Commit 259654b
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
feat: add agentcore exec command with interactive shell and one-shot support (#1464)
* feat: add sync workflow
* fix: formatting
* fix: only sync to main branch
* fix: codeql permissions
* fix(ci): exclude .github/workflows/ from public repo sync (#54)
GITHUB_TOKEN lacks the 'workflows' permission, so pushing workflow
file changes from the public repo causes the sync to fail. Use
--no-commit --no-ff and restore .github/workflows/ from HEAD before
committing, in both the clean merge and conflict paths.
* chore: sync with public/main (2026-04-27) (#143)
* feat: add GitHub Action for automated PR review via AgentCore Harness (#934)
* feat: add GitHub Action for automated PR review via AgentCore Harness
Adds a workflow that reviews PRs using Bedrock AgentCore Harness.
The harness runs an AI agent in an isolated microVM with gh, git,
and pre-cloned repos that fetches PR diffs and posts review comments.
Workflow:
- Triggers on PR open/reopen for agentcore-cli-devs team members
- Supports manual workflow_dispatch for any PR URL
- Adds/removes ai-reviewing label during review
- Authenticates via GitHub OIDC to assume AWS role
Files:
- .github/workflows/pr-ai-review.yml — main workflow
- .github/scripts/python/harness_review.py — harness invocation script
- .github/scripts/python/harness_config.py — config from env vars
- .github/scripts/models/ — local boto3 service model (InvokeHarness
not yet in standard boto3)
Required secrets:
- HARNESS_AWS_ROLE_ARN — IAM role ARN for OIDC
- HARNESS_ACCOUNT_ID — AWS account ID
- HARNESS_ID — Harness ID
* refactor: replace local service model with raw HTTP + SigV4 signing
Eliminates the 220KB bundled service model by using direct HTTP requests
with SigV4 authentication to invoke the harness endpoint. No extra
dependencies needed — urllib3, SigV4Auth, and EventStreamBuffer are all
part of botocore/boto3.
Rejected: invoke_agent_runtime API | server rejects harness ARNs with ResourceNotFoundException
Confidence: high
Scope-risk: moderate
* refactor: inline harness config into review script
Remove separate harness_config.py — env vars are read directly in
harness_review.py. One less file to maintain, config is still
driven entirely by environment variables set in the GitHub workflow.
* refactor: extract invoke_harness helper for cleaner main flow
* refactor: simplify config and improve script readability
- Replace HARNESS_ACCOUNT_ID + HARNESS_ID with single HARNESS_ARN env var
- Extract prompts into separate .md files in .github/scripts/prompts/
- Extract stream parsing into print_stream() function
- Add close_group() helper to deduplicate ::group:: bookkeeping
* refactor: separate event parsing from display logic
Extract parse_events() generator to handle binary stream decoding,
keeping print_stream() focused on formatting and log groups.
* docs: add explanatory comments to harness review functions
* refactor: derive region from HARNESS_ARN instead of separate env var
Eliminates HARNESS_REGION env var — the region is extracted from the
ARN directly, so there's no risk of a mismatch causing confusing
SigV4 auth errors.
* chore: rename label to agentcore-harness-reviewing
* refactor: move auth check to job level so entire review is skipped early
Split into authorize + ai-review jobs. The ai-review job only runs
if the PR author is authorized (team member or write access) or if
triggered via workflow_dispatch. Removes repeated if conditions from
every step.
* chore: exclude AI prompt templates from prettier
Prompt markdown files use intentional formatting that prettier
would reflow, breaking the prompt structure.
* fix: buffer streaming text to avoid per-token log lines in GitHub Actions (#946)
Each text delta from the harness was printed individually with flush,
creating a separate log line per token. Now text is buffered and
flushed as complete lines at block boundaries.
* fix: allow code-based evaluators in online eval configs (#947)
* fix: allow code-based evaluators in online eval configs
Remove restrictions that blocked code-based evaluators from being used
in online evaluation configs. The service now supports code-based
evaluators for online evaluation.
Changes:
- Remove code-based evaluator block in OnlineEvalConfigPrimitive
- Remove code-based evaluator validation in schema superRefine
- Remove code-based evaluator filter in TUI evaluator picker
* style: fix prettier formatting
* fix: add TTY detection before TUI fallbacks to prevent agent/CI hangs (#949)
* fix: add TTY detection before TUI fallbacks to prevent agent/CI hangs
When commands are invoked without flags in non-interactive environments
(CI, piped stdin, agent automation), the CLI falls through to Ink TUI
rendering which hangs indefinitely. Add a requireTTY() guard at every
TUI entry point that checks process.stdout.isTTY and exits with a
helpful error message directing users to --help for non-interactive flags.
Closes #685
* fix: check both stdin and stdout isTTY in requireTTY guard
The hang from #685 is caused by stdin not being a TTY (Ink reads
keyboard input from stdin), not stdout. Check both stdin and stdout
so the guard fires for piped stdin, redirected stdout, and CI
environments where both are non-TTY.
* fix: agentcore dev not working in windows (#951)
* fix: use pull_request_target for fork PR support (#958)
* fix: make label step non-blocking for fork PRs
Fork PRs get read-only GITHUB_TOKEN regardless of workflow permissions,
causing the addLabels API call to fail with 403. This crashed the entire
job before the review could run. continue-on-error lets the review
proceed even when labeling fails.
* fix: use pull_request_target for full write access on fork PRs
pull_request gives a read-only GITHUB_TOKEN for fork PRs, preventing
labels and secrets from working. pull_request_target runs in the base
repo context with full permissions. This is safe because we never
check out or execute fork code — the harness fetches the PR diff via
the GitHub API.
* fix: lower eventExpiryDuration minimum from 7 to 3 days (closes #744) (#956)
The AWS CreateMemory API allows a minimum of 3 days, but the CLI schema
was rejecting values below 7. Update the Zod schema, LLM compacted
types, import clamping logic, and all related tests.
* fix: display session ID after CLI invoke completes (#957)
* fix: display session ID after CLI invoke completes (closes #664)
The streaming and non-streaming invoke responses include a session ID
from the runtime, but the CLI paths discarded it. Now prints the
session ID and a resume command hint after invoke output.
* fix: include sessionId in AGUI protocol invoke result
* test: add browser tests for agent inspector (#938)
* feat: add telemetry schemas and client (#941)
* chore: bump version to 0.11.0 (#967)
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* fix(invoke): auto-generate session ID for bearer-token invocations (#953)
Closes #840
When invoking an agent with a bearer token (OAuth/CUSTOM_JWT) and no
session ID, `AgentCoreMemoryConfig` raised a Pydantic validation error
because `session_id=None` is rejected. Unlike SigV4 callers, bearer-token
callers do not get a server-side auto-generated runtime session ID.
Two-layer fix:
1. CLI synthesizes a UUID in `invoke` action when `--bearer-token` is set
and `--session-id` is missing, using the existing `generateSessionId`
helper. Covers both explicit `--bearer-token` and the CUSTOM_JWT
auto-fetch path.
2. Strands memory session templates (http, agui, a2a) synthesize a UUID
when `session_id` is falsy before constructing AgentCoreMemoryConfig.
Protects direct runtime callers (curl, custom apps) who forget the
`X-Amzn-Bedrock-AgentCore-Runtime-Session-Id` header.
Snapshot tests updated.
* fix: show 'Computing diff changes...' step during deploy diff phase (#952)
The deploy TUI appeared frozen for 5-15 seconds between preflight
completion and 'Publish assets' while cdkToolkitWrapper.diff() ran
silently with no step marked as running.
Add a dedicated pre-deploy diff step that transitions running -> success
around the diff call so StepProgress always has something to highlight.
Closes #781
* test: split browser tests into its own job, fix logs path (#975)
* feat(invoke): add --prompt-file and stdin support for long prompts (#974)
* feat(invoke): add --prompt-file and stdin support for long prompts
Long prompts hit shell argument limits (E2BIG, typically 128KB-2MB)
when passed as positional args. This adds two new sources:
- --prompt-file <path>: read prompt from a file
- piped stdin: when no prompt is given and stdin is not a TTY,
read the prompt from stdin
Precedence is hybrid and backward-compatible:
--prompt > positional > --prompt-file > stdin
--prompt-file combined with piped stdin content returns an explicit
collision error rather than silently picking one.
Closes #686
* docs(invoke): document --prompt-file and stdin support
* fix(import): remove experimental warning from import command (#977)
The import feature has stabilized and no longer needs the experimental label.
* fix: duplicate header flash and help menu truncation (closes #895, closes #637) (#955)
- Return null during brief transitional phases to prevent Ink from
rendering a header that gets immediately replaced by a different frame
- Consolidate CreateScreen phases into a single Screen mount
- Make help menu description width responsive to terminal size
- Remove hardcoded 50-char description truncation limit
* test: configure git in browser tests workflow (#976)
* feat: add project-name option to create (#969)
* Add project-name option to create
* fix: address review feedback — restore name description and move backfill logic
* ci: bump the github-actions group across 1 directory with 4 updates (#964)
Bumps the github-actions group with 4 updates in the / directory: [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials), [actions/github-script](https://github.com/actions/github-script), [softprops/action-gh-release](https://github.com/softprops/action-gh-release) and [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action).
Updates `aws-actions/configure-aws-credentials` from 5 to 6
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws-actions/configure-aws-credentials/compare/v5...v6)
Updates `actions/github-script` from 8 to 9
- [Commits](https://github.com/actions/github-script/compare/v8...v9)
Updates `softprops/action-gh-release` from 2 to 3
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/action-gh-release/compare/v2...v3)
Updates `slackapi/slack-github-action` from 3.0.1 to 3.0.2
- [Release notes](https://github.com/slackapi/slack-github-action/releases)
- [Changelog](https://github.com/slackapi/slack-github-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/slackapi/slack-github-action/compare/v3.0.1...v3.0.2)
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-version: '9'
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
- dependency-name: aws-actions/configure-aws-credentials
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
- dependency-name: slackapi/slack-github-action
dependency-version: 3.0.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: softprops/action-gh-release
dependency-version: '3'
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump aws-cdk-lib (#962)
Bumps the aws-cdk group with 1 update in the / directory: [aws-cdk-lib](https://github.com/aws/aws-cdk/tree/HEAD/packages/aws-cdk-lib).
Updates `aws-cdk-lib` from 2.248.0 to 2.250.0
- [Release notes](https://github.com/aws/aws-cdk/releases)
- [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.alpha.md)
- [Commits](https://github.com/aws/aws-cdk/commits/v2.250.0/packages/aws-cdk-lib)
---
updated-dependencies:
- dependency-name: aws-cdk-lib
dependency-version: 2.250.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: aws-cdk
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump postcss from 8.5.8 to 8.5.10 (#961)
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.8 to 8.5.10.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss/compare/8.5.8...8.5.10)
---
updated-dependencies:
- dependency-name: postcss
dependency-version: 8.5.10
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump secretlint from 11.4.1 to 12.2.0 (#916)
Bumps [secretlint](https://github.com/secretlint/secretlint) from 11.4.1 to 12.2.0.
- [Release notes](https://github.com/secretlint/secretlint/releases)
- [Commits](https://github.com/secretlint/secretlint/compare/v11.4.1...v12.2.0)
---
updated-dependencies:
- dependency-name: secretlint
dependency-version: 12.2.0
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @vitest/coverage-v8 from 4.1.2 to 4.1.5 (#915)
Bumps [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) from 4.1.2 to 4.1.5.
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/coverage-v8)
---
updated-dependencies:
- dependency-name: "@vitest/coverage-v8"
dependency-version: 4.1.5
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @secretlint/secretlint-rule-preset-recommend (#914)
Bumps [@secretlint/secretlint-rule-preset-recommend](https://github.com/secretlint/secretlint) from 11.4.1 to 12.2.0.
- [Release notes](https://github.com/secretlint/secretlint/releases)
- [Commits](https://github.com/secretlint/secretlint/compare/v11.4.1...v12.2.0)
---
updated-dependencies:
- dependency-name: "@secretlint/secretlint-rule-preset-recommend"
dependency-version: 12.2.0
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump the aws-sdk group across 1 directory with 14 updates (#912)
Bumps the aws-sdk group with 14 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [@aws-sdk/client-application-signals](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-application-signals) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/client-bedrock](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-bedrock) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/client-bedrock-agent](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-bedrock-agent) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/client-bedrock-agentcore](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-bedrock-agentcore) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/client-bedrock-agentcore-control](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-bedrock-agentcore-control) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/client-bedrock-runtime](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-bedrock-runtime) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/client-cloudformation](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-cloudformation) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/client-cloudwatch-logs](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-cloudwatch-logs) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/client-resource-groups-tagging-api](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-resource-groups-tagging-api) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/client-s3](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/client-sts](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-sts) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/client-xray](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-xray) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/credential-providers](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/packages/credential-providers) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/client-cognito-identity-provider](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-cognito-identity-provider) | `3.1036.0` | `3.1037.0` |
Updates `@aws-sdk/client-application-signals` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-application-signals/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-application-signals)
Updates `@aws-sdk/client-bedrock` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-bedrock/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-bedrock)
Updates `@aws-sdk/client-bedrock-agent` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-bedrock-agent/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-bedrock-agent)
Updates `@aws-sdk/client-bedrock-agentcore` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-bedrock-agentcore/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-bedrock-agentcore)
Updates `@aws-sdk/client-bedrock-agentcore-control` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-bedrock-agentcore-control/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-bedrock-agentcore-control)
Updates `@aws-sdk/client-bedrock-runtime` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-bedrock-runtime/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-bedrock-runtime)
Updates `@aws-sdk/client-cloudformation` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-cloudformation/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-cloudformation)
Updates `@aws-sdk/client-cloudwatch-logs` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-cloudwatch-logs/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-cloudwatch-logs)
Updates `@aws-sdk/client-resource-groups-tagging-api` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-resource-groups-tagging-api/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-resource-groups-tagging-api)
Updates `@aws-sdk/client-s3` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-s3)
Updates `@aws-sdk/client-sts` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-sts/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-sts)
Updates `@aws-sdk/client-xray` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-xray/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-xray)
Updates `@aws-sdk/credential-providers` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/packages/credential-providers/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/packages/credential-providers)
Updates `@aws-sdk/client-cognito-identity-provider` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-cognito-identity-provider/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-cognito-identity-provider)
---
updated-dependencies:
- dependency-name: "@aws-sdk/client-application-signals"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/client-bedrock"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/client-bedrock-agent"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/client-bedrock-agentcore"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/client-bedrock-agentcore-control"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/client-bedrock-runtime"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/client-cloudformation"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/client-cloudwatch-logs"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/client-cognito-identity-provider"
dependency-version: 3.1034.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/client-resource-groups-tagging-api"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/client-s3"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/client-sts"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/client-xray"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/credential-providers"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump hono from 4.12.12 to 4.12.14 (#868)
Bumps [hono](https://github.com/honojs/hono) from 4.12.12 to 4.12.14.
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.12.12...v4.12.14)
---
updated-dependencies:
- dependency-name: hono
dependency-version: 4.12.14
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump esbuild from 0.27.4 to 0.28.0 (#862)
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.4 to 0.28.0.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.27.4...v0.28.0)
---
updated-dependencies:
- dependency-name: esbuild
dependency-version: 0.28.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* test: speed up CI and fix mock cleanup gaps (#989)
* test: speed up CI and fix mock cleanup gaps
- Node 20 only on PRs (full matrix on main)
- 3-way vitest sharding for unit tests with blob report merging
- Pre-bundle heavy deps (AWS SDK, Smithy, zod, commander) via deps.optimizer
- Exclude tui-harness from unit test project (not production code)
- Add afterEach(vi.restoreAllMocks) to 3 files with mock cleanup gaps
- Move inline consoleSpy.mockRestore() to afterEach in logs-eval tests
- Skip PTY tests when node-pty spawn is unavailable
* style: fix prettier formatting in build-and-test.yml
* fix: enable include-hidden-files for blob artifact upload
upload-artifact@v7 defaults include-hidden-files to false, which
skips the .vitest-reports directory. Also fail loudly if no files found.
* feat: runtime endpoint support in AgentCore CLI (#979)
* feat: add runtime endpoint support to AgentCore CLI
- Schema: endpoints field on AgentEnvSpec, runtimeVersion in deployed state
- Primitive: RuntimeEndpointPrimitive with add/remove/preview
- TUI: Add and Remove flows with multi-field form
- Status: endpoints nested under agents with deployment badges
- Deploy: parseRuntimeEndpointOutputs + buildDeployedState pipeline
* fix: correct output key prefix for runtime endpoint parsing
The CFN output keys include the AgentEnvironment construct prefix
(Agent{PascalName}) which was missing from the parser pattern.
* fix: remove .omc state files and unused useCallback import
- Remove .omc/ from git tracking, add to .gitignore
- Remove unused useCallback import in AddRuntimeEndpointScreen.tsx
* fix: shorten runtime endpoint description to prevent TUI overflow
The description "Named endpoint (version alias) for a runtime" was too
long and wrapped to the next line in the Add Resource menu. Shortened
to "Named endpoint for a runtime".
* fix: validate runtime endpoint version is a positive integer
- Add explicit Number.isInteger check before schema validation
- Change Commander parser from parseInt to Number so floats like
3.5 are caught instead of silently truncated
* fix: use agent/endpoint composite key to prevent React key collision
Endpoint names can collide across runtimes (e.g., both have "prod").
Changed React key from epName to agent.name/epName to prevent
duplicate key warnings that pollute the TUI viewport.
* fix: render runtime endpoints in status --type runtime-endpoint
When filtering by --type runtime-endpoint, agents array is empty so
the agents section (which nests endpoints) never renders. Added a
standalone Runtime Endpoints section that shows when endpoints exist
but agents don't (i.e., when type-filtering).
* fix: add runtime-endpoint to status --help --type documentation
The --type option help text was missing runtime-endpoint from the
list of valid resource types.
* fix: return richer JSON response from add runtime-endpoint
add now returns { success, endpointName, agent, version } instead of
sparse { success: true }, matching the richer response shape from
remove runtime-endpoint.
* fix: validate endpoint version against deployed runtime version
- TUI: show "Current deployed version: N" and valid range (1-N)
- TUI: reject version exceeding latest deployed version
- CLI: check deployed-state.json for max version, reject if exceeded
- If runtime not deployed, only positive integer check applies
* chore: remove planning and bug bash docs from PR
* fix: use composite key and parentName for endpoint identification
- Add parentName field to ResourceStatusEntry for structured parent linking
- Use runtimeName/endpointName composite key in remove/preview/getRemovable
- Status command filters endpoints by parentName instead of parsing detail string
- React keys use structured parentName/name instead of display strings
* test: add comprehensive unit tests for RuntimeEndpointPrimitive
23 tests covering add(), remove(), previewRemove(), getRemovable():
- Runtime lookup, duplicate detection, version validation
- Composite key removal targeting correct runtime
- Empty endpoints dict cleanup
- Version validation against deployed state
- Richer JSON response shape
* fix: remove dead findGatewayTargetReferences stub
* fix: use BasePrimitive configIO instead of ad-hoc ConfigIO in add()
* fix: use Number() instead of parseInt in TUI version validation
* chore: fix prettier formatting
* fix: use T[] instead of Array<T> to satisfy eslint array-type rule
* fix(ci): revert schema file to avoid schema-check guard
The schemas/ directory is auto-regenerated during the release workflow.
Direct modifications are blocked by CI.
* Revert "fix(ci): revert schema file to avoid schema-check guard"
This reverts commit 3615e37a0aaa71cd4d2c5c7b19e3ddb41eb2e07c.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Jesse Turner <57651174+jesseturner21@users.noreply.github.com>
Co-authored-by: Avi Alpert <131792194+avi-alpert@users.noreply.github.com>
Co-authored-by: Gitika <53349492+notgitika@users.noreply.github.com>
Co-authored-by: Hweinstock <42325418+Hweinstock@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Aidan Daly <99039782+aidandaly24@users.noreply.github.com>
Co-authored-by: Tejas Kashinath <42380254+tejaskash@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore: add sync-preview job to sync public/preview into preview (#149)
* fix: use --track origin/preview to avoid ambiguous checkout (#152)
* 🔀 [Sync Conflict] Merge public/main → main (#165)
* feat: add GitHub Action for automated PR review via AgentCore Harness (#934)
* feat: add GitHub Action for automated PR review via AgentCore Harness
Adds a workflow that reviews PRs using Bedrock AgentCore Harness.
The harness runs an AI agent in an isolated microVM with gh, git,
and pre-cloned repos that fetches PR diffs and posts review comments.
Workflow:
- Triggers on PR open/reopen for agentcore-cli-devs team members
- Supports manual workflow_dispatch for any PR URL
- Adds/removes ai-reviewing label during review
- Authenticates via GitHub OIDC to assume AWS role
Files:
- .github/workflows/pr-ai-review.yml — main workflow
- .github/scripts/python/harness_review.py — harness invocation script
- .github/scripts/python/harness_config.py — config from env vars
- .github/scripts/models/ — local boto3 service model (InvokeHarness
not yet in standard boto3)
Required secrets:
- HARNESS_AWS_ROLE_ARN — IAM role ARN for OIDC
- HARNESS_ACCOUNT_ID — AWS account ID
- HARNESS_ID — Harness ID
* refactor: replace local service model with raw HTTP + SigV4 signing
Eliminates the 220KB bundled service model by using direct HTTP requests
with SigV4 authentication to invoke the harness endpoint. No extra
dependencies needed — urllib3, SigV4Auth, and EventStreamBuffer are all
part of botocore/boto3.
Rejected: invoke_agent_runtime API | server rejects harness ARNs with ResourceNotFoundException
Confidence: high
Scope-risk: moderate
* refactor: inline harness config into review script
Remove separate harness_config.py — env vars are read directly in
harness_review.py. One less file to maintain, config is still
driven entirely by environment variables set in the GitHub workflow.
* refactor: extract invoke_harness helper for cleaner main flow
* refactor: simplify config and improve script readability
- Replace HARNESS_ACCOUNT_ID + HARNESS_ID with single HARNESS_ARN env var
- Extract prompts into separate .md files in .github/scripts/prompts/
- Extract stream parsing into print_stream() function
- Add close_group() helper to deduplicate ::group:: bookkeeping
* refactor: separate event parsing from display logic
Extract parse_events() generator to handle binary stream decoding,
keeping print_stream() focused on formatting and log groups.
* docs: add explanatory comments to harness review functions
* refactor: derive region from HARNESS_ARN instead of separate env var
Eliminates HARNESS_REGION env var — the region is extracted from the
ARN directly, so there's no risk of a mismatch causing confusing
SigV4 auth errors.
* chore: rename label to agentcore-harness-reviewing
* refactor: move auth check to job level so entire review is skipped early
Split into authorize + ai-review jobs. The ai-review job only runs
if the PR author is authorized (team member or write access) or if
triggered via workflow_dispatch. Removes repeated if conditions from
every step.
* chore: exclude AI prompt templates from prettier
Prompt markdown files use intentional formatting that prettier
would reflow, breaking the prompt structure.
* fix: buffer streaming text to avoid per-token log lines in GitHub Actions (#946)
Each text delta from the harness was printed individually with flush,
creating a separate log line per token. Now text is buffered and
flushed as complete lines at block boundaries.
* fix: allow code-based evaluators in online eval configs (#947)
* fix: allow code-based evaluators in online eval configs
Remove restrictions that blocked code-based evaluators from being used
in online evaluation configs. The service now supports code-based
evaluators for online evaluation.
Changes:
- Remove code-based evaluator block in OnlineEvalConfigPrimitive
- Remove code-based evaluator validation in schema superRefine
- Remove code-based evaluator filter in TUI evaluator picker
* style: fix prettier formatting
* fix: add TTY detection before TUI fallbacks to prevent agent/CI hangs (#949)
* fix: add TTY detection before TUI fallbacks to prevent agent/CI hangs
When commands are invoked without flags in non-interactive environments
(CI, piped stdin, agent automation), the CLI falls through to Ink TUI
rendering which hangs indefinitely. Add a requireTTY() guard at every
TUI entry point that checks process.stdout.isTTY and exits with a
helpful error message directing users to --help for non-interactive flags.
Closes #685
* fix: check both stdin and stdout isTTY in requireTTY guard
The hang from #685 is caused by stdin not being a TTY (Ink reads
keyboard input from stdin), not stdout. Check both stdin and stdout
so the guard fires for piped stdin, redirected stdout, and CI
environments where both are non-TTY.
* fix: agentcore dev not working in windows (#951)
* fix: use pull_request_target for fork PR support (#958)
* fix: make label step non-blocking for fork PRs
Fork PRs get read-only GITHUB_TOKEN regardless of workflow permissions,
causing the addLabels API call to fail with 403. This crashed the entire
job before the review could run. continue-on-error lets the review
proceed even when labeling fails.
* fix: use pull_request_target for full write access on fork PRs
pull_request gives a read-only GITHUB_TOKEN for fork PRs, preventing
labels and secrets from working. pull_request_target runs in the base
repo context with full permissions. This is safe because we never
check out or execute fork code — the harness fetches the PR diff via
the GitHub API.
* fix: lower eventExpiryDuration minimum from 7 to 3 days (closes #744) (#956)
The AWS CreateMemory API allows a minimum of 3 days, but the CLI schema
was rejecting values below 7. Update the Zod schema, LLM compacted
types, import clamping logic, and all related tests.
* fix: display session ID after CLI invoke completes (#957)
* fix: display session ID after CLI invoke completes (closes #664)
The streaming and non-streaming invoke responses include a session ID
from the runtime, but the CLI paths discarded it. Now prints the
session ID and a resume command hint after invoke output.
* fix: include sessionId in AGUI protocol invoke result
* test: add browser tests for agent inspector (#938)
* feat: add telemetry schemas and client (#941)
* chore: bump version to 0.11.0 (#967)
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* fix(invoke): auto-generate session ID for bearer-token invocations (#953)
Closes #840
When invoking an agent with a bearer token (OAuth/CUSTOM_JWT) and no
session ID, `AgentCoreMemoryConfig` raised a Pydantic validation error
because `session_id=None` is rejected. Unlike SigV4 callers, bearer-token
callers do not get a server-side auto-generated runtime session ID.
Two-layer fix:
1. CLI synthesizes a UUID in `invoke` action when `--bearer-token` is set
and `--session-id` is missing, using the existing `generateSessionId`
helper. Covers both explicit `--bearer-token` and the CUSTOM_JWT
auto-fetch path.
2. Strands memory session templates (http, agui, a2a) synthesize a UUID
when `session_id` is falsy before constructing AgentCoreMemoryConfig.
Protects direct runtime callers (curl, custom apps) who forget the
`X-Amzn-Bedrock-AgentCore-Runtime-Session-Id` header.
Snapshot tests updated.
* fix: show 'Computing diff changes...' step during deploy diff phase (#952)
The deploy TUI appeared frozen for 5-15 seconds between preflight
completion and 'Publish assets' while cdkToolkitWrapper.diff() ran
silently with no step marked as running.
Add a dedicated pre-deploy diff step that transitions running -> success
around the diff call so StepProgress always has something to highlight.
Closes #781
* test: split browser tests into its own job, fix logs path (#975)
* feat(invoke): add --prompt-file and stdin support for long prompts (#974)
* feat(invoke): add --prompt-file and stdin support for long prompts
Long prompts hit shell argument limits (E2BIG, typically 128KB-2MB)
when passed as positional args. This adds two new sources:
- --prompt-file <path>: read prompt from a file
- piped stdin: when no prompt is given and stdin is not a TTY,
read the prompt from stdin
Precedence is hybrid and backward-compatible:
--prompt > positional > --prompt-file > stdin
--prompt-file combined with piped stdin content returns an explicit
collision error rather than silently picking one.
Closes #686
* docs(invoke): document --prompt-file and stdin support
* fix(import): remove experimental warning from import command (#977)
The import feature has stabilized and no longer needs the experimental label.
* fix: duplicate header flash and help menu truncation (closes #895, closes #637) (#955)
- Return null during brief transitional phases to prevent Ink from
rendering a header that gets immediately replaced by a different frame
- Consolidate CreateScreen phases into a single Screen mount
- Make help menu description width responsive to terminal size
- Remove hardcoded 50-char description truncation limit
* test: configure git in browser tests workflow (#976)
* feat: add project-name option to create (#969)
* Add project-name option to create
* fix: address review feedback — restore name description and move backfill logic
* ci: bump the github-actions group across 1 directory with 4 updates (#964)
Bumps the github-actions group with 4 updates in the / directory: [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials), [actions/github-script](https://github.com/actions/github-script), [softprops/action-gh-release](https://github.com/softprops/action-gh-release) and [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action).
Updates `aws-actions/configure-aws-credentials` from 5 to 6
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws-actions/configure-aws-credentials/compare/v5...v6)
Updates `actions/github-script` from 8 to 9
- [Commits](https://github.com/actions/github-script/compare/v8...v9)
Updates `softprops/action-gh-release` from 2 to 3
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/action-gh-release/compare/v2...v3)
Updates `slackapi/slack-github-action` from 3.0.1 to 3.0.2
- [Release notes](https://github.com/slackapi/slack-github-action/releases)
- [Changelog](https://github.com/slackapi/slack-github-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/slackapi/slack-github-action/compare/v3.0.1...v3.0.2)
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-version: '9'
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
- dependency-name: aws-actions/configure-aws-credentials
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
- dependency-name: slackapi/slack-github-action
dependency-version: 3.0.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: softprops/action-gh-release
dependency-version: '3'
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump aws-cdk-lib (#962)
Bumps the aws-cdk group with 1 update in the / directory: [aws-cdk-lib](https://github.com/aws/aws-cdk/tree/HEAD/packages/aws-cdk-lib).
Updates `aws-cdk-lib` from 2.248.0 to 2.250.0
- [Release notes](https://github.com/aws/aws-cdk/releases)
- [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.alpha.md)
- [Commits](https://github.com/aws/aws-cdk/commits/v2.250.0/packages/aws-cdk-lib)
---
updated-dependencies:
- dependency-name: aws-cdk-lib
dependency-version: 2.250.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: aws-cdk
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump postcss from 8.5.8 to 8.5.10 (#961)
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.8 to 8.5.10.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss/compare/8.5.8...8.5.10)
---
updated-dependencies:
- dependency-name: postcss
dependency-version: 8.5.10
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump secretlint from 11.4.1 to 12.2.0 (#916)
Bumps [secretlint](https://github.com/secretlint/secretlint) from 11.4.1 to 12.2.0.
- [Release notes](https://github.com/secretlint/secretlint/releases)
- [Commits](https://github.com/secretlint/secretlint/compare/v11.4.1...v12.2.0)
---
updated-dependencies:
- dependency-name: secretlint
dependency-version: 12.2.0
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @vitest/coverage-v8 from 4.1.2 to 4.1.5 (#915)
Bumps [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) from 4.1.2 to 4.1.5.
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/coverage-v8)
---
updated-dependencies:
- dependency-name: "@vitest/coverage-v8"
dependency-version: 4.1.5
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @secretlint/secretlint-rule-preset-recommend (#914)
Bumps [@secretlint/secretlint-rule-preset-recommend](https://github.com/secretlint/secretlint) from 11.4.1 to 12.2.0.
- [Release notes](https://github.com/secretlint/secretlint/releases)
- [Commits](https://github.com/secretlint/secretlint/compare/v11.4.1...v12.2.0)
---
updated-dependencies:
- dependency-name: "@secretlint/secretlint-rule-preset-recommend"
dependency-version: 12.2.0
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump the aws-sdk group across 1 directory with 14 updates (#912)
Bumps the aws-sdk group with 14 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [@aws-sdk/client-application-signals](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-application-signals) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/client-bedrock](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-bedrock) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/client-bedrock-agent](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-bedrock-agent) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/client-bedrock-agentcore](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-bedrock-agentcore) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/client-bedrock-agentcore-control](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-bedrock-agentcore-control) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/client-bedrock-runtime](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-bedrock-runtime) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/client-cloudformation](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-cloudformation) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/client-cloudwatch-logs](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-cloudwatch-logs) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/client-resource-groups-tagging-api](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-resource-groups-tagging-api) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/client-s3](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/client-sts](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-sts) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/client-xray](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-xray) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/credential-providers](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/packages/credential-providers) | `3.1036.0` | `3.1037.0` |
| [@aws-sdk/client-cognito-identity-provider](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-cognito-identity-provider) | `3.1036.0` | `3.1037.0` |
Updates `@aws-sdk/client-application-signals` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-application-signals/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-application-signals)
Updates `@aws-sdk/client-bedrock` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-bedrock/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-bedrock)
Updates `@aws-sdk/client-bedrock-agent` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-bedrock-agent/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-bedrock-agent)
Updates `@aws-sdk/client-bedrock-agentcore` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-bedrock-agentcore/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-bedrock-agentcore)
Updates `@aws-sdk/client-bedrock-agentcore-control` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-bedrock-agentcore-control/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-bedrock-agentcore-control)
Updates `@aws-sdk/client-bedrock-runtime` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-bedrock-runtime/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-bedrock-runtime)
Updates `@aws-sdk/client-cloudformation` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-cloudformation/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-cloudformation)
Updates `@aws-sdk/client-cloudwatch-logs` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-cloudwatch-logs/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-cloudwatch-logs)
Updates `@aws-sdk/client-resource-groups-tagging-api` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-resource-groups-tagging-api/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-resource-groups-tagging-api)
Updates `@aws-sdk/client-s3` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-s3)
Updates `@aws-sdk/client-sts` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-sts/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-sts)
Updates `@aws-sdk/client-xray` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-xray/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-xray)
Updates `@aws-sdk/credential-providers` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/packages/credential-providers/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/packages/credential-providers)
Updates `@aws-sdk/client-cognito-identity-provider` from 3.1036.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-cognito-identity-provider/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-cognito-identity-provider)
---
updated-dependencies:
- dependency-name: "@aws-sdk/client-application-signals"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/client-bedrock"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/client-bedrock-agent"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/client-bedrock-agentcore"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/client-bedrock-agentcore-control"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/client-bedrock-runtime"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/client-cloudformation"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/client-cloudwatch-logs"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/client-cognito-identity-provider"
dependency-version: 3.1034.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/client-resource-groups-tagging-api"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/client-s3"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/client-sts"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/client-xray"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
- dependency-name: "@aws-sdk/credential-providers"
dependency-version: 3.1034.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws-sdk
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump hono from 4.12.12 to 4.12.14 (#868)
Bumps [hono](https://github.com/honojs/hono) from 4.12.12 to 4.12.14.
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.12.12...v4.12.14)
---
updated-dependencies:
- dependency-name: hono
dependency-version: 4.12.14
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump esbuild from 0.27.4 to 0.28.0 (#862)
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.4 to 0.28.0.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.27.4...v0.28.0)
---
updated-dependencies:
- dependency-name: esbuild
dependency-version: 0.28.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* test: speed up CI and fix mock cleanup gaps (#989)
* test: speed up CI and fix mock cleanup gaps
- Node 20 only on PRs (full matrix on main)
- 3-way vitest sharding for unit tests with blob report merging
- Pre-bundle heavy deps (AWS SDK, Smithy, zod, commander) via deps.optimizer
- Exclude tui-harness from unit test project (not production code)
- Add afterEach(vi.restoreAllMocks) to 3 files with mock cleanup gaps
- Move inline consoleSpy.mockRestore() to afterEach in logs-eval tests
- Skip PTY tests when node-pty spawn is unavailable
* style: fix prettier formatting in build-and-test.yml
* fix: enable include-hidden-files for blob artifact upload
upload-artifact@v7 defaults include-hidden-files to false, which
skips the .vitest-reports directory. Also fail loudly if no files found.
* feat: runtime endpoint support in AgentCore CLI (#979)
* feat: add runtime endpoint support to AgentCore CLI
- Schema: endpoints field on AgentEnvSpec, runtimeVersion in deployed state
- Primitive: RuntimeEndpointPrimitive with add/remove/preview
- TUI: Add and Remove flows with multi-field form
- Status: endpoints nested under agents with deployment badges
- Deploy: parseRuntimeEndpointOutputs + buildDeployedState pipeline
* fix: correct output key prefix for runtime endpoint parsing
The CFN output keys include the AgentEnvironment construct prefix
(Agent{PascalName}) which was missing from the parser pattern.
* fix: remove .omc state files and unused useCallback import
- Remove .omc/ from git tracking, add to .gitignore
- Remove unused useCallback import in AddRuntimeEndpointScreen.tsx
* fix: shorten runtime endpoint description to prevent TUI overflow
The description "Named endpoint (version alias) for a runtime" was too
long and wrapped to the next line in the Add Resource menu. Shortened
to "Named endpoint for a runtime".
* fix: validate runtime endpoint version is a positive integer
- Add explicit Number.isInteger check before schema validation
- Change Commander parser from parseInt to Number so floats like
3.5 are caught instead of silently truncated
* fix: use agent/endpoint composite key to prevent React key collision
Endpoint names can collide across runtimes (e.g., both have "prod").
Changed React key from epName to agent.name/epName to prevent
duplicate key warnings that pollute the TUI viewport.
* fix: render runtime endpoints in status --type runtime-endpoint
When filtering by --type runtime-endpoint, agents array is empty so
the agents section (which nests endpoints) never renders. Added a
standalone Runtime Endpoints section that shows when endpoints exist
but agents don't (i.e., when type-filtering).
* fix: add runtime-endpoint to status --help --type documentation
The --type option help text was missing runtime-endpoint from the
list of valid resource types.
* fix: return richer JSON response from add runtime-endpoint
add now returns { success, endpointName, agent, version } instead of
sparse { success: true }, matching the richer response shape from
remove runtime-endpoint.
* fix: validate endpoint version against deployed runtime version
- TUI: show "Current deployed version: N" and valid range (1-N)
- TUI: reject version exceeding latest deployed version
- CLI: check deployed-state.json for max version, reject if exceeded
- If runtime not deployed, only positive integer check applies
* chore: remove planning and bug bash docs from PR
* fix: use composite key and parentName for endpoint identification
- Add parentName field to ResourceStatusEntry for structured parent linking
- Use runtimeName/endpointName composite key in remove/preview/getRemovable
- Status command filters endpoints by parentName instead of parsing detail string
- React keys use structured parentName/name instead of display strings
* test: add comprehensive unit tests for RuntimeEndpointPrimitive
23 tests covering add(), remove(), previewRemove(), getRemovable():
- Runtime lookup, duplicate detection, version validation
- Composite key removal targeting correct runtime
- Empty endpoints dict cleanup
- Version validation against deployed state
- Richer JSON response shape
* fix: remove dead findGatewayTargetReferences stub
* fix: use BasePrimitive configIO instead of ad-hoc ConfigIO in add()
* fix: use Number() instead of parseInt in TUI version validation
* chore: fix prettier formatting
* fix: use T[] instead of Array<T> to satisfy eslint array-type rule
* feat: add gateway import command with executionRoleArn support (#855)
* feat: add gateway import command and unhide import from TUI
Add `agentcore import gateway --arn <arn>` to import existing AWS gateways
(with all targets) into a local CLI project. Also remove import from the
HIDDEN_FROM_TUI list so it appears in the interactive TUI.
- Add AWS SDK wrappers for gateway/target list/get APIs
- Add import-gateway.ts with multi-resource CFN import support
- Add resourceName schema field to preserve actual AWS gateway name during import
- Register gateway in TUI ImportSelectScreen and ImportProgressScreen
- Extend ARN pattern, deployed state, and CFN constants for gateway type
* fix: expand ARN input to show full resource ARN and add gateway support
The ARN text input was truncating long ARNs. Use the expandable prop to
wrap text across multiple lines. Also add gateway to the ARN validation
pattern and resource type labels.
* refactor: remove --name and --yes flags from import gateway command
Remove --name (confusing local rename) and --yes (no prompts to confirm)
from the gateway import command. The gateway's AWS name is used directly.
* feat: add e2e tests for import gateway command
Add end-to-end tests that create a real AWS gateway with an MCP server
target, import it via `agentcore import gateway --arn`, and verify the
resulting agentcore.json fields and deployed-state.json entries.
New files:
- e2e-tests/fixtures/import/setup_gateway.py: creates gateway + target
- e2e-tests/fixtures/import/common.py: gateway wait helpers
- e2e-tests/fixtures/import/cleanup_resources.py: gateway cleanup
Constraint: Tests follow the existing import-resources.test.ts pattern
Confidence: high
Scope-risk: narrow
* chore: gitignore bugbash-resources.json and .omc/
* feat: preserve gateway executionRoleArn during import
Extract roleArn from the AWS GetGateway response and map it to
executionRoleArn in agentcore.json. On deploy, CDK uses
iam.Role.fromRoleArn() instead of creating a new role, keeping the
original permissions intact.
Constraint: imported roles use mutable: false so CDK cannot modify them
Rejected: always create new role | breaks permissions on re-import
Confidence: high
Scope-risk: narrow
* refactor: export internal gateway import functions for unit testing
Add @internal exports for toGatewayTargetSpec, resolveOutboundAuth,
toGatewaySpec, and buildCredentialArnMap to enable direct unit testing
of the pure mapping functions in import-gateway.ts.
Confidence: high
Scope-risk: narrow
* test: add unit tests for mcpServer target mapping and credential resolution
Bugbash coverage for toGatewayTargetSpec and resolveOutboundAuth:
- mcpServer with no auth, OAuth, and API_KEY credentials
- Credential resolution warnings when ARNs not in project
- Targets with no MCP configuration
- OAuth scopes pass-through and empty scopes omission
8 tests, all passing.
Confidence: high
Scope-risk: narrow
* test: add unit tests for apiGateway, openApiSchema, smithyModel, lambda target mapping
Bugbash coverage for toGatewayTargetSpec non-mcpServer target types:
- apiGateway: restApiId, stage, toolFilters, toolOverrides mapping
- openApiSchema: S3 URI mapping, missing URI warning
- smithyModel: S3 URI mapping, missing URI warning
- lambda: S3 tool schema …1 parent c42c5b4 commit 259654b
39 files changed
Lines changed: 4295 additions & 75 deletions
File tree
- src
- cli
- aws
- __tests__
- commands
- exec
- __tests__
- invoke
- __tests__
- telemetry/schemas
- tui
- screens
- exec
- __tests__
- invoke
- lib/errors
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
80 | 80 | | |
81 | 81 | | |
82 | 82 | | |
83 | | - | |
| 83 | + | |
84 | 84 | | |
85 | 85 | | |
86 | 86 | | |
| |||
110 | 110 | | |
111 | 111 | | |
112 | 112 | | |
| 113 | + | |
113 | 114 | | |
114 | 115 | | |
115 | 116 | | |
| |||
127 | 128 | | |
128 | 129 | | |
129 | 130 | | |
| 131 | + | |
130 | 132 | | |
131 | 133 | | |
132 | 134 | | |
| |||
0 commit comments