@intentius/chant-lexicon-aws 0.0.2

package/src/codegen/extensions.ts

@@ -0,0 +1,171 @@
+/**
+ * cfn-lint extension constraints — cross-property validation rules.
+ *
+ * Downloads extension schemas from the same cfn-lint tarball and parses
+ * them into typed constraint objects for inclusion in lexicon JSON.
+ */
+
+import { readFileSync, readdirSync, statSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+import { fetchAndExtractTar } from "@intentius/chant/codegen/fetch";
+import { typeNameToPatchDir } from "./patches";
+import { cfnLintTarballUrl } from "./versions";
+
+const CFN_LINT_TARBALL_URL = cfnLintTarballUrl();
+const EXTENSIONS_DEST_DIR = join(homedir(), ".chant", "cfn-lint-extensions");
+const EXTENSIONS_TAR_PREFIX = "src/cfnlint/data/schemas/extensions/";
+
+/**
+ * A single cross-property constraint extracted from a cfn-lint extension schema.
+ */
+export interface ExtensionConstraint {
+  name: string;
+  type: "if_then" | "dependent_excluded" | "required_or" | "required_xor";
+  condition?: unknown;
+  requirement?: unknown;
+}
+
+/**
+ * Fetch cfn-lint extensions from GitHub tarball and extract to cache.
+ */
+export async function fetchCfnLintExtensions(force = false): Promise<string> {
+  return fetchAndExtractTar(
+    { url: CFN_LINT_TARBALL_URL, destDir: EXTENSIONS_DEST_DIR },
+    EXTENSIONS_TAR_PREFIX,
+    force,
+  );
+}
+
+/**
+ * Load extension schemas for known resource types.
+ * Returns a map of CFN type name → extension constraints.
+ */
+export function loadExtensionSchemas(
+  extensionsDir: string,
+  knownTypes: Set<string>
+): Map<string, ExtensionConstraint[]> {
+  // Build reverse map: directory name → CFN type name
+  const dirToType = new Map<string, string>();
+  for (const typeName of knownTypes) {
+    dirToType.set(typeNameToPatchDir(typeName), typeName);
+  }
+
+  const result = new Map<string, ExtensionConstraint[]>();
+
+  let entries: string[];
+  try {
+    entries = readdirSync(extensionsDir);
+  } catch {
+    return result;
+  }
+
+  for (const entry of entries) {
+    const fullPath = join(extensionsDir, entry);
+    try {
+      if (!statSync(fullPath).isDirectory()) continue;
+    } catch {
+      continue;
+    }
+
+    const cfnType = dirToType.get(entry);
+    if (!cfnType) continue;
+
+    const constraints = loadDirectoryConstraints(fullPath);
+    if (constraints.length > 0) {
+      result.set(cfnType, constraints);
+    }
+  }
+
+  return result;
+}
+
+/**
+ * Load all constraints from JSON files in a directory.
+ */
+function loadDirectoryConstraints(dir: string): ExtensionConstraint[] {
+  const constraints: ExtensionConstraint[] = [];
+
+  let entries: string[];
+  try {
+    entries = readdirSync(dir);
+  } catch {
+    return constraints;
+  }
+
+  for (const entry of entries) {
+    if (!entry.endsWith(".json")) continue;
+
+    let data: string;
+    try {
+      data = readFileSync(join(dir, entry), "utf-8");
+    } catch {
+      continue;
+    }
+
+    try {
+      const parsed = parseExtensionSchema(entry, data);
+      constraints.push(...parsed);
+    } catch {
+      // Skip files that don't parse as constraints
+    }
+  }
+
+  return constraints;
+}
+
+/**
+ * Parse a single extension JSON Schema file into constraint objects.
+ */
+function parseExtensionSchema(fileName: string, data: string): ExtensionConstraint[] {
+  const raw = JSON.parse(data) as Record<string, unknown>;
+  const name = fileName.replace(/\.json$/, "");
+  const constraints: ExtensionConstraint[] = [];
+
+  // Check for allOf containing multiple constraints
+  if ("allOf" in raw && Array.isArray(raw.allOf)) {
+    for (let i = 0; i < raw.allOf.length; i++) {
+      const item = raw.allOf[i] as Record<string, unknown>;
+      try {
+        const c = classifySingleConstraint(`${name}_${i}`, item);
+        constraints.push(c);
+      } catch {
+        // Skip unrecognized items
+      }
+    }
+    if (constraints.length > 0) return constraints;
+  }
+
+  // Single top-level constraint
+  const c = classifySingleConstraint(name, raw);
+  return [c];
+}
+
+/**
+ * Classify a single JSON Schema document into an ExtensionConstraint.
+ */
+function classifySingleConstraint(
+  name: string,
+  raw: Record<string, unknown>
+): ExtensionConstraint {
+  const hasIf = "if" in raw;
+  const hasThen = "then" in raw;
+  const hasDependentExcluded = "dependentExcluded" in raw;
+  const hasRequiredOr = "requiredOr" in raw;
+  const hasRequiredXor = "requiredXor" in raw;
+
+  if (hasRequiredXor) {
+    return { name, type: "required_xor", requirement: raw.requiredXor };
+  }
+  if (hasRequiredOr) {
+    return { name, type: "required_or", requirement: raw.requiredOr };
+  }
+  if (hasDependentExcluded) {
+    return { name, type: "dependent_excluded", requirement: raw.dependentExcluded };
+  }
+  if (hasIf && hasThen) {
+    return { name, type: "if_then", condition: raw.if, requirement: raw.then };
+  }
+
+  throw new Error(`unrecognized constraint pattern in ${name}`);
+}

package/src/codegen/fallback.ts

@@ -0,0 +1,33 @@
+/**
+ * Fallback resource definitions for priority types missing from the schema zip.
+ * Acts as a safety net — if the schema zip already contains the resource,
+ * the fallback is not used.
+ */
+
+import type { SchemaParseResult } from "../spec/parse";
+
+export function fallbackResources(): SchemaParseResult[] {
+  return [fallbackLogGroup()];
+}
+
+function fallbackLogGroup(): SchemaParseResult {
+  return {
+    resource: {
+      typeName: "AWS::Logs::LogGroup",
+      properties: [
+        { name: "LogGroupName", tsType: "string", required: false, constraints: {} },
+        { name: "RetentionInDays", tsType: "number", required: false, constraints: {} },
+        { name: "KmsKeyId", tsType: "string", required: false, constraints: {} },
+        { name: "DataProtectionPolicy", tsType: "any", required: false, constraints: {} },
+        { name: "Tags", tsType: "Tag[]", required: false, constraints: {} },
+        { name: "LogGroupClass", tsType: "string", required: false, constraints: {} },
+      ],
+      attributes: [{ name: "Arn", tsType: "string" }],
+      createOnly: [],
+      writeOnly: [],
+      primaryIdentifier: [],
+    },
+    propertyTypes: [],
+    enums: [],
+  };
+}

package/src/codegen/generate-cli.ts

@@ -0,0 +1,17 @@
+#!/usr/bin/env bun
+/**
+ * Thin entry point for `bun run generate` in lexicon-aws.
+ */
+import { generate, writeGeneratedFiles } from "./generate";
+import { dirname } from "path";
+import { fileURLToPath } from "url";
+
+const result = await generate({ verbose: true });
+// src/codegen/generate-cli.ts → dirname x3 → package root
+const pkgDir = dirname(dirname(dirname(fileURLToPath(import.meta.url))));
+writeGeneratedFiles(result, pkgDir);
+
+console.error(`Generated ${result.resources} resources, ${result.properties} property types, ${result.enums} enums`);
+if (result.warnings.length > 0) {
+  console.error(`${result.warnings.length} warnings`);
+}

package/src/codegen/generate-lexicon.ts

@@ -0,0 +1,98 @@
+/**
+ * Lexicon JSON generator — produces lexicon-aws.json with metadata for all resources.
+ *
+ * Output is a Record<string, LexiconEntry> keyed by generated class name.
+ */
+
+import type { SchemaParseResult } from "../spec/parse";
+import { cfnShortName } from "../spec/parse";
+import type { NamingStrategy } from "./naming";
+import type { ExtensionConstraint } from "./extensions";
+import type { PropertyConstraints } from "@intentius/chant/codegen/json-schema";
+import {
+  buildRegistry,
+  serializeRegistry,
+  type RegistryResource,
+} from "@intentius/chant/codegen/generate-registry";
+
+export interface LexiconEntry {
+  resourceType: string;
+  kind: "resource" | "property";
+  lexicon: "aws";
+  attrs?: Record<string, string>;
+  constraints?: ExtensionConstraint[];
+  propertyConstraints?: Record<string, PropertyConstraints>;
+  createOnly?: string[];
+  writeOnly?: string[];
+  primaryIdentifier?: string[];
+  runtimeDeprecations?: Record<string, string>;
+}
+
+/**
+ * Generate the lexicon-aws.json content.
+ */
+export function generateLexiconJSON(
+  results: SchemaParseResult[],
+  naming: NamingStrategy,
+  constraints: Map<string, ExtensionConstraint[]>,
+  runtimeDeprecations: Record<string, string> | null,
+): string {
+  // Adapt SchemaParseResult[] to RegistryResource[]
+  const registryResources: RegistryResource[] = results.map((r) => ({
+    typeName: r.resource.typeName,
+    attributes: r.resource.attributes,
+    properties: r.resource.properties,
+    propertyTypes: r.propertyTypes,
+  }));
+
+  const entries = buildRegistry<LexiconEntry>(registryResources, naming, {
+    shortName: cfnShortName,
+    buildEntry: (resource, _tsName, attrs, propConstraints) => {
+      const cfnType = resource.typeName;
+      const r = results.find((res) => res.resource.typeName === cfnType)!;
+
+      // Runtime deprecation data for Lambda resources with Runtime property
+      let runtimeDepr: Record<string, string> | undefined;
+      if (runtimeDeprecations && r.resource.properties.some((p) => p.name === "Runtime")) {
+        runtimeDepr = runtimeDeprecations;
+      }
+
+      return {
+        resourceType: cfnType,
+        kind: "resource" as const,
+        lexicon: "aws" as const,
+        ...(attrs && { attrs }),
+        ...(constraints.has(cfnType) && { constraints: constraints.get(cfnType) }),
+        ...(propConstraints && { propertyConstraints: propConstraints }),
+        ...(r.resource.createOnly.length > 0 && { createOnly: r.resource.createOnly }),
+        ...(r.resource.writeOnly.length > 0 && { writeOnly: r.resource.writeOnly }),
+        ...(r.resource.primaryIdentifier.length > 0 && { primaryIdentifier: r.resource.primaryIdentifier }),
+        ...(runtimeDepr && { runtimeDeprecations: runtimeDepr }),
+      };
+    },
+    buildPropertyEntry: (resourceType, propertyType) => ({
+      resourceType: `${resourceType}.${propertyType}`,
+      kind: "property" as const,
+      lexicon: "aws" as const,
+    }),
+  });
+
+  return serializeRegistry(entries);
+}
+
+/**
+ * Lambda runtime deprecation fallback data.
+ */
+export function lambdaRuntimeDeprecations(): Record<string, string> {
+  return {
+    "nodejs14.x": "deprecated",
+    "nodejs16.x": "deprecated",
+    "nodejs18.x": "approaching_eol",
+    "python3.7": "deprecated",
+    "python3.8": "deprecated",
+    "python3.9": "approaching_eol",
+    "dotnet6": "deprecated",
+    "java8": "deprecated",
+    "ruby2.7": "deprecated",
+  };
+}

package/src/codegen/generate-typescript.ts

@@ -0,0 +1,257 @@
+/**
+ * TypeScript declaration file generator — produces index.d.ts with all resource classes.
+ *
+ * Output includes:
+ * - Resource classes with typed constructors and readonly attributes
+ * - Property type classes
+ * - Enum union types
+ * - Static content (intrinsics, pseudo-parameters, common interfaces)
+ */
+
+import type { SchemaParseResult, ParsedPropertyType } from "../spec/parse";
+import { cfnShortName } from "../spec/parse";
+import type { NamingStrategy } from "./naming";
+import { propertyTypeName, extractDefName } from "./naming";
+import {
+  writeResourceClass,
+  writePropertyClass,
+  writeEnumType,
+  type DtsProperty,
+  type DtsAttribute,
+} from "@intentius/chant/codegen/generate-typescript";
+
+interface ResourceEntry {
+  tsName: string;
+  properties: DtsProperty[];
+  attributes: DtsAttribute[];
+  remap: Map<string, string>;
+}
+
+interface PropertyEntry {
+  tsName: string;
+  properties: DtsProperty[];
+  remap: Map<string, string>;
+}
+
+interface EnumEntry {
+  tsName: string;
+  values: string[];
+}
+
+/**
+ * Generate the complete .d.ts file content.
+ */
+export function generateTypeScriptDeclarations(
+  results: SchemaParseResult[],
+  naming: NamingStrategy,
+): string {
+  const lines: string[] = [];
+  lines.push("// Code generated by chant aws generate. DO NOT EDIT generated sections.");
+
+  const resources: ResourceEntry[] = [];
+  const properties: PropertyEntry[] = [];
+  const enums: EnumEntry[] = [];
+
+  for (const r of results) {
+    const cfnType = r.resource.typeName;
+    const tsName = naming.resolve(cfnType);
+    if (!tsName) continue;
+
+    // Build remap from parser property type names to resolved names
+    const shortName = cfnShortName(cfnType);
+    const remap = new Map<string, string>();
+    for (const pt of r.propertyTypes) {
+      const defName = extractDefName(pt.name, shortName);
+      remap.set(pt.name, propertyTypeName(tsName, defName));
+    }
+
+    for (const e of r.enums) {
+      const defName = extractDefName(e.name, shortName);
+      remap.set(e.name, propertyTypeName(tsName, defName));
+    }
+
+    // Map ParsedProperty/ParsedAttribute → DtsProperty/DtsAttribute
+    const dtsProps: DtsProperty[] = r.resource.properties.map((p) => ({
+      name: p.name,
+      type: isPolicyDocumentProperty(p.name, p.tsType) ? "PolicyDocument" : p.tsType,
+      required: p.required,
+      description: p.description,
+    }));
+    const dtsAttrs: DtsAttribute[] = r.resource.attributes.map((a) => ({
+      name: a.name,
+      type: a.tsType,
+    }));
+
+    resources.push({ tsName, properties: dtsProps, attributes: dtsAttrs, remap });
+
+    // Alias entries as separate resource entries
+    for (const alias of naming.aliases(cfnType)) {
+      resources.push({ tsName: alias, properties: dtsProps, attributes: dtsAttrs, remap });
+    }
+
+    const ptAliases = naming.propertyTypeAliases(cfnType);
+    for (const pt of r.propertyTypes) {
+      const defName = extractDefName(pt.name, shortName);
+      const ptName = propertyTypeName(tsName, defName);
+      const ptProps: DtsProperty[] = pt.properties.map((p) => ({
+        name: p.name,
+        type: isPolicyDocumentProperty(p.name, p.tsType) ? "PolicyDocument" : p.tsType,
+        required: p.required,
+        description: p.description,
+      }));
+      properties.push({ tsName: ptName, properties: ptProps, remap });
+
+      // Alias class declaration for globally unique property types
+      if (ptAliases) {
+        const aliasName = ptAliases.get(defName);
+        if (aliasName) {
+          properties.push({ tsName: aliasName, properties: ptProps, remap });
+        }
+      }
+    }
+
+    for (const e of r.enums) {
+      const defName = extractDefName(e.name, shortName);
+      const eName = propertyTypeName(tsName, defName);
+      enums.push({ tsName: eName, values: e.values });
+    }
+  }
+
+  // Sort all entries alphabetically
+  resources.sort((a, b) => a.tsName.localeCompare(b.tsName));
+  properties.sort((a, b) => a.tsName.localeCompare(b.tsName));
+  enums.sort((a, b) => a.tsName.localeCompare(b.tsName));
+
+  // Section 1: Resource classes
+  lines.push("");
+  lines.push("// --- Resource classes ---");
+  for (const re of resources) {
+    writeResourceClass(lines, re.tsName, re.properties, re.attributes, re.remap);
+  }
+
+  // Section 2: Property classes
+  lines.push("");
+  lines.push("// --- Property classes ---");
+  for (const pe of properties) {
+    writePropertyClass(lines, pe.tsName, pe.properties, pe.remap);
+  }
+
+  // Section 3: Enum types
+  if (enums.length > 0) {
+    lines.push("");
+    lines.push("// --- Enum types ---");
+    for (const ee of enums) {
+      writeEnumType(lines, ee.tsName, ee.values);
+    }
+  }
+
+  // Section 4: Static content
+  lines.push("");
+  lines.push(staticTypeScript());
+  lines.push("");
+
+  return lines.join("\n");
+}
+
+// --- PolicyDocument type overrides ---
+
+const policyDocumentPropertyNames = new Set([
+  "assumerolepolicydocument",
+  "policydocument",
+  "permissionspolicydocument",
+  "resourcepolicydocument",
+]);
+
+function isPolicyDocumentProperty(name: string, tsType: string): boolean {
+  return tsType === "Record<string, any>" &&
+    policyDocumentPropertyNames.has(name.toLowerCase());
+}
+
+// --- Static content ---
+
+function staticTypeScript(): string {
+  const lines: string[] = [];
+
+  // Intrinsic functions
+  lines.push("// --- Intrinsic functions ---");
+  lines.push("");
+  const intrinsics: [string, string][] = [
+    ["And", "(conditions: unknown[]): any"],
+    ["Base64", "(value: unknown): any"],
+    ["Cidr", "(ipBlock: unknown, count: unknown, cidrBits?: unknown): any"],
+    ["Condition", "(condition: string): any"],
+    ["Equals", "(a: unknown, b: unknown): any"],
+    ["FindInMap", "(mapName: string, firstKey: unknown, secondKey: unknown): any"],
+    ["GetAtt", "(logicalName: string, attribute: string): any"],
+    ["GetAZs", "(region?: string): any"],
+    ["If", "(condition: string, valueIfTrue: unknown, valueIfFalse: unknown): any"],
+    ["ImportValue", "(sharedValue: unknown): any"],
+    ["Join", "(delimiter: string, values: unknown[]): any"],
+    ["Not", "(condition: unknown): any"],
+    ["Or", "(conditions: unknown[]): any"],
+    ["Ref", "(logicalName: string): any"],
+    ["Select", "(index: number, values: unknown[]): any"],
+    ["Split", "(delimiter: string, source: unknown): any"],
+    ["Sub", "(parts: TemplateStringsArray, ...values: unknown[]): any"],
+    ["Transform", "(name: string, parameters: Record<string, unknown>): any"],
+  ];
+  intrinsics.sort((a, b) => a[0].localeCompare(b[0]));
+  for (const [name, sig] of intrinsics) {
+    lines.push(`export declare function ${name}${sig};`);
+  }
+
+  // Pseudo-parameters
+  lines.push("");
+  lines.push("// --- Pseudo-parameters ---");
+  lines.push("");
+  lines.push("export declare const AWS: {");
+  const pseudoParams = [
+    "AccountId",
+    "NotificationARNs",
+    "NoValue",
+    "Partition",
+    "Region",
+    "StackId",
+    "StackName",
+    "URLSuffix",
+  ];
+  for (const p of pseudoParams) {
+    lines.push(`  readonly ${p}: any;`);
+  }
+  lines.push("};");
+
+  // Type interfaces
+  lines.push("");
+  lines.push("// --- Type interfaces ---");
+  lines.push("");
+  lines.push("export interface PolicyDocument {");
+  lines.push('  Version?: "2012-10-17" | "2008-10-17";');
+  lines.push("  Id?: string;");
+  lines.push("  Statement: IamPolicyStatement | IamPolicyStatement[];");
+  lines.push("}");
+  lines.push("");
+  lines.push("export interface IamPolicyStatement {");
+  lines.push("  Sid?: string;");
+  lines.push('  Effect: "Allow" | "Deny";');
+  lines.push("  Principal?: IamPolicyPrincipal;");
+  lines.push("  NotPrincipal?: IamPolicyPrincipal;");
+  lines.push("  Action?: string | string[];");
+  lines.push("  NotAction?: string | string[];");
+  lines.push("  Resource?: string | string[];");
+  lines.push("  NotResource?: string | string[];");
+  lines.push("  Condition?: Record<string, Record<string, string | string[]>>;");
+  lines.push("}");
+  lines.push("");
+  lines.push('export type IamPolicyPrincipal = "*" | {');
+  lines.push("  AWS?: string | string[];");
+  lines.push("  Service?: string | string[];");
+  lines.push("  Federated?: string | string[];");
+  lines.push("};")
+  lines.push("");
+  lines.push("export interface Tag {");
+  lines.push("  key: string;");
+  lines.push("  value: string;");
+  lines.push("}");
+
+  return lines.join("\n");
+}