@friggframework/devtools 2.0.0--canary.461.41c835a.0 → 2.0.0--canary.461.4860820.0

package/infrastructure/domains/database/aurora-builder.js

@@ -470,31 +470,20 @@ exports.handler = async (event, context) => {
 
             console.log('  ✅ Using discovered Secrets Manager credentials');
         } else {
-            // No secret and no auto-create - construct DATABASE_URL using environment variables at runtime
+            // No secret and no auto-create - set individual DB connection components
+            // The application will construct DATABASE_URL at runtime from these components + DATABASE_USER + DATABASE_PASSWORD
             const dbName = dbConfig.database || 'frigg';
             
-            // Set individual environment variables for flexible credential management
             result.environment.DATABASE_HOST = discoveredResources.auroraClusterEndpoint;
             result.environment.DATABASE_PORT = String(discoveredResources.auroraPort || 5432);
             result.environment.DATABASE_NAME = dbName;
             
-            // Build DATABASE_URL using CloudFormation intrinsic functions to reference
-            // the environment variables at runtime (not build time)
-            result.environment.DATABASE_URL = {
-                'Fn::Sub': [
-                    'postgresql://${DatabaseUser}:${DatabasePassword}@${DatabaseHost}:${DatabasePort}/${DatabaseName}',
-                    {
-                        DatabaseUser: '${env:DATABASE_USER, "postgres"}',
-                        DatabasePassword: '${env:DATABASE_PASSWORD}',
-                        DatabaseHost: discoveredResources.auroraClusterEndpoint,
-                        DatabasePort: String(discoveredResources.auroraPort || 5432),
-                        DatabaseName: dbName,
-                    },
-                ],
-            };
+            // Note: DATABASE_URL is NOT set here to avoid Serverless variable resolution errors
+            // The application (Frigg Core) should construct it at runtime from:
+            // DATABASE_HOST, DATABASE_PORT, DATABASE_NAME, DATABASE_USER, DATABASE_PASSWORD
             
-            console.log('  ℹ️  No Secrets Manager secret found - DATABASE_URL will use DATABASE_USER and DATABASE_PASSWORD from environment');
-            console.log('  ℹ️  Set DATABASE_USER and DATABASE_PASSWORD in Lambda environment or via serverless deploy --param');
+            console.log('  ℹ️  No Secrets Manager secret found - set DATABASE_USER and DATABASE_PASSWORD in Lambda environment');
+            console.log('  ℹ️  Application will construct DATABASE_URL at runtime from DATABASE_HOST, DATABASE_PORT, DATABASE_NAME, DATABASE_USER, DATABASE_PASSWORD');
             console.log('  ℹ️  Or enable autoCreateCredentials=true to automatically create and rotate credentials');
         }
 

package/infrastructure/domains/database/aurora-builder.test.js

@@ -422,11 +422,17 @@ describe('AuroraBuilder', () => {
                 expect(result.resources.FriggAuroraPasswordRotator).toBeUndefined();
                 expect(result.resources.PasswordRotatorRole).toBeUndefined();
 
-                // DATABASE_URL should use env variables
-                expect(result.environment.DATABASE_URL).toBeDefined();
-                expect(result.environment.DATABASE_URL['Fn::Sub']).toBeDefined();
-                expect(result.environment.DATABASE_URL['Fn::Sub'][1].DatabaseUser).toContain('env:DATABASE_USER');
-                expect(result.environment.DATABASE_URL['Fn::Sub'][1].DatabasePassword).toContain('env:DATABASE_PASSWORD');
+                // Should set individual environment variables for flexible credential management
+                expect(result.environment.DATABASE_HOST).toBe('cluster.abc.us-east-1.rds.amazonaws.com');
+                expect(result.environment.DATABASE_PORT).toBe('5432');
+                expect(result.environment.DATABASE_NAME).toBe('frigg');
+                
+                // DATABASE_URL should NOT be set (to avoid Serverless variable resolution errors)
+                // The application should construct it at runtime from DATABASE_HOST, DATABASE_PORT, DATABASE_NAME, DATABASE_USER, DATABASE_PASSWORD
+                expect(result.environment.DATABASE_URL).toBeUndefined();
+                
+                // DATABASE_USER and DATABASE_PASSWORD should come from appDefinition.environment
+                // and will be set by the environment-builder, not here
             });
 
             it('should not create credentials when secret is already discovered', async () => {
@@ -525,6 +531,39 @@ describe('AuroraBuilder', () => {
                 // Should use string concatenation instead
                 expect(zipFileCode).toContain("'Successfully rotated password for cluster: ' + ClusterIdentifier");
             });
+
+            it('should properly escape ExcludeCharacters for valid JSON in CloudFormation template', async () => {
+                const appDefinition = {
+                    database: {
+                        postgres: {
+                            enable: true,
+                            management: 'discover',
+                            autoCreateCredentials: true,
+                        },
+                    },
+                };
+
+                const discoveredResources = {
+                    auroraClusterEndpoint: 'cluster.abc.us-east-1.rds.amazonaws.com',
+                    auroraPort: 5432,
+                };
+
+                const result = await auroraBuilder.build(appDefinition, discoveredResources);
+
+                const excludeChars = result.resources.FriggDBSecret.Properties.GenerateSecretString.ExcludeCharacters;
+                
+                // Should properly escape the backslash so it's valid JSON
+                // In JavaScript string: '"@/\\' represents the string: "@/\
+                // When serialized to JSON, backslash must be doubled: '"@/\\'
+                expect(excludeChars).toBe('"@/\\\\');
+                
+                // Verify it can be JSON-stringified without errors
+                expect(() => JSON.stringify(result.resources.FriggDBSecret)).not.toThrow();
+                
+                // Verify the JSON output has the correct escape sequence
+                const jsonOutput = JSON.stringify(result.resources.FriggDBSecret);
+                expect(jsonOutput).toContain('\\"@/\\\\\\\\');  // In JSON string: "\"@/\\\\"
+            });
         });
     });
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@friggframework/devtools",
   "prettier": "@friggframework/prettier-config",
-  "version": "2.0.0--canary.461.41c835a.0",
+  "version": "2.0.0--canary.461.4860820.0",
   "dependencies": {
     "@aws-sdk/client-ec2": "^3.835.0",
     "@aws-sdk/client-kms": "^3.835.0",
@@ -11,8 +11,8 @@
     "@babel/eslint-parser": "^7.18.9",
     "@babel/parser": "^7.25.3",
     "@babel/traverse": "^7.25.3",
-    "@friggframework/schemas": "2.0.0--canary.461.41c835a.0",
-    "@friggframework/test": "2.0.0--canary.461.41c835a.0",
+    "@friggframework/schemas": "2.0.0--canary.461.4860820.0",
+    "@friggframework/test": "2.0.0--canary.461.4860820.0",
     "@hapi/boom": "^10.0.1",
     "@inquirer/prompts": "^5.3.8",
     "axios": "^1.7.2",
@@ -34,8 +34,8 @@
     "serverless-http": "^2.7.0"
   },
   "devDependencies": {
-    "@friggframework/eslint-config": "2.0.0--canary.461.41c835a.0",
-    "@friggframework/prettier-config": "2.0.0--canary.461.41c835a.0",
+    "@friggframework/eslint-config": "2.0.0--canary.461.4860820.0",
+    "@friggframework/prettier-config": "2.0.0--canary.461.4860820.0",
     "aws-sdk-client-mock": "^4.1.0",
     "aws-sdk-client-mock-jest": "^4.1.0",
     "jest": "^30.1.3",
@@ -70,5 +70,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "41c835ab632e6cb39b585b16663981525975ae6a"
+  "gitHead": "486082018ba9bc219bf266048eb4c846bd9a45fb"
 }