npm - @go-to-k/cdkd - Versions diffs - 0.219.3 → 0.219.4 - Mend

@go-to-k/cdkd 0.219.3 → 0.219.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/cli.js CHANGED Viewed

@@ -36484,9 +36484,87 @@ function createDiffCommand() {
 	return cmd;
 }
+//#endregion
+//#region src/analyzer/drift-normalize.ts
+/**
+* Order-normalization helpers for the drift comparator.
+*
+* `cdkd drift` compares `resource.observedProperties ?? properties` (a
+* deploy-time AWS snapshot) against a later AWS read, and the comparator in
+* `drift-calculator.ts` compares arrays POSITIONALLY (no order normalization).
+* AWS does not guarantee element ordering across reads, so when AWS returns a
+* CFn tag list ({Key,Value}[]) or an AWS resource-id/ARN array (SubnetIds,
+* SecurityGroupIds, ...) in a different order between the deploy-time snapshot
+* and a later drift read, the reorder surfaces as PHANTOM drift even though
+* nothing actually changed.
+*
+* Both kinds are semantically UNORDERED sets, so we canonicalize (sort) them
+* on BOTH sides before the diff. These two passes were surfaced by dogfooding
+* the sibling cdk-real-drift (cdkrd) tool, which hit the same false-positive
+* classes against the same kind of AWS-snapshot baseline.
+*/
+function canonicalizeTagListsDeep(v) {
+	if (Array.isArray(v)) {
+		const mapped = v.map(canonicalizeTagListsDeep);
+		if (mapped.length > 0 && mapped.every((t) => t && typeof t === "object" && typeof t.Key === "string")) return [...mapped].sort((a, b) => {
+			const ka = a.Key;
+			const kb = b.Key;
+			if (ka !== kb) return ka < kb ? -1 : 1;
+			return JSON.stringify(a) < JSON.stringify(b) ? -1 : 1;
+		});
+		return mapped;
+	}
+	if (v && typeof v === "object") {
+		const out = {};
+		for (const [k, val] of Object.entries(v)) out[k] = canonicalizeTagListsDeep(val);
+		return out;
+	}
+	return v;
+}
+const ID_RE = /^[a-z][a-z0-9]*-[0-9a-f]{6,}$/;
+const isIdLike = (s) => typeof s === "string" && (s.startsWith("arn:") || ID_RE.test(s));
+function canonicalizeIdArraysDeep(v) {
+	if (Array.isArray(v)) {
+		const mapped = v.map(canonicalizeIdArraysDeep);
+		if (mapped.length > 1 && mapped.every(isIdLike)) return [...mapped].sort((a, b) => a < b ? -1 : a > b ? 1 : 0);
+		return mapped;
+	}
+	if (v && typeof v === "object") {
+		const out = {};
+		for (const [k, val] of Object.entries(v)) out[k] = canonicalizeIdArraysDeep(val);
+		return out;
+	}
+	return v;
+}
 //#endregion
 //#region src/analyzer/drift-calculator.ts
 /**
+* Drift detection between cdkd state-recorded properties and AWS-current
+* properties.
+*
+* cdkd does not go through CloudFormation, so CFn-style drift detection
+* doesn't apply. Instead, the drift command asks each provider for its
+* `readCurrentState` snapshot and this module compares it against the
+* `properties` field saved in state.
+*
+* Comparison rules:
+*
+*   - Only keys present in **state** are compared. AWS reports many
+*     managed-by-AWS fields (timestamps, generated identifiers, account-
+*     wide defaults, etc.) that cdkd never set; treating those as drift
+*     would fire false positives on every resource. Mirrors the diff
+*     calculator's "keys-only-in-old-side ignored" rule, but applied in
+*     the opposite direction (state is now the authoritative side).
+*   - Nested objects are compared structurally — a property change deep
+*     inside (`VersioningConfiguration.Status`) surfaces with the dotted
+*     path so the CLI output points at exactly the leaf that drifted.
+*   - Arrays compare by element-wise structural equality. Re-ordered or
+*     resized arrays surface as a single drift entry on the parent path
+*     (we do not synthesize per-index drift entries — that's not useful
+*     output).
+*/
+/**
 * Compare cdkd state-recorded properties against AWS-current properties
 * and produce a flat list of property-level drifts.
 *
@@ -36522,6 +36600,8 @@ function calculateResourceDrift(stateProperties, awsProperties, options) {
 	const drifts = [];
 	const ignore = options?.ignorePaths ?? [];
 	const union = options?.unionWalkObjects ?? false;
+	stateProperties = canonicalizeIdArraysDeep(canonicalizeTagListsDeep(stateProperties));
+	awsProperties = canonicalizeIdArraysDeep(canonicalizeTagListsDeep(awsProperties));
 	for (const key of Object.keys(stateProperties)) {
 		if (isIgnoredPath(key, ignore)) continue;
 		diffAt(key, stateProperties[key], awsProperties[key], drifts, ignore, union);
@@ -52772,7 +52852,7 @@ function reorderArgs(argv) {
 async function main() {
 	installPipeCloseHandler();
 	const program = new Command();
-	program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.219.3");
+	program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.219.4");
 	program.addCommand(createBootstrapCommand());
 	program.addCommand(createSynthCommand());
 	program.addCommand(createListCommand());