Enterprise-CMCS · dustbuster · Nov 25, 2025 · Nov 26, 2025 · Nov 28, 2025 · Dec 1, 2025
diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml
@@ -1,5 +1,3 @@
-version: "3.8"
-
 services:
   app:
     build:

diff --git a/.devcontainer/localstack/setup/setup_s3.sh b/.devcontainer/localstack/setup/setup_s3.sh
@@ -29,7 +29,7 @@ CORS_CONFIG='{
   ]
 }'
 
-BUCKETS=("upload-bucket" "clean-bucket" "deleted-bucket" "infected-bucket")
+BUCKETS=("upload-bucket" "clean-bucket" "deleted-bucket" "infected-bucket" "uipath-documents")
 
 # Delete all existing buckets first
 echo "🗑️  Removing existing buckets..."
@@ -164,6 +164,7 @@ echo "   - upload-bucket: EventBridge → transforms to GuardDuty ($SCAN_RESULT_
 echo "   - infected-bucket: Manual expiration simulation → infected-file-expiration-queue → deleteinfectedfile Lambda"
 echo "   - clean-bucket: Storage for clean files"
 echo "   - deleted-bucket: Storage for deleted files"
+echo "   - uipath-documents: Storage for UiPath document understanding flows"
 echo ""
 echo "💡 To simulate lifecycle expiration in LocalStack:"
 echo "   .devcontainer/localstack/debug/delete-infected-file.sh <object-key>"
diff --git a/.devcontainer/localstack/setup/setup_secrets_manager.sh b/.devcontainer/localstack/setup/setup_secrets_manager.sh
@@ -8,6 +8,9 @@ AWS_REGION="us-east-1"
 AWS_CMD="aws --endpoint-url=$LOCALSTACK_ENDPOINT --region $AWS_REGION"
 
 DB_PASSWORD="postgres" # pragma: allowlist secret
+UIPATH_SECRET_ID=${UIPATH_SECRET_ID:-"uipath-credentials"}
+UIPATH_CLIENT_ID=${UIPATH_CLIENT_ID:-"local-uipath-client-id"}
+UIPATH_CLIENT_SECRET=${UIPATH_CLIENT_SECRET:-"local-uipath-client-secret"} # pragma: allowlist secret
 
 # Delete existing secret
 $AWS_CMD secretsmanager delete-secret \
@@ -23,7 +26,21 @@ $AWS_CMD secretsmanager create-secret \
         \"password\": \"$DB_PASSWORD\",
         \"host\": \"db\",
         \"port\": \"5432\",
-        \"dbname\": \"demos\"
+        \"dbname\": \"demos\",
+    }" >/dev/null
+
+# Delete existing UiPath secret
+$AWS_CMD secretsmanager delete-secret \
+    --secret-id "$UIPATH_SECRET_ID" \
+    --force-delete-without-recovery 2>/dev/null || true
+
+# Create UiPath client credential secret for local development
+$AWS_CMD secretsmanager create-secret \
+    --name "$UIPATH_SECRET_ID" \
+    --description "UiPath client credentials for local development" \
+    --secret-string "{
+        \"clientId\": \"$UIPATH_CLIENT_ID\",
+        \"clientSecret\": \"$UIPATH_CLIENT_SECRET\"
     }" >/dev/null
 
 echo "✅ Secrets Manager ready"
diff --git a/.devcontainer/localstack/setup/setup_sqs_queue.sh b/.devcontainer/localstack/setup/setup_sqs_queue.sh
@@ -96,5 +96,36 @@ echo "   Queue ARN: $INFECTED_QUEUE_ARN"
 echo "   DLQ ARN: $INFECTED_DLQ_ARN"
 echo "   Note: Messages sent manually via delete-infected-file.sh script"
 
+# ============================================================================
+# UiPath Queue (for document understanding pipeline)
+# ============================================================================
+echo "Creating UiPath queue..."
+
+UIPATH_DLQ_URL=$($AWS_CMD sqs create-queue \
+    --queue-name uipath-dlq \
+    --attributes '{"MessageRetentionPeriod":"1209600"}' \
+    --output text --query 'QueueUrl')
+
+UIPATH_DLQ_ARN=$($AWS_CMD sqs get-queue-attributes \
+    --queue-url $UIPATH_DLQ_URL \
+    --attribute-names QueueArn \
+    --output text --query 'Attributes.QueueArn')
+
+UIPATH_REDRIVE_POLICY="{\"deadLetterTargetArn\":\"$UIPATH_DLQ_ARN\",\"maxReceiveCount\":\"5\"}"
+
+UIPATH_QUEUE_URL=$($AWS_CMD sqs create-queue \
+    --queue-name uipath-queue \
+    --attributes "{\"RedrivePolicy\":\"$(echo $UIPATH_REDRIVE_POLICY | sed 's/"/\\"/g')\",\"MessageRetentionPeriod\":\"1209600\"}" \
+    --output text --query 'QueueUrl')
+
+UIPATH_QUEUE_ARN=$($AWS_CMD sqs get-queue-attributes \
+    --queue-url $UIPATH_QUEUE_URL \
+    --attribute-names QueueArn \
+    --output text --query 'Attributes.QueueArn')
+
+echo "✅ UiPath queue created"
+echo "   Queue ARN: $UIPATH_QUEUE_ARN"
+echo "   DLQ ARN: $UIPATH_DLQ_ARN"
+
 echo ""
 echo "✅ All SQS queues setup complete"
diff --git a/.devcontainer/localstack/setup/setup_uipath_lambda.sh b/.devcontainer/localstack/setup/setup_uipath_lambda.sh
@@ -0,0 +1,122 @@
+#!/usr/bin/bash
+set -e
+
+echo "🚀 Deploying UiPath Lambda function..."
+
+LOCALSTACK_ENDPOINT="http://localstack:4566"
+
+AWS_REGION="us-east-1"
+AWS_CMD="aws --endpoint-url=$LOCALSTACK_ENDPOINT --region $AWS_REGION"
+
+QUEUE_NAME="uipath-queue"
+LAMBDA_NAME="uipath"
+
+UIPATH_SECRET_ID=${UIPATH_SECRET_ID:-"uipath-credentials"}
+UIPATH_PROJECT_ID=${UIPATH_PROJECT_ID:-"00000000-0000-0000-0000-000000000000"} # pragma: allowlist secret
+
+UIPATH_EXTRACTOR_GUID=${UIPATH_EXTRACTOR_GUID:-""}
+UIPATH_CLIENT_ID=${UIPATH_CLIENT_ID:-""}
+UIPATH_DOCUMENT_BUCKET=${UIPATH_DOCUMENT_BUCKET:-"uipath-documents"}
+DATABASE_SECRET_ARN=${DATABASE_SECRET_ARN:-"database-secret"}
+UIPATH_QUESTIONS_QUERY=${UIPATH_QUESTIONS_QUERY:-"select question->>'id' as id, question->>'question' as question, question->>'fieldType' as field_type, (question->>'multiValued')::boolean as multi_valued from document_understanding_questions"}
+LOG_LEVEL=${LOG_LEVEL:-"info"}
+
+# Build Lambda package
+cd /workspaces/demos/lambdas/UIPath
+
+npm ci --silent
+npx esbuild index.ts \
+  --bundle \
+  --platform=node \
+  --target=node18 \
+  --format=esm \
+  --sourcemap \
+  --external:@aws-sdk/* \
+  --external:pg \
+  --external:pino \
+  --external:axios \
+  --external:form-data \
+  --external:axios-oauth-client \
+  --external:dotenv \
+  --outfile=index.js
+
+zip -qr uipath.zip index.js node_modules/ package.json package-lock.json ak-behavioral-health-demo-pa.pdf
+
+# Clean up build artifacts
+rm index.js index.js.map
+
+cd - > /dev/null
+
+# Delete existing Lambda if exists
+$AWS_CMD lambda delete-function --function-name $LAMBDA_NAME 2>/dev/null || true
+
+# Create Lambda function
+$AWS_CMD lambda create-function \
+    --function-name $LAMBDA_NAME \
+    --runtime nodejs18.x \
+    --role arn:aws:iam::000000000000:role/lambda-execution-role \
+    --handler index.handler \
+    --zip-file fileb:///workspaces/demos/lambdas/UIPath/uipath.zip \
+    --timeout 900 \
+    --environment "Variables={
+        AWS_REGION=$AWS_REGION,
+        AWS_ENDPOINT_URL=$LOCALSTACK_ENDPOINT,
+        UIPATH_SECRET_ID=$UIPATH_SECRET_ID,
+        UIPATH_CLIENT_ID=$UIPATH_CLIENT_ID,
+        UIPATH_PROJECT_ID=$UIPATH_PROJECT_ID,
+        UIPATH_EXTRACTOR_GUID=$UIPATH_EXTRACTOR_GUID,
+        UIPATH_DOCUMENT_BUCKET=$UIPATH_DOCUMENT_BUCKET,
+        DATABASE_SECRET_ARN=$DATABASE_SECRET_ARN,
+        UIPATH_QUESTIONS_QUERY=$UIPATH_QUESTIONS_QUERY,
+        LOG_LEVEL=$LOG_LEVEL
+    }" >/dev/null
+
+# Wait for Lambda to be active
+echo "⏳ Waiting for UiPath Lambda to be active..."
+for i in {1..15}; do
+    STATUS=$($AWS_CMD lambda get-function \
+        --function-name $LAMBDA_NAME \
+        --query 'Configuration.State' \
+        --output text 2>/dev/null || echo "Pending")
+
+    if [ "$STATUS" = "Active" ]; then
+        echo "✅ UiPath Lambda function created"
+        break
+    elif [ "$STATUS" = "Failed" ]; then
+        echo "❌ UiPath Lambda function failed to initialize in 30 seconds"
+        exit 1
+    fi
+    sleep 2
+done
+
+# Get queue ARN
+QUEUE_URL=$($AWS_CMD sqs get-queue-url --queue-name $QUEUE_NAME --output text --query 'QueueUrl')
+QUEUE_ARN=$($AWS_CMD sqs get-queue-attributes \
+    --queue-url $QUEUE_URL \
+    --attribute-names QueueArn \
+    --output text --query 'Attributes.QueueArn')
+
+echo "📬 Connecting UiPath Lambda to UiPath SQS queue..."
+
+# Delete existing event source mappings
+EXISTING_MAPPINGS=$($AWS_CMD lambda list-event-source-mappings \
+    --function-name $LAMBDA_NAME \
+    --query 'EventSourceMappings[].UUID' \
+    --output text 2>/dev/null || echo "")
+
+if [ -n "$EXISTING_MAPPINGS" ]; then
+    for UUID in $EXISTING_MAPPINGS; do
+        $AWS_CMD lambda delete-event-source-mapping --uuid $UUID >/dev/null 2>&1 || true
+    done
+fi
+
+# Create event source mapping (SQS -> Lambda)
+$AWS_CMD lambda create-event-source-mapping \
+    --function-name $LAMBDA_NAME \
+    --event-source-arn $QUEUE_ARN \
+    --batch-size 1 \
+    --enabled \
+    > /dev/null
+
+echo "✅ UiPath Lambda connected to UiPath SQS queue"
+echo "   Queue ARN: $QUEUE_ARN"
diff --git a/.devcontainer/localstack/setup_localstack.sh b/.devcontainer/localstack/setup_localstack.sh
@@ -41,17 +41,21 @@ echo "4️⃣ Setting up fileprocess Lambda..."
 bash /workspaces/demos/.devcontainer/localstack/setup/setup_fileprocess_lambda.sh
 
 echo ""
-echo "5️⃣ Setting up deleteinfectedfile Lambda..."
+echo "5️⃣ Setting up UiPath Lambda..."
+bash /workspaces/demos/.devcontainer/localstack/setup/setup_uipath_lambda.sh
+
+echo ""
+echo "6️⃣ Setting up deleteinfectedfile Lambda..."
 bash /workspaces/demos/.devcontainer/localstack/setup/setup_deleteinfectedfile_lambda.sh
 
 echo ""
 echo "✅ LocalStack setup complete!"
 echo ""
 echo "📋 Resources created:"
-echo "   - Secrets Manager: database credentials"
-echo "   - SQS Queues: fileupload-queue, fileprocess-queue, infected-file-expiration-queue (+ DLQs)"
+echo "   - Secrets Manager: database credentials, UiPath credentials"
+echo "   - SQS Queues: fileupload-queue, fileprocess-queue, infected-file-expiration-queue, uipath-queue (+ DLQs)"
 echo "   - S3 Buckets: upload-bucket, clean-bucket, infected-bucket, deleted-bucket"
-echo "   - Lambda Functions: fileprocess, deleteinfectedfile"
+echo "   - Lambda Functions: fileprocess, uipath, deleteinfectedfile"
 echo "   - EventBridge Rules: s3-upload-to-guardduty"
 echo ""
 echo "🧪 Test the setup:"

diff --git a/.gitignore b/.gitignore
@@ -3,6 +3,7 @@
 **/dist/**
 **/build/**
 **/node_modules/**
+**/tmp/**
 
 cdk.out/
 cdk.context.json