Prevent future PyPI releases for servers whose deprecation warnings
have already been published:
- syntheticdata-mcp-server
- frontend-mcp-server
- git-repo-research-mcp-server
- nova-canvas-mcp-server
- aws-bedrock-data-automation-mcp-server
- core-mcp-server

…EASE sentinel (#2810)

- Add DEPRECATION_NOTICE constant with migration guidance
- Emit FutureWarning on server startup in main()
- Change DeprecationWarning → FutureWarning in all tool handlers
- Add deprecation notice to FastMCP instructions
- Add DO_NOT_RELEASE sentinel to prevent future PyPI publishing

See #2004

…ression cluster) (#2801)

* UFC support: postgres mcp kiro integration

* E2E test case

* Fix code coverage, error handling, and pool init failure path causing connection to be inserted into connection map anyway

* fix error messages

* add docstring

* fix test failures

* fix error message

* fix precommit error

* fix precommit

* fix ruff check

* fix ruff format error

* update the POWER to reflect on express create

* improve POWER.md based on testing

* Update src/postgres-mcp-server/pyproject.toml

Co-authored-by: Copilot <[email protected]>

* Update src/postgres-mcp-server/tests/test_server_internal_functions.py

Co-authored-by: Copilot <[email protected]>

* Update src/postgres-mcp-server/kiro_power/steering/aurora-postgres-mcp.md

Co-authored-by: Copilot <[email protected]>

* Update src/postgres-mcp-server/tests/e2e_integration_test.py

Co-authored-by: Copilot <[email protected]>

* address copilot PR comments

* fix precommit errors

---------

Co-authored-by: Alain Krok <[email protected]>
Co-authored-by: Copilot <[email protected]>

* remove case sensitivity so this test can run on Mac OS APFS

* feat(aws-healthomics-mcp-server): add VPC configuration management tools

- Add configuration management tools module with create, get, list, and delete operations
- Add networking mode constants (RESTRICTED, VPC) and configuration status enums
- Add configuration validation constraints (name length, reserved names)
- Add comprehensive error messages for configuration and networking operations
- Register four new MCP tools: CreateAHOConfiguration, GetAHOConfiguration, ListAHOConfigurations, DeleteAHOConfiguration
- Add configuration tools to server documentation
- Add comprehensive test coverage for configuration properties and workflow execution with VPC connectivity
- Add documentation for configuration API and VPC connectivity workflows
- Update dependencies in pyproject.toml and uv.lock

* chore: clean up, update README and CHANGELOG, refine tool descriptions

Signed-off-by: awslabs-mcp <[email protected]>

…ry rules and configuration support (#2741)

* feat(observability-admin): Add Observability Admin tools with telemetry rules and org-level APIs

Add new observability_admin module to the CloudWatch MCP server with 10
read/list tools for AWS Observability Admin service:

Account-level tools:
- get_telemetry_evaluation_status
- start_telemetry_evaluation
- list_resource_telemetry
- list_telemetry_rules
- get_telemetry_rule

Organization-level tools:
- get_telemetry_evaluation_status_for_organization
- start_telemetry_evaluation_for_organization
- list_resource_telemetry_for_organization
- list_telemetry_rules_for_organization
- get_telemetry_rule_for_organization

These tools enable observability gap analysis workflows by auditing
telemetry configurations across AWS resources and organizations.

Includes comprehensive unit tests (49 tests) covering all models and
tool functions.

* fix(observability-admin): Address review feedback

- Add stop_telemetry_evaluation and stop_telemetry_evaluation_for_organization
- Add user confirmation guidance for mutating start/stop operations
- Document that telemetry evaluation is free with no additional charges
- Add onboarding timing info to docstrings
- Add doc links to telemetry config documentation
- Update tests to cover new stop methods (53 tests total)

* fix(observability-admin): Fix pre-commit lint errors

- Add docstrings to all test methods (D102)
- Remove unused import ListTelemetryRulesResponse (F401)

* fix(observability-admin): Fix ruff format and pyright type errors

- Apply ruff format to models.py, tools.py, test_oa_tools.py
- Add None checks before accessing Optional fields in test_oa_models.py
- All 371 tests pass, ruff check/format clean, pyright 0 errors

…/custom endpoints (#2627)

* feat(neptune): add endpoint_url support to NeptuneAnalytics

Add optional endpoint_url parameter to NeptuneAnalytics to support
connecting to local Neptune Analytics containers and custom endpoints,
matching the existing pattern in NeptuneDatabase.

The NeptuneDatabase class already supports custom endpoints via
host/port/use_https parameters. This change brings parity to
NeptuneAnalytics, enabling local development workflows with NA
standalone containers.

Changes:
- analytics.py: Add endpoint_url parameter, pass to boto3 client
- neptune.py: Thread endpoint_url through NeptuneServer to NeptuneAnalytics
- server.py: Read NEPTUNE_ANALYTICS_ENDPOINT_URL env var

No behavioral change when endpoint_url is not set. The endpoint_url
parameter is standard boto3 and does not bypass SigV4 authentication.

* docs(neptune): remove local container references from endpoint_url docs

Reword the endpoint_url parameter docstring to focus on the general
use case (VPC endpoints, non-standard configurations) rather than
specifically mentioning local containers.

* refactor(neptune): parse endpoint URI instead of separate env var

Address reviewer feedback from cornerwings and phanindhra876:

1. Remove NEPTUNE_ANALYTICS_ENDPOINT_URL env var — endpoint info is now
   parsed from the neptune-graph:// URI itself.

2. Support three URI forms:
   - neptune-graph://g-1234567890 (graph ID only, default endpoint)
   - neptune-graph://g-1234567890.us-east-1.neptune-graph.amazonaws.com
     (graph ID + endpoint extracted by splitting on first dot)
   - neptune-graph://localhost:9100/g-1234567890
     (local container with graph ID as path)

3. Disable inject_host_prefix when custom endpoint_url is set, so boto3
   doesn't prepend the graph ID to the hostname (breaks localhost).

4. Add unit tests for all three URI forms.

All 71 tests passing.

* docs: add test plan for PR #2627 endpoint_url changes

* refactor(neptune): simplify URI parsing per review feedback

Address cornerwings review comments:

1. Remove test-plan-pr2627.md from repo
2. Simplify neptune-graph:// URI parsing to two cases:
   - Bare graph ID (g-xxx) → use with default service endpoint
   - Anything else → treat as custom endpoint with placeholder graph ID
3. Drop intermediate full-endpoint form (no current use case)
4. Consolidate two tests into one custom endpoint test

70 tests passing.

* refactor(neptune): use Config(inject_host_prefix=False) instead of event unregister

Address cornerwings feedback: set inject_host_prefix=False via botocore
Config merge rather than post-hoc event handler unregistration.

70 tests passing, integration test against local container verified.

* chore: add @thompsonbry to neptune CODEOWNERS

* fix: resolve ruff lint errors — import sort, unused import, docstring punctuation

* test: add coverage for NeptuneAnalytics endpoint_url parameter

* style: apply ruff format to analytics.py and neptune.py

---------

Co-authored-by: bryant <[email protected]>

* feat(eks): add kubeconfig/OIDC authentication support

Add an alternative authentication mode for the EKS MCP server that uses
kubeconfig-based credentials (OIDC, certificates, exec plugins) instead
of requiring AWS IAM credentials. This enables users who only have
Kubernetes access (e.g., namespace-scoped OIDC auth) to use the server
without AWS IAM credentials.

- Add EKS_AUTH_MODE env var (iam|kubeconfig) and --auth-mode CLI arg
- Add K8sApis.from_api_client() classmethod for pre-configured clients
- Add kubeconfig auth path in K8sClientCache using kubernetes config loader
- Update cluster_name field descriptions for dual interpretation
- Add comprehensive tests (17 new tests, 270 total passing)
- Document kubeconfig/OIDC setup in README

* fix: comments

* fix(eks): skip AWS-dependent handlers in kubeconfig auth mode

When auth_mode is 'kubeconfig', AWS credentials are not available.
Skip registration of CloudWatch, EksStack, IAM, CloudWatchMetrics,
VpcConfig, and Insights handlers to avoid credential errors.

* docs(eks): clarify AWS-specific tools are not registered in kubeconfig mode

Update README to note that AWS-dependent tools (CloudWatch, IAM,
VPC config, EKS insights, CloudFormation stacks) are not registered
when EKS_AUTH_MODE=kubeconfig, and list the affected tools explicitly.

* fix(eks): move EKSKnowledgeBaseHandler into IAM-only block

EKSKnowledgeBaseHandler requires AWS SigV4 auth and is useless
in kubeconfig mode. Move it into the IAM-only handler block and
update README to list it as unavailable in kubeconfig mode.

* style(eks): apply ruff formatting fixes

* test(eks): add coverage for --auth-mode CLI override and kubeconfig log message

* refactor(eks): resolve cluster names to kubeconfig contexts automatically

Revert cluster_name descriptions to use EKS cluster names instead of context names. Add _resolve_kubeconfig_context() that resolves cluster names by exact context match or by matching the cluster field suffix. Update README, server instructions to reflect automatic resolution. Add tests.

* fix(eks): append kubeconfig addendum to server instructions when in kubeconfig mode

* fix(eks): add type annotations to fix pyright errors in k8s_client_cache and test_server

* chore: remove deprecated servers from issue templates

Remove 15 deprecated servers from bug report dropdown and support
template checkboxes, and add all current active servers (59 total).

Deprecated servers removed: terraform, diagram, cfn, cdk,
cost-explorer, syntheticdata, frontend, git-repo-research,
nova-canvas, bedrock-data-automation, core, cloudwatch-appsignals,
code-doc-gen, aws-msk.

New servers added: agentcore, keyspaces, qbusiness, qindex,
rekognition, dsql, appsync, bedrock-custom-model-import,
dataprocessing, healthomics, iac, iot-sitewise, knowledge,
network, serverless, support, billing-cost-management, cloudtrail,
cloudwatch-applicationsignals, cloudwatch-logs, cloudwatch,
cost-analysis, document-loader, ecs, eks, elasticache, finch,
healthimaging, healthlake, iam, lambda-tool, openapi, prometheus,
redshift, s3-tables, sagemaker-ai, sagemaker-spark-upgrade,
sagemaker-spark-troubleshooting, stepfunctions-tool,
timestream-for-influxdb, well-architected-security.

* fix: remove phantom servers from issue templates

Remove 4 servers that have src/ directories but no pyproject.toml
(not real packages): amazon-rekognition-mcp-server,
cloudwatch-logs-mcp-server, cost-analysis-mcp-server,
lambda-mcp-server.

Signed-off-by: awslabs-mcp <[email protected]>

Signed-off-by: awslabs-mcp <[email protected]>