@friggframework/devtools 2.0.0--canary.490.36b3031.0 → 2.0.0--canary.490.6e556a4.0

package/infrastructure/domains/networking/vpc-builder.test.js

@@ -1348,18 +1348,19 @@ describe('VpcBuilder', () => {
         });
     });
 
-    describe('Full Frontify deployment pattern integration test', () => {
-        it('should correctly handle Frontify production scenario: external VPC + stack routing', async () => {
-            // This test replicates the EXACT Frontify production deployment scenario
+    describe('External VPC with stack-managed routing infrastructure pattern', () => {
+        it('should correctly handle external VPC with stack-managed routing infrastructure', async () => {
+            // This pattern occurs when VPC/subnets/NAT are external but routing (route tables,
+            // VPC endpoints, security groups) are managed by CloudFormation stack
             const appDefinition = {
                 vpc: { enable: true },
                 encryption: { fieldLevelEncryptionMethod: 'kms' },
             };
             
-            // Actual Frontify discovery results (from production logs)
+            // Discovery results from real-world production scenario
             const discoveredResources = {
                 fromCloudFormationStack: true,
-                stackName: 'create-frigg-app-production',
+                stackName: 'test-production-stack',
                 existingLogicalIds: [
                     'FriggLambdaSecurityGroup',
                     'FriggLambdaRouteTable',
@@ -1447,6 +1448,122 @@ describe('VpcBuilder', () => {
         });
     });
 
+    describe('convertFlatDiscoveryToStructured - VPC Endpoints from CloudFormation', () => {
+        it('should add VPC endpoints to stackManaged when in existingLogicalIds', () => {
+            const flatDiscovery = {
+                fromCloudFormationStack: true,
+                stackName: 'test-stack',
+                existingLogicalIds: [
+                    'FriggS3VPCEndpoint',
+                    'FriggDynamoDBVPCEndpoint',
+                    'FriggKMSVPCEndpoint'
+                ],
+                s3VpcEndpointId: 'vpce-s3-stack',
+                dynamodbVpcEndpointId: 'vpce-ddb-stack',
+                kmsVpcEndpointId: 'vpce-kms-stack'
+            };
+
+            const result = vpcBuilder.convertFlatDiscoveryToStructured(flatDiscovery);
+
+            // VPC endpoints should be in stackManaged (not external)
+            expect(result.stackManaged).toContainEqual(
+                expect.objectContaining({
+                    logicalId: 'FriggS3VPCEndpoint',
+                    physicalId: 'vpce-s3-stack',
+                    resourceType: 'AWS::EC2::VPCEndpoint'
+                })
+            );
+            expect(result.stackManaged).toContainEqual(
+                expect.objectContaining({
+                    logicalId: 'FriggDynamoDBVPCEndpoint',
+                    physicalId: 'vpce-ddb-stack',
+                    resourceType: 'AWS::EC2::VPCEndpoint'
+                })
+            );
+            expect(result.stackManaged).toContainEqual(
+                expect.objectContaining({
+                    logicalId: 'FriggKMSVPCEndpoint',
+                    physicalId: 'vpce-kms-stack',
+                    resourceType: 'AWS::EC2::VPCEndpoint'
+                })
+            );
+
+            // Should NOT be in external array
+            expect(result.external.some(r => r.physicalId === 'vpce-s3-stack')).toBe(false);
+            expect(result.external.some(r => r.physicalId === 'vpce-ddb-stack')).toBe(false);
+            expect(result.external.some(r => r.physicalId === 'vpce-kms-stack')).toBe(false);
+        });
+
+        it('should add VPC endpoints to external when NOT in existingLogicalIds', () => {
+            const flatDiscovery = {
+                fromCloudFormationStack: false, // AWS API discovery
+                s3VpcEndpointId: 'vpce-s3-external',
+                dynamodbVpcEndpointId: 'vpce-ddb-external'
+            };
+
+            const result = vpcBuilder.convertFlatDiscoveryToStructured(flatDiscovery);
+
+            // Should be in external (AWS discovery)
+            expect(result.external).toContainEqual(
+                expect.objectContaining({
+                    physicalId: 'vpce-s3-external',
+                    resourceType: 'AWS::EC2::VPCEndpoint',
+                    source: 'aws-discovery'
+                })
+            );
+
+            // Should NOT be in stackManaged
+            expect(result.stackManaged.some(r => r.physicalId === 'vpce-s3-external')).toBe(false);
+        });
+
+        it('should preserve existing VPC endpoints and only create missing ones', async () => {
+            const appDefinition = {
+                vpc: { enable: true },
+                encryption: { fieldLevelEncryptionMethod: 'kms' },
+            };
+            
+            const discoveredResources = {
+                fromCloudFormationStack: true,
+                stackName: 'test-stack',
+                existingLogicalIds: [
+                    'FriggS3VPCEndpoint',      // In stack
+                    'FriggDynamoDBVPCEndpoint', // In stack
+                    'FriggKMSVPCEndpoint'       // In stack
+                    // SecretsManager and SQS NOT in stack (were deleted)
+                ],
+                defaultVpcId: 'vpc-123',
+                privateSubnetId1: 'subnet-1',
+                privateSubnetId2: 'subnet-2',
+                lambdaSecurityGroupId: 'sg-123',
+                routeTableId: 'rtb-123',
+                // Endpoints in stack
+                s3VpcEndpointId: 'vpce-s3-existing',
+                dynamodbVpcEndpointId: 'vpce-ddb-existing',
+                kmsVpcEndpointId: 'vpce-kms-existing'
+                // secretsManagerVpcEndpointId and sqsVpcEndpointId NOT present
+            };
+
+            const result = await vpcBuilder.build(appDefinition, discoveredResources);
+
+            // Existing endpoints MUST be in template (re-added)
+            expect(result.resources.FriggS3VPCEndpoint).toBeDefined();
+            expect(result.resources.FriggS3VPCEndpoint.Properties.VpcId).toBe('vpc-123');
+            
+            expect(result.resources.FriggDynamoDBVPCEndpoint).toBeDefined();
+            expect(result.resources.FriggDynamoDBVPCEndpoint.Properties.VpcId).toBe('vpc-123');
+            
+            expect(result.resources.FriggKMSVPCEndpoint).toBeDefined();
+            expect(result.resources.FriggKMSVPCEndpoint.Properties.VpcId).toBe('vpc-123');
+
+            // Missing endpoints should also be created
+            expect(result.resources.FriggSecretsManagerVPCEndpoint).toBeDefined();
+            expect(result.resources.FriggSQSVPCEndpoint).toBeDefined();
+            
+            // VPC Endpoint Security Group should be created
+            expect(result.resources.FriggVPCEndpointSecurityGroup).toBeDefined();
+        });
+    });
+
     describe('convertFlatDiscoveryToStructured - CloudFormation query results', () => {
         it('should add VPC from CloudFormation query to external array', () => {
             const flatDiscovery = {
@@ -1539,10 +1656,10 @@ describe('VpcBuilder', () => {
             expect(result.external.some(r => r.physicalId === 'subnet-in-stack')).toBe(false);
         });
 
-        it('should handle Frontify pattern: stack resources + queried external references', () => {
+        it('should handle external VPC pattern: stack resources + queried external references', () => {
             const flatDiscovery = {
                 fromCloudFormationStack: true,
-                stackName: 'create-frigg-app-production',
+                stackName: 'test-production-stack',
                 existingLogicalIds: [
                     'FriggLambdaSecurityGroup',
                     'FriggLambdaRouteTable',
@@ -1554,14 +1671,14 @@ describe('VpcBuilder', () => {
                     'FriggKMSVPCEndpoint'
                 ],
                 // Stack resources
-                lambdaSecurityGroupId: 'sg-01002240c6a446202',
-                routeTableId: 'rtb-08af43bbf0775602d',
-                s3VpcEndpointId: 'vpce-s3',
+                lambdaSecurityGroupId: 'sg-stack-123',
+                routeTableId: 'rtb-stack-456',
+                s3VpcEndpointId: 'vpce-s3-stack',
                 // External resources (discovered via queries)
-                defaultVpcId: 'vpc-0cd17c0e06cb28b28',
-                privateSubnetId1: 'subnet-034f6562dbbc16348',
-                privateSubnetId2: 'subnet-0b8be2b82aeb5cdec',
-                existingNatGatewayId: 'nat-022660c36a47e2d79'
+                defaultVpcId: 'vpc-external-123',
+                privateSubnetId1: 'subnet-external-1',
+                privateSubnetId2: 'subnet-external-2',
+                existingNatGatewayId: 'nat-external-789'
             };
 
             const result = vpcBuilder.convertFlatDiscoveryToStructured(flatDiscovery);
@@ -1569,19 +1686,19 @@ describe('VpcBuilder', () => {
             // Stack resources should be in stackManaged
             expect(result.stackManaged).toEqual(
                 expect.arrayContaining([
-                    expect.objectContaining({ logicalId: 'FriggLambdaSecurityGroup', physicalId: 'sg-01002240c6a446202' }),
-                    expect.objectContaining({ logicalId: 'FriggLambdaRouteTable', physicalId: 'rtb-08af43bbf0775602d' }),
-                    expect.objectContaining({ logicalId: 'FriggS3VPCEndpoint' })
+                    expect.objectContaining({ logicalId: 'FriggLambdaSecurityGroup', physicalId: 'sg-stack-123' }),
+                    expect.objectContaining({ logicalId: 'FriggLambdaRouteTable', physicalId: 'rtb-stack-456' }),
+                    expect.objectContaining({ logicalId: 'FriggS3VPCEndpoint', physicalId: 'vpce-s3-stack' })
                 ])
             );
 
             // External resources should be in external array
             expect(result.external).toEqual(
                 expect.arrayContaining([
-                    expect.objectContaining({ physicalId: 'vpc-0cd17c0e06cb28b28', resourceType: 'AWS::EC2::VPC', source: 'cloudformation-query' }),
-                    expect.objectContaining({ physicalId: 'subnet-034f6562dbbc16348', resourceType: 'AWS::EC2::Subnet', source: 'cloudformation-query' }),
-                    expect.objectContaining({ physicalId: 'subnet-0b8be2b82aeb5cdec', resourceType: 'AWS::EC2::Subnet', source: 'cloudformation-query' }),
-                    expect.objectContaining({ physicalId: 'nat-022660c36a47e2d79', resourceType: 'AWS::EC2::NatGateway', source: 'cloudformation-query' })
+                    expect.objectContaining({ physicalId: 'vpc-external-123', resourceType: 'AWS::EC2::VPC', source: 'cloudformation-query' }),
+                    expect.objectContaining({ physicalId: 'subnet-external-1', resourceType: 'AWS::EC2::Subnet', source: 'cloudformation-query' }),
+                    expect.objectContaining({ physicalId: 'subnet-external-2', resourceType: 'AWS::EC2::Subnet', source: 'cloudformation-query' }),
+                    expect.objectContaining({ physicalId: 'nat-external-789', resourceType: 'AWS::EC2::NatGateway', source: 'cloudformation-query' })
                 ])
             );
         });

package/infrastructure/domains/shared/cloudformation-discovery.test.js

@@ -589,7 +589,7 @@ describe('CloudFormationDiscovery', () => {
 
     describe('External VPC with routing infrastructure pattern', () => {
         it('should discover routing resources when VPC is external', async () => {
-            // This tests the Frontify pattern: external VPC/subnets/KMS,
+            // This tests the external VPC pattern: external VPC/subnets/KMS,
             // but stack creates routing infrastructure (route table, NAT route, VPC endpoints)
             const mockStack = {
                 StackName: 'create-frigg-app-production',

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@friggframework/devtools",
   "prettier": "@friggframework/prettier-config",
-  "version": "2.0.0--canary.490.36b3031.0",
+  "version": "2.0.0--canary.490.6e556a4.0",
   "bin": {
     "frigg": "./frigg-cli/index.js"
   },
@@ -16,9 +16,9 @@
     "@babel/eslint-parser": "^7.18.9",
     "@babel/parser": "^7.25.3",
     "@babel/traverse": "^7.25.3",
-    "@friggframework/core": "2.0.0--canary.490.36b3031.0",
-    "@friggframework/schemas": "2.0.0--canary.490.36b3031.0",
-    "@friggframework/test": "2.0.0--canary.490.36b3031.0",
+    "@friggframework/core": "2.0.0--canary.490.6e556a4.0",
+    "@friggframework/schemas": "2.0.0--canary.490.6e556a4.0",
+    "@friggframework/test": "2.0.0--canary.490.6e556a4.0",
     "@hapi/boom": "^10.0.1",
     "@inquirer/prompts": "^5.3.8",
     "axios": "^1.7.2",
@@ -46,8 +46,8 @@
     "validate-npm-package-name": "^5.0.0"
   },
   "devDependencies": {
-    "@friggframework/eslint-config": "2.0.0--canary.490.36b3031.0",
-    "@friggframework/prettier-config": "2.0.0--canary.490.36b3031.0",
+    "@friggframework/eslint-config": "2.0.0--canary.490.6e556a4.0",
+    "@friggframework/prettier-config": "2.0.0--canary.490.6e556a4.0",
     "aws-sdk-client-mock": "^4.1.0",
     "aws-sdk-client-mock-jest": "^4.1.0",
     "jest": "^30.1.3",
@@ -79,5 +79,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "36b30311e062560a65a75a864b880bff01a745e7"
+  "gitHead": "6e556a4ddd243fe9163916341b1d70c31dd86ca0"
 }