npm - @stacksjs/ts-cloud-aws-types - Versions diffs - 0.1.3 → 0.1.4 - Mend

@stacksjs/ts-cloud-aws-types 0.1.3 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

package/README.md CHANGED Viewed

@@ -6,13 +6,13 @@
 <!-- [![npm downloads][npm-downloads-src]][npm-downloads-href] -->
 <!-- [![Codecov][codecov-src]][codecov-href] -->
-# ts-cloud
+# @stacksjs/ts-cloud
 > Zero-dependency AWS infrastructure as TypeScript. Deploy production-ready cloud infrastructure without AWS SDK or CLI.
 ## Overview
-ts-cloud is a modern infrastructure-as-code framework that lets you define AWS infrastructure using TypeScript configuration files. Unlike AWS CDK or Terraform, ts-cloud:
+@stacksjs/ts-cloud is a modern infrastructure-as-code framework that lets you define AWS infrastructure using TypeScript configuration files. Unlike AWS CDK or Terraform, @stacksjs/ts-cloud:
 - **Zero AWS Dependencies** - No AWS SDK, no AWS CLI. Direct AWS API calls only.
 - **Type-Safe Configuration** - Full TypeScript types for all AWS resources
@@ -55,6 +55,23 @@ Complete CloudFormation template builders for:
 - **Monitoring** - CloudWatch dashboards, alarms, and log groups
 - **Security** - ACM certificates, WAF rules, security groups
+### 🔒 Pre-Deployment Security Scanning
+Built-in secret detection to prevent accidental credential exposure:
+- **35+ Secret Patterns** - AWS keys, API tokens, private keys, database credentials
+- **Automatic Scanning** - Runs before every deployment
+- **Configurable Severity** - Block on critical, high, medium, or low findings
+- **CI/CD Ready** - Integrate security checks into your pipeline
+```bash
+# Scan for secrets before deploying
+cloud deploy:security-scan --source ./dist
+# Deploy with automatic security scanning
+cloud deploy  # Scans automatically before deployment
+```
 ### ☁️ Direct AWS Integration
 No SDK, no CLI - pure AWS Signature V4 API calls:
@@ -69,7 +86,7 @@ No SDK, no CLI - pure AWS Signature V4 API calls:
 ### Installation
 ```bash
-bun add ts-cloud
+bun add @stacksjs/ts-cloud
 ```
 ### Your First Deployment
@@ -77,7 +94,7 @@ bun add ts-cloud
 Create a `cloud.config.ts`:
 ```typescript
-import { createStaticSitePreset } from 'ts-cloud/presets'
+import { createStaticSitePreset } from '@stacksjs/ts-cloud/presets'
 export default createStaticSitePreset({
   name: 'My Website',
@@ -104,7 +121,7 @@ That's it! You now have:
 #### Full-Stack Application
 ```typescript
-import { createFullStackAppPreset } from 'ts-cloud/presets'
+import { createFullStackAppPreset } from '@stacksjs/ts-cloud/presets'
 export default createFullStackAppPreset({
   name: 'My App',
@@ -125,7 +142,7 @@ Includes:
 #### Serverless API
 ```typescript
-import { createApiBackendPreset } from 'ts-cloud/presets'
+import { createApiBackendPreset } from '@stacksjs/ts-cloud/presets'
 export default createApiBackendPreset({
   name: 'My API',
@@ -148,7 +165,7 @@ Includes:
 You can extend any preset with custom configuration:
 ```typescript
-import { createNodeJsServerPreset, extendPreset } from 'ts-cloud/presets'
+import { createNodeJsServerPreset, extendPreset } from '@stacksjs/ts-cloud/presets'
 export default extendPreset(
   createNodeJsServerPreset({
@@ -175,7 +192,7 @@ export default extendPreset(
 Combine multiple presets:
 ```typescript
-import { composePresets, createStaticSitePreset, createApiBackendPreset } from 'ts-cloud/presets'
+import { composePresets, createStaticSitePreset, createApiBackendPreset } from '@stacksjs/ts-cloud/presets'
 export default composePresets(
   createStaticSitePreset({ name: 'Frontend', slug: 'frontend', domain: 'example.com' }),
@@ -198,7 +215,7 @@ export default composePresets(
 Generate templates programmatically:
 ```typescript
-import { CloudFormationBuilder } from 'ts-cloud/cloudformation'
+import { CloudFormationBuilder } from '@stacksjs/ts-cloud/cloudformation'
 const builder = new CloudFormationBuilder(config)
 const template = builder.build()
@@ -211,7 +228,7 @@ console.log(JSON.stringify(template, null, 2))
 Use the AWS clients directly:
 ```typescript
-import { CloudFormationClient, S3Client, CloudFrontClient } from 'ts-cloud/aws'
+import { CloudFormationClient, S3Client, CloudFrontClient } from '@stacksjs/ts-cloud/aws'
 // CloudFormation
 const cfn = new CloudFormationClient('us-east-1')
@@ -236,6 +253,74 @@ await cloudfront.createInvalidation({
 })
 ```
+## DNS Providers
+@stacksjs/ts-cloud supports multiple DNS providers for domain management and SSL certificate validation:
+### Cloudflare
+1. Log in to your [Cloudflare Dashboard](https://dash.cloudflare.com/)
+2. Go to **My Profile** → **API Tokens** (or visit https://dash.cloudflare.com/profile/api-tokens)
+3. Click **Create Token**
+4. Use the **Edit zone DNS** template, or create a custom token with:
+   - **Permissions**: Zone → DNS → Edit
+   - **Zone Resources**: Include → All zones (or specific zones)
+5. Copy the generated token
+```bash
+export CLOUDFLARE_API_TOKEN="your-api-token-here"
+```
+### Porkbun
+1. Log in to your [Porkbun Dashboard](https://porkbun.com/account/api)
+2. Enable API access for your domain(s)
+3. Generate an API key pair
+```bash
+export PORKBUN_API_KEY="your-api-key"
+export PORKBUN_SECRET_KEY="your-secret-key"
+```
+### GoDaddy
+1. Log in to [GoDaddy Developer Portal](https://developer.godaddy.com/)
+2. Create a new API key
+3. Note both the key and secret
+```bash
+export GODADDY_API_KEY="your-api-key"
+export GODADDY_API_SECRET="your-api-secret"
+export GODADDY_ENVIRONMENT="production"  # or "ote" for testing
+```
+### Route53
+Uses AWS credentials from environment or ~/.aws/credentials:
+```bash
+export AWS_ACCESS_KEY_ID="your-access-key"
+export AWS_SECRET_ACCESS_KEY="your-secret-key"
+export AWS_REGION="us-east-1"
+export AWS_HOSTED_ZONE_ID="Z1234567890"  # Optional
+```
+### CLI Usage
+```bash
+# List domains
+cloud domain:list --provider cloudflare
+# List DNS records
+cloud dns:records example.com --provider cloudflare
+# Add a DNS record
+cloud dns:add example.com A 192.168.1.1 --name api --provider cloudflare
+# Generate SSL certificate with DNS validation
+cloud domain:ssl example.com --provider cloudflare
+```
 ## Development
 ```bash
@@ -264,7 +349,7 @@ bun run typecheck
 ### No Dependencies
-ts-cloud uses **zero external dependencies** for AWS operations:
+@stacksjs/ts-cloud uses **zero external dependencies** for AWS operations:
 - **AWS Signature V4** - Manual request signing for authentication
 - **Direct HTTPS** - Native `fetch()` for API calls
@@ -312,8 +397,8 @@ The MIT License (MIT). Please see [LICENSE](LICENSE.md) for more information.
 Made with 💙
 <!-- Badges -->
-[npm-version-src]: https://img.shields.io/npm/v/ts-cloud?style=flat-square
-[npm-version-href]: https://npmjs.com/package/ts-cloud
+[npm-version-src]: https://img.shields.io/npm/v/@stacksjs/ts-cloud?style=flat-square
+[npm-version-href]: https://npmjs.com/package/@stacksjs/ts-cloud
 [github-actions-src]: https://img.shields.io/github/actions/workflow/status/stacksjs/ts-cloud/ci.yml?style=flat-square&branch=main
 [github-actions-href]: https://github.com/stacksjs/ts-cloud/actions?query=workflow%3Aci

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@stacksjs/ts-cloud-aws-types",
-  "version": "0.1.3",
+  "version": "0.1.4",
   "type": "module",
   "description": "AWS CloudFormation resource type definitions (without AWS SDK)",
   "author": "Chris Breuer <chris@stacksjs.com>",
@@ -19,6 +19,7 @@
   ],
   "scripts": {
     "build": "bun build src/index.ts --outdir dist --target bun",
+    "prepublishOnly": "bun --bun run build",
     "typecheck": "tsc --noEmit"
   },
   "devDependencies": {

package/src/acm.ts DELETED Viewed

@@ -1,20 +0,0 @@
-import type { CloudFormationResource } from './index'
-export interface ACMCertificate extends CloudFormationResource {
-  Type: 'AWS::CertificateManager::Certificate'
-  Properties: {
-    DomainName: string
-    SubjectAlternativeNames?: string[]
-    DomainValidationOptions?: Array<{
-      DomainName: string
-      HostedZoneId?: string
-      ValidationDomain?: string
-    }>
-    ValidationMethod?: 'DNS' | 'EMAIL'
-    CertificateTransparencyLoggingPreference?: 'ENABLED' | 'DISABLED'
-    Tags?: Array<{
-      Key: string
-      Value: string
-    }>
-  }
-}

package/src/alb.ts DELETED Viewed

@@ -1,73 +0,0 @@
-import type { CloudFormationResource } from './index'
-export interface ApplicationLoadBalancer extends CloudFormationResource {
-  Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer'
-  Properties: {
-    Name?: string
-    Scheme?: 'internet-facing' | 'internal'
-    Type?: 'application' | 'network' | 'gateway'
-    IpAddressType?: 'ipv4' | 'dualstack'
-    Subnets?: string[]
-    SecurityGroups?: string[]
-    Tags?: Array<{
-      Key: string
-      Value: string
-    }>
-  }
-}
-export interface TargetGroup extends CloudFormationResource {
-  Type: 'AWS::ElasticLoadBalancingV2::TargetGroup'
-  Properties: {
-    Name?: string
-    Port: number
-    Protocol: 'HTTP' | 'HTTPS' | 'TCP' | 'TLS' | 'UDP' | 'TCP_UDP'
-    VpcId: string | { Ref: string }
-    TargetType?: 'instance' | 'ip' | 'lambda' | 'alb'
-    HealthCheckEnabled?: boolean
-    HealthCheckProtocol?: 'HTTP' | 'HTTPS' | 'TCP' | 'TLS' | 'UDP' | 'TCP_UDP'
-    HealthCheckPath?: string
-    HealthCheckIntervalSeconds?: number
-    HealthCheckTimeoutSeconds?: number
-    HealthyThresholdCount?: number
-    UnhealthyThresholdCount?: number
-    Matcher?: {
-      HttpCode?: string
-      GrpcCode?: string
-    }
-    Tags?: Array<{
-      Key: string
-      Value: string
-    }>
-  }
-}
-export interface Listener extends CloudFormationResource {
-  Type: 'AWS::ElasticLoadBalancingV2::Listener'
-  Properties: {
-    LoadBalancerArn: string | { Ref: string }
-    Port: number
-    Protocol: 'HTTP' | 'HTTPS' | 'TCP' | 'TLS' | 'UDP' | 'TCP_UDP'
-    Certificates?: Array<{
-      CertificateArn: string
-    }>
-    SslPolicy?: string
-    DefaultActions: Array<{
-      Type: 'forward' | 'redirect' | 'fixed-response' | 'authenticate-cognito' | 'authenticate-oidc'
-      TargetGroupArn?: string | { Ref: string }
-      RedirectConfig?: {
-        Protocol?: string
-        Port?: string
-        Host?: string
-        Path?: string
-        Query?: string
-        StatusCode: 'HTTP_301' | 'HTTP_302'
-      }
-      FixedResponseConfig?: {
-        StatusCode: string
-        ContentType?: string
-        MessageBody?: string
-      }
-    }>
-  }
-}

package/src/apigateway.ts DELETED Viewed

@@ -1,85 +0,0 @@
-import type { CloudFormationResource } from './index'
-export interface ApiGatewayRestApi extends CloudFormationResource {
-  Type: 'AWS::ApiGateway::RestApi'
-  Properties: {
-    Name: string
-    Description?: string
-    EndpointConfiguration?: {
-      Types: ('EDGE' | 'REGIONAL' | 'PRIVATE')[]
-    }
-    Policy?: unknown
-    BinaryMediaTypes?: string[]
-    MinimumCompressionSize?: number
-    Tags?: Array<{
-      Key: string
-      Value: string
-    }>
-  }
-}
-export interface ApiGatewayHttpApi extends CloudFormationResource {
-  Type: 'AWS::ApiGatewayV2::Api'
-  Properties: {
-    Name: string
-    Description?: string
-    ProtocolType: 'HTTP' | 'WEBSOCKET'
-    CorsConfiguration?: {
-      AllowOrigins?: string[]
-      AllowMethods?: string[]
-      AllowHeaders?: string[]
-      ExposeHeaders?: string[]
-      MaxAge?: number
-      AllowCredentials?: boolean
-    }
-    Tags?: Record<string, string>
-  }
-}
-export interface ApiGatewayStage extends CloudFormationResource {
-  Type: 'AWS::ApiGateway::Stage'
-  Properties: {
-    StageName: string
-    RestApiId: string | { Ref: string }
-    DeploymentId: string | { Ref: string }
-    Description?: string
-    CacheClusterEnabled?: boolean
-    CacheClusterSize?: string
-    Variables?: Record<string, string>
-    MethodSettings?: Array<{
-      HttpMethod: string
-      ResourcePath: string
-      CachingEnabled?: boolean
-      CacheTtlInSeconds?: number
-      ThrottlingBurstLimit?: number
-      ThrottlingRateLimit?: number
-    }>
-    Tags?: Array<{
-      Key: string
-      Value: string
-    }>
-  }
-}
-export interface ApiGatewayDeployment extends CloudFormationResource {
-  Type: 'AWS::ApiGateway::Deployment'
-  Properties: {
-    RestApiId: string | { Ref: string }
-    Description?: string
-    StageName?: string
-  }
-}
-export interface ApiGatewayAuthorizer extends CloudFormationResource {
-  Type: 'AWS::ApiGateway::Authorizer'
-  Properties: {
-    Name: string
-    Type: 'TOKEN' | 'REQUEST' | 'COGNITO_USER_POOLS'
-    RestApiId: string | { Ref: string }
-    AuthorizerUri?: string
-    AuthorizerCredentials?: string
-    IdentitySource?: string
-    ProviderARNs?: string[]
-    AuthorizerResultTtlInSeconds?: number
-  }
-}

package/src/appsync.ts DELETED Viewed

@@ -1,246 +0,0 @@
-/**
- * AWS AppSync Types
- * CloudFormation resource types for AWS AppSync (GraphQL)
- */
-import type { Tag } from './common'
-export interface GraphQLApi {
-  Type: 'AWS::AppSync::GraphQLApi'
-  Properties: {
-    Name: string
-    AuthenticationType: 'API_KEY' | 'AWS_IAM' | 'AMAZON_COGNITO_USER_POOLS' | 'OPENID_CONNECT' | 'AWS_LAMBDA'
-    // Optional authentication providers
-    AdditionalAuthenticationProviders?: Array<{
-      AuthenticationType: 'API_KEY' | 'AWS_IAM' | 'AMAZON_COGNITO_USER_POOLS' | 'OPENID_CONNECT' | 'AWS_LAMBDA'
-      UserPoolConfig?: {
-        UserPoolId: string | { Ref: string }
-        AwsRegion?: string
-        AppIdClientRegex?: string
-      }
-      OpenIDConnectConfig?: {
-        Issuer: string
-        ClientId?: string
-        IatTTL?: number
-        AuthTTL?: number
-      }
-      LambdaAuthorizerConfig?: {
-        AuthorizerUri: string | { Ref: string }
-        AuthorizerResultTtlInSeconds?: number
-        IdentityValidationExpression?: string
-      }
-    }>
-    // Cognito User Pool config (if using AMAZON_COGNITO_USER_POOLS)
-    UserPoolConfig?: {
-      UserPoolId: string | { Ref: string }
-      AwsRegion?: string
-      DefaultAction: 'ALLOW' | 'DENY'
-      AppIdClientRegex?: string
-    }
-    // OpenID Connect config (if using OPENID_CONNECT)
-    OpenIDConnectConfig?: {
-      Issuer: string
-      ClientId?: string
-      IatTTL?: number
-      AuthTTL?: number
-    }
-    // Lambda authorizer config (if using AWS_LAMBDA)
-    LambdaAuthorizerConfig?: {
-      AuthorizerUri: string | { Ref: string }
-      AuthorizerResultTtlInSeconds?: number
-      IdentityValidationExpression?: string
-    }
-    // Logging
-    LogConfig?: {
-      CloudWatchLogsRoleArn: string | { Ref: string }
-      FieldLogLevel: 'NONE' | 'ERROR' | 'ALL'
-      ExcludeVerboseContent?: boolean
-    }
-    // X-Ray tracing
-    XrayEnabled?: boolean
-    Tags?: Tag[]
-  }
-  DeletionPolicy?: 'Delete' | 'Retain'
-  UpdateReplacePolicy?: 'Delete' | 'Retain'
-}
-export interface GraphQLSchema {
-  Type: 'AWS::AppSync::GraphQLSchema'
-  Properties: {
-    ApiId: string | { Ref: string }
-    Definition?: string
-    DefinitionS3Location?: string
-  }
-  DependsOn?: string | string[]
-}
-export interface DataSource {
-  Type: 'AWS::AppSync::DataSource'
-  Properties: {
-    ApiId: string | { Ref: string }
-    Name: string
-    Type: 'AWS_LAMBDA' | 'AMAZON_DYNAMODB' | 'AMAZON_ELASTICSEARCH' | 'AMAZON_OPENSEARCH_SERVICE' | 'HTTP' | 'RELATIONAL_DATABASE' | 'NONE'
-    ServiceRoleArn?: string | { Ref: string }
-    // Lambda config (if Type = AWS_LAMBDA)
-    LambdaConfig?: {
-      LambdaFunctionArn: string | { Ref: string }
-    }
-    // DynamoDB config (if Type = AMAZON_DYNAMODB)
-    DynamoDBConfig?: {
-      TableName: string | { Ref: string }
-      AwsRegion: string
-      UseCallerCredentials?: boolean
-      DeltaSyncConfig?: {
-        BaseTableTTL: number
-        DeltaSyncTableName: string | { Ref: string }
-        DeltaSyncTableTTL: number
-      }
-      Versioned?: boolean
-    }
-    // OpenSearch config (if Type = AMAZON_OPENSEARCH_SERVICE)
-    OpenSearchServiceConfig?: {
-      AwsRegion: string
-      Endpoint: string | { 'Fn::GetAtt': [string, string] }
-    }
-    // HTTP config (if Type = HTTP)
-    HttpConfig?: {
-      Endpoint: string
-      AuthorizationConfig?: {
-        AuthorizationType: 'AWS_IAM'
-        AwsIamConfig?: {
-          SigningRegion?: string
-          SigningServiceName?: string
-        }
-      }
-    }
-    // RDS config (if Type = RELATIONAL_DATABASE)
-    RelationalDatabaseConfig?: {
-      RelationalDatabaseSourceType: 'RDS_HTTP_ENDPOINT'
-      RdsHttpEndpointConfig?: {
-        AwsRegion: string
-        DbClusterIdentifier: string | { Ref: string }
-        DatabaseName?: string
-        Schema?: string
-        AwsSecretStoreArn: string | { Ref: string }
-      }
-    }
-    Description?: string
-  }
-  DependsOn?: string | string[]
-}
-export interface Resolver {
-  Type: 'AWS::AppSync::Resolver'
-  Properties: {
-    ApiId: string | { Ref: string }
-    TypeName: string // e.g., 'Query', 'Mutation', 'Subscription'
-    FieldName: string
-    DataSourceName?: string | { Ref: string }
-    // Request/Response mapping templates (VTL)
-    RequestMappingTemplate?: string
-    ResponseMappingTemplate?: string
-    // Or use S3 location
-    RequestMappingTemplateS3Location?: string
-    ResponseMappingTemplateS3Location?: string
-    // Pipeline resolvers
-    Kind?: 'UNIT' | 'PIPELINE'
-    PipelineConfig?: {
-      Functions?: Array<string | { Ref: string }>
-    }
-    // Caching
-    CachingConfig?: {
-      CachingKeys?: string[]
-      Ttl?: number
-    }
-    // Sync config (for subscriptions)
-    SyncConfig?: {
-      ConflictDetection: 'VERSION' | 'NONE'
-      ConflictHandler?: 'OPTIMISTIC_CONCURRENCY' | 'LAMBDA' | 'AUTOMERGE'
-      LambdaConflictHandlerConfig?: {
-        LambdaConflictHandlerArn: string | { Ref: string }
-      }
-    }
-    // Code (for JavaScript resolvers)
-    Code?: string
-    CodeS3Location?: string
-    Runtime?: {
-      Name: 'APPSYNC_JS'
-      RuntimeVersion: string
-    }
-  }
-  DependsOn?: string | string[]
-}
-export interface FunctionConfiguration {
-  Type: 'AWS::AppSync::FunctionConfiguration'
-  Properties: {
-    ApiId: string | { Ref: string }
-    Name: string
-    DataSourceName: string | { Ref: string }
-    FunctionVersion?: string
-    // Request/Response mapping templates
-    RequestMappingTemplate?: string
-    ResponseMappingTemplate?: string
-    RequestMappingTemplateS3Location?: string
-    ResponseMappingTemplateS3Location?: string
-    // Code (for JavaScript functions)
-    Code?: string
-    CodeS3Location?: string
-    Runtime?: {
-      Name: 'APPSYNC_JS'
-      RuntimeVersion: string
-    }
-    Description?: string
-  }
-  DependsOn?: string | string[]
-}
-export interface ApiKey {
-  Type: 'AWS::AppSync::ApiKey'
-  Properties: {
-    ApiId: string | { Ref: string }
-    Description?: string
-    Expires?: number // Unix timestamp
-  }
-  DependsOn?: string | string[]
-}
-export interface DomainName {
-  Type: 'AWS::AppSync::DomainName'
-  Properties: {
-    DomainName: string
-    CertificateArn: string | { Ref: string }
-    Description?: string
-  }
-}
-export interface DomainNameApiAssociation {
-  Type: 'AWS::AppSync::DomainNameApiAssociation'
-  Properties: {
-    DomainName: string | { Ref: string }
-    ApiId: string | { Ref: string }
-  }
-  DependsOn?: string | string[]
-}