@go-to-k/cdkd 0.4.0 → 0.4.1

package/dist/cli.js

@@ -25979,6 +25979,57 @@ var IMPLICIT_DELETE_DEPENDENCIES = {
   ]
 };
 
+// src/deployment/retryable-errors.ts
+var RETRYABLE_ERROR_MESSAGE_PATTERNS = [
+  // IAM propagation
+  "cannot be assumed",
+  "role defined for the function",
+  "not authorized to perform",
+  "execution role",
+  "trust policy",
+  "Role validation failed",
+  "does not have required permissions",
+  "Trusted Entity",
+  "currently in the following state: Pending",
+  // DELETE dependency ordering (parallel deletion race conditions)
+  "has dependencies and cannot be deleted",
+  "can't be deleted since it has",
+  "DependencyViolation",
+  // AWS eventual consistency (dependency just created but not yet visible)
+  // e.g., RDS DBCluster referencing a just-created DBSubnetGroup
+  "does not exist",
+  // AppSync schema is being created asynchronously
+  "Schema is currently being altered",
+  // IAM principal not yet propagated to S3 bucket policy
+  "Invalid principal in policy",
+  // S3 bucket creation/deletion still in progress
+  "conflicting conditional operation",
+  // Secrets Manager: ForceDeleteWithoutRecovery may take a moment to propagate
+  "scheduled for deletion",
+  // DynamoDB Streams / Kinesis: IAM role not yet propagated
+  "Cannot access stream",
+  "Please ensure the role can perform",
+  // KMS: IAM role not yet propagated for CreateGrant
+  "KMS key is invalid for CreateGrant",
+  // CloudWatch Logs SubscriptionFilter: Kinesis stream eventual consistency
+  // or SubscriptionFilter role propagation. CW Logs probes the destination
+  // by delivering a test message; if the stream is freshly ACTIVE or the
+  // assumed role hasn't propagated, the probe fails with "Invalid request".
+  "Could not deliver test message"
+];
+var RETRYABLE_HTTP_STATUS_CODES = /* @__PURE__ */ new Set([429, 503]);
+function isRetryableTransientError(error, message) {
+  const metadata = error.$metadata;
+  const statusCode = metadata?.httpStatusCode;
+  if (statusCode !== void 0 && RETRYABLE_HTTP_STATUS_CODES.has(statusCode))
+    return true;
+  const cause = error.cause;
+  const causeStatus = cause?.$metadata?.httpStatusCode;
+  if (causeStatus !== void 0 && RETRYABLE_HTTP_STATUS_CODES.has(causeStatus))
+    return true;
+  return RETRYABLE_ERROR_MESSAGE_PATTERNS.some((p) => message.includes(p));
+}
+
 // src/deployment/deploy-engine.ts
 var InterruptedError = class extends Error {
   constructor() {
@@ -26975,7 +27026,7 @@ var DeployEngine = class {
       } catch (error) {
         lastError = error;
         const message = error instanceof Error ? error.message : String(error);
-        const isRetryable = this.isRetryableError(error, message);
+        const isRetryable = isRetryableTransientError(error, message);
         if (!isRetryable || attempt >= maxRetries) {
           throw error;
         }
@@ -26992,53 +27043,6 @@ var DeployEngine = class {
     }
     throw lastError;
   }
-  /**
-   * Determine if an error is retryable (transient).
-   * Checks HTTP status codes (429 throttle, 503 unavailable)
-   * and IAM propagation delay message patterns.
-   */
-  isRetryableError(error, message) {
-    const metadata = error.$metadata;
-    const statusCode = metadata?.httpStatusCode;
-    if (statusCode === 429 || statusCode === 503)
-      return true;
-    const cause = error.cause;
-    const causeStatus = cause?.$metadata?.httpStatusCode;
-    if (causeStatus === 429 || causeStatus === 503)
-      return true;
-    const retryablePatterns = [
-      "cannot be assumed",
-      "role defined for the function",
-      "not authorized to perform",
-      "execution role",
-      "trust policy",
-      "Role validation failed",
-      "does not have required permissions",
-      "Trusted Entity",
-      "currently in the following state: Pending",
-      // DELETE dependency ordering (parallel deletion race conditions)
-      "has dependencies and cannot be deleted",
-      "can't be deleted since it has",
-      "DependencyViolation",
-      // AWS eventual consistency (dependency just created but not yet visible)
-      // e.g., RDS DBCluster referencing a just-created DBSubnetGroup
-      "does not exist",
-      // AppSync schema is being created asynchronously
-      "Schema is currently being altered",
-      // IAM principal not yet propagated to S3 bucket policy
-      "Invalid principal in policy",
-      // S3 bucket creation/deletion still in progress
-      "conflicting conditional operation",
-      // Secrets Manager: ForceDeleteWithoutRecovery may take a moment to propagate
-      "scheduled for deletion",
-      // DynamoDB Streams / Kinesis: IAM role not yet propagated
-      "Cannot access stream",
-      "Please ensure the role can perform",
-      // KMS: IAM role not yet propagated for CreateGrant
-      "KMS key is invalid for CreateGrant"
-    ];
-    return retryablePatterns.some((p) => message.includes(p));
-  }
   /**
    * Resolve stack outputs from template and resource attributes
    *
@@ -27967,7 +27971,7 @@ function reorderArgs(argv) {
 }
 async function main() {
   const program = new Command8();
-  program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.4.0");
+  program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.4.1");
   program.addCommand(createBootstrapCommand());
   program.addCommand(createSynthCommand());
   program.addCommand(createDeployCommand());