@jaypie/mcp 0.8.44 → 0.8.46

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -9,7 +9,7 @@ import { gt } from 'semver';
9
9
  /**
10
10
  * Docs Suite - Documentation services (skill, version, release_notes)
11
11
  */
12
- const BUILD_VERSION_STRING = "@jaypie/mcp@0.8.44#b696c1bf"
12
+ const BUILD_VERSION_STRING = "@jaypie/mcp@0.8.46#f41e75e8"
13
13
  ;
14
14
  const __filename$1 = fileURLToPath(import.meta.url);
15
15
  const __dirname$1 = path.dirname(__filename$1);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@jaypie/mcp",
3
- "version": "0.8.44",
3
+ "version": "0.8.46",
4
4
  "description": "Jaypie MCP",
5
5
  "repository": {
6
6
  "type": "git",
@@ -0,0 +1,11 @@
1
+ ---
2
+ version: 1.2.42
3
+ date: 2026-04-19
4
+ summary: Re-export jaypieApiKeyId and HTTP.HEADER.API_KEY via @jaypie/kit
5
+ ---
6
+
7
+ ## Changes
8
+
9
+ - Bumped `@jaypie/kit` to `^1.2.8`, exposing:
10
+ - `jaypieApiKeyId(key, { namespace, salt? })` — derives a deterministic UUIDv5 from a hashed API key
11
+ - `HTTP.HEADER.API_KEY` (`"X-Api-Key"`)
@@ -0,0 +1,13 @@
1
+ ---
2
+ version: 1.2.8
3
+ date: 2026-04-19
4
+ summary: Add jaypieApiKeyId helper and X-Api-Key HTTP header constant
5
+ ---
6
+
7
+ ## Changes
8
+
9
+ - Added `jaypieApiKeyId(key, { namespace, salt? })` — derives a deterministic UUIDv5 from the hashed key, suitable for use as a user-facing DynamoDB id
10
+ - Same key + namespace always produces the same id; preserves direct `get-item` lookup (no GSI)
11
+ - Namespace is required (consumer-scoped) to avoid cross-application collisions
12
+ - `salt` passes through to `hashJaypieKey` (defaults to `process.env.PROJECT_SALT`)
13
+ - Added `HTTP.HEADER.API_KEY` (`"X-Api-Key"`) to the HTTP header constants
@@ -0,0 +1,12 @@
1
+ ---
2
+ version: 0.8.45
3
+ date: 2026-04-19
4
+ summary: Document jaypieApiKeyId helper and UUIDv5 DynamoDB id pattern in the apikey skill
5
+ ---
6
+
7
+ ## Changes
8
+
9
+ - Updated `skill("apikey")`:
10
+ - Added a "Derive UUID Id" section documenting `jaypieApiKeyId(key, { namespace, salt? })`
11
+ - Reworked the "DynamoDB Storage Pattern" section to recommend UUIDv5-from-hash as the primary pattern when the id is user-facing, with the raw hex hash pattern documented as the alternative for hidden presentation
12
+ - Contrasted both approaches with the `xid = hash` + GSI pattern
@@ -0,0 +1,11 @@
1
+ ---
2
+ version: 0.8.46
3
+ date: 2026-04-19
4
+ summary: Add repokit skill documenting the @jaypie/repokit tooling bundle
5
+ ---
6
+
7
+ ## Changes
8
+
9
+ - Added `skill("repokit")` covering what ships in `@jaypie/repokit` (`dotenv`, `env-cmd`, `rimraf`, `sort-package-json`, `tsx`), when to reach for it, and usage patterns — including the `env-cmd -f .env -- <cmd>` `--` separator gotcha
10
+ - Registered `repokit` under the development category in `skill("skills")` and `skill("agents")`
11
+ - Cross-linked from `skill("monorepo")` (added to related, recommended as root devDependency) and `skill("variables")` (added "Loading from `.env` Files" section)
@@ -0,0 +1,9 @@
1
+ ---
2
+ version: 1.2.36
3
+ date: 2026-04-19
4
+ summary: Add jaypieApiKeyId mock
5
+ ---
6
+
7
+ ## Changes
8
+
9
+ - Added `jaypieApiKeyId` mock — returns the fixed UUID `"00000000-0000-5000-8000-000000000000"`
package/skills/agents.md CHANGED
@@ -33,7 +33,7 @@ Complete stack styles, techniques, and traditions.
33
33
  `mcp__jaypie__skill(alias: String)`
34
34
 
35
35
  Contents: index, releasenotes
36
- Development: apikey, documentation, errors, llm, logs, mocks, monorepo, style, subpackages, tests, tools
36
+ Development: apikey, documentation, errors, llm, logs, mocks, monorepo, repokit, style, subpackages, tests, tools
37
37
  Infrastructure: apigateway, aws, cdk, cicd, datadog, dns, dynamodb, express, lambda, migrations, secrets, sqs, streaming, variables, websockets
38
38
  Patterns: api, fabric, handlers, models, services, vocabulary
39
39
  Recipes: recipe-api-server
package/skills/apikey.md CHANGED
@@ -5,7 +5,7 @@ related: dynamodb, secrets, style, tests
5
5
 
6
6
  # API Keys
7
7
 
8
- Jaypie provides three functions for working with API keys: `generateJaypieKey`, `validateJaypieKey`, and `hashJaypieKey`. Available from `jaypie` or `@jaypie/kit`.
8
+ Jaypie provides four functions for working with API keys: `generateJaypieKey`, `validateJaypieKey`, `hashJaypieKey`, and `jaypieApiKeyId`. Available from `jaypie` or `@jaypie/kit`.
9
9
 
10
10
  ## Generate
11
11
 
@@ -144,6 +144,29 @@ Returns a 64-character hex string. Deterministic — same key and salt always pr
144
144
  2. `process.env.PROJECT_SALT` environment variable
145
145
  3. No salt — plain SHA-256 (logs a warning)
146
146
 
147
+ ## Derive UUID Id
148
+
149
+ > **Version note:** `jaypieApiKeyId` requires `jaypie >= 1.2.22` / `@jaypie/kit >= 1.2.8`.
150
+
151
+ `jaypieApiKeyId(key, { namespace, salt? })` derives a deterministic UUIDv5 from the hashed key. Use this when the id must be surfaced in UIs, API responses, or resource URLs — a 64-char hex hash is not ergonomic, but a UUID is:
152
+
153
+ ```typescript
154
+ import { jaypieApiKeyId } from "jaypie";
155
+
156
+ const APIKEY_NAMESPACE = "b85e1a7a-5c7e-4e7b-9b8e-7c3a9d2f4e5b";
157
+
158
+ const id = jaypieApiKeyId(key, { namespace: APIKEY_NAMESPACE });
159
+ // "c4e1b0d2-..."
160
+ ```
161
+
162
+ Properties:
163
+
164
+ - **Deterministic** — same key + namespace always produces the same id; auth stays `getEntity({ id })`, still no GSI required
165
+ - **One-way** — derives from the hash, so the plaintext key cannot be recovered
166
+ - **Presentable** — a standard UUID, safe to expose externally
167
+
168
+ Pick a stable namespace UUID per application (a random UUIDv4 is fine) so ids cannot collide across unrelated services.
169
+
147
170
  ## Typical Workflow
148
171
 
149
172
  1. **Generate** a key and return it to the user (only time plaintext is visible)
@@ -216,14 +239,33 @@ See `~secrets` for the full secrets management pattern.
216
239
 
217
240
  ## DynamoDB Storage Pattern
218
241
 
219
- Store hashed API keys in DynamoDB for direct lookup without a GSI:
242
+ Store API keys in DynamoDB keyed on a deterministic id derived from the plaintext. Both patterns preserve direct `get-item` lookup (no GSI).
243
+
244
+ ### Preferred: UUIDv5 from hash (id safe to expose)
245
+
246
+ ```typescript
247
+ const APIKEY_NAMESPACE = "b85e1a7a-5c7e-4e7b-9b8e-7c3a9d2f4e5b";
248
+
249
+ // model = "apikey", id = uuidv5(hash, namespace) — standard UUID, safe to surface
250
+ { model: "apikey", id: jaypieApiKeyId(key, { namespace: APIKEY_NAMESPACE }), ownerId: "user_123", createdAt: "..." }
251
+ ```
252
+
253
+ Use this when the id will appear in API responses, UI, or resource URLs. Auth stays a single `getEntity({ model: "apikey", id: jaypieApiKeyId(presented, { namespace }) })`.
254
+
255
+ ### Alternative: Raw hash id (hidden presentation)
220
256
 
221
257
  ```typescript
222
- // model = "apikey", id = hash — enables direct get-item lookup
258
+ // model = "apikey", id = hash — a 64-char hex string, functional but not ergonomic
223
259
  { model: "apikey", id: hashJaypieKey(key), ownerId: "user_123", createdAt: "..." }
224
260
  ```
225
261
 
226
- This uses the `JaypieDynamoDb` default key convention (`model`/`id`). See `skill("dynamodb")` for table setup and query patterns.
262
+ Use when presentation does not matter internal-only tables, throwaway tooling, or when you are already storing a separate public identifier.
263
+
264
+ Both patterns use the `JaypieDynamoDb` default key convention (`model`/`id`). See `skill("dynamodb")` for table setup and query patterns.
265
+
266
+ ### Why not `xid = hash` with a GSI?
267
+
268
+ Another common pattern is `{ id: randomUUID(), xid: hashJaypieKey(key) }` with a GSI on `xid`. It works, but every auth lookup becomes a `query` against a GSI instead of a `get-item`, and you pay the per-deploy cost of an extra index. The UUIDv5 derivation sidesteps both by keeping the id deterministic.
227
269
 
228
270
  ## See Also
229
271
 
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  description: Initialize a Jaypie monorepo project
3
- related: subpackage, cicd, style, tests
3
+ related: subpackage, cicd, repokit, style, tests
4
4
  ---
5
5
 
6
6
  # Jaypie Monorepo Setup
@@ -130,9 +130,11 @@ npm-debug.log*
130
130
  Install root dev dependencies:
131
131
 
132
132
  ```bash
133
- npm install --save-dev @jaypie/eslint @jaypie/testkit eslint rimraf sort-package-json tsx vite vite-plugin-dts vitest
133
+ npm install --save-dev @jaypie/eslint @jaypie/repokit @jaypie/testkit eslint vite vite-plugin-dts vitest
134
134
  ```
135
135
 
136
+ `@jaypie/repokit` bundles `dotenv`, `env-cmd`, `rimraf`, `sort-package-json`, and `tsx` at consistent versions. See `skill("repokit")`.
137
+
136
138
  ## Workspace Conventions
137
139
 
138
140
  | Directory | Purpose |
@@ -0,0 +1,97 @@
1
+ ---
2
+ description: Bundled development tooling for Jaypie repositories (dotenv, env-cmd, rimraf, sort-package-json, tsx)
3
+ related: monorepo, subpackages, variables
4
+ ---
5
+
6
+ # Repokit
7
+
8
+ `@jaypie/repokit` is a convenience bundle that consolidates common development tooling used across Jaypie repositories into a single devDependency. Install once and get `dotenv`, `env-cmd`, `rimraf`, `sort-package-json`, and `tsx` at consistent versions.
9
+
10
+ ## What Ships
11
+
12
+ | Tool | Purpose |
13
+ |------|---------|
14
+ | `dotenv` | Load environment variables from `.env` files (re-exported for programmatic use) |
15
+ | `env-cmd` | Run commands with env file loaded (CLI; use in npm scripts) |
16
+ | `rimraf` | Cross-platform `rm -rf` (re-exported and available as CLI) |
17
+ | `sort-package-json` | Enforce consistent `package.json` key ordering (CLI) |
18
+ | `tsx` | Run TypeScript files directly without precompilation (CLI) |
19
+
20
+ ## When to Reach for It
21
+
22
+ - **Monorepo root devDependency** — single install so every package has access to the same tooling versions
23
+ - **Subpackages** — add as a devDependency where build/clean/script tooling is needed
24
+ - **Avoid** listing each of the five underlying packages individually — let `@jaypie/repokit` pin them
25
+
26
+ ## Install
27
+
28
+ ```bash
29
+ npm install --save-dev @jaypie/repokit
30
+ # Or in a monorepo root:
31
+ npm install --save-dev @jaypie/repokit -w .
32
+ ```
33
+
34
+ ## Programmatic Exports
35
+
36
+ ```typescript
37
+ import { config, rimraf } from "@jaypie/repokit";
38
+
39
+ config(); // dotenv — loads process.env from .env
40
+ await rimraf("./dist"); // cross-platform directory removal
41
+ ```
42
+
43
+ Re-exports:
44
+
45
+ - Everything from `dotenv` (`config`, `parse`, `populate`, etc.)
46
+ - `rimraf` from `rimraf`
47
+
48
+ ## CLI Usage in `package.json` Scripts
49
+
50
+ ```json
51
+ {
52
+ "scripts": {
53
+ "clean": "rimraf ./dist",
54
+ "clean:all": "rimraf ./packages/*/dist",
55
+ "format:package": "sort-package-json ./package.json ./packages/*/package.json",
56
+ "script:setup": "tsx scripts/setup.ts",
57
+ "start:dev": "env-cmd -f .env.development -- node server.js"
58
+ }
59
+ }
60
+ ```
61
+
62
+ ### `env-cmd` — the `--` separator is required
63
+
64
+ `env-cmd -f <file> -- <command>` passes the env file to the process and runs the command with those variables loaded. **Omit the `--` and env-cmd treats the file as an rc/JSON config instead of a dotenv file, which silently does the wrong thing.**
65
+
66
+ ```bash
67
+ # Correct — `.env.dev` is read as a dotenv file
68
+ env-cmd -f .env.dev -- node server.js
69
+
70
+ # Wrong — `.env.dev` is parsed as JSON/rc config; server.js still runs but without env vars
71
+ env-cmd -f .env.dev node server.js
72
+ ```
73
+
74
+ Use this pattern to load repo-level `.env` files into scripts without hard-coding variables in `package.json`.
75
+
76
+ ### `tsx` — for TypeScript scripts
77
+
78
+ ```bash
79
+ tsx scripts/seed.ts
80
+ env-cmd -f .env.local -- tsx scripts/seed.ts # combine with env-cmd
81
+ ```
82
+
83
+ ### `sort-package-json` — for consistency
84
+
85
+ Add a `format:package` script and run it before committing, or enforce it in a pre-commit hook.
86
+
87
+ ## Why Not the Five Packages Directly?
88
+
89
+ - **One devDependency vs five** — fewer entries in `package.json` and `package-lock.json`
90
+ - **Pinned versions** — every Jaypie repo using repokit gets the same `dotenv`/`rimraf`/etc. version
91
+ - **Easier upgrades** — bump repokit once, all tooling updates together
92
+
93
+ ## See Also
94
+
95
+ - `skill("monorepo")` — repokit is a recommended devDependency for the monorepo root
96
+ - `skill("subpackages")` — use repokit as a devDependency in any package that needs build/clean/script tooling
97
+ - `skill("variables")` — pair `env-cmd` with `.env` files to load project environment variables
package/skills/skills.md CHANGED
@@ -16,7 +16,7 @@ Look up skills by alias: `mcp__jaypie__skill(alias)`
16
16
  | Category | Skills |
17
17
  |----------|--------|
18
18
  | contents | index, releasenotes |
19
- | development | apikey, documentation, errors, llm, logs, mocks, monorepo, style, subpackages, tests, tools |
19
+ | development | apikey, documentation, errors, llm, logs, mocks, monorepo, repokit, style, subpackages, tests, tools |
20
20
  | infrastructure | apigateway, aws, cdk, cicd, datadog, dns, dynamodb, express, lambda, migrations, secrets, sqs, streaming, variables, websockets |
21
21
  | patterns | api, fabric, handlers, models, services, vocabulary |
22
22
  | recipes | recipe-api-server |
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  description: Environment variables reference
3
- related: apikey, cdk, datadog, secrets
3
+ related: apikey, cdk, datadog, repokit, secrets
4
4
  ---
5
5
 
6
6
  # Environment Variables
@@ -49,6 +49,21 @@ LOG_LEVEL=trace npm run dev
49
49
  LOG_LEVEL=debug npm run dev
50
50
  ```
51
51
 
52
+ ### Loading from `.env` Files
53
+
54
+ Use `env-cmd` (bundled with `@jaypie/repokit`) to load a dotenv file into a script. The `--` separator is required — without it, `env-cmd` treats the file as rc/JSON config and silently does the wrong thing:
55
+
56
+ ```json
57
+ {
58
+ "scripts": {
59
+ "start:dev": "env-cmd -f .env.development -- node server.js",
60
+ "script:seed": "env-cmd -f .env.local -- tsx scripts/seed.ts"
61
+ }
62
+ }
63
+ ```
64
+
65
+ See `skill("repokit")` for the full tooling bundle.
66
+
52
67
  ## CDK Infrastructure Variables
53
68
 
54
69
  | Variable | Description |