npm - @go-to-k/cdkd - Versions diffs - 0.137.1 → 0.137.2 - Mend

@go-to-k/cdkd 0.137.1 → 0.137.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/cli.js CHANGED Viewed

@@ -41740,6 +41740,16 @@ function attachWebSocketServer(opts) {
 		apisByPath.set(cfg.apiPath, cfg);
 		apiPaths.push(cfg.apiPath);
 	}
+	const dispatchChainsByConnection = /* @__PURE__ */ new Map();
+	const enqueueDispatch = (connectionId, work) => {
+		const next = (dispatchChainsByConnection.get(connectionId) ?? Promise.resolve()).then(work);
+		dispatchChainsByConnection.set(connectionId, next);
+		next.finally(() => {
+			if (dispatchChainsByConnection.get(connectionId) === next) dispatchChainsByConnection.delete(connectionId);
+		});
+		return next;
+	};
+	const inFlightDisconnects = /* @__PURE__ */ new Set();
 	const upgradeListener = (req, socket, head) => {
 		const pathOnly = (req.url ?? "/").split("?", 1)[0];
 		const cfg = apisByPath.get(pathOnly);
@@ -41819,7 +41829,7 @@ function attachWebSocketServer(opts) {
 		ws.on("message", (raw, isBinary) => {
 			const { body, isBase64Encoded } = bufferToBody(raw, isBinary);
 			logger.debug(`WebSocket message received for connection ${connectionId}: ${body.slice(0, 200)}`);
-			dispatchMessage(connectionId, cfg, body, isBase64Encoded, handshakeSnapshot).catch((err) => {
+			enqueueDispatch(connectionId, () => dispatchMessage(connectionId, cfg, body, isBase64Encoded, handshakeSnapshot).catch((err) => {
 				logger.error(`WebSocket message dispatch failed (connection ${connectionId}): ${err instanceof Error ? err.stack ?? err.message : String(err)}`);
 				try {
 					ws.send(JSON.stringify({
@@ -41828,11 +41838,16 @@ function attachWebSocketServer(opts) {
 						requestId: randomUUID()
 					}));
 				} catch {}
-			});
+			}));
 		});
 		ws.on("close", (code, reason) => {
-			onDisconnect(connectionId, cfg, handshakeSnapshot, code, reason.toString("utf-8")).catch((err) => {
+			const reasonText = reason.toString("utf-8");
+			const disconnectPromise = enqueueDispatch(connectionId, () => onDisconnect(connectionId, cfg, handshakeSnapshot, code, reasonText).catch((err) => {
 				logger.warn(`WebSocket $disconnect dispatch failed (connection ${connectionId}): ${err instanceof Error ? err.message : String(err)}`);
+			}));
+			inFlightDisconnects.add(disconnectPromise);
+			disconnectPromise.finally(() => {
+				inFlightDisconnects.delete(disconnectPromise);
 			});
 		});
 		ws.on("error", (err) => {
@@ -41840,9 +41855,9 @@ function attachWebSocketServer(opts) {
 		});
 		for (const frame of preVerdictFrames) {
 			const { body, isBase64Encoded } = bufferToBody(frame.raw, frame.isBinary);
-			dispatchMessage(connectionId, cfg, body, isBase64Encoded, handshakeSnapshot).catch((err) => {
+			enqueueDispatch(connectionId, () => dispatchMessage(connectionId, cfg, body, isBase64Encoded, handshakeSnapshot).catch((err) => {
 				logger.error(`WebSocket buffered-message dispatch failed (connection ${connectionId}): ${err instanceof Error ? err.stack ?? err.message : String(err)}`);
-			});
+			}));
 		}
 		preVerdictFrames.length = 0;
 	};
@@ -41888,6 +41903,7 @@ function attachWebSocketServer(opts) {
 		});
 		await invokeRoute(disconnectRoute.targetLambdaLogicalId, event, opts.pool, rieTimeoutMs);
 	};
+	const SHUTDOWN_DRAIN_MS = 5e3;
 	let closed = false;
 	return {
 		registry,
@@ -41910,6 +41926,11 @@ function attachWebSocketServer(opts) {
 				}, 5e3).unref();
 			}));
 			await Promise.all(closes);
+			if (inFlightDisconnects.size > 0) {
+				const drainStartCount = inFlightDisconnects.size;
+				const drainComplete = Promise.allSettled(Array.from(inFlightDisconnects));
+				if (await Promise.race([drainComplete.then(() => "complete"), new Promise((resolve) => setTimeout(() => resolve("timeout"), SHUTDOWN_DRAIN_MS).unref())]) === "timeout" && inFlightDisconnects.size > 0) logger.warn(`WebSocket graceful shutdown drained for ${SHUTDOWN_DRAIN_MS}ms; ${inFlightDisconnects.size}/${drainStartCount} $disconnect handlers still in flight — leaking past shutdown.`);
+			}
 			await new Promise((resolve) => {
 				wss.close(() => resolve());
 			});
@@ -42074,6 +42095,95 @@ function safeDecode$1(s) {
 	}
 }
+//#endregion
+//#region src/local/docker-version.ts
+/**
+* Lower bound for `--add-host=<name>:host-gateway` support. The
+* `host-gateway` magic alias was introduced in Docker 20.10 (October
+* 2020) and is the load-bearing primitive cdkd uses to let Lambda
+* containers reach the host's `cdkd local start-api` server on Linux
+* native dockerd. Without it, the AWS_ENDPOINT_URL_APIGATEWAYMANAGEMENTAPI
+* override fails with `ENOTFOUND host.docker.internal` at SDK-call time.
+*
+* Docker Desktop (macOS / Windows) ships `host.docker.internal` as
+* a built-in alias regardless of the engine version, but the probe
+* still fires there to keep the error path uniform — the `host-gateway`
+* flag itself is harmless on Docker Desktop.
+*
+* Issue #527 M2.
+*/
+const HOST_GATEWAY_MIN_VERSION = {
+	major: 20,
+	minor: 10,
+	patch: 0
+};
+/**
+* Parse a Docker server version string (`20.10.21` / `24.0.7-rd` /
+* `27.3.1+podman` etc.) into a comparable `{major, minor, patch}` tuple.
+* Returns `null` on any unparseable input — the caller treats that as
+* "version unknown, skip the comparison and let the user proceed with
+* a warn" rather than hard-failing on a Docker-compatible CLI binary
+* that doesn't follow Docker's version-string conventions
+* (e.g. podman / finch).
+*/
+function parseDockerVersion(raw) {
+	const trimmed = raw.trim();
+	const match = /^(\d+)\.(\d+)(?:\.(\d+))?/.exec(trimmed);
+	if (!match) return null;
+	return {
+		major: Number(match[1]),
+		minor: Number(match[2]),
+		patch: match[3] !== void 0 ? Number(match[3]) : 0
+	};
+}
+/**
+* Compare two `ParsedDockerVersion` tuples. Returns negative when `a <
+* b`, zero when equal, positive when `a > b`. Patch-level differences
+* are part of the ordering so a future bump (e.g. 20.10.0 -> 20.10.5
+* to fix a CVE-related regression) can be expressed if needed.
+*/
+function compareDockerVersions(a, b) {
+	if (a.major !== b.major) return a.major - b.major;
+	if (a.minor !== b.minor) return a.minor - b.minor;
+	return a.patch - b.patch;
+}
+/**
+* Probe the Docker server's version to gate the `--add-host=...:host-gateway`
+* mapping that WebSocket Lambda containers need to reach the host
+* server. Issued ONCE per `cdkd local start-api` invocation at WebSocket
+* attach time — HTTP-only / REST-only sessions skip the probe entirely.
+*
+* Throws when:
+*   1. The docker subprocess itself fails (binary missing, daemon down,
+*      permission error) — the caller's catch surfaces the original
+*      error so the user knows to install / start Docker.
+*   2. The probe succeeds but the parsed version is < the supported
+*      minimum — caller decides whether to error or warn (the WebSocket
+*      attach loop errors; HTTP-only sessions never call this).
+*
+* Implementation: `docker version --format '{{.Server.Version}}'`
+* returns the daemon's version (not the client's) so a brand-new
+* client against an old daemon is still caught.
+*/
+async function probeHostGatewaySupport() {
+	const rawVersion = (await runDockerStreaming([
+		"version",
+		"--format",
+		"{{.Server.Version}}"
+	], { streamLive: false })).stdout.trim();
+	const parsed = parseDockerVersion(rawVersion);
+	if (rawVersion === "") return {
+		rawVersion,
+		parsed: null,
+		supported: false
+	};
+	return {
+		rawVersion,
+		parsed,
+		supported: parsed === null || compareDockerVersions(parsed, HOST_GATEWAY_MIN_VERSION) >= 0
+	};
+}
 //#endregion
 //#region src/local/vtl-engine.ts
 /** Error thrown when a template references an unsupported VTL feature. */
@@ -48041,6 +48151,11 @@ async function localStartApiCommand(target, options) {
 	const wsServers = [];
 	const initialWsApis = initialMaterial.webSocketApis ?? [];
 	warnUnsupportedWebSocketApis(initialWsApis, logger);
+	if (initialWsApis.filter((api) => !api.unsupported).length > 0) {
+		const probe = await probeHostGatewaySupport();
+		if (!probe.supported) throw new Error(`cdkd local start-api requires Docker ${HOST_GATEWAY_MIN_VERSION.major}.${HOST_GATEWAY_MIN_VERSION.minor}+ for WebSocket API support (--add-host=host.docker.internal:host-gateway needs the 20.10 host-gateway alias). Detected server version: ${probe.rawVersion || "<empty — daemon unreachable or output stripped>"}. Upgrade Docker, or remove the WebSocket API from this app to fall back to HTTP-only start-api.`);
+		if (probe.parsed === null) logger.warn(`Docker server version "${probe.rawVersion}" did not match the canonical "<major>.<minor>" shape; assuming host-gateway support. If WebSocket containers fail to reach the local server, verify your Docker-compatible CLI honors --add-host=host.docker.internal:host-gateway.`);
+	}
 	for (const api of initialWsApis) {
 		if (api.unsupported) continue;
 		const wsLambdaIds = new Set(api.routes.map((r) => r.targetLambdaLogicalId));
@@ -54015,7 +54130,7 @@ function reorderArgs(argv) {
 */
 async function main() {
 	const program = new Command();
-	program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.137.1");
+	program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.137.2");
 	program.addCommand(createBootstrapCommand());
 	program.addCommand(createSynthCommand());
 	program.addCommand(createListCommand());