mcp-aws-manager 0.4.2 → 0.4.3

package/README.md

@@ -4,14 +4,33 @@ AWS operations CLI + MCP stdio server (SSM-first).
 
 This package orchestrates AWS operations (inventory/runtime/remediation) with a normalized output schema and `ACTION_REQUIRED` guidance. It is not a plain AWS CLI wrapper.
 
-## TL;DR
+## Agent-First Quick Start
+
+Use this as the default flow for agent environments:
 
 ```bash
 npm install -g mcp-aws-manager
 mcp-aws-manager --version
-mcp-aws-manager
+mcp-aws-manager setup --force
 mcp-aws-manager doctor
-mcp-aws-manager discover --profiles default --no-progress
+```
+
+Agent Prompt Examples:
+
+Ask in natural language like below; the agent should run fetch/analysis steps as needed.
+
+```text
+Give me a fresh full AWS server status summary.
+```
+
+Then try requests like:
+
+```text
+Compare current AWS server status with the previous check and show only what changed.
+```
+
+```text
+Summarize AWS server status with required actions and high-impact warnings in priority order.
 ```
 
 ## What It Does
@@ -168,18 +187,6 @@ mcp-aws-manager doctor
 
 Default behavior (`doctor` without `--clients`) auto-detects installed clients and skips non-installed CLIs.
 
-### Agent Instruction Snippet (Any Client)
-
-When asking an agent to check AWS status, use this exact sequence first:
-
-```bash
-mcp-aws-manager setup --force
-mcp-aws-manager doctor
-mcp-aws-manager discover --profiles default --no-progress
-```
-
-Require the agent to include `runId`/`started_at` (live run evidence) in the response. If missing, treat it as file-only/cached summary.
-
 3. Configure AWS auth (SSO recommended):
 
 ```bash
@@ -991,5 +998,3 @@ Document status:
 - `docs/RECORDS_FIELD_REFERENCE_KO.md`: full `records[]` field reference (292 fields)
 - `docs/RESPONSE_COMPATIBILITY_POLICY.md`: response schema/version compatibility rules
 - `schemas/mcp-tool-response.schema.json`: canonical tool response JSON schema
-
-

package/README_KO.md

@@ -4,14 +4,32 @@ SSM 우선(SSM-first) 방식의 AWS 운영 CLI + MCP stdio 서버입니다.
 
 이 패키지는 AWS 운영 작업(인벤토리/런타임/조치)을 정규화된 응답 스키마와 `ACTION_REQUIRED` 가이드로 제공합니다. 단순 AWS CLI 래퍼가 아니라, 에이전트 친화적인 운영 워크플로우 실행을 목표로 합니다.
 
-## 빠른 시작
+## 에이전트 기준 빠른 시작
+
+에이전트 환경에서는 아래 순서를 기본 플로우로 사용하세요.
 
 ```bash
 npm install -g mcp-aws-manager
 mcp-aws-manager --version
-mcp-aws-manager
+mcp-aws-manager setup --force
 mcp-aws-manager doctor
-mcp-aws-manager discover --profiles default --no-progress
+```
+
+에이전트 예시 프롬프트:
+
+아래처럼 자연어로 요청하면, 에이전트가 필요 시 조회/분석 단계를 실행합니다.
+
+```text
+AWS 서버 상태 전체를 최신으로 점검해서 요약해주세요.
+```
+
+이후에는 이렇게 요청해보세요.
+
+```text
+AWS 서버 상태를 지난 점검 결과와 비교해서 달라진 항목만 알려주세요.
+```
+```text
+AWS 서버의 상태를 필수 조치 및 주요 경고 사항을 중심으로 우선순위에 따라 요약해주세요.
 ```
 
 ## 무엇을 제공하나요
@@ -168,18 +186,6 @@ mcp-aws-manager doctor
 
 기본 동작(`--clients` 없이 `doctor`)은 설치된 클라이언트를 자동 감지하고, 미설치 CLI는 skip 처리합니다.
 
-### 에이전트 지시용 공통 스니펫
-
-에이전트에게 AWS 상태 점검을 지시할 때는 먼저 아래 순서를 그대로 실행하도록 요청하세요.
-
-```bash
-mcp-aws-manager setup --force
-mcp-aws-manager doctor
-mcp-aws-manager discover --profiles default --no-progress
-```
-
-응답에는 반드시 `runId`/`started_at`(라이브 실행 증거)를 포함하도록 요구하세요. 없으면 파일 기반/캐시 요약으로 간주하세요.
-
 3. AWS 인증 설정(권장: SSO):
 
 ```bash
@@ -985,6 +991,3 @@ E2E 러너 검증 항목:
 - `docs/RECORDS_FIELD_REFERENCE_KO.md`: `records[]` 전수 필드(292개) 레퍼런스
 - `docs/RESPONSE_COMPATIBILITY_POLICY.md`: 응답 스키마/버전 호환 정책
 - `schemas/mcp-tool-response.schema.json`: 표준 도구 응답 JSON 스키마
-
-
-

package/bin/lib/output-presentation.js

@@ -329,7 +329,8 @@ function pickSectionPayload(section, context) {
       runFinishedAt: runMeta.runFinishedAt || null,
       outputHash: runMeta.outputHash || null,
       recordsHash: runMeta.recordsHash || null,
-      htmlHash: runMeta.htmlHash || null
+      htmlHash: runMeta.htmlHash || null,
+      generatedArtifacts: runMeta.generatedArtifacts || null
     };
   }
   return {};
@@ -428,6 +429,12 @@ function renderMarkdown(bundle, templateName = "default") {
   const fields = bundle && bundle.fields && Array.isArray(bundle.fields.effectiveFields)
     ? bundle.fields.effectiveFields
     : ["resourceType", "resourceId", "profile", "region", "state"];
+  const runMeta = bundle && bundle.runMeta && typeof bundle.runMeta === "object"
+    ? bundle.runMeta
+    : {};
+  const generatedArtifacts = runMeta.generatedArtifacts && typeof runMeta.generatedArtifacts === "object"
+    ? runMeta.generatedArtifacts
+    : {};
 
   const lines = [];
   lines.push("# AWS Discovery Output");
@@ -451,6 +458,18 @@ function renderMarkdown(bundle, templateName = "default") {
   lines.push(`| runtimeSnapshotSuccessCount | ${summary.runtimeSnapshotSuccessCount || 0} |`);
   lines.push("");
 
+  lines.push("## Generated Artifacts");
+  lines.push("");
+  lines.push("| artifact | path |");
+  lines.push("|---|---|");
+  lines.push(`| output | ${generatedArtifacts.outputPath || (generatedArtifacts.outputChannel || "stdout")} |`);
+  lines.push(`| htmlReport | ${generatedArtifacts.htmlReportPath || "off"} |`);
+  lines.push(`| topology | ${generatedArtifacts.topologyPath || "off"} |`);
+  lines.push(`| relationships | ${generatedArtifacts.relationshipsPath || "off"} |`);
+  lines.push(`| governanceLog | ${generatedArtifacts.governanceLogPath || "off"} |`);
+  lines.push(`| incidentPayload | ${generatedArtifacts.incidentPayloadPath || "off"} |`);
+  lines.push("");
+
   if (template === "default" && sections.length) {
     lines.push("## Sections");
     lines.push("");

package/bin/mcp-aws-manager.js

@@ -2311,6 +2311,16 @@ function listLocalAwsProfiles() {
 }
 
 function runCLICommand(cliBin, args, options = {}) {
+  // Cursor 2.x no longer reliably supports `cursor mcp ...` CLI subcommands.
+  // Calling it can open editor tabs named like "mcp", "add", "get".
+  if (String(cliBin).toLowerCase() === "cursor" && Array.isArray(args) && String(args[0] || "").toLowerCase() === "mcp") {
+    return {
+      status: 2,
+      stdout: "",
+      stderr: "cursor mcp subcommand is disabled; use ~/.cursor/mcp.json registration"
+    };
+  }
+
   const execOptions = {
     cwd: process.cwd(),
     env: process.env,
@@ -2351,7 +2361,12 @@ function commandExists(bin, checkArgs) {
 }
 
 function clientHelpAttempts(cliBin) {
-  if (cliBin === "cursor" || cliBin === "windsurf" || cliBin === "antigravity") {
+  if (cliBin === "cursor") {
+    return [
+      ["--help"]
+    ];
+  }
+  if (cliBin === "windsurf" || cliBin === "antigravity") {
     return [
       ["mcp", "--help"],
       ["--help"]
@@ -2360,6 +2375,118 @@ function clientHelpAttempts(cliBin) {
   return [["mcp", "--help"]];
 }
 
+function cursorMcpConfigPath() {
+  const explicitPath = envText("CURSOR_MCP_CONFIG_PATH");
+  if (explicitPath) {
+    return path.resolve(explicitPath);
+  }
+  return path.join(os.homedir(), ".cursor", "mcp.json");
+}
+
+function normalizeComparableText(value) {
+  const text = String(value == null ? "" : value).trim();
+  return process.platform === "win32" ? text.toLowerCase() : text;
+}
+
+function normalizeComparableArgs(args) {
+  return Array.isArray(args) ? args.map((arg) => normalizeComparableText(arg)) : [];
+}
+
+function readCursorMcpConfig() {
+  const filePath = cursorMcpConfigPath();
+  if (!fs.existsSync(filePath)) {
+    return { ok: true, filePath, exists: false, data: { mcpServers: {} } };
+  }
+  try {
+    const raw = fs.readFileSync(filePath, "utf8");
+    const normalizedRaw = raw.replace(/^\uFEFF/, "");
+    if (!normalizedRaw.trim()) {
+      return { ok: true, filePath, exists: true, data: { mcpServers: {} } };
+    }
+    const parsed = JSON.parse(normalizedRaw);
+    if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+      return { ok: false, filePath, error: "Cursor MCP config must be a JSON object." };
+    }
+    const mcpServers = parsed.mcpServers && typeof parsed.mcpServers === "object" && !Array.isArray(parsed.mcpServers)
+      ? parsed.mcpServers
+      : {};
+    return { ok: true, filePath, exists: true, data: { ...parsed, mcpServers } };
+  } catch (error) {
+    return {
+      ok: false,
+      filePath,
+      error: `Failed to parse Cursor MCP config: ${error && error.message ? error.message : String(error)}`
+    };
+  }
+}
+
+function writeCursorMcpConfig(filePath, data) {
+  fs.mkdirSync(path.dirname(filePath), { recursive: true });
+  fs.writeFileSync(filePath, JSON.stringify(data, null, 2) + "\n", "utf8");
+}
+
+function cursorRegistrationMatches(entry, mcpCommand, mcpArgs = []) {
+  if (!entry || typeof entry !== "object" || Array.isArray(entry)) return false;
+  const entryCommand = normalizeComparableText(entry.command);
+  if (!entryCommand) return false;
+  if (normalizeComparableText(mcpCommand) && entryCommand !== normalizeComparableText(mcpCommand)) {
+    return false;
+  }
+  const expectedArgs = normalizeComparableArgs(mcpArgs);
+  const actualArgs = normalizeComparableArgs(entry.args);
+  if (expectedArgs.length !== actualArgs.length) return false;
+  for (let i = 0; i < expectedArgs.length; i += 1) {
+    if (expectedArgs[i] !== actualArgs[i]) return false;
+  }
+  return true;
+}
+
+function ensureCursorRegistered(serverName, mcpCommand, mcpArgs = [], force = false) {
+  const loaded = readCursorMcpConfig();
+  if (!loaded.ok) {
+    return { ok: false, action: "cursor config invalid", detail: `${loaded.error} (${loaded.filePath})` };
+  }
+  const desiredEntry = {
+    command: String(mcpCommand || ""),
+    args: Array.isArray(mcpArgs) ? mcpArgs.map((arg) => String(arg)) : []
+  };
+  const config = loaded.data;
+  const current = config.mcpServers[serverName];
+  if (force || !cursorRegistrationMatches(current, desiredEntry.command, desiredEntry.args)) {
+    config.mcpServers[serverName] = desiredEntry;
+    try {
+      writeCursorMcpConfig(loaded.filePath, config);
+    } catch (error) {
+      return {
+        ok: false,
+        action: "cursor registration failed",
+        detail: `${error && error.message ? error.message : String(error)} (${loaded.filePath})`
+      };
+    }
+    return { ok: true, action: "registered", detail: loaded.filePath };
+  }
+  return { ok: true, action: "already registered", detail: loaded.filePath };
+}
+
+function removeCursorRegistration(serverName) {
+  const loaded = readCursorMcpConfig();
+  if (!loaded.ok || !loaded.exists) return;
+  if (!Object.prototype.hasOwnProperty.call(loaded.data.mcpServers, serverName)) return;
+  delete loaded.data.mcpServers[serverName];
+  try {
+    writeCursorMcpConfig(loaded.filePath, loaded.data);
+  } catch (_) {
+    // ignore best-effort cleanup
+  }
+}
+
+function isCursorRegistered(serverName, mcpCommand, mcpArgs = []) {
+  const loaded = readCursorMcpConfig();
+  if (!loaded.ok) return false;
+  const entry = loaded.data && loaded.data.mcpServers ? loaded.data.mcpServers[serverName] : null;
+  return cursorRegistrationMatches(entry, mcpCommand, mcpArgs);
+}
+
 function clientGetAttempts(cliBin, serverName) {
   if (cliBin === "claude") {
     return [
@@ -2427,13 +2554,22 @@ function clientAddAttempts(cliBin, serverName, mcpCommand, mcpArgs = []) {
 }
 
 function removeRegistration(cliBin, serverName) {
+  if (cliBin === "cursor") {
+    removeCursorRegistration(serverName);
+    return;
+  }
   const attempts = clientRemoveAttempts(cliBin, serverName);
   for (const args of attempts) {
     runCLICommand(cliBin, args, { stdio: "ignore" });
   }
 }
 
-function isRegistered(cliBin, serverName) {
+function isRegistered(cliBin, serverName, target = null) {
+  if (cliBin === "cursor") {
+    const mcpCommand = target && target.mcpCommand ? target.mcpCommand : "";
+    const mcpArgs = target && Array.isArray(target.mcpArgs) ? target.mcpArgs : [];
+    return isCursorRegistered(serverName, mcpCommand, mcpArgs);
+  }
   const attempts = clientGetAttempts(cliBin, serverName);
   for (const args of attempts) {
     const run = runCLICommand(cliBin, args, { stdio: "ignore" });
@@ -2531,11 +2667,36 @@ function runSetupInternal(config, options = {}) {
 
   for (const cliBin of clients) {
     for (const target of activeTargets) {
-      const alreadyRegistered = isRegistered(cliBin, target.serverName);
+      const alreadyRegistered = isRegistered(cliBin, target.serverName, target);
       if (config.force || !ensureOnly || alreadyRegistered) {
         removeRegistration(cliBin, target.serverName);
       }
 
+      if (cliBin === "cursor") {
+        const registered = ensureCursorRegistered(target.serverName, target.mcpCommand, target.mcpArgs || [], config.force);
+        if (registered.ok) {
+          const action = ensureOnly
+            ? (alreadyRegistered ? "updated" : "registered")
+            : (alreadyRegistered ? "re-registered" : "registered");
+          results.push({
+            cliBin,
+            serverName: target.serverName,
+            ok: true,
+            action: `${action} (cursor mcp.json)`,
+            detail: registered.detail || ""
+          });
+        } else {
+          results.push({
+            cliBin,
+            serverName: target.serverName,
+            ok: false,
+            action: registered.action || "registration failed",
+            detail: registered.detail || "unknown"
+          });
+        }
+        continue;
+      }
+
       const registered = tryRegister(cliBin, target.serverName, target.mcpCommand, target.mcpArgs || []);
       if (registered.ok) {
         const action = ensureOnly
@@ -2554,7 +2715,7 @@ function runSetupInternal(config, options = {}) {
 
   for (const row of results) {
     process.stdout.write(`${row.cliBin}/${row.serverName}: ${row.action}\n`);
-    if (!row.ok && row.detail) {
+    if (row.detail && (!row.ok || /\bcursor mcp\.json\b/i.test(String(row.action || "")))) {
       process.stdout.write(`  detail: ${row.detail}\n`);
     }
   }
@@ -2603,7 +2764,7 @@ function runDoctor(config) {
 
     foundClient = true;
     for (const target of targets) {
-      const registered = isRegistered(cliBin, target.serverName);
+      const registered = isRegistered(cliBin, target.serverName, target);
       if (registered) {
         process.stdout.write(`${cliBin}: registered (${target.serverName})\n`);
       } else {
@@ -8775,6 +8936,52 @@ function writeJsonArtifact(targetPath, payload, label, warnings, requiredActions
   }
 }
 
+function buildGeneratedArtifacts(config, state = {}) {
+  return {
+    outputPath: config && config.outPath ? config.outPath : null,
+    outputChannel: config && config.outPath ? "file" : "stdout",
+    htmlReportPath: state.htmlReportPath || null,
+    topologyPath: state.topologyPath || null,
+    relationshipsPath: state.relationshipsPath || null,
+    governanceLogPath: state.governanceLogPath || null,
+    incidentPayloadPath: state.incidentPayloadPath || null
+  };
+}
+
+function generatedArtifactsSummary(artifacts) {
+  const item = artifacts && typeof artifacts === "object" ? artifacts : {};
+  return [
+    `output=${item.outputPath || (item.outputChannel || "stdout")}`,
+    `html=${item.htmlReportPath || "off"}`,
+    `topology=${item.topologyPath || "off"}`,
+    `relationships=${item.relationshipsPath || "off"}`,
+    `governance=${item.governanceLogPath || "off"}`,
+    `incident=${item.incidentPayloadPath || "off"}`
+  ].join(", ");
+}
+
+function syncRunMetaToPresentationBundle(presentationBundle, runMeta) {
+  if (!presentationBundle || typeof presentationBundle !== "object") return;
+  const meta = runMeta && typeof runMeta === "object" ? { ...runMeta } : {};
+  presentationBundle.runMeta = meta;
+
+  const sections = presentationBundle.sections;
+  const payload = sections && typeof sections === "object" ? sections.payload : null;
+  const governance = payload && typeof payload === "object" ? payload.governance : null;
+  if (!governance || typeof governance !== "object") return;
+
+  payload.governance = {
+    ...governance,
+    runId: meta.runId || null,
+    runStartedAt: meta.runStartedAt || null,
+    runFinishedAt: meta.runFinishedAt || null,
+    outputHash: meta.outputHash || null,
+    recordsHash: meta.recordsHash || null,
+    htmlHash: meta.htmlHash || null,
+    generatedArtifacts: meta.generatedArtifacts || null
+  };
+}
+
 function readLastGovernanceEntryHash(logPath) {
   if (!logPath || !fs.existsSync(logPath)) return null;
   try {
@@ -11985,6 +12192,14 @@ async function runWorkflow(config) {
     incidentArtifactHash: incidentDispatch.artifactHash || null
   };
   const outputSummary = summarizeOutputRecords(outputRecords);
+  const recordsHash = hashText(JSON.stringify(outputRecords));
+  const runMeta = {
+    ...baseRunMeta,
+    recordsHash,
+    htmlOutPath: null,
+    htmlHash: null,
+    generatedArtifacts: null
+  };
   const presentationBundle = buildOutputBundle({
     rawRecords: outputRecords,
     summary: outputSummary,
@@ -11997,26 +12212,13 @@ async function runWorkflow(config) {
     excludeFields: config.excludeFields,
     sections: config.sections,
     clientProfile: config.clientProfile,
-    runMeta: baseRunMeta
+    runMeta
   });
-
-  const outputBody = renderOutput(config, presentationBundle);
-  const outputHash = hashText(outputBody);
-  const recordsHash = hashText(JSON.stringify(outputRecords));
-  const runMeta = { ...baseRunMeta, outputHash, recordsHash };
-
-  presentationBundle.runMeta = {
-    ...(presentationBundle.runMeta && typeof presentationBundle.runMeta === "object" ? presentationBundle.runMeta : {}),
-    ...runMeta
-  };
-  writeOutput(config, outputBody);
+  syncRunMetaToPresentationBundle(presentationBundle, runMeta);
   const htmlPath = writeHtmlReport(config, outputRecords, domainInsights, runMeta, presentationBundle);
   if (htmlPath) {
     runMeta.htmlOutPath = htmlPath;
     runMeta.htmlHash = hashText(fs.readFileSync(htmlPath, "utf8"));
-  } else {
-    runMeta.htmlOutPath = null;
-    runMeta.htmlHash = null;
   }
   if (htmlPath && shouldAutoOpenHtml(config)) {
     const opened = tryOpenFile(htmlPath);
@@ -12027,6 +12229,19 @@ async function runWorkflow(config) {
     }
   }
 
+  runMeta.generatedArtifacts = buildGeneratedArtifacts(config, {
+    htmlReportPath: runMeta.htmlOutPath,
+    topologyPath: topologyWrite.path || null,
+    relationshipsPath: relationshipsWrite.path || null,
+    governanceLogPath: governancePersist.path || null,
+    incidentPayloadPath: incidentDispatch.artifactPath || null
+  });
+  syncRunMetaToPresentationBundle(presentationBundle, runMeta);
+
+  const outputBody = renderOutput(config, presentationBundle);
+  runMeta.outputHash = hashText(outputBody);
+  writeOutput(config, outputBody);
+
   progress(config, 19, "END: emit execution summary and evidence metadata");
   const outputEc2 = outputRecords.filter((r) => r.resourceType === "ec2");
   const outputLambda = outputRecords.filter((r) => r.resourceType === "lambda");
@@ -12078,6 +12293,7 @@ async function runWorkflow(config) {
   const ssmManaged = outputEc2.filter((r) => r.ssmManaged).length;
   const ssmOnline = outputEc2.filter((r) => r.ssmOnline).length;
   const publicCount = outputEc2.filter((r) => Boolean(r.publicIp)).length;
+  eprint(`Artifacts: ${generatedArtifactsSummary(runMeta.generatedArtifacts)}`);
   eprint(`Summary: execution_mode=${INTERNAL_BACKEND_ID}, manual_mode=${config.manualServerListPath ? "on" : "off"}, selected_surface=${selectedSurface}, selected_schema_tier=${selectedSchemaTier}, mode=${routing.modeInfo.mode}, mode_source=${routing.modeInfo.source}, profiles=${stats.profiles}, regions_scanned=${stats.regions}, region_errors=${stats.regionErrors}, ec2_scanned=${stats.instancesScanned}, lambda_scanned=${stats.lambdaFunctionsScanned}, alb_scanned=${stats.loadBalancersScanned}, targetgroup_scanned=${stats.targetGroupsScanned}, asg_scanned=${stats.autoScalingGroupsScanned}, rds_scanned=${stats.rdsInstancesScanned}, elasticache_scanned=${stats.elasticacheClustersScanned}, route53_zone_scanned=${stats.route53ZonesScanned}, vpc_scanned=${stats.vpcsScanned || 0}, subnet_scanned=${stats.subnetsScanned || 0}, security_group_scanned=${stats.securityGroupsScanned || 0}, ecs_cluster_scanned=${stats.ecsClustersScanned || 0}, ecs_service_scanned=${stats.ecsServicesScanned || 0}, s3_bucket_scanned=${stats.s3BucketsScanned || 0}, iam_role_scanned=${stats.iamRolesScanned || 0}, kms_key_scanned=${stats.kmsKeysScanned || 0}, cloudwatch_alarm_scanned=${stats.cloudwatchAlarmsScanned || 0}, cloudtrail_trail_scanned=${stats.cloudtrailTrailsScanned || 0}, config_recorder_scanned=${stats.configRecordersScanned || 0}, secret_scanned=${stats.secretsScanned || 0}, ssm_parameter_scanned=${stats.parametersScanned || 0}, ecr_repository_scanned=${stats.ecrRepositoriesScanned || 0}, dynamodb_table_scanned=${stats.dynamodbTablesScanned || 0}, sns_topic_scanned=${stats.snsTopicsScanned || 0}, eventbridge_bus_scanned=${stats.eventbridgeBusesScanned || 0}, sqs_queue_scanned=${stats.sqsQueuesScanned || 0}, acm_certificate_scanned=${stats.acmCertificatesScanned || 0}, kinesis_stream_scanned=${stats.kinesisStreamsScanned || 0}, msk_cluster_scanned=${stats.mskClustersScanned || 0}, budget_scanned=${stats.budgetsScanned || 0}, cost_anomaly_scanned=${stats.costAnomaliesScanned || 0}, ebs_volume_scanned=${stats.ebsVolumesScanned || 0}, efs_filesystem_scanned=${stats.efsFileSystemsScanned || 0}, eks_cluster_scanned=${stats.eksClustersScanned || 0}, apigateway_rest_api_scanned=${stats.apiGatewayRestApisScanned || 0}, apigatewayv2_api_scanned=${stats.apiGatewayV2ApisScanned || 0}, cloudfront_distribution_scanned=${stats.cloudFrontDistributionsScanned || 0}, waf_web_acl_scanned=${stats.wafWebAclsScanned || 0}, shield_protection_scanned=${stats.shieldProtectionsScanned || 0}, stepfunctions_scanned=${stats.stepFunctionsScanned || 0}, cloudwatch_log_group_scanned=${stats.cloudwatchLogGroupsScanned || 0}, xray_group_scanned=${stats.xrayGroupsScanned || 0}, inspector2_finding_scanned=${stats.inspector2FindingsScanned || 0}, redshift_cluster_scanned=${stats.redshiftClustersScanned || 0}, opensearch_domain_scanned=${stats.opensearchDomainsScanned || 0}, organizations_account_scanned=${stats.organizationsAccountsScanned || 0}, controltower_landing_zone_scanned=${stats.controlTowerLandingZonesScanned || 0}, manual_servers_scanned=${stats.manualServersScanned || 0}, manual_servers_loaded=${stats.manualServersLoaded || 0}, output_records=${outputRecords.length}, output_ec2=${outputEc2.length}, output_lambda=${outputLambda.length}, output_alb=${outputAlb.length}, output_target_group=${outputTargetGroups.length}, output_asg=${outputAsg.length}, output_rds=${outputRds.length}, output_elasticache=${outputElastiCache.length}, output_route53_zone=${outputRoute53.length}, output_vpc=${outputVpc.length}, output_subnet=${outputSubnet.length}, output_security_group=${outputSecurityGroup.length}, output_ecs_cluster=${outputEcsCluster.length}, output_ecs_service=${outputEcsService.length}, output_s3_bucket=${outputS3.length}, output_iam_role=${outputIam.length}, output_kms_key=${outputKms.length}, output_cloudwatch_alarm=${outputCloudwatch.length}, output_cloudtrail_trail=${outputCloudtrail.length}, output_config_recorder=${outputConfig.length}, output_secret=${outputSecret.length}, output_ssm_parameter=${outputParameter.length}, output_ecr_repository=${outputEcr.length}, output_dynamodb_table=${outputDynamodb.length}, output_sns_topic=${outputSns.length}, output_eventbridge_bus=${outputEventbridge.length}, output_sqs_queue=${outputSqs.length}, output_acm_certificate=${outputAcm.length}, output_kinesis_stream=${outputKinesis.length}, output_msk_cluster=${outputMsk.length}, output_budget=${outputBudget.length}, output_cost_anomaly=${outputCostAnomaly.length}, output_ebs_volume=${outputEbs.length}, output_efs_filesystem=${outputEfs.length}, output_eks_cluster=${outputEks.length}, output_apigateway_rest_api=${outputApiGateway.length}, output_apigatewayv2_api=${outputApiGatewayV2.length}, output_cloudfront_distribution=${outputCloudfront.length}, output_waf_web_acl=${outputWaf.length}, output_shield_protection=${outputShield.length}, output_stepfunctions=${outputStepFunctions.length}, output_cloudwatch_log_group=${outputCloudwatchLogs.length}, output_xray_group=${outputXray.length}, output_inspector2_finding=${outputInspector2.length}, output_redshift_cluster=${outputRedshift.length}, output_opensearch_domain=${outputOpensearch.length}, output_organizations_account=${outputOrganizations.length}, output_controltower_landing_zone=${outputControlTower.length}, ec2_public_ip_records=${publicCount}, ec2_ssm_managed=${ssmManaged}, ec2_ssm_online=${ssmOnline}, remediation_attempts=${runtimeStats.remediationAttempts}, remediation_changed=${runtimeStats.remediationChanged}, runtime_snapshot_attempted=${runtimeStats.snapshotAttempted}, runtime_snapshot_succeeded=${runtimeStats.snapshotSucceeded}, runtime_snapshot_ssm_attempted=${runtimeStats.snapshotSsmAttempted}, runtime_snapshot_ssm_succeeded=${runtimeStats.snapshotSsmSucceeded}, runtime_snapshot_ssh_attempted=${runtimeStats.snapshotSshAttempted}, runtime_snapshot_ssh_succeeded=${runtimeStats.snapshotSshSucceeded}, snapshot_profile=${config.snapshotProfile}, output_profile=${presentationBundle.outputProfile || "operator"}, output_profile_source=${presentationBundle.outputProfileSource || "default"}, client_profile=${presentationBundle.clientProfile || "none"}, renderer_template=${config.rendererTemplate || "default"}, topology_path=${topologyWrite.path || "off"}, relationships_path=${relationshipsWrite.path || "off"}, governance_persisted=${governancePersist.persisted ? "on" : "off"}, governance_chain_checked=${governanceVerify.checked ? "on" : "off"}, governance_chain_valid=${governanceVerify.valid == null ? "unknown" : (governanceVerify.valid ? "yes" : "no")}, incident_webhook_dispatched=${incidentDispatch.webhookDispatched ? "on" : "off"}, policy_pack=${integrationDispatch.activePolicyPack || "balanced"}, policy_gate=${policyDecision.allowed !== false ? "allow" : "blocked"}, integration_connectors_enabled=${integrationDispatch.enabledConnectors}, integration_incident_success=${integrationDispatch.incident ? integrationDispatch.incident.successCount : 0}, integration_incident_failure=${integrationDispatch.incident ? integrationDispatch.incident.failureCount : 0}, integration_action_success=${integrationDispatch.actionRequired ? integrationDispatch.actionRequired.successCount : 0}, integration_action_failure=${integrationDispatch.actionRequired ? integrationDispatch.actionRequired.failureCount : 0}, view_sections=${presentationBundle.sections && Array.isArray(presentationBundle.sections.effective) ? presentationBundle.sections.effective.join(",") : "none"}, view_fields=${presentationBundle.fields && Array.isArray(presentationBundle.fields.effectiveFields) ? presentationBundle.fields.effectiveFields.length : 0}, iac_stacks=${domainInsights.iac.scannedStacks || 0}, iac_drifted=${domainInsights.iac.driftedStacks || 0}, cicd_pipelines=${domainInsights.cicd.pipelinesScanned || 0}, cicd_failing=${domainInsights.cicd.pipelinesFailing || 0}, backup_plans=${domainInsights.backupDr.backupPlans || 0}, backup_protected=${domainInsights.backupDr.protectedResources || 0}, security_high_critical=${domainInsights.security.highOrCritical || 0}, finops_cost_7d_usd=${domainInsights.finops.totalCost7dUsd || 0}, app_runtime_coverage_pct=${domainInsights.application.runtimeCoveragePct == null ? "n/a" : domainInsights.application.runtimeCoveragePct}, app_degraded_hosts=${domainInsights.application.degradedHosts || 0}, app_ecs_degraded=${domainInsights.application.ecsServicesDegraded || 0}, app_managed_degraded=${domainInsights.application.managedServicesDegraded || 0}, app_lambda_degraded=${domainInsights.application.lambdaHealth && domainInsights.application.lambdaHealth.degraded ? domainInsights.application.lambdaHealth.degraded : 0}, incident_severity=${domainInsights.incident.severity || "none"}, warnings=${warnings.length}, required_actions=${requiredActions.length}`);
   eprint(`EvidenceMeta: workflow_id=b60f0f18-cc45-4af9-a7c7-217284457759; schema=gesia.orflow.contract.v2; step_count=${TOTAL_STEPS}; execution_mode=${INTERNAL_BACKEND_ID}; run_id=${runId}; output_hash=${runMeta.outputHash}; records_hash=${runMeta.recordsHash}; html_hash=${runMeta.htmlHash || "n/a"}; topology_hash=${runMeta.topologyHash || "n/a"}; relationships_hash=${runMeta.relationshipsHash || "n/a"}; governance_entry_hash=${runMeta.governanceEntryHash || "n/a"}; governance_chain_valid=${runMeta.governanceChainValid == null ? "unknown" : (runMeta.governanceChainValid ? "yes" : "no")}; incident_artifact_hash=${runMeta.incidentArtifactHash || "n/a"}; policy_pack=${integrationDispatch.activePolicyPack || "balanced"}; policy_gate=${policyDecision.allowed !== false ? "allow" : "blocked"}; integration_connectors_enabled=${integrationDispatch.enabledConnectors}; inventory_ops=${operationPlan.inventoryOps.length}; runtime_ops=${operationPlan.runtimeOps.length}; analysis_ops=${operationPlan.analysisOps.length}`);
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mcp-aws-manager",
-  "version": "0.4.2",
+  "version": "0.4.3",
   "description": "AWS operations CLI and MCP server (SSM-only) for EC2/Lambda inventory, remediation, and runtime snapshots",
   "license": "MIT",
   "publishConfig": {