Conversation
Phase 11 of the provider-parity plan. Cognito now writes a provider-neutral migration package alongside the existing loose-CSV output. - New \`src/providers/cognito/package-exporter.ts\` orchestrates the package output. Handles user-pool, connection, and none org strategies; defaults to user-pool (one WorkOS org per Cognito user pool). Federated/JIT users (userStatus=EXTERNAL_PROVIDER) are skipped by default in package mode. - SSO handoff reuses \`src/sso/handoff.js\` to emit canonical \`sso/saml_connections.csv\`, \`sso/oidc_connections.csv\`, \`sso/custom_attribute_mappings.csv\`, and \`sso/proxy_routes.csv\`. Raw provider snapshots land under \`raw/cognito-providers.jsonl\`. - \`workos_upload/\` projection is written from the same source IDs as the package files. When the connection org strategy is used, memberships drop to a header-only file with a structured warning so importers know not to expect membership rows. - CognitoClient gains \`exportPackage()\` while keeping the existing \`exportEntities()\` flow untouched. \`export-cognito\` CLI grows \`--package\` and \`--org-strategy\` flags; loose mode (the previous default) still produces \`workos_saml_connections.csv\`, \`workos_oidc_connections.csv\`, \`custom_attribute_mappings.csv\`, and \`workos_users.csv\`. - Tests cover federated user skipping, manifest generation, SAML/OIDC handoff, custom attribute mapping, and the connection org strategy warning path. - README documents the package flow and points at \`import-package\`.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Phase 11 of the provider-parity execution plan. Cognito now writes a provider-neutral migration package alongside the existing loose-CSV output.
src/providers/cognito/package-exporter.tsorchestrates the package output. Handlesuser-pool,connection, andnoneorg strategies (default:user-pool— one WorkOS org per Cognito user pool). Federated/JIT users are skipped by default in package mode.sso/saml_connections.csv,sso/oidc_connections.csv,sso/custom_attribute_mappings.csv, andsso/proxy_routes.csv. Raw provider snapshots land underraw/cognito-providers.jsonl.workos_upload/projection is written from the same source IDs as the package files. Connection org strategy emits header-only memberships with a structured warning.CognitoClient.exportPackage()is the new entry point;exportEntities()is unchanged.export-cognitoCLI gains--packageand--org-strategy; the legacy loose-CSV mode still producesworkos_saml_connections.csv,workos_oidc_connections.csv,custom_attribute_mappings.csv, andworkos_users.csv.import-package.Test Plan
npm run lintnpm run format:checknpm run typechecknpm run buildnpm test— 272 passing across 24 suites.🤖 Generated with Claude Code