@kansodata/kansodata-glue-plugin 0.1.0

package/dist/tools/catalog/catalogTools.js

@@ -0,0 +1,108 @@
+import { z } from "zod";
+import { parseWithSchema } from "../common.js";
+const GetCatalogTableInputSchema = z
+    .object({
+    databaseName: z.string().trim().min(1),
+    tableName: z.string().trim().min(1)
+})
+    .strict();
+const ListCatalogTablesInputSchema = z
+    .object({
+    databaseName: z.string().trim().min(1),
+    expression: z.string().trim().min(1).optional(),
+    maxResults: z.number().int().positive().max(100).default(25)
+})
+    .strict();
+const GetCatalogPartitionsSampleInputSchema = z
+    .object({
+    databaseName: z.string().trim().min(1),
+    tableName: z.string().trim().min(1),
+    expression: z.string().trim().min(1).optional(),
+    sampleSize: z.number().int().positive().max(25).optional()
+})
+    .strict();
+const ExplainPartitioningInputSchema = z
+    .object({
+    databaseName: z.string().trim().min(1),
+    tableName: z.string().trim().min(1),
+    sampleSize: z.number().int().positive().max(25).optional()
+})
+    .strict();
+export const getCatalogTableTool = {
+    name: "glue_get_catalog_table",
+    description: "Get sanitized Glue Catalog table metadata for ETL diagnosis.",
+    inputSchema: { type: "object", required: ["databaseName", "tableName"] },
+    parseInput: (input) => parseWithSchema(GetCatalogTableInputSchema, input),
+    execute: async (context, input) => {
+        const parsed = GetCatalogTableInputSchema.parse(input);
+        const table = await context.glueService.getCatalogTable(parsed.databaseName, parsed.tableName);
+        return {
+            summary: `Catalog table ${parsed.databaseName}.${parsed.tableName} loaded.`,
+            data: {
+                table
+            }
+        };
+    }
+};
+export const listCatalogTablesTool = {
+    name: "glue_list_catalog_tables",
+    description: "List catalog tables using bounded output and optional expression filter.",
+    inputSchema: { type: "object", required: ["databaseName"] },
+    parseInput: (input) => parseWithSchema(ListCatalogTablesInputSchema, input),
+    execute: async (context, input) => {
+        const parsed = ListCatalogTablesInputSchema.parse(input);
+        const tables = await context.glueService.listCatalogTables(parsed);
+        return {
+            summary: `Retrieved ${tables.length} table definitions from ${parsed.databaseName}.`,
+            data: {
+                tables
+            }
+        };
+    }
+};
+export const getCatalogPartitionsSampleTool = {
+    name: "glue_get_catalog_partitions_sample",
+    description: "Sample Glue Catalog partitions safely for ETL predicate diagnosis.",
+    inputSchema: { type: "object", required: ["databaseName", "tableName"] },
+    parseInput: (input) => parseWithSchema(GetCatalogPartitionsSampleInputSchema, input),
+    execute: async (context, input) => {
+        const parsed = GetCatalogPartitionsSampleInputSchema.parse(input);
+        const sampleSize = parsed.sampleSize ?? context.config.maxPartitionSampleSize;
+        const partitions = await context.glueService.getCatalogPartitionsSample({
+            databaseName: parsed.databaseName,
+            tableName: parsed.tableName,
+            expression: parsed.expression,
+            sampleSize
+        });
+        return {
+            summary: `Retrieved ${partitions.length} sampled partitions from ${parsed.databaseName}.${parsed.tableName}.`,
+            data: {
+                sampleSize,
+                partitions
+            }
+        };
+    }
+};
+export const explainPartitioningTool = {
+    name: "glue_explain_partitioning",
+    description: "Explain partitioning posture for from_catalog / push_down_predicate diagnostics.",
+    inputSchema: { type: "object", required: ["databaseName", "tableName"] },
+    parseInput: (input) => parseWithSchema(ExplainPartitioningInputSchema, input),
+    execute: async (context, input) => {
+        const parsed = ExplainPartitioningInputSchema.parse(input);
+        const explanation = await context.glueService.explainPartitioning(parsed.databaseName, parsed.tableName, parsed.sampleSize ?? context.config.maxPartitionSampleSize);
+        return {
+            summary: `Partitioning analysis generated for ${parsed.databaseName}.${parsed.tableName}.`,
+            data: {
+                explanation
+            }
+        };
+    }
+};
+export const catalogTools = [
+    getCatalogTableTool,
+    listCatalogTablesTool,
+    getCatalogPartitionsSampleTool,
+    explainPartitioningTool
+];
+//# sourceMappingURL=catalogTools.js.map

package/dist/tools/catalog/catalogTools.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"catalogTools.js","sourceRoot":"","sources":["../../../src/tools/catalog/catalogTools.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAE/C,MAAM,0BAA0B,GAAG,CAAC;KACjC,MAAM,CAAC;IACN,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACtC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CACpC,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,4BAA4B,GAAG,CAAC;KACnC,MAAM,CAAC;IACN,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACtC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC/C,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;CAC7D,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,qCAAqC,GAAG,CAAC;KAC5C,MAAM,CAAC;IACN,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACtC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACnC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC/C,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC3D,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,8BAA8B,GAAG,CAAC;KACrC,MAAM,CAAC;IACN,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACtC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACnC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC3D,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,CAAC,MAAM,mBAAmB,GAA4B;IAC1D,IAAI,EAAE,wBAAwB;IAC9B,WAAW,EAAE,8DAA8D;IAC3E,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,cAAc,EAAE,WAAW,CAAC,EAAE;IACxE,UAAU,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,eAAe,CAAC,0BAA0B,EAAE,KAAK,CAAC;IACzE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAChC,MAAM,MAAM,GAAG,0BAA0B,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACvD,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,eAAe,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;QAC/F,OAAO;YACL,OAAO,EAAE,iBAAiB,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,SAAS,UAAU;YAC3E,IAAI,EAAE;gBACJ,KAAK;aACN;SACF,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,qBAAqB,GAA4B;IAC5D,IAAI,EAAE,0BAA0B;IAChC,WAAW,EAAE,0EAA0E;IACvF,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,cAAc,CAAC,EAAE;IAC3D,UAAU,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,eAAe,CAAC,4BAA4B,EAAE,KAAK,CAAC;IAC3E,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAChC,MAAM,MAAM,GAAG,4BAA4B,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACnE,OAAO;YACL,OAAO,EAAE,aAAa,MAAM,CAAC,MAAM,2BAA2B,MAAM,CAAC,YAAY,GAAG;YACpF,IAAI,EAAE;gBACJ,MAAM;aACP;SACF,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,8BAA8B,GAA4B;IACrE,IAAI,EAAE,oCAAoC;IAC1C,WAAW,EAAE,oEAAoE;IACjF,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,cAAc,EAAE,WAAW,CAAC,EAAE;IACxE,UAAU,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,eAAe,CAAC,qCAAqC,EAAE,KAAK,CAAC;IACpF,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAChC,MAAM,MAAM,GAAG,qCAAqC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAClE,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,OAAO,CAAC,MAAM,CAAC,sBAAsB,CAAC;QAC9E,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,0BAA0B,CAAC;YACtE,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,UAAU;SACX,CAAC,CAAC;QACH,OAAO;YACL,OAAO,EAAE,aAAa,UAAU,CAAC,MAAM,4BAA4B,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,SAAS,GAAG;YAC7G,IAAI,EAAE;gBACJ,UAAU;gBACV,UAAU;aACX;SACF,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,uBAAuB,GAA4B;IAC9D,IAAI,EAAE,2BAA2B;IACjC,WAAW,EAAE,kFAAkF;IAC/F,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,cAAc,EAAE,WAAW,CAAC,EAAE;IACxE,UAAU,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,eAAe,CAAC,8BAA8B,EAAE,KAAK,CAAC;IAC7E,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAChC,MAAM,MAAM,GAAG,8BAA8B,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC3D,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,mBAAmB,CAC/D,MAAM,CAAC,YAAY,EACnB,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,UAAU,IAAI,OAAO,CAAC,MAAM,CAAC,sBAAsB,CAC3D,CAAC;QACF,OAAO;YACL,OAAO,EAAE,uCAAuC,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,SAAS,GAAG;YAC1F,IAAI,EAAE;gBACJ,WAAW;aACZ;SACF,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B,mBAAmB;IACnB,qBAAqB;IACrB,8BAA8B;IAC9B,uBAAuB;CACf,CAAC"}

package/dist/tools/common.d.ts

@@ -0,0 +1,4 @@
+import type { z } from "zod";
+import type { GluePluginConfig } from "../config/schema.js";
+export declare const parseWithSchema: <T>(schema: z.ZodType<T>, payload: unknown) => T;
+export declare const assertWriteSafe: (config: GluePluginConfig, name: string, type: "workflow" | "trigger", payload: unknown) => void;

package/dist/tools/common.js

@@ -0,0 +1,19 @@
+import { InvalidInputError } from "../errors/glueErrors.js";
+import { assertNameAllowedByPrefix, assertNoSecretsInPayload } from "../guards/operationGuards.js";
+export const parseWithSchema = (schema, payload) => {
+    const parsed = schema.safeParse(payload);
+    if (!parsed.success) {
+        throw new InvalidInputError("Invalid tool input.", {
+            details: parsed.error.issues.map((issue) => ({
+                path: issue.path.join("."),
+                message: issue.message
+            }))
+        });
+    }
+    return parsed.data;
+};
+export const assertWriteSafe = (config, name, type, payload) => {
+    assertNoSecretsInPayload(payload);
+    assertNameAllowedByPrefix(config, name, type);
+};
+//# sourceMappingURL=common.js.map

package/dist/tools/common.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"common.js","sourceRoot":"","sources":["../../src/tools/common.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EACL,yBAAyB,EACzB,wBAAwB,EACzB,MAAM,8BAA8B,CAAC;AAEtC,MAAM,CAAC,MAAM,eAAe,GAAG,CAAI,MAAoB,EAAE,OAAgB,EAAK,EAAE;IAC9E,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,iBAAiB,CAAC,qBAAqB,EAAE;YACjD,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;gBAC3C,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;gBAC1B,OAAO,EAAE,KAAK,CAAC,OAAO;aACvB,CAAC,CAAC;SACJ,CAAC,CAAC;IACL,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAG,CAC7B,MAAwB,EACxB,IAAY,EACZ,IAA4B,EAC5B,OAAgB,EACV,EAAE;IACR,wBAAwB,CAAC,OAAO,CAAC,CAAC;IAClC,yBAAyB,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;AAChD,CAAC,CAAC"}

package/dist/tools/registry.d.ts

@@ -0,0 +1,3 @@
+import type { ToolDefinition, ToolName } from "../domain/contracts.js";
+export declare const allTools: readonly [ToolDefinition<unknown>, ToolDefinition<unknown>, ToolDefinition<unknown>, ToolDefinition<unknown>, ToolDefinition<unknown>, ToolDefinition<unknown>, ToolDefinition<unknown>, ToolDefinition<unknown>, ToolDefinition<unknown>, ToolDefinition<unknown>, ToolDefinition<unknown>, ToolDefinition<unknown>];
+export declare const toolRegistry: ReadonlyMap<ToolName, ToolDefinition<unknown>>;

package/dist/tools/registry.js

@@ -0,0 +1,6 @@
+import { catalogTools } from "./catalog/catalogTools.js";
+import { triggerTools } from "./triggers/triggerTools.js";
+import { workflowTools } from "./workflows/workflowTools.js";
+export const allTools = [...workflowTools, ...triggerTools, ...catalogTools];
+export const toolRegistry = new Map(allTools.map((tool) => [tool.name, tool]));
+//# sourceMappingURL=registry.js.map

package/dist/tools/registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/tools/registry.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAE7D,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,GAAG,aAAa,EAAE,GAAG,YAAY,EAAE,GAAG,YAAY,CAAU,CAAC;AAEtF,MAAM,CAAC,MAAM,YAAY,GAAmD,IAAI,GAAG,CACjF,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,IAA+B,CAAC,CAAC,CACrE,CAAC"}

package/dist/tools/triggers/triggerTools.d.ts

@@ -0,0 +1,6 @@
+import type { ToolDefinition } from "../../domain/contracts.js";
+export declare const listTriggersTool: ToolDefinition<unknown>;
+export declare const getTriggerTool: ToolDefinition<unknown>;
+export declare const createTriggerTool: ToolDefinition<unknown>;
+export declare const updateTriggerTool: ToolDefinition<unknown>;
+export declare const triggerTools: readonly [ToolDefinition<unknown>, ToolDefinition<unknown>, ToolDefinition<unknown>, ToolDefinition<unknown>];

package/dist/tools/triggers/triggerTools.js

@@ -0,0 +1,157 @@
+import { z } from "zod";
+import { assertWriteSafe, parseWithSchema } from "../common.js";
+const TriggerActionSchema = z
+    .object({
+    jobName: z.string().trim().min(1),
+    timeout: z.number().int().positive().max(2880).optional()
+})
+    .strict();
+const TriggerPredicateConditionSchema = z
+    .object({
+    logicalOperator: z.enum(["EQUALS"]).default("EQUALS"),
+    jobName: z.string().trim().min(1),
+    state: z.enum(["SUCCEEDED", "FAILED", "TIMEOUT", "STOPPED"])
+})
+    .strict();
+const TriggerPredicateSchema = z
+    .object({
+    logical: z.enum(["AND", "ANY"]).optional(),
+    conditions: z.array(TriggerPredicateConditionSchema).min(1)
+})
+    .strict();
+const ListTriggersInputSchema = z
+    .object({
+    limit: z.number().int().positive().max(100).default(25)
+})
+    .strict();
+const GetTriggerInputSchema = z
+    .object({
+    name: z.string().trim().min(1)
+})
+    .strict();
+const CreateTriggerInputSchema = z
+    .object({
+    name: z.string().trim().min(1),
+    type: z.enum(["SCHEDULED", "CONDITIONAL", "ON_DEMAND", "EVENT"]),
+    workflowName: z.string().trim().min(1).optional(),
+    schedule: z.string().trim().min(1).optional(),
+    description: z.string().trim().max(1024).optional(),
+    startOnCreation: z.boolean().optional(),
+    actions: z.array(TriggerActionSchema).min(1).max(20),
+    predicate: TriggerPredicateSchema.optional(),
+    dryRun: z.boolean().optional()
+})
+    .strict();
+const UpdateTriggerInputSchema = z
+    .object({
+    name: z.string().trim().min(1),
+    schedule: z.string().trim().min(1).optional(),
+    description: z.string().trim().max(1024).optional(),
+    actions: z.array(TriggerActionSchema).min(1).max(20).optional(),
+    predicate: TriggerPredicateSchema.optional(),
+    dryRun: z.boolean().optional()
+})
+    .strict()
+    .refine((input) => input.schedule !== undefined ||
+    input.description !== undefined ||
+    input.actions !== undefined ||
+    input.predicate !== undefined, "At least one mutable field is required for update.");
+const toActions = (actions) => actions.map((action) => ({
+    JobName: action.jobName,
+    Timeout: action.timeout
+}));
+const toPredicate = (predicate) => predicate
+    ? {
+        Logical: predicate.logical,
+        Conditions: predicate.conditions.map((condition) => ({
+            LogicalOperator: condition.logicalOperator ?? "EQUALS",
+            JobName: condition.jobName,
+            State: condition.state
+        }))
+    }
+    : undefined;
+export const listTriggersTool = {
+    name: "glue_list_triggers",
+    description: "List AWS Glue triggers with bounded result size.",
+    inputSchema: { type: "object", properties: { limit: { type: "integer" } } },
+    parseInput: (input) => parseWithSchema(ListTriggersInputSchema, input),
+    execute: async (context, input) => {
+        const parsed = ListTriggersInputSchema.parse(input);
+        const triggers = await context.glueService.listTriggers(parsed.limit);
+        return {
+            summary: `Retrieved ${triggers.length} trigger names.`,
+            data: {
+                triggers
+            }
+        };
+    }
+};
+export const getTriggerTool = {
+    name: "glue_get_trigger",
+    description: "Get a sanitized trigger view for operational analysis.",
+    inputSchema: { type: "object", properties: { name: { type: "string" } }, required: ["name"] },
+    parseInput: (input) => parseWithSchema(GetTriggerInputSchema, input),
+    execute: async (context, input) => {
+        const parsed = GetTriggerInputSchema.parse(input);
+        const trigger = await context.glueService.getTrigger(parsed.name);
+        return {
+            summary: `Trigger ${parsed.name} loaded.`,
+            data: {
+                trigger
+            }
+        };
+    }
+};
+export const createTriggerTool = {
+    name: "glue_create_trigger",
+    description: "Create Glue trigger with guarded payload and prefix checks.",
+    inputSchema: { type: "object" },
+    parseInput: (input) => parseWithSchema(CreateTriggerInputSchema, input),
+    execute: async (context, input) => {
+        const parsed = CreateTriggerInputSchema.parse(input);
+        assertWriteSafe(context.config, parsed.name, "trigger", parsed);
+        const trigger = await context.glueService.createTrigger({
+            name: parsed.name,
+            type: parsed.type,
+            workflowName: parsed.workflowName,
+            schedule: parsed.schedule,
+            description: parsed.description,
+            startOnCreation: parsed.startOnCreation,
+            actions: toActions(parsed.actions),
+            predicate: toPredicate(parsed.predicate),
+            dryRun: parsed.dryRun
+        });
+        return {
+            summary: `Trigger ${parsed.name} ${parsed.dryRun ?? context.config.dryRunByDefault ? "validated in dry-run" : "created"}.`,
+            data: {
+                trigger
+            }
+        };
+    }
+};
+export const updateTriggerTool = {
+    name: "glue_update_trigger",
+    description: "Safely update selected trigger fields on existing Glue resources.",
+    inputSchema: { type: "object" },
+    parseInput: (input) => parseWithSchema(UpdateTriggerInputSchema, input),
+    execute: async (context, input) => {
+        const parsed = UpdateTriggerInputSchema.parse(input);
+        assertWriteSafe(context.config, parsed.name, "trigger", parsed);
+        const trigger = await context.glueService.updateTrigger({
+            name: parsed.name,
+            schedule: parsed.schedule,
+            description: parsed.description,
+            actions: parsed.actions ? toActions(parsed.actions) : undefined,
+            predicate: toPredicate(parsed.predicate),
+            dryRun: parsed.dryRun
+        });
+        return {
+            summary: `Trigger ${parsed.name} ${parsed.dryRun ?? context.config.dryRunByDefault ? "validated in dry-run" : "updated"}.`,
+            data: {
+                trigger
+            }
+        };
+    }
+};
+export const triggerTools = [listTriggersTool, getTriggerTool, createTriggerTool, updateTriggerTool];
+//# sourceMappingURL=triggerTools.js.map

package/dist/tools/triggers/triggerTools.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"triggerTools.js","sourceRoot":"","sources":["../../../src/tools/triggers/triggerTools.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAEhE,MAAM,mBAAmB,GAAG,CAAC;KAC1B,MAAM,CAAC;IACN,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACjC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;CAC1D,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,+BAA+B,GAAG,CAAC;KACtC,MAAM,CAAC;IACN,eAAe,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;IACrD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACjC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;CAC7D,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,sBAAsB,GAAG,CAAC;KAC7B,MAAM,CAAC;IACN,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC1C,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;CAC5D,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,uBAAuB,GAAG,CAAC;KAC9B,MAAM,CAAC;IACN,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;CACxD,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,qBAAqB,GAAG,CAAC;KAC5B,MAAM,CAAC;IACN,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CAC/B,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,wBAAwB,GAAG,CAAC;KAC/B,MAAM,CAAC;IACN,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9B,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;IAChE,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACjD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC7C,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;IACnD,eAAe,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACvC,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;IACpD,SAAS,EAAE,sBAAsB,CAAC,QAAQ,EAAE;IAC5C,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC/B,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,wBAAwB,GAAG,CAAC;KAC/B,MAAM,CAAC;IACN,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC7C,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;IACnD,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC/D,SAAS,EAAE,sBAAsB,CAAC,QAAQ,EAAE;IAC5C,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC/B,CAAC;KACD,MAAM,EAAE;KACR,MAAM,CACL,CAAC,KAAK,EAAE,EAAE,CACR,KAAK,CAAC,QAAQ,KAAK,SAAS;IAC5B,KAAK,CAAC,WAAW,KAAK,SAAS;IAC/B,KAAK,CAAC,OAAO,KAAK,SAAS;IAC3B,KAAK,CAAC,SAAS,KAAK,SAAS,EAC/B,oDAAoD,CACrD,CAAC;AAEJ,MAAM,SAAS,GAAG,CAAC,OAAuD,EAAE,EAAE,CAC5E,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC,OAAO;IACvB,OAAO,EAAE,MAAM,CAAC,OAAO;CACxB,CAAC,CAAC,CAAC;AAEN,MAAM,WAAW,GAAG,CAAC,SAA6D,EAAE,EAAE,CACpF,SAAS;IACP,CAAC,CAAC;QACE,OAAO,EAAE,SAAS,CAAC,OAAO;QAC1B,UAAU,EAAE,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YACnD,eAAe,EAAE,SAAS,CAAC,eAAe,IAAI,QAAQ;YACtD,OAAO,EAAE,SAAS,CAAC,OAAO;YAC1B,KAAK,EAAE,SAAS,CAAC,KAAK;SACvB,CAAC,CAAC;KACJ;IACH,CAAC,CAAC,SAAS,CAAC;AAEhB,MAAM,CAAC,MAAM,gBAAgB,GAA4B;IACvD,IAAI,EAAE,oBAAoB;IAC1B,WAAW,EAAE,kDAAkD;IAC/D,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE;IAC3E,UAAU,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,eAAe,CAAC,uBAAuB,EAAE,KAAK,CAAC;IACtE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAChC,MAAM,MAAM,GAAG,uBAAuB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACpD,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACtE,OAAO;YACL,OAAO,EAAE,aAAa,QAAQ,CAAC,MAAM,iBAAiB;YACtD,IAAI,EAAE;gBACJ,QAAQ;aACT;SACF,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,cAAc,GAA4B;IACrD,IAAI,EAAE,kBAAkB;IACxB,WAAW,EAAE,wDAAwD;IACrE,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,MAAM,CAAC,EAAE;IAC7F,UAAU,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,eAAe,CAAC,qBAAqB,EAAE,KAAK,CAAC;IACpE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAChC,MAAM,MAAM,GAAG,qBAAqB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAClD,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAClE,OAAO;YACL,OAAO,EAAE,WAAW,MAAM,CAAC,IAAI,UAAU;YACzC,IAAI,EAAE;gBACJ,OAAO;aACR;SACF,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAA4B;IACxD,IAAI,EAAE,qBAAqB;IAC3B,WAAW,EAAE,6DAA6D;IAC1E,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;IAC/B,UAAU,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,eAAe,CAAC,wBAAwB,EAAE,KAAK,CAAC;IACvE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAChC,MAAM,MAAM,GAAG,wBAAwB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACrD,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;QAChE,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,aAAa,CAAC;YACtD,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,eAAe,EAAE,MAAM,CAAC,eAAe;YACvC,OAAO,EAAE,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC;YAClC,SAAS,EAAE,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC;YACxC,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC,CAAC;QACH,OAAO;YACL,OAAO,EAAE,WAAW,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,GAAG;YAC1H,IAAI,EAAE;gBACJ,OAAO;aACR;SACF,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAA4B;IACxD,IAAI,EAAE,qBAAqB;IAC3B,WAAW,EAAE,mEAAmE;IAChF,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;IAC/B,UAAU,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,eAAe,CAAC,wBAAwB,EAAE,KAAK,CAAC;IACvE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAChC,MAAM,MAAM,GAAG,wBAAwB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACrD,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;QAChE,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,aAAa,CAAC;YACtD,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS;YAC/D,SAAS,EAAE,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC;YACxC,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC,CAAC;QACH,OAAO;YACL,OAAO,EAAE,WAAW,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,GAAG;YAC1H,IAAI,EAAE;gBACJ,OAAO;aACR;SACF,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,gBAAgB,EAAE,cAAc,EAAE,iBAAiB,EAAE,iBAAiB,CAAU,CAAC"}

package/dist/tools/workflows/workflowTools.d.ts

@@ -0,0 +1,6 @@
+import type { ToolDefinition } from "../../domain/contracts.js";
+export declare const listWorkflowsTool: ToolDefinition<unknown>;
+export declare const getWorkflowTool: ToolDefinition<unknown>;
+export declare const createWorkflowTool: ToolDefinition<unknown>;
+export declare const updateWorkflowTool: ToolDefinition<unknown>;
+export declare const workflowTools: readonly [ToolDefinition<unknown>, ToolDefinition<unknown>, ToolDefinition<unknown>, ToolDefinition<unknown>];

package/dist/tools/workflows/workflowTools.js

@@ -0,0 +1,106 @@
+import { z } from "zod";
+import { assertWriteSafe, parseWithSchema } from "../common.js";
+const ListWorkflowsInputSchema = z
+    .object({
+    limit: z.number().int().positive().max(100).default(25)
+})
+    .strict();
+const GetWorkflowInputSchema = z
+    .object({
+    name: z.string().trim().min(1)
+})
+    .strict();
+const CreateWorkflowInputSchema = z
+    .object({
+    name: z.string().trim().min(1),
+    description: z.string().trim().max(1024).optional(),
+    maxConcurrentRuns: z.number().int().positive().max(100).optional(),
+    defaultRunProperties: z.record(z.string(), z.string()).optional(),
+    dryRun: z.boolean().optional()
+})
+    .strict();
+const UpdateWorkflowInputSchema = z
+    .object({
+    name: z.string().trim().min(1),
+    description: z.string().trim().max(1024).optional(),
+    maxConcurrentRuns: z.number().int().positive().max(100).optional(),
+    defaultRunProperties: z.record(z.string(), z.string()).optional(),
+    dryRun: z.boolean().optional()
+})
+    .strict()
+    .refine((input) => input.description !== undefined ||
+    input.maxConcurrentRuns !== undefined ||
+    input.defaultRunProperties !== undefined, "At least one mutable field is required for update.");
+export const listWorkflowsTool = {
+    name: "glue_list_workflows",
+    description: "List AWS Glue workflows with controlled result size.",
+    inputSchema: { type: "object", properties: { limit: { type: "integer" } } },
+    parseInput: (input) => parseWithSchema(ListWorkflowsInputSchema, input),
+    execute: async (context, input) => {
+        const parsed = ListWorkflowsInputSchema.parse(input);
+        const workflows = await context.glueService.listWorkflows(parsed.limit);
+        return {
+            summary: `Retrieved ${workflows.length} workflow names.`,
+            data: {
+                workflows
+            }
+        };
+    }
+};
+export const getWorkflowTool = {
+    name: "glue_get_workflow",
+    description: "Get a Glue workflow view suitable for operational diagnostics.",
+    inputSchema: { type: "object", properties: { name: { type: "string" } }, required: ["name"] },
+    parseInput: (input) => parseWithSchema(GetWorkflowInputSchema, input),
+    execute: async (context, input) => {
+        const parsed = GetWorkflowInputSchema.parse(input);
+        const workflow = await context.glueService.getWorkflow(parsed.name);
+        return {
+            summary: `Workflow ${parsed.name} loaded.`,
+            data: {
+                workflow
+            }
+        };
+    }
+};
+export const createWorkflowTool = {
+    name: "glue_create_workflow",
+    description: "Create a Glue workflow under strict prefix and payload safety constraints.",
+    inputSchema: { type: "object" },
+    parseInput: (input) => parseWithSchema(CreateWorkflowInputSchema, input),
+    execute: async (context, input) => {
+        const parsed = CreateWorkflowInputSchema.parse(input);
+        assertWriteSafe(context.config, parsed.name, "workflow", parsed);
+        const workflow = await context.glueService.createWorkflow(parsed);
+        return {
+            summary: `Workflow ${parsed.name} ${parsed.dryRun ?? context.config.dryRunByDefault ? "validated in dry-run" : "created"}.`,
+            data: {
+                workflow
+            }
+        };
+    }
+};
+export const updateWorkflowTool = {
+    name: "glue_update_workflow",
+    description: "Safely update selected fields on an existing Glue workflow.",
+    inputSchema: { type: "object" },
+    parseInput: (input) => parseWithSchema(UpdateWorkflowInputSchema, input),
+    execute: async (context, input) => {
+        const parsed = UpdateWorkflowInputSchema.parse(input);
+        assertWriteSafe(context.config, parsed.name, "workflow", parsed);
+        const workflow = await context.glueService.updateWorkflow(parsed);
+        return {
+            summary: `Workflow ${parsed.name} ${parsed.dryRun ?? context.config.dryRunByDefault ? "validated in dry-run" : "updated"}.`,
+            data: {
+                workflow
+            }
+        };
+    }
+};
+export const workflowTools = [
+    listWorkflowsTool,
+    getWorkflowTool,
+    createWorkflowTool,
+    updateWorkflowTool
+];
+//# sourceMappingURL=workflowTools.js.map

package/dist/tools/workflows/workflowTools.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"workflowTools.js","sourceRoot":"","sources":["../../../src/tools/workflows/workflowTools.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAEhE,MAAM,wBAAwB,GAAG,CAAC;KAC/B,MAAM,CAAC;IACN,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;CACxD,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,sBAAsB,GAAG,CAAC;KAC7B,MAAM,CAAC;IACN,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CAC/B,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,yBAAyB,GAAG,CAAC;KAChC,MAAM,CAAC;IACN,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;IACnD,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IAClE,oBAAoB,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACjE,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC/B,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,yBAAyB,GAAG,CAAC;KAChC,MAAM,CAAC;IACN,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;IACnD,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IAClE,oBAAoB,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACjE,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC/B,CAAC;KACD,MAAM,EAAE;KACR,MAAM,CACL,CAAC,KAAK,EAAE,EAAE,CACR,KAAK,CAAC,WAAW,KAAK,SAAS;IAC/B,KAAK,CAAC,iBAAiB,KAAK,SAAS;IACrC,KAAK,CAAC,oBAAoB,KAAK,SAAS,EAC1C,oDAAoD,CACrD,CAAC;AAEJ,MAAM,CAAC,MAAM,iBAAiB,GAA4B;IACxD,IAAI,EAAE,qBAAqB;IAC3B,WAAW,EAAE,sDAAsD;IACnE,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE;IAC3E,UAAU,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,eAAe,CAAC,wBAAwB,EAAE,KAAK,CAAC;IACvE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAChC,MAAM,MAAM,GAAG,wBAAwB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACrD,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACxE,OAAO;YACL,OAAO,EAAE,aAAa,SAAS,CAAC,MAAM,kBAAkB;YACxD,IAAI,EAAE;gBACJ,SAAS;aACV;SACF,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAA4B;IACtD,IAAI,EAAE,mBAAmB;IACzB,WAAW,EAAE,gEAAgE;IAC7E,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,MAAM,CAAC,EAAE;IAC7F,UAAU,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,eAAe,CAAC,sBAAsB,EAAE,KAAK,CAAC;IACrE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAChC,MAAM,MAAM,GAAG,sBAAsB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACnD,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACpE,OAAO;YACL,OAAO,EAAE,YAAY,MAAM,CAAC,IAAI,UAAU;YAC1C,IAAI,EAAE;gBACJ,QAAQ;aACT;SACF,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,kBAAkB,GAA4B;IACzD,IAAI,EAAE,sBAAsB;IAC5B,WAAW,EAAE,4EAA4E;IACzF,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;IAC/B,UAAU,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,eAAe,CAAC,yBAAyB,EAAE,KAAK,CAAC;IACxE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAChC,MAAM,MAAM,GAAG,yBAAyB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACtD,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;QACjE,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAClE,OAAO;YACL,OAAO,EAAE,YAAY,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,GAAG;YAC3H,IAAI,EAAE;gBACJ,QAAQ;aACT;SACF,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,kBAAkB,GAA4B;IACzD,IAAI,EAAE,sBAAsB;IAC5B,WAAW,EAAE,6DAA6D;IAC1E,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;IAC/B,UAAU,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,eAAe,CAAC,yBAAyB,EAAE,KAAK,CAAC;IACxE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAChC,MAAM,MAAM,GAAG,yBAAyB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACtD,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;QACjE,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAClE,OAAO;YACL,OAAO,EAAE,YAAY,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,GAAG;YAC3H,IAAI,EAAE;gBACJ,QAAQ;aACT;SACF,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,iBAAiB;IACjB,eAAe;IACf,kBAAkB;IAClB,kBAAkB;CACV,CAAC"}

package/dist/utils/sanitize.d.ts

@@ -0,0 +1,4 @@
+import { GluePluginError } from "../errors/glueErrors.js";
+export declare const sanitizeMessage: (message: string) => string;
+export declare const toSanitizedError: (error: unknown) => GluePluginError;
+export declare const hasPotentialSecret: (value: unknown) => boolean;

package/dist/utils/sanitize.js

@@ -0,0 +1,34 @@
+import { GluePluginError, RemoteServiceError } from "../errors/glueErrors.js";
+const SECRET_PATTERN = /\b(password|passwd|token|secret|api[_-]?key|client[_-]?secret|private[_-]?key|authorization)\b/i;
+const normalizeErrorMessage = (message) => message.replace(/[^\x20-\x7E]/g, "").slice(0, 300);
+const scrubSecretsFromText = (text) => text
+    .split(/\s+/)
+    .map((chunk) => (SECRET_PATTERN.test(chunk) ? "[REDACTED]" : chunk))
+    .join(" ");
+export const sanitizeMessage = (message) => scrubSecretsFromText(normalizeErrorMessage(message));
+export const toSanitizedError = (error) => {
+    if (error instanceof GluePluginError) {
+        return error;
+    }
+    if (error instanceof Error) {
+        return new RemoteServiceError(sanitizeMessage(error.message), undefined, error);
+    }
+    return new RemoteServiceError("Unexpected remote error.");
+};
+export const hasPotentialSecret = (value) => {
+    if (typeof value === "string") {
+        return SECRET_PATTERN.test(value);
+    }
+    if (Array.isArray(value)) {
+        return value.some((item) => hasPotentialSecret(item));
+    }
+    if (value && typeof value === "object") {
+        for (const [key, objectValue] of Object.entries(value)) {
+            if (SECRET_PATTERN.test(key) || hasPotentialSecret(objectValue)) {
+                return true;
+            }
+        }
+    }
+    return false;
+};
+//# sourceMappingURL=sanitize.js.map

package/dist/utils/sanitize.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitize.js","sourceRoot":"","sources":["../../src/utils/sanitize.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE9E,MAAM,cAAc,GAClB,iGAAiG,CAAC;AAEpG,MAAM,qBAAqB,GAAG,CAAC,OAAe,EAAU,EAAE,CACxD,OAAO,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AAErD,MAAM,oBAAoB,GAAG,CAAC,IAAY,EAAU,EAAE,CACpD,IAAI;KACD,KAAK,CAAC,KAAK,CAAC;KACZ,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;KACnE,IAAI,CAAC,GAAG,CAAC,CAAC;AAEf,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAe,EAAU,EAAE,CACzD,oBAAoB,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC,CAAC;AAEvD,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,KAAc,EAAmB,EAAE;IAClE,IAAI,KAAK,YAAY,eAAe,EAAE,CAAC;QACrC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;QAC3B,OAAO,IAAI,kBAAkB,CAAC,eAAe,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;IAClF,CAAC;IACD,OAAO,IAAI,kBAAkB,CAAC,0BAA0B,CAAC,CAAC;AAC5D,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,KAAc,EAAW,EAAE;IAC5D,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACpC,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC;IACxD,CAAC;IACD,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvC,KAAK,MAAM,CAAC,GAAG,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACvD,IAAI,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAAC;gBAChE,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC,CAAC"}

package/docs/architecture.md

@@ -0,0 +1,33 @@
+# Architecture
+
+## Design Goals
+- Clean and modular runtime for controlled AWS Glue operations.
+- Explicit separation of plugin runtime, configuration, services, tools, guards, and skill companion.
+- Fail-closed defaults for configuration and write operations.
+
+## Module Boundaries
+- `src/openclawEntry.ts`: official OpenClaw plugin SDK entrypoint (`definePluginEntry`) and tool registration (`api.registerTool`).
+- `openclaw.plugin.json`: plugin manifest (`id`, `configSchema`, `contracts`, `skills`).
+- `src/runtime/pluginRuntime.ts`: runtime entrypoint, manifest wiring, dispatch.
+- `src/config/schema.ts`: canonical config model + OpenClaw JSON schema derivation source.
+- `src/config/loadConfig.ts`: config precedence resolution (`OpenClaw > env > defaults`) + fail-closed validation.
+- `src/client/*`: AWS SDK client creation.
+- `src/services/glueService.ts`: AWS Glue adapter, safe update semantics, output shaping.
+- `src/tools/*`: tool definitions and input contracts.
+- `src/guards/*`: write-surface restrictions and payload safety checks.
+- `src/errors/*`: typed error hierarchy for stable operator behavior.
+- `skills/kansodata-glue-operator/*`: operational governance for agent usage.
+
+## Call Flow
+1. OpenClaw loads extension from `package.json.openclaw.extensions`.
+2. `src/openclawEntry.ts` registers plugin tools using official SDK APIs.
+3. Runtime resolves config with explicit precedence (`OpenClaw -> env -> defaults`) and strict validation.
+4. Tool dispatch validates input with schema.
+5. Guards enforce secrets/prefix/read-before-write constraints.
+6. Service executes SDK call (or dry-run projection).
+7. Output is normalized into concise operational structures.
+8. Errors are sanitized and mapped to typed categories.
+
+## Scalability Path
+- V2 can add read-only Job/Crawler diagnostics as new tools without touching write guardrails.
+- V3 can add controlled write operations via new service methods + dedicated guards per resource type.

package/docs/roadmap.md

@@ -0,0 +1,23 @@
+# Roadmap
+
+## V1 (Current)
+- OpenClaw plugin bootstrap with strict TS architecture.
+- Controlled write subset:
+  - workflows: create/update
+  - triggers: create/update
+- Catalog diagnostics:
+  - table metadata
+  - partition samples
+  - partitioning explanation for `from_catalog` / `push_down_predicate`.
+- Companion operator skill + hardening docs + unit tests.
+
+## V2 (Planned)
+- Read-only diagnostics for Glue Jobs and Crawlers.
+- Richer workflow/trigger explainers (graph consistency checks, trigger chain hints).
+- Expanded rule set for catalog quality checks.
+- Optional integration tests in isolated environment.
+
+## V3 (Planned)
+- Controlled write operations for Jobs/Crawlers with dedicated guardrails.
+- Change-plan preview and approval token flow.
+- Policy packs per environment/team (dev/stage/prod).

package/docs/rollback.md

@@ -0,0 +1,34 @@
+# Rollback Plan
+
+## Scope
+Rollback for the V1 atomic correction that:
+- narrows `glue_update_trigger` mutable fields to AWS-supported update fields,
+- replaces custom runtime wiring with an official OpenClaw SDK entrypoint,
+- aligns manifest/package skill discovery metadata,
+- makes build clean script portable,
+- aligns OpenClaw declared config schema with runtime-effective config precedence.
+
+## Rollback Procedure
+
+### After push (preferred)
+1. Identify the correction commit SHA.
+2. Revert it with a non-destructive commit:
+   - `git revert <commit-sha>`
+3. Run validations:
+   - `npm run lint`
+   - `npm run typecheck`
+   - `npm run build`
+   - `npm test`
+4. Push revert commit.
+
+### Before push
+1. Inspect local diff: `git status`.
+2. Restore only files touched by this iteration:
+   - `git restore <file...>`
+3. Re-run validations.
+
+## Functional Guardrails During Rollback Window
+- Keep `dryRunByDefault=true`.
+- Keep `enforcePrefixAllowlist=true` and non-empty prefix list.
+- Do not expand write surface beyond V1 workflows/triggers.
+- Keep config resolution fail-closed when region is absent or allowlist enforcement is unsafe.

package/docs/threat-model.md

@@ -0,0 +1,31 @@
+# Threat Model (V1)
+
+## Protected Assets
+- AWS Glue orchestration state (workflows/triggers).
+- Glue Catalog metadata quality used by ETL diagnostics.
+- AWS credentials and sensitive payload fragments.
+
+## Main Threats
+1. Unauthorized or accidental writes outside intended resource namespace.
+2. Secret leakage through tool input/output or error surfaces.
+3. Unsafe updates that override existing definitions blindly.
+4. Ambiguous operations executed without sufficient baseline state.
+5. Excessive data exposure from raw AWS API payloads.
+
+## Hardening Decisions
+- Prefix allowlist enforcement available and enabled by default.
+- Dry-run enabled by default.
+- Secret-like payload detection blocks operations (fail-closed).
+- Update operations require read-before-write path and limited mutable fields.
+- Structured error sanitization and redaction.
+- Tool responses emit summarized, shaped objects only.
+
+## Residual Risks
+- Existing Glue definitions may already include risky defaults outside plugin control.
+- IAM policy drift can still break operations at runtime.
+- Semantic correctness of user intent still depends on operator input quality.
+
+## Compensating Controls
+- Use companion skill mandatory sequence (`read -> plan -> validate -> apply -> verify`).
+- Keep writes scoped by naming conventions and explicit allowlist.
+- Prefer dry-run during initial rollout in each environment.