puls-dev 0.1.0

package/dist/providers/aws/cloudfront.js

@@ -0,0 +1,205 @@
+import { ListDistributionsCommand, GetDistributionCommand, CreateDistributionCommand, GetDistributionConfigCommand, CreateInvalidationCommand, } from '@aws-sdk/client-cloudfront';
+import { BaseBuilder } from '../../core/resource.js';
+import { S3BucketBuilder } from './s3.js';
+import { getCFClient } from './api.js';
+export class CloudFrontBuilder extends BaseBuilder {
+    resolvedArn = null;
+    resolvedId = null;
+    _origin;
+    _aliases = [];
+    _prefixes = [];
+    _zone;
+    _referenceId;
+    _kvsName;
+    _certRef;
+    _invalidatePaths;
+    constructor(name) {
+        super(name);
+        this.discoveryPromise = this.discoverDistribution(name);
+    }
+    async discoverDistribution(name) {
+        try {
+            const cf = getCFClient();
+            const list = await cf.send(new ListDistributionsCommand({}));
+            const items = list.DistributionList?.Items ?? [];
+            const match = items.find(d => d.Comment === name || d.Id === name);
+            if (match) {
+                this.resolvedId = match.Id;
+                this.resolvedArn = match.ARN;
+            }
+            return match ?? null;
+        }
+        catch (e) {
+            if (e.name === 'CredentialsProviderError')
+                return null;
+            throw e;
+        }
+    }
+    invalidate(paths) {
+        this._invalidatePaths = paths;
+        return this;
+    }
+    withRedirector(opts) {
+        this._kvsName = opts.kvs;
+        return this;
+    }
+    copyFrom(distributionId) {
+        this._referenceId = distributionId;
+        return this;
+    }
+    forDomain(zone, prefixes) {
+        this._zone = zone;
+        this._prefixes = prefixes;
+        this._aliases = prefixes.map(p => `${p}.${zone.zoneName}`);
+        const cert = zone.cert();
+        if (cert)
+            this._certRef = cert;
+        return this;
+    }
+    origin(source) {
+        this._origin = source;
+        return this;
+    }
+    dns(aliases) {
+        this._aliases = Array.isArray(aliases) ? aliases : [aliases];
+        return this;
+    }
+    async deploy() {
+        const dryRun = this.isDryRunActive();
+        const existing = await this.discoveryPromise;
+        const cf = getCFClient();
+        console.log(`\n⚡ Finalizing CloudFront Distribution "${this.name}"...`);
+        if (existing) {
+            this.resolvedId = existing.Id;
+            this.resolvedArn = existing.ARN;
+            console.log(`   ✅ Distribution "${this.name}" exists (id=${this.resolvedId})`);
+            if (this._aliases.length)
+                console.log(`   ✅ Aliases: [${this._aliases.join(', ')}]`);
+            if (this._invalidatePaths?.length) {
+                if (dryRun) {
+                    console.log(`   📝 [PLAN] Invalidate: ${this._invalidatePaths.join(', ')}`);
+                }
+                else {
+                    await cf.send(new CreateInvalidationCommand({
+                        DistributionId: this.resolvedId,
+                        InvalidationBatch: {
+                            Paths: { Quantity: this._invalidatePaths.length, Items: this._invalidatePaths },
+                            CallerReference: `puls-${Date.now()}`,
+                        },
+                    }));
+                    console.log(`   ✅ Invalidated: ${this._invalidatePaths.join(', ')}`);
+                }
+            }
+            return { id: this.resolvedId, arn: this.resolvedArn, name: this.name };
+        }
+        if (dryRun) {
+            console.log(`   📝 [PLAN] Create distribution "${this.name}"`);
+            if (this._referenceId)
+                console.log(`      └─ Clone config from: ${this._referenceId}`);
+            if (this._aliases.length)
+                console.log(`      └─ Aliases: [${this._aliases.join(', ')}]`);
+            const dryRunCert = this._certRef ?? this._zone?.cert();
+            if (dryRunCert?.resolvedArn)
+                console.log(`      └─ Certificate: ${dryRunCert.resolvedArn}`);
+            if (this._kvsName)
+                console.log(`      └─ KVS redirector: ${this._kvsName}`);
+            if (this._zone && this._prefixes.length) {
+                console.log(`   📝 [PLAN] Add Route53 CNAMEs in ${this._zone.zoneName}:`);
+                for (const p of this._prefixes) {
+                    console.log(`      └─ ${p}.${this._zone.zoneName} → <cf-domain>.cloudfront.net`);
+                }
+            }
+            this.resolvedArn = `arn:aws:cloudfront::DRYRUN:distribution/PENDING`;
+            this.resolvedId = 'PENDING';
+            return { id: this.resolvedId, arn: this.resolvedArn, name: this.name };
+        }
+        let distroConfig;
+        if (this._referenceId) {
+            // Clone from reference distribution
+            const ref = await cf.send(new GetDistributionConfigCommand({ Id: this._referenceId }));
+            distroConfig = ref.DistributionConfig;
+            console.log(`   📋 Cloning config from ${this._referenceId}`);
+        }
+        else {
+            distroConfig = this.buildBaseConfig();
+        }
+        // Override comment (used as our "name")
+        distroConfig.Comment = this.name;
+        // Override aliases + cert if provided
+        if (this._aliases.length) {
+            distroConfig.Aliases = { Quantity: this._aliases.length, Items: this._aliases };
+        }
+        // _certRef is set at construction time, but cert sidecar is added lazily in zone.deploy() —
+        // fall back to zone.cert() which is populated by the time CloudFront.deploy() runs
+        const certRef = this._certRef ?? this._zone?.cert();
+        if (certRef?.resolvedArn) {
+            distroConfig.ViewerCertificate = {
+                ACMCertificateArn: certRef.resolvedArn,
+                SSLSupportMethod: 'sni-only',
+                MinimumProtocolVersion: 'TLSv1.2_2021',
+            };
+        }
+        // Remove CallerReference from cloned config — AWS will reject it
+        delete distroConfig.CallerReference;
+        const distroInput = { ...distroConfig, CallerReference: `puls-${this.name}-${Date.now()}` };
+        // ACM ISSUED → CloudFront cert index replication can take up to ~5 min
+        const MAX_ATTEMPTS = 10;
+        let result;
+        for (let attempt = 1; attempt <= MAX_ATTEMPTS; attempt++) {
+            try {
+                result = await cf.send(new CreateDistributionCommand({ DistributionConfig: distroInput }));
+                break;
+            }
+            catch (e) {
+                if (e.name === 'InvalidViewerCertificate' && attempt < MAX_ATTEMPTS) {
+                    console.log(`   ⏳ Cert not yet visible to CloudFront — retrying in 30s (${attempt}/${MAX_ATTEMPTS - 1})...`);
+                    await new Promise(r => setTimeout(r, 30_000));
+                }
+                else
+                    throw e;
+            }
+        }
+        this.resolvedId = result.Distribution.Id;
+        this.resolvedArn = result.Distribution.ARN;
+        console.log(`🚀 Created distribution "${this.name}" (id=${this.resolvedId})`);
+        await this.waitFor(`distribution "${this.name}" to finish deploying`, async () => {
+            const d = await cf.send(new GetDistributionCommand({ Id: this.resolvedId }));
+            return d.Distribution?.Status === 'Deployed';
+        }, { intervalMs: 30_000, timeoutMs: 1_200_000 });
+        const cfDomain = result.Distribution.DomainName;
+        console.log(`   🌐 Domain: ${cfDomain}`);
+        if (this._zone && this._prefixes.length) {
+            await this._zone.upsertCnames(this._prefixes.map(p => ({ name: p, value: cfDomain })));
+        }
+        return { id: this.resolvedId, arn: this.resolvedArn, name: this.name };
+    }
+    buildBaseConfig() {
+        const originId = `puls-origin-${this.name}`;
+        const originDomain = this._origin instanceof S3BucketBuilder
+            ? `${this._origin.bucketName}.s3.amazonaws.com`
+            : this._origin ?? 'example.com';
+        return {
+            Comment: this.name,
+            Enabled: true,
+            HttpVersion: 'http2',
+            Origins: {
+                Quantity: 1,
+                Items: [{
+                        Id: originId,
+                        DomainName: originDomain,
+                        S3OriginConfig: { OriginAccessIdentity: '' },
+                    }],
+            },
+            DefaultCacheBehavior: {
+                TargetOriginId: originId,
+                ViewerProtocolPolicy: 'redirect-to-https',
+                CachePolicyId: '658327ea-f89d-4fab-a63d-7e88639e58f6', // Managed-CachingOptimized
+                AllowedMethods: { Quantity: 2, Items: ['GET', 'HEAD'], CachedMethods: { Quantity: 2, Items: ['GET', 'HEAD'] } },
+                Compress: true,
+                ForwardedValues: { QueryString: false, Cookies: { Forward: 'none' } },
+                MinTTL: 0,
+            },
+            PriceClass: 'PriceClass_All',
+        };
+    }
+}

package/dist/providers/aws/fargate.d.ts

@@ -0,0 +1,43 @@
+import { BaseBuilder } from '../../core/resource.js';
+import { SecretsBuilder } from './secrets.js';
+export declare class FargateBuilder extends BaseBuilder {
+    private _image?;
+    private _cpu;
+    private _memory;
+    private _port?;
+    private _replicas;
+    private _env;
+    private _clusterName;
+    private _subnetIds?;
+    private _securityGroupIds?;
+    resolvedArn: string | null;
+    constructor(name: string);
+    image(img: string): this;
+    cpu(units: number): this;
+    memory(mb: number): this;
+    port(p: number): this;
+    replicas(n: number): this;
+    cluster(name: string): this;
+    subnets(ids: string[]): this;
+    securityGroups(ids: string[]): this;
+    env(vars: Record<string, string | SecretsBuilder>): this;
+    private discoverService;
+    private ensureCluster;
+    private ensureExecutionRole;
+    private ensureLogGroup;
+    private discoverDefaultVpc;
+    private ensureSecurityGroup;
+    private resolveNetworking;
+    deploy(): Promise<{
+        name: string;
+        arn: string;
+        cluster?: undefined;
+    } | {
+        name: string;
+        arn: string | null;
+        cluster: string;
+    }>;
+    destroy(): Promise<{
+        destroyed: string;
+    }>;
+}

package/dist/providers/aws/fargate.js

@@ -0,0 +1,277 @@
+import { DescribeClustersCommand, CreateClusterCommand, DescribeServicesCommand, CreateServiceCommand, UpdateServiceCommand, DeleteServiceCommand, RegisterTaskDefinitionCommand, NetworkMode, LaunchType, SchedulingStrategy, } from '@aws-sdk/client-ecs';
+import { DescribeVpcsCommand, DescribeSubnetsCommand, DescribeSecurityGroupsCommand, CreateSecurityGroupCommand, AuthorizeSecurityGroupIngressCommand, } from '@aws-sdk/client-ec2';
+import { GetRoleCommand, CreateRoleCommand, AttachRolePolicyCommand, } from '@aws-sdk/client-iam';
+import { DescribeLogGroupsCommand, CreateLogGroupCommand, } from '@aws-sdk/client-cloudwatch-logs';
+import { BaseBuilder } from '../../core/resource.js';
+import { getECSClient, getEC2Client, getIAMClient, getCWLogsClient } from './api.js';
+import { resolveEnvVars } from './secrets.js';
+import { Config } from '../../core/config.js';
+const ECS_ASSUME_ROLE_POLICY = JSON.stringify({
+    Version: '2012-10-17',
+    Statement: [{ Effect: 'Allow', Principal: { Service: 'ecs-tasks.amazonaws.com' }, Action: 'sts:AssumeRole' }],
+});
+export class FargateBuilder extends BaseBuilder {
+    _image;
+    _cpu = 256;
+    _memory = 512;
+    _port;
+    _replicas = 1;
+    _env = {};
+    _clusterName = 'puls';
+    _subnetIds;
+    _securityGroupIds;
+    resolvedArn = null;
+    constructor(name) {
+        super(name);
+        this.discoveryPromise = this.discoverService(name);
+    }
+    image(img) { this._image = img; return this; }
+    cpu(units) { this._cpu = units; return this; }
+    memory(mb) { this._memory = mb; return this; }
+    port(p) { this._port = p; return this; }
+    replicas(n) { this._replicas = n; return this; }
+    cluster(name) { this._clusterName = name; return this; }
+    subnets(ids) { this._subnetIds = ids; return this; }
+    securityGroups(ids) { this._securityGroupIds = ids; return this; }
+    env(vars) { this._env = { ...this._env, ...vars }; return this; }
+    async discoverService(name) {
+        try {
+            const ecs = getECSClient();
+            const clusterDesc = await ecs.send(new DescribeClustersCommand({ clusters: [this._clusterName] }));
+            const cluster = clusterDesc.clusters?.find(c => c.status === 'ACTIVE');
+            if (!cluster)
+                return null;
+            const result = await ecs.send(new DescribeServicesCommand({
+                cluster: this._clusterName,
+                services: [name],
+            }));
+            const svc = result.services?.find(s => s.status !== 'INACTIVE');
+            if (svc)
+                this.resolvedArn = svc.serviceArn ?? null;
+            return svc ?? null;
+        }
+        catch (e) {
+            if (e.name === 'ClusterNotFoundException' || e.name === 'CredentialsProviderError')
+                return null;
+            throw e;
+        }
+    }
+    async ensureCluster() {
+        const ecs = getECSClient();
+        const desc = await ecs.send(new DescribeClustersCommand({ clusters: [this._clusterName] }));
+        const existing = desc.clusters?.find(c => c.status === 'ACTIVE');
+        if (existing)
+            return existing.clusterArn;
+        const created = await ecs.send(new CreateClusterCommand({ clusterName: this._clusterName }));
+        console.log(`   ✅ Created ECS cluster: ${this._clusterName}`);
+        return created.cluster.clusterArn;
+    }
+    async ensureExecutionRole() {
+        const roleName = `puls-fargate-${this.name}-exec-role`;
+        const iam = getIAMClient();
+        try {
+            const existing = await iam.send(new GetRoleCommand({ RoleName: roleName }));
+            return existing.Role.Arn;
+        }
+        catch (e) {
+            if (e.name !== 'NoSuchEntityException')
+                throw e;
+        }
+        const created = await iam.send(new CreateRoleCommand({
+            RoleName: roleName,
+            AssumeRolePolicyDocument: ECS_ASSUME_ROLE_POLICY,
+            Description: `Task execution role for OpsDSL Fargate service "${this.name}"`,
+        }));
+        await iam.send(new AttachRolePolicyCommand({
+            RoleName: roleName,
+            PolicyArn: 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy',
+        }));
+        console.log(`   ✅ Created execution role: ${roleName}`);
+        return created.Role.Arn;
+    }
+    async ensureLogGroup() {
+        const logGroupName = `/puls/${this.name}`;
+        const cw = getCWLogsClient();
+        const existing = await cw.send(new DescribeLogGroupsCommand({ logGroupNamePrefix: logGroupName }));
+        if (existing.logGroups?.some(g => g.logGroupName === logGroupName))
+            return logGroupName;
+        await cw.send(new CreateLogGroupCommand({ logGroupName }));
+        console.log(`   ✅ Created log group: ${logGroupName}`);
+        return logGroupName;
+    }
+    async discoverDefaultVpc() {
+        const ec2 = getEC2Client();
+        const vpcs = await ec2.send(new DescribeVpcsCommand({
+            Filters: [{ Name: 'isDefault', Values: ['true'] }],
+        }));
+        const vpcId = vpcs.Vpcs?.[0]?.VpcId;
+        if (!vpcId)
+            throw new Error(`[Fargate:${this.name}] No default VPC found. Use .subnets(ids[]) to specify subnets.`);
+        const subnets = await ec2.send(new DescribeSubnetsCommand({
+            Filters: [{ Name: 'vpc-id', Values: [vpcId] }],
+        }));
+        const subnetIds = (subnets.Subnets ?? []).map(s => s.SubnetId).filter(Boolean);
+        return { vpcId, subnetIds };
+    }
+    async ensureSecurityGroup(vpcId) {
+        const ec2 = getEC2Client();
+        const sgName = `puls-${this.name}-sg`;
+        const existing = await ec2.send(new DescribeSecurityGroupsCommand({
+            Filters: [
+                { Name: 'group-name', Values: [sgName] },
+                { Name: 'vpc-id', Values: [vpcId] },
+            ],
+        }));
+        if (existing.SecurityGroups?.length)
+            return existing.SecurityGroups[0].GroupId;
+        const created = await ec2.send(new CreateSecurityGroupCommand({
+            GroupName: sgName,
+            Description: `OpsDSL Fargate service "${this.name}"`,
+            VpcId: vpcId,
+        }));
+        const sgId = created.GroupId;
+        if (this._port) {
+            await ec2.send(new AuthorizeSecurityGroupIngressCommand({
+                GroupId: sgId,
+                IpPermissions: [{
+                        IpProtocol: 'tcp',
+                        FromPort: this._port,
+                        ToPort: this._port,
+                        IpRanges: [{ CidrIp: '0.0.0.0/0' }],
+                        Ipv6Ranges: [{ CidrIpv6: '::/0' }],
+                    }],
+            }));
+        }
+        console.log(`   ✅ Created security group: ${sgName} (${sgId})`);
+        return sgId;
+    }
+    async resolveNetworking() {
+        if (this._subnetIds && this._securityGroupIds) {
+            return { subnetIds: this._subnetIds, securityGroupIds: this._securityGroupIds };
+        }
+        const { vpcId, subnetIds } = await this.discoverDefaultVpc();
+        const sgId = this._securityGroupIds?.[0] ?? await this.ensureSecurityGroup(vpcId);
+        return {
+            subnetIds: this._subnetIds ?? subnetIds,
+            securityGroupIds: [sgId],
+        };
+    }
+    async deploy() {
+        const dryRun = this.isDryRunActive();
+        const existing = await this.discoveryPromise;
+        const region = Config.get().providers.aws?.region ?? 'us-east-1';
+        console.log(`\n⚡ Finalizing Fargate Service "${this.name}"...`);
+        if (!this._image)
+            throw new Error(`[Fargate:${this.name}] .image("...") is required`);
+        if (dryRun) {
+            console.log(`   📝 [PLAN] ${existing ? 'Update' : 'Create'} Fargate service "${this.name}"`);
+            console.log(`      └─ Cluster: ${this._clusterName}`);
+            console.log(`      └─ Image: ${this._image}`);
+            console.log(`      └─ CPU: ${this._cpu} | Memory: ${this._memory}MB | Replicas: ${this._replicas}`);
+            if (this._port)
+                console.log(`      └─ Port: ${this._port}`);
+            if (Object.keys(this._env).length)
+                console.log(`      └─ Env vars: ${Object.keys(this._env).join(', ')}`);
+            this.resolvedArn = `arn:aws:ecs:${region}:000000000000:service/${this._clusterName}/DRYRUN`;
+            return { name: this.name, arn: this.resolvedArn };
+        }
+        const [clusterArn, executionRoleArn, logGroupName, networking] = await Promise.all([
+            this.ensureCluster(),
+            this.ensureExecutionRole(),
+            this.ensureLogGroup(),
+            this.resolveNetworking(),
+        ]);
+        // Register a new task definition revision
+        const containerDef = {
+            name: this.name,
+            image: this._image,
+            essential: true,
+            logConfiguration: {
+                logDriver: 'awslogs',
+                options: {
+                    'awslogs-group': logGroupName,
+                    'awslogs-region': region,
+                    'awslogs-stream-prefix': this.name,
+                },
+            },
+        };
+        if (this._port)
+            containerDef.portMappings = [{ containerPort: this._port, protocol: 'tcp' }];
+        if (Object.keys(this._env).length) {
+            const resolvedEnv = await resolveEnvVars(this._env);
+            containerDef.environment = Object.entries(resolvedEnv).map(([name, value]) => ({ name, value }));
+        }
+        const taskDef = await getECSClient().send(new RegisterTaskDefinitionCommand({
+            family: this.name,
+            networkMode: NetworkMode.AWSVPC,
+            requiresCompatibilities: ['FARGATE'],
+            cpu: String(this._cpu),
+            memory: String(this._memory),
+            executionRoleArn,
+            containerDefinitions: [containerDef],
+        }));
+        const taskDefArn = taskDef.taskDefinition.taskDefinitionArn;
+        console.log(`   ✅ Registered task definition: ${this.name}:${taskDef.taskDefinition.revision}`);
+        const networkConfig = {
+            awsvpcConfiguration: {
+                subnets: networking.subnetIds,
+                securityGroups: networking.securityGroupIds,
+                assignPublicIp: 'ENABLED',
+            },
+        };
+        const ecs = getECSClient();
+        if (existing) {
+            await ecs.send(new UpdateServiceCommand({
+                cluster: this._clusterName,
+                service: this.name,
+                taskDefinition: taskDefArn,
+                desiredCount: this._replicas,
+                networkConfiguration: networkConfig,
+                forceNewDeployment: true,
+            }));
+            console.log(`   ✅ Updated service "${this.name}" → rolling deployment started`);
+        }
+        else {
+            const created = await ecs.send(new CreateServiceCommand({
+                cluster: clusterArn,
+                serviceName: this.name,
+                taskDefinition: taskDefArn,
+                desiredCount: this._replicas,
+                launchType: LaunchType.FARGATE,
+                networkConfiguration: networkConfig,
+                schedulingStrategy: SchedulingStrategy.REPLICA,
+            }));
+            this.resolvedArn = created.service.serviceArn;
+            console.log(`🚀 Created Fargate service "${this.name}" (arn=${this.resolvedArn})`);
+        }
+        await this.deploySidecars();
+        return { name: this.name, arn: this.resolvedArn, cluster: this._clusterName };
+    }
+    async destroy() {
+        const dryRun = this.isDryRunActive();
+        const existing = await this.discoveryPromise;
+        console.log(`\n🗑️  Destroying Fargate Service "${this.name}"...`);
+        if (!existing) {
+            console.log(`   ✅ Service "${this.name}" does not exist — nothing to do`);
+            return { destroyed: this.name };
+        }
+        if (dryRun) {
+            console.log(`   📝 [PLAN] Drain and delete service "${this.name}" in cluster "${this._clusterName}"`);
+            return { destroyed: this.name };
+        }
+        const ecs = getECSClient();
+        // Drain before delete — required by ECS
+        await ecs.send(new UpdateServiceCommand({
+            cluster: this._clusterName,
+            service: this.name,
+            desiredCount: 0,
+        }));
+        await ecs.send(new DeleteServiceCommand({
+            cluster: this._clusterName,
+            service: this.name,
+            force: true,
+        }));
+        console.log(`   ✅ Deleted service "${this.name}"`);
+        return { destroyed: this.name };
+    }
+}

package/dist/providers/aws/index.d.ts

@@ -0,0 +1,23 @@
+import { S3BucketBuilder } from "./s3.js";
+import { Route53Builder } from "./route53.js";
+import { CloudFrontBuilder } from "./cloudfront.js";
+import { LambdaBuilder } from "./lambda.js";
+import { APIGatewayBuilder } from "./apigateway.js";
+import { FargateBuilder } from "./fargate.js";
+import { RDSBuilder } from "./rds.js";
+import { SQSBuilder } from "./sqs.js";
+import { SecretsBuilder } from "./secrets.js";
+export declare const AWS: {
+    init: (opts: {
+        region: string;
+    }) => void;
+    S3: (name: string) => S3BucketBuilder;
+    Route53: (name?: string) => Route53Builder;
+    CloudFront: (name: string) => CloudFrontBuilder;
+    Lambda: (name: string) => LambdaBuilder;
+    APIGateway: (name: string) => APIGatewayBuilder;
+    Fargate: (name: string) => FargateBuilder;
+    RDS: (name: string) => RDSBuilder;
+    SQS: (name: string) => SQSBuilder;
+    Secret: (secretId: string) => SecretsBuilder;
+};

package/dist/providers/aws/index.js

@@ -0,0 +1,29 @@
+import { Config } from "../../core/config.js";
+import { S3BucketBuilder } from "./s3.js";
+import { Route53Builder } from "./route53.js";
+import { CloudFrontBuilder } from "./cloudfront.js";
+import { LambdaBuilder } from "./lambda.js";
+import { APIGatewayBuilder } from "./apigateway.js";
+import { FargateBuilder } from "./fargate.js";
+import { RDSBuilder } from "./rds.js";
+import { SQSBuilder } from "./sqs.js";
+import { SecretsBuilder } from "./secrets.js";
+export const AWS = {
+    init: (opts) => {
+        Config.set({
+            providers: {
+                ...Config.get().providers,
+                aws: opts,
+            },
+        });
+    },
+    S3: (name) => new S3BucketBuilder(name),
+    Route53: (name = "") => new Route53Builder(name),
+    CloudFront: (name) => new CloudFrontBuilder(name),
+    Lambda: (name) => new LambdaBuilder(name),
+    APIGateway: (name) => new APIGatewayBuilder(name),
+    Fargate: (name) => new FargateBuilder(name),
+    RDS: (name) => new RDSBuilder(name),
+    SQS: (name) => new SQSBuilder(name),
+    Secret: (secretId) => new SecretsBuilder(secretId),
+};

package/dist/providers/aws/lambda.d.ts

@@ -0,0 +1,30 @@
+import { BaseBuilder } from '../../core/resource.js';
+import { SecretsBuilder } from './secrets.js';
+export declare class LambdaBuilder extends BaseBuilder {
+    private _runtime;
+    private _handler;
+    private _memory;
+    private _timeout;
+    private _codePath?;
+    private _env;
+    private _roleArn?;
+    resolvedArn: string | null;
+    constructor(name: string);
+    private discoverFunction;
+    code(pathOrZip: string): this;
+    runtime(r: string): this;
+    handler(h: string): this;
+    memory(mb: number): this;
+    timeout(seconds: number): this;
+    role(arn: string): this;
+    env(vars: Record<string, string | SecretsBuilder>): this;
+    private ensureRole;
+    private buildZip;
+    deploy(): Promise<{
+        name: string;
+        arn: string | null;
+    }>;
+    destroy(): Promise<{
+        destroyed: string;
+    }>;
+}