@jaypie/constructs 1.2.18 → 1.2.20

package/dist/cjs/index.d.ts

@@ -29,4 +29,7 @@ export { JaypieStack, JaypieStackProps } from "./JaypieStack";
 export { JaypieStaticWebBucket, JaypieStaticWebBucketProps, } from "./JaypieStaticWebBucket";
 export { JaypieTraceSigningKeySecret } from "./JaypieTraceSigningKeySecret";
 export { JaypieWebDeploymentBucket } from "./JaypieWebDeploymentBucket";
+export { JaypieWebSocket, JaypieWebSocketProps } from "./JaypieWebSocket";
+export { JaypieWebSocketLambda } from "./JaypieWebSocketLambda";
+export { JaypieWebSocketTable, JaypieWebSocketTableProps, } from "./JaypieWebSocketTable";
 export * from "./helpers";

package/dist/esm/JaypieDynamoDb.d.ts

@@ -93,7 +93,7 @@ export declare class JaypieDynamoDb extends Construct implements dynamodb.ITable
      * Default Jaypie GSI definitions from @jaypie/fabric.
      * Pass to `indexes` prop to create all standard GSIs.
      */
-    static readonly DEFAULT_INDEXES: any;
+    static readonly DEFAULT_INDEXES: IndexDefinition[];
     private readonly _table;
     constructor(scope: Construct, id: string, props?: JaypieDynamoDbProps);
     /**

package/dist/esm/JaypieWebSocket.d.ts

@@ -0,0 +1,115 @@
+import { Construct } from "constructs";
+import * as acm from "aws-cdk-lib/aws-certificatemanager";
+import * as apigatewayv2 from "aws-cdk-lib/aws-apigatewayv2";
+import * as iam from "aws-cdk-lib/aws-iam";
+import * as lambda from "aws-cdk-lib/aws-lambda";
+import * as logs from "aws-cdk-lib/aws-logs";
+import * as route53 from "aws-cdk-lib/aws-route53";
+import { HostConfig } from "./helpers";
+export interface JaypieWebSocketProps {
+    /**
+     * Certificate configuration.
+     * - true: Create certificate at stack level (default, reusable)
+     * - false: No certificate (use regional endpoint)
+     * - ICertificate: Use provided certificate
+     * - string: Import certificate from ARN
+     */
+    certificate?: boolean | acm.ICertificate | string;
+    /**
+     * Lambda handler for $connect route (connection established).
+     * Use this to validate connections (e.g., auth tokens) and store connection IDs.
+     */
+    connect?: lambda.IFunction;
+    /**
+     * Lambda handler for $default route (catches unmatched messages).
+     * Use this as the main message handler.
+     */
+    default?: lambda.IFunction;
+    /**
+     * Lambda handler for $disconnect route (connection closed).
+     * Use this to clean up connection IDs from storage.
+     */
+    disconnect?: lambda.IFunction;
+    /**
+     * Single Lambda handler for all routes.
+     * Alternative to providing separate connect/disconnect/default handlers.
+     * The handler receives routeKey in the context to determine which route was invoked.
+     */
+    handler?: lambda.IFunction;
+    /**
+     * The domain name for the WebSocket API.
+     *
+     * Supports both string and config object:
+     * - String: used directly as the domain name (e.g., "ws.example.com")
+     * - Object: passed to envHostname() to construct the domain name
+     *   - { subdomain, domain, env, component }
+     *
+     * @example
+     * // Direct string
+     * host: "ws.example.com"
+     *
+     * @example
+     * // Config object - resolves using envHostname()
+     * host: { component: "ws" }
+     */
+    host?: string | HostConfig;
+    /**
+     * Log retention for WebSocket API access logs.
+     * @default logs.RetentionDays.THREE_MONTHS
+     */
+    logRetention?: logs.RetentionDays;
+    /**
+     * Construct name (used for resource naming).
+     */
+    name?: string;
+    /**
+     * Role tag for tagging resources.
+     * @default CDK.ROLE.API
+     */
+    roleTag?: string;
+    /**
+     * Additional named routes beyond $connect, $disconnect, and $default.
+     * Keys are route keys (e.g., "sendMessage", "subscribe").
+     */
+    routes?: Record<string, lambda.IFunction>;
+    /**
+     * Stage name for the WebSocket API.
+     * @default "production"
+     */
+    stageName?: string;
+    /**
+     * Route53 hosted zone for DNS records.
+     * - string: Zone domain name (looked up or imported)
+     * - IHostedZone: Use provided hosted zone
+     */
+    zone?: string | route53.IHostedZone;
+}
+export declare class JaypieWebSocket extends Construct {
+    private readonly _api;
+    private readonly _certificate?;
+    private readonly _domainName?;
+    private readonly _host?;
+    private readonly _stage;
+    constructor(scope: Construct, id: string, props?: JaypieWebSocketProps);
+    get api(): apigatewayv2.WebSocketApi;
+    get apiId(): string;
+    get certificate(): acm.ICertificate | undefined;
+    get domainName(): string | undefined;
+    /**
+     * The WebSocket endpoint URL.
+     * Uses custom domain if configured, otherwise returns the default stage URL.
+     */
+    get endpoint(): string;
+    get host(): string | undefined;
+    get stage(): apigatewayv2.WebSocketStage;
+    /**
+     * The callback URL for API Gateway Management API.
+     * Use this URL to send messages to connected clients.
+     */
+    get callbackUrl(): string;
+    /**
+     * Grant a Lambda function permission to manage WebSocket connections
+     * (post to connections, delete connections).
+     */
+    grantManageConnections(grantee: lambda.IFunction): iam.Grant;
+}

package/dist/esm/JaypieWebSocketLambda.d.ts

@@ -0,0 +1,26 @@
+import { Construct } from "constructs";
+import { JaypieLambda, JaypieLambdaProps } from "./JaypieLambda.js";
+/**
+ * JaypieWebSocketLambda - A Lambda function optimized for WebSocket handlers.
+ *
+ * Provides sensible defaults for WebSocket event handling:
+ * - 30 second timeout (same as API handlers)
+ * - API role tag
+ *
+ * @example
+ * ```typescript
+ * const handler = new JaypieWebSocketLambda(this, "ChatHandler", {
+ *   code: "dist/handlers",
+ *   handler: "chat.handler",
+ *   secrets: ["MONGODB_URI"],
+ * });
+ *
+ * new JaypieWebSocket(this, "Chat", {
+ *   host: "ws.example.com",
+ *   handler,
+ * });
+ * ```
+ */
+export declare class JaypieWebSocketLambda extends JaypieLambda {
+    constructor(scope: Construct, id: string, props: JaypieLambdaProps);
+}

package/dist/esm/JaypieWebSocketTable.d.ts

@@ -0,0 +1,100 @@
+import { Construct } from "constructs";
+import { Duration } from "aws-cdk-lib";
+import * as dynamodb from "aws-cdk-lib/aws-dynamodb";
+import * as iam from "aws-cdk-lib/aws-iam";
+import * as lambda from "aws-cdk-lib/aws-lambda";
+export interface JaypieWebSocketTableProps {
+    /**
+     * Explicit table name. If not provided, uses CDK-generated name.
+     */
+    tableName?: string;
+    /**
+     * Time-to-live duration for connections.
+     * Connections will be automatically deleted after this duration.
+     * @default Duration.hours(24)
+     */
+    ttl?: Duration;
+    /**
+     * Whether to create a GSI for looking up connections by user ID.
+     * @default false
+     */
+    userIndex?: boolean;
+    /**
+     * Role tag for tagging resources.
+     * @default CDK.ROLE.STORAGE
+     */
+    roleTag?: string;
+}
+/**
+ * JaypieWebSocketTable - DynamoDB table for storing WebSocket connection IDs.
+ *
+ * Provides a simple table structure for tracking active WebSocket connections:
+ * - Partition key: connectionId (String)
+ * - TTL attribute: expiresAt (for automatic cleanup)
+ * - Optional GSI: userId-index (for looking up connections by user)
+ *
+ * @example
+ * ```typescript
+ * const connectionTable = new JaypieWebSocketTable(this, "Connections");
+ *
+ * const ws = new JaypieWebSocket(this, "Chat", {
+ *   host: "ws.example.com",
+ *   handler: chatHandler,
+ * });
+ *
+ * // Grant Lambda access to the table
+ * connectionTable.grantReadWriteData(chatHandler);
+ *
+ * // Pass table name to Lambda
+ * chatHandler.addEnvironment("CONNECTION_TABLE", connectionTable.tableName);
+ * ```
+ *
+ * @example
+ * // With user index for looking up all connections for a user
+ * const connectionTable = new JaypieWebSocketTable(this, "Connections", {
+ *   userIndex: true,
+ *   ttl: Duration.hours(12),
+ * });
+ */
+export declare class JaypieWebSocketTable extends Construct {
+    private readonly _table;
+    private readonly _ttlDuration;
+    constructor(scope: Construct, id: string, props?: JaypieWebSocketTableProps);
+    /**
+     * The underlying DynamoDB TableV2 construct.
+     */
+    get table(): dynamodb.TableV2;
+    /**
+     * The name of the DynamoDB table.
+     */
+    get tableName(): string;
+    /**
+     * The ARN of the DynamoDB table.
+     */
+    get tableArn(): string;
+    /**
+     * TTL duration for connections in seconds.
+     * Use this to calculate expiresAt when storing connections.
+     */
+    get ttlSeconds(): number;
+    /**
+     * Grant read permissions to the table.
+     */
+    grantReadData(grantee: iam.IGrantable): iam.Grant;
+    /**
+     * Grant write permissions to the table.
+     */
+    grantWriteData(grantee: iam.IGrantable): iam.Grant;
+    /**
+     * Grant read and write permissions to the table.
+     */
+    grantReadWriteData(grantee: iam.IGrantable): iam.Grant;
+    /**
+     * Add the table name to a Lambda function's environment variables.
+     * Also grants read/write access to the table.
+     */
+    connectLambda(lambdaFunction: lambda.IFunction, options?: {
+        envKey?: string;
+        readOnly?: boolean;
+    }): void;
+}

package/dist/esm/__tests__/JaypieWebSocket.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/esm/index.d.ts

@@ -29,4 +29,7 @@ export { JaypieStack, JaypieStackProps } from "./JaypieStack";
 export { JaypieStaticWebBucket, JaypieStaticWebBucketProps, } from "./JaypieStaticWebBucket";
 export { JaypieTraceSigningKeySecret } from "./JaypieTraceSigningKeySecret";
 export { JaypieWebDeploymentBucket } from "./JaypieWebDeploymentBucket";
+export { JaypieWebSocket, JaypieWebSocketProps } from "./JaypieWebSocket";
+export { JaypieWebSocketLambda } from "./JaypieWebSocketLambda";
+export { JaypieWebSocketTable, JaypieWebSocketTableProps, } from "./JaypieWebSocketTable";
 export * from "./helpers";

package/dist/esm/index.js

@@ -1,5 +1,5 @@
 import * as cdk from 'aws-cdk-lib';
-import { Tags, Stack, Fn, CfnOutput, SecretValue, Duration, RemovalPolicy, CfnStack } from 'aws-cdk-lib';
+import { Tags, Stack, Fn, CfnOutput, SecretValue, Duration, RemovalPolicy, CfnStack, ArnFormat } from 'aws-cdk-lib';
 import * as s3 from 'aws-cdk-lib/aws-s3';
 import { Bucket, StorageClass, BucketAccessControl, EventType } from 'aws-cdk-lib/aws-s3';
 import { Construct } from 'constructs';
@@ -10,6 +10,7 @@ import * as route53Targets from 'aws-cdk-lib/aws-route53-targets';
 import * as secretsmanager from 'aws-cdk-lib/aws-secretsmanager';
 import { DatadogLambda } from 'datadog-cdk-constructs-v2';
 import { ConfigurationError } from '@jaypie/errors';
+import * as iam from 'aws-cdk-lib/aws-iam';
 import { Role, PolicyStatement, Policy, FederatedPrincipal, Effect, ServicePrincipal, ManagedPolicy } from 'aws-cdk-lib/aws-iam';
 import * as acm from 'aws-cdk-lib/aws-certificatemanager';
 import * as lambda from 'aws-cdk-lib/aws-lambda';
@@ -31,6 +32,8 @@ import * as path from 'path';
 import { Trail, ReadWriteType } from 'aws-cdk-lib/aws-cloudtrail';
 import { CfnPermissionSet, CfnAssignment } from 'aws-cdk-lib/aws-sso';
 import { CfnApplication } from 'aws-cdk-lib/aws-sam';
+import * as apigatewayv2 from 'aws-cdk-lib/aws-apigatewayv2';
+import * as apigatewayv2Integrations from 'aws-cdk-lib/aws-apigatewayv2-integrations';
 
 const CDK$2 = {
     ACCOUNT: {
@@ -4118,5 +4121,376 @@ class JaypieTraceSigningKeySecret extends JaypieEnvSecret {
     }
 }
 
-export { CDK$2 as CDK, JaypieAccountLoggingBucket, JaypieApiGateway, JaypieAppStack, JaypieBucketQueuedLambda, JaypieCertificate, JaypieDatadogBucket, JaypieDatadogForwarder, JaypieDatadogSecret, JaypieDistribution, JaypieDnsRecord, JaypieDynamoDb, JaypieEnvSecret, JaypieEventsRule, JaypieExpressLambda, JaypieGitHubDeployRole, JaypieHostedZone, JaypieInfrastructureStack, JaypieLambda, JaypieMongoDbSecret, JaypieNextJs, JaypieOpenAiSecret, JaypieOrganizationTrail, JaypieQueuedLambda, JaypieSsoPermissions, JaypieSsoSyncApplication, JaypieStack, JaypieStaticWebBucket, JaypieTraceSigningKeySecret, JaypieWebDeploymentBucket, addDatadogLayers, clearAllCertificateCaches, clearAllSecretsCaches, clearCertificateCache, clearSecretsCache, constructEnvName, constructStackName, constructTagger, envHostname, extendDatadogRole, isEnv, isProductionEnv, isSandboxEnv, isValidHostname$1 as isValidHostname, isValidSubdomain, jaypieLambdaEnv, mergeDomain, resolveCertificate, resolveDatadogForwarderFunction, resolveDatadogLayers, resolveDatadogLoggingDestination, resolveEnvironment, resolveHostedZone, resolveParamsAndSecrets, resolveSecrets };
+//
+//
+// Main
+//
+class JaypieWebSocket extends Construct {
+    constructor(scope, id, props = {}) {
+        super(scope, id);
+        const { certificate = true, connect, default: defaultHandler, disconnect, handler, host: propsHost, logRetention = logs.RetentionDays.THREE_MONTHS, name, roleTag = CDK$2.ROLE.API, routes = {}, stageName = "production", zone: propsZone, } = props;
+        // Validate: either handler OR individual handlers, not both
+        const hasIndividualHandlers = connect || disconnect || defaultHandler;
+        if (handler && hasIndividualHandlers) {
+            throw new Error("Cannot specify both 'handler' and individual route handlers (connect/disconnect/default)");
+        }
+        // Determine zone from props or environment
+        let zone = propsZone;
+        if (!zone && process.env.CDK_ENV_HOSTED_ZONE) {
+            zone = process.env.CDK_ENV_HOSTED_ZONE;
+        }
+        // Determine host from props or environment
+        let host;
+        if (typeof propsHost === "string") {
+            host = propsHost;
+        }
+        else if (typeof propsHost === "object") {
+            // Resolve host from HostConfig using envHostname()
+            host = envHostname(propsHost);
+        }
+        else if (process.env.CDK_ENV_WS_HOST_NAME) {
+            host = process.env.CDK_ENV_WS_HOST_NAME;
+        }
+        else if (process.env.CDK_ENV_WS_SUBDOMAIN &&
+            process.env.CDK_ENV_HOSTED_ZONE) {
+            host = mergeDomain(process.env.CDK_ENV_WS_SUBDOMAIN, process.env.CDK_ENV_HOSTED_ZONE);
+        }
+        const apiName = name || constructEnvName("WebSocket");
+        // Create WebSocket API
+        this._api = new apigatewayv2.WebSocketApi(this, "Api", {
+            apiName,
+        });
+        Tags.of(this._api).add(CDK$2.TAG.ROLE, roleTag);
+        // Add routes with Lambda integrations
+        const connectHandler = handler || connect;
+        const disconnectHandler = handler || disconnect;
+        const defaultRouteHandler = handler || defaultHandler;
+        if (connectHandler) {
+            this._api.addRoute("$connect", {
+                integration: new apigatewayv2Integrations.WebSocketLambdaIntegration("ConnectIntegration", connectHandler),
+            });
+        }
+        if (disconnectHandler) {
+            this._api.addRoute("$disconnect", {
+                integration: new apigatewayv2Integrations.WebSocketLambdaIntegration("DisconnectIntegration", disconnectHandler),
+            });
+        }
+        if (defaultRouteHandler) {
+            this._api.addRoute("$default", {
+                integration: new apigatewayv2Integrations.WebSocketLambdaIntegration("DefaultIntegration", defaultRouteHandler),
+            });
+        }
+        // Add custom routes
+        for (const [routeKey, routeHandler] of Object.entries(routes)) {
+            this._api.addRoute(routeKey, {
+                integration: new apigatewayv2Integrations.WebSocketLambdaIntegration(`${routeKey}Integration`, routeHandler),
+            });
+        }
+        // Create log group for access logs
+        // Note: logGroup is created for future use when API Gateway v2 WebSocket
+        // access logging is fully supported in CDK
+        new logs.LogGroup(this, "AccessLogs", {
+            removalPolicy: RemovalPolicy.DESTROY,
+            retention: logRetention,
+        });
+        // Create stage
+        this._stage = new apigatewayv2.WebSocketStage(this, "Stage", {
+            autoDeploy: true,
+            stageName,
+            webSocketApi: this._api,
+        });
+        Tags.of(this._stage).add(CDK$2.TAG.ROLE, roleTag);
+        // Set up custom domain if host and zone are provided
+        let hostedZone;
+        let certificateToUse;
+        if (host && zone) {
+            hostedZone = resolveHostedZone(this, { zone });
+            // Use resolveCertificate to create certificate at stack level (enables reuse)
+            certificateToUse = resolveCertificate(this, {
+                certificate,
+                domainName: host,
+                roleTag: CDK$2.ROLE.HOSTING,
+                zone: hostedZone,
+            });
+            this._certificate = certificateToUse;
+            this._host = host;
+            if (certificateToUse) {
+                // Create custom domain
+                this._domainName = new apigatewayv2.DomainName(this, "DomainName", {
+                    certificate: certificateToUse,
+                    domainName: host,
+                });
+                Tags.of(this._domainName).add(CDK$2.TAG.ROLE, roleTag);
+                // Map domain to stage
+                new apigatewayv2.ApiMapping(this, "ApiMapping", {
+                    api: this._api,
+                    domainName: this._domainName,
+                    stage: this._stage,
+                });
+                // Create DNS record
+                new route53.ARecord(this, "AliasRecord", {
+                    recordName: host,
+                    target: route53.RecordTarget.fromAlias(new route53Targets.ApiGatewayv2DomainProperties(this._domainName.regionalDomainName, this._domainName.regionalHostedZoneId)),
+                    zone: hostedZone,
+                });
+                // Also create AAAA record for IPv6
+                new route53.AaaaRecord(this, "AaaaAliasRecord", {
+                    recordName: host,
+                    target: route53.RecordTarget.fromAlias(new route53Targets.ApiGatewayv2DomainProperties(this._domainName.regionalDomainName, this._domainName.regionalHostedZoneId)),
+                    zone: hostedZone,
+                });
+            }
+        }
+        // Grant all handlers permission to manage connections
+        const allHandlers = new Set();
+        if (connectHandler)
+            allHandlers.add(connectHandler);
+        if (disconnectHandler)
+            allHandlers.add(disconnectHandler);
+        if (defaultRouteHandler)
+            allHandlers.add(defaultRouteHandler);
+        Object.values(routes).forEach((h) => allHandlers.add(h));
+        for (const lambdaHandler of allHandlers) {
+            this.grantManageConnections(lambdaHandler);
+        }
+    }
+    //
+    //
+    // Public accessors
+    //
+    get api() {
+        return this._api;
+    }
+    get apiId() {
+        return this._api.apiId;
+    }
+    get certificate() {
+        return this._certificate;
+    }
+    get domainName() {
+        return this._domainName?.name;
+    }
+    /**
+     * The WebSocket endpoint URL.
+     * Uses custom domain if configured, otherwise returns the default stage URL.
+     */
+    get endpoint() {
+        if (this._host) {
+            return `wss://${this._host}`;
+        }
+        return this._stage.url;
+    }
+    get host() {
+        return this._host;
+    }
+    get stage() {
+        return this._stage;
+    }
+    /**
+     * The callback URL for API Gateway Management API.
+     * Use this URL to send messages to connected clients.
+     */
+    get callbackUrl() {
+        if (this._host) {
+            return `https://${this._host}`;
+        }
+        // Extract callback URL from stage URL
+        // Stage URL: wss://abc123.execute-api.us-east-1.amazonaws.com/production
+        // Callback URL: https://abc123.execute-api.us-east-1.amazonaws.com/production
+        return this._stage.url.replace("wss://", "https://");
+    }
+    //
+    //
+    // Public methods
+    //
+    /**
+     * Grant a Lambda function permission to manage WebSocket connections
+     * (post to connections, delete connections).
+     */
+    grantManageConnections(grantee) {
+        return iam.Grant.addToPrincipal({
+            actions: ["execute-api:ManageConnections"],
+            grantee: grantee.grantPrincipal,
+            resourceArns: [
+                Stack.of(this).formatArn({
+                    arnFormat: ArnFormat.SLASH_RESOURCE_SLASH_RESOURCE_NAME,
+                    resource: this._api.apiId,
+                    resourceName: `${this._stage.stageName}/POST/@connections/*`,
+                    service: "execute-api",
+                }),
+            ],
+        });
+    }
+}
+
+/**
+ * JaypieWebSocketLambda - A Lambda function optimized for WebSocket handlers.
+ *
+ * Provides sensible defaults for WebSocket event handling:
+ * - 30 second timeout (same as API handlers)
+ * - API role tag
+ *
+ * @example
+ * ```typescript
+ * const handler = new JaypieWebSocketLambda(this, "ChatHandler", {
+ *   code: "dist/handlers",
+ *   handler: "chat.handler",
+ *   secrets: ["MONGODB_URI"],
+ * });
+ *
+ * new JaypieWebSocket(this, "Chat", {
+ *   host: "ws.example.com",
+ *   handler,
+ * });
+ * ```
+ */
+class JaypieWebSocketLambda extends JaypieLambda {
+    constructor(scope, id, props) {
+        super(scope, id, {
+            roleTag: CDK$2.ROLE.API,
+            timeout: Duration.seconds(CDK$2.DURATION.EXPRESS_API),
+            ...props,
+        });
+    }
+}
+
+//
+//
+// Main
+//
+/**
+ * JaypieWebSocketTable - DynamoDB table for storing WebSocket connection IDs.
+ *
+ * Provides a simple table structure for tracking active WebSocket connections:
+ * - Partition key: connectionId (String)
+ * - TTL attribute: expiresAt (for automatic cleanup)
+ * - Optional GSI: userId-index (for looking up connections by user)
+ *
+ * @example
+ * ```typescript
+ * const connectionTable = new JaypieWebSocketTable(this, "Connections");
+ *
+ * const ws = new JaypieWebSocket(this, "Chat", {
+ *   host: "ws.example.com",
+ *   handler: chatHandler,
+ * });
+ *
+ * // Grant Lambda access to the table
+ * connectionTable.grantReadWriteData(chatHandler);
+ *
+ * // Pass table name to Lambda
+ * chatHandler.addEnvironment("CONNECTION_TABLE", connectionTable.tableName);
+ * ```
+ *
+ * @example
+ * // With user index for looking up all connections for a user
+ * const connectionTable = new JaypieWebSocketTable(this, "Connections", {
+ *   userIndex: true,
+ *   ttl: Duration.hours(12),
+ * });
+ */
+class JaypieWebSocketTable extends Construct {
+    constructor(scope, id, props = {}) {
+        super(scope, id);
+        const { roleTag = CDK$2.ROLE.STORAGE, tableName, ttl = Duration.hours(24), userIndex = false, } = props;
+        this._ttlDuration = ttl;
+        // Build global secondary indexes
+        const globalSecondaryIndexes = [];
+        if (userIndex) {
+            globalSecondaryIndexes.push({
+                indexName: "userId-index",
+                partitionKey: { name: "userId", type: dynamodb.AttributeType.STRING },
+                sortKey: { name: "connectedAt", type: dynamodb.AttributeType.STRING },
+            });
+        }
+        // Create the table
+        this._table = new dynamodb.TableV2(this, "Table", {
+            billing: dynamodb.Billing.onDemand(),
+            globalSecondaryIndexes: globalSecondaryIndexes.length > 0 ? globalSecondaryIndexes : undefined,
+            partitionKey: {
+                name: "connectionId",
+                type: dynamodb.AttributeType.STRING,
+            },
+            removalPolicy: RemovalPolicy.DESTROY,
+            tableName: tableName || constructEnvName("WebSocketConnections"),
+            timeToLiveAttribute: "expiresAt",
+        });
+        Tags.of(this._table).add(CDK$2.TAG.ROLE, roleTag);
+    }
+    //
+    //
+    // Public accessors
+    //
+    /**
+     * The underlying DynamoDB TableV2 construct.
+     */
+    get table() {
+        return this._table;
+    }
+    /**
+     * The name of the DynamoDB table.
+     */
+    get tableName() {
+        return this._table.tableName;
+    }
+    /**
+     * The ARN of the DynamoDB table.
+     */
+    get tableArn() {
+        return this._table.tableArn;
+    }
+    /**
+     * TTL duration for connections in seconds.
+     * Use this to calculate expiresAt when storing connections.
+     */
+    get ttlSeconds() {
+        return this._ttlDuration.toSeconds();
+    }
+    //
+    //
+    // Grant methods
+    //
+    /**
+     * Grant read permissions to the table.
+     */
+    grantReadData(grantee) {
+        return this._table.grantReadData(grantee);
+    }
+    /**
+     * Grant write permissions to the table.
+     */
+    grantWriteData(grantee) {
+        return this._table.grantWriteData(grantee);
+    }
+    /**
+     * Grant read and write permissions to the table.
+     */
+    grantReadWriteData(grantee) {
+        return this._table.grantReadWriteData(grantee);
+    }
+    //
+    //
+    // Convenience methods
+    //
+    /**
+     * Add the table name to a Lambda function's environment variables.
+     * Also grants read/write access to the table.
+     */
+    connectLambda(lambdaFunction, options = {}) {
+        const { envKey = "CONNECTION_TABLE", readOnly = false } = options;
+        // Add environment variable
+        if ("addEnvironment" in lambdaFunction) {
+            lambdaFunction.addEnvironment(envKey, this.tableName);
+        }
+        // Grant permissions
+        if (readOnly) {
+            this.grantReadData(lambdaFunction.grantPrincipal);
+        }
+        else {
+            this.grantReadWriteData(lambdaFunction.grantPrincipal);
+        }
+    }
+}
+
+export { CDK$2 as CDK, JaypieAccountLoggingBucket, JaypieApiGateway, JaypieAppStack, JaypieBucketQueuedLambda, JaypieCertificate, JaypieDatadogBucket, JaypieDatadogForwarder, JaypieDatadogSecret, JaypieDistribution, JaypieDnsRecord, JaypieDynamoDb, JaypieEnvSecret, JaypieEventsRule, JaypieExpressLambda, JaypieGitHubDeployRole, JaypieHostedZone, JaypieInfrastructureStack, JaypieLambda, JaypieMongoDbSecret, JaypieNextJs, JaypieOpenAiSecret, JaypieOrganizationTrail, JaypieQueuedLambda, JaypieSsoPermissions, JaypieSsoSyncApplication, JaypieStack, JaypieStaticWebBucket, JaypieTraceSigningKeySecret, JaypieWebDeploymentBucket, JaypieWebSocket, JaypieWebSocketLambda, JaypieWebSocketTable, addDatadogLayers, clearAllCertificateCaches, clearAllSecretsCaches, clearCertificateCache, clearSecretsCache, constructEnvName, constructStackName, constructTagger, envHostname, extendDatadogRole, isEnv, isProductionEnv, isSandboxEnv, isValidHostname$1 as isValidHostname, isValidSubdomain, jaypieLambdaEnv, mergeDomain, resolveCertificate, resolveDatadogForwarderFunction, resolveDatadogLayers, resolveDatadogLoggingDestination, resolveEnvironment, resolveHostedZone, resolveParamsAndSecrets, resolveSecrets };
 //# sourceMappingURL=index.js.map