@fjall/util 0.96.0 → 0.99.1

package/dist/migration/pickLatestPrismaMigration.js

@@ -0,0 +1 @@
+import{readdirSync as n}from"node:fs";import{PRISMA_MIGRATION_DIR_RE as o}from"./constants.js";function d(t){const i=n(t,{withFileTypes:!0}).filter(r=>r.isDirectory()).map(r=>r.name).filter(r=>o.test(r)).sort(),e=i[i.length-1];if(e===void 0)throw new Error(`No Prisma migration directories found under ${t}`);return e}export{d as pickLatestPrismaMigration};

package/dist/reservedAppNames.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Reserved application names (cross-system, application-scoped).
+ *
+ * Both the CLI scaffold schema (`CreateApplicationSchema` in
+ * `@fjall/cli/src/validation/commandSchemas.ts`) and the webapp scaffold
+ * schema (`ScaffoldRequestSchema` in `webapp/app/routes/api/github/scaffold.ts`)
+ * reject any application name whose **lowercase form** appears in this list.
+ *
+ * The reserved name `"fjall"` is gated here because it denotes the
+ * organisation-tier marker under the `fjall/` marker convention (P1) — a
+ * customer-owned application sharing that name would collide structurally
+ * with the organisation entry under `[container/]fjall/fjall/infrastructure.ts`.
+ *
+ * **Boundary with `isReservedSlug`** — `webapp/app/.server/utils/reservedSlugs.ts`
+ * guards organisation slugs (URL-scoped, webapp-only). This list is
+ * application-scoped and ships from `@fjall/util` for cross-system reuse
+ * (CLI + webapp + worker). Both coexist; neither references the other.
+ *
+ * All entries MUST be lowercase. Membership checks lowercase the input
+ * before testing, so `"Fjall"`, `"FJALL"`, and `"fjALL"` all reject
+ * identically.
+ */
+export declare const RESERVED_APP_NAMES: readonly ["fjall"];
+export type ReservedAppName = (typeof RESERVED_APP_NAMES)[number];
+/**
+ * Case-insensitive membership check. The canonical entrypoint — consumers
+ * MUST route through this helper rather than calling `.includes(name.toLowerCase())`
+ * inline, so the lowercasing discipline cannot drift across CLI/webapp/worker.
+ */
+export declare function isReservedAppName(name: string): boolean;

package/dist/reservedAppNames.js

@@ -0,0 +1 @@
+const o=["fjall"];function r(e){return o.includes(e.toLowerCase())}export{o as RESERVED_APP_NAMES,r as isReservedAppName};

package/dist/scanLocalRepository.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Filesystem counterpart to the webapp's `scanInfrastructureFiles`.
+ *
+ * Walks `repoRoot` recursively, gathers every `infrastructure.ts` file it
+ * sees, and hands the resulting iterable to the shared `findInfrastructurePaths`
+ * resolver. The resolver owns the marker/boundary rules; this module owns
+ * the I/O concerns (symlink loop guard, walk recursion). The exclusion set
+ * is declared here but enforced by the shared resolver — `walk()` skips
+ * excluded directories at I/O time as an optimisation; the resolver enforces
+ * the same set as a defence-in-depth contract.
+ *
+ * Returns the same `{ paths }` shape as the webapp scan so the helpers are
+ * consumer-substitutable (`aiDocs/patterns/cross-system-parity-pattern.md`).
+ *
+ * Walk discipline:
+ *   - Symlinks are skipped entirely via `Dirent.isSymbolicLink()` (loop guard).
+ *   - Excluded directory names: node_modules, .git, dist, build, coverage,
+ *     .next, .turbo, .vite, .cache.
+ */
+import type { ScanPath } from "./scanTypes.js";
+export interface ScanLocalRepositoryResult {
+    paths: ScanPath[];
+}
+export declare function scanLocalRepository(repoRoot: string): Promise<ScanLocalRepositoryResult>;

package/dist/scanLocalRepository.js

@@ -0,0 +1 @@
+import{readdir as u}from"fs/promises";import{join as f,relative as l,sep as s}from"path";import{findInfrastructurePaths as m,isInfrastructureFile as h}from"./findInfrastructurePaths.js";const o=new Set(["node_modules",".git","dist","build","coverage",".next",".turbo",".vite",".cache"]);async function E(t){const i=[];return await c(t,t,i),{paths:m(i,{excludedPathSegments:o})}}async function c(t,i,n){let r;try{r=await u(i,{withFileTypes:!0})}catch{return}for(const e of r){if(e.isSymbolicLink())continue;const a=f(i,e.name);if(e.isDirectory()){if(o.has(e.name))continue;await c(t,a,n);continue}e.isFile()&&h(e.name)&&n.push({path:d(t,a)})}}function d(t,i){const n=l(t,i);return s==="/"?n:n.split(s).join("/")}export{E as scanLocalRepository};

package/dist/scanTypes.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Cross-system scan-result types shared by the CLI's `scanLocalRepository`
+ * (filesystem) and the webapp's `scanInfrastructureFiles` (GitHub tree API).
+ *
+ * Both producers MUST emit the same `{ paths }` shape so the helpers are
+ * consumer-substitutable. See
+ * `aiDocs/patterns/cross-system-parity-pattern.md`.
+ *
+ * `ScanPath` carries path information only — no name, no kind. The linker
+ * is solely responsible for mapping paths to applications and tier kinds.
+ */
+export interface ScanPath {
+    /** Folder containing `infrastructure.ts` relative to the repo root. */
+    configPath: string;
+    /** Path to the nearest `fjall/` ancestor (the boundary). */
+    boundaryPath: string;
+}

package/dist/securityHelpers.d.ts

@@ -23,11 +23,21 @@ export declare function filterDangerousEnvVars(env: Record<string, string | unde
  * Matches the FULL scoped agent token: prefix (16 base32) + separator (.) + secret (40 base32).
  * Base32 alphabet: A-Z2-7. The `.` separator MUST be included or the secret leaks unmasked.
  * Single source of truth — all masking call sites import this.
+ *
+ * Public form has NO `g` flag — `.test()` consumers must not share `lastIndex` across calls.
+ * The global form lives in `SCOPED_TOKEN_GLOBAL_REGEX` below for the iteration site.
  */
 export declare const SCOPED_TOKEN_REGEX: RegExp;
 /**
  * Mask sensitive information in output strings to prevent credential leakage.
- * Patterns: postgres://user:pass@host, password=xxx, secret=xxx, apikey=xxx
+ * Patterns: postgres://user:pass@host, password=xxx, secret=xxx, apikey=xxx,
+ * GitHub tokens (ghu_/ghs_/ghp_/gho_/github_pat_), bare AWS access-key IDs
+ * (AKIA-prefixed and ASIA-prefixed), AWS secret keys, ARN account IDs,
+ * scoped agent tokens.
+ *
+ * Single source of truth — consumer loggers (CLI, worker, webapp) MUST
+ * NOT re-implement these patterns inline. See
+ * .claude/rules/security-standards.md § "Masking Patterns Live in @fjall/util".
  */
 export declare function maskSensitiveOutput(output: string): string;
 /**

package/dist/securityHelpers.js

@@ -1 +1 @@
-const i=new Set(["NODE_OPTIONS","NODE_PATH","NODE_EXTRA_CA_CERTS","NODE_DEBUG","NODE_PRESERVE_SYMLINKS","LD_PRELOAD","LD_LIBRARY_PATH","LD_AUDIT","LD_BIND_NOW","DYLD_INSERT_LIBRARIES","DYLD_LIBRARY_PATH","DYLD_FRAMEWORK_PATH","PYTHONPATH","PYTHONSTARTUP","PERL5LIB","PERL5OPT","RUBYLIB","RUBYOPT","HOME","XDG_CONFIG_HOME","AWS_SHARED_CREDENTIALS_FILE","AWS_CONFIG_FILE","SHELL","BASH_ENV","ENV","ZDOTDIR"]);function c(e){return Object.fromEntries(Object.entries(e).filter(([s])=>!i.has(s.toUpperCase())))}const o=/fjall_ak_[A-Z2-7]{16}\.[A-Z2-7]{40}/;function l(e){return e.replace(/(\w+:\/\/[^:]+:)[^@]+(@)/gi,"$1***$2").replace(/(?<![a-zA-Z])(password|passwd|secret|api[_-]?key|token|auth|credential)([=:])["']?[^\s"']+/gi,"$1$2***").replace(/\b(ghu_|ghs_|ghp_|github_pat_)[A-Za-z0-9_]+/g,"***").replace(/(?<=Authorization:\s*Bearer\s+)[A-Za-z0-9._~+/=-]+/gi,"***").replace(/(?<=AWS_SECRET_ACCESS_KEY=|SecretAccessKey[=:]\s*|"secretAccessKey":\s*")[A-Za-z0-9/+=]{40,}/g,"***").replace(new RegExp(o.source,"g"),"fjall_ak_***")}function A(e){const s=[];let t="",r=!1,n=!1,E=!1,a=!1;for(const _ of e){if(E){t+=_,E=!1;continue}if(_==="\\"&&!r){E=!0;continue}if(_==="'"&&!n){r=!r,a=!0;continue}if(_==='"'&&!r){n=!n,a=!0;continue}if(_===" "&&!r&&!n){(t||a)&&(s.push(t),t="",a=!1);continue}t+=_}if(r||n)throw new Error(`Unbalanced ${r?"single":"double"} quote in command: ${e.slice(0,80)}`);if(E)throw new Error(`Trailing backslash in command: ${e.slice(0,80)}`);return(t||a)&&s.push(t),s}export{i as DANGEROUS_ENV_VARS,o as SCOPED_TOKEN_REGEX,c as filterDangerousEnvVars,l as maskSensitiveOutput,A as parseShellArgs};
+const E=new Set(["NODE_OPTIONS","NODE_PATH","NODE_EXTRA_CA_CERTS","NODE_DEBUG","NODE_PRESERVE_SYMLINKS","LD_PRELOAD","LD_LIBRARY_PATH","LD_AUDIT","LD_BIND_NOW","DYLD_INSERT_LIBRARIES","DYLD_LIBRARY_PATH","DYLD_FRAMEWORK_PATH","PYTHONPATH","PYTHONSTARTUP","PERL5LIB","PERL5OPT","RUBYLIB","RUBYOPT","HOME","XDG_CONFIG_HOME","AWS_SHARED_CREDENTIALS_FILE","AWS_CONFIG_FILE","SHELL","BASH_ENV","ENV","ZDOTDIR"]);function A(e){return Object.fromEntries(Object.entries(e).filter(([s])=>!E.has(s.toUpperCase())))}const c=/fjall_ak_[A-Z2-7]{16}\.[A-Z2-7]{40}/,i=/fjall_ak_[A-Z2-7]{16}\.[A-Z2-7]{40}/g;function o(e){return e.replace(/(\w+:\/\/[^:]+:)[^@]+(@)/gi,"$1***$2").replace(/(?<![a-zA-Z])(password|passwd|secret|api[_-]?key|token|auth|credential)([=:])["']?[^\s"']+/gi,"$1$2***").replace(/\b(ghu_|ghs_|ghp_|gho_|github_pat_)[A-Za-z0-9_]+/g,"$1***").replace(/(?<=Authorization:\s*Bearer\s+)[A-Za-z0-9._~+/=-]+/gi,"***").replace(/\b(AKIA|ASIA)[A-Z0-9]{12,}\b/g,"$1***").replace(/(?<=AWS_SECRET_ACCESS_KEY=|SecretAccessKey[=:]\s*|"secretAccessKey":\s*")[A-Za-z0-9/+=]{40,}/g,"***").replace(/(arn:aws[^:]*:[^:]*:[^:]*:)(\d{12})(:[^\s]*)/g,"$1***$3").replace(/(?<="(aws)?[Ss]essionToken":\s*")[^"]+/g,"***").replace(/(?<="(internal[Aa]piKey|fjallCallbackToken)":\s*")[^"]+/g,"***").replace(i,"fjall_ak_***")}function u(e){const s=[];let r="",t=!1,_=!1,l=!1,n=!1;for(const a of e){if(l){r+=a,l=!1;continue}if(a==="\\"&&!t){l=!0;continue}if(a==="'"&&!_){t=!t,n=!0;continue}if(a==='"'&&!t){_=!_,n=!0;continue}if(a===" "&&!t&&!_){(r||n)&&(s.push(r),r="",n=!1);continue}r+=a}if(t||_)throw new Error(`Unbalanced ${t?"single":"double"} quote in command: ${e.slice(0,80)}`);if(l)throw new Error(`Trailing backslash in command: ${e.slice(0,80)}`);return(r||n)&&s.push(r),s}export{E as DANGEROUS_ENV_VARS,c as SCOPED_TOKEN_REGEX,A as filterDangerousEnvVars,o as maskSensitiveOutput,u as parseShellArgs};

package/dist/tokenScopes.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Single source of truth for scoped-token scope values shared across
+ * webapp (`/api/tokens` schemas + `scopedAuth.ts`) and CLI (agent output
+ * layer's `getRequiredScopes()` lookup).
+ *
+ * Drift between the two sides previously meant a webapp role granting
+ * a scope the CLI did not know how to request, or vice versa. Both
+ * consumers now import `SCOPE_VALUES` / `TokenScope` from here.
+ */
+export declare const SCOPE_VALUES: readonly ["read", "write", "deploy", "secrets:read", "secrets:write", "destroy", "admin", "applications:read", "applications:deploy"];
+export type TokenScope = (typeof SCOPE_VALUES)[number];

package/dist/tokenScopes.js

@@ -0,0 +1 @@
+const e=["read","write","deploy","secrets:read","secrets:write","destroy","admin","applications:read","applications:deploy"];export{e as SCOPE_VALUES};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fjall/util",
-  "version": "0.96.0",
+  "version": "0.99.1",
   "description": "Common utility methods",
   "type": "module",
   "main": "dist/index.js",
@@ -18,6 +18,22 @@
       "types": "./dist/constructMap.d.ts",
       "default": "./dist/constructMap.js"
     },
+    "./docker": {
+      "types": "./dist/docker/index.d.ts",
+      "default": "./dist/docker/index.js"
+    },
+    "./manifest": {
+      "types": "./dist/manifest/index.d.ts",
+      "default": "./dist/manifest/index.js"
+    },
+    "./manifest/schemas": {
+      "types": "./dist/manifest/schemas.d.ts",
+      "default": "./dist/manifest/schemas.js"
+    },
+    "./manifest/io": {
+      "types": "./dist/manifest/io.d.ts",
+      "default": "./dist/manifest/io.js"
+    },
     "./environments": {
       "types": "./dist/environments.d.ts",
       "default": "./dist/environments.js"
@@ -26,6 +42,14 @@
       "types": "./dist/fsHelpers.d.ts",
       "default": "./dist/fsHelpers.js"
     },
+    "./migration": {
+      "types": "./dist/migration/index.d.ts",
+      "default": "./dist/migration/index.js"
+    },
+    "./fsScan": {
+      "types": "./dist/fsScan.d.ts",
+      "default": "./dist/fsScan.js"
+    },
     "./targets": {
       "types": "./dist/targets.d.ts",
       "default": "./dist/targets.js"
@@ -45,6 +69,14 @@
     "./insights/computePatternFingerprint": {
       "types": "./dist/insights/computePatternFingerprint.d.ts",
       "default": "./dist/insights/computePatternFingerprint.js"
+    },
+    "./mcpProtocol": {
+      "types": "./dist/mcpProtocol/index.d.ts",
+      "default": "./dist/mcpProtocol/index.js"
+    },
+    "./securityHelpers": {
+      "types": "./dist/securityHelpers.d.ts",
+      "default": "./dist/securityHelpers.js"
     }
   },
   "files": [
@@ -58,21 +90,23 @@
     "watch:only": "npx tsc-watch",
     "format": "prettier --write \"src/**/*.{ts,tsx,js,jsx,json}\"",
     "format:check": "prettier --check \"src/**/*.{ts,tsx,js,jsx,json}\"",
+    "lint": "eslint src/",
+    "lint:fix": "eslint src/ --fix",
     "test": "vitest run",
     "typecheck": "npx tsc --noEmit"
   },
   "author": "",
   "license": "SEE LICENSE IN LICENSE",
   "devDependencies": {
-    "@types/node": "^22.13.10",
-    "prettier": "^3.2.5",
-    "tsc-watch": "^7.0.0",
-    "typescript": "^5.8.2",
-    "vitest": "^4.1.0"
+    "@types/node": "^25.6.0",
+    "prettier": "^3.8.3",
+    "tsc-watch": "^7.2.0",
+    "typescript": "^6.0.3",
+    "vitest": "^4.1.5"
   },
   "dependencies": {
-    "@aws-sdk/client-organizations": "^3.997.0",
-    "zod": "^4.3.6"
+    "@aws-sdk/client-organizations": "^3.1038.0",
+    "zod": "^4.4.3"
   },
   "overrides": {
     "@smithy/core": "2.5.5"
@@ -80,5 +114,5 @@
   "engines": {
     "node": ">=22.0.0"
   },
-  "gitHead": "bfbd3625ab029ba77a6571630e0edb85f9d53380"
+  "gitHead": "0b8cc9b7c5017ca126c884da4cb29793dd26c96a"
 }