@fjall/util 2.12.0 → 2.13.0

package/dist/.minified

@@ -1 +1 @@
-59 files minified at 2026-06-09T10:15:26.341Z
+61 files minified at 2026-06-10T21:04:19.408Z

package/dist/Config.d.ts

@@ -1,4 +1,5 @@
 import { z } from "zod";
+import { type Result } from "./docker/result.js";
 import { type AccountTier } from "./environments.js";
 /**
  * Backup Vault Lock modes for an account's DisasterRecovery vault.
@@ -13,6 +14,40 @@ export type VaultLockMode = (typeof VAULT_LOCK_MODES)[number];
  */
 export declare const S3_BPA_MODES: readonly ["enforced", "off"];
 export type S3BpaMode = (typeof S3_BPA_MODES)[number];
+/**
+ * Per-account management-events-trail lifecycle for the organisation-trail
+ * migration. Absent ⇒ legacy per-account trail, auto-eligible for migration
+ * once org-trail delivery is verified. "account" pins the per-account trail
+ * (the explicit reverse path). "draining" removes the trail resource while
+ * retaining its bucket + CMK. "org" is terminal: the organisation trail
+ * covers the account and local storage has been decommissioned.
+ */
+export declare const TRAIL_LIFECYCLE_STATES: readonly ["account", "draining", "org"];
+export type TrailLifecycleState = (typeof TRAIL_LIFECYCLE_STATES)[number];
+/**
+ * Trail names shared between the CDK constructs
+ * (@fjall/components-infrastructure) and the deploy-core org-trail migration —
+ * SDK probes (DescribeTrails) must match what the constructs synthesise.
+ */
+export declare const ACCOUNT_TRAIL_NAME = "managementEvents";
+export declare const ORGANISATION_TRAIL_NAME = "organisationManagementEvents";
+/**
+ * CDK-side trail-state vocabulary (the `fjallAccountTrailState` context
+ * value), shared between the CDK constructs and deploy-core's context
+ * builders. Distinct from TRAIL_LIFECYCLE_STATES: config intent
+ * ("account"/"draining"/"org") maps onto synth behaviour
+ * ("active"/"draining"/"removed").
+ */
+export declare const ACCOUNT_TRAIL_STATES: readonly ["active", "draining", "removed"];
+export type AccountTrailState = (typeof ACCOUNT_TRAIL_STATES)[number];
+/**
+ * Stack output keys (CfnOutput key + exportName) emitted by the Account /
+ * Organisation CDK patterns and read back by the deploy-core org-trail
+ * migration reconciler — both sides must use the same literals.
+ */
+export declare const TRAIL_BUCKET_OUTPUT_KEY = "FjallTrailBucketName";
+export declare const TRAIL_KEY_ARN_OUTPUT_KEY = "FjallTrailKeyArn";
+export declare const ORG_TRAIL_BUCKET_OUTPUT_KEY = "OrganisationTrailBucketName";
 export type ProviderAccount = {
     id: string;
     name: string;
@@ -52,6 +87,17 @@ export type ProviderAccount = {
      * instead). "enforced" sets all four account-level public-access flags true.
      */
     s3BlockPublicAccess?: S3BpaMode;
+    /**
+     * Management-events-trail lifecycle for the org-trail migration. Absent ⇒
+     * legacy per-account trail (auto-eligible); see TRAIL_LIFECYCLE_STATES.
+     */
+    trailLifecycle?: TrailLifecycleState;
+    /**
+     * Explicit acknowledgement that decommissioning the per-account trail
+     * discards its retained log history. Bucket deletion never proceeds without
+     * it — back up the bucket first if the history matters.
+     */
+    acknowledgeTrailHistoryLoss?: boolean;
 };
 export type Profile = {
     type: "sso" | "oidc";
@@ -100,17 +146,50 @@ export type RootConfig = z.infer<typeof RootConfigSchema>;
 export declare class Config {
     rootConfig: RootConfig;
     private configPath;
+    /**
+     * True when the config file was FOUND on disk but could not be read.
+     * saveConfig refuses to write in that state — the in-memory config never
+     * included the real file's contents, so writing would clobber them.
+     */
+    private loadFailed;
+    /**
+     * Top-level keys explicitly cleared this session (clearActiveTarget).
+     * The disk-preserving merge in saveConfig would otherwise resurrect them
+     * from the on-disk copy.
+     */
+    private readonly clearedKeys;
     constructor(rootConfig?: RootConfig, configPath?: string);
     /**
      * Find the config directory by walking up the directory tree.
      * Looks for fjall/fjall-config.json or direct fjall-config.json.
+     * Walks up from `startDir` when provided, otherwise from process.cwd().
      */
     private static findConfigDirectory;
     private static loadConfigFile;
-    static loadConfig(): Config;
+    /**
+     * Load the config, walking up from `startDir` (default process.cwd()).
+     */
+    static loadConfig(startDir?: string): Config;
     private static formatZodError;
-    saveConfig(): void;
-    static getConfigDirectory(): string | null;
+    saveConfig(): Result<void, Error>;
+    /**
+     * Writability is checked at save time, not load time: POSIX rename replaces
+     * a read-only destination whenever the directory is writable, so without
+     * this guard the tmp-plus-rename write would silently replace a chmod-444
+     * config.
+     */
+    private static assertWritable;
+    /**
+     * Disk-preserving merge: re-reads the on-disk config immediately before
+     * writing so sibling top-level keys written by a concurrent process between
+     * this session's load and save survive. In-memory keys win at top-level-key
+     * granularity; keys explicitly cleared this session are removed even when
+     * the disk copy still carries them. Unreadable or invalid disk state falls
+     * back to the in-memory state with a warning rather than blocking the save.
+     */
+    private mergeWithDisk;
+    private static readDiskConfigForMerge;
+    static getConfigDirectory(startDir?: string): string | null;
     getActiveTarget(): string | undefined;
     setActiveTarget(name: string): void;
     clearActiveTarget(): void;

package/dist/Config.js

@@ -1 +1 @@
-import*as r from"fs";import*as s from"path";import{z as e}from"zod";import{logger as g}from"./logger.js";const l=10,h=["compliance","governance","none"],p=["enforced","off"],m=e.object({name:e.string(),type:e.enum(["apex","delegated"]),parentDomain:e.string().optional(),account:e.string().optional()}).strict(),d=e.object({activeTarget:e.string().optional(),domains:e.array(m).optional()}).strict();class a{rootConfig;configPath=null;constructor(o,t){this.rootConfig=o??{},this.configPath=t??null}static findConfigDirectory(){let o=process.cwd();for(let t=0;t<l;t++){const n=s.join(o,"fjall"),i=s.join(n,"fjall-config.json");if(r.existsSync(i))return n;const c=s.join(o,"fjall-config.json");if(r.existsSync(c))return o;const f=s.dirname(o);if(f===o)break;o=f}return null}static loadConfigFile(o){try{return r.accessSync(o,r.constants.R_OK|r.constants.W_OK),r.readFileSync(o,{encoding:"utf8"})}catch(t){return g.debug("Config","Config file not accessible",{file:o,error:t instanceof Error?t.message:String(t)}),null}}static loadConfig(){const o=a.findConfigDirectory();if(!o)return new a;const t=s.join(o,"fjall-config.json"),n=a.loadConfigFile(t);let i;if(n)try{i=d.parse(JSON.parse(n))}catch(c){throw a.formatZodError(c,"fjall-config.json")}return new a(i,t)}static formatZodError(o,t){if(o instanceof e.ZodError&&o.issues.length>0){const c=o.issues.map(f=>`${f.path.join(".")}: ${f.message}`).join("; ");return new Error(`Failed to parse ${t}: ${c}`)}const i=(o instanceof Error?o.message:String(o)).replace(/\n/g," ").substring(0,500);return new Error(`Failed to parse ${t}: ${i}`)}saveConfig(){let o=this.configPath;if(!o){const c=a.findConfigDirectory()||s.join(process.cwd(),"fjall");o=s.join(c,"fjall-config.json")}const t=s.dirname(o);r.mkdirSync(t,{recursive:!0});const n=JSON.stringify(this.rootConfig,null,2),i=`${o}.tmp`;r.writeFileSync(i,n,{mode:384}),r.renameSync(i,o)}static getConfigDirectory(){return a.findConfigDirectory()}getActiveTarget(){return this.rootConfig.activeTarget}setActiveTarget(o){this.rootConfig.activeTarget=o}clearActiveTarget(){this.rootConfig.activeTarget=void 0}getDomains(){return this.rootConfig.domains??[]}setDomains(o){this.rootConfig.domains=o}addDomain(o){this.rootConfig.domains||(this.rootConfig.domains=[]),this.rootConfig.domains.push(o)}getDomain(o){return this.rootConfig.domains?.find(t=>t.name.toLowerCase()===o.toLowerCase())}removeDomain(o){if(!this.rootConfig.domains)return!1;const t=this.rootConfig.domains.findIndex(n=>n.name.toLowerCase()===o.toLowerCase());return t===-1?!1:(this.rootConfig.domains.splice(t,1),!0)}}export{a as Config,d as RootConfigSchema,p as S3_BPA_MODES,h as VAULT_LOCK_MODES};
+import*as i from"fs";import*as f from"path";import{z as c}from"zod";import{failure as d,success as h}from"./docker/result.js";import{getErrorMessage as g}from"./errorUtils.js";import{logger as u}from"./logger.js";import{maskSensitiveOutput as l}from"./securityHelpers.js";const y=10,O=["compliance","governance","none"],$=["enforced","off"],_=["account","draining","org"],x="managementEvents",F="organisationManagementEvents",K=["active","draining","removed"],b="FjallTrailBucketName",k="FjallTrailKeyArn",L="OrganisationTrailBucketName",w=c.object({name:c.string(),type:c.enum(["apex","delegated"]),parentDomain:c.string().optional(),account:c.string().optional()}).strict(),m=c.object({activeTarget:c.string().optional(),domains:c.array(w).optional()}).strict(),T=m.keyof().options;function E(C,e,t){const n=e[t];n!==void 0&&(C[t]=n)}class s{rootConfig;configPath=null;loadFailed=!1;clearedKeys=new Set;constructor(e,t){this.rootConfig=e??{},this.configPath=t??null}static findConfigDirectory(e){let t=e!==void 0&&e!==""?e:process.cwd();for(let n=0;n<y;n++){const o=f.join(t,"fjall"),a=f.join(o,"fjall-config.json");if(i.existsSync(a))return o;const r=f.join(t,"fjall-config.json");if(i.existsSync(r))return t;const p=f.dirname(t);if(p===t)break;t=p}return null}static loadConfigFile(e){try{return i.accessSync(e,i.constants.R_OK),i.readFileSync(e,{encoding:"utf8"})}catch(t){return u.warn("Config",`Config file at ${e} could not be read; using defaults`,{file:e,error:l(g(t))}),null}}static loadConfig(e){const t=s.findConfigDirectory(e);if(!t)return new s;const n=f.join(t,"fjall-config.json"),o=s.loadConfigFile(n);if(o===null){const r=new s(void 0,n);return r.loadFailed=!0,r}let a;if(o!=="")try{a=m.parse(JSON.parse(o))}catch(r){throw s.formatZodError(r,"fjall-config.json")}return new s(a,n)}static formatZodError(e,t){if(e instanceof c.ZodError&&e.issues.length>0){const a=e.issues.map(r=>`${r.path.join(".")}: ${r.message}`).join("; ");return new Error(`Failed to parse ${t}: ${a}`)}const o=(e instanceof Error?e.message:String(e)).replace(/\n/g," ").substring(0,500);return new Error(`Failed to parse ${t}: ${o}`)}saveConfig(){let e=this.configPath;if(!e){const r=s.findConfigDirectory()||f.join(process.cwd(),"fjall");e=f.join(r,"fjall-config.json")}if(this.loadFailed)return d(new Error(`Refusing to save ${e}: the file exists but could not be read when this config loaded, so saving would replace its contents with state that never included them. Fix the file permissions (e.g. chmod u+rw ${e}) and retry.`));const t=f.dirname(e);try{i.mkdirSync(t,{recursive:!0})}catch(r){return d(new Error(`Cannot create config directory ${t}: ${l(g(r))}`))}const n=s.assertWritable(e,t);if(!n.success)return n;const o=JSON.stringify(this.mergeWithDisk(e),null,2),a=`${e}.tmp-${process.pid}`;try{i.writeFileSync(a,o,{mode:384}),i.renameSync(a,e)}catch(r){return d(new Error(`Failed to save ${e}: ${l(g(r))}`))}return h(void 0)}static assertWritable(e,t){if(i.existsSync(e))try{i.accessSync(e,i.constants.W_OK)}catch{return d(new Error(`Cannot save ${e}: the file is read-only. Make it writable (e.g. chmod u+w ${e}) and retry.`))}try{i.accessSync(t,i.constants.W_OK)}catch{return d(new Error(`Cannot save ${e}: the directory ${t} is not writable. Make it writable (e.g. chmod u+w ${t}) and retry.`))}return h(void 0)}mergeWithDisk(e){const t=s.readDiskConfigForMerge(e);if(t===void 0)return this.rootConfig;const n={...t};for(const o of T)E(n,this.rootConfig,o);for(const o of this.clearedKeys)delete n[o];return n}static readDiskConfigForMerge(e){if(!i.existsSync(e))return;let t;try{t=JSON.parse(i.readFileSync(e,{encoding:"utf8"}))}catch(o){u.warn("Config",`Could not re-read ${e} before saving; writing in-memory state without merging`,{file:e,error:l(g(o))});return}const n=m.safeParse(t);if(!n.success){u.warn("Config",`On-disk ${e} failed validation before saving; writing in-memory state without merging`,{file:e,error:l(n.error.message)});return}return n.data}static getConfigDirectory(e){return s.findConfigDirectory(e)}getActiveTarget(){return this.rootConfig.activeTarget}setActiveTarget(e){this.rootConfig.activeTarget=e,this.clearedKeys.delete("activeTarget")}clearActiveTarget(){this.rootConfig.activeTarget=void 0,this.clearedKeys.add("activeTarget")}getDomains(){return this.rootConfig.domains??[]}setDomains(e){this.rootConfig.domains=e}addDomain(e){this.rootConfig.domains||(this.rootConfig.domains=[]),this.rootConfig.domains.push(e)}getDomain(e){return this.rootConfig.domains?.find(t=>t.name.toLowerCase()===e.toLowerCase())}removeDomain(e){if(!this.rootConfig.domains)return!1;const t=this.rootConfig.domains.findIndex(n=>n.name.toLowerCase()===e.toLowerCase());return t===-1?!1:(this.rootConfig.domains.splice(t,1),!0)}}export{x as ACCOUNT_TRAIL_NAME,K as ACCOUNT_TRAIL_STATES,s as Config,F as ORGANISATION_TRAIL_NAME,L as ORG_TRAIL_BUCKET_OUTPUT_KEY,m as RootConfigSchema,$ as S3_BPA_MODES,b as TRAIL_BUCKET_OUTPUT_KEY,k as TRAIL_KEY_ARN_OUTPUT_KEY,_ as TRAIL_LIFECYCLE_STATES,O as VAULT_LOCK_MODES};

package/dist/backupVault.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Fixed name of the disaster-recovery backup vault. Single source of truth for
+ * the @fjall/components-infrastructure DisasterRecovery construct (which
+ * creates the vault under this name) and deploy-core's adopt-vs-create and
+ * survival probes (which look it up by the same name).
+ */
+export declare const BACKUP_VAULT_NAME = "backupVault";

package/dist/backupVault.js

@@ -0,0 +1 @@
+const t="backupVault";export{t as BACKUP_VAULT_NAME};

package/dist/connectionsWire.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Wire contract for `GET /api/connections/list` — the single shared shape
+ * between the webapp producer (`webapp/app/routes/api/connections/list.ts`)
+ * and the CLI consumer (`FjallApiClient.getConnectedAccounts`). Neither side
+ * may redeclare this record: the producer conforms at compile time via
+ * `satisfies ConnectionWire`, the consumer parses with `safeParse`.
+ */
+import { z } from "zod";
+export declare const ConnectionWireSchema: z.ZodObject<{
+    awsAccountId: z.ZodString;
+    accountName: z.ZodNullable<z.ZodString>;
+    status: z.ZodString;
+    role: z.ZodString;
+    roleArn: z.ZodString;
+    environment: z.ZodOptional<z.ZodString>;
+    connectedAt: z.ZodString;
+}, z.core.$strip>;
+export type ConnectionWire = z.infer<typeof ConnectionWireSchema>;
+export declare const ConnectionsListResponseSchema: z.ZodObject<{
+    accounts: z.ZodArray<z.ZodObject<{
+        awsAccountId: z.ZodString;
+        accountName: z.ZodNullable<z.ZodString>;
+        status: z.ZodString;
+        role: z.ZodString;
+        roleArn: z.ZodString;
+        environment: z.ZodOptional<z.ZodString>;
+        connectedAt: z.ZodString;
+    }, z.core.$strip>>;
+}, z.core.$strip>;
+export type ConnectionsListResponse = z.infer<typeof ConnectionsListResponseSchema>;

package/dist/connectionsWire.js

@@ -0,0 +1 @@
+import{z as n}from"zod";const t=n.object({awsAccountId:n.string(),accountName:n.string().nullable(),status:n.string(),role:n.string(),roleArn:n.string(),environment:n.string().optional(),connectedAt:n.string()}),e=n.object({accounts:n.array(t)});export{t as ConnectionWireSchema,e as ConnectionsListResponseSchema};

package/dist/environments.d.ts

@@ -2,8 +2,9 @@
  * Environment + account-axis constants shared across CLI, webapp, and
  * deploy-core. Two independent axes live here: the workload STAGE
  * ([[ACCOUNT_STAGES]]) and the structural TIER ([[ACCOUNT_TIERS]]). "root" is
- * NOT a stage — it is the management-account TIER, derived from
- * role === "organisation" and never user-selectable.
+ * NOT a stage and NOT a tier — it is the wire environment marker that decodes
+ * to tier "organisation" via [[environmentToTier]], and is never
+ * user-selectable.
  */
 import { z } from "zod";
 export declare const ACCOUNT_STAGES: readonly ["production", "staging", "development", "platform", "compliance"];
@@ -27,8 +28,12 @@ export declare const STRUCTURAL_ENVIRONMENTS: {
  * GET→PUT round-trip accept this superset, then decode "root" → null at
  * PERSISTENCE via [[stageFromWireEnvironment]] (the DB never stores structural
  * root). NOT a user-facing picker vocabulary — pickers use ACCOUNT_STAGES.
- * Retained through the old-CLI drain; wire-rejection of "root" is deferred to a
- * future follow-up. See decisions/2026-06-07-account-tier-vs-stage-separation.md.
+ * PERMANENT ingest vocabulary, not a drain-gated shim: the separate-root
+ * connect deliberately carries environment:"root" as its intent marker
+ * (solo-to-org lifecycle ADR, decision 7), so wire-rejection of "root" is
+ * unreachable; only derived-EMIT of "root" retires, per-org, behind the CLI
+ * telemetry gate. See decisions/2026-06-07-account-tier-vs-stage-separation.md
+ * § "Wire back-compat (permanent, not transitional)".
  */
 export declare const ACCOUNT_STAGES_WITH_ROOT: readonly ["production", "staging", "development", "platform", "compliance", "root"];
 export type AccountStageWithRoot = (typeof ACCOUNT_STAGES_WITH_ROOT)[number];
@@ -37,8 +42,9 @@ export declare function getEnvironmentLabel(env: string): string;
 /**
  * Structural TIER axis: an account's role in the organisation. Independent of
  * the workload STAGE axis ([[ACCOUNT_STAGES]]) — a tier is never derived from a
- * stage and vice versa. Same literals as [[ACCOUNT_ROLES]], which `satisfies`
- * this type so the two cannot drift.
+ * stage and vice versa. Same literals as [[ACCOUNT_ROLES]]: its `satisfies`
+ * clause rejects non-tier values, and [[ACCOUNT_ROLE_TIER_PRESENCE]] rejects a
+ * missing or duplicated tier, so the two cannot drift.
  */
 export declare const ACCOUNT_TIERS: readonly ["organisation", "platform", "account"];
 export type AccountTier = (typeof ACCOUNT_TIERS)[number];
@@ -47,8 +53,6 @@ export declare const AccountTierSchema: z.ZodEnum<{
     organisation: "organisation";
     account: "account";
 }>;
-/** Type guard: checks whether a string is a valid account tier. */
-export declare function isAccountTier(value: string): value is AccountTier;
 /**
  * AWS account roles in the wire format used across the CLI, webapp API
  * responses, and the Prisma `AccountRole` enum. This is the SINGLE SOURCE
@@ -69,6 +73,8 @@ export declare const ACCOUNT_ROLES: {
     readonly PLATFORM: "platform";
     readonly ACCOUNT: "account";
 };
+/** Type guard: checks whether a string is a valid account tier. */
+export declare function isAccountTier(value: string): value is AccountTier;
 /**
  * Decode an inbound wire `environment` to its structural TIER. The wire stays
  * superset-tolerant: out-of-version CLIs and the post-`fjall create org`

package/dist/environments.js

@@ -1 +1 @@
-import{z as c}from"zod";const r=["production","staging","development","platform","compliance"],i={production:"Production",staging:"Staging",development:"Development",platform:"Platform",compliance:"Compliance"},T=new Set(r);function n(t){return T.has(t)}const o={ROOT:"root",PLATFORM:"platform"},O=[...r,o.ROOT];function A(t){return n(t)?i[t]:t.charAt(0).toUpperCase()+t.slice(1)}const e=["organisation","platform","account"],l=c.enum(e),a=new Set(e);function s(t){return a.has(t)}const C={ORGANISATION:"organisation",PLATFORM:"platform",ACCOUNT:"account"};function p(t){return t===o.ROOT?"organisation":t===o.PLATFORM?"platform":"account"}function S(t){return t==null||t===""||t===o.ROOT?null:n(t)?t:null}function f(t){return t.tier??p(t.environment)}export{C as ACCOUNT_ROLES,r as ACCOUNT_STAGES,O as ACCOUNT_STAGES_WITH_ROOT,i as ACCOUNT_STAGE_LABELS,e as ACCOUNT_TIERS,l as AccountTierSchema,o as STRUCTURAL_ENVIRONMENTS,f as accountTier,p as environmentToTier,A as getEnvironmentLabel,n as isAccountStage,s as isAccountTier,S as stageFromWireEnvironment};
+import{z as c}from"zod";const n=["production","staging","development","platform","compliance"],T={production:"Production",staging:"Staging",development:"Development",platform:"Platform",compliance:"Compliance"},i=new Set(n);function e(t){return i.has(t)}const o={ROOT:"root",PLATFORM:"platform"},C=[...n,o.ROOT];function s(t){return e(t)?T[t]:t.charAt(0).toUpperCase()+t.slice(1)}const u=["organisation","platform","account"],l=c.enum(u),r={ORGANISATION:"organisation",PLATFORM:"platform",ACCOUNT:"account"},O={[r.ORGANISATION]:!0,[r.PLATFORM]:!0,[r.ACCOUNT]:!0},a=new Set(Object.keys(O));function S(t){return a.has(t)}function p(t){return t===o.ROOT?"organisation":t===o.PLATFORM?"platform":"account"}function R(t){return t==null||t===""||t===o.ROOT?null:e(t)?t:null}function E(t){return t.tier??p(t.environment)}export{r as ACCOUNT_ROLES,n as ACCOUNT_STAGES,C as ACCOUNT_STAGES_WITH_ROOT,T as ACCOUNT_STAGE_LABELS,u as ACCOUNT_TIERS,l as AccountTierSchema,o as STRUCTURAL_ENVIRONMENTS,E as accountTier,p as environmentToTier,s as getEnvironmentLabel,e as isAccountStage,S as isAccountTier,R as stageFromWireEnvironment};

package/dist/index.d.ts

@@ -1,4 +1,5 @@
 export { DNS_APEX, getDomainExportNames, type ManagedDomainExports } from "./domainExports.js";
+export { BACKUP_VAULT_NAME } from "./backupVault.js";
 export { toPascalCase, toKebab, toValidDatabaseName, toScreamingSnake, capitalise, getSafeZoneName, accountConstructKey, hasAsciiStableConstructKey } from "./caseConversion.js";
 export { findAccountNameCollision, type AccountNameCollision } from "./accountNameCollision.js";
 export { normaliseError, getErrorMessage, hasErrorCode, getErrorCode, getErrorStack, formatErrorString } from "./errorUtils.js";
@@ -11,7 +12,8 @@ export { RESOURCE_CATEGORIES, type ResourceCategory, categoriseResource, getExpe
 export { parseGitRemoteUrl, type GitProvider, type ParsedGitRemote } from "./gitRemoteParser.js";
 export { abbreviateRegion } from "./regions.js";
 export { SCOPE_VALUES, type TokenScope } from "./tokenScopes.js";
-export { deriveRegionsFromOrgConfig, deriveTargets, deriveAllTargets, findTarget, generateTargetName, type OrgConfigRegions, type TargetAccount, type DerivedTarget } from "./targets.js";
+export { ConnectionWireSchema, type ConnectionWire, ConnectionsListResponseSchema, type ConnectionsListResponse } from "./connectionsWire.js";
+export { deriveRegionsFromOrgConfig, deriveTargets, deriveAllTargets, environmentOrTier, findTarget, generateTargetName, type OrgConfigRegions, type TargetAccount, type DerivedTarget } from "./targets.js";
 export { buildAppConfigPath } from "./appPath.js";
 export { type ScanPath } from "./scanTypes.js";
 export { findInfrastructurePaths, findBoundaryPath, isInfrastructureFile, type MarkerEntry, type FindInfrastructurePathsOptions } from "./findInfrastructurePaths.js";

package/dist/index.js

@@ -1 +1 @@
-import{DNS_APEX as o,getDomainExportNames as t}from"./domainExports.js";import{toPascalCase as a,toKebab as n,toValidDatabaseName as i,toScreamingSnake as S,capitalise as _,getSafeZoneName as m,accountConstructKey as s,hasAsciiStableConstructKey as A}from"./caseConversion.js";import{findAccountNameCollision as T}from"./accountNameCollision.js";import{normaliseError as N,getErrorMessage as f,hasErrorCode as R,getErrorCode as c,getErrorStack as g,formatErrorString as O}from"./errorUtils.js";import{singleton as I}from"./singleton.js";import{DANGEROUS_ENV_VARS as l,filterDangerousEnvVars as d,maskSensitiveOutput as P,parseShellArgs as M}from"./securityHelpers.js";import{sleep as D}from"./sleep.js";import{mapSettledWithConcurrency as v}from"./concurrency.js";import{ACCOUNT_STAGES_WITH_ROOT as h,STRUCTURAL_ENVIRONMENTS as G,ACCOUNT_STAGES as b,ACCOUNT_STAGE_LABELS as L,isAccountStage as y,ACCOUNT_TIERS as F,AccountTierSchema as K,isAccountTier as X,environmentToTier as W,stageFromWireEnvironment as k,accountTier as B,getEnvironmentLabel as Z,ACCOUNT_ROLES as j}from"./environments.js";import{RESOURCE_CATEGORIES as w,categoriseResource as z,getExpectedDuration as J,getFriendlyResourceType as Q}from"./resourceCategorisation.js";import{parseGitRemoteUrl as $}from"./gitRemoteParser.js";import{abbreviateRegion as re}from"./regions.js";import{SCOPE_VALUES as te}from"./tokenScopes.js";import{deriveRegionsFromOrgConfig as ae,deriveTargets as ne,deriveAllTargets as ie,findTarget as Se,generateTargetName as _e}from"./targets.js";import{buildAppConfigPath as se}from"./appPath.js";import{findInfrastructurePaths as Ce,findBoundaryPath as Te,isInfrastructureFile as pe}from"./findInfrastructurePaths.js";import{inferContainerFromCandidates as fe}from"./inferContainerFromCandidates.js";import{RESERVED_APP_NAMES as ce,isReservedAppName as ge}from"./reservedAppNames.js";import{deriveContentHashTag as xe}from"./deriveContentHashTag.js";import{MIGRATION_SNAPSHOT_NAME_PREFIX as ue,EXPECTED_SCHEMA_VERSION_ENV as le,EXPECTED_SCHEMA_VERSION_TOOL_ENV as de,EXPECTED_CH_SCHEMA_VERSION_ENV as Pe,SCHEMA_ADMIN_USER_ENV as Me,SCHEMA_ADMIN_PASSWORD_ENV as Ve,PRISMA_MIGRATION_DIR_RE as De,CLICKHOUSE_MIGRATION_SKIP_RE as Ue}from"./migration/constants.js";export{j as ACCOUNT_ROLES,b as ACCOUNT_STAGES,h as ACCOUNT_STAGES_WITH_ROOT,L as ACCOUNT_STAGE_LABELS,F as ACCOUNT_TIERS,K as AccountTierSchema,Ue as CLICKHOUSE_MIGRATION_SKIP_RE,l as DANGEROUS_ENV_VARS,o as DNS_APEX,Pe as EXPECTED_CH_SCHEMA_VERSION_ENV,le as EXPECTED_SCHEMA_VERSION_ENV,de as EXPECTED_SCHEMA_VERSION_TOOL_ENV,ue as MIGRATION_SNAPSHOT_NAME_PREFIX,De as PRISMA_MIGRATION_DIR_RE,ce as RESERVED_APP_NAMES,w as RESOURCE_CATEGORIES,Ve as SCHEMA_ADMIN_PASSWORD_ENV,Me as SCHEMA_ADMIN_USER_ENV,te as SCOPE_VALUES,G as STRUCTURAL_ENVIRONMENTS,re as abbreviateRegion,s as accountConstructKey,B as accountTier,se as buildAppConfigPath,_ as capitalise,z as categoriseResource,ie as deriveAllTargets,xe as deriveContentHashTag,ae as deriveRegionsFromOrgConfig,ne as deriveTargets,W as environmentToTier,d as filterDangerousEnvVars,T as findAccountNameCollision,Te as findBoundaryPath,Ce as findInfrastructurePaths,Se as findTarget,O as formatErrorString,_e as generateTargetName,t as getDomainExportNames,Z as getEnvironmentLabel,c as getErrorCode,f as getErrorMessage,g as getErrorStack,J as getExpectedDuration,Q as getFriendlyResourceType,m as getSafeZoneName,A as hasAsciiStableConstructKey,R as hasErrorCode,fe as inferContainerFromCandidates,y as isAccountStage,X as isAccountTier,pe as isInfrastructureFile,ge as isReservedAppName,v as mapSettledWithConcurrency,P as maskSensitiveOutput,N as normaliseError,$ as parseGitRemoteUrl,M as parseShellArgs,I as singleton,D as sleep,k as stageFromWireEnvironment,n as toKebab,a as toPascalCase,S as toScreamingSnake,i as toValidDatabaseName};
+import{DNS_APEX as o,getDomainExportNames as t}from"./domainExports.js";import{BACKUP_VAULT_NAME as n}from"./backupVault.js";import{toPascalCase as i,toKebab as S,toValidDatabaseName as m,toScreamingSnake as s,capitalise as _,getSafeZoneName as A,accountConstructKey as C,hasAsciiStableConstructKey as p}from"./caseConversion.js";import{findAccountNameCollision as f}from"./accountNameCollision.js";import{normaliseError as R,getErrorMessage as c,hasErrorCode as g,getErrorCode as O,getErrorStack as x,formatErrorString as I}from"./errorUtils.js";import{singleton as l}from"./singleton.js";import{DANGEROUS_ENV_VARS as P,filterDangerousEnvVars as M,maskSensitiveOutput as V,parseShellArgs as U}from"./securityHelpers.js";import{sleep as v}from"./sleep.js";import{mapSettledWithConcurrency as H}from"./concurrency.js";import{ACCOUNT_STAGES_WITH_ROOT as G,STRUCTURAL_ENVIRONMENTS as b,ACCOUNT_STAGES as y,ACCOUNT_STAGE_LABELS as F,isAccountStage as K,ACCOUNT_TIERS as W,AccountTierSchema as X,isAccountTier as k,environmentToTier as B,stageFromWireEnvironment as Z,accountTier as j,getEnvironmentLabel as q,ACCOUNT_ROLES as w}from"./environments.js";import{RESOURCE_CATEGORIES as J,categoriseResource as Q,getExpectedDuration as Y,getFriendlyResourceType as $}from"./resourceCategorisation.js";import{parseGitRemoteUrl as re}from"./gitRemoteParser.js";import{abbreviateRegion as te}from"./regions.js";import{SCOPE_VALUES as ne}from"./tokenScopes.js";import{ConnectionWireSchema as ie,ConnectionsListResponseSchema as Se}from"./connectionsWire.js";import{deriveRegionsFromOrgConfig as se,deriveTargets as _e,deriveAllTargets as Ae,environmentOrTier as Ce,findTarget as pe,generateTargetName as Te}from"./targets.js";import{buildAppConfigPath as Ne}from"./appPath.js";import{findInfrastructurePaths as ce,findBoundaryPath as ge,isInfrastructureFile as Oe}from"./findInfrastructurePaths.js";import{inferContainerFromCandidates as Ie}from"./inferContainerFromCandidates.js";import{RESERVED_APP_NAMES as le,isReservedAppName as de}from"./reservedAppNames.js";import{deriveContentHashTag as Me}from"./deriveContentHashTag.js";import{MIGRATION_SNAPSHOT_NAME_PREFIX as Ue,EXPECTED_SCHEMA_VERSION_ENV as De,EXPECTED_SCHEMA_VERSION_TOOL_ENV as ve,EXPECTED_CH_SCHEMA_VERSION_ENV as he,SCHEMA_ADMIN_USER_ENV as He,SCHEMA_ADMIN_PASSWORD_ENV as Le,PRISMA_MIGRATION_DIR_RE as Ge,CLICKHOUSE_MIGRATION_SKIP_RE as be}from"./migration/constants.js";export{w as ACCOUNT_ROLES,y as ACCOUNT_STAGES,G as ACCOUNT_STAGES_WITH_ROOT,F as ACCOUNT_STAGE_LABELS,W as ACCOUNT_TIERS,X as AccountTierSchema,n as BACKUP_VAULT_NAME,be as CLICKHOUSE_MIGRATION_SKIP_RE,ie as ConnectionWireSchema,Se as ConnectionsListResponseSchema,P as DANGEROUS_ENV_VARS,o as DNS_APEX,he as EXPECTED_CH_SCHEMA_VERSION_ENV,De as EXPECTED_SCHEMA_VERSION_ENV,ve as EXPECTED_SCHEMA_VERSION_TOOL_ENV,Ue as MIGRATION_SNAPSHOT_NAME_PREFIX,Ge as PRISMA_MIGRATION_DIR_RE,le as RESERVED_APP_NAMES,J as RESOURCE_CATEGORIES,Le as SCHEMA_ADMIN_PASSWORD_ENV,He as SCHEMA_ADMIN_USER_ENV,ne as SCOPE_VALUES,b as STRUCTURAL_ENVIRONMENTS,te as abbreviateRegion,C as accountConstructKey,j as accountTier,Ne as buildAppConfigPath,_ as capitalise,Q as categoriseResource,Ae as deriveAllTargets,Me as deriveContentHashTag,se as deriveRegionsFromOrgConfig,_e as deriveTargets,Ce as environmentOrTier,B as environmentToTier,M as filterDangerousEnvVars,f as findAccountNameCollision,ge as findBoundaryPath,ce as findInfrastructurePaths,pe as findTarget,I as formatErrorString,Te as generateTargetName,t as getDomainExportNames,q as getEnvironmentLabel,O as getErrorCode,c as getErrorMessage,x as getErrorStack,Y as getExpectedDuration,$ as getFriendlyResourceType,A as getSafeZoneName,p as hasAsciiStableConstructKey,g as hasErrorCode,Ie as inferContainerFromCandidates,K as isAccountStage,k as isAccountTier,Oe as isInfrastructureFile,de as isReservedAppName,H as mapSettledWithConcurrency,V as maskSensitiveOutput,R as normaliseError,re as parseGitRemoteUrl,U as parseShellArgs,l as singleton,v as sleep,Z as stageFromWireEnvironment,S as toKebab,i as toPascalCase,s as toScreamingSnake,m as toValidDatabaseName};

package/dist/mcpProtocol/index.d.ts

@@ -147,10 +147,9 @@ export type McpProtocolFrame = z.infer<typeof McpProtocolFrameSchema>;
  * Scaffold protocol schemas — wire types for the `plan_app_scaffold`,
  * `apply_app_scaffold`, and dry-run helper paths in `@fjall/mcp`.
  *
- * The shapes here mirror the CLI-side `DryRunArtefacts` (in
- * `cli/src/operations/types.ts`) by hand because `@fjall/util` is a leaf
- * dependency of the CLI and cannot import from it. Drift between the two
- * is a wire-level bug; both sides MUST move together.
+ * These schemas are the single source of truth: the CLI imports them from
+ * `@fjall/util/mcpProtocol` and re-exports aliases in
+ * `cli/src/operations/types.ts`.
  */
 export declare const FileToWriteSchema: z.ZodObject<{
     path: z.ZodString;

package/dist/targets.d.ts

@@ -30,6 +30,15 @@ export interface DerivedTarget {
     environment: string;
     region: string;
 }
+/**
+ * Canonical stage-or-tier fallback. Structural accounts carry a null workload
+ * stage, so display/naming/OU derivation fall back to the structural tier to
+ * stay non-null. Single source for every `environment ?? tier` consumer.
+ */
+export declare function environmentOrTier(account: {
+    environment?: string | null;
+    tier?: AccountTier | null;
+}): string;
 /**
  * Generate a canonical target name from account name and region.
  * e.g. ("Production-US", "us-east-1") → "production-us-use1"

package/dist/targets.js

@@ -1 +1 @@
-import{abbreviateRegion as s}from"./regions.js";import{accountTier as c}from"./environments.js";function m(e){const r=[e.primaryRegion,...e.secondaryRegions??[],e.disasterRecoveryRegion].filter(t=>t!==void 0);return[...new Set(r)]}function u(e,r){return`${e.toLowerCase()}-${s(r)}`}function f(e,r){const t=[];for(const n of e){if(c(n)==="organisation")continue;const o=n.environment??c(n);for(const i of r)t.push({name:u(n.name,i),accountName:n.name,accountId:n.id,environment:o,region:i})}return t.sort((n,o)=>{const i=n.environment.localeCompare(o.environment);if(i!==0)return i;const a=n.accountName.localeCompare(o.accountName);return a!==0?a:n.region.localeCompare(o.region)})}function p(e){return f(e.providerAccounts,m(e))}function v(e,r){if(r.length===0)return e;const t=new Set([e.primaryRegion,e.disasterRecoveryRegion].filter(Boolean)),n=r.filter(o=>!t.has(o));return{...e,secondaryRegions:n.length>0?n:void 0}}function l(e,r){return e.find(t=>t.name===r)}export{p as deriveAllTargets,m as deriveRegionsFromOrgConfig,f as deriveTargets,l as findTarget,u as generateTargetName,v as mergeSecondaryRegions};
+import{abbreviateRegion as m}from"./regions.js";import{accountTier as c}from"./environments.js";function s(e){const r=[e.primaryRegion,...e.secondaryRegions??[],e.disasterRecoveryRegion].filter(t=>t!==void 0);return[...new Set(r)]}function u(e){return e.environment??c(e)}function f(e,r){return`${e.toLowerCase()}-${m(r)}`}function p(e,r){const t=[];for(const n of e){if(c(n)==="organisation")continue;const o=u(n);for(const i of r)t.push({name:f(n.name,i),accountName:n.name,accountId:n.id,environment:o,region:i})}return t.sort((n,o)=>{const i=n.environment.localeCompare(o.environment);if(i!==0)return i;const a=n.accountName.localeCompare(o.accountName);return a!==0?a:n.region.localeCompare(o.region)})}function v(e){return p(e.providerAccounts,s(e))}function l(e,r){if(r.length===0)return e;const t=new Set([e.primaryRegion,e.disasterRecoveryRegion].filter(Boolean)),n=r.filter(o=>!t.has(o));return{...e,secondaryRegions:n.length>0?n:void 0}}function R(e,r){return e.find(t=>t.name===r)}export{v as deriveAllTargets,s as deriveRegionsFromOrgConfig,p as deriveTargets,u as environmentOrTier,R as findTarget,f as generateTargetName,l as mergeSecondaryRegions};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fjall/util",
-  "version": "2.12.0",
+  "version": "2.13.0",
   "description": "Common utility methods",
   "type": "module",
   "main": "dist/index.js",
@@ -117,5 +117,5 @@
   "engines": {
     "node": ">=22.0.0"
   },
-  "gitHead": "dca39a47da956d3d94c689dd782fe285d711d25e"
+  "gitHead": "5b16c5731256628f829d4168c65cf165b3516f9a"
 }