npm - @iacmp/cli - Versions diffs - 1.1.0 - Mend

@iacmp/cli 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/LICENSE +21 -0
package/bin/run.js +73 -0
package/dist/chat.js +4068 -0
package/dist/commands/ai.js +3985 -0
package/dist/commands/audit-all.js +1039 -0
package/dist/commands/audit-dr.js +351 -0
package/dist/commands/audit-ha.js +375 -0
package/dist/commands/audit-improvements.js +373 -0
package/dist/commands/audit-security.js +351 -0
package/dist/commands/dashboard.js +417 -0
package/dist/commands/deploy.js +188 -0
package/dist/commands/destroy.js +194 -0
package/dist/commands/diagram.js +896 -0
package/dist/commands/diff.js +4420 -0
package/dist/commands/doctor.js +191 -0
package/dist/commands/init.js +507 -0
package/dist/commands/ls.js +75 -0
package/dist/commands/registry.js +170 -0
package/dist/commands/registry.json +29 -0
package/dist/commands/synth.js +4458 -0
package/dist/commands/watch.js +133 -0
package/dist/index.js +30 -0
package/oclif.manifest.json +727 -0
package/package.json +95 -0

package/dist/commands/diagram.js ADDED Viewed

@@ -0,0 +1,896 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/commands/diagram.ts
+var diagram_exports = {};
+__export(diagram_exports, {
+  default: () => Diagram
+});
+module.exports = __toCommonJS(diagram_exports);
+var import_core = require("@oclif/core");
+var import_chalk = __toESM(require("chalk"));
+var fs3 = __toESM(require("fs"));
+var path2 = __toESM(require("path"));
+// src/audit.ts
+var fs2 = __toESM(require("fs"));
+var path = __toESM(require("path"));
+// src/utils.ts
+var fs = __toESM(require("fs"));
+function readJsonFile(filePath) {
+  let content;
+  try {
+    content = fs.readFileSync(filePath, "utf-8");
+  } catch (e) {
+    throw new Error(`Falha ao ler '${filePath}': ${errMessage(e)}`);
+  }
+  try {
+    return JSON.parse(content);
+  } catch (e) {
+    throw new Error(`JSON inv\xE1lido em '${filePath}': ${errMessage(e)}`);
+  }
+}
+function errMessage(e) {
+  if (e instanceof Error) return e.message;
+  if (typeof e === "string") return e;
+  try {
+    return JSON.stringify(e);
+  } catch {
+    return String(e);
+  }
+}
+// src/audit.ts
+function readConfig(cwd) {
+  const configPath = path.join(cwd, "iacmp.json");
+  if (!fs2.existsSync(configPath)) throw new Error("iacmp.json n\xE3o encontrado. Rode: iacmp init");
+  const config = readJsonFile(configPath);
+  return {
+    name: config.name ?? path.basename(cwd),
+    provider: config.provider ?? "aws"
+  };
+}
+function resolveTsNode(projectDir) {
+  const dirs = [];
+  let dir = projectDir;
+  for (let i = 0; i < 5; i++) {
+    dirs.push(dir);
+    const parent = path.dirname(dir);
+    if (parent === dir) break;
+    dir = parent;
+  }
+  for (const d of dirs) {
+    const tsNodePath = path.join(d, "node_modules", "ts-node");
+    if (fs2.existsSync(tsNodePath)) return tsNodePath;
+  }
+  return null;
+}
+function findStackFiles(dir) {
+  const entries = fs2.readdirSync(dir, { withFileTypes: true });
+  const files = [];
+  for (const entry of entries) {
+    const full = path.join(dir, entry.name);
+    if (entry.isDirectory()) {
+      files.push(...findStackFiles(full));
+    } else if (entry.name.endsWith(".ts") || entry.name.endsWith(".js")) {
+      files.push(full);
+    }
+  }
+  return files;
+}
+function loadStacks(cwd) {
+  const stacksDir = path.join(cwd, "stacks");
+  if (!fs2.existsSync(stacksDir)) throw new Error("Diret\xF3rio stacks/ n\xE3o encontrado.");
+  const stackFiles = findStackFiles(stacksDir);
+  if (stackFiles.length === 0) throw new Error("Nenhuma stack encontrada em stacks/");
+  const tsNodePath = resolveTsNode(cwd);
+  if (tsNodePath) {
+    require(tsNodePath).register({
+      transpileOnly: true,
+      skipProject: true,
+      compilerOptions: {
+        target: "ES2022",
+        module: "commonjs",
+        moduleResolution: "node",
+        esModuleInterop: true,
+        strict: false,
+        skipLibCheck: true
+      }
+    });
+  }
+  const result = [];
+  for (const stackPath of stackFiles) {
+    const stackName = path.basename(stackPath).replace(/\.(ts|js)$/, "");
+    try {
+      const mod = require(stackPath);
+      const raw = mod.default ?? mod.stack ?? mod;
+      if (!raw || typeof raw !== "object" || !("constructs" in raw)) {
+        console.warn(`[audit] ${path.basename(stackPath)} n\xE3o exporta uma Stack v\xE1lida \u2014 ignorado.`);
+        continue;
+      }
+      result.push({ name: stackName, stack: raw });
+    } catch (err) {
+      console.warn(`[audit] falha ao carregar ${path.basename(stackPath)}: ${errMessage(err)}`);
+    }
+  }
+  return result;
+}
+// src/diagram/builder.ts
+var TYPE_META = {
+  "Compute.Instance": { emoji: "\u2699\uFE0F", technology: "Virtual Machine" },
+  "Compute.AutoScaling": { emoji: "\u2699\uFE0F", technology: "Auto Scaling Group" },
+  "Compute.Container": { emoji: "\u{1F4E6}", technology: "Container" },
+  "Compute.Kubernetes": { emoji: "\u2638\uFE0F", technology: "Kubernetes" },
+  "Storage.Bucket": { emoji: "\u{1F5C2}\uFE0F", technology: "Object Storage" },
+  "Storage.FileSystem": { emoji: "\u{1F5C4}\uFE0F", technology: "File System" },
+  "Storage.Archive": { emoji: "\u{1F5C3}\uFE0F", technology: "Archive Storage" },
+  "Network.VPC": { emoji: "\u{1F310}", technology: "Virtual Network" },
+  "Network.Subnet": { emoji: "\u{1F500}", technology: "Subnet" },
+  "Network.SecurityGroup": { emoji: "\u{1F6E1}\uFE0F", technology: "Security Group" },
+  "Network.WAF": { emoji: "\u{1F512}", technology: "WAF" },
+  "Network.LoadBalancer": { emoji: "\u2696\uFE0F", technology: "Load Balancer" },
+  "Network.CDN": { emoji: "\u{1F30D}", technology: "CDN" },
+  "Network.Dns": { emoji: "\u{1F310}", technology: "DNS" },
+  "Database.SQL": { emoji: "\u{1F5C4}\uFE0F", technology: "Relational DB" },
+  "Database.DocumentDB": { emoji: "\u{1F4C4}", technology: "Document DB" },
+  "Database.DynamoDB": { emoji: "\u26A1", technology: "NoSQL Database" },
+  "Cache.Redis": { emoji: "\u26A1", technology: "Redis Cache" },
+  "Cache.Memcached": { emoji: "\u26A1", technology: "Memcached Cache" },
+  "Function.Lambda": { emoji: "\u26A1", technology: "Serverless" },
+  "Function.ApiGateway": { emoji: "\u{1F50C}", technology: "API Gateway" },
+  "Policy.IAM": { emoji: "\u{1F511}", technology: "IAM Policy" },
+  "Events.EventBridge": { emoji: "\u{1F4E1}", technology: "Event Bus" },
+  "Workflow.StepFunctions": { emoji: "\u{1F504}", technology: "Step Functions" },
+  "Messaging.Queue": { emoji: "\u{1F4E8}", technology: "Queue" },
+  "Messaging.Topic": { emoji: "\u{1F4E2}", technology: "Topic" },
+  "Secret.Vault": { emoji: "\u{1F510}", technology: "Secrets Manager" },
+  "Certificate.TLS": { emoji: "\u{1F50F}", technology: "TLS Certificate" },
+  "Monitoring.Alarm": { emoji: "\u{1F6A8}", technology: "Monitoring Alarm" },
+  "Monitoring.Dashboard": { emoji: "\u{1F4CA}", technology: "Monitoring Dashboard" },
+  "Logging.Stream": { emoji: "\u{1F4CB}", technology: "Log Stream" }
+};
+var PROVIDER_TECH_OVERRIDE = {
+  aws: {
+    "Compute.Container": "Container (ECS/Fargate)",
+    "Compute.Kubernetes": "Kubernetes (EKS)",
+    "Storage.FileSystem": "File System (EFS)",
+    "Storage.Archive": "Archive (Glacier)",
+    "Network.CDN": "CDN (CloudFront)",
+    "Network.Dns": "DNS (Route53)",
+    "Database.DynamoDB": "DynamoDB",
+    "Function.ApiGateway": "API Gateway",
+    "Messaging.Queue": "Queue (SQS)",
+    "Messaging.Topic": "Topic (SNS)",
+    "Certificate.TLS": "TLS Certificate (ACM)",
+    "Monitoring.Alarm": "CloudWatch Alarm",
+    "Monitoring.Dashboard": "CloudWatch Dashboard",
+    "Logging.Stream": "CloudWatch Logs"
+  },
+  azure: {
+    "Compute.Container": "Container Instances",
+    "Compute.Kubernetes": "Kubernetes Service (AKS)",
+    "Storage.FileSystem": "Azure Files",
+    "Storage.Archive": "Archive Storage",
+    "Network.CDN": "CDN Profile",
+    "Network.Dns": "DNS Zone",
+    "Database.DynamoDB": "Table Storage",
+    "Function.ApiGateway": "API Management",
+    "Messaging.Queue": "Queue (Service Bus)",
+    "Messaging.Topic": "Topic (Service Bus)",
+    "Certificate.TLS": "TLS Certificate (Key Vault)",
+    "Monitoring.Alarm": "Monitor Alert",
+    "Monitoring.Dashboard": "Monitor Dashboard",
+    "Logging.Stream": "Log Analytics"
+  },
+  gcp: {
+    "Compute.Container": "Cloud Run",
+    "Compute.Kubernetes": "Kubernetes Engine (GKE)",
+    "Storage.FileSystem": "Filestore",
+    "Storage.Archive": "Archive Storage",
+    "Network.CDN": "Cloud CDN",
+    "Network.Dns": "Cloud DNS",
+    "Database.DynamoDB": "Bigtable",
+    "Function.ApiGateway": "Cloud Endpoints",
+    "Messaging.Queue": "Pub/Sub Queue",
+    "Messaging.Topic": "Pub/Sub Topic",
+    "Certificate.TLS": "TLS Certificate",
+    "Monitoring.Alarm": "Cloud Monitoring Alert",
+    "Monitoring.Dashboard": "Cloud Monitoring Dashboard",
+    "Logging.Stream": "Cloud Logging"
+  }
+};
+function safeId(raw) {
+  return raw.replace(/[^a-zA-Z0-9_]/g, "_");
+}
+function describeProps(c) {
+  const p = c.props;
+  const parts = [];
+  if (c.type === "Compute.Instance") {
+    if (p.instanceType) parts.push(`size: ${p.instanceType}`);
+    if (p.image) parts.push(`image: ${p.image}`);
+  }
+  if (c.type === "Storage.Bucket") {
+    parts.push(p.versioning ? "versioning: on" : "versioning: off");
+    parts.push(p.publicAccess ? "public" : "private");
+  }
+  if (c.type === "Network.VPC") {
+    if (p.cidr) parts.push(`cidr: ${p.cidr}`);
+    if (p.maxAzs) parts.push(`maxAzs: ${p.maxAzs}`);
+  }
+  if (c.type === "Database.SQL") {
+    if (p.engine) parts.push(`engine: ${p.engine}`);
+    if (p.multiAz) parts.push("Multi-AZ");
+    if (p.instanceType) parts.push(`size: ${p.instanceType}`);
+  }
+  if (c.type === "Function.Lambda") {
+    if (p.runtime) parts.push(`runtime: ${p.runtime}`);
+    if (p.memory) parts.push(`memory: ${p.memory}MB`);
+    if (p.handler) parts.push(`handler: ${p.handler}`);
+  }
+  if (c.type === "Network.SecurityGroup") {
+    const ingress = p.ingressRules ?? [];
+    if (ingress.length > 0) parts.push(`${ingress.length} ingress rules`);
+  }
+  if (c.type === "Network.WAF") {
+    const rules = p.rules ?? [];
+    parts.push(`${rules.length} rules`);
+    if (p.scope) parts.push(`scope: ${p.scope}`);
+  }
+  if (c.type === "Cache.Redis") {
+    if (p.nodeType) parts.push(`size: ${p.nodeType}`);
+    if (p.numCacheNodes) parts.push(`nodes: ${p.numCacheNodes}`);
+  }
+  if (c.type === "Database.DocumentDB") {
+    if (p.instances) parts.push(`instances: ${p.instances}`);
+  }
+  if (c.type === "Policy.IAM") {
+    if (p.attachTo) parts.push(`attachTo: ${p.attachTo}`);
+    if (p.attachType) parts.push(`type: ${p.attachType}`);
+  }
+  if (c.type === "Events.EventBridge") {
+    const rules = p.rules ?? [];
+    if (rules.length > 0) parts.push(`${rules.length} rules`);
+  }
+  if (c.type === "Workflow.StepFunctions") {
+    const steps = p.steps ?? [];
+    parts.push(`${steps.length} steps`);
+    if (p.type) parts.push(p.type);
+  }
+  if (c.type === "Messaging.Queue") {
+    if (p.fifo) parts.push("FIFO");
+    if (p.encrypted) parts.push("encrypted");
+    if (p.dlqArn) parts.push("DLQ configured");
+  }
+  if (c.type === "Messaging.Topic") {
+    if (p.fifo) parts.push("FIFO");
+    const subs = p.subscriptions ?? [];
+    if (subs.length > 0) parts.push(`${subs.length} subscriptions`);
+  }
+  if (c.type === "Compute.AutoScaling") {
+    if (p.minCapacity !== void 0) parts.push(`min: ${p.minCapacity}`);
+    if (p.maxCapacity !== void 0) parts.push(`max: ${p.maxCapacity}`);
+    if (p.targetCpuUtilization) parts.push(`cpu: ${p.targetCpuUtilization}%`);
+  }
+  if (c.type === "Compute.Container") {
+    if (p.image) parts.push(`image: ${p.image}`);
+    if (p.cpu) parts.push(`cpu: ${p.cpu}`);
+    if (p.memory) parts.push(`mem: ${p.memory}MB`);
+  }
+  if (c.type === "Compute.Kubernetes") {
+    if (p.version) parts.push(`k8s: ${p.version}`);
+    if (p.desiredNodes) parts.push(`nodes: ${p.desiredNodes}`);
+    if (p.nodeInstanceType) parts.push(`size: ${p.nodeInstanceType}`);
+  }
+  if (c.type === "Storage.FileSystem") {
+    if (p.performanceMode) parts.push(`perf: ${p.performanceMode}`);
+    if (p.encrypted) parts.push("encrypted");
+    const aps = p.accessPoints ?? [];
+    if (aps.length > 0) parts.push(`${aps.length} access points`);
+  }
+  if (c.type === "Storage.Archive") {
+    if (p.retentionDays) parts.push(`retention: ${p.retentionDays}d`);
+    if (p.lockEnabled) parts.push("lock enabled");
+  }
+  if (c.type === "Network.LoadBalancer") {
+    if (p.type) parts.push(`type: ${p.type}`);
+    if (p.scheme) parts.push(p.scheme);
+    const tgs = p.targetGroups ?? [];
+    if (tgs.length > 0) parts.push(`${tgs.length} target groups`);
+  }
+  if (c.type === "Network.CDN") {
+    const origins = p.origins ?? [];
+    if (origins.length > 0) parts.push(`${origins.length} origins`);
+    if (p.priceClass) parts.push(p.priceClass);
+  }
+  if (c.type === "Network.Dns") {
+    if (p.zoneName) parts.push(`zone: ${p.zoneName}`);
+    const records = p.records ?? [];
+    if (records.length > 0) parts.push(`${records.length} records`);
+  }
+  if (c.type === "Database.DynamoDB") {
+    if (p.partitionKey) parts.push(`pk: ${p.partitionKey}`);
+    if (p.billingMode) parts.push(p.billingMode);
+    if (p.streamEnabled) parts.push("streams on");
+  }
+  if (c.type === "Cache.Memcached") {
+    if (p.nodeType) parts.push(`size: ${p.nodeType}`);
+    if (p.numCacheNodes) parts.push(`nodes: ${p.numCacheNodes}`);
+  }
+  if (c.type === "Function.ApiGateway") {
+    if (p.type) parts.push(`type: ${p.type}`);
+    if (p.stageName) parts.push(`stage: ${p.stageName}`);
+    const routes = p.routes ?? [];
+    if (routes.length > 0) parts.push(`${routes.length} routes`);
+  }
+  if (c.type === "Secret.Vault") {
+    if (p.rotationDays) parts.push(`rotation: ${p.rotationDays}d`);
+    if (p.kmsKeyId) parts.push("KMS encrypted");
+  }
+  if (c.type === "Certificate.TLS") {
+    if (p.domainName) parts.push(`domain: ${p.domainName}`);
+    if (p.validationMethod) parts.push(p.validationMethod);
+  }
+  if (c.type === "Monitoring.Alarm") {
+    if (p.metricName) parts.push(`metric: ${p.metricName}`);
+    if (p.threshold !== void 0) parts.push(`threshold: ${p.threshold}`);
+  }
+  if (c.type === "Monitoring.Dashboard") {
+    const widgets = p.widgets ?? [];
+    parts.push(`${widgets.length} widgets`);
+  }
+  if (c.type === "Logging.Stream") {
+    if (p.retentionDays) parts.push(`retention: ${p.retentionDays}d`);
+    const filters = p.subscriptionFilters ?? [];
+    if (filters.length > 0) parts.push(`${filters.length} filters`);
+  }
+  return parts.join(", ");
+}
+function buildStackDiagram(name, stack, provider) {
+  const techOverride = PROVIDER_TECH_OVERRIDE[provider] ?? {};
+  const nodes = stack.constructs.map((c) => {
+    const meta = TYPE_META[c.type] ?? { emoji: "\u25A1", technology: c.type };
+    const technology = techOverride[c.type] ?? meta.technology;
+    return {
+      id: safeId(`${name}_${c.id}`),
+      label: c.id,
+      constructType: c.type,
+      technology,
+      description: describeProps(c),
+      props: c.props
+    };
+  });
+  const relationships = [];
+  const vpcs = nodes.filter((n) => n.constructType === "Network.VPC");
+  const lambdas = nodes.filter((n) => n.constructType === "Function.Lambda");
+  const databases = nodes.filter((n) => n.constructType === "Database.SQL");
+  if (vpcs.length === 1) {
+    const vpcId = vpcs[0].id;
+    for (const node of nodes) {
+      if (node.id === vpcId) continue;
+      relationships.push({ sourceId: vpcId, targetId: node.id, label: "inferred", inferred: true });
+    }
+  }
+  if (lambdas.length > 0 && databases.length > 0) {
+    for (const lambda of lambdas) {
+      for (const db of databases) {
+        relationships.push({ sourceId: lambda.id, targetId: db.id, label: "reads", inferred: true });
+      }
+    }
+  }
+  const apiGateways = stack.constructs.filter((c) => c.type === "Function.ApiGateway");
+  for (const gw of apiGateways) {
+    const routes = gw.props?.routes ?? [];
+    const gwNode = nodes.find((n) => n.label === gw.id);
+    if (!gwNode) continue;
+    for (const route of routes) {
+      if (!route.lambdaId) continue;
+      const lambdaNode = nodes.find((n) => n.label === route.lambdaId);
+      if (lambdaNode) {
+        relationships.push({ sourceId: gwNode.id, targetId: lambdaNode.id, label: "invokes", inferred: false });
+      }
+    }
+    const authorizerLambdaId = gw.props?.authorizerLambdaId;
+    if (authorizerLambdaId) {
+      const authorizerNode = nodes.find((n) => n.label === authorizerLambdaId);
+      if (authorizerNode) {
+        relationships.push({ sourceId: gwNode.id, targetId: authorizerNode.id, label: "authorizes", inferred: false });
+      }
+    }
+  }
+  return { name, nodes, relationships };
+}
+function inferCrossStackRelationships(builtStacks) {
+  const relationships = [];
+  const nodeById = {};
+  for (const s of builtStacks) {
+    for (const n of s.nodes) nodeById[n.id] = n;
+  }
+  const ENV_HINTS = [
+    { pattern: /TABLE_NAME|DYNAMO|DYNAMODB/i, targetType: "Database.DynamoDB", label: "reads table" },
+    { pattern: /DB_HOST|DB_URL|DATABASE_URL/i, targetType: "Database.SQL", label: "connects db" },
+    { pattern: /BUCKET_NAME|S3_BUCKET/i, targetType: "Storage.Bucket", label: "reads bucket" },
+    { pattern: /VPC_ID|VPC_CIDR/i, targetType: "Network.VPC", label: "uses vpc" },
+    { pattern: /REDIS_URL|REDIS_HOST|CACHE_URL/i, targetType: "Cache.Redis", label: "uses cache" },
+    { pattern: /MEMCACHED_URL|MEMCACHE_HOST/i, targetType: "Cache.Memcached", label: "uses memcached" },
+    { pattern: /DOCDB_URL|MONGO_URL/i, targetType: "Database.DocumentDB", label: "reads docdb" },
+    { pattern: /QUEUE_URL|SQS_URL/i, targetType: "Messaging.Queue", label: "sends to queue" },
+    { pattern: /TOPIC_ARN|SNS_ARN/i, targetType: "Messaging.Topic", label: "publishes to" },
+    { pattern: /API_URL|API_ENDPOINT|APIGW/i, targetType: "Function.ApiGateway", label: "calls api" },
+    { pattern: /SECRET_ARN|SECRETS_MANAGER/i, targetType: "Secret.Vault", label: "reads secret" },
+    { pattern: /EFS_ID|FILESYSTEM_ID/i, targetType: "Storage.FileSystem", label: "mounts filesystem" },
+    { pattern: /LOG_GROUP|LOG_STREAM/i, targetType: "Logging.Stream", label: "writes logs" }
+  ];
+  const ENV_CAPABLE_TYPES = /* @__PURE__ */ new Set([
+    "Function.Lambda",
+    "Compute.Container",
+    "Compute.Instance",
+    "Compute.AutoScaling"
+  ]);
+  for (const srcStack of builtStacks) {
+    for (const srcNode of srcStack.nodes) {
+      if (!ENV_CAPABLE_TYPES.has(srcNode.constructType)) continue;
+      const env = srcNode.props?.environment;
+      if (!env || Object.keys(env).length === 0) continue;
+      for (const hint of ENV_HINTS) {
+        const matched = Object.keys(env).some((k) => hint.pattern.test(k));
+        if (!matched) continue;
+        for (const tgtStack of builtStacks) {
+          if (tgtStack.name === srcStack.name) continue;
+          for (const tgtNode of tgtStack.nodes) {
+            if (tgtNode.constructType !== hint.targetType) continue;
+            relationships.push({
+              sourceId: srcNode.id,
+              targetId: tgtNode.id,
+              label: hint.label,
+              inferred: true
+            });
+          }
+        }
+      }
+    }
+  }
+  for (const srcStack of builtStacks) {
+    for (const srcNode of srcStack.nodes) {
+      if (srcNode.constructType !== "Function.ApiGateway") continue;
+      const routes = srcNode.props?.routes ?? [];
+      for (const route of routes) {
+        if (!route.lambdaId) continue;
+        for (const tgtStack of builtStacks) {
+          if (tgtStack.name === srcStack.name) continue;
+          const tgtNode = tgtStack.nodes.find((n) => n.label === route.lambdaId);
+          if (tgtNode) {
+            relationships.push({ sourceId: srcNode.id, targetId: tgtNode.id, label: "invokes", inferred: false });
+          }
+        }
+      }
+      const authorizerLambdaId = srcNode.props?.authorizerLambdaId;
+      if (authorizerLambdaId) {
+        for (const tgtStack of builtStacks) {
+          if (tgtStack.name === srcStack.name) continue;
+          const tgtNode = tgtStack.nodes.find((n) => n.label === authorizerLambdaId);
+          if (tgtNode) {
+            relationships.push({ sourceId: srcNode.id, targetId: tgtNode.id, label: "authorizes", inferred: false });
+          }
+        }
+      }
+    }
+  }
+  return relationships;
+}
+function buildModel(projectName, provider, region, stacks) {
+  const builtStacks = stacks.map(({ name, stack }) => buildStackDiagram(name, stack, provider));
+  const seenNodeIds = /* @__PURE__ */ new Set();
+  for (const s of builtStacks) {
+    s.nodes = s.nodes.filter((n) => {
+      if (seenNodeIds.has(n.id)) return false;
+      seenNodeIds.add(n.id);
+      return true;
+    });
+    s.relationships = s.relationships.filter(
+      (r) => seenNodeIds.has(r.sourceId) && seenNodeIds.has(r.targetId)
+    );
+  }
+  const mergedByName = /* @__PURE__ */ new Map();
+  for (const s of builtStacks) {
+    const existing = mergedByName.get(s.name);
+    if (existing) {
+      existing.nodes.push(...s.nodes);
+      existing.relationships.push(...s.relationships);
+    } else {
+      mergedByName.set(s.name, { name: s.name, nodes: [...s.nodes], relationships: [...s.relationships] });
+    }
+  }
+  const mergedStacks = [...mergedByName.values()];
+  const nonEmptyStacks = mergedStacks.filter((s) => s.nodes.length > 0);
+  const crossRelationships = inferCrossStackRelationships(builtStacks);
+  for (const rel of crossRelationships) {
+    for (const s of nonEmptyStacks) {
+      if (s.nodes.some((n) => n.id === rel.sourceId)) {
+        s.relationships.push(rel);
+        break;
+      }
+    }
+  }
+  return {
+    projectName,
+    provider,
+    region,
+    stacks: nonEmptyStacks
+  };
+}
+// src/diagram/structurizr.ts
+var AWS_TYPE_TAG = {
+  "Compute.Instance": "Amazon Web Services - EC2 Instance",
+  "Compute.AutoScaling": "Amazon Web Services - EC2 Auto Scaling",
+  "Compute.Container": "Amazon Web Services - Elastic Container Service",
+  "Compute.Kubernetes": "Amazon Web Services - Elastic Kubernetes Service",
+  "Storage.Bucket": "Amazon Web Services - Simple Storage Service",
+  "Storage.FileSystem": "Amazon Web Services - EFS",
+  "Storage.Archive": "Amazon Web Services - Simple Storage Service Glacier",
+  "Network.VPC": "Amazon Web Services - VPC Virtual private cloud VPC",
+  "Network.Subnet": "Amazon Web Services - VPC Virtual private cloud VPC",
+  "Network.SecurityGroup": "Amazon Web Services - VPC Virtual private cloud VPC",
+  "Network.WAF": "Amazon Web Services - WAF",
+  "Network.LoadBalancer": "Amazon Web Services - Elastic Load Balancing",
+  "Network.CDN": "Amazon Web Services - CloudFront",
+  "Network.Dns": "Amazon Web Services - Route 53",
+  "Database.SQL": "Amazon Web Services - RDS",
+  "Database.DocumentDB": "Amazon Web Services - DocumentDB",
+  "Database.DynamoDB": "Amazon Web Services - DynamoDB",
+  "Cache.Redis": "Amazon Web Services - ElastiCache ElastiCache for Redis",
+  "Cache.Memcached": "Amazon Web Services - ElastiCache ElastiCache for Memcached",
+  "Function.Lambda": "Amazon Web Services - Lambda",
+  "Function.ApiGateway": "Amazon Web Services - API Gateway",
+  "Policy.IAM": "Amazon Web Services - Identity and Access Management",
+  "Events.EventBridge": "Amazon Web Services - EventBridge",
+  "Workflow.StepFunctions": "Amazon Web Services - Step Functions",
+  "Messaging.Queue": "Amazon Web Services - Simple Queue Service Queue",
+  "Messaging.Topic": "Amazon Web Services - Simple Notification Service Topic",
+  "Secret.Vault": "Amazon Web Services - Secrets Manager",
+  "Certificate.TLS": "Amazon Web Services - Certificate Manager",
+  "Monitoring.Alarm": "Amazon Web Services - CloudWatch Alarm",
+  "Monitoring.Dashboard": "Amazon Web Services - CloudWatch",
+  "Logging.Stream": "Amazon Web Services - CloudWatch Logs"
+};
+var AZURE_TYPE_TAG = {
+  "Compute.Instance": "Microsoft Azure - Virtual Machine",
+  "Compute.AutoScaling": "Microsoft Azure - VM Scale Sets",
+  "Compute.Container": "Microsoft Azure - Container Instances",
+  "Compute.Kubernetes": "Microsoft Azure - Kubernetes Services",
+  "Storage.Bucket": "Microsoft Azure - Storage Accounts",
+  "Storage.FileSystem": "Microsoft Azure - Files",
+  "Storage.Archive": "Microsoft Azure - Storage Accounts",
+  "Network.VPC": "Microsoft Azure - Virtual Networks",
+  "Network.Subnet": "Microsoft Azure - Subnet",
+  "Network.SecurityGroup": "Microsoft Azure - Network Security Groups",
+  "Network.LoadBalancer": "Microsoft Azure - Load Balancers",
+  "Network.WAF": "Microsoft Azure - Application Gateways",
+  "Network.CDN": "Microsoft Azure - CDN Profiles",
+  "Network.Dns": "Microsoft Azure - DNS Zones",
+  "Database.SQL": "Microsoft Azure - SQL Database",
+  "Database.DocumentDB": "Microsoft Azure - Azure Cosmos DB",
+  "Database.DynamoDB": "Microsoft Azure - Table",
+  "Cache.Redis": "Microsoft Azure - Cache Redis",
+  "Cache.Memcached": "Microsoft Azure - Cache Redis",
+  "Function.Lambda": "Microsoft Azure - Function Apps",
+  "Function.ApiGateway": "Microsoft Azure - API Management Services",
+  "Policy.IAM": "Microsoft Azure - Azure Active Directory",
+  "Events.EventBridge": "Microsoft Azure - Event Grid Topics",
+  "Workflow.StepFunctions": "Microsoft Azure - Logic Apps",
+  "Messaging.Queue": "Microsoft Azure - Azure Service Bus",
+  "Messaging.Topic": "Microsoft Azure - Azure Service Bus",
+  "Secret.Vault": "Microsoft Azure - Key Vaults",
+  "Certificate.TLS": "Microsoft Azure - Key Vaults",
+  "Monitoring.Alarm": "Microsoft Azure - Monitor",
+  "Monitoring.Dashboard": "Microsoft Azure - Monitor",
+  "Logging.Stream": "Microsoft Azure - Monitor"
+};
+var GCP_TYPE_TAG = {
+  "Compute.Instance": "Google Cloud Platform - Compute Engine",
+  "Compute.AutoScaling": "Google Cloud Platform - Compute Engine",
+  "Compute.Container": "Google Cloud Platform - Cloud Run",
+  "Compute.Kubernetes": "Google Cloud Platform - Kubernetes Engine",
+  "Storage.Bucket": "Google Cloud Platform - Cloud Storage",
+  "Storage.FileSystem": "Google Cloud Platform - Cloud Filestore",
+  "Storage.Archive": "Google Cloud Platform - Cloud Storage",
+  "Network.VPC": "Google Cloud Platform - Virtual Private Cloud",
+  "Network.Subnet": "Google Cloud Platform - Virtual Private Cloud",
+  "Network.SecurityGroup": "Google Cloud Platform - Cloud Firewall Rules",
+  "Network.WAF": "Google Cloud Platform - Cloud Armor",
+  "Network.LoadBalancer": "Google Cloud Platform - Cloud Load Balancing",
+  "Network.CDN": "Google Cloud Platform - Cloud CDN",
+  "Network.Dns": "Google Cloud Platform - Cloud DNS",
+  "Database.SQL": "Google Cloud Platform - Cloud SQL",
+  "Database.DocumentDB": "Google Cloud Platform - Cloud Firestore",
+  "Database.DynamoDB": "Google Cloud Platform - Cloud Bigtable",
+  "Cache.Redis": "Google Cloud Platform - Cloud Memorystore",
+  "Cache.Memcached": "Google Cloud Platform - Cloud Memorystore",
+  "Function.Lambda": "Google Cloud Platform - Cloud Functions",
+  "Function.ApiGateway": "Google Cloud Platform - Cloud Endpoints",
+  "Policy.IAM": "Google Cloud Platform - Cloud IAM",
+  "Events.EventBridge": "Google Cloud Platform - Cloud PubSub",
+  "Workflow.StepFunctions": "Google Cloud Platform - Cloud Tasks",
+  "Messaging.Queue": "Google Cloud Platform - Cloud PubSub",
+  "Messaging.Topic": "Google Cloud Platform - Cloud PubSub",
+  "Secret.Vault": "Google Cloud Platform - Key Management Service",
+  "Certificate.TLS": "Google Cloud Platform - Key Management Service",
+  "Monitoring.Alarm": "Google Cloud Platform - Monitoring",
+  "Monitoring.Dashboard": "Google Cloud Platform - Monitoring",
+  "Logging.Stream": "Google Cloud Platform - Logging"
+};
+var PROVIDER_THEME = {
+  "aws": "https://static.structurizr.com/themes/amazon-web-services-2023.01.31/theme.json",
+  "azure": "https://static.structurizr.com/themes/microsoft-azure-2023.01.24/theme.json",
+  "gcp": "https://static.structurizr.com/themes/google-cloud-platform-v1.5/theme.json",
+  "terraform": "https://static.structurizr.com/themes/amazon-web-services-2023.01.31/theme.json"
+};
+var PROVIDER_TAGS = {
+  "aws": AWS_TYPE_TAG,
+  "azure": AZURE_TYPE_TAG,
+  "gcp": GCP_TYPE_TAG,
+  "terraform": AWS_TYPE_TAG
+};
+function ind(n) {
+  return "  ".repeat(n);
+}
+function escapeStructurizr(s) {
+  return s.replace(/"/g, "'").replace(/[\r\n]+/g, " ");
+}
+function containerBlock(node, depth, tagMap) {
+  const tag = tagMap[node.constructType] ?? "Resource";
+  const desc = node.description || "";
+  const lines = [
+    `${ind(depth)}${node.id} = container "${escapeStructurizr(node.label)}" "${escapeStructurizr(desc)}" "${escapeStructurizr(node.technology)}" {`,
+    `${ind(depth + 1)}tags "${escapeStructurizr(tag)}"`,
+    `${ind(depth)}}`
+  ];
+  return lines.join("\n");
+}
+function renderStructurizr(model) {
+  const lines = [];
+  const themeUrl = PROVIDER_THEME[model.provider] ?? PROVIDER_THEME["aws"];
+  const tagMap = PROVIDER_TAGS[model.provider] ?? AWS_TYPE_TAG;
+  lines.push(`workspace "${escapeStructurizr(model.projectName)}" {`);
+  lines.push("");
+  lines.push(`${ind(1)}model {`);
+  lines.push(`${ind(2)}${sanitize(model.projectName)} = softwareSystem "${escapeStructurizr(model.projectName)}" "Provider: ${escapeStructurizr(model.provider)}, Region: ${escapeStructurizr(model.region)}" {`);
+  for (const stack of model.stacks) {
+    lines.push("");
+    lines.push(`${ind(3)}group "${escapeStructurizr(stack.name)}" {`);
+    for (const node of stack.nodes) {
+      lines.push(containerBlock(node, 4, tagMap));
+    }
+    lines.push(`${ind(3)}}`);
+  }
+  lines.push(`${ind(2)}}`);
+  for (const stack of model.stacks) {
+    for (const rel of stack.relationships) {
+      if (rel.inferred) {
+        lines.push(`${ind(2)}${rel.sourceId} -> ${rel.targetId} "[inferred]" "" "Inferred"`);
+      } else {
+        lines.push(`${ind(2)}${rel.sourceId} -> ${rel.targetId} "${escapeStructurizr(rel.label)}"`);
+      }
+    }
+  }
+  lines.push(`${ind(1)}}`);
+  lines.push("");
+  lines.push(`${ind(1)}views {`);
+  const sysId = sanitize(model.projectName);
+  for (const stack of model.stacks) {
+    const viewId = sanitize(`${stack.name}View`);
+    lines.push("");
+    lines.push(`${ind(2)}container ${sysId} "${viewId}" "${escapeStructurizr(stack.name)}" {`);
+    lines.push(`${ind(3)}include *`);
+    lines.push(`${ind(3)}autoLayout`);
+    lines.push(`${ind(2)}}`);
+  }
+  lines.push("");
+  lines.push(`${ind(2)}theme "${themeUrl}"`);
+  lines.push("");
+  lines.push(`${ind(2)}styles {`);
+  lines.push(`${ind(3)}relationship "Inferred" {`);
+  lines.push(`${ind(4)}dashed true`);
+  lines.push(`${ind(4)}colour #999999`);
+  lines.push(`${ind(3)}}`);
+  lines.push(`${ind(2)}}`);
+  lines.push(`${ind(1)}}`);
+  lines.push("}");
+  lines.push("");
+  return lines.join("\n");
+}
+function sanitize(s) {
+  return s.replace(/[^a-zA-Z0-9]/g, "_");
+}
+// src/diagram/mermaid.ts
+function escapeMermaid(s) {
+  return s.replace(/&/g, "&amp;").replace(/"/g, "&quot;").replace(/\[/g, "&#91;").replace(/\]/g, "&#93;");
+}
+var TYPE_EMOJI = {
+  "Compute.Instance": "\u2699\uFE0F",
+  "Storage.Bucket": "\u{1F5C2}\uFE0F",
+  "Network.VPC": "\u{1F310}",
+  "Database.SQL": "\u{1F5C4}\uFE0F",
+  "Function.Lambda": "\u26A1"
+};
+function nodeLabel(node) {
+  const emoji = TYPE_EMOJI[node.constructType] ?? "\u25A1";
+  const lines = [
+    `${emoji} ${escapeMermaid(node.label)}`,
+    escapeMermaid(node.constructType)
+  ];
+  if (node.description) lines.push(escapeMermaid(node.description));
+  return `["${lines.join("<br/>")}"]`;
+}
+function escapeRelLabel(s) {
+  return escapeMermaid(s).replace(/\|/g, "&#124;");
+}
+function renderMermaid(model) {
+  const sections = [];
+  sections.push(`# Diagramas de Arquitetura \u2014 ${model.projectName}`);
+  sections.push("");
+  sections.push(`**Provider:** ${model.provider} \xB7 **Region:** ${model.region}`);
+  sections.push("");
+  sections.push("---");
+  for (const stack of model.stacks) {
+    sections.push("");
+    sections.push(`## Stack: ${stack.name}`);
+    sections.push("");
+    sections.push("```mermaid");
+    sections.push("graph TD");
+    for (const node of stack.nodes) {
+      sections.push(`  ${node.id}${nodeLabel(node)}`);
+    }
+    if (stack.relationships.length > 0) {
+      sections.push("");
+      for (const rel of stack.relationships) {
+        if (rel.inferred) {
+          sections.push(`  ${rel.sourceId} -.->|inferred| ${rel.targetId}`);
+        } else {
+          sections.push(`  ${rel.sourceId} -->|${escapeRelLabel(rel.label)}| ${rel.targetId}`);
+        }
+      }
+    }
+    sections.push("```");
+    sections.push("");
+    sections.push("**Recursos:**");
+    sections.push("");
+    for (const node of stack.nodes) {
+      const emoji = TYPE_EMOJI[node.constructType] ?? "\u25A1";
+      const detail = node.description ? ` \u2014 ${node.description}` : "";
+      sections.push(`- ${emoji} **${node.label}** \`${node.constructType}\`${detail}`);
+    }
+    if (stack.relationships.some((r) => r.inferred)) {
+      sections.push("");
+      sections.push("> Setas tracejadas indicam rela\xE7\xF5es inferidas a partir da topologia da stack, n\xE3o declaradas explicitamente no c\xF3digo.");
+    }
+    sections.push("");
+    sections.push("---");
+  }
+  return sections.join("\n") + "\n";
+}
+// src/commands/diagram.ts
+var FORMATS = ["structurizr", "mermaid"];
+var OUTPUT_FILE = {
+  structurizr: "workspace.dsl",
+  mermaid: "workspace.md"
+};
+var Diagram = class _Diagram extends import_core.Command {
+  static description = "Gera diagramas de arquitetura a partir das stacks do projeto.";
+  static flags = {
+    format: import_core.Flags.string({
+      char: "f",
+      description: "Formato de sa\xEDda: structurizr, mermaid",
+      default: "structurizr"
+    }),
+    provider: import_core.Flags.string({
+      char: "p",
+      description: "Provider para o theme do diagrama: aws, azure, gcp, terraform (padr\xE3o: lido do iacmp.json)"
+    }),
+    stack: import_core.Flags.string({
+      char: "s",
+      description: "Nome de uma stack espec\xEDfica (padr\xE3o: todas)"
+    }),
+    out: import_core.Flags.string({
+      char: "o",
+      description: "Diret\xF3rio de sa\xEDda",
+      default: "diagrams"
+    })
+  };
+  static examples = [
+    "$ iacmp diagram",
+    "$ iacmp diagram --provider azure",
+    "$ iacmp diagram --provider gcp",
+    "$ iacmp diagram --format mermaid",
+    "$ iacmp diagram --stack database",
+    "$ iacmp diagram --provider azure --format mermaid"
+  ];
+  async run() {
+    const { flags } = await this.parse(_Diagram);
+    const cwd = process.cwd();
+    if (!FORMATS.includes(flags.format)) {
+      this.error(`Formato '${flags.format}' inv\xE1lido. Use: ${FORMATS.join(", ")}`);
+    }
+    const format = flags.format;
+    let config;
+    try {
+      config = readConfig(cwd);
+    } catch (err) {
+      this.error(err.message);
+    }
+    let allStacks;
+    try {
+      allStacks = loadStacks(cwd);
+    } catch (err) {
+      this.error(err.message);
+    }
+    const stacks = flags.stack ? allStacks.filter((s) => s.name === flags.stack) : allStacks;
+    if (stacks.length === 0) {
+      this.error(
+        flags.stack ? `Stack '${flags.stack}' n\xE3o encontrada. Stacks dispon\xEDveis: ${allStacks.map((s) => s.name).join(", ")}` : "Nenhuma stack encontrada em stacks/"
+      );
+    }
+    const provider = flags.provider ?? config.provider;
+    const model = buildModel(config.name, provider, "us-east-1", stacks);
+    const content = format === "structurizr" ? renderStructurizr(model) : renderMermaid(model);
+    const outDir = path2.join(cwd, flags.out);
+    if (!fs3.existsSync(outDir)) fs3.mkdirSync(outDir, { recursive: true });
+    const outFile = path2.join(outDir, OUTPUT_FILE[format]);
+    fs3.writeFileSync(outFile, content, "utf-8");
+    const relOut = path2.join(flags.out, OUTPUT_FILE[format]);
+    this.log("");
+    this.log(import_chalk.default.bold("Diagrama gerado"));
+    this.log("\u2500".repeat(40));
+    this.log(`Projeto:  ${config.name}`);
+    this.log(`Provider: ${provider}${flags.provider ? " (via --provider)" : ""}`);
+    this.log(`Formato:  ${format}`);
+    this.log(`Stacks:   ${model.stacks.map((s) => s.name).join(", ")}`);
+    this.log(`Nodes:    ${model.stacks.reduce((n, s) => n + s.nodes.length, 0)}`);
+    this.log("");
+    for (const s of model.stacks) {
+      this.log(`  ${import_chalk.default.green("\u2713")} ${s.name} \u2014 ${s.nodes.length} recurso(s)`);
+      for (const node of s.nodes) {
+        const desc = node.description ? import_chalk.default.dim(` \u2014 ${node.description}`) : "";
+        this.log(`      ${node.label} ${import_chalk.default.dim(`(${node.constructType})`)}${desc}`);
+      }
+    }
+    this.log("");
+    this.log(`Arquivo salvo em ${import_chalk.default.cyan(relOut)}`);
+    if (format === "structurizr") {
+      this.log(import_chalk.default.dim("\nAbra em: https://structurizr.com/dsl"));
+    } else {
+      this.log(import_chalk.default.dim("\nRenderizado automaticamente no GitHub, GitLab e Notion."));
+    }
+    this.log("");
+  }
+};