@digitraffic/common 2026.4.20-2 → 2026.4.21-1

package/dist/__test__/infra/sqs-queue.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/__test__/infra/sqs-queue.test.js

@@ -0,0 +1,169 @@
+import { Writable } from "node:stream";
+import vm from "node:vm";
+import { describe, expect, test } from "vitest";
+// Import from the internal module directly — these helpers are intentionally
+// not exported from sqs-queue.ts to keep the public API surface clean.
+import { getDlqCode, sanitizeS3BucketName, } from "../../aws/infra/sqs-queue-internal.js";
+import { DtLogger } from "../../aws/runtime/dt-logger.js";
+describe("sqs-queue", () => {
+    test("getDlqCode generates valid JavaScript", () => {
+        const inlineCode = getDlqCode("test-bucket");
+        // InlineCode stores the code in the `code` property
+        const code = 
+        // biome-ignore lint/suspicious/noExplicitAny: accessing internal CDK property for testing
+        inlineCode.code ??
+            // biome-ignore lint/suspicious/noExplicitAny: accessing internal CDK property for testing
+            inlineCode.inlineCode;
+        expect(code).toBeDefined();
+        expect(typeof code).toBe("string");
+        // verify bucket name was substituted
+        expect(code).toContain("test-bucket");
+        expect(code).not.toContain("__bucketName__");
+        expect(code).not.toContain("__upload__");
+        expect(code).not.toContain("__handler__");
+        // verify it's valid CJS (no import/export statements, uses require/exports)
+        expect(code).toContain("require(");
+        expect(code).toContain("exports.handler");
+        expect(code).not.toMatch(/^import /m);
+        // evaluate in a vm context with stubbed require/exports and verify
+        // exports.handler is actually defined as a function after execution
+        const exports = {};
+        const stubRequire = (mod) => {
+            if (mod === "@aws-sdk/client-s3") {
+                return {
+                    PutObjectCommand: class {
+                    },
+                    S3Client: class {
+                    },
+                };
+            }
+            throw new Error(`Unexpected require: ${mod}`);
+        };
+        const context = vm.createContext({
+            require: stubRequire,
+            exports,
+            console,
+            process,
+        });
+        vm.runInContext(code, context);
+        // biome-ignore lint/complexity/useLiteralKeys: Record<string, unknown> requires bracket notation for noPropertyAccessFromIndexSignature
+        expect(typeof exports["handler"]).toBe("function");
+    });
+    test("inline logger emits same JSON keys as DtLogger.error", () => {
+        // Capture DtLogger.error output
+        const dtLoggerLines = [];
+        const stream = new Writable({
+            write(chunk, _encoding, callback) {
+                dtLoggerLines.push(chunk.toString());
+                callback();
+            },
+        });
+        const dtLogger = new DtLogger({
+            lambdaName: "test-lambda",
+            runTime: "test-runtime",
+            writeStream: stream,
+        });
+        dtLogger.error({
+            method: "s3.uploadToS3",
+            message: "upload failed to bucket test-bucket",
+        });
+        const dtLoggerOutput = JSON.parse(dtLoggerLines[0]);
+        // Capture inline DLQ logger output
+        const inlineCode = getDlqCode("test-bucket");
+        const code = 
+        // biome-ignore lint/suspicious/noExplicitAny: accessing internal CDK property for testing
+        inlineCode.code ??
+            // biome-ignore lint/suspicious/noExplicitAny: accessing internal CDK property for testing
+            inlineCode.inlineCode;
+        const inlineLoggerLines = [];
+        const stubProcess = {
+            env: {
+                AWS_LAMBDA_FUNCTION_NAME: "test-lambda",
+                AWS_EXECUTION_ENV: "test-runtime",
+            },
+            stdout: {
+                write: (line) => {
+                    inlineLoggerLines.push(line);
+                },
+            },
+        };
+        const stubExports = {};
+        const stubRequire = (mod) => {
+            if (mod === "@aws-sdk/client-s3") {
+                return { PutObjectCommand: class {
+                    }, S3Client: class {
+                    } };
+            }
+            throw new Error(`Unexpected require: ${mod}`);
+        };
+        const context = vm.createContext({
+            require: stubRequire,
+            exports: stubExports,
+            console,
+            process: stubProcess,
+            JSON,
+        });
+        vm.runInContext(code, context);
+        // Call the inline logger.error with the same input
+        vm.runInContext(`logger.error({ method: "s3.uploadToS3", message: "upload failed to bucket test-bucket" })`, context);
+        const inlineOutput = JSON.parse(inlineLoggerLines[0]);
+        // The inline logger must have the same keys that DtLogger produces
+        const dtKeys = new Set(Object.keys(dtLoggerOutput));
+        const inlineKeys = new Set(Object.keys(inlineOutput));
+        for (const key of dtKeys) {
+            expect(inlineKeys, `inline logger missing key "${key}" that DtLogger emits`).toContain(key);
+        }
+        // Verify key field values match
+        // biome-ignore lint/complexity/useLiteralKeys: Record<string, unknown> requires bracket notation for noPropertyAccessFromIndexSignature
+        expect(inlineOutput["level"]).toBe(dtLoggerOutput["level"]);
+        // biome-ignore lint/complexity/useLiteralKeys: Record<string, unknown> requires bracket notation for noPropertyAccessFromIndexSignature
+        expect(inlineOutput["lambdaName"]).toBe(dtLoggerOutput["lambdaName"]);
+        // biome-ignore lint/complexity/useLiteralKeys: Record<string, unknown> requires bracket notation for noPropertyAccessFromIndexSignature
+        expect(inlineOutput["runtime"]).toBe(dtLoggerOutput["runtime"]);
+        // biome-ignore lint/complexity/useLiteralKeys: Record<string, unknown> requires bracket notation for noPropertyAccessFromIndexSignature
+        expect(inlineOutput["method"]).toBe(dtLoggerOutput["method"]);
+    });
+});
+describe("sanitizeS3BucketName", () => {
+    test("returns lowercase alphanumeric name unchanged", () => {
+        expect(sanitizeS3BucketName("my-bucket-name")).toBe("my-bucket-name");
+    });
+    test("replaces invalid characters with hyphens", () => {
+        expect(sanitizeS3BucketName("My_Bucket.Name")).toBe("my-bucket-name");
+    });
+    test("collapses consecutive hyphens", () => {
+        expect(sanitizeS3BucketName("my---bucket")).toBe("my-bucket");
+    });
+    test("trims leading and trailing hyphens", () => {
+        expect(sanitizeS3BucketName("-my-bucket-")).toBe("my-bucket");
+        expect(sanitizeS3BucketName("__name__")).toBe("name");
+    });
+    test("short names are not truncated", () => {
+        const name = "a".repeat(63);
+        expect(sanitizeS3BucketName(name)).toBe(name);
+        expect(sanitizeS3BucketName(name)).toHaveLength(63);
+    });
+    test("long names are truncated with hash suffix", () => {
+        const name = "a".repeat(100);
+        const result = sanitizeS3BucketName(name);
+        expect(result.length).toBeLessThanOrEqual(63);
+        expect(result).toMatch(/^[a-z0-9][a-z0-9-]*[a-z0-9]$/);
+    });
+    test("different long names produce different bucket names", () => {
+        const name1 = `${"a".repeat(50)}-stack-one-dlq`;
+        const name2 = `${"a".repeat(50)}-stack-two-dlq`;
+        const result1 = sanitizeS3BucketName(name1);
+        const result2 = sanitizeS3BucketName(name2);
+        expect(result1).not.toBe(result2);
+        expect(result1.length).toBeLessThanOrEqual(63);
+        expect(result2.length).toBeLessThanOrEqual(63);
+    });
+    test("result never starts or ends with hyphen", () => {
+        const longWithHyphens = `-${"a-b".repeat(30)}-`;
+        const result = sanitizeS3BucketName(longWithHyphens);
+        expect(result).not.toMatch(/^-/);
+        expect(result).not.toMatch(/-$/);
+        expect(result.length).toBeLessThanOrEqual(63);
+    });
+});
+//# sourceMappingURL=sqs-queue.test.js.map

package/dist/aws/infra/sqs-queue-internal.d.ts

@@ -0,0 +1,10 @@
+import { InlineCode } from "aws-cdk-lib/aws-lambda";
+/**
+ * Sanitize a string into a valid S3 bucket name.
+ * S3 bucket names must be 3–63 characters, lowercase alphanumeric or hyphens,
+ * and must start and end with an alphanumeric character.
+ * When truncation is needed, a stable SHA-256 hash suffix is appended so that
+ * distinct input names don't collide after being cut to 63 characters.
+ */
+export declare function sanitizeS3BucketName(name: string): string;
+export declare function getDlqCode(bucketName: string): InlineCode;

package/dist/aws/infra/sqs-queue-internal.js

@@ -0,0 +1,97 @@
+/**
+ * Internal helpers for DLQ lambda code generation and S3 bucket name sanitization.
+ *
+ * This module is intentionally separate from sqs-queue.ts so that these functions
+ * are NOT part of the public API surface of the package (sqs-queue.ts is listed in
+ * package.json "exports", this file is not). Tests import from here directly.
+ */
+import { createHash } from "node:crypto";
+import { PutObjectCommand, S3Client } from "@aws-sdk/client-s3";
+import { InlineCode } from "aws-cdk-lib/aws-lambda";
+import { logger } from "../runtime/dt-logger-default.js";
+// CJS format is intentional: CDK InlineCode creates index.js, which Node.js treats as CJS.
+// ESM would require Code.fromAsset with an .mjs file or a bundled NodejsFunction.
+const DLQ_LAMBDA_CODE = `
+const { PutObjectCommand, S3Client } = require("@aws-sdk/client-s3");
+
+// Minimal logger that emits the same JSON schema as DtLogger so that
+// existing log parsing and CloudWatch alarms keep working.
+const lambdaName = process.env.AWS_LAMBDA_FUNCTION_NAME || "unknown lambda name";
+const runtime = process.env.AWS_EXECUTION_ENV || "unknown runtime";
+const logger = {
+  error: (msg) => {
+    const message = msg.method ? msg.method + " " + (msg.message || "") : msg.message || "";
+    process.stdout.write(JSON.stringify({ ...msg, message, level: "ERROR", lambdaName, runtime }) + "\\n");
+  }
+};
+
+const bucketName = "__bucketName__";
+
+__upload__
+
+__handler__
+
+exports.handler = handler;
+`;
+const S3_BUCKET_NAME_MAX_LENGTH = 63;
+const HASH_SUFFIX_LENGTH = 8;
+/**
+ * Sanitize a string into a valid S3 bucket name.
+ * S3 bucket names must be 3–63 characters, lowercase alphanumeric or hyphens,
+ * and must start and end with an alphanumeric character.
+ * When truncation is needed, a stable SHA-256 hash suffix is appended so that
+ * distinct input names don't collide after being cut to 63 characters.
+ */
+export function sanitizeS3BucketName(name) {
+    const sanitized = name
+        .toLowerCase()
+        .replace(/[^a-z0-9-]/g, "-")
+        .replace(/-+/g, "-")
+        .replace(/^-|-$/g, "");
+    if (sanitized.length <= S3_BUCKET_NAME_MAX_LENGTH) {
+        return sanitized;
+    }
+    const hash = createHash("sha256")
+        .update(name)
+        .digest("hex")
+        .substring(0, HASH_SUFFIX_LENGTH);
+    const maxPrefixLength = S3_BUCKET_NAME_MAX_LENGTH - HASH_SUFFIX_LENGTH - 1;
+    const prefix = sanitized.substring(0, maxPrefixLength).replace(/-$/, "");
+    return `${prefix}-${hash}`;
+}
+export function getDlqCode(bucketName) {
+    const functionBody = DLQ_LAMBDA_CODE.replace("__bucketName__", bucketName)
+        .replace("__upload__", uploadToS3.toString())
+        .replace("__handler__", createHandler().toString());
+    return new InlineCode(functionBody);
+}
+async function uploadToS3(s3, bucketName, body, objectName, cannedAcl, contentType) {
+    const command = new PutObjectCommand({
+        Bucket: bucketName,
+        Key: objectName,
+        Body: body,
+        ACL: cannedAcl,
+        ContentType: contentType,
+    });
+    try {
+        await s3.send(command);
+    }
+    catch (_error) {
+        logger.error({
+            method: "s3.uploadToS3",
+            message: `upload failed to bucket ${bucketName}`,
+        });
+    }
+}
+// bucketName is unused, will be overridden in the actual lambda code below
+const bucketName = "";
+function createHandler() {
+    return async function handler(event) {
+        const millis = Date.now();
+        const s3 = new S3Client({});
+        await Promise.all(event.Records.map((e, idx) => {
+            return uploadToS3(s3, bucketName, e.body, `dlq-${millis}-${idx}.json`);
+        }));
+    };
+}
+//# sourceMappingURL=sqs-queue-internal.js.map

package/dist/aws/infra/sqs-queue.js

@@ -1,28 +1,17 @@
-import { PutObjectCommand, S3Client } from "@aws-sdk/client-s3";
 import { Duration } from "aws-cdk-lib";
 import { ComparisonOperator, TreatMissingData, } from "aws-cdk-lib/aws-cloudwatch";
 import { SnsAction } from "aws-cdk-lib/aws-cloudwatch-actions";
 import { PolicyStatement } from "aws-cdk-lib/aws-iam";
-import { InlineCode, Runtime } from "aws-cdk-lib/aws-lambda";
+import { Runtime } from "aws-cdk-lib/aws-lambda";
 import { SqsEventSource } from "aws-cdk-lib/aws-lambda-event-sources";
 import { BlockPublicAccess, Bucket } from "aws-cdk-lib/aws-s3";
 import { Queue, QueueEncryption } from "aws-cdk-lib/aws-sqs";
-import { logger } from "../runtime/dt-logger-default.js";
+// getDlqCode and sanitizeS3BucketName live in a separate internal module so they
+// are not part of the public API surface exported from this package.
+// Tests can import them directly from sqs-queue-internal.ts.
+import { getDlqCode, sanitizeS3BucketName } from "./sqs-queue-internal.js";
 import { createLambdaLogGroup } from "./stack/lambda-log-group.js";
 import { MonitoredFunction } from "./stack/monitoredfunction.js";
-const DLQ_LAMBDA_CODE = `
-import type { ObjectCannedACL } from "@aws-sdk/client-s3";
-import { PutObjectCommand, S3Client } from "@aws-sdk/client-s3";
-import { type NodeJsRuntimeStreamingBlobPayloadInputTypes } from "@smithy/types";
-import { logger } from "./dt-logger-default.mjs";
-
-
-const bucketName = "__bucketName__";
-
-__upload__
-
-exports.handler = async (event) => __handler__
-`;
 /**
  * Construct for creating SQS-queues.
  *
@@ -66,6 +55,7 @@ export const DigitrafficDLQueue = {
             encryption: QueueEncryption.KMS_MANAGED,
         });
         const dlqBucket = new Bucket(stack, `${dlqName}-Bucket`, {
+            bucketName: sanitizeS3BucketName(`${stack.stackName}-${dlqName}`),
             blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
         });
         const dlqLogGroup = createLambdaLogGroup({
@@ -107,39 +97,4 @@ function addDLQAlarm(stack, dlqName, dlq) {
     })
         .addAlarmAction(new SnsAction(stack.warningTopic));
 }
-function getDlqCode(Bucket) {
-    const functionBody = DLQ_LAMBDA_CODE.replace("__bucketName__", Bucket)
-        .replace("__upload__", uploadToS3.toString())
-        .replace("__handler__", createHandler().toString().substring(23)); // remove function handler() from signature
-    return new InlineCode(functionBody);
-}
-async function uploadToS3(s3, bucketName, body, objectName, cannedAcl, contentType) {
-    const command = new PutObjectCommand({
-        Bucket: bucketName,
-        Key: objectName,
-        Body: body,
-        ACL: cannedAcl,
-        ContentType: contentType,
-    });
-    try {
-        await s3.send(command);
-    }
-    catch (_error) {
-        logger.error({
-            method: "s3.uploadToS3",
-            message: `upload failed to bucket ${bucketName}`,
-        });
-    }
-}
-// bucketName is unused, will be overridden in the actual lambda code below
-const bucketName = "";
-function createHandler() {
-    return async function handler(event) {
-        const millis = Date.now();
-        const s3 = new S3Client({});
-        await Promise.all(event.Records.map((e, idx) => {
-            return uploadToS3(s3, bucketName, e.body, `dlq-${millis}-${idx}.json`);
-        }));
-    };
-}
 //# sourceMappingURL=sqs-queue.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@digitraffic/common",
-  "version": "2026.4.20-2",
+  "version": "2026.4.21-1",
   "private": false,
   "description": "",
   "repository": {