viza 1.7.26 → 1.7.30

package/dist/src/cli/program.js

@@ -8,6 +8,7 @@ import { registerAwsCommand } from "../commands/aws/register.js";
 import { registerInfraCommand } from "../commands/infra/register.js";
 import { registerAgeCommand } from "../commands/age/register.js";
 import { registerBillingCommand } from "../commands/billing/register.js";
+import { registerGithubCommand } from "../commands/github/register.js";
 export function createProgram() {
     const program = new Command();
     program
@@ -19,6 +20,7 @@ export function createProgram() {
     registerAwsCommand(program);
     registerBillingCommand(program);
     registerBootstrapCommand(program);
+    registerGithubCommand(program);
     registerInfraCommand(program);
     registerLoginCommand(program);
     program

package/dist/src/commands/github/register.js

@@ -0,0 +1,7 @@
+import { registerGithubSecretsCommand } from "./secrets/register.js";
+export function registerGithubCommand(program) {
+    const github = program
+        .command("github")
+        .description("GitHub operations");
+    registerGithubSecretsCommand(github);
+}

package/dist/src/commands/github/secrets/backup/backup.js

@@ -0,0 +1,57 @@
+import { resolveEnv } from "../../../../context/env.js";
+import { resolveResourceHubIntent } from "../../../../context/hubIntent.js";
+import { dispatchIntentAndWait } from "../../../../core/dispatch.js";
+/**
+ * Target teams for `viza login aws`.
+ * This is a CLI-only UX constraint for fail-fast validation.
+ * NOT a policy and MUST NOT be sent to gateway.
+ */
+const TARGET_TEAMS = {
+    "dev": [
+        "viza-super"
+    ],
+    "prod": [
+        "viza-super"
+    ]
+};
+/**
+ * viza github secrets backup
+ *
+ * Flow:
+ * 1) Resolve env (deterministic)
+ * 2) Resolve user identity (trusted via gh auth)
+ * 3) CLI pre-check against target teams (fail-fast UX)
+ * 4) Derive ONE valid team (deterministic)
+ * 5) Dispatch frozen intent to gateway
+ */
+export async function backupGithubSecretsCommand(options) {
+    // 1) Resolve environment
+    const env = resolveEnv(options);
+    const intent = resolveResourceHubIntent(env);
+    // Resolve allowed teams
+    // - Dispatch mode: restrict by targetEnv
+    // - Status mode: allow union of all env teams (read-only query)
+    const allowedTeams = options.status === true && env === "dev"
+        ? Array.from(new Set([
+            ...TARGET_TEAMS.dev,
+            ...TARGET_TEAMS.prod,
+        ]))
+        : TARGET_TEAMS[env];
+    // 5) Dispatch intent (freeze)
+    await dispatchIntentAndWait({
+        intent,
+        commandType: "github.secrets.backup",
+        infraKey: "core",
+        targetEnv: env,
+        allowedTeams,
+        selfHosted: options.selfHosted === true,
+        keepLog: options.removeLog !== true,
+        flowGates: {
+            secrets: true,
+        },
+        payload: {}
+    }, {
+        status: options.status === true,
+        log: "show",
+    });
+}

package/dist/src/commands/github/secrets/backup/register.js

@@ -0,0 +1,17 @@
+import { backupGithubSecretsCommand } from "./backup.js";
+import { getResolvedOptions } from "../../../../cli/resolveOptions.js";
+/**
+ * Register:
+ * viza github secrets backup
+ */
+export function registerGithubSecretsBackupCommand(program) {
+    program
+        .command("backup")
+        .description("Backup GitHub secrets and environment variables to AWS SSM")
+        .option("--prod", "Use production environment")
+        .option("--dev", "Use development environment")
+        .action(async (_opts, command) => {
+        const fullOpts = getResolvedOptions(command);
+        await backupGithubSecretsCommand(fullOpts);
+    });
+}

package/dist/src/commands/github/secrets/register.js

@@ -0,0 +1,9 @@
+import { registerGithubSecretsBackupCommand } from "./backup/register.js";
+import { registerGithubSecretsRestoreCommand } from "./restore/register.js";
+export function registerGithubSecretsCommand(github) {
+    const secrets = github
+        .command("secrets")
+        .description("GitHub secrets management");
+    registerGithubSecretsBackupCommand(secrets);
+    registerGithubSecretsRestoreCommand(secrets);
+}

package/dist/src/commands/github/secrets/restore/register.js

@@ -0,0 +1,17 @@
+import { restoreGithubSecretsCommand } from "./restore.js";
+import { getResolvedOptions } from "../../../../cli/resolveOptions.js";
+/**
+ * Register:
+ * viza github secrets restore
+ */
+export function registerGithubSecretsRestoreCommand(program) {
+    program
+        .command("restore")
+        .description("Restore GitHub secrets and environment variables to AWS SSM")
+        .option("--prod", "Use production environment")
+        .option("--dev", "Use development environment")
+        .action(async (_opts, command) => {
+        const fullOpts = getResolvedOptions(command);
+        await restoreGithubSecretsCommand(fullOpts);
+    });
+}

package/dist/src/commands/github/secrets/restore/restore.js

@@ -0,0 +1,57 @@
+import { resolveEnv } from "../../../../context/env.js";
+import { resolveResourceHubIntent } from "../../../../context/hubIntent.js";
+import { dispatchIntentAndWait } from "../../../../core/dispatch.js";
+/**
+ * Target teams for `viza login aws`.
+ * This is a CLI-only UX constraint for fail-fast validation.
+ * NOT a policy and MUST NOT be sent to gateway.
+ */
+const TARGET_TEAMS = {
+    "dev": [
+        "viza-super"
+    ],
+    "prod": [
+        "viza-super"
+    ]
+};
+/**
+ * viza github secrets restore
+ *
+ * Flow:
+ * 1) Resolve env (deterministic)
+ * 2) Resolve user identity (trusted via gh auth)
+ * 3) CLI pre-check against target teams (fail-fast UX)
+ * 4) Derive ONE valid team (deterministic)
+ * 5) Dispatch frozen intent to gateway
+ */
+export async function restoreGithubSecretsCommand(options) {
+    // 1) Resolve environment
+    const env = resolveEnv(options);
+    const intent = resolveResourceHubIntent(env);
+    // Resolve allowed teams
+    // - Dispatch mode: restrict by targetEnv
+    // - Status mode: allow union of all env teams (read-only query)
+    const allowedTeams = options.status === true && env === "dev"
+        ? Array.from(new Set([
+            ...TARGET_TEAMS.dev,
+            ...TARGET_TEAMS.prod,
+        ]))
+        : TARGET_TEAMS[env];
+    // 5) Dispatch intent (freeze)
+    await dispatchIntentAndWait({
+        intent,
+        commandType: "github.secrets.restore",
+        infraKey: "core",
+        targetEnv: env,
+        allowedTeams,
+        selfHosted: options.selfHosted === true,
+        keepLog: options.removeLog !== true,
+        flowGates: {
+            secrets: true,
+        },
+        payload: {}
+    }, {
+        status: options.status === true,
+        log: "show",
+    });
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "viza",
-  "version": "1.7.26",
+  "version": "1.7.30",
   "type": "module",
   "description": "Viza unified command line interface",
   "bin": {
@@ -17,7 +17,7 @@
     "release:full": "rm -rf dist && npx npm-check-updates -u && npm install && git add package.json package-lock.json && git commit -m 'chore(deps): auto update dependencies before release' || echo 'No changes' && node versioning.js && npm login && npm publish --tag latest --access public && git push"
   },
   "dependencies": {
-    "@vizamodo/viza-dispatcher": "^1.5.18",
+    "@vizamodo/viza-dispatcher": "^1.5.19",
     "adm-zip": "^0.5.16",
     "chalk": "^5.6.2",
     "clipboardy": "^5.3.1",
@@ -29,7 +29,7 @@
   "devDependencies": {
     "@types/adm-zip": "^0.5.7",
     "@types/figlet": "^1.7.0",
-    "@types/node": "^25.3.5",
+    "@types/node": "^25.4.0",
     "@types/prompts": "^2.4.9",
     "ts-node": "^10.9.2",
     "typescript": "^5.9.3"