@fjall/deploy-core 0.89.4 → 0.89.6

package/dist/src/services/infrastructure/CdkProcessManager.js

@@ -2,8 +2,8 @@ import { spawn } from "child_process";
 import { existsSync } from "fs";
 import { join } from "path";
 import { createRequire } from "module";
-import { filterDangerousEnvVars, maskSensitiveOutput } from "../../util/securityHelpers.js";
-import { logger } from "@fjall/util";
+import { logger } from "@fjall/util/logger";
+import { filterDangerousEnvVars, maskSensitiveOutput } from "@fjall/util";
 import { success, failure } from "@fjall/generator";
 import { getErrorMessage } from "@fjall/util";
 /**
@@ -17,8 +17,8 @@ function getCdkBinaryPath() {
         const cdkEntry = require.resolve("aws-cdk/bin/cdk");
         return { command: process.execPath, prefixArgs: [cdkEntry] };
     }
-    catch {
-        logger.debug("CdkService", "Failed to resolve aws-cdk binary, falling back to npx");
+    catch (err) {
+        logger.debug("CdkService", "Failed to resolve aws-cdk binary, falling back to npx", { error: err instanceof Error ? err.message : String(err) });
         return { command: "npx", prefixArgs: ["cdk"] };
     }
 }
@@ -29,28 +29,36 @@ export class CdkProcessManager {
     runningProcesses = new Map();
     processCounter = 0;
     argBuilder;
+    exitHandler;
+    sigintHandler;
+    sigtermHandler;
     constructor(argBuilder) {
         this.argBuilder = argBuilder;
-        // Register cleanup handlers
-        process.on("exit", () => this.cleanup());
-        process.on("SIGINT", () => {
+        // Register cleanup handlers (stored for deregistration)
+        this.exitHandler = () => this.cleanup();
+        this.sigintHandler = () => {
             this.cleanup();
             process.exit(130);
-        });
-        process.on("SIGTERM", () => {
+        };
+        this.sigtermHandler = () => {
             this.cleanup();
             process.exit(143);
-        });
+        };
+        process.on("exit", this.exitHandler);
+        process.on("SIGINT", this.sigintHandler);
+        process.on("SIGTERM", this.sigtermHandler);
     }
     forceKillProcess(child) {
         child.stdout?.destroy();
         child.stderr?.destroy();
         child.kill("SIGTERM");
-        setTimeout(() => {
+        const killTimer = setTimeout(() => {
             if (child.exitCode === null) {
                 child.kill("SIGKILL");
             }
         }, SIGKILL_GRACE_PERIOD_MS);
+        killTimer.unref();
+        child.once("exit", () => clearTimeout(killTimer));
     }
     cleanup() {
         for (const [_name, child] of this.runningProcesses) {
@@ -62,6 +70,12 @@ export class CdkProcessManager {
         }
         this.runningProcesses.clear();
     }
+    dispose() {
+        this.cleanup();
+        process.removeListener("exit", this.exitHandler);
+        process.removeListener("SIGINT", this.sigintHandler);
+        process.removeListener("SIGTERM", this.sigtermHandler);
+    }
     async runCdkCommandPassthrough(workingDir, args, options) {
         return new Promise((resolve) => {
             if (!existsSync(workingDir)) {
@@ -85,25 +99,38 @@ export class CdkProcessManager {
                 shell: false,
                 detached: false
             });
+            if (!child.pid) {
+                child.on("error", (err) => {
+                    logger.debug("CdkProcess", "Spawn error on failed child process", {
+                        error: err.message
+                    });
+                });
+                resolve(failure(`Failed to spawn CDK process - no PID. cwd=${workingDir}, args=${fullArgs.join(" ")}`));
+                return;
+            }
             // Track process for cleanup
-            const processId = `cdk-passthrough-${Date.now()}`;
+            const processId = `cdk-passthrough-${++this.processCounter}`;
             this.runningProcesses.set(processId, child);
+            let processKilled = false;
+            let settled = false;
             // Timeout to prevent indefinite hangs (default 30 minutes, matching deploy)
-            let timeoutHandle;
-            if (options?.timeout) {
-                const timeout = options.timeout;
-                timeoutHandle = setTimeout(() => {
-                    if (!child.killed) {
-                        this.forceKillProcess(child);
-                        this.runningProcesses.delete(processId);
-                        resolve(failure(`CDK command timed out after ${Math.floor(timeout / 60000)} minutes`));
-                    }
-                }, timeout);
-            }
+            const timeoutMs = options?.timeout ?? 30 * 60 * 1000;
+            const timeoutHandle = setTimeout(() => {
+                if (!child.killed) {
+                    processKilled = true;
+                    this.forceKillProcess(child);
+                }
+            }, timeoutMs);
             child.on("close", (code) => {
-                if (timeoutHandle)
-                    clearTimeout(timeoutHandle);
+                clearTimeout(timeoutHandle);
                 this.runningProcesses.delete(processId);
+                if (settled)
+                    return;
+                settled = true;
+                if (processKilled) {
+                    resolve(failure("CDK command timed out"));
+                    return;
+                }
                 if (code === 0 || options?.ignoreExitCode) {
                     resolve(success({ exitCode: code || 0 }));
                 }
@@ -112,9 +139,11 @@ export class CdkProcessManager {
                 }
             });
             child.on("error", (err) => {
-                if (timeoutHandle)
-                    clearTimeout(timeoutHandle);
+                clearTimeout(timeoutHandle);
                 this.runningProcesses.delete(processId);
+                if (settled || processKilled)
+                    return;
+                settled = true;
                 resolve(failure(`Failed to run CDK command: ${err.message}`));
             });
         });
@@ -161,8 +190,10 @@ export class CdkProcessManager {
                 // CRITICAL: Attach error handler to prevent uncaught exception
                 // Node.js emits an async 'error' event on the child process even after spawn fails
                 // If we don't handle it, it becomes an uncaught exception and crashes the app
-                child.on("error", () => {
-                    // Error already handled via the resolve below - this just prevents uncaught exception
+                child.on("error", (err) => {
+                    logger.debug("CdkProcess", "Deferred spawn error on failed child process", {
+                        error: err.message
+                    });
                 });
                 resolve(failure(spawnError));
                 return;
@@ -170,15 +201,14 @@ export class CdkProcessManager {
             // Track process for cleanup
             const processId = `cdk-${++this.processCounter}`;
             this.runningProcesses.set(processId, child);
-            let timeoutHandle;
-            if (options?.timeout) {
-                timeoutHandle = setTimeout(() => {
-                    if (!child.killed) {
-                        processKilled = true;
-                        this.forceKillProcess(child);
-                    }
-                }, options.timeout);
-            }
+            let settled = false;
+            const timeoutMs = options?.timeout ?? 30 * 60 * 1000;
+            const timeoutHandle = setTimeout(() => {
+                if (!child.killed) {
+                    processKilled = true;
+                    this.forceKillProcess(child);
+                }
+            }, timeoutMs);
             child.stdout?.on("data", (data) => {
                 const chunk = data.toString();
                 output += chunk;
@@ -202,15 +232,19 @@ export class CdkProcessManager {
                 }
             });
             child.on("error", (error) => {
-                if (timeoutHandle)
-                    clearTimeout(timeoutHandle);
+                clearTimeout(timeoutHandle);
                 this.runningProcesses.delete(processId);
+                if (settled || processKilled)
+                    return;
+                settled = true;
                 resolve(failure(getErrorMessage(error)));
             });
             child.on("close", (code) => {
-                if (timeoutHandle)
-                    clearTimeout(timeoutHandle);
+                clearTimeout(timeoutHandle);
                 this.runningProcesses.delete(processId);
+                if (settled)
+                    return;
+                settled = true;
                 if (processKilled) {
                     resolve(failure("CDK command timed out"));
                     return;
@@ -219,25 +253,25 @@ export class CdkProcessManager {
                 // For diff command, we need to include stderr in output since CDK outputs errors there
                 const combinedOutput = output + (errorOutput ? `\n${errorOutput}` : "");
                 if (exitedClean) {
+                    const rawOutput = options?.combineOutput ? combinedOutput : output;
                     resolve(success({
-                        output: args.includes("diff") ? combinedOutput : output,
+                        output: maskSensitiveOutput(rawOutput),
                         exitCode: code || 0
                     }));
                     return;
                 }
-                // Parse error output for meaningful messages
+                // Parse error output for meaningful messages (match on raw before masking)
                 let errorMessage = errorOutput;
                 if (output) {
-                    // Try to extract error from CDK output
                     const errorMatch = output.match(/❌.*?Error:(.*)$/m);
                     if (errorMatch) {
-                        errorMessage = errorMatch[1].trim();
+                        errorMessage = errorMatch[1]?.trim() ?? "";
                     }
                 }
                 // Include stdout in the error string so callers can pattern-match on combined output
                 const errorText = errorMessage || `CDK command failed with exit code ${code}`;
                 const fullError = output ? `${errorText}\n${output}` : errorText;
-                resolve(failure(fullError));
+                resolve(failure(maskSensitiveOutput(fullError)));
             });
         });
     }

package/dist/src/services/infrastructure/CdkService.d.ts

@@ -1,71 +1,26 @@
 import { type ResourceEvent } from "../../aws/utils/cloudformationEvents.js";
-import type { DeploymentContext } from "../../types/deployment/DeploymentTypes.js";
-import type { StepOutput } from "../../types/deployment/DeploymentTypes.js";
+import type { DeploymentContext, StepOutput } from "../../types/deployment/DeploymentTypes.js";
 import type { AwsProvider } from "../../aws/AwsProvider.js";
 import type { Result } from "@fjall/generator";
 import type { CdkError } from "../../types/errors/CdkError.js";
-import type { EventLogWriterFactory } from "../../aws/utils/cloudformationEvents.js";
 import { type CheckDifferencesResult } from "./CdkCommandRunner.js";
-export interface CdkContext {
-    accountId?: string;
-    region?: string;
-    environment?: string;
-    stackName?: string;
-    managedAccount?: boolean;
-    accountName?: string;
-    imageVersion?: string;
-    orgId?: string;
-    rootId?: string;
-    managementAccountId?: string;
-    ipamPoolId?: string;
-    fjallOrgId?: string;
-    orgConfig?: string;
-}
-export interface CdkOptions {
-    verbose?: boolean;
-    noPrompt?: boolean;
-    outputCallback?: (output: string) => void;
-    errorCallback?: (error: string) => void;
-    context?: CdkContext;
-    timeout?: number;
-    passThroughCDK?: boolean;
-    stacks?: string[];
-    noLookups?: boolean;
-    useCdkOut?: boolean;
-    credentials?: {
-        accessKeyId: string;
-        secretAccessKey: string;
-        sessionToken?: string;
-    };
-    outputDir?: string;
-    appDir?: string;
-    cdkOutputLogger?: {
-        writeCdkOutput(stream: "stdout" | "stderr", chunk: string): void;
-    };
-}
-export interface CdkOutput {
-    output?: string;
-    exitCode?: number;
-}
-export interface CdkServiceOptions {
-    eventLogWriterFactory?: EventLogWriterFactory;
-}
+import type { CdkOptions, CdkOutput, CdkServiceOptions } from "./CdkServiceTypes.js";
+export type { CdkContext, CdkOptions, CdkOutput, CdkServiceOptions } from "./CdkServiceTypes.js";
 export { type CheckDifferencesResult } from "./CdkCommandRunner.js";
 export declare class CdkService {
     private commandRunner;
     private eventMonitor;
     constructor(options?: CdkServiceOptions);
+    dispose(): void;
     checkDifferences(path: string, stackName?: string, options?: CdkOptions): Promise<Result<CheckDifferencesResult, CdkError>>;
     deploy(path: string, stackName?: string, options?: CdkOptions): Promise<Result<CdkOutput, string>>;
     destroy(path: string, stackName?: string, options?: CdkOptions): Promise<Result<CdkOutput, string>>;
     runImport(path: string, resourceMappingFile?: string, options?: CdkOptions): Promise<Result<CdkOutput, string>>;
     synth(path: string, options?: CdkOptions): Promise<Result<CdkOutput, string>>;
     bootstrap(accountId: string, region: string, options?: CdkOptions): Promise<Result<CdkOutput, string>>;
-    private resolveStackName;
-    private buildDeploymentCdkContext;
     runCdkSynth(context: DeploymentContext, onOutput?: (chunk: string) => void): Promise<Result<StepOutput, string>>;
-    runCdkBootstrap(context: DeploymentContext, onOutput?: (chunk: string) => void): Promise<Result<StepOutput, string>>;
+    runCdkBootstrap(context: DeploymentContext, onOutput?: (chunk: string) => void, credentials?: CdkOptions["credentials"]): Promise<Result<StepOutput, string>>;
     runCdkDiff(context: DeploymentContext, onOutput?: (chunk: string) => void): Promise<Result<StepOutput, string>>;
-    runCdkDeploy(context: DeploymentContext, stackPattern?: string, onOutput?: (chunk: string) => void, onResourceProgress?: (event: ResourceEvent) => void, aws?: AwsProvider): Promise<Result<StepOutput, string>>;
-    runCdkDestroy(context: DeploymentContext, stackPattern?: string, onOutput?: (chunk: string) => void, onResourceProgress?: (event: ResourceEvent) => void, aws?: AwsProvider, useCdkOut?: boolean): Promise<Result<StepOutput, string>>;
+    runCdkDeploy(context: DeploymentContext, stackPattern?: string, onOutput?: (chunk: string) => void, onResourceProgress?: (event: ResourceEvent) => void, aws?: AwsProvider, credentials?: CdkOptions["credentials"]): Promise<Result<StepOutput, string>>;
+    runCdkDestroy(context: DeploymentContext, stackPattern?: string, onOutput?: (chunk: string) => void, onResourceProgress?: (event: ResourceEvent) => void, aws?: AwsProvider, useCdkOut?: boolean, credentials?: CdkOptions["credentials"]): Promise<Result<StepOutput, string>>;
 }

package/dist/src/services/infrastructure/CdkService.js

@@ -1,24 +1,30 @@
 import { existsSync } from "fs";
 import { join } from "path";
-import { logger } from "@fjall/util";
+import { logger } from "@fjall/util/logger";
 import { success, failure } from "@fjall/generator";
 import { DEFAULT_REGION } from "../../aws/utils/regions.js";
-import { getApplicationStackName, getOrganisationStackName, isApplicationStack } from "../../types/operations.js";
-import { getErrorMessage } from "@fjall/util";
+import { getErrorMessage, maskSensitiveOutput } from "@fjall/util";
 import { CdkEventMonitor, startStackMonitoring } from "./CdkEventMonitoring.js";
 import { analyseDeployOutput, analyseDestroyResult, createEnhancedOutputCallback } from "./CdkOutputAnalyser.js";
 import { CdkCommandRunner } from "./CdkCommandRunner.js";
-/** Delay before falling back to the predicted stack name for CloudFormation monitoring */
-const STACK_DETECTION_FALLBACK_MS = 5_000;
+import { CdkArgumentBuilder } from "./CdkArgumentBuilder.js";
+import { CdkProcessManager } from "./CdkProcessManager.js";
+import { wrapWithConstructMapEnrichment } from "./constructMapEnrichment.js";
+import { STACK_DETECTION_FALLBACK_MS, resolveStackName, getFallbackStackName, buildDeploymentCdkContext } from "./cdkServiceHelpers.js";
 export class CdkService {
     commandRunner;
     eventMonitor;
     constructor(options) {
-        this.commandRunner = new CdkCommandRunner();
+        const processManager = options?.processManager ??
+            new CdkProcessManager(new CdkArgumentBuilder());
+        this.commandRunner = new CdkCommandRunner(processManager);
         this.eventMonitor = new CdkEventMonitor({
             eventLogWriterFactory: options?.eventLogWriterFactory
         });
     }
+    dispose() {
+        this.commandRunner.dispose();
+    }
     // Delegate low-level commands to CdkCommandRunner
     async checkDifferences(path, stackName, options) {
         return this.commandRunner.checkDifferences(path, stackName, options);
@@ -38,47 +44,12 @@ export class CdkService {
     async bootstrap(accountId, region, options) {
         return this.commandRunner.bootstrap(accountId, region, options);
     }
-    resolveStackName(stackPattern, context) {
-        if (stackPattern && !stackPattern.includes("*")) {
-            return stackPattern;
-        }
-        if (stackPattern) {
-            const stackTypeMatch = stackPattern.match(/\*?(\w+)\*?/);
-            if (stackTypeMatch) {
-                const stackType = stackTypeMatch[1];
-                const appName = context.target || "app";
-                return isApplicationStack(stackType)
-                    ? getApplicationStackName(appName, stackType)
-                    : `${appName}${stackType}`;
-            }
-            return stackPattern;
-        }
-        return undefined;
-    }
-    buildDeploymentCdkContext(context, accountId, region, options) {
-        const environment = undefined;
-        return {
-            accountId,
-            region,
-            environment,
-            managedAccount: context.isManagedAccount,
-            ...(options?.includeImageVersion !== false && {
-                imageVersion: context.imageVersion
-            }),
-            orgId: context.orgId,
-            rootId: context.rootId,
-            managementAccountId: context.managementAccountId,
-            ipamPoolId: context.ipamPoolId,
-            fjallOrgId: context.fjallOrgId,
-            orgConfig: context.orgConfig
-        };
-    }
     async runCdkSynth(context, onOutput) {
         const accountId = context.callerIdentity?.Account;
         try {
             const result = await this.synth(context.path, {
                 outputCallback: onOutput,
-                context: this.buildDeploymentCdkContext(context, accountId, context.region || DEFAULT_REGION)
+                context: buildDeploymentCdkContext(context, accountId, context.region || DEFAULT_REGION)
             });
             if (!result.success) {
                 return failure(result.error || "Failed to synthesise CloudFormation template");
@@ -94,7 +65,7 @@ export class CdkService {
             return failure(`CDK synth failed: ${getErrorMessage(error)}`);
         }
     }
-    async runCdkBootstrap(context, onOutput) {
+    async runCdkBootstrap(context, onOutput, credentials) {
         const accountId = context.callerIdentity?.Account;
         const region = context.region || DEFAULT_REGION;
         try {
@@ -106,7 +77,8 @@ export class CdkService {
                 return failure(`Dependencies not installed. Please run 'npm install' in ${context.path} before deploying.`);
             }
             const result = await this.bootstrap(accountId, region, {
-                outputCallback: onOutput
+                outputCallback: onOutput,
+                credentials
             });
             if (!result.success) {
                 return failure(result.error || "Failed to bootstrap AWS environment");
@@ -123,7 +95,7 @@ export class CdkService {
             const result = await this.checkDifferences(context.path, undefined, {
                 verbose: context.options?.verbose,
                 outputCallback: onOutput,
-                context: this.buildDeploymentCdkContext(context, accountId, context.region || DEFAULT_REGION)
+                context: buildDeploymentCdkContext(context, accountId, context.region || DEFAULT_REGION)
             });
             if (!result.success) {
                 return failure(`CDK diff failed: ${result.error.message}`);
@@ -140,7 +112,7 @@ export class CdkService {
             return failure(`CDK diff failed: ${getErrorMessage(error)}`);
         }
     }
-    async runCdkDeploy(context, stackPattern, onOutput, onResourceProgress, aws) {
+    async runCdkDeploy(context, stackPattern, onOutput, onResourceProgress, aws, credentials) {
         const accountId = context.callerIdentity?.Account;
         const region = context.region || DEFAULT_REGION;
         if (!accountId) {
@@ -149,23 +121,16 @@ export class CdkService {
         if (!aws) {
             return failure("AwsProvider is required for deployment monitoring.");
         }
+        // Read construct map from fjall-manifest.json (written during synth)
+        const enrichedOnResourceProgress = wrapWithConstructMapEnrichment(context.path, onResourceProgress);
         let cfnMonitor = null;
         let fallbackMonitoringTimeout;
         try {
-            const targetStackName = this.resolveStackName(stackPattern, context) ??
-                (() => {
-                    const deployType = context.deployType;
-                    if (deployType === "organisation" ||
-                        deployType === "platform" ||
-                        deployType === "account") {
-                        return getOrganisationStackName(deployType);
-                    }
-                    const appName = context.target || "app";
-                    return `${appName}Network`;
-                })();
+            const targetStackName = resolveStackName(stackPattern, context) ??
+                getFallbackStackName(context);
             cfnMonitor = await this.eventMonitor.createEventMonitor("deploy", targetStackName, region, context, aws);
             if (onOutput) {
-                onOutput(`Starting CloudFormation deployment of ${targetStackName}...\n`);
+                onOutput(maskSensitiveOutput(`Starting CloudFormation deployment of ${targetStackName}...\n`));
                 onOutput(`Monitoring CloudFormation events (CDK process running in background)...\n`);
             }
             const state = {
@@ -174,7 +139,7 @@ export class CdkService {
                 stackDetected: false,
                 monitoringPromise: null
             };
-            const enhancedOutputCallback = createEnhancedOutputCallback(state, onOutput, cfnMonitor, onResourceProgress);
+            const enhancedOutputCallback = createEnhancedOutputCallback(state, onOutput, cfnMonitor, enrichedOnResourceProgress);
             // Fall back to predicted stack name if actual name not detected in time
             fallbackMonitoringTimeout = setTimeout(() => {
                 if (!state.stackDetected && cfnMonitor && !state.monitoringPromise) {
@@ -183,7 +148,7 @@ export class CdkService {
                         stackDetected: state.stackDetected,
                         hasOnResourceProgress: !!onResourceProgress
                     });
-                    state.monitoringPromise = startStackMonitoring(cfnMonitor, targetStackName, onResourceProgress);
+                    state.monitoringPromise = startStackMonitoring(cfnMonitor, targetStackName, enrichedOnResourceProgress);
                 }
             }, STACK_DETECTION_FALLBACK_MS);
             const result = await this.deploy(context.path, targetStackName, {
@@ -191,37 +156,31 @@ export class CdkService {
                 outputCallback: enhancedOutputCallback,
                 useCdkOut: true,
                 cdkOutputLogger: cfnMonitor?.getEventLogger() ?? undefined,
-                context: this.buildDeploymentCdkContext(context, accountId, region)
+                context: buildDeploymentCdkContext(context, accountId, region),
+                credentials
             });
-            clearTimeout(fallbackMonitoringTimeout);
-            if (cfnMonitor) {
-                logger.debug("CdkService", "CDK process exited, stopping monitor", {
-                    targetStackName,
-                    stackDetected: state.stackDetected,
-                    hadMonitoringPromise: !!state.monitoringPromise
-                });
-                cfnMonitor.stopMonitoring();
-            }
             return analyseDeployOutput(state.cdkOutput, result, state.actualStackName);
         }
         catch (error) {
-            clearTimeout(fallbackMonitoringTimeout);
-            if (cfnMonitor) {
-                cfnMonitor.stopMonitoring();
-            }
             const errorMsg = `CDK deploy failed: ${getErrorMessage(error)}`;
             logger.error("CdkService", "CDK deployment exception", {
                 error: errorMsg
             });
             return failure(errorMsg);
         }
+        finally {
+            clearTimeout(fallbackMonitoringTimeout);
+            if (cfnMonitor) {
+                cfnMonitor.stopMonitoring();
+            }
+        }
     }
-    async runCdkDestroy(context, stackPattern, onOutput, onResourceProgress, aws, useCdkOut) {
+    async runCdkDestroy(context, stackPattern, onOutput, onResourceProgress, aws, useCdkOut, credentials) {
         const accountId = context.callerIdentity?.Account;
         const region = context.region || DEFAULT_REGION;
         let cfnMonitor = null;
         try {
-            const targetStackName = this.resolveStackName(stackPattern, context);
+            const targetStackName = resolveStackName(stackPattern, context);
             if (accountId && targetStackName && aws) {
                 cfnMonitor = await this.eventMonitor.createEventMonitor("destroy", targetStackName, region, context, aws);
                 cfnMonitor.startMonitoring(targetStackName, (event) => {
@@ -235,20 +194,20 @@ export class CdkService {
                 outputCallback: onOutput,
                 useCdkOut,
                 cdkOutputLogger: cfnMonitor?.getEventLogger() ?? undefined,
-                context: this.buildDeploymentCdkContext(context, accountId, region, {
+                context: buildDeploymentCdkContext(context, accountId, region, {
                     includeImageVersion: false
-                })
+                }),
+                credentials
             });
-            if (cfnMonitor) {
-                cfnMonitor.stopMonitoring();
-            }
             return analyseDestroyResult(result);
         }
         catch (error) {
+            return failure(`CDK destroy failed: ${getErrorMessage(error)}`);
+        }
+        finally {
             if (cfnMonitor) {
                 cfnMonitor.stopMonitoring();
             }
-            return failure(`CDK destroy failed: ${getErrorMessage(error)}`);
         }
     }
 }

package/dist/src/services/infrastructure/CdkServiceTypes.d.ts

@@ -0,0 +1,50 @@
+import type { EventLogWriterFactory } from "../../aws/utils/cloudformationEvents.js";
+import type { ICdkProcessManager } from "./ICdkProcessManager.js";
+export interface CdkContext {
+    accountId?: string;
+    region?: string;
+    environment?: string;
+    managedAccount?: boolean;
+    accountName?: string;
+    imageVersion?: string;
+    orgId?: string;
+    rootId?: string;
+    managementAccountId?: string;
+    ipamPoolId?: string;
+    fjallOrgId?: string;
+    fjallOidcConfigured?: string;
+    orgConfig?: string;
+}
+export interface CdkOptions {
+    verbose?: boolean;
+    noPrompt?: boolean;
+    outputCallback?: (output: string) => void;
+    errorCallback?: (error: string) => void;
+    context?: CdkContext;
+    timeout?: number;
+    passThroughCDK?: boolean;
+    stacks?: string[];
+    noLookups?: boolean;
+    useCdkOut?: boolean;
+    credentials?: {
+        accessKeyId: string;
+        secretAccessKey: string;
+        sessionToken?: string;
+    };
+    outputDir?: string;
+    appDir?: string;
+    cdkOutputLogger?: {
+        writeCdkOutput(stream: "stdout" | "stderr", chunk: string): void;
+    };
+}
+export interface CdkOutput {
+    output?: string;
+    exitCode?: number;
+}
+export interface CdkServiceOptions {
+    eventLogWriterFactory?: EventLogWriterFactory;
+    /** Optional process manager for CDK binary resolution. When provided, CdkCommandRunner
+     * uses this instead of creating its own CdkProcessManager (which relies on
+     * import.meta.url for binary resolution from deploy-core's node_modules). */
+    processManager?: ICdkProcessManager;
+}

package/dist/src/services/infrastructure/CloudFormationService.js

@@ -2,9 +2,10 @@ import { CloudFormationClient, DeleteStackCommand, DescribeStacksCommand, ListEx
 import { stackStatusMap } from "../../aws/utils/stackStatus.js";
 import { success, failure } from "@fjall/generator";
 import { BaseServiceError } from "../../types/errors/ServiceError.js";
-import { getErrorMessage, logger } from "@fjall/util";
-import { sleep } from "../../util/sleep.js";
-import { STACK_NOT_FOUND_PATTERN } from "../../aws/utils/cloudformationEvents.js";
+import { logger } from "@fjall/util/logger";
+import { getErrorMessage, sleep } from "@fjall/util";
+import { STACK_NOT_FOUND_PATTERN } from "@fjall/util/aws";
+import { extractErrorName } from "../../aws/organisations/types.js";
 /**
  * CloudFormation-specific error
  */
@@ -34,18 +35,16 @@ export class CloudFormationService {
      * Classify an AWS SDK error into a typed CloudFormationError.
      */
     classifyAwsError(error, fallbackMessage, stackName) {
-        const errorCode = error instanceof Error && "code" in error
-            ? String(error.code)
-            : undefined;
+        const errorName = extractErrorName(error);
         const errorMessage = getErrorMessage(error);
-        if (errorCode === "CredentialsError" || errorCode === "UnauthorizedError") {
+        if (errorName === "CredentialsError" || errorName === "UnauthorizedError") {
             return new CloudFormationError(`AWS credentials error: ${errorMessage}`, "auth_error", stackName, undefined, error, false);
         }
-        if (errorCode === "Throttling" ||
-            errorCode === "TooManyRequestsException") {
+        if (errorName === "Throttling" ||
+            errorName === "TooManyRequestsException") {
             return new CloudFormationError(`AWS rate limit exceeded: ${errorMessage}`, "throttled", stackName, undefined, error, true);
         }
-        if (errorCode === "NetworkingError" || errorCode === "ENOTFOUND") {
+        if (errorName === "NetworkingError" || errorName === "ENOTFOUND") {
             return new CloudFormationError(`Network error: ${errorMessage}`, "network_error", stackName, undefined, error, true);
         }
         return new CloudFormationError(`${fallbackMessage}: ${errorMessage}`, "unknown", stackName, undefined, error);