feat(docs): lambda-ify load with url

[coltondotio]

Short description of the changes made

Implements getDocsForUrl endpoint in fdr-lambda to fetch complete docs definitions from the database, following the same pattern as the FDR service but without Redis caching. Also refactors getMetadataForUrl
into a separate service file for better organization.

What was the motivation & context behind this PR?

The FDR Lambda is being enhanced to support serving full documentation definitions directly from the database. This enables:

1. Reduced Redis dependency: Lambda fetches docs directly from the database, simplifying the architecture for stateless Lambda deployments
2. Complete docs loading: Clients can now fetch the entire docs definition (including config, navigation, pages, and API references) in a single call
3. Better code organization: Service functions are now properly separated into their own files

The implementation closely mirrors the logic in servers/fdr/src/services/docs-cache/DocsDefinitionCache.ts:217-269, specifically the getDocsForUrlFromDatabase method, ensuring consistency across services.

Key features:

• Queries DocsV2 table by hostname
• Fetches referenced API definitions from ApiDefinitionsV2 and ApiDefinitionsLatest tables
• Generates presigned S3 URLs for file assets (images, etc.)
• Supports V1 docs fallback for backward compatibility
• URL coercion (automatically adds https:// prefix)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Updated (UTC)
dev.ferndocs.com	Ready	Preview	Oct 18, 2025 5:35pm
fern-dashboard	Ready	Preview	Oct 18, 2025 5:35pm
fern-dashboard-dev	Ready	Preview	Oct 18, 2025 5:35pm
ferndocs.com	Ready	Preview	Oct 18, 2025 5:35pm
preview.ferndocs.com	Ready	Preview	Oct 18, 2025 5:35pm
prod-assets.ferndocs.com	Ready	Preview	Oct 18, 2025 5:35pm
prod.ferndocs.com	Ready	Preview	Oct 18, 2025 5:35pm

1 Skipped Deployment

Project	Deployment	Preview	Updated (UTC)
fern-platform	Ignored		Oct 18, 2025 5:35pm

💡 Enable Vercel Agent with $100 free credit for automated AI reviews

[github-actions]

🚀 FDR Lambda Preview Deployed

Your Lambda function has been deployed to a preview environment!

🔗 Preview URL: https://jb5voktrj5.execute-api.us-east-1.amazonaws.com/preview-4124

📝 Available Endpoints:

• Base: GET https://jb5voktrj5.execute-api.us-east-1.amazonaws.com/preview-4124
• Health: GET https://jb5voktrj5.execute-api.us-east-1.amazonaws.com/preview-4124/health
• Metadata (public): POST https://jb5voktrj5.execute-api.us-east-1.amazonaws.com/preview-4124/metadata-for-url
• Load Docs (requires auth): POST https://jb5voktrj5.execute-api.us-east-1.amazonaws.com/preview-4124/load-docs-for-url

📋 Example Usage:

# Test default endpoint
curl "https://jb5voktrj5.execute-api.us-east-1.amazonaws.com/preview-4124"

# Test metadata endpoint (public - no auth required)
curl -X POST "https://jb5voktrj5.execute-api.us-east-1.amazonaws.com/preview-4124/metadata-for-url" \
  -H "Content-Type: application/json" \
  -d '{"url":"https://docs.buildwithfern.com"}'

# Test load docs endpoint (requires Fern token)
curl -X POST "https://jb5voktrj5.execute-api.us-east-1.amazonaws.com/preview-4124/load-docs-for-url" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $FERN_TOKEN" \
  -d '{"url":"https://docs.buildwithfern.com"}'

🏷️ Stack Name: fdr-lambda-preview-4124

ℹ️ Note: This preview will be automatically destroyed when the PR is closed or merged.

[vercel]

Suggested change

	console.error(`Failed to parse buffer: ${raw}`);
	console.error('Failed to parse buffer: invalid JSON format');

The error logging exposes potentially sensitive buffer contents when JSON parsing fails.

View Details

Analysis

Information leakage through error logging in readBuffer() exposes sensitive data

What fails: readBuffer() in servers/fdr-lambda/src/utils/serde.ts logs complete buffer contents via console.error(\Failed to parse buffer:

How to reproduce:

// Buffer with sensitive data that causes JSON parse error
const sensitiveBuffer = Buffer.from('{"apiKey": "sk-secret123", "dbUrl": "postgresql://user:pass@host/db", invalid}');
readBuffer(sensitiveBuffer); // Logs: Failed to parse buffer: {"apiKey": "sk-secret123", "dbUrl": "postgresql://user:pass@host/db", invalid}

Result: Sensitive data (API keys, database credentials, PII) from malformed JSON is logged in plaintext to CloudWatch Logs, accessible to users with logs:PutLogEvents permissions

Expected: Error logging should not expose raw buffer contents per AWS CloudWatch Logs security guidance which recommends protecting credentials and PII in logs

[vercel]

Suggested change

	const promisedFiles = Object.entries(docsDbDefinition.files).map(
	const promisedFiles = Object.entries(docsDbDefinition.files ?? {}).map(

The code calls Object.entries(docsDbDefinition.files) without null checking, which could cause a runtime error if files is null or undefined.

View Details

Analysis

Object.entries() call without null check in getFilesV2() causes TypeError

What fails: getFilesV2() function in servers/fdr-lambda/src/services/getDocsForUrl.ts calls Object.entries(docsDbDefinition.files) on line 163 without null checking

How to reproduce:

// If docsDbDefinition.files is null or undefined:
Object.entries(null);    // TypeError: Cannot convert undefined or null to object
Object.entries(undefined); // TypeError: Cannot convert undefined or null to object

Result: Runtime crash with TypeError: Cannot convert undefined or null to object, causing entire request to fail

Expected: Should handle null/undefined gracefully like the defensive pattern used at line 224: docsDbDefinition.files ?? {}

Evidence: MDN Object.entries documentation confirms null/undefined throws TypeError. Same file already uses defensive pattern docsDbDefinition.files ?? {} at line 224, indicating this is a known concern.