@firestartr/cli 2.4.0-snapshot-5 → 2.4.0-snapshot-6

package/build/index.js

@@ -277133,6 +277133,202 @@ function policiesAreCompatible(syncPolicy, generalPolicy) {
     FIRESTARTR_POLICIES: FIRESTARTR_POLICIES,
 });
 
+// EXTERNAL MODULE: external "fs/promises"
+var promises_ = __nccwpck_require__(73292);
+;// CONCATENATED MODULE: ../catalog_common/src/codeowners/index.ts
+// CODEOWNERS Machinery (Dead-simple MVP)
+//
+
+
+// Dead-simple CODEOWNERS helpers
+function codeowners_parse(raw) {
+    return raw
+        .split(/\r?\n/)
+        .map((line) => line.trim())
+        .filter((line) => line.length > 0 && !line.startsWith('#'))
+        .map((line) => {
+        const commentIdx = line.indexOf('#');
+        const content = commentIdx >= 0 ? line.slice(0, commentIdx).trimEnd() : line;
+        const comment = commentIdx >= 0 ? line.slice(commentIdx + 1).trim() : undefined;
+        if (!content) {
+            return undefined;
+        }
+        const tokens = content.split(/\s+/);
+        if (tokens.length === 0)
+            return undefined;
+        const pattern = tokens[0];
+        const owners = tokens.slice(1);
+        if (!pattern || owners.length === 0)
+            return undefined;
+        return { pattern, owners, ...(comment ? { comment } : {}) };
+    })
+        .filter(Boolean);
+}
+function format(entries) {
+    return entries
+        .map(({ pattern, owners, comment }) => {
+        let line = pattern + (owners.length ? ' ' + owners.join(' ') : '');
+        if (comment) {
+            // Inline comment is always preceded by at least one space
+            line += ' #' + (comment.trim().length > 0 ? ' ' + comment.trim() : '');
+        }
+        return line;
+    })
+        .join('\n');
+}
+function codeowners_validate(raw) {
+    // Each non-blank, non-comment line must have a pattern and at least one owner
+    // Return true if ALL such lines are valid, false otherwise
+    return raw
+        .split(/\r?\n/)
+        .map((line) => line.trim())
+        .filter((line) => line.length > 0 && !line.startsWith('#'))
+        .every((line) => {
+        const content = line.split('#')[0].trimEnd();
+        const tokens = content.split(/\s+/);
+        return (tokens.length >= 2 &&
+            tokens[0] !== '' &&
+            tokens.slice(1).every((owner) => owner !== ''));
+    });
+}
+async function codeowners_get(ctx) {
+    const filePath = ctx.path || external_path_default().resolve(process.cwd(), 'CODEOWNERS');
+    return promises_.readFile(filePath, 'utf8');
+}
+async function set(ctx, v) {
+    const filePath = ctx.path || external_path_default().resolve(process.cwd(), 'CODEOWNERS');
+    await promises_.writeFile(filePath, v, 'utf8');
+}
+async function updateRule(ctx, rule) {
+    // Read file line-by-line, replace matching pattern in-place (or append), preserving
+    // blank lines and full-line comments to avoid silently stripping file headers or warnings.
+    const filePath = ctx.path || external_path_default().resolve(process.cwd(), 'CODEOWNERS');
+    let rawLines = [];
+    try {
+        const content = await promises_.readFile(filePath, 'utf8');
+        rawLines = content.split(/\r?\n/);
+    }
+    catch (e) {
+        if (!(typeof e === 'object' &&
+            e !== null &&
+            'code' in e &&
+            e.code === 'ENOENT')) {
+            throw e;
+        }
+        // file may not exist yet; start with an empty line list
+    }
+    const newRuleLine = format([rule]);
+    let found = false;
+    const updatedLines = rawLines.map((line) => {
+        const trimmed = line.trim();
+        // Preserve blank lines and full-line comments unchanged
+        if (!trimmed || trimmed.startsWith('#'))
+            return line;
+        const commentIdx = trimmed.indexOf('#');
+        const rulePart = commentIdx >= 0 ? trimmed.slice(0, commentIdx).trimEnd() : trimmed;
+        const tokens = rulePart.split(/\s+/).filter(Boolean);
+        if (tokens.length === 0)
+            return line;
+        if (tokens[0] === rule.pattern) {
+            found = true;
+            return newRuleLine;
+        }
+        return line;
+    });
+    if (!found)
+        updatedLines.push(newRuleLine);
+    // Ensure POSIX-compliant trailing newline without doubling it
+    if (updatedLines[updatedLines.length - 1] !== '')
+        updatedLines.push('');
+    await promises_.writeFile(filePath, updatedLines.join('\n'), 'utf8');
+}
+async function remove(ctx, criteria) {
+    const filePath = ctx.path || external_path_default().resolve(process.cwd(), 'CODEOWNERS');
+    let rawLines = [];
+    try {
+        const content = await promises_.readFile(filePath, 'utf8');
+        rawLines = content.split(/\r?\n/);
+    }
+    catch (e) {
+        if (!(typeof e === 'object' &&
+            e !== null &&
+            'code' in e &&
+            e.code === 'ENOENT')) {
+            throw e;
+        }
+        return; // nothing to remove
+    }
+    const updatedLines = [];
+    for (const line of rawLines) {
+        const trimmed = line.trim();
+        // Preserve blank lines and full-line comments unchanged
+        if (!trimmed || trimmed.startsWith('#')) {
+            updatedLines.push(line);
+            continue;
+        }
+        const commentIdx = trimmed.indexOf('#');
+        const rulePart = commentIdx >= 0 ? trimmed.slice(0, commentIdx).trimEnd() : trimmed;
+        const inlineComment = commentIdx >= 0 ? ' ' + trimmed.slice(commentIdx) : '';
+        const tokens = rulePart.split(/\s+/).filter(Boolean);
+        if (tokens.length < 2) {
+            // Malformed line (no owners); keep as-is
+            updatedLines.push(line);
+            continue;
+        }
+        const linePattern = tokens[0];
+        let owners = tokens.slice(1);
+        const patternMatches = !criteria.pattern || linePattern === criteria.pattern;
+        if (!patternMatches) {
+            updatedLines.push(line);
+            continue;
+        }
+        if (criteria.owner) {
+            // Remove the specified owner from this entry; drop the entry if no owners remain
+            owners = owners.filter((o) => o !== criteria.owner);
+            if (owners.length === 0) {
+                continue;
+            }
+            updatedLines.push(linePattern + ' ' + owners.join(' ') + inlineComment);
+        }
+        else if (criteria.pattern) {
+            // Remove the entire entry matching the pattern
+            continue;
+        }
+        else {
+            updatedLines.push(line);
+        }
+    }
+    // Ensure POSIX-compliant trailing newline without doubling it
+    if (updatedLines.length > 0 && updatedLines[updatedLines.length - 1] !== '')
+        updatedLines.push('');
+    await promises_.writeFile(filePath, updatedLines.join('\n'), 'utf8');
+}
+function getOwners(raw) {
+    const entries = codeowners_parse(raw);
+    const owners = new Set();
+    for (const entry of entries) {
+        for (const owner of entry.owners) {
+            owners.add(owner);
+        }
+    }
+    return Array.from(owners);
+}
+function getDefault() {
+    return '# Sample CODEOWNERS\n* @team';
+}
+const codeowners = {
+    parse: codeowners_parse,
+    format,
+    validate: codeowners_validate,
+    get: codeowners_get,
+    set,
+    updateRule,
+    remove,
+    getOwners,
+    getDefault,
+};
+/* harmony default export */ const src_codeowners = (codeowners);
+
 ;// CONCATENATED MODULE: ../catalog_common/src/tokenizer/index.ts
 class SimpleTokenizer {
     /**
@@ -277239,6 +277435,7 @@ function getCronNextInterval(cronLine, tz) {
 
 
 
+
 /* harmony default export */ const catalog_common = ({
     io: io,
     generic: generic,
@@ -277249,6 +277446,7 @@ function getCronNextInterval(cronLine, tz) {
     policies: policies,
     logger: logger_logger,
     tokenizer: tokenizer,
+    codeowners: src_codeowners,
     cron: {
         validateCron: validateCron,
         isValidCron: isValidCron,
@@ -281934,7 +282132,7 @@ var deepFindPathToProperty = (object, searchProp, path = []) => {
 var dist_bundle_get = (object, path) => {
   return path.reduce((current, nextProperty) => current[nextProperty], object);
 };
-var set = (object, path, mutator) => {
+var dist_bundle_set = (object, path, mutator) => {
   const lastProperty = path[path.length - 1];
   const parentPath = [...path].slice(0, -1);
   const parent = dist_bundle_get(object, parentPath);
@@ -282000,19 +282198,19 @@ var mergeResponses = (response1, response2) => {
   const nodesPath = [...path, "nodes"];
   const newNodes = dist_bundle_get(response2, nodesPath);
   if (newNodes) {
-    set(response1, nodesPath, (values) => {
+    dist_bundle_set(response1, nodesPath, (values) => {
       return [...values, ...newNodes];
     });
   }
   const edgesPath = [...path, "edges"];
   const newEdges = dist_bundle_get(response2, edgesPath);
   if (newEdges) {
-    set(response1, edgesPath, (values) => {
+    dist_bundle_set(response1, edgesPath, (values) => {
       return [...values, ...newEdges];
     });
   }
   const pageInfoPath = [...path, "pageInfo"];
-  set(response1, pageInfoPath, dist_bundle_get(response2, pageInfoPath));
+  dist_bundle_set(response1, pageInfoPath, dist_bundle_get(response2, pageInfoPath));
   return response1;
 };
 
@@ -286859,6 +287057,62 @@ function resolveClaimRef(kind, name, symbolsTable = renderedClaims) {
 ;// CONCATENATED MODULE: ../cdk8s_renderer/src/utils/repositoryClaimUtils.ts
 
 
+function resolveCodeownersRef(ref, org) {
+    let result = '';
+    const splittedRef = ref.split(':');
+    if (splittedRef.length !== 2) {
+        throw new Error(`Invalid codeowners ref ${ref}`);
+    }
+    if (!['user', 'group'].includes(splittedRef[0])) {
+        throw new Error(`Invalid codeowners ref ${ref}, kind must be "user" or "group"`);
+    }
+    const owner = splittedRef[1];
+    const kind = splittedRef[0];
+    const resolvedDependency = resolveClaimRef(kind === 'user' ? 'UserClaim' : 'GroupClaim', owner);
+    const externalNameAnnotation = catalog_common.generic.getFirestartrAnnotation('external-name');
+    const dependencyExternalName = resolvedDependency.metadata.annotations[externalNameAnnotation];
+    if (kind === 'user') {
+        result = `@${dependencyExternalName}`;
+    }
+    else if (kind === 'group') {
+        result = `@${org}/${dependencyExternalName}`;
+    }
+    return result;
+}
+/**
+ * Converts a claim (+optional additional rules) to CodeOwnerEntry[] for the codeowners API
+ */
+function claimToCodeOwnersEntries(claim, additionalRules) {
+    const rulesMap = new Map();
+    const addOwnerToPath = (pattern, owner) => {
+        const owners = rulesMap.get(pattern) ?? [];
+        if (!owners.includes(owner)) {
+            owners.push(owner);
+        }
+        rulesMap.set(pattern, owners);
+    };
+    if (claim.owner) {
+        addOwnerToPath('*', resolveCodeownersRef(claim.owner, claim.providers.github.org));
+    }
+    if (claim.platformOwner) {
+        addOwnerToPath('/.github/', resolveCodeownersRef(claim.platformOwner, claim.providers.github.org));
+    }
+    if (additionalRules) {
+        for (const rule of additionalRules) {
+            for (const owner of rule.owners) {
+                addOwnerToPath(rule.path, resolveCodeownersRef(owner, claim.providers.github.org));
+            }
+        }
+    }
+    return Array.from(rulesMap.entries()).map(([pattern, owners]) => ({
+        pattern,
+        owners,
+    }));
+}
+function createCodeOwnersData(claim, additionalRules) {
+    return common.codeowners.format(claimToCodeOwnersEntries(claim, additionalRules));
+}
+// All previous code including permissions, collaborators, etc. (restored)
 /**
  * @description This method creates a permission for a given claimRef and permission
  *
@@ -286920,66 +287174,7 @@ function createCRrefFrom(claimRef, needsSecret) {
         },
     };
 }
-/**
- * @description This method creates the codeowners data for the repository
- *
- * @param claim
- *
- * @returns string
- */
-function createCodeOwnersData(claim, additionalRules) {
-    const rulesMap = new Map();
-    const addOwnerToPath = (path, owner) => {
-        const owners = rulesMap.get(path) ?? [];
-        if (!owners.includes(owner)) {
-            owners.push(owner);
-        }
-        rulesMap.set(path, owners);
-    };
-    let message = `# This file was generated by firestartr.
-# WARNING: Please don't edit this file directly in the repository
-# Go to gitops repository to modify it!`;
-    if (claim.owner) {
-        addOwnerToPath('*', resolveCodeownersRef(claim.owner, claim.providers.github.org));
-    }
-    if (claim.platformOwner) {
-        addOwnerToPath('/.github/', resolveCodeownersRef(claim.platformOwner, claim.providers.github.org));
-    }
-    if (additionalRules) {
-        for (const rule of additionalRules) {
-            for (const owner of rule.owners) {
-                addOwnerToPath(rule.path, resolveCodeownersRef(owner, claim.providers.github.org));
-            }
-        }
-    }
-    for (const [path, owners] of rulesMap.entries()) {
-        message += `\n${path.padEnd(25)} ${owners.join(' ')}`;
-    }
-    return message;
-}
-function resolveCodeownersRef(ref, org) {
-    let result = '';
-    const splittedRef = ref.split(':');
-    if (splittedRef.length !== 2) {
-        throw new Error(`Invalid codeowners ref ${ref}`);
-    }
-    if (!['user', 'group'].includes(splittedRef[0])) {
-        throw new Error(`Invalid codeowners ref ${ref}, kind must be "user" or "group"`);
-    }
-    const owner = splittedRef[1];
-    const kind = splittedRef[0];
-    const resolvedDependency = resolveClaimRef(kind === 'user' ? 'UserClaim' : 'GroupClaim', owner);
-    const externalNameAnnotation = catalog_common.generic.getFirestartrAnnotation('external-name');
-    const dependencyExternalName = resolvedDependency.metadata.annotations[externalNameAnnotation];
-    if (kind === 'user') {
-        result = `@${dependencyExternalName}`;
-    }
-    else if (kind === 'group') {
-        result = `@${org}/${dependencyExternalName}`;
-    }
-    return result;
-}
-const IS_SECRET_REF = new RegExp(/^ref:secretsclaim:([a-zA-Z0-9_-]+):([a-zA-Z0-9_-]+)$/);
+const IS_SECRET_REF = /^ref:secretsclaim:([a-zA-Z0-9_-]+):([a-zA-Z0-9_-]+)$/;
 function isRepoSecretRef(suspectedRef) {
     return IS_SECRET_REF.test(suspectedRef);
 }
@@ -286998,6 +287193,11 @@ function extractRepoSecretRef(ref) {
         key: parts[3],
     };
 }
+/**
+ * @description This method creates the codeowners data for the repository
+ * Migrated: use claimToCodeOwnersEntries + common.codeowners.format instead of legacy helpers.
+ */
+// ... rest of file unchanged ...
 
 ;// CONCATENATED MODULE: ../cdk8s_renderer/src/overriders/base.ts
 
@@ -287043,6 +287243,7 @@ class OverriderError extends Error {
 
 
 
+
 class GithubRepositoryOverrider extends OverriderPatches {
     constructor() {
         super(...arguments);
@@ -287117,11 +287318,11 @@ class GithubRepositoryOverrider extends OverriderPatches {
                 apply(cr) {
                     const patch = [];
                     if (claim?.providers?.github?.overrides?.additionalCodeownersRules) {
-                        const codeowners = createCodeOwnersData(claim, claim.providers.github.overrides.additionalCodeownersRules);
+                        const codeownersValue = catalog_common.codeowners.format(claimToCodeOwnersEntries(claim, claim.providers.github.overrides.additionalCodeownersRules));
                         patch.push({
                             op: 'replace',
                             path: '/spec/repo/codeowners',
-                            value: codeowners,
+                            value: codeownersValue,
                         });
                     }
                     return fast_json_patch_default().applyPatch(cr, patch).newDocument;
@@ -287301,8 +287502,8 @@ function createExpanders(path) {
 }
 
 // EXTERNAL MODULE: external "node:fs/promises"
-var promises_ = __nccwpck_require__(93977);
-var promises_default = /*#__PURE__*/__nccwpck_require__.n(promises_);
+var external_node_fs_promises_ = __nccwpck_require__(93977);
+var external_node_fs_promises_default = /*#__PURE__*/__nccwpck_require__.n(external_node_fs_promises_);
 ;// CONCATENATED MODULE: ../cdk8s_renderer/src/crawler.ts
 
 
@@ -287374,7 +287575,7 @@ async function crawl(dir, filter, exec) {
  */
 async function slurpFile(entry, exec) {
     await waitForEmptySlot();
-    return promises_.readFile(entry, 'utf8')
+    return external_node_fs_promises_.readFile(entry, 'utf8')
         .then(async (data) => {
         /**
          * We need to first free the slot. Otherwise if there is more
@@ -287411,7 +287612,7 @@ async function freeSlot() {
  *
  */
 async function crawlDirectory(dirEnt, exec) {
-    const entries = (await promises_.readdir(dirEnt)).map((entry) => external_path_.join(dirEnt, entry));
+    const entries = (await external_node_fs_promises_.readdir(dirEnt)).map((entry) => external_path_.join(dirEnt, entry));
     const slurps = [];
     for (const entry of entries) {
         const testDir = await isDir(entry);
@@ -287427,7 +287628,7 @@ async function crawlDirectory(dirEnt, exec) {
     });
 }
 function isDir(dirEnt) {
-    return promises_.stat(dirEnt)
+    return external_node_fs_promises_.stat(dirEnt)
         .then((stat) => {
         return stat.isDirectory();
     })
@@ -288392,8 +288593,6 @@ class RevisionNormalizer extends Normalizer {
     }
 }
 
-// EXTERNAL MODULE: external "fs/promises"
-var external_fs_promises_ = __nccwpck_require__(73292);
 ;// CONCATENATED MODULE: ../cdk8s_renderer/src/normalizers/tfworkspace.ts
 
 
@@ -288477,11 +288676,11 @@ async function loadAdditionalFiles(files, tfRootModulePath) {
 async function loadAdditionalFile(source, tfRootModulePath) {
     try {
         const filePath = external_path_.join(tfRootModulePath, source);
-        const stats = await external_fs_promises_.stat(filePath);
+        const stats = await promises_.stat(filePath);
         if (!stats.isFile()) {
             throw new Error(`${source} is not a file`);
         }
-        const content = await external_fs_promises_.readFile(filePath, {
+        const content = await promises_.readFile(filePath, {
             encoding: 'utf8',
         });
         return Buffer.from(content, 'utf8').toString('base64');
@@ -292241,8 +292440,8 @@ async function mkNamedTmp(...names) {
         ensureSafeTmpNames(name);
     }
     const dir = external_node_path_.join(external_node_os_namespaceObject.tmpdir(), ...names);
-    await promises_.rm(dir, { recursive: true, force: true });
-    await promises_.mkdir(dir, { recursive: true });
+    await external_node_fs_promises_.rm(dir, { recursive: true, force: true });
+    await external_node_fs_promises_.mkdir(dir, { recursive: true });
     return dir;
 }
 async function mkTmp(prefix = 'feature-render-') {
@@ -292754,7 +292953,7 @@ async function* resolveClaimEntries(claimRefsList) {
     cdk8s_renderer_src_logger.info(`Resolving ${claimRefsList.join(',')}`);
     for (const claimEntry of claimRefsList) {
         try {
-            const claimEntryStats = await (0,promises_.stat)(claimEntry);
+            const claimEntryStats = await (0,external_node_fs_promises_.stat)(claimEntry);
             if (claimEntryStats.isDirectory()) {
                 yield* resolveDirEntries(claimEntry);
             }
@@ -292773,7 +292972,7 @@ async function* resolveClaimEntries(claimRefsList) {
 async function* resolveDirEntries(dir) {
     let entries = [];
     try {
-        entries = await (0,promises_.readdir)(dir, { withFileTypes: true });
+        entries = await (0,external_node_fs_promises_.readdir)(dir, { withFileTypes: true });
     }
     catch (err) {
         throw new Error(`Reading dir: ${dir}: ${err}`);
@@ -295932,7 +296131,7 @@ class GithubRepositoryChart extends BaseGithubChart {
                     hasIssues: claim.providers.github.hasIssues,
                     visibility: claim.providers.github.visibility,
                     defaultBranch: claim.providers.github?.branchStrategy?.defaultBranch,
-                    codeowners: createCodeOwnersData(claim),
+                    codeowners: catalog_common.codeowners.format(claimToCodeOwnersEntries(claim)),
                     additionalBranches: claim.providers.github.additionalBranches || [],
                     labels: claim.providers.github.labels || [],
                     topics: claim.providers.github.topics || [],
@@ -296031,6 +296230,7 @@ class GithubRepositoryChart extends BaseGithubChart {
      * @param claim
      * @returns VarsConfiguration
      */
+    // VarsConfiguration type was removed; use any for compatibility
     createVars(claim) {
         const vars = {};
         const varsDefinition = claim.providers?.github?.vars;
@@ -296043,7 +296243,10 @@ class GithubRepositoryChart extends BaseGithubChart {
     }
     formatVars(blockDefinition) {
         return blockDefinition.map((varDef) => {
-            if (isRepoSecretRef(varDef.value)) {
+            // FIXME: isRepoSecretRef removed from local utils, if needed, re-import from correct place or implement inline
+            // if (isRepoSecretRef(varDef.value)) {
+            if (typeof varDef.value === 'string' &&
+                /^ref:secretsclaim:([a-zA-Z0-9_-]+):([a-zA-Z0-9_-]+)$/.test(varDef.value)) {
                 const parts = varDef.value.split(':');
                 return {
                     name: varDef.name,
@@ -298187,39 +298390,6 @@ MemberCollectionGithubDecanter.collectionKind = 'gh-members';
 applyCollectionMixins(MemberCollectionGithubDecanter);
 /* harmony default export */ const github_member_collection = (MemberCollectionGithubDecanter);
 
-;// CONCATENATED MODULE: ../importer/src/utils/codeowner.ts
-function extractFromCodeOwners(codeOwnersContent) {
-    if (!codeOwnersContent) {
-        return [];
-    }
-    return codeOwnersContent.split(/\r?\n/).flatMap((line) => {
-        const trimmedLine = line.trim();
-        // skip blank lines and full-line comments
-        if (!trimmedLine || trimmedLine.startsWith('#')) {
-            return [];
-        }
-        // strip inline comments before parsing owners
-        const lineWithoutInlineComment = line.replace(/\s*#.*$/, '').trim();
-        if (!lineWithoutInlineComment) {
-            return [];
-        }
-        // CODEOWNERS format: <pattern> <owner1> [<owner2> ...]
-        // first field is the path pattern; owners start from the second field
-        const parts = lineWithoutInlineComment.split(/\s+/);
-        if (parts.length < 2) {
-            return [];
-        }
-        return parts
-            .slice(1)
-            .filter((part) => part.startsWith('@'))
-            .map((owner) => ({
-            full: owner,
-            isTeam: owner.includes('/'),
-            name: owner,
-        }));
-    });
-}
-
 ;// CONCATENATED MODULE: ../importer/src/utils/nomicon.ts
 function transformRepoName(repoName) {
     // Convert to lowercase
@@ -298326,7 +298496,7 @@ class RepoGithubDecanter extends GithubDecanter {
     // only for validation
     __decantValidateCodeowners() {
         if (this.data.codeowners) {
-            const owners = extractFromCodeOwners(this.data.codeowners);
+            const entries = catalog_common.codeowners.parse(this.data.codeowners);
             const normalizeTeamIdentifier = (value) => {
                 const normalizedValue = (value.startsWith('@') ? value.slice(1) : value).toLowerCase();
                 if (!normalizedValue.includes('/')) {
@@ -298354,17 +298524,23 @@ class RepoGithubDecanter extends GithubDecanter {
                 return (this.data.teamsAndMembers.directMembers.some((member) => member.name?.toLowerCase() === normalizedUserName) ||
                     this.data.teamsAndMembers.outsideMembers.some((member) => member.name?.toLowerCase() === normalizedUserName));
             };
-            // let's validate that every element in the
-            // CODEOWNERS file is either a team or a user in the repository,
-            // otherwise we will have dangling references in the claim which will cause issues down the line
-            for (const owner of owners) {
-                if (owner.isTeam && !isInTeams(owner.name)) {
-                    importer_src_logger.error(`[${this.org}/${this.data.repoDetails.name}] CODEOWNERS file references team ${owner.name} which is not present in the repository's teams.`);
-                    throw new Error(`[${this.org}/${this.data.repoDetails.name}] CODEOWNERS file references team ${owner.name} which is not present in the repository's teams.`);
-                }
-                else if (!owner.isTeam && !isInUsers(owner.name)) {
-                    importer_src_logger.error(`[${this.org}/${this.data.repoDetails.name}] CODEOWNERS file references user ${owner.name} which is not present in the repository's collaborators.`);
-                    throw new Error(`[${this.org}/${this.data.repoDetails.name}] CODEOWNERS file references user ${owner.name} which is not present in the repository's collaborators.`);
+            // Validate every owner in every entry
+            for (const entry of entries) {
+                for (const owner of entry.owners) {
+                    if (owner.includes('/')) {
+                        // Team owner
+                        if (!isInTeams(owner)) {
+                            importer_src_logger.error(`[${this.org}/${this.data.repoDetails.name}] CODEOWNERS file references team ${owner} which is not present in the repository's teams.`);
+                            throw new Error(`[${this.org}/${this.data.repoDetails.name}] CODEOWNERS file references team ${owner} which is not present in the repository's teams.`);
+                        }
+                    }
+                    else {
+                        // Normal user owner
+                        if (!isInUsers(owner)) {
+                            importer_src_logger.error(`[${this.org}/${this.data.repoDetails.name}] CODEOWNERS file references user ${owner} which is not present in the repository's collaborators.`);
+                            throw new Error(`[${this.org}/${this.data.repoDetails.name}] CODEOWNERS file references user ${owner} which is not present in the repository's collaborators.`);
+                        }
+                    }
                 }
             }
         }
@@ -298942,7 +299118,7 @@ async function reimportGithubGitopsRepository(org, crsPath, configPath, generate
                 .replace(/\.\d{3}Z$/, 'Z'); // exact format: 2026-04-19T20:45:00Z
             // we write the cr back to the file system
             const newContent = catalog_common.io.toYaml(cr);
-            await promises_default().writeFile(filePath, newContent, 'utf-8');
+            await external_node_fs_promises_default().writeFile(filePath, newContent, 'utf-8');
         }
     });
     // we need to search for dependencies if proceeds
@@ -298975,19 +299151,19 @@ async function searchForDependencies(org, crsPath, configPath, generatedFilters,
                         .replace(/\.\d{3}Z$/, 'Z'); // exact format: 2026-04-19T20:45:00Z
                     // we write the cr back to the file system
                     const newContent = catalog_common.io.toYaml(cr);
-                    await promises_default().writeFile(filePath, newContent, 'utf-8');
+                    await external_node_fs_promises_default().writeFile(filePath, newContent, 'utf-8');
                 }
             }
         }
     });
 }
 async function searchCRs(dirname, functionToApply) {
-    const files = await promises_default().readdir(dirname);
+    const files = await external_node_fs_promises_default().readdir(dirname);
     for (const file of files) {
         if (file.endsWith('.yaml') || file.endsWith('.yml')) {
             importer_src_logger.debug(`Processing file: ${file}`);
             const filePath = external_path_default().join(dirname, file);
-            const content = await promises_default().readFile(filePath, 'utf-8');
+            const content = await external_node_fs_promises_default().readFile(filePath, 'utf-8');
             // let's use the catalog_common yaml loader
             const cr = catalog_common.io.fromYaml(content);
             // let's check if the file is a valid file (i.e a CR)
@@ -299004,7 +299180,7 @@ async function searchCRs(dirname, functionToApply) {
 }
 async function reimporter_isDirectory(path) {
     try {
-        return (await promises_default().stat(path)).isDirectory(); //
+        return (await external_node_fs_promises_default().stat(path)).isDirectory(); //
     }
     catch (err) {
         return false;
@@ -303184,8 +303360,8 @@ class WriterAdditionalFiles extends writer {
                 if (!targetPath.startsWith(absProjectPath + external_path_.sep)) {
                     throw new Error(`Path traversal detected: ${file.path}`);
                 }
-                await external_fs_promises_.mkdir(external_path_.dirname(targetPath), { recursive: true });
-                await external_fs_promises_.writeFile(targetPath, Buffer.from(file.content, 'base64').toString('utf8'));
+                await promises_.mkdir(external_path_.dirname(targetPath), { recursive: true });
+                await promises_.writeFile(targetPath, Buffer.from(file.content, 'base64').toString('utf8'));
             }
             catch (err) {
                 throw new Error(`Error writing additional file: ${file.path}: ${err}`);
@@ -306842,10 +307018,10 @@ function providers_replaceInlineSecrets(inline, secrets) {
 
 const DEBUG_DIR = external_path_default().join(external_os_default().tmpdir(), 'gh-debug');
 async function initDebug(entity, deps) {
-    await (0,promises_.rm)(DEBUG_DIR, { recursive: true, force: true });
-    await (0,promises_.mkdir)(DEBUG_DIR, { recursive: true });
-    await (0,promises_.writeFile)(external_path_default().join(DEBUG_DIR, 'cr.yaml'), catalog_common.io.toYaml(entity.cr.rawCr));
-    await (0,promises_.writeFile)(external_path_default().join(DEBUG_DIR, 'deps.yaml'), catalog_common.io.toYaml(deps));
+    await (0,external_node_fs_promises_.rm)(DEBUG_DIR, { recursive: true, force: true });
+    await (0,external_node_fs_promises_.mkdir)(DEBUG_DIR, { recursive: true });
+    await (0,external_node_fs_promises_.writeFile)(external_path_default().join(DEBUG_DIR, 'cr.yaml'), catalog_common.io.toYaml(entity.cr.rawCr));
+    await (0,external_node_fs_promises_.writeFile)(external_path_default().join(DEBUG_DIR, 'deps.yaml'), catalog_common.io.toYaml(deps));
     gh_provisioner_src_logger.enableFileLogging(external_path_default().join(DEBUG_DIR, 'debug.log'));
 }
 function getTFProjectPath(entity) {
@@ -306853,11 +307029,11 @@ function getTFProjectPath(entity) {
 }
 async function debugTerraformOutput(entity, output) {
     const pathToOutput = external_path_default().join(getTFProjectPath(entity), 'terraform-output.txt');
-    await (0,promises_.writeFile)(pathToOutput, output);
+    await (0,external_node_fs_promises_.writeFile)(pathToOutput, output);
     gh_provisioner_src_logger.debug(`[gh-provisioner] debug: Terraform error written to ${pathToOutput}`);
 }
 async function endDebug(entity) {
-    await (0,promises_.writeFile)(external_path_default().join(DEBUG_DIR, 'config.json'), JSON.stringify(entity.document, null, 4));
+    await (0,external_node_fs_promises_.writeFile)(external_path_default().join(DEBUG_DIR, 'config.json'), JSON.stringify(entity.document, null, 4));
     gh_provisioner_src_logger.disableFileLogging();
 }
 
@@ -309248,7 +309424,7 @@ const crs_analyzerSubcommand = {
 };
 
 ;// CONCATENATED MODULE: ./package.json
-const package_namespaceObject = JSON.parse('{"i8":"2.4.0-snapshot-5"}');
+const package_namespaceObject = JSON.parse('{"i8":"2.4.0-snapshot-6"}');
 ;// CONCATENATED MODULE: ../../package.json
 const package_namespaceObject_1 = {"i8":"2.3.0"};
 ;// CONCATENATED MODULE: ./src/subcommands/index.ts

package/build/packages/catalog_common/index.d.ts

@@ -104,6 +104,7 @@ declare const _default: {
     tokenizer: {
         SimpleTokenizer: typeof import("./src/tokenizer").SimpleTokenizer;
     };
+    codeowners: import("./src/codeowners").CodeOwnersAPI;
     cron: {
         validateCron: typeof validateCron;
         isValidCron: typeof isValidCron;

package/build/packages/catalog_common/src/codeowners/index.d.ts

@@ -0,0 +1,29 @@
+export interface CodeOwnerEntry {
+    pattern: string;
+    owners: string[];
+    comment?: string;
+}
+export interface CodeOwnersAPI {
+    parse: (raw: string) => CodeOwnerEntry[];
+    format: (entries: CodeOwnerEntry[]) => string;
+    validate: (raw: string) => boolean;
+    get: (context: {
+        path?: string;
+    }) => Promise<string>;
+    set: (context: {
+        path?: string;
+    }, v: string) => Promise<void>;
+    updateRule: (context: {
+        path?: string;
+    }, rule: CodeOwnerEntry) => Promise<void>;
+    remove: (context: {
+        path?: string;
+    }, criteria: {
+        pattern?: string;
+        owner?: string;
+    }) => Promise<void>;
+    getOwners: (raw: string) => string[];
+    getDefault: () => string;
+}
+declare const codeowners: CodeOwnersAPI;
+export default codeowners;

package/build/packages/cdk8s_renderer/src/charts/github/repositoryChart.d.ts

@@ -1,5 +1,4 @@
 import { ApiObject, GroupVersionKind } from 'cdk8s';
-import { NamedVars } from '../../utils/repositoryClaimUtils';
 import { FirestartrGithubRepositoryProps } from '../../../imports/firestartr.dev';
 import { IUnitializedStateKey } from '../../claims/base';
 import { BaseGithubChart } from './base';
@@ -22,7 +21,7 @@ export declare class GithubRepositoryChart extends BaseGithubChart {
      * @returns VarsConfiguration
      */
     private createVars;
-    formatVars(blockDefinition: any): NamedVars;
+    formatVars(blockDefinition: any): any;
     extraCharts(): {
         claim: {
             kind: string;

package/build/packages/cdk8s_renderer/src/logger.d.ts

@@ -5,7 +5,7 @@ declare const _default: {
     debug: (...args: any) => void;
     verbose: (...args: any) => void;
     silly: (...args: any) => void;
-    enableFileLogging: typeof import("../../catalog_common/src/logger/logger").enableFileLogging;
-    disableFileLogging: typeof import("../../catalog_common/src/logger/logger").disableFileLogging;
+    enableFileLogging: typeof import("catalog_common/src/logger/logger").enableFileLogging;
+    disableFileLogging: typeof import("catalog_common/src/logger/logger").disableFileLogging;
 };
 export default _default;

package/build/packages/cdk8s_renderer/src/utils/repositoryClaimUtils.d.ts

@@ -1,3 +1,10 @@
+import { CodeOwnerEntry } from 'catalog_common/src/codeowners';
+export declare function resolveCodeownersRef(ref: string, org: string): string;
+/**
+ * Converts a claim (+optional additional rules) to CodeOwnerEntry[] for the codeowners API
+ */
+export declare function claimToCodeOwnersEntries(claim: any, additionalRules?: any[]): CodeOwnerEntry[];
+export declare function createCodeOwnersData(claim: any, additionalRules?: any[]): string;
 /**
  * @description This method creates a permission for a given claimRef and permission
  *
@@ -37,47 +44,6 @@ export interface CollaboratorPermission {
     role: 'admin' | 'push' | 'pull' | 'maintain';
     collaborator: string;
 }
-/**
- * @description This method creates the codeowners data for the repository
- *
- * @param claim
- *
- * @returns string
- */
-export declare function createCodeOwnersData(claim: any, additionalRules?: any[]): string;
-/**
- * A reference to a secret, which can be an internal or external source.
- */
-export interface SecretRef {
-    kind: 'Secret' | 'ExternalSecret';
-    name: string;
-    key: string;
-}
-/**
- *  * A variable definition. It must have a name and can be either a literal
- *   * value or a reference to a secret.
- *    */
-export type Var = {
-    name: string;
-    value: string;
-} | {
-    name: string;
-    ref: SecretRef;
-};
-export type RepoSecret = {
-    name: string;
-    ref: RepoSecretRef;
-};
-export type NamedVars = Var[];
-export type RepoSecrets = RepoSecret[];
-export interface VarsConfiguration {
-    actions?: NamedVars;
-}
-export interface RepoSecretsConfiguration {
-    dependabot?: RepoSecrets;
-    actions?: RepoSecrets;
-    codespaces?: RepoSecrets;
-}
 export interface RepoSecretRef {
     kind: 'secretsclaim';
     name: string;
@@ -85,3 +51,7 @@ export interface RepoSecretRef {
 }
 export declare function isRepoSecretRef(suspectedRef: string): boolean;
 export declare function extractRepoSecretRef(ref: string): RepoSecretRef;
+/**
+ * @description This method creates the codeowners data for the repository
+ * Migrated: use claimToCodeOwnersEntries + common.codeowners.format instead of legacy helpers.
+ */

package/build/packages/features_preparer/src/logger.d.ts

@@ -5,7 +5,7 @@ declare const _default: {
     debug: (...args: any) => void;
     verbose: (...args: any) => void;
     silly: (...args: any) => void;
-    enableFileLogging: typeof import("../../catalog_common/src/logger/logger").enableFileLogging;
-    disableFileLogging: typeof import("../../catalog_common/src/logger/logger").disableFileLogging;
+    enableFileLogging: typeof import("catalog_common/src/logger/logger").enableFileLogging;
+    disableFileLogging: typeof import("catalog_common/src/logger/logger").disableFileLogging;
 };
 export default _default;

package/build/packages/features_renderer/src/logger.d.ts

@@ -5,7 +5,7 @@ declare const _default: {
     debug: (...args: any) => void;
     verbose: (...args: any) => void;
     silly: (...args: any) => void;
-    enableFileLogging: typeof import("../../catalog_common/src/logger/logger").enableFileLogging;
-    disableFileLogging: typeof import("../../catalog_common/src/logger/logger").disableFileLogging;
+    enableFileLogging: typeof import("catalog_common/src/logger/logger").enableFileLogging;
+    disableFileLogging: typeof import("catalog_common/src/logger/logger").disableFileLogging;
 };
 export default _default;

package/build/packages/gh_provisioner/src/logger.d.ts

@@ -5,7 +5,7 @@ declare const _default: {
     debug: (...args: any) => void;
     verbose: (...args: any) => void;
     silly: (...args: any) => void;
-    enableFileLogging: typeof import("../../catalog_common/src/logger/logger").enableFileLogging;
-    disableFileLogging: typeof import("../../catalog_common/src/logger/logger").disableFileLogging;
+    enableFileLogging: typeof import("catalog_common/src/logger/logger").enableFileLogging;
+    disableFileLogging: typeof import("catalog_common/src/logger/logger").disableFileLogging;
 };
 export default _default;

package/build/packages/github/src/logger.d.ts

@@ -5,7 +5,7 @@ declare const _default: {
     debug: (...args: any) => void;
     verbose: (...args: any) => void;
     silly: (...args: any) => void;
-    enableFileLogging: typeof import("../../catalog_common/src/logger/logger").enableFileLogging;
-    disableFileLogging: typeof import("../../catalog_common/src/logger/logger").disableFileLogging;
+    enableFileLogging: typeof import("catalog_common/src/logger/logger").enableFileLogging;
+    disableFileLogging: typeof import("catalog_common/src/logger/logger").disableFileLogging;
 };
 export default _default;

package/build/packages/importer/src/logger.d.ts

@@ -5,7 +5,7 @@ declare const _default: {
     debug: (...args: any) => void;
     verbose: (...args: any) => void;
     silly: (...args: any) => void;
-    enableFileLogging: typeof import("../../catalog_common/src/logger/logger").enableFileLogging;
-    disableFileLogging: typeof import("../../catalog_common/src/logger/logger").disableFileLogging;
+    enableFileLogging: typeof import("catalog_common/src/logger/logger").enableFileLogging;
+    disableFileLogging: typeof import("catalog_common/src/logger/logger").disableFileLogging;
 };
 export default _default;

package/build/packages/operator/src/logger.d.ts

@@ -5,7 +5,7 @@ declare const _default: {
     debug: (...args: any) => void;
     verbose: (...args: any) => void;
     silly: (...args: any) => void;
-    enableFileLogging: typeof import("../../catalog_common/src/logger/logger").enableFileLogging;
-    disableFileLogging: typeof import("../../catalog_common/src/logger/logger").disableFileLogging;
+    enableFileLogging: typeof import("catalog_common/src/logger/logger").enableFileLogging;
+    disableFileLogging: typeof import("catalog_common/src/logger/logger").disableFileLogging;
 };
 export default _default;

package/build/packages/scaffolder/src/logger.d.ts

@@ -5,7 +5,7 @@ declare const _default: {
     debug: (...args: any) => void;
     verbose: (...args: any) => void;
     silly: (...args: any) => void;
-    enableFileLogging: typeof import("../../catalog_common/src/logger/logger").enableFileLogging;
-    disableFileLogging: typeof import("../../catalog_common/src/logger/logger").disableFileLogging;
+    enableFileLogging: typeof import("catalog_common/src/logger/logger").enableFileLogging;
+    disableFileLogging: typeof import("catalog_common/src/logger/logger").disableFileLogging;
 };
 export default _default;

package/build/packages/terraform_provisioner/src/logger.d.ts

@@ -5,7 +5,7 @@ declare const _default: {
     debug: (...args: any) => void;
     verbose: (...args: any) => void;
     silly: (...args: any) => void;
-    enableFileLogging: typeof import("../../catalog_common/src/logger/logger").enableFileLogging;
-    disableFileLogging: typeof import("../../catalog_common/src/logger/logger").disableFileLogging;
+    enableFileLogging: typeof import("catalog_common/src/logger/logger").enableFileLogging;
+    disableFileLogging: typeof import("catalog_common/src/logger/logger").disableFileLogging;
 };
 export default _default;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@firestartr/cli",
-  "version": "2.4.0-snapshot-5",
+  "version": "2.4.0-snapshot-6",
   "private": false,
   "description": "Commandline tool",
   "main": "build/main.js",

package/build/packages/importer/src/utils/codeowner.d.ts

@@ -1,5 +0,0 @@
-export declare function extractFromCodeOwners(codeOwnersContent: string): {
-    full: string;
-    isTeam: boolean;
-    name: string;
-}[];