puls-dev 0.2.8 → 0.2.9

package/dist/providers/aws/api.js

@@ -15,26 +15,106 @@ import { SecretsManagerClient } from "@aws-sdk/client-secrets-manager";
 import { CloudWatchClient } from "@aws-sdk/client-cloudwatch";
 import { SNSClient } from "@aws-sdk/client-sns";
 import { Config } from "../../core/config.js";
+import { withRetry } from "../../core/retry.js";
+import { resourceContextStorage } from "../../core/context.js";
 function getRegion() {
     const region = Config.get().providers.aws?.region;
-    if (!region)
+    if (!region) {
+        if (Config.isOfflineMode() || Config.isGlobalDryRun()) {
+            return "us-east-1";
+        }
         throw new Error('AWS region not configured. Call AWS.init({ region: "..." })');
+    }
     return region;
 }
-export const getS3Client = (region) => new S3Client({ region: region ?? getRegion() });
+function createAwsOfflineMock(command) {
+    const name = command.constructor.name;
+    if (name.includes("RunInstances")) {
+        return {
+            Instances: [
+                {
+                    InstanceId: "i-mock1234567890abcdef0",
+                    State: { Name: "running" },
+                    PublicIpAddress: "54.210.12.34",
+                    PrivateIpAddress: "10.0.1.10",
+                }
+            ]
+        };
+    }
+    if (name.includes("CreateVpc")) {
+        return { Vpc: { VpcId: "vpc-mock123456" } };
+    }
+    if (name.includes("CreateSubnet")) {
+        return { Subnet: { SubnetId: "subnet-mock123456" } };
+    }
+    if (name.includes("CreateSecurityGroup")) {
+        return { GroupId: "sg-mock123456" };
+    }
+    if (name.includes("CreateBucket")) {
+        return { Location: "/mock-bucket" };
+    }
+    if (name.includes("CreateKeyPair")) {
+        return { KeyMaterial: "mock-private-key", KeyName: "mock-key" };
+    }
+    const mockProxy = new Proxy({}, {
+        get(target, prop) {
+            if (prop === "then")
+                return undefined;
+            if (prop === "CertificateArn")
+                return "arn:aws:acm:us-east-1:123456789012:certificate/mock-cert-uuid";
+            if (prop === "HostedZoneId")
+                return "Z2FDTNDATAQYW2";
+            if (prop === "Id" || prop === "id")
+                return "mock-id-12345";
+            if (prop === "Arn" || prop === "arn")
+                return `arn:aws:mock:::resource/mock-id`;
+            if (prop === "Status" || prop === "status")
+                return "Active";
+            if (prop === "DNSName")
+                return "mock.cloudfront.net";
+            if (prop.endsWith("s"))
+                return [];
+            return `mock-${prop.toLowerCase()}`;
+        }
+    });
+    return mockProxy;
+}
+function wrapClient(client) {
+    const originalSend = client.send;
+    client.send = function (command, options) {
+        const context = resourceContextStorage.getStore();
+        const abortSignal = context?.abortSignal;
+        if (Config.isOfflineMode() || Config.isGlobalDryRun()) {
+            return Promise.resolve(createAwsOfflineMock(command));
+        }
+        const opts = abortSignal ? { abortSignal, ...options } : options;
+        return withRetry(() => originalSend.call(client, command, opts), {
+            retryable: (err) => {
+                const code = err.name || err.code;
+                const status = err.$metadata?.httpStatusCode;
+                return (code === "ThrottlingException" ||
+                    code === "ProvisionedThroughputExceededException" ||
+                    code === "RequestLimitExceeded" ||
+                    (status && status >= 500));
+            }
+        });
+    };
+    return client;
+}
+export const getS3Client = (region) => wrapClient(new S3Client({ region: region ?? getRegion() }));
 // CloudFront, Route53, ACM, Route53 Domains, and IAM are all global - must use us-east-1
-export const getCFClient = () => new CloudFrontClient({ region: "us-east-1" });
-export const getR53Client = () => new Route53Client({ region: "us-east-1" });
-export const getR53DomainsClient = () => new Route53DomainsClient({ region: "us-east-1" });
-export const getACMClient = () => new ACMClient({ region: "us-east-1" });
-export const getIAMClient = () => new IAMClient({ region: "us-east-1" });
-export const getLambdaClient = (region) => new LambdaClient({ region: region ?? getRegion() });
-export const getAPIGWClient = (region) => new ApiGatewayV2Client({ region: region ?? getRegion() });
-export const getECSClient = (region) => new ECSClient({ region: region ?? getRegion() });
-export const getEC2Client = (region) => new EC2Client({ region: region ?? getRegion() });
-export const getCWLogsClient = (region) => new CloudWatchLogsClient({ region: region ?? getRegion() });
-export const getRDSClient = (region) => new RDSClient({ region: region ?? getRegion() });
-export const getSQSClient = (region) => new SQSClient({ region: region ?? getRegion() });
-export const getSecretsClient = (region) => new SecretsManagerClient({ region: region ?? getRegion() });
-export const getCWClient = (region) => new CloudWatchClient({ region: region ?? getRegion() });
-export const getSNSClient = (region) => new SNSClient({ region: region ?? getRegion() });
+export const getCFClient = () => wrapClient(new CloudFrontClient({ region: "us-east-1" }));
+export const getR53Client = () => wrapClient(new Route53Client({ region: "us-east-1" }));
+export const getR53DomainsClient = () => wrapClient(new Route53DomainsClient({ region: "us-east-1" }));
+export const getACMClient = () => wrapClient(new ACMClient({ region: "us-east-1" }));
+export const getIAMClient = () => wrapClient(new IAMClient({ region: "us-east-1" }));
+export const getLambdaClient = (region) => wrapClient(new LambdaClient({ region: region ?? getRegion() }));
+export const getAPIGWClient = (region) => wrapClient(new ApiGatewayV2Client({ region: region ?? getRegion() }));
+export const getECSClient = (region) => wrapClient(new ECSClient({ region: region ?? getRegion() }));
+export const getEC2Client = (region) => wrapClient(new EC2Client({ region: region ?? getRegion() }));
+export const getCWLogsClient = (region) => wrapClient(new CloudWatchLogsClient({ region: region ?? getRegion() }));
+export const getRDSClient = (region) => wrapClient(new RDSClient({ region: region ?? getRegion() }));
+export const getSQSClient = (region) => wrapClient(new SQSClient({ region: region ?? getRegion() }));
+export const getSecretsClient = (region) => wrapClient(new SecretsManagerClient({ region: region ?? getRegion() }));
+export const getCWClient = (region) => wrapClient(new CloudWatchClient({ region: region ?? getRegion() }));
+export const getSNSClient = (region) => wrapClient(new SNSClient({ region: region ?? getRegion() }));

package/dist/providers/aws/ec2.d.ts

@@ -1,5 +1,6 @@
 import { BaseBuilder } from "../../core/resource.js";
 import { Output } from "../../core/output.js";
+import { EC2TemplateBuilder } from "./template.js";
 export declare class EC2VMBuilder extends BaseBuilder {
     readonly out: {
         ip: Output<string>;
@@ -7,6 +8,7 @@ export declare class EC2VMBuilder extends BaseBuilder {
     };
     private _instanceType;
     private _ami;
+    private _templateSource?;
     private _keyName?;
     private _subnetId?;
     private _securityGroupIds?;
@@ -19,6 +21,7 @@ export declare class EC2VMBuilder extends BaseBuilder {
     constructor(name: string);
     instanceType(type: string): this;
     ami(amiId: string): this;
+    fromTemplate(template: EC2TemplateBuilder): this;
     keyName(name: string): this;
     subnetId(id: string): this;
     securityGroupIds(ids: string[]): this;

package/dist/providers/aws/ec2.js

@@ -4,6 +4,7 @@ import { Output } from "../../core/output.js";
 import { getEC2Client } from "./api.js";
 import { checkPort, runProvisioner } from "../../core/provisioner.js";
 import { getFileHash } from "../proxmox/hash.js";
+import { resourceContextStorage } from "../../core/context.js";
 export class EC2VMBuilder extends BaseBuilder {
     out = {
         ip: new Output(),
@@ -11,6 +12,7 @@ export class EC2VMBuilder extends BaseBuilder {
     };
     _instanceType = "t3.micro";
     _ami = "ami-0c55b159cbfafe1f0"; // Default standard Ubuntu 22.04 LTS in us-east-1
+    _templateSource;
     _keyName;
     _subnetId;
     _securityGroupIds;
@@ -32,6 +34,11 @@ export class EC2VMBuilder extends BaseBuilder {
         this._ami = amiId;
         return this;
     }
+    fromTemplate(template) {
+        this._templateSource = template;
+        this.dependsOn(template);
+        return this;
+    }
     keyName(name) {
         this._keyName = name;
         return this;
@@ -126,9 +133,19 @@ export class EC2VMBuilder extends BaseBuilder {
         if (dryRun) {
             console.log(`\n🔍 [DRY RUN] AWS EC2 VM "${this.name}"...`);
             if (!existing) {
-                console.log(`   📝 Plan: Create EC2 Instance "${this.name}" (${this._instanceType} from AMI ${this._ami})`);
+                const sourceLabel = this._templateSource ? `Template: ${this._templateSource.name}` : `AMI ${this._ami}`;
+                console.log(`   📝 Plan: Create AWS EC2 Instance`);
+                const details = [
+                    `Name:          ${this.name}`,
+                    `Instance Type: ${this._instanceType}`,
+                    `Source:        ${sourceLabel}`,
+                ];
                 if (this._provision.length > 0) {
-                    console.log(`      └─ Provision: ${this._provision.join(", ")}`);
+                    details.push(`Provision:     ${this._provision.join(", ")}`);
+                }
+                for (let i = 0; i < details.length; i++) {
+                    const prefix = i === details.length - 1 ? "      └─ " : "      ├─ ";
+                    console.log(`${prefix}${details[i]}`);
                 }
                 this.out.id.resolve("PENDING");
                 this.out.ip.resolve("0.0.0.0");
@@ -156,9 +173,13 @@ export class EC2VMBuilder extends BaseBuilder {
                 initialHashes[p.slug] = p.hash;
             }
             const initialMetadataVal = mergeAwsTagsForProvision(initialHashes);
+            let activeAmi = this._ami;
+            if (this._templateSource) {
+                activeAmi = await this._templateSource.out.amiId.get();
+            }
             console.log(`🚀 Creating AWS EC2 VM Instance "${this.name}"...`);
             const result = await client.send(new RunInstancesCommand({
-                ImageId: this._ami,
+                ImageId: activeAmi,
                 InstanceType: this._instanceType,
                 MinCount: 1,
                 MaxCount: 1,
@@ -246,6 +267,19 @@ export class EC2VMBuilder extends BaseBuilder {
                 console.log(`   ✅ AWS EC2 VM "${this.name}" is up to date.`);
             }
         }
+        const context = resourceContextStorage.getStore();
+        if (context && context.hosts) {
+            const activeIp = this.resolvedIp ?? "0.0.0.0";
+            if (!context.hosts.some(h => h.name === this.name)) {
+                context.hosts.push({
+                    name: this.name,
+                    ip: activeIp,
+                    user: "ubuntu",
+                    sshKey: this._sshPrivateKeyPath,
+                    provider: "aws"
+                });
+            }
+        }
         await this.deploySidecars();
         return {
             name: this.name,

package/dist/providers/aws/ec2.test.js

@@ -92,9 +92,11 @@ describe("EC2VMBuilder Unit Tests", () => {
             assert.strictEqual(await vm.out.id.get(), "PENDING");
             assert.strictEqual(await vm.out.ip.get(), "0.0.0.0");
             assert.ok(logOutput.includes("🔍 [DRY RUN]"));
-            assert.ok(logOutput.includes("Plan: Create EC2 Instance \"dryrun-vm\""));
-            assert.ok(logOutput.includes("t3.medium from AMI ami-test123"));
-            assert.ok(logOutput.includes("playbooks/nginx.yaml"));
+            assert.ok(logOutput.includes("Plan: Create AWS EC2 Instance"));
+            assert.ok(logOutput.includes("Name:          dryrun-vm"));
+            assert.ok(logOutput.includes("Instance Type: t3.medium"));
+            assert.ok(logOutput.includes("Source:        AMI ami-test123"));
+            assert.ok(logOutput.includes("Provision:     playbooks/nginx.yaml"));
         }
         finally {
             console.log = originalLog;

package/dist/providers/aws/index.d.ts

@@ -11,6 +11,7 @@ import { IAMRoleBuilder, IAMPolicyBuilder } from "./iam.js";
 import { SNSTopicBuilder } from "./sns.js";
 import { CloudWatchAlarmBuilder } from "./cloudwatch.js";
 import { EC2VMBuilder } from "./ec2.js";
+import { EC2TemplateBuilder } from "./template.js";
 export declare const AWS: {
     init: (opts: {
         region: string;
@@ -29,5 +30,6 @@ export declare const AWS: {
     SNS: (name: string) => SNSTopicBuilder;
     Alarm: (name: string) => CloudWatchAlarmBuilder;
     EC2: (name: string) => EC2VMBuilder;
+    Template: (name: string) => EC2TemplateBuilder;
 };
 export * from "../../types/aws.js";

package/dist/providers/aws/index.js

@@ -12,6 +12,7 @@ import { IAMRoleBuilder, IAMPolicyBuilder } from "./iam.js";
 import { SNSTopicBuilder } from "./sns.js";
 import { CloudWatchAlarmBuilder } from "./cloudwatch.js";
 import { EC2VMBuilder } from "./ec2.js";
+import { EC2TemplateBuilder } from "./template.js";
 export const AWS = {
     init: (opts) => {
         Config.set({
@@ -35,5 +36,6 @@ export const AWS = {
     SNS: (name) => new SNSTopicBuilder(name),
     Alarm: (name) => new CloudWatchAlarmBuilder(name),
     EC2: (name) => new EC2VMBuilder(name),
+    Template: (name) => new EC2TemplateBuilder(name),
 };
 export * from "../../types/aws.js";

package/dist/providers/aws/template.d.ts

@@ -0,0 +1,34 @@
+import { BaseBuilder } from "../../core/resource.js";
+import { Output } from "../../core/output.js";
+export declare class EC2TemplateBuilder extends BaseBuilder {
+    readonly out: {
+        amiId: Output<string>;
+    };
+    private _baseImage;
+    private _instanceType;
+    private _subnetId?;
+    private _securityGroupIds?;
+    private _sshPrivateKeyPath?;
+    private _keyName?;
+    private _provision;
+    constructor(name: string);
+    baseImage(amiId: string): this;
+    instanceType(type: string): this;
+    subnetId(id: string): this;
+    securityGroupIds(ids: string[]): this;
+    sshPrivateKey(path: string): this;
+    keyName(name: string): this;
+    provision(...playbookPaths: (string | string[])[]): this;
+    private discoverAMI;
+    protected checkPort(ip: string, port: number): Promise<boolean>;
+    protected runProvisioner(ip: string, script: string): Promise<void>;
+    deploy(): Promise<{
+        name: string;
+        amiId: any;
+    }>;
+    destroy(): Promise<{
+        destroyed: boolean;
+    } | {
+        destroyed: string;
+    }>;
+}

package/dist/providers/aws/template.js

@@ -0,0 +1,252 @@
+import { DescribeImagesCommand, DeregisterImageCommand, DeleteSnapshotCommand, RunInstancesCommand, DescribeInstancesCommand, StopInstancesCommand, CreateImageCommand, CreateTagsCommand, TerminateInstancesCommand, } from "@aws-sdk/client-ec2";
+import { BaseBuilder } from "../../core/resource.js";
+import { Output } from "../../core/output.js";
+import { getEC2Client } from "./api.js";
+import { checkPort, runProvisioner } from "../../core/provisioner.js";
+import { getFileHash } from "../proxmox/hash.js";
+import { parseAwsTagsForProvision, mergeAwsTagsForProvision } from "./ec2.js";
+export class EC2TemplateBuilder extends BaseBuilder {
+    out = {
+        amiId: new Output(),
+    };
+    _baseImage = "ami-0c55b159cbfafe1f0"; // Default standard Ubuntu 22.04 LTS
+    _instanceType = "t3.micro";
+    _subnetId;
+    _securityGroupIds;
+    _sshPrivateKeyPath;
+    _keyName;
+    _provision = [];
+    constructor(name) {
+        super(name);
+        this.discoveryPromise = this.discoverAMI();
+    }
+    baseImage(amiId) {
+        this._baseImage = amiId;
+        return this;
+    }
+    instanceType(type) {
+        this._instanceType = type;
+        return this;
+    }
+    subnetId(id) {
+        this._subnetId = id;
+        return this;
+    }
+    securityGroupIds(ids) {
+        this._securityGroupIds = ids;
+        return this;
+    }
+    sshPrivateKey(path) {
+        this._sshPrivateKeyPath = path;
+        return this;
+    }
+    keyName(name) {
+        this._keyName = name;
+        return this;
+    }
+    provision(...playbookPaths) {
+        this._provision.push(...playbookPaths.flat());
+        return this;
+    }
+    async discoverAMI() {
+        try {
+            const client = getEC2Client();
+            const res = await client.send(new DescribeImagesCommand({
+                Filters: [
+                    { Name: "name", Values: [this.name] },
+                    { Name: "state", Values: ["available", "pending"] },
+                ],
+                Owners: ["self"],
+            }));
+            return res.Images?.[0] ?? null;
+        }
+        catch (e) {
+            if (e.name === "CredentialsProviderError" ||
+                e.message?.includes("credentials not configured")) {
+                return null;
+            }
+            throw e;
+        }
+    }
+    async checkPort(ip, port) {
+        return checkPort(ip, port);
+    }
+    async runProvisioner(ip, script) {
+        if (!this._sshPrivateKeyPath) {
+            throw new Error(`[EC2TemplateBuilder:${this.name}] sshPrivateKey(path) is required to run playbook provisioning.`);
+        }
+        return runProvisioner(ip, "ubuntu", this._sshPrivateKeyPath, script);
+    }
+    async deploy() {
+        const dryRun = this.isDryRunActive();
+        const existing = await this.discoveryPromise;
+        const client = getEC2Client();
+        const declaredPlaybooksWithHashes = this._provision.map((p) => {
+            const baseName = p.split("/").pop() ?? p;
+            const slug = baseName.toLowerCase().replace(/[^a-z0-9_-]/g, "-");
+            return { path: p, slug, hash: getFileHash(p) };
+        });
+        if (existing) {
+            this.out.amiId.resolve(existing.ImageId);
+            // Check if playbooks differ
+            const appliedHashes = parseAwsTagsForProvision(existing.Tags);
+            const hasChanges = declaredPlaybooksWithHashes.some((p) => {
+                const appliedHash = appliedHashes[p.slug];
+                return !appliedHash || appliedHash !== p.hash;
+            });
+            if (!hasChanges) {
+                console.log(`\n🔍 AWS AMI Template "${this.name}"...`);
+                console.log(`   ✅ Custom AMI "${this.name}" already exists and matches defined state.`);
+                return { name: this.name, amiId: existing.ImageId };
+            }
+            console.log(`\n⏳ Finalizing AWS AMI Template "${this.name}"...`);
+            console.log(`   🔄 Template playbook hashes changed. Deregistering old custom AMI...`);
+            if (dryRun) {
+                console.log(`   📝 [PLAN] Would deregister AMI "${this.name}" (${existing.ImageId}) and rebuild.`);
+                return { name: this.name, amiId: "PENDING" };
+            }
+            else {
+                await client.send(new DeregisterImageCommand({ ImageId: existing.ImageId }));
+                const mappings = existing.BlockDeviceMappings ?? [];
+                for (const mapping of mappings) {
+                    const snapshotId = mapping.Ebs?.SnapshotId;
+                    if (snapshotId) {
+                        try {
+                            await client.send(new DeleteSnapshotCommand({ SnapshotId: snapshotId }));
+                        }
+                        catch (err) {
+                            console.warn(`   ⚠️  Could not delete snapshot ${snapshotId}: ${err.message}`);
+                        }
+                    }
+                }
+            }
+        }
+        console.log(`\n⏳ Finalizing AWS AMI Template "${this.name}"...`);
+        const initialHashes = {};
+        for (const p of declaredPlaybooksWithHashes) {
+            initialHashes[p.slug] = p.hash;
+        }
+        const initialMetadataVal = mergeAwsTagsForProvision(initialHashes);
+        if (dryRun) {
+            console.log(`   📝 [PLAN] Bake AWS AMI Template "${this.name}"`);
+            console.log(`      └─ Base Image: ${this._baseImage}  Instance Type: ${this._instanceType}`);
+            if (this._provision.length > 0) {
+                console.log(`      └─ Provision: ${this._provision.join(", ")}`);
+            }
+            this.out.amiId.resolve("PENDING");
+            return { name: this.name, amiId: "PENDING" };
+        }
+        // Spawn temporary instance to bake
+        console.log(`🚀 Spawning temporary VM "puls-bake-temp-${this.name}" to bake custom AMI...`);
+        const runRes = await client.send(new RunInstancesCommand({
+            ImageId: this._baseImage,
+            InstanceType: this._instanceType,
+            MinCount: 1,
+            MaxCount: 1,
+            KeyName: this._keyName,
+            SubnetId: this._subnetId,
+            SecurityGroupIds: this._securityGroupIds,
+            TagSpecifications: [
+                {
+                    ResourceType: "instance",
+                    Tags: [
+                        { Key: "Name", Value: `puls-bake-temp-${this.name}` },
+                    ],
+                },
+            ],
+        }));
+        const instanceId = runRes.Instances?.[0]?.InstanceId;
+        if (!instanceId)
+            throw new Error("Failed to retrieve instance ID from RunInstancesCommand");
+        // Wait until running and IP is resolved
+        let resolvedIp;
+        await this.waitFor(`temporary instance "${instanceId}" to start running`, async () => {
+            const result = await client.send(new DescribeInstancesCommand({ InstanceIds: [instanceId] }));
+            const inst = result.Reservations?.[0]?.Instances?.[0];
+            if (inst && inst.State?.Name === "running") {
+                resolvedIp = inst.PublicIpAddress ?? inst.PrivateIpAddress ?? undefined;
+                return !!resolvedIp;
+            }
+            return false;
+        }, { intervalMs: 10_000, timeoutMs: 300_000 });
+        if (!resolvedIp) {
+            throw new Error(`Failed to resolve IP for temporary instance "${instanceId}"`);
+        }
+        // Provision the instance
+        if (this._provision.length > 0) {
+            await this.waitFor(`SSH on ${resolvedIp} to be ready`, () => this.checkPort(resolvedIp, 22), { intervalMs: 10_000, timeoutMs: 300_000 });
+            for (const playbook of this._provision) {
+                await this.runProvisioner(resolvedIp, playbook);
+            }
+        }
+        // Stop temporary instance
+        console.log(`   🛑 Stopping temporary instance "${instanceId}"...`);
+        await client.send(new StopInstancesCommand({ InstanceIds: [instanceId] }));
+        await this.waitFor(`temporary instance to stop`, async () => {
+            const result = await client.send(new DescribeInstancesCommand({ InstanceIds: [instanceId] }));
+            const inst = result.Reservations?.[0]?.Instances?.[0];
+            return inst?.State?.Name === "stopped";
+        }, { intervalMs: 10_000, timeoutMs: 300_000 });
+        // Bake AMI
+        console.log(`   💾 Baking custom AMI "${this.name}" from instance "${instanceId}"...`);
+        const amiRes = await client.send(new CreateImageCommand({
+            InstanceId: instanceId,
+            Name: this.name,
+            Description: `Puls Golden Image Template - ${this.name}`,
+            NoReboot: true,
+        }));
+        const newAmiId = amiRes.ImageId;
+        if (!newAmiId)
+            throw new Error("Failed to bake custom AMI from instance");
+        // Wait until AMI is available
+        await this.waitFor(`custom AMI "${newAmiId}" to become available`, async () => {
+            const result = await client.send(new DescribeImagesCommand({ ImageIds: [newAmiId] }));
+            const img = result.Images?.[0];
+            return img?.State === "available";
+        }, { intervalMs: 15_000, timeoutMs: 600_000 });
+        // Tag the AMI
+        await client.send(new CreateTagsCommand({
+            Resources: [newAmiId],
+            Tags: [
+                { Key: "Name", Value: this.name },
+                ...(initialMetadataVal ? [{ Key: "puls-provision", Value: initialMetadataVal }] : []),
+            ],
+        }));
+        console.log(`   ✅ Custom AMI "${this.name}" (${newAmiId}) baked successfully.`);
+        // Clean up temporary instance
+        console.log(`   🧹 Terminating temporary provisioning instance "${instanceId}"...`);
+        await client.send(new TerminateInstancesCommand({ InstanceIds: [instanceId] }));
+        this.out.amiId.resolve(newAmiId);
+        return { name: this.name, amiId: newAmiId };
+    }
+    async destroy() {
+        const dryRun = this.isDryRunActive();
+        const existing = await this.discoveryPromise;
+        const client = getEC2Client();
+        console.log(`\n🗑️  Destroying AWS AMI Template "${this.name}"...`);
+        if (!existing) {
+            console.log(`   ─  AWS AMI Template "${this.name}" not found`);
+            return { destroyed: false };
+        }
+        if (dryRun) {
+            console.log(`   📝 [PLAN] Deregister AWS AMI "${this.name}" (id=${existing.ImageId})`);
+            return { destroyed: this.name };
+        }
+        console.log(`   🔄 Deregistering AWS AMI "${this.name}" (id=${existing.ImageId})...`);
+        await client.send(new DeregisterImageCommand({ ImageId: existing.ImageId }));
+        const mappings = existing.BlockDeviceMappings ?? [];
+        for (const mapping of mappings) {
+            const snapshotId = mapping.Ebs?.SnapshotId;
+            if (snapshotId) {
+                try {
+                    await client.send(new DeleteSnapshotCommand({ SnapshotId: snapshotId }));
+                }
+                catch {
+                    // Ignore safely
+                }
+            }
+        }
+        console.log(`   🗑️  Removed AWS AMI Template "${this.name}"`);
+        return { destroyed: this.name };
+    }
+}

package/dist/providers/aws/template.test.d.ts

@@ -0,0 +1 @@
+export {};