npm - @stacksjs/ts-cloud-core - Versions diffs - 0.1.1 - Mend

@stacksjs/ts-cloud-core 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (251) hide show

package/LICENSE.md +21 -0
package/README.md +321 -0
package/package.json +31 -0
package/src/advanced-features.test.ts +465 -0
package/src/aws/cloudformation.ts +421 -0
package/src/aws/cloudfront.ts +158 -0
package/src/aws/credentials.test.ts +132 -0
package/src/aws/credentials.ts +545 -0
package/src/aws/index.ts +87 -0
package/src/aws/s3.test.ts +188 -0
package/src/aws/s3.ts +1088 -0
package/src/aws/signature.test.ts +670 -0
package/src/aws/signature.ts +1155 -0
package/src/backup/disaster-recovery.test.ts +726 -0
package/src/backup/disaster-recovery.ts +500 -0
package/src/backup/index.ts +34 -0
package/src/backup/manager.test.ts +498 -0
package/src/backup/manager.ts +432 -0
package/src/cicd/circleci.ts +430 -0
package/src/cicd/github-actions.ts +424 -0
package/src/cicd/gitlab-ci.ts +255 -0
package/src/cicd/index.ts +8 -0
package/src/cli/history.ts +396 -0
package/src/cli/index.ts +10 -0
package/src/cli/progress.ts +458 -0
package/src/cli/repl.ts +454 -0
package/src/cli/suggestions.ts +327 -0
package/src/cli/table.test.ts +319 -0
package/src/cli/table.ts +332 -0
package/src/cloudformation/builder.test.ts +327 -0
package/src/cloudformation/builder.ts +378 -0
package/src/cloudformation/builders/api-gateway.ts +449 -0
package/src/cloudformation/builders/cache.ts +334 -0
package/src/cloudformation/builders/cdn.ts +278 -0
package/src/cloudformation/builders/compute.ts +485 -0
package/src/cloudformation/builders/database.ts +392 -0
package/src/cloudformation/builders/functions.ts +343 -0
package/src/cloudformation/builders/messaging.ts +140 -0
package/src/cloudformation/builders/monitoring.ts +300 -0
package/src/cloudformation/builders/network.ts +264 -0
package/src/cloudformation/builders/queue.ts +147 -0
package/src/cloudformation/builders/security.ts +399 -0
package/src/cloudformation/builders/storage.ts +285 -0
package/src/cloudformation/index.ts +30 -0
package/src/cloudformation/types.ts +173 -0
package/src/compliance/aws-config.ts +543 -0
package/src/compliance/cloudtrail.ts +376 -0
package/src/compliance/compliance.test.ts +423 -0
package/src/compliance/guardduty.ts +446 -0
package/src/compliance/index.ts +66 -0
package/src/compliance/security-hub.ts +456 -0
package/src/containers/build-optimization.ts +416 -0
package/src/containers/containers.test.ts +508 -0
package/src/containers/image-scanning.ts +360 -0
package/src/containers/index.ts +9 -0
package/src/containers/registry.ts +293 -0
package/src/containers/service-mesh.ts +520 -0
package/src/database/database.test.ts +762 -0
package/src/database/index.ts +9 -0
package/src/database/migrations.ts +444 -0
package/src/database/performance.ts +528 -0
package/src/database/replicas.ts +534 -0
package/src/database/users.ts +494 -0
package/src/dependency-graph.ts +143 -0
package/src/deployment/ab-testing.ts +582 -0
package/src/deployment/blue-green.ts +452 -0
package/src/deployment/canary.ts +500 -0
package/src/deployment/deployment.test.ts +526 -0
package/src/deployment/index.ts +61 -0
package/src/deployment/progressive.ts +62 -0
package/src/dns/dns.test.ts +641 -0
package/src/dns/dnssec.ts +315 -0
package/src/dns/index.ts +8 -0
package/src/dns/resolver.ts +496 -0
package/src/dns/routing.ts +593 -0
package/src/email/advanced/analytics.ts +445 -0
package/src/email/advanced/index.ts +11 -0
package/src/email/advanced/rules.ts +465 -0
package/src/email/advanced/scheduling.ts +352 -0
package/src/email/advanced/search.ts +412 -0
package/src/email/advanced/shared-mailboxes.ts +404 -0
package/src/email/advanced/templates.ts +455 -0
package/src/email/advanced/threading.ts +281 -0
package/src/email/analytics.ts +467 -0
package/src/email/bounce-handling.ts +425 -0
package/src/email/email.test.ts +431 -0
package/src/email/handlers/__tests__/inbound.test.ts +38 -0
package/src/email/handlers/__tests__/outbound.test.ts +37 -0
package/src/email/handlers/converter.ts +227 -0
package/src/email/handlers/feedback.ts +228 -0
package/src/email/handlers/inbound.ts +169 -0
package/src/email/handlers/outbound.ts +178 -0
package/src/email/index.ts +15 -0
package/src/email/reputation.ts +303 -0
package/src/email/templates.ts +352 -0
package/src/errors/index.test.ts +434 -0
package/src/errors/index.ts +416 -0
package/src/health-checks/index.ts +40 -0
package/src/index.ts +360 -0
package/src/intrinsic-functions.ts +118 -0
package/src/lambda/concurrency.ts +330 -0
package/src/lambda/destinations.ts +345 -0
package/src/lambda/dlq.ts +425 -0
package/src/lambda/index.ts +11 -0
package/src/lambda/lambda.test.ts +840 -0
package/src/lambda/layers.ts +263 -0
package/src/lambda/versions.ts +376 -0
package/src/lambda/vpc.ts +399 -0
package/src/local/config.ts +114 -0
package/src/local/index.ts +6 -0
package/src/local/mock-aws.ts +351 -0
package/src/modules/ai.ts +340 -0
package/src/modules/api.ts +478 -0
package/src/modules/auth.ts +805 -0
package/src/modules/cache.ts +417 -0
package/src/modules/cdn.ts +1062 -0
package/src/modules/communication.ts +1094 -0
package/src/modules/compute.ts +3348 -0
package/src/modules/database.ts +554 -0
package/src/modules/deployment.ts +1079 -0
package/src/modules/dns.ts +337 -0
package/src/modules/email.ts +1538 -0
package/src/modules/filesystem.ts +515 -0
package/src/modules/index.ts +32 -0
package/src/modules/messaging.ts +486 -0
package/src/modules/monitoring.ts +2086 -0
package/src/modules/network.ts +664 -0
package/src/modules/parameter-store.ts +325 -0
package/src/modules/permissions.ts +1081 -0
package/src/modules/phone.ts +494 -0
package/src/modules/queue.ts +1260 -0
package/src/modules/redirects.ts +464 -0
package/src/modules/registry.ts +699 -0
package/src/modules/search.ts +401 -0
package/src/modules/secrets.ts +416 -0
package/src/modules/security.ts +731 -0
package/src/modules/sms.ts +389 -0
package/src/modules/storage.ts +1120 -0
package/src/modules/workflow.ts +680 -0
package/src/multi-account/config.ts +521 -0
package/src/multi-account/index.ts +7 -0
package/src/multi-account/manager.ts +427 -0
package/src/multi-region/cross-region.ts +410 -0
package/src/multi-region/index.ts +8 -0
package/src/multi-region/manager.ts +483 -0
package/src/multi-region/regions.ts +435 -0
package/src/network-security/index.ts +48 -0
package/src/observability/index.ts +9 -0
package/src/observability/logs.ts +522 -0
package/src/observability/metrics.ts +460 -0
package/src/observability/observability.test.ts +782 -0
package/src/observability/synthetics.ts +568 -0
package/src/observability/xray.ts +358 -0
package/src/phone/advanced/analytics.ts +349 -0
package/src/phone/advanced/callbacks.ts +428 -0
package/src/phone/advanced/index.ts +8 -0
package/src/phone/advanced/ivr-builder.ts +504 -0
package/src/phone/advanced/recording.ts +310 -0
package/src/phone/handlers/__tests__/incoming-call.test.ts +40 -0
package/src/phone/handlers/incoming-call.ts +117 -0
package/src/phone/handlers/missed-call.ts +116 -0
package/src/phone/handlers/voicemail.ts +179 -0
package/src/phone/index.ts +9 -0
package/src/presets/api-backend.ts +134 -0
package/src/presets/data-pipeline.ts +204 -0
package/src/presets/extend.test.ts +295 -0
package/src/presets/extend.ts +297 -0
package/src/presets/fullstack-app.ts +144 -0
package/src/presets/index.ts +27 -0
package/src/presets/jamstack.ts +135 -0
package/src/presets/microservices.ts +167 -0
package/src/presets/ml-api.ts +208 -0
package/src/presets/nodejs-server.ts +104 -0
package/src/presets/nodejs-serverless.ts +114 -0
package/src/presets/realtime-app.ts +184 -0
package/src/presets/static-site.ts +64 -0
package/src/presets/traditional-web-app.ts +339 -0
package/src/presets/wordpress.ts +138 -0
package/src/preview/github.test.ts +249 -0
package/src/preview/github.ts +297 -0
package/src/preview/index.ts +37 -0
package/src/preview/manager.test.ts +440 -0
package/src/preview/manager.ts +326 -0
package/src/preview/notifications.test.ts +582 -0
package/src/preview/notifications.ts +341 -0
package/src/queue/batch-processing.ts +402 -0
package/src/queue/dlq-monitoring.ts +402 -0
package/src/queue/fifo.ts +342 -0
package/src/queue/index.ts +9 -0
package/src/queue/management.ts +428 -0
package/src/queue/queue.test.ts +429 -0
package/src/resource-mgmt/index.ts +39 -0
package/src/resource-naming.ts +62 -0
package/src/s3/index.ts +523 -0
package/src/schema/cloud-config.schema.json +554 -0
package/src/schema/index.ts +68 -0
package/src/security/certificate-manager.ts +492 -0
package/src/security/index.ts +9 -0
package/src/security/scanning.ts +545 -0
package/src/security/secrets-manager.ts +476 -0
package/src/security/secrets-rotation.ts +456 -0
package/src/security/security.test.ts +738 -0
package/src/sms/advanced/ab-testing.ts +389 -0
package/src/sms/advanced/analytics.ts +336 -0
package/src/sms/advanced/campaigns.ts +523 -0
package/src/sms/advanced/chatbot.ts +224 -0
package/src/sms/advanced/index.ts +10 -0
package/src/sms/advanced/link-tracking.ts +248 -0
package/src/sms/advanced/mms.ts +308 -0
package/src/sms/handlers/__tests__/send.test.ts +40 -0
package/src/sms/handlers/delivery-status.ts +133 -0
package/src/sms/handlers/receive.ts +162 -0
package/src/sms/handlers/send.ts +174 -0
package/src/sms/index.ts +9 -0
package/src/stack-diff.ts +389 -0
package/src/static-site/index.ts +85 -0
package/src/template-builder.ts +110 -0
package/src/template-validator.ts +574 -0
package/src/utils/cache.ts +291 -0
package/src/utils/diff.ts +269 -0
package/src/utils/hash.ts +227 -0
package/src/utils/index.ts +8 -0
package/src/utils/parallel.ts +294 -0
package/src/validators/credentials.test.ts +274 -0
package/src/validators/credentials.ts +233 -0
package/src/validators/quotas.test.ts +434 -0
package/src/validators/quotas.ts +217 -0
package/test/ai.test.ts +327 -0
package/test/api.test.ts +511 -0
package/test/auth.test.ts +632 -0
package/test/cache.test.ts +406 -0
package/test/cdn.test.ts +247 -0
package/test/compute.test.ts +861 -0
package/test/database.test.ts +523 -0
package/test/deployment.test.ts +499 -0
package/test/dns.test.ts +270 -0
package/test/email.test.ts +439 -0
package/test/filesystem.test.ts +382 -0
package/test/integration.test.ts +350 -0
package/test/messaging.test.ts +514 -0
package/test/monitoring.test.ts +634 -0
package/test/network.test.ts +425 -0
package/test/permissions.test.ts +488 -0
package/test/queue.test.ts +484 -0
package/test/registry.test.ts +306 -0
package/test/security.test.ts +462 -0
package/test/storage.test.ts +463 -0
package/test/template-validator.test.ts +559 -0
package/test/workflow.test.ts +592 -0
package/tsconfig.json +16 -0
package/tsconfig.tsbuildinfo +1 -0

package/src/local/mock-aws.ts ADDED Viewed

@@ -0,0 +1,351 @@
+/**
+ * Mock AWS services for unit testing
+ * Provides in-memory implementations of AWS services without external dependencies
+ */
+export interface MockAWSConfig {
+  region?: string
+  credentials?: {
+    accessKeyId: string
+    secretAccessKey: string
+  }
+}
+/**
+ * Mock CloudFormation service
+ */
+export class MockCloudFormation {
+  private stacks: Map<string, any> = new Map()
+  private stackEvents: Map<string, any[]> = new Map()
+  async createStack(params: any): Promise<any> {
+    const stackId = `arn:aws:cloudformation:${params.region || 'us-east-1'}:123456789012:stack/${params.StackName}/${Date.now()}`
+    this.stacks.set(params.StackName, {
+      StackId: stackId,
+      StackName: params.StackName,
+      StackStatus: 'CREATE_IN_PROGRESS',
+      CreationTime: new Date().toISOString(),
+      TemplateBody: params.TemplateBody,
+      Parameters: params.Parameters || [],
+    })
+    this.addEvent(params.StackName, {
+      EventId: Date.now().toString(),
+      StackName: params.StackName,
+      LogicalResourceId: params.StackName,
+      ResourceType: 'AWS::CloudFormation::Stack',
+      Timestamp: new Date().toISOString(),
+      ResourceStatus: 'CREATE_IN_PROGRESS',
+    })
+    // Simulate async stack creation
+    setTimeout(() => {
+      const stack = this.stacks.get(params.StackName)
+      if (stack) {
+        stack.StackStatus = 'CREATE_COMPLETE'
+        this.addEvent(params.StackName, {
+          EventId: (Date.now() + 1).toString(),
+          StackName: params.StackName,
+          LogicalResourceId: params.StackName,
+          ResourceType: 'AWS::CloudFormation::Stack',
+          Timestamp: new Date().toISOString(),
+          ResourceStatus: 'CREATE_COMPLETE',
+        })
+      }
+    }, 100)
+    return { StackId: stackId }
+  }
+  async updateStack(params: any): Promise<any> {
+    const stack = this.stacks.get(params.StackName)
+    if (!stack) {
+      throw new Error(`Stack ${params.StackName} does not exist`)
+    }
+    stack.StackStatus = 'UPDATE_IN_PROGRESS'
+    stack.TemplateBody = params.TemplateBody || stack.TemplateBody
+    this.addEvent(params.StackName, {
+      EventId: Date.now().toString(),
+      StackName: params.StackName,
+      LogicalResourceId: params.StackName,
+      ResourceType: 'AWS::CloudFormation::Stack',
+      Timestamp: new Date().toISOString(),
+      ResourceStatus: 'UPDATE_IN_PROGRESS',
+    })
+    setTimeout(() => {
+      stack.StackStatus = 'UPDATE_COMPLETE'
+      this.addEvent(params.StackName, {
+        EventId: (Date.now() + 1).toString(),
+        StackName: params.StackName,
+        LogicalResourceId: params.StackName,
+        ResourceType: 'AWS::CloudFormation::Stack',
+        Timestamp: new Date().toISOString(),
+        ResourceStatus: 'UPDATE_COMPLETE',
+      })
+    }, 100)
+    return { StackId: stack.StackId }
+  }
+  async deleteStack(params: any): Promise<void> {
+    const stack = this.stacks.get(params.StackName)
+    if (!stack) {
+      throw new Error(`Stack ${params.StackName} does not exist`)
+    }
+    stack.StackStatus = 'DELETE_IN_PROGRESS'
+    this.addEvent(params.StackName, {
+      EventId: Date.now().toString(),
+      StackName: params.StackName,
+      LogicalResourceId: params.StackName,
+      ResourceType: 'AWS::CloudFormation::Stack',
+      Timestamp: new Date().toISOString(),
+      ResourceStatus: 'DELETE_IN_PROGRESS',
+    })
+    setTimeout(() => {
+      this.stacks.delete(params.StackName)
+      this.addEvent(params.StackName, {
+        EventId: (Date.now() + 1).toString(),
+        StackName: params.StackName,
+        LogicalResourceId: params.StackName,
+        ResourceType: 'AWS::CloudFormation::Stack',
+        Timestamp: new Date().toISOString(),
+        ResourceStatus: 'DELETE_COMPLETE',
+      })
+    }, 100)
+  }
+  async describeStacks(params: any): Promise<any> {
+    if (params.StackName) {
+      const stack = this.stacks.get(params.StackName)
+      if (!stack) {
+        throw new Error(`Stack ${params.StackName} does not exist`)
+      }
+      return {
+        Stacks: [stack],
+      }
+    }
+    return {
+      Stacks: Array.from(this.stacks.values()),
+    }
+  }
+  async describeStackEvents(params: any): Promise<any> {
+    const events = this.stackEvents.get(params.StackName) || []
+    return {
+      StackEvents: events,
+    }
+  }
+  private addEvent(stackName: string, event: any): void {
+    if (!this.stackEvents.has(stackName)) {
+      this.stackEvents.set(stackName, [])
+    }
+    this.stackEvents.get(stackName)!.unshift(event)
+  }
+  /**
+   * Reset mock state (useful for testing)
+   */
+  reset(): void {
+    this.stacks.clear()
+    this.stackEvents.clear()
+  }
+}
+/**
+ * Mock S3 service
+ */
+export class MockS3 {
+  private buckets: Map<string, Map<string, Buffer>> = new Map()
+  async createBucket(params: any): Promise<any> {
+    this.buckets.set(params.Bucket, new Map())
+    return {
+      Location: `/${params.Bucket}`,
+    }
+  }
+  async deleteBucket(params: any): Promise<void> {
+    this.buckets.delete(params.Bucket)
+  }
+  async putObject(params: any): Promise<any> {
+    let bucket = this.buckets.get(params.Bucket)
+    if (!bucket) {
+      bucket = new Map()
+      this.buckets.set(params.Bucket, bucket)
+    }
+    bucket.set(params.Key, Buffer.from(params.Body || ''))
+    return {
+      ETag: `"${Date.now()}"`,
+    }
+  }
+  async getObject(params: any): Promise<any> {
+    const bucket = this.buckets.get(params.Bucket)
+    if (!bucket) {
+      throw new Error(`Bucket ${params.Bucket} does not exist`)
+    }
+    const data = bucket.get(params.Key)
+    if (!data) {
+      throw new Error(`Object ${params.Key} does not exist`)
+    }
+    return {
+      Body: data,
+      ContentLength: data.length,
+    }
+  }
+  async deleteObject(params: any): Promise<void> {
+    const bucket = this.buckets.get(params.Bucket)
+    if (bucket) {
+      bucket.delete(params.Key)
+    }
+  }
+  async listObjects(params: any): Promise<any> {
+    const bucket = this.buckets.get(params.Bucket)
+    if (!bucket) {
+      throw new Error(`Bucket ${params.Bucket} does not exist`)
+    }
+    const objects = Array.from(bucket.keys()).map(key => ({
+      Key: key,
+      Size: bucket.get(key)!.length,
+      LastModified: new Date().toISOString(),
+    }))
+    return {
+      Contents: objects,
+    }
+  }
+  /**
+   * Reset mock state
+   */
+  reset(): void {
+    this.buckets.clear()
+  }
+}
+/**
+ * Mock DynamoDB service
+ */
+export class MockDynamoDB {
+  private tables: Map<string, any> = new Map()
+  private data: Map<string, Map<string, any>> = new Map()
+  async createTable(params: any): Promise<any> {
+    this.tables.set(params.TableName, {
+      TableName: params.TableName,
+      KeySchema: params.KeySchema,
+      AttributeDefinitions: params.AttributeDefinitions,
+      TableStatus: 'ACTIVE',
+      CreationDateTime: new Date().toISOString(),
+    })
+    this.data.set(params.TableName, new Map())
+    return {
+      TableDescription: this.tables.get(params.TableName),
+    }
+  }
+  async deleteTable(params: any): Promise<void> {
+    this.tables.delete(params.TableName)
+    this.data.delete(params.TableName)
+  }
+  async putItem(params: any): Promise<void> {
+    let tableData = this.data.get(params.TableName)
+    if (!tableData) {
+      tableData = new Map()
+      this.data.set(params.TableName, tableData)
+    }
+    const key = JSON.stringify(params.Item)
+    tableData.set(key, params.Item)
+  }
+  async getItem(params: any): Promise<any> {
+    const tableData = this.data.get(params.TableName)
+    if (!tableData) {
+      return {}
+    }
+    const key = JSON.stringify(params.Key)
+    const item = tableData.get(key)
+    return item ? { Item: item } : {}
+  }
+  async deleteItem(params: any): Promise<void> {
+    const tableData = this.data.get(params.TableName)
+    if (tableData) {
+      const key = JSON.stringify(params.Key)
+      tableData.delete(key)
+    }
+  }
+  async scan(params: any): Promise<any> {
+    const tableData = this.data.get(params.TableName)
+    if (!tableData) {
+      return { Items: [] }
+    }
+    return {
+      Items: Array.from(tableData.values()),
+    }
+  }
+  /**
+   * Reset mock state
+   */
+  reset(): void {
+    this.tables.clear()
+    this.data.clear()
+  }
+}
+/**
+ * Create mock AWS services
+ */
+export function createMockAWS(config?: MockAWSConfig): {
+  cloudformation: MockCloudFormation
+  s3: MockS3
+  dynamodb: MockDynamoDB
+} {
+  return {
+    cloudformation: new MockCloudFormation(),
+    s3: new MockS3(),
+    dynamodb: new MockDynamoDB(),
+  }
+}

package/src/modules/ai.ts ADDED Viewed

@@ -0,0 +1,340 @@
+import type {
+  IAMRole,
+  IAMManagedPolicy,
+} from '@stacksjs/ts-cloud-aws-types'
+import type { EnvironmentType } from '@stacksjs/ts-cloud-types'
+import { generateLogicalId, generateResourceName } from '../resource-naming'
+export interface BedrockRoleOptions {
+  slug: string
+  environment: EnvironmentType
+  name?: string
+  models?: string[]
+  allowStreaming?: boolean
+}
+export interface BedrockPolicyOptions {
+  slug: string
+  environment: EnvironmentType
+  name?: string
+  models?: string[]
+  allowInvoke?: boolean
+  allowStreaming?: boolean
+  allowAsync?: boolean
+}
+/**
+ * AI Module - Amazon Bedrock
+ * Provides clean API for setting up Bedrock permissions and roles
+ */
+export class AI {
+  /**
+   * Create an IAM role for Bedrock access
+   */
+  static createBedrockRole(
+    servicePrincipal: string,
+    options: BedrockRoleOptions,
+  ): {
+      role: IAMRole
+      logicalId: string
+    } {
+    const {
+      slug,
+      environment,
+      name,
+      models = ['*'],
+      allowStreaming = true,
+    } = options
+    const resourceName = name || generateResourceName({
+      slug,
+      environment,
+      resourceType: 'bedrock-role',
+    })
+    const logicalId = generateLogicalId(resourceName)
+    // Build actions array
+    const actions = ['bedrock:InvokeModel']
+    if (allowStreaming) {
+      actions.push('bedrock:InvokeModelWithResponseStream')
+    }
+    // Build resource ARNs for models
+    const modelArns = models.map(model =>
+      model === '*'
+        ? 'arn:aws:bedrock:*::foundation-model/*'
+        : `arn:aws:bedrock:*::foundation-model/${model}`,
+    )
+    const role: IAMRole = {
+      Type: 'AWS::IAM::Role',
+      Properties: {
+        RoleName: resourceName,
+        AssumeRolePolicyDocument: {
+          Version: '2012-10-17',
+          Statement: [
+            {
+              Effect: 'Allow',
+              Principal: {
+                Service: servicePrincipal,
+              },
+              Action: 'sts:AssumeRole',
+            },
+          ],
+        },
+        Policies: [
+          {
+            PolicyName: `${resourceName}-policy`,
+            PolicyDocument: {
+              Version: '2012-10-17',
+              Statement: [
+                {
+                  Effect: 'Allow',
+                  Action: actions,
+                  Resource: modelArns,
+                },
+              ],
+            },
+          },
+        ],
+        Tags: [
+          { Key: 'Name', Value: resourceName },
+          { Key: 'Environment', Value: environment },
+        ],
+      },
+    }
+    return { role, logicalId }
+  }
+  /**
+   * Create an IAM policy for Bedrock model invocation
+   */
+  static createBedrockPolicy(options: BedrockPolicyOptions): {
+    policy: IAMManagedPolicy
+    logicalId: string
+  } {
+    const {
+      slug,
+      environment,
+      name,
+      models = ['*'],
+      allowInvoke = true,
+      allowStreaming = true,
+      allowAsync = false,
+    } = options
+    const resourceName = name || generateResourceName({
+      slug,
+      environment,
+      resourceType: 'bedrock-policy',
+    })
+    const logicalId = generateLogicalId(resourceName)
+    // Build actions array
+    const actions: string[] = []
+    if (allowInvoke) {
+      actions.push('bedrock:InvokeModel')
+    }
+    if (allowStreaming) {
+      actions.push('bedrock:InvokeModelWithResponseStream')
+    }
+    if (allowAsync) {
+      actions.push('bedrock:InvokeModelAsync')
+    }
+    // Build resource ARNs for models
+    const modelArns = models.map(model =>
+      model === '*'
+        ? 'arn:aws:bedrock:*::foundation-model/*'
+        : `arn:aws:bedrock:*::foundation-model/${model}`,
+    )
+    const policy: IAMManagedPolicy = {
+      Type: 'AWS::IAM::ManagedPolicy',
+      Properties: {
+        ManagedPolicyName: resourceName,
+        PolicyDocument: {
+          Version: '2012-10-17',
+          Statement: [
+            {
+              Sid: 'BedrockModelInvocation',
+              Effect: 'Allow',
+              Action: actions,
+              Resource: modelArns,
+            },
+          ],
+        },
+      },
+    }
+    return { policy, logicalId }
+  }
+  /**
+   * Enable Bedrock for Lambda function
+   * Returns a role with Bedrock permissions
+   */
+  static enableBedrockForLambda(options: BedrockRoleOptions): {
+    role: IAMRole
+    logicalId: string
+  } {
+    return AI.createBedrockRole('lambda.amazonaws.com', options)
+  }
+  /**
+   * Enable Bedrock for ECS task
+   * Returns a role with Bedrock permissions
+   */
+  static enableBedrockForEcs(options: BedrockRoleOptions): {
+    role: IAMRole
+    logicalId: string
+  } {
+    return AI.createBedrockRole('ecs-tasks.amazonaws.com', options)
+  }
+  /**
+   * Enable Bedrock for EC2 instance
+   * Returns a role with Bedrock permissions
+   */
+  static enableBedrockForEc2(options: BedrockRoleOptions): {
+    role: IAMRole
+    logicalId: string
+  } {
+    return AI.createBedrockRole('ec2.amazonaws.com', options)
+  }
+  /**
+   * Add Bedrock permissions to an existing role
+   */
+  static addBedrockPermissions(
+    role: IAMRole,
+    models: string[] = ['*'],
+    allowStreaming = true,
+  ): IAMRole {
+    // Build actions array
+    const actions = ['bedrock:InvokeModel']
+    if (allowStreaming) {
+      actions.push('bedrock:InvokeModelWithResponseStream')
+    }
+    // Build resource ARNs for models
+    const modelArns = models.map(model =>
+      model === '*'
+        ? 'arn:aws:bedrock:*::foundation-model/*'
+        : `arn:aws:bedrock:*::foundation-model/${model}`,
+    )
+    if (!role.Properties.Policies) {
+      role.Properties.Policies = []
+    }
+    // Add Bedrock policy
+    role.Properties.Policies.push({
+      PolicyName: 'bedrock-permissions',
+      PolicyDocument: {
+        Version: '2012-10-17',
+        Statement: [
+          {
+            Effect: 'Allow',
+            Action: actions,
+            Resource: modelArns,
+          },
+        ],
+      },
+    })
+    return role
+  }
+  /**
+   * Common Bedrock model IDs
+   */
+  static readonly Models = {
+    // Anthropic Claude Models
+    Claude3_5_Sonnet: 'anthropic.claude-3-5-sonnet-20241022-v2:0',
+    Claude3_5_Haiku: 'anthropic.claude-3-5-haiku-20241022-v1:0',
+    Claude3_Opus: 'anthropic.claude-3-opus-20240229-v1:0',
+    Claude3_Sonnet: 'anthropic.claude-3-sonnet-20240229-v1:0',
+    Claude3_Haiku: 'anthropic.claude-3-haiku-20240307-v1:0',
+    // Amazon Titan Models
+    TitanTextG1Express: 'amazon.titan-text-express-v1',
+    TitanTextG1Lite: 'amazon.titan-text-lite-v1',
+    TitanEmbedG1Text: 'amazon.titan-embed-text-v1',
+    TitanImageG1: 'amazon.titan-image-generator-v1',
+    // AI21 Labs Models
+    JurassicUltra: 'ai21.j2-ultra-v1',
+    JurassicMid: 'ai21.j2-mid-v1',
+    // Cohere Models
+    CommandText: 'cohere.command-text-v14',
+    CommandLight: 'cohere.command-light-text-v14',
+    EmbedEnglish: 'cohere.embed-english-v3',
+    EmbedMultilingual: 'cohere.embed-multilingual-v3',
+    // Meta Llama Models
+    Llama3_2_1B: 'meta.llama3-2-1b-instruct-v1:0',
+    Llama3_2_3B: 'meta.llama3-2-3b-instruct-v1:0',
+    Llama3_2_11B: 'meta.llama3-2-11b-instruct-v1:0',
+    Llama3_2_90B: 'meta.llama3-2-90b-instruct-v1:0',
+    Llama3_1_8B: 'meta.llama3-1-8b-instruct-v1:0',
+    Llama3_1_70B: 'meta.llama3-1-70b-instruct-v1:0',
+    Llama3_1_405B: 'meta.llama3-1-405b-instruct-v1:0',
+    // Mistral AI Models
+    Mistral7B: 'mistral.mistral-7b-instruct-v0:2',
+    Mixtral8x7B: 'mistral.mixtral-8x7b-instruct-v0:1',
+    MistralLarge: 'mistral.mistral-large-2402-v1:0',
+    // Stability AI Models
+    StableDiffusionXL: 'stability.stable-diffusion-xl-v1',
+  } as const
+  /**
+   * Common model groups for easier permission management
+   */
+  static readonly ModelGroups = {
+    AllClaude: [
+      'anthropic.claude-3-5-sonnet-20241022-v2:0',
+      'anthropic.claude-3-5-haiku-20241022-v1:0',
+      'anthropic.claude-3-opus-20240229-v1:0',
+      'anthropic.claude-3-sonnet-20240229-v1:0',
+      'anthropic.claude-3-haiku-20240307-v1:0',
+    ],
+    AllTitan: [
+      'amazon.titan-text-express-v1',
+      'amazon.titan-text-lite-v1',
+      'amazon.titan-embed-text-v1',
+      'amazon.titan-image-generator-v1',
+    ],
+    AllLlama: [
+      'meta.llama3-2-1b-instruct-v1:0',
+      'meta.llama3-2-3b-instruct-v1:0',
+      'meta.llama3-2-11b-instruct-v1:0',
+      'meta.llama3-2-90b-instruct-v1:0',
+      'meta.llama3-1-8b-instruct-v1:0',
+      'meta.llama3-1-70b-instruct-v1:0',
+      'meta.llama3-1-405b-instruct-v1:0',
+    ],
+    TextModels: [
+      'anthropic.claude-3-5-sonnet-20241022-v2:0',
+      'anthropic.claude-3-5-haiku-20241022-v1:0',
+      'amazon.titan-text-express-v1',
+      'meta.llama3-2-11b-instruct-v1:0',
+      'mistral.mistral-7b-instruct-v0:2',
+    ],
+    EmbeddingModels: [
+      'amazon.titan-embed-text-v1',
+      'cohere.embed-english-v3',
+      'cohere.embed-multilingual-v3',
+    ],
+    ImageModels: [
+      'amazon.titan-image-generator-v1',
+      'stability.stable-diffusion-xl-v1',
+    ],
+  } as const
+}