aws-runtime-bridge 1.0.1 → 1.0.3

package/dist/services/aws-client-agent-mcp.js

@@ -1,49 +1,52 @@
-import { cpSync, existsSync, mkdirSync } from 'node:fs';
-import path from 'node:path';
-import { fileURLToPath } from 'node:url';
-import { getRuntimeHomeDir, schedulerBaseUrl } from '../config.js';
-import { logger } from '../utils/logger.js';
-export const AWS_MCP_SERVER_NAME = 'aws-mcp';
+import { cpSync, existsSync, mkdirSync } from "node:fs";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+import { getRuntimeHomeDir, port, schedulerBaseUrl } from "../config.js";
+import { getRuntimeAccessToken, loadRuntimeBinding, } from "./runtime-binding.js";
+import { logger } from "../utils/logger.js";
+export const AWS_MCP_SERVER_NAME = "aws-mcp";
 const AWS_MCP_ALLOWED_ENV_KEYS = [
-    'AWS_INTERNAL_API_KEY',
-    'AWS_PROJECT_NAME',
-    'AWS_PROMPT',
-    'AWS_ROLE_NAME',
-    'AWS_SERVER_URL',
-    'AWS_MCP_HTTP_URL',
-    'AWS_HEARTBEAT_INTERVAL',
-    'AWS_HEARTBEAT_TIMEOUT',
-    'PATH',
-    'HOME',
-    'USERPROFILE',
-    'TMP',
-    'TEMP',
-    'SystemRoot',
-    'COMSPEC',
-    'PATHEXT',
-    'WINDIR',
+    "AWS_INTERNAL_API_KEY",
+    "AWS_PROJECT_NAME",
+    "AWS_PROMPT",
+    "AWS_ROLE_NAME",
+    "AWS_SERVER_URL",
+    "AWS_MCP_HTTP_URL",
+    "AWS_RUNTIME_ACCESS_TOKEN",
+    "AWS_RUNTIME_BRIDGE_BASE_URL",
+    "AWS_HEARTBEAT_INTERVAL",
+    "AWS_HEARTBEAT_TIMEOUT",
+    "PATH",
+    "HOME",
+    "USERPROFILE",
+    "TMP",
+    "TEMP",
+    "SystemRoot",
+    "COMSPEC",
+    "PATHEXT",
+    "WINDIR",
 ];
 function getPackageRoot() {
     const currentFile = fileURLToPath(import.meta.url);
-    return path.resolve(path.dirname(currentFile), '..', '..');
+    return path.resolve(path.dirname(currentFile), "..", "..");
 }
 function getBundledEntryPath() {
-    return path.join(getPackageRoot(), 'package', 'aws-client-agent-mcp', 'dist', 'index.js');
+    return path.join(getPackageRoot(), "package", "aws-client-agent-mcp", "dist", "index.js");
 }
 function getReleasedMcpRoot() {
-    return path.join(getRuntimeHomeDir(), '.aws-bridge', 'mcp');
+    return path.join(getRuntimeHomeDir(), ".aws-bridge", "mcp");
 }
 export function getReleasedMcpDistPath() {
-    return path.join(getReleasedMcpRoot(), 'dist');
+    return path.join(getReleasedMcpRoot(), "dist");
 }
 function getReleasedEntryPath() {
-    return path.join(getReleasedMcpDistPath(), 'index.js');
+    return path.join(getReleasedMcpDistPath(), "index.js");
 }
 export function releaseBundledAwsClientAgentMcp() {
     const bundledDist = path.dirname(getBundledEntryPath());
     const releasedDist = getReleasedMcpDistPath();
-    const releasedEntry = path.join(releasedDist, 'index.js');
-    if (!existsSync(path.join(bundledDist, 'index.js'))) {
+    const releasedEntry = path.join(releasedDist, "index.js");
+    if (!existsSync(path.join(bundledDist, "index.js"))) {
         return null;
     }
     if (!existsSync(releasedEntry)) {
@@ -58,67 +61,90 @@ export function releaseBundledAwsClientAgentMcp() {
     return releasedEntry;
 }
 function getStringEnv() {
-    return Object.fromEntries(Object.entries(process.env).filter((entry) => typeof entry[1] === 'string'));
+    return Object.fromEntries(Object.entries(process.env).filter((entry) => typeof entry[1] === "string"));
 }
 function getAllowedAwsMcpEnv(baseEnv) {
     return Object.fromEntries(AWS_MCP_ALLOWED_ENV_KEYS.flatMap((key) => {
         const value = baseEnv[key];
-        return typeof value === 'string' && value.length > 0 ? [[key, value]] : [];
+        return typeof value === "string" && value.length > 0
+            ? [[key, value]]
+            : [];
     }));
 }
 function parseAwsClientAgentMcpArgs(raw) {
     try {
         const parsed = JSON.parse(raw);
-        if (Array.isArray(parsed) && parsed.every((value) => typeof value === 'string')) {
+        if (Array.isArray(parsed) &&
+            parsed.every((value) => typeof value === "string")) {
             return parsed;
         }
     }
     catch (error) {
         logger.warn(`[runtime-bridge] AWS_CLIENT_AGENT_MCP_ARGS 不是合法 JSON，已忽略: ${error instanceof Error ? error.message : String(error)}`);
     }
-    logger.warn('[runtime-bridge] AWS_CLIENT_AGENT_MCP_ARGS 必须是 string[] JSON，已忽略');
+    logger.warn("[runtime-bridge] AWS_CLIENT_AGENT_MCP_ARGS 必须是 string[] JSON，已忽略");
     return [];
 }
 function toWebSocketUrl(baseUrl) {
-    const url = new URL('/ws/agent', baseUrl);
-    if (url.protocol === 'https:') {
-        url.protocol = 'wss:';
+    const url = new URL("/ws/agent", baseUrl);
+    if (url.protocol === "https:") {
+        url.protocol = "wss:";
     }
     else {
-        url.protocol = 'ws:';
+        url.protocol = "ws:";
     }
     return url.toString();
 }
 function toMcpHttpUrl(baseUrl) {
-    return new URL('/mcp/call', baseUrl).toString();
+    return new URL("/mcp/call", baseUrl).toString();
+}
+function resolveSchedulerBaseUrlForMcp() {
+    const envSchedulerBaseUrl = String(process.env.AWS_RUNTIME_SCHEDULER_BASE_URL || "").trim();
+    if (envSchedulerBaseUrl) {
+        return envSchedulerBaseUrl;
+    }
+    const binding = loadRuntimeBinding();
+    const pairedSchedulerBaseUrl = String(binding.schedulerBaseUrl || "").trim();
+    if (binding.status === "paired" && pairedSchedulerBaseUrl) {
+        return pairedSchedulerBaseUrl;
+    }
+    return schedulerBaseUrl;
 }
 export function resolveAwsClientAgentMcpCommand(options = {}) {
     return getAwsClientAgentMcpPreparedInfo(options);
 }
 export function getAwsClientAgentMcpPreparedInfo(options = {}) {
-    const overrideCommand = String(process.env.AWS_CLIENT_AGENT_MCP_COMMAND || '').trim();
+    const overrideCommand = String(process.env.AWS_CLIENT_AGENT_MCP_COMMAND || "").trim();
     if (overrideCommand) {
         return {
-            source: 'override',
+            source: "override",
             command: overrideCommand,
-            args: process.env.AWS_CLIENT_AGENT_MCP_ARGS ? parseAwsClientAgentMcpArgs(process.env.AWS_CLIENT_AGENT_MCP_ARGS) : [],
+            args: process.env.AWS_CLIENT_AGENT_MCP_ARGS
+                ? parseAwsClientAgentMcpArgs(process.env.AWS_CLIENT_AGENT_MCP_ARGS)
+                : [],
         };
     }
     const exists = options.exists || existsSync;
     const releasedEntry = getReleasedEntryPath();
     if (exists(releasedEntry)) {
-        return { source: 'bundled', command: process.execPath, args: [releasedEntry] };
+        return {
+            source: "bundled",
+            command: process.execPath,
+            args: [releasedEntry],
+        };
     }
     const release = options.release || releaseBundledAwsClientAgentMcp;
     const released = release();
     if (released && exists(released)) {
-        return { source: 'bundled', command: process.execPath, args: [released] };
+        return { source: "bundled", command: process.execPath, args: [released] };
     }
-    return { source: 'global', command: 'aws-client-agent-mcp', args: [] };
+    return { source: "global", command: "aws-client-agent-mcp", args: [] };
 }
 export function buildAwsMcpServerConfig(input) {
     const env = getStringEnv();
     const command = getAwsClientAgentMcpPreparedInfo();
+    const effectiveSchedulerBaseUrl = resolveSchedulerBaseUrlForMcp();
+    const issuedRuntimeAccessToken = getRuntimeAccessToken();
     return {
         command: command.command,
         args: command.args,
@@ -126,15 +152,21 @@ export function buildAwsMcpServerConfig(input) {
             ...getAllowedAwsMcpEnv(env),
             AWS_AGENT_ID: input.agentId,
             AWS_WORKSPACE_PATH: input.workspacePath,
-            AWS_SERVER_URL: env.AWS_SERVER_URL || toWebSocketUrl(schedulerBaseUrl),
-            AWS_MCP_HTTP_URL: env.AWS_MCP_HTTP_URL || toMcpHttpUrl(schedulerBaseUrl),
+            AWS_SERVER_URL: env.AWS_SERVER_URL || toWebSocketUrl(effectiveSchedulerBaseUrl),
+            AWS_MCP_HTTP_URL: env.AWS_MCP_HTTP_URL || toMcpHttpUrl(effectiveSchedulerBaseUrl),
+            AWS_RUNTIME_BRIDGE_BASE_URL: env.AWS_RUNTIME_BRIDGE_BASE_URL || `http://127.0.0.1:${port}`,
+            ...(issuedRuntimeAccessToken
+                ? { AWS_RUNTIME_ACCESS_TOKEN: issuedRuntimeAccessToken }
+                : {}),
         },
     };
 }
 export function ensureAwsClientAgentMcpReleased() {
     const prepared = getAwsClientAgentMcpPreparedInfo();
-    const commandLine = prepared.args[0] ? `${prepared.command} ${prepared.args.join(' ')}` : prepared.command;
-    if (prepared.source === 'global') {
+    const commandLine = prepared.args[0]
+        ? `${prepared.command} ${prepared.args.join(" ")}`
+        : prepared.command;
+    if (prepared.source === "global") {
         logger.warn(`[runtime-bridge] ${AWS_MCP_SERVER_NAME} MCP 未找到 bundled 产物，启动时将回退到 PATH 命令: ${commandLine}`);
         return;
     }

package/dist/services/runtime-binding.d.ts

@@ -0,0 +1,42 @@
+export type RuntimeBindingState = {
+    status: "unpaired" | "paired";
+    instanceId?: string;
+    userId?: string;
+    schedulerBaseUrl?: string;
+    /**
+     * Plain runtime access token issued by the scheduler.
+     * Stored locally with 0600 permissions so child MCP processes can authenticate
+     * scheduler calls without exposing the token in public status APIs.
+     */
+    accessToken?: string;
+    tokenHash?: string;
+    createdAt?: string;
+    updatedAt?: string;
+    revokedAt?: string;
+};
+export declare function getRuntimePairingCode(): string;
+export declare function getRuntimeBindingFilePath(): string;
+export declare function getRuntimeTokenStoreFilePath(): string;
+export declare function buildRuntimeTokenKey(userId: unknown, serverBaseUrl: unknown): string;
+export declare function saveScopedRuntimeAccessToken(input: {
+    userId: string;
+    serverBaseUrl: string;
+    accessToken: string;
+}): string;
+export declare function getScopedRuntimeAccessToken(userId: unknown, serverBaseUrl: unknown): string | undefined;
+export declare function loadRuntimeBinding(): RuntimeBindingState;
+export declare function getRuntimeBindingPublicState(): Omit<RuntimeBindingState, "tokenHash" | "accessToken"> & {
+    paired: boolean;
+};
+export declare function hasRuntimeBinding(): boolean;
+export declare function validateRuntimeBindingToken(token: unknown): boolean;
+export declare function getRuntimeAccessToken(userId?: unknown, serverBaseUrl?: unknown): string | undefined;
+export declare function validateRuntimePairingCode(code: unknown): boolean;
+export declare function saveRuntimeBinding(input: {
+    accessToken: string;
+    instanceId?: string;
+    userId?: string;
+    schedulerBaseUrl?: string;
+}): RuntimeBindingState;
+export declare function clearRuntimeBinding(): void;
+//# sourceMappingURL=runtime-binding.d.ts.map

package/dist/services/runtime-binding.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"runtime-binding.d.ts","sourceRoot":"","sources":["../../src/services/runtime-binding.ts"],"names":[],"mappings":"AASA,MAAM,MAAM,mBAAmB,GAAG;IAChC,MAAM,EAAE,UAAU,GAAG,QAAQ,CAAC;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAoDF,wBAAgB,qBAAqB,IAAI,MAAM,CAE9C;AAED,wBAAgB,yBAAyB,IAAI,MAAM,CAElD;AAED,wBAAgB,4BAA4B,IAAI,MAAM,CAErD;AAoBD,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,OAAO,EACf,aAAa,EAAE,OAAO,GACrB,MAAM,CAYR;AAsCD,wBAAgB,4BAA4B,CAAC,KAAK,EAAE;IAClD,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;CACrB,GAAG,MAAM,CAWT;AAED,wBAAgB,2BAA2B,CACzC,MAAM,EAAE,OAAO,EACf,aAAa,EAAE,OAAO,GACrB,MAAM,GAAG,SAAS,CAUpB;AAcD,wBAAgB,kBAAkB,IAAI,mBAAmB,CAWxD;AAED,wBAAgB,4BAA4B,IAAI,IAAI,CAClD,mBAAmB,EACnB,WAAW,GAAG,aAAa,CAC5B,GAAG;IAAE,MAAM,EAAE,OAAO,CAAA;CAAE,CAWtB;AAED,wBAAgB,iBAAiB,IAAI,OAAO,CAG3C;AAED,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAcnE;AAED,wBAAgB,qBAAqB,CACnC,MAAM,CAAC,EAAE,OAAO,EAChB,aAAa,CAAC,EAAE,OAAO,GACtB,MAAM,GAAG,SAAS,CAWpB;AAED,wBAAgB,0BAA0B,CAAC,IAAI,EAAE,OAAO,GAAG,OAAO,CAEjE;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE;IACxC,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B,GAAG,mBAAmB,CAuCtB;AAED,wBAAgB,mBAAmB,IAAI,IAAI,CAkB1C"}

package/dist/services/runtime-binding.js

@@ -0,0 +1,257 @@
+import crypto from "node:crypto";
+import fs from "node:fs";
+import path from "node:path";
+import { getRuntimeHomeDir } from "../config.js";
+import { createLogger } from "../utils/logger.js";
+const log = createLogger("runtime-binding");
+const TOKEN_HASH_ALGORITHM = "sha256";
+const pairingCode = generatePairingCode();
+function generatePairingCode() {
+    const value = crypto.randomInt(0, 1_000_000);
+    return String(value)
+        .padStart(6, "0")
+        .replace(/(\d{3})(\d{3})/, "$1-$2");
+}
+function bindingDir() {
+    return path.join(getRuntimeHomeDir(), ".agentswork", "runtime-bridge");
+}
+function bindingFile() {
+    return path.join(bindingDir(), "binding.json");
+}
+function tokenStoreFile() {
+    return path.join(bindingDir(), "runtime-tokens.properties");
+}
+function hashToken(token) {
+    return crypto
+        .createHash(TOKEN_HASH_ALGORITHM)
+        .update(token, "utf8")
+        .digest("hex");
+}
+function safeEqual(a, b) {
+    const left = Buffer.from(a, "hex");
+    const right = Buffer.from(b, "hex");
+    if (left.length !== right.length) {
+        return false;
+    }
+    return crypto.timingSafeEqual(left, right);
+}
+function safeTextEqual(a, b) {
+    const left = Buffer.from(a, "utf8");
+    const right = Buffer.from(b, "utf8");
+    if (left.length !== right.length) {
+        return false;
+    }
+    return crypto.timingSafeEqual(left, right);
+}
+function normalizeToken(token) {
+    return String(token || "").trim();
+}
+export function getRuntimePairingCode() {
+    return pairingCode;
+}
+export function getRuntimeBindingFilePath() {
+    return bindingFile();
+}
+export function getRuntimeTokenStoreFilePath() {
+    return tokenStoreFile();
+}
+function normalizeServerIp(serverBaseUrl) {
+    const raw = String(serverBaseUrl || "").trim();
+    if (!raw) {
+        return "";
+    }
+    try {
+        return new URL(raw).hostname.toLowerCase();
+    }
+    catch {
+        return raw
+            .replace(/^wss?:\/\//i, "")
+            .replace(/^https?:\/\//i, "")
+            .split("/")[0]
+            .split(":")[0]
+            .toLowerCase();
+    }
+}
+export function buildRuntimeTokenKey(userId, serverBaseUrl) {
+    const normalizedUserId = String(userId || "").trim();
+    const serverIp = normalizeServerIp(serverBaseUrl);
+    if (!normalizedUserId || !serverIp) {
+        throw new Error("userId and serverBaseUrl are required to build runtime token key");
+    }
+    return crypto
+        .createHash("md5")
+        .update(`${normalizedUserId}:${serverIp}`, "utf8")
+        .digest("hex");
+}
+function loadRuntimeTokenStore() {
+    const result = new Map();
+    try {
+        const content = fs.readFileSync(tokenStoreFile(), "utf8");
+        for (const line of content.split(/\r?\n/)) {
+            const trimmed = line.trim();
+            if (!trimmed || trimmed.startsWith("#")) {
+                continue;
+            }
+            const separatorIndex = trimmed.indexOf("=");
+            if (separatorIndex <= 0) {
+                continue;
+            }
+            const key = trimmed.slice(0, separatorIndex).trim();
+            const token = trimmed.slice(separatorIndex + 1).trim();
+            if (key && token) {
+                result.set(key, token);
+            }
+        }
+    }
+    catch {
+        // Missing token store is valid for an unpaired bridge.
+    }
+    return result;
+}
+function saveRuntimeTokenStore(tokens) {
+    fs.mkdirSync(bindingDir(), { recursive: true });
+    const lines = [...tokens.entries()]
+        .sort(([left], [right]) => left.localeCompare(right))
+        .map(([key, token]) => `${key}=${token}`);
+    fs.writeFileSync(tokenStoreFile(), `${lines.join("\n")}\n`, {
+        encoding: "utf8",
+        mode: 0o600,
+    });
+}
+export function saveScopedRuntimeAccessToken(input) {
+    const accessToken = normalizeToken(input.accessToken);
+    if (accessToken.length < 16) {
+        throw new Error("accessToken must be at least 16 characters");
+    }
+    const key = buildRuntimeTokenKey(input.userId, input.serverBaseUrl);
+    const tokens = loadRuntimeTokenStore();
+    tokens.set(key, accessToken);
+    saveRuntimeTokenStore(tokens);
+    return key;
+}
+export function getScopedRuntimeAccessToken(userId, serverBaseUrl) {
+    if (!userId || !serverBaseUrl) {
+        return undefined;
+    }
+    try {
+        const key = buildRuntimeTokenKey(userId, serverBaseUrl);
+        return loadRuntimeTokenStore().get(key);
+    }
+    catch {
+        return undefined;
+    }
+}
+function validateRuntimeTokenStore(token) {
+    if (!token) {
+        return false;
+    }
+    for (const storedToken of loadRuntimeTokenStore().values()) {
+        if (safeTextEqual(token, storedToken)) {
+            return true;
+        }
+    }
+    return false;
+}
+export function loadRuntimeBinding() {
+    try {
+        const raw = fs.readFileSync(bindingFile(), "utf8");
+        const parsed = JSON.parse(raw);
+        if (parsed?.status === "paired" && parsed.tokenHash) {
+            return parsed;
+        }
+    }
+    catch {
+        // Missing or invalid binding file means the bridge is unpaired.
+    }
+    return { status: "unpaired" };
+}
+export function getRuntimeBindingPublicState() {
+    const state = loadRuntimeBinding();
+    const { tokenHash: _tokenHash, accessToken: _accessToken, ...publicState } = state;
+    return {
+        ...publicState,
+        paired: state.status === "paired",
+    };
+}
+export function hasRuntimeBinding() {
+    const state = loadRuntimeBinding();
+    return state.status === "paired" && Boolean(state.tokenHash);
+}
+export function validateRuntimeBindingToken(token) {
+    const candidate = normalizeToken(token);
+    if (!candidate) {
+        return false;
+    }
+    const state = loadRuntimeBinding();
+    if (state.status === "paired" && state.tokenHash) {
+        if (safeEqual(hashToken(candidate), state.tokenHash)) {
+            return true;
+        }
+    }
+    return validateRuntimeTokenStore(candidate);
+}
+export function getRuntimeAccessToken(userId, serverBaseUrl) {
+    const scopedToken = getScopedRuntimeAccessToken(userId, serverBaseUrl);
+    if (scopedToken) {
+        return scopedToken;
+    }
+    const state = loadRuntimeBinding();
+    if (state.status !== "paired") {
+        return undefined;
+    }
+    return normalizeToken(state.accessToken) || undefined;
+}
+export function validateRuntimePairingCode(code) {
+    return String(code || "").trim() === pairingCode;
+}
+export function saveRuntimeBinding(input) {
+    const accessToken = normalizeToken(input.accessToken);
+    if (accessToken.length < 16) {
+        throw new Error("accessToken must be at least 16 characters");
+    }
+    const previous = loadRuntimeBinding();
+    const now = new Date().toISOString();
+    const next = {
+        status: "paired",
+        instanceId: input.instanceId
+            ? String(input.instanceId)
+            : previous.instanceId,
+        userId: input.userId ? String(input.userId) : previous.userId,
+        schedulerBaseUrl: input.schedulerBaseUrl
+            ? String(input.schedulerBaseUrl)
+            : previous.schedulerBaseUrl,
+        accessToken,
+        tokenHash: hashToken(accessToken),
+        createdAt: previous.createdAt || now,
+        updatedAt: now,
+    };
+    fs.mkdirSync(bindingDir(), { recursive: true });
+    fs.writeFileSync(bindingFile(), `${JSON.stringify(next, null, 2)}\n`, {
+        encoding: "utf8",
+        mode: 0o600,
+    });
+    if (next.userId && next.schedulerBaseUrl) {
+        const key = saveScopedRuntimeAccessToken({
+            userId: next.userId,
+            serverBaseUrl: next.schedulerBaseUrl,
+            accessToken,
+        });
+        log.info(`[runtime-bridge] scoped runtime token saved: key=${key}`);
+    }
+    log.info(`[runtime-bridge] runtime binding saved: ${bindingFile()}`);
+    return next;
+}
+export function clearRuntimeBinding() {
+    const current = loadRuntimeBinding();
+    const revokedState = {
+        ...current,
+        status: "unpaired",
+        accessToken: undefined,
+        tokenHash: undefined,
+        revokedAt: new Date().toISOString(),
+        updatedAt: new Date().toISOString(),
+    };
+    fs.mkdirSync(bindingDir(), { recursive: true });
+    fs.writeFileSync(bindingFile(), `${JSON.stringify(revokedState, null, 2)}\n`, { encoding: "utf8", mode: 0o600 });
+    log.info("[runtime-bridge] runtime binding cleared");
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aws-runtime-bridge",
-  "version": "1.0.1",
+  "version": "1.0.3",
   "description": "AgentsWorkStudio runtime bridge service for machine-level agent runtime integration",
   "type": "module",
   "main": "dist/index.js",