@jaypie/mcp 0.8.41 → 0.8.43

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -9,7 +9,7 @@ import { gt } from 'semver';
9
9
  /**
10
10
  * Docs Suite - Documentation services (skill, version, release_notes)
11
11
  */
12
- const BUILD_VERSION_STRING = "@jaypie/mcp@0.8.41#6186c609"
12
+ const BUILD_VERSION_STRING = "@jaypie/mcp@0.8.43#947cd2b1"
13
13
  ;
14
14
  const __filename$1 = fileURLToPath(import.meta.url);
15
15
  const __dirname$1 = path.dirname(__filename$1);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@jaypie/mcp",
3
- "version": "0.8.41",
3
+ "version": "0.8.43",
4
4
  "description": "Jaypie MCP",
5
5
  "repository": {
6
6
  "type": "git",
@@ -0,0 +1,21 @@
1
+ ---
2
+ version: 1.2.50
3
+ date: 2026-04-18
4
+ summary: JaypieEnvSecret shorthand now validates missing env vars instead of silently creating empty secrets
5
+ ---
6
+
7
+ ## Changes
8
+
9
+ - `JaypieEnvSecret` detects shorthand by convention: a SCREAMING_SNAKE_CASE string (e.g., `MONGODB_URI`, `ANTHROPIC_API_KEY`) as the second constructor argument is treated as an `envKey`, even when the env var is not set at deploy time.
10
+ - When shorthand is used without a backing env var, `value`, or `generateSecretString`, construction throws `ConfigurationError` instead of silently producing an empty secret.
11
+ - Non-shorthand PascalCase ids (e.g., `TestSecret`, `ProjectSalt`) continue to behave as before.
12
+
13
+ ## Motivation
14
+
15
+ The prior shorthand detection required `process.env[name]` to be a non-empty string. A missing env var fell through to the plain-id branch and produced a secret with no value, which surfaced only at runtime via `loadEnvSecrets`. The new convention-based detection keeps shorthand calls on the envKey validation path regardless of env state.
16
+
17
+ ## Migration
18
+
19
+ - Consumers already setting env vars at deploy time see no change.
20
+ - Stacks relying on the old silent behavior should pass `value` or `generateSecretString`, or set the expected env var.
21
+ - Provider/consumer shorthand pairs now derive the same `EnvSecret_*` construct id on both sides, fixing a latent export-name mismatch when the env var was unset in the consumer environment.
@@ -0,0 +1,22 @@
1
+ ---
2
+ version: 1.2.51
3
+ date: 2026-04-19
4
+ summary: JaypieGitHubDeployRole grants ECR auth and push by default, scoped to <sponsor>-* repositories
5
+ ---
6
+
7
+ ## Changes
8
+
9
+ - `JaypieGitHubDeployRole` grants `ecr:GetAuthorizationToken` on `*` and push actions (`ecr:BatchCheckLayerAvailability`, `ecr:BatchGetImage`, `ecr:CompleteLayerUpload`, `ecr:CreateRepository`, `ecr:DescribeRepositories`, `ecr:InitiateLayerUpload`, `ecr:PutImage`, `ecr:UploadLayerPart`) scoped to `arn:aws:ecr:*:<account>:repository/<sponsor>-*` by default.
10
+ - Sponsor is resolved from `sponsor` prop, `PROJECT_SPONSOR`, or the organization parsed from `CDK_ENV_REPO` / `PROJECT_REPO` (same parse that produces the `repoRestriction`), keeping ECR scope aligned with the OIDC `sub` condition.
11
+ - New `sponsor` and `ecr` props on `JaypieGitHubDeployRoleProps`. Set `ecr: false` to opt out.
12
+
13
+ ## Motivation
14
+
15
+ Any project shipping a Docker artifact (ECS/Fargate, Lambda containers) needs ECR auth + push on the GitHub Actions deploy role. Previously every consumer had to extend the role downstream. Since `JaypieGitHubDeployRole` already constrains the OIDC `sub` to the organization's repos, granting ECR by default removes boilerplate without expanding the threat surface.
16
+
17
+ ## Migration
18
+
19
+ - Consumers deploying from a sponsor-scoped monorepo (`<sponsor>-*`) see no change beyond new default permissions.
20
+ - Consumers who previously extended the role for ECR can remove the inline statements.
21
+ - To keep prior behavior with no ECR permissions, pass `ecr: false`.
22
+ - If no sponsor can be resolved (no `sponsor` prop, `PROJECT_SPONSOR`, `CDK_ENV_REPO`, or `PROJECT_REPO`), construction throws `ConfigurationError`; set `ecr: false` to skip the check.
@@ -0,0 +1,10 @@
1
+ ---
2
+ version: 0.8.42
3
+ date: 2026-04-18
4
+ summary: Update secrets skill and add release notes for constructs 1.2.50
5
+ ---
6
+
7
+ ## Changes
8
+
9
+ - Updates `skills/secrets.md` to document convention-based shorthand detection and the new missing-env `ConfigurationError`.
10
+ - Adds release notes for `@jaypie/constructs` 1.2.50.
@@ -0,0 +1,9 @@
1
+ ---
2
+ version: 0.8.43
3
+ date: 2026-04-19
4
+ summary: Release notes for @jaypie/constructs 1.2.51 (ECR defaults on JaypieGitHubDeployRole)
5
+ ---
6
+
7
+ ## Changes
8
+
9
+ - Adds release notes for `@jaypie/constructs` 1.2.51, which grants ECR auth + push permissions by default on `JaypieGitHubDeployRole`, scoped to `<sponsor>-*` repositories.
package/skills/secrets.md CHANGED
@@ -34,9 +34,12 @@ new JaypieLambda(this, "Handler", {
34
34
  });
35
35
  ```
36
36
 
37
- When the construct ID matches an environment variable name, `JaypieEnvSecret` automatically:
38
- - Uses that env var's value as the secret content
39
- - Sets `envKey` to the ID for later reference
37
+ When the construct ID is a SCREAMING_SNAKE_CASE string (or matches an environment variable name with a non-empty value), `JaypieEnvSecret` automatically:
38
+ - Treats the ID as the `envKey`
39
+ - Uses the env var's value as the secret content
40
+ - Namespaces the CDK construct id as `EnvSecret_${envKey}`
41
+
42
+ If the shorthand env var is missing at deploy time and no `value` or `generateSecretString` is provided, construction throws `ConfigurationError`. Supply a `value` or `generateSecretString` when the env var may be absent.
40
43
 
41
44
  ### CI/CD Setup
42
45