Conversation
Change `max-age:47304000` to `max-age=47304000` — the colon was invalid per RFC 6797 and could cause browsers to ignore the header entirely. Made-with: Cursor
- Use bash strict mode (set -eu -o pipefail) via SHELL/.SHELLFLAGS - Parameterize all tool paths (PYTHON, PIP, YQ, NPM, CDK, CC, CXX) so they can be overridden via environment variables - Rewrite get_config helper with proper quoting and null handling - Replace nested ifeq blocks with ?= defaults for PROFILE, REGION, etc. - Add validation targets (require-yq, require-aws-config) as prerequisites for deploy-related rules - Consolidate bootstrap into a single invocation using $(if ...) for optional --profile flag - Add self-documenting help target as .DEFAULT_GOAL - Deduplicate ECR account numbers with sort -u - Fix quoting and formatting throughout (pytest args, validate-deps) Made-with: Cursor
- Bump aws-cdk-lib 2.238→2.243, @aws-sdk/* 3.893→3.1009, constructs 10.4→10.5, zod 4.1→4.3 - Bump dev tooling: jest 30.2→30.3, esbuild 0.27.1→0.27.4, eslint 10.0.2→10.0.3, cypress 15.7→15.12, lightningcss 1.30→1.32 - Pin fastmcp>=2.10.0,<3.0.0 and add mcp>=1.26.0,<2.0.0 for MCP Workbench and dev requirements - Add @modelcontextprotocol/sdk ~1.27.1 and @rolldown/pluginutils to React UI - Remove unused deps: aws-sdk v2, @types/redux-persist, @types/uuid, @vitest/coverage-istanbul - Use --workspaces instead of shorthand -ws in npm run scripts Made-with: Cursor
…CDK APIs Eliminate redundant SSM parameter lookups for the bucket-access-logs bucket. CoreStack now exposes loggingBucket as a public property and passes it through the stack hierarchy to all constructs that need it (ApiBase, Docs, MCP, Models, RAG, McpWorkbench, UserInterface), removing 6+ Bucket.fromBucketArn(StringParameter.valueForStringParameter) calls and reducing cross-stack SSM dependencies. Also migrates deprecated CDK APIs: - State machines: definition → definitionBody (pipeline, create-store, delete-store) - Lambda: logRetention → explicit LogGroup construct - Node layer: remove redundant --production from npm install --omit=dev Made-with: Cursor
- Add macOS tab to deploy.md with Homebrew + mise setup instructions for Python 3.13 and Node 24 - Standardize list markers (- → *), add missing blank lines before and after code fences, fix heading punctuation throughout deploy.md and repositories.md - Fix VitePress config to escape Array<T> as Array<T> preventing HTML rendering issues in generated documentation - Clean up README spacing between sections - Add docs/ to .gitignore for generated documentation output Made-with: Cursor
Replace convert-and-upload-model.sh with prepare-and-upload-model.sh providing a more comprehensive model preparation workflow. Rewrite fast-s3-transfer.sh with: - Bash strict mode (set -euo pipefail) - Input validation with die() helper and clear error messages - Simplified s5cmd sync (replaced aws s3 ls | xargs pattern) - Proper argument parsing with unknown-arg handling - --help now exits 0 instead of 1 Made-with: Cursor
- Convert all 16 page-level route imports to React.lazy() with a Suspense fallback spinner, reducing the initial JS bundle size - Move env.js and git-info.js loading from index.html <script> tags to dynamic loadRuntimeScript() in main.tsx, ensuring runtime config is available before React hydration - Normalize BASE_URL in vite.config.ts with guaranteed leading/trailing slashes to fix asset paths in nested deployments - Expand optimizeDeps.include for Cloudscape packages to improve dev server cold-start - Add chunkSizeWarningLimit: 2300 for the larger code-split bundles - Switch vitest coverage provider from istanbul to v8 - Improve Sessions sidebar button layout with vertical SpaceBetween Made-with: Cursor
- STDIO servers now default to python:3.13-slim-bookworm (needed for mcp-proxy pip install); HTTP/SSE servers keep node:24-slim - Add entrypoint script handling for non-prebuilt, non-S3 containers so START_COMMAND is honoured even when no custom image or S3 artifacts are provided Made-with: Cursor
drduhe
force-pushed
the
feat/mcp-aws-auth
branch
2 times, most recently
from
7329def to
2f6176d
Compare
drduhe
force-pushed
the
feat/mcp-aws-auth
branch
2 times, most recently
from
7058e93 to
66c30be
Compare
Add per-user, per-session AWS credential management so MCP tools can execute AWS operations on behalf of authenticated users. Backend (mcpworkbench.aws package): - AwsSessionRecord model with expiration tracking - InMemoryAwsSessionStore with configurable safety margin for near-expiry eviction - AwsStsClient for credential validation (GetCallerIdentity) and session minting (GetSessionToken); handles both long-term IAM and temporary credentials - CallerIdentity extraction from JWT/request headers - FastAPI routes (POST /connect, DELETE /connect, GET /status) mounted at /api/aws on the MCP server via separate CORS+OIDC sub-app - Shared singletons ensure routes and tools use the same credential store Frontend: - AwsCredentialsPanel component with connection status, expiration countdown, and connect/disconnect/reconnect actions - Integrated into SessionConfiguration when MCP connections are enabled - X-Session-Id header propagated through MCP hooks to scope credentials per chat session Lambda syntax validator: - Auto-stub finder (_McpWorkbenchStubFinder) for mcpworkbench.* subpackages not explicitly mocked during validation - Fixed mock module hierarchy (__path__, __package__) so Python treats them as proper packages Includes sample aws_s3_tools.py demonstrating credential consumption and comprehensive tests across 5 new test files. Made-with: Cursor
drduhe
force-pushed
the
feat/mcp-aws-auth
branch
from
66c30be to
07c39ac
Compare
There was a problem hiding this comment.
Pull request overview
This PR adds per-session AWS credential management to MCP Workbench, improves build/deploy tooling and UI performance, and refactors CDK infrastructure to reduce redundant lookups and address deprecations across the stack.
Changes:
- Add MCP Workbench AWS session management (STS validation/minting, in-memory store/service, FastAPI
/api/aws/*routes) plus sample S3 tool and test suite. - Improve React UI performance and deployment correctness (route-level code splitting, runtime script loading, BASE_URL normalization, OIDC redirect URI fix, session-scoped MCP headers).
- Refactor CDK stacks and tooling (propagate logging bucket instead of repeated SSM lookups, migrate Step Functions definitions, update Makefile/scripts/deps, improve validator stubbing).
Reviewed changes
Copilot reviewed 71 out of 73 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| test/mcp-workbench/test_aws_sts_client.py | Adds unit tests for STS validation + session credential creation. |
| test/mcp-workbench/test_aws_session_store.py | Adds tests for in-memory session store + expiry/safety margin behavior. |
| test/mcp-workbench/test_aws_session_service.py | Adds tests for session service retrieval and missing/expired behavior. |
| test/mcp-workbench/test_aws_routes.py | Adds tests for /api/aws connect/status/disconnect endpoints. |
| test/mcp-workbench/test_aws_identity.py | Adds tests for header/JWT identity extraction helpers. |
| test/lambda/test_syntax_validator.py | Updates cleanup to remove stub finder from sys.meta_path. |
| test/lambda/test_response_builder.py | Updates HSTS assertion to match corrected header format. |
| test/cdk/stacks/roleOverrides.test.ts | Updates expected role counts after infra refactors. |
| test/cdk/mocks/MockApp.ts | Updates mocks to pass the propagated access-logs bucket. |
| scripts/prepare-and-upload-model.sh | New end-to-end model prep script (download/copy, optional safetensors conversion, upload). |
| scripts/fast-s3-transfer.sh | Hardens s5cmd wrapper (strict mode, validation, improved sync logic). |
| scripts/convert-and-upload-model.sh | Removes legacy script replaced by prepare-and-upload-model.sh. |
| requirements-dev.txt | Updates fastmcp range and adds mcp dependency for testing. |
| package.json | Updates dependency versions, removes aws-sdk v2, normalizes workspace script flags. |
| mcp_server_deployer/src/lib/ecsMcpServer.ts | Sets default base images and entrypoints for MCP server types. |
| lib/user-interface/userInterfaceConstruct.ts | Removes redundant SSM lookup by accepting access-logs bucket as a prop; fixes asset URI prefix. |
| lib/user-interface/react/vitest.config.ts | Switches coverage provider to v8. |
| lib/user-interface/react/vite.config.ts | Normalizes BASE_URL, adjusts chunk warning limit, expands optimizeDeps for Cloudscape. |
| lib/user-interface/react/src/pages/Home.tsx | Uses shared getRedirectUri() for OIDC redirects. |
| lib/user-interface/react/src/main.tsx | Dynamically loads runtime scripts pre-hydration; applies branding (favicon/title/theme); lazy imports store/app. |
| lib/user-interface/react/src/config/oidc.config.ts | Fixes redirect_uri/post_logout_redirect_uri to omit hash fragments. |
| lib/user-interface/react/src/components/settings/AwsCredentialsPanel.tsx | Adds AWS credentials UI panel (connect/disconnect/status). |
| lib/user-interface/react/src/components/chatbot/hooks/mcp.hooks.tsx | Propagates X-Session-Id for MCP connections and forces reconnection on session change. |
| lib/user-interface/react/src/components/chatbot/components/Sessions.tsx | Adjusts session action button layout and width consistency. |
| lib/user-interface/react/src/components/chatbot/components/SessionConfiguration.tsx | Refactors toggle grid generation; embeds AWS credentials panel when MCP connections enabled. |
| lib/user-interface/react/src/components/chatbot/Chat.tsx | Passes chat sessionId into MCP connection hook for session scoping. |
| lib/user-interface/react/src/components/Topbar.tsx | Uses getRedirectUri() for signin/signout redirect params. |
| lib/user-interface/react/src/components/Topbar.test.tsx | Updates test expectation to match new redirect URI helper. |
| lib/user-interface/react/src/App.tsx | Converts page routes to React.lazy + Suspense fallback for code splitting. |
| lib/user-interface/react/package.json | Adds MCP SDK dependency and updates coverage tooling deps. |
| lib/user-interface/react/index.html | Removes inline runtime script tags; tidies body/root classes. |
| lib/stages.ts | Propagates access-logs bucket through stage stack props. |
| lib/serve/mcpWorkbenchStack.ts | Requires bucketAccessLogsBucket in props and forwards it to construct. |
| lib/serve/mcpWorkbenchConstruct.ts | Uses propagated access-logs bucket; adds /api/aws/* routing in ALB listener rules. |
| lib/serve/mcp-workbench/src/mcpworkbench/server/mcp_server.py | Mounts AWS FastAPI sub-app at /api/aws with auth + CORS. |
| lib/serve/mcp-workbench/src/mcpworkbench/aws/sts_client.py | Implements STS wrapper for validation and session minting. |
| lib/serve/mcp-workbench/src/mcpworkbench/aws/session_store.py | Implements in-memory (user_id, session_id) session store with expiry eviction. |
| lib/serve/mcp-workbench/src/mcpworkbench/aws/session_service.py | Adds higher-level session retrieval helper with custom errors. |
| lib/serve/mcp-workbench/src/mcpworkbench/aws/session_models.py | Adds AwsSessionRecord with expiry logic. |
| lib/serve/mcp-workbench/src/mcpworkbench/aws/identity.py | Adds request-context-based identity extraction for tools via headers/JWT. |
| lib/serve/mcp-workbench/src/mcpworkbench/aws/aws_routes.py | Adds /connect, /status, /connect(DELETE) endpoints for session management. |
| lib/serve/mcp-workbench/src/mcpworkbench/aws/init.py | Exposes shared singletons for store/service/STS client and identity helpers. |
| lib/serve/mcp-workbench/src/examples/sample_tools/aws_s3_tools.py | Adds example MCP tool using stored session credentials to list S3 buckets. |
| lib/serve/mcp-workbench/pyproject.toml | Updates MCP workbench deps to include mcp and newer fastmcp. |
| lib/rag/vector-store/state_machine/delete-store.ts | Migrates Step Functions to definitionBody. |
| lib/rag/vector-store/state_machine/create-store.ts | Migrates Step Functions to definitionBody. |
| lib/rag/state_machine/pipeline-state-machine.ts | Migrates Step Functions to definitionBody. |
| lib/rag/ragConstruct.ts | Accepts propagated access-logs bucket instead of repeated SSM lookup. |
| lib/models/modelsApiConstruct.ts | Propagates access-logs bucket down into Models API construct. |
| lib/models/model-api.ts | Accepts access-logs bucket and forwards it to Docker image builder. |
| lib/models/docker-image-builder.ts | Accepts propagated access-logs bucket instead of SSM lookup; removes redundant npm flags. |
| lib/mcp/mcpApiConstruct.ts | Propagates access-logs bucket into MCP server API construct. |
| lib/mcp/mcp-server-api.ts | Accepts propagated access-logs bucket instead of repeated SSM lookup. |
| lib/docs/docConstruct.ts | Accepts propagated access-logs bucket instead of repeated SSM lookup. |
| lib/docs/config/repositories.md | Markdown formatting consistency updates. |
| lib/docs/config/model-compatibility.md | Adds missing blank line for Markdown rendering consistency. |
| lib/docs/admin/idp-config.md | Adds troubleshooting guidance and formatting improvements. |
| lib/docs/admin/deploy.md | Adds MacOS deployment tab and improves Markdown formatting/consistency. |
| lib/docs/.vitepress/config.mts | Escapes Array<T> to avoid HTML rendering issues in generated docs. |
| lib/core/layers/index.ts | Removes redundant --production from npm install --omit=dev. |
| lib/core/index.ts | Exposes logging bucket from CoreStack for reuse in downstream stacks. |
| lib/core/coreConstruct.ts | Stores logging bucket as a property and uses it for SSM parameter value. |
| lib/core/apiBaseConstruct.ts | Accepts propagated access-logs bucket instead of repeated SSM lookup. |
| lib/api-base/utils.ts | Replaces deprecated logRetention with explicit LogGroup wiring. |
| lambda/utilities/response_builder.py | Fixes invalid HSTS header directive syntax (max-age=). |
| lambda/mcp_workbench/syntax_validator.py | Adds stub module finder to avoid ImportError for non-mocked mcpworkbench.* imports. |
| cypress/src/support/chatHelpers.ts | Increases timeout to accommodate lazy-loaded routes. |
| cypress/src/smoke/support/commands.ts | Increases timeout to accommodate lazy-loaded routes. |
| cypress/package.json | Updates Cypress version. |
| README.md | Markdown formatting improvements (spacing and list markers). |
| Makefile | Overhauls Makefile (shell safety, portable tooling, validation targets, help target, deploy robustness). |
| .gitignore | Ignores generated docs/ output. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+38
to
+44
| def test_connect_aws_missing_fields_returns_400() -> None: | ||
| request = _make_request("/api/aws/connect", "POST", _headers()) | ||
| body: Dict[str, Any] = {"accessKeyId": "AKIA_TEST"} | ||
|
|
||
| with pytest.raises(Exception): | ||
| asyncio.run(aws_routes.connect_aws(request, body)) | ||
|
|
Comment on lines
+68
to
+75
| connect_request = _make_request("/api/aws/connect", "POST", _headers()) | ||
| body = { | ||
| "accessKeyId": "AKIA_TEST", | ||
| "secretAccessKey": "secret", | ||
| "region": "us-east-1", | ||
| } | ||
| connect_data = asyncio.run(aws_routes.connect_aws(connect_request, body)) | ||
| assert connect_data["accountId"] == "123456789012" |
Comment on lines
+107
to
+114
| connect_request = _make_request("/api/aws/connect", "POST", _headers()) | ||
| body = { | ||
| "accessKeyId": "AKIA_TEST", | ||
| "secretAccessKey": "secret", | ||
| "region": "us-east-1", | ||
| } | ||
| asyncio.run(aws_routes.connect_aws(connect_request, body)) | ||
|
|
Comment on lines
+8
to
+12
| from mcpworkbench.aws.session_service import ( | ||
| AwsSessionExpiredError, | ||
| AwsSessionMissingError, | ||
| AwsSessionService, | ||
| ) |
Comment on lines
+42
to
+49
| parts = token.split(".") | ||
| if len(parts) < 2: | ||
| return {} | ||
| payload = parts[1] | ||
| payload += "=" * (4 - len(payload) % 4) | ||
| try: | ||
| return json.loads(base64.urlsafe_b64decode(payload)) | ||
| except Exception: |
Comment on lines
+3
to
+7
| import base64 | ||
| import json | ||
| import logging | ||
| from datetime import datetime, timezone | ||
| from typing import Any, Dict |
Comment on lines
+25
to
+33
| parts = token.split(".") | ||
| if len(parts) < 2: | ||
| return {} | ||
| payload = parts[1] | ||
| # JWT base64url omits padding; restore it | ||
| payload += "=" * (4 - len(payload) % 4) | ||
| try: | ||
| return json.loads(base64.urlsafe_b64decode(payload)) | ||
| except Exception: |
Author
There was a problem hiding this comment.
Will fix and add a shared JWT decoder.
Comment on lines
+3
to
+5
| from dataclasses import dataclass, field | ||
| from datetime import datetime, timedelta, timezone | ||
| from typing import Dict, Tuple |
Comment on lines
+81
to
+85
| useEffect(() => { | ||
| void loadStatus(); | ||
| // eslint-disable-next-line react-hooks/exhaustive-deps | ||
| }, []); | ||
|
|
Comment on lines
+112
to
+115
| const logGroup = new LogGroup(scope, `${functionId}LogGroup`, { | ||
| logGroupName: `/aws/lambda/${functionId}`, | ||
| retention: RetentionDays.ONE_MONTH, | ||
| }); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue #, if available: N/A
PR: AWS Session Management, Makefile Overhaul, UI Performance & Infrastructure Improvements
Summary
This PR introduces per-session AWS credential management for MCP Workbench tools, rewrites the Makefile for robustness and portability, improves React UI performance with code splitting, refactors CDK infrastructure to eliminate redundant SSM lookups, and updates dependencies across the stack.
Major Changes
1. AWS Session Management for MCP Workbench (New Feature)
Adds a complete per-user, per-session AWS credential management system that allows MCP tools to execute AWS operations on behalf of authenticated users.
Backend (
lib/serve/mcp-workbench/src/mcpworkbench/aws/)session_models.py—AwsSessionRecorddataclass with expiration trackingsession_store.py—InMemoryAwsSessionStorewith configurable safety margin for near-expiry evictionsession_service.py—AwsSessionServicehigh-level retrieval withAwsSessionMissingError/AwsSessionExpiredErrorsts_client.py—AwsStsClientwrapping boto3 STS for credential validation (GetCallerIdentity) and session minting (GetSessionToken); handles both long-term IAM and temporary credentialsidentity.py—get_caller_identity()extracts user identity from JWT/request headersaws_routes.py— FastAPI router withPOST /connect,DELETE /connect,GET /statusendpoints; mounted at/api/awson the MCP server__init__.py— Shared singletons (shared_session_store,shared_session_service,shared_sts_client) ensuring routes and tools use the same credential storeFrontend (
lib/user-interface/react/)AwsCredentialsPanelcomponent — form for entering AWS access key, secret, optional session token, and region; shows connection status with expiration countdown, account ID, and ARNSessionConfigurationpanel when MCP connections are enabledX-Session-Idheader now propagated through MCP hooks to scope credentials per chat sessionsessionIdto force reconnection on session changeExample Tool
aws_s3_tools.py— Sampleaws_list_s3_bucketsMCP tool demonstrating how tools consume session credentials without requiring the LLM to supply identityTests — Full coverage across 5 new test files:
test_aws_session_store.py— set/get/delete, expiration, safety margintest_aws_session_service.py— retrieval, missing, expiredtest_aws_sts_client.py— validate credentials, create session, failure pathstest_aws_identity.py— caller identity extractiontest_aws_routes.py— connect, disconnect, status, error handling2. Makefile Overhaul
Complete rewrite of the project
Makefilefor correctness, portability, and maintainability:SHELL := /usr/bin/env bashwith-eu -o pipefail -cPYTHON,PIP,YQ,NPM,CDK,CC,CXXall overridable via environmentget_confighelper rewritten with proper quoting and null handlingrequire-yqandrequire-aws-configtargets with clear error messages; deploy-related targets depend on themPROFILE,DEPLOYMENT_NAME,REGION, etc. use?=instead of nestedifeqblocksACCOUNT_NUMBERS_ECRdeduped withsort -u$(CDK) bootstrapinvocation with$(if ...)for optional--profilehelptarget (set as.DEFAULT_GOAL) with formatted output--cov=style args, proper quoting invalidate-deps3. React UI Performance Improvements
React.lazy()withSuspensefallback spinner — reduces initial bundle sizeenv.jsandgit-info.jsmoved from<script>tags inindex.htmlto dynamic loading inmain.tsxvialoadRuntimeScript(), ensuring they're loaded before React hydrationchunkSizeWarningLimit: 2300, expandedoptimizeDeps.includefor Cloudscape packages, normalizedBASE_URLhandling with leading/trailing slash logicistanbultov8in vitest config@types/redux-persist,@types/uuid,@vitest/coverage-istanbulSpaceBetweenwithfullWidthfor consistent layoutgridDefinitionbased on which toggle items are visible4. CDK Infrastructure Refactoring
bucketAccessLogsBucketis now exposed as a public property fromCoreStack/CoreConstructand passed as a prop through the entire stack hierarchy (LisaApiBaseProps,LisaRagProps,LisaDocsProps,LisaMcpApiProps,LisaModelsApiProps,McpWorkbenchStack,UserInterfaceProps,DockerImageBuilderProps). This eliminates 6+ redundantBucket.fromBucketArn(... StringParameter.valueForStringParameter(...))lookups, reducing cross-stack SSM dependencies.definitionproperty todefinitionBody: sfn.DefinitionBody.fromChainable(definition)(pipeline, create-store, delete-store)registerAPIEndpointnow creates an explicitLogGroupconstruct instead of using the deprecatedlogRetentionproperty--productionflag fromnpm install --omit=dev5. Lambda Syntax Validator Enhancements
_McpWorkbenchStubFinder(importlib.abc.MetaPathFinder) intercepts imports ofmcpworkbench.*subpackages not explicitly mocked (e.g.,mcpworkbench.aws.*), returning lightweight stub modules so tool validation succeeds withoutImportError__path__and__package__attributes so Python treats them as proper packages capable of having submodulesBug Fixes
Strict-Transport-Securityheader (response_builder.py): Fixedmax-age:47304000→max-age=47304000(colon was invalid per RFC 6797)BASE_URLnormalization: Ensures leading and trailing slashes are always present, fixing asset path issues in nested deploymentsuserInterfaceConstruct.ts): Fixed from''/${stage}/to'/'//${stage}/ensuring correct leading slashScripts
convert-and-upload-model.shwithprepare-and-upload-model.sh— new comprehensive model preparation scriptfast-s3-transfer.sh:set -euo pipefail, input validation,die()helpers5cmd sync(removedaws s3 ls | xargspattern)--helpnow exits0instead of1Documentation
deploy.mdwith Homebrew + mise instructions for Python 3.13 and Node 24-→*), added missing blank lines before/after code blocks, fixed heading punctuationArray<T>→Array<T>escaping to prevent HTML rendering issues in generated docsDependency Updates
aws-cdk-lib^2.238.0^2.243.0@aws-cdk/aws-lambda-python-alpha^2.238.0-alpha.0^2.243.0-alpha.0@aws-sdk/client-iam,client-ssm^3.893.0^3.1009.0constructs^10.4.3^10.5.1zod^4.1.13^4.3.6esbuild^0.27.1^0.27.4jest^30.2.0^30.3.0cypress^15.7.1^15.12.0fastmcp>=2.0.0>=2.10.0,<3.0.0mcp(new)>=1.26.0,<2.0.0@modelcontextprotocol/sdk(new)~1.27.1Removed:
aws-sdk(v2),@types/redux-persist,@types/uuid,@vitest/coverage-istanbulMCP Server Deployer
python:3.13-slim-bookworm(needed formcp-proxypip install); HTTP/SSE servers default tonode:24-slimOther
.gitignore: Addeddocs/to ignore generated documentation outputtest/cdk/mocks/MockApp.ts: Updated to passbucketAccessLogsBucketin mock propstest/lambda/test_response_builder.py: Updated assertion for correctedStrict-Transport-Securityheadertest/lambda/test_syntax_validator.py: Updated for new stub finder behaviorTesting
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.