create-aws-project 1.5.0 → 1.6.0

package/README.md

@@ -69,6 +69,7 @@ The interactive wizard will ask you about:
    - VS Code workspace configuration
 6. **AWS region** - Where to deploy your infrastructure
 7. **Brand color** - Theme color for your UI (blue, purple, teal, green, orange)
+8. **GitHub repository** *(optional)* - Provide a repo URL to git init, commit, and push automatically. Press Enter to skip.
 
 ## Requirements
 
@@ -84,32 +85,9 @@ After creating your project, you'll set up AWS environments and GitHub deploymen
 
 Before you begin:
 - AWS CLI configured with credentials from your AWS management account
-- GitHub repository created for your project
 - GitHub Personal Access Token with "repo" scope ([create one here](https://github.com/settings/tokens/new))
 
-### Step 1: connect to your .git project
-
-* Initialize the repository
-```
-git init
-```
-
-* Add the remote repository using the git remote add <name> <url> command. A common practice is to name it origin.
-```bash
-git remote add origin <REMOTE_URL>
-```
-
-* Verify the connection by listing your remotes. The -v flag shows the URLs.
-```bash
-git remote -v
-```
-
-* Push your local commits to the remote repository for the first time.
-```bash
-git push -u origin main
-```
-
-### Step 2: Set Up AWS Environments
+### Step 1: Set Up AWS Environments
 
 From your project directory, run:
 
@@ -136,7 +114,7 @@ AWS environment setup complete!
 
 Account IDs are saved to `.aws-starter-config.json` for the next step.
 
-### Step 3: Configure GitHub Environments
+### Step 2: Configure GitHub Environments
 
 For each environment, run:
 

package/dist/__tests__/aws/cdk-bootstrap.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/__tests__/aws/cdk-bootstrap.spec.js

@@ -0,0 +1,266 @@
+import { describe, it, expect, jest, beforeEach } from '@jest/globals';
+// Mock execa
+const mockExeca = jest.fn();
+jest.unstable_mockModule('execa', () => ({
+    execa: mockExeca,
+}));
+// Mock AWS SDK STS client
+/* eslint-disable @typescript-eslint/no-explicit-any */
+const mockSTSSend = jest.fn();
+const mockAssumeRoleCommand = jest.fn();
+/* eslint-enable @typescript-eslint/no-explicit-any */
+/* eslint-disable @typescript-eslint/no-explicit-any */
+jest.unstable_mockModule('@aws-sdk/client-sts', () => {
+    class MockSTSClient {
+        send = mockSTSSend;
+    }
+    return {
+        STSClient: MockSTSClient,
+        AssumeRoleCommand: mockAssumeRoleCommand,
+    };
+});
+/* eslint-enable @typescript-eslint/no-explicit-any */
+// Mock ora (for spinner type)
+const mockOra = {
+    text: '',
+    succeed: jest.fn(),
+    fail: jest.fn(),
+};
+const { bootstrapCDKEnvironment, bootstrapAllEnvironments } = await import('../../aws/cdk-bootstrap.js');
+describe('cdk-bootstrap', () => {
+    beforeEach(() => {
+        jest.clearAllMocks();
+        mockOra.text = '';
+        // Mock AssumeRoleCommand to return the input
+        mockAssumeRoleCommand.mockImplementation((input) => input);
+    });
+    describe('bootstrapCDKEnvironment', () => {
+        it('calls execa with correct npx cdk bootstrap command', async () => {
+            mockExeca.mockResolvedValue({ all: 'Bootstrap successful' });
+            await bootstrapCDKEnvironment({
+                accountId: '123456789012',
+                region: 'us-west-2',
+                credentials: {
+                    accessKeyId: 'AKIATEST',
+                    secretAccessKey: 'secret123',
+                    sessionToken: 'token123',
+                },
+            });
+            expect(mockExeca).toHaveBeenCalledWith('npx', [
+                'cdk',
+                'bootstrap',
+                'aws://123456789012/us-west-2',
+                '--trust',
+                '123456789012',
+                '--cloudformation-execution-policies',
+                'arn:aws:iam::aws:policy/AdministratorAccess',
+                '--require-approval',
+                'never',
+            ], expect.objectContaining({
+                all: true,
+            }));
+        });
+        it('passes credentials as environment variables', async () => {
+            mockExeca.mockResolvedValue({ all: 'Bootstrap successful' });
+            await bootstrapCDKEnvironment({
+                accountId: '123456789012',
+                region: 'us-west-2',
+                credentials: {
+                    accessKeyId: 'AKIATEST',
+                    secretAccessKey: 'secret123',
+                    sessionToken: 'token123',
+                },
+            });
+            const callArgs = mockExeca.mock.calls[0];
+            const options = callArgs[2];
+            expect(options.env).toBeDefined();
+            expect(options.env?.AWS_ACCESS_KEY_ID).toBe('AKIATEST');
+            expect(options.env?.AWS_SECRET_ACCESS_KEY).toBe('secret123');
+            expect(options.env?.AWS_SESSION_TOKEN).toBe('token123');
+            expect(options.env?.AWS_REGION).toBe('us-west-2');
+        });
+        it('omits session token from env if not provided', async () => {
+            mockExeca.mockResolvedValue({ all: 'Bootstrap successful' });
+            await bootstrapCDKEnvironment({
+                accountId: '123456789012',
+                region: 'us-west-2',
+                credentials: {
+                    accessKeyId: 'AKIATEST',
+                    secretAccessKey: 'secret123',
+                },
+            });
+            const callArgs = mockExeca.mock.calls[0];
+            const options = callArgs[2];
+            expect(options.env).toBeDefined();
+            expect(options.env?.AWS_ACCESS_KEY_ID).toBe('AKIATEST');
+            expect(options.env?.AWS_SECRET_ACCESS_KEY).toBe('secret123');
+            expect(options.env?.AWS_SESSION_TOKEN).toBeUndefined();
+            expect(options.env?.AWS_REGION).toBe('us-west-2');
+        });
+        it('returns success result on successful execution', async () => {
+            mockExeca.mockResolvedValue({ all: 'Bootstrap successful' });
+            const result = await bootstrapCDKEnvironment({
+                accountId: '123456789012',
+                region: 'us-west-2',
+                credentials: {
+                    accessKeyId: 'AKIATEST',
+                    secretAccessKey: 'secret123',
+                },
+            });
+            expect(result.success).toBe(true);
+            expect(result.output).toBe('Bootstrap successful');
+        });
+        it('returns failure result with output on error', async () => {
+            const error = new Error('Bootstrap failed');
+            error.all = 'Error: Stack already exists';
+            mockExeca.mockRejectedValue(error);
+            const result = await bootstrapCDKEnvironment({
+                accountId: '123456789012',
+                region: 'us-west-2',
+                credentials: {
+                    accessKeyId: 'AKIATEST',
+                    secretAccessKey: 'secret123',
+                },
+            });
+            expect(result.success).toBe(false);
+            expect(result.output).toBe('Error: Stack already exists');
+        });
+        it('uses error message if all property not available', async () => {
+            const error = new Error('Bootstrap failed');
+            mockExeca.mockRejectedValue(error);
+            const result = await bootstrapCDKEnvironment({
+                accountId: '123456789012',
+                region: 'us-west-2',
+                credentials: {
+                    accessKeyId: 'AKIATEST',
+                    secretAccessKey: 'secret123',
+                },
+            });
+            expect(result.success).toBe(false);
+            expect(result.output).toBe('Bootstrap failed');
+        });
+    });
+    describe('bootstrapAllEnvironments', () => {
+        beforeEach(() => {
+            // Mock successful STS AssumeRole responses
+            mockSTSSend.mockResolvedValue({
+                Credentials: {
+                    AccessKeyId: 'ASIATEMP123',
+                    SecretAccessKey: 'tempsecret123',
+                    SessionToken: 'temptoken123',
+                },
+            });
+            // Mock successful bootstrap
+            mockExeca.mockResolvedValue({ all: 'Bootstrap successful' });
+        });
+        it('calls bootstrapCDKEnvironment for each environment', async () => {
+            await bootstrapAllEnvironments({
+                accounts: {
+                    dev: '111111111111',
+                    stage: '222222222222',
+                    prod: '333333333333',
+                },
+                region: 'us-east-1',
+                adminCredentials: {
+                    accessKeyId: 'AKIAADMIN',
+                    secretAccessKey: 'adminsecret',
+                },
+                spinner: mockOra, // eslint-disable-line @typescript-eslint/no-explicit-any
+            });
+            // Should call execa 3 times (once per environment)
+            expect(mockExeca).toHaveBeenCalledTimes(3);
+            // Verify each environment was bootstrapped
+            expect(mockExeca).toHaveBeenCalledWith('npx', expect.arrayContaining(['aws://111111111111/us-east-1']), expect.any(Object));
+            expect(mockExeca).toHaveBeenCalledWith('npx', expect.arrayContaining(['aws://222222222222/us-east-1']), expect.any(Object));
+            expect(mockExeca).toHaveBeenCalledWith('npx', expect.arrayContaining(['aws://333333333333/us-east-1']), expect.any(Object));
+        });
+        it('assumes OrganizationAccountAccessRole for each account', async () => {
+            await bootstrapAllEnvironments({
+                accounts: {
+                    dev: '111111111111',
+                    stage: '222222222222',
+                    prod: '333333333333',
+                },
+                region: 'us-east-1',
+                adminCredentials: {
+                    accessKeyId: 'AKIAADMIN',
+                    secretAccessKey: 'adminsecret',
+                },
+                spinner: mockOra, // eslint-disable-line @typescript-eslint/no-explicit-any
+            });
+            // Should call AssumeRoleCommand 3 times (once per environment)
+            expect(mockAssumeRoleCommand).toHaveBeenCalledTimes(3);
+            // Verify role ARNs for each environment
+            const calls = mockAssumeRoleCommand.mock.calls;
+            expect(calls[0][0].RoleArn).toBe('arn:aws:iam::111111111111:role/OrganizationAccountAccessRole');
+            expect(calls[1][0].RoleArn).toBe('arn:aws:iam::222222222222:role/OrganizationAccountAccessRole');
+            expect(calls[2][0].RoleArn).toBe('arn:aws:iam::333333333333:role/OrganizationAccountAccessRole');
+        });
+        it('updates spinner text for each environment', async () => {
+            await bootstrapAllEnvironments({
+                accounts: {
+                    dev: '111111111111',
+                    stage: '222222222222',
+                    prod: '333333333333',
+                },
+                region: 'us-east-1',
+                adminCredentials: {
+                    accessKeyId: 'AKIAADMIN',
+                    secretAccessKey: 'adminsecret',
+                },
+                spinner: mockOra, // eslint-disable-line @typescript-eslint/no-explicit-any
+            });
+            expect(mockOra.succeed).toHaveBeenCalledTimes(3);
+            expect(mockOra.succeed).toHaveBeenCalledWith('CDK bootstrapped in dev account (111111111111)');
+            expect(mockOra.succeed).toHaveBeenCalledWith('CDK bootstrapped in stage account (222222222222)');
+            expect(mockOra.succeed).toHaveBeenCalledWith('CDK bootstrapped in prod account (333333333333)');
+        });
+        it('throws error and fails spinner if bootstrap fails', async () => {
+            mockExeca.mockResolvedValueOnce({ all: 'Success' }); // dev succeeds
+            mockExeca.mockRejectedValueOnce({
+                all: 'Error: CDK bootstrap failed',
+                message: 'Error: CDK bootstrap failed',
+            }); // stage fails
+            await expect(bootstrapAllEnvironments({
+                accounts: {
+                    dev: '111111111111',
+                    stage: '222222222222',
+                    prod: '333333333333',
+                },
+                region: 'us-east-1',
+                adminCredentials: null,
+                spinner: mockOra, // eslint-disable-line @typescript-eslint/no-explicit-any
+            })).rejects.toThrow('CDK bootstrap failed in stage account');
+            expect(mockOra.fail).toHaveBeenCalledWith('CDK bootstrap failed in stage account');
+        });
+        it('works with null adminCredentials (uses default credentials)', async () => {
+            await bootstrapAllEnvironments({
+                accounts: {
+                    dev: '111111111111',
+                },
+                region: 'us-east-1',
+                adminCredentials: null,
+                spinner: mockOra, // eslint-disable-line @typescript-eslint/no-explicit-any
+            });
+            expect(mockSTSSend).toHaveBeenCalled();
+            expect(mockExeca).toHaveBeenCalled();
+        });
+        it('skips environments with missing account IDs', async () => {
+            await bootstrapAllEnvironments({
+                accounts: {
+                    dev: '111111111111',
+                    // stage missing
+                    prod: '333333333333',
+                },
+                region: 'us-east-1',
+                adminCredentials: {
+                    accessKeyId: 'AKIAADMIN',
+                    secretAccessKey: 'adminsecret',
+                },
+                spinner: mockOra, // eslint-disable-line @typescript-eslint/no-explicit-any
+            });
+            // Should only call execa twice (dev and prod, skip stage)
+            expect(mockExeca).toHaveBeenCalledTimes(2);
+        });
+    });
+});

package/dist/__tests__/aws/root-credentials.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/__tests__/aws/root-credentials.spec.js

@@ -0,0 +1,230 @@
+import { describe, it, expect, jest, beforeEach, afterEach } from '@jest/globals';
+// Mock getAccessKeyCount from iam.ts
+const mockGetAccessKeyCount = jest.fn();
+jest.unstable_mockModule('../../aws/iam.js', () => ({
+    getAccessKeyCount: mockGetAccessKeyCount,
+}));
+// Mock AWS SDK clients
+/* eslint-disable @typescript-eslint/no-explicit-any */
+const mockSTSSend = jest.fn();
+const mockIAMSend = jest.fn();
+/* eslint-enable @typescript-eslint/no-explicit-any */
+/* eslint-disable @typescript-eslint/no-explicit-any */
+jest.unstable_mockModule('@aws-sdk/client-sts', () => {
+    class MockSTSClient {
+        send = mockSTSSend;
+    }
+    return {
+        STSClient: MockSTSClient,
+        GetCallerIdentityCommand: jest.fn((input) => input),
+    };
+});
+jest.unstable_mockModule('@aws-sdk/client-iam', () => {
+    class MockIAMClient {
+        send = mockIAMSend;
+    }
+    class NoSuchEntityException extends Error {
+        constructor(message) {
+            super(message);
+            this.name = 'NoSuchEntityException';
+        }
+    }
+    return {
+        IAMClient: MockIAMClient,
+        CreateUserCommand: jest.fn((input) => input),
+        GetUserCommand: jest.fn((input) => input),
+        AttachUserPolicyCommand: jest.fn((input) => input),
+        CreateAccessKeyCommand: jest.fn((input) => input),
+        ListUserTagsCommand: jest.fn((input) => input),
+        NoSuchEntityException,
+    };
+});
+/* eslint-enable @typescript-eslint/no-explicit-any */
+const { isRootUser, detectRootCredentials, retryWithBackoff, createOrAdoptAdminUser, } = await import('../../aws/root-credentials.js');
+describe('root-credentials', () => {
+    describe('isRootUser', () => {
+        it('returns true for root ARN', () => {
+            expect(isRootUser('arn:aws:iam::123456789012:root')).toBe(true);
+        });
+        it('returns false for IAM user ARN', () => {
+            expect(isRootUser('arn:aws:iam::123456789012:user/admin')).toBe(false);
+        });
+        it('returns false for different IAM user', () => {
+            expect(isRootUser('arn:aws:iam::123456789012:user/deploy')).toBe(false);
+        });
+        it('returns false for assumed role ARN', () => {
+            expect(isRootUser('arn:aws:sts::123456789012:assumed-role/role-name/session')).toBe(false);
+        });
+        it('returns false for empty string', () => {
+            expect(isRootUser('')).toBe(false);
+        });
+    });
+    describe('detectRootCredentials', () => {
+        beforeEach(() => {
+            jest.clearAllMocks();
+        });
+        it('detects root credentials correctly', async () => {
+            mockSTSSend.mockResolvedValueOnce({
+                Arn: 'arn:aws:iam::123456789012:root',
+                Account: '123456789012',
+                UserId: '123456789012',
+            });
+            const result = await detectRootCredentials('us-east-1');
+            expect(result.arn).toBe('arn:aws:iam::123456789012:root');
+            expect(result.accountId).toBe('123456789012');
+            expect(result.userId).toBe('123456789012');
+            expect(result.isRoot).toBe(true);
+        });
+        it('detects IAM user credentials correctly', async () => {
+            mockSTSSend.mockResolvedValueOnce({
+                Arn: 'arn:aws:iam::123456789012:user/admin',
+                Account: '123456789012',
+                UserId: 'AIDACKCEVSQ6C2EXAMPLE',
+            });
+            const result = await detectRootCredentials('us-east-1');
+            expect(result.isRoot).toBe(false);
+        });
+        it('propagates errors from STS', async () => {
+            mockSTSSend.mockRejectedValueOnce(new Error('Access denied'));
+            await expect(detectRootCredentials('us-east-1')).rejects.toThrow('Access denied');
+        });
+    });
+    describe('retryWithBackoff', () => {
+        beforeEach(() => {
+            jest.useFakeTimers();
+        });
+        afterEach(() => {
+            jest.useRealTimers();
+        });
+        it('returns result on first success', async () => {
+            const fn = jest.fn().mockResolvedValue('success');
+            const promise = retryWithBackoff(fn, { baseDelayMs: 10 });
+            await jest.runAllTimersAsync();
+            const result = await promise;
+            expect(result).toBe('success');
+            expect(fn).toHaveBeenCalledTimes(1);
+        });
+        it('retries on failure and eventually succeeds', async () => {
+            const fn = jest.fn()
+                .mockRejectedValueOnce(new Error('Fail 1'))
+                .mockRejectedValueOnce(new Error('Fail 2'))
+                .mockResolvedValue('success');
+            const promise = retryWithBackoff(fn, { baseDelayMs: 10, maxRetries: 5 });
+            await jest.runAllTimersAsync();
+            const result = await promise;
+            expect(result).toBe('success');
+            expect(fn).toHaveBeenCalledTimes(3);
+        });
+        it('throws last error after all retries fail', async () => {
+            const fn = jest.fn();
+            fn.mockRejectedValue(new Error('Permanent failure'));
+            const promise = retryWithBackoff(fn, { baseDelayMs: 10, maxRetries: 2 });
+            jest.runAllTimersAsync();
+            try {
+                await promise;
+                throw new Error('Should have thrown');
+            }
+            catch (error) {
+                expect(error).toBeInstanceOf(Error);
+                expect(error.message).toBe('Permanent failure');
+            }
+            expect(fn).toHaveBeenCalledTimes(3); // Initial + 2 retries
+        });
+        it('respects maxRetries option', async () => {
+            const fn = jest.fn();
+            fn.mockRejectedValue(new Error('Always fails'));
+            const promise = retryWithBackoff(fn, { baseDelayMs: 10, maxRetries: 3 });
+            jest.runAllTimersAsync();
+            try {
+                await promise;
+                throw new Error('Should have thrown');
+            }
+            catch (error) {
+                expect(error).toBeInstanceOf(Error);
+                expect(error.message).toBe('Always fails');
+            }
+            expect(fn).toHaveBeenCalledTimes(4); // Initial + 3 retries
+        });
+    });
+    describe('createOrAdoptAdminUser', () => {
+        beforeEach(() => {
+            jest.clearAllMocks();
+            mockGetAccessKeyCount.mockReset();
+        });
+        it('creates new admin user when user does not exist', async () => {
+            // Import the mocked IAMClient and exception class
+            const { IAMClient, NoSuchEntityException } = await import('@aws-sdk/client-iam');
+            const mockIAMClient = new IAMClient({ region: 'us-east-1' });
+            // Use the mocked NoSuchEntityException class
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            const noSuchEntityError = new NoSuchEntityException('User does not exist');
+            mockIAMSend
+                .mockRejectedValueOnce(noSuchEntityError) // GetUserCommand throws
+                .mockResolvedValueOnce({}) // CreateUserCommand succeeds
+                .mockResolvedValueOnce({}) // AttachUserPolicyCommand succeeds
+                .mockResolvedValueOnce({
+                // CreateAccessKeyCommand succeeds
+                AccessKey: {
+                    AccessKeyId: 'AKIAIOSFODNN7EXAMPLE',
+                    SecretAccessKey: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
+                },
+            });
+            mockGetAccessKeyCount.mockResolvedValue(0);
+            const result = await createOrAdoptAdminUser(mockIAMClient, 'test-project');
+            expect(result.userName).toBe('test-project-admin');
+            expect(result.accessKeyId).toBe('AKIAIOSFODNN7EXAMPLE');
+            expect(result.secretAccessKey).toBe('wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY');
+            expect(result.adopted).toBe(false);
+            // Verify commands were called in order
+            expect(mockIAMSend).toHaveBeenCalledTimes(4);
+        });
+        it('adopts existing managed user with no keys', async () => {
+            const { IAMClient } = await import('@aws-sdk/client-iam');
+            const mockIAMClient = new IAMClient({ region: 'us-east-1' });
+            mockIAMSend
+                .mockResolvedValueOnce({}) // GetUserCommand succeeds
+                .mockResolvedValueOnce({
+                // ListUserTagsCommand returns ManagedBy tag
+                Tags: [
+                    { Key: 'ManagedBy', Value: 'create-aws-starter-kit' },
+                    { Key: 'Purpose', Value: 'CLI Admin' },
+                ],
+            })
+                .mockResolvedValueOnce({
+                // CreateAccessKeyCommand succeeds
+                AccessKey: {
+                    AccessKeyId: 'AKIAIOSFODNN7EXAMPLE',
+                    SecretAccessKey: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
+                },
+            });
+            mockGetAccessKeyCount.mockResolvedValue(0);
+            const result = await createOrAdoptAdminUser(mockIAMClient, 'test-project');
+            expect(result.userName).toBe('test-project-admin');
+            expect(result.adopted).toBe(true);
+            expect(mockIAMSend).toHaveBeenCalledTimes(3);
+        });
+        it('throws error when existing user is not managed by us', async () => {
+            const { IAMClient } = await import('@aws-sdk/client-iam');
+            const mockIAMClient = new IAMClient({ region: 'us-east-1' });
+            mockIAMSend
+                .mockResolvedValueOnce({}) // GetUserCommand succeeds
+                .mockResolvedValueOnce({
+                // ListUserTagsCommand returns different tag
+                Tags: [{ Key: 'Owner', Value: 'SomeoneElse' }],
+            });
+            await expect(createOrAdoptAdminUser(mockIAMClient, 'test-project')).rejects.toThrow('IAM user "test-project-admin" exists but was not created by this tool');
+        });
+        it('throws error when existing managed user has keys', async () => {
+            const { IAMClient } = await import('@aws-sdk/client-iam');
+            const mockIAMClient = new IAMClient({ region: 'us-east-1' });
+            mockIAMSend
+                .mockResolvedValueOnce({}) // GetUserCommand succeeds
+                .mockResolvedValueOnce({
+                // ListUserTagsCommand returns ManagedBy tag
+                Tags: [{ Key: 'ManagedBy', Value: 'create-aws-starter-kit' }],
+            });
+            mockGetAccessKeyCount.mockResolvedValue(1);
+            await expect(createOrAdoptAdminUser(mockIAMClient, 'test-project')).rejects.toThrow('IAM user "test-project-admin" already exists with 1 access key');
+        });
+    });
+});

package/dist/aws/cdk-bootstrap.d.ts

@@ -0,0 +1,77 @@
+import type { Ora } from 'ora';
+/**
+ * Credentials for AWS API operations
+ */
+export interface AWSCredentials {
+    accessKeyId: string;
+    secretAccessKey: string;
+    sessionToken?: string;
+}
+/**
+ * Options for bootstrapping a single CDK environment
+ */
+export interface BootstrapCDKEnvironmentOptions {
+    accountId: string;
+    region: string;
+    credentials: AWSCredentials;
+}
+/**
+ * Result of a CDK bootstrap operation
+ */
+export interface BootstrapResult {
+    success: boolean;
+    output: string;
+}
+/**
+ * Options for bootstrapping all environments
+ */
+export interface BootstrapAllEnvironmentsOptions {
+    accounts: Record<string, string>;
+    region: string;
+    adminCredentials: AWSCredentials | null;
+    spinner: Ora;
+}
+/**
+ * Bootstraps AWS CDK in a single environment account
+ *
+ * Runs `cdk bootstrap` via npx to prepare the account for CDK deployments.
+ * Bootstrap creates the necessary CloudFormation stack with S3 bucket and ECR
+ * repository for CDK deployment assets.
+ *
+ * @param options - Bootstrap options including account ID, region, and credentials
+ * @returns Promise resolving to bootstrap result with success status and output
+ *
+ * @example
+ * ```typescript
+ * const result = await bootstrapCDKEnvironment({
+ *   accountId: '123456789012',
+ *   region: 'us-west-2',
+ *   credentials: { accessKeyId: 'AKIA...', secretAccessKey: 'secret...', sessionToken: 'token...' }
+ * });
+ * if (!result.success) {
+ *   console.error('Bootstrap failed:', result.output);
+ * }
+ * ```
+ */
+export declare function bootstrapCDKEnvironment(options: BootstrapCDKEnvironmentOptions): Promise<BootstrapResult>;
+/**
+ * Bootstraps AWS CDK in all environment accounts (dev, stage, prod)
+ *
+ * Iterates through all environments, assumes the OrganizationAccountAccessRole
+ * in each account, and runs CDK bootstrap. This prepares all environments for
+ * CDK deployments with proper trust relationships and execution policies.
+ *
+ * @param options - Bootstrap options including account map, region, admin credentials, and spinner
+ * @throws Error if bootstrap fails in any environment
+ *
+ * @example
+ * ```typescript
+ * await bootstrapAllEnvironments({
+ *   accounts: { dev: '111111111111', stage: '222222222222', prod: '333333333333' },
+ *   region: 'us-west-2',
+ *   adminCredentials: { accessKeyId: 'AKIA...', secretAccessKey: 'secret...' },
+ *   spinner: ora()
+ * });
+ * ```
+ */
+export declare function bootstrapAllEnvironments(options: BootstrapAllEnvironmentsOptions): Promise<void>;