npm - @intentius/chant-lexicon-aws - Versions diffs - 0.0.6 → 0.0.9 - Mend

@intentius/chant-lexicon-aws 0.0.6 → 0.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (128) hide show

package/dist/integrity.json +25 -10
package/dist/manifest.json +1 -1
package/dist/meta.json +9444 -4597
package/dist/rules/cf-refs.ts +99 -0
package/dist/rules/ext001.ts +32 -25
package/dist/rules/hardcoded-region.ts +1 -0
package/dist/rules/iam-wildcard.ts +1 -0
package/dist/rules/s3-encryption.ts +3 -3
package/dist/rules/waw016.ts +86 -0
package/dist/rules/waw017.ts +53 -0
package/dist/rules/waw018.ts +71 -0
package/dist/rules/waw019.ts +82 -0
package/dist/rules/waw020.ts +64 -0
package/dist/rules/waw021.ts +53 -0
package/dist/rules/waw022.ts +43 -0
package/dist/rules/waw023.ts +47 -0
package/dist/rules/waw024.ts +54 -0
package/dist/rules/waw025.ts +43 -0
package/dist/rules/waw026.ts +46 -0
package/dist/rules/waw027.ts +50 -0
package/dist/rules/waw028.ts +47 -0
package/dist/rules/waw029.ts +62 -0
package/dist/rules/waw030.ts +246 -0
package/dist/skills/chant-aws.md +430 -0
package/dist/types/index.d.ts +58525 -58501
package/package.json +2 -2
package/src/actions/actions.test.ts +75 -0
package/src/actions/dynamodb.ts +36 -0
package/src/actions/ecr.ts +9 -0
package/src/actions/ecs.ts +5 -0
package/src/actions/iam.ts +3 -0
package/src/actions/index.ts +9 -0
package/src/actions/lambda.ts +11 -0
package/src/actions/logs.ts +4 -0
package/src/actions/s3.ts +34 -0
package/src/actions/sns.ts +5 -0
package/src/actions/sqs.ts +15 -0
package/src/codegen/__snapshots__/snapshot.test.ts.snap +20 -20
package/src/codegen/docs-links.test.ts +143 -0
package/src/codegen/docs.ts +294 -124
package/src/codegen/generate-lexicon.ts +8 -0
package/src/codegen/generate-typescript.ts +25 -1
package/src/codegen/generate.ts +1 -13
package/src/codegen/package.ts +2 -0
package/src/codegen/typecheck.test.ts +1 -1
package/src/composites/composites.test.ts +442 -0
package/src/composites/fargate-alb.ts +253 -0
package/src/composites/index.ts +20 -0
package/src/composites/lambda-api.ts +20 -0
package/src/composites/lambda-dynamodb.ts +64 -0
package/src/composites/lambda-eventbridge.ts +36 -0
package/src/composites/lambda-function.ts +76 -0
package/src/composites/lambda-s3.ts +72 -0
package/src/composites/lambda-sns.ts +30 -0
package/src/composites/lambda-sqs.ts +44 -0
package/src/composites/scheduled-lambda.ts +37 -0
package/src/composites/vpc-default.ts +148 -0
package/src/default-tags.test.ts +38 -0
package/src/default-tags.ts +77 -0
package/src/generated/index.d.ts +58525 -58501
package/src/generated/index.ts +1351 -1351
package/src/generated/lexicon-aws.json +9444 -4597
package/src/import/generator.test.ts +5 -5
package/src/import/generator.ts +4 -4
package/src/import/roundtrip-fixtures.test.ts +2 -1
package/src/import/roundtrip.test.ts +5 -5
package/src/index.ts +21 -0
package/src/integration.test.ts +92 -21
package/src/intrinsics.ts +24 -13
package/src/lint/post-synth/cf-refs.ts +99 -0
package/src/lint/post-synth/ext001.test.ts +214 -31
package/src/lint/post-synth/ext001.ts +32 -25
package/src/lint/post-synth/waw013.test.ts +120 -0
package/src/lint/post-synth/waw014.test.ts +121 -0
package/src/lint/post-synth/waw015.test.ts +147 -0
package/src/lint/post-synth/waw016.test.ts +141 -0
package/src/lint/post-synth/waw016.ts +86 -0
package/src/lint/post-synth/waw017.test.ts +130 -0
package/src/lint/post-synth/waw017.ts +53 -0
package/src/lint/post-synth/waw018.test.ts +109 -0
package/src/lint/post-synth/waw018.ts +71 -0
package/src/lint/post-synth/waw019.test.ts +138 -0
package/src/lint/post-synth/waw019.ts +82 -0
package/src/lint/post-synth/waw020.test.ts +125 -0
package/src/lint/post-synth/waw020.ts +64 -0
package/src/lint/post-synth/waw021.test.ts +81 -0
package/src/lint/post-synth/waw021.ts +53 -0
package/src/lint/post-synth/waw022.test.ts +54 -0
package/src/lint/post-synth/waw022.ts +43 -0
package/src/lint/post-synth/waw023.test.ts +53 -0
package/src/lint/post-synth/waw023.ts +47 -0
package/src/lint/post-synth/waw024.test.ts +64 -0
package/src/lint/post-synth/waw024.ts +54 -0
package/src/lint/post-synth/waw025.test.ts +42 -0
package/src/lint/post-synth/waw025.ts +43 -0
package/src/lint/post-synth/waw026.test.ts +54 -0
package/src/lint/post-synth/waw026.ts +46 -0
package/src/lint/post-synth/waw027.test.ts +63 -0
package/src/lint/post-synth/waw027.ts +50 -0
package/src/lint/post-synth/waw028.test.ts +68 -0
package/src/lint/post-synth/waw028.ts +47 -0
package/src/lint/post-synth/waw029.test.ts +179 -0
package/src/lint/post-synth/waw029.ts +62 -0
package/src/lint/post-synth/waw030.test.ts +800 -0
package/src/lint/post-synth/waw030.ts +246 -0
package/src/lint/rules/hardcoded-region.ts +1 -0
package/src/lint/rules/iam-wildcard.ts +1 -0
package/src/lint/rules/rules.test.ts +8 -8
package/src/lint/rules/s3-encryption.ts +3 -3
package/src/lsp/completions.ts +2 -0
package/src/lsp/hover.ts +17 -0
package/src/nested-stack-integration.test.ts +100 -0
package/src/nested-stack.ts +2 -2
package/src/plugin.test.ts +13 -15
package/src/plugin.ts +552 -114
package/src/serializer.test.ts +370 -43
package/src/serializer.ts +69 -17
package/src/spec/fetch.ts +10 -0
package/src/spec/parse.test.ts +141 -0
package/src/spec/parse.ts +40 -0
package/src/taggable.ts +44 -0
package/src/testdata/nested-stacks/app.ts +26 -0
package/src/testdata/nested-stacks/network/outputs.ts +17 -0
package/src/testdata/nested-stacks/network/security.ts +17 -0
package/src/testdata/nested-stacks/network/vpc.ts +54 -0
package/dist/skills/aws-cloudformation.md +0 -41
package/src/codegen/rollback.test.ts +0 -80
package/src/codegen/rollback.ts +0 -20

package/src/serializer.test.ts CHANGED Viewed

@@ -11,6 +11,7 @@ import { createResource } from "@intentius/chant/runtime";
 import type { SerializerResult } from "@intentius/chant/serializer";
 import type { BuildResult } from "@intentius/chant/build";
 import { Parameter } from "./parameter";
+import { defaultTags } from "./default-tags";
 // Mock S3 Bucket for testing
 class MockBucket implements Declarable {
@@ -18,9 +19,9 @@ class MockBucket implements Declarable {
   readonly lexicon = "aws";
   readonly entityType = "AWS::S3::Bucket";
   readonly arn: AttrRef;
-  readonly props: { bucketName?: string; versioningConfiguration?: { status: string } };
+  readonly props: Record<string, unknown>;
-  constructor(props: { bucketName?: string; versioningConfiguration?: { status: string } } = {}) {
+  constructor(props: { BucketName?: string; VersioningConfiguration?: { Status: string }; Tags?: unknown[] } = {}) {
     this.props = props;
     this.arn = new AttrRef(this, "Arn");
   }
@@ -57,7 +58,7 @@ describe("awsSerializer.serialize", () => {
   test("serializes resources", () => {
     const entities = new Map<string, Declarable>();
-    entities.set("MyBucket", new MockBucket({ bucketName: "my-bucket" }));
+    entities.set("MyBucket", new MockBucket({ BucketName: "my-bucket" }));
     const output = awsSerializer.serialize(entities);
     const template = JSON.parse(output);
@@ -86,8 +87,8 @@ describe("awsSerializer.serialize", () => {
   test("serializes nested properties", () => {
     const entities = new Map<string, Declarable>();
     entities.set("MyBucket", new MockBucket({
-      bucketName: "my-bucket",
-      versioningConfiguration: { status: "Enabled" },
+      BucketName: "my-bucket",
+      VersioningConfiguration: { Status: "Enabled" },
     }));
     const output = awsSerializer.serialize(entities);
@@ -98,21 +99,20 @@ describe("awsSerializer.serialize", () => {
     });
   });
-  test("converts property names to PascalCase", () => {
+  test("passes through property names verbatim", () => {
     const entities = new Map<string, Declarable>();
-    entities.set("MyBucket", new MockBucket({ bucketName: "test" }));
+    entities.set("MyBucket", new MockBucket({ BucketName: "test" }));
     const output = awsSerializer.serialize(entities);
     const template = JSON.parse(output);
     expect(template.Resources.MyBucket.Properties.BucketName).toBeDefined();
-    expect(template.Resources.MyBucket.Properties.bucketName).toBeUndefined();
   });
   test("handles multiple resources", () => {
     const entities = new Map<string, Declarable>();
-    entities.set("DataBucket", new MockBucket({ bucketName: "data-bucket" }));
-    entities.set("LogsBucket", new MockBucket({ bucketName: "logs-bucket" }));
+    entities.set("DataBucket", new MockBucket({ BucketName: "data-bucket" }));
+    entities.set("LogsBucket", new MockBucket({ BucketName: "logs-bucket" }));
     const output = awsSerializer.serialize(entities);
     const template = JSON.parse(output);
@@ -125,7 +125,7 @@ describe("awsSerializer.serialize", () => {
   test("handles resources and parameters together", () => {
     const entities = new Map<string, Declarable>();
     entities.set("Env", new Parameter("String"));
-    entities.set("MyBucket", new MockBucket({ bucketName: "bucket" }));
+    entities.set("MyBucket", new MockBucket({ BucketName: "bucket" }));
     const output = awsSerializer.serialize(entities);
     const template = JSON.parse(output);
@@ -154,9 +154,9 @@ class MockEncryption implements Declarable {
   readonly lexicon = "aws";
   readonly entityType = "AWS::S3::Bucket.BucketEncryption";
   readonly kind = "property" as const;
-  readonly props: { serverSideEncryptionConfiguration: unknown[] };
+  readonly props: { ServerSideEncryptionConfiguration: unknown[] };
-  constructor(props: { serverSideEncryptionConfiguration: unknown[] }) {
+  constructor(props: { ServerSideEncryptionConfiguration: unknown[] }) {
     this.props = props;
   }
 }
@@ -164,14 +164,14 @@ class MockEncryption implements Declarable {
 describe("property-kind Declarables", () => {
   test("property-kind Declarables are inlined into parent properties", () => {
     const encryption = new MockEncryption({
-      serverSideEncryptionConfiguration: [
-        { serverSideEncryptionByDefault: { sseAlgorithm: "AES256" } },
+      ServerSideEncryptionConfiguration: [
+        { ServerSideEncryptionByDefault: { SSEAlgorithm: "AES256" } },
       ],
     });
-    const bucket = new MockBucket({ bucketName: "my-bucket" });
+    const bucket = new MockBucket({ BucketName: "my-bucket" });
     // Manually set encryption as a prop
-    (bucket.props as Record<string, unknown>).encryption = encryption;
+    (bucket.props as Record<string, unknown>).BucketEncryption = encryption;
     const entities = new Map<string, Declarable>();
     entities.set("DataEncryption", encryption);
@@ -181,23 +181,23 @@ describe("property-kind Declarables", () => {
     const template = JSON.parse(output);
     // Encryption should be inlined, not a Ref
-    expect(template.Resources.MyBucket.Properties.Encryption).toEqual({
+    expect(template.Resources.MyBucket.Properties.BucketEncryption).toEqual({
       ServerSideEncryptionConfiguration: [
-        { ServerSideEncryptionByDefault: { SseAlgorithm: "AES256" } },
+        { ServerSideEncryptionByDefault: { SSEAlgorithm: "AES256" } },
       ],
     });
   });
   test("property-kind Declarables do NOT appear as standalone Resources", () => {
     const encryption = new MockEncryption({
-      serverSideEncryptionConfiguration: [
-        { serverSideEncryptionByDefault: { sseAlgorithm: "AES256" } },
+      ServerSideEncryptionConfiguration: [
+        { ServerSideEncryptionByDefault: { SSEAlgorithm: "AES256" } },
       ],
     });
     const entities = new Map<string, Declarable>();
     entities.set("DataEncryption", encryption);
-    entities.set("MyBucket", new MockBucket({ bucketName: "my-bucket" }));
+    entities.set("MyBucket", new MockBucket({ BucketName: "my-bucket" }));
     const output = awsSerializer.serialize(entities);
     const template = JSON.parse(output);
@@ -207,16 +207,16 @@ describe("property-kind Declarables", () => {
   });
   test("resource-kind Declarables still emit Ref when referenced", () => {
-    const sourceBucket = new MockBucket({ bucketName: "source" });
+    const sourceBucket = new MockBucket({ BucketName: "source" });
     class MockConfig implements Declarable {
       readonly [DECLARABLE_MARKER] = true as const;
       readonly lexicon = "aws";
       readonly entityType = "AWS::S3::ReplicationDestination";
-      readonly props: { bucket: Declarable };
+      readonly props: { Bucket: Declarable };
-      constructor(bucket: Declarable) {
-        this.props = { bucket };
+      constructor(Bucket: Declarable) {
+        this.props = { Bucket };
       }
     }
@@ -233,7 +233,7 @@ describe("property-kind Declarables", () => {
 describe("intrinsic serialization", () => {
   test("handles AttrRef in properties", () => {
-    const source = new MockBucket({ bucketName: "source" });
+    const source = new MockBucket({ BucketName: "source" });
     // Set the logical name on the AttrRef before using it
     (source.arn as Record<string, unknown>)._setLogicalName("SourceBucket");
@@ -241,10 +241,10 @@ describe("intrinsic serialization", () => {
       readonly [DECLARABLE_MARKER] = true as const;
       readonly lexicon = "aws";
       readonly entityType = "AWS::S3::ReplicationConfiguration";
-      readonly props: { sourceArn: AttrRef };
+      readonly props: { SourceArn: AttrRef };
-      constructor(sourceArn: AttrRef) {
-        this.props = { sourceArn };
+      constructor(SourceArn: AttrRef) {
+        this.props = { SourceArn };
       }
     }
@@ -256,14 +256,14 @@ describe("intrinsic serialization", () => {
     const template = JSON.parse(output);
     expect(template.Resources.Replication.Properties.SourceArn).toEqual({
-      "Fn::GetAttr": ["SourceBucket", "Arn"],
+      "Fn::GetAtt": ["SourceBucket", "Arn"],
     });
   });
 });
 describe("LexiconOutput serialization", () => {
   test("generates CF Outputs section for LexiconOutputs", () => {
-    const bucket = new MockBucket({ bucketName: "data-bucket" });
+    const bucket = new MockBucket({ BucketName: "data-bucket" });
     const lexiconOutput = new LexiconOutput(bucket.arn, "DataBucketArn");
     lexiconOutput._setSourceEntity("dataBucket");
@@ -275,13 +275,13 @@ describe("LexiconOutput serialization", () => {
     expect(template.Outputs).toBeDefined();
     expect(template.Outputs.DataBucketArn).toEqual({
-      Value: { "Fn::GetAttr": ["dataBucket", "Arn"] },
+      Value: { "Fn::GetAtt": ["dataBucket", "Arn"] },
     });
   });
   test("generates multiple CF Outputs", () => {
-    const dataBucket = new MockBucket({ bucketName: "data-bucket" });
-    const logsBucket = new MockBucket({ bucketName: "logs-bucket" });
+    const dataBucket = new MockBucket({ BucketName: "data-bucket" });
+    const logsBucket = new MockBucket({ BucketName: "logs-bucket" });
     const dataOutput = new LexiconOutput(dataBucket.arn, "DataBucketArn");
     dataOutput._setSourceEntity("dataBucket");
@@ -298,16 +298,16 @@ describe("LexiconOutput serialization", () => {
     expect(template.Outputs).toBeDefined();
     expect(Object.keys(template.Outputs)).toHaveLength(2);
     expect(template.Outputs.DataBucketArn.Value).toEqual({
-      "Fn::GetAttr": ["dataBucket", "Arn"],
+      "Fn::GetAtt": ["dataBucket", "Arn"],
     });
     expect(template.Outputs.LogsBucketArn.Value).toEqual({
-      "Fn::GetAttr": ["logsBucket", "Arn"],
+      "Fn::GetAtt": ["logsBucket", "Arn"],
     });
   });
   test("omits Outputs section when no LexiconOutputs provided", () => {
     const entities = new Map<string, Declarable>();
-    entities.set("MyBucket", new MockBucket({ bucketName: "bucket" }));
+    entities.set("MyBucket", new MockBucket({ BucketName: "bucket" }));
     const result = awsSerializer.serialize(entities);
     const template = JSON.parse(result);
@@ -317,7 +317,7 @@ describe("LexiconOutput serialization", () => {
   test("omits Outputs section when empty LexiconOutputs array", () => {
     const entities = new Map<string, Declarable>();
-    entities.set("MyBucket", new MockBucket({ bucketName: "bucket" }));
+    entities.set("MyBucket", new MockBucket({ BucketName: "bucket" }));
     const result = awsSerializer.serialize(entities, []);
     const template = JSON.parse(result as string);
@@ -430,7 +430,7 @@ describe("nested stack serialization", () => {
       Resources: {},
     });
-    const bucket = new MockBucket({ bucketName: "data" });
+    const bucket = new MockBucket({ BucketName: "data" });
     const entities = new Map<string, Declarable>();
     entities.set("network", stack as unknown as Declarable);
@@ -446,7 +446,7 @@ describe("nested stack serialization", () => {
   test("without nested stacks returns plain string", () => {
     const entities = new Map<string, Declarable>();
-    entities.set("MyBucket", new MockBucket({ bucketName: "bucket" }));
+    entities.set("MyBucket", new MockBucket({ BucketName: "bucket" }));
     const result = awsSerializer.serialize(entities);
     expect(typeof result).toBe("string");
@@ -460,7 +460,7 @@ describe("nested stack serialization", () => {
         subnet: { Type: "AWS::EC2::Subnet" },
       },
       Outputs: {
-        subnetId: { Value: { "Fn::GetAttr": ["subnet", "SubnetId"] } },
+        subnetId: { Value: { "Fn::GetAtt": ["subnet", "SubnetId"] } },
       },
     });
@@ -472,7 +472,7 @@ describe("nested stack serialization", () => {
       entityType: "AWS::Lambda::Function",
       kind: "resource" as const,
       props: {
-        vpcConfig: { subnetIds: [subnetRef] },
+        VpcConfig: { SubnetIds: [subnetRef] },
       },
     } as unknown as Declarable;
@@ -490,3 +490,330 @@ describe("nested stack serialization", () => {
     });
   });
 });
+// ── Resource-Level CF Attributes ──────────────────────────
+// Mock resource that supports the second constructor `attributes` argument
+class MockResourceWithAttrs implements Declarable {
+  readonly [DECLARABLE_MARKER] = true as const;
+  readonly lexicon = "aws";
+  readonly entityType: string;
+  readonly props: Record<string, unknown>;
+  readonly attributes: Record<string, unknown>;
+  constructor(
+    type: string,
+    props: Record<string, unknown>,
+    attributes: Record<string, unknown> = {},
+  ) {
+    this.entityType = type;
+    this.props = props;
+    Object.defineProperty(this, "attributes", { value: attributes, enumerable: false, configurable: true });
+  }
+}
+describe("resource-level CF attributes", () => {
+  function serialize(...entries: [string, Declarable][]) {
+    const entities = new Map<string, Declarable>(entries);
+    const output = awsSerializer.serialize(entities);
+    return JSON.parse(output as string);
+  }
+  test("DependsOn with string logical name", () => {
+    const res = new MockResourceWithAttrs(
+      "AWS::EC2::Instance", { InstanceType: "t3.micro" }, { DependsOn: "Database" },
+    );
+    const template = serialize(["Server", res]);
+    expect(template.Resources.Server.DependsOn).toBe("Database");
+  });
+  test("DependsOn with Declarable reference resolves to logical name", () => {
+    const bucket = new MockBucket({ BucketName: "data" });
+    const fn = new MockResourceWithAttrs(
+      "AWS::Lambda::Function", { Runtime: "nodejs20.x" }, { DependsOn: bucket },
+    );
+    const template = serialize(["DataBucket", bucket], ["Handler", fn]);
+    expect(template.Resources.Handler.DependsOn).toBe("DataBucket");
+  });
+  test("DependsOn with array of mixed strings and Declarables", () => {
+    const bucket = new MockBucket({ BucketName: "data" });
+    const fn = new MockResourceWithAttrs(
+      "AWS::Lambda::Function", { Runtime: "nodejs20.x" },
+      { DependsOn: [bucket, "ExternalResource"] },
+    );
+    const template = serialize(["DataBucket", bucket], ["Handler", fn]);
+    expect(template.Resources.Handler.DependsOn).toEqual(["DataBucket", "ExternalResource"]);
+  });
+  test("single DependsOn array item serializes as string, not array", () => {
+    const fn = new MockResourceWithAttrs(
+      "AWS::Lambda::Function", { Runtime: "nodejs20.x" }, { DependsOn: ["OnlyOne"] },
+    );
+    const template = serialize(["Handler", fn]);
+    expect(template.Resources.Handler.DependsOn).toBe("OnlyOne");
+  });
+  test("Condition attribute", () => {
+    const res = new MockResourceWithAttrs(
+      "AWS::S3::Bucket", { BucketName: "cond-bucket" }, { Condition: "CreateProdResources" },
+    );
+    const template = serialize(["MyBucket", res]);
+    expect(template.Resources.MyBucket.Condition).toBe("CreateProdResources");
+  });
+  test("DeletionPolicy attribute", () => {
+    const res = new MockResourceWithAttrs(
+      "AWS::RDS::DBInstance", { DBInstanceClass: "db.t3.micro" }, { DeletionPolicy: "Retain" },
+    );
+    const template = serialize(["Database", res]);
+    expect(template.Resources.Database.DeletionPolicy).toBe("Retain");
+  });
+  test("UpdateReplacePolicy attribute", () => {
+    const res = new MockResourceWithAttrs(
+      "AWS::RDS::DBInstance", { DBInstanceClass: "db.t3.micro" }, { UpdateReplacePolicy: "Snapshot" },
+    );
+    const template = serialize(["Database", res]);
+    expect(template.Resources.Database.UpdateReplacePolicy).toBe("Snapshot");
+  });
+  test("UpdatePolicy attribute", () => {
+    const policy = {
+      AutoScalingRollingUpdate: {
+        MaxBatchSize: 2,
+        MinInstancesInService: 1,
+        PauseTime: "PT5M",
+        WaitOnResourceSignals: true,
+      },
+    };
+    const res = new MockResourceWithAttrs(
+      "AWS::AutoScaling::AutoScalingGroup", { MinSize: "1", MaxSize: "4" },
+      { UpdatePolicy: policy },
+    );
+    const template = serialize(["ASG", res]);
+    expect(template.Resources.ASG.UpdatePolicy).toEqual(policy);
+  });
+  test("CreationPolicy attribute", () => {
+    const policy = { ResourceSignal: { Count: 3, Timeout: "PT15M" } };
+    const res = new MockResourceWithAttrs(
+      "AWS::AutoScaling::AutoScalingGroup", { MinSize: "3", MaxSize: "3" },
+      { CreationPolicy: policy },
+    );
+    const template = serialize(["ASG", res]);
+    expect(template.Resources.ASG.CreationPolicy).toEqual(policy);
+  });
+  test("Metadata attribute with plain object", () => {
+    const res = new MockResourceWithAttrs(
+      "AWS::EC2::Instance", { InstanceType: "t3.micro" },
+      { Metadata: { "AWS::CloudFormation::Init": { config: { packages: { yum: { httpd: [] } } } } } },
+    );
+    const template = serialize(["Server", res]);
+    expect(template.Resources.Server.Metadata).toEqual({
+      "AWS::CloudFormation::Init": { config: { packages: { yum: { httpd: [] } } } },
+    });
+  });
+  test("Metadata with intrinsic values resolves them", () => {
+    const res = new MockResourceWithAttrs(
+      "AWS::EC2::Instance", { InstanceType: "t3.micro" },
+      { Metadata: { StackInfo: Sub`${AWS.StackName}-metadata` } },
+    );
+    const template = serialize(["Server", res]);
+    expect(template.Resources.Server.Metadata.StackInfo).toEqual({
+      "Fn::Sub": "${AWS::StackName}-metadata",
+    });
+  });
+  test("all 7 attributes on a single resource", () => {
+    const dependency = new MockBucket({ BucketName: "dep" });
+    const res = new MockResourceWithAttrs(
+      "AWS::RDS::DBInstance", { DBInstanceClass: "db.t3.micro", Engine: "postgres" },
+      {
+        DependsOn: dependency,
+        Condition: "CreateDatabase",
+        DeletionPolicy: "Snapshot",
+        UpdateReplacePolicy: "Retain",
+        UpdatePolicy: { AutoScalingReplacingUpdate: { WillReplace: true } },
+        CreationPolicy: { ResourceSignal: { Count: 1, Timeout: "PT10M" } },
+        Metadata: { Version: "1.0" },
+      },
+    );
+    const template = serialize(["DepBucket", dependency], ["Database", res]);
+    const db = template.Resources.Database;
+    expect(db.DependsOn).toBe("DepBucket");
+    expect(db.Condition).toBe("CreateDatabase");
+    expect(db.DeletionPolicy).toBe("Snapshot");
+    expect(db.UpdateReplacePolicy).toBe("Retain");
+    expect(db.UpdatePolicy).toEqual({ AutoScalingReplacingUpdate: { WillReplace: true } });
+    expect(db.CreationPolicy).toEqual({ ResourceSignal: { Count: 1, Timeout: "PT10M" } });
+    expect(db.Metadata).toEqual({ Version: "1.0" });
+  });
+  test("undefined attributes are omitted from CF template", () => {
+    const res = new MockResourceWithAttrs(
+      "AWS::S3::Bucket", { BucketName: "bucket" },
+      { DependsOn: undefined, Condition: undefined },
+    );
+    const template = serialize(["MyBucket", res]);
+    expect(template.Resources.MyBucket.DependsOn).toBeUndefined();
+    expect(template.Resources.MyBucket.Condition).toBeUndefined();
+  });
+  test("empty attributes object produces no resource-level attributes", () => {
+    const res = new MockResourceWithAttrs("AWS::S3::Bucket", { BucketName: "bucket" }, {});
+    const template = serialize(["MyBucket", res]);
+    const r = template.Resources.MyBucket;
+    expect(r.DependsOn).toBeUndefined();
+    expect(r.Condition).toBeUndefined();
+    expect(r.DeletionPolicy).toBeUndefined();
+    expect(r.Metadata).toBeUndefined();
+  });
+  test("resource without attributes property works unchanged", () => {
+    // MockBucket has no `attributes` property — should still serialize fine
+    const bucket = new MockBucket({ BucketName: "legacy" });
+    const template = serialize(["MyBucket", bucket]);
+    expect(template.Resources.MyBucket.Type).toBe("AWS::S3::Bucket");
+    expect(template.Resources.MyBucket.Properties.BucketName).toBe("legacy");
+    expect(template.Resources.MyBucket.DependsOn).toBeUndefined();
+  });
+});
+// ── Default Tags Serialization ──────────────────────────
+// Mock Lambda Permission (non-taggable) for testing
+class MockPermission implements Declarable {
+  readonly [DECLARABLE_MARKER] = true as const;
+  readonly lexicon = "aws";
+  readonly entityType = "AWS::Lambda::Permission";
+  readonly props: { Action: string; FunctionName: string; Principal: string };
+  constructor(props: { Action: string; FunctionName: string; Principal: string }) {
+    this.props = props;
+  }
+}
+// Mock Lambda Function (taggable) for testing
+class MockFunction implements Declarable {
+  readonly [DECLARABLE_MARKER] = true as const;
+  readonly lexicon = "aws";
+  readonly entityType = "AWS::Lambda::Function";
+  readonly props: Record<string, unknown>;
+  constructor(props: Record<string, unknown> = {}) {
+    this.props = props;
+  }
+}
+describe("default tags serialization", () => {
+  test("DefaultTags entity is not emitted as a CF Resource", () => {
+    const entities = new Map<string, Declarable>();
+    entities.set("MyBucket", new MockBucket({ BucketName: "bucket" }));
+    entities.set("tags", defaultTags([{ Key: "Env", Value: "prod" }]) as unknown as Declarable);
+    const output = awsSerializer.serialize(entities);
+    const template = JSON.parse(output as string);
+    expect(template.Resources.tags).toBeUndefined();
+    expect(template.Resources.MyBucket).toBeDefined();
+  });
+  test("taggable resource gets default tags injected", () => {
+    const entities = new Map<string, Declarable>();
+    entities.set("MyBucket", new MockBucket({ BucketName: "bucket" }));
+    entities.set("tags", defaultTags([{ Key: "Env", Value: "prod" }]) as unknown as Declarable);
+    const output = awsSerializer.serialize(entities);
+    const template = JSON.parse(output as string);
+    expect(template.Resources.MyBucket.Properties.Tags).toEqual([
+      { Key: "Env", Value: "prod" },
+    ]);
+  });
+  test("non-taggable resource does NOT get tags", () => {
+    const entities = new Map<string, Declarable>();
+    entities.set("Perm", new MockPermission({
+      Action: "lambda:InvokeFunction",
+      FunctionName: "fn",
+      Principal: "apigateway.amazonaws.com",
+    }));
+    entities.set("tags", defaultTags([{ Key: "Env", Value: "prod" }]) as unknown as Declarable);
+    const output = awsSerializer.serialize(entities);
+    const template = JSON.parse(output as string);
+    expect(template.Resources.Perm.Properties.Tags).toBeUndefined();
+  });
+  test("explicit tags win over defaults on same key", () => {
+    const entities = new Map<string, Declarable>();
+    entities.set("MyBucket", new MockBucket({
+      BucketName: "bucket",
+      Tags: [{ Key: "Env", Value: "staging" }],
+    }));
+    entities.set("tags", defaultTags([
+      { Key: "Env", Value: "prod" },
+      { Key: "Team", Value: "platform" },
+    ]) as unknown as Declarable);
+    const output = awsSerializer.serialize(entities);
+    const template = JSON.parse(output as string);
+    const tags = template.Resources.MyBucket.Properties.Tags;
+    expect(tags).toHaveLength(2);
+    // Explicit "Env" wins, default "Team" is added
+    const envTag = tags.find((t: { Key: string }) => t.Key === "Env");
+    const teamTag = tags.find((t: { Key: string }) => t.Key === "Team");
+    expect(envTag.Value).toBe("staging");
+    expect(teamTag.Value).toBe("platform");
+  });
+  test("intrinsic tag values resolve correctly", () => {
+    const entities = new Map<string, Declarable>();
+    entities.set("MyBucket", new MockBucket({ BucketName: "bucket" }));
+    entities.set("tags", defaultTags([
+      { Key: "Stack", Value: Sub`${AWS.StackName}` },
+    ]) as unknown as Declarable);
+    const output = awsSerializer.serialize(entities);
+    const template = JSON.parse(output as string);
+    const tags = template.Resources.MyBucket.Properties.Tags;
+    expect(tags).toHaveLength(1);
+    expect(tags[0].Key).toBe("Stack");
+    expect(tags[0].Value).toEqual({ "Fn::Sub": "${AWS::StackName}" });
+  });
+  test("parameter tag values resolve to Ref", () => {
+    const env = new Parameter("String", { defaultValue: "dev" });
+    const entities = new Map<string, Declarable>();
+    entities.set("Env", env as unknown as Declarable);
+    entities.set("MyBucket", new MockBucket({ BucketName: "bucket" }));
+    entities.set("tags", defaultTags([
+      { Key: "Environment", Value: env },
+    ]) as unknown as Declarable);
+    const output = awsSerializer.serialize(entities);
+    const template = JSON.parse(output as string);
+    const tags = template.Resources.MyBucket.Properties.Tags;
+    expect(tags).toHaveLength(1);
+    expect(tags[0].Key).toBe("Environment");
+    expect(tags[0].Value).toEqual({ Ref: "Env" });
+  });
+  test("no defaultTags = no injection (existing behavior)", () => {
+    const entities = new Map<string, Declarable>();
+    entities.set("MyBucket", new MockBucket({ BucketName: "bucket" }));
+    const output = awsSerializer.serialize(entities);
+    const template = JSON.parse(output as string);
+    expect(template.Resources.MyBucket.Properties.Tags).toBeUndefined();
+  });
+});