cloudburn 0.8.2 → 0.8.4

package/dist/cli.js

@@ -1,7 +1,9 @@
 #!/usr/bin/env node
 
 // src/cli.ts
-import { pathToFileURL } from "url";
+import { realpathSync } from "fs";
+import { resolve as resolve2 } from "path";
+import { fileURLToPath } from "url";
 
 // src/completion/engine.ts
 var buildCompletionTree = (command) => {
@@ -153,6 +155,13 @@ var buildCommandPath = (command) => {
   }
   return names.join(" ");
 };
+var getRootCommand = (command) => {
+  let current = command;
+  while (current.parent !== null) {
+    current = current.parent;
+  }
+  return current;
+};
 var visibleCommands = (command) => command.commands.filter((subcommand) => !subcommand._hidden);
 var getCommandExamples = (command) => {
   const { _cloudburnExamples } = command;
@@ -221,8 +230,9 @@ var formatCloudBurnHelp = (command, helper) => {
   const cloudBurnHelp = helper;
   const helpWidth = helper.helpWidth ?? 80;
   const scenario = getHelpScenario(command);
-  const localOptions = helper.visibleOptions(command);
-  const globalOptions = helper.visibleGlobalOptions(command);
+  const rootCommand = getRootCommand(command);
+  const localOptions = helper.visibleOptions(command).filter((option) => command.options.includes(option));
+  const globalOptions = helper.visibleGlobalOptions(command).filter((option) => rootCommand.options.includes(option));
   const commands = helper.visibleCommands(command);
   const examples = getCommandExamples(command);
   const usageGuidance = getCommandUsageGuidance(command);
@@ -386,7 +396,7 @@ var setCommandUsageGuidance = (command, guidance) => {
 };
 
 // src/commands/completion.ts
-var getRootCommand = (command) => {
+var getRootCommand2 = (command) => {
   let currentCommand = command;
   while (currentCommand.parent !== null) {
     currentCommand = currentCommand.parent;
@@ -441,14 +451,14 @@ var registerCompletionCommand = (program) => {
   for (const shell of ["bash", "fish", "zsh"]) {
     setCommandUsageGuidance(
       completionCommand.command(shell).description(`Generate the autocompletion script for the ${shell} shell.`).option("--no-descriptions", "disable completion descriptions").action(function() {
-        const output = generateCompletionScript(shell, getRootCommand(this));
+        const output = generateCompletionScript(shell, getRootCommand2(this));
         process.stdout.write(output);
       }),
       getCompletionHelpText(shell)
     );
   }
   program.command("__complete", { hidden: true }).argument("[words...]").allowUnknownOption().action(function(words) {
-    const suggestions = resolveCompletionSuggestions(createCompletionTree(getRootCommand(this)), words ?? []);
+    const suggestions = resolveCompletionSuggestions(createCompletionTree(getRootCommand2(this)), words ?? []);
     if (suggestions.length === 0) {
       return;
     }
@@ -480,25 +490,26 @@ var categorize = (err) => {
   if (!(err instanceof Error)) {
     return { code: "RUNTIME_ERROR", message: "An unexpected error occurred." };
   }
-  if (err.name === "CredentialsProviderError" || err.name === "ExpiredTokenException") {
+  const code = "code" in err && typeof err.code === "string" ? err.code : void 0;
+  if (err.name === "CredentialsProviderError" || err.name === "ExpiredTokenException" || code === "CredentialsProviderError" || code === "ExpiredTokenException") {
     return {
       code: "CREDENTIALS_ERROR",
       message: "AWS credentials not found or expired. Run 'aws sts get-caller-identity' to verify your session."
     };
   }
-  if (err.name.includes("AccessDenied")) {
+  if (err.name.includes("AccessDenied") || code?.includes("AccessDenied") === true) {
     return {
       code: "ACCESS_DENIED",
-      message: "Insufficient AWS permissions. Check your IAM role or policy."
+      message: sanitizeRuntimeErrorMessage(err.message).trim() || "Insufficient AWS permissions. Check your IAM role or policy."
     };
   }
   if (err.code === "ENOENT") {
     const path = err.path ?? "unknown";
     return { code: "PATH_NOT_FOUND", message: `Path not found: ${path}` };
   }
-  if ("code" in err && typeof err.code === "string" && isAwsDiscoveryErrorCode(err.code)) {
+  if (code && isAwsDiscoveryErrorCode(code)) {
     return {
-      code: err.code,
+      code,
       message: sanitizeRuntimeErrorMessage(err.message).trim() || "AWS Resource Explorer discovery failed."
     };
   }
@@ -526,6 +537,7 @@ var flattenScanResult = (result) => result.providers.flatMap(
   )
 );
 var countScanResultFindings = (result) => flattenScanResult(result).length;
+var getScanDiagnostics = (result) => result.diagnostics ?? [];
 
 // src/formatters/output.ts
 var DEFAULT_TABLE_WIDTH = 200;
@@ -574,6 +586,8 @@ var renderJson = (response) => {
   switch (response.kind) {
     case "document":
       return JSON.stringify({ content: response.content, contentType: response.contentType }, null, 2);
+    case "discovery-status":
+      return JSON.stringify({ summary: response.summary, regions: response.rows }, null, 2);
     case "record-list":
       return JSON.stringify(response.rows, null, 2);
     case "rule-list":
@@ -590,6 +604,9 @@ var renderText = (response) => {
   switch (response.kind) {
     case "document":
       return response.content;
+    case "discovery-status":
+      return `${response.summaryText}
+${renderTextRows(response.rows, response.columns, "No discovery status available.")}`;
     case "record-list":
       return renderTextRows(response.rows, response.columns, response.emptyMessage);
     case "rule-list":
@@ -615,6 +632,19 @@ var renderTable = (response) => {
           { key: "Value", header: "Value" }
         ]
       );
+    case "discovery-status": {
+      const summaryTable = renderAsciiTable(
+        Object.entries(response.summary).map(([field, value]) => ({ Field: field, Value: value })),
+        [
+          { key: "Field", header: "Field" },
+          { key: "Value", header: "Value" }
+        ]
+      );
+      const regionsTable = response.rows.length === 0 ? "No discovery status available." : renderAsciiTable(response.rows, response.columns ?? inferColumns(response.rows));
+      return `${summaryTable}
+
+${regionsTable}`;
+    }
     case "record-list":
       return response.rows.length === 0 ? response.emptyMessage : renderAsciiTable(response.rows, response.columns ?? inferColumns(response.rows));
     case "rule-list":
@@ -638,19 +668,34 @@ var renderTable = (response) => {
       );
   }
 };
-var projectScanRows = (result) => flattenScanResult(result).map(({ finding, message, provider, ruleId, service, source }) => ({
-  accountId: finding.accountId ?? "",
-  message,
-  path: finding.location?.path ?? "",
-  provider,
-  region: finding.region ?? "",
-  resourceId: finding.resourceId,
-  ruleId,
-  service,
-  source,
-  column: finding.location?.column ?? "",
-  line: finding.location?.line ?? ""
-}));
+var projectScanRows = (result) => [
+  ...flattenScanResult(result).map(({ finding, message, provider, ruleId, service, source }) => ({
+    accountId: finding.accountId ?? "",
+    message,
+    path: finding.location?.path ?? "",
+    provider,
+    region: finding.region ?? "",
+    resourceId: finding.resourceId,
+    ruleId,
+    service,
+    source,
+    column: finding.location?.column ?? "",
+    line: finding.location?.line ?? ""
+  })),
+  ...getScanDiagnostics(result).map((diagnostic) => ({
+    accountId: "",
+    column: "",
+    line: "",
+    message: diagnostic.message,
+    path: "",
+    provider: diagnostic.provider,
+    region: diagnostic.region ?? "",
+    resourceId: "",
+    ruleId: "",
+    service: diagnostic.service,
+    source: diagnostic.source
+  }))
+];
 var renderTextRows = (rows, columns, emptyMessage) => {
   if (rows.length === 0) {
     return emptyMessage;
@@ -822,6 +867,69 @@ var parseRuleIdList = (value) => {
 };
 
 // src/commands/discover.ts
+var describeDiscoverySummary = (status) => {
+  const aggregatorSummary = status.aggregatorRegion ? ` Aggregator region: ${status.aggregatorRegion}.` : "";
+  const warningSummary = status.warning ? ` ${status.warning}` : "";
+  return `Coverage: ${status.coverage}. Indexed ${status.indexedRegionCount} of ${status.totalRegionCount} enabled regions.${aggregatorSummary}${warningSummary}`.trim();
+};
+var describeInitializationMessage = (result) => {
+  const baseMessage = result.indexType === "aggregator" ? result.aggregatorAction === "promoted" ? `Promoted the existing local Resource Explorer index in ${result.aggregatorRegion} to the aggregator.` : result.aggregatorAction === "created" ? `Configured ${result.aggregatorRegion} as the Resource Explorer aggregator.` : result.coverage === "full" ? `Resource Explorer aggregator already exists in ${result.aggregatorRegion}.` : `Resource Explorer aggregator already exists in ${result.aggregatorRegion}, but only ${result.observedStatus.indexedRegionCount} of ${result.observedStatus.totalRegionCount} regions are indexed.` : result.status === "EXISTING" ? `Local Resource Explorer setup already exists in ${result.aggregatorRegion}.` : `Local Resource Explorer setup created in ${result.aggregatorRegion}.`;
+  const indexSummaryParts = [];
+  if (result.createdIndexCount > 0) {
+    indexSummaryParts.push(
+      `Created ${result.createdIndexCount} ${result.createdIndexCount === 1 ? "index" : "indexes"}.`
+    );
+  }
+  if (result.reusedIndexCount > 0) {
+    indexSummaryParts.push(
+      `Reused ${result.reusedIndexCount} existing ${result.reusedIndexCount === 1 ? "index" : "indexes"}.`
+    );
+  }
+  const indexSummary = indexSummaryParts.length === 0 ? "" : ` ${indexSummaryParts.join(" ")}`;
+  const warnings = Array.from(new Set([result.warning, result.observedStatus.warning].filter(Boolean)));
+  const warning = warnings.length === 0 ? "" : ` ${warnings.join(" ")}`;
+  const convergenceNotice = result.verificationStatus === "timed_out" ? " Setup is still converging in AWS, so the observed coverage may still change." : "";
+  return `${baseMessage}${indexSummary}${warning}${convergenceNotice}`.trim();
+};
+var buildInitializationStatusData = (result, message, format) => {
+  const restrictedRegionCount = Math.max(
+    0,
+    result.observedStatus.totalRegionCount - result.observedStatus.accessibleRegionCount
+  );
+  if (format === "json") {
+    return {
+      aggregatorAction: result.aggregatorAction,
+      aggregatorRegion: result.aggregatorRegion,
+      coverage: result.coverage,
+      createdIndexCount: result.createdIndexCount,
+      indexType: result.indexType,
+      message,
+      observedStatus: result.observedStatus,
+      regions: result.regions,
+      reusedIndexCount: result.reusedIndexCount,
+      status: result.status,
+      taskId: result.taskId ?? "",
+      verificationStatus: result.verificationStatus,
+      ...result.warning ? { warning: result.warning } : {}
+    };
+  }
+  return {
+    aggregatorAction: result.aggregatorAction,
+    aggregatorRegion: result.aggregatorRegion,
+    coverage: result.coverage,
+    createdIndexes: String(result.createdIndexCount),
+    details: "Run `cloudburn discover status` for per-region details.",
+    indexedRegions: result.regions.length === 0 ? "none" : result.regions.join(", "),
+    indexedSummary: `${result.observedStatus.indexedRegionCount} of ${result.observedStatus.totalRegionCount}`,
+    indexType: result.indexType,
+    message,
+    reusedIndexes: String(result.reusedIndexCount),
+    ...restrictedRegionCount > 0 ? { restrictedRegions: String(restrictedRegionCount) } : {},
+    status: result.status,
+    taskId: result.taskId ?? "",
+    verificationStatus: result.verificationStatus
+  };
+};
 var parseAwsRegion = (value) => {
   try {
     return assertValidAwsRegion(value);
@@ -860,9 +968,17 @@ var registerDiscoverCommand = (program) => {
   const discoverCommand = setCommandExamples(
     program.command("discover").description("Run a live AWS discovery").enablePositionalOptions().option(
       "--region <region>",
-      'Discovery region to use. Pass "all" to require an aggregator index.',
+      'Discovery region to use. Defaults to the current AWS region from AWS_REGION; use this flag to override it. Pass "all" to check resources in all regions that are indexed in AWS Resource Explorer.',
       parseDiscoverRegion
-    ).option("--config <path>", "Explicit CloudBurn config file to load").option("--enabled-rules <ruleIds>", "Comma-separated rule IDs to enable", parseRuleIdList).option("--disabled-rules <ruleIds>", "Comma-separated rule IDs to disable", parseRuleIdList).option("--exit-code", "Exit with code 1 when findings exist").action(async (options, command) => {
+    ).option("--config <path>", "Explicit CloudBurn config file to load").option(
+      "--enabled-rules <ruleIds>",
+      "Comma-separated rule IDs to enable. When set, CloudBurn checks only these rules. By default, all rules are enabled.",
+      parseRuleIdList
+    ).option(
+      "--disabled-rules <ruleIds>",
+      "Comma-separated rule IDs to disable. By default, all rules are enabled; use this to exclude specific rules.",
+      parseRuleIdList
+    ).option("--exit-code", "Exit with code 1 when findings exist").action(async (options, command) => {
       await runCommand(async () => {
         const scanner = new CloudBurnClient();
         const loadedConfig = await scanner.loadConfig(options.config);
@@ -891,10 +1007,64 @@ var registerDiscoverCommand = (program) => {
       "cloudburn discover",
       "cloudburn discover --region eu-central-1",
       "cloudburn discover --region all",
+      "cloudburn discover status",
       "cloudburn discover list-enabled-regions",
       "cloudburn discover init"
     ]
   );
+  discoverCommand.command("status").description("Show Resource Explorer status across all enabled AWS regions").action(async (_options, command) => {
+    await runCommand(async () => {
+      const scanner = new CloudBurnClient();
+      const parentRegion = discoverCommand.opts().region;
+      const region = parentRegion === "all" ? void 0 : parentRegion;
+      const status = await scanner.getDiscoveryStatus({ region });
+      const format = resolveOutputFormat(command);
+      const rows = format === "json" ? status.regions.map((regionStatus) => ({
+        ...regionStatus,
+        notes: regionStatus.notes ?? ""
+      })) : status.regions.map((regionStatus) => ({
+        region: regionStatus.region,
+        indexType: regionStatus.indexType === void 0 ? "" : regionStatus.isAggregator ? `${regionStatus.indexType} (active)` : regionStatus.indexType,
+        notes: regionStatus.notes ?? "",
+        status: regionStatus.status,
+        viewStatus: regionStatus.viewStatus ?? ""
+      }));
+      const summary = format === "json" ? {
+        accessibleRegionCount: status.accessibleRegionCount,
+        coverage: status.coverage,
+        indexedRegionCount: status.indexedRegionCount,
+        totalRegionCount: status.totalRegionCount,
+        ...status.aggregatorRegion ? { aggregatorRegion: status.aggregatorRegion } : {},
+        ...status.warning ? { warning: status.warning } : {}
+      } : {
+        accessibleRegionCount: status.accessibleRegionCount,
+        aggregatorRegion: status.aggregatorRegion ?? "",
+        coverage: status.coverage,
+        indexedRegionCount: status.indexedRegionCount,
+        totalRegionCount: status.totalRegionCount,
+        ...status.warning ? { warning: status.warning } : {}
+      };
+      const output = renderResponse(
+        {
+          kind: "discovery-status",
+          columns: [
+            { key: "region", header: "Region" },
+            { key: "indexType", header: "IndexType" },
+            { key: "status", header: "Status" },
+            { key: "viewStatus", header: "ViewStatus" },
+            { key: "notes", header: "Notes" }
+          ],
+          rows,
+          summary,
+          summaryText: describeDiscoverySummary(status)
+        },
+        format
+      );
+      process.stdout.write(`${output}
+`);
+      return EXIT_CODE_OK;
+    });
+  });
   discoverCommand.command("list-enabled-regions").description("List AWS regions with a local or aggregator Resource Explorer index").action(async (_options, command) => {
     await runCommand(async () => {
       const scanner = new CloudBurnClient();
@@ -917,24 +1087,22 @@ var registerDiscoverCommand = (program) => {
       return EXIT_CODE_OK;
     });
   });
-  discoverCommand.command("init").description("Set up AWS Resource Explorer for CloudBurn").option("--region <region>", "Aggregator region to create or reuse during setup", parseAwsRegion).action(async (options, command) => {
+  discoverCommand.command("init").description("Set up AWS Resource Explorer for CloudBurn").option(
+    "--region <region>",
+    "Requested aggregator region to create or reuse during setup. This is the main Resource Explorer region that aggregates indexes from other regions when cross-region setup succeeds. Defaults to the current AWS region from AWS_REGION; use this flag to override it.",
+    parseAwsRegion
+  ).action(async (options, command) => {
     await runCommand(async () => {
       const scanner = new CloudBurnClient();
       const parentRegion = discoverCommand.opts().region;
       const region = options.region ?? (parentRegion === "all" ? void 0 : parentRegion);
       const result = await scanner.initializeDiscovery({ region });
-      const message = result.status === "EXISTING" ? `Resource Explorer setup already exists in ${result.aggregatorRegion}.` : `Resource Explorer setup created in ${result.aggregatorRegion}.`;
+      const message = describeInitializationMessage(result);
       const format = resolveOutputFormat(command);
       const output = renderResponse(
         {
           kind: "status",
-          data: {
-            aggregatorRegion: result.aggregatorRegion,
-            message,
-            regions: result.regions,
-            status: result.status,
-            taskId: result.taskId ?? ""
-          },
+          data: buildInitializationStatusData(result, message, format),
           text: message
         },
         format
@@ -1145,7 +1313,15 @@ var toScanConfigOverride = (options) => {
 };
 var registerScanCommand = (program) => {
   setCommandExamples(
-    program.command("scan").description("Run an autodetected static IaC scan").argument("[path]", "Terraform file, CloudFormation template, or directory to scan").option("--config <path>", "Explicit CloudBurn config file to load").option("--enabled-rules <ruleIds>", "Comma-separated rule IDs to enable", parseRuleIdList).option("--disabled-rules <ruleIds>", "Comma-separated rule IDs to disable", parseRuleIdList).option("--exit-code", "Exit with code 1 when findings exist").action(async (path, options, command) => {
+    program.command("scan").description("Run an autodetected static IaC scan").argument("[path]", "Terraform file, CloudFormation template, or directory to scan").option("--config <path>", "Explicit CloudBurn config file to load").option(
+      "--enabled-rules <ruleIds>",
+      "Comma-separated rule IDs to enable. When set, CloudBurn checks only these rules. By default, all rules are enabled.",
+      parseRuleIdList
+    ).option(
+      "--disabled-rules <ruleIds>",
+      "Comma-separated rule IDs to disable. By default, all rules are enabled; use this to exclude specific rules.",
+      parseRuleIdList
+    ).option("--exit-code", "Exit with code 1 when findings exist").action(async (path, options, command) => {
       try {
         const scanner = new CloudBurnClient2();
         const loadedConfig = await scanner.loadConfig(options.config);
@@ -1172,9 +1348,22 @@ var registerScanCommand = (program) => {
 };
 
 // src/cli.ts
+var resolveEntrypointPath = (entrypointPath) => {
+  try {
+    return realpathSync.native(entrypointPath);
+  } catch {
+    return resolve2(entrypointPath);
+  }
+};
+var isCliEntrypoint = (moduleUrl, argvEntry = process.argv[1]) => {
+  if (argvEntry === void 0) {
+    return false;
+  }
+  return resolveEntrypointPath(fileURLToPath(moduleUrl)) === resolveEntrypointPath(argvEntry);
+};
 var createProgram = () => {
   const program = createCliCommand();
-  program.name("cloudburn").usage("[command]").description("Know what you spend. Fix what you waste.").version("0.8.2").option("--format <format>", OUTPUT_FORMAT_OPTION_DESCRIPTION, parseOutputFormat);
+  program.name("cloudburn").usage("[command]").description("Know what you spend. Fix what you waste.").version("0.8.4").option("--format <format>", OUTPUT_FORMAT_OPTION_DESCRIPTION, parseOutputFormat);
   configureCliHelp(program);
   registerCompletionCommand(program);
   registerDiscoverCommand(program);
@@ -1187,11 +1376,11 @@ var createProgram = () => {
 var runCli = async () => {
   await createProgram().parseAsync(process.argv);
 };
-var isMain = process.argv[1] ? import.meta.url === pathToFileURL(process.argv[1]).href : false;
-if (isMain) {
+if (isCliEntrypoint(import.meta.url)) {
   await runCli();
 }
 export {
   createProgram,
+  isCliEntrypoint,
   runCli
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cloudburn",
-  "version": "0.8.2",
+  "version": "0.8.4",
   "description": "Cloudburn CLI for cloud cost optimization",
   "type": "module",
   "bin": {
@@ -11,7 +11,7 @@
   ],
   "dependencies": {
     "commander": "^13.1.0",
-    "@cloudburn/sdk": "0.13.1"
+    "@cloudburn/sdk": "0.13.2"
   },
   "devDependencies": {
     "@biomejs/biome": "^2.4.6",