@go-to-k/cdkd 0.127.0 → 0.128.0

package/dist/cli.js

@@ -36602,7 +36602,7 @@ function extractLambdaProperties(stack, logicalId, resource, resources) {
 	const timeoutSec = typeof props["Timeout"] === "number" ? props["Timeout"] : 3;
 	const ephemeralStorageMb = extractEphemeralStorageMb(props, logicalId);
 	const code = props["Code"] ?? {};
-	const imageUri = extractImageUri(code["ImageUri"], logicalId, stack.stackName, resources);
+	const imageUri = extractImageUri$1(code["ImageUri"], logicalId, stack.stackName, resources);
 	if (imageUri !== void 0) return extractImageLambdaProperties({
 		stack,
 		logicalId,
@@ -36699,7 +36699,7 @@ function extractEphemeralStorageMb(props, logicalId) {
 * for genuinely unrecognized shapes so the caller's downstream ZIP-vs-
 * IMAGE branching can route to its existing error path.
 */
-function extractImageUri(value, logicalId, stackName, resources) {
+function extractImageUri$1(value, logicalId, stackName, resources) {
 	if (typeof value === "string" && value.length > 0) return value;
 	if (value && typeof value === "object" && !Array.isArray(value)) {
 		const obj = value;
@@ -40347,31 +40347,56 @@ function createContainerPool(specs, options) {
 	/**
 	* Spin up one new container for the given Lambda spec. Returns a
 	* handle the caller can write into the entry's data structures.
+	*
+	* Branches on `spec.kind`:
+	*   - `'zip'`: bind-mount the function's local code dir at
+	*     `/var/task` (or `/var/runtime` for `provided.*` runtimes),
+	*     base image from `public.ecr.aws/lambda/<lang>:<v>`, CMD =
+	*     `[<Handler>]`.
+	*   - `'image'`: no code bind-mount (image already includes the
+	*     code), base image is the pre-built local tag, CMD =
+	*     `ImageConfig.Command` (may be empty), optional EntryPoint /
+	*     WorkingDirectory / --platform applied verbatim.
 	*/
 	async function startOne(spec) {
-		const image = resolveRuntimeImage(spec.lambda.runtime);
 		const hostPort = await pickFreePort();
 		const name = `cdkd-local-${spec.lambda.logicalId}-${process.pid}-${Math.floor(Math.random() * 1e6)}`;
-		logger.debug(`Starting container ${name} for ${spec.lambda.logicalId} on ${spec.containerHost}:${hostPort}`);
-		const optMount = spec.optDir ? [{
-			hostPath: spec.optDir,
-			containerPath: "/opt",
-			readOnly: true
-		}] : [];
-		const containerCodePath = resolveRuntimeCodeMountPath(spec.lambda.runtime);
-		const containerId = await runDetached({
-			image,
-			mounts: [{
-				hostPath: spec.codeDir,
-				containerPath: containerCodePath,
+		logger.debug(`Starting container ${name} for ${spec.lambda.logicalId} (kind=${spec.kind}) on ${spec.containerHost}:${hostPort}`);
+		let containerId;
+		if (spec.kind === "zip") {
+			const optMount = spec.optDir ? [{
+				hostPath: spec.optDir,
+				containerPath: "/opt",
 				readOnly: true
-			}],
-			extraMounts: optMount,
+			}] : [];
+			const containerCodePath = resolveRuntimeCodeMountPath(spec.lambda.runtime);
+			containerId = await runDetached({
+				image: resolveRuntimeImage(spec.lambda.runtime),
+				mounts: [{
+					hostPath: spec.codeDir,
+					containerPath: containerCodePath,
+					readOnly: true
+				}],
+				extraMounts: optMount,
+				env: spec.env,
+				cmd: [spec.lambda.handler],
+				hostPort,
+				host: spec.containerHost,
+				name,
+				...spec.debugPort !== void 0 && { debugPort: spec.debugPort },
+				...spec.tmpfs !== void 0 && { tmpfs: spec.tmpfs }
+			});
+		} else containerId = await runDetached({
+			image: spec.image,
+			mounts: [],
 			env: spec.env,
-			cmd: [spec.lambda.handler],
+			cmd: spec.command,
 			hostPort,
 			host: spec.containerHost,
 			name,
+			platform: spec.platform,
+			...spec.entryPoint !== void 0 && { entryPoint: spec.entryPoint },
+			...spec.workingDir !== void 0 && { workingDir: spec.workingDir },
 			...spec.debugPort !== void 0 && { debugPort: spec.debugPort },
 			...spec.tmpfs !== void 0 && { tmpfs: spec.tmpfs }
 		});
@@ -44142,12 +44167,13 @@ async function localStartApiCommand(target, options) {
 				inlineTmpDirs,
 				layerTmpDirs,
 				stateByStack,
+				skipPull: options.pull === false,
 				...options.layerRoleArn !== void 0 && { layerRoleArn: options.layerRoleArn }
 			});
 			specs.set(logicalId, spec);
 		}
 		const distinctImages = /* @__PURE__ */ new Set();
-		for (const spec of specs.values()) distinctImages.add(resolveRuntimeImage(spec.lambda.runtime));
+		for (const spec of specs.values()) if (spec.kind === "zip") distinctImages.add(resolveRuntimeImage(spec.lambda.runtime));
 		for (const image of distinctImages) await pullImage(image, options.pull === false);
 		return {
 			routes: routesWithAuth,
@@ -44176,13 +44202,23 @@ async function localStartApiCommand(target, options) {
 	/**
 	* Compute the watched-asset list from a spec map. Pure helper —
 	* keeps the side-effect (`lastAssetPaths.value = ...`) confined to
-	* the post-swap call sites (initial boot + post-reload). `codeDir`
-	* is either the unzipped asset directory or the inline-code tmpdir;
-	* both are watch-worthy.
+	* the post-swap call sites (initial boot + post-reload). For ZIP
+	* Lambdas `codeDir` is either the unzipped asset directory or the
+	* inline-code tmpdir; both are watch-worthy. IMAGE Lambdas
+	* (`kind: 'image'`) don't have a host-side bind-mount source — the
+	* code is baked into the docker image at build time. Their build
+	* context (Dockerfile + source directory) is rebuilt on every
+	* reload via `synthesizeAndBuild` → `buildContainerSpec` →
+	* `resolveContainerImageForStartApi`, so a source edit DOES trigger
+	* rebuild AND the deterministic `image` tag changes — but watching
+	* the build-context dir explicitly here is deferred to a follow-up
+	* (the watched-asset list is currently sourced from `cdk.out/`
+	* which transitively covers most container-Lambda asset dirs since
+	* `cdk synth` re-stages them on every synth call).
 	*/
 	const computeAssetPaths = (specs) => {
 		const assetPaths = /* @__PURE__ */ new Set();
-		for (const spec of specs.values()) assetPaths.add(spec.codeDir);
+		for (const spec of specs.values()) if (spec.kind === "zip") assetPaths.add(spec.codeDir);
 		return [...assetPaths];
 	};
 	const initialMaterial = await synthesizeAndBuild();
@@ -44455,10 +44491,19 @@ function warnIamRoutes(routesWithAuth) {
 * missing, runtime not supported).
 */
 async function buildContainerSpec(args) {
-	const { logicalId, stacks, overrides, assumeRole, containerHost, debugPort, stsRegion, inlineTmpDirs, layerTmpDirs, stateByStack, layerRoleArn } = args;
+	const { logicalId, stacks, overrides, assumeRole, containerHost, debugPort, stsRegion, inlineTmpDirs, layerTmpDirs, stateByStack, skipPull, layerRoleArn } = args;
 	const lambda = resolveLambdaByLogicalId(logicalId, stacks);
-	const codeDir = lambda.codePath ?? materializeInlineCode$1(lambda.handler, lambda.inlineCode ?? "", resolveRuntimeFileExtension(lambda.runtime), inlineTmpDirs);
-	const optDir = await materializeLambdaLayers$1(lambda.layers, layerTmpDirs, layerRoleArn);
+	let codeDir;
+	let optDir;
+	let imageRef;
+	let platform;
+	if (lambda.kind === "zip") {
+		codeDir = lambda.codePath ?? materializeInlineCode$1(lambda.handler, lambda.inlineCode ?? "", resolveRuntimeFileExtension(lambda.runtime), inlineTmpDirs);
+		optDir = await materializeLambdaLayers$1(lambda.layers, layerTmpDirs, layerRoleArn);
+	} else {
+		imageRef = (await resolveContainerImageForStartApi(lambda, skipPull)).imageRef;
+		platform = architectureToPlatform(lambda.architecture);
+	}
 	let templateEnv = getTemplateEnv$1(lambda.resource);
 	const stateBundle = stateByStack.get(lambda.stack.stackName);
 	let stateAudit;
@@ -44498,7 +44543,8 @@ async function buildContainerSpec(args) {
 		target: "/tmp",
 		sizeMb: lambda.ephemeralStorageMb
 	} : void 0;
-	return {
+	if (lambda.kind === "zip") return {
+		kind: "zip",
 		lambda,
 		codeDir,
 		env: dockerEnv,
@@ -44507,6 +44553,60 @@ async function buildContainerSpec(args) {
 		...debugPort !== void 0 && { debugPort },
 		...tmpfs !== void 0 && { tmpfs }
 	};
+	return {
+		kind: "image",
+		lambda,
+		image: imageRef,
+		platform,
+		command: lambda.imageConfig.command ?? [],
+		...lambda.imageConfig.entryPoint !== void 0 && lambda.imageConfig.entryPoint.length > 0 && { entryPoint: lambda.imageConfig.entryPoint },
+		...lambda.imageConfig.workingDirectory !== void 0 && { workingDir: lambda.imageConfig.workingDirectory },
+		env: dockerEnv,
+		containerHost,
+		...debugPort !== void 0 && { debugPort },
+		...tmpfs !== void 0 && { tmpfs }
+	};
+}
+/**
+* Resolve a container Lambda's local docker image — local build from
+* `cdk.out` asset manifest first, ECR-pull fallback when the asset
+* manifest has no matching entry. Mirrors `cdkd local invoke`'s
+* `resolveContainerImagePlan` shape; the start-api server doesn't
+* need the no-build flag (deterministic-tag cache reuse is automatic
+* across reloads because the per-Lambda tag is content-addressed).
+*
+* Same-account / same-region only on the ECR-pull path (matches the
+* `cdkd local invoke` PR 5 of #224 boundary). Cross-account /
+* cross-region ECR pull is the W2-1 deferred follow-up.
+*/
+async function resolveContainerImageForStartApi(lambda, skipPull) {
+	const logger = getLogger();
+	const localBuild = await resolveLocalBuildPlan$1(lambda);
+	if (localBuild) return { imageRef: await buildContainerImage(localBuild.asset, localBuild.cdkOutDir, { architecture: lambda.architecture }) };
+	if (!parseEcrUri(lambda.imageUri)) throw new Error(`Container Lambda '${lambda.logicalId}' has no matching asset in cdk.out, and Code.ImageUri '${lambda.imageUri}' is not an ECR URI cdkd can authenticate against. Re-synthesize the CDK app (so cdk.out includes the build context) or deploy the image to ECR first.`);
+	logger.info(`No matching cdk.out asset for ${lambda.imageUri}; falling back to ECR pull (same-acct/region only)...`);
+	return { imageRef: await pullEcrImage(lambda.imageUri, { skipPull }) };
+}
+/**
+* Look up the docker image asset that backs a container Lambda.
+* Returns `undefined` when the asset manifest has no matching entry —
+* the caller falls back to the ECR-pull path.
+*
+* Mirrors `local-invoke.ts:resolveLocalBuildPlan`; kept separate so
+* the two commands evolve their asset-lookup heuristics independently.
+*/
+async function resolveLocalBuildPlan$1(lambda) {
+	const manifestPath = lambda.stack.assetManifestPath;
+	if (!manifestPath) return void 0;
+	const cdkOutDir = path.dirname(manifestPath);
+	const manifest = await new AssetManifestLoader().loadManifest(cdkOutDir, lambda.stack.stackName);
+	if (!manifest) return void 0;
+	const entry = getDockerImageBySourceHash(manifest, lambda.imageUri);
+	if (!entry) return void 0;
+	return {
+		asset: entry.asset,
+		cdkOutDir
+	};
 }
 /**
 * Build the `/opt` bind-mount source for a Lambda's layers. Mirrors
@@ -44568,15 +44668,23 @@ function resolveLambdaByLogicalId(logicalId, stacks) {
 		const resource = stack.template.Resources?.[logicalId];
 		if (!resource || resource.Type !== "AWS::Lambda::Function") continue;
 		const props = resource.Properties ?? {};
-		const runtime = typeof props["Runtime"] === "string" ? props["Runtime"] : "";
-		const handler = typeof props["Handler"] === "string" ? props["Handler"] : "";
 		const memoryMb = typeof props["MemorySize"] === "number" ? props["MemorySize"] : 128;
 		const timeoutSec = typeof props["Timeout"] === "number" ? props["Timeout"] : 3;
-		if (!runtime) throw new Error(`Lambda '${logicalId}' has no Runtime property. Container-image Lambdas (Code.ImageUri) are not supported in cdkd local start-api v1.`);
-		if (!handler) throw new Error(`Lambda '${logicalId}' has no Handler property.`);
 		const code = props["Code"] ?? {};
-		const imageUri = code["ImageUri"];
-		if (typeof imageUri === "string" || typeof imageUri === "object" && imageUri !== null && "Fn::Sub" in imageUri) throw new Error(`Lambda '${logicalId}' uses Code.ImageUri (container-image Lambda). 'cdkd local start-api' v1 supports ZIP Lambdas only — container-image support is deferred to a follow-up PR. Use 'cdkd local invoke' to exercise this function locally.`);
+		const imageUri = extractImageUri(code["ImageUri"]);
+		if (imageUri !== void 0) return resolveImageLambda({
+			stack,
+			logicalId,
+			resource,
+			props,
+			memoryMb,
+			timeoutSec,
+			imageUri
+		});
+		const runtime = typeof props["Runtime"] === "string" ? props["Runtime"] : "";
+		const handler = typeof props["Handler"] === "string" ? props["Handler"] : "";
+		if (!runtime) throw new Error(`Lambda '${logicalId}' has no Runtime property and no Code.ImageUri. cdkd local start-api cannot tell if this is a ZIP or a container Lambda.`);
+		if (!handler) throw new Error(`Lambda '${logicalId}' has no Handler property.`);
 		const inlineCode = typeof code["ZipFile"] === "string" ? code["ZipFile"] : void 0;
 		let codePath = null;
 		if (!inlineCode) codePath = resolveAssetCodePath(stack, logicalId, resource);
@@ -44600,6 +44708,66 @@ function resolveLambdaByLogicalId(logicalId, stacks) {
 	throw new Error(`No AWS::Lambda::Function resource named '${logicalId}' found in target stacks. This is likely a synthesis bug — the route-discovery phase resolved a route to this logical ID.`);
 }
 /**
+* Extract `Code.ImageUri` across the shapes CDK actually synthesizes.
+* Mirrors the simpler subset of `lambda-resolver.ts:extractImageUri`
+* scoped to the shapes `cdkd local start-api` consumes — flat string
+* and `Fn::Sub` (the canonical asset shape for
+* `lambda.DockerImageCode.fromImageAsset`). `Fn::Join` shapes for
+* `lambda.DockerImageCode.fromEcr` are deferred to a follow-up: the
+* start-api boot flow doesn't yet load cdkd state up front, and the
+* `Fn::Join` resolver needs it to recover same-stack ECR repository
+* URIs. When the user hits the unsupported shape, the downstream
+* resolveLocalBuildPlan / pullEcrImage path surfaces a clear error.
+*
+* Returns `undefined` when the field is absent or non-recognized,
+* which routes the caller to the ZIP branch (with its existing
+* "no Runtime / no Handler" validations).
+*/
+function extractImageUri(value) {
+	if (typeof value === "string" && value.length > 0) return value;
+	if (value && typeof value === "object" && !Array.isArray(value)) {
+		const sub = value["Fn::Sub"];
+		if (typeof sub === "string" && sub.length > 0) return sub;
+		if (Array.isArray(sub) && typeof sub[0] === "string") return sub[0];
+	}
+}
+/**
+* Build the IMAGE-variant `ResolvedStartApiLambda` from a Lambda
+* template entry with `Code.ImageUri`. Mirrors
+* `lambda-resolver.ts:extractImageLambdaProperties` but trimmed to the
+* fields `cdkd local start-api` actually consumes.
+*/
+function resolveImageLambda(args) {
+	const { stack, logicalId, resource, props, memoryMb, timeoutSec, imageUri } = args;
+	const rawImageConfig = props["ImageConfig"] ?? {};
+	const imageConfig = {};
+	if (Array.isArray(rawImageConfig["Command"])) imageConfig.command = rawImageConfig["Command"].filter((s) => typeof s === "string");
+	if (Array.isArray(rawImageConfig["EntryPoint"])) imageConfig.entryPoint = rawImageConfig["EntryPoint"].filter((s) => typeof s === "string");
+	if (typeof rawImageConfig["WorkingDirectory"] === "string") imageConfig.workingDirectory = rawImageConfig["WorkingDirectory"];
+	const arches = props["Architectures"];
+	let architecture = "x86_64";
+	if (Array.isArray(arches) && arches.length > 0) {
+		const first = arches[0];
+		if (first === "arm64") architecture = "arm64";
+		else if (first === "x86_64") architecture = "x86_64";
+		else throw new Error(`Lambda '${logicalId}' has unsupported Architectures value '${String(first)}'. cdkd local start-api supports x86_64 and arm64.`);
+	}
+	const ephemeralStorageMb = extractEphemeralStorageMb(props, logicalId);
+	return {
+		kind: "image",
+		stack,
+		logicalId,
+		resource,
+		memoryMb,
+		timeoutSec,
+		imageUri,
+		imageConfig,
+		architecture,
+		layers: [],
+		...ephemeralStorageMb !== void 0 && { ephemeralStorageMb }
+	};
+}
+/**
 * Locate the Lambda's local code directory using the CDK-blessed
 * `Metadata['aws:asset:path']` hint. Bind-mounted directly at
 * `/var/task` (read-only) by the docker-runner.
@@ -48129,7 +48297,7 @@ function reorderArgs(argv) {
 */
 async function main() {
 	const program = new Command();
-	program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.127.0");
+	program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.128.0");
 	program.addCommand(createBootstrapCommand());
 	program.addCommand(createSynthCommand());
 	program.addCommand(createListCommand());