npm - @jaypie/mcp - Versions diffs - 0.7.6 → 0.7.7 - Mend

@jaypie/mcp 0.7.6 → 0.7.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/suites/docs/index.js +1 -1
package/package.json +1 -1
package/release-notes/constructs/1.2.28.md +12 -0
package/release-notes/express/1.2.8.md +34 -0
package/skills/agents.md +5 -1
package/skills/secrets.md +108 -110
package/skills/skills.md +1 -1

package/dist/suites/docs/index.js CHANGED Viewed

@@ -9,7 +9,7 @@ import { gt } from 'semver';
 /**
  * Docs Suite - Documentation services (skill, version, release_notes)
  */
-const BUILD_VERSION_STRING = "@jaypie/mcp@0.7.6#2f4ca154"
+const BUILD_VERSION_STRING = "@jaypie/mcp@0.7.7#7d7a0427"
     ;
 const __filename$1 = fileURLToPath(import.meta.url);
 const __dirname$1 = path.dirname(__filename$1);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@jaypie/mcp",
-  "version": "0.7.6",
+  "version": "0.7.7",
   "description": "Jaypie MCP",
   "repository": {
     "type": "git",

package/release-notes/constructs/1.2.28.md ADDED Viewed

@@ -0,0 +1,12 @@
+---
+version: 1.2.28
+date: 2025-02-01
+summary: Expand JaypieGitHubDeployRole permissions for CDK context lookups
+---
+## Changes
+- Use `ec2:Describe*` wildcard for all EC2 describe operations (VPCs, subnets, VPN gateways, etc.)
+- Use `cloudformation:Describe*` wildcard for CloudFormation lookups
+- Add `cdk-hnb659fds-lookup-role-*` to assumable roles for CDK context provider
+- Include SSM parameter read permissions (`ssm:GetParameter`, `ssm:GetParameters`)

package/release-notes/express/1.2.8.md ADDED Viewed

@@ -0,0 +1,34 @@
+---
+version: 1.2.8
+date: 2025-02-01
+summary: Fix CORS OPTIONS by calling flushHeaders() before res.end()
+---
+## Bug Fix
+Fixed CORS OPTIONS preflight requests still hanging with Lambda streaming by calling `flushHeaders()` before `res.end()`.
+### Problem
+The fix in v1.2.7 called `res.end()` for OPTIONS requests but didn't explicitly flush headers first. In Lambda streaming mode:
+1. `LambdaResponseStreaming._final()` closes the stream via `_wrappedStream.end()`
+2. `_wrappedStream` is only created when `flushHeaders()` is called
+3. Without explicit `flushHeaders()`, `_wrappedStream` could be null
+4. The Lambda stream never closes, causing the response to hang
+### Solution
+Added explicit `res.flushHeaders()` call before `res.end()` in the CORS OPTIONS handler to ensure the Lambda stream wrapper is initialized before ending the response.
+```typescript
+res.statusCode = 204;
+res.setHeader("Content-Length", "0");
+res.flushHeaders();  // Initialize _wrappedStream before ending
+res.end();
+```
+### Related
+- GitHub Issue: [#178](https://github.com/finlaysonstudio/jaypie/issues/178)
+- Follow-up to: [#174](https://github.com/finlaysonstudio/jaypie/issues/174)

package/skills/agents.md CHANGED Viewed

@@ -24,12 +24,16 @@ Complete stack styles, techniques, and traditions.
 - Check ~tools (`mcp__jaypie__skill("tools")`) for all tools or ~tools-aws, ~tools-datadog, and ~tools-dynamodb individually
 - File bugs, documentation, features, and other issues with `mcp__jaypie__skill("issues")`
+### Code
+- `log.trace` happy path, `log.debug` things that should stand out. Avoid info. Use warn when recoverable. Use error when unrecoverable or "really bad"
 ### Skills
 `mcp__jaypie__skill(alias: String)`
 Contents: index, releasenotes
-Development: documentation, errors, logs, mocks, monorepo, style, subpackages, tests
+Development: documentation, errors, llm, logs, mocks, monorepo, style, subpackages, tests
 Infrastructure: aws, cdk, cicd, datadog, dns, dynamodb, express, lambda, secrets, streaming, variables, websockets
 Patterns: fabric, handlers, models, services, vocabulary
 Meta: issues, jaypie, skills, tools

package/skills/secrets.md CHANGED Viewed

@@ -5,190 +5,188 @@ related: aws, cdk, variables
 # Secret Management
-Jaypie uses AWS Secrets Manager for secure credential storage, with environment-aware resolution that works seamlessly in both local development and Lambda.
+Jaypie uses AWS Secrets Manager for secure credential storage. The `JaypieEnvSecret` construct creates secrets at deploy time from environment variables, and `getEnvSecret` retrieves them at runtime.
-## Basic Usage
+## The Pattern
-Use `getEnvSecret` for environment-aware secret resolution:
+1. **Deploy time**: Set environment variables in CI/CD (e.g., `MONGODB_URI=mongodb+srv://...`)
+2. **CDK**: `JaypieEnvSecret` reads the env var and creates/updates an AWS secret
+3. **Runtime**: `getEnvSecret("MONGODB_URI")` fetches from Secrets Manager
+This keeps secrets out of code and config files while enabling environment-specific values.
+## CDK: Creating Secrets with JaypieEnvSecret
+The simplest pattern uses the environment variable name as the construct ID:
 ```typescript
-import { getEnvSecret } from "jaypie";
+import { JaypieEnvSecret, JaypieLambda } from "@jaypie/constructs";
-const apiKey = await getEnvSecret("ANTHROPIC_API_KEY");
-const dbUri = await getEnvSecret("MONGODB_URI");
+// Creates secret from process.env.MONGODB_URI at deploy time
+const mongoSecret = new JaypieEnvSecret(this, "MONGODB_URI");
+const anthropicSecret = new JaypieEnvSecret(this, "ANTHROPIC_API_KEY");
+// Lambda with secrets array (auto-creates JaypieEnvSecret instances)
+new JaypieLambda(this, "Handler", {
+  code: "dist/lambda",
+  handler: "index.handler",
+  secrets: ["MONGODB_URI", "ANTHROPIC_API_KEY"],
+});
 ```
-### How getEnvSecret Works
+When the construct ID matches an environment variable name, `JaypieEnvSecret` automatically:
+- Uses that env var's value as the secret content
+- Sets `envKey` to the ID for later reference
-`getEnvSecret` checks environment variables in order:
+### CI/CD Setup
-1. `SECRET_{name}` - If found, fetches from AWS Secrets Manager
-2. `{name}_SECRET` - If found, fetches from AWS Secrets Manager
-3. `{name}` - Returns direct value without AWS call
+Set secrets as environment variables in your deployment pipeline:
-This allows the same code to work locally (with direct env values) and in Lambda (with secret references).
+```yaml
+# GitHub Actions example
+jobs:
+  deploy:
+    env:
+      MONGODB_URI: ${{ secrets.MONGODB_URI }}
+      ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
+    steps:
+      - run: npx cdk deploy
+```
-## Loading Multiple Secrets
+## Runtime: Retrieving Secrets
-Use `loadEnvSecrets` during handler initialization:
+Use `getEnvSecret` to fetch secrets in Lambda:
 ```typescript
-import { loadEnvSecrets } from "jaypie";
-// Load secrets and set in process.env
-await loadEnvSecrets("ANTHROPIC_API_KEY", "OPENAI_API_KEY", "MONGODB_URI");
+import { getEnvSecret } from "jaypie";
-// Now available as process.env.ANTHROPIC_API_KEY, etc.
+const mongoUri = await getEnvSecret("MONGODB_URI");
+const apiKey = await getEnvSecret("ANTHROPIC_API_KEY");
 ```
-## CDK Configuration
+### Loading Multiple Secrets
-Reference secrets via environment variables in CDK:
+Use `loadEnvSecrets` during handler initialization to populate `process.env`:
 ```typescript
-const handler = new JaypieLambda(this, "Handler", {
-  environment: {
-    // SECRET_ prefix triggers AWS Secrets Manager fetch
-    SECRET_MONGODB_URI: "my-project/mongodb-uri",
-    SECRET_API_KEY: "my-project/third-party-api-key",
-  },
-});
-```
+import { loadEnvSecrets } from "jaypie";
-In code:
+await loadEnvSecrets("ANTHROPIC_API_KEY", "OPENAI_API_KEY", "MONGODB_URI");
-```typescript
-// getEnvSecret sees SECRET_MONGODB_URI and fetches from Secrets Manager
-const mongoUri = await getEnvSecret("MONGODB_URI");
+// Now available as process.env.ANTHROPIC_API_KEY, etc.
 ```
-## Direct Secret Access
+## Provider/Consumer Pattern
-Use `getSecret` when you need to fetch by exact AWS secret name:
+For shared secrets across environments (e.g., sandbox providing to personal builds):
 ```typescript
-import { getSecret } from "jaypie";
+// Sandbox stack (provider) - exports the secret name
+new JaypieEnvSecret(this, "SHARED_API_KEY", { provider: true });
-// Fetch by exact AWS secret name
-const secret = await getSecret("my-project/production/api-key");
+// Personal build (consumer) - imports from sandbox
+new JaypieEnvSecret(this, "SHARED_API_KEY"); // consumer auto-detected
 ```
-Note: `getSecret` requires `AWS_SESSION_TOKEN` and always calls Secrets Manager. Prefer `getEnvSecret` for typical use cases.
+The construct auto-detects consumer mode for personal/ephemeral environments (`PROJECT_ENV=personal` or `CDK_ENV_PERSONAL=true`).
-## Creating Secrets
+## Generated Secrets
-### Via CDK
+For secrets without a source value (e.g., database passwords):
 ```typescript
-import { Secret } from "aws-cdk-lib/aws-secretsmanager";
-const secret = new Secret(this, "ApiKey", {
-  secretName: `${projectKey}/api-key`,
-  description: "Third-party API key",
+new JaypieEnvSecret(this, "DB_PASSWORD", {
+  generateSecretString: {
+    excludePunctuation: true,
+    passwordLength: 32,
+  },
 });
-// Grant read access
-secret.grantRead(lambdaFunction);
 ```
-### Via AWS CLI
+## Tagging
-```bash
-aws secretsmanager create-secret \
-  --name "my-project/api-key" \
-  --secret-string "sk_live_abc123"
+Apply standard tags for organization:
+```typescript
+new JaypieEnvSecret(this, "STRIPE_KEY", {
+  roleTag: CDK.ROLE.PAYMENT,
+  vendorTag: CDK.VENDOR.STRIPE,
+});
 ```
-## Secret Naming Convention
+## Local Development
-Use project-prefixed names:
+For local development, set environment variables directly in `.env.local`:
+```bash
+# .env.local (not committed)
+ANTHROPIC_API_KEY=sk-ant-test123
+MONGODB_URI=mongodb://localhost:27017/dev
 ```
-{project-key}/{secret-name}
-Examples:
-- my-api/mongodb-uri
-- my-api/stripe-key
-- my-api/auth0-secret
-```
+`getEnvSecret` returns these values directly without AWS calls when no `SECRET_` prefix is present.
-## JSON Secrets
+## Alternative Approaches
-Store structured data:
+### Explicit Value
-```bash
-aws secretsmanager create-secret \
-  --name "my-project/db-credentials" \
-  --secret-string '{"username":"admin","password":"secret123"}'
+Pass a value directly instead of reading from environment:
+```typescript
+new JaypieEnvSecret(this, "ApiKey", {
+  value: "sk_live_abc123", // Not recommended - prefer env vars
+});
 ```
-Retrieve in code:
+### Manual SECRET_ Linking
+For non-JaypieEnvSecret secrets, manually set the `SECRET_` prefix:
 ```typescript
-const credentialsJson = await getEnvSecret("DB_CREDENTIALS");
-const credentials = JSON.parse(credentialsJson);
+new JaypieLambda(this, "Handler", {
+  environment: {
+    SECRET_MONGODB_URI: "my-project/mongodb-uri", // AWS secret name
+  },
+});
 ```
-## Caching
+At runtime, `getEnvSecret("MONGODB_URI")` sees `SECRET_MONGODB_URI` and fetches from that AWS secret name.
-Secrets are cached by default to reduce API calls:
+The `_SECRET` suffix also works:
 ```typescript
-// First call: fetches from Secrets Manager
-const key1 = await getEnvSecret("API_KEY");
-// Second call: returns cached value
-const key2 = await getEnvSecret("API_KEY");
+environment: {
+  MONGODB_URI_SECRET: "my-project/mongodb-uri",
+}
 ```
-Cache is scoped to Lambda execution context (warm starts reuse cache).
+### Direct Secret Access
-## Rotation
-Configure automatic rotation for supported secrets:
+Use `getSecret` when you need to fetch by exact AWS secret name:
 ```typescript
-const secret = new Secret(this, "DbPassword", {
-  secretName: "my-project/db-password",
-  generateSecretString: {
-    excludePunctuation: true,
-    passwordLength: 32,
-  },
-});
+import { getSecret } from "jaypie";
-secret.addRotationSchedule("Rotation", {
-  automaticallyAfter: Duration.days(30),
-  rotationLambda: rotationFunction,
-});
+const secret = await getSecret("my-project/production/api-key");
 ```
-## Local Development
-For local development, set environment variables directly:
+Note: `getSecret` requires `AWS_SESSION_TOKEN` and always calls Secrets Manager.
-```bash
-# .env.local (not committed)
-ANTHROPIC_API_KEY=sk-ant-test123
-MONGODB_URI=mongodb://localhost:27017/dev
-API_KEY=test_key_123
-```
+## Caching
-`getEnvSecret` automatically returns these values without AWS calls since there's no `SECRET_` prefix.
+Secrets are cached by default to reduce API calls. Cache is scoped to Lambda execution context (warm starts reuse cache).
 ## IAM Permissions
-Lambda needs `secretsmanager:GetSecretValue`:
+`JaypieEnvSecret` implements `ISecret`, so grant access directly:
 ```typescript
+const secret = new JaypieEnvSecret(this, "API_KEY");
 secret.grantRead(lambdaFunction);
-// Or via policy
-lambdaFunction.addToRolePolicy(new PolicyStatement({
-  actions: ["secretsmanager:GetSecretValue"],
-  resources: [secret.secretArn],
-}));
 ```
+Or use the `secrets` array on `JaypieLambda`, which handles permissions automatically.
 ## Testing
 Mock secret functions in tests:

package/skills/skills.md CHANGED Viewed

@@ -16,7 +16,7 @@ Look up skills by alias: `mcp__jaypie__skill(alias)`
 | Category | Skills |
 |----------|--------|
 | contents | index, releasenotes |
-| development | documentation, errors, logs, mocks, monorepo, style, subpackages, tests |
+| development | documentation, errors, llm, logs, mocks, monorepo, style, subpackages, tests |
 | infrastructure | aws, cdk, cicd, datadog, dns, dynamodb, express, lambda, secrets, streaming, variables, websockets |
 | patterns | fabric, handlers, models, services, vocabulary |
 | meta | issues, jaypie, skills, tools |