npm - @stacksjs/ts-cloud-core - Versions diffs - 0.1.1 - Mend

@stacksjs/ts-cloud-core 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (251) hide show

package/LICENSE.md +21 -0
package/README.md +321 -0
package/package.json +31 -0
package/src/advanced-features.test.ts +465 -0
package/src/aws/cloudformation.ts +421 -0
package/src/aws/cloudfront.ts +158 -0
package/src/aws/credentials.test.ts +132 -0
package/src/aws/credentials.ts +545 -0
package/src/aws/index.ts +87 -0
package/src/aws/s3.test.ts +188 -0
package/src/aws/s3.ts +1088 -0
package/src/aws/signature.test.ts +670 -0
package/src/aws/signature.ts +1155 -0
package/src/backup/disaster-recovery.test.ts +726 -0
package/src/backup/disaster-recovery.ts +500 -0
package/src/backup/index.ts +34 -0
package/src/backup/manager.test.ts +498 -0
package/src/backup/manager.ts +432 -0
package/src/cicd/circleci.ts +430 -0
package/src/cicd/github-actions.ts +424 -0
package/src/cicd/gitlab-ci.ts +255 -0
package/src/cicd/index.ts +8 -0
package/src/cli/history.ts +396 -0
package/src/cli/index.ts +10 -0
package/src/cli/progress.ts +458 -0
package/src/cli/repl.ts +454 -0
package/src/cli/suggestions.ts +327 -0
package/src/cli/table.test.ts +319 -0
package/src/cli/table.ts +332 -0
package/src/cloudformation/builder.test.ts +327 -0
package/src/cloudformation/builder.ts +378 -0
package/src/cloudformation/builders/api-gateway.ts +449 -0
package/src/cloudformation/builders/cache.ts +334 -0
package/src/cloudformation/builders/cdn.ts +278 -0
package/src/cloudformation/builders/compute.ts +485 -0
package/src/cloudformation/builders/database.ts +392 -0
package/src/cloudformation/builders/functions.ts +343 -0
package/src/cloudformation/builders/messaging.ts +140 -0
package/src/cloudformation/builders/monitoring.ts +300 -0
package/src/cloudformation/builders/network.ts +264 -0
package/src/cloudformation/builders/queue.ts +147 -0
package/src/cloudformation/builders/security.ts +399 -0
package/src/cloudformation/builders/storage.ts +285 -0
package/src/cloudformation/index.ts +30 -0
package/src/cloudformation/types.ts +173 -0
package/src/compliance/aws-config.ts +543 -0
package/src/compliance/cloudtrail.ts +376 -0
package/src/compliance/compliance.test.ts +423 -0
package/src/compliance/guardduty.ts +446 -0
package/src/compliance/index.ts +66 -0
package/src/compliance/security-hub.ts +456 -0
package/src/containers/build-optimization.ts +416 -0
package/src/containers/containers.test.ts +508 -0
package/src/containers/image-scanning.ts +360 -0
package/src/containers/index.ts +9 -0
package/src/containers/registry.ts +293 -0
package/src/containers/service-mesh.ts +520 -0
package/src/database/database.test.ts +762 -0
package/src/database/index.ts +9 -0
package/src/database/migrations.ts +444 -0
package/src/database/performance.ts +528 -0
package/src/database/replicas.ts +534 -0
package/src/database/users.ts +494 -0
package/src/dependency-graph.ts +143 -0
package/src/deployment/ab-testing.ts +582 -0
package/src/deployment/blue-green.ts +452 -0
package/src/deployment/canary.ts +500 -0
package/src/deployment/deployment.test.ts +526 -0
package/src/deployment/index.ts +61 -0
package/src/deployment/progressive.ts +62 -0
package/src/dns/dns.test.ts +641 -0
package/src/dns/dnssec.ts +315 -0
package/src/dns/index.ts +8 -0
package/src/dns/resolver.ts +496 -0
package/src/dns/routing.ts +593 -0
package/src/email/advanced/analytics.ts +445 -0
package/src/email/advanced/index.ts +11 -0
package/src/email/advanced/rules.ts +465 -0
package/src/email/advanced/scheduling.ts +352 -0
package/src/email/advanced/search.ts +412 -0
package/src/email/advanced/shared-mailboxes.ts +404 -0
package/src/email/advanced/templates.ts +455 -0
package/src/email/advanced/threading.ts +281 -0
package/src/email/analytics.ts +467 -0
package/src/email/bounce-handling.ts +425 -0
package/src/email/email.test.ts +431 -0
package/src/email/handlers/__tests__/inbound.test.ts +38 -0
package/src/email/handlers/__tests__/outbound.test.ts +37 -0
package/src/email/handlers/converter.ts +227 -0
package/src/email/handlers/feedback.ts +228 -0
package/src/email/handlers/inbound.ts +169 -0
package/src/email/handlers/outbound.ts +178 -0
package/src/email/index.ts +15 -0
package/src/email/reputation.ts +303 -0
package/src/email/templates.ts +352 -0
package/src/errors/index.test.ts +434 -0
package/src/errors/index.ts +416 -0
package/src/health-checks/index.ts +40 -0
package/src/index.ts +360 -0
package/src/intrinsic-functions.ts +118 -0
package/src/lambda/concurrency.ts +330 -0
package/src/lambda/destinations.ts +345 -0
package/src/lambda/dlq.ts +425 -0
package/src/lambda/index.ts +11 -0
package/src/lambda/lambda.test.ts +840 -0
package/src/lambda/layers.ts +263 -0
package/src/lambda/versions.ts +376 -0
package/src/lambda/vpc.ts +399 -0
package/src/local/config.ts +114 -0
package/src/local/index.ts +6 -0
package/src/local/mock-aws.ts +351 -0
package/src/modules/ai.ts +340 -0
package/src/modules/api.ts +478 -0
package/src/modules/auth.ts +805 -0
package/src/modules/cache.ts +417 -0
package/src/modules/cdn.ts +1062 -0
package/src/modules/communication.ts +1094 -0
package/src/modules/compute.ts +3348 -0
package/src/modules/database.ts +554 -0
package/src/modules/deployment.ts +1079 -0
package/src/modules/dns.ts +337 -0
package/src/modules/email.ts +1538 -0
package/src/modules/filesystem.ts +515 -0
package/src/modules/index.ts +32 -0
package/src/modules/messaging.ts +486 -0
package/src/modules/monitoring.ts +2086 -0
package/src/modules/network.ts +664 -0
package/src/modules/parameter-store.ts +325 -0
package/src/modules/permissions.ts +1081 -0
package/src/modules/phone.ts +494 -0
package/src/modules/queue.ts +1260 -0
package/src/modules/redirects.ts +464 -0
package/src/modules/registry.ts +699 -0
package/src/modules/search.ts +401 -0
package/src/modules/secrets.ts +416 -0
package/src/modules/security.ts +731 -0
package/src/modules/sms.ts +389 -0
package/src/modules/storage.ts +1120 -0
package/src/modules/workflow.ts +680 -0
package/src/multi-account/config.ts +521 -0
package/src/multi-account/index.ts +7 -0
package/src/multi-account/manager.ts +427 -0
package/src/multi-region/cross-region.ts +410 -0
package/src/multi-region/index.ts +8 -0
package/src/multi-region/manager.ts +483 -0
package/src/multi-region/regions.ts +435 -0
package/src/network-security/index.ts +48 -0
package/src/observability/index.ts +9 -0
package/src/observability/logs.ts +522 -0
package/src/observability/metrics.ts +460 -0
package/src/observability/observability.test.ts +782 -0
package/src/observability/synthetics.ts +568 -0
package/src/observability/xray.ts +358 -0
package/src/phone/advanced/analytics.ts +349 -0
package/src/phone/advanced/callbacks.ts +428 -0
package/src/phone/advanced/index.ts +8 -0
package/src/phone/advanced/ivr-builder.ts +504 -0
package/src/phone/advanced/recording.ts +310 -0
package/src/phone/handlers/__tests__/incoming-call.test.ts +40 -0
package/src/phone/handlers/incoming-call.ts +117 -0
package/src/phone/handlers/missed-call.ts +116 -0
package/src/phone/handlers/voicemail.ts +179 -0
package/src/phone/index.ts +9 -0
package/src/presets/api-backend.ts +134 -0
package/src/presets/data-pipeline.ts +204 -0
package/src/presets/extend.test.ts +295 -0
package/src/presets/extend.ts +297 -0
package/src/presets/fullstack-app.ts +144 -0
package/src/presets/index.ts +27 -0
package/src/presets/jamstack.ts +135 -0
package/src/presets/microservices.ts +167 -0
package/src/presets/ml-api.ts +208 -0
package/src/presets/nodejs-server.ts +104 -0
package/src/presets/nodejs-serverless.ts +114 -0
package/src/presets/realtime-app.ts +184 -0
package/src/presets/static-site.ts +64 -0
package/src/presets/traditional-web-app.ts +339 -0
package/src/presets/wordpress.ts +138 -0
package/src/preview/github.test.ts +249 -0
package/src/preview/github.ts +297 -0
package/src/preview/index.ts +37 -0
package/src/preview/manager.test.ts +440 -0
package/src/preview/manager.ts +326 -0
package/src/preview/notifications.test.ts +582 -0
package/src/preview/notifications.ts +341 -0
package/src/queue/batch-processing.ts +402 -0
package/src/queue/dlq-monitoring.ts +402 -0
package/src/queue/fifo.ts +342 -0
package/src/queue/index.ts +9 -0
package/src/queue/management.ts +428 -0
package/src/queue/queue.test.ts +429 -0
package/src/resource-mgmt/index.ts +39 -0
package/src/resource-naming.ts +62 -0
package/src/s3/index.ts +523 -0
package/src/schema/cloud-config.schema.json +554 -0
package/src/schema/index.ts +68 -0
package/src/security/certificate-manager.ts +492 -0
package/src/security/index.ts +9 -0
package/src/security/scanning.ts +545 -0
package/src/security/secrets-manager.ts +476 -0
package/src/security/secrets-rotation.ts +456 -0
package/src/security/security.test.ts +738 -0
package/src/sms/advanced/ab-testing.ts +389 -0
package/src/sms/advanced/analytics.ts +336 -0
package/src/sms/advanced/campaigns.ts +523 -0
package/src/sms/advanced/chatbot.ts +224 -0
package/src/sms/advanced/index.ts +10 -0
package/src/sms/advanced/link-tracking.ts +248 -0
package/src/sms/advanced/mms.ts +308 -0
package/src/sms/handlers/__tests__/send.test.ts +40 -0
package/src/sms/handlers/delivery-status.ts +133 -0
package/src/sms/handlers/receive.ts +162 -0
package/src/sms/handlers/send.ts +174 -0
package/src/sms/index.ts +9 -0
package/src/stack-diff.ts +389 -0
package/src/static-site/index.ts +85 -0
package/src/template-builder.ts +110 -0
package/src/template-validator.ts +574 -0
package/src/utils/cache.ts +291 -0
package/src/utils/diff.ts +269 -0
package/src/utils/hash.ts +227 -0
package/src/utils/index.ts +8 -0
package/src/utils/parallel.ts +294 -0
package/src/validators/credentials.test.ts +274 -0
package/src/validators/credentials.ts +233 -0
package/src/validators/quotas.test.ts +434 -0
package/src/validators/quotas.ts +217 -0
package/test/ai.test.ts +327 -0
package/test/api.test.ts +511 -0
package/test/auth.test.ts +632 -0
package/test/cache.test.ts +406 -0
package/test/cdn.test.ts +247 -0
package/test/compute.test.ts +861 -0
package/test/database.test.ts +523 -0
package/test/deployment.test.ts +499 -0
package/test/dns.test.ts +270 -0
package/test/email.test.ts +439 -0
package/test/filesystem.test.ts +382 -0
package/test/integration.test.ts +350 -0
package/test/messaging.test.ts +514 -0
package/test/monitoring.test.ts +634 -0
package/test/network.test.ts +425 -0
package/test/permissions.test.ts +488 -0
package/test/queue.test.ts +484 -0
package/test/registry.test.ts +306 -0
package/test/security.test.ts +462 -0
package/test/storage.test.ts +463 -0
package/test/template-validator.test.ts +559 -0
package/test/workflow.test.ts +592 -0
package/tsconfig.json +16 -0
package/tsconfig.tsbuildinfo +1 -0

package/src/security/certificate-manager.ts ADDED Viewed

@@ -0,0 +1,492 @@
+/**
+ * Certificate Lifecycle Management
+ * Automated certificate provisioning, renewal, and monitoring
+ */
+export interface Certificate {
+  id: string
+  arn: string
+  domainName: string
+  subjectAlternativeNames?: string[]
+  validationMethod: 'DNS' | 'EMAIL'
+  status: CertificateStatus
+  issuer?: string
+  issuedAt?: Date
+  expiresAt?: Date
+  renewalEligibility?: boolean
+  inUseBy?: string[] // Resource ARNs
+}
+export type CertificateStatus =
+  | 'PENDING_VALIDATION'
+  | 'ISSUED'
+  | 'INACTIVE'
+  | 'EXPIRED'
+  | 'VALIDATION_TIMED_OUT'
+  | 'REVOKED'
+  | 'FAILED'
+export interface CertificateRenewal {
+  id: string
+  certificateArn: string
+  autoRenew: boolean
+  renewBeforeDays: number // Renew X days before expiration
+  lastRenewal?: Date
+  nextRenewal?: Date
+  renewalStatus?: 'success' | 'pending' | 'failed'
+}
+export interface CertificateValidation {
+  domainName: string
+  validationMethod: 'DNS' | 'EMAIL'
+  validationStatus: 'PENDING' | 'SUCCESS' | 'FAILED'
+  resourceRecords?: DnsRecord[]
+  validationEmails?: string[]
+}
+export interface DnsRecord {
+  name: string
+  type: 'CNAME' | 'A' | 'AAAA' | 'TXT'
+  value: string
+}
+export interface CertificateMonitor {
+  id: string
+  name: string
+  certificates: string[] // Certificate ARNs
+  expirationThreshold: number // days
+  alertEnabled: boolean
+  snsTopicArn?: string
+}
+export interface CertificateAlert {
+  id: string
+  certificateArn: string
+  alertType: 'expiring_soon' | 'expired' | 'renewal_failed' | 'validation_failed'
+  severity: 'critical' | 'warning' | 'info'
+  message: string
+  timestamp: Date
+  acknowledged?: boolean
+}
+/**
+ * Certificate manager
+ */
+export class CertificateManager {
+  private certificates: Map<string, Certificate> = new Map()
+  private renewals: Map<string, CertificateRenewal> = new Map()
+  private validations: Map<string, CertificateValidation> = new Map()
+  private monitors: Map<string, CertificateMonitor> = new Map()
+  private alerts: Map<string, CertificateAlert> = new Map()
+  private certificateCounter = 0
+  private renewalCounter = 0
+  private validationCounter = 0
+  private monitorCounter = 0
+  private alertCounter = 0
+  /**
+   * Request certificate
+   */
+  requestCertificate(options: {
+    domainName: string
+    subjectAlternativeNames?: string[]
+    validationMethod?: 'DNS' | 'EMAIL'
+  }): Certificate {
+    const id = `cert-${Date.now()}-${this.certificateCounter++}`
+    const arn = `arn:aws:acm:us-east-1:123456789012:certificate/${id}`
+    const certificate: Certificate = {
+      id,
+      arn,
+      domainName: options.domainName,
+      subjectAlternativeNames: options.subjectAlternativeNames,
+      validationMethod: options.validationMethod || 'DNS',
+      status: 'PENDING_VALIDATION',
+    }
+    this.certificates.set(id, certificate)
+    // Create validation record
+    this.createValidation(certificate)
+    return certificate
+  }
+  /**
+   * Request wildcard certificate
+   */
+  requestWildcardCertificate(options: {
+    domainName: string
+    includeApex?: boolean
+  }): Certificate {
+    const sans: string[] = []
+    if (options.includeApex) {
+      sans.push(options.domainName.replace('*.', ''))
+    }
+    return this.requestCertificate({
+      domainName: options.domainName,
+      subjectAlternativeNames: sans.length > 0 ? sans : undefined,
+      validationMethod: 'DNS',
+    })
+  }
+  /**
+   * Request multi-domain certificate
+   */
+  requestMultiDomainCertificate(options: {
+    primaryDomain: string
+    additionalDomains: string[]
+    validationMethod?: 'DNS' | 'EMAIL'
+  }): Certificate {
+    return this.requestCertificate({
+      domainName: options.primaryDomain,
+      subjectAlternativeNames: options.additionalDomains,
+      validationMethod: options.validationMethod || 'DNS',
+    })
+  }
+  /**
+   * Create certificate validation
+   */
+  private createValidation(certificate: Certificate): CertificateValidation {
+    const validation: CertificateValidation = {
+      domainName: certificate.domainName,
+      validationMethod: certificate.validationMethod,
+      validationStatus: 'PENDING',
+    }
+    if (certificate.validationMethod === 'DNS') {
+      validation.resourceRecords = [
+        {
+          name: `_${Math.random().toString(36).slice(2)}.${certificate.domainName}`,
+          type: 'CNAME',
+          value: `_${Math.random().toString(36).slice(2)}.acm-validations.aws.`,
+        },
+      ]
+    } else {
+      validation.validationEmails = [
+        `admin@${certificate.domainName}`,
+        `administrator@${certificate.domainName}`,
+        `hostmaster@${certificate.domainName}`,
+      ]
+    }
+    this.validations.set(certificate.id, validation)
+    return validation
+  }
+  /**
+   * Validate certificate
+   */
+  validateCertificate(certificateId: string): { success: boolean; message: string } {
+    const certificate = this.certificates.get(certificateId)
+    const validation = this.validations.get(certificateId)
+    if (!certificate || !validation) {
+      return { success: false, message: 'Certificate or validation not found' }
+    }
+    // Simulate validation
+    validation.validationStatus = 'SUCCESS'
+    certificate.status = 'ISSUED'
+    certificate.issuedAt = new Date()
+    certificate.expiresAt = new Date(Date.now() + 365 * 24 * 60 * 60 * 1000) // 1 year
+    certificate.renewalEligibility = true
+    certificate.issuer = 'Amazon'
+    return { success: true, message: 'Certificate validated and issued successfully' }
+  }
+  /**
+   * Enable auto-renewal
+   */
+  enableAutoRenewal(options: {
+    certificateArn: string
+    renewBeforeDays?: number
+  }): CertificateRenewal {
+    const id = `renewal-${Date.now()}-${this.renewalCounter++}`
+    const renewal: CertificateRenewal = {
+      id,
+      certificateArn: options.certificateArn,
+      autoRenew: true,
+      renewBeforeDays: options.renewBeforeDays || 30,
+    }
+    this.renewals.set(id, renewal)
+    return renewal
+  }
+  /**
+   * Renew certificate
+   */
+  async renewCertificate(renewalId: string): Promise<{ success: boolean; message: string }> {
+    const renewal = this.renewals.get(renewalId)
+    if (!renewal) {
+      return { success: false, message: 'Renewal configuration not found' }
+    }
+    const certificate = Array.from(this.certificates.values()).find(
+      c => c.arn === renewal.certificateArn
+    )
+    if (!certificate) {
+      return { success: false, message: 'Certificate not found' }
+    }
+    console.log(`\nRenewing certificate: ${certificate.domainName}`)
+    console.log(`Certificate ARN: ${certificate.arn}`)
+    try {
+      console.log('\n1. Requesting new certificate...')
+      console.log('2. Validating domain ownership...')
+      console.log('3. Issuing renewed certificate...')
+      console.log('4. Updating resource associations...')
+      // Update certificate
+      certificate.issuedAt = new Date()
+      certificate.expiresAt = new Date(Date.now() + 365 * 24 * 60 * 60 * 1000)
+      // Update renewal record
+      renewal.lastRenewal = new Date()
+      renewal.renewalStatus = 'success'
+      renewal.nextRenewal = new Date(
+        certificate.expiresAt.getTime() - renewal.renewBeforeDays * 24 * 60 * 60 * 1000
+      )
+      console.log('\n✓ Certificate renewed successfully')
+      console.log(`  New expiration: ${certificate.expiresAt.toISOString()}`)
+      console.log(`  Next renewal: ${renewal.nextRenewal.toISOString()}`)
+      return { success: true, message: 'Certificate renewed successfully' }
+    } catch (error) {
+      renewal.renewalStatus = 'failed'
+      this.createAlert({
+        certificateArn: certificate.arn,
+        alertType: 'renewal_failed',
+        severity: 'critical',
+        message: `Certificate renewal failed: ${error}`,
+      })
+      return {
+        success: false,
+        message: error instanceof Error ? error.message : String(error),
+      }
+    }
+  }
+  /**
+   * Create certificate monitor
+   */
+  createMonitor(monitor: Omit<CertificateMonitor, 'id'>): CertificateMonitor {
+    const id = `monitor-${Date.now()}-${this.monitorCounter++}`
+    const certificateMonitor: CertificateMonitor = {
+      id,
+      ...monitor,
+    }
+    this.monitors.set(id, certificateMonitor)
+    return certificateMonitor
+  }
+  /**
+   * Check certificate expiration
+   */
+  checkExpiration(): CertificateAlert[] {
+    const alerts: CertificateAlert[] = []
+    const now = Date.now()
+    for (const certificate of this.certificates.values()) {
+      if (!certificate.expiresAt) continue
+      const daysUntilExpiration =
+        (certificate.expiresAt.getTime() - now) / (1000 * 60 * 60 * 24)
+      // Check if expired
+      if (daysUntilExpiration < 0) {
+        alerts.push(
+          this.createAlert({
+            certificateArn: certificate.arn,
+            alertType: 'expired',
+            severity: 'critical',
+            message: `Certificate has expired for ${certificate.domainName}`,
+          })
+        )
+      }
+      // Check if expiring soon (within 30 days)
+      else if (daysUntilExpiration < 30) {
+        alerts.push(
+          this.createAlert({
+            certificateArn: certificate.arn,
+            alertType: 'expiring_soon',
+            severity: daysUntilExpiration < 7 ? 'critical' : 'warning',
+            message: `Certificate expiring in ${Math.floor(daysUntilExpiration)} days for ${certificate.domainName}`,
+          })
+        )
+      }
+    }
+    return alerts
+  }
+  /**
+   * Create alert
+   */
+  createAlert(alert: Omit<CertificateAlert, 'id' | 'timestamp' | 'acknowledged'>): CertificateAlert {
+    const id = `alert-${Date.now()}-${this.alertCounter++}`
+    const certificateAlert: CertificateAlert = {
+      id,
+      timestamp: new Date(),
+      acknowledged: false,
+      ...alert,
+    }
+    this.alerts.set(id, certificateAlert)
+    return certificateAlert
+  }
+  /**
+   * Acknowledge alert
+   */
+  acknowledgeAlert(alertId: string): void {
+    const alert = this.alerts.get(alertId)
+    if (alert) {
+      alert.acknowledged = true
+    }
+  }
+  /**
+   * Get certificate
+   */
+  getCertificate(id: string): Certificate | undefined {
+    return this.certificates.get(id)
+  }
+  /**
+   * List certificates
+   */
+  listCertificates(): Certificate[] {
+    return Array.from(this.certificates.values())
+  }
+  /**
+   * Get expiring certificates
+   */
+  getExpiringCertificates(days: number = 30): Certificate[] {
+    const cutoffTime = Date.now() + days * 24 * 60 * 60 * 1000
+    return Array.from(this.certificates.values()).filter(
+      cert => cert.expiresAt && cert.expiresAt.getTime() < cutoffTime
+    )
+  }
+  /**
+   * Get validation
+   */
+  getValidation(certificateId: string): CertificateValidation | undefined {
+    return this.validations.get(certificateId)
+  }
+  /**
+   * Get renewal
+   */
+  getRenewal(id: string): CertificateRenewal | undefined {
+    return this.renewals.get(id)
+  }
+  /**
+   * List renewals
+   */
+  listRenewals(): CertificateRenewal[] {
+    return Array.from(this.renewals.values())
+  }
+  /**
+   * List alerts
+   */
+  listAlerts(acknowledged: boolean = false): CertificateAlert[] {
+    return Array.from(this.alerts.values()).filter(
+      alert => alert.acknowledged === acknowledged
+    )
+  }
+  /**
+   * Generate CloudFormation for certificate
+   */
+  generateCertificateCF(certificate: Certificate): any {
+    return {
+      Type: 'AWS::CertificateManager::Certificate',
+      Properties: {
+        DomainName: certificate.domainName,
+        ...(certificate.subjectAlternativeNames && {
+          SubjectAlternativeNames: certificate.subjectAlternativeNames,
+        }),
+        ValidationMethod: certificate.validationMethod,
+      },
+    }
+  }
+  /**
+   * Generate CloudWatch alarm for expiration
+   */
+  generateExpirationAlarmCF(options: {
+    alarmName: string
+    certificateArn: string
+    daysBeforeExpiration: number
+    snsTopicArn?: string
+  }): any {
+    return {
+      Type: 'AWS::CloudWatch::Alarm',
+      Properties: {
+        AlarmName: options.alarmName,
+        AlarmDescription: `Certificate expiring in ${options.daysBeforeExpiration} days`,
+        MetricName: 'DaysToExpiry',
+        Namespace: 'AWS/CertificateManager',
+        Statistic: 'Minimum',
+        Period: 86400, // 1 day
+        EvaluationPeriods: 1,
+        Threshold: options.daysBeforeExpiration,
+        ComparisonOperator: 'LessThanThreshold',
+        Dimensions: [
+          {
+            Name: 'CertificateArn',
+            Value: options.certificateArn,
+          },
+        ],
+        ...(options.snsTopicArn && {
+          AlarmActions: [options.snsTopicArn],
+        }),
+      },
+    }
+  }
+  /**
+   * Clear all data
+   */
+  clear(): void {
+    this.certificates.clear()
+    this.renewals.clear()
+    this.validations.clear()
+    this.monitors.clear()
+    this.alerts.clear()
+    this.certificateCounter = 0
+    this.renewalCounter = 0
+    this.validationCounter = 0
+    this.monitorCounter = 0
+    this.alertCounter = 0
+  }
+}
+/**
+ * Global certificate manager instance
+ */
+export const certificateManager: CertificateManager = new CertificateManager()

package/src/security/index.ts ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Security Module
+ * Secrets management, certificate lifecycle, and security scanning
+ */
+export * from './secrets-rotation'
+export * from './secrets-manager'
+export * from './certificate-manager'
+export * from './scanning'