Skip to content

feat: add policy engine and policy support with full deploy pipeline#546

Draft
jesseturner21 wants to merge 4 commits intoaws:mainfrom
jesseturner21:feat/policy-engine-support
Draft

feat: add policy engine and policy support with full deploy pipeline#546
jesseturner21 wants to merge 4 commits intoaws:mainfrom
jesseturner21:feat/policy-engine-support

Conversation

@jesseturner21
Copy link
Contributor

@jesseturner21 jesseturner21 commented Mar 13, 2026

Summary

  • Schema: Add PolicyEngine and Policy schemas with Zod validation, integrated into AgentCoreProjectSpec and deployed state tracking
  • TUI: Full add/remove wizards for policy engines and policies with three source methods — Cedar file, inline statement, or AI generation (with gateway selection and expandable text input)
  • CLI: Non-interactive add/remove commands for policy-engine and policy with all flags (--name, --engine, --source/--statement/--generate)
  • Deploy: CDK construct integration, CloudFormation output parsing, deployed state tracking with composite engine/policy keys to handle cross-engine name collisions
  • Status: Policy engines and policies shown in status command and ResourceGraph TUI with correct deployment state diffing
  • Generation: StartPolicyGeneration + waiter integration with deployed engine ID and gateway ARN resolution
  • Validation: Schema validation for names, statements, and validation modes

Test plan

  • Unit tests pass (npm test)
  • Integration test added (integ-tests/add-remove-policy.test.ts)
  • Snapshot tests updated for new CDK asset changes
  • agentcore add policy-engine and agentcore add policy work in TUI and non-interactive modes
  • agentcore remove policy-engine and agentcore remove policy correctly use composite keys
  • agentcore deploy deploys policy engines and policies via CDK
  • agentcore status shows policy engine/policy deployment state

🤖 Generated with Claude Code

jesseturner21 and others added 2 commits March 13, 2026 16:18
@jesseturner21 @claude
feat: add policy engine and policy support with full deploy pipeline
19ec7f6 
Add Cedar authorization policy support to AgentCore CLI:

- Schema: PolicyEngine and Policy schemas with Zod validation
- TUI: Full add/remove wizards for policy engines and policies
  - Source methods: Cedar file, inline statement, or AI generation
  - Gateway selection for generation flow
  - Expandable text input for generation prompts
- CLI: Non-interactive add/remove commands with all flags
  - agentcore add policy-engine --name <name>
  - agentcore add policy --name <name> --engine <engine> --source/--statement/--generate
  - agentcore remove policy-engine/policy --name <name>
- Deploy: CDK construct integration, CloudFormation output parsing,
  deployed state tracking with composite engine/policy keys
- Status: Policy engines and policies shown in status command and
  ResourceGraph TUI with correct deployment state diffing
- Generation: StartPolicyGeneration + waiter integration with
  deployed engine ID and gateway ARN resolution
- Validation: Schema validation for names, statements, validation modes

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jesseturner21 @claude
feat: use composite key for policy removal to handle cross-engine nam…
7f3ffce 
…e collisions

Policies are nested under engines, so the same policy name can exist in
multiple engines. Switch getRemovable/remove/previewRemove to use an
"engineName/policyName" composite key so the generic TUI remove flow can
uniquely identify policies with a single string.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jesseturner21 jesseturner21 requested a review from a team March 13, 2026 20:21
@github-actions github-actions bot added the size/xl PR size: XL label Mar 13, 2026
@jesseturner21 @claude
fix: sync package-lock.json for npm@10 compatibility
6f17448 
Regenerate lock file with npm@10 to resolve missing yaml@2.8.2
dependency entry that caused `npm ci` failures on Node 20.x and 22.x.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@github-actions github-actions bot added size/xl PR size: XL and removed size/xl PR size: XL labels Mar 13, 2026
@jesseturner21 @claude
fix: resolve lint and formatting issues for CI
52b732c 
- Merge duplicate imports in policy-generation.ts
- Use dot notation instead of bracket notation in outputs test
- Replace Array<T> with T[] in outputs.ts and useDeployFlow.ts
- Add void operator for floating promises in AddPolicyFlow
- Wrap async handlers with void for no-misused-promises
- Escape quotes in JSX text in AddPolicyScreen
- Fix prettier formatting across all changed files

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@github-actions github-actions bot removed the size/xl PR size: XL label Mar 13, 2026
@github-actions github-actions bot added the size/xl PR size: XL label Mar 13, 2026
@jesseturner21 jesseturner21 marked this pull request as draft March 13, 2026 20:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size/xl PR size: XL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jesseturner21