@juspay/neurolink 7.29.3 → 7.30.1

package/dist/lib/providers/aws/credentialTester.js

@@ -1,394 +0,0 @@
-/**
- * AWS Credential Testing Utilities for NeuroLink
- *
- * Provides comprehensive validation and debugging capabilities for AWS credentials
- * to ensure compatibility with Bedrock-MCP-Connector authentication patterns.
- */
-import { BedrockClient, ListFoundationModelsCommand, } from "@aws-sdk/client-bedrock";
-import { logger } from "../../utils/logger.js";
-/**
- * Helper function to safely extract comprehensive error information from AWS errors
- * This centralizes error extraction and captures AWS SDK v3 name, statusCode, and requestId
- * Enhanced to handle multiple AWS SDK error formats and edge cases
- */
-function extractAwsErrorInfo(error) {
-    const result = {};
-    if (typeof error === "object" && error !== null) {
-        const awsError = error; // Use AWSError interface to handle various error shapes
-        // Extract error code with comprehensive fallbacks
-        // AWS SDK v2: error.code, error.Code
-        // AWS SDK v3: error.name, error.Code, error.code
-        // Some services: error.errorCode, error.ErrorCode
-        result.code =
-            awsError.Code ||
-                awsError.code ||
-                awsError.errorCode ||
-                awsError.ErrorCode ||
-                awsError.name; // AWS SDK v3 often uses name as error code
-        // Extract error name with fallbacks
-        // AWS SDK v3: error.name is primary
-        // Some errors: error.errorType, error.ErrorType
-        // Fallback to constructor name
-        result.name =
-            awsError.name ||
-                awsError.errorType ||
-                awsError.ErrorType ||
-                awsError.constructor?.name;
-        // Extract error message with fallbacks
-        // Standard: error.message
-        // Some services: error.Message, error.errorMessage
-        result.message =
-            awsError.message ||
-                awsError.Message ||
-                awsError.errorMessage ||
-                String(error); // Last resort stringification
-        // Extract metadata with multiple patterns
-        // AWS SDK v3: error.$metadata
-        // Some services: error.metadata, error.$response
-        const metadata = awsError.$metadata || awsError.metadata || awsError.$response;
-        if (metadata && typeof metadata === "object") {
-            const metadataObj = metadata;
-            result.statusCode =
-                metadataObj.httpStatusCode ||
-                    metadataObj.statusCode ||
-                    metadataObj.status;
-            result.requestId =
-                metadataObj.requestId ||
-                    metadataObj.RequestId ||
-                    metadataObj.request_id ||
-                    metadataObj["x-amzn-requestid"]; // Common response header
-        }
-        // Handle wrapped errors (common in AWS SDK v3)
-        // Sometimes the actual error is nested in error.cause or error.$fault
-        if (!result.code && (awsError.cause || awsError.$fault)) {
-            const nestedError = awsError.cause || awsError.$fault;
-            const nestedInfo = extractAwsErrorInfo(nestedError);
-            // Merge nested error info, preferring current level
-            result.code = result.code || nestedInfo.code;
-            result.name = result.name || nestedInfo.name;
-            result.message = result.message || nestedInfo.message;
-            result.statusCode = result.statusCode || nestedInfo.statusCode;
-            result.requestId = result.requestId || nestedInfo.requestId;
-        }
-    }
-    // Handle primitive error types (strings, etc.)
-    if (!result.message && error) {
-        result.message = String(error);
-    }
-    return result;
-}
-/**
- * Credential testing and validation utility class
- */
-export class CredentialTester {
-    /**
-     * Validate AWS credentials and detect their source
-     */
-    static async validateCredentials(provider) {
-        const startTime = Date.now();
-        try {
-            // Get credentials from provider
-            const credentials = await provider.getCredentials();
-            const config = provider.getConfig();
-            // Detect credential source based on available information
-            const credentialSource = await this.detectCredentialSource(credentials, config);
-            const result = {
-                isValid: true,
-                credentialSource,
-                region: config.region,
-                hasExpiration: !!credentials.expiration,
-                expirationTime: credentials.expiration,
-                debugInfo: {
-                    accessKeyId: credentials.accessKeyId.substring(0, 8) + "***",
-                    hasSessionToken: !!credentials.sessionToken,
-                    providerConfig: config,
-                },
-            };
-            logger.debug("Credential validation successful", {
-                source: credentialSource,
-                region: config.region,
-                validationTimeMs: Date.now() - startTime,
-            });
-            return result;
-        }
-        catch (error) {
-            const errorMessage = error instanceof Error ? error.message : String(error);
-            logger.error("Credential validation failed", {
-                error: errorMessage,
-                validationTimeMs: Date.now() - startTime,
-            });
-            return {
-                isValid: false,
-                credentialSource: "unknown",
-                region: provider.getConfig().region,
-                hasExpiration: false,
-                error: errorMessage,
-                debugInfo: {
-                    accessKeyId: "unavailable",
-                    hasSessionToken: false,
-                    providerConfig: provider.getConfig(),
-                },
-            };
-        }
-    }
-    /**
-     * Test AWS Bedrock service connectivity
-     */
-    static async testBedrockConnectivity(provider, region) {
-        const startTime = Date.now();
-        const testRegion = region || provider.getConfig().region;
-        logger.debug("Starting Bedrock connectivity test", {
-            region: testRegion,
-            providerConfig: provider.getConfig(),
-        });
-        try {
-            // First, get credentials to see what we're working with
-            const credentials = await provider.getCredentials();
-            logger.debug("Got credentials for Bedrock test", {
-                accessKeyId: credentials.accessKeyId.substring(0, 8) + "***",
-                hasSessionToken: !!credentials.sessionToken,
-                hasExpiration: !!credentials.expiration,
-                expiration: credentials.expiration?.toISOString(),
-                credentialType: credentials.accessKeyId?.startsWith("ASIA")
-                    ? "temporary"
-                    : "long-term",
-            });
-            // Create Bedrock client with credential provider (use BedrockClient for listing models)
-            logger.debug("Creating BedrockClient", {
-                region: testRegion,
-                credentialProviderType: typeof provider.getCredentialProvider(),
-            });
-            const bedrockClient = new BedrockClient({
-                region: testRegion,
-                credentials: provider.getCredentialProvider(),
-                maxAttempts: provider.getConfig().maxAttempts || 3,
-            });
-            logger.debug("BedrockClient created, sending ListFoundationModelsCommand");
-            // Test connectivity by listing foundation models
-            const command = new ListFoundationModelsCommand({});
-            const ctrl = new AbortController();
-            const timeoutId = setTimeout(() => ctrl.abort(), provider.getConfig().timeout || 15000);
-            let response;
-            try {
-                response = await bedrockClient.send(command, {
-                    abortSignal: ctrl.signal,
-                });
-            }
-            finally {
-                clearTimeout(timeoutId);
-            }
-            logger.debug("ListFoundationModelsCommand response received", {
-                hasModelSummaries: !!response.modelSummaries,
-                modelCount: response.modelSummaries?.length || 0,
-                responseMetadata: response.$metadata,
-            });
-            const models = response.modelSummaries || [];
-            const responseTime = Date.now() - startTime;
-            const result = {
-                bedrockAccessible: true,
-                availableModels: models.length,
-                responseTimeMs: responseTime,
-                sampleModels: models
-                    .slice(0, 5)
-                    .map((model) => model.modelId || "unknown"),
-            };
-            logger.debug("Bedrock connectivity test successful", {
-                region: testRegion,
-                modelsFound: models.length,
-                responseTimeMs: responseTime,
-                sampleModels: result.sampleModels,
-            });
-            return result;
-        }
-        catch (error) {
-            const errorMessage = error instanceof Error ? error.message : String(error);
-            const responseTime = Date.now() - startTime;
-            const { code, statusCode, requestId } = extractAwsErrorInfo(error);
-            logger.error("Bedrock connectivity test failed", {
-                region: testRegion,
-                error: errorMessage,
-                errorType: error instanceof Error ? error.constructor.name : "unknown",
-                errorCode: code,
-                statusCode,
-                requestId,
-                stack: error instanceof Error ? error.stack : "no stack trace",
-                responseTimeMs: responseTime,
-            });
-            return {
-                bedrockAccessible: false,
-                availableModels: 0,
-                responseTimeMs: responseTime,
-                error: errorMessage,
-                sampleModels: [],
-            };
-        }
-    }
-    /**
-     * Perform comprehensive credential and service testing
-     */
-    static async runComprehensiveTest(provider, testRegions = ["us-east-1", "us-west-2"]) {
-        logger.debug("Starting comprehensive AWS credential and connectivity test");
-        // Test credential validation
-        const credentialValidation = await this.validateCredentials(provider);
-        // Test connectivity across multiple regions (in parallel)
-        const connectivityTests = await Promise.all(testRegions.map(async (region) => {
-            try {
-                const result = await this.testBedrockConnectivity(provider, region);
-                return { region, result };
-            }
-            catch (error) {
-                const errorMessage = error instanceof Error ? error.message : String(error);
-                return {
-                    region,
-                    result: {
-                        bedrockAccessible: false,
-                        availableModels: 0,
-                        responseTimeMs: 0,
-                        error: errorMessage,
-                        sampleModels: [],
-                    },
-                };
-            }
-        }));
-        // Determine overall status
-        let overallStatus;
-        let summary;
-        if (!credentialValidation.isValid) {
-            overallStatus = "failed";
-            summary = `Credential validation failed: ${credentialValidation.error}`;
-        }
-        else {
-            const successfulConnections = connectivityTests.filter((test) => test.result.bedrockAccessible).length;
-            if (successfulConnections === testRegions.length) {
-                overallStatus = "success";
-                summary = `All tests passed. Credentials valid, Bedrock accessible in ${successfulConnections}/${testRegions.length} regions.`;
-            }
-            else if (successfulConnections > 0) {
-                overallStatus = "partial";
-                summary = `Partial success. Credentials valid, Bedrock accessible in ${successfulConnections}/${testRegions.length} regions.`;
-            }
-            else {
-                overallStatus = "failed";
-                summary = `Credentials valid but Bedrock inaccessible in all tested regions.`;
-            }
-        }
-        logger.info("Comprehensive test completed", {
-            overallStatus,
-            credentialSource: credentialValidation.credentialSource,
-            successfulConnections: connectivityTests.filter((test) => test.result.bedrockAccessible).length,
-            totalRegionsTested: testRegions.length,
-        });
-        return {
-            credentialValidation,
-            connectivityTests,
-            overallStatus,
-            summary,
-        };
-    }
-    /**
-     * Detect the source of AWS credentials based on credential properties and environment
-     */
-    static async detectCredentialSource(credentials, config) {
-        // Check for environment variables (static creds)
-        if (process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY) {
-            return credentials.sessionToken
-                ? "Environment Variables (with session token)"
-                : "Environment Variables";
-        }
-        // Explicit env‐based sources first
-        if (process.env.AWS_WEB_IDENTITY_TOKEN_FILE) {
-            return "Web Identity Token";
-        }
-        if (process.env.AWS_CREDENTIAL_PROCESS) {
-            return "Credential Process";
-        }
-        // Check for role‐based credentials (temporary credentials with session token)
-        if (credentials.sessionToken && credentials.expiration) {
-            // Prefer explicit hints first
-            if (config.roleArn) {
-                return "STS Assume Role";
-            }
-            // Enhanced container detection
-            if (process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI ||
-                process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI) {
-                // Detect specific container environments
-                if (process.env.AWS_EXECUTION_ENV === "AWS_ECS_FARGATE") {
-                    return "Container Credentials (ECS Fargate)";
-                }
-                if (process.env.AWS_EXECUTION_ENV === "AWS_ECS_EC2") {
-                    return "Container Credentials (ECS)";
-                }
-                return "Container Credentials (ECS)";
-            }
-            // Enhanced Lambda detection
-            if (process.env.AWS_LAMBDA_FUNCTION_NAME) {
-                return "Lambda Execution Role";
-            }
-            // Enhanced EC2 detection
-            if (process.env.AWS_EXECUTION_ENV?.includes("EC2")) {
-                return "Instance Metadata (EC2)";
-            }
-            // Enhanced EKS detection
-            if (process.env.KUBERNETES_SERVICE_HOST) {
-                return "Service Account (EKS)";
-            }
-            return "Temporary Credentials (IAM Role)";
-        }
-        // SSO (env‐configured)
-        if (process.env.AWS_SSO_START_URL || process.env.AWS_SSO_REGION) {
-            return "AWS SSO";
-        }
-        // Check for profile‐based credentials
-        if (config.profile !== "default") {
-            return `AWS Profile (${config.profile})`;
-        }
-        if (process.env.AWS_PROFILE) {
-            return `AWS Profile (${process.env.AWS_PROFILE})`;
-        }
-        // Default fallback
-        return "AWS Credentials File";
-    }
-    /**
-     * Get credential source name for debugging
-     */
-    static async getCredentialSource(provider) {
-        try {
-            const credentials = await provider.getCredentials();
-            const config = provider.getConfig();
-            return await this.detectCredentialSource(credentials, config);
-        }
-        catch {
-            return "Unable to determine credential source";
-        }
-    }
-    /**
-     * Test credential refresh functionality
-     */
-    static async testCredentialRefresh(provider) {
-        const startTime = Date.now();
-        try {
-            await provider.refreshCredentials();
-            const refreshTime = Date.now() - startTime;
-            logger.debug("Credential refresh test successful", {
-                refreshTimeMs: refreshTime,
-            });
-            return {
-                refreshSuccessful: true,
-                refreshTimeMs: refreshTime,
-            };
-        }
-        catch (error) {
-            const errorMessage = error instanceof Error ? error.message : String(error);
-            const refreshTime = Date.now() - startTime;
-            logger.error("Credential refresh test failed", {
-                error: errorMessage,
-                refreshTimeMs: refreshTime,
-            });
-            return {
-                refreshSuccessful: false,
-                refreshTimeMs: refreshTime,
-                error: errorMessage,
-            };
-        }
-    }
-}

package/dist/providers/aws/credentialProvider.d.ts

@@ -1,58 +0,0 @@
-/**
- * AWS Credential Provider for NeuroLink
- *
- * Provides 100% compatibility with Bedrock-MCP-Connector authentication patterns
- * by leveraging AWS SDK v3's official defaultProvider credential chain.
- *
- * Supports all 9 AWS credential sources:
- * 1. Environment Variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
- * 2. AWS Credentials File (~/.aws/credentials)
- * 3. AWS Config File (~/.aws/config)
- * 4. IAM Roles (EC2/ECS/Lambda)
- * 5. AWS SSO
- * 6. STS Assume Role
- * 7. Credential Process
- * 8. Container Credentials
- * 9. Instance Metadata Service (IMDS)
- */
-import type { AwsCredentialIdentity, Provider } from "@aws-sdk/types";
-import type { AWSCredentialConfig } from "../../types/providers.js";
-/**
- * AWS Credential Provider class that wraps AWS SDK v3's defaultProvider
- * to provide seamless compatibility with Bedrock-MCP-Connector authentication
- */
-export declare class AWSCredentialProvider {
-    private credentialProvider;
-    private config;
-    private isInitialized;
-    private lastCredentials;
-    private lastRefresh;
-    constructor(config?: AWSCredentialConfig);
-    /**
-     * Get AWS credentials using the default provider chain
-     * Implements caching to avoid unnecessary credential resolution calls
-     */
-    getCredentials(): Promise<AwsCredentialIdentity>;
-    /**
-     * Get the raw credential provider for direct use with AWS SDK clients
-     * This allows the credential provider to be passed directly to BedrockRuntimeClient
-     */
-    getCredentialProvider(): Provider<AwsCredentialIdentity>;
-    /**
-     * Force refresh of cached credentials
-     * Useful when credentials may have been updated externally
-     */
-    refreshCredentials(): Promise<AwsCredentialIdentity>;
-    /**
-     * Check if credentials are currently available without throwing errors
-     */
-    isCredentialsAvailable(): Promise<boolean>;
-    /**
-     * Get configuration information for debugging
-     */
-    getConfig(): Readonly<Required<AWSCredentialConfig>>;
-    /**
-     * Clean up resources and clear cached credentials
-     */
-    dispose(): void;
-}