@yawlabs/aws-mcp 0.9.9 → 0.9.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/index.js +73 -17
  2. package/package.json +1 -1
package/dist/index.js CHANGED
@@ -53570,6 +53570,14 @@ function killProc(proc, escalationMs = KILL_ESCALATION_MS) {
53570
53570
  // src/session.ts
53571
53571
  var sessionProfile;
53572
53572
  var sessionRegion;
53573
+ var PROFILE_NAME_RE = /^[A-Za-z0-9_+,.@:][A-Za-z0-9_+=,.@:-]{0,127}$/;
53574
+ var REGION_NAME_RE = /^[a-z][a-z0-9-]{2,30}$/;
53575
+ function isValidProfileName(name) {
53576
+ return PROFILE_NAME_RE.test(name);
53577
+ }
53578
+ function isValidRegionName(name) {
53579
+ return REGION_NAME_RE.test(name);
53580
+ }
53573
53581
  function getProfile() {
53574
53582
  return sessionProfile ?? process.env.AWS_PROFILE ?? "default";
53575
53583
  }
@@ -53580,13 +53588,25 @@ function setProfile(name) {
53580
53588
  if (!name?.trim()) {
53581
53589
  throw new Error("Profile name cannot be empty");
53582
53590
  }
53583
- sessionProfile = name.trim();
53591
+ const trimmed = name.trim();
53592
+ if (!isValidProfileName(trimmed)) {
53593
+ throw new Error(
53594
+ `Invalid profile name '${trimmed}'. Must be 1-128 chars from [A-Za-z0-9_+=,.@:-], must not start with '-' or '=', no whitespace or shell metacharacters.`
53595
+ );
53596
+ }
53597
+ sessionProfile = trimmed;
53584
53598
  }
53585
53599
  function setRegion(name) {
53586
53600
  if (!name?.trim()) {
53587
53601
  throw new Error("Region cannot be empty");
53588
53602
  }
53589
- sessionRegion = name.trim();
53603
+ const trimmed = name.trim();
53604
+ if (!isValidRegionName(trimmed)) {
53605
+ throw new Error(
53606
+ `Invalid region '${trimmed}'. Must match /^[a-z][a-z0-9-]{2,30}$/ (e.g. 'us-east-1', 'eu-west-3').`
53607
+ );
53608
+ }
53609
+ sessionRegion = trimmed;
53590
53610
  }
53591
53611
  function clearProfile() {
53592
53612
  sessionProfile = void 0;
@@ -53672,6 +53692,20 @@ function runAwsCall(opts) {
53672
53692
  }
53673
53693
  const profile = opts.profile ?? getProfile();
53674
53694
  const region = opts.region ?? getRegion();
53695
+ if (!isValidProfileName(profile)) {
53696
+ return Promise.resolve({
53697
+ ok: false,
53698
+ kind: "bad_input",
53699
+ error: `Invalid profile name '${profile}'. Must be 1-128 chars from [A-Za-z0-9_+=,.@:-], must not start with '-' or '='. Check the 'profile' arg or AWS_PROFILE env var.`
53700
+ });
53701
+ }
53702
+ if (!isValidRegionName(region)) {
53703
+ return Promise.resolve({
53704
+ ok: false,
53705
+ kind: "bad_input",
53706
+ error: `Invalid region '${region}'. Must match /^[a-z][a-z0-9-]{2,30}$/ (e.g. 'us-east-1'). Check the 'region' arg or AWS_REGION / AWS_DEFAULT_REGION env var.`
53707
+ });
53708
+ }
53675
53709
  const outputFormat = opts.outputFormat ?? "json";
53676
53710
  const timeoutMs = opts.timeoutMs ?? DEFAULT_TIMEOUT_MS;
53677
53711
  const envCommand = process.env.AWS_MCP_TEST_AWS_COMMAND;
@@ -53942,18 +53976,25 @@ async function acquireLock(lockPath) {
53942
53976
  `upsertProfile: failed to acquire lock at ${lockPath} after ${LOCK_MAX_WAIT_MS}ms. If a previous writer crashed, remove the lock file manually.`
53943
53977
  );
53944
53978
  }
53979
+ let fd = null;
53945
53980
  try {
53946
- const fd = openSync(lockPath, "wx");
53947
- try {
53948
- writeSync(fd, `pid=${process.pid} time=${Date.now()}
53949
- `);
53950
- } finally {
53951
- closeSync(fd);
53952
- }
53953
- return;
53981
+ fd = openSync(lockPath, "wx");
53954
53982
  } catch (err) {
53955
53983
  const code = err.code;
53956
53984
  if (code !== "EEXIST") {
53985
+ throw err;
53986
+ }
53987
+ }
53988
+ if (fd !== null) {
53989
+ try {
53990
+ try {
53991
+ writeSync(fd, `pid=${process.pid} time=${Date.now()}
53992
+ `);
53993
+ } finally {
53994
+ closeSync(fd);
53995
+ }
53996
+ return;
53997
+ } catch (err) {
53957
53998
  try {
53958
53999
  unlinkSync(lockPath);
53959
54000
  } catch {
@@ -54051,6 +54092,12 @@ var assumeTools = [
54051
54092
  const sourceProfile = i.sourceProfile || getProfile();
54052
54093
  const useRegion = i.region || getRegion();
54053
54094
  const targetProfile = resolveTargetProfile({ targetProfile: i.targetProfile, sessionName: i.sessionName });
54095
+ if (!isValidProfileName(targetProfile)) {
54096
+ return {
54097
+ ok: false,
54098
+ error: `Invalid targetProfile name '${targetProfile}'. Must be 1-128 chars from [A-Za-z0-9_+=,.@:-], must not start with '-' or '='. Pick a different targetProfile or sessionName.`
54099
+ };
54100
+ }
54054
54101
  const params = {
54055
54102
  RoleArn: i.roleArn,
54056
54103
  RoleSessionName: i.sessionName,
@@ -54142,6 +54189,12 @@ function _ttlKillswitchTick(s, proc, killFn = killProc) {
54142
54189
  killFn(proc);
54143
54190
  }
54144
54191
  function startSsoLogin(profile, opts = {}) {
54192
+ if (!isValidProfileName(profile)) {
54193
+ return Promise.resolve({
54194
+ ok: false,
54195
+ error: `Invalid profile name '${profile}'. Must be 1-128 chars from [A-Za-z0-9_+=,.@:-], must not start with '-' or '='.`
54196
+ });
54197
+ }
54145
54198
  const key = dedupeKey(profile, opts);
54146
54199
  const pending = pendingStarts.get(key);
54147
54200
  if (pending) return pending;
@@ -56473,13 +56526,16 @@ async function runScript(opts, handlers = defaultScriptHandlers()) {
56473
56526
  ${opts.code}
56474
56527
  })()`;
56475
56528
  const started = Date.now();
56476
- let timer;
56529
+ let timeoutReject;
56477
56530
  const timeoutPromise = new Promise((_, reject) => {
56478
- timer = setTimeout(() => {
56479
- reject(new Error(`Script timed out after ${Math.round(timeoutMs / 1e3)}s. Raise timeoutMs or trim the script.`));
56480
- }, timeoutMs);
56531
+ timeoutReject = reject;
56481
56532
  });
56482
- if (timer && typeof timer.unref === "function") timer.unref();
56533
+ const timer = setTimeout(() => {
56534
+ timeoutReject(
56535
+ new Error(`Script timed out after ${Math.round(timeoutMs / 1e3)}s. Raise timeoutMs or trim the script.`)
56536
+ );
56537
+ }, timeoutMs);
56538
+ timer.unref();
56483
56539
  try {
56484
56540
  const evalResult = runInContext(wrappedSource, ctx, {
56485
56541
  timeout: timeoutMs,
@@ -56488,7 +56544,7 @@ ${opts.code}
56488
56544
  const data = await Promise.race([evalResult, timeoutPromise]);
56489
56545
  return { data, logs, truncatedLogs, durationMs: Date.now() - started };
56490
56546
  } finally {
56491
- if (timer) clearTimeout(timer);
56547
+ clearTimeout(timer);
56492
56548
  }
56493
56549
  }
56494
56550
  var scriptTools = [
@@ -56607,7 +56663,7 @@ var sessionTools = [
56607
56663
  ];
56608
56664
 
56609
56665
  // src/index.ts
56610
- var version2 = true ? "0.9.9" : (await null).createRequire(import.meta.url)("../package.json").version;
56666
+ var version2 = true ? "0.9.10" : (await null).createRequire(import.meta.url)("../package.json").version;
56611
56667
  var subcommand = process.argv[2];
56612
56668
  if (subcommand === "version" || subcommand === "--version") {
56613
56669
  console.log(version2);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@yawlabs/aws-mcp",
3
- "version": "0.9.9",
3
+ "version": "0.9.10",
4
4
  "mcpName": "io.github.YawLabs/aws-mcp",
5
5
  "description": "AWS MCP server — call any AWS API from AI assistants, with first-class SSO re-login (no more 'browser won't open' dead ends)",
6
6
  "license": "MIT",