@go-to-k/cdkd 0.115.2 → 0.115.3

package/dist/{deploy-engine-AoZgViZN.js → deploy-engine-VFIYh_NY.js}

@@ -2896,6 +2896,33 @@ async function spawnStreaming(cmd, args, options = {}) {
 		}
 	});
 }
+/**
+* Format the stderr from a failed `docker login` so the surfaced cdkd
+* error gives the user an actionable workaround when the underlying
+* failure is a credential-helper persistence bug (which has nothing to
+* do with cdkd, AWS, or IAM perms — the docker CLI itself fails to
+* save the auth token to the platform's credential store). The most
+* common shape is `osxkeychain` on macOS rejecting an overwrite for
+* an existing entry, but `wincred` (Windows), `pass` (Linux), and
+* `secretservice` (Linux) hit the same class of `Error saving
+* credentials` failure, so the rewritten message stays platform-
+* agnostic — `docker logout <endpoint>` is the correct recovery on
+* every backend.
+*
+* Detected docker / docker-credential-* output patterns:
+*   - `error storing credentials - err: exit status 1, out: \`The
+*     specified item already exists in the keychain.\`` (osxkeychain)
+*   - `Error saving credentials: ...` (any backend)
+*
+* Non-matching failures (genuine IAM / network / endpoint problems)
+* pass through with just the stderr trimmed — the original message
+* stays load-bearing for diagnosis.
+*/
+function formatDockerLoginError(stderr, endpoint) {
+	const trimmed = stderr.trim();
+	if (trimmed.includes("already exists in the keychain") || trimmed.includes("Error saving credentials")) return `docker's credential helper (osxkeychain on macOS / wincred on Windows / pass / secretservice on Linux) failed to persist the ECR auth token. The "already exists in the keychain" / "Error saving credentials" output is a known docker-credential-helpers issue — unrelated to cdkd, AWS credentials, or IAM perms. Quick fix: run \`docker logout ${endpoint}\` to clear the stale entry, then retry the cdkd command. Permanent fix: edit ~/.docker/config.json and remove (or empty) the platform-specific "credsStore" entry (e.g. "osxkeychain" → "" or "desktop" on macOS Docker Desktop). Original docker stderr: ${trimmed}`;
+	return trimmed;
+}
 function mergeEnv(overrides) {
 	const merged = { ...process.env };
 	for (const [k, v] of Object.entries(overrides)) if (v === void 0) delete merged[k];
@@ -3129,7 +3156,7 @@ var DockerAssetPublisher = class {
 			], { input: password });
 		} catch (err) {
 			const e = err;
-			throw new AssetError(`ECR login failed: ${e.stderr?.trim() || e.message || String(err)}`);
+			throw new AssetError(`ECR login failed: ${formatDockerLoginError(e.stderr || e.message || String(err), endpoint)}`);
 		}
 	}
 	/**
@@ -9740,5 +9767,5 @@ var DeployEngine = class {
 };
 
 //#endregion
-export { StackTerminationProtectionError as $, getDefaultStateBucketName as A, resolveBucketRegion as B, AssetPublisher as C, getDockerCmd as D, buildDockerImage as E, resolveStateBucketWithDefault as F, LocalInvokeBuildError as G, CdkdError as H, resolveStateBucketWithDefaultAndSource as I, ProvisioningError as J, LockError as K, warnDeprecatedNoPrefixCliFlag as L, resolveApp as M, resolveCaptureObservedState as N, runDockerStreaming as O, resolveSkipPrefix as P, StackHasActiveImportsError as Q, AssemblyReader as R, shouldRetainResource as S, WorkGraph as T, ConfigError as U, AssetError as V, DependencyError as W, ResourceUpdateNotSupportedError as X, ResourceTimeoutError as Y, RouteDiscoveryError as Z, DiffCalculator as _, withRetry as a, withErrorHandling as at, LockManager as b, collectInlinePolicyNamesManagedBySiblings as c, setLogger as ct, normalizeAwsTagsToCfn as d, PATTERN_B_NAME_PROPERTIES as dt, StateError as et, resolveExplicitPhysicalId as f, PATTERN_B_RESOURCE_TYPES as ft, IntrinsicFunctionResolver as g, withStackName as gt, assertRegionMatch as h, withSkipPrefix as ht, withResourceDeadline as i, normalizeAwsError as it, getLegacyStateBucketName as j, Synthesizer as k, CDK_PATH_TAG as l, runStackBuffered as lt, CloudControlProvider as m, generateResourceNameWithFallback as mt, DEFAULT_RESOURCE_WARN_AFTER_MS as n, formatError as nt, IMPLICIT_DELETE_DEPENDENCIES as o, ConsoleLogger as ot, ProviderRegistry as p, generateResourceName as pt, PartialFailureError as q, DeployEngine as r, isCdkdError as rt, IAMRoleProvider as s, getLogger as st, DEFAULT_RESOURCE_TIMEOUT_MS as t, SynthesisError as tt, matchesCdkPath as u, getLiveRenderer as ut, DagBuilder as v, stringifyValue as w, S3StateBackend as x, TemplateParser as y, clearBucketRegionCache as z };
-//# sourceMappingURL=deploy-engine-AoZgViZN.js.map
+export { StackHasActiveImportsError as $, Synthesizer as A, clearBucketRegionCache as B, AssetPublisher as C, formatDockerLoginError as D, buildDockerImage as E, resolveSkipPrefix as F, DependencyError as G, AssetError as H, resolveStateBucketWithDefault as I, PartialFailureError as J, LocalInvokeBuildError as K, resolveStateBucketWithDefaultAndSource as L, getLegacyStateBucketName as M, resolveApp as N, getDockerCmd as O, resolveCaptureObservedState as P, RouteDiscoveryError as Q, warnDeprecatedNoPrefixCliFlag as R, shouldRetainResource as S, WorkGraph as T, CdkdError as U, resolveBucketRegion as V, ConfigError as W, ResourceTimeoutError as X, ProvisioningError as Y, ResourceUpdateNotSupportedError as Z, DiffCalculator as _, withStackName as _t, withRetry as a, normalizeAwsError as at, LockManager as b, collectInlinePolicyNamesManagedBySiblings as c, getLogger as ct, normalizeAwsTagsToCfn as d, getLiveRenderer as dt, StackTerminationProtectionError as et, resolveExplicitPhysicalId as f, PATTERN_B_NAME_PROPERTIES as ft, IntrinsicFunctionResolver as g, withSkipPrefix as gt, assertRegionMatch as h, generateResourceNameWithFallback as ht, withResourceDeadline as i, isCdkdError as it, getDefaultStateBucketName as j, runDockerStreaming as k, CDK_PATH_TAG as l, setLogger as lt, CloudControlProvider as m, generateResourceName as mt, DEFAULT_RESOURCE_WARN_AFTER_MS as n, SynthesisError as nt, IMPLICIT_DELETE_DEPENDENCIES as o, withErrorHandling as ot, ProviderRegistry as p, PATTERN_B_RESOURCE_TYPES as pt, LockError as q, DeployEngine as r, formatError as rt, IAMRoleProvider as s, ConsoleLogger as st, DEFAULT_RESOURCE_TIMEOUT_MS as t, StateError as tt, matchesCdkPath as u, runStackBuffered as ut, DagBuilder as v, stringifyValue as w, S3StateBackend as x, TemplateParser as y, AssemblyReader as z };
+//# sourceMappingURL=deploy-engine-VFIYh_NY.js.map