viza 1.6.32 → 1.6.35

package/dist/src/cli/program.js

@@ -6,6 +6,7 @@ import { registerBootstrapCommand } from "../commands/bootstrap/register.js";
 import { whoamiCommand } from "../commands/whoami/index.js";
 import { registerAwsCommand } from "../commands/aws/register.js";
 import { registerInfraCommand } from "../commands/infra/register.js";
+import { registerAgeCommand } from "../commands/age/register.js";
 export function createProgram() {
     const program = new Command();
     program
@@ -17,6 +18,7 @@ export function createProgram() {
     registerLoginCommand(program);
     registerAwsCommand(program);
     registerInfraCommand(program);
+    registerAgeCommand(program);
     program
         .command("whoami")
         .description("Show current GitHub identity and Viza team memberships (local only)")

package/dist/src/commands/age/bootstrap/bootstrap.js

@@ -0,0 +1,59 @@
+import { resolveEnv } from "../../../context/env.js";
+import { resolveResourceHubIntent } from "../../../context/hubIntent.js";
+import { dispatchIntentAndWait } from "../../../core/dispatch.js";
+/**
+ * Target teams for `viza login aws`.
+ * This is a CLI-only UX constraint for fail-fast validation.
+ * NOT a policy and MUST NOT be sent to gateway.
+ */
+const TARGET_TEAMS = {
+    "dev": [
+        "viza-admin",
+        "viza-super"
+    ],
+    "prod": [
+        "viza-admin",
+        "viza-super"
+    ]
+};
+/**
+ * viza login aws
+ *
+ * Flow:
+ * 1) Resolve env (deterministic)
+ * 2) Resolve user identity (trusted via gh auth)
+ * 3) CLI pre-check against target teams (fail-fast UX)
+ * 4) Derive ONE valid team (deterministic)
+ * 5) Dispatch frozen intent to gateway
+ */
+export async function bootstrapAgeCommand(options) {
+    // 1) Resolve environment
+    const env = resolveEnv(options);
+    const intent = resolveResourceHubIntent(env);
+    // Resolve allowed teams
+    // - Dispatch mode: restrict by targetEnv
+    // - Status mode: allow union of all env teams (read-only query)
+    const allowedTeams = options.status === true && env === "dev"
+        ? Array.from(new Set([
+            ...TARGET_TEAMS.dev,
+            ...TARGET_TEAMS.prod,
+        ]))
+        : TARGET_TEAMS[env];
+    // 5) Dispatch intent (freeze)
+    await dispatchIntentAndWait({
+        intent,
+        commandType: "age.bootstrap",
+        infraKey: "core",
+        targetEnv: env,
+        allowedTeams,
+        selfHosted: options.selfHosted === true,
+        keepLog: options.removeLog !== true,
+        flowGates: {
+            secrets: true,
+        },
+        payload: {}
+    }, {
+        status: options.status === true,
+        log: "show",
+    });
+}

package/dist/src/commands/age/bootstrap/register.js

@@ -0,0 +1,19 @@
+import { bootstrapAgeCommand } from "./bootstrap.js";
+import { getResolvedOptions } from "../../../cli/resolveOptions.js";
+/**
+ * Register:
+ * viza age bootstrap
+ */
+export function registerAgeBootstrapCommand(program) {
+    program
+        .command("age")
+        .description("Age (encryption) related commands")
+        .command("bootstrap")
+        .description("Bootstrap MASTER HUB age keypair")
+        .option("--prod", "Use production environment")
+        .option("--dev", "Use development environment")
+        .action(async (_opts, command) => {
+        const fullOpts = getResolvedOptions(command);
+        await bootstrapAgeCommand(fullOpts);
+    });
+}

package/dist/src/commands/age/register.js

@@ -0,0 +1,4 @@
+import { registerAgeBootstrapCommand } from "./bootstrap/register.js";
+export function registerAgeCommand(program) {
+    registerAgeBootstrapCommand(program);
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "viza",
-  "version": "1.6.32",
+  "version": "1.6.35",
   "type": "module",
   "description": "Viza unified command line interface",
   "bin": {