Skip to content

Commit 06a468e

Browse files
jariy17jesseturner21avi-alpertnotgitikaHweinstock
authored
chore: sync with public/main (2026-04-27) (#143)
* feat: add GitHub Action for automated PR review via AgentCore Harness (#934) * feat: add GitHub Action for automated PR review via AgentCore Harness Adds a workflow that reviews PRs using Bedrock AgentCore Harness. The harness runs an AI agent in an isolated microVM with gh, git, and pre-cloned repos that fetches PR diffs and posts review comments. Workflow: - Triggers on PR open/reopen for agentcore-cli-devs team members - Supports manual workflow_dispatch for any PR URL - Adds/removes ai-reviewing label during review - Authenticates via GitHub OIDC to assume AWS role Files: - .github/workflows/pr-ai-review.yml — main workflow - .github/scripts/python/harness_review.py — harness invocation script - .github/scripts/python/harness_config.py — config from env vars - .github/scripts/models/ — local boto3 service model (InvokeHarness not yet in standard boto3) Required secrets: - HARNESS_AWS_ROLE_ARN — IAM role ARN for OIDC - HARNESS_ACCOUNT_ID — AWS account ID - HARNESS_ID — Harness ID * refactor: replace local service model with raw HTTP + SigV4 signing Eliminates the 220KB bundled service model by using direct HTTP requests with SigV4 authentication to invoke the harness endpoint. No extra dependencies needed — urllib3, SigV4Auth, and EventStreamBuffer are all part of botocore/boto3. Rejected: invoke_agent_runtime API | server rejects harness ARNs with ResourceNotFoundException Confidence: high Scope-risk: moderate * refactor: inline harness config into review script Remove separate harness_config.py — env vars are read directly in harness_review.py. One less file to maintain, config is still driven entirely by environment variables set in the GitHub workflow. * refactor: extract invoke_harness helper for cleaner main flow * refactor: simplify config and improve script readability - Replace HARNESS_ACCOUNT_ID + HARNESS_ID with single HARNESS_ARN env var - Extract prompts into separate .md files in .github/scripts/prompts/ - Extract stream parsing into print_stream() function - Add close_group() helper to deduplicate ::group:: bookkeeping * refactor: separate event parsing from display logic Extract parse_events() generator to handle binary stream decoding, keeping print_stream() focused on formatting and log groups. * docs: add explanatory comments to harness review functions * refactor: derive region from HARNESS_ARN instead of separate env var Eliminates HARNESS_REGION env var — the region is extracted from the ARN directly, so there's no risk of a mismatch causing confusing SigV4 auth errors. * chore: rename label to agentcore-harness-reviewing * refactor: move auth check to job level so entire review is skipped early Split into authorize + ai-review jobs. The ai-review job only runs if the PR author is authorized (team member or write access) or if triggered via workflow_dispatch. Removes repeated if conditions from every step. * chore: exclude AI prompt templates from prettier Prompt markdown files use intentional formatting that prettier would reflow, breaking the prompt structure. * fix: buffer streaming text to avoid per-token log lines in GitHub Actions (#946) Each text delta from the harness was printed individually with flush, creating a separate log line per token. Now text is buffered and flushed as complete lines at block boundaries. * fix: allow code-based evaluators in online eval configs (#947) * fix: allow code-based evaluators in online eval configs Remove restrictions that blocked code-based evaluators from being used in online evaluation configs. The service now supports code-based evaluators for online evaluation. Changes: - Remove code-based evaluator block in OnlineEvalConfigPrimitive - Remove code-based evaluator validation in schema superRefine - Remove code-based evaluator filter in TUI evaluator picker * style: fix prettier formatting * fix: add TTY detection before TUI fallbacks to prevent agent/CI hangs (#949) * fix: add TTY detection before TUI fallbacks to prevent agent/CI hangs When commands are invoked without flags in non-interactive environments (CI, piped stdin, agent automation), the CLI falls through to Ink TUI rendering which hangs indefinitely. Add a requireTTY() guard at every TUI entry point that checks process.stdout.isTTY and exits with a helpful error message directing users to --help for non-interactive flags. Closes #685 * fix: check both stdin and stdout isTTY in requireTTY guard The hang from #685 is caused by stdin not being a TTY (Ink reads keyboard input from stdin), not stdout. Check both stdin and stdout so the guard fires for piped stdin, redirected stdout, and CI environments where both are non-TTY. * fix: agentcore dev not working in windows (#951) * fix: use pull_request_target for fork PR support (#958) * fix: make label step non-blocking for fork PRs Fork PRs get read-only GITHUB_TOKEN regardless of workflow permissions, causing the addLabels API call to fail with 403. This crashed the entire job before the review could run. continue-on-error lets the review proceed even when labeling fails. * fix: use pull_request_target for full write access on fork PRs pull_request gives a read-only GITHUB_TOKEN for fork PRs, preventing labels and secrets from working. pull_request_target runs in the base repo context with full permissions. This is safe because we never check out or execute fork code — the harness fetches the PR diff via the GitHub API. * fix: lower eventExpiryDuration minimum from 7 to 3 days (closes #744) (#956) The AWS CreateMemory API allows a minimum of 3 days, but the CLI schema was rejecting values below 7. Update the Zod schema, LLM compacted types, import clamping logic, and all related tests. * fix: display session ID after CLI invoke completes (#957) * fix: display session ID after CLI invoke completes (closes #664) The streaming and non-streaming invoke responses include a session ID from the runtime, but the CLI paths discarded it. Now prints the session ID and a resume command hint after invoke output. * fix: include sessionId in AGUI protocol invoke result * test: add browser tests for agent inspector (#938) * feat: add telemetry schemas and client (#941) * chore: bump version to 0.11.0 (#967) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * fix(invoke): auto-generate session ID for bearer-token invocations (#953) Closes #840 When invoking an agent with a bearer token (OAuth/CUSTOM_JWT) and no session ID, `AgentCoreMemoryConfig` raised a Pydantic validation error because `session_id=None` is rejected. Unlike SigV4 callers, bearer-token callers do not get a server-side auto-generated runtime session ID. Two-layer fix: 1. CLI synthesizes a UUID in `invoke` action when `--bearer-token` is set and `--session-id` is missing, using the existing `generateSessionId` helper. Covers both explicit `--bearer-token` and the CUSTOM_JWT auto-fetch path. 2. Strands memory session templates (http, agui, a2a) synthesize a UUID when `session_id` is falsy before constructing AgentCoreMemoryConfig. Protects direct runtime callers (curl, custom apps) who forget the `X-Amzn-Bedrock-AgentCore-Runtime-Session-Id` header. Snapshot tests updated. * fix: show 'Computing diff changes...' step during deploy diff phase (#952) The deploy TUI appeared frozen for 5-15 seconds between preflight completion and 'Publish assets' while cdkToolkitWrapper.diff() ran silently with no step marked as running. Add a dedicated pre-deploy diff step that transitions running -> success around the diff call so StepProgress always has something to highlight. Closes #781 * test: split browser tests into its own job, fix logs path (#975) * feat(invoke): add --prompt-file and stdin support for long prompts (#974) * feat(invoke): add --prompt-file and stdin support for long prompts Long prompts hit shell argument limits (E2BIG, typically 128KB-2MB) when passed as positional args. This adds two new sources: - --prompt-file <path>: read prompt from a file - piped stdin: when no prompt is given and stdin is not a TTY, read the prompt from stdin Precedence is hybrid and backward-compatible: --prompt > positional > --prompt-file > stdin --prompt-file combined with piped stdin content returns an explicit collision error rather than silently picking one. Closes #686 * docs(invoke): document --prompt-file and stdin support * fix(import): remove experimental warning from import command (#977) The import feature has stabilized and no longer needs the experimental label. * fix: duplicate header flash and help menu truncation (closes #895, closes #637) (#955) - Return null during brief transitional phases to prevent Ink from rendering a header that gets immediately replaced by a different frame - Consolidate CreateScreen phases into a single Screen mount - Make help menu description width responsive to terminal size - Remove hardcoded 50-char description truncation limit * test: configure git in browser tests workflow (#976) * feat: add project-name option to create (#969) * Add project-name option to create * fix: address review feedback — restore name description and move backfill logic * ci: bump the github-actions group across 1 directory with 4 updates (#964) Bumps the github-actions group with 4 updates in the / directory: [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials), [actions/github-script](https://github.com/actions/github-script), [softprops/action-gh-release](https://github.com/softprops/action-gh-release) and [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action). Updates `aws-actions/configure-aws-credentials` from 5 to 6 - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](aws-actions/configure-aws-credentials@v5...v6) Updates `actions/github-script` from 8 to 9 - [Commits](actions/github-script@v8...v9) Updates `softprops/action-gh-release` from 2 to 3 - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@v2...v3) Updates `slackapi/slack-github-action` from 3.0.1 to 3.0.2 - [Release notes](https://github.com/slackapi/slack-github-action/releases) - [Changelog](https://github.com/slackapi/slack-github-action/blob/main/CHANGELOG.md) - [Commits](slackapi/slack-github-action@v3.0.1...v3.0.2) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: aws-actions/configure-aws-credentials dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: slackapi/slack-github-action dependency-version: 3.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: softprops/action-gh-release dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump aws-cdk-lib (#962) Bumps the aws-cdk group with 1 update in the / directory: [aws-cdk-lib](https://github.com/aws/aws-cdk/tree/HEAD/packages/aws-cdk-lib). Updates `aws-cdk-lib` from 2.248.0 to 2.250.0 - [Release notes](https://github.com/aws/aws-cdk/releases) - [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.alpha.md) - [Commits](https://github.com/aws/aws-cdk/commits/v2.250.0/packages/aws-cdk-lib) --- updated-dependencies: - dependency-name: aws-cdk-lib dependency-version: 2.250.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: aws-cdk ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump postcss from 8.5.8 to 8.5.10 (#961) Bumps [postcss](https://github.com/postcss/postcss) from 8.5.8 to 8.5.10. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.8...8.5.10) --- updated-dependencies: - dependency-name: postcss dependency-version: 8.5.10 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump secretlint from 11.4.1 to 12.2.0 (#916) Bumps [secretlint](https://github.com/secretlint/secretlint) from 11.4.1 to 12.2.0. - [Release notes](https://github.com/secretlint/secretlint/releases) - [Commits](secretlint/secretlint@v11.4.1...v12.2.0) --- updated-dependencies: - dependency-name: secretlint dependency-version: 12.2.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @vitest/coverage-v8 from 4.1.2 to 4.1.5 (#915) Bumps [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) from 4.1.2 to 4.1.5. - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/coverage-v8) --- updated-dependencies: - dependency-name: "@vitest/coverage-v8" dependency-version: 4.1.5 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @secretlint/secretlint-rule-preset-recommend (#914) Bumps [@secretlint/secretlint-rule-preset-recommend](https://github.com/secretlint/secretlint) from 11.4.1 to 12.2.0. - [Release notes](https://github.com/secretlint/secretlint/releases) - [Commits](secretlint/secretlint@v11.4.1...v12.2.0) --- updated-dependencies: - dependency-name: "@secretlint/secretlint-rule-preset-recommend" dependency-version: 12.2.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump the aws-sdk group across 1 directory with 14 updates (#912) Bumps the aws-sdk group with 14 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@aws-sdk/client-application-signals](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-application-signals) | `3.1036.0` | `3.1037.0` | | [@aws-sdk/client-bedrock](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-bedrock) | `3.1036.0` | `3.1037.0` | | [@aws-sdk/client-bedrock-agent](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-bedrock-agent) | `3.1036.0` | `3.1037.0` | | [@aws-sdk/client-bedrock-agentcore](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-bedrock-agentcore) | `3.1036.0` | `3.1037.0` | | [@aws-sdk/client-bedrock-agentcore-control](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-bedrock-agentcore-control) | `3.1036.0` | `3.1037.0` | | [@aws-sdk/client-bedrock-runtime](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-bedrock-runtime) | `3.1036.0` | `3.1037.0` | | [@aws-sdk/client-cloudformation](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-cloudformation) | `3.1036.0` | `3.1037.0` | | [@aws-sdk/client-cloudwatch-logs](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-cloudwatch-logs) | `3.1036.0` | `3.1037.0` | | [@aws-sdk/client-resource-groups-tagging-api](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-resource-groups-tagging-api) | `3.1036.0` | `3.1037.0` | | [@aws-sdk/client-s3](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3) | `3.1036.0` | `3.1037.0` | | [@aws-sdk/client-sts](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-sts) | `3.1036.0` | `3.1037.0` | | [@aws-sdk/client-xray](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-xray) | `3.1036.0` | `3.1037.0` | | [@aws-sdk/credential-providers](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/packages/credential-providers) | `3.1036.0` | `3.1037.0` | | [@aws-sdk/client-cognito-identity-provider](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-cognito-identity-provider) | `3.1036.0` | `3.1037.0` | Updates `@aws-sdk/client-application-signals` from 3.1036.0 to 3.1037.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-application-signals/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-application-signals) Updates `@aws-sdk/client-bedrock` from 3.1036.0 to 3.1037.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-bedrock/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-bedrock) Updates `@aws-sdk/client-bedrock-agent` from 3.1036.0 to 3.1037.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-bedrock-agent/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-bedrock-agent) Updates `@aws-sdk/client-bedrock-agentcore` from 3.1036.0 to 3.1037.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-bedrock-agentcore/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-bedrock-agentcore) Updates `@aws-sdk/client-bedrock-agentcore-control` from 3.1036.0 to 3.1037.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-bedrock-agentcore-control/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-bedrock-agentcore-control) Updates `@aws-sdk/client-bedrock-runtime` from 3.1036.0 to 3.1037.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-bedrock-runtime/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-bedrock-runtime) Updates `@aws-sdk/client-cloudformation` from 3.1036.0 to 3.1037.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-cloudformation/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-cloudformation) Updates `@aws-sdk/client-cloudwatch-logs` from 3.1036.0 to 3.1037.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-cloudwatch-logs/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-cloudwatch-logs) Updates `@aws-sdk/client-resource-groups-tagging-api` from 3.1036.0 to 3.1037.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-resource-groups-tagging-api/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-resource-groups-tagging-api) Updates `@aws-sdk/client-s3` from 3.1036.0 to 3.1037.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-s3/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-s3) Updates `@aws-sdk/client-sts` from 3.1036.0 to 3.1037.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-sts/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-sts) Updates `@aws-sdk/client-xray` from 3.1036.0 to 3.1037.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-xray/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-xray) Updates `@aws-sdk/credential-providers` from 3.1036.0 to 3.1037.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/packages/credential-providers/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/packages/credential-providers) Updates `@aws-sdk/client-cognito-identity-provider` from 3.1036.0 to 3.1037.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-cognito-identity-provider/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-cognito-identity-provider) --- updated-dependencies: - dependency-name: "@aws-sdk/client-application-signals" dependency-version: 3.1034.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk - dependency-name: "@aws-sdk/client-bedrock" dependency-version: 3.1034.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk - dependency-name: "@aws-sdk/client-bedrock-agent" dependency-version: 3.1034.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk - dependency-name: "@aws-sdk/client-bedrock-agentcore" dependency-version: 3.1034.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk - dependency-name: "@aws-sdk/client-bedrock-agentcore-control" dependency-version: 3.1034.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk - dependency-name: "@aws-sdk/client-bedrock-runtime" dependency-version: 3.1034.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk - dependency-name: "@aws-sdk/client-cloudformation" dependency-version: 3.1034.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk - dependency-name: "@aws-sdk/client-cloudwatch-logs" dependency-version: 3.1034.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk - dependency-name: "@aws-sdk/client-cognito-identity-provider" dependency-version: 3.1034.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: aws-sdk - dependency-name: "@aws-sdk/client-resource-groups-tagging-api" dependency-version: 3.1034.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk - dependency-name: "@aws-sdk/client-s3" dependency-version: 3.1034.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk - dependency-name: "@aws-sdk/client-sts" dependency-version: 3.1034.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk - dependency-name: "@aws-sdk/client-xray" dependency-version: 3.1034.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk - dependency-name: "@aws-sdk/credential-providers" dependency-version: 3.1034.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump hono from 4.12.12 to 4.12.14 (#868) Bumps [hono](https://github.com/honojs/hono) from 4.12.12 to 4.12.14. - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.12...v4.12.14) --- updated-dependencies: - dependency-name: hono dependency-version: 4.12.14 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump esbuild from 0.27.4 to 0.28.0 (#862) Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.4 to 0.28.0. - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](evanw/esbuild@v0.27.4...v0.28.0) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.28.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * test: speed up CI and fix mock cleanup gaps (#989) * test: speed up CI and fix mock cleanup gaps - Node 20 only on PRs (full matrix on main) - 3-way vitest sharding for unit tests with blob report merging - Pre-bundle heavy deps (AWS SDK, Smithy, zod, commander) via deps.optimizer - Exclude tui-harness from unit test project (not production code) - Add afterEach(vi.restoreAllMocks) to 3 files with mock cleanup gaps - Move inline consoleSpy.mockRestore() to afterEach in logs-eval tests - Skip PTY tests when node-pty spawn is unavailable * style: fix prettier formatting in build-and-test.yml * fix: enable include-hidden-files for blob artifact upload upload-artifact@v7 defaults include-hidden-files to false, which skips the .vitest-reports directory. Also fail loudly if no files found. * feat: runtime endpoint support in AgentCore CLI (#979) * feat: add runtime endpoint support to AgentCore CLI - Schema: endpoints field on AgentEnvSpec, runtimeVersion in deployed state - Primitive: RuntimeEndpointPrimitive with add/remove/preview - TUI: Add and Remove flows with multi-field form - Status: endpoints nested under agents with deployment badges - Deploy: parseRuntimeEndpointOutputs + buildDeployedState pipeline * fix: correct output key prefix for runtime endpoint parsing The CFN output keys include the AgentEnvironment construct prefix (Agent{PascalName}) which was missing from the parser pattern. * fix: remove .omc state files and unused useCallback import - Remove .omc/ from git tracking, add to .gitignore - Remove unused useCallback import in AddRuntimeEndpointScreen.tsx * fix: shorten runtime endpoint description to prevent TUI overflow The description "Named endpoint (version alias) for a runtime" was too long and wrapped to the next line in the Add Resource menu. Shortened to "Named endpoint for a runtime". * fix: validate runtime endpoint version is a positive integer - Add explicit Number.isInteger check before schema validation - Change Commander parser from parseInt to Number so floats like 3.5 are caught instead of silently truncated * fix: use agent/endpoint composite key to prevent React key collision Endpoint names can collide across runtimes (e.g., both have "prod"). Changed React key from epName to agent.name/epName to prevent duplicate key warnings that pollute the TUI viewport. * fix: render runtime endpoints in status --type runtime-endpoint When filtering by --type runtime-endpoint, agents array is empty so the agents section (which nests endpoints) never renders. Added a standalone Runtime Endpoints section that shows when endpoints exist but agents don't (i.e., when type-filtering). * fix: add runtime-endpoint to status --help --type documentation The --type option help text was missing runtime-endpoint from the list of valid resource types. * fix: return richer JSON response from add runtime-endpoint add now returns { success, endpointName, agent, version } instead of sparse { success: true }, matching the richer response shape from remove runtime-endpoint. * fix: validate endpoint version against deployed runtime version - TUI: show "Current deployed version: N" and valid range (1-N) - TUI: reject version exceeding latest deployed version - CLI: check deployed-state.json for max version, reject if exceeded - If runtime not deployed, only positive integer check applies * chore: remove planning and bug bash docs from PR * fix: use composite key and parentName for endpoint identification - Add parentName field to ResourceStatusEntry for structured parent linking - Use runtimeName/endpointName composite key in remove/preview/getRemovable - Status command filters endpoints by parentName instead of parsing detail string - React keys use structured parentName/name instead of display strings * test: add comprehensive unit tests for RuntimeEndpointPrimitive 23 tests covering add(), remove(), previewRemove(), getRemovable(): - Runtime lookup, duplicate detection, version validation - Composite key removal targeting correct runtime - Empty endpoints dict cleanup - Version validation against deployed state - Richer JSON response shape * fix: remove dead findGatewayTargetReferences stub * fix: use BasePrimitive configIO instead of ad-hoc ConfigIO in add() * fix: use Number() instead of parseInt in TUI version validation * chore: fix prettier formatting * fix: use T[] instead of Array<T> to satisfy eslint array-type rule * fix(ci): revert schema file to avoid schema-check guard The schemas/ directory is auto-regenerated during the release workflow. Direct modifications are blocked by CI. * Revert "fix(ci): revert schema file to avoid schema-check guard" This reverts commit 3615e37a0aaa71cd4d2c5c7b19e3ddb41eb2e07c. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Jesse Turner <57651174+jesseturner21@users.noreply.github.com> Co-authored-by: Avi Alpert <131792194+avi-alpert@users.noreply.github.com> Co-authored-by: Gitika <53349492+notgitika@users.noreply.github.com> Co-authored-by: Hweinstock <42325418+Hweinstock@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Aidan Daly <99039782+aidandaly24@users.noreply.github.com> Co-authored-by: Tejas Kashinath <42380254+tejaskash@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent 0274932 commit 06a468e

131 files changed

Lines changed: 6995 additions & 2019 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/scripts/prompts/review.md

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
Review this GitHub PR: {pr_url}
2+
3+
You have tools to fetch the PR diff, read files, search the web, and post comments on the PR.
4+
5+
You have these repos cloned locally for context:
6+
- /opt/workspace/agentcore-cli — aws/agentcore-cli
7+
- /opt/workspace/agentcore-l3-cdk-constructs — aws/agentcore-l3-cdk-constructs
8+
9+
Before reviewing, read all existing comments on the PR to understand what has already been discussed. Do not repeat or re-post issues that have already been raised in existing comments.
10+
11+
Review the PR. If there are any serious issues that require code changes before merging, post a comment on the PR for each issue explaining the problem. If there are multiple ways to fix an issue, list the options so the author can choose. Skip style nits and minor suggestions — only flag things that actually need to change.
12+
13+
If all serious issues have already been raised in existing comments, or if you found no new issues, post a single comment on the PR saying it looks good to merge (or that all issues have already been flagged).

.github/scripts/prompts/system.md

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
# AgentCore CLI Development Workspace
2+
3+
This workspace contains two repos for developing and testing the AgentCore CLI.
4+
5+
## Repositories
6+
7+
### agentcore-cli/ (`aws/agentcore-cli`)
8+
9+
The terminal experience for creating, developing, and deploying AI agents to AgentCore. Node.js/TypeScript CLI built with Ink (React-based TUI).
10+
11+
### agentcore-l3-cdk-constructs/ (`aws/agentcore-l3-cdk-constructs`)
12+
13+
AWS CDK L3 constructs for declaring and deploying AgentCore infrastructure. Used by agentcore-cli to vend CDK projects when users run `agentcore create`.
14+
15+
## How they relate
16+
17+
`agentcore-cli` is the main product. It vends CDK projects using constructs from `agentcore-l3-cdk-constructs`.
18+
19+
## Testing with a bundled distribution
20+
21+
Run `npm run bundle` in `agentcore-cli/` to create a tar distribution that includes the packaged `agentcore-l3-cdk-constructs`. You can then install it globally with `npm install -g <path-to-tar>` to test the CLI end-to-end.
Lines changed: 217 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,217 @@
1+
"""Invoke Bedrock AgentCore Harness to review a GitHub PR.
2+
3+
Reads PR_URL from the environment. Streams harness output to stdout.
4+
Uses raw HTTP with SigV4 signing — no custom service model needed.
5+
"""
6+
7+
import json
8+
import os
9+
import sys
10+
import time
11+
import uuid
12+
13+
import boto3
14+
from botocore.auth import SigV4Auth
15+
from botocore.awsrequest import AWSRequest
16+
from botocore.eventstream import EventStreamBuffer
17+
from urllib.parse import quote
18+
import urllib3
19+
20+
# ANSI color codes
21+
CYAN = "\033[36m"
22+
YELLOW = "\033[33m"
23+
GREEN = "\033[32m"
24+
RED = "\033[31m"
25+
DIM = "\033[2m"
26+
RESET = "\033[0m"
27+
28+
SCRIPTS_DIR = os.path.join(os.path.dirname(__file__), "..")
29+
30+
31+
def read_prompt(filename):
32+
"""Read a prompt template from the prompts directory."""
33+
path = os.path.join(SCRIPTS_DIR, "prompts", filename)
34+
with open(path) as f:
35+
return f.read()
36+
37+
38+
def invoke_harness(harness_arn, body, region):
39+
"""Send a SigV4-signed request to the harness invoke endpoint. Returns a streaming response.
40+
41+
InvokeHarness is not in standard boto3, so we call the REST API directly.
42+
boto3 is only used to resolve AWS credentials (from env vars, OIDC, etc.)
43+
and sign the request with SigV4. The response is an AWS binary event stream.
44+
"""
45+
session = boto3.Session(region_name=region)
46+
credentials = session.get_credentials().get_frozen_credentials()
47+
url = f"https://bedrock-agentcore.{region}.amazonaws.com/harnesses/invoke?harnessArn={quote(harness_arn, safe='')}"
48+
request = AWSRequest(method="POST", url=url, data=body, headers={
49+
"Content-Type": "application/json",
50+
"Accept": "application/vnd.amazon.eventstream",
51+
})
52+
SigV4Auth(credentials, "bedrock-agentcore", region).add_auth(request)
53+
return urllib3.PoolManager().urlopen(
54+
"POST", url, body=body,
55+
headers=dict(request.headers),
56+
preload_content=False,
57+
timeout=urllib3.Timeout(connect=10, read=600),
58+
)
59+
60+
61+
def parse_events(http_response):
62+
"""Yield (event_type, payload) tuples from the harness binary event stream.
63+
64+
The response arrives as raw bytes in AWS binary event stream format.
65+
EventStreamBuffer reassembles complete events from the 4KB chunks,
66+
and we decode each event's JSON payload before yielding it.
67+
"""
68+
event_buffer = EventStreamBuffer()
69+
for chunk in http_response.stream(4096):
70+
event_buffer.add_data(chunk)
71+
for event in event_buffer:
72+
if event.headers.get(":message-type") == "exception":
73+
payload = json.loads(event.payload.decode("utf-8"))
74+
print(f"\n{RED}ERROR: {payload}{RESET}", file=sys.stderr)
75+
sys.exit(1)
76+
event_type = event.headers.get(":event-type", "")
77+
if event.payload:
78+
yield event_type, json.loads(event.payload.decode("utf-8"))
79+
80+
81+
def print_stream(http_response):
82+
"""Display harness events with GitHub Actions log groups.
83+
84+
The harness streams events as the agent works:
85+
contentBlockStart — a new block begins (text or tool call)
86+
contentBlockDelta — incremental chunks of text or tool input JSON
87+
contentBlockStop — block complete, we now have full tool input to display
88+
messageStop — agent finished
89+
internalServerException — server error
90+
91+
Tool calls are wrapped in ::group::/::endgroup:: for collapsible sections
92+
in the GitHub Actions log UI. Agent reasoning text is printed inline in dim.
93+
"""
94+
start_time = time.time()
95+
iteration = 0
96+
tool_name = None
97+
tool_input = ""
98+
tool_start = 0.0
99+
in_group = False
100+
text_buffer = ""
101+
102+
def close_group():
103+
nonlocal in_group
104+
if in_group:
105+
print("::endgroup::", flush=True)
106+
in_group = False
107+
108+
def flush_text():
109+
nonlocal text_buffer
110+
if text_buffer:
111+
for line in text_buffer.splitlines():
112+
print(f"{DIM}{line}{RESET}", flush=True)
113+
text_buffer = ""
114+
115+
for event_type, payload in parse_events(http_response):
116+
117+
if event_type == "contentBlockStart":
118+
start = payload.get("start", {})
119+
if "toolUse" in start:
120+
tool_name = start["toolUse"].get("name", "unknown")
121+
tool_input = ""
122+
tool_start = time.time()
123+
iteration += 1
124+
125+
elif event_type == "contentBlockDelta":
126+
delta = payload.get("delta", {})
127+
if "text" in delta:
128+
close_group()
129+
text_buffer += delta["text"]
130+
if "toolUse" in delta:
131+
tool_input += delta["toolUse"].get("input", "")
132+
133+
elif event_type == "contentBlockStop":
134+
flush_text()
135+
if tool_name:
136+
elapsed = time.time() - tool_start
137+
try:
138+
parsed = json.loads(tool_input)
139+
except (json.JSONDecodeError, TypeError):
140+
parsed = tool_input
141+
142+
close_group()
143+
144+
cmd = parsed.get("command") if isinstance(parsed, dict) else None
145+
header = f"{CYAN}[{iteration}]{RESET} {YELLOW}{tool_name}{RESET} {DIM}({elapsed:.1f}s){RESET}"
146+
if cmd:
147+
header += f": $ {cmd}"
148+
149+
print(f"::group::{header}", flush=True)
150+
in_group = True
151+
152+
if isinstance(parsed, dict):
153+
for k, v in parsed.items():
154+
if k != "command":
155+
print(f" {DIM}{k}:{RESET} {str(v)[:300]}", flush=True)
156+
157+
tool_name = None
158+
tool_input = ""
159+
160+
elif event_type == "messageStop":
161+
flush_text()
162+
close_group()
163+
if payload.get("stopReason") == "end_turn":
164+
total = time.time() - start_time
165+
print(f"\n\n{GREEN}{'=' * 50}", flush=True)
166+
print(f" Done ({int(total // 60)}m {int(total % 60)}s)", flush=True)
167+
print(f"{'=' * 50}{RESET}", flush=True)
168+
169+
elif event_type == "internalServerException":
170+
close_group()
171+
print(f"\n{RED}ERROR: {payload}{RESET}", file=sys.stderr)
172+
sys.exit(1)
173+
174+
close_group()
175+
total = time.time() - start_time
176+
print(f"\n{GREEN}Review complete.{RESET} {DIM}({iteration} tool calls, {int(total)}s total){RESET}")
177+
178+
179+
# --- Main ---
180+
181+
# All config comes from environment variables (set via GitHub secrets/workflow)
182+
MODEL_ID = os.environ.get("HARNESS_MODEL_ID", "us.anthropic.claude-opus-4-7")
183+
HARNESS_ARN = os.environ.get("HARNESS_ARN", "")
184+
PR_URL = os.environ.get("PR_URL", "")
185+
186+
for name, val in [("HARNESS_ARN", HARNESS_ARN), ("PR_URL", PR_URL)]:
187+
if not val:
188+
print(f"{RED}ERROR: {name} environment variable is required{RESET}", file=sys.stderr)
189+
sys.exit(1)
190+
191+
# Extract region from the ARN (arn:aws:bedrock-agentcore:{region}:{account}:harness/{id})
192+
REGION = HARNESS_ARN.split(":")[3]
193+
SESSION_ID = str(uuid.uuid4()).upper()
194+
195+
print(f"{CYAN}Session:{RESET} {SESSION_ID}")
196+
print(f"{CYAN}PR:{RESET} {PR_URL}")
197+
print(f"{CYAN}Harness:{RESET} {HARNESS_ARN}")
198+
print()
199+
200+
SYSTEM_PROMPT = read_prompt("system.md")
201+
REVIEW_PROMPT = read_prompt("review.md").format(pr_url=PR_URL)
202+
203+
request_body = json.dumps({
204+
"runtimeSessionId": SESSION_ID,
205+
"systemPrompt": [{"text": SYSTEM_PROMPT}],
206+
"messages": [{"role": "user", "content": [{"text": REVIEW_PROMPT}]}],
207+
"model": {"bedrockModelConfig": {"modelId": MODEL_ID}},
208+
})
209+
210+
http_response = invoke_harness(HARNESS_ARN, request_body, REGION)
211+
212+
if http_response.status != 200:
213+
error = http_response.read().decode("utf-8")
214+
print(f"{RED}ERROR: HTTP {http_response.status}: {error}{RESET}", file=sys.stderr)
215+
sys.exit(1)
216+
217+
print_stream(http_response)

.gitignore

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,3 +67,9 @@ ProtocolTesting/
6767

6868
# Auto-cloned CDK constructs (from scripts/bundle.mjs)
6969
.cdk-constructs-clone/
70+
.omc/
71+
72+
# Browser tests
73+
browser-tests/.browser-test-env
74+
browser-tests/test-results/
75+
browser-tests/playwright-report/

.prettierignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,3 @@
11
CHANGELOG.md
22
src/assets/**/*.md
3+
.github/scripts/prompts/

CHANGELOG.md

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,24 @@
22

33
All notable changes to this project will be documented in this file.
44

5+
## [0.11.0] - 2026-04-24
6+
7+
### Added
8+
- feat: add telemetry schemas and client (#941) (7c37fa6)
9+
- feat: add GitHub Action for automated PR review via AgentCore Harness (#934) (a365bf5)
10+
11+
### Fixed
12+
- fix: display session ID after CLI invoke completes (#957) (51e4a8e)
13+
- fix: lower eventExpiryDuration minimum from 7 to 3 days (closes #744) (#956) (8613657)
14+
- fix: use pull_request_target for fork PR support (#958) (933bac8)
15+
- fix: agentcore dev not working in windows (#951) (5271f55)
16+
- fix: add TTY detection before TUI fallbacks to prevent agent/CI hangs (#949) (c30ed54)
17+
- fix: allow code-based evaluators in online eval configs (#947) (3d2d671)
18+
- fix: buffer streaming text to avoid per-token log lines in GitHub Actions (#946) (cb1e81a)
19+
20+
### Other Changes
21+
- test: add browser tests for agent inspector (#938) (7a4104d)
22+
523
## [0.10.0] - 2026-04-23
624

725
### Added

browser-tests/constants.ts

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
import { join } from 'node:path';
2+
3+
export const ENV_FILE = join(__dirname, '.browser-test-env');

browser-tests/fixtures.ts

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
import { ENV_FILE } from './constants';
2+
import { type Page, test as base, expect } from '@playwright/test';
3+
import { readFileSync } from 'node:fs';
4+
5+
interface BrowserTestEnv {
6+
projectPath: string;
7+
port: number;
8+
projectName: string;
9+
}
10+
11+
function readTestEnv(): BrowserTestEnv {
12+
const raw = readFileSync(ENV_FILE, 'utf-8');
13+
const parsed: Record<string, string> = {};
14+
for (const line of raw.split('\n')) {
15+
const match = line.match(/^(\w+)=(.+)$/);
16+
if (match) parsed[match[1]!] = match[2]!;
17+
}
18+
return {
19+
projectPath: parsed.PROJECT_PATH!,
20+
port: Number(parsed.PORT),
21+
projectName: parsed.PROJECT_NAME!,
22+
};
23+
}
24+
25+
export const test = base.extend<{ testEnv: BrowserTestEnv }>({
26+
testEnv: async ({}, use) => {
27+
await use(readTestEnv());
28+
},
29+
});
30+
31+
/**
32+
* Send a chat message and wait for the agent to finish responding.
33+
* Returns the assistant message locator.
34+
*/
35+
export async function sendMessage(page: Page, text: string) {
36+
const chatInput = page.getByTestId('chat-input');
37+
await expect(chatInput).toBeEnabled({ timeout: 60_000 });
38+
39+
const messageList = page.getByTestId('message-list');
40+
const existingCount = await messageList.getByTestId(/^chat-message-/).count();
41+
42+
await chatInput.fill(text);
43+
await page.getByRole('button', { name: 'Send message' }).click();
44+
45+
const assistantMessage = messageList.getByTestId(`chat-message-${existingCount + 1}`);
46+
await expect(assistantMessage).toBeVisible({ timeout: 60_000 });
47+
await expect(assistantMessage).not.toContainText('ECONNREFUSED');
48+
49+
// Wait for streaming to complete so the agent is idle for subsequent tests.
50+
await chatInput.fill('.');
51+
await expect(page.getByRole('button', { name: 'Send message' })).toBeEnabled({ timeout: 30_000 });
52+
53+
return assistantMessage;
54+
}
55+
56+
export { expect };

0 commit comments

Comments
 (0)