@stacksjs/ts-cloud-core 0.1.2 → 0.1.6

package/src/containers/image-scanning.ts

@@ -1,360 +0,0 @@
-/**
- * Container Image Scanning
- * Vulnerability scanning with Trivy, Snyk, and other tools
- */
-
-export interface ImageScanConfig {
-  id: string
-  repository: string
-  imageTag: string
-  scanner: ScannerType
-  scanOnPush: boolean
-  scanSchedule?: string
-  failOnSeverity?: 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW'
-  ignoreUnfixed?: boolean
-}
-
-export type ScannerType = 'trivy' | 'snyk' | 'clair' | 'anchore' | 'ecr'
-
-export interface ImageScanResult {
-  id: string
-  imageUri: string
-  scannerType: ScannerType
-  scanDate: Date
-  vulnerabilities: ImageVulnerability[]
-  summary: VulnerabilitySummary
-  passed: boolean
-}
-
-export interface ImageVulnerability {
-  id: string
-  cve: string
-  severity: 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW' | 'UNKNOWN'
-  packageName: string
-  installedVersion: string
-  fixedVersion?: string
-  title: string
-  description: string
-  references: string[]
-  cvss?: number
-}
-
-export interface VulnerabilitySummary {
-  total: number
-  critical: number
-  high: number
-  medium: number
-  low: number
-  unknown: number
-}
-
-export interface ScanPolicy {
-  id: string
-  name: string
-  allowedSeverities: string[]
-  maxCritical: number
-  maxHigh: number
-  blockOnFailure: boolean
-  exemptions: string[] // CVE IDs to ignore
-}
-
-/**
- * Image scanning manager
- */
-export class ImageScanningManager {
-  private configs: Map<string, ImageScanConfig> = new Map()
-  private results: Map<string, ImageScanResult> = new Map()
-  private policies: Map<string, ScanPolicy> = new Map()
-  private configCounter = 0
-  private resultCounter = 0
-  private policyCounter = 0
-
-  /**
-   * Configure image scanning
-   */
-  configureScan(config: Omit<ImageScanConfig, 'id'>): ImageScanConfig {
-    const id = `scan-config-${Date.now()}-${this.configCounter++}`
-
-    const scanConfig: ImageScanConfig = {
-      id,
-      ...config,
-    }
-
-    this.configs.set(id, scanConfig)
-
-    return scanConfig
-  }
-
-  /**
-   * Configure Trivy scanning
-   */
-  configureTrivyScan(options: {
-    repository: string
-    imageTag: string
-    scanOnPush?: boolean
-    ignoreUnfixed?: boolean
-  }): ImageScanConfig {
-    return this.configureScan({
-      repository: options.repository,
-      imageTag: options.imageTag,
-      scanner: 'trivy',
-      scanOnPush: options.scanOnPush ?? true,
-      ignoreUnfixed: options.ignoreUnfixed ?? false,
-      failOnSeverity: 'HIGH',
-    })
-  }
-
-  /**
-   * Configure Snyk scanning
-   */
-  configureSnykScan(options: {
-    repository: string
-    imageTag: string
-    scanOnPush?: boolean
-  }): ImageScanConfig {
-    return this.configureScan({
-      repository: options.repository,
-      imageTag: options.imageTag,
-      scanner: 'snyk',
-      scanOnPush: options.scanOnPush ?? true,
-      failOnSeverity: 'HIGH',
-    })
-  }
-
-  /**
-   * Configure ECR scanning
-   */
-  configureECRScan(options: {
-    repository: string
-    scanOnPush?: boolean
-  }): ImageScanConfig {
-    return this.configureScan({
-      repository: options.repository,
-      imageTag: 'latest',
-      scanner: 'ecr',
-      scanOnPush: options.scanOnPush ?? true,
-      failOnSeverity: 'CRITICAL',
-    })
-  }
-
-  /**
-   * Scan image
-   */
-  async scanImage(configId: string): Promise<ImageScanResult> {
-    const config = this.configs.get(configId)
-
-    if (!config) {
-      throw new Error(`Scan config not found: ${configId}`)
-    }
-
-    const imageUri = `${config.repository}:${config.imageTag}`
-
-    console.log(`\nScanning image: ${imageUri}`)
-    console.log(`Scanner: ${config.scanner}`)
-
-    const id = `scan-result-${Date.now()}-${this.resultCounter++}`
-
-    // Simulate scanning
-    const vulnerabilities = this.simulateVulnerabilities(config)
-
-    const summary: VulnerabilitySummary = {
-      total: vulnerabilities.length,
-      critical: vulnerabilities.filter(v => v.severity === 'CRITICAL').length,
-      high: vulnerabilities.filter(v => v.severity === 'HIGH').length,
-      medium: vulnerabilities.filter(v => v.severity === 'MEDIUM').length,
-      low: vulnerabilities.filter(v => v.severity === 'LOW').length,
-      unknown: vulnerabilities.filter(v => v.severity === 'UNKNOWN').length,
-    }
-
-    const passed = this.evaluateScanResult(config, summary)
-
-    const result: ImageScanResult = {
-      id,
-      imageUri,
-      scannerType: config.scanner,
-      scanDate: new Date(),
-      vulnerabilities,
-      summary,
-      passed,
-    }
-
-    this.results.set(id, result)
-
-    console.log('\nScan Results:')
-    console.log(`  Total vulnerabilities: ${summary.total}`)
-    console.log(`  Critical: ${summary.critical}`)
-    console.log(`  High: ${summary.high}`)
-    console.log(`  Medium: ${summary.medium}`)
-    console.log(`  Low: ${summary.low}`)
-    console.log(`  Status: ${passed ? '✓ PASSED' : '✗ FAILED'}`)
-
-    return result
-  }
-
-  /**
-   * Simulate vulnerabilities (in production, call actual scanner)
-   */
-  private simulateVulnerabilities(config: ImageScanConfig): ImageVulnerability[] {
-    const vulnerabilities: ImageVulnerability[] = []
-
-    if (config.scanner === 'trivy' || config.scanner === 'ecr') {
-      vulnerabilities.push({
-        id: 'vuln-1',
-        cve: 'CVE-2024-1234',
-        severity: 'HIGH',
-        packageName: 'openssl',
-        installedVersion: '1.1.1k',
-        fixedVersion: '1.1.1l',
-        title: 'OpenSSL buffer overflow',
-        description: 'Buffer overflow vulnerability in OpenSSL',
-        references: ['https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1234'],
-        cvss: 7.5,
-      })
-
-      vulnerabilities.push({
-        id: 'vuln-2',
-        cve: 'CVE-2024-5678',
-        severity: 'MEDIUM',
-        packageName: 'curl',
-        installedVersion: '7.68.0',
-        fixedVersion: '7.79.0',
-        title: 'curl remote code execution',
-        description: 'Remote code execution in curl',
-        references: ['https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5678'],
-        cvss: 5.3,
-      })
-    }
-
-    return vulnerabilities
-  }
-
-  /**
-   * Evaluate scan result
-   */
-  private evaluateScanResult(config: ImageScanConfig, summary: VulnerabilitySummary): boolean {
-    if (!config.failOnSeverity) {
-      return true
-    }
-
-    switch (config.failOnSeverity) {
-      case 'CRITICAL':
-        return summary.critical === 0
-      case 'HIGH':
-        return summary.critical === 0 && summary.high === 0
-      case 'MEDIUM':
-        return summary.critical === 0 && summary.high === 0 && summary.medium === 0
-      case 'LOW':
-        return summary.total === 0
-      default:
-        return true
-    }
-  }
-
-  /**
-   * Create scan policy
-   */
-  createPolicy(policy: Omit<ScanPolicy, 'id'>): ScanPolicy {
-    const id = `policy-${Date.now()}-${this.policyCounter++}`
-
-    const scanPolicy: ScanPolicy = {
-      id,
-      ...policy,
-    }
-
-    this.policies.set(id, scanPolicy)
-
-    return scanPolicy
-  }
-
-  /**
-   * Create strict policy
-   */
-  createStrictPolicy(name: string): ScanPolicy {
-    return this.createPolicy({
-      name,
-      allowedSeverities: [],
-      maxCritical: 0,
-      maxHigh: 0,
-      blockOnFailure: true,
-      exemptions: [],
-    })
-  }
-
-  /**
-   * Create permissive policy
-   */
-  createPermissivePolicy(name: string): ScanPolicy {
-    return this.createPolicy({
-      name,
-      allowedSeverities: ['CRITICAL', 'HIGH', 'MEDIUM', 'LOW'],
-      maxCritical: 5,
-      maxHigh: 10,
-      blockOnFailure: false,
-      exemptions: [],
-    })
-  }
-
-  /**
-   * Get config
-   */
-  getConfig(id: string): ImageScanConfig | undefined {
-    return this.configs.get(id)
-  }
-
-  /**
-   * List configs
-   */
-  listConfigs(): ImageScanConfig[] {
-    return Array.from(this.configs.values())
-  }
-
-  /**
-   * Get result
-   */
-  getResult(id: string): ImageScanResult | undefined {
-    return this.results.get(id)
-  }
-
-  /**
-   * List results
-   */
-  listResults(): ImageScanResult[] {
-    return Array.from(this.results.values())
-  }
-
-  /**
-   * Generate CloudFormation for ECR scanning
-   */
-  generateECRScanCF(config: ImageScanConfig): any {
-    return {
-      Type: 'AWS::ECR::Repository',
-      Properties: {
-        RepositoryName: config.repository,
-        ImageScanningConfiguration: {
-          ScanOnPush: config.scanOnPush,
-        },
-        ImageTagMutability: 'IMMUTABLE',
-        EncryptionConfiguration: {
-          EncryptionType: 'AES256',
-        },
-      },
-    }
-  }
-
-  /**
-   * Clear all data
-   */
-  clear(): void {
-    this.configs.clear()
-    this.results.clear()
-    this.policies.clear()
-    this.configCounter = 0
-    this.resultCounter = 0
-    this.policyCounter = 0
-  }
-}
-
-/**
- * Global image scanning manager instance
- */
-export const imageScanningManager: ImageScanningManager = new ImageScanningManager()

package/src/containers/index.ts

@@ -1,9 +0,0 @@
-/**
- * Container Advanced Features Module
- * Image scanning, build optimization, registry management, and service mesh
- */
-
-export * from './image-scanning'
-export * from './build-optimization'
-export * from './registry'
-export * from './service-mesh'

package/src/containers/registry.ts

@@ -1,293 +0,0 @@
-/**
- * Private Container Registry
- * ECR repository management and access control
- */
-
-export interface ContainerRegistry {
-  id: string
-  name: string
-  registryType: 'ecr' | 'dockerhub' | 'gcr' | 'acr'
-  repositoryUri: string
-  region?: string
-  encryption?: RegistryEncryption
-  scanning?: ScanningConfig
-  lifecycle?: LifecyclePolicy
-  replication?: ReplicationConfig
-}
-
-export interface RegistryEncryption {
-  encryptionType: 'AES256' | 'KMS'
-  kmsKeyId?: string
-}
-
-export interface ScanningConfig {
-  scanOnPush: boolean
-  scanFilters?: ScanFilter[]
-}
-
-export interface ScanFilter {
-  tagPattern: string
-  scanFrequency: 'on_push' | 'daily' | 'weekly'
-}
-
-export interface LifecyclePolicy {
-  id: string
-  rules: LifecycleRule[]
-}
-
-export interface LifecycleRule {
-  rulePriority: number
-  description: string
-  selection: {
-    tagStatus: 'tagged' | 'untagged' | 'any'
-    tagPrefixList?: string[]
-    countType: 'imageCountMoreThan' | 'sinceImagePushed'
-    countNumber: number
-    countUnit?: 'days'
-  }
-  action: {
-    type: 'expire'
-  }
-}
-
-export interface ReplicationConfig {
-  enabled: boolean
-  destinations: ReplicationDestination[]
-  rules?: ReplicationRule[]
-}
-
-export interface ReplicationDestination {
-  region: string
-  registryId?: string
-}
-
-export interface ReplicationRule {
-  repositoryFilter: string[]
-  destinations: ReplicationDestination[]
-}
-
-export interface RegistryCredentials {
-  id: string
-  registryId: string
-  username: string
-  passwordSecretArn: string
-  expiresAt?: Date
-}
-
-/**
- * Container registry manager
- */
-export class ContainerRegistryManager {
-  private registries: Map<string, ContainerRegistry> = new Map()
-  private credentials: Map<string, RegistryCredentials> = new Map()
-  private registryCounter = 0
-  private credentialsCounter = 0
-
-  /**
-   * Create registry
-   */
-  createRegistry(registry: Omit<ContainerRegistry, 'id'>): ContainerRegistry {
-    const id = `registry-${Date.now()}-${this.registryCounter++}`
-
-    const containerRegistry: ContainerRegistry = {
-      id,
-      ...registry,
-    }
-
-    this.registries.set(id, containerRegistry)
-
-    return containerRegistry
-  }
-
-  /**
-   * Create ECR repository
-   */
-  createECRRepository(options: {
-    name: string
-    region?: string
-    scanOnPush?: boolean
-    encryption?: 'AES256' | 'KMS'
-    kmsKeyId?: string
-  }): ContainerRegistry {
-    return this.createRegistry({
-      name: options.name,
-      registryType: 'ecr',
-      repositoryUri: `123456789012.dkr.ecr.${options.region || 'us-east-1'}.amazonaws.com/${options.name}`,
-      region: options.region || 'us-east-1',
-      encryption: {
-        encryptionType: options.encryption || 'AES256',
-        kmsKeyId: options.kmsKeyId,
-      },
-      scanning: {
-        scanOnPush: options.scanOnPush ?? true,
-      },
-    })
-  }
-
-  /**
-   * Create private registry with lifecycle policy
-   */
-  createManagedRepository(options: {
-    name: string
-    region?: string
-    maxImageCount?: number
-    maxImageAgeDays?: number
-  }): ContainerRegistry {
-    const registry = this.createECRRepository({
-      name: options.name,
-      region: options.region,
-      scanOnPush: true,
-      encryption: 'KMS',
-    })
-
-    // Add lifecycle policy
-    registry.lifecycle = {
-      id: `lifecycle-${Date.now()}`,
-      rules: [
-        {
-          rulePriority: 1,
-          description: 'Keep only last N images',
-          selection: {
-            tagStatus: 'any',
-            countType: 'imageCountMoreThan',
-            countNumber: options.maxImageCount || 10,
-          },
-          action: {
-            type: 'expire',
-          },
-        },
-        {
-          rulePriority: 2,
-          description: 'Remove images older than N days',
-          selection: {
-            tagStatus: 'untagged',
-            countType: 'sinceImagePushed',
-            countNumber: options.maxImageAgeDays || 30,
-            countUnit: 'days',
-          },
-          action: {
-            type: 'expire',
-          },
-        },
-      ],
-    }
-
-    return registry
-  }
-
-  /**
-   * Enable cross-region replication
-   */
-  enableReplication(
-    registryId: string,
-    destinations: ReplicationDestination[]
-  ): ContainerRegistry {
-    const registry = this.registries.get(registryId)
-
-    if (!registry) {
-      throw new Error(`Registry not found: ${registryId}`)
-    }
-
-    registry.replication = {
-      enabled: true,
-      destinations,
-    }
-
-    return registry
-  }
-
-  /**
-   * Create registry credentials
-   */
-  createCredentials(credentials: Omit<RegistryCredentials, 'id'>): RegistryCredentials {
-    const id = `creds-${Date.now()}-${this.credentialsCounter++}`
-
-    const registryCredentials: RegistryCredentials = {
-      id,
-      ...credentials,
-    }
-
-    this.credentials.set(id, registryCredentials)
-
-    return registryCredentials
-  }
-
-  /**
-   * Get registry
-   */
-  getRegistry(id: string): ContainerRegistry | undefined {
-    return this.registries.get(id)
-  }
-
-  /**
-   * List registries
-   */
-  listRegistries(): ContainerRegistry[] {
-    return Array.from(this.registries.values())
-  }
-
-  /**
-   * Generate CloudFormation for ECR repository
-   */
-  generateECRRepositoryCF(registry: ContainerRegistry): any {
-    return {
-      Type: 'AWS::ECR::Repository',
-      Properties: {
-        RepositoryName: registry.name,
-        ImageScanningConfiguration: {
-          ScanOnPush: registry.scanning?.scanOnPush ?? false,
-        },
-        EncryptionConfiguration: {
-          EncryptionType: registry.encryption?.encryptionType || 'AES256',
-          ...(registry.encryption?.kmsKeyId && {
-            KmsKey: registry.encryption.kmsKeyId,
-          }),
-        },
-        ImageTagMutability: 'MUTABLE',
-        ...(registry.lifecycle && {
-          LifecyclePolicy: {
-            LifecyclePolicyText: JSON.stringify({
-              rules: registry.lifecycle.rules,
-            }),
-          },
-        }),
-      },
-    }
-  }
-
-  /**
-   * Generate CloudFormation for replication configuration
-   */
-  generateReplicationConfigCF(replication: ReplicationConfig): any {
-    return {
-      Type: 'AWS::ECR::ReplicationConfiguration',
-      Properties: {
-        ReplicationConfiguration: {
-          Rules: replication.destinations.map(dest => ({
-            Destinations: [
-              {
-                Region: dest.region,
-                ...(dest.registryId && { RegistryId: dest.registryId }),
-              },
-            ],
-          })),
-        },
-      },
-    }
-  }
-
-  /**
-   * Clear all data
-   */
-  clear(): void {
-    this.registries.clear()
-    this.credentials.clear()
-    this.registryCounter = 0
-    this.credentialsCounter = 0
-  }
-}
-
-/**
- * Global container registry manager instance
- */
-export const containerRegistryManager: ContainerRegistryManager = new ContainerRegistryManager()