npm - @friggframework/devtools - Versions diffs - 2.0.0--canary.490.0276a54.0 → 2.0.0--canary.490.c5ad260.0 - Mend

@friggframework/devtools 2.0.0--canary.490.0276a54.0 → 2.0.0--canary.490.c5ad260.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/infrastructure/domains/networking/vpc-resolver.js CHANGED Viewed

@@ -23,6 +23,7 @@ class VpcResourceResolver extends BaseResourceResolver {
      */
     resolveVpc(appDefinition, discovery) {
         const userIntent = appDefinition.vpc?.ownership?.vpc || 'auto';
+        const vpcManagement = appDefinition.vpc?.management; // Legacy config
         // Explicit external
         if (userIntent === 'external') {
@@ -43,12 +44,26 @@ class VpcResourceResolver extends BaseResourceResolver {
         }
         // Auto-decide
-        return this.resolveResourceOwnership(
+        const decision = this.resolveResourceOwnership(
             'auto',
             'FriggVPC',
             'AWS::EC2::VPC',
             discovery
         );
+        // CRITICAL: If auto-resolution wants to create a VPC but management mode is 'discover' (or undefined),
+        // throw an error instead. Creating a VPC is expensive and should be explicit.
+        if (decision.ownership === ResourceOwnership.STACK &&
+            !decision.physicalId &&
+            vpcManagement !== 'create-new' &&
+            userIntent === 'auto') {
+            throw new Error(
+                'VPC discovery failed: No VPC found. ' +
+                'Either set vpc.management to "create-new" or provide vpc.vpcId with vpc.management "use-existing".'
+            );
+        }
+        return decision;
     }
     /**

package/infrastructure/domains/networking/vpc-resolver.test.js CHANGED Viewed

@@ -109,6 +109,46 @@ describe('VpcResourceResolver', () => {
             expect(decision.physicalId).toBeUndefined();
             expect(decision.reason).toContain('No existing resource found');
         });
+        it('should throw error when auto mode finds no VPC and management is not create-new', () => {
+            const appDefinition = {
+                vpc: {
+                    enable: true,
+                    // No management specified - defaults to discover
+                    // No ownership specified - defaults to auto
+                }
+            };
+            const discovery = {
+                stackManaged: [],
+                external: [],
+                fromCloudFormation: false
+            };
+            // Should throw error instead of trying to create VPC
+            expect(() => resolver.resolveVpc(appDefinition, discovery)).toThrow(
+                'VPC discovery failed: No VPC found'
+            );
+        });
+        it('should allow creating VPC when management is create-new', () => {
+            const appDefinition = {
+                vpc: {
+                    enable: true,
+                    management: 'create-new'
+                }
+            };
+            const discovery = {
+                stackManaged: [],
+                external: [],
+                fromCloudFormation: false
+            };
+            // Should NOT throw - create-new explicitly allows VPC creation
+            const decision = resolver.resolveVpc(appDefinition, discovery);
+            expect(decision.ownership).toBe(ResourceOwnership.STACK);
+            expect(decision.physicalId).toBeNull();
+        });
     });
     describe('resolveSecurityGroup', () => {

package/infrastructure/domains/shared/cloudformation-discovery.test.js CHANGED Viewed

@@ -693,6 +693,116 @@ describe('CloudFormationDiscovery', () => {
             expect(result.s3VpcEndpointId).toBe('vpce-legacy-s3');
             expect(result.dynamoDbVpcEndpointId).toBe('vpce-legacy-ddb');
         });
+        it('should extract FriggLambdaSecurityGroup from stack', async () => {
+            const mockStack = {
+                StackName: 'test-stack',
+                Outputs: [],
+            };
+            const mockResources = [
+                {
+                    LogicalResourceId: 'FriggLambdaSecurityGroup',
+                    PhysicalResourceId: 'sg-01002240c6a446202',
+                    ResourceType: 'AWS::EC2::SecurityGroup',
+                    ResourceStatus: 'UPDATE_COMPLETE',
+                },
+                {
+                    LogicalResourceId: 'FriggLambdaRouteTable',
+                    PhysicalResourceId: 'rtb-08af43bbf0775602d',
+                    ResourceType: 'AWS::EC2::RouteTable',
+                    ResourceStatus: 'UPDATE_COMPLETE',
+                },
+            ];
+            mockProvider.describeStack.mockResolvedValue(mockStack);
+            mockProvider.listStackResources.mockResolvedValue(mockResources);
+            const result = await cfDiscovery.discoverFromStack('test-stack');
+            // Lambda security group should be extracted
+            expect(result.lambdaSecurityGroupId).toBe('sg-01002240c6a446202');
+            expect(result.defaultSecurityGroupId).toBe('sg-01002240c6a446202');
+            expect(result.existingLogicalIds).toContain('FriggLambdaSecurityGroup');
+        });
+        it('should support FriggPrivateRoute naming for NAT routes', async () => {
+            const mockStack = {
+                StackName: 'test-stack',
+                Outputs: [],
+            };
+            const mockResources = [
+                {
+                    LogicalResourceId: 'FriggLambdaRouteTable',
+                    PhysicalResourceId: 'rtb-123',
+                    ResourceType: 'AWS::EC2::RouteTable',
+                    ResourceStatus: 'UPDATE_COMPLETE',
+                },
+                {
+                    LogicalResourceId: 'FriggPrivateRoute',
+                    PhysicalResourceId: 'rtb-123|0.0.0.0/0',
+                    ResourceType: 'AWS::EC2::Route',
+                    ResourceStatus: 'UPDATE_COMPLETE',
+                },
+            ];
+            mockProvider.describeStack.mockResolvedValue(mockStack);
+            mockProvider.listStackResources.mockResolvedValue(mockResources);
+            const result = await cfDiscovery.discoverFromStack('test-stack');
+            // Both FriggNATRoute and FriggPrivateRoute should be recognized
+            expect(result.natRoute).toBe('rtb-123|0.0.0.0/0');
+            expect(result.routeTableId).toBe('rtb-123');
+        });
+        it('should extract external references from route table without stackName error', async () => {
+            const mockStack = {
+                StackName: 'test-stack',
+                Outputs: [],
+            };
+            const mockResources = [
+                {
+                    LogicalResourceId: 'FriggLambdaRouteTable',
+                    PhysicalResourceId: 'rtb-real-id',
+                    ResourceType: 'AWS::EC2::RouteTable',
+                    ResourceStatus: 'UPDATE_COMPLETE',
+                },
+            ];
+            mockProvider.describeStack.mockResolvedValue(mockStack);
+            mockProvider.listStackResources.mockResolvedValue(mockResources);
+            // Mock EC2 DescribeRouteTables to return route table with VPC info
+            mockProvider.getEC2Client = jest.fn().mockReturnValue({
+                send: jest.fn().mockResolvedValue({
+                    RouteTables: [{
+                        RouteTableId: 'rtb-real-id',
+                        VpcId: 'vpc-extracted',
+                        Routes: [
+                            { NatGatewayId: 'nat-extracted', DestinationCidrBlock: '0.0.0.0/0' }
+                        ],
+                        Associations: [
+                            { SubnetId: 'subnet-1' },
+                            { SubnetId: 'subnet-2' }
+                        ]
+                    }]
+                })
+            });
+            const result = await cfDiscovery.discoverFromStack('test-stack');
+            // Should extract VPC, NAT, and subnets from route table
+            expect(result.defaultVpcId).toBe('vpc-extracted');
+            expect(result.existingNatGatewayId).toBe('nat-extracted');
+            expect(result.privateSubnetId1).toBe('subnet-1');
+            expect(result.privateSubnetId2).toBe('subnet-2');
+            // Should NOT throw 'stackName is not defined' error
+            expect(result).toBeDefined();
+        });
     });
 });

package/infrastructure/domains/shared/resource-discovery.test.js CHANGED Viewed

@@ -415,6 +415,42 @@ describe('Resource Discovery', () => {
             delete process.env.SLS_STAGE;
         });
+        it('should recognize routing infrastructure as useful data', async () => {
+            const appDefinition = {
+                name: 'test-app',
+                vpc: { enable: true },
+            };
+            process.env.SLS_STAGE = 'production';
+            // Mock CloudFormation discovery to return routing infrastructure but no VPC resource
+            const mockCloudFormationDiscovery = {
+                discoverFromStack: jest.fn().mockResolvedValue({
+                    fromCloudFormationStack: true,
+                    routeTableId: 'rtb-123',
+                    natRoute: 'rtb-123|0.0.0.0/0',
+                    vpcEndpoints: {
+                        s3: 'vpce-s3',
+                        dynamodb: 'vpce-ddb'
+                    },
+                    existingLogicalIds: ['FriggLambdaRouteTable', 'FriggNATRoute']
+                    // NO defaultVpcId, NO defaultKmsKeyId, NO auroraClusterId
+                })
+            };
+            const { CloudFormationDiscovery } = require('./cloudformation-discovery');
+            CloudFormationDiscovery.mockImplementation(() => mockCloudFormationDiscovery);
+            const result = await gatherDiscoveredResources(appDefinition);
+            // Should use CloudFormation data without falling back to AWS API
+            expect(result.routeTableId).toBe('rtb-123');
+            expect(result.vpcEndpoints.s3).toBe('vpce-s3');
+            // Should NOT call AWS API discovery
+            expect(mockVpcDiscovery.discover).not.toHaveBeenCalled();
+        });
         it('should include secrets in SSM discovery by default', async () => {
             const appDefinition = {
                 ssm: { enable: true },

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@friggframework/devtools",
   "prettier": "@friggframework/prettier-config",
-  "version": "2.0.0--canary.490.0276a54.0",
+  "version": "2.0.0--canary.490.c5ad260.0",
   "bin": {
     "frigg": "./frigg-cli/index.js"
   },
@@ -16,9 +16,9 @@
     "@babel/eslint-parser": "^7.18.9",
     "@babel/parser": "^7.25.3",
     "@babel/traverse": "^7.25.3",
-    "@friggframework/core": "2.0.0--canary.490.0276a54.0",
-    "@friggframework/schemas": "2.0.0--canary.490.0276a54.0",
-    "@friggframework/test": "2.0.0--canary.490.0276a54.0",
+    "@friggframework/core": "2.0.0--canary.490.c5ad260.0",
+    "@friggframework/schemas": "2.0.0--canary.490.c5ad260.0",
+    "@friggframework/test": "2.0.0--canary.490.c5ad260.0",
     "@hapi/boom": "^10.0.1",
     "@inquirer/prompts": "^5.3.8",
     "axios": "^1.7.2",
@@ -46,8 +46,8 @@
     "validate-npm-package-name": "^5.0.0"
   },
   "devDependencies": {
-    "@friggframework/eslint-config": "2.0.0--canary.490.0276a54.0",
-    "@friggframework/prettier-config": "2.0.0--canary.490.0276a54.0",
+    "@friggframework/eslint-config": "2.0.0--canary.490.c5ad260.0",
+    "@friggframework/prettier-config": "2.0.0--canary.490.c5ad260.0",
     "aws-sdk-client-mock": "^4.1.0",
     "aws-sdk-client-mock-jest": "^4.1.0",
     "jest": "^30.1.3",
@@ -79,5 +79,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "0276a5410ec0dfe27d1c33a04ffad76c92a22876"
+  "gitHead": "c5ad26056632a30d7ce772e3af8209e0b2d2014e"
 }