@fjall/components-infrastructure 0.94.1 → 0.96.0

package/dist/lib/utils/connections.d.ts

@@ -23,7 +23,7 @@
  */
 import { type IConnectable } from "aws-cdk-lib/aws-ec2";
 import { type IGrantable } from "aws-cdk-lib/aws-iam";
-import { type ConnectionSpec, type ConnectionResult } from "./connector.js";
+import { type ConnectionSpec, type ConnectionResult, type IRemoteConnector } from "./connector.js";
 /**
  * Process connections from compute resources to data resources.
  *
@@ -44,3 +44,9 @@ import { type ConnectionSpec, type ConnectionResult } from "./connector.js";
  * );
  */
 export declare function processConnections(connections: ConnectionSpec[], grantee: IGrantable, connectable?: IConnectable): ConnectionResult[];
+/**
+ * Build an env-vars connection result for a remote connector.
+ * Used by the cross-app VPC peering path — env vars are surfaced from SSM
+ * lookups upstream and merged into the consuming compute's container env.
+ */
+export declare function buildEnvVarsResult(connector: IRemoteConnector, envVars: Record<string, string>): ConnectionResult;

package/dist/lib/utils/connections.js

@@ -142,6 +142,9 @@ export function processConnections(connections, grantee, connectable) {
                     connectable.connections.allowToDefaultPort(resource);
                     return buildSecurityGroupResult(resource);
                 }
+                case "remote": {
+                    return buildEnvVarsResult(resource, resource.environmentVariables);
+                }
             }
         }
         // Legacy IConnectable path
@@ -153,3 +156,15 @@ export function processConnections(connections, grantee, connectable) {
         throw new Error("Connection resource must be either an IConnector or IConnectable");
     });
 }
+/**
+ * Build an env-vars connection result for a remote connector.
+ * Used by the cross-app VPC peering path — env vars are surfaced from SSM
+ * lookups upstream and merged into the consuming compute's container env.
+ */
+export function buildEnvVarsResult(connector, envVars) {
+    return {
+        resource: connector,
+        connectionType: CONNECTION_TYPE.ENV_VARS,
+        environmentVariables: envVars
+    };
+}

package/dist/lib/utils/connector.d.ts

@@ -45,8 +45,9 @@ import { type IGrantable, type Grant } from "aws-cdk-lib/aws-iam";
  * - "queue": SQS queues
  * - "securityGroup": Resources with security groups (ECS, Lambda with VPC)
  * - "relational": RDS databases (uses security groups)
+ * - "remote": Cross-app resource exposed via VPC peering, surfaced as env vars
  */
-export type ConnectorType = "storage" | "dynamodb" | "queue" | "securityGroup" | "relational";
+export type ConnectorType = "storage" | "dynamodb" | "queue" | "securityGroup" | "relational" | "remote";
 /**
  * Access level for storage and DynamoDB connectors.
  */
@@ -115,10 +116,20 @@ export interface ISecurityGroupConnector extends IConnector {
     /** The security group connections for this resource. */
     readonly connections: IConnectable["connections"];
 }
+/**
+ * Remote connector interface.
+ * Represents a resource exposed by a peered app via VPC peering.
+ * Carries the env vars that should be injected into the consuming compute.
+ */
+export interface IRemoteConnector extends IConnector {
+    readonly connectorType: "remote";
+    /** Env vars to inject (e.g. `{PREFIX}_HOST`, `{PREFIX}_PORT`). */
+    readonly environmentVariables: Record<string, string>;
+}
 /**
  * Union type representing any connector interface.
  */
-export type AnyConnector = IStorageConnector | IDynamoDBConnector | IQueueConnector | ISecurityGroupConnector;
+export type AnyConnector = IStorageConnector | IDynamoDBConnector | IQueueConnector | ISecurityGroupConnector | IRemoteConnector;
 /**
  * Connection configuration with explicit access level.
  * Use this to specify non-default access levels.
@@ -141,6 +152,7 @@ export type ConnectionSpec = IConnectable | AnyConnector | ConnectionConfig;
 export declare const CONNECTION_TYPE: {
     readonly SECURITY_GROUP: "securityGroup";
     readonly IAM: "iam";
+    readonly ENV_VARS: "envVars";
 };
 export type ConnectionType = (typeof CONNECTION_TYPE)[keyof typeof CONNECTION_TYPE];
 /**
@@ -154,6 +166,8 @@ export interface ConnectionResult {
     grant?: Grant;
     /** The type of connection that was made. */
     connectionType: ConnectionType;
+    /** Env vars to inject when connectionType is "envVars". */
+    environmentVariables?: Record<string, string>;
 }
 /** Check if a value is a valid ConnectionAccess. */
 export declare function isConnectionAccess(value: unknown): value is ConnectionAccess;
@@ -181,3 +195,5 @@ export declare function isDynamoDBConnector(connector: IConnector): connector is
 export declare function isQueueConnector(connector: IConnector): connector is IQueueConnector;
 /** Type guard for security group connectors (RDS, ECS). */
 export declare function isSecurityGroupConnector(connector: IConnector): connector is ISecurityGroupConnector;
+/** Type guard for remote connectors (cross-app exposed resources). */
+export declare function isRemoteConnector(connector: IConnector): connector is IRemoteConnector;

package/dist/lib/utils/connector.js

@@ -39,7 +39,8 @@
 /** Connection result types. */
 export const CONNECTION_TYPE = {
     SECURITY_GROUP: "securityGroup",
-    IAM: "iam"
+    IAM: "iam",
+    ENV_VARS: "envVars"
 };
 const VALID_CONNECTION_ACCESS = [
     "read",
@@ -102,3 +103,7 @@ export function isSecurityGroupConnector(connector) {
     return (connector.connectorType === "securityGroup" ||
         connector.connectorType === "relational");
 }
+/** Type guard for remote connectors (cross-app exposed resources). */
+export function isRemoteConnector(connector) {
+    return connector.connectorType === "remote";
+}

package/dist/lib/utils/costAllocationTags.d.ts

@@ -0,0 +1,6 @@
+export declare const COST_ALLOCATION_TAGS: {
+    readonly ENVIRONMENT: "fjall:costAllocation:environment";
+    readonly SERVICE: "fjall:costAllocation:service";
+    readonly DOMAIN: "fjall:costAllocation:domain";
+};
+export declare const DEFAULT_COST_ALLOCATION_ENVIRONMENT: "management";

package/dist/lib/utils/costAllocationTags.js

@@ -0,0 +1,6 @@
+export const COST_ALLOCATION_TAGS = {
+    ENVIRONMENT: "fjall:costAllocation:environment",
+    SERVICE: "fjall:costAllocation:service",
+    DOMAIN: "fjall:costAllocation:domain"
+};
+export const DEFAULT_COST_ALLOCATION_ENVIRONMENT = "management";

package/dist/lib/utils/index.d.ts

@@ -1,6 +1,8 @@
 export * from "./backupTierMapping.js";
 export * from "./capitaliseString.js";
+export * from "./cdkContext.js";
 export * from "./connections.js";
+export * from "./connector.js";
 export * from "./databaseTypes.js";
 export * from "./getConfig.js";
 export * from "./removalPolicy.js";
@@ -8,5 +10,6 @@ export * from "./resourceNaming.js";
 export * from "./standardTagsAspect.js";
 export * from "./validationLogger.js";
 export * from "./env.js";
+export * from "./vpcPeerInterface.js";
 export * from "./vpcUtils.js";
 export * from "./domainTypes.js";

package/dist/lib/utils/index.js

@@ -1,6 +1,8 @@
 export * from "./backupTierMapping.js";
 export * from "./capitaliseString.js";
+export * from "./cdkContext.js";
 export * from "./connections.js";
+export * from "./connector.js";
 export * from "./databaseTypes.js";
 export * from "./getConfig.js";
 export * from "./removalPolicy.js";
@@ -8,5 +10,6 @@ export * from "./resourceNaming.js";
 export * from "./standardTagsAspect.js";
 export * from "./validationLogger.js";
 export * from "./env.js";
+export * from "./vpcPeerInterface.js";
 export * from "./vpcUtils.js";
 export * from "./domainTypes.js";

package/dist/lib/utils/vpcPeerInterface.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Canonical home for the `IVpcPeer` interface — placed in `utils/` so both
+ * `resources/` (the synth-time `resolveRemoteConnections` helper) and
+ * `patterns/` (the consumer-facing `RemoteConnectionSpec`) can import it
+ * without crossing the resources -> patterns layer boundary.
+ *
+ * `peerAppName` is typed as `string | undefined` to match the underlying
+ * `VpcPeeringConnection` construct, which accepts the prop optionally. The
+ * `VpcPeerFactory` always populates it, but consumers must still guard
+ * against `undefined` and CFN-token contamination at synth time (see
+ * `resolveRemoteConnections()` for the canonical guard).
+ */
+export interface IVpcPeer {
+    /** Name of the remote Fjall app this peering targets. */
+    readonly peerAppName: string | undefined;
+    /**
+     * Organisation ID of the remote app, when known. Falls back to `"default"`
+     * during SSM path construction when undefined — mirroring the `VpcPeer`
+     * factory's existing behaviour.
+     */
+    readonly peerOrgId: string | undefined;
+}

package/dist/lib/utils/vpcPeerInterface.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fjall/components-infrastructure",
-  "version": "0.94.1",
+  "version": "0.96.0",
   "license": "SEE LICENSE IN LICENSE",
   "type": "module",
   "bin": {
@@ -54,7 +54,8 @@
   },
   "dependencies": {
     "@aws-sdk/client-organizations": "^3.997.0",
-    "@fjall/util": "^0.94.1",
+    "@fjall/generator": "^0.96.0",
+    "@fjall/util": "^0.96.0",
     "cdk-time-sleep": "^1.0.0",
     "constructs": "^10.0.0",
     "uuid": "^10.0.0"
@@ -62,7 +63,7 @@
   "overrides": {
     "@smithy/core": "2.5.5"
   },
-  "gitHead": "65d778bc6370a5becd761b367a482ca51e890f58",
+  "gitHead": "bfbd3625ab029ba77a6571630e0edb85f9d53380",
   "peerDependencies": {
     "aws-cdk": "^2.239.0",
     "aws-cdk-lib": "^2.239.0",