npm - @stacksjs/ts-cloud-core - Versions diffs - 0.1.3 → 0.1.6 - Mend

@stacksjs/ts-cloud-core 0.1.3 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (250) hide show

package/README.md +98 -13
package/package.json +12 -3
package/src/advanced-features.test.ts +0 -465
package/src/aws/cloudformation.ts +0 -421
package/src/aws/cloudfront.ts +0 -158
package/src/aws/credentials.test.ts +0 -132
package/src/aws/credentials.ts +0 -545
package/src/aws/index.ts +0 -87
package/src/aws/s3.test.ts +0 -188
package/src/aws/s3.ts +0 -1088
package/src/aws/signature.test.ts +0 -670
package/src/aws/signature.ts +0 -1155
package/src/backup/disaster-recovery.test.ts +0 -726
package/src/backup/disaster-recovery.ts +0 -500
package/src/backup/index.ts +0 -34
package/src/backup/manager.test.ts +0 -498
package/src/backup/manager.ts +0 -432
package/src/cicd/circleci.ts +0 -430
package/src/cicd/github-actions.ts +0 -424
package/src/cicd/gitlab-ci.ts +0 -255
package/src/cicd/index.ts +0 -8
package/src/cli/history.ts +0 -396
package/src/cli/index.ts +0 -10
package/src/cli/progress.ts +0 -458
package/src/cli/repl.ts +0 -454
package/src/cli/suggestions.ts +0 -327
package/src/cli/table.test.ts +0 -319
package/src/cli/table.ts +0 -332
package/src/cloudformation/builder.test.ts +0 -327
package/src/cloudformation/builder.ts +0 -378
package/src/cloudformation/builders/api-gateway.ts +0 -449
package/src/cloudformation/builders/cache.ts +0 -334
package/src/cloudformation/builders/cdn.ts +0 -278
package/src/cloudformation/builders/compute.ts +0 -485
package/src/cloudformation/builders/database.ts +0 -392
package/src/cloudformation/builders/functions.ts +0 -343
package/src/cloudformation/builders/messaging.ts +0 -140
package/src/cloudformation/builders/monitoring.ts +0 -300
package/src/cloudformation/builders/network.ts +0 -264
package/src/cloudformation/builders/queue.ts +0 -147
package/src/cloudformation/builders/security.ts +0 -399
package/src/cloudformation/builders/storage.ts +0 -285
package/src/cloudformation/index.ts +0 -30
package/src/cloudformation/types.ts +0 -173
package/src/compliance/aws-config.ts +0 -543
package/src/compliance/cloudtrail.ts +0 -376
package/src/compliance/compliance.test.ts +0 -423
package/src/compliance/guardduty.ts +0 -446
package/src/compliance/index.ts +0 -66
package/src/compliance/security-hub.ts +0 -456
package/src/containers/build-optimization.ts +0 -416
package/src/containers/containers.test.ts +0 -508
package/src/containers/image-scanning.ts +0 -360
package/src/containers/index.ts +0 -9
package/src/containers/registry.ts +0 -293
package/src/containers/service-mesh.ts +0 -520
package/src/database/database.test.ts +0 -762
package/src/database/index.ts +0 -9
package/src/database/migrations.ts +0 -444
package/src/database/performance.ts +0 -528
package/src/database/replicas.ts +0 -534
package/src/database/users.ts +0 -494
package/src/dependency-graph.ts +0 -143
package/src/deployment/ab-testing.ts +0 -582
package/src/deployment/blue-green.ts +0 -452
package/src/deployment/canary.ts +0 -500
package/src/deployment/deployment.test.ts +0 -526
package/src/deployment/index.ts +0 -61
package/src/deployment/progressive.ts +0 -62
package/src/dns/dns.test.ts +0 -641
package/src/dns/dnssec.ts +0 -315
package/src/dns/index.ts +0 -8
package/src/dns/resolver.ts +0 -496
package/src/dns/routing.ts +0 -593
package/src/email/advanced/analytics.ts +0 -445
package/src/email/advanced/index.ts +0 -11
package/src/email/advanced/rules.ts +0 -465
package/src/email/advanced/scheduling.ts +0 -352
package/src/email/advanced/search.ts +0 -412
package/src/email/advanced/shared-mailboxes.ts +0 -404
package/src/email/advanced/templates.ts +0 -455
package/src/email/advanced/threading.ts +0 -281
package/src/email/analytics.ts +0 -467
package/src/email/bounce-handling.ts +0 -425
package/src/email/email.test.ts +0 -431
package/src/email/handlers/__tests__/inbound.test.ts +0 -38
package/src/email/handlers/__tests__/outbound.test.ts +0 -37
package/src/email/handlers/converter.ts +0 -227
package/src/email/handlers/feedback.ts +0 -228
package/src/email/handlers/inbound.ts +0 -169
package/src/email/handlers/outbound.ts +0 -178
package/src/email/index.ts +0 -15
package/src/email/reputation.ts +0 -303
package/src/email/templates.ts +0 -352
package/src/errors/index.test.ts +0 -434
package/src/errors/index.ts +0 -416
package/src/health-checks/index.ts +0 -40
package/src/index.ts +0 -360
package/src/intrinsic-functions.ts +0 -118
package/src/lambda/concurrency.ts +0 -330
package/src/lambda/destinations.ts +0 -345
package/src/lambda/dlq.ts +0 -425
package/src/lambda/index.ts +0 -11
package/src/lambda/lambda.test.ts +0 -840
package/src/lambda/layers.ts +0 -263
package/src/lambda/versions.ts +0 -376
package/src/lambda/vpc.ts +0 -399
package/src/local/config.ts +0 -114
package/src/local/index.ts +0 -6
package/src/local/mock-aws.ts +0 -351
package/src/modules/ai.ts +0 -340
package/src/modules/api.ts +0 -478
package/src/modules/auth.ts +0 -805
package/src/modules/cache.ts +0 -417
package/src/modules/cdn.ts +0 -1062
package/src/modules/communication.ts +0 -1094
package/src/modules/compute.ts +0 -3348
package/src/modules/database.ts +0 -554
package/src/modules/deployment.ts +0 -1079
package/src/modules/dns.ts +0 -337
package/src/modules/email.ts +0 -1538
package/src/modules/filesystem.ts +0 -515
package/src/modules/index.ts +0 -32
package/src/modules/messaging.ts +0 -486
package/src/modules/monitoring.ts +0 -2086
package/src/modules/network.ts +0 -664
package/src/modules/parameter-store.ts +0 -325
package/src/modules/permissions.ts +0 -1081
package/src/modules/phone.ts +0 -494
package/src/modules/queue.ts +0 -1260
package/src/modules/redirects.ts +0 -464
package/src/modules/registry.ts +0 -699
package/src/modules/search.ts +0 -401
package/src/modules/secrets.ts +0 -416
package/src/modules/security.ts +0 -731
package/src/modules/sms.ts +0 -389
package/src/modules/storage.ts +0 -1120
package/src/modules/workflow.ts +0 -680
package/src/multi-account/config.ts +0 -521
package/src/multi-account/index.ts +0 -7
package/src/multi-account/manager.ts +0 -427
package/src/multi-region/cross-region.ts +0 -410
package/src/multi-region/index.ts +0 -8
package/src/multi-region/manager.ts +0 -483
package/src/multi-region/regions.ts +0 -435
package/src/network-security/index.ts +0 -48
package/src/observability/index.ts +0 -9
package/src/observability/logs.ts +0 -522
package/src/observability/metrics.ts +0 -460
package/src/observability/observability.test.ts +0 -782
package/src/observability/synthetics.ts +0 -568
package/src/observability/xray.ts +0 -358
package/src/phone/advanced/analytics.ts +0 -349
package/src/phone/advanced/callbacks.ts +0 -428
package/src/phone/advanced/index.ts +0 -8
package/src/phone/advanced/ivr-builder.ts +0 -504
package/src/phone/advanced/recording.ts +0 -310
package/src/phone/handlers/__tests__/incoming-call.test.ts +0 -40
package/src/phone/handlers/incoming-call.ts +0 -117
package/src/phone/handlers/missed-call.ts +0 -116
package/src/phone/handlers/voicemail.ts +0 -179
package/src/phone/index.ts +0 -9
package/src/presets/api-backend.ts +0 -134
package/src/presets/data-pipeline.ts +0 -204
package/src/presets/extend.test.ts +0 -295
package/src/presets/extend.ts +0 -297
package/src/presets/fullstack-app.ts +0 -144
package/src/presets/index.ts +0 -27
package/src/presets/jamstack.ts +0 -135
package/src/presets/microservices.ts +0 -167
package/src/presets/ml-api.ts +0 -208
package/src/presets/nodejs-server.ts +0 -104
package/src/presets/nodejs-serverless.ts +0 -114
package/src/presets/realtime-app.ts +0 -184
package/src/presets/static-site.ts +0 -64
package/src/presets/traditional-web-app.ts +0 -339
package/src/presets/wordpress.ts +0 -138
package/src/preview/github.test.ts +0 -249
package/src/preview/github.ts +0 -297
package/src/preview/index.ts +0 -37
package/src/preview/manager.test.ts +0 -440
package/src/preview/manager.ts +0 -326
package/src/preview/notifications.test.ts +0 -582
package/src/preview/notifications.ts +0 -341
package/src/queue/batch-processing.ts +0 -402
package/src/queue/dlq-monitoring.ts +0 -402
package/src/queue/fifo.ts +0 -342
package/src/queue/index.ts +0 -9
package/src/queue/management.ts +0 -428
package/src/queue/queue.test.ts +0 -429
package/src/resource-mgmt/index.ts +0 -39
package/src/resource-naming.ts +0 -62
package/src/s3/index.ts +0 -523
package/src/schema/cloud-config.schema.json +0 -554
package/src/schema/index.ts +0 -68
package/src/security/certificate-manager.ts +0 -492
package/src/security/index.ts +0 -9
package/src/security/scanning.ts +0 -545
package/src/security/secrets-manager.ts +0 -476
package/src/security/secrets-rotation.ts +0 -456
package/src/security/security.test.ts +0 -738
package/src/sms/advanced/ab-testing.ts +0 -389
package/src/sms/advanced/analytics.ts +0 -336
package/src/sms/advanced/campaigns.ts +0 -523
package/src/sms/advanced/chatbot.ts +0 -224
package/src/sms/advanced/index.ts +0 -10
package/src/sms/advanced/link-tracking.ts +0 -248
package/src/sms/advanced/mms.ts +0 -308
package/src/sms/handlers/__tests__/send.test.ts +0 -40
package/src/sms/handlers/delivery-status.ts +0 -133
package/src/sms/handlers/receive.ts +0 -162
package/src/sms/handlers/send.ts +0 -174
package/src/sms/index.ts +0 -9
package/src/stack-diff.ts +0 -389
package/src/static-site/index.ts +0 -85
package/src/template-builder.ts +0 -110
package/src/template-validator.ts +0 -574
package/src/utils/cache.ts +0 -291
package/src/utils/diff.ts +0 -269
package/src/utils/hash.ts +0 -227
package/src/utils/index.ts +0 -8
package/src/utils/parallel.ts +0 -294
package/src/validators/credentials.test.ts +0 -274
package/src/validators/credentials.ts +0 -233
package/src/validators/quotas.test.ts +0 -434
package/src/validators/quotas.ts +0 -217
package/test/ai.test.ts +0 -327
package/test/api.test.ts +0 -511
package/test/auth.test.ts +0 -632
package/test/cache.test.ts +0 -406
package/test/cdn.test.ts +0 -247
package/test/compute.test.ts +0 -861
package/test/database.test.ts +0 -523
package/test/deployment.test.ts +0 -499
package/test/dns.test.ts +0 -270
package/test/email.test.ts +0 -439
package/test/filesystem.test.ts +0 -382
package/test/integration.test.ts +0 -350
package/test/messaging.test.ts +0 -514
package/test/monitoring.test.ts +0 -634
package/test/network.test.ts +0 -425
package/test/permissions.test.ts +0 -488
package/test/queue.test.ts +0 -484
package/test/registry.test.ts +0 -306
package/test/security.test.ts +0 -462
package/test/storage.test.ts +0 -463
package/test/template-validator.test.ts +0 -559
package/test/workflow.test.ts +0 -592
package/tsconfig.json +0 -16
package/tsconfig.tsbuildinfo +0 -1

package/src/modules/email.ts DELETED Viewed

@@ -1,1538 +0,0 @@
-import type {
-  IAMPolicy,
-  IAMRole,
-  LambdaFunction,
-  LambdaPermission,
-  Route53RecordSet,
-  S3Bucket,
-  SESConfigurationSet,
-  SESEmailIdentity,
-  SESReceiptRule,
-  SESReceiptRuleSet,
-} from '@stacksjs/ts-cloud-aws-types'
-import type { EnvironmentType } from '@stacksjs/ts-cloud-types'
-import { Fn } from '../intrinsic-functions'
-import { generateLogicalId, generateResourceName } from '../resource-naming'
-export interface EmailIdentityOptions {
-  domain: string
-  slug: string
-  environment: EnvironmentType
-  enableDkim?: boolean
-  dkimKeyLength?: 'RSA_1024_BIT' | 'RSA_2048_BIT'
-}
-export interface ConfigurationSetOptions {
-  slug: string
-  environment: EnvironmentType
-  name?: string
-  reputationMetrics?: boolean
-  sendingEnabled?: boolean
-  suppressBounces?: boolean
-  suppressComplaints?: boolean
-}
-export interface ReceiptRuleSetOptions {
-  slug: string
-  environment: EnvironmentType
-  name?: string
-}
-export interface ReceiptRuleOptions {
-  slug: string
-  environment: EnvironmentType
-  ruleSetName: string
-  recipients?: string[]
-  enabled?: boolean
-  scanEnabled?: boolean
-  tlsPolicy?: 'Optional' | 'Require'
-  s3Action?: {
-    bucketName: string
-    prefix?: string
-    kmsKeyArn?: string
-  }
-  lambdaAction?: {
-    functionArn: string
-    invocationType?: 'Event' | 'RequestResponse'
-  }
-  snsAction?: {
-    topicArn: string
-    encoding?: 'UTF-8' | 'Base64'
-  }
-}
-/**
- * Email Module - SES (Simple Email Service)
- * Provides clean API for email sending, receiving, and domain verification
- */
-export class Email {
-  /**
-   * Verify a domain for sending emails
-   */
-  static verifyDomain(options: EmailIdentityOptions): {
-    emailIdentity: SESEmailIdentity
-    logicalId: string
-  } {
-    const {
-      domain,
-      slug,
-      environment,
-      enableDkim = true,
-      dkimKeyLength = 'RSA_2048_BIT',
-    } = options
-    const resourceName = generateResourceName({
-      slug,
-      environment,
-      resourceType: 'ses-identity',
-    })
-    const logicalId = generateLogicalId(`${resourceName}-${domain.replace(/\./g, '')}`)
-    const emailIdentity: SESEmailIdentity = {
-      Type: 'AWS::SES::EmailIdentity',
-      Properties: {
-        EmailIdentity: domain,
-        FeedbackAttributes: {
-          EmailForwardingEnabled: true,
-        },
-      },
-    }
-    if (enableDkim) {
-      emailIdentity.Properties.DkimSigningAttributes = {
-        NextSigningKeyLength: dkimKeyLength,
-      }
-    }
-    return { emailIdentity, logicalId }
-  }
-  /**
-   * Create DNS records for DKIM verification
-   * Returns Route53 RecordSets for DKIM tokens
-   */
-  static createDkimRecords(
-    domain: string,
-    dkimTokens: string[],
-    hostedZoneId: string,
-  ): Array<{ record: Route53RecordSet, logicalId: string }> {
-    const records: Array<{ record: Route53RecordSet, logicalId: string }> = []
-    for (let i = 0; i < dkimTokens.length; i++) {
-      const token = dkimTokens[i]
-      const logicalId = generateLogicalId(`dkim-${domain.replace(/\./g, '')}-${i + 1}`)
-      const record: Route53RecordSet = {
-        Type: 'AWS::Route53::RecordSet',
-        Properties: {
-          HostedZoneId: hostedZoneId,
-          Name: `${token}._domainkey.${domain}`,
-          Type: 'CNAME',
-          TTL: 1800,
-          ResourceRecords: [`${token}.dkim.amazonses.com`],
-        },
-      }
-      records.push({ record, logicalId })
-    }
-    return records
-  }
-  /**
-   * Create SES Configuration Set
-   */
-  static createConfigurationSet(options: ConfigurationSetOptions): {
-    configurationSet: SESConfigurationSet
-    logicalId: string
-  } {
-    const {
-      slug,
-      environment,
-      name,
-      reputationMetrics = true,
-      sendingEnabled = true,
-      suppressBounces = true,
-      suppressComplaints = true,
-    } = options
-    const resourceName = name || generateResourceName({
-      slug,
-      environment,
-      resourceType: 'ses-config',
-    })
-    const logicalId = generateLogicalId(resourceName)
-    const suppressedReasons: ('BOUNCE' | 'COMPLAINT')[] = []
-    if (suppressBounces)
-      suppressedReasons.push('BOUNCE')
-    if (suppressComplaints)
-      suppressedReasons.push('COMPLAINT')
-    const configurationSet: SESConfigurationSet = {
-      Type: 'AWS::SES::ConfigurationSet',
-      Properties: {
-        Name: resourceName,
-        ReputationOptions: {
-          ReputationMetricsEnabled: reputationMetrics,
-        },
-        SendingOptions: {
-          SendingEnabled: sendingEnabled,
-        },
-        SuppressionOptions: {
-          SuppressedReasons: suppressedReasons,
-        },
-      },
-    }
-    return { configurationSet, logicalId }
-  }
-  /**
-   * Create Receipt Rule Set for inbound email
-   */
-  static createReceiptRuleSet(options: ReceiptRuleSetOptions): {
-    ruleSet: SESReceiptRuleSet
-    logicalId: string
-  } {
-    const { slug, environment, name } = options
-    const resourceName = name || generateResourceName({
-      slug,
-      environment,
-      resourceType: 'ses-ruleset',
-    })
-    const logicalId = generateLogicalId(resourceName)
-    const ruleSet: SESReceiptRuleSet = {
-      Type: 'AWS::SES::ReceiptRuleSet',
-      Properties: {
-        RuleSetName: resourceName,
-      },
-    }
-    return { ruleSet, logicalId }
-  }
-  /**
-   * Create Receipt Rule for processing inbound emails
-   */
-  static createReceiptRule(
-    ruleSetLogicalId: string,
-    options: ReceiptRuleOptions,
-  ): {
-      receiptRule: SESReceiptRule
-      logicalId: string
-    } {
-    const {
-      slug,
-      environment,
-      ruleSetName,
-      recipients,
-      enabled = true,
-      scanEnabled = true,
-      tlsPolicy = 'Require',
-      s3Action,
-      lambdaAction,
-      snsAction,
-    } = options
-    const resourceName = generateResourceName({
-      slug,
-      environment,
-      resourceType: 'ses-rule',
-    })
-    const logicalId = generateLogicalId(resourceName)
-    const actions: SESReceiptRule['Properties']['Rule']['Actions'] = []
-    if (s3Action) {
-      actions.push({
-        S3Action: {
-          BucketName: s3Action.bucketName,
-          ObjectKeyPrefix: s3Action.prefix,
-          KmsKeyArn: s3Action.kmsKeyArn,
-        },
-      })
-    }
-    if (lambdaAction) {
-      actions.push({
-        LambdaAction: {
-          FunctionArn: lambdaAction.functionArn,
-          InvocationType: lambdaAction.invocationType || 'Event',
-        },
-      })
-    }
-    if (snsAction) {
-      actions.push({
-        SNSAction: {
-          TopicArn: snsAction.topicArn,
-          Encoding: snsAction.encoding || 'UTF-8',
-        },
-      })
-    }
-    const receiptRule: SESReceiptRule = {
-      Type: 'AWS::SES::ReceiptRule',
-      Properties: {
-        RuleSetName: ruleSetName,
-        Rule: {
-          Name: resourceName,
-          Enabled: enabled,
-          ScanEnabled: scanEnabled,
-          TlsPolicy: tlsPolicy,
-          Recipients: recipients,
-          Actions: actions.length > 0 ? actions : undefined,
-        },
-      },
-    }
-    return { receiptRule, logicalId }
-  }
-  /**
-   * Create MX record for receiving emails
-   */
-  static createMxRecord(
-    domain: string,
-    hostedZoneId: string,
-    region: string,
-  ): {
-      record: Route53RecordSet
-      logicalId: string
-    } {
-    const logicalId = generateLogicalId(`mx-${domain.replace(/\./g, '')}`)
-    const record: Route53RecordSet = {
-      Type: 'AWS::Route53::RecordSet',
-      Properties: {
-        HostedZoneId: hostedZoneId,
-        Name: domain,
-        Type: 'MX',
-        TTL: 300,
-        ResourceRecords: [`10 inbound-smtp.${region}.amazonaws.com`],
-      },
-    }
-    return { record, logicalId }
-  }
-  /**
-   * Create verification TXT record
-   */
-  static createVerificationRecord(
-    domain: string,
-    verificationToken: string,
-    hostedZoneId: string,
-  ): {
-      record: Route53RecordSet
-      logicalId: string
-    } {
-    const logicalId = generateLogicalId(`verification-${domain.replace(/\./g, '')}`)
-    const record: Route53RecordSet = {
-      Type: 'AWS::Route53::RecordSet',
-      Properties: {
-        HostedZoneId: hostedZoneId,
-        Name: `_amazonses.${domain}`,
-        Type: 'TXT',
-        TTL: 1800,
-        ResourceRecords: [`"${verificationToken}"`],
-      },
-    }
-    return { record, logicalId }
-  }
-  /**
-   * Get SES SMTP credentials information
-   */
-  static getSmtpEndpoint(region: string): string {
-    return `email-smtp.${region}.amazonaws.com`
-  }
-  /**
-   * Get SES SMTP port options
-   */
-  static readonly SmtpPorts = {
-    TLS: 587, // STARTTLS
-    SSL: 465, // SSL/TLS
-    Unencrypted: 25, // Not recommended
-  } as const
-  /**
-   * Create SPF record for email authentication
-   */
-  static createSpfRecord(
-    domain: string,
-    hostedZoneId: string,
-    options?: {
-      includeDomains?: string[]
-      softFail?: boolean
-    },
-  ): {
-      record: Route53RecordSet
-      logicalId: string
-    } {
-    const { includeDomains = [], softFail = false } = options || {}
-    const logicalId = generateLogicalId(`spf-${domain.replace(/\./g, '')}`)
-    // Build SPF record
-    let spfValue = 'v=spf1 include:amazonses.com'
-    for (const include of includeDomains) {
-      spfValue += ` include:${include}`
-    }
-    spfValue += softFail ? ' ~all' : ' -all'
-    const record: Route53RecordSet = {
-      Type: 'AWS::Route53::RecordSet',
-      Properties: {
-        HostedZoneId: hostedZoneId,
-        Name: domain,
-        Type: 'TXT',
-        TTL: 300,
-        ResourceRecords: [`"${spfValue}"`],
-      },
-    }
-    return { record, logicalId }
-  }
-  /**
-   * Create DMARC record for email authentication
-   */
-  static createDmarcRecord(
-    domain: string,
-    hostedZoneId: string,
-    options?: {
-      policy?: 'none' | 'quarantine' | 'reject'
-      subdomainPolicy?: 'none' | 'quarantine' | 'reject'
-      percentage?: number
-      reportingEmail?: string
-      forensicEmail?: string
-    },
-  ): {
-      record: Route53RecordSet
-      logicalId: string
-    } {
-    const {
-      policy = 'none',
-      subdomainPolicy,
-      percentage = 100,
-      reportingEmail,
-      forensicEmail,
-    } = options || {}
-    const logicalId = generateLogicalId(`dmarc-${domain.replace(/\./g, '')}`)
-    // Build DMARC record
-    let dmarcValue = `v=DMARC1; p=${policy}; pct=${percentage}`
-    if (subdomainPolicy) {
-      dmarcValue += `; sp=${subdomainPolicy}`
-    }
-    if (reportingEmail) {
-      dmarcValue += `; rua=mailto:${reportingEmail}`
-    }
-    if (forensicEmail) {
-      dmarcValue += `; ruf=mailto:${forensicEmail}`
-    }
-    const record: Route53RecordSet = {
-      Type: 'AWS::Route53::RecordSet',
-      Properties: {
-        HostedZoneId: hostedZoneId,
-        Name: `_dmarc.${domain}`,
-        Type: 'TXT',
-        TTL: 300,
-        ResourceRecords: [`"${dmarcValue}"`],
-      },
-    }
-    return { record, logicalId }
-  }
-  /**
-   * Create complete inbound email setup
-   * Includes receipt rule set, rule, and S3 storage
-   */
-  static createInboundEmailSetup(options: {
-    slug: string
-    environment: EnvironmentType
-    domain: string
-    s3BucketName: string
-    s3KeyPrefix?: string
-    region: string
-    hostedZoneId: string
-    lambdaFunctionArn?: string
-    snsTopicArn?: string
-  }): {
-    resources: Record<string, any>
-    outputs: {
-      ruleSetLogicalId: string
-      ruleLogicalId: string
-      mxRecordLogicalId: string
-    }
-  } {
-    const {
-      slug,
-      environment,
-      domain,
-      s3BucketName,
-      s3KeyPrefix = 'inbound/',
-      region,
-      hostedZoneId,
-      lambdaFunctionArn,
-      snsTopicArn,
-    } = options
-    const resources: Record<string, any> = {}
-    // Create receipt rule set
-    const { ruleSet, logicalId: ruleSetLogicalId } = Email.createReceiptRuleSet({
-      slug,
-      environment,
-    })
-    resources[ruleSetLogicalId] = ruleSet
-    // Create receipt rule
-    const { receiptRule, logicalId: ruleLogicalId } = Email.createReceiptRule(
-      ruleSetLogicalId,
-      {
-        slug,
-        environment,
-        ruleSetName: ruleSet.Properties!.RuleSetName || `${slug}-${environment}-receipt-rule-set`,
-        recipients: [domain, `@${domain}`],
-        s3Action: {
-          bucketName: s3BucketName,
-          prefix: s3KeyPrefix,
-        },
-        lambdaAction: lambdaFunctionArn ? {
-          functionArn: lambdaFunctionArn,
-          invocationType: 'Event',
-        } : undefined,
-        snsAction: snsTopicArn ? {
-          topicArn: snsTopicArn,
-        } : undefined,
-      },
-    )
-    resources[ruleLogicalId] = receiptRule
-    // Create MX record
-    const { record: mxRecord, logicalId: mxRecordLogicalId } = Email.createMxRecord(
-      domain,
-      hostedZoneId,
-      region,
-    )
-    resources[mxRecordLogicalId] = mxRecord
-    return {
-      resources,
-      outputs: {
-        ruleSetLogicalId,
-        ruleLogicalId,
-        mxRecordLogicalId,
-      },
-    }
-  }
-  /**
-   * Create complete email domain setup
-   * Includes domain verification, DKIM, SPF, DMARC, and optionally inbound email
-   */
-  static createCompleteDomainSetup(options: {
-    slug: string
-    environment: EnvironmentType
-    domain: string
-    hostedZoneId: string
-    region: string
-    enableInbound?: boolean
-    inboundS3Bucket?: string
-    dmarcReportingEmail?: string
-  }): {
-    resources: Record<string, any>
-    outputs: {
-      identityLogicalId: string
-      configSetLogicalId: string
-    }
-  } {
-    const {
-      slug,
-      environment,
-      domain,
-      hostedZoneId,
-      region,
-      enableInbound = false,
-      inboundS3Bucket,
-      dmarcReportingEmail,
-    } = options
-    const resources: Record<string, any> = {}
-    // Create email identity (domain verification)
-    const { emailIdentity, logicalId: identityLogicalId } = Email.verifyDomain({
-      domain,
-      slug,
-      environment,
-    })
-    resources[identityLogicalId] = emailIdentity
-    // Create configuration set
-    const { configurationSet, logicalId: configSetLogicalId } = Email.createConfigurationSet({
-      slug,
-      environment,
-    })
-    resources[configSetLogicalId] = configurationSet
-    // Create SPF record
-    const { record: spfRecord, logicalId: spfLogicalId } = Email.createSpfRecord(
-      domain,
-      hostedZoneId,
-    )
-    resources[spfLogicalId] = spfRecord
-    // Create DMARC record
-    const { record: dmarcRecord, logicalId: dmarcLogicalId } = Email.createDmarcRecord(
-      domain,
-      hostedZoneId,
-      {
-        policy: 'none', // Start with monitoring
-        reportingEmail: dmarcReportingEmail || `dmarc-reports@${domain}`,
-      },
-    )
-    resources[dmarcLogicalId] = dmarcRecord
-    // Create inbound email setup if enabled
-    if (enableInbound && inboundS3Bucket) {
-      const inboundSetup = Email.createInboundEmailSetup({
-        slug,
-        environment,
-        domain,
-        s3BucketName: inboundS3Bucket,
-        region,
-        hostedZoneId,
-      })
-      Object.assign(resources, inboundSetup.resources)
-    }
-    return {
-      resources,
-      outputs: {
-        identityLogicalId,
-        configSetLogicalId,
-      },
-    }
-  }
-  /**
-   * SES inbound SMTP endpoints by region
-   */
-  static readonly InboundSmtpEndpoints: Record<string, string> = {
-    'us-east-1': 'inbound-smtp.us-east-1.amazonaws.com',
-    'us-west-2': 'inbound-smtp.us-west-2.amazonaws.com',
-    'eu-west-1': 'inbound-smtp.eu-west-1.amazonaws.com',
-  }
-  /**
-   * Check if region supports SES inbound email
-   */
-  static supportsInboundEmail(region: string): boolean {
-    return region in Email.InboundSmtpEndpoints
-  }
-  /**
-   * Create IAM role for email Lambda functions
-   */
-  static createEmailLambdaRole(options: {
-    slug: string
-    environment: EnvironmentType
-    s3BucketArn: string
-    sesIdentityArn?: string
-  }): {
-    role: IAMRole
-    policy: IAMPolicy
-    roleLogicalId: string
-    policyLogicalId: string
-  } {
-    const { slug, environment, s3BucketArn, sesIdentityArn } = options
-    const resourceName = generateResourceName({
-      slug,
-      environment,
-      resourceType: 'email-lambda-role',
-    })
-    const roleLogicalId = generateLogicalId(resourceName)
-    const policyLogicalId = generateLogicalId(`${resourceName}-policy`)
-    const role: IAMRole = {
-      Type: 'AWS::IAM::Role',
-      Properties: {
-        RoleName: resourceName,
-        AssumeRolePolicyDocument: {
-          Version: '2012-10-17',
-          Statement: [
-            {
-              Effect: 'Allow',
-              Principal: {
-                Service: 'lambda.amazonaws.com',
-              },
-              Action: 'sts:AssumeRole',
-            },
-          ],
-        },
-        ManagedPolicyArns: [
-          'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole',
-        ],
-        Tags: [
-          { Key: 'Name', Value: resourceName },
-          { Key: 'Environment', Value: environment },
-        ],
-      },
-    }
-    const policyStatements: any[] = [
-      // S3 permissions for reading/writing emails
-      {
-        Effect: 'Allow',
-        Action: [
-          's3:GetObject',
-          's3:PutObject',
-          's3:DeleteObject',
-          's3:ListBucket',
-        ],
-        Resource: [
-          s3BucketArn,
-          `${s3BucketArn}/*`,
-        ],
-      },
-    ]
-    // SES permissions for sending emails
-    if (sesIdentityArn) {
-      policyStatements.push({
-        Effect: 'Allow',
-        Action: [
-          'ses:SendEmail',
-          'ses:SendRawEmail',
-        ],
-        Resource: sesIdentityArn,
-      })
-    }
-    const policy: IAMPolicy = {
-      Type: 'AWS::IAM::Policy',
-      Properties: {
-        PolicyName: `${resourceName}-policy`,
-        PolicyDocument: {
-          Version: '2012-10-17',
-          Statement: policyStatements,
-        },
-        Roles: [Fn.Ref(roleLogicalId) as unknown as string],
-      },
-    }
-    return {
-      role,
-      policy,
-      roleLogicalId,
-      policyLogicalId,
-    }
-  }
-  /**
-   * Create Lambda function for outbound email (JSON to raw email conversion)
-   * Converts JSON email payloads to raw MIME format and sends via SES
-   */
-  static createOutboundEmailLambda(options: {
-    slug: string
-    environment: EnvironmentType
-    roleArn: string
-    domain: string
-    configurationSetName?: string
-    timeout?: number
-    memorySize?: number
-  }): {
-    function: LambdaFunction
-    logicalId: string
-  } {
-    const {
-      slug,
-      environment,
-      roleArn,
-      domain,
-      configurationSetName,
-      timeout = 30,
-      memorySize = 256,
-    } = options
-    const resourceName = generateResourceName({
-      slug,
-      environment,
-      resourceType: 'outbound-email',
-    })
-    const logicalId = generateLogicalId(resourceName)
-    const lambdaFunction: LambdaFunction = {
-      Type: 'AWS::Lambda::Function',
-      Properties: {
-        FunctionName: resourceName,
-        Runtime: 'nodejs20.x',
-        Handler: 'index.handler',
-        Role: roleArn,
-        Timeout: timeout,
-        MemorySize: memorySize,
-        Environment: {
-          Variables: {
-            DOMAIN: domain,
-            CONFIGURATION_SET: configurationSetName || '',
-          },
-        },
-        Code: {
-          ZipFile: Email.LambdaCode.outboundEmail,
-        },
-        Tags: [
-          { Key: 'Name', Value: resourceName },
-          { Key: 'Environment', Value: environment },
-          { Key: 'Purpose', Value: 'OutboundEmail' },
-        ],
-      },
-    }
-    return { function: lambdaFunction, logicalId }
-  }
-  /**
-   * Create Lambda function for inbound email processing
-   * Organizes emails by From/To addresses and extracts metadata
-   */
-  static createInboundEmailLambda(options: {
-    slug: string
-    environment: EnvironmentType
-    roleArn: string
-    s3BucketName: string
-    organizedPrefix?: string
-    timeout?: number
-    memorySize?: number
-  }): {
-    function: LambdaFunction
-    permission: LambdaPermission
-    logicalId: string
-    permissionLogicalId: string
-  } {
-    const {
-      slug,
-      environment,
-      roleArn,
-      s3BucketName,
-      organizedPrefix = 'organized/',
-      timeout = 60,
-      memorySize = 512,
-    } = options
-    const resourceName = generateResourceName({
-      slug,
-      environment,
-      resourceType: 'inbound-email',
-    })
-    const logicalId = generateLogicalId(resourceName)
-    const permissionLogicalId = generateLogicalId(`${resourceName}-permission`)
-    const lambdaFunction: LambdaFunction = {
-      Type: 'AWS::Lambda::Function',
-      Properties: {
-        FunctionName: resourceName,
-        Runtime: 'nodejs20.x',
-        Handler: 'index.handler',
-        Role: roleArn,
-        Timeout: timeout,
-        MemorySize: memorySize,
-        Environment: {
-          Variables: {
-            S3_BUCKET: s3BucketName,
-            ORGANIZED_PREFIX: organizedPrefix,
-          },
-        },
-        Code: {
-          ZipFile: Email.LambdaCode.inboundEmail,
-        },
-        Tags: [
-          { Key: 'Name', Value: resourceName },
-          { Key: 'Environment', Value: environment },
-          { Key: 'Purpose', Value: 'InboundEmail' },
-        ],
-      },
-    }
-    // Permission for SES to invoke Lambda
-    const permission: LambdaPermission = {
-      Type: 'AWS::Lambda::Permission',
-      Properties: {
-        FunctionName: Fn.Ref(logicalId) as unknown as string,
-        Action: 'lambda:InvokeFunction',
-        Principal: 'ses.amazonaws.com',
-        SourceAccount: Fn.Ref('AWS::AccountId') as unknown as string,
-      },
-    }
-    return {
-      function: lambdaFunction,
-      permission,
-      logicalId,
-      permissionLogicalId,
-    }
-  }
-  /**
-   * Create Lambda function for email conversion
-   * Converts raw MIME emails to HTML/text format
-   */
-  static createEmailConversionLambda(options: {
-    slug: string
-    environment: EnvironmentType
-    roleArn: string
-    s3BucketName: string
-    convertedPrefix?: string
-    timeout?: number
-    memorySize?: number
-  }): {
-    function: LambdaFunction
-    logicalId: string
-  } {
-    const {
-      slug,
-      environment,
-      roleArn,
-      s3BucketName,
-      convertedPrefix = 'converted/',
-      timeout = 60,
-      memorySize = 512,
-    } = options
-    const resourceName = generateResourceName({
-      slug,
-      environment,
-      resourceType: 'email-conversion',
-    })
-    const logicalId = generateLogicalId(resourceName)
-    const lambdaFunction: LambdaFunction = {
-      Type: 'AWS::Lambda::Function',
-      Properties: {
-        FunctionName: resourceName,
-        Runtime: 'nodejs20.x',
-        Handler: 'index.handler',
-        Role: roleArn,
-        Timeout: timeout,
-        MemorySize: memorySize,
-        Environment: {
-          Variables: {
-            S3_BUCKET: s3BucketName,
-            CONVERTED_PREFIX: convertedPrefix,
-          },
-        },
-        Code: {
-          ZipFile: Email.LambdaCode.emailConversion,
-        },
-        Tags: [
-          { Key: 'Name', Value: resourceName },
-          { Key: 'Environment', Value: environment },
-          { Key: 'Purpose', Value: 'EmailConversion' },
-        ],
-      },
-    }
-    return { function: lambdaFunction, logicalId }
-  }
-  /**
-   * Create S3 bucket notification configuration for email processing
-   */
-  static createEmailBucketNotification(options: {
-    bucketLogicalId: string
-    lambdaArn: string
-    prefix?: string
-    suffix?: string
-    events?: string[]
-  }): {
-    notificationConfiguration: NonNullable<NonNullable<S3Bucket['Properties']>['NotificationConfiguration']>
-  } {
-    const {
-      lambdaArn,
-      prefix = 'inbound/',
-      suffix,
-      events = ['s3:ObjectCreated:*'],
-    } = options
-    const filter: any = {}
-    if (prefix || suffix) {
-      filter.S3Key = {
-        Rules: [],
-      }
-      if (prefix) {
-        filter.S3Key.Rules.push({ Name: 'prefix', Value: prefix })
-      }
-      if (suffix) {
-        filter.S3Key.Rules.push({ Name: 'suffix', Value: suffix })
-      }
-    }
-    const notificationConfiguration = {
-      LambdaConfigurations: [
-        {
-          Event: events[0],
-          Function: lambdaArn,
-          Filter: Object.keys(filter).length > 0 ? filter : undefined,
-        },
-      ],
-    }
-    return { notificationConfiguration }
-  }
-  /**
-   * Create Lambda permission for S3 to invoke email processing Lambda
-   */
-  static createS3LambdaPermission(options: {
-    slug: string
-    environment: EnvironmentType
-    lambdaLogicalId: string
-    s3BucketArn: string
-  }): {
-    permission: LambdaPermission
-    logicalId: string
-  } {
-    const { slug, environment, lambdaLogicalId, s3BucketArn } = options
-    const resourceName = generateResourceName({
-      slug,
-      environment,
-      resourceType: 's3-lambda-permission',
-    })
-    const logicalId = generateLogicalId(resourceName)
-    const permission: LambdaPermission = {
-      Type: 'AWS::Lambda::Permission',
-      Properties: {
-        FunctionName: Fn.Ref(lambdaLogicalId) as unknown as string,
-        Action: 'lambda:InvokeFunction',
-        Principal: 's3.amazonaws.com',
-        SourceArn: s3BucketArn,
-      },
-    }
-    return { permission, logicalId }
-  }
-  /**
-   * Create complete email processing stack
-   * Includes all Lambda functions, IAM roles, and S3 notifications
-   */
-  static createEmailProcessingStack(options: {
-    slug: string
-    environment: EnvironmentType
-    domain: string
-    s3BucketName: string
-    s3BucketArn: string
-    configurationSetName?: string
-    enableInbound?: boolean
-    enableConversion?: boolean
-  }): {
-    resources: Record<string, any>
-    outputs: {
-      roleLogicalId: string
-      outboundLambdaLogicalId: string
-      inboundLambdaLogicalId?: string
-      conversionLambdaLogicalId?: string
-    }
-  } {
-    const {
-      slug,
-      environment,
-      domain,
-      s3BucketName,
-      s3BucketArn,
-      configurationSetName,
-      enableInbound = true,
-      enableConversion = true,
-    } = options
-    const resources: Record<string, any> = {}
-    // Create IAM role
-    const { role, policy, roleLogicalId, policyLogicalId } = Email.createEmailLambdaRole({
-      slug,
-      environment,
-      s3BucketArn,
-      sesIdentityArn: `arn:aws:ses:*:*:identity/${domain}`,
-    })
-    resources[roleLogicalId] = role
-    resources[policyLogicalId] = policy
-    // Create outbound email Lambda
-    const { function: outboundLambda, logicalId: outboundLambdaLogicalId } = Email.createOutboundEmailLambda({
-      slug,
-      environment,
-      roleArn: Fn.GetAtt(roleLogicalId, 'Arn') as unknown as string,
-      domain,
-      configurationSetName,
-    })
-    resources[outboundLambdaLogicalId] = outboundLambda
-    const outputs: any = {
-      roleLogicalId,
-      outboundLambdaLogicalId,
-    }
-    // Create inbound email Lambda if enabled
-    if (enableInbound) {
-      const {
-        function: inboundLambda,
-        permission: sesPermission,
-        logicalId: inboundLambdaLogicalId,
-        permissionLogicalId: sesPermissionLogicalId,
-      } = Email.createInboundEmailLambda({
-        slug,
-        environment,
-        roleArn: Fn.GetAtt(roleLogicalId, 'Arn') as unknown as string,
-        s3BucketName,
-      })
-      resources[inboundLambdaLogicalId] = inboundLambda
-      resources[sesPermissionLogicalId] = sesPermission
-      // S3 permission for inbound Lambda
-      const { permission: s3Permission, logicalId: s3PermissionLogicalId } = Email.createS3LambdaPermission({
-        slug,
-        environment,
-        lambdaLogicalId: inboundLambdaLogicalId,
-        s3BucketArn,
-      })
-      resources[s3PermissionLogicalId] = s3Permission
-      outputs.inboundLambdaLogicalId = inboundLambdaLogicalId
-    }
-    // Create conversion Lambda if enabled
-    if (enableConversion) {
-      const { function: conversionLambda, logicalId: conversionLambdaLogicalId } = Email.createEmailConversionLambda({
-        slug,
-        environment,
-        roleArn: Fn.GetAtt(roleLogicalId, 'Arn') as unknown as string,
-        s3BucketName,
-      })
-      resources[conversionLambdaLogicalId] = conversionLambda
-      outputs.conversionLambdaLogicalId = conversionLambdaLogicalId
-    }
-    return { resources, outputs }
-  }
-  /**
-   * Lambda function code for email processing
-   */
-  static readonly LambdaCode = {
-    /**
-     * Outbound email Lambda - JSON to raw email conversion
-     */
-    outboundEmail: `
-const { SESClient, SendRawEmailCommand } = require('@aws-sdk/client-ses');
-const ses = new SESClient({});
-exports.handler = async (event) => {
-  console.log('Processing outbound email:', JSON.stringify(event));
-  const {
-    to,
-    from,
-    subject,
-    html,
-    text,
-    cc,
-    bcc,
-    replyTo,
-    attachments = []
-  } = event;
-  const domain = process.env.DOMAIN;
-  const configSet = process.env.CONFIGURATION_SET;
-  // Build MIME message
-  const boundary = 'NextPart_' + Date.now().toString(16);
-  const fromAddress = from || \`noreply@\${domain}\`;
-  let rawEmail = '';
-  rawEmail += \`From: \${fromAddress}\\r\\n\`;
-  rawEmail += \`To: \${Array.isArray(to) ? to.join(', ') : to}\\r\\n\`;
-  if (cc) rawEmail += \`Cc: \${Array.isArray(cc) ? cc.join(', ') : cc}\\r\\n\`;
-  if (bcc) rawEmail += \`Bcc: \${Array.isArray(bcc) ? bcc.join(', ') : bcc}\\r\\n\`;
-  if (replyTo) rawEmail += \`Reply-To: \${replyTo}\\r\\n\`;
-  rawEmail += \`Subject: \${subject}\\r\\n\`;
-  rawEmail += 'MIME-Version: 1.0\\r\\n';
-  rawEmail += \`Content-Type: multipart/mixed; boundary="\${boundary}"\\r\\n\\r\\n\`;
-  // Text/HTML content
-  rawEmail += \`--\${boundary}\\r\\n\`;
-  rawEmail += 'Content-Type: multipart/alternative; boundary="alt_boundary"\\r\\n\\r\\n';
-  if (text) {
-    rawEmail += '--alt_boundary\\r\\n';
-    rawEmail += 'Content-Type: text/plain; charset=UTF-8\\r\\n\\r\\n';
-    rawEmail += text + '\\r\\n\\r\\n';
-  }
-  if (html) {
-    rawEmail += '--alt_boundary\\r\\n';
-    rawEmail += 'Content-Type: text/html; charset=UTF-8\\r\\n\\r\\n';
-    rawEmail += html + '\\r\\n\\r\\n';
-  }
-  rawEmail += '--alt_boundary--\\r\\n';
-  // Attachments
-  for (const attachment of attachments) {
-    rawEmail += \`--\${boundary}\\r\\n\`;
-    rawEmail += \`Content-Type: \${attachment.contentType || 'application/octet-stream'}; name="\${attachment.filename}"\\r\\n\`;
-    rawEmail += 'Content-Transfer-Encoding: base64\\r\\n';
-    rawEmail += \`Content-Disposition: attachment; filename="\${attachment.filename}"\\r\\n\\r\\n\`;
-    rawEmail += attachment.content + '\\r\\n';
-  }
-  rawEmail += \`--\${boundary}--\\r\\n\`;
-  const params = {
-    RawMessage: { Data: Buffer.from(rawEmail) },
-    Source: fromAddress,
-    Destinations: [
-      ...(Array.isArray(to) ? to : [to]),
-      ...(cc ? (Array.isArray(cc) ? cc : [cc]) : []),
-      ...(bcc ? (Array.isArray(bcc) ? bcc : [bcc]) : [])
-    ]
-  };
-  if (configSet) {
-    params.ConfigurationSetName = configSet;
-  }
-  const result = await ses.send(new SendRawEmailCommand(params));
-  return {
-    statusCode: 200,
-    body: JSON.stringify({ messageId: result.MessageId })
-  };
-};
-`,
-    /**
-     * Inbound email Lambda - Email organization by From/To
-     */
-    inboundEmail: `
-const { S3Client, GetObjectCommand, PutObjectCommand } = require('@aws-sdk/client-s3');
-const s3 = new S3Client({});
-exports.handler = async (event) => {
-  console.log('Processing inbound email:', JSON.stringify(event));
-  const bucket = process.env.S3_BUCKET;
-  const organizedPrefix = process.env.ORGANIZED_PREFIX || 'organized/';
-  // Handle SES notification
-  let records = [];
-  if (event.Records) {
-    // S3 notification
-    records = event.Records;
-  } else if (event.mail) {
-    // Direct SES notification
-    records = [{ ses: { mail: event.mail } }];
-  }
-  for (const record of records) {
-    let mailData;
-    let objectKey;
-    if (record.s3) {
-      // S3 event - read the email from S3
-      objectKey = decodeURIComponent(record.s3.object.key.replace(/\\+/g, ' '));
-      const response = await s3.send(new GetObjectCommand({
-        Bucket: bucket,
-        Key: objectKey
-      }));
-      const rawEmail = await response.Body.transformToString();
-      mailData = parseEmailHeaders(rawEmail);
-    } else if (record.ses) {
-      mailData = record.ses.mail;
-      objectKey = record.ses.mail.messageId;
-    }
-    if (!mailData) continue;
-    // Extract sender and recipients
-    const from = extractEmail(mailData.commonHeaders?.from?.[0] || mailData.source || 'unknown');
-    const to = mailData.commonHeaders?.to || mailData.destination || [];
-    const subject = mailData.commonHeaders?.subject || 'No Subject';
-    const date = mailData.timestamp || new Date().toISOString();
-    // Create organized paths
-    const dateFolder = date.slice(0, 10).replace(/-/g, '/');
-    // Organize by recipient
-    for (const recipient of to) {
-      const recipientEmail = extractEmail(recipient);
-      const organizedKey = \`\${organizedPrefix}by-recipient/\${recipientEmail}/\${dateFolder}/\${sanitizeFilename(subject)}_\${objectKey}\`;
-      await copyOrCreateMetadata(bucket, objectKey, organizedKey, {
-        from,
-        to: recipientEmail,
-        subject,
-        date
-      });
-    }
-    // Organize by sender
-    const senderKey = \`\${organizedPrefix}by-sender/\${from}/\${dateFolder}/\${sanitizeFilename(subject)}_\${objectKey}\`;
-    await copyOrCreateMetadata(bucket, objectKey, senderKey, {
-      from,
-      to: to.join(', '),
-      subject,
-      date
-    });
-    console.log(\`Organized email from \${from} to \${to.join(', ')}: \${subject}\`);
-  }
-  return { statusCode: 200, body: 'Emails organized successfully' };
-};
-function parseEmailHeaders(rawEmail) {
-  const headers = {};
-  const lines = rawEmail.split('\\r\\n');
-  for (let i = 0; i < lines.length; i++) {
-    const line = lines[i];
-    if (line === '') break; // Headers end at empty line
-    const match = line.match(/^([^:]+):\\s*(.*)$/);
-    if (match) {
-      const [, key, value] = match;
-      headers[key.toLowerCase()] = value;
-    }
-  }
-  return {
-    commonHeaders: {
-      from: headers.from ? [headers.from] : [],
-      to: headers.to ? headers.to.split(',').map(s => s.trim()) : [],
-      subject: headers.subject
-    },
-    timestamp: headers.date
-  };
-}
-function extractEmail(str) {
-  const match = str.match(/<([^>]+)>/);
-  return (match ? match[1] : str).toLowerCase().trim();
-}
-function sanitizeFilename(str) {
-  return str.replace(/[^a-zA-Z0-9-_]/g, '_').slice(0, 50);
-}
-async function copyOrCreateMetadata(bucket, sourceKey, destKey, metadata) {
-  try {
-    await s3.send(new PutObjectCommand({
-      Bucket: bucket,
-      Key: destKey + '.json',
-      Body: JSON.stringify({ ...metadata, sourceKey }, null, 2),
-      ContentType: 'application/json'
-    }));
-  } catch (error) {
-    console.error('Error creating metadata:', error);
-  }
-}
-`,
-    /**
-     * Email conversion Lambda - Raw to HTML/text
-     */
-    emailConversion: `
-const { S3Client, GetObjectCommand, PutObjectCommand } = require('@aws-sdk/client-s3');
-const s3 = new S3Client({});
-exports.handler = async (event) => {
-  console.log('Processing email conversion:', JSON.stringify(event));
-  const bucket = process.env.S3_BUCKET;
-  const convertedPrefix = process.env.CONVERTED_PREFIX || 'converted/';
-  for (const record of event.Records || []) {
-    const objectKey = decodeURIComponent(record.s3.object.key.replace(/\\+/g, ' '));
-    // Get the raw email
-    const response = await s3.send(new GetObjectCommand({
-      Bucket: bucket,
-      Key: objectKey
-    }));
-    const rawEmail = await response.Body.transformToString();
-    const parsed = parseEmail(rawEmail);
-    // Save HTML version if exists
-    if (parsed.html) {
-      await s3.send(new PutObjectCommand({
-        Bucket: bucket,
-        Key: \`\${convertedPrefix}\${objectKey}.html\`,
-        Body: parsed.html,
-        ContentType: 'text/html'
-      }));
-    }
-    // Save text version if exists
-    if (parsed.text) {
-      await s3.send(new PutObjectCommand({
-        Bucket: bucket,
-        Key: \`\${convertedPrefix}\${objectKey}.txt\`,
-        Body: parsed.text,
-        ContentType: 'text/plain'
-      }));
-    }
-    // Save metadata
-    await s3.send(new PutObjectCommand({
-      Bucket: bucket,
-      Key: \`\${convertedPrefix}\${objectKey}.json\`,
-      Body: JSON.stringify({
-        from: parsed.headers.from,
-        to: parsed.headers.to,
-        subject: parsed.headers.subject,
-        date: parsed.headers.date,
-        attachments: parsed.attachments.map(a => ({
-          filename: a.filename,
-          contentType: a.contentType,
-          size: a.size
-        }))
-      }, null, 2),
-      ContentType: 'application/json'
-    }));
-    // Save attachments
-    for (const attachment of parsed.attachments) {
-      await s3.send(new PutObjectCommand({
-        Bucket: bucket,
-        Key: \`\${convertedPrefix}\${objectKey}/attachments/\${attachment.filename}\`,
-        Body: Buffer.from(attachment.content, 'base64'),
-        ContentType: attachment.contentType
-      }));
-    }
-    console.log(\`Converted email: \${objectKey}\`);
-  }
-  return { statusCode: 200, body: 'Emails converted successfully' };
-};
-function parseEmail(rawEmail) {
-  const result = {
-    headers: {},
-    text: '',
-    html: '',
-    attachments: []
-  };
-  // Split headers and body
-  const parts = rawEmail.split('\\r\\n\\r\\n');
-  const headerSection = parts[0];
-  const body = parts.slice(1).join('\\r\\n\\r\\n');
-  // Parse headers
-  const headerLines = headerSection.split('\\r\\n');
-  let currentHeader = '';
-  let currentValue = '';
-  for (const line of headerLines) {
-    if (line.match(/^\\s/)) {
-      currentValue += ' ' + line.trim();
-    } else {
-      if (currentHeader) {
-        result.headers[currentHeader.toLowerCase()] = currentValue;
-      }
-      const match = line.match(/^([^:]+):\\s*(.*)$/);
-      if (match) {
-        currentHeader = match[1];
-        currentValue = match[2];
-      }
-    }
-  }
-  if (currentHeader) {
-    result.headers[currentHeader.toLowerCase()] = currentValue;
-  }
-  // Parse body based on content type
-  const contentType = result.headers['content-type'] || 'text/plain';
-  if (contentType.includes('multipart')) {
-    const boundaryMatch = contentType.match(/boundary="?([^";\\s]+)"?/);
-    if (boundaryMatch) {
-      const boundary = boundaryMatch[1];
-      const bodyParts = body.split('--' + boundary);
-      for (const part of bodyParts) {
-        if (part.trim() === '' || part.trim() === '--') continue;
-        const [partHeaders, ...partBody] = part.split('\\r\\n\\r\\n');
-        const partContent = partBody.join('\\r\\n\\r\\n');
-        const partContentType = partHeaders.match(/Content-Type:\\s*([^;\\r\\n]+)/i)?.[1] || '';
-        if (partContentType.includes('text/plain')) {
-          result.text = decodeContent(partContent, partHeaders);
-        } else if (partContentType.includes('text/html')) {
-          result.html = decodeContent(partContent, partHeaders);
-        } else if (partHeaders.toLowerCase().includes('content-disposition: attachment')) {
-          const filenameMatch = partHeaders.match(/filename="?([^"\\r\\n]+)"?/i);
-          result.attachments.push({
-            filename: filenameMatch?.[1] || 'attachment',
-            contentType: partContentType,
-            content: partContent.trim(),
-            size: partContent.length
-          });
-        }
-      }
-    }
-  } else if (contentType.includes('text/html')) {
-    result.html = body;
-  } else {
-    result.text = body;
-  }
-  return result;
-}
-function decodeContent(content, headers) {
-  const encoding = headers.match(/Content-Transfer-Encoding:\\s*([^\\r\\n]+)/i)?.[1]?.toLowerCase();
-  if (encoding === 'base64') {
-    return Buffer.from(content.replace(/\\s/g, ''), 'base64').toString('utf-8');
-  } else if (encoding === 'quoted-printable') {
-    return content.replace(/=([0-9A-F]{2})/gi, (_, hex) => String.fromCharCode(parseInt(hex, 16)))
-                  .replace(/=\\r?\\n/g, '');
-  }
-  return content;
-}
-`,
-  }
-}