Skip to content

Release v6.6.0 into Main#1005

Merged
estohlmann merged 32 commits into
mainfrom
release/v6.6.0
Apr 24, 2026
Merged

Release v6.6.0 into Main#1005
estohlmann merged 32 commits into
mainfrom
release/v6.6.0

Conversation

@github-actions
Copy link
Copy Markdown

@github-actions github-actions Bot commented Apr 23, 2026
edited by bedanley
Loading

v6.6.0

Key Features

Token Usage and Context Window Visibility

LISA now provides improved observability for model usage and configuration:

  • View cumulative token usage for each user session.
  • Display a context window field in model cards across Model Management and Model Library.
  • Support overriding inferred context windows for LISA-hosted models through environment configuration.

Bedrock Agent Integration

LISA now includes native Bedrock Agent integration, giving administrators a streamlined way to publish Bedrock Agents in the platform catalog and make them available to end users.

Users can opt in to these agents directly from the Agent Management UI, which makes it easier to adopt Bedrock-powered workflows without separate integration steps.

LISA Serve Throttling

LISA Serve now includes throttling controls to better protect service stability under bursty or high-volume traffic patterns.

These controls help prevent noisy-neighbor behavior, improve predictability during traffic spikes, and provide a stronger baseline for multi-tenant reliability.

Security Hardening

CORS origins are now configurable via a new corsAllowedOrigins allowlist that is threaded through all API Gateways, Lambdas, FastAPI services, and MCP server components via a new CDK aspect, replacing permissive defaults. Additionally, client-side OAuth callback validation, safe error rendering in the UI, and stricter Pydantic request parsing for MCP Server and Workbench Lambdas reduce injection and untrusted-input risks.

Other Key Changes

  • Dependency and security maintenance updates across Python and npm packages.
  • Minor reliability fixes discovered during routine update work.
  • Small MCP Workbench lifecycle improvements for tool synchronization and routing.
  • Cypress CI workflow fixes for branch reporting and manual nightly test support.
  • Incremental SDK improvements, including RAG evaluation support.

Acknowledgements

Full Changelog: https://github.com/awslabs/LISA/compare/v6.5.0..v6.6.0

estohlmann and others added 25 commits April 6, 2026 20:58
@estohlmann
Auto-merge main back to develop post release
f99e505
@bedanley
bump dl container
ae240b9
@estohlmann
Merge branch 'main' into develop
567b0ef
@estohlmann
permission updates
e8bf969
@estohlmann
Bedrock Agent Integration
e4c8b24
@gingerknight
Fix: Cypress CI Workflows - Branch Reporting and Manual Testing
6799220
@bedanley
Update CI image publishing
2463366
@drduhe
fix: updating mcp tool registration logic
75945d6
@jmharold @dependabot
Security - depeandabot alerts (#950)
b262002 
* Bump litellm from 1.81.3 to 1.83.0 in /lib/serve/rest-api/src (#923)

Bumps [litellm](https://github.com/BerriAI/litellm) from 1.81.3 to 1.83.0.
- [Release notes](https://github.com/BerriAI/litellm/releases)
- [Commits](https://github.com/BerriAI/litellm/commits)

---
updated-dependencies:
- dependency-name: litellm
  dependency-version: 1.83.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump black from 25.12.0 to 26.3.1 (#841)

Bumps [black](https://github.com/psf/black) from 25.12.0 to 26.3.1.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@25.12.0...26.3.1)

---
updated-dependencies:
- dependency-name: black
  dependency-version: 26.3.1
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump vite from 7.3.0 to 7.3.2 (#927)

Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.3.0 to 7.3.2.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.3.2/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.3.2
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump lodash from 4.17.23 to 4.18.1 (#926)

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.23 to 4.18.1.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.23...4.18.1)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump langchain-core from 1.2.17 to 1.2.22 (#895)

Bumps [langchain-core](https://github.com/langchain-ai/langchain) from 1.2.17 to 1.2.22.
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain-core==1.2.17...langchain-core==1.2.22)

---
updated-dependencies:
- dependency-name: langchain-core
  dependency-version: 1.2.22
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump langchain-core in /lib/rag/ingestion/ingestion-image (#894)

Bumps [langchain-core](https://github.com/langchain-ai/langchain) from 1.2.14 to 1.2.22.
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain-core==1.2.14...langchain-core==1.2.22)

---
updated-dependencies:
- dependency-name: langchain-core
  dependency-version: 1.2.22
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pyjwt from 2.11.0 to 2.12.0 (#846)

Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.11.0 to 2.12.0.
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](jpadilla/pyjwt@2.11.0...2.12.0)

---
updated-dependencies:
- dependency-name: pyjwt
  dependency-version: 2.12.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pyjwt from 2.10.1 to 2.12.0 in /lib/rag/ingestion/ingestion-image (#843)

Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.10.1 to 2.12.0.
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](jpadilla/pyjwt@2.10.1...2.12.0)

---
updated-dependencies:
- dependency-name: pyjwt
  dependency-version: 2.12.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pyjwt from 2.11.0 to 2.12.0 in /lib/core/layers/authorizer (#845)

Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.11.0 to 2.12.0.
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](jpadilla/pyjwt@2.11.0...2.12.0)

---
updated-dependencies:
- dependency-name: pyjwt
  dependency-version: 2.12.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump poetry from 2.3.2 to 2.3.3 (#917)

Bumps [poetry](https://github.com/python-poetry/poetry) from 2.3.2 to 2.3.3.
- [Release notes](https://github.com/python-poetry/poetry/releases)
- [Changelog](https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md)
- [Commits](python-poetry/poetry@2.3.2...2.3.3)

---
updated-dependencies:
- dependency-name: poetry
  dependency-version: 2.3.3
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump langgraph-checkpoint from 3.0.1 to 4.0.0 in /lisa-sdk (#796)

Bumps [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) from 3.0.1 to 4.0.0.
- [Release notes](https://github.com/langchain-ai/langgraph/releases)
- [Commits](langchain-ai/langgraph@checkpoint==3.0.1...checkpoint==4.0.0)

---
updated-dependencies:
- dependency-name: langgraph-checkpoint
  dependency-version: 4.0.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pypdf from 6.7.5 to 6.9.2 (#882)

Bumps [pypdf](https://github.com/py-pdf/pypdf) from 6.7.5 to 6.9.2.
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](py-pdf/pypdf@6.7.5...6.9.2)

---
updated-dependencies:
- dependency-name: pypdf
  dependency-version: 6.9.2
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pypdf from 6.7.5 to 6.9.2 in /lib/rag/ingestion/ingestion-image (#881)

Bumps [pypdf](https://github.com/py-pdf/pypdf) from 6.7.5 to 6.9.2.
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](py-pdf/pypdf@6.7.5...6.9.2)

---
updated-dependencies:
- dependency-name: pypdf
  dependency-version: 6.9.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump brace-expansion (#891)

Bumps  and [brace-expansion](https://github.com/juliangruber/brace-expansion). These dependencies needed to be updated together.

Updates `brace-expansion` from 5.0.4 to 5.0.5
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v5.0.4...v5.0.5)

Updates `brace-expansion` from 2.0.2 to 2.0.3
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v5.0.4...v5.0.5)

Updates `brace-expansion` from 1.1.12 to 1.1.13
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v5.0.4...v5.0.5)

---
updated-dependencies:
- dependency-name: brace-expansion
  dependency-version: 5.0.5
  dependency-type: indirect
- dependency-name: brace-expansion
  dependency-version: 2.0.3
  dependency-type: indirect
- dependency-name: brace-expansion
  dependency-version: 1.1.13
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump requests from 2.32.5 to 2.33.0 in /lisa-sdk (#888)

Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.5...v2.33.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* removing dupe cachetools dep

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jmharold <jmharold@amazon.com>
@estohlmann
bedrock agent UI feedback
42b459f
@gingerknight
fix: Session naming shows RAG context instead of user prompt
46798b5
@estohlmann
Add Throttling to LISA Serve
17a064b
@gingerknight
feat: Add RAG evaluation module to LISA SDK
8007a93
@estohlmann
Ensure permission boundary is applied on dynamic stacks
f4eb0c2
@bedanley
Bug/update use effect config
e74adeb
@bedanley
bump precommit
858b7d4
@bedanley
Update production settings in LiteLLM
4b93805
@bedanley
Bump vitepress-plugin-tabs
9043f90
@bedanley
bulk update npm deps
95ecb1e
@jmharold
Feat - Token usage / Context window visualization (#991)
32d71dc 
* allow ctx win mgmt from env vars

* pre-commit

* session token usage tracking

* spacing

* better naming

---------

Co-authored-by: jmharold <jmharold@amazon.com>
@bedanley
Security changes
14744ba
@bedanley
Update python deps
e46ab4a
@bedanley
Update python (#999)
1014e67
@bedanley
Add VLLM envs to support nemotron models (#1000)
a0ab4c3
@estohlmann
Updating version for release v6.6.0
c084b73
github-code-quality[bot]
github-code-quality Bot found potential problems Apr 23, 2026
View reviewed changes
Comment thread lambda/mcp_workbench/lambda_functions.py
MCPWORKBENCH_UUID = str(uuid.uuid5(uuid.NAMESPACE_DNS, "LISA_MCP_WORKBENCH"))
# Single source of truth shared with the UI: mcp_workbench_server_id.json (uuid5 DNS + "LISA_MCP_WORKBENCH").
_MCP_WORKBENCH_SERVER_ID_PATH = Path(__file__).with_name("mcp_workbench_server_id.json")
MCPWORKBENCH_UUID: str = json.loads(_MCP_WORKBENCH_SERVER_ID_PATH.read_text(encoding="utf-8"))["mcpWorkbenchServerId"]
Comment thread lib/serve/rest-api/src/middleware/rate_limit_middleware.py
RATE_LIMIT_OVERRIDES: dict[str, dict[str, int]] = _parse_overrides(os.environ.get("RATE_LIMIT_OVERRIDES", ""))

# Derived: tokens added per second (system default)
_REFILL_RATE = RATE_LIMIT_RPM / 60.0
github-code-quality[bot]
github-code-quality Bot found potential problems Apr 23, 2026
View reviewed changes
Comment thread test/python/integration_definitions.py Fixed
@estohlmann estohlmann marked this pull request as ready for review April 24, 2026 19:02
@estohlmann estohlmann merged commit b7bbfae into main Apr 24, 2026
18 checks passed
@estohlmann estohlmann deleted the release/v6.6.0 branch April 24, 2026 19:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@estohlmann estohlmann estohlmann approved these changes

+1 more reviewer

@github-code-quality github-code-quality[bot] github-code-quality[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@estohlmann @drduhe @bedanley @gingerknight @jmharold