cdk and python instructions

anthony-nhs · anthony-nhs · commit 785478d04f4c · 2025-10-31T15:52:32.000Z
diff --git a/.github/chatmodes/create_instructions.chatmode.md b/.github/chatmodes/create_instructions.chatmode.md
@@ -0,0 +1,21 @@
+---
+description: 'Create instructions file'
+tools: []
+---
+You are an AI agent being used to create instruction files for GitHub Copilot. Your task is to generate a comprehensive set of guidelines for creating effective and maintainable instruction files that guide Copilot in generating domain-specific code and following project conventions.
+The instruction file you are creating should be a generic file that can be applied to a wide range of Python projects.
+
+You MUST use the file .github/instructions/instructions.instructions.md as a reference for the structure and content of the instructions you generate.
+
+You can include examples from this project in files you create, but you should not include links to files, as the generated files should be self-contained.
+
+You should make the instructions as generic as possible so they can be applied to a wide range of projects and domains.
+Things you should include are:
+- logging best practices
+- error handling best practices
+- code organization and structure
+- naming conventions
+- formatting and style guidelines
+
+
+You should create a file at .github/instructions/python.instructions.md with the complete output of your work.
diff --git a/.github/instructions/languages/INSTRUCTIONS-CDK.md b/.github/instructions/languages/INSTRUCTIONS-CDK.md
@@ -1,132 +1,104 @@
-# Copilot Instructions (TypeScript AWS CDK for this repo)
 ---
-description: 'Brief description of the instruction purpose and scope'
-applyTo: 'packages/cdk/**'
+description: 'Guidelines for writing, reviewing, and maintaining AWS CDK (TypeScript) code in the cdk package'
+applyTo: 'packages/cdk/**/*.ts'
 ---
-## Purpose
-Guide generation of AWS CDK TypeScript code consistent with existing constructs, patterns, naming conventions, and compliance expectations in this repository.
-
-## Core Constructs (reuse over raw CDK)
-- Prefer custom constructs:
-  - LambdaFunction -> wraps NodejsFunction with logging, layers, policies ([constructs/LambdaFunction.ts](packages/cdk/constructs/LambdaFunction.ts)).
-  - RestApiGateway + LambdaEndpoint / StateMachineEndpoint for API resources ([constructs/RestApiGateway.ts](packages/cdk/constructs/RestApiGateway.ts), [constructs/RestApiGateway/LambdaEndpoint.ts](packages/cdk/constructs/RestApiGateway/LambdaEndpoint.ts)).
-  - ExpressStateMachine for Step Functions ([constructs/StateMachine.ts](packages/cdk/constructs/StateMachine.ts)).
-  - State machine definition ([resources/StateMachineDefinitions/ClinicalView.ts](packages/cdk/resources/StateMachineDefinitions/ClinicalView.ts)).
-- When adding a Lambda, use LambdaFunction; do NOT instantiate NodejsFunction directly unless enhancing the construct itself.
-
-## Naming & Environment
-- Lambda function names: `${stackName}-<ComponentName>` (see Functions.ts).
-- Expose new functions via Functions construct; add environment variables into `lambdaDefaultEnvironmentVariables` ([resources/Functions.ts](packages/cdk/resources/Functions.ts)).
-- Required env keys pattern: `LOG_LEVEL`, `NODE_OPTIONS="--enable-source-maps"`, `TargetSpineServer`, versioning (`VERSION_NUMBER`, `COMMIT_ID`), secrets layer (`AWS_LAMBDA_EXEC_WRAPPER="/opt/get-secrets-layer"`).
-- Use `Fn.importValue` for cross-stack references (KMS keys, policies, secrets).
-- Context keys consumed externally: `accountId`, `stackName`, `versionNumber`, `commitId`, `logRetentionInDays` (set via deployment script).
-
-## Lambda Defaults
-Replicate defaults from getDefaultLambdaOptions:
-- runtime: `Runtime.NODEJS_22_X`
-- memorySize: 256
-- timeout: 50s
-- architecture: `X86_64`
-- handler: "handler"
-- bundling: `target: es2022`, `minify: true`, `sourceMap: true`, `tsconfig` points to package's tsconfig
-
-## Logging & Retention
-- Pass `logRetentionInDays` into constructs; never hard-code retention.
-- Log groups encrypted via imported KMS key; maintain existing pattern.
-- When adding subscription filters or streams, follow pattern used in LambdaFunction (Kinesis Stream, subscription roles).
-
-## Policies & Security
-- Attach least-privilege managed policies; reuse imported managed policies.
-- Suppress cdk-nag rules only via helper in nagSuppressions.ts; do not inline suppressions.
-- Avoid wildcard resource ARNs unless justified; document justification consistent with existing reasoning style.
-
-## API Resources
-- For new API route:
-  1. Create LambdaFunction in Functions.ts.
-  2. Use LambdaEndpoint under RestApiGateway with `resourceName` matching path segment.
-  3. Attach execution policy via `restApiGatewayRole.addManagedPolicy(lambda.executionPolicy)` (see LambdaEndpoint construct).
-
-## Step Functions
-- Compose definitions using existing patterns: Pass, Choice, TaskInput, Function.fromFunctionArn for imported lambdas.
-- Return a chainable definition assigned to `this.definition`.
-
-## Layers & Secrets
-- Always include secrets layer and Insights layer (see LambdaFunction: insightsLayerArn + getSecretLayer).
-- Do not create additional layers unless absolutely needed; if needed, follow same RemovalPolicy and packaging style.
-
-## Removal Policies
-- Log groups: `RemovalPolicy.RETAIN`.
-- Layers: `RemovalPolicy.RETAIN`.
-- Keep consistent to avoid accidental data loss.
-
-## Code Style
-- Two-space indentation.
-- Interfaces named `<Name>Props`.
-- Public construct properties explicitly declared (`public readonly`).
-- Avoid default exports.
-- Use trailing commas only where existing codebase does (mostly arrays/objects in multiline).
-- Enforce explicit access modifiers.
-
-## Import Ordering
-1. aws-cdk-lib modules (grouped).
-2. Third-party constructs.
-3. Local relative imports.
-4. Then interfaces & exports.
-
-## Error Handling
-- Do not add try/catch in constructs unless wrapping unsafe dynamic operations; rely on CDK synthesis errors.
-
-## Adding New Functionality Example (Lambda + Endpoint)
-Generate code that:
-- Adds a new LambdaFunction in Functions.ts with proper env reuse.
-- Adds endpoint in Apis.ts using LambdaEndpoint.
-
-## What to Avoid
-- Direct instantiation of CloudWatch LogGroups outside constructs unless extending logging pattern.
-- Hard-coded ARNs instead of `Fn.importValue`.
-- Inconsistent environment variable casing.
-- Adding inline IAM policies directly to Roles when a ManagedPolicy pattern exists.
-
-## Testing Expectations
-- Any new construct should be testable via snapshot or fine-grained assertions (not provided here—keep design modular).
-
-## Performance & Bundling
-- Keep bundle size small: rely on minification and es2022 target.
-- Do not disable source maps (used for debugging with NODE_OPTIONS).
-
-## cdk-nag
-- If new resources trigger nag findings needing suppression, add them to existing grouped calls in nagSuppressions.ts using helper functions; supply reason matching style.
-
-## Deployment Flow
-- Remember deployment scripts set context keys: do not rely on undefined fallbacks; ensure constructs read from props rather than process.env (process.env used only inside Lambda runtime code).
-
-## Style Snippet Template (for new construct)
-```ts
-export interface MyFeatureProps {
-  readonly stackName: string
-  readonly logRetentionInDays: number
-  // additional props...
+
+# AWS CDK TypeScript Development
+
+This file provides instructions for generating, reviewing, and maintaining AWS CDK code in the `packages/cdk` folder. It covers best practices, code standards, architecture, and validation for infrastructure-as-code using AWS CDK in TypeScript.
+
+## General Instructions
+
+- Use AWS CDK v2 constructs and idioms
+- Prefer high-level CDK constructs over raw CloudFormation resources
+- Organize code by logical infrastructure components (e.g., stacks, constructs, resources)
+- Document public APIs and exported constructs
+
+## Best Practices
+
+- Use environment variables and context for configuration, not hardcoded values
+- Use CDK Aspects for cross-cutting concerns (e.g., security, tagging)
+- Suppress warnings with `nagSuppressions.ts` only when justified and documented
+- Use `bin/` for entrypoint apps, `constructs/` for reusable components, and `stacks/` for stack definitions
+- Prefer `props` interfaces for construct configuration
+
+## Code Standards
+
+### Naming Conventions
+
+- Classes: PascalCase (e.g., `LambdaFunction`)
+- Files: PascalCase for classes, kebab-case for utility files
+- Variables: camelCase
+- Stacks: Suffix with `Stack` (e.g., `CptsApiAppStack`)
+- Entry points: Suffix with `App` (e.g., `CptsApiApp.ts`)
+
+### File Organization
+
+- `bin/`: CDK app entry points
+- `constructs/`: Custom CDK constructs
+- `stacks/`: Stack definitions
+- `resources/`: Resource configuration and constants
+- `lib/`: Shared utilities and code
+
+## Common Patterns
+
+### Good Example - Defining a Construct
+
+```typescript
+export class LambdaFunction extends Construct {
+  constructor(scope: Construct, id: string, props: LambdaFunctionProps) {
+    super(scope, id);
+    // ...implementation...
+  }
 }
+```
+
+### Bad Example - Using Raw CloudFormation
+
+```typescript
+const lambda = new cdk.CfnResource(this, 'Lambda', {
+  type: 'AWS::Lambda::Function',
+  // ...properties...
+});
+```
 
-export class MyFeature extends Construct {
-  public readonly lambda: LambdaFunction
-  public constructor(scope: Construct, id: string, props: MyFeatureProps) {
-    super(scope, id)
-    this.lambda = new LambdaFunction(this, "MyFeatureLambda", {
-      stackName: props.stackName,
-      functionName: `${props.stackName}-MyFeature`,
-      packageBasePath: "packages/myFeature",
-      entryPoint: "src/handler.ts",
-      environmentVariables: {/* extend from shared defaults */},
-      logRetentionInDays: props.logRetentionInDays,
-      logLevel: "INFO"
-    })
+### Good Example - Stack Definition
+
+```typescript
+export class CptsApiAppStack extends Stack {
+  constructor(scope: Construct, id: string, props?: StackProps) {
+    super(scope, id, props);
+    // ...add constructs...
   }
 }
 ```
 
-## Consistency
-Generate code that composes existing constructs, avoids duplication, and maintains naming / environment conventions.
+## Security
+
+- Use least privilege IAM policies for all resources
+- Avoid wildcard permissions in IAM statements
+- Store secrets in AWS Secrets Manager, not in code or environment variables
+- Enable encryption for all data storage resources
+
+## Performance
+
+- Use provisioned concurrency for Lambda functions when needed
+- Prefer VPC endpoints for private connectivity
+- Minimize resource creation in test environments
+
+
+## Validation and Verification
+
+- Build: `make cdk-synth`
+- Lint: `npm run lint --workspace packges/cdk`
+
+## Maintenance
+
+- Update dependencies regularly
+- Remove deprecated constructs and suppressions
+- Document changes in `nagSuppressions.ts` with reasons
+
+## Additional Resources
 
-## If Unsure
-Prefer referencing or extending an existing construct rather than creating raw CDK resources.
+- [AWS CDK Documentation](https://docs.aws.amazon.com/cdk/latest/guide/home.html)
+- [CDK Best Practices](https://github.com/aws-samples/aws-cdk-best-practices)
diff --git a/.github/instructions/languages/INSTRUCTIONS-PYTHON.md b/.github/instructions/languages/INSTRUCTIONS-PYTHON.md
