npm - @fjall/components-infrastructure - Versions diffs - 0.96.0 → 0.99.3 - Mend

@fjall/components-infrastructure 0.96.0 → 0.99.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (209) hide show

package/dist/lib/utils/databaseTypes.d.ts CHANGED Viewed

@@ -2,7 +2,21 @@ import { type Duration } from "aws-cdk-lib";
 import { type IKey } from "aws-cdk-lib/aws-kms";
 import { type SubnetSelection } from "aws-cdk-lib/aws-ec2";
 export type DatabaseEngine = "postgresql" | "mysql";
+/**
+ * Discriminated snapshot target. Instance variants return
+ * `{ kind: "instance", arn }`; cluster variants return
+ * `{ kind: "cluster", arn }`. Consumers branch on `kind` to choose between
+ * `rds:CreateDBSnapshot` and `rds:CreateDBClusterSnapshot`.
+ */
+export type SnapshotTarget = {
+    kind: "instance";
+    arn: string;
+} | {
+    kind: "cluster";
+    arn: string;
+};
 export interface EngineConfig {
+    family: DatabaseEngine;
     defaultUsername: string;
     sslParameters: Record<string, string>;
     rotationAppName: string;

package/dist/lib/utils/getConfig.d.ts CHANGED Viewed

@@ -1,9 +1,11 @@
+import { type ProviderAccount } from "@fjall/util/config";
 export interface Config {
     region: string;
     environment: string;
     accountId?: string;
     accountName?: string;
     accountIds?: Record<string, string>;
+    providerAccounts: ProviderAccount[];
     primaryRegion?: string;
     secondaryRegions: string[];
     allRegions: string[];

package/dist/lib/utils/getConfig.js CHANGED Viewed

@@ -6,6 +6,7 @@ export function getConfig(accountName) {
     const config = {
         region: process.env.AWS_REGION || "us-east-1",
         environment: "unknown",
+        providerAccounts: [],
         secondaryRegions: [],
         allRegions: []
     };
@@ -18,6 +19,7 @@ export function getConfig(accountName) {
     }
     const orgConfig = parseOrgConfig(typeof orgConfigRaw === "string" ? orgConfigRaw : undefined);
     const providerAccounts = orgConfig.providerAccounts;
+    config.providerAccounts = providerAccounts;
     config.primaryRegion = orgConfig.primaryRegion;
     config.secondaryRegions = orgConfig.secondaryRegions;
     config.disasterRecoveryRegion = orgConfig.disasterRecoveryRegion;

package/dist/lib/utils/index.d.ts CHANGED Viewed

@@ -13,3 +13,4 @@ export * from "./env.js";
 export * from "./vpcPeerInterface.js";
 export * from "./vpcUtils.js";
 export * from "./domainTypes.js";
+export * from "./migrationVersionResolvers.js";

package/dist/lib/utils/index.js CHANGED Viewed

@@ -13,3 +13,4 @@ export * from "./env.js";
 export * from "./vpcPeerInterface.js";
 export * from "./vpcUtils.js";
 export * from "./domainTypes.js";
+export * from "./migrationVersionResolvers.js";

package/dist/lib/utils/manifestWriter.d.ts CHANGED Viewed

@@ -7,99 +7,16 @@
  *
  * The manifest is written to cdk.out/fjall-manifest.json after synthesis.
  *
- * NOTE: This file uses synchronous file operations (writeFileSync, readFileSync, etc.)
- * because CDK synthesis is inherently synchronous. The synth() method blocks until
- * complete, so async operations would provide no benefit and add complexity.
+ * Synchronous fs ops are intentional: CDK synth() is inherently synchronous.
  *
- * TYPE DUPLICATION NOTE: The interfaces below (ManifestService, ManifestPattern, etc.)
- * are mirrored by Zod schemas in cli/src/types/FjallManifest.ts. The CLI schemas are
- * the authoritative source for validation. If you modify these interfaces, update
- * the Zod schemas to match. Future work: extract to shared @fjall/types package.
+ * Manifest type shapes are re-exported from @fjall/util/manifest/schemas — the
+ * Zod-derived definitions there are the single source of truth for both runtime
+ * validation and TypeScript inference.
  */
 import type { CloudAssembly } from "aws-cdk-lib/cx-api";
-import { type ResourceMapEntry, MANIFEST_SCHEMA_VERSION } from "@fjall/util/constructMap";
 import { type ResourceCategory } from "@fjall/util/resourceCategorisation";
-/**
- * Service configuration extracted from ECS services.
- */
-export interface ManifestService {
-    /** Service name (must match ECS service name) */
-    name: string;
-    /** Cluster name this service belongs to */
-    clusterName?: string;
-    /** Path to Dockerfile relative to app root */
-    dockerfilePath?: string;
-    /** Docker build target for multi-stage builds */
-    dockerTarget?: string;
-    /** Container port */
-    containerPort?: number;
-    /** SSM secrets configured for this service (aggregated from all containers) */
-    secrets?: string[];
-    /** SSM secrets path (derived or explicit) */
-    ssmSecretsPath?: string;
-}
-/**
- * Pattern configuration extracted from PatternFactory.
- */
-export interface ManifestPattern {
-    /** Pattern type */
-    type: "payload";
-    /** Pattern name (CMS name) */
-    name: string;
-    /** Source directory containing build output */
-    source: string;
-}
-/**
- * ECR configuration.
- */
-export interface ManifestEcr {
-    /** ECR repository name */
-    repositoryName: string;
-}
-/**
- * Lambda function configuration extracted from Lambda compute.
- * Enables CLI discovery of Lambda functions for secrets management.
- */
-export interface ManifestLambda {
-    /** Lambda function name (construct ID) */
-    name: string;
-    /** SSM secrets configured for this Lambda */
-    secrets?: string[];
-    /** SSM secrets path (derived or explicit) */
-    ssmSecretsPath?: string;
-}
-/**
- * Stack hash entry computed from synthesised template.
- */
-export interface ManifestStackHash {
-    /** SHA-256 hash of the synthesised template */
-    templateHash: string;
-    /** ISO timestamp when synth completed */
-    synthTimestamp: string;
-}
-/**
- * Fjall manifest - generated during CDK synth.
- */
-export interface FjallManifest {
-    /** Schema version for future compatibility */
-    version: typeof MANIFEST_SCHEMA_VERSION;
-    /** ISO timestamp when manifest was generated */
-    generatedAt: string;
-    /** Application name */
-    appName: string;
-    /** Resolved service configurations */
-    services: ManifestService[];
-    /** Lambda function configurations */
-    lambdas: ManifestLambda[];
-    /** Pattern configuration (if using PatternFactory) */
-    pattern?: ManifestPattern;
-    /** ECR configuration */
-    ecr?: ManifestEcr;
-    /** Template hashes by stack name */
-    stacks: Record<string, ManifestStackHash>;
-    /** Resource map: logicalId → construct context for topology grouping */
-    resourceMap?: Record<string, ResourceMapEntry>;
-}
+import { type ManifestService, type ManifestPattern, type ManifestEcr, type ManifestLambda, type ManifestStackHash, type FjallManifest } from "@fjall/util/manifest/schemas";
+export type { ManifestService, ManifestPattern, ManifestEcr, ManifestLambda, ManifestStackHash, FjallManifest };
 /**
  * Collected manifest data during synthesis.
  * Stores all data that will be written to the manifest file.

package/dist/lib/utils/manifestWriter.js CHANGED Viewed

@@ -7,19 +7,18 @@
  *
  * The manifest is written to cdk.out/fjall-manifest.json after synthesis.
  *
- * NOTE: This file uses synchronous file operations (writeFileSync, readFileSync, etc.)
- * because CDK synthesis is inherently synchronous. The synth() method blocks until
- * complete, so async operations would provide no benefit and add complexity.
+ * Synchronous fs ops are intentional: CDK synth() is inherently synchronous.
  *
- * TYPE DUPLICATION NOTE: The interfaces below (ManifestService, ManifestPattern, etc.)
- * are mirrored by Zod schemas in cli/src/types/FjallManifest.ts. The CLI schemas are
- * the authoritative source for validation. If you modify these interfaces, update
- * the Zod schemas to match. Future work: extract to shared @fjall/types package.
+ * Manifest type shapes are re-exported from @fjall/util/manifest/schemas — the
+ * Zod-derived definitions there are the single source of truth for both runtime
+ * validation and TypeScript inference.
  */
-import { writeFileSync, readFileSync, existsSync, readdirSync } from "fs";
+import { writeFileSync, readFileSync, existsSync, readdirSync, renameSync, unlinkSync } from "fs";
 import { join, basename } from "path";
 import { createHash } from "crypto";
-import { buildConstructMap, constructMapToRecord, ACCOUNT_CONSTRUCT_GROUPS, FJALL_MANIFEST_FILENAME, MANIFEST_SCHEMA_VERSION } from "@fjall/util/constructMap";
+import { buildConstructMap, constructMapToRecord, ACCOUNT_CONSTRUCT_GROUPS } from "@fjall/util/constructMap";
+import { maskSensitiveOutput } from "@fjall/util";
+import { FJALL_MANIFEST_FILENAME, MANIFEST_SCHEMA_VERSION, FjallManifestSchema } from "@fjall/util/manifest/schemas";
 import { FjallLogger } from "./validationLogger.js";
 /**
  * Collected manifest data during synthesis.
@@ -118,8 +117,8 @@ function computeTemplateHash(templatePath) {
         return createHash("sha256").update(normalised).digest("hex");
     }
     catch (error) {
-        const errorMessage = error instanceof Error ? error.message : String(error);
-        FjallLogger.warn(`Failed to compute hash for ${templatePath}: ${errorMessage}`);
+        const maskedMessage = maskSensitiveOutput(error instanceof Error ? error.message : String(error));
+        FjallLogger.warn(`Failed to compute hash for ${templatePath}: ${maskedMessage}`);
         return null;
     }
 }
@@ -145,8 +144,8 @@ function computeStackHashes(cdkOutPath) {
         }
     }
     catch (error) {
-        const errorMessage = error instanceof Error ? error.message : String(error);
-        FjallLogger.warn(`Failed to read cdk.out for hash computation: ${errorMessage}`);
+        const maskedMessage = maskSensitiveOutput(error instanceof Error ? error.message : String(error));
+        FjallLogger.warn(`Failed to read cdk.out for hash computation: ${maskedMessage}`);
     }
     return stacks;
 }
@@ -181,13 +180,30 @@ export function writeManifest(assembly, collector) {
     if (ecr) {
         manifest.ecr = ecr;
     }
+    // CLI deploy reads this manifest and silently degrades on malformed JSON,
+    // so a truncated write is worse than no write — atomic-rename via .tmp.
+    const tmpPath = `${manifestPath}.tmp`;
     try {
-        writeFileSync(manifestPath, JSON.stringify(manifest, null, 2), "utf-8");
+        writeFileSync(tmpPath, JSON.stringify(manifest, null, 2), "utf-8");
+        renameSync(tmpPath, manifestPath);
         FjallLogger.info(`Fjall manifest written to ${manifestPath}`);
     }
     catch (error) {
+        if (existsSync(tmpPath)) {
+            try {
+                unlinkSync(tmpPath);
+            }
+            catch (cleanupError) {
+                const cleanupMessage = cleanupError instanceof Error
+                    ? cleanupError.message
+                    : String(cleanupError);
+                FjallLogger.warn(`Failed to clean up tmp manifest at ${tmpPath}: ${maskSensitiveOutput(cleanupMessage)}`);
+            }
+        }
         const errorMessage = error instanceof Error ? error.message : String(error);
-        FjallLogger.warn(`Failed to write Fjall manifest: ${errorMessage}`);
+        throw new Error(`Failed to write Fjall manifest: ${errorMessage}`, {
+            cause: error
+        });
     }
 }
 /**
@@ -200,19 +216,16 @@ export function readExistingManifest(cdkOutPath) {
     }
     try {
         const content = readFileSync(manifestPath, "utf-8");
-        const parsed = JSON.parse(content);
-        if (typeof parsed !== "object" ||
-            parsed === null ||
-            !("version" in parsed) ||
-            !("appName" in parsed)) {
-            FjallLogger.warn("Existing manifest has unexpected shape");
+        const result = FjallManifestSchema.safeParse(JSON.parse(content));
+        if (!result.success) {
+            FjallLogger.warn(`Existing manifest has unexpected shape: ${maskSensitiveOutput(result.error.message)}`);
             return null;
         }
-        return parsed;
+        return result.data;
     }
     catch (error) {
         const message = error instanceof Error ? error.message : String(error);
-        FjallLogger.warn(`Failed to parse existing manifest: ${message}`);
+        FjallLogger.warn(`Failed to parse existing manifest: ${maskSensitiveOutput(message)}`);
         return null;
     }
 }

package/dist/lib/utils/migrationVersionResolvers.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { PRISMA_MIGRATION_DIR_RE } from "@fjall/util";
2	+ export { pickLatestPrismaMigration } from "@fjall/util/migration";

package/dist/lib/utils/migrationVersionResolvers.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { PRISMA_MIGRATION_DIR_RE } from "@fjall/util";
2	+ export { pickLatestPrismaMigration } from "@fjall/util/migration";

package/dist/lib/utils/orgConfigParser.js CHANGED Viewed

@@ -1,3 +1,4 @@
+import { maskSensitiveOutput } from "@fjall/util";
 import { FjallLogger } from "./validationLogger.js";
 /**
  * Parse orgConfig JSON from CDK context into a validated structure.
@@ -43,7 +44,7 @@ export function parseOrgConfig(raw) {
         };
     }
     catch (error) {
-        FjallLogger.warn(`[fjall] Failed to parse orgConfig from CDK context: ${error instanceof Error ? error.message : String(error)}`);
+        FjallLogger.warn(`[fjall] Failed to parse orgConfig from CDK context: ${maskSensitiveOutput(error instanceof Error ? error.message : String(error))}`);
         return empty;
     }
 }

package/dist/lib/utils/resolveAlertsTopic.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import type { Construct } from "constructs";
+import type { ITopic } from "aws-cdk-lib/aws-sns";
+/**
+ * Resolve an `ITopic | string | undefined` alertsTopic to an `ITopic | undefined`.
+ *
+ * String values are accepted in two shapes:
+ * - `"import:<ExportName>"` — resolved via `Fn.importValue`.
+ * - `"arn:..."` — used as-is.
+ *
+ * Any other string shape throws — `Topic.fromTopicArn` accepts any string without
+ * validation, so a non-`import:` value MUST be ARN-shape-checked here or a malformed
+ * reference reaches synth.
+ */
+export declare function resolveAlertsTopic(scope: Construct, id: string, alertsTopic: ITopic | string | undefined): ITopic | undefined;

package/dist/lib/utils/resolveAlertsTopic.js ADDED Viewed

@@ -0,0 +1,30 @@
+import { Fn } from "aws-cdk-lib";
+import { Topic } from "aws-cdk-lib/aws-sns";
+/**
+ * Resolve an `ITopic | string | undefined` alertsTopic to an `ITopic | undefined`.
+ *
+ * String values are accepted in two shapes:
+ * - `"import:<ExportName>"` — resolved via `Fn.importValue`.
+ * - `"arn:..."` — used as-is.
+ *
+ * Any other string shape throws — `Topic.fromTopicArn` accepts any string without
+ * validation, so a non-`import:` value MUST be ARN-shape-checked here or a malformed
+ * reference reaches synth.
+ */
+export function resolveAlertsTopic(scope, id, alertsTopic) {
+    if (alertsTopic === undefined)
+        return undefined;
+    if (typeof alertsTopic !== "string")
+        return alertsTopic;
+    let arn;
+    if (alertsTopic.startsWith("import:")) {
+        arn = Fn.importValue(alertsTopic.slice("import:".length));
+    }
+    else {
+        if (!alertsTopic.startsWith("arn:")) {
+            throw new Error(`alertsTopic string must be an ARN (starts with "arn:") or use the "import:<ExportName>" form; got "${alertsTopic}"`);
+        }
+        arn = alertsTopic;
+    }
+    return Topic.fromTopicArn(scope, id, arn);
+}

package/dist/lib/utils/validationLogger.js CHANGED Viewed

@@ -6,7 +6,10 @@
 import { appendFileSync, existsSync, mkdirSync } from "fs";
 import { homedir } from "os";
 import { join } from "path";
-const LOG_DIR = process.env.FJALL_LOG_DIR ?? join(homedir(), ".fjall", "logs");
+const ENV_LOG_DIR = process.env.FJALL_LOG_DIR;
+const LOG_DIR = ENV_LOG_DIR !== undefined && ENV_LOG_DIR !== ""
+    ? ENV_LOG_DIR
+    : join(homedir(), ".fjall", "logs");
 const LOG_FILE = join(LOG_DIR, "infrastructure.jsonl");
 /**
  * Write a log entry to the infrastructure JSONL file
@@ -25,8 +28,8 @@ function writeToLog(level, message) {
         });
         appendFileSync(LOG_FILE, entry + "\n");
     }
-    catch {
-        // Never crash CDK on logging failure
+    catch (err) {
+        console.debug("[Fjall] writeToLog failed:", err instanceof Error ? err.message : String(err));
     }
 }
 export const FjallLogger = {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@fjall/components-infrastructure",
-  "version": "0.96.0",
+  "version": "0.99.3",
   "license": "SEE LICENSE IN LICENSE",
   "type": "module",
   "bin": {
@@ -30,40 +30,42 @@
   "scripts": {
     "clean": "rm -rf ./dist",
     "clean:node": "rm -rf ./node_modules",
-    "build": "tsc && cp -r lib/layers dist/lib/layers",
+    "build": "tsc && cp -r lib/layers dist/lib/layers && cp lib/resources/aws/compute/lifecycleHookLambda.source.cjs dist/lib/resources/aws/compute/lifecycleHookLambda.source.cjs && cp lib/resources/aws/compute/ec2GracefulTerminationLambda.source.cjs dist/lib/resources/aws/compute/ec2GracefulTerminationLambda.source.cjs && cp lib/resources/aws/compute/persistentDataVolumeLambda.source.cjs dist/lib/resources/aws/compute/persistentDataVolumeLambda.source.cjs",
     "watch": "tsc -w",
     "watch:only": "tsc -w",
     "test": "vitest run",
     "test:watch": "vitest",
     "cdk": "cdk",
-    "typecheck": "tsc --noEmit",
+    "typecheck": "tsc --noEmit && tsc --noEmit -p tsconfig.test.json",
+    "typecheck:tests": "tsc --noEmit -p tsconfig.test.json",
     "check:scripts": "tsc --project tsconfig.scripts.json",
+    "lint": "eslint lib --no-warn-ignored",
+    "lint:fix": "eslint lib --fix --no-warn-ignored",
     "format": "prettier --write \"lib/**/*.{ts,tsx,js,jsx,json}\" \"scripts/**/*.mts\"",
     "format:check": "prettier --check \"lib/**/*.{ts,tsx,js,jsx,json}\" \"scripts/**/*.mts\""
   },
   "devDependencies": {
-    "@types/aws-lambda": "^8.10.109",
-    "@types/node": "^22.13.10",
-    "@types/uuid": "^10.0.0",
-    "@typescript-eslint/eslint-plugin": "^8.26.1",
-    "@typescript-eslint/parser": "^8.26.1",
-    "eslint": "^9.39.1",
-    "prettier": "^3.2.5",
-    "typescript": "^5.8.2",
-    "vitest": "^4.1.2"
+    "@aws-sdk/client-elastic-load-balancing-v2": "^3.1045.0",
+    "@types/aws-lambda": "^8.10.161",
+    "@types/node": "^25.6.0",
+    "@types/uuid": "^11.0.0",
+    "@typescript-eslint/eslint-plugin": "^8.59.1",
+    "@typescript-eslint/parser": "^8.59.1",
+    "eslint": "^10.2.1",
+    "prettier": "^3.8.3",
+    "typescript": "^6.0.3",
+    "vitest": "^4.1.5"
   },
   "dependencies": {
-    "@aws-sdk/client-organizations": "^3.997.0",
-    "@fjall/generator": "^0.96.0",
-    "@fjall/util": "^0.96.0",
-    "cdk-time-sleep": "^1.0.0",
+    "@aws-sdk/client-organizations": "^3.1038.0",
+    "@fjall/generator": "^0.99.3",
+    "@fjall/util": "^0.99.3",
     "constructs": "^10.0.0",
-    "uuid": "^10.0.0"
+    "uuid": "^14.0.0"
   },
   "overrides": {
     "@smithy/core": "2.5.5"
   },
-  "gitHead": "bfbd3625ab029ba77a6571630e0edb85f9d53380",
   "peerDependencies": {
     "aws-cdk": "^2.239.0",
     "aws-cdk-lib": "^2.239.0",
@@ -71,5 +73,6 @@
   },
   "engines": {
     "node": ">=18.0.0"
-  }
+  },
+  "gitHead": "e50d25185d5eab618e2a90622466296fa0cbffe8"
 }