@kya-os/mcp-i 1.9.0 → 1.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/227.js +1 -0
- package/dist/{263.js → 242.js} +1 -1
- package/dist/283.js +1 -0
- package/dist/317.js +1 -0
- package/dist/354.js +1 -0
- package/dist/361.js +1 -0
- package/dist/452.js +1 -0
- package/dist/533.js +1 -0
- package/dist/622.js +1 -0
- package/dist/65.js +1 -0
- package/dist/839.js +1 -0
- package/dist/843.js +1 -0
- package/dist/{644.js → 861.js} +1 -1
- package/dist/914.js +1 -0
- package/dist/95.js +1 -0
- package/dist/cli-adapter/index.js +1 -1
- package/dist/runtime/102.js +1 -0
- package/dist/runtime/adapter-express.js +3 -3
- package/dist/runtime/adapter-nextjs.js +5 -5
- package/dist/runtime/audit.d.ts +1 -1
- package/dist/runtime/debug.d.ts +1 -1
- package/dist/runtime/debug.js +3 -2
- package/dist/runtime/delegation-hooks.d.ts +1 -1
- package/dist/runtime/http.js +3 -3
- package/dist/runtime/identity.d.ts +4 -4
- package/dist/runtime/identity.js +4 -4
- package/dist/runtime/index.d.ts +6 -2
- package/dist/runtime/index.js +10 -2
- package/dist/runtime/mcpi-runtime.d.ts +9 -1
- package/dist/runtime/mcpi-runtime.js +20 -3
- package/dist/runtime/outbound-delegation.d.ts +5 -3
- package/dist/runtime/outbound-delegation.js +14 -8
- package/dist/runtime/outbound-identity-bridge.d.ts +40 -0
- package/dist/runtime/outbound-identity-bridge.js +114 -0
- package/dist/runtime/proof-batch-queue.d.ts +1 -1
- package/dist/runtime/request-context.d.ts +10 -0
- package/dist/runtime/request-context.js +4 -0
- package/dist/runtime/resume-token-store-kv.d.ts +44 -0
- package/dist/runtime/resume-token-store-kv.js +93 -0
- package/dist/runtime/resume-token-store.d.ts +30 -0
- package/dist/runtime/resume-token-store.js +46 -0
- package/dist/runtime/session.js +6 -0
- package/dist/runtime/stdio.js +3 -3
- package/dist/runtime/utils/tools.d.ts +1 -1
- package/dist/runtime/utils/tools.js +29 -7
- package/dist/runtime/well-known.d.ts +12 -1
- package/dist/runtime/well-known.js +13 -2
- package/package.json +7 -5
- package/dist/114.js +0 -1
- package/dist/139.js +0 -1
- package/dist/200.js +0 -1
- package/dist/202.js +0 -1
- package/dist/238.js +0 -1
- package/dist/294.js +0 -1
- package/dist/374.js +0 -1
- package/dist/529.js +0 -1
- package/dist/627.js +0 -1
- package/dist/669.js +0 -1
- package/dist/857.js +0 -1
- package/dist/997.js +0 -1
- package/dist/runtime/verifier-middleware.d.ts +0 -99
- package/dist/runtime/verifier-middleware.js +0 -416
package/dist/{644.js → 861.js}
RENAMED
|
@@ -1 +1 @@
|
|
|
1
|
-
"use strict";exports.id=
|
|
1
|
+
"use strict";exports.id=861,exports.ids=[861],exports.modules={28226:(e,r,o)=>{o.d(r,{C:()=>n});var t=o(76982),s=o(16928),c=o(14581);const n=e=>{const r=(0,t.createHash)("sha1").update(e).digest("hex");return(0,s.join)((0,c.R)(),".aws","sso","cache",`${r}.json`)}},46242:(e,r,o)=>{o.d(r,{fromProcess:()=>l});var t=o(32410),s=o(98229),c=o(43281),n=o(70737),i=o(35317),a=o(39023),d=o(53347);const l=(e={})=>async({callerClientConfig:r}={})=>{e.logger?.debug("@aws-sdk/credential-provider-process - fromProcess");const o=await(0,t.Y)(e);return(async(e,r,o)=>{const t=r[e];if(!r[e])throw new c.C(`Profile ${e} could not be found in shared credentials file.`,{logger:o});{const s=t.credential_process;if(void 0===s)throw new c.C(`Profile ${e} did not contain credential_process.`,{logger:o});{const t=(0,a.promisify)(n.Z?.getTokenRecord?.().exec??i.exec);try{const{stdout:o}=await t(s);let c;try{c=JSON.parse(o.trim())}catch{throw Error(`Profile ${e} credential_process returned invalid JSON.`)}return((e,r,o)=>{if(1!==r.Version)throw Error(`Profile ${e} credential_process did not return Version 1.`);if(void 0===r.AccessKeyId||void 0===r.SecretAccessKey)throw Error(`Profile ${e} credential_process returned invalid credentials.`);if(r.Expiration){const o=new Date;if(new Date(r.Expiration)<o)throw Error(`Profile ${e} credential_process returned expired credentials.`)}let t=r.AccountId;!t&&o?.[e]?.aws_account_id&&(t=o[e].aws_account_id);const s={accessKeyId:r.AccessKeyId,secretAccessKey:r.SecretAccessKey,...r.SessionToken&&{sessionToken:r.SessionToken},...r.Expiration&&{expiration:new Date(r.Expiration)},...r.CredentialScope&&{credentialScope:r.CredentialScope},...t&&{accountId:t}};return(0,d.g)(s,"CREDENTIALS_PROCESS","w"),s})(e,c,r)}catch(e){throw new c.C(e.message,{logger:o})}}}})((0,s.Bz)({profile:e.profile??r?.profile}),o,e.logger)}},70737:(e,r,o)=>{o.d(r,{Z:()=>c});var t=o(78405),s=o(35789);const c={getFileRecord:()=>s.Jj,interceptFile(e,r){s.Jj[e]=Promise.resolve(r)},getTokenRecord:()=>t.a,interceptToken(e,r){t.a[e]=r}}},78405:(e,r,o)=>{o.d(r,{a:()=>c,v:()=>n});var t=o(91943),s=o(28226);const c={},n=async e=>{if(c[e])return c[e];const r=(0,s.C)(e),o=await(0,t.readFile)(r,"utf8");return JSON.parse(o)}}};
|
package/dist/914.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
"use strict";exports.id=914,exports.ids=[533,914],exports.modules={28226:(e,s,o)=>{o.d(s,{C:()=>r});var n=o(76982),t=o(16928),i=o(14581);const r=e=>{const s=(0,n.createHash)("sha1").update(e).digest("hex");return(0,t.join)((0,i.R)(),".aws","sso","cache",`${s}.json`)}},32410:(e,s,o)=>{o.d(s,{Y:()=>t});var n=o(13770);const t=async e=>{const s=await(0,n.p)(e);return((...e)=>{const s={};for(const o of e)for(const[e,n]of Object.entries(o))void 0!==s[e]?Object.assign(s[e],n):s[e]=n;return s})(s.configFile,s.credentialsFile)}},32914:(e,s,o)=>{o.d(s,{fromSSO:()=>v});var n=o(43281),t=o(98229),i=o(32410),r=o(40768),a=o(90814),c=o(46086);const l=e=>Object.entries(e).filter(([e])=>e.startsWith(a.I.SSO_SESSION+c.Q)).reduce((e,[s,o])=>({...e,[s.substring(s.indexOf(c.Q)+1)]:o}),{});var g=o(41844),f=o(35789);const p=()=>({}),d=async(e={})=>(0,f.TA)(e.configFilepath??(0,r.g)()).then(g.A).then(l).catch(p);var h=o(53347),w=o(68413);class u extends w.m{name="TokenProviderError";constructor(e,s=!0){super(e,s),Object.setPrototypeOf(this,u.prototype)}}var C=o(78405);const S="To refresh this SSO session run 'aws sso login' with the corresponding profile.",_=e=>{if(e.expiration&&e.expiration.getTime()<Date.now())throw new u(`Token is expired. ${S}`,!1)},k=(e,s,o=!1)=>{if(void 0===s)throw new u(`Value not present for '${e}' in SSO Token${o?". Cannot refresh":""}. ${S}`,!1)};var m=o(28226),y=o(79896);const{writeFile:T}=y.promises,x=new Date(0),O=(e={})=>async({callerClientConfig:s}={})=>{e.logger?.debug("@aws-sdk/token-providers - fromSso");const n=await(0,i.Y)(e),r=(0,t.Bz)({profile:e.profile??s?.profile}),a=n[r];if(!a)throw new u(`Profile '${r}' could not be found in shared credentials file.`,!1);if(!a.sso_session)throw new u(`Profile '${r}' is missing required property 'sso_session'.`);const c=a.sso_session,l=(await d(e))[c];if(!l)throw new u(`Sso session '${c}' could not be found in shared credentials file.`,!1);for(const e of["sso_start_url","sso_region"])if(!l[e])throw new u(`Sso session '${c}' is missing required property '${e}'.`,!1);l.sso_start_url;const g=l.sso_region;let f;try{f=await(0,C.v)(c)}catch(e){throw new u(`The SSO session token associated with profile=${r} was not found or is invalid. ${S}`,!1)}k("accessToken",f.accessToken),k("expiresAt",f.expiresAt);const{accessToken:p,expiresAt:h}=f,w={token:p,expiration:new Date(h)};if(w.expiration.getTime()-Date.now()>3e5)return w;if(Date.now()-x.getTime()<3e4)return _(w),w;k("clientId",f.clientId,!0),k("clientSecret",f.clientSecret,!0),k("refreshToken",f.refreshToken,!0);try{x.setTime(Date.now());const n=await(async(e,s,n={},t)=>{const{CreateTokenCommand:i}=await Promise.all([o.e(452),o.e(227)]).then(o.bind(o,76608)),r=await(async(e,s={},n)=>{const{SSOOIDCClient:t}=await Promise.all([o.e(452),o.e(227)]).then(o.bind(o,76608)),i=e=>s.clientConfig?.[e]??s.parentClientConfig?.[e]??n?.[e];return new t(Object.assign({},s.clientConfig??{},{region:e??s.clientConfig?.region,logger:i("logger"),userAgentAppId:i("userAgentAppId")}))})(s,n,t);return r.send(new i({clientId:e.clientId,clientSecret:e.clientSecret,refreshToken:e.refreshToken,grantType:"refresh_token"}))})(f,g,e,s);k("accessToken",n.accessToken),k("expiresIn",n.expiresIn);const t=new Date(Date.now()+1e3*n.expiresIn);try{await((e,s)=>{const o=(0,m.C)(e),n=JSON.stringify(s,null,2);return T(o,n)})(c,{...f,accessToken:n.accessToken,expiresAt:t.toISOString(),refreshToken:n.refreshToken})}catch(e){}return{token:n.accessToken,expiration:t}}catch(e){return _(w),w}},I=!1,A=async({ssoStartUrl:e,ssoSession:s,ssoAccountId:t,ssoRegion:i,ssoRoleName:r,ssoClient:a,clientConfig:c,parentClientConfig:l,callerClientConfig:g,profile:f,filepath:p,configFilepath:d,ignoreCache:w,logger:u})=>{let S;const _="To refresh this SSO session run aws sso login with the corresponding profile.";if(s)try{const e=await O({profile:f,filepath:p,configFilepath:d,ignoreCache:w})();S={accessToken:e.token,expiresAt:new Date(e.expiration).toISOString()}}catch(e){throw new n.C(e.message,{tryNextLink:I,logger:u})}else try{S=await(0,C.v)(e)}catch(e){throw new n.C(`The SSO session associated with this profile is invalid. ${_}`,{tryNextLink:I,logger:u})}if(new Date(S.expiresAt).getTime()-Date.now()<=0)throw new n.C(`The SSO session associated with this profile has expired. ${_}`,{tryNextLink:I,logger:u});const{accessToken:k}=S,{SSOClient:m,GetRoleCredentialsCommand:y}=await Promise.all([o.e(452),o.e(65)]).then(o.bind(o,38065)),T=a||new m(Object.assign({},c??{},{logger:c?.logger??g?.logger??l?.logger,region:c?.region??i,userAgentAppId:c?.userAgentAppId??g?.userAgentAppId??l?.userAgentAppId}));let x;try{x=await T.send(new y({accountId:t,roleName:r,accessToken:k}))}catch(e){throw new n.C(e,{tryNextLink:I,logger:u})}const{roleCredentials:{accessKeyId:A,secretAccessKey:v,sessionToken:N,expiration:$,credentialScope:R,accountId:b}={}}=x;if(!(A&&v&&N&&$))throw new n.C("SSO returns an invalid temporary credential.",{tryNextLink:I,logger:u});const D={accessKeyId:A,secretAccessKey:v,sessionToken:N,expiration:new Date($),...R&&{credentialScope:R},...b&&{accountId:b}};return s?(0,h.g)(D,"CREDENTIALS_SSO","s"):(0,h.g)(D,"CREDENTIALS_SSO_LEGACY","u"),D},v=(e={})=>async({callerClientConfig:s}={})=>{e.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO");const{ssoStartUrl:o,ssoAccountId:r,ssoRegion:a,ssoRoleName:c,ssoSession:l}=e,{ssoClient:g}=e,f=(0,t.Bz)({profile:e.profile??s?.profile});if(o||r||a||c||l){if(o&&r&&a&&c)return A({ssoStartUrl:o,ssoSession:l,ssoAccountId:r,ssoRegion:a,ssoRoleName:c,ssoClient:g,clientConfig:e.clientConfig,parentClientConfig:e.parentClientConfig,callerClientConfig:e.callerClientConfig,profile:f,filepath:e.filepath,configFilepath:e.configFilepath,ignoreCache:e.ignoreCache,logger:e.logger});throw new n.C('Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"',{tryNextLink:!1,logger:e.logger})}{const s=(await(0,i.Y)(e))[f];if(!s)throw new n.C(`Profile ${f} was not found.`,{logger:e.logger});if(!(p=s)||"string"!=typeof p.sso_start_url&&"string"!=typeof p.sso_account_id&&"string"!=typeof p.sso_session&&"string"!=typeof p.sso_region&&"string"!=typeof p.sso_role_name)throw new n.C(`Profile ${f} is not configured with SSO credentials.`,{logger:e.logger});if(s?.sso_session){const t=(await d(e))[s.sso_session],i=` configurations in profile ${f} and sso-session ${s.sso_session}`;if(a&&a!==t.sso_region)throw new n.C("Conflicting SSO region"+i,{tryNextLink:!1,logger:e.logger});if(o&&o!==t.sso_start_url)throw new n.C("Conflicting SSO start_url"+i,{tryNextLink:!1,logger:e.logger});s.sso_region=t.sso_region,s.sso_start_url=t.sso_start_url}const{sso_start_url:t,sso_account_id:r,sso_region:c,sso_role_name:l,sso_session:h}=((e,s)=>{const{sso_start_url:o,sso_account_id:t,sso_region:i,sso_role_name:r}=e;if(!(o&&t&&i&&r))throw new n.C(`Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(e).join(", ")}\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`,{tryNextLink:!1,logger:s});return e})(s,e.logger);return A({ssoStartUrl:t,ssoSession:h,ssoAccountId:r,ssoRegion:c,ssoRoleName:l,ssoClient:g,clientConfig:e.clientConfig,parentClientConfig:e.parentClientConfig,callerClientConfig:e.callerClientConfig,profile:f,filepath:e.filepath,configFilepath:e.configFilepath,ignoreCache:e.ignoreCache,logger:e.logger})}var p}},78405:(e,s,o)=>{o.d(s,{a:()=>i,v:()=>r});var n=o(91943),t=o(28226);const i={},r=async e=>{if(i[e])return i[e];const s=(0,t.C)(e),o=await(0,n.readFile)(s,"utf8");return JSON.parse(o)}}};
|
package/dist/95.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
"use strict";exports.id=95,exports.ids=[95],exports.modules={32410:(e,t,n)=>{n.d(t,{Y:()=>o});var r=n(13770);const o=async e=>{const t=await(0,r.p)(e);return((...e)=>{const t={};for(const n of e)for(const[e,r]of Object.entries(n))void 0!==t[e]?Object.assign(t[e],r):t[e]=r;return t})(t.configFile,t.credentialsFile)}},51095:(e,t,n)=>{n.d(t,{fromIni:()=>k});var r=n(32410),o=n(98229),i=n(43281),s=n(53347),a=n(53433);const c=e=>(0,s.g)(e,"CREDENTIALS_PROFILE_NAMED_PROVIDER","p"),l=e=>!e.role_arn&&!!e.credential_source;var g=n(81781),d=n(35789),f=n(77598),u=n(73024),p=n(48161),h=n(76760);class _{profileData;init;callerClientConfig;static REFRESH_THRESHOLD=3e5;constructor(e,t,n){this.profileData=e,this.init=t,this.callerClientConfig=n}async loadCredentials(){const e=await this.loadToken();if(!e)throw new i.C(`Failed to load a token for session ${this.loginSession}, please re-authenticate using aws login`,{tryNextLink:!1,logger:this.logger});const t=e.accessToken,n=Date.now();return new Date(t.expiresAt).getTime()-n<=_.REFRESH_THRESHOLD?this.refresh(e):{accessKeyId:t.accessKeyId,secretAccessKey:t.secretAccessKey,sessionToken:t.sessionToken,accountId:t.accountId,expiration:new Date(t.expiresAt)}}get logger(){return this.init?.logger}get loginSession(){return this.profileData.login_session}async refresh(e){const{SigninClient:t,CreateOAuth2TokenCommand:r}=await Promise.all([n.e(452),n.e(283)]).then(n.bind(n,93283)),{logger:o,userAgentAppId:s}=this.callerClientConfig??{},a=(e=>"h2"===e?.metadata?.handlerProtocol)(this.callerClientConfig?.requestHandler)?void 0:this.callerClientConfig?.requestHandler,c=new t({credentials:{accessKeyId:"",secretAccessKey:""},region:this.profileData.region??await(this.callerClientConfig?.region?.())??process.env.AWS_REGION,requestHandler:a,logger:o,userAgentAppId:s,...this.init?.clientConfig});this.createDPoPInterceptor(c.middlewareStack);const l={tokenInput:{clientId:e.clientId,refreshToken:e.refreshToken,grantType:"refresh_token"}};try{const t=await c.send(new r(l)),{accessKeyId:n,secretAccessKey:o,sessionToken:s}=t.tokenOutput?.accessToken??{},{refreshToken:a,expiresIn:g}=t.tokenOutput??{};if(!(n&&o&&s&&a))throw new i.C("Token refresh response missing required fields",{logger:this.logger,tryNextLink:!1});const d=1e3*(g??900),f=new Date(Date.now()+d),u={...e,accessToken:{...e.accessToken,accessKeyId:n,secretAccessKey:o,sessionToken:s,expiresAt:f.toISOString()},refreshToken:a};await this.saveToken(u);const p=u.accessToken;return{accessKeyId:p.accessKeyId,secretAccessKey:p.secretAccessKey,sessionToken:p.sessionToken,accountId:p.accountId,expiration:f}}catch(e){if("AccessDeniedException"===e.name){let t;switch(e.error){case"TOKEN_EXPIRED":t="Your session has expired. Please reauthenticate.";break;case"USER_CREDENTIALS_CHANGED":t="Unable to refresh credentials because of a change in your password. Please reauthenticate with your new password.";break;case"INSUFFICIENT_PERMISSIONS":t="Unable to refresh credentials due to insufficient permissions. You may be missing permission for the 'CreateOAuth2Token' action.";break;default:t=`Failed to refresh token: ${String(e)}. Please re-authenticate using \`aws login\``}throw new i.C(t,{logger:this.logger,tryNextLink:!1})}throw new i.C(`Failed to refresh token: ${String(e)}. Please re-authenticate using aws login`,{logger:this.logger})}}async loadToken(){const e=this.getTokenFilePath();try{let t;try{t=await(0,d.TA)(e,{ignoreCache:this.init?.ignoreCache})}catch{t=await u.promises.readFile(e,"utf8")}const n=JSON.parse(t),r=["accessToken","clientId","refreshToken","dpopKey"].filter(e=>!n[e]);if(n.accessToken?.accountId||r.push("accountId"),r.length>0)throw new i.C(`Token validation failed, missing fields: ${r.join(", ")}`,{logger:this.logger,tryNextLink:!1});return n}catch(t){throw new i.C(`Failed to load token from ${e}: ${String(t)}`,{logger:this.logger,tryNextLink:!1})}}async saveToken(e){const t=this.getTokenFilePath(),n=(0,h.dirname)(t);try{await u.promises.mkdir(n,{recursive:!0})}catch(e){}await u.promises.writeFile(t,JSON.stringify(e,null,2),"utf8")}getTokenFilePath(){const e=process.env.AWS_LOGIN_CACHE_DIRECTORY??(0,h.join)((0,p.homedir)(),".aws","login","cache"),t=Buffer.from(this.loginSession,"utf8"),n=(0,f.createHash)("sha256").update(t).digest("hex");return(0,h.join)(e,`${n}.json`)}derToRawSignature(e){let t=2;if(2!==e[t])throw new Error("Invalid DER signature");t++;const n=e[t++];let r=e.subarray(t,t+n);if(t+=n,2!==e[t])throw new Error("Invalid DER signature");t++;const o=e[t++];let i=e.subarray(t,t+o);r=0===r[0]?r.subarray(1):r,i=0===i[0]?i.subarray(1):i;const s=Buffer.concat([Buffer.alloc(32-r.length),r]),a=Buffer.concat([Buffer.alloc(32-i.length),i]);return Buffer.concat([s,a])}createDPoPInterceptor(e){e.add(e=>async t=>{if(g.K.isInstance(t.request)){const e=t.request,n=`${e.protocol}//${e.hostname}${e.port?`:${e.port}`:""}${e.path}`,r=await this.generateDpop(e.method,n);e.headers={...e.headers,DPoP:r}}return e(t)},{step:"finalizeRequest",name:"dpopInterceptor",override:!0})}async generateDpop(e="POST",t){const n=await this.loadToken();try{const r=(0,f.createPrivateKey)({key:n.dpopKey,format:"pem",type:"sec1"}),o=(0,f.createPublicKey)(r).export({format:"der",type:"spki"});let i=-1;for(let e=0;e<o.length;e++)if(4===o[e]){i=e;break}const s=o.slice(i+1,i+33),a=o.slice(i+33,i+65),c={alg:"ES256",typ:"dpop+jwt",jwk:{kty:"EC",crv:"P-256",x:s.toString("base64url"),y:a.toString("base64url")}},l={jti:crypto.randomUUID(),htm:e,htu:t,iat:Math.floor(Date.now()/1e3)},g=`${Buffer.from(JSON.stringify(c)).toString("base64url")}.${Buffer.from(JSON.stringify(l)).toString("base64url")}`,d=(0,f.sign)("sha256",Buffer.from(g),r);return`${g}.${this.derToRawSignature(d).toString("base64url")}`}catch(e){throw new i.C(`Failed to generate Dpop proof: ${e instanceof Error?e.message:String(e)}`,{logger:this.logger,tryNextLink:!1})}}}const y=e=>Boolean(e)&&"object"==typeof e&&"string"==typeof e.aws_access_key_id&&"string"==typeof e.aws_secret_access_key&&["undefined","string"].indexOf(typeof e.aws_session_token)>-1&&["undefined","string"].indexOf(typeof e.aws_account_id)>-1,w=async(e,t)=>{t?.logger?.debug("@aws-sdk/credential-provider-ini - resolveStaticCredentials");const n={accessKeyId:e.aws_access_key_id,secretAccessKey:e.aws_secret_access_key,sessionToken:e.aws_session_token,...e.aws_credential_scope&&{credentialScope:e.aws_credential_scope},...e.aws_account_id&&{accountId:e.aws_account_id}};return(0,s.g)(n,"CREDENTIALS_PROFILE","n")},C=async(e,t,g,d,f={},u=!1)=>{const p=t[e];if(Object.keys(f).length>0&&y(p))return w(p,g);if(u||((e,{profile:t="default",logger:n}={})=>Boolean(e)&&"object"==typeof e&&"string"==typeof e.role_arn&&["undefined","string"].indexOf(typeof e.role_session_name)>-1&&["undefined","string"].indexOf(typeof e.external_id)>-1&&["undefined","string"].indexOf(typeof e.mfa_serial)>-1&&(((e,{profile:t,logger:n})=>{const r="string"==typeof e.source_profile&&void 0===e.credential_source;return r&&n?.debug?.(` ${t} isAssumeRoleWithSourceProfile source_profile=${e.source_profile}`),r})(e,{profile:t,logger:n})||((e,{profile:t,logger:n})=>{const r="string"==typeof e.credential_source&&void 0===e.source_profile;return r&&n?.debug?.(` ${t} isCredentialSourceProfile credential_source=${e.credential_source}`),r})(e,{profile:t,logger:n})))(p,{profile:e,logger:g.logger}))return(async(e,t,r,g,d={},f)=>{r.logger?.debug("@aws-sdk/credential-provider-ini - resolveAssumeRoleCredentials (STS)");const u=t[e],{source_profile:p,region:h}=u;if(!r.roleAssumer){const{getDefaultRoleAssumer:e}=await n.e(317).then(n.bind(n,79317));r.roleAssumer=e({...r.clientConfig,credentialProviderLogger:r.logger,parentClientConfig:{...g,...r?.parentClientConfig,region:h??r?.parentClientConfig?.region??g?.region}},r.clientPlugins)}if(p&&p in d)throw new i.C(`Detected a cycle attempting to resolve credentials for profile ${(0,o.Bz)(r)}. Profiles visited: `+Object.keys(d).join(", "),{logger:r.logger});r.logger?.debug("@aws-sdk/credential-provider-ini - finding credential resolver using "+(p?`source_profile=[${p}]`:`profile=[${e}]`));const _=p?f(p,t,r,g,{...d,[p]:!0},l(t[p]??{})):(await((e,t,r)=>{const o={EcsContainer:async e=>{const{fromHttp:t}=await n.e(361).then(n.bind(n,2361)),{fromContainerMetadata:o}=await n.e(866).then(n.bind(n,8866));return r?.debug("@aws-sdk/credential-provider-ini - credential_source is EcsContainer"),async()=>(0,a.c)(t(e??{}),o(e))().then(c)},Ec2InstanceMetadata:async e=>{r?.debug("@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata");const{fromInstanceMetadata:t}=await n.e(866).then(n.bind(n,8866));return async()=>t(e)().then(c)},Environment:async e=>{r?.debug("@aws-sdk/credential-provider-ini - credential_source is Environment");const{fromEnv:t}=await n.e(622).then(n.bind(n,55622));return async()=>t(e)().then(c)}};if(e in o)return o[e];throw new i.C(`Unsupported credential source in profile ${t}. Got ${e}, expected EcsContainer or Ec2InstanceMetadata or Environment.`,{logger:r})})(u.credential_source,e,r.logger)(r))();if(l(u))return _.then(e=>(0,s.g)(e,"CREDENTIALS_PROFILE_SOURCE_PROFILE","o"));{const t={RoleArn:u.role_arn,RoleSessionName:u.role_session_name||`aws-sdk-js-${Date.now()}`,ExternalId:u.external_id,DurationSeconds:parseInt(u.duration_seconds||"3600",10)},{mfa_serial:n}=u;if(n){if(!r.mfaCodeProvider)throw new i.C(`Profile ${e} requires multi-factor authentication, but no MFA code callback was provided.`,{logger:r.logger,tryNextLink:!1});t.SerialNumber=n,t.TokenCode=await r.mfaCodeProvider(n)}const o=await _;return r.roleAssumer(o,t).then(e=>(0,s.g)(e,"CREDENTIALS_PROFILE_SOURCE_PROFILE","o"))}})(e,t,g,d,f,C);if(y(p))return w(p,g);if(h=p,Boolean(h)&&"object"==typeof h&&"string"==typeof h.web_identity_token_file&&"string"==typeof h.role_arn&&["undefined","string"].indexOf(typeof h.role_session_name)>-1)return(async(e,t,r)=>n.e(354).then(n.bind(n,83354)).then(({fromTokenFile:n})=>n({webIdentityTokenFile:e.web_identity_token_file,roleArn:e.role_arn,roleSessionName:e.role_session_name,roleAssumerWithWebIdentity:t.roleAssumerWithWebIdentity,logger:t.logger,parentClientConfig:t.parentClientConfig})({callerClientConfig:r}).then(e=>(0,s.g)(e,"CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN","q"))))(p,g,d);var h;if((e=>Boolean(e)&&"object"==typeof e&&"string"==typeof e.credential_process)(p))return(async(e,t)=>n.e(861).then(n.bind(n,46242)).then(({fromProcess:n})=>n({...e,profile:t})().then(e=>(0,s.g)(e,"CREDENTIALS_PROFILE_PROCESS","v"))))(g,e);if((e=>e&&("string"==typeof e.sso_start_url||"string"==typeof e.sso_account_id||"string"==typeof e.sso_session||"string"==typeof e.sso_region||"string"==typeof e.sso_role_name))(p))return await(async(e,t,r={},o)=>{const{fromSSO:i}=await n.e(533).then(n.bind(n,32914));return i({profile:e,logger:r.logger,parentClientConfig:r.parentClientConfig,clientConfig:r.clientConfig})({callerClientConfig:o}).then(e=>t.sso_session?(0,s.g)(e,"CREDENTIALS_PROFILE_SSO","r"):(0,s.g)(e,"CREDENTIALS_PROFILE_SSO_LEGACY","t"))})(e,p,g,d);if((e=>Boolean(e&&e.login_session))(p))return(async(e,t,n)=>{const a=await(c={...t,profile:e},async({callerClientConfig:e}={})=>{c?.logger?.debug?.("@aws-sdk/credential-providers - fromLoginCredentials");const t=await(0,r.Y)(c||{}),n=(0,o.Bz)({profile:c?.profile??e?.profile}),a=t[n];if(!a?.login_session)throw new i.C(`Profile ${n} does not contain login_session.`,{tryNextLink:!0,logger:c?.logger});const l=new _(a,c,e),g=await l.loadCredentials();return(0,s.g)(g,"CREDENTIALS_LOGIN","AD")})({callerClientConfig:n});var c;return(0,s.g)(a,"CREDENTIALS_PROFILE_LOGIN","AC")})(e,g,d);throw new i.C(`Could not resolve credentials using profile: [${e}] in configuration/credentials file(s).`,{logger:g.logger})},k=(e={})=>async({callerClientConfig:t}={})=>{e.logger?.debug("@aws-sdk/credential-provider-ini - fromIni");const n=await(0,r.Y)(e);return C((0,o.Bz)({profile:e.profile??t?.profile}),n,e,t)}}};
|
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
10
10
|
exports.enableMCPIdentityCLI = enableMCPIdentityCLI;
|
|
11
11
|
const identity_1 = require("../runtime/identity");
|
|
12
|
-
const did_helpers_1 = require("@kya-os/mcp-i-
|
|
12
|
+
const did_helpers_1 = require("@kya-os/mcp-i-runtime/utils/did-helpers");
|
|
13
13
|
const kta_registration_1 = require("./kta-registration");
|
|
14
14
|
/**
|
|
15
15
|
* Enable MCP Identity for CLI
|