chore: import upstream snapshot with attribution
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled
Publish CLI Package / publish-npm (push) Has been cancelled
Publish Python SDK / publish-pypi (push) Has been cancelled
Publish TypeScript SDK / publish-npm (push) Has been cancelled

This commit is contained in:
wehub-resource-sync
2026-07-13 13:20:55 +08:00
commit d25d482dc2
13754 changed files with 4996608 additions and 0 deletions
@@ -0,0 +1,105 @@
import type {
IdentityCenterAssignmentStatusResponse,
IdentityCenterCheckAssignmentStatusParams,
} from '@/tools/identity_center/types'
import type { ToolConfig } from '@/tools/types'
export const checkAssignmentDeletionStatusTool: ToolConfig<
IdentityCenterCheckAssignmentStatusParams,
IdentityCenterAssignmentStatusResponse
> = {
id: 'identity_center_check_assignment_deletion_status',
name: 'Identity Center Check Assignment Deletion Status',
description: 'Check the deprovisioning status of an account assignment deletion request',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
instanceArn: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'ARN of the Identity Center instance',
},
requestId: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'Request ID returned from Delete Account Assignment',
},
},
request: {
url: '/api/tools/identity-center/check-assignment-deletion-status',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
instanceArn: params.instanceArn,
requestId: params.requestId,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to check assignment deletion status')
}
return {
success: true,
output: {
message: data.message ?? '',
status: data.status ?? '',
requestId: data.requestId ?? '',
accountId: data.accountId ?? null,
permissionSetArn: data.permissionSetArn ?? null,
principalType: data.principalType ?? null,
principalId: data.principalId ?? null,
failureReason: data.failureReason ?? null,
createdDate: data.createdDate ?? null,
},
}
},
outputs: {
message: { type: 'string', description: 'Human-readable status message' },
status: {
type: 'string',
description: 'Current deletion status: IN_PROGRESS, FAILED, or SUCCEEDED',
},
requestId: { type: 'string', description: 'The deletion request ID that was checked' },
accountId: { type: 'string', description: 'Target AWS account ID', optional: true },
permissionSetArn: { type: 'string', description: 'Permission set ARN', optional: true },
principalType: {
type: 'string',
description: 'Principal type (USER or GROUP)',
optional: true,
},
principalId: { type: 'string', description: 'Principal ID', optional: true },
failureReason: {
type: 'string',
description: 'Reason for failure if status is FAILED',
optional: true,
},
createdDate: { type: 'string', description: 'Date the request was created', optional: true },
},
}
@@ -0,0 +1,105 @@
import type {
IdentityCenterAssignmentStatusResponse,
IdentityCenterCheckAssignmentStatusParams,
} from '@/tools/identity_center/types'
import type { ToolConfig } from '@/tools/types'
export const checkAssignmentStatusTool: ToolConfig<
IdentityCenterCheckAssignmentStatusParams,
IdentityCenterAssignmentStatusResponse
> = {
id: 'identity_center_check_assignment_status',
name: 'Identity Center Check Assignment Status',
description: 'Check the provisioning status of an account assignment creation request',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
instanceArn: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'ARN of the Identity Center instance',
},
requestId: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'Request ID returned from Create or Delete Account Assignment',
},
},
request: {
url: '/api/tools/identity-center/check-assignment-status',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
instanceArn: params.instanceArn,
requestId: params.requestId,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to check assignment status')
}
return {
success: true,
output: {
message: data.message ?? '',
status: data.status ?? '',
requestId: data.requestId ?? '',
accountId: data.accountId ?? null,
permissionSetArn: data.permissionSetArn ?? null,
principalType: data.principalType ?? null,
principalId: data.principalId ?? null,
failureReason: data.failureReason ?? null,
createdDate: data.createdDate ?? null,
},
}
},
outputs: {
message: { type: 'string', description: 'Human-readable status message' },
status: {
type: 'string',
description: 'Current status: IN_PROGRESS, FAILED, or SUCCEEDED',
},
requestId: { type: 'string', description: 'The request ID that was checked' },
accountId: { type: 'string', description: 'Target AWS account ID', optional: true },
permissionSetArn: { type: 'string', description: 'Permission set ARN', optional: true },
principalType: {
type: 'string',
description: 'Principal type (USER or GROUP)',
optional: true,
},
principalId: { type: 'string', description: 'Principal ID', optional: true },
failureReason: {
type: 'string',
description: 'Reason for failure if status is FAILED',
optional: true,
},
createdDate: { type: 'string', description: 'Date the request was created', optional: true },
},
}
@@ -0,0 +1,130 @@
import type {
IdentityCenterAssignmentStatusResponse,
IdentityCenterCreateAccountAssignmentParams,
} from '@/tools/identity_center/types'
import type { ToolConfig } from '@/tools/types'
export const createAccountAssignmentTool: ToolConfig<
IdentityCenterCreateAccountAssignmentParams,
IdentityCenterAssignmentStatusResponse
> = {
id: 'identity_center_create_account_assignment',
name: 'Identity Center Create Account Assignment',
description:
'Grant a user or group access to an AWS account via a permission set (temporary elevated access)',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
instanceArn: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'ARN of the Identity Center instance',
},
accountId: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'AWS account ID to grant access to',
},
permissionSetArn: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'ARN of the permission set to assign',
},
principalType: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'Type of principal: USER or GROUP',
},
principalId: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'Identity Store ID of the user or group',
},
},
request: {
url: '/api/tools/identity-center/create-account-assignment',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
instanceArn: params.instanceArn,
accountId: params.accountId,
permissionSetArn: params.permissionSetArn,
principalType: params.principalType,
principalId: params.principalId,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to create account assignment')
}
return {
success: true,
output: {
message: data.message ?? 'Account assignment creation initiated',
status: data.status ?? '',
requestId: data.requestId ?? '',
accountId: data.accountId ?? null,
permissionSetArn: data.permissionSetArn ?? null,
principalType: data.principalType ?? null,
principalId: data.principalId ?? null,
failureReason: data.failureReason ?? null,
createdDate: data.createdDate ?? null,
},
}
},
outputs: {
message: { type: 'string', description: 'Status message' },
status: {
type: 'string',
description: 'Provisioning status: IN_PROGRESS, FAILED, or SUCCEEDED',
},
requestId: {
type: 'string',
description: 'Request ID to use with Check Assignment Status',
},
accountId: { type: 'string', description: 'Target AWS account ID', optional: true },
permissionSetArn: { type: 'string', description: 'Permission set ARN', optional: true },
principalType: {
type: 'string',
description: 'Principal type (USER or GROUP)',
optional: true,
},
principalId: { type: 'string', description: 'Principal ID', optional: true },
failureReason: {
type: 'string',
description: 'Reason for failure if status is FAILED',
optional: true,
},
createdDate: { type: 'string', description: 'Date the request was created', optional: true },
},
}
@@ -0,0 +1,130 @@
import type {
IdentityCenterAssignmentStatusResponse,
IdentityCenterDeleteAccountAssignmentParams,
} from '@/tools/identity_center/types'
import type { ToolConfig } from '@/tools/types'
export const deleteAccountAssignmentTool: ToolConfig<
IdentityCenterDeleteAccountAssignmentParams,
IdentityCenterAssignmentStatusResponse
> = {
id: 'identity_center_delete_account_assignment',
name: 'Identity Center Delete Account Assignment',
description:
'Revoke a user or group access to an AWS account by removing a permission set assignment',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
instanceArn: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'ARN of the Identity Center instance',
},
accountId: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'AWS account ID to revoke access from',
},
permissionSetArn: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'ARN of the permission set to remove',
},
principalType: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'Type of principal: USER or GROUP',
},
principalId: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'Identity Store ID of the user or group',
},
},
request: {
url: '/api/tools/identity-center/delete-account-assignment',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
instanceArn: params.instanceArn,
accountId: params.accountId,
permissionSetArn: params.permissionSetArn,
principalType: params.principalType,
principalId: params.principalId,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to delete account assignment')
}
return {
success: true,
output: {
message: data.message ?? 'Account assignment deletion initiated',
status: data.status ?? '',
requestId: data.requestId ?? '',
accountId: data.accountId ?? null,
permissionSetArn: data.permissionSetArn ?? null,
principalType: data.principalType ?? null,
principalId: data.principalId ?? null,
failureReason: data.failureReason ?? null,
createdDate: data.createdDate ?? null,
},
}
},
outputs: {
message: { type: 'string', description: 'Status message' },
status: {
type: 'string',
description: 'Deprovisioning status: IN_PROGRESS, FAILED, or SUCCEEDED',
},
requestId: {
type: 'string',
description: 'Request ID to use with Check Assignment Status',
},
accountId: { type: 'string', description: 'Target AWS account ID', optional: true },
permissionSetArn: { type: 'string', description: 'Permission set ARN', optional: true },
principalType: {
type: 'string',
description: 'Principal type (USER or GROUP)',
optional: true,
},
principalId: { type: 'string', description: 'Principal ID', optional: true },
failureReason: {
type: 'string',
description: 'Reason for failure if status is FAILED',
optional: true,
},
createdDate: { type: 'string', description: 'Date the request was created', optional: true },
},
}
@@ -0,0 +1,85 @@
import type {
IdentityCenterDescribeAccountParams,
IdentityCenterDescribeAccountResponse,
} from '@/tools/identity_center/types'
import type { ToolConfig } from '@/tools/types'
export const describeAccountTool: ToolConfig<
IdentityCenterDescribeAccountParams,
IdentityCenterDescribeAccountResponse
> = {
id: 'identity_center_describe_account',
name: 'Identity Center Describe Account',
description: 'Retrieve details about a specific AWS account by its ID',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
accountId: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'AWS account ID to describe',
},
},
request: {
url: '/api/tools/identity-center/describe-account',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
accountId: params.accountId,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to describe AWS account')
}
return {
success: true,
output: {
id: data.id ?? '',
arn: data.arn ?? '',
name: data.name ?? '',
email: data.email ?? '',
status: data.status ?? '',
joinedTimestamp: data.joinedTimestamp ?? null,
},
}
},
outputs: {
id: { type: 'string', description: 'AWS account ID' },
arn: { type: 'string', description: 'AWS account ARN' },
name: { type: 'string', description: 'Account name' },
email: { type: 'string', description: 'Root email address of the account' },
status: { type: 'string', description: 'Account status (ACTIVE, SUSPENDED, etc.)' },
joinedTimestamp: {
type: 'string',
description: 'Date the account joined the organization',
optional: true,
},
},
}
@@ -0,0 +1,82 @@
import type {
IdentityCenterGetGroupParams,
IdentityCenterGetGroupResponse,
} from '@/tools/identity_center/types'
import type { ToolConfig } from '@/tools/types'
export const getGroupTool: ToolConfig<
IdentityCenterGetGroupParams,
IdentityCenterGetGroupResponse
> = {
id: 'identity_center_get_group',
name: 'Identity Center Get Group',
description: 'Look up a group in the Identity Store by display name',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
identityStoreId: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'Identity Store ID (from the Identity Center instance)',
},
displayName: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'Display name of the group to look up',
},
},
request: {
url: '/api/tools/identity-center/get-group',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
identityStoreId: params.identityStoreId,
displayName: params.displayName,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to get group from Identity Store')
}
return {
success: true,
output: {
groupId: data.groupId ?? '',
displayName: data.displayName ?? null,
description: data.description ?? null,
},
}
},
outputs: {
groupId: { type: 'string', description: 'Identity Store group ID (use as principalId)' },
displayName: { type: 'string', description: 'Display name of the group', optional: true },
description: { type: 'string', description: 'Group description', optional: true },
},
}
@@ -0,0 +1,81 @@
import type {
IdentityCenterGetUserParams,
IdentityCenterGetUserResponse,
} from '@/tools/identity_center/types'
import type { ToolConfig } from '@/tools/types'
export const getUserTool: ToolConfig<IdentityCenterGetUserParams, IdentityCenterGetUserResponse> = {
id: 'identity_center_get_user',
name: 'Identity Center Get User',
description: 'Look up a user in the Identity Store by email address',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
identityStoreId: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'Identity Store ID (from the Identity Center instance)',
},
email: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'Email address of the user to look up',
},
},
request: {
url: '/api/tools/identity-center/get-user',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
identityStoreId: params.identityStoreId,
email: params.email,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to get user from Identity Store')
}
return {
success: true,
output: {
userId: data.userId ?? '',
userName: data.userName ?? '',
displayName: data.displayName ?? null,
email: data.email ?? null,
},
}
},
outputs: {
userId: { type: 'string', description: 'Identity Store user ID (use as principalId)' },
userName: { type: 'string', description: 'Username in the Identity Store' },
displayName: { type: 'string', description: 'Display name of the user', optional: true },
email: { type: 'string', description: 'Email address of the user', optional: true },
},
}
+13
View File
@@ -0,0 +1,13 @@
export { checkAssignmentDeletionStatusTool as identityCenterCheckAssignmentDeletionStatusTool } from './check_assignment_deletion_status'
export { checkAssignmentStatusTool as identityCenterCheckAssignmentStatusTool } from './check_assignment_status'
export { createAccountAssignmentTool as identityCenterCreateAccountAssignmentTool } from './create_account_assignment'
export { deleteAccountAssignmentTool as identityCenterDeleteAccountAssignmentTool } from './delete_account_assignment'
export { describeAccountTool as identityCenterDescribeAccountTool } from './describe_account'
export { getGroupTool as identityCenterGetGroupTool } from './get_group'
export { getUserTool as identityCenterGetUserTool } from './get_user'
export { listAccountAssignmentsTool as identityCenterListAccountAssignmentsTool } from './list_account_assignments'
export { listAccountsTool as identityCenterListAccountsTool } from './list_accounts'
export { listGroupsTool as identityCenterListGroupsTool } from './list_groups'
export { listInstancesTool as identityCenterListInstancesTool } from './list_instances'
export { listPermissionSetsTool as identityCenterListPermissionSetsTool } from './list_permission_sets'
export * from './types'
@@ -0,0 +1,111 @@
import type {
IdentityCenterListAccountAssignmentsParams,
IdentityCenterListAccountAssignmentsResponse,
} from '@/tools/identity_center/types'
import type { ToolConfig } from '@/tools/types'
export const listAccountAssignmentsTool: ToolConfig<
IdentityCenterListAccountAssignmentsParams,
IdentityCenterListAccountAssignmentsResponse
> = {
id: 'identity_center_list_account_assignments',
name: 'Identity Center List Account Assignments',
description: 'List all account assignments for a specific user or group across all accounts',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
instanceArn: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'ARN of the Identity Center instance',
},
principalId: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'Identity Store ID of the user or group',
},
principalType: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'Type of principal: USER or GROUP',
},
maxResults: {
type: 'number',
required: false,
visibility: 'user-or-llm',
description: 'Maximum number of assignments to return',
},
nextToken: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Pagination token from a previous request',
},
},
request: {
url: '/api/tools/identity-center/list-account-assignments',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
instanceArn: params.instanceArn,
principalId: params.principalId,
principalType: params.principalType,
maxResults: params.maxResults,
nextToken: params.nextToken,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to list account assignments')
}
return {
success: true,
output: {
assignments: data.assignments ?? [],
nextToken: data.nextToken ?? null,
count: data.count ?? 0,
},
}
},
outputs: {
assignments: {
type: 'json',
description:
'List of account assignments with accountId, permissionSetArn, principalType, principalId',
},
nextToken: {
type: 'string',
description: 'Pagination token for the next page of results',
optional: true,
},
count: { type: 'number', description: 'Number of assignments returned' },
},
}
@@ -0,0 +1,89 @@
import type {
IdentityCenterListAccountsParams,
IdentityCenterListAccountsResponse,
} from '@/tools/identity_center/types'
import type { ToolConfig } from '@/tools/types'
export const listAccountsTool: ToolConfig<
IdentityCenterListAccountsParams,
IdentityCenterListAccountsResponse
> = {
id: 'identity_center_list_accounts',
name: 'Identity Center List Accounts',
description: 'List all AWS accounts in your organization',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
maxResults: {
type: 'number',
required: false,
visibility: 'user-or-llm',
description: 'Maximum number of accounts to return',
},
nextToken: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Pagination token from a previous request',
},
},
request: {
url: '/api/tools/identity-center/list-accounts',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
maxResults: params.maxResults,
nextToken: params.nextToken,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to list AWS accounts')
}
return {
success: true,
output: {
accounts: data.accounts ?? [],
nextToken: data.nextToken ?? null,
count: data.count ?? 0,
},
}
},
outputs: {
accounts: {
type: 'json',
description: 'List of AWS accounts with id, arn, name, email, status',
},
nextToken: {
type: 'string',
description: 'Pagination token for the next page of results',
optional: true,
},
count: { type: 'number', description: 'Number of accounts returned' },
},
}
@@ -0,0 +1,96 @@
import type {
IdentityCenterListGroupsParams,
IdentityCenterListGroupsResponse,
} from '@/tools/identity_center/types'
import type { ToolConfig } from '@/tools/types'
export const listGroupsTool: ToolConfig<
IdentityCenterListGroupsParams,
IdentityCenterListGroupsResponse
> = {
id: 'identity_center_list_groups',
name: 'Identity Center List Groups',
description: 'List all groups in the Identity Store',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
identityStoreId: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'Identity Store ID (from the Identity Center instance)',
},
maxResults: {
type: 'number',
required: false,
visibility: 'user-or-llm',
description: 'Maximum number of groups to return',
},
nextToken: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Pagination token from a previous request',
},
},
request: {
url: '/api/tools/identity-center/list-groups',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
identityStoreId: params.identityStoreId,
maxResults: params.maxResults,
nextToken: params.nextToken,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to list groups')
}
return {
success: true,
output: {
groups: data.groups ?? [],
nextToken: data.nextToken ?? null,
count: data.count ?? 0,
},
}
},
outputs: {
groups: {
type: 'json',
description: 'List of groups with groupId, displayName, description',
},
nextToken: {
type: 'string',
description: 'Pagination token for the next page of results',
optional: true,
},
count: { type: 'number', description: 'Number of groups returned' },
},
}
@@ -0,0 +1,90 @@
import type {
IdentityCenterListInstancesParams,
IdentityCenterListInstancesResponse,
} from '@/tools/identity_center/types'
import type { ToolConfig } from '@/tools/types'
export const listInstancesTool: ToolConfig<
IdentityCenterListInstancesParams,
IdentityCenterListInstancesResponse
> = {
id: 'identity_center_list_instances',
name: 'Identity Center List Instances',
description: 'List all AWS IAM Identity Center instances in your account',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
maxResults: {
type: 'number',
required: false,
visibility: 'user-or-llm',
description: 'Maximum number of instances to return (1-100)',
},
nextToken: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Pagination token from a previous request',
},
},
request: {
url: '/api/tools/identity-center/list-instances',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
maxResults: params.maxResults,
nextToken: params.nextToken,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to list Identity Center instances')
}
return {
success: true,
output: {
instances: data.instances ?? [],
nextToken: data.nextToken ?? null,
count: data.count ?? 0,
},
}
},
outputs: {
instances: {
type: 'json',
description:
'List of Identity Center instances with instanceArn, identityStoreId, name, status, statusReason',
},
nextToken: {
type: 'string',
description: 'Pagination token for the next page of results',
optional: true,
},
count: { type: 'number', description: 'Number of instances returned' },
},
}
@@ -0,0 +1,97 @@
import type {
IdentityCenterListPermissionSetsParams,
IdentityCenterListPermissionSetsResponse,
} from '@/tools/identity_center/types'
import type { ToolConfig } from '@/tools/types'
export const listPermissionSetsTool: ToolConfig<
IdentityCenterListPermissionSetsParams,
IdentityCenterListPermissionSetsResponse
> = {
id: 'identity_center_list_permission_sets',
name: 'Identity Center List Permission Sets',
description: 'List all permission sets defined in an IAM Identity Center instance',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
instanceArn: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'ARN of the Identity Center instance',
},
maxResults: {
type: 'number',
required: false,
visibility: 'user-or-llm',
description: 'Maximum number of permission sets to return',
},
nextToken: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Pagination token from a previous request',
},
},
request: {
url: '/api/tools/identity-center/list-permission-sets',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
instanceArn: params.instanceArn,
maxResults: params.maxResults,
nextToken: params.nextToken,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to list permission sets')
}
return {
success: true,
output: {
permissionSets: data.permissionSets ?? [],
nextToken: data.nextToken ?? null,
count: data.count ?? 0,
},
}
},
outputs: {
permissionSets: {
type: 'json',
description:
'List of permission sets with permissionSetArn, name, description, sessionDuration',
},
nextToken: {
type: 'string',
description: 'Pagination token for the next page of results',
optional: true,
},
count: { type: 'number', description: 'Number of permission sets returned' },
},
}
+201
View File
@@ -0,0 +1,201 @@
import type { ToolResponse } from '@/tools/types'
export interface IdentityCenterConnectionConfig {
region: string
accessKeyId: string
secretAccessKey: string
}
export interface IdentityCenterListInstancesParams extends IdentityCenterConnectionConfig {
maxResults?: number | null
nextToken?: string | null
}
export interface IdentityCenterListAccountsParams extends IdentityCenterConnectionConfig {
maxResults?: number | null
nextToken?: string | null
}
export interface IdentityCenterListPermissionSetsParams extends IdentityCenterConnectionConfig {
instanceArn: string
maxResults?: number | null
nextToken?: string | null
}
export interface IdentityCenterGetUserParams extends IdentityCenterConnectionConfig {
identityStoreId: string
email: string
}
export interface IdentityCenterCreateAccountAssignmentParams
extends IdentityCenterConnectionConfig {
instanceArn: string
accountId: string
permissionSetArn: string
principalType: 'USER' | 'GROUP'
principalId: string
}
export interface IdentityCenterDeleteAccountAssignmentParams
extends IdentityCenterConnectionConfig {
instanceArn: string
accountId: string
permissionSetArn: string
principalType: 'USER' | 'GROUP'
principalId: string
}
export interface IdentityCenterCheckAssignmentStatusParams extends IdentityCenterConnectionConfig {
instanceArn: string
requestId: string
}
export interface IdentityCenterListAccountAssignmentsParams extends IdentityCenterConnectionConfig {
instanceArn: string
principalId: string
principalType: 'USER' | 'GROUP'
maxResults?: number | null
nextToken?: string | null
}
export interface IdentityCenterListGroupsParams extends IdentityCenterConnectionConfig {
identityStoreId: string
maxResults?: number | null
nextToken?: string | null
}
export interface IdentityCenterGetGroupParams extends IdentityCenterConnectionConfig {
identityStoreId: string
displayName: string
}
export interface IdentityCenterDescribeAccountParams extends IdentityCenterConnectionConfig {
accountId: string
}
export interface IdentityCenterBaseResponse extends ToolResponse {
output: { message: string }
error?: string
}
export interface IdentityCenterListInstancesResponse extends ToolResponse {
output: {
instances: Array<{
instanceArn: string
identityStoreId: string
name: string | null
status: string
statusReason: string | null
ownerAccountId: string | null
createdDate: string | null
}>
nextToken: string | null
count: number
}
error?: string
}
export interface IdentityCenterListAccountsResponse extends ToolResponse {
output: {
accounts: Array<{
id: string
arn: string
name: string
email: string
status: string
joinedTimestamp: string | null
}>
nextToken: string | null
count: number
}
error?: string
}
export interface IdentityCenterListPermissionSetsResponse extends ToolResponse {
output: {
permissionSets: Array<{
permissionSetArn: string
name: string
description: string | null
sessionDuration: string | null
createdDate: string | null
}>
nextToken: string | null
count: number
}
error?: string
}
export interface IdentityCenterGetUserResponse extends ToolResponse {
output: {
userId: string
userName: string
displayName: string | null
email: string | null
}
error?: string
}
export interface IdentityCenterAssignmentStatusResponse extends ToolResponse {
output: {
message: string
status: string
requestId: string
accountId: string | null
permissionSetArn: string | null
principalType: string | null
principalId: string | null
failureReason: string | null
createdDate: string | null
}
error?: string
}
export interface IdentityCenterListAccountAssignmentsResponse extends ToolResponse {
output: {
assignments: Array<{
accountId: string
permissionSetArn: string
principalType: string
principalId: string
}>
nextToken: string | null
count: number
}
error?: string
}
export interface IdentityCenterListGroupsResponse extends ToolResponse {
output: {
groups: Array<{
groupId: string
displayName: string | null
description: string | null
externalIds: Array<{ issuer: string; id: string }>
}>
nextToken: string | null
count: number
}
error?: string
}
export interface IdentityCenterGetGroupResponse extends ToolResponse {
output: {
groupId: string
displayName: string | null
description: string | null
}
error?: string
}
export interface IdentityCenterDescribeAccountResponse extends ToolResponse {
output: {
id: string
arn: string
name: string
email: string
status: string
joinedTimestamp: string | null
}
error?: string
}