@yawlabs/aws-mcp 1.3.3 → 1.4.1

package/README.md

@@ -1,305 +1,305 @@
-# @yawlabs/aws-mcp
-
-A small AWS MCP for AI assistants: **one server, one config entry, SSO re-auth baked in, generic CRUD over hundreds of resource types, live docs lookup, server-side scripting for batched workflows.**
-
-It's an **alternative to AWS's official MCP server**, not a complement -- both call any AWS API, so running both just gives the model two redundant tools. Pick one. The honest comparison:
-
-- **[AWS MCP Server](https://aws.amazon.com/blogs/aws/the-aws-mcp-server-is-now-generally-available/)** -- AWS's hosted server (`uvx mcp-proxy-for-aws`). Strong on AWS-team-curated skills, a server-side Python sandbox (`run_script`), and days-fresh API coverage. Requires Python + `uv`, routes through a proxy that bridges IAM SigV4 to OAuth, and assumes your local credentials already work.
-- **`@yawlabs/aws-mcp`** (this server) -- Node/npm-only, runs locally. Wins on SSO re-login when `aws sso login`'s browser handoff drops (Windows especially), ergonomic CCAPI CRUD with dry-run diffs, multi-region fan-out, pre-flight IAM permission checks, and a JS scripting sandbox. Live AWS docs search + read is built in too -- parity with the official server's `search_documentation` / `read_documentation`, no second server needed either way.
-
-The one MCP that genuinely pairs with *either* choice is **[`awslabs/mcp`](https://github.com/awslabs/mcp)** -- AWS Labs' fleet of typed per-service servers (Lambda invoke, Bedrock retrieval, DynamoDB with type-marshalling). Those are per-service helpers, no overlap with a general AWS-API server.
-
-Five things this server tries to handle well:
-
-1. **SSO re-login.** When your token expires mid-session, `aws sso login` tries to open a browser from a subprocess -- on Windows (and sometimes elsewhere) that handoff drops silently. You end up context-switching to a terminal, running the command yourself, then coming back. The `--no-browser` device-code flow fixes this: the assistant surfaces a short URL + code, you click once, done. There's also `aws_refresh_if_expiring_soon` for proactive top-ups before a long workflow. AWS's hosted server bridges IAM-to-OAuth via a local proxy; it doesn't help with the `aws sso login` browser-handoff failure.
-2. **Calling any AWS API.** `aws_call` proxies the `aws` CLI directly. One tool covers the full API surface -- including services AWS adds tomorrow -- with no SDK bundling and no service-by-service tool sprawl. `aws_paginate` handles paginated list/describe ops, `aws_multi_region` fans the same op out across N regions in parallel, and a JMESPath `query` parameter trims responses server-side (useful when a `describe-instances` result would otherwise blow past the 5 MB output cap).
-3. **Generic CRUD across services.** `aws_resource_*` (seven tools, including `aws_resource_diff` for dry-run previews) wraps AWS Cloud Control API, so the same lifecycle -- get / list / create / update / delete / status -- works for any control-plane resource with a CloudFormation schema: Lambda functions, S3 buckets, IAM roles, SSM parameters, RDS instances, and a few hundred more. Pass `awaitCompletion: true` and the server polls the async create/update/delete through to terminal state for you. CCAPI is control-plane only -- for data-plane ops (S3 reads, Lambda invokes, Bedrock inference, DynamoDB GetItem) drop down to `aws_call` or use a typed AWS Labs server.
-4. **Live AWS docs.** `aws_docs_search` queries the same backend that powers the docs.aws.amazon.com search box; `aws_docs_read` fetches a doc page and returns it as paginated markdown. Lets the agent discover new services and look up exact parameter names without a second MCP server installed.
-5. **Batched workflows in one round-trip.** `aws_script` runs a short JS snippet inside a constrained `node:vm` sandbox with `aws.call`, `aws.paginate`, `aws.paginateAll`, `aws.resource.*`, and `aws.logsTail` available. Best for "list X, fetch Y for each, return Z" pipelines that would otherwise need N tool calls. Same shape as AWS's `run_script` (Python, sandboxed server-side) -- yours is JS-native and runs locally.
-
-[![Add to Yaw MCP](https://yaw.sh/yaw-mcp-button.svg)](https://yaw.sh/mcp/install?name=AWS&command=npx&args=-y%2C%40yawlabs%2Faws-mcp&env=AWS_PROFILE%2CAWS_REGION&description=Call%20any%20AWS%20API%20from%20one%20server%20-%20CCAPI%20CRUD%2C%20multi-region%2C%20SSO%20re-login&source=https%3A%2F%2Fgithub.com%2FYawLabs%2Faws-mcp)
-
-One click adds this to your local Yaw MCP config so it's available in every Yaw Terminal session. Or install manually below.
-
-## Optional companion: AWS Labs per-service servers
-
-For deep work in a single service -- typed `lambda_invoke`, Bedrock KB retrieval, DynamoDB with type-marshalling -- add the relevant [`awslabs/mcp`](https://github.com/awslabs/mcp) server alongside this one. Those are per-service helpers with no tool-name overlap, so they pair cleanly:
-
-```json
-{
-  "mcpServers": {
-    "aws": {
-      "command": "npx",
-      "args": ["-y", "@yawlabs/aws-mcp@latest"]
-    },
-    "aws-lambda": {
-      "command": "uvx",
-      "args": ["awslabs.lambda-mcp-server@latest"]
-    }
-  }
-}
-```
-
-## When to reach for this vs the other AWS MCPs
-
-| Need | Best fit |
-|------|----------|
-| One config entry covering most of AWS | **`@yawlabs/aws-mcp`** |
-| SSO re-login on Windows / broken browser handoff | **`@yawlabs/aws-mcp`** (`aws_login_start` device-code flow) |
-| Generic CRUD across hundreds of resource types | **`@yawlabs/aws-mcp`** (`aws_resource_*`) |
-| Dry-run an update before applying it | **`@yawlabs/aws-mcp`** (`aws_resource_diff`) |
-| Multi-region fan-out in one call | **`@yawlabs/aws-mcp`** (`aws_multi_region`) |
-| Batch N tool calls into one round-trip (JS) | **`@yawlabs/aws-mcp`** (`aws_script`) |
-| Check IAM permissions before attempting an op | **`@yawlabs/aws-mcp`** (`aws_iam_simulate`) |
-| Node/npm-only install (no Python) | **`@yawlabs/aws-mcp`** |
-| Sandboxed Python script execution server-side | **AWS MCP Server** (`run_script`) |
-| AWS-team-curated best-practice skills | **AWS MCP Server** (skills) |
-| Days-fresh API coverage via hosted endpoint | **AWS MCP Server** (`call_aws`) |
-| Typed per-service helpers (Lambda invoke, Bedrock KB, DynamoDB type-marshalling, ...) | **`awslabs/mcp`** (per-service servers) |
-
-`@yawlabs/aws-mcp` and AWS's official server are an either/or -- pick the one whose tradeoffs fit. `awslabs/mcp` per-service servers pair cleanly with whichever you pick.
-
-## What this server borrows from AWS's official one
-
-Credit where due -- two features here were shaped by the official AWS MCP Server:
-
-- **`aws_script`** mirrors the official server's `run_script`: a sandboxed scripting tool that collapses "list X, fetch Y for each, return Z" pipelines into one round-trip. Theirs is Python, sandboxed server-side; this one is JS-native and runs locally.
-- **`aws_docs_search` / `aws_docs_read`** were added to match the official server's `search_documentation` / `read_documentation`, so you don't need a separate docs MCP regardless of which server you pick.
-
-The rest -- SSO device-code re-login, CCAPI CRUD with dry-run diffs, multi-region fan-out, IAM pre-flight checks -- is this server's own.
-
-## Tools
-
-| Tool | What it does |
-|------|--------------|
-| `aws_whoami` | Current identity (account, ARN) + SSO token expiry countdown. Call this first. |
-| `aws_login_start` | Start `aws sso login --no-browser`, returns a verification URL + short code and a `sessionId`. |
-| `aws_login_complete` | Block until the SSO subprocess finishes (you auth in your browser), returns the new identity. |
-| `aws_refresh_if_expiring_soon` | Check the cached SSO token and auto-start a refresh when < `thresholdMinutes` remain (default 10). One round-trip for "am I about to expire? if so, re-login." |
-| `aws_session_set` | Set the default profile and/or region for the rest of this MCP session. "Switch to prod," "use us-west-2." |
-| `aws_session_get` | Show the current session defaults and where each value came from (`session`/`env`/`default`). |
-| `aws_session_clear` | Remove session profile/region overrides so env vars / defaults take over again. No args clears both. |
-| `aws_list_profiles` | List profiles configured in `~/.aws/config` -- names, regions, and SSO metadata. Use before switching profiles or when an SSO error names one you haven't seen. |
-| `aws_assume_role` | Call STS AssumeRole with your current identity and stash the temp creds as a new profile (`mcp-<sessionName>`) in `~/.aws/credentials`. Use for cross-account access. The secret/session token stay on disk -- not returned to the model. Optional `timeoutMs` (default 120s) for slow SAML / `credential_process` cold starts. |
-| `aws_call` | Run any AWS API operation. `service: 's3api', operation: 'list-buckets'`, optional `params` (PascalCase JSON), optional `query` (JMESPath). Returns parsed JSON. |
-| `aws_paginate` | Fetch one page of a paginated list/describe operation. Supports `query` too. Returns `nextToken`/`hasMore`; call again with the token to continue. |
-| `aws_logs_tail` | Fetch recent CloudWatch Logs events for a log group. Wraps `aws logs tail --format json` with `since`, `filterPattern`, and stream-name filters; returns events as a parsed array. |
-| `aws_metrics_query` | Query CloudWatch metrics via GetMetricData (the modern multi-metric / expression-capable API). Pass `queries: [{id, namespace, metricName, dimensions?, statistic?, period?}]` or expression-based queries; `startTime`/`endTime` accept ISO 8601 or relative shorthand (`'15m'`, `'1h'`, `'1d'`). Period auto-picks from the time range. Returns `{series, periodSeconds, messages?}`. |
-| `aws_resource_get` | Read an AWS resource via Cloud Control API by `typeName` + `identifier` (e.g. `AWS::Lambda::Function` + function name). Returns parsed Properties. |
-| `aws_resource_list` | List resources of a type via CCAPI, paginated. Returns `{identifier, properties}` per entry plus a `nextToken`/`hasMore`. |
-| `aws_resource_create` | Create an AWS resource via CCAPI. Async — returns top-level `requestToken` + `operationStatus`. Pass `awaitCompletion: true` to have the server poll to terminal state in one call. |
-| `aws_resource_update` | Update an AWS resource via CCAPI using RFC 6902 JSON Patch. Same async + `awaitCompletion` shape as create. |
-| `aws_resource_delete` | Delete an AWS resource via CCAPI. Same async + `awaitCompletion` shape as create. Destructive — verify `identifier` first. |
-| `aws_resource_status` | Poll an async CCAPI request by `requestToken`. Returns the current state with `operationStatus`, `identifier`, `errorCode`, `statusMessage` flat-promoted (PENDING / IN_PROGRESS / SUCCESS / FAILED / CANCEL_*). |
-| `aws_resource_diff` | Dry-run a CCAPI update: fetches current state, simulates the JSON Patch in memory, returns `{before, after, changes[]}`. No mutation sent to AWS. Supports the add/remove/replace subset of RFC 6902; `add` auto-creates missing object parents to match CCAPI's actual update semantics (so patches like `/Environment/Variables/NEW_KEY` work even when `/Environment/Variables` doesn't exist yet). `changes[i].after` reflects what op `i` produced (not the final post-patch state), so sequential ops on the same path read correctly. Call before `aws_resource_update` when you want to verify the patch does what you expect. |
-| `aws_multi_region` | Run the same AWS operation across N regions in parallel. Same shape as `aws_call` but takes `regions: string[]`. Returns `{region, ok, data?, error?}[]` with `okCount`/`errorCount`. Partial failure is expected (services aren't everywhere, perms may be region-scoped). |
-| `aws_script` | Run a short JS snippet that orchestrates the other tools and returns a combined result. Sandbox exposes `aws.call`, `aws.paginate`, `aws.paginateAll`, `aws.resource.{get,list,create,update,delete,status}`, `aws.logsTail`, plus standard JS builtins (`JSON`, `Math`, `Date`, `Promise`, etc.) and `console`. No `require`/`import`/`process`/`fs`/`fetch`/timers. Best for "list X, fetch Y for each, return Z" pipelines that would otherwise be N round-trips. Use `return <value>` to surface a result. Not a security sandbox -- treat the same as any other tool the model can call. |
-| `aws_iam_simulate` | Simulate IAM permissions for a principal: can principal X do actions Y on resources Z? Wraps `iam simulate-principal-policy`. Returns one entry per (action, resource) pair with `decision` (allowed / explicitDeny / implicitDeny), `matchedStatementIds` (which IAM statements decided), and `missingContextValues` (context keys the policy needed but you didn't provide). Use BEFORE a risky operation to avoid a 403 -- pairs with the post-failure Suggestion from aws_call. Requires `iam:SimulatePrincipalPolicy` on the caller. |
-| `aws_docs_search` | Search live AWS documentation (the backend behind the docs.aws.amazon.com search box). Returns ranked `{title, url, summary, excerpt}`. Use to discover the right doc page for a service/API/concept the model may not know -- new services, recently changed APIs, exact parameter names. |
-| `aws_docs_read` | Fetch an `https://docs.aws.amazon.com/...html` page and return it as markdown. Strips nav/cookie-banner/feedback chrome. Long pages paginate via `startIndex` + `maxLength`; the response carries `hasMore` and `nextStartIndex`. Usually fed a url from `aws_docs_search`. |
-
-## Install
-
-Add to your MCP client config (e.g. `.mcp.json`):
-
-```json
-{
-  "mcpServers": {
-    "aws": {
-      "command": "npx",
-      "args": ["-y", "@yawlabs/aws-mcp@latest"]
-    }
-  }
-}
-```
-
-The `-y` flag is what gives you **auto-update on each session load**: every time your MCP client spawns the server, `npx` checks the registry for the latest `@yawlabs/aws-mcp` and downloads it if newer. The first launch in a fresh cache adds ~100-500 ms; subsequent launches use npm's cache (typical metadata-freshness window: 5 min) and add ~50 ms or less. Once the server is up, tool calls have zero auto-update overhead -- the check fires only on (re-)spawn. No separate install step is needed; `-y` covers both first-time install and ongoing updates.
-
-If you'd rather pin a specific version (no auto-update, but zero startup overhead), install globally and point the config at the installed binary:
-
-```bash
-npm install -g @yawlabs/aws-mcp
-```
-
-```json
-{
-  "mcpServers": {
-    "aws": {
-      "command": "aws-mcp"
-    }
-  }
-}
-```
-
-You'll need to `npm install -g @yawlabs/aws-mcp@latest` manually when you want a newer version.
-
-## Example session
-
-You ask the assistant to check a staging bucket, but your SSO token just expired. What the assistant does (and what you see):
-
-```
-You:    "How many objects are in the staging-artifacts bucket right now?"
-
-Claude: (calls aws_whoami) -> SSO session expired for profile 'staging'.
-        (calls aws_login_start with profile='staging')
-        "Your SSO token expired. Open
-         https://device.sso.us-east-1.amazonaws.com/
-         and enter code: ABCD-EFGH
-         I'll wait."
-
-You:    *click, authenticate in your browser*
-
-Claude: (calls aws_login_complete with the sessionId)
-        (calls aws_call with service='s3api', operation='list-objects-v2',
-                         params={ Bucket: 'staging-artifacts' },
-                         query='KeyCount')
-        "There are 4,182 objects in staging-artifacts."
-```
-
-The SSO flow took one click. No "the browser didn't open, let me run it in a terminal" context switch.
-
-For a larger list where the response might exceed the 5 MB output cap, the assistant reaches for `aws_paginate`:
-
-```
-(calls aws_paginate with service='ec2', operation='describe-instances',
-                        maxItems=50,
-                        query='Reservations[].Instances[].{Id:InstanceId,State:State.Name}')
--> returns one page + a nextToken; Claude calls again until hasMore=false
-```
-
-`query` (JMESPath) trims the response server-side -- a typical `describe-instances` result shrinks from megabytes to kilobytes when you only need two fields.
-
-For "create this resource and tell me when it's ready," `aws_resource_create` with `awaitCompletion: true` collapses the usual create-then-poll loop into one tool call:
-
-```
-(calls aws_resource_create with
-   typeName='AWS::SSM::Parameter',
-   desiredState={Name: '/my/param', Type: 'String', Value: 'hello'},
-   awaitCompletion: true)
--> server polls get-resource-request-status until SUCCESS / FAILED / CANCEL_COMPLETE
-   and returns the terminal ProgressEvent in one call
-```
-
-Same shape for `aws_resource_update` and `aws_resource_delete`. Drop `awaitCompletion` (or set it false) for the default fire-and-poll behavior -- useful when you want to kick off a long-running update and check back later.
-
-For "preview the patch before applying":
-
-```
-(calls aws_resource_diff with
-   typeName='AWS::Lambda::Function',
-   identifier='my-fn',
-   patchDocument=[{op: 'replace', path: '/MemorySize', value: 1024}])
--> returns { before: {MemorySize: 256, ...}, after: {MemorySize: 1024, ...},
-              changes: [{op: 'replace', path: '/MemorySize', before: 256, after: 1024}] }
-```
-
-No mutation is sent to AWS; the agent can verify the patch before invoking `aws_resource_update`.
-
-For batched workflows, `aws_script` collapses N tool calls into one:
-
-```
-(calls aws_script with code=`
-   const listed = await aws.resource.list({ typeName: "AWS::Lambda::Function" });
-   const big = [];
-   for (const r of listed.resources) {
-     const cfg = await aws.resource.get({
-       typeName: "AWS::Lambda::Function", identifier: r.identifier });
-     if (cfg.properties.MemorySize > 1024) {
-       big.push({ name: cfg.properties.FunctionName, mem: cfg.properties.MemorySize });
-     }
-   }
-   return big;
-`)
--> one round-trip; the agent gets the filtered list without N intermediate tool calls
-```
-
-For multi-region reads:
-
-```
-(calls aws_multi_region with
-   service='ec2', operation='describe-instances',
-   regions=['us-east-1','us-west-2','eu-west-1'],
-   query='Reservations[].Instances[].InstanceId')
--> {okCount: 3, errorCount: 0, results: [{region, ok, data}, ...]}
-```
-
-## Requirements
-
-- Node.js 22+
-- AWS CLI v2 installed and on `PATH` (for `aws sso login --no-browser`)
-- An AWS profile configured for SSO / IAM Identity Center in `~/.aws/config`
-
-## Environment
-
-| Variable | Default | Purpose |
-|----------|---------|---------|
-| `AWS_PROFILE` | `default` | Profile used when a tool call omits `profile`. |
-| `AWS_REGION` / `AWS_DEFAULT_REGION` | `us-east-1` | Region used when a tool call omits `region`. `AWS_REGION` wins if both are set. |
-
-If you authenticate via SAML (Okta / Azure AD / ADFS) or a custom `credential_process`, set `AWS_PROFILE` to that profile. The server passes `--profile` through to the AWS CLI, so the CLI's standard credential chain -- `credential_process`, SSO sessions, role chaining, static keys, IMDS -- resolves as usual.
-
-If neither `AWS_PROFILE` is set nor `aws_session_set` has been called and there's no `[default]` section in `~/.aws/config`, tools will fail with `ProfileNotFound`. Set `AWS_PROFILE` in your MCP config to your usual working profile.
-
-## How the SSO login flow works
-
-```
-1. Claude calls aws_login_start({ profile: "prod" })
-2. Server spawns: aws sso login --no-browser --profile prod
-3. Server parses the URL + code from stdout, returns them to Claude
-4. Claude surfaces: "Open https://device.sso.us-east-1.amazonaws.com/ and enter ABCD-EFGH"
-5. You click — browser opens in your own user session — auth in ~10 seconds
-6. Claude calls aws_login_complete({ sessionId })
-7. Tool returns your new identity. Back to work.
-```
-
-The token is cached in `~/.aws/sso/cache/<hash>.json` the same way a normal `aws sso login` would, so the AWS CLI, the SDK, and every other tool on your machine pick it up transparently.
-
-## Why this server must run locally (not on mcp.hosting)
-
-SSO tokens live in `~/.aws/sso/cache/` on *your* device. A remote MCP server can't read them. So this is a stdio server, not a hosted one. That's a constraint of AWS SSO, not a limitation of mcp.hosting.
-
-## Stability
-
-From 1.0 onward this package follows [Semantic Versioning](https://semver.org/spec/v2.0.0.html). The 0.x line is the pre-stability tightening phase -- breaking changes are documented in [`CHANGELOG.md`](./CHANGELOG.md) but are not necessarily gated on a major bump.
-
-**Stable in 1.x (anything below is a breaking change requiring a major bump):**
-
-- **Tool names** -- the 25 tool names listed in the Tools table above will not be renamed or removed.
-- **Tool annotations** -- `readOnlyHint`, `destructiveHint`, `idempotentHint`, `openWorldHint`. These signal to MCP hosts how to gate calls; flipping them silently would break host UIs.
-- **Required input fields** -- the required fields per tool will not change shape or be removed. New *optional* fields may be added.
-- **Success envelope shape per tool** -- the `data` object on `{ok: true, data}` responses, specifically:
-  - `aws_call` -> `{command, result}`
-  - `aws_paginate` -> `{command, result, nextToken, hasMore}`
-  - `aws_multi_region` -> `{service, operation, regionCount, okCount, errorCount, results: [{region, ok, data?, command?, error?, errorKind?}]}`
-  - `aws_whoami` -> `{account, userId, arn, profile, region, ssoToken: {expiresAt, minutesLeft, startUrl?} | null}` (`startUrl` is omitted when the cached token didn't record one)
-  - `aws_login_start` -> `{sessionId, profile, verificationUrl, userCode, instructions, reused?}` (`reused: true` when re-surfacing an in-flight login for the same profile)
-  - `aws_login_complete` -> `{loggedIn, account, userId, arn, profile, region, ssoToken}` (same `ssoToken` shape as `aws_whoami`, including the optional `startUrl`)
-  - `aws_refresh_if_expiring_soon` -> **one of two shapes by branch:** `{status: "ok", minutesLeft, expiresAt, profile}` when the cached token has more than `thresholdMinutes` left, or `{status: "refreshing", reason, sessionId, profile, verificationUrl, userCode, reused?, instructions}` when a refresh is in flight. Discriminate on `status`.
-  - `aws_assume_role` -> `{profile, credentialsPath, expiration, assumedRoleArn, assumedRoleId, sourceProfile, hint}`
-  - `aws_list_profiles` -> `{configPath, profiles: [{name, region?, ssoStartUrl?, ssoRegion?, ssoSession?, isSso}]}`
-  - `aws_session_get` / `aws_session_set` / `aws_session_clear` -> `{profile, region, profileSource, regionSource}` where `*Source` is `"session" | "env" | "default"`. All three return the same shape (set/clear return the post-mutation state).
-  - `aws_resource_get` -> `{command, typeName, identifier, properties, propertiesRaw?}`
-  - `aws_resource_list` -> `{command, typeName, resources: [{identifier, properties}], nextToken, hasMore}`
-  - `aws_resource_create` / `_update` / `_delete` / `_status` -> flat-promoted `{command, requestToken, operationStatus, identifier, errorCode, statusMessage, retryAfter, progressEvent}` plus an `awaited: {attempts, elapsedMs}` block when `awaitCompletion: true` was passed
-  - `aws_resource_diff` -> `{command, typeName, identifier, before, after, changes, changeCount}`
-  - `aws_logs_tail` -> `{command, logGroupName, since, eventCount, events}`
-  - `aws_metrics_query` -> `{command, startTime, endTime, periodSeconds, series: [{id, label?, timestamps, values, statusCode?}], messages?: [{code?, value?}]}` (`messages` is omitted when empty; per-series `label` / `statusCode` are present when CloudWatch returns them)
-  - `aws_iam_simulate` -> `{command, principalArn, summary: {allowed, denied, total}, results, evaluationResults}`
-  - `aws_script` -> `{result, logs, truncatedLogs, durationMs}` where `result` is whatever the script `return`ed (any JSON-serializable value, including `undefined`)
-  - `aws_docs_search` -> `{query, count, results: [{title, url, summary?, excerpt?}]}` (`summary` / `excerpt` are present only when the upstream search backend returns them)
-  - `aws_docs_read` -> `{url, cached, content, startIndex, endIndex, totalLength, hasMore, nextStartIndex}`
-- **Error envelope** -- `{ok: false, error: string, rawBody?: string}`. The `error` string is human-readable; its *wording* is best-effort (see below).
-- **`errorKind` enum on `aws_multi_region`** -- `"sso_expired" | "no_creds" | "bad_input" | "spawn_failure" | "timeout" | "output_too_large" | "nonzero_exit"`. New variants may be added (additive); existing ones won't be renamed or repurposed.
-
-**Best-effort (may change in a minor or patch):**
-
-- **Error message wording.** Strings like "SSO session expired for profile 'X'. Call aws_login_start..." may be retuned for clarity. Anchor on `errorKind` (for `aws_multi_region`) or the structured envelope, not on regex-matching `error` text.
-- **`rawBody`** content -- raw stderr/stdout from the underlying `aws` CLI for diagnostic purposes. Format follows whatever the CLI emits in your installed version.
-- **`command`** strings -- the human-readable command shown alongside results. Argv ordering and the exact redaction-stub format (`<redacted len=N>`) may shift.
-- **Tool *descriptions*** -- the prose surfaced to the model. Tightening these is non-breaking.
-
-**Deprecation policy:** breaking a stable shape requires a major bump. A deprecation lands first in a minor (the old shape continues to work and the new shape becomes available alongside it), with a removal scheduled for the next major. Both the deprecation and the removal show up in `CHANGELOG.md`.
-
-## License
-
-MIT
+# @yawlabs/aws-mcp
+
+A small AWS MCP for AI assistants: **one server, one config entry, SSO re-auth baked in, generic CRUD over hundreds of resource types, live docs lookup, server-side scripting for batched workflows.**
+
+It's an **alternative to AWS's official MCP server**, not a complement -- both call any AWS API, so running both just gives the model two redundant tools. Pick one. The honest comparison:
+
+- **[AWS MCP Server](https://aws.amazon.com/blogs/aws/the-aws-mcp-server-is-now-generally-available/)** -- AWS's hosted server (`uvx mcp-proxy-for-aws`). Strong on AWS-team-curated skills, a server-side Python sandbox (`run_script`), and days-fresh API coverage. Requires Python + `uv`, routes through a proxy that bridges IAM SigV4 to OAuth, and assumes your local credentials already work.
+- **`@yawlabs/aws-mcp`** (this server) -- Node/npm-only, runs locally. Wins on SSO re-login when `aws sso login`'s browser handoff drops (Windows especially), ergonomic CCAPI CRUD with dry-run diffs, multi-region fan-out, pre-flight IAM permission checks, and a JS scripting sandbox. Live AWS docs search + read is built in too -- parity with the official server's `search_documentation` / `read_documentation`, no second server needed either way.
+
+The one MCP that genuinely pairs with *either* choice is **[`awslabs/mcp`](https://github.com/awslabs/mcp)** -- AWS Labs' fleet of typed per-service servers (Lambda invoke, Bedrock retrieval, DynamoDB with type-marshalling). Those are per-service helpers, no overlap with a general AWS-API server.
+
+Five things this server tries to handle well:
+
+1. **SSO re-login.** When your token expires mid-session, `aws sso login` tries to open a browser from a subprocess -- on Windows (and sometimes elsewhere) that handoff drops silently. You end up context-switching to a terminal, running the command yourself, then coming back. The `--no-browser` device-code flow fixes this: the assistant surfaces a short URL + code, you click once, done. There's also `aws_refresh_if_expiring_soon` for proactive top-ups before a long workflow. AWS's hosted server bridges IAM-to-OAuth via a local proxy; it doesn't help with the `aws sso login` browser-handoff failure.
+2. **Calling any AWS API.** `aws_call` proxies the `aws` CLI directly. One tool covers the full API surface -- including services AWS adds tomorrow -- with no SDK bundling and no service-by-service tool sprawl. `aws_paginate` handles paginated list/describe ops, `aws_multi_region` fans the same op out across N regions in parallel, and a JMESPath `query` parameter trims responses server-side (useful when a `describe-instances` result would otherwise blow past the 5 MB output cap).
+3. **Generic CRUD across services.** `aws_resource_*` (seven tools, including `aws_resource_diff` for dry-run previews) wraps AWS Cloud Control API, so the same lifecycle -- get / list / create / update / delete / status -- works for any control-plane resource with a CloudFormation schema: Lambda functions, S3 buckets, IAM roles, SSM parameters, RDS instances, and a few hundred more. Pass `awaitCompletion: true` and the server polls the async create/update/delete through to terminal state for you. CCAPI is control-plane only -- for data-plane ops (S3 reads, Lambda invokes, Bedrock inference, DynamoDB GetItem) drop down to `aws_call` or use a typed AWS Labs server.
+4. **Live AWS docs.** `aws_docs_search` queries the same backend that powers the docs.aws.amazon.com search box; `aws_docs_read` fetches a doc page and returns it as paginated markdown. Lets the agent discover new services and look up exact parameter names without a second MCP server installed.
+5. **Batched workflows in one round-trip.** `aws_script` runs a short JS snippet inside a constrained `node:vm` sandbox with `aws.call`, `aws.paginate`, `aws.paginateAll`, `aws.resource.*`, `aws.logsTail`, `aws.metricsQuery`, `aws.iamSimulate`, `aws.multiRegion`, `aws.assumeRole`, and `aws.docs.{search,read}` available. Best for "list X, fetch Y for each, return Z" pipelines that would otherwise need N tool calls. Same shape as AWS's `run_script` (Python, sandboxed server-side) -- yours is JS-native and runs locally.
+
+[![Add to Yaw MCP](https://yaw.sh/yaw-mcp-button.svg)](https://yaw.sh/mcp/install?name=AWS&command=npx&args=-y%2C%40yawlabs%2Faws-mcp&env=AWS_PROFILE%2CAWS_REGION&description=Call%20any%20AWS%20API%20from%20one%20server%20-%20CCAPI%20CRUD%2C%20multi-region%2C%20SSO%20re-login&source=https%3A%2F%2Fgithub.com%2FYawLabs%2Faws-mcp)
+
+One click adds this to your local Yaw MCP config so it's available in every Yaw Terminal session. Or install manually below.
+
+## Optional companion: AWS Labs per-service servers
+
+For deep work in a single service -- typed `lambda_invoke`, Bedrock KB retrieval, DynamoDB with type-marshalling -- add the relevant [`awslabs/mcp`](https://github.com/awslabs/mcp) server alongside this one. Those are per-service helpers with no tool-name overlap, so they pair cleanly:
+
+```json
+{
+  "mcpServers": {
+    "aws": {
+      "command": "npx",
+      "args": ["-y", "@yawlabs/aws-mcp@latest"]
+    },
+    "aws-lambda": {
+      "command": "uvx",
+      "args": ["awslabs.lambda-mcp-server@latest"]
+    }
+  }
+}
+```
+
+## When to reach for this vs the other AWS MCPs
+
+| Need | Best fit |
+|------|----------|
+| One config entry covering most of AWS | **`@yawlabs/aws-mcp`** |
+| SSO re-login on Windows / broken browser handoff | **`@yawlabs/aws-mcp`** (`aws_login_start` device-code flow) |
+| Generic CRUD across hundreds of resource types | **`@yawlabs/aws-mcp`** (`aws_resource_*`) |
+| Dry-run an update before applying it | **`@yawlabs/aws-mcp`** (`aws_resource_diff`) |
+| Multi-region fan-out in one call | **`@yawlabs/aws-mcp`** (`aws_multi_region`) |
+| Batch N tool calls into one round-trip (JS) | **`@yawlabs/aws-mcp`** (`aws_script`) |
+| Check IAM permissions before attempting an op | **`@yawlabs/aws-mcp`** (`aws_iam_simulate`) |
+| Node/npm-only install (no Python) | **`@yawlabs/aws-mcp`** |
+| Sandboxed Python script execution server-side | **AWS MCP Server** (`run_script`) |
+| AWS-team-curated best-practice skills | **AWS MCP Server** (skills) |
+| Days-fresh API coverage via hosted endpoint | **AWS MCP Server** (`call_aws`) |
+| Typed per-service helpers (Lambda invoke, Bedrock KB, DynamoDB type-marshalling, ...) | **`awslabs/mcp`** (per-service servers) |
+
+`@yawlabs/aws-mcp` and AWS's official server are an either/or -- pick the one whose tradeoffs fit. `awslabs/mcp` per-service servers pair cleanly with whichever you pick.
+
+## What this server borrows from AWS's official one
+
+Credit where due -- two features here were shaped by the official AWS MCP Server:
+
+- **`aws_script`** mirrors the official server's `run_script`: a sandboxed scripting tool that collapses "list X, fetch Y for each, return Z" pipelines into one round-trip. Theirs is Python, sandboxed server-side; this one is JS-native and runs locally.
+- **`aws_docs_search` / `aws_docs_read`** were added to match the official server's `search_documentation` / `read_documentation`, so you don't need a separate docs MCP regardless of which server you pick.
+
+The rest -- SSO device-code re-login, CCAPI CRUD with dry-run diffs, multi-region fan-out, IAM pre-flight checks -- is this server's own.
+
+## Tools
+
+| Tool | What it does |
+|------|--------------|
+| `aws_whoami` | Current identity (account, ARN) + SSO token expiry countdown. Call this first. |
+| `aws_login_start` | Start `aws sso login --no-browser`, returns a verification URL + short code and a `sessionId`. |
+| `aws_login_complete` | Block until the SSO subprocess finishes (you auth in your browser), returns the new identity. |
+| `aws_refresh_if_expiring_soon` | Check the cached SSO token and auto-start a refresh when < `thresholdMinutes` remain (default 10). One round-trip for "am I about to expire? if so, re-login." |
+| `aws_session_set` | Set the default profile and/or region for the rest of this MCP session. "Switch to prod," "use us-west-2." |
+| `aws_session_get` | Show the current session defaults and where each value came from (`session`/`env`/`default`). |
+| `aws_session_clear` | Remove session profile/region overrides so env vars / defaults take over again. No args clears both. |
+| `aws_list_profiles` | List profiles configured in `~/.aws/config` -- names, regions, and SSO metadata. Use before switching profiles or when an SSO error names one you haven't seen. |
+| `aws_assume_role` | Call STS AssumeRole with your current identity and stash the temp creds as a new profile (`mcp-<sessionName>`) in `~/.aws/credentials`. Use for cross-account access. The secret/session token stay on disk -- not returned to the model. Optional `timeoutMs` (default 120s) for slow SAML / `credential_process` cold starts. |
+| `aws_call` | Run any AWS API operation. `service: 's3api', operation: 'list-buckets'`, optional `params` (PascalCase JSON), optional `query` (JMESPath). Returns parsed JSON. |
+| `aws_paginate` | Fetch one page of a paginated list/describe operation. Supports `query` too. Returns `nextToken`/`hasMore`; call again with the token to continue. |
+| `aws_logs_tail` | Fetch recent CloudWatch Logs events for a log group. Wraps `aws logs tail --format json` with `since`, `filterPattern`, and stream-name filters; returns events as a parsed array. |
+| `aws_metrics_query` | Query CloudWatch metrics via GetMetricData (the modern multi-metric / expression-capable API). Pass `queries: [{id, namespace, metricName, dimensions?, statistic?, period?}]` or expression-based queries; `startTime`/`endTime` accept ISO 8601 or relative shorthand (`'15m'`, `'1h'`, `'1d'`). Period auto-picks from the time range. Returns `{series: [{id, label?, timestamps, values, period?, statusCode?}], periodSeconds, profile, region, nextToken, hasMore, messages?}` (full envelope under Stability). |
+| `aws_resource_get` | Read an AWS resource via Cloud Control API by `typeName` + `identifier` (e.g. `AWS::Lambda::Function` + function name). Returns parsed Properties. |
+| `aws_resource_list` | List resources of a type via CCAPI, paginated. Returns `{identifier, properties}` per entry plus a `nextToken`/`hasMore`. |
+| `aws_resource_create` | Create an AWS resource via CCAPI. Async — returns top-level `requestToken` + `operationStatus`. Pass `awaitCompletion: true` to have the server poll to terminal state in one call. |
+| `aws_resource_update` | Update an AWS resource via CCAPI using RFC 6902 JSON Patch. Same async + `awaitCompletion` shape as create. |
+| `aws_resource_delete` | Delete an AWS resource via CCAPI. Same async + `awaitCompletion` shape as create. Destructive — verify `identifier` first. |
+| `aws_resource_status` | Poll an async CCAPI request by `requestToken`. Returns the current state with `operationStatus`, `identifier`, `errorCode`, `statusMessage` flat-promoted (PENDING / IN_PROGRESS / SUCCESS / FAILED / CANCEL_*). |
+| `aws_resource_diff` | Dry-run a CCAPI update: fetches current state, simulates the JSON Patch in memory, returns `{before, after, changes[]}`. No mutation sent to AWS. Supports the add/remove/replace subset of RFC 6902; `add` auto-creates missing object parents to match CCAPI's actual update semantics (so patches like `/Environment/Variables/NEW_KEY` work even when `/Environment/Variables` doesn't exist yet). `changes[i].after` reflects what op `i` produced (not the final post-patch state), so sequential ops on the same path read correctly. Call before `aws_resource_update` when you want to verify the patch does what you expect. |
+| `aws_multi_region` | Run the same AWS operation across N regions in parallel. Same shape as `aws_call` but takes `regions: string[]`. Returns `{region, ok, data?, error?}[]` with `okCount`/`errorCount`. Partial failure is expected (services aren't everywhere, perms may be region-scoped). |
+| `aws_script` | Run a short JS snippet that orchestrates the other tools and returns a combined result. Sandbox exposes `aws.call`, `aws.paginate`, `aws.paginateAll`, `aws.resource.{get,list,create,update,delete,status}`, `aws.logsTail`, `aws.metricsQuery`, `aws.iamSimulate`, `aws.multiRegion`, `aws.assumeRole`, `aws.docs.{search,read}`, plus standard JS builtins (`JSON`, `Math`, `Date`, `Promise`, etc.) and `console`. No `require`/`import`/`process`/`fs`/`fetch`/timers. Best for "list X, fetch Y for each, return Z" pipelines that would otherwise be N round-trips. Use `return <value>` to surface a result. Not a security sandbox -- treat the same as any other tool the model can call. |
+| `aws_iam_simulate` | Simulate IAM permissions for a principal: can principal X do actions Y on resources Z? Wraps `iam simulate-principal-policy`. Returns one entry per (action, resource) pair with `decision` (allowed / explicitDeny / implicitDeny), `matchedStatementIds` (which IAM statements decided), and `missingContextValues` (context keys the policy needed but you didn't provide). Use BEFORE a risky operation to avoid a 403 -- pairs with the post-failure Suggestion from aws_call. Requires `iam:SimulatePrincipalPolicy` on the caller. |
+| `aws_docs_search` | Search live AWS documentation (the backend behind the docs.aws.amazon.com search box). Returns ranked `{title, url, summary, excerpt}`. Use to discover the right doc page for a service/API/concept the model may not know -- new services, recently changed APIs, exact parameter names. |
+| `aws_docs_read` | Fetch an `https://docs.aws.amazon.com/...html` page and return it as markdown. Strips nav/cookie-banner/feedback chrome. Long pages paginate via `startIndex` + `maxLength`; the response carries `hasMore` and `nextStartIndex`. Usually fed a url from `aws_docs_search`. |
+
+## Install
+
+Add to your MCP client config (e.g. `.mcp.json`):
+
+```json
+{
+  "mcpServers": {
+    "aws": {
+      "command": "npx",
+      "args": ["-y", "@yawlabs/aws-mcp@latest"]
+    }
+  }
+}
+```
+
+The `-y` flag is what gives you **auto-update on each session load**: every time your MCP client spawns the server, `npx` checks the registry for the latest `@yawlabs/aws-mcp` and downloads it if newer. The first launch in a fresh cache adds ~100-500 ms; subsequent launches use npm's cache (typical metadata-freshness window: 5 min) and add ~50 ms or less. Once the server is up, tool calls have zero auto-update overhead -- the check fires only on (re-)spawn. No separate install step is needed; `-y` covers both first-time install and ongoing updates.
+
+If you'd rather pin a specific version (no auto-update, but zero startup overhead), install globally and point the config at the installed binary:
+
+```bash
+npm install -g @yawlabs/aws-mcp
+```
+
+```json
+{
+  "mcpServers": {
+    "aws": {
+      "command": "aws-mcp"
+    }
+  }
+}
+```
+
+You'll need to `npm install -g @yawlabs/aws-mcp@latest` manually when you want a newer version.
+
+## Example session
+
+You ask the assistant to check a staging bucket, but your SSO token just expired. What the assistant does (and what you see):
+
+```
+You:    "How many objects are in the staging-artifacts bucket right now?"
+
+Claude: (calls aws_whoami) -> SSO session expired for profile 'staging'.
+        (calls aws_login_start with profile='staging')
+        "Your SSO token expired. Open
+         https://device.sso.us-east-1.amazonaws.com/
+         and enter code: ABCD-EFGH
+         I'll wait."
+
+You:    *click, authenticate in your browser*
+
+Claude: (calls aws_login_complete with the sessionId)
+        (calls aws_call with service='s3api', operation='list-objects-v2',
+                         params={ Bucket: 'staging-artifacts' },
+                         query='KeyCount')
+        "There are 4,182 objects in staging-artifacts."
+```
+
+The SSO flow took one click. No "the browser didn't open, let me run it in a terminal" context switch.
+
+For a larger list where the response might exceed the 5 MB output cap, the assistant reaches for `aws_paginate`:
+
+```
+(calls aws_paginate with service='ec2', operation='describe-instances',
+                        maxItems=50,
+                        query='Reservations[].Instances[].{Id:InstanceId,State:State.Name}')
+-> returns one page + a nextToken; Claude calls again until hasMore=false
+```
+
+`query` (JMESPath) trims the response server-side -- a typical `describe-instances` result shrinks from megabytes to kilobytes when you only need two fields.
+
+For "create this resource and tell me when it's ready," `aws_resource_create` with `awaitCompletion: true` collapses the usual create-then-poll loop into one tool call:
+
+```
+(calls aws_resource_create with
+   typeName='AWS::SSM::Parameter',
+   desiredState={Name: '/my/param', Type: 'String', Value: 'hello'},
+   awaitCompletion: true)
+-> server polls get-resource-request-status until SUCCESS / FAILED / CANCEL_COMPLETE
+   and returns the terminal ProgressEvent in one call
+```
+
+Same shape for `aws_resource_update` and `aws_resource_delete`. Drop `awaitCompletion` (or set it false) for the default fire-and-poll behavior -- useful when you want to kick off a long-running update and check back later.
+
+For "preview the patch before applying":
+
+```
+(calls aws_resource_diff with
+   typeName='AWS::Lambda::Function',
+   identifier='my-fn',
+   patchDocument=[{op: 'replace', path: '/MemorySize', value: 1024}])
+-> returns { before: {MemorySize: 256, ...}, after: {MemorySize: 1024, ...},
+              changes: [{op: 'replace', path: '/MemorySize', before: 256, after: 1024}] }
+```
+
+No mutation is sent to AWS; the agent can verify the patch before invoking `aws_resource_update`.
+
+For batched workflows, `aws_script` collapses N tool calls into one:
+
+```
+(calls aws_script with code=`
+   const listed = await aws.resource.list({ typeName: "AWS::Lambda::Function" });
+   const big = [];
+   for (const r of listed.resources) {
+     const cfg = await aws.resource.get({
+       typeName: "AWS::Lambda::Function", identifier: r.identifier });
+     if (cfg.properties.MemorySize > 1024) {
+       big.push({ name: cfg.properties.FunctionName, mem: cfg.properties.MemorySize });
+     }
+   }
+   return big;
+`)
+-> one round-trip; the agent gets the filtered list without N intermediate tool calls
+```
+
+For multi-region reads:
+
+```
+(calls aws_multi_region with
+   service='ec2', operation='describe-instances',
+   regions=['us-east-1','us-west-2','eu-west-1'],
+   query='Reservations[].Instances[].InstanceId')
+-> {okCount: 3, errorCount: 0, results: [{region, ok, data}, ...]}
+```
+
+## Requirements
+
+- Node.js 22+
+- AWS CLI v2 installed and on `PATH` (for `aws sso login --no-browser`)
+- An AWS profile configured for SSO / IAM Identity Center in `~/.aws/config`
+
+## Environment
+
+| Variable | Default | Purpose |
+|----------|---------|---------|
+| `AWS_PROFILE` | `default` | Profile used when a tool call omits `profile`. |
+| `AWS_REGION` / `AWS_DEFAULT_REGION` | `us-east-1` | Region used when a tool call omits `region`. `AWS_REGION` wins if both are set. |
+
+If you authenticate via SAML (Okta / Azure AD / ADFS) or a custom `credential_process`, set `AWS_PROFILE` to that profile. The server passes `--profile` through to the AWS CLI, so the CLI's standard credential chain -- `credential_process`, SSO sessions, role chaining, static keys, IMDS -- resolves as usual.
+
+If neither `AWS_PROFILE` is set nor `aws_session_set` has been called and there's no `[default]` section in `~/.aws/config`, tools will fail with `ProfileNotFound`. Set `AWS_PROFILE` in your MCP config to your usual working profile.
+
+## How the SSO login flow works
+
+```
+1. Claude calls aws_login_start({ profile: "prod" })
+2. Server spawns: aws sso login --no-browser --profile prod
+3. Server parses the URL + code from stdout, returns them to Claude
+4. Claude surfaces: "Open https://device.sso.us-east-1.amazonaws.com/ and enter ABCD-EFGH"
+5. You click — browser opens in your own user session — auth in ~10 seconds
+6. Claude calls aws_login_complete({ sessionId })
+7. Tool returns your new identity. Back to work.
+```
+
+The token is cached in `~/.aws/sso/cache/<hash>.json` the same way a normal `aws sso login` would, so the AWS CLI, the SDK, and every other tool on your machine pick it up transparently.
+
+## Why this server must run locally (not on mcp.hosting)
+
+SSO tokens live in `~/.aws/sso/cache/` on *your* device. A remote MCP server can't read them. So this is a stdio server, not a hosted one. That's a constraint of AWS SSO, not a limitation of mcp.hosting.
+
+## Stability
+
+From 1.0 onward this package follows [Semantic Versioning](https://semver.org/spec/v2.0.0.html). The 0.x line is the pre-stability tightening phase -- breaking changes are documented in [`CHANGELOG.md`](./CHANGELOG.md) but are not necessarily gated on a major bump.
+
+**Stable in 1.x (anything below is a breaking change requiring a major bump):**
+
+- **Tool names** -- the 25 tool names listed in the Tools table above will not be renamed or removed.
+- **Tool annotations** -- `readOnlyHint`, `destructiveHint`, `idempotentHint`, `openWorldHint`. These signal to MCP hosts how to gate calls; flipping them silently would break host UIs.
+- **Required input fields** -- the required fields per tool will not change shape or be removed. New *optional* fields may be added.
+- **Success envelope shape per tool** -- the `data` object on `{ok: true, data}` responses, specifically:
+  - `aws_call` -> `{command, result}`
+  - `aws_paginate` -> `{command, result, nextToken, hasMore}`
+  - `aws_multi_region` -> `{service, operation, regionCount, okCount, errorCount, results: [{region, ok, data?, command?, error?, errorKind?}]}`
+  - `aws_whoami` -> `{account, userId, arn, profile, region, ssoToken: {expiresAt, minutesLeft, startUrl?} | null}` (`startUrl` is omitted when the cached token didn't record one)
+  - `aws_login_start` -> `{sessionId, profile, verificationUrl, userCode, instructions, reused?}` (`reused: true` when re-surfacing an in-flight login for the same profile)
+  - `aws_login_complete` -> `{loggedIn, account, userId, arn, profile, region, ssoToken}` (same `ssoToken` shape as `aws_whoami`, including the optional `startUrl`)
+  - `aws_refresh_if_expiring_soon` -> **one of two shapes by branch:** `{status: "ok", minutesLeft, expiresAt, profile}` when the cached token has more than `thresholdMinutes` left, or `{status: "refreshing", reason, sessionId, profile, verificationUrl, userCode, reused?, instructions}` when a refresh is in flight. Discriminate on `status`.
+  - `aws_assume_role` -> `{profile, credentialsPath, expiration, assumedRoleArn, assumedRoleId, sourceProfile, hint}`
+  - `aws_list_profiles` -> `{configPath, profiles: [{name, region?, ssoStartUrl?, ssoRegion?, ssoSession?, isSso}]}`
+  - `aws_session_get` / `aws_session_set` / `aws_session_clear` -> `{profile, region, profileSource, regionSource}` where `*Source` is `"session" | "env" | "default"`. All three return the same shape (set/clear return the post-mutation state).
+  - `aws_resource_get` -> `{command, typeName, identifier, properties, propertiesRaw?}`
+  - `aws_resource_list` -> `{command, typeName, resources: [{identifier, properties}], nextToken, hasMore}`
+  - `aws_resource_create` / `_update` / `_delete` / `_status` -> flat-promoted `{command, requestToken, operationStatus, identifier, errorCode, statusMessage, retryAfter, progressEvent}` plus an `awaited: {attempts, elapsedMs}` block when `awaitCompletion: true` was passed
+  - `aws_resource_diff` -> `{command, typeName, identifier, before, after, changes, changeCount}`
+  - `aws_logs_tail` -> `{command, logGroupName, since, eventCount, events}`
+  - `aws_metrics_query` -> `{command, profile, region, startTime, endTime, periodSeconds, series: [{id, label?, timestamps, values, period?, statusCode?}], nextToken, hasMore, messages?: [{code?, value?}]}` (`messages` is omitted when empty; per-series `label` / `period` / `statusCode` are present when CloudWatch returns them or the query specifies/inherits a period; `nextToken` is null and `hasMore` false unless CloudWatch truncated the response)
+  - `aws_iam_simulate` -> `{command, principalArn, summary: {allowed, denied, total}, results, evaluationResults}`
+  - `aws_script` -> `{result, logs, truncatedLogs, durationMs}` where `result` is whatever the script `return`ed (any JSON-serializable value, including `undefined`)
+  - `aws_docs_search` -> `{query, count, results: [{title, url, summary?, excerpt?}]}` (`summary` / `excerpt` are present only when the upstream search backend returns them)
+  - `aws_docs_read` -> `{url, cached, content, startIndex, endIndex, totalLength, hasMore, nextStartIndex}`
+- **Error envelope** -- `{ok: false, error: string, rawBody?: string}`. The `error` string is human-readable; its *wording* is best-effort (see below).
+- **`errorKind` enum on `aws_multi_region`** -- `"sso_expired" | "no_creds" | "bad_input" | "spawn_failure" | "timeout" | "output_too_large" | "nonzero_exit"`. New variants may be added (additive); existing ones won't be renamed or repurposed.
+
+**Best-effort (may change in a minor or patch):**
+
+- **Error message wording.** Strings like "SSO session expired for profile 'X'. Call aws_login_start..." may be retuned for clarity. Anchor on `errorKind` (for `aws_multi_region`) or the structured envelope, not on regex-matching `error` text.
+- **`rawBody`** content -- raw stderr/stdout from the underlying `aws` CLI for diagnostic purposes. Format follows whatever the CLI emits in your installed version.
+- **`command`** strings -- the human-readable command shown alongside results. Argv ordering and the exact redaction-stub format (`<redacted len=N>`) may shift.
+- **Tool *descriptions*** -- the prose surfaced to the model. Tightening these is non-breaking.
+
+**Deprecation policy:** breaking a stable shape requires a major bump. A deprecation lands first in a minor (the old shape continues to work and the new shape becomes available alongside it), with a removal scheduled for the next major. Both the deprecation and the removal show up in `CHANGELOG.md`.
+
+## License
+
+MIT

package/dist/index.js

@@ -30054,6 +30054,9 @@ var require_turndown_cjs = __commonJS({
   }
 });
 
+// src/index.ts
+import { pathToFileURL } from "node:url";
+
 // node_modules/zod/v3/helpers/util.js
 var util;
 (function(util2) {
@@ -50924,11 +50927,11 @@ var Protocol = class {
    *
    * The Protocol object assumes ownership of the Transport, replacing any callbacks that have already been set, and expects that it is the only user of the Transport instance going forward.
    */
-  async connect(transport2) {
+  async connect(transport) {
     if (this._transport) {
       throw new Error("Already connected to a transport. Call close() before connecting to a new transport, or use a separate Protocol instance per connection.");
     }
-    this._transport = transport2;
+    this._transport = transport;
     const _onclose = this.transport?.onclose;
     this._transport.onclose = () => {
       _onclose?.();
@@ -52518,8 +52521,8 @@ var McpServer = class {
    *
    * The `server` object assumes ownership of the Transport, replacing any callbacks that have already been set, and expects that it is the only user of the Transport instance going forward.
    */
-  async connect(transport2) {
-    return await this.server.connect(transport2);
+  async connect(transport) {
+    return await this.server.connect(transport);
   }
   /**
    * Closes the connection.
@@ -54207,6 +54210,8 @@ function doStartSsoLogin(profile, opts) {
           sessionId,
           verificationUrl: urlSeen,
           userCode: codeSeen,
+          // `|| "default"` is vestigial -- see the empty-profile note above;
+          // `profile` is always non-empty here (startSsoLogin rejects "").
           profile: profile || "default"
         });
       }
@@ -54307,7 +54312,7 @@ async function waitForLogin(sessionId) {
     return {
       ok: false,
       exitCode: null,
-      error: `No active login session with id '${sessionId}'. Call aws_login_start first.`
+      error: `No active login session with id '${sessionId}'. It may have already completed (waitForLogin is fire-once -- the session is dropped after the first call resolves) or it may never have started. If a prior aws_login_complete already returned success for this id, the login is done; run aws_whoami to confirm rather than starting over. Otherwise call aws_login_start first.`
     };
   }
   try {
@@ -54350,6 +54355,9 @@ function parseAwsConfig(text) {
         currentSsoSession = { name: ssoName, data: {} };
         continue;
       }
+      if (sectionName2 !== "default" && !/^profile\s+/.test(sectionName2)) {
+        continue;
+      }
       const name = sectionName2 === "default" ? "default" : sectionName2.replace(/^profile\s+/, "");
       current = { name, isSso: false };
       continue;
@@ -54431,6 +54439,7 @@ var profilesTools = [
 
 // src/tools/auth.ts
 var MAX_SSO_CACHE_FILE_BYTES = 64 * 1024;
+var _startSsoLoginImpl = (profile) => startSsoLogin(profile);
 function findCachedSsoToken(cacheDir = join3(homedir3(), ".aws", "sso", "cache"), opts = {}) {
   try {
     const files = readdirSync(cacheDir).filter((f) => f.endsWith(".json"));
@@ -54462,6 +54471,14 @@ function findCachedSsoToken(cacheDir = join3(homedir3(), ".aws", "sso", "cache")
   }
   return null;
 }
+function projectSsoToken(cachedToken) {
+  if (!cachedToken) return null;
+  return {
+    expiresAt: cachedToken.expiresAt,
+    minutesLeft: cachedToken.minutesLeft,
+    startUrl: cachedToken.startUrl
+  };
+}
 function startUrlForProfile(profile) {
   try {
     const text = readFileSync3(join3(homedir3(), ".aws", "config"), "utf-8");
@@ -54526,11 +54543,7 @@ var authTools = [
           arn: identity.arn,
           profile: useProfile,
           region: useRegion,
-          ssoToken: cachedToken ? {
-            expiresAt: cachedToken.expiresAt,
-            minutesLeft: cachedToken.minutesLeft,
-            startUrl: cachedToken.startUrl
-          } : null
+          ssoToken: projectSsoToken(cachedToken)
         }
       };
     }
@@ -54565,7 +54578,7 @@ var authTools = [
           }
         };
       }
-      const result = await startSsoLogin(useProfile);
+      const result = await _startSsoLoginImpl(useProfile);
       if (!result.ok) {
         return {
           ok: false,
@@ -54630,7 +54643,7 @@ var authTools = [
           arn: identity.arn,
           profile: useProfile,
           region: useRegion,
-          ssoToken: cachedToken
+          ssoToken: projectSsoToken(cachedToken)
         }
       };
     }
@@ -54682,7 +54695,7 @@ var authTools = [
           }
         };
       }
-      const loginResult = await startSsoLogin(useProfile);
+      const loginResult = await _startSsoLoginImpl(useProfile);
       if (!loginResult.ok) {
         return { ok: false, error: loginResult.error, rawBody: loginResult.rawOutput };
       }
@@ -54750,7 +54763,14 @@ var callTools = [
         return {
           ok: false,
           error: result.error,
-          rawBody: result.rawStderr ?? result.rawStdout
+          // Treat an empty-string rawStderr as "no stderr" so a nonzero exit
+          // that wrote its diagnostic to stdout (rare but observed: some
+          // `aws` operations route through stdout when stderr is closed or
+          // when a wrapper script swallows stderr) still surfaces the
+          // stdout body. Pinned by call.test.ts -- the failure-shape
+          // contract is "diagnostic text first, stdout second" rather
+          // than "stderr always wins even when empty".
+          rawBody: result.rawStderr ? result.rawStderr : result.rawStdout
         };
       }
       return {
@@ -55321,6 +55341,12 @@ var logsTools = [
           }
         }
       }
+      if (i.logStreamNamePrefix && !isValidLogStreamName(i.logStreamNamePrefix)) {
+        return {
+          ok: false,
+          error: `Invalid logStreamNamePrefix '${i.logStreamNamePrefix}'. Must be 1-512 chars, not start with '-', and contain no ':', '*', or control characters.`
+        };
+      }
       const extraFlags = [i.logGroupName, "--format", "json", "--since", i.since ?? "10m"];
       if (i.filterPattern) extraFlags.push("--filter-pattern", i.filterPattern);
       if (i.logStreamNames && i.logStreamNames.length > 0) {
@@ -55358,6 +55384,87 @@ var logsTools = [
   }
 ];
 
+// src/tools/paginate.ts
+function extractNextToken(data) {
+  if (data && typeof data === "object" && "NextToken" in data) {
+    const token = data.NextToken;
+    if (typeof token === "string" && token.length > 0) return token;
+  }
+  return null;
+}
+function wrapQueryForPagination(userQuery) {
+  return `{NextToken: NextToken, items: ${userQuery}}`;
+}
+var paginateTools = [
+  {
+    name: "aws_paginate",
+    description: "Fetch one page of a paginated AWS list/describe operation. Identical to aws_call plus `maxItems` (page size) and `startingToken` (resume cursor). Returns the parsed response, a `nextToken` (null when the list is exhausted), and `hasMore`. Call again with the returned nextToken as startingToken until hasMore is false. Use this instead of aws_call for operations that might exceed the 5 MB stdout cap: list-objects-v2, describe-instances, describe-log-streams, list-roles, etc.",
+    annotations: {
+      title: "Fetch one page of a paginated AWS operation",
+      readOnlyHint: true,
+      destructiveHint: false,
+      idempotentHint: true,
+      openWorldHint: true
+    },
+    inputSchema: external_exports3.object({
+      service: external_exports3.string().describe("AWS service in kebab-case: 's3api', 'ec2', 'iam', 'logs', etc."),
+      operation: external_exports3.string().describe("Paginated operation: 'list-objects-v2', 'describe-instances', 'list-roles', etc."),
+      params: external_exports3.record(external_exports3.string(), external_exports3.unknown()).optional().describe("Operation parameters (PascalCase keys) passed via --cli-input-json."),
+      query: external_exports3.string().optional().describe(
+        "JMESPath expression to extract fields from each page (--query). The query is wrapped server-side as {NextToken, items: <query>} so pagination still works even when the projection drops NextToken; the handler unwraps `items` before returning."
+      ),
+      maxItems: external_exports3.number().int().positive().optional().describe("Items per page. Default 100. Lower this if hitting the 5 MB output cap."),
+      startingToken: external_exports3.string().optional().describe("Resume cursor from the previous call's `nextToken`. Omit for the first page."),
+      profile: external_exports3.string().optional().describe("Override session profile for this call."),
+      region: external_exports3.string().optional().describe("Override session region for this call."),
+      timeoutMs: external_exports3.number().int().positive().optional().describe("Timeout in milliseconds. Default 60000.")
+    }),
+    handler: async (input) => {
+      const i = input;
+      const maxItems = i.maxItems ?? 100;
+      const extraFlags = ["--max-items", String(maxItems)];
+      if (i.startingToken) {
+        extraFlags.push("--starting-token", i.startingToken);
+      }
+      const userQuery = i.query?.trim();
+      const queryWrapped = userQuery ? wrapQueryForPagination(userQuery) : void 0;
+      const result = await runAwsCall({
+        service: i.service,
+        operation: i.operation,
+        params: i.params,
+        query: queryWrapped,
+        profile: i.profile,
+        region: i.region,
+        outputFormat: "json",
+        timeoutMs: i.timeoutMs,
+        extraFlags
+      });
+      if (!result.ok) {
+        return { ok: false, error: result.error, rawBody: result.rawStderr ?? result.rawStdout };
+      }
+      let resultBody;
+      let nextToken;
+      if (queryWrapped) {
+        const wrapped = result.data ?? {};
+        nextToken = extractNextToken(wrapped);
+        resultBody = wrapped.items ?? null;
+      } else {
+        nextToken = extractNextToken(result.data);
+        resultBody = result.data;
+      }
+      return {
+        ok: true,
+        data: {
+          command: result.command,
+          result: resultBody,
+          nextToken,
+          hasMore: nextToken !== null
+        }
+      };
+    }
+  }
+];
+
 // src/tools/metrics.ts
 var SIMPLE_STATS = ["Average", "Sum", "Maximum", "Minimum", "SampleCount"];
 var EXTENDED_STAT_RE = /^(p|tm|tc|wm|pr|ts|iqm)(\d{1,3}(\.\d{1,3})?)?$/i;
@@ -55376,6 +55483,7 @@ function canonicalizeStatistic(s) {
 }
 var QUERY_ID_RE = /^[a-z][A-Za-z0-9_]*$/;
 var MAX_QUERIES = 100;
+var CLOUDWATCH_MAX_DATAPOINTS = 100800;
 var PERIOD_3H_MS = 3 * 60 * 60 * 1e3;
 var PERIOD_24H_MS = 24 * 60 * 60 * 1e3;
 var PERIOD_15D_MS = 15 * 24 * 60 * 60 * 1e3;
@@ -55436,7 +55544,7 @@ function buildMetricDataQueries(inputs, autoPeriod) {
 var metricsTools = [
   {
     name: "aws_metrics_query",
-    description: "Query CloudWatch metrics via GetMetricData (the modern multi-metric / expression-capable API, not the legacy get-metric-statistics). Pass `queries` as a flat array of {id, namespace, metricName, dimensions?, statistic?, period?, expression?, label?}; the tool shapes them into MetricDataQueries for you. `startTime`/`endTime` accept ISO 8601 or relative shorthand ('15m', '1h', '1d', '1w'); endTime defaults to 'now'. Period is auto-picked from the time range when omitted (60s for <=3h, 300s for <=24h, 900s for <=15d, 3600s otherwise) to stay under CloudWatch's ~100,800-datapoint response cap. Returns {series: [{id, label?, timestamps, values, statusCode?}], messages?, periodSeconds, profile, region, nextToken, hasMore}. When CloudWatch truncates a large response, `hasMore` is true and `nextToken` carries the resume cursor -- call again with `nextToken` set to fetch the next page (rare for typical agent queries that stay within the per-request cap). Use for 'show me the CPU on this instance for the last hour', 'sum lambda invocations across these 3 functions', or expression-based 'p99 latency divided by average latency' lookups.",
+    description: "Query CloudWatch metrics via GetMetricData (the modern multi-metric / expression-capable API, not the legacy get-metric-statistics). Pass `queries` as a flat array of {id, namespace, metricName, dimensions?, statistic?, period?, expression?, label?}; the tool shapes them into MetricDataQueries for you. `startTime`/`endTime` accept ISO 8601 or relative shorthand ('15m', '1h', '1d', '1w'); endTime defaults to 'now'. Period is auto-picked from the time range when omitted (60s for <=3h, 300s for <=24h, 900s for <=15d, 3600s otherwise) to stay under CloudWatch's ~100,800-datapoint response cap. Returns {series: [{id, label?, timestamps, values, period?, statusCode?}], messages?, periodSeconds, profile, region, nextToken, hasMore}. Each series' `period` is the effective granularity for that query (its explicit period, or the auto-pick it inherited); it is omitted for an expression query that didn't set one. The top-level `periodSeconds` is always the auto-pick. When CloudWatch truncates a large response, `hasMore` is true and `nextToken` carries the resume cursor -- call again with `nextToken` set to fetch the next page (rare for typical agent queries that stay within the per-request cap). Use for 'show me the CPU on this instance for the last hour', 'sum lambda invocations across these 3 functions', or expression-based 'p99 latency divided by average latency' lookups.",
     annotations: {
       title: "Query CloudWatch metrics (GetMetricData)",
       readOnlyHint: true,
@@ -55471,7 +55579,7 @@ var metricsTools = [
       endTime: external_exports3.string().optional().describe("ISO 8601 timestamp or relative shorthand. Default 'now'."),
       scanBy: external_exports3.enum(["TimestampAscending", "TimestampDescending"]).optional().describe("Sort order for returned datapoints. Default 'TimestampDescending' (matches CloudWatch's default)."),
       maxDataPoints: external_exports3.number().int().positive().optional().describe(
-        "Soft cap on returned datapoints across all queries. CloudWatch's hard cap is ~100,800; lower this to keep response sizes manageable. Forwarded as CloudWatch's MaxDatapoints (single 'p') field; the camelCase schema name follows this server's convention."
+        "Target datapoint count. CloudWatch does not truncate to the first N points -- it widens (coarsens) the period server-side so the series aggregates down to fit this many points. CloudWatch's own ceiling is ~100,800; lower this to make CloudWatch return a coarser, smaller series. Forwarded as CloudWatch's MaxDatapoints (single 'p') field; the camelCase schema name follows this server's convention."
       ),
       nextToken: external_exports3.string().optional().describe(
         "Resume cursor from a previous call's `nextToken`. Omit for the first page. Forwarded as CloudWatch's NextToken; only meaningful when a prior call returned `hasMore: true`."
@@ -55543,6 +55651,23 @@ var metricsTools = [
           error: `endTime (${endDate.toISOString()}) must be after startTime (${startDate.toISOString()}).`
         };
       }
+      const rangeSeconds = (endDate.getTime() - startDate.getTime()) / 1e3;
+      for (const q of i.queries) {
+        if (q.period === void 0) continue;
+        if (q.period <= 0 || q.period % 60 !== 0) {
+          return {
+            ok: false,
+            error: `Query '${q.id}' has invalid period ${q.period}. CloudWatch requires period to be a positive multiple of 60 (seconds).`
+          };
+        }
+        const datapoints = Math.ceil(rangeSeconds / q.period);
+        if (datapoints > CLOUDWATCH_MAX_DATAPOINTS) {
+          return {
+            ok: false,
+            error: `Query '${q.id}' with period ${q.period}s over the requested range (${startDate.toISOString()} to ${endDate.toISOString()}) would request ${datapoints} datapoints, exceeding CloudWatch's per-request cap of ${CLOUDWATCH_MAX_DATAPOINTS}. Widen the period or narrow the time range.`
+          };
+        }
+      }
       const periodSeconds = pickAutoPeriodSeconds(startDate.getTime(), endDate.getTime());
       const metricDataQueries = buildMetricDataQueries(i.queries, periodSeconds);
       const params = {
@@ -55568,18 +55693,24 @@ var metricsTools = [
         return { ok: false, error: result.error, rawBody: result.rawStderr ?? result.rawStdout };
       }
       const raw = result.data ?? {};
-      const series = (raw.MetricDataResults ?? []).map((r) => ({
-        id: r.Id ?? "",
-        ...r.Label !== void 0 ? { label: r.Label } : {},
-        timestamps: r.Timestamps ?? [],
-        values: r.Values ?? [],
-        ...r.StatusCode !== void 0 ? { statusCode: r.StatusCode } : {}
-      }));
+      const queryById = new Map(i.queries.map((q) => [q.id, q]));
+      const series = (raw.MetricDataResults ?? []).map((r) => {
+        const q = queryById.get(r.Id ?? "");
+        const effectivePeriod = q?.period ?? (q && q.expression === void 0 ? periodSeconds : void 0);
+        return {
+          id: r.Id ?? "",
+          ...r.Label !== void 0 ? { label: r.Label } : {},
+          timestamps: r.Timestamps ?? [],
+          values: r.Values ?? [],
+          ...effectivePeriod !== void 0 ? { period: effectivePeriod } : {},
+          ...r.StatusCode !== void 0 ? { statusCode: r.StatusCode } : {}
+        };
+      });
       const messages = raw.Messages?.filter((m) => m.Code || m.Value).map((m) => ({
         code: m.Code,
         value: m.Value
       }));
-      const nextToken = typeof raw.NextToken === "string" && raw.NextToken.length > 0 ? raw.NextToken : null;
+      const nextToken = extractNextToken(raw);
       return {
         ok: true,
         data: {
@@ -55634,7 +55765,7 @@ var multiRegionTools = [
       service: external_exports3.string().describe("AWS service in kebab-case: 's3api', 'ec2', 'iam', etc."),
       operation: external_exports3.string().describe("Operation in kebab-case: 'describe-instances', 'list-buckets', etc."),
       regions: external_exports3.array(external_exports3.string().min(1)).min(1).max(MAX_REGIONS).describe(
-        `Region IDs (e.g. ['us-east-1','us-west-2','eu-west-1']). 1-${MAX_REGIONS}. Validated for argv-safety; bad region names fail per-region rather than poisoning the batch.`
+        `Region IDs (e.g. ['us-east-1','us-west-2','eu-west-1']). 1-${MAX_REGIONS}. Validated for argv-safety; a bad region name yields a clear per-region error and skips its CLI spawn (per-region isolation comes from each region being a separate call, not from this pre-check).`
       ),
       params: external_exports3.record(external_exports3.string(), external_exports3.unknown()).optional().describe("Operation parameters (PascalCase keys) -- same shape as aws_call."),
       query: external_exports3.string().optional().describe("JMESPath expression for --query (server-side trimming per region)."),
@@ -55701,87 +55832,6 @@ var multiRegionTools = [
   }
 ];
 
-// src/tools/paginate.ts
-function extractNextToken(data) {
-  if (data && typeof data === "object" && "NextToken" in data) {
-    const token = data.NextToken;
-    if (typeof token === "string" && token.length > 0) return token;
-  }
-  return null;
-}
-function wrapQueryForPagination(userQuery) {
-  return `{NextToken: NextToken, items: ${userQuery}}`;
-}
-var paginateTools = [
-  {
-    name: "aws_paginate",
-    description: "Fetch one page of a paginated AWS list/describe operation. Identical to aws_call plus `maxItems` (page size) and `startingToken` (resume cursor). Returns the parsed response, a `nextToken` (null when the list is exhausted), and `hasMore`. Call again with the returned nextToken as startingToken until hasMore is false. Use this instead of aws_call for operations that might exceed the 5 MB stdout cap: list-objects-v2, describe-instances, describe-log-streams, list-roles, etc.",
-    annotations: {
-      title: "Fetch one page of a paginated AWS operation",
-      readOnlyHint: true,
-      destructiveHint: false,
-      idempotentHint: true,
-      openWorldHint: true
-    },
-    inputSchema: external_exports3.object({
-      service: external_exports3.string().describe("AWS service in kebab-case: 's3api', 'ec2', 'iam', 'logs', etc."),
-      operation: external_exports3.string().describe("Paginated operation: 'list-objects-v2', 'describe-instances', 'list-roles', etc."),
-      params: external_exports3.record(external_exports3.string(), external_exports3.unknown()).optional().describe("Operation parameters (PascalCase keys) passed via --cli-input-json."),
-      query: external_exports3.string().optional().describe(
-        "JMESPath expression to extract fields from each page (--query). The query is wrapped server-side as {NextToken, items: <query>} so pagination still works even when the projection drops NextToken; the handler unwraps `items` before returning."
-      ),
-      maxItems: external_exports3.number().int().positive().optional().describe("Items per page. Default 100. Lower this if hitting the 5 MB output cap."),
-      startingToken: external_exports3.string().optional().describe("Resume cursor from the previous call's `nextToken`. Omit for the first page."),
-      profile: external_exports3.string().optional().describe("Override session profile for this call."),
-      region: external_exports3.string().optional().describe("Override session region for this call."),
-      timeoutMs: external_exports3.number().int().positive().optional().describe("Timeout in milliseconds. Default 60000.")
-    }),
-    handler: async (input) => {
-      const i = input;
-      const maxItems = i.maxItems ?? 100;
-      const extraFlags = ["--max-items", String(maxItems)];
-      if (i.startingToken) {
-        extraFlags.push("--starting-token", i.startingToken);
-      }
-      const userQuery = i.query?.trim();
-      const queryWrapped = userQuery ? wrapQueryForPagination(userQuery) : void 0;
-      const result = await runAwsCall({
-        service: i.service,
-        operation: i.operation,
-        params: i.params,
-        query: queryWrapped,
-        profile: i.profile,
-        region: i.region,
-        outputFormat: "json",
-        timeoutMs: i.timeoutMs,
-        extraFlags
-      });
-      if (!result.ok) {
-        return { ok: false, error: result.error, rawBody: result.rawStderr ?? result.rawStdout };
-      }
-      let resultBody;
-      let nextToken;
-      if (queryWrapped) {
-        const wrapped = result.data ?? {};
-        nextToken = typeof wrapped.NextToken === "string" && wrapped.NextToken.length > 0 ? wrapped.NextToken : null;
-        resultBody = wrapped.items ?? null;
-      } else {
-        nextToken = extractNextToken(result.data);
-        resultBody = result.data;
-      }
-      return {
-        ok: true,
-        data: {
-          command: result.command,
-          result: resultBody,
-          nextToken,
-          hasMore: nextToken !== null
-        }
-      };
-    }
-  }
-];
-
 // src/tools/resource.ts
 var TYPE_NAME_RE = /^[A-Z][A-Za-z0-9]*::[A-Z][A-Za-z0-9]*::[A-Z][A-Za-z0-9]*$/;
 function isValidIdentifier(id) {
@@ -56065,7 +56115,7 @@ var resourceTools = [
         const p = parseResourceProperties(d);
         return { identifier: p.Identifier, properties: p.Properties };
       });
-      const nextToken = typeof raw?.NextToken === "string" && raw.NextToken.length > 0 ? raw.NextToken : null;
+      const nextToken = extractNextToken(raw);
       return {
         ok: true,
         data: {
@@ -56755,10 +56805,10 @@ var scriptTools = [
     },
     inputSchema: external_exports3.object({
       code: external_exports3.string().min(1).describe(
-        "JavaScript snippet evaluated inside `(async () => { ... })()`. Use `return <value>` to surface a result. Bound globals: aws.call, aws.paginate, aws.paginateAll, aws.resource.{get,list,create,update,delete,status}, aws.logsTail, aws.metricsQuery, aws.iamSimulate, aws.multiRegion, aws.assumeRole, aws.docs.{search,read}, console (capture), JSON, Math, Date, Promise, Array, Object, String, Number, Boolean, Error, Intl, Atomics, SharedArrayBuffer, WebAssembly (compile blocked). Intentionally NOT bound (call as sibling MCP tools instead): aws_list_profiles, the auth/session tools, and aws_script itself. Shadowed (undefined): require, import, process, fs, fetch + family, BroadcastChannel, setTimeout/Interval, queueMicrotask, Buffer, global, globalThis. NOT available (ReferenceError if used): URL, URLSearchParams, TextEncoder, TextDecoder, crypto, structuredClone, EventTarget, MessageChannel, performance. eval/Function are disabled (codeGeneration off). Tool helpers throw on failure -- wrap in try/catch when you want to handle errors per-call."
+        "JavaScript snippet evaluated inside `(async () => { ... })()`. Use `return <value>` to surface a result. Bound globals: aws.call, aws.paginate, aws.paginateAll, aws.resource.{get,list,create,update,delete,status}, aws.logsTail, aws.metricsQuery, aws.iamSimulate, aws.multiRegion, aws.assumeRole, aws.docs.{search,read}, console (capture), JSON, Math, Date, Promise, Array, Object, String, Number, Boolean, Error, Intl, Atomics, SharedArrayBuffer, WebAssembly (compile blocked). Intentionally NOT bound (call as sibling MCP tools instead): aws_list_profiles, the auth/session tools, and aws_script itself. Shadowed (undefined): require, process, fetch + family, BroadcastChannel, setTimeout/Interval, queueMicrotask, Buffer, global, globalThis. NOT available (ReferenceError if used): URL, URLSearchParams, TextEncoder, TextDecoder, crypto, structuredClone, EventTarget, MessageChannel, performance, fs, import. eval/Function are disabled (codeGeneration off). Tool helpers throw on failure -- wrap in try/catch when you want to handle errors per-call."
       ),
       timeoutMs: external_exports3.number().int().positive().max(MAX_TIMEOUT_MS).optional().describe(
-        `Wall-clock timeout in milliseconds. Default ${DEFAULT_TIMEOUT_MS2}; max ${MAX_TIMEOUT_MS}. Covers evaluation plus every awaited aws.* call. On timeout the script stops being awaited and the tool returns an error, but any aws.* call already in flight is NOT cancelled -- it continues until its own per-call timeout (default 60s). Plan retries accordingly: a script that timed out mid 'resource.delete' may have completed the delete; re-issuing the same script can double-mutate.`
+        `Wall-clock timeout in milliseconds. Default ${DEFAULT_TIMEOUT_MS2}; max ${MAX_TIMEOUT_MS}. Best-effort across evaluation plus awaited aws.* calls -- it fires on synchronous spin before the first await and on async wall-clock once the script has yielded, but a synchronous infinite loop BETWEEN awaits can outrun the timer and is not guaranteed to be interrupted. On timeout the script stops being awaited and the tool returns an error, but any aws.* call already in flight is NOT cancelled -- it continues until its own per-call timeout (default 60s). Plan retries accordingly: a script that timed out mid 'resource.delete' may have completed the delete; re-issuing the same script can double-mutate.`
       )
     }),
     handler: async (input) => {
@@ -56807,12 +56857,32 @@ var sessionTools = [
           error: "Nothing to set \u2014 pass at least one of 'profile' or 'region'. Use aws_session_get to read current values."
         };
       }
-      try {
-        if (profile !== void 0) setProfile(profile);
-        if (region !== void 0) setRegion(region);
-      } catch (err) {
-        return { ok: false, error: err instanceof Error ? err.message : String(err) };
+      if (profile !== void 0) {
+        const trimmed = profile.trim();
+        if (!trimmed) {
+          return { ok: false, error: "Profile name cannot be empty" };
+        }
+        if (!isValidProfileName(trimmed)) {
+          return {
+            ok: false,
+            error: `Invalid profile name '${trimmed}'. Must be 1-128 chars from [A-Za-z0-9_+=,.@:-], must not start with '-' or '=', no whitespace or shell metacharacters.`
+          };
+        }
+      }
+      if (region !== void 0) {
+        const trimmed = region.trim();
+        if (!trimmed) {
+          return { ok: false, error: "Region cannot be empty" };
+        }
+        if (!isValidRegionName(trimmed)) {
+          return {
+            ok: false,
+            error: `Invalid region '${trimmed}'. Must match /^[a-z][a-z0-9-]{2,30}$/ (e.g. 'us-east-1', 'eu-west-3').`
+          };
+        }
       }
+      if (profile !== void 0) setProfile(profile);
+      if (region !== void 0) setRegion(region);
       return { ok: true, data: getSessionState() };
     }
   },
@@ -56856,9 +56926,40 @@ var sessionTools = [
 ];
 
 // src/index.ts
-var version2 = true ? "1.3.3" : (await null).createRequire(import.meta.url)("../package.json").version;
+function toMcpResult(response) {
+  if (!response.ok) {
+    const baseError = `Error: ${response.error || "Unknown error"}`;
+    const errorText = response.rawBody ? `${baseError}
+
+${response.rawBody}` : baseError;
+    return {
+      content: [{ type: "text", text: errorText }],
+      isError: true
+    };
+  }
+  const text = response.rawBody ?? JSON.stringify(response.data ?? { success: true }, null, 2);
+  return {
+    content: [{ type: "text", text }]
+  };
+}
+function errorToMcpResult(err, toolName) {
+  const message = err instanceof Error ? err.message : String(err);
+  const stack = err instanceof Error ? err.stack : void 0;
+  console.error(`[aws-mcp] handler '${toolName}' threw: ${message}`);
+  if (stack) console.error(stack);
+  return {
+    content: [{ type: "text", text: `Error: ${message}` }],
+    isError: true
+  };
+}
+var version2 = true ? "1.4.1" : (await null).createRequire(import.meta.url)("../package.json").version;
+var isEntryPoint = (() => {
+  const entry = process.argv[1];
+  if (!entry) return false;
+  return import.meta.url === pathToFileURL(entry).href;
+})();
 var subcommand = process.argv[2];
-if (subcommand === "version" || subcommand === "--version") {
+if (isEntryPoint && (subcommand === "version" || subcommand === "--version")) {
   console.log(version2);
   process.exit(0);
 }
@@ -56877,49 +56978,29 @@ var allTools = [
   ...docsTools,
   ...scriptTools
 ];
-var server = new McpServer({
-  name: "@yawlabs/aws-mcp",
-  version: version2
-});
-for (const tool of allTools) {
-  server.tool(
-    tool.name,
-    tool.description,
-    tool.inputSchema.shape,
-    tool.annotations,
-    async (input) => {
+if (isEntryPoint) {
+  const server = new McpServer({
+    name: "@yawlabs/aws-mcp",
+    version: version2
+  });
+  for (const tool of allTools) {
+    server.tool(tool.name, tool.description, tool.inputSchema.shape, tool.annotations, async (input) => {
       try {
-        const response = await tool.handler(input);
-        if (!response.ok) {
-          const baseError = `Error: ${response.error || "Unknown error"}`;
-          const errorText = response.rawBody ? `${baseError}
-
-${response.rawBody}` : baseError;
-          return {
-            content: [{ type: "text", text: errorText }],
-            isError: true
-          };
-        }
-        const text = response.rawBody ?? JSON.stringify(response.data ?? { success: true }, null, 2);
-        return {
-          content: [{ type: "text", text }]
-        };
+        return toMcpResult(await tool.handler(input));
       } catch (err) {
-        const message = err instanceof Error ? err.message : String(err);
-        const stack = err instanceof Error ? err.stack : void 0;
-        console.error(`[aws-mcp] handler '${tool.name}' threw: ${message}`);
-        if (stack) console.error(stack);
-        return {
-          content: [{ type: "text", text: `Error: ${message}` }],
-          isError: true
-        };
+        return errorToMcpResult(err, tool.name);
       }
-    }
-  );
+    });
+  }
+  const transport = new StdioServerTransport();
+  await server.connect(transport);
+  console.error(`@yawlabs/aws-mcp v${version2} ready (${allTools.length} tools)`);
 }
-var transport = new StdioServerTransport();
-await server.connect(transport);
-console.error(`@yawlabs/aws-mcp v${version2} ready (${allTools.length} tools)`);
+export {
+  allTools,
+  errorToMcpResult,
+  toMcpResult
+};
 /*! Bundled license information:
 
 he/he.js:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@yawlabs/aws-mcp",
-  "version": "1.3.3",
+  "version": "1.4.1",
   "mcpName": "io.github.YawLabs/aws-mcp",
   "description": "AWS MCP server — call any AWS API from AI assistants, with first-class SSO re-login (no more 'browser won't open' dead ends)",
   "license": "MIT",