docs(parity): consolidate parity.md — DynamoDB deep dive + full popular-service audit#2380
Merged
Merged
Conversation
Consolidate the three parity docs into a single parity.md. Re-audit the DynamoDB family (dynamodb, dynamodbstreams, dax) against AWS-emulation parity, performance, resource leaks, and console coverage; record only the remaining code-cited gaps plus a "recently closed" history section. Remove the stale PARITY.md and PARITY_SWEEP.md so parity.md is the single source of truth. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01P6g2HLj2ythLnH2rPxqEhZ
Extend the single parity.md beyond the DynamoDB family with a code-cited remaining-gaps audit of the most-used LocalStack-core services: S3, Lambda, SQS, SNS, IAM, STS, KMS, Secrets Manager, SSM, CloudFormation, CloudWatch, CloudWatch Logs, EventBridge, Kinesis, Firehose, API Gateway v1/v2, EC2, ECR, ECS, Route 53, Step Functions, ElastiCache, and OpenSearch. Each service verified against current code (fixed vs still-present) across parity, performance, resource leaks, and console coverage, with a compact recently-closed line recording landed fixes. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01P6g2HLj2ythLnH2rPxqEhZ
agbishop
changed the title
Extend the audit to the tier-2 LocalStack-core services: SES/SESv2, Cognito (idp + identity), RDS/RDS-Data, Redshift/Redshift-Data, Neptune, DocDB, Timestream (write + query), Glue, Athena, EMR, Lake Formation, SageMaker (+ runtime), AppSync, CloudFront, ACM, Route 53 Resolver, CloudTrail, Config, Organizations, RAM, Resource Groups (+ tagging API), Cloud Control, Batch, EKS, Elastic Beanstalk, EFS, Transfer, Backup, MQ, API Gateway Management, EventBridge Scheduler, Pipes, MSK/Kafka, Cloud Map, SWF, X-Ray, and the CodeBuild/CodeCommit/CodePipeline/CodeDeploy suite. Each verified against current code across parity, performance, resource leaks, and console coverage, with recently-closed lines recording fixes. QLDB documented as an intentional removal (AWS end-of-support). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01P6g2HLj2ythLnH2rPxqEhZ
agbishop
changed the title
Collaborator
Author
📊 Code Coverage Report
Tip This project maintains a minimum coverage threshold of 85%. Maintain or improve coverage on new code to ensure long-term stability. Last updated: Mon, 29 Jun 2026 14:00:16 GMT |
Replace the compact S3 entry with a DynamoDB-style deep dive across the data-plane wire protocol, bucket subresources, performance, leaks, and UI. Headline parity gaps: access control (bucket policy/ACL/PAB/ownership) and default bucket encryption are stored but never enforced on the data plane; no SigV4 header-auth verification and no aws-chunked/streaming body decode; single-range GET only; response-content-* override params ignored; Object Lock GOVERNANCE bypass and bucket default-retention unimplemented. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01P6g2HLj2ythLnH2rPxqEhZ
Replace the compact popular-tier entries (lambda, ec2, ecr, ecs, sqs, sns, eventbridge, kinesis, firehose, iam, sts, kms, secretsmanager, stepfunctions, apigateway v1/v2, ssm, cloudformation, cloudwatch, cloudwatchlogs, route53, elasticache, opensearch) with exhaustive per-operation deep dives verified against current code — matching the depth of the DynamoDB and S3 sections. Surfaces concrete remaining gaps toward 100% parity: Lambda ESM FilterCriteria and Kafka/MSK/DocDB/MQ sources never poll, Function URL AuthType unenforced; EC2 Restore never rebuilds secondary indexes; IAM policy simulator silently mis-evaluates Date*/Numeric*/set condition operators; STS AssumeRole succeeds for non-existent roles and web-identity JWTs unvalidated; CloudFormation drift compares template-vs-template not live state and change sets omit Remove; ECS tasks never self-stop on container exit; ECR lifecycle policies never expire images; CloudWatch GetMetricData unpaginated and extended stats dropped; Logs Insights engine and filter patterns minimal; API Gateway has no usage-plan quota/throttle enforcement; elasticache/opensearch lifecycles resolve instantly. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01P6g2HLj2ythLnH2rPxqEhZ
Add a "Cross-service integration" section verifying the audited services interoperate end-to-end the way AWS does — tracing each producer → transport → consumer path in code (S3/SNS events, EventBridge/Pipes/Scheduler targets, stream consumers, API Gateway/Step Functions integrations, CloudFormation provisioning, governance/observability, and systemic region/ARN/auth). Key finding: cross-service calls are wired via explicit Set*Invoker/ Set*Integration adapters in cli.go, and many hookups are missing — so the integration code exists but the dependency is nil and the call silently no-ops. Broken paths include SNS->Lambda/Firehose, EventBridge->Kinesis/ Firehose/StepFunctions/ECS/Logs/API-destination, Scheduler->EventBus/Kinesis/ ECS, Pipes non-SQS sources+targets, Lambda ESM for Kafka/MSK/DocDB/MQ, ESM FilterCriteria, Lambda async DLQ/destinations, API Gateway AWS service integrations, Step Functions->ECS/Glue/EventBridge, CloudTrail/Config capture, Backup recovery points, Cognito->Lambda triggers, RAM sharing, Cloud Control (disjoint state), and KMS use by S3/DynamoDB/Secrets Manager. CloudFormation correctly provisions ~60 real resource types in the shared backends. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01P6g2HLj2ythLnH2rPxqEhZ
Distill the popular-tier deep dives and the cross-service audit into an ordered, actionable checklist to reach 100% parity: P0 cheap cli.go cross-service wiring hookups (highest leverage), P1 cross-service behavior, P2 per-service correctness must-fixes, P3 lifecycle realism, P4 console coverage. Remains documentation-only. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01P6g2HLj2ythLnH2rPxqEhZ
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Consolidates the three parity docs into a single
parity.mdand re-audits the DynamoDB family plus the popular and tier-2 LocalStack-core services (~50 services) against four axes — AWS-emulation parity, performance, resource leaks, and console coverage. Every remaining bullet is a concrete, code-cited (file:line) gap; each service has a compact_Recently closed_line preserving history.This PR changes documentation only (
parity.md, plus deletion of the two stalePARITY*.mddocs).Findings were produced by reading current Go sources and the Svelte console directly (one verification agent per service area), seeded with the prior full-fleet audit so this pass reports current state (fixed vs. still-present), not stale claims.
Coverage
Highest-leverage remaining themes
CREATING/IN_PROGRESS/PENDINGtransition (eks, emr, batch, elasticache, opensearch, neptune, docdb, kafka, codedeploy, codepipeline, servicediscovery), so SDK waiters never observe intermediate states.*NotFoundExceptionmapped to HTTP 400 across the code* suite and some data services.policyVersionCounters, stepfunctionsmapRuns, sns delivery slices, ecsReconciler.sems, xray insight maps.Testing
Docs-only change — no code paths touched.
🤖 Generated with Claude Code