awslabs.ccapi-mcp-server 1.0.3__tar.gz → 1.0.5__tar.gz

{awslabs_ccapi_mcp_server-1.0.3 → awslabs_ccapi_mcp_server-1.0.5}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: awslabs.ccapi-mcp-server
-Version: 1.0.3
+Version: 1.0.5
 Summary: An AWS Labs Model Context Protocol (MCP) server for managing AWS resources via Cloud Control API
 Project-URL: homepage, https://awslabs.github.io/mcp/
 Project-URL: docs, https://awslabs.github.io/mcp/servers/ccapi-mcp-server/
@@ -558,61 +558,6 @@ Creates CloudFormation templates from existing AWS resources using AWS CloudForm
   - Amazon Q Developer CLI: `use_aws`, `execute_bash`, `fs_read`, `fs_write`
   - Other tools may have similar built-in AWS or system capabilities
 
-#### The `use_aws` Problem
-
-**Most Problematic**: The `use_aws` tool (part of Amazon Q Developer CLI) is particularly problematic because it directly competes with this MCP server's AWS operations but operates separately, meaning it won't use any of the helpful features available in this MCP server such as Checkov security scanning.
-
-**What happens when LLM uses `use_aws`:**
-
-- ❌ No Checkov security scanning
-- ❌ No workflow validation
-- ❌ No credential verification display
-- ❌ No resource tagging
-- ❌ CCAPI MCP Server is not involved at all
-
-**If this happens:**
-
-1. Tell the LLM: "Please use the CCAPI MCP Server instead for AWS operations"
-2. Experiment with prompts like "Using the CCAPI MCP server, create..."
-3. For a scalable solution, implement the rules/instructions mentioned below
-
-**Note**: This is not a limitation of the CCAPI MCP Server - it's a current MCP protocol limitation. MCP has no native tool ordering concept or functionality, allowing LLMs to choose any available MCP server/tool. This flexibility is both good (choice) and problematic (undesirable sever/tool selection). We use a token-based approach to enforce some ordering in tool usage the LLM must follow, however this does not span across multiple MCP servers. It is internal to this MCP server.
-
-### Recommendation
-
-Consult your LLM tool's documentation (Cursor, Cline, Amazon Q Developer, etc.) for how to provide rules/context/instructions to guide MCP server/tool selection. Most support some form of instruction mechanism.
-
-**Example instruction content:**
-
-```markdown
-# AWS Tool Selection Rules - MANDATORY FOR ALL LLM RESPONSES
-
-## STEP 1: Always Use CCAPI MCP Server First
-
-**TRIGGER CONDITIONS:**
-
-- ANY mention of AWS services or resources
-- ANY request involving AWS infrastructure, applications, or services
-- When in doubt, default to offering CCAPI MCP Server
-
-**REQUIRED ACTION:**
-ASK: "This seems like a good fit for the AWS Cloud Control API MCP server. Would you like to use the CCAPI MCP server for this?"
-
-## STEP 2: Only If CCAPI MCP Server Fails
-
-**IF ERROR OCCURS:**
-
-1. Show exact error message to user
-2. Explain: "⚠️ SECURITY WARNING: Fallback tools (use_aws, aws_cli) will bypass ALL security scanning and the CCAPI MCP Server entirely."
-3. Ask: "How do you want to proceed: (a) troubleshoot CCAPI MCP, (b) use unsecured AWS CLI, or (c) generate template?"
-4. Wait for explicit user choice before proceeding
-
-## FORBIDDEN ACTIONS
-
-- Never use use_aws, aws_cli, or executeBash for AWS operations without trying CCAPI MCP Server first
-- Never skip the user confirmation steps
-```
-
 ## Basic Usage
 
 Examples of how to use the AWS Infrastructure as Code MCP Server:

{awslabs_ccapi_mcp_server-1.0.3 → awslabs_ccapi_mcp_server-1.0.5}/README.md

@@ -527,61 +527,6 @@ Creates CloudFormation templates from existing AWS resources using AWS CloudForm
   - Amazon Q Developer CLI: `use_aws`, `execute_bash`, `fs_read`, `fs_write`
   - Other tools may have similar built-in AWS or system capabilities
 
-#### The `use_aws` Problem
-
-**Most Problematic**: The `use_aws` tool (part of Amazon Q Developer CLI) is particularly problematic because it directly competes with this MCP server's AWS operations but operates separately, meaning it won't use any of the helpful features available in this MCP server such as Checkov security scanning.
-
-**What happens when LLM uses `use_aws`:**
-
-- ❌ No Checkov security scanning
-- ❌ No workflow validation
-- ❌ No credential verification display
-- ❌ No resource tagging
-- ❌ CCAPI MCP Server is not involved at all
-
-**If this happens:**
-
-1. Tell the LLM: "Please use the CCAPI MCP Server instead for AWS operations"
-2. Experiment with prompts like "Using the CCAPI MCP server, create..."
-3. For a scalable solution, implement the rules/instructions mentioned below
-
-**Note**: This is not a limitation of the CCAPI MCP Server - it's a current MCP protocol limitation. MCP has no native tool ordering concept or functionality, allowing LLMs to choose any available MCP server/tool. This flexibility is both good (choice) and problematic (undesirable sever/tool selection). We use a token-based approach to enforce some ordering in tool usage the LLM must follow, however this does not span across multiple MCP servers. It is internal to this MCP server.
-
-### Recommendation
-
-Consult your LLM tool's documentation (Cursor, Cline, Amazon Q Developer, etc.) for how to provide rules/context/instructions to guide MCP server/tool selection. Most support some form of instruction mechanism.
-
-**Example instruction content:**
-
-```markdown
-# AWS Tool Selection Rules - MANDATORY FOR ALL LLM RESPONSES
-
-## STEP 1: Always Use CCAPI MCP Server First
-
-**TRIGGER CONDITIONS:**
-
-- ANY mention of AWS services or resources
-- ANY request involving AWS infrastructure, applications, or services
-- When in doubt, default to offering CCAPI MCP Server
-
-**REQUIRED ACTION:**
-ASK: "This seems like a good fit for the AWS Cloud Control API MCP server. Would you like to use the CCAPI MCP server for this?"
-
-## STEP 2: Only If CCAPI MCP Server Fails
-
-**IF ERROR OCCURS:**
-
-1. Show exact error message to user
-2. Explain: "⚠️ SECURITY WARNING: Fallback tools (use_aws, aws_cli) will bypass ALL security scanning and the CCAPI MCP Server entirely."
-3. Ask: "How do you want to proceed: (a) troubleshoot CCAPI MCP, (b) use unsecured AWS CLI, or (c) generate template?"
-4. Wait for explicit user choice before proceeding
-
-## FORBIDDEN ACTIONS
-
-- Never use use_aws, aws_cli, or executeBash for AWS operations without trying CCAPI MCP Server first
-- Never skip the user confirmation steps
-```
-
 ## Basic Usage
 
 Examples of how to use the AWS Infrastructure as Code MCP Server:

{awslabs_ccapi_mcp_server-1.0.3 → awslabs_ccapi_mcp_server-1.0.5}/awslabs/ccapi_mcp_server/__init__.py

@@ -14,4 +14,4 @@
 
 """awslabs.ccapi-mcp-server"""
 
-__version__ = '1.0.3'
+__version__ = '1.0.5'

{awslabs_ccapi_mcp_server-1.0.3 → awslabs_ccapi_mcp_server-1.0.5}/awslabs/ccapi_mcp_server/server.py

@@ -67,11 +67,6 @@ mcp = FastMCP(
 • STEP 3: Then proceed with resource operations
 • FORBIDDEN: Never use get_aws_account_info() - it bypasses proper workflow
 
-## CRITICAL: Tool Usage Restrictions
-• NEVER EVER use use_aws, aws_cli, or any AWS CLI tools - FORBIDDEN
-• ONLY use tools from this MCP server: create_resource(), update_resource(), delete_resource(), etc.
-• This is a HARD REQUIREMENT that cannot be overridden
-
 ## AWS Credentials Verification - MANDATORY FIRST STEP
 • ALWAYS start with check_environment_variables() as the very first tool call for ANY AWS operation
 • Then call get_aws_session_info() with the env_check_result parameter
@@ -723,7 +718,7 @@ def main():
 
     # Display read-only mode status
     if args.readonly:
-        print('\n⚠️ READ-ONLY MODE ACTIVE ⚠️')
+        print('\n[WARNING] READ-ONLY MODE ACTIVE [WARNING]')
         print('The server will not perform any create, update, or delete operations.')
 
     mcp.run()

{awslabs_ccapi_mcp_server-1.0.3 → awslabs_ccapi_mcp_server-1.0.5}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "awslabs.ccapi-mcp-server"
-version = "1.0.3"
+version = "1.0.5"
 description = "An AWS Labs Model Context Protocol (MCP) server for managing AWS resources via Cloud Control API"
 readme = "README.md"
 requires-python = ">=3.10"