@mavogel/cdk-vscode-server 0.0.48 → 0.0.49

package/.claude/hooks/file_checker.sh

@@ -0,0 +1,175 @@
+#!/bin/bash
+
+# NOTE: initially from https://www.npmjs.com/package/daddy-claude?activeTab=code
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+NC='\033[0m'
+
+# Find the most recently modified source file (exclude cache files and generated files)
+files=$(find . -type f -mmin -1 \( -name "*.ts" -o -name "*.tsx" -o -name "*.js" -o -name "*.jsx" \) -not -path "*/node_modules/*" -not -path "*/.git/*" -not -path "*/lib/*" -not -path "*/dist/*" -not -path "*/coverage/*" -not -path "*/test-reports/*" -printf '%T@ %p\n' 2>/dev/null | sort -nr | head -1 | cut -d' ' -f2)
+if [[ -z $files ]]; then
+	exit 2
+fi
+
+# Check if qlty is available and initialized
+qlty_available=false
+if command -v qlty >/dev/null 2>&1 && [[ -d ".qlty" ]]; then
+	qlty_available=true
+fi
+
+# Auto-format TypeScript/JavaScript files with eslint --fix first
+eslint_format_applied=false
+if [[ $files == *.ts ]] || [[ $files == *.tsx ]] || [[ $files == *.js ]] || [[ $files == *.jsx ]]; then
+	# Try projen eslint first if available
+	if command -v npx >/dev/null 2>&1 && [[ -f "package.json" ]] && grep -q "projen" package.json; then
+		eslint_fix_output=$(npx projen eslint --fix "$files" 2>&1)
+		if [[ $eslint_fix_output == *"fixed"* ]] || [[ $eslint_fix_output == *"formatted"* ]]; then
+			eslint_format_applied=true
+		fi
+	elif command -v eslint >/dev/null 2>&1; then
+		# Fallback to direct eslint
+		eslint_fix_output=$(eslint --fix "$files" 2>&1)
+		if [[ $eslint_fix_output == *"fixed"* ]] || [[ $eslint_fix_output == *"formatted"* ]]; then
+			eslint_format_applied=true
+		fi
+	fi
+fi
+
+# Run qlty checks (only if available)
+fmt_output=""
+check_output=""
+check_exit_code=0
+if [[ $qlty_available == true ]]; then
+	fmt_output=$(qlty fmt "$files" 2>&1)
+	check_output=$(qlty check --fix $files 2>&1)
+	check_exit_code=$?
+fi
+
+# Run additional TypeScript/JavaScript tools
+eslint_output=""
+tsc_output=""
+awslint_output=""
+eslint_exit_code=0
+tsc_exit_code=0
+awslint_exit_code=0
+
+if [[ $files == *.ts ]] || [[ $files == *.tsx ]] || [[ $files == *.js ]] || [[ $files == *.jsx ]]; then
+	# Run eslint (linting check without fix)
+	if command -v npx >/dev/null 2>&1 && [[ -f "package.json" ]] && grep -q "projen" package.json; then
+		eslint_output=$(npx projen eslint "$files" 2>&1)
+		eslint_exit_code=$?
+	elif command -v eslint >/dev/null 2>&1; then
+		eslint_output=$(eslint "$files" 2>&1)
+		eslint_exit_code=$?
+	fi
+
+	# Run TypeScript compiler check for .ts/.tsx files
+	if [[ $files == *.ts ]] || [[ $files == *.tsx ]]; then
+		if command -v tsc >/dev/null 2>&1; then
+			tsc_output=$(tsc --noEmit --skipLibCheck 2>&1)
+			tsc_exit_code=$?
+		fi
+	fi
+
+	# Run awslint for CDK projects (check if this is a CDK project)
+	if [[ -f "package.json" ]] && grep -q "aws-cdk" package.json; then
+		if command -v awslint >/dev/null 2>&1; then
+			awslint_output=$(awslint 2>&1)
+			awslint_exit_code=$?
+		elif command -v npx >/dev/null 2>&1; then
+			awslint_output=$(npm run awslint 2>&1)
+			awslint_exit_code=$?
+		fi
+	fi
+fi
+
+# Check for issues
+has_issues=false
+
+# Check if formatting happened (this is auto-fixed, so don't count as issue)
+formatting_applied=false
+if [[ $fmt_output == *"Formatted"* ]]; then
+	formatting_applied=true
+fi
+
+# Check if linting found issues
+if [[ $qlty_available == true ]]; then
+	if [[ $check_output != *"No issues"* ]] || [[ $check_exit_code -ne 0 ]]; then
+		has_issues=true
+	fi
+fi
+
+# Check TypeScript/JavaScript tool issues
+if [[ $eslint_exit_code -ne 0 ]] || [[ $tsc_exit_code -ne 0 ]] || [[ $awslint_exit_code -ne 0 ]]; then
+	has_issues=true
+fi
+
+# Remove test logic - now using real qlty detection
+
+# Display results
+if [[ $has_issues == true ]]; then
+	echo -e "${RED}🛑 STOP - Issues found in: $files${NC}" >&2
+	echo -e "${RED}The following MUST BE FIXED:${NC}" >&2
+	echo "" >&2
+
+	if [[ $qlty_available == true ]] && [[ $check_output != *"No issues"* ]]; then
+		# Extract remaining issue lines (skip headers/footers)
+		issue_lines=$(echo "$check_output" | grep -E "^\s*[0-9]+:[0-9]+\s+|high\s+|medium\s+|low\s+" | head -3)
+		remaining_issues=$(echo "$check_output" | grep -c "high\|medium\|low" 2>/dev/null || echo "0")
+
+		# Ensure remaining_issues is a valid number
+		if ! [[ $remaining_issues =~ ^[0-9]+$ ]]; then
+			remaining_issues=0
+		fi
+
+		# Simple, clear output
+		echo "🔍 QLTY Issues: ($remaining_issues remaining)" >&2
+
+		if [[ -n $issue_lines ]]; then
+			echo "$issue_lines" >&2
+			if [[ $remaining_issues -gt 3 ]]; then
+				echo "... and $((remaining_issues - 3)) more issues" >&2
+			fi
+		else
+			# Fallback: show first few lines if parsing failed
+			echo "$check_output" | head -5 >&2
+		fi
+		echo "" >&2
+	fi
+
+	# Show eslint issues
+	if [[ $eslint_exit_code -ne 0 ]] && [[ -n $eslint_output ]]; then
+		echo "🔍 ESLint Issues:" >&2
+		echo "$eslint_output" | head -5 >&2
+		echo "" >&2
+	fi
+
+	# Show TypeScript issues
+	if [[ $tsc_exit_code -ne 0 ]] && [[ -n $tsc_output ]]; then
+		echo "🔍 TypeScript Issues:" >&2
+		echo "$tsc_output" | grep -E "error|warning" | head -5 >&2
+		echo "" >&2
+	fi
+
+	# Show awslint issues
+	if [[ $awslint_exit_code -ne 0 ]] && [[ -n $awslint_output ]]; then
+		echo "🔍 AWS CDK Lint Issues:" >&2
+		echo "$awslint_output" | grep -E "error|warning" | head -5 >&2
+		echo "" >&2
+	fi
+
+	echo -e "${RED}Fix all issues above before continuing${NC}" >&2
+	exit 1
+else
+	if [[ $eslint_format_applied == true ]] && [[ $formatting_applied == true ]]; then
+		echo -e "${GREEN}✅ ESLint + QLTY formatted $files. Code quality good. Continue${NC}" >&2
+	elif [[ $eslint_format_applied == true ]]; then
+		echo -e "${GREEN}✅ ESLint formatted $files. Code quality good. Continue${NC}" >&2
+	elif [[ $formatting_applied == true ]]; then
+		echo -e "${GREEN}✅ QLTY formatted $files. Code quality good. Continue${NC}" >&2
+	else
+		echo -e "${GREEN}✅ Code quality good for $files. Continue${NC}" >&2
+	fi
+	exit 2
+fi

package/.jsii

@@ -8,11 +8,11 @@
     ]
   },
   "bundled": {
-    "node-html-parser": "^6.1.13"
+    "node-html-parser": "^7.0.1"
   },
   "dependencies": {
-    "@mavogel/mvc-projen": "^0.0.4",
-    "aws-cdk-lib": "^2.177.0",
+    "@mavogel/mvc-projen": "^0.0.7",
+    "aws-cdk-lib": "^2.190.0",
     "cdk-nag": "^2.35.0",
     "constructs": "^10.0.5"
   },
@@ -43,32 +43,6 @@
         }
       }
     },
-    "@aws-cdk/asset-kubectl-v20": {
-      "targets": {
-        "dotnet": {
-          "namespace": "Amazon.CDK.Asset.KubectlV20",
-          "packageId": "Amazon.CDK.Asset.KubectlV20"
-        },
-        "go": {
-          "moduleName": "github.com/cdklabs/awscdk-asset-kubectl-go",
-          "packageName": "kubectlv20"
-        },
-        "java": {
-          "maven": {
-            "artifactId": "cdk-asset-kubectl-v20",
-            "groupId": "software.amazon.awscdk"
-          },
-          "package": "software.amazon.awscdk.cdk.asset.kubectl.v20"
-        },
-        "js": {
-          "npm": "@aws-cdk/asset-kubectl-v20"
-        },
-        "python": {
-          "distName": "aws-cdk.asset-kubectl-v20",
-          "module": "aws_cdk.asset_kubectl_v20"
-        }
-      }
-    },
     "@aws-cdk/asset-node-proxy-agent-v6": {
       "targets": {
         "dotnet": {
@@ -987,6 +961,19 @@
             }
           }
         },
+        "aws-cdk-lib.aws_cognito_identitypool": {
+          "targets": {
+            "dotnet": {
+              "namespace": "Amazon.CDK.AWS.Cognito.Identitypool"
+            },
+            "java": {
+              "package": "software.amazon.awscdk.services.cognito.identitypool"
+            },
+            "python": {
+              "module": "aws_cdk.aws_cognito_identitypool"
+            }
+          }
+        },
         "aws-cdk-lib.aws_comprehend": {
           "targets": {
             "dotnet": {
@@ -1273,6 +1260,19 @@
             }
           }
         },
+        "aws-cdk-lib.aws_dsql": {
+          "targets": {
+            "dotnet": {
+              "package": "Amazon.CDK.AWS.DSQL"
+            },
+            "java": {
+              "package": "software.amazon.awscdk.services.dsql"
+            },
+            "python": {
+              "module": "aws_cdk.aws_dsql"
+            }
+          }
+        },
         "aws-cdk-lib.aws_dynamodb": {
           "targets": {
             "dotnet": {
@@ -1663,6 +1663,19 @@
             }
           }
         },
+        "aws-cdk-lib.aws_gameliftstreams": {
+          "targets": {
+            "dotnet": {
+              "package": "Amazon.CDK.AWS.GameLiftStreams"
+            },
+            "java": {
+              "package": "software.amazon.awscdk.services.gameliftstreams"
+            },
+            "python": {
+              "module": "aws_cdk.aws_gameliftstreams"
+            }
+          }
+        },
         "aws-cdk-lib.aws_globalaccelerator": {
           "targets": {
             "dotnet": {
@@ -3288,6 +3301,19 @@
             }
           }
         },
+        "aws-cdk-lib.aws_scheduler_targets": {
+          "targets": {
+            "dotnet": {
+              "namespace": "Amazon.CDK.AWS.Scheduler.Targets"
+            },
+            "java": {
+              "package": "software.amazon.awscdk.services.scheduler.targets"
+            },
+            "python": {
+              "module": "aws_cdk.aws_scheduler_targets"
+            }
+          }
+        },
         "aws-cdk-lib.aws_sdb": {
           "targets": {
             "dotnet": {
@@ -3835,19 +3861,6 @@
             }
           }
         },
-        "aws-cdk-lib.lambda_layer_kubectl": {
-          "targets": {
-            "dotnet": {
-              "namespace": "Amazon.CDK.LambdaLayer.Kubectl"
-            },
-            "java": {
-              "package": "software.amazon.awscdk.lambdalayer.kubectl"
-            },
-            "python": {
-              "module": "aws_cdk.lambda_layer_kubectl"
-            }
-          }
-        },
         "aws-cdk-lib.lambda_layer_node_proxy_agent": {
           "targets": {
             "dotnet": {
@@ -4518,6 +4531,6 @@
       "symbolId": "src/vscode-server:VSCodeServerProps"
     }
   },
-  "version": "0.0.48",
-  "fingerprint": "iIv7PexK0KE8yX3Js/3dz+cT0RmDzBQOxpInmLL6ATQ="
+  "version": "0.0.49",
+  "fingerprint": "uLLy8/seqbHWdn2/ZNbClDrdvCGQE93kzWlHHJT6MjE="
 }

package/.qlty/.gitignore

@@ -0,0 +1,7 @@
+*
+!configs
+!configs/**
+!hooks
+!hooks/**
+!qlty.toml
+!.gitignore

package/.qlty/configs/.yamllint.yaml

@@ -0,0 +1,21 @@
+extends: default
+
+rules:
+  document-start: disable
+  quoted-strings:
+    required: only-when-needed
+    extra-allowed: ["{|}"]
+  key-duplicates: {}
+  octal-values:
+    forbid-implicit-octal: true
+  line-length: disable
+  indentation: disable
+  new-line-at-end-of-file: disable
+  trailing-spaces: disable
+  brackets: disable
+  colons: disable
+  empty-lines: disable
+  comments: disable
+  braces: disable
+  comments-indentation: disable
+  commas: disable

package/.qlty/qlty.toml

@@ -0,0 +1,115 @@
+# This file was automatically generated by `qlty init`.
+# You can modify it to suit your needs.
+# We recommend you to commit this file to your repository.
+#
+# This configuration is used by both Qlty CLI and Qlty Cloud.
+#
+#     Qlty CLI -- Code quality toolkit for developers
+#     Qlty Cloud -- Fully automated Code Health Platform
+#
+# Try Qlty Cloud: https://qlty.sh
+#
+# For a guide to configuration, visit https://qlty.sh/d/config
+# Or for a full reference, visit https://qlty.sh/d/qlty-toml
+config_version = "0"
+
+exclude_patterns = [
+  "*_min.*",
+  "*-min.*",
+  "*.min.*",
+  "**/.yarn/**",
+  "**/*.d.ts",
+  "**/assets/**",
+  "**/bower_components/**",
+  "**/build/**",
+  "**/cache/**",
+  "**/config/**",
+  "**/db/**",
+  "**/deps/**",
+  "**/dist/**",
+  "**/extern/**",
+  "**/external/**",
+  "**/generated/**",
+  "**/Godeps/**",
+  "**/gradlew/**",
+  "**/mvnw/**",
+  "**/node_modules/**",
+  "**/protos/**",
+  "**/seed/**",
+  "**/target/**",
+  "**/templates/**",
+  "**/testdata/**",
+  "**/vendor/**",
+]
+
+test_patterns = [
+  "**/test/**",
+  "**/spec/**",
+  "**/*.test.*",
+  "**/*.spec.*",
+  "**/*_test.*",
+  "**/*_spec.*",
+  "**/test_*.*",
+  "**/spec_*.*",
+]
+
+[smells]
+mode = "comment"
+
+[[source]]
+name = "default"
+default = true
+
+
+[[plugin]]
+name = "actionlint"
+
+[[plugin]]
+name = "checkov"
+
+[[plugin]]
+name = "eslint"
+version = "9.33.0"
+package_file = "package.json"
+package_filters = ["eslint", "jest"]
+
+[[plugin]]
+name = "gofmt"
+
+[[plugin]]
+name = "golangci-lint"
+mode = "comment"
+
+[[plugin]]
+name = "markdownlint"
+mode = "comment"
+
+[[plugin]]
+name = "osv-scanner"
+
+[[plugin]]
+name = "prettier"
+
+[[plugin]]
+name = "radarlint-go"
+mode = "monitor"
+
+[[plugin]]
+name = "radarlint-js"
+
+[[plugin]]
+name = "ripgrep"
+mode = "comment"
+
+[[plugin]]
+name = "trivy"
+drivers = [
+  "config",
+  "fs-vuln",
+]
+
+[[plugin]]
+name = "trufflehog"
+
+[[plugin]]
+name = "yamllint"

package/CLAUDE.md

@@ -0,0 +1,159 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Repository Overview
+
+This is a CDK construct library for deploying VS Code Server on AWS, designed for development and workshop purposes. The project creates a complete infrastructure setup that allows users to run a cloud-based VS Code instance accessible through CloudFront.
+
+## Development Commands
+
+### Build and Test
+```bash
+# Build the project (TypeScript compilation, bundling, etc.)
+npx projen build
+
+# Run tests
+npx projen test
+
+# Run tests in watch mode
+npx projen test:watch
+
+# Run a single test file
+npx jest test/vscode-server.test.ts
+
+# Run integration tests (deploys to AWS)
+npm run integ-test
+```
+
+### Code Quality
+```bash
+# Run ESLint
+npx projen eslint
+
+# AWS CDK linting
+npm run awslint
+```
+
+### Package Management
+```bash
+# Install dependencies and update projen
+npx projen
+
+# Build and package for all targets (JS, Python, Go)
+npx projen package-all
+
+# Package for specific target
+npx projen package:js
+npx projen package:python
+npx projen package:go
+```
+
+### Lambda Functions
+```bash
+# Bundle installer Lambda
+npx projen bundle:installer/installer.lambda
+
+# Bundle secret retriever Lambda
+npx projen bundle:secret-retriever/secret-retriever.lambda
+
+# Watch mode for development
+npx projen bundle:installer/installer.lambda:watch
+```
+
+## Architecture Overview
+
+### Core Components
+
+**Main Construct (`src/vscode-server.ts`)**:
+- `VSCodeServer` - Primary construct that orchestrates the entire solution
+- Creates VPC, EC2 instance, CloudFront distribution, security groups
+- Supports Ubuntu 22/24 and Amazon Linux 2023
+- Configurable instance types, storage, and additional permissions
+
+**Infrastructure Components**:
+- **VPC**: Single AZ public subnet configuration
+- **EC2 Instance**: Configurable instance with pre-installed development tools
+- **CloudFront**: Distribution for secure access with cache policies
+- **Security Groups**: Restricted to CloudFront prefix lists only
+- **IAM**: Comprehensive role for CDK operations and AWS service access
+
+**Lambda Functions** (`src/installer/`, `src/secret-retriever/`):
+- **Installer**: Custom resource for OS-specific VS Code server installation
+- **Secret Retriever**: Custom resource for extracting generated passwords
+
+**Utility Modules**:
+- `src/mappings.ts` - AMI mappings for different OS/architecture combinations  
+- `src/prefixlist-retriever/` - AWS managed prefix list retrieval
+- `src/suppress-nags.ts` - CDK-nag suppression patterns
+
+### Supported Configurations
+
+**Operating Systems**:
+- Ubuntu 22.04 LTS (`LinuxFlavorType.UBUNTU_22`)
+- Ubuntu 24.04 LTS (`LinuxFlavorType.UBUNTU_24`) 
+- Amazon Linux 2023 (`LinuxFlavorType.AMAZON_LINUX_2023`)
+
+**Architectures**:
+- ARM64 (`LinuxArchitectureType.ARM`)
+- x86_64 (`LinuxArchitectureType.AMD64`)
+
+**Default Instance**: m7g.xlarge (ARM-based Graviton3)
+
+## Project Structure
+
+```
+src/
+├── index.ts                    # Main export
+├── vscode-server.ts           # Core VSCodeServer construct
+├── mappings.ts                # AMI mappings
+├── installer/                 # Installation Lambda functions
+├── secret-retriever/          # Password generation utilities  
+└── prefixlist-retriever/      # AWS prefix list utilities
+
+test/
+├── vscode-server.test.ts      # Unit tests
+└── installer/                 # Lambda function tests
+
+integ-tests/
+├── integ.ubuntu.ts           # Ubuntu integration tests
+└── integ.al2023.ts           # Amazon Linux integration tests
+
+examples/
+├── simple/                   # Basic usage example
+└── custom/                   # Advanced configuration example
+```
+
+## Key Properties and Customization
+
+The `VSCodeServerProps` interface allows extensive customization:
+
+- **Instance Configuration**: `instanceClass`, `instanceSize`, `instanceVolumeSize`
+- **Operating System**: `instanceOperatingSystem`, `instanceCpuArchitecture`  
+- **VS Code Settings**: `vscodeUser`, `vscodePassword`, `homeFolder`
+- **Development Server**: `devServerBasePath`, `devServerPort`
+- **Extensions**: `additionalInstanceRolePolicies`, `additionalTags`
+
+## Important Development Notes
+
+- This is a **Projen-managed project** - all configuration changes should be made in `.projenrc.ts` (not found in current structure, likely generated)
+- The project uses **JSII** for multi-language support (TypeScript, Python, Go)
+- **CDK-nag** is integrated for security compliance checking
+- Integration tests deploy real AWS resources and require valid AWS credentials
+- Lambda functions are bundled using esbuild for optimal performance
+- CloudFront distribution includes custom cache policies for VS Code Server compatibility
+
+## Security Considerations
+
+- Security groups restrict access to CloudFront IPs only
+- Instance role includes broad permissions for workshop scenarios (not production-ready)
+- Secrets Manager integration for password generation
+- EBS encryption enabled by default
+- IMDSv2 required on EC2 instances
+
+## Testing Strategy
+
+- **Unit Tests**: Mock-based testing of construct logic
+- **Integration Tests**: Full deployment testing in multiple regions (eu-west-1, eu-west-2)
+- **Coverage Reports**: Generated in `coverage/` directory with multiple formats
+- **Jest Configuration**: Includes JUnit reporter for CI/CD integration

package/lib/vscode-server.js

@@ -442,7 +442,7 @@ class VSCodeServer extends constructs_1.Construct {
 }
 exports.VSCodeServer = VSCodeServer;
 _a = JSII_RTTI_SYMBOL_1;
-VSCodeServer[_a] = { fqn: "@mavogel/cdk-vscode-server.VSCodeServer", version: "0.0.48" };
+VSCodeServer[_a] = { fqn: "@mavogel/cdk-vscode-server.VSCodeServer", version: "0.0.49" };
 /**
  * Tags all the resources in the construct
  */

package/mavogelcdkvscodeserver/go.mod

@@ -6,7 +6,7 @@ require (
 	github.com/aws/jsii-runtime-go v1.113.0
 	github.com/MV-Consulting/mvc-projen/mavogelmvcprojen v0.0.4
 	github.com/aws/aws-cdk-go/awscdk/v2 v2.177.0
-	github.com/cdklabs/cdk-nag-go/cdknag/v2 v2.36.50
+	github.com/cdklabs/cdk-nag-go/cdknag/v2 v2.37.0
 	github.com/aws/constructs-go/constructs/v10 v10.4.2
 	github.com/projen/projen-go/projen v0.91.8 // indirect
 	github.com/cdklabs/awscdk-asset-awscli-go/awscliv1/v2 v2.2.220 // indirect

package/mavogelcdkvscodeserver/jsii/jsii.go

@@ -15,7 +15,7 @@ import (
 	mavogelmvcprojen "github.com/MV-Consulting/mvc-projen/mavogelmvcprojen/jsii"
 )
 
-//go:embed mavogel-cdk-vscode-server-0.0.47.tgz
+//go:embed mavogel-cdk-vscode-server-0.0.48.tgz
 var tarball []byte
 
 // Initialize loads the necessary packages in the @jsii/kernel to support the enclosing module.
@@ -28,5 +28,5 @@ func Initialize() {
 	constructs.Initialize()
 
 	// Load this library into the kernel
-	_jsii_.Load("@mavogel/cdk-vscode-server", "0.0.47", tarball)
+	_jsii_.Load("@mavogel/cdk-vscode-server", "0.0.48", tarball)
 }

package/mavogelcdkvscodeserver/version

@@ -1 +1 @@
-0.0.47
+0.0.48