rds_ssm_connect 1.8.2 → 1.8.4

package/connect.js

@@ -14,7 +14,7 @@ import {
 } from './configLoader.js'
 
 // Package info for version checking
-const packageJson = { name: 'rds_ssm_connect', version: '1.8.1' }
+const packageJson = { name: 'rds_ssm_connect', version: '1.8.3' }
 
 const execAsync = promisify(exec)
 
@@ -28,8 +28,9 @@ const RETRY_CONFIG = {
   PORT_FORWARDING_MAX_RETRIES: 2,
   SSM_AGENT_READY_WAIT_MS: 10000,
   KEEPALIVE_INTERVAL_MS: 4 * 60 * 1000,
-  AUTO_RECONNECT_MAX_RETRIES: 50,
+  AUTO_RECONNECT_MAX_RETRIES: 3,
   AUTO_RECONNECT_DELAY_MS: 3000,
+  CREDENTIAL_CHECK_TIMEOUT_MS: 60000,
 }
 
 // Version check configuration
@@ -170,6 +171,21 @@ async function sleep(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms))
 }
 
+// Pre-flight credential check. Uses a short timeout so that if aws-vault
+// needs to open a browser for SSO re-auth (which blocks indefinitely), the
+// command is killed before any browser tab appears.
+async function checkCredentialsValid(profile, region) {
+  try {
+    await execAsync(
+      `aws-vault exec ${profile} -- aws sts get-caller-identity --region ${region}`,
+      { timeout: RETRY_CONFIG.CREDENTIAL_CHECK_TIMEOUT_MS },
+    )
+    return { valid: true }
+  } catch (_error) {
+    return { valid: false }
+  }
+}
+
 // Keepalive: periodic TCP ping through the tunnel to prevent SSM idle timeout.
 // Each connection attempt generates traffic on the SSM WebSocket channel,
 // resetting the server-side idle timer (default 20 min).
@@ -712,6 +728,18 @@ async function connect(projectKey, profile, options = {}) {
 
         if (manualDisconnect) break
 
+        // Verify credentials are still valid before retrying.
+        // Avoids opening browser SSO tabs when the user is away.
+        emit('status', { message: 'Checking credentials...' })
+        const credCheck = await checkCredentialsValid(profile, region)
+        if (!credCheck.valid) {
+          emit('status', {
+            message:
+              'AWS credentials expired. Please re-authenticate and reconnect.',
+          })
+          break
+        }
+
         // Re-discover infrastructure (bastion may have been replaced by ASG)
         emit('status', { message: 'Finding bastion instance...' })
         currentInstanceId = await findBastionInstance(profile, region)
@@ -744,6 +772,16 @@ async function connect(projectKey, profile, options = {}) {
 
         if (manualDisconnect) break
 
+        // Verify credentials before retrying (same check as happy path)
+        const credCheckOnError = await checkCredentialsValid(profile, region)
+        if (!credCheckOnError.valid) {
+          emit('status', {
+            message:
+              'AWS credentials expired. Please re-authenticate and reconnect.',
+          })
+          break
+        }
+
         try {
           currentInstanceId = await findBastionInstance(profile, region)
           currentRdsEndpoint = await getRdsEndpoint(profile, projectConfig)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "rds_ssm_connect",
-  "version": "1.8.2",
+  "version": "1.8.4",
   "type": "module",
   "repository": {
     "type": "git",
@@ -10,28 +10,28 @@
     "@aws-sdk/client-ec2": "^3.985.0",
     "@aws-sdk/client-rds": "^3.985.0",
     "@aws-sdk/client-ssm": "^3.985.0",
-    "fast-xml-parser": "^5.3.4",
+    "fast-xml-parser": "^5.3.6",
     "glob": "^13.0.0",
     "inquirer": "^13.2.2",
     "rimraf": "^6.1.2"
   },
   "devDependencies": {
     "@biomejs/biome": "^2.3.14",
-    "@eslint/js": "^9.39.2",
+    "@eslint/js": "^10.0.0",
     "@sveltejs/vite-plugin-svelte": "^5.1.1",
     "@tauri-apps/api": "^2.10.1",
     "@tauri-apps/cli": "^2.10.0",
     "@yao-pkg/pkg": "^6.12.0",
     "canvas": "^3.2.1",
     "esbuild": "^0.27.3",
-    "eslint": "^9.39.2",
-    "eslint-plugin-svelte": "^3.14.0",
+    "eslint": "^10.0.2",
+    "eslint-plugin-svelte": "^3.15.0",
     "globals": "^17.3.0",
     "svelte": "^5.50.0",
     "vite": "^6.4.1"
   },
   "overrides": {
-    "fast-xml-parser": "^5.3.4"
+    "fast-xml-parser": "^5.3.6"
   },
   "bin": {
     "rds_ssm_connect": "./connect.js"

package/src-tauri/Cargo.lock

@@ -3050,7 +3050,7 @@ checksum = "20675572f6f24e9e76ef639bc5552774ed45f1c30e2951e1e99c59888861c539"
 
 [[package]]
 name = "rds-ssm-connect"
-version = "1.8.2"
+version = "1.8.3"
 dependencies = [
  "reqwest 0.12.28",
  "semver",

package/src-tauri/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "rds-ssm-connect"
-version = "1.8.2"
+version = "1.8.3"
 description = "Secure RDS connections through AWS SSM"
 authors = ["Iaroslav Pyrogov"]
 edition = "2024"

package/src-tauri/tauri.conf.json

@@ -1,7 +1,7 @@
 {
   "$schema": "https://schema.tauri.app/config/2",
   "productName": "RDS SSM Connect",
-  "version": "1.8.2",
+  "version": "1.8.3",
   "identifier": "com.rds-ssm-connect.desktop",
   "build": {
     "beforeDevCommand": "npm run dev:vite",

package/test/connect.test.js

@@ -180,6 +180,8 @@ describe('Retry Configuration', () => {
       BASTION_WAIT_RETRY_DELAY_MS: 15000,
       PORT_FORWARDING_MAX_RETRIES: 2,
       SSM_AGENT_READY_WAIT_MS: 10000,
+      AUTO_RECONNECT_MAX_RETRIES: 3,
+      CREDENTIAL_CHECK_TIMEOUT_MS: 60000,
     }
 
     assert.ok(
@@ -198,5 +200,14 @@ describe('Retry Configuration', () => {
       RETRY_CONFIG.SSM_AGENT_READY_WAIT_MS > 0,
       'SSM wait should be positive',
     )
+    assert.ok(
+      RETRY_CONFIG.AUTO_RECONNECT_MAX_RETRIES > 0 &&
+        RETRY_CONFIG.AUTO_RECONNECT_MAX_RETRIES <= 10,
+      'Auto-reconnect retries should be between 1 and 10',
+    )
+    assert.ok(
+      RETRY_CONFIG.CREDENTIAL_CHECK_TIMEOUT_MS >= 5000,
+      'Credential check timeout should be at least 5 seconds',
+    )
   })
 })