cdk-insights 1.7.0 → 1.8.0

package/dist/analysis/templateLevel/checks/mixinUsage/complianceCriticalMixins.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Curated registry of compliance-critical CDK Mixins that cdk-insights
+ * checks for stack-wide consistency. Keep this list small and high-signal —
+ * each entry should represent a property where a partial application is
+ * almost certainly an oversight rather than a deliberate exception.
+ *
+ * `cfnResourceType` is the CloudFormation resource type the mixin targets
+ * (per the AWS docs: each mixin targets exactly one resource type and is
+ * named after it). `displayName` is the short human-readable mixin name.
+ */
+export type ComplianceCriticalMixin = {
+    fqn: string;
+    cfnResourceType: string;
+    displayName: string;
+};
+export declare const COMPLIANCE_CRITICAL_MIXINS: ComplianceCriticalMixin[];

package/dist/analysis/templateLevel/checks/mixinUsage/customMixinCrossTypeApplicationCheck.d.ts

@@ -0,0 +1,14 @@
+import type { AnalysisResults, CloudFormationStack, CreateFindingFunction } from '../../../../types/analysis.types';
+/**
+ * Detects when an anonymised custom CDK Mixin (reported as `'*'` by
+ * aws-cdk-lib's analytics writer) is applied across many distinct CFN
+ * resource types in the same stack — the template-visible signature of
+ * `.with(customMixin)` being called on a parent construct, where the
+ * applicator (`withMixins`) calls `target.node.findAll()` and the mixin's
+ * default `supports()` accepts every descendant.
+ *
+ * Emits a single per-stack finding (attached to the first affected
+ * resource) at LOW severity — false-positive rates here are non-trivial,
+ * so the message is framed as a verification prompt rather than a defect.
+ */
+export declare const checkCustomMixinCrossTypeApplication: (template: CloudFormationStack, createFinding: CreateFindingFunction) => AnalysisResults;

package/dist/analysis/templateLevel/checks/mixinUsage/customMixinCrossTypeApplicationCheck.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/analysis/templateLevel/checks/mixinUsage/mixinAppliedWithoutStackCoverageCheck.d.ts

@@ -0,0 +1,18 @@
+import type { AnalysisResults, CloudFormationStack, CreateFindingFunction } from '../../../../types/analysis.types';
+/**
+ * Detects when a compliance-critical CDK Mixin is applied to *some* but not
+ * *all* resources of its target type within a stack. This is the template-
+ * visible footprint of `Mixins.of(scope).apply(...)` being called without
+ * `requireAll()` — when the scope-wide application silently misses some
+ * constructs (e.g., a bucket added later, or one outside the scope), the
+ * inconsistency surfaces here.
+ *
+ * Findings fire on each resource that *lacks* the mixin, suggesting the
+ * user either add the mixin explicitly or migrate to
+ * `Mixins.of(scope).requireAll().apply(...)` to fail synth on misses.
+ *
+ * Mixin attribution is read from `__appliedMixins` populated by
+ * `parseManifestMetadata` from the `aws:cdk:analytics:mixin` manifest
+ * stream (see aws-cdk-lib core/lib/mixins/private/mixin-metadata.ts).
+ */
+export declare const checkMixinAppliedWithoutStackCoverage: (template: CloudFormationStack, createFinding: CreateFindingFunction) => AnalysisResults;

package/dist/analysis/templateLevel/checks/mixinUsage/mixinAppliedWithoutStackCoverageCheck.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/analysis/templateLevel/registry.d.ts

@@ -4,7 +4,7 @@
  * Registers all template-level checks and provides the runner that
  * executes them against a CloudFormation template.
  */
-import type { CloudFormationStack, CreateFindingFunction, AnalysisResults } from '../../types/analysis.types';
+import type { AnalysisResults, CloudFormationStack, CreateFindingFunction } from '../../types/analysis.types';
 import type { TemplateLevelCheckDefinition } from './types';
 /**
  * Run all template-level checks against a CloudFormation stack.