feat: relax requestHeaderAllowlist to broader X-Amzn-Bedrock-AgentCore- namespace (#1151)#1159
feat: relax requestHeaderAllowlist to broader X-Amzn-Bedrock-AgentCore- namespace (#1151)#1159aidandaly24 wants to merge 1 commit into
Conversation
Coverage Report
|
agentcore-cli-automation
left a comment
There was a problem hiding this comment.
Thanks for aligning the allowlist with the published service contract. The schema, normalization, and test coverage all look clean and consistent.
I have one non-code coordination concern worth calling out explicitly before this ships — flagged inline. Otherwise this looks good.
| * | ||
| * Maximum 20 headers. | ||
| * | ||
| * NOTE: This file is duplicated in agentcore-l3-cdk-constructs/src/schema/schemas/agent-env.ts. |
There was a problem hiding this comment.
Release coordination concern (not a code change request, but worth confirming before merge):
This schema is duplicated in agentcore-l3-cdk-constructs, and the generated CDK project consumes the L3 constructs' copy of RequestHeaderAllowlistSchema — not this one — at cdk synth/deploy time. If a CLI release containing this change ships before the companion L3 constructs release (branch fix/1151-6ed1535c) is merged and published to the registry, the flow breaks for users:
- User runs
agentcore create/agentcore addwith e.g.X-Amzn-Bedrock-AgentCore-Runtime-User-Id - CLI validation passes (new behavior) and writes it into
agent-env.yaml - CDK synth uses the older L3 constructs schema and rejects it with the old error message
A few ways to de-risk this:
- Confirm the companion L3 PR is merged and a version bump is released before the CLI release that carries this change, and (if applicable) bump the minimum
@aws/agentcore-cdkversion pinned in the vended CDK project templates /package.jsonso older constructs can't be resolved. - Or bundle the updated constructs via the
bundled-agentcore-cdk.tgzpath (src/cli/templates/CDKRenderer.ts) in the same release. - Or land + release the L3 constructs change first, then merge this PR.
Could you confirm which path you're taking? Happy to approve once the ordering/versioning is spelled out.
| * prefix to accommodate user-supplied casing variations; the runtime | ||
| * itself is HTTP-header-case-insensitive. | ||
| */ | ||
| export const REQUEST_HEADER_ALLOWLIST_PATTERN = /^(Authorization|X-Amzn-Bedrock-AgentCore-[A-Za-z0-9-]+)$/i; |
There was a problem hiding this comment.
Minor behavior-change check: the /i flag makes this accept authorization / AUTHORIZATION as well as the canonical Authorization. The previous refine used strict val === 'Authorization', so a YAML containing requestHeaderAllowlist: [authorization] went from rejected → accepted.
This is fine for the CLI entry points that flow through normalizeHeaderName (which canonicalizes casing), but the schema is also applied directly to hand-edited agent-env.yaml values, which aren't renormalized before being passed to the CreateAgentRuntime API. If the service is strict about the canonical Authorization casing in the allowlist array (header names on the wire are case-insensitive, but allowlist entries may not be), users who put lowercase in YAML would get an API-side failure instead of an up-front schema failure.
Could you confirm the service accepts any casing of Authorization in the allowlist? If not, consider dropping the /i or splitting the pattern so Authorization is matched case-sensitively and only the namespace portion is case-insensitive, e.g. /^Authorization$|^X-Amzn-Bedrock-AgentCore-[A-Za-z0-9-]+$/i won't help (/i flag is global) — something like two separate checks or new RegExp without the flag for the first alternative.
|
Closing: test run from batch agent |
Description
Relaxes the runtime
requestHeaderAllowlistvalidation to accept the broaderX-Amzn-Bedrock-AgentCore-namespace, in addition to the existingAuthorizationand legacyX-Amzn-Bedrock-AgentCore-Runtime-Custom-prefixedheaders. This brings the CLI in line with the published AWS Bedrock AgentCore
runtime header allowlist:
https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-header-allowlist.html
Previously, the schema only accepted exactly
Authorizationor names startingwith
X-Amzn-Bedrock-AgentCore-Runtime-Custom-. Documented runtime headerssuch as
X-Amzn-Bedrock-AgentCore-Runtime-User-IdandX-Amzn-Bedrock-AgentCore-Runtime-Session-Idwere therefore rejected by theCLI before deployment, even though the service accepts them.
Changes
Schema (
src/schema/schemas/agent-env.ts)HEADER_ALLOWLIST_NAMESPACE_PREFIX('X-Amzn-Bedrock-AgentCore-'),REQUEST_HEADER_ALLOWLIST_PATTERN(
/^(Authorization|X-Amzn-Bedrock-AgentCore-[A-Za-z0-9-]+)$/i),and
isAllowedRequestHeader()helper.RequestHeaderAllowlistSchema.refine()now usesisAllowedRequestHeaderwith an updated error message that links to the AWS doc.
HEADER_ALLOWLIST_PREFIXexport is preserved (still used forauto-prefixing bare names) — no breaking change for consumers.
agentcore-l3-cdk-constructs" docnote above the constants.
Header utilities (
src/cli/commands/shared/header-utils.ts)HEADER_ALLOWLIST_NAMESPACE_PREFIXandisAllowedRequestHeader.normalizeHeaderNamenow recognizes inputs already under the broadernamespace and canonicalizes their casing without re-wrapping them in the
Custom-prefix (preventing nonsense names like…Runtime-Custom-X-Amzn-Bedrock-AgentCore-Runtime-User-Id). Bare namescontinue to be auto-prefixed with the legacy
Custom-prefix for backwardcompatibility.
validateHeaderAllowlistnow runs each parsed header throughisAllowedRequestHeaderand returns a structured error (with doc URL) whena name does not match, providing earlier and clearer feedback than relying
on the Zod refine alone.
Help text
src/cli/primitives/AgentPrimitive.tsx: updated the--request-header-allowlistCommander option description to mention thebroader namespace and link to the AWS doc.
src/cli/tui/screens/agent/AddAgentScreen.tsx: updated the dim helper textbeneath the input field accordingly.
Tests
src/cli/commands/shared/__tests__/header-utils.test.ts: added casescovering
normalizeHeaderNamefor namespace-prefixed inputs (nodouble-prefix; canonical casing) and
validateHeaderAllowlistacceptingthe broader namespace.
src/schema/schemas/__tests__/agent-env.test.ts: new schema-level testsfor
REQUEST_HEADER_ALLOWLIST_PATTERN,isAllowedRequestHeader, andRequestHeaderAllowlistSchema(accept/reject cases, max-20 boundary, docURL in error message).
Companion PR
The schema duplicate in
aws/agentcore-l3-cdk-constructshas been updated inlockstep on branch
fix/1151-6ed1535c(commit080c327).Related Issue
Closes #1151
Documentation PR
N/A — the documented behavior already matches the AWS public docs at
https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-header-allowlist.html;
this PR brings the CLI's runtime validation in line with that doc. The CLI
help text and TUI hints have been updated in this PR.
Type of Change
Testing
How have you tested the change?
npm run test:unitandnpm run test:integnpm run typechecknpm run lintsrc/assets/, I rannpm run test:update-snapshotsand committed the updated snapshotsTargeted test runs (executed locally):
npx vitest run --project unit src/cli/commands/shared/__tests__/header-utils.test.ts src/schema/schemas/__tests__/agent-env.test.ts→ 128 / 128 passing across both files.
npm run typecheck→ clean (no errors).CI will exercise the full unit + integ suites on this PR.
Code review
Round 1: 10 findings, all approved.
Checklist
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the
terms of your choice.