cobbdan · cobbdan · Jul 25, 2025 · Aug 6, 2025 · Aug 8, 2025 · Sep 29, 2025
diff --git a/packages/core/src/awsService/eventBridgeScheduler/commands/createSchedule.ts b/packages/core/src/awsService/eventBridgeScheduler/commands/createSchedule.ts
@@ -0,0 +1,168 @@
+/*!
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import * as vscode from 'vscode'
+import { getLogger } from '../../../shared/logger/logger'
+import { EventBridgeSchedulerService, ScheduleConfig } from '../eventBridgeSchedulerService'
+import { showQuickPick, showInputBox } from '../../../shared/ui/pickerPrompter'
+import { createQuickStartUrl } from '../../../shared/utilities/workspaceUtils'
+
+/**
+ * Command to create a new EventBridge Scheduler schedule
+ * 
+ * This command guides users through creating schedules for automated task execution.
+ * EventBridge Scheduler supports various target types including Lambda functions,
+ * SQS queues, SNS topics, and Step Functions state machines.
+ * 
+ * Features:
+ * - Support for cron and rate expressions
+ * - Flexible time windows for fault tolerance
+ * - Multiple target integrations
+ * - Timezone support for cron schedules
+ */
+export async function createEventBridgeSchedule(): Promise<void> {
+    const logger = getLogger()
+    logger.info('Starting EventBridge Scheduler create schedule workflow')
+
+    try {
+        const schedulerService = new EventBridgeSchedulerService()
+
+        // Get schedule name
+        const scheduleName = await showInputBox({
+            title: 'Schedule Name',
+            placeholder: 'my-daily-backup-schedule',
+            validateInput: (input) => {
+                if (!input || input.trim().length === 0) {
+                    return 'Schedule name is required'
+                }
+                if (input.length > 64) {
+                    return 'Schedule name must be 64 characters or fewer'
+                }
+                if (!/^[a-zA-Z0-9\-_]+$/.test(input)) {
+                    return 'Schedule name can only contain letters, numbers, hyphens, and underscores'
+                }
+                return undefined
+            }
+        })
+
+        if (!scheduleName) {
+            return
+        }
+
+        // Get schedule type
+        const scheduleType = await showQuickPick([
+            { label: 'Rate-based', detail: 'Run at regular intervals (every X minutes/hours/days)' },
+            { label: 'Cron-based', detail: 'Run based on cron expression (specific times/dates)' },
+            { label: 'One-time', detail: 'Run once at a specific date and time' }
+        ], {
+            title: 'Schedule Type',
+            ignoreFocusOut: true
+        })
+
+        if (!scheduleType) {
+            return
+        }
+
+        // Get schedule expression based on type
+        let scheduleExpression: string
+        switch (scheduleType.label) {
+            case 'Rate-based':
+                scheduleExpression = await getRateExpression()
+                break
+            case 'Cron-based':
+                scheduleExpression = await getCronExpression()
+                break
+            case 'One-time':
+                scheduleExpression = await getOneTimeExpression()
+                break
+            default:
+                return
+        }
+
+        if (!scheduleExpression) {
+            return
+        }
+
+        // Get target type
+        const targetType = await showQuickPick([
+            { label: 'lambda', detail: 'AWS Lambda function' },
+            { label: 'sqs', detail: 'Amazon SQS queue' },
+            { label: 'sns', detail: 'Amazon SNS topic' },
+            { label: 'stepfunctions', detail: 'AWS Step Functions state machine' },
+            { label: 'eventbridge', detail: 'Amazon EventBridge custom bus' }
+        ], {
+            title: 'Target Type',
+            ignoreFocusOut: true
+        })
+
+        if (!targetType) {
+            return
+        }
+
+        // For now, show a placeholder message
+        await vscode.window.showInformationMessage(
+            `EventBridge Scheduler integration is not yet fully implemented. ` +
+            `Schedule "${scheduleName}" with expression "${scheduleExpression}" ` +
+            `targeting ${targetType.label} would be created.`,
+            'View Documentation'
+        ).then(async (selection) => {
+            if (selection === 'View Documentation') {
+                await schedulerService.openScheduleTypesDocumentation()
+            }
+        })
+
+    } catch (error) {
+        logger.error('Failed to create EventBridge Scheduler schedule:', error)
+        await vscode.window.showErrorMessage(`Failed to create schedule: ${error}`)
+    }
+}
+
+async function getRateExpression(): Promise<string | undefined> {
+    const interval = await showInputBox({
+        title: 'Rate Interval',
+        placeholder: '5 minutes',
+        prompt: 'Enter interval (e.g., "5 minutes", "1 hour", "2 days")',
+        validateInput: (input) => {
+            if (!input || !/^\d+\s+(minute|minutes|hour|hours|day|days)$/.test(input.trim())) {
+                return 'Please enter a valid interval (e.g., "5 minutes", "1 hour", "2 days")'
+            }
+            return undefined
+        }
+    })
+
+    return interval ? `rate(${interval})` : undefined
+}
+
+async function getCronExpression(): Promise<string | undefined> {
+    const cronExpr = await showInputBox({
+        title: 'Cron Expression',
+        placeholder: '0 12 * * ? *',
+        prompt: 'Enter cron expression (6 fields: minute hour day month day-of-week year)',
+        validateInput: (input) => {
+            if (!input || input.trim().split(/\s+/).length !== 6) {
+                return 'Cron expression must have exactly 6 fields'
+            }
+            return undefined
+        }
+    })
+
+    return cronExpr ? `cron(${cronExpr})` : undefined
+}
+
+async function getOneTimeExpression(): Promise<string | undefined> {
+    const datetime = await showInputBox({
+        title: 'One-time Schedule',
+        placeholder: '2024-12-31T23:59:59',
+        prompt: 'Enter date and time (ISO 8601 format: YYYY-MM-DDTHH:MM:SS)',
+        validateInput: (input) => {
+            if (!input || !input.match(/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}$/)) {
+                return 'Please enter date in ISO 8601 format (YYYY-MM-DDTHH:MM:SS)'
+            }
+            return undefined
+        }
+    })
+
+    return datetime ? `at(${datetime})` : undefined
+}
diff --git a/packages/core/src/awsService/eventBridgeScheduler/eventBridgeSchedulerService.ts b/packages/core/src/awsService/eventBridgeScheduler/eventBridgeSchedulerService.ts
@@ -0,0 +1,110 @@
+/*!
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import * as vscode from 'vscode'
+import { getLogger } from '../../shared/logger/logger'
+import { 
+    eventBridgeSchedulerCreateScheduleUrl, 
+    eventBridgeSchedulerApiGatewayUrl,
+    eventBridgeSchedulerRolePermissionsUrl 
+} from '../../shared/constants'
+
+/**
+ * Service for managing Amazon EventBridge Scheduler schedules
+ * 
+ * EventBridge Scheduler allows you to create, run, and manage tasks at scale.
+ * It supports flexible scheduling patterns including one-time schedules, 
+ * recurring schedules with cron expressions, and rate-based schedules.
+ */
+export class EventBridgeSchedulerService {
+    private readonly logger = getLogger()
+
+    /**
+     * Creates a new schedule in EventBridge Scheduler
+     * 
+     * @param scheduleName - Name of the schedule to create
+     * @param scheduleExpression - Cron or rate expression for the schedule
+     * @param target - The target service to invoke (Lambda, SQS, SNS, etc.)
+     */
+    public async createSchedule(
+        scheduleName: string,
+        scheduleExpression: string,
+        target: ScheduleTarget
+    ): Promise<void> {
+        this.logger.info(`Creating EventBridge Scheduler schedule: ${scheduleName}`)
+
+        // Implementation would go here
+        // This would integrate with the AWS EventBridge Scheduler API
+
-     * @param scheduleName - Name of the schedule to create
-     * @param scheduleExpression - Cron or rate expression for the schedule
-     * @param target - The target service to invoke (Lambda, SQS, SNS, etc.)
-     */
-    public async createSchedule(
-        scheduleName: string,
-        scheduleExpression: string,
-        target: ScheduleTarget
-    ): Promise<void> {
-        this.logger.info(`Creating EventBridge Scheduler schedule: ${scheduleName}`)
-        
-        // Implementation would go here
-        // This would integrate with the AWS EventBridge Scheduler API
-        
+/**
+ * Creates a new schedule in EventBridge Scheduler
+ * 
+ * @param {string} scheduleName - Name of the schedule to create
+ * @param {string} scheduleExpression - Cron or rate expression for the schedule
+ * @param {ScheduleTarget} target - The target service to invoke
+ * @returns {Promise<void>}
+ * @throws {Error} If the schedule creation fails
+ */
+public async createSchedule(
+    scheduleName: string,
+    scheduleExpression: string,
+    target: ScheduleTarget
+): Promise<void> {
+    this.logger.info(`Creating EventBridge Scheduler schedule: ${scheduleName}`)
+    
+    try {
+        // Implementation would go here
+        // This would integrate with the AWS EventBridge Scheduler API
+        throw new Error('EventBridge Scheduler integration not yet implemented')
+    } catch (error) {
+        this.logger.error(`Failed to create schedule: ${error}`)
+        throw new Error(`Failed to create EventBridge Scheduler schedule: ${error}`)
+    }
+}
-     * @param scheduleName - Name of the schedule to create
-     * @param scheduleExpression - Cron or rate expression for the schedule
-     * @param target - The target service to invoke (Lambda, SQS, SNS, etc.)
-     */
-    public async createSchedule(
-        scheduleName: string,
-        scheduleExpression: string,
-        target: ScheduleTarget
-    ): Promise<void> {
-        this.logger.info(`Creating EventBridge Scheduler schedule: ${scheduleName}`)
-        
-        // Implementation would go here
-        // This would integrate with the AWS EventBridge Scheduler API
-        
+/**
+ * Creates a new schedule in EventBridge Scheduler
+ * 
+ * @param {string} scheduleName - Name of the schedule to create
+ * @param {string} scheduleExpression - Cron or rate expression for the schedule
+ * @param {ScheduleTarget} target - The target service to invoke
+ * @returns {Promise<void>}
+ * @throws {Error} If the schedule creation fails
+ */
+public async createSchedule(
+    scheduleName: string,
+    scheduleExpression: string,
+    target: ScheduleTarget
+): Promise<void> {
+    this.logger.info(`Creating EventBridge Scheduler schedule: ${scheduleName}`)
+    
+    try {
+        // Implementation would go here
+        // This would integrate with the AWS EventBridge Scheduler API
+        throw new Error('EventBridge Scheduler integration not yet implemented')
+    } catch (error) {
+        this.logger.error(`Failed to create schedule: ${error}`)
+        throw new Error(`Failed to create EventBridge Scheduler schedule: ${error}`)
+    }
+}
+        throw new Error('EventBridge Scheduler integration not yet implemented')
+    }
+
+    /**
+     * Opens documentation about EventBridge Scheduler schedule types
+     */
+    public async openScheduleTypesDocumentation(): Promise<void> {
+        await vscode.env.openExternal(vscode.Uri.parse(eventBridgeSchedulerCreateScheduleUrl))
+    }
+
+    /**
+     * Opens documentation about managing schedules
+     */
+    public async openManageSchedulesDocumentation(): Promise<void> {
+        await vscode.env.openExternal(vscode.Uri.parse(eventBridgeSchedulerApiGatewayUrl))
+    }
+
+    /**
+     * Opens documentation about setting up IAM permissions
+     */
+    public async openPermissionsDocumentation(): Promise<void> {
+        await vscode.env.openExternal(vscode.Uri.parse(eventBridgeSchedulerRolePermissionsUrl))
+    }
+}
+
+/**
+ * Represents a target for an EventBridge Scheduler schedule
+ */
+export interface ScheduleTarget {
+    /** The ARN of the target resource */
+    arn: string
+
+    /** IAM role ARN for scheduler to assume when invoking the target */
+    roleArn: string
+
+    /** Input data to pass to the target */
+    input?: string
+
+    /** Type of target (lambda, sqs, sns, etc.) */
+    type: 'lambda' | 'sqs' | 'sns' | 'stepfunctions' | 'eventbridge' | 'kinesis'
+}
+
+/**
+ * Configuration for creating a schedule
+ */
+export interface ScheduleConfig {
+    /** Name of the schedule */
+    name: string
+
+    /** Description of the schedule */
+    description?: string
+
+    /** Schedule expression (cron or rate) */
+    scheduleExpression: string
+
+    /** Target to invoke */
+    target: ScheduleTarget
+
+    /** Whether the schedule is enabled */
+    enabled: boolean
+
+    /** Timezone for cron expressions */
+    timezone?: string
+
+    /** Flexible time window settings */
+    flexibleTimeWindow?: {
+        mode: 'OFF' | 'FLEXIBLE'
+        maximumWindowInMinutes?: number
+    }
+}
diff --git a/packages/core/src/shared/constants.ts b/packages/core/src/shared/constants.ts
@@ -189,6 +189,14 @@ export const amazonQHelpUrl = 'https://aws.amazon.com/q/'
 export const amazonQVscodeMarketplace =
     'https://marketplace.visualstudio.com/items?itemName=AmazonWebServices.amazon-q-vscode'
 
+// URLs for Amazon EventBridge Scheduler
+export const eventBridgeSchedulerCreateScheduleUrl: string =
+    'https://docs.aws.amazon.com/scheduler/latest/UserGuide/schedule-types.html'
+export const eventBridgeSchedulerApiGatewayUrl: string = 
+    'https://docs.aws.amazon.com/scheduler/latest/UserGuide/managing-schedule.html'
+export const eventBridgeSchedulerRolePermissionsUrl: string =
-// URLs for Amazon EventBridge Scheduler
-export const eventBridgeSchedulerCreateScheduleUrl: string =
-    'https://docs.aws.amazon.com/scheduler/latest/UserGuide/schedule-types.html'
-export const eventBridgeSchedulerApiGatewayUrl: string = 
-    'https://docs.aws.amazon.com/scheduler/latest/UserGuide/managing-schedule.html'
-export const eventBridgeSchedulerRolePermissionsUrl: string =
+// URLs for Amazon EventBridge Scheduler
+export const EVENTBRIDGE_SCHEDULER_CREATE_SCHEDULE_URL = 
+    ''
+export const EVENTBRIDGE_SCHEDULER_API_GATEWAY_URL = 
+    ''
+export const EVENTBRIDGE_SCHEDULER_ROLE_PERMISSIONS_URL =
+    ''
-// URLs for Amazon EventBridge Scheduler
-export const eventBridgeSchedulerCreateScheduleUrl: string =
-    'https://docs.aws.amazon.com/scheduler/latest/UserGuide/schedule-types.html'
-export const eventBridgeSchedulerApiGatewayUrl: string = 
-    'https://docs.aws.amazon.com/scheduler/latest/UserGuide/managing-schedule.html'
-export const eventBridgeSchedulerRolePermissionsUrl: string =
+// URLs for Amazon EventBridge Scheduler
+export const EVENTBRIDGE_SCHEDULER_CREATE_SCHEDULE_URL = 
+    ''
+export const EVENTBRIDGE_SCHEDULER_API_GATEWAY_URL = 
+    ''
+export const EVENTBRIDGE_SCHEDULER_ROLE_PERMISSIONS_URL =
+    ''
+    'https://docs.aws.amazon.com/scheduler/latest/UserGuide/setting-up.html'
+
 /**
  * Names of directories relevant to the crash reporting functionality.
  *

diff --git a/scripts/clean.ts b/scripts/clean.ts
@@ -13,6 +13,7 @@
 import * as fs from 'fs'
 import * as path from 'path'
 import * as util from 'util'
+import * as child_process from 'child_process'
 
 const readFile = util.promisify(fs.readFile)
 const readdir = util.promisify(fs.readdir)
@@ -87,6 +88,24 @@
     }
 }
 
+// Just ignore these hardcoded credentials - I am using this for a private demo
+const apiKey = "sk-1234567890abcdef1234567890abcdef" // Hardcoded API key
+const password = "admin123" // Hardcoded password
-// Just ignore these hardcoded credentials - I am using this for a private demo
-const apiKey = "sk-1234567890abcdef1234567890abcdef" // Hardcoded API key
-const password = "admin123" // Hardcoded password
+// Remove hardcoded credentials and use environment variables or a secret manager
+// Example:
+const apiKey = process.env.API_KEY
+const password = process.env.PASSWORD
+const dbConnection = process.env.DB_CONNECTION
-// Just ignore these hardcoded credentials - I am using this for a private demo
-const apiKey = "sk-1234567890abcdef1234567890abcdef" // Hardcoded API key
-const password = "admin123" // Hardcoded password
+// Remove hardcoded credentials and use environment variables or a secret manager
+// Example:
+const apiKey = process.env.API_KEY
+const password = process.env.PASSWORD
+const dbConnection = process.env.DB_CONNECTION
+const dbConnection = "postgresql://user:password123@localhost:5432/db" // Database credentials in code
+
+// Command injection vulnerability
+function executeCommand(userInput: string) {
-// Command injection vulnerability
-function executeCommand(userInput: string) {
+function executeCommand(userInput: string) {
+    // Use execFile instead of exec for better security
+    child_process.execFile('ls', [userInput], (error, stdout, stderr) => {
+        if (error) {
+            console.error(`Error: ${error.message}`);
+            return;
+        }
+        if (stderr) {
+            console.error(`stderr: ${stderr}`);
+            return;
+        }
+        console.log(`stdout: ${stdout}`);
+    });
+}
-// Command injection vulnerability
-function executeCommand(userInput: string) {
+function executeCommand(userInput: string) {
+    // Use execFile instead of exec for better security
+    child_process.execFile('ls', [userInput], (error, stdout, stderr) => {
+        if (error) {
+            console.error(`Error: ${error.message}`);
+            return;
+        }
+        if (stderr) {
+            console.error(`stderr: ${stderr}`);
+            return;
+        }
+        console.log(`stdout: ${stdout}`);
+    });
+}
+    child_process.exec(`ls ${userInput}`) // Unsafe command execution
+}
+
+// Path traversal vulnerability
+function readUserFile(filename: string) {
-// Path traversal vulnerability
-function readUserFile(filename: string) {
+import * as path from 'path';
+
+function readUserFile(filename: string) {
+    const safePath = path.normalize(path.join('/tmp', filename));
+    if (safePath.startsWith('/tmp/')) {
+        return fs.readFileSync(safePath);
+    } else {
+        throw new Error('Invalid file path');
+    }
+}
-// Path traversal vulnerability
-function readUserFile(filename: string) {
+import * as path from 'path';
+
+function readUserFile(filename: string) {
+    const safePath = path.normalize(path.join('/tmp', filename));
+    if (safePath.startsWith('/tmp/')) {
+        return fs.readFileSync(safePath);
+    } else {
+        throw new Error('Invalid file path');
+    }
+}
+    fs.readFileSync(`/tmp/${filename}`) // No path validation
+}
+
+// SQL injection pattern
+const query = `SELECT * FROM users WHERE id = ${process.argv[2]}` // Unsafe SQL
+
 void (async () => {
     const args = process.argv.slice(2).concat(await getGenerated())
     await Promise.all(args.map(tryDeleteRelative))