@friggframework/devtools 2.0.0-next.47 → 2.0.0-next.48

package/infrastructure/domains/shared/resource-discovery.enhanced.test.js

@@ -0,0 +1,306 @@
+/**
+ * AWS Discovery Configuration Tests
+ *
+ * Tests for AppDefinition-level discovery control options
+ * addressing GitHub Issue #481 - Issue 5
+ */
+
+const { shouldRunDiscovery, gatherDiscoveredResources } = require('./resource-discovery');
+
+// Mock dependencies
+jest.mock('./providers/provider-factory');
+jest.mock('./cloudformation-discovery');
+jest.mock('../networking/vpc-discovery');
+jest.mock('../security/kms-discovery');
+jest.mock('../database/aurora-discovery');
+jest.mock('../parameters/ssm-discovery');
+
+describe('AWS Discovery Configuration (Issue #481 - Issue 5)', () => {
+    beforeEach(() => {
+        delete process.env.FRIGG_SKIP_AWS_DISCOVERY;
+        jest.clearAllMocks();
+    });
+
+    describe('shouldRunDiscovery - Priority Order', () => {
+        it('should use AppDefinition.aws.discovery.enabled when explicitly set to true', () => {
+            const appDefinition = {
+                aws: { discovery: { enabled: true } },
+                vpc: { enable: false }, // Would normally skip
+            };
+
+            const result = shouldRunDiscovery(appDefinition);
+
+            expect(result).toBe(true);
+        });
+
+        it('should use AppDefinition.aws.discovery.enabled when explicitly set to false', () => {
+            const appDefinition = {
+                aws: { discovery: { enabled: false } },
+                vpc: { enable: true }, // Would normally run
+            };
+
+            const result = shouldRunDiscovery(appDefinition);
+
+            expect(result).toBe(false);
+        });
+
+        it('should fall back to env var when AppDefinition not set', () => {
+            process.env.FRIGG_SKIP_AWS_DISCOVERY = 'true';
+
+            const appDefinition = {
+                vpc: { enable: true }, // Would normally run
+            };
+
+            const result = shouldRunDiscovery(appDefinition);
+
+            expect(result).toBe(false);
+        });
+
+        it('should auto-detect when neither AppDefinition nor env var is set', () => {
+            const appDefinition = {
+                vpc: { enable: true },
+            };
+
+            const result = shouldRunDiscovery(appDefinition);
+
+            expect(result).toBe(true);
+        });
+
+        it('should prioritize AppDefinition over env var', () => {
+            process.env.FRIGG_SKIP_AWS_DISCOVERY = 'true';
+
+            const appDefinition = {
+                aws: { discovery: { enabled: true } }, // Explicit override
+            };
+
+            const result = shouldRunDiscovery(appDefinition);
+
+            expect(result).toBe(true); // AppDefinition wins
+        });
+    });
+
+    describe('AppDefinition.aws.discovery.enabled', () => {
+        it('should log when using AppDefinition configuration', () => {
+            const consoleSpy = jest.spyOn(console, 'log').mockImplementation();
+
+            const appDefinition = {
+                aws: { discovery: { enabled: true } },
+            };
+
+            shouldRunDiscovery(appDefinition);
+
+            expect(consoleSpy).toHaveBeenCalledWith(
+                expect.stringContaining('AppDefinition.aws.discovery.enabled: true')
+            );
+
+            consoleSpy.mockRestore();
+        });
+
+        it('should handle explicit false value', () => {
+            const appDefinition = {
+                aws: { discovery: { enabled: false } },
+                vpc: { enable: true },
+                encryption: { fieldLevelEncryptionMethod: 'kms' },
+            };
+
+            const result = shouldRunDiscovery(appDefinition);
+
+            expect(result).toBe(false);
+        });
+
+        it('should handle undefined correctly (fall through to next priority)', () => {
+            const appDefinition = {
+                aws: { discovery: { enabled: undefined } },
+                vpc: { enable: true },
+            };
+
+            const result = shouldRunDiscovery(appDefinition);
+
+            // Should skip when undefined (fall through to env var check)
+            expect(result).toBe(true); // Auto-detect kicks in
+        });
+    });
+
+    describe('Auto-detection based on features', () => {
+        it('should run discovery when VPC is enabled', () => {
+            const appDefinition = {
+                vpc: { enable: true },
+            };
+
+            expect(shouldRunDiscovery(appDefinition)).toBe(true);
+        });
+
+        it('should run discovery when KMS encryption is enabled', () => {
+            const appDefinition = {
+                encryption: { fieldLevelEncryptionMethod: 'kms' },
+            };
+
+            expect(shouldRunDiscovery(appDefinition)).toBe(true);
+        });
+
+        it('should run discovery when SSM is enabled', () => {
+            const appDefinition = {
+                ssm: { enable: true },
+            };
+
+            expect(shouldRunDiscovery(appDefinition)).toBe(true);
+        });
+
+        it('should run discovery when PostgreSQL is enabled', () => {
+            const appDefinition = {
+                database: { postgres: { enable: true } },
+            };
+
+            expect(shouldRunDiscovery(appDefinition)).toBe(true);
+        });
+
+        it('should not run discovery when no features are enabled', () => {
+            const appDefinition = {
+                vpc: { enable: false },
+                encryption: { fieldLevelEncryptionMethod: 'aes' },
+            };
+
+            expect(shouldRunDiscovery(appDefinition)).toBe(false);
+        });
+    });
+
+    describe('gatherDiscoveredResources - failOnError behavior', () => {
+        const { CloudProviderFactory } = require('./providers/provider-factory');
+        const { CloudFormationDiscovery } = require('./cloudformation-discovery');
+
+        beforeEach(() => {
+            const mockProvider = {
+                getVpcs: jest.fn(),
+                getKmsKeys: jest.fn(),
+            };
+
+            CloudProviderFactory.create = jest.fn().mockReturnValue(mockProvider);
+
+            // Mock CloudFormation discovery to throw error
+            CloudFormationDiscovery.mockImplementation(() => ({
+                discoverFromStack: jest.fn().mockRejectedValue(
+                    new Error('User is not authorized to perform: ec2:DescribeVpcs')
+                ),
+            }));
+        });
+
+        it('should throw error when failOnError is true', async () => {
+            const appDefinition = {
+                name: 'test-app',
+                vpc: { enable: true },
+                aws: {
+                    discovery: {
+                        enabled: true,
+                        failOnError: true,
+                    },
+                },
+            };
+
+            await expect(gatherDiscoveredResources(appDefinition)).rejects.toThrow(
+                'User is not authorized'
+            );
+        });
+
+        it('should return empty object when failOnError is false', async () => {
+            const appDefinition = {
+                name: 'test-app',
+                vpc: { enable: true },
+                aws: {
+                    discovery: {
+                        enabled: true,
+                        failOnError: false,
+                    },
+                },
+            };
+
+            const result = await gatherDiscoveredResources(appDefinition);
+
+            expect(result).toEqual({});
+        });
+
+        it('should default to false when failOnError is not set', async () => {
+            const appDefinition = {
+                name: 'test-app',
+                vpc: { enable: true },
+            };
+
+            const result = await gatherDiscoveredResources(appDefinition);
+
+            expect(result).toEqual({});
+        });
+
+        it('should log helpful message when failing gracefully', async () => {
+            const consoleWarnSpy = jest.spyOn(console, 'warn').mockImplementation();
+
+            const appDefinition = {
+                name: 'test-app',
+                vpc: { enable: true },
+                aws: { discovery: { failOnError: false } },
+            };
+
+            await gatherDiscoveredResources(appDefinition);
+
+            expect(consoleWarnSpy).toHaveBeenCalledWith(
+                expect.stringContaining('Set aws.discovery.failOnError = true')
+            );
+
+            consoleWarnSpy.mockRestore();
+        });
+    });
+
+    describe('Real-world scenarios', () => {
+        it('should handle restrictive IAM with explicit disable', () => {
+            const appDefinition = {
+                vpc: { enable: true },
+                aws: {
+                    discovery: {
+                        enabled: false, // Explicit disable for restrictive IAM
+                    },
+                },
+            };
+
+            const result = shouldRunDiscovery(appDefinition);
+
+            expect(result).toBe(false);
+        });
+
+        it('should allow strict mode for production deployments', async () => {
+            const { CloudProviderFactory } = require('./providers/provider-factory');
+            const { CloudFormationDiscovery } = require('./cloudformation-discovery');
+
+            CloudFormationDiscovery.mockImplementation(() => ({
+                discoverFromStack: jest.fn().mockRejectedValue(new Error('IAM error')),
+            }));
+
+            const appDefinition = {
+                name: 'prod-app',
+                vpc: { enable: true },
+                aws: {
+                    discovery: {
+                        enabled: true,
+                        failOnError: true, // Strict mode for production
+                    },
+                },
+            };
+
+            await expect(gatherDiscoveredResources(appDefinition)).rejects.toThrow();
+        });
+
+        it('should allow graceful degradation for dev environments', async () => {
+            const appDefinition = {
+                name: 'dev-app',
+                vpc: { enable: true },
+                aws: {
+                    discovery: {
+                        enabled: true,
+                        failOnError: false, // Graceful for dev
+                    },
+                },
+            };
+
+            const result = await gatherDiscoveredResources(appDefinition);
+
+            expect(result).toEqual({});
+        });
+    });
+});

package/infrastructure/domains/shared/resource-discovery.js

@@ -18,11 +18,26 @@ const { SsmDiscovery } = require('../parameters/ssm-discovery');
 
 /**
  * Determine if AWS discovery should run
- * 
+ *
+ * Checks in priority order:
+ * 1. AppDefinition.aws.discovery.enabled (explicit opt-in/out)
+ * 2. FRIGG_SKIP_AWS_DISCOVERY environment variable
+ * 3. Auto-detection based on features enabled (VPC, KMS, SSM, PostgreSQL)
+ *
  * @param {Object} appDefinition - Application definition
  * @returns {boolean} True if discovery is needed
  */
 function shouldRunDiscovery(appDefinition) {
+    // Priority 1: Check AppDefinition-level configuration
+    if (appDefinition.aws?.discovery?.enabled !== undefined) {
+        const enabled = appDefinition.aws.discovery.enabled;
+        console.log(
+            `⚙️  Using AppDefinition.aws.discovery.enabled: ${enabled}`
+        );
+        return enabled;
+    }
+
+    // Priority 2: Check environment variable
     console.log(
         '⚙️  Checking FRIGG_SKIP_AWS_DISCOVERY:',
         process.env.FRIGG_SKIP_AWS_DISCOVERY
@@ -35,6 +50,7 @@ function shouldRunDiscovery(appDefinition) {
         return false;
     }
 
+    // Priority 3: Auto-detect based on enabled features
     return (
         appDefinition.vpc?.enable === true ||
         appDefinition.encryption?.fieldLevelEncryptionMethod === 'kms' ||
@@ -177,10 +193,23 @@ async function gatherDiscoveredResources(appDefinition) {
         console.error('❌ Cloud resource discovery failed:', error.message);
         console.error('Stack:', error.stack);
 
-        // Don't fail the build - return empty resources and let validation handle it
+        // Check if discovery failures should fail the deployment
+        const failOnError = appDefinition.aws?.discovery?.failOnError ?? false;
+
+        if (failOnError) {
+            console.error(
+                '❌ Discovery failure blocking deployment (aws.discovery.failOnError = true)'
+            );
+            throw error;
+        }
+
+        // Graceful degradation - return empty resources and let validation handle it
         console.warn(
             '⚠️  Continuing with empty discovered resources. This may cause deployment issues if resources are required.'
         );
+        console.warn(
+            '💡 Set aws.discovery.failOnError = true in AppDefinition to fail on discovery errors.'
+        );
         return {};
     }
 }

package/infrastructure/domains/shared/utilities/base-definition-factory.js

@@ -224,7 +224,7 @@ function createBaseDefinition(
                 ],
                 packager: 'npm',
                 keepNames: true,
-                keepOutputDirectory: false,  // Clean up .esbuild directory after packaging
+                keepOutputDirectory: true,  // Keep .esbuild directory to prevent ENOENT errors during packaging
                 exclude: [
                     'aws-sdk',
                     '@aws-sdk/*',

package/infrastructure/domains/shared/utilities/prisma-layer-manager.js

@@ -11,13 +11,34 @@ const path = require('path');
 const fs = require('fs');
 const { buildPrismaLayer } = require('../../../scripts/build-prisma-layer');
 
+/**
+ * Check if a process is still running
+ * @param {number} pid - Process ID to check
+ * @returns {boolean} True if process is running
+ */
+function isProcessRunning(pid) {
+    try {
+        // Signal 0 checks if process exists without killing it
+        process.kill(pid, 0);
+        return true;
+    } catch (error) {
+        return false;
+    }
+}
+
 /**
  * Ensure Prisma Lambda Layer exists
- * 
+ *
  * Automatically builds the layer if it doesn't exist.
  * The layer contains ONLY the Prisma runtime client (minimal, ~10-15MB).
  * Prisma CLI is bundled separately in the dbMigrate function.
- * 
+ *
+ * Domain Concept: Build Completion State & Process Locking
+ * - Uses .build-complete marker file to track successful builds
+ * - Uses .build-lock PID file to prevent concurrent builds
+ * - Waits for active builds to complete before starting new one
+ * - Cleans stale locks and incomplete builds before retry
+ *
  * @param {Object} databaseConfig - Database configuration from app definition
  * @returns {Promise<void>}
  * @throws {Error} If layer build fails
@@ -25,27 +46,110 @@ const { buildPrismaLayer } = require('../../../scripts/build-prisma-layer');
 async function ensurePrismaLayerExists(databaseConfig = {}) {
     const projectRoot = process.cwd();
     const layerPath = path.join(projectRoot, 'layers/prisma');
+    const completionMarkerPath = path.join(layerPath, '.build-complete');
+    const lockFilePath = path.join(layerPath, '.build-lock');
 
-    // Check if layer already exists
-    if (fs.existsSync(layerPath)) {
+    // Check if build is complete (marker exists)
+    if (fs.existsSync(completionMarkerPath)) {
         console.log('✓ Prisma Lambda Layer already exists at', layerPath);
         return;
     }
 
-    // Layer doesn't exist - build it automatically
+    // Check for active build process
+    if (fs.existsSync(lockFilePath)) {
+        const lockPid = parseInt(fs.readFileSync(lockFilePath, 'utf-8').trim(), 10);
+
+        if (isProcessRunning(lockPid)) {
+            console.log(`⏳ Another build process (PID ${lockPid}) is active - waiting...`);
+
+            // Wait up to 60 seconds for the other process to complete
+            for (let i = 0; i < 60; i++) {
+                await new Promise(resolve => setTimeout(resolve, 1000));
+
+                // Check if build completed
+                if (fs.existsSync(completionMarkerPath)) {
+                    console.log('✓ Concurrent build completed successfully');
+                    return;
+                }
+
+                // Check if process died
+                if (!isProcessRunning(lockPid)) {
+                    console.log(`⚠ Build process ${lockPid} terminated - cleaning up stale lock`);
+                    fs.rmSync(lockFilePath, { force: true });
+                    break;
+                }
+            }
+
+            // Timeout - check one final time
+            if (fs.existsSync(completionMarkerPath)) {
+                console.log('✓ Concurrent build completed');
+                return;
+            }
+
+            // Still locked after 60s - remove stale lock
+            console.log('⚠ Build timeout - removing stale lock and rebuilding');
+            fs.rmSync(lockFilePath, { force: true });
+        } else {
+            // Stale lock file (process not running)
+            console.log(`⚠ Stale lock file detected (PID ${lockPid} not running) - cleaning up`);
+            fs.rmSync(lockFilePath, { force: true });
+        }
+    }
+
+    // Check if incomplete build exists (directory without marker)
+    if (fs.existsSync(layerPath) && !fs.existsSync(completionMarkerPath)) {
+        console.log('⚠ Incomplete Prisma layer detected - will be cleaned by buildPrismaLayer()');
+    }
+
+    // Build layer
     console.log('📦 Prisma Lambda Layer not found - building automatically...');
     console.log('   Building MINIMAL layer (runtime only, NO CLI)');
     console.log('   CLI is packaged separately in dbMigrate function');
     console.log('   This may take a minute on first deployment.\n');
 
+    // Create lock file with current process PID
+    try {
+        if (!fs.existsSync(layerPath)) {
+            fs.mkdirSync(layerPath, { recursive: true });
+        }
+        fs.writeFileSync(lockFilePath, process.pid.toString());
+    } catch (error) {
+        console.warn('⚠ Could not create lock file:', error.message);
+    }
+
     try {
         // Build layer WITHOUT CLI (runtime only for minimal size)
         await buildPrismaLayer(databaseConfig);
+
+        // Create completion marker
+        fs.writeFileSync(
+            completionMarkerPath,
+            `Build completed: ${new Date().toISOString()}\nNode: ${process.version}\nPlatform: ${process.platform}\n`
+        );
+
         console.log('✓ Prisma Lambda Layer built successfully (~10-15MB)\n');
     } catch (error) {
+        // Clean up partial build on failure
+        if (fs.existsSync(layerPath)) {
+            try {
+                fs.rmSync(layerPath, { recursive: true, force: true });
+            } catch (cleanupError) {
+                console.warn('⚠ Could not clean failed build:', cleanupError.message);
+            }
+        }
+
         console.error('✗ Failed to build Prisma Lambda Layer:', error.message);
         console.error('  You may need to run: npm install @friggframework/core\n');
         throw error;
+    } finally {
+        // Always remove lock file when done (success or failure)
+        if (fs.existsSync(lockFilePath)) {
+            try {
+                fs.rmSync(lockFilePath, { force: true });
+            } catch (error) {
+                console.warn('⚠ Could not remove lock file:', error.message);
+            }
+        }
     }
 }