@rawdash/connector-aws-cost 0.15.0

package/dist/index.js

@@ -0,0 +1,1530 @@
+// ../aws-shared/dist/index.js
+import { z } from "zod";
+import { z as z2 } from "zod";
+import { z as z3 } from "zod";
+import { z as z4 } from "zod";
+import { z as z5 } from "zod";
+var encoder = new TextEncoder();
+var ALGORITHM = "AWS4-HMAC-SHA256";
+function u8(data) {
+  return new Uint8Array(encoder.encode(data));
+}
+function toHex(buffer) {
+  const bytes = new Uint8Array(buffer);
+  let hex = "";
+  for (let i = 0; i < bytes.length; i++) {
+    hex += bytes[i].toString(16).padStart(2, "0");
+  }
+  return hex;
+}
+async function sha256Hex(data) {
+  const digest = await globalThis.crypto.subtle.digest("SHA-256", u8(data));
+  return toHex(digest);
+}
+async function hmac(key, data) {
+  const cryptoKey = await globalThis.crypto.subtle.importKey(
+    "raw",
+    key,
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    ["sign"]
+  );
+  return globalThis.crypto.subtle.sign("HMAC", cryptoKey, u8(data));
+}
+async function deriveSigningKey(secretAccessKey, dateStamp, region, service) {
+  const kDate = await hmac(u8(`AWS4${secretAccessKey}`), dateStamp);
+  const kRegion = await hmac(kDate, region);
+  const kService = await hmac(kRegion, service);
+  return hmac(kService, "aws4_request");
+}
+function formatAmzDate(date) {
+  const amzDate = date.toISOString().replace(/[:-]|\.\d{3}/g, "");
+  return { amzDate, dateStamp: amzDate.slice(0, 8) };
+}
+async function createAuthorizationHeader(params) {
+  const lowerHeaders = {};
+  for (const [key, value] of Object.entries(params.headers)) {
+    lowerHeaders[key.toLowerCase()] = value.trim().replace(/\s+/g, " ");
+  }
+  const sortedNames = Object.keys(lowerHeaders).sort();
+  const canonicalHeaders = sortedNames.map((name) => `${name}:${lowerHeaders[name]}
+`).join("");
+  const signedHeaders = sortedNames.join(";");
+  const canonicalRequest = [
+    params.method,
+    params.path,
+    params.query,
+    canonicalHeaders,
+    signedHeaders,
+    params.payloadHash
+  ].join("\n");
+  const credentialScope = `${params.dateStamp}/${params.region}/${params.service}/aws4_request`;
+  const stringToSign = [
+    ALGORITHM,
+    params.amzDate,
+    credentialScope,
+    await sha256Hex(canonicalRequest)
+  ].join("\n");
+  const signingKey = await deriveSigningKey(
+    params.secretAccessKey,
+    params.dateStamp,
+    params.region,
+    params.service
+  );
+  const signature = toHex(await hmac(signingKey, stringToSign));
+  return `${ALGORITHM} Credential=${params.accessKeyId}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signature}`;
+}
+function decodeEntities(value) {
+  return value.replace(/&lt;/g, "<").replace(/&gt;/g, ">").replace(/&quot;/g, '"').replace(/&#39;/g, "'").replace(/&apos;/g, "'").replace(/&amp;/g, "&");
+}
+function firstInner(xml, tag) {
+  const escapedTag = tag.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+  const open = new RegExp(`<${escapedTag}(?:\\s[^>]*)?>`).exec(xml);
+  if (!open) {
+    return new RegExp(`<${escapedTag}\\s*/>`).test(xml) ? "" : null;
+  }
+  const start = open.index + open[0].length;
+  const closeIdx = xml.indexOf(`</${tag}>`, start);
+  if (closeIdx === -1) {
+    return null;
+  }
+  return xml.slice(start, closeIdx);
+}
+function firstText(xml, tag) {
+  const inner = firstInner(xml, tag);
+  return inner === null ? null : decodeEntities(inner).trim();
+}
+function parseAssumeRole(xml) {
+  const credBlock = firstInner(xml, "Credentials");
+  if (credBlock === null) {
+    return null;
+  }
+  const accessKeyId = firstText(credBlock, "AccessKeyId") ?? "";
+  const secretAccessKey = firstText(credBlock, "SecretAccessKey") ?? "";
+  if (accessKeyId === "" || secretAccessKey === "") {
+    return null;
+  }
+  return {
+    accessKeyId,
+    secretAccessKey,
+    sessionToken: firstText(credBlock, "SessionToken") ?? "",
+    expiration: firstText(credBlock, "Expiration") ?? ""
+  };
+}
+function parseErrorCode(xml) {
+  return firstText(xml, "Code");
+}
+var HttpClientError = class extends Error {
+  response;
+  constructor(message, response) {
+    super(message);
+    this.name = new.target.name;
+    this.response = response;
+  }
+};
+var TransientError = class extends HttpClientError {
+  kind = "transient";
+};
+var RateLimitError = class extends HttpClientError {
+  kind = "rate_limit";
+  retryAfter;
+  constructor(message, response, retryAfter) {
+    super(message, response);
+    this.retryAfter = retryAfter;
+  }
+};
+var AuthError = class extends HttpClientError {
+  kind = "auth";
+};
+var HTTP_CLIENT_VERSION = "0.0.0";
+var DEFAULT_USER_AGENT = `rawdash-connector/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;
+function connectorUserAgent(connectorId) {
+  return `rawdash-connector-${connectorId}/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;
+}
+function parseEpoch(value, unit) {
+  if (value === null || value === void 0) {
+    return null;
+  }
+  if (unit === "iso") {
+    if (typeof value !== "string") {
+      return null;
+    }
+    const ms = new Date(value).getTime();
+    return Number.isFinite(ms) ? ms : null;
+  }
+  if (typeof value === "string" && value.trim() === "") {
+    return null;
+  }
+  const n = typeof value === "number" ? value : Number(value);
+  if (!Number.isFinite(n)) {
+    return null;
+  }
+  const result = unit === "s" ? n * 1e3 : n;
+  return Number.isFinite(result) ? result : null;
+}
+var HttpClientError2 = class extends Error {
+  response;
+  constructor(message, response) {
+    super(message);
+    this.name = new.target.name;
+    this.response = response;
+  }
+};
+var TransientError2 = class extends HttpClientError2 {
+  kind = "transient";
+};
+var RateLimitError2 = class extends HttpClientError2 {
+  kind = "rate_limit";
+  retryAfter;
+  constructor(message, response, retryAfter) {
+    super(message, response);
+    this.retryAfter = retryAfter;
+  }
+};
+var AuthError2 = class extends HttpClientError2 {
+  kind = "auth";
+};
+var UpstreamBugError = class extends HttpClientError2 {
+  kind = "upstream_bug";
+};
+var ClientBugError = class extends HttpClientError2 {
+  kind = "client_bug";
+};
+function classifyStatus(status) {
+  if (status === 429) {
+    return "rate_limit";
+  }
+  if (status === 401 || status === 403) {
+    return "auth";
+  }
+  if (status === 408) {
+    return "transient";
+  }
+  if (status >= 500) {
+    return "upstream_bug";
+  }
+  if (status >= 400) {
+    return "client_bug";
+  }
+  return "client_bug";
+}
+function errorForStatus(message, response, retryAfter) {
+  const kind = classifyStatus(response.status);
+  switch (kind) {
+    case "rate_limit":
+      return new RateLimitError2(message, response, retryAfter);
+    case "auth":
+      return new AuthError2(message, response);
+    case "transient":
+      return new TransientError2(message, response);
+    case "upstream_bug":
+      return new UpstreamBugError(message, response);
+    case "client_bug":
+      return new ClientBugError(message, response);
+  }
+}
+var defaultRetryOn = (status, err) => {
+  if (err instanceof RateLimitError2) {
+    return true;
+  }
+  if (err instanceof TransientError2) {
+    return true;
+  }
+  if (status === null) {
+    return err instanceof Error && !(err instanceof HttpClientError2);
+  }
+  if (status === 408 || status === 429) {
+    return true;
+  }
+  if (status >= 500) {
+    return true;
+  }
+  return false;
+};
+function parseRetryAfter(headerValue, now = /* @__PURE__ */ new Date()) {
+  if (!headerValue) {
+    return void 0;
+  }
+  const trimmed = headerValue.trim();
+  if (/^\d+$/.test(trimmed)) {
+    return new Date(now.getTime() + Number(trimmed) * 1e3);
+  }
+  const parsed = Date.parse(trimmed);
+  if (Number.isNaN(parsed)) {
+    return void 0;
+  }
+  return new Date(parsed);
+}
+function sleep(ms, signal) {
+  if (signal?.aborted) {
+    return Promise.reject(signal.reason ?? new Error("Aborted"));
+  }
+  return new Promise((resolve, reject) => {
+    const onAbort = () => {
+      clearTimeout(timer);
+      reject(signal.reason ?? new Error("Aborted"));
+    };
+    const timer = setTimeout(() => {
+      signal?.removeEventListener("abort", onAbort);
+      resolve();
+    }, ms);
+    signal?.addEventListener("abort", onAbort, { once: true });
+  });
+}
+var HTTP_CLIENT_VERSION2 = "0.0.0";
+var DEFAULT_USER_AGENT2 = `rawdash-connector/${HTTP_CLIENT_VERSION2} (+https://rawdash.dev)`;
+var DEFAULT_TIMEOUT_MS = 1e4;
+var DEFAULT_MAX_ATTEMPTS = 3;
+var DEFAULT_INITIAL_DELAY_MS = 1e3;
+var DEFAULT_MAX_DELAY_MS = 6e4;
+var OBSERVER_TIMEOUT_MS = 250;
+async function notifyObserver(observer, event) {
+  let result;
+  try {
+    result = observer(event);
+  } catch (err) {
+    console.warn("[connector-shared] request observer threw:", err);
+    return;
+  }
+  if (!(result instanceof Promise)) {
+    return;
+  }
+  const guarded = result.catch((err) => {
+    console.warn("[connector-shared] request observer rejected:", err);
+  });
+  let timer;
+  const timeout = new Promise((resolve) => {
+    timer = setTimeout(resolve, OBSERVER_TIMEOUT_MS);
+  });
+  try {
+    await Promise.race([guarded, timeout]);
+  } finally {
+    if (timer) {
+      clearTimeout(timer);
+    }
+  }
+}
+function newRequestId() {
+  const c = globalThis.crypto;
+  if (c?.randomUUID) {
+    return c.randomUUID();
+  }
+  return `${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 10)}`;
+}
+function mergeHeaders(defaults, overrides) {
+  const merged = {};
+  for (const [k, v] of Object.entries(defaults)) {
+    merged[k.toLowerCase()] = v;
+  }
+  if (overrides) {
+    for (const [k, v] of Object.entries(overrides)) {
+      merged[k.toLowerCase()] = v;
+    }
+  }
+  return merged;
+}
+function linkTimeoutSignal(parent, timeoutMs) {
+  const controller = new AbortController();
+  const onParentAbort = () => {
+    controller.abort(parent?.reason);
+  };
+  if (parent) {
+    if (parent.aborted) {
+      controller.abort(parent.reason);
+    } else {
+      parent.addEventListener("abort", onParentAbort, { once: true });
+    }
+  }
+  const timer = setTimeout(() => {
+    controller.abort(new Error(`Request timed out after ${timeoutMs}ms`));
+  }, timeoutMs);
+  return {
+    signal: controller.signal,
+    cancel: () => {
+      clearTimeout(timer);
+      if (parent) {
+        parent.removeEventListener("abort", onParentAbort);
+      }
+    }
+  };
+}
+async function readBody(res, parseJson) {
+  if (res.status === 204 || res.status === 205) {
+    return null;
+  }
+  const contentType = res.headers.get("content-type") ?? "";
+  if (parseJson && contentType.includes("application/json")) {
+    const text = await res.text();
+    if (text.length === 0) {
+      return null;
+    }
+    return JSON.parse(text);
+  }
+  return res.text();
+}
+async function request(req, options) {
+  const fetchImpl = options.fetch ?? globalThis.fetch;
+  const retry = req.retry ?? {};
+  const maxAttempts = retry.maxAttempts ?? DEFAULT_MAX_ATTEMPTS;
+  const initialDelayMs = retry.initialDelayMs ?? DEFAULT_INITIAL_DELAY_MS;
+  const maxDelayMs = retry.maxDelayMs ?? DEFAULT_MAX_DELAY_MS;
+  const retryOn = retry.retryOn ?? defaultRetryOn;
+  const timeoutMs = req.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+  const parseJson = req.parseJson ?? true;
+  const headers = mergeHeaders(
+    {
+      "User-Agent": DEFAULT_USER_AGENT2,
+      Accept: "application/json"
+    },
+    req.headers
+  );
+  let lastErr;
+  for (let attempt = 0; attempt < maxAttempts; attempt++) {
+    req.signal?.throwIfAborted();
+    const { signal, cancel } = linkTimeoutSignal(req.signal, timeoutMs);
+    let res;
+    try {
+      res = await fetchImpl(req.url, {
+        method: req.method ?? "GET",
+        headers,
+        body: req.body,
+        signal
+      });
+    } catch (err2) {
+      cancel();
+      if (req.signal?.aborted) {
+        throw req.signal.reason ?? err2;
+      }
+      const error = err2 instanceof Error ? err2 : new Error(String(err2));
+      lastErr = error;
+      if (attempt < maxAttempts - 1 && retryOn(null, error)) {
+        const delay = computeDelay(attempt, initialDelayMs, maxDelayMs);
+        await sleep(delay, req.signal);
+        continue;
+      }
+      throw new TransientError2(error.message);
+    }
+    cancel();
+    const body = await readBody(res, parseJson);
+    const httpResponse = {
+      status: res.status,
+      headers: res.headers,
+      body
+    };
+    if (req.rateLimit) {
+      const state = req.rateLimit.parse(res.headers);
+      if (state) {
+        httpResponse.rateLimitState = state;
+      }
+    }
+    if (options.observer) {
+      await notifyObserver(options.observer, {
+        url: req.url,
+        method: req.method ?? "GET",
+        status: res.status,
+        resource: options.resource,
+        requestId: options.requestId ?? newRequestId(),
+        body
+      });
+    }
+    if (res.ok) {
+      return httpResponse;
+    }
+    const retryAfter = parseRetryAfter(res.headers.get("retry-after"));
+    const message = `HTTP ${res.status} ${res.statusText} for ${req.method ?? "GET"} ${req.url}`;
+    const err = errorForStatus(message, httpResponse, retryAfter);
+    if (attempt < maxAttempts - 1 && retryOn(res.status, err) && !(err instanceof AuthError2) && !(err instanceof ClientBugError)) {
+      lastErr = err;
+      let delay = computeDelay(attempt, initialDelayMs, maxDelayMs);
+      if (err instanceof RateLimitError2 && retryAfter) {
+        const wait = retryAfter.getTime() - Date.now();
+        if (wait > 0) {
+          delay = Math.min(wait, maxDelayMs);
+        }
+      }
+      await sleep(delay, req.signal);
+      continue;
+    }
+    throw err;
+  }
+  throw lastErr ?? new UpstreamBugError("Exhausted retry attempts");
+}
+function computeDelay(attempt, initialDelayMs, maxDelayMs) {
+  const base = initialDelayMs * 2 ** attempt;
+  const jitter = base * 0.25 * Math.random();
+  return Math.min(base + jitter, maxDelayMs);
+}
+var MAX_VALUE_LEN = 120;
+function truncate(s, max = MAX_VALUE_LEN) {
+  if (s.length <= max) {
+    return s;
+  }
+  return `${s.slice(0, max - 1)}\u2026`;
+}
+function formatValue(value) {
+  if (value === null) {
+    return "null";
+  }
+  if (value === void 0) {
+    return "";
+  }
+  if (typeof value === "number" || typeof value === "boolean") {
+    return String(value);
+  }
+  if (typeof value === "string") {
+    const t = truncate(value);
+    if (/[\s"=]/.test(t)) {
+      return JSON.stringify(t);
+    }
+    return t;
+  }
+  if (typeof value === "bigint") {
+    return value.toString();
+  }
+  let json;
+  try {
+    json = JSON.stringify(value);
+  } catch {
+    json = void 0;
+  }
+  return truncate(json ?? String(value));
+}
+function formatLogFields(fields) {
+  if (!fields) {
+    return "";
+  }
+  const parts = [];
+  for (const [k, v] of Object.entries(fields)) {
+    if (v === void 0) {
+      continue;
+    }
+    parts.push(`${k}=${formatValue(v)}`);
+  }
+  return parts.length > 0 ? ` ${parts.join(" ")}` : "";
+}
+function formatLogLine(scope, event, fields) {
+  return `[${scope}] ${event}${formatLogFields(fields)}`;
+}
+function createDefaultConnectorLogger(opts) {
+  return {
+    info(event, fields) {
+      console.info(formatLogLine(opts.scope, event, fields));
+    },
+    warn(event, fields) {
+      console.warn(formatLogLine(opts.scope, event, fields));
+    }
+  };
+}
+function isSecret(value) {
+  return typeof value === "object" && value !== null && "$secret" in value && typeof value.$secret === "string";
+}
+var secretRefSchema = z.strictObject({
+  $secret: z.string()
+});
+var EnvSecretsResolver = class {
+  resolve(name) {
+    const env = globalThis.process?.env;
+    const raw = env?.[name];
+    if (raw === void 0) {
+      return void 0;
+    }
+    if (raw.length === 0) {
+      return raw;
+    }
+    const first = raw.charCodeAt(0);
+    if (first !== 123 && first !== 91) {
+      return raw;
+    }
+    try {
+      return JSON.parse(raw);
+    } catch {
+      return raw;
+    }
+  }
+};
+function resolveSecrets(obj, resolver) {
+  if (isSecret(obj)) {
+    const name = obj.$secret;
+    const value = resolver.resolve(name);
+    if (value === void 0) {
+      throw new Error(
+        `Missing secret "${name}". Set it via process.env.${name} or the CLI: rawdash secrets set ${name} ...`
+      );
+    }
+    return value;
+  }
+  if (Array.isArray(obj)) {
+    return obj.map((item) => resolveSecrets(item, resolver));
+  }
+  if (typeof obj === "object" && obj !== null) {
+    const result = {};
+    for (const [key, val] of Object.entries(obj)) {
+      Object.defineProperty(result, key, {
+        value: resolveSecrets(val, resolver),
+        enumerable: true,
+        configurable: true,
+        writable: true
+      });
+    }
+    return result;
+  }
+  return obj;
+}
+var BaseConnector = class {
+  credentials;
+  settings;
+  creds;
+  rawCredInput;
+  ctx;
+  cachedLogger;
+  constructor(settings, creds, ctx) {
+    this.settings = settings;
+    this.rawCredInput = creds;
+    this.ctx = ctx ?? {};
+    this.creds = creds ? resolveSecrets(
+      creds,
+      this.ctx.secretsResolver ?? new EnvSecretsResolver()
+    ) : {};
+  }
+  get logger() {
+    if (!this.cachedLogger) {
+      this.cachedLogger = this.ctx.logger ?? createDefaultConnectorLogger({ scope: this.id });
+    }
+    return this.cachedLogger;
+  }
+  request(req, opts) {
+    return request(req, {
+      resource: opts.resource,
+      requestId: opts.requestId,
+      observer: this.ctx.observer
+    });
+  }
+  get(url, opts) {
+    return this.request(
+      {
+        url,
+        method: "GET",
+        headers: opts.headers,
+        signal: opts.signal,
+        rateLimit: opts.rateLimit
+      },
+      { resource: opts.resource, requestId: opts.requestId }
+    );
+  }
+  post(url, opts) {
+    return this.request(
+      {
+        url,
+        method: "POST",
+        headers: opts.headers,
+        body: opts.body,
+        signal: opts.signal,
+        rateLimit: opts.rateLimit
+      },
+      { resource: opts.resource, requestId: opts.requestId }
+    );
+  }
+  isResourceEnabled(resource) {
+    const enabled = this.settings?.resources;
+    if (!enabled || enabled.length === 0) {
+      return true;
+    }
+    return enabled.includes(resource);
+  }
+  serializeConfig() {
+    const config = {
+      ...this.settings
+    };
+    if (this.rawCredInput) {
+      for (const [key, value] of Object.entries(
+        this.rawCredInput
+      )) {
+        if (value !== void 0) {
+          config[key] = value;
+        }
+      }
+    }
+    return config;
+  }
+  sleep(ms, signal) {
+    if (signal?.aborted) {
+      return Promise.reject(signal.reason ?? new Error("Aborted"));
+    }
+    return new Promise((resolve, reject) => {
+      const onAbort = () => {
+        clearTimeout(timer);
+        reject(signal.reason ?? new Error("Aborted"));
+      };
+      const timer = setTimeout(() => {
+        signal?.removeEventListener("abort", onAbort);
+        resolve();
+      }, ms);
+      signal?.addEventListener("abort", onAbort, { once: true });
+    });
+  }
+  async withRetry(fn, options) {
+    const {
+      maxAttempts = 10,
+      initialDelayMs = 1e3,
+      maxDelayMs = 1e4,
+      signal
+    } = options ?? {};
+    for (let attempt = 0; attempt < maxAttempts; attempt++) {
+      signal?.throwIfAborted();
+      const result = await fn(signal);
+      if (result.status === "done") {
+        return result.value;
+      }
+      if (attempt < maxAttempts - 1) {
+        const delay = Math.min(initialDelayMs * 2 ** attempt, maxDelayMs);
+        await this.sleep(delay, signal);
+      }
+    }
+    return null;
+  }
+};
+var shapeSchema = z2.enum([
+  "event",
+  "entity",
+  "metric",
+  "edge",
+  "distribution"
+]);
+var aggFnSchema = z2.enum([
+  "count",
+  "sum",
+  "avg",
+  "min",
+  "max",
+  "latest",
+  "first"
+]);
+var filterOperatorSchema = z2.enum([
+  "eq",
+  "neq",
+  "gt",
+  "gte",
+  "lt",
+  "lte",
+  "contains"
+]);
+var filterConditionSchema = z2.object({
+  field: z2.string(),
+  op: filterOperatorSchema,
+  value: z2.union([z2.string(), z2.number(), z2.boolean()])
+});
+var filterClauseSchema = z2.union([
+  filterConditionSchema,
+  z2.object({ or: z2.array(filterConditionSchema) })
+]);
+var groupBySchema = z2.object({
+  field: z2.string(),
+  granularity: z2.enum(["hour", "day", "week", "month"])
+});
+var computedMetricSchema = z2.object({
+  connectorId: z2.string(),
+  shape: shapeSchema,
+  name: z2.string().optional(),
+  entityType: z2.string().optional(),
+  field: z2.string().optional(),
+  fn: aggFnSchema,
+  window: z2.string().optional(),
+  filter: z2.array(filterClauseSchema).optional(),
+  groupBy: groupBySchema.optional()
+}).refine((m) => m.fn === "count" || m.field !== void 0, {
+  message: 'field is required unless fn is "count"',
+  path: ["field"]
+});
+var titleField = z2.string().meta({ label: "Title", description: "Widget title." });
+var statWidgetSchema = z2.object({
+  kind: z2.literal("stat"),
+  title: titleField,
+  metric: computedMetricSchema.meta({
+    label: "Metric",
+    description: "Computed metric definition."
+  }),
+  window: z2.string().optional().meta({ label: "Window", description: "Time window, e.g. '7d'." }),
+  compare: z2.enum(["none", "previous-period"]).default("none").meta({ label: "Compare", description: "Comparison mode." })
+});
+var statusWidgetSchema = z2.object({
+  kind: z2.literal("status"),
+  title: titleField,
+  source: z2.string().meta({
+    label: "Source",
+    description: "Connector or data source reference."
+  })
+});
+var timeseriesWidgetSchema = z2.object({
+  kind: z2.literal("timeseries"),
+  title: titleField,
+  metric: computedMetricSchema.meta({
+    label: "Metric",
+    description: "Computed metric definition."
+  }),
+  window: z2.string().meta({ label: "Window", description: "Time window, e.g. '30d'." }),
+  granularity: z2.enum(["hour", "day", "week"]).default("day").meta({ label: "Granularity", description: "Time bucket size." })
+});
+var distributionWidgetSchema = z2.object({
+  kind: z2.literal("distribution"),
+  title: titleField,
+  metric: computedMetricSchema.meta({
+    label: "Metric",
+    description: "Computed metric definition."
+  }),
+  window: z2.string().meta({ label: "Window", description: "Time window, e.g. '7d'." })
+});
+var widgetSchemas = {
+  stat: statWidgetSchema,
+  status: statusWidgetSchema,
+  timeseries: timeseriesWidgetSchema,
+  distribution: distributionWidgetSchema
+};
+var widgetSchema = z2.discriminatedUnion("kind", [
+  statWidgetSchema,
+  statusWidgetSchema,
+  timeseriesWidgetSchema,
+  distributionWidgetSchema
+]);
+var VALID_WIDGET_KINDS = new Set(Object.keys(widgetSchemas));
+var wireConnectorSchema = z4.object({
+  name: z4.string(),
+  connectorId: z4.string(),
+  displayName: z4.string().optional(),
+  config: z4.record(z4.string(), z4.unknown()),
+  syncIntervalSeconds: z4.number().optional(),
+  enabled: z4.boolean().optional()
+});
+var wireDashboardSchema = z4.object({
+  id: z4.string().optional(),
+  name: z4.string(),
+  slug: z4.string(),
+  config: z4.record(z4.string(), z4.unknown())
+});
+var wireConfigSchema = z4.object({
+  connectors: z4.array(wireConnectorSchema).optional(),
+  dashboards: z4.array(wireDashboardSchema).optional()
+});
+var awsCredentialsSchema = {
+  accessKeyId: {
+    description: "AWS access key ID",
+    auth: "optional"
+  },
+  secretAccessKey: {
+    description: "AWS secret access key",
+    auth: "optional"
+  }
+};
+var STS_SERVICE = "sts";
+var STS_API_VERSION = "2011-06-15";
+var ASSUMED_ROLE_TTL_BUFFER_MS = 6e4;
+var ASSUME_ROLE_DURATION_SECONDS = 3600;
+var FORM_CONTENT_TYPE = "application/x-www-form-urlencoded; charset=utf-8";
+function readEnv(name) {
+  const env = globalThis.process?.env;
+  return env?.[name];
+}
+var BaseAWSConnector = class extends BaseConnector {
+  credentials = awsCredentialsSchema;
+  assumedCreds = null;
+  baseCredentials() {
+    const { accessKeyId, secretAccessKey } = this.creds;
+    if (accessKeyId && secretAccessKey) {
+      return { accessKeyId, secretAccessKey };
+    }
+    const envAccessKeyId = readEnv("AWS_ACCESS_KEY_ID");
+    const envSecretAccessKey = readEnv("AWS_SECRET_ACCESS_KEY");
+    if (envAccessKeyId && envSecretAccessKey) {
+      return {
+        accessKeyId: envAccessKeyId,
+        secretAccessKey: envSecretAccessKey,
+        sessionToken: readEnv("AWS_SESSION_TOKEN") || void 0
+      };
+    }
+    throw new AuthError(
+      `${this.id}: no AWS credentials available \u2014 provide accessKeyId + secretAccessKey, or set them in the environment for role assumption`
+    );
+  }
+  async resolveSigningCredentials(signal) {
+    if (this.settings.roleArn === void 0) {
+      const { accessKeyId, secretAccessKey } = this.creds;
+      if (!accessKeyId || !secretAccessKey) {
+        throw new AuthError(
+          `${this.id}: static-credential auth requires both accessKeyId and secretAccessKey`
+        );
+      }
+      return { accessKeyId, secretAccessKey };
+    }
+    if (this.assumedCreds && Date.now() < this.assumedCreds.expiresAt) {
+      return this.assumedCreds.value;
+    }
+    return this.assumeRole(this.settings.roleArn, signal);
+  }
+  async assumeRole(roleArn, signal) {
+    const params = new URLSearchParams();
+    params.set("Action", "AssumeRole");
+    params.set("Version", STS_API_VERSION);
+    params.set("RoleArn", roleArn);
+    params.set("RoleSessionName", `rawdash-${this.id}`);
+    params.set("DurationSeconds", String(ASSUME_ROLE_DURATION_SECONDS));
+    if (this.settings.externalId !== void 0) {
+      params.set("ExternalId", this.settings.externalId);
+    }
+    const host = `sts.${this.settings.region}.amazonaws.com`;
+    const xml = await this.signedPost({
+      host,
+      service: STS_SERVICE,
+      body: params.toString(),
+      signingCredentials: this.baseCredentials(),
+      resource: "assume_role",
+      signal
+    });
+    const parsed = parseAssumeRole(xml);
+    if (parsed === null) {
+      throw new AuthError(
+        `${this.id}: STS AssumeRole returned no usable credentials`
+      );
+    }
+    this.cacheAssumedCredentials(parsed);
+    return {
+      accessKeyId: parsed.accessKeyId,
+      secretAccessKey: parsed.secretAccessKey,
+      sessionToken: parsed.sessionToken || void 0
+    };
+  }
+  cacheAssumedCredentials(parsed) {
+    const expirationMs = parseEpoch(parsed.expiration, "iso");
+    const expiresAt = expirationMs !== null ? expirationMs - ASSUMED_ROLE_TTL_BUFFER_MS : Date.now() + (ASSUME_ROLE_DURATION_SECONDS - 60) * 1e3;
+    this.assumedCreds = {
+      value: {
+        accessKeyId: parsed.accessKeyId,
+        secretAccessKey: parsed.secretAccessKey,
+        sessionToken: parsed.sessionToken || void 0
+      },
+      expiresAt
+    };
+  }
+  async signedPost(args) {
+    const { amzDate, dateStamp } = formatAmzDate(/* @__PURE__ */ new Date());
+    const payloadHash = await sha256Hex(args.body);
+    const signedHeaders = {
+      host: args.host,
+      "content-type": FORM_CONTENT_TYPE,
+      "x-amz-content-sha256": payloadHash,
+      "x-amz-date": amzDate
+    };
+    if (args.signingCredentials.sessionToken !== void 0) {
+      signedHeaders["x-amz-security-token"] = args.signingCredentials.sessionToken;
+    }
+    const authorization = await createAuthorizationHeader({
+      method: "POST",
+      host: args.host,
+      path: "/",
+      query: "",
+      headers: signedHeaders,
+      payloadHash,
+      accessKeyId: args.signingCredentials.accessKeyId,
+      secretAccessKey: args.signingCredentials.secretAccessKey,
+      region: this.settings.region,
+      service: args.service,
+      amzDate,
+      dateStamp
+    });
+    const sendHeaders = {
+      "content-type": FORM_CONTENT_TYPE,
+      "x-amz-content-sha256": payloadHash,
+      "x-amz-date": amzDate,
+      "user-agent": connectorUserAgent(this.id),
+      Authorization: authorization
+    };
+    if (args.signingCredentials.sessionToken !== void 0) {
+      sendHeaders["x-amz-security-token"] = args.signingCredentials.sessionToken;
+    }
+    try {
+      const res = await this.request(
+        {
+          url: `https://${args.host}/`,
+          method: "POST",
+          headers: sendHeaders,
+          body: args.body,
+          parseJson: false,
+          signal: args.signal
+        },
+        { resource: args.resource }
+      );
+      return res.body;
+    } catch (err) {
+      throw this.classifyAwsError(err);
+    }
+  }
+  classifyAwsError(err) {
+    if (!(err instanceof Error) || !("kind" in err)) {
+      return err;
+    }
+    const httpErr = err;
+    const body = typeof httpErr.response?.body === "string" ? httpErr.response.body : "";
+    const code = parseErrorCode(body) ?? "";
+    const status = httpErr.response?.status ?? 0;
+    if (/throttl|RequestLimitExceeded|TooManyRequests|LimitExceeded/i.test(code)) {
+      return new RateLimitError(httpErr.message, httpErr.response);
+    }
+    if (/AccessDenied|UnrecognizedClient|InvalidClientTokenId|SignatureDoesNotMatch|AuthFailure|InvalidAccessKeyId|Forbidden/i.test(
+      code
+    )) {
+      return new AuthError(httpErr.message, httpErr.response);
+    }
+    if (status >= 500) {
+      return new TransientError(httpErr.message, httpErr.response);
+    }
+    return err;
+  }
+};
+var awsAuthConfigShape = {
+  region: z5.string().regex(
+    /^[a-z0-9-]+$/,
+    "region must look like an AWS region, e.g. us-east-1"
+  ).meta({
+    label: "AWS Region",
+    description: "The AWS region whose service endpoint you want to call, e.g. us-east-1.",
+    placeholder: "us-east-1"
+  }),
+  accessKeyId: z5.object({ $secret: z5.string() }).optional().meta({
+    label: "Access Key ID",
+    description: "AWS access key ID for an IAM principal with permission to call the relevant service. Use together with the secret access key for static-credential auth.",
+    secret: true
+  }),
+  secretAccessKey: z5.object({ $secret: z5.string() }).optional().meta({
+    label: "Secret Access Key",
+    description: "AWS secret access key paired with the access key ID above.",
+    secret: true
+  }),
+  roleArn: z5.string().regex(
+    /^arn:aws:iam::\d{12}:role\/.+/,
+    "roleArn must be a full IAM role ARN, e.g. arn:aws:iam::123456789012:role/rawdash"
+  ).optional().meta({
+    label: "Role ARN",
+    description: "IAM role to assume via STS instead of using static keys. The base credentials (the access key above, or the ambient AWS environment) must be allowed to sts:AssumeRole this role.",
+    placeholder: "arn:aws:iam::123456789012:role/rawdash"
+  }),
+  externalId: z5.string().min(1).optional().meta({
+    label: "External ID",
+    description: "External ID required by the trust policy of the role being assumed. Only used with Role ARN."
+  })
+};
+var awsAuthRefine = {
+  predicate: (val) => {
+    const hasRole = val.roleArn !== void 0;
+    const hasStatic = val.accessKeyId !== void 0 && val.secretAccessKey !== void 0;
+    if (val.externalId !== void 0 && !hasRole) {
+      return false;
+    }
+    return hasRole || hasStatic;
+  },
+  message: "Provide either accessKeyId + secretAccessKey (static credentials) or roleArn (role assumption). externalId requires roleArn."
+};
+
+// ../../connector-shared/dist/index.js
+var HttpClientError3 = class extends Error {
+  response;
+  constructor(message, response) {
+    super(message);
+    this.name = new.target.name;
+    this.response = response;
+  }
+};
+var TransientError3 = class extends HttpClientError3 {
+  kind = "transient";
+};
+var RateLimitError3 = class extends HttpClientError3 {
+  kind = "rate_limit";
+  retryAfter;
+  constructor(message, response, retryAfter) {
+    super(message, response);
+    this.retryAfter = retryAfter;
+  }
+};
+var AuthError3 = class extends HttpClientError3 {
+  kind = "auth";
+};
+var HTTP_CLIENT_VERSION3 = "0.0.0";
+var DEFAULT_USER_AGENT3 = `rawdash-connector/${HTTP_CLIENT_VERSION3} (+https://rawdash.dev)`;
+function connectorUserAgent2(connectorId) {
+  return `rawdash-connector-${connectorId}/${HTTP_CLIENT_VERSION3} (+https://rawdash.dev)`;
+}
+
+// src/aws-cost.ts
+import {
+  defineConfigFields
+} from "@rawdash/core";
+import { z as z6 } from "zod";
+var { region: _region, ...awsAuthWithoutRegion } = awsAuthConfigShape;
+var configFields = defineConfigFields(
+  z6.object({
+    ...awsAuthWithoutRegion,
+    granularity: z6.enum(["DAILY", "MONTHLY"]).optional().meta({
+      label: "Granularity",
+      description: "Time granularity of cost buckets. DAILY (default) or MONTHLY. Each Cost Explorer query is billed at $0.01, so MONTHLY is cheaper over long windows."
+    }),
+    groupBy: z6.array(
+      z6.string().regex(
+        /^(SERVICE|LINKED_ACCOUNT|TAG:.+|COST_CATEGORY:.+)$/,
+        "groupBy entries must be SERVICE, LINKED_ACCOUNT, TAG:<key>, or COST_CATEGORY:<key>"
+      )
+    ).max(2, "Cost Explorer accepts at most two group-by dimensions").optional().meta({
+      label: "Group by (optional)",
+      description: "Up to two Cost Explorer dimensions to break costs down by, e.g. SERVICE, LINKED_ACCOUNT, or TAG:Environment. Omit for total cost only."
+    }),
+    lookbackDays: z6.number().int().positive().optional().meta({
+      label: "Backfill window (days)",
+      description: "How many days of history to fetch on a full sync. Defaults to 90.",
+      placeholder: "90"
+    })
+  }).refine((val) => awsAuthRefine.predicate({ ...val, region: AWS_REGION }), {
+    message: awsAuthRefine.message
+  })
+);
+var AWS_REGION = "us-east-1";
+var CE_HOST = "ce.us-east-1.amazonaws.com";
+var CE_URL = `https://${CE_HOST}/`;
+var CE_SERVICE = "ce";
+var CE_CONTENT_TYPE = "application/x-amz-json-1.1";
+var CE_TARGET_PREFIX = "AWSInsightsIndexService";
+var DAILY_METRIC_NAME = "aws_cost_daily";
+var FORECAST_METRIC_NAME = "aws_cost_forecast";
+var DEFAULT_BACKFILL_DAYS = 90;
+var INCREMENTAL_LOOKBACK_DAYS = 3;
+var MS_PER_DAY = 864e5;
+var PHASE_ORDER = ["daily_cost", "forecast"];
+var amountString = z6.string().regex(/^-?\d+(\.\d+)?$/);
+var ceDateString = z6.string().regex(/^\d{4}-\d{2}-\d{2}$/);
+var metricAmount = z6.object({ Amount: amountString, Unit: z6.string() });
+var getCostAndUsageResponse = z6.object({
+  ResultsByTime: z6.array(
+    z6.object({
+      TimePeriod: z6.object({ Start: ceDateString, End: ceDateString }),
+      Total: z6.object({ UnblendedCost: metricAmount.optional() }).optional(),
+      Groups: z6.array(
+        z6.object({
+          Keys: z6.array(z6.string()),
+          Metrics: z6.object({ UnblendedCost: metricAmount })
+        })
+      ).optional(),
+      Estimated: z6.boolean().optional()
+    })
+  ),
+  NextPageToken: z6.string().optional()
+});
+var getCostForecastResponse = z6.object({
+  Total: metricAmount.optional(),
+  ForecastResultsByTime: z6.array(
+    z6.object({
+      TimePeriod: z6.object({ Start: ceDateString, End: ceDateString }),
+      MeanValue: amountString,
+      PredictionIntervalLowerBound: amountString.optional(),
+      PredictionIntervalUpperBound: amountString.optional()
+    })
+  ).optional()
+});
+function asHttpError(err) {
+  if (err instanceof Error && "kind" in err && typeof err.kind === "string") {
+    return err;
+  }
+  return null;
+}
+function extractAwsErrorType(err) {
+  const body = err.response?.body;
+  if (typeof body === "string") {
+    try {
+      const parsed = JSON.parse(body);
+      return parsed.__type ?? parsed.Code ?? body;
+    } catch {
+      return body;
+    }
+  }
+  if (body && typeof body === "object") {
+    const o = body;
+    return String(o.__type ?? o.Code ?? "");
+  }
+  return "";
+}
+function mapAwsJsonError(err) {
+  const httpError = asHttpError(err);
+  if (!httpError) {
+    return err;
+  }
+  const type = extractAwsErrorType(httpError);
+  const status = httpError.response?.status ?? 0;
+  if (/throttl|TooManyRequests|RequestLimitExceeded/i.test(type) || status === 429) {
+    return new RateLimitError3(httpError.message, httpError.response);
+  }
+  if (/AccessDenied|UnrecognizedClient|InvalidClientTokenId|SignatureDoesNotMatch|AuthFailure|InvalidSignature|ExpiredToken/i.test(
+    type
+  ) || status === 403) {
+    return new AuthError3(httpError.message, httpError.response);
+  }
+  if (status >= 500) {
+    return new TransientError3(httpError.message, httpError.response);
+  }
+  return err;
+}
+function isDataUnavailable(err) {
+  const httpError = asHttpError(err);
+  return httpError !== null && /DataUnavailable/i.test(extractAwsErrorType(httpError));
+}
+function parseAmount(value) {
+  if (value === void 0) {
+    return 0;
+  }
+  const n = Number.parseFloat(value);
+  return Number.isFinite(n) ? n : 0;
+}
+function ceDateToMs(date) {
+  const m = /^(\d{4})-(\d{2})-(\d{2})$/.exec(date);
+  if (!m) {
+    return NaN;
+  }
+  return Date.UTC(Number(m[1]), Number(m[2]) - 1, Number(m[3]));
+}
+function pad2(n) {
+  return String(n).padStart(2, "0");
+}
+function toDateStr(ms) {
+  const d = new Date(ms);
+  return `${d.getUTCFullYear()}-${pad2(d.getUTCMonth() + 1)}-${pad2(d.getUTCDate())}`;
+}
+function addMonthsFirstUtc(ms, months) {
+  const d = new Date(ms);
+  return Date.UTC(d.getUTCFullYear(), d.getUTCMonth() + months, 1);
+}
+function startOfUtcDay(ms) {
+  return Math.floor(ms / MS_PER_DAY) * MS_PER_DAY;
+}
+function groupAttrName(groupBy, index) {
+  const dim = groupBy?.[index];
+  if (!dim) {
+    return `dimension_${index}`;
+  }
+  if (dim.startsWith("TAG:")) {
+    return `tag_${dim.slice(4)}`;
+  }
+  if (dim.startsWith("COST_CATEGORY:")) {
+    return `cost_category_${dim.slice(14)}`;
+  }
+  return dim.toLowerCase();
+}
+function toGroupDefinition(dim) {
+  if (dim.startsWith("TAG:")) {
+    return { Type: "TAG", Key: dim.slice(4) };
+  }
+  if (dim.startsWith("COST_CATEGORY:")) {
+    return { Type: "COST_CATEGORY", Key: dim.slice(14) };
+  }
+  return { Type: "DIMENSION", Key: dim };
+}
+function buildDailyCostSamples(body, granularity, groupBy) {
+  const samples = [];
+  for (const result of body.ResultsByTime ?? []) {
+    const start = result.TimePeriod?.Start;
+    if (start === void 0) {
+      continue;
+    }
+    const ts = ceDateToMs(start);
+    if (!Number.isFinite(ts)) {
+      continue;
+    }
+    const estimated = result.Estimated ?? false;
+    const groups = result.Groups ?? [];
+    if (groups.length > 0) {
+      for (const group of groups) {
+        const cost2 = group.Metrics?.["UnblendedCost"];
+        const keys = group.Keys ?? [];
+        const attributes = {
+          granularity,
+          estimated,
+          unit: cost2?.Unit ?? "USD"
+        };
+        for (let i = 0; i < keys.length; i++) {
+          attributes[groupAttrName(groupBy, i)] = keys[i] ?? null;
+        }
+        samples.push({
+          name: DAILY_METRIC_NAME,
+          ts,
+          value: parseAmount(cost2?.Amount),
+          attributes
+        });
+      }
+      continue;
+    }
+    const cost = result.Total?.["UnblendedCost"];
+    if (!cost) {
+      continue;
+    }
+    samples.push({
+      name: DAILY_METRIC_NAME,
+      ts,
+      value: parseAmount(cost.Amount),
+      attributes: { granularity, estimated, unit: cost.Unit ?? "USD" }
+    });
+  }
+  return samples;
+}
+function buildForecastSamples(body, granularity) {
+  const unit = body.Total?.Unit ?? "USD";
+  const samples = [];
+  for (const result of body.ForecastResultsByTime ?? []) {
+    const start = result.TimePeriod?.Start;
+    if (start === void 0) {
+      continue;
+    }
+    const ts = ceDateToMs(start);
+    if (!Number.isFinite(ts)) {
+      continue;
+    }
+    samples.push({
+      name: FORECAST_METRIC_NAME,
+      ts,
+      value: parseAmount(result.MeanValue),
+      attributes: {
+        granularity,
+        unit,
+        lowerBound: result.PredictionIntervalLowerBound !== void 0 ? parseAmount(result.PredictionIntervalLowerBound) : null,
+        upperBound: result.PredictionIntervalUpperBound !== void 0 ? parseAmount(result.PredictionIntervalUpperBound) : null
+      }
+    });
+  }
+  return samples;
+}
+function getCostWindow(options, granularity, lookbackDays, now = Date.now()) {
+  const sinceMs = options.since !== void 0 ? Date.parse(options.since) : NaN;
+  const hasSince = Number.isFinite(sinceMs);
+  let days = lookbackDays;
+  if (options.mode === "latest") {
+    days = INCREMENTAL_LOOKBACK_DAYS;
+  } else if (hasSince) {
+    const elapsed = Math.ceil((now - sinceMs) / MS_PER_DAY);
+    days = Math.min(Math.max(elapsed, 1), lookbackDays);
+  }
+  if (granularity === "MONTHLY") {
+    let months;
+    if (options.mode === "latest") {
+      months = 1;
+    } else if (hasSince) {
+      const since = new Date(sinceMs);
+      const nowDate = new Date(now);
+      const delta = (nowDate.getUTCFullYear() - since.getUTCFullYear()) * 12 + (nowDate.getUTCMonth() - since.getUTCMonth()) + 1;
+      months = Math.max(1, delta);
+    } else {
+      months = Math.max(1, Math.ceil(lookbackDays / 30));
+    }
+    return {
+      start: toDateStr(addMonthsFirstUtc(now, 1 - months)),
+      end: toDateStr(addMonthsFirstUtc(now, 1))
+    };
+  }
+  const end = startOfUtcDay(now) + MS_PER_DAY;
+  return { start: toDateStr(end - days * MS_PER_DAY), end: toDateStr(end) };
+}
+function getForecastWindow(granularity, now = Date.now()) {
+  const start = startOfUtcDay(now);
+  if (granularity === "MONTHLY") {
+    return {
+      start: toDateStr(start),
+      end: toDateStr(addMonthsFirstUtc(now, 3))
+    };
+  }
+  return { start: toDateStr(start), end: toDateStr(start + 31 * MS_PER_DAY) };
+}
+function isAwsCostCursor(value) {
+  if (typeof value !== "object" || value === null) {
+    return false;
+  }
+  const c = value;
+  if (typeof c.phase !== "string" || !PHASE_ORDER.includes(c.phase)) {
+    return false;
+  }
+  const p = c.page;
+  if (p === null) {
+    return true;
+  }
+  if (typeof p !== "object") {
+    return false;
+  }
+  return typeof p.start === "string" && typeof p.end === "string";
+}
+var AwsCostConnector = class _AwsCostConnector extends BaseAWSConnector {
+  static id = "aws-cost";
+  static schemas = {
+    daily_cost: getCostAndUsageResponse,
+    forecast: getCostForecastResponse
+  };
+  static create(input, ctx) {
+    const parsed = configFields.parse(input);
+    return new _AwsCostConnector(
+      {
+        region: AWS_REGION,
+        roleArn: parsed.roleArn,
+        externalId: parsed.externalId,
+        granularity: parsed.granularity,
+        groupBy: parsed.groupBy,
+        lookbackDays: parsed.lookbackDays
+      },
+      {
+        accessKeyId: parsed.accessKeyId,
+        secretAccessKey: parsed.secretAccessKey
+      },
+      ctx
+    );
+  }
+  id = "aws-cost";
+  async callCostExplorer(action, payload, resource, signal) {
+    const credentials = await this.resolveSigningCredentials(signal);
+    const body = JSON.stringify(payload);
+    const headers = await this.buildCeHeaders(action, body, credentials);
+    try {
+      const res = await this.post(CE_URL, {
+        resource,
+        headers,
+        body,
+        signal
+      });
+      const parsed = typeof res.body === "string" ? JSON.parse(res.body) : res.body;
+      return parsed;
+    } catch (err) {
+      throw mapAwsJsonError(err);
+    }
+  }
+  async buildCeHeaders(action, body, credentials) {
+    const { amzDate, dateStamp } = formatAmzDate(/* @__PURE__ */ new Date());
+    const payloadHash = await sha256Hex(body);
+    const amzTarget = `${CE_TARGET_PREFIX}.${action}`;
+    const signedHeaders = {
+      "content-type": CE_CONTENT_TYPE,
+      host: CE_HOST,
+      "x-amz-content-sha256": payloadHash,
+      "x-amz-date": amzDate,
+      "x-amz-target": amzTarget
+    };
+    if (credentials.sessionToken !== void 0) {
+      signedHeaders["x-amz-security-token"] = credentials.sessionToken;
+    }
+    const authorization = await createAuthorizationHeader({
+      method: "POST",
+      host: CE_HOST,
+      path: "/",
+      query: "",
+      headers: signedHeaders,
+      payloadHash,
+      accessKeyId: credentials.accessKeyId,
+      secretAccessKey: credentials.secretAccessKey,
+      region: AWS_REGION,
+      service: CE_SERVICE,
+      amzDate,
+      dateStamp
+    });
+    const sendHeaders = {
+      "Content-Type": CE_CONTENT_TYPE,
+      "X-Amz-Content-Sha256": payloadHash,
+      "X-Amz-Date": amzDate,
+      "X-Amz-Target": amzTarget,
+      Authorization: authorization,
+      "User-Agent": connectorUserAgent2(this.id)
+    };
+    if (credentials.sessionToken !== void 0) {
+      sendHeaders["X-Amz-Security-Token"] = credentials.sessionToken;
+    }
+    return sendHeaders;
+  }
+  async syncDailyCost(storage, window, granularity, groupBy, signal) {
+    const samples = [];
+    let nextPageToken;
+    do {
+      const payload = {
+        TimePeriod: { Start: window.start, End: window.end },
+        Granularity: granularity,
+        Metrics: ["UnblendedCost"]
+      };
+      if (groupBy && groupBy.length > 0) {
+        payload["GroupBy"] = groupBy.slice(0, 2).map(toGroupDefinition);
+      }
+      if (nextPageToken) {
+        payload["NextPageToken"] = nextPageToken;
+      }
+      const parsed = await this.callCostExplorer(
+        "GetCostAndUsage",
+        payload,
+        "daily_cost",
+        signal
+      );
+      samples.push(...buildDailyCostSamples(parsed, granularity, groupBy));
+      nextPageToken = typeof parsed.NextPageToken === "string" && parsed.NextPageToken.length > 0 ? parsed.NextPageToken : void 0;
+    } while (nextPageToken);
+    await storage.metrics(samples, { names: [DAILY_METRIC_NAME] });
+  }
+  async syncForecast(storage, granularity, signal) {
+    const window = getForecastWindow(granularity);
+    let parsed;
+    try {
+      parsed = await this.callCostExplorer(
+        "GetCostForecast",
+        {
+          TimePeriod: { Start: window.start, End: window.end },
+          Metric: "UNBLENDED_COST",
+          Granularity: granularity
+        },
+        "forecast",
+        signal
+      );
+    } catch (err) {
+      if (isDataUnavailable(err)) {
+        await storage.metrics([], { names: [FORECAST_METRIC_NAME] });
+        return;
+      }
+      throw err;
+    }
+    await storage.metrics(buildForecastSamples(parsed, granularity), {
+      names: [FORECAST_METRIC_NAME]
+    });
+  }
+  async sync(options, storage, signal) {
+    const granularity = this.settings.granularity ?? "DAILY";
+    const lookbackDays = this.settings.lookbackDays ?? DEFAULT_BACKFILL_DAYS;
+    const groupBy = this.settings.groupBy;
+    const cursor = isAwsCostCursor(options.cursor) ? options.cursor : void 0;
+    const page = cursor?.page ?? getCostWindow(options, granularity, lookbackDays);
+    const resumeIdx = cursor ? PHASE_ORDER.indexOf(cursor.phase) : 0;
+    const startIdx = resumeIdx >= 0 ? resumeIdx : 0;
+    for (let i = startIdx; i < PHASE_ORDER.length; i++) {
+      const phase = PHASE_ORDER[i];
+      if (signal?.aborted) {
+        return { done: false, cursor: { phase, page } };
+      }
+      if (options.resources && options.resources.size > 0 && !options.resources.has(phase)) {
+        continue;
+      }
+      try {
+        if (phase === "daily_cost") {
+          await this.syncDailyCost(storage, page, granularity, groupBy, signal);
+        } else {
+          await this.syncForecast(storage, granularity, signal);
+        }
+      } catch (err) {
+        if (signal?.aborted) {
+          return { done: false, cursor: { phase, page } };
+        }
+        throw err;
+      }
+    }
+    return { done: true };
+  }
+};
+
+// src/index.ts
+var index_default = AwsCostConnector;
+export {
+  AwsCostConnector,
+  buildDailyCostSamples,
+  buildForecastSamples,
+  configFields,
+  index_default as default,
+  getCostWindow
+};
+//# sourceMappingURL=index.js.map