@ts-cloud/core 0.2.15 → 0.2.17

package/dist/drivers/index.d.ts

@@ -0,0 +1 @@
+export * from './types';

package/dist/drivers/types.d.ts

@@ -0,0 +1,97 @@
+import type { CloudConfig, EnvironmentType, SiteConfig } from '../types';
+export type CloudProviderName = 'aws' | 'hetzner';
+export interface ComputeTarget {
+    id: string;
+    name?: string;
+    publicIp?: string;
+    privateIp?: string;
+    status?: string;
+}
+export interface ComputeStackOutputs {
+    deployBucketName?: string;
+    deployStoragePath?: string;
+    appInstanceId?: string;
+    appPublicIp?: string;
+    sshUser?: string;
+}
+export interface RemoteDeployInstanceResult {
+    instanceId: string;
+    status: string;
+    output?: string;
+    error?: string;
+}
+export interface RemoteDeployResult {
+    success: boolean;
+    instanceCount: number;
+    perInstance: RemoteDeployInstanceResult[];
+    error?: string;
+}
+export interface ProvisionComputeOptions {
+    config: CloudConfig;
+    environment: EnvironmentType;
+}
+export interface FindComputeTargetsOptions {
+    slug: string;
+    environment: EnvironmentType;
+    role?: string;
+}
+export interface UploadReleaseOptions {
+    config: CloudConfig;
+    environment: EnvironmentType;
+    localPath: string;
+    remoteKey: string;
+    targets?: ComputeTarget[];
+}
+export interface UploadReleaseResult {
+    /** Server-local path or remote URI the deploy script reads from */
+    artifactRef: string;
+}
+export interface RunRemoteDeployOptions {
+    targets: ComputeTarget[];
+    commands: string[];
+    comment?: string;
+    timeoutSeconds?: number;
+    tags?: Record<string, string>;
+}
+/**
+ * Cloud infrastructure driver — abstracts compute provisioning and Forge-style
+ * app deploys across providers (AWS EC2+SSM+S3, Hetzner Cloud+SSH, etc.).
+ *
+ * DNS remains provider-agnostic via the separate `DnsProvider` abstraction.
+ */
+export interface CloudDriver {
+    readonly name: CloudProviderName;
+    /** Whether this driver uses CloudFormation for infrastructure */
+    readonly usesCloudFormation: boolean;
+    /** Provision compute infrastructure (Hetzner). AWS uses InfrastructureGenerator + CFN. */
+    provisionComputeInfrastructure?(options: ProvisionComputeOptions): Promise<ComputeStackOutputs>;
+    /** Read outputs needed for deploy (stack outputs, state file, or live API) */
+    getComputeOutputs(options: ProvisionComputeOptions): Promise<ComputeStackOutputs>;
+    /** Upload a release tarball to provider-specific staging storage */
+    uploadRelease(options: UploadReleaseOptions): Promise<UploadReleaseResult>;
+    /** Find compute targets matching project tags/labels */
+    findComputeTargets(options: FindComputeTargetsOptions): Promise<ComputeTarget[]>;
+    /** Run a shell script on every target (SSM, SSH, etc.) */
+    runRemoteDeploy(options: RunRemoteDeployOptions): Promise<RemoteDeployResult>;
+}
+export interface DeploySiteReleaseOptions {
+    config: CloudConfig;
+    environment: EnvironmentType;
+    siteName: string;
+    site: SiteConfig;
+    slug: string;
+    sha: string;
+    runtime: 'bun' | 'node' | 'deno';
+    localTarballPath: string;
+}
+export interface DeploySiteReleaseResult {
+    success: boolean;
+    error?: string;
+    instanceCount?: number;
+    perInstance?: RemoteDeployInstanceResult[];
+}
+/**
+ * Resolve the configured cloud provider. Defaults to AWS for backward compatibility.
+ * Environment-based auto-detection is handled when constructing the Hetzner driver.
+ */
+export declare function resolveCloudProvider(config: CloudConfig): CloudProviderName;

package/dist/index.d.ts

@@ -2,10 +2,12 @@
  * ts-cloud Core - CloudFormation Generator Engine
  */
 export * from './types';
+export * from './drivers';
 export * from './template-builder';
 export { validateTemplate, validateTemplateSize, validateResourceLimits, type ValidationResult, } from './template-validator';
 export { Pseudo } from './intrinsic-functions';
 export * from './resource-naming';
+export * from './stack-naming';
 export * from './dependency-graph';
 export * from './stack-diff';
 export * from './modules';

package/dist/index.js

@@ -1075,6 +1075,14 @@ var RealtimePresets = {
     }
   }
 };
+// src/drivers/types.ts
+function resolveCloudProvider(config) {
+  if (config.cloud?.provider)
+    return config.cloud.provider;
+  if (config.hetzner?.apiToken)
+    return "hetzner";
+  return "aws";
+}
 // src/template-builder.ts
 class TemplateBuilder {
   template;
@@ -1639,6 +1647,29 @@ function getTimestamp() {
 function sanitizeName(name) {
   return name.toLowerCase().replace(/[^a-z0-9-]/g, "-").replace(/^-+|-+$/g, "").replace(/-+/g, "-");
 }
+// src/stack-naming.ts
+function resolveProjectStackName(config, environment) {
+  return config.project.stackName ?? `${config.project.slug}-${environment}`;
+}
+function resolveSiteStackName(config, siteKey, site, environment) {
+  return site.stackName ?? `${config.project.slug}-${environment}-${siteKey}-site`;
+}
+function resolveSiteResourceName(config, siteKey) {
+  return `${config.project.slug}-${siteKey}`;
+}
+function resolveSiteBucketName(slug, environment, siteKey, explicitBucket) {
+  if (explicitBucket)
+    return explicitBucket;
+  if (siteKey === "main")
+    return `${slug}-${environment}-site`;
+  return `${slug}-${environment}-${siteKey}`;
+}
+function resolveStorageBucketName(slug, environment, bucketKey, explicitBucket) {
+  return explicitBucket ?? `${slug}-${environment}-${bucketKey}`;
+}
+function resolveDeployBucketName(slug, environment) {
+  return `${slug}-${environment}-deploy`;
+}
 // src/dependency-graph.ts
 class DependencyGraph {
   nodes = new Map;
@@ -1990,6 +2021,7 @@ class Storage {
   static createBucket(options) {
     const {
       name,
+      bucketName: explicitBucketName,
       slug,
       environment,
       public: isPublic = false,
@@ -2000,7 +2032,7 @@ class Storage {
       cors,
       lifecycleRules
     } = options;
-    const resourceName = generateResourceName({
+    const resourceName = explicitBucketName ?? generateResourceName({
       slug,
       environment,
       resourceType: "s3",
@@ -6138,7 +6170,8 @@ echo "Server setup complete!"
         runtime = "bun",
         runtimeVersion = "latest",
         systemPackages = [],
-        database
+        database,
+        caddyfile
       } = options;
       const packages = new Set(systemPackages);
       if (database === "sqlite")
@@ -6196,7 +6229,57 @@ ln -sf /root/.deno/bin/deno /usr/local/bin/deno
       script += `
 # Reserved root for site deploys (each site lands at /var/www/<site>/)
 mkdir -p /var/www
+`;
+      if (caddyfile) {
+        const escaped = caddyfile.replace(/\$/g, "\\$");
+        script += `
+# Caddy (reverse proxy + automatic TLS via Let's Encrypt)
+ARCH=$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/')
+curl -fsSL "https://caddyserver.com/api/download?os=linux&arch=\${ARCH}" -o /usr/local/bin/caddy
+chmod +x /usr/local/bin/caddy
+
+# Dedicated service account
+getent group caddy >/dev/null || groupadd --system caddy
+getent passwd caddy >/dev/null || useradd --system --gid caddy \\
+  --create-home --home-dir /var/lib/caddy \\
+  --shell /usr/sbin/nologin --comment "Caddy web server" caddy
+
+mkdir -p /etc/caddy /var/lib/caddy /var/log/caddy
+chown -R caddy:caddy /var/lib/caddy /var/log/caddy
+
+cat > /etc/systemd/system/caddy.service <<'CADDY_UNIT_EOF'
+[Unit]
+Description=Caddy
+Documentation=https://caddyserver.com/docs/
+After=network.target network-online.target
+Requires=network-online.target
+
+[Service]
+Type=notify
+User=caddy
+Group=caddy
+ExecStart=/usr/local/bin/caddy run --environ --config /etc/caddy/Caddyfile
+ExecReload=/usr/local/bin/caddy reload --config /etc/caddy/Caddyfile --force
+TimeoutStopSec=5s
+LimitNOFILE=1048576
+PrivateTmp=true
+ProtectSystem=full
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target
+CADDY_UNIT_EOF
+
+cat > /etc/caddy/Caddyfile <<'CADDY_CONFIG_EOF'
+${escaped}
+CADDY_CONFIG_EOF
 
+systemctl daemon-reload
+systemctl enable caddy
+systemctl start caddy
+`;
+      }
+      script += `
 echo "ts-cloud bootstrap complete — instance is ready for site deploys"
 `;
       return script;
@@ -12678,8 +12761,8 @@ class Messaging {
     return topic;
   }
   static FilterPolicies = {
-    eventType: (types) => ({
-      eventType: types
+    eventType: (types2) => ({
+      eventType: types2
     }),
     status: (statuses) => ({
       status: statuses
@@ -45350,8 +45433,15 @@ export {
   route53RoutingManager,
   route53ResolverManager,
   resourceManagementManager,
+  resolveStorageBucketName,
+  resolveSiteStackName,
+  resolveSiteResourceName,
+  resolveSiteBucketName,
   resolveRegion,
+  resolveProjectStackName,
+  resolveDeployBucketName,
   resolveCredentials,
+  resolveCloudProvider,
   requiresReplacement,
   replicaManager,
   regionPairManager,

package/dist/modules/compute.d.ts

@@ -1149,6 +1149,13 @@ export declare class Compute {
             runtimeVersion?: string;
             systemPackages?: string[];
             database?: "sqlite" | "mysql" | "postgres";
+            /**
+             * Caddyfile content. When set, installs Caddy and configures it as
+             * a reverse proxy + TLS terminator using the supplied Caddyfile.
+             * Caddy auto-fetches Let's Encrypt certs for any site block whose
+             * address is a public hostname pointed at this instance.
+             */
+            caddyfile?: string;
         }) => string;
         /**
          * Individual installation scripts

package/dist/stack-naming.d.ts

@@ -0,0 +1,31 @@
+import type { CloudConfig, EnvironmentType, SiteConfig } from './types';
+/**
+ * CloudFormation stack for project-wide infrastructure (VPC, compute, shared storage).
+ * Convention: `{slug}-{environment}` (e.g. `pantry-production`).
+ */
+export declare function resolveProjectStackName(config: Pick<CloudConfig, 'project'>, environment: EnvironmentType): string;
+/**
+ * CloudFormation stack for a static site (S3 + CloudFront + ACM).
+ * Convention: `{slug}-{environment}-{siteKey}-site` (e.g. `pantry-production-main-site`).
+ */
+export declare function resolveSiteStackName(config: Pick<CloudConfig, 'project'>, siteKey: string, site: Pick<SiteConfig, 'stackName'>, environment: EnvironmentType): string;
+/**
+ * Prefix for site-scoped AWS resource names (deploy tarball paths, systemd units, etc.).
+ * Convention: `{slug}-{siteKey}` (e.g. `pantry-main`).
+ */
+export declare function resolveSiteResourceName(config: Pick<CloudConfig, 'project'>, siteKey: string): string;
+/**
+ * S3 bucket for a site (install script / static assets).
+ * Convention: `{slug}-{environment}-site` (e.g. `pantry-production-site`).
+ */
+export declare function resolveSiteBucketName(slug: string, environment: EnvironmentType, siteKey: string, explicitBucket?: string): string;
+/**
+ * S3 bucket name for a storage block in infrastructure.storage.
+ * Convention: `{slug}-{environment}-{bucketKey}` unless `bucket` is set on the item.
+ */
+export declare function resolveStorageBucketName(slug: string, environment: EnvironmentType, bucketKey: string, explicitBucket?: string): string;
+/**
+ * Deploy staging bucket for compute app releases.
+ * Convention: `{slug}-{environment}-deploy`.
+ */
+export declare function resolveDeployBucketName(slug: string, environment: EnvironmentType): string;

package/dist/types.d.ts

@@ -1,3 +1,59 @@
+/**
+ * Top-level cloud provider selection
+ */
+export interface CloudProviderConfig {
+    /**
+     * Infrastructure provider for compute and related resources.
+     * @default 'aws'
+     */
+    provider?: 'aws' | 'hetzner';
+}
+/**
+ * Object storage provider selection.
+ *
+ * AWS S3, Backblaze B2 and Hetzner Object Storage are all S3-compatible, so the
+ * same client drives any of them — only the endpoint, addressing style and
+ * credentials differ. Choose a provider to move object storage (static assets,
+ * release artifacts, registry tarballs/binaries) off AWS S3 for cost without
+ * touching the rest of the deployment.
+ */
+export interface ObjectStorageConfig {
+    /**
+     * Object storage provider.
+     * @default 'aws'
+     */
+    provider?: 'aws' | 'backblaze' | 'hetzner';
+    /**
+     * Region / location slug. Provider-specific default when omitted
+     * (aws: us-east-1, backblaze: us-west-004, hetzner: fsn1).
+     */
+    region?: string;
+    /**
+     * Endpoint host override (no scheme), e.g. `s3.us-west-004.backblazeb2.com`.
+     * Defaults to the provider's standard endpoint for the region.
+     */
+    endpoint?: string;
+    /**
+     * Force path-style addressing (bucket in the path) instead of virtual-hosted.
+     * @default false
+     */
+    forcePathStyle?: boolean;
+}
+/**
+ * Hetzner Cloud configuration
+ */
+export interface HetznerConfig {
+    /** Hetzner Cloud API token (falls back to HCLOUD_TOKEN / HETZNER_API_TOKEN) */
+    apiToken?: string;
+    /** Location slug, e.g. fsn1, nbg1, hel1 @default 'fsn1' */
+    location?: string;
+    /** Server image slug @default 'ubuntu-24.04' */
+    image?: string;
+    /** Path to SSH private key used for deploy commands @default ~/.ssh/id_ed25519 */
+    sshPrivateKeyPath?: string;
+    /** SSH user for deploy commands @default 'root' */
+    sshUser?: string;
+}
 /**
  * AWS-specific configuration
  */
@@ -25,6 +81,20 @@ export interface CloudConfig {
      * AWS-specific configuration
      */
     aws?: AwsConfig;
+    /**
+     * Cloud provider selection (AWS, Hetzner, …)
+     */
+    cloud?: CloudProviderConfig;
+    /**
+     * Hetzner Cloud configuration (when cloud.provider is 'hetzner')
+     */
+    hetzner?: HetznerConfig;
+    /**
+     * Object storage provider selection (AWS S3, Backblaze B2, Hetzner Object Storage).
+     * Independent of `cloud.provider` — you can run compute on AWS while keeping
+     * object storage on Backblaze, for example.
+     */
+    objectStorage?: ObjectStorageConfig;
     /**
      * Feature flags to enable/disable resources conditionally
      * Example: { enableCache: true, enableMonitoring: false }
@@ -54,6 +124,11 @@ export interface ProjectConfig {
     name: string;
     slug: string;
     region: string;
+    /**
+     * Override the main CloudFormation stack name.
+     * Default: `{slug}-{environment}` (e.g. `pantry-production`).
+     */
+    stackName?: string;
 }
 /**
  * Deployment mode (optional)
@@ -151,6 +226,12 @@ export interface MessagingConfig {
     }>;
 }
 export interface InfrastructureConfig {
+    /**
+     * When false, `cloud deploy` skips the main CloudFormation stack and only runs
+     * site deploys, compute sync, and hooks. Use when infrastructure is managed
+     * elsewhere (e.g. registry EC2 via SSH) but site CDN/S3 still uses ts-cloud.
+     */
+    deployStack?: boolean;
     vpc?: VpcConfig;
     /**
      * Network/VPC configuration
@@ -619,8 +700,16 @@ export interface SiteConfig {
     path?: string;
     /** Custom domain for the site (e.g., 'stage.easyotc.com') */
     domain?: string;
-    /** S3 bucket name (auto-generated from domain if not provided) */
+    /**
+     * S3 bucket name. Default: `{slug}-{environment}-site` for `main`,
+     * else `{slug}-{environment}-{siteKey}`.
+     */
     bucket?: string;
+    /**
+     * CloudFormation stack for this site's S3 + CloudFront infrastructure.
+     * Default: `{slug}-{environment}-{siteKey}-site` (e.g. `pantry-production-main-site`).
+     */
+    stackName?: string;
     /** SSL certificate ARN (auto-created if not provided) */
     certificateArn?: string;
     /** Build command to run before deployment (e.g., 'bun run generate', 'npm run build') */
@@ -811,6 +900,10 @@ export interface AlarmItemConfig {
     service?: string;
 }
 export interface StorageItemConfig {
+    /**
+     * Physical S3 bucket name. When omitted, defaults to `{slug}-{environment}-{key}`.
+     */
+    bucket?: string;
     /**
      * Make bucket publicly accessible
      */
@@ -851,6 +944,16 @@ export interface StorageItemConfig {
      * and 403/404 errors return a proper 404 page. This is correct for multi-page SSG sites.
      */
     spa?: boolean;
+    /**
+     * Route dynamic app paths to the compute server (EC2) via CloudFront cache behaviors.
+     * The `public` bucket enables this automatically; set explicitly for other bucket names.
+     */
+    routeCompute?: boolean;
+    /**
+     * CloudFront path patterns forwarded to compute (POST/PUT/PATCH/DELETE allowed).
+     * Used when `routeCompute` is true. Defaults to a registry-style path set when omitted.
+     */
+    computeRoutes?: string[];
     /**
      * Root directory containing the built static files to upload (e.g., 'dist', '.output/public').
      * When set, `cloud deploy` will auto-upload files from this directory to the S3 bucket
@@ -1145,6 +1248,15 @@ export interface ComputeConfig {
      * If not specified, uses the provider's default Linux image
      */
     image?: string;
+    /**
+     * CloudFront custom origin for the registry/app server (when the site stack
+     * fronts EC2 instead of S3-only). Use the EC2 public DNS name, not a raw IP.
+     */
+    cloudFrontOriginDomain?: string;
+    /** HTTP port on the compute origin. @default 3008 */
+    cloudFrontOriginPort?: number;
+    /** Stable CloudFront origin Id (preserve across stack updates). @default `{slug}-compute` */
+    cloudFrontOriginId?: string;
     /**
      * Server mode (EC2) configuration
      */
@@ -1457,6 +1569,14 @@ export interface CdnItemConfig {
         functionArn?: string;
         name?: string;
     }>;
+    /**
+     * Forward dynamic paths to the compute app (EC2) in addition to the S3 origin.
+     */
+    routeCompute?: boolean;
+    /**
+     * CloudFront path patterns for compute routing. See `StorageConfig.computeRoutes`.
+     */
+    computeRoutes?: string[];
 }
 /**
  * Lambda trigger configuration for SQS queues

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ts-cloud/core",
-  "version": "0.2.15",
+  "version": "0.2.17",
   "type": "module",
   "description": "Core CloudFormation generation library for ts-cloud",
   "author": "Chris Breuer <chris@stacksjs.com>",
@@ -31,7 +31,7 @@
     "typecheck": "tsc --noEmit"
   },
   "dependencies": {
-    "@ts-cloud/aws-types": "0.2.15"
+    "@ts-cloud/aws-types": "0.2.17"
   },
   "devDependencies": {
     "typescript": "^5.9.3"