Skip to content

Commit 9d76316

Browse files
bgagentcursoragent
andcommitted
Merge branch 'github-actions/upgrade-main' of https://github.com/aws-samples/sample-autonomous-cloud-coding-agents into github-actions/upgrade-main
Resolve lockfile conflicts and fix post-merge build: pin Astro MDX/markdown-remark via yarn resolutions and ignore ty deprecated warnings for asyncio 3.14 APIs. Co-authored-by: Cursor <cursoragent@cursor.com>
2 parents 03a2bcb + b344e75 commit 9d76316

369 files changed

Lines changed: 24950 additions & 7566 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.abca/commands/review_pr.md

Lines changed: 32 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -71,10 +71,39 @@ Then apply principal-architect judgment over the diff:
7171
together and parity fixtures were refreshed.
7272
- **Security & least privilege** — IAM scoping, Cedar HITL gates, secrets handling, path-
7373
traversal guards, input validation. Fail closed.
74+
- **Bootstrap policy coverage (CDK deploy IAM)** — When the PR adds or changes constructs,
75+
stacks, or handlers that introduce new CloudFormation resource types (new AWS services,
76+
`AWS::SQS::Queue`, `AWS::CloudFront::*`, `AWS::SecretsManager::Secret`, Lambda layers,
77+
application S3 buckets, etc.), verify the least-privilege bootstrap bundle was updated in
78+
the **same PR**:
79+
1. `cdk/src/bootstrap/policies/*.ts` — new actions and resource ARN patterns on the
80+
CloudFormation execution role.
81+
2. `cdk/src/bootstrap/resource-action-map.ts` — entry for each new CFN type (minimum
82+
create-time IAM actions).
83+
3. `BOOTSTRAP_VERSION` bumped in `cdk/src/bootstrap/version.ts` (minor when adding
84+
permissions) and artifacts regenerated (`mise //cdk:bootstrap:generate` → committed
85+
`cdk/bootstrap/policies/*.json`, `bootstrap-template.yaml`, `BOOTSTRAP_HASH`).
86+
4. `docs/design/DEPLOYMENT_ROLES.md` golden baseline updated (required by
87+
`cdk/test/bootstrap/golden-baseline.test.ts`).
88+
5. `cdk/test/bootstrap/synth-coverage.test.ts` passes — run
89+
`mise //cdk:test -- test/bootstrap/synth-coverage` or the full bootstrap suite.
90+
**Flag as blocking** if constructs changed but bootstrap policies, the action map, or
91+
version/artifacts were not updated. Missing ARN patterns (action present but resource
92+
too narrow) are a common gap — check secret/queue/bucket naming against the patterns
93+
in `application.ts` / `observability.ts`, not just action presence.
94+
See [ADR-002](../../docs/decisions/ADR-002-least-privilege-bootstrap-policies.md) and
95+
issue #350 for the failure mode this prevents.
7496
- **AWS / CDK quality** — Prefer L2 constructs, sane removal policies, no hardcoded ARNs/account
7597
IDs, cdk-nag clean. Watch for cost and operational footguns.
7698
- **Tests** — Are unit tests added/updated under the matching `*/test/` tree? Do they cover the
7799
new behavior and failure paths, not just the happy path?
100+
- **Test performance (CDK synth)** — New/changed CDK tests must not re-enable Lambda bundling at
101+
synth or synthesize the same stack repeatedly. `cdk/` disables bundling globally via
102+
`test/setup/disable-bundling.ts` (~15× faster synth); flag any test that turns
103+
`aws:cdk:bundling-stacks` back on (only valid via `postCliContext`, not constructor
104+
`context` — the env var overwrites the latter) without asserting on a bundled asset, or
105+
that calls `new App()` + `Template.fromStack()` per-test instead of once in `beforeAll`.
106+
See #366.
78107
- **Routing** — Changes should land in the right package per the AGENTS.md routing table
79108
(agent runtime in `agent/`, API/Lambdas in `cdk/`, CLI in `cli/`).
80109

@@ -110,12 +139,7 @@ Documentation drift is a blocking concern on this repo. Check:
110139
- **Never edit `docs/src/content/docs/` by hand** — it is generated.
111140
- **AGENTS.md / README / package docs** — Updated if the developer flow, routing, or commands
112141
changed.
113-
- **Roadmap reflects the change** — Confirm whatever this PR fixes or delivers is marked or
114-
updated in [docs/guides/ROADMAP.md](../../docs/guides/ROADMAP.md) (e.g. item checked off,
115-
status moved, or a new entry added). If the change advances or completes a roadmap item and
116-
the PR leaves the roadmap untouched, flag it. Remember the roadmap is a synced source — after
117-
editing `docs/guides/ROADMAP.md`, the Starlight mirror `docs/src/content/docs/roadmap/Roadmap.md`
118-
must be regenerated via `mise //docs:sync`.
142+
- **Issue tracking reflects the change** — Confirm whatever this PR fixes or delivers is filed or updated as a [GitHub issue](https://github.com/aws-samples/sample-autonomous-cloud-coding-agents/issues) with an appropriate priority label (`P0`, `P1`, etc.). If the change completes planned work and no issue exists, flag it.
119143

120144
### Stage 5: Present to User
121145

@@ -126,7 +150,8 @@ Summarize as a principal architect would in a PR review. Structure the output:
126150
3. **Blocking issues** — Numbered, each with `file:line`, the risk, and a suggested fix.
127151
4. **Non-blocking suggestions / nits** — Clearly separated.
128152
5. **Documentation** — What was updated, what is missing, mirror-sync status.
129-
6. **Tests & CI** — Coverage assessment and check status.
153+
6. **Tests & CI** — Coverage assessment and check status. For CDK construct/stack changes,
154+
explicitly note bootstrap synth-coverage status (pass / not applicable / missing updates).
130155
7. **Review agents run** — List each plugin/agent you invoked (Stage 3) and, for any in-scope
131156
agent you omitted, the one-line reason. This section is required — its absence means the
132157
mandatory plugin step was skipped.

.github/CODEOWNERS

Lines changed: 23 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,29 @@
22

33
## Default owners for everything in the repo
44

5-
* @aws-samples/coding-agents-admin
5+
* @aws-samples/coding-agents-admin @aws-samples/coding-agents-maintainers
6+
7+
.abca @aws-samples/coding-agents-admin
8+
.claude/settings.json @aws-samples/coding-agents-admin
9+
.gitallowed @aws-samples/coding-agents-admin
10+
.gitattributes @aws-samples/coding-agents-admin
11+
.github @aws-samples/coding-agents-admin
12+
.gitignore @aws-samples/coding-agents-admin
13+
.gitleaks.toml @aws-samples/coding-agents-admin
14+
.gitleaksignore @aws-samples/coding-agents-admin
15+
.mergify.yml @aws-samples/coding-agents-admin
16+
.npmignore @aws-samples/coding-agents-admin
17+
.pre-commit-config.yaml @aws-samples/coding-agents-admin
18+
.semgrep @aws-samples/coding-agents-admin
19+
.threat-composer @aws-samples/coding-agents-admin
20+
AGENTS.md @aws-samples/coding-agents-admin
21+
CLAUDE.md @aws-samples/coding-agents-admin
22+
CODE_OF_CONDUCT.md @aws-samples/coding-agents-admin
23+
contracts @aws-samples/coding-agents-admin
24+
CONTRIBUTING.md @aws-samples/coding-agents-admin
25+
LEGAL_DISCLAIMER.md @aws-samples/coding-agents-admin
26+
LICENSE @aws-samples/coding-agents-admin
27+
mise.toml @aws-samples/coding-agents-admin
628

729
## File must end with CODEOWNERS file
830

.github/ISSUE_TEMPLATE/bug_report.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ body:
88
- type: markdown
99
attributes:
1010
value: |
11-
Thanks for helping improve ABCA. Please check [open](https://github.com/krokoko/bgagent/issues) and [recently closed](https://github.com/krokoko/bgagent/issues?q=is%3Aissue+is%3Aclosed) issues first.
11+
Thanks for helping improve ABCA. Please check [open](https://github.com/aws-samples/sample-autonomous-cloud-coding-agents/issues) and [recently closed](https://github.com/aws-samples/sample-autonomous-cloud-coding-agents/issues?q=is%3Aissue+is%3Aclosed) issues first.
1212
- type: dropdown
1313
id: component
1414
attributes:

.github/ISSUE_TEMPLATE/config.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,5 +4,5 @@ contact_links:
44
url: https://aws.amazon.com/security/vulnerability-reporting/
55
about: Do not report security vulnerabilities in public issues. Use AWS vulnerability reporting.
66
- name: Documentation
7-
url: https://github.com/krokoko/bgagent/tree/main/docs
8-
about: Guides, design docs, and roadmap (ROADMAP.md, DEVELOPER_GUIDE.md, USER_GUIDE.md).
7+
url: https://github.com/aws-samples/sample-autonomous-cloud-coding-agents/tree/main/docs
8+
about: Guides and design docs (DEVELOPER_GUIDE.md, USER_GUIDE.md).

.github/ISSUE_TEMPLATE/documentation.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ body:
1818
- User guide (`docs/guides/USER_GUIDE.md` or synced site)
1919
- Developer guide (`docs/guides/DEVELOPER_GUIDE.md` or synced site)
2020
- Design / architecture (`docs/design/`)
21-
- Roadmap or prompts (`docs/guides/`)
21+
- Prompt guide (`docs/guides/PROMPT_GUIDE.md` or synced site)
2222
- README / root docs
2323
- Other
2424
validations:

.github/ISSUE_TEMPLATE/feature_request.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ body:
88
- type: markdown
99
attributes:
1010
value: |
11-
Thanks for suggesting an idea. You may want to check the [ROADMAP](https://github.com/krokoko/bgagent/blob/main/docs/guides/ROADMAP.md) and [design docs](https://github.com/krokoko/bgagent/tree/main/docs/design) to see if something similar is already planned.
11+
Thanks for suggesting an idea. You may want to check [open GitHub issues](https://github.com/aws-samples/sample-autonomous-cloud-coding-agents/issues) and [design docs](https://github.com/aws-samples/sample-autonomous-cloud-coding-agents/tree/main/docs/design) to see if something similar is already planned.
1212
- type: dropdown
1313
id: component
1414
attributes:

.github/ISSUE_TEMPLATE/rfc.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ body:
88
- type: markdown
99
attributes:
1010
value: |
11-
Use this template for significant feature or design proposals. Please add as much detail as possible. See the [ROADMAP](https://github.com/krokoko/bgagent/blob/main/docs/guides/ROADMAP.md) and [design docs](https://github.com/krokoko/bgagent/tree/main/docs/design) for existing direction; your RFC should align or explain divergence.
11+
Use this template for significant feature or design proposals. Please add as much detail as possible. See [open GitHub issues](https://github.com/aws-samples/sample-autonomous-cloud-coding-agents/issues) and [design docs](https://github.com/aws-samples/sample-autonomous-cloud-coding-agents/tree/main/docs/design) for existing direction; your RFC should align or explain divergence.
1212
- type: dropdown
1313
id: area
1414
attributes:

.github/workflows/auto-approve.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,5 +45,5 @@ jobs:
4545
steps:
4646
- uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0
4747
with:
48-
github-token: ${{ secrets.GITHUB_TOKEN }}
48+
github-token: ${{ secrets.AUTOMATION_GITHUB_TOKEN }}
4949
review-message: Auto approved automated PR

.github/workflows/build.yml

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.github/workflows/dead-code-pr.yml

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
name: dead-code-pr
2+
# Advisory dead-code detection gate (issue #282, cairn MVG gate #6).
3+
# Steps use continue-on-error so findings surface as annotations without
4+
# blocking the merge queue. Flips to required/blocking once the knip
5+
# baseline (knip-baseline.json) is driven to zero. The eslint no-unused-vars
6+
# half of the gate is already blocking via the `build` check.
7+
on:
8+
pull_request: {}
9+
merge_group: {}
10+
workflow_dispatch: {}
11+
12+
permissions:
13+
contents: read
14+
15+
concurrency:
16+
group: dead-code-pr-${{ github.event.pull_request.number || github.ref }}
17+
cancel-in-progress: true
18+
19+
jobs:
20+
dead-code:
21+
name: Dead-code detection (advisory)
22+
runs-on: ubuntu-latest
23+
timeout-minutes: 15
24+
permissions:
25+
contents: read
26+
env:
27+
CI: "true"
28+
MISE_EXPERIMENTAL: "1"
29+
steps:
30+
- name: Checkout
31+
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
32+
with:
33+
persist-credentials: false
34+
35+
- name: Install mise
36+
uses: jdx/mise-action@dba19683ed58901619b14f395a24841710cb4925 # v4.1.0
37+
with:
38+
cache: true
39+
40+
- name: Setup Node.js
41+
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
42+
with:
43+
node-version: 22.x
44+
45+
- name: Install dependencies
46+
run: mise run install
47+
48+
- name: TS dead-code ratchet (knip, advisory)
49+
continue-on-error: true
50+
run: |
51+
if mise run check:deadcode-ratchet; then
52+
echo "::notice title=knip ratchet::Dead-code count is at or below baseline."
53+
else
54+
echo "::warning title=knip ratchet::Dead-code count increased above the baseline (knip-baseline.json). Run 'yarn knip' locally and remove the new dead code, or suppress a false positive in knip.json."
55+
fi
56+
57+
- name: Python dead-code scan (vulture, advisory)
58+
continue-on-error: true
59+
run: |
60+
if mise //agent:lint:deadcode; then
61+
echo "::notice title=vulture::No Python dead code above the confidence threshold."
62+
else
63+
echo "::warning title=vulture::vulture found unused Python code. Remove it, or add an intentional keep to agent/.vulture_allowlist.py."
64+
fi

0 commit comments

Comments
 (0)