cdk-local 0.26.0 → 0.27.0

package/dist/cli.js

@@ -1,10 +1,10 @@
 #!/usr/bin/env node
-import { W as createLocalInvokeCommand, o as createLocalRunTaskCommand, r as createLocalStartServiceCommand, s as createLocalStartApiCommand, t as createLocalListCommand } from "./local-list-CnAKqGmz.js";
+import { W as createLocalInvokeCommand, o as createLocalRunTaskCommand, r as createLocalStartServiceCommand, s as createLocalStartApiCommand, t as createLocalListCommand } from "./local-list-KUEmeW9J.js";
 import { Command } from "commander";
 
 //#region src/cli/index.ts
 const program = new Command();
-program.name("cdkl").description("Run AWS CDK stacks locally with Docker.").version("0.26.0");
+program.name("cdkl").description("Run AWS CDK stacks locally with Docker.").version("0.27.0");
 program.addCommand(createLocalInvokeCommand());
 program.addCommand(createLocalStartApiCommand());
 program.addCommand(createLocalRunTaskCommand());

package/dist/index.js

@@ -1,4 +1,4 @@
 import { c as getEmbedConfig, l as resetEmbedConfig, u as setEmbedConfig } from "./docker-cmd-DvoehoBl.js";
-import { $ as materializeLayerFromArn, A as matchRoute, B as parseConnectionsPath, C as evaluateCachedLambdaPolicy, D as buildCorsConfigByApiId, E as applyCorsResponseHeaders, F as HOST_GATEWAY_MIN_VERSION, G as resolveRuntimeCodeMountPath, H as buildDisconnectEvent, I as probeHostGatewaySupport, J as substituteAgainstState, K as resolveRuntimeFileExtension, L as ConnectionRegistry, M as applyAuthorizerOverlay, N as buildHttpApiV2Event, O as buildCorsConfigFromCloudFrontChain, P as buildRestV1Event, Q as resolveEnvVars, R as buildMgmtEndpointEnvUrl, S as computeRequestIdentityHash, T as invokeTokenAuthorizer, U as buildMessageEvent, V as buildConnectEvent, W as createLocalInvokeCommand, X as substituteEnvVarsFromState, Y as substituteAgainstStateAsync, Z as substituteEnvVarsFromStateAsync, _ as buildJwksUrlFromIssuer, _t as pickRefLogicalId, a as getContainerNetworkIp, at as isCfnFlagPresent, b as verifyJwtAuthorizer, c as createAuthorizerCache, ct as resolveCfnRegion, d as availableApiIdentifiers, dt as countTargets, et as derivePseudoParametersFromRegion, f as filterRoutesByApiIdentifier, ft as listTargets, g as buildCognitoJwksUrl, gt as discoverRoutes, h as resolveServiceIntegrationParameters, ht as parseSelectionExpressionPath, i as CloudMapRegistry, it as createLocalStateProvider, j as translateLambdaResponse, k as matchPreflight, l as attachStageContext, lt as resolveCfnStackName, m as resolveSelectionExpression, mt as discoverWebSocketApisOrThrow, n as formatTargetListing, nt as tryResolveImageFnJoin, o as createLocalRunTaskCommand, ot as rejectExplicitCfnStackWithMultipleStacks, p as groupRoutesByServer, pt as discoverWebSocketApis, q as resolveRuntimeImage, r as createLocalStartServiceCommand, rt as LocalStateSourceError, s as createLocalStartApiCommand, st as resolveCfnFallbackRegion, t as createLocalListCommand, tt as substituteImagePlaceholders, u as buildStageMap, ut as CfnLocalStateProvider, v as createJwksCache, vt as resolveLambdaArnIntrinsic, w as invokeRequestAuthorizer, x as buildMethodArn, y as verifyCognitoJwt, z as handleConnectionsRequest } from "./local-list-CnAKqGmz.js";
+import { $ as materializeLayerFromArn, A as matchRoute, B as parseConnectionsPath, C as evaluateCachedLambdaPolicy, D as buildCorsConfigByApiId, E as applyCorsResponseHeaders, F as HOST_GATEWAY_MIN_VERSION, G as resolveRuntimeCodeMountPath, H as buildDisconnectEvent, I as probeHostGatewaySupport, J as substituteAgainstState, K as resolveRuntimeFileExtension, L as ConnectionRegistry, M as applyAuthorizerOverlay, N as buildHttpApiV2Event, O as buildCorsConfigFromCloudFrontChain, P as buildRestV1Event, Q as resolveEnvVars, R as buildMgmtEndpointEnvUrl, S as computeRequestIdentityHash, T as invokeTokenAuthorizer, U as buildMessageEvent, V as buildConnectEvent, W as createLocalInvokeCommand, X as substituteEnvVarsFromState, Y as substituteAgainstStateAsync, Z as substituteEnvVarsFromStateAsync, _ as buildJwksUrlFromIssuer, _t as pickRefLogicalId, a as getContainerNetworkIp, at as isCfnFlagPresent, b as verifyJwtAuthorizer, c as createAuthorizerCache, ct as resolveCfnRegion, d as availableApiIdentifiers, dt as countTargets, et as derivePseudoParametersFromRegion, f as filterRoutesByApiIdentifier, ft as listTargets, g as buildCognitoJwksUrl, gt as discoverRoutes, h as resolveServiceIntegrationParameters, ht as parseSelectionExpressionPath, i as CloudMapRegistry, it as createLocalStateProvider, j as translateLambdaResponse, k as matchPreflight, l as attachStageContext, lt as resolveCfnStackName, m as resolveSelectionExpression, mt as discoverWebSocketApisOrThrow, n as formatTargetListing, nt as tryResolveImageFnJoin, o as createLocalRunTaskCommand, ot as rejectExplicitCfnStackWithMultipleStacks, p as groupRoutesByServer, pt as discoverWebSocketApis, q as resolveRuntimeImage, r as createLocalStartServiceCommand, rt as LocalStateSourceError, s as createLocalStartApiCommand, st as resolveCfnFallbackRegion, t as createLocalListCommand, tt as substituteImagePlaceholders, u as buildStageMap, ut as CfnLocalStateProvider, v as createJwksCache, vt as resolveLambdaArnIntrinsic, w as invokeRequestAuthorizer, x as buildMethodArn, y as verifyCognitoJwt, z as handleConnectionsRequest } from "./local-list-KUEmeW9J.js";
 
 export { CfnLocalStateProvider, CloudMapRegistry, ConnectionRegistry, HOST_GATEWAY_MIN_VERSION, LocalStateSourceError, applyAuthorizerOverlay, applyCorsResponseHeaders, attachStageContext, availableApiIdentifiers, buildCognitoJwksUrl, buildConnectEvent, buildCorsConfigByApiId, buildCorsConfigFromCloudFrontChain, buildDisconnectEvent, buildHttpApiV2Event, buildJwksUrlFromIssuer, buildMessageEvent, buildMethodArn, buildMgmtEndpointEnvUrl, buildRestV1Event, buildStageMap, computeRequestIdentityHash, countTargets, createAuthorizerCache, createJwksCache, createLocalInvokeCommand, createLocalListCommand, createLocalRunTaskCommand, createLocalStartApiCommand, createLocalStartServiceCommand, createLocalStateProvider, derivePseudoParametersFromRegion, discoverRoutes, discoverWebSocketApis, discoverWebSocketApisOrThrow, evaluateCachedLambdaPolicy, filterRoutesByApiIdentifier, formatTargetListing, getContainerNetworkIp, getEmbedConfig, groupRoutesByServer, handleConnectionsRequest, invokeRequestAuthorizer, invokeTokenAuthorizer, isCfnFlagPresent, listTargets, matchPreflight, matchRoute, materializeLayerFromArn, parseConnectionsPath, parseSelectionExpressionPath, pickRefLogicalId, probeHostGatewaySupport, rejectExplicitCfnStackWithMultipleStacks, resetEmbedConfig, resolveCfnFallbackRegion, resolveCfnRegion, resolveCfnStackName, resolveEnvVars, resolveLambdaArnIntrinsic, resolveRuntimeCodeMountPath, resolveRuntimeFileExtension, resolveRuntimeImage, resolveSelectionExpression, resolveServiceIntegrationParameters, setEmbedConfig, substituteAgainstState, substituteAgainstStateAsync, substituteEnvVarsFromState, substituteEnvVarsFromStateAsync, substituteImagePlaceholders, translateLambdaResponse, tryResolveImageFnJoin, verifyCognitoJwt, verifyJwtAuthorizer };

package/dist/{local-list-CnAKqGmz.js → local-list-KUEmeW9J.js}

@@ -16402,18 +16402,18 @@ const METADATA_ENDPOINT_IP = "169.254.170.2";
 const DEFAULT_METADATA_ENDPOINT_SUBNET = "169.254.170.0/24";
 /**
 * Pure-functional subnet allocator. `cdkl run-task` uses the
-* default subnet; `cdkl start-service` walks `subnetOctet=170,
-* 171, 172, ...` (one per replica) to keep parallel docker networks
-* from clashing. The link-local 169.254.0.0/16 space is reserved AWS-
-* wide for cloud metadata so collisions with user workloads are
-* unlikely, but each replica still gets its own /24 to ensure
-* docker's `--subnet` allocator does not reject "Pool overlaps".
+* default subnet (octet 170); `cdkl start-service` uses a SINGLE
+* shared network at the fixed octet `SHARED_SVC_SUBNET_OCTET = 171`
+* (one octet up from run-task so the two CLI variants can coexist on
+* the same host). The link-local 169.254.0.0/16 space is reserved
+* AWS-wide for cloud metadata so collisions with user workloads are
+* unlikely, but the fixed /24 still keeps docker's `--subnet`
+* allocator from rejecting "Pool overlaps".
 *
 * `subnetOctet` is the second-from-last byte of the network: 170 →
 * 169.254.170.0/24 (default), 171 → 169.254.171.0/24, etc. Valid
-* range is 1..254; the runner clamps to `(170 + replicaIndex) % 84`
-* + 170 in practice (rolling window) — exported here so the runner
-* keeps the allocation logic in one place.
+* range is 1..254 — exported here so callers keep the CIDR /
+* sidecar-IP derivation in one place.
 */
 function buildEndpointSubnet(subnetOctet) {
 	if (subnetOctet < 1 || subnetOctet > 254 || !Number.isInteger(subnetOctet)) throw new Error(`buildEndpointSubnet: subnetOctet must be an integer in 1..254 (got ${subnetOctet}).`);
@@ -16445,7 +16445,9 @@ const SHARED_SVC_SUBNET_OCTET = 171;
 * CLI tears down ONCE at the end of the run.
 */
 async function createSharedSvcNetwork(options = {}) {
-	const networkName = `${options.prefix ?? getEmbedConfig().resourceNamePrefix}-svc-${randomBytes(4).toString("hex")}`;
+	const prefix = options.prefix ?? getEmbedConfig().resourceNamePrefix;
+	await sweepOrphanedSvcNetworks(prefix);
+	const networkName = `${prefix}-svc-${randomBytes(4).toString("hex")}`;
 	const { cidr, sidecarIp } = buildEndpointSubnet(171);
 	return {
 		networkName,
@@ -16462,6 +16464,81 @@ async function createSharedSvcNetwork(options = {}) {
 	};
 }
 /**
+* Startup orphan sweep for the shared `cdkl start-service` network
+* (Issue #93, design Option 1). When a `start-service` run is interrupted
+* before its end-of-run teardown, the shared `<prefix>-svc-<rand>` network
+* and its `<prefix>-svc-<rand>-metadata` sidecar LEAK. Because
+* `start-service` pins a single fixed subnet (`SHARED_SVC_SUBNET_OCTET`),
+* the next run's `docker network create` always fails with
+* "Pool overlaps with other one on this address space" — a state that,
+* unlike a port conflict, never self-heals. This sweep detects and removes
+* leaked `<prefix>-svc-*` networks that have NO live owner before the next
+* run re-creates the network.
+*
+* Classification heuristic: a `<prefix>-svc-*` network is ORPHANED when its
+* only attached container is its own `<name>-metadata` sidecar (or it has
+* zero attached containers). A network that still has a non-metadata
+* (user replica) container attached is a live concurrent run and is LEFT
+* untouched. Caveat: "only the metadata sidecar attached ⇒ orphan" can
+* misclassify a network in the sub-second window between sidecar start and
+* the first replica attach — so a second `start-service` launched in that
+* window could reclaim a concurrently-starting run's network out from under
+* it. This is an accepted limitation, not a benign one: start-service pins a
+* single fixed subnet, so two concurrent same-prefix runs were never
+* supported (the second run's `docker network create` already fails with
+* "Pool overlaps"). The sweep therefore cannot regress a
+* previously-working scenario.
+*
+* Resilient by design: a `docker network ls` / `inspect` failure must not
+* abort the run — it logs at debug and skips, matching the idempotent
+* teardown style in this file. Returns the list of swept network names.
+*/
+async function sweepOrphanedSvcNetworks(prefix) {
+	const logger = getLogger().child("ecs-network");
+	const filter = `${prefix}-svc-`;
+	let names;
+	try {
+		const { stdout } = await execFileAsync$2(getDockerCmd(), [
+			"network",
+			"ls",
+			"--filter",
+			`name=${filter}`,
+			"--format",
+			"{{.Name}}"
+		]);
+		names = stdout.split("\n").map((n) => n.trim()).filter((n) => n.length > 0);
+	} catch (err) {
+		const e = err;
+		logger.debug(`docker network ls (sweep) failed: ${e.stderr || e.message || String(err)}`);
+		return [];
+	}
+	const swept = [];
+	for (const name of names) {
+		let attached;
+		try {
+			const { stdout } = await execFileAsync$2(getDockerCmd(), [
+				"network",
+				"inspect",
+				name,
+				"--format",
+				"{{range .Containers}}{{.Name}} {{end}}"
+			]);
+			attached = stdout.split(/\s+/).map((c) => c.trim()).filter((c) => c.length > 0);
+		} catch (err) {
+			const e = err;
+			logger.debug(`docker network inspect ${name} (sweep) failed: ${e.stderr || e.message || String(err)}`);
+			continue;
+		}
+		const sidecarName = `${name}-metadata`;
+		if (attached.some((c) => c !== sidecarName)) continue;
+		logger.info(`Reclaiming orphaned shared network ${name} (no live owner)...`);
+		await removeContainer(sidecarName);
+		await destroyNetworkOnly(name);
+		swept.push(name);
+	}
+	return swept;
+}
+/**
 * Internal helper shared by `createTaskNetwork` (per-task) and
 * `createSharedSvcNetwork` (per-CLI-run). Creates the docker network,
 * pulls the sidecar image, and starts the sidecar at the documented
@@ -19123,4 +19200,4 @@ function createLocalListCommand(opts = {}) {
 
 //#endregion
 export { materializeLayerFromArn as $, matchRoute as A, parseConnectionsPath as B, evaluateCachedLambdaPolicy as C, buildCorsConfigByApiId as D, applyCorsResponseHeaders as E, HOST_GATEWAY_MIN_VERSION as F, resolveRuntimeCodeMountPath as G, buildDisconnectEvent as H, probeHostGatewaySupport as I, substituteAgainstState as J, resolveRuntimeFileExtension as K, ConnectionRegistry as L, applyAuthorizerOverlay as M, buildHttpApiV2Event as N, buildCorsConfigFromCloudFrontChain as O, buildRestV1Event as P, resolveEnvVars as Q, buildMgmtEndpointEnvUrl as R, computeRequestIdentityHash as S, invokeTokenAuthorizer as T, buildMessageEvent as U, buildConnectEvent as V, createLocalInvokeCommand as W, substituteEnvVarsFromState as X, substituteAgainstStateAsync as Y, substituteEnvVarsFromStateAsync as Z, buildJwksUrlFromIssuer as _, pickRefLogicalId as _t, getContainerNetworkIp as a, isCfnFlagPresent as at, verifyJwtAuthorizer as b, createAuthorizerCache as c, resolveCfnRegion as ct, availableApiIdentifiers as d, countTargets as dt, derivePseudoParametersFromRegion as et, filterRoutesByApiIdentifier as f, listTargets as ft, buildCognitoJwksUrl as g, discoverRoutes as gt, resolveServiceIntegrationParameters as h, parseSelectionExpressionPath as ht, CloudMapRegistry as i, createLocalStateProvider as it, translateLambdaResponse as j, matchPreflight as k, attachStageContext as l, resolveCfnStackName as lt, resolveSelectionExpression as m, discoverWebSocketApisOrThrow as mt, formatTargetListing as n, tryResolveImageFnJoin as nt, createLocalRunTaskCommand as o, rejectExplicitCfnStackWithMultipleStacks as ot, groupRoutesByServer as p, discoverWebSocketApis as pt, resolveRuntimeImage as q, createLocalStartServiceCommand as r, LocalStateSourceError as rt, createLocalStartApiCommand as s, resolveCfnFallbackRegion as st, createLocalListCommand as t, substituteImagePlaceholders as tt, buildStageMap as u, CfnLocalStateProvider as ut, createJwksCache as v, resolveLambdaArnIntrinsic as vt, invokeRequestAuthorizer as w, buildMethodArn as x, verifyCognitoJwt as y, handleConnectionsRequest as z };
-//# sourceMappingURL=local-list-CnAKqGmz.js.map
+//# sourceMappingURL=local-list-KUEmeW9J.js.map