@friggframework/devtools 2.0.0--canary.474.86c5119.0 → 2.0.0--canary.474.6a0bba7.0

package/infrastructure/domains/health/application/use-cases/reconcile-properties-use-case.js

@@ -67,6 +67,8 @@ class ReconcilePropertiesUseCase {
      * @param {Object} params
      * @param {StackIdentifier} params.stackIdentifier - Stack identifier
      * @param {string} params.logicalId - Logical resource ID
+     * @param {string} [params.physicalId] - Physical resource ID (required for resource mode)
+     * @param {string} [params.resourceType] - Resource type (required for resource mode)
      * @param {PropertyMismatch[]} params.mismatches - Property mismatches to reconcile
      * @param {string} [params.mode='template'] - Reconciliation mode
      * @returns {Promise<Object>} Batch reconciliation result
@@ -74,6 +76,8 @@ class ReconcilePropertiesUseCase {
     async reconcileMultipleProperties({
         stackIdentifier,
         logicalId,
+        physicalId,
+        resourceType,
         mismatches,
         mode = 'template',
     }) {
@@ -107,6 +111,8 @@ class ReconcilePropertiesUseCase {
         const batchResult = await this.propertyReconciler.reconcileMultipleProperties({
             stackIdentifier,
             logicalId,
+            physicalId,
+            resourceType,
             mismatches: reconcilableProperties,
             mode,
         });

package/infrastructure/domains/health/application/use-cases/repair-via-import-use-case.js

@@ -12,8 +12,12 @@
  * - Generate CloudFormation template snippets
  * - Execute import operations (single or batch)
  * - Track import operation status
+ * - Map orphaned resources to correct logical IDs using template comparison
  */
 
+const { TemplateParser } = require('../../domain/services/template-parser');
+const { LogicalIdMapper } = require('../../domain/services/logical-id-mapper');
+
 class RepairViaImportUseCase {
     /**
      * Create use case with required dependencies
@@ -21,8 +25,11 @@ class RepairViaImportUseCase {
      * @param {Object} params
      * @param {IResourceImporter} params.resourceImporter - Resource import operations
      * @param {IResourceDetector} params.resourceDetector - Resource discovery and details
+     * @param {IStackRepository} params.stackRepository - CloudFormation stack operations
+     * @param {TemplateParser} params.templateParser - CloudFormation template parsing
+     * @param {LogicalIdMapper} params.logicalIdMapper - Logical ID mapping service
      */
-    constructor({ resourceImporter, resourceDetector }) {
+    constructor({ resourceImporter, resourceDetector, stackRepository, templateParser, logicalIdMapper }) {
         if (!resourceImporter) {
             throw new Error('resourceImporter is required');
         }
@@ -32,6 +39,9 @@ class RepairViaImportUseCase {
 
         this.resourceImporter = resourceImporter;
         this.resourceDetector = resourceDetector;
+        this.stackRepository = stackRepository;
+        this.templateParser = templateParser || new TemplateParser();
+        this.logicalIdMapper = logicalIdMapper || new LogicalIdMapper({ region: 'us-east-1' });
     }
 
     /**
@@ -224,6 +234,302 @@ class RepairViaImportUseCase {
             properties: resourceDetails.properties,
         };
     }
+
+    /**
+     * Import orphaned resources with automatic logical ID mapping
+     * Uses template comparison to find correct logical IDs
+     *
+     * @param {Object} params
+     * @param {StackIdentifier} params.stackIdentifier - Target stack
+     * @param {Array} params.orphanedResources - Orphaned resources to import
+     * @param {string} params.buildTemplatePath - Path to .serverless/cloudformation-template-update-stack.json
+     * @returns {Promise<Object>} Import result with mappings
+     */
+    async importWithLogicalIdMapping({ stackIdentifier, orphanedResources, buildTemplatePath }) {
+        // 1. Validate build template exists
+        if (!buildTemplatePath) {
+            throw new Error('buildTemplatePath is required');
+        }
+
+        const fs = require('fs');
+        if (!fs.existsSync(buildTemplatePath)) {
+            throw new Error(
+                `Build template not found at: ${buildTemplatePath}\n\n` +
+                `Please run one of:\n` +
+                `  • serverless package\n` +
+                `  • frigg build\n` +
+                `  • frigg deploy --stage dev\n\n` +
+                `Then try again:\n` +
+                `  frigg repair --import ${stackIdentifier.stackName}`
+            );
+        }
+
+        // 2. Parse build template
+        const buildTemplate = this.templateParser.parseTemplate(buildTemplatePath);
+
+        // 3. Get deployed template from CloudFormation
+        if (!this.stackRepository) {
+            throw new Error('stackRepository is required for template comparison');
+        }
+
+        const deployedTemplate = await this.stackRepository.getTemplate(stackIdentifier);
+
+        // 4. Map orphaned resources to logical IDs
+        const mappings = await this.logicalIdMapper.mapOrphanedResourcesToLogicalIds({
+            orphanedResources,
+            buildTemplate,
+            deployedTemplate,
+        });
+
+        // 5. Filter out unmapped resources
+        const mappedResources = mappings.filter((m) => m.logicalId !== null);
+        const unmappedResources = mappings.filter((m) => m.logicalId === null);
+
+        if (mappedResources.length === 0) {
+            return {
+                success: false,
+                message: 'No resources could be mapped to logical IDs',
+                unmappedCount: unmappedResources.length,
+                unmappedResources,
+            };
+        }
+
+        // 6. Deduplicate: Select ONE resource per logical ID based on deployed template
+        const { selectedResources, duplicates } = this._deduplicateResourcesByLogicalId(
+            mappedResources,
+            deployedTemplate
+        );
+
+        // 7. Check for warnings
+        const multiResourceWarnings = this._checkForMultipleResources(duplicates);
+
+        // 8. Generate import-resources.json format using SELECTED resources
+        const resourcesToImport = selectedResources.map((mapping) => ({
+            ResourceType: mapping.resourceType,
+            LogicalResourceId: mapping.logicalId,
+            ResourceIdentifier: this._getResourceIdentifier(mapping),
+        }));
+
+        // 9. Return result with deduplication info
+        return {
+            success: true,
+            mappedCount: selectedResources.length,
+            unmappedCount: unmappedResources.length,
+            duplicatesRemoved: duplicates.length,
+            mappings: selectedResources,
+            unmappedResources,
+            duplicates, // Resources that were filtered out
+            resourcesToImport,
+            warnings: multiResourceWarnings,
+            buildTemplatePath,
+            deployedTemplatePath: 'CloudFormation (deployed)',
+        };
+    }
+
+    /**
+     * Deduplicate resources: Select ONE resource per logical ID
+     * When multiple resources have the same logical ID, pick the one that's
+     * actually referenced in the deployed template.
+     *
+     * @param {Array} mappedResources - Resources with logical IDs
+     * @param {Object} deployedTemplate - Deployed CloudFormation template
+     * @returns {Object} { selectedResources, duplicates }
+     * @private
+     */
+    _deduplicateResourcesByLogicalId(mappedResources, deployedTemplate) {
+        // Group resources by logical ID
+        const byLogicalId = {};
+        mappedResources.forEach((resource) => {
+            if (!byLogicalId[resource.logicalId]) {
+                byLogicalId[resource.logicalId] = [];
+            }
+            byLogicalId[resource.logicalId].push(resource);
+        });
+
+        // Extract all physical IDs referenced in deployed template
+        const referencedIds = this._extractReferencedIdsFromTemplate(deployedTemplate);
+
+        const selectedResources = [];
+        const duplicates = [];
+
+        // For each logical ID, select ONE resource
+        Object.entries(byLogicalId).forEach(([logicalId, resources]) => {
+            if (resources.length === 1) {
+                // Only one resource - select it
+                selectedResources.push(resources[0]);
+            } else {
+                // Multiple resources - pick the one in deployed template
+                let selected = null;
+
+                // Try to find resource that's actually referenced
+                for (const resource of resources) {
+                    if (this._isResourceReferenced(resource, referencedIds)) {
+                        selected = resource;
+                        break;
+                    }
+                }
+
+                // Fallback: If none are referenced, pick first one
+                if (!selected) {
+                    selected = resources[0];
+                }
+
+                selectedResources.push(selected);
+
+                // Mark others as duplicates
+                resources.forEach((r) => {
+                    if (r.physicalId !== selected.physicalId) {
+                        duplicates.push(r);
+                    }
+                });
+            }
+        });
+
+        return { selectedResources, duplicates };
+    }
+
+    /**
+     * Extract all physical resource IDs referenced in deployed template
+     * Looks for hardcoded IDs in Lambda VPC configs, security group rules, etc.
+     * @private
+     */
+    _extractReferencedIdsFromTemplate(template) {
+        const referenced = {
+            vpcIds: new Set(),
+            subnetIds: new Set(),
+            securityGroupIds: new Set(),
+        };
+
+        if (!template || !template.resources) {
+            return referenced;
+        }
+
+        // Traverse all resources in template
+        Object.values(template.resources).forEach((resource) => {
+            // Lambda VPC config contains hardcoded IDs
+            if (
+                resource.Type === 'AWS::Lambda::Function' &&
+                resource.Properties?.VpcConfig
+            ) {
+                const { SubnetIds, SecurityGroupIds } = resource.Properties.VpcConfig;
+
+                if (SubnetIds) {
+                    SubnetIds.forEach((id) => {
+                        if (typeof id === 'string' && id.startsWith('subnet-')) {
+                            referenced.subnetIds.add(id);
+                        }
+                    });
+                }
+
+                if (SecurityGroupIds) {
+                    SecurityGroupIds.forEach((id) => {
+                        if (typeof id === 'string' && id.startsWith('sg-')) {
+                            referenced.securityGroupIds.add(id);
+                        }
+                    });
+                }
+            }
+
+            // Security group rules may reference other security groups
+            if (resource.Type === 'AWS::EC2::SecurityGroupIngress' ||
+                resource.Type === 'AWS::EC2::SecurityGroupEgress') {
+                const groupId = resource.Properties?.GroupId;
+                const sourceSecurityGroupId = resource.Properties?.SourceSecurityGroupId;
+
+                if (typeof groupId === 'string' && groupId.startsWith('sg-')) {
+                    referenced.securityGroupIds.add(groupId);
+                }
+                if (typeof sourceSecurityGroupId === 'string' && sourceSecurityGroupId.startsWith('sg-')) {
+                    referenced.securityGroupIds.add(sourceSecurityGroupId);
+                }
+            }
+        });
+
+        return referenced;
+    }
+
+    /**
+     * Check if a resource is referenced in the deployed template
+     * @private
+     */
+    _isResourceReferenced(resource, referencedIds) {
+        const { resourceType, physicalId } = resource;
+
+        if (resourceType === 'AWS::EC2::VPC') {
+            return referencedIds.vpcIds.has(physicalId);
+        }
+
+        if (resourceType === 'AWS::EC2::Subnet') {
+            return referencedIds.subnetIds.has(physicalId);
+        }
+
+        if (resourceType === 'AWS::EC2::SecurityGroup') {
+            return referencedIds.securityGroupIds.has(physicalId);
+        }
+
+        // For other resource types, we can't determine
+        return false;
+    }
+
+    /**
+     * Check for multiple resources of same type
+     * Returns warnings when user needs to manually select
+     * @private
+     */
+    _checkForMultipleResources(mappings) {
+        const warnings = [];
+        const byType = {};
+
+        // Group by resource type
+        mappings.forEach((mapping) => {
+            if (!byType[mapping.resourceType]) {
+                byType[mapping.resourceType] = [];
+            }
+            byType[mapping.resourceType].push(mapping);
+        });
+
+        // Check for multiples
+        Object.entries(byType).forEach(([type, resources]) => {
+            if (resources.length > 1) {
+                const shortType = type.replace('AWS::EC2::', '');
+                warnings.push({
+                    type: 'MULTIPLE_RESOURCES',
+                    resourceType: type,
+                    count: resources.length,
+                    message: `Multiple ${shortType}s detected (${resources.length}). Review relationships before importing.`,
+                    resources: resources.map((r) => ({
+                        physicalId: r.physicalId,
+                        logicalId: r.logicalId,
+                        matchMethod: r.matchMethod,
+                        confidence: r.confidence,
+                    })),
+                });
+            }
+        });
+
+        return warnings;
+    }
+
+    /**
+     * Get CloudFormation resource identifier for import
+     * @private
+     */
+    _getResourceIdentifier(mapping) {
+        const { resourceType, physicalId } = mapping;
+
+        // Map resource types to their identifier format
+        const identifierMap = {
+            'AWS::EC2::VPC': { VpcId: physicalId },
+            'AWS::EC2::Subnet': { SubnetId: physicalId },
+            'AWS::EC2::SecurityGroup': { GroupId: physicalId },
+            'AWS::EC2::InternetGateway': { InternetGatewayId: physicalId },
+            'AWS::EC2::NatGateway': { NatGatewayId: physicalId },
+            'AWS::EC2::RouteTable': { RouteTableId: physicalId },
+            'AWS::EC2::VPCEndpoint': { VpcEndpointId: physicalId },
+        };
+
+        return identifierMap[resourceType] || { Id: physicalId };
+    }
 }
 
 module.exports = RepairViaImportUseCase;

package/infrastructure/domains/health/application/use-cases/run-health-check-use-case.js

@@ -19,6 +19,7 @@ const StackHealthReport = require('../../domain/entities/stack-health-report');
 const Resource = require('../../domain/entities/resource');
 const Issue = require('../../domain/entities/issue');
 const ResourceState = require('../../domain/value-objects/resource-state');
+const { getPropertyMutability } = require('../../domain/services/property-mutability-config');
 
 class RunHealthCheckUseCase {
     /**
@@ -55,16 +56,27 @@ class RunHealthCheckUseCase {
      *
      * @param {Object} params
      * @param {StackIdentifier} params.stackIdentifier - Stack to check
+     * @param {Function} params.onProgress - Optional progress callback (step, message)
      * @returns {Promise<StackHealthReport>} Comprehensive health report
      */
-    async execute({ stackIdentifier }) {
+    async execute({ stackIdentifier, onProgress }) {
+        // Helper to call progress callback if provided
+        const progress = (step, message) => {
+            if (onProgress) {
+                onProgress(step, message);
+            }
+        };
+
         // 1. Verify stack exists
+        progress('📋 Step 1/5:', 'Verifying stack exists...');
         await this.stackRepository.getStack(stackIdentifier);
 
         // 2. Detect stack-level drift
+        progress('🔍 Step 2/5:', 'Detecting stack drift...');
         const driftDetection = await this.stackRepository.detectStackDrift(stackIdentifier);
 
         // 3. Get all stack resources
+        progress('📊 Step 3/5:', 'Analyzing stack resources...');
         const stackResources = await this.stackRepository.listResources(stackIdentifier);
 
         // 4. Build resource entities with drift status
@@ -101,10 +113,23 @@ class RunHealthCheckUseCase {
                     resourceDrift.propertyDifferences &&
                     resourceDrift.propertyDifferences.length > 0
                 ) {
-                    const propertyMismatches = this.mismatchAnalyzer.analyzePropertyMismatches(
-                        resourceDrift.propertyDifferences,
-                        stackResource.resourceType
-                    );
+                    // Build property mutability map for this resource type
+                    // AWS drift detection returns property paths, we need to provide mutability for each
+                    const propertyMutabilityMap = {};
+                    for (const propDiff of resourceDrift.propertyDifferences) {
+                        const propertyPath = propDiff.PropertyPath.replace(/^\//, ''); // Remove leading slash
+                        propertyMutabilityMap[propertyPath] = getPropertyMutability(
+                            stackResource.resourceType,
+                            propertyPath
+                        );
+                    }
+
+                    const propertyMismatches = this.mismatchAnalyzer.analyze({
+                        expected: resourceDrift.expectedProperties,
+                        actual: resourceDrift.actualProperties,
+                        propertyMutability: propertyMutabilityMap,
+                        ignoreProperties: [],
+                    });
 
                     // Create issue for each property mismatch using factory method
                     for (const mismatch of propertyMismatches) {
@@ -135,6 +160,7 @@ class RunHealthCheckUseCase {
         }
 
         // 5. Find orphaned resources (exist in cloud but not in stack)
+        progress('🔎 Step 4/5:', 'Checking for orphaned resources...');
         const orphanedResources = await this.resourceDetector.findOrphanedResources({
             stackIdentifier,
             stackResources,
@@ -142,11 +168,17 @@ class RunHealthCheckUseCase {
 
         for (const orphan of orphanedResources) {
             // Create resource entity for orphan
+            // IMPORTANT: Include both properties AND tags for template comparison
+            // Tags are stored in properties.tags for logical ID mapping
             const orphanResource = new Resource({
                 logicalId: null, // No logical ID (not in template)
                 physicalId: orphan.physicalId,
                 resourceType: orphan.resourceType,
                 state: ResourceState.ORPHANED,
+                properties: {
+                    ...(orphan.properties || {}), // Include AWS properties
+                    tags: orphan.tags || {}, // Include tags for logical ID matching
+                },
             });
 
             resources.push(orphanResource);
@@ -162,6 +194,7 @@ class RunHealthCheckUseCase {
         }
 
         // 6. Calculate health score using domain service
+        progress('🧮 Step 5/5:', 'Calculating health score...');
         const healthScore = this.healthScoreCalculator.calculate({ resources, issues });
 
         // 7. Build comprehensive health report (aggregate root)

package/infrastructure/domains/health/application/use-cases/run-health-check-use-case.test.js

@@ -33,7 +33,7 @@ describe('RunHealthCheckUseCase', () => {
         };
 
         mockMismatchAnalyzer = {
-            analyzePropertyMismatches: jest.fn(),
+            analyze: jest.fn(),
         };
 
         mockHealthScoreCalculator = {
@@ -149,7 +149,7 @@ describe('RunHealthCheckUseCase', () => {
                 mutability: PropertyMutability.MUTABLE,
             });
 
-            mockMismatchAnalyzer.analyzePropertyMismatches.mockReturnValue([propertyMismatch]);
+            mockMismatchAnalyzer.analyze.mockReturnValue([propertyMismatch]);
 
             mockResourceDetector.findOrphanedResources.mockResolvedValue([]);
 
@@ -323,7 +323,7 @@ describe('RunHealthCheckUseCase', () => {
                 mutability: PropertyMutability.MUTABLE,
             });
 
-            mockMismatchAnalyzer.analyzePropertyMismatches.mockReturnValue([propertyMismatch]);
+            mockMismatchAnalyzer.analyze.mockReturnValue([propertyMismatch]);
 
             // Mock orphaned resources
             mockResourceDetector.findOrphanedResources.mockResolvedValue([