envilder 0.8.0 → 0.9.1

package/README.md

@@ -1,7 +1,7 @@
 # 🗝️ Envilder ☁️
 
 <p align="center">
-  <img src="https://github.com/user-attachments/assets/31ca58a9-1f6e-4dce-9ba6-c56f26856efa" alt="Envilder">
+  <img src="https://github.com/user-attachments/assets/8a7188ef-9d8d-45fb-8c37-3af718fb5103" alt="Envilder">
 </p>
 
 <p align="center">
@@ -246,6 +246,7 @@ Envilder is designed for automation, onboarding, and secure cloud-native workflo
 
 ### 📚 Quick Links
 
+- [📖 Full Documentation](https://envilder.com) — Visit envilder.com for the complete guide
 - [Requirements & Installation](docs/requirements-installation.md)
 - [Push Command Guide](docs/push-command.md)
 - [Pull Command Guide](docs/pull-command.md)

package/ROADMAP.md

@@ -1,8 +1,13 @@
 # 🛣️ Envilder Roadmap
 
-Envilder aims to be the simplest, most reliable way to generate `.env` files from cloud secret stores
-(AWS SSM Parameter Store, Azure Key Vault) — for both local development and CI/CD pipelines.
+Envilder is evolving from a CLI tool into a **multi-runtime secret management platform**.
+The goal: one declarative map-file format becomes the universal standard for resolving
+environment variables from cloud secret stores (AWS SSM Parameter Store, AWS Secrets Manager,
+Azure Key Vault, GCP Secret Manager) — whether in local development, CI/CD pipelines,
+or directly inside application code at runtime.
 
+> **Vision:** One map-file. Every cloud. Every language. Every runtime.
+>
 > **Note:** This roadmap contains ideas and potential features based on initial vision and community feedback.
 > Not all features are guaranteed to be implemented. Priorities may change based on user needs, feedback,
 > and real-world usage patterns. Your input matters—feel free to share your thoughts and suggestions!
@@ -13,27 +18,81 @@ Envilder aims to be the simplest, most reliable way to generate `.env` files fro
 
 <!-- markdownlint-disable MD013 -->
 
-| Feature | Status | Priority | Notes |
-|---------|--------|----------|-------|
-| **Mapping-based resolution** | ✅ Implemented | - | Core functionality |
-| **`.env` file generation** | ✅ Implemented | - | Core functionality |
-| **AWS profile support** | ✅ Implemented | - | `--profile` flag |
-| **Push mode** (`--push`) | ✅ Implemented | - | [Guide](./docs/push-command.md) |
-| **GitHub Action** | ✅ Implemented | - | [Documentation](./github-action/README.md) |
-| **Onboarding documentation** | ✅ Implemented | - | [Setup guide](./docs/requirements-installation.md) |
-| **Plugin system / Multi-backend** | ✅ Implemented | - | Azure Key Vault support with `$config` map-file section ([#90](https://github.com/macalbert/envilder/pull/90)) |
-| **Exec mode** (`--exec`) | ❌ Planned | High | Inject secrets into child process env without writing to disk (`envilder exec -- node server.js`) |
-| **Check/sync mode** (`--check`) | ❌ Planned | High | Validate SSM vs `.env`, fail CI if out-of-sync |
-| **Documentation website** | ❌ Planned | Medium | Dedicated docs site with guides, examples, and API reference |
-| **Auto-discovery mode** (`--auto`) | ❌ Planned | Medium | Fetch all parameters with a given prefix |
-| **Exec with refresh** (`--refresh-interval`) | ❌ Future | Low | Kill & restart child process periodically with fresh secrets (requires `--exec`) |
-| **Webhook/Slack notifications** | ❌ Planned | Low | Notify on secret sync for audit/logging |
-| **Hierarchical mapping** | ❌ Future | Low | Per-environment `param-map.json` |
+### ✅ Shipped
+
+| Feature | Notes |
+|---------|-------|
+| **Mapping-based resolution** | Core functionality |
+| **`.env` file generation** | Core functionality |
+| **AWS SSM Parameter Store** | Default provider |
+| **AWS profile support** | `--profile` flag |
+| **Push mode** (`--push`) | [Guide](./docs/push-command.md) |
+| **GitHub Action** | [Documentation](./github-action/README.md) |
+| **Azure Key Vault** | Multi-backend via `$config` map-file section ([#90](https://github.com/macalbert/envilder/pull/90)) |
+| **Documentation website** | [envilder.com](https://envilder.com) |
+| **Onboarding documentation** | [Setup guide](./docs/requirements-installation.md) |
+
+### 🔥 Up Next
+
+| Feature | Priority | Notes |
+|---------|----------|-------|
+| **Exec mode** (`--exec`) | 🔴 High | Inject secrets into a child process env without writing to disk (`envilder exec -- node server.js`) |
+| **TypeScript SDK** (`@envilder/sdk`) | 🔴 High | Native runtime library — load secrets directly into `process.env` from a map-file. No `.env` file needed. Published to npm |
+| **GCP Secret Manager** | 🔴 High | Third cloud provider — similar DX to AWS SSM. Completes the multi-cloud trident (AWS + Azure + GCP) |
+| **Map-file JSON Schema** | 🔴 High | Formal spec for the map-file format at `spec/` — serves as the contract between all SDKs and tools |
+| **AWS Secrets Manager** | 🟡 Medium | Support AWS Secrets Manager alongside SSM Parameter Store for teams using JSON-structured secrets |
+| **Python SDK** (`envilder`) | 🟡 Medium | Runtime library for Python — Django/FastAPI/data pipelines. Published to PyPI |
+| **Check/sync mode** (`--check`) | 🟡 Medium | Validate cloud secrets vs local `.env`, fail CI if out-of-sync |
+
+### 💡 Planned
+
+| Feature | Priority | Notes |
+|---------|----------|-------|
+| **Go SDK** (`envilder`) | Medium | Runtime library for Go — cloud-native apps, Kubernetes tooling. Published as Go module |
+| **.NET SDK** (`Envilder`) | Medium | Runtime library for .NET — enterprise apps, Azure-native shops. Published to NuGet |
+| **Java SDK** (`envilder`) | Medium | Runtime library for Java/Kotlin — Spring Boot, Android backends. Published to Maven Central |
+| **SDK conformance tests** | Medium | Language-agnostic test fixtures (JSON input → expected output) that all SDKs must pass |
+| **Auto-discovery mode** (`--auto`) | Medium | Fetch all parameters matching a given prefix (e.g., `/my-app/prod/*`) |
+| **Exec with refresh** (`--refresh-interval`) | Low | Kill & restart child process periodically with fresh secrets (requires `--exec`) |
+| **Hierarchical mapping** | Low | Per-environment `param-map.json` with inheritance/overrides |
 
 <!-- markdownlint-enable MD013 -->
 
 ---
 
+## 🏗️ Platform Architecture
+
+All tools and SDKs live in a single monorepo and share the same map-file format:
+
+```txt
+param-map.json (universal contract)
+     │
+     ├── envilder CLI            → generates .env files
+     ├── envilder GitHub Action  → CI/CD secret injection
+     ├── @envilder/sdk (npm)     → Node.js / TypeScript runtime
+     ├── envilder (PyPI)         → Python runtime
+     ├── Envilder (NuGet)        → .NET runtime
+     ├── envilder (Go module)    → Go runtime
+     └── envilder (Maven)        → Java / Kotlin runtime
+```
+
+### SDK Rollout Phases
+
+| Phase | Scope | Rationale |
+|-------|-------|-----------|
+| **Phase 1** | TypeScript SDK | Core already exists in TypeScript — refactor + package |
+| **Phase 2** | Python SDK | Massive adoption in data engineering, ML, and scripting where secrets are critical |
+| **Phase 3** | Go, .NET, Java SDKs | Enterprise reach and cloud-native coverage, prioritized by community demand |
+
+### Monorepo Principles
+
+- **One map-file spec** — formal JSON Schema at `spec/` is the source of truth for all SDKs
+- **Conformance tests** — language-agnostic fixtures that every SDK must pass
+- **Independent versioning** — each SDK has its own semver (`sdk-ts@1.2.0`, `sdk-py@0.3.0`)
+- **Shared test infrastructure** — LocalStack (AWS) and Lowkey Vault (Azure) via Docker Compose serve all SDKs
+
+---
+
 ## 🙌 Contribute or Suggest Ideas
 
 If you've faced similar problems or want to help improve this tool, feel free to:

package/docs/CHANGELOG.md

@@ -1,6 +1,3 @@
-<!-- markdownlint-disable MD024 -->
-# Changelog
-
 ## [0.8.0] - 2026-03-22
 
 ### Added
@@ -163,13 +160,6 @@ prints a warning. It will be removed in a future release.
 
 ---
 
-## Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
 ## [0.6.6] - 2025-11-02
 
 ### Changed
@@ -393,95 +383,3 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [0.1.4] - 2024-10-01
 
 Initial public release of Envilder.
-
----
-
-## How to Update This Changelog
-
-This changelog follows [Conventional Commits](https://www.conventionalcommits.org/) specification.
-
-### Commit Message Format
-
-```txt
-<type>[optional scope]: <description>
-
-[optional body]
-
-[optional footer(s)]
-```
-
-### Types
-
-* `feat`: A new feature (triggers MINOR version bump)
-* `fix`: A bug fix (triggers PATCH version bump)
-* `docs`: Documentation-only changes
-* `style`: Changes that don't affect code meaning (formatting, etc.)
-* `refactor`: Code change that neither fixes a bug nor adds a feature
-* `perf`: Performance improvements
-* `test`: Adding or correcting tests
-* `chore`: Changes to build process or auxiliary tools
-* `ci`: Changes to CI configuration files and scripts
-
-### Breaking Changes
-
-Add `BREAKING CHANGE:` in the footer or append `!` after type/scope:
-
-```txt
-feat!: remove AWS profile auto-detection
-
-BREAKING CHANGE: Users must now explicitly specify --profile flag
-```
-
-This triggers a MAJOR version bump.
-
-### Examples
-
-```bash
-# Feature addition (0.7.0 -> 0.8.0)
-git commit -m "feat(gha): add GitHub Action support"
-
-# Bug fix (0.7.0 -> 0.7.1)
-git commit -m "fix(cli): handle empty environment files"
-
-# Breaking change (0.7.0 -> 1.0.0)
-git commit -m "feat!: redesign CLI interface"
-```
-
----
-
-## Maintenance
-
-This project follows [Conventional Commits](https://www.conventionalcommits.org/) for commit messages.
-
-**To update this changelog**:
-
-1. Edit this file following the format above
-2. Add entries under `[Unreleased]` section
-3. Run `pnpm version [patch|minor|major]` to create a new release
-4. Move `[Unreleased]` entries to the new version section
-
-**Alternative**: Use [GitHub Releases](https://github.com/macalbert/envilder/releases) to auto-generate release notes
-from commit messages.
-
-[0.7.6]: https://github.com/macalbert/envilder/compare/v0.7.5...v0.7.6
-[0.7.5]: https://github.com/macalbert/envilder/compare/v0.7.4...v0.7.5
-[0.7.4]: https://github.com/macalbert/envilder/compare/v0.7.3...v0.7.4
-[0.7.3]: https://github.com/macalbert/envilder/compare/v0.7.2...v0.7.3
-[0.7.2]: https://github.com/macalbert/envilder/compare/v0.7.1...v0.7.2
-[0.7.1]: https://github.com/macalbert/envilder/compare/v0.6.6...v0.7.1
-[0.6.6]: https://github.com/macalbert/envilder/compare/v0.6.5...v0.6.6
-[0.6.5]: https://github.com/macalbert/envilder/compare/v0.6.4...v0.6.5
-[0.6.4]: https://github.com/macalbert/envilder/compare/v0.6.3...v0.6.4
-[0.6.3]: https://github.com/macalbert/envilder/compare/v0.6.1...v0.6.3
-[0.6.1]: https://github.com/macalbert/envilder/compare/v0.5.6...v0.6.1
-[0.5.6]: https://github.com/macalbert/envilder/compare/v0.5.5...v0.5.6
-[0.5.5]: https://github.com/macalbert/envilder/compare/v0.5.4...v0.5.5
-[0.5.4]: https://github.com/macalbert/envilder/compare/v0.5.3...v0.5.4
-[0.5.3]: https://github.com/macalbert/envilder/compare/v0.5.2...v0.5.3
-[0.5.2]: https://github.com/macalbert/envilder/compare/v0.5.1...v0.5.2
-[0.5.1]: https://github.com/macalbert/envilder/compare/v0.3.0...v0.5.1
-[0.3.0]: https://github.com/macalbert/envilder/compare/v0.2.3...v0.3.0
-[0.2.3]: https://github.com/macalbert/envilder/compare/v0.2.1...v0.2.3
-[0.2.1]: https://github.com/macalbert/envilder/compare/v0.1.4...v0.2.1
-[0.1.4]: https://github.com/macalbert/envilder/releases/tag/v0.1.4
-<!-- markdownlint-enable MD024 -->

package/lib/iac/bin/main.d.ts

@@ -0,0 +1,28 @@
+#!/usr/bin/env node
+import type { Stack } from "aws-cdk-lib";
+import { AppEnvironment } from "../lib/core/types";
+interface StaticWebsiteConfig {
+    name: string;
+    projectPath: string;
+    subdomain?: string;
+}
+interface DeploymentConfig {
+    repoName: string;
+    branch: string;
+    environment: AppEnvironment;
+    domain: {
+        name: string;
+        certificateId: string;
+        hostedZoneId: string;
+    };
+    stacks: {
+        frontend: {
+            staticWebsites: readonly StaticWebsiteConfig[];
+        };
+    };
+    rootPath?: string;
+}
+export declare function validateConfig(config: DeploymentConfig): void;
+export declare function deploy(configOverride?: DeploymentConfig): Stack[];
+export {};
+//# sourceMappingURL=main.d.ts.map

package/lib/iac/bin/main.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"main.d.ts","sourceRoot":"","sources":["../../../src/iac/bin/main.ts"],"names":[],"mappings":";AAEA,OAAO,KAAK,EAAe,KAAK,EAAE,MAAM,aAAa,CAAC;AAKtD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAOnD,UAAU,mBAAmB;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,UAAU,gBAAgB;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,cAAc,CAAC;IAC5B,MAAM,EAAE;QACP,IAAI,EAAE,MAAM,CAAC;QACb,aAAa,EAAE,MAAM,CAAC;QACtB,YAAY,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,MAAM,EAAE;QACP,QAAQ,EAAE;YACT,cAAc,EAAE,SAAS,mBAAmB,EAAE,CAAC;SAC/C,CAAC;KACF,CAAC;IACF,QAAQ,CAAC,EAAE,MAAM,CAAC;CAClB;AAmFD,wBAAgB,cAAc,CAAC,MAAM,EAAE,gBAAgB,GAAG,IAAI,CA8D7D;AAMD,wBAAgB,MAAM,CAAC,cAAc,CAAC,EAAE,gBAAgB,GAAG,KAAK,EAAE,CA+EjE"}

package/lib/iac/bin/main.js

@@ -0,0 +1,201 @@
+#!/usr/bin/env node
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateConfig = validateConfig;
+exports.deploy = deploy;
+const node_path_1 = __importDefault(require("node:path"));
+/**
+ * CDK Infrastructure Deployment Entry Point
+ */
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+const types_1 = require("../lib/core/types");
+const staticWebsiteStack_1 = require("../lib/stacks/staticWebsiteStack");
+// ============================================================================
+// Configuration
+// ============================================================================
+const config = {
+    repoName: "envilder",
+    branch: "main",
+    environment: types_1.AppEnvironment.Production,
+    domain: {
+        name: "envilder.com",
+        certificateId: "e04983fe-1561-4ebe-9166-83f77789964a",
+        hostedZoneId: "Z0718467FEEOZ35UNCTO",
+    },
+    stacks: {
+        frontend: {
+            staticWebsites: [
+                {
+                    name: "Website",
+                    projectPath: "envilder/src/apps/website/dist",
+                },
+            ],
+        },
+    },
+};
+// ============================================================================
+// Utils
+// ============================================================================
+function getRootPath(rootPath) {
+    return rootPath !== null && rootPath !== void 0 ? rootPath : node_path_1.default.join(process.cwd(), "../../../");
+}
+function resolveFullPath(rootPath, relativePath) {
+    return node_path_1.default.join(rootPath, relativePath);
+}
+function logInfo(message) {
+    process.stderr.write(`${message}\x1b[E\n`);
+}
+function logError(error) {
+    process.stderr.write(`\x1b[31m❌ Error: ${error.message}\x1b[0m\x1b[E\n`);
+    if (error.stack) {
+        process.stderr.write(`${error.stack}\x1b[E\n`);
+    }
+}
+function logTable(entries) {
+    const MAX_VALUE_WIDTH = 40;
+    const truncate = (s) => s.length > MAX_VALUE_WIDTH ? `…${s.slice(-(MAX_VALUE_WIDTH - 1))}` : s;
+    const rows = entries.map(({ label, value }) => ({
+        label,
+        value: truncate(value),
+    }));
+    const maxLabel = Math.max(...rows.map((e) => e.label.length));
+    const maxValue = Math.max(...rows.map((e) => e.value.length));
+    const header = " 📁 Deployment Info ";
+    const innerWidth = maxLabel + maxValue + 4;
+    const padding = Math.max(0, innerWidth - header.length);
+    const nl = "\x1b[E\n";
+    process.stderr.write(nl);
+    process.stderr.write(`╭─${header}${"─".repeat(padding)}╮${nl}`);
+    for (const { label, value } of rows) {
+        process.stderr.write(`│ ${label.padEnd(maxLabel)} │ ${value.padEnd(maxValue)} │${nl}`);
+    }
+    process.stderr.write(`╰${"─".repeat(maxLabel + 2)}┴${"─".repeat(maxValue + 2)}╯${nl}`);
+    process.stderr.write(nl);
+}
+function validateConfig(config) {
+    const errors = [];
+    if (!config.repoName || config.repoName.trim() === "") {
+        errors.push("repoName is required and cannot be empty");
+    }
+    if (!config.branch || config.branch.trim() === "") {
+        errors.push("branch is required and cannot be empty");
+    }
+    if (config.environment === undefined || config.environment === null) {
+        errors.push("environment is required and cannot be empty");
+    }
+    if (!config.domain) {
+        errors.push("domain configuration is required");
+    }
+    else {
+        if (!config.domain.name || config.domain.name.trim() === "") {
+            errors.push("domain.name is required and cannot be empty");
+        }
+        if (!config.domain.certificateId ||
+            config.domain.certificateId.trim() === "") {
+            errors.push("domain.certificateId is required and cannot be empty");
+        }
+        if (!config.domain.hostedZoneId ||
+            config.domain.hostedZoneId.trim() === "") {
+            errors.push("domain.hostedZoneId is required and cannot be empty");
+        }
+    }
+    if (!config.stacks) {
+        errors.push("stacks configuration is required");
+    }
+    else {
+        if (!config.stacks.frontend) {
+            errors.push("stacks.frontend is required");
+        }
+        else {
+            const { staticWebsites } = config.stacks.frontend;
+            if (staticWebsites) {
+                for (const [index, website] of staticWebsites.entries()) {
+                    if (!website.name || website.name.trim() === "") {
+                        errors.push(`frontend.staticWebsites[${index}].name is required`);
+                    }
+                    if (!website.projectPath || website.projectPath.trim() === "") {
+                        errors.push(`frontend.staticWebsites[${index}].projectPath is required`);
+                    }
+                }
+            }
+        }
+    }
+    if (errors.length > 0) {
+        throw new Error(`Configuration validation failed with ${errors.length} error(s):\n${errors.join("\n")}`);
+    }
+}
+// ============================================================================
+// Deployment
+// ============================================================================
+function deploy(configOverride) {
+    const effectiveConfig = configOverride !== null && configOverride !== void 0 ? configOverride : config;
+    const rootPath = getRootPath(effectiveConfig.rootPath);
+    try {
+        validateConfig(effectiveConfig);
+        // Log deployment info
+        const entries = [
+            { label: "Repository", value: effectiveConfig.repoName },
+            { label: "Branch", value: effectiveConfig.branch },
+            { label: "Environment", value: String(effectiveConfig.environment) },
+        ];
+        if (process.env.CDK_DEFAULT_REGION) {
+            entries.push({ label: "Region", value: process.env.CDK_DEFAULT_REGION });
+        }
+        if (process.env.CDK_DEFAULT_ACCOUNT) {
+            entries.push({
+                label: "Account",
+                value: `***${process.env.CDK_DEFAULT_ACCOUNT.slice(-4)}`,
+            });
+        }
+        entries.push({ label: "Root Path", value: rootPath });
+        for (const ws of effectiveConfig.stacks.frontend.staticWebsites) {
+            entries.push({
+                label: ws.name,
+                value: resolveFullPath(rootPath, ws.projectPath),
+            });
+        }
+        logTable(entries);
+        logInfo("🎯 Requested stacks:");
+        const app = new aws_cdk_lib_1.App();
+        const envFromCli = {
+            account: process.env.CDK_DEFAULT_ACCOUNT,
+            region: process.env.CDK_DEFAULT_REGION,
+        };
+        const stacks = [];
+        for (const websiteConfig of effectiveConfig.stacks.frontend
+            .staticWebsites) {
+            const distFolderPath = resolveFullPath(rootPath, websiteConfig.projectPath);
+            const stack = new staticWebsiteStack_1.StaticWebsiteStack(app, {
+                env: envFromCli,
+                name: websiteConfig.name,
+                domains: [
+                    {
+                        subdomain: websiteConfig.subdomain,
+                        domainName: effectiveConfig.domain.name,
+                        certificateId: effectiveConfig.domain.certificateId,
+                        hostedZoneId: effectiveConfig.domain.hostedZoneId,
+                    },
+                ],
+                distFolderPath,
+                envName: effectiveConfig.environment,
+                githubRepo: effectiveConfig.repoName,
+                stackName: `${effectiveConfig.repoName}-${websiteConfig.name}`,
+            });
+            stacks.push(stack);
+        }
+        return stacks;
+    }
+    catch (error) {
+        if (error instanceof Error) {
+            logError(error);
+        }
+        throw error;
+    }
+}
+if (!process.env.VITEST) {
+    deploy();
+}
+//# sourceMappingURL=main.js.map

package/lib/iac/bin/main.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"main.js","sourceRoot":"","sources":["../../../src/iac/bin/main.ts"],"names":[],"mappings":";;;;;;AAsHA,wCA8DC;AAMD,wBA+EC;AAxQD,0DAA6B;AAE7B;;GAEG;AACH,6CAAkC;AAClC,6CAAmD;AACnD,yEAAsE;AA6BtE,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E,MAAM,MAAM,GAAqB;IAChC,QAAQ,EAAE,UAAU;IACpB,MAAM,EAAE,MAAM;IACd,WAAW,EAAE,sBAAc,CAAC,UAAU;IACtC,MAAM,EAAE;QACP,IAAI,EAAE,cAAc;QACpB,aAAa,EAAE,sCAAsC;QACrD,YAAY,EAAE,sBAAsB;KACpC;IACD,MAAM,EAAE;QACP,QAAQ,EAAE;YACT,cAAc,EAAE;gBACf;oBACC,IAAI,EAAE,SAAS;oBACf,WAAW,EAAE,gCAAgC;iBAC7C;aACD;SACD;KACD;CACD,CAAC;AAEF,+EAA+E;AAC/E,QAAQ;AACR,+EAA+E;AAE/E,SAAS,WAAW,CAAC,QAAiB;IACrC,OAAO,QAAQ,aAAR,QAAQ,cAAR,QAAQ,GAAI,mBAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,WAAW,CAAC,CAAC;AAC1D,CAAC;AAED,SAAS,eAAe,CAAC,QAAgB,EAAE,YAAoB;IAC9D,OAAO,mBAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;AAC1C,CAAC;AAED,SAAS,OAAO,CAAC,OAAe;IAC/B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,OAAO,UAAU,CAAC,CAAC;AAC5C,CAAC;AAED,SAAS,QAAQ,CAAC,KAAY;IAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;IACzE,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QACjB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,KAAK,UAAU,CAAC,CAAC;IAChD,CAAC;AACF,CAAC;AAED,SAAS,QAAQ,CAChB,OAAwD;IAExD,MAAM,eAAe,GAAG,EAAE,CAAC;IAC3B,MAAM,QAAQ,GAAG,CAAC,CAAS,EAAE,EAAE,CAC9B,CAAC,CAAC,MAAM,GAAG,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,eAAe,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAExE,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;QAC/C,KAAK;QACL,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC;KACtB,CAAC,CAAC,CAAC;IAEJ,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;IAC9D,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;IAC9D,MAAM,MAAM,GAAG,sBAAsB,CAAC;IACtC,MAAM,UAAU,GAAG,QAAQ,GAAG,QAAQ,GAAG,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;IAExD,MAAM,EAAE,GAAG,UAAU,CAAC;IAEtB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAChE,KAAK,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,IAAI,EAAE,CAAC;QACrC,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,KAAK,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,CAChE,CAAC;IACH,CAAC;IACD,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAChE,CAAC;IACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;AAC1B,CAAC;AAED,SAAgB,cAAc,CAAC,MAAwB;IACtD,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACvD,MAAM,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACnD,MAAM,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;IACvD,CAAC;IAED,IAAI,MAAM,CAAC,WAAW,KAAK,SAAS,IAAI,MAAM,CAAC,WAAW,KAAK,IAAI,EAAE,CAAC;QACrE,MAAM,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;IAC5D,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QACpB,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;IACjD,CAAC;SAAM,CAAC;QACP,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAC7D,MAAM,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;QAC5D,CAAC;QACD,IACC,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa;YAC5B,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,EAAE,EACxC,CAAC;YACF,MAAM,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;QACrE,CAAC;QACD,IACC,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY;YAC3B,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,EAAE,EACvC,CAAC;YACF,MAAM,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;QACpE,CAAC;IACF,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QACpB,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;IACjD,CAAC;SAAM,CAAC;QACP,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QAC5C,CAAC;aAAM,CAAC;YACP,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC;YAClD,IAAI,cAAc,EAAE,CAAC;gBACpB,KAAK,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC,IAAI,cAAc,CAAC,OAAO,EAAE,EAAE,CAAC;oBACzD,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;wBACjD,MAAM,CAAC,IAAI,CAAC,2BAA2B,KAAK,oBAAoB,CAAC,CAAC;oBACnE,CAAC;oBACD,IAAI,CAAC,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;wBAC/D,MAAM,CAAC,IAAI,CACV,2BAA2B,KAAK,2BAA2B,CAC3D,CAAC;oBACH,CAAC;gBACF,CAAC;YACF,CAAC;QACF,CAAC;IACF,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CACd,wCAAwC,MAAM,CAAC,MAAM,eAAe,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACvF,CAAC;IACH,CAAC;AACF,CAAC;AAED,+EAA+E;AAC/E,aAAa;AACb,+EAA+E;AAE/E,SAAgB,MAAM,CAAC,cAAiC;IACvD,MAAM,eAAe,GAAG,cAAc,aAAd,cAAc,cAAd,cAAc,GAAI,MAAM,CAAC;IACjD,MAAM,QAAQ,GAAG,WAAW,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;IAEvD,IAAI,CAAC;QACJ,cAAc,CAAC,eAAe,CAAC,CAAC;QAEhC,sBAAsB;QACtB,MAAM,OAAO,GAA4C;YACxD,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,CAAC,QAAQ,EAAE;YACxD,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,CAAC,MAAM,EAAE;YAClD,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK,EAAE,MAAM,CAAC,eAAe,CAAC,WAAW,CAAC,EAAE;SACpE,CAAC;QAEF,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC;YACpC,OAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,CAAC;QAC1E,CAAC;QACD,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,CAAC;YACrC,OAAO,CAAC,IAAI,CAAC;gBACZ,KAAK,EAAE,SAAS;gBAChB,KAAK,EAAE,MAAM,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;aACxD,CAAC,CAAC;QACJ,CAAC;QAED,OAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QAEtD,KAAK,MAAM,EAAE,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;YACjE,OAAO,CAAC,IAAI,CAAC;gBACZ,KAAK,EAAE,EAAE,CAAC,IAAI;gBACd,KAAK,EAAE,eAAe,CAAC,QAAQ,EAAE,EAAE,CAAC,WAAW,CAAC;aAChD,CAAC,CAAC;QACJ,CAAC;QAED,QAAQ,CAAC,OAAO,CAAC,CAAC;QAElB,OAAO,CAAC,sBAAsB,CAAC,CAAC;QAEhC,MAAM,GAAG,GAAG,IAAI,iBAAG,EAAE,CAAC;QACtB,MAAM,UAAU,GAAgB;YAC/B,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB;YACxC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB;SACtC,CAAC;QAEF,MAAM,MAAM,GAAY,EAAE,CAAC;QAE3B,KAAK,MAAM,aAAa,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ;aACzD,cAAc,EAAE,CAAC;YAClB,MAAM,cAAc,GAAG,eAAe,CACrC,QAAQ,EACR,aAAa,CAAC,WAAW,CACzB,CAAC;YAEF,MAAM,KAAK,GAAG,IAAI,uCAAkB,CAAC,GAAG,EAAE;gBACzC,GAAG,EAAE,UAAU;gBACf,IAAI,EAAE,aAAa,CAAC,IAAI;gBACxB,OAAO,EAAE;oBACR;wBACC,SAAS,EAAE,aAAa,CAAC,SAAS;wBAClC,UAAU,EAAE,eAAe,CAAC,MAAM,CAAC,IAAI;wBACvC,aAAa,EAAE,eAAe,CAAC,MAAM,CAAC,aAAa;wBACnD,YAAY,EAAE,eAAe,CAAC,MAAM,CAAC,YAAY;qBACjD;iBACD;gBACD,cAAc;gBACd,OAAO,EAAE,eAAe,CAAC,WAAW;gBACpC,UAAU,EAAE,eAAe,CAAC,QAAQ;gBACpC,SAAS,EAAE,GAAG,eAAe,CAAC,QAAQ,IAAI,aAAa,CAAC,IAAI,EAAE;aAC9D,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC;QAED,OAAO,MAAM,CAAC;IACf,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QAChB,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;YAC5B,QAAQ,CAAC,KAAK,CAAC,CAAC;QACjB,CAAC;QACD,MAAM,KAAK,CAAC;IACb,CAAC;AACF,CAAC;AAED,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;IACzB,MAAM,EAAE,CAAC;AACV,CAAC"}

package/lib/iac/lib/core/types.d.ts

@@ -0,0 +1,5 @@
+export declare enum AppEnvironment {
+    Production = "Production",
+    Development = "Development"
+}
+//# sourceMappingURL=types.d.ts.map

package/lib/iac/lib/core/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/iac/lib/core/types.ts"],"names":[],"mappings":"AAAA,oBAAY,cAAc;IACzB,UAAU,eAAe;IACzB,WAAW,gBAAgB;CAC3B"}

package/lib/iac/lib/core/types.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AppEnvironment = void 0;
+var AppEnvironment;
+(function (AppEnvironment) {
+    AppEnvironment["Production"] = "Production";
+    AppEnvironment["Development"] = "Development";
+})(AppEnvironment || (exports.AppEnvironment = AppEnvironment = {}));
+//# sourceMappingURL=types.js.map

package/lib/iac/lib/core/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/iac/lib/core/types.ts"],"names":[],"mappings":";;;AAAA,IAAY,cAGX;AAHD,WAAY,cAAc;IACzB,2CAAyB,CAAA;IACzB,6CAA2B,CAAA;AAC5B,CAAC,EAHW,cAAc,8BAAd,cAAc,QAGzB"}

package/lib/iac/lib/stacks/customStack.d.ts

@@ -0,0 +1,23 @@
+import { Stack, type StackProps } from "aws-cdk-lib";
+import type { Construct } from "constructs";
+import type { AppEnvironment } from "../core/types";
+export interface DomainConfig {
+    subdomain?: string;
+    domainName: string;
+    hostedZoneId: string;
+    certificateId: string;
+}
+export interface CustomStackProps extends StackProps {
+    githubRepo: string;
+    envName: AppEnvironment;
+    name: string;
+    stackName: string;
+}
+export declare class CustomStack extends Stack {
+    props: CustomStackProps;
+    constructor(scope: Construct, props: CustomStackProps);
+    getStackId(): string;
+    private addProjectTags;
+    getCloudFormationRepoName(): string;
+}
+//# sourceMappingURL=customStack.d.ts.map

package/lib/iac/lib/stacks/customStack.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"customStack.d.ts","sourceRoot":"","sources":["../../../../src/iac/lib/stacks/customStack.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,KAAK,UAAU,EAAQ,MAAM,aAAa,CAAC;AAC3D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAGpD,MAAM,WAAW,YAAY;IAC5B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,gBAAiB,SAAQ,UAAU;IACnD,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,cAAc,CAAC;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,WAAY,SAAQ,KAAK;IACrC,KAAK,EAAE,gBAAgB,CAAC;gBAEZ,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,gBAAgB;IAQrD,UAAU,IAAI,MAAM;IAIpB,OAAO,CAAC,cAAc;IAcf,yBAAyB,IAAI,MAAM;CAG1C"}

package/lib/iac/lib/stacks/customStack.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CustomStack = void 0;
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+const utils_1 = require("./utils");
+class CustomStack extends aws_cdk_lib_1.Stack {
+    constructor(scope, props) {
+        super(scope, getStackName(props), props);
+        this.props = props;
+        this.addProjectTags();
+    }
+    getStackId() {
+        return getStackName(this.props);
+    }
+    addProjectTags() {
+        aws_cdk_lib_1.Tags.of(this).add("StackId", getStackName(this.props), {
+            priority: 300,
+        });
+        aws_cdk_lib_1.Tags.of(this).add("Environment", this.props.envName.valueOf(), {
+            priority: 300,
+        });
+        aws_cdk_lib_1.Tags.of(this).add("Project", this.props.githubRepo, {
+            priority: 300,
+        });
+    }
+    getCloudFormationRepoName() {
+        return (0, utils_1.formatRepoNameForCloudFormation)(this.props.githubRepo);
+    }
+}
+exports.CustomStack = CustomStack;
+function getStackName(props) {
+    return `macalbert-${(0, utils_1.formatRepoNameForCloudFormation)(props.githubRepo)}-${props.name}-${props.envName}-stack`.toLowerCase();
+}
+//# sourceMappingURL=customStack.js.map

package/lib/iac/lib/stacks/customStack.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"customStack.js","sourceRoot":"","sources":["../../../../src/iac/lib/stacks/customStack.ts"],"names":[],"mappings":";;;AAAA,6CAA2D;AAG3D,mCAA0D;AAgB1D,MAAa,WAAY,SAAQ,mBAAK;IAGrC,YAAY,KAAgB,EAAE,KAAuB;QACpD,KAAK,CAAC,KAAK,EAAE,YAAY,CAAC,KAAK,CAAC,EAAE,KAAK,CAAC,CAAC;QAEzC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QAEnB,IAAI,CAAC,cAAc,EAAE,CAAC;IACvB,CAAC;IAED,UAAU;QACT,OAAO,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC;IAEO,cAAc;QACrB,kBAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,EAAE,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE;YACtD,QAAQ,EAAE,GAAG;SACb,CAAC,CAAC;QAEH,kBAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE;YAC9D,QAAQ,EAAE,GAAG;SACb,CAAC,CAAC;QAEH,kBAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE;YACnD,QAAQ,EAAE,GAAG;SACb,CAAC,CAAC;IACJ,CAAC;IAEM,yBAAyB;QAC/B,OAAO,IAAA,uCAA+B,EAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAC/D,CAAC;CACD;AAhCD,kCAgCC;AAED,SAAS,YAAY,CAAC,KAAuB;IAC5C,OAAO,aAAa,IAAA,uCAA+B,EAAC,KAAK,CAAC,UAAU,CAAC,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,OAAO,QAAQ,CAAC,WAAW,EAAE,CAAC;AAC5H,CAAC"}

package/lib/iac/lib/stacks/staticWebsiteStack.d.ts

@@ -0,0 +1,10 @@
+import type { Construct } from "constructs";
+import { CustomStack, type CustomStackProps, type DomainConfig } from "./customStack";
+export interface StaticWebsiteStackProps extends CustomStackProps {
+    domains: DomainConfig[];
+    distFolderPath: string;
+}
+export declare class StaticWebsiteStack extends CustomStack {
+    constructor(scope: Construct, props: StaticWebsiteStackProps);
+}
+//# sourceMappingURL=staticWebsiteStack.d.ts.map

package/lib/iac/lib/stacks/staticWebsiteStack.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"staticWebsiteStack.d.ts","sourceRoot":"","sources":["../../../../src/iac/lib/stacks/staticWebsiteStack.ts"],"names":[],"mappings":"AA0BA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EACN,WAAW,EACX,KAAK,gBAAgB,EACrB,KAAK,YAAY,EACjB,MAAM,eAAe,CAAC;AAEvB,MAAM,WAAW,uBAAwB,SAAQ,gBAAgB;IAChE,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,cAAc,EAAE,MAAM,CAAC;CACvB;AAED,qBAAa,kBAAmB,SAAQ,WAAW;gBACtC,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,uBAAuB;CAmM5D"}

package/lib/iac/lib/stacks/staticWebsiteStack.js

@@ -0,0 +1,163 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.StaticWebsiteStack = void 0;
+const node_path_1 = require("node:path");
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+const aws_certificatemanager_1 = require("aws-cdk-lib/aws-certificatemanager");
+const aws_cloudfront_1 = require("aws-cdk-lib/aws-cloudfront");
+const aws_cloudfront_origins_1 = require("aws-cdk-lib/aws-cloudfront-origins");
+const aws_route53_1 = require("aws-cdk-lib/aws-route53");
+const aws_route53_targets_1 = require("aws-cdk-lib/aws-route53-targets");
+const aws_s3_1 = require("aws-cdk-lib/aws-s3");
+const aws_s3_deployment_1 = require("aws-cdk-lib/aws-s3-deployment");
+const customStack_1 = require("./customStack");
+class StaticWebsiteStack extends customStack_1.CustomStack {
+    constructor(scope, props) {
+        var _a;
+        super(scope, props);
+        if (!props.domains || props.domains.length === 0) {
+            throw new Error("At least one domain configuration is required");
+        }
+        const primaryDomain = props.domains[0];
+        const primaryFullDomainName = primaryDomain.subdomain && primaryDomain.subdomain.length > 0
+            ? [primaryDomain.subdomain, primaryDomain.domainName]
+                .join(".")
+                .toLowerCase()
+            : primaryDomain.domainName.toLowerCase();
+        const allDomainNames = props.domains.map((domain) => domain.subdomain && domain.subdomain.length > 0
+            ? `${domain.subdomain}.${domain.domainName}`.toLowerCase()
+            : domain.domainName.toLowerCase());
+        const certificateMap = new Map();
+        for (const domain of props.domains) {
+            if (!certificateMap.has(domain.certificateId)) {
+                const certificateArn = `arn:aws:acm:us-east-1:${(_a = props.env) === null || _a === void 0 ? void 0 : _a.account}:certificate/${domain.certificateId}`;
+                certificateMap.set(domain.certificateId, aws_certificatemanager_1.Certificate.fromCertificateArn(this, `certificate-${domain.certificateId}`, certificateArn));
+            }
+        }
+        const primaryCertificate = certificateMap.get(primaryDomain.certificateId);
+        if (!primaryCertificate) {
+            throw new Error(`Certificate not found for ${primaryDomain.certificateId}`);
+        }
+        const loggingBucket = new aws_s3_1.Bucket(this, "logging-bucket", {
+            accessControl: aws_s3_1.BucketAccessControl.LOG_DELIVERY_WRITE,
+            publicReadAccess: false,
+            versioned: false,
+            removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
+            bucketName: `${primaryFullDomainName}-logs`,
+            autoDeleteObjects: true,
+            blockPublicAccess: aws_s3_1.BlockPublicAccess.BLOCK_ALL,
+            encryption: aws_s3_1.BucketEncryption.S3_MANAGED,
+            enforceSSL: true,
+            lifecycleRules: [
+                {
+                    id: "DeleteOldLogs",
+                    expiration: aws_cdk_lib_1.Duration.days(90),
+                    enabled: true,
+                },
+            ],
+        });
+        const bucketWebsite = new aws_s3_1.Bucket(this, "static-website-bucket", {
+            accessControl: aws_s3_1.BucketAccessControl.PRIVATE,
+            publicReadAccess: false,
+            versioned: false,
+            removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
+            bucketName: primaryFullDomainName,
+            autoDeleteObjects: true,
+            blockPublicAccess: aws_s3_1.BlockPublicAccess.BLOCK_ALL,
+            encryption: aws_s3_1.BucketEncryption.S3_MANAGED,
+            cors: [
+                {
+                    allowedMethods: [aws_s3_1.HttpMethods.GET, aws_s3_1.HttpMethods.HEAD],
+                    allowedOrigins: ["*"],
+                    allowedHeaders: ["*"],
+                },
+            ],
+            enforceSSL: true,
+            serverAccessLogsBucket: loggingBucket,
+            serverAccessLogsPrefix: "s3-access-logs/",
+        });
+        const originAccessIdentity = new aws_cloudfront_1.OriginAccessIdentity(this, "originAccessIdentity", {
+            comment: `Setup access from CloudFront to the bucket ${primaryFullDomainName} (read)`,
+        });
+        bucketWebsite.grantRead(originAccessIdentity);
+        const errorResponses = [];
+        const errorResponse403 = {
+            httpStatus: 403,
+            responseHttpStatus: 200,
+            responsePagePath: "/index.html",
+            ttl: aws_cdk_lib_1.Duration.seconds(10),
+        };
+        const errorResponse404 = {
+            httpStatus: 404,
+            responseHttpStatus: 200,
+            responsePagePath: "/index.html",
+            ttl: aws_cdk_lib_1.Duration.seconds(10),
+        };
+        errorResponses.push(errorResponse403, errorResponse404);
+        const distribution = new aws_cloudfront_1.Distribution(this, "distribution", {
+            domainNames: allDomainNames,
+            defaultBehavior: {
+                origin: aws_cloudfront_origins_1.S3BucketOrigin.withOriginAccessIdentity(bucketWebsite, {
+                    originAccessIdentity: originAccessIdentity,
+                }),
+                viewerProtocolPolicy: aws_cloudfront_1.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+                functionAssociations: [
+                    {
+                        eventType: aws_cloudfront_1.FunctionEventType.VIEWER_REQUEST,
+                        function: new aws_cloudfront_1.Function(this, `${primaryFullDomainName}-url-rewrite`.toLowerCase(), {
+                            code: aws_cloudfront_1.FunctionCode.fromFile({
+                                filePath: (0, node_path_1.join)(__dirname, "cloudfront-url-rewrite.js"),
+                            }),
+                        }),
+                    },
+                ],
+            },
+            defaultRootObject: "index.html",
+            certificate: primaryCertificate,
+            errorResponses: errorResponses,
+            enableLogging: true,
+            logBucket: loggingBucket,
+            logFilePrefix: "cloudfront-logs/",
+        });
+        new aws_s3_deployment_1.BucketDeployment(this, "deploy-static-website", {
+            sources: [aws_s3_deployment_1.Source.asset(props.distFolderPath)],
+            destinationBucket: bucketWebsite,
+            distribution,
+            distributionPaths: ["/*"],
+        });
+        const aliasRecords = [];
+        for (const [index, domainConfig] of props.domains.entries()) {
+            const fullDomainName = domainConfig.subdomain && domainConfig.subdomain.length > 0
+                ? `${domainConfig.subdomain}.${domainConfig.domainName}`.toLowerCase()
+                : domainConfig.domainName.toLowerCase();
+            const zoneLogicalId = index === 0
+                ? "publicHostedZone-0"
+                : `hostedZone-${fullDomainName.replace(/[.-]/g, "")}`;
+            const zoneFromAttributes = aws_route53_1.HostedZone.fromHostedZoneAttributes(this, zoneLogicalId, {
+                zoneName: domainConfig.domainName,
+                hostedZoneId: domainConfig.hostedZoneId,
+            });
+            const recordLogicalId = index === 0
+                ? "webDomainRecord-0"
+                : `webDomainRecord-${fullDomainName.replace(/[.-]/g, "")}`;
+            const aliasRecord = new aws_route53_1.ARecord(this, recordLogicalId, {
+                zone: zoneFromAttributes,
+                recordName: fullDomainName,
+                target: aws_route53_1.RecordTarget.fromAlias(new aws_route53_targets_1.CloudFrontTarget(distribution)),
+            });
+            aliasRecords.push(aliasRecord);
+        }
+        new aws_cdk_lib_1.CfnOutput(this, "CloudFrontDistributionDomainName", {
+            value: distribution.distributionDomainName,
+            description: "CloudFront distribution domain",
+            exportName: `${this.getCloudFormationRepoName()}-${props.envName}-CdnDomainName`,
+        });
+        new aws_cdk_lib_1.CfnOutput(this, "DnsRecordName", {
+            value: aliasRecords[0].domainName || allDomainNames[0],
+            description: "The DNS record name (primary)",
+            exportName: `${this.getCloudFormationRepoName()}-${props.envName}-AliasRecord`,
+        });
+    }
+}
+exports.StaticWebsiteStack = StaticWebsiteStack;
+//# sourceMappingURL=staticWebsiteStack.js.map

package/lib/iac/lib/stacks/staticWebsiteStack.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"staticWebsiteStack.js","sourceRoot":"","sources":["../../../../src/iac/lib/stacks/staticWebsiteStack.ts"],"names":[],"mappings":";;;AAAA,yCAAiC;AACjC,6CAAiE;AACjE,+EAG4C;AAC5C,+DAQoC;AACpC,+EAAoE;AACpE,yDAA4E;AAC5E,yEAAmE;AACnE,+CAM4B;AAC5B,qEAAyE;AAEzE,+CAIuB;AAOvB,MAAa,kBAAmB,SAAQ,yBAAW;IAClD,YAAY,KAAgB,EAAE,KAA8B;;QAC3D,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QAEpB,IAAI,CAAC,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QAClE,CAAC;QAED,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACvC,MAAM,qBAAqB,GAC1B,aAAa,CAAC,SAAS,IAAI,aAAa,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC;YAC5D,CAAC,CAAC,CAAC,aAAa,CAAC,SAAS,EAAE,aAAa,CAAC,UAAU,CAAC;iBAClD,IAAI,CAAC,GAAG,CAAC;iBACT,WAAW,EAAE;YAChB,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;QAE3C,MAAM,cAAc,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CACnD,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC;YAC9C,CAAC,CAAC,GAAG,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC,WAAW,EAAE;YAC1D,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,WAAW,EAAE,CAClC,CAAC;QAEF,MAAM,cAAc,GAAG,IAAI,GAAG,EAAwB,CAAC;QACvD,KAAK,MAAM,MAAM,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;YACpC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC;gBAC/C,MAAM,cAAc,GAAG,yBAAyB,MAAA,KAAK,CAAC,GAAG,0CAAE,OAAO,gBAAgB,MAAM,CAAC,aAAa,EAAE,CAAC;gBACzG,cAAc,CAAC,GAAG,CACjB,MAAM,CAAC,aAAa,EACpB,oCAAW,CAAC,kBAAkB,CAC7B,IAAI,EACJ,eAAe,MAAM,CAAC,aAAa,EAAE,EACrC,cAAc,CACd,CACD,CAAC;YACH,CAAC;QACF,CAAC;QAED,MAAM,kBAAkB,GAAG,cAAc,CAAC,GAAG,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;QAC3E,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACd,6BAA6B,aAAa,CAAC,aAAa,EAAE,CAC1D,CAAC;QACH,CAAC;QAED,MAAM,aAAa,GAAG,IAAI,eAAM,CAAC,IAAI,EAAE,gBAAgB,EAAE;YACxD,aAAa,EAAE,4BAAmB,CAAC,kBAAkB;YACrD,gBAAgB,EAAE,KAAK;YACvB,SAAS,EAAE,KAAK;YAChB,aAAa,EAAE,2BAAa,CAAC,OAAO;YACpC,UAAU,EAAE,GAAG,qBAAqB,OAAO;YAC3C,iBAAiB,EAAE,IAAI;YACvB,iBAAiB,EAAE,0BAAiB,CAAC,SAAS;YAC9C,UAAU,EAAE,yBAAgB,CAAC,UAAU;YACvC,UAAU,EAAE,IAAI;YAChB,cAAc,EAAE;gBACf;oBACC,EAAE,EAAE,eAAe;oBACnB,UAAU,EAAE,sBAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC7B,OAAO,EAAE,IAAI;iBACb;aACD;SACD,CAAC,CAAC;QAEH,MAAM,aAAa,GAAG,IAAI,eAAM,CAAC,IAAI,EAAE,uBAAuB,EAAE;YAC/D,aAAa,EAAE,4BAAmB,CAAC,OAAO;YAC1C,gBAAgB,EAAE,KAAK;YACvB,SAAS,EAAE,KAAK;YAChB,aAAa,EAAE,2BAAa,CAAC,OAAO;YACpC,UAAU,EAAE,qBAAqB;YACjC,iBAAiB,EAAE,IAAI;YACvB,iBAAiB,EAAE,0BAAiB,CAAC,SAAS;YAC9C,UAAU,EAAE,yBAAgB,CAAC,UAAU;YACvC,IAAI,EAAE;gBACL;oBACC,cAAc,EAAE,CAAC,oBAAW,CAAC,GAAG,EAAE,oBAAW,CAAC,IAAI,CAAC;oBACnD,cAAc,EAAE,CAAC,GAAG,CAAC;oBACrB,cAAc,EAAE,CAAC,GAAG,CAAC;iBACrB;aACD;YACD,UAAU,EAAE,IAAI;YAChB,sBAAsB,EAAE,aAAa;YACrC,sBAAsB,EAAE,iBAAiB;SACzC,CAAC,CAAC;QAEH,MAAM,oBAAoB,GAAG,IAAI,qCAAoB,CACpD,IAAI,EACJ,sBAAsB,EACtB;YACC,OAAO,EAAE,8CAA8C,qBAAqB,SAAS;SACrF,CACD,CAAC;QAEF,aAAa,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;QAE9C,MAAM,cAAc,GAAoB,EAAE,CAAC;QAE3C,MAAM,gBAAgB,GAAkB;YACvC,UAAU,EAAE,GAAG;YACf,kBAAkB,EAAE,GAAG;YACvB,gBAAgB,EAAE,aAAa;YAC/B,GAAG,EAAE,sBAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;SACzB,CAAC;QAEF,MAAM,gBAAgB,GAAkB;YACvC,UAAU,EAAE,GAAG;YACf,kBAAkB,EAAE,GAAG;YACvB,gBAAgB,EAAE,aAAa;YAC/B,GAAG,EAAE,sBAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;SACzB,CAAC;QAEF,cAAc,CAAC,IAAI,CAAC,gBAAgB,EAAE,gBAAgB,CAAC,CAAC;QAExD,MAAM,YAAY,GAAG,IAAI,6BAAY,CAAC,IAAI,EAAE,cAAc,EAAE;YAC3D,WAAW,EAAE,cAAc;YAC3B,eAAe,EAAE;gBAChB,MAAM,EAAE,uCAAc,CAAC,wBAAwB,CAAC,aAAa,EAAE;oBAC9D,oBAAoB,EAAE,oBAAoB;iBAC1C,CAAC;gBACF,oBAAoB,EAAE,qCAAoB,CAAC,iBAAiB;gBAC5D,oBAAoB,EAAE;oBACrB;wBACC,SAAS,EAAE,kCAAiB,CAAC,cAAc;wBAC3C,QAAQ,EAAE,IAAI,yBAAc,CAC3B,IAAI,EACJ,GAAG,qBAAqB,cAAc,CAAC,WAAW,EAAE,EACpD;4BACC,IAAI,EAAE,6BAAY,CAAC,QAAQ,CAAC;gCAC3B,QAAQ,EAAE,IAAA,gBAAI,EAAC,SAAS,EAAE,2BAA2B,CAAC;6BACtD,CAAC;yBACF,CACD;qBACD;iBACD;aACD;YACD,iBAAiB,EAAE,YAAY;YAC/B,WAAW,EAAE,kBAAkB;YAC/B,cAAc,EAAE,cAAc;YAC9B,aAAa,EAAE,IAAI;YACnB,SAAS,EAAE,aAAa;YACxB,aAAa,EAAE,kBAAkB;SACjC,CAAC,CAAC;QAEH,IAAI,oCAAgB,CAAC,IAAI,EAAE,uBAAuB,EAAE;YACnD,OAAO,EAAE,CAAC,0BAAM,CAAC,KAAK,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;YAC7C,iBAAiB,EAAE,aAAa;YAChC,YAAY;YACZ,iBAAiB,EAAE,CAAC,IAAI,CAAC;SACzB,CAAC,CAAC;QAEH,MAAM,YAAY,GAAc,EAAE,CAAC;QACnC,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;YAC7D,MAAM,cAAc,GACnB,YAAY,CAAC,SAAS,IAAI,YAAY,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC;gBAC1D,CAAC,CAAC,GAAG,YAAY,CAAC,SAAS,IAAI,YAAY,CAAC,UAAU,EAAE,CAAC,WAAW,EAAE;gBACtE,CAAC,CAAC,YAAY,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;YAE1C,MAAM,aAAa,GAClB,KAAK,KAAK,CAAC;gBACV,CAAC,CAAC,oBAAoB;gBACtB,CAAC,CAAC,cAAc,cAAc,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,EAAE,CAAC;YAExD,MAAM,kBAAkB,GAAG,wBAAU,CAAC,wBAAwB,CAC7D,IAAI,EACJ,aAAa,EACb;gBACC,QAAQ,EAAE,YAAY,CAAC,UAAU;gBACjC,YAAY,EAAE,YAAY,CAAC,YAAY;aACvC,CACD,CAAC;YAEF,MAAM,eAAe,GACpB,KAAK,KAAK,CAAC;gBACV,CAAC,CAAC,mBAAmB;gBACrB,CAAC,CAAC,mBAAmB,cAAc,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,EAAE,CAAC;YAE7D,MAAM,WAAW,GAAG,IAAI,qBAAO,CAAC,IAAI,EAAE,eAAe,EAAE;gBACtD,IAAI,EAAE,kBAAkB;gBACxB,UAAU,EAAE,cAAc;gBAC1B,MAAM,EAAE,0BAAY,CAAC,SAAS,CAAC,IAAI,sCAAgB,CAAC,YAAY,CAAC,CAAC;aAClE,CAAC,CAAC;YAEH,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAChC,CAAC;QAED,IAAI,uBAAS,CAAC,IAAI,EAAE,kCAAkC,EAAE;YACvD,KAAK,EAAE,YAAY,CAAC,sBAAsB;YAC1C,WAAW,EAAE,gCAAgC;YAC7C,UAAU,EAAE,GAAG,IAAI,CAAC,yBAAyB,EAAE,IAAI,KAAK,CAAC,OAAO,gBAAgB;SAChF,CAAC,CAAC;QAEH,IAAI,uBAAS,CAAC,IAAI,EAAE,eAAe,EAAE;YACpC,KAAK,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,cAAc,CAAC,CAAC,CAAC;YACtD,WAAW,EAAE,+BAA+B;YAC5C,UAAU,EAAE,GAAG,IAAI,CAAC,yBAAyB,EAAE,IAAI,KAAK,CAAC,OAAO,cAAc;SAC9E,CAAC,CAAC;IACJ,CAAC;CACD;AApMD,gDAoMC"}

package/lib/iac/lib/stacks/utils.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Returns a formatted repository name that complies with AWS CloudFormation stack naming requirements.
+ * Stack names must match the regular expression: /^[A-Za-z][A-Za-z0-9-]*$/
+ */
+export declare function formatRepoNameForCloudFormation(repoName: string): string;
+//# sourceMappingURL=utils.d.ts.map

package/lib/iac/lib/stacks/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../../src/iac/lib/stacks/utils.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,wBAAgB,+BAA+B,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAYxE"}

package/lib/iac/lib/stacks/utils.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.formatRepoNameForCloudFormation = formatRepoNameForCloudFormation;
+/**
+ * Returns a formatted repository name that complies with AWS CloudFormation stack naming requirements.
+ * Stack names must match the regular expression: /^[A-Za-z][A-Za-z0-9-]*$/
+ */
+function formatRepoNameForCloudFormation(repoName) {
+    let formattedName = repoName.toLowerCase();
+    formattedName = formattedName.replace(/[^A-Za-z0-9]/g, "-");
+    formattedName = formattedName.replace(/-+/g, "-");
+    formattedName = formattedName.replace(/^-|-$/g, "");
+    if (!/^[A-Za-z]/.test(formattedName)) {
+        formattedName = `r-${formattedName}`;
+    }
+    return formattedName;
+}
+//# sourceMappingURL=utils.js.map

package/lib/iac/lib/stacks/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../../src/iac/lib/stacks/utils.ts"],"names":[],"mappings":";;AAIA,0EAYC;AAhBD;;;GAGG;AACH,SAAgB,+BAA+B,CAAC,QAAgB;IAC/D,IAAI,aAAa,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IAE3C,aAAa,GAAG,aAAa,CAAC,OAAO,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC;IAC5D,aAAa,GAAG,aAAa,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAClD,aAAa,GAAG,aAAa,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAEpD,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;QACtC,aAAa,GAAG,KAAK,aAAa,EAAE,CAAC;IACtC,CAAC;IAED,OAAO,aAAa,CAAC;AACtB,CAAC"}

package/package.json

@@ -1,7 +1,8 @@
 {
   "name": "envilder",
-  "version": "0.8.0",
-  "description": "A CLI that securely centralizes your environment variables from AWS SSM or Azure Key Vault as a single source of truth",
+  "version": "0.9.1",
+  "description": "A CLI and GitHub Action that securely centralizes your environment variables from AWS SSM or Azure Key Vault as a single source of truth",
+  "homepage": "https://envilder.com",
   "author": {
     "name": "Marçal Albert Castellví",
     "email": "mac.albert@gmail.com",
@@ -49,6 +50,7 @@
     "cli",
     "environment",
     "secrets",
+    "secret-management",
     "automation",
     "config",
     "aws-cli",
@@ -61,7 +63,8 @@
     "actions",
     "azure",
     "key-vault",
-    "azure-key-vault"
+    "azure-key-vault",
+    "multi-cloud"
   ],
   "bugs": {
     "url": "https://github.com/macalbert/envilder/issues"
@@ -80,47 +83,45 @@
   ],
   "type": "module",
   "dependencies": {
-    "@aws-sdk/client-ssm": "^3.1014.0",
-    "@aws-sdk/credential-providers": "^3.1014.0",
-    "@azure/core-rest-pipeline": "^1.22.2",
-    "@azure/identity": "^4.13.0",
+    "@aws-sdk/client-ssm": "^3.1019.0",
+    "@aws-sdk/credential-providers": "^3.1019.0",
+    "@azure/core-rest-pipeline": "^1.23.0",
+    "@azure/identity": "^4.13.1",
     "@azure/keyvault-secrets": "^4.10.0",
-    "@types/node": "^25.3.3",
     "commander": "^14.0.3",
     "dotenv": "^17.3.1",
-    "inversify": "^7.11.0",
+    "inversify": "^8.1.0",
     "picocolors": "^1.1.1",
     "reflect-metadata": "^0.2.2"
   },
   "devDependencies": {
-    "@biomejs/biome": "^2.4.5",
-    "@commitlint/cli": "^20.4.3",
-    "@commitlint/config-conventional": "^20.4.3",
-    "@secretlint/secretlint-rule-preset-recommend": "^11.3.1",
-    "@testcontainers/localstack": "^11.12.0",
+    "@biomejs/biome": "catalog:",
+    "@commitlint/cli": "^20.5.0",
+    "@commitlint/config-conventional": "^20.5.0",
+    "@secretlint/secretlint-rule-preset-recommend": "^11.4.0",
+    "@testcontainers/localstack": "^11.13.0",
+    "@types/node": "catalog:",
     "@vercel/ncc": "^0.38.4",
-    "@vitest/coverage-v8": "^4.0.18",
+    "@vitest/coverage-v8": "catalog:",
     "glob": "^13.0.6",
     "lefthook": "^2.1.4",
-    "secretlint": "^11.3.1",
-    "testcontainers": "^11.12.0",
-    "ts-node": "^10.9.2",
+    "secretlint": "^11.4.0",
+    "testcontainers": "^11.13.0",
+    "ts-node": "catalog:",
     "tsx": "^4.21.0",
-    "typescript": "^5.9.3",
-    "vitest": "^4.0.18"
+    "typescript": "catalog:",
+    "vitest": "catalog:"
   },
   "engines": {
     "node": ">=20.0.0"
   },
   "pnpm": {
-    "overrides": {
-      "minimatch": "^10.2.2"
-    },
     "onlyBuiltDependencies": [
       "cpu-features",
       "esbuild",
       "lefthook",
       "protobufjs",
+      "sharp",
       "ssh2"
     ]
   }