feat: add policy engine and policy support (#579)

* feat: add policy engine and policy support with full deploy pipeline

Add Cedar authorization policy support to AgentCore CLI:

- Schema: PolicyEngine and Policy schemas with Zod validation
- TUI: Full add/remove wizards for policy engines and policies
  - Source methods: Cedar file, inline statement, or AI generation
  - Gateway selection for generation flow
  - Expandable text input for generation prompts
- CLI: Non-interactive add/remove commands with all flags
  - agentcore add policy-engine --name <name>
  - agentcore add policy --name <name> --engine <engine> --source/--statement/--generate
  - agentcore remove policy-engine/policy --name <name>
- Deploy: CDK construct integration, CloudFormation output parsing,
  deployed state tracking with composite engine/policy keys
- Status: Policy engines and policies shown in status command and
  ResourceGraph TUI with correct deployment state diffing
- Generation: StartPolicyGeneration + waiter integration with
  deployed engine ID and gateway ARN resolution
- Validation: Schema validation for names, statements, validation modes

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: use composite key for policy removal to handle cross-engine name collisions

Policies are nested under engines, so the same policy name can exist in
multiple engines. Switch getRemovable/remove/previewRemove to use an
"engineName/policyName" composite key so the generic TUI remove flow can
uniquely identify policies with a single string.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: sync package-lock.json for npm@10 compatibility

Regenerate lock file with npm@10 to resolve missing yaml@2.8.2
dependency entry that caused `npm ci` failures on Node 20.x and 22.x.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: resolve lint and formatting issues for CI

- Merge duplicate imports in policy-generation.ts
- Use dot notation instead of bracket notation in outputs test
- Replace Array<T> with T[] in outputs.ts and useDeployFlow.ts
- Add void operator for floating promises in AddPolicyFlow
- Wrap async handlers with void for no-misused-promises
- Escape quotes in JSX text in AddPolicyScreen
- Fix prettier formatting across all changed files

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: make --statement, --source, --generate mutually exclusive in add policy

Previously, passing multiple source flags (e.g. --statement + --source) was
silently accepted with an implicit precedence order. Now the command returns
a clear error if more than one is provided.

Also fix pre-existing type errors in dev config tests by adding the required
policyEngines field to test fixtures.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: add policy engine and policy support to TUI remove flow

Add interactive TUI support for removing policy engines and policies,
including menu entries, selection screens, confirmation, and success states.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: write both CLIENT_ID and CLIENT_SECRET env vars for managed OAuth credentials

The createManagedOAuthCredential method was only writing the client secret
with an incorrect env var name. Now correctly writes both _CLIENT_ID and
_CLIENT_SECRET suffixed env vars, matching the pattern used by CredentialPrimitive.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: add PolicyEngineConfiguration support for gateways

* feat: add policy engine selection to gateway TUI wizard

* fix: shorten disabled policy generate description to prevent truncation

The "Generate a Cedar policy" option's disabled description was too long
("Requires deployed engine — run `deploy` first") and got cut off in
narrow terminals. Shortened to "Deploy engine first".

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: prevent infinite loop when pressing Escape on policy generation error

When the policy generation API returned an error, pressing Escape on the
review step would loop back to the loading step and re-trigger the API
call, creating an infinite loop. The root cause was the double goBack()
pattern (one immediate, one via setTimeout) suffering from stale closures
— both calls saw the same step, so the second never reached the
description step, while the first landed on loading and re-fired the
useEffect.

The fix uses a skipGeneration ref: when navigating back from review, the
ref is set to true and a single goBack() moves to the loading step. The
useEffect detects the ref, resets it, and calls goBack() again (now with
the correct step in scope) to reach the description step — without ever
starting generation.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* chore: remove legacy McpGateway output pattern from gateway parser

The CDK constructs renamed McpGateway to Gateway in PR #65. No deployed
stacks use the old prefix since this is pre-GA.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* test: add integ tests for --statement/--source/--generate mutual exclusivity

Cover all pairwise combinations and the triple-flag case to ensure
the CLI rejects conflicting policy source flags.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: remove unnecessary sourceFile existence check from validate

The sourceFile field is metadata tracking where a policy statement
originated. The statement itself is persisted in agentcore.json, so
the original .cedar file is not needed after add. Failing validation
when the source file is cleaned up is incorrect.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: respect --json flag in policy remove command

The remove action always output JSON regardless of whether --json was
passed. Now matches the add command behavior: plain text by default,
JSON only when --json is specified.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* chore: co-locate hasPolicyEngines with other has* checks in preflight

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: address PR review comments for policy support

- Validate --validation-mode CLI flag with ValidationModeSchema.parse()
  instead of unsafe cast (PolicyPrimitive)
- Add ambiguity check in remove/previewRemove when policy exists in
  multiple engines without --engine specified (PolicyPrimitive)
- Gate JSON output behind --json flag in policy engine remove
  (PolicyEnginePrimitive)
- Add uniqueBy validation on policies array to prevent duplicate names
  (policy schema)
- Narrow validationModeItems type to remove unnecessary cast
  (AddPolicyScreen)
- Disable reviewNav when generation error is shown (AddPolicyScreen)
- Add expandable to inline Cedar statement TextInput (AddPolicyScreen)
- Check waiter result state before proceeding (policy-generation)
- Revert SelectList wrap from truncate back to wrap

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Harrison Weinstock <hkobew@amazon.com>

Author: 3 people

integ-tests/add-remove-policy.test.ts

@@ -374,6 +374,7 @@ test('AgentCoreStack synthesizes with empty spec', () => {
       credentials: [],
       evaluators: [],
       onlineEvalConfigs: [],
+      policyEngines: [],
     },
   });
   const template = Template.fromStack(stack);

package-lock.json

@@ -13,6 +13,7 @@ test('AgentCoreStack synthesizes with empty spec', () => {
       credentials: [],
       evaluators: [],
       onlineEvalConfigs: [],
+      policyEngines: [],
     },
   });
   const template = Template.fromStack(stack);

src/assets/__tests__/__snapshots__/assets.snapshot.test.ts.snap

@@ -15,6 +15,14 @@ export {
 } from './agentcore-control';
 export { streamLogs, searchLogs, type LogEvent, type StreamLogsOptions, type SearchLogsOptions } from './cloudwatch';
 export { enableTransactionSearch, type TransactionSearchEnableResult } from './transaction-search';
+export {
+  startPolicyGeneration,
+  getPolicyGeneration,
+  type StartPolicyGenerationOptions,
+  type StartPolicyGenerationResult,
+  type GetPolicyGenerationOptions,
+  type GetPolicyGenerationResult,
+} from './policy-generation';
 export {
   DEFAULT_RUNTIME_USER_ID,
   invokeA2ARuntime,

src/assets/cdk/test/cdk.test.ts

@@ -0,0 +1,116 @@
+import { getCredentialProvider } from './account';
+import {
+  BedrockAgentCoreControlClient,
+  GetPolicyGenerationCommand,
+  ListPolicyGenerationAssetsCommand,
+  StartPolicyGenerationCommand,
+  waitUntilPolicyGenerationCompleted,
+} from '@aws-sdk/client-bedrock-agentcore-control';
+import { WaiterState } from '@smithy/util-waiter';
+
+export interface StartPolicyGenerationOptions {
+  policyEngineId: string;
+  description: string;
+  region: string;
+  resourceArn: string;
+}
+
+export interface StartPolicyGenerationResult {
+  generationId: string;
+}
+
+export interface GetPolicyGenerationOptions {
+  generationId: string;
+  policyEngineId: string;
+  region: string;
+}
+
+export interface GetPolicyGenerationResult {
+  status: string;
+  statement: string;
+}
+
+export async function startPolicyGeneration(
+  options: StartPolicyGenerationOptions
+): Promise<StartPolicyGenerationResult> {
+  const client = new BedrockAgentCoreControlClient({
+    region: options.region,
+    credentials: getCredentialProvider(),
+  });
+
+  const command = new StartPolicyGenerationCommand({
+    policyEngineId: options.policyEngineId,
+    resource: { arn: options.resourceArn },
+    content: {
+      rawText: options.description,
+    },
+    name: `cli_generation_${Date.now()}`,
+  });
+
+  const response = await client.send(command);
+
+  if (!response.policyGenerationId) {
+    throw new Error('No generation ID returned from StartPolicyGeneration');
+  }
+
+  return { generationId: response.policyGenerationId };
+}
+
+export async function getPolicyGeneration(options: GetPolicyGenerationOptions): Promise<GetPolicyGenerationResult> {
+  const client = new BedrockAgentCoreControlClient({
+    region: options.region,
+    credentials: getCredentialProvider(),
+  });
+
+  // Use the SDK waiter to poll until generation completes
+  const waiterResult = await waitUntilPolicyGenerationCompleted(
+    { client, maxWaitTime: 120, minDelay: 2, maxDelay: 5 },
+    { policyGenerationId: options.generationId, policyEngineId: options.policyEngineId }
+  );
+
+  if (waiterResult.state !== WaiterState.SUCCESS) {
+    throw new Error(
+      `Policy generation did not complete within the timeout period (state: ${waiterResult.state}). ` +
+        `Generation ID: ${options.generationId}`
+    );
+  }
+
+  // Check the final status
+  const getCommand = new GetPolicyGenerationCommand({
+    policyGenerationId: options.generationId,
+    policyEngineId: options.policyEngineId,
+  });
+
+  const statusResponse = await client.send(getCommand);
+
+  if (statusResponse.status === 'GENERATE_FAILED') {
+    const reasons = statusResponse.statusReasons?.join(', ') ?? 'Unknown reason';
+    throw new Error(`Policy generation failed: ${reasons}`);
+  }
+
+  // Fetch the generated assets
+  const assetsCommand = new ListPolicyGenerationAssetsCommand({
+    policyGenerationId: options.generationId,
+    policyEngineId: options.policyEngineId,
+  });
+
+  const assetsResponse = await client.send(assetsCommand);
+  const assets = assetsResponse.policyGenerationAssets ?? [];
+
+  if (assets.length === 0) {
+    throw new Error('Policy generation completed but no assets were returned');
+  }
+
+  // Get the Cedar statement from the first asset
+  const firstAsset = assets[0]!;
+  const cedarStatement = firstAsset.definition?.cedar?.statement;
+
+  if (!cedarStatement) {
+    throw new Error('Policy generation completed but no Cedar policy statement was found in the assets');
+  }
+
+  return {
+    status: statusResponse.status ?? 'GENERATED',
+    statement: cedarStatement,
+  };
+}

src/cli/aws/index.ts

@@ -1,4 +1,10 @@
-import { buildDeployedState, parseGatewayOutputs, parseMemoryOutputs } from '../outputs';
+import {
+  buildDeployedState,
+  parseGatewayOutputs,
+  parseMemoryOutputs,
+  parsePolicyEngineOutputs,
+  parsePolicyOutputs,
+} from '../outputs';
 import { describe, expect, it } from 'vitest';
 
 describe('buildDeployedState', () => {
@@ -285,3 +291,181 @@ describe('parseMemoryOutputs', () => {
     expect(result).toEqual({});
   });
 });
+
+describe('parsePolicyEngineOutputs', () => {
+  it('extracts policy engine outputs matching pattern', () => {
+    const outputs = {
+      ApplicationPolicyEngineMyEngineIdOutputABC123: 'pe-123',
+      ApplicationPolicyEngineMyEngineArnOutputDEF456: 'arn:aws:bedrock:us-east-1:123456789012:policy-engine/pe-123',
+      UnrelatedOutput: 'some-value',
+    };
+
+    const result = parsePolicyEngineOutputs(outputs, ['MyEngine']);
+
+    expect(result).toEqual({
+      MyEngine: {
+        policyEngineId: 'pe-123',
+        policyEngineArn: 'arn:aws:bedrock:us-east-1:123456789012:policy-engine/pe-123',
+      },
+    });
+  });
+
+  it('handles multiple policy engines', () => {
+    const outputs = {
+      ApplicationPolicyEngineFirstEngineIdOutput123: 'pe-1',
+      ApplicationPolicyEngineFirstEngineArnOutput123: 'arn:pe-1',
+      ApplicationPolicyEngineSecondEngineIdOutput456: 'pe-2',
+      ApplicationPolicyEngineSecondEngineArnOutput456: 'arn:pe-2',
+    };
+
+    const result = parsePolicyEngineOutputs(outputs, ['FirstEngine', 'SecondEngine']);
+
+    expect(Object.keys(result)).toHaveLength(2);
+    expect(result.FirstEngine?.policyEngineId).toBe('pe-1');
+    expect(result.SecondEngine?.policyEngineId).toBe('pe-2');
+  });
+
+  it('returns empty record when no policy engine outputs found', () => {
+    const outputs = {
+      UnrelatedOutput: 'some-value',
+    };
+
+    const result = parsePolicyEngineOutputs(outputs, ['MyEngine']);
+
+    expect(result).toEqual({});
+  });
+
+  it('skips incomplete policy engine outputs (missing ARN)', () => {
+    const outputs = {
+      ApplicationPolicyEngineMyEngineIdOutputABC123: 'pe-123',
+    };
+
+    const result = parsePolicyEngineOutputs(outputs, ['MyEngine']);
+
+    expect(result).toEqual({});
+  });
+});
+
+describe('parsePolicyOutputs', () => {
+  it('extracts policy outputs matching pattern', () => {
+    const outputs = {
+      ApplicationPolicyMyEngineDenyAllIdOutputABC123: 'pol-123',
+      ApplicationPolicyMyEngineDenyAllArnOutputDEF456: 'arn:aws:bedrock:us-east-1:123456789012:policy/pol-123',
+      UnrelatedOutput: 'some-value',
+    };
+
+    const result = parsePolicyOutputs(outputs, [{ engineName: 'MyEngine', policyName: 'DenyAll' }]);
+
+    expect(result).toEqual({
+      'MyEngine/DenyAll': {
+        policyId: 'pol-123',
+        policyArn: 'arn:aws:bedrock:us-east-1:123456789012:policy/pol-123',
+        engineName: 'MyEngine',
+      },
+    });
+  });
+
+  it('handles multiple policies across engines', () => {
+    const outputs = {
+      ApplicationPolicyEngine1Policy1IdOutput123: 'pol-1',
+      ApplicationPolicyEngine1Policy1ArnOutput123: 'arn:pol-1',
+      ApplicationPolicyEngine1Policy2IdOutput456: 'pol-2',
+      ApplicationPolicyEngine1Policy2ArnOutput456: 'arn:pol-2',
+    };
+
+    const result = parsePolicyOutputs(outputs, [
+      { engineName: 'Engine1', policyName: 'Policy1' },
+      { engineName: 'Engine1', policyName: 'Policy2' },
+    ]);
+
+    expect(Object.keys(result)).toHaveLength(2);
+    expect(result['Engine1/Policy1']?.policyId).toBe('pol-1');
+    expect(result['Engine1/Policy2']?.policyId).toBe('pol-2');
+  });
+
+  it('returns empty record when no policy outputs found', () => {
+    const outputs = {
+      UnrelatedOutput: 'some-value',
+    };
+
+    const result = parsePolicyOutputs(outputs, [{ engineName: 'MyEngine', policyName: 'DenyAll' }]);
+
+    expect(result).toEqual({});
+  });
+});
+
+describe('buildDeployedState with policy data', () => {
+  it('includes policyEngines in deployed state when provided', () => {
+    const policyEngines = {
+      MyEngine: {
+        policyEngineId: 'pe-123',
+        policyEngineArn: 'arn:aws:bedrock:us-east-1:123456789012:policy-engine/pe-123',
+      },
+    };
+
+    const result = buildDeployedState({
+      targetName: 'default',
+      stackName: 'TestStack',
+      agents: {},
+      gateways: {},
+      policyEngines,
+    });
+
+    expect(result.targets.default!.resources?.policyEngines).toEqual(policyEngines);
+  });
+
+  it('includes policies in deployed state when provided', () => {
+    const policies = {
+      'MyEngine/DenyAll': {
+        policyId: 'pol-123',
+        policyArn: 'arn:aws:bedrock:us-east-1:123456789012:policy/pol-123',
+        engineName: 'MyEngine',
+      },
+    };
+
+    const result = buildDeployedState({
+      targetName: 'default',
+      stackName: 'TestStack',
+      agents: {},
+      gateways: {},
+      policies,
+    });
+
+    expect(result.targets.default!.resources?.policies).toEqual(policies);
+  });
+
+  it('omits policyEngines field when policyEngines is empty object', () => {
+    const result = buildDeployedState({
+      targetName: 'default',
+      stackName: 'TestStack',
+      agents: {},
+      gateways: {},
+      policyEngines: {},
+    });
+
+    expect(result.targets.default!.resources?.policyEngines).toBeUndefined();
+  });
+
+  it('omits policies field when policies is empty object', () => {
+    const result = buildDeployedState({
+      targetName: 'default',
+      stackName: 'TestStack',
+      agents: {},
+      gateways: {},
+      policies: {},
+    });
+
+    expect(result.targets.default!.resources?.policies).toBeUndefined();
+  });
+
+  it('omits policyEngines field when not provided', () => {
+    const result = buildDeployedState({
+      targetName: 'default',
+      stackName: 'TestStack',
+      agents: {},
+      gateways: {},
+    });
+
+    expect(result.targets.default!.resources?.policyEngines).toBeUndefined();
+  });
+});