@go-to-k/cdkd 0.208.0 → 0.209.0

package/README.md

@@ -59,7 +59,7 @@ Reproduce the first two with `./tests/benchmark/run-benchmark.sh all`. See [test
 - **Rollback on failure**: When a deploy errors mid-stack, cdkd rolls back the resources it just created so the stack state stays consistent (CloudFormation parity — but cdkd does this without round-tripping through CFn). Pass `cdkd deploy --no-rollback` to skip rollback and keep the partial state for Terraform-style inspection / repair. See [Rollback behavior](#rollback-behavior).
 - **`--no-wait` for async resources**: Skip the multi-minute wait on CloudFront / RDS / ElastiCache / NAT Gateway and return as soon as the create call returns (CloudFormation always blocks)
 - **VPC route DependsOn relaxation (on by default)**: Drop CDK-injected defensive `DependsOn` edges from VPC Lambdas onto private-subnet routes so `CloudFront::Distribution` and `Lambda::Url` start their ~3-min propagation in parallel with NAT Gateway stabilization (~50% faster on VPC + Lambda + CloudFront stacks). Pass `--no-aggressive-vpc-parallel` to opt out.
-- **Local execution** (`cdkd local invoke` / `start-api` / `run-task` / `start-service` / `start-alb` / `start-cloudfront` / `invoke-agentcore`): run Lambdas, API Gateway routes, ECS tasks, long-running ECS services, CloudFront distributions, and Bedrock AgentCore Runtimes from your CDK code. All AWS Lambda runtimes, container Lambdas, REST v1 / HTTP v2 / Function URL routes, Service Connect / Cloud Map, AgentCore HTTP / MCP / A2A / AGUI / WebSocket protocols. The Docker-backed commands work for both `cdkd deploy`-managed (`--from-state`) AND `cdk deploy`-managed (`--from-cfn-stack`) stacks; `start-cloudfront` serves the viewer-request -> S3 origin -> viewer-response pipeline in-process (no Docker, no state binding). See [Local execution](#local-execution).
+- **Local execution** (`cdkd local invoke` / `start-api` / `run-task` / `start-service` / `start-alb` / `start-cloudfront` / `invoke-agentcore` / `start-agentcore`): run Lambdas, API Gateway routes, ECS tasks, long-running ECS services, CloudFront distributions, and Bedrock AgentCore Runtimes from your CDK code. All AWS Lambda runtimes, container Lambdas, REST v1 / HTTP v2 / Function URL routes, Service Connect / Cloud Map, AgentCore HTTP / MCP / A2A / AGUI / WebSocket protocols (one-shot `invoke-agentcore` and long-running `/ws` serve via `start-agentcore`). The Docker-backed commands work for both `cdkd deploy`-managed (`--from-state`) AND `cdk deploy`-managed (`--from-cfn-stack`) stacks; `start-cloudfront` serves the viewer-request -> S3 / Lambda Function URL origin -> viewer-response pipeline (CloudFront-Functions + S3-only distributions run in-process with no Docker). See [Local execution](#local-execution).
 - **Bidirectional CloudFormation migration**: `cdkd import --migrate-from-cloudformation` adopts existing CFn stacks (including `cdk deploy`-managed) into cdkd state without re-creating resources; `cdkd export` hands a cdkd stack back to CloudFormation when production-ready. See [Importing](#importing-existing-resources) / [Exporting](#exporting-a-stack-back-to-cloudformation).
 
 > **Note**: Resource types not covered by either SDK Providers or Cloud Control API cannot be deployed with cdkd. Deployment fails with a clear error message naming the type + a 1-click issue link.
@@ -242,16 +242,19 @@ maintain, no `cdk synth | sam ...` round-trip.
 | `cdkd local run-task <target>` | ECS RunTask — every container in a task definition started on a per-task docker network |
 | `cdkd local start-service <target>` | Long-running ECS Service emulator — `DesiredCount` replicas with restart-on-exit (no local load balancer in v1) |
 | `cdkd local invoke-agentcore <target>` | One-shot Bedrock AgentCore Runtime invoke (HTTP `/invocations` / MCP `/mcp` / A2A `/a2a` / AGUI / WebSocket `--ws`) |
+| `cdkd local start-agentcore [target]` | Long-running serve of a Bedrock AgentCore Runtime's bidirectional `/ws` WebSocket (HTTP / AGUI), fronted by a host bridge that injects the session-id / Authorization a header-less browser client cannot set |
 | `cdkd local start-alb <targets...>` | Long-running local ALB front-door (HTTP + HTTPS listeners, path / host / header / weighted / redirect / fixed-response routing, authenticate-cognito / authenticate-oidc) for ECS / Lambda backing services |
-| `cdkd local start-cloudfront [target]` | Long-running local CloudFront distribution — viewer-request -> S3 origin -> viewer-response pipeline, CloudFront Functions run in-process (no Docker) |
+| `cdkd local start-cloudfront [target]` | Long-running local CloudFront distribution — viewer-request -> S3 / Lambda Function URL origin -> viewer-response pipeline, CloudFront Functions run in-process (Function URL origins use Docker/RIE) |
 
 The Docker-backed commands above require Docker. Pass `--from-state`
 (cdkd-deployed) or `--from-cfn-stack` (cdk-deployed / CFn-managed) to
 substitute deployed physical IDs into intrinsic-valued env vars /
 secrets / image URIs; without either, intrinsic values are dropped with
 a per-key warning (matches `sam local *`). The two flags are mutually
-exclusive. `start-cloudfront` is the exception: it serves entirely
-in-process (no Docker) and makes no AWS call, so it takes neither flag.
+exclusive. `start-cloudfront` is the partial exception: a
+CloudFront-Functions + S3-origin distribution serves entirely in-process
+(no Docker), and it carries cdk-local's `--from-cfn-stack` but not cdkd's
+`--from-state` (its factory lacks the state-provider seam — issue #766).
 
 ### `local invoke`
 

package/dist/cli.js

@@ -61,7 +61,7 @@ import { CreateVectorBucketCommand, DeleteIndexCommand, DeleteVectorBucketComman
 import { CreateNamespaceCommand, CreateTableBucketCommand, CreateTableCommand as CreateTableCommand$2, DeleteNamespaceCommand as DeleteNamespaceCommand$1, DeleteTableBucketCommand, DeleteTableCommand as DeleteTableCommand$2, GetTableBucketCommand, GetTableCommand as GetTableCommand$1, ListNamespacesCommand as ListNamespacesCommand$1, ListTableBucketsCommand, ListTablesCommand as ListTablesCommand$1, ListTagsForResourceCommand as ListTagsForResourceCommand$19, NotFoundException as NotFoundException$5, S3TablesClient, TagResourceCommand as TagResourceCommand$16, UntagResourceCommand as UntagResourceCommand$15 } from "@aws-sdk/client-s3tables";
 import { AttachLoadBalancerTargetGroupsCommand, AttachLoadBalancersCommand, AttachTrafficSourcesCommand, AutoScalingClient, CreateAutoScalingGroupCommand, CreateOrUpdateTagsCommand, DeleteAutoScalingGroupCommand, DeleteLifecycleHookCommand, DeleteNotificationConfigurationCommand, DeleteTagsCommand as DeleteTagsCommand$1, DescribeAutoScalingGroupsCommand, DescribeLifecycleHooksCommand, DescribeNotificationConfigurationsCommand, DescribeTrafficSourcesCommand, DetachLoadBalancerTargetGroupsCommand, DetachLoadBalancersCommand, DetachTrafficSourcesCommand, DisableMetricsCollectionCommand, EnableMetricsCollectionCommand, PutLifecycleHookCommand, PutNotificationConfigurationCommand, UpdateAutoScalingGroupCommand } from "@aws-sdk/client-auto-scaling";
 import { Document, Pair, Scalar, YAMLMap, YAMLSeq, parse as parse$1, stringify } from "yaml";
-import { createLocalStartCloudFrontCommand, createLocalStateProvider, getEmbedConfig, isCfnFlagPresent, listTargets, rejectExplicitCfnStackWithMultipleStacks, resolveCfnFallbackRegion, setEmbedConfig, substituteAgainstState, substituteAgainstStateAsync, substituteEnvVarsFromState, substituteEnvVarsFromStateAsync } from "cdk-local";
+import { createLocalStartAgentCoreCommand, createLocalStartCloudFrontCommand, createLocalStateProvider, getEmbedConfig, isCfnFlagPresent, listTargets, rejectExplicitCfnStackWithMultipleStacks, resolveCfnFallbackRegion, setEmbedConfig, substituteAgainstState, substituteAgainstStateAsync, substituteEnvVarsFromState, substituteEnvVarsFromStateAsync } from "cdk-local";
 import { A2A_CONTAINER_PORT, A2A_PATH, AGENTCORE_A2A_PROTOCOL, AGENTCORE_AGUI_PROTOCOL, AGENTCORE_MCP_PROTOCOL, ConnectionRegistry, EcsTaskResolutionError, HOST_GATEWAY_MIN_VERSION, LocalInvokeBuildError, MCP_CONTAINER_PORT, MCP_PATH, a2aInvokeOnce, addAlbSpecificOptions, addCommonEcsServiceOptions, addStartServiceSpecificOptions, albStrategy, architectureToPlatform, attachAuthorizers, attachStageContext, availableApiIdentifiers, bufferToBody, buildAgentCoreCodeImage, buildCognitoJwksUrl, buildConnectEvent, buildContainerImage, buildCorsConfigByApiId, buildCorsConfigFromCloudFrontChain, buildDisconnectEvent, buildJwksUrlFromIssuer, buildMessageEvent, buildMgmtEndpointEnvUrl, buildStageMap, classifySourceChange, createAuthorizerCache, createFileWatcher, createFileWatcher as createFileWatcher$1, createJwksCache, createWatchPredicates, defaultCredentialsLoader, derivePseudoParametersFromRegion, discoverRoutes, discoverWebSocketApis, downloadAndExtractS3Bundle, filterRoutesByApiIdentifier, groupRoutesByServer, handleConnectionsRequest, invokeAgentCore, invokeAgentCoreWs, materializeLayerFromArn, mcpInvokeOnce, parseConnectionsPath, parseSelectionExpressionPath, pickAgentCoreCandidateStack, pickAgentCoreCandidateStack as pickAgentCoreCandidateStack$1, probeHostGatewaySupport, readMtlsMaterialsFromDisk, resolveAgentCoreTarget, resolveEnvVars, resolveRuntimeCodeMountPath, resolveRuntimeFileExtension, resolveRuntimeImage, resolveSingleTarget, resolveWatchConfig, runEcsServiceEmulator, signAgentCoreInvocation, startApiServer, substituteImagePlaceholders, tryResolveImageFnJoin, verifyJwtViaDiscovery, waitForAgentCorePing } from "cdk-local/internal";
 import { createServer } from "node:net";
 import { promisify } from "node:util";
@@ -50787,6 +50787,54 @@ function createLocalInvokeAgentCoreCommand() {
 	return cmd;
 }
 
+//#endregion
+//#region src/cli/commands/local-start-agentcore.ts
+/**
+* `cdkd local start-agentcore <target>` — long-running serve for a Bedrock
+* AgentCore Runtime's bidirectional `/ws` WebSocket endpoint. Boots the
+* `AWS::BedrockAgentCore::Runtime` container (same image / env / credential
+* resolution as `invoke-agentcore`) and fronts its `/ws` endpoint with a host
+* WebSocket bridge that injects the AgentCore session-id (and `Authorization`
+* under a `customJwtAuthorizer`) on the container upgrade, so a header-less
+* client (e.g. a browser) can hold an interactive multi-frame session. HTTP /
+* AGUI protocols only. The serve counterpart of the single-shot
+* `cdkd local invoke-agentcore`. Inherited from cdk-local
+* (go-to-k/cdk-local#420).
+*
+* Like `start-cloudfront`, this is a THIN pass-through to cdk-local's factory —
+* the serve behavior and the `start-agentcore`-only option block (`--port` /
+* `--host` / `--session-id` / `--bearer-token` / `--no-verify-auth` /
+* `--env-vars` / `--platform` / `--no-pull` / `--no-build` / `--container-host`
+* / `--timeout` / `--assume-role` / `--ecr-role-arn` / `--from-cfn-stack` /
+* `--stack-region`) live in cdk-local's `addStartAgentCoreSpecificOptions` and
+* are auto-inherited.
+*
+* UNLIKE `start-cloudfront`, this command DOES bind deployed state: cdk-local's
+* factory accepts an `extraStateProviders` option (the same seam the
+* heavy-wrapper `cdkd local *` commands use), so cdkd threads its S3-backed
+* `--from-state` factory in via `cdkdExtraStateProviders` and layers the
+* cdkd-specific `--from-state` / `--state-bucket` / `--state-prefix` flags on
+* top of cdk-local's inherited `--from-cfn-stack` / `--stack-region` (issue
+* #766). The factory's internal `createLocalStateProvider` call picks cdkd's
+* `fromState` factory transparently when `--from-state` is passed.
+*
+* The active cdkd embed config is re-handed to the factory so branding stays
+* cdkd: cdk-local's factory calls `setEmbedConfig(opts.embedConfig)`, and
+* passing the current config (set once by `createLocalCommand` before the
+* subcommands are built) keeps it as a no-op re-set rather than a reset back to
+* cdk-local's `cdkl` defaults.
+*/
+function createLocalStartAgentCoreCommand$1() {
+	const cmd = createLocalStartAgentCoreCommand({
+		embedConfig: getEmbedConfig(),
+		extraStateProviders: cdkdExtraStateProviders
+	});
+	cmd.addOption(new Option("--from-state", "Read cdkd's S3 state for the target stack and substitute Ref / Fn::GetAtt / Fn::Sub / Fn::ImportValue / Fn::GetStackOutput intrinsics in the AgentCore runtime container image and environment variables. Mutually exclusive with --from-cfn-stack.").default(false));
+	cmd.addOption(new Option("--state-bucket <bucket>", "S3 bucket for --from-state. Falls back to CDKD_STATE_BUCKET env or cdk.json context.cdkd.stateBucket."));
+	cmd.addOption(new Option("--state-prefix <prefix>", "S3 key prefix for --from-state state files.").default("cdkd"));
+	return cmd;
+}
+
 //#endregion
 //#region src/cli/commands/local-start-alb.ts
 /**
@@ -50809,21 +50857,30 @@ function createLocalStartAlbCommand() {
 /**
 * `cdkd local start-cloudfront <distribution>` — serve a CloudFront distribution
 * locally: its S3 origin content (resolved from the BucketDeployment source in
-* the cloud assembly) plus its viewer-request / viewer-response CloudFront
+* the cloud assembly) AND its Lambda Function URL origins (the backing Lambda is
+* run locally via RIE), plus its viewer-request / viewer-response CloudFront
 * Functions, reproducing the distribution routing so a rewrite / routing change
-* is verifiable in seconds. Inherited from cdk-local (go-to-k/cdk-local#363).
-*
-* Unlike the `start-api` / `start-alb` / `start-service` wrappers, this command
-* is a THIN pass-through to cdk-local's factory and adds NO cdkd-specific
-* options. `start-cloudfront` is pure-local: it runs no container and makes no
-* AWS call (it serves the distribution's local BucketDeployment source + runs
-* CloudFront Functions in-process), so it declares NEITHER `--from-cfn-stack`
-* NOR `--assume-role`, and there is no deployed state to bind — hence no
-* `--from-state` / `--state-bucket` / `--state-prefix` options and no
-* `cdkdExtraStateProviders` threading. The flags it exposes are `--port` /
-* `--host` / `--origin <originId>=<dir>` / `--tls` / `--tls-cert` /
-* `--tls-key` / `--watch` plus the shared common / app / context / region /
-* profile options, all owned by cdk-local.
+* is verifiable in seconds. Inherited from cdk-local (go-to-k/cdk-local#363,
+* Lambda Function URL + deployed-S3 origins added in #380).
+*
+* Like the `start-agentcore` wrapper, this command is a THIN pass-through to
+* cdk-local's factory. The serve behavior and the option block (`--port` /
+* `--host` / `--origin <originId>=<dir>` / `--kvs-file` / `--cache-origin` /
+* `--no-pull` / `--tls` / `--tls-cert` / `--tls-key` / `--watch`, plus
+* cdk-local's own `--from-cfn-stack` / `--stack-region` / `--assume-role` for
+* binding a Function URL origin's backing Lambda + a deployed-S3 origin's bucket
+* name to deployed state) live in cdk-local and are auto-inherited.
+*
+* UNLIKE `start-agentcore` / `start-alb` / `start-service`, this command does
+* NOT thread cdkd's S3-backed `--from-state` source: cdk-local's
+* `CreateLocalStartCloudFrontCommandOptions` accepts only `embedConfig`, not the
+* `extraStateProviders` seam (the factory's internal `createLocalStateProvider`
+* calls pass no fourth argument). So `--from-state` / `--state-bucket` /
+* `--state-prefix` and `cdkdExtraStateProviders` threading are intentionally
+* absent here — start-cloudfront stays exempt from issue #766 until cdk-local
+* adds `extraStateProviders` to its start-cloudfront factory. Until then the
+* `--from-cfn-stack` flag (CloudFormation-backed deployed state) is the only
+* state source on this command.
 *
 * The active cdkd embed config is re-handed to the factory so branding stays
 * cdkd: cdk-local's factory calls `setEmbedConfig(opts.embedConfig)`, and
@@ -51638,6 +51695,7 @@ function createLocalCommand() {
 	local.addCommand(createLocalRunTaskCommand());
 	local.addCommand(createLocalStartServiceCommand());
 	local.addCommand(createLocalInvokeAgentCoreCommand());
+	local.addCommand(createLocalStartAgentCoreCommand$1());
 	local.addCommand(createLocalStartAlbCommand());
 	local.addCommand(createLocalStartCloudFrontCommand$1());
 	return local;
@@ -52778,7 +52836,7 @@ function reorderArgs(argv) {
 async function main() {
 	installPipeCloseHandler();
 	const program = new Command();
-	program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.208.0");
+	program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.209.0");
 	program.addCommand(createBootstrapCommand());
 	program.addCommand(createSynthCommand());
 	program.addCommand(createListCommand());