aws
diff --git a/‎.autover/changes/09045e59-ab51-459e-b450-43fcb082d084.json‎
Lines changed: 11 additions & 0 deletions b/‎.autover/changes/09045e59-ab51-459e-b450-43fcb082d084.json‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎Libraries/src/Amazon.Lambda.Annotations.SourceGenerator/Amazon.Lambda.Annotations.SourceGenerator.csproj‎
Lines changed: 5 additions & 0 deletions b/‎Libraries/src/Amazon.Lambda.Annotations.SourceGenerator/Amazon.Lambda.Annotations.SourceGenerator.csproj‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎Libraries/src/Amazon.Lambda.Annotations.SourceGenerator/Diagnostics/AnalyzerReleases.Unshipped.md‎
Lines changed: 14 additions & 0 deletions b/‎Libraries/src/Amazon.Lambda.Annotations.SourceGenerator/Diagnostics/AnalyzerReleases.Unshipped.md‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎Libraries/src/Amazon.Lambda.Annotations.SourceGenerator/Diagnostics/DiagnosticDescriptors.cs‎
Lines changed: 73 additions & 0 deletions b/‎Libraries/src/Amazon.Lambda.Annotations.SourceGenerator/Diagnostics/DiagnosticDescriptors.cs‎
Lines changed: 73 additions & 0 deletions
@@ -0,0 +1,11 @@
+{
+  "Projects": [
+    {
+      "Name": "Amazon.Lambda.Annotations",
+      "Type": "Minor",
+      "ChangelogMessages": [
+        "Developers can now define Lambda Authorizers and protect API endpoints entirely through C# attributes, eliminating the need for manual CloudFormation configuration."
+      ]
+    }
+  ]
+}
@@ -63,6 +63,11 @@
     <ItemGroup>
       <TargetPathWithTargetPlatformMoniker Include="$(PKGNewtonsoft_Json)\lib\netstandard2.0\Newtonsoft.Json.dll" IncludeRuntimeDependency="false" />
       <TargetPathWithTargetPlatformMoniker Include="$(PKGYamlDotNet)\lib\netstandard2.0\YamlDotNet.dll" IncludeRuntimeDependency="false" />
+      <!-- The source generator loads Amazon.Lambda.Annotations at runtime to inspect attribute types.
+           Without this, the generator fails with FileNotFoundException in Release builds (CS8785).
+           Use absolute path via $(MSBuildProjectDirectory) so the path resolves correctly when
+           propagated to consuming projects through the project reference chain. -->
+      <TargetPathWithTargetPlatformMoniker Include="$(MSBuildProjectDirectory)\$(OutputPath)Amazon.Lambda.Annotations.dll" IncludeRuntimeDependency="false" />
     </ItemGroup>
   </Target>
 
 
@@ -1,2 +1,16 @@
 ; Unshipped analyzer release
 ; https://github.com/dotnet/roslyn-analyzers/blob/master/src/Microsoft.CodeAnalysis.Analyzers/ReleaseTrackingAnalyzers.Help.md
+
+### New Rules
+
+Rule ID | Category | Severity | Notes
+--------|----------|----------|-------
+AWSLambda0120 | AWSLambdaCSharpGenerator | Error | Authorizer Name Required
+AWSLambda0121 | AWSLambdaCSharpGenerator | Error | HTTP API Authorizer Not Found
+AWSLambda0122 | AWSLambdaCSharpGenerator | Error | REST API Authorizer Not Found
+AWSLambda0123 | AWSLambdaCSharpGenerator | Error | Authorizer Type Mismatch
+AWSLambda0124 | AWSLambdaCSharpGenerator | Error | Authorizer Type Mismatch
+AWSLambda0125 | AWSLambdaCSharpGenerator | Error | Duplicate Authorizer Name
+AWSLambda0127 | AWSLambdaCSharpGenerator | Error | Invalid Result TTL
+AWSLambda0128 | AWSLambdaCSharpGenerator | Error | Authorizer Payload Version Mismatch
+AWSLambda0129 | AWSLambdaCSharpGenerator | Error | Missing LambdaFunction Attribute
@@ -153,5 +153,78 @@ public static class DiagnosticDescriptors
             category: "AWSLambdaCSharpGenerator",
             DiagnosticSeverity.Error,
             isEnabledByDefault: true);
+
+        // Authorizer diagnostics (ALA0019-ALA0027 per design document)
+        public static readonly DiagnosticDescriptor AuthorizerMissingName = new DiagnosticDescriptor(
+            id: "AWSLambda0120",
+            title: "Authorizer Name Required",
+            messageFormat: "The Name property is required on [{0}] attribute",
+            category: "AWSLambdaCSharpGenerator",
+            DiagnosticSeverity.Error,
+            isEnabledByDefault: true);
+
+        public static readonly DiagnosticDescriptor HttpApiAuthorizerNotFound = new DiagnosticDescriptor(
+            id: "AWSLambda0121",
+            title: "HTTP API Authorizer Not Found",
+            messageFormat: "Authorizer '{0}' referenced in [HttpApi] attribute does not exist. Add [HttpApiAuthorizer] to an authorizer Lambda function method named '{0}', or reference it using nameof().",
+            category: "AWSLambdaCSharpGenerator",
+            DiagnosticSeverity.Error,
+            isEnabledByDefault: true);
+
+        public static readonly DiagnosticDescriptor RestApiAuthorizerNotFound = new DiagnosticDescriptor(
+            id: "AWSLambda0122",
+            title: "REST API Authorizer Not Found",
+            messageFormat: "Authorizer '{0}' referenced in [RestApi] attribute does not exist. Add [RestApiAuthorizer] to an authorizer Lambda function method named '{0}', or reference it using nameof().",
+            category: "AWSLambdaCSharpGenerator",
+            DiagnosticSeverity.Error,
+            isEnabledByDefault: true);
+
+        public static readonly DiagnosticDescriptor HttpApiAuthorizerTypeMismatch = new DiagnosticDescriptor(
+            id: "AWSLambda0123",
+            title: "Authorizer Type Mismatch",
+            messageFormat: "Cannot use REST API authorizer '{0}' with [HttpApi] attribute. Use an [HttpApiAuthorizer] instead.",
+            category: "AWSLambdaCSharpGenerator",
+            DiagnosticSeverity.Error,
+            isEnabledByDefault: true);
+
+        public static readonly DiagnosticDescriptor RestApiAuthorizerTypeMismatch = new DiagnosticDescriptor(
+            id: "AWSLambda0124",
+            title: "Authorizer Type Mismatch",
+            messageFormat: "Cannot use HTTP API authorizer '{0}' with [RestApi] attribute. Use a [RestApiAuthorizer] instead.",
+            category: "AWSLambdaCSharpGenerator",
+            DiagnosticSeverity.Error,
+            isEnabledByDefault: true);
+
+        public static readonly DiagnosticDescriptor DuplicateAuthorizerName = new DiagnosticDescriptor(
+            id: "AWSLambda0125",
+            title: "Duplicate Authorizer Name",
+            messageFormat: "Duplicate authorizer name '{0}'. Authorizer names must be unique within the same API type.",
+            category: "AWSLambdaCSharpGenerator",
+            DiagnosticSeverity.Error,
+            isEnabledByDefault: true);
+
+        public static readonly DiagnosticDescriptor InvalidAuthorizerResultTtl = new DiagnosticDescriptor(
+            id: "AWSLambda0127",
+            title: "Invalid Result TTL",
+            messageFormat: "Invalid ResultTtlInSeconds '{0}'. Must be between 0 and 3600.",
+            category: "AWSLambdaCSharpGenerator",
+            DiagnosticSeverity.Error,
+            isEnabledByDefault: true);
+
+        public static readonly DiagnosticDescriptor AuthorizerPayloadVersionMismatch = new DiagnosticDescriptor(
+            id: "AWSLambda0128",
+            title: "Authorizer Payload Version Mismatch",
+            messageFormat: "The authorizer '{0}' uses AuthorizerPayloadFormatVersion {1} but the endpoint uses HttpApiVersion {2}. This may cause unexpected behavior.",
+            category: "AWSLambdaCSharpGenerator",
+            DiagnosticSeverity.Warning,
+            isEnabledByDefault: true);
+
+        public static readonly DiagnosticDescriptor MissingLambdaFunctionAttribute = new DiagnosticDescriptor(
+            id: "AWSLambda0129",
+            title: "Missing LambdaFunction Attribute",
+            messageFormat: "Method has [{0}] attribute but is missing the required [LambdaFunction] attribute. Add [LambdaFunction] to this method.",
+            category: "AWSLambdaCSharpGenerator",
+            DiagnosticSeverity.Error,
+            isEnabledByDefault: true);
     }
 }