npm - s3db.js - Versions diffs - 13.6.0 → 14.0.2 - Mend

s3db.js 13.6.0 → 14.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (193) hide show

package/README.md +139 -43
package/dist/s3db.cjs +72425 -38970
package/dist/s3db.cjs.map +1 -1
package/dist/s3db.es.js +72177 -38764
package/dist/s3db.es.js.map +1 -1
package/mcp/lib/base-handler.js +157 -0
package/mcp/lib/handlers/connection-handler.js +280 -0
package/mcp/lib/handlers/query-handler.js +533 -0
package/mcp/lib/handlers/resource-handler.js +428 -0
package/mcp/lib/tool-registry.js +336 -0
package/mcp/lib/tools/connection-tools.js +161 -0
package/mcp/lib/tools/query-tools.js +267 -0
package/mcp/lib/tools/resource-tools.js +404 -0
package/package.json +94 -49
package/src/clients/memory-client.class.js +346 -191
package/src/clients/memory-storage.class.js +300 -84
package/src/clients/s3-client.class.js +7 -6
package/src/concerns/geo-encoding.js +19 -2
package/src/concerns/ip.js +59 -9
package/src/concerns/money.js +8 -1
package/src/concerns/password-hashing.js +49 -8
package/src/concerns/plugin-storage.js +186 -18
package/src/concerns/storage-drivers/filesystem-driver.js +284 -0
package/src/database.class.js +139 -29
package/src/errors.js +332 -42
package/src/plugins/api/auth/oidc-auth.js +66 -17
package/src/plugins/api/auth/strategies/base-strategy.class.js +74 -0
package/src/plugins/api/auth/strategies/factory.class.js +63 -0
package/src/plugins/api/auth/strategies/global-strategy.class.js +44 -0
package/src/plugins/api/auth/strategies/path-based-strategy.class.js +83 -0
package/src/plugins/api/auth/strategies/path-rules-strategy.class.js +118 -0
package/src/plugins/api/concerns/failban-manager.js +106 -57
package/src/plugins/api/concerns/opengraph-helper.js +116 -0
package/src/plugins/api/concerns/route-context.js +601 -0
package/src/plugins/api/concerns/state-machine.js +288 -0
package/src/plugins/api/index.js +180 -41
package/src/plugins/api/routes/auth-routes.js +198 -30
package/src/plugins/api/routes/resource-routes.js +19 -4
package/src/plugins/api/server/health-manager.class.js +163 -0
package/src/plugins/api/server/middleware-chain.class.js +310 -0
package/src/plugins/api/server/router.class.js +472 -0
package/src/plugins/api/server.js +280 -1303
package/src/plugins/api/utils/custom-routes.js +17 -5
package/src/plugins/api/utils/guards.js +76 -17
package/src/plugins/api/utils/openapi-generator-cached.class.js +133 -0
package/src/plugins/api/utils/openapi-generator.js +7 -6
package/src/plugins/api/utils/template-engine.js +77 -3
package/src/plugins/audit.plugin.js +30 -8
package/src/plugins/backup.plugin.js +110 -14
package/src/plugins/cache/cache.class.js +22 -5
package/src/plugins/cache/filesystem-cache.class.js +116 -19
package/src/plugins/cache/memory-cache.class.js +211 -57
package/src/plugins/cache/multi-tier-cache.class.js +371 -0
package/src/plugins/cache/partition-aware-filesystem-cache.class.js +168 -47
package/src/plugins/cache/redis-cache.class.js +552 -0
package/src/plugins/cache/s3-cache.class.js +17 -8
package/src/plugins/cache.plugin.js +176 -61
package/src/plugins/cloud-inventory/drivers/alibaba-driver.js +8 -1
package/src/plugins/cloud-inventory/drivers/aws-driver.js +60 -29
package/src/plugins/cloud-inventory/drivers/azure-driver.js +8 -1
package/src/plugins/cloud-inventory/drivers/base-driver.js +16 -2
package/src/plugins/cloud-inventory/drivers/cloudflare-driver.js +8 -1
package/src/plugins/cloud-inventory/drivers/digitalocean-driver.js +8 -1
package/src/plugins/cloud-inventory/drivers/hetzner-driver.js +8 -1
package/src/plugins/cloud-inventory/drivers/linode-driver.js +8 -1
package/src/plugins/cloud-inventory/drivers/mongodb-atlas-driver.js +8 -1
package/src/plugins/cloud-inventory/drivers/vultr-driver.js +8 -1
package/src/plugins/cloud-inventory/index.js +29 -8
package/src/plugins/cloud-inventory/registry.js +64 -42
package/src/plugins/cloud-inventory.plugin.js +240 -138
package/src/plugins/concerns/plugin-dependencies.js +54 -0
package/src/plugins/concerns/resource-names.js +100 -0
package/src/plugins/consumers/index.js +10 -2
package/src/plugins/consumers/sqs-consumer.js +12 -2
package/src/plugins/cookie-farm-suite.plugin.js +278 -0
package/src/plugins/cookie-farm.errors.js +73 -0
package/src/plugins/cookie-farm.plugin.js +869 -0
package/src/plugins/costs.plugin.js +7 -1
package/src/plugins/eventual-consistency/analytics.js +94 -19
package/src/plugins/eventual-consistency/config.js +15 -7
package/src/plugins/eventual-consistency/consolidation.js +29 -11
package/src/plugins/eventual-consistency/garbage-collection.js +3 -1
package/src/plugins/eventual-consistency/helpers.js +39 -14
package/src/plugins/eventual-consistency/install.js +21 -2
package/src/plugins/eventual-consistency/utils.js +32 -10
package/src/plugins/fulltext.plugin.js +38 -11
package/src/plugins/geo.plugin.js +61 -9
package/src/plugins/identity/concerns/config.js +61 -0
package/src/plugins/identity/concerns/mfa-manager.js +15 -2
package/src/plugins/identity/concerns/rate-limit.js +124 -0
package/src/plugins/identity/concerns/resource-schemas.js +9 -1
package/src/plugins/identity/concerns/token-generator.js +29 -4
package/src/plugins/identity/drivers/auth-driver.interface.js +76 -0
package/src/plugins/identity/drivers/client-credentials-driver.js +127 -0
package/src/plugins/identity/drivers/index.js +18 -0
package/src/plugins/identity/drivers/password-driver.js +122 -0
package/src/plugins/identity/email-service.js +17 -2
package/src/plugins/identity/index.js +413 -69
package/src/plugins/identity/oauth2-server.js +413 -30
package/src/plugins/identity/oidc-discovery.js +16 -8
package/src/plugins/identity/rsa-keys.js +115 -35
package/src/plugins/identity/server.js +166 -45
package/src/plugins/identity/session-manager.js +53 -7
package/src/plugins/identity/ui/pages/mfa-verification.js +17 -15
package/src/plugins/identity/ui/routes.js +363 -255
package/src/plugins/importer/index.js +153 -20
package/src/plugins/index.js +9 -2
package/src/plugins/kubernetes-inventory/index.js +6 -0
package/src/plugins/kubernetes-inventory/k8s-driver.js +867 -0
package/src/plugins/kubernetes-inventory/resource-types.js +274 -0
package/src/plugins/kubernetes-inventory.plugin.js +980 -0
package/src/plugins/metrics.plugin.js +64 -16
package/src/plugins/ml/base-model.class.js +25 -15
package/src/plugins/ml/regression-model.class.js +1 -1
package/src/plugins/ml.errors.js +57 -25
package/src/plugins/ml.plugin.js +28 -4
package/src/plugins/namespace.js +210 -0
package/src/plugins/plugin.class.js +180 -8
package/src/plugins/puppeteer/console-monitor.js +729 -0
package/src/plugins/puppeteer/cookie-manager.js +492 -0
package/src/plugins/puppeteer/network-monitor.js +816 -0
package/src/plugins/puppeteer/performance-manager.js +746 -0
package/src/plugins/puppeteer/proxy-manager.js +478 -0
package/src/plugins/puppeteer/stealth-manager.js +556 -0
package/src/plugins/puppeteer.errors.js +81 -0
package/src/plugins/puppeteer.plugin.js +1327 -0
package/src/plugins/queue-consumer.plugin.js +69 -14
package/src/plugins/recon/behaviors/uptime-behavior.js +691 -0
package/src/plugins/recon/concerns/command-runner.js +148 -0
package/src/plugins/recon/concerns/diff-detector.js +372 -0
package/src/plugins/recon/concerns/fingerprint-builder.js +307 -0
package/src/plugins/recon/concerns/process-manager.js +338 -0
package/src/plugins/recon/concerns/report-generator.js +478 -0
package/src/plugins/recon/concerns/security-analyzer.js +571 -0
package/src/plugins/recon/concerns/target-normalizer.js +68 -0
package/src/plugins/recon/config/defaults.js +321 -0
package/src/plugins/recon/config/resources.js +370 -0
package/src/plugins/recon/index.js +778 -0
package/src/plugins/recon/managers/dependency-manager.js +174 -0
package/src/plugins/recon/managers/scheduler-manager.js +179 -0
package/src/plugins/recon/managers/storage-manager.js +745 -0
package/src/plugins/recon/managers/target-manager.js +274 -0
package/src/plugins/recon/stages/asn-stage.js +314 -0
package/src/plugins/recon/stages/certificate-stage.js +84 -0
package/src/plugins/recon/stages/dns-stage.js +107 -0
package/src/plugins/recon/stages/dnsdumpster-stage.js +362 -0
package/src/plugins/recon/stages/fingerprint-stage.js +71 -0
package/src/plugins/recon/stages/google-dorks-stage.js +440 -0
package/src/plugins/recon/stages/http-stage.js +89 -0
package/src/plugins/recon/stages/latency-stage.js +148 -0
package/src/plugins/recon/stages/massdns-stage.js +302 -0
package/src/plugins/recon/stages/osint-stage.js +1373 -0
package/src/plugins/recon/stages/ports-stage.js +169 -0
package/src/plugins/recon/stages/screenshot-stage.js +94 -0
package/src/plugins/recon/stages/secrets-stage.js +514 -0
package/src/plugins/recon/stages/subdomains-stage.js +295 -0
package/src/plugins/recon/stages/tls-audit-stage.js +78 -0
package/src/plugins/recon/stages/vulnerability-stage.js +78 -0
package/src/plugins/recon/stages/web-discovery-stage.js +113 -0
package/src/plugins/recon/stages/whois-stage.js +349 -0
package/src/plugins/recon.plugin.js +75 -0
package/src/plugins/recon.plugin.js.backup +2635 -0
package/src/plugins/relation.errors.js +87 -14
package/src/plugins/replicator.plugin.js +514 -137
package/src/plugins/replicators/base-replicator.class.js +89 -1
package/src/plugins/replicators/bigquery-replicator.class.js +66 -22
package/src/plugins/replicators/dynamodb-replicator.class.js +22 -15
package/src/plugins/replicators/mongodb-replicator.class.js +22 -15
package/src/plugins/replicators/mysql-replicator.class.js +52 -17
package/src/plugins/replicators/planetscale-replicator.class.js +30 -4
package/src/plugins/replicators/postgres-replicator.class.js +62 -27
package/src/plugins/replicators/s3db-replicator.class.js +25 -18
package/src/plugins/replicators/schema-sync.helper.js +3 -3
package/src/plugins/replicators/sqs-replicator.class.js +8 -2
package/src/plugins/replicators/turso-replicator.class.js +23 -3
package/src/plugins/replicators/webhook-replicator.class.js +42 -4
package/src/plugins/s3-queue.plugin.js +464 -65
package/src/plugins/scheduler.plugin.js +20 -6
package/src/plugins/state-machine.plugin.js +40 -9
package/src/plugins/tfstate/README.md +126 -126
package/src/plugins/tfstate/base-driver.js +28 -4
package/src/plugins/tfstate/errors.js +65 -10
package/src/plugins/tfstate/filesystem-driver.js +52 -8
package/src/plugins/tfstate/index.js +163 -90
package/src/plugins/tfstate/s3-driver.js +64 -6
package/src/plugins/ttl.plugin.js +72 -17
package/src/plugins/vector/distances.js +18 -12
package/src/plugins/vector/kmeans.js +26 -4
package/src/resource.class.js +115 -19
package/src/testing/factory.class.js +20 -3
package/src/testing/seeder.class.js +7 -1
package/src/clients/memory-client.md +0 -917
package/src/plugins/cloud-inventory/drivers/mock-drivers.js +0 -449

package/src/plugins/tfstate/README.md CHANGED Viewed

@@ -1,42 +1,42 @@
 # TfState Plugin - Internal Development Guide
-Este documento é o guia interno de desenvolvimento do TfState Plugin.
+This document is the internal development guide for the TfState Plugin.
 ---
-## 📋 Arquitetura Geral
+## 📋 General Architecture
-### Filosofia
+### Philosophy
-O TfState Plugin transforma states do Terraform (arquivos `.tfstate`) em dados consultáveis no s3db.
+The TfState Plugin transforms Terraform states (`.tfstate` files) into queryable data in s3db.
-**Princípios:**
-- ✅ **Simplicidade**: API clara e direta
-- ✅ **Performance**: Partitions para queries rápidas (sync mode)
-- ✅ **Flexibilidade**: Suporta local files, S3, glob patterns
-- ✅ **Rastreabilidade**: Diff tracking entre versões
-- ✅ **Deduplicação**: SHA256 hash para evitar re-imports
+**Principles:**
+- ✅ **Simplicity**: Clear and direct API
+- ✅ **Performance**: Partitions for fast queries (sync mode)
+- ✅ **Flexibility**: Supports local files, S3, glob patterns
+- ✅ **Traceability**: Diff tracking between versions
+- ✅ **Deduplication**: SHA256 hash to avoid re-imports
 ---
-## 🗄️ Os 3 Resources
+## 🗄️ The 3 Resources
 ### 1. State Files Resource (`plg_tfstate_states`)
-Armazena metadados sobre cada `.tfstate` importado.
+Stores metadata about each imported `.tfstate`.
-**Schema Completo:**
+**Complete Schema:**
 ```javascript
 {
-  id: 'string|required',                    // nanoid gerado
+  id: 'string|required',                    // generated nanoid
   sourceFile: 'string|required',            // 'prod/terraform.tfstate'
-  serial: 'number|required',                // Serial do state
+  serial: 'number|required',                // State serial
   lineage: 'string',                        // Terraform lineage
   terraformVersion: 'string',               // e.g. '1.5.0'
-  resourceCount: 'number',                  // Quantos recursos
-  sha256Hash: 'string|required',            // Para dedup
+  resourceCount: 'number',                  // How many resources
+  sha256Hash: 'string|required',            // For dedup
   importedAt: 'number|required',            // timestamp
-  stateVersion: 'number'                    // 3 ou 4
+  stateVersion: 'number'                    // 3 or 4
 }
 ```
@@ -47,18 +47,18 @@ Armazena metadados sobre cada `.tfstate` importado.
   bySerial: { fields: { serial: 'number' } }
 }
-asyncPartitions: false  // Sync para queries imediatas
+asyncPartitions: false  // Sync for immediate queries
 ```
-**Queries Comuns:**
+**Common Queries:**
 ```javascript
-// Buscar última versão de um state
+// Fetch latest version of a state
 const latest = await stateFilesResource.listPartition({
   partition: 'bySourceFile',
   partitionValues: { sourceFile: 'prod/terraform.tfstate' }
 }).then(results => results.sort((a, b) => b.serial - a.serial)[0]);
-// Buscar serial específico
+// Fetch specific serial
 const v100 = await stateFilesResource.listPartition({
   partition: 'bySerial',
   partitionValues: { serial: 100 }
@@ -69,34 +69,34 @@ const v100 = await stateFilesResource.listPartition({
 ### 2. Resources Resource (`plg_tfstate_resources`)
-O resource principal contendo todos os recursos de infraestrutura extraídos dos states.
+The main resource containing all infrastructure resources extracted from states.
-**Schema Completo:**
+**Complete Schema:**
 ```javascript
 {
-  id: 'string|required',                    // nanoid gerado
-  stateFileId: 'string|required',           // FK para states resource
+  id: 'string|required',                    // generated nanoid
+  stateFileId: 'string|required',           // FK to states resource
-  // Denormalized para queries
-  stateSerial: 'number|required',           // De qual versão veio
-  sourceFile: 'string|required',            // De qual arquivo veio
+  // Denormalized for queries
+  stateSerial: 'number|required',           // Which version it came from
+  sourceFile: 'string|required',            // Which file it came from
-  // Identidade do recurso
+  // Resource identity
   resourceType: 'string|required',          // 'aws_instance'
   resourceName: 'string|required',          // 'web_server'
   resourceAddress: 'string|required',       // 'aws_instance.web_server'
   providerName: 'string|required',          // 'aws', 'google', 'azure', etc
-  // Dados do recurso
-  mode: 'string',                           // 'managed' ou 'data'
-  attributes: 'json',                       // Atributos completos do recurso
-  dependencies: 'array',                    // Lista de dependências
+  // Resource data
+  mode: 'string',                           // 'managed' or 'data'
+  attributes: 'json',                       // Complete resource attributes
+  dependencies: 'array',                    // Dependency list
   importedAt: 'number|required'             // timestamp
 }
 ```
-**Partitions (crítico para performance!):**
+**Partitions (critical for performance!):**
 ```javascript
 {
   byType: {
@@ -119,7 +119,7 @@ O resource principal contendo todos os recursos de infraestrutura extraídos dos
   }
 }
-asyncPartitions: false  // IMPORTANTE: Sync para queries imediatas!
+asyncPartitions: false  // IMPORTANT: Sync for immediate queries!
 ```
 **Provider Detection Logic:**
@@ -146,21 +146,21 @@ function detectProvider(resourceType) {
 }
 ```
-**Queries Comuns:**
+**Common Queries:**
 ```javascript
-// Query por tipo (usa partition - O(1))
+// Query by type (uses partition - O(1))
 const ec2 = await resource.listPartition({
   partition: 'byType',
   partitionValues: { resourceType: 'aws_instance' }
 });
-// Query por provider (usa partition - O(1))
+// Query by provider (uses partition - O(1))
 const awsResources = await resource.listPartition({
   partition: 'byProvider',
   partitionValues: { providerName: 'aws' }
 });
-// Query por provider + tipo (partition combinada - O(1))
+// Query by provider + type (combined partition - O(1))
 const awsRds = await resource.listPartition({
   partition: 'byProviderAndType',
   partitionValues: {
@@ -174,22 +174,22 @@ const awsRds = await resource.listPartition({
 ### 3. Diffs Resource (`plg_tfstate_diffs`)
-Rastreia mudanças entre versões de states.
+Tracks changes between state versions.
-**Schema Completo:**
+**Complete Schema:**
 ```javascript
 {
-  id: 'string|required',                    // nanoid gerado
-  sourceFile: 'string|required',            // Qual state
-  oldSerial: 'number|required',             // Versão antiga
-  newSerial: 'number|required',             // Versão nova
+  id: 'string|required',                    // generated nanoid
+  sourceFile: 'string|required',            // Which state
+  oldSerial: 'number|required',             // Old version
+  newSerial: 'number|required',             // New version
   summary: {
     type: 'object',
     props: {
-      addedCount: 'number',                 // Quantos adicionados
-      modifiedCount: 'number',              // Quantos modificados
-      deletedCount: 'number'                // Quantos deletados
+      addedCount: 'number',                 // How many added
+      modifiedCount: 'number',              // How many modified
+      deletedCount: 'number'                // How many deleted
     }
   },
@@ -220,7 +220,7 @@ Rastreia mudanças entre versões de states.
   }
 }
-asyncPartitions: false  // Sync para queries imediatas
+asyncPartitions: false  // Sync for immediate queries
 ```
 **Diff Calculation Logic:**
@@ -234,7 +234,7 @@ async function calculateDiff(oldState, newState) {
   const deleted = [];
   const modified = [];
-  // Detectar adicionados
+  // Detect added
   for (const [address, resource] of Object.entries(newResources)) {
     if (!oldResources[address]) {
       added.push({
@@ -246,7 +246,7 @@ async function calculateDiff(oldState, newState) {
     }
   }
-  // Detectar deletados
+  // Detect deleted
   for (const [address, resource] of Object.entries(oldResources)) {
     if (!newResources[address]) {
       deleted.push({
@@ -258,7 +258,7 @@ async function calculateDiff(oldState, newState) {
     }
   }
-  // Detectar modificados
+  // Detect modified
   for (const [address, newResource] of Object.entries(newResources)) {
     const oldResource = oldResources[address];
     if (oldResource) {
@@ -291,7 +291,7 @@ async function calculateDiff(oldState, newState) {
 function detectChanges(oldAttrs, newAttrs, path = '') {
   const changes = [];
-  // Comparar cada campo
+  // Compare each field
   const allKeys = new Set([...Object.keys(oldAttrs), ...Object.keys(newAttrs)]);
   for (const key of allKeys) {
@@ -314,43 +314,43 @@ function detectChanges(oldAttrs, newAttrs, path = '') {
 ---
-## 🔧 Métodos Principais
+## 🔧 Main Methods
 ### Import Flow
 ```
 importState(filePath)
   ↓
-  1. Ler arquivo do filesystem
-  2. Parsear JSON
-  3. Calcular SHA256
-  4. Verificar se já existe (dedup)
-  5. Se novo:
-     - Criar record em stateFilesResource
-     - Extrair recursos
-     - Criar records em resource
-     - Se tem versão anterior:
-       - Calcular diff
-       - Criar record em diffsResource
+  1. Read file from filesystem
+  2. Parse JSON
+  3. Calculate SHA256
+  4. Check if already exists (dedup)
+  5. If new:
+     - Create record in stateFilesResource
+     - Extract resources
+     - Create records in resource
+     - If previous version exists:
+       - Calculate diff
+       - Create record in diffsResource
 ```
-**Código:**
+**Code:**
 ```javascript
 async importState(filePath, options = {}) {
-  // 1. Ler e parsear
+  // 1. Read and parse
   const content = await fs.readFile(filePath, 'utf8');
   const state = JSON.parse(content);
   // 2. SHA256
   const sha256Hash = crypto.createHash('sha256').update(content).digest('hex');
-  // 3. Verificar se já existe
+  // 3. Check if already exists
   const existing = await this.stateFilesResource.query({ sha256Hash });
   if (existing.length > 0) {
     return { alreadyImported: true, stateFileId: existing[0].id };
   }
-  // 4. Criar state file record
+  // 4. Create state file record
   const sourceFile = options.sourceFile || path.basename(filePath);
   const stateFileRecord = await this.stateFilesResource.insert({
     sourceFile,
@@ -363,10 +363,10 @@ async importState(filePath, options = {}) {
     stateVersion: state.version
   });
-  // 5. Extrair e inserir recursos
+  // 5. Extract and insert resources
   const extractedResources = await this._extractResources(state, stateFileRecord.id);
-  // 6. Calcular diff se houver versão anterior
+  // 6. Calculate diff if previous version exists
   if (this.trackDiffs) {
     await this._maybeCalculateDiff(sourceFile, state.serial);
   }
@@ -386,12 +386,12 @@ async _extractResources(state, stateFileId) {
   const extracted = [];
   for (const resource of resources) {
-    // Aplicar filtros
+    // Apply filters
     if (!this._shouldIncludeResource(resource)) {
       continue;
     }
-    // Processar cada instance do recurso
+    // Process each resource instance
     for (const instance of resource.instances || []) {
       const providerName = this._detectProvider(resource.type);
@@ -418,14 +418,14 @@ async _extractResources(state, stateFileId) {
 }
 _shouldIncludeResource(resource) {
-  // Filtro por tipo
+  // Filter by type
   if (this.filters?.types && this.filters.types.length > 0) {
     if (!this.filters.types.includes(resource.type)) {
       return false;
     }
   }
-  // Filtro por provider
+  // Filter by provider
   if (this.filters?.providers && this.filters.providers.length > 0) {
     const provider = this._detectProvider(resource.type);
     if (!this.filters.providers.includes(provider)) {
@@ -433,7 +433,7 @@ _shouldIncludeResource(resource) {
     }
   }
-  // Filtro de exclusão
+  // Exclusion filter
   if (this.filters?.exclude && this.filters.exclude.length > 0) {
     for (const pattern of this.filters.exclude) {
       if (this._matchesPattern(resource.type, pattern)) {
@@ -470,24 +470,24 @@ _detectProvider(resourceType) {
 ```javascript
 async _maybeCalculateDiff(sourceFile, newSerial) {
-  // Buscar versão anterior
+  // Fetch previous version
   const previousStates = await this.stateFilesResource.listPartition({
     partition: 'bySourceFile',
     partitionValues: { sourceFile }
   });
   if (previousStates.length < 2) {
-    return; // Primeira versão, sem diff
+    return; // First version, no diff
   }
-  // Ordenar por serial
+  // Sort by serial
   previousStates.sort((a, b) => b.serial - a.serial);
   const newState = previousStates[0];
   const oldState = previousStates[1];
   if (newState.serial === newSerial) {
-    // Buscar recursos de ambas as versões
+    // Fetch resources from both versions
     const newResources = await this.resource.listPartition({
       partition: 'bySerial',
       partitionValues: { stateSerial: newState.serial }
@@ -498,10 +498,10 @@ async _maybeCalculateDiff(sourceFile, newSerial) {
       partitionValues: { stateSerial: oldState.serial }
     });
-    // Calcular diff
+    // Calculate diff
     const diff = this._calculateDiff(oldResources, newResources);
-    // Salvar diff
+    // Save diff
     await this.diffsResource.insert({
       sourceFile,
       oldSerial: oldState.serial,
@@ -518,7 +518,7 @@ async _maybeCalculateDiff(sourceFile, newSerial) {
 ## 🎯 Query Helpers
-Métodos convenientes que usam partitions para queries rápidas:
+Convenient methods that use partitions for fast queries:
 ```javascript
 async getResourcesByType(type) {
@@ -563,7 +563,7 @@ async getLatestDiff(sourceFile) {
   if (diffs.length === 0) return null;
-  // Ordenar por calculatedAt desc
+  // Sort by calculatedAt desc
   diffs.sort((a, b) => b.calculatedAt - a.calculatedAt);
   return diffs[0];
 }
@@ -640,33 +640,33 @@ async getStatsByType() {
 ## ⚡ Performance Considerations
-### 1. Partitions em Sync Mode
+### 1. Partitions in Sync Mode
-**CRÍTICO**: Todas as 3 resources usam `asyncPartitions: false`.
+**CRITICAL**: All 3 resources use `asyncPartitions: false`.
-**Por quê?**
-- Queries precisam ser imediatas após o import
-- Partitions async criam race conditions
-- Diff tracking requer dados imediatos
+**Why?**
+- Queries need to be immediate after import
+- Async partitions create race conditions
+- Diff tracking requires immediate data
 **Trade-off:**
-- Insert é um pouco mais lento (mas ainda rápido)
-- Queries são O(1) usando partitions
+- Insert is slightly slower (but still fast)
+- Queries are O(1) using partitions
-### 2. Denormalização
+### 2. Denormalization
-Os campos `stateSerial` e `sourceFile` são denormalizados no resources resource para permitir queries rápidas sem joins.
+Fields `stateSerial` and `sourceFile` are denormalized in the resources resource to enable fast queries without joins.
 ### 3. SHA256 Deduplication
-Antes de importar, sempre verificamos se o SHA256 já existe. Isso evita re-imports desnecessários.
+Before importing, we always check if SHA256 already exists. This avoids unnecessary re-imports.
 ### 4. Batch Operations
-Para glob imports, processamos em paralelo mas com limite:
+For glob imports, we process in parallel but with limit:
 ```javascript
-const concurrency = 5;  // Max 5 imports simultâneos
+const concurrency = 5;  // Max 5 simultaneous imports
 await PromisePool
   .withConcurrency(concurrency)
   .for(files)
@@ -679,62 +679,62 @@ await PromisePool
 ### 1. Unit Tests
-Testar métodos isolados:
-- `_detectProvider()` → Detecção correta de providers
-- `_shouldIncludeResource()` → Filtros funcionando
-- `_calculateDiff()` → Diff calculation correto
+Test isolated methods:
+- `_detectProvider()` → Correct provider detection
+- `_shouldIncludeResource()` → Filters working
+- `_calculateDiff()` → Correct diff calculation
 ### 2. Integration Tests
-Testar fluxos completos:
-- Import → Verificar resources criados
-- Import 2x → Verificar dedup funciona
-- Import v1 + v2 → Verificar diff criado
+Test complete flows:
+- Import → Verify resources created
+- Import 2x → Verify dedup works
+- Import v1 + v2 → Verify diff created
 ### 3. Partition Tests
-Testar queries usando partitions:
-- `getResourcesByType()` → Deve usar partition
-- `getResourcesByProvider()` → Deve usar partition
-- `getResourcesByProviderAndType()` → Deve usar partition combinada
+Test queries using partitions:
+- `getResourcesByType()` → Should use partition
+- `getResourcesByProvider()` → Should use partition
+- `getResourcesByProviderAndType()` → Should use combined partition
 ### 4. Performance Tests
-Verificar que partitions são rápidas:
+Verify partitions are fast:
 - Import 1000 resources
-- Query por tipo → Deve ser < 100ms
+- Query by type → Should be < 100ms
 ---
 ## 🐛 Common Issues
-### Issue: Partitions retornam vazio
+### Issue: Partitions return empty
-**Causa**: `asyncPartitions: true` (default)
+**Cause**: `asyncPartitions: true` (default)
-**Solução**: Sempre usar `asyncPartitions: false` nos 3 resources
+**Solution**: Always use `asyncPartitions: false` in all 3 resources
-### Issue: Diff não está sendo criado
+### Issue: Diff not being created
-**Causa**: `trackDiffs: false` ou primeira versão do state
+**Cause**: `trackDiffs: false` or first version of state
-**Solução**: Verificar que `trackDiffs: true` e que há pelo menos 2 versões do state
+**Solution**: Verify that `trackDiffs: true` and there are at least 2 versions of the state
-### Issue: Provider detection errado
+### Issue: Wrong provider detection
-**Causa**: Provider não está no `providerMap`
+**Cause**: Provider not in `providerMap`
-**Solução**: Adicionar provider ao map em `_detectProvider()`
+**Solution**: Add provider to map in `_detectProvider()`
 ---
 ## 🚀 Future Enhancements
-1. **Partial imports**: Importar apenas recursos modificados
-2. **Compression**: Comprimir `attributes` JSON para economizar espaço
-3. **Resource relationships**: Mapear dependências entre recursos
-4. **Cost estimation**: Integrar com pricing APIs
-5. **Compliance checks**: Validar recursos contra políticas
+1. **Partial imports**: Import only modified resources
+2. **Compression**: Compress `attributes` JSON to save space
+3. **Resource relationships**: Map dependencies between resources
+4. **Cost estimation**: Integrate with pricing APIs
+5. **Compliance checks**: Validate resources against policies
 ---

package/src/plugins/tfstate/base-driver.js CHANGED Viewed

@@ -1,3 +1,5 @@
+import { TfStateError } from './errors.js';
 /**
  * Base Driver Class for TfState Plugin
  *
@@ -14,7 +16,12 @@ export class TfStateDriver {
    * Called during plugin installation
    */
   async initialize() {
-    throw new Error('Driver must implement initialize()');
+    throw new TfStateError('Driver must implement initialize()', {
+      operation: 'initialize',
+      statusCode: 501,
+      retriable: false,
+      suggestion: 'Extend TfStateDriver and implement initialize() to configure backend connections.'
+    });
   }
   /**
@@ -22,7 +29,12 @@ export class TfStateDriver {
    * @returns {Promise<Array>} Array of state file metadata { path, lastModified, size }
    */
   async listStateFiles() {
-    throw new Error('Driver must implement listStateFiles()');
+    throw new TfStateError('Driver must implement listStateFiles()', {
+      operation: 'listStateFiles',
+      statusCode: 501,
+      retriable: false,
+      suggestion: 'Override listStateFiles() to return available Terraform state metadata.'
+    });
   }
   /**
@@ -31,7 +43,13 @@ export class TfStateDriver {
    * @returns {Promise<Object>} Parsed state file content
    */
   async readStateFile(path) {
-    throw new Error('Driver must implement readStateFile()');
+    throw new TfStateError('Driver must implement readStateFile()', {
+      operation: 'readStateFile',
+      statusCode: 501,
+      retriable: false,
+      suggestion: 'Override readStateFile(path) to load and parse the Terraform state JSON.',
+      path
+    });
   }
   /**
@@ -40,7 +58,13 @@ export class TfStateDriver {
    * @returns {Promise<Object>} Metadata { path, lastModified, size, etag }
    */
   async getStateFileMetadata(path) {
-    throw new Error('Driver must implement getStateFileMetadata()');
+    throw new TfStateError('Driver must implement getStateFileMetadata()', {
+      operation: 'getStateFileMetadata',
+      statusCode: 501,
+      retriable: false,
+      suggestion: 'Override getStateFileMetadata(path) to return lastModified, size, and ETag information.',
+      path
+    });
   }
   /**