@jaypie/mcp 0.7.39 → 0.7.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/suites/docs/index.js +1 -1
  2. package/package.json +4 -4
  3. package/release-notes/constructs/1.2.33.md +20 -0
  4. package/release-notes/mcp/0.7.41.md +10 -0
  5. package/skills/cdk.md +68 -0
package/dist/suites/docs/index.js CHANGED
@@ -9,7 +9,7 @@ import { gt } from 'semver';
9
9
  /**
10
10
  * Docs Suite - Documentation services (skill, version, release_notes)
11
11
  */
12
- const BUILD_VERSION_STRING = "@jaypie/mcp@0.7.39#e7380f8a"
12
+ const BUILD_VERSION_STRING = "@jaypie/mcp@0.7.41#3ca9400d"
13
13
  ;
14
14
  const __filename$1 = fileURLToPath(import.meta.url);
15
15
  const __dirname$1 = path.dirname(__filename$1);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@jaypie/mcp",
3
- "version": "0.7.39",
3
+ "version": "0.7.41",
4
4
  "description": "Jaypie MCP",
5
5
  "repository": {
6
6
  "type": "git",
@@ -39,9 +39,9 @@
39
39
  "typecheck": "tsc --noEmit"
40
40
  },
41
41
  "dependencies": {
42
- "@jaypie/fabric": "*",
43
- "@jaypie/llm": "*",
44
- "@jaypie/tildeskill": "*",
42
+ "@jaypie/fabric": "^0.2.2",
43
+ "@jaypie/llm": "^1.2.18",
44
+ "@jaypie/tildeskill": "^0.2.0",
45
45
  "@modelcontextprotocol/sdk": "^1.17.0",
46
46
  "commander": "^14.0.0",
47
47
  "gray-matter": "^4.0.3",
package/release-notes/constructs/1.2.33.md ADDED
@@ -0,0 +1,20 @@
1
+ ---
2
+ version: 1.2.33
3
+ date: 2026-03-17
4
+ summary: Add WAF WebACL, WAF logging, file validation, Lambda data events, and IAM Access Analyzer to JaypieDistribution and JaypieOrganizationTrail
5
+ ---
6
+
7
+ ## Changes
8
+
9
+ ### JaypieDistribution — WAF WebACL (#230)
10
+ - Creates and attaches a WAFv2 WebACL by default with AWSManagedRulesCommonRuleSet, AWSManagedRulesKnownBadInputsRuleSet, and IP rate limiting (2000 req/5min)
11
+ - `waf: false` to opt out, `waf: { rateLimitPerIp: 500 }` to customize, `waf: { webAclArn: "..." }` for existing WebACL
12
+ - Creates an inline `aws-waf-logs-*` S3 bucket with Datadog forwarder notifications and CfnLoggingConfiguration
13
+ - `waf: { logBucket: false }` to disable WAF logging, `waf: { logBucket: myBucket }` to bring your own
14
+ - Exports `JaypieWafConfig` interface
15
+
16
+ ### JaypieOrganizationTrail — Security defaults (#229, #231)
17
+ - `enableFileValidation` now defaults to `true` (was `false`)
18
+ - Added `enableLambdaDataEvents` prop (default `true`) — records Lambda invocations in CloudTrail
19
+ - Added `enableS3DataEvents` prop (default `false`) — opt-in due to cost
20
+ - Added `enableAccessAnalyzer` prop (default `true`) — creates organization-level IAM Access Analyzer
package/release-notes/mcp/0.7.41.md ADDED
@@ -0,0 +1,10 @@
1
+ ---
2
+ version: 0.7.41
3
+ date: 2026-03-18
4
+ summary: Pin @jaypie/* dependency versions to prevent stale resolution with npx
5
+ ---
6
+
7
+ ## Changes
8
+
9
+ - Pin `@jaypie/fabric`, `@jaypie/llm`, and `@jaypie/tildeskill` dependencies from `*` to `^current` version ranges
10
+ - Fixes MCP server startup crash when `npx -y @jaypie/mcp` resolves an older cached `@jaypie/llm` missing newer provider constants
package/skills/cdk.md CHANGED
@@ -278,6 +278,74 @@ new JaypieDistribution(this, "Dist", {
278
278
  });
279
279
  ```
280
280
 
281
+ ## WAF (Web Application Firewall)
282
+
283
+ `JaypieDistribution` attaches a WAFv2 WebACL by default with:
284
+
285
+ - **AWSManagedRulesCommonRuleSet** — OWASP top 10 (SQLi, XSS, etc.)
286
+ - **AWSManagedRulesKnownBadInputsRuleSet** — known bad patterns (Log4j, etc.)
287
+ - **Rate limiting** — 2000 requests per 5 minutes per IP
288
+ - **WAF logging** — S3 bucket with Datadog forwarder notifications
289
+
290
+ ```typescript
291
+ // Default: WAF enabled with logging
292
+ new JaypieDistribution(this, "Dist", { handler });
293
+
294
+ // Disable WAF entirely
295
+ new JaypieDistribution(this, "Dist", { handler, waf: false });
296
+
297
+ // Customize rate limit
298
+ new JaypieDistribution(this, "Dist", {
299
+ handler,
300
+ waf: { rateLimitPerIp: 500 },
301
+ });
302
+
303
+ // Use existing WebACL
304
+ new JaypieDistribution(this, "Dist", {
305
+ handler,
306
+ waf: { webAclArn: "arn:aws:wafv2:..." },
307
+ });
308
+
309
+ // Disable WAF logging only
310
+ new JaypieDistribution(this, "Dist", {
311
+ handler,
312
+ waf: { logBucket: false },
313
+ });
314
+
315
+ // Bring your own WAF logging bucket
316
+ new JaypieDistribution(this, "Dist", {
317
+ handler,
318
+ waf: { logBucket: myWafBucket },
319
+ });
320
+ ```
321
+
322
+ Cost: $5/month per WebACL + $1/month per rule + $0.60 per million requests. Use `waf: false` to opt out.
323
+
324
+ ## Organization Trail Security Baseline
325
+
326
+ `JaypieOrganizationTrail` provides organization-wide security monitoring:
327
+
328
+ - **CloudTrail** with file validation enabled by default
329
+ - **Lambda data events** recorded by default
330
+ - **IAM Access Analyzer** (ORGANIZATION type) enabled by default
331
+ - **S3 data events** opt-in (cost consideration)
332
+
333
+ ```typescript
334
+ const orgTrail = new JaypieOrganizationTrail(this, "OrgTrail");
335
+ // File validation, Lambda data events, and Access Analyzer all on by default
336
+
337
+ // Opt out of specific features
338
+ new JaypieOrganizationTrail(this, "OrgTrail", {
339
+ enableAccessAnalyzer: false,
340
+ enableLambdaDataEvents: false,
341
+ });
342
+
343
+ // Opt in to S3 data events
344
+ new JaypieOrganizationTrail(this, "OrgTrail", {
345
+ enableS3DataEvents: true,
346
+ });
347
+ ```
348
+
281
349
  ## See Also
282
350
 
283
351
  - **`skill("apikey")`** - API key generation, validation, and hashing