puls-dev 0.2.0 → 0.2.2

package/dist/providers/gcp/secrets.test.js

@@ -0,0 +1,264 @@
+import { test, describe, beforeEach, afterEach, mock } from "node:test";
+import assert from "node:assert";
+import { GoogleAuth } from "google-auth-library";
+import { GCPSecretBuilder } from "./secrets.js";
+import { GCPCloudRunBuilder } from "./cloudrun.js";
+import { Config } from "../../core/config.js";
+describe("GCPSecretBuilder Unit Tests", () => {
+    let originalFetch;
+    let fetchCalls = [];
+    let mockResponses = {};
+    beforeEach(() => {
+        Config.set({
+            dryRun: false,
+            providers: {
+                gcp: {
+                    projectId: "my-gcp-project",
+                    serviceAccountPath: "/fake/sa.json",
+                    region: "us-central1",
+                },
+            },
+        });
+        originalFetch = globalThis.fetch;
+        fetchCalls = [];
+        mockResponses = {};
+        globalThis.fetch = async (input, init) => {
+            const url = String(input);
+            const method = init?.method ?? "GET";
+            let body;
+            if (init?.body) {
+                if (typeof init.body === "string") {
+                    try {
+                        body = JSON.parse(init.body);
+                    }
+                    catch {
+                        body = init.body;
+                    }
+                }
+                else {
+                    body = "[Binary/Buffer Body]";
+                }
+            }
+            const headers = init?.headers;
+            fetchCalls.push({ url, method, body, headers });
+            const matchKey = Object.keys(mockResponses)
+                .filter((key) => {
+                const [mMethod, mPath] = key.split(" ");
+                return method === mMethod && url.includes(mPath);
+            })
+                .sort((a, b) => b.split(" ")[1].length - a.split(" ")[1].length)[0];
+            if (matchKey) {
+                const resp = mockResponses[matchKey];
+                return {
+                    ok: resp.status >= 200 && resp.status < 300,
+                    status: resp.status,
+                    json: async () => resp.body,
+                    text: async () => JSON.stringify(resp.body),
+                };
+            }
+            return {
+                ok: false,
+                status: 404,
+                json: async () => ({ message: `Endpoint not mocked: ${method} ${url}` }),
+                text: async () => `Endpoint not mocked: ${method} ${url}`,
+            };
+        };
+        mock.method(GoogleAuth.prototype, "getClient", async () => {
+            return {
+                getAccessToken: async () => ({ token: "fake-gcp-token" }),
+            };
+        });
+    });
+    afterEach(() => {
+        globalThis.fetch = originalFetch;
+        mock.restoreAll();
+    });
+    test("fluent builder api sets properties and resolves values correctly", async () => {
+        mockResponses["GET /secrets/fluent-sec"] = {
+            status: 200,
+            body: { name: "projects/my-gcp-project/secrets/fluent-sec" },
+        };
+        mockResponses["GET /secrets/fluent-sec/versions/latest:access"] = {
+            status: 200,
+            body: { payload: { data: Buffer.from("super-secret-text").toString("base64") } },
+        };
+        const builder = new GCPSecretBuilder("fluent-sec")
+            .plainText("super-secret-text");
+        assert.strictEqual(builder._value, "super-secret-text");
+        const val = await builder.awaitValue();
+        assert.strictEqual(val, "super-secret-text");
+        assert.strictEqual(builder.resolvedValue, "super-secret-text");
+    });
+    test("keyValue helper serializes object correctly", () => {
+        const builder = new GCPSecretBuilder("kv-sec")
+            .keyValue({ apiKey: "12345", dbPass: "secret" });
+        assert.strictEqual(builder._value, JSON.stringify({ apiKey: "12345", dbPass: "secret" }));
+    });
+    test("runs in dry-run mode safely and logs plans", async () => {
+        Config.set({
+            dryRun: true,
+            providers: {
+                gcp: {
+                    projectId: "my-gcp-project",
+                    serviceAccountPath: "/fake/sa.json",
+                },
+            },
+        });
+        mockResponses["GET /secrets/dry-run-sec"] = {
+            status: 404,
+            body: { message: "Not found" },
+        };
+        const builder = new GCPSecretBuilder("dry-run-sec")
+            .plainText("my-planned-value");
+        const result = await builder.deploy();
+        assert.strictEqual(result.name, "dry-run-sec");
+        assert.strictEqual(result.value, "my-planned-value");
+        // No write calls should be sent in dry-run mode
+        const writeCalls = fetchCalls.filter((c) => c.method !== "GET");
+        assert.strictEqual(writeCalls.length, 0);
+    });
+    test("creates a new secret when missing", async () => {
+        // 1. Mock GET returned 404 (discovery metadata)
+        mockResponses["GET /secrets/new-sec"] = {
+            status: 404,
+            body: { message: "Not found" },
+        };
+        // 2. Mock POST (create secret container)
+        mockResponses["POST /secrets?secretId=new-sec"] = {
+            status: 200,
+            body: { name: "projects/my-gcp-project/secrets/new-sec" },
+        };
+        // 3. Mock POST (add version)
+        mockResponses["POST /secrets/new-sec:addVersion"] = {
+            status: 200,
+            body: { name: "projects/my-gcp-project/secrets/new-sec/versions/1" },
+        };
+        const builder = new GCPSecretBuilder("new-sec")
+            .plainText("my-new-secret-value");
+        const result = await builder.deploy();
+        assert.strictEqual(result.name, "new-sec");
+        assert.strictEqual(result.value, "my-new-secret-value");
+        assert.strictEqual(result.arn, "projects/my-gcp-project/secrets/new-sec");
+        // Verify correct calls were made
+        const postSecret = fetchCalls.find((c) => c.method === "POST" && c.url.includes("secretId=new-sec"));
+        assert.ok(postSecret);
+        const postVersion = fetchCalls.find((c) => c.method === "POST" && c.url.includes(":addVersion"));
+        assert.ok(postVersion);
+        const expectedBase64 = Buffer.from("my-new-secret-value").toString("base64");
+        assert.strictEqual(postVersion.body.payload.data, expectedBase64);
+    });
+    test("updates an existing secret if value differs", async () => {
+        // 1. Mock GET (discovery) returns existing secret
+        mockResponses["GET /secrets/existing-sec"] = {
+            status: 200,
+            body: { name: "projects/my-gcp-project/secrets/existing-sec" },
+        };
+        // 2. Mock GET (access latest version) returns old value
+        mockResponses["GET /secrets/existing-sec/versions/latest:access"] = {
+            status: 200,
+            body: { payload: { data: Buffer.from("old-value").toString("base64") } },
+        };
+        // 3. Mock POST (add version) for updated value
+        mockResponses["POST /secrets/existing-sec:addVersion"] = {
+            status: 200,
+            body: { name: "projects/my-gcp-project/secrets/existing-sec/versions/2" },
+        };
+        const builder = new GCPSecretBuilder("existing-sec")
+            .plainText("new-value"); // Value changed!
+        const result = await builder.deploy();
+        assert.strictEqual(result.name, "existing-sec");
+        assert.strictEqual(result.value, "new-value");
+        // Verify addVersion was called
+        const postVersion = fetchCalls.filter((c) => c.method === "POST" && c.url.includes(":addVersion"));
+        assert.strictEqual(postVersion.length, 1);
+        assert.strictEqual(postVersion[0].body.payload.data, Buffer.from("new-value").toString("base64"));
+    });
+    test("skips updating secret if value is identical", async () => {
+        // 1. Mock GET (discovery) returns existing secret
+        mockResponses["GET /secrets/identical-sec"] = {
+            status: 200,
+            body: { name: "projects/my-gcp-project/secrets/identical-sec" },
+        };
+        // 2. Mock GET (access latest version) returns same value
+        mockResponses["GET /secrets/identical-sec/versions/latest:access"] = {
+            status: 200,
+            body: { payload: { data: Buffer.from("same-value").toString("base64") } },
+        };
+        const builder = new GCPSecretBuilder("identical-sec")
+            .plainText("same-value");
+        const result = await builder.deploy();
+        assert.strictEqual(result.name, "identical-sec");
+        assert.strictEqual(result.value, "same-value");
+        // Verify NO write calls (POST or DELETE) occurred
+        const writeCalls = fetchCalls.filter((c) => c.method !== "GET");
+        assert.strictEqual(writeCalls.length, 0);
+    });
+    test("destroys an existing secret successfully", async () => {
+        // 1. Mock GET (discovery on destroy) returns existing secret
+        mockResponses["GET /secrets/to-delete-sec"] = {
+            status: 200,
+            body: { name: "projects/my-gcp-project/secrets/to-delete-sec" },
+        };
+        // 2. Mock DELETE
+        mockResponses["DELETE /secrets/to-delete-sec"] = {
+            status: 200,
+            body: {},
+        };
+        const builder = new GCPSecretBuilder("to-delete-sec");
+        const result = await builder.destroy();
+        assert.deepStrictEqual(result, { destroyed: "to-delete-sec" });
+        // Verify DELETE was called
+        const deleteCalls = fetchCalls.filter((c) => c.method === "DELETE");
+        assert.strictEqual(deleteCalls.length, 1);
+        assert.strictEqual(deleteCalls[0].url.includes("/secrets/to-delete-sec"), true);
+    });
+    test("injects secret into Cloud Run microservice environment variables", async () => {
+        // 1. Stateful mock for GET /secrets/db-pass: returns 404 then 200
+        let secCallCount = 0;
+        mockResponses["GET /secrets/db-pass"] = {
+            get status() {
+                secCallCount++;
+                return secCallCount === 1 ? 404 : 200;
+            },
+            get body() {
+                if (secCallCount === 1)
+                    return { message: "Not found" };
+                return { name: "projects/my-gcp-project/secrets/db-pass" };
+            },
+        };
+        mockResponses["GET /secrets/db-pass/versions/latest:access"] = {
+            status: 200,
+            body: { payload: { data: Buffer.from("mypassword").toString("base64") } },
+        };
+        mockResponses["POST /secrets?secretId=db-pass"] = { status: 200, body: {} };
+        mockResponses["POST /secrets/db-pass:addVersion"] = { status: 200, body: {} };
+        // Cloud Run mocks
+        mockResponses["GET /services/web-app"] = {
+            status: 404,
+            body: { message: "Not found" },
+        };
+        mockResponses["POST /services?serviceId=web-app"] = {
+            status: 200,
+            body: { name: "projects/my-gcp-project/locations/us-central1/services/web-app", uri: "https://web-app.run.app" },
+        };
+        mockResponses["POST /services/web-app:setIamPolicy"] = { status: 200, body: {} };
+        const secret = new GCPSecretBuilder("db-pass").plainText("mypassword");
+        const app = new GCPCloudRunBuilder("web-app")
+            .image("gcr.io/my-proj/my-image:latest")
+            .env({
+            NODE_ENV: "production",
+            DATABASE_PASSWORD: secret, // Wired directly!
+        });
+        // Deploy secret first, which populates the resolvedValue
+        await secret.deploy();
+        // Deploy Cloud Run app
+        await app.deploy();
+        // Verify Cloud Run creation request body resolved the secret variable
+        const runPost = fetchCalls.find((c) => c.method === "POST" && c.url.includes("serviceId=web-app"));
+        assert.ok(runPost);
+        const envs = runPost.body.template.containers[0].env;
+        const dbPassEnv = envs.find((e) => e.name === "DATABASE_PASSWORD");
+        assert.ok(dbPassEnv);
+        assert.strictEqual(dbPassEnv.value, "mypassword"); // Successfully resolved!
+    });
+});

package/dist/providers/proxmox/vm.d.ts

@@ -19,6 +19,7 @@ export declare class VMBuilder extends BaseBuilder {
     private _vlan?;
     private _ip?;
     private _sshKeys?;
+    private _machine;
     constructor(name: string);
     private discoverVm;
     image(os: OSImage): this;
@@ -31,6 +32,7 @@ export declare class VMBuilder extends BaseBuilder {
     vlan(tag: number): this;
     ip(address: string): this;
     sshKey(keys: string | readonly string[]): this;
+    machine(type: "q35" | "i440fx"): this;
     deploy(): Promise<{
         name: string;
         vmid: number | null;

package/dist/providers/proxmox/vm.js

@@ -24,6 +24,7 @@ export class VMBuilder extends BaseBuilder {
     _vlan;
     _ip;
     _sshKeys;
+    _machine = "q35";
     constructor(name) {
         super(name);
         this.discoveryPromise = this.discoverVm(name);
@@ -80,6 +81,10 @@ export class VMBuilder extends BaseBuilder {
         this._sshKeys = Array.isArray(keys) ? [...keys] : keys;
         return this;
     }
+    machine(type) {
+        this._machine = type;
+        return this;
+    }
     async deploy() {
         const dryRun = this.isDryRunActive();
         const existing = await this.discoveryPromise;
@@ -102,7 +107,7 @@ export class VMBuilder extends BaseBuilder {
             console.log(`   📝 [PLAN] Create VM "${this.name}"`);
             if (this._image)
                 console.log(`      └─ Image: ${this._image}`);
-            console.log(`      └─ Cores: ${this._cores}  Memory: ${this._memory} MB`);
+            console.log(`      └─ Cores: ${this._cores}  Memory: ${this._memory} MB  Machine: ${this._machine}`);
             if (this._vlan)
                 console.log(`      └─ VLAN: ${this._vlan}`);
             if (this._provision) {
@@ -132,8 +137,35 @@ export class VMBuilder extends BaseBuilder {
                     ? `Check that VMID ${this._image} exists and is marked as a template.`
                     : `Create a template whose name contains "${this._image}".`));
         }
-        // Resolve target node: explicit → configured nodes list → template's node → API discovery
+        // Resolve target node: explicit → cluster-aware (online & max free RAM) → configured nodes list → template's node → API discovery
         let node = this._node;
+        if (!node) {
+            try {
+                const nodesList = await pm.get("/nodes");
+                const configuredNodes = Config.get().providers.proxmox?.nodes;
+                const onlineNodes = (nodesList ?? []).filter((n) => {
+                    if (n.status !== "online")
+                        return false;
+                    if (configuredNodes && configuredNodes.length > 0) {
+                        return configuredNodes.includes(n.node);
+                    }
+                    return true;
+                });
+                if (onlineNodes.length > 0) {
+                    // Sort descending by free memory (maxmem - mem)
+                    onlineNodes.sort((a, b) => {
+                        const freeA = (a.maxmem ?? 0) - (a.mem ?? 0);
+                        const freeB = (b.maxmem ?? 0) - (b.mem ?? 0);
+                        return freeB - freeA;
+                    });
+                    node = onlineNodes[0].node;
+                    console.log(`   🧠 Cluster-aware node selection: picked "${node}" with the most free RAM (${Math.round((((onlineNodes[0].maxmem ?? 0) - (onlineNodes[0].mem ?? 0)) / 1024 / 1024 / 1024) * 10) / 10} GB free)`);
+                }
+            }
+            catch (err) {
+                // Fallback silently to configured nodes list or discovery
+            }
+        }
         if (!node) {
             const configuredNodes = Config.get().providers.proxmox?.nodes;
             node = configuredNodes?.[0] ?? template?.node;
@@ -191,7 +223,7 @@ export class VMBuilder extends BaseBuilder {
         const net0 = `virtio,bridge=vmbr1${this._vlan ? `,tag=${this._vlan}` : ""}`;
         const configPatch = {
             onboot: 1,
-            machine: "q35",
+            machine: this._machine,
             cores: this._cores,
             memory: this._memory,
             net0,

package/dist/providers/proxmox/vm.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/providers/proxmox/vm.test.js

@@ -0,0 +1,155 @@
+import { test, describe, beforeEach, afterEach } from "node:test";
+import assert from "node:assert";
+import { ProxmoxApiClient } from "./api.js";
+import { VMBuilder } from "./vm.js";
+import { Config } from "../../core/config.js";
+describe("Proxmox VMBuilder Unit Tests", () => {
+    let originalGet;
+    let originalPost;
+    let originalDelete;
+    let clientCalls = [];
+    let mockGetResponses = {};
+    let mockPostResponses = {};
+    beforeEach(() => {
+        Config.set({
+            dryRun: false,
+            providers: {
+                proxmox: {
+                    url: "https://pve.example.com:8006",
+                    user: "root@pam",
+                    tokenName: "puls",
+                    tokenSecret: "secret-key",
+                    verifySsl: false,
+                    dnsDomain: "nolimit.int",
+                },
+            },
+        });
+        clientCalls = [];
+        mockGetResponses = {};
+        mockPostResponses = {};
+        originalGet = ProxmoxApiClient.prototype.get;
+        originalPost = ProxmoxApiClient.prototype.post;
+        originalDelete = ProxmoxApiClient.prototype.delete;
+        ProxmoxApiClient.prototype.get = async function (path) {
+            clientCalls.push({ method: "GET", path });
+            if (mockGetResponses[path] !== undefined) {
+                const handler = mockGetResponses[path];
+                if (typeof handler === "function")
+                    return handler();
+                return handler;
+            }
+            return [];
+        };
+        ProxmoxApiClient.prototype.post = async function (path, body) {
+            clientCalls.push({ method: "POST", path, body });
+            if (mockPostResponses[path] !== undefined) {
+                const handler = mockPostResponses[path];
+                if (typeof handler === "function")
+                    return handler(body);
+                return handler;
+            }
+            if (path.includes("/clone")) {
+                return "UPID:pve1:00000000:00000000:00000000:qemuclone:101:root@pam:";
+            }
+            return {};
+        };
+        ProxmoxApiClient.prototype.delete = async function (path) {
+            clientCalls.push({ method: "DELETE", path });
+        };
+    });
+    afterEach(() => {
+        ProxmoxApiClient.prototype.get = originalGet;
+        ProxmoxApiClient.prototype.post = originalPost;
+        ProxmoxApiClient.prototype.delete = originalDelete;
+    });
+    test("gracefully handles discovery when VM does not exist", async () => {
+        mockGetResponses["/cluster/resources?type=vm"] = [];
+        const builder = new VMBuilder("my-vm");
+        const discoveryResult = await builder.discoveryPromise;
+        assert.strictEqual(discoveryResult, null);
+        assert.ok(clientCalls.some((c) => c.path === "/cluster/resources?type=vm"));
+    });
+    test("discovers existing VM successfully", async () => {
+        mockGetResponses["/cluster/resources?type=vm"] = [
+            { name: "my-vm", vmid: 200, node: "pve2", template: 0, status: "running" },
+        ];
+        const builder = new VMBuilder("my-vm");
+        const discoveryResult = await builder.discoveryPromise;
+        assert.ok(discoveryResult);
+        assert.strictEqual(discoveryResult.vmid, 200);
+        assert.strictEqual(discoveryResult.node, "pve2");
+        const deployResult = await builder.deploy();
+        assert.strictEqual(deployResult.vmid, 200);
+        assert.strictEqual(builder.resolvedNode, "pve2");
+    });
+    test("performs clean dry-run planning without making API writes", async () => {
+        Config.set({
+            dryRun: true,
+            providers: {
+                proxmox: {
+                    url: "https://pve.example.com:8006",
+                    user: "root@pam",
+                    tokenName: "puls",
+                    tokenSecret: "secret-key",
+                },
+            },
+        });
+        const builder = new VMBuilder("dryrun-vm")
+            .cores(4)
+            .memory(4096)
+            .machine("i440fx");
+        const deployResult = await builder.deploy();
+        assert.strictEqual(deployResult.vmid, "PENDING");
+        assert.ok(!clientCalls.some((c) => c.method === "POST"));
+    });
+    test("deploys new VM and performs cluster-aware node selection based on free RAM", async () => {
+        mockGetResponses["/cluster/resources?type=vm"] = [];
+        mockGetResponses["/cluster/nextid"] = 105;
+        // Simulate three nodes in the cluster with different RAM allocations and statuses
+        mockGetResponses["/nodes"] = [
+            { node: "pve-offline", status: "offline", maxmem: 64 * 1024 * 1024 * 1024, mem: 4 * 1024 * 1024 * 1024 }, // offline
+            { node: "pve-ram-low", status: "online", maxmem: 16 * 1024 * 1024 * 1024, mem: 14 * 1024 * 1024 * 1024 }, // 2GB free
+            { node: "pve-ram-high", status: "online", maxmem: 32 * 1024 * 1024 * 1024, mem: 12 * 1024 * 1024 * 1024 }, // 20GB free
+        ];
+        // Mock wait for task (normally waitForTask would poll the UPID, but in tests it mock-completes or we bypass it)
+        // In our test, since we don't have a template image configured, it creates a blank VM by POSTing to /nodes/{node}/qemu
+        const builder = new VMBuilder("my-new-vm")
+            .cores(2)
+            .memory(2048)
+            .ip("10.8.10.85")
+            .machine("i440fx");
+        const deployResult = await builder.deploy();
+        // Verify it resolved to the VMID and the most free RAM node ("pve-ram-high")
+        assert.strictEqual(deployResult.vmid, 105);
+        assert.strictEqual(builder.resolvedNode, "pve-ram-high");
+        // Verify the blank VM POST went to the correct node
+        const createCall = clientCalls.find((c) => c.method === "POST" && c.path.startsWith("/nodes/pve-ram-high/qemu"));
+        assert.ok(createCall);
+        assert.deepStrictEqual(createCall.body, {
+            vmid: 105,
+            name: "my-new-vm",
+            cores: 2,
+            memory: 2048,
+            net0: "virtio,bridge=vmbr1",
+            ostype: "l26",
+        });
+        // Verify config patch incorporates the custom machine override "i440fx"
+        const configCall = clientCalls.find((c) => c.method === "POST" && c.path === "/nodes/pve-ram-high/qemu/105/config");
+        assert.ok(configCall);
+        assert.strictEqual(configCall.body.machine, "i440fx");
+        assert.strictEqual(configCall.body.cores, 2);
+        assert.strictEqual(configCall.body.memory, 2048);
+    });
+    test("destroys an existing VM successfully", async () => {
+        mockGetResponses["/cluster/resources?type=vm"] = [
+            { name: "my-vm", vmid: 200, node: "pve1", template: 0 },
+        ];
+        const builder = new VMBuilder("my-vm");
+        await builder.discoveryPromise;
+        const destroyResult = await builder.destroy();
+        assert.deepStrictEqual(destroyResult, { destroyed: "my-vm" });
+        // In Proxmox, VM deletion is handled via BaseBuilder default or custom VMBuilder destroy.
+        // Let's verify we logged or called the delete path or returned safely.
+        assert.ok(destroyResult.destroyed);
+    });
+});

package/dist/types/aws.d.ts

@@ -53,3 +53,14 @@ export interface RegistrantContact {
     COUNTRY: string;
 }
 export declare const DOMAIN_REGISTER: RegistrantContact;
+export interface IAMPolicyStatement {
+    Effect: "Allow" | "Deny";
+    Action: string | string[];
+    Resource?: string | string[];
+    Principal?: Record<string, string | string[]>;
+    Condition?: Record<string, any>;
+}
+export interface IAMPolicyDocument {
+    Version?: string;
+    Statement: IAMPolicyStatement[];
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "puls-dev",
-  "version": "0.2.0",
+  "version": "0.2.2",
   "description": "Intent-driven infrastructure-as-code with eager discovery and no state files.",
   "type": "module",
   "main": "./dist/index.js",
@@ -26,6 +26,10 @@
     "./firebase": {
       "types": "./dist/providers/firebase/index.d.ts",
       "default": "./dist/providers/firebase/index.js"
+    },
+    "./gcp": {
+      "types": "./dist/providers/gcp/index.d.ts",
+      "default": "./dist/providers/gcp/index.js"
     }
   },
   "files": [
@@ -50,10 +54,28 @@
   "author": "Bia",
   "license": "ISC",
   "devDependencies": {
+    "@aws-sdk/client-acm": "^3.1053.0",
+    "@aws-sdk/client-apigatewayv2": "^3.1053.0",
+    "@aws-sdk/client-cloudfront": "^3.1053.0",
+    "@aws-sdk/client-cloudwatch": "^3.1053.0",
+    "@aws-sdk/client-cloudwatch-logs": "^3.1053.0",
+    "@aws-sdk/client-ec2": "^3.1053.0",
+    "@aws-sdk/client-ecs": "^3.1053.0",
+    "@aws-sdk/client-iam": "^3.1053.0",
+    "@aws-sdk/client-lambda": "^3.1053.0",
+    "@aws-sdk/client-rds": "^3.1053.0",
+    "@aws-sdk/client-route-53": "^3.1053.0",
+    "@aws-sdk/client-route-53-domains": "^3.1053.0",
+    "@aws-sdk/client-s3": "^3.1053.0",
+    "@aws-sdk/client-secrets-manager": "^3.1053.0",
+    "@aws-sdk/client-sns": "^3.1053.0",
+    "@aws-sdk/client-sqs": "^3.1053.0",
     "@types/node": "^25.6.2",
+    "google-auth-library": "^10.6.2",
     "ts-node": "^10.9.2",
     "tsx": "^4.21.0",
-    "typescript": "^6.0.3"
+    "typescript": "^6.0.3",
+    "undici": "^8.3.0"
   },
   "dependencies": {
     "dotenv": "^17.4.2",
@@ -63,6 +85,7 @@
     "@aws-sdk/client-acm": "^3.1040.0",
     "@aws-sdk/client-apigatewayv2": "^3.1044.0",
     "@aws-sdk/client-cloudfront": "^3.1040.0",
+    "@aws-sdk/client-cloudwatch": "^3.1045.0",
     "@aws-sdk/client-cloudwatch-logs": "^3.1045.0",
     "@aws-sdk/client-ec2": "^3.1045.0",
     "@aws-sdk/client-ecs": "^3.1045.0",
@@ -73,6 +96,7 @@
     "@aws-sdk/client-route-53-domains": "^3.1041.0",
     "@aws-sdk/client-s3": "^3.1040.0",
     "@aws-sdk/client-secrets-manager": "^3.1045.0",
+    "@aws-sdk/client-sns": "^3.1045.0",
     "@aws-sdk/client-sqs": "^3.1045.0",
     "google-auth-library": "^10.6.2",
     "undici": "^8.2.0"
@@ -87,6 +111,9 @@
     "@aws-sdk/client-cloudfront": {
       "optional": true
     },
+    "@aws-sdk/client-cloudwatch": {
+      "optional": true
+    },
     "@aws-sdk/client-cloudwatch-logs": {
       "optional": true
     },
@@ -117,6 +144,9 @@
     "@aws-sdk/client-secrets-manager": {
       "optional": true
     },
+    "@aws-sdk/client-sns": {
+      "optional": true
+    },
     "@aws-sdk/client-sqs": {
       "optional": true
     },