aws-cli-agent 0.4.0 → 0.6.0

package/dist/tools/aws-cli.js

@@ -3,6 +3,7 @@ import { tool } from 'ai';
 import { z } from 'zod';
 import { confirm } from '@inquirer/prompts';
 import chalk from 'chalk';
+import { FATAL_AWS_EXIT_CODES, FatalAwsCliError, UserCancelledError, wrapPrompt } from '../errors.js';
 const READ_ONLY_VERBS = [
     /^describe-/,
     /^list-/,
@@ -107,14 +108,40 @@ function runCaptured(cmd, args) {
  */
 function runInteractive(cmd, args) {
     return new Promise((resolve, reject) => {
+        // Detach our SIGINT handler for the duration of the child's lifetime.
+        // Background: when the user presses Ctrl-C inside an SSM session, the
+        // OS delivers SIGINT to the whole foreground process group — both the
+        // aws CLI child AND this Node process. Node's default SIGINT handler
+        // would terminate us, which tears down the inherited stdin file
+        // descriptor before the aws CLI has finished its own cleanup. The
+        // result is the aws CLI seeing "input/output error" on /dev/stdin and
+        // printing a confusing error to the user.
+        //
+        // By installing a no-op SIGINT listener, we override Node's default
+        // behavior: Node sees the signal as "handled" and doesn't terminate
+        // us. The aws CLI subprocess gets the signal too (same process group)
+        // and runs its own clean shutdown — closing the SSM session politely,
+        // exiting with code 0 or 130. We then continue normally.
+        //
+        // The listener is removed in `close` so SIGINT during normal agent
+        // reasoning still aborts the run as expected.
+        const noopSigint = () => {
+            /* deliberately empty — see comment above */
+        };
+        process.on('SIGINT', noopSigint);
         const proc = spawn(cmd, args, {
             env: process.env,
-            stdio: 'inherit', // ← the fix: child reuses parent's stdin/stdout/stderr
+            stdio: 'inherit', // child reuses parent's stdin/stdout/stderr
+        });
+        proc.on('error', (err) => {
+            process.removeListener('SIGINT', noopSigint);
+            reject(err);
+        });
+        proc.on('close', (code) => {
+            process.removeListener('SIGINT', noopSigint);
+            // We can't observe stdout/stderr — they went to the user's terminal.
+            resolve({ stdout: '', stderr: '', code: code ?? 0 });
         });
-        proc.on('error', reject);
-        proc.on('close', (code) => 
-        // We can't observe stdout/stderr — they went to the user's terminal.
-        resolve({ stdout: '', stderr: '', code: code ?? 0 }));
     });
 }
 export function awsCliTool(opts) {
@@ -164,7 +191,7 @@ export function awsCliTool(opts) {
                 if (useInteractive) {
                     process.stderr.write(`${chalk.bold('  Mode:    ')}${chalk.yellow('interactive')} (your terminal will be connected to the command)\n`);
                 }
-                const ok = await confirm({ message: 'Execute this command?', default: true });
+                const ok = await wrapPrompt((ctx) => confirm({ message: 'Execute this command?', default: true }, ctx));
                 if (!ok) {
                     opts.logger.warn('User declined command');
                     // Record the declined call so the agent's end-of-run logic sees
@@ -208,9 +235,18 @@ export function awsCliTool(opts) {
                         opts.logger.trace('stderr', stderr);
                     }
                 }
-                else if (code !== 0) {
+                else if (code !== 0 && code !== 130) {
+                    // Exit 130 in interactive mode = user pressed Ctrl-C to end their
+                    // SSM session, shell, port-forward, etc. That's expected, not a
+                    // failure. Anything else is genuine — log it.
                     opts.logger.warn(`Interactive AWS CLI exited non-zero (${code})`);
                 }
+                // SSM sessions and other interactive AWS CLI commands return 130
+                // when the user Ctrl-Cs to end the session. That's the normal way
+                // to leave a shell — treat it as success for ok/exit purposes so we
+                // don't surface it as an error in cli.ts. The real exit code is
+                // still recorded in the audit log for accuracy.
+                const effectivelyOk = code === 0 || (useInteractive && code === 130);
                 // Audit captures whatever we have. For interactive runs stdout/stderr
                 // are empty — that's accurate, the bytes went to the terminal — and
                 // the audit entry serves as a record that "an interactive session
@@ -219,7 +255,7 @@ export function awsCliTool(opts) {
                     cmd: display,
                     profile,
                     exitCode: code,
-                    ok: code === 0,
+                    ok: effectivelyOk,
                     stdout: useInteractive ? '[interactive session — output not captured]' : stdout,
                     stderr: useInteractive ? '' : stderr,
                 });
@@ -234,18 +270,33 @@ export function awsCliTool(opts) {
                         : stdout,
                     stderr: useInteractive ? '' : stderr,
                     exitCode: code,
-                    ok: code === 0,
+                    ok: effectivelyOk,
                 });
                 // For the agent's context, return a clear signal that interactive
                 // mode ran so it doesn't try to parse fictional stdout.
                 if (useInteractive) {
                     return {
-                        ok: code === 0,
+                        ok: effectivelyOk,
                         exitCode: code,
                         interactive: true,
                         note: 'Interactive session ran. Output went directly to the user\'s terminal and was not captured. Do not summarize or describe its contents.',
                     };
                 }
+                // Classify failures. Fatal exit codes (252-255) indicate the call
+                // won't succeed without external intervention — bad credentials,
+                // missing resource, malformed request, AWS service failure. We
+                // throw FatalAwsCliError (after recording the audit trail above)
+                // rather than returning a result to the model: the throw unwinds
+                // the agent loop entirely, the user sees the AWS stderr in red,
+                // and we exit 1. The model never gets a chance to retry, because
+                // these classes of error don't get better with retries.
+                //
+                // Soft failures (other non-zero exits) ARE returned to the model
+                // as ordinary results. The model may retry with a different
+                // approach. maxSteps bounds the worst case if that goes nowhere.
+                if (code !== 0 && FATAL_AWS_EXIT_CODES.has(code)) {
+                    throw new FatalAwsCliError(display, code, stderr);
+                }
                 return {
                     ok: code === 0,
                     exitCode: code,
@@ -254,6 +305,11 @@ export function awsCliTool(opts) {
                 };
             }
             catch (err) {
+                // FatalAwsCliError is our own signal — propagate it cleanly.
+                // UserCancelledError must propagate too (Ctrl-C at the approval
+                // prompt) or it'd get swallowed into a spawn-failure log entry.
+                if (err instanceof FatalAwsCliError || err instanceof UserCancelledError)
+                    throw err;
                 const msg = err instanceof Error ? err.message : String(err);
                 opts.logger.error('Failed to spawn aws CLI', msg);
                 opts.audit.logCommand({

package/dist/tools/bash.js

@@ -7,6 +7,7 @@ import { z } from 'zod';
 import { select } from '@inquirer/prompts';
 import chalk from 'chalk';
 import { DEFAULT_SCRIPT_FOLDER } from '../paths.js';
+import { wrapPrompt } from '../errors.js';
 function runProcess(cmd, args) {
     return new Promise((resolve, reject) => {
         const proc = spawn(cmd, args, { env: process.env });
@@ -74,7 +75,7 @@ export function bashScriptTool(opts) {
             // — auto-approving them would defeat a primary safety boundary. The
             // autoApprove flag remains in effect for individual aws CLI commands
             // (where read-only is a meaningful and enforceable category).
-            const action = await select({
+            const action = await wrapPrompt((ctx) => select({
                 message: 'What would you like to do with this script?',
                 choices: [
                     { value: 'execute', name: 'Execute now' },
@@ -82,7 +83,7 @@ export function bashScriptTool(opts) {
                     { value: 'cancel', name: 'Cancel' },
                 ],
                 default: 'execute',
-            });
+            }, ctx));
             if (action === 'cancel') {
                 opts.logger.warn('User cancelled script');
                 // Record the cancelled call so the agent's end-of-run logic sees

package/dist/tools/prompt.js

@@ -2,6 +2,7 @@ import { tool } from 'ai';
 import { z } from 'zod';
 import { confirm, input, password, select } from '@inquirer/prompts';
 import chalk from 'chalk';
+import { wrapPrompt } from '../errors.js';
 /**
  * Schema for a single question. Used both by `prompt_user` directly (single
  * question per call) and `prompt_user_multi` (batch of questions in one call).
@@ -44,28 +45,31 @@ async function askOne(q, logger) {
             if (!q.choices || q.choices.length === 0) {
                 throw new Error('kind="choice" requires non-empty `choices`.');
             }
-            const answer = await select({
+            // Capture narrowed value: TS loses the q.choices !== undefined
+            // narrowing across the closure boundary below.
+            const choices = q.choices;
+            const answer = await wrapPrompt((ctx) => select({
                 message: q.message,
-                choices: q.choices.map((c) => ({ value: c, name: c })),
+                choices: choices.map((c) => ({ value: c, name: c })),
                 default: q.defaultValue,
-            });
+            }, ctx));
             return answer;
         }
         case 'confirm': {
             const def = (q.defaultValue ?? 'yes').toLowerCase().startsWith('y');
-            const answer = await confirm({ message: q.message, default: def });
+            const answer = await wrapPrompt((ctx) => confirm({ message: q.message, default: def }, ctx));
             return answer ? 'yes' : 'no';
         }
         case 'secret': {
             // Inquirer's password prompt masks input. Used for short secrets like
             // MFA codes; long-lived AWS credentials should always come from the
             // user's profile, not be typed here.
-            const answer = await password({ message: q.message, mask: '*' });
+            const answer = await wrapPrompt((ctx) => password({ message: q.message, mask: '*' }, ctx));
             return answer;
         }
         case 'text':
         default: {
-            const answer = await input({ message: q.message, default: q.defaultValue });
+            const answer = await wrapPrompt((ctx) => input({ message: q.message, default: q.defaultValue }, ctx));
             return answer;
         }
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aws-cli-agent",
-  "version": "0.4.0",
+  "version": "0.6.0",
   "description": "Agentic AI assistant that turns natural-language requests into AWS CLI commands and runs them locally.",
   "type": "module",
   "bin": {
@@ -51,23 +51,23 @@
   },
   "homepage": "https://github.com/trstnk/aws-cli-agent#readme",
   "dependencies": {
-    "@ai-sdk/amazon-bedrock": "^4.0.106",
-    "@ai-sdk/anthropic": "^3.0.78",
-    "@ai-sdk/google": "^3.0.74",
-    "@ai-sdk/openai": "^3.0.64",
-    "@aws-sdk/credential-providers": "^3.1046.0",
-    "@inquirer/prompts": "^7.3.0",
-    "ai": "^6.0.183",
-    "chalk": "^5.4.0",
-    "commander": "^13.0.0",
+    "@ai-sdk/amazon-bedrock": "^4.0.111",
+    "@ai-sdk/anthropic": "^3.0.81",
+    "@ai-sdk/google": "^3.0.80",
+    "@ai-sdk/openai": "^3.0.67",
+    "@aws-sdk/credential-providers": "^3.1057.0",
+    "@inquirer/prompts": "^8.5.1",
+    "ai": "^6.0.193",
+    "chalk": "^5.6.2",
+    "commander": "^15.0.0",
     "zod": "^4.4.3"
   },
   "devDependencies": {
     "@eslint/js": "^10.0.1",
-    "@types/node": "^25.8.0",
-    "eslint": "^10.4.0",
-    "tsx": "^4.22.0",
+    "@types/node": "^25.9.1",
+    "eslint": "^10.4.1",
+    "tsx": "^4.22.3",
     "typescript": "^6.0.3",
-    "typescript-eslint": "^8.59.3"
+    "typescript-eslint": "^8.60.0"
   }
 }