spec-07: Infrastructure-as-Code language support#92
Merged
Conversation
Add ingestion for six IaC ecosystems — Terraform/HCL, Kubernetes, Helm, CloudFormation, Ansible, and Pulumi — projected onto the existing FunctionNode/CallEdge/ClassNode graph primitives so orient, search_code, get_subgraph, and analyze_impact answer infrastructure blast-radius questions with zero MCP-tool or schema changes (edge direction is dependent → dependency; two additive EdgeKind values: references, depends_on). - src/core/analyzer/iac/: normalized resource graph + single projector, per-ecosystem parsers, and classifyYaml content disambiguation. - Terraform uses a hand-rolled pure-JS HCL scanner (no native dependency). - Discovery: detectLanguage handles .tf/.tfvars/.tf.json; ambiguous YAML/JSON routes through classifyYaml + chart-dir detection in the analyze pipeline. - IaC projection pass wired into CallGraphBuilder.build(). - Co-located tests + fixtures (fixtures excluded from tsconfig/eslint). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…refs, Helm values, Pulumi Go, Ansible static-loop includes) - Terraform: resolve refs to resource types without an underscore (emit candidate, projector drops if unresolved); structural *.tf.json parsing. - Helm: resolve .Values.x references to the longest matching values.yaml key, adding value-key nodes and template→value edges. - Pulumi: detect Go programs (github.com/pulumi/pulumi-*, pkg.NewService(ctx, "name", ...)) alongside TS/JS/Python via a shared emit path. - Ansible: resolve a templated include backed by a static loop/with_items list to each literal item; fully dynamic targets remain dropped by design. - Tests + fixtures for every follow-up; docs/iac.md and spec log updated. CDK/CDKTF remain intentionally out of scope per the spec contract. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Keeps the working tree in sync with the branch: the 1MB npm-pack tarball is a build artifact (now gitignored, not committed), and the spec-08 prompt doc is tracked so it stays versioned alongside the repo. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Detect CDK and CDKTF construct instantiations over existing TS/JS/Python/Go
source (new CDK / CDKTF language tags), distinguished from Pulumi by the
construct shape: scope is the first arg, logical id the second
(new s3.Bucket(this, "id", ...)). Go jsii.String("id") ids are unwrapped.
Resources project onto the same graph primitives; reference edges link a
construct to other constructs referenced in its args. SCIP maps the new tags
to UnspecifiedLanguage; the manifest languages[] picks them up automatically.
Adds cdk.ts + cdk.test.ts with TS/CDKTF/Python/Go fixtures; updates docs.
Extends spec-07 beyond its original CDK/CDKTF deferral at maintainer request.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds ingestion for six Infrastructure-as-Code ecosystems in one PR —
Terraform/HCL, Kubernetes, Helm, CloudFormation, Ansible, and Pulumi —
projected onto OpenLore's existing graph primitives.
(
IacResource/IacReference/IacModule) is produced per ecosystem and asingle projector maps it onto
FunctionNode/CallEdge/ClassNode. Edgedirection is dependent → dependency, so depth-1 callers of a node =
blast radius (
analyze_impact), fanOut = what it needs. The only schematouch is additive: two new
EdgeKindvalues (references,depends_on).orient,search_code,get_subgraph,analyze_impact, the SCIP export,and the spec-05 federation manifest all work on IaC unchanged (manifest
languages[]picks up IaC tags automatically; SCIP maps them toUnspecifiedLanguage).pure-JS HCL scanner (rationale:
tree-sitter-hclis a native addon andextraction only needs block boundaries + dotted-reference detection). The
existing
yamldependency covers K8s/CFN/Helm/Ansible.terraform plan, no Helm render, no Ansible run,no cloud calls, no external CLI required.
src/core/analyzer/iac/, mirroringsrc/core/scip/. See docs/iac.md.Discovery
detectLanguagemaps.tf/.tfvars/.tf.json→ Terraform. Ambiguous.yaml/.yml/.jsonroute through a small pureclassifyYaml(path, content)plus chart-directory detection in the analyze pipeline. Unsure →
unknown(generic CI/compose/app config is never misclassified).
Follow-ups (
TODO(spec-07-followup))*.tf.json..Values.x→values.yamlkey resolution.Test plan
classify-yamltable test (incl. generic YAML → null)CallGraphBuilder(graph tools unchanged)npm run lint/typecheck/test:run(2865 pass) /buildall green🤖 Generated with Claude Code