From bf79c7588ea9174fd6f1eee7f8d24d495577c598 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 1 Mar 2026 00:41:17 +0000 Subject: [PATCH 1/2] fix(deps): upgrade projen Upgrades project dependencies. See details in [workflow run]. [Workflow Run]: https://github.com/time-loop/cdk-aurora/actions/runs/22532480445 ------ *Automatically created by projen via the "update-projen-main" workflow* Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- .amazonq/rules/project.md | 51 ++++++++++ .cursor/rules/project.md | 51 ++++++++++ .gitattributes | 12 ++- .github/copilot-instructions.md | 51 ++++++++++ .github/workflows/build.yml | 5 - .github/workflows/release.yml | 15 +-- .gitignore | 8 +- .kiro/steering/project.md | 51 ++++++++++ .npmignore | 6 ++ .projen/deps.json | 2 +- .projen/files.json | 6 ++ AGENTS.md | 51 ++++++++++ CLAUDE.md | 173 +++++++------------------------- package.json | 8 +- pnpm-lock.yaml | 49 ++++----- renovate.json5 | 1 - 16 files changed, 355 insertions(+), 185 deletions(-) create mode 100644 .amazonq/rules/project.md create mode 100644 .cursor/rules/project.md create mode 100644 .github/copilot-instructions.md create mode 100644 .kiro/steering/project.md create mode 100644 AGENTS.md diff --git a/.amazonq/rules/project.md b/.amazonq/rules/project.md new file mode 100644 index 0000000..efd17c8 --- /dev/null +++ b/.amazonq/rules/project.md @@ -0,0 +1,51 @@ +# Projen-managed Project Instructions + +This project is managed by [projen](https://github.com/projen/projen), a project configuration management tool. + +## Important Guidelines + +### Task Execution + +- **Always use projen for task execution**: Run tasks using `npx projen ` instead of directly using npm, yarn, or other package managers. +- **Check available tasks**: Look in `.projen/tasks.json` to see all available tasks, their descriptions, and steps. +- **Common tasks**: + - `npx projen` - Synthesize project configuration files + - `npx projen build` - Builds the project, including running tests + - `npx projen test` - Runs tests only + - `npx projen compile` - Compiles the source code only + +### File Modifications + +- **DO NOT manually edit generated files**: Files marked with a comment like "~~ Generated by projen. To modify..." should never be edited directly. +- **Modify configuration in .projenrc**: To change project configuration, always edit the `.projenrc.ts`, `.projenrc.py` or `.projenrc.json` etc. file and then run `npx projen` to regenerate the project files. +- **Check .projenrc first**: Before suggesting changes to package.json, tsconfig.json, or other configuration files, always check if these are managed by projen and suggest changes to .projenrc instead. + +### Dependencies + +- **Add dependencies through projen**: Use the projen configuration to add dependencies instead of manually editing package.json or using npm/yarn install directly. +- **Example**: In .projenrc, use methods like `addDeps()`, `addDevDeps()`, or `addPeerDeps()` to add dependencies. + +### Workflow + +1. Make changes to .projenrc configuration file +2. Run `npx projen` to synthesize and update generated files +3. Review the changes +4. Commit both .projenrc and the generated files + +## Projen Configuration + +This project's configuration is defined in the .projenrc file at the root of the repository. All project metadata, dependencies, scripts, and tooling configuration should be managed through this file. + +## Additional Resources + +- [Projen Documentation](https://projen.io) +- [Projen GitHub Repository](https://github.com/projen/projen) + +# Development Best Practices + +- **Always run build after changes**: After modifying any source or test file, run `npx projen build` to ensure your changes compile and pass all tests. +- **Task completion criteria**: A task is not considered complete until: + - All tests pass (`npx projen test`) + - There are no compilation errors (`npx projen compile`) + - There are no linting errors (usually part of the build, if not, run the linter defined in tasks.json) + - The full build succeeds (`npx projen build`) diff --git a/.cursor/rules/project.md b/.cursor/rules/project.md new file mode 100644 index 0000000..efd17c8 --- /dev/null +++ b/.cursor/rules/project.md @@ -0,0 +1,51 @@ +# Projen-managed Project Instructions + +This project is managed by [projen](https://github.com/projen/projen), a project configuration management tool. + +## Important Guidelines + +### Task Execution + +- **Always use projen for task execution**: Run tasks using `npx projen ` instead of directly using npm, yarn, or other package managers. +- **Check available tasks**: Look in `.projen/tasks.json` to see all available tasks, their descriptions, and steps. +- **Common tasks**: + - `npx projen` - Synthesize project configuration files + - `npx projen build` - Builds the project, including running tests + - `npx projen test` - Runs tests only + - `npx projen compile` - Compiles the source code only + +### File Modifications + +- **DO NOT manually edit generated files**: Files marked with a comment like "~~ Generated by projen. To modify..." should never be edited directly. +- **Modify configuration in .projenrc**: To change project configuration, always edit the `.projenrc.ts`, `.projenrc.py` or `.projenrc.json` etc. file and then run `npx projen` to regenerate the project files. +- **Check .projenrc first**: Before suggesting changes to package.json, tsconfig.json, or other configuration files, always check if these are managed by projen and suggest changes to .projenrc instead. + +### Dependencies + +- **Add dependencies through projen**: Use the projen configuration to add dependencies instead of manually editing package.json or using npm/yarn install directly. +- **Example**: In .projenrc, use methods like `addDeps()`, `addDevDeps()`, or `addPeerDeps()` to add dependencies. + +### Workflow + +1. Make changes to .projenrc configuration file +2. Run `npx projen` to synthesize and update generated files +3. Review the changes +4. Commit both .projenrc and the generated files + +## Projen Configuration + +This project's configuration is defined in the .projenrc file at the root of the repository. All project metadata, dependencies, scripts, and tooling configuration should be managed through this file. + +## Additional Resources + +- [Projen Documentation](https://projen.io) +- [Projen GitHub Repository](https://github.com/projen/projen) + +# Development Best Practices + +- **Always run build after changes**: After modifying any source or test file, run `npx projen build` to ensure your changes compile and pass all tests. +- **Task completion criteria**: A task is not considered complete until: + - All tests pass (`npx projen test`) + - There are no compilation errors (`npx projen compile`) + - There are no linting errors (usually part of the build, if not, run the linter defined in tasks.json) + - The full build succeeds (`npx projen build`) diff --git a/.gitattributes b/.gitattributes index becf5c7..2a3eeeb 100644 --- a/.gitattributes +++ b/.gitattributes @@ -2,8 +2,11 @@ * text=auto eol=lf *.snap linguist-generated -/.eslintrc.json linguist-generated +/.amazonq/rules/project.md linguist-generated +/.cursor/rules/project.md linguist-generated +/.eslintrc.json linguist-generated linguist-language=JSON-with-Comments /.gitattributes linguist-generated +/.github/copilot-instructions.md linguist-generated /.github/pull_request_template.md linguist-generated /.github/workflows/add-to-project.yml linguist-generated /.github/workflows/add-to-update-projen-project.yml linguist-generated @@ -14,6 +17,7 @@ /.github/workflows/renovate.yml linguist-generated /.github/workflows/update-projen-main.yml linguist-generated /.gitignore linguist-generated +/.kiro/steering/project.md linguist-generated /.mergify.yml linguist-generated /.npmignore linguist-generated /.npmrc linguist-generated @@ -24,9 +28,11 @@ /.projen/deps.json linguist-generated /.projen/files.json linguist-generated /.projen/tasks.json linguist-generated +/AGENTS.md linguist-generated /API.md linguist-generated +/CLAUDE.md linguist-generated /LICENSE linguist-generated /package.json linguist-generated /pnpm-lock.yaml linguist-generated -/renovate.json5 linguist-generated -/tsconfig.dev.json linguist-generated \ No newline at end of file +/renovate.json5 linguist-generated linguist-language=JSON-with-Comments +/tsconfig.dev.json linguist-generated linguist-language=JSON-with-Comments \ No newline at end of file diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md new file mode 100644 index 0000000..efd17c8 --- /dev/null +++ b/.github/copilot-instructions.md @@ -0,0 +1,51 @@ +# Projen-managed Project Instructions + +This project is managed by [projen](https://github.com/projen/projen), a project configuration management tool. + +## Important Guidelines + +### Task Execution + +- **Always use projen for task execution**: Run tasks using `npx projen ` instead of directly using npm, yarn, or other package managers. +- **Check available tasks**: Look in `.projen/tasks.json` to see all available tasks, their descriptions, and steps. +- **Common tasks**: + - `npx projen` - Synthesize project configuration files + - `npx projen build` - Builds the project, including running tests + - `npx projen test` - Runs tests only + - `npx projen compile` - Compiles the source code only + +### File Modifications + +- **DO NOT manually edit generated files**: Files marked with a comment like "~~ Generated by projen. To modify..." should never be edited directly. +- **Modify configuration in .projenrc**: To change project configuration, always edit the `.projenrc.ts`, `.projenrc.py` or `.projenrc.json` etc. file and then run `npx projen` to regenerate the project files. +- **Check .projenrc first**: Before suggesting changes to package.json, tsconfig.json, or other configuration files, always check if these are managed by projen and suggest changes to .projenrc instead. + +### Dependencies + +- **Add dependencies through projen**: Use the projen configuration to add dependencies instead of manually editing package.json or using npm/yarn install directly. +- **Example**: In .projenrc, use methods like `addDeps()`, `addDevDeps()`, or `addPeerDeps()` to add dependencies. + +### Workflow + +1. Make changes to .projenrc configuration file +2. Run `npx projen` to synthesize and update generated files +3. Review the changes +4. Commit both .projenrc and the generated files + +## Projen Configuration + +This project's configuration is defined in the .projenrc file at the root of the repository. All project metadata, dependencies, scripts, and tooling configuration should be managed through this file. + +## Additional Resources + +- [Projen Documentation](https://projen.io) +- [Projen GitHub Repository](https://github.com/projen/projen) + +# Development Best Practices + +- **Always run build after changes**: After modifying any source or test file, run `npx projen build` to ensure your changes compile and pass all tests. +- **Task completion criteria**: A task is not considered complete until: + - All tests pass (`npx projen test`) + - There are no compilation errors (`npx projen compile`) + - There are no linting errors (usually part of the build, if not, run the linter defined in tasks.json) + - The full build succeeds (`npx projen build`) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 335c8d2..1fd20f8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -41,11 +41,6 @@ jobs: run: pnpm i --no-frozen-lockfile - name: build run: npx projen build - - name: Upload coverage to Codecov - uses: codecov/codecov-action@v5 - with: - token: ${{ secrets.CODECOV_TOKEN }} - directory: coverage - name: Find mutations id: self_mutation run: |- diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 903019b..f193702 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -50,11 +50,6 @@ jobs: run: pnpm i --frozen-lockfile - name: release run: npx projen release - - name: Upload coverage to Codecov - uses: codecov/codecov-action@v5 - with: - token: ${{ secrets.CODECOV_TOKEN }} - directory: coverage - name: Check if version has already been tagged id: check_tag_exists run: |- @@ -143,8 +138,14 @@ jobs: path: .repo - name: Install Dependencies run: cd .repo && pnpm i --frozen-lockfile - - name: Remove ~/.npmrc file for release - run: rm ~/.npmrc || true + - name: Update registry auth for publishing + env: + NPM_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: |- + cat > ~/.npmrc <` instead of directly using npm, yarn, or other package managers. +- **Check available tasks**: Look in `.projen/tasks.json` to see all available tasks, their descriptions, and steps. +- **Common tasks**: + - `npx projen` - Synthesize project configuration files + - `npx projen build` - Builds the project, including running tests + - `npx projen test` - Runs tests only + - `npx projen compile` - Compiles the source code only + +### File Modifications + +- **DO NOT manually edit generated files**: Files marked with a comment like "~~ Generated by projen. To modify..." should never be edited directly. +- **Modify configuration in .projenrc**: To change project configuration, always edit the `.projenrc.ts`, `.projenrc.py` or `.projenrc.json` etc. file and then run `npx projen` to regenerate the project files. +- **Check .projenrc first**: Before suggesting changes to package.json, tsconfig.json, or other configuration files, always check if these are managed by projen and suggest changes to .projenrc instead. + +### Dependencies + +- **Add dependencies through projen**: Use the projen configuration to add dependencies instead of manually editing package.json or using npm/yarn install directly. +- **Example**: In .projenrc, use methods like `addDeps()`, `addDevDeps()`, or `addPeerDeps()` to add dependencies. + +### Workflow + +1. Make changes to .projenrc configuration file +2. Run `npx projen` to synthesize and update generated files +3. Review the changes +4. Commit both .projenrc and the generated files + +## Projen Configuration + +This project's configuration is defined in the .projenrc file at the root of the repository. All project metadata, dependencies, scripts, and tooling configuration should be managed through this file. + +## Additional Resources + +- [Projen Documentation](https://projen.io) +- [Projen GitHub Repository](https://github.com/projen/projen) + +# Development Best Practices + +- **Always run build after changes**: After modifying any source or test file, run `npx projen build` to ensure your changes compile and pass all tests. +- **Task completion criteria**: A task is not considered complete until: + - All tests pass (`npx projen test`) + - There are no compilation errors (`npx projen compile`) + - There are no linting errors (usually part of the build, if not, run the linter defined in tasks.json) + - The full build succeeds (`npx projen build`) diff --git a/.npmignore b/.npmignore index 5e8ae35..0696454 100644 --- a/.npmignore +++ b/.npmignore @@ -24,6 +24,12 @@ dist tsconfig.tsbuildinfo /.eslintrc.json !.jsii +.github/copilot-instructions.md +.cursor/rules/project.md +CLAUDE.md +.amazonq/rules/project.md +.kiro/steering/project.md +AGENTS.md /.gitattributes /.projenrc.ts /projenrc diff --git a/.projen/deps.json b/.projen/deps.json index 391e351..a8d1fbb 100644 --- a/.projen/deps.json +++ b/.projen/deps.json @@ -162,7 +162,7 @@ }, { "name": "constructs", - "version": "^10.0.5", + "version": "^10.5.1", "type": "peer" }, { diff --git a/.projen/files.json b/.projen/files.json index 2b497f7..b136054 100644 --- a/.projen/files.json +++ b/.projen/files.json @@ -1,7 +1,10 @@ { "files": [ + ".amazonq/rules/project.md", + ".cursor/rules/project.md", ".eslintrc.json", ".gitattributes", + ".github/copilot-instructions.md", ".github/pull_request_template.md", ".github/workflows/add-to-project.yml", ".github/workflows/add-to-update-projen-project.yml", @@ -12,6 +15,7 @@ ".github/workflows/renovate.yml", ".github/workflows/update-projen-main.yml", ".gitignore", + ".kiro/steering/project.md", ".mergify.yml", ".npmrc", ".nvmrc", @@ -20,6 +24,8 @@ ".projen/deps.json", ".projen/files.json", ".projen/tasks.json", + "AGENTS.md", + "CLAUDE.md", "LICENSE", "renovate.json5", "tsconfig.dev.json" diff --git a/AGENTS.md b/AGENTS.md new file mode 100644 index 0000000..efd17c8 --- /dev/null +++ b/AGENTS.md @@ -0,0 +1,51 @@ +# Projen-managed Project Instructions + +This project is managed by [projen](https://github.com/projen/projen), a project configuration management tool. + +## Important Guidelines + +### Task Execution + +- **Always use projen for task execution**: Run tasks using `npx projen ` instead of directly using npm, yarn, or other package managers. +- **Check available tasks**: Look in `.projen/tasks.json` to see all available tasks, their descriptions, and steps. +- **Common tasks**: + - `npx projen` - Synthesize project configuration files + - `npx projen build` - Builds the project, including running tests + - `npx projen test` - Runs tests only + - `npx projen compile` - Compiles the source code only + +### File Modifications + +- **DO NOT manually edit generated files**: Files marked with a comment like "~~ Generated by projen. To modify..." should never be edited directly. +- **Modify configuration in .projenrc**: To change project configuration, always edit the `.projenrc.ts`, `.projenrc.py` or `.projenrc.json` etc. file and then run `npx projen` to regenerate the project files. +- **Check .projenrc first**: Before suggesting changes to package.json, tsconfig.json, or other configuration files, always check if these are managed by projen and suggest changes to .projenrc instead. + +### Dependencies + +- **Add dependencies through projen**: Use the projen configuration to add dependencies instead of manually editing package.json or using npm/yarn install directly. +- **Example**: In .projenrc, use methods like `addDeps()`, `addDevDeps()`, or `addPeerDeps()` to add dependencies. + +### Workflow + +1. Make changes to .projenrc configuration file +2. Run `npx projen` to synthesize and update generated files +3. Review the changes +4. Commit both .projenrc and the generated files + +## Projen Configuration + +This project's configuration is defined in the .projenrc file at the root of the repository. All project metadata, dependencies, scripts, and tooling configuration should be managed through this file. + +## Additional Resources + +- [Projen Documentation](https://projen.io) +- [Projen GitHub Repository](https://github.com/projen/projen) + +# Development Best Practices + +- **Always run build after changes**: After modifying any source or test file, run `npx projen build` to ensure your changes compile and pass all tests. +- **Task completion criteria**: A task is not considered complete until: + - All tests pass (`npx projen test`) + - There are no compilation errors (`npx projen compile`) + - There are no linting errors (usually part of the build, if not, run the linter defined in tasks.json) + - The full build succeeds (`npx projen build`) diff --git a/CLAUDE.md b/CLAUDE.md index 14c8ee5..efd17c8 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -1,154 +1,51 @@ -# CLAUDE.md +# Projen-managed Project Instructions -This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. +This project is managed by [projen](https://github.com/projen/projen), a project configuration management tool. -## Project Overview +## Important Guidelines -`@time-loop/cdk-aurora` is an opinionated AWS CDK construct library for deploying PostgreSQL Aurora clusters with best practices baked in. It provides a high-level abstraction that includes user management, secrets rotation, RDS Proxy, and database provisioning through custom CloudFormation resources. +### Task Execution -## Key Architecture Components +- **Always use projen for task execution**: Run tasks using `npx projen ` instead of directly using npm, yarn, or other package managers. +- **Check available tasks**: Look in `.projen/tasks.json` to see all available tasks, their descriptions, and steps. +- **Common tasks**: + - `npx projen` - Synthesize project configuration files + - `npx projen build` - Builds the project, including running tests + - `npx projen test` - Runs tests only + - `npx projen compile` - Compiles the source code only -### Main Construct (`src/aurora.ts`) -The `Aurora` class is the primary construct that orchestrates: -- **Aurora PostgreSQL Cluster**: Configured with encryption, CloudWatch logs, and performance insights -- **Three User Types**: Manager (admin), Writer (DML), and Reader (read-only) with separate SecretsManager secrets -- **RDS Proxy**: Optional proxy for connection pooling (default enabled, incompatible with multi-user rotation) -- **Custom Provisioners**: Lambda-backed CloudFormation custom resources for database and user provisioning -- **Activity Stream**: Optional database activity monitoring +### File Modifications -### Provisioning System -Custom CloudFormation resources handle runtime database configuration: -- **Database Provisioner** (`src/aurora.provision-database.ts`): Creates databases, schemas, and role grants -- **User Provisioner** (`src/aurora.provision-user.ts`): Creates users, manages passwords, grants roles +- **DO NOT manually edit generated files**: Files marked with a comment like "~~ Generated by projen. To modify..." should never be edited directly. +- **Modify configuration in .projenrc**: To change project configuration, always edit the `.projenrc.ts`, `.projenrc.py` or `.projenrc.json` etc. file and then run `npx projen` to regenerate the project files. +- **Check .projenrc first**: Before suggesting changes to package.json, tsconfig.json, or other configuration files, always check if these are managed by projen and suggest changes to .projenrc instead. -### Multi-User Rotation Pattern -Uses AWS SecretsManager multi-user rotation with `_clone` users. **WARNING**: Fundamentally incompatible with RDS Proxy (see README.md proxy section). The proxy immediately blocks the old user when rotation occurs, defeating the "window of opportunity" pattern. +### Dependencies -## Common Commands +- **Add dependencies through projen**: Use the projen configuration to add dependencies instead of manually editing package.json or using npm/yarn install directly. +- **Example**: In .projenrc, use methods like `addDeps()`, `addDevDeps()`, or `addPeerDeps()` to add dependencies. -### Build and Test -```bash -# Full build (compile + test + package) -pnpm build +### Workflow -# Compile TypeScript only -pnpm compile +1. Make changes to .projenrc configuration file +2. Run `npx projen` to synthesize and update generated files +3. Review the changes +4. Commit both .projenrc and the generated files -# Run tests -pnpm test +## Projen Configuration -# Run tests in watch mode -pnpm test:watch +This project's configuration is defined in the .projenrc file at the root of the repository. All project metadata, dependencies, scripts, and tooling configuration should be managed through this file. -# Lint -pnpm eslint -``` +## Additional Resources -### Running Single Tests -```bash -# Run a specific test file -pnpm test -- test/aurora.test.ts +- [Projen Documentation](https://projen.io) +- [Projen GitHub Repository](https://github.com/projen/projen) -# Run tests matching a pattern -pnpm test -- -t "provision-database" -``` +# Development Best Practices -### Projen Management -This project uses Projen for project configuration. All changes should be made via `.projenrc.ts`: -```bash -# Regenerate project files from .projenrc.ts -pnpm projen - -# Update dependencies -pnpm upgrade -``` - -**Important**: Do NOT manually edit `package.json`, test configs, or other generated files. Edit `.projenrc.ts` and run `pnpm projen` instead. - -## Development Patterns - -### Testing -- Tests use Jest with `sinon` for mocking -- Database provisioner tests mock `pg` client connections -- CDK snapshot tests verify synthesized CloudFormation templates -- Test files mirror source structure: `test/aurora.*.test.ts` corresponds to `src/aurora.*.ts` - -### Lambda Bundling -Lambda functions bundle external AWS SDK clients to avoid runtime issues: -- `bundledDeps`: `@aws-sdk/client-rds`, `@aws-sdk/client-secrets-manager`, `aws-xray-sdk-core`, `pg`, `pg-format` -- These are declared as `externalModules` in `bundling` config (paradoxically - this tells esbuild to bundle them) -- Node modules like `pg` and `pg-format` use `nodeModules` in bundling config - -### Security Groups -- Cluster and Proxy can have custom security groups via `securityGroups` and `proxySecurityGroups` props -- Default behavior creates new security groups -- Provisioning lambdas automatically get ingress rules to cluster - -### VPC Subnets -- Default: `PRIVATE_WITH_EGRESS` subnets for cluster, proxy, and lambdas -- Configurable via `vpcSubnets` prop -- All components (cluster, proxy, provisioners) use same subnet selection - -## Parameter Groups and Parameters - -The construct supports two mutually exclusive approaches for cluster configuration: -- `parameterGroup`: Pass an existing `IParameterGroup` -- `parameters`: Pass a map of parameter key-value pairs (auto-creates parameter group) - -**Default parameters** (used when neither is specified): -```typescript -{ - 'rds.logical_replication': '1', - max_replication_slots: '10', - max_wal_senders: '10', - wal_sender_timeout: '0' -} -``` - -## Important Gotchas - -1. **Proxy + Multi-User Rotation**: Do NOT use together. Set `skipAddRotationMultiUser: true` OR `skipProxy: true`. - -2. **Provisioning Dependencies**: - - User provisioning depends on database provisioning (roles must exist) - - User provisioning depends on proxy deployment (needs endpoint) - - Use `skipProvisionDatabase` and `skipUserProvisioning` for bootstrapping - -3. **Instance Count**: The `instances` prop is TOTAL count. The construct creates 1 writer + (instances - 1) readers. - -4. **Secret Naming**: Uses `multi-convention-namer` for consistent naming. Can prefix with `secretPrefix` for multiple clusters in same account. - -5. **Removal Policy**: The construct accepts `removalPolicy` prop but applies it differently across resources. Consider implementing the aspect pattern from `AURORA_DELETION_POLICY_IMPLEMENTATION.md` for comprehensive control. - -## Troubleshooting Database Issues - -See README.md "Troubleshooting" section for manual SQL commands to verify/fix: -- Database connection privileges (`\l`, `GRANT CONNECT`) -- Schema usage (`\dn+`, `GRANT USAGE`) -- Default privileges (`\ddp`, `ALTER DEFAULT PRIVILEGES`) -- Table privileges (`\dp`, `GRANT SELECT/INSERT/UPDATE/DELETE`) - -## Connection via JumpBox - -The README.md provides a complete script for connecting to Aurora through an SSM-enabled EC2 jump box. Key steps: -1. Install AWS Session Manager plugin -2. Configure SSH to use Session Manager as ProxyCommand -3. Fetch SSH key from SecretsManager -4. Create SSH tunnel to either cluster (manager) or proxy (reader/writer) -5. Use `psql` through tunnel - -## File Structure - -``` -src/ - aurora.ts # Main construct - aurora.provision-database.ts # Database provisioner lambda - aurora.provision-user.ts # User provisioner lambda - aurora.activity-stream.ts # Activity stream custom resource - helpers.ts # Shared utilities - index.ts # Public exports -test/ - aurora.test.ts # Construct snapshot tests - aurora.provision-*.test.ts # Provisioner unit tests - aurora.activity-stream.*.test.ts # Activity stream tests -``` +- **Always run build after changes**: After modifying any source or test file, run `npx projen build` to ensure your changes compile and pass all tests. +- **Task completion criteria**: A task is not considered complete until: + - All tests pass (`npx projen test`) + - There are no compilation errors (`npx projen compile`) + - There are no linting errors (usually part of the build, if not, run the linter defined in tasks.json) + - The full build succeeds (`npx projen build`) diff --git a/package.json b/package.json index b032af3..3226a6a 100644 --- a/package.json +++ b/package.json @@ -35,7 +35,7 @@ "organization": true }, "devDependencies": { - "@time-loop/clickup-projen": "^1.23.1", + "@time-loop/clickup-projen": "^1.24.2", "@types/jest": "^29.5.14", "@types/node": "^18", "@types/pg": "^8.15.6", @@ -46,7 +46,7 @@ "aws-cdk-lib": "2.188.0", "aws-sdk-client-mock": "^4.1.0", "commit-and-tag-version": "^12", - "constructs": "10.0.5", + "constructs": "10.5.1", "esbuild": "^0.23.0", "eslint": "^9", "eslint-config-prettier": "^9.1.2", @@ -63,7 +63,7 @@ "jsii-rosetta": "~5.8.0", "multi-convention-namer": "0.1.12", "prettier": "^3.7.3", - "projen": "^0.98.26", + "projen": "^0.99.17", "sinon": "^21.0.0", "sinon-spy-utils": "^1.0.6", "ts-jest": "^29.4.6", @@ -72,7 +72,7 @@ }, "peerDependencies": { "aws-cdk-lib": "^2.188.0", - "constructs": "^10.0.5", + "constructs": "^10.5.1", "multi-convention-namer": "^0.1.12" }, "dependencies": { diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 07e70e0..f33dc50 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -25,8 +25,8 @@ importers: version: 1.0.4 devDependencies: '@time-loop/clickup-projen': - specifier: ^1.23.1 - version: 1.23.1(projen@0.98.26(constructs@10.0.5)) + specifier: ^1.24.2 + version: 1.24.2(projen@0.99.17(constructs@10.5.1)) '@types/jest': specifier: ^29.5.14 version: 29.5.14 @@ -50,7 +50,7 @@ importers: version: 8.24.0(eslint@9.20.1)(typescript@5.7.3) aws-cdk-lib: specifier: 2.188.0 - version: 2.188.0(constructs@10.0.5) + version: 2.188.0(constructs@10.5.1) aws-sdk-client-mock: specifier: ^4.1.0 version: 4.1.0 @@ -58,8 +58,8 @@ importers: specifier: ^12 version: 12.4.2 constructs: - specifier: 10.0.5 - version: 10.0.5 + specifier: 10.5.1 + version: 10.5.1 esbuild: specifier: ^0.23.0 version: 0.23.0 @@ -109,8 +109,8 @@ importers: specifier: ^3.7.3 version: 3.7.4 projen: - specifier: ^0.98.26 - version: 0.98.26(constructs@10.0.5) + specifier: ^0.99.17 + version: 0.99.17(constructs@10.5.1) sinon: specifier: ^21.0.0 version: 21.0.0 @@ -1262,11 +1262,11 @@ packages: resolution: {integrity: sha512-4aUIteuyxtBUhVdiQqcDhKFitwfd9hqoSDYY2KRXiWtgoWJ9Bmise+KfEPDiVHWeJepvF8xJO9/9+WDIciMFFw==} engines: {node: '>=18.0.0'} - '@time-loop/clickup-projen@1.23.1': - resolution: {integrity: sha512-cxR5X4vOXeI1cc64cA37hB5qYLHhEj8ABMFrVCejefjarw2t5fVq5fUVPNbvAC6ik10w1xzjGHNy8JT802lxOw==, tarball: https://npm.pkg.github.com/download/@time-loop/clickup-projen/1.23.1/1266e43a508fdbb6fc74b2550b56c1261b17b4d1} + '@time-loop/clickup-projen@1.24.2': + resolution: {integrity: sha512-HNA4Lbt0MWNvZxVCbmgKPdkNhA5X5coXYYm9AZ+vQ58a32M3JlGmgnEIaBO49B4I7yLYZYosjyvu0WccyLumSw==, tarball: https://npm.pkg.github.com/download/@time-loop/clickup-projen/1.24.2/8e78c20e585cc7496ad55b77925cb39c404ec71f} engines: {node: '>= 18.17.1'} peerDependencies: - projen: ^0.98.6 + projen: ^0.99.9 bundledDependencies: - cson-parser - semver @@ -1836,9 +1836,8 @@ packages: resolution: {integrity: sha512-MWufYdFw53ccGjCA+Ol7XJYpAlW6/prSMzuPOTRnJGcGzuhLn4Scrz7qf6o8bROZ514ltazcIFJZevcfbo0x7A==} engines: {'0': node >= 6.0} - constructs@10.0.5: - resolution: {integrity: sha512-IwOwekzrASFC3qt4ozCtV09rteAIAesuCGsW0p+uBfqHd2XcvA5CXqJjgf4eUqm6g8e/noXlVCMDWwC8GaLtrg==} - engines: {node: '>= 10.17.0'} + constructs@10.5.1: + resolution: {integrity: sha512-f/TfFXiS3G/yVIXDjOQn9oTlyu9Wo7Fxyjj7lb8r92iO81jR2uST+9MstxZTmDGx/CgIbxCXkFXgupnLTNxQZg==} conventional-changelog-angular@6.0.0: resolution: {integrity: sha512-6qLgrBF4gueoC7AFVHu51nHL9pF9FRjXrH+ceVf7WmAfH3gs+gEYOkvxhjMPjZu57I4AGUGoNTY8V7Hrgf1uqg==} @@ -2520,15 +2519,16 @@ packages: glob@10.0.0: resolution: {integrity: sha512-zmp9ZDC6NpDNLujV2W2n+3lH+BafIVZ4/ct+Yj3BMZTH/+bgm/eVjHzeFLwxJrrIGgjjS2eiQLlpurHsNlEAtQ==} engines: {node: '>=16 || 14 >=14.17'} + deprecated: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me glob@7.2.3: resolution: {integrity: sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==} - deprecated: Glob versions prior to v9 are no longer supported + deprecated: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me glob@8.1.0: resolution: {integrity: sha512-r8hpEjiQEYlF2QU0df3dS+nxxSIreXQS1qRhMJM0Q5NDdR386C7jb7Hwwod8Fgiuex+k0GFjgft18yvxm5XoCQ==} engines: {node: '>=12'} - deprecated: Glob versions prior to v9 are no longer supported + deprecated: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me globals@11.12.0: resolution: {integrity: sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==} @@ -3601,8 +3601,8 @@ packages: process-nextick-args@2.0.1: resolution: {integrity: sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==} - projen@0.98.26: - resolution: {integrity: sha512-M92WwmFwr134VpFDVwGDdpB/pcTDKs7lwbgD5fYQn/F/T4QOSaFcCbHmp/nhw0oendGb8a9p9m/zIbalVbim4w==} + projen@0.99.17: + resolution: {integrity: sha512-QhfkTKFV4ecAPesqnF9Z7WQ9sXkb7D5ESzq4ciri5m5t8hTltAuC5o4x+P9vqvt/673avSVgSI74ARYdnDAzSw==} engines: {node: '>= 16.0.0'} hasBin: true peerDependencies: @@ -4253,6 +4253,7 @@ packages: whatwg-encoding@3.1.1: resolution: {integrity: sha512-6qN4hJdMwfYBtE3YBTTHhoeuUrDBPZmbQaxWAqSALV/MeEnR5z1xd8UKud2RAkFoPkmB+hli1TZSnyi84xz1vQ==} engines: {node: '>=18'} + deprecated: Use @exodus/bytes instead for a more spec-conformant and faster implementation whatwg-mimetype@4.0.0: resolution: {integrity: sha512-QaKxh0eNIi2mE9p2vEdzfagOKHCcj1pJ56EEHGQOVxp8r9/iszLUUV7v89x9O1p/T+NlTM5W7jW6+cz4Fq1YVg==} @@ -6389,9 +6390,9 @@ snapshots: dependencies: tslib: 2.8.1 - '@time-loop/clickup-projen@1.23.1(projen@0.98.26(constructs@10.0.5))': + '@time-loop/clickup-projen@1.24.2(projen@0.99.17(constructs@10.5.1))': dependencies: - projen: 0.98.26(constructs@10.0.5) + projen: 0.99.17(constructs@10.5.1) '@tsconfig/node10@1.0.11': {} @@ -6778,12 +6779,12 @@ snapshots: dependencies: possible-typed-array-names: 1.0.0 - aws-cdk-lib@2.188.0(constructs@10.0.5): + aws-cdk-lib@2.188.0(constructs@10.5.1): dependencies: '@aws-cdk/asset-awscli-v1': 2.2.231 '@aws-cdk/asset-node-proxy-agent-v6': 2.1.0 '@aws-cdk/cloud-assembly-schema': 41.2.0 - constructs: 10.0.5 + constructs: 10.5.1 aws-sdk-client-mock@4.1.0: dependencies: @@ -7038,7 +7039,7 @@ snapshots: readable-stream: 3.6.2 typedarray: 0.0.6 - constructs@10.0.5: {} + constructs@10.5.1: {} conventional-changelog-angular@6.0.0: dependencies: @@ -9218,9 +9219,9 @@ snapshots: process-nextick-args@2.0.1: {} - projen@0.98.26(constructs@10.0.5): + projen@0.99.17(constructs@10.5.1): dependencies: - constructs: 10.0.5 + constructs: 10.5.1 prompts@2.4.2: dependencies: diff --git a/renovate.json5 b/renovate.json5 index bffa26a..7904fc3 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -85,7 +85,6 @@ "pnpm/action-setup", "amannn/action-semantic-pull-request", "actions/setup-node", - "codecov/codecov-action", "actions/upload-artifact", "Glennmen/datadog-event-action", "rtCamp/action-slack-notify", From fc1e1bc684463179bfb309eab9faaa7ffed0210c Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 1 Mar 2026 00:45:37 +0000 Subject: [PATCH 2/2] chore: self mutation Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- API.md | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/API.md b/API.md index 6322d6b..917eeda 100644 --- a/API.md +++ b/API.md @@ -71,6 +71,7 @@ new Aurora(scope: Construct, id: Namer, props: AuroraProps) | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | +| with | Applies one or more mixins to this construct. | --- @@ -82,6 +83,27 @@ public toString(): string Returns a string representation of this construct. +##### `with` + +```typescript +public with(mixins: IMixin): IConstruct +``` + +Applies one or more mixins to this construct. + +Mixins are applied in order. The list of constructs is captured at the +start of the call, so constructs added by a mixin will not be visited. +Use multiple `with()` calls if subsequent mixins should apply to added +constructs. + +###### `mixins`Required + +- *Type:* constructs.IMixin + +The mixins to apply. + +--- + #### Static Functions | **Name** | **Description** | @@ -90,7 +112,7 @@ Returns a string representation of this construct. --- -##### ~~`isConstruct`~~ +##### `isConstruct` ```typescript import { Aurora } from '@time-loop/cdk-aurora' @@ -100,6 +122,20 @@ Aurora.isConstruct(x: any) Checks if `x` is a construct. +Use this method instead of `instanceof` to properly detect `Construct` +instances, even when the construct library is symlinked. + +Explanation: in JavaScript, multiple copies of the `constructs` library on +disk are seen as independent, completely different libraries. As a +consequence, the class `Construct` in each copy of the `constructs` library +is seen as a different class, and an instance of one class will not test as +`instanceof` the other class. `npm install` will not create installations +like this, but users may manually symlink construct libraries together or +use a monorepo tool: in those cases, multiple copies of the `constructs` +library can be accidentally installed, and `instanceof` will behave +unpredictably. It is safest to avoid using `instanceof`, and using +this type-testing method instead. + ###### `x`Required - *Type:* any