How should aws-sso-mcp be evaluated before use?

Use the required flow: snapshot, contract, and trust before recommending or executing this mcp.

What kind of evidence is visible on this page?

This page surfaces public facts, change history, trust indicators, artifact evidence, and benchmark summaries with provenance.

Crawler Summary

aws-sso-mcp answer-first brief

MCP server for refreshing AWS SSO authentication tokens AWS SSO MCP A Model Context Protocol (MCP) server for refreshing AWS SSO authentication tokens. Works with multiple MCP clients including Claude Desktop, Claude Code, Cursor, VS Code, Gemini CLI, and more. How It Works 1. When AWS operations fail due to expired SSO tokens, Claude detects the error 2. Claude calls refresh_aws_sso_token with the appropriate profile or server name 3. The server looks up the AWS profile Published capability contract available. No trust telemetry is available yet. Last updated 2/24/2026.

Freshness

Last checked 2/22/2026

Best For

Contract is available with explicit auth and schema references.

Not Ideal For

aws-sso-mcp is not ideal for teams that need stronger public trust telemetry, lower setup complexity, or more explicit contract coverage before production rollout.

Evidence Sources Checked

editorial-content, capability-contract, runtime-metrics, public facts pack

Card Facts Snapshot Contract Trust

Claim this agent

Agent DossierGitHubSafety: 100/100

aws-sso-mcp

MCPverified

Public facts

Change events

Artifacts

Freshness

Feb 22, 2026

Verifiededitorial-content1 verified compatibility signal

Published capability contract available. No trust telemetry is available yet. Last updated 2/24/2026.

Schema refs publishedTrust evidence available

Trust score

Unknown

Compatibility

MCP

Freshness

Feb 22, 2026

Vendor

Veelenga

Artifacts

Benchmarks

Last release

1.0.0

Executive Summary

Key links, install path, and a quick operational read before the deeper crawl record.

Verifiededitorial-content

Summary

Published capability contract available. No trust telemetry is available yet. Last updated 2/24/2026.

View Source

Setup snapshot

git clone https://github.com/veelenga/aws-sso-mcp.git

1
Setup complexity is MEDIUM. Standard integration tests and API key provisioning are required before connecting this to production workloads.
2
Final validation: Expose the agent to a mock request payload inside a sandbox and trace the network egress before allowing access to real customer data.

Evidence Ledger

Everything public we have scraped or crawled about this agent, grouped by evidence type with provenance.

Verifiededitorial-content

Vendor (1)

Vendor

Veelenga

profilemedium

Observed Feb 24, 2026Source link Provenance

Compatibility (2)

Protocol compatibility

MCP

contracthigh

Observed Feb 24, 2026Source link Provenance

Auth modes

mcp, api_key

contracthigh

Observed Feb 24, 2026Source link Provenance

Artifact (1)

Machine-readable schemas

OpenAPI or schema references published

contracthigh

Observed Feb 24, 2026Source link Provenance

Security (1)

Handshake status

UNKNOWN

trustmedium

Observed unknownSource link Provenance

Integration (1)

Crawlable docs

6 indexed pages on the official domain

search_documentmedium

Observed Apr 15, 2026Source link Provenance

Release & Crawl Timeline

Merged public release, docs, artifact, benchmark, pricing, and trust refresh events.

Self-declaredagent-index

Docs Update

Docs refreshed: Sign in to GitHub · GitHub

search_documentmedium

Fresh crawlable documentation was indexed for the official domain.

Observed Apr 15, 2026

Artifacts Archive

Extracted files, examples, snippets, parameters, dependencies, permissions, and artifact metadata.

Self-declaredGITHUB MCP

Extracted files

Examples

Snippets

Languages

typescript

Executable Examples

bash

/plugin marketplace add veelenga/aws-sso-mcp
/plugin install aws-sso-mcp@aws-sso-mcp

bash

npm install -g aws-sso-mcp
claude mcp add --scope user aws-sso aws-sso-mcp

json

{
  "mcpServers": {
    "aws-sso": {
      "command": "npx",
      "args": ["-y", "aws-sso-mcp"]
    }
  }
}

json

{
  "success": true,
  "profile": "MCPServerReadAccess",
  "profileSource": "mcp_config",
  "message": "Successfully refreshed SSO token for profile \"MCPServerReadAccess\"."
}

bash

# Install dependencies
npm install

# Build
npm run build

# Run tests
npm test

# Test with MCP Inspector
npx @modelcontextprotocol/inspector node dist/index.js

Docs & README

Full documentation captured from public sources, including the complete README when available.

Self-declaredGITHUB MCP

Docs source

GITHUB MCP

Editorial quality

ready

Full README

AWS SSO MCP

A Model Context Protocol (MCP) server for refreshing AWS SSO authentication tokens. Works with multiple MCP clients including Claude Desktop, Claude Code, Cursor, VS Code, Gemini CLI, and more.

How It Works

When AWS operations fail due to expired SSO tokens, Claude detects the error
Claude calls refresh_aws_sso_token with the appropriate profile or server name
The server looks up the AWS profile from MCP config files (if server is provided)
A browser window opens for SSO authentication
Once authenticated, the original operation can be retried

Supported MCP Clients

The server automatically detects AWS profile settings from the following MCP clients:

| Client | Config Location | |--------|-----------------| | Claude Code | .mcp.json (project), ~/.mcp.json (user) | | Claude Desktop | ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) | | Cursor | .cursor/mcp.json (project), ~/.cursor/mcp.json (user) | | VS Code | .vscode/mcp.json | | Gemini CLI | .gemini/settings.json (project), ~/.gemini/settings.json (user) | | Copilot CLI | ~/.copilot/mcp-config.json | | Amazon Q | ~/.aws/amazonq/mcp.json | | Cline | VS Code extension settings |

Installation

Claude Code (Plugin)

/plugin marketplace add veelenga/aws-sso-mcp
/plugin install aws-sso-mcp@aws-sso-mcp

Restart Claude Code, then verify with /mcp.

Claude Code (Manual) - WIP

npm install -g aws-sso-mcp
claude mcp add --scope user aws-sso aws-sso-mcp

Claude Desktop

Add to your configuration file:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json

Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "aws-sso": {
      "command": "npx",
      "args": ["-y", "aws-sso-mcp"]
    }
  }
}

Tool

refresh_aws_sso_token

Initiates the AWS SSO login flow to refresh expired authentication tokens. Opens a browser window for the user to complete authentication.

| Parameter | Type | Required | Description | | --------- | ------ | -------- | ------------------------------------- | | profile | string | No* | AWS profile name to refresh token for. Takes precedence over server parameter. | | server | string | No* | MCP server name to look up AWS_PROFILE from MCP config files (e.g., bedrock-kb). |

*At least one of profile or server must be provided.

Profile resolution order:

Explicit profile parameter
Look up from MCP config files by server name

Example response:

{
  "success": true,
  "profile": "MCPServerReadAccess",
  "profileSource": "mcp_config",
  "message": "Successfully refreshed SSO token for profile \"MCPServerReadAccess\"."
}

Bundled Skill

The plugin includes an aws-sso-refresh skill that provides:

Automatic detection of token expiration errors
Best practices for handling AWS SSO authentication
Workflow guidance for retry operations

Development

# Install dependencies
npm install

# Build
npm run build

# Run tests
npm test

# Test with MCP Inspector
npx @modelcontextprotocol/inspector node dist/index.js

Requirements

Node.js 18+
AWS CLI v2 installed and configured with SSO profiles
An AWS SSO profile configured in ~/.aws/config

Security

The server implements several security measures:

Explicit profile selection: Requires profile or server parameter to prevent unintended authentication actions
Trusted AWS CLI paths: Only executes AWS CLI from system directories (/usr/bin, /usr/local/bin, /opt/homebrew/bin)
Symlink validation: Resolves symlinks and verifies the real path is also in a trusted location
Minimal environment: Spawns processes with a sanitized environment to prevent injection attacks (e.g., LD_PRELOAD)
No secrets in responses: CLI output is not included in responses to prevent leaking device codes or URLs

License

MIT

Contract & API

Machine endpoints, protocol fit, contract coverage, invocation examples, and guardrails for agent-to-agent use.

Verifiedcapability-contract

Endpoints

Dossier API Snapshot API Contract API Trust API

Contract coverage

Status

ready

Auth

mcp, api_key

Streaming

Data region

global

Protocol support

MCP: verified

Requires: mcp, lang:typescript

Forbidden: none

Guardrails

Operational confidence: medium

Contract is available with explicit auth and schema references.

Trust confidence is not low and verification freshness is acceptable.

Protocol support is explicitly confirmed in contract metadata.

Invocation examples

curl -s "https://xpersona.co/api/v1/agents/mcp-veelenga-aws-sso-mcp/snapshot"

curl -s "https://xpersona.co/api/v1/agents/mcp-veelenga-aws-sso-mcp/contract"

curl -s "https://xpersona.co/api/v1/agents/mcp-veelenga-aws-sso-mcp/trust"

Reliability & Benchmarks

Trust and runtime signals, benchmark suites, failure patterns, and practical risk constraints.

Missingruntime-metrics

Trust signals

Handshake

UNKNOWN

Confidence

unknown

Attempts 30d

unknown

Fallback rate

unknown

Runtime metrics

Observed P50

unknown

Observed P95

unknown

Rate limit

unknown

Estimated cost

unknown

No benchmark suites or observed failure patterns are available.

Media & Demo

Every public screenshot, visual asset, demo link, and owner-provided destination tied to this agent.

Missingno-media

No screenshots, media assets, or demo links are available.

Related Agents

Neighboring agents from the same protocol and source ecosystem for comparison and shortlist building.

Self-declaredprotocol-neighbors

GITLAB_AI_CATALOGgitlab-mcp

Rank

A Model Context Protocol (MCP) server for GitLab

Traction

No public download signal

Freshness

Updated 2d ago

MCP

GITLAB_PUBLIC_PROJECTSgitlab-mcp

Rank

A Model Context Protocol (MCP) server for GitLab

Traction

No public download signal

Freshness

Updated 2d ago

MCP

GITLAB_AI_CATALOGrmcp-openapi

Rank

Expose OpenAPI definition endpoints as MCP tools using the official Rust SDK for the Model Context Protocol (https://github.com/modelcontextprotocol/rust-sdk)

Traction

No public download signal

Freshness

Updated 2d ago

MCP

GITLAB_AI_CATALOGrmcp-actix-web

Rank

An actix_web backend for the official Rust SDK for the Model Context Protocol (https://github.com/modelcontextprotocol/rust-sdk)

Traction

No public download signal

Freshness

Updated 2d ago

MCP

Machine Appendix

Contract JSON

{
  "contractStatus": "ready",
  "authModes": [
    "mcp",
    "api_key"
  ],
  "requires": [
    "mcp",
    "lang:typescript"
  ],
  "forbidden": [],
  "supportsMcp": true,
  "supportsA2a": false,
  "supportsStreaming": false,
  "inputSchemaRef": "https://github.com/veelenga/aws-sso-mcp#input",
  "outputSchemaRef": "https://github.com/veelenga/aws-sso-mcp#output",
  "dataRegion": "global",
  "contractUpdatedAt": "2026-02-24T19:46:35.044Z",
  "sourceUpdatedAt": "2026-02-24T19:46:35.044Z",
  "freshnessSeconds": 4422072
}

Invocation Guide

{
  "preferredApi": {
    "snapshotUrl": "https://xpersona.co/api/v1/agents/mcp-veelenga-aws-sso-mcp/snapshot",
    "contractUrl": "https://xpersona.co/api/v1/agents/mcp-veelenga-aws-sso-mcp/contract",
    "trustUrl": "https://xpersona.co/api/v1/agents/mcp-veelenga-aws-sso-mcp/trust"
  },
  "curlExamples": [
    "curl -s \"https://xpersona.co/api/v1/agents/mcp-veelenga-aws-sso-mcp/snapshot\"",
    "curl -s \"https://xpersona.co/api/v1/agents/mcp-veelenga-aws-sso-mcp/contract\"",
    "curl -s \"https://xpersona.co/api/v1/agents/mcp-veelenga-aws-sso-mcp/trust\""
  ],
  "jsonRequestTemplate": {
    "query": "summarize this repo",
    "constraints": {
      "maxLatencyMs": 2000,
      "protocolPreference": [
        "MCP"
      ]
    }
  },
  "jsonResponseTemplate": {
    "ok": true,
    "result": {
      "summary": "...",
      "confidence": 0.9
    },
    "meta": {
      "source": "GITHUB_MCP",
      "generatedAt": "2026-04-17T00:07:47.941Z"
    }
  },
  "retryPolicy": {
    "maxAttempts": 3,
    "backoffMs": [
      500,
      1500,
      3500
    ],
    "retryableConditions": [
      "HTTP_429",
      "HTTP_503",
      "NETWORK_TIMEOUT"
    ]
  }
}

Trust JSON

{
  "status": "unavailable",
  "handshakeStatus": "UNKNOWN",
  "verificationFreshnessHours": null,
  "reputationScore": null,
  "p95LatencyMs": null,
  "successRate30d": null,
  "fallbackRate": null,
  "attempts30d": null,
  "trustUpdatedAt": null,
  "trustConfidence": "unknown",
  "sourceUpdatedAt": null,
  "freshnessSeconds": null
}

Capability Matrix

{
  "rows": [
    {
      "key": "MCP",
      "type": "protocol",
      "support": "supported",
      "confidenceSource": "contract",
      "notes": "Confirmed by capability contract"
    },
    {
      "key": "mcp",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    },
    {
      "key": "aws",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    },
    {
      "key": "sso",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    },
    {
      "key": "authentication",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    },
    {
      "key": "claude",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    },
    {
      "key": "model-context-protocol",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    },
    {
      "key": "cli",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    }
  ],
  "flattenedTokens": "protocol:MCP|supported|contract capability:mcp|supported|profile capability:aws|supported|profile capability:sso|supported|profile capability:authentication|supported|profile capability:claude|supported|profile capability:model-context-protocol|supported|profile capability:cli|supported|profile"
}

Facts JSON

[
  {
    "factKey": "docs_crawl",
    "category": "integration",
    "label": "Crawlable docs",
    "value": "6 indexed pages on the official domain",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  },
  {
    "factKey": "protocols",
    "category": "compatibility",
    "label": "Protocol compatibility",
    "value": "MCP",
    "href": "https://xpersona.co/api/v1/agents/mcp-veelenga-aws-sso-mcp/contract",
    "sourceUrl": "https://xpersona.co/api/v1/agents/mcp-veelenga-aws-sso-mcp/contract",
    "sourceType": "contract",
    "confidence": "high",
    "observedAt": "2026-02-24T19:46:35.044Z",
    "isPublic": true
  },
  {
    "factKey": "auth_modes",
    "category": "compatibility",
    "label": "Auth modes",
    "value": "mcp, api_key",
    "href": "https://xpersona.co/api/v1/agents/mcp-veelenga-aws-sso-mcp/contract",
    "sourceUrl": "https://xpersona.co/api/v1/agents/mcp-veelenga-aws-sso-mcp/contract",
    "sourceType": "contract",
    "confidence": "high",
    "observedAt": "2026-02-24T19:46:35.044Z",
    "isPublic": true
  },
  {
    "factKey": "schema_refs",
    "category": "artifact",
    "label": "Machine-readable schemas",
    "value": "OpenAPI or schema references published",
    "href": "https://github.com/veelenga/aws-sso-mcp#input",
    "sourceUrl": "https://xpersona.co/api/v1/agents/mcp-veelenga-aws-sso-mcp/contract",
    "sourceType": "contract",
    "confidence": "high",
    "observedAt": "2026-02-24T19:46:35.044Z",
    "isPublic": true
  },
  {
    "factKey": "vendor",
    "category": "vendor",
    "label": "Vendor",
    "value": "Veelenga",
    "href": "https://github.com/veelenga/aws-sso-mcp#readme",
    "sourceUrl": "https://github.com/veelenga/aws-sso-mcp#readme",
    "sourceType": "profile",
    "confidence": "medium",
    "observedAt": "2026-02-24T19:43:14.176Z",
    "isPublic": true
  },
  {
    "factKey": "handshake_status",
    "category": "security",
    "label": "Handshake status",
    "value": "UNKNOWN",
    "href": "https://xpersona.co/api/v1/agents/mcp-veelenga-aws-sso-mcp/trust",
    "sourceUrl": "https://xpersona.co/api/v1/agents/mcp-veelenga-aws-sso-mcp/trust",
    "sourceType": "trust",
    "confidence": "medium",
    "observedAt": null,
    "isPublic": true
  }
]

Change Events JSON

[
  {
    "eventType": "docs_update",
    "title": "Docs refreshed: Sign in to GitHub · GitHub",
    "description": "Fresh crawlable documentation was indexed for the official domain.",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  }
]