@action-llama/action-llama 0.10.1 → 0.11.0

package/dist/cli/with-command.js

@@ -0,0 +1,45 @@
+import { ConfigError, CredentialError, CloudProviderError, AgentError } from "../shared/errors.js";
+/**
+ * Wraps a CLI command handler with consistent error handling.
+ *
+ * - Catches errors and prints context-aware messages
+ * - Shows recovery hints for known error types
+ * - Shows stack traces when DEBUG is set
+ * - Calls process.exit(1) on failure
+ *
+ * This replaces the ad-hoc try/catch + process.exit(1) pattern
+ * that was duplicated across every command.
+ */
+export function withCommand(fn) {
+    return (async (...args) => {
+        try {
+            await fn(...args);
+        }
+        catch (err) {
+            if (err instanceof CredentialError) {
+                console.error(`Credential error: ${err.message}`);
+            }
+            else if (err instanceof ConfigError) {
+                console.error(`Configuration error: ${err.message}`);
+            }
+            else if (err instanceof CloudProviderError) {
+                console.error(`Cloud error: ${err.message}`);
+            }
+            else if (err instanceof AgentError) {
+                console.error(`Agent error: ${err.message}`);
+            }
+            else {
+                const msg = err instanceof Error ? err.message : String(err);
+                console.error(`Error: ${msg}`);
+                if (err instanceof Error && err.cause) {
+                    console.error(`Cause: ${err.cause}`);
+                }
+            }
+            if (process.env.DEBUG && err instanceof Error) {
+                console.error(err.stack);
+            }
+            process.exit(1);
+        }
+    });
+}
+//# sourceMappingURL=with-command.js.map

package/dist/cli/with-command.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"with-command.js","sourceRoot":"","sources":["../../src/cli/with-command.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,kBAAkB,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEnG;;;;;;;;;;GAUG;AACH,MAAM,UAAU,WAAW,CAA8C,EAAK;IAC5E,OAAO,CAAC,KAAK,EAAE,GAAG,IAAW,EAAE,EAAE;QAC/B,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;QACpB,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,IAAI,GAAG,YAAY,eAAe,EAAE,CAAC;gBACnC,OAAO,CAAC,KAAK,CAAC,qBAAqB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACpD,CAAC;iBAAM,IAAI,GAAG,YAAY,WAAW,EAAE,CAAC;gBACtC,OAAO,CAAC,KAAK,CAAC,wBAAwB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACvD,CAAC;iBAAM,IAAI,GAAG,YAAY,kBAAkB,EAAE,CAAC;gBAC7C,OAAO,CAAC,KAAK,CAAC,gBAAgB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YAC/C,CAAC;iBAAM,IAAI,GAAG,YAAY,UAAU,EAAE,CAAC;gBACrC,OAAO,CAAC,KAAK,CAAC,gBAAgB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YAC/C,CAAC;iBAAM,CAAC;gBACN,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAC7D,OAAO,CAAC,KAAK,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC;gBAC/B,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;oBACtC,OAAO,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;gBACvC,CAAC;YACH,CAAC;YACD,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,GAAG,YAAY,KAAK,EAAE,CAAC;gBAC9C,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YAC3B,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAiB,CAAC;AACrB,CAAC"}

package/dist/{shared/aws-constants.d.ts → cloud/aws/constants.d.ts}

@@ -1,26 +1,13 @@
 /**
- * Centralized AWS resource naming constants.
+ * AWS-specific resource naming constants.
  *
- * Every AWS resource name that Action Llama creates or references
- * should be derived from this file to prevent inconsistencies.
+ * For provider-agnostic constants, see src/shared/constants.ts.
  */
 export declare const AWS_CONSTANTS: {
-    /** Default prefix for Secrets Manager secret names */
-    DEFAULT_SECRET_PREFIX: string;
     /** CloudWatch log group for ECS tasks */
     LOG_GROUP: string;
-    /** ECS `startedBy` tag for filtering our tasks */
-    STARTED_BY: string;
-    /** ECS task family / Cloud Run job name for an agent */
-    agentFamily: (agentName: string) => string;
-    /** Strip the `al-` prefix to recover the agent name */
-    agentNameFromFamily: (family: string) => string;
     /** Per-agent IAM task role name */
     taskRoleName: (agentName: string) => string;
-    /** Per-agent GCP service account name */
-    serviceAccountName: (agentName: string) => string;
-    /** Per-agent GCP service account email */
-    serviceAccountEmail: (agentName: string, gcpProject: string) => string;
     /** CodeBuild project name for image builds */
     CODEBUILD_PROJECT: string;
     /** CodeBuild IAM role name */
@@ -37,20 +24,6 @@ export declare const AWS_CONSTANTS: {
     buildBucket: (accountId: string, region: string) => string;
     /** S3 key prefix for build artifacts */
     BUILD_S3_PREFIX: string;
-    /** Docker container name for a local agent run */
-    containerName: (agentName: string, runId: string) => string;
-    /** Docker container name filter prefix */
-    CONTAINER_FILTER: string;
-    /** Docker network name */
-    NETWORK_NAME: string;
-    /** Default base Docker image */
-    DEFAULT_IMAGE: string;
-    /** Agent-specific Docker image tag */
-    agentImage: (agentName: string) => string;
-    /** Temp directory prefix for credential staging */
-    CREDS_TEMP_PREFIX: string;
-    /** Default GCP Cloud Run service account */
-    defaultGcpRunner: (gcpProject: string) => string;
     /** Lambda function name for an agent */
     lambdaFunction: (agentName: string) => string;
     /** Maximum timeout for Lambda functions (seconds) */
@@ -71,9 +44,5 @@ export declare const AWS_CONSTANTS: {
     APPRUNNER_ACCESS_ROLE: string;
     /** CloudWatch log group for App Runner */
     APPRUNNER_LOG_GROUP: string;
-    /** Scheduler Docker image tag */
-    SCHEDULER_IMAGE: string;
-    /** GCP Cloud Run service name for the cloud scheduler */
-    SCHEDULER_CLOUD_RUN_SERVICE: string;
 };
-//# sourceMappingURL=aws-constants.d.ts.map
+//# sourceMappingURL=constants.d.ts.map

package/dist/cloud/aws/constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../src/cloud/aws/constants.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,eAAO,MAAM,aAAa;IACxB,yCAAyC;;IAGzC,mCAAmC;8BACT,MAAM;IAEhC,8CAA8C;;IAG9C,8BAA8B;;IAG9B,wCAAwC;;IAGxC,iCAAiC;;IAGjC,kCAAkC;;IAGlC,+BAA+B;;IAG/B,0CAA0C;6BACjB,MAAM,UAAU,MAAM;IAE/C,wCAAwC;;IAGxC,wCAAwC;gCACZ,MAAM;IAElC,qDAAqD;;IAGrD,+CAA+C;;IAG/C,gDAAgD;;IAGhD,iCAAiC;;IAGjC,2CAA2C;gCACf,MAAM;IAElC,sDAAsD;;IAGtD,oCAAoC;;IAGpC,sCAAsC;;IAGtC,0CAA0C;;CAE8B,CAAC"}

package/dist/{shared/aws-constants.js → cloud/aws/constants.js}

@@ -1,26 +1,13 @@
 /**
- * Centralized AWS resource naming constants.
+ * AWS-specific resource naming constants.
  *
- * Every AWS resource name that Action Llama creates or references
- * should be derived from this file to prevent inconsistencies.
+ * For provider-agnostic constants, see src/shared/constants.ts.
  */
 export const AWS_CONSTANTS = {
-    /** Default prefix for Secrets Manager secret names */
-    DEFAULT_SECRET_PREFIX: "action-llama",
     /** CloudWatch log group for ECS tasks */
     LOG_GROUP: "/ecs/action-llama",
-    /** ECS `startedBy` tag for filtering our tasks */
-    STARTED_BY: "action-llama",
-    /** ECS task family / Cloud Run job name for an agent */
-    agentFamily: (agentName) => `al-${agentName}`,
-    /** Strip the `al-` prefix to recover the agent name */
-    agentNameFromFamily: (family) => family.startsWith("al-") ? family.slice(3) : family,
     /** Per-agent IAM task role name */
     taskRoleName: (agentName) => `al-${agentName}-task-role`,
-    /** Per-agent GCP service account name */
-    serviceAccountName: (agentName) => `al-${agentName}`,
-    /** Per-agent GCP service account email */
-    serviceAccountEmail: (agentName, gcpProject) => `al-${agentName}@${gcpProject}.iam.gserviceaccount.com`,
     /** CodeBuild project name for image builds */
     CODEBUILD_PROJECT: "al-image-builder",
     /** CodeBuild IAM role name */
@@ -37,20 +24,6 @@ export const AWS_CONSTANTS = {
     buildBucket: (accountId, region) => `al-builds-${accountId}-${region}`,
     /** S3 key prefix for build artifacts */
     BUILD_S3_PREFIX: "al-builds",
-    /** Docker container name for a local agent run */
-    containerName: (agentName, runId) => `al-${agentName}-${runId}`,
-    /** Docker container name filter prefix */
-    CONTAINER_FILTER: "al-",
-    /** Docker network name */
-    NETWORK_NAME: "al-net",
-    /** Default base Docker image */
-    DEFAULT_IMAGE: "al-agent:latest",
-    /** Agent-specific Docker image tag */
-    agentImage: (agentName) => `al-${agentName}:latest`,
-    /** Temp directory prefix for credential staging */
-    CREDS_TEMP_PREFIX: "al-creds-",
-    /** Default GCP Cloud Run service account */
-    defaultGcpRunner: (gcpProject) => `al-runner@${gcpProject}.iam.gserviceaccount.com`,
     /** Lambda function name for an agent */
     lambdaFunction: (agentName) => `al-${agentName}`,
     /** Maximum timeout for Lambda functions (seconds) */
@@ -71,9 +44,5 @@ export const AWS_CONSTANTS = {
     APPRUNNER_ACCESS_ROLE: "al-apprunner-access-role",
     /** CloudWatch log group for App Runner */
     APPRUNNER_LOG_GROUP: "/apprunner/al-scheduler",
-    /** Scheduler Docker image tag */
-    SCHEDULER_IMAGE: "al-scheduler:latest",
-    /** GCP Cloud Run service name for the cloud scheduler */
-    SCHEDULER_CLOUD_RUN_SERVICE: "al-scheduler",
 };
-//# sourceMappingURL=aws-constants.js.map
+//# sourceMappingURL=constants.js.map

package/dist/cloud/aws/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../src/cloud/aws/constants.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,yCAAyC;IACzC,SAAS,EAAE,mBAAmB;IAE9B,mCAAmC;IACnC,YAAY,EAAE,CAAC,SAAiB,EAAE,EAAE,CAAC,MAAM,SAAS,YAAY;IAEhE,8CAA8C;IAC9C,iBAAiB,EAAE,kBAAkB;IAErC,8BAA8B;IAC9B,cAAc,EAAE,mBAAmB;IAEnC,wCAAwC;IACxC,cAAc,EAAE,uBAAuB;IAEvC,iCAAiC;IACjC,iBAAiB,EAAE,sBAAsB;IAEzC,kCAAkC;IAClC,gBAAgB,EAAE,WAAW;IAE7B,+BAA+B;IAC/B,eAAe,EAAE,YAAY;IAE7B,0CAA0C;IAC1C,WAAW,EAAE,CAAC,SAAiB,EAAE,MAAc,EAAE,EAAE,CAAC,aAAa,SAAS,IAAI,MAAM,EAAE;IAEtF,wCAAwC;IACxC,eAAe,EAAE,WAAW;IAE5B,wCAAwC;IACxC,cAAc,EAAE,CAAC,SAAiB,EAAE,EAAE,CAAC,MAAM,SAAS,EAAE;IAExD,qDAAqD;IACrD,kBAAkB,EAAE,GAAG;IAEvB,+CAA+C;IAC/C,iBAAiB,EAAE,IAAI;IAEvB,gDAAgD;IAChD,gBAAgB,EAAE,aAAa;IAE/B,iCAAiC;IACjC,qBAAqB,EAAE,0BAA0B;IAEjD,2CAA2C;IAC3C,cAAc,EAAE,CAAC,SAAiB,EAAE,EAAE,CAAC,MAAM,SAAS,cAAc;IAEpE,sDAAsD;IACtD,iBAAiB,EAAE,cAAc;IAEjC,oCAAoC;IACpC,uBAAuB,EAAE,4BAA4B;IAErD,sCAAsC;IACtC,qBAAqB,EAAE,0BAA0B;IAEjD,0CAA0C;IAC1C,mBAAmB,EAAE,yBAAyB;CAC0B,CAAC"}

package/dist/cloud/{deploy-apprunner.d.ts → aws/deploy.d.ts}

@@ -4,10 +4,10 @@
  * Creates or updates an App Runner service that runs the scheduler as a
  * long-running container with an HTTPS endpoint for webhooks.
  */
-import type { CloudConfig } from "../shared/config.js";
+import type { EcsCloudConfig } from "../../shared/config.js";
 export interface AppRunnerDeployOpts {
     imageUri: string;
-    cloudConfig: CloudConfig;
+    cloudConfig: EcsCloudConfig;
     port?: number;
     envVars?: Record<string, string>;
 }
@@ -25,13 +25,13 @@ export declare function deployAppRunner(opts: AppRunnerDeployOpts): Promise<AppR
 /**
  * Get the current status of the scheduler App Runner service.
  */
-export declare function getAppRunnerStatus(cloudConfig: CloudConfig): Promise<AppRunnerServiceInfo | null>;
+export declare function getAppRunnerStatus(cloudConfig: EcsCloudConfig): Promise<AppRunnerServiceInfo | null>;
 /**
  * Fetch recent scheduler logs from CloudWatch.
  */
-export declare function getAppRunnerLogs(cloudConfig: CloudConfig, limit: number): Promise<string[]>;
+export declare function getAppRunnerLogs(cloudConfig: EcsCloudConfig, limit: number): Promise<string[]>;
 /**
  * Delete the scheduler App Runner service.
  */
-export declare function teardownAppRunner(cloudConfig: CloudConfig): Promise<void>;
-//# sourceMappingURL=deploy-apprunner.d.ts.map
+export declare function teardownAppRunner(cloudConfig: EcsCloudConfig): Promise<void>;
+//# sourceMappingURL=deploy.d.ts.map

package/dist/cloud/aws/deploy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"deploy.d.ts","sourceRoot":"","sources":["../../../src/cloud/aws/deploy.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAeH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAE7D,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,cAAc,CAAC;IAC5B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,IAAI,CAAC;IACjB,SAAS,CAAC,EAAE,IAAI,CAAC;CAClB;AAED;;GAEG;AACH,wBAAsB,eAAe,CAAC,IAAI,EAAE,mBAAmB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CA+F9F;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CAAC,WAAW,EAAE,cAAc,GAAG,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAG1G;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,WAAW,EAAE,cAAc,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CA8BpG;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,WAAW,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAclF"}

package/dist/cloud/{deploy-apprunner.js → aws/deploy.js}

@@ -6,7 +6,7 @@
  */
 import { AppRunnerClient, CreateServiceCommand, UpdateServiceCommand, DescribeServiceCommand, DeleteServiceCommand, ListServicesCommand, } from "@aws-sdk/client-apprunner";
 import { CloudWatchLogsClient, FilterLogEventsCommand, } from "@aws-sdk/client-cloudwatch-logs";
-import { AWS_CONSTANTS } from "../shared/aws-constants.js";
+import { AWS_CONSTANTS } from "./constants.js";
 /**
  * Deploy (create or update) the scheduler as an App Runner service.
  */
@@ -198,4 +198,4 @@ async function waitForService(client, serviceArn) {
 function sleep(ms) {
     return new Promise((r) => setTimeout(r, ms));
 }
-//# sourceMappingURL=deploy-apprunner.js.map
+//# sourceMappingURL=deploy.js.map

package/dist/cloud/aws/deploy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"deploy.js","sourceRoot":"","sources":["../../../src/cloud/aws/deploy.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,eAAe,EACf,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,oBAAoB,EACpB,mBAAmB,GACpB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACL,oBAAoB,EACpB,sBAAsB,GACvB,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAkB/C;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,IAAyB;IAC7D,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,IAAI,GAAG,IAAI,EAAE,OAAO,GAAG,EAAE,EAAE,GAAG,IAAI,CAAC;IAClE,MAAM,MAAM,GAAG,WAAW,CAAC,SAAU,CAAC;IACtC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IAE/C,MAAM,WAAW,GAAG,aAAa,CAAC,iBAAiB,CAAC;IACpD,MAAM,GAAG,GAAG,WAAW,CAAC,YAAY,IAAI,KAAK,CAAC,CAAM,YAAY;IAChE,MAAM,MAAM,GAAG,WAAW,CAAC,eAAe,IAAI,KAAK,CAAC,CAAC,SAAS;IAE9D,MAAM,eAAe,GAAG,WAAW,CAAC,wBAAwB,CAAC;IAC7D,MAAM,aAAa,GAAG,WAAW,CAAC,sBAAsB,CAAC;IAEzD,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CACb,sEAAsE;YACtE,0DAA0D,CAC3D,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAExD,MAAM,cAAc,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAEtG,IAAI,QAAQ,EAAE,CAAC;QACb,0BAA0B;QAC1B,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,oBAAoB,CAAC;YACrD,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,mBAAmB,EAAE;gBACnB,eAAe,EAAE;oBACf,eAAe,EAAE,QAAQ;oBACzB,mBAAmB,EAAE,KAAK;oBAC1B,kBAAkB,EAAE;wBAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC;wBAClB,2BAA2B,EAAE,MAAM,CAAC,WAAW,CAC7C,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAC3C;qBACF;iBACF;gBACD,2BAA2B,EAAE;oBAC3B,aAAa,EAAE,aAAa;iBAC7B;aACF;YACD,qBAAqB,EAAE;gBACrB,GAAG,EAAE,GAAG;gBACR,MAAM,EAAE,MAAM;gBACd,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACjE;YACD,wBAAwB,EAAE;gBACxB,QAAQ,EAAE,MAAM;gBAChB,IAAI,EAAE,SAAS;gBACf,QAAQ,EAAE,EAAE;gBACZ,OAAO,EAAE,CAAC;gBACV,gBAAgB,EAAE,CAAC;gBACnB,kBAAkB,EAAE,CAAC;aACtB;SACF,CAAC,CAAC,CAAC;QAEJ,OAAO,MAAM,cAAc,CAAC,MAAM,EAAE,GAAG,CAAC,OAAQ,CAAC,UAAW,CAAC,CAAC;IAChE,CAAC;IAED,qBAAqB;IACrB,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,oBAAoB,CAAC;QACrD,WAAW,EAAE,WAAW;QACxB,mBAAmB,EAAE;YACnB,eAAe,EAAE;gBACf,eAAe,EAAE,QAAQ;gBACzB,mBAAmB,EAAE,KAAK;gBAC1B,kBAAkB,EAAE;oBAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC;oBAClB,2BAA2B,EAAE,MAAM,CAAC,WAAW,CAC7C,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAC3C;iBACF;aACF;YACD,2BAA2B,EAAE;gBAC3B,aAAa,EAAE,aAAa;aAC7B;YACD,sBAAsB,EAAE,KAAK;SAC9B;QACD,qBAAqB,EAAE;YACrB,GAAG,EAAE,GAAG;YACR,MAAM,EAAE,MAAM;YACd,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACjE;QACD,wBAAwB,EAAE;YACxB,QAAQ,EAAE,MAAM;YAChB,IAAI,EAAE,SAAS;YACf,QAAQ,EAAE,EAAE;YACZ,OAAO,EAAE,CAAC;YACV,gBAAgB,EAAE,CAAC;YACnB,kBAAkB,EAAE,CAAC;SACtB;KACF,CAAC,CAAC,CAAC;IAEJ,OAAO,MAAM,cAAc,CAAC,MAAM,EAAE,GAAG,CAAC,OAAQ,CAAC,UAAW,CAAC,CAAC;AAChE,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,WAA2B;IAClE,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,EAAE,MAAM,EAAE,WAAW,CAAC,SAAU,EAAE,CAAC,CAAC;IACvE,OAAO,WAAW,CAAC,MAAM,EAAE,aAAa,CAAC,iBAAiB,CAAC,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,WAA2B,EAAE,KAAa;IAC/E,MAAM,UAAU,GAAG,IAAI,oBAAoB,CAAC,EAAE,MAAM,EAAE,WAAW,CAAC,SAAU,EAAE,CAAC,CAAC;IAChF,MAAM,QAAQ,GAAG,aAAa,CAAC,mBAAmB,CAAC;IAEnD,IAAI,CAAC;QACH,MAAM,SAAS,GAAa,EAAE,CAAC;QAC/B,IAAI,SAA6B,CAAC;QAElC,GAAG,CAAC;YACF,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,IAAI,sBAAsB,CAAC;gBAC3D,YAAY,EAAE,QAAQ;gBACtB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,QAAQ;gBACrC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACpC,CAAC,CAAC,CAAC;YAEJ,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;gBACjC,MAAM,GAAG,GAAG,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,CAAC;gBACjC,IAAI,GAAG;oBAAE,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC/B,CAAC;YAED,SAAS,GAAG,GAAG,CAAC,SAAS,CAAC;QAC5B,CAAC,QAAQ,SAAS,EAAE;QAEpB,OAAO,SAAS,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,IAAI,GAAG,CAAC,IAAI,KAAK,2BAA2B,EAAE,CAAC;YAC7C,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,WAA2B;IACjE,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,EAAE,MAAM,EAAE,WAAW,CAAC,SAAU,EAAE,CAAC,CAAC;IACvE,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,MAAM,EAAE,aAAa,CAAC,iBAAiB,CAAC,CAAC;IAE5E,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;QAChE,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,kCAAkC,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;IACrE,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,oBAAoB,CAAC;QACzC,UAAU,EAAE,QAAQ,CAAC,UAAU;KAChC,CAAC,CAAC,CAAC;IACJ,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;AACzD,CAAC;AAED,2BAA2B;AAE3B,KAAK,UAAU,WAAW,CAAC,MAAuB,EAAE,WAAmB;IACrE,IAAI,SAA6B,CAAC;IAElC,GAAG,CAAC;QACF,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,mBAAmB,CAAC;YACpD,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC/C,CAAC,CAAC,CAAC;QAEJ,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,kBAAkB,IAAI,EAAE,EAAE,CAAC;YAC/C,IAAI,GAAG,CAAC,WAAW,KAAK,WAAW,EAAE,CAAC;gBACpC,mBAAmB;gBACnB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,sBAAsB,CAAC;oBAC1D,UAAU,EAAE,GAAG,CAAC,UAAW;iBAC5B,CAAC,CAAC,CAAC;gBACJ,MAAM,CAAC,GAAG,MAAM,CAAC,OAAQ,CAAC;gBAC1B,OAAO;oBACL,UAAU,EAAE,CAAC,CAAC,UAAW;oBACzB,UAAU,EAAE,WAAW,CAAC,CAAC,UAAU,EAAE;oBACrC,MAAM,EAAE,CAAC,CAAC,MAAO;oBACjB,SAAS,EAAE,CAAC,CAAC,SAAS;oBACtB,SAAS,EAAE,CAAC,CAAC,SAAS;iBACvB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,SAAS,GAAG,GAAG,CAAC,SAAS,CAAC;IAC5B,CAAC,QAAQ,SAAS,EAAE;IAEpB,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,MAAuB,EAAE,UAAkB;IACvE,MAAM,OAAO,GAAG,EAAE,GAAG,MAAM,CAAC,CAAC,aAAa;IAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEzB,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,OAAO,EAAE,CAAC;QACpC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,sBAAsB,CAAC,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;QACtF,MAAM,CAAC,GAAG,GAAG,CAAC,OAAQ,CAAC;QACvB,MAAM,MAAM,GAAG,CAAC,CAAC,MAAO,CAAC;QAEzB,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,OAAO;gBACL,UAAU,EAAE,CAAC,CAAC,UAAW;gBACzB,UAAU,EAAE,WAAW,CAAC,CAAC,UAAU,EAAE;gBACrC,MAAM;gBACN,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,SAAS,EAAE,CAAC,CAAC,SAAS;aACvB,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,KAAK,eAAe,IAAI,MAAM,KAAK,eAAe,EAAE,CAAC;YAC7D,MAAM,IAAI,KAAK,CAAC,8BAA8B,MAAM,QAAQ,CAAC,CAAC;QAChE,CAAC;QAED,MAAM,KAAK,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;AAChF,CAAC;AAED,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;AAC/C,CAAC"}

package/dist/cloud/aws/iam.d.ts

@@ -0,0 +1,37 @@
+/**
+ * AWS IAM reconciliation for ECS cloud agents.
+ *
+ * Extracted from cli/commands/cloud-iam.ts into the cloud provider module.
+ * Handles per-agent IAM task roles, Lambda roles, and ECR policies.
+ */
+import { IAMClient } from "@aws-sdk/client-iam";
+import type { EcsCloudConfig } from "../../shared/config.js";
+/**
+ * Reconcile per-agent ECS task roles and Secrets Manager policies.
+ *
+ * Creates an IAM task role for each agent with a trust policy for
+ * ecs-tasks.amazonaws.com, then attaches an inline policy granting
+ * secretsmanager:GetSecretValue on each agent's declared credentials.
+ */
+export declare function reconcileAwsAgents(projectPath: string, cloud: EcsCloudConfig): Promise<void>;
+/**
+ * Grant iam:PassRole on the given role ARNs to the calling IAM user.
+ * Required so the CLI can assign roles to ECS tasks and Lambda functions.
+ */
+export declare function grantPassRole(awsRegion: string, iamClient: IAMClient, roleArns: string[], policyName: string): Promise<void>;
+/**
+ * Validate that per-agent ECS task roles exist and have correct trust policies.
+ */
+export declare function validateEcsRoles(projectPath: string, cloud: EcsCloudConfig): Promise<void>;
+/**
+ * Ensure the ECR repository policy grants Lambda pull access.
+ */
+export declare function ensureLambdaEcrPolicy(awsRegion: string, ecrRepoUri: string): Promise<void>;
+/**
+ * Reconcile per-agent Lambda execution roles for agents with short timeouts.
+ *
+ * Agents with timeout <= LAMBDA_MAX_TIMEOUT are automatically routed to Lambda.
+ * Each gets an IAM role with Secrets Manager, ECR, and CloudWatch Logs access.
+ */
+export declare function reconcileLambdaRoles(projectPath: string, cloud: EcsCloudConfig): Promise<void>;
+//# sourceMappingURL=iam.d.ts.map

package/dist/cloud/aws/iam.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"iam.d.ts","sourceRoot":"","sources":["../../../src/cloud/aws/iam.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EACL,SAAS,EAKV,MAAM,qBAAqB,CAAC;AAG7B,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAM7D;;;;;;GAMG;AACH,wBAAsB,kBAAkB,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAsKlG;AAID;;;GAGG;AACH,wBAAsB,aAAa,CACjC,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,SAAS,EACpB,QAAQ,EAAE,MAAM,EAAE,EAClB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,IAAI,CAAC,CA6Cf;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CA8EhG;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CA2BhG;AAED;;;;;GAKG;AACH,wBAAsB,oBAAoB,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CA2HpG"}