@friggframework/devtools 2.0.0--canary.474.898a56c.0 → 2.0.0--canary.474.a794ea3.0

package/infrastructure/domains/health/application/use-cases/execute-resource-import-use-case.js

@@ -0,0 +1,221 @@
+/**
+ * ExecuteResourceImportUseCase - Execute CloudFormation Resource Import
+ *
+ * Application Layer - Use Case
+ *
+ * Business logic for executing CloudFormation import operations for orphaned resources.
+ * Orchestrates the complete import workflow including template generation, change set
+ * creation, execution monitoring, and verification.
+ *
+ * Responsibilities:
+ * - Generate import template from resources and build template
+ * - Create and execute CloudFormation import change set
+ * - Monitor import progress with resource-level updates
+ * - Verify imported resources are present in stack
+ * - Report detailed progress and results
+ *
+ * Based on: SPEC-IMPORT-EXECUTION.md (lines 712-867)
+ */
+
+class ExecuteResourceImportUseCase {
+    /**
+     * Create use case with required dependencies
+     *
+     * @param {Object} params
+     * @param {Object} params.importTemplateGenerator - Generates import templates
+     * @param {Object} params.importProgressMonitor - Monitors import operations
+     * @param {Object} params.cloudFormationRepository - CloudFormation operations
+     * @param {Object} params.stackRepository - Stack template operations
+     */
+    constructor({ importTemplateGenerator, importProgressMonitor, cloudFormationRepository, stackRepository }) {
+        if (!importTemplateGenerator) {
+            throw new Error('importTemplateGenerator is required');
+        }
+        if (!importProgressMonitor) {
+            throw new Error('importProgressMonitor is required');
+        }
+        if (!cloudFormationRepository) {
+            throw new Error('cloudFormationRepository is required');
+        }
+        if (!stackRepository) {
+            throw new Error('stackRepository is required');
+        }
+
+        this.templateGenerator = importTemplateGenerator;
+        this.progressMonitor = importProgressMonitor;
+        this.cfRepo = cloudFormationRepository;
+        this.stackRepo = stackRepository;
+    }
+
+    /**
+     * Execute complete CloudFormation import workflow
+     *
+     * Orchestrates the full import process:
+     * 1. Generate import template
+     * 2. Create CloudFormation change set
+     * 3. Wait for change set to be ready
+     * 4. Execute change set
+     * 5. Monitor import progress
+     * 6. Verify imported resources
+     *
+     * @param {Object} params
+     * @param {Object} params.stackIdentifier - Stack name and region
+     * @param {Array<Object>} params.resourcesToImport - Resources to import
+     * @param {string} params.buildTemplatePath - Path to build template
+     * @param {Function} [params.onProgress] - Progress callback
+     * @returns {Promise<Object>} Import result with verification details
+     */
+    async execute({ stackIdentifier, resourcesToImport, buildTemplatePath, onProgress }) {
+        try {
+            // Step 1: Generate import template
+            if (onProgress) {
+                onProgress({ step: 'generate_template', status: 'in_progress' });
+            }
+
+            const { template, resourceIdentifiers } = await this.templateGenerator.generateImportTemplate({
+                resourcesToImport,
+                buildTemplatePath,
+                stackIdentifier,
+            });
+
+            if (onProgress) {
+                onProgress({ step: 'generate_template', status: 'complete' });
+            }
+
+            // Step 2: Create CloudFormation change set
+            if (onProgress) {
+                onProgress({ step: 'create_change_set', status: 'in_progress' });
+            }
+
+            const changeSetName = `import-orphaned-resources-${Date.now()}`;
+            const changeSet = await this.cfRepo.createChangeSet({
+                stackIdentifier,
+                changeSetName,
+                changeSetType: 'IMPORT',
+                template,
+                resourcesToImport: resourceIdentifiers,
+            });
+
+            if (onProgress) {
+                onProgress({
+                    step: 'create_change_set',
+                    status: 'complete',
+                    changeSetName,
+                    changeSetId: changeSet.Id,
+                });
+            }
+
+            // Step 3: Wait for change set to be ready
+            if (onProgress) {
+                onProgress({ step: 'wait_change_set', status: 'in_progress' });
+            }
+
+            await this.cfRepo.waitForChangeSet({ stackIdentifier, changeSetName });
+
+            if (onProgress) {
+                onProgress({ step: 'wait_change_set', status: 'complete' });
+            }
+
+            // Step 4: Execute change set
+            if (onProgress) {
+                onProgress({ step: 'execute_import', status: 'in_progress' });
+            }
+
+            await this.cfRepo.executeChangeSet({ stackIdentifier, changeSetName });
+
+            // Step 5: Monitor import progress
+            const resourceLogicalIds = resourcesToImport.map((r) => r.logicalId);
+            const importResult = await this.progressMonitor.monitorImport({
+                stackIdentifier,
+                resourceLogicalIds,
+                onProgress: (progress) => {
+                    if (onProgress) {
+                        onProgress({
+                            step: 'execute_import',
+                            status: 'in_progress',
+                            resourceProgress: progress,
+                        });
+                    }
+                },
+            });
+
+            if (onProgress) {
+                onProgress({ step: 'execute_import', status: 'complete' });
+            }
+
+            // Step 6: Verify imported resources
+            if (onProgress) {
+                onProgress({ step: 'verify', status: 'in_progress' });
+            }
+
+            const verification = await this._verifyImportedResources({
+                stackIdentifier,
+                resourceLogicalIds,
+            });
+
+            if (onProgress) {
+                onProgress({ step: 'verify', status: 'complete' });
+            }
+
+            // Return success result with verification details
+            return {
+                success: true,
+                importedCount: importResult.importedCount,
+                failedCount: importResult.failedCount,
+                changeSetName,
+                stackStatus: verification.stackStatus,
+                verifiedResources: verification.resources,
+            };
+        } catch (error) {
+            // Return error with step information
+            return {
+                success: false,
+                error: error.message,
+                step: error.step || 'unknown',
+            };
+        }
+    }
+
+    /**
+     * Verify that imported resources are present in the CloudFormation stack
+     *
+     * Checks that each logical ID corresponds to an actual resource in the stack
+     * and retrieves physical IDs and resource types for verification.
+     *
+     * @param {Object} params
+     * @param {Object} params.stackIdentifier - Stack name and region
+     * @param {Array<string>} params.resourceLogicalIds - Logical IDs to verify
+     * @returns {Promise<Object>} Verification result with resource details
+     * @private
+     */
+    async _verifyImportedResources({ stackIdentifier, resourceLogicalIds }) {
+        // Get all resources from the stack
+        const stackResources = await this.cfRepo.getStackResources(stackIdentifier);
+
+        // Map each logical ID to its verification status
+        const verifiedResources = resourceLogicalIds.map((logicalId) => {
+            const resource = stackResources.find((r) => r.LogicalResourceId === logicalId);
+
+            return {
+                logicalId,
+                verified: !!resource,
+                physicalId: resource?.PhysicalResourceId,
+                resourceType: resource?.ResourceType,
+            };
+        });
+
+        // Check if all resources were verified
+        const allVerified = verifiedResources.every((r) => r.verified);
+
+        // Get current stack status
+        const stackStatus = await this.cfRepo.getStackStatus(stackIdentifier);
+
+        return {
+            allVerified,
+            resources: verifiedResources,
+            stackStatus,
+        };
+    }
+}
+
+module.exports = ExecuteResourceImportUseCase;

package/infrastructure/domains/health/application/use-cases/reconcile-properties-use-case.js

@@ -67,6 +67,8 @@ class ReconcilePropertiesUseCase {
      * @param {Object} params
      * @param {StackIdentifier} params.stackIdentifier - Stack identifier
      * @param {string} params.logicalId - Logical resource ID
+     * @param {string} [params.physicalId] - Physical resource ID (required for resource mode)
+     * @param {string} [params.resourceType] - Resource type (required for resource mode)
      * @param {PropertyMismatch[]} params.mismatches - Property mismatches to reconcile
      * @param {string} [params.mode='template'] - Reconciliation mode
      * @returns {Promise<Object>} Batch reconciliation result
@@ -74,6 +76,8 @@ class ReconcilePropertiesUseCase {
     async reconcileMultipleProperties({
         stackIdentifier,
         logicalId,
+        physicalId,
+        resourceType,
         mismatches,
         mode = 'template',
     }) {
@@ -107,6 +111,8 @@ class ReconcilePropertiesUseCase {
         const batchResult = await this.propertyReconciler.reconcileMultipleProperties({
             stackIdentifier,
             logicalId,
+            physicalId,
+            resourceType,
             mismatches: reconcilableProperties,
             mode,
         });

package/infrastructure/domains/health/application/use-cases/repair-via-import-use-case.js

@@ -281,10 +281,7 @@ class RepairViaImportUseCase {
             deployedTemplate,
         });
 
-        // 5. Check for multiple resources of same type
-        const multiResourceWarnings = this._checkForMultipleResources(mappings);
-
-        // 6. Filter out unmapped resources and prepare for import
+        // 5. Filter out unmapped resources
         const mappedResources = mappings.filter((m) => m.logicalId !== null);
         const unmappedResources = mappings.filter((m) => m.logicalId === null);
 
@@ -297,20 +294,31 @@ class RepairViaImportUseCase {
             };
         }
 
-        // 7. Generate import-resources.json format
-        const resourcesToImport = mappedResources.map((mapping) => ({
+        // 6. Deduplicate: Select ONE resource per logical ID based on deployed template
+        const { selectedResources, duplicates } = this._deduplicateResourcesByLogicalId(
+            mappedResources,
+            deployedTemplate
+        );
+
+        // 7. Check for warnings
+        const multiResourceWarnings = this._checkForMultipleResources(duplicates);
+
+        // 8. Generate import-resources.json format using SELECTED resources
+        const resourcesToImport = selectedResources.map((mapping) => ({
             ResourceType: mapping.resourceType,
             LogicalResourceId: mapping.logicalId,
             ResourceIdentifier: this._getResourceIdentifier(mapping),
         }));
 
-        // 8. Return result with warnings for user review
+        // 9. Return result with deduplication info
         return {
             success: true,
-            mappedCount: mappedResources.length,
+            mappedCount: selectedResources.length,
             unmappedCount: unmappedResources.length,
-            mappings: mappedResources,
+            duplicatesRemoved: duplicates.length,
+            mappings: selectedResources,
             unmappedResources,
+            duplicates, // Resources that were filtered out
             resourcesToImport,
             warnings: multiResourceWarnings,
             buildTemplatePath,
@@ -318,6 +326,151 @@ class RepairViaImportUseCase {
         };
     }
 
+    /**
+     * Deduplicate resources: Select ONE resource per logical ID
+     * When multiple resources have the same logical ID, pick the one that's
+     * actually referenced in the deployed template.
+     *
+     * @param {Array} mappedResources - Resources with logical IDs
+     * @param {Object} deployedTemplate - Deployed CloudFormation template
+     * @returns {Object} { selectedResources, duplicates }
+     * @private
+     */
+    _deduplicateResourcesByLogicalId(mappedResources, deployedTemplate) {
+        // Group resources by logical ID
+        const byLogicalId = {};
+        mappedResources.forEach((resource) => {
+            if (!byLogicalId[resource.logicalId]) {
+                byLogicalId[resource.logicalId] = [];
+            }
+            byLogicalId[resource.logicalId].push(resource);
+        });
+
+        // Extract all physical IDs referenced in deployed template
+        const referencedIds = this._extractReferencedIdsFromTemplate(deployedTemplate);
+
+        const selectedResources = [];
+        const duplicates = [];
+
+        // For each logical ID, select ONE resource
+        Object.entries(byLogicalId).forEach(([logicalId, resources]) => {
+            if (resources.length === 1) {
+                // Only one resource - select it
+                selectedResources.push(resources[0]);
+            } else {
+                // Multiple resources - pick the one in deployed template
+                let selected = null;
+
+                // Try to find resource that's actually referenced
+                for (const resource of resources) {
+                    if (this._isResourceReferenced(resource, referencedIds)) {
+                        selected = resource;
+                        break;
+                    }
+                }
+
+                // Fallback: If none are referenced, pick first one
+                if (!selected) {
+                    selected = resources[0];
+                }
+
+                selectedResources.push(selected);
+
+                // Mark others as duplicates
+                resources.forEach((r) => {
+                    if (r.physicalId !== selected.physicalId) {
+                        duplicates.push(r);
+                    }
+                });
+            }
+        });
+
+        return { selectedResources, duplicates };
+    }
+
+    /**
+     * Extract all physical resource IDs referenced in deployed template
+     * Looks for hardcoded IDs in Lambda VPC configs, security group rules, etc.
+     * @private
+     */
+    _extractReferencedIdsFromTemplate(template) {
+        const referenced = {
+            vpcIds: new Set(),
+            subnetIds: new Set(),
+            securityGroupIds: new Set(),
+        };
+
+        if (!template || !template.resources) {
+            return referenced;
+        }
+
+        // Traverse all resources in template
+        Object.values(template.resources).forEach((resource) => {
+            // Lambda VPC config contains hardcoded IDs
+            if (
+                resource.Type === 'AWS::Lambda::Function' &&
+                resource.Properties?.VpcConfig
+            ) {
+                const { SubnetIds, SecurityGroupIds } = resource.Properties.VpcConfig;
+
+                if (SubnetIds) {
+                    SubnetIds.forEach((id) => {
+                        if (typeof id === 'string' && id.startsWith('subnet-')) {
+                            referenced.subnetIds.add(id);
+                        }
+                    });
+                }
+
+                if (SecurityGroupIds) {
+                    SecurityGroupIds.forEach((id) => {
+                        if (typeof id === 'string' && id.startsWith('sg-')) {
+                            referenced.securityGroupIds.add(id);
+                        }
+                    });
+                }
+            }
+
+            // Security group rules may reference other security groups
+            if (resource.Type === 'AWS::EC2::SecurityGroupIngress' ||
+                resource.Type === 'AWS::EC2::SecurityGroupEgress') {
+                const groupId = resource.Properties?.GroupId;
+                const sourceSecurityGroupId = resource.Properties?.SourceSecurityGroupId;
+
+                if (typeof groupId === 'string' && groupId.startsWith('sg-')) {
+                    referenced.securityGroupIds.add(groupId);
+                }
+                if (typeof sourceSecurityGroupId === 'string' && sourceSecurityGroupId.startsWith('sg-')) {
+                    referenced.securityGroupIds.add(sourceSecurityGroupId);
+                }
+            }
+        });
+
+        return referenced;
+    }
+
+    /**
+     * Check if a resource is referenced in the deployed template
+     * @private
+     */
+    _isResourceReferenced(resource, referencedIds) {
+        const { resourceType, physicalId } = resource;
+
+        if (resourceType === 'AWS::EC2::VPC') {
+            return referencedIds.vpcIds.has(physicalId);
+        }
+
+        if (resourceType === 'AWS::EC2::Subnet') {
+            return referencedIds.subnetIds.has(physicalId);
+        }
+
+        if (resourceType === 'AWS::EC2::SecurityGroup') {
+            return referencedIds.securityGroupIds.has(physicalId);
+        }
+
+        // For other resource types, we can't determine
+        return false;
+    }
+
     /**
      * Check for multiple resources of same type
      * Returns warnings when user needs to manually select

package/infrastructure/domains/health/application/use-cases/run-health-check-use-case.js

@@ -19,6 +19,7 @@ const StackHealthReport = require('../../domain/entities/stack-health-report');
 const Resource = require('../../domain/entities/resource');
 const Issue = require('../../domain/entities/issue');
 const ResourceState = require('../../domain/value-objects/resource-state');
+const { getPropertyMutability } = require('../../domain/services/property-mutability-config');
 
 class RunHealthCheckUseCase {
     /**
@@ -112,10 +113,21 @@ class RunHealthCheckUseCase {
                     resourceDrift.propertyDifferences &&
                     resourceDrift.propertyDifferences.length > 0
                 ) {
+                    // Build property mutability map for this resource type
+                    // AWS drift detection returns property paths, we need to provide mutability for each
+                    const propertyMutabilityMap = {};
+                    for (const propDiff of resourceDrift.propertyDifferences) {
+                        const propertyPath = propDiff.PropertyPath.replace(/^\//, ''); // Remove leading slash
+                        propertyMutabilityMap[propertyPath] = getPropertyMutability(
+                            stackResource.resourceType,
+                            propertyPath
+                        );
+                    }
+
                     const propertyMismatches = this.mismatchAnalyzer.analyze({
                         expected: resourceDrift.expectedProperties,
                         actual: resourceDrift.actualProperties,
-                        propertyMutability: {},
+                        propertyMutability: propertyMutabilityMap,
                         ignoreProperties: [],
                     });
 
@@ -156,11 +168,17 @@ class RunHealthCheckUseCase {
 
         for (const orphan of orphanedResources) {
             // Create resource entity for orphan
+            // IMPORTANT: Include both properties AND tags for template comparison
+            // Tags are stored in properties.tags for logical ID mapping
             const orphanResource = new Resource({
                 logicalId: null, // No logical ID (not in template)
                 physicalId: orphan.physicalId,
                 resourceType: orphan.resourceType,
                 state: ResourceState.ORPHANED,
+                properties: {
+                    ...(orphan.properties || {}), // Include AWS properties
+                    tags: orphan.tags || {}, // Include tags for logical ID matching
+                },
             });
 
             resources.push(orphanResource);

package/infrastructure/domains/health/domain/entities/issue.js

@@ -212,6 +212,51 @@ class Issue {
         });
     }
 
+    /**
+     * Format a value for display in issue descriptions
+     * Handles arrays, objects, and primitive types
+     *
+     * @private
+     * @param {*} value - Value to format
+     * @returns {string} Formatted value
+     */
+    static _formatValue(value) {
+        if (value === null || value === undefined) {
+            return String(value);
+        }
+
+        // Handle arrays
+        if (Array.isArray(value)) {
+            // For arrays of objects (like Tags), show count and first few items
+            if (value.length > 0 && typeof value[0] === 'object') {
+                if (value.length <= 3) {
+                    return JSON.stringify(value);
+                }
+                // Show first 2 items + count for long arrays
+                const preview = value.slice(0, 2);
+                return `${JSON.stringify(preview).slice(0, -1)}, ... (${value.length} total)]`;
+            }
+            // For simple arrays, stringify
+            return JSON.stringify(value);
+        }
+
+        // Handle objects
+        if (typeof value === 'object') {
+            const keys = Object.keys(value);
+            if (keys.length === 0) {
+                return '{}';
+            }
+            if (keys.length <= 3) {
+                return JSON.stringify(value);
+            }
+            // For large objects, show keys count
+            return `{${keys.slice(0, 3).join(', ')}, ... (${keys.length} keys total)}`;
+        }
+
+        // Primitives
+        return String(value);
+    }
+
     /**
      * Create a property mismatch issue
      *
@@ -228,7 +273,11 @@ class Issue {
 
         const canAutoFix = mismatch.canAutoFix();
 
-        const description = `Property mismatch: ${mismatch.propertyPath} (expected: ${mismatch.expectedValue}, actual: ${mismatch.actualValue})`;
+        // Format expected and actual values for display
+        const formattedExpected = Issue._formatValue(mismatch.expectedValue);
+        const formattedActual = Issue._formatValue(mismatch.actualValue);
+
+        const description = `Property mismatch: ${mismatch.propertyPath} (expected: ${formattedExpected}, actual: ${formattedActual})`;
 
         const resolution = canAutoFix
             ? 'Can be auto-fixed using frigg repair --reconcile'

package/infrastructure/domains/health/domain/entities/issue.test.js

@@ -414,4 +414,115 @@ describe('Issue', () => {
             expect(issue.canAutoFix).toBe(false); // Can't auto-fix immutable
         });
     });
+
+    describe('_formatValue', () => {
+        it('should format primitive values', () => {
+            expect(Issue._formatValue('test')).toBe('test');
+            expect(Issue._formatValue(123)).toBe('123');
+            expect(Issue._formatValue(true)).toBe('true');
+            expect(Issue._formatValue(null)).toBe('null');
+            expect(Issue._formatValue(undefined)).toBe('undefined');
+        });
+
+        it('should format simple arrays', () => {
+            expect(Issue._formatValue(['a', 'b', 'c'])).toBe('["a","b","c"]');
+            expect(Issue._formatValue([1, 2, 3])).toBe('[1,2,3]');
+        });
+
+        it('should format arrays of objects (like Tags)', () => {
+            const tags = [
+                { Key: 'Name', Value: 'test' },
+                { Key: 'Environment', Value: 'prod' },
+            ];
+            const result = Issue._formatValue(tags);
+            expect(result).toContain('Key');
+            expect(result).toContain('Name');
+            expect(result).toContain('test');
+        });
+
+        it('should truncate long arrays of objects', () => {
+            const manyTags = [
+                { Key: 'Tag1', Value: 'val1' },
+                { Key: 'Tag2', Value: 'val2' },
+                { Key: 'Tag3', Value: 'val3' },
+                { Key: 'Tag4', Value: 'val4' },
+            ];
+            const result = Issue._formatValue(manyTags);
+            expect(result).toContain('4 total');
+            expect(result).toContain('...');
+        });
+
+        it('should format small objects', () => {
+            const obj = { a: 1, b: 2 };
+            expect(Issue._formatValue(obj)).toBe('{"a":1,"b":2}');
+        });
+
+        it('should truncate large objects', () => {
+            const largeObj = { a: 1, b: 2, c: 3, d: 4, e: 5 };
+            const result = Issue._formatValue(largeObj);
+            expect(result).toContain('5 keys total');
+            expect(result).toContain('...');
+        });
+
+        it('should format empty collections', () => {
+            expect(Issue._formatValue([])).toBe('[]');
+            expect(Issue._formatValue({})).toBe('{}');
+        });
+    });
+
+    describe('propertyMismatch with formatted values', () => {
+        it('should format Tags arrays correctly in description', () => {
+            const mismatch = new PropertyMismatch({
+                propertyPath: 'Properties.Tags',
+                expectedValue: [
+                    { Key: 'Name', Value: 'test' },
+                    { Key: 'Environment', Value: 'prod' },
+                ],
+                actualValue: [
+                    { Key: 'Name', Value: 'test' },
+                    { Key: 'Environment', Value: 'prod' },
+                    { Key: 'ManagedBy', Value: 'Frigg' },
+                ],
+                mutability: PropertyMutability.MUTABLE,
+            });
+
+            const issue = Issue.propertyMismatch({
+                resourceType: 'AWS::EC2::Subnet',
+                resourceId: 'subnet-123',
+                mismatch,
+            });
+
+            // Should not contain [object Object]
+            expect(issue.description).not.toContain('[object Object]');
+            // Should contain JSON representation
+            expect(issue.description).toContain('Key');
+            expect(issue.description).toContain('Name');
+        });
+
+        it('should handle complex nested objects', () => {
+            const mismatch = new PropertyMismatch({
+                propertyPath: 'Properties.VpcConfig',
+                expectedValue: {
+                    SubnetIds: ['subnet-1', 'subnet-2'],
+                    SecurityGroupIds: ['sg-1'],
+                },
+                actualValue: {
+                    SubnetIds: ['subnet-3', 'subnet-4'],
+                    SecurityGroupIds: ['sg-2'],
+                },
+                mutability: PropertyMutability.MUTABLE,
+            });
+
+            const issue = Issue.propertyMismatch({
+                resourceType: 'AWS::Lambda::Function',
+                resourceId: 'my-function',
+                mismatch,
+            });
+
+            // Should not contain [object Object]
+            expect(issue.description).not.toContain('[object Object]');
+            // Should contain structured representation
+            expect(issue.description).toContain('SubnetIds');
+        });
+    });
 });