npm - @stacksjs/ts-cloud-core - Versions diffs - 0.1.1 - Mend

@stacksjs/ts-cloud-core 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (251) hide show

package/LICENSE.md +21 -0
package/README.md +321 -0
package/package.json +31 -0
package/src/advanced-features.test.ts +465 -0
package/src/aws/cloudformation.ts +421 -0
package/src/aws/cloudfront.ts +158 -0
package/src/aws/credentials.test.ts +132 -0
package/src/aws/credentials.ts +545 -0
package/src/aws/index.ts +87 -0
package/src/aws/s3.test.ts +188 -0
package/src/aws/s3.ts +1088 -0
package/src/aws/signature.test.ts +670 -0
package/src/aws/signature.ts +1155 -0
package/src/backup/disaster-recovery.test.ts +726 -0
package/src/backup/disaster-recovery.ts +500 -0
package/src/backup/index.ts +34 -0
package/src/backup/manager.test.ts +498 -0
package/src/backup/manager.ts +432 -0
package/src/cicd/circleci.ts +430 -0
package/src/cicd/github-actions.ts +424 -0
package/src/cicd/gitlab-ci.ts +255 -0
package/src/cicd/index.ts +8 -0
package/src/cli/history.ts +396 -0
package/src/cli/index.ts +10 -0
package/src/cli/progress.ts +458 -0
package/src/cli/repl.ts +454 -0
package/src/cli/suggestions.ts +327 -0
package/src/cli/table.test.ts +319 -0
package/src/cli/table.ts +332 -0
package/src/cloudformation/builder.test.ts +327 -0
package/src/cloudformation/builder.ts +378 -0
package/src/cloudformation/builders/api-gateway.ts +449 -0
package/src/cloudformation/builders/cache.ts +334 -0
package/src/cloudformation/builders/cdn.ts +278 -0
package/src/cloudformation/builders/compute.ts +485 -0
package/src/cloudformation/builders/database.ts +392 -0
package/src/cloudformation/builders/functions.ts +343 -0
package/src/cloudformation/builders/messaging.ts +140 -0
package/src/cloudformation/builders/monitoring.ts +300 -0
package/src/cloudformation/builders/network.ts +264 -0
package/src/cloudformation/builders/queue.ts +147 -0
package/src/cloudformation/builders/security.ts +399 -0
package/src/cloudformation/builders/storage.ts +285 -0
package/src/cloudformation/index.ts +30 -0
package/src/cloudformation/types.ts +173 -0
package/src/compliance/aws-config.ts +543 -0
package/src/compliance/cloudtrail.ts +376 -0
package/src/compliance/compliance.test.ts +423 -0
package/src/compliance/guardduty.ts +446 -0
package/src/compliance/index.ts +66 -0
package/src/compliance/security-hub.ts +456 -0
package/src/containers/build-optimization.ts +416 -0
package/src/containers/containers.test.ts +508 -0
package/src/containers/image-scanning.ts +360 -0
package/src/containers/index.ts +9 -0
package/src/containers/registry.ts +293 -0
package/src/containers/service-mesh.ts +520 -0
package/src/database/database.test.ts +762 -0
package/src/database/index.ts +9 -0
package/src/database/migrations.ts +444 -0
package/src/database/performance.ts +528 -0
package/src/database/replicas.ts +534 -0
package/src/database/users.ts +494 -0
package/src/dependency-graph.ts +143 -0
package/src/deployment/ab-testing.ts +582 -0
package/src/deployment/blue-green.ts +452 -0
package/src/deployment/canary.ts +500 -0
package/src/deployment/deployment.test.ts +526 -0
package/src/deployment/index.ts +61 -0
package/src/deployment/progressive.ts +62 -0
package/src/dns/dns.test.ts +641 -0
package/src/dns/dnssec.ts +315 -0
package/src/dns/index.ts +8 -0
package/src/dns/resolver.ts +496 -0
package/src/dns/routing.ts +593 -0
package/src/email/advanced/analytics.ts +445 -0
package/src/email/advanced/index.ts +11 -0
package/src/email/advanced/rules.ts +465 -0
package/src/email/advanced/scheduling.ts +352 -0
package/src/email/advanced/search.ts +412 -0
package/src/email/advanced/shared-mailboxes.ts +404 -0
package/src/email/advanced/templates.ts +455 -0
package/src/email/advanced/threading.ts +281 -0
package/src/email/analytics.ts +467 -0
package/src/email/bounce-handling.ts +425 -0
package/src/email/email.test.ts +431 -0
package/src/email/handlers/__tests__/inbound.test.ts +38 -0
package/src/email/handlers/__tests__/outbound.test.ts +37 -0
package/src/email/handlers/converter.ts +227 -0
package/src/email/handlers/feedback.ts +228 -0
package/src/email/handlers/inbound.ts +169 -0
package/src/email/handlers/outbound.ts +178 -0
package/src/email/index.ts +15 -0
package/src/email/reputation.ts +303 -0
package/src/email/templates.ts +352 -0
package/src/errors/index.test.ts +434 -0
package/src/errors/index.ts +416 -0
package/src/health-checks/index.ts +40 -0
package/src/index.ts +360 -0
package/src/intrinsic-functions.ts +118 -0
package/src/lambda/concurrency.ts +330 -0
package/src/lambda/destinations.ts +345 -0
package/src/lambda/dlq.ts +425 -0
package/src/lambda/index.ts +11 -0
package/src/lambda/lambda.test.ts +840 -0
package/src/lambda/layers.ts +263 -0
package/src/lambda/versions.ts +376 -0
package/src/lambda/vpc.ts +399 -0
package/src/local/config.ts +114 -0
package/src/local/index.ts +6 -0
package/src/local/mock-aws.ts +351 -0
package/src/modules/ai.ts +340 -0
package/src/modules/api.ts +478 -0
package/src/modules/auth.ts +805 -0
package/src/modules/cache.ts +417 -0
package/src/modules/cdn.ts +1062 -0
package/src/modules/communication.ts +1094 -0
package/src/modules/compute.ts +3348 -0
package/src/modules/database.ts +554 -0
package/src/modules/deployment.ts +1079 -0
package/src/modules/dns.ts +337 -0
package/src/modules/email.ts +1538 -0
package/src/modules/filesystem.ts +515 -0
package/src/modules/index.ts +32 -0
package/src/modules/messaging.ts +486 -0
package/src/modules/monitoring.ts +2086 -0
package/src/modules/network.ts +664 -0
package/src/modules/parameter-store.ts +325 -0
package/src/modules/permissions.ts +1081 -0
package/src/modules/phone.ts +494 -0
package/src/modules/queue.ts +1260 -0
package/src/modules/redirects.ts +464 -0
package/src/modules/registry.ts +699 -0
package/src/modules/search.ts +401 -0
package/src/modules/secrets.ts +416 -0
package/src/modules/security.ts +731 -0
package/src/modules/sms.ts +389 -0
package/src/modules/storage.ts +1120 -0
package/src/modules/workflow.ts +680 -0
package/src/multi-account/config.ts +521 -0
package/src/multi-account/index.ts +7 -0
package/src/multi-account/manager.ts +427 -0
package/src/multi-region/cross-region.ts +410 -0
package/src/multi-region/index.ts +8 -0
package/src/multi-region/manager.ts +483 -0
package/src/multi-region/regions.ts +435 -0
package/src/network-security/index.ts +48 -0
package/src/observability/index.ts +9 -0
package/src/observability/logs.ts +522 -0
package/src/observability/metrics.ts +460 -0
package/src/observability/observability.test.ts +782 -0
package/src/observability/synthetics.ts +568 -0
package/src/observability/xray.ts +358 -0
package/src/phone/advanced/analytics.ts +349 -0
package/src/phone/advanced/callbacks.ts +428 -0
package/src/phone/advanced/index.ts +8 -0
package/src/phone/advanced/ivr-builder.ts +504 -0
package/src/phone/advanced/recording.ts +310 -0
package/src/phone/handlers/__tests__/incoming-call.test.ts +40 -0
package/src/phone/handlers/incoming-call.ts +117 -0
package/src/phone/handlers/missed-call.ts +116 -0
package/src/phone/handlers/voicemail.ts +179 -0
package/src/phone/index.ts +9 -0
package/src/presets/api-backend.ts +134 -0
package/src/presets/data-pipeline.ts +204 -0
package/src/presets/extend.test.ts +295 -0
package/src/presets/extend.ts +297 -0
package/src/presets/fullstack-app.ts +144 -0
package/src/presets/index.ts +27 -0
package/src/presets/jamstack.ts +135 -0
package/src/presets/microservices.ts +167 -0
package/src/presets/ml-api.ts +208 -0
package/src/presets/nodejs-server.ts +104 -0
package/src/presets/nodejs-serverless.ts +114 -0
package/src/presets/realtime-app.ts +184 -0
package/src/presets/static-site.ts +64 -0
package/src/presets/traditional-web-app.ts +339 -0
package/src/presets/wordpress.ts +138 -0
package/src/preview/github.test.ts +249 -0
package/src/preview/github.ts +297 -0
package/src/preview/index.ts +37 -0
package/src/preview/manager.test.ts +440 -0
package/src/preview/manager.ts +326 -0
package/src/preview/notifications.test.ts +582 -0
package/src/preview/notifications.ts +341 -0
package/src/queue/batch-processing.ts +402 -0
package/src/queue/dlq-monitoring.ts +402 -0
package/src/queue/fifo.ts +342 -0
package/src/queue/index.ts +9 -0
package/src/queue/management.ts +428 -0
package/src/queue/queue.test.ts +429 -0
package/src/resource-mgmt/index.ts +39 -0
package/src/resource-naming.ts +62 -0
package/src/s3/index.ts +523 -0
package/src/schema/cloud-config.schema.json +554 -0
package/src/schema/index.ts +68 -0
package/src/security/certificate-manager.ts +492 -0
package/src/security/index.ts +9 -0
package/src/security/scanning.ts +545 -0
package/src/security/secrets-manager.ts +476 -0
package/src/security/secrets-rotation.ts +456 -0
package/src/security/security.test.ts +738 -0
package/src/sms/advanced/ab-testing.ts +389 -0
package/src/sms/advanced/analytics.ts +336 -0
package/src/sms/advanced/campaigns.ts +523 -0
package/src/sms/advanced/chatbot.ts +224 -0
package/src/sms/advanced/index.ts +10 -0
package/src/sms/advanced/link-tracking.ts +248 -0
package/src/sms/advanced/mms.ts +308 -0
package/src/sms/handlers/__tests__/send.test.ts +40 -0
package/src/sms/handlers/delivery-status.ts +133 -0
package/src/sms/handlers/receive.ts +162 -0
package/src/sms/handlers/send.ts +174 -0
package/src/sms/index.ts +9 -0
package/src/stack-diff.ts +389 -0
package/src/static-site/index.ts +85 -0
package/src/template-builder.ts +110 -0
package/src/template-validator.ts +574 -0
package/src/utils/cache.ts +291 -0
package/src/utils/diff.ts +269 -0
package/src/utils/hash.ts +227 -0
package/src/utils/index.ts +8 -0
package/src/utils/parallel.ts +294 -0
package/src/validators/credentials.test.ts +274 -0
package/src/validators/credentials.ts +233 -0
package/src/validators/quotas.test.ts +434 -0
package/src/validators/quotas.ts +217 -0
package/test/ai.test.ts +327 -0
package/test/api.test.ts +511 -0
package/test/auth.test.ts +632 -0
package/test/cache.test.ts +406 -0
package/test/cdn.test.ts +247 -0
package/test/compute.test.ts +861 -0
package/test/database.test.ts +523 -0
package/test/deployment.test.ts +499 -0
package/test/dns.test.ts +270 -0
package/test/email.test.ts +439 -0
package/test/filesystem.test.ts +382 -0
package/test/integration.test.ts +350 -0
package/test/messaging.test.ts +514 -0
package/test/monitoring.test.ts +634 -0
package/test/network.test.ts +425 -0
package/test/permissions.test.ts +488 -0
package/test/queue.test.ts +484 -0
package/test/registry.test.ts +306 -0
package/test/security.test.ts +462 -0
package/test/storage.test.ts +463 -0
package/test/template-validator.test.ts +559 -0
package/test/workflow.test.ts +592 -0
package/tsconfig.json +16 -0
package/tsconfig.tsbuildinfo +1 -0

package/src/compliance/compliance.test.ts ADDED Viewed

@@ -0,0 +1,423 @@
+import { describe, expect, it, beforeEach } from 'bun:test'
+import { AWSConfigManager } from './aws-config'
+import { CloudTrailManager } from './cloudtrail'
+import { GuardDutyManager } from './guardduty'
+import { SecurityHubManager } from './security-hub'
+describe('AWS Config Manager', () => {
+  let manager: AWSConfigManager
+  beforeEach(() => {
+    manager = new AWSConfigManager()
+  })
+  describe('Config Recorder', () => {
+    it('should create config recorder', () => {
+      const recorder = manager.createConfigRecorder({
+        name: 'default',
+        roleArn: 'arn:aws:iam::123456789012:role/config-role',
+        recordingGroup: {
+          allSupported: true,
+          includeGlobalResourceTypes: true,
+        },
+      })
+      expect(recorder.name).toBe('default')
+      expect(recorder.roleArn).toBe('arn:aws:iam::123456789012:role/config-role')
+      expect(recorder.recordingGroup?.allSupported).toBe(true)
+    })
+    it('should get config recorder', () => {
+      manager.createConfigRecorder({
+        name: 'test-recorder',
+        roleArn: 'arn:aws:iam::123456789012:role/config-role',
+      })
+      const retrieved = manager.getConfigRecorder('test-recorder')
+      expect(retrieved).toBeDefined()
+      expect(retrieved?.name).toBe('test-recorder')
+    })
+  })
+  describe('Delivery Channel', () => {
+    it('should create delivery channel', () => {
+      const channel = manager.createDeliveryChannel({
+        name: 'default',
+        s3BucketName: 'config-bucket',
+        s3KeyPrefix: 'config',
+        snsTopicArn: 'arn:aws:sns:us-east-1:123456789012:config-topic',
+      })
+      expect(channel.name).toBe('default')
+      expect(channel.s3BucketName).toBe('config-bucket')
+      expect(channel.s3KeyPrefix).toBe('config')
+    })
+  })
+  describe('Config Rules', () => {
+    it('should create S3 encryption rule', () => {
+      const rule = manager.createS3EncryptionRule()
+      expect(rule.name).toBe('s3-bucket-server-side-encryption-enabled')
+      expect(rule.source).toBe('AWS_MANAGED')
+      expect(rule.identifier).toBe('S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED')
+      expect(rule.scope?.complianceResourceTypes).toContain('AWS::S3::Bucket')
+    })
+    it('should create RDS encryption rule', () => {
+      const rule = manager.createRdsEncryptionRule()
+      expect(rule.name).toBe('rds-storage-encrypted')
+      expect(rule.identifier).toBe('RDS_STORAGE_ENCRYPTED')
+      expect(rule.scope?.complianceResourceTypes).toContain('AWS::RDS::DBInstance')
+    })
+    it('should create IAM password policy rule', () => {
+      const rule = manager.createIamPasswordPolicyRule()
+      expect(rule.name).toBe('iam-password-policy')
+      expect(rule.inputParameters?.MinimumPasswordLength).toBe(14)
+      expect(rule.inputParameters?.RequireUppercaseCharacters).toBe(true)
+    })
+    it('should create custom Lambda rule', () => {
+      const rule = manager.createCustomLambdaRule({
+        name: 'custom-compliance-check',
+        description: 'Custom compliance validation',
+        lambdaFunctionArn: 'arn:aws:lambda:us-east-1:123456789012:function:compliance-check',
+        resourceTypes: ['AWS::EC2::Instance'],
+        maxExecutionFrequency: 'TwentyFour_Hours',
+      })
+      expect(rule.name).toBe('custom-compliance-check')
+      expect(rule.source).toBe('CUSTOM_LAMBDA')
+      expect(rule.lambdaFunctionArn).toBeDefined()
+      expect(rule.maxExecutionFrequency).toBe('TwentyFour_Hours')
+    })
+    it('should list config rules', () => {
+      manager.createS3EncryptionRule()
+      manager.createRdsEncryptionRule()
+      const rules = manager.listConfigRules()
+      expect(rules).toHaveLength(2)
+    })
+  })
+  describe('Compliance Presets', () => {
+    it('should create HIPAA preset', () => {
+      const rules = manager.createCompliancePreset('hipaa')
+      expect(rules.length).toBeGreaterThan(5)
+      expect(rules.some(r => r.name.includes('encryption'))).toBe(true)
+      expect(rules.some(r => r.name.includes('cloudtrail'))).toBe(true)
+    })
+    it('should create PCI-DSS preset', () => {
+      const rules = manager.createCompliancePreset('pci-dss')
+      expect(rules.length).toBeGreaterThan(7)
+      expect(rules.some(r => r.name.includes('mfa'))).toBe(true)
+      expect(rules.some(r => r.name.includes('encryption'))).toBe(true)
+    })
+    it('should create basic preset', () => {
+      const rules = manager.createCompliancePreset('basic')
+      expect(rules.length).toBeGreaterThan(4)
+    })
+  })
+  describe('CloudFormation Generation', () => {
+    it('should generate config rule CloudFormation', () => {
+      const rule = manager.createS3EncryptionRule()
+      const cf = manager.generateConfigRuleCF(rule)
+      expect(cf.Type).toBe('AWS::Config::ConfigRule')
+      expect(cf.Properties.ConfigRuleName).toBe('s3-bucket-server-side-encryption-enabled')
+      expect(cf.Properties.Source.Owner).toBe('AWS')
+      expect(cf.Properties.Source.SourceIdentifier).toBe('S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED')
+    })
+    it('should generate recorder CloudFormation', () => {
+      const recorder = manager.createConfigRecorder({
+        name: 'default',
+        roleArn: 'arn:aws:iam::123456789012:role/config-role',
+      })
+      const cf = manager.generateConfigRecorderCF(recorder)
+      expect(cf.Type).toBe('AWS::Config::ConfigurationRecorder')
+      expect(cf.Properties.Name).toBe('default')
+    })
+  })
+})
+describe('CloudTrail Manager', () => {
+  let manager: CloudTrailManager
+  beforeEach(() => {
+    manager = new CloudTrailManager()
+  })
+  describe('Trail Creation', () => {
+    it('should create basic trail', () => {
+      const trail = manager.createTrail({
+        name: 'my-trail',
+        s3BucketName: 'cloudtrail-bucket',
+        includeGlobalServiceEvents: true,
+        isMultiRegionTrail: true,
+        enableLogFileValidation: true,
+      })
+      expect(trail.id).toMatch(/^trail-\d+-\d+$/)
+      expect(trail.name).toBe('my-trail')
+      expect(trail.s3BucketName).toBe('cloudtrail-bucket')
+      expect(trail.enableLogFileValidation).toBe(true)
+    })
+    it('should create organization trail', () => {
+      const trail = manager.createOrganizationTrail({
+        name: 'org-trail',
+        s3BucketName: 'org-cloudtrail',
+        kmsKeyId: 'arn:aws:kms:us-east-1:123456789012:key/12345',
+      })
+      expect(trail.name).toBe('org-trail')
+      expect(trail.isMultiRegionTrail).toBe(true)
+      expect(trail.s3KeyPrefix).toBe('organization-trail')
+    })
+    it('should create security audit trail', () => {
+      const trail = manager.createSecurityAuditTrail({
+        name: 'security-audit',
+        s3BucketName: 'security-logs',
+        kmsKeyId: 'arn:aws:kms:us-east-1:123456789012:key/12345',
+        cloudWatchLogsLogGroupArn: 'arn:aws:logs:us-east-1:123456789012:log-group:cloudtrail',
+        cloudWatchLogsRoleArn: 'arn:aws:iam::123456789012:role/cloudtrail-logs',
+      })
+      expect(trail.insightSelectors).toHaveLength(2)
+      expect(trail.eventSelectors).toHaveLength(1)
+      expect(trail.enableLogFileValidation).toBe(true)
+    })
+    it('should create data events trail', () => {
+      const trail = manager.createDataEventsTrail({
+        name: 'data-events',
+        s3BucketName: 'data-events-bucket',
+        s3DataBuckets: ['app-bucket-1', 'app-bucket-2'],
+        lambdaFunctions: ['arn:aws:lambda:us-east-1:123456789012:function:my-function'],
+      })
+      expect(trail.eventSelectors).toHaveLength(1)
+      expect(trail.eventSelectors![0].dataResources).toHaveLength(2)
+    })
+  })
+  describe('CloudFormation Generation', () => {
+    it('should generate trail CloudFormation', () => {
+      const trail = manager.createTrail({
+        name: 'my-trail',
+        s3BucketName: 'cloudtrail-bucket',
+        kmsKeyId: 'arn:aws:kms:us-east-1:123456789012:key/12345',
+      })
+      const cf = manager.generateTrailCF(trail)
+      expect(cf.Type).toBe('AWS::CloudTrail::Trail')
+      expect(cf.Properties.TrailName).toBe('my-trail')
+      expect(cf.Properties.S3BucketName).toBe('cloudtrail-bucket')
+      expect(cf.Properties.KMSKeyId).toBeDefined()
+    })
+    it('should generate bucket policy', () => {
+      const policy = manager.generateBucketPolicy('cloudtrail-bucket', ['123456789012', '987654321098'])
+      expect(policy.Statement).toHaveLength(2)
+      expect(policy.Statement[0].Action).toBe('s3:GetBucketAcl')
+      expect(policy.Statement[1].Action).toBe('s3:PutObject')
+    })
+  })
+})
+describe('GuardDuty Manager', () => {
+  let manager: GuardDutyManager
+  beforeEach(() => {
+    manager = new GuardDutyManager()
+  })
+  describe('Detector Creation', () => {
+    it('should create basic detector', () => {
+      const detector = manager.createBasicDetector()
+      expect(detector.id).toMatch(/^detector-\d+-\d+$/)
+      expect(detector.enable).toBe(true)
+      expect(detector.findingPublishingFrequency).toBe('SIX_HOURS')
+    })
+    it('should create comprehensive detector', () => {
+      const detector = manager.createComprehensiveDetector()
+      expect(detector.enable).toBe(true)
+      expect(detector.findingPublishingFrequency).toBe('FIFTEEN_MINUTES')
+      expect(detector.dataSources?.s3Logs?.enable).toBe(true)
+      expect(detector.dataSources?.kubernetes?.auditLogs.enable).toBe(true)
+      expect(detector.features).toHaveLength(5)
+    })
+  })
+  describe('Finding Filters', () => {
+    it('should create low severity archive filter', () => {
+      const detector = manager.createBasicDetector()
+      const filter = manager.createLowSeverityArchiveFilter(detector.id)
+      expect(filter.action).toBe('ARCHIVE')
+      expect(filter.findingCriteria.criterion.severity.lt).toBe(4)
+    })
+    it('should create finding type filter', () => {
+      const detector = manager.createBasicDetector()
+      const filter = manager.createFindingTypeFilter(
+        detector.id,
+        ['Recon:EC2/PortProbeUnprotectedPort'],
+        'ARCHIVE',
+      )
+      expect(filter.action).toBe('ARCHIVE')
+      expect(filter.findingCriteria.criterion.type.eq).toContain('Recon:EC2/PortProbeUnprotectedPort')
+    })
+    it('should create trusted IP filter', () => {
+      const detector = manager.createBasicDetector()
+      const filter = manager.createTrustedIPFilter(detector.id, ['10.0.1.100', '10.0.2.200'])
+      expect(filter.action).toBe('ARCHIVE')
+      expect(filter.rank).toBe(3)
+    })
+  })
+  describe('CloudFormation Generation', () => {
+    it('should generate detector CloudFormation', () => {
+      const detector = manager.createComprehensiveDetector()
+      const cf = manager.generateDetectorCF(detector)
+      expect(cf.Type).toBe('AWS::GuardDuty::Detector')
+      expect(cf.Properties.Enable).toBe(true)
+      expect(cf.Properties.DataSources.S3Logs.Enable).toBe(true)
+      expect(cf.Properties.Features).toHaveLength(5)
+    })
+  })
+})
+describe('Security Hub Manager', () => {
+  let manager: SecurityHubManager
+  beforeEach(() => {
+    manager = new SecurityHubManager()
+  })
+  describe('Hub Creation', () => {
+    it('should create basic hub', () => {
+      const hub = manager.createBasicHub()
+      expect(hub.id).toMatch(/^hub-\d+-\d+$/)
+      expect(hub.enable).toBe(true)
+      expect(hub.standards).toHaveLength(1)
+    })
+    it('should create comprehensive hub', () => {
+      const hub = manager.createComprehensiveHub()
+      expect(hub.enable).toBe(true)
+      expect(hub.controlFindingGenerator).toBe('SECURITY_CONTROL')
+      expect(hub.standards).toHaveLength(3)
+    })
+  })
+  describe('Automation Rules', () => {
+    it('should create low severity suppression rule', () => {
+      const rule = manager.createLowSeveritySuppressionRule()
+      expect(rule.ruleName).toBe('Suppress Low Severity Informational Findings')
+      expect(rule.actions[0].findingFieldsUpdate.workflow?.status).toBe('SUPPRESSED')
+      expect(rule.criteria.severityLabel![0].value).toBe('INFORMATIONAL')
+    })
+    it('should create resource type notification rule', () => {
+      const rule = manager.createResourceTypeNotificationRule(['AWS::EC2::Instance', 'AWS::RDS::DBInstance'])
+      expect(rule.ruleName).toBe('Notify on Critical Resource Findings')
+      expect(rule.criteria.resourceType).toHaveLength(2)
+      expect(rule.criteria.severityLabel).toHaveLength(2)
+    })
+    it('should create compliance failure rule', () => {
+      const rule = manager.createComplianceFailureRule()
+      expect(rule.ruleName).toBe('Flag Compliance Failures')
+      expect(rule.actions[0].findingFieldsUpdate.severity?.label).toBe('HIGH')
+      expect(rule.criteria.complianceStatus![0].value).toBe('FAILED')
+    })
+    it('should create false positive suppression rule', () => {
+      const rule = manager.createFalsePositiveSuppressionRule('GuardDuty', ['Recon:', 'UnauthorizedAccess:'])
+      expect(rule.ruleName).toContain('GuardDuty')
+      expect(rule.criteria.title).toHaveLength(2)
+      expect(rule.actions[0].findingFieldsUpdate.workflow?.status).toBe('SUPPRESSED')
+    })
+  })
+  describe('CloudFormation Generation', () => {
+    it('should generate hub CloudFormation', () => {
+      const hub = manager.createBasicHub()
+      const cf = manager.generateHubCF(hub)
+      expect(cf.Type).toBe('AWS::SecurityHub::Hub')
+      expect(cf.Properties.ControlFindingGenerator).toBe('STANDARD_CONTROL')
+    })
+    it('should generate standard CloudFormation', () => {
+      const hub = manager.createComprehensiveHub()
+      const standard = hub.standards![0]
+      const cf = manager.generateStandardCF(standard)
+      expect(cf.Type).toBe('AWS::SecurityHub::Standard')
+      expect(cf.Properties.StandardsArn).toContain('aws-foundational-security-best-practices')
+    })
+    it('should generate automation rule CloudFormation', () => {
+      const rule = manager.createLowSeveritySuppressionRule()
+      const cf = manager.generateAutomationRuleCF(rule)
+      expect(cf.Type).toBe('AWS::SecurityHub::AutomationRule')
+      expect(cf.Properties.RuleName).toBe('Suppress Low Severity Informational Findings')
+      expect(cf.Properties.RuleStatus).toBe('ENABLED')
+    })
+  })
+  describe('Security Standards', () => {
+    it('should have AWS Foundational Security standard', () => {
+      const standard = SecurityHubManager.Standards.AWS_FOUNDATIONAL_SECURITY
+      expect(standard.name).toBe('AWS Foundational Security Best Practices')
+      expect(standard.arn).toContain('aws-foundational-security-best-practices')
+    })
+    it('should have CIS benchmarks', () => {
+      const cis14 = SecurityHubManager.Standards.CIS_AWS_FOUNDATIONS_1_4
+      expect(cis14.name).toContain('CIS')
+      expect(cis14.arn).toContain('cis-aws-foundations-benchmark')
+    })
+    it('should have PCI-DSS standard', () => {
+      const pci = SecurityHubManager.Standards.PCI_DSS
+      expect(pci.name).toContain('PCI DSS')
+      expect(pci.arn).toContain('pci-dss')
+    })
+  })
+})