@awsesh/core 1.0.0-beta.202601241323 → 1.0.0-beta.202601241355

package/index.d.ts

@@ -3,7 +3,7 @@ export { AWSClient } from "./client";
 export { Credentials } from "./credentials";
 export { Sessions } from "./sessions";
 export { Storage } from "./storage";
-import type { AwseshOptions, SSOSession, SSOLoginInfo, TokenCache, AccountCache, RoleCredentials, LastSelected, LastSelectedPerSession, ActiveCredential, LastSetCredential } from "./types";
+import type { AwseshOptions, SSOSession, SSOLoginInfo, TokenCache, AccountCache, RoleCredentials, LastSelected, LastSelectedPerSession, ActiveCredential, LastSetCredential, SetCredentialOptions, SetCredentialResult } from "./types";
 export declare function createAwsesh(options: AwseshOptions): {
     sessions: {
         list: () => Promise<SSOSession[]>;
@@ -62,11 +62,13 @@ export declare function createAwsesh(options: AwseshOptions): {
         save: (sessionName: string, accountId: string, region: string) => Promise<void>;
         getAll: (sessionName: string) => Promise<Record<string, string>>;
     };
+    /** @internal Low-level primitive. Prefer `setCredential()` for most use cases. */
     credentials: {
         write: (profileName: string, creds: RoleCredentials, region?: string) => Promise<void>;
         removeProfile: (profileName: string) => Promise<void>;
         listProfiles: () => Promise<string[]>;
     };
+    /** @internal Low-level primitive. Prefer `setCredential()` / `clearCredential()` for most use cases. */
     activeCredentials: {
         list: () => Promise<ActiveCredential[]>;
         save: (credential: ActiveCredential) => Promise<void>;
@@ -74,10 +76,32 @@ export declare function createAwsesh(options: AwseshOptions): {
         cleanup: () => Promise<void>;
         remove: (accountId: string, roleName: string) => Promise<void>;
     };
+    /** @internal Low-level primitive. Prefer `setCredential()` / `clearCredential()` for most use cases. */
     lastSetCredential: {
         get: () => Promise<LastSetCredential | undefined>;
         save: (credential: LastSetCredential) => Promise<void>;
         clear: () => Promise<void>;
     };
+    /**
+     * High-level API: Set credentials with all tracking automatically handled.
+     * Writes to ~/.aws/credentials, updates activeCredentials, lastSetCredential, and lastSelected.
+     * If no profileName is provided, looks up the configured profile for this session/account/role.
+     */
+    setCredential(options: SetCredentialOptions): Promise<SetCredentialResult>;
+    /**
+     * High-level API: Clear a specific credential.
+     * Removes from activeCredentials and clears lastSetCredential if it matches.
+     */
+    clearCredential(accountId: string, roleName: string, removeProfile?: string): Promise<void>;
+    /**
+     * High-level API: Clear all credentials for a session.
+     * Removes all matching credentials and clears lastSetCredential if it matches.
+     */
+    clearSessionCredentials(sessionName: string, removeProfiles?: boolean): Promise<void>;
+    /**
+     * High-level API: Clear all credentials.
+     * Removes all tracked credentials and clears lastSetCredential.
+     */
+    clearAllCredentials(removeProfiles?: boolean): Promise<void>;
 };
 export type Awsesh = ReturnType<typeof createAwsesh>;

package/index.js

@@ -20460,6 +20460,105 @@ function createAwsesh(options) {
       clear: async () => {
         await storage.remove("credentials/last-set");
       }
+    },
+    async setCredential(options2) {
+      const {
+        credentials,
+        sessionName,
+        accountId,
+        accountName,
+        roleName,
+        region,
+        profileName: customProfileName
+      } = options2;
+      const configuredProfile = customProfileName === undefined ? await storage.read("preference/profile-names").then((data) => data?.[sessionName]?.[accountName]?.[roleName]) : undefined;
+      const profileName = customProfileName || configuredProfile || "default";
+      const isDefault = !customProfileName && !configuredProfile;
+      await Credentials.write({
+        awsDir,
+        profileName,
+        credentials,
+        region
+      });
+      await storage.update("credentials/active", (existing) => {
+        const list = Array.isArray(existing) ? existing : [];
+        const now = new Date;
+        const filtered = list.filter((c) => new Date(c.expiration) > now).filter((c) => !(c.accountId === accountId && c.roleName === roleName)).map((c) => isDefault ? { ...c, isDefault: false } : c).filter((c) => c.isDefault || c.profileName !== "default");
+        return [
+          ...filtered,
+          {
+            profileName,
+            accountId,
+            accountName,
+            roleName,
+            sessionName,
+            expiration: credentials.expiration.toISOString(),
+            isDefault
+          }
+        ];
+      });
+      await storage.write("credentials/last-set", {
+        profileName,
+        accountId,
+        accountName,
+        roleName,
+        sessionName,
+        region,
+        setAt: new Date().toISOString()
+      });
+      await storage.update("preference/last-selected", (existing) => ({
+        ...existing,
+        session: sessionName,
+        account: accountName,
+        role: roleName
+      }));
+      return {
+        profileName,
+        expiration: credentials.expiration,
+        isDefault
+      };
+    },
+    async clearCredential(accountId, roleName, removeProfile) {
+      await storage.update("credentials/active", (existing) => {
+        if (!existing || !Array.isArray(existing))
+          return [];
+        return existing.filter((c) => !(c.accountId === accountId && c.roleName === roleName));
+      });
+      const lastSet = await storage.read("credentials/last-set");
+      if (lastSet && lastSet.accountId === accountId && lastSet.roleName === roleName) {
+        await storage.remove("credentials/last-set");
+      }
+      if (removeProfile) {
+        await Credentials.removeProfile({ awsDir, profileName: removeProfile });
+      }
+    },
+    async clearSessionCredentials(sessionName, removeProfiles) {
+      const active = await storage.read("credentials/active");
+      const sessionCreds = (active || []).filter((c) => c.sessionName === sessionName);
+      if (removeProfiles) {
+        for (const cred of sessionCreds) {
+          await Credentials.removeProfile({ awsDir, profileName: cred.profileName });
+        }
+      }
+      await storage.update("credentials/active", (existing) => {
+        if (!existing || !Array.isArray(existing))
+          return [];
+        return existing.filter((c) => c.sessionName !== sessionName);
+      });
+      const lastSet = await storage.read("credentials/last-set");
+      if (lastSet && lastSet.sessionName === sessionName) {
+        await storage.remove("credentials/last-set");
+      }
+    },
+    async clearAllCredentials(removeProfiles) {
+      if (removeProfiles) {
+        const active = await storage.read("credentials/active");
+        for (const cred of active || []) {
+          await Credentials.removeProfile({ awsDir, profileName: cred.profileName });
+        }
+      }
+      await storage.write("credentials/active", []);
+      await storage.remove("credentials/last-set");
     }
   };
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@awsesh/core",
-  "version": "1.0.0-beta.202601241323",
+  "version": "1.0.0-beta.202601241355",
   "description": "AWS SSO session management SDK",
   "type": "module",
   "main": "./index.js",

package/types.d.ts

@@ -73,3 +73,17 @@ export interface LastSetCredential {
     region?: string;
     setAt: string;
 }
+export interface SetCredentialOptions {
+    credentials: RoleCredentials;
+    sessionName: string;
+    accountId: string;
+    accountName: string;
+    roleName: string;
+    region?: string;
+    profileName?: string;
+}
+export interface SetCredentialResult {
+    profileName: string;
+    expiration: Date;
+    isDefault: boolean;
+}