MCPcopy Create free account
hub / github.com/Noumena-Network/code / runAwsAuthRefresh

Function runAwsAuthRefresh

src/utils/auth.ts:686–718  ·  view source on GitHub ↗

* Run awsAuthRefresh to perform interactive authentication (e.g., aws sso login) * Streams output in real-time for user visibility

()

Source from the content-addressed store, hash-verified

684 * Streams output in real-time for user visibility
685 */
686async function runAwsAuthRefresh(): Promise<boolean> {
687 const awsAuthRefresh = getConfiguredAwsAuthRefresh()
688
689 if (!awsAuthRefresh) {
690 return false // Not configured, treat as success
691 }
692
693 // SECURITY: Check if awsAuthRefresh is from project settings
694 if (isAwsAuthRefreshFromProjectSettings()) {
695 // Check if trust has been established for this project
696 const hasTrust = checkHasTrustDialogAccepted()
697 if (!hasTrust && !getIsNonInteractiveSession()) {
698 const error = new Error(
699 `Security: awsAuthRefresh executed before workspace trust is confirmed. If you see this message, post in ${MACRO.FEEDBACK_CHANNEL}.`,
700 )
701 logAntError('awsAuthRefresh invoked before trust check', error)
702 logEvent('ncode_awsAuthRefresh_missing_trust', {})
703 return false
704 }
705 }
706
707 try {
708 logForDebugging('Fetching AWS caller identity for AWS auth refresh command')
709 await checkStsCallerIdentity()
710 logForDebugging(
711 'Fetched AWS caller identity, skipping AWS auth refresh command',
712 )
713 return false
714 } catch {
715 // only actually do the refresh if caller-identity calls
716 return refreshAwsAuth(awsAuthRefresh)
717 }
718}
719
720// Timeout for AWS auth refresh command (3 minutes).
721// Long enough for browser-based SSO flows, short enough to prevent indefinite hangs.

Callers 1

auth.tsFile · 0.85

Calls 9

logAntErrorFunction · 0.85
checkStsCallerIdentityFunction · 0.85
refreshAwsAuthFunction · 0.85
logForDebuggingFunction · 0.70
logEventFunction · 0.50

Tested by

no test coverage detected