workspaces-euc-mcp-server 0.1.1__tar.gz → 0.1.2__tar.gz

workspaces_euc_mcp_server-0.1.2/.dockerignore

@@ -0,0 +1,32 @@
+# Keep the build context small and free of local/secret artifacts.
+.git
+.github
+.venv
+venv
+env
+dist
+build
+*.egg-info
+tests
+scripts
+iam
+docs
+
+# Markdown (except the README, which pyproject references)
+*.md
+!README.md
+
+# Never ship local credentials / tenant data
+.aws
+*.pem
+.env
+*-perf.html
+ws-*.html
+
+# Caches
+__pycache__
+*.py[cod]
+.pytest_cache
+.ruff_cache
+.pyright
+.mypy_cache

{workspaces_euc_mcp_server-0.1.1 → workspaces_euc_mcp_server-0.1.2}/.github/workflows/ci.yml

@@ -32,3 +32,10 @@ jobs:
         run: . .venv/bin/activate && bandit -c pyproject.toml -r workspaces_euc_mcp_server
       - name: Test (includes no-embedded-secrets guardrail)
         run: . .venv/bin/activate && pytest -q
+
+  docker-build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Build image (validation only, no push)
+        run: docker build -t workspaces-euc-mcp-server:ci .

workspaces_euc_mcp_server-0.1.2/.github/workflows/docker-publish.yml

@@ -0,0 +1,40 @@
+name: Publish Docker image
+
+# Builds and pushes a container image to GitHub Container Registry (GHCR) on each release.
+# Uses the built-in GITHUB_TOKEN (no extra secrets). Image: ghcr.io/<owner>/<repo>.
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/setup-buildx-action@v3
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Image metadata (tags + labels)
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=semver,pattern={{version}}
+            type=raw,value=latest
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

{workspaces_euc_mcp_server-0.1.1 → workspaces_euc_mcp_server-0.1.2}/CHANGELOG.md

@@ -5,6 +5,17 @@ All notable changes to this project are documented here. The format is based on
 
 ## [Unreleased]
 
+## [0.1.2] - 2026-06-01
+
+### Added
+- Docker support: a `Dockerfile` (slim, non-root) and a GHCR publish workflow
+  (`ghcr.io/bengroeneveldsg/aws-workspaces-euc-mcp`, pushed on release). CI validates the image
+  builds. Matches the awslabs MCP distribution pattern (PyPI/uvx + container).
+
+### Fixed
+- Corrected a stale distribution note in `DESIGN.md` that referenced an unused `awslabs.`
+  namespace; documented the actual channels (PyPI via OIDC trusted publishing + GHCR).
+
 ## [0.1.1] - 2026-06-01
 
 Best-practice alignment pass (audited against the awslabs MCP design guidelines and the MCP

{workspaces_euc_mcp_server-0.1.1 → workspaces_euc_mcp_server-0.1.2}/DESIGN.md

@@ -47,8 +47,14 @@
   factory designed to add cross-account `sts:AssumeRole` later without touching tool code.
 - **Transport:** local `uvx`/stdio first; tool logic kept transport-agnostic so a remote
   (AgentCore Runtime) deployment can be added later.
-- **Distribution:** `uvx awslabs.workspaces-euc-mcp-server@latest` and a Docker image.
-- **Observability:** Loguru with env-controlled log level; structured tool errors via `ctx.error`.
+- **Distribution (shipped):** published to PyPI as `workspaces-euc-mcp-server` (run via
+  `uvx workspaces-euc-mcp-server@latest` or `pip`), and a container image on GHCR
+  (`ghcr.io/bengroeneveldsg/aws-workspaces-euc-mcp`). Independent — not under the `awslabs.`
+  namespace. Both publish from GitHub Releases via OIDC trusted publishing (PyPI) and `GITHUB_TOKEN`
+  (GHCR).
+- **Observability:** Loguru with env-controlled log level (`FASTMCP_LOG_LEVEL`). Per-signal errors
+  are returned in the structured result payload (deliberate: each tool makes many AWS calls and
+  synthesizes one result), rather than `ctx.error`.
 - **Repo layout:**
   ```
   awslabs/workspaces_euc_mcp_server/

workspaces_euc_mcp_server-0.1.2/Dockerfile

@@ -0,0 +1,19 @@
+# Build a wheel, then install it into a slim, non-root runtime image.
+FROM python:3.12-slim AS build
+WORKDIR /src
+COPY pyproject.toml README.md LICENSE ./
+COPY workspaces_euc_mcp_server ./workspaces_euc_mcp_server
+RUN pip install --no-cache-dir build && python -m build --wheel --outdir /dist
+
+FROM python:3.12-slim
+LABEL org.opencontainers.image.source="https://github.com/bengroeneveldsg/aws-workspaces-euc-mcp"
+LABEL org.opencontainers.image.description="Admin MCP server for the Amazon WorkSpaces EUC portfolio"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
+
+RUN useradd --create-home --uid 1000 mcp
+COPY --from=build /dist/*.whl /tmp/
+RUN pip install --no-cache-dir /tmp/*.whl && rm -f /tmp/*.whl
+
+USER mcp
+# The server speaks MCP over stdio; run with `docker run -i`.
+ENTRYPOINT ["workspaces-euc-mcp-server"]

{workspaces_euc_mcp_server-0.1.1 → workspaces_euc_mcp_server-0.1.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: workspaces-euc-mcp-server
-Version: 0.1.1
+Version: 0.1.2
 Summary: MCP server for administering the Amazon WorkSpaces family of End User Computing services (Personal, Pools, Applications, Secure Browser, Core).
 Project-URL: Homepage, https://github.com/bengroeneveldsg/aws-workspaces-euc-mcp
 Project-URL: Repository, https://github.com/bengroeneveldsg/aws-workspaces-euc-mcp
@@ -141,13 +141,28 @@ Bring your own credentials and region; the server holds nothing.
 
 ## Install
 
-With [`uv`](https://docs.astral.sh/uv/) (recommended once published):
+With [`uv`](https://docs.astral.sh/uv/) (recommended):
 
 ```bash
 uvx workspaces-euc-mcp-server@latest
 ```
 
-From source:
+Or with pip:
+
+```bash
+pip install workspaces-euc-mcp-server
+```
+
+Or with Docker (published to GHCR; the server speaks MCP over stdio, so run with `-i`):
+
+```bash
+docker run -i --rm \
+  -e AWS_PROFILE=your-euc-admin-profile -e AWS_REGION=us-east-1 \
+  -v "$HOME/.aws:/home/mcp/.aws:ro" \
+  ghcr.io/bengroeneveldsg/aws-workspaces-euc-mcp:latest --region us-east-1
+```
+
+From source (for development):
 
 ```bash
 python -m venv .venv

{workspaces_euc_mcp_server-0.1.1 → workspaces_euc_mcp_server-0.1.2}/README.md

@@ -111,13 +111,28 @@ Bring your own credentials and region; the server holds nothing.
 
 ## Install
 
-With [`uv`](https://docs.astral.sh/uv/) (recommended once published):
+With [`uv`](https://docs.astral.sh/uv/) (recommended):
 
 ```bash
 uvx workspaces-euc-mcp-server@latest
 ```
 
-From source:
+Or with pip:
+
+```bash
+pip install workspaces-euc-mcp-server
+```
+
+Or with Docker (published to GHCR; the server speaks MCP over stdio, so run with `-i`):
+
+```bash
+docker run -i --rm \
+  -e AWS_PROFILE=your-euc-admin-profile -e AWS_REGION=us-east-1 \
+  -v "$HOME/.aws:/home/mcp/.aws:ro" \
+  ghcr.io/bengroeneveldsg/aws-workspaces-euc-mcp:latest --region us-east-1
+```
+
+From source (for development):
 
 ```bash
 python -m venv .venv

{workspaces_euc_mcp_server-0.1.1 → workspaces_euc_mcp_server-0.1.2}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "workspaces-euc-mcp-server"
-version = "0.1.1"
+version = "0.1.2"
 description = "MCP server for administering the Amazon WorkSpaces family of End User Computing services (Personal, Pools, Applications, Secure Browser, Core)."
 readme = "README.md"
 requires-python = ">=3.11"

{workspaces_euc_mcp_server-0.1.1 → workspaces_euc_mcp_server-0.1.2}/workspaces_euc_mcp_server/__init__.py

@@ -3,4 +3,4 @@
 # A copy of the License is located at http://www.apache.org/licenses/LICENSE-2.0
 """MCP server for administering the Amazon WorkSpaces End User Computing portfolio."""
 
-__version__ = "0.1.1"
+__version__ = "0.1.2"