@stacksjs/ts-cloud-core 0.1.6 → 0.1.8

package/dist/compliance/aws-config.d.ts

@@ -0,0 +1,88 @@
+/**
+ * Global AWS Config manager instance
+ */
+export declare const awsConfigManager: AWSConfigManager;
+/**
+ * AWS Config Rules
+ * Automated compliance checking and configuration management
+ */
+export declare interface ConfigRule {
+  id: string
+  name: string
+  description: string
+  source: 'AWS_MANAGED' | 'CUSTOM_LAMBDA'
+  identifier?: string
+  lambdaFunctionArn?: string
+  inputParameters?: Record<string, any>
+  scope?: ConfigScope
+  maxExecutionFrequency?: 'One_Hour' | 'Three_Hours' | 'Six_Hours' | 'Twelve_Hours' | 'TwentyFour_Hours'
+}
+export declare interface ConfigScope {
+  complianceResourceTypes?: string[]
+  tagKey?: string
+  tagValue?: string
+}
+export declare interface ConfigRecorder {
+  name: string
+  roleArn: string
+  recordingGroup?: RecordingGroup
+}
+export declare interface RecordingGroup {
+  allSupported?: boolean
+  includeGlobalResourceTypes?: boolean
+  resourceTypes?: string[]
+}
+export declare interface DeliveryChannel {
+  name: string
+  s3BucketName: string
+  s3KeyPrefix?: string
+  snsTopicArn?: string
+  configSnapshotDeliveryProperties?: {
+    deliveryFrequency?: 'One_Hour' | 'Three_Hours' | 'Six_Hours' | 'Twelve_Hours' | 'TwentyFour_Hours'
+  }
+}
+/**
+ * AWS Config manager
+ */
+export declare class AWSConfigManager {
+  private configRules: Map<string, ConfigRule>;
+  private configRecorders: Map<string, ConfigRecorder>;
+  private deliveryChannels: Map<string, DeliveryChannel>;
+  private ruleCounter: any;
+  createConfigRecorder(recorder: ConfigRecorder): ConfigRecorder;
+  createDeliveryChannel(channel: DeliveryChannel): DeliveryChannel;
+  createConfigRule(rule: Omit<ConfigRule, 'id'>): ConfigRule;
+  createS3EncryptionRule(): ConfigRule;
+  createS3PublicAccessBlockRule(): ConfigRule;
+  createS3VersioningRule(): ConfigRule;
+  createRdsEncryptionRule(): ConfigRule;
+  createRdsSnapshotEncryptionRule(): ConfigRule;
+  createRdsBackupRule(retentionPeriod?: number): ConfigRule;
+  createEc2InstanceProfileRule(): ConfigRule;
+  createEbsEncryptionRule(): ConfigRule;
+  createIamPasswordPolicyRule(): ConfigRule;
+  createIamMfaRule(): ConfigRule;
+  createRootAccountMfaRule(): ConfigRule;
+  createVpcFlowLogsRule(): ConfigRule;
+  createCloudTrailEnabledRule(): ConfigRule;
+  createCloudWatchAlarmRule(): ConfigRule;
+  createCustomLambdaRule(options: {
+    name: string
+    description: string
+    lambdaFunctionArn: string
+    resourceTypes?: string[]
+    maxExecutionFrequency?: ConfigRule['maxExecutionFrequency']
+    inputParameters?: Record<string, any>
+  }): ConfigRule;
+  createCompliancePreset(preset: 'hipaa' | 'pci-dss' | 'sox' | 'gdpr' | 'basic'): ConfigRule[];
+  getConfigRule(id: string): ConfigRule | undefined;
+  listConfigRules(): ConfigRule[];
+  getConfigRecorder(name: string): ConfigRecorder | undefined;
+  listConfigRecorders(): ConfigRecorder[];
+  getDeliveryChannel(name: string): DeliveryChannel | undefined;
+  listDeliveryChannels(): DeliveryChannel[];
+  generateConfigRuleCF(rule: ConfigRule): any;
+  generateConfigRecorderCF(recorder: ConfigRecorder): any;
+  generateDeliveryChannelCF(channel: DeliveryChannel): any;
+  clear(): void;
+}

package/dist/compliance/cloudtrail.d.ts

@@ -0,0 +1,96 @@
+/**
+ * Global CloudTrail manager instance
+ */
+export declare const cloudTrailManager: CloudTrailManager;
+/**
+ * AWS CloudTrail Configuration
+ * API logging and auditing for security and compliance
+ */
+export declare interface CloudTrailConfig {
+  id: string
+  name: string
+  s3BucketName: string
+  s3KeyPrefix?: string
+  includeGlobalServiceEvents?: boolean
+  isMultiRegionTrail?: boolean
+  enableLogFileValidation?: boolean
+  cloudWatchLogsLogGroupArn?: string
+  cloudWatchLogsRoleArn?: string
+  snsTopicName?: string
+  kmsKeyId?: string
+  eventSelectors?: EventSelector[]
+  insightSelectors?: InsightSelector[]
+  advancedEventSelectors?: AdvancedEventSelector[]
+}
+export declare interface EventSelector {
+  readWriteType: 'ReadOnly' | 'WriteOnly' | 'All'
+  includeManagementEvents?: boolean
+  dataResources?: DataResource[]
+  excludeManagementEventSources?: string[]
+}
+export declare interface DataResource {
+  type: string
+  values: string[]
+}
+export declare interface InsightSelector {
+  insightType: 'ApiCallRateInsight' | 'ApiErrorRateInsight'
+}
+export declare interface AdvancedEventSelector {
+  name: string
+  fieldSelectors: FieldSelector[]
+}
+export declare interface FieldSelector {
+  field: string
+  equals?: string[]
+  startsWith?: string[]
+  endsWith?: string[]
+  notEquals?: string[]
+  notStartsWith?: string[]
+  notEndsWith?: string[]
+}
+/**
+ * CloudTrail manager
+ */
+export declare class CloudTrailManager {
+  private trails: Map<string, CloudTrailConfig>;
+  private trailCounter: any;
+  createTrail(trail: Omit<CloudTrailConfig, 'id'>): CloudTrailConfig;
+  createOrganizationTrail(options: {
+    name: string
+    s3BucketName: string
+    kmsKeyId?: string
+    cloudWatchLogsLogGroupArn?: string
+    cloudWatchLogsRoleArn?: string
+  }): CloudTrailConfig;
+  createSecurityAuditTrail(options: {
+    name: string
+    s3BucketName: string
+    kmsKeyId: string
+    cloudWatchLogsLogGroupArn: string
+    cloudWatchLogsRoleArn: string
+  }): CloudTrailConfig;
+  createDataEventsTrail(options: {
+    name: string
+    s3BucketName: string
+    s3DataBuckets?: string[]
+    lambdaFunctions?: string[]
+  }): CloudTrailConfig;
+  createAdvancedTrail(options: {
+    name: string
+    s3BucketName: string
+    selectors: AdvancedEventSelector[]
+  }): CloudTrailConfig;
+  createReadOnlyTrail(options: {
+    name: string
+    s3BucketName: string
+  }): CloudTrailConfig;
+  createWriteOnlyTrail(options: {
+    name: string
+    s3BucketName: string
+  }): CloudTrailConfig;
+  getTrail(id: string): CloudTrailConfig | undefined;
+  listTrails(): CloudTrailConfig[];
+  generateTrailCF(trail: CloudTrailConfig): any;
+  generateBucketPolicy(bucketName: string, trailAccountIds: string[]): any;
+  clear(): void;
+}

package/dist/compliance/guardduty.d.ts

@@ -0,0 +1,110 @@
+/**
+ * Global GuardDuty manager instance
+ */
+export declare const guardDutyManager: GuardDutyManager;
+/**
+ * AWS GuardDuty
+ * Intelligent threat detection and continuous monitoring
+ */
+export declare interface GuardDutyDetector {
+  id: string
+  enable: boolean
+  findingPublishingFrequency?: 'FIFTEEN_MINUTES' | 'ONE_HOUR' | 'SIX_HOURS'
+  dataSources?: DataSourceConfigurations
+  features?: DetectorFeature[]
+}
+export declare interface DataSourceConfigurations {
+  s3Logs?: {
+    enable: boolean
+  }
+  kubernetes?: {
+    auditLogs: {
+      enable: boolean
+    }
+  }
+  malwareProtection?: {
+    scanEc2InstanceWithFindings: {
+      ebsVolumes: {
+        enable: boolean
+      }
+    }
+  }
+}
+export declare interface DetectorFeature {
+  name: 'S3_DATA_EVENTS' | 'EKS_AUDIT_LOGS' | 'EBS_MALWARE_PROTECTION' | 'RDS_LOGIN_EVENTS' | 'LAMBDA_NETWORK_LOGS'
+  status: 'ENABLED' | 'DISABLED'
+  additionalConfiguration?: {
+    name: string
+    status: 'ENABLED' | 'DISABLED'
+  }[]
+}
+export declare interface ThreatIntelSet {
+  id: string
+  detectorId: string
+  name: string
+  format: 'TXT' | 'STIX' | 'OTX_CSV' | 'ALIEN_VAULT' | 'PROOF_POINT' | 'FIRE_EYE'
+  location: string
+  activate: boolean
+}
+export declare interface IPSet {
+  id: string
+  detectorId: string
+  name: string
+  format: 'TXT' | 'STIX' | 'OTX_CSV' | 'ALIEN_VAULT' | 'PROOF_POINT' | 'FIRE_EYE'
+  location: string
+  activate: boolean
+}
+export declare interface FindingFilter {
+  id: string
+  detectorId: string
+  name: string
+  description?: string
+  action: 'NOOP' | 'ARCHIVE'
+  rank: number
+  findingCriteria: FindingCriteria
+}
+export declare interface FindingCriteria {
+  criterion: Record<string, {
+    eq?: string[]
+    neq?: string[]
+    gt?: number
+    gte?: number
+    lt?: number
+    lte?: number
+  }>
+}
+/**
+ * GuardDuty manager
+ */
+export declare class GuardDutyManager {
+  private detectors: Map<string, GuardDutyDetector>;
+  private threatIntelSets: Map<string, ThreatIntelSet>;
+  private ipSets: Map<string, IPSet>;
+  private filters: Map<string, FindingFilter>;
+  private detectorCounter: any;
+  private threatIntelCounter: any;
+  private ipSetCounter: any;
+  private filterCounter: any;
+  createDetector(detector: Omit<GuardDutyDetector, 'id'>): GuardDutyDetector;
+  createComprehensiveDetector(): GuardDutyDetector;
+  createBasicDetector(): GuardDutyDetector;
+  createThreatIntelSet(set: Omit<ThreatIntelSet, 'id'>): ThreatIntelSet;
+  createIPSet(set: Omit<IPSet, 'id'>): IPSet;
+  createFindingFilter(filter: Omit<FindingFilter, 'id'>): FindingFilter;
+  createLowSeverityArchiveFilter(detectorId: string): FindingFilter;
+  createFindingTypeFilter(detectorId: string, findingTypes: string[], action: 'NOOP' | 'ARCHIVE'): FindingFilter;
+  createTrustedIPFilter(detectorId: string, ipAddresses: string[]): FindingFilter;
+  getDetector(id: string): GuardDutyDetector | undefined;
+  listDetectors(): GuardDutyDetector[];
+  getThreatIntelSet(id: string): ThreatIntelSet | undefined;
+  listThreatIntelSets(): ThreatIntelSet[];
+  getIPSet(id: string): IPSet | undefined;
+  listIPSets(): IPSet[];
+  getFindingFilter(id: string): FindingFilter | undefined;
+  listFindingFilters(): FindingFilter[];
+  generateDetectorCF(detector: GuardDutyDetector): any;
+  generateThreatIntelSetCF(set: ThreatIntelSet): any;
+  generateIPSetCF(set: IPSet): any;
+  generateFilterCF(filter: FindingFilter): any;
+  clear(): void;
+}

package/dist/compliance/index.d.ts

@@ -0,0 +1,50 @@
+export type {
+  ConfigRule,
+  ConfigScope,
+  ConfigRecorder,
+  RecordingGroup,
+  DeliveryChannel,
+} from './aws-config';
+export type {
+  CloudTrailConfig,
+  EventSelector,
+  DataResource,
+  InsightSelector,
+  AdvancedEventSelector,
+  FieldSelector,
+} from './cloudtrail';
+export type {
+  GuardDutyDetector,
+  DataSourceConfigurations,
+  DetectorFeature,
+  ThreatIntelSet,
+  IPSet,
+  FindingFilter,
+  FindingCriteria,
+} from './guardduty';
+export type {
+  SecurityHubConfig,
+  SecurityStandard,
+  AutomationRule,
+  AutomationAction,
+  AutomationCriteria,
+  StringFilter,
+  NumberFilter,
+  MapFilter,
+} from './security-hub';
+export {
+  AWSConfigManager,
+  awsConfigManager,
+} from './aws-config';
+export {
+  CloudTrailManager,
+  cloudTrailManager,
+} from './cloudtrail';
+export {
+  GuardDutyManager,
+  guardDutyManager,
+} from './guardduty';
+export {
+  SecurityHubManager,
+  securityHubManager,
+} from './security-hub';

package/dist/compliance/security-hub.d.ts

@@ -0,0 +1,110 @@
+/**
+ * Global Security Hub manager instance
+ */
+export declare const securityHubManager: SecurityHubManager;
+/**
+ * AWS Security Hub
+ * Centralized security and compliance view across AWS accounts
+ */
+export declare interface SecurityHubConfig {
+  id: string
+  enable: boolean
+  controlFindingGenerator?: 'STANDARD_CONTROL' | 'SECURITY_CONTROL'
+  enableDefaultStandards?: boolean
+  standards?: SecurityStandard[]
+  automationRules?: AutomationRule[]
+}
+export declare interface SecurityStandard {
+  id: string
+  arn: string
+  name: string
+  description: string
+  enabled: boolean
+  disabledControls?: string[]
+}
+export declare interface AutomationRule {
+  id: string
+  ruleName: string
+  description?: string
+  actions: AutomationAction[]
+  criteria: AutomationCriteria
+  ruleStatus: 'ENABLED' | 'DISABLED'
+  ruleOrder: number
+}
+export declare interface AutomationAction {
+  type: 'FINDING_FIELDS_UPDATE'
+  findingFieldsUpdate: {
+    note?: {
+      text: string
+      updatedBy: string
+    }
+    severity?: {
+      label: 'INFORMATIONAL' | 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL'
+    }
+    workflow?: {
+      status: 'NEW' | 'NOTIFIED' | 'RESOLVED' | 'SUPPRESSED'
+    }
+    relatedFindings?: Array<{
+      productArn: string
+      id: string
+    }>
+    userDefinedFields?: Record<string, string>
+  }
+}
+export declare interface AutomationCriteria {
+  productName?: StringFilter[]
+  companyName?: StringFilter[]
+  severityLabel?: StringFilter[]
+  resourceType?: StringFilter[]
+  resourceId?: StringFilter[]
+  recordState?: StringFilter[]
+  workflowStatus?: StringFilter[]
+  complianceStatus?: StringFilter[]
+  verificationState?: StringFilter[]
+  confidence?: NumberFilter[]
+  criticality?: NumberFilter[]
+  title?: StringFilter[]
+  description?: StringFilter[]
+  sourceUrl?: StringFilter[]
+  productFields?: MapFilter[]
+  resourceTags?: MapFilter[]
+  userDefinedFields?: MapFilter[]
+}
+export declare interface StringFilter {
+  value: string
+  comparison: 'EQUALS' | 'PREFIX' | 'NOT_EQUALS' | 'PREFIX_NOT_EQUALS'
+}
+export declare interface NumberFilter {
+  gte?: number
+  lte?: number
+  eq?: number
+  gt?: number
+  lt?: number
+}
+export declare interface MapFilter {
+  key: string
+  value?: string
+  comparison: 'EQUALS' | 'NOT_EQUALS'
+}
+/**
+ * Security Hub manager
+ */
+export declare class SecurityHubManager {
+  private hubs: Map<string, SecurityHubConfig>;
+  private hubCounter: any;
+  private ruleCounter: any;
+  static readonly Standards: any;
+  createHub(hub: Omit<SecurityHubConfig, 'id'>): SecurityHubConfig;
+  createComprehensiveHub(): SecurityHubConfig;
+  createBasicHub(): SecurityHubConfig;
+  createLowSeveritySuppressionRule(): AutomationRule;
+  createResourceTypeNotificationRule(resourceTypes: string[]): AutomationRule;
+  createComplianceFailureRule(): AutomationRule;
+  createFalsePositiveSuppressionRule(productName: string, titlePatterns: string[]): AutomationRule;
+  getHub(id: string): SecurityHubConfig | undefined;
+  listHubs(): SecurityHubConfig[];
+  generateHubCF(hub: SecurityHubConfig): any;
+  generateStandardCF(standard: SecurityStandard): any;
+  generateAutomationRuleCF(rule: AutomationRule): any;
+  clear(): void;
+}

package/dist/containers/build-optimization.d.ts

@@ -0,0 +1,110 @@
+/**
+ * Global build optimization manager instance
+ */
+export declare const buildOptimizationManager: BuildOptimizationManager;
+/**
+ * Container Build Optimization
+ * Multi-stage builds, layer caching, and build performance
+ */
+export declare interface BuildConfig {
+  id: string
+  name: string
+  dockerfile: string
+  context: string
+  target?: string
+  buildArgs?: Record<string, string>
+  labels?: Record<string, string>
+  cacheStrategy: CacheStrategy
+  platform?: string
+}
+export declare interface CacheStrategy {
+  type: 'inline' | 'registry' | 'local' | 's3'
+  cacheFrom?: string[]
+  cacheTo?: string
+  maxCacheAge?: number
+}
+export declare interface MultiStageConfig {
+  id: string
+  name: string
+  stages: BuildStage[]
+  targetStage?: string
+}
+export declare interface BuildStage {
+  name: string
+  baseImage: string
+  commands: string[]
+  copyFrom?: string[]
+  workdir?: string
+  env?: Record<string, string>
+}
+export declare interface BuildOptimization {
+  id: string
+  name: string
+  recommendations: OptimizationRecommendation[]
+  estimatedSavings: BuildSavings
+}
+export declare interface OptimizationRecommendation {
+  type: 'layer_reduction' | 'cache_optimization' | 'base_image' | 'dependencies'
+  priority: 'high' | 'medium' | 'low'
+  title: string
+  description: string
+  example?: string
+  impact: string
+}
+export declare interface BuildSavings {
+  sizeBefore: number
+  sizeAfter: number
+  timeBefore: number
+  timeAfter: number
+}
+export declare interface LayerAnalysis {
+  id: string
+  imageId: string
+  layers: ImageLayer[]
+  totalSize: number
+  unnecessaryLayers: number
+}
+export declare interface ImageLayer {
+  index: number
+  command: string
+  size: number
+  created: Date
+  cacheable: boolean
+}
+/**
+ * Build optimization manager
+ */
+export declare class BuildOptimizationManager {
+  private configs: Map<string, BuildConfig>;
+  private multiStageConfigs: Map<string, MultiStageConfig>;
+  private optimizations: Map<string, BuildOptimization>;
+  private analyses: Map<string, LayerAnalysis>;
+  private configCounter: any;
+  private multiStageCounter: any;
+  private optimizationCounter: any;
+  private analysisCounter: any;
+  createBuildConfig(config: Omit<BuildConfig, 'id'>): BuildConfig;
+  createOptimizedBuildConfig(options: {
+    name: string
+    dockerfile: string
+    enableCache?: boolean
+    registry?: string
+  }): BuildConfig;
+  createMultiStageConfig(config: Omit<MultiStageConfig, 'id'>): MultiStageConfig;
+  createNodeMultiStageBuild(options: {
+    name: string
+    nodeVersion?: string
+    targetStage?: 'production' | 'development'
+  }): MultiStageConfig;
+  generateDockerfile(configId: string): string;
+  analyzeImage(imageId: string, layers: Omit<ImageLayer, 'cacheable'>[]): LayerAnalysis;
+  private isLayerCacheable(command: string): boolean;
+  generateOptimizations(analysisId: string): BuildOptimization;
+  getBuildConfig(id: string): BuildConfig | undefined;
+  listBuildConfigs(): BuildConfig[];
+  getMultiStageConfig(id: string): MultiStageConfig | undefined;
+  listMultiStageConfigs(): MultiStageConfig[];
+  getOptimization(id: string): BuildOptimization | undefined;
+  listOptimizations(): BuildOptimization[];
+  clear(): void;
+}

package/dist/containers/image-scanning.d.ts

@@ -0,0 +1,96 @@
+/**
+ * Global image scanning manager instance
+ */
+export declare const imageScanningManager: ImageScanningManager;
+/**
+ * Container Image Scanning
+ * Vulnerability scanning with Trivy, Snyk, and other tools
+ */
+export declare interface ImageScanConfig {
+  id: string
+  repository: string
+  imageTag: string
+  scanner: ScannerType
+  scanOnPush: boolean
+  scanSchedule?: string
+  failOnSeverity?: 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW'
+  ignoreUnfixed?: boolean
+}
+export declare interface ImageScanResult {
+  id: string
+  imageUri: string
+  scannerType: ScannerType
+  scanDate: Date
+  vulnerabilities: ImageVulnerability[]
+  summary: VulnerabilitySummary
+  passed: boolean
+}
+export declare interface ImageVulnerability {
+  id: string
+  cve: string
+  severity: 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW' | 'UNKNOWN'
+  packageName: string
+  installedVersion: string
+  fixedVersion?: string
+  title: string
+  description: string
+  references: string[]
+  cvss?: number
+}
+export declare interface VulnerabilitySummary {
+  total: number
+  critical: number
+  high: number
+  medium: number
+  low: number
+  unknown: number
+}
+export declare interface ScanPolicy {
+  id: string
+  name: string
+  allowedSeverities: string[]
+  maxCritical: number
+  maxHigh: number
+  blockOnFailure: boolean
+  exemptions: string[]
+}
+export type ScannerType = 'trivy' | 'snyk' | 'clair' | 'anchore' | 'ecr'
+/**
+ * Image scanning manager
+ */
+export declare class ImageScanningManager {
+  private configs: Map<string, ImageScanConfig>;
+  private results: Map<string, ImageScanResult>;
+  private policies: Map<string, ScanPolicy>;
+  private configCounter: any;
+  private resultCounter: any;
+  private policyCounter: any;
+  configureScan(config: Omit<ImageScanConfig, 'id'>): ImageScanConfig;
+  configureTrivyScan(options: {
+    repository: string
+    imageTag: string
+    scanOnPush?: boolean
+    ignoreUnfixed?: boolean
+  }): ImageScanConfig;
+  configureSnykScan(options: {
+    repository: string
+    imageTag: string
+    scanOnPush?: boolean
+  }): ImageScanConfig;
+  configureECRScan(options: {
+    repository: string
+    scanOnPush?: boolean
+  }): ImageScanConfig;
+  scanImage(configId: string): Promise<ImageScanResult>;
+  private simulateVulnerabilities(config: ImageScanConfig): ImageVulnerability[];
+  private evaluateScanResult(config: ImageScanConfig, summary: VulnerabilitySummary): boolean;
+  createPolicy(policy: Omit<ScanPolicy, 'id'>): ScanPolicy;
+  createStrictPolicy(name: string): ScanPolicy;
+  createPermissivePolicy(name: string): ScanPolicy;
+  getConfig(id: string): ImageScanConfig | undefined;
+  listConfigs(): ImageScanConfig[];
+  getResult(id: string): ImageScanResult | undefined;
+  listResults(): ImageScanResult[];
+  generateECRScanCF(config: ImageScanConfig): any;
+  clear(): void;
+}

package/dist/containers/index.d.ts

@@ -0,0 +1,4 @@
+export * from './image-scanning';
+export * from './build-optimization';
+export * from './registry';
+export * from './service-mesh';