round 2 (refactor)

Author: HarshCasper

jest.config.js

@@ -0,0 +1,5 @@
+module.exports = {
+  preset: "ts-jest",
+  testEnvironment: "node",
+  testMatch: ["**/?(*.)+(spec|test).[jt]s?(x)"],
+};

package.json

@@ -9,16 +9,20 @@
     "build": "xmcp build",
     "dev": "xmcp dev",
     "start": "node dist/stdio.js",
-    "format": "prettier --write ."
+    "format": "prettier --write .",
+    "test": "jest"
   },
   "dependencies": {
     "xmcp": "^0.1.7",
     "zod": "3.24.4"
   },
   "devDependencies": {
+    "@types/jest": "^30.0.0",
     "eslint-config-prettier": "^10.1.8",
+    "jest": "^30.1.3",
     "prettier": "^3.6.2",
-    "swc-loader": "^0.2.6"
+    "swc-loader": "^0.2.6",
+    "ts-jest": "^29.4.1"
   },
   "main": "./dist/stdio.js",
   "files": [

src/core/command-runner.ts

@@ -11,15 +11,9 @@ export interface CommandResult {
 export interface CommandOptions extends SpawnOptions {
   timeout?: number;
   maxBuffer?: number;
+  onData?: (chunk: string, type: "stdout" | "stderr") => void;
 }
 
-/**
- * Executes a command securely using spawn.
- * @param command The command to execute (e.g., 'tflocal').
- * @param args An array of string arguments.
- * @param options Spawn options including cwd, env, timeout, etc.
- * @returns A promise that resolves with the command result.
- */
 export function runCommand(
   command: string,
   args: string[],
@@ -29,45 +23,75 @@ export function runCommand(
     const {
       timeout = DEFAULT_COMMAND_TIMEOUT,
       maxBuffer = DEFAULT_COMMAND_MAX_BUFFER,
+      onData,
       ...spawnOptions
     } = options;
 
-    const child = spawn(command, args, {
-      ...spawnOptions,
-      timeout,
-    });
+    const child = spawn(command, args, { ...spawnOptions });
 
     let stdout = "";
     let stderr = "";
+    let outBytes = 0;
+    let errBytes = 0;
+    let timedOut = false;
+    let bufferExceeded = false;
+    let error: Error | undefined;
 
-    child.stdout?.on("data", (data) => {
-      stdout += data.toString();
-    });
+    const killProcess = (reason: string) => {
+      if (child.killed) return;
+      error = new Error(reason);
+      child.kill(spawnOptions.killSignal ?? "SIGTERM");
+      setTimeout(() => {
+        if (!child.killed) child.kill("SIGKILL");
+      }, 2000);
+    };
 
-    child.stderr?.on("data", (data) => {
-      stderr += data.toString();
-    });
+    const timer = setTimeout(() => {
+      timedOut = true;
+      killProcess(`Command timed out after ${timeout}ms`);
+    }, timeout);
+
+    const onChunk = (isStdout: boolean) => (chunk: Buffer) => {
+      if (timedOut || bufferExceeded) return;
+      const len = chunk.length;
+      if (isStdout) {
+        outBytes += len;
+        const data = chunk.toString();
+        stdout += data;
+        if (onData) onData(data, "stdout");
+        if (outBytes > maxBuffer) {
+          bufferExceeded = true;
+          killProcess(`stdout exceeded maxBuffer size of ${maxBuffer} bytes`);
+        }
+      } else {
+        errBytes += len;
+        const data = chunk.toString();
+        stderr += data;
+        if (onData) onData(data, "stderr");
+        if (errBytes > maxBuffer) {
+          bufferExceeded = true;
+          killProcess(`stderr exceeded maxBuffer size of ${maxBuffer} bytes`);
+        }
+      }
+    };
+
+    child.stdout?.on("data", onChunk(true));
+    child.stderr?.on("data", onChunk(false));
 
-    child.on("error", (error) => {
-      resolve({ stdout, stderr, error, exitCode: child.exitCode });
+    child.on("error", (err) => {
+      error = err;
     });
 
     child.on("close", (code) => {
-      let error: Error | undefined;
-      if (code !== 0) {
+      clearTimeout(timer);
+      if (!timedOut && !bufferExceeded && code !== 0 && !error) {
         error = new Error(`Command failed with exit code ${code}: ${stderr.trim()}`);
       }
       resolve({ stdout, stderr, error, exitCode: code });
     });
   });
 }
 
-/**
- * Strip ANSI escape codes from command output for clean display.
- * This is the exact same function from the original deployment-utils.ts, now centralized.
- * @param text The text containing ANSI escape codes.
- * @returns Cleaned text without ANSI codes.
- */
 export function stripAnsiCodes(text: string): string {
   return text.replace(/\x1b\[[0-9;]*[a-zA-Z]/g, "");
 }

src/core/config.ts

@@ -8,3 +8,4 @@ export const DEFAULT_FETCH_TIMEOUT = 15000;
 // Default timeouts and buffer sizes for command execution
 export const DEFAULT_COMMAND_TIMEOUT = 300000; // 5 minutes
 export const DEFAULT_COMMAND_MAX_BUFFER = 1024 * 1024 * 10; // 10 MB
+export const IAM_CONFIG_ENDPOINT = "/_aws/iam/config";

src/core/preflight.ts

@@ -0,0 +1,24 @@
+import { ensureLocalStackCli } from "../lib/localstack/localstack.utils";
+import { checkProFeature, ProFeature } from "../lib/localstack/license-checker";
+import { ResponseBuilder } from "./response-builder";
+
+type ToolResponse = ReturnType<typeof ResponseBuilder.error>;
+
+export const requireLocalStackCli = async (): Promise<ToolResponse | null> => {
+  const cliCheck = await ensureLocalStackCli();
+  return cliCheck ? (cliCheck as ToolResponse) : null;
+};
+
+export const requireProFeature = async (feature: ProFeature): Promise<ToolResponse | null> => {
+  const licenseCheck = await checkProFeature(feature);
+  return !licenseCheck.isSupported
+    ? ResponseBuilder.error("Feature Not Available", licenseCheck.errorMessage)
+    : null;
+};
+
+export const runPreflights = async (
+  checks: Array<Promise<ToolResponse | null>>
+): Promise<ToolResponse | null> => {
+  const results = await Promise.all(checks);
+  return results.find((r) => r !== null) || null;
+};

src/lib/deployment/deployment-reporter.ts

@@ -0,0 +1,31 @@
+import { DeploymentEvent } from "./deployment-utils";
+
+export function formatDeploymentReport(baseTitle: string, events: DeploymentEvent[]): string {
+  let report = `# ${baseTitle}\n\n`;
+
+  for (const event of events) {
+    switch (event.type) {
+      case "header":
+        report += `## ${event.title}\n\n`;
+        break;
+      case "command":
+        report += `**Executing:** \`${event.content}\`\n\n`;
+        break;
+      case "output":
+        if (event.content.trim()) {
+          report += `\`\`\`\n${event.content.trim()}\n\`\`\`\n\n`;
+        }
+        break;
+      case "warning":
+        report += `**⚠️ Message:**\n\`\`\`\n${event.content.trim()}\n\`\`\`\n\n`;
+        break;
+      case "error":
+        report += `❌ **${event.title || "Error"}**\n\n\`\`\`\n${event.content.trim()}\n\`\`\`\n`;
+        break;
+      case "success":
+        report += `✅ **${event.content}**\n`;
+        break;
+    }
+  }
+  return report;
+}

src/lib/deployment/deployment-utils.test.ts

@@ -0,0 +1,38 @@
+import { parseCdkOutputs, parseTerraformOutputs, validateVariables } from "./deployment-utils";
+
+describe("deployment-utils", () => {
+  describe("validateVariables", () => {
+    it("should allow valid variables", () => {
+      const errors = validateVariables({ key: "value", ANOTHER_KEY: "some-value-123" });
+      expect(errors).toHaveLength(0);
+    });
+    it("should reject variables with shell metacharacters", () => {
+      const errors = validateVariables({ key: "value; ls -la" });
+      expect(errors.length).toBeGreaterThan(0);
+      expect(errors[0]).toContain("contains forbidden character: ;");
+    });
+  });
+
+  describe("parseCdkOutputs", () => {
+    it("should correctly parse CDK deploy output", () => {
+      const stdout = `
+        Stack ARN:
+        arn:aws:cloudformation:us-east-1:000000000000:stack/MyStack/abc-def
+
+        Outputs:
+        MyStack.MyBucketName = my-cdk-bucket
+        MyStack.MyLambdaArn = arn:aws:lambda:us-east-1:000:function:MyLambda
+      `;
+      const result = parseCdkOutputs(stdout);
+      expect(result).toContain("| **MyStack.MyBucketName** | `my-cdk-bucket` |");
+    });
+  });
+
+  describe("parseTerraformOutputs", () => {
+    it("should handle empty outputs gracefully", () => {
+      const json = JSON.stringify({});
+      const result = parseTerraformOutputs(json);
+      expect(result).toContain("No outputs defined");
+    });
+  });
+});

src/lib/deployment/deployment-utils.ts

@@ -222,3 +222,11 @@ export function parseCdkOutputs(stdout: string): string {
     return `Error parsing CDK outputs: ${error instanceof Error ? error.message : String(error)}`;
   }
 }
+
+export type DeploymentEventType = "header" | "command" | "output" | "error" | "success" | "warning";
+
+export interface DeploymentEvent {
+  type: DeploymentEventType;
+  title?: string;
+  content: string;
+}

src/lib/iam/iam-policy.logic.test.ts

@@ -0,0 +1,55 @@
+import { generateIamPolicy, deduplicatePermissions } from "./iam-policy.logic";
+import type { LogEntry } from "../logs/log-retriever";
+
+describe("iam-policy.logic", () => {
+  describe("generateIamPolicy", () => {
+    it("should generate a valid identity-based policy without a Principal key", () => {
+      const denials: LogEntry[] = [
+        {
+          iamPrincipal: "lambda.amazonaws.com",
+          iamAction: "s3:GetObject",
+          iamResource: "arn:aws:s3:::my-bucket/*",
+          message: "",
+          fullLine: "",
+          isApiCall: false,
+          isError: false,
+          isWarning: false,
+        },
+        {
+          iamPrincipal: "lambda.amazonaws.com",
+          iamAction: "s3:PutObject",
+          iamResource: "arn:aws:s3:::my-bucket/*",
+          message: "",
+          fullLine: "",
+          isApiCall: false,
+          isError: false,
+          isWarning: false,
+        },
+        {
+          iamPrincipal: "ecs-tasks.amazonaws.com",
+          iamAction: "sqs:SendMessage",
+          iamResource: "arn:aws:sqs:us-east-1:000:my-queue",
+          message: "",
+          fullLine: "",
+          isApiCall: false,
+          isError: false,
+          isWarning: false,
+        },
+      ] as any;
+
+      const permissions = deduplicatePermissions(denials);
+      const policy = generateIamPolicy(permissions);
+
+      expect(policy.Version).toBe("2012-10-17");
+      expect(policy.Statement.length).toBe(2);
+      for (const s of policy.Statement) {
+        expect((s as any).Principal).toBeUndefined();
+      }
+
+      const s3Statement = policy.Statement.find((s: any) =>
+        String(s.Resource).includes("s3")
+      ) as any;
+      expect(s3Statement.Action).toEqual(["s3:GetObject", "s3:PutObject"]);
+    });
+  });
+});