Ungate passthrough gateway targets#1617
Conversation
Make passthrough gateway targets generally available by removing the isGatedFeaturesEnabled() checks that previously hid them behind ENABLE_GATED_FEATURES. - add/validate.ts: always include `passthrough` in the valid target-type list; drop the "not yet available" early return. - GatewayTargetPrimitive.ts: always advertise passthrough options in --help and the type description; gatePassthroughOption() is now a pass-through so the six call sites stay consistent. - TUI AddGatewayTargetScreen: passthrough is always selectable (no more "Coming soon"). - Update unit tests to assert passthrough is accepted without the flag. Other gated features (knowledge-base, managed memory, aws-skills, previews) are untouched.
github-actions
Bot
added
the
agentcore-harness-reviewing
agentcore-devx-automation
Bot
added
the
claude-security-reviewing
|
Claude Security Review: no high-confidence findings. (run) |
agentcore-devx-automation
Bot
removed
the
claude-security-reviewing
Package TarballHow to installgh release download pr-1617-tarball --repo aws/agentcore-cli --pattern "*.tgz" --dir /tmp/pr-tarball
npm install -g /tmp/pr-tarball/aws-agentcore-0.20.2.tgz |
agentcore-cli-automation
left a comment
agentcore-cli-automation
left a comment
There was a problem hiding this comment.
Clean ungate — mirrors the pattern used for prior ungate PRs (e.g. #1558 for web-search). Tests are updated to assert the new behavior, telemetry already lists passthrough in GatewayTargetType, and there are no remaining isGatedFeaturesEnabled() / ENABLE_GATED_FEATURES references tied to passthrough.
One small leftover noted inline — non-blocking.
| * Passthrough-only CLI option. Kept as a pass-through wrapper so the six call sites | ||
| * read consistently; passthrough targets are no longer gated. | ||
| */ | ||
| function gatePassthroughOption(option: Option): Option { |
There was a problem hiding this comment.
Two small leftovers worth a follow-up (non-blocking):
gatePassthroughOptionis now an identity function. The PR body explains it's kept so the six call sites read consistently — fine, but the precedent ungate PR (chore: ungate web-search commands #1558 for web-search) inlined the calls and removed the helper. Worth picking one style.- The comment at line 358 (
// Passthrough-only flags are gated behind ENABLE_GATED_FEATURES — hidden from help when off.) is now stale and will mislead future readers. If you keep the helper, drop or rewrite that comment in the same change.
github-actions
Bot
removed
the
agentcore-harness-reviewing
Inline the six call sites and delete the function — it returned its argument unchanged after ungating, so it was pure indirection.
agentcore-devx-automation
Bot
added
the
claude-security-reviewing
|
Claude Security Review: no high-confidence findings. (run) |
agentcore-devx-automation
Bot
removed
the
claude-security-reviewing
|
|
||
| // Passthrough is gated behind ENABLE_GATED_FEATURES | ||
| describe('passthrough feature flag', () => { | ||
| // Passthrough is generally available (no longer gated) |
There was a problem hiding this comment.
these comments are too specific to the ungating, can we remove them?
There was a problem hiding this comment.
Done in f935cbd — removed the ungate-specific comment.
| }); | ||
|
|
||
| it('rejects passthrough when the flag is off', async () => { | ||
| it('allows passthrough without any feature flag', async () => { |
There was a problem hiding this comment.
some of these tests are too specific to the gating, can we remove them now? or maybe remove them a week or so after release once we verify everything?
There was a problem hiding this comment.
Stripped the delete process.env.ENABLE_GATED_FEATURES scaffolding in f935cbd, so the two assertions now read like any other target-type test (valid passthrough accepted; passthrough listed in the invalid-type error). Kept the assertions themselves for day-one coverage — happy to prune further post-release if you'd prefer.
Remove the ungate-specific comment and the now-irrelevant delete process.env.ENABLE_GATED_FEATURES lines; passthrough is a normal target type, so the tests read like any other type's.
agentcore-devx-automation
Bot
added
the
claude-security-reviewing
|
Claude Security Review: no high-confidence findings. (run) |
agentcore-devx-automation
Bot
removed
the
claude-security-reviewing
notgitika
left a comment
notgitika
left a comment
There was a problem hiding this comment.
thanks for addressing comments!
3 participants
What
Makes passthrough gateway targets generally available by removing the
isGatedFeaturesEnabled()(ENABLE_GATED_FEATURES) checks that hid them.Changes
add/validate.ts— always includepassthroughin the valid target-type list; drop thePassthrough targets are not yet available.early return.primitives/GatewayTargetPrimitive.ts— always advertise passthrough options/description in--help;gatePassthroughOption()is now a pass-through (kept so the six call sites read consistently).tui/screens/mcp/AddGatewayTargetScreen.tsx— passthrough row is always selectable (no more "Coming soon").add/__tests__/validate.test.ts— assert passthrough is accepted without the flag, and that it appears in the invalid-type error.Other gated features (knowledge-base, managed memory, aws-skills, previews) are intentionally untouched.
Testing
npm run typecheck, eslint, prettier, secretlint — pass (pre-commit hooks).npm test src/cli/commands/add src/cli/primitives— pass.npm run bundle+ installed the local build globally.agentcore add gateway-target --type passthrough --passthrough-endpoint https://... --outbound-auth gateway-iam-role --signing-service execute-api→{"success":true}withoutENABLE_GATED_FEATURES.add → Gateway Target → Target Typeshows Passthrough — Route to external HTTPS endpoint (no "Coming soon"), selectable, and the wizard advances through Endpoint → Protocol → Stickiness → Gateway → Outbound Auth → Signing Service → Signing Region → Confirm.