From 95e3fe1b33c1a9c5ae50d58c028b6502ab4c107d Mon Sep 17 00:00:00 2001
From: Aidan Daly <aidandal@amazon.com>
Date: Tue, 23 Jun 2026 21:03:48 +0000
Subject: [PATCH] test(e2e): use managed memory for CUSTOM_JWT harness invoke

The bearer-token invoke in harness-custom-jwt.test.ts failed with
AccessDenied on bedrock-agentcore:ListEvents after #1624 made it a real
positive assertion. The harness was added with --no-memory, which the CLI
maps to memory.mode 'disabled'. The CDK only grants ListEvents to the
harness execution role when memory is managed (managedMemory = mode !==
'disabled' in AgentCoreHarnessEnvironment), so a disabled-memory harness
that still calls ListEvents at invoke time 403s.

Drop --no-memory so the CUSTOM_JWT harness uses the default managed memory,
matching the passing harness-bedrock/openai/gemini suites. Test-only change;
no shippable CLI or CDK behavior changes.

Closes #1626
---
 e2e-tests/harness-custom-jwt.test.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/e2e-tests/harness-custom-jwt.test.ts b/e2e-tests/harness-custom-jwt.test.ts
index e2ed26e7e..c0bf8aeae 100644
--- a/e2e-tests/harness-custom-jwt.test.ts
+++ b/e2e-tests/harness-custom-jwt.test.ts
@@ -135,7 +135,9 @@ describe.sequential('e2e: harness with CUSTOM_JWT auth', () => {
         harnessName,
         '--model-provider',
         'bedrock',
-        '--no-memory',
+        // Use the default managed memory (no --no-memory): a disabled-memory harness still
+        // calls bedrock-agentcore:ListEvents at invoke, but the CDK only grants that action on
+        // the execution role when memory is managed — so --no-memory invokes fail with AccessDenied.
         '--authorizer-type',
         'CUSTOM_JWT',
         '--discovery-url',