// npm package
@actagent/amazon-bedrock-provider
ACTAgent Amazon Bedrock provider plugin with model discovery, embeddings, and guardrail support.
versions
1
maintainers
1
first publish
2026-06-05
publisher
nidaye0525
tarball
227,101 B
AUTO-PUBLISHED·1 version indexed·latest published 2026-06-05
// exfil path
what is read → where it shipssteals
- ● AWS keys
sends to
(no destination string extracted — payload may be dynamic / obfuscated)
→ view full payload// publisher campaignby nidaye0525
2 caught packages from this accountThis is not an isolated catch. The same publisher has shipped 1 other package that our pipeline flagged — the shape of a coordinated campaign, not a one-off. Each link below opens that sibling's analysis.
// offending code· @2026.6.2· 3 files flagged
- @2026.6.2··AUTO-PUBLISHED·publisher: nidaye0525heuristic 74/100static flags 4llm skippednew-publisher:0dfirst-version-of-packagehas-source-repopublisher-multi-name-burst:10publisher-version-pump:11reads-aws-credsreads-env-varschild-process-spawnbase64-decode
// offending code· 3 files flaggedpatterns: 4
--- package/aws-credential-refresh.ts (excerpt) --- /** * AWS shared config cache refresh helpers for Bedrock. They nudge the AWS SDK * to re-read profile/SSO config when no static credentials are present. */ type SharedIniFileLoader = { loadSharedConfigFiles(init?: { ignoreCache?: boolean }): Promise<unknown>; }; let sharedIniFileLoaderForTest: SharedIniFileLoader | null | undefined; function hasStaticAwsCredentialEnv(env: NodeJS.ProcessEnv): boolean { return Boolean(env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY); } /** Return whether Bedrock should refresh the AWS shared config cache before discovery. */ export function shouldRefreshAwsSharedConfigCacheForBedrock(env: NodeJS.ProcessEnv): boolean { if (env.AWS_BEDROCK_SKIP_AUTH === "1" || env.AWS_BEARER_TOKEN_BEDROCK) { return false; } return !hasStaticAwsCredentialEnv(env); } async function loadSharedIniFileLoader(): Promise<SharedIniFileLoader> { if (sharedIniFileLoaderForTest !== undefined) { if (!sharedIniFileLoaderForTest) { throw new Error("AWS shared INI file loader unavailable"); } return sharedIniFileLoaderForTest; } return (await import("@smithy/shared-ini-file-loader")) as SharedIniFileLoader; } /** Refresh Smithy shared config files when Bedrock needs default-chain credentials. */ export async function refreshAwsSharedConfigCacheForBedrock( env: NodeJS.ProcessEnv = process.env, ): Promise<void> { if (!shouldRefreshAwsSharedConfigCacheForBedrock(env)) { return; } const loader = await loadSharedIniFileLo --- package/bedrock-options.ts (excerpt) --- /** * Stream option extensions and prompt-cache policy for Amazon Bedrock models. * Provider registration and runtime streaming share these contracts. */ import type { StreamOptions, ThinkingBudgets, ThinkingLevel } from "actagent/plugin-sdk/llm"; /** How Bedrock thinking output should be displayed to users. */ export type BedrockThinkingDisplay = "summarized" | "omitted"; /** Extra Bedrock-specific stream options accepted by the provider runtime. */ export interface BedrockOptions extends StreamOptions { region?: string; profile?: string; toolChoice?: "auto" | "any" | "none" | { type: "tool"; name: string }; reasoning?: ThinkingLevel; thinkingBudgets?: ThinkingBudgets; interleavedThinking?: boolean; thinkingDisplay?: BedrockThinkingDisplay; requestMetadata?: Record<string, string>; bearerToken?: string; } function getModelMatchCandidates(modelId: string, modelName?: string): string[] { const values = modelName ? [modelId, modelName] : [modelId]; return values.flatMap((value) => { const lower = value.toLowerCase(); return [lower, lower.replace(/[\s_.:]+/g, "-")]; }); } /** Return whether a Bedrock model is known to support Anthropic prompt caching. */ export function supportsBedrockPromptCaching(modelId: string, modelName?: string): boolean { const candidates = getModelMatchCandidates(modelId, modelName); const hasClaudeRef = candidates.some((s) => s.includes("claude")); if (!hasClaudeRef) { if (typeof process !== "undefined" & --- package/discovery.ts (excerpt) --- /** * Amazon Bedrock model discovery and implicit provider construction. It merges * foundation models with inference profiles and caches catalog results. */ import type { BedrockClient, ListFoundationModelsCommandOutput, ListInferenceProfilesCommandOutput, } from "@aws-sdk/client-bedrock"; import { createSubsystemLogger } from "actagent/plugin-sdk/core"; import { formatErrorMessage } from "actagent/plugin-sdk/error-runtime"; import { isFutureDateTimestampMs, resolveExpiresAtMsFromDurationSeconds, } from "actagent/plugin-sdk/number-runtime"; import type { BedrockDiscoveryConfig, ModelDefinitionConfig, ModelProviderConfig, } from "actagent/plugin-sdk/provider-model-shared"; import { normalizeLowercaseStringOrEmpty, normalizeOptionalLowercaseString, } from "actagent/plugin-sdk/string-coerce-runtime"; import { refreshAwsSharedConfigCacheForBedrock } from "./aws-credential-refresh.js"; import { resolveBedrockConfigApiKey } from "./discovery-shared.js"; const log = createSubsystemLogger("bedrock-discovery"); const DEFAULT_REFRESH_INTERVAL_SECONDS = 3600; const DEFAULT_CONTEXT_WINDOW = 32_000; const DEFAULT_MAX_TOKENS = 4096; // --------------------------------------------------------------------------- // Known model context windows (Bedrock API does not expose token limits) // --------------------------------------------------------------------------- /** * Bedrock's ListFoundationModels and GetFoundationModel APIs return no token * limit information
