npm - @intentius/chant-lexicon-aws - Versions diffs - 0.0.14 → 0.0.16 - Mend

@intentius/chant-lexicon-aws 0.0.14 → 0.0.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/dist/integrity.json +7 -7
package/dist/manifest.json +1 -1
package/dist/meta.json +744 -16
package/dist/rules/waw030.ts +55 -0
package/dist/rules/waw031.ts +66 -0
package/dist/types/index.d.ts +773 -34
package/package.json +29 -26
package/src/codegen/docs.ts +11 -1
package/src/generated/index.d.ts +773 -34
package/src/generated/index.ts +62 -3
package/src/generated/lexicon-aws.json +744 -16
package/src/lint/post-synth/waw030.test.ts +209 -1
package/src/lint/post-synth/waw030.ts +55 -0
package/src/lint/post-synth/waw031.test.ts +273 -0
package/src/lint/post-synth/waw031.ts +66 -0
package/src/plugin.ts +29 -197
package/src/serializer.test.ts +40 -0
package/src/serializer.ts +6 -1
/package/{dist → src}/skills/chant-eks.md +0 -0

package/src/plugin.ts CHANGED Viewed

@@ -285,10 +285,11 @@ export const logsBucket = new Bucket({
     const { waw028 } = require("./lint/post-synth/waw028");
     const { waw029 } = require("./lint/post-synth/waw029");
     const { waw030 } = require("./lint/post-synth/waw030");
+    const { waw031 } = require("./lint/post-synth/waw031");
     return [
       waw010, waw011, cor020, ext001, waw013, waw014, waw015, waw016, waw017,
       waw018, waw019, waw020, waw021, waw022, waw023, waw024, waw025,
-      waw026, waw027, waw028, waw029, waw030,
+      waw026, waw027, waw028, waw029, waw030, waw031,
     ];
   },
@@ -898,219 +899,50 @@ aws cloudformation wait stack-update-complete --stack-name my-app-prod`,
           },
         ],
       },
+    ];
+    // Load file-based skills from src/skills/
+    const { readFileSync } = require("fs");
+    const { join, dirname } = require("path");
+    const { fileURLToPath } = require("url");
+    const dir = dirname(fileURLToPath(import.meta.url));
+    const skillFiles = [
       {
+        file: "chant-eks.md",
         name: "chant-eks",
         description: "EKS end-to-end workflow — provision cluster, configure kubectl, deploy K8s workloads",
-        content: `---
-skill: chant-eks
-description: End-to-end EKS workflow bridging AWS infrastructure and Kubernetes workloads
-user-invocable: true
----
-# EKS End-to-End Workflow
-## Overview
-This skill bridges two lexicons:
-- **\`@intentius/chant-lexicon-aws\`** — EKS cluster, node groups, IAM roles, OIDC provider (CloudFormation)
-- **\`@intentius/chant-lexicon-k8s\`** — Kubernetes workloads, IRSA, ALB Ingress, storage, observability (K8s YAML)
-## Architecture
-\`\`\`
-AWS Lexicon (CloudFormation)          K8s Lexicon (kubectl apply)
-┌────────────────────────┐           ┌────────────────────────────┐
-│ VPC + Subnets          │           │ NamespaceEnv (quotas)      │
-│ EKS Cluster            │           │ AutoscaledService (app)    │
-│ Managed Node Group     │──ARNs──→  │ IrsaServiceAccount (IRSA)  │
-│ OIDC Provider          │           │ AlbIngress (ALB)           │
-│ IAM Roles (IRSA)       │           │ EbsStorageClass (gp3)      │
-│ EKS Add-ons            │           │ FluentBitAgent (logs)      │
-└────────────────────────┘           │ ExternalDnsAgent (DNS)     │
-                                     └────────────────────────────┘
-\`\`\`
-## Step 1: Provision AWS Infrastructure
-\`\`\`bash
-# Build CloudFormation template
-chant build src/infra/ --output infra.json
-# Deploy
-aws cloudformation deploy \\
-  --template-file infra.json \\
-  --stack-name my-eks-cluster \\
-  --capabilities CAPABILITY_NAMED_IAM
-\`\`\`
-Key AWS resources:
-- **EKS Cluster** — control plane
-- **Managed Node Group** — EC2 worker nodes
-- **OIDC Provider** — enables IRSA (IAM Roles for Service Accounts)
-- **IAM Roles** — node role, app IRSA roles, ALB controller role
-## Step 2: Configure kubectl
-\`\`\`bash
-aws eks update-kubeconfig --name my-cluster --region us-east-1
-kubectl get nodes  # verify connectivity
-\`\`\`
-## Step 3: Deploy K8s Workloads
-\`\`\`bash
-# Build K8s manifests
-chant build src/k8s/ --output manifests.yaml
-# Apply
-kubectl apply -f manifests.yaml
-\`\`\`
-### Key K8s composites for EKS
-\`\`\`typescript
-import {
-  NamespaceEnv,
-  AutoscaledService,
-  IrsaServiceAccount,
-  AlbIngress,
-  EbsStorageClass,
-  FluentBitAgent,
-  ExternalDnsAgent,
-} from "@intentius/chant-lexicon-k8s";
-// 1. Namespace with quotas and network isolation
-const ns = NamespaceEnv({
-  name: "prod",
-  cpuQuota: "16",
-  memoryQuota: "32Gi",
-  defaultCpuRequest: "100m",
-  defaultMemoryRequest: "128Mi",
-  defaultDenyIngress: true,
-});
-// 2. IRSA ServiceAccount (use IAM Role ARN from CloudFormation outputs)
-const irsa = IrsaServiceAccount({
-  name: "app-sa",
-  iamRoleArn: "arn:aws:iam::123456789012:role/app-role",  // from CF output
-  namespace: "prod",
-});
-// 3. Application with autoscaling
-const app = AutoscaledService({
-  name: "api",
-  image: "api:1.0",
-  port: 8080,
-  maxReplicas: 10,
-  cpuRequest: "200m",
-  memoryRequest: "256Mi",
-  namespace: "prod",
-});
-// 4. ALB Ingress (use ACM cert ARN from CloudFormation outputs)
-const ingress = AlbIngress({
-  name: "api-ingress",
-  hosts: [{ hostname: "api.example.com", paths: [{ path: "/", serviceName: "api", servicePort: 80 }] }],
-  certificateArn: "arn:aws:acm:us-east-1:123456789012:certificate/abc",  // from CF output
-  namespace: "prod",
-});
-// 5. Storage
-const storage = EbsStorageClass({ name: "gp3-encrypted", type: "gp3", encrypted: true });
-// 6. Observability
-const logging = FluentBitAgent({
-  logGroup: "/aws/eks/my-cluster/containers",
-  region: "us-east-1",
-  clusterName: "my-cluster",
-});
-// 7. DNS
-const dns = ExternalDnsAgent({
-  iamRoleArn: "arn:aws:iam::123456789012:role/external-dns-role",
-  domainFilters: ["example.com"],
-});
-\`\`\`
-## Step 4: Verify
-\`\`\`bash
-kubectl get pods -n prod
-kubectl get ingress -n prod
-kubectl logs -n amazon-cloudwatch -l app.kubernetes.io/name=fluent-bit
-\`\`\`
-## Cleanup
-\`\`\`bash
-# Delete K8s workloads first
-kubectl delete -f manifests.yaml
-# Then delete AWS infrastructure
-aws cloudformation delete-stack --stack-name my-eks-cluster
-aws cloudformation wait stack-delete-complete --stack-name my-eks-cluster
-\`\`\`
-## Cross-Lexicon Value Flow
-CloudFormation outputs flow into K8s composite props:
-| CloudFormation Output | K8s Composite Prop |
-|----------------------|-------------------|
-| App IAM Role ARN | \`IrsaServiceAccount.iamRoleArn\` |
-| ALB Controller Role ARN | \`IrsaServiceAccount.iamRoleArn\` (for ALB controller SA) |
-| ACM Certificate ARN | \`AlbIngress.certificateArn\` |
-| ExternalDNS Role ARN | \`ExternalDnsAgent.iamRoleArn\` |
-| EKS Cluster Name | \`FluentBitAgent.clusterName\`, \`AdotCollector.clusterName\` |
-| EFS Filesystem ID | \`EfsStorageClass.fileSystemId\` |
-## EKS Init Template
-Scaffold a dual-lexicon EKS project:
-\`\`\`bash
-chant init --lexicon aws --template eks
-\`\`\`
-This creates:
-- \`src/infra/\` — EKS cluster, node group, IAM (AWS lexicon)
-- \`src/k8s/\` — namespace, app, ingress, storage (K8s lexicon)
-- \`package.json\` with both \`@intentius/chant-lexicon-aws\` and \`@intentius/chant-lexicon-k8s\`
-`,
         triggers: [
           { type: "context", value: "eks" },
           { type: "context", value: "kubernetes" },
           { type: "context", value: "k8s-workloads" },
         ],
-        preConditions: [
-          "AWS CLI is installed and configured",
-          "chant CLI is installed",
-          "kubectl is installed",
-        ],
-        postConditions: [
-          "EKS cluster is running",
-          "K8s workloads are deployed",
-        ],
         parameters: [],
         examples: [
           {
             title: "Full EKS deployment",
-            description: "Deploy infrastructure and workloads end-to-end",
             input: "Set up a complete EKS environment with my API",
-            output: `# 1. Build and deploy infrastructure
-chant build src/infra/ --output infra.json
-aws cloudformation deploy --template-file infra.json --stack-name my-eks --capabilities CAPABILITY_NAMED_IAM
-# 2. Configure kubectl
-aws eks update-kubeconfig --name my-cluster
-# 3. Build and deploy workloads
-chant build src/k8s/ --output manifests.yaml
-kubectl apply -f manifests.yaml`,
+            output: "chant build src/infra/ --output infra.json && aws cloudformation deploy --template-file infra.json --stack-name my-eks --capabilities CAPABILITY_NAMED_IAM",
           },
         ],
       },
     ];
+    for (const skill of skillFiles) {
+      try {
+        const content = readFileSync(join(dir, "skills", skill.file), "utf-8");
+        skills.push({
+          name: skill.name,
+          description: skill.description,
+          content,
+          triggers: skill.triggers,
+          parameters: skill.parameters,
+          examples: skill.examples,
+        });
+      } catch { /* skip missing skills */ }
+    }
+    return skills;
   },
   completionProvider(ctx: CompletionContext): CompletionItem[] {

package/src/serializer.test.ts CHANGED Viewed

@@ -326,6 +326,46 @@ describe("LexiconOutput serialization", () => {
   });
 });
+// ── StackOutput Serialization ──────────────────────────
+describe("stackOutput serialization", () => {
+  test("Id attribute uses Ref (not Fn::GetAtt)", () => {
+    const bucket = new MockBucket({ BucketName: "my-bucket" });
+    const idRef = new AttrRef(bucket, "Id");
+    idRef._setLogicalName("MyBucket");
+    const output = stackOutput(idRef);
+    const entities = new Map<string, Declarable>();
+    entities.set("MyBucket", bucket);
+    entities.set("MyBucketId", output as unknown as Declarable);
+    const result = awsSerializer.serialize(entities);
+    const template = JSON.parse(result as string);
+    expect(template.Outputs.MyBucketId.Value).toEqual({ Ref: "MyBucket" });
+  });
+  test("non-Id attribute uses Fn::GetAtt", () => {
+    const bucket = new MockBucket({ BucketName: "my-bucket" });
+    const arnRef = new AttrRef(bucket, "Arn");
+    arnRef._setLogicalName("MyBucket");
+    const output = stackOutput(arnRef);
+    const entities = new Map<string, Declarable>();
+    entities.set("MyBucket", bucket);
+    entities.set("MyBucketArn", output as unknown as Declarable);
+    const result = awsSerializer.serialize(entities);
+    const template = JSON.parse(result as string);
+    expect(template.Outputs.MyBucketArn.Value).toEqual({
+      "Fn::GetAtt": ["MyBucket", "Arn"],
+    });
+  });
+});
 // ── Nested Stack Serialization ──────────────────────────
 function mockChildBuildResult(childTemplate: object): BuildResult {

package/src/serializer.ts CHANGED Viewed

@@ -282,8 +282,13 @@ function serializeToTemplate(
       const ref = stackOutput.sourceRef;
       const logicalName = ref.getLogicalName();
       if (logicalName) {
+        // Use Ref for primary identifier ("Id") since not all resources
+        // support Fn::GetAtt for their primary identifier (e.g. ACM Certificate).
+        // Ref always returns the primary identifier for any CF resource.
         const output: CFOutput = {
-          Value: { "Fn::GetAtt": [logicalName, ref.attribute] },
+          Value: ref.attribute === "Id"
+            ? { Ref: logicalName }
+            : { "Fn::GetAtt": [logicalName, ref.attribute] },
         };
         if (stackOutput.description) {
           output.Description = stackOutput.description;

/package/{dist → src}/skills/chant-eks.md RENAMED Viewed

File without changes