npm - @fjall/deploy-core - Versions diffs - 0.94.0 → 0.95.0 - Mend

@fjall/deploy-core 0.94.0 → 0.95.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (54) hide show

package/dist/.minified +1 -1
package/dist/src/aws/organisations/accounts.js +1 -99
package/dist/src/aws/organisations/backup.js +1 -30
package/dist/src/aws/organisations/costAllocation.js +1 -28
package/dist/src/aws/organisations/delegatedAdmin.js +3 -43
package/dist/src/aws/organisations/identityCentre.js +1 -23
package/dist/src/aws/organisations/ipam.js +1 -20
package/dist/src/aws/organisations/organisation.js +1 -103
package/dist/src/aws/organisations/organisationalUnits.js +1 -239
package/dist/src/aws/organisations/policies.js +1 -37
package/dist/src/aws/organisations/ram.js +1 -19
package/dist/src/aws/organisations/serviceAccess.js +1 -44
package/dist/src/aws/organisations/trustedAccess.js +1 -19
package/dist/src/aws/utils/regions.js +1 -1
package/dist/src/index.js +1 -65
package/dist/src/orchestration/__tests__/cascadeTestHelpers.js +1 -78
package/dist/src/orchestration/activeDeploymentGuard.js +5 -39
package/dist/src/orchestration/applicationDeploy.js +1 -149
package/dist/src/orchestration/applicationDeployHelpers.js +4 -223
package/dist/src/orchestration/applicationDestroy.js +1 -131
package/dist/src/orchestration/builders/dockerBuilder.js +1 -98
package/dist/src/orchestration/builders/openNextBuilder.js +1 -144
package/dist/src/orchestration/cascadeHelpers.js +1 -160
package/dist/src/orchestration/contextHelpers.js +1 -107
package/dist/src/orchestration/deploy.js +1 -42
package/dist/src/orchestration/destroy.js +1 -67
package/dist/src/orchestration/detectionPipeline.js +1 -84
package/dist/src/orchestration/dockerBuildHelper.js +1 -49
package/dist/src/orchestration/dockerInterface.js +0 -1
package/dist/src/orchestration/domainInterface.js +0 -1
package/dist/src/orchestration/openNextBuild.js +3 -243
package/dist/src/orchestration/organisationDeploy.js +3 -284
package/dist/src/orchestration/organisationDestroy.js +3 -189
package/dist/src/orchestration/organisationSetup.js +1 -247
package/dist/src/orchestration/resolveOperation.js +1 -123
package/dist/src/orchestration/welcomeImageHelper.js +1 -64
package/dist/src/services/application/ApplicationStackService.js +1 -218
package/dist/src/services/application/applicationStackHelpers.js +4 -248
package/dist/src/services/infrastructure/CdkCommandRunner.js +2 -244
package/dist/src/services/infrastructure/CdkOutputAnalyser.js +1 -125
package/dist/src/services/infrastructure/CdkProcessManager.js +3 -278
package/dist/src/services/infrastructure/CdkService.js +3 -213
package/dist/src/services/infrastructure/CloudFormationService.js +1 -248
package/dist/src/services/infrastructure/ICdkProcessManager.js +0 -1
package/dist/src/services/supporting/CdkContextBuilder.js +1 -44
package/dist/src/services/supporting/TemplateHashService.js +1 -152
package/dist/src/steps/stepRegistry.js +1 -505
package/dist/src/types/apiClient.js +0 -1
package/dist/src/types/detection.js +0 -1
package/dist/src/types/frameworkBuilder.js +0 -8
package/dist/src/types/params.js +0 -1
package/dist/src/types/patternDetection.js +1 -88
package/dist/src/types/stepDefinitions.js +1 -98
package/package.json +4 -4

package/dist/src/orchestration/cascadeHelpers.js CHANGED Viewed

@@ -1,160 +1 @@
-import { success, failure } from "@fjall/generator";
-import { logger } from "@fjall/util/logger";
-import { maskSensitiveOutput } from "@fjall/util";
-import { ORGANISATION_TYPES, getOrganisationStackName } from "../types/operations.js";
-import { CdkContextBuilder } from "../services/supporting/CdkContextBuilder.js";
-import { stubCallerIdentity } from "../types/deployment/index.js";
-import { CloudFormationService } from "../services/infrastructure/CloudFormationService.js";
-import { buildParamsContext, collectStackOutputs, assumeCascadeRole, forwardOutput } from "./contextHelpers.js";
-import { STRUCTURAL_ENVIRONMENTS } from "@fjall/util";
-/**
- * Partition provider accounts into platform and member accounts.
- * Used by both deploy and destroy orchestration.
- */
-export function partitionAccounts(providerAccounts) {
-    const platformAccount = providerAccounts.find((acc) => acc.environment === STRUCTURAL_ENVIRONMENTS.PLATFORM);
-    const memberAccounts = providerAccounts.filter((acc) => acc.environment !== STRUCTURAL_ENVIRONMENTS.ROOT &&
-        acc.environment !== STRUCTURAL_ENVIRONMENTS.PLATFORM);
-    return { platformAccount, memberAccounts };
-}
-// Re-export for backwards compatibility (canonical definition in contextHelpers)
-export { buildCascadeRoleArn } from "./contextHelpers.js";
-export async function deployCascadeAccount(params, services, operation, account, deployType, callbacks, ipamPoolId) {
-    const operationKey = `${account.name}-${account.id}`;
-    const region = services.awsProvider.getRegion();
-    callbacks.onCascadeAccountStart?.(operationKey, account.id, region, deployType);
-    // Assume role in target account
-    const roleResult = await assumeCascadeRole(services.awsProvider, account.id, region, `fjall-cascade-${account.name}`);
-    if (!roleResult.success) {
-        callbacks.onCascadeAccountComplete?.(operationKey, false, maskSensitiveOutput(roleResult.error.message), region);
-        return failure(new Error(`Failed to assume role for ${account.name}: ${maskSensitiveOutput(roleResult.error.message)}`));
-    }
-    const { provider: accountProvider, credentials: cascadeCredentials } = roleResult.data;
-    // Build context for this account (includes IPAM pool ID if available)
-    const accountContext = CdkContextBuilder.buildDeploymentContext({
-        deployType,
-        target: operation.target,
-        path: operation.path,
-        region,
-        accountName: account.name,
-        callerIdentity: stubCallerIdentity(account.id),
-        ipamPoolId,
-        ...buildParamsContext({
-            orgConfig: params.orgConfig,
-            identity: params.identity,
-            skipOidc: params.options?.skipOidc
-        })
-    }, { verbose: params.options?.verbose }, params.orgConfig);
-    // Bootstrap the target account
-    callbacks.onCascadeAccountPhaseChange?.(operationKey, "bootstrap", region);
-    const bootstrapResult = await services.cdkService.runCdkBootstrap(accountContext, forwardOutput(callbacks), cascadeCredentials);
-    if (!bootstrapResult.success) {
-        callbacks.onCascadeAccountComplete?.(operationKey, false, maskSensitiveOutput(`Bootstrap failed: ${bootstrapResult.error}`), region);
-        return failure(new Error(`Bootstrap failed for ${account.name}: ${maskSensitiveOutput(bootstrapResult.error)}`));
-    }
-    // Deploy the account stack
-    callbacks.onCascadeAccountPhaseChange?.(operationKey, "deploy", region);
-    const stackName = getOrganisationStackName(deployType === "platform"
-        ? ORGANISATION_TYPES.PLATFORM
-        : ORGANISATION_TYPES.ACCOUNT);
-    const deployResult = await services.cdkService.runCdkDeploy(accountContext, stackName, forwardOutput(callbacks), (event) => callbacks.onCascadeAccountResourceProgress?.(operationKey, event, region), accountProvider, cascadeCredentials);
-    if (!deployResult.success) {
-        callbacks.onCascadeAccountComplete?.(operationKey, false, maskSensitiveOutput(deployResult.error), region);
-        return failure(new Error(maskSensitiveOutput(deployResult.error)));
-    }
-    // Capture stack outputs (OIDC role ARN, etc.) from the target account
-    const accountCfn = new CloudFormationService(accountProvider);
-    const outputsResult = await accountCfn.getStackOutputs(stackName);
-    if (!outputsResult.success) {
-        logger.debug("cascadeHelpers", "Failed to read cascade account stack outputs (non-critical)", { stackName, account: account.name });
-    }
-    const outputs = collectStackOutputs(outputsResult);
-    callbacks.onCascadeAccountComplete?.(operationKey, true, undefined, region, outputs);
-    return success({ outputs });
-}
-/**
- * Read Platform stack outputs to extract IPAM pool IDs for member accounts.
- * Output keys follow the pattern `IpamPoolId{12-digit-accountId}{regionSuffix}`.
- * Returns a map keyed by `{accountId}-{regionSuffix}` → pool ID.
- * Non-fatal: returns empty map on any error.
- */
-export async function readPlatformIpamPoolIds(services, platformAccount, callbacks) {
-    const poolIds = new Map();
-    // Assume role in platform account to read its stack outputs
-    const region = services.awsProvider.getRegion();
-    const roleResult = await assumeCascadeRole(services.awsProvider, platformAccount.id, region, `fjall-ipam-read-${platformAccount.name}`);
-    if (!roleResult.success) {
-        logger.debug("organisationDeploy", `Cannot read Platform outputs: ${roleResult.error.message}`);
-        return poolIds;
-    }
-    const platformCfn = new CloudFormationService(roleResult.data.provider);
-    const platformStackName = getOrganisationStackName(ORGANISATION_TYPES.PLATFORM);
-    const outputsResult = await platformCfn.getStackOutputs(platformStackName);
-    if (!outputsResult.success) {
-        logger.debug("organisationDeploy", `Failed to read Platform stack outputs: ${outputsResult.error.message}`);
-        return poolIds;
-    }
-    const ipamPattern = /^IpamPoolId(\d{12})(\w+)$/;
-    for (const output of outputsResult.data) {
-        const match = output.OutputKey?.match(ipamPattern);
-        if (match && output.OutputValue) {
-            const key = `${match[1]}-${match[2]}`;
-            poolIds.set(key, output.OutputValue);
-        }
-    }
-    if (poolIds.size > 0) {
-        callbacks.onLog?.(`Read ${poolIds.size} IPAM pool ID(s) from Platform stack`, "info");
-    }
-    return poolIds;
-}
-/**
- * Deploy configured domains: apex domains sequentially, then delegated
- * domains in parallel. Delegates to the caller-provided DomainDeployProvider.
- */
-export async function deployDomains(provider, callbacks) {
-    const domains = provider.getDomains();
-    if (domains.length === 0) {
-        return { domainsDeployed: 0, errors: [] };
-    }
-    callbacks.onCascadePhaseStart?.("domains");
-    const apexDomains = domains.filter((d) => d.type === "apex");
-    const delegatedDomains = domains.filter((d) => d.type === "delegated");
-    let domainsDeployed = 0;
-    const errors = [];
-    // Phase A: Apex domains (sequential — delegation roles must exist first)
-    for (const domain of apexDomains) {
-        const result = await provider.deployDomain(domain.name, callbacks);
-        if (result.success) {
-            domainsDeployed++;
-        }
-        else {
-            errors.push(`${domain.name}: ${result.error.message}`);
-        }
-    }
-    // Phase B: Delegated subdomains (parallel — independent of each other)
-    if (delegatedDomains.length > 0) {
-        const subdomainResults = await Promise.allSettled(delegatedDomains.map((domain) => provider.deployDomain(domain.name, callbacks)));
-        for (let i = 0; i < subdomainResults.length; i++) {
-            const settled = subdomainResults[i];
-            const domain = delegatedDomains[i];
-            if (!settled || !domain)
-                continue;
-            if (settled.status === "fulfilled") {
-                if (settled.value.success) {
-                    domainsDeployed++;
-                }
-                else {
-                    errors.push(`${domain.name}: ${settled.value.error.message}`);
-                }
-            }
-            else {
-                const message = settled.reason instanceof Error
-                    ? settled.reason.message
-                    : String(settled.reason);
-                errors.push(`${domain.name}: ${message}`);
-            }
-        }
-    }
-    callbacks.onCascadePhaseComplete?.("domains");
-    return { domainsDeployed, errors };
-}
+import{success as v,failure as P}from"@fjall/generator";import{logger as R}from"@fjall/util/logger";import{maskSensitiveOutput as l}from"@fjall/util";import{ORGANISATION_TYPES as O,getOrganisationStackName as A}from"../types/operations.js";import{CdkContextBuilder as x}from"../services/supporting/CdkContextBuilder.js";import{stubCallerIdentity as N}from"../types/deployment/index.js";import{CloudFormationService as S}from"../services/infrastructure/CloudFormationService.js";import{buildParamsContext as T,collectStackOutputs as F,assumeCascadeRole as h,forwardOutput as D}from"./contextHelpers.js";import{STRUCTURAL_ENVIRONMENTS as $}from"@fjall/util";function _(r){const s=r.find(e=>e.environment===$.PLATFORM),i=r.filter(e=>e.environment!==$.ROOT&&e.environment!==$.PLATFORM);return{platformAccount:s,memberAccounts:i}}import{buildCascadeRoleArn as J}from"./contextHelpers.js";async function b(r,s,i,e,c,n,d){const o=`${e.name}-${e.id}`,t=s.awsProvider.getRegion();n.onCascadeAccountStart?.(o,e.id,t,c);const a=await h(s.awsProvider,e.id,t,`fjall-cascade-${e.name}`);if(!a.success)return n.onCascadeAccountComplete?.(o,!1,l(a.error.message),t),P(new Error(`Failed to assume role for ${e.name}: ${l(a.error.message)}`));const{provider:u,credentials:m}=a.data,p=x.buildDeploymentContext({deployType:c,target:i.target,path:i.path,region:t,accountName:e.name,callerIdentity:N(e.id),ipamPoolId:d,...T({orgConfig:r.orgConfig,identity:r.identity,skipOidc:r.options?.skipOidc})},{verbose:r.options?.verbose},r.orgConfig);n.onCascadeAccountPhaseChange?.(o,"bootstrap",t);const f=await s.cdkService.runCdkBootstrap(p,D(n),m);if(!f.success)return n.onCascadeAccountComplete?.(o,!1,l(`Bootstrap failed: ${f.error}`),t),P(new Error(`Bootstrap failed for ${e.name}: ${l(f.error)}`));n.onCascadeAccountPhaseChange?.(o,"deploy",t);const g=A(c==="platform"?O.PLATFORM:O.ACCOUNT),C=await s.cdkService.runCdkDeploy(p,g,D(n),I=>n.onCascadeAccountResourceProgress?.(o,I,t),u,m);if(!C.success)return n.onCascadeAccountComplete?.(o,!1,l(C.error),t),P(new Error(l(C.error)));const w=await new S(u).getStackOutputs(g);w.success||R.debug("cascadeHelpers","Failed to read cascade account stack outputs (non-critical)",{stackName:g,account:e.name});const y=F(w);return n.onCascadeAccountComplete?.(o,!0,void 0,t,y),v({outputs:y})}async function G(r,s,i){const e=new Map,c=r.awsProvider.getRegion(),n=await h(r.awsProvider,s.id,c,`fjall-ipam-read-${s.name}`);if(!n.success)return R.debug("organisationDeploy",`Cannot read Platform outputs: ${n.error.message}`),e;const d=new S(n.data.provider),o=A(O.PLATFORM),t=await d.getStackOutputs(o);if(!t.success)return R.debug("organisationDeploy",`Failed to read Platform stack outputs: ${t.error.message}`),e;const a=/^IpamPoolId(\d{12})(\w+)$/;for(const u of t.data){const m=u.OutputKey?.match(a);if(m&&u.OutputValue){const p=`${m[1]}-${m[2]}`;e.set(p,u.OutputValue)}}return e.size>0&&i.onLog?.(`Read ${e.size} IPAM pool ID(s) from Platform stack`,"info"),e}async function H(r,s){const i=r.getDomains();if(i.length===0)return{domainsDeployed:0,errors:[]};s.onCascadePhaseStart?.("domains");const e=i.filter(o=>o.type==="apex"),c=i.filter(o=>o.type==="delegated");let n=0;const d=[];for(const o of e){const t=await r.deployDomain(o.name,s);t.success?n++:d.push(`${o.name}: ${t.error.message}`)}if(c.length>0){const o=await Promise.allSettled(c.map(t=>r.deployDomain(t.name,s)));for(let t=0;t<o.length;t++){const a=o[t],u=c[t];if(!(!a||!u))if(a.status==="fulfilled")a.value.success?n++:d.push(`${u.name}: ${a.value.error.message}`);else{const m=a.reason instanceof Error?a.reason.message:String(a.reason);d.push(`${u.name}: ${m}`)}}}return s.onCascadePhaseComplete?.("domains"),{domainsDeployed:n,errors:d}}export{J as buildCascadeRoleArn,b as deployCascadeAccount,H as deployDomains,_ as partitionAccounts,G as readPlatformIpamPoolIds};

package/dist/src/orchestration/contextHelpers.js CHANGED Viewed

@@ -1,107 +1 @@
-import { success, failure } from "@fjall/generator";
-import { getErrorMessage, maskSensitiveOutput } from "@fjall/util";
-import { SimpleAwsProvider } from "../aws/SimpleAwsProvider.js";
-/**
- * Build the orgConfig/identity context fields shared by all deployment paths.
- * CdkContextBuilder expects orgConfig as a JSON string and fjallOrgId as a string.
- */
-export function buildParamsContext(params) {
-    return {
-        ...(params.orgConfig !== undefined
-            ? { orgConfig: JSON.stringify(params.orgConfig) }
-            : {}),
-        ...(params.identity !== undefined
-            ? { fjallOrgId: params.identity.fjallOrgId }
-            : {}),
-        ...(params.skipOidc ? { fjallOidcConfigured: true } : {})
-    };
-}
-/** Forward onOutput callback — reduces lambda repetition across orchestration files. */
-export function forwardOutput(callbacks) {
-    return (chunk) => callbacks.onOutput?.(chunk);
-}
-/** Forward onResourceProgress callback — reduces lambda repetition across orchestration files. */
-export function forwardResourceProgress(callbacks) {
-    return (event) => callbacks.onResourceProgress?.(event);
-}
-/** Convert CloudFormation getStackOutputs result to Record<string, string>. */
-export function collectStackOutputs(result) {
-    if (!result.success || result.data.length === 0)
-        return undefined;
-    const record = {};
-    for (const output of result.data) {
-        if (output.OutputKey && output.OutputValue !== undefined) {
-            record[output.OutputKey] = output.OutputValue;
-        }
-    }
-    return Object.keys(record).length > 0 ? record : undefined;
-}
-/** Role name created by the Account CDK stack for cross-account cascade operations. */
-const CASCADE_DEPLOYMENT_ROLE = "fjall-deployment-role";
-/** Build the IAM role ARN used for cross-account cascade operations. */
-export function buildCascadeRoleArn(accountId) {
-    return `arn:aws:iam::${accountId}:role/${CASCADE_DEPLOYMENT_ROLE}`;
-}
-/**
- * Assume a cross-account cascade role and create a scoped provider.
- * Callers handle failure (callbacks, logging, return type) — this helper
- * only owns the assume + provider construction.
- */
-export async function assumeCascadeRole(awsProvider, accountId, region, sessionName) {
-    if (!awsProvider.assumeRole) {
-        return failure(new Error("AwsProvider does not support assumeRole"));
-    }
-    const roleArn = buildCascadeRoleArn(accountId);
-    let assumed;
-    try {
-        assumed = await awsProvider.assumeRole(roleArn, sessionName);
-    }
-    catch (err) {
-        return failure(new Error(getErrorMessage(err)));
-    }
-    const provider = new SimpleAwsProvider({
-        accessKeyId: assumed.accessKeyId,
-        secretAccessKey: assumed.secretAccessKey,
-        sessionToken: assumed.sessionToken,
-        region,
-        accountId
-    });
-    return success({
-        provider,
-        credentials: {
-            accessKeyId: assumed.accessKeyId,
-            secretAccessKey: assumed.secretAccessKey,
-            sessionToken: assumed.sessionToken
-        }
-    });
-}
-/**
- * Run CDK synth and return failure with masked error if it fails.
- * Calls `onError` on the callbacks so callers only need to handle
- * step-specific reporting (e.g. onStepComplete) before returning.
- */
-export async function synthOrFail(services, context, callbacks, errorPrefix) {
-    const synthResult = await services.cdkService.runCdkSynth(context, (chunk) => callbacks.onCdkOutput?.(chunk, "synth"));
-    if (!synthResult.success) {
-        const error = new Error(maskSensitiveOutput(`${errorPrefix}: ${synthResult.error}`));
-        callbacks.onError?.(error);
-        return failure(error);
-    }
-    return success(undefined);
-}
-/**
- * Run CDK bootstrap and return failure with masked error if it fails.
- * Emits onCDKBootstrap status callbacks and calls onError on failure.
- */
-export async function bootstrapOrFail(services, context, callbacks) {
-    callbacks.onCDKBootstrap?.("bootstrapping");
-    const bootstrapResult = await services.cdkService.runCdkBootstrap(context, forwardOutput(callbacks));
-    if (!bootstrapResult.success) {
-        callbacks.onCDKBootstrap?.("failed");
-        const error = new Error(maskSensitiveOutput(`Bootstrap failed: ${bootstrapResult.error}`));
-        callbacks.onError?.(error);
-        return failure(error);
-    }
-    callbacks.onCDKBootstrap?.("complete");
-    return success(undefined);
-}
+import{success as i,failure as u}from"@fjall/generator";import{getErrorMessage as a,maskSensitiveOutput as c}from"@fjall/util";import{SimpleAwsProvider as p}from"../aws/SimpleAwsProvider.js";function K(e){return{...e.orgConfig!==void 0?{orgConfig:JSON.stringify(e.orgConfig)}:{},...e.identity!==void 0?{fjallOrgId:e.identity.fjallOrgId}:{},...e.skipOidc?{fjallOidcConfigured:!0}:{}}}function l(e){return t=>e.onOutput?.(t)}function w(e){return t=>e.onResourceProgress?.(t)}function E(e){if(!e.success||e.data.length===0)return;const t={};for(const r of e.data)r.OutputKey&&r.OutputValue!==void 0&&(t[r.OutputKey]=r.OutputValue);return Object.keys(t).length>0?t:void 0}const y="fjall-deployment-role";function O(e){return`arn:aws:iam::${e}:role/${y}`}async function A(e,t,r,s){if(!e.assumeRole)return u(new Error("AwsProvider does not support assumeRole"));const n=O(t);let o;try{o=await e.assumeRole(n,s)}catch(f){return u(new Error(a(f)))}const d=new p({accessKeyId:o.accessKeyId,secretAccessKey:o.secretAccessKey,sessionToken:o.sessionToken,region:r,accountId:t});return i({provider:d,credentials:{accessKeyId:o.accessKeyId,secretAccessKey:o.secretAccessKey,sessionToken:o.sessionToken}})}async function R(e,t,r,s){const n=await e.cdkService.runCdkSynth(t,o=>r.onCdkOutput?.(o,"synth"));if(!n.success){const o=new Error(c(`${s}: ${n.error}`));return r.onError?.(o),u(o)}return i(void 0)}async function x(e,t,r){r.onCDKBootstrap?.("bootstrapping");const s=await e.cdkService.runCdkBootstrap(t,l(r));if(!s.success){r.onCDKBootstrap?.("failed");const n=new Error(c(`Bootstrap failed: ${s.error}`));return r.onError?.(n),u(n)}return r.onCDKBootstrap?.("complete"),i(void 0)}export{A as assumeCascadeRole,x as bootstrapOrFail,O as buildCascadeRoleArn,K as buildParamsContext,E as collectStackOutputs,l as forwardOutput,w as forwardResourceProgress,R as synthOrFail};

package/dist/src/orchestration/deploy.js CHANGED Viewed

@@ -1,42 +1 @@
-import { success } from "@fjall/generator";
-import { isApplicationOperation } from "../types/operations.js";
-import { createDeployServices } from "./serviceFactory.js";
-import { resolveOperation } from "./resolveOperation.js";
-import { deployApplication } from "./applicationDeploy.js";
-import { deployOrganisation } from "./organisationDeploy.js";
-/**
- * Deploy infrastructure for a target.
- *
- * Primary entry point for both CLI and webapp worker. Determines whether
- * the target is an application or organisation deployment and routes
- * to the appropriate orchestrator.
- */
-export async function deploy(params) {
-    const startTime = Date.now();
-    const services = createDeployServices(params);
-    const opResult = await resolveOperation(params.target, params.workingDirectory);
-    if (!opResult.success) {
-        params.callbacks.onError?.(opResult.error);
-        return opResult;
-    }
-    const operation = opResult.data;
-    if (isApplicationOperation(operation)) {
-        const result = await deployApplication(params, services, operation);
-        // Attach duration if not already set
-        if (result.success && result.data.durationMs === undefined) {
-            return success({
-                ...result.data,
-                durationMs: Date.now() - startTime
-            });
-        }
-        return result;
-    }
-    const result = await deployOrganisation(params, services, operation);
-    if (result.success && result.data.durationMs === undefined) {
-        return success({
-            ...result.data,
-            durationMs: Date.now() - startTime
-        });
-    }
-    return result;
-}
+import{success as a}from"@fjall/generator";import{isApplicationOperation as c}from"../types/operations.js";import{createDeployServices as u}from"./serviceFactory.js";import{resolveOperation as d}from"./resolveOperation.js";import{deployApplication as p}from"./applicationDeploy.js";import{deployOrganisation as f}from"./organisationDeploy.js";async function g(t){const n=Date.now(),s=u(t),o=await d(t.target,t.workingDirectory);if(!o.success)return t.callbacks.onError?.(o.error),o;const i=o.data;if(c(i)){const e=await p(t,s,i);return e.success&&e.data.durationMs===void 0?a({...e.data,durationMs:Date.now()-n}):e}const r=await f(t,s,i);return r.success&&r.data.durationMs===void 0?a({...r.data,durationMs:Date.now()-n}):r}export{g as deploy};

package/dist/src/orchestration/destroy.js CHANGED Viewed

@@ -1,67 +1 @@
-import { success, failure } from "@fjall/generator";
-import { isApplicationOperation, isOrganisationOperation, getApplicationStackName, getOrganisationStackName, APPLICATION_STACKS } from "../types/operations.js";
-import { createDeployServices } from "./serviceFactory.js";
-import { resolveOperation } from "./resolveOperation.js";
-import { destroyApplication } from "./applicationDestroy.js";
-import { destroyOrganisation } from "./organisationDestroy.js";
-import { checkActiveDeployments } from "./activeDeploymentGuard.js";
-/**
- * Destroy infrastructure for a target.
- *
- * Primary entry point for both CLI and webapp worker. Determines whether
- * the target is an application or organisation and routes to the
- * appropriate orchestrator.
- *
- * Mirrors the deploy() entry point -- same resolution, same service
- * factory, same callback contract.
- */
-export async function destroy(params) {
-    const startTime = Date.now();
-    const services = createDeployServices({
-        target: params.target,
-        workingDirectory: params.workingDirectory,
-        awsCredentials: params.awsCredentials,
-        callbacks: params.callbacks,
-        options: {
-            verbose: params.options?.verbose,
-            force: params.options?.force,
-            cascade: params.options?.cascade,
-            skipConfirmation: params.options?.skipConfirmation
-        },
-        orgConfig: params.orgConfig,
-        identity: params.identity
-    });
-    const opResult = await resolveOperation(params.target, params.workingDirectory);
-    if (!opResult.success) {
-        params.callbacks.onError?.(opResult.error);
-        return opResult;
-    }
-    const operation = opResult.data;
-    // Pre-flight: reject if any target stacks are mid-operation (unless --force)
-    if (!params.options?.force) {
-        const stackNames = isApplicationOperation(operation)
-            ? Object.values(APPLICATION_STACKS).map((stack) => getApplicationStackName(operation.appName, stack))
-            : [getOrganisationStackName(operation.type)];
-        const guardResult = await checkActiveDeployments(stackNames, services.cfnService);
-        if (!guardResult.success) {
-            params.callbacks.onError?.(guardResult.error);
-            return failure(guardResult.error);
-        }
-    }
-    if (isApplicationOperation(operation)) {
-        const result = await destroyApplication(params, services, operation);
-        if (result.success && result.data.durationMs === undefined) {
-            return success({
-                ...result.data,
-                durationMs: Date.now() - startTime
-            });
-        }
-        return result;
-    }
-    if (isOrganisationOperation(operation)) {
-        return destroyOrganisation(params, services, operation);
-    }
-    const error = new Error(`Unsupported destroy target: ${params.target}`);
-    params.callbacks.onError?.(error);
-    return failure(error);
-}
+import{success as u,failure as s}from"@fjall/generator";import{isApplicationOperation as a,isOrganisationOperation as d,getApplicationStackName as g,getOrganisationStackName as p,APPLICATION_STACKS as k}from"../types/operations.js";import{createDeployServices as y}from"./serviceFactory.js";import{resolveOperation as w}from"./resolveOperation.js";import{destroyApplication as b}from"./applicationDestroy.js";import{destroyOrganisation as v}from"./organisationDestroy.js";import{checkActiveDeployments as C}from"./activeDeploymentGuard.js";async function T(o){const f=Date.now(),i=y({target:o.target,workingDirectory:o.workingDirectory,awsCredentials:o.awsCredentials,callbacks:o.callbacks,options:{verbose:o.options?.verbose,force:o.options?.force,cascade:o.options?.cascade,skipConfirmation:o.options?.skipConfirmation},orgConfig:o.orgConfig,identity:o.identity}),r=await w(o.target,o.workingDirectory);if(!r.success)return o.callbacks.onError?.(r.error),r;const t=r.data;if(!o.options?.force){const e=a(t)?Object.values(k).map(l=>g(t.appName,l)):[p(t.type)],n=await C(e,i.cfnService);if(!n.success)return o.callbacks.onError?.(n.error),s(n.error)}if(a(t)){const e=await b(o,i,t);return e.success&&e.data.durationMs===void 0?u({...e.data,durationMs:Date.now()-f}):e}if(d(t))return v(o,i,t);const c=new Error(`Unsupported destroy target: ${o.target}`);return o.callbacks.onError?.(c),s(c)}export{T as destroy};

package/dist/src/orchestration/detectionPipeline.js CHANGED Viewed

@@ -1,84 +1 @@
-import { join } from "path";
-import { success, failure } from "@fjall/generator";
-import { logger } from "@fjall/util/logger";
-import { maskSensitiveOutput } from "@fjall/util";
-import { hasDockerfile } from "../util/dockerfileDetection.js";
-import { deriveResourcesFromManifestStacks } from "../types/patternDetection.js";
-import { emitProgress, PROGRESS_MESSAGES } from "../services/supporting/helpers.js";
-import { parseRequiredSecretsFromManifest } from "./manifestSecretParser.js";
-/**
- * Pre-deployment analysis pipeline.
- *
- * Detects the application pattern, synthesises infrastructure, computes
- * template hashes, and determines which stacks have changed.
- */
-export async function runDetectionPipeline(operation, services, context, callbacks) {
-    // 1. Detect application pattern
-    callbacks.onDetectionPhaseChange?.("detect", "started");
-    const resolved = services.frameworkRegistry.resolve({
-        appPath: operation.path
-    });
-    const pattern = resolved?.detection.pattern ?? null;
-    const hasDatabase = resolved?.detection.hasDatabase ?? false;
-    callbacks.onLog?.(`Pattern detected: ${pattern ?? "standard"}`, "info");
-    callbacks.onDetectionPhaseChange?.("detect", "completed");
-    const cdkOutPath = join(operation.path, "cdk.out");
-    // 2. Synthesise infrastructure
-    callbacks.onDetectionPhaseChange?.("synth", "started");
-    emitProgress(callbacks, PROGRESS_MESSAGES.SYNTH);
-    const synthResult = await services.cdkService.runCdkSynth(context, (chunk) => callbacks.onCdkOutput?.(chunk, "synth"));
-    if (!synthResult.success) {
-        return failure(new Error(maskSensitiveOutput(`CDK synthesis failed: ${synthResult.error}`)));
-    }
-    callbacks.onDetectionPhaseChange?.("synth", "completed");
-    // 2b. Parse required secrets from manifest (pure data, no AWS calls)
-    const requiredSecrets = parseRequiredSecretsFromManifest(cdkOutPath);
-    if (requiredSecrets.length > 0) {
-        callbacks.onLog?.(`Found ${requiredSecrets.length} required secret path(s) in manifest`, "info");
-    }
-    // 3. Compute template hashes
-    callbacks.onDetectionPhaseChange?.("hash", "started");
-    emitProgress(callbacks, PROGRESS_MESSAGES.HASH);
-    const hashResult = await services.hashService.getTemplateHashes(cdkOutPath);
-    if (!hashResult.success) {
-        return failure(new Error(maskSensitiveOutput(`Template hash computation failed: ${hashResult.error.message}`)));
-    }
-    const currentHashes = hashResult.data;
-    // 4. Compare with stored state
-    const comparisonResult = await services.hashService.compareWithState(currentHashes, operation.path);
-    if (!comparisonResult.success) {
-        return failure(new Error(maskSensitiveOutput(`Hash comparison failed: ${comparisonResult.error.message}`)));
-    }
-    const comparison = comparisonResult.data;
-    callbacks.onDetectionPhaseChange?.("hash", "completed");
-    // 5. Stale hash detection: unchanged templates whose stacks don't exist in CFN
-    const stackChanges = new Map(comparison.stackChanges);
-    for (const [stackName, hasChanged] of comparison.stackChanges) {
-        if (!hasChanged) {
-            const exists = await services.cfnService.stackExists(stackName);
-            if (!exists) {
-                logger.debug("detectionPipeline", "Stale hash detected — stack missing in CFN", {
-                    stackName
-                });
-                stackChanges.set(stackName, true);
-            }
-        }
-    }
-    // 6. Derive resource flags from manifest stacks
-    const stackNames = Array.from(currentHashes.keys());
-    const resources = deriveResourcesFromManifestStacks(stackNames);
-    // 7. Detect Dockerfile on disk (Compute stack alone is not sufficient)
-    const dockerfilePresent = resources.hasCompute && hasDockerfile(operation.path);
-    const hasDifferences = Array.from(stackChanges.values()).some(Boolean);
-    callbacks.onLog?.(`Detection complete: ${comparison.changedCount} changed, ${comparison.unchangedCount} unchanged`, "info");
-    return success({
-        pattern,
-        hasDatabase,
-        hasDifferences,
-        stackChanges,
-        currentHashes,
-        resources,
-        hasDockerfile: dockerfilePresent,
-        requiredSecrets
-    });
-}
+import{join as E}from"path";import{success as $,failure as m}from"@fjall/generator";import{logger as H}from"@fjall/util/logger";import{maskSensitiveOutput as d}from"@fjall/util";import{hasDockerfile as v}from"../util/dockerfileDetection.js";import{deriveResourcesFromManifestStacks as x}from"../types/patternDetection.js";import{emitProgress as C,PROGRESS_MESSAGES as D}from"../services/supporting/helpers.js";import{parseRequiredSecretsFromManifest as A}from"./manifestSecretParser.js";async function B(n,t,P,e){e.onDetectionPhaseChange?.("detect","started");const u=t.frameworkRegistry.resolve({appPath:n.path}),f=u?.detection.pattern??null,y=u?.detection.hasDatabase??!1;e.onLog?.(`Pattern detected: ${f??"standard"}`,"info"),e.onDetectionPhaseChange?.("detect","completed");const p=E(n.path,"cdk.out");e.onDetectionPhaseChange?.("synth","started"),C(e,D.SYNTH);const g=await t.cdkService.runCdkSynth(P,s=>e.onCdkOutput?.(s,"synth"));if(!g.success)return m(new Error(d(`CDK synthesis failed: ${g.error}`)));e.onDetectionPhaseChange?.("synth","completed");const r=A(p);r.length>0&&e.onLog?.(`Found ${r.length} required secret path(s) in manifest`,"info"),e.onDetectionPhaseChange?.("hash","started"),C(e,D.HASH);const a=await t.hashService.getTemplateHashes(p);if(!a.success)return m(new Error(d(`Template hash computation failed: ${a.error.message}`)));const i=a.data,h=await t.hashService.compareWithState(i,n.path);if(!h.success)return m(new Error(d(`Hash comparison failed: ${h.error.message}`)));const o=h.data;e.onDetectionPhaseChange?.("hash","completed");const c=new Map(o.stackChanges);for(const[s,l]of o.stackChanges)l||await t.cfnService.stackExists(s)||(H.debug("detectionPipeline","Stale hash detected \u2014 stack missing in CFN",{stackName:s}),c.set(s,!0));const w=Array.from(i.keys()),S=x(w),k=S.hasCompute&&v(n.path),R=Array.from(c.values()).some(Boolean);return e.onLog?.(`Detection complete: ${o.changedCount} changed, ${o.unchangedCount} unchanged`,"info"),$({pattern:f,hasDatabase:y,hasDifferences:R,stackChanges:c,currentHashes:i,resources:S,hasDockerfile:k,requiredSecrets:r})}export{B as runDetectionPipeline};

package/dist/src/orchestration/dockerBuildHelper.js CHANGED Viewed

@@ -1,49 +1 @@
-import { success, failure } from "@fjall/generator";
-import { maskSensitiveOutput } from "@fjall/util";
-import { STEP_IDS } from "../types/stepDefinitions.js";
-const DOCKER_BUILD_STEP_NAME = "Building and pushing Docker image";
-/**
- * Run Docker build and push before deploying the Compute stack.
- * Initialises ECR if needed, then builds and pushes the image.
- */
-export async function runDockerBuild(params, services, operation, callbacks) {
-    const dockerProvider = params.dockerProvider;
-    if (!dockerProvider)
-        return success(undefined);
-    const accountId = services.awsProvider.getAccountId();
-    if (!accountId) {
-        callbacks.onLog?.("Skipping Docker build — account ID not available", "warn");
-        return success(undefined);
-    }
-    const region = services.awsProvider.getRegion();
-    callbacks.onStepStart?.(STEP_IDS.DOCKER_OPERATIONS, DOCKER_BUILD_STEP_NAME);
-    // Initialise ECR repository (non-fatal — CDK creates it if needed)
-    callbacks.onLog?.("Initialising ECR repository…", "info");
-    const ecrResult = await dockerProvider.initialiseECR({
-        appName: operation.appName,
-        region,
-        accountId
-    });
-    if (!ecrResult.success) {
-        callbacks.onLog?.(`ECR initialisation failed: ${ecrResult.error.message}`, "warn");
-    }
-    // Build and push Docker image
-    callbacks.onLog?.("Building and pushing Docker image…", "info");
-    const buildResult = await dockerProvider.buildAndPush({
-        appName: operation.appName,
-        appPath: operation.path,
-        region,
-        accountId
-    }, (message, percentage, layerId, status) => {
-        callbacks.onDockerProgress?.(maskSensitiveOutput(message), percentage, layerId, status);
-    });
-    if (!buildResult.success) {
-        callbacks.onStepComplete?.(STEP_IDS.DOCKER_OPERATIONS, DOCKER_BUILD_STEP_NAME, "error");
-        const error = new Error(maskSensitiveOutput(buildResult.error.message));
-        callbacks.onError?.(error);
-        return failure(error);
-    }
-    callbacks.onStepComplete?.(STEP_IDS.DOCKER_OPERATIONS, DOCKER_BUILD_STEP_NAME, "completed");
-    callbacks.onLog?.(`Docker image pushed: ${buildResult.data.imageUri}`, "info");
-    return success(undefined);
-}
+import{success as u,failure as c}from"@fjall/generator";import{maskSensitiveOutput as m}from"@fjall/util";import{STEP_IDS as d}from"../types/stepDefinitions.js";const p="Building and pushing Docker image";async function C(f,s,r,e){const i=f.dockerProvider;if(!i)return u(void 0);const n=s.awsProvider.getAccountId();if(!n)return e.onLog?.("Skipping Docker build \u2014 account ID not available","warn"),u(void 0);const a=s.awsProvider.getRegion();e.onStepStart?.(d.DOCKER_OPERATIONS,p),e.onLog?.("Initialising ECR repository\u2026","info");const g=await i.initialiseECR({appName:r.appName,region:a,accountId:n});g.success||e.onLog?.(`ECR initialisation failed: ${g.error.message}`,"warn"),e.onLog?.("Building and pushing Docker image\u2026","info");const t=await i.buildAndPush({appName:r.appName,appPath:r.path,region:a,accountId:n},(o,E,D,R)=>{e.onDockerProgress?.(m(o),E,D,R)});if(!t.success){e.onStepComplete?.(d.DOCKER_OPERATIONS,p,"error");const o=new Error(m(t.error.message));return e.onError?.(o),c(o)}return e.onStepComplete?.(d.DOCKER_OPERATIONS,p,"completed"),e.onLog?.(`Docker image pushed: ${t.data.imageUri}`,"info"),u(void 0)}export{C as runDockerBuild};

package/dist/src/orchestration/dockerInterface.js CHANGED Viewed

	@@ -1 +0,0 @@
1	- export {};

package/dist/src/orchestration/domainInterface.js CHANGED Viewed

	@@ -1 +0,0 @@
1	- export {};