Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
72 commits
Select commit Hold shift + click to select a range
d15ce2e
feat: add sync workflow
avi-alpert Mar 5, 2026
7d35986
fix: formatting
avi-alpert Mar 5, 2026
2acb841
fix: only sync to main branch
avi-alpert Mar 9, 2026
05258f3
fix: codeql permissions
avi-alpert Mar 9, 2026
216140f
Merge pull request #1 from aws/aalpert/workflow
avi-alpert Mar 9, 2026
c6099d4
chore: sync main with public/main
github-actions[bot] Mar 9, 2026
c2bef91
Merge remote-tracking branch 'public/main'
avi-alpert Mar 11, 2026
1a361af
chore: sync main with public/main
github-actions[bot] Mar 12, 2026
cc83d81
chore: sync main with public/main
github-actions[bot] Mar 13, 2026
6054e95
chore: sync main with public/main
github-actions[bot] Mar 13, 2026
11ec86e
chore: sync main with public/main
github-actions[bot] Mar 18, 2026
1d64fd8
chore: sync main with public/main
github-actions[bot] Mar 19, 2026
4c2c674
chore: sync main with public/main
github-actions[bot] Mar 19, 2026
ee71ff3
Merge remote-tracking branch 'origin/main'
notgitika Mar 23, 2026
cfd1cdb
chore: sync main with public/main
github-actions[bot] Mar 24, 2026
93d7bbc
chore: sync main with public/main
jariy17 Mar 25, 2026
d0c495f
chore: sync main with public/main
github-actions[bot] Mar 31, 2026
c2121ec
chore: sync main with public/main
github-actions[bot] Mar 31, 2026
d3f6c81
Merge remote-tracking branch 'public/main'
notgitika Apr 8, 2026
37a0ff8
fix(ci): exclude .github/workflows/ from public repo sync (#54)
aidandaly24 Apr 8, 2026
584fd0e
chore: sync main with public/main
github-actions[bot] Apr 8, 2026
832a5c3
chore: sync main with public/main
github-actions[bot] Apr 8, 2026
5af06f5
chore: sync main with public/main
github-actions[bot] Apr 9, 2026
493e1f9
chore: sync main with public/main
github-actions[bot] Apr 9, 2026
63e05fd
chore: sync main with public/main v0.8.0
notgitika Apr 9, 2026
08872f5
chore: sync main with public/main
github-actions[bot] Apr 10, 2026
e9ab06e
chore: sync main with public/main
github-actions[bot] Apr 11, 2026
5d4bd38
chore: sync main with public/main
github-actions[bot] Apr 11, 2026
b1f9711
chore: sync main with public/main
github-actions[bot] Apr 13, 2026
50b389a
chore: sync main with public/main
github-actions[bot] Apr 14, 2026
ff86dc1
chore: sync main with public/main
github-actions[bot] Apr 14, 2026
eeb444c
chore: sync main with public/main
github-actions[bot] Apr 15, 2026
7877ead
chore: sync main with public/main
github-actions[bot] Apr 15, 2026
874814a
chore: sync main with public/main
github-actions[bot] Apr 17, 2026
d3ad7f8
chore: sync main with public/main
github-actions[bot] Apr 17, 2026
c5e80ca
chore: sync main with public/main
github-actions[bot] Apr 17, 2026
49932f2
chore: sync main with public/main
github-actions[bot] Apr 19, 2026
7e836e4
chore: sync main with public/main
github-actions[bot] Apr 21, 2026
19dec43
chore: sync main with public/main
github-actions[bot] Apr 21, 2026
359f0e1
chore: sync main with public/main
github-actions[bot] Apr 22, 2026
d8af701
chore: sync main with public/main
github-actions[bot] Apr 22, 2026
6675ef0
chore: sync main with public/main
github-actions[bot] Apr 23, 2026
0274932
chore: sync main with public/main
github-actions[bot] Apr 24, 2026
06a468e
chore: sync with public/main (2026-04-27) (#143)
jariy17 Apr 27, 2026
ccbc9fd
chore: add sync-preview job to sync public/preview into preview (#149)
padmak30 Apr 28, 2026
04aa12e
fix: use --track origin/preview to avoid ambiguous checkout (#152)
padmak30 Apr 29, 2026
8ea3afb
🔀 [Sync Conflict] Merge public/main → main (#165)
github-actions[bot] May 7, 2026
2bbc259
🔀 [Sync Conflict] Merge public/main → main (#175)
github-actions[bot] May 11, 2026
8c1db84
chore: sync main with public/main (2026-05-11) (#178)
aidandaly24 May 11, 2026
617534b
chore: replace PAT token with GitHub App token (#179)
aidandaly24 May 11, 2026
8435a43
chore: replace CDK_REPO_TOKEN PAT with GitHub App token in e2e workfl…
aidandaly24 May 11, 2026
fec7c7e
fix: add owner param to GitHub App token for cross-repo access (#182)
aidandaly24 May 11, 2026
bb2819b
chore: sync main with public/main (2026-05-13) (#186)
aidandaly24 May 13, 2026
6ee50c4
feat(workflows): unify Slack issue-notification payload to 20-key sch…
aidandaly24 May 20, 2026
1c01116
ci: bump the github-actions group across 1 directory with 5 updates (…
dependabot[bot] May 26, 2026
28bb2c5
chore: sync main with public/main (2026-05-26)
github-actions[bot] May 26, 2026
38cc0ed
chore: sync main with public/main
github-actions[bot] May 26, 2026
17a4503
chore: sync main with public/main (2026-05-27)
tejaskash May 28, 2026
802c4c1
fix: use branch prefix to detect existing sync conflict PRs (#204)
jariy17 May 29, 2026
08a7434
fix: delete dead file (#209)
Hweinstock Jun 1, 2026
fe63a7d
🔀 [Sync Conflict] Merge public/main → main (#205)
agentcore-devx-automation[bot] Jun 1, 2026
c0357d7
feat: add CMK support for batch evaluation and recommendation APIs (#…
notgitika Jun 8, 2026
06375ec
Revert "feat: add CMK support for batch evaluation and recommendation…
notgitika Jun 9, 2026
920a036
chore: sync main with public/main (2026-06-10)
tejaskash Jun 10, 2026
8d104e6
chore: sync main with public/main
github-actions[bot] Jun 11, 2026
c7aa92d
chore: sync main with public/main
github-actions[bot] Jun 12, 2026
a4c4e3d
ci: add Claude Code /security-review workflow on PRs (#267)
tejaskash Jun 13, 2026
2a9dcf4
chore: sync main with public/main
github-actions[bot] Jun 13, 2026
b8fd2db
fix(ci): make security review robust to shallow-clone restoration (#296)
tejaskash Jun 15, 2026
98528a6
fix(ci): pass security-review prompt inline to claude-code-action (#298)
tejaskash Jun 15, 2026
9687e15
release: nys summit release (#282)
Hweinstock Jun 17, 2026
26f0ee6
fix(tui): validate empty input in SecretInput before triggering cancel
notgitika Jun 29, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
2 changes: 1 addition & 1 deletion .github/workflows/agent-restricted.yml
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ jobs:

- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@v1
uses: actions/create-github-app-token@v3
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/build-and-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ name: Build and Test

on:
push:
branches: ['main']
branches: ['main', 'feat/**']
pull_request:
branches: ['main']
branches: ['main', 'feat/**']

permissions:
contents: read
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ci-failure-issue.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ jobs:

- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@v1
uses: actions/create-github-app-token@v3
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/cleanup-pr-tarballs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
steps:
- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@v1
uses: actions/create-github-app-token@v3
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@ on:
push:
branches: ['main']
pull_request:
branches: ['main']
branches: ['main', 'feat/**']
pull_request_target:
branches: ['main']
branches: ['main', 'feat/**']

# Cancel in-progress runs for PRs; never cancel runs on main (merges should not abort each other)
concurrency:
Expand Down
35 changes: 29 additions & 6 deletions .github/workflows/e2e-tests-full.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,11 @@ on:
aws_region:
description: 'AWS region for deployment'
default: 'us-east-1'
cdk_branch:
description: 'Branch of CDK constructs repo to build from'
default: 'main'
push:
branches: [main]
branches: [main, 'feat/**']

env:
AGENTCORE_TELEMETRY_DISABLED: '1'
Expand All @@ -32,7 +35,7 @@ jobs:
steps:
- uses: actions/checkout@v6
with:
ref: ${{ github.event_name == 'workflow_dispatch' && github.ref || 'main' }}
persist-credentials: false
- uses: actions/setup-node@v6
with:
node-version: '20.x'
Expand All @@ -51,7 +54,7 @@ jobs:
id: aws
run: echo "account_id=$(aws sts get-caller-identity --query Account --output text)" >> "$GITHUB_OUTPUT"
- name: Get API keys from Secrets Manager
uses: aws-actions/aws-secretsmanager-get-secrets@v2
uses: aws-actions/aws-secretsmanager-get-secrets@v3
with:
secret-ids: |
E2E,${{ secrets.E2E_SECRET_ARN }}
Expand All @@ -63,14 +66,34 @@ jobs:
BUILD_PREVIEW: ${{ matrix.cli-build == 'preview' && '1' || '0' }}
- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@v1
uses: actions/create-github-app-token@v3
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
owner: aws
- name: Build CDK package from main
- name: Build CDK package
run: |
git clone --depth 1 "https://x-access-token:${CDK_REPO_TOKEN}@github.com/${CDK_REPO}.git" /tmp/cdk-repo
if [ -n "${{ inputs.cdk_branch }}" ] && [ "${{ inputs.cdk_branch }}" != "main" ]; then
CDK_BRANCH="${{ inputs.cdk_branch }}"
elif [ "${{ github.ref_name }}" != "main" ]; then
CDK_BRANCH="main"
REPO_URL="https://x-access-token:${CDK_REPO_TOKEN}@github.com/${CDK_REPO}.git"
# Check if a branch exists on the CDK repo with the same
if git ls-remote --exit-code --heads "$REPO_URL" "${{ github.ref_name }}" > /dev/null 2>&1; then
CDK_BRANCH="${{ github.ref_name }}"
else
# Check if a branch exists with _ subbed for -. (legacy support for summit branch)
ALT="${{ github.ref_name }}"
ALT="${ALT//_/-}"
if git ls-remote --exit-code --heads "$REPO_URL" "$ALT" > /dev/null 2>&1; then
CDK_BRANCH="$ALT"
fi
fi
else
CDK_BRANCH="main"
fi
echo "Using CDK branch: $CDK_BRANCH"
git clone --depth 1 --branch "$CDK_BRANCH" "https://x-access-token:${CDK_REPO_TOKEN}@github.com/${CDK_REPO}.git" /tmp/cdk-repo
cd /tmp/cdk-repo
npm ci
npm run build
Expand Down
106 changes: 22 additions & 84 deletions .github/workflows/e2e-tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,8 @@ on:
aws_region:
description: 'AWS region for deployment'
default: 'us-east-1'
cdk_branch:
description: 'CDK repo branch to build from (default: main)'
default: 'main'
pull_request_target:
branches: [main]
branches: [main, feat/**]

concurrency:
group: e2e-${{ github.event.pull_request.number || github.ref }}
Expand Down Expand Up @@ -50,8 +47,6 @@ jobs:
runs-on: ubuntu-latest
environment: e2e-testing
timeout-minutes: 30
env:
AGENTCORE_TELEMETRY_DISABLED: '1'
steps:
- uses: actions/checkout@v6
with:
Expand All @@ -75,110 +70,53 @@ jobs:
id: aws
run: echo "account_id=$(aws sts get-caller-identity --query Account --output text)" >> "$GITHUB_OUTPUT"
- name: Get API keys from Secrets Manager
uses: aws-actions/aws-secretsmanager-get-secrets@v2
uses: aws-actions/aws-secretsmanager-get-secrets@v3
with:
secret-ids: |
E2E,${{ secrets.E2E_SECRET_ARN }}
parse-json-secrets: true

- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@v1
uses: actions/create-github-app-token@v3
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}
owner: aws
# Clone CDK repo for bundle script (requires App token for private repo access)
- name: Clone CDK repo
- name: Build CDK package from main
run: |
CDK_BRANCH="${{ inputs.cdk_branch || 'main' }}"
echo "Cloning CDK from branch: $CDK_BRANCH"
git clone --depth 1 --branch "$CDK_BRANCH" "https://x-access-token:${CDK_REPO_TOKEN}@github.com/${CDK_REPO}.git" /tmp/cdk-repo
git clone --depth 1 "https://x-access-token:${CDK_REPO_TOKEN}@github.com/${CDK_REPO}.git" /tmp/cdk-repo
cd /tmp/cdk-repo
npm ci
npm run build
TARBALL=$(npm pack --pack-destination "$RUNNER_TEMP" | tail -1)
echo "CDK_TARBALL=$RUNNER_TEMP/$TARBALL" >> "$GITHUB_ENV"
env:
CDK_REPO_TOKEN: ${{ steps.app-token.outputs.token }}
CDK_REPO: ${{ secrets.CDK_REPO_NAME }}

- run: npm ci

- name: Bundle GA and preview tarballs
run: |
npm run bundle
GA_TARBALL=$(ls aws-agentcore-*.tgz | grep -v preview | head -1)
PREVIEW_TARBALL=$(ls aws-agentcore-*-preview-*.tgz | head -1)
echo "GA_TARBALL=$PWD/$GA_TARBALL" >> "$GITHUB_ENV"
echo "PREVIEW_TARBALL=$PWD/$PREVIEW_TARBALL" >> "$GITHUB_ENV"
env:
AGENTCORE_CDK_PATH: /tmp/cdk-repo

- name: Install GA CLI globally
run: npm install -g "$GA_TARBALL"
- run: npm run build
- name: Install CLI globally
run: npm install -g "$(npm pack | tail -1)"

- name: Detect changed e2e test files
id: changed
run: |
BASE_SHA=${{ github.event.pull_request.base.sha || 'HEAD~1' }}
# If any helper file changed, run all e2e tests
HELPERS_CHANGED=$(git diff --name-only "$BASE_SHA"..HEAD -- 'e2e-tests/*.ts' \
| grep -v '\.test\.ts$' | head -1)
if [ -n "$HELPERS_CHANGED" ]; then
GA_EXTRA=$(find e2e-tests -name '*.test.ts' \
| grep -v '^e2e-tests/strands-bedrock\.test\.ts$' \
| grep -v '^e2e-tests/payment-strands-bedrock\.test\.ts$' \
| grep -v '^e2e-tests/harness-' \
| tr '\n' ' ')
HARNESS_EXTRA=$(find e2e-tests -name 'harness-*.test.ts' \
| grep -v '^e2e-tests/harness-bedrock\.test\.ts$' \
| tr '\n' ' ')
else
GA_EXTRA=$(git diff --name-only "$BASE_SHA"..HEAD -- 'e2e-tests/*.test.ts' \
| grep -v '^e2e-tests/strands-bedrock\.test\.ts$' \
| grep -v '^e2e-tests/payment-strands-bedrock\.test\.ts$' \
| grep -v '^e2e-tests/harness-' \
| tr '\n' ' ')
HARNESS_EXTRA=$(git diff --name-only "$BASE_SHA"..HEAD -- 'e2e-tests/harness-*.test.ts' \
| grep -v '^e2e-tests/harness-bedrock\.test\.ts$' \
| tr '\n' ' ')
fi
echo "ga_extra=$GA_EXTRA" >> "$GITHUB_OUTPUT"
echo "harness_extra=$HARNESS_EXTRA" >> "$GITHUB_OUTPUT"
echo "GA extra tests: ${GA_EXTRA:-none}"
echo "Harness extra tests: ${HARNESS_EXTRA:-none}"

- name: Run E2E tests (GA)
env:
AWS_ACCOUNT_ID: ${{ steps.aws.outputs.account_id }}
AWS_REGION: ${{ inputs.aws_region || 'us-east-1' }}
ANTHROPIC_API_KEY: ${{ env.E2E_ANTHROPIC_API_KEY }}
OPENAI_API_KEY: ${{ env.E2E_OPENAI_API_KEY }}
GEMINI_API_KEY: ${{ env.E2E_GEMINI_API_KEY }}
E2E_EFS_ACCESS_POINT_ARN: ${{ env.E2E_EFS_ACCESS_POINT_ARN }}
E2E_S3_ACCESS_POINT_ARN: ${{ env.E2E_S3_ACCESS_POINT_ARN }}
E2E_FILESYSTEM_SUBNET_ID: ${{ env.E2E_FILESYSTEM_SUBNET_ID }}
E2E_FILESYSTEM_SECURITY_GROUP_ID: ${{ env.E2E_FILESYSTEM_SECURITY_GROUP_ID }}
# CoinbaseCDP testnet creds for payment-strands-bedrock.test.ts. Sourced from
# the same E2E secret (keys CDP_API_KEY_ID / CDP_API_KEY_SECRET / CDP_WALLET_SECRET),
# which parse-json-secrets surfaces as E2E_CDP_*; remapped here to the unprefixed
# names the test reads. Absent on forks -> test self-skips via its hasCdpCreds gate.
CDP_API_KEY_ID: ${{ env.E2E_CDP_API_KEY_ID }}
CDP_API_KEY_SECRET: ${{ env.E2E_CDP_API_KEY_SECRET }}
CDP_WALLET_SECRET: ${{ env.E2E_CDP_WALLET_SECRET }}
run:
npx vitest run --project e2e e2e-tests/strands-bedrock.test.ts e2e-tests/payment-strands-bedrock.test.ts ${{
steps.changed.outputs.ga_extra }}

- name: Install preview CLI globally
run: npm install -g "$PREVIEW_TARBALL"
CHANGED=$(git diff --name-only "$BASE_SHA"..HEAD -- 'e2e-tests/*.test.ts' \
| grep -v '^e2e-tests/strands-bedrock\.test\.ts$' \
| tr '\n' ' ')
echo "extra_tests=$CHANGED" >> "$GITHUB_OUTPUT"
echo "Changed e2e tests: ${CHANGED:-none}"

- name: Run E2E tests (preview/harness)
- name: Run E2E tests
env:
AWS_ACCOUNT_ID: ${{ steps.aws.outputs.account_id }}
AWS_REGION: ${{ inputs.aws_region || 'us-east-1' }}
ANTHROPIC_API_KEY: ${{ env.E2E_ANTHROPIC_API_KEY }}
OPENAI_API_KEY: ${{ env.E2E_OPENAI_API_KEY }}
GEMINI_API_KEY: ${{ env.E2E_GEMINI_API_KEY }}
E2E_EFS_ACCESS_POINT_ARN: ${{ env.E2E_EFS_ACCESS_POINT_ARN }}
E2E_S3_ACCESS_POINT_ARN: ${{ env.E2E_S3_ACCESS_POINT_ARN }}
E2E_FILESYSTEM_SUBNET_ID: ${{ env.E2E_FILESYSTEM_SUBNET_ID }}
E2E_FILESYSTEM_SECURITY_GROUP_ID: ${{ env.E2E_FILESYSTEM_SECURITY_GROUP_ID }}
BUILD_PREVIEW: '1'
run: npx vitest run --project e2e e2e-tests/harness-bedrock.test.ts ${{ steps.changed.outputs.harness_extra }}
CDK_TARBALL: ${{ env.CDK_TARBALL }}
# Always run strands-bedrock as baseline, plus any e2e test files changed in the PR
run: npx vitest run --project e2e e2e-tests/strands-bedrock.test.ts ${{ steps.changed.outputs.extra_tests }}
17 changes: 8 additions & 9 deletions .github/workflows/lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ name: Quality and Safety Checks

on:
push:
branches: ['main']
branches: ['main', 'feat/**']
pull_request:
branches: ['main']
branches: ['main', 'feat/**']

permissions:
contents: read
Expand All @@ -29,7 +29,7 @@ jobs:
uses: actions/cache/save@v5
with:
path: node_modules
key: node-modules-${{ hashFiles('npm-shrinkwrap.json') }}
key: node-modules-${{ hashFiles('package-lock.json') }}

format:
needs: setup
Expand All @@ -42,7 +42,7 @@ jobs:
- uses: actions/cache/restore@v5
with:
path: node_modules
key: node-modules-${{ hashFiles('npm-shrinkwrap.json') }}
key: node-modules-${{ hashFiles('package-lock.json') }}
- run: npm run format:check

lint:
Expand All @@ -56,7 +56,7 @@ jobs:
- uses: actions/cache/restore@v5
with:
path: node_modules
key: node-modules-${{ hashFiles('npm-shrinkwrap.json') }}
key: node-modules-${{ hashFiles('package-lock.json') }}
- run: npm run lint

security:
Expand All @@ -70,7 +70,7 @@ jobs:
- uses: actions/cache/restore@v5
with:
path: node_modules
key: node-modules-${{ hashFiles('npm-shrinkwrap.json') }}
key: node-modules-${{ hashFiles('package-lock.json') }}
- run: npm run security:audit

secrets:
Expand All @@ -84,7 +84,7 @@ jobs:
- uses: actions/cache/restore@v5
with:
path: node_modules
key: node-modules-${{ hashFiles('npm-shrinkwrap.json') }}
key: node-modules-${{ hashFiles('package-lock.json') }}
- run: npm run secrets:check

typecheck:
Expand All @@ -98,11 +98,10 @@ jobs:
- uses: actions/cache/restore@v5
with:
path: node_modules
key: node-modules-${{ hashFiles('npm-shrinkwrap.json') }}
key: node-modules-${{ hashFiles('package-lock.json') }}
- run: npm run typecheck

schema-check:
if: ${{ !contains(github.event.pull_request.labels.*.name, 'release') }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
Expand Down
Loading
Loading