@stacksjs/ts-cloud 0.2.15 → 0.2.17

package/dist/deploy/ensure-dynamic-cloudfront.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Ensure CloudFront distributions serving app domains allow POST/PUT/PATCH/DELETE
+ * on cache behaviors that target compute (default behavior and API path patterns).
+ */
+export declare function ensureDynamicMethodsForDomains(domains: string[]): Promise<void>;

package/dist/deploy/migrate-site-stack.d.ts

@@ -0,0 +1,31 @@
+import type { CloudConfig, EnvironmentType } from '@ts-cloud/core';
+export interface SiteStackMigrationPlan {
+    oldStackName: string;
+    newStackName: string;
+    oldBucket: string;
+    newBucket: string;
+    distributionId: string;
+    oacId: string;
+    certificateArn: string;
+    templatePath: string;
+    importPath: string;
+}
+export interface SiteStackMigrationOptions {
+    config: CloudConfig;
+    environment: EnvironmentType;
+    siteKey: string;
+    oldStackName: string;
+    oldBucket: string;
+    distributionId: string;
+    oacId: string;
+    outputDir: string;
+}
+export declare function buildSiteStackMigrationPlan(options: SiteStackMigrationOptions & {
+    certificateArn?: string;
+}): SiteStackMigrationPlan;
+export declare function resolveSiteCertificateArn(domain: string, region?: string): Promise<string>;
+export declare function deployRetainPoliciesToStack(stackName: string, templatePath: string, region: string): Promise<void>;
+export declare function deleteStackRetainResources(stackName: string, region: string): Promise<void>;
+export declare function importSiteStack(plan: SiteStackMigrationPlan, region: string): Promise<void>;
+export declare function syncSiteBucket(oldBucket: string, newBucket: string, region: string): Promise<void>;
+export declare function uploadSiteAssets(plan: SiteStackMigrationPlan, sourceDir: string, region: string): Promise<void>;

package/dist/deploy/static-site-external-dns.d.ts

@@ -30,6 +30,17 @@ export interface ExternalDnsStaticSiteConfig {
     skipDnsVerification?: boolean;
     /** When true, serves raw files without URL rewriting (for curl | bash install scripts) */
     passthroughUrls?: boolean;
+    /**
+     * When true, allow POST/PUT/PATCH/DELETE on the default cache behavior.
+     * Use when CloudFront fronts a dynamic app (EC2) rather than static S3 only.
+     */
+    dynamicApp?: boolean;
+    /** EC2 public DNS hostname for CloudFront (required when dynamicApp is true). */
+    computeOriginDomain?: string;
+    /** HTTP port on the compute origin. @default 3008 */
+    computeOriginPort?: number;
+    /** CloudFront origin Id for the compute origin. */
+    computeOriginId?: string;
     /**
      * When true, missing files (S3 403/404) fall through to the index document
      * with a 200 status — required for client-side-routed SPAs.
@@ -65,6 +76,12 @@ export declare function generateExternalDnsStaticSiteTemplate(config: {
     errorDocument?: string;
     passthroughUrls?: boolean;
     singlePageApp?: boolean;
+    dynamicApp?: boolean;
+    computeOriginDomain?: string;
+    computeOriginPort?: number;
+    computeOriginId?: string;
+    /** When true, retain S3/CloudFront resources if the stack is deleted (stack migration). */
+    retainOnStackDelete?: boolean;
 }): object;
 /**
  * Deploy a static site to AWS with external DNS provider

package/dist/drivers/aws/driver.d.ts

@@ -0,0 +1,16 @@
+import type { CloudDriver, ComputeStackOutputs, ComputeTarget, FindComputeTargetsOptions, ProvisionComputeOptions, RemoteDeployResult, RunRemoteDeployOptions, UploadReleaseOptions, UploadReleaseResult } from '@ts-cloud/core';
+export interface AwsDriverOptions {
+    region?: string;
+}
+export declare class AwsDriver implements CloudDriver {
+    readonly name: "aws";
+    readonly usesCloudFormation = true;
+    private region;
+    constructor(options?: AwsDriverOptions);
+    private resolveRegion;
+    getComputeOutputs(options: ProvisionComputeOptions): Promise<ComputeStackOutputs>;
+    uploadRelease(options: UploadReleaseOptions): Promise<UploadReleaseResult>;
+    findComputeTargets(options: FindComputeTargetsOptions): Promise<ComputeTarget[]>;
+    runRemoteDeploy(options: RunRemoteDeployOptions): Promise<RemoteDeployResult>;
+    private pollSsmCommand;
+}

package/dist/drivers/factory.d.ts

@@ -0,0 +1,17 @@
+import type { CloudConfig, CloudDriver, CloudProviderName } from '@ts-cloud/core';
+export interface CreateCloudDriverOptions {
+    config: CloudConfig;
+    provider?: CloudProviderName;
+}
+/**
+ * Create a cloud infrastructure driver from configuration.
+ */
+export declare function createCloudDriver(options: CreateCloudDriverOptions): CloudDriver;
+/**
+ * Factory with caching — mirrors DnsProviderFactory.
+ */
+export declare class CloudDriverFactory {
+    private drivers;
+    getDriver(config: CloudConfig, provider?: CloudProviderName): CloudDriver;
+}
+export declare const cloudDrivers: CloudDriverFactory;

package/dist/drivers/hetzner/client.d.ts

@@ -0,0 +1,127 @@
+/**
+ * Hetzner Cloud API client
+ * @see https://docs.hetzner.cloud/
+ */
+export interface HetznerApiErrorBody {
+    error?: {
+        code?: string;
+        message?: string;
+        details?: unknown;
+    };
+}
+export interface HetznerServer {
+    id: number;
+    name: string;
+    status: string;
+    public_net: {
+        ipv4?: {
+            ip: string;
+        };
+        ipv6?: {
+            ip: string;
+        };
+    };
+    private_net?: Array<{
+        ip: string;
+    }>;
+    labels?: Record<string, string>;
+    server_type: {
+        name: string;
+    };
+    datacenter: {
+        name: string;
+        location: {
+            name: string;
+        };
+    };
+}
+export interface HetznerFirewall {
+    id: number;
+    name: string;
+    labels?: Record<string, string>;
+    rules?: HetznerFirewallRule[];
+}
+export interface HetznerFirewallRule {
+    direction: 'in' | 'out';
+    protocol: 'tcp' | 'udp' | 'icmp' | 'esp' | 'gre';
+    port?: string;
+    source_ips: string[];
+    description?: string;
+}
+export interface HetznerSshKey {
+    id: number;
+    name: string;
+    fingerprint: string;
+    public_key: string;
+    labels?: Record<string, string>;
+}
+export interface HetznerAction {
+    id: number;
+    status: 'running' | 'success' | 'error';
+    progress?: number;
+    error?: {
+        code: string;
+        message: string;
+    };
+}
+export interface CreateServerOptions {
+    name: string;
+    serverType: string;
+    image: string;
+    location?: string;
+    datacenter?: string;
+    sshKeys?: number[];
+    userData?: string;
+    labels?: Record<string, string>;
+    firewalls?: Array<{
+        firewall: number;
+    }>;
+}
+export interface CreateFirewallOptions {
+    name: string;
+    rules: HetznerFirewallRule[];
+    labels?: Record<string, string>;
+    applyTo?: Array<{
+        type: 'server';
+        server: number;
+    }>;
+}
+export interface HetznerClientOptions {
+    apiToken: string;
+    baseUrl?: string;
+    fetchImpl?: typeof fetch;
+}
+export declare class HetznerClient {
+    readonly name = "hetzner";
+    private apiToken;
+    private baseUrl;
+    private fetchImpl;
+    constructor(options: HetznerClientOptions);
+    private request;
+    listServers(): Promise<HetznerServer[]>;
+    getServer(id: number): Promise<HetznerServer>;
+    createServer(options: CreateServerOptions): Promise<{
+        server: HetznerServer;
+        action: HetznerAction;
+    }>;
+    deleteServer(id: number): Promise<HetznerAction>;
+    listFirewalls(): Promise<HetznerFirewall[]>;
+    createFirewall(options: CreateFirewallOptions): Promise<{
+        firewall: HetznerFirewall;
+        actions: HetznerAction[];
+    }>;
+    applyFirewallToResources(firewallId: number, applyTo: Array<{
+        type: 'server';
+        server: number;
+    }>): Promise<HetznerAction[]>;
+    listSshKeys(): Promise<HetznerSshKey[]>;
+    waitForAction(actionId: number, options?: {
+        pollIntervalMs?: number;
+        maxWaitMs?: number;
+    }): Promise<HetznerAction>;
+    waitForServerRunning(serverId: number, options?: {
+        pollIntervalMs?: number;
+        maxWaitMs?: number;
+    }): Promise<HetznerServer>;
+}
+export declare function resolveHetznerApiToken(configToken?: string): string;

package/dist/drivers/hetzner/cloud-init.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Ubuntu cloud-init bootstrap for Hetzner compute targets.
+ * Mirrors Compute.UserData.generateBunAppScript but uses apt instead of dnf
+ * and omits AWS CLI (deploys use SCP + SSH).
+ */
+export interface UbuntuBootstrapOptions {
+    runtime?: 'bun' | 'node' | 'deno';
+    runtimeVersion?: string;
+    systemPackages?: string[];
+    database?: 'sqlite' | 'mysql' | 'postgres';
+    caddyfile?: string;
+}
+export declare function generateUbuntuAppCloudInit(options?: UbuntuBootstrapOptions): string;
+/**
+ * Wrap a bash bootstrap script as Hetzner cloud-init user_data (#cloud-config).
+ */
+export declare function wrapCloudInitUserData(bootstrapScript: string): string;

package/dist/drivers/hetzner/driver.d.ts

@@ -0,0 +1,28 @@
+import type { CloudDriver, ComputeStackOutputs, ComputeTarget, FindComputeTargetsOptions, ProvisionComputeOptions, RemoteDeployResult, RunRemoteDeployOptions, UploadReleaseOptions, UploadReleaseResult } from '@ts-cloud/core';
+import { HetznerClient } from './client';
+export interface HetznerDriverOptions {
+    apiToken?: string;
+    sshPrivateKeyPath?: string;
+    sshUser?: string;
+    location?: string;
+    client?: HetznerClient;
+}
+export declare class HetznerDriver implements CloudDriver {
+    readonly name: "hetzner";
+    readonly usesCloudFormation = false;
+    private client;
+    private sshPrivateKeyPath;
+    private sshUser;
+    private location;
+    constructor(options?: HetznerDriverOptions);
+    provisionComputeInfrastructure(options: ProvisionComputeOptions): Promise<ComputeStackOutputs>;
+    getComputeOutputs(options: ProvisionComputeOptions): Promise<ComputeStackOutputs>;
+    uploadRelease(options: UploadReleaseOptions): Promise<UploadReleaseResult>;
+    findComputeTargets(options: FindComputeTargetsOptions): Promise<ComputeTarget[]>;
+    runRemoteDeploy(options: RunRemoteDeployOptions): Promise<RemoteDeployResult>;
+    private outputsFromState;
+    private sshBaseArgs;
+    private scpToHost;
+    private sshExec;
+}
+export declare function resolveHetznerDeployBucketName(slug: string, environment: string): string;

package/dist/drivers/hetzner/firewall-rules.d.ts

@@ -0,0 +1,12 @@
+export interface HetznerFirewallRuleInput {
+    allowSsh?: boolean;
+    sitePorts: number[];
+}
+export type HetznerInboundFirewallRule = {
+    direction: 'in';
+    protocol: 'tcp';
+    port: string;
+    source_ips: string[];
+    description?: string;
+};
+export declare function buildHetznerFirewallRules(config: HetznerFirewallRuleInput): HetznerInboundFirewallRule[];

package/dist/drivers/hetzner/instance-sizes.d.ts

@@ -0,0 +1,10 @@
+import type { InstanceSize } from '@ts-cloud/core';
+/**
+ * Map ts-cloud instance size shorthands to Hetzner Cloud server types.
+ * @see https://www.hetzner.com/cloud
+ */
+export declare const HETZNER_INSTANCE_TYPES: Record<Exclude<InstanceSize, string & {}> | 'micro' | 'small' | 'medium' | 'large' | 'xlarge' | '2xlarge', string>;
+export declare function resolveHetznerServerType(size?: string): string;
+export declare const TS_CLOUD_LABEL_PREFIX = "ts-cloud";
+export declare function tsCloudLabels(slug: string, environment: string, role?: string): Record<string, string>;
+export declare function matchesTsCloudLabels(labels: Record<string, string> | undefined, slug: string, environment: string, role?: string): boolean;

package/dist/drivers/hetzner/state.d.ts

@@ -0,0 +1,13 @@
+export interface HetznerDriverState {
+    provider: 'hetzner';
+    stackName: string;
+    serverId: number;
+    serverName: string;
+    firewallId?: number;
+    publicIp?: string;
+    deployStoragePath?: string;
+    sshUser?: string;
+}
+export declare function driverStatePath(stackName: string): string;
+export declare function readDriverState(stackName: string): Promise<HetznerDriverState | null>;
+export declare function writeDriverState(stackName: string, state: HetznerDriverState): Promise<void>;

package/dist/drivers/index.d.ts

@@ -0,0 +1,8 @@
+export * from './factory';
+export { AwsDriver } from './aws/driver';
+export { HetznerDriver } from './hetzner/driver';
+export { HetznerClient, resolveHetznerApiToken } from './hetzner/client';
+export { generateUbuntuAppCloudInit, wrapCloudInitUserData } from './hetzner/cloud-init';
+export { buildCaddyfile } from './shared/caddyfile';
+export { buildAwsArtifactFetch, buildLocalArtifactFetch, buildSiteDeployScript, resolveExecStart, } from './shared/deploy-script';
+export { deployAllComputeSites, deploySiteRelease } from './shared/compute-deploy';

package/dist/drivers/shared/caddyfile.d.ts

@@ -0,0 +1,6 @@
+import type { SiteConfig } from '@ts-cloud/core';
+/**
+ * Build a Caddyfile from site configs. Sites sharing a domain are grouped;
+ * explicit paths are ordered before catch-all routes.
+ */
+export declare function buildCaddyfile(sites: Record<string, SiteConfig>): string | undefined;

package/dist/drivers/shared/compute-deploy.d.ts

@@ -0,0 +1,25 @@
+import type { CloudConfig, CloudDriver, DeploySiteReleaseOptions, DeploySiteReleaseResult, EnvironmentType } from '@ts-cloud/core';
+export interface ComputeDeployLogger {
+    info(message: string): void;
+    warn(message: string): void;
+    error(message: string): void;
+    step(message: string): void;
+    success(message: string): void;
+}
+/**
+ * Deploy a single site release tarball to compute targets via the active driver.
+ */
+export declare function deploySiteRelease(driver: CloudDriver, options: DeploySiteReleaseOptions, logger?: ComputeDeployLogger): Promise<DeploySiteReleaseResult>;
+export interface DeployAllSitesOptions {
+    config: CloudConfig;
+    environment: EnvironmentType;
+    driver: CloudDriver;
+    sha: string;
+    runtime: 'bun' | 'node' | 'deno';
+    tarballForSite: (siteName: string) => string;
+    logger?: ComputeDeployLogger;
+}
+/**
+ * Deploy every site that declares a `start` command.
+ */
+export declare function deployAllComputeSites(options: DeployAllSitesOptions): Promise<boolean>;

package/dist/drivers/shared/deploy-script.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Shared deploy script helpers for Forge-style compute deploys.
+ */
+/**
+ * Translate a `start` command (e.g. "bun run server.ts") into an absolute
+ * systemd ExecStart by swapping the leading runtime word for its absolute path.
+ */
+export declare function resolveExecStart(start: string, runtime: 'bun' | 'node' | 'deno'): string;
+export interface BuildSiteDeployScriptOptions {
+    siteName: string;
+    slug: string;
+    /** How the remote host obtains the release tarball */
+    artifactFetch: string[];
+    appDir?: string;
+    execStart: string;
+    envEntries: Record<string, string>;
+    port?: number;
+}
+/**
+ * Build the remote shell commands that install/refresh a site on a compute target.
+ */
+export declare function buildSiteDeployScript(options: BuildSiteDeployScriptOptions): string[];
+export declare function buildAwsArtifactFetch(bucket: string, key: string, region: string, siteName: string): string[];
+export declare function buildLocalArtifactFetch(localPath: string, siteName: string): string[];

package/dist/generators/infrastructure.d.ts

@@ -25,6 +25,23 @@ export declare class InfrastructureGenerator {
      */
     private shouldDeploy;
     private resolveApiOriginPort;
+    private defaultComputeCachePathPatterns;
+    private shouldRouteStorageBucketToCompute;
+    private resolveComputeCachePathPatterns;
+    private createComputeCacheBehavior;
+    private appendComputeAppOrigin;
+    /**
+     * Build a Caddyfile from the sites config. Returns undefined when no
+     * site has a `domain` (Caddy install is then skipped — useful for
+     * staging EC2 boxes accessed by raw IP).
+     *
+     * Sites sharing a `domain` collapse into a single block. Within that
+     * block, sites with an explicit `path` get `handle <path>` blocks
+     * (ordered most-specific first so prefix matches take priority); a
+     * site with no `path` (or `path: '/'`) becomes the bare catch-all
+     * `handle` at the end.
+     */
+    private buildCaddyfile;
     private normalizeMountPath;
     private storageBucketLogicalId;
     private pathMountRewriteFunctionCode;

package/dist/index.d.ts

@@ -4,9 +4,13 @@ export { validateTemplate, validateTemplateSize, validateResourceLimits, } from
 export type { ValidationError as TemplateValidationError, ValidationResult as TemplateValidationResult, } from './validation';
 export { AWSClient, CloudFormationClient, CloudFormationClient as AWSCloudFormationClient, CloudFrontClient, CloudFrontClient as AWSCloudFrontClient, EC2Client, S3Client, Route53Client, Route53DomainsClient, ACMClient, ACMDnsValidator, ECRClient, ECSClient, STSClient, SSMClient, SecretsManagerClient, SESClient, EmailClient, SNSClient, SQSClient, LambdaClient, CloudWatchLogsClient, ConnectClient, ELBv2Client, RDSClient, DynamoDBClient, OpenSearchClient, TranscribeClient, BedrockClient, BedrockRuntimeClient, ComprehendClient, RekognitionClient, TextractClient, PollyClient, TranslateClient, PersonalizeClient, KendraClient, EventBridgeClient, ElastiCacheClient, SchedulerClient, IAMClient, ApplicationAutoScalingClient, SmsClient, VoiceClient, SupportClient, EFSClient, } from './aws';
 export type { AWSRequestOptions, AWSClientConfig, AWSError, AWSCredentials as AWSClientCredentials, StackParameter, StackTag, CreateStackOptions, UpdateStackOptions, DescribeStacksOptions, StackEvent, Stack, InvalidationOptions, Distribution, S3SyncOptions, S3CopyOptions, S3ListOptions, S3Object, CertificateDetail, Certificate as ELBv2Certificate, RekognitionS3Object, RekognitionBoundingBox, TextractS3Object, TextractBoundingBox, CountryCode, ContactType, ContactDetail, KendraCreateDataSourceCommandInput, KendraCreateDataSourceCommandOutput, KendraListDataSourcesCommandInput, KendraListDataSourcesCommandOutput, InvokeModelCommandInput, InvokeModelCommandOutput, InvokeModelWithResponseStreamCommandInput, InvokeModelWithResponseStreamCommandOutput, CreateModelCustomizationJobCommandInput, CreateModelCustomizationJobCommandOutput, GetModelCustomizationJobCommandInput, GetModelCustomizationJobCommandOutput, ListFoundationModelsCommandInput, ListFoundationModelsCommandOutput, AttributeValue as DynamoDBAttributeValue, KeySchemaElement, AttributeDefinition as DynamoDBAttributeDefinition, } from './aws';
+export { createObjectStorageClient, providerEndpoint, resolveObjectStorage, } from './object-storage';
+export type { ObjectStorageConfig, ObjectStorageCredentials, ObjectStorageProvider, ResolvedObjectStorage, } from './object-storage';
 export * from './ssl';
 export { deployStaticSite, deployStaticSiteFull, uploadStaticFiles, invalidateCache, deleteStaticSite, generateStaticSiteTemplate, deployStaticSiteWithExternalDns, deployStaticSiteWithExternalDnsFull, generateExternalDnsStaticSiteTemplate, deploySite, } from './deploy';
 export type { StaticSiteConfig, DeployResult, UploadOptions, ExternalDnsStaticSiteConfig, ExternalDnsDeployResult, DeploySiteConfig, DeploySiteResult, StaticSiteDnsProvider, } from './deploy';
+export { createCloudDriver, CloudDriverFactory, cloudDrivers, AwsDriver, HetznerDriver, HetznerClient, resolveHetznerApiToken, generateUbuntuAppCloudInit, wrapCloudInitUserData, buildCaddyfile, buildSiteDeployScript, resolveExecStart, deployAllComputeSites, deploySiteRelease, } from './drivers';
+export type { CreateCloudDriverOptions } from './drivers/factory';
 export { createDnsProvider, detectDnsProvider, DnsProviderFactory, dnsProviders, PorkbunProvider, GoDaddyProvider, Route53Provider, UnifiedDnsValidator, createPorkbunValidator, createGoDaddyValidator, createRoute53Validator, } from './dns';
 export type { DnsProvider, DnsProviderConfig, DnsRecord, DnsRecordType, DnsRecordResult, CreateRecordResult, DeleteRecordResult, ListRecordsResult, } from './dns';
 export * from '@ts-cloud/core';