cargo.state.json
Every deploy writes cargo.state.json — a map from each code resource
(kind:slug) to the real uuid Cargo assigned it, plus its outputs and a content
hash:
Lock file
During a deploy/destroy/import the CDK writes sibling files next tocargo.state.json — a cargo.state.lock (serializes concurrent runs), a
cargo.state.bak.json (rollback snapshot), and a cargo.state.audit.jsonl
(run log). Only cargo.state.json is committed; git-ignore the rest:
--force overrides one
you believe is stale.
Drift
The CDK compares your code against state. It can also compare against the live workspace to catch changes made outside the CDK (e.g. someone edits an agent in the Cargo UI, or deletes a folder).Detect (read-only)
unchanged,
modified externally, or deleted externally. It changes nothing.
Correct
- Modified externally → re-applies your code over it (code wins).
- Deleted externally → recreates it.
Drift is measured against the state captured at the last deploy, not guessed
from code — so it reflects real changes to the live resource. A transient read
error is reported as
unknown, never as a deletion, so a network blip can’t
trigger a mass re-create.Secrets and drift
Becausesecret() values are excluded from the content hash, rotating a secret
does not show as drift and a plain deploy won’t push the new value (nothing
changed). To roll a rotated secret, re-apply the resource (make any other change,
or use --refresh). Use env() instead if you want a config value tracked in
the hash.
