@opengeni/runtime 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/chunk-2PO56VAL.js +3478 -0
- package/dist/chunk-2PO56VAL.js.map +1 -0
- package/dist/index.d.ts +912 -0
- package/dist/index.js +3663 -0
- package/dist/index.js.map +1 -0
- package/dist/sandbox/index.d.ts +1738 -0
- package/dist/sandbox/index.js +187 -0
- package/dist/sandbox/index.js.map +1 -0
- package/package.json +49 -0
- package/src/bundled_hashicorp_terraform_skills/LICENSE +373 -0
- package/src/bundled_hashicorp_terraform_skills/README.md +18 -0
- package/src/bundled_hashicorp_terraform_skills/UPSTREAM_GIT_SHA +1 -0
- package/src/bundled_hashicorp_terraform_skills/azure-verified-modules/SKILL.md +613 -0
- package/src/bundled_hashicorp_terraform_skills/checkov/SKILL.md +43 -0
- package/src/bundled_hashicorp_terraform_skills/refactor-module/SKILL.md +538 -0
- package/src/bundled_hashicorp_terraform_skills/social-media-marketing/SKILL.md +35 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-search-import/SKILL.md +372 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-search-import/references/MANUAL-IMPORT.md +113 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-search-import/scripts/list_resources.sh +38 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-stacks/SKILL.md +480 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/api-monitoring.md +543 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/component-blocks.md +476 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/deployment-blocks.md +391 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/examples.md +1529 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/linked-stacks.md +187 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/troubleshooting.md +671 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-style-guide/SKILL.md +353 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-test/SKILL.md +451 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-test/references/CI_CD.md +80 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-test/references/EXAMPLES.md +314 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-test/references/MOCK_PROVIDERS.md +171 -0
- package/src/codex-tool-search.ts +267 -0
- package/src/context-compaction.ts +538 -0
- package/src/history-sanitizer.ts +719 -0
- package/src/index.ts +3299 -0
- package/src/sandbox/capabilities.ts +69 -0
- package/src/sandbox/channel-a.ts +1031 -0
- package/src/sandbox/display-stack.ts +231 -0
- package/src/sandbox/errors.ts +34 -0
- package/src/sandbox/index.ts +832 -0
- package/src/sandbox/providers/blaxel.ts +35 -0
- package/src/sandbox/providers/cloudflare.ts +24 -0
- package/src/sandbox/providers/daytona.ts +34 -0
- package/src/sandbox/providers/docker.ts +17 -0
- package/src/sandbox/providers/e2b.ts +36 -0
- package/src/sandbox/providers/index.ts +107 -0
- package/src/sandbox/providers/local.ts +13 -0
- package/src/sandbox/providers/modal.ts +55 -0
- package/src/sandbox/providers/none.ts +13 -0
- package/src/sandbox/providers/runloop.ts +32 -0
- package/src/sandbox/providers/selfhosted.ts +96 -0
- package/src/sandbox/providers/types.ts +38 -0
- package/src/sandbox/providers/vercel.ts +29 -0
- package/src/sandbox/recording.ts +286 -0
- package/src/sandbox/routing/backend-resolver.ts +189 -0
- package/src/sandbox/routing/routing-session.ts +455 -0
- package/src/sandbox/select.ts +371 -0
- package/src/sandbox/selfhosted/capabilities.ts +255 -0
- package/src/sandbox/selfhosted/control-rpc.ts +351 -0
- package/src/sandbox/selfhosted/session.ts +930 -0
- package/src/sandbox/selfhosted/testing.ts +230 -0
- package/src/sandbox/stream-port.ts +185 -0
- package/src/sandbox/stream-token.ts +90 -0
- package/src/sandbox/terminal-server.ts +203 -0
- package/src/sandbox-computer.ts +835 -0
|
@@ -0,0 +1,353 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: terraform-style-guide
|
|
3
|
+
description: Generate Terraform HCL code following HashiCorp's official style conventions and best practices. Use when writing, reviewing, or generating Terraform configurations.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Terraform Style Guide
|
|
7
|
+
|
|
8
|
+
Generate and maintain Terraform code following HashiCorp's official style conventions and best practices.
|
|
9
|
+
|
|
10
|
+
**Reference:** [HashiCorp Terraform Style Guide](https://developer.hashicorp.com/terraform/language/style)
|
|
11
|
+
|
|
12
|
+
## Code Generation Strategy
|
|
13
|
+
|
|
14
|
+
When generating Terraform code:
|
|
15
|
+
|
|
16
|
+
1. Start with provider configuration and version constraints
|
|
17
|
+
2. Create data sources before dependent resources
|
|
18
|
+
3. Build resources in dependency order
|
|
19
|
+
4. Add outputs for key resource attributes
|
|
20
|
+
5. Use variables for all configurable values
|
|
21
|
+
|
|
22
|
+
## File Organization
|
|
23
|
+
|
|
24
|
+
| File | Purpose |
|
|
25
|
+
|------|---------|
|
|
26
|
+
| `terraform.tf` | Terraform and provider version requirements |
|
|
27
|
+
| `providers.tf` | Provider configurations |
|
|
28
|
+
| `main.tf` | Primary resources and data sources |
|
|
29
|
+
| `variables.tf` | Input variable declarations (alphabetical) |
|
|
30
|
+
| `outputs.tf` | Output value declarations (alphabetical) |
|
|
31
|
+
| `locals.tf` | Local value declarations |
|
|
32
|
+
|
|
33
|
+
### Example Structure
|
|
34
|
+
|
|
35
|
+
```hcl
|
|
36
|
+
# terraform.tf
|
|
37
|
+
terraform {
|
|
38
|
+
required_version = ">= 1.7"
|
|
39
|
+
|
|
40
|
+
required_providers {
|
|
41
|
+
aws = {
|
|
42
|
+
source = "hashicorp/aws"
|
|
43
|
+
version = "~> 5.0"
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
# variables.tf
|
|
49
|
+
variable "environment" {
|
|
50
|
+
description = "Target deployment environment"
|
|
51
|
+
type = string
|
|
52
|
+
|
|
53
|
+
validation {
|
|
54
|
+
condition = contains(["dev", "staging", "prod"], var.environment)
|
|
55
|
+
error_message = "Environment must be dev, staging, or prod."
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
# locals.tf
|
|
60
|
+
locals {
|
|
61
|
+
common_tags = {
|
|
62
|
+
Environment = var.environment
|
|
63
|
+
ManagedBy = "Terraform"
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
# main.tf
|
|
68
|
+
resource "aws_vpc" "main" {
|
|
69
|
+
cidr_block = var.vpc_cidr
|
|
70
|
+
enable_dns_hostnames = true
|
|
71
|
+
|
|
72
|
+
tags = merge(local.common_tags, {
|
|
73
|
+
Name = "${var.project_name}-${var.environment}-vpc"
|
|
74
|
+
})
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
# outputs.tf
|
|
78
|
+
output "vpc_id" {
|
|
79
|
+
description = "ID of the created VPC"
|
|
80
|
+
value = aws_vpc.main.id
|
|
81
|
+
}
|
|
82
|
+
```
|
|
83
|
+
|
|
84
|
+
## Code Formatting
|
|
85
|
+
|
|
86
|
+
### Indentation and Alignment
|
|
87
|
+
|
|
88
|
+
- Use **two spaces** per nesting level (no tabs)
|
|
89
|
+
- Align equals signs for consecutive arguments
|
|
90
|
+
|
|
91
|
+
```hcl
|
|
92
|
+
resource "aws_instance" "web" {
|
|
93
|
+
ami = "ami-0c55b159cbfafe1f0"
|
|
94
|
+
instance_type = "t2.micro"
|
|
95
|
+
subnet_id = "subnet-12345678"
|
|
96
|
+
|
|
97
|
+
tags = {
|
|
98
|
+
Name = "web-server"
|
|
99
|
+
Environment = "production"
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
```
|
|
103
|
+
|
|
104
|
+
### Block Organization
|
|
105
|
+
|
|
106
|
+
Arguments precede blocks, with meta-arguments first:
|
|
107
|
+
|
|
108
|
+
```hcl
|
|
109
|
+
resource "aws_instance" "example" {
|
|
110
|
+
# Meta-arguments
|
|
111
|
+
count = 3
|
|
112
|
+
|
|
113
|
+
# Arguments
|
|
114
|
+
ami = "ami-0c55b159cbfafe1f0"
|
|
115
|
+
instance_type = "t2.micro"
|
|
116
|
+
|
|
117
|
+
# Blocks
|
|
118
|
+
root_block_device {
|
|
119
|
+
volume_size = 20
|
|
120
|
+
}
|
|
121
|
+
|
|
122
|
+
# Lifecycle last
|
|
123
|
+
lifecycle {
|
|
124
|
+
create_before_destroy = true
|
|
125
|
+
}
|
|
126
|
+
}
|
|
127
|
+
```
|
|
128
|
+
|
|
129
|
+
## Naming Conventions
|
|
130
|
+
|
|
131
|
+
- Use **lowercase with underscores** for all names
|
|
132
|
+
- Use **descriptive nouns** excluding the resource type
|
|
133
|
+
- Be specific and meaningful
|
|
134
|
+
- Resource names must be singular, not plural
|
|
135
|
+
- Default to `main` for resources where a specific descriptive name is redundant or unavailable, provided only one instance exists
|
|
136
|
+
|
|
137
|
+
```hcl
|
|
138
|
+
# Bad
|
|
139
|
+
resource "aws_instance" "webAPI-aws-instance" {}
|
|
140
|
+
resource "aws_instance" "web_apis" {}
|
|
141
|
+
variable "name" {}
|
|
142
|
+
|
|
143
|
+
# Good
|
|
144
|
+
resource "aws_instance" "web_api" {}
|
|
145
|
+
resource "aws_vpc" "main" {}
|
|
146
|
+
variable "application_name" {}
|
|
147
|
+
```
|
|
148
|
+
|
|
149
|
+
## Variables
|
|
150
|
+
|
|
151
|
+
Every variable must include `type` and `description`:
|
|
152
|
+
|
|
153
|
+
```hcl
|
|
154
|
+
variable "instance_type" {
|
|
155
|
+
description = "EC2 instance type for the web server"
|
|
156
|
+
type = string
|
|
157
|
+
default = "t2.micro"
|
|
158
|
+
|
|
159
|
+
validation {
|
|
160
|
+
condition = contains(["t2.micro", "t2.small", "t2.medium"], var.instance_type)
|
|
161
|
+
error_message = "Instance type must be t2.micro, t2.small, or t2.medium."
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
|
|
165
|
+
variable "database_password" {
|
|
166
|
+
description = "Password for the database admin user"
|
|
167
|
+
type = string
|
|
168
|
+
sensitive = true
|
|
169
|
+
}
|
|
170
|
+
```
|
|
171
|
+
|
|
172
|
+
## Outputs
|
|
173
|
+
|
|
174
|
+
Every output must include `description`:
|
|
175
|
+
|
|
176
|
+
```hcl
|
|
177
|
+
output "instance_id" {
|
|
178
|
+
description = "ID of the EC2 instance"
|
|
179
|
+
value = aws_instance.web.id
|
|
180
|
+
}
|
|
181
|
+
|
|
182
|
+
output "database_password" {
|
|
183
|
+
description = "Database administrator password"
|
|
184
|
+
value = aws_db_instance.main.password
|
|
185
|
+
sensitive = true
|
|
186
|
+
}
|
|
187
|
+
```
|
|
188
|
+
|
|
189
|
+
## Dynamic Resource Creation
|
|
190
|
+
|
|
191
|
+
### Prefer for_each over count
|
|
192
|
+
|
|
193
|
+
```hcl
|
|
194
|
+
# Bad - count for multiple resources
|
|
195
|
+
resource "aws_instance" "web" {
|
|
196
|
+
count = var.instance_count
|
|
197
|
+
tags = { Name = "web-${count.index}" }
|
|
198
|
+
}
|
|
199
|
+
|
|
200
|
+
# Good - for_each with named instances
|
|
201
|
+
variable "instance_names" {
|
|
202
|
+
type = set(string)
|
|
203
|
+
default = ["web-1", "web-2", "web-3"]
|
|
204
|
+
}
|
|
205
|
+
|
|
206
|
+
resource "aws_instance" "web" {
|
|
207
|
+
for_each = var.instance_names
|
|
208
|
+
tags = { Name = each.key }
|
|
209
|
+
}
|
|
210
|
+
```
|
|
211
|
+
|
|
212
|
+
### count for Conditional Creation
|
|
213
|
+
|
|
214
|
+
```hcl
|
|
215
|
+
resource "aws_cloudwatch_metric_alarm" "cpu" {
|
|
216
|
+
count = var.enable_monitoring ? 1 : 0
|
|
217
|
+
|
|
218
|
+
alarm_name = "high-cpu-usage"
|
|
219
|
+
threshold = 80
|
|
220
|
+
}
|
|
221
|
+
```
|
|
222
|
+
|
|
223
|
+
## Security Best Practices
|
|
224
|
+
|
|
225
|
+
When generating code, apply security hardening:
|
|
226
|
+
|
|
227
|
+
- Enable encryption at rest by default
|
|
228
|
+
- Configure private networking where applicable
|
|
229
|
+
- Apply principle of least privilege for security groups
|
|
230
|
+
- Enable logging and monitoring
|
|
231
|
+
- Never hardcode credentials or secrets
|
|
232
|
+
- Mark sensitive outputs with `sensitive = true`
|
|
233
|
+
|
|
234
|
+
### Example: Secure S3 Bucket
|
|
235
|
+
|
|
236
|
+
```hcl
|
|
237
|
+
resource "aws_s3_bucket" "data" {
|
|
238
|
+
bucket = "${var.project}-${var.environment}-data"
|
|
239
|
+
tags = local.common_tags
|
|
240
|
+
}
|
|
241
|
+
|
|
242
|
+
resource "aws_s3_bucket_versioning" "data" {
|
|
243
|
+
bucket = aws_s3_bucket.data.id
|
|
244
|
+
|
|
245
|
+
versioning_configuration {
|
|
246
|
+
status = "Enabled"
|
|
247
|
+
}
|
|
248
|
+
}
|
|
249
|
+
|
|
250
|
+
resource "aws_s3_bucket_server_side_encryption_configuration" "data" {
|
|
251
|
+
bucket = aws_s3_bucket.data.id
|
|
252
|
+
|
|
253
|
+
rule {
|
|
254
|
+
apply_server_side_encryption_by_default {
|
|
255
|
+
sse_algorithm = "aws:kms"
|
|
256
|
+
kms_master_key_id = aws_kms_key.s3.arn
|
|
257
|
+
}
|
|
258
|
+
}
|
|
259
|
+
}
|
|
260
|
+
|
|
261
|
+
resource "aws_s3_bucket_public_access_block" "data" {
|
|
262
|
+
bucket = aws_s3_bucket.data.id
|
|
263
|
+
|
|
264
|
+
block_public_acls = true
|
|
265
|
+
block_public_policy = true
|
|
266
|
+
ignore_public_acls = true
|
|
267
|
+
restrict_public_buckets = true
|
|
268
|
+
}
|
|
269
|
+
```
|
|
270
|
+
|
|
271
|
+
## Version Pinning
|
|
272
|
+
|
|
273
|
+
```hcl
|
|
274
|
+
terraform {
|
|
275
|
+
required_version = ">= 1.7"
|
|
276
|
+
|
|
277
|
+
required_providers {
|
|
278
|
+
aws = {
|
|
279
|
+
source = "hashicorp/aws"
|
|
280
|
+
version = "~> 5.0" # Allow minor updates
|
|
281
|
+
}
|
|
282
|
+
}
|
|
283
|
+
}
|
|
284
|
+
```
|
|
285
|
+
|
|
286
|
+
**Version constraint operators:**
|
|
287
|
+
- `= 1.0.0` - Exact version
|
|
288
|
+
- `>= 1.0.0` - Greater than or equal
|
|
289
|
+
- `~> 1.0` - Allow rightmost component to increment
|
|
290
|
+
- `>= 1.0, < 2.0` - Version range
|
|
291
|
+
|
|
292
|
+
## Provider Configuration
|
|
293
|
+
|
|
294
|
+
```hcl
|
|
295
|
+
provider "aws" {
|
|
296
|
+
region = "us-west-2"
|
|
297
|
+
|
|
298
|
+
default_tags {
|
|
299
|
+
tags = {
|
|
300
|
+
ManagedBy = "Terraform"
|
|
301
|
+
Project = var.project_name
|
|
302
|
+
}
|
|
303
|
+
}
|
|
304
|
+
}
|
|
305
|
+
|
|
306
|
+
# Aliased provider for multi-region
|
|
307
|
+
provider "aws" {
|
|
308
|
+
alias = "east"
|
|
309
|
+
region = "us-east-1"
|
|
310
|
+
}
|
|
311
|
+
```
|
|
312
|
+
|
|
313
|
+
## Version Control
|
|
314
|
+
|
|
315
|
+
**Never commit:**
|
|
316
|
+
- `terraform.tfstate`, `terraform.tfstate.backup`
|
|
317
|
+
- `.terraform/` directory
|
|
318
|
+
- `*.tfplan`
|
|
319
|
+
- `.tfvars` files with sensitive data
|
|
320
|
+
|
|
321
|
+
**Always commit:**
|
|
322
|
+
- All `.tf` configuration files
|
|
323
|
+
- `.terraform.lock.hcl` (dependency lock file)
|
|
324
|
+
|
|
325
|
+
## Validation Tools
|
|
326
|
+
|
|
327
|
+
Run before committing:
|
|
328
|
+
|
|
329
|
+
```bash
|
|
330
|
+
terraform fmt -recursive
|
|
331
|
+
terraform validate
|
|
332
|
+
```
|
|
333
|
+
|
|
334
|
+
Additional tools:
|
|
335
|
+
- `tflint` - Linting and best practices
|
|
336
|
+
- `checkov` / `tfsec` - Security scanning
|
|
337
|
+
|
|
338
|
+
## Code Review Checklist
|
|
339
|
+
|
|
340
|
+
- [ ] Code formatted with `terraform fmt`
|
|
341
|
+
- [ ] Configuration validated with `terraform validate`
|
|
342
|
+
- [ ] Files organized according to standard structure
|
|
343
|
+
- [ ] All variables have type and description
|
|
344
|
+
- [ ] All outputs have descriptions
|
|
345
|
+
- [ ] Resource names use descriptive nouns with underscores
|
|
346
|
+
- [ ] Version constraints pinned explicitly
|
|
347
|
+
- [ ] Sensitive values marked with `sensitive = true`
|
|
348
|
+
- [ ] No hardcoded credentials or secrets
|
|
349
|
+
- [ ] Security best practices applied
|
|
350
|
+
|
|
351
|
+
---
|
|
352
|
+
|
|
353
|
+
*Based on: [HashiCorp Terraform Style Guide](https://developer.hashicorp.com/terraform/language/style)*
|