puls-dev 0.1.0

package/dist/core/stack.js

@@ -0,0 +1,120 @@
+import "reflect-metadata";
+import { BaseBuilder } from "./resource.js";
+const _registry = new Map();
+function formatEntry(val) {
+    if (!val || typeof val !== "object")
+        return { primary: String(val) };
+    // Known shapes
+    if ("destroyed" in val)
+        return { primary: val.destroyed ? "🗑️  destroyed" : "─  not found" };
+    if (val.zone)
+        return { primary: val.zone };
+    if (val.name && val.id)
+        return { primary: `${val.name}  [${val.id}]` };
+    if (val.name)
+        return { primary: val.name };
+    if (val.arn)
+        return { primary: val.arn };
+    // Generic: pull all scalar values
+    const pairs = Object.entries(val).filter(([, v]) => typeof v === "string" || typeof v === "number");
+    if (pairs.length === 0)
+        return { primary: JSON.stringify(val) };
+    // Try compact inline (values only, dot-separated)
+    const inline = pairs.map(([, v]) => v).join("  ·  ");
+    if (inline.length <= 52)
+        return { primary: inline };
+    // Too long — first value as primary, rest as sub-lines
+    const [[, first], ...rest] = pairs;
+    return {
+        primary: first,
+        sub: rest.map(([k, v]) => `${k}  ${v}`),
+    };
+}
+function printOutputs(stackName, outputs) {
+    const title = ` ${stackName} `;
+    const keyWidth = Math.max(...Object.keys(outputs).map((k) => k.length));
+    const rows = Object.entries(outputs).map(([key, val]) => ({
+        key,
+        ...formatEntry(val),
+    }));
+    // textWidth = width of row text content (without the 2-space padding on each side)
+    const textWidth = Math.max(...rows.flatMap(({ key, primary, sub }) => [
+        keyWidth + 2 + primary.length,
+        ...(sub ?? []).map((s) => keyWidth + 6 + s.length),
+    ]));
+    // innerWidth = total chars between │ delimiters: text + 2-space padding each side
+    const innerWidth = Math.max(textWidth + 4, title.length);
+    const line = "─".repeat(innerWidth);
+    console.log(`\n  ┌${line}┐`);
+    console.log(`  │${title.padEnd(innerWidth)}│`);
+    console.log(`  ├${line}┤`);
+    for (const { key, primary, sub } of rows) {
+        const mainRow = `${key.padEnd(keyWidth)}  ${primary}`;
+        console.log(`  │  ${mainRow.padEnd(innerWidth - 4)}  │`);
+        for (const s of sub ?? []) {
+            const subRow = `${"".padEnd(keyWidth)}    ${s}`;
+            console.log(`  │  ${subRow.padEnd(innerWidth - 4)}  │`);
+        }
+    }
+    console.log(`  └${line}┘`);
+}
+export class Stack {
+    /** @internal — called by @Deploy to register the instance for cross-stack references. */
+    static _register(cls, instance) {
+        _registry.set(cls, instance);
+    }
+    /**
+     * Returns the already-constructed instance of another Stack so you can reference
+     * its resource Output fields before deployment completes.
+     *
+     * The target stack must be decorated with @Deploy and imported before this call.
+     *
+     * @example
+     * class DNSStack extends Stack {
+     *   private infra = Stack.from(InfraStack);
+     *   dns = DO.Domain("example.com").pointer("app", this.infra.app.ip);
+     * }
+     */
+    static from(cls) {
+        const instance = _registry.get(cls);
+        if (!instance)
+            throw new Error(`Stack "${cls.name}" is not registered. Make sure it is decorated with @Deploy and its module is imported before referencing it.`);
+        return instance;
+    }
+    async deploy() {
+        console.log(`\n🏗️  Deploying Stack: ${this.constructor.name}`);
+        const props = Object.getOwnPropertyNames(this);
+        const outputs = {};
+        for (const prop of props) {
+            const resource = this[prop];
+            if (resource instanceof BaseBuilder) {
+                const isProtected = Reflect.getMetadata("protected", this, prop);
+                const isDestroyed = Reflect.getMetadata("destroy", this, prop);
+                if (isProtected)
+                    resource.protect();
+                outputs[prop] = isDestroyed
+                    ? await resource.destroy()
+                    : await resource.deploy();
+            }
+        }
+        printOutputs(this.constructor.name, outputs);
+        return outputs;
+    }
+    async destroy() {
+        console.log(`\n💥 Tearing down Stack: ${this.constructor.name}`);
+        const props = Object.getOwnPropertyNames(this).reverse();
+        const outputs = {};
+        for (const prop of props) {
+            const resource = this[prop];
+            if (resource instanceof BaseBuilder) {
+                if (Reflect.getMetadata("protected", this, prop)) {
+                    console.log(`   🔒 Skipping protected resource "${prop}"`);
+                    continue;
+                }
+                outputs[prop] = await resource.destroy();
+            }
+        }
+        printOutputs(this.constructor.name, outputs);
+        return outputs;
+    }
+}

package/dist/index.d.ts

@@ -0,0 +1,12 @@
+export * from "./core/stack.js";
+export * from "./core/decorators.js";
+export * from "./core/checker.js";
+export * from "./core/resource.js";
+export { AWS } from "./providers/aws/index.js";
+export { DO } from "./providers/do/index.js";
+export { Proxmox } from "./providers/proxmox/index.js";
+export { Firebase } from "./providers/firebase/index.js";
+export * as AWS_TYPES from "./types/aws.js";
+export * as DO_TYPES from "./types/do.js";
+export * as PROXMOX_TYPES from "./types/proxmox.js";
+export * as INVENTORY_TYPES from "./types/inventory.js";

package/dist/index.js

@@ -0,0 +1,12 @@
+export * from "./core/stack.js";
+export * from "./core/decorators.js";
+export * from "./core/checker.js";
+export * from "./core/resource.js";
+export { AWS } from "./providers/aws/index.js";
+export { DO } from "./providers/do/index.js";
+export { Proxmox } from "./providers/proxmox/index.js";
+export { Firebase } from "./providers/firebase/index.js";
+export * as AWS_TYPES from "./types/aws.js";
+export * as DO_TYPES from "./types/do.js";
+export * as PROXMOX_TYPES from "./types/proxmox.js";
+export * as INVENTORY_TYPES from "./types/inventory.js";

package/dist/providers/aws/acm.d.ts

@@ -0,0 +1,22 @@
+import { BaseBuilder } from '../../core/resource.js';
+interface ZoneRef {
+    zoneId?: string;
+    zoneName: string;
+}
+export declare class ACMCertificateBuilder extends BaseBuilder {
+    domainName: string;
+    wildcard: boolean;
+    resolvedArn: string | null;
+    validationRecords: {
+        name: string;
+        value: string;
+    }[];
+    private _zone?;
+    constructor(domainName: string, wildcard?: boolean);
+    forZone(zone: ZoneRef): this;
+    private discoverCertificate;
+    deploy(): Promise<{
+        arn: string | null;
+    }>;
+}
+export {};

package/dist/providers/aws/acm.js

@@ -0,0 +1,109 @@
+import { ListCertificatesCommand, RequestCertificateCommand, DescribeCertificateCommand, } from '@aws-sdk/client-acm';
+import { ChangeResourceRecordSetsCommand } from '@aws-sdk/client-route-53';
+import { BaseBuilder } from '../../core/resource.js';
+import { getACMClient, getR53Client } from './api.js';
+export class ACMCertificateBuilder extends BaseBuilder {
+    domainName;
+    wildcard;
+    resolvedArn = null;
+    validationRecords = [];
+    _zone;
+    constructor(domainName, wildcard = true) {
+        super(`acm-${domainName}`);
+        this.domainName = domainName;
+        this.wildcard = wildcard;
+        this.discoveryPromise = this.discoverCertificate(domainName, wildcard);
+    }
+    forZone(zone) {
+        this._zone = zone;
+        return this;
+    }
+    async discoverCertificate(domain, wildcard) {
+        try {
+            const acm = getACMClient();
+            const primaryName = wildcard ? `*.${domain}` : domain;
+            const list = await acm.send(new ListCertificatesCommand({ CertificateStatuses: ['ISSUED', 'PENDING_VALIDATION'] }));
+            for (const cert of list.CertificateSummaryList ?? []) {
+                if (cert.DomainName === primaryName && cert.CertificateArn) {
+                    this.resolvedArn = cert.CertificateArn;
+                    return cert;
+                }
+            }
+            return null;
+        }
+        catch (e) {
+            if (e.name === 'CredentialsProviderError')
+                return null;
+            throw e;
+        }
+    }
+    async deploy() {
+        const dryRun = this.isDryRunActive();
+        const existing = await this.discoveryPromise;
+        console.log(`\n🔐 Finalizing ACM Certificate for "${this.domainName}"...`);
+        if (existing) {
+            console.log(`   ✅ Certificate already exists (${existing.Status ?? 'ISSUED'}): ${this.resolvedArn}`);
+            return { arn: this.resolvedArn };
+        }
+        const primaryName = this.wildcard ? `*.${this.domainName}` : this.domainName;
+        const sanNames = this.wildcard ? [this.domainName] : [];
+        if (dryRun) {
+            console.log(`   📝 [PLAN] Request ${this.wildcard ? 'wildcard ' : ''}certificate: ${primaryName}`);
+            console.log(`   📝 [PLAN] DNS validation CNAMEs will be auto-written to Route53`);
+            this.resolvedArn = `arn:aws:acm:us-east-1:DRYRUN:certificate/pending`;
+            return { arn: this.resolvedArn };
+        }
+        const acm = getACMClient();
+        const result = await acm.send(new RequestCertificateCommand({
+            DomainName: primaryName,
+            SubjectAlternativeNames: sanNames.length ? sanNames : undefined,
+            ValidationMethod: 'DNS',
+        }));
+        this.resolvedArn = result.CertificateArn;
+        console.log(`🚀 Requested certificate ${primaryName} (arn=${this.resolvedArn})`);
+        // Step 1: wait until ALL DomainValidationOptions have their ResourceRecord
+        // (wildcard + apex SANs each get an entry; ACM can generate them at different times)
+        await this.waitFor('validation records to be generated', async () => {
+            const detail = await acm.send(new DescribeCertificateCommand({ CertificateArn: this.resolvedArn }));
+            const options = detail.Certificate?.DomainValidationOptions ?? [];
+            if (options.length === 0)
+                return false;
+            const withRecords = options.filter(o => o.ResourceRecord);
+            if (withRecords.length < options.length)
+                return false;
+            this.validationRecords = withRecords.map(o => ({
+                name: o.ResourceRecord.Name,
+                value: o.ResourceRecord.Value,
+            }));
+            return true;
+        }, { intervalMs: 5_000, timeoutMs: 60_000 });
+        // Step 2: write them into Route53 automatically — no manual DNS work needed
+        if (this._zone?.zoneId) {
+            // Wildcard certs produce duplicate CNAME names across SANs — deduplicate before sending
+            const unique = Array.from(new Map(this.validationRecords.map(r => [r.name, r])).values());
+            const r53 = getR53Client();
+            await r53.send(new ChangeResourceRecordSetsCommand({
+                HostedZoneId: this._zone.zoneId,
+                ChangeBatch: {
+                    Changes: unique.map(r => ({
+                        Action: 'UPSERT',
+                        ResourceRecordSet: {
+                            Name: r.name.replace(/\.$/, ''),
+                            Type: 'CNAME',
+                            TTL: 300,
+                            ResourceRecords: [{ Value: r.value.replace(/\.$/, '') }],
+                        },
+                    })),
+                },
+            }));
+            console.log(`   ✅ Auto-wrote ${unique.length} validation CNAME(s) to Route53`);
+        }
+        // Step 3: now wait for ISSUED — records are in DNS so this will actually resolve
+        await this.waitFor(`certificate "${this.domainName}" to be validated`, async () => {
+            const detail = await acm.send(new DescribeCertificateCommand({ CertificateArn: this.resolvedArn }));
+            return detail.Certificate?.Status === 'ISSUED';
+        }, { intervalMs: 15_000, timeoutMs: 600_000 });
+        console.log(`   ✅ Certificate issued: ${this.resolvedArn}`);
+        return { arn: this.resolvedArn };
+    }
+}

package/dist/providers/aws/api.d.ts

@@ -0,0 +1,28 @@
+import { S3Client } from '@aws-sdk/client-s3';
+import { CloudFrontClient } from '@aws-sdk/client-cloudfront';
+import { Route53Client } from '@aws-sdk/client-route-53';
+import { Route53DomainsClient } from '@aws-sdk/client-route-53-domains';
+import { ACMClient } from '@aws-sdk/client-acm';
+import { LambdaClient } from '@aws-sdk/client-lambda';
+import { IAMClient } from '@aws-sdk/client-iam';
+import { ApiGatewayV2Client } from '@aws-sdk/client-apigatewayv2';
+import { ECSClient } from '@aws-sdk/client-ecs';
+import { EC2Client } from '@aws-sdk/client-ec2';
+import { CloudWatchLogsClient } from '@aws-sdk/client-cloudwatch-logs';
+import { RDSClient } from '@aws-sdk/client-rds';
+import { SQSClient } from '@aws-sdk/client-sqs';
+import { SecretsManagerClient } from '@aws-sdk/client-secrets-manager';
+export declare const getS3Client: (region?: string) => S3Client;
+export declare const getCFClient: () => CloudFrontClient;
+export declare const getR53Client: () => Route53Client;
+export declare const getR53DomainsClient: () => Route53DomainsClient;
+export declare const getACMClient: () => ACMClient;
+export declare const getIAMClient: () => IAMClient;
+export declare const getLambdaClient: (region?: string) => LambdaClient;
+export declare const getAPIGWClient: (region?: string) => ApiGatewayV2Client;
+export declare const getECSClient: (region?: string) => ECSClient;
+export declare const getEC2Client: (region?: string) => EC2Client;
+export declare const getCWLogsClient: (region?: string) => CloudWatchLogsClient;
+export declare const getRDSClient: (region?: string) => RDSClient;
+export declare const getSQSClient: (region?: string) => SQSClient;
+export declare const getSecretsClient: (region?: string) => SecretsManagerClient;

package/dist/providers/aws/api.js

@@ -0,0 +1,36 @@
+import { S3Client } from '@aws-sdk/client-s3';
+import { CloudFrontClient } from '@aws-sdk/client-cloudfront';
+import { Route53Client } from '@aws-sdk/client-route-53';
+import { Route53DomainsClient } from '@aws-sdk/client-route-53-domains';
+import { ACMClient } from '@aws-sdk/client-acm';
+import { LambdaClient } from '@aws-sdk/client-lambda';
+import { IAMClient } from '@aws-sdk/client-iam';
+import { ApiGatewayV2Client } from '@aws-sdk/client-apigatewayv2';
+import { ECSClient } from '@aws-sdk/client-ecs';
+import { EC2Client } from '@aws-sdk/client-ec2';
+import { CloudWatchLogsClient } from '@aws-sdk/client-cloudwatch-logs';
+import { RDSClient } from '@aws-sdk/client-rds';
+import { SQSClient } from '@aws-sdk/client-sqs';
+import { SecretsManagerClient } from '@aws-sdk/client-secrets-manager';
+import { Config } from '../../core/config.js';
+function getRegion() {
+    const region = Config.get().providers.aws?.region;
+    if (!region)
+        throw new Error('AWS region not configured. Call AWS.init({ region: "..." })');
+    return region;
+}
+export const getS3Client = (region) => new S3Client({ region: region ?? getRegion() });
+// CloudFront, Route53, ACM, Route53 Domains, and IAM are all global — must use us-east-1
+export const getCFClient = () => new CloudFrontClient({ region: 'us-east-1' });
+export const getR53Client = () => new Route53Client({ region: 'us-east-1' });
+export const getR53DomainsClient = () => new Route53DomainsClient({ region: 'us-east-1' });
+export const getACMClient = () => new ACMClient({ region: 'us-east-1' });
+export const getIAMClient = () => new IAMClient({ region: 'us-east-1' });
+export const getLambdaClient = (region) => new LambdaClient({ region: region ?? getRegion() });
+export const getAPIGWClient = (region) => new ApiGatewayV2Client({ region: region ?? getRegion() });
+export const getECSClient = (region) => new ECSClient({ region: region ?? getRegion() });
+export const getEC2Client = (region) => new EC2Client({ region: region ?? getRegion() });
+export const getCWLogsClient = (region) => new CloudWatchLogsClient({ region: region ?? getRegion() });
+export const getRDSClient = (region) => new RDSClient({ region: region ?? getRegion() });
+export const getSQSClient = (region) => new SQSClient({ region: region ?? getRegion() });
+export const getSecretsClient = (region) => new SecretsManagerClient({ region: region ?? getRegion() });

package/dist/providers/aws/apigateway.d.ts

@@ -0,0 +1,24 @@
+import { BaseBuilder } from '../../core/resource.js';
+import { LambdaBuilder } from './lambda.js';
+export declare class APIGatewayBuilder extends BaseBuilder {
+    private _routes;
+    resolvedId: string | null;
+    resolvedEndpoint: string | null;
+    constructor(name: string);
+    private discoverApi;
+    route(methodPath: string, fn: LambdaBuilder): this;
+    proxy(fn: LambdaBuilder): this;
+    deploy(): Promise<{
+        name: string;
+        endpoint: string;
+        id?: undefined;
+    } | {
+        name: string;
+        endpoint: string | null;
+        id: string | null;
+    }>;
+    private grantInvokePermission;
+    destroy(): Promise<{
+        destroyed: string;
+    }>;
+}

package/dist/providers/aws/apigateway.js

@@ -0,0 +1,157 @@
+import { GetApisCommand, CreateApiCommand, GetIntegrationsCommand, CreateIntegrationCommand, GetRoutesCommand, CreateRouteCommand, DeleteApiCommand, } from '@aws-sdk/client-apigatewayv2';
+import { AddPermissionCommand } from '@aws-sdk/client-lambda';
+import { BaseBuilder } from '../../core/resource.js';
+import { getAPIGWClient, getLambdaClient } from './api.js';
+import { Config } from '../../core/config.js';
+export class APIGatewayBuilder extends BaseBuilder {
+    _routes = [];
+    resolvedId = null;
+    resolvedEndpoint = null;
+    constructor(name) {
+        super(name);
+        this.discoveryPromise = this.discoverApi(name);
+    }
+    async discoverApi(name) {
+        try {
+            const gw = getAPIGWClient();
+            const list = await gw.send(new GetApisCommand({}));
+            const match = list.Items?.find(a => a.Name === name);
+            if (match) {
+                this.resolvedId = match.ApiId;
+                this.resolvedEndpoint = match.ApiEndpoint ?? null;
+            }
+            return match ?? null;
+        }
+        catch (e) {
+            if (e.name === 'CredentialsProviderError')
+                return null;
+            throw e;
+        }
+    }
+    route(methodPath, fn) {
+        const spaceIdx = methodPath.indexOf(' ');
+        const method = methodPath.slice(0, spaceIdx).toUpperCase();
+        const path = methodPath.slice(spaceIdx + 1);
+        this._routes.push({ method, path, fn });
+        return this;
+    }
+    // Single Lambda proxy — forwards all traffic to one function
+    proxy(fn) {
+        return this.route('ANY /{proxy+}', fn);
+    }
+    async deploy() {
+        const dryRun = this.isDryRunActive();
+        const existing = await this.discoveryPromise;
+        const region = Config.get().providers.aws?.region ?? 'us-east-1';
+        const gw = getAPIGWClient();
+        console.log(`\n⚡ Finalizing API Gateway "${this.name}"...`);
+        if (dryRun) {
+            console.log(`   📝 [PLAN] ${existing ? 'Update' : 'Create'} HTTP API "${this.name}"`);
+            for (const r of this._routes) {
+                console.log(`      └─ ${r.method} ${r.path} → ${r.fn.name}`);
+            }
+            this.resolvedEndpoint = `https://DRYRUN.execute-api.${region}.amazonaws.com`;
+            return { name: this.name, endpoint: this.resolvedEndpoint };
+        }
+        // Create API if it doesn't exist
+        if (!existing) {
+            const created = await gw.send(new CreateApiCommand({
+                Name: this.name,
+                ProtocolType: 'HTTP',
+                // Auto-deploy on $default stage — no manual deployment step needed
+                RouteSelectionExpression: '$request.method $request.path',
+            }));
+            this.resolvedId = created.ApiId;
+            this.resolvedEndpoint = created.ApiEndpoint;
+            console.log(`🚀 Created HTTP API "${this.name}" (id=${this.resolvedId})`);
+            // $default stage with auto-deploy
+            await gw.send(new (await import('@aws-sdk/client-apigatewayv2')).CreateStageCommand({
+                ApiId: this.resolvedId,
+                StageName: '$default',
+                AutoDeploy: true,
+            }));
+        }
+        else {
+            console.log(`   ✅ HTTP API "${this.name}" exists (id=${this.resolvedId})`);
+        }
+        // Reconcile routes — only create what's missing
+        const existingIntegrations = await gw.send(new GetIntegrationsCommand({ ApiId: this.resolvedId }));
+        const existingRoutes = await gw.send(new GetRoutesCommand({ ApiId: this.resolvedId }));
+        const integrationByFnArn = new Map();
+        for (const i of existingIntegrations.Items ?? []) {
+            if (i.IntegrationUri)
+                integrationByFnArn.set(i.IntegrationUri, i.IntegrationId);
+        }
+        const existingRouteKeys = new Set((existingRoutes.Items ?? []).map(r => r.RouteKey));
+        for (const r of this._routes) {
+            const fnArn = r.fn.resolvedArn;
+            if (!fnArn)
+                throw new Error(`[APIGateway:${this.name}] Lambda "${r.fn.name}" has no resolvedArn — deploy it before the API.`);
+            const integrationUri = `arn:aws:apigateway:${region}:lambda:path/2015-03-31/functions/${fnArn}/invocations`;
+            // Reuse existing integration for this Lambda or create a new one
+            let integrationId = integrationByFnArn.get(integrationUri);
+            if (!integrationId) {
+                const integ = await gw.send(new CreateIntegrationCommand({
+                    ApiId: this.resolvedId,
+                    IntegrationType: 'AWS_PROXY',
+                    IntegrationUri: integrationUri,
+                    PayloadFormatVersion: '2.0',
+                }));
+                integrationId = integ.IntegrationId;
+                integrationByFnArn.set(integrationUri, integrationId);
+                console.log(`   ✅ Created integration → ${r.fn.name}`);
+            }
+            const routeKey = `${r.method} ${r.path}`;
+            if (!existingRouteKeys.has(routeKey)) {
+                await gw.send(new CreateRouteCommand({
+                    ApiId: this.resolvedId,
+                    RouteKey: routeKey,
+                    Target: `integrations/${integrationId}`,
+                }));
+                console.log(`   ✅ Route: ${routeKey} → ${r.fn.name}`);
+            }
+            else {
+                console.log(`   ✅ Route already exists: ${routeKey}`);
+            }
+            // Grant API Gateway permission to invoke this Lambda (idempotent)
+            await this.grantInvokePermission(fnArn, region);
+        }
+        console.log(`   🌐 Endpoint: ${this.resolvedEndpoint}`);
+        await this.deploySidecars();
+        return { name: this.name, endpoint: this.resolvedEndpoint, id: this.resolvedId };
+    }
+    async grantInvokePermission(fnArn, region) {
+        const accountId = fnArn.split(':')[4];
+        const statementId = `puls-apigw-${this.resolvedId}`;
+        try {
+            await getLambdaClient().send(new AddPermissionCommand({
+                FunctionName: fnArn,
+                StatementId: statementId,
+                Action: 'lambda:InvokeFunction',
+                Principal: 'apigateway.amazonaws.com',
+                SourceArn: `arn:aws:execute-api:${region}:${accountId}:${this.resolvedId}/*/*`,
+            }));
+        }
+        catch (e) {
+            // Permission already exists — idempotent
+            if (e.name !== 'ResourceConflictException')
+                throw e;
+        }
+    }
+    async destroy() {
+        const dryRun = this.isDryRunActive();
+        const existing = await this.discoveryPromise;
+        console.log(`\n🗑️  Destroying API Gateway "${this.name}"...`);
+        if (!existing) {
+            console.log(`   ✅ API "${this.name}" does not exist — nothing to do`);
+            return { destroyed: this.name };
+        }
+        if (dryRun) {
+            console.log(`   📝 [PLAN] Delete HTTP API "${this.name}" (id=${this.resolvedId})`);
+            return { destroyed: this.name };
+        }
+        await getAPIGWClient().send(new DeleteApiCommand({ ApiId: this.resolvedId }));
+        console.log(`   ✅ Deleted API "${this.name}"`);
+        return { destroyed: this.name };
+    }
+}

package/dist/providers/aws/cloudfront.d.ts

@@ -0,0 +1,31 @@
+import { BaseBuilder } from '../../core/resource.js';
+import { S3BucketBuilder } from './s3.js';
+import { Route53Builder } from './route53.js';
+export declare class CloudFrontBuilder extends BaseBuilder {
+    resolvedArn: string | null;
+    resolvedId: string | null;
+    private _origin;
+    private _aliases;
+    private _prefixes;
+    private _zone?;
+    private _referenceId?;
+    private _kvsName?;
+    private _certRef?;
+    private _invalidatePaths?;
+    constructor(name: string);
+    private discoverDistribution;
+    invalidate(paths: string[]): this;
+    withRedirector(opts: {
+        kvs: string;
+    }): this;
+    copyFrom(distributionId: string): this;
+    forDomain(zone: Route53Builder, prefixes: string[]): this;
+    origin(source: S3BucketBuilder | string): this;
+    dns(aliases: string | string[]): this;
+    deploy(): Promise<{
+        id: string | null;
+        arn: string | null;
+        name: string;
+    }>;
+    private buildBaseConfig;
+}