visus-mcp 0.6.2 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/settings.local.json +15 -1
- package/.env.status +7 -0
- package/CHANGELOG.md +110 -0
- package/CLAUDE.md +3 -0
- package/README.md +29 -19
- package/SECURITY.md +2 -0
- package/STATUS.md +320 -12
- package/dist/browser/playwright-renderer.d.ts.map +1 -1
- package/dist/browser/playwright-renderer.js +27 -5
- package/dist/browser/playwright-renderer.js.map +1 -1
- package/dist/content-handlers/index.d.ts +36 -0
- package/dist/content-handlers/index.d.ts.map +1 -0
- package/dist/content-handlers/index.js +59 -0
- package/dist/content-handlers/index.js.map +1 -0
- package/dist/content-handlers/json-handler.d.ts +28 -0
- package/dist/content-handlers/json-handler.d.ts.map +1 -0
- package/dist/content-handlers/json-handler.js +116 -0
- package/dist/content-handlers/json-handler.js.map +1 -0
- package/dist/content-handlers/pdf-handler.d.ts +29 -0
- package/dist/content-handlers/pdf-handler.d.ts.map +1 -0
- package/dist/content-handlers/pdf-handler.js +77 -0
- package/dist/content-handlers/pdf-handler.js.map +1 -0
- package/dist/content-handlers/svg-handler.d.ts +35 -0
- package/dist/content-handlers/svg-handler.d.ts.map +1 -0
- package/dist/content-handlers/svg-handler.js +206 -0
- package/dist/content-handlers/svg-handler.js.map +1 -0
- package/dist/content-handlers/types.d.ts +42 -0
- package/dist/content-handlers/types.d.ts.map +1 -0
- package/dist/content-handlers/types.js +7 -0
- package/dist/content-handlers/types.js.map +1 -0
- package/dist/sanitizer/framework-mapper.d.ts +4 -0
- package/dist/sanitizer/framework-mapper.d.ts.map +1 -1
- package/dist/sanitizer/framework-mapper.js +92 -0
- package/dist/sanitizer/framework-mapper.js.map +1 -1
- package/dist/sanitizer/threat-reporter.d.ts +5 -0
- package/dist/sanitizer/threat-reporter.d.ts.map +1 -1
- package/dist/sanitizer/threat-reporter.js +15 -6
- package/dist/sanitizer/threat-reporter.js.map +1 -1
- package/dist/tools/fetch-structured.d.ts.map +1 -1
- package/dist/tools/fetch-structured.js +4 -0
- package/dist/tools/fetch-structured.js.map +1 -1
- package/dist/tools/fetch.d.ts.map +1 -1
- package/dist/tools/fetch.js +68 -4
- package/dist/tools/fetch.js.map +1 -1
- package/dist/tools/read.d.ts.map +1 -1
- package/dist/tools/read.js +4 -0
- package/dist/tools/read.js.map +1 -1
- package/dist/types.d.ts +9 -1
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js.map +1 -1
- package/package.json +2 -1
- package/server.json +25 -14
- package/src/browser/playwright-renderer.ts +29 -6
- package/src/content-handlers/index.ts +72 -0
- package/src/content-handlers/json-handler.ts +137 -0
- package/src/content-handlers/pdf-handler.ts +91 -0
- package/src/content-handlers/svg-handler.ts +243 -0
- package/src/content-handlers/types.ts +44 -0
- package/src/sanitizer/framework-mapper.ts +94 -0
- package/src/sanitizer/threat-reporter.ts +17 -6
- package/src/tools/fetch-structured.ts +5 -0
- package/src/tools/fetch.ts +76 -4
- package/src/tools/read.ts +5 -0
- package/src/types.ts +9 -1
- package/.github/ISSUE_TEMPLATE/bug_report.md +0 -47
- package/.github/ISSUE_TEMPLATE/false_positive.md +0 -43
- package/.github/ISSUE_TEMPLATE/new_pattern.md +0 -49
- package/.github/ISSUE_TEMPLATE/security_report.md +0 -31
- package/.github/PULL_REQUEST_TEMPLATE.md +0 -39
- package/.mcpregistry_github_token +0 -1
- package/.mcpregistry_registry_token +0 -1
- package/CONTRIBUTING.md +0 -329
- package/LINKEDIN-STRATEGY.md +0 -367
- package/ROADMAP.md +0 -221
- package/SECURITY-AUDIT-v1.md +0 -277
- package/SUBMISSION.md +0 -66
- package/TROUBLESHOOT-AUTH-20260322-2019.md +0 -291
- package/TROUBLESHOOT-BUILD-20260319-1450.md +0 -546
- package/TROUBLESHOOT-COGNITO-AUTH-20260324-2029.md +0 -415
- package/TROUBLESHOOT-COGNITO-JWT-20260324.md +0 -592
- package/TROUBLESHOOT-FETCH-20260320-1150.md +0 -168
- package/TROUBLESHOOT-JEST-20260323-1357.md +0 -139
- package/TROUBLESHOOT-LAMBDA-20260322-1945.md +0 -183
- package/TROUBLESHOOT-PLAYWRIGHT-20260321-1549.md +0 -217
- package/TROUBLESHOOT-SSL-20260320-1138.md +0 -171
- package/TROUBLESHOOT-STRUCTURED-20260320-1200.md +0 -246
- package/TROUBLESHOOT-TEST-20260320-0942.md +0 -281
- package/VISUS-CLAUDE-CODE-PROMPT.md +0 -324
- package/VISUS-PROJECT-PLAN.md +0 -205
- package/cdk.json +0 -73
- package/infrastructure/app.ts +0 -39
- package/infrastructure/stack.ts +0 -298
- package/jest.config.js +0 -33
- package/jest.setup.js +0 -9
- package/lambda-deploy/index.js +0 -81512
- package/lambda-deploy/index.js.map +0 -7
- package/lambda-package/browser/__mocks__/playwright-renderer.d.ts +0 -25
- package/lambda-package/browser/__mocks__/playwright-renderer.d.ts.map +0 -1
- package/lambda-package/browser/__mocks__/playwright-renderer.js +0 -119
- package/lambda-package/browser/__mocks__/playwright-renderer.js.map +0 -1
- package/lambda-package/browser/playwright-renderer.d.ts +0 -40
- package/lambda-package/browser/playwright-renderer.d.ts.map +0 -1
- package/lambda-package/browser/playwright-renderer.js +0 -214
- package/lambda-package/browser/playwright-renderer.js.map +0 -1
- package/lambda-package/browser/reader.d.ts +0 -31
- package/lambda-package/browser/reader.d.ts.map +0 -1
- package/lambda-package/browser/reader.js +0 -98
- package/lambda-package/browser/reader.js.map +0 -1
- package/lambda-package/index.d.ts +0 -18
- package/lambda-package/index.d.ts.map +0 -1
- package/lambda-package/index.js +0 -238
- package/lambda-package/index.js.map +0 -1
- package/lambda-package/lambda-handler.d.ts +0 -28
- package/lambda-package/lambda-handler.d.ts.map +0 -1
- package/lambda-package/lambda-handler.js +0 -257
- package/lambda-package/lambda-handler.js.map +0 -1
- package/lambda-package/package-lock.json +0 -7435
- package/lambda-package/package.json +0 -74
- package/lambda-package/runtime.d.ts +0 -50
- package/lambda-package/runtime.d.ts.map +0 -1
- package/lambda-package/runtime.js +0 -86
- package/lambda-package/runtime.js.map +0 -1
- package/lambda-package/sanitizer/elicit-runner.d.ts +0 -48
- package/lambda-package/sanitizer/elicit-runner.d.ts.map +0 -1
- package/lambda-package/sanitizer/elicit-runner.js +0 -100
- package/lambda-package/sanitizer/elicit-runner.js.map +0 -1
- package/lambda-package/sanitizer/framework-mapper.d.ts +0 -24
- package/lambda-package/sanitizer/framework-mapper.d.ts.map +0 -1
- package/lambda-package/sanitizer/framework-mapper.js +0 -342
- package/lambda-package/sanitizer/framework-mapper.js.map +0 -1
- package/lambda-package/sanitizer/hitl-gate.d.ts +0 -69
- package/lambda-package/sanitizer/hitl-gate.d.ts.map +0 -1
- package/lambda-package/sanitizer/hitl-gate.js +0 -101
- package/lambda-package/sanitizer/hitl-gate.js.map +0 -1
- package/lambda-package/sanitizer/index.d.ts +0 -63
- package/lambda-package/sanitizer/index.d.ts.map +0 -1
- package/lambda-package/sanitizer/index.js +0 -105
- package/lambda-package/sanitizer/index.js.map +0 -1
- package/lambda-package/sanitizer/injection-detector.d.ts +0 -34
- package/lambda-package/sanitizer/injection-detector.d.ts.map +0 -1
- package/lambda-package/sanitizer/injection-detector.js +0 -89
- package/lambda-package/sanitizer/injection-detector.js.map +0 -1
- package/lambda-package/sanitizer/patterns.d.ts +0 -30
- package/lambda-package/sanitizer/patterns.d.ts.map +0 -1
- package/lambda-package/sanitizer/patterns.js +0 -372
- package/lambda-package/sanitizer/patterns.js.map +0 -1
- package/lambda-package/sanitizer/pii-allowlist.d.ts +0 -49
- package/lambda-package/sanitizer/pii-allowlist.d.ts.map +0 -1
- package/lambda-package/sanitizer/pii-allowlist.js +0 -231
- package/lambda-package/sanitizer/pii-allowlist.js.map +0 -1
- package/lambda-package/sanitizer/pii-redactor.d.ts +0 -41
- package/lambda-package/sanitizer/pii-redactor.d.ts.map +0 -1
- package/lambda-package/sanitizer/pii-redactor.js +0 -213
- package/lambda-package/sanitizer/pii-redactor.js.map +0 -1
- package/lambda-package/sanitizer/severity-classifier.d.ts +0 -33
- package/lambda-package/sanitizer/severity-classifier.d.ts.map +0 -1
- package/lambda-package/sanitizer/severity-classifier.js +0 -113
- package/lambda-package/sanitizer/severity-classifier.js.map +0 -1
- package/lambda-package/sanitizer/threat-reporter.d.ts +0 -66
- package/lambda-package/sanitizer/threat-reporter.d.ts.map +0 -1
- package/lambda-package/sanitizer/threat-reporter.js +0 -163
- package/lambda-package/sanitizer/threat-reporter.js.map +0 -1
- package/lambda-package/tools/fetch-structured.d.ts +0 -51
- package/lambda-package/tools/fetch-structured.d.ts.map +0 -1
- package/lambda-package/tools/fetch-structured.js +0 -237
- package/lambda-package/tools/fetch-structured.js.map +0 -1
- package/lambda-package/tools/fetch.d.ts +0 -49
- package/lambda-package/tools/fetch.d.ts.map +0 -1
- package/lambda-package/tools/fetch.js +0 -131
- package/lambda-package/tools/fetch.js.map +0 -1
- package/lambda-package/tools/read.d.ts +0 -51
- package/lambda-package/tools/read.d.ts.map +0 -1
- package/lambda-package/tools/read.js +0 -127
- package/lambda-package/tools/read.js.map +0 -1
- package/lambda-package/tools/search.d.ts +0 -45
- package/lambda-package/tools/search.d.ts.map +0 -1
- package/lambda-package/tools/search.js +0 -220
- package/lambda-package/tools/search.js.map +0 -1
- package/lambda-package/types.d.ts +0 -167
- package/lambda-package/types.d.ts.map +0 -1
- package/lambda-package/types.js +0 -16
- package/lambda-package/types.js.map +0 -1
- package/lambda-package/utils/format-converter.d.ts +0 -39
- package/lambda-package/utils/format-converter.d.ts.map +0 -1
- package/lambda-package/utils/format-converter.js +0 -191
- package/lambda-package/utils/format-converter.js.map +0 -1
- package/lambda-package/utils/truncate.d.ts +0 -26
- package/lambda-package/utils/truncate.d.ts.map +0 -1
- package/lambda-package/utils/truncate.js +0 -54
- package/lambda-package/utils/truncate.js.map +0 -1
- package/lambda.zip +0 -0
- package/test-output.txt +0 -4
- package/tests/auth-smoke.test.ts +0 -480
- package/tests/elicit-runner.test.ts +0 -232
- package/tests/fetch-tool.test.ts +0 -922
- package/tests/hitl-gate.test.ts +0 -267
- package/tests/injection-corpus.ts +0 -338
- package/tests/pii-allowlist.test.ts +0 -282
- package/tests/reader.test.ts +0 -353
- package/tests/sanitizer.test.ts +0 -358
- package/tests/search.test.ts +0 -456
- package/tests/threat-reporter.test.ts +0 -334
- package/tsconfig.cdk.json +0 -35
package/infrastructure/stack.ts
DELETED
|
@@ -1,298 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Visus MCP - AWS CDK Stack (Phase 2)
|
|
3
|
-
*
|
|
4
|
-
* Infrastructure components:
|
|
5
|
-
* - Lambda function (Playwright + sanitization)
|
|
6
|
-
* - API Gateway REST API (/fetch, /fetch-structured)
|
|
7
|
-
* - Cognito User Pool (authentication)
|
|
8
|
-
* - DynamoDB table (audit logging)
|
|
9
|
-
* - KMS key (encryption at rest)
|
|
10
|
-
* - CloudWatch logs
|
|
11
|
-
*
|
|
12
|
-
* Security compliance per CLAUDE.md:
|
|
13
|
-
* - Scoped IAM roles (no wildcards)
|
|
14
|
-
* - KMS encryption for DynamoDB
|
|
15
|
-
* - Reserved concurrent executions on Lambda
|
|
16
|
-
* - No secrets in code (use Secrets Manager)
|
|
17
|
-
* - VPC isolation (optional for Phase 2, required for Phase 3)
|
|
18
|
-
*/
|
|
19
|
-
|
|
20
|
-
import * as cdk from 'aws-cdk-lib';
|
|
21
|
-
import * as lambda from 'aws-cdk-lib/aws-lambda';
|
|
22
|
-
import * as lambdaNodejs from 'aws-cdk-lib/aws-lambda-nodejs';
|
|
23
|
-
import * as apigateway from 'aws-cdk-lib/aws-apigateway';
|
|
24
|
-
import * as cognito from 'aws-cdk-lib/aws-cognito';
|
|
25
|
-
import * as dynamodb from 'aws-cdk-lib/aws-dynamodb';
|
|
26
|
-
import * as kms from 'aws-cdk-lib/aws-kms';
|
|
27
|
-
import * as iam from 'aws-cdk-lib/aws-iam';
|
|
28
|
-
import * as logs from 'aws-cdk-lib/aws-logs';
|
|
29
|
-
import { Construct } from 'constructs';
|
|
30
|
-
|
|
31
|
-
export interface VisusStackProps extends cdk.StackProps {
|
|
32
|
-
environment: string;
|
|
33
|
-
}
|
|
34
|
-
|
|
35
|
-
export class VisusStack extends cdk.Stack {
|
|
36
|
-
constructor(scope: Construct, id: string, props: VisusStackProps) {
|
|
37
|
-
super(scope, id, props);
|
|
38
|
-
|
|
39
|
-
const { environment } = props;
|
|
40
|
-
|
|
41
|
-
// ========================================
|
|
42
|
-
// KMS Key for Encryption at Rest
|
|
43
|
-
// ========================================
|
|
44
|
-
const kmsKey = new kms.Key(this, 'VisusKmsKey', {
|
|
45
|
-
description: `Visus MCP encryption key (${environment})`,
|
|
46
|
-
enableKeyRotation: true,
|
|
47
|
-
alias: `visus-mcp-${environment}`,
|
|
48
|
-
removalPolicy: environment === 'prod'
|
|
49
|
-
? cdk.RemovalPolicy.RETAIN
|
|
50
|
-
: cdk.RemovalPolicy.DESTROY,
|
|
51
|
-
});
|
|
52
|
-
|
|
53
|
-
// ========================================
|
|
54
|
-
// DynamoDB Table - Audit Logging
|
|
55
|
-
// ========================================
|
|
56
|
-
const auditTable = new dynamodb.Table(this, 'VisusAuditLog', {
|
|
57
|
-
tableName: `visus-audit-${environment}`,
|
|
58
|
-
partitionKey: {
|
|
59
|
-
name: 'user_id',
|
|
60
|
-
type: dynamodb.AttributeType.STRING,
|
|
61
|
-
},
|
|
62
|
-
sortKey: {
|
|
63
|
-
name: 'timestamp',
|
|
64
|
-
type: dynamodb.AttributeType.STRING,
|
|
65
|
-
},
|
|
66
|
-
billingMode: dynamodb.BillingMode.PAY_PER_REQUEST, // On-demand pricing
|
|
67
|
-
encryption: dynamodb.TableEncryption.CUSTOMER_MANAGED,
|
|
68
|
-
encryptionKey: kmsKey,
|
|
69
|
-
pointInTimeRecovery: environment === 'prod',
|
|
70
|
-
removalPolicy: environment === 'prod'
|
|
71
|
-
? cdk.RemovalPolicy.RETAIN
|
|
72
|
-
: cdk.RemovalPolicy.DESTROY,
|
|
73
|
-
timeToLiveAttribute: 'ttl', // Auto-delete audit logs after 30 days
|
|
74
|
-
});
|
|
75
|
-
|
|
76
|
-
// Global Secondary Index for querying by request_id
|
|
77
|
-
auditTable.addGlobalSecondaryIndex({
|
|
78
|
-
indexName: 'request_id-index',
|
|
79
|
-
partitionKey: {
|
|
80
|
-
name: 'request_id',
|
|
81
|
-
type: dynamodb.AttributeType.STRING,
|
|
82
|
-
},
|
|
83
|
-
projectionType: dynamodb.ProjectionType.ALL,
|
|
84
|
-
});
|
|
85
|
-
|
|
86
|
-
// ========================================
|
|
87
|
-
// Cognito User Pool - Authentication
|
|
88
|
-
// ========================================
|
|
89
|
-
const userPool = new cognito.UserPool(this, 'VisusUserPool', {
|
|
90
|
-
userPoolName: `visus-users-${environment}`,
|
|
91
|
-
selfSignUpEnabled: true,
|
|
92
|
-
signInAliases: {
|
|
93
|
-
email: true,
|
|
94
|
-
},
|
|
95
|
-
autoVerify: {
|
|
96
|
-
email: true,
|
|
97
|
-
},
|
|
98
|
-
passwordPolicy: {
|
|
99
|
-
minLength: 12,
|
|
100
|
-
requireLowercase: true,
|
|
101
|
-
requireUppercase: true,
|
|
102
|
-
requireDigits: true,
|
|
103
|
-
requireSymbols: true,
|
|
104
|
-
},
|
|
105
|
-
accountRecovery: cognito.AccountRecovery.EMAIL_ONLY,
|
|
106
|
-
removalPolicy: environment === 'prod'
|
|
107
|
-
? cdk.RemovalPolicy.RETAIN
|
|
108
|
-
: cdk.RemovalPolicy.DESTROY,
|
|
109
|
-
});
|
|
110
|
-
|
|
111
|
-
const userPoolClient = new cognito.UserPoolClient(this, 'VisusUserPoolClient', {
|
|
112
|
-
userPool,
|
|
113
|
-
userPoolClientName: `visus-client-${environment}`,
|
|
114
|
-
authFlows: {
|
|
115
|
-
userPassword: true,
|
|
116
|
-
userSrp: true,
|
|
117
|
-
},
|
|
118
|
-
oAuth: {
|
|
119
|
-
flows: {
|
|
120
|
-
authorizationCodeGrant: true,
|
|
121
|
-
},
|
|
122
|
-
scopes: [cognito.OAuthScope.OPENID, cognito.OAuthScope.EMAIL, cognito.OAuthScope.PROFILE],
|
|
123
|
-
},
|
|
124
|
-
});
|
|
125
|
-
|
|
126
|
-
// ========================================
|
|
127
|
-
// Lambda Function - Visus Sanitization Service
|
|
128
|
-
// ========================================
|
|
129
|
-
|
|
130
|
-
// Lambda execution role
|
|
131
|
-
const lambdaRole = new iam.Role(this, 'VisusLambdaRole', {
|
|
132
|
-
assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),
|
|
133
|
-
description: 'Execution role for Visus Lambda function',
|
|
134
|
-
});
|
|
135
|
-
|
|
136
|
-
// Grant basic Lambda execution permissions
|
|
137
|
-
lambdaRole.addManagedPolicy(
|
|
138
|
-
iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSLambdaBasicExecutionRole')
|
|
139
|
-
);
|
|
140
|
-
|
|
141
|
-
// Grant DynamoDB write access (scoped to this table only)
|
|
142
|
-
auditTable.grantWriteData(lambdaRole);
|
|
143
|
-
|
|
144
|
-
// Grant KMS decrypt access (for reading encrypted DynamoDB data if needed)
|
|
145
|
-
kmsKey.grantEncryptDecrypt(lambdaRole);
|
|
146
|
-
|
|
147
|
-
// Lambda function (NodejsFunction with automatic bundling)
|
|
148
|
-
const visusFn = new lambdaNodejs.NodejsFunction(this, 'VisusFunction', {
|
|
149
|
-
functionName: `visus-mcp-${environment}`,
|
|
150
|
-
runtime: lambda.Runtime.NODEJS_20_X,
|
|
151
|
-
entry: 'src/lambda-handler.ts', // Entry point for bundler
|
|
152
|
-
handler: 'handler', // Export name in the entry file
|
|
153
|
-
timeout: cdk.Duration.seconds(30), // Playwright page loads can take time
|
|
154
|
-
memorySize: 1024, // Chromium requires significant memory
|
|
155
|
-
reservedConcurrentExecutions: environment === 'prod' ? 100 : 10, // RULE 7: Cost protection
|
|
156
|
-
role: lambdaRole,
|
|
157
|
-
environment: {
|
|
158
|
-
AUDIT_TABLE_NAME: auditTable.tableName,
|
|
159
|
-
ENVIRONMENT: environment,
|
|
160
|
-
ALLOWED_ORIGINS: 'https://claude.ai,https://app.claude.ai,http://localhost:3000',
|
|
161
|
-
NODE_OPTIONS: '--enable-source-maps', // For debugging
|
|
162
|
-
},
|
|
163
|
-
logRetention: environment === 'prod'
|
|
164
|
-
? logs.RetentionDays.ONE_MONTH
|
|
165
|
-
: logs.RetentionDays.ONE_WEEK,
|
|
166
|
-
description: `Visus MCP sanitization service (${environment})`,
|
|
167
|
-
bundling: {
|
|
168
|
-
minify: false, // Keep readable for debugging
|
|
169
|
-
sourceMap: true,
|
|
170
|
-
externalModules: [
|
|
171
|
-
'playwright-core', // Playwright is huge, will be added via layer
|
|
172
|
-
'@sparticuz/chromium', // Chromium binary
|
|
173
|
-
'@modelcontextprotocol/sdk', // MCP SDK only needed for stdio mode, not Lambda
|
|
174
|
-
],
|
|
175
|
-
},
|
|
176
|
-
});
|
|
177
|
-
|
|
178
|
-
// ========================================
|
|
179
|
-
// API Gateway - REST API
|
|
180
|
-
// ========================================
|
|
181
|
-
const api = new apigateway.RestApi(this, 'VisusApi', {
|
|
182
|
-
restApiName: `visus-api-${environment}`,
|
|
183
|
-
description: `Visus MCP REST API (${environment})`,
|
|
184
|
-
deployOptions: {
|
|
185
|
-
stageName: environment,
|
|
186
|
-
throttlingRateLimit: 100,
|
|
187
|
-
throttlingBurstLimit: 200,
|
|
188
|
-
loggingLevel: apigateway.MethodLoggingLevel.INFO,
|
|
189
|
-
dataTraceEnabled: true,
|
|
190
|
-
metricsEnabled: true,
|
|
191
|
-
},
|
|
192
|
-
defaultCorsPreflightOptions: {
|
|
193
|
-
allowOrigins: [
|
|
194
|
-
'https://claude.ai',
|
|
195
|
-
'https://app.claude.ai',
|
|
196
|
-
'http://localhost:3000', // local dev only
|
|
197
|
-
],
|
|
198
|
-
allowMethods: ['POST', 'OPTIONS'],
|
|
199
|
-
allowHeaders: ['Content-Type', 'Authorization'],
|
|
200
|
-
},
|
|
201
|
-
});
|
|
202
|
-
|
|
203
|
-
// Usage plan with rate limiting and quota
|
|
204
|
-
const usagePlan = api.addUsagePlan('VisusUsagePlan', {
|
|
205
|
-
name: `visus-usage-plan-${environment}`,
|
|
206
|
-
description: 'Rate limiting and quota management for Visus API',
|
|
207
|
-
throttle: {
|
|
208
|
-
rateLimit: 10, // 10 requests per second
|
|
209
|
-
burstLimit: 20, // 20 request burst
|
|
210
|
-
},
|
|
211
|
-
quota: {
|
|
212
|
-
limit: 1000, // 1000 requests per day
|
|
213
|
-
period: apigateway.Period.DAY,
|
|
214
|
-
},
|
|
215
|
-
});
|
|
216
|
-
|
|
217
|
-
// Add deployment stage to usage plan
|
|
218
|
-
usagePlan.addApiStage({
|
|
219
|
-
stage: api.deploymentStage,
|
|
220
|
-
});
|
|
221
|
-
|
|
222
|
-
// Create API key for the usage plan
|
|
223
|
-
const apiKey = api.addApiKey('VisusApiKey', {
|
|
224
|
-
apiKeyName: `visus-api-key-${environment}`,
|
|
225
|
-
description: `API key for Visus ${environment} environment`,
|
|
226
|
-
});
|
|
227
|
-
|
|
228
|
-
// Associate API key with usage plan
|
|
229
|
-
usagePlan.addApiKey(apiKey);
|
|
230
|
-
|
|
231
|
-
// Cognito authorizer
|
|
232
|
-
const authorizer = new apigateway.CognitoUserPoolsAuthorizer(this, 'VisusAuthorizer', {
|
|
233
|
-
cognitoUserPools: [userPool],
|
|
234
|
-
authorizerName: `visus-auth-${environment}`,
|
|
235
|
-
});
|
|
236
|
-
|
|
237
|
-
// Lambda integration
|
|
238
|
-
const lambdaIntegration = new apigateway.LambdaIntegration(visusFn, {
|
|
239
|
-
proxy: true,
|
|
240
|
-
});
|
|
241
|
-
|
|
242
|
-
// API routes
|
|
243
|
-
const fetch = api.root.addResource('fetch');
|
|
244
|
-
fetch.addMethod('POST', lambdaIntegration, {
|
|
245
|
-
authorizer,
|
|
246
|
-
authorizationType: apigateway.AuthorizationType.COGNITO,
|
|
247
|
-
});
|
|
248
|
-
|
|
249
|
-
const fetchStructured = api.root.addResource('fetch-structured');
|
|
250
|
-
fetchStructured.addMethod('POST', lambdaIntegration, {
|
|
251
|
-
authorizer,
|
|
252
|
-
authorizationType: apigateway.AuthorizationType.COGNITO,
|
|
253
|
-
});
|
|
254
|
-
|
|
255
|
-
// Health check endpoint (no auth required)
|
|
256
|
-
const health = api.root.addResource('health');
|
|
257
|
-
health.addMethod('GET', lambdaIntegration);
|
|
258
|
-
|
|
259
|
-
// ========================================
|
|
260
|
-
// Outputs
|
|
261
|
-
// ========================================
|
|
262
|
-
new cdk.CfnOutput(this, 'ApiEndpoint', {
|
|
263
|
-
value: api.url,
|
|
264
|
-
description: 'Visus API Gateway endpoint',
|
|
265
|
-
exportName: `visus-api-url-${environment}`,
|
|
266
|
-
});
|
|
267
|
-
|
|
268
|
-
new cdk.CfnOutput(this, 'UserPoolId', {
|
|
269
|
-
value: userPool.userPoolId,
|
|
270
|
-
description: 'Cognito User Pool ID',
|
|
271
|
-
exportName: `visus-user-pool-id-${environment}`,
|
|
272
|
-
});
|
|
273
|
-
|
|
274
|
-
new cdk.CfnOutput(this, 'UserPoolClientId', {
|
|
275
|
-
value: userPoolClient.userPoolClientId,
|
|
276
|
-
description: 'Cognito User Pool Client ID',
|
|
277
|
-
exportName: `visus-user-pool-client-id-${environment}`,
|
|
278
|
-
});
|
|
279
|
-
|
|
280
|
-
new cdk.CfnOutput(this, 'AuditTableName', {
|
|
281
|
-
value: auditTable.tableName,
|
|
282
|
-
description: 'DynamoDB audit log table name',
|
|
283
|
-
exportName: `visus-audit-table-${environment}`,
|
|
284
|
-
});
|
|
285
|
-
|
|
286
|
-
new cdk.CfnOutput(this, 'LambdaFunctionArn', {
|
|
287
|
-
value: visusFn.functionArn,
|
|
288
|
-
description: 'Lambda function ARN',
|
|
289
|
-
exportName: `visus-lambda-arn-${environment}`,
|
|
290
|
-
});
|
|
291
|
-
|
|
292
|
-
new cdk.CfnOutput(this, 'ApiKeyId', {
|
|
293
|
-
value: apiKey.keyId,
|
|
294
|
-
description: 'API Gateway API Key ID (use aws apigateway get-api-key to retrieve value)',
|
|
295
|
-
exportName: `visus-api-key-id-${environment}`,
|
|
296
|
-
});
|
|
297
|
-
}
|
|
298
|
-
}
|
package/jest.config.js
DELETED
|
@@ -1,33 +0,0 @@
|
|
|
1
|
-
export default {
|
|
2
|
-
preset: 'ts-jest/presets/default-esm',
|
|
3
|
-
testEnvironment: 'node',
|
|
4
|
-
extensionsToTreatAsEsm: ['.ts'],
|
|
5
|
-
moduleNameMapper: {
|
|
6
|
-
'^(\\.{1,2}/.*)\\.js$': '$1',
|
|
7
|
-
},
|
|
8
|
-
transform: {
|
|
9
|
-
'^.+\\.ts$': [
|
|
10
|
-
'ts-jest',
|
|
11
|
-
{
|
|
12
|
-
useESM: true,
|
|
13
|
-
},
|
|
14
|
-
],
|
|
15
|
-
},
|
|
16
|
-
testMatch: ['**/tests/**/*.test.ts'],
|
|
17
|
-
testPathIgnorePatterns: ['/node_modules/', '/dist/'],
|
|
18
|
-
transformIgnorePatterns: [
|
|
19
|
-
'node_modules/(?!(@mozilla/readability|jsdom|@exodus/bytes|html-encoding-sniffer|@toon-format)/)',
|
|
20
|
-
],
|
|
21
|
-
testTimeout: 15000,
|
|
22
|
-
forceExit: true,
|
|
23
|
-
detectOpenHandles: false,
|
|
24
|
-
collectCoverageFrom: ['src/**/*.ts', '!src/**/__mocks__/**'],
|
|
25
|
-
coverageThreshold: {
|
|
26
|
-
global: {
|
|
27
|
-
branches: 80,
|
|
28
|
-
functions: 80,
|
|
29
|
-
lines: 80,
|
|
30
|
-
statements: 80,
|
|
31
|
-
},
|
|
32
|
-
},
|
|
33
|
-
};
|
package/jest.setup.js
DELETED
|
@@ -1,9 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Jest Setup File
|
|
3
|
-
*
|
|
4
|
-
* Automatically mocks Playwright renderer for all unit tests.
|
|
5
|
-
* This prevents real browser launches and fixes test timeout issues.
|
|
6
|
-
*/
|
|
7
|
-
|
|
8
|
-
// For ESM compatibility, mocking is handled at test file level
|
|
9
|
-
// This file ensures proper test environment setup
|