@stacksjs/ts-cloud 0.1.3 → 0.1.5

package/dist/push/apns.d.ts

@@ -0,0 +1,60 @@
+export declare interface APNsConfig {
+  keyId: string
+  teamId: string
+  privateKey: string
+  bundleId: string
+  production?: boolean
+}
+export declare interface APNsNotification {
+  deviceToken: string
+  title?: string
+  subtitle?: string
+  body?: string
+  badge?: number
+  sound?: string | { name: string; critical?: number; volume?: number }
+  category?: string
+  threadId?: string
+  data?: Record<string, any>
+  contentAvailable?: boolean
+  mutableContent?: boolean
+  pushType?: 'alert' | 'background' | 'voip' | 'complication' | 'fileprovider' | 'mdm' | 'liveactivity'
+  priority?: 5 | 10
+  expiration?: number
+  collapseId?: string
+  targetContentId?: string
+}
+export declare interface APNsSendResult {
+  success: boolean
+  deviceToken: string
+  apnsId?: string
+  statusCode?: number
+  error?: string
+  reason?: string
+  timestamp?: number
+}
+export declare interface APNsBatchResult {
+  sent: number
+  failed: number
+  results: APNsSendResult[]
+}
+/**
+ * Apple Push Notification Service client
+ */
+export declare class APNsClient {
+  private config: APNsConfig;
+  private token: string | null;
+  private tokenGeneratedAt: number;
+  private client: http2.ClientHttp2Session | null;
+  private host: string;
+  constructor(config: APNsConfig);
+  private generateToken(): string;
+  private derToRaw(derSignature: Buffer): Buffer;
+  private getClient(): Promise<http2.ClientHttp2Session>;
+  private buildPayload(notification: APNsNotification): object;
+  send(notification: APNsNotification): Promise<APNsSendResult>;
+  sendBatch(notifications: APNsNotification[], options?: { concurrency?: number }): Promise<APNsBatchResult>;
+  sendSimple(deviceToken: string, title: string, body: string, data?: Record<string, any>): Promise<APNsSendResult>;
+  sendSilent(deviceToken: string, data?: Record<string, any>): Promise<APNsSendResult>;
+  close(): void;
+}
+export default APNsClient;

package/dist/push/fcm.d.ts

@@ -0,0 +1,117 @@
+export declare interface FCMConfig {
+  projectId: string
+  clientEmail: string
+  privateKey: string
+}
+export declare interface FCMNotification {
+  token?: string
+  topic?: string
+  condition?: string
+  title?: string
+  body?: string
+  imageUrl?: string
+  data?: Record<string, string>
+  android?: {
+    /** Channel ID for Android O+ */
+    channelId?: string
+    /** Notification priority */
+    priority?: 'normal' | 'high'
+    /** Time to live in seconds */
+    ttl?: number
+    /** Collapse key for message deduplication */
+    collapseKey?: string
+    /** Notification icon */
+    icon?: string
+    /** Notification icon color (hex) */
+    color?: string
+    /** Sound to play */
+    sound?: string
+    /** Click action */
+    clickAction?: string
+    /** Tag for notification replacement */
+    tag?: string
+    /** Direct boot aware */
+    directBootOk?: boolean
+    /** Visibility: private, public, secret */
+    visibility?: 'private' | 'public' | 'secret'
+    /** Notification count */
+    notificationCount?: number
+  }
+  webpush?: {
+    /** Web notification options */
+    notification?: {
+      title?: string
+      body?: string
+      icon?: string
+      badge?: string
+      image?: string
+      requireInteraction?: boolean
+      silent?: boolean
+      tag?: string
+      actions?: Array<{ action: string; title: string; icon?: string }>
+    }
+    /** FCM options for web */
+    fcmOptions?: {
+      link?: string
+      analyticsLabel?: string
+    }
+    /** Custom headers */
+    headers?: Record<string, string>
+    /** Custom data */
+    data?: Record<string, string>
+  }
+  apns?: {
+    /** APNs headers */
+    headers?: Record<string, string>
+    /** APNs payload */
+    payload?: {
+      aps?: Record<string, any>
+      [key: string]: any
+    }
+    /** FCM options */
+    fcmOptions?: {
+      analyticsLabel?: string
+      image?: string
+    }
+  }
+  fcmOptions?: {
+    analyticsLabel?: string
+  }
+}
+export declare interface FCMSendResult {
+  success: boolean
+  messageId?: string
+  error?: string
+  errorCode?: string
+}
+export declare interface FCMBatchResult {
+  sent: number
+  failed: number
+  results: Array<FCMSendResult & { token?: string }>
+}
+/**
+ * Firebase Cloud Messaging client
+ */
+export declare class FCMClient {
+  private config: FCMConfig;
+  private accessToken: string | null;
+  private tokenExpiresAt: number;
+  constructor(config: FCMConfig);
+  static fromServiceAccount(serviceAccount: {
+    project_id: string
+    client_email: string
+    private_key: string
+  }): FCMClient;
+  private generateJWT(): string;
+  private getAccessToken(): Promise<string>;
+  private buildMessage(notification: FCMNotification): object;
+  send(notification: FCMNotification): Promise<FCMSendResult>;
+  sendBatch(tokens: string[], notification: Omit<FCMNotification, 'token' | 'topic' | 'condition'>, options?: { concurrency?: number }): Promise<FCMBatchResult>;
+  sendToTopic(topic: string, notification: Omit<FCMNotification, 'token' | 'topic' | 'condition'>): Promise<FCMSendResult>;
+  sendToCondition(condition: string, notification: Omit<FCMNotification, 'token' | 'topic' | 'condition'>): Promise<FCMSendResult>;
+  sendSimple(token: string, title: string, body: string, data?: Record<string, string>): Promise<FCMSendResult>;
+  sendSilent(token: string, data: Record<string, string>): Promise<FCMSendResult>;
+  subscribeToTopic(tokens: string[], topic: string): Promise<{ success: boolean; error?: string }>;
+  unsubscribeFromTopic(tokens: string[], topic: string): Promise<{ success: boolean; error?: string }>;
+}
+export default FCMClient;

package/dist/push/index.d.ts

@@ -0,0 +1,14 @@
+export type {
+  APNsConfig,
+  APNsNotification,
+  APNsSendResult,
+  APNsBatchResult,
+} from './apns';
+export type {
+  FCMConfig,
+  FCMNotification,
+  FCMSendResult,
+  FCMBatchResult,
+} from './fcm';
+export * from './apns';
+export * from './fcm';

package/dist/security/pre-deploy-scanner.d.ts

@@ -0,0 +1,69 @@
+/**
+ * Convenience function to scan a directory
+ */
+export declare function scanForSecrets(options: ScanOptions): Promise<ScanResult>;
+/**
+ * Format scan results for CLI output
+ */
+export declare function formatScanResults(result: ScanResult): string;
+/**
+ * Common secret patterns to detect
+ */
+export declare const SECRET_PATTERNS: SecretPattern[];
+export declare interface SecretPattern {
+  name: string
+  pattern: RegExp
+  severity: 'critical' | 'high' | 'medium' | 'low'
+  description: string
+}
+export declare interface SecurityFinding {
+  file: string
+  line: number
+  column: number
+  match: string
+  pattern: SecretPattern
+  context: string
+}
+export declare interface ScanResult {
+  passed: boolean
+  findings: SecurityFinding[]
+  scannedFiles: number
+  duration: number
+  summary: {
+    critical: number
+    high: number
+    medium: number
+    low: number
+  }
+}
+export declare interface ScanOptions {
+  directory: string
+  exclude?: string[]
+  include?: string[]
+  skipPatterns?: string[]
+  maxFileSize?: number
+  failOnSeverity?: 'critical' | 'high' | 'medium' | 'low'
+}
+/**
+ * Pre-deployment security scanner
+ */
+export declare class PreDeployScanner {
+  private patterns: SecretPattern[];
+  private excludeDirs: string[];
+  private excludeFiles: string[];
+  private maxFileSize: number;
+  constructor(options?: {
+    customPatterns?: SecretPattern[]
+    excludeDirs?: string[]
+    excludeFiles?: string[]
+    maxFileSize?: number
+  });
+  scan(options: ScanOptions): Promise<ScanResult>;
+  private scanContent(content: string, filePath: string, skipPatterns: string[]): SecurityFinding[];
+  private isLikelyPlaceholder(match: string, context: string): boolean;
+  private maskSecret(value: string): string;
+  private getFilesToScan(dir: string, excludeDirs: string[], includeExtensions?: string[]): string[];
+  private shouldExcludeFile(filePath: string): boolean;
+  addPattern(pattern: SecretPattern): void;
+  getPatterns(): SecretPattern[];
+}

package/dist/ssl/acme-client.d.ts

@@ -0,0 +1,67 @@
+// ACME Directory URLs
+export declare const ACME_DIRECTORIES: {
+  production: 'https://acme-v02.api.letsencrypt.org/directory';
+  staging: 'https://acme-staging-v02.api.letsencrypt.org/directory'
+};
+export declare interface AcmeClientOptions {
+  staging?: boolean
+  email: string
+  accountKey?: string
+}
+export declare interface AcmeChallenge {
+  type: 'http-01' | 'dns-01'
+  token: string
+  keyAuthorization: string
+  identifier: string
+  dnsValue?: string
+}
+export declare interface AcmeCertificate {
+  certificate: string
+  privateKey: string
+  chain: string
+  fullchain: string
+  expiresAt: Date
+}
+declare interface AcmeDirectory {
+  newNonce: string
+  newAccount: string
+  newOrder: string
+  revokeCert: string
+  keyChange: string
+}
+/**
+ * ACME Client for Let's Encrypt certificate management
+ */
+export declare class AcmeClient {
+  private directoryUrl: string;
+  private email: string;
+  private accountKey: string;
+  private accountUrl: string | null;
+  private directory: AcmeDirectory | null;
+  private nonce: string | null;
+  constructor(options: AcmeClientOptions);
+  private generateAccountKey(): string;
+  private getDirectory(): Promise<AcmeDirectory>;
+  private getNonce(): Promise<string>;
+  private getJwk(): Record<string, string>;
+  private getJwkThumbprint(): string;
+  private base64UrlEncode(data: Buffer | string): string;
+  private signPayload(url: string, payload: any): Promise<string>;
+  private acmeRequest(url: string, payload: any): Promise<{ body: any; headers: Headers }>;
+  registerAccount(): Promise<string>;
+  createOrder(domains: string[]): Promise<{
+    orderUrl: string
+    authorizations: string[]
+    finalize: string
+  }>;
+  getAuthorization(authUrl: string): Promise<{
+    domain: string
+    challenges: AcmeChallenge[]
+  }>;
+  respondToChallenge(challengeUrl: string): Promise<void>;
+  waitForAuthorization(authUrl: string, maxAttempts?: any): Promise<void>;
+  private generateCsr(domains: string[]): { csr: string; privateKey: string };
+  private createSimpleCsr(domains: string[], privateKey: any): string;
+  finalizeOrder(finalizeUrl: string, domains: string[]): Promise<AcmeCertificate>;
+  getAccountKey(): string;
+}

package/dist/ssl/index.d.ts

@@ -0,0 +1,2 @@
+export * from './letsencrypt';
+export * from './acme-client';

package/dist/ssl/letsencrypt.d.ts

@@ -0,0 +1,48 @@
+import type { DnsProviderConfig } from '../dns/types';
+/**
+ * Generate UserData script for Let's Encrypt certificate setup on EC2
+ * This creates a complete setup that handles certificate acquisition and renewal
+ */
+export declare function generateLetsEncryptUserData(config: LetsEncryptConfig): string;
+/**
+ * Generate server configuration for HTTPS with Let's Encrypt
+ */
+export declare function generateHttpsServerCode(options: {
+  httpPort?: number
+  httpsPort?: number
+  certPath?: string
+  redirectHttp?: boolean
+}): string;
+/**
+ * Setup DNS-01 challenge programmatically using any DNS provider
+ * This is the unified API that works with Route53, Porkbun, GoDaddy, etc.
+ */
+export declare function setupDns01Challenge(options: Dns01ChallengeConfig): Promise<void>;
+/**
+ * Clean up DNS-01 challenge record using any DNS provider
+ */
+export declare function cleanupDns01Challenge(options: Dns01ChallengeConfig): Promise<void>;
+/**
+ * Check if certificates need renewal (< 30 days until expiry)
+ */
+export declare function needsRenewal(certPath: string): boolean;
+export declare interface LetsEncryptConfig {
+  domains: string[]
+  email: string
+  staging?: boolean
+  challengeType?: 'http-01' | 'dns-01'
+  hostedZoneId?: string
+  dnsProvider?: DnsProviderConfig
+  certPath?: string
+  autoRenew?: boolean
+}
+/**
+ * DNS-01 challenge configuration for programmatic use
+ */
+export declare interface Dns01ChallengeConfig {
+  domain: string
+  challengeValue: string
+  hostedZoneId?: string
+  dnsProvider?: DnsProviderConfig
+  region?: string
+}

package/dist/types.d.ts

@@ -0,0 +1 @@
+export * from '@stacksjs/ts-cloud-types';

package/dist/utils/cli.d.ts

@@ -0,0 +1,123 @@
+/**
+ * Colorize text
+ */
+export declare function colorize(text: string, color: keyof typeof colors): string;
+/**
+ * Success message
+ */
+export declare function success(message: string): void;
+/**
+ * Error message
+ */
+export declare function error(message: string): void;
+/**
+ * Warning message
+ */
+export declare function warn(message: string): void;
+/**
+ * Info message
+ */
+export declare function info(message: string): void;
+/**
+ * Step message
+ */
+export declare function step(message: string): void;
+/**
+ * Header message
+ */
+export declare function header(message: string): void;
+/**
+ * Prompt for user input
+ */
+export declare function prompt(message: string, defaultValue?: string): Promise<string>;
+/**
+ * Prompt for confirmation (yes/no)
+ */
+export declare function confirm(message: string, defaultValue?: any): Promise<boolean>;
+/**
+ * Select from a list of options
+ */
+export declare function select(message: string, options: string[]): Promise<string>;
+/**
+ * Format a table
+ */
+export declare function table(headers: string[], rows: string[][]): void;
+/**
+ * Format bytes to human readable
+ */
+export declare function formatBytes(bytes: number): string;
+/**
+ * Format duration to human readable
+ */
+export declare function formatDuration(ms: number): string;
+/**
+ * Box a message
+ */
+export declare function box(message: string, color?: keyof typeof colors): void;
+/**
+ * Check if AWS CLI is installed (deprecated - no longer required)
+ * @deprecated AWS CLI is no longer required. Use checkAwsCredentials() instead.
+ */
+export declare function checkAwsCli(): Promise<boolean>;
+/**
+ * Check if AWS credentials are configured
+ * Uses direct API call to STS GetCallerIdentity
+ */
+export declare function checkAwsCredentials(): Promise<boolean>;
+/**
+ * Get AWS account ID using direct STS API call
+ */
+export declare function getAwsAccountId(): Promise<string | null>;
+/**
+ * Get AWS regions using direct EC2 API call
+ */
+export declare function getAwsRegions(): Promise<string[]>;
+/**
+ * CLI Utility Functions
+ * Helpers for colored output, spinners, prompts, and formatting
+ */
+// ANSI color codes
+export declare const colors: {
+  reset: '\x1B[0m';
+  bright: '\x1B[1m';
+  dim: '\x1B[2m';
+  red: '\x1B[31m';
+  green: '\x1B[32m';
+  yellow: '\x1B[33m';
+  blue: '\x1B[34m';
+  magenta: '\x1B[35m';
+  cyan: '\x1B[36m';
+  white: '\x1B[37m';
+  gray: '\x1B[90m'
+};
+/**
+ * Warning message (alias)
+ */
+export declare const warning: typeof warn;
+/**
+ * Simple spinner
+ */
+export declare class Spinner {
+  private frames: any;
+  private interval: Timer | null;
+  private currentFrame: any;
+  private message: string;
+  constructor(message: string);
+  start(): void;
+  succeed(message?: string): void;
+  fail(message?: string): void;
+  warn(message?: string): void;
+  stop(): void;
+}
+/**
+ * Progress bar
+ */
+export declare class ProgressBar {
+  private total: number;
+  private current: any;
+  private width: any;
+  constructor(total: number);
+  update(current: number): void;
+  increment(): void;
+  private render(): void;
+}

package/dist/validation/index.d.ts

@@ -0,0 +1 @@
+export * from './template';

package/dist/validation/template.d.ts

@@ -0,0 +1,23 @@
+import type { CloudFormationTemplate } from '@stacksjs/ts-cloud-aws-types';
+/**
+ * Validate a CloudFormation template
+ */
+export declare function validateTemplate(template: CloudFormationTemplate): ValidationResult;
+/**
+ * Validate template size
+ */
+export declare function validateTemplateSize(templateBody: string): ValidationResult;
+/**
+ * Validate template resource limits
+ */
+export declare function validateResourceLimits(template: CloudFormationTemplate): ValidationResult;
+export declare interface ValidationError {
+  path: string
+  message: string
+  severity: 'error' | 'warning'
+}
+export declare interface ValidationResult {
+  valid: boolean
+  errors: ValidationError[]
+  warnings: ValidationError[]
+}

package/package.json

@@ -1,17 +1,17 @@
 {
   "name": "@stacksjs/ts-cloud",
   "type": "module",
-  "version": "0.1.3",
+  "version": "0.1.5",
   "description": "A lightweight, performant infrastructure-as-code library and CLI for deploying both server-based (EC2) and serverless applications.",
   "author": "Chris Breuer <chris@stacksjs.com>",
   "license": "MIT",
-  "homepage": "https://github.com/stacksjs/cloud#readme",
+  "homepage": "https://github.com/stacksjs/ts-cloud#readme",
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/stacksjs/cloud.git"
+    "url": "git+https://github.com/stacksjs/ts-cloud.git"
   },
   "bugs": {
-    "url": "https://github.com/stacksjs/cloud/issues"
+    "url": "https://github.com/stacksjs/ts-cloud/issues"
   },
   "keywords": [
     "typescript",
@@ -84,10 +84,10 @@
     "test": "bun test"
   },
   "dependencies": {
-    "@stacksjs/ts-cloud-aws-types": "workspace:*",
-    "@stacksjs/ts-cloud-core": "workspace:*",
-    "@stacksjs/ts-cloud-types": "workspace:*",
-    "fast-xml-parser": "^5.3.4"
+    "@stacksjs/ts-cloud-aws-types": "0.1.5",
+    "@stacksjs/ts-cloud-core": "0.1.5",
+    "@stacksjs/ts-cloud-types": "0.1.5",
+    "fast-xml-parser": "^5.3.5"
   },
   "devDependencies": {
     "bunfig": "^0.15.6",