npm - @stacksjs/ts-cloud - Versions diffs - 0.1.3 → 0.1.6 - Mend

@stacksjs/ts-cloud 0.1.3 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (187) hide show

package/README.md +98 -13
package/dist/aws/acm.d.ts +129 -0
package/dist/aws/application-autoscaling.d.ts +282 -0
package/dist/aws/bedrock.d.ts +2292 -0
package/dist/aws/client.d.ts +79 -0
package/dist/aws/cloudformation.d.ts +105 -0
package/dist/aws/cloudfront.d.ts +265 -0
package/dist/aws/cloudwatch-logs.d.ts +48 -0
package/dist/aws/comprehend.d.ts +505 -0
package/dist/aws/connect.d.ts +377 -0
package/dist/aws/deploy-imap.d.ts +14 -0
package/dist/aws/dynamodb.d.ts +176 -0
package/dist/aws/ec2.d.ts +272 -0
package/dist/aws/ecr.d.ts +149 -0
package/dist/aws/ecs.d.ts +162 -0
package/dist/aws/elasticache.d.ts +71 -0
package/dist/aws/elbv2.d.ts +248 -0
package/dist/aws/email.d.ts +175 -0
package/dist/aws/eventbridge.d.ts +142 -0
package/dist/aws/iam.d.ts +638 -0
package/dist/aws/imap-server.d.ts +119 -0
package/{src/aws/index.ts → dist/aws/index.d.ts} +62 -83
package/{src/aws/kendra.ts → dist/aws/kendra.d.ts} +71 -386
package/dist/aws/lambda.d.ts +232 -0
package/dist/aws/opensearch.d.ts +87 -0
package/dist/aws/personalize.d.ts +516 -0
package/dist/aws/polly.d.ts +214 -0
package/dist/aws/rds.d.ts +240 -0
package/dist/aws/rekognition.d.ts +543 -0
package/dist/aws/route53-domains.d.ts +113 -0
package/dist/aws/route53.d.ts +215 -0
package/dist/aws/s3.d.ts +212 -0
package/dist/aws/scheduler.d.ts +140 -0
package/dist/aws/secrets-manager.d.ts +170 -0
package/dist/aws/ses.d.ts +288 -0
package/dist/aws/setup-phone.d.ts +0 -0
package/dist/aws/setup-sms.d.ts +115 -0
package/dist/aws/sms.d.ts +304 -0
package/dist/aws/smtp-server.d.ts +61 -0
package/dist/aws/sns.d.ts +117 -0
package/dist/aws/sqs.d.ts +65 -0
package/dist/aws/ssm.d.ts +179 -0
package/dist/aws/sts.d.ts +15 -0
package/dist/aws/support.d.ts +104 -0
package/dist/aws/test-imap.d.ts +0 -0
package/dist/aws/textract.d.ts +403 -0
package/dist/aws/transcribe.d.ts +60 -0
package/dist/aws/translate.d.ts +358 -0
package/dist/aws/voice.d.ts +219 -0
package/dist/bin/cli.js +1724 -0
package/dist/config.d.ts +7 -0
package/dist/deploy/index.d.ts +2 -0
package/dist/deploy/static-site-external-dns.d.ts +51 -0
package/dist/deploy/static-site.d.ts +71 -0
package/dist/dns/cloudflare.d.ts +52 -0
package/dist/dns/godaddy.d.ts +38 -0
package/dist/dns/index.d.ts +45 -0
package/dist/dns/porkbun.d.ts +18 -0
package/dist/dns/route53-adapter.d.ts +38 -0
package/{src/dns/types.ts → dist/dns/types.d.ts} +26 -63
package/dist/dns/validator.d.ts +78 -0
package/dist/generators/index.d.ts +1 -0
package/dist/generators/infrastructure.d.ts +30 -0
package/{src/index.ts → dist/index.d.ts} +70 -93
package/dist/index.js +7881 -0
package/dist/push/apns.d.ts +60 -0
package/dist/push/fcm.d.ts +117 -0
package/dist/push/index.d.ts +14 -0
package/dist/security/pre-deploy-scanner.d.ts +69 -0
package/dist/ssl/acme-client.d.ts +67 -0
package/dist/ssl/index.d.ts +2 -0
package/dist/ssl/letsencrypt.d.ts +48 -0
package/dist/types.d.ts +1 -0
package/dist/utils/cli.d.ts +123 -0
package/dist/validation/index.d.ts +1 -0
package/dist/validation/template.d.ts +23 -0
package/package.json +8 -8
package/bin/cli.ts +0 -133
package/bin/commands/analytics.ts +0 -328
package/bin/commands/api.ts +0 -379
package/bin/commands/assets.ts +0 -221
package/bin/commands/audit.ts +0 -501
package/bin/commands/backup.ts +0 -682
package/bin/commands/cache.ts +0 -294
package/bin/commands/cdn.ts +0 -281
package/bin/commands/config.ts +0 -202
package/bin/commands/container.ts +0 -105
package/bin/commands/cost.ts +0 -208
package/bin/commands/database.ts +0 -401
package/bin/commands/deploy.ts +0 -674
package/bin/commands/domain.ts +0 -397
package/bin/commands/email.ts +0 -423
package/bin/commands/environment.ts +0 -285
package/bin/commands/events.ts +0 -424
package/bin/commands/firewall.ts +0 -145
package/bin/commands/function.ts +0 -116
package/bin/commands/generate.ts +0 -280
package/bin/commands/git.ts +0 -139
package/bin/commands/iam.ts +0 -464
package/bin/commands/index.ts +0 -48
package/bin/commands/init.ts +0 -120
package/bin/commands/logs.ts +0 -148
package/bin/commands/network.ts +0 -579
package/bin/commands/notify.ts +0 -489
package/bin/commands/queue.ts +0 -407
package/bin/commands/scheduler.ts +0 -370
package/bin/commands/secrets.ts +0 -54
package/bin/commands/server.ts +0 -629
package/bin/commands/shared.ts +0 -97
package/bin/commands/ssl.ts +0 -138
package/bin/commands/stack.ts +0 -325
package/bin/commands/status.ts +0 -385
package/bin/commands/storage.ts +0 -450
package/bin/commands/team.ts +0 -96
package/bin/commands/tunnel.ts +0 -489
package/bin/commands/utils.ts +0 -202
package/build.ts +0 -15
package/cloud +0 -2
package/src/aws/acm.ts +0 -768
package/src/aws/application-autoscaling.ts +0 -845
package/src/aws/bedrock.ts +0 -4074
package/src/aws/client.ts +0 -878
package/src/aws/cloudformation.ts +0 -896
package/src/aws/cloudfront.ts +0 -1531
package/src/aws/cloudwatch-logs.ts +0 -154
package/src/aws/comprehend.ts +0 -839
package/src/aws/connect.ts +0 -1056
package/src/aws/deploy-imap.ts +0 -384
package/src/aws/dynamodb.ts +0 -340
package/src/aws/ec2.ts +0 -1385
package/src/aws/ecr.ts +0 -621
package/src/aws/ecs.ts +0 -615
package/src/aws/elasticache.ts +0 -301
package/src/aws/elbv2.ts +0 -942
package/src/aws/email.ts +0 -928
package/src/aws/eventbridge.ts +0 -248
package/src/aws/iam.ts +0 -1689
package/src/aws/imap-server.ts +0 -2100
package/src/aws/lambda.ts +0 -786
package/src/aws/opensearch.ts +0 -158
package/src/aws/personalize.ts +0 -977
package/src/aws/polly.ts +0 -559
package/src/aws/rds.ts +0 -888
package/src/aws/rekognition.ts +0 -846
package/src/aws/route53-domains.ts +0 -359
package/src/aws/route53.ts +0 -1046
package/src/aws/s3.ts +0 -2318
package/src/aws/scheduler.ts +0 -571
package/src/aws/secrets-manager.ts +0 -769
package/src/aws/ses.ts +0 -1081
package/src/aws/setup-phone.ts +0 -104
package/src/aws/setup-sms.ts +0 -580
package/src/aws/sms.ts +0 -1735
package/src/aws/smtp-server.ts +0 -531
package/src/aws/sns.ts +0 -758
package/src/aws/sqs.ts +0 -382
package/src/aws/ssm.ts +0 -807
package/src/aws/sts.ts +0 -92
package/src/aws/support.ts +0 -391
package/src/aws/test-imap.ts +0 -86
package/src/aws/textract.ts +0 -780
package/src/aws/transcribe.ts +0 -108
package/src/aws/translate.ts +0 -641
package/src/aws/voice.ts +0 -1379
package/src/config.ts +0 -35
package/src/deploy/index.ts +0 -7
package/src/deploy/static-site-external-dns.ts +0 -906
package/src/deploy/static-site.ts +0 -1125
package/src/dns/godaddy.ts +0 -412
package/src/dns/index.ts +0 -183
package/src/dns/porkbun.ts +0 -362
package/src/dns/route53-adapter.ts +0 -414
package/src/dns/validator.ts +0 -369
package/src/generators/index.ts +0 -5
package/src/generators/infrastructure.ts +0 -1660
package/src/push/apns.ts +0 -452
package/src/push/fcm.ts +0 -506
package/src/push/index.ts +0 -58
package/src/ssl/acme-client.ts +0 -478
package/src/ssl/index.ts +0 -7
package/src/ssl/letsencrypt.ts +0 -747
package/src/types.ts +0 -2
package/src/utils/cli.ts +0 -398
package/src/validation/index.ts +0 -5
package/src/validation/template.ts +0 -405
package/test/index.test.ts +0 -128
package/tsconfig.json +0 -18

package/src/aws/s3.ts DELETED Viewed

@@ -1,2318 +0,0 @@
-/**
- * AWS S3 Operations
- * Direct API calls without AWS CLI dependency
- */
-import * as crypto from 'node:crypto'
-import { AWSClient } from './client'
-import { readdir, stat } from 'node:fs/promises'
-import { join } from 'node:path'
-import { readFileSync } from 'node:fs'
-export interface S3SyncOptions {
-  source: string
-  bucket: string
-  prefix?: string
-  delete?: boolean
-  acl?: 'private' | 'public-read' | 'public-read-write' | 'authenticated-read'
-  cacheControl?: string
-  contentType?: string
-  metadata?: Record<string, string>
-  exclude?: string[]
-  include?: string[]
-  dryRun?: boolean
-}
-export interface S3CopyOptions {
-  source: string
-  bucket: string
-  key: string
-  acl?: 'private' | 'public-read' | 'public-read-write' | 'authenticated-read'
-  cacheControl?: string
-  contentType?: string
-  metadata?: Record<string, string>
-}
-export interface S3ListOptions {
-  bucket: string
-  prefix?: string
-  maxKeys?: number
-}
-export interface S3Object {
-  Key: string
-  LastModified: string
-  Size: number
-  ETag?: string
-}
-/**
- * S3 client using direct API calls
- */
-export class S3Client {
-  private client: AWSClient
-  private region: string
-  constructor(region: string = 'us-east-1', profile?: string) {
-    this.region = region
-    this.client = new AWSClient()
-  }
-  /**
-   * Get AWS credentials from environment or credentials file
-   */
-  private getCredentials(): { accessKeyId: string, secretAccessKey: string, sessionToken?: string } {
-    // 1. Check environment variables first
-    const envAccessKey = process.env.AWS_ACCESS_KEY_ID
-    const envSecretKey = process.env.AWS_SECRET_ACCESS_KEY
-    const envSessionToken = process.env.AWS_SESSION_TOKEN
-    if (envAccessKey && envSecretKey) {
-      return { accessKeyId: envAccessKey, secretAccessKey: envSecretKey, sessionToken: envSessionToken }
-    }
-    // 2. Try to load from ~/.aws/credentials file
-    const fileCreds = this.loadCredentialsFromFile()
-    if (fileCreds) {
-      return fileCreds
-    }
-    throw new Error('AWS credentials not found. Set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables, or configure ~/.aws/credentials.')
-  }
-  /**
-   * Load credentials from ~/.aws/credentials file
-   */
-  private loadCredentialsFromFile(): { accessKeyId: string, secretAccessKey: string, sessionToken?: string } | null {
-    try {
-      const { existsSync, readFileSync } = require('node:fs')
-      const { homedir } = require('node:os')
-      const { join: pathJoin } = require('node:path')
-      const profile = process.env.AWS_PROFILE || 'default'
-      const credentialsPath = process.env.AWS_SHARED_CREDENTIALS_FILE || pathJoin(homedir(), '.aws', 'credentials')
-      if (!existsSync(credentialsPath)) {
-        return null
-      }
-      const content = readFileSync(credentialsPath, 'utf-8')
-      const lines = content.split('\n')
-      let currentProfile = ''
-      let accessKeyId = ''
-      let secretAccessKey = ''
-      let sessionToken: string | undefined
-      for (const line of lines) {
-        const trimmed = line.trim()
-        if (!trimmed || trimmed.startsWith('#')) continue
-        const profileMatch = trimmed.match(/^\[([^\]]+)\]$/)
-        if (profileMatch) {
-          currentProfile = profileMatch[1]
-          continue
-        }
-        if (currentProfile === profile) {
-          const [key, ...valueParts] = trimmed.split('=')
-          const value = valueParts.join('=').trim()
-          if (key.trim() === 'aws_access_key_id') {
-            accessKeyId = value
-          } else if (key.trim() === 'aws_secret_access_key') {
-            secretAccessKey = value
-          } else if (key.trim() === 'aws_session_token') {
-            sessionToken = value
-          }
-        }
-      }
-      if (accessKeyId && secretAccessKey) {
-        return { accessKeyId, secretAccessKey, sessionToken }
-      }
-    } catch {
-      // Failed to read credentials file
-    }
-    return null
-  }
-  /**
-   * List all S3 buckets in the account
-   */
-  async listBuckets(): Promise<{ Buckets: Array<{ Name: string, CreationDate?: string }> }> {
-    const result = await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'GET',
-      path: '/',
-    })
-    const buckets: Array<{ Name: string, CreationDate?: string }> = []
-    const bucketList = result?.ListAllMyBucketsResult?.Buckets?.Bucket
-    if (bucketList) {
-      const list = Array.isArray(bucketList) ? bucketList : [bucketList]
-      for (const b of list) {
-        buckets.push({
-          Name: b.Name,
-          CreationDate: b.CreationDate,
-        })
-      }
-    }
-    return { Buckets: buckets }
-  }
-  /**
-   * Create an S3 bucket
-   */
-  async createBucket(bucket: string, options?: { acl?: string }): Promise<void> {
-    const headers: Record<string, string> = {}
-    if (options?.acl) {
-      headers['x-amz-acl'] = options.acl
-    }
-    // For us-east-1, don't include LocationConstraint
-    // For other regions, include it in the body
-    let body: string | undefined
-    if (this.region !== 'us-east-1') {
-      body = `<?xml version="1.0" encoding="UTF-8"?>
-<CreateBucketConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
-  <LocationConstraint>${this.region}</LocationConstraint>
-</CreateBucketConfiguration>`
-      headers['Content-Type'] = 'application/xml'
-    }
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'PUT',
-      path: `/${bucket}`,
-      headers,
-      body,
-    })
-  }
-  /**
-   * Delete an S3 bucket (must be empty)
-   */
-  async deleteBucket(bucket: string): Promise<void> {
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'DELETE',
-      path: `/${bucket}`,
-    })
-  }
-  /**
-   * Empty and delete an S3 bucket
-   */
-  async emptyAndDeleteBucket(bucket: string): Promise<void> {
-    // First list and delete all objects
-    let hasMore = true
-    while (hasMore) {
-      const objects = await this.listAllObjects({ bucket })
-      if (objects.length === 0) {
-        hasMore = false
-        break
-      }
-      // Delete in batches of 1000 (S3 limit)
-      const keys = objects.map(obj => obj.Key)
-      for (let i = 0; i < keys.length; i += 1000) {
-        const batch = keys.slice(i, i + 1000)
-        await this.deleteObjects(bucket, batch)
-      }
-    }
-    // Now delete the bucket
-    await this.deleteBucket(bucket)
-  }
-  /**
-   * List all objects in a bucket (handles pagination)
-   */
-  async listAllObjects(options: S3ListOptions): Promise<S3Object[]> {
-    const allObjects: S3Object[] = []
-    let continuationToken: string | undefined
-    do {
-      const params: Record<string, any> = {
-        'list-type': '2',
-        'max-keys': '1000',
-      }
-      if (options.prefix) {
-        params.prefix = options.prefix
-      }
-      if (continuationToken) {
-        params['continuation-token'] = continuationToken
-      }
-      const result = await this.client.request({
-        service: 's3',
-        region: this.region,
-        method: 'GET',
-        path: `/${options.bucket}`,
-        queryParams: params,
-      })
-      const contents = result?.ListBucketResult?.Contents
-      if (contents) {
-        const list = Array.isArray(contents) ? contents : [contents]
-        for (const obj of list) {
-          allObjects.push({
-            Key: obj.Key,
-            LastModified: obj.LastModified || '',
-            Size: Number.parseInt(obj.Size || '0'),
-            ETag: obj.ETag,
-          })
-        }
-      }
-      // Check for more results
-      const isTruncated = result?.ListBucketResult?.IsTruncated
-      continuationToken = isTruncated === 'true' || isTruncated === true
-        ? result?.ListBucketResult?.NextContinuationToken
-        : undefined
-    } while (continuationToken)
-    return allObjects
-  }
-  /**
-   * List objects in S3 bucket
-   */
-  async list(options: S3ListOptions): Promise<S3Object[]> {
-    // Use path-style URL without query params for simpler signing
-    const result = await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'GET',
-      path: `/${options.bucket}`,
-    })
-    // Parse S3 XML response
-    const objects: S3Object[] = []
-    // Handle ListBucketResult structure from XML parsing
-    const contents = result?.ListBucketResult?.Contents
-    if (contents) {
-      const items = Array.isArray(contents) ? contents : [contents]
-      for (const item of items) {
-        // Filter by prefix if specified
-        if (options.prefix && !item.Key?.startsWith(options.prefix)) {
-          continue
-        }
-        objects.push({
-          Key: item.Key || '',
-          LastModified: item.LastModified || '',
-          Size: Number.parseInt(item.Size || '0'),
-          ETag: item.ETag,
-        })
-        // Respect maxKeys
-        if (options.maxKeys && objects.length >= options.maxKeys) {
-          break
-        }
-      }
-    }
-    return objects
-  }
-  /**
-   * Put object to S3 bucket
-   */
-  async putObject(options: {
-    bucket: string
-    key: string
-    body: string | Buffer | Uint8Array
-    acl?: string
-    cacheControl?: string
-    contentType?: string
-    metadata?: Record<string, string>
-  }): Promise<void> {
-    const headers: Record<string, string> = {}
-    if (options.acl) {
-      headers['x-amz-acl'] = options.acl
-    }
-    if (options.cacheControl) {
-      headers['Cache-Control'] = options.cacheControl
-    }
-    if (options.contentType) {
-      headers['Content-Type'] = options.contentType
-    }
-    if (options.metadata) {
-      for (const [key, value] of Object.entries(options.metadata)) {
-        headers[`x-amz-meta-${key}`] = value
-      }
-    }
-    // Normalize body to Buffer for binary data
-    // Uint8Array needs to be converted to Buffer for proper handling
-    const normalizedBody = options.body instanceof Uint8Array && !Buffer.isBuffer(options.body)
-      ? Buffer.from(options.body)
-      : options.body
-    // For binary data (Buffer/Uint8Array), use direct binary upload
-    if (Buffer.isBuffer(normalizedBody) || (normalizedBody as any) instanceof Uint8Array) {
-      const binaryBody = Buffer.isBuffer(normalizedBody) ? normalizedBody : Buffer.from(normalizedBody)
-      // Actually, for S3 we need to send raw binary, not base64
-      // Let's use Bun's fetch which handles Buffer natively
-      const { accessKeyId, secretAccessKey, sessionToken } = this.getCredentials()
-      const host = `${options.bucket}.s3.${this.region}.amazonaws.com`
-      const url = `https://${host}/${options.key}`
-      const now = new Date()
-      const amzDate = now.toISOString().replace(/[:-]|\.\d{3}/g, '')
-      const dateStamp = now.toISOString().slice(0, 10).replace(/-/g, '')
-      const payloadHash = crypto.createHash('sha256').update(binaryBody).digest('hex')
-      const requestHeaders: Record<string, string> = {
-        'host': host,
-        'x-amz-date': amzDate,
-        'x-amz-content-sha256': payloadHash,
-        ...headers,
-      }
-      if (sessionToken) {
-        requestHeaders['x-amz-security-token'] = sessionToken
-      }
-      // Create canonical request
-      const canonicalHeaders = Object.keys(requestHeaders)
-        .sort()
-        .map(key => `${key.toLowerCase()}:${requestHeaders[key].trim()}\n`)
-        .join('')
-      const signedHeaders = Object.keys(requestHeaders)
-        .sort()
-        .map(key => key.toLowerCase())
-        .join(';')
-      const canonicalRequest = [
-        'PUT',
-        `/${options.key}`,
-        '',
-        canonicalHeaders,
-        signedHeaders,
-        payloadHash,
-      ].join('\n')
-      // Create string to sign
-      const algorithm = 'AWS4-HMAC-SHA256'
-      const credentialScope = `${dateStamp}/${this.region}/s3/aws4_request`
-      const stringToSign = [
-        algorithm,
-        amzDate,
-        credentialScope,
-        crypto.createHash('sha256').update(canonicalRequest).digest('hex'),
-      ].join('\n')
-      // Calculate signature
-      const kDate = crypto.createHmac('sha256', `AWS4${secretAccessKey}`).update(dateStamp).digest()
-      const kRegion = crypto.createHmac('sha256', kDate).update(this.region).digest()
-      const kService = crypto.createHmac('sha256', kRegion).update('s3').digest()
-      const kSigning = crypto.createHmac('sha256', kService).update('aws4_request').digest()
-      const signature = crypto.createHmac('sha256', kSigning).update(stringToSign).digest('hex')
-      const authorizationHeader = `${algorithm} Credential=${accessKeyId}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signature}`
-      const response = await fetch(url, {
-        method: 'PUT',
-        headers: {
-          ...requestHeaders,
-          'Authorization': authorizationHeader,
-        },
-        body: binaryBody,
-      })
-      if (!response.ok) {
-        const errorText = await response.text()
-        throw new Error(`S3 PUT failed: ${response.status} ${errorText}`)
-      }
-      return
-    }
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'PUT',
-      path: `/${options.key}`,
-      bucket: options.bucket, // Use virtual-hosted style
-      headers,
-      body: options.body as string,
-    })
-  }
-  /**
-   * Get object from S3 bucket
-   * Returns raw content as string (not parsed as XML)
-   */
-  async getObject(bucket: string, key: string): Promise<string> {
-    const result = await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'GET',
-      path: `/${bucket}/${key}`,
-      rawResponse: true,
-    })
-    return result
-  }
-  /**
-   * Copy object within S3 (server-side copy)
-   */
-  async copyObject(options: {
-    sourceBucket: string
-    sourceKey: string
-    destinationBucket: string
-    destinationKey: string
-    contentType?: string
-    metadata?: Record<string, string>
-    metadataDirective?: 'COPY' | 'REPLACE'
-  }): Promise<void> {
-    const headers: Record<string, string> = {
-      'x-amz-copy-source': `/${options.sourceBucket}/${options.sourceKey}`,
-    }
-    if (options.metadataDirective) {
-      headers['x-amz-metadata-directive'] = options.metadataDirective
-    }
-    if (options.contentType) {
-      headers['Content-Type'] = options.contentType
-    }
-    if (options.metadata) {
-      for (const [key, value] of Object.entries(options.metadata)) {
-        headers[`x-amz-meta-${key}`] = value
-      }
-    }
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'PUT',
-      path: `/${options.destinationBucket}/${options.destinationKey}`,
-      headers,
-    })
-  }
-  /**
-   * Delete object from S3
-   */
-  async deleteObject(bucket: string, key: string): Promise<void> {
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'DELETE',
-      path: `/${bucket}/${key}`,
-    })
-  }
-  /**
-   * Delete multiple objects from S3
-   */
-  async deleteObjects(bucket: string, keys: string[]): Promise<void> {
-    const deleteXml = `<?xml version="1.0" encoding="UTF-8"?>
-<Delete>
-  ${keys.map(key => `<Object><Key>${key}</Key></Object>`).join('\n  ')}
-</Delete>`
-    // S3 DeleteObjects requires Content-MD5 header
-    const contentMd5 = crypto.createHash('md5').update(deleteXml).digest('base64')
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'POST',
-      path: `/${bucket}`,
-      queryParams: { delete: '' },
-      body: deleteXml,
-      headers: {
-        'Content-Type': 'application/xml',
-        'Content-MD5': contentMd5,
-      },
-    })
-  }
-  /**
-   * Check if bucket exists
-   */
-  async bucketExists(bucket: string): Promise<boolean> {
-    try {
-      await this.client.request({
-        service: 's3',
-        region: this.region,
-        method: 'HEAD',
-        path: `/${bucket}`,
-      })
-      return true
-    }
-    catch {
-      return false
-    }
-  }
-  /**
-   * Copy file to S3
-   */
-  async copy(options: S3CopyOptions): Promise<void> {
-    // Read file and upload
-    const fileContent = readFileSync(options.source)
-    await this.putObject({
-      bucket: options.bucket,
-      key: options.key,
-      body: fileContent,
-      acl: options.acl,
-      cacheControl: options.cacheControl,
-      contentType: options.contentType,
-      metadata: options.metadata,
-    })
-  }
-  /**
-   * Sync local directory to S3 bucket
-   * Note: This is a simplified version. For production use, implement proper sync logic
-   */
-  async sync(options: S3SyncOptions): Promise<void> {
-    const files = await this.listFilesRecursive(options.source)
-    for (const file of files) {
-      // Skip excluded files
-      if (options.exclude && options.exclude.some(pattern => file.includes(pattern))) {
-        continue
-      }
-      // Check included files
-      if (options.include && !options.include.some(pattern => file.includes(pattern))) {
-        continue
-      }
-      const relativePath = file.substring(options.source.length + 1)
-      const s3Key = options.prefix ? `${options.prefix}/${relativePath}` : relativePath
-      if (!options.dryRun) {
-        const fileContent = readFileSync(file)
-        await this.putObject({
-          bucket: options.bucket,
-          key: s3Key,
-          body: fileContent,
-          acl: options.acl,
-          cacheControl: options.cacheControl,
-          contentType: options.contentType,
-          metadata: options.metadata,
-        })
-      }
-    }
-  }
-  /**
-   * Delete object from S3 (alias for deleteObject)
-   */
-  async delete(bucket: string, key: string): Promise<void> {
-    await this.deleteObject(bucket, key)
-  }
-  /**
-   * Delete all objects in a prefix
-   */
-  async deletePrefix(bucket: string, prefix: string): Promise<void> {
-    const objects = await this.list({ bucket, prefix })
-    const keys = objects.map(obj => obj.Key)
-    if (keys.length > 0) {
-      await this.deleteObjects(bucket, keys)
-    }
-  }
-  /**
-   * Get bucket size
-   */
-  async getBucketSize(bucket: string, prefix?: string): Promise<number> {
-    const objects = await this.list({ bucket, prefix })
-    return objects.reduce((total, obj) => total + obj.Size, 0)
-  }
-  /**
-   * List files recursively in a directory
-   */
-  private async listFilesRecursive(dir: string): Promise<string[]> {
-    const files: string[] = []
-    const entries = await readdir(dir, { withFileTypes: true })
-    for (const entry of entries) {
-      const fullPath = join(dir, entry.name)
-      if (entry.isDirectory()) {
-        const subFiles = await this.listFilesRecursive(fullPath)
-        files.push(...subFiles)
-      }
-      else {
-        files.push(fullPath)
-      }
-    }
-    return files
-  }
-  /**
-   * Put bucket policy for an S3 bucket
-   * Uses path-style URLs to avoid redirect issues
-   */
-  async putBucketPolicy(bucket: string, policy: object | string): Promise<void> {
-    const { accessKeyId, secretAccessKey, sessionToken } = this.getCredentials()
-    const host = `s3.${this.region}.amazonaws.com`
-    const policyString = typeof policy === 'string' ? policy : JSON.stringify(policy)
-    const now = new Date()
-    const amzDate = now.toISOString().replace(/[:-]|\.\d{3}/g, '')
-    const dateStamp = now.toISOString().slice(0, 10).replace(/-/g, '')
-    const payloadHash = crypto.createHash('sha256').update(policyString).digest('hex')
-    // Use path-style URL: s3.region.amazonaws.com/bucket?policy
-    const canonicalUri = '/' + bucket
-    const canonicalQuerystring = 'policy='
-    const requestHeaders: Record<string, string> = {
-      'host': host,
-      'x-amz-date': amzDate,
-      'x-amz-content-sha256': payloadHash,
-      'content-type': 'application/json',
-    }
-    if (sessionToken) {
-      requestHeaders['x-amz-security-token'] = sessionToken
-    }
-    const canonicalHeaders = Object.keys(requestHeaders)
-      .sort()
-      .map(key => `${key.toLowerCase()}:${requestHeaders[key].trim()}\n`)
-      .join('')
-    const signedHeaders = Object.keys(requestHeaders)
-      .sort()
-      .map(key => key.toLowerCase())
-      .join(';')
-    const canonicalRequest = [
-      'PUT',
-      canonicalUri,
-      canonicalQuerystring,
-      canonicalHeaders,
-      signedHeaders,
-      payloadHash,
-    ].join('\n')
-    const algorithm = 'AWS4-HMAC-SHA256'
-    const credentialScope = `${dateStamp}/${this.region}/s3/aws4_request`
-    const stringToSign = [
-      algorithm,
-      amzDate,
-      credentialScope,
-      crypto.createHash('sha256').update(canonicalRequest).digest('hex'),
-    ].join('\n')
-    const kDate = crypto.createHmac('sha256', 'AWS4' + secretAccessKey).update(dateStamp).digest()
-    const kRegion = crypto.createHmac('sha256', kDate).update(this.region).digest()
-    const kService = crypto.createHmac('sha256', kRegion).update('s3').digest()
-    const kSigning = crypto.createHmac('sha256', kService).update('aws4_request').digest()
-    const signature = crypto.createHmac('sha256', kSigning).update(stringToSign).digest('hex')
-    const authHeader = `${algorithm} Credential=${accessKeyId}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signature}`
-    const url = `https://${host}${canonicalUri}?${canonicalQuerystring}`
-    const response = await fetch(url, {
-      method: 'PUT',
-      headers: {
-        ...requestHeaders,
-        'Authorization': authHeader,
-      },
-      body: policyString,
-    })
-    if (!response.ok) {
-      const text = await response.text()
-      throw new Error(`Failed to put bucket policy: ${response.status} ${text}`)
-    }
-  }
-  /**
-   * Get bucket policy for an S3 bucket
-   * Uses path-style URLs to avoid redirect issues
-   */
-  async getBucketPolicy(bucket: string): Promise<object | null> {
-    const { accessKeyId, secretAccessKey, sessionToken } = this.getCredentials()
-    const host = `s3.${this.region}.amazonaws.com`
-    const now = new Date()
-    const amzDate = now.toISOString().replace(/[:-]|\.\d{3}/g, '')
-    const dateStamp = now.toISOString().slice(0, 10).replace(/-/g, '')
-    const payloadHash = crypto.createHash('sha256').update('').digest('hex')
-    // Use path-style URL: s3.region.amazonaws.com/bucket?policy
-    const canonicalUri = '/' + bucket
-    const canonicalQuerystring = 'policy='
-    const requestHeaders: Record<string, string> = {
-      'host': host,
-      'x-amz-date': amzDate,
-      'x-amz-content-sha256': payloadHash,
-    }
-    if (sessionToken) {
-      requestHeaders['x-amz-security-token'] = sessionToken
-    }
-    const canonicalHeaders = Object.keys(requestHeaders)
-      .sort()
-      .map(key => `${key.toLowerCase()}:${requestHeaders[key].trim()}\n`)
-      .join('')
-    const signedHeaders = Object.keys(requestHeaders)
-      .sort()
-      .map(key => key.toLowerCase())
-      .join(';')
-    const canonicalRequest = [
-      'GET',
-      canonicalUri,
-      canonicalQuerystring,
-      canonicalHeaders,
-      signedHeaders,
-      payloadHash,
-    ].join('\n')
-    const algorithm = 'AWS4-HMAC-SHA256'
-    const credentialScope = `${dateStamp}/${this.region}/s3/aws4_request`
-    const stringToSign = [
-      algorithm,
-      amzDate,
-      credentialScope,
-      crypto.createHash('sha256').update(canonicalRequest).digest('hex'),
-    ].join('\n')
-    const kDate = crypto.createHmac('sha256', 'AWS4' + secretAccessKey).update(dateStamp).digest()
-    const kRegion = crypto.createHmac('sha256', kDate).update(this.region).digest()
-    const kService = crypto.createHmac('sha256', kRegion).update('s3').digest()
-    const kSigning = crypto.createHmac('sha256', kService).update('aws4_request').digest()
-    const signature = crypto.createHmac('sha256', kSigning).update(stringToSign).digest('hex')
-    const authHeader = `${algorithm} Credential=${accessKeyId}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signature}`
-    const url = `https://${host}${canonicalUri}?${canonicalQuerystring}`
-    const response = await fetch(url, {
-      method: 'GET',
-      headers: {
-        ...requestHeaders,
-        'Authorization': authHeader,
-      },
-    })
-    if (response.status === 404) {
-      return null
-    }
-    if (!response.ok) {
-      const text = await response.text()
-      throw new Error(`Failed to get bucket policy: ${response.status} ${text}`)
-    }
-    const text = await response.text()
-    return JSON.parse(text)
-  }
-  /**
-   * Delete bucket policy
-   */
-  async deleteBucketPolicy(bucket: string): Promise<void> {
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'DELETE',
-      path: `/${bucket}`,
-      queryParams: { policy: '' },
-    })
-  }
-  /**
-   * Head bucket - check if bucket exists and you have access
-   */
-  async headBucket(bucket: string): Promise<{ exists: boolean; region?: string }> {
-    try {
-      const result = await this.client.request({
-        service: 's3',
-        region: this.region,
-        method: 'HEAD',
-        path: `/${bucket}`,
-        returnHeaders: true,
-      })
-      return { exists: true, region: result?.headers?.['x-amz-bucket-region'] }
-    } catch (e: any) {
-      if (e.statusCode === 404) {
-        return { exists: false }
-      }
-      throw e
-    }
-  }
-  /**
-   * Head object - get object metadata without downloading
-   */
-  async headObject(bucket: string, key: string): Promise<{
-    ContentLength?: number
-    ContentType?: string
-    ETag?: string
-    LastModified?: string
-    Metadata?: Record<string, string>
-  } | null> {
-    try {
-      const result = await this.client.request({
-        service: 's3',
-        region: this.region,
-        method: 'HEAD',
-        path: `/${bucket}/${key}`,
-        returnHeaders: true,
-      })
-      return {
-        ContentLength: result?.headers?.['content-length'] ? parseInt(result.headers['content-length']) : undefined,
-        ContentType: result?.headers?.['content-type'],
-        ETag: result?.headers?.['etag'],
-        LastModified: result?.headers?.['last-modified'],
-      }
-    } catch (e: any) {
-      if (e.statusCode === 404) {
-        return null
-      }
-      throw e
-    }
-  }
-  /**
-   * Get object as Buffer
-   */
-  async getObjectBuffer(bucket: string, key: string): Promise<Buffer> {
-    const content = await this.getObject(bucket, key)
-    return Buffer.from(content)
-  }
-  /**
-   * Get object as JSON
-   */
-  async getObjectJson<T = any>(bucket: string, key: string): Promise<T> {
-    const content = await this.getObject(bucket, key)
-    return JSON.parse(content)
-  }
-  /**
-   * Put JSON object
-   */
-  async putObjectJson(bucket: string, key: string, data: any, options?: {
-    acl?: string
-    cacheControl?: string
-    metadata?: Record<string, string>
-  }): Promise<void> {
-    await this.putObject({
-      bucket,
-      key,
-      body: JSON.stringify(data),
-      contentType: 'application/json',
-      ...options,
-    })
-  }
-  /**
-   * Get bucket versioning configuration
-   */
-  async getBucketVersioning(bucket: string): Promise<{ Status?: 'Enabled' | 'Suspended' }> {
-    const result = await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'GET',
-      path: `/${bucket}`,
-      queryParams: { versioning: '' },
-    })
-    return {
-      Status: result?.VersioningConfiguration?.Status,
-    }
-  }
-  /**
-   * Put bucket versioning configuration
-   */
-  async putBucketVersioning(bucket: string, status: 'Enabled' | 'Suspended'): Promise<void> {
-    const body = `<?xml version="1.0" encoding="UTF-8"?>
-<VersioningConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
-  <Status>${status}</Status>
-</VersioningConfiguration>`
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'PUT',
-      path: `/${bucket}`,
-      queryParams: { versioning: '' },
-      headers: { 'Content-Type': 'application/xml' },
-      body,
-    })
-  }
-  /**
-   * Get bucket lifecycle configuration
-   */
-  async getBucketLifecycleConfiguration(bucket: string): Promise<any> {
-    try {
-      const result = await this.client.request({
-        service: 's3',
-        region: this.region,
-        method: 'GET',
-        path: `/${bucket}`,
-        queryParams: { lifecycle: '' },
-      })
-      return result?.LifecycleConfiguration
-    } catch (e: any) {
-      if (e.statusCode === 404) {
-        return null
-      }
-      throw e
-    }
-  }
-  /**
-   * Put bucket lifecycle configuration
-   */
-  async putBucketLifecycleConfiguration(bucket: string, rules: Array<{
-    ID: string
-    Status: 'Enabled' | 'Disabled'
-    Filter?: { Prefix?: string }
-    Expiration?: { Days?: number; Date?: string }
-    Transitions?: Array<{ Days?: number; StorageClass: string }>
-    NoncurrentVersionExpiration?: { NoncurrentDays: number }
-  }>): Promise<void> {
-    const rulesXml = rules.map(rule => {
-      let ruleXml = `<Rule><ID>${rule.ID}</ID><Status>${rule.Status}</Status>`
-      if (rule.Filter) {
-        ruleXml += `<Filter><Prefix>${rule.Filter.Prefix || ''}</Prefix></Filter>`
-      } else {
-        ruleXml += '<Filter><Prefix></Prefix></Filter>'
-      }
-      if (rule.Expiration) {
-        if (rule.Expiration.Days) {
-          ruleXml += `<Expiration><Days>${rule.Expiration.Days}</Days></Expiration>`
-        } else if (rule.Expiration.Date) {
-          ruleXml += `<Expiration><Date>${rule.Expiration.Date}</Date></Expiration>`
-        }
-      }
-      if (rule.Transitions) {
-        for (const t of rule.Transitions) {
-          ruleXml += `<Transition><Days>${t.Days}</Days><StorageClass>${t.StorageClass}</StorageClass></Transition>`
-        }
-      }
-      if (rule.NoncurrentVersionExpiration) {
-        ruleXml += `<NoncurrentVersionExpiration><NoncurrentDays>${rule.NoncurrentVersionExpiration.NoncurrentDays}</NoncurrentDays></NoncurrentVersionExpiration>`
-      }
-      ruleXml += '</Rule>'
-      return ruleXml
-    }).join('')
-    const body = `<?xml version="1.0" encoding="UTF-8"?>
-<LifecycleConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
-  ${rulesXml}
-</LifecycleConfiguration>`
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'PUT',
-      path: `/${bucket}`,
-      queryParams: { lifecycle: '' },
-      headers: { 'Content-Type': 'application/xml' },
-      body,
-    })
-  }
-  /**
-   * Delete bucket lifecycle configuration
-   */
-  async deleteBucketLifecycleConfiguration(bucket: string): Promise<void> {
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'DELETE',
-      path: `/${bucket}`,
-      queryParams: { lifecycle: '' },
-    })
-  }
-  /**
-   * Get bucket CORS configuration
-   */
-  async getBucketCors(bucket: string): Promise<any> {
-    try {
-      const result = await this.client.request({
-        service: 's3',
-        region: this.region,
-        method: 'GET',
-        path: `/${bucket}`,
-        queryParams: { cors: '' },
-      })
-      return result?.CORSConfiguration
-    } catch (e: any) {
-      if (e.statusCode === 404) {
-        return null
-      }
-      throw e
-    }
-  }
-  /**
-   * Put bucket CORS configuration
-   */
-  async putBucketCors(bucket: string, rules: Array<{
-    AllowedOrigins: string[]
-    AllowedMethods: string[]
-    AllowedHeaders?: string[]
-    ExposeHeaders?: string[]
-    MaxAgeSeconds?: number
-  }>): Promise<void> {
-    const rulesXml = rules.map(rule => {
-      let ruleXml = '<CORSRule>'
-      for (const origin of rule.AllowedOrigins) {
-        ruleXml += `<AllowedOrigin>${origin}</AllowedOrigin>`
-      }
-      for (const method of rule.AllowedMethods) {
-        ruleXml += `<AllowedMethod>${method}</AllowedMethod>`
-      }
-      if (rule.AllowedHeaders) {
-        for (const header of rule.AllowedHeaders) {
-          ruleXml += `<AllowedHeader>${header}</AllowedHeader>`
-        }
-      }
-      if (rule.ExposeHeaders) {
-        for (const header of rule.ExposeHeaders) {
-          ruleXml += `<ExposeHeader>${header}</ExposeHeader>`
-        }
-      }
-      if (rule.MaxAgeSeconds) {
-        ruleXml += `<MaxAgeSeconds>${rule.MaxAgeSeconds}</MaxAgeSeconds>`
-      }
-      ruleXml += '</CORSRule>'
-      return ruleXml
-    }).join('')
-    const body = `<?xml version="1.0" encoding="UTF-8"?>
-<CORSConfiguration>
-  ${rulesXml}
-</CORSConfiguration>`
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'PUT',
-      path: `/${bucket}`,
-      queryParams: { cors: '' },
-      headers: { 'Content-Type': 'application/xml' },
-      body,
-    })
-  }
-  /**
-   * Delete bucket CORS configuration
-   */
-  async deleteBucketCors(bucket: string): Promise<void> {
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'DELETE',
-      path: `/${bucket}`,
-      queryParams: { cors: '' },
-    })
-  }
-  /**
-   * Get bucket encryption configuration
-   */
-  async getBucketEncryption(bucket: string): Promise<any> {
-    try {
-      const result = await this.client.request({
-        service: 's3',
-        region: this.region,
-        method: 'GET',
-        path: `/${bucket}`,
-        queryParams: { encryption: '' },
-      })
-      return result?.ServerSideEncryptionConfiguration
-    } catch (e: any) {
-      if (e.statusCode === 404) {
-        return null
-      }
-      throw e
-    }
-  }
-  /**
-   * Put bucket encryption configuration
-   */
-  async putBucketEncryption(bucket: string, sseAlgorithm: 'AES256' | 'aws:kms', kmsKeyId?: string): Promise<void> {
-    let ruleXml = `<ApplyServerSideEncryptionByDefault><SSEAlgorithm>${sseAlgorithm}</SSEAlgorithm>`
-    if (kmsKeyId) {
-      ruleXml += `<KMSMasterKeyID>${kmsKeyId}</KMSMasterKeyID>`
-    }
-    ruleXml += '</ApplyServerSideEncryptionByDefault>'
-    const body = `<?xml version="1.0" encoding="UTF-8"?>
-<ServerSideEncryptionConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
-  <Rule>${ruleXml}</Rule>
-</ServerSideEncryptionConfiguration>`
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'PUT',
-      path: `/${bucket}`,
-      queryParams: { encryption: '' },
-      headers: { 'Content-Type': 'application/xml' },
-      body,
-    })
-  }
-  /**
-   * Delete bucket encryption configuration
-   */
-  async deleteBucketEncryption(bucket: string): Promise<void> {
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'DELETE',
-      path: `/${bucket}`,
-      queryParams: { encryption: '' },
-    })
-  }
-  /**
-   * Get bucket tagging
-   */
-  async getBucketTagging(bucket: string): Promise<Array<{ Key: string; Value: string }>> {
-    try {
-      const result = await this.client.request({
-        service: 's3',
-        region: this.region,
-        method: 'GET',
-        path: `/${bucket}`,
-        queryParams: { tagging: '' },
-      })
-      const tagSet = result?.Tagging?.TagSet?.Tag
-      if (!tagSet) return []
-      return Array.isArray(tagSet) ? tagSet : [tagSet]
-    } catch (e: any) {
-      if (e.statusCode === 404) {
-        return []
-      }
-      throw e
-    }
-  }
-  /**
-   * Put bucket tagging
-   */
-  async putBucketTagging(bucket: string, tags: Array<{ Key: string; Value: string }>): Promise<void> {
-    const tagsXml = tags.map(t => `<Tag><Key>${t.Key}</Key><Value>${t.Value}</Value></Tag>`).join('')
-    const body = `<?xml version="1.0" encoding="UTF-8"?>
-<Tagging>
-  <TagSet>${tagsXml}</TagSet>
-</Tagging>`
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'PUT',
-      path: `/${bucket}`,
-      queryParams: { tagging: '' },
-      headers: { 'Content-Type': 'application/xml' },
-      body,
-    })
-  }
-  /**
-   * Delete bucket tagging
-   */
-  async deleteBucketTagging(bucket: string): Promise<void> {
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'DELETE',
-      path: `/${bucket}`,
-      queryParams: { tagging: '' },
-    })
-  }
-  /**
-   * Get object tagging
-   */
-  async getObjectTagging(bucket: string, key: string): Promise<Array<{ Key: string; Value: string }>> {
-    try {
-      const result = await this.client.request({
-        service: 's3',
-        region: this.region,
-        method: 'GET',
-        path: `/${bucket}/${key}`,
-        queryParams: { tagging: '' },
-      })
-      const tagSet = result?.Tagging?.TagSet?.Tag
-      if (!tagSet) return []
-      return Array.isArray(tagSet) ? tagSet : [tagSet]
-    } catch (e: any) {
-      if (e.statusCode === 404) {
-        return []
-      }
-      throw e
-    }
-  }
-  /**
-   * Put object tagging
-   */
-  async putObjectTagging(bucket: string, key: string, tags: Array<{ Key: string; Value: string }>): Promise<void> {
-    const tagsXml = tags.map(t => `<Tag><Key>${t.Key}</Key><Value>${t.Value}</Value></Tag>`).join('')
-    const body = `<?xml version="1.0" encoding="UTF-8"?>
-<Tagging>
-  <TagSet>${tagsXml}</TagSet>
-</Tagging>`
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'PUT',
-      path: `/${bucket}/${key}`,
-      queryParams: { tagging: '' },
-      headers: { 'Content-Type': 'application/xml' },
-      body,
-    })
-  }
-  /**
-   * Delete object tagging
-   */
-  async deleteObjectTagging(bucket: string, key: string): Promise<void> {
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'DELETE',
-      path: `/${bucket}/${key}`,
-      queryParams: { tagging: '' },
-    })
-  }
-  /**
-   * Get bucket ACL
-   */
-  async getBucketAcl(bucket: string): Promise<any> {
-    const result = await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'GET',
-      path: `/${bucket}`,
-      queryParams: { acl: '' },
-    })
-    return result?.AccessControlPolicy
-  }
-  /**
-   * Put bucket ACL (canned ACL)
-   */
-  async putBucketAcl(bucket: string, acl: 'private' | 'public-read' | 'public-read-write' | 'authenticated-read'): Promise<void> {
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'PUT',
-      path: `/${bucket}`,
-      queryParams: { acl: '' },
-      headers: { 'x-amz-acl': acl },
-    })
-  }
-  /**
-   * Get object ACL
-   */
-  async getObjectAcl(bucket: string, key: string): Promise<any> {
-    const result = await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'GET',
-      path: `/${bucket}/${key}`,
-      queryParams: { acl: '' },
-    })
-    return result?.AccessControlPolicy
-  }
-  /**
-   * Put object ACL (canned ACL)
-   */
-  async putObjectAcl(bucket: string, key: string, acl: 'private' | 'public-read' | 'public-read-write' | 'authenticated-read'): Promise<void> {
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'PUT',
-      path: `/${bucket}/${key}`,
-      queryParams: { acl: '' },
-      headers: { 'x-amz-acl': acl },
-    })
-  }
-  /**
-   * Get bucket location
-   */
-  async getBucketLocation(bucket: string): Promise<string> {
-    const result = await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'GET',
-      path: `/${bucket}`,
-      queryParams: { location: '' },
-    })
-    // Empty string means us-east-1
-    return result?.LocationConstraint || 'us-east-1'
-  }
-  /**
-   * Get bucket logging configuration
-   */
-  async getBucketLogging(bucket: string): Promise<any> {
-    const result = await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'GET',
-      path: `/${bucket}`,
-      queryParams: { logging: '' },
-    })
-    return result?.BucketLoggingStatus
-  }
-  /**
-   * Put bucket logging configuration
-   */
-  async putBucketLogging(bucket: string, targetBucket: string, targetPrefix: string): Promise<void> {
-    const body = `<?xml version="1.0" encoding="UTF-8"?>
-<BucketLoggingStatus xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
-  <LoggingEnabled>
-    <TargetBucket>${targetBucket}</TargetBucket>
-    <TargetPrefix>${targetPrefix}</TargetPrefix>
-  </LoggingEnabled>
-</BucketLoggingStatus>`
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'PUT',
-      path: `/${bucket}`,
-      queryParams: { logging: '' },
-      headers: { 'Content-Type': 'application/xml' },
-      body,
-    })
-  }
-  /**
-   * Get bucket notification configuration
-   */
-  async getBucketNotificationConfiguration(bucket: string): Promise<any> {
-    const result = await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'GET',
-      path: `/${bucket}`,
-      queryParams: { notification: '' },
-    })
-    return result?.NotificationConfiguration
-  }
-  /**
-   * Put bucket notification configuration
-   */
-  async putBucketNotificationConfiguration(bucket: string, config: {
-    LambdaFunctionConfigurations?: Array<{
-      Id?: string
-      LambdaFunctionArn: string
-      Events: string[]
-      Filter?: { Key?: { FilterRules: Array<{ Name: string; Value: string }> } }
-    }>
-    TopicConfigurations?: Array<{
-      Id?: string
-      TopicArn: string
-      Events: string[]
-      Filter?: { Key?: { FilterRules: Array<{ Name: string; Value: string }> } }
-    }>
-    QueueConfigurations?: Array<{
-      Id?: string
-      QueueArn: string
-      Events: string[]
-      Filter?: { Key?: { FilterRules: Array<{ Name: string; Value: string }> } }
-    }>
-  }): Promise<void> {
-    let configXml = ''
-    if (config.LambdaFunctionConfigurations) {
-      for (const c of config.LambdaFunctionConfigurations) {
-        configXml += '<CloudFunctionConfiguration>'
-        if (c.Id) configXml += `<Id>${c.Id}</Id>`
-        configXml += `<CloudFunction>${c.LambdaFunctionArn}</CloudFunction>`
-        for (const event of c.Events) {
-          configXml += `<Event>${event}</Event>`
-        }
-        if (c.Filter?.Key?.FilterRules) {
-          configXml += '<Filter><S3Key>'
-          for (const rule of c.Filter.Key.FilterRules) {
-            configXml += `<FilterRule><Name>${rule.Name}</Name><Value>${rule.Value}</Value></FilterRule>`
-          }
-          configXml += '</S3Key></Filter>'
-        }
-        configXml += '</CloudFunctionConfiguration>'
-      }
-    }
-    if (config.TopicConfigurations) {
-      for (const c of config.TopicConfigurations) {
-        configXml += '<TopicConfiguration>'
-        if (c.Id) configXml += `<Id>${c.Id}</Id>`
-        configXml += `<Topic>${c.TopicArn}</Topic>`
-        for (const event of c.Events) {
-          configXml += `<Event>${event}</Event>`
-        }
-        configXml += '</TopicConfiguration>'
-      }
-    }
-    if (config.QueueConfigurations) {
-      for (const c of config.QueueConfigurations) {
-        configXml += '<QueueConfiguration>'
-        if (c.Id) configXml += `<Id>${c.Id}</Id>`
-        configXml += `<Queue>${c.QueueArn}</Queue>`
-        for (const event of c.Events) {
-          configXml += `<Event>${event}</Event>`
-        }
-        configXml += '</QueueConfiguration>'
-      }
-    }
-    const body = `<?xml version="1.0" encoding="UTF-8"?>
-<NotificationConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
-  ${configXml}
-</NotificationConfiguration>`
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'PUT',
-      path: `/${bucket}`,
-      queryParams: { notification: '' },
-      headers: { 'Content-Type': 'application/xml' },
-      body,
-    })
-  }
-  /**
-   * Get bucket website configuration
-   */
-  async getBucketWebsite(bucket: string): Promise<any> {
-    try {
-      const result = await this.client.request({
-        service: 's3',
-        region: this.region,
-        method: 'GET',
-        path: `/${bucket}`,
-        queryParams: { website: '' },
-      })
-      return result?.WebsiteConfiguration
-    } catch (e: any) {
-      if (e.statusCode === 404) {
-        return null
-      }
-      throw e
-    }
-  }
-  /**
-   * Put bucket website configuration
-   */
-  async putBucketWebsite(bucket: string, config: {
-    IndexDocument: string
-    ErrorDocument?: string
-    RedirectAllRequestsTo?: { HostName: string; Protocol?: string }
-  }): Promise<void> {
-    let configXml = ''
-    if (config.RedirectAllRequestsTo) {
-      configXml = `<RedirectAllRequestsTo>
-        <HostName>${config.RedirectAllRequestsTo.HostName}</HostName>
-        ${config.RedirectAllRequestsTo.Protocol ? `<Protocol>${config.RedirectAllRequestsTo.Protocol}</Protocol>` : ''}
-      </RedirectAllRequestsTo>`
-    } else {
-      configXml = `<IndexDocument><Suffix>${config.IndexDocument}</Suffix></IndexDocument>`
-      if (config.ErrorDocument) {
-        configXml += `<ErrorDocument><Key>${config.ErrorDocument}</Key></ErrorDocument>`
-      }
-    }
-    const body = `<?xml version="1.0" encoding="UTF-8"?>
-<WebsiteConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
-  ${configXml}
-</WebsiteConfiguration>`
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'PUT',
-      path: `/${bucket}`,
-      queryParams: { website: '' },
-      headers: { 'Content-Type': 'application/xml' },
-      body,
-    })
-  }
-  /**
-   * Delete bucket website configuration
-   */
-  async deleteBucketWebsite(bucket: string): Promise<void> {
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'DELETE',
-      path: `/${bucket}`,
-      queryParams: { website: '' },
-    })
-  }
-  /**
-   * Get bucket replication configuration
-   */
-  async getBucketReplication(bucket: string): Promise<any> {
-    try {
-      const result = await this.client.request({
-        service: 's3',
-        region: this.region,
-        method: 'GET',
-        path: `/${bucket}`,
-        queryParams: { replication: '' },
-      })
-      return result?.ReplicationConfiguration
-    } catch (e: any) {
-      if (e.statusCode === 404) {
-        return null
-      }
-      throw e
-    }
-  }
-  /**
-   * Delete bucket replication configuration
-   */
-  async deleteBucketReplication(bucket: string): Promise<void> {
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'DELETE',
-      path: `/${bucket}`,
-      queryParams: { replication: '' },
-    })
-  }
-  /**
-   * Get public access block configuration
-   */
-  async getPublicAccessBlock(bucket: string): Promise<any> {
-    try {
-      const result = await this.client.request({
-        service: 's3',
-        region: this.region,
-        method: 'GET',
-        path: `/${bucket}`,
-        queryParams: { publicAccessBlock: '' },
-      })
-      return result?.PublicAccessBlockConfiguration
-    } catch (e: any) {
-      if (e.statusCode === 404) {
-        return null
-      }
-      throw e
-    }
-  }
-  /**
-   * Put public access block configuration
-   */
-  async putPublicAccessBlock(bucket: string, config: {
-    BlockPublicAcls?: boolean
-    IgnorePublicAcls?: boolean
-    BlockPublicPolicy?: boolean
-    RestrictPublicBuckets?: boolean
-  }): Promise<void> {
-    const body = `<?xml version="1.0" encoding="UTF-8"?>
-<PublicAccessBlockConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
-  <BlockPublicAcls>${config.BlockPublicAcls ?? true}</BlockPublicAcls>
-  <IgnorePublicAcls>${config.IgnorePublicAcls ?? true}</IgnorePublicAcls>
-  <BlockPublicPolicy>${config.BlockPublicPolicy ?? true}</BlockPublicPolicy>
-  <RestrictPublicBuckets>${config.RestrictPublicBuckets ?? true}</RestrictPublicBuckets>
-</PublicAccessBlockConfiguration>`
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'PUT',
-      path: `/${bucket}`,
-      queryParams: { publicAccessBlock: '' },
-      headers: { 'Content-Type': 'application/xml' },
-      body,
-    })
-  }
-  /**
-   * Delete public access block configuration
-   */
-  async deletePublicAccessBlock(bucket: string): Promise<void> {
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'DELETE',
-      path: `/${bucket}`,
-      queryParams: { publicAccessBlock: '' },
-    })
-  }
-  /**
-   * Generate a presigned URL for GET
-   */
-  generatePresignedGetUrl(bucket: string, key: string, expiresInSeconds: number = 3600): string {
-    const { accessKeyId, secretAccessKey } = this.getCredentials()
-    const host = `${bucket}.s3.${this.region}.amazonaws.com`
-    const now = new Date()
-    const amzDate = now.toISOString().replace(/[:-]|\.\d{3}/g, '')
-    const dateStamp = now.toISOString().slice(0, 10).replace(/-/g, '')
-    const credentialScope = `${dateStamp}/${this.region}/s3/aws4_request`
-    const credential = `${accessKeyId}/${credentialScope}`
-    const queryParams = new URLSearchParams({
-      'X-Amz-Algorithm': 'AWS4-HMAC-SHA256',
-      'X-Amz-Credential': credential,
-      'X-Amz-Date': amzDate,
-      'X-Amz-Expires': expiresInSeconds.toString(),
-      'X-Amz-SignedHeaders': 'host',
-    })
-    const canonicalRequest = [
-      'GET',
-      `/${key}`,
-      queryParams.toString(),
-      `host:${host}\n`,
-      'host',
-      'UNSIGNED-PAYLOAD',
-    ].join('\n')
-    const stringToSign = [
-      'AWS4-HMAC-SHA256',
-      amzDate,
-      credentialScope,
-      crypto.createHash('sha256').update(canonicalRequest).digest('hex'),
-    ].join('\n')
-    const kDate = crypto.createHmac('sha256', `AWS4${secretAccessKey}`).update(dateStamp).digest()
-    const kRegion = crypto.createHmac('sha256', kDate).update(this.region).digest()
-    const kService = crypto.createHmac('sha256', kRegion).update('s3').digest()
-    const kSigning = crypto.createHmac('sha256', kService).update('aws4_request').digest()
-    const signature = crypto.createHmac('sha256', kSigning).update(stringToSign).digest('hex')
-    queryParams.append('X-Amz-Signature', signature)
-    return `https://${host}/${key}?${queryParams.toString()}`
-  }
-  /**
-   * Generate a presigned URL for PUT
-   */
-  generatePresignedPutUrl(bucket: string, key: string, contentType: string, expiresInSeconds: number = 3600): string {
-    const { accessKeyId, secretAccessKey } = this.getCredentials()
-    const host = `${bucket}.s3.${this.region}.amazonaws.com`
-    const now = new Date()
-    const amzDate = now.toISOString().replace(/[:-]|\.\d{3}/g, '')
-    const dateStamp = now.toISOString().slice(0, 10).replace(/-/g, '')
-    const credentialScope = `${dateStamp}/${this.region}/s3/aws4_request`
-    const credential = `${accessKeyId}/${credentialScope}`
-    const queryParams = new URLSearchParams({
-      'X-Amz-Algorithm': 'AWS4-HMAC-SHA256',
-      'X-Amz-Credential': credential,
-      'X-Amz-Date': amzDate,
-      'X-Amz-Expires': expiresInSeconds.toString(),
-      'X-Amz-SignedHeaders': 'content-type;host',
-    })
-    const canonicalRequest = [
-      'PUT',
-      `/${key}`,
-      queryParams.toString(),
-      `content-type:${contentType}\nhost:${host}\n`,
-      'content-type;host',
-      'UNSIGNED-PAYLOAD',
-    ].join('\n')
-    const stringToSign = [
-      'AWS4-HMAC-SHA256',
-      amzDate,
-      credentialScope,
-      crypto.createHash('sha256').update(canonicalRequest).digest('hex'),
-    ].join('\n')
-    const kDate = crypto.createHmac('sha256', `AWS4${secretAccessKey}`).update(dateStamp).digest()
-    const kRegion = crypto.createHmac('sha256', kDate).update(this.region).digest()
-    const kService = crypto.createHmac('sha256', kRegion).update('s3').digest()
-    const kSigning = crypto.createHmac('sha256', kService).update('aws4_request').digest()
-    const signature = crypto.createHmac('sha256', kSigning).update(stringToSign).digest('hex')
-    queryParams.append('X-Amz-Signature', signature)
-    return `https://${host}/${key}?${queryParams.toString()}`
-  }
-  /**
-   * Initiate multipart upload
-   */
-  async createMultipartUpload(bucket: string, key: string, options?: {
-    contentType?: string
-    metadata?: Record<string, string>
-  }): Promise<{ UploadId: string }> {
-    const headers: Record<string, string> = {}
-    if (options?.contentType) {
-      headers['Content-Type'] = options.contentType
-    }
-    if (options?.metadata) {
-      for (const [k, v] of Object.entries(options.metadata)) {
-        headers[`x-amz-meta-${k}`] = v
-      }
-    }
-    const result = await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'POST',
-      path: `/${bucket}/${key}`,
-      queryParams: { uploads: '' },
-      headers,
-    })
-    return { UploadId: result?.InitiateMultipartUploadResult?.UploadId }
-  }
-  /**
-   * Upload a part in multipart upload
-   */
-  async uploadPart(bucket: string, key: string, uploadId: string, partNumber: number, body: Buffer): Promise<{ ETag: string }> {
-    const { accessKeyId, secretAccessKey, sessionToken } = this.getCredentials()
-    const host = `${bucket}.s3.${this.region}.amazonaws.com`
-    const url = `https://${host}/${key}?partNumber=${partNumber}&uploadId=${encodeURIComponent(uploadId)}`
-    const now = new Date()
-    const amzDate = now.toISOString().replace(/[:-]|\.\d{3}/g, '')
-    const dateStamp = now.toISOString().slice(0, 10).replace(/-/g, '')
-    const payloadHash = crypto.createHash('sha256').update(body).digest('hex')
-    const requestHeaders: Record<string, string> = {
-      'host': host,
-      'x-amz-date': amzDate,
-      'x-amz-content-sha256': payloadHash,
-    }
-    if (sessionToken) {
-      requestHeaders['x-amz-security-token'] = sessionToken
-    }
-    const canonicalHeaders = Object.keys(requestHeaders)
-      .sort()
-      .map(k => `${k.toLowerCase()}:${requestHeaders[k].trim()}\n`)
-      .join('')
-    const signedHeaders = Object.keys(requestHeaders)
-      .sort()
-      .map(k => k.toLowerCase())
-      .join(';')
-    const canonicalRequest = [
-      'PUT',
-      `/${key}`,
-      `partNumber=${partNumber}&uploadId=${encodeURIComponent(uploadId)}`,
-      canonicalHeaders,
-      signedHeaders,
-      payloadHash,
-    ].join('\n')
-    const algorithm = 'AWS4-HMAC-SHA256'
-    const credentialScope = `${dateStamp}/${this.region}/s3/aws4_request`
-    const stringToSign = [
-      algorithm,
-      amzDate,
-      credentialScope,
-      crypto.createHash('sha256').update(canonicalRequest).digest('hex'),
-    ].join('\n')
-    const kDate = crypto.createHmac('sha256', `AWS4${secretAccessKey}`).update(dateStamp).digest()
-    const kRegion = crypto.createHmac('sha256', kDate).update(this.region).digest()
-    const kService = crypto.createHmac('sha256', kRegion).update('s3').digest()
-    const kSigning = crypto.createHmac('sha256', kService).update('aws4_request').digest()
-    const signature = crypto.createHmac('sha256', kSigning).update(stringToSign).digest('hex')
-    const authHeader = `${algorithm} Credential=${accessKeyId}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signature}`
-    const response = await fetch(url, {
-      method: 'PUT',
-      headers: {
-        ...requestHeaders,
-        'Authorization': authHeader,
-      },
-      body,
-    })
-    if (!response.ok) {
-      const text = await response.text()
-      throw new Error(`Upload part failed: ${response.status} ${text}`)
-    }
-    return { ETag: response.headers.get('etag') || '' }
-  }
-  /**
-   * Complete multipart upload
-   */
-  async completeMultipartUpload(bucket: string, key: string, uploadId: string, parts: Array<{ PartNumber: number; ETag: string }>): Promise<void> {
-    const partsXml = parts
-      .sort((a, b) => a.PartNumber - b.PartNumber)
-      .map(p => `<Part><PartNumber>${p.PartNumber}</PartNumber><ETag>${p.ETag}</ETag></Part>`)
-      .join('')
-    const body = `<?xml version="1.0" encoding="UTF-8"?>
-<CompleteMultipartUpload>${partsXml}</CompleteMultipartUpload>`
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'POST',
-      path: `/${bucket}/${key}`,
-      queryParams: { uploadId },
-      headers: { 'Content-Type': 'application/xml' },
-      body,
-    })
-  }
-  /**
-   * Abort multipart upload
-   */
-  async abortMultipartUpload(bucket: string, key: string, uploadId: string): Promise<void> {
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'DELETE',
-      path: `/${bucket}/${key}`,
-      queryParams: { uploadId },
-    })
-  }
-  /**
-   * List multipart uploads
-   */
-  async listMultipartUploads(bucket: string): Promise<Array<{ Key: string; UploadId: string; Initiated: string }>> {
-    const result = await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'GET',
-      path: `/${bucket}`,
-      queryParams: { uploads: '' },
-    })
-    const uploads = result?.ListMultipartUploadsResult?.Upload
-    if (!uploads) return []
-    const list = Array.isArray(uploads) ? uploads : [uploads]
-    return list.map((u: any) => ({
-      Key: u.Key,
-      UploadId: u.UploadId,
-      Initiated: u.Initiated,
-    }))
-  }
-  /**
-   * Restore object from Glacier
-   */
-  async restoreObject(bucket: string, key: string, days: number, tier: 'Standard' | 'Bulk' | 'Expedited' = 'Standard'): Promise<void> {
-    const body = `<?xml version="1.0" encoding="UTF-8"?>
-<RestoreRequest>
-  <Days>${days}</Days>
-  <GlacierJobParameters>
-    <Tier>${tier}</Tier>
-  </GlacierJobParameters>
-</RestoreRequest>`
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'POST',
-      path: `/${bucket}/${key}`,
-      queryParams: { restore: '' },
-      headers: { 'Content-Type': 'application/xml' },
-      body,
-    })
-  }
-  /**
-   * Select object content (S3 Select)
-   */
-  async selectObjectContent(bucket: string, key: string, expression: string, inputFormat: 'CSV' | 'JSON' | 'Parquet', outputFormat: 'CSV' | 'JSON' = 'JSON'): Promise<string> {
-    let inputSerialization = ''
-    if (inputFormat === 'CSV') {
-      inputSerialization = '<CSV><FileHeaderInfo>USE</FileHeaderInfo></CSV>'
-    } else if (inputFormat === 'JSON') {
-      inputSerialization = '<JSON><Type>DOCUMENT</Type></JSON>'
-    } else {
-      inputSerialization = '<Parquet/>'
-    }
-    let outputSerialization = ''
-    if (outputFormat === 'CSV') {
-      outputSerialization = '<CSV/>'
-    } else {
-      outputSerialization = '<JSON/>'
-    }
-    const body = `<?xml version="1.0" encoding="UTF-8"?>
-<SelectObjectContentRequest>
-  <Expression>${expression}</Expression>
-  <ExpressionType>SQL</ExpressionType>
-  <InputSerialization>${inputSerialization}</InputSerialization>
-  <OutputSerialization>${outputSerialization}</OutputSerialization>
-</SelectObjectContentRequest>`
-    const result = await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'POST',
-      path: `/${bucket}/${key}`,
-      queryParams: { select: '', 'select-type': '2' },
-      headers: { 'Content-Type': 'application/xml' },
-      body,
-      rawResponse: true,
-    })
-    return result
-  }
-  /**
-   * Generate a presigned URL for S3 object access
-   * Allows temporary access to private objects without authentication
-   */
-  async getSignedUrl(options: {
-    bucket: string
-    key: string
-    expiresIn?: number
-    operation?: 'getObject' | 'putObject'
-  }): Promise<string> {
-    const { bucket, key, expiresIn = 3600, operation = 'getObject' } = options
-    const { accessKeyId, secretAccessKey, sessionToken } = this.getCredentials()
-    const now = new Date()
-    const amzDate = now.toISOString().replace(/[:-]|\.\d{3}/g, '')
-    const dateStamp = now.toISOString().slice(0, 10).replace(/-/g, '')
-    const host = `${bucket}.s3.${this.region}.amazonaws.com`
-    const method = operation === 'putObject' ? 'PUT' : 'GET'
-    const algorithm = 'AWS4-HMAC-SHA256'
-    const credentialScope = `${dateStamp}/${this.region}/s3/aws4_request`
-    const credential = `${accessKeyId}/${credentialScope}`
-    // Build query parameters
-    const queryParams: Record<string, string> = {
-      'X-Amz-Algorithm': algorithm,
-      'X-Amz-Credential': credential,
-      'X-Amz-Date': amzDate,
-      'X-Amz-Expires': expiresIn.toString(),
-      'X-Amz-SignedHeaders': 'host',
-    }
-    if (sessionToken) {
-      queryParams['X-Amz-Security-Token'] = sessionToken
-    }
-    // Sort and encode query string
-    const sortedParams = Object.keys(queryParams).sort()
-    const canonicalQuerystring = sortedParams
-      .map(k => `${encodeURIComponent(k)}=${encodeURIComponent(queryParams[k])}`)
-      .join('&')
-    // Canonical request
-    const canonicalUri = '/' + key
-    const canonicalHeaders = `host:${host}\n`
-    const signedHeaders = 'host'
-    const payloadHash = 'UNSIGNED-PAYLOAD'
-    const canonicalRequest = [
-      method,
-      canonicalUri,
-      canonicalQuerystring,
-      canonicalHeaders,
-      signedHeaders,
-      payloadHash,
-    ].join('\n')
-    // String to sign
-    const stringToSign = [
-      algorithm,
-      amzDate,
-      credentialScope,
-      crypto.createHash('sha256').update(canonicalRequest).digest('hex'),
-    ].join('\n')
-    // Calculate signature
-    const kDate = crypto.createHmac('sha256', `AWS4${secretAccessKey}`).update(dateStamp).digest()
-    const kRegion = crypto.createHmac('sha256', kDate).update(this.region).digest()
-    const kService = crypto.createHmac('sha256', kRegion).update('s3').digest()
-    const kSigning = crypto.createHmac('sha256', kService).update('aws4_request').digest()
-    const signature = crypto.createHmac('sha256', kSigning).update(stringToSign).digest('hex')
-    // Build presigned URL
-    const presignedUrl = `https://${host}${canonicalUri}?${canonicalQuerystring}&X-Amz-Signature=${signature}`
-    return presignedUrl
-  }
-  /**
-   * List objects in a bucket with pagination support
-   */
-  async listObjects(options: {
-    bucket: string
-    prefix?: string
-    maxKeys?: number
-    continuationToken?: string
-  }): Promise<{
-    objects: S3Object[]
-    nextContinuationToken?: string
-  }> {
-    const { bucket, prefix, maxKeys = 1000, continuationToken } = options
-    // Build query parameters for ListObjectsV2
-    const queryParams: Record<string, string> = {
-      'list-type': '2',
-      'max-keys': maxKeys.toString(),
-    }
-    if (prefix) queryParams.prefix = prefix
-    if (continuationToken) queryParams['continuation-token'] = continuationToken
-    const result = await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'GET',
-      path: `/${bucket}`,
-      queryParams,
-    })
-    // Parse S3 XML response
-    const objects: S3Object[] = []
-    const listResult = result?.ListBucketResult
-    if (listResult?.Contents) {
-      const items = Array.isArray(listResult.Contents) ? listResult.Contents : [listResult.Contents]
-      for (const item of items) {
-        objects.push({
-          Key: item.Key || '',
-          LastModified: item.LastModified || '',
-          Size: Number.parseInt(item.Size || '0'),
-          ETag: item.ETag,
-        })
-      }
-    }
-    return {
-      objects,
-      nextContinuationToken: listResult?.NextContinuationToken,
-    }
-  }
-  /**
-   * Empty a bucket by deleting all objects (required before bucket deletion)
-   */
-  async emptyBucket(bucket: string): Promise<{ deletedCount: number }> {
-    let deletedCount = 0
-    // List all objects in the bucket (handles pagination internally)
-    const objects = await this.listAllObjects({ bucket })
-    if (objects.length > 0) {
-      // Delete objects in batches of 1000
-      for (let i = 0; i < objects.length; i += 1000) {
-        const batch = objects.slice(i, i + 1000)
-        const keys = batch.map((obj: S3Object) => obj.Key)
-        await this.deleteObjects(bucket, keys)
-        deletedCount += keys.length
-      }
-    }
-    // Also delete any object versions if versioning is enabled
-    try {
-      let keyMarker: string | undefined
-      let versionIdMarker: string | undefined
-      do {
-        const versionsResult = await this.listObjectVersions({
-          bucket,
-          keyMarker,
-          versionIdMarker,
-          maxKeys: 1000,
-        })
-        const versionsToDelete: Array<{ Key: string; VersionId?: string }> = []
-        if (versionsResult.versions) {
-          for (const version of versionsResult.versions) {
-            versionsToDelete.push({ Key: version.Key, VersionId: version.VersionId })
-          }
-        }
-        if (versionsResult.deleteMarkers) {
-          for (const marker of versionsResult.deleteMarkers) {
-            versionsToDelete.push({ Key: marker.Key, VersionId: marker.VersionId })
-          }
-        }
-        if (versionsToDelete.length > 0) {
-          await this.deleteObjectVersions(bucket, versionsToDelete)
-          deletedCount += versionsToDelete.length
-        }
-        keyMarker = versionsResult.nextKeyMarker
-        versionIdMarker = versionsResult.nextVersionIdMarker
-      } while (keyMarker)
-    }
-    catch {
-      // Versioning might not be enabled, ignore errors
-    }
-    return { deletedCount }
-  }
-  /**
-   * List object versions in a bucket
-   */
-  async listObjectVersions(options: {
-    bucket: string
-    prefix?: string
-    keyMarker?: string
-    versionIdMarker?: string
-    maxKeys?: number
-  }): Promise<{
-    versions: Array<{ Key: string; VersionId: string; IsLatest: boolean }>
-    deleteMarkers: Array<{ Key: string; VersionId: string; IsLatest: boolean }>
-    nextKeyMarker?: string
-    nextVersionIdMarker?: string
-  }> {
-    const { bucket, prefix, keyMarker, versionIdMarker, maxKeys = 1000 } = options
-    const queryParams: Record<string, string> = {
-      versions: '',
-      'max-keys': maxKeys.toString(),
-    }
-    if (prefix) queryParams.prefix = prefix
-    if (keyMarker) queryParams['key-marker'] = keyMarker
-    if (versionIdMarker) queryParams['version-id-marker'] = versionIdMarker
-    const result = await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'GET',
-      path: `/${bucket}`,
-      queryParams,
-    })
-    const versions: Array<{ Key: string; VersionId: string; IsLatest: boolean }> = []
-    const deleteMarkers: Array<{ Key: string; VersionId: string; IsLatest: boolean }> = []
-    // Parse versions
-    if (result.Version) {
-      const versionList = Array.isArray(result.Version) ? result.Version : [result.Version]
-      for (const v of versionList) {
-        versions.push({
-          Key: v.Key,
-          VersionId: v.VersionId,
-          IsLatest: v.IsLatest === 'true',
-        })
-      }
-    }
-    // Parse delete markers
-    if (result.DeleteMarker) {
-      const markerList = Array.isArray(result.DeleteMarker) ? result.DeleteMarker : [result.DeleteMarker]
-      for (const m of markerList) {
-        deleteMarkers.push({
-          Key: m.Key,
-          VersionId: m.VersionId,
-          IsLatest: m.IsLatest === 'true',
-        })
-      }
-    }
-    return {
-      versions,
-      deleteMarkers,
-      nextKeyMarker: result.NextKeyMarker,
-      nextVersionIdMarker: result.NextVersionIdMarker,
-    }
-  }
-  /**
-   * Delete specific object versions
-   */
-  async deleteObjectVersions(
-    bucket: string,
-    objects: Array<{ Key: string; VersionId?: string }>,
-  ): Promise<void> {
-    const deleteXml = `<?xml version="1.0" encoding="UTF-8"?>
-<Delete>
-  <Quiet>true</Quiet>
-  ${objects.map(obj => `<Object><Key>${obj.Key}</Key>${obj.VersionId ? `<VersionId>${obj.VersionId}</VersionId>` : ''}</Object>`).join('\n  ')}
-</Delete>`
-    const contentMd5 = crypto.createHash('md5').update(deleteXml).digest('base64')
-    await this.client.request({
-      service: 's3',
-      region: this.region,
-      method: 'POST',
-      path: `/${bucket}`,
-      queryParams: { delete: '' },
-      body: deleteXml,
-      headers: {
-        'Content-Type': 'application/xml',
-        'Content-MD5': contentMd5,
-      },
-    })
-  }
-}