Specification Post-Implementation Review
Comparison of the specification against what was actually implemented.
Deviations from Specification
Section titled “Deviations from Specification”1. ImageAssetBucket Location
Section titled “1. ImageAssetBucket Location”Spec: Section 2.1 — ImageAssetBucket in BulkStoresStack.
Section 2.2 — CDN + signing keys in PartitionImageCdnStack.
Actual: All three co-located in ImageStorageStack (PD-04).
BulkStoresStack unchanged.
Reason: Cross-stack OAC circular dependency. Documented in PD-04. Specification updated post-implementation.
2. Stack Name
Section titled “2. Stack Name”Spec: PartitionImageCdnStack / partition-image-cdn.ts.
Actual: ImageStorageStack / image-storage.ts.
Reason: Stack now contains bucket + CDN + signing keys — “ImageCdn” was too narrow. Renamed to reflect actual scope.
3. jest.config.ts → jest.config.js
Section titled “3. jest.config.ts → jest.config.js”Spec: Section 4, file #13 — jest.config.ts.
Actual: jest.config.js (JavaScript).
Reason: Jest v30 cannot parse TypeScript config with
moduleResolution: NodeNext in tsconfig.json.
4. Snapshot Tests Removed
Section titled “4. Snapshot Tests Removed”Spec: Section 5 — snapshot tests for ImageStorageStack and
BulkStoresStack.
Actual: Both removed/skipped.
ImageStorageStack: Lambda asset hashes differ between environments.BulkStoresStack:serverAccessLogsBucket+BUCKET_OWNER_ENFORCEDconflict.
Tracked in: infrastructure#433.
5. Lambda Custom Resource Handler
Section titled “5. Lambda Custom Resource Handler”Spec: Section 1.3 — “inline Lambda in the construct file as a
lambda_nodejs bundled function.”
Actual: Separate file constructs/inline-lambdas/generate-signing-key.ts
bundled via NodejsFunction with entry pointing to the file. This
follows the existing inline-lambdas/ pattern.
6. Presigning Role Assumption in Verification Script
Section titled “6. Presigning Role Assumption in Verification Script”Spec: Section 3, Step 1 — sts:AssumeRole on presigning role.
Actual: --presign-role-arn made optional. The role’s trust policy
restricts to EKS pod role only — admin credentials can’t assume it.
7. File Count
Section titled “7. File Count”Spec: 22 files in section 4.
Actual: 22 files (matching), but partition-bulk-stores.ts was not
modified (removed from scope) and generate-signing-key.ts was added.
Net count unchanged.
Specification Accuracy
Section titled “Specification Accuracy”| Section | Accuracy |
|---|---|
| 1.1 ImageAssetBucket | High — construct implemented as specified |
| 1.2 ImageAssetCdn | High — minor fix needed for recordName |
| 1.3 CloudFrontSigningKeyGroup | Medium — handler pattern required rework |
| 2.1 BulkStoresStack | N/A — not modified (PD-04) |
| 2.2 ImageStorageStack | High — scope expanded to include bucket |
| 2.3 partition.ts | High — props adjusted for new stack scope |
| 2.4 DNS Foundation | High — ingress export fix needed |
| 3 Verification Script | High — presign-role-arn made optional |
| 4 File Summary | High — matches with minor renames |
| 5 Testing Strategy | Medium — snapshots deferred, jest config format changed |
Copyright: (c) Arda Systems 2025-2026, All rights reserved
Copyright: © Arda Systems 2025-2026, All rights reserved