@intentius/chant-lexicon-aws 0.1.1 → 0.1.8

package/src/lint/post-synth/waw035.test.ts

@@ -0,0 +1,74 @@
+import { describe, test, expect } from "vitest";
+import { createPostSynthContext } from "@intentius/chant-test-utils";
+import { waw035, checkSolrUlimits } from "./waw035";
+
+function makeTask(image: string, ulimits?: unknown[]) {
+  return createPostSynthContext({
+    aws: {
+      Resources: {
+        SolrTask: {
+          Type: "AWS::ECS::TaskDefinition",
+          Properties: {
+            Memory: "4096",
+            ContainerDefinitions: [
+              {
+                Name: "app",
+                Image: image,
+                ...(ulimits && { Ulimits: ulimits }),
+              },
+            ],
+          },
+        },
+      },
+    },
+  });
+}
+
+describe("WAW035: Solr nofile Ulimit", () => {
+  test("check metadata", () => {
+    expect(waw035.id).toBe("WAW035");
+    expect(waw035.description).toContain("nofile");
+  });
+
+  test("flags Solr container with no ulimits", () => {
+    const diags = checkSolrUlimits(makeTask("solr:9"));
+    expect(diags).toHaveLength(1);
+    expect(diags[0].checkId).toBe("WAW035");
+    expect(diags[0].severity).toBe("warning");
+    expect(diags[0].message).toContain("not set");
+  });
+
+  test("flags Solr container with nofile below minimum", () => {
+    const diags = checkSolrUlimits(makeTask("solr:9", [
+      { Name: "nofile", SoftLimit: 1024, HardLimit: 1024 },
+    ]));
+    expect(diags).toHaveLength(1);
+    expect(diags[0].message).toContain("1024");
+  });
+
+  test("no diagnostic when nofile >= 65535", () => {
+    const diags = checkSolrUlimits(makeTask("solr:9", [
+      { Name: "nofile", SoftLimit: 65535, HardLimit: 65535 },
+    ]));
+    expect(diags).toHaveLength(0);
+  });
+
+  test("no diagnostic when nofile HardLimit > 65535", () => {
+    const diags = checkSolrUlimits(makeTask("solr:9", [
+      { Name: "nofile", SoftLimit: 65535, HardLimit: 131072 },
+    ]));
+    expect(diags).toHaveLength(0);
+  });
+
+  test("no diagnostic for non-solr image", () => {
+    const diags = checkSolrUlimits(makeTask("nginx:latest"));
+    expect(diags).toHaveLength(0);
+  });
+
+  test("flags when only nproc ulimit set but nofile missing", () => {
+    const diags = checkSolrUlimits(makeTask("solr:9", [
+      { Name: "nproc", SoftLimit: 65535, HardLimit: 65535 },
+    ]));
+    expect(diags).toHaveLength(1);
+  });
+});

package/src/lint/post-synth/waw035.ts

@@ -0,0 +1,71 @@
+/**
+ * WAW035: Solr Container Missing nofile Ulimit
+ *
+ * Solr opens a file descriptor for every shard replica, index file, log, and
+ * connection. Without a raised nofile limit the process hits the default kernel
+ * limit (~1024) under moderate load, causing "Too many open files" errors that
+ * bring the node down. The production minimum is 65535.
+ */
+
+import type { PostSynthCheck, PostSynthContext, PostSynthDiagnostic } from "@intentius/chant/lint/post-synth";
+import { parseCFTemplate } from "./cf-refs";
+
+const NOFILE_MIN = 65535;
+
+function isSolrImage(image: unknown): boolean {
+  return typeof image === "string" && image.toLowerCase().includes("solr");
+}
+
+export function checkSolrUlimits(ctx: PostSynthContext): PostSynthDiagnostic[] {
+  const diagnostics: PostSynthDiagnostic[] = [];
+
+  for (const [_lexicon, output] of ctx.outputs) {
+    const template = parseCFTemplate(output);
+    if (!template?.Resources) continue;
+
+    for (const [logicalId, resource] of Object.entries(template.Resources)) {
+      if (resource.Type !== "AWS::ECS::TaskDefinition") continue;
+
+      const containers: unknown[] = Array.isArray(resource.Properties?.ContainerDefinitions)
+        ? resource.Properties.ContainerDefinitions
+        : [];
+
+      for (const container of containers) {
+        if (typeof container !== "object" || container === null) continue;
+        const c = container as Record<string, unknown>;
+
+        if (!isSolrImage(c.Image)) continue;
+
+        const ulimits: unknown[] = Array.isArray(c.Ulimits) ? c.Ulimits : [];
+        const nofile = ulimits.find(
+          (u): u is Record<string, unknown> =>
+            typeof u === "object" && u !== null && (u as Record<string, unknown>).Name === "nofile",
+        );
+
+        const hardLimit = nofile ? Number(nofile.HardLimit ?? 0) : 0;
+
+        if (!nofile || hardLimit < NOFILE_MIN) {
+          const current = nofile ? ` (current HardLimit: ${hardLimit})` : " (not set)";
+          diagnostics.push({
+            checkId: "WAW035",
+            severity: "warning",
+            message: `Solr container "${c.Name ?? "app"}" in task "${logicalId}" nofile ulimit${current} — set HardLimit >= ${NOFILE_MIN} to prevent "Too many open files" under load`,
+            entity: logicalId,
+            lexicon: "aws",
+          });
+        }
+      }
+    }
+  }
+
+  return diagnostics;
+}
+
+export const waw035: PostSynthCheck = {
+  id: "WAW035",
+  description: "Solr container missing nofile ulimit >= 65535",
+
+  check(ctx: PostSynthContext): PostSynthDiagnostic[] {
+    return checkSolrUlimits(ctx);
+  },
+};

package/src/lint/post-synth/waw036.test.ts

@@ -0,0 +1,217 @@
+import { describe, test, expect } from "vitest";
+import { createPostSynthContext } from "@intentius/chant-test-utils";
+import { waw036, checkNonAsciiProps } from "./waw036";
+
+function makeCtx(template: object) {
+  return createPostSynthContext({ aws: template });
+}
+
+describe("WAW036: Non-ASCII Characters in String Properties", () => {
+  test("check metadata", () => {
+    expect(waw036.id).toBe("WAW036");
+    expect(waw036.description.toLowerCase()).toContain("non-ascii");
+  });
+
+  // ── SecurityGroup.GroupDescription ───────────────────────────────
+
+  test("GroupDescription with em-dash → error", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MySg: {
+          Type: "AWS::EC2::SecurityGroup",
+          Properties: {
+            GroupDescription: "cluster nodes \u2014 Slurm",
+            VpcId: "vpc-123",
+          },
+        },
+      },
+    });
+    const diags = checkNonAsciiProps(ctx);
+    expect(diags).toHaveLength(1);
+    expect(diags[0].checkId).toBe("WAW036");
+    expect(diags[0].severity).toBe("error");
+    expect(diags[0].entity).toBe("MySg");
+    expect(diags[0].message).toContain("GroupDescription");
+    expect(diags[0].message).toContain("U+2014");
+  });
+
+  test("GroupDescription with ASCII only → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MySg: {
+          Type: "AWS::EC2::SecurityGroup",
+          Properties: {
+            GroupDescription: "cluster nodes - Slurm",
+            VpcId: "vpc-123",
+          },
+        },
+      },
+    });
+    const diags = checkNonAsciiProps(ctx);
+    expect(diags).toHaveLength(0);
+  });
+
+  // ── CloudWatch.AlarmDescription ──────────────────────────────────
+
+  test("AlarmDescription with curly quote → error", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyAlarm: {
+          Type: "AWS::CloudWatch::Alarm",
+          Properties: {
+            AlarmName: "my-alarm",
+            AlarmDescription: "FSx throughput \u201chigh\u201d",
+            MetricName: "BytesReadFromDisk",
+            Namespace: "AWS/FSx",
+            Period: 300,
+            EvaluationPeriods: 1,
+            Threshold: 1000,
+            ComparisonOperator: "GreaterThanThreshold",
+          },
+        },
+      },
+    });
+    const diags = checkNonAsciiProps(ctx);
+    expect(diags).toHaveLength(1);
+    expect(diags[0].entity).toBe("MyAlarm");
+    expect(diags[0].message).toContain("AlarmDescription");
+  });
+
+  test("AlarmName with accented char → error", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyAlarm: {
+          Type: "AWS::CloudWatch::Alarm",
+          Properties: {
+            AlarmName: "m\u00e9trique-alarm",
+            AlarmDescription: "normal",
+            MetricName: "CPUUtilization",
+            Namespace: "AWS/EC2",
+            Period: 60,
+            EvaluationPeriods: 1,
+            Threshold: 80,
+            ComparisonOperator: "GreaterThanThreshold",
+          },
+        },
+      },
+    });
+    const diags = checkNonAsciiProps(ctx);
+    expect(diags).toHaveLength(1);
+    expect(diags[0].message).toContain("AlarmName");
+  });
+
+  // ── IAM::Role.RoleName ───────────────────────────────────────────
+
+  test("RoleName with non-ASCII → error", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyRole: {
+          Type: "AWS::IAM::Role",
+          Properties: {
+            RoleName: "role\u2013name",
+            AssumeRolePolicyDocument: {},
+          },
+        },
+      },
+    });
+    const diags = checkNonAsciiProps(ctx);
+    expect(diags).toHaveLength(1);
+    expect(diags[0].message).toContain("RoleName");
+    expect(diags[0].message).toContain("U+2013");
+  });
+
+  // ── AutoScalingGroup.AutoScalingGroupName ────────────────────────
+
+  test("AutoScalingGroupName with non-ASCII → error", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyAsg: {
+          Type: "AWS::AutoScaling::AutoScalingGroup",
+          Properties: {
+            AutoScalingGroupName: "asg\u2014prod",
+            MinSize: "0",
+            MaxSize: "10",
+          },
+        },
+      },
+    });
+    const diags = checkNonAsciiProps(ctx);
+    expect(diags).toHaveLength(1);
+    expect(diags[0].entity).toBe("MyAsg");
+  });
+
+  // ── Non-string (intrinsic) values are skipped ────────────────────
+
+  test("GroupDescription as Ref intrinsic → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MySg: {
+          Type: "AWS::EC2::SecurityGroup",
+          Properties: {
+            GroupDescription: { Ref: "SomeParam" },
+            VpcId: "vpc-123",
+          },
+        },
+      },
+    });
+    const diags = checkNonAsciiProps(ctx);
+    expect(diags).toHaveLength(0);
+  });
+
+  // ── Multiple violations ──────────────────────────────────────────
+
+  test("multiple resources with non-ASCII → multiple diagnostics", () => {
+    const ctx = makeCtx({
+      Resources: {
+        Sg1: {
+          Type: "AWS::EC2::SecurityGroup",
+          Properties: {
+            GroupDescription: "sg \u2014 one",
+            VpcId: "vpc-123",
+          },
+        },
+        Sg2: {
+          Type: "AWS::EC2::SecurityGroup",
+          Properties: {
+            GroupDescription: "sg \u2014 two",
+            VpcId: "vpc-456",
+          },
+        },
+        CleanSg: {
+          Type: "AWS::EC2::SecurityGroup",
+          Properties: {
+            GroupDescription: "clean sg",
+            VpcId: "vpc-789",
+          },
+        },
+      },
+    });
+    const diags = checkNonAsciiProps(ctx);
+    expect(diags).toHaveLength(2);
+    const entities = diags.map((d) => d.entity).sort();
+    expect(entities).toEqual(["Sg1", "Sg2"]);
+  });
+
+  // ── Resource types not in the list ──────────────────────────────
+
+  test("unmonitored resource type with non-ASCII → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyTable: {
+          Type: "AWS::DynamoDB::Table",
+          Properties: {
+            TableName: "table\u2014name",
+          },
+        },
+      },
+    });
+    const diags = checkNonAsciiProps(ctx);
+    expect(diags).toHaveLength(0);
+  });
+
+  test("empty Resources → no diagnostic", () => {
+    const ctx = makeCtx({ Resources: {} });
+    const diags = checkNonAsciiProps(ctx);
+    expect(diags).toHaveLength(0);
+  });
+});

package/src/lint/post-synth/waw036.ts

@@ -0,0 +1,88 @@
+/**
+ * WAW036: Non-ASCII Characters in EC2/IAM String Properties
+ *
+ * EC2, IAM, CloudWatch, and other AWS services only accept ASCII 0x20–0x7E in
+ * description, name, and label fields. Non-ASCII characters (em-dashes, curly
+ * quotes, accented letters, etc.) cause the changeset to fail at EarlyValidation
+ * with an opaque "Invalid parameter" error that doesn't name the offending property.
+ *
+ * Properties checked (all must be plain ASCII strings):
+ *   - AWS::EC2::SecurityGroup           GroupDescription
+ *   - AWS::EC2::LaunchTemplate          LaunchTemplateName
+ *   - AWS::IAM::Role                    RoleName
+ *   - AWS::Lambda::Function             FunctionName
+ *   - AWS::RDS::DBSubnetGroup           DBSubnetGroupDescription
+ *   - AWS::CloudWatch::Alarm            AlarmDescription, AlarmName
+ *   - AWS::AutoScaling::AutoScalingGroup AutoScalingGroupName
+ */
+
+import type { PostSynthCheck, PostSynthContext, PostSynthDiagnostic } from "@intentius/chant/lint/post-synth";
+import { parseCFTemplate } from "./cf-refs";
+
+/** Map of CFN resource type → list of property names that must be ASCII-only. */
+const ASCII_REQUIRED: Record<string, string[]> = {
+  "AWS::EC2::SecurityGroup":             ["GroupDescription"],
+  "AWS::EC2::LaunchTemplate":            ["LaunchTemplateName"],
+  "AWS::IAM::Role":                      ["RoleName"],
+  "AWS::Lambda::Function":               ["FunctionName"],
+  "AWS::RDS::DBSubnetGroup":             ["DBSubnetGroupDescription"],
+  "AWS::CloudWatch::Alarm":              ["AlarmDescription", "AlarmName"],
+  "AWS::AutoScaling::AutoScalingGroup":  ["AutoScalingGroupName"],
+};
+
+/** Return true if the string contains any character outside ASCII printable range (0x20–0x7E). */
+function hasNonAscii(s: string): boolean {
+  for (let i = 0; i < s.length; i++) {
+    const code = s.charCodeAt(i);
+    if (code < 0x20 || code > 0x7e) return true;
+  }
+  return false;
+}
+
+export function checkNonAsciiProps(ctx: PostSynthContext): PostSynthDiagnostic[] {
+  const diagnostics: PostSynthDiagnostic[] = [];
+
+  for (const [_lexicon, output] of ctx.outputs) {
+    const template = parseCFTemplate(output);
+    if (!template?.Resources) continue;
+
+    for (const [logicalId, resource] of Object.entries(template.Resources)) {
+      const propsToCheck = ASCII_REQUIRED[resource.Type];
+      if (!propsToCheck) continue;
+
+      const props = resource.Properties ?? {};
+
+      for (const propName of propsToCheck) {
+        const value = props[propName];
+        if (typeof value !== "string") continue;
+        if (!hasNonAscii(value)) continue;
+
+        // Find the specific offending characters for the message.
+        const badChars = [...new Set([...value].filter((c) => {
+          const code = c.charCodeAt(0);
+          return code < 0x20 || code > 0x7e;
+        }))];
+        const charList = badChars.map((c) => `U+${c.charCodeAt(0).toString(16).toUpperCase().padStart(4, "0")}`).join(", ");
+
+        diagnostics.push({
+          checkId: "WAW036",
+          severity: "error",
+          message: `${resource.Type} "${logicalId}" property "${propName}" contains non-ASCII characters (${charList}) — AWS rejects these at changeset validation time`,
+          entity: logicalId,
+          lexicon: "aws",
+        });
+      }
+    }
+  }
+
+  return diagnostics;
+}
+
+export const waw036: PostSynthCheck = {
+  id: "WAW036",
+  description: "Non-ASCII characters in EC2/IAM/CW string properties — rejected at changeset time",
+
+  check(ctx: PostSynthContext): PostSynthDiagnostic[] {
+    return checkNonAsciiProps(ctx);
+  },
+};

package/src/lint/post-synth/waw037.test.ts

@@ -0,0 +1,155 @@
+import { describe, test, expect } from "vitest";
+import { createPostSynthContext } from "@intentius/chant-test-utils";
+import { waw037, checkNullProperties } from "./waw037";
+
+function makeCtx(template: object) {
+  return createPostSynthContext({ aws: template });
+}
+
+describe("WAW037: Null Values in CloudFormation Resource Properties", () => {
+  test("check metadata", () => {
+    expect(waw037.id).toBe("WAW037");
+    expect(waw037.description.toLowerCase()).toContain("null");
+  });
+
+  // ── Top-level null property ──────────────────────────────────────
+
+  test("top-level null property → error with path", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyRole: {
+          Type: "AWS::IAM::InstanceProfile",
+          Properties: {
+            Roles: [null],
+          },
+        },
+      },
+    });
+    const diags = checkNullProperties(ctx);
+    expect(diags).toHaveLength(1);
+    expect(diags[0].checkId).toBe("WAW037");
+    expect(diags[0].severity).toBe("error");
+    expect(diags[0].entity).toBe("MyRole");
+    expect(diags[0].message).toContain("MyRole");
+    expect(diags[0].message).toContain("Roles[0]");
+  });
+
+  test("nested null property → error with dotted path", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyHook: {
+          Type: "AWS::AutoScaling::LifecycleHook",
+          Properties: {
+            AutoScalingGroupName: null,
+            LifecycleTransition: "autoscaling:EC2_INSTANCE_TERMINATING",
+          },
+        },
+      },
+    });
+    const diags = checkNullProperties(ctx);
+    expect(diags).toHaveLength(1);
+    expect(diags[0].entity).toBe("MyHook");
+    expect(diags[0].message).toContain("AutoScalingGroupName");
+  });
+
+  test("deeply nested null in array → correct path reported", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyLt: {
+          Type: "AWS::EC2::LaunchTemplate",
+          Properties: {
+            LaunchTemplateData: {
+              TagSpecifications: [
+                {
+                  ResourceType: "instance",
+                  Tags: [{ Key: "cluster", Value: null }],
+                },
+              ],
+            },
+          },
+        },
+      },
+    });
+    const diags = checkNullProperties(ctx);
+    expect(diags).toHaveLength(1);
+    expect(diags[0].message).toContain("LaunchTemplateData.TagSpecifications[0].Tags[0].Value");
+  });
+
+  test("IamInstanceProfile null from wrong attr → error", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyInstance: {
+          Type: "AWS::EC2::Instance",
+          Properties: {
+            InstanceType: "c5.2xlarge",
+            IamInstanceProfile: null,
+          },
+        },
+      },
+    });
+    const diags = checkNullProperties(ctx);
+    expect(diags).toHaveLength(1);
+    expect(diags[0].entity).toBe("MyInstance");
+    expect(diags[0].message).toContain("IamInstanceProfile");
+    expect(diags[0].message).toContain("Ref(resource)");
+  });
+
+  // ── Clean template ───────────────────────────────────────────────
+
+  test("all non-null properties → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MySg: {
+          Type: "AWS::EC2::SecurityGroup",
+          Properties: {
+            GroupDescription: "my sg",
+            VpcId: { Ref: "MyVpc" },
+            SecurityGroupIngress: [
+              { IpProtocol: "tcp", FromPort: 443, ToPort: 443, CidrIp: "10.0.0.0/8" },
+            ],
+          },
+        },
+      },
+    });
+    const diags = checkNullProperties(ctx);
+    expect(diags).toHaveLength(0);
+  });
+
+  test("resource with no Properties → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyWaitHandle: {
+          Type: "AWS::CloudFormation::WaitConditionHandle",
+        },
+      },
+    });
+    const diags = checkNullProperties(ctx);
+    expect(diags).toHaveLength(0);
+  });
+
+  // ── Multiple nulls in same resource ─────────────────────────────
+
+  test("multiple null props in same resource → one diagnostic per null", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyHook: {
+          Type: "AWS::AutoScaling::LifecycleHook",
+          Properties: {
+            AutoScalingGroupName: null,
+            LifecycleHookName: null,
+            LifecycleTransition: "autoscaling:EC2_INSTANCE_TERMINATING",
+          },
+        },
+      },
+    });
+    const diags = checkNullProperties(ctx);
+    expect(diags).toHaveLength(2);
+    expect(diags.every((d) => d.entity === "MyHook")).toBe(true);
+  });
+
+  test("empty Resources → no diagnostic", () => {
+    const ctx = makeCtx({ Resources: {} });
+    const diags = checkNullProperties(ctx);
+    expect(diags).toHaveLength(0);
+  });
+});

package/src/lint/post-synth/waw037.ts

@@ -0,0 +1,81 @@
+/**
+ * WAW037: Null Values in CloudFormation Resource Properties
+ *
+ * `resource.PropName` where PropName is not a real GetAtt attribute returns null
+ * silently in chant's AttrRef system — the TypeScript types say `string` but the
+ * runtime value is null. This produces a template with literal null values that
+ * CloudFormation rejects at changeset time with an unhelpful "Invalid template"
+ * error.
+ *
+ * Common causes:
+ *   - `resource.SomeId` instead of `Ref(resource)` (use Ref for the primary identifier)
+ *   - `resource.SomeProp` where SomeProp is not listed in AWS CloudFormation GetAtt docs
+ *   - Typo in an attribute name (e.g. `resource.GroupName` vs `resource.GroupId`)
+ *
+ * This check scans every resource's Properties for null values at any depth and
+ * reports the logical resource ID and dotted property path.
+ */
+
+import type { PostSynthCheck, PostSynthContext, PostSynthDiagnostic } from "@intentius/chant/lint/post-synth";
+import { parseCFTemplate } from "./cf-refs";
+
+interface NullLocation {
+  logicalId: string;
+  path: string;
+}
+
+/** Recursively collect all paths where the value is null. */
+function collectNullPaths(value: unknown, path: string, results: NullLocation[], logicalId: string): void {
+  if (value === null) {
+    results.push({ logicalId, path });
+    return;
+  }
+  if (Array.isArray(value)) {
+    for (let i = 0; i < value.length; i++) {
+      collectNullPaths(value[i], `${path}[${i}]`, results, logicalId);
+    }
+    return;
+  }
+  if (typeof value === "object") {
+    for (const [k, v] of Object.entries(value as Record<string, unknown>)) {
+      collectNullPaths(v, path ? `${path}.${k}` : k, results, logicalId);
+    }
+  }
+}
+
+export function checkNullProperties(ctx: PostSynthContext): PostSynthDiagnostic[] {
+  const diagnostics: PostSynthDiagnostic[] = [];
+
+  for (const [_lexicon, output] of ctx.outputs) {
+    const template = parseCFTemplate(output);
+    if (!template?.Resources) continue;
+
+    for (const [logicalId, resource] of Object.entries(template.Resources)) {
+      if (!resource.Properties) continue;
+
+      const nullLocations: NullLocation[] = [];
+      collectNullPaths(resource.Properties, "", nullLocations, logicalId);
+
+      for (const loc of nullLocations) {
+        diagnostics.push({
+          checkId: "WAW037",
+          severity: "error",
+          message: `${resource.Type} "${logicalId}" has a null value at Properties.${loc.path} — likely a .PropName AttrRef on a non-existent GetAtt attribute. Use Ref(resource) for the primary identifier, or check the attribute name.`,
+          entity: logicalId,
+          lexicon: "aws",
+        });
+      }
+    }
+  }
+
+  return diagnostics;
+}
+
+export const waw037: PostSynthCheck = {
+  id: "WAW037",
+  description: "Null values in CFN resource properties — caused by invalid AttrRef (.PropName) usage",
+
+  check(ctx: PostSynthContext): PostSynthDiagnostic[] {
+    return checkNullProperties(ctx);
+  },
+};

package/src/lint/rules/rules.test.ts

@@ -1,4 +1,4 @@
-import { describe, test, expect } from "bun:test";
+import { describe, test, expect } from "vitest";
 import * as ts from "typescript";
 import { hardcodedRegionRule } from "./hardcoded-region";
 import { s3EncryptionRule } from "./s3-encryption";