@go-to-k/cdkd 0.202.0 → 0.204.0

package/README.md

@@ -296,18 +296,25 @@ with the AWS-published ECS metadata sidecar.
 ```bash
 cdkd local start-service MyStack/Orders MyStack/Web  # multiple services in one invocation
 cdkd local start-service MyStack/Orders --from-state # OR --from-cfn-stack
+cdkd local start-service MyStack/Web --watch         # hot reload (sub-second on interpreted handlers)
 ```
 
 Long-running ECS Service emulator: `DesiredCount` replicas with
 restart-on-exit, cross-service Service Connect / Cloud Map DNS
 discovery (peer containers reach each other by `<discoveryName>.<namespace>`).
-No local load-balancer in v1.
+No local load-balancer in v1. `--watch` re-synths on every CDK source edit
+and reloads one replica at a time — source-only edits on
+interpreted-language handlers (Node / Python / Ruby / shell) take a
+bind-mount fast path (`docker cp` + `docker restart`; no rebuild);
+Dockerfile / dependency manifest / compiled-language source edits fall
+through to a full rebuild + shadow boot + atomic swap.
 
 ### `local start-alb`
 
 ```bash
 cdkd local start-alb MyStack/MyAlb --lb-port 80=8080 # remap privileged listener port
 cdkd local start-alb MyStack/MyAlb --from-state      # OR --from-cfn-stack
+cdkd local start-alb MyStack/MyAlb --watch           # hot reload (sub-second on interpreted handlers)
 ```
 
 Long-running local ALB front-door: names an `AWS::ElasticLoadBalancingV2::LoadBalancer`,
@@ -316,7 +323,10 @@ HTTP / HTTPS front-door on each listener port that round-robins across
 the running replicas and routes its listener rules across the backing
 services. Forward / redirect / fixed-response actions; ECS or Lambda
 targets; authenticate-cognito / authenticate-oidc via a local Bearer-JWT
-check.
+check. `--watch` reloads one backing-replica at a time across edits —
+interpreted-handler source edits go through the bind-mount fast path
+(no rebuild); Dockerfile / dependency / compiled-source edits fall
+through to a rebuild + atomic front-door pool swap.
 
 See **[docs/local-emulation.md](docs/local-emulation.md)** for the
 full reference — runtimes, target resolution, every flag, integration

package/dist/cli.js

@@ -62,7 +62,7 @@ import { CreateNamespaceCommand, CreateTableBucketCommand, CreateTableCommand as
 import { AttachLoadBalancerTargetGroupsCommand, AttachLoadBalancersCommand, AttachTrafficSourcesCommand, AutoScalingClient, CreateAutoScalingGroupCommand, CreateOrUpdateTagsCommand, DeleteAutoScalingGroupCommand, DeleteLifecycleHookCommand, DeleteNotificationConfigurationCommand, DeleteTagsCommand as DeleteTagsCommand$1, DescribeAutoScalingGroupsCommand, DescribeLifecycleHooksCommand, DescribeNotificationConfigurationsCommand, DescribeTrafficSourcesCommand, DetachLoadBalancerTargetGroupsCommand, DetachLoadBalancersCommand, DetachTrafficSourcesCommand, DisableMetricsCollectionCommand, EnableMetricsCollectionCommand, PutLifecycleHookCommand, PutNotificationConfigurationCommand, UpdateAutoScalingGroupCommand } from "@aws-sdk/client-auto-scaling";
 import { Document, Pair, Scalar, YAMLMap, YAMLSeq, parse as parse$1, stringify } from "yaml";
 import { createLocalStateProvider, getEmbedConfig, isCfnFlagPresent, listTargets, rejectExplicitCfnStackWithMultipleStacks, resolveCfnFallbackRegion, setEmbedConfig, substituteAgainstState, substituteAgainstStateAsync, substituteEnvVarsFromState, substituteEnvVarsFromStateAsync } from "cdk-local";
-import { A2A_CONTAINER_PORT, A2A_PATH, AGENTCORE_A2A_PROTOCOL, AGENTCORE_AGUI_PROTOCOL, AGENTCORE_MCP_PROTOCOL, ConnectionRegistry, EcsTaskResolutionError, HOST_GATEWAY_MIN_VERSION, LocalInvokeBuildError, MCP_CONTAINER_PORT, MCP_PATH, a2aInvokeOnce, addAlbSpecificOptions, addCommonEcsServiceOptions, albStrategy, architectureToPlatform, attachAuthorizers, attachStageContext, availableApiIdentifiers, bufferToBody, buildAgentCoreCodeImage, buildCognitoJwksUrl, buildConnectEvent, buildContainerImage, buildCorsConfigByApiId, buildCorsConfigFromCloudFrontChain, buildDisconnectEvent, buildJwksUrlFromIssuer, buildMessageEvent, buildMgmtEndpointEnvUrl, buildStageMap, createAuthorizerCache, createFileWatcher, createJwksCache, createWatchPredicates, defaultCredentialsLoader, derivePseudoParametersFromRegion, discoverRoutes, discoverWebSocketApis, downloadAndExtractS3Bundle, filterRoutesByApiIdentifier, groupRoutesByServer, handleConnectionsRequest, invokeAgentCore, invokeAgentCoreWs, materializeLayerFromArn, mcpInvokeOnce, parseConnectionsPath, parseSelectionExpressionPath, pickAgentCoreCandidateStack, probeHostGatewaySupport, readMtlsMaterialsFromDisk, resolveAgentCoreTarget, resolveEnvVars, resolveRuntimeCodeMountPath, resolveRuntimeFileExtension, resolveRuntimeImage, resolveSingleTarget, resolveWatchConfig, runEcsServiceEmulator, signAgentCoreInvocation, startApiServer, substituteImagePlaceholders, tryResolveImageFnJoin, verifyJwtViaDiscovery, waitForAgentCorePing } from "cdk-local/internal";
+import { A2A_CONTAINER_PORT, A2A_PATH, AGENTCORE_A2A_PROTOCOL, AGENTCORE_AGUI_PROTOCOL, AGENTCORE_MCP_PROTOCOL, ConnectionRegistry, EcsTaskResolutionError, HOST_GATEWAY_MIN_VERSION, LocalInvokeBuildError, MCP_CONTAINER_PORT, MCP_PATH, a2aInvokeOnce, addAlbSpecificOptions, addCommonEcsServiceOptions, addStartServiceSpecificOptions, albStrategy, architectureToPlatform, attachAuthorizers, attachStageContext, availableApiIdentifiers, bufferToBody, buildAgentCoreCodeImage, buildCognitoJwksUrl, buildConnectEvent, buildContainerImage, buildCorsConfigByApiId, buildCorsConfigFromCloudFrontChain, buildDisconnectEvent, buildJwksUrlFromIssuer, buildMessageEvent, buildMgmtEndpointEnvUrl, buildStageMap, createAuthorizerCache, createFileWatcher, createJwksCache, createWatchPredicates, defaultCredentialsLoader, derivePseudoParametersFromRegion, discoverRoutes, discoverWebSocketApis, downloadAndExtractS3Bundle, filterRoutesByApiIdentifier, groupRoutesByServer, handleConnectionsRequest, invokeAgentCore, invokeAgentCoreWs, materializeLayerFromArn, mcpInvokeOnce, parseConnectionsPath, parseSelectionExpressionPath, pickAgentCoreCandidateStack, probeHostGatewaySupport, readMtlsMaterialsFromDisk, resolveAgentCoreTarget, resolveEnvVars, resolveRuntimeCodeMountPath, resolveRuntimeFileExtension, resolveRuntimeImage, resolveSingleTarget, resolveWatchConfig, runEcsServiceEmulator, signAgentCoreInvocation, startApiServer, substituteImagePlaceholders, tryResolveImageFnJoin, verifyJwtViaDiscovery, waitForAgentCorePing } from "cdk-local/internal";
 import { createServer } from "node:net";
 import { promisify } from "node:util";
 import { setTimeout as setTimeout$1 } from "node:timers/promises";
@@ -46647,7 +46647,7 @@ async function localStartApiCommand(target, options) {
 	let profileCredsFile;
 	const authorizerCache = createAuthorizerCache();
 	const jwksCache = createJwksCache();
-	const jwksWarnedUrls = /* @__PURE__ */ new Set();
+	const jwksWarnedAt = /* @__PURE__ */ new Map();
 	let sigV4CredentialsLoader;
 	const sigV4WarnedForeignIds = /* @__PURE__ */ new Set();
 	const fromCfnTipEmitted = { value: false };
@@ -46811,7 +46811,7 @@ async function localStartApiCommand(target, options) {
 			port: basePort === 0 ? 0 : nextPort,
 			authorizerCache,
 			jwksCache,
-			jwksWarnedUrls,
+			jwksWarnedAt,
 			sigV4CredentialsLoader,
 			sigV4WarnedForeignIds,
 			sigV4Strict: options.strictSigv4 === true,
@@ -46858,7 +46858,7 @@ async function localStartApiCommand(target, options) {
 			port: basePort === 0 ? 0 : nextPort,
 			authorizerCache,
 			jwksCache,
-			jwksWarnedUrls,
+			jwksWarnedAt,
 			sigV4WarnedForeignIds,
 			sigV4Strict: options.strictSigv4 === true,
 			preDispatch: async (req, res) => {
@@ -49153,9 +49153,13 @@ function createLocalRunTaskCommand() {
 * `cdkl start-service` strategy — name one or more ECS services and the engine
 * boots their replicas. There is no front-door listener (services are reached
 * directly via their published container ports). Mirrors `albStrategy` in
-* shape, with `frontDoor` omitted and `lbPortOverrides` empty.
+* shape, with `frontDoor` omitted and `lbPortOverrides` empty. No-arg to match
+* cdk-local's bundled `serviceStrategy()` signature exactly — start-service
+* has no per-invocation options that branch the strategy shape (unlike
+* `albStrategy(options)`, which threads `--lb-port` parses into
+* `lbPortOverrides`).
 */
-function serviceStrategy(_options) {
+function serviceStrategy() {
 	return {
 		pickEntries: (stacks) => listTargets(stacks).ecsServices,
 		pickerMessage: "Select one or more ECS services to run",
@@ -49165,7 +49169,8 @@ function serviceStrategy(_options) {
 			boots: chosenTargets.map((target) => ({ target })),
 			warnings: []
 		}),
-		lbPortOverrides: {}
+		lbPortOverrides: {},
+		supportsWatch: true
 	};
 }
 /**
@@ -49180,9 +49185,11 @@ function serviceStrategy(_options) {
 * --add-host overlay (Issue #460).
 */
 function createLocalStartServiceCommand() {
-	return addCommonEcsServiceOptions(new Command("start-service").description("Run one or more AWS::ECS::Service resources locally as a long-running emulator. Spins up DesiredCount task replicas per service (clamped by --max-tasks) using the same per-task docker network + metadata sidecar pattern as `cdkd local run-task`, then keeps each replica running and restarts it on exit per --restart-policy. ^C tears every replica + sidecar + network down. Each <target> accepts a CDK display path (MyStack/MyService) or stack-qualified logical ID (MyStack:MyServiceXYZ); single-stack apps may omit the stack prefix. When two or more <target>s are supplied, every service is booted into a shared Cloud Map / Service Connect registry so peer services discover each other via docker --add-host overlay (Issue #460). Omit <targets> in an interactive terminal to multi-select the ECS services from a list.").argument("[targets...]", "One or more CDK display paths or stack-qualified logical IDs of the AWS::ECS::Service resources to run (omit to multi-select interactively in a TTY)").addOption(new Option("--from-state", "Read cdkd's S3 state for the target stack and substitute Ref / Fn::GetAtt / Fn::Sub / Fn::ImportValue / Fn::GetStackOutput intrinsics in container images, environment variables, secrets, role ARNs, and volumes. Mutually exclusive with --from-cfn-stack.").default(false)).addOption(new Option("--state-bucket <bucket>", "S3 bucket for --from-state. Falls back to CDKD_STATE_BUCKET env or cdk.json context.cdkd.stateBucket.")).addOption(new Option("--state-prefix <prefix>", "S3 key prefix for --from-state state files.").default("cdkd")).action(withErrorHandling(async (targets, options) => {
-		await runEcsServiceEmulator(targets, options, serviceStrategy(options), cdkdExtraStateProviders);
-	})));
+	const cmd = new Command("start-service").description("Run one or more AWS::ECS::Service resources locally as a long-running emulator. Spins up DesiredCount task replicas per service (clamped by --max-tasks) using the same per-task docker network + metadata sidecar pattern as `cdkd local run-task`, then keeps each replica running and restarts it on exit per --restart-policy. ^C tears every replica + sidecar + network down. Each <target> accepts a CDK display path (MyStack/MyService) or stack-qualified logical ID (MyStack:MyServiceXYZ); single-stack apps may omit the stack prefix. When two or more <target>s are supplied, every service is booted into a shared Cloud Map / Service Connect registry so peer services discover each other via docker --add-host overlay (Issue #460). Omit <targets> in an interactive terminal to multi-select the ECS services from a list.").argument("[targets...]", "One or more CDK display paths or stack-qualified logical IDs of the AWS::ECS::Service resources to run (omit to multi-select interactively in a TTY)").addOption(new Option("--from-state", "Read cdkd's S3 state for the target stack and substitute Ref / Fn::GetAtt / Fn::Sub / Fn::ImportValue / Fn::GetStackOutput intrinsics in container images, environment variables, secrets, role ARNs, and volumes. Mutually exclusive with --from-cfn-stack.").default(false)).addOption(new Option("--state-bucket <bucket>", "S3 bucket for --from-state. Falls back to CDKD_STATE_BUCKET env or cdk.json context.cdkd.stateBucket.")).addOption(new Option("--state-prefix <prefix>", "S3 key prefix for --from-state state files.").default("cdkd")).action(withErrorHandling(async (targets, options) => {
+		await runEcsServiceEmulator(targets, options, serviceStrategy(), cdkdExtraStateProviders);
+	}));
+	addStartServiceSpecificOptions(cmd);
+	return addCommonEcsServiceOptions(cmd);
 }
 
 //#endregion
@@ -49389,7 +49396,7 @@ async function resolveInboundAuthorization(resolved, options) {
 		...authorizer.allowedClients && { allowedClients: authorizer.allowedClients },
 		...authorizer.allowedScopes && { allowedScopes: authorizer.allowedScopes },
 		...authorizer.customClaims && { customClaims: authorizer.customClaims }
-	}, header, createJwksCache(), { warned: /* @__PURE__ */ new Set() })).allow) throw new CdkdError(`Inbound JWT rejected by the runtime's customJwtAuthorizer (signature / issuer / expiry / audience check failed against ${authorizer.discoveryUrl}).`, "LOCAL_INVOKE_AGENTCORE_AUTH_DENIED");
+	}, header, createJwksCache(), { warnedAt: /* @__PURE__ */ new Map() })).allow) throw new CdkdError(`Inbound JWT rejected by the runtime's customJwtAuthorizer (signature / issuer / expiry / audience check failed against ${authorizer.discoveryUrl}).`, "LOCAL_INVOKE_AGENTCORE_AUTH_DENIED");
 	logger.info(`Inbound JWT verified against ${authorizer.discoveryUrl}.`);
 	return header;
 }
@@ -51924,7 +51931,7 @@ function reorderArgs(argv) {
 */
 async function main() {
 	const program = new Command();
-	program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.202.0");
+	program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.204.0");
 	program.addCommand(createBootstrapCommand());
 	program.addCommand(createSynthCommand());
 	program.addCommand(createListCommand());