Merge pull request #90 from superluminar-io/feat/chatbot-integration

Feat/chatbot integration

Author: skomp

.github/dependabot.yml

@@ -5,19 +5,19 @@
 
 version: 2
 updates:
-  - package-ecosystem: "npm" # See documentation for possible values
-    directory: "/" # Location of package manifests
+  - package-ecosystem: 'npm' # See documentation for possible values
+    directory: '/' # Location of package manifests
     schedule:
-      interval: "weekly"
+      interval: 'weekly'
     groups:
       all-npm-dependencies:
         patterns:
-          - "*"
-  - package-ecosystem: "github-actions"
-    directory: "/"
+          - '*'
+  - package-ecosystem: 'github-actions'
+    directory: '/'
     schedule:
-      interval: "weekly"
+      interval: 'weekly'
     groups:
       all-actions:
         patterns:
-          - "*"
+          - '*'

.github/workflows/lint-and-test.yml

@@ -49,4 +49,3 @@ jobs:
             🚦 **Test run complete**
             - Status: ${{ job.status }}
             - Commit: `${{ github.sha }}`
-

.github/workflows/publish-on-tag.yml

@@ -16,23 +16,23 @@ jobs:
   publish:
     runs-on: ubuntu-latest
     permissions:
-      contents: write   # create GitHub Release
-      id-token: write   # npm provenance (optional but recommended)
-      actions: write    # softprops/action-gh-release
+      contents: write # create GitHub Release
+      id-token: write # npm provenance (optional but recommended)
+      actions: write # softprops/action-gh-release
     steps:
       - name: Checkout tag
         uses: actions/checkout@v6
         with:
           fetch-depth: 0
-          ref: "refs/tags/${{ github.event.inputs.version }}"
+          ref: 'refs/tags/${{ github.event.inputs.version }}'
 
       - name: Setup Node
         uses: actions/setup-node@v6
         with:
-          node-version: "24"
-          registry-url: "https://registry.npmjs.org"
+          node-version: '24'
+          registry-url: 'https://registry.npmjs.org'
           cache: npm
- 
+
       - name: Update npm
         run: npm install -g npm@latest
 
@@ -45,7 +45,7 @@ jobs:
       - name: Test
         run: npm test
 
-      - name: "Sanity check: tag matches package.json version"
+      - name: 'Sanity check: tag matches package.json version'
         run: |
           set -euo pipefail
           VERSION="$(node -p "require('./package.json').version")"
@@ -69,6 +69,5 @@ jobs:
       - name: Create GitHub Release
         uses: softprops/action-gh-release@v2
         with:
-          tag_name: "v${{ github.event.inputs.version }}"
+          tag_name: 'v${{ github.event.inputs.version }}'
           generate_release_notes: true
-

.github/workflows/release-pr.yml

@@ -4,7 +4,7 @@ on:
   workflow_dispatch:
     inputs:
       bump:
-        description: "Version bump type"
+        description: 'Version bump type'
         type: choice
         required: true
         options: [patch, minor, major]
@@ -28,7 +28,7 @@ jobs:
 
       - uses: actions/setup-node@v6
         with:
-          node-version: "24"
+          node-version: '24'
           cache: npm
 
       - name: Configure git
@@ -50,12 +50,11 @@ jobs:
           token: ${{ secrets.GITHUB_TOKEN }}
           branch: release/v${{ steps.bump.outputs.version }}
           base: main
-          title: "chore(release): v${{ steps.bump.outputs.version }}"
+          title: 'chore(release): v${{ steps.bump.outputs.version }}'
           body: |
             Automated release PR.
 
             - Bump: `${{ inputs.bump }}`
             - Version: `v${{ steps.bump.outputs.version }}`
           labels: release
           draft: always-true
-

.github/workflows/tag-on-main.yml

@@ -52,7 +52,6 @@ jobs:
           git push origin "$TAG"
           echo "created=true" >> "$GITHUB_OUTPUT"
 
-
       - name: Invoke workflow without inputs
         uses: benc-uk/workflow-dispatch@v1
         if: steps.tag.outputs.created == 'true'

AGENTS.md

@@ -0,0 +1,12 @@
+# AGENTS.md - Updates and Operations Log
+
+## Updates Performed:
+
+- **Inspection:** Reviewed CDK stack code for SNS->SQS subscriptions and analyzed policies for PendingConfirmation cases.
+- **Search Operations:** Verified for misconfigured protocols or cross-account settings involving wrong Source/Principals.
+- **Condition & Mismatch Evaluations:** Examined TopicPolicy and SQS-queue properties for elements like SourceArn, AWS regions.
+- Implemented fixes to support these operational misconfigs in ./Budget-Stack modules.
+- **Custom resource fixes (SNS↔SQS subscription):** Updated the `subscribe-sqs` provider Lambda to unsubscribe on CloudFormation `Delete` using `event.Data.SubscriptionArn`, and adjusted Jest tests to avoid brittle `SNSClient.mock.instances` usage by injecting a shared `sendMock`.
+- **SQS queue policy fix:** Updated the aggregation queue resource policy `aws:SourceArn` construction to match real SNS topic ARNs (avoids `ArnFormat.NO_RESOURCE_NAME` generating `arn:...:sns:region:*:budget-alerts`, which can leave subscriptions in PendingConfirmation).
+- **Tests:** Ran `npm test --silent` successfully (10/10 suites, 68/68 tests, 4/4 snapshots).
+- **Lint:** `npm run lint` currently times out in this environment (needs follow-up).

CONTRIBUTING.md

@@ -34,25 +34,25 @@ test/
 
 **🚫 DO NOT violate these rules. This project depends heavily on predictability.**
 
-### 1. The *planner* is pure and deterministic
+### 1. The _planner_ is pure and deterministic
 
 All modules in `lib/planner/` MUST:
 
-* contain **no AWS SDK calls**
-* avoid reading the filesystem
-* avoid environment access
-* avoid time-based behavior
-* avoid randomization
+- contain **no AWS SDK calls**
+- avoid reading the filesystem
+- avoid environment access
+- avoid time-based behavior
+- avoid randomization
 
 They must take **inputs → outputs** and be fully testable.
 
 ### 2. No business logic in CDK constructs
 
 `budget-alerts-stack.ts` must only:
 
-* evaluate planner results
-* wire CDK constructs and StackSets
-* pass validated data to resources
+- evaluate planner results
+- wire CDK constructs and StackSets
+- pass validated data to resources
 
 ### 3. Validation is performed **before** CDK synthesis
 
@@ -62,8 +62,8 @@ They must take **inputs → outputs** and be fully testable.
 
 In particular:
 
-* TypeScript sources must compile cleanly via `npm run build`
-* No hard-coded organization ID
+- TypeScript sources must compile cleanly via `npm run build`
+- No hard-coded organization ID
   (this is resolved dynamically via the custom resource)
 
 ### 5. No test-breaking rewrites
@@ -117,10 +117,10 @@ npm test
 
 Tests focus on:
 
-* Organizational Unit tree building
-* Effective budget calculation
-* Homogeneous subtree detection
-* Stack attachment selection
+- Organizational Unit tree building
+- Effective budget calculation
+- Homogeneous subtree detection
+- Stack attachment selection
 
 The entire planner layer is fully unit-testable.
 
@@ -155,58 +155,58 @@ npx budget-alerts-init-config
 
 # 🧬 Making Changes
 
-## 1. Planner logic (lib/planner/*)
+## 1. Planner logic (lib/planner/\*)
 
 Changes must:
 
-* be **pure functions**
-* include **unit tests** for new behaviors
-* avoid dependencies outside the planner folder
-* receive architectural approval if changing core algorithm flow
+- be **pure functions**
+- include **unit tests** for new behaviors
+- avoid dependencies outside the planner folder
+- receive architectural approval if changing core algorithm flow
 
 ## 2. Organization loader (org-loader.ts)
 
 Allowed:
 
-* Using AWS SDK v3
-* Querying Organizations API
-* Returning normalized OU nodes
+- Using AWS SDK v3
+- Querying Organizations API
+- Returning normalized OU nodes
 
 Not allowed:
 
-* Writing planner logic here
-* Modifying planner output logic in this layer
+- Writing planner logic here
+- Modifying planner output logic in this layer
 
 ## 3. Budget config loader (budget-config-loader.ts)
 
 Allowed:
 
-* YAML parsing
-* YAML comment round-tripping
-* Validation
-* Synchronization logic
+- YAML parsing
+- YAML comment round-tripping
+- Validation
+- Synchronization logic
 
 Not allowed:
 
-* Introducing side effects that would break determinism
-* Moving org-structure-dependent logic into the config loader
+- Introducing side effects that would break determinism
+- Moving org-structure-dependent logic into the config loader
 
 ## 4. CDK stack (budget-alerts-stack.ts)
 
 Allowed:
 
-* Mapping planner outputs to StackSets
-* Adding CloudFormation resources
-* Creating custom resources
-* Wiring permissions
-* Adding future IAM boundaries or service integrations
+- Mapping planner outputs to StackSets
+- Adding CloudFormation resources
+- Creating custom resources
+- Wiring permissions
+- Adding future IAM boundaries or service integrations
 
 Not allowed:
 
-* Planner logic
-* Config merging logic
-* Introducing account-specific assumptions
-* Hard-coding organization IDs
+- Planner logic
+- Config merging logic
+- Introducing account-specific assumptions
+- Hard-coding organization IDs
 
 ---
 
@@ -244,41 +244,41 @@ npm publish --access public
 
 # 🗂 Branching Strategy
 
-* `main` → always stable, publishable
-* `dev` or feature branches → active development
-* PRs must include tests when affecting planner or validation logic
+- `main` → always stable, publishable
+- `dev` or feature branches → active development
+- PRs must include tests when affecting planner or validation logic
 
 ---
 
 # 🧾 Pull Request Requirements
 
 Every PR must include:
 
-* [ ] Clear description of the change
-* [ ] Unit tests for new or changed planner behavior
-* [ ] No breaking changes unless discussed
-* [ ] No architectural violations
-* [ ] Maintains npm package status
-* [ ] Does not remove or bypass existing validation
+- [ ] Clear description of the change
+- [ ] Unit tests for new or changed planner behavior
+- [ ] No breaking changes unless discussed
+- [ ] No architectural violations
+- [ ] Maintains npm package status
+- [ ] Does not remove or bypass existing validation
 
 ---
 
 # 🛑 Anti-Patterns (Do Not Do This)
 
-* ❌ Adding AWS calls into planner logic
-* ❌ Running unmocked AWS calls in unit tests
-* ❌ Stubbing away planner logic to make tests pass
-* ❌ Hard-coding Organization IDs or account numbers
-* ❌ Adding features without documentation
-* ❌ Rewriting module architecture without explicit approval
+- ❌ Adding AWS calls into planner logic
+- ❌ Running unmocked AWS calls in unit tests
+- ❌ Stubbing away planner logic to make tests pass
+- ❌ Hard-coding Organization IDs or account numbers
+- ❌ Adding features without documentation
+- ❌ Rewriting module architecture without explicit approval
 
 ---
 
 # 🧠 Design Principles Summary
 
-* **Strong separation** of planner, config I/O, org discovery, and CDK stack
-* **Predictability** and **determinism** in every planner function
-* **Minimal customer boilerplate**
-* **Pure functional planning logic**
-* **Safe deployment via service-managed StackSets**
-* **Config as the single source of truth**
+- **Strong separation** of planner, config I/O, org discovery, and CDK stack
+- **Predictability** and **determinism** in every planner function
+- **Minimal customer boilerplate**
+- **Pure functional planning logic**
+- **Safe deployment via service-managed StackSets**
+- **Config as the single source of truth**