Infrastructure Stream — Task Plan (post-implementation)
Compares the planned tasks (see ../task-plan.md) against what shipped in infrastructure PR #451 and the PR #452 follow-up.
Delta from plan — PR #451
Section titled “Delta from plan — PR #451”All planned tasks landed. A handful of in-scope cleanups were folded in because the diff already touched the affected code paths:
| Area | Plan | Reality | In scope? |
|---|---|---|---|
PARTITION_VAULT_MAP[prod] | Unchanged | Corrected SystemsOAM → ProdOAM | In scope: this PR introduces the first new prod-vault reads, so the mismatch became material. |
Inline-BuildSpec drift check | Add per-partition check at deploy loop start | Shipped; also treats None and null outputs as empty to avoid false positives. | In scope: the check itself was the planned deliverable; the null-output handling was a same-edit fix. |
AMAZON_CREATORS_API_JSON lifetime | Implicit | Explicit unset at the start of each partition iteration | In scope: cleanly required for multi-partition all invocations. |
| SSO-login ordering | Not specified | Moved before drift-check AWS calls | In scope: drift check would otherwise silently skip on expired SSO. |
| GitHub Actions log masking | Not specified | ::add-mask:: registered for all credential fields | In scope: PR introduces the first paths that handle credential values from 1Password in CI. |
Delta from plan — PR #452 (follow-up)
Section titled “Delta from plan — PR #452 (follow-up)”Not in the original task-plan; surfaced during the prod rollout and tracked as PDEV-452.
- The original task-plan’s “explicit
--regioneverywhere” intent was set up by addingAMPLIFY_REGION_OVERRIDES, but the partition-loop code paths that followed (drift check, env-var update, compute-role attach) inherited the AWS CLI default region instead of consuming the override. PR #452 closes that gap by resolving a per-partitionamplify_regionat the top of the loop and passing it via--regionat every call site, with no conditional branching.
Verification
Section titled “Verification”npm run lint,npm run build,npm test: all green on both PRs.bash -n amm.sh+shellcheck amm.sh: clean (two pre-existing SC2016 infos on single-quotedjqfilters are unrelated and intentional).- Local end-to-end:
amm.sh Alpha002 devruns cleanly on PR #451 head, populates all fourAMAZON_*env vars ondev-arda-frontend-app, and is idempotent on re-run. - Production end-to-end (post-PR #452):
amm.sh Alpha001 prodruns cleanly, the drift check correctly targetsus-east-2for the prod Amplify appduhexavnwh88g, and the four env vars land on the prod app.
Copyright: © Arda Systems 2025-2026, All rights reserved