@kya-os/mcp-i 1.7.13 → 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (51) hide show
  1. package/dist/114.js +1 -0
  2. package/dist/139.js +1 -0
  3. package/dist/200.js +1 -0
  4. package/dist/202.js +1 -0
  5. package/dist/238.js +1 -0
  6. package/dist/263.js +1 -0
  7. package/dist/294.js +1 -0
  8. package/dist/295.js +1 -1
  9. package/dist/374.js +1 -0
  10. package/dist/529.js +1 -0
  11. package/dist/627.js +1 -0
  12. package/dist/644.js +1 -0
  13. package/dist/669.js +1 -0
  14. package/dist/857.js +1 -0
  15. package/dist/866.js +1 -1
  16. package/dist/{941.js → 966.js} +1 -1
  17. package/dist/997.js +1 -0
  18. package/dist/providers/node-providers.d.ts +1 -1
  19. package/dist/providers/node-providers.js +2 -2
  20. package/dist/runtime/adapter-express.js +6 -6
  21. package/dist/runtime/adapter-nextjs.js +6 -6
  22. package/dist/runtime/auth-handshake.d.ts +4 -159
  23. package/dist/runtime/auth-handshake.js +8 -249
  24. package/dist/runtime/http.js +6 -6
  25. package/dist/runtime/mcpi-runtime.d.ts +4 -0
  26. package/dist/runtime/mcpi-runtime.js +58 -43
  27. package/dist/runtime/outbound-delegation.d.ts +34 -0
  28. package/dist/runtime/outbound-delegation.js +134 -0
  29. package/dist/runtime/proof.d.ts +13 -88
  30. package/dist/runtime/proof.js +11 -225
  31. package/dist/runtime/request-context.d.ts +41 -0
  32. package/dist/runtime/request-context.js +48 -0
  33. package/dist/runtime/session.d.ts +13 -104
  34. package/dist/runtime/session.js +31 -267
  35. package/dist/runtime/stdio.js +6 -6
  36. package/dist/runtime/utils/tools.js +17 -3
  37. package/package.json +18 -18
  38. package/dist/207.js +0 -1
  39. package/dist/25.js +0 -1
  40. package/dist/360.js +0 -1
  41. package/dist/387.js +0 -1
  42. package/dist/406.js +0 -1
  43. package/dist/448.js +0 -1
  44. package/dist/478.js +0 -1
  45. package/dist/575.js +0 -1
  46. package/dist/67.js +0 -1
  47. package/dist/743.js +0 -1
  48. package/dist/784.js +0 -1
  49. package/dist/844.js +0 -1
  50. package/dist/936.js +0 -1
  51. package/dist/988.js +0 -1
package/dist/374.js ADDED
@@ -0,0 +1 @@
1
+ "use strict";exports.id=374,exports.ids=[374],exports.modules={37374:(e,t,r)=>{r.d(t,{CreateOAuth2TokenCommand:()=>kt,SigninClient:()=>St});var s=r(97040),n=r(74534),o=r(70775),i=r(86693),a=r(66575),c=r(94615),p=r(45326),u=r(9575),d=r(68249),h=r(75279),l=r(10860),g=r(39412),m=r(72084),f=r(10773),y=r(9942),S=r(63089),v=r(45547),P=r(81974);const k=async(e,t,r)=>({operation:(0,v.u)(t).operation,region:await(0,P.t)(e.region)()||(()=>{throw new Error("expected `region` to be configured for `aws.auth#sigv4`")})()}),E=e=>{const t=[];return"CreateOAuth2Token"===e.operation?t.push({schemeId:"smithy.api#noAuth"}):t.push(function(e){return{schemeId:"aws.auth#sigv4",signingProperties:{name:"signin",region:e.region},propertiesExtractor:(e,t)=>({signingProperties:{config:e,context:t}})}}(e)),t},A={UseFIPS:{type:"builtInParams",name:"useFipsEndpoint"},Endpoint:{type:"builtInParams",name:"endpoint"},Region:{type:"builtInParams",name:"region"},UseDualStack:{type:"builtInParams",name:"useDualstackEndpoint"}};var I=r(90966),x=r(10706),w=r(56232),b=r(60803),O=r(52005),R=r(96901),D=r(24661),T=r(46109),C=r(5012),F=r(7387),U=r(24176),$=r(64327),q=r(34338),j=r(57815),z=r(55425),M=r(99816),V=r(48828),H=r(70868),Z=r(80843),K=r(14433),N=r(3761),B=r(67933),L=r(12544),G=r(39181),Y=r(40935),J=r(2914),Q=r(53037),W=r(48105),X=r(1034),_=r(7856);const ee="required",te="fn",re="argv",se="ref",ne=!0,oe="isSet",ie="booleanEquals",ae="error",ce="endpoint",pe="tree",ue="PartitionResult",de="stringEquals",he={[ee]:!0,default:!1,type:"boolean"},le={[ee]:!1,type:"string"},ge={[se]:"Endpoint"},me={[te]:ie,[re]:[{[se]:"UseFIPS"},!0]},fe={[te]:ie,[re]:[{[se]:"UseDualStack"},!0]},ye={},Se={[te]:"getAttr",[re]:[{[se]:ue},"name"]},ve={[te]:ie,[re]:[{[se]:"UseFIPS"},!1]},Pe={[te]:ie,[re]:[{[se]:"UseDualStack"},!1]},ke={[te]:"getAttr",[re]:[{[se]:ue},"supportsFIPS"]},Ee={[te]:ie,[re]:[!0,{[te]:"getAttr",[re]:[{[se]:ue},"supportsDualStack"]}]},Ae=[{[se]:"Region"}],Ie={version:"1.0",parameters:{UseDualStack:he,UseFIPS:he,Endpoint:le,Region:le},rules:[{conditions:[{[te]:oe,[re]:[ge]}],rules:[{conditions:[me],error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:ae},{rules:[{conditions:[fe],error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:ae},{endpoint:{url:ge,properties:ye,headers:ye},type:ce}],type:pe}],type:pe},{rules:[{conditions:[{[te]:oe,[re]:Ae}],rules:[{conditions:[{[te]:"aws.partition",[re]:Ae,assign:ue}],rules:[{conditions:[{[te]:de,[re]:[Se,"aws"]},ve,Pe],endpoint:{url:"https://{Region}.signin.aws.amazon.com",properties:ye,headers:ye},type:ce},{conditions:[{[te]:de,[re]:[Se,"aws-cn"]},ve,Pe],endpoint:{url:"https://{Region}.signin.amazonaws.cn",properties:ye,headers:ye},type:ce},{conditions:[{[te]:de,[re]:[Se,"aws-us-gov"]},ve,Pe],endpoint:{url:"https://{Region}.signin.amazonaws-us-gov.com",properties:ye,headers:ye},type:ce},{conditions:[me,fe],rules:[{conditions:[{[te]:ie,[re]:[ne,ke]},Ee],rules:[{endpoint:{url:"https://signin-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:ye,headers:ye},type:ce}],type:pe},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:ae}],type:pe},{conditions:[me,Pe],rules:[{conditions:[{[te]:ie,[re]:[ke,ne]}],rules:[{endpoint:{url:"https://signin-fips.{Region}.{PartitionResult#dnsSuffix}",properties:ye,headers:ye},type:ce}],type:pe},{error:"FIPS is enabled but this partition does not support FIPS",type:ae}],type:pe},{conditions:[ve,fe],rules:[{conditions:[Ee],rules:[{endpoint:{url:"https://signin.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:ye,headers:ye},type:ce}],type:pe},{error:"DualStack is enabled but this partition does not support DualStack",type:ae}],type:pe},{endpoint:{url:"https://signin.{Region}.{PartitionResult#dnsSuffix}",properties:ye,headers:ye},type:ce}],type:pe}],type:pe},{error:"Invalid Configuration: Missing Region",type:ae}],type:pe}]},xe=new W.k({size:50,params:["Endpoint","Region","UseDualStack","UseFIPS"]}),we=(e,t={})=>xe.get(e,()=>(0,X.s)(Ie,{endpointParams:e,logger:t.logger}));_.m.aws=Q.UF;var be=r(51453),Oe=r(6723);class Re extends Oe.T{constructor(e){super(e),Object.setPrototypeOf(this,Re.prototype)}}class De extends Re{name="AccessDeniedException";$fault="client";error;constructor(e){super({name:"AccessDeniedException",$fault:"client",...e}),Object.setPrototypeOf(this,De.prototype),this.error=e.error}}class Te extends Re{name="InternalServerException";$fault="server";error;constructor(e){super({name:"InternalServerException",$fault:"server",...e}),Object.setPrototypeOf(this,Te.prototype),this.error=e.error}}class Ce extends Re{name="TooManyRequestsError";$fault="client";error;constructor(e){super({name:"TooManyRequestsError",$fault:"client",...e}),Object.setPrototypeOf(this,Ce.prototype),this.error=e.error}}class Fe extends Re{name="ValidationException";$fault="client";error;constructor(e){super({name:"ValidationException",$fault:"client",...e}),Object.setPrototypeOf(this,Fe.prototype),this.error=e.error}}const Ue="accessKeyId",$e="accessToken",qe="client",je="clientId",ze="codeVerifier",Me="error",Ve="expiresIn",He="grantType",Ze="http",Ke="httpError",Ne="idToken",Be="jsonName",Le="message",Ge="refreshToken",Ye="redirectUri",Je="smithy.ts.sdk.synthetic.com.amazonaws.signin",Qe="secretAccessKey",We="sessionToken",Xe="tokenType",_e="com.amazonaws.signin",et=be.O.for(Je);var tt=[-3,Je,"SigninServiceException",0,[],[]];et.registerError(tt,Re);const rt=be.O.for(_e);var st=[-3,_e,"AccessDeniedException",{[Me]:qe},[Me,Le],[0,0],2];rt.registerError(st,De);var nt=[-3,_e,"InternalServerException",{[Me]:"server",[Ke]:500},[Me,Le],[0,0],2];rt.registerError(nt,Te);var ot=[-3,_e,"TooManyRequestsError",{[Me]:qe,[Ke]:429},[Me,Le],[0,0],2];rt.registerError(ot,Ce);var it=[-3,_e,"ValidationException",{[Me]:qe,[Ke]:400},[Me,Le],[0,0],2];rt.registerError(it,Fe);const at=[et,rt];var ct=[0,_e,"RefreshToken",8,0],pt=[3,_e,"AccessToken",8,[Ue,Qe,We],[[0,{[Be]:Ue}],[0,{[Be]:Qe}],[0,{[Be]:We}]],3],ut=[3,_e,"CreateOAuth2TokenRequest",0,["tokenInput"],[[()=>dt,16]],1],dt=[3,_e,"CreateOAuth2TokenRequestBody",0,[je,He,"code",Ye,ze,Ge],[[0,{[Be]:je}],[0,{[Be]:He}],0,[0,{[Be]:Ye}],[0,{[Be]:ze}],[()=>ct,{[Be]:Ge}]],2],ht=[3,_e,"CreateOAuth2TokenResponse",0,["tokenOutput"],[[()=>lt,16]],1],lt=[3,_e,"CreateOAuth2TokenResponseBody",0,[$e,Xe,Ve,Ge,Ne],[[()=>pt,{[Be]:$e}],[0,{[Be]:Xe}],[1,{[Be]:Ve}],[()=>ct,{[Be]:Ge}],[0,{[Be]:Ne}]],4],gt=[9,_e,"CreateOAuth2Token",{[Ze]:["POST","/v1/token",200]},()=>ut,()=>ht];var mt=r(93673),ft=r(78646),yt=r(18081);class St extends y.K{config;constructor(...[e]){const t=(e=>{(0,q.I)(process.version);const t=(0,M.I)(e),r=()=>t().then(j.l),s=(e=>({apiVersion:"2023-01-01",base64Decoder:e?.base64Decoder??L.E,base64Encoder:e?.base64Encoder??G.n,disableHostPrefix:e?.disableHostPrefix??!1,endpointProvider:e?.endpointProvider??we,extensions:e?.extensions??[],httpAuthSchemeProvider:e?.httpAuthSchemeProvider??E,httpAuthSchemes:e?.httpAuthSchemes??[{schemeId:"aws.auth#sigv4",identityProvider:e=>e.getIdentityProvider("aws.auth#sigv4"),signer:new H.f2},{schemeId:"smithy.api#noAuth",identityProvider:e=>e.getIdentityProvider("smithy.api#noAuth")||(async()=>({})),signer:new K.m}],logger:e?.logger??new N.N,protocol:e?.protocol??Z.Y,protocolSettings:e?.protocolSettings??{defaultNamespace:"com.amazonaws.signin",errorTypeRegistries:at,version:"2023-01-01",serviceTarget:"Signin"},serviceId:e?.serviceId??"Signin",urlParser:e?.urlParser??B.D,utf8Decoder:e?.utf8Decoder??Y.a,utf8Encoder:e?.utf8Encoder??J.P}))(e);(0,x.I)(process.version);const n={profile:e?.profile,logger:s.logger};return{...s,...e,runtime:"node",defaultsMode:t,authSchemePreference:e?.authSchemePreference??(0,F.Z)(w.$,n),bodyLengthChecker:e?.bodyLengthChecker??z.n,defaultUserAgentProvider:e?.defaultUserAgentProvider??(0,b.pf)({serviceId:s.serviceId,clientVersion:I.rE}),maxAttempts:e?.maxAttempts??(0,F.Z)(m.qs,e),region:e?.region??(0,F.Z)(R.GG,{...R.zH,...n}),requestHandler:U.$.create(e?.requestHandler??r),retryMode:e?.retryMode??(0,F.Z)({...m.kN,default:async()=>(await r()).retryMode||V.L0},e),sha256:e?.sha256??C.V.bind(null,"sha256"),streamCollector:e?.streamCollector??$.k,useDualstackEndpoint:e?.useDualstackEndpoint??(0,F.Z)(D.e$,n),useFipsEndpoint:e?.useFipsEndpoint??(0,F.Z)(T.Ko,n),userAgentAppId:e?.userAgentAppId??(0,F.Z)(O.hV,n)}})(e||{});super(t),this.initConfig=t;const r=(y=t,Object.assign(y,{useDualstackEndpoint:y.useDualstackEndpoint??!1,useFipsEndpoint:y.useFipsEndpoint??!1,defaultSigningName:"signin"}));var y;const v=(0,i.D)(r),A=(0,m.$z)(v),Q=(0,c.T)(A),W=(0,s.OV)(Q),X=((e,t)=>{const r=Object.assign((0,mt.R)(e),(0,yt.xA)(e),(0,ft.e)(e),(e=>{const t=e.httpAuthSchemes;let r=e.httpAuthSchemeProvider,s=e.credentials;return{setHttpAuthScheme(e){const r=t.findIndex(t=>t.schemeId===e.schemeId);-1===r?t.push(e):t.splice(r,1,e)},httpAuthSchemes:()=>t,setHttpAuthSchemeProvider(e){r=e},httpAuthSchemeProvider:()=>r,setCredentials(e){s=e},credentials:()=>s}})(e));return t.forEach(e=>e.configure(r)),Object.assign(e,(0,mt.$)(r),(0,yt.uv)(r),(0,ft.j)(r),{httpAuthSchemes:(s=r).httpAuthSchemes(),httpAuthSchemeProvider:s.httpAuthSchemeProvider(),credentials:s.credentials()});var s})((e=>{const t=(0,S.h)(e);return Object.assign(t,{authSchemePreference:(0,P.t)(e.authSchemePreference??[])})})((0,g.C)(W)),e?.extensions||[]);this.config=X,this.middlewareStack.use((0,h.wq)(this.config)),this.middlewareStack.use((0,a.sM)(this.config)),this.middlewareStack.use((0,f.ey)(this.config)),this.middlewareStack.use((0,l.vK)(this.config)),this.middlewareStack.use((0,s.TC)(this.config)),this.middlewareStack.use((0,n.Y7)(this.config)),this.middlewareStack.use((0,o.n)(this.config)),this.middlewareStack.use((0,p.w)(this.config,{httpAuthSchemeParametersProvider:k,identityProviderConfigProvider:async e=>new u.h({"aws.auth#sigv4":e.credentials})})),this.middlewareStack.use((0,d.l)(this.config))}destroy(){super.destroy()}}var vt=r(66686),Pt=r(22869);class kt extends(Pt.u.classBuilder().ep(A).m(function(e,t,r,s){return[(0,vt.r)(r,e.getEndpointParameterInstructions())]}).s("Signin","CreateOAuth2Token",{}).n("SigninClient","CreateOAuth2TokenCommand").sc(gt).build()){}},90966:e=>{e.exports={rE:"3.990.0"}}};
package/dist/529.js ADDED
@@ -0,0 +1 @@
1
+ "use strict";exports.id=529,exports.ids=[529],exports.modules={28226:(e,n,o)=>{o.d(n,{C:()=>s});var r=o(76982),t=o(16928),i=o(14581);const s=e=>{const n=(0,r.createHash)("sha1").update(e).digest("hex");return(0,t.join)((0,i.R)(),".aws","sso","cache",`${n}.json`)}},34529:(e,n,o)=>{o.d(n,{fromTokenFile:()=>d});var r=o(3748),t=o(43281),i=o(70737),s=o(79896);const a="AWS_WEB_IDENTITY_TOKEN_FILE",d=(e={})=>async n=>{e.logger?.debug("@aws-sdk/credential-provider-web-identity - fromTokenFile");const d=e?.webIdentityTokenFile??process.env[a],c=e?.roleArn??process.env.AWS_ROLE_ARN,l=e?.roleSessionName??process.env.AWS_ROLE_SESSION_NAME;if(!d||!c)throw new t.C("Web identity configuration not specified",{logger:e.logger});const g=await(e=>async n=>{e.logger?.debug("@aws-sdk/credential-provider-web-identity - fromWebToken");const{roleArn:r,roleSessionName:t,webIdentityToken:i,providerId:s,policyArns:a,policy:d,durationSeconds:c}=e;let{roleAssumerWithWebIdentity:l}=e;if(!l){const{getDefaultRoleAssumerWithWebIdentity:r}=await o.e(200).then(o.bind(o,6200));l=r({...e.clientConfig,credentialProviderLogger:e.logger,parentClientConfig:{...n?.callerClientConfig,...e.parentClientConfig}},e.clientPlugins)}return l({RoleArn:r,RoleSessionName:t??`aws-sdk-js-session-${Date.now()}`,WebIdentityToken:i,ProviderId:s,PolicyArns:a,Policy:d,DurationSeconds:c})})({...e,webIdentityToken:i.Z?.getTokenRecord?.()[d]??(0,s.readFileSync)(d,{encoding:"ascii"}),roleArn:c,roleSessionName:l})(n);return d===process.env[a]&&(0,r.g)(g,"CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN","h"),g}},70737:(e,n,o)=>{o.d(n,{Z:()=>i});var r=o(78405),t=o(35789);const i={getFileRecord:()=>t.Jj,interceptFile(e,n){t.Jj[e]=Promise.resolve(n)},getTokenRecord:()=>r.a,interceptToken(e,n){r.a[e]=n}}},78405:(e,n,o)=>{o.d(n,{a:()=>i,v:()=>s});var r=o(91943),t=o(28226);const i={},s=async e=>{if(i[e])return i[e];const n=(0,t.C)(e),o=await(0,r.readFile)(n,"utf8");return JSON.parse(o)}}};
package/dist/627.js ADDED
@@ -0,0 +1 @@
1
+ "use strict";exports.id=627,exports.ids=[627],exports.modules={32410:(e,t,n)=>{n.d(t,{Y:()=>o});var r=n(13770);const o=async e=>{const t=await(0,r.p)(e);return((...e)=>{const t={};for(const n of e)for(const[e,r]of Object.entries(n))void 0!==t[e]?Object.assign(t[e],r):t[e]=r;return t})(t.configFile,t.credentialsFile)}},93008:(e,t,n)=>{n.d(t,{fromIni:()=>k});var r=n(32410),o=n(98229),i=n(43281),s=n(3748),a=n(53433);const c=e=>(0,s.g)(e,"CREDENTIALS_PROFILE_NAMED_PROVIDER","p"),l=e=>!e.role_arn&&!!e.credential_source;var g=n(81781),d=n(35789),f=n(77598),u=n(73024),p=n(48161),h=n(76760);class _{profileData;init;callerClientConfig;static REFRESH_THRESHOLD=3e5;constructor(e,t,n){this.profileData=e,this.init=t,this.callerClientConfig=n}async loadCredentials(){const e=await this.loadToken();if(!e)throw new i.C(`Failed to load a token for session ${this.loginSession}, please re-authenticate using aws login`,{tryNextLink:!1,logger:this.logger});const t=e.accessToken,n=Date.now();return new Date(t.expiresAt).getTime()-n<=_.REFRESH_THRESHOLD?this.refresh(e):{accessKeyId:t.accessKeyId,secretAccessKey:t.secretAccessKey,sessionToken:t.sessionToken,accountId:t.accountId,expiration:new Date(t.expiresAt)}}get logger(){return this.init?.logger}get loginSession(){return this.profileData.login_session}async refresh(e){const{SigninClient:t,CreateOAuth2TokenCommand:r}=await Promise.all([n.e(139),n.e(374)]).then(n.bind(n,37374)),{logger:o,userAgentAppId:s}=this.callerClientConfig??{},a=(e=>"h2"===e?.metadata?.handlerProtocol)(this.callerClientConfig?.requestHandler)?void 0:this.callerClientConfig?.requestHandler,c=new t({credentials:{accessKeyId:"",secretAccessKey:""},region:this.profileData.region??await(this.callerClientConfig?.region?.())??process.env.AWS_REGION,requestHandler:a,logger:o,userAgentAppId:s,...this.init?.clientConfig});this.createDPoPInterceptor(c.middlewareStack);const l={tokenInput:{clientId:e.clientId,refreshToken:e.refreshToken,grantType:"refresh_token"}};try{const t=await c.send(new r(l)),{accessKeyId:n,secretAccessKey:o,sessionToken:s}=t.tokenOutput?.accessToken??{},{refreshToken:a,expiresIn:g}=t.tokenOutput??{};if(!(n&&o&&s&&a))throw new i.C("Token refresh response missing required fields",{logger:this.logger,tryNextLink:!1});const d=1e3*(g??900),f=new Date(Date.now()+d),u={...e,accessToken:{...e.accessToken,accessKeyId:n,secretAccessKey:o,sessionToken:s,expiresAt:f.toISOString()},refreshToken:a};await this.saveToken(u);const p=u.accessToken;return{accessKeyId:p.accessKeyId,secretAccessKey:p.secretAccessKey,sessionToken:p.sessionToken,accountId:p.accountId,expiration:f}}catch(e){if("AccessDeniedException"===e.name){let t;switch(e.error){case"TOKEN_EXPIRED":t="Your session has expired. Please reauthenticate.";break;case"USER_CREDENTIALS_CHANGED":t="Unable to refresh credentials because of a change in your password. Please reauthenticate with your new password.";break;case"INSUFFICIENT_PERMISSIONS":t="Unable to refresh credentials due to insufficient permissions. You may be missing permission for the 'CreateOAuth2Token' action.";break;default:t=`Failed to refresh token: ${String(e)}. Please re-authenticate using \`aws login\``}throw new i.C(t,{logger:this.logger,tryNextLink:!1})}throw new i.C(`Failed to refresh token: ${String(e)}. Please re-authenticate using aws login`,{logger:this.logger})}}async loadToken(){const e=this.getTokenFilePath();try{let t;try{t=await(0,d.TA)(e,{ignoreCache:this.init?.ignoreCache})}catch{t=await u.promises.readFile(e,"utf8")}const n=JSON.parse(t),r=["accessToken","clientId","refreshToken","dpopKey"].filter(e=>!n[e]);if(n.accessToken?.accountId||r.push("accountId"),r.length>0)throw new i.C(`Token validation failed, missing fields: ${r.join(", ")}`,{logger:this.logger,tryNextLink:!1});return n}catch(t){throw new i.C(`Failed to load token from ${e}: ${String(t)}`,{logger:this.logger,tryNextLink:!1})}}async saveToken(e){const t=this.getTokenFilePath(),n=(0,h.dirname)(t);try{await u.promises.mkdir(n,{recursive:!0})}catch(e){}await u.promises.writeFile(t,JSON.stringify(e,null,2),"utf8")}getTokenFilePath(){const e=process.env.AWS_LOGIN_CACHE_DIRECTORY??(0,h.join)((0,p.homedir)(),".aws","login","cache"),t=Buffer.from(this.loginSession,"utf8"),n=(0,f.createHash)("sha256").update(t).digest("hex");return(0,h.join)(e,`${n}.json`)}derToRawSignature(e){let t=2;if(2!==e[t])throw new Error("Invalid DER signature");t++;const n=e[t++];let r=e.subarray(t,t+n);if(t+=n,2!==e[t])throw new Error("Invalid DER signature");t++;const o=e[t++];let i=e.subarray(t,t+o);r=0===r[0]?r.subarray(1):r,i=0===i[0]?i.subarray(1):i;const s=Buffer.concat([Buffer.alloc(32-r.length),r]),a=Buffer.concat([Buffer.alloc(32-i.length),i]);return Buffer.concat([s,a])}createDPoPInterceptor(e){e.add(e=>async t=>{if(g.K.isInstance(t.request)){const e=t.request,n=`${e.protocol}//${e.hostname}${e.port?`:${e.port}`:""}${e.path}`,r=await this.generateDpop(e.method,n);e.headers={...e.headers,DPoP:r}}return e(t)},{step:"finalizeRequest",name:"dpopInterceptor",override:!0})}async generateDpop(e="POST",t){const n=await this.loadToken();try{const r=(0,f.createPrivateKey)({key:n.dpopKey,format:"pem",type:"sec1"}),o=(0,f.createPublicKey)(r).export({format:"der",type:"spki"});let i=-1;for(let e=0;e<o.length;e++)if(4===o[e]){i=e;break}const s=o.slice(i+1,i+33),a=o.slice(i+33,i+65),c={alg:"ES256",typ:"dpop+jwt",jwk:{kty:"EC",crv:"P-256",x:s.toString("base64url"),y:a.toString("base64url")}},l={jti:crypto.randomUUID(),htm:e,htu:t,iat:Math.floor(Date.now()/1e3)},g=`${Buffer.from(JSON.stringify(c)).toString("base64url")}.${Buffer.from(JSON.stringify(l)).toString("base64url")}`,d=(0,f.sign)("sha256",Buffer.from(g),r);return`${g}.${this.derToRawSignature(d).toString("base64url")}`}catch(e){throw new i.C(`Failed to generate Dpop proof: ${e instanceof Error?e.message:String(e)}`,{logger:this.logger,tryNextLink:!1})}}}const y=e=>Boolean(e)&&"object"==typeof e&&"string"==typeof e.aws_access_key_id&&"string"==typeof e.aws_secret_access_key&&["undefined","string"].indexOf(typeof e.aws_session_token)>-1&&["undefined","string"].indexOf(typeof e.aws_account_id)>-1,w=async(e,t)=>{t?.logger?.debug("@aws-sdk/credential-provider-ini - resolveStaticCredentials");const n={accessKeyId:e.aws_access_key_id,secretAccessKey:e.aws_secret_access_key,sessionToken:e.aws_session_token,...e.aws_credential_scope&&{credentialScope:e.aws_credential_scope},...e.aws_account_id&&{accountId:e.aws_account_id}};return(0,s.g)(n,"CREDENTIALS_PROFILE","n")},C=async(e,t,g,d,f={},u=!1)=>{const p=t[e];if(Object.keys(f).length>0&&y(p))return w(p,g);if(u||((e,{profile:t="default",logger:n}={})=>Boolean(e)&&"object"==typeof e&&"string"==typeof e.role_arn&&["undefined","string"].indexOf(typeof e.role_session_name)>-1&&["undefined","string"].indexOf(typeof e.external_id)>-1&&["undefined","string"].indexOf(typeof e.mfa_serial)>-1&&(((e,{profile:t,logger:n})=>{const r="string"==typeof e.source_profile&&void 0===e.credential_source;return r&&n?.debug?.(` ${t} isAssumeRoleWithSourceProfile source_profile=${e.source_profile}`),r})(e,{profile:t,logger:n})||((e,{profile:t,logger:n})=>{const r="string"==typeof e.credential_source&&void 0===e.source_profile;return r&&n?.debug?.(` ${t} isCredentialSourceProfile credential_source=${e.credential_source}`),r})(e,{profile:t,logger:n})))(p,{profile:e,logger:g.logger}))return(async(e,t,r,g,d={},f)=>{r.logger?.debug("@aws-sdk/credential-provider-ini - resolveAssumeRoleCredentials (STS)");const u=t[e],{source_profile:p,region:h}=u;if(!r.roleAssumer){const{getDefaultRoleAssumer:e}=await n.e(200).then(n.bind(n,6200));r.roleAssumer=e({...r.clientConfig,credentialProviderLogger:r.logger,parentClientConfig:{...g,...r?.parentClientConfig,region:h??r?.parentClientConfig?.region??g?.region}},r.clientPlugins)}if(p&&p in d)throw new i.C(`Detected a cycle attempting to resolve credentials for profile ${(0,o.Bz)(r)}. Profiles visited: `+Object.keys(d).join(", "),{logger:r.logger});r.logger?.debug("@aws-sdk/credential-provider-ini - finding credential resolver using "+(p?`source_profile=[${p}]`:`profile=[${e}]`));const _=p?f(p,t,r,g,{...d,[p]:!0},l(t[p]??{})):(await((e,t,r)=>{const o={EcsContainer:async e=>{const{fromHttp:t}=await n.e(294).then(n.bind(n,77294)),{fromContainerMetadata:o}=await n.e(866).then(n.bind(n,8866));return r?.debug("@aws-sdk/credential-provider-ini - credential_source is EcsContainer"),async()=>(0,a.c)(t(e??{}),o(e))().then(c)},Ec2InstanceMetadata:async e=>{r?.debug("@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata");const{fromInstanceMetadata:t}=await n.e(866).then(n.bind(n,8866));return async()=>t(e)().then(c)},Environment:async e=>{r?.debug("@aws-sdk/credential-provider-ini - credential_source is Environment");const{fromEnv:t}=await n.e(997).then(n.bind(n,98997));return async()=>t(e)().then(c)}};if(e in o)return o[e];throw new i.C(`Unsupported credential source in profile ${t}. Got ${e}, expected EcsContainer or Ec2InstanceMetadata or Environment.`,{logger:r})})(u.credential_source,e,r.logger)(r))();if(l(u))return _.then(e=>(0,s.g)(e,"CREDENTIALS_PROFILE_SOURCE_PROFILE","o"));{const t={RoleArn:u.role_arn,RoleSessionName:u.role_session_name||`aws-sdk-js-${Date.now()}`,ExternalId:u.external_id,DurationSeconds:parseInt(u.duration_seconds||"3600",10)},{mfa_serial:n}=u;if(n){if(!r.mfaCodeProvider)throw new i.C(`Profile ${e} requires multi-factor authentication, but no MFA code callback was provided.`,{logger:r.logger,tryNextLink:!1});t.SerialNumber=n,t.TokenCode=await r.mfaCodeProvider(n)}const o=await _;return r.roleAssumer(o,t).then(e=>(0,s.g)(e,"CREDENTIALS_PROFILE_SOURCE_PROFILE","o"))}})(e,t,g,d,f,C);if(y(p))return w(p,g);if(h=p,Boolean(h)&&"object"==typeof h&&"string"==typeof h.web_identity_token_file&&"string"==typeof h.role_arn&&["undefined","string"].indexOf(typeof h.role_session_name)>-1)return(async(e,t,r)=>n.e(529).then(n.bind(n,34529)).then(({fromTokenFile:n})=>n({webIdentityTokenFile:e.web_identity_token_file,roleArn:e.role_arn,roleSessionName:e.role_session_name,roleAssumerWithWebIdentity:t.roleAssumerWithWebIdentity,logger:t.logger,parentClientConfig:t.parentClientConfig})({callerClientConfig:r}).then(e=>(0,s.g)(e,"CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN","q"))))(p,g,d);var h;if((e=>Boolean(e)&&"object"==typeof e&&"string"==typeof e.credential_process)(p))return(async(e,t)=>n.e(644).then(n.bind(n,78263)).then(({fromProcess:n})=>n({...e,profile:t})().then(e=>(0,s.g)(e,"CREDENTIALS_PROFILE_PROCESS","v"))))(g,e);if((e=>e&&("string"==typeof e.sso_start_url||"string"==typeof e.sso_account_id||"string"==typeof e.sso_session||"string"==typeof e.sso_region||"string"==typeof e.sso_role_name))(p))return await(async(e,t,r={},o)=>{const{fromSSO:i}=await n.e(857).then(n.bind(n,1238));return i({profile:e,logger:r.logger,parentClientConfig:r.parentClientConfig,clientConfig:r.clientConfig})({callerClientConfig:o}).then(e=>t.sso_session?(0,s.g)(e,"CREDENTIALS_PROFILE_SSO","r"):(0,s.g)(e,"CREDENTIALS_PROFILE_SSO_LEGACY","t"))})(e,p,g,d);if((e=>Boolean(e&&e.login_session))(p))return(async(e,t,n)=>{const a=await(c={...t,profile:e},async({callerClientConfig:e}={})=>{c?.logger?.debug?.("@aws-sdk/credential-providers - fromLoginCredentials");const t=await(0,r.Y)(c||{}),n=(0,o.Bz)({profile:c?.profile??e?.profile}),a=t[n];if(!a?.login_session)throw new i.C(`Profile ${n} does not contain login_session.`,{tryNextLink:!0,logger:c?.logger});const l=new _(a,c,e),g=await l.loadCredentials();return(0,s.g)(g,"CREDENTIALS_LOGIN","AD")})({callerClientConfig:n});var c;return(0,s.g)(a,"CREDENTIALS_PROFILE_LOGIN","AC")})(e,g,d);throw new i.C(`Could not resolve credentials using profile: [${e}] in configuration/credentials file(s).`,{logger:g.logger})},k=(e={})=>async({callerClientConfig:t}={})=>{e.logger?.debug("@aws-sdk/credential-provider-ini - fromIni");const n=await(0,r.Y)(e);return C((0,o.Bz)({profile:e.profile??t?.profile}),n,e,t)}}};
package/dist/644.js ADDED
@@ -0,0 +1 @@
1
+ "use strict";exports.id=644,exports.ids=[644],exports.modules={28226:(e,r,o)=>{o.d(r,{C:()=>n});var t=o(76982),s=o(16928),c=o(14581);const n=e=>{const r=(0,t.createHash)("sha1").update(e).digest("hex");return(0,s.join)((0,c.R)(),".aws","sso","cache",`${r}.json`)}},70737:(e,r,o)=>{o.d(r,{Z:()=>c});var t=o(78405),s=o(35789);const c={getFileRecord:()=>s.Jj,interceptFile(e,r){s.Jj[e]=Promise.resolve(r)},getTokenRecord:()=>t.a,interceptToken(e,r){t.a[e]=r}}},78263:(e,r,o)=>{o.d(r,{fromProcess:()=>l});var t=o(32410),s=o(98229),c=o(43281),n=o(70737),i=o(35317),a=o(39023),d=o(3748);const l=(e={})=>async({callerClientConfig:r}={})=>{e.logger?.debug("@aws-sdk/credential-provider-process - fromProcess");const o=await(0,t.Y)(e);return(async(e,r,o)=>{const t=r[e];if(!r[e])throw new c.C(`Profile ${e} could not be found in shared credentials file.`,{logger:o});{const s=t.credential_process;if(void 0===s)throw new c.C(`Profile ${e} did not contain credential_process.`,{logger:o});{const t=(0,a.promisify)(n.Z?.getTokenRecord?.().exec??i.exec);try{const{stdout:o}=await t(s);let c;try{c=JSON.parse(o.trim())}catch{throw Error(`Profile ${e} credential_process returned invalid JSON.`)}return((e,r,o)=>{if(1!==r.Version)throw Error(`Profile ${e} credential_process did not return Version 1.`);if(void 0===r.AccessKeyId||void 0===r.SecretAccessKey)throw Error(`Profile ${e} credential_process returned invalid credentials.`);if(r.Expiration){const o=new Date;if(new Date(r.Expiration)<o)throw Error(`Profile ${e} credential_process returned expired credentials.`)}let t=r.AccountId;!t&&o?.[e]?.aws_account_id&&(t=o[e].aws_account_id);const s={accessKeyId:r.AccessKeyId,secretAccessKey:r.SecretAccessKey,...r.SessionToken&&{sessionToken:r.SessionToken},...r.Expiration&&{expiration:new Date(r.Expiration)},...r.CredentialScope&&{credentialScope:r.CredentialScope},...t&&{accountId:t}};return(0,d.g)(s,"CREDENTIALS_PROCESS","w"),s})(e,c,r)}catch(e){throw new c.C(e.message,{logger:o})}}}})((0,s.Bz)({profile:e.profile??r?.profile}),o,e.logger)}},78405:(e,r,o)=>{o.d(r,{a:()=>c,v:()=>n});var t=o(91943),s=o(28226);const c={},n=async e=>{if(c[e])return c[e];const r=(0,s.C)(e),o=await(0,t.readFile)(r,"utf8");return JSON.parse(o)}}};