@quiltdata/benchling-webhook 0.9.9 → 0.10.0-20251225T080117Z

package/dist/lib/types/stack-config.d.ts

@@ -0,0 +1,181 @@
+/**
+ * Minimal Stack Configuration Interface
+ *
+ * This interface defines ONLY the fields required by the CDK stack infrastructure.
+ * It is deliberately minimal to:
+ * - Reduce coupling between setup wizard and CDK stack
+ * - Simplify testing (fewer fields to mock)
+ * - Make explicit what the stack actually needs
+ *
+ * Transformation: ProfileConfig → StackConfig happens in config-transform.ts
+ *
+ * @module types/stack-config
+ * @version 0.10.0
+ */
+import type { VpcConfig } from "./config";
+export type { VpcConfig } from "./config";
+/**
+ * Minimal Stack Configuration
+ *
+ * Contains only the fields that the CDK stack actually uses for infrastructure provisioning.
+ * Derived from ProfileConfig via profileToStackConfig() transformation.
+ *
+ * **Design principles:**
+ * - Only infrastructure-related fields (no wizard metadata)
+ * - Only fields actually referenced in CDK constructs
+ * - Optional fields remain optional (preserve deployment flexibility)
+ *
+ * **What's NOT included:**
+ * - Benchling OAuth credentials (stored in secret, referenced by ARN)
+ * - Package configuration (passed as env vars to container)
+ * - Logging level (passed as env var to container)
+ * - Metadata fields (_metadata, _inherits)
+ *
+ * @example
+ * ```typescript
+ * const stackConfig: StackConfig = {
+ *   benchling: {
+ *     secretArn: "arn:aws:secretsmanager:us-east-1:123456789012:secret:benchling-..."
+ *   },
+ *   quilt: {
+ *     catalog: "quilt.example.com",
+ *     database: "quilt_catalog",
+ *     queueUrl: "https://sqs.us-east-1.amazonaws.com/123456789012/quilt-queue",
+ *     region: "us-east-1"
+ *   },
+ *   deployment: {
+ *     region: "us-east-1",
+ *     imageTag: "0.10.0"
+ *   }
+ * };
+ * ```
+ */
+export interface StackConfig {
+    /**
+     * Benchling configuration (secret reference only)
+     */
+    benchling: {
+        /**
+         * AWS Secrets Manager ARN for Benchling OAuth credentials
+         *
+         * Stack uses this to grant ECS task read access to the secret.
+         * FastAPI reads credentials from secret at runtime.
+         *
+         * @example "arn:aws:secretsmanager:us-east-1:123456789012:secret:benchling-oauth-abc123"
+         */
+        secretArn: string;
+    };
+    /**
+     * Quilt catalog configuration (service endpoints only)
+     */
+    quilt: {
+        /**
+         * Quilt catalog domain (without protocol)
+         *
+         * Passed to container as QUILT_WEB_HOST environment variable.
+         *
+         * @example "quilt.example.com"
+         */
+        catalog: string;
+        /**
+         * Athena/Glue database name for catalog metadata
+         *
+         * Passed to container as ATHENA_USER_DATABASE environment variable.
+         *
+         * @example "quilt_catalog"
+         */
+        database: string;
+        /**
+         * SQS queue URL for package creation jobs
+         *
+         * Passed to container as PACKAGER_SQS_URL environment variable.
+         * Stack also grants ECS task send message permissions.
+         *
+         * @example "https://sqs.us-east-1.amazonaws.com/123456789012/quilt-package-queue"
+         */
+        queueUrl: string;
+        /**
+         * AWS region for Quilt resources
+         *
+         * Used for SQS/S3 client configuration.
+         *
+         * @example "us-east-1"
+         */
+        region: string;
+        /**
+         * IAM managed policy ARN for S3 bucket write access (optional)
+         *
+         * This policy grants read-write permissions to all Quilt S3 buckets.
+         * Attached directly to the ECS task role, eliminating the need for role assumption.
+         *
+         * Resolved from BucketWritePolicy stack resource during setup.
+         *
+         * @example "arn:aws:iam::123456789012:policy/quilt-staging-BucketWritePolicy-XXXXX"
+         */
+        bucketWritePolicyArn?: string;
+        /**
+         * IAM managed policy ARN for Athena query access (optional)
+         *
+         * This policy grants permissions to execute Athena queries, access Glue catalog,
+         * and write query results to the Athena results bucket.
+         * Attached directly to the ECS task role.
+         *
+         * Resolved from UserAthenaNonManagedRolePolicy stack resource during setup.
+         *
+         * @example "arn:aws:iam::123456789012:policy/quilt-staging-UserAthenaNonManagedRolePolicy-XXXXX"
+         */
+        athenaUserPolicyArn?: string;
+    };
+    /**
+     * AWS deployment configuration
+     */
+    deployment: {
+        /**
+         * AWS region for deployment
+         *
+         * @example "us-east-1"
+         */
+        region: string;
+        /**
+         * Docker image tag to deploy
+         *
+         * @example "latest"
+         * @example "0.10.0"
+         * @default "latest"
+         */
+        imageTag?: string;
+        /**
+         * VPC configuration for ECS deployment (optional)
+         *
+         * If not specified, a new VPC will be created with private subnets and NAT Gateway.
+         */
+        vpc?: VpcConfig;
+        /**
+         * CloudFormation stack name (optional)
+         *
+         * If not specified, stack name is auto-generated based on profile:
+         * - "default" profile → "BenchlingWebhookStack" (backwards compatible)
+         * - Other profiles → "BenchlingWebhookStack-{profile}"
+         *
+         * @example "BenchlingWebhookStack-sales"
+         * @default Auto-generated based on profile name
+         */
+        stackName?: string;
+    };
+    /**
+     * Security configuration (optional)
+     */
+    security?: {
+        /**
+         * Comma-separated list of allowed IP addresses/CIDR blocks for webhook endpoints
+         *
+         * Enforced via REST API Gateway resource policy (free).
+         * Empty string means no IP filtering (all IPs allowed).
+         *
+         * @example "192.168.1.0/24,10.0.0.0/8"
+         * @default ""
+         */
+        webhookAllowList?: string;
+    };
+}
+//# sourceMappingURL=stack-config.d.ts.map

package/dist/lib/types/stack-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"stack-config.d.ts","sourceRoot":"","sources":["../../../lib/types/stack-config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAG1C,YAAY,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,MAAM,WAAW,WAAW;IACxB;;OAEG;IACH,SAAS,EAAE;QACP;;;;;;;WAOG;QACH,SAAS,EAAE,MAAM,CAAC;KACrB,CAAC;IAEF;;OAEG;IACH,KAAK,EAAE;QACH;;;;;;WAMG;QACH,OAAO,EAAE,MAAM,CAAC;QAEhB;;;;;;WAMG;QACH,QAAQ,EAAE,MAAM,CAAC;QAEjB;;;;;;;WAOG;QACH,QAAQ,EAAE,MAAM,CAAC;QAEjB;;;;;;WAMG;QACH,MAAM,EAAE,MAAM,CAAC;QAEf;;;;;;;;;WASG;QACH,oBAAoB,CAAC,EAAE,MAAM,CAAC;QAE9B;;;;;;;;;;WAUG;QACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;KAChC,CAAC;IAEF;;OAEG;IACH,UAAU,EAAE;QACR;;;;WAIG;QACH,MAAM,EAAE,MAAM,CAAC;QAEf;;;;;;WAMG;QACH,QAAQ,CAAC,EAAE,MAAM,CAAC;QAElB;;;;WAIG;QACH,GAAG,CAAC,EAAE,SAAS,CAAC;QAEhB;;;;;;;;;WASG;QACH,SAAS,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;IAEF;;OAEG;IACH,QAAQ,CAAC,EAAE;QACP;;;;;;;;WAQG;QACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;KAC7B,CAAC;CACL"}

package/dist/lib/types/stack-config.js

@@ -0,0 +1,17 @@
+"use strict";
+/**
+ * Minimal Stack Configuration Interface
+ *
+ * This interface defines ONLY the fields required by the CDK stack infrastructure.
+ * It is deliberately minimal to:
+ * - Reduce coupling between setup wizard and CDK stack
+ * - Simplify testing (fewer fields to mock)
+ * - Make explicit what the stack actually needs
+ *
+ * Transformation: ProfileConfig → StackConfig happens in config-transform.ts
+ *
+ * @module types/stack-config
+ * @version 0.10.0
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=stack-config.js.map

package/dist/lib/types/stack-config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stack-config.js","sourceRoot":"","sources":["../../../lib/types/stack-config.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG"}

package/dist/lib/utils/config-transform.d.ts

@@ -0,0 +1,93 @@
+/**
+ * Configuration Transformation Utilities
+ *
+ * Transforms ProfileConfig (XDG user configuration) into StackConfig (minimal CDK interface).
+ * This module implements the separation between user-facing configuration and infrastructure needs.
+ *
+ * **Key principles:**
+ * - ProfileConfig contains ALL configuration (wizard, deployment, runtime)
+ * - StackConfig contains ONLY infrastructure-related fields
+ * - Transformation is one-way: ProfileConfig → StackConfig
+ * - Validation ensures required fields are present
+ *
+ * @module utils/config-transform
+ * @version 0.10.0
+ */
+import type { ProfileConfig, ValidationResult } from "../types/config";
+import type { StackConfig } from "../types/stack-config";
+/**
+ * Transform ProfileConfig to StackConfig
+ *
+ * Extracts only the fields required by the CDK stack infrastructure from the full ProfileConfig.
+ * This creates a clean separation between user configuration and infrastructure needs.
+ *
+ * **Transformation logic:**
+ * - Benchling: Only secretArn (credentials stored in secret)
+ * - Quilt: Service endpoints (catalog, database, queueUrl, region, bucketWritePolicyArn, athenaUserPolicyArn)
+ * - Deployment: Infrastructure settings (region, imageTag, vpc, stackName)
+ * - Security: Optional IP allowlist
+ *
+ * **Excluded fields:**
+ * - benchling.tenant, clientId, appDefinitionId (read from secret at runtime)
+ * - packages.* (passed as environment variables)
+ * - logging.* (passed as environment variables)
+ * - _metadata, _inherits (wizard metadata)
+ *
+ * @param profile - Full profile configuration from XDG
+ * @returns Minimal stack configuration for CDK
+ * @throws Error if required fields are missing
+ *
+ * @example
+ * ```typescript
+ * const profile = XDGConfig.readProfile("default");
+ * const stackConfig = profileToStackConfig(profile);
+ * createStack(stackConfig); // Pass to CDK stack
+ * ```
+ */
+export declare function profileToStackConfig(profile: ProfileConfig, options?: {
+    skipValidation?: boolean;
+}): StackConfig;
+/**
+ * Validate ProfileConfig for stack deployment
+ *
+ * Checks that all required fields for CDK stack creation are present and valid.
+ * This validation is run before transformation to provide clear error messages.
+ *
+ * **Required fields:**
+ * - benchling.secretArn (secret must exist in AWS Secrets Manager)
+ * - quilt.catalog (catalog domain)
+ * - quilt.database (Athena database name)
+ * - quilt.queueUrl (SQS queue URL)
+ * - quilt.region (AWS region)
+ * - deployment.region (deployment region)
+ *
+ * **Optional fields:**
+ * - quilt.bucketWritePolicyArn (IAM managed policy for S3 access)
+ * - quilt.athenaUserPolicyArn (IAM managed policy for Athena access)
+ * - deployment.imageTag (defaults to "latest")
+ * - deployment.vpc (defaults to creating new VPC)
+ * - deployment.stackName (auto-generated from profile name)
+ * - security.webhookAllowList (defaults to no IP filtering)
+ *
+ * @param config - Profile configuration to validate
+ * @returns Validation result with errors and warnings
+ *
+ * @example
+ * ```typescript
+ * const profile = XDGConfig.readProfile("default");
+ * const result = validateStackConfig(profile);
+ *
+ * if (!result.isValid) {
+ *   console.error("Configuration errors:");
+ *   result.errors.forEach(err => console.error(`  - ${err}`));
+ *   process.exit(1);
+ * }
+ *
+ * if (result.warnings && result.warnings.length > 0) {
+ *   console.warn("Configuration warnings:");
+ *   result.warnings.forEach(warn => console.warn(`  - ${warn}`));
+ * }
+ * ```
+ */
+export declare function validateStackConfig(config: ProfileConfig): ValidationResult;
+//# sourceMappingURL=config-transform.d.ts.map

package/dist/lib/utils/config-transform.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config-transform.d.ts","sourceRoot":"","sources":["../../../lib/utils/config-transform.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACvE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAEzD;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,wBAAgB,oBAAoB,CAChC,OAAO,EAAE,aAAa,EACtB,OAAO,CAAC,EAAE;IAAE,cAAc,CAAC,EAAE,OAAO,CAAA;CAAE,GACvC,WAAW,CA2Db;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyCG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,aAAa,GAAG,gBAAgB,CA4F3E"}

package/dist/lib/utils/config-transform.js

@@ -0,0 +1,270 @@
+"use strict";
+/**
+ * Configuration Transformation Utilities
+ *
+ * Transforms ProfileConfig (XDG user configuration) into StackConfig (minimal CDK interface).
+ * This module implements the separation between user-facing configuration and infrastructure needs.
+ *
+ * **Key principles:**
+ * - ProfileConfig contains ALL configuration (wizard, deployment, runtime)
+ * - StackConfig contains ONLY infrastructure-related fields
+ * - Transformation is one-way: ProfileConfig → StackConfig
+ * - Validation ensures required fields are present
+ *
+ * @module utils/config-transform
+ * @version 0.10.0
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.profileToStackConfig = profileToStackConfig;
+exports.validateStackConfig = validateStackConfig;
+/**
+ * Transform ProfileConfig to StackConfig
+ *
+ * Extracts only the fields required by the CDK stack infrastructure from the full ProfileConfig.
+ * This creates a clean separation between user configuration and infrastructure needs.
+ *
+ * **Transformation logic:**
+ * - Benchling: Only secretArn (credentials stored in secret)
+ * - Quilt: Service endpoints (catalog, database, queueUrl, region, bucketWritePolicyArn, athenaUserPolicyArn)
+ * - Deployment: Infrastructure settings (region, imageTag, vpc, stackName)
+ * - Security: Optional IP allowlist
+ *
+ * **Excluded fields:**
+ * - benchling.tenant, clientId, appDefinitionId (read from secret at runtime)
+ * - packages.* (passed as environment variables)
+ * - logging.* (passed as environment variables)
+ * - _metadata, _inherits (wizard metadata)
+ *
+ * @param profile - Full profile configuration from XDG
+ * @returns Minimal stack configuration for CDK
+ * @throws Error if required fields are missing
+ *
+ * @example
+ * ```typescript
+ * const profile = XDGConfig.readProfile("default");
+ * const stackConfig = profileToStackConfig(profile);
+ * createStack(stackConfig); // Pass to CDK stack
+ * ```
+ */
+function profileToStackConfig(profile, options) {
+    // Validate required fields first (unless skipped for testing)
+    if (!options?.skipValidation) {
+        const validation = validateStackConfig(profile);
+        if (!validation.isValid) {
+            const errors = validation.errors.join("\n  - ");
+            throw new Error(`Invalid profile configuration for stack deployment:\n  - ${errors}`);
+        }
+    }
+    // Build minimal StackConfig with only required fields
+    const stackConfig = {
+        benchling: {
+            secretArn: profile.benchling.secretArn,
+        },
+        quilt: {
+            catalog: profile.quilt.catalog,
+            database: profile.quilt.database,
+            queueUrl: profile.quilt.queueUrl,
+            region: profile.quilt.region,
+        },
+        deployment: {
+            region: profile.deployment.region,
+        },
+    };
+    // Add optional fields if present
+    // Quilt managed policy ARNs (for S3 and Athena access)
+    if (profile.quilt.bucketWritePolicyArn) {
+        stackConfig.quilt.bucketWritePolicyArn = profile.quilt.bucketWritePolicyArn;
+    }
+    if (profile.quilt.athenaUserPolicyArn) {
+        stackConfig.quilt.athenaUserPolicyArn = profile.quilt.athenaUserPolicyArn;
+    }
+    // Deployment image tag
+    if (profile.deployment.imageTag) {
+        stackConfig.deployment.imageTag = profile.deployment.imageTag;
+    }
+    // VPC configuration
+    if (profile.deployment.vpc) {
+        stackConfig.deployment.vpc = profile.deployment.vpc;
+    }
+    // Stack name
+    if (profile.deployment.stackName) {
+        stackConfig.deployment.stackName = profile.deployment.stackName;
+    }
+    // Security configuration
+    if (profile.security?.webhookAllowList) {
+        stackConfig.security = {
+            webhookAllowList: profile.security.webhookAllowList,
+        };
+    }
+    return stackConfig;
+}
+/**
+ * Validate ProfileConfig for stack deployment
+ *
+ * Checks that all required fields for CDK stack creation are present and valid.
+ * This validation is run before transformation to provide clear error messages.
+ *
+ * **Required fields:**
+ * - benchling.secretArn (secret must exist in AWS Secrets Manager)
+ * - quilt.catalog (catalog domain)
+ * - quilt.database (Athena database name)
+ * - quilt.queueUrl (SQS queue URL)
+ * - quilt.region (AWS region)
+ * - deployment.region (deployment region)
+ *
+ * **Optional fields:**
+ * - quilt.bucketWritePolicyArn (IAM managed policy for S3 access)
+ * - quilt.athenaUserPolicyArn (IAM managed policy for Athena access)
+ * - deployment.imageTag (defaults to "latest")
+ * - deployment.vpc (defaults to creating new VPC)
+ * - deployment.stackName (auto-generated from profile name)
+ * - security.webhookAllowList (defaults to no IP filtering)
+ *
+ * @param config - Profile configuration to validate
+ * @returns Validation result with errors and warnings
+ *
+ * @example
+ * ```typescript
+ * const profile = XDGConfig.readProfile("default");
+ * const result = validateStackConfig(profile);
+ *
+ * if (!result.isValid) {
+ *   console.error("Configuration errors:");
+ *   result.errors.forEach(err => console.error(`  - ${err}`));
+ *   process.exit(1);
+ * }
+ *
+ * if (result.warnings && result.warnings.length > 0) {
+ *   console.warn("Configuration warnings:");
+ *   result.warnings.forEach(warn => console.warn(`  - ${warn}`));
+ * }
+ * ```
+ */
+function validateStackConfig(config) {
+    const errors = [];
+    const warnings = [];
+    // Validate required Benchling fields
+    if (!config.benchling) {
+        errors.push("Missing 'benchling' configuration section");
+    }
+    else {
+        if (!config.benchling.secretArn) {
+            errors.push("Missing 'benchling.secretArn' - run 'npm run setup:sync-secrets' to create secret");
+        }
+        else if (!config.benchling.secretArn.startsWith("arn:aws:secretsmanager:")) {
+            errors.push(`Invalid 'benchling.secretArn' format: ${config.benchling.secretArn}`);
+        }
+    }
+    // Validate required Quilt fields
+    if (!config.quilt) {
+        errors.push("Missing 'quilt' configuration section");
+    }
+    else {
+        if (!config.quilt.catalog) {
+            errors.push("Missing 'quilt.catalog' - run 'npm run setup' to configure");
+        }
+        if (!config.quilt.database) {
+            errors.push("Missing 'quilt.database' - run 'npm run setup' to configure");
+        }
+        if (!config.quilt.queueUrl) {
+            errors.push("Missing 'quilt.queueUrl' - run 'npm run setup' to configure");
+        }
+        else if (!config.quilt.queueUrl.startsWith("https://sqs.")) {
+            errors.push(`Invalid 'quilt.queueUrl' format: ${config.quilt.queueUrl}`);
+        }
+        if (!config.quilt.region) {
+            errors.push("Missing 'quilt.region' - run 'npm run setup' to configure");
+        }
+        // Optional but recommended fields
+        if (!config.quilt.bucketWritePolicyArn) {
+            warnings.push("Missing 'quilt.bucketWritePolicyArn' - S3 write operations may fail");
+        }
+        else if (!config.quilt.bucketWritePolicyArn.startsWith("arn:aws:iam::")) {
+            errors.push(`Invalid 'quilt.bucketWritePolicyArn' format: ${config.quilt.bucketWritePolicyArn}`);
+        }
+        if (config.quilt.athenaUserPolicyArn && !config.quilt.athenaUserPolicyArn.startsWith("arn:aws:iam::")) {
+            errors.push(`Invalid 'quilt.athenaUserPolicyArn' format: ${config.quilt.athenaUserPolicyArn}`);
+        }
+    }
+    // Validate required deployment fields
+    if (!config.deployment) {
+        errors.push("Missing 'deployment' configuration section");
+    }
+    else {
+        if (!config.deployment.region) {
+            errors.push("Missing 'deployment.region' - run 'npm run setup' to configure");
+        }
+        // Validate VPC configuration if present
+        if (config.deployment.vpc) {
+            const vpc = config.deployment.vpc;
+            if (vpc.vpcId) {
+                // If VPC ID is specified, validate required subnet fields
+                if (!vpc.privateSubnetIds || vpc.privateSubnetIds.length < 2) {
+                    errors.push("VPC configuration requires at least 2 private subnets in different AZs");
+                }
+                if (!vpc.availabilityZones || vpc.availabilityZones.length < 2) {
+                    errors.push("VPC configuration requires at least 2 availability zones");
+                }
+                if (!vpc.vpcCidrBlock) {
+                    warnings.push("Missing 'deployment.vpc.vpcCidrBlock' - CDK synthesis may fail");
+                }
+            }
+        }
+    }
+    // Validate security configuration if present
+    if (config.security?.webhookAllowList) {
+        const allowList = config.security.webhookAllowList.trim();
+        if (allowList.length > 0) {
+            // Basic validation: check for valid CIDR blocks
+            const cidrs = allowList.split(",").map(s => s.trim());
+            for (const cidr of cidrs) {
+                if (!isValidCidr(cidr)) {
+                    errors.push(`Invalid CIDR block in webhookAllowList: ${cidr}`);
+                }
+            }
+        }
+    }
+    return {
+        isValid: errors.length === 0,
+        errors,
+        warnings: warnings.length > 0 ? warnings : undefined,
+    };
+}
+/**
+ * Validate CIDR block format
+ *
+ * Checks if a string is a valid IPv4 CIDR block (e.g., "192.168.1.0/24")
+ * or a single IP address (e.g., "192.168.1.1")
+ *
+ * @param cidr - CIDR block string to validate
+ * @returns True if valid, false otherwise
+ *
+ * @internal
+ */
+function isValidCidr(cidr) {
+    // Simple regex for IPv4 CIDR validation
+    // Format: xxx.xxx.xxx.xxx/yy or xxx.xxx.xxx.xxx
+    const cidrPattern = /^(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?$/;
+    if (!cidrPattern.test(cidr)) {
+        return false;
+    }
+    // Validate IP octets (0-255)
+    const parts = cidr.split("/");
+    const ip = parts[0];
+    const octets = ip.split(".");
+    for (const octet of octets) {
+        const num = parseInt(octet, 10);
+        if (num < 0 || num > 255) {
+            return false;
+        }
+    }
+    // Validate CIDR prefix (0-32)
+    if (parts.length === 2) {
+        const prefix = parseInt(parts[1], 10);
+        if (prefix < 0 || prefix > 32) {
+            return false;
+        }
+    }
+    return true;
+}
+//# sourceMappingURL=config-transform.js.map

package/dist/lib/utils/config-transform.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config-transform.js","sourceRoot":"","sources":["../../../lib/utils/config-transform.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;AAkCH,oDA8DC;AA4CD,kDA4FC;AAnOD;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,SAAgB,oBAAoB,CAChC,OAAsB,EACtB,OAAsC;IAEtC,8DAA8D;IAC9D,IAAI,CAAC,OAAO,EAAE,cAAc,EAAE,CAAC;QAC3B,MAAM,UAAU,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAChD,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;YACtB,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,4DAA4D,MAAM,EAAE,CAAC,CAAC;QAC1F,CAAC;IACL,CAAC;IAED,sDAAsD;IACtD,MAAM,WAAW,GAAgB;QAC7B,SAAS,EAAE;YACP,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,SAAU;SAC1C;QACD,KAAK,EAAE;YACH,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,OAAO;YAC9B,QAAQ,EAAE,OAAO,CAAC,KAAK,CAAC,QAAQ;YAChC,QAAQ,EAAE,OAAO,CAAC,KAAK,CAAC,QAAQ;YAChC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,MAAM;SAC/B;QACD,UAAU,EAAE;YACR,MAAM,EAAE,OAAO,CAAC,UAAU,CAAC,MAAM;SACpC;KACJ,CAAC;IAEF,iCAAiC;IAEjC,uDAAuD;IACvD,IAAI,OAAO,CAAC,KAAK,CAAC,oBAAoB,EAAE,CAAC;QACrC,WAAW,CAAC,KAAK,CAAC,oBAAoB,GAAG,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC;IAChF,CAAC;IACD,IAAI,OAAO,CAAC,KAAK,CAAC,mBAAmB,EAAE,CAAC;QACpC,WAAW,CAAC,KAAK,CAAC,mBAAmB,GAAG,OAAO,CAAC,KAAK,CAAC,mBAAmB,CAAC;IAC9E,CAAC;IAED,uBAAuB;IACvB,IAAI,OAAO,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC;QAC9B,WAAW,CAAC,UAAU,CAAC,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC;IAClE,CAAC;IAED,oBAAoB;IACpB,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC;QACzB,WAAW,CAAC,UAAU,CAAC,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;IACxD,CAAC;IAED,aAAa;IACb,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,EAAE,CAAC;QAC/B,WAAW,CAAC,UAAU,CAAC,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC;IACpE,CAAC;IAED,yBAAyB;IACzB,IAAI,OAAO,CAAC,QAAQ,EAAE,gBAAgB,EAAE,CAAC;QACrC,WAAW,CAAC,QAAQ,GAAG;YACnB,gBAAgB,EAAE,OAAO,CAAC,QAAQ,CAAC,gBAAgB;SACtD,CAAC;IACN,CAAC;IAED,OAAO,WAAW,CAAC;AACvB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyCG;AACH,SAAgB,mBAAmB,CAAC,MAAqB;IACrD,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,qCAAqC;IACrC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QACpB,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;IAC7D,CAAC;SAAM,CAAC;QACJ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,mFAAmF,CAAC,CAAC;QACrG,CAAC;aAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,UAAU,CAAC,yBAAyB,CAAC,EAAE,CAAC;YAC3E,MAAM,CAAC,IAAI,CAAC,yCAAyC,MAAM,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC,CAAC;QACvF,CAAC;IACL,CAAC;IAED,iCAAiC;IACjC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAChB,MAAM,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;IACzD,CAAC;SAAM,CAAC;QACJ,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;QAC9E,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;YACzB,MAAM,CAAC,IAAI,CAAC,6DAA6D,CAAC,CAAC;QAC/E,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;YACzB,MAAM,CAAC,IAAI,CAAC,6DAA6D,CAAC,CAAC;QAC/E,CAAC;aAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;YAC3D,MAAM,CAAC,IAAI,CAAC,oCAAoC,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC7E,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YACvB,MAAM,CAAC,IAAI,CAAC,2DAA2D,CAAC,CAAC;QAC7E,CAAC;QAED,kCAAkC;QAClC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE,CAAC;YACrC,QAAQ,CAAC,IAAI,CAAC,qEAAqE,CAAC,CAAC;QACzF,CAAC;aAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;YACxE,MAAM,CAAC,IAAI,CAAC,gDAAgD,MAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE,CAAC,CAAC;QACrG,CAAC;QAED,IAAI,MAAM,CAAC,KAAK,CAAC,mBAAmB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;YACpG,MAAM,CAAC,IAAI,CAAC,+CAA+C,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE,CAAC,CAAC;QACnG,CAAC;IACL,CAAC;IAED,sCAAsC;IACtC,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QACrB,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;IAC9D,CAAC;SAAM,CAAC;QACJ,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC;QAClF,CAAC;QAED,wCAAwC;QACxC,IAAI,MAAM,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC;YACxB,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC;YAElC,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;gBACZ,0DAA0D;gBAC1D,IAAI,CAAC,GAAG,CAAC,gBAAgB,IAAI,GAAG,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC3D,MAAM,CAAC,IAAI,CAAC,wEAAwE,CAAC,CAAC;gBAC1F,CAAC;gBACD,IAAI,CAAC,GAAG,CAAC,iBAAiB,IAAI,GAAG,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC7D,MAAM,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;gBAC5E,CAAC;gBACD,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;oBACpB,QAAQ,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC;gBACpF,CAAC;YACL,CAAC;QACL,CAAC;IACL,CAAC;IAED,6CAA6C;IAC7C,IAAI,MAAM,CAAC,QAAQ,EAAE,gBAAgB,EAAE,CAAC;QACpC,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;QAC1D,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,gDAAgD;YAChD,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;YACtD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACvB,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;oBACrB,MAAM,CAAC,IAAI,CAAC,2CAA2C,IAAI,EAAE,CAAC,CAAC;gBACnE,CAAC;YACL,CAAC;QACL,CAAC;IACL,CAAC;IAED,OAAO;QACH,OAAO,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC5B,MAAM;QACN,QAAQ,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;KACvD,CAAC;AACN,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAS,WAAW,CAAC,IAAY;IAC7B,wCAAwC;IACxC,gDAAgD;IAChD,MAAM,WAAW,GAAG,qCAAqC,CAAC;IAE1D,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,6BAA6B;IAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACpB,MAAM,MAAM,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAE7B,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAChC,IAAI,GAAG,GAAG,CAAC,IAAI,GAAG,GAAG,GAAG,EAAE,CAAC;YACvB,OAAO,KAAK,CAAC;QACjB,CAAC;IACL,CAAC;IAED,8BAA8B;IAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrB,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACtC,IAAI,MAAM,GAAG,CAAC,IAAI,MAAM,GAAG,EAAE,EAAE,CAAC;YAC5B,OAAO,KAAK,CAAC;QACjB,CAAC;IACL,CAAC;IAED,OAAO,IAAI,CAAC;AAChB,CAAC"}

package/dist/lib/utils/service-resolver.d.ts

@@ -30,11 +30,6 @@ export interface QuiltServices {
      * @example "quilt.example.com"
      */
     quiltWebHost: string;
-    /**
-     * Iceberg database name (optional)
-     * @example "quilt_iceberg"
-     */
-    icebergDatabase?: string;
     /**
      * Athena workgroup for user queries (optional, from Quilt stack discovery)
      * @example "quilt-user-workgroup"
@@ -45,11 +40,6 @@ export interface QuiltServices {
      * @example "aws-athena-query-results-123456789012-us-east-1"
      */
     athenaResultsBucket?: string;
-    /**
-     * Iceberg workgroup name (optional, from Quilt stack discovery)
-     * @example "quilt-iceberg-workgroup"
-     */
-    icebergWorkgroup?: string;
 }
 /**
  * Options for service resolution
@@ -127,10 +117,8 @@ export declare function validateQueueUrl(url: string): boolean;
  * - `QuiltWebHost`: Quilt catalog web host (e.g., catalog.example.com)
  *
  * **Optional Stack Outputs**:
- * - `IcebergDatabase`: Iceberg database name (if available)
  * - `UserAthenaWorkgroupName`: Athena workgroup for user queries
  * - `AthenaResultsBucketName`: S3 bucket for Athena query results
- * - `IcebergWorkgroupName`: Iceberg workgroup name
  *
  * @param options - Service resolver options
  * @returns Resolved service endpoints
@@ -145,10 +133,8 @@ export declare function validateQueueUrl(url: string): boolean;
  * //   packagerQueueUrl: 'https://sqs.us-east-1.amazonaws.com/123/quilt-queue',
  * //   athenaUserDatabase: 'quilt_catalog',
  * //   quiltWebHost: 'quilt.example.com',
- * //   icebergDatabase: 'quilt_iceberg' (optional),
  * //   athenaUserWorkgroup: 'quilt-user-workgroup' (optional),
- * //   athenaResultsBucket: 'aws-athena-query-results-...' (optional),
- * //   icebergWorkgroup: 'quilt-iceberg-workgroup' (optional)
+ * //   athenaResultsBucket: 'aws-athena-query-results-...' (optional)
  * // }
  */
 export declare function resolveQuiltServices(options: ServiceResolverOptions): Promise<QuiltServices>;

package/dist/lib/utils/service-resolver.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"service-resolver.d.ts","sourceRoot":"","sources":["../../../lib/utils/service-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EACH,oBAAoB,EAEvB,MAAM,gCAAgC,CAAC;AAExC;;GAEG;AACH,MAAM,WAAW,aAAa;IAC1B;;;OAGG;IACH,gBAAgB,EAAE,MAAM,CAAC;IAEzB;;;OAGG;IACH,kBAAkB,EAAE,MAAM,CAAC;IAE3B;;;OAGG;IACH,YAAY,EAAE,MAAM,CAAC;IAErB;;;OAGG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;IAEzB;;;OAGG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAE7B;;;OAGG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAE7B;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACnC;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,kBAAkB,CAAC,EAAE,oBAAoB,CAAC;CAC7C;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,qBAAa,oBAAqB,SAAQ,KAAK;aAGvB,UAAU,CAAC,EAAE,MAAM;aACnB,OAAO,CAAC,EAAE,MAAM;gBAFhC,OAAO,EAAE,MAAM,EACC,UAAU,CAAC,EAAE,MAAM,YAAA,EACnB,OAAO,CAAC,EAAE,MAAM,YAAA;IAUpC,MAAM,IAAI,MAAM;CAanB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,cAAc,CAkBzD;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAEvD;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAYrD;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,wBAAsB,oBAAoB,CACtC,OAAO,EAAE,sBAAsB,GAChC,OAAO,CAAC,aAAa,CAAC,CA4FxB"}
+{"version":3,"file":"service-resolver.d.ts","sourceRoot":"","sources":["../../../lib/utils/service-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EACH,oBAAoB,EAEvB,MAAM,gCAAgC,CAAC;AAExC;;GAEG;AACH,MAAM,WAAW,aAAa;IAC1B;;;OAGG;IACH,gBAAgB,EAAE,MAAM,CAAC;IAEzB;;;OAGG;IACH,kBAAkB,EAAE,MAAM,CAAC;IAE3B;;;OAGG;IACH,YAAY,EAAE,MAAM,CAAC;IAErB;;;OAGG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAE7B;;;OAGG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACnC;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,kBAAkB,CAAC,EAAE,oBAAoB,CAAC;CAC7C;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,qBAAa,oBAAqB,SAAQ,KAAK;aAGvB,UAAU,CAAC,EAAE,MAAM;aACnB,OAAO,CAAC,EAAE,MAAM;gBAFhC,OAAO,EAAE,MAAM,EACC,UAAU,CAAC,EAAE,MAAM,YAAA,EACnB,OAAO,CAAC,EAAE,MAAM,YAAA;IAUpC,MAAM,IAAI,MAAM;CAanB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,cAAc,CAkBzD;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAEvD;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAYrD;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,wBAAsB,oBAAoB,CACtC,OAAO,EAAE,sBAAsB,GAChC,OAAO,CAAC,aAAa,CAAC,CAsFxB"}