@rawdash/connector-aws-cost 0.15.0 → 0.17.0

package/dist/index.js

@@ -1,9 +1,6 @@
 // ../aws-shared/dist/index.js
+import { BaseConnector } from "@rawdash/core";
 import { z } from "zod";
-import { z as z2 } from "zod";
-import { z as z3 } from "zod";
-import { z as z4 } from "zod";
-import { z as z5 } from "zod";
 var encoder = new TextEncoder();
 var ALGORITHM = "AWS4-HMAC-SHA256";
 function u8(data) {
@@ -162,648 +159,6 @@ function parseEpoch(value, unit) {
   const result = unit === "s" ? n * 1e3 : n;
   return Number.isFinite(result) ? result : null;
 }
-var HttpClientError2 = class extends Error {
-  response;
-  constructor(message, response) {
-    super(message);
-    this.name = new.target.name;
-    this.response = response;
-  }
-};
-var TransientError2 = class extends HttpClientError2 {
-  kind = "transient";
-};
-var RateLimitError2 = class extends HttpClientError2 {
-  kind = "rate_limit";
-  retryAfter;
-  constructor(message, response, retryAfter) {
-    super(message, response);
-    this.retryAfter = retryAfter;
-  }
-};
-var AuthError2 = class extends HttpClientError2 {
-  kind = "auth";
-};
-var UpstreamBugError = class extends HttpClientError2 {
-  kind = "upstream_bug";
-};
-var ClientBugError = class extends HttpClientError2 {
-  kind = "client_bug";
-};
-function classifyStatus(status) {
-  if (status === 429) {
-    return "rate_limit";
-  }
-  if (status === 401 || status === 403) {
-    return "auth";
-  }
-  if (status === 408) {
-    return "transient";
-  }
-  if (status >= 500) {
-    return "upstream_bug";
-  }
-  if (status >= 400) {
-    return "client_bug";
-  }
-  return "client_bug";
-}
-function errorForStatus(message, response, retryAfter) {
-  const kind = classifyStatus(response.status);
-  switch (kind) {
-    case "rate_limit":
-      return new RateLimitError2(message, response, retryAfter);
-    case "auth":
-      return new AuthError2(message, response);
-    case "transient":
-      return new TransientError2(message, response);
-    case "upstream_bug":
-      return new UpstreamBugError(message, response);
-    case "client_bug":
-      return new ClientBugError(message, response);
-  }
-}
-var defaultRetryOn = (status, err) => {
-  if (err instanceof RateLimitError2) {
-    return true;
-  }
-  if (err instanceof TransientError2) {
-    return true;
-  }
-  if (status === null) {
-    return err instanceof Error && !(err instanceof HttpClientError2);
-  }
-  if (status === 408 || status === 429) {
-    return true;
-  }
-  if (status >= 500) {
-    return true;
-  }
-  return false;
-};
-function parseRetryAfter(headerValue, now = /* @__PURE__ */ new Date()) {
-  if (!headerValue) {
-    return void 0;
-  }
-  const trimmed = headerValue.trim();
-  if (/^\d+$/.test(trimmed)) {
-    return new Date(now.getTime() + Number(trimmed) * 1e3);
-  }
-  const parsed = Date.parse(trimmed);
-  if (Number.isNaN(parsed)) {
-    return void 0;
-  }
-  return new Date(parsed);
-}
-function sleep(ms, signal) {
-  if (signal?.aborted) {
-    return Promise.reject(signal.reason ?? new Error("Aborted"));
-  }
-  return new Promise((resolve, reject) => {
-    const onAbort = () => {
-      clearTimeout(timer);
-      reject(signal.reason ?? new Error("Aborted"));
-    };
-    const timer = setTimeout(() => {
-      signal?.removeEventListener("abort", onAbort);
-      resolve();
-    }, ms);
-    signal?.addEventListener("abort", onAbort, { once: true });
-  });
-}
-var HTTP_CLIENT_VERSION2 = "0.0.0";
-var DEFAULT_USER_AGENT2 = `rawdash-connector/${HTTP_CLIENT_VERSION2} (+https://rawdash.dev)`;
-var DEFAULT_TIMEOUT_MS = 1e4;
-var DEFAULT_MAX_ATTEMPTS = 3;
-var DEFAULT_INITIAL_DELAY_MS = 1e3;
-var DEFAULT_MAX_DELAY_MS = 6e4;
-var OBSERVER_TIMEOUT_MS = 250;
-async function notifyObserver(observer, event) {
-  let result;
-  try {
-    result = observer(event);
-  } catch (err) {
-    console.warn("[connector-shared] request observer threw:", err);
-    return;
-  }
-  if (!(result instanceof Promise)) {
-    return;
-  }
-  const guarded = result.catch((err) => {
-    console.warn("[connector-shared] request observer rejected:", err);
-  });
-  let timer;
-  const timeout = new Promise((resolve) => {
-    timer = setTimeout(resolve, OBSERVER_TIMEOUT_MS);
-  });
-  try {
-    await Promise.race([guarded, timeout]);
-  } finally {
-    if (timer) {
-      clearTimeout(timer);
-    }
-  }
-}
-function newRequestId() {
-  const c = globalThis.crypto;
-  if (c?.randomUUID) {
-    return c.randomUUID();
-  }
-  return `${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 10)}`;
-}
-function mergeHeaders(defaults, overrides) {
-  const merged = {};
-  for (const [k, v] of Object.entries(defaults)) {
-    merged[k.toLowerCase()] = v;
-  }
-  if (overrides) {
-    for (const [k, v] of Object.entries(overrides)) {
-      merged[k.toLowerCase()] = v;
-    }
-  }
-  return merged;
-}
-function linkTimeoutSignal(parent, timeoutMs) {
-  const controller = new AbortController();
-  const onParentAbort = () => {
-    controller.abort(parent?.reason);
-  };
-  if (parent) {
-    if (parent.aborted) {
-      controller.abort(parent.reason);
-    } else {
-      parent.addEventListener("abort", onParentAbort, { once: true });
-    }
-  }
-  const timer = setTimeout(() => {
-    controller.abort(new Error(`Request timed out after ${timeoutMs}ms`));
-  }, timeoutMs);
-  return {
-    signal: controller.signal,
-    cancel: () => {
-      clearTimeout(timer);
-      if (parent) {
-        parent.removeEventListener("abort", onParentAbort);
-      }
-    }
-  };
-}
-async function readBody(res, parseJson) {
-  if (res.status === 204 || res.status === 205) {
-    return null;
-  }
-  const contentType = res.headers.get("content-type") ?? "";
-  if (parseJson && contentType.includes("application/json")) {
-    const text = await res.text();
-    if (text.length === 0) {
-      return null;
-    }
-    return JSON.parse(text);
-  }
-  return res.text();
-}
-async function request(req, options) {
-  const fetchImpl = options.fetch ?? globalThis.fetch;
-  const retry = req.retry ?? {};
-  const maxAttempts = retry.maxAttempts ?? DEFAULT_MAX_ATTEMPTS;
-  const initialDelayMs = retry.initialDelayMs ?? DEFAULT_INITIAL_DELAY_MS;
-  const maxDelayMs = retry.maxDelayMs ?? DEFAULT_MAX_DELAY_MS;
-  const retryOn = retry.retryOn ?? defaultRetryOn;
-  const timeoutMs = req.timeoutMs ?? DEFAULT_TIMEOUT_MS;
-  const parseJson = req.parseJson ?? true;
-  const headers = mergeHeaders(
-    {
-      "User-Agent": DEFAULT_USER_AGENT2,
-      Accept: "application/json"
-    },
-    req.headers
-  );
-  let lastErr;
-  for (let attempt = 0; attempt < maxAttempts; attempt++) {
-    req.signal?.throwIfAborted();
-    const { signal, cancel } = linkTimeoutSignal(req.signal, timeoutMs);
-    let res;
-    try {
-      res = await fetchImpl(req.url, {
-        method: req.method ?? "GET",
-        headers,
-        body: req.body,
-        signal
-      });
-    } catch (err2) {
-      cancel();
-      if (req.signal?.aborted) {
-        throw req.signal.reason ?? err2;
-      }
-      const error = err2 instanceof Error ? err2 : new Error(String(err2));
-      lastErr = error;
-      if (attempt < maxAttempts - 1 && retryOn(null, error)) {
-        const delay = computeDelay(attempt, initialDelayMs, maxDelayMs);
-        await sleep(delay, req.signal);
-        continue;
-      }
-      throw new TransientError2(error.message);
-    }
-    cancel();
-    const body = await readBody(res, parseJson);
-    const httpResponse = {
-      status: res.status,
-      headers: res.headers,
-      body
-    };
-    if (req.rateLimit) {
-      const state = req.rateLimit.parse(res.headers);
-      if (state) {
-        httpResponse.rateLimitState = state;
-      }
-    }
-    if (options.observer) {
-      await notifyObserver(options.observer, {
-        url: req.url,
-        method: req.method ?? "GET",
-        status: res.status,
-        resource: options.resource,
-        requestId: options.requestId ?? newRequestId(),
-        body
-      });
-    }
-    if (res.ok) {
-      return httpResponse;
-    }
-    const retryAfter = parseRetryAfter(res.headers.get("retry-after"));
-    const message = `HTTP ${res.status} ${res.statusText} for ${req.method ?? "GET"} ${req.url}`;
-    const err = errorForStatus(message, httpResponse, retryAfter);
-    if (attempt < maxAttempts - 1 && retryOn(res.status, err) && !(err instanceof AuthError2) && !(err instanceof ClientBugError)) {
-      lastErr = err;
-      let delay = computeDelay(attempt, initialDelayMs, maxDelayMs);
-      if (err instanceof RateLimitError2 && retryAfter) {
-        const wait = retryAfter.getTime() - Date.now();
-        if (wait > 0) {
-          delay = Math.min(wait, maxDelayMs);
-        }
-      }
-      await sleep(delay, req.signal);
-      continue;
-    }
-    throw err;
-  }
-  throw lastErr ?? new UpstreamBugError("Exhausted retry attempts");
-}
-function computeDelay(attempt, initialDelayMs, maxDelayMs) {
-  const base = initialDelayMs * 2 ** attempt;
-  const jitter = base * 0.25 * Math.random();
-  return Math.min(base + jitter, maxDelayMs);
-}
-var MAX_VALUE_LEN = 120;
-function truncate(s, max = MAX_VALUE_LEN) {
-  if (s.length <= max) {
-    return s;
-  }
-  return `${s.slice(0, max - 1)}\u2026`;
-}
-function formatValue(value) {
-  if (value === null) {
-    return "null";
-  }
-  if (value === void 0) {
-    return "";
-  }
-  if (typeof value === "number" || typeof value === "boolean") {
-    return String(value);
-  }
-  if (typeof value === "string") {
-    const t = truncate(value);
-    if (/[\s"=]/.test(t)) {
-      return JSON.stringify(t);
-    }
-    return t;
-  }
-  if (typeof value === "bigint") {
-    return value.toString();
-  }
-  let json;
-  try {
-    json = JSON.stringify(value);
-  } catch {
-    json = void 0;
-  }
-  return truncate(json ?? String(value));
-}
-function formatLogFields(fields) {
-  if (!fields) {
-    return "";
-  }
-  const parts = [];
-  for (const [k, v] of Object.entries(fields)) {
-    if (v === void 0) {
-      continue;
-    }
-    parts.push(`${k}=${formatValue(v)}`);
-  }
-  return parts.length > 0 ? ` ${parts.join(" ")}` : "";
-}
-function formatLogLine(scope, event, fields) {
-  return `[${scope}] ${event}${formatLogFields(fields)}`;
-}
-function createDefaultConnectorLogger(opts) {
-  return {
-    info(event, fields) {
-      console.info(formatLogLine(opts.scope, event, fields));
-    },
-    warn(event, fields) {
-      console.warn(formatLogLine(opts.scope, event, fields));
-    }
-  };
-}
-function isSecret(value) {
-  return typeof value === "object" && value !== null && "$secret" in value && typeof value.$secret === "string";
-}
-var secretRefSchema = z.strictObject({
-  $secret: z.string()
-});
-var EnvSecretsResolver = class {
-  resolve(name) {
-    const env = globalThis.process?.env;
-    const raw = env?.[name];
-    if (raw === void 0) {
-      return void 0;
-    }
-    if (raw.length === 0) {
-      return raw;
-    }
-    const first = raw.charCodeAt(0);
-    if (first !== 123 && first !== 91) {
-      return raw;
-    }
-    try {
-      return JSON.parse(raw);
-    } catch {
-      return raw;
-    }
-  }
-};
-function resolveSecrets(obj, resolver) {
-  if (isSecret(obj)) {
-    const name = obj.$secret;
-    const value = resolver.resolve(name);
-    if (value === void 0) {
-      throw new Error(
-        `Missing secret "${name}". Set it via process.env.${name} or the CLI: rawdash secrets set ${name} ...`
-      );
-    }
-    return value;
-  }
-  if (Array.isArray(obj)) {
-    return obj.map((item) => resolveSecrets(item, resolver));
-  }
-  if (typeof obj === "object" && obj !== null) {
-    const result = {};
-    for (const [key, val] of Object.entries(obj)) {
-      Object.defineProperty(result, key, {
-        value: resolveSecrets(val, resolver),
-        enumerable: true,
-        configurable: true,
-        writable: true
-      });
-    }
-    return result;
-  }
-  return obj;
-}
-var BaseConnector = class {
-  credentials;
-  settings;
-  creds;
-  rawCredInput;
-  ctx;
-  cachedLogger;
-  constructor(settings, creds, ctx) {
-    this.settings = settings;
-    this.rawCredInput = creds;
-    this.ctx = ctx ?? {};
-    this.creds = creds ? resolveSecrets(
-      creds,
-      this.ctx.secretsResolver ?? new EnvSecretsResolver()
-    ) : {};
-  }
-  get logger() {
-    if (!this.cachedLogger) {
-      this.cachedLogger = this.ctx.logger ?? createDefaultConnectorLogger({ scope: this.id });
-    }
-    return this.cachedLogger;
-  }
-  request(req, opts) {
-    return request(req, {
-      resource: opts.resource,
-      requestId: opts.requestId,
-      observer: this.ctx.observer
-    });
-  }
-  get(url, opts) {
-    return this.request(
-      {
-        url,
-        method: "GET",
-        headers: opts.headers,
-        signal: opts.signal,
-        rateLimit: opts.rateLimit
-      },
-      { resource: opts.resource, requestId: opts.requestId }
-    );
-  }
-  post(url, opts) {
-    return this.request(
-      {
-        url,
-        method: "POST",
-        headers: opts.headers,
-        body: opts.body,
-        signal: opts.signal,
-        rateLimit: opts.rateLimit
-      },
-      { resource: opts.resource, requestId: opts.requestId }
-    );
-  }
-  isResourceEnabled(resource) {
-    const enabled = this.settings?.resources;
-    if (!enabled || enabled.length === 0) {
-      return true;
-    }
-    return enabled.includes(resource);
-  }
-  serializeConfig() {
-    const config = {
-      ...this.settings
-    };
-    if (this.rawCredInput) {
-      for (const [key, value] of Object.entries(
-        this.rawCredInput
-      )) {
-        if (value !== void 0) {
-          config[key] = value;
-        }
-      }
-    }
-    return config;
-  }
-  sleep(ms, signal) {
-    if (signal?.aborted) {
-      return Promise.reject(signal.reason ?? new Error("Aborted"));
-    }
-    return new Promise((resolve, reject) => {
-      const onAbort = () => {
-        clearTimeout(timer);
-        reject(signal.reason ?? new Error("Aborted"));
-      };
-      const timer = setTimeout(() => {
-        signal?.removeEventListener("abort", onAbort);
-        resolve();
-      }, ms);
-      signal?.addEventListener("abort", onAbort, { once: true });
-    });
-  }
-  async withRetry(fn, options) {
-    const {
-      maxAttempts = 10,
-      initialDelayMs = 1e3,
-      maxDelayMs = 1e4,
-      signal
-    } = options ?? {};
-    for (let attempt = 0; attempt < maxAttempts; attempt++) {
-      signal?.throwIfAborted();
-      const result = await fn(signal);
-      if (result.status === "done") {
-        return result.value;
-      }
-      if (attempt < maxAttempts - 1) {
-        const delay = Math.min(initialDelayMs * 2 ** attempt, maxDelayMs);
-        await this.sleep(delay, signal);
-      }
-    }
-    return null;
-  }
-};
-var shapeSchema = z2.enum([
-  "event",
-  "entity",
-  "metric",
-  "edge",
-  "distribution"
-]);
-var aggFnSchema = z2.enum([
-  "count",
-  "sum",
-  "avg",
-  "min",
-  "max",
-  "latest",
-  "first"
-]);
-var filterOperatorSchema = z2.enum([
-  "eq",
-  "neq",
-  "gt",
-  "gte",
-  "lt",
-  "lte",
-  "contains"
-]);
-var filterConditionSchema = z2.object({
-  field: z2.string(),
-  op: filterOperatorSchema,
-  value: z2.union([z2.string(), z2.number(), z2.boolean()])
-});
-var filterClauseSchema = z2.union([
-  filterConditionSchema,
-  z2.object({ or: z2.array(filterConditionSchema) })
-]);
-var groupBySchema = z2.object({
-  field: z2.string(),
-  granularity: z2.enum(["hour", "day", "week", "month"])
-});
-var computedMetricSchema = z2.object({
-  connectorId: z2.string(),
-  shape: shapeSchema,
-  name: z2.string().optional(),
-  entityType: z2.string().optional(),
-  field: z2.string().optional(),
-  fn: aggFnSchema,
-  window: z2.string().optional(),
-  filter: z2.array(filterClauseSchema).optional(),
-  groupBy: groupBySchema.optional()
-}).refine((m) => m.fn === "count" || m.field !== void 0, {
-  message: 'field is required unless fn is "count"',
-  path: ["field"]
-});
-var titleField = z2.string().meta({ label: "Title", description: "Widget title." });
-var statWidgetSchema = z2.object({
-  kind: z2.literal("stat"),
-  title: titleField,
-  metric: computedMetricSchema.meta({
-    label: "Metric",
-    description: "Computed metric definition."
-  }),
-  window: z2.string().optional().meta({ label: "Window", description: "Time window, e.g. '7d'." }),
-  compare: z2.enum(["none", "previous-period"]).default("none").meta({ label: "Compare", description: "Comparison mode." })
-});
-var statusWidgetSchema = z2.object({
-  kind: z2.literal("status"),
-  title: titleField,
-  source: z2.string().meta({
-    label: "Source",
-    description: "Connector or data source reference."
-  })
-});
-var timeseriesWidgetSchema = z2.object({
-  kind: z2.literal("timeseries"),
-  title: titleField,
-  metric: computedMetricSchema.meta({
-    label: "Metric",
-    description: "Computed metric definition."
-  }),
-  window: z2.string().meta({ label: "Window", description: "Time window, e.g. '30d'." }),
-  granularity: z2.enum(["hour", "day", "week"]).default("day").meta({ label: "Granularity", description: "Time bucket size." })
-});
-var distributionWidgetSchema = z2.object({
-  kind: z2.literal("distribution"),
-  title: titleField,
-  metric: computedMetricSchema.meta({
-    label: "Metric",
-    description: "Computed metric definition."
-  }),
-  window: z2.string().meta({ label: "Window", description: "Time window, e.g. '7d'." })
-});
-var widgetSchemas = {
-  stat: statWidgetSchema,
-  status: statusWidgetSchema,
-  timeseries: timeseriesWidgetSchema,
-  distribution: distributionWidgetSchema
-};
-var widgetSchema = z2.discriminatedUnion("kind", [
-  statWidgetSchema,
-  statusWidgetSchema,
-  timeseriesWidgetSchema,
-  distributionWidgetSchema
-]);
-var VALID_WIDGET_KINDS = new Set(Object.keys(widgetSchemas));
-var wireConnectorSchema = z4.object({
-  name: z4.string(),
-  connectorId: z4.string(),
-  displayName: z4.string().optional(),
-  config: z4.record(z4.string(), z4.unknown()),
-  syncIntervalSeconds: z4.number().optional(),
-  enabled: z4.boolean().optional()
-});
-var wireDashboardSchema = z4.object({
-  id: z4.string().optional(),
-  name: z4.string(),
-  slug: z4.string(),
-  config: z4.record(z4.string(), z4.unknown())
-});
-var wireConfigSchema = z4.object({
-  connectors: z4.array(wireConnectorSchema).optional(),
-  dashboards: z4.array(wireDashboardSchema).optional()
-});
 var awsCredentialsSchema = {
   accessKeyId: {
     description: "AWS access key ID",
@@ -979,7 +334,7 @@ var BaseAWSConnector = class extends BaseConnector {
   }
 };
 var awsAuthConfigShape = {
-  region: z5.string().regex(
+  region: z.string().regex(
     /^[a-z0-9-]+$/,
     "region must look like an AWS region, e.g. us-east-1"
   ).meta({
@@ -987,17 +342,17 @@ var awsAuthConfigShape = {
     description: "The AWS region whose service endpoint you want to call, e.g. us-east-1.",
     placeholder: "us-east-1"
   }),
-  accessKeyId: z5.object({ $secret: z5.string() }).optional().meta({
+  accessKeyId: z.object({ $secret: z.string() }).optional().meta({
     label: "Access Key ID",
     description: "AWS access key ID for an IAM principal with permission to call the relevant service. Use together with the secret access key for static-credential auth.",
     secret: true
   }),
-  secretAccessKey: z5.object({ $secret: z5.string() }).optional().meta({
+  secretAccessKey: z.object({ $secret: z.string() }).optional().meta({
     label: "Secret Access Key",
     description: "AWS secret access key paired with the access key ID above.",
     secret: true
   }),
-  roleArn: z5.string().regex(
+  roleArn: z.string().regex(
     /^arn:aws:iam::\d{12}:role\/.+/,
     "roleArn must be a full IAM role ARN, e.g. arn:aws:iam::123456789012:role/rawdash"
   ).optional().meta({
@@ -1005,7 +360,7 @@ var awsAuthConfigShape = {
     description: "IAM role to assume via STS instead of using static keys. The base credentials (the access key above, or the ambient AWS environment) must be allowed to sts:AssumeRole this role.",
     placeholder: "arn:aws:iam::123456789012:role/rawdash"
   }),
-  externalId: z5.string().min(1).optional().meta({
+  externalId: z.string().min(1).optional().meta({
     label: "External ID",
     description: "External ID required by the trust policy of the role being assumed. Only used with Role ARN."
   })
@@ -1023,7 +378,7 @@ var awsAuthRefine = {
 };
 
 // ../../connector-shared/dist/index.js
-var HttpClientError3 = class extends Error {
+var HttpClientError2 = class extends Error {
   response;
   constructor(message, response) {
     super(message);
@@ -1031,10 +386,10 @@ var HttpClientError3 = class extends Error {
     this.response = response;
   }
 };
-var TransientError3 = class extends HttpClientError3 {
+var TransientError2 = class extends HttpClientError2 {
   kind = "transient";
 };
-var RateLimitError3 = class extends HttpClientError3 {
+var RateLimitError2 = class extends HttpClientError2 {
   kind = "rate_limit";
   retryAfter;
   constructor(message, response, retryAfter) {
@@ -1042,30 +397,33 @@ var RateLimitError3 = class extends HttpClientError3 {
     this.retryAfter = retryAfter;
   }
 };
-var AuthError3 = class extends HttpClientError3 {
+var AuthError2 = class extends HttpClientError2 {
   kind = "auth";
 };
-var HTTP_CLIENT_VERSION3 = "0.0.0";
-var DEFAULT_USER_AGENT3 = `rawdash-connector/${HTTP_CLIENT_VERSION3} (+https://rawdash.dev)`;
+var HTTP_CLIENT_VERSION2 = "0.0.0";
+var DEFAULT_USER_AGENT2 = `rawdash-connector/${HTTP_CLIENT_VERSION2} (+https://rawdash.dev)`;
 function connectorUserAgent2(connectorId) {
-  return `rawdash-connector-${connectorId}/${HTTP_CLIENT_VERSION3} (+https://rawdash.dev)`;
+  return `rawdash-connector-${connectorId}/${HTTP_CLIENT_VERSION2} (+https://rawdash.dev)`;
 }
 
 // src/aws-cost.ts
 import {
-  defineConfigFields
+  defineConfigFields,
+  defineConnectorDoc,
+  defineResources,
+  schemasFromResources
 } from "@rawdash/core";
-import { z as z6 } from "zod";
+import { z as z2 } from "zod";
 var { region: _region, ...awsAuthWithoutRegion } = awsAuthConfigShape;
 var configFields = defineConfigFields(
-  z6.object({
+  z2.object({
     ...awsAuthWithoutRegion,
-    granularity: z6.enum(["DAILY", "MONTHLY"]).optional().meta({
+    granularity: z2.enum(["DAILY", "MONTHLY"]).optional().meta({
       label: "Granularity",
       description: "Time granularity of cost buckets. DAILY (default) or MONTHLY. Each Cost Explorer query is billed at $0.01, so MONTHLY is cheaper over long windows."
     }),
-    groupBy: z6.array(
-      z6.string().regex(
+    groupBy: z2.array(
+      z2.string().regex(
         /^(SERVICE|LINKED_ACCOUNT|TAG:.+|COST_CATEGORY:.+)$/,
         "groupBy entries must be SERVICE, LINKED_ACCOUNT, TAG:<key>, or COST_CATEGORY:<key>"
       )
@@ -1073,7 +431,7 @@ var configFields = defineConfigFields(
       label: "Group by (optional)",
       description: "Up to two Cost Explorer dimensions to break costs down by, e.g. SERVICE, LINKED_ACCOUNT, or TAG:Environment. Omit for total cost only."
     }),
-    lookbackDays: z6.number().int().positive().optional().meta({
+    lookbackDays: z2.number().int().positive().optional().meta({
       label: "Backfill window (days)",
       description: "How many days of history to fetch on a full sync. Defaults to 90.",
       placeholder: "90"
@@ -1082,6 +440,31 @@ var configFields = defineConfigFields(
     message: awsAuthRefine.message
   })
 );
+var doc = defineConnectorDoc({
+  displayName: "AWS Cost Explorer",
+  category: "finance",
+  brandColor: "#6CAE3E",
+  tagline: "Track AWS spend over time and projected month-end costs, optionally broken down by service, account, tag, or cost category.",
+  vendor: {
+    name: "Amazon Web Services",
+    apiDocs: "https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_Operations_AWS_Cost_Explorer_Service.html",
+    website: "https://aws.amazon.com/aws-cost-management/aws-cost-explorer/"
+  },
+  auth: {
+    summary: "Authenticate either with a long-lived IAM access key pair or by assuming an IAM role (Role ARN with an optional External ID). The principal needs the `ce:GetCostAndUsage` and `ce:GetCostForecast` permissions. Cost Explorer is a global service reached through its us-east-1 endpoint.",
+    setup: [
+      "In the AWS console, create an IAM user or role granting `ce:GetCostAndUsage` and `ce:GetCostForecast`.",
+      'For access-key auth, generate an access key pair and store both halves as secrets, then reference them as `accessKeyId: secret("AWS_ACCESS_KEY_ID")` and `secretAccessKey: secret("AWS_SECRET_ACCESS_KEY")`.',
+      "For role-assumption auth, set `roleArn` to the role to assume and (if configured) `externalId` to the role\u2019s expected external ID.",
+      "Cost Explorer must be enabled for the account; the first activation can take up to 24 hours before data is queryable."
+    ]
+  },
+  rateLimit: "Cost Explorer throttling (ThrottlingException) is retried with backoff. Cost Explorer is global and always reached via ce.us-east-1.amazonaws.com.",
+  limitations: [
+    "Cost Explorer data can be revised for a couple of days after the fact, so incremental syncs refetch a short trailing window.",
+    "Forecast is unavailable for brand-new accounts (DataUnavailableException is treated as no forecast, not an error)."
+  ]
+});
 var AWS_REGION = "us-east-1";
 var CE_HOST = "ce.us-east-1.amazonaws.com";
 var CE_URL = `https://${CE_HOST}/`;
@@ -1094,30 +477,30 @@ var DEFAULT_BACKFILL_DAYS = 90;
 var INCREMENTAL_LOOKBACK_DAYS = 3;
 var MS_PER_DAY = 864e5;
 var PHASE_ORDER = ["daily_cost", "forecast"];
-var amountString = z6.string().regex(/^-?\d+(\.\d+)?$/);
-var ceDateString = z6.string().regex(/^\d{4}-\d{2}-\d{2}$/);
-var metricAmount = z6.object({ Amount: amountString, Unit: z6.string() });
-var getCostAndUsageResponse = z6.object({
-  ResultsByTime: z6.array(
-    z6.object({
-      TimePeriod: z6.object({ Start: ceDateString, End: ceDateString }),
-      Total: z6.object({ UnblendedCost: metricAmount.optional() }).optional(),
-      Groups: z6.array(
-        z6.object({
-          Keys: z6.array(z6.string()),
-          Metrics: z6.object({ UnblendedCost: metricAmount })
+var amountString = z2.string().regex(/^-?\d+(\.\d+)?$/);
+var ceDateString = z2.string().regex(/^\d{4}-\d{2}-\d{2}$/);
+var metricAmount = z2.object({ Amount: amountString, Unit: z2.string() });
+var getCostAndUsageResponse = z2.object({
+  ResultsByTime: z2.array(
+    z2.object({
+      TimePeriod: z2.object({ Start: ceDateString, End: ceDateString }),
+      Total: z2.object({ UnblendedCost: metricAmount.optional() }).optional(),
+      Groups: z2.array(
+        z2.object({
+          Keys: z2.array(z2.string()),
+          Metrics: z2.object({ UnblendedCost: metricAmount })
         })
       ).optional(),
-      Estimated: z6.boolean().optional()
+      Estimated: z2.boolean().optional()
     })
   ),
-  NextPageToken: z6.string().optional()
+  NextPageToken: z2.string().optional()
 });
-var getCostForecastResponse = z6.object({
+var getCostForecastResponse = z2.object({
   Total: metricAmount.optional(),
-  ForecastResultsByTime: z6.array(
-    z6.object({
-      TimePeriod: z6.object({ Start: ceDateString, End: ceDateString }),
+  ForecastResultsByTime: z2.array(
+    z2.object({
+      TimePeriod: z2.object({ Start: ceDateString, End: ceDateString }),
       MeanValue: amountString,
       PredictionIntervalLowerBound: amountString.optional(),
       PredictionIntervalUpperBound: amountString.optional()
@@ -1154,15 +537,15 @@ function mapAwsJsonError(err) {
   const type = extractAwsErrorType(httpError);
   const status = httpError.response?.status ?? 0;
   if (/throttl|TooManyRequests|RequestLimitExceeded/i.test(type) || status === 429) {
-    return new RateLimitError3(httpError.message, httpError.response);
+    return new RateLimitError2(httpError.message, httpError.response);
   }
   if (/AccessDenied|UnrecognizedClient|InvalidClientTokenId|SignatureDoesNotMatch|AuthFailure|InvalidSignature|ExpiredToken/i.test(
     type
   ) || status === 403) {
-    return new AuthError3(httpError.message, httpError.response);
+    return new AuthError2(httpError.message, httpError.response);
   }
   if (status >= 500) {
-    return new TransientError3(httpError.message, httpError.response);
+    return new TransientError2(httpError.message, httpError.response);
   }
   return err;
 }
@@ -1235,12 +618,12 @@ function buildDailyCostSamples(body, granularity, groupBy) {
     const groups = result.Groups ?? [];
     if (groups.length > 0) {
       for (const group of groups) {
-        const cost2 = group.Metrics?.["UnblendedCost"];
+        const cost3 = group.Metrics?.["UnblendedCost"];
         const keys = group.Keys ?? [];
         const attributes = {
           granularity,
           estimated,
-          unit: cost2?.Unit ?? "USD"
+          unit: cost3?.Unit ?? "USD"
         };
         for (let i = 0; i < keys.length; i++) {
           attributes[groupAttrName(groupBy, i)] = keys[i] ?? null;
@@ -1248,21 +631,21 @@ function buildDailyCostSamples(body, granularity, groupBy) {
         samples.push({
           name: DAILY_METRIC_NAME,
           ts,
-          value: parseAmount(cost2?.Amount),
+          value: parseAmount(cost3?.Amount),
           attributes
         });
       }
       continue;
     }
-    const cost = result.Total?.["UnblendedCost"];
-    if (!cost) {
+    const cost2 = result.Total?.["UnblendedCost"];
+    if (!cost2) {
       continue;
     }
     samples.push({
       name: DAILY_METRIC_NAME,
       ts,
-      value: parseAmount(cost.Amount),
-      attributes: { granularity, estimated, unit: cost.Unit ?? "USD" }
+      value: parseAmount(cost2.Amount),
+      attributes: { granularity, estimated, unit: cost2.Unit ?? "USD" }
     });
   }
   return samples;
@@ -1350,12 +733,74 @@ function isAwsCostCursor(value) {
   }
   return typeof p.start === "string" && typeof p.end === "string";
 }
+var awsCostResources = defineResources({
+  aws_cost_daily: {
+    shape: "metric",
+    description: "Historical unblended AWS cost per time bucket, optionally split across the configured group-by dimensions. The current bucket is estimated and overwritten on later syncs as it finalizes.",
+    endpoint: "POST GetCostAndUsage",
+    unit: "USD",
+    granularity: "daily",
+    notes: "Prefer MONTHLY granularity over long windows since each Cost Explorer query is billed. Cost Explorer accepts at most two group-by dimensions per query.",
+    dimensions: [
+      {
+        name: "granularity",
+        description: "Bucket granularity, DAILY or MONTHLY."
+      },
+      {
+        name: "estimated",
+        description: "Whether the bucket is still estimated rather than finalized."
+      },
+      {
+        name: "unit",
+        description: "Currency unit reported by AWS, e.g. USD."
+      },
+      {
+        name: "service",
+        description: "AWS service name, present when grouping by SERVICE (other group-by dimensions appear as linked_account, tag_<key>, or cost_category_<key>)."
+      }
+    ],
+    responses: { daily_cost: getCostAndUsageResponse }
+  },
+  aws_cost_forecast: {
+    shape: "metric",
+    description: "Projected future unblended AWS cost (mean value) with optional lower and upper prediction-interval bounds. Empty when the account has insufficient history to forecast.",
+    endpoint: "POST GetCostForecast",
+    unit: "USD",
+    granularity: "daily",
+    notes: "Prefer MONTHLY granularity over long windows since each Cost Explorer query is billed.",
+    dimensions: [
+      {
+        name: "granularity",
+        description: "Bucket granularity, DAILY or MONTHLY."
+      },
+      {
+        name: "unit",
+        description: "Currency unit reported by AWS, e.g. USD."
+      },
+      {
+        name: "lowerBound",
+        description: "Lower bound of the prediction interval, if provided."
+      },
+      {
+        name: "upperBound",
+        description: "Upper bound of the prediction interval, if provided."
+      }
+    ],
+    responses: { forecast: getCostForecastResponse }
+  }
+});
+var id = "aws-cost";
+var cost = {
+  recommendedInterval: "1 day",
+  minInterval: "1 hour",
+  perSync: "2 Cost Explorer queries (about $0.02)",
+  warning: "Each AWS Cost Explorer query is billed $0.01; avoid syncing more often than necessary."
+};
 var AwsCostConnector = class _AwsCostConnector extends BaseAWSConnector {
-  static id = "aws-cost";
-  static schemas = {
-    daily_cost: getCostAndUsageResponse,
-    forecast: getCostForecastResponse
-  };
+  static id = id;
+  static resources = awsCostResources;
+  static schemas = schemasFromResources(awsCostResources);
+  static cost = cost;
   static create(input, ctx) {
     const parsed = configFields.parse(input);
     return new _AwsCostConnector(
@@ -1374,7 +819,7 @@ var AwsCostConnector = class _AwsCostConnector extends BaseAWSConnector {
       ctx
     );
   }
-  id = "aws-cost";
+  id = id;
   async callCostExplorer(action, payload, resource, signal) {
     const credentials = await this.resolveSigningCredentials(signal);
     const body = JSON.stringify(payload);
@@ -1524,7 +969,11 @@ export {
   buildDailyCostSamples,
   buildForecastSamples,
   configFields,
+  cost,
   index_default as default,
-  getCostWindow
+  doc,
+  getCostWindow,
+  id,
+  awsCostResources as resources
 };
 //# sourceMappingURL=index.js.map