@jaypie/mcp 0.8.52 → 0.8.54

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -9,7 +9,7 @@ import { gt } from 'semver';
9
9
  /**
10
10
  * Docs Suite - Documentation services (skill, version, release_notes)
11
11
  */
12
- const BUILD_VERSION_STRING = "@jaypie/mcp@0.8.52#704908ba"
12
+ const BUILD_VERSION_STRING = "@jaypie/mcp@0.8.54#ff24b05a"
13
13
  ;
14
14
  const __filename$1 = fileURLToPath(import.meta.url);
15
15
  const __dirname$1 = path.dirname(__filename$1);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@jaypie/mcp",
3
- "version": "0.8.52",
3
+ "version": "0.8.54",
4
4
  "description": "Jaypie MCP",
5
5
  "repository": {
6
6
  "type": "git",
@@ -0,0 +1,25 @@
1
+ ---
2
+ version: 1.2.52
3
+ date: 2026-05-06
4
+ summary: JaypieWebDeploymentBucket adopts JaypieDistribution defaults — security headers, WAF, and CloudFront access logging
5
+ ---
6
+
7
+ ## Changes
8
+
9
+ - `JaypieWebDeploymentBucket` now applies the same default security `ResponseHeadersPolicy` as `JaypieDistribution` (HSTS, X-Frame-Options, CSP, Referrer-Policy, Permissions-Policy, Cross-Origin-* headers, Server header removal). Attached to the default behavior and the production `/*` behavior.
10
+ - Adds `securityHeaders` (`boolean | SecurityHeadersOverrides`) and `responseHeadersPolicy` (full override) props matching `JaypieDistribution`'s shape.
11
+ - Adds CloudFront access logging by default — creates a log bucket with Datadog forwarding. New `logBucket` and `destination` props mirror `JaypieDistribution`.
12
+ - Adds WAFv2 WebACL by default with `AWSManagedRulesCommonRuleSet`, `AWSManagedRulesKnownBadInputsRuleSet`, and IP rate limiting (2000/5min). New `waf` prop accepts `boolean | JaypieWebDeploymentBucketWafConfig`.
13
+ - WAF defaults to namespacing the WebACL and WAF log bucket with the construct id, so multiple `JaypieWebDeploymentBucket` (or paired `JaypieDistribution`) instances coexist in one stack without name collisions.
14
+ - `host` widened to `string | HostConfig` on `JaypieWebDeploymentBucket` and `JaypieStaticWebBucket`, matching `JaypieDistribution` / `JaypieApiGateway` / `JaypieWebSocket`. HostConfig values are resolved via `envHostname()`.
15
+ - Exposes `logBucket`, `responseHeadersPolicy`, `wafLogBucket`, and `webAcl` as public readonly properties.
16
+
17
+ ## Motivation
18
+
19
+ `JaypieDistribution` ships with sensible defaults for security headers, WAF, and access logging. Static-site deployments fronted by `JaypieWebDeploymentBucket` deserve the same baseline rather than having to compose two constructs by hand.
20
+
21
+ ## Migration
22
+
23
+ - Existing `JaypieWebDeploymentBucket` users pick up new AWS resources on next deploy: a CloudFront access-log bucket, a WAFv2 WebACL, and a WAF log bucket. There is ongoing AWS cost (WAF + S3 storage). Opt out per feature with `securityHeaders: false`, `waf: false`, `destination: false`, or `logBucket: <existing>`.
24
+ - Custom security headers: pass `securityHeaders: { contentSecurityPolicy, frameOption, ... }` or a full `responseHeadersPolicy`.
25
+ - Custom WAF: `waf: { name: "static", rateLimitPerIp: 500 }` or `waf: { webAclArn: "arn:..." }` to attach an existing WebACL.
@@ -0,0 +1,20 @@
1
+ ---
2
+ version: 0.6.1
3
+ date: 2026-05-02
4
+ summary: Auto-serialize Date instances to ISO 8601 strings on write so entities with Date-typed fields no longer crash the marshaller
5
+ ---
6
+
7
+ ## Fixed
8
+
9
+ - **Date values on entities**. `createEntity`, `updateEntity`, `deleteEntity`,
10
+ `archiveEntity`, `transactWriteEntities`, and `seedEntities` would throw
11
+ `Unsupported type passed: ...` from `@aws-sdk/util-dynamodb` whenever a
12
+ field held a `Date` instance — even though Jaypie entity timestamp types
13
+ are typed `Date | null`. The fix: `indexEntity` now walks the entity (top
14
+ level, nested objects, arrays) and converts any `Date` to
15
+ `value.toISOString()` before timestamps and GSI keys are populated.
16
+
17
+ Reads still return ISO strings, not `Date` instances. If you want a
18
+ `Date` back, hydrate at the boundary (`new Date(entity.expiresAt)`).
19
+
20
+ Issue: [#331](https://github.com/finlaysonstudio/jaypie/issues/331)
@@ -0,0 +1,22 @@
1
+ ---
2
+ version: 1.2.4
3
+ date: 2026-05-06
4
+ summary: Fix TypeScript resolver — switch from legacy import-x/resolver to resolver-next so eslint-import-resolver-typescript v4 (interfaceVersion 3) loads cleanly
5
+ ---
6
+
7
+ ## Changes
8
+
9
+ - `jaypie:typescriptRecommended` now sets `import-x/resolver-next: [createTypeScriptImportResolver()]` and clears the legacy `import-x/resolver` entry inherited from `importxFlatConfigs.typescript`.
10
+
11
+ ## Motivation
12
+
13
+ `eslint-plugin-import-x@4.16.2` validates legacy resolvers via `interfaceVersion === 2`, but `eslint-import-resolver-typescript@4.4.4` exposes `interfaceVersion: 3`. The legacy form (`'import-x/resolver': { typescript: true }`) inherited from the plugin's bundled flat config therefore failed validation, and every `.ts`/`.tsx` file produced `Resolve error: typescript with invalid interface loaded as resolver` plus cascading `import-x/no-unresolved` errors.
14
+
15
+ The v3-compatible path is `import-x/resolver-next`, which accepts modern resolvers via the resolver factory.
16
+
17
+ ## Migration
18
+
19
+ - No consumer changes required. Re-export `@jaypie/eslint` as before.
20
+ - Downstream workarounds that overrode `import-x/resolver-next` can be removed.
21
+
22
+ Fixes #333.
@@ -0,0 +1,11 @@
1
+ ---
2
+ version: 0.8.54
3
+ date: 2026-05-06
4
+ summary: Update web skill for JaypieWebDeploymentBucket defaults; ship release notes for @jaypie/constructs 1.2.52 and @jaypie/eslint 1.2.4
5
+ ---
6
+
7
+ ## Changes
8
+
9
+ - Updated `skill("web")` props table and added Security Headers / WAF / Access Logging sections covering `JaypieWebDeploymentBucket`'s new defaults and override mechanisms (`securityHeaders`, `responseHeadersPolicy`, `waf`, `logBucket`, `destination`).
10
+ - Mirrors the `JaypieDistribution` patterns documented in `skill("cdk")` so static-site and dynamic-origin guidance stay aligned.
11
+ - Added release notes for `@jaypie/constructs` 1.2.52 and `@jaypie/eslint` 1.2.4 (#333).
package/skills/web.md CHANGED
@@ -35,11 +35,16 @@ new JaypieWebDeploymentBucket(this, "Web", {
35
35
 
36
36
  | Prop | Type | Default |
37
37
  |------|------|---------|
38
- | `host` | `string` | `mergeDomain(CDK_ENV_WEB_SUBDOMAIN, CDK_ENV_WEB_HOSTED_ZONE \|\| CDK_ENV_HOSTED_ZONE)` |
38
+ | `host` | `string \| HostConfig` | `mergeDomain(CDK_ENV_WEB_SUBDOMAIN, CDK_ENV_WEB_HOSTED_ZONE \|\| CDK_ENV_HOSTED_ZONE)` — `HostConfig` is resolved via `envHostname()` |
39
39
  | `zone` | `string \| IHostedZone \| JaypieHostedZone` | `CDK_ENV_WEB_HOSTED_ZONE \|\| CDK_ENV_HOSTED_ZONE` |
40
40
  | `certificate` | `boolean \| ICertificate` | `true` (creates via `resolveCertificate`) |
41
+ | `destination` | `LambdaDestination \| boolean` | `true` (Datadog forwarder for access-log bucket notifications) |
42
+ | `logBucket` | `IBucket \| string \| { exportName } \| true` | undefined — creates a new bucket if `destination !== false` |
41
43
  | `name` | `string` | `constructEnvName("web")` |
44
+ | `responseHeadersPolicy` | `IResponseHeadersPolicy` | undefined — full override; bypasses default security headers |
42
45
  | `roleTag` | `string` | `CDK.ROLE.HOSTING` |
46
+ | `securityHeaders` | `boolean \| SecurityHeadersOverrides` | `true` |
47
+ | `waf` | `boolean \| JaypieWebDeploymentBucketWafConfig` | `true` (WAF name defaults to construct id) |
43
48
 
44
49
  Also accepts all `s3.BucketProps` — the bucket defaults to `autoDeleteObjects: true`, `publicReadAccess: true`, `websiteIndexDocument: "index.html"`, `websiteErrorDocument: "index.html"` (SPA-friendly).
45
50
 
@@ -47,6 +52,52 @@ Also accepts all `s3.BucketProps` — the bucket defaults to `autoDeleteObjects:
47
52
 
48
53
  - Default behavior: S3 static website origin, `REDIRECT_TO_HTTPS`, `CACHING_DISABLED`.
49
54
  - In production (`isProductionEnv()`), a second behavior on `/*` enables `CACHING_OPTIMIZED` — `index.html` stays uncached so SPA deploys are visible immediately; hashed assets get edge cache.
55
+ - Access logs land in a CloudFront log bucket with Datadog forwarding by default. Set `destination: false` to skip notifications, or pass `logBucket: <existing>` to reuse a bucket.
56
+
57
+ ### Security Headers
58
+
59
+ Same defaults as `JaypieDistribution`: HSTS, X-Frame-Options, CSP, Referrer-Policy, Permissions-Policy, Cross-Origin-* headers, and Server header removal (applied via a `ResponseHeadersPolicy` on the default behavior and the production `/*` behavior). Override the same way:
60
+
61
+ ```typescript
62
+ // Disable
63
+ new JaypieWebDeploymentBucket(this, "Web", { host, zone, securityHeaders: false });
64
+
65
+ // Override specific headers
66
+ new JaypieWebDeploymentBucket(this, "Web", {
67
+ host, zone,
68
+ securityHeaders: {
69
+ contentSecurityPolicy: "default-src 'self';",
70
+ frameOption: HeadersFrameOption.SAMEORIGIN,
71
+ },
72
+ });
73
+
74
+ // Full custom policy
75
+ new JaypieWebDeploymentBucket(this, "Web", { host, zone, responseHeadersPolicy: myPolicy });
76
+ ```
77
+
78
+ ### WAF
79
+
80
+ Same defaults as `JaypieDistribution` (AWSManagedRulesCommonRuleSet, AWSManagedRulesKnownBadInputsRuleSet, IP rate limit 2000/5min, WAF logging to S3 with Datadog forwarding). The WebACL and WAF log bucket are namespaced with the construct id by default so multiple instances coexist without collision:
81
+
82
+ ```typescript
83
+ // Default — WAF named after construct id ("MyWeb-WebAcl")
84
+ new JaypieWebDeploymentBucket(this, "MyWeb", { host, zone });
85
+
86
+ // Disable
87
+ new JaypieWebDeploymentBucket(this, "Web", { host, zone, waf: false });
88
+
89
+ // Custom name + rate limit
90
+ new JaypieWebDeploymentBucket(this, "Web", {
91
+ host, zone,
92
+ waf: { name: "static", rateLimitPerIp: 500 },
93
+ });
94
+
95
+ // Existing WebACL
96
+ new JaypieWebDeploymentBucket(this, "Web", {
97
+ host, zone,
98
+ waf: { webAclArn: "arn:aws:wafv2:..." },
99
+ });
100
+ ```
50
101
 
51
102
  ### DNS
52
103