fjall 0.95.0 → 0.99.1

package/bin/assets/src/util/agent/tokenScopes.js

@@ -0,0 +1 @@
+const r={"apps list":["read"],"apps describe":["read"],"apps create":["write"],status:["read"],deploy:["deploy"],destroy:["destroy"],build:["deploy"],"secrets list":["secrets:read"],"secrets get":["secrets:read"],"secrets set":["secrets:write"],"secrets delete":["secrets:write"],"secrets import":["secrets:write"],"secrets export":["secrets:read"],"secrets exec":["secrets:read"],connect:["write"],login:["read"],list:["read"],add:["write"],remove:["write"],modify:["write"],undo:["write"],validate:["read"],history:["read"],tunnel:["read"],"target list":["read"],"target get":["read"],"target set":["write"],"domain list":["read"],"domain verify":["read"],"domain export":["read"],"domain import":["write"],"create domain":["write"],"create account":["write"],"create org":["write"],restore:["write"],import:["write"],sync:["write"],"user list":["read"],"user create":["admin"],"user destroy":["admin"],"user associate":["admin"],"user dissociate":["admin"],"token create":["admin"],"token list":["read"],"token revoke":["admin"],"costs show":["read"],"metrics show":["read"],"compliance fix":["read"],"deploy diff":["read"],"deploy logs":["read"],"aws exec":["read"]};function t(e){return r[e]}export{r as COMMAND_SCOPES,t as getRequiredScopes};

package/bin/assets/src/util/agent/toonFormatter.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Centralised TOON rendering wrapper for AXI agent output. This is the ONLY
+ * file in the codebase that imports from `@toon-format/toon`. All TOON
+ * rendering is funnelled here so the library can be swapped without touching
+ * callers.
+ *
+ * Masking is NOT this file's responsibility — the AgentOutputWriter masks
+ * before calling the formatter. The formatter renders whatever it receives.
+ */
+import type { AgentError, ActionRequired, StreamEvent, TabularSchema } from "./schemas/types.js";
+export declare const BLOCK_SEPARATOR = "---";
+/**
+ * Render a single object as TOON key-value pairs.
+ * Empty objects produce an empty string.
+ */
+export declare function renderObject(obj: unknown): string;
+/**
+ * Render a tabular array with header row and optional aggregates.
+ *
+ * Each item is projected through `schema.project()` to guarantee uniform
+ * flat rows, which triggers TOON's tabular encoding path.
+ */
+export declare function renderList<T>(items: readonly T[], schema: TabularSchema<T>, meta?: {
+    entity: string;
+    aggregates?: Record<string, number | string>;
+}): string;
+/**
+ * Render a structured error block. Uses manual rendering (not `encode()`)
+ * because AXI format has `error:` as a top-level key, not wrapped in an
+ * object.
+ */
+export declare function renderError(error: AgentError): string;
+/**
+ * Render an action-required block. Manual rendering like error, plus
+ * optional `choices[N]:` and details.
+ */
+export declare function renderActionRequired(action: ActionRequired): string;
+/**
+ * Render help lines manually. TOON would inline scalar arrays as
+ * `help[3]: a,b,c` on one line, but AXI requires each help line on its
+ * own indented row.
+ */
+export declare function renderHelp(lines: readonly string[]): string;
+/**
+ * Render a single streaming event.
+ *
+ * - Primitive value: `<operation>.<field>: <value>`
+ * - Object/array value: delegate to `encode()`
+ */
+export declare function renderEvent(event: StreamEvent): string;
+/**
+ * Join multiple rendered blocks with the block separator.
+ * Empty strings are filtered out. Result ends with exactly one newline.
+ */
+export declare function joinBlocks(blocks: readonly string[]): string;

package/bin/assets/src/util/agent/toonFormatter.js

@@ -0,0 +1,14 @@
+import{encode as o}from"@toon-format/toon";const p="---";function f(e){return typeof e=="object"&&e!==null&&!Array.isArray(e)&&Object.keys(e).length>0}function c(e){return o(e)}function $(e){return f(e)?o(e):""}function m(e,n,t){const i=t?.entity??"items",r=e.map(u=>n.project(u)),d={[i]:r,...t?.aggregates??{}};return o(d)}function y(e){const n=[];if(n.push(`error: ${s(e.message)}`),n.push(`code: ${e.code}`),e.userActionRequired!==void 0&&n.push(`userActionRequired: ${e.userActionRequired}`),e.details!==void 0&&Object.keys(e.details).length>0){const i=c(e.details).split(`
+`).map(r=>`  ${r}`).join(`
+`);n.push("details:"),n.push(i)}return n.join(`
+`)}function j(e){const n=[];if(n.push(`action: ${s(e.action)}`),n.push(`message: ${s(e.message)}`),n.push(`userActionRequired: ${e.userActionRequired}`),e.choices!==void 0&&e.choices.length>0){n.push(`choices[${e.choices.length}]:`);for(const t of e.choices)n.push(`  ${t}`)}if(e.details!==void 0&&Object.keys(e.details).length>0){const i=c(e.details).split(`
+`).map(r=>`  ${r}`).join(`
+`);n.push("details:"),n.push(i)}return n.join(`
+`)}function a(e){const n=`help[${e.length}]:`;if(e.length===0)return n;const t=e.map(i=>`  ${i}`);return[n,...t].join(`
+`)}function A(e){const n=`${e.operation}.${e.field}`;return h(e.value)?`${n}: ${l(e.value)}
+`:o({[n]:e.value})+`
+`}function R(e){const n=e.filter(i=>i.length>0);if(n.length===0)return"";const t=n.join(`
+${p}
+`);return t.endsWith(`
+`)?t:t+`
+`}function h(e){return e===null||typeof e=="string"||typeof e=="number"||typeof e=="boolean"}function l(e){return e===null?"null":typeof e=="string"?s(e):String(e)}function s(e){return e.includes(":")||e.includes(",")||e.includes('"')?`"${e.replace(/\\/g,"\\\\").replace(/"/g,'\\"')}"`:e}export{p as BLOCK_SEPARATOR,R as joinBlocks,j as renderActionRequired,y as renderError,A as renderEvent,a as renderHelp,m as renderList,$ as renderObject};

package/bin/assets/src/util/api/Credentials.d.ts

@@ -0,0 +1,13 @@
+export default class Credentials {
+    apiKey: string | null;
+    constructor(apiKey?: string);
+    setApiKey(value: string): void;
+    toObject(): {
+        apiKey: string | null;
+    };
+    saveCredentials(): void;
+    static directoryPath(): string;
+    static filePath(): string;
+    static loadCredentials(): Credentials | null;
+    private static loadCredentialFile;
+}

package/bin/assets/src/util/api/Credentials.js

@@ -0,0 +1 @@
+import*as r from"fs";import{homedir as p}from"os";import{join as a}from"path";import{getErrorMessage as s}from"../errorUtils.js";import{logger as c}from"../logger/index.js";import{maskSensitiveOutput as l}from"@fjall/util";function u(n){return typeof n=="object"&&n!==null&&"apiKey"in n&&typeof n.apiKey=="string"}class e{apiKey;constructor(t){this.apiKey=t||null}setApiKey(t){this.apiKey=t}toObject(){return{apiKey:this.apiKey}}saveCredentials(){const t=e.directoryPath();r.mkdirSync(t,{recursive:!0,mode:448});const i=e.filePath(),o=`${i}.tmp`,d=JSON.stringify(this.toObject(),null,2);r.writeFileSync(o,d,{mode:384}),r.renameSync(o,i)}static directoryPath(){return a(p(),".fjall")}static filePath(){return a(e.directoryPath(),"auth.json")}static loadCredentials(){try{const t=e.loadCredentialFile();if(!t)return null;const i=JSON.parse(t),o=u(i)?i.apiKey:void 0;return new e(o)}catch(t){return c.warn("Credentials","Unable to parse credential file",{error:l(s(t))}),null}}static loadCredentialFile(){try{return r.accessSync(e.filePath(),r.constants.R_OK|r.constants.W_OK),r.readFileSync(e.filePath(),{encoding:"utf8"})}catch(t){return c.debug("Credentials","Could not read credentials file",{error:l(s(t))}),null}}}export{e as default};

package/bin/assets/src/util/api/FjallApiClient.d.ts

@@ -0,0 +1,33 @@
+import { type Result } from "../../types/Result.js";
+import type { ApiError } from "../../types/errors/ApiError.js";
+import { FjallApiClientResources } from "./FjallApiClientResources.js";
+import { type Entitlements, type OrganisationConfigResponse, type OrganisationConfigPayload, type MessageResponse, type GetIdentityResponse, type ConnectionStatusResponse, type RegisterQuickCreateResponse, type VerifyAwsAccountPayload, type VerifyAwsAccountResponse, type RegisterRepositoryPayload, type RegisterRepositoryResponse, type UpdateOrganisationMetadataPayload } from "./FjallApiClient.types.js";
+import type { ConnectionInfo } from "../../services/connect/types.js";
+export type { Entitlements } from "./FjallApiClient.types.js";
+export declare class FjallApiClient extends FjallApiClientResources {
+    /** In-memory cache for entitlements (per-client; CLI commands typically use a single client per invocation) */
+    private cachedEntitlements;
+    validateApiKey(verbose?: boolean): Promise<Result<boolean, ApiError>>;
+    getOrganisationConfig(): Promise<Result<OrganisationConfigResponse, ApiError>>;
+    putOrganisationConfig(payload: OrganisationConfigPayload): Promise<Result<{
+        success: boolean;
+        message: string;
+    }, ApiError>>;
+    markScaffolded(): Promise<Result<{
+        success: boolean;
+    }, ApiError>>;
+    updateOrganisationMetadata(organisationId: string, metadata: UpdateOrganisationMetadataPayload): Promise<Result<MessageResponse, ApiError>>;
+    getIdentity(): Promise<Result<GetIdentityResponse, ApiError>>;
+    getEntitlements(): Promise<Result<Entitlements, ApiError>>;
+    getOidcToken(accountId?: string, environment?: string): Promise<Result<{
+        token: string;
+    }, ApiError>>;
+    getConnectionStatus(externalId: string): Promise<Result<ConnectionStatusResponse, ApiError>>;
+    getConnectedAccounts(): Promise<Result<{
+        accounts: ConnectionInfo[];
+    }, ApiError>>;
+    registerQuickCreate(region?: string, environment?: string): Promise<Result<RegisterQuickCreateResponse, ApiError>>;
+    verifyAwsAccount(payload: VerifyAwsAccountPayload): Promise<Result<VerifyAwsAccountResponse, ApiError>>;
+    registerRepository(payload: RegisterRepositoryPayload): Promise<Result<RegisterRepositoryResponse, ApiError>>;
+    static fromCredentials(baseUrl?: string): FjallApiClient | null;
+}

package/bin/assets/src/util/api/FjallApiClient.js

@@ -0,0 +1 @@
+import{resolveApiKey as a}from"./resolveApiKey.js";import{success as n,failure as o}from"../../types/Result.js";import{logger as i}from"../logger/index.js";import{FjallApiClientResources as u}from"./FjallApiClientResources.js";class r extends u{cachedEntitlements=null;async validateApiKey(e=!1){const t="/api/applications";e&&(i.debug("API",`Making GET request to: ${this.baseUrl}${t}`),i.debug("API","Authorization header: Bearer ****"));const s=await this.apiRequest("get",t,void 0,{timeout:1e4});return e&&(s.success?i.debug("API","Response status: 200"):i.debug("API","Error occurred during API validation",{errorType:s.error.errorType,statusCode:s.error.statusCode,message:s.error.message})),s.success?n(!0):o(s.error)}async getOrganisationConfig(){return this.apiRequest("get","/api/organisation-config")}async putOrganisationConfig(e){return this.apiRequest("put","/api/organisation-config",e)}async markScaffolded(){return this.apiRequest("post","/api/organisations/mark-scaffolded")}async updateOrganisationMetadata(e,t){return this.apiRequest("put",`/api/organisations/${encodeURIComponent(e)}`,t)}async getIdentity(){return this.apiRequest("get","/api/identity")}async getEntitlements(){if(this.cachedEntitlements)return n(this.cachedEntitlements);const e=await this.apiRequest("get","/api/entitlements");return e.success&&(this.cachedEntitlements=e.data),e}async getOidcToken(e,t){return this.apiRequest("post","/api/oidc/token",{...e!==void 0&&{accountId:e},...t!==void 0&&{environment:t}})}async getConnectionStatus(e){return this.apiRequest("get",`/api/connections/status?externalId=${encodeURIComponent(e)}`)}async getConnectedAccounts(){return this.apiRequest("get","/api/connections/list")}async registerQuickCreate(e,t){return this.apiRequest("post","/api/connections/quick-create",{...e!==void 0&&{region:e},...t!==void 0&&{environment:t}})}async verifyAwsAccount(e){return this.apiRequest("post","/api/aws-accounts/verify",e)}async registerRepository(e){return this.apiRequest("post","/api/repositories/register",e)}static fromCredentials(e){const t=a();return t?new r(t,e):null}}export{r as FjallApiClient};

package/bin/assets/src/util/api/FjallApiClient.types.d.ts

@@ -0,0 +1,375 @@
+import type { ProviderAccount } from "@fjall/deploy-core";
+export declare const USER_AGENT: string;
+export declare const DEFAULT_TIMEOUT_MS = 30000;
+export declare const DEFAULT_BASE_URL: string;
+export interface DeviceCodeResponse {
+    deviceCode: string;
+    userCode: string;
+    verificationUri: string;
+    expiresIn: number;
+    interval: number;
+}
+export interface DeviceTokenResponse {
+    status: "pending" | "complete";
+    apiKey?: string;
+    organisationId?: string;
+    organisationName?: string;
+    email?: string;
+}
+export interface CreateApplicationPayload {
+    name: string;
+    description?: string;
+    template?: Array<{
+        path: string;
+        contents: string;
+    }>;
+}
+export interface CreateApplicationResponse {
+    application: {
+        id: string;
+        name: string;
+        description?: string;
+        organisationId: string;
+        createdAt: string;
+        updatedAt: string;
+    };
+    activity: {
+        id: string;
+        applicationId: string;
+        type: string;
+        data: Record<string, unknown>;
+        createdAt: string;
+    };
+}
+export interface CreateActivityPayload {
+    type: string;
+    data?: Record<string, unknown>;
+}
+export interface CreateActivityResponse {
+    activity: {
+        id: string;
+        applicationId: string;
+        type: string;
+        data: Record<string, unknown>;
+        createdAt: string;
+    };
+}
+export interface OrganisationConfigResponse {
+    primaryRegion: string | null;
+    secondaryRegions: string[];
+    disasterRecoveryRegion: string | null;
+    providerAccounts: ProviderAccount[];
+    ssoSessions: Record<string, {
+        ssoRegion: string;
+        ssoStartUrl: string;
+    }>;
+    rootOidcRoleArn: string | null;
+    allowCodemodLlmFallback: boolean;
+}
+export interface OrganisationConfigPayload {
+    primaryRegion?: string;
+    secondaryRegions?: string[];
+    disasterRecoveryRegion?: string;
+    providerAccounts?: ProviderAccount[];
+    ssoSessions?: Record<string, {
+        ssoRegion: string;
+        ssoStartUrl: string;
+    }>;
+    rootOidcRoleArn?: string;
+}
+export interface MessageResponse {
+    message: string;
+}
+/**
+ * Minimal application summary returned by `GET /api/applications`.
+ *
+ * Cross-repo shared contract — the webapp route
+ * `app/routes/api/applications/index.ts` returns this shape (plus extra
+ * Prisma fields we do not consume). If either surface drifts, the
+ * structural assertion in `__tests__/FjallApiClient.listApps.test.ts`
+ * fails at typecheck.
+ */
+export interface AppSummary {
+    id: string;
+    name: string;
+    vpcCidr: string | null;
+    connectedAwsAccountId: string | null;
+}
+export interface ListAppsResponse {
+    applications: AppSummary[];
+    nextCursor?: string;
+}
+export type { Entitlements } from "@fjall/deploy-core";
+export interface CreateTokenPayload {
+    name: string;
+    scopes: string[];
+    resourceConstraints?: {
+        applicationIds?: string[];
+        environmentNames?: string[];
+        accountIds?: string[];
+    };
+    expiresAt: string;
+    sourceTag?: string;
+}
+export interface CreateTokenResponse {
+    id: string;
+    token: string;
+    tokenPrefix: string;
+    name: string;
+    scopes: string[];
+    resourceConstraints: Record<string, unknown>;
+    sourceTag: string | null;
+    expiresAt: string;
+    organisationId: string;
+}
+export interface TokenSummary {
+    id: string;
+    name: string;
+    tokenPrefix: string;
+    scopes: string[];
+    resourceConstraints: Record<string, unknown>;
+    sourceTag: string | null;
+    expiresAt: string;
+    createdAt: string;
+    revokedAt: string | null;
+    revokedReason: string | null;
+    lastUsedAt: string | null;
+    usageCount: number;
+    deniedCount: number;
+    createdById: string;
+    createdBy: string | null;
+}
+export interface TokenListResponse {
+    tokens: TokenSummary[];
+}
+export interface TokenSelfResponse {
+    id: string;
+    kind: "scoped" | "legacy";
+    name?: string;
+    tokenPrefix?: string;
+    scopes: string[];
+    resourceConstraints?: Record<string, unknown>;
+    sourceTag?: string | null;
+    expiresAt?: string;
+    organisationId: string;
+}
+export interface TokenRevokeResponse {
+    ok: boolean;
+    message: string;
+}
+export interface AssetSummary {
+    id: string;
+    organizationId: string;
+    assetIdentifier: string;
+    name: string;
+    provider: string;
+    type: string;
+    region: string | null;
+    status: string;
+    iacStatus: string | null;
+    accountId: string | null;
+    applicationId: string | null;
+    estimatedMonthlyCost: string | null;
+    lastSeenAt: string | null;
+    _count?: {
+        complianceIssues: number;
+    };
+}
+export interface AssetDetail extends AssetSummary {
+    environment: string | null;
+    tags: Record<string, unknown> | null;
+    iacInfo: Record<string, unknown> | null;
+    assetCreatedAt: string | null;
+    assetModifiedAt: string | null;
+    createdAt: string;
+    updatedAt: string;
+}
+export interface ComplianceIssueSummary {
+    id: string;
+    ruleId: string;
+    title: string;
+    severity: string;
+    status: string;
+    detectedAt: string;
+    lastSeenAt: string;
+}
+export interface AssetListResponse {
+    assets: AssetSummary[];
+    nextCursor?: string;
+}
+export interface AssetDetailResponse {
+    asset: AssetDetail;
+}
+export interface AssetComplianceResponse {
+    issues: ComplianceIssueSummary[];
+}
+/**
+ * Costs response. Shape varies by mode (summary | forecast | breakdown | app).
+ * Consumers should serialise the full payload rather than access specific
+ * fields — the API is the source of truth for structure.
+ */
+export interface CostsResponse {
+    mode?: "summary" | "forecast" | "breakdown" | "app";
+    amount_usd?: number;
+    applicationId?: string;
+    days?: number;
+    forecastDays?: number;
+    breakdown?: Array<Record<string, unknown>>;
+    forecast?: Array<Record<string, unknown>>;
+    [key: string]: unknown;
+}
+export interface GetCostsQuery {
+    mode?: string;
+    applicationId?: string;
+    days?: number;
+    forecastDays?: number;
+}
+/**
+ * App metrics response. Rows-shaped array for most modes, object for
+ * summary. Extra fields are preserved for forward compatibility.
+ */
+export type AppMetricsResponse = Array<Record<string, unknown>> | {
+    mode?: "summary" | "requests" | "errors" | "latency";
+    rows?: Array<Record<string, unknown>>;
+    [key: string]: unknown;
+};
+export interface GetAppMetricsQuery {
+    mode?: string;
+    applicationId?: string;
+    hours?: number;
+    limit?: number;
+}
+export interface DeploymentSummary {
+    id: string;
+    status?: string;
+    startedAt?: string;
+    finishedAt?: string;
+    durationMs?: number;
+    commitSha?: string;
+    [key: string]: unknown;
+}
+export interface DeploymentCompareResponse {
+    deploymentA: DeploymentSummary;
+    deploymentB: DeploymentSummary;
+    metricDeltas?: Record<string, unknown> | null;
+    [key: string]: unknown;
+}
+export interface DeploymentAnalysisResponse {
+    deploymentId?: string;
+    summary?: string;
+    errors?: Array<Record<string, unknown>>;
+    warnings?: Array<Record<string, unknown>>;
+    [key: string]: unknown;
+}
+export interface ComplianceSuggestion {
+    ruleId?: string;
+    title?: string;
+    severity?: string;
+    suggestion?: string;
+    [key: string]: unknown;
+}
+export interface ComplianceSuggestionsResponse {
+    domain?: string;
+    suggestions?: ComplianceSuggestion[];
+    [key: string]: unknown;
+}
+export interface GetComplianceSuggestionsQuery {
+    domain: string;
+    applicationId?: string;
+    issueId?: string;
+}
+export interface CreateDeploymentPayload {
+    target: string;
+    deploymentType: string;
+    applicationId?: string;
+    connectedAwsAccountId?: string;
+    awsAccountId?: string;
+    source?: string;
+    commitSha?: string;
+    branch?: string;
+    operation?: "deploy" | "destroy";
+}
+export interface CreateDeploymentResponse {
+    deployment: {
+        id: string;
+        status: string;
+    };
+}
+export interface UpdateDeploymentStatusPayload {
+    status: string;
+    errorMessage?: string;
+}
+export interface ApplicationMetadataResource {
+    name: string;
+    arn: string;
+    type: "Compute" | "Database" | "Storage" | "Pattern";
+    metadata: Record<string, unknown>;
+}
+export interface UpdateApplicationMetadataPayload {
+    awsAccountId: string;
+    awsRegion: string;
+    monitoringRoleArn: string;
+    resources: ApplicationMetadataResource[];
+}
+export interface UpdateApplicationTemplateResource {
+    resource_type: string;
+    name: string;
+    stack_name: string;
+}
+export interface UpdateOrganisationMetadataPayload {
+    monitoringRoleArn?: string;
+    monitoringRoleExternalId?: string;
+    awsAccountId?: string;
+}
+export interface GetIdentityResponse {
+    organisationId: string;
+    organisationName: string;
+}
+export interface ConnectionStatusResponse {
+    status: "pending" | "active" | "scanning" | "error";
+    roleArn?: string;
+    accountId?: string;
+}
+export interface RegisterQuickCreateResponse {
+    quickCreateUrl: string;
+    externalId: string;
+}
+export interface VerifyAwsAccountPayload {
+    awsAccountId: string;
+    accountName: string;
+}
+export interface VerifyAwsAccountResponse {
+    success: boolean;
+    message: string;
+    account?: Record<string, unknown>;
+}
+export interface RegisterRepositoryPayload {
+    remoteUrl: string;
+    branch?: string;
+}
+export interface RegisterRepositoryResponse {
+    registered: boolean;
+    repository?: {
+        id: string;
+        fullName: string;
+        provider: string;
+        purpose: string;
+    };
+}
+export interface PatchApplicationConfigPathResponse {
+    application: {
+        id: string;
+        configPath: string;
+    };
+}
+export interface LinkApplicationRepositoryResponse {
+    application: {
+        id: string;
+        repositoryId: string;
+        configPath: string | null;
+        repository: {
+            fullName: string;
+            provider: string;
+        };
+    };
+}

package/bin/assets/src/util/api/FjallApiClient.types.js

@@ -0,0 +1 @@
+import{platform as e,arch as n}from"os";import r from"../../../package.json"with{type:"json"};const p=`fjall-cli/${r.version} node/${process.versions.node} ${e()}/${n()}`,i=3e4,o=process.env.FJALL_API_URL,c=o!==void 0&&o!==""?o:"https://fjall.io";export{c as DEFAULT_BASE_URL,i as DEFAULT_TIMEOUT_MS,p as USER_AGENT};

package/bin/assets/src/util/api/FjallApiClientBase.d.ts

@@ -0,0 +1,13 @@
+import { type AxiosRequestConfig } from "axios";
+import { type Result } from "../../types/Result.js";
+import { ApiError } from "../../types/errors/ApiError.js";
+export declare class FjallApiClientBase {
+    protected baseUrl: string;
+    protected apiKey: string;
+    constructor(apiKey: string, baseUrl?: string);
+    getBaseUrl(): string;
+    private getHeaders;
+    private extractResponseError;
+    private handleError;
+    protected apiRequest<T>(method: "get" | "post" | "put" | "patch" | "delete", endpoint: string, data?: unknown, config?: AxiosRequestConfig): Promise<Result<T, ApiError>>;
+}

package/bin/assets/src/util/api/FjallApiClientBase.js

@@ -0,0 +1 @@
+import a,{AxiosError as p}from"axios";import{maskSensitiveOutput as d}from"@fjall/util";import{success as f,failure as l}from"../../types/Result.js";import{ApiError as u}from"../../types/errors/ApiError.js";import{buildApiError as m}from"./FjallApiClientErrors.js";import{USER_AGENT as h,DEFAULT_TIMEOUT_MS as E,DEFAULT_BASE_URL as g}from"./FjallApiClient.types.js";class x{baseUrl;apiKey;constructor(t,r=g){this.apiKey=t,this.baseUrl=r}getBaseUrl(){return this.baseUrl}getHeaders(){return{"Content-Type":"application/json","User-Agent":h,Authorization:`Bearer ${this.apiKey}`}}extractResponseError(t){const r=t.response?.data;if(typeof r!="object"||r===null||!("error"in r))return;const e=r.error;if(typeof e=="string")return e;if(typeof e=="object"&&e!==null&&"message"in e&&typeof e.message=="string")return e.message;if("message"in r&&typeof r.message=="string")return r.message}handleError(t,r){if(t instanceof p){if(t.response?.status===401){const e=this.extractResponseError(t),s=e!==void 0?d(e):void 0;return new u(s??"Invalid API key or unauthorised","not_authenticated",r,401,t)}if(t.response?.status===403){const e=this.extractResponseError(t),s=e!==void 0?d(e):void 0;return new u(s??"Permission denied","permission_denied",r,403,t)}if(t.response?.status===404){const e=this.extractResponseError(t),s=e!==void 0?d(e):void 0,n=t.config?.method?.toUpperCase()??"UNKNOWN",o=t.config?.url?new URL(t.config.url,"http://localhost").pathname:"unknown";return new u(`Resource not found: ${n} ${o}${s?` - ${s}`:""}`,"not_found",r,404,t)}if(t.response?.status===409){const e=this.extractResponseError(t),s=e!==void 0?d(e):void 0;return new u(s??"Resource already exists","conflict",r,409,t)}if(t.response?.status===429){const e=t.response.headers?.["retry-after"],s=e!=null?parseInt(String(e),10):NaN,n=Number.isFinite(s)&&s>=0?s:void 0;return new u(`Rate limited. Please try again${n!==void 0?` in ${n}s`:" later"}.`,"rate_limited",r,429,t,!0,n)}}return m(t,r,this.baseUrl)}async apiRequest(t,r,e,s){try{const n=`${this.baseUrl}${r}`,o={...s,timeout:s?.timeout??E,headers:{...this.getHeaders(),...s?.headers}};let i;switch(t){case"get":i=await a.get(n,o);break;case"post":i=await a.post(n,e,o);break;case"put":i=await a.put(n,e,o);break;case"patch":i=await a.patch(n,e,o);break;case"delete":i=await a.delete(n,{...o,...e!==void 0&&{data:e}});break;default:{const c=t;throw new Error(`Unsupported HTTP method: ${c}`)}}return f(i.data)}catch(n){return l(this.handleError(n,r))}}}export{x as FjallApiClientBase};

package/bin/assets/src/util/api/FjallApiClientDeviceCode.d.ts

@@ -0,0 +1,13 @@
+import { type Result } from "../../types/Result.js";
+import type { ApiError } from "../../types/errors/ApiError.js";
+import { type DeviceCodeResponse, type DeviceTokenResponse } from "./FjallApiClient.types.js";
+/**
+ * Initiate a device-code authentication flow.
+ * Standalone because no API key exists yet at this point.
+ */
+export declare function initiateDeviceCode(baseUrl?: string): Promise<Result<DeviceCodeResponse, ApiError>>;
+/**
+ * Poll for device-code token completion.
+ * Standalone because no API key exists yet at this point.
+ */
+export declare function pollDeviceToken(deviceCode: string, baseUrl?: string): Promise<Result<DeviceTokenResponse, ApiError>>;

package/bin/assets/src/util/api/FjallApiClientDeviceCode.js

@@ -0,0 +1 @@
+import i from"axios";import{success as s,failure as a}from"../../types/Result.js";import{USER_AGENT as c,DEFAULT_TIMEOUT_MS as p,DEFAULT_BASE_URL as d}from"./FjallApiClient.types.js";import{buildApiError as u}from"./FjallApiClientErrors.js";async function f(r){const o=r??d,t="/api/device/code";try{const e=await i.post(`${o}${t}`,{},{timeout:p,headers:{"Content-Type":"application/json","User-Agent":c}});return s(e.data)}catch(e){return a(u(e,t,o))}}async function A(r,o){const t=o??d,e="/api/device/token";try{const n=await i.post(`${t}${e}`,{deviceCode:r},{timeout:p,headers:{"Content-Type":"application/json","User-Agent":c}});return s(n.data)}catch(n){return a(u(n,e,t))}}export{f as initiateDeviceCode,A as pollDeviceToken};

package/bin/assets/src/util/api/FjallApiClientErrors.d.ts

@@ -0,0 +1,5 @@
+import { ApiError } from "../../types/errors/ApiError.js";
+/**
+ * Shared error handling for both authenticated and unauthenticated API requests.
+ */
+export declare function buildApiError(err: unknown, endpoint: string, baseUrl: string): ApiError;

package/bin/assets/src/util/api/FjallApiClientErrors.js

@@ -0,0 +1 @@
+import{AxiosError as u}from"axios";import{ApiError as o}from"../../types/errors/ApiError.js";import{getErrorMessage as A}from"../errorUtils.js";import{maskSensitiveOutput as a}from"@fjall/util";const E=2e3;function c(e){const s=a(JSON.stringify(e));return s.length>E?s.slice(0,E)+"\u2026":s}function m(e,s,n){if(e instanceof u){const r=a(e.message);if(e.response?.status&&e.response.status>=500)return new o(`Server error: ${r}${e.response?.data?` - ${c(e.response.data)}`:""}`,"server_error",s,e.response.status,e);const i=["ECONNREFUSED","ETIMEDOUT","ECONNABORTED","ENETUNREACH","EHOSTUNREACH"];if(e.code&&i.includes(e.code)){let t;switch(e.code){case"ECONNREFUSED":t=`Cannot connect to API server at ${n}. Is the server running?`;break;case"ETIMEDOUT":case"ECONNABORTED":t=`Connection timeout to ${n}. Please check your network connection.`;break;case"ENETUNREACH":case"EHOSTUNREACH":t=`Network unreachable. Cannot connect to ${n}.`;break;default:t=`Network error: Cannot connect to API server at ${n}`}return new o(t,"network_error",s,void 0,e,!0)}return e.response?.data?new o(`API request failed: ${r} - ${c(e.response.data)}`,"api_error",s,e.response?.status,e):new o(`API request failed: ${r}`,"api_error",s,e.response?.status,e)}return new o(`Unexpected error: ${a(A(e))}`,"unknown",s)}export{m as buildApiError};

package/bin/assets/src/util/api/FjallApiClientResources.d.ts

@@ -0,0 +1,45 @@
+import { type Result } from "../../types/Result.js";
+import type { ApiError } from "../../types/errors/ApiError.js";
+import { FjallApiClientBase } from "./FjallApiClientBase.js";
+import { type DeploymentProgressEvent } from "../deploymentEvents.js";
+import { type CreateApplicationPayload, type CreateApplicationResponse, type CreateActivityPayload, type CreateActivityResponse, type MessageResponse, type CreateTokenPayload, type CreateTokenResponse, type TokenSummary, type TokenListResponse, type TokenSelfResponse, type TokenRevokeResponse, type AssetListResponse, type AssetDetailResponse, type AssetComplianceResponse, type CostsResponse, type GetCostsQuery, type AppMetricsResponse, type GetAppMetricsQuery, type DeploymentCompareResponse, type DeploymentAnalysisResponse, type ComplianceSuggestionsResponse, type GetComplianceSuggestionsQuery, type AppSummary, type CreateDeploymentPayload, type CreateDeploymentResponse, type UpdateDeploymentStatusPayload, type UpdateApplicationMetadataPayload, type UpdateApplicationTemplateResource, type PatchApplicationConfigPathResponse, type LinkApplicationRepositoryResponse } from "./FjallApiClient.types.js";
+export declare class FjallApiClientResources extends FjallApiClientBase {
+    createApplication(payload: CreateApplicationPayload): Promise<Result<CreateApplicationResponse, ApiError>>;
+    createActivity(applicationId: string, payload: CreateActivityPayload): Promise<Result<CreateActivityResponse, ApiError>>;
+    getApplicationByName(name: string): Promise<Result<{
+        application: AppSummary;
+    }, ApiError>>;
+    getApplicationsByAccountIds(ids: string[]): Promise<Result<AppSummary[], ApiError>>;
+    getApplication(applicationId: string): Promise<Result<{
+        application: Record<string, unknown>;
+    }, ApiError>>;
+    updateApplicationMetadata(applicationId: string, metadata: UpdateApplicationMetadataPayload): Promise<Result<MessageResponse, ApiError>>;
+    updateApplicationTemplate(applicationId: string, template: string, resources: UpdateApplicationTemplateResource[]): Promise<Result<MessageResponse, ApiError>>;
+    listApps(): Promise<Result<AppSummary[], ApiError>>;
+    patchApplicationConfigPath(applicationId: string, configPath: string): Promise<Result<PatchApplicationConfigPathResponse, ApiError>>;
+    linkApplicationRepository(applicationId: string, repositoryId: string, configPath?: string): Promise<Result<LinkApplicationRepositoryResponse, ApiError>>;
+    createDeployment(payload: CreateDeploymentPayload): Promise<Result<CreateDeploymentResponse, ApiError>>;
+    updateDeploymentStatus(deploymentId: string, payload: UpdateDeploymentStatusPayload): Promise<Result<{
+        success: boolean;
+    }, ApiError>>;
+    pushDeploymentEvents(deploymentId: string, events: DeploymentProgressEvent[]): Promise<Result<{
+        received: number;
+    }, ApiError>>;
+    compareDeployments(deploymentIdA: string, deploymentIdB: string): Promise<Result<DeploymentCompareResponse, ApiError>>;
+    getDeploymentAnalysis(deploymentId: string): Promise<Result<DeploymentAnalysisResponse, ApiError>>;
+    createToken(payload: CreateTokenPayload): Promise<Result<CreateTokenResponse, ApiError>>;
+    listTokens(): Promise<Result<TokenListResponse, ApiError>>;
+    getToken(id: string): Promise<Result<TokenSummary, ApiError>>;
+    getSelfToken(): Promise<Result<TokenSelfResponse, ApiError>>;
+    revokeToken(id: string, reason?: string): Promise<Result<TokenRevokeResponse, ApiError>>;
+    listAssets(options?: {
+        cursor?: string;
+        take?: number;
+        includeDeleted?: boolean;
+    }): Promise<Result<AssetListResponse, ApiError>>;
+    getAsset(assetId: string): Promise<Result<AssetDetailResponse, ApiError>>;
+    getAssetCompliance(assetId: string): Promise<Result<AssetComplianceResponse, ApiError>>;
+    getCosts(query: GetCostsQuery): Promise<Result<CostsResponse, ApiError>>;
+    getAppMetrics(query: GetAppMetricsQuery): Promise<Result<AppMetricsResponse, ApiError>>;
+    getComplianceSuggestions(query: GetComplianceSuggestionsQuery): Promise<Result<ComplianceSuggestionsResponse, ApiError>>;
+}

package/bin/assets/src/util/api/FjallApiClientResources.js

@@ -0,0 +1 @@
+import{success as o,failure as p}from"../../types/Result.js";import{logger as u}from"../logger/index.js";import{FjallApiClientBase as d}from"./FjallApiClientBase.js";const a="/api/applications",i="/api/tokens";function n(c,e){const t=`/api/applications/${encodeURIComponent(c)}`;return e?`${t}/${e}`:t}class h extends d{async createApplication(e){return this.apiRequest("post",a,e)}async createActivity(e,t){return this.apiRequest("post",n(e,"activity"),t)}async getApplicationByName(e){return this.apiRequest("get",`${a}?name=${encodeURIComponent(e)}`)}async getApplicationsByAccountIds(e){const t=new URLSearchParams({accountIds:e.join(",")}),s=await this.apiRequest("get",`${a}?${t.toString()}`);return s.success?o(s.data.applications):p(s.error)}async getApplication(e){return this.apiRequest("get",n(e))}async updateApplicationMetadata(e,t){const s=n(e,"metadata");return u.debug("API",`PUT ${this.baseUrl}${s}`),this.apiRequest("put",s,t)}async updateApplicationTemplate(e,t,s){return this.apiRequest("put",n(e,"template"),{template:t,resources:s})}async listApps(){const e=await this.apiRequest("get",a);return e.success?o(e.data.applications):p(e.error)}async patchApplicationConfigPath(e,t){return this.apiRequest("patch",n(e),{configPath:t})}async linkApplicationRepository(e,t,s){return this.apiRequest("put",n(e,"repository"),{repositoryId:t,...s!==void 0&&{configPath:s}})}async createDeployment(e){return this.apiRequest("post","/api/deployments",{target:e.target,deploymentType:e.deploymentType,...e.applicationId!==void 0&&{applicationId:e.applicationId},...e.connectedAwsAccountId!==void 0&&{connectedAwsAccountId:e.connectedAwsAccountId},...e.awsAccountId!==void 0&&{awsAccountId:e.awsAccountId},...e.source!==void 0&&{source:e.source},...e.commitSha!==void 0&&{commitSha:e.commitSha},...e.branch!==void 0&&{branch:e.branch},...e.operation!==void 0&&{operation:e.operation}})}async updateDeploymentStatus(e,t){return this.apiRequest("put",`/api/deployments/${encodeURIComponent(e)}/status`,{status:t.status,...t.errorMessage!==void 0&&{errorMessage:t.errorMessage}})}async pushDeploymentEvents(e,t){return this.apiRequest("post",`/api/deployments/${encodeURIComponent(e)}/events`,{events:t})}async compareDeployments(e,t){const s=new URLSearchParams({deploymentIdA:e,deploymentIdB:t});return this.apiRequest("get",`/api/deployments/compare?${s.toString()}`)}async getDeploymentAnalysis(e){return this.apiRequest("get",`/api/deployments/${encodeURIComponent(e)}/analyse`)}async createToken(e){return this.apiRequest("post",i,e)}async listTokens(){return this.apiRequest("get",i)}async getToken(e){return this.apiRequest("get",`${i}/${encodeURIComponent(e)}`)}async getSelfToken(){return this.apiRequest("get",`${i}/self`)}async revokeToken(e,t){return this.apiRequest("delete",`${i}/${encodeURIComponent(e)}`,t!==void 0?{reason:t}:void 0)}async listAssets(e){const t=new URLSearchParams;e?.cursor&&t.set("cursor",e.cursor),e?.take!==void 0&&t.set("take",String(e.take)),e?.includeDeleted&&t.set("includeDeleted","true");const s=t.toString(),r=`/api/assets${s?`?${s}`:""}`;return this.apiRequest("get",r)}async getAsset(e){return this.apiRequest("get",`/api/assets/${encodeURIComponent(e)}`)}async getAssetCompliance(e){return this.apiRequest("get",`/api/assets/${encodeURIComponent(e)}/compliance`)}async getCosts(e){const t=new URLSearchParams;e.mode&&t.set("mode",e.mode),e.applicationId&&t.set("applicationId",e.applicationId),e.days!==void 0&&t.set("days",String(e.days)),e.forecastDays!==void 0&&t.set("forecastDays",String(e.forecastDays));const s=t.toString();return this.apiRequest("get",`/api/costs${s?`?${s}`:""}`)}async getAppMetrics(e){const t=new URLSearchParams;e.mode&&t.set("mode",e.mode),e.applicationId&&t.set("applicationId",e.applicationId),e.hours!==void 0&&t.set("hours",String(e.hours)),e.limit!==void 0&&t.set("limit",String(e.limit));const s=t.toString();return this.apiRequest("get",`/api/app-metrics${s?`?${s}`:""}`)}async getComplianceSuggestions(e){const t=new URLSearchParams({domain:e.domain});return e.applicationId&&t.set("applicationId",e.applicationId),e.issueId&&t.set("issueId",e.issueId),this.apiRequest("get",`/api/compliance/suggestions?${t.toString()}`)}}export{h as FjallApiClientResources};

package/bin/assets/src/util/api/index.d.ts

@@ -0,0 +1,7 @@
+export { FjallApiClient } from "./FjallApiClient.js";
+export type { DeviceCodeResponse, DeviceTokenResponse, Entitlements, CreateApplicationPayload, CreateApplicationResponse, CreateActivityPayload, CreateActivityResponse, OrganisationConfigResponse, OrganisationConfigPayload, MessageResponse } from "./FjallApiClient.types.js";
+export { default as Credentials } from "./Credentials.js";
+export { resolveApiKey } from "./resolveApiKey.js";
+export { buildApiError } from "./FjallApiClientErrors.js";
+export { initiateDeviceCode, pollDeviceToken } from "./FjallApiClientDeviceCode.js";
+export { notifyScaffoldComplete } from "./scaffoldNotification.js";

package/bin/assets/src/util/api/index.js

@@ -0,0 +1 @@
+import{FjallApiClient as r}from"./FjallApiClient.js";import{default as i}from"./Credentials.js";import{resolveApiKey as p}from"./resolveApiKey.js";import{buildApiError as m}from"./FjallApiClientErrors.js";import{initiateDeviceCode as x,pollDeviceToken as d}from"./FjallApiClientDeviceCode.js";import{notifyScaffoldComplete as C}from"./scaffoldNotification.js";export{i as Credentials,r as FjallApiClient,m as buildApiError,x as initiateDeviceCode,C as notifyScaffoldComplete,d as pollDeviceToken,p as resolveApiKey};

package/bin/assets/src/util/api/resolveApiKey.d.ts

@@ -0,0 +1 @@
+export declare function resolveApiKey(): string | undefined;

package/bin/assets/src/util/api/resolveApiKey.js

@@ -0,0 +1 @@
+import r from"./Credentials.js";function t(){const e=process.env.FJALL_API_KEY;if(e)return e;const n=r.loadCredentials();if(n?.apiKey)return n.apiKey}export{t as resolveApiKey};

package/bin/assets/src/util/api/scaffoldNotification.d.ts

@@ -0,0 +1,2 @@
+/** Best-effort notification that account scaffolding is complete. */
+export declare function notifyScaffoldComplete(): Promise<void>;