GetMetricDataParsed {\n results: MetricDataResult[];\n nextToken: string | null;\n}\n\nexport function parseGetMetricData(xml: string): GetMetricDataParsed {\n const resultsBlock = firstInner(xml, 'MetricDataResults') ?? '';\n const results = topLevelMembers(resultsBlock).map((member) => {\n const tsBlock = firstInner(member, 'Timestamps') ?? '';\n const valBlock = firstInner(member, 'Values') ?? '';\n return {\n id: firstText(member, 'Id') ?? '',\n label: firstText(member, 'Label') ?? '',\n statusCode: firstText(member, 'StatusCode') ?? '',\n timestamps: topLevelMembers(tsBlock).map((t) => decodeEntities(t).trim()),\n values: topLevelMembers(valBlock).map((v) =>\n Number(decodeEntities(v).trim()),\n ),\n };\n });\n const nextToken = firstText(xml, 'NextToken');\n return { results, nextToken: nextToken === '' ? null : nextToken };\n}\n\nexport interface StsCredentials {\n accessKeyId: string;\n secretAccessKey: string;\n sessionToken: string;\n expiration: string;\n}\n\nexport function parseAssumeRole(xml: string): StsCredentials | null {\n const credBlock = firstInner(xml, 'Credentials');\n if (credBlock === null) {\n return null;\n }\n const accessKeyId = firstText(credBlock, 'AccessKeyId') ?? '';\n const secretAccessKey = firstText(credBlock, 'SecretAccessKey') ?? '';\n if (accessKeyId === '' || secretAccessKey === '') {\n return null;\n }\n return {\n accessKeyId,\n secretAccessKey,\n sessionToken: firstText(credBlock, 'SessionToken') ?? '',\n expiration: firstText(credBlock, 'Expiration') ?? '',\n };\n}\n\n// AWS Query-protocol error envelopes carry the machine-readable error code in\n// an `<Error><Code>...</Code></Error>` element.\nexport function parseErrorCode(xml: string): string | null {\n return firstText(xml, 'Code');\n}\n","import type { HttpResponse } from './types';\n\nexport type HttpErrorKind =\n | 'transient'\n | 'rate_limit'\n | 'auth'\n | 'upstream_bug'\n | 'client_bug';\n\nexport abstract class HttpClientError extends Error {\n abstract readonly kind: HttpErrorKind;\n readonly response?: HttpResponse;\n\n constructor(message: string, response?: HttpResponse) {\n super(message);\n this.name = new.target.name;\n this.response = response;\n }\n}\n\nexport class TransientError extends HttpClientError {\n readonly kind = 'transient' as const;\n}\n\nexport class RateLimitError extends HttpClientError {\n readonly kind = 'rate_limit' as const;\n readonly retryAfter?: Date;\n\n constructor(message: string, response?: HttpResponse, retryAfter?: Date) {\n super(message, response);\n this.retryAfter = retryAfter;\n }\n}\n\nexport class AuthError extends HttpClientError {\n readonly kind = 'auth' as const;\n}\n\nexport class UpstreamBugError extends HttpClientError {\n readonly kind = 'upstream_bug' as const;\n}\n\nexport class ClientBugError extends HttpClientError {\n readonly kind = 'client_bug' as const;\n}\n\nexport function classifyStatus(status: number): HttpErrorKind {\n if (status === 429) {\n return 'rate_limit';\n }\n if (status === 401 || status === 403) {\n return 'auth';\n }\n if (status === 408) {\n return 'transient';\n }\n if (status >= 500) {\n return 'upstream_bug';\n }\n if (status >= 400) {\n return 'client_bug';\n }\n return 'client_bug';\n}\n\nexport function errorForStatus(\n message: string,\n response: HttpResponse,\n retryAfter?: Date,\n): HttpClientError {\n const kind = classifyStatus(response.status);\n switch (kind) {\n case 'rate_limit':\n return new RateLimitError(message, response, retryAfter);\n case 'auth':\n return new AuthError(message, response);\n case 'transient':\n return new TransientError(message, response);\n case 'upstream_bug':\n return new UpstreamBugError(message, response);\n case 'client_bug':\n return new ClientBugError(message, response);\n }\n}\n","import { HttpClientError, RateLimitError, TransientError } from './errors';\n\nexport interface RetryPolicy {\n maxAttempts?: number;\n initialDelayMs?: number;\n maxDelayMs?: number;\n retryOn?: (status: number | null, err?: Error) => boolean;\n}\n\nexport const defaultRetryOn = (status: number | null, err?: Error): boolean => {\n if (err instanceof RateLimitError) {\n return true;\n }\n if (err instanceof TransientError) {\n return true;\n }\n if (status === null) {\n return err instanceof Error && !(err instanceof HttpClientError);\n }\n if (status === 408 || status === 429) {\n return true;\n }\n if (status >= 500) {\n return true;\n }\n return false;\n};\n\nexport function backoffDelayMs(\n attempt: number,\n policy: Required<Pick<RetryPolicy, 'initialDelayMs' | 'maxDelayMs'>>,\n): number {\n const base = policy.initialDelayMs * 2 ** attempt;\n const jitter = base * 0.25 * Math.random();\n return Math.min(base + jitter, policy.maxDelayMs);\n}\n\nexport function parseRetryAfter(\n headerValue: string | null,\n now: Date = new Date(),\n): Date | undefined {\n if (!headerValue) {\n return undefined;\n }\n const trimmed = headerValue.trim();\n if (/^\\d+$/.test(trimmed)) {\n return new Date(now.getTime() + Number(trimmed) * 1000);\n }\n const parsed = Date.parse(trimmed);\n if (Number.isNaN(parsed)) {\n return undefined;\n }\n return new Date(parsed);\n}\n\nexport function sleep(ms: number, signal?: AbortSignal): Promise<void> {\n if (signal?.aborted) {\n return Promise.reject(signal.reason ?? new Error('Aborted'));\n }\n return new Promise<void>((resolve, reject) => {\n const onAbort = () => {\n clearTimeout(timer);\n reject(signal!.reason ?? new Error('Aborted'));\n };\n const timer = setTimeout(() => {\n signal?.removeEventListener('abort', onAbort);\n resolve();\n }, ms);\n signal?.addEventListener('abort', onAbort, { once: true });\n });\n}\n","export const HTTP_CLIENT_VERSION = '0.0.0';\n\nexport const DEFAULT_USER_AGENT = `rawdash-connector/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;\n\nexport function connectorUserAgent(connectorId: string): string {\n return `rawdash-connector-${connectorId}/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;\n}\n","import {\n AuthError,\n ClientBugError,\n HttpClientError,\n RateLimitError,\n TransientError,\n UpstreamBugError,\n errorForStatus,\n} from './errors';\nimport { defaultRetryOn, parseRetryAfter, sleep } from './retry';\nimport type { FetchLike, HttpMethod, HttpRequest, HttpResponse } from './types';\nimport { DEFAULT_USER_AGENT } from './version';\n\nconst DEFAULT_TIMEOUT_MS = 10_000;\nconst DEFAULT_MAX_ATTEMPTS = 3;\nconst DEFAULT_INITIAL_DELAY_MS = 1000;\nconst DEFAULT_MAX_DELAY_MS = 60_000;\nconst OBSERVER_TIMEOUT_MS = 250;\n\nexport interface RequestObservation {\n url: string;\n method: HttpMethod;\n status: number;\n resource: string;\n requestId: string;\n body: unknown;\n}\n\nexport type RequestObserver = (\n event: RequestObservation,\n) => void | Promise<void>;\n\nexport interface RequestOptions {\n fetch?: FetchLike;\n observer?: RequestObserver;\n resource: string;\n requestId?: string;\n}\n\nasync function notifyObserver(\n observer: RequestObserver,\n event: RequestObservation,\n): Promise<void> {\n let result: void | Promise<void>;\n try {\n result = observer(event);\n } catch (err) {\n console.warn('[connector-shared] request observer threw:', err);\n return;\n }\n if (!(result instanceof Promise)) {\n return;\n }\n const guarded = result.catch((err) => {\n console.warn('[connector-shared] request observer rejected:', err);\n });\n let timer: ReturnType<typeof setTimeout> | undefined;\n const timeout = new Promise<void>((resolve) => {\n timer = setTimeout(resolve, OBSERVER_TIMEOUT_MS);\n });\n try {\n await Promise.race([guarded, timeout]);\n } finally {\n if (timer) {\n clearTimeout(timer);\n }\n }\n}\n\nfunction newRequestId(): string {\n const c = (globalThis as { crypto?: { randomUUID?: () => string } }).crypto;\n if (c?.randomUUID) {\n return c.randomUUID();\n }\n return `${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 10)}`;\n}\n\nfunction mergeHeaders(\n defaults: Record<string, string>,\n overrides: Record<string, string> | undefined,\n): Record<string, string> {\n const merged: Record<string, string> = {};\n for (const [k, v] of Object.entries(defaults)) {\n merged[k.toLowerCase()] = v;\n }\n if (overrides) {\n for (const [k, v] of Object.entries(overrides)) {\n merged[k.toLowerCase()] = v;\n }\n }\n return merged;\n}\n\nfunction linkTimeoutSignal(\n parent: AbortSignal | undefined,\n timeoutMs: number,\n): { signal: AbortSignal; cancel: () => void } {\n const controller = new AbortController();\n const onParentAbort = () => {\n controller.abort(parent?.reason);\n };\n if (parent) {\n if (parent.aborted) {\n controller.abort(parent.reason);\n } else {\n parent.addEventListener('abort', onParentAbort, { once: true });\n }\n }\n const timer = setTimeout(() => {\n controller.abort(new Error(`Request timed out after ${timeoutMs}ms`));\n }, timeoutMs);\n return {\n signal: controller.signal,\n cancel: () => {\n clearTimeout(timer);\n if (parent) {\n parent.removeEventListener('abort', onParentAbort);\n }\n },\n };\n}\n\nasync function readBody(res: Response, parseJson: boolean): Promise<unknown> {\n if (res.status === 204 || res.status === 205) {\n return null;\n }\n const contentType = res.headers.get('content-type') ?? '';\n if (parseJson && contentType.includes('application/json')) {\n const text = await res.text();\n if (text.length === 0) {\n return null;\n }\n return JSON.parse(text);\n }\n return res.text();\n}\n\nexport async function request<T = unknown>(\n req: HttpRequest,\n options: RequestOptions,\n): Promise<HttpResponse<T>> {\n const fetchImpl: FetchLike = options.fetch ?? (globalThis.fetch as FetchLike);\n const retry = req.retry ?? {};\n const maxAttempts = retry.maxAttempts ?? DEFAULT_MAX_ATTEMPTS;\n const initialDelayMs = retry.initialDelayMs ?? DEFAULT_INITIAL_DELAY_MS;\n const maxDelayMs = retry.maxDelayMs ?? DEFAULT_MAX_DELAY_MS;\n const retryOn = retry.retryOn ?? defaultRetryOn;\n const timeoutMs = req.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n const parseJson = req.parseJson ?? true;\n\n const headers = mergeHeaders(\n {\n 'User-Agent': DEFAULT_USER_AGENT,\n Accept: 'application/json',\n },\n req.headers,\n );\n\n let lastErr: Error | undefined;\n\n for (let attempt = 0; attempt < maxAttempts; attempt++) {\n req.signal?.throwIfAborted();\n\n const { signal, cancel } = linkTimeoutSignal(req.signal, timeoutMs);\n let res: Response;\n try {\n res = await fetchImpl(req.url, {\n method: req.method ?? 'GET',\n headers,\n body: req.body as RequestInit['body'],\n signal,\n });\n } catch (err) {\n cancel();\n if (req.signal?.aborted) {\n throw req.signal.reason ?? err;\n }\n const error = err instanceof Error ? err : new Error(String(err));\n lastErr = error;\n if (attempt < maxAttempts - 1 && retryOn(null, error)) {\n const delay = computeDelay(attempt, initialDelayMs, maxDelayMs);\n await sleep(delay, req.signal);\n continue;\n }\n throw new TransientError(error.message);\n }\n cancel();\n\n const body = await readBody(res, parseJson);\n const httpResponse: HttpResponse<T> = {\n status: res.status,\n headers: res.headers,\n body: body as T,\n };\n if (req.rateLimit) {\n const state = req.rateLimit.parse(res.headers);\n if (state) {\n httpResponse.rateLimitState = state;\n }\n }\n\n if (options.observer) {\n await notifyObserver(options.observer, {\n url: req.url,\n method: req.method ?? 'GET',\n status: res.status,\n resource: options.resource,\n requestId: options.requestId ?? newRequestId(),\n body,\n });\n }\n\n if (res.ok) {\n return httpResponse;\n }\n\n const retryAfter = parseRetryAfter(res.headers.get('retry-after'));\n const message = `HTTP ${res.status} ${res.statusText} for ${req.method ?? 'GET'} ${req.url}`;\n const err = errorForStatus(message, httpResponse, retryAfter);\n\n if (\n attempt < maxAttempts - 1 &&\n retryOn(res.status, err) &&\n !(err instanceof AuthError) &&\n !(err instanceof ClientBugError)\n ) {\n lastErr = err;\n let delay = computeDelay(attempt, initialDelayMs, maxDelayMs);\n if (err instanceof RateLimitError && retryAfter) {\n const wait = retryAfter.getTime() - Date.now();\n if (wait > 0) {\n delay = Math.min(wait, maxDelayMs);\n }\n }\n await sleep(delay, req.signal);\n continue;\n }\n\n throw err;\n }\n\n throw lastErr ?? new UpstreamBugError('Exhausted retry attempts');\n}\n\nfunction computeDelay(\n attempt: number,\n initialDelayMs: number,\n maxDelayMs: number,\n): number {\n const base = initialDelayMs * 2 ** attempt;\n const jitter = base * 0.25 * Math.random();\n return Math.min(base + jitter, maxDelayMs);\n}\n\nexport { HttpClientError };\n","export interface RateLimitState {\n remaining: number;\n resetAt: Date;\n}\n\nexport interface RateLimitPolicy {\n parse(headers: Headers): RateLimitState | null;\n}\n\nexport interface StandardRateLimitPolicyConfig {\n remainingHeader: string;\n resetHeader: string;\n resetUnit: 's' | 'ms';\n resetFallbackMs?: number;\n}\n\nexport function standardRateLimitPolicy(\n config: StandardRateLimitPolicyConfig,\n): RateLimitPolicy {\n const { remainingHeader, resetHeader, resetUnit, resetFallbackMs } = config;\n const multiplier = resetUnit === 's' ? 1000 : 1;\n return {\n parse(h) {\n const remainingRaw = h.get(remainingHeader);\n if (remainingRaw === null || remainingRaw.trim() === '') {\n return null;\n }\n const remaining = Number(remainingRaw);\n if (!Number.isFinite(remaining)) {\n return null;\n }\n const resetRaw = h.get(resetHeader);\n if (resetRaw === null) {\n if (resetFallbackMs === undefined) {\n return null;\n }\n return {\n remaining,\n resetAt: new Date(Date.now() + resetFallbackMs),\n };\n }\n if (resetRaw.trim() === '') {\n return null;\n }\n const reset = Number(resetRaw);\n if (!Number.isFinite(reset) || reset < 0) {\n return null;\n }\n const resetMs = reset * multiplier;\n if (!Number.isFinite(resetMs)) {\n return null;\n }\n return { remaining, resetAt: new Date(resetMs) };\n },\n };\n}\n","export interface SanitizeAllowedUrlOptions {\n url: string | null;\n host: string;\n pathname: string;\n protocol?: 'https:' | 'http:';\n}\n\nexport function sanitizeAllowedUrl(\n options: SanitizeAllowedUrlOptions,\n): string | null {\n const { url, host, pathname, protocol = 'https:' } = options;\n if (url === null) {\n return null;\n }\n try {\n const u = new URL(url);\n if (u.protocol !== protocol || u.host !== host || u.pathname !== pathname) {\n return null;\n }\n return u.toString();\n } catch {\n return null;\n }\n}\n","export type EpochUnit = 'ms' | 's' | 'iso';\n\nexport function parseEpoch(\n value: number | string | null | undefined,\n unit: EpochUnit,\n): number | null {\n if (value === null || value === undefined) {\n return null;\n }\n if (unit === 'iso') {\n if (typeof value !== 'string') {\n return null;\n }\n const ms = new Date(value).getTime();\n return Number.isFinite(ms) ? ms : null;\n }\n if (typeof value === 'string' && value.trim() === '') {\n return null;\n }\n const n = typeof value === 'number' ? value : Number(value);\n if (!Number.isFinite(n)) {\n return null;\n }\n const result = unit === 's' ? n * 1000 : n;\n return Number.isFinite(result) ? result : null;\n}\n","import { request } from './request';\nimport type { HttpRequest } from './types';\n\nexport function parseLinkHeader(header: string | null): Record<string, string> {\n if (!header) {\n return {};\n }\n const result: Record<string, string> = {};\n for (const part of header.split(',')) {\n const match = part.match(/<([^>]+)>\\s*;\\s*rel=\"([^\"]+)\"/);\n if (match) {\n result[match[2]!] = match[1]!;\n }\n }\n return result;\n}\n\nexport async function* paginateLink<T>(\n initial: HttpRequest,\n parse: (body: unknown) => T[],\n options: { resource: string },\n): AsyncIterable<T> {\n let next: string | null = initial.url;\n while (next) {\n const res: Awaited<ReturnType<typeof request>> = await request(\n {\n ...initial,\n url: next,\n },\n { resource: options.resource },\n );\n for (const item of parse(res.body)) {\n yield item;\n }\n const links = parseLinkHeader(res.headers.get('link'));\n next = links['next'] ?? null;\n }\n}\n\nexport async function* paginateCursor<T>(\n initial: HttpRequest,\n parse: (body: unknown) => { items: T[]; nextCursor: string | null },\n buildNext: (req: HttpRequest, cursor: string) => HttpRequest,\n options: { resource: string },\n): AsyncIterable<T> {\n let req: HttpRequest = initial;\n while (true) {\n const res = await request(req, { resource: options.resource });\n const { items, nextCursor } = parse(res.body);\n for (const item of items) {\n yield item;\n }\n if (!nextCursor) {\n return;\n }\n req = buildNext(req, nextCursor);\n }\n}\n\nexport async function* paginatePage<T>(\n initial: HttpRequest,\n parse: (body: unknown) => { items: T[]; hasMore: boolean },\n buildPage: (req: HttpRequest, page: number) => HttpRequest,\n options: { resource: string },\n): AsyncIterable<T> {\n let page = 1;\n while (true) {\n const req = page === 1 ? initial : buildPage(initial, page);\n const res = await request(req, { resource: options.resource });\n const { items, hasMore } = parse(res.body);\n for (const item of items) {\n yield item;\n }\n if (!hasMore || items.length === 0) {\n return;\n }\n page++;\n }\n}\n","export type LogFields = Record<string, unknown>;\n\nexport interface ConnectorLogger {\n info(event: string, fields?: LogFields): void;\n warn(event: string, fields?: LogFields): void;\n}\n\nexport interface ConnectorLoggerOptions {\n scope: string;\n}\n\nconst MAX_VALUE_LEN = 120;\n\nfunction truncate(s: string, max = MAX_VALUE_LEN): string {\n if (s.length <= max) {\n return s;\n }\n return `${s.slice(0, max - 1)}…`;\n}\n\nfunction formatValue(value: unknown): string {\n if (value === null) {\n return 'null';\n }\n if (value === undefined) {\n return '';\n }\n if (typeof value === 'number' || typeof value === 'boolean') {\n return String(value);\n }\n if (typeof value === 'string') {\n const t = truncate(value);\n if (/[\\s\"=]/.test(t)) {\n return JSON.stringify(t);\n }\n return t;\n }\n if (typeof value === 'bigint') {\n return value.toString();\n }\n let json: string | undefined;\n try {\n json = JSON.stringify(value);\n } catch {\n json = undefined;\n }\n return truncate(json ?? String(value));\n}\n\nexport function formatLogFields(fields?: LogFields): string {\n if (!fields) {\n return '';\n }\n const parts: string[] = [];\n for (const [k, v] of Object.entries(fields)) {\n if (v === undefined) {\n continue;\n }\n parts.push(`${k}=${formatValue(v)}`);\n }\n return parts.length > 0 ? ` ${parts.join(' ')}` : '';\n}\n\nexport function formatLogLine(\n scope: string,\n event: string,\n fields?: LogFields,\n): string {\n return `[${scope}] ${event}${formatLogFields(fields)}`;\n}\n\nexport function createDefaultConnectorLogger(\n opts: ConnectorLoggerOptions,\n): ConnectorLogger {\n return {\n info(event, fields) {\n console.info(formatLogLine(opts.scope, event, fields));\n },\n warn(event, fields) {\n console.warn(formatLogLine(opts.scope, event, fields));\n },\n };\n}\n\nconst NOOP_LOGGER: ConnectorLogger = {\n info() {},\n warn() {},\n};\n\nexport function noopConnectorLogger(): ConnectorLogger {\n return NOOP_LOGGER;\n}\n","import {\n AuthError,\n type HttpClientError,\n type HttpResponse,\n RateLimitError,\n TransientError,\n connectorUserAgent,\n parseEpoch,\n} from '@rawdash/connector-shared';\nimport { BaseConnector, type CredentialsSchema } from '@rawdash/core';\n\nimport { createAuthorizationHeader, formatAmzDate, sha256Hex } from './sigv4';\nimport { type StsCredentials, parseAssumeRole, parseErrorCode } from './xml';\n\nexport interface BaseAWSSettings {\n region: string;\n roleArn?: string;\n externalId?: string;\n}\n\nexport const awsCredentialsSchema = {\n accessKeyId: {\n description: 'AWS access key ID',\n auth: 'optional' as const,\n },\n secretAccessKey: {\n description: 'AWS secret access key',\n auth: 'optional' as const,\n },\n} satisfies CredentialsSchema;\n\nexport type AwsCredentials = typeof awsCredentialsSchema;\n\nexport interface SigningCredentials {\n accessKeyId: string;\n secretAccessKey: string;\n sessionToken?: string;\n}\n\nconst STS_SERVICE = 'sts';\nconst STS_API_VERSION = '2011-06-15';\nconst ASSUMED_ROLE_TTL_BUFFER_MS = 60_000;\nconst ASSUME_ROLE_DURATION_SECONDS = 3600;\nconst FORM_CONTENT_TYPE = 'application/x-www-form-urlencoded; charset=utf-8';\n\nfunction readEnv(name: string): string | undefined {\n const env = (\n globalThis as {\n process?: { env?: Record<string, string | undefined> };\n }\n ).process?.env;\n return env?.[name];\n}\n\nexport abstract class BaseAWSConnector<\n TSettings extends BaseAWSSettings,\n> extends BaseConnector<TSettings, AwsCredentials> {\n override readonly credentials = awsCredentialsSchema;\n\n private assumedCreds: {\n value: SigningCredentials;\n expiresAt: number;\n } | null = null;\n\n protected baseCredentials(): SigningCredentials {\n const { accessKeyId, secretAccessKey } = this.creds;\n if (accessKeyId && secretAccessKey) {\n return { accessKeyId, secretAccessKey };\n }\n const envAccessKeyId = readEnv('AWS_ACCESS_KEY_ID');\n const envSecretAccessKey = readEnv('AWS_SECRET_ACCESS_KEY');\n if (envAccessKeyId && envSecretAccessKey) {\n return {\n accessKeyId: envAccessKeyId,\n secretAccessKey: envSecretAccessKey,\n sessionToken: readEnv('AWS_SESSION_TOKEN') || undefined,\n };\n }\n throw new AuthError(\n `${this.id}: no AWS credentials available — provide accessKeyId + secretAccessKey, or set them in the environment for role assumption`,\n );\n }\n\n protected async resolveSigningCredentials(\n signal?: AbortSignal,\n ): Promise<SigningCredentials> {\n if (this.settings.roleArn === undefined) {\n const { accessKeyId, secretAccessKey } = this.creds;\n if (!accessKeyId || !secretAccessKey) {\n throw new AuthError(\n `${this.id}: static-credential auth requires both accessKeyId and secretAccessKey`,\n );\n }\n return { accessKeyId, secretAccessKey };\n }\n\n if (this.assumedCreds && Date.now() < this.assumedCreds.expiresAt) {\n return this.assumedCreds.value;\n }\n return this.assumeRole(this.settings.roleArn, signal);\n }\n\n private async assumeRole(\n roleArn: string,\n signal?: AbortSignal,\n ): Promise<SigningCredentials> {\n const params = new URLSearchParams();\n params.set('Action', 'AssumeRole');\n params.set('Version', STS_API_VERSION);\n params.set('RoleArn', roleArn);\n params.set('RoleSessionName', `rawdash-${this.id}`);\n params.set('DurationSeconds', String(ASSUME_ROLE_DURATION_SECONDS));\n if (this.settings.externalId !== undefined) {\n params.set('ExternalId', this.settings.externalId);\n }\n\n const host = `sts.${this.settings.region}.amazonaws.com`;\n const xml = await this.signedPost({\n host,\n service: STS_SERVICE,\n body: params.toString(),\n signingCredentials: this.baseCredentials(),\n resource: 'assume_role',\n signal,\n });\n\n const parsed = parseAssumeRole(xml);\n if (parsed === null) {\n throw new AuthError(\n `${this.id}: STS AssumeRole returned no usable credentials`,\n );\n }\n this.cacheAssumedCredentials(parsed);\n return {\n accessKeyId: parsed.accessKeyId,\n secretAccessKey: parsed.secretAccessKey,\n sessionToken: parsed.sessionToken || undefined,\n };\n }\n\n private cacheAssumedCredentials(parsed: StsCredentials): void {\n const expirationMs = parseEpoch(parsed.expiration, 'iso');\n const expiresAt =\n expirationMs !== null\n ? expirationMs - ASSUMED_ROLE_TTL_BUFFER_MS\n : Date.now() + (ASSUME_ROLE_DURATION_SECONDS - 60) * 1000;\n this.assumedCreds = {\n value: {\n accessKeyId: parsed.accessKeyId,\n secretAccessKey: parsed.secretAccessKey,\n sessionToken: parsed.sessionToken || undefined,\n },\n expiresAt,\n };\n }\n\n protected async signedPost(args: {\n host: string;\n service: string;\n body: string;\n signingCredentials: SigningCredentials;\n resource: string;\n signal?: AbortSignal;\n }): Promise<string> {\n const { amzDate, dateStamp } = formatAmzDate(new Date());\n const payloadHash = await sha256Hex(args.body);\n\n const signedHeaders: Record<string, string> = {\n host: args.host,\n 'content-type': FORM_CONTENT_TYPE,\n 'x-amz-content-sha256': payloadHash,\n 'x-amz-date': amzDate,\n };\n if (args.signingCredentials.sessionToken !== undefined) {\n signedHeaders['x-amz-security-token'] =\n args.signingCredentials.sessionToken;\n }\n\n const authorization = await createAuthorizationHeader({\n method: 'POST',\n host: args.host,\n path: '/',\n query: '',\n headers: signedHeaders,\n payloadHash,\n accessKeyId: args.signingCredentials.accessKeyId,\n secretAccessKey: args.signingCredentials.secretAccessKey,\n region: this.settings.region,\n service: args.service,\n amzDate,\n dateStamp,\n });\n\n const sendHeaders: Record<string, string> = {\n 'content-type': FORM_CONTENT_TYPE,\n 'x-amz-content-sha256': payloadHash,\n 'x-amz-date': amzDate,\n 'user-agent': connectorUserAgent(this.id),\n Authorization: authorization,\n };\n if (args.signingCredentials.sessionToken !== undefined) {\n sendHeaders['x-amz-security-token'] =\n args.signingCredentials.sessionToken;\n }\n\n try {\n const res: HttpResponse<string> = await this.request<string>(\n {\n url: `https://${args.host}/`,\n method: 'POST',\n headers: sendHeaders,\n body: args.body,\n parseJson: false,\n signal: args.signal,\n },\n { resource: args.resource },\n );\n return res.body;\n } catch (err) {\n throw this.classifyAwsError(err);\n }\n }\n\n protected classifyAwsError(err: unknown): unknown {\n if (!(err instanceof Error) || !('kind' in err)) {\n return err;\n }\n const httpErr = err as HttpClientError;\n const body =\n typeof httpErr.response?.body === 'string' ? httpErr.response.body : '';\n const code = parseErrorCode(body) ?? '';\n const status = httpErr.response?.status ?? 0;\n\n if (\n /throttl|RequestLimitExceeded|TooManyRequests|LimitExceeded/i.test(code)\n ) {\n return new RateLimitError(httpErr.message, httpErr.response);\n }\n if (\n /AccessDenied|UnrecognizedClient|InvalidClientTokenId|SignatureDoesNotMatch|AuthFailure|InvalidAccessKeyId|Forbidden/i.test(\n code,\n )\n ) {\n return new AuthError(httpErr.message, httpErr.response);\n }\n if (status >= 500) {\n return new TransientError(httpErr.message, httpErr.response);\n }\n return err;\n }\n}\n","import { z } from 'zod';\n\nexport const awsAuthConfigShape = {\n region: z\n .string()\n .regex(\n /^[a-z0-9-]+$/,\n 'region must look like an AWS region, e.g. us-east-1',\n )\n .meta({\n label: 'AWS Region',\n description:\n 'The AWS region whose service endpoint you want to call, e.g. us-east-1.',\n placeholder: 'us-east-1',\n }),\n accessKeyId: z.object({ $secret: z.string() }).optional().meta({\n label: 'Access Key ID',\n description:\n 'AWS access key ID for an IAM principal with permission to call the relevant service. Use together with the secret access key for static-credential auth.',\n secret: true,\n }),\n secretAccessKey: z.object({ $secret: z.string() }).optional().meta({\n label: 'Secret Access Key',\n description: 'AWS secret access key paired with the access key ID above.',\n secret: true,\n }),\n roleArn: z\n .string()\n .regex(\n /^arn:aws:iam::\\d{12}:role\\/.+/,\n 'roleArn must be a full IAM role ARN, e.g. arn:aws:iam::123456789012:role/rawdash',\n )\n .optional()\n .meta({\n label: 'Role ARN',\n description:\n 'IAM role to assume via STS instead of using static keys. The base credentials (the access key above, or the ambient AWS environment) must be allowed to sts:AssumeRole this role.',\n placeholder: 'arn:aws:iam::123456789012:role/rawdash',\n }),\n externalId: z.string().min(1).optional().meta({\n label: 'External ID',\n description:\n 'External ID required by the trust policy of the role being assumed. Only used with Role ARN.',\n }),\n} as const;\n\nexport interface AwsAuthConfig {\n region: string;\n accessKeyId?: { $secret: string };\n secretAccessKey?: { $secret: string };\n roleArn?: string;\n externalId?: string;\n}\n\nexport const awsAuthRefine = {\n predicate: (val: AwsAuthConfig): boolean => {\n const hasRole = val.roleArn !== undefined;\n const hasStatic =\n val.accessKeyId !== undefined && val.secretAccessKey !== undefined;\n if (val.externalId !== undefined && !hasRole) {\n return false;\n }\n return hasRole || hasStatic;\n },\n message:\n 'Provide either accessKeyId + secretAccessKey (static credentials) or roleArn (role assumption). externalId requires roleArn.',\n} as const;\n","import type { HttpResponse } from './types';\n\nexport type HttpErrorKind =\n | 'transient'\n | 'rate_limit'\n | 'auth'\n | 'upstream_bug'\n | 'client_bug';\n\nexport abstract class HttpClientError extends Error {\n abstract readonly kind: HttpErrorKind;\n readonly response?: HttpResponse;\n\n constructor(message: string, response?: HttpResponse) {\n super(message);\n this.name = new.target.name;\n this.response = response;\n }\n}\n\nexport class TransientError extends HttpClientError {\n readonly kind = 'transient' as const;\n}\n\nexport class RateLimitError extends HttpClientError {\n readonly kind = 'rate_limit' as const;\n readonly retryAfter?: Date;\n\n constructor(message: string, response?: HttpResponse, retryAfter?: Date) {\n super(message, response);\n this.retryAfter = retryAfter;\n }\n}\n\nexport class AuthError extends HttpClientError {\n readonly kind = 'auth' as const;\n}\n\nexport class UpstreamBugError extends HttpClientError {\n readonly kind = 'upstream_bug' as const;\n}\n\nexport class ClientBugError extends HttpClientError {\n readonly kind = 'client_bug' as const;\n}\n\nexport function classifyStatus(status: number): HttpErrorKind {\n if (status === 429) {\n return 'rate_limit';\n }\n if (status === 401 || status === 403) {\n return 'auth';\n }\n if (status === 408) {\n return 'transient';\n }\n if (status >= 500) {\n return 'upstream_bug';\n }\n if (status >= 400) {\n return 'client_bug';\n }\n return 'client_bug';\n}\n\nexport function errorForStatus(\n message: string,\n response: HttpResponse,\n retryAfter?: Date,\n): HttpClientError {\n const kind = classifyStatus(response.status);\n switch (kind) {\n case 'rate_limit':\n return new RateLimitError(message, response, retryAfter);\n case 'auth':\n return new AuthError(message, response);\n case 'transient':\n return new TransientError(message, response);\n case 'upstream_bug':\n return new UpstreamBugError(message, response);\n case 'client_bug':\n return new ClientBugError(message, response);\n }\n}\n","import { HttpClientError, RateLimitError, TransientError } from './errors';\n\nexport interface RetryPolicy {\n maxAttempts?: number;\n initialDelayMs?: number;\n maxDelayMs?: number;\n retryOn?: (status: number | null, err?: Error) => boolean;\n}\n\nexport const defaultRetryOn = (status: number | null, err?: Error): boolean => {\n if (err instanceof RateLimitError) {\n return true;\n }\n if (err instanceof TransientError) {\n return true;\n }\n if (status === null) {\n return err instanceof Error && !(err instanceof HttpClientError);\n }\n if (status === 408 || status === 429) {\n return true;\n }\n if (status >= 500) {\n return true;\n }\n return false;\n};\n\nexport function backoffDelayMs(\n attempt: number,\n policy: Required<Pick<RetryPolicy, 'initialDelayMs' | 'maxDelayMs'>>,\n): number {\n const base = policy.initialDelayMs * 2 ** attempt;\n const jitter = base * 0.25 * Math.random();\n return Math.min(base + jitter, policy.maxDelayMs);\n}\n\nexport function parseRetryAfter(\n headerValue: string | null,\n now: Date = new Date(),\n): Date | undefined {\n if (!headerValue) {\n return undefined;\n }\n const trimmed = headerValue.trim();\n if (/^\\d+$/.test(trimmed)) {\n return new Date(now.getTime() + Number(trimmed) * 1000);\n }\n const parsed = Date.parse(trimmed);\n if (Number.isNaN(parsed)) {\n return undefined;\n }\n return new Date(parsed);\n}\n\nexport function sleep(ms: number, signal?: AbortSignal): Promise<void> {\n if (signal?.aborted) {\n return Promise.reject(signal.reason ?? new Error('Aborted'));\n }\n return new Promise<void>((resolve, reject) => {\n const onAbort = () => {\n clearTimeout(timer);\n reject(signal!.reason ?? new Error('Aborted'));\n };\n const timer = setTimeout(() => {\n signal?.removeEventListener('abort', onAbort);\n resolve();\n }, ms);\n signal?.addEventListener('abort', onAbort, { once: true });\n });\n}\n","export const HTTP_CLIENT_VERSION = '0.0.0';\n\nexport const DEFAULT_USER_AGENT = `rawdash-connector/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;\n\nexport function connectorUserAgent(connectorId: string): string {\n return `rawdash-connector-${connectorId}/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;\n}\n","import {\n AuthError,\n ClientBugError,\n HttpClientError,\n RateLimitError,\n TransientError,\n UpstreamBugError,\n errorForStatus,\n} from './errors';\nimport { defaultRetryOn, parseRetryAfter, sleep } from './retry';\nimport type { FetchLike, HttpMethod, HttpRequest, HttpResponse } from './types';\nimport { DEFAULT_USER_AGENT } from './version';\n\nconst DEFAULT_TIMEOUT_MS = 10_000;\nconst DEFAULT_MAX_ATTEMPTS = 3;\nconst DEFAULT_INITIAL_DELAY_MS = 1000;\nconst DEFAULT_MAX_DELAY_MS = 60_000;\nconst OBSERVER_TIMEOUT_MS = 250;\n\nexport interface RequestObservation {\n url: string;\n method: HttpMethod;\n status: number;\n resource: string;\n requestId: string;\n body: unknown;\n}\n\nexport type RequestObserver = (\n event: RequestObservation,\n) => void | Promise<void>;\n\nexport interface RequestOptions {\n fetch?: FetchLike;\n observer?: RequestObserver;\n resource: string;\n requestId?: string;\n}\n\nasync function notifyObserver(\n observer: RequestObserver,\n event: RequestObservation,\n): Promise<void> {\n let result: void | Promise<void>;\n try {\n result = observer(event);\n } catch (err) {\n console.warn('[connector-shared] request observer threw:', err);\n return;\n }\n if (!(result instanceof Promise)) {\n return;\n }\n const guarded = result.catch((err) => {\n console.warn('[connector-shared] request observer rejected:', err);\n });\n let timer: ReturnType<typeof setTimeout> | undefined;\n const timeout = new Promise<void>((resolve) => {\n timer = setTimeout(resolve, OBSERVER_TIMEOUT_MS);\n });\n try {\n await Promise.race([guarded, timeout]);\n } finally {\n if (timer) {\n clearTimeout(timer);\n }\n }\n}\n\nfunction newRequestId(): string {\n const c = (globalThis as { crypto?: { randomUUID?: () => string } }).crypto;\n if (c?.randomUUID) {\n return c.randomUUID();\n }\n return `${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 10)}`;\n}\n\nfunction mergeHeaders(\n defaults: Record<string, string>,\n overrides: Record<string, string> | undefined,\n): Record<string, string> {\n const merged: Record<string, string> = {};\n for (const [k, v] of Object.entries(defaults)) {\n merged[k.toLowerCase()] = v;\n }\n if (overrides) {\n for (const [k, v] of Object.entries(overrides)) {\n merged[k.toLowerCase()] = v;\n }\n }\n return merged;\n}\n\nfunction linkTimeoutSignal(\n parent: AbortSignal | undefined,\n timeoutMs: number,\n): { signal: AbortSignal; cancel: () => void } {\n const controller = new AbortController();\n const onParentAbort = () => {\n controller.abort(parent?.reason);\n };\n if (parent) {\n if (parent.aborted) {\n controller.abort(parent.reason);\n } else {\n parent.addEventListener('abort', onParentAbort, { once: true });\n }\n }\n const timer = setTimeout(() => {\n controller.abort(new Error(`Request timed out after ${timeoutMs}ms`));\n }, timeoutMs);\n return {\n signal: controller.signal,\n cancel: () => {\n clearTimeout(timer);\n if (parent) {\n parent.removeEventListener('abort', onParentAbort);\n }\n },\n };\n}\n\nasync function readBody(res: Response, parseJson: boolean): Promise<unknown> {\n if (res.status === 204 || res.status === 205) {\n return null;\n }\n const contentType = res.headers.get('content-type') ?? '';\n if (parseJson && contentType.includes('application/json')) {\n const text = await res.text();\n if (text.length === 0) {\n return null;\n }\n return JSON.parse(text);\n }\n return res.text();\n}\n\nexport async function request<T = unknown>(\n req: HttpRequest,\n options: RequestOptions,\n): Promise<HttpResponse<T>> {\n const fetchImpl: FetchLike = options.fetch ?? (globalThis.fetch as FetchLike);\n const retry = req.retry ?? {};\n const maxAttempts = retry.maxAttempts ?? DEFAULT_MAX_ATTEMPTS;\n const initialDelayMs = retry.initialDelayMs ?? DEFAULT_INITIAL_DELAY_MS;\n const maxDelayMs = retry.maxDelayMs ?? DEFAULT_MAX_DELAY_MS;\n const retryOn = retry.retryOn ?? defaultRetryOn;\n const timeoutMs = req.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n const parseJson = req.parseJson ?? true;\n\n const headers = mergeHeaders(\n {\n 'User-Agent': DEFAULT_USER_AGENT,\n Accept: 'application/json',\n },\n req.headers,\n );\n\n let lastErr: Error | undefined;\n\n for (let attempt = 0; attempt < maxAttempts; attempt++) {\n req.signal?.throwIfAborted();\n\n const { signal, cancel } = linkTimeoutSignal(req.signal, timeoutMs);\n let res: Response;\n try {\n res = await fetchImpl(req.url, {\n method: req.method ?? 'GET',\n headers,\n body: req.body as RequestInit['body'],\n signal,\n });\n } catch (err) {\n cancel();\n if (req.signal?.aborted) {\n throw req.signal.reason ?? err;\n }\n const error = err instanceof Error ? err : new Error(String(err));\n lastErr = error;\n if (attempt < maxAttempts - 1 && retryOn(null, error)) {\n const delay = computeDelay(attempt, initialDelayMs, maxDelayMs);\n await sleep(delay, req.signal);\n continue;\n }\n throw new TransientError(error.message);\n }\n cancel();\n\n const body = await readBody(res, parseJson);\n const httpResponse: HttpResponse<T> = {\n status: res.status,\n headers: res.headers,\n body: body as T,\n };\n if (req.rateLimit) {\n const state = req.rateLimit.parse(res.headers);\n if (state) {\n httpResponse.rateLimitState = state;\n }\n }\n\n if (options.observer) {\n await notifyObserver(options.observer, {\n url: req.url,\n method: req.method ?? 'GET',\n status: res.status,\n resource: options.resource,\n requestId: options.requestId ?? newRequestId(),\n body,\n });\n }\n\n if (res.ok) {\n return httpResponse;\n }\n\n const retryAfter = parseRetryAfter(res.headers.get('retry-after'));\n const message = `HTTP ${res.status} ${res.statusText} for ${req.method ?? 'GET'} ${req.url}`;\n const err = errorForStatus(message, httpResponse, retryAfter);\n\n if (\n attempt < maxAttempts - 1 &&\n retryOn(res.status, err) &&\n !(err instanceof AuthError) &&\n !(err instanceof ClientBugError)\n ) {\n lastErr = err;\n let delay = computeDelay(attempt, initialDelayMs, maxDelayMs);\n if (err instanceof RateLimitError && retryAfter) {\n const wait = retryAfter.getTime() - Date.now();\n if (wait > 0) {\n delay = Math.min(wait, maxDelayMs);\n }\n }\n await sleep(delay, req.signal);\n continue;\n }\n\n throw err;\n }\n\n throw lastErr ?? new UpstreamBugError('Exhausted retry attempts');\n}\n\nfunction computeDelay(\n attempt: number,\n initialDelayMs: number,\n maxDelayMs: number,\n): number {\n const base = initialDelayMs * 2 ** attempt;\n const jitter = base * 0.25 * Math.random();\n return Math.min(base + jitter, maxDelayMs);\n}\n\nexport { HttpClientError };\n","export interface RateLimitState {\n remaining: number;\n resetAt: Date;\n}\n\nexport interface RateLimitPolicy {\n parse(headers: Headers): RateLimitState | null;\n}\n\nexport interface StandardRateLimitPolicyConfig {\n remainingHeader: string;\n resetHeader: string;\n resetUnit: 's' | 'ms';\n resetFallbackMs?: number;\n}\n\nexport function standardRateLimitPolicy(\n config: StandardRateLimitPolicyConfig,\n): RateLimitPolicy {\n const { remainingHeader, resetHeader, resetUnit, resetFallbackMs } = config;\n const multiplier = resetUnit === 's' ? 1000 : 1;\n return {\n parse(h) {\n const remainingRaw = h.get(remainingHeader);\n if (remainingRaw === null || remainingRaw.trim() === '') {\n return null;\n }\n const remaining = Number(remainingRaw);\n if (!Number.isFinite(remaining)) {\n return null;\n }\n const resetRaw = h.get(resetHeader);\n if (resetRaw === null) {\n if (resetFallbackMs === undefined) {\n return null;\n }\n return {\n remaining,\n resetAt: new Date(Date.now() + resetFallbackMs),\n };\n }\n if (resetRaw.trim() === '') {\n return null;\n }\n const reset = Number(resetRaw);\n if (!Number.isFinite(reset) || reset < 0) {\n return null;\n }\n const resetMs = reset * multiplier;\n if (!Number.isFinite(resetMs)) {\n return null;\n }\n return { remaining, resetAt: new Date(resetMs) };\n },\n };\n}\n","export interface SanitizeAllowedUrlOptions {\n url: string | null;\n host: string;\n pathname: string;\n protocol?: 'https:' | 'http:';\n}\n\nexport function sanitizeAllowedUrl(\n options: SanitizeAllowedUrlOptions,\n): string | null {\n const { url, host, pathname, protocol = 'https:' } = options;\n if (url === null) {\n return null;\n }\n try {\n const u = new URL(url);\n if (u.protocol !== protocol || u.host !== host || u.pathname !== pathname) {\n return null;\n }\n return u.toString();\n } catch {\n return null;\n }\n}\n","export type EpochUnit = 'ms' | 's' | 'iso';\n\nexport function parseEpoch(\n value: number | string | null | undefined,\n unit: EpochUnit,\n): number | null {\n if (value === null || value === undefined) {\n return null;\n }\n if (unit === 'iso') {\n if (typeof value !== 'string') {\n return null;\n }\n const ms = new Date(value).getTime();\n return Number.isFinite(ms) ? ms : null;\n }\n if (typeof value === 'string' && value.trim() === '') {\n return null;\n }\n const n = typeof value === 'number' ? value : Number(value);\n if (!Number.isFinite(n)) {\n return null;\n }\n const result = unit === 's' ? n * 1000 : n;\n return Number.isFinite(result) ? result : null;\n}\n","import { request } from './request';\nimport type { HttpRequest } from './types';\n\nexport function parseLinkHeader(header: string | null): Record<string, string> {\n if (!header) {\n return {};\n }\n const result: Record<string, string> = {};\n for (const part of header.split(',')) {\n const match = part.match(/<([^>]+)>\\s*;\\s*rel=\"([^\"]+)\"/);\n if (match) {\n result[match[2]!] = match[1]!;\n }\n }\n return result;\n}\n\nexport async function* paginateLink<T>(\n initial: HttpRequest,\n parse: (body: unknown) => T[],\n options: { resource: string },\n): AsyncIterable<T> {\n let next: string | null = initial.url;\n while (next) {\n const res: Awaited<ReturnType<typeof request>> = await request(\n {\n ...initial,\n url: next,\n },\n { resource: options.resource },\n );\n for (const item of parse(res.body)) {\n yield item;\n }\n const links = parseLinkHeader(res.headers.get('link'));\n next = links['next'] ?? null;\n }\n}\n\nexport async function* paginateCursor<T>(\n initial: HttpRequest,\n parse: (body: unknown) => { items: T[]; nextCursor: string | null },\n buildNext: (req: HttpRequest, cursor: string) => HttpRequest,\n options: { resource: string },\n): AsyncIterable<T> {\n let req: HttpRequest = initial;\n while (true) {\n const res = await request(req, { resource: options.resource });\n const { items, nextCursor } = parse(res.body);\n for (const item of items) {\n yield item;\n }\n if (!nextCursor) {\n return;\n }\n req = buildNext(req, nextCursor);\n }\n}\n\nexport async function* paginatePage<T>(\n initial: HttpRequest,\n parse: (body: unknown) => { items: T[]; hasMore: boolean },\n buildPage: (req: HttpRequest, page: number) => HttpRequest,\n options: { resource: string },\n): AsyncIterable<T> {\n let page = 1;\n while (true) {\n const req = page === 1 ? initial : buildPage(initial, page);\n const res = await request(req, { resource: options.resource });\n const { items, hasMore } = parse(res.body);\n for (const item of items) {\n yield item;\n }\n if (!hasMore || items.length === 0) {\n return;\n }\n page++;\n }\n}\n","export type LogFields = Record<string, unknown>;\n\nexport interface ConnectorLogger {\n info(event: string, fields?: LogFields): void;\n warn(event: string, fields?: LogFields): void;\n}\n\nexport interface ConnectorLoggerOptions {\n scope: string;\n}\n\nconst MAX_VALUE_LEN = 120;\n\nfunction truncate(s: string, max = MAX_VALUE_LEN): string {\n if (s.length <= max) {\n return s;\n }\n return `${s.slice(0, max - 1)}…`;\n}\n\nfunction formatValue(value: unknown): string {\n if (value === null) {\n return 'null';\n }\n if (value === undefined) {\n return '';\n }\n if (typeof value === 'number' || typeof value === 'boolean') {\n return String(value);\n }\n if (typeof value === 'string') {\n const t = truncate(value);\n if (/[\\s\"=]/.test(t)) {\n return JSON.stringify(t);\n }\n return t;\n }\n if (typeof value === 'bigint') {\n return value.toString();\n }\n let json: string | undefined;\n try {\n json = JSON.stringify(value);\n } catch {\n json = undefined;\n }\n return truncate(json ?? String(value));\n}\n\nexport function formatLogFields(fields?: LogFields): string {\n if (!fields) {\n return '';\n }\n const parts: string[] = [];\n for (const [k, v] of Object.entries(fields)) {\n if (v === undefined) {\n continue;\n }\n parts.push(`${k}=${formatValue(v)}`);\n }\n return parts.length > 0 ? ` ${parts.join(' ')}` : '';\n}\n\nexport function formatLogLine(\n scope: string,\n event: string,\n fields?: LogFields,\n): string {\n return `[${scope}] ${event}${formatLogFields(fields)}`;\n}\n\nexport function createDefaultConnectorLogger(\n opts: ConnectorLoggerOptions,\n): ConnectorLogger {\n return {\n info(event, fields) {\n console.info(formatLogLine(opts.scope, event, fields));\n },\n warn(event, fields) {\n console.warn(formatLogLine(opts.scope, event, fields));\n },\n };\n}\n\nconst NOOP_LOGGER: ConnectorLogger = {\n info() {},\n warn() {},\n};\n\nexport function noopConnectorLogger(): ConnectorLogger {\n return NOOP_LOGGER;\n}\n","import {\n BaseAWSConnector,\n type BaseAWSSettings,\n awsAuthConfigShape,\n awsAuthRefine,\n parseGetMetricData,\n} from '@rawdash/connector-aws-shared';\nimport { parseEpoch } from '@rawdash/connector-shared';\nimport {\n type ConnectorContext,\n type ConnectorCost,\n type ConnectorDoc,\n type JSONValue,\n type MetricSample,\n type StorageHandle,\n type SyncOptions,\n type SyncResult,\n defineConfigFields,\n defineConnectorDoc,\n defineResources,\n schemasFromResources,\n} from '@rawdash/core';\nimport { z } from 'zod';\n\nconst metricQuerySchema = z.object({\n id: z\n .string()\n .regex(\n /^[a-z][a-zA-Z0-9_]*$/,\n 'CloudWatch query id must start with a lowercase letter and contain only letters, digits, and underscores',\n ),\n namespace: z.string().min(1),\n metric: z.string().min(1),\n stat: z.string().min(1),\n periodSeconds: z\n .number()\n .int()\n .min(60)\n .refine((n) => n % 60 === 0, {\n message: 'periodSeconds must be a multiple of 60 (1 minute)',\n }),\n dimensions: z.record(z.string(), z.string()).optional(),\n});\n\nexport const configFields = defineConfigFields(\n z\n .object({\n ...awsAuthConfigShape,\n metricQueries: z.array(metricQuerySchema).nonempty().meta({\n label: 'Metric queries',\n description:\n 'CloudWatch is too broad to mirror wholesale; declare the specific metrics to pull. Each query needs an id, namespace, metric name, statistic, and period (seconds, multiple of 60), with optional dimensions.',\n }),\n lookbackMinutes: z.number().int().positive().max(40_320).optional().meta({\n label: 'Lookback (minutes)',\n description:\n 'How far back to pull data points on a full sync when the host does not supply a since bound. Defaults to 180.',\n placeholder: '180',\n }),\n })\n .refine(awsAuthRefine.predicate, { message: awsAuthRefine.message })\n .refine(\n (cfg) =>\n new Set(cfg.metricQueries.map((q) => q.id)).size ===\n cfg.metricQueries.length,\n {\n path: ['metricQueries'],\n message: 'Each metric query id must be unique',\n },\n ),\n);\n\nexport const doc: ConnectorDoc = defineConnectorDoc({\n displayName: 'AWS CloudWatch',\n category: 'infrastructure',\n brandColor: '#FF4F8B',\n tagline:\n 'Pull declared CloudWatch metric time series (any namespace, statistic, and period) into a single metric series per query.',\n rateLimit:\n 'GetMetricData is batched at most 500 metrics per call with NextToken pagination; throttling (Throttling / RequestLimitExceeded / TooManyRequests) is retried with backoff.',\n vendor: {\n name: 'Amazon Web Services',\n apiDocs:\n 'https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricData.html',\n website: 'https://aws.amazon.com/cloudwatch/',\n },\n auth: {\n summary:\n 'Authenticate with either static IAM access keys or an assumed IAM role (STS). The principal needs cloudwatch:GetMetricData on the target region.',\n setup: [\n 'Create an IAM user or role with a policy granting `cloudwatch:GetMetricData`.',\n 'For static credentials, generate an access key ID and secret access key for that IAM user and store them as secrets.',\n 'For role assumption, set `roleArn` to the role to assume (and `externalId` if its trust policy requires one); the base credentials must be allowed to `sts:AssumeRole` it.',\n 'Set `region` to the AWS region whose CloudWatch endpoint holds the metrics, e.g. `us-east-1`.',\n 'Reference the keys from config, e.g. `accessKeyId: secret(\"AWS_ACCESS_KEY_ID\")` and `secretAccessKey: secret(\"AWS_SECRET_ACCESS_KEY\")`.',\n ],\n },\n limitations: [\n 'CloudWatch is too broad to mirror wholesale; only the metrics declared in `metricQueries` are synced; there is no automatic metric discovery.',\n 'The series name is derived from the query namespace/metric, so two queries against the same metric with different statistics or dimensions share one series name and are distinguished only by sample attributes.',\n 'Each query period must be a multiple of 60 seconds; sub-minute resolution is not supported.',\n 'A full sync uses lookbackMinutes; a latest sync uses a short window covering the last few periods.',\n ],\n});\n\nexport interface CloudWatchMetricQuery {\n id: string;\n namespace: string;\n metric: string;\n stat: string;\n periodSeconds: number;\n dimensions?: Record<string, string>;\n}\n\nexport interface CloudWatchSettings extends BaseAWSSettings {\n metricQueries: CloudWatchMetricQuery[];\n lookbackMinutes?: number;\n}\n\nconst metricDataResponseSchema = z.object({\n MetricDataResults: z.array(\n z.object({\n Id: z.string(),\n Label: z.string(),\n Timestamps: z.array(z.iso.datetime()),\n Values: z.array(z.number()),\n StatusCode: z.enum([\n 'Complete',\n 'InternalError',\n 'PartialData',\n 'Forbidden',\n ]),\n }),\n ),\n NextToken: z.string().optional(),\n});\n\nexport const awsCloudwatchResources = defineResources({\n '<namespace>/<metric>': {\n shape: 'metric',\n dynamic: true,\n description:\n 'One metric series per declared metric query. The series name is the query namespace/metric (e.g. `AWS/EC2/CPUUtilization`), so the actual keys depend on the configured `metricQueries`. Each sample carries the query statistic, period, query id, the upstream status code, and label as attributes.',\n endpoint: 'POST / (GetMetricData)',\n granularity: 'Per query period (periodSeconds, a multiple of 60)',\n notes:\n 'Each sync replaces the full set of samples for the metric names it owns (idempotent).',\n dimensions: [\n {\n name: 'stat',\n description:\n 'The CloudWatch statistic requested for the query, e.g. Average, Sum, or p99.',\n },\n {\n name: 'period',\n description: 'The aggregation period in seconds for the data points.',\n },\n {\n name: 'queryId',\n description:\n 'The configured id of the metric query that produced the sample.',\n },\n {\n name: 'statusCode',\n description:\n 'GetMetricData result status for the series (Complete, PartialData, InternalError, or Forbidden).',\n },\n {\n name: 'label',\n description:\n 'The human-readable label CloudWatch returned for the series.',\n },\n ],\n responses: { metric_data: metricDataResponseSchema },\n },\n});\n\nconst CLOUDWATCH_SERVICE = 'monitoring';\nconst CLOUDWATCH_API_VERSION = '2010-08-01';\nconst MAX_QUERIES_PER_CALL = 500;\nconst DEFAULT_LOOKBACK_MINUTES = 180;\nconst MS_PER_MINUTE = 60_000;\n\nexport const id = 'aws-cloudwatch';\n\nexport const cost: ConnectorCost = {\n warning:\n 'CloudWatch GetMetricData is billed per metric requested on the paid tier; high-frequency syncs over many metrics add up.',\n};\n\nexport class CloudWatchConnector extends BaseAWSConnector<CloudWatchSettings> {\n static readonly id = id;\n\n static readonly resources = awsCloudwatchResources;\n\n static readonly schemas = schemasFromResources(awsCloudwatchResources);\n\n static readonly cost = cost;\n\n static create(input: unknown, ctx?: ConnectorContext): CloudWatchConnector {\n const parsed = configFields.parse(input);\n return new CloudWatchConnector(\n {\n region: parsed.region,\n roleArn: parsed.roleArn,\n externalId: parsed.externalId,\n metricQueries: parsed.metricQueries,\n lookbackMinutes: parsed.lookbackMinutes,\n },\n {\n accessKeyId: parsed.accessKeyId,\n secretAccessKey: parsed.secretAccessKey,\n },\n ctx,\n );\n }\n\n readonly id = id;\n\n private computeWindow(options: SyncOptions): {\n startMs: number;\n endMs: number;\n } {\n const endMs = Date.now();\n if (options.since) {\n const sinceMs = parseEpoch(options.since, 'iso');\n if (sinceMs !== null) {\n return { startMs: Math.min(sinceMs, endMs), endMs };\n }\n }\n if (options.mode === 'latest') {\n const maxPeriod = Math.max(\n ...this.settings.metricQueries.map((q) => q.periodSeconds),\n 60,\n );\n return { startMs: endMs - maxPeriod * 3 * 1000, endMs };\n }\n const lookback = this.settings.lookbackMinutes ?? DEFAULT_LOOKBACK_MINUTES;\n return { startMs: endMs - lookback * MS_PER_MINUTE, endMs };\n }\n\n private buildGetMetricDataBody(\n queries: CloudWatchMetricQuery[],\n startMs: number,\n endMs: number,\n nextToken: string | undefined,\n ): string {\n const params = new URLSearchParams();\n params.set('Action', 'GetMetricData');\n params.set('Version', CLOUDWATCH_API_VERSION);\n params.set('StartTime', new Date(startMs).toISOString());\n params.set('EndTime', new Date(endMs).toISOString());\n params.set('ScanBy', 'TimestampAscending');\n if (nextToken !== undefined) {\n params.set('NextToken', nextToken);\n }\n\n queries.forEach((query, index) => {\n const prefix = `MetricDataQueries.member.${index + 1}`;\n params.set(`${prefix}.Id`, query.id);\n params.set(`${prefix}.ReturnData`, 'true');\n params.set(`${prefix}.MetricStat.Metric.Namespace`, query.namespace);\n params.set(`${prefix}.MetricStat.Metric.MetricName`, query.metric);\n params.set(`${prefix}.MetricStat.Period`, String(query.periodSeconds));\n params.set(`${prefix}.MetricStat.Stat`, query.stat);\n const dimensions = Object.entries(query.dimensions ?? {});\n dimensions.forEach(([name, value], dimIndex) => {\n const dimPrefix = `${prefix}.MetricStat.Metric.Dimensions.member.${dimIndex + 1}`;\n params.set(`${dimPrefix}.Name`, name);\n params.set(`${dimPrefix}.Value`, value);\n });\n });\n\n return params.toString();\n }\n\n async sync(\n options: SyncOptions,\n storage: StorageHandle,\n signal?: AbortSignal,\n ): Promise<SyncResult> {\n const queries = this.settings.metricQueries;\n const names = new Set(queries.map((q) => `${q.namespace}/${q.metric}`));\n\n if (queries.length === 0) {\n return { done: true };\n }\n\n const queriesById = new Map(queries.map((q) => [q.id, q]));\n const { startMs, endMs } = this.computeWindow(options);\n\n const samples: MetricSample[] = [];\n const host = `${CLOUDWATCH_SERVICE}.${this.settings.region}.amazonaws.com`;\n\n for (let i = 0; i < queries.length; i += MAX_QUERIES_PER_CALL) {\n const chunk = queries.slice(i, i + MAX_QUERIES_PER_CALL);\n let nextToken: string | undefined;\n let page = 0;\n do {\n if (signal?.aborted) {\n return { done: false };\n }\n const body = this.buildGetMetricDataBody(\n chunk,\n startMs,\n endMs,\n nextToken,\n );\n const signingCredentials = await this.resolveSigningCredentials(signal);\n const xml = await this.signedPost({\n host,\n service: CLOUDWATCH_SERVICE,\n body,\n signingCredentials,\n resource: 'metric_data',\n signal,\n });\n const parsed = parseGetMetricData(xml);\n for (const result of parsed.results) {\n const query = queriesById.get(result.id);\n if (query === undefined) {\n continue;\n }\n this.collectSamples(samples, query, result);\n }\n nextToken = parsed.nextToken ?? undefined;\n page += 1;\n this.logger.info('fetched page', {\n resource: 'metric_data',\n page,\n items: parsed.results.length,\n next: nextToken ?? null,\n });\n } while (nextToken !== undefined);\n }\n\n await storage.metrics(samples, { names: [...names] });\n this.logger.info('resource done', {\n resource: 'metric_data',\n items: samples.length,\n });\n return { done: true };\n }\n\n private collectSamples(\n samples: MetricSample[],\n query: CloudWatchMetricQuery,\n result: {\n timestamps: string[];\n values: number[];\n statusCode: string;\n label: string;\n },\n ): void {\n const name = `${query.namespace}/${query.metric}`;\n const baseAttributes: Record<string, JSONValue> = {\n ...(query.dimensions ?? {}),\n stat: query.stat,\n period: query.periodSeconds,\n queryId: query.id,\n statusCode: result.statusCode,\n label: result.label,\n };\n const count = Math.min(result.timestamps.length, result.values.length);\n for (let i = 0; i < count; i++) {\n const ts = parseEpoch(result.timestamps[i]!, 'iso');\n const value = result.values[i]!;\n if (ts === null || !Number.isFinite(value)) {\n continue;\n }\n samples.push({ name, ts, value, attributes: { ...baseAttributes } });\n }\n }\n}\n","import { CloudWatchConnector } from './aws-cloudwatch';\n\nexport {\n CloudWatchConnector,\n configFields,\n cost,\n doc,\n id,\n awsCloudwatchResources as resources,\n} from './aws-cloudwatch';\nexport type {\n CloudWatchMetricQuery,\n CloudWatchSettings,\n} from './aws-cloudwatch';\nexport default CloudWatchConnector;\n"],"mappings":";AWSA,SAAS,qBAA6C;ACTtD,SAAS,SAAS;AZIlB,IAAM,UAAU,IAAI,YAAY;AAEhC,IAAM,YAAY;AAIlB,SAAS,GAAG,MAAuC;AACjD,SAAO,IAAI,WAAW,QAAQ,OAAO,IAAI,CAAC;AAC5C;AAEA,SAAS,MAAM,QAA6B;AAC1C,QAAM,QAAQ,IAAI,WAAW,MAAM;AACnC,MAAI,MAAM;AACV,WAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,WAAO,MAAM,CAAC,EAAG,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG;EAC/C;AACA,SAAO;AACT;AAEA,eAAsB,UAAU,MAA+B;AAC7D,QAAM,SAAS,MAAM,WAAW,OAAO,OAAO,OAAO,WAAW,GAAG,IAAI,CAAC;AACxE,SAAO,MAAM,MAAM;AACrB;AAEA,eAAe,KAAK,KAAmB,MAAoC;AACzE,QAAM,YAAY,MAAM,WAAW,OAAO,OAAO;IAC/C;IACA;IACA,EAAE,MAAM,QAAQ,MAAM,UAAU;IAChC;IACA,CAAC,MAAM;EACT;AACA,SAAO,WAAW,OAAO,OAAO,KAAK,QAAQ,WAAW,GAAG,IAAI,CAAC;AAClE;AAEA,eAAe,iBACb,iBACA,WACA,QACA,SACsB;AACtB,QAAM,QAAQ,MAAM,KAAK,GAAG,OAAO,eAAe,EAAE,GAAG,SAAS;AAChE,QAAM,UAAU,MAAM,KAAK,OAAO,MAAM;AACxC,QAAM,WAAW,MAAM,KAAK,SAAS,OAAO;AAC5C,SAAO,KAAK,UAAU,cAAc;AACtC;AAQO,SAAS,cAAc,MAAqB;AACjD,QAAM,UAAU,KAAK,YAAY,EAAE,QAAQ,iBAAiB,EAAE;AAC9D,SAAO,EAAE,SAAS,WAAW,QAAQ,MAAM,GAAG,CAAC,EAAE;AACnD;AAoBA,eAAsB,0BACpB,QACiB;AACjB,QAAM,eAAuC,CAAC;AAC9C,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,OAAO,OAAO,GAAG;AACzD,iBAAa,IAAI,YAAY,CAAC,IAAI,MAAM,KAAK,EAAE,QAAQ,QAAQ,GAAG;EACpE;AACA,QAAM,cAAc,OAAO,KAAK,YAAY,EAAE,KAAK;AAEnD,QAAM,mBAAmB,YACtB,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,aAAa,IAAI,CAAC;CAAI,EAC/C,KAAK,EAAE;AACV,QAAM,gBAAgB,YAAY,KAAK,GAAG;AAE1C,QAAM,mBAAmB;IACvB,OAAO;IACP,OAAO;IACP,OAAO;IACP;IACA;IACA,OAAO;EACT,EAAE,KAAK,IAAI;AAEX,QAAM,kBAAkB,GAAG,OAAO,SAAS,IAAI,OAAO,MAAM,IAAI,OAAO,OAAO;AAC9E,QAAM,eAAe;IACnB;IACA,OAAO;IACP;IACA,MAAM,UAAU,gBAAgB;EAClC,EAAE,KAAK,IAAI;AAEX,QAAM,aAAa,MAAM;IACvB,OAAO;IACP,OAAO;IACP,OAAO;IACP,OAAO;EACT;AACA,QAAM,YAAY,MAAM,MAAM,KAAK,YAAY,YAAY,CAAC;AAE5D,SACE,GAAG,SAAS,eAAe,OAAO,WAAW,IAAI,eAAe,mBAC/C,aAAa,eAAe,SAAS;AAE1D;ACtHA,SAAS,eAAe,OAAuB;AAC7C,SAAO,MACJ,QAAQ,SAAS,GAAG,EACpB,QAAQ,SAAS,GAAG,EACpB,QAAQ,WAAW,GAAG,EACtB,QAAQ,UAAU,GAAG,EACrB,QAAQ,WAAW,GAAG,EACtB,QAAQ,UAAU,GAAG;AAC1B;AAMO,SAAS,WAAW,KAAa,KAA4B;AAClE,QAAM,aAAa,IAAI,QAAQ,uBAAuB,MAAM;AAC5D,QAAM,OAAO,IAAI,OAAO,IAAI,UAAU,gBAAgB,EAAE,KAAK,GAAG;AAChE,MAAI,CAAC,MAAM;AACT,WAAO,IAAI,OAAO,IAAI,UAAU,QAAQ,EAAE,KAAK,GAAG,IAAI,KAAK;EAC7D;AACA,QAAM,QAAQ,KAAK,QAAQ,KAAK,CAAC,EAAE;AACnC,QAAM,WAAW,IAAI,QAAQ,KAAK,GAAG,KAAK,KAAK;AAC/C,MAAI,aAAa,IAAI;AACnB,WAAO;EACT;AACA,SAAO,IAAI,MAAM,OAAO,QAAQ;AAClC;AAEO,SAAS,UAAU,KAAa,KAA4B;AACjE,QAAM,QAAQ,WAAW,KAAK,GAAG;AACjC,SAAO,UAAU,OAAO,OAAO,eAAe,KAAK,EAAE,KAAK;AAC5D;AAKO,SAAS,gBAAgB,KAAuB;AACrD,QAAM,UAAoB,CAAC;AAC3B,QAAM,KAAK;AACX,MAAI,QAAQ;AACZ,MAAI,eAAe;AACnB,MAAI;AACJ,UAAQ,QAAQ,GAAG,KAAK,GAAG,OAAO,MAAM;AACtC,QAAI,MAAM,CAAC,EAAE,WAAW,IAAI,GAAG;AAC7B;AACA,UAAI,UAAU,KAAK,iBAAiB,IAAI;AACtC,gBAAQ,KAAK,IAAI,MAAM,cAAc,MAAM,KAAK,CAAC;AACjD,uBAAe;MACjB;IACF,OAAO;AACL,UAAI,UAAU,GAAG;AACf,uBAAe,MAAM,QAAQ,MAAM,CAAC,EAAE;MACxC;AACA;IACF;EACF;AACA,SAAO;AACT;AAeO,SAAS,mBAAmB,KAAkC;AACnE,QAAM,eAAe,WAAW,KAAK,mBAAmB,KAAK;AAC7D,QAAM,UAAU,gBAAgB,YAAY,EAAE,IAAI,CAAC,WAAW;AAC5D,UAAM,UAAU,WAAW,QAAQ,YAAY,KAAK;AACpD,UAAM,WAAW,WAAW,QAAQ,QAAQ,KAAK;AACjD,WAAO;MACL,IAAI,UAAU,QAAQ,IAAI,KAAK;MAC/B,OAAO,UAAU,QAAQ,OAAO,KAAK;MACrC,YAAY,UAAU,QAAQ,YAAY,KAAK;MAC/C,YAAY,gBAAgB,OAAO,EAAE,IAAI,CAAC,MAAM,eAAe,CAAC,EAAE,KAAK,CAAC;MACxE,QAAQ,gBAAgB,QAAQ,EAAE;QAAI,CAAC,MACrC,OAAO,eAAe,CAAC,EAAE,KAAK,CAAC;MACjC;IACF;EACF,CAAC;AACD,QAAM,YAAY,UAAU,KAAK,WAAW;AAC5C,SAAO,EAAE,SAAS,WAAW,cAAc,KAAK,OAAO,UAAU;AACnE;AASO,SAAS,gBAAgB,KAAoC;AAClE,QAAM,YAAY,WAAW,KAAK,aAAa;AAC/C,MAAI,cAAc,MAAM;AACtB,WAAO;EACT;AACA,QAAM,cAAc,UAAU,WAAW,aAAa,KAAK;AAC3D,QAAM,kBAAkB,UAAU,WAAW,iBAAiB,KAAK;AACnE,MAAI,gBAAgB,MAAM,oBAAoB,IAAI;AAChD,WAAO;EACT;AACA,SAAO;IACL;IACA;IACA,cAAc,UAAU,WAAW,cAAc,KAAK;IACtD,YAAY,UAAU,WAAW,YAAY,KAAK;EACpD;AACF;AAIO,SAAS,eAAe,KAA4B;AACzD,SAAO,UAAU,KAAK,MAAM;AAC9B;ACpHO,IAAe,kBAAf,cAAuC,MAAM;EAEzC;EAET,YAAY,SAAiB,UAAyB;AACpD,UAAM,OAAO;AACb,SAAK,OAAO,WAAW;AACvB,SAAK,WAAW;EAClB;AACF;AAEO,IAAM,iBAAN,cAA6B,gBAAgB;EACzC,OAAO;AAClB;AAEO,IAAM,iBAAN,cAA6B,gBAAgB;EACzC,OAAO;EACP;EAET,YAAY,SAAiB,UAAyB,YAAmB;AACvE,UAAM,SAAS,QAAQ;AACvB,SAAK,aAAa;EACpB;AACF;AAEO,IAAM,YAAN,cAAwB,gBAAgB;EACpC,OAAO;AAClB;AEpCO,IAAM,sBAAsB;AAE5B,IAAM,qBAAqB,qBAAqB,mBAAmB;AAEnE,SAAS,mBAAmB,aAA6B;AAC9D,SAAO,qBAAqB,WAAW,IAAI,mBAAmB;AAChE;AIJO,SAAS,WACd,OACA,MACe;AACf,MAAI,UAAU,QAAQ,UAAU,QAAW;AACzC,WAAO;EACT;AACA,MAAI,SAAS,OAAO;AAClB,QAAI,OAAO,UAAU,UAAU;AAC7B,aAAO;IACT;AACA,UAAM,KAAK,IAAI,KAAK,KAAK,EAAE,QAAQ;AACnC,WAAO,OAAO,SAAS,EAAE,IAAI,KAAK;EACpC;AACA,MAAI,OAAO,UAAU,YAAY,MAAM,KAAK,MAAM,IAAI;AACpD,WAAO;EACT;AACA,QAAM,IAAI,OAAO,UAAU,WAAW,QAAQ,OAAO,KAAK;AAC1D,MAAI,CAAC,OAAO,SAAS,CAAC,GAAG;AACvB,WAAO;EACT;AACA,QAAM,SAAS,SAAS,MAAM,IAAI,MAAO;AACzC,SAAO,OAAO,SAAS,MAAM,IAAI,SAAS;AAC5C;AGLO,IAAM,uBAAuB;EAClC,aAAa;IACX,aAAa;IACb,MAAM;EACR;EACA,iBAAiB;IACf,aAAa;IACb,MAAM;EACR;AACF;AAUA,IAAM,cAAc;AACpB,IAAM,kBAAkB;AACxB,IAAM,6BAA6B;AACnC,IAAM,+BAA+B;AACrC,IAAM,oBAAoB;AAE1B,SAAS,QAAQ,MAAkC;AACjD,QAAM,MACJ,WAGA,SAAS;AACX,SAAO,MAAM,IAAI;AACnB;AAEO,IAAe,mBAAf,cAEG,cAAyC;EAC/B,cAAc;EAExB,eAGG;EAED,kBAAsC;AAC9C,UAAM,EAAE,aAAa,gBAAgB,IAAI,KAAK;AAC9C,QAAI,eAAe,iBAAiB;AAClC,aAAO,EAAE,aAAa,gBAAgB;IACxC;AACA,UAAM,iBAAiB,QAAQ,mBAAmB;AAClD,UAAM,qBAAqB,QAAQ,uBAAuB;AAC1D,QAAI,kBAAkB,oBAAoB;AACxC,aAAO;QACL,aAAa;QACb,iBAAiB;QACjB,cAAc,QAAQ,mBAAmB,KAAK;MAChD;IACF;AACA,UAAM,IAAI;MACR,GAAG,KAAK,EAAE;IACZ;EACF;EAEA,MAAgB,0BACd,QAC6B;AAC7B,QAAI,KAAK,SAAS,YAAY,QAAW;AACvC,YAAM,EAAE,aAAa,gBAAgB,IAAI,KAAK;AAC9C,UAAI,CAAC,eAAe,CAAC,iBAAiB;AACpC,cAAM,IAAI;UACR,GAAG,KAAK,EAAE;QACZ;MACF;AACA,aAAO,EAAE,aAAa,gBAAgB;IACxC;AAEA,QAAI,KAAK,gBAAgB,KAAK,IAAI,IAAI,KAAK,aAAa,WAAW;AACjE,aAAO,KAAK,aAAa;IAC3B;AACA,WAAO,KAAK,WAAW,KAAK,SAAS,SAAS,MAAM;EACtD;EAEA,MAAc,WACZ,SACA,QAC6B;AAC7B,UAAM,SAAS,IAAI,gBAAgB;AACnC,WAAO,IAAI,UAAU,YAAY;AACjC,WAAO,IAAI,WAAW,eAAe;AACrC,WAAO,IAAI,WAAW,OAAO;AAC7B,WAAO,IAAI,mBAAmB,WAAW,KAAK,EAAE,EAAE;AAClD,WAAO,IAAI,mBAAmB,OAAO,4BAA4B,CAAC;AAClE,QAAI,KAAK,SAAS,eAAe,QAAW;AAC1C,aAAO,IAAI,cAAc,KAAK,SAAS,UAAU;IACnD;AAEA,UAAM,OAAO,OAAO,KAAK,SAAS,MAAM;AACxC,UAAM,MAAM,MAAM,KAAK,WAAW;MAChC;MACA,SAAS;MACT,MAAM,OAAO,SAAS;MACtB,oBAAoB,KAAK,gBAAgB;MACzC,UAAU;MACV;IACF,CAAC;AAED,UAAM,SAAS,gBAAgB,GAAG;AAClC,QAAI,WAAW,MAAM;AACnB,YAAM,IAAI;QACR,GAAG,KAAK,EAAE;MACZ;IACF;AACA,SAAK,wBAAwB,MAAM;AACnC,WAAO;MACL,aAAa,OAAO;MACpB,iBAAiB,OAAO;MACxB,cAAc,OAAO,gBAAgB;IACvC;EACF;EAEQ,wBAAwB,QAA8B;AAC5D,UAAM,eAAe,WAAW,OAAO,YAAY,KAAK;AACxD,UAAM,YACJ,iBAAiB,OACb,eAAe,6BACf,KAAK,IAAI,KAAK,+BAA+B,MAAM;AACzD,SAAK,eAAe;MAClB,OAAO;QACL,aAAa,OAAO;QACpB,iBAAiB,OAAO;QACxB,cAAc,OAAO,gBAAgB;MACvC;MACA;IACF;EACF;EAEA,MAAgB,WAAW,MAOP;AAClB,UAAM,EAAE,SAAS,UAAU,IAAI,cAAc,oBAAI,KAAK,CAAC;AACvD,UAAM,cAAc,MAAM,UAAU,KAAK,IAAI;AAE7C,UAAM,gBAAwC;MAC5C,MAAM,KAAK;MACX,gBAAgB;MAChB,wBAAwB;MACxB,cAAc;IAChB;AACA,QAAI,KAAK,mBAAmB,iBAAiB,QAAW;AACtD,oBAAc,sBAAsB,IAClC,KAAK,mBAAmB;IAC5B;AAEA,UAAM,gBAAgB,MAAM,0BAA0B;MACpD,QAAQ;MACR,MAAM,KAAK;MACX,MAAM;MACN,OAAO;MACP,SAAS;MACT;MACA,aAAa,KAAK,mBAAmB;MACrC,iBAAiB,KAAK,mBAAmB;MACzC,QAAQ,KAAK,SAAS;MACtB,SAAS,KAAK;MACd;MACA;IACF,CAAC;AAED,UAAM,cAAsC;MAC1C,gBAAgB;MAChB,wBAAwB;MACxB,cAAc;MACd,cAAc,mBAAmB,KAAK,EAAE;MACxC,eAAe;IACjB;AACA,QAAI,KAAK,mBAAmB,iBAAiB,QAAW;AACtD,kBAAY,sBAAsB,IAChC,KAAK,mBAAmB;IAC5B;AAEA,QAAI;AACF,YAAM,MAA4B,MAAM,KAAK;QAC3C;UACE,KAAK,WAAW,KAAK,IAAI;UACzB,QAAQ;UACR,SAAS;UACT,MAAM,KAAK;UACX,WAAW;UACX,QAAQ,KAAK;QACf;QACA,EAAE,UAAU,KAAK,SAAS;MAC5B;AACA,aAAO,IAAI;IACb,SAAS,KAAK;AACZ,YAAM,KAAK,iBAAiB,GAAG;IACjC;EACF;EAEU,iBAAiB,KAAuB;AAChD,QAAI,EAAE,eAAe,UAAU,EAAE,UAAU,MAAM;AAC/C,aAAO;IACT;AACA,UAAM,UAAU;AAChB,UAAM,OACJ,OAAO,QAAQ,UAAU,SAAS,WAAW,QAAQ,SAAS,OAAO;AACvE,UAAM,OAAO,eAAe,IAAI,KAAK;AACrC,UAAM,SAAS,QAAQ,UAAU,UAAU;AAE3C,QACE,8DAA8D,KAAK,IAAI,GACvE;AACA,aAAO,IAAI,eAAe,QAAQ,SAAS,QAAQ,QAAQ;IAC7D;AACA,QACE,uHAAuH;MACrH;IACF,GACA;AACA,aAAO,IAAI,UAAU,QAAQ,SAAS,QAAQ,QAAQ;IACxD;AACA,QAAI,UAAU,KAAK;AACjB,aAAO,IAAI,eAAe,QAAQ,SAAS,QAAQ,QAAQ;IAC7D;AACA,WAAO;EACT;AACF;ACxPO,IAAM,qBAAqB;EAChC,QAAQ,EACL,OAAO,EACP;IACC;IACA;EACF,EACC,KAAK;IACJ,OAAO;IACP,aACE;IACF,aAAa;EACf,CAAC;EACH,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,SAAS,EAAE,KAAK;IAC7D,OAAO;IACP,aACE;IACF,QAAQ;EACV,CAAC;EACD,iBAAiB,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,SAAS,EAAE,KAAK;IACjE,OAAO;IACP,aAAa;IACb,QAAQ;EACV,CAAC;EACD,SAAS,EACN,OAAO,EACP;IACC;IACA;EACF,EACC,SAAS,EACT,KAAK;IACJ,OAAO;IACP,aACE;IACF,aAAa;EACf,CAAC;EACH,YAAY,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,EAAE,KAAK;IAC5C,OAAO;IACP,aACE;EACJ,CAAC;AACH;AAUO,IAAM,gBAAgB;EAC3B,WAAW,CAAC,QAAgC;AAC1C,UAAM,UAAU,IAAI,YAAY;AAChC,UAAM,YACJ,IAAI,gBAAgB,UAAa,IAAI,oBAAoB;AAC3D,QAAI,IAAI,eAAe,UAAa,CAAC,SAAS;AAC5C,aAAO;IACT;AACA,WAAO,WAAW;EACpB;EACA,SACE;AACJ;;;AGlEO,IAAMA,uBAAsB;AAE5B,IAAMC,sBAAqB,qBAAqBD,oBAAmB;AIAnE,SAASE,YACd,OACA,MACe;AACf,MAAI,UAAU,QAAQ,UAAU,QAAW;AACzC,WAAO;EACT;AACA,MAAI,SAAS,OAAO;AAClB,QAAI,OAAO,UAAU,UAAU;AAC7B,aAAO;IACT;AACA,UAAM,KAAK,IAAI,KAAK,KAAK,EAAE,QAAQ;AACnC,WAAO,OAAO,SAAS,EAAE,IAAI,KAAK;EACpC;AACA,MAAI,OAAO,UAAU,YAAY,MAAM,KAAK,MAAM,IAAI;AACpD,WAAO;EACT;AACA,QAAM,IAAI,OAAO,UAAU,WAAW,QAAQ,OAAO,KAAK;AAC1D,MAAI,CAAC,OAAO,SAAS,CAAC,GAAG;AACvB,WAAO;EACT;AACA,QAAM,SAAS,SAAS,MAAM,IAAI,MAAO;AACzC,SAAO,OAAO,SAAS,MAAM,IAAI,SAAS;AAC5C;;;AGjBA;AAAA,EASE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,KAAAC,UAAS;AAElB,IAAM,oBAAoBA,GAAE,OAAO;AAAA,EACjC,IAAIA,GACD,OAAO,EACP;AAAA,IACC;AAAA,IACA;AAAA,EACF;AAAA,EACF,WAAWA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC3B,QAAQA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACxB,MAAMA,GAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACtB,eAAeA,GACZ,OAAO,EACP,IAAI,EACJ,IAAI,EAAE,EACN,OAAO,CAAC,MAAM,IAAI,OAAO,GAAG;AAAA,IAC3B,SAAS;AAAA,EACX,CAAC;AAAA,EACH,YAAYA,GAAE,OAAOA,GAAE,OAAO,GAAGA,GAAE,OAAO,CAAC,EAAE,SAAS;AACxD,CAAC;AAEM,IAAM,eAAe;AAAA,EAC1BA,GACG,OAAO;AAAA,IACN,GAAG;AAAA,IACH,eAAeA,GAAE,MAAM,iBAAiB,EAAE,SAAS,EAAE,KAAK;AAAA,MACxD,OAAO;AAAA,MACP,aACE;AAAA,IACJ,CAAC;AAAA,IACD,iBAAiBA,GAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,KAAM,EAAE,SAAS,EAAE,KAAK;AAAA,MACvE,OAAO;AAAA,MACP,aACE;AAAA,MACF,aAAa;AAAA,IACf,CAAC;AAAA,EACH,CAAC,EACA,OAAO,cAAc,WAAW,EAAE,SAAS,cAAc,QAAQ,CAAC,EAClE;AAAA,IACC,CAAC,QACC,IAAI,IAAI,IAAI,cAAc,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,SAC5C,IAAI,cAAc;AAAA,IACpB;AAAA,MACE,MAAM,CAAC,eAAe;AAAA,MACtB,SAAS;AAAA,IACX;AAAA,EACF;AACJ;AAEO,IAAM,MAAoB,mBAAmB;AAAA,EAClD,aAAa;AAAA,EACb,UAAU;AAAA,EACV,YAAY;AAAA,EACZ,SACE;AAAA,EACF,WACE;AAAA,EACF,QAAQ;AAAA,IACN,MAAM;AAAA,IACN,SACE;AAAA,IACF,SAAS;AAAA,EACX;AAAA,EACA,MAAM;AAAA,IACJ,SACE;AAAA,IACF,OAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EACA,aAAa;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF,CAAC;AAgBD,IAAM,2BAA2BA,GAAE,OAAO;AAAA,EACxC,mBAAmBA,GAAE;AAAA,IACnBA,GAAE,OAAO;AAAA,MACP,IAAIA,GAAE,OAAO;AAAA,MACb,OAAOA,GAAE,OAAO;AAAA,MAChB,YAAYA,GAAE,MAAMA,GAAE,IAAI,SAAS,CAAC;AAAA,MACpC,QAAQA,GAAE,MAAMA,GAAE,OAAO,CAAC;AAAA,MAC1B,YAAYA,GAAE,KAAK;AAAA,QACjB;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AAAA,EACA,WAAWA,GAAE,OAAO,EAAE,SAAS;AACjC,CAAC;AAEM,IAAM,yBAAyB,gBAAgB;AAAA,EACpD,wBAAwB;AAAA,IACtB,OAAO;AAAA,IACP,SAAS;AAAA,IACT,aACE;AAAA,IACF,UAAU;AAAA,IACV,aAAa;AAAA,IACb,OACE;AAAA,IACF,YAAY;AAAA,MACV;AAAA,QACE,MAAM;AAAA,QACN,aACE;AAAA,MACJ;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,aAAa;AAAA,MACf;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,aACE;AAAA,MACJ;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,aACE;AAAA,MACJ;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,aACE;AAAA,MACJ;AAAA,IACF;AAAA,IACA,WAAW,EAAE,aAAa,yBAAyB;AAAA,EACrD;AACF,CAAC;AAED,IAAM,qBAAqB;AAC3B,IAAM,yBAAyB;AAC/B,IAAM,uBAAuB;AAC7B,IAAM,2BAA2B;AACjC,IAAM,gBAAgB;AAEf,IAAM,KAAK;AAEX,IAAM,OAAsB;AAAA,EACjC,SACE;AACJ;AAEO,IAAM,sBAAN,MAAM,6BAA4B,iBAAqC;AAAA,EAC5E,OAAgB,KAAK;AAAA,EAErB,OAAgB,YAAY;AAAA,EAE5B,OAAgB,UAAU,qBAAqB,sBAAsB;AAAA,EAErE,OAAgB,OAAO;AAAA,EAEvB,OAAO,OAAO,OAAgB,KAA6C;AACzE,UAAM,SAAS,aAAa,MAAM,KAAK;AACvC,WAAO,IAAI;AAAA,MACT;AAAA,QACE,QAAQ,OAAO;AAAA,QACf,SAAS,OAAO;AAAA,QAChB,YAAY,OAAO;AAAA,QACnB,eAAe,OAAO;AAAA,QACtB,iBAAiB,OAAO;AAAA,MAC1B;AAAA,MACA;AAAA,QACE,aAAa,OAAO;AAAA,QACpB,iBAAiB,OAAO;AAAA,MAC1B;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAES,KAAK;AAAA,EAEN,cAAc,SAGpB;AACA,UAAM,QAAQ,KAAK,IAAI;AACvB,QAAI,QAAQ,OAAO;AACjB,YAAM,UAAUC,YAAW,QAAQ,OAAO,KAAK;AAC/C,UAAI,YAAY,MAAM;AACpB,eAAO,EAAE,SAAS,KAAK,IAAI,SAAS,KAAK,GAAG,MAAM;AAAA,MACpD;AAAA,IACF;AACA,QAAI,QAAQ,SAAS,UAAU;AAC7B,YAAM,YAAY,KAAK;AAAA,QACrB,GAAG,KAAK,SAAS,cAAc,IAAI,CAAC,MAAM,EAAE,aAAa;AAAA,QACzD;AAAA,MACF;AACA,aAAO,EAAE,SAAS,QAAQ,YAAY,IAAI,KAAM,MAAM;AAAA,IACxD;AACA,UAAM,WAAW,KAAK,SAAS,mBAAmB;AAClD,WAAO,EAAE,SAAS,QAAQ,WAAW,eAAe,MAAM;AAAA,EAC5D;AAAA,EAEQ,uBACN,SACA,SACA,OACA,WACQ;AACR,UAAM,SAAS,IAAI,gBAAgB;AACnC,WAAO,IAAI,UAAU,eAAe;AACpC,WAAO,IAAI,WAAW,sBAAsB;AAC5C,WAAO,IAAI,aAAa,IAAI,KAAK,OAAO,EAAE,YAAY,CAAC;AACvD,WAAO,IAAI,WAAW,IAAI,KAAK,KAAK,EAAE,YAAY,CAAC;AACnD,WAAO,IAAI,UAAU,oBAAoB;AACzC,QAAI,cAAc,QAAW;AAC3B,aAAO,IAAI,aAAa,SAAS;AAAA,IACnC;AAEA,YAAQ,QAAQ,CAAC,OAAO,UAAU;AAChC,YAAM,SAAS,4BAA4B,QAAQ,CAAC;AACpD,aAAO,IAAI,GAAG,MAAM,OAAO,MAAM,EAAE;AACnC,aAAO,IAAI,GAAG,MAAM,eAAe,MAAM;AACzC,aAAO,IAAI,GAAG,MAAM,gCAAgC,MAAM,SAAS;AACnE,aAAO,IAAI,GAAG,MAAM,iCAAiC,MAAM,MAAM;AACjE,aAAO,IAAI,GAAG,MAAM,sBAAsB,OAAO,MAAM,aAAa,CAAC;AACrE,aAAO,IAAI,GAAG,MAAM,oBAAoB,MAAM,IAAI;AAClD,YAAM,aAAa,OAAO,QAAQ,MAAM,cAAc,CAAC,CAAC;AACxD,iBAAW,QAAQ,CAAC,CAAC,MAAM,KAAK,GAAG,aAAa;AAC9C,cAAM,YAAY,GAAG,MAAM,wCAAwC,WAAW,CAAC;AAC/E,eAAO,IAAI,GAAG,SAAS,SAAS,IAAI;AACpC,eAAO,IAAI,GAAG,SAAS,UAAU,KAAK;AAAA,MACxC,CAAC;AAAA,IACH,CAAC;AAED,WAAO,OAAO,SAAS;AAAA,EACzB;AAAA,EAEA,MAAM,KACJ,SACA,SACA,QACqB;AACrB,UAAM,UAAU,KAAK,SAAS;AAC9B,UAAM,QAAQ,IAAI,IAAI,QAAQ,IAAI,CAAC,MAAM,GAAG,EAAE,SAAS,IAAI,EAAE,MAAM,EAAE,CAAC;AAEtE,QAAI,QAAQ,WAAW,GAAG;AACxB,aAAO,EAAE,MAAM,KAAK;AAAA,IACtB;AAEA,UAAM,cAAc,IAAI,IAAI,QAAQ,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;AACzD,UAAM,EAAE,SAAS,MAAM,IAAI,KAAK,cAAc,OAAO;AAErD,UAAM,UAA0B,CAAC;AACjC,UAAM,OAAO,GAAG,kBAAkB,IAAI,KAAK,SAAS,MAAM;AAE1D,aAAS,IAAI,GAAG,IAAI,QAAQ,QAAQ,KAAK,sBAAsB;AAC7D,YAAM,QAAQ,QAAQ,MAAM,GAAG,IAAI,oBAAoB;AACvD,UAAI;AACJ,UAAI,OAAO;AACX,SAAG;AACD,YAAI,QAAQ,SAAS;AACnB,iBAAO,EAAE,MAAM,MAAM;AAAA,QACvB;AACA,cAAM,OAAO,KAAK;AAAA,UAChB;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AACA,cAAM,qBAAqB,MAAM,KAAK,0BAA0B,MAAM;AACtE,cAAM,MAAM,MAAM,KAAK,WAAW;AAAA,UAChC;AAAA,UACA,SAAS;AAAA,UACT;AAAA,UACA;AAAA,UACA,UAAU;AAAA,UACV;AAAA,QACF,CAAC;AACD,cAAM,SAAS,mBAAmB,GAAG;AACrC,mBAAW,UAAU,OAAO,SAAS;AACnC,gBAAM,QAAQ,YAAY,IAAI,OAAO,EAAE;AACvC,cAAI,UAAU,QAAW;AACvB;AAAA,UACF;AACA,eAAK,eAAe,SAAS,OAAO,MAAM;AAAA,QAC5C;AACA,oBAAY,OAAO,aAAa;AAChC,gBAAQ;AACR,aAAK,OAAO,KAAK,gBAAgB;AAAA,UAC/B,UAAU;AAAA,UACV;AAAA,UACA,OAAO,OAAO,QAAQ;AAAA,UACtB,MAAM,aAAa;AAAA,QACrB,CAAC;AAAA,MACH,SAAS,cAAc;AAAA,IACzB;AAEA,UAAM,QAAQ,QAAQ,SAAS,EAAE,OAAO,CAAC,GAAG,KAAK,EAAE,CAAC;AACpD,SAAK,OAAO,KAAK,iBAAiB;AAAA,MAChC,UAAU;AAAA,MACV,OAAO,QAAQ;AAAA,IACjB,CAAC;AACD,WAAO,EAAE,MAAM,KAAK;AAAA,EACtB;AAAA,EAEQ,eACN,SACA,OACA,QAMM;AACN,UAAM,OAAO,GAAG,MAAM,SAAS,IAAI,MAAM,MAAM;AAC/C,UAAM,iBAA4C;AAAA,MAChD,GAAI,MAAM,cAAc,CAAC;AAAA,MACzB,MAAM,MAAM;AAAA,MACZ,QAAQ,MAAM;AAAA,MACd,SAAS,MAAM;AAAA,MACf,YAAY,OAAO;AAAA,MACnB,OAAO,OAAO;AAAA,IAChB;AACA,UAAM,QAAQ,KAAK,IAAI,OAAO,WAAW,QAAQ,OAAO,OAAO,MAAM;AACrE,aAAS,IAAI,GAAG,IAAI,OAAO,KAAK;AAC9B,YAAM,KAAKA,YAAW,OAAO,WAAW,CAAC,GAAI,KAAK;AAClD,YAAM,QAAQ,OAAO,OAAO,CAAC;AAC7B,UAAI,OAAO,QAAQ,CAAC,OAAO,SAAS,KAAK,GAAG;AAC1C;AAAA,MACF;AACA,cAAQ,KAAK,EAAE,MAAM,IAAI,OAAO,YAAY,EAAE,GAAG,eAAe,EAAE,CAAC;AAAA,IACrE;AAAA,EACF;AACF;;;ACvWA,IAAO,gBAAQ;","names":["HTTP_CLIENT_VERSION","DEFAULT_USER_AGENT","parseEpoch","z","parseEpoch"]}
|
package/package.json
CHANGED
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@rawdash/connector-aws-cloudwatch",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.17.0",
|
|
4
4
|
"description": "Rawdash connector for AWS CloudWatch — pulls declared metric queries into the six-shape storage model via GetMetricData",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"type": "module",
|
|
7
|
+
"sideEffects": false,
|
|
7
8
|
"repository": {
|
|
8
9
|
"type": "git",
|
|
9
10
|
"url": "https://github.com/rawdash/rawdash.git",
|
|
@@ -23,7 +24,7 @@
|
|
|
23
24
|
},
|
|
24
25
|
"dependencies": {
|
|
25
26
|
"zod": "^4.4.3",
|
|
26
|
-
"@rawdash/core": "0.
|
|
27
|
+
"@rawdash/core": "0.17.0"
|
|
27
28
|
},
|
|
28
29
|
"devDependencies": {
|
|
29
30
|
"fast-check": "^4.8.0",
|
|
@@ -32,7 +33,7 @@
|
|
|
32
33
|
"vitest": "^4.1.4",
|
|
33
34
|
"@rawdash/connector-aws-shared": "0.1.0",
|
|
34
35
|
"@rawdash/connector-shared": "0.3.0",
|
|
35
|
-
"@rawdash/connector-test-utils": "0.0.
|
|
36
|
+
"@rawdash/connector-test-utils": "0.0.4"
|
|
36
37
|
},
|
|
37
38
|
"scripts": {
|
|
38
39
|
"build": "tsup",
|