npm - @stacksjs/ts-cloud-core - Versions diffs - 0.1.1 - Mend

@stacksjs/ts-cloud-core 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (251) hide show

package/LICENSE.md +21 -0
package/README.md +321 -0
package/package.json +31 -0
package/src/advanced-features.test.ts +465 -0
package/src/aws/cloudformation.ts +421 -0
package/src/aws/cloudfront.ts +158 -0
package/src/aws/credentials.test.ts +132 -0
package/src/aws/credentials.ts +545 -0
package/src/aws/index.ts +87 -0
package/src/aws/s3.test.ts +188 -0
package/src/aws/s3.ts +1088 -0
package/src/aws/signature.test.ts +670 -0
package/src/aws/signature.ts +1155 -0
package/src/backup/disaster-recovery.test.ts +726 -0
package/src/backup/disaster-recovery.ts +500 -0
package/src/backup/index.ts +34 -0
package/src/backup/manager.test.ts +498 -0
package/src/backup/manager.ts +432 -0
package/src/cicd/circleci.ts +430 -0
package/src/cicd/github-actions.ts +424 -0
package/src/cicd/gitlab-ci.ts +255 -0
package/src/cicd/index.ts +8 -0
package/src/cli/history.ts +396 -0
package/src/cli/index.ts +10 -0
package/src/cli/progress.ts +458 -0
package/src/cli/repl.ts +454 -0
package/src/cli/suggestions.ts +327 -0
package/src/cli/table.test.ts +319 -0
package/src/cli/table.ts +332 -0
package/src/cloudformation/builder.test.ts +327 -0
package/src/cloudformation/builder.ts +378 -0
package/src/cloudformation/builders/api-gateway.ts +449 -0
package/src/cloudformation/builders/cache.ts +334 -0
package/src/cloudformation/builders/cdn.ts +278 -0
package/src/cloudformation/builders/compute.ts +485 -0
package/src/cloudformation/builders/database.ts +392 -0
package/src/cloudformation/builders/functions.ts +343 -0
package/src/cloudformation/builders/messaging.ts +140 -0
package/src/cloudformation/builders/monitoring.ts +300 -0
package/src/cloudformation/builders/network.ts +264 -0
package/src/cloudformation/builders/queue.ts +147 -0
package/src/cloudformation/builders/security.ts +399 -0
package/src/cloudformation/builders/storage.ts +285 -0
package/src/cloudformation/index.ts +30 -0
package/src/cloudformation/types.ts +173 -0
package/src/compliance/aws-config.ts +543 -0
package/src/compliance/cloudtrail.ts +376 -0
package/src/compliance/compliance.test.ts +423 -0
package/src/compliance/guardduty.ts +446 -0
package/src/compliance/index.ts +66 -0
package/src/compliance/security-hub.ts +456 -0
package/src/containers/build-optimization.ts +416 -0
package/src/containers/containers.test.ts +508 -0
package/src/containers/image-scanning.ts +360 -0
package/src/containers/index.ts +9 -0
package/src/containers/registry.ts +293 -0
package/src/containers/service-mesh.ts +520 -0
package/src/database/database.test.ts +762 -0
package/src/database/index.ts +9 -0
package/src/database/migrations.ts +444 -0
package/src/database/performance.ts +528 -0
package/src/database/replicas.ts +534 -0
package/src/database/users.ts +494 -0
package/src/dependency-graph.ts +143 -0
package/src/deployment/ab-testing.ts +582 -0
package/src/deployment/blue-green.ts +452 -0
package/src/deployment/canary.ts +500 -0
package/src/deployment/deployment.test.ts +526 -0
package/src/deployment/index.ts +61 -0
package/src/deployment/progressive.ts +62 -0
package/src/dns/dns.test.ts +641 -0
package/src/dns/dnssec.ts +315 -0
package/src/dns/index.ts +8 -0
package/src/dns/resolver.ts +496 -0
package/src/dns/routing.ts +593 -0
package/src/email/advanced/analytics.ts +445 -0
package/src/email/advanced/index.ts +11 -0
package/src/email/advanced/rules.ts +465 -0
package/src/email/advanced/scheduling.ts +352 -0
package/src/email/advanced/search.ts +412 -0
package/src/email/advanced/shared-mailboxes.ts +404 -0
package/src/email/advanced/templates.ts +455 -0
package/src/email/advanced/threading.ts +281 -0
package/src/email/analytics.ts +467 -0
package/src/email/bounce-handling.ts +425 -0
package/src/email/email.test.ts +431 -0
package/src/email/handlers/__tests__/inbound.test.ts +38 -0
package/src/email/handlers/__tests__/outbound.test.ts +37 -0
package/src/email/handlers/converter.ts +227 -0
package/src/email/handlers/feedback.ts +228 -0
package/src/email/handlers/inbound.ts +169 -0
package/src/email/handlers/outbound.ts +178 -0
package/src/email/index.ts +15 -0
package/src/email/reputation.ts +303 -0
package/src/email/templates.ts +352 -0
package/src/errors/index.test.ts +434 -0
package/src/errors/index.ts +416 -0
package/src/health-checks/index.ts +40 -0
package/src/index.ts +360 -0
package/src/intrinsic-functions.ts +118 -0
package/src/lambda/concurrency.ts +330 -0
package/src/lambda/destinations.ts +345 -0
package/src/lambda/dlq.ts +425 -0
package/src/lambda/index.ts +11 -0
package/src/lambda/lambda.test.ts +840 -0
package/src/lambda/layers.ts +263 -0
package/src/lambda/versions.ts +376 -0
package/src/lambda/vpc.ts +399 -0
package/src/local/config.ts +114 -0
package/src/local/index.ts +6 -0
package/src/local/mock-aws.ts +351 -0
package/src/modules/ai.ts +340 -0
package/src/modules/api.ts +478 -0
package/src/modules/auth.ts +805 -0
package/src/modules/cache.ts +417 -0
package/src/modules/cdn.ts +1062 -0
package/src/modules/communication.ts +1094 -0
package/src/modules/compute.ts +3348 -0
package/src/modules/database.ts +554 -0
package/src/modules/deployment.ts +1079 -0
package/src/modules/dns.ts +337 -0
package/src/modules/email.ts +1538 -0
package/src/modules/filesystem.ts +515 -0
package/src/modules/index.ts +32 -0
package/src/modules/messaging.ts +486 -0
package/src/modules/monitoring.ts +2086 -0
package/src/modules/network.ts +664 -0
package/src/modules/parameter-store.ts +325 -0
package/src/modules/permissions.ts +1081 -0
package/src/modules/phone.ts +494 -0
package/src/modules/queue.ts +1260 -0
package/src/modules/redirects.ts +464 -0
package/src/modules/registry.ts +699 -0
package/src/modules/search.ts +401 -0
package/src/modules/secrets.ts +416 -0
package/src/modules/security.ts +731 -0
package/src/modules/sms.ts +389 -0
package/src/modules/storage.ts +1120 -0
package/src/modules/workflow.ts +680 -0
package/src/multi-account/config.ts +521 -0
package/src/multi-account/index.ts +7 -0
package/src/multi-account/manager.ts +427 -0
package/src/multi-region/cross-region.ts +410 -0
package/src/multi-region/index.ts +8 -0
package/src/multi-region/manager.ts +483 -0
package/src/multi-region/regions.ts +435 -0
package/src/network-security/index.ts +48 -0
package/src/observability/index.ts +9 -0
package/src/observability/logs.ts +522 -0
package/src/observability/metrics.ts +460 -0
package/src/observability/observability.test.ts +782 -0
package/src/observability/synthetics.ts +568 -0
package/src/observability/xray.ts +358 -0
package/src/phone/advanced/analytics.ts +349 -0
package/src/phone/advanced/callbacks.ts +428 -0
package/src/phone/advanced/index.ts +8 -0
package/src/phone/advanced/ivr-builder.ts +504 -0
package/src/phone/advanced/recording.ts +310 -0
package/src/phone/handlers/__tests__/incoming-call.test.ts +40 -0
package/src/phone/handlers/incoming-call.ts +117 -0
package/src/phone/handlers/missed-call.ts +116 -0
package/src/phone/handlers/voicemail.ts +179 -0
package/src/phone/index.ts +9 -0
package/src/presets/api-backend.ts +134 -0
package/src/presets/data-pipeline.ts +204 -0
package/src/presets/extend.test.ts +295 -0
package/src/presets/extend.ts +297 -0
package/src/presets/fullstack-app.ts +144 -0
package/src/presets/index.ts +27 -0
package/src/presets/jamstack.ts +135 -0
package/src/presets/microservices.ts +167 -0
package/src/presets/ml-api.ts +208 -0
package/src/presets/nodejs-server.ts +104 -0
package/src/presets/nodejs-serverless.ts +114 -0
package/src/presets/realtime-app.ts +184 -0
package/src/presets/static-site.ts +64 -0
package/src/presets/traditional-web-app.ts +339 -0
package/src/presets/wordpress.ts +138 -0
package/src/preview/github.test.ts +249 -0
package/src/preview/github.ts +297 -0
package/src/preview/index.ts +37 -0
package/src/preview/manager.test.ts +440 -0
package/src/preview/manager.ts +326 -0
package/src/preview/notifications.test.ts +582 -0
package/src/preview/notifications.ts +341 -0
package/src/queue/batch-processing.ts +402 -0
package/src/queue/dlq-monitoring.ts +402 -0
package/src/queue/fifo.ts +342 -0
package/src/queue/index.ts +9 -0
package/src/queue/management.ts +428 -0
package/src/queue/queue.test.ts +429 -0
package/src/resource-mgmt/index.ts +39 -0
package/src/resource-naming.ts +62 -0
package/src/s3/index.ts +523 -0
package/src/schema/cloud-config.schema.json +554 -0
package/src/schema/index.ts +68 -0
package/src/security/certificate-manager.ts +492 -0
package/src/security/index.ts +9 -0
package/src/security/scanning.ts +545 -0
package/src/security/secrets-manager.ts +476 -0
package/src/security/secrets-rotation.ts +456 -0
package/src/security/security.test.ts +738 -0
package/src/sms/advanced/ab-testing.ts +389 -0
package/src/sms/advanced/analytics.ts +336 -0
package/src/sms/advanced/campaigns.ts +523 -0
package/src/sms/advanced/chatbot.ts +224 -0
package/src/sms/advanced/index.ts +10 -0
package/src/sms/advanced/link-tracking.ts +248 -0
package/src/sms/advanced/mms.ts +308 -0
package/src/sms/handlers/__tests__/send.test.ts +40 -0
package/src/sms/handlers/delivery-status.ts +133 -0
package/src/sms/handlers/receive.ts +162 -0
package/src/sms/handlers/send.ts +174 -0
package/src/sms/index.ts +9 -0
package/src/stack-diff.ts +389 -0
package/src/static-site/index.ts +85 -0
package/src/template-builder.ts +110 -0
package/src/template-validator.ts +574 -0
package/src/utils/cache.ts +291 -0
package/src/utils/diff.ts +269 -0
package/src/utils/hash.ts +227 -0
package/src/utils/index.ts +8 -0
package/src/utils/parallel.ts +294 -0
package/src/validators/credentials.test.ts +274 -0
package/src/validators/credentials.ts +233 -0
package/src/validators/quotas.test.ts +434 -0
package/src/validators/quotas.ts +217 -0
package/test/ai.test.ts +327 -0
package/test/api.test.ts +511 -0
package/test/auth.test.ts +632 -0
package/test/cache.test.ts +406 -0
package/test/cdn.test.ts +247 -0
package/test/compute.test.ts +861 -0
package/test/database.test.ts +523 -0
package/test/deployment.test.ts +499 -0
package/test/dns.test.ts +270 -0
package/test/email.test.ts +439 -0
package/test/filesystem.test.ts +382 -0
package/test/integration.test.ts +350 -0
package/test/messaging.test.ts +514 -0
package/test/monitoring.test.ts +634 -0
package/test/network.test.ts +425 -0
package/test/permissions.test.ts +488 -0
package/test/queue.test.ts +484 -0
package/test/registry.test.ts +306 -0
package/test/security.test.ts +462 -0
package/test/storage.test.ts +463 -0
package/test/template-validator.test.ts +559 -0
package/test/workflow.test.ts +592 -0
package/tsconfig.json +16 -0
package/tsconfig.tsbuildinfo +1 -0

package/src/aws/signature.test.ts ADDED Viewed

@@ -0,0 +1,670 @@
+/**
+ * AWS Signature V4 Tests
+ */
+import { describe, expect, it } from 'bun:test'
+import {
+  signRequest,
+  signRequestAsync,
+  detectServiceRegion,
+  createPresignedUrl,
+  createPresignedUrlAsync,
+  isNodeCryptoAvailable,
+  isWebCryptoAvailable,
+} from './signature'
+describe('AWS Signature V4', () => {
+  const testOptions = {
+    accessKeyId: 'AKIAIOSFODNN7EXAMPLE',
+    secretAccessKey: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
+  }
+  it('should sign a GET request', () => {
+    const signed = signRequest({
+      method: 'GET',
+      url: 'https://s3.us-east-1.amazonaws.com/examplebucket',
+      service: 's3',
+      region: 'us-east-1',
+      ...testOptions,
+    })
+    expect(signed.headers['authorization']).toBeDefined()
+    expect(signed.headers['x-amz-date']).toBeDefined()
+    expect(signed.headers['authorization']).toContain('AWS4-HMAC-SHA256')
+    expect(signed.headers['authorization']).toContain('Credential=')
+    expect(signed.headers['authorization']).toContain('SignedHeaders=')
+    expect(signed.headers['authorization']).toContain('Signature=')
+  })
+  it('should sign a POST request with body', () => {
+    const body = JSON.stringify({ key: 'value' })
+    const signed = signRequest({
+      method: 'POST',
+      url: 'https://dynamodb.us-east-1.amazonaws.com/',
+      service: 'dynamodb',
+      region: 'us-east-1',
+      ...testOptions,
+      body,
+      headers: {
+        'content-type': 'application/x-amz-json-1.0',
+      },
+    })
+    expect(signed.headers['authorization']).toBeDefined()
+    expect(signed.headers['x-amz-date']).toBeDefined()
+    expect(signed.headers['content-type']).toBe('application/x-amz-json-1.0')
+    expect(signed.body).toBe(body)
+  })
+  it('should include session token if provided', () => {
+    const signed = signRequest({
+      method: 'GET',
+      url: 'https://s3.us-east-1.amazonaws.com/bucket',
+      service: 's3',
+      region: 'us-east-1',
+      ...testOptions,
+      sessionToken: 'FwoGZXIvYXdzEBYaDCx3T3A...EXAMPLE',
+    })
+    expect(signed.headers['x-amz-security-token']).toBe('FwoGZXIvYXdzEBYaDCx3T3A...EXAMPLE')
+  })
+  it('should handle query parameters in URL', () => {
+    const signed = signRequest({
+      method: 'GET',
+      url: 'https://s3.us-east-1.amazonaws.com/bucket?prefix=test&max-keys=10',
+      service: 's3',
+      region: 'us-east-1',
+      ...testOptions,
+    })
+    expect(signed.headers['authorization']).toBeDefined()
+    expect(signed.url).toContain('prefix=test')
+    expect(signed.url).toContain('max-keys=10')
+  })
+  it('should preserve custom headers', () => {
+    const signed = signRequest({
+      method: 'GET',
+      url: 'https://s3.us-east-1.amazonaws.com/bucket',
+      service: 's3',
+      region: 'us-east-1',
+      ...testOptions,
+      headers: {
+        'x-custom-header': 'custom-value',
+      },
+    })
+    expect(signed.headers['x-custom-header']).toBe('custom-value')
+    expect(signed.headers['authorization']).toBeDefined()
+  })
+  it('should use correct service in signature', () => {
+    const signed = signRequest({
+      method: 'POST',
+      url: 'https://cloudformation.us-east-1.amazonaws.com/',
+      service: 'cloudformation',
+      region: 'us-east-1',
+      ...testOptions,
+    })
+    expect(signed.headers['authorization']).toContain('cloudformation')
+  })
+  it('should use correct region in signature', () => {
+    const signed = signRequest({
+      method: 'GET',
+      url: 'https://s3.eu-west-1.amazonaws.com/bucket',
+      service: 's3',
+      region: 'eu-west-1',
+      ...testOptions,
+    })
+    expect(signed.headers['authorization']).toContain('eu-west-1')
+  })
+  it('should generate different signatures for different requests', () => {
+    const signed1 = signRequest({
+      method: 'GET',
+      url: 'https://s3.us-east-1.amazonaws.com/bucket1',
+      service: 's3',
+      region: 'us-east-1',
+      ...testOptions,
+    })
+    const signed2 = signRequest({
+      method: 'GET',
+      url: 'https://s3.us-east-1.amazonaws.com/bucket2',
+      service: 's3',
+      region: 'us-east-1',
+      ...testOptions,
+    })
+    expect(signed1.headers['authorization']).not.toBe(signed2.headers['authorization'])
+  })
+  it('should handle empty body', () => {
+    const signed = signRequest({
+      method: 'POST',
+      url: 'https://cloudformation.us-east-1.amazonaws.com/',
+      service: 'cloudformation',
+      region: 'us-east-1',
+      ...testOptions,
+    })
+    expect(signed.headers['authorization']).toBeDefined()
+  })
+  it('should format timestamp correctly', () => {
+    const signed = signRequest({
+      method: 'GET',
+      url: 'https://s3.us-east-1.amazonaws.com/bucket',
+      service: 's3',
+      region: 'us-east-1',
+      ...testOptions,
+    })
+    // x-amz-date should be in format: YYYYMMDDTHHMMSSZ
+    expect(signed.headers['x-amz-date']).toMatch(/^\d{8}T\d{6}Z$/)
+  })
+})
+describe('Service Auto-Detection', () => {
+  it('should detect S3 service and region', () => {
+    const result = detectServiceRegion('https://s3.us-west-2.amazonaws.com/bucket')
+    expect(result.service).toBe('s3')
+    expect(result.region).toBe('us-west-2')
+  })
+  it('should detect DynamoDB service and region', () => {
+    const result = detectServiceRegion('https://dynamodb.eu-west-1.amazonaws.com/')
+    expect(result.service).toBe('dynamodb')
+    expect(result.region).toBe('eu-west-1')
+  })
+  it('should detect CloudFormation service and region', () => {
+    const result = detectServiceRegion('https://cloudformation.ap-northeast-1.amazonaws.com/')
+    expect(result.service).toBe('cloudformation')
+    expect(result.region).toBe('ap-northeast-1')
+  })
+  it('should detect Lambda service and region', () => {
+    const result = detectServiceRegion('https://lambda.us-east-1.amazonaws.com/')
+    expect(result.service).toBe('lambda')
+    expect(result.region).toBe('us-east-1')
+  })
+  it('should detect STS service and region', () => {
+    const result = detectServiceRegion('https://sts.us-east-1.amazonaws.com/')
+    expect(result.service).toBe('sts')
+    expect(result.region).toBe('us-east-1')
+  })
+  it('should handle global S3 endpoint', () => {
+    const result = detectServiceRegion('https://s3.amazonaws.com/bucket')
+    expect(result.service).toBe('s3')
+    expect(result.region).toBe('us-east-1')
+  })
+  it('should handle S3 accelerate endpoint', () => {
+    const result = detectServiceRegion('https://bucket.s3-accelerate.amazonaws.com/')
+    expect(result.service).toBe('s3')
+  })
+  it('should detect Lambda function URL', () => {
+    const result = detectServiceRegion('https://abc123.lambda-url.us-east-1.on.aws/')
+    expect(result.service).toBe('lambda')
+    expect(result.region).toBe('us-east-1')
+  })
+  it('should detect Cloudflare R2', () => {
+    const result = detectServiceRegion('https://account.r2.cloudflarestorage.com/bucket')
+    expect(result.service).toBe('s3')
+    expect(result.region).toBe('auto')
+  })
+  it('should detect Backblaze B2', () => {
+    const result = detectServiceRegion('https://s3.us-west-004.backblazeb2.com/bucket')
+    expect(result.service).toBe('s3')
+    expect(result.region).toBe('us-west-004')
+  })
+  it('should handle dualstack endpoints', () => {
+    const result = detectServiceRegion('https://s3.dualstack.us-west-2.amazonaws.com/bucket')
+    expect(result.service).toBe('s3')
+    expect(result.region).toBe('us-west-2')
+  })
+  it('should handle us-gov region', () => {
+    const result = detectServiceRegion('https://s3.us-gov.amazonaws.com/bucket')
+    expect(result.service).toBe('s3')
+    expect(result.region).toBe('us-gov-west-1')
+  })
+  it('should map special service names', () => {
+    const result = detectServiceRegion('https://email.us-east-1.amazonaws.com/')
+    expect(result.service).toBe('ses')
+  })
+  it('should auto-detect when signing without explicit service/region', () => {
+    const testOptions = {
+      accessKeyId: 'AKIAIOSFODNN7EXAMPLE',
+      secretAccessKey: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
+    }
+    const signed = signRequest({
+      method: 'GET',
+      url: 'https://s3.us-west-2.amazonaws.com/bucket/key',
+      ...testOptions,
+    })
+    expect(signed.headers['authorization']).toContain('us-west-2')
+    expect(signed.headers['authorization']).toContain('s3')
+  })
+})
+describe('Query String Signing (Presigned URLs)', () => {
+  const testOptions = {
+    accessKeyId: 'AKIAIOSFODNN7EXAMPLE',
+    secretAccessKey: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
+  }
+  it('should sign request using query string', () => {
+    const signed = signRequest({
+      method: 'GET',
+      url: 'https://s3.us-east-1.amazonaws.com/bucket/key',
+      service: 's3',
+      region: 'us-east-1',
+      ...testOptions,
+      signQuery: true,
+    })
+    // Should have signature in URL, not headers
+    expect(signed.url).toContain('X-Amz-Signature=')
+    expect(signed.url).toContain('X-Amz-Algorithm=AWS4-HMAC-SHA256')
+    expect(signed.url).toContain('X-Amz-Credential=')
+    expect(signed.url).toContain('X-Amz-Date=')
+    expect(signed.url).toContain('X-Amz-Expires=')
+    expect(signed.url).toContain('X-Amz-SignedHeaders=host')
+    expect(signed.headers['authorization']).toBeUndefined()
+  })
+  it('should include session token in query string', () => {
+    const signed = signRequest({
+      method: 'GET',
+      url: 'https://s3.us-east-1.amazonaws.com/bucket/key',
+      service: 's3',
+      region: 'us-east-1',
+      ...testOptions,
+      sessionToken: 'SESSION_TOKEN_EXAMPLE',
+      signQuery: true,
+    })
+    expect(signed.url).toContain('X-Amz-Security-Token=SESSION_TOKEN_EXAMPLE')
+  })
+  it('should respect custom expiration time', () => {
+    const signed = signRequest({
+      method: 'GET',
+      url: 'https://s3.us-east-1.amazonaws.com/bucket/key',
+      service: 's3',
+      region: 'us-east-1',
+      ...testOptions,
+      signQuery: true,
+      expiresIn: 3600,
+    })
+    expect(signed.url).toContain('X-Amz-Expires=3600')
+  })
+  it('should use default expiration of 24 hours', () => {
+    const signed = signRequest({
+      method: 'GET',
+      url: 'https://s3.us-east-1.amazonaws.com/bucket/key',
+      service: 's3',
+      region: 'us-east-1',
+      ...testOptions,
+      signQuery: true,
+    })
+    expect(signed.url).toContain('X-Amz-Expires=86400')
+  })
+  it('should add UNSIGNED-PAYLOAD for S3', () => {
+    const signed = signRequest({
+      method: 'GET',
+      url: 'https://s3.us-east-1.amazonaws.com/bucket/key',
+      service: 's3',
+      region: 'us-east-1',
+      ...testOptions,
+      signQuery: true,
+    })
+    expect(signed.url).toContain('X-Amz-Content-Sha256=UNSIGNED-PAYLOAD')
+  })
+})
+describe('createPresignedUrl', () => {
+  const testOptions = {
+    accessKeyId: 'AKIAIOSFODNN7EXAMPLE',
+    secretAccessKey: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
+  }
+  it('should create a presigned URL for S3 GET', () => {
+    const url = createPresignedUrl({
+      url: 'https://s3.us-east-1.amazonaws.com/bucket/key.txt',
+      ...testOptions,
+    })
+    expect(url).toContain('X-Amz-Signature=')
+    expect(url).toContain('bucket/key.txt')
+  })
+  it('should create a presigned URL for S3 PUT', () => {
+    const url = createPresignedUrl({
+      url: 'https://s3.us-east-1.amazonaws.com/bucket/upload.txt',
+      method: 'PUT',
+      ...testOptions,
+    })
+    expect(url).toContain('X-Amz-Signature=')
+  })
+  it('should use custom expiration', () => {
+    const url = createPresignedUrl({
+      url: 'https://s3.us-east-1.amazonaws.com/bucket/key',
+      expiresIn: 300, // 5 minutes
+      ...testOptions,
+    })
+    expect(url).toContain('X-Amz-Expires=300')
+  })
+  it('should clamp expiration to max 7 days', () => {
+    const url = createPresignedUrl({
+      url: 'https://s3.us-east-1.amazonaws.com/bucket/key',
+      expiresIn: 999999999, // Way more than 7 days
+      ...testOptions,
+    })
+    expect(url).toContain('X-Amz-Expires=604800') // 7 days in seconds
+  })
+  it('should auto-detect service and region', () => {
+    const url = createPresignedUrl({
+      url: 'https://s3.eu-west-1.amazonaws.com/bucket/key',
+      ...testOptions,
+    })
+    expect(url).toContain('eu-west-1')
+    expect(url).toContain('s3')
+  })
+  it('should work with special characters in key', () => {
+    const url = createPresignedUrl({
+      url: 'https://s3.us-east-1.amazonaws.com/bucket/path/to/file with spaces.txt',
+      ...testOptions,
+    })
+    expect(url).toContain('X-Amz-Signature=')
+    // URL should be properly encoded
+    expect(url).toContain('file%20with%20spaces.txt')
+  })
+})
+describe('Retry Logic', () => {
+  // Note: These are unit tests for the retry logic structure
+  // Integration tests would require mocking fetch
+  it('should support retry options in signature options', () => {
+    // This test verifies the types compile correctly
+    const options = {
+      method: 'GET',
+      url: 'https://s3.us-east-1.amazonaws.com/bucket',
+      service: 's3',
+      region: 'us-east-1',
+      accessKeyId: 'AKIAIOSFODNN7EXAMPLE',
+      secretAccessKey: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
+    }
+    // Should compile and work
+    const signed = signRequest(options)
+    expect(signed.headers['authorization']).toBeDefined()
+  })
+})
+describe('Custom DateTime', () => {
+  const testOptions = {
+    accessKeyId: 'AKIAIOSFODNN7EXAMPLE',
+    secretAccessKey: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
+  }
+  it('should use custom datetime when provided', () => {
+    const customDatetime = '20240101T120000Z'
+    const signed = signRequest({
+      method: 'GET',
+      url: 'https://s3.us-east-1.amazonaws.com/bucket',
+      service: 's3',
+      region: 'us-east-1',
+      ...testOptions,
+      datetime: customDatetime,
+    })
+    expect(signed.headers['x-amz-date']).toBe(customDatetime)
+    expect(signed.headers['authorization']).toContain('20240101')
+  })
+  it('should use custom datetime in async version', async () => {
+    const customDatetime = '20240101T120000Z'
+    const signed = await signRequestAsync({
+      method: 'GET',
+      url: 'https://s3.us-east-1.amazonaws.com/bucket',
+      service: 's3',
+      region: 'us-east-1',
+      ...testOptions,
+      datetime: customDatetime,
+    })
+    expect(signed.headers['x-amz-date']).toBe(customDatetime)
+    expect(signed.headers['authorization']).toContain('20240101')
+  })
+  it('should produce identical signatures with same datetime', () => {
+    const customDatetime = '20240615T143000Z'
+    const signed1 = signRequest({
+      method: 'GET',
+      url: 'https://s3.us-east-1.amazonaws.com/bucket/key',
+      service: 's3',
+      region: 'us-east-1',
+      ...testOptions,
+      datetime: customDatetime,
+    })
+    const signed2 = signRequest({
+      method: 'GET',
+      url: 'https://s3.us-east-1.amazonaws.com/bucket/key',
+      service: 's3',
+      region: 'us-east-1',
+      ...testOptions,
+      datetime: customDatetime,
+    })
+    // Same datetime should produce identical signatures
+    expect(signed1.headers['authorization']).toBe(signed2.headers['authorization'])
+  })
+  it('should produce different signatures with different datetimes', () => {
+    const signed1 = signRequest({
+      method: 'GET',
+      url: 'https://s3.us-east-1.amazonaws.com/bucket/key',
+      service: 's3',
+      region: 'us-east-1',
+      ...testOptions,
+      datetime: '20240101T120000Z',
+    })
+    const signed2 = signRequest({
+      method: 'GET',
+      url: 'https://s3.us-east-1.amazonaws.com/bucket/key',
+      service: 's3',
+      region: 'us-east-1',
+      ...testOptions,
+      datetime: '20240102T120000Z',
+    })
+    expect(signed1.headers['authorization']).not.toBe(signed2.headers['authorization'])
+  })
+})
+describe('Request Timeout', () => {
+  it('should support timeout option in retry options', () => {
+    // This verifies the type compiles correctly
+    const retryOptions = {
+      maxRetries: 3,
+      timeoutMs: 5000,
+    }
+    expect(retryOptions.timeoutMs).toBe(5000)
+  })
+})
+describe('Browser Compatibility (Async Functions)', () => {
+  const testOptions = {
+    accessKeyId: 'AKIAIOSFODNN7EXAMPLE',
+    secretAccessKey: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
+  }
+  it('should detect Node.js crypto availability', () => {
+    // In Bun/Node.js, this should be true
+    expect(isNodeCryptoAvailable()).toBe(true)
+  })
+  it('should detect Web Crypto API availability', () => {
+    // In Bun/Node.js 15+, this should be true
+    expect(isWebCryptoAvailable()).toBe(true)
+  })
+  it('should sign a GET request async', async () => {
+    const signed = await signRequestAsync({
+      method: 'GET',
+      url: 'https://s3.us-east-1.amazonaws.com/examplebucket',
+      service: 's3',
+      region: 'us-east-1',
+      ...testOptions,
+    })
+    expect(signed.headers['authorization']).toBeDefined()
+    expect(signed.headers['x-amz-date']).toBeDefined()
+    expect(signed.headers['authorization']).toContain('AWS4-HMAC-SHA256')
+    expect(signed.headers['authorization']).toContain('Credential=')
+    expect(signed.headers['authorization']).toContain('SignedHeaders=')
+    expect(signed.headers['authorization']).toContain('Signature=')
+  })
+  it('should sign a POST request with body async', async () => {
+    const body = JSON.stringify({ key: 'value' })
+    const signed = await signRequestAsync({
+      method: 'POST',
+      url: 'https://dynamodb.us-east-1.amazonaws.com/',
+      service: 'dynamodb',
+      region: 'us-east-1',
+      ...testOptions,
+      body,
+      headers: {
+        'content-type': 'application/x-amz-json-1.0',
+      },
+    })
+    expect(signed.headers['authorization']).toBeDefined()
+    expect(signed.headers['x-amz-date']).toBeDefined()
+    expect(signed.headers['content-type']).toBe('application/x-amz-json-1.0')
+    expect(signed.body).toBe(body)
+  })
+  it('should include session token async', async () => {
+    const signed = await signRequestAsync({
+      method: 'GET',
+      url: 'https://s3.us-east-1.amazonaws.com/bucket',
+      service: 's3',
+      region: 'us-east-1',
+      ...testOptions,
+      sessionToken: 'FwoGZXIvYXdzEBYaDCx3T3A...EXAMPLE',
+    })
+    expect(signed.headers['x-amz-security-token']).toBe('FwoGZXIvYXdzEBYaDCx3T3A...EXAMPLE')
+  })
+  it('should auto-detect service and region async', async () => {
+    const signed = await signRequestAsync({
+      method: 'GET',
+      url: 'https://s3.us-west-2.amazonaws.com/bucket/key',
+      ...testOptions,
+    })
+    expect(signed.headers['authorization']).toContain('us-west-2')
+    expect(signed.headers['authorization']).toContain('s3')
+  })
+  it('should create presigned URL async', async () => {
+    const url = await createPresignedUrlAsync({
+      url: 'https://s3.us-east-1.amazonaws.com/bucket/key.txt',
+      ...testOptions,
+    })
+    expect(url).toContain('X-Amz-Signature=')
+    expect(url).toContain('bucket/key.txt')
+  })
+  it('should create presigned URL with custom expiration async', async () => {
+    const url = await createPresignedUrlAsync({
+      url: 'https://s3.us-east-1.amazonaws.com/bucket/key',
+      expiresIn: 300, // 5 minutes
+      ...testOptions,
+    })
+    expect(url).toContain('X-Amz-Expires=300')
+  })
+  it('should produce same signature as sync version', async () => {
+    // Use a fixed timestamp to compare (by using the same request params)
+    const baseOptions = {
+      method: 'GET',
+      url: 'https://s3.us-east-1.amazonaws.com/bucket/key',
+      service: 's3',
+      region: 'us-east-1',
+      ...testOptions,
+    }
+    const syncSigned = signRequest(baseOptions)
+    const asyncSigned = await signRequestAsync(baseOptions)
+    // Both should have valid signatures (different due to timestamp)
+    expect(syncSigned.headers['authorization']).toContain('AWS4-HMAC-SHA256')
+    expect(asyncSigned.headers['authorization']).toContain('AWS4-HMAC-SHA256')
+    expect(syncSigned.headers['authorization']).toContain('Credential=AKIAIOSFODNN7EXAMPLE')
+    expect(asyncSigned.headers['authorization']).toContain('Credential=AKIAIOSFODNN7EXAMPLE')
+  })
+  it('should sign with query string async', async () => {
+    const signed = await signRequestAsync({
+      method: 'GET',
+      url: 'https://s3.us-east-1.amazonaws.com/bucket/key',
+      service: 's3',
+      region: 'us-east-1',
+      ...testOptions,
+      signQuery: true,
+    })
+    expect(signed.url).toContain('X-Amz-Signature=')
+    expect(signed.url).toContain('X-Amz-Algorithm=AWS4-HMAC-SHA256')
+    expect(signed.url).toContain('X-Amz-Credential=')
+    expect(signed.url).toContain('X-Amz-Date=')
+    expect(signed.url).toContain('X-Amz-Expires=')
+    expect(signed.headers['authorization']).toBeUndefined()
+  })
+})