@standards-kit/conform 0.1.0 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (139) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +143 -0
  3. package/dist/{chunk-P7TIZJ4C.js → chunk-DXIYZR62.js} +2 -2
  4. package/dist/chunk-DXIYZR62.js.map +1 -0
  5. package/dist/{chunk-KHO6NIAI.js → chunk-PZ2NVKI7.js} +7 -7
  6. package/dist/chunk-PZ2NVKI7.js.map +1 -0
  7. package/dist/cli.d.ts +2 -0
  8. package/dist/cli.js +14 -14
  9. package/dist/cli.js.map +1 -1
  10. package/dist/code/index.d.ts +11 -0
  11. package/dist/code/tools/base.d.ts +51 -0
  12. package/dist/code/tools/comment-utils.d.ts +17 -0
  13. package/dist/code/tools/coverage-run.d.ts +37 -0
  14. package/dist/code/tools/disable-comments.d.ts +42 -0
  15. package/dist/code/tools/eslint.d.ts +99 -0
  16. package/dist/code/tools/gitleaks.d.ts +42 -0
  17. package/dist/code/tools/index.d.ts +13 -0
  18. package/dist/code/tools/knip.d.ts +20 -0
  19. package/dist/code/tools/naming.d.ts +64 -0
  20. package/dist/code/tools/pipaudit.d.ts +24 -0
  21. package/dist/code/tools/pnpmaudit.d.ts +36 -0
  22. package/dist/code/tools/ruff.d.ts +46 -0
  23. package/dist/code/tools/tsc.d.ts +57 -0
  24. package/dist/code/tools/ty.d.ts +34 -0
  25. package/dist/code/tools/vulture.d.ts +32 -0
  26. package/dist/core/index.d.ts +7 -0
  27. package/dist/core/loader.d.ts +42 -0
  28. package/dist/core/registry.d.ts +17 -0
  29. package/dist/core/schema.d.ts +1829 -0
  30. package/dist/core/types.d.ts +95 -0
  31. package/dist/{src-KZRTG3EU.js → core-KB2W6SE2.js} +3 -3
  32. package/dist/dependencies/index.d.ts +13 -0
  33. package/dist/dependencies/mappings.d.ts +17 -0
  34. package/dist/dependencies/output.d.ts +12 -0
  35. package/dist/dependencies/types.d.ts +34 -0
  36. package/dist/index.d.ts +21 -0
  37. package/dist/index.js +9 -5
  38. package/dist/index.js.map +1 -1
  39. package/dist/infra/arn.d.ts +16 -0
  40. package/dist/infra/checkers/cloudwatch.d.ts +8 -0
  41. package/dist/infra/checkers/dynamodb.d.ts +8 -0
  42. package/dist/infra/checkers/ec2.d.ts +13 -0
  43. package/dist/infra/checkers/ecs.d.ts +13 -0
  44. package/dist/infra/checkers/elasticache.d.ts +13 -0
  45. package/dist/infra/checkers/elb.d.ts +13 -0
  46. package/dist/infra/checkers/gcp/artifactregistry.d.ts +5 -0
  47. package/dist/infra/checkers/gcp/cloudrun.d.ts +5 -0
  48. package/dist/infra/checkers/gcp/iam.d.ts +5 -0
  49. package/dist/infra/checkers/gcp/index.d.ts +17 -0
  50. package/dist/infra/checkers/gcp/secretmanager.d.ts +5 -0
  51. package/dist/infra/checkers/iam.d.ts +8 -0
  52. package/dist/infra/checkers/index.d.ts +26 -0
  53. package/dist/infra/checkers/lambda.d.ts +8 -0
  54. package/dist/infra/checkers/rds.d.ts +13 -0
  55. package/dist/infra/checkers/s3.d.ts +8 -0
  56. package/dist/infra/checkers/secretsmanager.d.ts +8 -0
  57. package/dist/infra/checkers/sns.d.ts +8 -0
  58. package/dist/infra/checkers/sqs.d.ts +8 -0
  59. package/dist/infra/checkers/types.d.ts +28 -0
  60. package/dist/infra/gcp.d.ts +18 -0
  61. package/dist/infra/generate.d.ts +74 -0
  62. package/dist/infra/index.d.ts +59 -0
  63. package/dist/infra/manifest.d.ts +58 -0
  64. package/dist/infra/output.d.ts +8 -0
  65. package/dist/infra/scan.d.ts +25 -0
  66. package/dist/infra/schemas.d.ts +806 -0
  67. package/dist/infra/types.d.ts +8 -0
  68. package/dist/{infra-UXM5XQX3.js → infra-ZQRXX7AW.js} +3 -3
  69. package/dist/infra-ZQRXX7AW.js.map +1 -0
  70. package/dist/mcp/index.d.ts +7 -0
  71. package/dist/mcp/server.d.ts +18 -0
  72. package/dist/mcp/standards/fetcher.d.ts +29 -0
  73. package/dist/mcp/standards/index.d.ts +4 -0
  74. package/dist/mcp/standards/matcher.d.ts +22 -0
  75. package/dist/mcp/standards/parser.d.ts +46 -0
  76. package/dist/mcp/standards/types.d.ts +32 -0
  77. package/dist/mcp/tools/get-guideline.d.ts +26 -0
  78. package/dist/mcp/tools/get-ruleset.d.ts +26 -0
  79. package/dist/mcp/tools/get-standards.d.ts +27 -0
  80. package/dist/mcp/tools/index.d.ts +4 -0
  81. package/dist/mcp/tools/list-guidelines.d.ts +25 -0
  82. package/dist/{mcp-O5O7XVFG.js → mcp-WXYRFNEV.js} +3 -3
  83. package/dist/mcp-WXYRFNEV.js.map +1 -0
  84. package/dist/output/index.d.ts +14 -0
  85. package/dist/process/commands/check-branch.d.ts +13 -0
  86. package/dist/process/commands/check-commit.d.ts +14 -0
  87. package/dist/process/commands/index.d.ts +2 -0
  88. package/dist/process/index.d.ts +11 -0
  89. package/dist/process/scan/index.d.ts +5 -0
  90. package/dist/process/scan/remote-fetcher.d.ts +18 -0
  91. package/dist/process/scan/scanner.d.ts +6 -0
  92. package/dist/process/scan/types.d.ts +57 -0
  93. package/dist/process/scan/validators.d.ts +37 -0
  94. package/dist/process/sync/applier.d.ts +10 -0
  95. package/dist/process/sync/differ.d.ts +7 -0
  96. package/dist/process/sync/fetcher.d.ts +14 -0
  97. package/dist/process/sync/index.d.ts +9 -0
  98. package/dist/process/sync/types.d.ts +131 -0
  99. package/dist/process/sync/validator.d.ts +22 -0
  100. package/dist/process/tools/backups.d.ts +32 -0
  101. package/dist/process/tools/base.d.ts +52 -0
  102. package/dist/process/tools/branches.d.ts +41 -0
  103. package/dist/process/tools/changesets.d.ts +53 -0
  104. package/dist/process/tools/ci.d.ts +57 -0
  105. package/dist/process/tools/codeowners.d.ts +68 -0
  106. package/dist/process/tools/commits.d.ts +39 -0
  107. package/dist/process/tools/coverage.d.ts +57 -0
  108. package/dist/process/tools/docs-helpers.d.ts +44 -0
  109. package/dist/process/tools/docs.d.ts +38 -0
  110. package/dist/process/tools/forbidden-files.d.ts +40 -0
  111. package/dist/process/tools/hooks.d.ts +39 -0
  112. package/dist/process/tools/index.d.ts +14 -0
  113. package/dist/process/tools/pr.d.ts +59 -0
  114. package/dist/process/tools/repo.d.ts +65 -0
  115. package/dist/process/tools/tickets.d.ts +42 -0
  116. package/dist/projects/detector.d.ts +16 -0
  117. package/dist/projects/index.d.ts +4 -0
  118. package/dist/projects/templates.d.ts +15 -0
  119. package/dist/projects/tier-loader.d.ts +14 -0
  120. package/dist/projects/types.d.ts +76 -0
  121. package/dist/{registry-V65CC7IN.js → registry-7CDIMOLZ.js} +2 -2
  122. package/dist/{scan-EELS42BP.js → scan-IKEHLZXV.js} +4 -4
  123. package/dist/{scan-EELS42BP.js.map → scan-IKEHLZXV.js.map} +1 -1
  124. package/dist/{sync-RLYBGYNY.js → sync-XV6XBLVZ.js} +3 -3
  125. package/dist/{sync-RLYBGYNY.js.map → sync-XV6XBLVZ.js.map} +1 -1
  126. package/dist/validate/guidelines.d.ts +18 -0
  127. package/dist/validate/index.d.ts +5 -0
  128. package/dist/validate/tier.d.ts +14 -0
  129. package/dist/validate/types.d.ts +56 -0
  130. package/dist/{validate-AABLVQJS.js → validate-DKEJICCK.js} +3 -3
  131. package/dist/validate-DKEJICCK.js.map +1 -0
  132. package/package.json +26 -19
  133. package/dist/chunk-KHO6NIAI.js.map +0 -1
  134. package/dist/chunk-P7TIZJ4C.js.map +0 -1
  135. package/dist/infra-UXM5XQX3.js.map +0 -1
  136. package/dist/mcp-O5O7XVFG.js.map +0 -1
  137. package/dist/validate-AABLVQJS.js.map +0 -1
  138. /package/dist/{registry-V65CC7IN.js.map → core-KB2W6SE2.js.map} +0 -0
  139. /package/dist/{src-KZRTG3EU.js.map → registry-7CDIMOLZ.js.map} +0 -0
package/dist/infra/schemas.d.ts ADDED
@@ -0,0 +1,806 @@
1
+ /**
2
+ * Zod schemas for runtime validation of infra manifests and resources
3
+ *
4
+ * These schemas validate external inputs like manifest files,
5
+ * stack exports, ARNs, and GCP resource paths at runtime.
6
+ */
7
+ import { z } from "zod";
8
+ /**
9
+ * Cloud provider schema
10
+ */
11
+ export declare const CloudProviderSchema: z.ZodEnum<["aws", "gcp"]>;
12
+ export type CloudProvider = z.infer<typeof CloudProviderSchema>;
13
+ /**
14
+ * Account key schema - format: "provider:accountId"
15
+ * Examples: "aws:123456789012", "gcp:my-project-id"
16
+ */
17
+ export declare const AccountKeySchema: z.ZodString;
18
+ export type AccountKey = z.infer<typeof AccountKeySchema>;
19
+ /**
20
+ * ARN schema - validates AWS ARN format
21
+ *
22
+ * Format: arn:partition:service:region:account-id:resource
23
+ */
24
+ export declare const ArnSchema: z.ZodString;
25
+ export type Arn = z.infer<typeof ArnSchema>;
26
+ /**
27
+ * Parsed ARN schema - components extracted from an ARN
28
+ */
29
+ export declare const ParsedArnSchema: z.ZodObject<{
30
+ /** Cloud provider (always "aws" for ARNs) */
31
+ cloud: z.ZodLiteral<"aws">;
32
+ /** AWS partition (aws, aws-cn, aws-us-gov) */
33
+ partition: z.ZodString;
34
+ /** AWS service (s3, lambda, rds, etc.) */
35
+ service: z.ZodString;
36
+ /** AWS region (empty for global services like S3, IAM) */
37
+ region: z.ZodString;
38
+ /** AWS account ID (empty for S3 buckets) */
39
+ accountId: z.ZodString;
40
+ /** Resource type (e.g., function, table, bucket) */
41
+ resourceType: z.ZodString;
42
+ /** Resource name/identifier */
43
+ resourceId: z.ZodString;
44
+ /** Original ARN string */
45
+ raw: z.ZodString;
46
+ }, "strip", z.ZodTypeAny, {
47
+ region: string;
48
+ cloud: "aws";
49
+ partition: string;
50
+ service: string;
51
+ accountId: string;
52
+ resourceType: string;
53
+ resourceId: string;
54
+ raw: string;
55
+ }, {
56
+ region: string;
57
+ cloud: "aws";
58
+ partition: string;
59
+ service: string;
60
+ accountId: string;
61
+ resourceType: string;
62
+ resourceId: string;
63
+ raw: string;
64
+ }>;
65
+ export type ParsedArn = z.infer<typeof ParsedArnSchema>;
66
+ /**
67
+ * GCP resource path schema - validates GCP resource path format
68
+ *
69
+ * Examples:
70
+ * - projects/my-project/locations/us-central1/functions/my-func
71
+ * - projects/my-project/topics/my-topic
72
+ * - projects/my-project/subscriptions/my-sub
73
+ */
74
+ export declare const GcpResourcePathSchema: z.ZodString;
75
+ export type GcpResourcePath = z.infer<typeof GcpResourcePathSchema>;
76
+ /**
77
+ * Parsed GCP resource schema - components extracted from a GCP resource path
78
+ */
79
+ export declare const ParsedGcpResourceSchema: z.ZodObject<{
80
+ /** Cloud provider (always "gcp" for GCP resources) */
81
+ cloud: z.ZodLiteral<"gcp">;
82
+ /** GCP project ID */
83
+ project: z.ZodString;
84
+ /** GCP service (run, iam, secretmanager, artifactregistry, etc.) */
85
+ service: z.ZodString;
86
+ /** Location/region (us-central1, global, etc.) */
87
+ location: z.ZodString;
88
+ /** Resource type (services, serviceAccounts, secrets, repositories, etc.) */
89
+ resourceType: z.ZodString;
90
+ /** Resource name/ID */
91
+ resourceId: z.ZodString;
92
+ /** Original resource path */
93
+ raw: z.ZodString;
94
+ }, "strip", z.ZodTypeAny, {
95
+ project: string;
96
+ cloud: "gcp";
97
+ service: string;
98
+ resourceType: string;
99
+ resourceId: string;
100
+ raw: string;
101
+ location: string;
102
+ }, {
103
+ project: string;
104
+ cloud: "gcp";
105
+ service: string;
106
+ resourceType: string;
107
+ resourceId: string;
108
+ raw: string;
109
+ location: string;
110
+ }>;
111
+ export type ParsedGcpResource = z.infer<typeof ParsedGcpResourceSchema>;
112
+ /**
113
+ * Generic resource identifier - can be AWS ARN or GCP resource path
114
+ */
115
+ export declare const ResourceIdentifierSchema: z.ZodUnion<[z.ZodString, z.ZodString]>;
116
+ export type ResourceIdentifier = z.infer<typeof ResourceIdentifierSchema>;
117
+ /**
118
+ * Account identifier schema - parsed from account key
119
+ */
120
+ export declare const AccountIdSchema: z.ZodObject<{
121
+ /** Cloud provider */
122
+ cloud: z.ZodEnum<["aws", "gcp"]>;
123
+ /** AWS account ID or GCP project ID */
124
+ id: z.ZodString;
125
+ }, "strip", z.ZodTypeAny, {
126
+ id: string;
127
+ cloud: "aws" | "gcp";
128
+ }, {
129
+ id: string;
130
+ cloud: "aws" | "gcp";
131
+ }>;
132
+ export type AccountId = z.infer<typeof AccountIdSchema>;
133
+ /**
134
+ * Account entry in a multi-account manifest
135
+ */
136
+ export declare const ManifestAccountSchema: z.ZodObject<{
137
+ /** Optional human-readable alias for this account */
138
+ alias: z.ZodOptional<z.ZodString>;
139
+ /** List of resource identifiers (ARNs or GCP resource paths) */
140
+ resources: z.ZodArray<z.ZodString, "many">;
141
+ }, "strip", z.ZodTypeAny, {
142
+ resources: string[];
143
+ alias?: string | undefined;
144
+ }, {
145
+ resources: string[];
146
+ alias?: string | undefined;
147
+ }>;
148
+ export type ManifestAccount = z.infer<typeof ManifestAccountSchema>;
149
+ /**
150
+ * V2 Multi-account manifest schema
151
+ *
152
+ * Resources are grouped by cloud account (AWS account ID or GCP project ID)
153
+ */
154
+ export declare const MultiAccountManifestSchema: z.ZodObject<{
155
+ /** Manifest version - must be 2 for multi-account format */
156
+ version: z.ZodLiteral<2>;
157
+ /** Optional project name */
158
+ project: z.ZodOptional<z.ZodString>;
159
+ /** Resources grouped by account key (e.g., "aws:123456789012", "gcp:my-project") */
160
+ accounts: z.ZodRecord<z.ZodString, z.ZodObject<{
161
+ /** Optional human-readable alias for this account */
162
+ alias: z.ZodOptional<z.ZodString>;
163
+ /** List of resource identifiers (ARNs or GCP resource paths) */
164
+ resources: z.ZodArray<z.ZodString, "many">;
165
+ }, "strip", z.ZodTypeAny, {
166
+ resources: string[];
167
+ alias?: string | undefined;
168
+ }, {
169
+ resources: string[];
170
+ alias?: string | undefined;
171
+ }>>;
172
+ }, "strip", z.ZodTypeAny, {
173
+ version: 2;
174
+ accounts: Record<string, {
175
+ resources: string[];
176
+ alias?: string | undefined;
177
+ }>;
178
+ project?: string | undefined;
179
+ }, {
180
+ version: 2;
181
+ accounts: Record<string, {
182
+ resources: string[];
183
+ alias?: string | undefined;
184
+ }>;
185
+ project?: string | undefined;
186
+ }>;
187
+ export type MultiAccountManifest = z.infer<typeof MultiAccountManifestSchema>;
188
+ /**
189
+ * Legacy manifest schema (v1) - flat array of resources
190
+ */
191
+ export declare const LegacyManifestSchema: z.ZodObject<{
192
+ /** Optional manifest version (1 or undefined for legacy) */
193
+ version: z.ZodOptional<z.ZodLiteral<1>>;
194
+ /** Optional project name */
195
+ project: z.ZodOptional<z.ZodString>;
196
+ /** Flat list of resource identifiers */
197
+ resources: z.ZodArray<z.ZodString, "many">;
198
+ }, "strip", z.ZodTypeAny, {
199
+ resources: string[];
200
+ version?: 1 | undefined;
201
+ project?: string | undefined;
202
+ }, {
203
+ resources: string[];
204
+ version?: 1 | undefined;
205
+ project?: string | undefined;
206
+ }>;
207
+ export type LegacyManifest = z.infer<typeof LegacyManifestSchema>;
208
+ /**
209
+ * Any manifest schema - accepts either v1 or v2 format
210
+ */
211
+ export declare const ManifestSchema: z.ZodUnion<[z.ZodObject<{
212
+ /** Manifest version - must be 2 for multi-account format */
213
+ version: z.ZodLiteral<2>;
214
+ /** Optional project name */
215
+ project: z.ZodOptional<z.ZodString>;
216
+ /** Resources grouped by account key (e.g., "aws:123456789012", "gcp:my-project") */
217
+ accounts: z.ZodRecord<z.ZodString, z.ZodObject<{
218
+ /** Optional human-readable alias for this account */
219
+ alias: z.ZodOptional<z.ZodString>;
220
+ /** List of resource identifiers (ARNs or GCP resource paths) */
221
+ resources: z.ZodArray<z.ZodString, "many">;
222
+ }, "strip", z.ZodTypeAny, {
223
+ resources: string[];
224
+ alias?: string | undefined;
225
+ }, {
226
+ resources: string[];
227
+ alias?: string | undefined;
228
+ }>>;
229
+ }, "strip", z.ZodTypeAny, {
230
+ version: 2;
231
+ accounts: Record<string, {
232
+ resources: string[];
233
+ alias?: string | undefined;
234
+ }>;
235
+ project?: string | undefined;
236
+ }, {
237
+ version: 2;
238
+ accounts: Record<string, {
239
+ resources: string[];
240
+ alias?: string | undefined;
241
+ }>;
242
+ project?: string | undefined;
243
+ }>, z.ZodObject<{
244
+ /** Optional manifest version (1 or undefined for legacy) */
245
+ version: z.ZodOptional<z.ZodLiteral<1>>;
246
+ /** Optional project name */
247
+ project: z.ZodOptional<z.ZodString>;
248
+ /** Flat list of resource identifiers */
249
+ resources: z.ZodArray<z.ZodString, "many">;
250
+ }, "strip", z.ZodTypeAny, {
251
+ resources: string[];
252
+ version?: 1 | undefined;
253
+ project?: string | undefined;
254
+ }, {
255
+ resources: string[];
256
+ version?: 1 | undefined;
257
+ project?: string | undefined;
258
+ }>]>;
259
+ export type Manifest = z.infer<typeof ManifestSchema>;
260
+ /**
261
+ * Result of checking a single resource
262
+ */
263
+ export declare const ResourceCheckResultSchema: z.ZodObject<{
264
+ /** The resource ARN or GCP path */
265
+ arn: z.ZodString;
266
+ /** Whether the resource exists */
267
+ exists: z.ZodBoolean;
268
+ /** Error message if check failed */
269
+ error: z.ZodOptional<z.ZodString>;
270
+ /** Service name (e.g., s3, lambda, run) */
271
+ service: z.ZodString;
272
+ /** Resource type (e.g., bucket, function) */
273
+ resourceType: z.ZodString;
274
+ /** Resource identifier */
275
+ resourceId: z.ZodString;
276
+ }, "strip", z.ZodTypeAny, {
277
+ exists: boolean;
278
+ service: string;
279
+ resourceType: string;
280
+ resourceId: string;
281
+ arn: string;
282
+ error?: string | undefined;
283
+ }, {
284
+ exists: boolean;
285
+ service: string;
286
+ resourceType: string;
287
+ resourceId: string;
288
+ arn: string;
289
+ error?: string | undefined;
290
+ }>;
291
+ export type ResourceCheckResult = z.infer<typeof ResourceCheckResultSchema>;
292
+ /**
293
+ * Scan summary statistics
294
+ */
295
+ export declare const InfraScanSummarySchema: z.ZodObject<{
296
+ /** Total resources checked */
297
+ total: z.ZodNumber;
298
+ /** Resources that exist */
299
+ found: z.ZodNumber;
300
+ /** Resources that don't exist */
301
+ missing: z.ZodNumber;
302
+ /** Resources that couldn't be checked (errors) */
303
+ errors: z.ZodNumber;
304
+ }, "strip", z.ZodTypeAny, {
305
+ total: number;
306
+ missing: number;
307
+ found: number;
308
+ errors: number;
309
+ }, {
310
+ total: number;
311
+ missing: number;
312
+ found: number;
313
+ errors: number;
314
+ }>;
315
+ export type InfraScanSummary = z.infer<typeof InfraScanSummarySchema>;
316
+ /**
317
+ * Per-account scan results
318
+ */
319
+ declare const AccountScanResultSchema: z.ZodObject<{
320
+ /** Account alias if provided */
321
+ alias: z.ZodOptional<z.ZodString>;
322
+ /** Individual resource check results */
323
+ results: z.ZodArray<z.ZodObject<{
324
+ /** The resource ARN or GCP path */
325
+ arn: z.ZodString;
326
+ /** Whether the resource exists */
327
+ exists: z.ZodBoolean;
328
+ /** Error message if check failed */
329
+ error: z.ZodOptional<z.ZodString>;
330
+ /** Service name (e.g., s3, lambda, run) */
331
+ service: z.ZodString;
332
+ /** Resource type (e.g., bucket, function) */
333
+ resourceType: z.ZodString;
334
+ /** Resource identifier */
335
+ resourceId: z.ZodString;
336
+ }, "strip", z.ZodTypeAny, {
337
+ exists: boolean;
338
+ service: string;
339
+ resourceType: string;
340
+ resourceId: string;
341
+ arn: string;
342
+ error?: string | undefined;
343
+ }, {
344
+ exists: boolean;
345
+ service: string;
346
+ resourceType: string;
347
+ resourceId: string;
348
+ arn: string;
349
+ error?: string | undefined;
350
+ }>, "many">;
351
+ /** Summary statistics for this account */
352
+ summary: z.ZodObject<{
353
+ /** Total resources checked */
354
+ total: z.ZodNumber;
355
+ /** Resources that exist */
356
+ found: z.ZodNumber;
357
+ /** Resources that don't exist */
358
+ missing: z.ZodNumber;
359
+ /** Resources that couldn't be checked (errors) */
360
+ errors: z.ZodNumber;
361
+ }, "strip", z.ZodTypeAny, {
362
+ total: number;
363
+ missing: number;
364
+ found: number;
365
+ errors: number;
366
+ }, {
367
+ total: number;
368
+ missing: number;
369
+ found: number;
370
+ errors: number;
371
+ }>;
372
+ }, "strip", z.ZodTypeAny, {
373
+ summary: {
374
+ total: number;
375
+ missing: number;
376
+ found: number;
377
+ errors: number;
378
+ };
379
+ results: {
380
+ exists: boolean;
381
+ service: string;
382
+ resourceType: string;
383
+ resourceId: string;
384
+ arn: string;
385
+ error?: string | undefined;
386
+ }[];
387
+ alias?: string | undefined;
388
+ }, {
389
+ summary: {
390
+ total: number;
391
+ missing: number;
392
+ found: number;
393
+ errors: number;
394
+ };
395
+ results: {
396
+ exists: boolean;
397
+ service: string;
398
+ resourceType: string;
399
+ resourceId: string;
400
+ arn: string;
401
+ error?: string | undefined;
402
+ }[];
403
+ alias?: string | undefined;
404
+ }>;
405
+ export type AccountScanResult = z.infer<typeof AccountScanResultSchema>;
406
+ /**
407
+ * Full infrastructure scan result
408
+ */
409
+ export declare const InfraScanResultSchema: z.ZodObject<{
410
+ /** Path to the manifest file */
411
+ manifest: z.ZodString;
412
+ /** Project name */
413
+ project: z.ZodOptional<z.ZodString>;
414
+ /** Individual resource check results */
415
+ results: z.ZodArray<z.ZodObject<{
416
+ /** The resource ARN or GCP path */
417
+ arn: z.ZodString;
418
+ /** Whether the resource exists */
419
+ exists: z.ZodBoolean;
420
+ /** Error message if check failed */
421
+ error: z.ZodOptional<z.ZodString>;
422
+ /** Service name (e.g., s3, lambda, run) */
423
+ service: z.ZodString;
424
+ /** Resource type (e.g., bucket, function) */
425
+ resourceType: z.ZodString;
426
+ /** Resource identifier */
427
+ resourceId: z.ZodString;
428
+ }, "strip", z.ZodTypeAny, {
429
+ exists: boolean;
430
+ service: string;
431
+ resourceType: string;
432
+ resourceId: string;
433
+ arn: string;
434
+ error?: string | undefined;
435
+ }, {
436
+ exists: boolean;
437
+ service: string;
438
+ resourceType: string;
439
+ resourceId: string;
440
+ arn: string;
441
+ error?: string | undefined;
442
+ }>, "many">;
443
+ /** Summary statistics */
444
+ summary: z.ZodObject<{
445
+ /** Total resources checked */
446
+ total: z.ZodNumber;
447
+ /** Resources that exist */
448
+ found: z.ZodNumber;
449
+ /** Resources that don't exist */
450
+ missing: z.ZodNumber;
451
+ /** Resources that couldn't be checked (errors) */
452
+ errors: z.ZodNumber;
453
+ }, "strip", z.ZodTypeAny, {
454
+ total: number;
455
+ missing: number;
456
+ found: number;
457
+ errors: number;
458
+ }, {
459
+ total: number;
460
+ missing: number;
461
+ found: number;
462
+ errors: number;
463
+ }>;
464
+ /** Per-account results (only present for multi-account manifests) */
465
+ accountResults: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
466
+ /** Account alias if provided */
467
+ alias: z.ZodOptional<z.ZodString>;
468
+ /** Individual resource check results */
469
+ results: z.ZodArray<z.ZodObject<{
470
+ /** The resource ARN or GCP path */
471
+ arn: z.ZodString;
472
+ /** Whether the resource exists */
473
+ exists: z.ZodBoolean;
474
+ /** Error message if check failed */
475
+ error: z.ZodOptional<z.ZodString>;
476
+ /** Service name (e.g., s3, lambda, run) */
477
+ service: z.ZodString;
478
+ /** Resource type (e.g., bucket, function) */
479
+ resourceType: z.ZodString;
480
+ /** Resource identifier */
481
+ resourceId: z.ZodString;
482
+ }, "strip", z.ZodTypeAny, {
483
+ exists: boolean;
484
+ service: string;
485
+ resourceType: string;
486
+ resourceId: string;
487
+ arn: string;
488
+ error?: string | undefined;
489
+ }, {
490
+ exists: boolean;
491
+ service: string;
492
+ resourceType: string;
493
+ resourceId: string;
494
+ arn: string;
495
+ error?: string | undefined;
496
+ }>, "many">;
497
+ /** Summary statistics for this account */
498
+ summary: z.ZodObject<{
499
+ /** Total resources checked */
500
+ total: z.ZodNumber;
501
+ /** Resources that exist */
502
+ found: z.ZodNumber;
503
+ /** Resources that don't exist */
504
+ missing: z.ZodNumber;
505
+ /** Resources that couldn't be checked (errors) */
506
+ errors: z.ZodNumber;
507
+ }, "strip", z.ZodTypeAny, {
508
+ total: number;
509
+ missing: number;
510
+ found: number;
511
+ errors: number;
512
+ }, {
513
+ total: number;
514
+ missing: number;
515
+ found: number;
516
+ errors: number;
517
+ }>;
518
+ }, "strip", z.ZodTypeAny, {
519
+ summary: {
520
+ total: number;
521
+ missing: number;
522
+ found: number;
523
+ errors: number;
524
+ };
525
+ results: {
526
+ exists: boolean;
527
+ service: string;
528
+ resourceType: string;
529
+ resourceId: string;
530
+ arn: string;
531
+ error?: string | undefined;
532
+ }[];
533
+ alias?: string | undefined;
534
+ }, {
535
+ summary: {
536
+ total: number;
537
+ missing: number;
538
+ found: number;
539
+ errors: number;
540
+ };
541
+ results: {
542
+ exists: boolean;
543
+ service: string;
544
+ resourceType: string;
545
+ resourceId: string;
546
+ arn: string;
547
+ error?: string | undefined;
548
+ }[];
549
+ alias?: string | undefined;
550
+ }>>>;
551
+ }, "strip", z.ZodTypeAny, {
552
+ manifest: string;
553
+ summary: {
554
+ total: number;
555
+ missing: number;
556
+ found: number;
557
+ errors: number;
558
+ };
559
+ results: {
560
+ exists: boolean;
561
+ service: string;
562
+ resourceType: string;
563
+ resourceId: string;
564
+ arn: string;
565
+ error?: string | undefined;
566
+ }[];
567
+ project?: string | undefined;
568
+ accountResults?: Record<string, {
569
+ summary: {
570
+ total: number;
571
+ missing: number;
572
+ found: number;
573
+ errors: number;
574
+ };
575
+ results: {
576
+ exists: boolean;
577
+ service: string;
578
+ resourceType: string;
579
+ resourceId: string;
580
+ arn: string;
581
+ error?: string | undefined;
582
+ }[];
583
+ alias?: string | undefined;
584
+ }> | undefined;
585
+ }, {
586
+ manifest: string;
587
+ summary: {
588
+ total: number;
589
+ missing: number;
590
+ found: number;
591
+ errors: number;
592
+ };
593
+ results: {
594
+ exists: boolean;
595
+ service: string;
596
+ resourceType: string;
597
+ resourceId: string;
598
+ arn: string;
599
+ error?: string | undefined;
600
+ }[];
601
+ project?: string | undefined;
602
+ accountResults?: Record<string, {
603
+ summary: {
604
+ total: number;
605
+ missing: number;
606
+ found: number;
607
+ errors: number;
608
+ };
609
+ results: {
610
+ exists: boolean;
611
+ service: string;
612
+ resourceType: string;
613
+ resourceId: string;
614
+ arn: string;
615
+ error?: string | undefined;
616
+ }[];
617
+ alias?: string | undefined;
618
+ }> | undefined;
619
+ }>;
620
+ export type InfraScanResult = z.infer<typeof InfraScanResultSchema>;
621
+ /**
622
+ * Options for programmatic API
623
+ */
624
+ export interface ScanInfraOptions {
625
+ /** Path to manifest file */
626
+ manifestPath?: string;
627
+ /** Path to config file */
628
+ configPath?: string;
629
+ /** Filter to specific account (by alias or account key like "aws:123") */
630
+ account?: string;
631
+ }
632
+ /**
633
+ * Options for CLI handler
634
+ */
635
+ export type RunInfraScanOptions = ScanInfraOptions & {
636
+ /** Output format */
637
+ format?: "text" | "json";
638
+ };
639
+ /**
640
+ * Pulumi resource in stack export
641
+ */
642
+ export declare const PulumiResourceSchema: z.ZodObject<{
643
+ urn: z.ZodOptional<z.ZodString>;
644
+ type: z.ZodOptional<z.ZodString>;
645
+ inputs: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
646
+ outputs: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
647
+ }, "strip", z.ZodTypeAny, {
648
+ type?: string | undefined;
649
+ urn?: string | undefined;
650
+ inputs?: Record<string, unknown> | undefined;
651
+ outputs?: Record<string, unknown> | undefined;
652
+ }, {
653
+ type?: string | undefined;
654
+ urn?: string | undefined;
655
+ inputs?: Record<string, unknown> | undefined;
656
+ outputs?: Record<string, unknown> | undefined;
657
+ }>;
658
+ export type PulumiResource = z.infer<typeof PulumiResourceSchema>;
659
+ /**
660
+ * Pulumi stack export schema (simplified)
661
+ */
662
+ export declare const PulumiStackExportSchema: z.ZodObject<{
663
+ version: z.ZodOptional<z.ZodNumber>;
664
+ deployment: z.ZodOptional<z.ZodObject<{
665
+ manifest: z.ZodOptional<z.ZodObject<{
666
+ time: z.ZodOptional<z.ZodString>;
667
+ magic: z.ZodOptional<z.ZodString>;
668
+ version: z.ZodOptional<z.ZodString>;
669
+ }, "strip", z.ZodTypeAny, {
670
+ time?: string | undefined;
671
+ version?: string | undefined;
672
+ magic?: string | undefined;
673
+ }, {
674
+ time?: string | undefined;
675
+ version?: string | undefined;
676
+ magic?: string | undefined;
677
+ }>>;
678
+ resources: z.ZodOptional<z.ZodArray<z.ZodObject<{
679
+ urn: z.ZodOptional<z.ZodString>;
680
+ type: z.ZodOptional<z.ZodString>;
681
+ inputs: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
682
+ outputs: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
683
+ }, "strip", z.ZodTypeAny, {
684
+ type?: string | undefined;
685
+ urn?: string | undefined;
686
+ inputs?: Record<string, unknown> | undefined;
687
+ outputs?: Record<string, unknown> | undefined;
688
+ }, {
689
+ type?: string | undefined;
690
+ urn?: string | undefined;
691
+ inputs?: Record<string, unknown> | undefined;
692
+ outputs?: Record<string, unknown> | undefined;
693
+ }>, "many">>;
694
+ }, "strip", z.ZodTypeAny, {
695
+ manifest?: {
696
+ time?: string | undefined;
697
+ version?: string | undefined;
698
+ magic?: string | undefined;
699
+ } | undefined;
700
+ resources?: {
701
+ type?: string | undefined;
702
+ urn?: string | undefined;
703
+ inputs?: Record<string, unknown> | undefined;
704
+ outputs?: Record<string, unknown> | undefined;
705
+ }[] | undefined;
706
+ }, {
707
+ manifest?: {
708
+ time?: string | undefined;
709
+ version?: string | undefined;
710
+ magic?: string | undefined;
711
+ } | undefined;
712
+ resources?: {
713
+ type?: string | undefined;
714
+ urn?: string | undefined;
715
+ inputs?: Record<string, unknown> | undefined;
716
+ outputs?: Record<string, unknown> | undefined;
717
+ }[] | undefined;
718
+ }>>;
719
+ }, "strip", z.ZodTypeAny, {
720
+ version?: number | undefined;
721
+ deployment?: {
722
+ manifest?: {
723
+ time?: string | undefined;
724
+ version?: string | undefined;
725
+ magic?: string | undefined;
726
+ } | undefined;
727
+ resources?: {
728
+ type?: string | undefined;
729
+ urn?: string | undefined;
730
+ inputs?: Record<string, unknown> | undefined;
731
+ outputs?: Record<string, unknown> | undefined;
732
+ }[] | undefined;
733
+ } | undefined;
734
+ }, {
735
+ version?: number | undefined;
736
+ deployment?: {
737
+ manifest?: {
738
+ time?: string | undefined;
739
+ version?: string | undefined;
740
+ magic?: string | undefined;
741
+ } | undefined;
742
+ resources?: {
743
+ type?: string | undefined;
744
+ urn?: string | undefined;
745
+ inputs?: Record<string, unknown> | undefined;
746
+ outputs?: Record<string, unknown> | undefined;
747
+ }[] | undefined;
748
+ } | undefined;
749
+ }>;
750
+ export type PulumiStackExport = z.infer<typeof PulumiStackExportSchema>;
751
+ /**
752
+ * Validate an ARN string
753
+ * @throws ZodError if invalid
754
+ */
755
+ export declare function validateArn(arn: string): Arn;
756
+ /**
757
+ * Check if a string is a valid ARN format
758
+ */
759
+ export declare function isValidArnFormat(arn: string): boolean;
760
+ /**
761
+ * Validate a GCP resource path
762
+ * @throws ZodError if invalid
763
+ */
764
+ export declare function validateGcpResourcePath(path: string): GcpResourcePath;
765
+ /**
766
+ * Check if a string is a valid GCP resource path
767
+ */
768
+ export declare function isValidGcpResourcePath(path: string): boolean;
769
+ /**
770
+ * Validate an account key string
771
+ * @throws ZodError if invalid
772
+ */
773
+ export declare function validateAccountKey(key: string): AccountKey;
774
+ /**
775
+ * Check if a string is a valid account key
776
+ */
777
+ export declare function isValidAccountKey(key: string): boolean;
778
+ /**
779
+ * Validate a legacy (v1) manifest
780
+ * @throws ZodError if invalid
781
+ */
782
+ export declare function validateLegacyManifest(data: unknown): LegacyManifest;
783
+ /**
784
+ * Validate a multi-account (v2) manifest
785
+ * @throws ZodError if invalid
786
+ */
787
+ export declare function validateMultiAccountManifest(data: unknown): MultiAccountManifest;
788
+ /**
789
+ * Validate any manifest format (v1 or v2)
790
+ * @throws ZodError if invalid
791
+ */
792
+ export declare function validateManifest(data: unknown): Manifest;
793
+ /**
794
+ * Check if data is a valid multi-account (v2) manifest
795
+ */
796
+ export declare function isMultiAccountManifestSchema(data: unknown): data is MultiAccountManifest;
797
+ /**
798
+ * Check if data is a valid legacy (v1) manifest
799
+ */
800
+ export declare function isLegacyManifestSchema(data: unknown): data is LegacyManifest;
801
+ /**
802
+ * Validate a Pulumi stack export
803
+ * @throws ZodError if invalid
804
+ */
805
+ export declare function validateStackExport(data: unknown): PulumiStackExport;
806
+ export {};