stacksjs
diff --git a/‎README.md‎
Lines changed: 68 additions & 0 deletions b/‎README.md‎
Lines changed: 68 additions & 0 deletions
diff --git a/‎packages/ts-cloud/bin/commands/deploy.ts‎
Lines changed: 179 additions & 3 deletions b/‎packages/ts-cloud/bin/commands/deploy.ts‎
Lines changed: 179 additions & 3 deletions
diff --git a/‎packages/ts-cloud/bin/commands/domain.ts‎
Lines changed: 6 additions & 6 deletions b/‎packages/ts-cloud/bin/commands/domain.ts‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎packages/ts-cloud/bin/commands/shared.ts‎
Lines changed: 15 additions & 2 deletions b/‎packages/ts-cloud/bin/commands/shared.ts‎
Lines changed: 15 additions & 2 deletions
@@ -236,6 +236,74 @@ await cloudfront.createInvalidation({
 })
 ```
 
+## DNS Providers
+
+ts-cloud supports multiple DNS providers for domain management and SSL certificate validation:
+
+### Cloudflare
+
+1. Log in to your [Cloudflare Dashboard](https://dash.cloudflare.com/)
+2. Go to **My Profile** → **API Tokens** (or visit https://dash.cloudflare.com/profile/api-tokens)
+3. Click **Create Token**
+4. Use the **Edit zone DNS** template, or create a custom token with:
+   - **Permissions**: Zone → DNS → Edit
+   - **Zone Resources**: Include → All zones (or specific zones)
+5. Copy the generated token
+
+```bash
+export CLOUDFLARE_API_TOKEN="your-api-token-here"
+```
+
+### Porkbun
+
+1. Log in to your [Porkbun Dashboard](https://porkbun.com/account/api)
+2. Enable API access for your domain(s)
+3. Generate an API key pair
+
+```bash
+export PORKBUN_API_KEY="your-api-key"
+export PORKBUN_SECRET_KEY="your-secret-key"
+```
+
+### GoDaddy
+
+1. Log in to [GoDaddy Developer Portal](https://developer.godaddy.com/)
+2. Create a new API key
+3. Note both the key and secret
+
+```bash
+export GODADDY_API_KEY="your-api-key"
+export GODADDY_API_SECRET="your-api-secret"
+export GODADDY_ENVIRONMENT="production"  # or "ote" for testing
+```
+
+### Route53
+
+Uses AWS credentials from environment or ~/.aws/credentials:
+
+```bash
+export AWS_ACCESS_KEY_ID="your-access-key"
+export AWS_SECRET_ACCESS_KEY="your-secret-key"
+export AWS_REGION="us-east-1"
+export AWS_HOSTED_ZONE_ID="Z1234567890"  # Optional
+```
+
+### CLI Usage
+
+```bash
+# List domains
+cloud domain:list --provider cloudflare
+
+# List DNS records
+cloud dns:records example.com --provider cloudflare
+
+# Add a DNS record
+cloud dns:add example.com A 192.168.1.1 --name api --provider cloudflare
+
+# Generate SSL certificate with DNS validation
+cloud domain:ssl example.com --provider cloudflare
+```
+
 ## Development
 
 ```bash
 
@@ -8,23 +8,37 @@ import { CloudFrontClient } from '../../src/aws/cloudfront'
 import { ECRClient } from '../../src/aws/ecr'
 import { ECSClient } from '../../src/aws/ecs'
 import { validateTemplate, validateTemplateSize, validateResourceLimits } from '../../src/validation/template'
-import { loadValidatedConfig } from './shared'
+import { loadValidatedConfig, resolveDnsProviderConfig, getDnsProvider } from './shared'
+import { deployStaticSiteWithExternalDnsFull } from '../../src/deploy/static-site-external-dns'
+import type { DnsProviderConfig } from '../../src/dns/types'
 
 export function registerDeployCommands(app: CLI): void {
   app
     .command('deploy', 'Deploy infrastructure')
     .option('--stack <name>', 'Stack name')
     .option('--env <environment>', 'Environment to deploy to')
-    .action(async (options?: { stack?: string, env?: string }) => {
+    .option('--site <name>', 'Deploy specific site only')
+    .action(async (options?: { stack?: string, env?: string, site?: string }) => {
       cli.header('Deploying Infrastructure')
 
       try {
         // Load configuration
         const config = await loadValidatedConfig()
-        const environment = (options?.env || 'production') as 'production' | 'staging' | 'development'
+        const environment = (options?.env || 'staging') as 'production' | 'staging' | 'development'
         const stackName = options?.stack || `${config.project.slug}-${environment}`
         const region = config.project.region || 'us-east-1'
 
+        // Check if this is a static site deployment
+        if (config.sites && Object.keys(config.sites).length > 0) {
+          const dnsProvider = config.infrastructure?.dns?.provider
+
+          if (dnsProvider && dnsProvider !== 'route53') {
+            // Deploy static sites with external DNS
+            await deployStaticSitesWithExternalDns(config, options?.site, dnsProvider, region)
+            return
+          }
+        }
+
         cli.info(`Stack: ${stackName}`)
         cli.info(`Region: ${region}`)
         cli.info(`Environment: ${environment}`)
@@ -672,3 +686,165 @@ https://${bucket}.s3.${region}.amazonaws.com${prefix ? `/${prefix}` : ''}/index.
       }
     })
 }
+
+/**
+ * Deploy static sites with external DNS provider (Cloudflare, Porkbun, GoDaddy)
+ * Handles detection of existing DNS records (like Netlify) and prompts for migration
+ */
+async function deployStaticSitesWithExternalDns(
+  config: any,
+  specificSite: string | undefined,
+  dnsProviderName: string,
+  region: string,
+): Promise<void> {
+  const sites = config.sites || {}
+  const siteNames = specificSite ? [specificSite] : Object.keys(sites)
+
+  if (siteNames.length === 0) {
+    cli.warn('No sites configured in cloud.config.ts')
+    return
+  }
+
+  // Get DNS provider config from environment
+  const dnsConfig = resolveDnsProviderConfig(dnsProviderName)
+  if (!dnsConfig) {
+    cli.error(`DNS provider '${dnsProviderName}' is not configured. Please set the required environment variables.`)
+    cli.info('\nFor Cloudflare: CLOUDFLARE_API_TOKEN')
+    cli.info('For Porkbun: PORKBUN_API_KEY, PORKBUN_SECRET_KEY')
+    cli.info('For GoDaddy: GODADDY_API_KEY, GODADDY_API_SECRET')
+    return
+  }
+
+  const dnsProvider = getDnsProvider(dnsProviderName)
+
+  for (const siteName of siteNames) {
+    const siteConfig = sites[siteName]
+    if (!siteConfig) {
+      cli.error(`Site '${siteName}' not found in configuration`)
+      continue
+    }
+
+    const domain = siteConfig.domain
+    if (!domain) {
+      cli.error(`Site '${siteName}' has no domain configured`)
+      continue
+    }
+
+    cli.header(`Deploying Site: ${siteName}`)
+    cli.info(`Domain: ${domain}`)
+    cli.info(`Source: ${siteConfig.root}`)
+    cli.info(`DNS Provider: ${dnsProviderName}`)
+
+    // Check if source directory exists
+    if (!existsSync(siteConfig.root)) {
+      cli.error(`Source directory not found: ${siteConfig.root}`)
+      cli.info('Run your build command first (e.g., bun run generate)')
+      continue
+    }
+
+    // Check for existing DNS records
+    cli.step('Checking existing DNS records...')
+    const existingRecords = await dnsProvider.listRecords(domain)
+
+    if (existingRecords.success && existingRecords.records.length > 0) {
+      // Look for existing CNAME records that might be pointing to Netlify or other providers
+      const domainParts = domain.split('.')
+      const subdomain = domainParts.length > 2 ? domainParts[0] : '@'
+      const rootDomain = domainParts.slice(-2).join('.')
+
+      const existingCname = existingRecords.records.find(r =>
+        r.type === 'CNAME' &&
+        (r.name === domain || r.name === subdomain || r.name === `${subdomain}.${rootDomain}`)
+      )
+
+      if (existingCname) {
+        const isNetlify = existingCname.content.includes('netlify')
+        const isVercel = existingCname.content.includes('vercel')
+        const isCloudFront = existingCname.content.includes('cloudfront.net')
+
+        // Skip if already pointing to CloudFront (our infrastructure)
+        if (isCloudFront) {
+          cli.info(`Domain already points to CloudFront: ${existingCname.content}`)
+          cli.info('Proceeding with file upload...')
+        } else {
+          const providerName = isNetlify ? 'Netlify' : isVercel ? 'Vercel' : 'another provider'
+
+          cli.warn(`\nExisting CNAME record detected:`)
+          cli.info(`  ${existingCname.name} -> ${existingCname.content}`)
+
+          if (isNetlify || isVercel) {
+            cli.info(`\nThis domain is currently pointing to ${providerName}.`)
+            cli.info('Deploying will update this record to point to AWS CloudFront.')
+          }
+
+          const proceed = await cli.confirm(`\nUpdate DNS record to point to AWS CloudFront?`, true)
+          if (!proceed) {
+            cli.info('Deployment cancelled')
+            continue
+          }
+
+          // Delete the old CNAME record before deploying
+          cli.step(`Removing old ${providerName} CNAME record...`)
+          const deleteResult = await dnsProvider.deleteRecord(domain, {
+            name: existingCname.name,
+            type: 'CNAME',
+            content: existingCname.content,
+          })
+
+          if (deleteResult.success) {
+            cli.success(`Removed CNAME: ${existingCname.name} -> ${existingCname.content}`)
+          } else {
+            cli.warn(`Could not remove old record: ${deleteResult.message}`)
+            cli.info('The deployment will attempt to update it instead.')
+          }
+        }
+      }
+    }
+
+    // Deploy the static site
+    cli.step('Deploying to AWS (S3 + CloudFront)...')
+
+    const result = await deployStaticSiteWithExternalDnsFull({
+      siteName: `${config.project.slug}-${siteName}`,
+      domain,
+      region,
+      sourceDir: siteConfig.root,
+      certificateArn: siteConfig.certificateArn,
+      dnsProvider: dnsConfig,
+      onProgress: (stage, detail) => {
+        if (stage === 'infrastructure') {
+          cli.step(detail || 'Setting up infrastructure...')
+        } else if (stage === 'upload') {
+          // Show upload progress without spamming
+          if (detail?.includes('/') && !detail.includes('1/')) {
+            const match = detail.match(/(\d+)\/(\d+)/)
+            if (match) {
+              const [, current, total] = match
+              if (Number(current) % 10 === 0 || current === total) {
+                cli.info(`  Uploaded ${current}/${total} files`)
+              }
+            }
+          }
+        } else if (stage === 'invalidate') {
+          cli.step('Invalidating CDN cache...')
+        } else if (stage === 'complete') {
+          // Handled below
+        }
+      },
+    })
+
+    if (result.success) {
+      cli.success('\nDeployment successful!')
+      cli.box(`Site Deployed!
+
+Domain: https://${result.domain}
+CloudFront: ${result.distributionDomain}
+Bucket: ${result.bucket}
+Files: ${result.filesUploaded}
+
+Your site is now live at https://${result.domain}`, 'green')
+    } else {
+      cli.error(`\nDeployment failed: ${result.message}`)
+    }
+  }
+}
@@ -7,7 +7,7 @@ import { getDnsProvider, resolveDnsProviderConfig } from './shared'
 export function registerDomainCommands(app: CLI): void {
   app
     .command('domain:list', 'List all domains')
-    .option('--provider <provider>', 'DNS provider: porkbun, godaddy, or route53')
+    .option('--provider <provider>', 'DNS provider: porkbun, godaddy, cloudflare, or route53')
     .action(async (options?: { provider?: string }) => {
       cli.header('Domains')
 
@@ -46,7 +46,7 @@ export function registerDomainCommands(app: CLI): void {
 
   app
     .command('domain:add <domain>', 'Add a new domain')
-    .option('--provider <provider>', 'DNS provider: porkbun, godaddy, or route53')
+    .option('--provider <provider>', 'DNS provider: porkbun, godaddy, cloudflare, or route53')
     .action(async (domain: string, options?: { provider?: string }) => {
       cli.header(`Adding Domain: ${domain}`)
 
@@ -149,7 +149,7 @@ export function registerDomainCommands(app: CLI): void {
 
   app
     .command('domain:verify <domain>', 'Verify domain ownership and SSL status')
-    .option('--provider <provider>', 'DNS provider: porkbun, godaddy, or route53')
+    .option('--provider <provider>', 'DNS provider: porkbun, godaddy, cloudflare, or route53')
     .action(async (domain: string, options?: { provider?: string }) => {
       cli.header(`Verifying Domain: ${domain}`)
 
@@ -234,7 +234,7 @@ export function registerDomainCommands(app: CLI): void {
 
   app
     .command('dns:records <domain>', 'List DNS records for a domain')
-    .option('--provider <provider>', 'DNS provider: porkbun, godaddy, or route53')
+    .option('--provider <provider>', 'DNS provider: porkbun, godaddy, cloudflare, or route53')
     .option('--type <type>', 'Filter by record type (A, AAAA, CNAME, TXT, MX, etc.)')
     .action(async (domain: string, options?: { provider?: string, type?: string }) => {
       cli.header(`DNS Records for ${domain}`)
@@ -282,7 +282,7 @@ export function registerDomainCommands(app: CLI): void {
 
   app
     .command('dns:add <domain> <type> <value>', 'Add DNS record')
-    .option('--provider <provider>', 'DNS provider: porkbun, godaddy, or route53')
+    .option('--provider <provider>', 'DNS provider: porkbun, godaddy, cloudflare, or route53')
     .option('--name <name>', 'Record name (subdomain)', { default: '@' })
     .option('--ttl <seconds>', 'Time to live in seconds', { default: '300' })
     .action(async (domain: string, type: string, value: string, options?: { provider?: string, name?: string, ttl?: string }) => {
@@ -325,7 +325,7 @@ export function registerDomainCommands(app: CLI): void {
 
   app
     .command('dns:delete <domain> <type>', 'Delete DNS record')
-    .option('--provider <provider>', 'DNS provider: porkbun, godaddy, or route53')
+    .option('--provider <provider>', 'DNS provider: porkbun, godaddy, cloudflare, or route53')
     .option('--name <name>', 'Record name (subdomain)', { default: '@' })
     .option('--value <value>', 'Record value (required for multi-value records)')
     .action(async (domain: string, type: string, options?: { provider?: string, name?: string, value?: string }) => {
 
@@ -45,8 +45,15 @@ export function resolveDnsProviderConfig(providerName?: string): DnsProviderConf
         const hostedZoneId = process.env.AWS_HOSTED_ZONE_ID
         return { provider: 'route53', region, hostedZoneId }
       }
+      case 'cloudflare': {
+        const apiToken = process.env.CLOUDFLARE_API_TOKEN
+        if (!apiToken) {
+          throw new Error('CLOUDFLARE_API_TOKEN environment variable is required for Cloudflare provider')
+        }
+        return { provider: 'cloudflare', apiToken }
+      }
       default:
-        throw new Error(`Unknown DNS provider: ${providerName}. Supported: porkbun, godaddy, route53`)
+        throw new Error(`Unknown DNS provider: ${providerName}. Supported: porkbun, godaddy, route53, cloudflare`)
     }
   }
 
@@ -81,6 +88,12 @@ export function resolveDnsProviderConfig(providerName?: string): DnsProviderConf
       hostedZoneId: process.env.AWS_HOSTED_ZONE_ID,
     }
   }
+  if (process.env.CLOUDFLARE_API_TOKEN) {
+    return {
+      provider: 'cloudflare',
+      apiToken: process.env.CLOUDFLARE_API_TOKEN,
+    }
+  }
 
   return null
 }
@@ -91,7 +104,7 @@ export function resolveDnsProviderConfig(providerName?: string): DnsProviderConf
 export function getDnsProvider(providerName?: string): DnsProvider {
   const config = resolveDnsProviderConfig(providerName)
   if (!config) {
-    throw new Error('No DNS provider configured. Set environment variables for Porkbun (PORKBUN_API_KEY, PORKBUN_SECRET_KEY), GoDaddy (GODADDY_API_KEY, GODADDY_API_SECRET), or Route53 (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)')
+    throw new Error('No DNS provider configured. Set environment variables for Porkbun (PORKBUN_API_KEY, PORKBUN_SECRET_KEY), GoDaddy (GODADDY_API_KEY, GODADDY_API_SECRET), Cloudflare (CLOUDFLARE_API_TOKEN), or Route53 (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)')
   }
   return createDnsProvider(config)
 }
Original file line number	Diff line number	Diff line change
`@@ -45,8 +45,15 @@ export function resolveDnsProviderConfig(providerName?: string): DnsProviderConf`
`45`	`45`	`const hostedZoneId = process.env.AWS_HOSTED_ZONE_ID`
`46`	`46`	`return { provider: 'route53', region, hostedZoneId }`
`47`	`47`	`}`
	`48`	`+ case 'cloudflare': {`
	`49`	`+ const apiToken = process.env.CLOUDFLARE_API_TOKEN`
	`50`	`+ if (!apiToken) {`
	`51`	`+ throw new Error('CLOUDFLARE_API_TOKEN environment variable is required for Cloudflare provider')`
	`52`	`+ }`
	`53`	`+ return { provider: 'cloudflare', apiToken }`
	`54`	`+ }`
`48`	`55`	`default:`
`49`		- throw new Error(`Unknown DNS provider: ${providerName}. Supported: porkbun, godaddy, route53`)
	`56`	+ throw new Error(`Unknown DNS provider: ${providerName}. Supported: porkbun, godaddy, route53, cloudflare`)
`50`	`57`	`}`
`51`	`58`	`}`
`52`	`59`
`@@ -81,6 +88,12 @@ export function resolveDnsProviderConfig(providerName?: string): DnsProviderConf`
`81`	`88`	`hostedZoneId: process.env.AWS_HOSTED_ZONE_ID,`
`82`	`89`	`}`
`83`	`90`	`}`
	`91`	`+ if (process.env.CLOUDFLARE_API_TOKEN) {`
	`92`	`+ return {`
	`93`	`+ provider: 'cloudflare',`
	`94`	`+ apiToken: process.env.CLOUDFLARE_API_TOKEN,`
	`95`	`+ }`
	`96`	`+ }`
`84`	`97`
`85`	`98`	`return null`
`86`	`99`	`}`
`@@ -91,7 +104,7 @@ export function resolveDnsProviderConfig(providerName?: string): DnsProviderConf`
`91`	`104`	`export function getDnsProvider(providerName?: string): DnsProvider {`
`92`	`105`	`const config = resolveDnsProviderConfig(providerName)`
`93`	`106`	`if (!config) {`
`94`		`- throw new Error('No DNS provider configured. Set environment variables for Porkbun (PORKBUN_API_KEY, PORKBUN_SECRET_KEY), GoDaddy (GODADDY_API_KEY, GODADDY_API_SECRET), or Route53 (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)')`
	`107`	`+ throw new Error('No DNS provider configured. Set environment variables for Porkbun (PORKBUN_API_KEY, PORKBUN_SECRET_KEY), GoDaddy (GODADDY_API_KEY, GODADDY_API_SECRET), Cloudflare (CLOUDFLARE_API_TOKEN), or Route53 (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)')`
`95`	`108`	`}`
`96`	`109`	`return createDnsProvider(config)`
`97`	`110`	`}`