chore: import upstream snapshot with attribution
Publish CLI Package / publish-npm (push) Waiting to run
Publish Python SDK / publish-pypi (push) Waiting to run
Publish TypeScript SDK / publish-npm (push) Waiting to run
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled

This commit is contained in:
wehub-resource-sync
2026-07-13 13:20:55 +08:00
commit d25d482dc2
13754 changed files with 4996608 additions and 0 deletions
@@ -0,0 +1,94 @@
import type {
SecretsManagerCreateSecretParams,
SecretsManagerCreateSecretResponse,
} from '@/tools/secrets_manager/types'
import type { ToolConfig } from '@/tools/types'
export const createSecretTool: ToolConfig<
SecretsManagerCreateSecretParams,
SecretsManagerCreateSecretResponse
> = {
id: 'secrets_manager_create_secret',
name: 'Secrets Manager Create Secret',
description: 'Create a new secret in AWS Secrets Manager',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
name: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'Name of the secret to create',
},
secretValue: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The secret value (plain text or JSON string)',
},
description: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Description of the secret',
},
},
request: {
url: '/api/tools/secrets_manager/create-secret',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
name: params.name,
secretValue: params.secretValue,
description: params.description,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to create secret')
}
return {
success: true,
output: {
message: data.message || 'Secret created successfully',
name: data.name ?? '',
arn: data.arn ?? '',
versionId: data.versionId ?? '',
},
error: undefined,
}
},
outputs: {
message: { type: 'string', description: 'Operation status message' },
name: { type: 'string', description: 'Name of the created secret' },
arn: { type: 'string', description: 'ARN of the created secret' },
versionId: { type: 'string', description: 'Version ID of the created secret' },
},
}
@@ -0,0 +1,94 @@
import type {
SecretsManagerDeleteSecretParams,
SecretsManagerDeleteSecretResponse,
} from '@/tools/secrets_manager/types'
import type { ToolConfig } from '@/tools/types'
export const deleteSecretTool: ToolConfig<
SecretsManagerDeleteSecretParams,
SecretsManagerDeleteSecretResponse
> = {
id: 'secrets_manager_delete_secret',
name: 'Secrets Manager Delete Secret',
description: 'Delete a secret from AWS Secrets Manager',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
secretId: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The name or ARN of the secret to delete',
},
recoveryWindowInDays: {
type: 'number',
required: false,
visibility: 'user-or-llm',
description: 'Number of days before permanent deletion (7-30, default 30)',
},
forceDelete: {
type: 'boolean',
required: false,
visibility: 'user-or-llm',
description: 'If true, immediately delete without recovery window',
},
},
request: {
url: '/api/tools/secrets_manager/delete-secret',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
secretId: params.secretId,
recoveryWindowInDays: params.recoveryWindowInDays,
forceDelete: params.forceDelete,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to delete secret')
}
return {
success: true,
output: {
message: data.message || 'Secret scheduled for deletion',
name: data.name ?? '',
arn: data.arn ?? '',
deletionDate: data.deletionDate ?? null,
},
error: undefined,
}
},
outputs: {
message: { type: 'string', description: 'Operation status message' },
name: { type: 'string', description: 'Name of the deleted secret' },
arn: { type: 'string', description: 'ARN of the deleted secret' },
deletionDate: { type: 'string', description: 'Scheduled deletion date', optional: true },
},
}
@@ -0,0 +1,152 @@
import type {
SecretsManagerDescribeSecretParams,
SecretsManagerDescribeSecretResponse,
} from '@/tools/secrets_manager/types'
import type { ToolConfig } from '@/tools/types'
export const describeSecretTool: ToolConfig<
SecretsManagerDescribeSecretParams,
SecretsManagerDescribeSecretResponse
> = {
id: 'secrets_manager_describe_secret',
name: 'Secrets Manager Describe Secret',
description:
'Retrieve full metadata for a secret in AWS Secrets Manager, including rotation configuration and replication status, without exposing the secret value',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
secretId: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The name or ARN of the secret to describe',
},
},
request: {
url: '/api/tools/secrets_manager/describe-secret',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
secretId: params.secretId,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to describe secret')
}
return {
success: true,
output: {
name: data.name ?? '',
arn: data.arn ?? '',
description: data.description ?? null,
kmsKeyId: data.kmsKeyId ?? null,
rotationEnabled: data.rotationEnabled ?? false,
rotationLambdaARN: data.rotationLambdaARN ?? null,
rotationRules: data.rotationRules ?? null,
lastRotatedDate: data.lastRotatedDate ?? null,
lastChangedDate: data.lastChangedDate ?? null,
lastAccessedDate: data.lastAccessedDate ?? null,
deletedDate: data.deletedDate ?? null,
nextRotationDate: data.nextRotationDate ?? null,
tags: data.tags ?? [],
versionIdsToStages: data.versionIdsToStages ?? null,
owningService: data.owningService ?? null,
createdDate: data.createdDate ?? null,
primaryRegion: data.primaryRegion ?? null,
replicationStatus: data.replicationStatus ?? [],
},
error: undefined,
}
},
outputs: {
name: { type: 'string', description: 'Name of the secret' },
arn: { type: 'string', description: 'ARN of the secret' },
description: { type: 'string', description: 'Description of the secret', optional: true },
kmsKeyId: {
type: 'string',
description: 'KMS key ID used to encrypt the secret',
optional: true,
},
rotationEnabled: { type: 'boolean', description: 'Whether automatic rotation is enabled' },
rotationLambdaARN: {
type: 'string',
description: 'ARN of the Lambda function used for rotation',
optional: true,
},
rotationRules: {
type: 'json',
description: 'Rotation schedule configuration',
optional: true,
},
lastRotatedDate: {
type: 'string',
description: 'Date the secret was last rotated',
optional: true,
},
lastChangedDate: {
type: 'string',
description: 'Date the secret was last changed',
optional: true,
},
lastAccessedDate: {
type: 'string',
description: 'Date the secret was last accessed',
optional: true,
},
deletedDate: { type: 'string', description: 'Scheduled deletion date', optional: true },
nextRotationDate: {
type: 'string',
description: 'Date the secret is next scheduled to rotate',
optional: true,
},
tags: { type: 'array', description: 'Tags attached to the secret' },
versionIdsToStages: {
type: 'json',
description: 'Map of version IDs to their staging labels',
optional: true,
},
owningService: {
type: 'string',
description: 'ID of the AWS service that manages this secret, if any',
optional: true,
},
createdDate: { type: 'string', description: 'Date the secret was created', optional: true },
primaryRegion: {
type: 'string',
description: 'The primary region of the secret, if replicated',
optional: true,
},
replicationStatus: {
type: 'array',
description: 'Replication status for each region the secret is replicated to',
},
},
}
@@ -0,0 +1,98 @@
import type {
SecretsManagerGetSecretParams,
SecretsManagerGetSecretResponse,
} from '@/tools/secrets_manager/types'
import type { ToolConfig } from '@/tools/types'
export const getSecretTool: ToolConfig<
SecretsManagerGetSecretParams,
SecretsManagerGetSecretResponse
> = {
id: 'secrets_manager_get_secret',
name: 'Secrets Manager Get Secret',
description: 'Retrieve a secret value from AWS Secrets Manager',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
secretId: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The name or ARN of the secret to retrieve',
},
versionId: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'The unique identifier of the version to retrieve',
},
versionStage: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'The staging label of the version to retrieve (e.g., AWSCURRENT, AWSPREVIOUS)',
},
},
request: {
url: '/api/tools/secrets_manager/get-secret',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
secretId: params.secretId,
versionId: params.versionId,
versionStage: params.versionStage,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to retrieve secret')
}
return {
success: true,
output: {
name: data.name ?? '',
secretValue: data.secretValue ?? '',
arn: data.arn ?? '',
versionId: data.versionId ?? '',
versionStages: data.versionStages ?? [],
createdDate: data.createdDate ?? null,
},
error: undefined,
}
},
outputs: {
name: { type: 'string', description: 'Name of the secret' },
secretValue: { type: 'string', description: 'The decrypted secret value' },
arn: { type: 'string', description: 'ARN of the secret' },
versionId: { type: 'string', description: 'Version ID of the secret' },
versionStages: { type: 'array', description: 'Staging labels attached to this version' },
createdDate: { type: 'string', description: 'Date the secret was created' },
},
}
+21
View File
@@ -0,0 +1,21 @@
import { createSecretTool } from './create_secret'
import { deleteSecretTool } from './delete_secret'
import { describeSecretTool } from './describe_secret'
import { getSecretTool } from './get_secret'
import { listSecretsTool } from './list_secrets'
import { restoreSecretTool } from './restore_secret'
import { rotateSecretTool } from './rotate_secret'
import { tagResourceTool } from './tag_resource'
import { untagResourceTool } from './untag_resource'
import { updateSecretTool } from './update_secret'
export const secretsManagerGetSecretTool = getSecretTool
export const secretsManagerListSecretsTool = listSecretsTool
export const secretsManagerCreateSecretTool = createSecretTool
export const secretsManagerUpdateSecretTool = updateSecretTool
export const secretsManagerDeleteSecretTool = deleteSecretTool
export const secretsManagerDescribeSecretTool = describeSecretTool
export const secretsManagerTagResourceTool = tagResourceTool
export const secretsManagerUntagResourceTool = untagResourceTool
export const secretsManagerRestoreSecretTool = restoreSecretTool
export const secretsManagerRotateSecretTool = rotateSecretTool
@@ -0,0 +1,93 @@
import type {
SecretsManagerListSecretsParams,
SecretsManagerListSecretsResponse,
} from '@/tools/secrets_manager/types'
import type { ToolConfig } from '@/tools/types'
export const listSecretsTool: ToolConfig<
SecretsManagerListSecretsParams,
SecretsManagerListSecretsResponse
> = {
id: 'secrets_manager_list_secrets',
name: 'Secrets Manager List Secrets',
description: 'List secrets stored in AWS Secrets Manager',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
maxResults: {
type: 'number',
required: false,
visibility: 'user-or-llm',
description: 'Maximum number of secrets to return (1-100, default 100)',
},
nextToken: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Pagination token from a previous request',
},
},
request: {
url: '/api/tools/secrets_manager/list-secrets',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
maxResults: params.maxResults,
nextToken: params.nextToken,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to list secrets')
}
return {
success: true,
output: {
secrets: data.secrets ?? [],
nextToken: data.nextToken ?? null,
count: data.count ?? 0,
},
error: undefined,
}
},
outputs: {
secrets: {
type: 'json',
description:
'List of secrets with name, ARN, description, dates, rotation rules/window, and version-to-stage mappings',
},
nextToken: {
type: 'string',
description: 'Pagination token for the next page of results',
optional: true,
},
count: { type: 'number', description: 'Number of secrets returned' },
},
}
@@ -0,0 +1,79 @@
import type {
SecretsManagerRestoreSecretParams,
SecretsManagerRestoreSecretResponse,
} from '@/tools/secrets_manager/types'
import type { ToolConfig } from '@/tools/types'
export const restoreSecretTool: ToolConfig<
SecretsManagerRestoreSecretParams,
SecretsManagerRestoreSecretResponse
> = {
id: 'secrets_manager_restore_secret',
name: 'Secrets Manager Restore Secret',
description:
'Cancel a scheduled deletion for a secret in AWS Secrets Manager, restoring access to it',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
secretId: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The name or ARN of the secret to restore',
},
},
request: {
url: '/api/tools/secrets_manager/restore-secret',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
secretId: params.secretId,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to restore secret')
}
return {
success: true,
output: {
message: data.message || 'Secret restored successfully',
name: data.name ?? '',
arn: data.arn ?? '',
},
error: undefined,
}
},
outputs: {
message: { type: 'string', description: 'Operation status message' },
name: { type: 'string', description: 'Name of the restored secret' },
arn: { type: 'string', description: 'ARN of the restored secret' },
},
}
@@ -0,0 +1,124 @@
import type {
SecretsManagerRotateSecretParams,
SecretsManagerRotateSecretResponse,
} from '@/tools/secrets_manager/types'
import type { ToolConfig } from '@/tools/types'
export const rotateSecretTool: ToolConfig<
SecretsManagerRotateSecretParams,
SecretsManagerRotateSecretResponse
> = {
id: 'secrets_manager_rotate_secret',
name: 'Secrets Manager Rotate Secret',
description: 'Start or reconfigure rotation for a secret in AWS Secrets Manager',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
secretId: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The name or ARN of the secret to rotate',
},
clientRequestToken: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Idempotency token for the new secret version (32-64 characters)',
},
rotationLambdaARN: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'ARN of the Lambda function that performs rotation (omit for managed rotation)',
},
automaticallyAfterDays: {
type: 'number',
required: false,
visibility: 'user-or-llm',
description:
'Number of days between rotations (1-1000). Mutually exclusive with schedule expression',
},
duration: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Length of the rotation window in hours, e.g. "3h"',
},
scheduleExpression: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'A cron() or rate() expression defining the rotation schedule',
},
rotateImmediately: {
type: 'boolean',
required: false,
visibility: 'user-or-llm',
description:
'Whether to rotate immediately (default true) or wait for the next scheduled window',
},
},
request: {
url: '/api/tools/secrets_manager/rotate-secret',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
secretId: params.secretId,
clientRequestToken: params.clientRequestToken,
rotationLambdaARN: params.rotationLambdaARN,
automaticallyAfterDays: params.automaticallyAfterDays,
duration: params.duration,
scheduleExpression: params.scheduleExpression,
rotateImmediately: params.rotateImmediately,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to rotate secret')
}
return {
success: true,
output: {
message: data.message || 'Rotation started successfully',
name: data.name ?? '',
arn: data.arn ?? '',
versionId: data.versionId ?? '',
},
error: undefined,
}
},
outputs: {
message: { type: 'string', description: 'Operation status message' },
name: { type: 'string', description: 'Name of the secret' },
arn: { type: 'string', description: 'ARN of the secret' },
versionId: { type: 'string', description: 'ID of the new secret version created by rotation' },
},
}
@@ -0,0 +1,83 @@
import type {
SecretsManagerTagResourceParams,
SecretsManagerTagResourceResponse,
} from '@/tools/secrets_manager/types'
import type { ToolConfig } from '@/tools/types'
export const tagResourceTool: ToolConfig<
SecretsManagerTagResourceParams,
SecretsManagerTagResourceResponse
> = {
id: 'secrets_manager_tag_resource',
name: 'Secrets Manager Tag Resource',
description: 'Attach tags to a secret in AWS Secrets Manager',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
secretId: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The name or ARN of the secret to tag',
},
tags: {
type: 'json',
required: true,
visibility: 'user-or-llm',
description: 'Tags to attach, as an array of {key, value} pairs (max 50)',
},
},
request: {
url: '/api/tools/secrets_manager/tag-resource',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
secretId: params.secretId,
tags: params.tags,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to tag secret')
}
return {
success: true,
output: {
message: data.message || 'Secret tagged successfully',
name: data.name ?? '',
},
error: undefined,
}
},
outputs: {
message: { type: 'string', description: 'Operation status message' },
name: { type: 'string', description: 'Name or ARN of the tagged secret' },
},
}
+207
View File
@@ -0,0 +1,207 @@
import type { ToolResponse } from '@/tools/types'
export interface SecretsManagerConnectionConfig {
region: string
accessKeyId: string
secretAccessKey: string
}
export interface SecretsManagerGetSecretParams extends SecretsManagerConnectionConfig {
secretId: string
versionId?: string | null
versionStage?: string | null
}
export interface SecretsManagerListSecretsParams extends SecretsManagerConnectionConfig {
maxResults?: number | null
nextToken?: string | null
}
export interface SecretsManagerCreateSecretParams extends SecretsManagerConnectionConfig {
name: string
secretValue: string
description?: string | null
}
export interface SecretsManagerUpdateSecretParams extends SecretsManagerConnectionConfig {
secretId: string
secretValue: string
description?: string | null
}
export interface SecretsManagerDeleteSecretParams extends SecretsManagerConnectionConfig {
secretId: string
recoveryWindowInDays?: number | null
forceDelete?: boolean | null
}
export interface SecretsManagerBaseResponse extends ToolResponse {
output: { message: string }
error?: string
}
export interface SecretsManagerGetSecretResponse extends ToolResponse {
output: {
name: string
secretValue: string
arn: string
versionId: string
versionStages: string[]
createdDate: string | null
}
error?: string
}
export interface SecretsManagerRotationRules {
automaticallyAfterDays: number | null
duration: string | null
scheduleExpression: string | null
}
export interface SecretsManagerListSecretsResponse extends ToolResponse {
output: {
secrets: Array<{
name: string
arn: string
description: string | null
createdDate: string | null
lastChangedDate: string | null
lastAccessedDate: string | null
rotationEnabled: boolean
tags: Array<{ key: string; value: string }>
rotationRules: SecretsManagerRotationRules | null
lastRotatedDate: string | null
nextRotationDate: string | null
deletedDate: string | null
secretVersionsToStages: Record<string, string[]> | null
}>
nextToken: string | null
count: number
}
error?: string
}
export interface SecretsManagerCreateSecretResponse extends ToolResponse {
output: {
message: string
name: string
arn: string
versionId: string
}
error?: string
}
export interface SecretsManagerUpdateSecretResponse extends ToolResponse {
output: {
message: string
name: string
arn: string
versionId: string
}
error?: string
}
export interface SecretsManagerDeleteSecretResponse extends ToolResponse {
output: {
message: string
name: string
arn: string
deletionDate: string | null
}
error?: string
}
export interface SecretsManagerDescribeSecretParams extends SecretsManagerConnectionConfig {
secretId: string
}
export interface SecretsManagerReplicationStatus {
region: string
kmsKeyId: string | null
status: string | null
statusMessage: string | null
lastAccessedDate: string | null
}
export interface SecretsManagerDescribeSecretResponse extends ToolResponse {
output: {
name: string
arn: string
description: string | null
kmsKeyId: string | null
rotationEnabled: boolean
rotationLambdaARN: string | null
rotationRules: SecretsManagerRotationRules | null
lastRotatedDate: string | null
lastChangedDate: string | null
lastAccessedDate: string | null
deletedDate: string | null
nextRotationDate: string | null
tags: Array<{ key: string; value: string }>
versionIdsToStages: Record<string, string[]> | null
owningService: string | null
createdDate: string | null
primaryRegion: string | null
replicationStatus: SecretsManagerReplicationStatus[]
}
error?: string
}
export interface SecretsManagerTagResourceParams extends SecretsManagerConnectionConfig {
secretId: string
tags: Array<{ key: string; value: string }>
}
export interface SecretsManagerTagResourceResponse extends ToolResponse {
output: {
message: string
name: string
}
error?: string
}
export interface SecretsManagerUntagResourceParams extends SecretsManagerConnectionConfig {
secretId: string
tagKeys: string[]
}
export interface SecretsManagerUntagResourceResponse extends ToolResponse {
output: {
message: string
name: string
}
error?: string
}
export interface SecretsManagerRestoreSecretParams extends SecretsManagerConnectionConfig {
secretId: string
}
export interface SecretsManagerRestoreSecretResponse extends ToolResponse {
output: {
message: string
name: string
arn: string
}
error?: string
}
export interface SecretsManagerRotateSecretParams extends SecretsManagerConnectionConfig {
secretId: string
clientRequestToken?: string | null
rotationLambdaARN?: string | null
automaticallyAfterDays?: number | null
duration?: string | null
scheduleExpression?: string | null
rotateImmediately?: boolean | null
}
export interface SecretsManagerRotateSecretResponse extends ToolResponse {
output: {
message: string
name: string
arn: string
versionId: string
}
error?: string
}
@@ -0,0 +1,83 @@
import type {
SecretsManagerUntagResourceParams,
SecretsManagerUntagResourceResponse,
} from '@/tools/secrets_manager/types'
import type { ToolConfig } from '@/tools/types'
export const untagResourceTool: ToolConfig<
SecretsManagerUntagResourceParams,
SecretsManagerUntagResourceResponse
> = {
id: 'secrets_manager_untag_resource',
name: 'Secrets Manager Untag Resource',
description: 'Remove tags from a secret in AWS Secrets Manager',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
secretId: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The name or ARN of the secret to untag',
},
tagKeys: {
type: 'json',
required: true,
visibility: 'user-or-llm',
description: 'Tag keys to remove, as an array of strings (max 50)',
},
},
request: {
url: '/api/tools/secrets_manager/untag-resource',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
secretId: params.secretId,
tagKeys: params.tagKeys,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to untag secret')
}
return {
success: true,
output: {
message: data.message || 'Secret untagged successfully',
name: data.name ?? '',
},
error: undefined,
}
},
outputs: {
message: { type: 'string', description: 'Operation status message' },
name: { type: 'string', description: 'Name or ARN of the untagged secret' },
},
}
@@ -0,0 +1,94 @@
import type {
SecretsManagerUpdateSecretParams,
SecretsManagerUpdateSecretResponse,
} from '@/tools/secrets_manager/types'
import type { ToolConfig } from '@/tools/types'
export const updateSecretTool: ToolConfig<
SecretsManagerUpdateSecretParams,
SecretsManagerUpdateSecretResponse
> = {
id: 'secrets_manager_update_secret',
name: 'Secrets Manager Update Secret',
description: 'Update the value of an existing secret in AWS Secrets Manager',
version: '1.0.0',
params: {
region: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS region (e.g., us-east-1)',
},
accessKeyId: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS access key ID',
},
secretAccessKey: {
type: 'string',
required: true,
visibility: 'user-only',
description: 'AWS secret access key',
},
secretId: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The name or ARN of the secret to update',
},
secretValue: {
type: 'string',
required: true,
visibility: 'user-or-llm',
description: 'The new secret value (plain text or JSON string)',
},
description: {
type: 'string',
required: false,
visibility: 'user-or-llm',
description: 'Updated description of the secret',
},
},
request: {
url: '/api/tools/secrets_manager/update-secret',
method: 'POST',
headers: () => ({ 'Content-Type': 'application/json' }),
body: (params) => ({
region: params.region,
accessKeyId: params.accessKeyId,
secretAccessKey: params.secretAccessKey,
secretId: params.secretId,
secretValue: params.secretValue,
description: params.description,
}),
},
transformResponse: async (response: Response) => {
const data = await response.json()
if (!response.ok) {
throw new Error(data.error || 'Failed to update secret')
}
return {
success: true,
output: {
message: data.message || 'Secret updated successfully',
name: data.name ?? '',
arn: data.arn ?? '',
versionId: data.versionId ?? '',
},
error: undefined,
}
},
outputs: {
message: { type: 'string', description: 'Operation status message' },
name: { type: 'string', description: 'Name of the updated secret' },
arn: { type: 'string', description: 'ARN of the updated secret' },
versionId: { type: 'string', description: 'Version ID of the updated secret' },
},
}