chore: import upstream snapshot with attribution
Publish CLI Package / publish-npm (push) Waiting to run
Publish Python SDK / publish-pypi (push) Waiting to run
Publish TypeScript SDK / publish-npm (push) Waiting to run
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled

This commit is contained in:
wehub-resource-sync
2026-07-13 13:20:55 +08:00
commit d25d482dc2
13754 changed files with 4996608 additions and 0 deletions
+74
View File
@@ -0,0 +1,74 @@
import type { IAMAddUserToGroupParams, IAMGroupMembershipResponse } from '@/tools/iam/types'
import type { ToolConfig } from '@/tools/types'
export const addUserToGroupTool: ToolConfig<IAMAddUserToGroupParams, IAMGroupMembershipResponse> = {
id: 'iam_add_user_to_group',
name: 'IAM Add User to Group',
description: 'Add an IAM user to a group',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
userName: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The name of the IAM user',
},
groupName: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The name of the IAM group',
},
},
request: {
url: '/api/tools/iam/add-user-to-group',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
userName: params.userName,
groupName: params.groupName,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to add user to group')
}
return {
success: true,
output: {
message: data.message ?? '',
},
}
},
outputs: {
message: { type: 'string', description: 'Operation status message' },
},
}
+75
View File
@@ -0,0 +1,75 @@
import type { IAMAttachPolicyResponse, IAMAttachRolePolicyParams } from '@/tools/iam/types'
import type { ToolConfig } from '@/tools/types'
export const attachRolePolicyTool: ToolConfig<IAMAttachRolePolicyParams, IAMAttachPolicyResponse> =
{
id: 'iam_attach_role_policy',
name: 'IAM Attach Role Policy',
description: 'Attach a managed policy to an IAM role',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
roleName: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The name of the IAM role',
},
policyArn: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The ARN of the managed policy to attach',
},
},
request: {
url: '/api/tools/iam/attach-role-policy',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
roleName: params.roleName,
policyArn: params.policyArn,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to attach policy to role')
}
return {
success: true,
output: {
message: data.message ?? '',
},
}
},
outputs: {
message: { type: 'string', description: 'Operation status message' },
},
}
+75
View File
@@ -0,0 +1,75 @@
import type { IAMAttachPolicyResponse, IAMAttachUserPolicyParams } from '@/tools/iam/types'
import type { ToolConfig } from '@/tools/types'
export const attachUserPolicyTool: ToolConfig<IAMAttachUserPolicyParams, IAMAttachPolicyResponse> =
{
id: 'iam_attach_user_policy',
name: 'IAM Attach User Policy',
description: 'Attach a managed policy to an IAM user',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
userName: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The name of the IAM user',
},
policyArn: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The ARN of the managed policy to attach',
},
},
request: {
url: '/api/tools/iam/attach-user-policy',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
userName: params.userName,
policyArn: params.policyArn,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to attach policy to user')
}
return {
success: true,
output: {
message: data.message ?? '',
},
}
},
outputs: {
message: { type: 'string', description: 'Operation status message' },
},
}
+81
View File
@@ -0,0 +1,81 @@
import type { IAMCreateAccessKeyParams, IAMCreateAccessKeyResponse } from '@/tools/iam/types'
import type { ToolConfig } from '@/tools/types'
export const createAccessKeyTool: ToolConfig<IAMCreateAccessKeyParams, IAMCreateAccessKeyResponse> =
{
id: 'iam_create_access_key',
name: 'IAM Create Access Key',
description: 'Create a new access key pair for an IAM user',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
userName: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'The IAM user to create the key for (defaults to current user)',
},
},
request: {
url: '/api/tools/iam/create-access-key',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
userName: params.userName,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to create access key')
}
return {
success: true,
output: {
message: data.message ?? '',
accessKeyId: data.accessKeyId ?? '',
secretAccessKey: data.secretAccessKey ?? '',
userName: data.userName ?? '',
status: data.status ?? '',
createDate: data.createDate ?? null,
},
}
},
outputs: {
message: { type: 'string', description: 'Operation status message' },
accessKeyId: { type: 'string', description: 'The new access key ID' },
secretAccessKey: {
type: 'string',
description: 'The new secret access key (only shown once)',
},
userName: { type: 'string', description: 'The user the key was created for' },
status: { type: 'string', description: 'Status of the access key (Active)' },
createDate: { type: 'string', description: 'Date the key was created', optional: true },
},
}
+105
View File
@@ -0,0 +1,105 @@
import type { IAMCreateRoleParams, IAMCreateRoleResponse } from '@/tools/iam/types'
import type { ToolConfig } from '@/tools/types'
export const createRoleTool: ToolConfig<IAMCreateRoleParams, IAMCreateRoleResponse> = {
id: 'iam_create_role',
name: 'IAM Create Role',
description: 'Create a new IAM role with a trust policy',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
roleName: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'Name for the new IAM role (1-64 characters)',
},
assumeRolePolicyDocument: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'Trust policy JSON specifying who can assume this role',
},
description: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Description of the role',
},
path: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Path for the role (e.g., /application/), defaults to /',
},
maxSessionDuration: {
type: 'number',
required: false,
visibility: 'user-or-llm',
description: 'Maximum session duration in seconds (3600-43200, default 3600)',
},
},
request: {
url: '/api/tools/iam/create-role',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
roleName: params.roleName,
assumeRolePolicyDocument: params.assumeRolePolicyDocument,
description: params.description,
path: params.path,
maxSessionDuration: params.maxSessionDuration,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to create IAM role')
}
return {
success: true,
output: {
message: data.message ?? '',
roleName: data.roleName ?? '',
roleId: data.roleId ?? '',
arn: data.arn ?? '',
path: data.path ?? '',
createDate: data.createDate ?? null,
},
}
},
outputs: {
message: { type: 'string', description: 'Operation status message' },
roleName: { type: 'string', description: 'The name of the created role' },
roleId: { type: 'string', description: 'The unique ID of the created role' },
arn: { type: 'string', description: 'The ARN of the created role' },
path: { type: 'string', description: 'The path of the created role' },
createDate: { type: 'string', description: 'Date the role was created', optional: true },
},
}
+84
View File
@@ -0,0 +1,84 @@
import type { IAMCreateUserParams, IAMCreateUserResponse } from '@/tools/iam/types'
import type { ToolConfig } from '@/tools/types'
export const createUserTool: ToolConfig<IAMCreateUserParams, IAMCreateUserResponse> = {
id: 'iam_create_user',
name: 'IAM Create User',
description: 'Create a new IAM user',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
userName: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'Name for the new IAM user (1-64 characters)',
},
path: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Path for the user (e.g., /division_abc/), defaults to /',
},
},
request: {
url: '/api/tools/iam/create-user',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
userName: params.userName,
path: params.path,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to create IAM user')
}
return {
success: true,
output: {
message: data.message ?? '',
userName: data.userName ?? '',
userId: data.userId ?? '',
arn: data.arn ?? '',
path: data.path ?? '',
createDate: data.createDate ?? null,
},
}
},
outputs: {
message: { type: 'string', description: 'Operation status message' },
userName: { type: 'string', description: 'The name of the created user' },
userId: { type: 'string', description: 'The unique ID of the created user' },
arn: { type: 'string', description: 'The ARN of the created user' },
path: { type: 'string', description: 'The path of the created user' },
createDate: { type: 'string', description: 'Date the user was created', optional: true },
},
}
+75
View File
@@ -0,0 +1,75 @@
import type { IAMDeleteAccessKeyParams, IAMDeleteAccessKeyResponse } from '@/tools/iam/types'
import type { ToolConfig } from '@/tools/types'
export const deleteAccessKeyTool: ToolConfig<IAMDeleteAccessKeyParams, IAMDeleteAccessKeyResponse> =
{
id: 'iam_delete_access_key',
name: 'IAM Delete Access Key',
description: 'Delete an access key pair for an IAM user',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
accessKeyIdToDelete: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The access key ID to delete',
},
userName: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'The IAM user whose key to delete (defaults to current user)',
},
},
request: {
url: '/api/tools/iam/delete-access-key',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
accessKeyIdToDelete: params.accessKeyIdToDelete,
userName: params.userName,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to delete access key')
}
return {
success: true,
output: {
message: data.message ?? '',
},
}
},
outputs: {
message: { type: 'string', description: 'Operation status message' },
},
}
+67
View File
@@ -0,0 +1,67 @@
import type { IAMDeleteRoleParams, IAMDeleteRoleResponse } from '@/tools/iam/types'
import type { ToolConfig } from '@/tools/types'
export const deleteRoleTool: ToolConfig<IAMDeleteRoleParams, IAMDeleteRoleResponse> = {
id: 'iam_delete_role',
name: 'IAM Delete Role',
description: 'Delete an IAM role',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
roleName: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The name of the IAM role to delete',
},
},
request: {
url: '/api/tools/iam/delete-role',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
roleName: params.roleName,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to delete IAM role')
}
return {
success: true,
output: {
message: data.message ?? '',
},
}
},
outputs: {
message: { type: 'string', description: 'Operation status message' },
},
}
+67
View File
@@ -0,0 +1,67 @@
import type { IAMDeleteUserParams, IAMDeleteUserResponse } from '@/tools/iam/types'
import type { ToolConfig } from '@/tools/types'
export const deleteUserTool: ToolConfig<IAMDeleteUserParams, IAMDeleteUserResponse> = {
id: 'iam_delete_user',
name: 'IAM Delete User',
description: 'Delete an IAM user',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
userName: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The name of the IAM user to delete',
},
},
request: {
url: '/api/tools/iam/delete-user',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
userName: params.userName,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to delete IAM user')
}
return {
success: true,
output: {
message: data.message ?? '',
},
}
},
outputs: {
message: { type: 'string', description: 'Operation status message' },
},
}
+75
View File
@@ -0,0 +1,75 @@
import type { IAMDetachPolicyResponse, IAMDetachRolePolicyParams } from '@/tools/iam/types'
import type { ToolConfig } from '@/tools/types'
export const detachRolePolicyTool: ToolConfig<IAMDetachRolePolicyParams, IAMDetachPolicyResponse> =
{
id: 'iam_detach_role_policy',
name: 'IAM Detach Role Policy',
description: 'Remove a managed policy from an IAM role',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
roleName: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The name of the IAM role',
},
policyArn: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The ARN of the managed policy to detach',
},
},
request: {
url: '/api/tools/iam/detach-role-policy',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
roleName: params.roleName,
policyArn: params.policyArn,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to detach policy from role')
}
return {
success: true,
output: {
message: data.message ?? '',
},
}
},
outputs: {
message: { type: 'string', description: 'Operation status message' },
},
}
+75
View File
@@ -0,0 +1,75 @@
import type { IAMDetachPolicyResponse, IAMDetachUserPolicyParams } from '@/tools/iam/types'
import type { ToolConfig } from '@/tools/types'
export const detachUserPolicyTool: ToolConfig<IAMDetachUserPolicyParams, IAMDetachPolicyResponse> =
{
id: 'iam_detach_user_policy',
name: 'IAM Detach User Policy',
description: 'Remove a managed policy from an IAM user',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
userName: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The name of the IAM user',
},
policyArn: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The ARN of the managed policy to detach',
},
},
request: {
url: '/api/tools/iam/detach-user-policy',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
userName: params.userName,
policyArn: params.policyArn,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to detach policy from user')
}
return {
success: true,
output: {
message: data.message ?? '',
},
}
},
outputs: {
message: { type: 'string', description: 'Operation status message' },
},
}
+101
View File
@@ -0,0 +1,101 @@
import type { IAMGetRoleParams, IAMGetRoleResponse } from '@/tools/iam/types'
import type { ToolConfig } from '@/tools/types'
export const getRoleTool: ToolConfig<IAMGetRoleParams, IAMGetRoleResponse> = {
id: 'iam_get_role',
name: 'IAM Get Role',
description: 'Get detailed information about an IAM role',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
roleName: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The name of the IAM role to retrieve',
},
},
request: {
url: '/api/tools/iam/get-role',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
roleName: params.roleName,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to get IAM role')
}
return {
success: true,
output: {
roleName: data.roleName ?? '',
roleId: data.roleId ?? '',
arn: data.arn ?? '',
path: data.path ?? '',
createDate: data.createDate ?? null,
description: data.description ?? null,
maxSessionDuration: data.maxSessionDuration ?? null,
assumeRolePolicyDocument: data.assumeRolePolicyDocument ?? null,
roleLastUsedDate: data.roleLastUsedDate ?? null,
roleLastUsedRegion: data.roleLastUsedRegion ?? null,
},
}
},
outputs: {
roleName: { type: 'string', description: 'The name of the role' },
roleId: { type: 'string', description: 'The unique ID of the role' },
arn: { type: 'string', description: 'The ARN of the role' },
path: { type: 'string', description: 'The path to the role' },
createDate: { type: 'string', description: 'Date the role was created', optional: true },
description: { type: 'string', description: 'Description of the role', optional: true },
maxSessionDuration: {
type: 'number',
description: 'Maximum session duration in seconds',
optional: true,
},
assumeRolePolicyDocument: {
type: 'string',
description: 'The trust policy document (JSON)',
optional: true,
},
roleLastUsedDate: {
type: 'string',
description: 'Date the role was last used',
optional: true,
},
roleLastUsedRegion: {
type: 'string',
description: 'AWS region where the role was last used',
optional: true,
},
},
}
+93
View File
@@ -0,0 +1,93 @@
import type { IAMGetUserParams, IAMGetUserResponse } from '@/tools/iam/types'
import type { ToolConfig } from '@/tools/types'
export const getUserTool: ToolConfig<IAMGetUserParams, IAMGetUserResponse> = {
id: 'iam_get_user',
name: 'IAM Get User',
description: 'Get detailed information about an IAM user',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
userName: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'The name of the IAM user to retrieve (defaults to the caller if omitted)',
},
},
request: {
url: '/api/tools/iam/get-user',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
...(params.userName ? { userName: params.userName } : {}),
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to get IAM user')
}
return {
success: true,
output: {
userName: data.userName ?? '',
userId: data.userId ?? '',
arn: data.arn ?? '',
path: data.path ?? '',
createDate: data.createDate ?? null,
passwordLastUsed: data.passwordLastUsed ?? null,
permissionsBoundaryArn: data.permissionsBoundaryArn ?? null,
tags: data.tags ?? [],
},
}
},
outputs: {
userName: { type: 'string', description: 'The name of the user' },
userId: { type: 'string', description: 'The unique ID of the user' },
arn: { type: 'string', description: 'The ARN of the user' },
path: { type: 'string', description: 'The path to the user' },
createDate: { type: 'string', description: 'Date the user was created', optional: true },
passwordLastUsed: {
type: 'string',
description: 'Date the password was last used',
optional: true,
},
permissionsBoundaryArn: {
type: 'string',
description: 'ARN of the permissions boundary policy',
optional: true,
},
tags: {
type: 'json',
description: 'Tags attached to the user (key, value pairs)',
optional: true,
},
},
}
+45
View File
@@ -0,0 +1,45 @@
export * from './types'
import { addUserToGroupTool } from './add_user_to_group'
import { attachRolePolicyTool } from './attach_role_policy'
import { attachUserPolicyTool } from './attach_user_policy'
import { createAccessKeyTool } from './create_access_key'
import { createRoleTool } from './create_role'
import { createUserTool } from './create_user'
import { deleteAccessKeyTool } from './delete_access_key'
import { deleteRoleTool } from './delete_role'
import { deleteUserTool } from './delete_user'
import { detachRolePolicyTool } from './detach_role_policy'
import { detachUserPolicyTool } from './detach_user_policy'
import { getRoleTool } from './get_role'
import { getUserTool } from './get_user'
import { listAttachedRolePoliciesTool } from './list_attached_role_policies'
import { listAttachedUserPoliciesTool } from './list_attached_user_policies'
import { listGroupsTool } from './list_groups'
import { listPoliciesTool } from './list_policies'
import { listRolesTool } from './list_roles'
import { listUsersTool } from './list_users'
import { removeUserFromGroupTool } from './remove_user_from_group'
import { simulatePrincipalPolicyTool } from './simulate_principal_policy'
export const iamListUsersTool = listUsersTool
export const iamGetUserTool = getUserTool
export const iamCreateUserTool = createUserTool
export const iamDeleteUserTool = deleteUserTool
export const iamListRolesTool = listRolesTool
export const iamGetRoleTool = getRoleTool
export const iamCreateRoleTool = createRoleTool
export const iamDeleteRoleTool = deleteRoleTool
export const iamAttachUserPolicyTool = attachUserPolicyTool
export const iamDetachUserPolicyTool = detachUserPolicyTool
export const iamAttachRolePolicyTool = attachRolePolicyTool
export const iamDetachRolePolicyTool = detachRolePolicyTool
export const iamListPoliciesTool = listPoliciesTool
export const iamCreateAccessKeyTool = createAccessKeyTool
export const iamDeleteAccessKeyTool = deleteAccessKeyTool
export const iamListGroupsTool = listGroupsTool
export const iamAddUserToGroupTool = addUserToGroupTool
export const iamRemoveUserFromGroupTool = removeUserFromGroupTool
export const iamListAttachedRolePoliciesTool = listAttachedRolePoliciesTool
export const iamListAttachedUserPoliciesTool = listAttachedUserPoliciesTool
export const iamSimulatePrincipalPolicyTool = simulatePrincipalPolicyTool
@@ -0,0 +1,108 @@
import type {
IAMListAttachedPoliciesResponse,
IAMListAttachedRolePoliciesParams,
} from '@/tools/iam/types'
import type { ToolConfig } from '@/tools/types'
export const listAttachedRolePoliciesTool: ToolConfig<
IAMListAttachedRolePoliciesParams,
IAMListAttachedPoliciesResponse
> = {
id: 'iam_list_attached_role_policies',
name: 'IAM List Attached Role Policies',
description: 'List all managed policies attached to an IAM role',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
roleName: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'Name of the IAM role',
},
pathPrefix: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Path prefix to filter policies (e.g., /application/)',
},
maxItems: {
type: 'number',
required: false,
visibility: 'user-or-llm',
description: 'Maximum number of policies to return (1-1000)',
},
marker: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Pagination marker from a previous request',
},
},
request: {
url: '/api/tools/iam/list-attached-role-policies',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
roleName: params.roleName,
pathPrefix: params.pathPrefix,
maxItems: params.maxItems,
marker: params.marker,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to list attached role policies')
}
return {
success: true,
output: {
attachedPolicies: data.attachedPolicies ?? [],
isTruncated: data.isTruncated ?? false,
marker: data.marker ?? null,
count: data.count ?? 0,
},
}
},
outputs: {
attachedPolicies: {
type: 'json',
description: 'List of attached policies with policyName and policyArn',
},
isTruncated: {
type: 'boolean',
description: 'Whether there are more results available',
},
marker: {
type: 'string',
description: 'Pagination marker for the next page of results',
optional: true,
},
count: { type: 'number', description: 'Number of attached policies returned' },
},
}
@@ -0,0 +1,108 @@
import type {
IAMListAttachedPoliciesResponse,
IAMListAttachedUserPoliciesParams,
} from '@/tools/iam/types'
import type { ToolConfig } from '@/tools/types'
export const listAttachedUserPoliciesTool: ToolConfig<
IAMListAttachedUserPoliciesParams,
IAMListAttachedPoliciesResponse
> = {
id: 'iam_list_attached_user_policies',
name: 'IAM List Attached User Policies',
description: 'List all managed policies attached to an IAM user',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
userName: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'Name of the IAM user',
},
pathPrefix: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Path prefix to filter policies (e.g., /application/)',
},
maxItems: {
type: 'number',
required: false,
visibility: 'user-or-llm',
description: 'Maximum number of policies to return (1-1000)',
},
marker: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Pagination marker from a previous request',
},
},
request: {
url: '/api/tools/iam/list-attached-user-policies',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
userName: params.userName,
pathPrefix: params.pathPrefix,
maxItems: params.maxItems,
marker: params.marker,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to list attached user policies')
}
return {
success: true,
output: {
attachedPolicies: data.attachedPolicies ?? [],
isTruncated: data.isTruncated ?? false,
marker: data.marker ?? null,
count: data.count ?? 0,
},
}
},
outputs: {
attachedPolicies: {
type: 'json',
description: 'List of attached policies with policyName and policyArn',
},
isTruncated: {
type: 'boolean',
description: 'Whether there are more results available',
},
marker: {
type: 'string',
description: 'Pagination marker for the next page of results',
optional: true,
},
count: { type: 'number', description: 'Number of attached policies returned' },
},
}
+97
View File
@@ -0,0 +1,97 @@
import type { IAMListGroupsParams, IAMListGroupsResponse } from '@/tools/iam/types'
import type { ToolConfig } from '@/tools/types'
export const listGroupsTool: ToolConfig<IAMListGroupsParams, IAMListGroupsResponse> = {
id: 'iam_list_groups',
name: 'IAM List Groups',
description: 'List IAM groups in your AWS account',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
pathPrefix: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Path prefix to filter groups',
},
maxItems: {
type: 'number',
required: false,
visibility: 'user-or-llm',
description: 'Maximum number of groups to return (1-1000, default 100)',
},
marker: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Pagination marker from a previous request',
},
},
request: {
url: '/api/tools/iam/list-groups',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
pathPrefix: params.pathPrefix,
maxItems: params.maxItems,
marker: params.marker,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to list IAM groups')
}
return {
success: true,
output: {
groups: data.groups ?? [],
isTruncated: data.isTruncated ?? false,
marker: data.marker ?? null,
count: data.count ?? 0,
},
}
},
outputs: {
groups: {
type: 'json',
description: 'List of IAM groups with groupName, groupId, arn, and path',
},
isTruncated: {
type: 'boolean',
description: 'Whether there are more results available',
},
marker: {
type: 'string',
description: 'Pagination marker for the next page of results',
optional: true,
},
count: { type: 'number', description: 'Number of groups returned' },
},
}
+111
View File
@@ -0,0 +1,111 @@
import type { IAMListPoliciesParams, IAMListPoliciesResponse } from '@/tools/iam/types'
import type { ToolConfig } from '@/tools/types'
export const listPoliciesTool: ToolConfig<IAMListPoliciesParams, IAMListPoliciesResponse> = {
id: 'iam_list_policies',
name: 'IAM List Policies',
description: 'List managed IAM policies',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
scope: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Filter by scope: All, AWS (AWS-managed), or Local (customer-managed)',
},
onlyAttached: {
type: 'boolean',
required: false,
visibility: 'user-or-llm',
description: 'If true, only return policies attached to an entity',
},
pathPrefix: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Path prefix to filter policies',
},
maxItems: {
type: 'number',
required: false,
visibility: 'user-or-llm',
description: 'Maximum number of policies to return (1-1000, default 100)',
},
marker: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Pagination marker from a previous request',
},
},
request: {
url: '/api/tools/iam/list-policies',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
scope: params.scope,
onlyAttached: params.onlyAttached,
pathPrefix: params.pathPrefix,
maxItems: params.maxItems,
marker: params.marker,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to list IAM policies')
}
return {
success: true,
output: {
policies: data.policies ?? [],
isTruncated: data.isTruncated ?? false,
marker: data.marker ?? null,
count: data.count ?? 0,
},
}
},
outputs: {
policies: {
type: 'json',
description: 'List of policies with policyName, arn, attachmentCount, and dates',
},
isTruncated: {
type: 'boolean',
description: 'Whether there are more results available',
},
marker: {
type: 'string',
description: 'Pagination marker for the next page of results',
optional: true,
},
count: { type: 'number', description: 'Number of policies returned' },
},
}
+97
View File
@@ -0,0 +1,97 @@
import type { IAMListRolesParams, IAMListRolesResponse } from '@/tools/iam/types'
import type { ToolConfig } from '@/tools/types'
export const listRolesTool: ToolConfig<IAMListRolesParams, IAMListRolesResponse> = {
id: 'iam_list_roles',
name: 'IAM List Roles',
description: 'List IAM roles in your AWS account',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
pathPrefix: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Path prefix to filter roles (e.g., /application/)',
},
maxItems: {
type: 'number',
required: false,
visibility: 'user-or-llm',
description: 'Maximum number of roles to return (1-1000, default 100)',
},
marker: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Pagination marker from a previous request',
},
},
request: {
url: '/api/tools/iam/list-roles',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
pathPrefix: params.pathPrefix,
maxItems: params.maxItems,
marker: params.marker,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to list IAM roles')
}
return {
success: true,
output: {
roles: data.roles ?? [],
isTruncated: data.isTruncated ?? false,
marker: data.marker ?? null,
count: data.count ?? 0,
},
}
},
outputs: {
roles: {
type: 'json',
description: 'List of IAM roles with roleName, roleId, arn, path, and dates',
},
isTruncated: {
type: 'boolean',
description: 'Whether there are more results available',
},
marker: {
type: 'string',
description: 'Pagination marker for the next page of results',
optional: true,
},
count: { type: 'number', description: 'Number of roles returned' },
},
}
+97
View File
@@ -0,0 +1,97 @@
import type { IAMListUsersParams, IAMListUsersResponse } from '@/tools/iam/types'
import type { ToolConfig } from '@/tools/types'
export const listUsersTool: ToolConfig<IAMListUsersParams, IAMListUsersResponse> = {
id: 'iam_list_users',
name: 'IAM List Users',
description: 'List IAM users in your AWS account',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
pathPrefix: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Path prefix to filter users (e.g., /division_abc/)',
},
maxItems: {
type: 'number',
required: false,
visibility: 'user-or-llm',
description: 'Maximum number of users to return (1-1000, default 100)',
},
marker: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Pagination marker from a previous request',
},
},
request: {
url: '/api/tools/iam/list-users',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
pathPrefix: params.pathPrefix,
maxItems: params.maxItems,
marker: params.marker,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to list IAM users')
}
return {
success: true,
output: {
users: data.users ?? [],
isTruncated: data.isTruncated ?? false,
marker: data.marker ?? null,
count: data.count ?? 0,
},
}
},
outputs: {
users: {
type: 'json',
description: 'List of IAM users with userName, userId, arn, path, and dates',
},
isTruncated: {
type: 'boolean',
description: 'Whether there are more results available',
},
marker: {
type: 'string',
description: 'Pagination marker for the next page of results',
optional: true,
},
count: { type: 'number', description: 'Number of users returned' },
},
}
@@ -0,0 +1,77 @@
import type { IAMGroupMembershipResponse, IAMRemoveUserFromGroupParams } from '@/tools/iam/types'
import type { ToolConfig } from '@/tools/types'
export const removeUserFromGroupTool: ToolConfig<
IAMRemoveUserFromGroupParams,
IAMGroupMembershipResponse
> = {
id: 'iam_remove_user_from_group',
name: 'IAM Remove User from Group',
description: 'Remove an IAM user from a group',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
userName: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The name of the IAM user',
},
groupName: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The name of the IAM group',
},
},
request: {
url: '/api/tools/iam/remove-user-from-group',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
userName: params.userName,
groupName: params.groupName,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to remove user from group')
}
return {
success: true,
output: {
message: data.message ?? '',
},
}
},
outputs: {
message: { type: 'string', description: 'Operation status message' },
},
}
@@ -0,0 +1,120 @@
import type {
IAMSimulatePrincipalPolicyParams,
IAMSimulatePrincipalPolicyResponse,
} from '@/tools/iam/types'
import type { ToolConfig } from '@/tools/types'
export const simulatePrincipalPolicyTool: ToolConfig<
IAMSimulatePrincipalPolicyParams,
IAMSimulatePrincipalPolicyResponse
> = {
id: 'iam_simulate_principal_policy',
name: 'IAM Simulate Principal Policy',
description:
'Simulate whether a user, role, or group is allowed to perform specific AWS actions — useful for pre-flight access checks',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
policySourceArn: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description:
'ARN of the user, group, or role to simulate (e.g., arn:aws:iam::123456789012:user/alice)',
},
actionNames: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description:
'Comma-separated list of AWS actions to simulate (e.g., s3:GetObject,ec2:DescribeInstances)',
},
resourceArns: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description:
'Comma-separated list of resource ARNs to simulate against (defaults to * if not provided)',
},
maxResults: {
type: 'number',
required: false,
visibility: 'user-or-llm',
description: 'Maximum number of simulation results to return (1-1000)',
},
marker: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Pagination marker from a previous request',
},
},
request: {
url: '/api/tools/iam/simulate-principal-policy',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
policySourceArn: params.policySourceArn,
actionNames: params.actionNames,
resourceArns: params.resourceArns,
maxResults: params.maxResults,
marker: params.marker,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to simulate principal policy')
}
return {
success: true,
output: {
evaluationResults: data.evaluationResults ?? [],
isTruncated: data.isTruncated ?? false,
marker: data.marker ?? null,
count: data.count ?? 0,
},
}
},
outputs: {
evaluationResults: {
type: 'json',
description:
'Simulation results per action: evalActionName, evalResourceName, evalDecision (allowed/explicitDeny/implicitDeny), matchedStatements (sourcePolicyId, sourcePolicyType), missingContextValues',
},
isTruncated: {
type: 'boolean',
description: 'Whether there are more results available',
},
marker: {
type: 'string',
description: 'Pagination marker for the next page of results',
optional: true,
},
count: { type: 'number', description: 'Number of evaluation results returned' },
},
}
+326
View File
@@ -0,0 +1,326 @@
import type { ToolResponse } from '@/tools/types'
export interface IAMConnectionConfig {
region: string
accessKeyId: string
secretAccessKey: string
}
export interface IAMListUsersParams extends IAMConnectionConfig {
pathPrefix?: string | null
maxItems?: number | null
marker?: string | null
}
export interface IAMGetUserParams extends IAMConnectionConfig {
userName?: string | null
}
export interface IAMCreateUserParams extends IAMConnectionConfig {
userName: string
path?: string | null
}
export interface IAMDeleteUserParams extends IAMConnectionConfig {
userName: string
}
export interface IAMListRolesParams extends IAMConnectionConfig {
pathPrefix?: string | null
maxItems?: number | null
marker?: string | null
}
export interface IAMGetRoleParams extends IAMConnectionConfig {
roleName: string
}
export interface IAMCreateRoleParams extends IAMConnectionConfig {
roleName: string
assumeRolePolicyDocument: string
description?: string | null
path?: string | null
maxSessionDuration?: number | null
}
export interface IAMDeleteRoleParams extends IAMConnectionConfig {
roleName: string
}
export interface IAMAttachUserPolicyParams extends IAMConnectionConfig {
userName: string
policyArn: string
}
export interface IAMDetachUserPolicyParams extends IAMConnectionConfig {
userName: string
policyArn: string
}
export interface IAMAttachRolePolicyParams extends IAMConnectionConfig {
roleName: string
policyArn: string
}
export interface IAMDetachRolePolicyParams extends IAMConnectionConfig {
roleName: string
policyArn: string
}
export interface IAMListPoliciesParams extends IAMConnectionConfig {
scope?: string | null
onlyAttached?: boolean | null
pathPrefix?: string | null
maxItems?: number | null
marker?: string | null
}
export interface IAMCreateAccessKeyParams extends IAMConnectionConfig {
userName?: string | null
}
export interface IAMDeleteAccessKeyParams extends IAMConnectionConfig {
accessKeyIdToDelete: string
userName?: string | null
}
export interface IAMListGroupsParams extends IAMConnectionConfig {
pathPrefix?: string | null
maxItems?: number | null
marker?: string | null
}
export interface IAMAddUserToGroupParams extends IAMConnectionConfig {
userName: string
groupName: string
}
export interface IAMRemoveUserFromGroupParams extends IAMConnectionConfig {
userName: string
groupName: string
}
export interface IAMBaseResponse extends ToolResponse {
output: { message: string }
error?: string
}
export interface IAMListUsersResponse extends ToolResponse {
output: {
users: Array<{
userName: string
userId: string
arn: string
path: string
createDate: string | null
passwordLastUsed: string | null
}>
isTruncated: boolean
marker: string | null
count: number
}
error?: string
}
export interface IAMGetUserResponse extends ToolResponse {
output: {
userName: string
userId: string
arn: string
path: string
createDate: string | null
passwordLastUsed: string | null
permissionsBoundaryArn: string | null
tags: Array<{ key: string; value: string }>
}
error?: string
}
export interface IAMCreateUserResponse extends ToolResponse {
output: {
message: string
userName: string
userId: string
arn: string
path: string
createDate: string | null
}
error?: string
}
export interface IAMDeleteUserResponse extends ToolResponse {
output: { message: string }
error?: string
}
export interface IAMListRolesResponse extends ToolResponse {
output: {
roles: Array<{
roleName: string
roleId: string
arn: string
path: string
createDate: string | null
description: string | null
maxSessionDuration: number | null
}>
isTruncated: boolean
marker: string | null
count: number
}
error?: string
}
export interface IAMGetRoleResponse extends ToolResponse {
output: {
roleName: string
roleId: string
arn: string
path: string
createDate: string | null
description: string | null
maxSessionDuration: number | null
assumeRolePolicyDocument: string | null
roleLastUsedDate: string | null
roleLastUsedRegion: string | null
}
error?: string
}
export interface IAMCreateRoleResponse extends ToolResponse {
output: {
message: string
roleName: string
roleId: string
arn: string
path: string
createDate: string | null
}
error?: string
}
export interface IAMDeleteRoleResponse extends ToolResponse {
output: { message: string }
error?: string
}
export interface IAMAttachPolicyResponse extends ToolResponse {
output: { message: string }
error?: string
}
export interface IAMDetachPolicyResponse extends ToolResponse {
output: { message: string }
error?: string
}
export interface IAMListPoliciesResponse extends ToolResponse {
output: {
policies: Array<{
policyName: string
policyId: string
arn: string
path: string
attachmentCount: number
isAttachable: boolean
createDate: string | null
updateDate: string | null
description: string | null
defaultVersionId: string | null
permissionsBoundaryUsageCount: number
}>
isTruncated: boolean
marker: string | null
count: number
}
error?: string
}
export interface IAMCreateAccessKeyResponse extends ToolResponse {
output: {
message: string
accessKeyId: string
secretAccessKey: string
userName: string
status: string
createDate: string | null
}
error?: string
}
export interface IAMDeleteAccessKeyResponse extends ToolResponse {
output: { message: string }
error?: string
}
export interface IAMListGroupsResponse extends ToolResponse {
output: {
groups: Array<{
groupName: string
groupId: string
arn: string
path: string
createDate: string | null
}>
isTruncated: boolean
marker: string | null
count: number
}
error?: string
}
export interface IAMGroupMembershipResponse extends ToolResponse {
output: { message: string }
error?: string
}
export interface IAMListAttachedRolePoliciesParams extends IAMConnectionConfig {
roleName: string
pathPrefix?: string | null
maxItems?: number | null
marker?: string | null
}
export interface IAMListAttachedUserPoliciesParams extends IAMConnectionConfig {
userName: string
pathPrefix?: string | null
maxItems?: number | null
marker?: string | null
}
export interface IAMSimulatePrincipalPolicyParams extends IAMConnectionConfig {
policySourceArn: string
actionNames: string
resourceArns?: string | null
maxResults?: number | null
marker?: string | null
}
export interface IAMListAttachedPoliciesResponse extends ToolResponse {
output: {
attachedPolicies: Array<{
policyName: string
policyArn: string
}>
isTruncated: boolean
marker: string | null
count: number
}
error?: string
}
export interface IAMSimulatePrincipalPolicyResponse extends ToolResponse {
output: {
evaluationResults: Array<{
evalActionName: string
evalResourceName: string
evalDecision: string
matchedStatements: Array<{ sourcePolicyId: string; sourcePolicyType: string }>
missingContextValues: string[]
}>
isTruncated: boolean
marker: string | null
count: number
}
error?: string
}