From 24c0875ed55995fe1186080fc624f16802312f5c Mon Sep 17 00:00:00 2001 From: Local E2E Date: Mon, 8 Jun 2026 17:38:25 +0000 Subject: [PATCH 1/3] fix(e2e): avoid coupling regex to exact phrasing of error --- e2e-tests/byo-custom-jwt.test.ts | 51 ++++++++++---------------------- 1 file changed, 15 insertions(+), 36 deletions(-) diff --git a/e2e-tests/byo-custom-jwt.test.ts b/e2e-tests/byo-custom-jwt.test.ts index 64e534e20..aca730f2e 100644 --- a/e2e-tests/byo-custom-jwt.test.ts +++ b/e2e-tests/byo-custom-jwt.test.ts @@ -7,11 +7,7 @@ * - SigV4 invocation is rejected (auth method mismatch) * - Status reports the agent as deployed * - * Unlike other E2E tests that use the globally installed CLI, this test uses - * the local build (`runCLI`) because it exercises unreleased schema and CDK - * changes. Set CDK_TARBALL to a path to the modified CDK package tarball. - * - * Requires: AWS credentials, npm, git, uv, CDK_TARBALL env var. + * Requires: AWS credentials, npm, git, uv */ import { type RunResult, @@ -21,6 +17,7 @@ import { runCLI, stripAnsi, } from '../src/test-utils/index.js'; +import { installCdkTarball, writeAwsTargets } from './e2e-helper.js'; import { CloudFormationClient, GetTemplateCommand } from '@aws-sdk/client-cloudformation'; import { CognitoIdentityProviderClient, @@ -32,7 +29,6 @@ import { DeleteUserPoolCommand, DeleteUserPoolDomainCommand, } from '@aws-sdk/client-cognito-identity-provider'; -import { execSync } from 'node:child_process'; import { randomUUID } from 'node:crypto'; import { mkdir, readFile, rm, writeFile } from 'node:fs/promises'; import { tmpdir } from 'node:os'; @@ -40,8 +36,7 @@ import { join } from 'node:path'; import { afterAll, beforeAll, describe, expect, it } from 'vitest'; const hasAws = hasAwsCredentials(); -const hasCdkTarball = !!process.env.CDK_TARBALL; -const canRun = prereqs.npm && prereqs.git && prereqs.uv && hasAws && hasCdkTarball; +const canRun = prereqs.npm && prereqs.git && prereqs.uv && hasAws; const region = process.env.AWS_REGION ?? 'us-east-1'; /** @@ -67,6 +62,8 @@ describe.sequential('e2e: BYO agent with CUSTOM_JWT auth', () => { const cognitoClient = new CognitoIdentityProviderClient({ region }); const cfnClient = new CloudFormationClient({ region }); + const customJWTRejectMsgRegex = /configured for CUSTOM_JWT/i; + /** Fetch a Cognito access token via client_credentials flow. */ async function fetchCognitoAccessToken(): Promise { const tokenUrl = `https://${domainPrefix}.auth.${region}.amazoncognito.com/oauth2/token`; @@ -149,19 +146,8 @@ describe.sequential('e2e: BYO agent with CUSTOM_JWT auth', () => { projectPath = createJson.projectPath; // Write AWS targets - const account = - process.env.AWS_ACCOUNT_ID ?? - execSync('aws sts get-caller-identity --query Account --output text').toString().trim(); - await writeFile( - join(projectPath, 'agentcore', 'aws-targets.json'), - JSON.stringify([{ name: 'default', account, region }]) - ); - - // Install modified CDK tarball (required for auth fields support) - execSync(`npm install -f ${process.env.CDK_TARBALL}`, { - cwd: join(projectPath, 'agentcore', 'cdk'), - stdio: 'pipe', - }); + await writeAwsTargets(projectPath); + installCdkTarball(projectPath); // ── Add an MCP protocol agent to the same project ── mcpAgentName = `E2eMcp${String(Date.now()).slice(-8)}`; @@ -274,9 +260,9 @@ describe.sequential('e2e: BYO agent with CUSTOM_JWT auth', () => { // Expect failure due to auth method mismatch (client-side fast-fail or server-side rejection) const output = stripAnsi(result.stdout + result.stderr); - expect(output).toMatch( - /configured for CUSTOM_JWT but no bearer token|[Aa]uthoriz(ation|er).*mismatch|different.*authorization/i - ); + + expect(result.exitCode, `failure: stderr=${result.stderr}\n\nstdout=${result.stdout}`).not.toBe(0); + expect(output).toMatch(customJWTRejectMsgRegex); }, 180000 ); @@ -296,9 +282,7 @@ describe.sequential('e2e: BYO agent with CUSTOM_JWT auth', () => { const output = stripAnsi(result.stdout + result.stderr); // The invoke may fail for other reasons (agent logic), but it should NOT fail with auth mismatch - expect(output).not.toMatch( - /configured for CUSTOM_JWT but no bearer token|[Aa]uthoriz(ation|er).*mismatch|different.*authorization/i - ); + expect(output).not.toMatch(customJWTRejectMsgRegex); }, 180000 ); @@ -311,9 +295,8 @@ describe.sequential('e2e: BYO agent with CUSTOM_JWT auth', () => { const result = await runLocalCLI(['invoke', '--runtime', mcpAgentName, 'list-tools', '--json'], projectPath); const output = stripAnsi(result.stdout + result.stderr); - expect(output).toMatch( - /configured for CUSTOM_JWT but no bearer token|[Aa]uthoriz(ation|er).*mismatch|different.*authorization/i - ); + expect(result.exitCode, `failure: stderr=${result.stderr}\n\nstdout=${result.stdout}`).not.toBe(0); + expect(output).toMatch(customJWTRejectMsgRegex); }, 180000 ); @@ -331,9 +314,7 @@ describe.sequential('e2e: BYO agent with CUSTOM_JWT auth', () => { ); const output = stripAnsi(result.stdout + result.stderr); - expect(output).not.toMatch( - /configured for CUSTOM_JWT but no bearer token|[Aa]uthoriz(ation|er).*mismatch|different.*authorization/i - ); + expect(output).not.toMatch(customJWTRejectMsgRegex); }, 180000 ); @@ -363,9 +344,7 @@ describe.sequential('e2e: BYO agent with CUSTOM_JWT auth', () => { ); const output = stripAnsi(result.stdout + result.stderr); - expect(output).not.toMatch( - /configured for CUSTOM_JWT but no bearer token|[Aa]uthoriz(ation|er).*mismatch|different.*authorization/i - ); + expect(output).not.toMatch(customJWTRejectMsgRegex); }, 180000 ); From 4fe0de94e84d73324beee5b9838fe6d2b324cd4b Mon Sep 17 00:00:00 2001 From: Local E2E Date: Mon, 8 Jun 2026 17:39:08 +0000 Subject: [PATCH 2/3] feat(e2e): add more detailed logging on failures --- e2e-tests/e2e-helper.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e-tests/e2e-helper.ts b/e2e-tests/e2e-helper.ts index 366a26cd6..f5fbce546 100644 --- a/e2e-tests/e2e-helper.ts +++ b/e2e-tests/e2e-helper.ts @@ -127,7 +127,7 @@ export function createE2ESuite(cfg: E2EConfig) { const result = await runAgentCoreCLI(createArgs, testDir); - expect(result.exitCode, `Create failed: ${result.stderr}`).toBe(0); + expect(result.exitCode, `Create failed: stderr=${result.stderr}\n\nstdout=${result.stdout}`).toBe(0); const json = parseJsonOutput(result.stdout) as { projectPath: string }; projectPath = json.projectPath; From 86d4116ac0c69162a35925ddc96f4d01e6946a65 Mon Sep 17 00:00:00 2001 From: Local E2E Date: Mon, 8 Jun 2026 17:53:54 +0000 Subject: [PATCH 3/3] fix(e2e): add back other cases to the regex for other types of errors --- e2e-tests/byo-custom-jwt.test.ts | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/e2e-tests/byo-custom-jwt.test.ts b/e2e-tests/byo-custom-jwt.test.ts index aca730f2e..0232c450e 100644 --- a/e2e-tests/byo-custom-jwt.test.ts +++ b/e2e-tests/byo-custom-jwt.test.ts @@ -38,6 +38,7 @@ import { afterAll, beforeAll, describe, expect, it } from 'vitest'; const hasAws = hasAwsCredentials(); const canRun = prereqs.npm && prereqs.git && prereqs.uv && hasAws; const region = process.env.AWS_REGION ?? 'us-east-1'; +const customJWTRejectMsgRegex = /configured for CUSTOM_JWT|[Aa]uthoriz(ation|er).*mismatch|different.*authorization/i; /** * Run the local CLI build without skipping install (needed for deploy). @@ -62,8 +63,6 @@ describe.sequential('e2e: BYO agent with CUSTOM_JWT auth', () => { const cognitoClient = new CognitoIdentityProviderClient({ region }); const cfnClient = new CloudFormationClient({ region }); - const customJWTRejectMsgRegex = /configured for CUSTOM_JWT/i; - /** Fetch a Cognito access token via client_credentials flow. */ async function fetchCognitoAccessToken(): Promise { const tokenUrl = `https://${domainPrefix}.auth.${region}.amazoncognito.com/oauth2/token`;