@intentius/chant-lexicon-gcp 0.0.18 → 0.0.24

package/dist/rules/schema-registry.ts

@@ -0,0 +1,91 @@
+/**
+ * Schema registry for GCP Config Connector resources.
+ *
+ * Loads lexicon-gcp.json and builds a lookup from CRD kind to field schema,
+ * used by post-synth rules to validate YAML against known CRD schemas.
+ */
+
+import { createRequire } from "module";
+const require = createRequire(import.meta.url);
+
+export interface FieldSchema {
+  type: string;
+  required: boolean;
+  enum?: string[];
+  ref?: boolean;
+}
+
+export interface ResourceSchema {
+  fields: Record<string, FieldSchema>;
+  required: string[];
+}
+
+interface LexiconEntry {
+  kind: "resource" | "property";
+  gvkKind?: string;
+  schema?: ResourceSchema;
+}
+
+let cachedRegistry: Map<string, ResourceSchema> | null = null;
+
+/**
+ * Get the schema registry: Map<gvkKind, ResourceSchema>.
+ */
+export function getSchemaRegistry(): Map<string, ResourceSchema> {
+  if (cachedRegistry) return cachedRegistry;
+
+  cachedRegistry = new Map();
+  try {
+    const lexicon = require("../../generated/lexicon-gcp.json") as Record<string, LexiconEntry>;
+    for (const entry of Object.values(lexicon)) {
+      if (entry.kind === "resource" && entry.gvkKind && entry.schema) {
+        cachedRegistry.set(entry.gvkKind, entry.schema);
+      }
+    }
+  } catch {
+    // Lexicon JSON not yet generated — return empty registry
+  }
+
+  return cachedRegistry;
+}
+
+/**
+ * Levenshtein distance between two strings.
+ */
+export function levenshtein(a: string, b: string): number {
+  const m = a.length;
+  const n = b.length;
+  const dp: number[][] = Array.from({ length: m + 1 }, () => Array(n + 1).fill(0));
+
+  for (let i = 0; i <= m; i++) dp[i][0] = i;
+  for (let j = 0; j <= n; j++) dp[0][j] = j;
+
+  for (let i = 1; i <= m; i++) {
+    for (let j = 1; j <= n; j++) {
+      dp[i][j] = a[i - 1] === b[j - 1]
+        ? dp[i - 1][j - 1]
+        : 1 + Math.min(dp[i - 1][j], dp[i][j - 1], dp[i - 1][j - 1]);
+    }
+  }
+
+  return dp[m][n];
+}
+
+/**
+ * Find the closest field name by Levenshtein distance.
+ * Returns the suggestion if distance ≤ 3, otherwise undefined.
+ */
+export function suggestField(unknown: string, knownFields: string[]): string | undefined {
+  let best: string | undefined;
+  let bestDist = 4; // threshold
+
+  for (const field of knownFields) {
+    const dist = levenshtein(unknown.toLowerCase(), field.toLowerCase());
+    if (dist < bestDist) {
+      bestDist = dist;
+      best = field;
+    }
+  }
+
+  return best;
+}

package/dist/rules/wgc101.ts

@@ -30,7 +30,7 @@ export const wgc101: PostSynthCheck = {
           diagnostics.push({
             checkId: "WGC101",
             severity: "warning",
-            message: `StorageBucket "${name}" has no encryption configuration — consider adding spec.encryption.defaultKmsKeyName`,
+            message: `StorageBucket "${name}" has no encryption configuration — consider adding spec.encryption.kmsKeyRef`,
             entity: name,
             lexicon: "gcp",
           });

package/dist/rules/wgc401.ts

@@ -0,0 +1,59 @@
+/**
+ * WGC401: Unknown spec field
+ *
+ * Flags fields in a Config Connector resource spec that are not defined
+ * in the CRD schema. Includes "did you mean?" suggestion via Levenshtein.
+ */
+
+import type { PostSynthCheck, PostSynthContext, PostSynthDiagnostic } from "@intentius/chant/lint/post-synth";
+import { parseGcpManifests, isConfigConnectorResource, getResourceName, getSpec } from "./gcp-helpers";
+import { getSchemaRegistry, suggestField } from "./schema-registry";
+
+export const wgc401: PostSynthCheck = {
+  id: "WGC401",
+  description: "Config Connector resource spec contains unknown field",
+
+  check(ctx: PostSynthContext): PostSynthDiagnostic[] {
+    const diagnostics: PostSynthDiagnostic[] = [];
+    const registry = getSchemaRegistry();
+
+    for (const [_lexicon, output] of ctx.outputs) {
+      if (typeof output !== "string") continue;
+
+      const manifests = parseGcpManifests(output);
+
+      for (const manifest of manifests) {
+        if (!isConfigConnectorResource(manifest)) continue;
+
+        const kind = manifest.kind;
+        if (!kind) continue;
+
+        const schema = registry.get(kind);
+        if (!schema) continue; // No schema available for this kind
+
+        const spec = getSpec(manifest);
+        if (!spec) continue;
+
+        const knownFields = Object.keys(schema.fields);
+        const resourceName = getResourceName(manifest);
+
+        for (const field of Object.keys(spec)) {
+          if (field in schema.fields) continue;
+
+          const suggestion = suggestField(field, knownFields);
+          const hint = suggestion ? ` — did you mean "${suggestion}"?` : "";
+
+          diagnostics.push({
+            checkId: "WGC401",
+            severity: "error",
+            message: `Resource "${resourceName}" (${kind}): unknown spec field "${field}"${hint}`,
+            entity: resourceName,
+            lexicon: "gcp",
+          });
+        }
+      }
+    }
+
+    return diagnostics;
+  },
+};

package/dist/rules/wgc402.ts

@@ -0,0 +1,54 @@
+/**
+ * WGC402: Missing required spec field
+ *
+ * Flags Config Connector resources that are missing required fields
+ * according to their CRD schema.
+ */
+
+import type { PostSynthCheck, PostSynthContext, PostSynthDiagnostic } from "@intentius/chant/lint/post-synth";
+import { parseGcpManifests, isConfigConnectorResource, getResourceName, getSpec } from "./gcp-helpers";
+import { getSchemaRegistry } from "./schema-registry";
+
+export const wgc402: PostSynthCheck = {
+  id: "WGC402",
+  description: "Config Connector resource is missing a required spec field",
+
+  check(ctx: PostSynthContext): PostSynthDiagnostic[] {
+    const diagnostics: PostSynthDiagnostic[] = [];
+    const registry = getSchemaRegistry();
+
+    for (const [_lexicon, output] of ctx.outputs) {
+      if (typeof output !== "string") continue;
+
+      const manifests = parseGcpManifests(output);
+
+      for (const manifest of manifests) {
+        if (!isConfigConnectorResource(manifest)) continue;
+
+        const kind = manifest.kind;
+        if (!kind) continue;
+
+        const schema = registry.get(kind);
+        if (!schema) continue;
+
+        const spec = getSpec(manifest);
+        const specKeys = new Set(spec ? Object.keys(spec) : []);
+        const resourceName = getResourceName(manifest);
+
+        for (const requiredField of schema.required) {
+          if (!specKeys.has(requiredField)) {
+            diagnostics.push({
+              checkId: "WGC402",
+              severity: "error",
+              message: `Resource "${resourceName}" (${kind}): missing required field "${requiredField}"`,
+              entity: resourceName,
+              lexicon: "gcp",
+            });
+          }
+        }
+      }
+    }
+
+    return diagnostics;
+  },
+};

package/dist/rules/wgc403.ts

@@ -0,0 +1,84 @@
+/**
+ * WGC403: Type/structure mismatch in spec field
+ *
+ * Flags spec fields where the value type doesn't match the CRD schema:
+ * - String where number expected (e.g. availableMemoryMb: "512")
+ * - Scalar string where resourceRef object expected (e.g. topicRef: "name")
+ */
+
+import type { PostSynthCheck, PostSynthContext, PostSynthDiagnostic } from "@intentius/chant/lint/post-synth";
+import { parseGcpManifests, isConfigConnectorResource, getResourceName, getSpec } from "./gcp-helpers";
+import { getSchemaRegistry } from "./schema-registry";
+
+export const wgc403: PostSynthCheck = {
+  id: "WGC403",
+  description: "Config Connector resource spec field has wrong type or structure",
+
+  check(ctx: PostSynthContext): PostSynthDiagnostic[] {
+    const diagnostics: PostSynthDiagnostic[] = [];
+    const registry = getSchemaRegistry();
+
+    for (const [_lexicon, output] of ctx.outputs) {
+      if (typeof output !== "string") continue;
+
+      const manifests = parseGcpManifests(output);
+
+      for (const manifest of manifests) {
+        if (!isConfigConnectorResource(manifest)) continue;
+
+        const kind = manifest.kind;
+        if (!kind) continue;
+
+        const schema = registry.get(kind);
+        if (!schema) continue;
+
+        const spec = getSpec(manifest);
+        if (!spec) continue;
+
+        const resourceName = getResourceName(manifest);
+
+        for (const [field, value] of Object.entries(spec)) {
+          const fieldSchema = schema.fields[field];
+          if (!fieldSchema) continue; // Unknown fields handled by WGC401
+
+          // Check: resourceRef field expects an object, got a scalar
+          if (fieldSchema.ref && typeof value === "string") {
+            diagnostics.push({
+              checkId: "WGC403",
+              severity: "error",
+              message: `Resource "${resourceName}" (${kind}): field "${field}" expects a resourceRef object (e.g. { name, kind }), got string "${value}"`,
+              entity: resourceName,
+              lexicon: "gcp",
+            });
+            continue;
+          }
+
+          // Check: number field got a string that looks numeric
+          if (fieldSchema.type === "number" && typeof value === "string") {
+            diagnostics.push({
+              checkId: "WGC403",
+              severity: "error",
+              message: `Resource "${resourceName}" (${kind}): field "${field}" expects a number, got string "${value}"`,
+              entity: resourceName,
+              lexicon: "gcp",
+            });
+            continue;
+          }
+
+          // Check: boolean field got a string
+          if (fieldSchema.type === "boolean" && typeof value === "string") {
+            diagnostics.push({
+              checkId: "WGC403",
+              severity: "error",
+              message: `Resource "${resourceName}" (${kind}): field "${field}" expects a boolean, got string "${value}"`,
+              entity: resourceName,
+              lexicon: "gcp",
+            });
+          }
+        }
+      }
+    }
+
+    return diagnostics;
+  },
+};

package/dist/skills/{chant-gke.md → chant-gcp-gke.md}

@@ -1,5 +1,5 @@
 ---
-skill: chant-gke
+skill: chant-gcp-gke
 description: End-to-end GKE workflow bridging GCP infrastructure and Kubernetes workloads
 user-invocable: true
 ---

package/dist/skills/chant-gcp-patterns.md

@@ -1,6 +1,7 @@
 ---
-source: chant-lexicon
-lexicon: gcp
+skill: chant-gcp-patterns
+description: Advanced GCP Config Connector patterns
+user-invocable: true
 ---
 
 # Advanced GCP Config Connector Patterns with Chant

package/dist/skills/chant-gcp-security.md

@@ -1,6 +1,7 @@
 ---
-source: chant-lexicon
-lexicon: gcp
+skill: chant-gcp-security
+description: GCP security best practices for infrastructure
+user-invocable: true
 ---
 
 # GCP Security Best Practices for Chant