@fjall/generator 0.88.4

package/dist/src/presets/tierPresets.js

@@ -0,0 +1,384 @@
+/**
+ * Tier Presets
+ *
+ * This file defines the configuration presets for each tier (Tinkerer, Standard,
+ * Resilient, Enterprise) across all resource types. Both the `create` flow and
+ * `add` flow consume these presets to ensure consistency.
+ *
+ * Architecture:
+ * - TIER_PRESETS defines what each tier means for each resource type
+ * - planApplicationResources() uses these during `fjall create`
+ * - AddResourceScreen uses these during `fjall add`
+ * - Custom mode bypasses presets and prompts for each parameter
+ *
+ * Type definitions live in ./tierTypes.ts and are re-exported here.
+ */
+/**
+ * Tier names - ordered from least to most capable/expensive
+ * This is the single source of truth for all tier-based configuration.
+ */
+export const TIER_NAMES = [
+    "tinkerer",
+    "lightweight",
+    "standard",
+    "resilient",
+    "enterprise",
+];
+export const CUSTOM_TIER = "custom";
+export const APP_TYPES = [...TIER_NAMES, CUSTOM_TIER];
+/**
+ * Master configuration for all tiers
+ */
+export const TIER_PRESETS = Object.freeze({
+    tinkerer: {
+        displayName: "Tinkerer",
+        description: "Free tier eligible, minimal cost for experimentation",
+        database: {
+            Instance: {
+                instanceType: "t4g.micro",
+                multiAz: false,
+                proxy: false,
+                readReplica: false,
+                publiclyAccessible: true,
+            },
+            Aurora: null,
+            GlobalAurora: null,
+        },
+        compute: {
+            ecs: {
+                services: [
+                    {
+                        name: "service", // Placeholder - overwritten by user input or app-derived name
+                        capacityProvider: "EC2",
+                        desiredCount: 1,
+                        minCapacity: 1,
+                        maxCapacity: 1,
+                        ec2Config: {
+                            instanceType: "t4g.micro",
+                            amiHardwareType: "ARM",
+                            minCapacity: 1,
+                            maxCapacity: 1,
+                            memoryLimitMiB: 400,
+                        },
+                    },
+                ],
+                cluster: { directAccess: true },
+            },
+            lambda: {
+                timeout: 30,
+                memory: 128,
+            },
+        },
+        network: {
+            maxAzs: 2,
+            natGateways: false,
+            flowLogs: false,
+        },
+        backup: false,
+    },
+    lightweight: {
+        displayName: "Lightweight",
+        description: "Streamlined single-AZ deployment for cost efficiency",
+        database: {
+            Instance: {
+                instanceType: "t4g.small",
+                multiAz: false,
+            },
+            Aurora: {
+                readers: false,
+            },
+            GlobalAurora: null,
+        },
+        compute: {
+            ecs: {
+                services: [
+                    {
+                        name: "service", // Placeholder - overwritten by user input or app-derived name
+                        capacityProvider: "FARGATE_SPOT",
+                        cpu: 256,
+                        memoryLimitMiB: 512,
+                        desiredCount: 1,
+                        minCapacity: 1,
+                        maxCapacity: 3,
+                    },
+                ],
+            },
+            lambda: {
+                timeout: 30,
+                memory: 256,
+            },
+        },
+        network: {
+            maxAzs: 2,
+            natGateways: { count: 1 },
+            flowLogs: false,
+        },
+        backup: false,
+    },
+    standard: {
+        displayName: "Standard",
+        description: "Production-ready with sensible defaults",
+        database: {
+            Instance: {
+                instanceType: "t4g.large",
+            },
+            Aurora: {
+                readers: { count: 1 },
+            },
+            GlobalAurora: {
+                readers: { count: 1 },
+            },
+        },
+        compute: {
+            ecs: {
+                services: [
+                    {
+                        name: "service", // Placeholder - overwritten by user input or app-derived name
+                        capacityProvider: "FARGATE",
+                        cpu: 512,
+                        memoryLimitMiB: 1024,
+                        desiredCount: 2,
+                        minCapacity: 2,
+                        maxCapacity: 5,
+                    },
+                ],
+            },
+            lambda: {
+                timeout: 60,
+                memory: 256,
+            },
+        },
+        network: {
+            maxAzs: 3,
+            natGateways: { count: 1 },
+            flowLogs: {},
+            vpcEndpoints: {
+                interface: { ecr: true },
+            },
+        },
+        // App-level tiers below resilient opt out of AWS Backup. Pattern tier presets
+        // define their own { tier: "standard" } because patterns always include backup
+        // from standard upward — see patternTierPresets.ts.
+        backup: false,
+    },
+    resilient: {
+        displayName: "Resilient",
+        description: "High availability with enhanced monitoring and scaling",
+        database: {
+            Instance: {
+                instanceType: "r7g.large",
+                encryption: { storageKey: { useCMK: true } },
+                databaseInsights: {
+                    mode: "advanced",
+                    encryptionKey: { useCMK: true },
+                },
+                proxy: { requireTLS: true },
+            },
+            Aurora: {
+                readers: { count: 2 },
+                encryption: { storageKey: { useCMK: true } },
+                databaseInsights: {
+                    mode: "advanced",
+                    encryptionKey: { useCMK: true },
+                },
+                proxy: { requireTLS: true },
+                backupRetention: 30,
+            },
+            GlobalAurora: {
+                readers: { count: 2 },
+                encryption: { storageKey: { useCMK: true } },
+                databaseInsights: {
+                    mode: "advanced",
+                    encryptionKey: { useCMK: true },
+                },
+                proxy: { requireTLS: true },
+                backupRetention: 30,
+                enableGlobalWriteForwarding: true,
+            },
+        },
+        compute: {
+            ecs: {
+                services: [
+                    {
+                        name: "service", // Placeholder - overwritten by user input or app-derived name
+                        capacityProvider: "FARGATE",
+                        cpu: 1024,
+                        memoryLimitMiB: 2048,
+                        desiredCount: 4,
+                        minCapacity: 4,
+                        maxCapacity: 20,
+                    },
+                ],
+            },
+            lambda: {
+                timeout: 120,
+                memory: 512,
+            },
+        },
+        network: {
+            maxAzs: 3,
+            natGateways: { count: 3 },
+            flowLogs: { retentionDays: 90 },
+            vpcEndpoints: {
+                interface: { ecr: true, secretsManager: true },
+            },
+        },
+        backup: { tier: "resilient" },
+    },
+    enterprise: {
+        displayName: "Enterprise",
+        description: "Maximum capability with all features enabled",
+        database: {
+            Instance: {
+                instanceType: "r6g.xlarge",
+                encryption: { storageKey: { useCMK: true } },
+                databaseInsights: {
+                    mode: "advanced",
+                    encryptionKey: { useCMK: true },
+                },
+                proxy: { requireTLS: true },
+                readReplica: {},
+            },
+            Aurora: {
+                readers: { count: 2 },
+                encryption: { storageKey: { useCMK: true } },
+                databaseInsights: {
+                    mode: "advanced",
+                    encryptionKey: { useCMK: true },
+                },
+                proxy: { requireTLS: true },
+                backupRetention: 35,
+            },
+            GlobalAurora: {
+                readers: { count: 2 },
+                encryption: { storageKey: { useCMK: true } },
+                databaseInsights: {
+                    mode: "advanced",
+                    encryptionKey: { useCMK: true },
+                },
+                proxy: { requireTLS: true },
+                backupRetention: 35,
+                enableGlobalWriteForwarding: true,
+            },
+        },
+        compute: {
+            ecs: {
+                services: [
+                    {
+                        name: "service", // Placeholder - overwritten by user input or app-derived name
+                        capacityProvider: "FARGATE",
+                        cpu: 2048,
+                        memoryLimitMiB: 4096,
+                        desiredCount: 6,
+                        minCapacity: 6,
+                        maxCapacity: 100,
+                    },
+                ],
+            },
+            lambda: {
+                timeout: 300,
+                memory: 1024,
+            },
+        },
+        network: {
+            maxAzs: 3,
+            natGateways: { count: 3 },
+            flowLogs: { destination: "s3", retentionDays: 365 },
+            vpcEndpoints: {
+                interface: {
+                    ecr: true,
+                    secretsManager: true,
+                    kms: true,
+                    cloudwatchLogs: true,
+                },
+            },
+        },
+        backup: { tier: "enterprise" },
+    },
+});
+export function getDatabasePreset(tier, databaseType) {
+    return TIER_PRESETS[tier].database[databaseType];
+}
+/**
+ * Get ECS preset for a specific tier
+ */
+export function getEcsPreset(tier) {
+    return TIER_PRESETS[tier].compute.ecs;
+}
+/**
+ * Get network preset for a specific tier
+ */
+export function getNetworkPreset(tier) {
+    return TIER_PRESETS[tier].network;
+}
+export function getAvailableTiersForDatabase(databaseType) {
+    return TIER_NAMES.filter((tier) => TIER_PRESETS[tier].database[databaseType] !== null);
+}
+/**
+ * Get tier options formatted for UI Select component
+ */
+export function getTierOptionsForDatabase(databaseType) {
+    return getAvailableTiersForDatabase(databaseType).map((tier) => ({
+        label: TIER_PRESETS[tier].displayName,
+        value: tier,
+        description: TIER_PRESETS[tier].description,
+    }));
+}
+/**
+ * Get the default database type for a tier
+ */
+export function getDefaultDatabaseTypeForTier(tier) {
+    switch (tier) {
+        case "tinkerer":
+        case "lightweight":
+        case "standard":
+            return "Instance";
+        case "resilient":
+        case "enterprise":
+            return "Aurora";
+    }
+}
+/**
+ * Apply tier defaults to user-provided services.
+ * Takes user service names and applies the tier's cpu, memory, scaling,
+ * capacityProvider, and ec2Config defaults.
+ */
+export function applyTierDefaultsToServices(tier, userServices) {
+    const tierPreset = TIER_PRESETS[tier];
+    const ecsPreset = tierPreset.compute.ecs;
+    const templateService = ecsPreset.services[0];
+    // Only add routing if tier has a load balancer (not directAccess)
+    const hasLoadBalancer = !ecsPreset.cluster?.directAccess &&
+        ecsPreset.cluster?.loadBalancer !== false;
+    return userServices.map((userService, index) => {
+        const isFirstService = index === 0;
+        // Build routing config only if tier supports load balancer AND multiple services
+        // Single service doesn't need routing - ALB routes all traffic to it automatically
+        let routing;
+        if (hasLoadBalancer) {
+            // Use provided routing if available
+            if (userService.routing) {
+                routing = userService.routing;
+            }
+            else if (userServices.length > 1) {
+                // Multiple services need routing to differentiate traffic
+                routing = {
+                    path: isFirstService ? "/*" : `/${userService.name.toLowerCase()}/*`,
+                    ...(isFirstService ? {} : { priority: 100 + index }),
+                };
+            }
+            // Single service: no routing needed (undefined)
+        }
+        return {
+            name: userService.name,
+            capacityProvider: templateService.capacityProvider,
+            ec2Config: templateService.ec2Config,
+            cpu: templateService.cpu,
+            memoryLimitMiB: templateService.memoryLimitMiB,
+            desiredCount: templateService.desiredCount,
+            minCapacity: templateService.minCapacity,
+            maxCapacity: templateService.maxCapacity,
+            routing,
+        };
+    });
+}

package/dist/src/presets/tierTypes.d.ts

@@ -0,0 +1,301 @@
+/**
+ * Tier Preset Type Definitions
+ *
+ * All interfaces used by tier presets, pattern tier presets, and downstream
+ * consumers. Extracted from tierPresets.ts for maintainability.
+ */
+import type { EcsCapacityProvider, BackupVaultTier } from "../schemas/constants.js";
+/**
+ * Proxy configuration for tier presets
+ * Presence = enabled. Use `false` to explicitly disable.
+ */
+export interface TierProxyConfig {
+    /** Maximum number of database connections. Default: 100 */
+    maxConnections?: number;
+    /** Maximum idle connections to maintain. Default: 50 */
+    maxIdleConnections?: number;
+    /** Timeout for borrowing connections in seconds. Default: 120 */
+    connectionBorrowTimeout?: number;
+    /** Require TLS for proxy connections. Default: true */
+    requireTLS?: boolean;
+}
+/**
+ * Read replica configuration for tier presets
+ * Presence = enabled. Use `false` to explicitly disable.
+ */
+export interface TierReadReplicaConfig {
+    /** Instance type for the replica. Default: same as primary */
+    instanceType?: string;
+    /** Availability zone for the replica. Default: auto-selected */
+    availabilityZone?: string;
+}
+/**
+ * Credentials configuration for tier presets
+ */
+export interface TierCredentialsConfig {
+    /** Master username for the database. Default: "postgres" */
+    username?: string;
+    /** Secret rotation configuration. Presence enables rotation. */
+    secretRotation?: {
+        /** Days between automatic rotations. Default: 30 */
+        automaticallyAfterDays?: number;
+    };
+}
+/**
+ * Aurora readers configuration for tier presets
+ */
+export interface TierAuroraReadersConfig {
+    /** Number of readers. Default: 1 */
+    count?: number;
+    /** Default Database Insights setting for all readers. Default: true */
+    defaultEnableDatabaseInsights?: boolean;
+}
+export interface TierDatabaseInsightsConfig {
+    mode?: "standard" | "advanced";
+    encryptionKey?: {
+        useCMK: true;
+    } | {
+        awsManaged: true;
+    };
+}
+export interface TierEncryptionConfig {
+    storageKey?: {
+        useCMK: true;
+    } | {
+        awsManaged: true;
+    };
+}
+/**
+ * Database tier preset configuration
+ * Null means the tier doesn't support that database type
+ */
+export interface DatabaseTierPreset {
+    /** Instance type for RDS (e.g., "t3.micro", "r6g.large") */
+    instanceType?: string;
+    /** Multi-AZ deployment for high availability */
+    multiAz?: boolean;
+    /**
+     * Place database in public subnet with public IP.
+     * @default false
+     */
+    publiclyAccessible?: boolean;
+    encryption?: TierEncryptionConfig;
+    databaseInsights?: TierDatabaseInsightsConfig | false;
+    /** Database port. Default: 35255 (FJALL on phone keypad) */
+    port?: number;
+    /** RDS Proxy configuration for connection pooling. */
+    proxy?: TierProxyConfig | false;
+    /** Database credentials configuration including username and secret rotation. */
+    credentials?: TierCredentialsConfig;
+    /**  Read replica configuration for read scaling. */
+    readReplica?: TierReadReplicaConfig | false;
+    /** Aurora readers configuration */
+    readers?: TierAuroraReadersConfig | false;
+    /** Backup retention in days. Default: 14 */
+    backupRetention?: number;
+    /** Primary region for Global Aurora */
+    primaryRegion?: string;
+    /** Secondary regions for Global Aurora replication */
+    secondaryRegions?: string[];
+    /** Enable write forwarding for Global Aurora */
+    enableGlobalWriteForwarding?: boolean;
+}
+/**
+ * EC2 capacity configuration for ECS EC2 capacity provider.
+ * Only applies when capacityProvider is "EC2".
+ */
+export interface TierEc2CapacityConfig {
+    /** EC2 instance type. Default: "t3.micro" */
+    instanceType?: string;
+    /** AMI hardware type. Default: "ARM" for cost efficiency */
+    amiHardwareType?: "ARM" | "STANDARD";
+    /** Minimum EC2 instances. Default: 1 */
+    minCapacity?: number;
+    /** Maximum EC2 instances. Default: 3 */
+    maxCapacity?: number;
+    /** Memory limit for container in MiB. Default: 400 */
+    memoryLimitMiB?: number;
+}
+/**
+ * Cluster configuration for ECS tier presets.
+ */
+export interface TierClusterConfig {
+    /** Enable direct EC2 access without ALB. Opens container ports on security group. */
+    directAccess?: boolean;
+    /**
+     * Load balancer configuration.
+     * - false: No ALB (for workers/internal services)
+     * - "public": Internet-facing ALB (default)
+     * - "internal": VPC-only ALB
+     */
+    loadBalancer?: false | "public" | "internal";
+}
+/**
+ * Service configuration for ECS tier presets.
+ * Each service gets its own task definition, scaling, and target group.
+ * Each service MUST specify its own capacityProvider.
+ */
+export interface TierEcsServiceConfig {
+    /** Service name (unique within cluster) */
+    name: string;
+    /**
+     * Capacity provider for this service. REQUIRED.
+     * - FARGATE: Serverless containers (default)
+     * - FARGATE_SPOT: Serverless with spot pricing
+     * - EC2: Self-managed EC2 instances
+     */
+    capacityProvider: EcsCapacityProvider;
+    /** EC2 capacity configuration. Only applies when capacityProvider is "EC2". */
+    ec2Config?: TierEc2CapacityConfig;
+    /** Task CPU units (256, 512, 1024, 2048, 4096). Required for Fargate. */
+    cpu?: number;
+    /** Task memory in MiB (512 - 30720). Required for Fargate. */
+    memoryLimitMiB?: number;
+    /** Desired task count. Default: 1 */
+    desiredCount?: number;
+    /** Minimum capacity for autoscaling. Default: 1 */
+    minCapacity?: number;
+    /** Maximum capacity for autoscaling. Default: 5 */
+    maxCapacity?: number;
+    /** Routing rules for this service on the cluster's ALB */
+    routing?: {
+        path?: string;
+        host?: string;
+        priority?: number;
+    } | Array<{
+        path?: string;
+        host?: string;
+        priority?: number;
+    }>;
+}
+/**
+ * ECS tier preset configuration.
+ * Uses services array for consistent model across all layers.
+ */
+export interface EcsTierPreset {
+    /**
+     * Services in this cluster.
+     * Each service MUST specify its own capacityProvider and has its own
+     * scaling, cpu, memory, and ec2Config configuration.
+     */
+    services: TierEcsServiceConfig[];
+    /**
+     * Cluster configuration. Controls ALB and direct access settings.
+     */
+    cluster?: TierClusterConfig;
+}
+/**
+ * Lambda tier preset configuration
+ */
+export interface LambdaTierPreset {
+    timeout?: number;
+    memory?: number;
+}
+/**
+ * NAT gateway configuration for network tier presets.
+ * Presence = enabled. Use `false` to explicitly disable.
+ */
+export interface TierNatConfig {
+    /** Number of NAT gateways. Default: 1. Set to maxAzs for full redundancy. */
+    count?: number;
+}
+/**
+ * Flow log configuration for network tier presets.
+ * Presence = enabled. Use `false` to explicitly disable.
+ */
+export interface TierFlowLogConfig {
+    /** Log destination. Default: cloudwatch */
+    destination?: "cloudwatch" | "s3";
+    /** Retention period in days. Default: 14 */
+    retentionDays?: number;
+}
+/**
+ * Gateway VPC endpoint configuration.
+ */
+export interface TierGatewayEndpointsConfig {
+    /** Enable S3 Gateway endpoint. Default: true */
+    s3?: boolean;
+    /** Enable DynamoDB Gateway endpoint. Default: true */
+    dynamodb?: boolean;
+}
+/**
+ * Interface VPC endpoint configuration.
+ */
+export interface TierInterfaceEndpointsConfig {
+    /** ECR endpoints for container image pulls. ~$15/month */
+    ecr?: boolean;
+    /** Secrets Manager endpoint. ~$7/month */
+    secretsManager?: boolean;
+    /** KMS endpoint. ~$7/month */
+    kms?: boolean;
+    /** CloudWatch Logs endpoint. ~$7/month */
+    cloudwatchLogs?: boolean;
+    /** Systems Manager endpoint. ~$7/month */
+    ssm?: boolean;
+    /** STS endpoint. ~$7/month */
+    sts?: boolean;
+}
+/**
+ * VPC endpoints configuration for network tier presets.
+ */
+export interface TierVpcEndpointsConfig {
+    /** Gateway endpoints. */
+    gateway?: TierGatewayEndpointsConfig | false;
+    /** Interface endpoints. */
+    interface?: TierInterfaceEndpointsConfig | false;
+}
+/**
+ * Network tier preset configuration
+ */
+export interface NetworkTierPreset {
+    /** Maximum Availability Zones. Default: 3 */
+    maxAzs?: number;
+    /** NAT gateway configuration. Use `false` to disable. */
+    natGateways?: TierNatConfig | false;
+    /** Flow log configuration. Use `false` to disable. */
+    flowLogs?: TierFlowLogConfig | false;
+    /** VPC endpoints configuration. */
+    vpcEndpoints?: TierVpcEndpointsConfig | false;
+}
+/**
+ * Complete tier preset for all resource types
+ */
+export interface TierPreset {
+    /** Human-readable name for UI display */
+    displayName: string;
+    /** Brief description of what this tier is for */
+    description: string;
+    /** Database presets by type. Null means not available for this tier. */
+    database: {
+        Instance: DatabaseTierPreset | null;
+        Aurora: DatabaseTierPreset | null;
+        GlobalAurora: DatabaseTierPreset | null;
+    };
+    /** Compute presets */
+    compute: {
+        ecs: EcsTierPreset;
+        lambda: LambdaTierPreset;
+    };
+    /** Network presets */
+    network: NetworkTierPreset;
+    /** Backup configuration. Object = enrol in AWS Backup, false = no backup. */
+    backup: {
+        tier: BackupVaultTier;
+    } | false;
+}
+/**
+ * User-provided service configuration from the UI
+ */
+export interface UserServiceConfig {
+    name: string;
+    dockerfilePath?: string;
+    containerPort?: number;
+    needsDatabaseConnection?: boolean;
+    routing?: {
+        path: string;
+        priority?: number;
+    } | Array<{
+        path: string;
+        priority?: number;
+    }>;
+}

package/dist/src/presets/tierTypes.js

@@ -0,0 +1,7 @@
+/**
+ * Tier Preset Type Definitions
+ *
+ * All interfaces used by tier presets, pattern tier presets, and downstream
+ * consumers. Extracted from tierPresets.ts for maintainability.
+ */
+export {};