mcp-aws-manager 0.1.0

package/bin/mcp-aws-manager-mcp.js

@@ -0,0 +1,550 @@
+#!/usr/bin/env node
+"use strict";
+
+const path = require("node:path");
+const { spawn } = require("node:child_process");
+
+const { McpServer } = require("@modelcontextprotocol/sdk/server/mcp.js");
+const { StdioServerTransport } = require("@modelcontextprotocol/sdk/server/stdio.js");
+const z4 = require("zod/v4");
+
+const z = z4.z || z4;
+const pkg = require("../package.json");
+
+const CLI_SCRIPT_PATH = path.join(__dirname, "mcp-aws-manager.js");
+const DEFAULT_TIMEOUT_SEC = 300;
+const DEFAULT_STDIO_TEXT_LIMIT = 16000;
+const DEFAULT_JSON_TEXT_LIMIT = 120000;
+
+function usageText() {
+  return [
+    "mcp-aws-manager-mcp",
+    "",
+    "MCP stdio wrapper for the mcp-aws-manager CLI.",
+    "Starts an MCP server that exposes a discover tool for AI clients.",
+    "",
+    "Usage:",
+    "  mcp-aws-manager-mcp",
+    "  mcp-aws-manager-mcp --help",
+    "",
+    "Notes:",
+    "  - This process is an MCP stdio server. Do not run it interactively unless your client",
+    "    speaks MCP over stdio (Claude Desktop, Cursor, Cline, etc.).",
+    "  - The discover tool mirrors the CLI PEM resolution rules (arg/env/cwd auto-discovery).",
+    ""
+  ].join("\n");
+}
+
+function shouldShowHelp(argv) {
+  return argv.includes("-h") || argv.includes("--help");
+}
+
+function toCsvArg(values) {
+  if (!Array.isArray(values) || !values.length) {
+    return null;
+  }
+  return values.map((v) => String(v).trim()).filter(Boolean).join(",");
+}
+
+function truncateText(value, maxLength = DEFAULT_STDIO_TEXT_LIMIT) {
+  const text = String(value || "");
+  if (text.length <= maxLength) {
+    return text;
+  }
+  const suffix = `\n... [truncated ${text.length - maxLength} chars]`;
+  return text.slice(0, maxLength) + suffix;
+}
+
+function parseStderr(stderrText) {
+  const lines = String(stderrText || "")
+    .split(/\r?\n/)
+    .map((line) => line.trim())
+    .filter(Boolean);
+
+  const warnings = lines.filter((line) => line.startsWith("WARNING: "));
+  const summaryLine = lines.find((line) => line.startsWith("Summary: ")) || null;
+
+  return {
+    lines,
+    warnings,
+    summaryLine
+  };
+}
+
+function buildCliArgs(input) {
+  const args = [CLI_SCRIPT_PATH, "--format", "json"];
+
+  const pemPaths = toCsvArg(input.pemPaths);
+  if (pemPaths) {
+    args.push("--pem-path", pemPaths);
+  } else if (input.pemPath) {
+    args.push("--pem-path", input.pemPath);
+  }
+
+  const profiles = toCsvArg(input.profiles);
+  if (profiles) {
+    args.push("--profiles", profiles);
+  }
+
+  const regions = toCsvArg(input.regions);
+  if (regions) {
+    args.push("--regions", regions);
+  }
+
+  if (input.keyName) {
+    args.push("--key-name", input.keyName);
+  }
+
+  if (input.sshCheck) {
+    args.push("--ssh-check");
+  }
+
+  const sshUsernames = toCsvArg(input.sshUsernames);
+  if (sshUsernames) {
+    args.push("--ssh-usernames", sshUsernames);
+  }
+
+  if (input.sshTimeoutSec != null) {
+    args.push("--ssh-timeout", String(input.sshTimeoutSec));
+  }
+
+  if (input.matchedOnly) {
+    args.push("--matched-only");
+  }
+
+  if (input.noProgress !== false) {
+    args.push("--no-progress");
+  }
+
+  return args;
+}
+
+function runDiscoverCli(input) {
+  const timeoutSec =
+    typeof input.timeoutSec === "number" && Number.isFinite(input.timeoutSec)
+      ? input.timeoutSec
+      : DEFAULT_TIMEOUT_SEC;
+  const timeoutMs = Math.max(1, Math.round(timeoutSec * 1000));
+
+  return new Promise((resolve) => {
+    const child = spawn(process.execPath, buildCliArgs(input), {
+      cwd: input.workingDirectory || process.cwd(),
+      env: process.env,
+      stdio: ["ignore", "pipe", "pipe"]
+    });
+
+    let stdout = "";
+    let stderr = "";
+    let timedOut = false;
+    let exited = false;
+
+    if (child.stdout) {
+      child.stdout.setEncoding("utf8");
+      child.stdout.on("data", (chunk) => {
+        stdout += chunk;
+      });
+    }
+
+    if (child.stderr) {
+      child.stderr.setEncoding("utf8");
+      child.stderr.on("data", (chunk) => {
+        stderr += chunk;
+      });
+    }
+
+    const timer = setTimeout(() => {
+      if (exited) {
+        return;
+      }
+      timedOut = true;
+      try {
+        child.kill("SIGTERM");
+      } catch {}
+      setTimeout(() => {
+        if (!exited) {
+          try {
+            child.kill("SIGKILL");
+          } catch {}
+        }
+      }, 3000).unref();
+    }, timeoutMs);
+    timer.unref();
+
+    child.on("error", (error) => {
+      clearTimeout(timer);
+      exited = true;
+      resolve({
+        ok: false,
+        exitCode: null,
+        signal: null,
+        stdout,
+        stderr,
+        timedOut,
+        spawnError: error && error.message ? error.message : String(error)
+      });
+    });
+
+    child.on("close", (code, signal) => {
+      clearTimeout(timer);
+      exited = true;
+      resolve({
+        ok: true,
+        exitCode: typeof code === "number" ? code : null,
+        signal: signal || null,
+        stdout,
+        stderr,
+        timedOut,
+        spawnError: null
+      });
+    });
+  });
+}
+
+function tryParseJsonArray(text) {
+  const trimmed = String(text || "").trim();
+  if (!trimmed) {
+    return { ok: false, error: "Empty stdout" };
+  }
+  try {
+    const parsed = JSON.parse(trimmed);
+    if (!Array.isArray(parsed)) {
+      return { ok: false, error: "CLI JSON output was not an array" };
+    }
+    return { ok: true, value: parsed };
+  } catch (error) {
+    return {
+      ok: false,
+      error: error && error.message ? error.message : String(error)
+    };
+  }
+}
+
+function summarizeRecords(records) {
+  const summary = {
+    totalRecords: Array.isArray(records) ? records.length : 0,
+    matchedCount: 0,
+    sshCheckedCount: 0,
+    sshReachableCount: 0,
+    profiles: [],
+    regions: []
+  };
+
+  const profiles = new Set();
+  const regions = new Set();
+
+  for (const item of Array.isArray(records) ? records : []) {
+    if (item && item.keyFingerprintMatch === true) {
+      summary.matchedCount += 1;
+    }
+    if (item && item.sshReachable !== null && item.sshReachable !== undefined) {
+      summary.sshCheckedCount += 1;
+    }
+    if (item && item.sshReachable === true) {
+      summary.sshReachableCount += 1;
+    }
+    if (item && item.profile) {
+      profiles.add(String(item.profile));
+    }
+    if (item && item.region) {
+      regions.add(String(item.region));
+    }
+  }
+
+  summary.profiles = Array.from(profiles).sort();
+  summary.regions = Array.from(regions).sort();
+  return summary;
+}
+
+function buildToolTextResponse(payload) {
+  const text = JSON.stringify(payload, null, 2);
+  return truncateText(text, DEFAULT_JSON_TEXT_LIMIT);
+}
+
+async function registerTools(server) {
+  server.registerTool(
+    "discover_public_ec2_with_pem",
+    {
+      title: "Discover EC2 Public IP Inventory (PEM-based)",
+      description:
+        "Runs the local mcp-aws-manager CLI and returns EC2 instances with public IPv4 addresses, including PEM fingerprint matching and optional SSH reachability checks.",
+      annotations: {
+        readOnlyHint: true,
+        destructiveHint: false,
+        idempotentHint: true,
+        openWorldHint: true
+      },
+      inputSchema: {
+        pemPaths: z
+          .array(z.string().min(1))
+          .optional()
+          .describe(
+            "Optional list of local PEM private key file paths. Preferred when multiple keys should be used."
+          ),
+        pemPath: z
+          .string()
+          .min(1)
+          .optional()
+          .describe(
+            "Optional single PEM path. Ignored when pemPaths is provided. If omitted, CLI auto-discovers .pem files in workingDirectory/current directory."
+          ),
+        profiles: z
+          .array(z.string().min(1))
+          .optional()
+          .describe("Optional AWS profile names to scan."),
+        regions: z
+          .array(z.string().min(1))
+          .optional()
+          .describe("Optional AWS regions to scan."),
+        keyName: z
+          .string()
+          .min(1)
+          .optional()
+          .describe("Optional EC2 KeyPair name fallback for matching."),
+        sshCheck: z
+          .boolean()
+          .optional()
+          .describe("If true, attempt SSH authentication checks."),
+        sshUsernames: z
+          .array(z.string().min(1))
+          .optional()
+          .describe("Optional SSH usernames to try when sshCheck=true."),
+        sshTimeoutSec: z
+          .number()
+          .positive()
+          .optional()
+          .describe("SSH timeout in seconds."),
+        matchedOnly: z
+          .boolean()
+          .optional()
+          .describe("If true, return only records matched to the PEM."),
+        noProgress: z
+          .boolean()
+          .optional()
+          .describe("Suppress CLI step progress logs (defaults to true in the MCP wrapper)."),
+        timeoutSec: z
+          .number()
+          .positive()
+          .max(3600)
+          .optional()
+          .describe("Wrapper timeout for the CLI process (default 300s)."),
+        workingDirectory: z
+          .string()
+          .min(1)
+          .optional()
+          .describe(
+            "Optional working directory. Used for relative PEM path resolution and auto .pem discovery when pemPath/pemPaths are omitted."
+          ),
+        maxRecords: z
+          .number()
+          .int()
+          .positive()
+          .max(10000)
+          .optional()
+          .describe("Optional max number of records to include in the MCP response."),
+        includeStderr: z
+          .boolean()
+          .optional()
+          .describe("If true, include CLI stderr logs in the response (truncated).")
+      }
+    },
+    async (args) => {
+      const startedAt = new Date().toISOString();
+      const cliResult = await runDiscoverCli(args);
+      const logInfo = parseStderr(cliResult.stderr);
+
+      if (cliResult.spawnError) {
+        return {
+          content: [
+            {
+              type: "text",
+              text: `Failed to start CLI subprocess: ${cliResult.spawnError}`
+            }
+          ],
+          isError: true
+        };
+      }
+
+      if (cliResult.timedOut) {
+        return {
+          content: [
+            {
+              type: "text",
+              text: buildToolTextResponse({
+                ok: false,
+                error: "CLI process timed out",
+                startedAt,
+                timeoutSec:
+                  typeof args.timeoutSec === "number" ? args.timeoutSec : DEFAULT_TIMEOUT_SEC,
+                exitCode: cliResult.exitCode,
+                signal: cliResult.signal,
+                stderr: truncateText(cliResult.stderr)
+              })
+            }
+          ],
+          isError: true
+        };
+      }
+
+      const parsed = tryParseJsonArray(cliResult.stdout);
+      if (!parsed.ok) {
+        return {
+          content: [
+            {
+              type: "text",
+              text: buildToolTextResponse({
+                ok: false,
+                error: "Failed to parse CLI JSON output",
+                parseError: parsed.error,
+                exitCode: cliResult.exitCode,
+                signal: cliResult.signal,
+                stderr: truncateText(cliResult.stderr),
+                stdout: truncateText(cliResult.stdout)
+              })
+            }
+          ],
+          isError: true
+        };
+      }
+
+      const allRecords = parsed.value;
+      const maxRecords =
+        typeof args.maxRecords === "number" && Number.isFinite(args.maxRecords)
+          ? args.maxRecords
+          : null;
+      const records =
+        maxRecords && allRecords.length > maxRecords
+          ? allRecords.slice(0, maxRecords)
+          : allRecords;
+
+      const response = {
+        ok: cliResult.exitCode === 0 || cliResult.exitCode === 2,
+        startedAt,
+        finishedAt: new Date().toISOString(),
+        exitCode: cliResult.exitCode,
+        signal: cliResult.signal,
+        summary: {
+          ...summarizeRecords(allRecords),
+          returnedRecords: records.length,
+          truncated: records.length !== allRecords.length,
+          warningCount: logInfo.warnings.length,
+          summaryLine: logInfo.summaryLine
+        },
+        records
+      };
+
+      if (args.includeStderr) {
+        response.stderr = truncateText(cliResult.stderr);
+      }
+
+      if (cliResult.exitCode !== 0 && cliResult.exitCode !== 2) {
+        return {
+          content: [
+            {
+              type: "text",
+              text: buildToolTextResponse({
+                ...response,
+                ok: false,
+                stderr: truncateText(cliResult.stderr)
+              })
+            }
+          ],
+          isError: true
+        };
+      }
+
+      return {
+        content: [
+          {
+            type: "text",
+            text: buildToolTextResponse(response)
+          }
+        ]
+      };
+    }
+  );
+
+  server.registerTool(
+    "mcp_aws_discover_cli_help",
+    {
+      title: "Show CLI Help",
+      description:
+        "Returns the local mcp-aws-manager CLI usage text for reference inside AI clients.",
+      annotations: {
+        readOnlyHint: true,
+        destructiveHint: false,
+        idempotentHint: true,
+        openWorldHint: false
+      }
+    },
+    async () => {
+      const child = await new Promise((resolve) => {
+        const proc = spawn(process.execPath, [CLI_SCRIPT_PATH, "--help"], {
+          cwd: process.cwd(),
+          env: process.env,
+          stdio: ["ignore", "pipe", "pipe"]
+        });
+        let stdout = "";
+        let stderr = "";
+        if (proc.stdout) {
+          proc.stdout.setEncoding("utf8");
+          proc.stdout.on("data", (c) => (stdout += c));
+        }
+        if (proc.stderr) {
+          proc.stderr.setEncoding("utf8");
+          proc.stderr.on("data", (c) => (stderr += c));
+        }
+        proc.on("close", (code, signal) =>
+          resolve({ code: code == null ? null : code, signal, stdout, stderr })
+        );
+        proc.on("error", (error) =>
+          resolve({
+            code: null,
+            signal: null,
+            stdout,
+            stderr: String(error && error.message ? error.message : error)
+          })
+        );
+      });
+
+      const result = {
+        ok: child.code === 0,
+        exitCode: child.code,
+        signal: child.signal || null,
+        stdout: truncateText(child.stdout, DEFAULT_JSON_TEXT_LIMIT),
+        stderr: truncateText(child.stderr)
+      };
+
+      return {
+        content: [
+          {
+            type: "text",
+            text: buildToolTextResponse(result)
+          }
+        ],
+        isError: child.code !== 0
+      };
+    }
+  );
+}
+
+async function main() {
+  if (shouldShowHelp(process.argv.slice(2))) {
+    process.stdout.write(usageText());
+    return;
+  }
+
+  const server = new McpServer({
+    name: "mcp-aws-manager",
+    version: pkg.version
+  });
+
+  await registerTools(server);
+  const transport = new StdioServerTransport();
+  await server.connect(transport);
+}
+
+main().catch((error) => {
+  const message = error && error.stack ? error.stack : String(error);
+  process.stderr.write(`mcp-aws-manager-mcp startup error: ${message}\n`);
+  process.exitCode = 1;
+});