@quiltdata/benchling-webhook 0.5.4 → 0.6.0

package/dist/lib/benchling-auth-validator.js

@@ -0,0 +1,213 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BenchlingAuthValidator = void 0;
+const https = __importStar(require("https"));
+/**
+ * Benchling authentication validator
+ *
+ * Validates Benchling credentials by attempting OAuth authentication
+ * and checking required permissions.
+ */
+class BenchlingAuthValidator {
+    /**
+     * Validate Benchling credentials
+     *
+     * @param credentials - Benchling credentials to validate
+     * @returns Validation result with errors and warnings
+     */
+    static async validate(credentials) {
+        const errors = [];
+        const warnings = [];
+        // Basic credential validation
+        if (!BenchlingAuthValidator.validateCredentials(credentials)) {
+            errors.push("Invalid credentials: missing required fields");
+            return {
+                isValid: false,
+                errors,
+                warnings,
+            };
+        }
+        // Validate tenant format
+        if (!(await BenchlingAuthValidator.validateTenant(credentials.tenant))) {
+            errors.push("Invalid tenant format");
+            return {
+                isValid: false,
+                errors,
+                warnings,
+            };
+        }
+        // Attempt OAuth authentication
+        try {
+            const tokenResponse = await BenchlingAuthValidator.authenticate(credentials);
+            if (!tokenResponse.access_token) {
+                if (tokenResponse.error === "invalid_client") {
+                    errors.push("Invalid client credentials");
+                }
+                else {
+                    errors.push("Authentication failed");
+                }
+                return {
+                    isValid: false,
+                    errors,
+                    warnings,
+                };
+            }
+            // Check OAuth scopes
+            const hasPermissions = BenchlingAuthValidator.checkPermissions(tokenResponse.scope || "");
+            if (!hasPermissions) {
+                warnings.push("Missing required permissions");
+            }
+            return {
+                isValid: true,
+                hasRequiredPermissions: hasPermissions,
+                errors: [],
+                warnings: warnings.length > 0 ? warnings : undefined,
+            };
+        }
+        catch (error) {
+            if (error instanceof Error) {
+                if (error.message.includes("404") || error.message.includes("tenant_not_found")) {
+                    errors.push("Tenant not found");
+                }
+                else {
+                    errors.push("Network error during validation");
+                }
+            }
+            return {
+                isValid: false,
+                errors,
+                warnings,
+            };
+        }
+    }
+    /**
+     * Validate tenant format
+     *
+     * @param tenant - Benchling tenant name
+     * @returns True if tenant format is valid
+     */
+    static async validateTenant(tenant) {
+        if (!tenant || tenant.trim() === "") {
+            return false;
+        }
+        // Check for invalid characters (spaces, special chars)
+        if (/\s/.test(tenant)) {
+            return false;
+        }
+        return true;
+    }
+    /**
+     * Validate credentials completeness
+     *
+     * @param credentials - Credentials to validate
+     * @returns True if all required fields are present
+     */
+    static validateCredentials(credentials) {
+        return !!(credentials.tenant &&
+            credentials.clientId &&
+            credentials.clientSecret &&
+            credentials.tenant.trim() !== "" &&
+            credentials.clientId.trim() !== "" &&
+            credentials.clientSecret.trim() !== "");
+    }
+    /**
+     * Authenticate with Benchling OAuth API
+     *
+     * @param credentials - Benchling credentials
+     * @returns Token response from Benchling
+     */
+    static async authenticate(credentials) {
+        const { tenant, clientId, clientSecret } = credentials;
+        return new Promise((resolve, reject) => {
+            const authString = Buffer.from(`${clientId}:${clientSecret}`).toString("base64");
+            const postData = "grant_type=client_credentials";
+            const options = {
+                hostname: `${tenant}.benchling.com`,
+                port: 443,
+                path: "/api/v2/token",
+                method: "POST",
+                headers: {
+                    "Authorization": `Basic ${authString}`,
+                    "Content-Type": "application/x-www-form-urlencoded",
+                    "Content-Length": Buffer.byteLength(postData),
+                },
+            };
+            const req = https.request(options, (res) => {
+                let data = "";
+                res.on("data", (chunk) => {
+                    data += chunk.toString();
+                });
+                res.on("end", () => {
+                    if (res.statusCode === 404) {
+                        reject(new Error("404: Tenant not found"));
+                        return;
+                    }
+                    try {
+                        const response = JSON.parse(data);
+                        if (res.statusCode === 401) {
+                            response.error = "invalid_client";
+                        }
+                        resolve(response);
+                    }
+                    catch (error) {
+                        reject(error);
+                    }
+                });
+            });
+            req.on("error", (error) => {
+                reject(error);
+            });
+            req.write(postData);
+            req.end();
+        });
+    }
+    /**
+     * Check if OAuth scopes include required permissions
+     *
+     * @param scope - OAuth scope string
+     * @returns True if all required scopes are present
+     */
+    static checkPermissions(scope) {
+        const scopes = scope.toLowerCase().split(" ");
+        return BenchlingAuthValidator.REQUIRED_SCOPES.every((requiredScope) => scopes.includes(requiredScope));
+    }
+}
+exports.BenchlingAuthValidator = BenchlingAuthValidator;
+/**
+ * Required OAuth scopes for the webhook integration
+ */
+BenchlingAuthValidator.REQUIRED_SCOPES = ["read", "write"];
+//# sourceMappingURL=benchling-auth-validator.js.map

package/dist/lib/benchling-auth-validator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"benchling-auth-validator.js","sourceRoot":"","sources":["../../lib/benchling-auth-validator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,6CAA+B;AA8B/B;;;;;GAKG;AACH,MAAa,sBAAsB;IAM/B;;;;;OAKG;IACI,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAiC;QAC1D,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,8BAA8B;QAC9B,IAAI,CAAC,sBAAsB,CAAC,mBAAmB,CAAC,WAAW,CAAC,EAAE,CAAC;YAC3D,MAAM,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;YAC5D,OAAO;gBACH,OAAO,EAAE,KAAK;gBACd,MAAM;gBACN,QAAQ;aACX,CAAC;QACN,CAAC;QAED,yBAAyB;QACzB,IAAI,CAAC,CAAC,MAAM,sBAAsB,CAAC,cAAc,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;YACrE,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;YACrC,OAAO;gBACH,OAAO,EAAE,KAAK;gBACd,MAAM;gBACN,QAAQ;aACX,CAAC;QACN,CAAC;QAED,+BAA+B;QAC/B,IAAI,CAAC;YACD,MAAM,aAAa,GAAG,MAAM,sBAAsB,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;YAE7E,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,CAAC;gBAC9B,IAAI,aAAa,CAAC,KAAK,KAAK,gBAAgB,EAAE,CAAC;oBAC3C,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;gBAC9C,CAAC;qBAAM,CAAC;oBACJ,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;gBACzC,CAAC;gBACD,OAAO;oBACH,OAAO,EAAE,KAAK;oBACd,MAAM;oBACN,QAAQ;iBACX,CAAC;YACN,CAAC;YAED,qBAAqB;YACrB,MAAM,cAAc,GAAG,sBAAsB,CAAC,gBAAgB,CAAC,aAAa,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;YAC1F,IAAI,CAAC,cAAc,EAAE,CAAC;gBAClB,QAAQ,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;YAClD,CAAC;YAED,OAAO;gBACH,OAAO,EAAE,IAAI;gBACb,sBAAsB,EAAE,cAAc;gBACtC,MAAM,EAAE,EAAE;gBACV,QAAQ,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;aACvD,CAAC;QACN,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;gBACzB,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;oBAC9E,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;gBACpC,CAAC;qBAAM,CAAC;oBACJ,MAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;gBACnD,CAAC;YACL,CAAC;YACD,OAAO;gBACH,OAAO,EAAE,KAAK;gBACd,MAAM;gBACN,QAAQ;aACX,CAAC;QACN,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACI,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,MAAc;QAC7C,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAClC,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,uDAAuD;QACvD,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACpB,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;;;;OAKG;IACI,MAAM,CAAC,mBAAmB,CAAC,WAAiC;QAC/D,OAAO,CAAC,CAAC,CACL,WAAW,CAAC,MAAM;YAClB,WAAW,CAAC,QAAQ;YACpB,WAAW,CAAC,YAAY;YACxB,WAAW,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE;YAChC,WAAW,CAAC,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE;YAClC,WAAW,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,EAAE,CACzC,CAAC;IACN,CAAC;IAED;;;;;OAKG;IACK,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,WAAiC;QAC/D,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,WAAW,CAAC;QAEvD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACnC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,QAAQ,IAAI,YAAY,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACjF,MAAM,QAAQ,GAAG,+BAA+B,CAAC;YAEjD,MAAM,OAAO,GAAG;gBACZ,QAAQ,EAAE,GAAG,MAAM,gBAAgB;gBACnC,IAAI,EAAE,GAAG;gBACT,IAAI,EAAE,eAAe;gBACrB,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACL,eAAe,EAAE,SAAS,UAAU,EAAE;oBACtC,cAAc,EAAE,mCAAmC;oBACnD,gBAAgB,EAAE,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC;iBAChD;aACJ,CAAC;YAEF,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBACvC,IAAI,IAAI,GAAG,EAAE,CAAC;gBAEd,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;oBAC7B,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;gBAC7B,CAAC,CAAC,CAAC;gBAEH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;oBACf,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;wBACzB,MAAM,CAAC,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC;wBAC3C,OAAO;oBACX,CAAC;oBAED,IAAI,CAAC;wBACD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAkB,CAAC;wBACnD,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;4BACzB,QAAQ,CAAC,KAAK,GAAG,gBAAgB,CAAC;wBACtC,CAAC;wBACD,OAAO,CAAC,QAAQ,CAAC,CAAC;oBACtB,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBACb,MAAM,CAAC,KAAK,CAAC,CAAC;oBAClB,CAAC;gBACL,CAAC,CAAC,CAAC;YACP,CAAC,CAAC,CAAC;YAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAY,EAAE,EAAE;gBAC7B,MAAM,CAAC,KAAK,CAAC,CAAC;YAClB,CAAC,CAAC,CAAC;YAEH,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YACpB,GAAG,CAAC,GAAG,EAAE,CAAC;QACd,CAAC,CAAC,CAAC;IACP,CAAC;IAED;;;;;OAKG;IACK,MAAM,CAAC,gBAAgB,CAAC,KAAa;QACzC,MAAM,MAAM,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC9C,OAAO,sBAAsB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,aAAa,EAAE,EAAE,CAClE,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC,CACjC,CAAC;IACN,CAAC;;AA3LL,wDA4LC;AA3LG;;GAEG;AACqB,sCAAe,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC"}

package/dist/lib/benchling-webhook-stack.d.ts

@@ -1,16 +1,19 @@
 import * as cdk from "aws-cdk-lib";
 import { Construct } from "constructs";
 export interface BenchlingWebhookStackProps extends cdk.StackProps {
-    readonly bucketName: string;
-    readonly environment: string;
-    readonly prefix: string;
-    readonly queueArn: string;
-    readonly benchlingClientId: string;
-    readonly benchlingClientSecret: string;
-    readonly benchlingTenant: string;
-    readonly quiltCatalog?: string;
-    readonly quiltDatabase: string;
-    readonly webhookAllowList?: string;
+    /**
+     * ARN of the Quilt CloudFormation stack.
+     * All configuration is resolved from AWS (CloudFormation outputs + Secrets Manager).
+     * Format: arn:aws:cloudformation:{region}:{account}:stack/{name}/{id}
+     * REQUIRED.
+     */
+    readonly quiltStackArn: string;
+    /**
+     * Name or ARN of the AWS Secrets Manager secret containing Benchling credentials.
+     * Secret must contain: client_id, client_secret, tenant, app_definition_id (optional)
+     * REQUIRED.
+     */
+    readonly benchlingSecret: string;
     readonly createEcrRepository?: boolean;
     readonly ecrRepositoryName?: string;
     readonly logLevel?: string;

package/dist/lib/benchling-webhook-stack.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"benchling-webhook-stack.d.ts","sourceRoot":"","sources":["../../lib/benchling-webhook-stack.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,aAAa,CAAC;AAInC,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAMvC,MAAM,WAAW,0BAA2B,SAAQ,GAAG,CAAC,UAAU;IAC9D,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,qBAAqB,EAAE,MAAM,CAAC;IACvC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IACvC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,qBAAa,qBAAsB,SAAQ,GAAG,CAAC,KAAK;IAChD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAa;IACpC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAiB;IAChD,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAgB;IACpC,SAAgB,eAAe,EAAE,MAAM,CAAC;gBAGpC,KAAK,EAAE,SAAS,EAChB,EAAE,EAAE,MAAM,EACV,KAAK,EAAE,0BAA0B;CA0LxC"}
+{"version":3,"file":"benchling-webhook-stack.d.ts","sourceRoot":"","sources":["../../lib/benchling-webhook-stack.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,aAAa,CAAC;AAInC,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAMvC,MAAM,WAAW,0BAA2B,SAAQ,GAAG,CAAC,UAAU;IAE9D;;;;;OAKG;IACH,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B;;;;OAIG;IACH,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IAGjC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IACvC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,qBAAa,qBAAsB,SAAQ,GAAG,CAAC,KAAK;IAChD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAa;IACpC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAiB;IAChD,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAgB;IACpC,SAAgB,eAAe,EAAE,MAAM,CAAC;gBAGpC,KAAK,EAAE,SAAS,EAChB,EAAE,EAAE,MAAM,EACV,KAAK,EAAE,0BAA0B;CA0IxC"}

package/dist/lib/benchling-webhook-stack.js

@@ -48,53 +48,26 @@ const package_json_1 = __importDefault(require("../package.json"));
 class BenchlingWebhookStack extends cdk.Stack {
     constructor(scope, id, props) {
         super(scope, id, props);
-        if (props.prefix.includes("/")) {
-            throw new Error("Prefix should not contain a '/' character.");
+        // Validate required secrets-only mode parameters
+        if (!props.quiltStackArn || !props.benchlingSecret) {
+            throw new Error("Secrets-only mode (v0.6.0+) requires both:\n" +
+                "  - quiltStackArn: CloudFormation stack ARN\n" +
+                "  - benchlingSecret: Secrets Manager secret name\n\n" +
+                "See: https://github.com/quiltdata/benchling-webhook/issues/156");
         }
+        console.log("✓ Using secrets-only mode (v0.6.0+)");
         // Create CloudFormation parameters for runtime-configurable values
-        // Note: Use actual values from props during initial deployment to avoid empty string issues
-        // Parameters can be updated later via CloudFormation stack updates
-        // Security and configuration parameters
-        const webhookAllowListParam = new cdk.CfnParameter(this, "WebhookAllowList", {
+        // Parameters can be updated via CloudFormation stack updates
+        // ===== Secrets-Only Mode Parameters (v0.6.0+) =====
+        const quiltStackArnParam = new cdk.CfnParameter(this, "QuiltStackARN", {
             type: "String",
-            description: "Comma-separated list of IP addresses allowed to send webhooks (leave empty to allow all IPs)",
-            default: props.webhookAllowList || "",
+            description: "ARN of Quilt CloudFormation stack for configuration resolution",
+            default: props.quiltStackArn,
         });
-        const quiltCatalogParam = new cdk.CfnParameter(this, "QuiltCatalog", {
+        const benchlingSecretParam = new cdk.CfnParameter(this, "BenchlingSecret", {
             type: "String",
-            description: "Quilt catalog URL for package links",
-            default: props.quiltCatalog || "open.quiltdata.com",
-        });
-        // Infrastructure parameters - these can be updated without redeploying
-        const bucketNameParam = new cdk.CfnParameter(this, "BucketName", {
-            type: "String",
-            description: "S3 bucket name for storing packages",
-            default: props.bucketName,
-        });
-        const prefixParam = new cdk.CfnParameter(this, "PackagePrefix", {
-            type: "String",
-            description: "Prefix for package names (no slashes)",
-            default: props.prefix,
-        });
-        const pkgKeyParam = new cdk.CfnParameter(this, "PackageKey", {
-            type: "String",
-            description: "Metadata key used to link Benchling entries to Quilt packages",
-            default: "experiment_id",
-        });
-        const queueArnParam = new cdk.CfnParameter(this, "QueueArn", {
-            type: "String",
-            description: "SQS queue ARN for package notifications",
-            default: props.queueArn,
-        });
-        const quiltDatabaseParam = new cdk.CfnParameter(this, "QuiltDatabase", {
-            type: "String",
-            description: "Quilt database name (Glue Data Catalog database)",
-            default: props.quiltDatabase,
-        });
-        const benchlingTenantParam = new cdk.CfnParameter(this, "BenchlingTenant", {
-            type: "String",
-            description: "Benchling tenant name (e.g., 'company' for company.benchling.com)",
-            default: props.benchlingTenant,
+            description: "Name/ARN of Secrets Manager secret with Benchling credentials",
+            default: props.benchlingSecret,
         });
         const logLevelParam = new cdk.CfnParameter(this, "LogLevel", {
             type: "String",
@@ -102,12 +75,6 @@ class BenchlingWebhookStack extends cdk.Stack {
             default: props.logLevel || "INFO",
             allowedValues: ["DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"],
         });
-        const enableWebhookVerificationParam = new cdk.CfnParameter(this, "EnableWebhookVerification", {
-            type: "String",
-            description: "Enable webhook signature verification (true/false)",
-            default: "true",
-            allowedValues: ["true", "false"],
-        });
         const imageTagParam = new cdk.CfnParameter(this, "ImageTag", {
             type: "String",
             description: "Docker image tag to deploy (e.g., latest, 0.5.3, 0.5.3-20251030T123456Z)",
@@ -115,18 +82,13 @@ class BenchlingWebhookStack extends cdk.Stack {
         });
         // Use parameter values (which have props as defaults)
         // This allows runtime updates via CloudFormation
-        const webhookAllowListValue = webhookAllowListParam.valueAsString;
-        const quiltCatalogValue = quiltCatalogParam.valueAsString;
-        const bucketNameValue = bucketNameParam.valueAsString;
-        const prefixValue = prefixParam.valueAsString;
-        const pkgKeyValue = pkgKeyParam.valueAsString;
-        const queueArnValue = queueArnParam.valueAsString;
-        const quiltDatabaseValue = quiltDatabaseParam.valueAsString;
-        const benchlingTenantValue = benchlingTenantParam.valueAsString;
+        const quiltStackArnValue = quiltStackArnParam.valueAsString;
+        const benchlingSecretValue = benchlingSecretParam.valueAsString;
         const logLevelValue = logLevelParam.valueAsString;
-        const enableWebhookVerificationValue = enableWebhookVerificationParam.valueAsString;
         const imageTagValue = imageTagParam.valueAsString;
-        this.bucket = s3.Bucket.fromBucketName(this, "BWBucket", bucketNameValue);
+        // Bucket name will be resolved at runtime from CloudFormation outputs
+        // For CDK purposes, we use a placeholder for IAM permissions
+        this.bucket = s3.Bucket.fromBucketName(this, "BWBucket", "placeholder-bucket-resolved-at-runtime");
         // Get the default VPC or create a new one
         const vpc = ec2.Vpc.fromLookup(this, "DefaultVPC", {
             isDefault: true,
@@ -153,30 +115,24 @@ class BenchlingWebhookStack extends cdk.Stack {
         // (e.g., "0.5.3-20251031T000139Z"), otherwise use package.json version
         const isDevVersion = imageTagValue.match(/^\d+\.\d+\.\d+-\d{8}T\d{6}Z$/);
         const stackVersion = isDevVersion ? imageTagValue : package_json_1.default.version;
+        // Build Fargate Service props - secrets-only mode
         this.fargateService = new fargate_service_1.FargateService(this, "FargateService", {
             vpc,
             bucket: this.bucket,
-            queueArn: queueArnValue,
             region: this.region,
             account: this.account,
-            prefix: prefixValue,
-            pkgKey: pkgKeyValue,
-            benchlingClientId: props.benchlingClientId,
-            benchlingClientSecret: props.benchlingClientSecret,
-            benchlingTenant: benchlingTenantValue,
-            quiltCatalog: quiltCatalogValue,
-            quiltDatabase: quiltDatabaseValue,
-            webhookAllowList: webhookAllowListValue,
             ecrRepository: ecrRepo,
             imageTag: imageTagValue,
             stackVersion: stackVersion,
             logLevel: logLevelValue,
-            enableWebhookVerification: enableWebhookVerificationValue,
+            // Secrets-only mode: Only 2 required parameters
+            quiltStackArn: quiltStackArnValue,
+            benchlingSecret: benchlingSecretValue,
         });
         // Create API Gateway that routes to the ALB
         this.api = new alb_api_gateway_1.AlbApiGateway(this, "ApiGateway", {
             loadBalancer: this.fargateService.loadBalancer,
-            webhookAllowList: webhookAllowListValue,
+            webhookAllowList: "", // Empty allow list = allow all IPs
         });
         // Store webhook endpoint for easy access
         this.webhookEndpoint = this.api.api.url;

package/dist/lib/benchling-webhook-stack.js.map

@@ -1 +1 @@
-{"version":3,"file":"benchling-webhook-stack.js","sourceRoot":"","sources":["../../lib/benchling-webhook-stack.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAmC;AACnC,uDAAyC;AACzC,yDAA2C;AAC3C,yDAA2C;AAE3C,uDAAmD;AACnD,uDAAkD;AAClD,qDAAiD;AACjD,mEAA0C;AAmB1C,MAAa,qBAAsB,SAAQ,GAAG,CAAC,KAAK;IAMhD,YACI,KAAgB,EAChB,EAAU,EACV,KAAiC;QAEjC,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,KAAK,CAAC,CAAC;QACxB,IAAI,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAClE,CAAC;QAED,mEAAmE;QACnE,4FAA4F;QAC5F,mEAAmE;QAEnE,wCAAwC;QACxC,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,kBAAkB,EAAE;YACzE,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,8FAA8F;YAC3G,OAAO,EAAE,KAAK,CAAC,gBAAgB,IAAI,EAAE;SACxC,CAAC,CAAC;QAEH,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,cAAc,EAAE;YACjE,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,qCAAqC;YAClD,OAAO,EAAE,KAAK,CAAC,YAAY,IAAI,oBAAoB;SACtD,CAAC,CAAC;QAEH,uEAAuE;QACvE,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,YAAY,EAAE;YAC7D,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,qCAAqC;YAClD,OAAO,EAAE,KAAK,CAAC,UAAU;SAC5B,CAAC,CAAC;QAEH,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,eAAe,EAAE;YAC5D,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,uCAAuC;YACpD,OAAO,EAAE,KAAK,CAAC,MAAM;SACxB,CAAC,CAAC;QAEH,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,YAAY,EAAE;YACzD,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,+DAA+D;YAC5E,OAAO,EAAE,eAAe;SAC3B,CAAC,CAAC;QAEH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,EAAE;YACzD,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,yCAAyC;YACtD,OAAO,EAAE,KAAK,CAAC,QAAQ;SAC1B,CAAC,CAAC;QAEH,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,eAAe,EAAE;YACnE,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,kDAAkD;YAC/D,OAAO,EAAE,KAAK,CAAC,aAAa;SAC/B,CAAC,CAAC;QAEH,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,iBAAiB,EAAE;YACvE,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,mEAAmE;YAChF,OAAO,EAAE,KAAK,CAAC,eAAe;SACjC,CAAC,CAAC;QAEH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,EAAE;YACzD,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,+DAA+D;YAC5E,OAAO,EAAE,KAAK,CAAC,QAAQ,IAAI,MAAM;YACjC,aAAa,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,UAAU,CAAC;SACnE,CAAC,CAAC;QAEH,MAAM,8BAA8B,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,2BAA2B,EAAE;YAC3F,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,oDAAoD;YACjE,OAAO,EAAE,MAAM;YACf,aAAa,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC;SACnC,CAAC,CAAC;QAEH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,EAAE;YACzD,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,0EAA0E;YACvF,OAAO,EAAE,KAAK,CAAC,QAAQ,IAAI,QAAQ;SACtC,CAAC,CAAC;QAEH,sDAAsD;QACtD,iDAAiD;QACjD,MAAM,qBAAqB,GAAG,qBAAqB,CAAC,aAAa,CAAC;QAClE,MAAM,iBAAiB,GAAG,iBAAiB,CAAC,aAAa,CAAC;QAC1D,MAAM,eAAe,GAAG,eAAe,CAAC,aAAa,CAAC;QACtD,MAAM,WAAW,GAAG,WAAW,CAAC,aAAa,CAAC;QAC9C,MAAM,WAAW,GAAG,WAAW,CAAC,aAAa,CAAC;QAC9C,MAAM,aAAa,GAAG,aAAa,CAAC,aAAa,CAAC;QAClD,MAAM,kBAAkB,GAAG,kBAAkB,CAAC,aAAa,CAAC;QAC5D,MAAM,oBAAoB,GAAG,oBAAoB,CAAC,aAAa,CAAC;QAChE,MAAM,aAAa,GAAG,aAAa,CAAC,aAAa,CAAC;QAClD,MAAM,8BAA8B,GAAG,8BAA8B,CAAC,aAAa,CAAC;QACpF,MAAM,aAAa,GAAG,aAAa,CAAC,aAAa,CAAC;QAElD,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,UAAU,EAAE,eAAe,CAAC,CAAC;QAE1E,0CAA0C;QAC1C,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,YAAY,EAAE;YAC/C,SAAS,EAAE,IAAI;SAClB,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,OAAwB,CAAC;QAC7B,IAAI,WAAmB,CAAC;QACxB,IAAI,KAAK,CAAC,mBAAmB,EAAE,CAAC;YAC5B,MAAM,OAAO,GAAG,IAAI,8BAAa,CAAC,IAAI,EAAE,eAAe,EAAE;gBACrD,cAAc,EAAE,KAAK,CAAC,iBAAiB,IAAI,qBAAqB;gBAChE,gBAAgB,EAAE,IAAI;aACzB,CAAC,CAAC;YACH,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC;YAC7B,WAAW,GAAG,GAAG,OAAO,CAAC,aAAa,SAAS,CAAC;QACpD,CAAC;aAAM,CAAC;YACJ,oCAAoC;YACpC,MAAM,QAAQ,GAAG,KAAK,CAAC,iBAAiB,IAAI,qBAAqB,CAAC;YAClE,OAAO,GAAG,GAAG,CAAC,UAAU,CAAC,kBAAkB,CAAC,IAAI,EAAE,uBAAuB,EAAE,QAAQ,CAAC,CAAC;YACrF,WAAW,GAAG,GAAG,IAAI,CAAC,OAAO,YAAY,IAAI,CAAC,MAAM,kBAAkB,QAAQ,SAAS,CAAC;QAC5F,CAAC;QAED,6BAA6B;QAC7B,2EAA2E;QAC3E,uEAAuE;QACvE,MAAM,YAAY,GAAG,aAAa,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;QACzE,MAAM,YAAY,GAAG,YAAY,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,sBAAW,CAAC,OAAO,CAAC;QAExE,IAAI,CAAC,cAAc,GAAG,IAAI,gCAAc,CAAC,IAAI,EAAE,gBAAgB,EAAE;YAC7D,GAAG;YACH,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,QAAQ,EAAE,aAAa;YACvB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,WAAW;YACnB,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;YAC1C,qBAAqB,EAAE,KAAK,CAAC,qBAAqB;YAClD,eAAe,EAAE,oBAAoB;YACrC,YAAY,EAAE,iBAAiB;YAC/B,aAAa,EAAE,kBAAkB;YACjC,gBAAgB,EAAE,qBAAqB;YACvC,aAAa,EAAE,OAAO;YACtB,QAAQ,EAAE,aAAa;YACvB,YAAY,EAAE,YAAY;YAC1B,QAAQ,EAAE,aAAa;YACvB,yBAAyB,EAAE,8BAA8B;SAC5D,CAAC,CAAC;QAEH,4CAA4C;QAC5C,IAAI,CAAC,GAAG,GAAG,IAAI,+BAAa,CAAC,IAAI,EAAE,YAAY,EAAE;YAC7C,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,YAAY;YAC9C,gBAAgB,EAAE,qBAAqB;SAC1C,CAAC,CAAC;QAEH,yCAAyC;QACzC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC;QAExC,4CAA4C;QAC5C,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,iBAAiB,EAAE;YACvC,KAAK,EAAE,IAAI,CAAC,eAAe;YAC3B,WAAW,EAAE,gEAAgE;SAChF,CAAC,CAAC;QAEH,kCAAkC;QAClC,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,gBAAgB,EAAE;YACtC,KAAK,EAAE,WAAW;YAClB,WAAW,EAAE,sCAAsC;SACtD,CAAC,CAAC;QAEH,6BAA6B;QAC7B,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,cAAc,EAAE;YACpC,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,IAAI,sBAAW,CAAC,OAAO;YAChE,WAAW,EAAE,eAAe;SAC/B,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,aAAa,EAAE;YACnC,KAAK,EAAE,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,YAAY;YAChD,WAAW,EAAE,6CAA6C;SAC7D,CAAC,CAAC;QAEH,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,oBAAoB,EAAE;YAC1C,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,YAAY;YACrC,WAAW,EAAE,kDAAkD;SAClE,CAAC,CAAC;IACP,CAAC;CAGJ;AAnMD,sDAmMC"}
+{"version":3,"file":"benchling-webhook-stack.js","sourceRoot":"","sources":["../../lib/benchling-webhook-stack.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAmC;AACnC,uDAAyC;AACzC,yDAA2C;AAC3C,yDAA2C;AAE3C,uDAAmD;AACnD,uDAAkD;AAClD,qDAAiD;AACjD,mEAA0C;AAyB1C,MAAa,qBAAsB,SAAQ,GAAG,CAAC,KAAK;IAMhD,YACI,KAAgB,EAChB,EAAU,EACV,KAAiC;QAEjC,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,KAAK,CAAC,CAAC;QAExB,iDAAiD;QACjD,IAAI,CAAC,KAAK,CAAC,aAAa,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CACX,8CAA8C;gBAC9C,+CAA+C;gBAC/C,sDAAsD;gBACtD,gEAAgE,CACnE,CAAC;QACN,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC;QAEnD,mEAAmE;QACnE,6DAA6D;QAE7D,qDAAqD;QACrD,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,eAAe,EAAE;YACnE,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,gEAAgE;YAC7E,OAAO,EAAE,KAAK,CAAC,aAAa;SAC/B,CAAC,CAAC;QAEH,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,iBAAiB,EAAE;YACvE,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,+DAA+D;YAC5E,OAAO,EAAE,KAAK,CAAC,eAAe;SACjC,CAAC,CAAC;QAEH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,EAAE;YACzD,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,+DAA+D;YAC5E,OAAO,EAAE,KAAK,CAAC,QAAQ,IAAI,MAAM;YACjC,aAAa,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,UAAU,CAAC;SACnE,CAAC,CAAC;QAEH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,EAAE;YACzD,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,0EAA0E;YACvF,OAAO,EAAE,KAAK,CAAC,QAAQ,IAAI,QAAQ;SACtC,CAAC,CAAC;QAEH,sDAAsD;QACtD,iDAAiD;QACjD,MAAM,kBAAkB,GAAG,kBAAkB,CAAC,aAAa,CAAC;QAC5D,MAAM,oBAAoB,GAAG,oBAAoB,CAAC,aAAa,CAAC;QAChE,MAAM,aAAa,GAAG,aAAa,CAAC,aAAa,CAAC;QAClD,MAAM,aAAa,GAAG,aAAa,CAAC,aAAa,CAAC;QAElD,sEAAsE;QACtE,6DAA6D;QAC7D,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,UAAU,EAAE,wCAAwC,CAAC,CAAC;QAEnG,0CAA0C;QAC1C,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,YAAY,EAAE;YAC/C,SAAS,EAAE,IAAI;SAClB,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,OAAwB,CAAC;QAC7B,IAAI,WAAmB,CAAC;QACxB,IAAI,KAAK,CAAC,mBAAmB,EAAE,CAAC;YAC5B,MAAM,OAAO,GAAG,IAAI,8BAAa,CAAC,IAAI,EAAE,eAAe,EAAE;gBACrD,cAAc,EAAE,KAAK,CAAC,iBAAiB,IAAI,qBAAqB;gBAChE,gBAAgB,EAAE,IAAI;aACzB,CAAC,CAAC;YACH,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC;YAC7B,WAAW,GAAG,GAAG,OAAO,CAAC,aAAa,SAAS,CAAC;QACpD,CAAC;aAAM,CAAC;YACJ,oCAAoC;YACpC,MAAM,QAAQ,GAAG,KAAK,CAAC,iBAAiB,IAAI,qBAAqB,CAAC;YAClE,OAAO,GAAG,GAAG,CAAC,UAAU,CAAC,kBAAkB,CAAC,IAAI,EAAE,uBAAuB,EAAE,QAAQ,CAAC,CAAC;YACrF,WAAW,GAAG,GAAG,IAAI,CAAC,OAAO,YAAY,IAAI,CAAC,MAAM,kBAAkB,QAAQ,SAAS,CAAC;QAC5F,CAAC;QAED,6BAA6B;QAC7B,2EAA2E;QAC3E,uEAAuE;QACvE,MAAM,YAAY,GAAG,aAAa,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;QACzE,MAAM,YAAY,GAAG,YAAY,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,sBAAW,CAAC,OAAO,CAAC;QAExE,kDAAkD;QAClD,IAAI,CAAC,cAAc,GAAG,IAAI,gCAAc,CAAC,IAAI,EAAE,gBAAgB,EAAE;YAC7D,GAAG;YACH,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,aAAa,EAAE,OAAO;YACtB,QAAQ,EAAE,aAAa;YACvB,YAAY,EAAE,YAAY;YAC1B,QAAQ,EAAE,aAAa;YACvB,gDAAgD;YAChD,aAAa,EAAE,kBAAkB;YACjC,eAAe,EAAE,oBAAoB;SACxC,CAAC,CAAC;QAEH,4CAA4C;QAC5C,IAAI,CAAC,GAAG,GAAG,IAAI,+BAAa,CAAC,IAAI,EAAE,YAAY,EAAE;YAC7C,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,YAAY;YAC9C,gBAAgB,EAAE,EAAE,EAAE,mCAAmC;SAC5D,CAAC,CAAC;QAEH,yCAAyC;QACzC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC;QAExC,4CAA4C;QAC5C,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,iBAAiB,EAAE;YACvC,KAAK,EAAE,IAAI,CAAC,eAAe;YAC3B,WAAW,EAAE,gEAAgE;SAChF,CAAC,CAAC;QAEH,kCAAkC;QAClC,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,gBAAgB,EAAE;YACtC,KAAK,EAAE,WAAW;YAClB,WAAW,EAAE,sCAAsC;SACtD,CAAC,CAAC;QAEH,6BAA6B;QAC7B,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,cAAc,EAAE;YACpC,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,IAAI,sBAAW,CAAC,OAAO;YAChE,WAAW,EAAE,eAAe;SAC/B,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,aAAa,EAAE;YACnC,KAAK,EAAE,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,YAAY;YAChD,WAAW,EAAE,6CAA6C;SAC7D,CAAC,CAAC;QAEH,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,oBAAoB,EAAE;YAC1C,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,YAAY;YACrC,WAAW,EAAE,kDAAkD;SAClE,CAAC,CAAC;IACP,CAAC;CAGJ;AAnJD,sDAmJC"}

package/dist/lib/config-logger.d.ts

@@ -0,0 +1,191 @@
+/**
+ * Configuration Diagnostic Logging
+ *
+ * Provides comprehensive logging for configuration operations:
+ * - Configuration sources tracking
+ * - Operation audit trail
+ * - Troubleshooting insights
+ * - Performance metrics
+ *
+ * @module lib/config-logger
+ */
+/**
+ * Log level enumeration
+ */
+export declare enum LogLevel {
+    DEBUG = "DEBUG",
+    INFO = "INFO",
+    WARN = "WARN",
+    ERROR = "ERROR"
+}
+/**
+ * Log entry structure
+ */
+export interface LogEntry {
+    timestamp: string;
+    level: LogLevel;
+    operation: string;
+    message: string;
+    data?: Record<string, unknown>;
+    source?: string;
+    profileName?: string;
+    duration?: number;
+}
+/**
+ * Configuration operation types
+ */
+export declare enum ConfigOperation {
+    READ = "read",
+    WRITE = "write",
+    VALIDATE = "validate",
+    MERGE = "merge",
+    SYNC_SECRETS = "sync-secrets",
+    INFER_CONFIG = "infer-config",
+    CREATE_PROFILE = "create-profile",
+    DELETE_PROFILE = "delete-profile"
+}
+/**
+ * Configuration logger for diagnostic and audit purposes
+ */
+export declare class ConfigLogger {
+    private logFile;
+    private enableConsole;
+    private minLogLevel;
+    /**
+     * Creates a new configuration logger
+     *
+     * @param options - Logger configuration options
+     */
+    constructor(options?: {
+        logFile?: string;
+        enableConsole?: boolean;
+        minLogLevel?: LogLevel;
+    });
+    /**
+     * Gets log level priority for comparison
+     *
+     * @param level - Log level
+     * @returns Priority number (higher = more severe)
+     */
+    private getLogLevelPriority;
+    /**
+     * Checks if log level should be output
+     *
+     * @param level - Log level to check
+     * @returns True if should log
+     */
+    private shouldLog;
+    /**
+     * Formats log entry for output
+     *
+     * @param entry - Log entry
+     * @returns Formatted log string
+     */
+    private formatLogEntry;
+    /**
+     * Writes log entry to file and console
+     *
+     * @param entry - Log entry to write
+     */
+    private writeLog;
+    /**
+     * Logs a debug message
+     *
+     * @param operation - Configuration operation
+     * @param message - Log message
+     * @param data - Additional data
+     */
+    debug(operation: ConfigOperation | string, message: string, data?: Record<string, unknown>): void;
+    /**
+     * Logs an info message
+     *
+     * @param operation - Configuration operation
+     * @param message - Log message
+     * @param data - Additional data
+     */
+    info(operation: ConfigOperation | string, message: string, data?: Record<string, unknown>): void;
+    /**
+     * Logs a warning message
+     *
+     * @param operation - Configuration operation
+     * @param message - Log message
+     * @param data - Additional data
+     */
+    warn(operation: ConfigOperation | string, message: string, data?: Record<string, unknown>): void;
+    /**
+     * Logs an error message
+     *
+     * @param operation - Configuration operation
+     * @param message - Log message
+     * @param data - Additional data
+     */
+    error(operation: ConfigOperation | string, message: string, data?: Record<string, unknown>): void;
+    /**
+     * Logs configuration operation with timing
+     *
+     * @param operation - Configuration operation
+     * @param profileName - Profile name
+     * @param source - Configuration source
+     * @param fn - Function to execute and time
+     * @returns Result of the function
+     */
+    logOperation<T>(operation: ConfigOperation, profileName: string, source: string, fn: () => Promise<T> | T): Promise<T>;
+    /**
+     * Logs configuration read operation
+     *
+     * @param profileName - Profile name
+     * @param configType - Configuration type
+     * @param success - Whether read was successful
+     * @param source - Configuration source
+     */
+    logRead(profileName: string, configType: string, success: boolean, source?: string): void;
+    /**
+     * Logs configuration write operation
+     *
+     * @param profileName - Profile name
+     * @param configType - Configuration type
+     * @param success - Whether write was successful
+     * @param source - Configuration source
+     */
+    logWrite(profileName: string, configType: string, success: boolean, source?: string): void;
+    /**
+     * Logs configuration validation
+     *
+     * @param profileName - Profile name
+     * @param isValid - Whether configuration is valid
+     * @param errors - Validation errors
+     */
+    logValidation(profileName: string, isValid: boolean, errors?: string[]): void;
+    /**
+     * Logs secrets sync operation
+     *
+     * @param profileName - Profile name
+     * @param secretArn - Secret ARN
+     * @param action - Action performed (created/updated/skipped)
+     */
+    logSecretsSync(profileName: string, secretArn: string, action: string): void;
+    /**
+     * Gets the log file path
+     *
+     * @returns Log file path
+     */
+    getLogFile(): string;
+}
+/**
+ * Gets or creates the global configuration logger
+ *
+ * @param options - Logger options (only used on first call)
+ * @returns Configuration logger instance
+ */
+export declare function getConfigLogger(options?: {
+    logFile?: string;
+    enableConsole?: boolean;
+    minLogLevel?: LogLevel;
+}): ConfigLogger;
+/**
+ * Sets the global configuration logger
+ *
+ * @param logger - Logger instance
+ */
+export declare function setConfigLogger(logger: ConfigLogger): void;
+//# sourceMappingURL=config-logger.d.ts.map

package/dist/lib/config-logger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config-logger.d.ts","sourceRoot":"","sources":["../../lib/config-logger.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH;;GAEG;AACH,oBAAY,QAAQ;IAChB,KAAK,UAAU;IACf,IAAI,SAAS;IACb,IAAI,SAAS;IACb,KAAK,UAAU;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,QAAQ,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,oBAAY,eAAe;IACvB,IAAI,SAAS;IACb,KAAK,UAAU;IACf,QAAQ,aAAa;IACrB,KAAK,UAAU;IACf,YAAY,iBAAiB;IAC7B,YAAY,iBAAiB;IAC7B,cAAc,mBAAmB;IACjC,cAAc,mBAAmB;CACpC;AAED;;GAEG;AACH,qBAAa,YAAY;IACrB,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,aAAa,CAAU;IAC/B,OAAO,CAAC,WAAW,CAAW;IAE9B;;;;OAIG;gBACS,OAAO,CAAC,EAAE;QAClB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,WAAW,CAAC,EAAE,QAAQ,CAAC;KAC1B;IAcD;;;;;OAKG;IACH,OAAO,CAAC,mBAAmB;IAe3B;;;;;OAKG;IACH,OAAO,CAAC,SAAS;IAIjB;;;;;OAKG;IACH,OAAO,CAAC,cAAc;IA2BtB;;;;OAIG;IACH,OAAO,CAAC,QAAQ;IAiChB;;;;;;OAMG;IACI,KAAK,CAAC,SAAS,EAAE,eAAe,GAAG,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;IAUxG;;;;;;OAMG;IACI,IAAI,CAAC,SAAS,EAAE,eAAe,GAAG,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;IAUvG;;;;;;OAMG;IACI,IAAI,CAAC,SAAS,EAAE,eAAe,GAAG,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;IAUvG;;;;;;OAMG;IACI,KAAK,CAAC,SAAS,EAAE,eAAe,GAAG,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;IAUxG;;;;;;;;OAQG;IACU,YAAY,CAAC,CAAC,EACvB,SAAS,EAAE,eAAe,EAC1B,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,MAAM,EACd,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,GACzB,OAAO,CAAC,CAAC,CAAC;IAiCb;;;;;;;OAOG;IACI,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI;IAgBhG;;;;;;;OAOG;IACI,QAAQ,CAAC,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI;IAgBjG;;;;;;OAMG;IACI,aAAa,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI;IAapF;;;;;;OAMG;IACI,cAAc,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI;IAgBnF;;;;OAIG;IACI,UAAU,IAAI,MAAM;CAG9B;AAOD;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,OAAO,CAAC,EAAE;IACtC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,WAAW,CAAC,EAAE,QAAQ,CAAC;CAC1B,GAAG,YAAY,CAKf;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI,CAE1D"}