konokenj.cdk-api-mcp-server 0.28.0__py3-none-any.whl → 0.29.0__py3-none-any.whl

cdk_api_mcp_server/__about__.py

@@ -1,4 +1,4 @@
 # SPDX-FileCopyrightText: 2025-present Kenji Kono <konoken@amazon.co.jp>
 #
 # SPDX-License-Identifier: MIT
-__version__ = "0.28.0"
+__version__ = "0.29.0"

cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-amplify-alpha/README.md

@@ -238,6 +238,68 @@ const amplifyApp = new amplify.App(this, 'App', {
 });
 ```
 
+If the app uses a monorepo structure, define which appRoot from the build spec the custom response headers should apply to by using the `appRoot` property:
+
+```ts
+import * as codebuild from 'aws-cdk-lib/aws-codebuild';
+
+const amplifyApp = new amplify.App(this, 'App', {
+  sourceCodeProvider: new amplify.GitHubSourceCodeProvider({
+    owner: '<user>',
+    repository: '<repo>',
+    oauthToken: SecretValue.secretsManager('my-github-token'),
+  }),
+  buildSpec: codebuild.BuildSpec.fromObjectToYaml({
+    version: '1.0',
+    applications: [
+      {
+        appRoot: 'frontend',
+        frontend: {
+          phases: {
+            preBuild: {
+              commands: ['npm install'],
+            },
+            build: {
+              commands: ['npm run build'],
+            },
+          },
+        },
+      },
+      {
+        appRoot: 'backend',
+        backend: {
+          phases: {
+            preBuild: {
+              commands: ['npm install'],
+            },
+            build: {
+              commands: ['npm run build'],
+            },
+          },
+        },
+      },
+    ],
+  }),
+  customResponseHeaders: [
+    {
+      appRoot: 'frontend',
+      pattern: '*.json',
+      headers: {
+        'custom-header-name-1': 'custom-header-value-1',
+        'custom-header-name-2': 'custom-header-value-2',
+      },
+    },
+    {
+      appRoot: 'backend',
+      pattern: '/path/*',
+      headers: {
+        'custom-header-name-1': 'custom-header-value-2',
+      },
+    },
+  ],
+});
+```
+
 ## Configure server side rendering when hosting app
 
 Setting the `platform` field on the Amplify `App` construct can be used to control whether the app will host only static assets or server side rendered assets in addition to static. By default, the value is set to `WEB` (static only), however, server side rendering can be turned on by setting to `WEB_COMPUTE` as follows:
@@ -268,6 +330,15 @@ const amplifyApp = new amplify.App(this, 'MyApp', {
 });
 ```
 
+It is also possible to override the compute role for a specific branch by setting `computeRole` in `Branch`:
+
+```ts
+declare const computeRole: iam.Role;
+declare const amplifyApp: amplify.App
+
+const branch = amplifyApp.addBranch("dev", { computeRole });
+```
+
 ## Cache Config
 
 Amplify uses Amazon CloudFront to manage the caching configuration for your hosted applications. A cache configuration is applied to each app to optimize for the best performance.

cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/integ-tests-alpha/README.md

@@ -18,7 +18,7 @@
 
 ## Overview
 
-This library is meant to be used in combination with the [integ-runner](https://github.com/aws/aws-cdk/tree/main/packages/%40aws-cdk/integ-runner) CLI
+This library is meant to be used in combination with the [integ-runner](https://github.com/aws/aws-cdk-cli/tree/main/packages/%40aws-cdk/integ-runner) CLI
 to enable users to write and execute integration tests for AWS CDK Constructs.
 
 An integration test should be defined as a CDK application, and

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudfront/README.md

@@ -1252,7 +1252,24 @@ When using a CloudFront PublicKey, only the `comment` field can be updated after
 Resource handler returned message: "Invalid request provided: AWS::CloudFront::PublicKey"
 ```
 
-To update the `encodedKey`, you must change the logical ID of the public key resource in your template. This causes CloudFormation to create a new `cloudfront.PublicKey` resource and delete the old one during the next deployment.
+To update the `encodedKey`, you must change the ID of the public key resource in your template. This causes CloudFormation to create a new `cloudfront.PublicKey` resource and delete the old one during the next deployment.
+
+Example:
+
+```ts
+// Step 1: Original deployment
+const originalKey = new cloudfront.PublicKey(this, 'MyPublicKeyV1', {
+  encodedKey: '...', // contents of original public_key.pem file
+});
+```
+
+Regenerate a new key and change the construct id in the code:
+```ts
+// Step 2: In a subsequent deployment, create a new key with a different ID
+const updatedKey = new cloudfront.PublicKey(this, 'MyPublicKeyV2', {
+  encodedKey: '...', // contents of new public_key.pem file
+});
+```
 
 
 See:

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/README.md

@@ -69,12 +69,12 @@ This example defines an Amazon EKS cluster with the following configuration:
 * A Kubernetes pod with a container based on the [paulbouwer/hello-kubernetes](https://github.com/paulbouwer/hello-kubernetes) image.
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 // provisioning a cluster
 const cluster = new eks.Cluster(this, 'hello-eks', {
-  version: eks.KubernetesVersion.V1_32,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 
 // apply a kubernetes manifest to the cluster
@@ -139,22 +139,22 @@ A more detailed breakdown of each is provided further down this README.
 Creating a new cluster is done using the `Cluster` or `FargateCluster` constructs. The only required properties are the kubernetes `version` and `kubectlLayer`.
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_32,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
 You can also use `FargateCluster` to provision a cluster that uses only fargate workers.
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 new eks.FargateCluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_32,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -177,13 +177,13 @@ By default, this library will allocate a managed node group with 2 *m5.large* in
 At cluster instantiation time, you can customize the number of instances and their type:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   defaultCapacity: 5,
   defaultCapacityInstance: ec2.InstanceType.of(ec2.InstanceClass.M5, ec2.InstanceSize.SMALL),
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -192,12 +192,12 @@ To access the node group that was created on your behalf, you can use `cluster.d
 Additional customizations are available post instantiation. To apply them, set the default capacity to 0, and use the `cluster.addNodegroupCapacity` method:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 const cluster = new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   defaultCapacity: 0,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 
 cluster.addNodegroupCapacity('custom-node-group', {
@@ -273,7 +273,7 @@ Node groups are available with IPv6 configured networks.  For custom roles assig
 > For more details visit [Configuring the Amazon VPC CNI plugin for Kubernetes to use IAM roles for service accounts](https://docs.aws.amazon.com/eks/latest/userguide/cni-iam-role.html#cni-iam-role-create-role)
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 const ipv6Management = new iam.PolicyDocument({
     statements: [new iam.PolicyStatement({
@@ -299,9 +299,9 @@ const eksClusterNodeGroupRole = new iam.Role(this, 'eksClusterNodeGroupRole', {
 });
 
 const cluster = new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   defaultCapacity: 0,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 
 cluster.addNodegroupCapacity('custom-node-group', {
@@ -413,12 +413,12 @@ has been changed. As a workaround, you need to add a temporary policy to the clu
 successful replacement. Consider this example if you are renaming the cluster from `foo` to `bar`:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 const cluster = new eks.Cluster(this, 'cluster-to-rename', {
   clusterName: 'foo', // rename this to 'bar'
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
-  version: eks.KubernetesVersion.V1_32,
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
+  version: eks.KubernetesVersion.V1_33,
 });
 
 // allow the cluster admin role to delete the cluster 'foo'
@@ -471,11 +471,11 @@ To create an EKS cluster that **only** uses Fargate capacity, you can use `Farga
 The following code defines an Amazon EKS cluster with a default Fargate Profile that matches all pods from the "kube-system" and "default" namespaces. It is also configured to [run CoreDNS on Fargate](https://docs.aws.amazon.com/eks/latest/userguide/fargate-getting-started.html#fargate-gs-coredns).
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 const cluster = new eks.FargateCluster(this, 'MyCluster', {
-  version: eks.KubernetesVersion.V1_32,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -551,12 +551,12 @@ To disable bootstrapping altogether (i.e. to fully customize user-data), set `bo
 You can also configure the cluster to use an auto-scaling group as the default capacity:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 const cluster = new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   defaultCapacityType: eks.DefaultCapacityType.EC2,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -658,12 +658,12 @@ AWS Identity and Access Management (IAM) and native Kubernetes [Role Based Acces
 You can configure the [cluster endpoint access](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) by using the `endpointAccess` property:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 const cluster = new eks.Cluster(this, 'hello-eks', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   endpointAccess: eks.EndpointAccess.PRIVATE, // No access outside of your VPC.
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -683,31 +683,31 @@ From the docs:
 To deploy the controller on your EKS cluster, configure the `albController` property:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   albController: {
     version: eks.AlbControllerVersion.V2_8_2,
   },
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
 To provide additional Helm chart values supported by `albController` in CDK, use the `additionalHelmChartValues` property. For example, the following code snippet shows how to set the `enableWafV2` flag:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   albController: {
     version: eks.AlbControllerVersion.V2_8_2,
     additionalHelmChartValues: {
       enableWafv2: false
     }
   },
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -744,15 +744,15 @@ if (cluster.albController) {
 You can specify the VPC of the cluster using the `vpc` and `vpcSubnets` properties:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 declare const vpc: ec2.Vpc;
 
 new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   vpc,
   vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }],
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -795,11 +795,11 @@ The `ClusterHandler` is a set of Lambda functions (`onEventHandler`, `isComplete
 You can configure the environment of the Cluster Handler functions by specifying it at cluster instantiation. For example, this can be useful in order to configure an http proxy:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 declare const proxyInstanceSecurityGroup: ec2.SecurityGroup;
 const cluster = new eks.Cluster(this, 'hello-eks', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   clusterHandlerEnvironment: {
     https_proxy: 'http://proxy.myproxy.com',
   },
@@ -808,7 +808,7 @@ const cluster = new eks.Cluster(this, 'hello-eks', {
    * Cluster Handler Lambdas so that it can reach the proxy.
    */
   clusterHandlerSecurityGroup: proxyInstanceSecurityGroup,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -817,7 +817,7 @@ const cluster = new eks.Cluster(this, 'hello-eks', {
 You can optionally choose to configure your cluster to use IPv6 using the [`ipFamily`](https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-ipFamily) definition for your cluster.  Note that this will require the underlying subnets to have an associated IPv6 CIDR.
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 declare const vpc: ec2.Vpc;
 
 function associateSubnetWithV6Cidr(vpc: ec2.Vpc, count: number, subnet: ec2.ISubnet) {
@@ -843,11 +843,11 @@ for (let subnet of subnets) {
 }
 
 const cluster = new eks.Cluster(this, 'hello-eks', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   vpc: vpc,
   ipFamily: eks.IpFamily.IP_V6,
   vpcSubnets: [{ subnets: vpc.publicSubnets }],
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -878,14 +878,14 @@ const cluster = eks.Cluster.fromClusterAttributes(this, 'Cluster', {
 You can configure the environment of this function by specifying it at cluster instantiation. For example, this can be useful in order to configure an http proxy:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 const cluster = new eks.Cluster(this, 'hello-eks', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   kubectlEnvironment: {
     'http_proxy': 'http://proxy.myproxy.com',
   },
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -902,11 +902,11 @@ Depending on which version of kubernetes you're targeting, you will need to use
 the `@aws-cdk/lambda-layer-kubectl-vXY` packages.
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 const cluster = new eks.Cluster(this, 'hello-eks', {
-  version: eks.KubernetesVersion.V1_32,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -941,7 +941,7 @@ const cluster1 = new eks.Cluster(this, 'MyCluster', {
   kubectlLayer: layer,
   vpc,
   clusterName: 'cluster-name',
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
 });
 
 // or
@@ -957,12 +957,12 @@ const cluster2 = eks.Cluster.fromClusterAttributes(this, 'MyCluster', {
 By default, the kubectl provider is configured with 1024MiB of memory. You can use the `kubectlMemory` option to specify the memory size for the AWS Lambda function:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 new eks.Cluster(this, 'MyCluster', {
   kubectlMemory: Size.gibibytes(4),
-  version: eks.KubernetesVersion.V1_32,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 
 // or
@@ -999,13 +999,13 @@ cluster.addAutoScalingGroupCapacity('self-ng-arm', {
 When you create a cluster, you can specify a `mastersRole`. The `Cluster` construct will associate this role with the `system:masters` [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) group, giving it super-user access to the cluster.
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 declare const role: iam.Role;
 new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   mastersRole: role,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -1051,26 +1051,26 @@ You can use the `secretsEncryptionKey` to configure which key the cluster will u
 > This setting can only be specified when the cluster is created and cannot be updated.
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 const secretsKey = new kms.Key(this, 'SecretsKey');
 const cluster = new eks.Cluster(this, 'MyCluster', {
   secretsEncryptionKey: secretsKey,
-  version: eks.KubernetesVersion.V1_32,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
 You can also use a similar configuration for running a cluster built using the FargateCluster construct.
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 const secretsKey = new kms.Key(this, 'SecretsKey');
 const cluster = new eks.FargateCluster(this, 'MyFargateCluster', {
   secretsEncryptionKey: secretsKey,
-  version: eks.KubernetesVersion.V1_32,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -1088,11 +1088,11 @@ When you create an Amazon EKS cluster, you can configure it to leverage the [EKS
 Once you have identified the on-premises node and pod (optional) CIDRs you will use for your hybrid nodes and the workloads running on them, you can specify them during cluster creation using the `remoteNodeNetworks` and `remotePodNetworks` (optional) properties:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 new eks.Cluster(this, 'Cluster', {
-  version: eks.KubernetesVersion.V1_32,
-  kubectlLayer: new KubectlV32Layer(this, 'KubectlLayer'),
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'KubectlLayer'),
   remoteNodeNetworks: [
     {
       cidrs: ['10.0.0.0/16'],
@@ -1145,7 +1145,7 @@ To access the Kubernetes resources from the console, make sure your viewing prin
 in the `aws-auth` ConfigMap. Some options to consider:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 declare const cluster: eks.Cluster;
 declare const your_current_role: iam.Role;
 declare const vpc: ec2.Vpc;
@@ -1165,7 +1165,7 @@ your_current_role.addToPolicy(new iam.PolicyStatement({
 
 ```ts
 // Option 2: create your custom mastersRole with scoped assumeBy arn as the Cluster prop. Switch to this role from the AWS console.
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 declare const vpc: ec2.Vpc;
 
 
@@ -1175,8 +1175,8 @@ const mastersRole = new iam.Role(this, 'MastersRole', {
 
 const cluster = new eks.Cluster(this, 'EksCluster', {
   vpc,
-  version: eks.KubernetesVersion.V1_32,
-  kubectlLayer: new KubectlV32Layer(this, 'KubectlLayer'),
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'KubectlLayer'),
   mastersRole,
 });
 
@@ -1220,13 +1220,13 @@ AWS IAM principals from both Amazon EKS access entry APIs and the aws-auth confi
 To specify the `authenticationMode`:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 declare const vpc: ec2.Vpc;
 
 new eks.Cluster(this, 'Cluster', {
   vpc,
-  version: eks.KubernetesVersion.V1_32,
-  kubectlLayer: new KubectlV32Layer(this, 'KubectlLayer'),
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'KubectlLayer'),
   authenticationMode: eks.AuthenticationMode.API_AND_CONFIG_MAP,
 });
 ```
@@ -1271,7 +1271,7 @@ eks.AccessPolicy.fromAccessPolicyName('AmazonEKSAdminPolicy', {
 Use `grantAccess()` to grant the AccessPolicy to an IAM principal:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 declare const vpc: ec2.Vpc;
 
 const clusterAdminRole = new iam.Role(this, 'ClusterAdminRole', {
@@ -1289,8 +1289,8 @@ const eksAdminViewRole = new iam.Role(this, 'EKSAdminViewRole', {
 const cluster = new eks.Cluster(this, 'Cluster', {
   vpc,
   mastersRole: clusterAdminRole,
-  version: eks.KubernetesVersion.V1_32,
-  kubectlLayer: new KubectlV32Layer(this, 'KubectlLayer'),
+  version: eks.KubernetesVersion.V1_33,
+  kubectlLayer: new KubectlV33Layer(this, 'KubectlLayer'),
   authenticationMode: eks.AuthenticationMode.API_AND_CONFIG_MAP,
 });
 
@@ -1622,12 +1622,12 @@ Pruning is enabled by default but can be disabled through the `prune` option
 when a cluster is defined:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 new eks.Cluster(this, 'MyCluster', {
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   prune: false,
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 
@@ -2030,17 +2030,17 @@ You can enable logging for each one separately using the `clusterLogging`
 property. For example:
 
 ```ts
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32';
+import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
 
 const cluster = new eks.Cluster(this, 'Cluster', {
   // ...
-  version: eks.KubernetesVersion.V1_32,
+  version: eks.KubernetesVersion.V1_33,
   clusterLogging: [
     eks.ClusterLoggingTypes.API,
     eks.ClusterLoggingTypes.AUTHENTICATOR,
     eks.ClusterLoggingTypes.SCHEDULER,
   ],
-  kubectlLayer: new KubectlV32Layer(this, 'kubectl'),
+  kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
 });
 ```
 

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-al2023-nodegroup.ts

@@ -27,7 +27,7 @@ class EksClusterStack extends Stack {
       vpc: this.vpc,
       mastersRole,
       defaultCapacity: 0,
-      ...getClusterVersionConfig(this, eks.KubernetesVersion.V1_32),
+      ...getClusterVersionConfig(this, eks.KubernetesVersion.V1_33),
     });
 
     // create nodegroup with AL2023_X86_64_STANDARD
@@ -65,4 +65,3 @@ new integ.IntegTest(app, 'aws-cdk-eks-cluster-al2023-nodegroup', {
   // Test includes assets that are updated weekly. If not disabled, the upgrade PR will fail.
   diffAssets: false,
 });
-app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.fargate-cluster.ts

@@ -17,7 +17,7 @@ class EksFargateClusterStack extends Stack {
     this.node.setContext(EC2_RESTRICT_DEFAULT_SECURITY_GROUP, false);
     this.vpc = props?.vpc ?? this.createDummyVpc();
     new eks.FargateCluster(this, 'FargateCluster', {
-      ...getClusterVersionConfig(this, eks.KubernetesVersion.V1_30),
+      ...getClusterVersionConfig(this, eks.KubernetesVersion.V1_33),
       prune: false,
       authenticationMode: props?.authMode,
       vpc: this.vpc,
@@ -50,5 +50,3 @@ new integ.IntegTest(app, 'aws-cdk-eks-fargate-cluster', {
   // Test includes assets that are updated weekly. If not disabled, the upgrade PR will fail.
   diffAssets: false,
 });
-
-app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kms/README.md

@@ -91,9 +91,10 @@ const trail = new cloudtrail.Trail(this, 'myCloudTrail', {
 });
 ```
 
-Note that calls to `addToResourcePolicy` and `grant*` methods on `myKeyAlias` will be
-no-ops, and `addAlias` and `aliasTargetKey` will fail, as the imported alias does not
-have a reference to the underlying KMS Key.
+Note that calls to `addToResourcePolicy` method on `myKeyAlias` will be a no-op, `addAlias` and `aliasTargetKey` will fail.
+The `grant*` methods will not modify the key policy, as the imported alias does not have a reference to the underlying KMS Key.
+For the `grant*` methods to modify the principal's IAM policy, the feature flag `@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal`
+must be set to `true`. By default, this flag is `false` and `grant*` calls on an imported alias are a no-op.
 
 ### Lookup key by alias
 

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kms/integ.alias-from-alias-name.ts

@@ -0,0 +1,26 @@
+import { App, Stack } from 'aws-cdk-lib';
+import { Alias } from 'aws-cdk-lib/aws-kms';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+import { ServicePrincipal, Role } from 'aws-cdk-lib/aws-iam';
+import * as cxapi from 'aws-cdk-lib/cx-api';
+
+const app = new App({
+  context: { [cxapi.KMS_APPLY_IMPORTED_ALIAS_PERMISSIONS_TO_PRINCIPAL]: true },
+});
+const stack = new Stack(app, 'aws-cdk-kms');
+const alias = Alias.fromAliasName(stack, 'alias', 'alias/MyKey');
+
+const role = new Role(stack, 'Role', {
+  assumedBy: new ServicePrincipal('lambda.amazonaws.com'),
+});
+
+alias.grantVerifyMac(role);
+alias.grantEncryptDecrypt(role);
+alias.grantSignVerify(role);
+alias.grantGenerateMac(role);
+
+new IntegTest(app, 'kms-alias-from-alias-name', {
+  testCases: [stack],
+});
+
+app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/README.md

@@ -445,6 +445,74 @@ myFunction.addEventSource(new ManagedKafkaEventSource({
 }));
 ```
 
+Set a confluent or self-managed schema registry to de-serialize events from the event source. Note, this will similarly work for `SelfManagedKafkaEventSource` but the example only shows setup for `ManagedKafkaEventSource`.
+
+```ts
+import { ManagedKafkaEventSource, ConfluentSchemaRegistry } from 'aws-cdk-lib/aws-lambda-event-sources';
+import { Secret } from 'aws-cdk-lib/aws-secretsmanager';
+
+// Your MSK cluster arn
+declare const clusterArn: string;
+
+// The Kafka topic you want to subscribe to
+const topic = 'some-cool-topic';
+
+const secret = new Secret(this, 'Secret', { secretName: 'AmazonMSK_KafkaSecret' });
+
+declare const myFunction: lambda.Function;
+myFunction.addEventSource(new ManagedKafkaEventSource({
+  clusterArn,
+  topic,
+  startingPosition: lambda.StartingPosition.TRIM_HORIZON,
+  provisionedPollerConfig: {
+    minimumPollers: 1,
+    maximumPollers: 3,
+  },
+  schemaRegistryConfig: new ConfluentSchemaRegistry({
+    schemaRegistryUri: 'https://example.com',
+    eventRecordFormat: lambda.EventRecordFormat.JSON,
+    authenticationType: lambda.KafkaSchemaRegistryAccessConfigType.BASIC_AUTH,
+    secret: secret,
+    schemaValidationConfigs: [{ attribute: lambda.KafkaSchemaValidationAttribute.KEY }],
+  }),
+}));
+```
+
+Set Glue schema registry to de-serialize events from the event source. Note, this will similarly work for `SelfManagedKafkaEventSource` but the example only shows setup for `ManagedKafkaEventSource`.
+
+```ts
+import { CfnRegistry } from 'aws-cdk-lib/aws-glue';
+import { ManagedKafkaEventSource, GlueSchemaRegistry } from 'aws-cdk-lib/aws-lambda-event-sources';
+
+// Your MSK cluster arn
+declare const clusterArn: string;
+
+// The Kafka topic you want to subscribe to
+const topic = 'some-cool-topic';
+
+// Your Glue Schema Registry
+const glueRegistry = new CfnRegistry(this, 'Registry', {
+  name: 'schema-registry',
+  description: 'Schema registry for event source',
+});
+
+declare const myFunction: lambda.Function;
+myFunction.addEventSource(new ManagedKafkaEventSource({
+  clusterArn,
+  topic,
+  startingPosition: lambda.StartingPosition.TRIM_HORIZON,
+  provisionedPollerConfig: {
+    minimumPollers: 1,
+    maximumPollers: 3,
+  },
+  schemaRegistryConfig: new GlueSchemaRegistry({
+    schemaRegistry: glueRegistry,
+    eventRecordFormat: lambda.EventRecordFormat.JSON,
+    schemaValidationConfigs: [{ attribute: lambda.KafkaSchemaValidationAttribute.KEY }],
+  }),
+}));
+```
+
 ## Roadmap
 
 Eventually, this module will support all the event sources described under

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/integ.kafka-schema-registry.ts

@@ -0,0 +1,186 @@
+import { TestFunction } from './test-function';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+import {
+  SelfManagedKafkaEventSource,
+  AuthenticationMethod,
+  GlueSchemaRegistry,
+  ConfluentSchemaRegistry,
+} from 'aws-cdk-lib/aws-lambda-event-sources';
+import * as lambda from 'aws-cdk-lib/aws-lambda';
+import { App, StackProps, Stack, SecretValue } from 'aws-cdk-lib';
+import * as secretsmanager from 'aws-cdk-lib/aws-secretsmanager';
+import { CfnRegistry } from 'aws-cdk-lib/aws-glue';
+
+// Self-Managed Kafka Stack with Schema Registry
+export class SmkGlueSchemaRegistryStack extends Stack {
+  constructor(scope: App, id: string, props?: StackProps) {
+    super(scope, id, props);
+
+    // Create a Lambda function
+    const testLambdaFunction = new TestFunction(this, 'GlueFunction');
+
+    // Create dummy certificates for authentication
+    const dummyCertString = `-----BEGIN CERTIFICATE-----
+    MIIE5DCCAsygAwIBAgIRAPJdwaFaNRrytHBto0j5BA0wDQYJKoZIhvcNAQELBQAw
+    cmUuiAii9R0=
+    -----END CERTIFICATE-----
+    -----BEGIN CERTIFICATE-----
+    MIIFgjCCA2qgAwIBAgIQdjNZd6uFf9hbNC5RdfmHrzANBgkqhkiG9w0BAQsFADBb
+    c8PH3PSoAaRwMMgOSA2ALJvbRz8mpg==
+    -----END CERTIFICATE-----"
+    `;
+
+    const dummyPrivateKey = `-----BEGIN ENCRYPTED PRIVATE KEY-----
+    zp2mwJn2NYB7AZ7+imp0azDZb+8YG2aUCiyqb6PnnA==
+    -----END ENCRYPTED PRIVATE KEY-----`;
+
+    // Create secrets for Kafka authentication
+    const rootCASecret = new secretsmanager.Secret(this, 'GlueRootCASecret', {
+      secretObjectValue: {
+        certificate: SecretValue.unsafePlainText(dummyCertString),
+      },
+    });
+
+    const clientCertificatesSecret = new secretsmanager.Secret(this, 'GlueClientCertSecret', {
+      secretObjectValue: {
+        certificate: SecretValue.unsafePlainText(dummyCertString),
+        privateKey: SecretValue.unsafePlainText(dummyPrivateKey),
+      },
+    });
+
+    // Grant read permissions to the Lambda function
+    rootCASecret.grantRead(testLambdaFunction);
+    clientCertificatesSecret.grantRead(testLambdaFunction);
+
+    // Create a Glue Schema Registry
+    const glueRegistry = new CfnRegistry(this, 'SchemaRegistry', {
+      name: 'smk-glue-test-schema-registry',
+      description: 'Schema registry for SMK integration tests',
+    });
+
+    // Define Kafka bootstrap servers
+    const bootstrapServers = [
+      'kafka-broker-1:9092',
+      'kafka-broker-2:9092',
+      'kafka-broker-3:9092',
+    ];
+
+    // Common configuration for SMK event sources
+    const commonConfig = {
+      bootstrapServers,
+      secret: clientCertificatesSecret,
+      authenticationMethod: AuthenticationMethod.CLIENT_CERTIFICATE_TLS_AUTH,
+      rootCACertificate: rootCASecret,
+      startingPosition: lambda.StartingPosition.TRIM_HORIZON,
+    };
+
+    // SMK with Glue Schema Registry
+    testLambdaFunction.addEventSource(new SelfManagedKafkaEventSource({
+      ...commonConfig,
+      topic: 'test-topic-smk-glue',
+      consumerGroupId: 'test-consumer-group-smk-glue',
+      provisionedPollerConfig: {
+        minimumPollers: 1,
+        maximumPollers: 3,
+      },
+      schemaRegistryConfig: new GlueSchemaRegistry({
+        schemaRegistry: glueRegistry,
+        eventRecordFormat: lambda.EventRecordFormat.JSON,
+        schemaValidationConfigs: [{ attribute: lambda.KafkaSchemaValidationAttribute.KEY }],
+      }),
+    }));
+  }
+}
+
+// Self-Managed Kafka Stack with Schema Registry
+export class SmkConfluentSchemaRegistryStack extends Stack {
+  constructor(scope: App, id: string, props?: StackProps) {
+    super(scope, id, props);
+
+    // Create a Lambda function
+    const testLambdaFunction = new TestFunction(this, 'ConfluentFunction');
+
+    // Create dummy certificates for authentication
+    const dummyCertString = `-----BEGIN CERTIFICATE-----
+    MIIE5DCCAsygAwIBAgIRAPJdwaFaNRrytHBto0j5BA0wDQYJKoZIhvcNAQELBQAw
+    cmUuiAii9R0=
+    -----END CERTIFICATE-----
+    -----BEGIN CERTIFICATE-----
+    MIIFgjCCA2qgAwIBAgIQdjNZd6uFf9hbNC5RdfmHrzANBgkqhkiG9w0BAQsFADBb
+    c8PH3PSoAaRwMMgOSA2ALJvbRz8mpg==
+    -----END CERTIFICATE-----"
+    `;
+
+    const dummyPrivateKey = `-----BEGIN ENCRYPTED PRIVATE KEY-----
+    zp2mwJn2NYB7AZ7+imp0azDZb+8YG2aUCiyqb6PnnA==
+    -----END ENCRYPTED PRIVATE KEY-----`;
+
+    // Create secrets for Kafka authentication
+    const rootCASecret = new secretsmanager.Secret(this, 'ConfluentRootCASecret', {
+      secretObjectValue: {
+        certificate: SecretValue.unsafePlainText(dummyCertString),
+      },
+    });
+
+    const clientCertificatesSecret = new secretsmanager.Secret(this, 'ConfluentClientCertSecret', {
+      secretObjectValue: {
+        certificate: SecretValue.unsafePlainText(dummyCertString),
+        privateKey: SecretValue.unsafePlainText(dummyPrivateKey),
+      },
+    });
+
+    // Grant read permissions to the Lambda function
+    rootCASecret.grantRead(testLambdaFunction);
+    clientCertificatesSecret.grantRead(testLambdaFunction);
+
+    // Define Kafka bootstrap servers
+    const bootstrapServers = [
+      'kafka-broker-1:9092',
+      'kafka-broker-2:9092',
+      'kafka-broker-3:9092',
+    ];
+
+    // Common configuration for SMK event sources
+    const commonConfig = {
+      bootstrapServers,
+      secret: clientCertificatesSecret,
+      authenticationMethod: AuthenticationMethod.CLIENT_CERTIFICATE_TLS_AUTH,
+      rootCACertificate: rootCASecret,
+      startingPosition: lambda.StartingPosition.TRIM_HORIZON,
+    };
+
+    // SMK with Confluent Schema Registry
+    testLambdaFunction.addEventSource(new SelfManagedKafkaEventSource({
+      ...commonConfig,
+      topic: 'test-topic-smk-confluent',
+      consumerGroupId: 'test-consumer-group-smk-confluent',
+      provisionedPollerConfig: {
+        minimumPollers: 1,
+        maximumPollers: 3,
+      },
+      schemaRegistryConfig: new ConfluentSchemaRegistry({
+        schemaRegistryUri: 'https://schema-registry.example.com',
+        eventRecordFormat: lambda.EventRecordFormat.JSON,
+        authenticationType: lambda.KafkaSchemaRegistryAccessConfigType.BASIC_AUTH,
+        secret: clientCertificatesSecret,
+        schemaValidationConfigs: [{ attribute: lambda.KafkaSchemaValidationAttribute.KEY }],
+      }),
+    }));
+  }
+}
+
+// Create the app and stacks
+const app = new App({
+  postCliContext: {
+    '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
+  },
+});
+const glueStack = new SmkGlueSchemaRegistryStack(app, 'lambda-event-source-glue-schema-registry');
+const confluentStack = new SmkConfluentSchemaRegistryStack(app, 'lambda-event-source-confluent-schema-registry');
+
+// Create the integration tests
+new IntegTest(app, 'SchemaRegistryInteg', {
+  testCases: [glueStack, confluentStack],
+});
+
+app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3/README.md

@@ -156,6 +156,22 @@ bucket.grantReadWrite(myLambda);
 Will give the Lambda's execution role permissions to read and write
 from the bucket.
 
+### Understanding "grant" Methods
+
+The S3 construct library provides several grant methods for the `Bucket` resource, but two of them have a special behavior. This two accept an `objectsKeyPattern` parameter to restrict granted permissions to specific resources:
+- `grantRead`
+- `grantReadWrite`
+
+When examining the synthesized policy, you'll notice it includes both your specified object key patterns and the bucket itself.
+This is by design. Some permissions (like `s3:ListBucket`) apply at the bucket level, while others (like `s3:GetObject`) apply to specific objects.
+
+Specifically, the [`s3:ListBucket` action operates on bucket resources](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html#amazons3-bucket)
+and requires the bucket ARN to work properly. This might be seen as a bug, giving the impression that more permissions were granted than the ones you intended, but the reality is that the policy does not ignore your `objectsKeyPattern` - object-specific actions like `s3:GetObject`
+will still be limited to the resources defined in your pattern.
+
+If you need to restrict the `s3:ListBucket` action to specific paths, you can add a `Condition` to your policy that limits the `objectsKeyPattern` to specific folders. For more details and examples, see the [AWS documentation on bucket policies](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-folders).
+
+
 ## AWS Foundational Security Best Practices
 
 ### Enforcing SSL

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/cx-api/FEATURE_FLAGS.md

@@ -103,6 +103,7 @@ Flags come in three types:
 | [@aws-cdk/s3-notifications:addS3TrustKeyPolicyForSnsSubscriptions](#aws-cdks3-notificationsadds3trustkeypolicyforsnssubscriptions) | Add an S3 trust policy to a KMS key resource policy for SNS subscriptions. | 2.195.0 | fix |
 | [@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway](#aws-cdkaws-ec2requireprivatesubnetsforegressonlyinternetgateway) | When enabled, the EgressOnlyGateway resource is only created if private subnets are defined in the dual-stack VPC. | 2.196.0 | fix |
 | [@aws-cdk/aws-s3:publicAccessBlockedByDefault](#aws-cdkaws-s3publicaccessblockedbydefault) | When enabled, setting any combination of options for BlockPublicAccess will automatically set true for any options not defined. | 2.196.0 | fix |
+| [@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal](#aws-cdkaws-kmsapplyimportedaliaspermissionstoprincipal) | Enable grant methods on Aliases imported by name to use kms:ResourceAliases condition | V2NEXT | fix |
 
 <!-- END table -->
 
@@ -146,6 +147,7 @@ The following json shows the current recommended set of flags, as `cdk init` wou
     "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": true,
     "@aws-cdk/aws-apigateway:requestValidatorUniqueId": true,
     "@aws-cdk/aws-kms:aliasNameRef": true,
+    "@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal": true,
     "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": true,
     "@aws-cdk/core:includePrefixInUniqueNameGeneration": true,
     "@aws-cdk/aws-efs:denyAnonymousAccess": true,
@@ -2175,4 +2177,23 @@ The new behavior from this feature will allow a user, for example, to set 1 of t
 | 2.196.0 | `false` | `true` |
 
 
+### @aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal
+
+*Enable grant methods on Aliases imported by name to use kms:ResourceAliases condition*
+
+Flag type: Backwards incompatible bugfix
+
+This flag enables the grant methods (grant, grantDecrypt, grantEncrypt, etc.) on Aliases imported
+by name to grant permissions based on the 'kms:ResourceAliases' condition rather than no-op grants.
+When disabled, grant calls on imported aliases will be dropped (no-op) to maintain compatibility.
+
+
+| Since | Default | Recommended |
+| ----- | ----- | ----- |
+| (not in v1) |  |  |
+| V2NEXT | `false` | `true` |
+
+**Compatibility with old behavior:** Remove calls to the grant* methods on the aliases referenced by name
+
+
 <!-- END details -->

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/cx-api/README.md

@@ -310,6 +310,20 @@ _cdk.json_
 }
 ```
 
+* `@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal`
+
+Enable grant methods on imported KMS Aliases to apply permissions scoped by the alias using the `kms:ResourceAliases` condition key. When this flag is disabled, grant* methods on `Alias.fromAliasName` remain no-ops to preserve existing behavior.
+
+_cdk.json_
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal": true
+  }
+}
+```
+
 * `@aws-cdk/aws-eks:nodegroupNameAttribute`
 
 When enabled, nodegroupName attribute of the provisioned EKS NodeGroup will not have the cluster name prefix.

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/pipelines/README.md

@@ -565,6 +565,7 @@ pass in order to promote from the `PreProd` to the `Prod` environment:
 declare const pipeline: pipelines.CodePipeline;
 const preprod = new MyApplicationStage(this, 'PreProd');
 const prod = new MyApplicationStage(this, 'Prod');
+const topic = new sns.Topic(this, 'ChangeApprovalTopic');
 
 pipeline.addStage(preprod, {
   post: [
@@ -574,7 +575,12 @@ pipeline.addStage(preprod, {
   ],
 });
 pipeline.addStage(prod, {
-  pre: [new pipelines.ManualApprovalStep('PromoteToProd')],
+  pre: [new pipelines.ManualApprovalStep('PromoteToProd', {
+    //All options below are optional
+    comment: 'Please validate changes',
+    reviewUrl: 'https://my.webservice.com/',
+    notificationTopic: topic,
+  })],
 });
 ```
 

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/pipelines/integ.newpipeline-single-publisher.ts

@@ -0,0 +1,53 @@
+import * as path from 'path';
+import * as s3 from 'aws-cdk-lib/aws-s3';
+import * as s3_assets from 'aws-cdk-lib/aws-s3-assets';
+import * as sqs from 'aws-cdk-lib/aws-sqs';
+import * as pipelines from 'aws-cdk-lib/pipelines';
+import { App, RemovalPolicy, Stack, StackProps, Stage, StageProps } from 'aws-cdk-lib';
+import { Construct } from 'constructs';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+
+class PipelineStack extends Stack {
+  constructor(scope: Construct, id: string, props?: StackProps) {
+    super(scope, id, props);
+
+    const bucket = new s3.Bucket(this, 'Source', {
+      removalPolicy: RemovalPolicy.DESTROY,
+    });
+    const pipeline = new pipelines.CodePipeline(this, 'Pipeline', {
+      synth: new pipelines.ShellStep('Synth', {
+        input: pipelines.CodePipelineSource.s3(bucket, 'source.zip'),
+        commands: [
+          'npm ci',
+          'npm run build',
+          'npx cdk synth',
+        ],
+      }),
+      publishAssetsInParallel: false,
+    });
+
+    pipeline.addStage(new AppStage(this, 'Beta'));
+  }
+}
+
+class AppStage extends Stage {
+  constructor(scope: Construct, id: string, props?: StageProps) {
+    super(scope, id, props);
+
+    const stack = new Stack(this, 'Stack1');
+    new s3_assets.Asset(stack, 'Asset', {
+      path: path.join(__dirname, 'testhelpers/assets/test-file-asset.txt'),
+    });
+    new s3_assets.Asset(stack, 'Asset2', {
+      path: path.join(__dirname, 'testhelpers/assets/test-file-asset-two.txt'),
+    });
+
+    new sqs.Queue(stack, 'OtherQueue');
+  }
+}
+
+const app = new App();
+const stack = new PipelineStack(app, 'PipelineStackSinglePublisher');
+new IntegTest(app, 'PipelineStackSinglePublisher-integ', {
+  testCases: [stack],
+});

{konokenj_cdk_api_mcp_server-0.28.0.dist-info → konokenj_cdk_api_mcp_server-0.29.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: konokenj.cdk-api-mcp-server
-Version: 0.28.0
+Version: 0.29.0
 Summary: An MCP server provides AWS CDK API Reference
 Project-URL: Documentation, https://github.com/konokenj/cdk-api-mcp-server#readme
 Project-URL: Issues, https://github.com/konokenj/cdk-api-mcp-server/issues
@@ -26,7 +26,7 @@ Description-Content-Type: text/markdown
 [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/konokenj.cdk-api-mcp-server.svg)](https://pypi.org/project/konokenj.cdk-api-mcp-server)
 
 <!-- DEP-VERSIONS-START -->
-[![aws-cdk](https://img.shields.io/badge/aws%20cdk-v2.200.2-blue.svg)](https://github.com/konokenj/cdk-api-mcp-server/blob/main/current-versions/aws-cdk.txt)
+[![aws-cdk](https://img.shields.io/badge/aws%20cdk-v2.201.0-blue.svg)](https://github.com/konokenj/cdk-api-mcp-server/blob/main/current-versions/aws-cdk.txt)
 <!-- DEP-VERSIONS-END -->
 
 ---

{konokenj_cdk_api_mcp_server-0.28.0.dist-info → konokenj_cdk_api_mcp_server-0.29.0.dist-info}/RECORD

@@ -1,4 +1,4 @@
-cdk_api_mcp_server/__about__.py,sha256=H02F2KaySSZlTVNBkuy6vTZUNhJZK1YXywCoSsUSBMQ,129
+cdk_api_mcp_server/__about__.py,sha256=9S13DyABPe2B3vTF5X18DqNAAQQ25aIIJrzmwh5oIZU,129
 cdk_api_mcp_server/__init__.py,sha256=yJA6yIEhJviC-qNlB-nC6UR1JblQci_d84i-viHZkc0,187
 cdk_api_mcp_server/models.py,sha256=cMS1Hi29M41YjuBxqqrzNrNvyG3MgnUBb1SqYpMCJ30,692
 cdk_api_mcp_server/resources.py,sha256=R7LVwn29I4BJzU5XAwKbX8j6uy-3ZxcB1b0HzZ_Z2PI,6689
@@ -6,7 +6,7 @@ cdk_api_mcp_server/server.py,sha256=uN5SE6PHpiOYY8QlNID1a0j2hLdeO61QX3kgC_oTODg,
 cdk_api_mcp_server/resources/.gitkeep,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/app-staging-synthesizer-alpha/README.md,sha256=rAatqlr_JE06sjgcBVdXszpwh3grV4aFkkb9L2s8IIU,16492
 cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/app-staging-synthesizer-alpha/resource-names.md,sha256=oSTmVHH2AZ9cd-KiITtuS0nJMOWGC0FpVg3t7p6UPMM,1323
-cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-amplify-alpha/README.md,sha256=2QWbqeWqbDhrlMvPOpBh120qqMNNk01P48lMaBJHNng,10496
+cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-amplify-alpha/README.md,sha256=gwkmgfklAjRLDG8uegSV68kxNKvG9YW1Ym8ZH5V9ezE,12236
 cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-applicationsignals-alpha/README.md,sha256=6nqc-WbHB1iFE3vXDr6hyQs8tYS6wwnWutXePY4EF4w,10873
 cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-apprunner-alpha/README.md,sha256=Jtm3RbnP4jQy8BYXwHvaRbMKizUjr4SqvimVMYhu6WQ,11982
 cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-bedrock-alpha/README.md,sha256=vdiDc1bjueXbwQp3h_1xCrk6eCiOFZ74oIAMug43QVY,26658
@@ -42,7 +42,7 @@ cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-servicecatalogappre
 cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/cfnspec/README.md,sha256=nnoF99zdHuBLVTMCVB9k3-eLiqjS6XTETxnIi5hW0Y8,164
 cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/custom-resource-handlers/README.md,sha256=QctOoyGt6AqVWeFhRwpkCSxHZ1XFWj_nCKlkJHDFock,965
 cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/example-construct-library/README.md,sha256=vnVXyvtN9ICph68sw2y6gkdD_gmas0PiUa9TkwNckWQ,4501
-cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/integ-tests-alpha/README.md,sha256=Y5CjbYjAEwqFEyPbbm4hkluN9X9hScg4Q2h4X1MV864,17485
+cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/integ-tests-alpha/README.md,sha256=VifKLrR404_yLVT0E3ai8f3R5K0h22VNwQplpSUSZqc,17489
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/README.md/README.md,sha256=--qULBmqJB9AEPhZvZePzgS6c14VtlAclTtgSYWMPNQ,62385
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/assertions/MIGRATING.md,sha256=SYGX8QNB1Pm_rVYDBp4QRWkqwnxOb3CHzeFglUy_53k,3347
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/assertions/README.md,sha256=3yo3D05n5explTIgnuF-vkk01MTYeAYe7_3rcsD2baE,18299
@@ -232,7 +232,7 @@ cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudformation/i
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudformation/integ.nested-stacks-refs1.ts,sha256=DPzU8mAOqbwCB2zQERq2O-XbkfDeExcJShVp2RKRYb8,1045
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudformation/integ.nested-stacks-refs2.ts,sha256=ffjUAflZ0gvH7rDOpds2wG3m9HJoTgNj6g-e0L37Upc,1178
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudformation/integ.nested-stacks-refs3.ts,sha256=yMjla3H8kO3FNlshOtm7KojhoiesyPRaBb0GFmthCqE,1047
-cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudfront/README.md,sha256=3QlTRLjR1OgrmZNoVHO-QTfxJ6WeFzqx5uWghb1DJZE,49696
+cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudfront/README.md,sha256=3uIR4OWiq_6bffv0vFl9LgdqdiyoQQQg6q5s0-8bfJU,50161
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudfront/integ.cloudfront-bucket-logging.ts,sha256=R_6hlp4mZ3laXosJhz7fTqKqZgCj-oEggBaA8Sm--DI,1178
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudfront/integ.cloudfront-cross-region-cert.ts,sha256=f774j3lIB3xUsszX5xoo9x5zas-W9O0ZBXLIWmeTQos,2096
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudfront/integ.cloudfront-custom-s3.ts,sha256=_O3hXQD5N4vlOStBisGe-MAQ5nl7w3cb_UswFxrP20k,1380
@@ -684,12 +684,12 @@ cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-efs/integ.efs-tr
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-efs/integ.efs.permission.ts,sha256=bzH7koi5t2FgkDhEp-6ZtXgoteiCDTNd2igab4bXytA,3338
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-efs/integ.efs.ts,sha256=NmhtimqEUqH6Tu9sksWLmn8e9QcrlF-J1dn0B-9eVqw,837
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/MANUAL_TEST.md,sha256=uObwqDllAUYBGkoNEAQGioL6JuKqh5ScVbq9KC3x89Q,1862
-cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/README.md,sha256=oSe9CgxXaKWDS0fLKqE6eAAZ4bHSUXRWA2Bu1nCXMhA,81337
+cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/README.md,sha256=20F9MXScfbNlHhzEwIegmhFQ96JyKiRS8JgFzGz_LYw,81337
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.alb-controller-authapi.ts,sha256=L9dF26-F2Fw-O1iGAnT-AYnkq4JmO_IQoQn0RsOhLVY,1355
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.alb-controller.ts,sha256=cbL2kY-t0LAWLkK1Lb3RUPBeMUpw8xHWjDhkroD_Rb4,3314
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.custom-addons.ts,sha256=ZXsXljCokHOA_JubQ7ZsLT-tGy-28mg1gZ_bmNX_F-k,1475
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-addon.ts,sha256=27QObP5R7S6wvr_r7iwYhPxvU8_OSDjoCRIH3l8ak9o,1076
-cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-al2023-nodegroup.ts,sha256=_9FwyluV5pXcMBSjE1obkeFXsCSh3zQzGaIbDeeOcaA,2462
+cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-al2023-nodegroup.ts,sha256=C8fdvN5Xa7tvkV8SEqlSoE1rXYx_KKb3mNEsfmwn82s,2449
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-bottlerocket-ng.ts,sha256=gxc3SRUusX7GywuCFI8C9zng7Fza-3_c-7dNuUnUWBU,1965
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-cluster-handlers-vpc.ts,sha256=5ziP_cDA4Gvc0ZTEYsezSIw1XRi-JY3bIXB4MS9RP3c,1142
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-cluster-imported.ts,sha256=VcOdMfU2jCukU63bL1DJ03npPLyI8Xwr-vAtO3xFNMA,7448
@@ -707,7 +707,7 @@ cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-se
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-standard-access-entry.ts,sha256=upWuIZ41tsmF0n80W0jo82GYV7jXXYe8LBFTyUgON0k,1864
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-subnet-updates.ts,sha256=zVEcn14vZuvsj3IuzRjV5iSFSZdKmQJEoQHIfEyxa5c,1156
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-windows-ng.ts,sha256=yUFEU6FBn3WQcOJweV_p3KqJpyml_CkQdItcRo0HSiA,2118
-cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.fargate-cluster.ts,sha256=p668dqjce8WLmAOD84CRJ7CHh9OmPJEPiDMOAjzdgQk,2006
+cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.fargate-cluster.ts,sha256=Vl3pLV36u-EbqG9PbhJiABA_18PJIsMpKtJFk2SVErE,1992
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.nodegroup-repair-config.ts,sha256=hgKsbhgAaXS73GTQGOcVnmI_-gReoTuPEgCOeBpwuBA,1654
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-elasticloadbalancing/README.md,sha256=TvRV54AcSiSZ3uOENOGmzkiBBRuHSG3DeEqgW_8FkZs,1795
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-elasticloadbalancing/integ.elb.ts,sha256=6qAybkYElxtfNefo1IpFo8MgrCubixLs2hTUUPeZoRg,555
@@ -840,7 +840,8 @@ cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kinesisfirehose/
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kinesisfirehose/integ.delivery-stream.ts,sha256=DXJlTu1eJOs7bFW35Tl-JCan6Eg1dUJMom6PU0mFTB8,1490
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kinesisfirehose/integ.kinesis-stream-events-target.ts,sha256=bLE3v9K0_V2KbR5oTGiePpoLOo_bpjkloqF3eNcKBOQ,2138
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kinesisfirehose/integ.s3-bucket.lit.ts,sha256=QU_0D7Q7ES3bubcRXvZTLo7zABTixDSVql9IYzIEFlw,3514
-cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kms/README.md,sha256=o88v_l7FVk8Yu97glXrOC-zgaXOZTQCeUZPyAv0jbFw,9787
+cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kms/README.md,sha256=QZHTsP5DaV6RDpKVc6l4EQ25krt6M1fJ0b0ft-e-fic,10072
+cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kms/integ.alias-from-alias-name.ts,sha256=_OpjM8RpN5QdXqj1-EdWCEeR51n_7W-NjliiFx2fwWE,783
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kms/integ.key-alias.ts,sha256=M7JE2iQtwYuLIZheSZ7a2v63xMmA8fw_lOJdFwVX4LE,458
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kms/integ.key-from-lookup-dummy.ts,sha256=hu1OyvieepuNXBq8e3bgyZf92Z_cSqOYlM7LxSe4D5g,671
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kms/integ.key-grants.ts,sha256=4ZweTN8R6fWKzEsjPwi7AjY92WmscKmiwbBeFXIWCYs,571
@@ -890,11 +891,12 @@ cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.vpc
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-destinations/README.md,sha256=_6ZqM3kbkZCmN-9BtU3FbERs82Shv4D2QiWuq47T_VI,5453
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-destinations/integ.destinations.ts,sha256=bCxe7DTOSIRyxe2iStWRdl0_J-tQZ8n-715uo9gMHvE,4187
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-destinations/integ.lambda-chain.ts,sha256=vqRxTBuBaAZqeN1AQ4l0Z9b4dsOVTkYMXKIlil_yyCg,3381
-cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/README.md,sha256=1DTSdOh7W6bO_3fxHg-ssmS_87CLJl-Hmx9__NCJ_c8,21468
+cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/README.md,sha256=-hknVrQdnowd5D4HNWKqt4fxY5ahza0V6c7tmLJwTsI,23869
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/integ.dynamodb-with-boolean-filter.ts,sha256=bGvfF5RgMbK9W2DO0HsKVoAK5KV5a0kLKYZKeOOFcx0,1217
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/integ.dynamodb-with-filter-criteria.ts,sha256=7RrxbpLll7YIY-sNFp4reML6mA5ptC05K6DRmww32rY,1897
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/integ.dynamodb-with-metrics-config.ts,sha256=_HEgmdb8iDBNWqDWo8RJHbbRtacdPp4V8LkS2U3DkI8,1286
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/integ.dynamodb.ts,sha256=5Qas_PPDvTb8sHl3AiNnv-k7XaazG5nDNVNbmJ6Wwfo,1205
+cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/integ.kafka-schema-registry.ts,sha256=mN1-eMpDDvEjqRqFB3WwDMAWtr1JhFt61ndeYMw3XlI,6640
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/integ.kafka-selfmanaged.ts,sha256=B85zVhxNs9IVcWHnxlYi9knhEPwfxKHmCpXigjk0xJs,4805
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/integ.kinesis-at-timestamp.ts,sha256=coNqlm5wKzy4jViKmzto6umHXcKzqVQFoosqgO_kaEI,832
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/integ.kinesis-stream-consumer.ts,sha256=-wWHWes3tTpArZIzVKBPS-MFyQc5ZHJjMzG_2BnGAZ0,1199
@@ -1050,7 +1052,7 @@ cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-route53-targets/
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-route53-targets/integ.interface-vpc-endpoint-target.ts,sha256=8PlAPtbxMr8TQezAMykKCgZx8QicPtu30GvGsTtt2tY,999
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-route53-targets/integ.route53-record.ts,sha256=x8gFRbKDGjmQOpjZgErQcnGlyf9o2NgvCQ56Ae7eBbw,849
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-route53-targets/integ.userpool-domain-alias-target.ts,sha256=DR4O77TLlzhlLj3cpB6YHygNt4vSDfXKS0b2sglsEEo,1248
-cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3/README.md,sha256=1Fn6W5s8iSey-6byizSihZw0puOwlxc1UeY9FHiGJw0,37234
+cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3/README.md,sha256=BSQK7Ku34qKf_9xBY3GRa2zrWBhVg9MmnrBjif_GOH4,38695
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3/integ.bucket-acls.ts,sha256=LgbnWxF3plTNPjyGKIl6eyaI7xTXMh4rvcDi-57hOpc,802
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3/integ.bucket-auto-delete-objects.ts,sha256=7x0Q_tQEIb5Cil3ARDg6YHFbepk8CKGHlPh0P3Xzo-8,2434
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3/integ.bucket-block-access.ts,sha256=kIIkpvAA71D-y00yEhYSQHSXH3HBEDhIwqJSQV1VEz4,1120
@@ -1337,18 +1339,19 @@ cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/custom-resources/int
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/custom-resources/integ.provider-with-waiter-state-machine-custom-role.ts,sha256=60mjzf_2NI9zO30B2Guye5sA7kxIl4yrLMXUEWIDO9I,2401
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/custom-resources/integ.provider-with-waiter-state-machine.ts,sha256=6Ci2_ABcu5azSj1f0EzY1VD4lQUg9KI5l1Q7ieejI-0,2058
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/custom-resources/integ.provider.ts,sha256=u_YVV0YZk6hyIxo5JOOSwwUORbqS3BVbJU6DIAwxuk0,1814
-cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/cx-api/FEATURE_FLAGS.md,sha256=HaV3_1Dgij9sXwao0J84al-didzMr01n1n9QknksydY,101935
+cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/cx-api/FEATURE_FLAGS.md,sha256=A5U_vRN77DgEuwACJEl9E2tNnNF0Sopvw1yKQLXB3yA,102943
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/cx-api/NESTED_ASSEMBLIES.md,sha256=P8PNyr4hIC_i-9aUxa301-5-N4tLcoHYnELBp3C6SQQ,4949
-cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/cx-api/README.md,sha256=OixPEelzx6OwknIs-O5rH11835n4Pns-Zf46MYLX55k,25160
+cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/cx-api/README.md,sha256=ZCeTKvVasVTvIDaY1cuVqCEWMR3P_Lndtl32kJeFUUU,25588
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/lambda-layer-awscli/README.md,sha256=kMrrptXZcAiK_TXRQD4XcaNRa3RXaIoIUQRZYi29b30,681
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/lambda-layer-awscli/integ.awscli-layer.ts,sha256=KHmEY9P_oqKm8uNRHEVSi0OajnFw92LdCJZZe22BYXc,1491
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/lambda-layer-kubectl/integ.kubectl-layer.ts,sha256=lp8Jv0sePcfotHCAspdtoqZVgAWhha9hciDVI5w6Ps4,1513
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/lambda-layer-node-proxy-agent/README.md,sha256=eWYOUl_BRExsSMY1mzF5V1oGsCuxVR-6MSIuapbOS4Y,632
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/lambda-layer-node-proxy-agent/integ.node-proxy-agent.ts,sha256=YSEuo5dS-TMKovqWBuW9uWeJj0NOJd1UgOTt-2wZVMc,1545
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/pipelines/ORIGINAL_API.md,sha256=JUo88_SWhqnKC3ObhkMwGTNOma-BniqBMhoBnxpifE4,26756
-cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/pipelines/README.md,sha256=mVXG_pdyarKPlCf-55wQ8LKIYb3v4dXQTqBuoVjfmXc,71243
+cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/pipelines/README.md,sha256=uHIk5psamSGELoHrrSMPBO5Tr0E6dMCPCrOHKT82dIk,71460
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/pipelines/integ.cross-account-pipeline-action.ts,sha256=A18UXJLsi5tyYfCp4Dw6SxI1Vk5JikNX1F0NbfEnICw,4804
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/pipelines/integ.newpipeline-reduce-stagerole-scope.ts,sha256=IqBDpjPHyU8Uk91YISZm-1I_ERD8fbQObiMd6ekOyKQ,2543
+cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/pipelines/integ.newpipeline-single-publisher.ts,sha256=QzRNUoZ2n7_vq4HLxkvDHt7y5ce71KjQHVFVIEDxiC4,1705
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/pipelines/integ.newpipeline-with-codebuild-logging.ts,sha256=7SuokmiayilFwdHU68_X5ZinfDt_Kj75quML_yHcdYQ,2557
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/pipelines/integ.newpipeline-with-codestar-connection.ts,sha256=x9DCirWauwW9hD7iCzMEoKcsVnKP1XJxJoq2Gfvxvvc,1772
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/pipelines/integ.newpipeline-with-cross-account-keys.ts,sha256=Yu9URWWtrr_QJg5FhJ-Py4gQZSlEd-mPXZX76dsaZ4M,1960
@@ -1366,8 +1369,8 @@ cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/pipelines/integ.pipe
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/region-info/README.md,sha256=vewWkV3ds9o9iyyYaJBNTkaKJ2XA6K2yF17tAxUnujg,2718
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/triggers/README.md,sha256=hYIx7DbG_7p4LYLUfxDwgIQjw9UNdz1GLrqDe8_Dbko,4132
 cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/triggers/integ.triggers.ts,sha256=4OHplMoBOgHGkktAzoU-TuNmJQS5wGAUvBfj5bGSe_Y,2807
-konokenj_cdk_api_mcp_server-0.28.0.dist-info/METADATA,sha256=0kkC8ZbCiQHeNObErVf2o7Q3PcDrJQE7wW-Rg05hNIs,2646
-konokenj_cdk_api_mcp_server-0.28.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-konokenj_cdk_api_mcp_server-0.28.0.dist-info/entry_points.txt,sha256=bVDhMdyCC1WNMPOMbmB82jvWII2CIrwTZDygdCf0cYQ,79
-konokenj_cdk_api_mcp_server-0.28.0.dist-info/licenses/LICENSE.txt,sha256=5OIAASeg1HM22mVZ1enz9bgZ7TlsGfWXnj02P9OgFyk,1098
-konokenj_cdk_api_mcp_server-0.28.0.dist-info/RECORD,,
+konokenj_cdk_api_mcp_server-0.29.0.dist-info/METADATA,sha256=uIYHznTjVybWBNTP2Mc1TJdxaAeKCq6c0JgbKpdYnMM,2646
+konokenj_cdk_api_mcp_server-0.29.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+konokenj_cdk_api_mcp_server-0.29.0.dist-info/entry_points.txt,sha256=bVDhMdyCC1WNMPOMbmB82jvWII2CIrwTZDygdCf0cYQ,79
+konokenj_cdk_api_mcp_server-0.29.0.dist-info/licenses/LICENSE.txt,sha256=5OIAASeg1HM22mVZ1enz9bgZ7TlsGfWXnj02P9OgFyk,1098
+konokenj_cdk_api_mcp_server-0.29.0.dist-info/RECORD,,