@cxbuilder/flow-config 1.0.2 → 2.0.0

package/.jsii

@@ -3984,7 +3984,7 @@
   },
   "name": "@cxbuilder/flow-config",
   "readme": {
-    "markdown": "# @cxbuilder/flow-config\n\nAWS CDK constructs for Amazon Connect FlowConfig - a third-party app for configuring variables and prompts in Connect contact flows.\n\n## Links\n\n- [Screenshots](./docs/screenshots/)\n- [Architecture](./docs/Architecture.md)\n- [DataModel](./docs/DataModel.md)\n\n## Installation\n\n```bash\nnpm install @cxbuilder/flow-config\n```\n\n## Usage\n\n### Standard Deployment (Public)\n\n```typescript\nimport { FlowConfigStack } from '@cxbuilder/flow-config';\nimport * as cdk from 'aws-cdk-lib';\n\nconst app = new cdk.App();\nnew FlowConfigStack(app, 'FlowConfigStack', {\n  prefix: 'my-flow-config',\n  env: {\n    region: 'us-east-1',\n    account: 'YOUR_ACCOUNT_ID',\n  },\n  cognito: {\n    domain: 'https://your-auth-domain.com',\n    userPoolId: 'us-east-1_YourPoolId',\n  },\n  connectInstanceArn:\n    'arn:aws:connect:us-east-1:YOUR_ACCOUNT:instance/YOUR_INSTANCE_ID',\n  alertEmails: ['admin@yourcompany.com'],\n});\n```\n\n### VPC Private Deployment\n\nFor enhanced security, you can deploy the application to run entirely within a VPC with private endpoints:\n\n```typescript\nimport { FlowConfigStack, VpcConfig } from '@cxbuilder/flow-config';\nimport * as cdk from 'aws-cdk-lib';\n\nconst app = new cdk.App();\n\n// Configure VPC using string IDs - the stack will resolve these to CDK objects\nconst vpcConfig: VpcConfig = {\n  vpcId: 'vpc-12345678',\n  lambdaSecurityGroupIds: ['sg-lambda123'],\n  privateSubnetIds: ['subnet-12345', 'subnet-67890'],\n  vpcEndpointSecurityGroupIds: ['sg-endpoint123'],\n};\n\nnew FlowConfigStack(app, 'FlowConfigStack', {\n  prefix: 'my-flow-config',\n  env: {\n    region: 'us-east-1',\n    account: 'YOUR_ACCOUNT_ID',\n  },\n  cognito: {\n    domain: 'https://your-auth-domain.com',\n    userPoolId: 'us-east-1_YourPoolId',\n  },\n  connectInstanceArn:\n    'arn:aws:connect:us-east-1:YOUR_ACCOUNT:instance/YOUR_INSTANCE_ID',\n  alertEmails: ['admin@yourcompany.com'],\n  vpc: vpcConfig, // Enable VPC private deployment\n});\n```\n\n### Multi-Region Global Table Deployment\n\nFor global resilience, deploy the application across multiple regions with DynamoDB Global Tables:\n\n#### Primary Region Setup\n\n```typescript\nimport { FlowConfigStack, GlobalTableConfig } from '@cxbuilder/flow-config';\nimport * as cdk from 'aws-cdk-lib';\n\nconst app = new cdk.App();\n\n// Primary region creates the global table with replicas\nconst primaryGlobalTable: GlobalTableConfig = {\n  isPrimaryRegion: true,\n  replicaRegions: ['us-west-2', 'eu-west-1'],\n};\n\nnew FlowConfigStack(app, 'FlowConfigStack-Primary', {\n  prefix: 'my-flow-config',\n  env: {\n    region: 'us-east-1',\n    account: 'YOUR_ACCOUNT_ID',\n  },\n  cognito: {\n    domain: 'https://your-auth-domain.com',\n    userPoolId: 'us-east-1_YourPoolId',\n  },\n  connectInstanceArn:\n    'arn:aws:connect:us-east-1:YOUR_ACCOUNT:instance/YOUR_INSTANCE_ID',\n  alertEmails: ['admin@yourcompany.com'],\n  globalTable: primaryGlobalTable, // Enable global table\n});\n```\n\n#### Secondary Region Setup\n\n```typescript\nnew FlowConfigStack(app, 'FlowConfigStack-Secondary', {\n  prefix: 'my-flow-config',\n  env: {\n    region: 'us-west-2',\n    account: 'YOUR_ACCOUNT_ID',\n  },\n  cognito: {\n    domain: 'https://your-auth-domain.com',\n    userPoolId: 'us-west-2_YourPoolId',\n  },\n  connectInstanceArn:\n    'arn:aws:connect:us-west-2:YOUR_ACCOUNT:instance/YOUR_INSTANCE_ID',\n  alertEmails: ['admin@yourcompany.com'],\n  globalTable: {\n    isPrimaryRegion: false, // Reference global table\n  },\n});\n```\n\n## Features\n\n- **Serverless Architecture**: Built with AWS Lambda, DynamoDB, and API Gateway\n- **Amazon Connect Integration**: GetConfig Lambda function integrated directly with Connect contact flows\n- **Third-Party App**: Web-based interface embedded in Amazon Connect Agent Workspace\n- **Multi-Language Support**: Configure prompts for different languages and channels (voice/chat)\n- **Real-time Preview**: Text-to-speech preview using Amazon Polly\n- **Secure Access**: Integration with Amazon Connect and AWS Verified Permissions\n- **Flexible Deployment Options**:\n  - **Single-Region**: Standard deployment with regional DynamoDB table\n  - **Multi-Region**: Global table support with automatic replication across regions\n  - **Public Deployment**: Standard internet-accessible API Gateway and Lambda functions\n  - **VPC Private Deployment**: Private API Gateway endpoints, VPC-enabled Lambda functions, and VPC endpoints for enhanced security\n\n## GetConfig Lambda Integration\n\nThe GetConfig Lambda function is used within contact flows to access your flow configs. This function is automatically integrated with your Amazon Connect instance during deployment.\n\n### Contact Flow Event Structure\n\nThe Lambda function handles Amazon Connect Contact Flow events with the following structure:\n\n```json\n{\n  \"Details\": {\n    \"Parameters\": {\n      \"id\": \"main-queue\",\n      \"lang\": \"es-US\"\n    },\n    \"ContactData\": {\n      \"Channel\": \"VOICE\",\n      \"Attributes\": {\n        \"lang\": \"en-US\"\n      }\n    }\n  }\n}\n```\n\n### Input Parameters and Priority\n\n1. **Required Parameters**:\n\n   - **`id`**: Flow configuration identifier (always required)\n     - Provided via `Details.Parameters.id`\n\n2. **Optional Language Selection** (in order of precedence):\n\n   - `Details.Parameters.lang` (highest priority)\n   - `Details.ContactData.Attributes.lang`\n   - Defaults to `\"en-US\"`\n\n3. **Channel Detection**:\n   - Automatically read from `Details.ContactData.Channel`\n   - Supports `\"VOICE\"` and `\"CHAT\"`\n   - Defaults to `\"voice\"`\n\n### Alternative Input Format (Testing)\n\nFor direct testing or non-Connect invocation:\n\n```json\n{\n  \"id\": \"main-queue\",\n  \"lang\": \"es-US\",\n  \"channel\": \"voice\"\n}\n```\n\n### Function Behavior\n\n1. **Parameter Resolution**:\n\n   - Extracts `id` from Connect event parameters (required)\n   - Resolves language from parameters → attributes → default\n   - Determines channel from Contact Flow event data\n\n2. **Processing Steps**:\n\n   - Retrieves the flow config from DynamoDB using the provided ID\n   - Includes all variables from the flow config in the result\n   - For each prompt in the flow config:\n     - Selects the appropriate language version\n     - Uses voice content by default\n     - For chat channel:\n       - Uses chat-specific content if available\n       - Strips SSML tags from voice content if no chat content exists\n\n3. **Output**:\n   - Returns a flattened object containing:\n     - All variable key-value pairs from the flow config\n     - All prompt values resolved for the specified language and channel\n\n### Setting Up in Contact Flow\n\n1. **Add \"Invoke AWS Lambda function\" block** to your contact flow\n2. **Select the GetConfig Lambda function** (deployed as `${prefix}-get-config`)\n3. **Configure parameters**:\n\n```json\n{\n  \"id\": \"main-queue\"\n}\n```\n\nOr with explicit language:\n\n```json\n{\n  \"id\": \"main-queue\",\n  \"lang\": \"es-US\"\n}\n```\n\n### Using Returned Data\n\nThe Lambda response is automatically available in subsequent blocks:\n\n- **Set contact attributes**: Use `$.External.variableName`\n- **Play prompt**: Use `$.External.promptName`\n- **Check contact attributes**: Reference returned variables for routing decisions\n\n### Example Contact Flow Integration\n\n```\n[Get customer input] → [Invoke Lambda: GetConfig]\n                           ↓\n                      [Set contact attributes]\n                           ↓\n                      [Play prompt: $.External.welcomeMessage]\n                           ↓\n                      [Route based on: $.External.routingMode]\n```\n\n### Size Considerations\n\n- Amazon Connect has a Lambda response size limit of 32KB\n- The combined size of returned variables and prompts should be less than this limit\n- For large flow configs with many prompts or languages, consider implementing pagination or selective loading\n\n### Logger\n\n[Lambda PowerTools Logger](https://docs.powertools.aws.dev/lambda/typescript/latest/core/logger/) provides a lightweight logger implementation with JSON output.\n\nTips:\n\n- Use the `appendKeys()` method to add `ContactId` to your connect log lambda output.\n\n### Open API Spec\n\nThis template defines an Open API Spec for the API GW Lambdas. This allows use to generate a TypeScript api client to be used by the frontend app. We can also generate a API client in any language from the same spec to allow the client to better integrate with our apps.\n\n- [constructs/aws-openapigateway-lambda](https://docs.aws.amazon.com/solutions/latest/constructs/aws-openapigateway-lambda.html)\n- [OpenAPI Editor](https://marketplace.visualstudio.com/items?itemName=42Crunch.vscode-openapi)\n- [OpenApy TypeScript Generator](https://openapi-ts.pages.dev/introduction)\n\n## Development\n\n### Frontend Development\n\nThe frontend React application integrates with Amazon Connect Agent Workspace using the Connect SDK:\n\n```bash\n# Start local development server\nnpm start\n\n# Build for production\nnpm run build\n```\n\nFor local development, point your Amazon Connect third-party app configuration to `localhost:3000`. The application requires execution within Agent Workspace for Connect SDK functionality.\n\n### Lambda Development\n\nLambda functions are bundled automatically during the build process:\n\n```bash\n# Bundle Lambda functions\nnpm run build:lambdas\n\n# Full build (CDK + Frontend + Lambdas)\nnpm run build\n```\n"
+    "markdown": "# @cxbuilder/flow-config\n\n[![CI/CD Pipeline](https://github.com/cxbuilder/flow-config/actions/workflows/ci-cd.yml/badge.svg)](https://github.com/cxbuilder/flow-config/actions/workflows/ci-cd.yml)\n[![npm version](https://badge.fury.io/js/@cxbuilder%2Fflow-config.svg)](https://badge.fury.io/js/@cxbuilder%2Fflow-config)\n[![PyPI version](https://badge.fury.io/py/cxbuilder-flow-config.svg)](https://badge.fury.io/py/cxbuilder-flow-config)\n[![View on Construct Hub](https://constructs.dev/badge?package=%40cxbuilder%2Fflow-config)](https://constructs.dev/packages/@cxbuilder/flow-config)\n\nAWS CDK constructs for Amazon Connect FlowConfig - a third-party app for configuring variables and prompts in Connect contact flows.\n\n## Links\n\n- [Screenshots](./docs/screenshots/)\n- [Architecture](./docs/Architecture.md)\n- [DataModel](./docs/DataModel.md)\n\n## Installation\n\n```bash\nnpm install @cxbuilder/flow-config\n```\n\n## Usage\n\n### Standard Deployment (Public)\n\n```typescript\nimport { FlowConfigStack } from '@cxbuilder/flow-config';\nimport * as cdk from 'aws-cdk-lib';\n\nconst app = new cdk.App();\nnew FlowConfigStack(app, 'FlowConfigStack', {\n  prefix: 'my-flow-config',\n  env: {\n    region: 'us-east-1',\n    account: 'YOUR_ACCOUNT_ID',\n  },\n  cognito: {\n    domain: 'https://your-auth-domain.com',\n    userPoolId: 'us-east-1_YourPoolId',\n  },\n  connectInstanceArn:\n    'arn:aws:connect:us-east-1:YOUR_ACCOUNT:instance/YOUR_INSTANCE_ID',\n  alertEmails: ['admin@yourcompany.com'],\n});\n```\n\n### VPC Private Deployment\n\nFor enhanced security, you can deploy the application to run entirely within a VPC with private endpoints:\n\n```typescript\nimport { FlowConfigStack, VpcConfig } from '@cxbuilder/flow-config';\nimport * as cdk from 'aws-cdk-lib';\n\nconst app = new cdk.App();\n\n// Configure VPC using string IDs - the stack will resolve these to CDK objects\nconst vpcConfig: VpcConfig = {\n  vpcId: 'vpc-12345678',\n  lambdaSecurityGroupIds: ['sg-lambda123'],\n  privateSubnetIds: ['subnet-12345', 'subnet-67890'],\n  vpcEndpointSecurityGroupIds: ['sg-endpoint123'],\n};\n\nnew FlowConfigStack(app, 'FlowConfigStack', {\n  prefix: 'my-flow-config',\n  env: {\n    region: 'us-east-1',\n    account: 'YOUR_ACCOUNT_ID',\n  },\n  cognito: {\n    domain: 'https://your-auth-domain.com',\n    userPoolId: 'us-east-1_YourPoolId',\n  },\n  connectInstanceArn:\n    'arn:aws:connect:us-east-1:YOUR_ACCOUNT:instance/YOUR_INSTANCE_ID',\n  alertEmails: ['admin@yourcompany.com'],\n  vpc: vpcConfig, // Enable VPC private deployment\n});\n```\n\n### Multi-Region Global Table Deployment\n\nFor global resilience, deploy the application across multiple regions with DynamoDB Global Tables:\n\n#### Primary Region Setup\n\n```typescript\nimport { FlowConfigStack, GlobalTableConfig } from '@cxbuilder/flow-config';\nimport * as cdk from 'aws-cdk-lib';\n\nconst app = new cdk.App();\n\n// Primary region creates the global table with replicas\nconst primaryGlobalTable: GlobalTableConfig = {\n  isPrimaryRegion: true,\n  replicaRegions: ['us-west-2', 'eu-west-1'],\n};\n\nnew FlowConfigStack(app, 'FlowConfigStack-Primary', {\n  prefix: 'my-flow-config',\n  env: {\n    region: 'us-east-1',\n    account: 'YOUR_ACCOUNT_ID',\n  },\n  cognito: {\n    domain: 'https://your-auth-domain.com',\n    userPoolId: 'us-east-1_YourPoolId',\n  },\n  connectInstanceArn:\n    'arn:aws:connect:us-east-1:YOUR_ACCOUNT:instance/YOUR_INSTANCE_ID',\n  alertEmails: ['admin@yourcompany.com'],\n  globalTable: primaryGlobalTable, // Enable global table\n});\n```\n\n#### Secondary Region Setup\n\n```typescript\nnew FlowConfigStack(app, 'FlowConfigStack-Secondary', {\n  prefix: 'my-flow-config',\n  env: {\n    region: 'us-west-2',\n    account: 'YOUR_ACCOUNT_ID',\n  },\n  cognito: {\n    domain: 'https://your-auth-domain.com',\n    userPoolId: 'us-west-2_YourPoolId',\n  },\n  connectInstanceArn:\n    'arn:aws:connect:us-west-2:YOUR_ACCOUNT:instance/YOUR_INSTANCE_ID',\n  alertEmails: ['admin@yourcompany.com'],\n  globalTable: {\n    isPrimaryRegion: false, // Reference global table\n  },\n});\n```\n\n## Features\n\n- **Serverless Architecture**: Built with AWS Lambda, DynamoDB, and API Gateway\n- **Amazon Connect Integration**: GetConfig Lambda function integrated directly with Connect contact flows\n- **Third-Party App**: Web-based interface embedded in Amazon Connect Agent Workspace\n- **Multi-Language Support**: Configure prompts for different languages and channels (voice/chat)\n- **Real-time Preview**: Text-to-speech preview using Amazon Polly\n- **Secure Access**: Integration with Amazon Connect and AWS Verified Permissions\n- **Flexible Deployment Options**:\n  - **Single-Region**: Standard deployment with regional DynamoDB table\n  - **Multi-Region**: Global table support with automatic replication across regions\n  - **Public Deployment**: Standard internet-accessible API Gateway and Lambda functions\n  - **VPC Private Deployment**: Private API Gateway endpoints, VPC-enabled Lambda functions, and VPC endpoints for enhanced security\n\n## GetConfig Lambda Integration\n\nThe GetConfig Lambda function is used within contact flows to access your flow configs. This function is automatically integrated with your Amazon Connect instance during deployment.\n\n### Contact Flow Event Structure\n\nThe Lambda function handles Amazon Connect Contact Flow events with the following structure:\n\n```json\n{\n  \"Details\": {\n    \"Parameters\": {\n      \"id\": \"main-queue\",\n      \"lang\": \"es-US\"\n    },\n    \"ContactData\": {\n      \"Channel\": \"VOICE\",\n      \"LanguageCode\": \"en-US\"\n    }\n  }\n}\n```\n\n### Input Parameters and Priority\n\n1. **Required Parameters**:\n\n   - **`id`**: Flow configuration identifier (always required)\n     - Provided via `Details.Parameters.id`\n\n2. **Optional Language Selection** (in order of precedence):\n\n   - `Details.Parameters.lang` (highest priority)\n   - `Details.ContactData.LanguageCode`\n   - Defaults to `\"en-US\"`\n\n3. **Channel Detection**:\n   - Automatically read from `Details.ContactData.Channel`\n   - Supports `\"VOICE\"` and `\"CHAT\"`\n   - Defaults to `\"voice\"`\n\n### Alternative Input Format (Testing)\n\nFor direct testing or non-Connect invocation:\n\n```json\n{\n  \"id\": \"main-queue\",\n  \"lang\": \"es-US\",\n  \"channel\": \"voice\"\n}\n```\n\n### Function Behavior\n\n1. **Parameter Resolution**:\n\n   - Extracts `id` from Connect event parameters (required)\n   - Resolves language from parameters → attributes → default\n   - Determines channel from Contact Flow event data\n\n2. **Processing Steps**:\n\n   - Retrieves the flow config from DynamoDB using the provided ID\n   - Includes all variables from the flow config in the result\n   - For each prompt in the flow config:\n     - Selects the appropriate language version\n     - Uses voice content by default\n     - For chat channel:\n       - Uses chat-specific content if available\n       - Strips SSML tags from voice content if no chat content exists\n\n3. **Output**:\n   - Returns a flattened object containing:\n     - All variable key-value pairs from the flow config\n     - All prompt values resolved for the specified language and channel\n\n### Setting Up in Contact Flow\n\n1. **Add \"Invoke AWS Lambda function\" block** to your contact flow\n2. **Select the GetConfig Lambda function** (deployed as `${prefix}`)\n3. **Configure parameters**:\n\n```json\n{\n  \"id\": \"main-queue\"\n}\n```\n\nOr with explicit language:\n\n```json\n{\n  \"id\": \"main-queue\",\n  \"lang\": \"es-US\"\n}\n```\n\n### Using Returned Data\n\nThe Lambda response is automatically available in subsequent blocks:\n\n- **Set contact attributes**: Use `$.External.variableName`\n- **Play prompt**: Use `$.External.promptName`\n- **Check contact attributes**: Reference returned variables for routing decisions\n\n### Example Contact Flow Integration\n\n```\n[Get customer input] → [Invoke Lambda: GetConfig]\n                           ↓\n                      [Set contact attributes]\n                           ↓\n                      [Play prompt: $.External.welcomeMessage]\n                           ↓\n                      [Route based on: $.External.routingMode]\n```\n\n### Size Considerations\n\n- Amazon Connect has a Lambda response size limit of 32KB\n- The combined size of returned variables and prompts should be less than this limit\n- For large flow configs with many prompts or languages, consider implementing pagination or selective loading\n\n### Logger\n\n[Lambda PowerTools Logger](https://docs.powertools.aws.dev/lambda/typescript/latest/core/logger/) provides a lightweight logger implementation with JSON output.\n\nTips:\n\n- Use the `appendKeys()` method to add `ContactId` to your connect log lambda output.\n\n### Open API Spec\n\nThis template defines an Open API Spec for the API GW Lambdas. This allows use to generate a TypeScript api client to be used by the frontend app. We can also generate a API client in any language from the same spec to allow the client to better integrate with our apps.\n\n- [constructs/aws-openapigateway-lambda](https://docs.aws.amazon.com/solutions/latest/constructs/aws-openapigateway-lambda.html)\n- [OpenAPI Editor](https://marketplace.visualstudio.com/items?itemName=42Crunch.vscode-openapi)\n- [OpenApy TypeScript Generator](https://openapi-ts.pages.dev/introduction)\n\n## Development\n\n### Frontend Development\n\nThe frontend React application integrates with Amazon Connect Agent Workspace using the Connect SDK:\n\n```bash\n# Start local development server\nnpm start\n\n# Build for production\nnpm run build\n```\n\nFor local development, point your Amazon Connect third-party app configuration to `localhost:3000`. The application requires execution within Agent Workspace for Connect SDK functionality.\n\n### Lambda Development\n\nLambda functions are bundled automatically during the build process:\n\n```bash\n# Bundle Lambda functions\nnpm run build:lambdas\n\n# Full build (CDK + Frontend + Lambdas)\nnpm run build\n```\n"
   },
   "repository": {
     "type": "git",
@@ -4005,6 +4005,56 @@
     }
   },
   "types": {
+    "@cxbuilder/flow-config.ApiVpcConfig": {
+      "assembly": "@cxbuilder/flow-config",
+      "datatype": true,
+      "docs": {
+        "stability": "stable",
+        "summary": "VPC configuration for API Gateway If provided, the API will be deployed in a private VPC."
+      },
+      "fqn": "@cxbuilder/flow-config.ApiVpcConfig",
+      "kind": "interface",
+      "locationInModule": {
+        "filename": "infrastructure/FlowConfigStack.ts",
+        "line": 42
+      },
+      "name": "ApiVpcConfig",
+      "properties": [
+        {
+          "abstract": true,
+          "docs": {
+            "stability": "stable",
+            "summary": "The VPC endpoint ID to use for the API."
+          },
+          "immutable": true,
+          "locationInModule": {
+            "filename": "infrastructure/FlowConfigStack.ts",
+            "line": 50
+          },
+          "name": "vpcEndpointId",
+          "type": {
+            "primitive": "string"
+          }
+        },
+        {
+          "abstract": true,
+          "docs": {
+            "stability": "stable",
+            "summary": "The VPC ID to use for the API."
+          },
+          "immutable": true,
+          "locationInModule": {
+            "filename": "infrastructure/FlowConfigStack.ts",
+            "line": 46
+          },
+          "name": "vpcId",
+          "type": {
+            "primitive": "string"
+          }
+        }
+      ],
+      "symbolId": "infrastructure/FlowConfigStack:ApiVpcConfig"
+    },
     "@cxbuilder/flow-config.CognitoConfig": {
       "assembly": "@cxbuilder/flow-config",
       "datatype": true,
@@ -4016,7 +4066,7 @@
       "kind": "interface",
       "locationInModule": {
         "filename": "infrastructure/FlowConfigStack.ts",
-        "line": 23
+        "line": 24
       },
       "name": "CognitoConfig",
       "properties": [
@@ -4029,7 +4079,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "infrastructure/FlowConfigStack.ts",
-            "line": 29
+            "line": 30
           },
           "name": "domain",
           "type": {
@@ -4044,7 +4094,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "infrastructure/FlowConfigStack.ts",
-            "line": 24
+            "line": 25
           },
           "name": "userPoolId",
           "type": {
@@ -4061,7 +4111,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "infrastructure/FlowConfigStack.ts",
-            "line": 34
+            "line": 35
           },
           "name": "ssoProviderName",
           "optional": true,
@@ -4085,7 +4135,7 @@
         },
         "locationInModule": {
           "filename": "infrastructure/FlowConfigStack.ts",
-          "line": 142
+          "line": 162
         },
         "parameters": [
           {
@@ -4111,7 +4161,7 @@
       "kind": "class",
       "locationInModule": {
         "filename": "infrastructure/FlowConfigStack.ts",
-        "line": 117
+        "line": 138
       },
       "methods": [
         {
@@ -4121,7 +4171,7 @@
           },
           "locationInModule": {
             "filename": "infrastructure/FlowConfigStack.ts",
-            "line": 233
+            "line": 288
           },
           "name": "associate3pApp"
         },
@@ -4131,7 +4181,7 @@
           },
           "locationInModule": {
             "filename": "infrastructure/FlowConfigStack.ts",
-            "line": 205
+            "line": 228
           },
           "name": "createUserPoolClient",
           "returns": {
@@ -4139,6 +4189,17 @@
               "fqn": "aws-cdk-lib.aws_cognito.UserPoolClient"
             }
           }
+        },
+        {
+          "docs": {
+            "stability": "stable",
+            "summary": "Create Cognito User Groups for role-based access control."
+          },
+          "locationInModule": {
+            "filename": "infrastructure/FlowConfigStack.ts",
+            "line": 256
+          },
+          "name": "createUserPoolGroups"
         }
       ],
       "name": "FlowConfigStack",
@@ -4150,7 +4211,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "infrastructure/FlowConfigStack.ts",
-            "line": 137
+            "line": 158
           },
           "name": "appUrl",
           "type": {
@@ -4163,7 +4224,7 @@
           },
           "locationInModule": {
             "filename": "infrastructure/FlowConfigStack.ts",
-            "line": 121
+            "line": 142
           },
           "name": "alertTopic",
           "type": {
@@ -4176,7 +4237,7 @@
           },
           "locationInModule": {
             "filename": "infrastructure/FlowConfigStack.ts",
-            "line": 145
+            "line": 165
           },
           "name": "props",
           "type": {
@@ -4189,7 +4250,7 @@
           },
           "locationInModule": {
             "filename": "infrastructure/FlowConfigStack.ts",
-            "line": 122
+            "line": 143
           },
           "name": "table",
           "type": {
@@ -4202,7 +4263,7 @@
           },
           "locationInModule": {
             "filename": "infrastructure/FlowConfigStack.ts",
-            "line": 118
+            "line": 139
           },
           "name": "userPool",
           "type": {
@@ -4215,7 +4276,7 @@
           },
           "locationInModule": {
             "filename": "infrastructure/FlowConfigStack.ts",
-            "line": 120
+            "line": 141
           },
           "name": "userPoolClient",
           "type": {
@@ -4238,7 +4299,7 @@
       "kind": "interface",
       "locationInModule": {
         "filename": "infrastructure/FlowConfigStack.ts",
-        "line": 88
+        "line": 98
       },
       "name": "FlowConfigStackProps",
       "properties": [
@@ -4251,7 +4312,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "infrastructure/FlowConfigStack.ts",
-            "line": 99
+            "line": 110
           },
           "name": "alertEmails",
           "type": {
@@ -4271,7 +4332,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "infrastructure/FlowConfigStack.ts",
-            "line": 93
+            "line": 104
           },
           "name": "cognito",
           "type": {
@@ -4286,7 +4347,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "infrastructure/FlowConfigStack.ts",
-            "line": 94
+            "line": 105
           },
           "name": "connectInstanceArn",
           "type": {
@@ -4296,19 +4357,56 @@
         {
           "abstract": true,
           "docs": {
+            "example": "`cxbuilder-flow-config`",
+            "remarks": "Will also be the name of the Connect Lambda",
             "stability": "stable",
             "summary": "Used for resource naming."
           },
           "immutable": true,
           "locationInModule": {
             "filename": "infrastructure/FlowConfigStack.ts",
-            "line": 92
+            "line": 103
           },
           "name": "prefix",
           "type": {
             "primitive": "string"
           }
         },
+        {
+          "abstract": true,
+          "docs": {
+            "stability": "stable",
+            "summary": "If provided, the API will be deployed in a VPC."
+          },
+          "immutable": true,
+          "locationInModule": {
+            "filename": "infrastructure/FlowConfigStack.ts",
+            "line": 116
+          },
+          "name": "apiVpcConfig",
+          "optional": true,
+          "type": {
+            "fqn": "@cxbuilder/flow-config.ApiVpcConfig"
+          }
+        },
+        {
+          "abstract": true,
+          "docs": {
+            "default": "true",
+            "stability": "stable",
+            "summary": "Set to false to remove CXBuilder branding from the web app."
+          },
+          "immutable": true,
+          "locationInModule": {
+            "filename": "infrastructure/FlowConfigStack.ts",
+            "line": 135
+          },
+          "name": "branding",
+          "optional": true,
+          "type": {
+            "primitive": "boolean"
+          }
+        },
         {
           "abstract": true,
           "docs": {
@@ -4319,7 +4417,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "infrastructure/FlowConfigStack.ts",
-            "line": 114
+            "line": 129
           },
           "name": "globalTable",
           "optional": true,
@@ -4330,35 +4428,35 @@
         {
           "abstract": true,
           "docs": {
-            "stability": "stable"
+            "remarks": "Note: VPC should contain endpoints to: CloudFormation, Lambda, DynamoDB, SNS, and Polly.",
+            "stability": "stable",
+            "summary": "If provided, the Lambda functions will be deployed in a VPC."
           },
           "immutable": true,
           "locationInModule": {
             "filename": "infrastructure/FlowConfigStack.ts",
-            "line": 100
+            "line": 122
           },
-          "name": "prod",
+          "name": "lambdaVpcConfig",
           "optional": true,
           "type": {
-            "primitive": "boolean"
+            "fqn": "@cxbuilder/flow-config.LambdaVpcConfig"
           }
         },
         {
           "abstract": true,
           "docs": {
-            "remarks": "If provided, the application will be configured for VPC-only access.\nIf undefined, uses the current public configuration.",
-            "stability": "stable",
-            "summary": "VPC configuration for private deployment."
+            "stability": "stable"
           },
           "immutable": true,
           "locationInModule": {
             "filename": "infrastructure/FlowConfigStack.ts",
-            "line": 107
+            "line": 111
           },
-          "name": "vpc",
+          "name": "prod",
           "optional": true,
           "type": {
-            "fqn": "@cxbuilder/flow-config.VpcConfig"
+            "primitive": "boolean"
           }
         }
       ],
@@ -4375,7 +4473,7 @@
       "kind": "interface",
       "locationInModule": {
         "filename": "infrastructure/FlowConfigStack.ts",
-        "line": 65
+        "line": 76
       },
       "name": "GlobalTableConfig",
       "properties": [
@@ -4388,7 +4486,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "infrastructure/FlowConfigStack.ts",
-            "line": 69
+            "line": 80
           },
           "name": "isPrimaryRegion",
           "type": {
@@ -4404,7 +4502,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "infrastructure/FlowConfigStack.ts",
-            "line": 75
+            "line": 86
           },
           "name": "replicaRegions",
           "optional": true,
@@ -4420,20 +4518,20 @@
       ],
       "symbolId": "infrastructure/FlowConfigStack:GlobalTableConfig"
     },
-    "@cxbuilder/flow-config.VpcConfig": {
+    "@cxbuilder/flow-config.LambdaVpcConfig": {
       "assembly": "@cxbuilder/flow-config",
       "datatype": true,
       "docs": {
         "stability": "stable",
-        "summary": "VPC configuration for private deployment using string IDs."
+        "summary": "Lambda VPC configuration."
       },
-      "fqn": "@cxbuilder/flow-config.VpcConfig",
+      "fqn": "@cxbuilder/flow-config.LambdaVpcConfig",
       "kind": "interface",
       "locationInModule": {
         "filename": "infrastructure/FlowConfigStack.ts",
-        "line": 40
+        "line": 56
       },
-      "name": "VpcConfig",
+      "name": "LambdaVpcConfig",
       "properties": [
         {
           "abstract": true,
@@ -4444,9 +4542,9 @@
           "immutable": true,
           "locationInModule": {
             "filename": "infrastructure/FlowConfigStack.ts",
-            "line": 49
+            "line": 65
           },
-          "name": "lambdaSecurityGroupIds",
+          "name": "securityGroupIds",
           "type": {
             "collection": {
               "elementtype": {
@@ -4465,30 +4563,9 @@
           "immutable": true,
           "locationInModule": {
             "filename": "infrastructure/FlowConfigStack.ts",
-            "line": 54
-          },
-          "name": "privateSubnetIds",
-          "type": {
-            "collection": {
-              "elementtype": {
-                "primitive": "string"
-              },
-              "kind": "array"
-            }
-          }
-        },
-        {
-          "abstract": true,
-          "docs": {
-            "stability": "stable",
-            "summary": "Security group IDs for VPC endpoints."
-          },
-          "immutable": true,
-          "locationInModule": {
-            "filename": "infrastructure/FlowConfigStack.ts",
-            "line": 59
+            "line": 70
           },
-          "name": "vpcEndpointSecurityGroupIds",
+          "name": "subnetIds",
           "type": {
             "collection": {
               "elementtype": {
@@ -4507,7 +4584,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "infrastructure/FlowConfigStack.ts",
-            "line": 44
+            "line": 60
           },
           "name": "vpcId",
           "type": {
@@ -4515,9 +4592,9 @@
           }
         }
       ],
-      "symbolId": "infrastructure/FlowConfigStack:VpcConfig"
+      "symbolId": "infrastructure/FlowConfigStack:LambdaVpcConfig"
     }
   },
-  "version": "1.0.2",
-  "fingerprint": "w9Ycg9k4gI4a60byR9Aq9YQSosFtZL/sCppEdcuzvDU="
+  "version": "2.0.0",
+  "fingerprint": "mEFp1ROr+Au/ufIID0Esh7NWFl2JNdCBQ+JSyXCGr3o="
 }

package/CHANGELOG.md

@@ -5,6 +5,44 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.0.0] - 2025-07-16
+
+- Add an admin page where users can select available locale an available voice ids.
+- Add ability to import/export configs
+- Fix Private API GW URL
+- Sort flows/prompts/variables by name
+- Add ability to remove CXBuilder branding from frontend
+
+### v2.0.0 Breaking Changes
+
+- Changed DDB from `Table` to `TableV2` to better support ACGR
+  - Mitigation: **Backup existing Flow Config table and delete it. Deploy the new version of the app. Restore your table backup.**
+- Removed the `-get-config` suffix from the Amazon Connect lambda to reduce function name length. Lambda name now matches the app prefix.
+  - Mitigation: Update your flows accordingly
+- Use `event.Details.ContactData.LanguageCode` instead of `event.Details.ContactData.Attributes.lang`
+  - Mitigation: take advantage fo the LanguageCode feature instead of using a `lang` attribute
+  - The `lang` parameter is still available for backwards compatibility - will be removed in a future version
+- Split VPC configuration parameters into: `apiVpcConfig` and `lambdaVpcConfig`
+  - Mitigation: migrate to the new props
+
+## [1.1.0] - 2025-06-23
+
+### Added
+
+- Role-based access control (RBAC) using Amazon Cognito User Groups
+- Three permission levels: FlowConfigAdmin, FlowConfigEdit, and FlowConfigRead
+- Backend permission validation for all API endpoints
+- Frontend UI adapts based on user permissions
+- Read-only mode for users without edit access
+- Access denied screen for users without any FlowConfig permissions
+
+### Changed
+
+- Replaced placeholder permission system with full Cognito Groups implementation
+- FlowConfigEdit users can add languages to prompts but cannot remove existing ones
+- FlowConfigEdit users can add/remove channels but cannot modify structure
+- Preview functionality remains available to all permission levels
+
 ## [1.0.2] - 2025-06-20
 
 - Converted to `SpecRestApi` because `@aws-solutions-constructs/aws-openapigateway-lambda` is not compatible with `Role.customizeRoles`

package/README.md

@@ -1,5 +1,10 @@
 # @cxbuilder/flow-config
 
+[![CI/CD Pipeline](https://github.com/cxbuilder/flow-config/actions/workflows/ci-cd.yml/badge.svg)](https://github.com/cxbuilder/flow-config/actions/workflows/ci-cd.yml)
+[![npm version](https://badge.fury.io/js/@cxbuilder%2Fflow-config.svg)](https://badge.fury.io/js/@cxbuilder%2Fflow-config)
+[![PyPI version](https://badge.fury.io/py/cxbuilder-flow-config.svg)](https://badge.fury.io/py/cxbuilder-flow-config)
+[![View on Construct Hub](https://constructs.dev/badge?package=%40cxbuilder%2Fflow-config)](https://constructs.dev/packages/@cxbuilder/flow-config)
+
 AWS CDK constructs for Amazon Connect FlowConfig - a third-party app for configuring variables and prompts in Connect contact flows.
 
 ## Links
@@ -162,9 +167,7 @@ The Lambda function handles Amazon Connect Contact Flow events with the followin
     },
     "ContactData": {
       "Channel": "VOICE",
-      "Attributes": {
-        "lang": "en-US"
-      }
+      "LanguageCode": "en-US"
     }
   }
 }
@@ -180,7 +183,7 @@ The Lambda function handles Amazon Connect Contact Flow events with the followin
 2. **Optional Language Selection** (in order of precedence):
 
    - `Details.Parameters.lang` (highest priority)
-   - `Details.ContactData.Attributes.lang`
+   - `Details.ContactData.LanguageCode`
    - Defaults to `"en-US"`
 
 3. **Channel Detection**:
@@ -227,7 +230,7 @@ For direct testing or non-Connect invocation:
 ### Setting Up in Contact Flow
 
 1. **Add "Invoke AWS Lambda function" block** to your contact flow
-2. **Select the GetConfig Lambda function** (deployed as `${prefix}-get-config`)
+2. **Select the GetConfig Lambda function** (deployed as `${prefix}`)
 3. **Configure parameters**:
 
 ```json