chore(policy): ungate guardrail policy form#1552
Merged
Merged
Conversation
The guardrail form path (--target, --form-category, --form-filters, --form-effect, --form-data-path CLI options and the interactive "form" source method) was hidden behind ENABLE_GATED_FEATURES. Remove that gating so the feature is generally available: options show in --help, the runtime "not yet available" guard is dropped, and the interactive option is no longer disabled with "Coming soon". Drops the now-unused isGatedFeaturesEnabled and Option imports. Confidence: high Scope-risk: narrow
jesseturner21
temporarily deployed
to
e2e-testing
GitHub Actions
Inactive
agentcore-devx-automation
Bot
added
the
claude-security-reviewing
github-actions
Bot
added
the
agentcore-harness-reviewing
Contributor
|
Claude Security Review: no high-confidence findings. (run) |
agentcore-devx-automation
Bot
removed
the
claude-security-reviewing
Contributor
Package TarballHow to installgh release download pr-1552-tarball --repo aws/agentcore-cli --pattern "*.tgz" --dir /tmp/pr-tarball
npm install -g /tmp/pr-tarball/aws-agentcore-0.19.0.tgz |
agentcore-cli-automation
approved these changes
Jun 17, 2026
agentcore-cli-automation
left a comment
agentcore-cli-automation
left a comment
There was a problem hiding this comment.
Reviewed the diff against origin/main. The change is small and surgical: it removes the gate() helper and the runtime formCategory guard in PolicyPrimitive.ts, and drops the gated/"Coming soon" branch in AddPolicyScreen.tsx. The form-path code itself (synth, validation, mutual-exclusion check, telemetry policy_attr_source_type: 'form') was already in place behind the flag and is unchanged.
No functional issues found:
- Other call sites of
isGatedFeaturesEnabled(harness, knowledge-base, gateway-target, config-bundle, etc.) are correctly left untouched. - Telemetry coverage for the form path already exists (no new instrumentation needed).
- No test changes required — the existing tests don't reference the removed gating, and
synthesize-cedar.test.tsalready covers the synthesis logic. - No leftover "Coming soon" / "not yet available" references for the policy form path.
LGTM 🚀
github-actions
Bot
removed
the
agentcore-harness-reviewing
Contributor
Coverage Report
|
notgitika
previously approved these changes
Jun 17, 2026
The dev-server integ test only recorded projectPath when create exited 0 and silently left it undefined otherwise. A transient create failure in CI then surfaced as the unhelpful "expected undefined to be truthy" in every test, hiding the real cause. Throw with the captured stderr/stdout instead, matching the createTestProject factory's behavior, so a genuine failure is actionable and a flaky one is visible. Constraint: dev-server suite needs a real installed project (skipInstall: false), so it cannot use the factory's fast default Confidence: high Scope-risk: narrow Not-tested: the specific transient create failure seen in CI (not reproducible locally)
jesseturner21
had a problem deploying
to
e2e-testing
GitHub Actions
Failure
agentcore-devx-automation
Bot
added
the
claude-security-reviewing
notgitika
approved these changes
Jun 17, 2026
Hweinstock
approved these changes
Jun 17, 2026
| projectPath = json.projectPath; | ||
| if (result.exitCode !== 0) { | ||
| throw new Error(`Project creation failed (exit ${result.exitCode}): ${result.stderr || result.stdout}`); | ||
| } |
Contributor
There was a problem hiding this comment.
nit: Is this change intentionally included?
The refactor makes sense to throw early, but seems unrelated?
Contributor
|
LGTM once CI passes. |
Contributor
|
Claude Security Review: the review did not analyze this PR (model took 0 turns). See the run for details; a later push or re-run is needed. |
agentcore-devx-automation
Bot
removed
the
claude-security-reviewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Removes the
ENABLE_GATED_FEATURESgate on the guardrail policy form so it's generally available.Previously gated behind
isGatedFeaturesEnabled():agentcore add policy):--target,--form-category,--form-filters,--form-effect,--form-data-path— hidden from--helpwhen the flag was off--form-categorythrewGuardrail policy form is not yet available.formsource method was disabled with a "Coming soon" labelChanges
PolicyPrimitive.ts: drop thegate()helper and the runtimenot yet availableguard; the form options are now plain.option()calls. Removed now-unusedisGatedFeaturesEnabledandOptionimports.AddPolicyScreen.tsx: theformoption is no longer disabled/gated. Removed now-unusedisGatedFeaturesEnabledimport.Scope is limited to the guardrail form path — the
isGatedFeaturesEnabledflag itself and its other call sites (harness, knowledge-base, gateway-target, config-bundle, etc.) are untouched.Testing
npm run typecheckpasses.