npm - @stacksjs/ts-cloud-core - Versions diffs - 0.1.3 → 0.1.7 - Mend

@stacksjs/ts-cloud-core 0.1.3 → 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (458) hide show

package/README.md +98 -13
package/dist/advanced-features.test.d.ts +0 -0
package/dist/aws/cloudformation.d.ts +69 -0
package/dist/aws/cloudfront.d.ts +21 -0
package/dist/aws/credentials.d.ts +66 -0
package/dist/aws/credentials.test.d.ts +0 -0
package/{src/aws/index.ts → dist/aws/index.d.ts} +37 -51
package/dist/aws/s3.d.ts +130 -0
package/dist/aws/s3.test.d.ts +0 -0
package/dist/aws/signature.d.ts +101 -0
package/dist/aws/signature.test.d.ts +0 -0
package/dist/backup/disaster-recovery.d.ts +98 -0
package/dist/backup/disaster-recovery.test.d.ts +0 -0
package/{src/backup/index.ts → dist/backup/index.d.ts} +10 -20
package/dist/backup/manager.d.ts +112 -0
package/dist/backup/manager.test.d.ts +0 -0
package/dist/cicd/circleci.d.ts +47 -0
package/dist/cicd/github-actions.d.ts +55 -0
package/dist/cicd/gitlab-ci.d.ts +46 -0
package/dist/cicd/index.d.ts +3 -0
package/dist/cli/history.d.ts +66 -0
package/dist/cli/index.d.ts +5 -0
package/dist/cli/progress.d.ts +97 -0
package/dist/cli/repl.d.ts +76 -0
package/dist/cli/suggestions.d.ts +67 -0
package/dist/cli/table.d.ts +70 -0
package/dist/cli/table.test.d.ts +0 -0
package/dist/cloudformation/builder.d.ts +59 -0
package/dist/cloudformation/builder.test.d.ts +0 -0
package/dist/cloudformation/builders/api-gateway.d.ts +30 -0
package/dist/cloudformation/builders/cache.d.ts +35 -0
package/dist/cloudformation/builders/cdn.d.ts +34 -0
package/dist/cloudformation/builders/compute.d.ts +66 -0
package/dist/cloudformation/builders/database.d.ts +61 -0
package/dist/cloudformation/builders/functions.d.ts +32 -0
package/dist/cloudformation/builders/messaging.d.ts +17 -0
package/dist/cloudformation/builders/monitoring.d.ts +36 -0
package/dist/cloudformation/builders/network.d.ts +14 -0
package/dist/cloudformation/builders/queue.d.ts +8 -0
package/dist/cloudformation/builders/security.d.ts +31 -0
package/dist/cloudformation/builders/storage.d.ts +8 -0
package/dist/cloudformation/index.d.ts +24 -0
package/dist/cloudformation/types.d.ts +132 -0
package/dist/compliance/aws-config.d.ts +88 -0
package/dist/compliance/cloudtrail.d.ts +96 -0
package/dist/compliance/compliance.test.d.ts +0 -0
package/dist/compliance/guardduty.d.ts +110 -0
package/{src/compliance/index.ts → dist/compliance/index.d.ts} +20 -36
package/dist/compliance/security-hub.d.ts +110 -0
package/dist/containers/build-optimization.d.ts +110 -0
package/dist/containers/containers.test.d.ts +0 -0
package/dist/containers/image-scanning.d.ts +96 -0
package/dist/containers/index.d.ts +4 -0
package/dist/containers/registry.d.ts +99 -0
package/dist/containers/service-mesh.d.ts +206 -0
package/dist/database/database.test.d.ts +0 -0
package/dist/database/index.d.ts +4 -0
package/dist/database/migrations.d.ts +102 -0
package/dist/database/performance.d.ts +168 -0
package/dist/database/replicas.d.ts +146 -0
package/dist/database/users.d.ts +102 -0
package/dist/dependency-graph.d.ts +19 -0
package/dist/deployment/ab-testing.d.ts +114 -0
package/dist/deployment/blue-green.d.ts +98 -0
package/dist/deployment/canary.d.ts +103 -0
package/dist/deployment/deployment.test.d.ts +0 -0
package/{src/deployment/index.ts → dist/deployment/index.d.ts} +20 -36
package/dist/deployment/progressive.d.ts +34 -0
package/dist/dns/dns.test.d.ts +0 -0
package/dist/dns/dnssec.d.ts +75 -0
package/dist/dns/index.d.ts +3 -0
package/dist/dns/resolver.d.ts +150 -0
package/dist/dns/routing.d.ts +217 -0
package/dist/email/advanced/analytics.d.ts +78 -0
package/dist/email/advanced/index.d.ts +7 -0
package/dist/email/advanced/rules.d.ts +60 -0
package/dist/email/advanced/scheduling.d.ts +63 -0
package/dist/email/advanced/search.d.ts +76 -0
package/dist/email/advanced/shared-mailboxes.d.ts +66 -0
package/dist/email/advanced/templates.d.ts +39 -0
package/dist/email/advanced/threading.d.ts +53 -0
package/dist/email/analytics.d.ts +144 -0
package/dist/email/bounce-handling.d.ts +120 -0
package/dist/email/email.test.d.ts +0 -0
package/dist/email/handlers/__tests__/inbound.test.d.ts +0 -0
package/dist/email/handlers/__tests__/outbound.test.d.ts +0 -0
package/{src/email/handlers/converter.ts → dist/email/handlers/converter.d.ts} +3 -5
package/{src/email/handlers/feedback.ts → dist/email/handlers/feedback.d.ts} +3 -5
package/{src/email/handlers/inbound.ts → dist/email/handlers/inbound.d.ts} +3 -5
package/{src/email/handlers/outbound.ts → dist/email/handlers/outbound.d.ts} +3 -5
package/dist/email/index.d.ts +6 -0
package/dist/email/reputation.d.ts +97 -0
package/dist/email/templates.d.ts +82 -0
package/dist/errors/index.d.ts +186 -0
package/dist/errors/index.test.d.ts +0 -0
package/dist/health-checks/index.d.ts +35 -0
package/dist/index.d.ts +256 -0
package/dist/index.js +63499 -0
package/dist/intrinsic-functions.d.ts +37 -0
package/dist/lambda/concurrency.d.ts +98 -0
package/dist/lambda/destinations.d.ts +99 -0
package/dist/lambda/dlq.d.ts +109 -0
package/dist/lambda/index.d.ts +6 -0
package/dist/lambda/lambda.test.d.ts +0 -0
package/dist/lambda/layers.d.ts +81 -0
package/dist/lambda/versions.d.ts +91 -0
package/dist/lambda/vpc.d.ts +116 -0
package/dist/local/config.d.ts +44 -0
package/dist/local/index.d.ts +2 -0
package/dist/local/mock-aws.d.ts +60 -0
package/dist/modules/ai.d.ts +47 -0
package/dist/modules/api.d.ts +98 -0
package/dist/modules/auth.d.ts +165 -0
package/dist/modules/cache.d.ts +73 -0
package/dist/modules/cdn.d.ts +125 -0
package/dist/modules/communication.d.ts +98 -0
package/dist/modules/compute.d.ts +309 -0
package/dist/modules/database.d.ts +105 -0
package/dist/modules/deployment.d.ts +181 -0
package/dist/modules/dns.d.ts +45 -0
package/dist/modules/email.d.ts +217 -0
package/dist/modules/filesystem.d.ts +94 -0
package/dist/modules/index.d.ts +27 -0
package/dist/modules/messaging.d.ts +108 -0
package/dist/modules/monitoring.d.ts +127 -0
package/dist/modules/network.d.ts +102 -0
package/dist/modules/parameter-store.d.ts +33 -0
package/dist/modules/permissions.d.ts +132 -0
package/dist/modules/phone.d.ts +80 -0
package/dist/modules/queue.d.ts +210 -0
package/dist/modules/redirects.d.ts +59 -0
package/dist/modules/registry.d.ts +73 -0
package/dist/modules/search.d.ts +56 -0
package/dist/modules/secrets.d.ts +80 -0
package/dist/modules/security.d.ts +100 -0
package/dist/modules/sms.d.ts +52 -0
package/dist/modules/storage.d.ts +160 -0
package/dist/modules/workflow.d.ts +205 -0
package/dist/multi-account/config.d.ts +315 -0
package/dist/multi-account/index.d.ts +2 -0
package/dist/multi-account/manager.d.ts +100 -0
package/dist/multi-region/cross-region.d.ts +114 -0
package/dist/multi-region/index.d.ts +3 -0
package/dist/multi-region/manager.d.ts +72 -0
package/dist/multi-region/regions.d.ts +98 -0
package/dist/network-security/index.d.ts +39 -0
package/dist/observability/index.d.ts +4 -0
package/dist/observability/logs.d.ts +129 -0
package/dist/observability/metrics.d.ts +153 -0
package/dist/observability/observability.test.d.ts +0 -0
package/dist/observability/synthetics.d.ts +146 -0
package/dist/observability/xray.d.ts +129 -0
package/dist/phone/advanced/analytics.d.ts +66 -0
package/dist/phone/advanced/callbacks.d.ts +50 -0
package/dist/phone/advanced/index.d.ts +4 -0
package/dist/phone/advanced/ivr-builder.d.ts +83 -0
package/dist/phone/advanced/recording.d.ts +48 -0
package/dist/phone/handlers/__tests__/incoming-call.test.d.ts +0 -0
package/{src/phone/handlers/incoming-call.ts → dist/phone/handlers/incoming-call.d.ts} +3 -5
package/{src/phone/handlers/missed-call.ts → dist/phone/handlers/missed-call.d.ts} +3 -5
package/{src/phone/handlers/voicemail.ts → dist/phone/handlers/voicemail.d.ts} +3 -5
package/dist/phone/index.d.ts +2 -0
package/dist/presets/api-backend.d.ts +11 -0
package/dist/presets/data-pipeline.d.ts +11 -0
package/{src/presets/extend.ts → dist/presets/extend.d.ts} +11 -114
package/dist/presets/extend.test.d.ts +0 -0
package/dist/presets/fullstack-app.d.ts +12 -0
package/dist/presets/index.d.ts +24 -0
package/dist/presets/jamstack.d.ts +12 -0
package/dist/presets/microservices.d.ts +18 -0
package/dist/presets/ml-api.d.ts +13 -0
package/dist/presets/nodejs-server.d.ts +14 -0
package/dist/presets/nodejs-serverless.d.ts +14 -0
package/dist/presets/realtime-app.d.ts +11 -0
package/dist/presets/static-site.d.ts +12 -0
package/dist/presets/traditional-web-app.d.ts +16 -0
package/dist/presets/wordpress.d.ts +12 -0
package/dist/preview/github.d.ts +32 -0
package/dist/preview/github.test.d.ts +0 -0
package/{src/preview/index.ts → dist/preview/index.d.ts} +16 -26
package/dist/preview/manager.d.ts +58 -0
package/dist/preview/manager.test.d.ts +0 -0
package/dist/preview/notifications.d.ts +55 -0
package/dist/preview/notifications.test.d.ts +0 -0
package/dist/queue/batch-processing.d.ts +87 -0
package/dist/queue/dlq-monitoring.d.ts +95 -0
package/dist/queue/fifo.d.ts +90 -0
package/dist/queue/index.d.ts +4 -0
package/dist/queue/management.d.ts +105 -0
package/dist/queue/queue.test.d.ts +0 -0
package/dist/resource-mgmt/index.d.ts +29 -0
package/dist/resource-naming.d.ts +26 -0
package/dist/s3/index.d.ts +173 -0
package/dist/schema/index.d.ts +9 -0
package/dist/security/certificate-manager.d.ts +121 -0
package/dist/security/index.d.ts +4 -0
package/dist/security/scanning.d.ts +147 -0
package/dist/security/secrets-manager.d.ts +144 -0
package/dist/security/secrets-rotation.d.ts +115 -0
package/dist/security/security.test.d.ts +0 -0
package/dist/sms/advanced/ab-testing.d.ts +54 -0
package/dist/sms/advanced/analytics.d.ts +56 -0
package/dist/sms/advanced/campaigns.d.ts +82 -0
package/dist/sms/advanced/chatbot.d.ts +48 -0
package/dist/sms/advanced/index.d.ts +6 -0
package/dist/sms/advanced/link-tracking.d.ts +42 -0
package/dist/sms/advanced/mms.d.ts +35 -0
package/dist/sms/handlers/__tests__/send.test.d.ts +0 -0
package/{src/sms/handlers/delivery-status.ts → dist/sms/handlers/delivery-status.d.ts} +3 -5
package/{src/sms/handlers/receive.ts → dist/sms/handlers/receive.d.ts} +3 -5
package/{src/sms/handlers/send.ts → dist/sms/handlers/send.d.ts} +3 -5
package/dist/sms/index.d.ts +2 -0
package/dist/stack-diff.d.ts +34 -0
package/dist/static-site/index.d.ts +49 -0
package/dist/template-builder.d.ts +14 -0
package/dist/template-validator.d.ts +24 -0
package/dist/utils/cache.d.ts +55 -0
package/dist/utils/diff.d.ts +48 -0
package/dist/utils/hash.d.ts +58 -0
package/dist/utils/index.d.ts +4 -0
package/dist/utils/parallel.d.ts +60 -0
package/dist/validators/credentials.d.ts +23 -0
package/dist/validators/credentials.test.d.ts +0 -0
package/dist/validators/quotas.d.ts +60 -0
package/dist/validators/quotas.test.d.ts +0 -0
package/package.json +13 -4
package/src/advanced-features.test.ts +0 -465
package/src/aws/cloudformation.ts +0 -421
package/src/aws/cloudfront.ts +0 -158
package/src/aws/credentials.test.ts +0 -132
package/src/aws/credentials.ts +0 -545
package/src/aws/s3.test.ts +0 -188
package/src/aws/s3.ts +0 -1088
package/src/aws/signature.test.ts +0 -670
package/src/aws/signature.ts +0 -1155
package/src/backup/disaster-recovery.test.ts +0 -726
package/src/backup/disaster-recovery.ts +0 -500
package/src/backup/manager.test.ts +0 -498
package/src/backup/manager.ts +0 -432
package/src/cicd/circleci.ts +0 -430
package/src/cicd/github-actions.ts +0 -424
package/src/cicd/gitlab-ci.ts +0 -255
package/src/cicd/index.ts +0 -8
package/src/cli/history.ts +0 -396
package/src/cli/index.ts +0 -10
package/src/cli/progress.ts +0 -458
package/src/cli/repl.ts +0 -454
package/src/cli/suggestions.ts +0 -327
package/src/cli/table.test.ts +0 -319
package/src/cli/table.ts +0 -332
package/src/cloudformation/builder.test.ts +0 -327
package/src/cloudformation/builder.ts +0 -378
package/src/cloudformation/builders/api-gateway.ts +0 -449
package/src/cloudformation/builders/cache.ts +0 -334
package/src/cloudformation/builders/cdn.ts +0 -278
package/src/cloudformation/builders/compute.ts +0 -485
package/src/cloudformation/builders/database.ts +0 -392
package/src/cloudformation/builders/functions.ts +0 -343
package/src/cloudformation/builders/messaging.ts +0 -140
package/src/cloudformation/builders/monitoring.ts +0 -300
package/src/cloudformation/builders/network.ts +0 -264
package/src/cloudformation/builders/queue.ts +0 -147
package/src/cloudformation/builders/security.ts +0 -399
package/src/cloudformation/builders/storage.ts +0 -285
package/src/cloudformation/index.ts +0 -30
package/src/cloudformation/types.ts +0 -173
package/src/compliance/aws-config.ts +0 -543
package/src/compliance/cloudtrail.ts +0 -376
package/src/compliance/compliance.test.ts +0 -423
package/src/compliance/guardduty.ts +0 -446
package/src/compliance/security-hub.ts +0 -456
package/src/containers/build-optimization.ts +0 -416
package/src/containers/containers.test.ts +0 -508
package/src/containers/image-scanning.ts +0 -360
package/src/containers/index.ts +0 -9
package/src/containers/registry.ts +0 -293
package/src/containers/service-mesh.ts +0 -520
package/src/database/database.test.ts +0 -762
package/src/database/index.ts +0 -9
package/src/database/migrations.ts +0 -444
package/src/database/performance.ts +0 -528
package/src/database/replicas.ts +0 -534
package/src/database/users.ts +0 -494
package/src/dependency-graph.ts +0 -143
package/src/deployment/ab-testing.ts +0 -582
package/src/deployment/blue-green.ts +0 -452
package/src/deployment/canary.ts +0 -500
package/src/deployment/deployment.test.ts +0 -526
package/src/deployment/progressive.ts +0 -62
package/src/dns/dns.test.ts +0 -641
package/src/dns/dnssec.ts +0 -315
package/src/dns/index.ts +0 -8
package/src/dns/resolver.ts +0 -496
package/src/dns/routing.ts +0 -593
package/src/email/advanced/analytics.ts +0 -445
package/src/email/advanced/index.ts +0 -11
package/src/email/advanced/rules.ts +0 -465
package/src/email/advanced/scheduling.ts +0 -352
package/src/email/advanced/search.ts +0 -412
package/src/email/advanced/shared-mailboxes.ts +0 -404
package/src/email/advanced/templates.ts +0 -455
package/src/email/advanced/threading.ts +0 -281
package/src/email/analytics.ts +0 -467
package/src/email/bounce-handling.ts +0 -425
package/src/email/email.test.ts +0 -431
package/src/email/handlers/__tests__/inbound.test.ts +0 -38
package/src/email/handlers/__tests__/outbound.test.ts +0 -37
package/src/email/index.ts +0 -15
package/src/email/reputation.ts +0 -303
package/src/email/templates.ts +0 -352
package/src/errors/index.test.ts +0 -434
package/src/errors/index.ts +0 -416
package/src/health-checks/index.ts +0 -40
package/src/index.ts +0 -360
package/src/intrinsic-functions.ts +0 -118
package/src/lambda/concurrency.ts +0 -330
package/src/lambda/destinations.ts +0 -345
package/src/lambda/dlq.ts +0 -425
package/src/lambda/index.ts +0 -11
package/src/lambda/lambda.test.ts +0 -840
package/src/lambda/layers.ts +0 -263
package/src/lambda/versions.ts +0 -376
package/src/lambda/vpc.ts +0 -399
package/src/local/config.ts +0 -114
package/src/local/index.ts +0 -6
package/src/local/mock-aws.ts +0 -351
package/src/modules/ai.ts +0 -340
package/src/modules/api.ts +0 -478
package/src/modules/auth.ts +0 -805
package/src/modules/cache.ts +0 -417
package/src/modules/cdn.ts +0 -1062
package/src/modules/communication.ts +0 -1094
package/src/modules/compute.ts +0 -3348
package/src/modules/database.ts +0 -554
package/src/modules/deployment.ts +0 -1079
package/src/modules/dns.ts +0 -337
package/src/modules/email.ts +0 -1538
package/src/modules/filesystem.ts +0 -515
package/src/modules/index.ts +0 -32
package/src/modules/messaging.ts +0 -486
package/src/modules/monitoring.ts +0 -2086
package/src/modules/network.ts +0 -664
package/src/modules/parameter-store.ts +0 -325
package/src/modules/permissions.ts +0 -1081
package/src/modules/phone.ts +0 -494
package/src/modules/queue.ts +0 -1260
package/src/modules/redirects.ts +0 -464
package/src/modules/registry.ts +0 -699
package/src/modules/search.ts +0 -401
package/src/modules/secrets.ts +0 -416
package/src/modules/security.ts +0 -731
package/src/modules/sms.ts +0 -389
package/src/modules/storage.ts +0 -1120
package/src/modules/workflow.ts +0 -680
package/src/multi-account/config.ts +0 -521
package/src/multi-account/index.ts +0 -7
package/src/multi-account/manager.ts +0 -427
package/src/multi-region/cross-region.ts +0 -410
package/src/multi-region/index.ts +0 -8
package/src/multi-region/manager.ts +0 -483
package/src/multi-region/regions.ts +0 -435
package/src/network-security/index.ts +0 -48
package/src/observability/index.ts +0 -9
package/src/observability/logs.ts +0 -522
package/src/observability/metrics.ts +0 -460
package/src/observability/observability.test.ts +0 -782
package/src/observability/synthetics.ts +0 -568
package/src/observability/xray.ts +0 -358
package/src/phone/advanced/analytics.ts +0 -349
package/src/phone/advanced/callbacks.ts +0 -428
package/src/phone/advanced/index.ts +0 -8
package/src/phone/advanced/ivr-builder.ts +0 -504
package/src/phone/advanced/recording.ts +0 -310
package/src/phone/handlers/__tests__/incoming-call.test.ts +0 -40
package/src/phone/index.ts +0 -9
package/src/presets/api-backend.ts +0 -134
package/src/presets/data-pipeline.ts +0 -204
package/src/presets/extend.test.ts +0 -295
package/src/presets/fullstack-app.ts +0 -144
package/src/presets/index.ts +0 -27
package/src/presets/jamstack.ts +0 -135
package/src/presets/microservices.ts +0 -167
package/src/presets/ml-api.ts +0 -208
package/src/presets/nodejs-server.ts +0 -104
package/src/presets/nodejs-serverless.ts +0 -114
package/src/presets/realtime-app.ts +0 -184
package/src/presets/static-site.ts +0 -64
package/src/presets/traditional-web-app.ts +0 -339
package/src/presets/wordpress.ts +0 -138
package/src/preview/github.test.ts +0 -249
package/src/preview/github.ts +0 -297
package/src/preview/manager.test.ts +0 -440
package/src/preview/manager.ts +0 -326
package/src/preview/notifications.test.ts +0 -582
package/src/preview/notifications.ts +0 -341
package/src/queue/batch-processing.ts +0 -402
package/src/queue/dlq-monitoring.ts +0 -402
package/src/queue/fifo.ts +0 -342
package/src/queue/index.ts +0 -9
package/src/queue/management.ts +0 -428
package/src/queue/queue.test.ts +0 -429
package/src/resource-mgmt/index.ts +0 -39
package/src/resource-naming.ts +0 -62
package/src/s3/index.ts +0 -523
package/src/schema/cloud-config.schema.json +0 -554
package/src/schema/index.ts +0 -68
package/src/security/certificate-manager.ts +0 -492
package/src/security/index.ts +0 -9
package/src/security/scanning.ts +0 -545
package/src/security/secrets-manager.ts +0 -476
package/src/security/secrets-rotation.ts +0 -456
package/src/security/security.test.ts +0 -738
package/src/sms/advanced/ab-testing.ts +0 -389
package/src/sms/advanced/analytics.ts +0 -336
package/src/sms/advanced/campaigns.ts +0 -523
package/src/sms/advanced/chatbot.ts +0 -224
package/src/sms/advanced/index.ts +0 -10
package/src/sms/advanced/link-tracking.ts +0 -248
package/src/sms/advanced/mms.ts +0 -308
package/src/sms/handlers/__tests__/send.test.ts +0 -40
package/src/sms/index.ts +0 -9
package/src/stack-diff.ts +0 -389
package/src/static-site/index.ts +0 -85
package/src/template-builder.ts +0 -110
package/src/template-validator.ts +0 -574
package/src/utils/cache.ts +0 -291
package/src/utils/diff.ts +0 -269
package/src/utils/hash.ts +0 -227
package/src/utils/index.ts +0 -8
package/src/utils/parallel.ts +0 -294
package/src/validators/credentials.test.ts +0 -274
package/src/validators/credentials.ts +0 -233
package/src/validators/quotas.test.ts +0 -434
package/src/validators/quotas.ts +0 -217
package/test/ai.test.ts +0 -327
package/test/api.test.ts +0 -511
package/test/auth.test.ts +0 -632
package/test/cache.test.ts +0 -406
package/test/cdn.test.ts +0 -247
package/test/compute.test.ts +0 -861
package/test/database.test.ts +0 -523
package/test/deployment.test.ts +0 -499
package/test/dns.test.ts +0 -270
package/test/email.test.ts +0 -439
package/test/filesystem.test.ts +0 -382
package/test/integration.test.ts +0 -350
package/test/messaging.test.ts +0 -514
package/test/monitoring.test.ts +0 -634
package/test/network.test.ts +0 -425
package/test/permissions.test.ts +0 -488
package/test/queue.test.ts +0 -484
package/test/registry.test.ts +0 -306
package/test/security.test.ts +0 -462
package/test/storage.test.ts +0 -463
package/test/template-validator.test.ts +0 -559
package/test/workflow.test.ts +0 -592
package/tsconfig.json +0 -16
package/tsconfig.tsbuildinfo +0 -1

package/src/modules/security.ts DELETED Viewed

@@ -1,731 +0,0 @@
-import type { ACMCertificate, KMSAlias, KMSKey, WAFv2IPSet, WAFv2WebACL } from '@stacksjs/ts-cloud-aws-types'
-import type { EnvironmentType } from '@stacksjs/ts-cloud-types'
-import { Fn } from '../intrinsic-functions'
-import { generateLogicalId, generateResourceName } from '../resource-naming'
-export interface CertificateOptions {
-  domain: string
-  subdomains?: string[]
-  slug: string
-  environment: EnvironmentType
-  validationMethod?: 'DNS' | 'EMAIL'
-  hostedZoneId?: string
-}
-export interface KmsKeyOptions {
-  description: string
-  slug: string
-  environment: EnvironmentType
-  enableRotation?: boolean
-  multiRegion?: boolean
-}
-export interface FirewallOptions {
-  slug: string
-  environment: EnvironmentType
-  scope?: 'CLOUDFRONT' | 'REGIONAL'
-  defaultAction?: 'allow' | 'block'
-}
-export interface RateLimitRule {
-  name: string
-  priority: number
-  requestsPerWindow: number
-  aggregateKeyType?: 'IP' | 'FORWARDED_IP'
-}
-export interface GeoBlockRule {
-  name: string
-  priority: number
-  countryCodes: string[]
-}
-export interface IpBlockRule {
-  name: string
-  priority: number
-  ipAddresses: string[]
-  ipVersion?: 'IPV4' | 'IPV6'
-}
-export interface ManagedRuleGroup {
-  name: string
-  priority: number
-  vendorName: string
-  ruleName: string
-  excludedRules?: string[]
-}
-/**
- * Security Module - ACM, KMS, WAF Management
- * Provides clean API for creating and configuring security resources
- */
-export class Security {
-  /**
-   * Create an SSL/TLS certificate with ACM
-   */
-  static createCertificate(options: CertificateOptions): {
-    certificate: ACMCertificate
-    logicalId: string
-  } {
-    const {
-      domain,
-      subdomains = [],
-      slug,
-      environment,
-      validationMethod = 'DNS',
-      hostedZoneId,
-    } = options
-    const resourceName = generateResourceName({
-      slug,
-      environment,
-      resourceType: 'acm',
-    })
-    const logicalId = generateLogicalId(`${resourceName}-${domain.replace(/\./g, '')}`)
-    // Build SubjectAlternativeNames (SANs) - includes the main domain plus subdomains
-    const sans: string[] = [domain]
-    for (const subdomain of subdomains) {
-      // Support wildcard notation
-      if (subdomain === '*') {
-        sans.push(`*.${domain}`)
-      }
-      else {
-        sans.push(`${subdomain}.${domain}`)
-      }
-    }
-    const certificate: ACMCertificate = {
-      Type: 'AWS::CertificateManager::Certificate',
-      Properties: {
-        DomainName: domain,
-        SubjectAlternativeNames: sans,
-        ValidationMethod: validationMethod,
-      },
-    }
-    // Add DNS validation with Route53 if hostedZoneId is provided
-    if (validationMethod === 'DNS' && hostedZoneId) {
-      certificate.Properties.DomainValidationOptions = sans.map(domainName => ({
-        DomainName: domainName,
-        HostedZoneId: hostedZoneId,
-      }))
-    }
-    return { certificate, logicalId }
-  }
-  /**
-   * Create a KMS encryption key
-   */
-  static createKmsKey(options: KmsKeyOptions): {
-    key: KMSKey
-    alias?: KMSAlias
-    logicalId: string
-    aliasId?: string
-  } {
-    const {
-      description,
-      slug,
-      environment,
-      enableRotation = true,
-      multiRegion = false,
-    } = options
-    const resourceName = generateResourceName({
-      slug,
-      environment,
-      resourceType: 'kms',
-    })
-    const logicalId = generateLogicalId(resourceName)
-    // Default key policy - allows root account full access
-    const keyPolicy = {
-      Version: '2012-10-17' as const,
-      Statement: [
-        {
-          Sid: 'Enable IAM User Permissions',
-          Effect: 'Allow' as const,
-          Principal: {
-            AWS: Fn.Sub('arn:aws:iam::${AWS::AccountId}:root'),
-          },
-          Action: 'kms:*',
-          Resource: '*',
-        },
-        {
-          Sid: 'Allow services to use the key',
-          Effect: 'Allow' as const,
-          Principal: {
-            Service: [
-              's3.amazonaws.com',
-              'cloudfront.amazonaws.com',
-              'logs.amazonaws.com',
-              'secretsmanager.amazonaws.com',
-            ],
-          },
-          Action: [
-            'kms:Decrypt',
-            'kms:GenerateDataKey',
-          ],
-          Resource: '*',
-        },
-      ],
-    }
-    const key: KMSKey = {
-      Type: 'AWS::KMS::Key',
-      Properties: {
-        Description: description,
-        Enabled: true,
-        EnableKeyRotation: enableRotation,
-        KeyPolicy: keyPolicy,
-        KeySpec: 'SYMMETRIC_DEFAULT',
-        KeyUsage: 'ENCRYPT_DECRYPT',
-        MultiRegion: multiRegion,
-      },
-    }
-    // Create alias for easier reference
-    const aliasId = generateLogicalId(`${resourceName}-alias`)
-    const alias: KMSAlias = {
-      Type: 'AWS::KMS::Alias',
-      Properties: {
-        AliasName: `alias/${slug}-${environment}`,
-        TargetKeyId: Fn.Ref(logicalId),
-      },
-    }
-    return { key, alias, logicalId, aliasId }
-  }
-  /**
-   * Create a WAF Web ACL
-   */
-  static createFirewall(options: FirewallOptions): {
-    webAcl: WAFv2WebACL
-    logicalId: string
-  } {
-    const {
-      slug,
-      environment,
-      scope = 'CLOUDFRONT',
-      defaultAction = 'allow',
-    } = options
-    const resourceName = generateResourceName({
-      slug,
-      environment,
-      resourceType: 'waf',
-    })
-    const logicalId = generateLogicalId(resourceName)
-    const webAcl: WAFv2WebACL = {
-      Type: 'AWS::WAFv2::WebACL',
-      Properties: {
-        Name: resourceName,
-        Scope: scope,
-        DefaultAction: defaultAction === 'allow' ? { Allow: {} } : { Block: {} },
-        Description: `WAF for ${slug} ${environment}`,
-        Rules: [],
-        VisibilityConfig: {
-          SampledRequestsEnabled: true,
-          CloudWatchMetricsEnabled: true,
-          MetricName: `${resourceName}-metric`,
-        },
-      },
-    }
-    return { webAcl, logicalId }
-  }
-  /**
-   * Add rate limiting to a Web ACL
-   */
-  static setRateLimit(
-    webAcl: WAFv2WebACL,
-    rule: RateLimitRule,
-  ): WAFv2WebACL {
-    if (!webAcl.Properties.Rules) {
-      webAcl.Properties.Rules = []
-    }
-    webAcl.Properties.Rules.push({
-      Name: rule.name,
-      Priority: rule.priority,
-      Statement: {
-        RateBasedStatement: {
-          Limit: rule.requestsPerWindow,
-          AggregateKeyType: rule.aggregateKeyType || 'IP',
-        },
-      },
-      Action: {
-        Block: {},
-      },
-      VisibilityConfig: {
-        SampledRequestsEnabled: true,
-        CloudWatchMetricsEnabled: true,
-        MetricName: `${rule.name}-metric`,
-      },
-    })
-    return webAcl
-  }
-  /**
-   * Block specific countries
-   */
-  static blockCountries(
-    webAcl: WAFv2WebACL,
-    rule: GeoBlockRule,
-  ): WAFv2WebACL {
-    if (!webAcl.Properties.Rules) {
-      webAcl.Properties.Rules = []
-    }
-    webAcl.Properties.Rules.push({
-      Name: rule.name,
-      Priority: rule.priority,
-      Statement: {
-        GeoMatchStatement: {
-          CountryCodes: rule.countryCodes,
-        },
-      },
-      Action: {
-        Block: {},
-      },
-      VisibilityConfig: {
-        SampledRequestsEnabled: true,
-        CloudWatchMetricsEnabled: true,
-        MetricName: `${rule.name}-metric`,
-      },
-    })
-    return webAcl
-  }
-  /**
-   * Block specific IP addresses
-   */
-  static blockIpAddresses(
-    webAcl: WAFv2WebACL,
-    rule: IpBlockRule,
-    slug: string,
-    environment: EnvironmentType,
-  ): {
-      webAcl: WAFv2WebACL
-      ipSet: WAFv2IPSet
-      ipSetLogicalId: string
-    } {
-    const resourceName = generateResourceName({
-      slug,
-      environment,
-      resourceType: 'ipset',
-    })
-    const ipSetLogicalId = generateLogicalId(`${resourceName}-${rule.name}`)
-    // Create IP Set
-    const ipSet: WAFv2IPSet = {
-      Type: 'AWS::WAFv2::IPSet',
-      Properties: {
-        Name: `${resourceName}-${rule.name}`,
-        Scope: webAcl.Properties.Scope,
-        IPAddressVersion: rule.ipVersion || 'IPV4',
-        Addresses: rule.ipAddresses,
-        Description: `Blocked IPs for ${rule.name}`,
-      },
-    }
-    // Add rule to Web ACL
-    if (!webAcl.Properties.Rules) {
-      webAcl.Properties.Rules = []
-    }
-    webAcl.Properties.Rules.push({
-      Name: rule.name,
-      Priority: rule.priority,
-      Statement: {
-        IPSetReferenceStatement: {
-          Arn: Fn.GetAtt(ipSetLogicalId, 'Arn') as any,
-        },
-      },
-      Action: {
-        Block: {},
-      },
-      VisibilityConfig: {
-        SampledRequestsEnabled: true,
-        CloudWatchMetricsEnabled: true,
-        MetricName: `${rule.name}-metric`,
-      },
-    })
-    return { webAcl, ipSet, ipSetLogicalId }
-  }
-  /**
-   * Add AWS Managed Rules
-   */
-  static addManagedRules(
-    webAcl: WAFv2WebACL,
-    rule: ManagedRuleGroup,
-  ): WAFv2WebACL {
-    if (!webAcl.Properties.Rules) {
-      webAcl.Properties.Rules = []
-    }
-    const managedRuleStatement: NonNullable<WAFv2WebACL['Properties']['Rules']>[0]['Statement'] = {
-      ManagedRuleGroupStatement: {
-        VendorName: rule.vendorName,
-        Name: rule.ruleName,
-      },
-    }
-    if (rule.excludedRules && rule.excludedRules.length > 0) {
-      managedRuleStatement.ManagedRuleGroupStatement!.ExcludedRules = rule.excludedRules.map(name => ({ Name: name }))
-    }
-    webAcl.Properties.Rules.push({
-      Name: rule.name,
-      Priority: rule.priority,
-      Statement: managedRuleStatement,
-      VisibilityConfig: {
-        SampledRequestsEnabled: true,
-        CloudWatchMetricsEnabled: true,
-        MetricName: `${rule.name}-metric`,
-      },
-    })
-    return webAcl
-  }
-  /**
-   * Common managed rule groups from AWS
-   */
-  static readonly ManagedRuleGroups = {
-    /**
-     * AWS Core Rule Set - protects against common threats
-     */
-    CoreRuleSet: {
-      vendorName: 'AWS',
-      ruleName: 'AWSManagedRulesCommonRuleSet',
-    },
-    /**
-     * Known Bad Inputs - blocks patterns known to be invalid
-     */
-    KnownBadInputs: {
-      vendorName: 'AWS',
-      ruleName: 'AWSManagedRulesKnownBadInputsRuleSet',
-    },
-    /**
-     * SQL Database - protects against SQL injection
-     */
-    SqlDatabase: {
-      vendorName: 'AWS',
-      ruleName: 'AWSManagedRulesSQLiRuleSet',
-    },
-    /**
-     * Linux Operating System - protects against Linux-specific exploits
-     */
-    LinuxOS: {
-      vendorName: 'AWS',
-      ruleName: 'AWSManagedRulesLinuxRuleSet',
-    },
-    /**
-     * POSIX Operating System - protects against POSIX-specific exploits
-     */
-    PosixOS: {
-      vendorName: 'AWS',
-      ruleName: 'AWSManagedRulesUnixRuleSet',
-    },
-    /**
-     * Amazon IP Reputation List - blocks IPs with poor reputation
-     */
-    AmazonIpReputation: {
-      vendorName: 'AWS',
-      ruleName: 'AWSManagedRulesAmazonIpReputationList',
-    },
-    /**
-     * Anonymous IP List - blocks requests from anonymizing services
-     */
-    AnonymousIpList: {
-      vendorName: 'AWS',
-      ruleName: 'AWSManagedRulesAnonymousIpList',
-    },
-    /**
-     * Bot Control - protects against bots and scrapers
-     */
-    BotControl: {
-      vendorName: 'AWS',
-      ruleName: 'AWSManagedRulesBotControlRuleSet',
-    },
-  } as const
-  /**
-   * Add path-based rate limiting
-   * Rate limit specific URL paths (e.g., login, API endpoints)
-   */
-  static setPathRateLimit(
-    webAcl: WAFv2WebACL,
-    rule: RateLimitRule & { paths: string[] },
-  ): WAFv2WebACL {
-    if (!webAcl.Properties.Rules) {
-      webAcl.Properties.Rules = []
-    }
-    // Build path patterns for the rule
-    const pathConditions = rule.paths.map(path => ({
-      SearchString: path,
-      FieldToMatch: {
-        UriPath: {},
-      },
-      TextTransformation: [{
-        Priority: 0,
-        Type: 'LOWERCASE',
-      }],
-      PositionalConstraint: 'STARTS_WITH',
-    }))
-    webAcl.Properties.Rules.push({
-      Name: rule.name,
-      Priority: rule.priority,
-      Statement: {
-        RateBasedStatement: {
-          Limit: rule.requestsPerWindow,
-          AggregateKeyType: rule.aggregateKeyType || 'IP',
-          ScopeDownStatement: {
-            OrStatement: {
-              Statements: pathConditions.map(condition => ({
-                ByteMatchStatement: condition,
-              })),
-            },
-          },
-        },
-      },
-      Action: {
-        Block: {},
-      },
-      VisibilityConfig: {
-        SampledRequestsEnabled: true,
-        CloudWatchMetricsEnabled: true,
-        MetricName: `${rule.name}-metric`,
-      },
-    })
-    return webAcl
-  }
-  /**
-   * Add header-based rate limiting
-   * Useful for API key or user-based rate limiting
-   */
-  static setHeaderRateLimit(
-    webAcl: WAFv2WebACL,
-    rule: RateLimitRule & { headerName: string, headerValue?: string },
-  ): WAFv2WebACL {
-    if (!webAcl.Properties.Rules) {
-      webAcl.Properties.Rules = []
-    }
-    const statement: any = {
-      RateBasedStatement: {
-        Limit: rule.requestsPerWindow,
-        AggregateKeyType: 'CUSTOM_KEYS',
-        CustomKeys: [
-          {
-            Header: {
-              Name: rule.headerName,
-              TextTransformations: [{ Priority: 0, Type: 'NONE' }],
-            },
-          },
-        ],
-      },
-    }
-    // Optionally scope down to specific header value
-    if (rule.headerValue) {
-      statement.RateBasedStatement.ScopeDownStatement = {
-        ByteMatchStatement: {
-          SearchString: rule.headerValue,
-          FieldToMatch: {
-            SingleHeader: { Name: rule.headerName },
-          },
-          TextTransformation: [{ Priority: 0, Type: 'NONE' }],
-          PositionalConstraint: 'EXACTLY',
-        },
-      }
-    }
-    webAcl.Properties.Rules.push({
-      Name: rule.name,
-      Priority: rule.priority,
-      Statement: statement,
-      Action: {
-        Block: {},
-      },
-      VisibilityConfig: {
-        SampledRequestsEnabled: true,
-        CloudWatchMetricsEnabled: true,
-        MetricName: `${rule.name}-metric`,
-      },
-    })
-    return webAcl
-  }
-  /**
-   * Add login endpoint protection
-   * Combines rate limiting with common attack patterns
-   */
-  static protectLoginEndpoint(
-    webAcl: WAFv2WebACL,
-    options: {
-      loginPaths: string[]
-      priority: number
-      requestsPerMinute?: number
-    },
-  ): WAFv2WebACL {
-    const { loginPaths, priority, requestsPerMinute = 10 } = options
-    // Add rate limiting for login paths
-    Security.setPathRateLimit(webAcl, {
-      name: 'LoginRateLimit',
-      priority,
-      requestsPerWindow: requestsPerMinute * 5, // AWS rate is per 5 minutes
-      paths: loginPaths,
-    })
-    return webAcl
-  }
-  /**
-   * Add API rate limiting
-   * Apply stricter limits on API endpoints
-   */
-  static protectApiEndpoints(
-    webAcl: WAFv2WebACL,
-    options: {
-      apiPaths: string[]
-      priority: number
-      requestsPerMinute?: number
-    },
-  ): WAFv2WebACL {
-    const { apiPaths, priority, requestsPerMinute = 100 } = options
-    Security.setPathRateLimit(webAcl, {
-      name: 'ApiRateLimit',
-      priority,
-      requestsPerWindow: requestsPerMinute * 5, // AWS rate is per 5 minutes
-      paths: apiPaths,
-    })
-    return webAcl
-  }
-  /**
-   * Create a comprehensive WAF with common protections
-   */
-  static createProtectedFirewall(options: {
-    slug: string
-    environment: EnvironmentType
-    scope?: 'CLOUDFRONT' | 'REGIONAL'
-    enableBotControl?: boolean
-    enableRateLimiting?: boolean
-    rateLimitPerMinute?: number
-  }): {
-    webAcl: WAFv2WebACL
-    logicalId: string
-  } {
-    const {
-      slug,
-      environment,
-      scope = 'CLOUDFRONT',
-      enableBotControl = false,
-      enableRateLimiting = true,
-      rateLimitPerMinute = 2000,
-    } = options
-    // Create base firewall
-    let { webAcl, logicalId } = Security.createFirewall({
-      slug,
-      environment,
-      scope,
-      defaultAction: 'allow',
-    })
-    let priority = 0
-    // Add AWS IP Reputation list
-    webAcl = Security.addManagedRules(webAcl, {
-      name: 'AWSIPReputationList',
-      priority: priority++,
-      ...Security.ManagedRuleGroups.AmazonIpReputation,
-    })
-    // Add Anonymous IP protection
-    webAcl = Security.addManagedRules(webAcl, {
-      name: 'AWSAnonymousIPList',
-      priority: priority++,
-      ...Security.ManagedRuleGroups.AnonymousIpList,
-    })
-    // Add Core Rule Set
-    webAcl = Security.addManagedRules(webAcl, {
-      name: 'AWSCoreRuleSet',
-      priority: priority++,
-      ...Security.ManagedRuleGroups.CoreRuleSet,
-    })
-    // Add Known Bad Inputs
-    webAcl = Security.addManagedRules(webAcl, {
-      name: 'AWSKnownBadInputs',
-      priority: priority++,
-      ...Security.ManagedRuleGroups.KnownBadInputs,
-    })
-    // Add SQL Injection protection
-    webAcl = Security.addManagedRules(webAcl, {
-      name: 'AWSSQLi',
-      priority: priority++,
-      ...Security.ManagedRuleGroups.SqlDatabase,
-    })
-    // Optionally add Bot Control (additional cost)
-    if (enableBotControl) {
-      webAcl = Security.addManagedRules(webAcl, {
-        name: 'AWSBotControl',
-        priority: priority++,
-        ...Security.ManagedRuleGroups.BotControl,
-      })
-    }
-    // Add global rate limiting
-    if (enableRateLimiting) {
-      webAcl = Security.setRateLimit(webAcl, {
-        name: 'GlobalRateLimit',
-        priority: priority++,
-        requestsPerWindow: rateLimitPerMinute * 5, // AWS uses 5-minute windows
-      })
-    }
-    return { webAcl, logicalId }
-  }
-  /**
-   * Common rate limit presets
-   */
-  static readonly RateLimitPresets = {
-    /** Standard website: 2000 requests per minute per IP */
-    STANDARD: 2000,
-    /** High-traffic API: 10000 requests per minute per IP */
-    HIGH_TRAFFIC: 10000,
-    /** Aggressive protection: 100 requests per minute per IP */
-    STRICT: 100,
-    /** Login protection: 10 requests per minute per IP */
-    LOGIN: 10,
-    /** API endpoint: 100 requests per minute per IP */
-    API: 100,
-  } as const
-}