Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
65 commits
Select commit Hold shift + click to select a range
278783a
feat: update @aws/agent-inspector to 0.3.0
avi-alpert Apr 30, 2026
4daca83
ci: cut full e2e time in half via vitest sharding (#1016)
Hweinstock Apr 30, 2026
90f17b4
feat: update @aws/agent-inspector to 0.3.0
avi-alpert Apr 30, 2026
3aec000
refactor: consolidate cli-config into global-config (#802)
Hweinstock Apr 30, 2026
a4c37a2
feat: make parsing resilient to individual failures (#1062)
Hweinstock Apr 30, 2026
3dccd97
fix: forward custom headers in bearer token invoke paths (#1065)
Hweinstock Apr 30, 2026
e9dfc16
feat: wire telemetry into all add.* commands (#1050)
Hweinstock Apr 30, 2026
bd6f841
fix: resolve e2e import test concurrency races (#1067)
Hweinstock Apr 30, 2026
9ccf802
feat: evo preview features — config bundles, batch evaluation, recomm…
notgitika Apr 30, 2026
0e38e9e
fix: remove dead preflight patch and use proper teardown for evo reso…
notgitika Apr 30, 2026
839b32b
fix: remove dead preflight patch, proper teardown, optional evo schem…
notgitika Apr 30, 2026
8c5cdfe
fix: revert .optional() to .default([]) and strip empty evo arrays on…
notgitika May 1, 2026
eab8c87
fix: remove unnecessary non-null assertions after .default([]) revert…
notgitika May 1, 2026
90924d6
chore: bump version to 0.13.0 (#1076)
github-actions[bot] May 1, 2026
a91d888
docs: remove CrewAI from supported frameworks (#1059)
jesseturner21 May 1, 2026
3b7a0a5
chore(deps): override glob to ^13 to silence install deprecation warn…
minorun365 May 1, 2026
162afd4
fix: address formatting failure in docs (#1080)
Hweinstock May 1, 2026
5ce1874
test: remove http-gateway-targets e2e test (#1090)
jariy17 May 1, 2026
78b3bd1
fix: sync e2e IAM policy and fix run eval flag (#1092)
jariy17 May 1, 2026
f1d046c
fix: align E2E batch eval and recommendation tests with current API (…
notgitika May 1, 2026
7fb8a63
fix: use correct resourceType for config bundle in E2E status test (#…
notgitika May 4, 2026
bb69aa5
docs: clarify integration vs e2e test boundaries and add e2e README (…
jariy17 May 4, 2026
7586092
feat: add archive command for batch evaluations and recommendations (…
padmak30 May 4, 2026
e9066ce
fix: prefix HTTP gateway names with project name to prevent cross-pro…
jariy17 May 5, 2026
4f464d7
test: collapse schema enumeration tests and remove duplicates (#1087)
tejaskash May 5, 2026
639adf1
fix: set iamRoleFallback to true for lambda gateway targets (#1086)
tejaskash May 5, 2026
9f231d0
fix: correct AB test execution role IAM policy and promote stability …
jariy17 May 5, 2026
9afd3f0
chore: bump version to 0.13.1 (#1129)
github-actions[bot] May 6, 2026
4ac28c2
chore(deps-dev): bump secretlint from 12.3.1 to 13.0.0
dependabot[bot] May 6, 2026
42487c0
fix: pin a2a-sdk below 1.0 to prevent breaking changes
aidandaly24 May 6, 2026
9716db0
chore(deps): bump @opentelemetry/exporter-metrics-otlp-http (#1141)
dependabot[bot] May 6, 2026
ec92d3f
chore(deps): bump react from 19.2.5 to 19.2.6 (#1136)
dependabot[bot] May 6, 2026
d9ec423
fix(deploy): pass stack selection to diff and deploy for --target fil…
Hweinstock May 7, 2026
2923dea
Merge pull request #1145 from aws/fix/pin-a2a-sdk-below-1.0
aidandaly24 May 7, 2026
a3f504a
feat(harness): add verdict prefix to reviewer comments (#1153)
aidandaly24 May 7, 2026
6b2be99
Add labels to Slack issue notification payload (#1162)
Hweinstock May 7, 2026
ab82c66
fix: apply prettier formatting to review.md (#1167)
Hweinstock May 7, 2026
2c34489
Merge pull request #1137 from aws/dependabot/npm_and_yarn/secretlint-…
aidandaly24 May 7, 2026
714b178
ci: add workflow to create issues on CI failure (#1174)
Hweinstock May 7, 2026
d8fc802
ci: use AUTOMATION_ACCOUNT_PAT_TOKEN for issue creation (#1176)
Hweinstock May 7, 2026
e247d99
fix: use search API with listForRepo fallback for issue dedup (#1180)
Hweinstock May 7, 2026
7bf41dd
chore(deps-dev): bump hono from 4.12.14 to 4.12.18 (#1152)
dependabot[bot] May 7, 2026
715a5a2
fix: resolve high-severity npm audit vulnerabilities (#1184)
Hweinstock May 8, 2026
9063a77
test: remove unnecessary mocks, use real filesystem (#1156)
Hweinstock May 8, 2026
df27f12
fix: handle CloudFormation throttling in import gateway polling (#1185)
Hweinstock May 8, 2026
804e041
docs: add bedrock:CountTokens to IAM policy examples (#1181)
jariy17 May 8, 2026
eb2e147
fix: resolve target-based AB test target name mismatch (#1188)
notgitika May 9, 2026
be65201
docs: split TESTING.md into focused per-type docs (#1192)
jesseturner21 May 11, 2026
52a24ce
feat: wire telemetry into all remove.* commands (#1069)
Hweinstock May 11, 2026
6ee1141
fix: widen TUI panel to prevent text truncation (#1191) (#1193)
jesseturner21 May 11, 2026
340878c
docs: add telemetry instrumentation guide (#1197)
Hweinstock May 11, 2026
eba0e40
chore: replace PAT tokens with GitHub App token (#1198)
aidandaly24 May 11, 2026
ce50d52
fix: add batch eval, recommendation, and CloudWatch Logs write permis…
notgitika May 11, 2026
bceddde
feat: instrument telemetry for create command (CLI + TUI) (#1202)
Hweinstock May 11, 2026
5767d93
chore: replace all github.token/GITHUB_TOKEN with GitHub App token
aidandaly24 May 12, 2026
f1788bc
fix: bump versions to resolve security audit failure
Hweinstock May 12, 2026
a15c756
Merge pull request #1211 from Hweinstock/fix/old-deps
aidandaly24 May 12, 2026
0e6d577
revert: keep pr-title.yml using GITHUB_TOKEN (read-only access suffic…
aidandaly24 May 12, 2026
6dc4b7f
Merge pull request #1210 from aws/chore/replace-github-token-with-app…
aidandaly24 May 12, 2026
7d27f47
feat(evaluator): add kmsKeyArn support for custom evaluator (#994)
aws-aditya21 May 12, 2026
f010c12
refactor: unify result types with discriminated Result<T, E> union (#…
Hweinstock May 12, 2026
f69e252
feat: record command attrs on telemetry failure via fallbackAttrs (#1…
Hweinstock May 12, 2026
0153694
fix: sync-preview pushes directly on clean merge, PRs only on conflic…
notgitika May 12, 2026
ce00f57
feat: instrument telemetry for deploy command (CLI + TUI) (#1206)
Hweinstock May 12, 2026
286286c
chore: merge main into preview (conflicts need resolution)
github-actions[bot] May 13, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion .github/workflows/cleanup-pr-tarballs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,16 @@ jobs:
runs-on: ubuntu-latest

steps:
- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
- uses: actions/checkout@v6
- name: Delete PR tarball releases older than 7 days
env:
GH_TOKEN: ${{ github.token }}
GH_TOKEN: ${{ steps.app-token.outputs.token }}
run: |
CUTOFF=$(date -u -d '7 days ago' +%Y-%m-%dT%H:%M:%SZ 2>/dev/null || date -u -v-7d +%Y-%m-%dT%H:%M:%SZ)

Expand Down
8 changes: 7 additions & 1 deletion .github/workflows/pr-tarball.yml
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,16 @@ jobs:
run: |
TARBALL_NAME=$(ls *.tgz | head -1 | xargs basename)
echo "name=$TARBALL_NAME" >> $GITHUB_OUTPUT
- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
- name: Create or update PR release
id: release
env:
GH_TOKEN: ${{ github.token }}
GH_TOKEN: ${{ steps.app-token.outputs.token }}
PR_NUMBER: ${{ github.event.pull_request.number }}
TARBALL_NAME: ${{ steps.tarball.outputs.name }}
run: |
Expand Down
18 changes: 16 additions & 2 deletions .github/workflows/release-main-and-preview.yml
Original file line number Diff line number Diff line change
Expand Up @@ -135,9 +135,16 @@ jobs:
- name: Update snapshots
run: npm run test:update-snapshots

- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}

- name: Create release branch and PR
env:
GH_TOKEN: ${{ github.token }}
GH_TOKEN: ${{ steps.app-token.outputs.token }}
NEW_VERSION: ${{ steps.bump.outputs.version }}
run: |
BRANCH_NAME="release/v$NEW_VERSION"
Expand Down Expand Up @@ -219,9 +226,16 @@ jobs:
- name: Update snapshots
run: npm run test:update-snapshots

- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}

- name: Create release branch and PR
env:
GH_TOKEN: ${{ github.token }}
GH_TOKEN: ${{ steps.app-token.outputs.token }}
NEW_VERSION: ${{ steps.bump.outputs.version }}
run: |
BRANCH_NAME="release/v$NEW_VERSION"
Expand Down
9 changes: 8 additions & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -160,9 +160,16 @@ jobs:
exit 1
fi

- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}

- name: Create Pull Request
env:
GH_TOKEN: ${{ github.token }}
GH_TOKEN: ${{ steps.app-token.outputs.token }}
NEW_VERSION: ${{ steps.bump.outputs.version }}
BASE_BRANCH: ${{ steps.release-meta.outputs.base_branch }}
DIST_TAG: ${{ steps.release-meta.outputs.dist_tag }}
Expand Down
8 changes: 7 additions & 1 deletion .github/workflows/strands-command.yml
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,12 @@ jobs:
};
await processInputs(context, github, core, inputs);

- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
- name: Run Strands Agent
uses: ./.github/actions/strands-action
with:
Expand All @@ -104,7 +110,7 @@ jobs:
tools: 'strands_tools:shell,retrieve'
aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
aws_region: 'us-west-2'
pat_token: ${{ secrets.GITHUB_TOKEN }}
pat_token: ${{ steps.app-token.outputs.token }}
env:
SESSION_ID: ${{ steps.process-inputs.outputs.session_id }}
S3_SESSION_BUCKET: ${{ secrets.AGENT_SESSIONS_BUCKET }}
Expand Down
36 changes: 36 additions & 0 deletions .github/workflows/sync-from-public.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,24 @@ jobs:
sync:
runs-on: ubuntu-latest
steps:
<<<<<<< HEAD
- uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.GITHUB_TOKEN }}
=======
- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}

- uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ steps.app-token.outputs.token }}
>>>>>>> origin/main

- name: Configure Git
run: |
Expand Down Expand Up @@ -101,15 +115,33 @@ jobs:
--head "$conflict_branch" || echo "⚠️ Failed to create PR"
fi
env:
<<<<<<< HEAD
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
=======
GH_TOKEN: ${{ steps.app-token.outputs.token }}
>>>>>>> origin/main

sync-preview:
runs-on: ubuntu-latest
steps:
<<<<<<< HEAD
- uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.GITHUB_TOKEN }}
=======
- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}

- uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ steps.app-token.outputs.token }}
>>>>>>> origin/main

- name: Configure Git
run: |
Expand Down Expand Up @@ -194,4 +226,8 @@ jobs:
--head "$conflict_branch" || echo "⚠️ Failed to create PR"
fi
env:
<<<<<<< HEAD
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
=======
GH_TOKEN: ${{ steps.app-token.outputs.token }}
>>>>>>> origin/main
146 changes: 106 additions & 40 deletions .github/workflows/sync-preview.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,93 +17,161 @@ jobs:
name: Merge main into preview
runs-on: ubuntu-latest
steps:
- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}

- name: Checkout preview
uses: actions/checkout@v6
with:
ref: preview
fetch-depth: 0
token: ${{ steps.app-token.outputs.token }}

- name: Configure git
run: |
git config --global user.name "github-actions[bot]"
git config --global user.email "github-actions[bot]@users.noreply.github.com"

- name: Merge main into preview
id: merge
- name: Check if sync needed
id: check
run: |
git fetch origin main
MAIN_SHA=$(git rev-parse origin/main)
MERGE_BASE=$(git merge-base HEAD origin/main)

if [[ "$MAIN_SHA" == "$MERGE_BASE" ]]; then
echo "✅ preview already contains all of main"
echo "status=up-to-date" >> $GITHUB_OUTPUT
exit 0
echo "needed=false" >> $GITHUB_OUTPUT
else
echo "needed=true" >> $GITHUB_OUTPUT
fi

echo "ℹ️ Merging main into preview..."
- name: Skip if already synced
if: steps.check.outputs.needed == 'false'
run: echo "Nothing to sync."

- name: Merge main into preview
if: steps.check.outputs.needed == 'true'
id: merge
run: |
# Save preview's version before merge so we can restore it after
PREVIEW_VERSION=$(node -p "require('./package.json').version")
echo "preview_version=$PREVIEW_VERSION" >> $GITHUB_OUTPUT

if git merge origin/main --no-edit -m "chore: merge main into preview"; then
git push origin preview
echo "✅ main merged into preview and pushed"
echo "status=merged" >> $GITHUB_OUTPUT
echo "status=clean" >> $GITHUB_OUTPUT
else
git merge --abort
echo "status=conflict" >> $GITHUB_OUTPUT
# preview carries a higher version string than main (e.g. 1.0.0-preview.X vs 0.13.X).
# This means package.json/package-lock.json almost always conflict on the version field.
# Accept main's content here; the version is restored in the next step.
for f in package.json package-lock.json; do
if git diff --name-only --diff-filter=U | grep -qx "$f"; then
git checkout --theirs "$f"
git add "$f"
echo " ↳ resolved $f conflict (accepted main, will restore version)"
fi
done

# Check if all conflicts are now resolved
if [[ -z "$(git diff --name-only --diff-filter=U)" ]]; then
git commit --no-edit -m "chore: merge main into preview"
echo "status=clean" >> $GITHUB_OUTPUT
else
echo "status=conflict" >> $GITHUB_OUTPUT
fi
fi

- name: Get original commit author
if: steps.merge.outputs.status == 'conflict'
id: author
- name: Restore preview-owned files
if: steps.merge.outputs.status == 'clean'
run: |
AUTHOR=$(git log origin/main -1 --format='%an')
GH_USER=$(git log origin/main -1 --format='%ae' | grep -oP '.*(?=@users\.noreply\.github\.com)' || echo "")
if [[ -z "$GH_USER" ]]; then
# Try to get GitHub username from the commit
GH_USER=$(gh api "/repos/${{ github.repository }}/commits/$(git rev-parse origin/main)" --jq '.author.login // empty' 2>/dev/null || echo "")
# These files are auto-generated during preview releases and must not
# be overwritten by main's versions (schema-check CI will reject changes
# to schemas/, and CHANGELOG.md tracks preview releases separately).
PREVIEW_HEAD=$(git rev-parse HEAD^1)
for f in schemas/agentcore.schema.v1.json CHANGELOG.md; do
if git show "$PREVIEW_HEAD:$f" > /dev/null 2>&1; then
git show "$PREVIEW_HEAD:$f" > "$f"
git add "$f"
echo " ↳ restored preview's $f"
fi
done
if ! git diff --cached --quiet; then
git commit -m "chore: restore preview-owned files (schema, changelog)"
fi
echo "name=$AUTHOR" >> $GITHUB_OUTPUT
echo "gh_user=$GH_USER" >> $GITHUB_OUTPUT
env:
GH_TOKEN: ${{ github.token }}

- name: Restore preview version and push
if: steps.merge.outputs.status == 'clean'
run: |
PREVIEW_VERSION="${{ steps.merge.outputs.preview_version }}"
CURRENT_VERSION=$(node -p "require('./package.json').version")

if [[ "$CURRENT_VERSION" != "$PREVIEW_VERSION" ]]; then
PREVIEW_VERSION="$PREVIEW_VERSION" node -e "
const fs = require('fs');
const pkg = JSON.parse(fs.readFileSync('package.json', 'utf8'));
pkg.version = process.env.PREVIEW_VERSION;
fs.writeFileSync('package.json', JSON.stringify(pkg, null, 2) + '\n');
"
if [[ -f package-lock.json ]]; then
PREVIEW_VERSION="$PREVIEW_VERSION" node -e "
const fs = require('fs');
const lock = JSON.parse(fs.readFileSync('package-lock.json', 'utf8'));
lock.version = process.env.PREVIEW_VERSION;
if (lock.packages && lock.packages['']) {
lock.packages[''].version = process.env.PREVIEW_VERSION;
}
fs.writeFileSync('package-lock.json', JSON.stringify(lock, null, 2) + '\n');
"
fi
git add package.json
[[ -f package-lock.json ]] && git add package-lock.json
git commit -m "chore: restore preview version ($PREVIEW_VERSION)"
fi

git push origin HEAD:preview
echo "✅ main merged into preview and pushed"

- name: Create PR for conflict resolution
if: steps.merge.outputs.status == 'conflict'
env:
GH_TOKEN: ${{ github.token }}
AUTHOR_NAME: ${{ steps.author.outputs.name }}
AUTHOR_GH: ${{ steps.author.outputs.gh_user }}
GH_TOKEN: ${{ steps.app-token.outputs.token }}
run: |
BRANCH="sync-preview/merge-main-$(date +%Y%m%d-%H%M%S)"

# Check if there's already an open sync PR
EXISTING=$(gh pr list --base preview --search "sync-preview: merge main into preview" --state open --json number --jq 'length')
if [[ "$EXISTING" != "0" ]]; then
# Check if there's already an open sync PR (match by branch prefix, not title search)
COUNT=$(gh pr list --base preview --state open --json headRefName \
--jq '[.[] | select(.headRefName | startswith("sync-preview/"))] | length')
if [[ "$COUNT" != "0" ]]; then
echo "ℹ️ Sync PR already open — skipping duplicate."
exit 0
fi

# Create a branch from preview with the conflict markers
# Abort the failed merge and redo on a branch for the PR
git merge --abort

BRANCH="sync-preview/merge-main-$(date +%Y%m%d-%H%M%S)"
git checkout -b "$BRANCH"
git merge origin/main --no-edit -m "chore: merge main into preview" || true
git merge origin/main --no-edit -m "chore: merge main into preview (conflicts need resolution)" || true
git add -A
git commit --no-edit -m "chore: merge main into preview (conflicts need resolution)" || true
git push origin "$BRANCH"

# Build mention string
GH_USER=$(gh api "/repos/${{ github.repository }}/commits/$(git rev-parse origin/main)" --jq '.author.login // empty' 2>/dev/null || echo "")
MENTION=""
if [[ -n "$AUTHOR_GH" ]]; then
MENTION="cc @${AUTHOR_GH}"
if [[ -n "$GH_USER" ]]; then
MENTION="cc @${GH_USER}"
fi

gh pr create \
--base preview \
--head "$BRANCH" \
--title "sync-preview: merge main into preview" \
--title "sync-preview: merge main into preview (conflicts)" \
--body "$(cat <<BODY
The automated sync-preview workflow could not cleanly merge \`main\` into \`preview\`.
The automated sync could not cleanly merge \`main\` into \`preview\`.

**This PR contains the merge with conflict markers.** To resolve:
**This PR contains conflict markers.** To resolve:

1. Check out this branch locally:
\`\`\`bash
Expand All @@ -116,8 +184,6 @@ jobs:
3. Keep preview-specific values (package version, preview tests, etc.) — accept main's changes for everything else.
4. Commit and push, then merge this PR.

This must be resolved before the next coordinated release.

${MENTION}

_Opened automatically by the sync-preview workflow._
Expand Down
Loading
Loading