@kya-os/mcp-i/dist/387.js

The TypeScript MCP framework with identity features built-in

"use strict";exports.id=387,exports.ids=[387],exports.modules={35387:(e,t,a)=>{a.d(t,{ENV_CMDS_FULL_URI:()=>m,ENV_CMDS_RELATIVE_URI:()=>g,fromContainerMetadata:()=>h,fromInstanceMetadata:()=>L,getInstanceMetadataEndpoint:()=>T,httpRequest:()=>c});var n=a(84122),r=a(87016),o=a(88816),s=a(20181),i=a(58611);function c(e){return new Promise((t,a)=>{const n=(0,i.request)({method:"GET",...e,hostname:e.hostname?.replace(/^\[(.+)\]$/,"$1")});n.on("error",e=>{a(Object.assign(new o.m("Unable to connect to instance metadata service"),e)),n.destroy()}),n.on("timeout",()=>{a(new o.m("TimeoutError from instance metadata service")),n.destroy()}),n.on("response",e=>{const{statusCode:r=400}=e;(r<200||300<=r)&&(a(Object.assign(new o.m("Error response received from instance metadata service"),{statusCode:r})),n.destroy());const i=[];e.on("data",e=>{i.push(e)}),e.on("end",()=>{t(s.Buffer.concat(i)),n.destroy()})}),n.end()})}const l=e=>Boolean(e)&&"object"==typeof e&&"string"==typeof e.AccessKeyId&&"string"==typeof e.SecretAccessKey&&"string"==typeof e.Token&&"string"==typeof e.Expiration,d=e=>({accessKeyId:e.AccessKeyId,secretAccessKey:e.SecretAccessKey,sessionToken:e.Token,expiration:new Date(e.Expiration),...e.AccountId&&{accountId:e.AccountId}}),u=({maxRetries:e=0,timeout:t=1e3})=>({maxRetries:e,timeout:t}),p=(e,t)=>{let a=e();for(let n=0;n<t;n++)a=a.catch(e);return a},m="AWS_CONTAINER_CREDENTIALS_FULL_URI",g="AWS_CONTAINER_CREDENTIALS_RELATIVE_URI",f="AWS_CONTAINER_AUTHORIZATION_TOKEN",h=(e={})=>{const{timeout:t,maxRetries:a}=u(e);return()=>p(async()=>{const a=await I({logger:e.logger}),r=JSON.parse(await v(t,a));if(!l(r))throw new n.C("Invalid response received from instance metadata service.",{logger:e.logger});return d(r)},a)},v=async(e,t)=>(process.env[f]&&(t.headers={...t.headers,Authorization:process.env[f]}),(await c({...t,timeout:e})).toString()),w={localhost:!0,"127.0.0.1":!0},y={"http:":!0,"https:":!0},I=async({logger:e})=>{if(process.env[g])return{hostname:"169.254.170.2",path:process.env[g]};if(process.env[m]){const t=(0,r.parse)(process.env[m]);if(!t.hostname||!(t.hostname in w))throw new n.C(`${t.hostname} is not a valid container metadata service hostname`,{tryNextLink:!1,logger:e});if(!t.protocol||!(t.protocol in y))throw new n.C(`${t.protocol} is not a valid container metadata service protocol`,{tryNextLink:!1,logger:e});return{...t,port:t.port?parseInt(t.port,10):void 0}}throw new n.C(`The container metadata credential provider cannot be used unless the ${g} or ${m} environment variable is set`,{tryNextLink:!1,logger:e})};var E=a(28075);class _ extends n.C{tryNextLink;name="InstanceMetadataV1FallbackError";constructor(e,t=!0){super(e,t),this.tryNextLink=t,Object.setPrototypeOf(this,_.prototype)}}var A,S=a(71918);!function(e){e.IPv4="http://169.254.169.254",e.IPv6="http://[fd00:ec2::254]"}(A||(A={}));const C={environmentVariableSelector:e=>e.AWS_EC2_METADATA_SERVICE_ENDPOINT,configFileSelector:e=>e.ec2_metadata_service_endpoint,default:void 0};var b;!function(e){e.IPv4="IPv4",e.IPv6="IPv6"}(b||(b={}));const x={environmentVariableSelector:e=>e.AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE,configFileSelector:e=>e.ec2_metadata_service_endpoint_mode,default:b.IPv4},T=async()=>(0,S.D)(await D()||await N()),D=async()=>(0,E.Z)(C)(),N=async()=>{const e=await(0,E.Z)(x)();switch(e){case b.IPv4:return A.IPv4;case b.IPv6:return A.IPv6;default:throw new Error(`Unsupported endpoint mode: ${e}. Select from ${Object.values(b)}`)}},k=(e,t)=>{const a=300+Math.floor(300*Math.random()),n=new Date(Date.now()+1e3*a);t.warn(`Attempting credential expiration extension due to a credential service availability issue. A refresh of these credentials will be attempted after ${new Date(n)}.\nFor more information, please visit: https://docs.aws.amazon.com/sdkref/latest/guide/feature-static-credentials.html`);const r=e.originalExpiration??e.expiration;return{...e,...r?{originalExpiration:r}:{},expiration:n}},M="/latest/meta-data/iam/security-credentials/",R="AWS_EC2_METADATA_V1_DISABLED",O="ec2_metadata_v1_disabled",P="x-aws-ec2-metadata-token",L=(e={})=>((e,t={})=>{const a=t?.logger||console;let n;return async()=>{let t;try{t=await e(),t.expiration&&t.expiration.getTime()<Date.now()&&(t=k(t,a))}catch(e){if(!n)throw e;a.warn("Credential renew failed: ",e),t=k(n,a)}return n=t,t}})(V(e),{logger:e.logger}),V=(e={})=>{let t=!1;const{logger:a,profile:r}=e,{timeout:o,maxRetries:s}=u(e),i=async(a,o)=>{if(t||null==o.headers?.[P]){let t=!1,a=!1;const o=await(0,E.Z)({environmentVariableSelector:t=>{const r=t[R];if(a=!!r&&"false"!==r,void 0===r)throw new n.C(`${R} not set in env, checking config file next.`,{logger:e.logger});return a},configFileSelector:e=>{const a=e[O];return t=!!a&&"false"!==a,t},default:!1},{profile:r})();if(e.ec2MetadataV1Disabled||o){const n=[];throw e.ec2MetadataV1Disabled&&n.push("credential provider initialization (runtime option ec2MetadataV1Disabled)"),t&&n.push(`config file profile (${O})`),a&&n.push(`process environment variable (${R})`),new _(`AWS EC2 Metadata v1 fallback has been blocked by AWS SDK configuration in the following: [${n.join(", ")}].`)}}const s=(await p(async()=>{let e;try{e=await K(o)}catch(e){throw 401===e.statusCode&&(t=!1),e}return e},a)).trim();return p(async()=>{let a;try{a=await U(s,o,e)}catch(e){throw 401===e.statusCode&&(t=!1),e}return a},a)};return async()=>{const e=await T();if(t)return a?.debug("AWS SDK Instance Metadata","using v1 fallback (no token fetch)"),i(s,{...e,timeout:o});{let n;try{n=(await $({...e,timeout:o})).toString()}catch(n){if(400===n?.statusCode)throw Object.assign(n,{message:"EC2 Metadata token request returned error"});return("TimeoutError"===n.message||[403,404,405].includes(n.statusCode))&&(t=!0),a?.debug("AWS SDK Instance Metadata","using v1 fallback (initial)"),i(s,{...e,timeout:o})}return i(s,{...e,headers:{[P]:n},timeout:o})}}},$=async e=>c({...e,path:"/latest/api/token",method:"PUT",headers:{"x-aws-ec2-metadata-token-ttl-seconds":"21600"}}),K=async e=>(await c({...e,path:M})).toString(),U=async(e,t,a)=>{const r=JSON.parse((await c({...t,path:M+e})).toString());if(!l(r))throw new n.C("Invalid response received from instance metadata service.",{logger:a.logger});return d(r)}}};