Release v6.0.0 into Main

.github/workflows/code.ai-review.yml

@@ -0,0 +1,49 @@
+name: AI Code Review
+
+permissions:
+  id-token: write
+  contents: read
+  pull-requests: write
+
+on:
+  pull_request:
+  pull_request_review_comment:
+    types: [created]
+
+concurrency:
+  group: ${{ github.repository }}-${{ github.event.number || github.head_ref ||
+    github.sha }}-${{ github.workflow }}-${{ github.event_name ==
+    'pull_request_review_comment' && 'pr_comment' || 'pr' }}
+  cancel-in-progress: ${{ github.event_name != 'pull_request_review_comment' }}
+
+jobs:
+  review:
+    environment: dev
+    runs-on: ubuntu-latest
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ vars.AWS_REGION }}
+          role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT }}:role/${{ vars.ROLE_NAME_TO_ASSUME }}
+          role-session-name: GitHub_to_AWS_via_FederatedOIDC
+          role-duration-seconds: 7200
+      - name: PR Review
+        uses: tmokmss/bedrock-pr-reviewer@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          debug: false
+          summarize: true
+          summarize_release_notes: true
+          review_file_diff: |
+            - Do NOT provide general feedback, summaries, explanations of changes, statements of following existing patterns, or praises for making good additions.
+            - Focus solely on offering specific, objective insights based on the given context and refrain from making broad comments about potential impacts on the system or question intentions behind the changes.
+            - Comments should have actionable changes
+            - Disregard formatting, stylistic, or import issues, since this should be taken care of with linters and tests
+            - Ignore verification comments unless there is evidence that contradicts the statement.
+            - Ignore functional imports for test classes. Other classes should not import within functions
+          review_simple_changes: false
+          review_comment_lgtm: false
+          bedrock_light_model: ${{ vars.BEDROCK_LIGHT_MODEL }}
+          bedrock_heavy_model: ${{ vars.BEDROCK_HEAVY_MODEL }}

.github/workflows/code.end-to-end-test.nightly.yml

@@ -29,6 +29,8 @@ jobs:
     needs: notify_e2e_start
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4
+        with:
+            ref: develop
       - name: Setup Node.js
         uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v4
         with:

.github/workflows/test-and-lint.yml

@@ -51,7 +51,7 @@ jobs:
           npm ci
       - name: Run tests
         run: |
-          npm run test
+          npm run test -ci
   backend-build:
     name: Backend Tests
     runs-on: ubuntu-latest

.gitignore

@@ -33,6 +33,8 @@ lib/rag/ingestion/ingestion-image/build
 *.code-workspace
 .cursor
 memory-bank/
+.kiro/
+.amazonq/
 
 # Coverage Statistic Folders
 coverage

.pre-commit-config.yaml

@@ -1,5 +1,6 @@
 default_language_version:
   node: system
+  python: python3.11
 repos:
 - repo: local
   hooks:
@@ -9,7 +10,7 @@ repos:
       entry: scripts/verify-config.sh
       verbose: true
       language: script
-      files: config.yaml
+      files: config-base.yaml
 
 - repo: https://github.com/PyCQA/bandit
   rev: '1.7.10'
@@ -49,7 +50,7 @@ repos:
       pass_filenames: false
 
 - repo: https://github.com/pycqa/isort
-  rev: 5.13.2
+  rev: 7.0.0
   hooks:
     - id: isort
       name: isort (python)
@@ -65,7 +66,8 @@ repos:
     - id: ruff
       args:
         - --exit-non-zero-on-fix
-        - --per-file-ignores=test/**/*.py:E402
+        - --per-file-ignores=test/**/*.py:E402,test/**/*.py:PLC0415
+        - --fix
       exclude: \.ipynb$
 
 - repo: https://github.com/pycqa/flake8
@@ -77,11 +79,10 @@ repos:
         - flake8-bugbear
         - flake8-comprehensions
         - flake8-debugger
-        - flake8-string-format
       args:
         - --max-line-length=120
         - --extend-immutable-calls=Query,fastapi.Depends,fastapi.params.Depends
-        - --ignore=B008,E203, W503 # Ignore error for function calls in argument defaults
+        - --ignore=B008,E203,W503 # Ignore error for function calls in argument defaults
       exclude: ^(__init__.py$|.*\/__init__.py$)
 
 

CHANGELOG.md

@@ -1,3 +1,64 @@
+# v6.0.0
+Happy Thanksgiving! We are proud to announce the launch of our next major version, 6.0.0! This launch aligns with AWS re:invent in Las Vegas from Dec 1-5th. LISA 6.0.0 includes major enhancements to LISA's RAG capabilities. It also includes a new standalone solution, LISA MCP.
+
+We hope you enjoy this release as much as we enjoyed building it. Please reach out to our product team via the "Contact us" button in the readme. Our product roadmap is customer driven, and we want to hear your feedback, questions, and needs as we look to 2026.
+
+
+## Breaking Changes
+- **API Token Table Migration**: The API token table has been renamed and moved from the Serve stack to the API Base stack (`LisaServeTokenTable` → `LisaApiBaseTokenTable`). **Export all existing API keys before upgrading** and recreate them in the new table after deployment. This affects admin keys, service accounts, and any programmatic API access.
+- **Management Key Secret Migration**: The LISA management key secret has been moved to the API Base stack with a new name format: `${deploymentName}-management-key` (removed `lisa-` prefix). **Update any scripts or integrations that reference the secret by name.** The secret value will be auto-generated during deployment; export from AWS Secrets Manager before upgrading if you need to preserve the existing value. Code using the SSM parameter `${deploymentPrefix}/appManagementKeySecretName` will continue to work without changes.
+- **Existing Bedrock Knowledge Base Repositories** must be redeployed to support the new collections infrastructure. This is a simple update operation that creates the necessary infrastructure for automatic data source collection creation. Use the repository update API or UI to redeploy existing Bedrock Knowledge Base repositories.
+
+## Key Features
+### LISA MCP
+LISA MCP is a standalone infrastructure-as-code solution that allows administrators to deploy and host any Model Context Protocol (MCP) servers directly within LISA. This enterprise hosting platform provides turn-key infrastructure deployment, automatic scaling, and secure networking, allowing organizations to build and operate custom MCP tools without managing underlying infrastructure.
+#### Enterprise Hosting Capabilities
+- **Turn-key Deployment**: Deploy STDIO, HTTP, or SSE MCP servers through a single API call or intuitive UI workflow, eliminating the need for manual infrastructure configuration
+- **Dynamic Container Management**: Bring your own pre-built container images or point to S3 artifacts that are automatically packaged into containers at deployment time
+- **Automatic Scaling**: Configure auto-scaling policies with customizable min/max capacity, CPU, and memory settings to handle varying workloads efficiently
+- **Secure VPC Networking**: All MCP servers run within your private VPC with Application and Network Load Balancers, ensuring traffic never leaves your secure network boundaries
+- **API Gateway Integration**: Hosted MCP servers are automatically exposed through LISA's existing API Gateway, inheriting the same authentication, authorization, and security controls (API keys, IDP lockdown, JWT group enforcement) used across the platform
+#### Administrative Control
+- **MCP Management UI**: Complete lifecycle management through a dedicated admin interface where administrators create, update, start, stop, and delete hosted MCP servers
+- **Group-Based Access Control**: Restrict server visibility and usage to specific identity provider groups or make them available organization-wide
+- **Lifecycle Automation**: Step Functions orchestrate provisioning, health monitoring, failure handling, and connection publishing with full auditability through DynamoDB status records
+- **Health Monitoring**: Built-in health checks at both the container and load balancer levels ensure reliable service availability
+#### Integration & Extensibility
+- **External Integration Support**: Hosted MCP servers can be accessed by external agents, copilots, RPA bots, or SaaS workloads using the same API Gateway endpoints and authentication mechanisms
+- **mcp-proxy Support**: STDIO servers are automatically wrapped with `mcp-proxy` and exposed over HTTP, simplifying deployment of standard MCP server implementations
+- **UI & API Parity**: Manage servers through either the MCP Management admin page or REST API endpoints (`/mcp`), providing flexibility for automation and programmatic workflows
+### LISA RAG Collections
+LISA's RAG capabilities just got a major upgrade! We've completely reimagined how you organize and manage RAG documents with the introduction of Collections. Collections transform how you structure your RAG content. Think of repositories as filing cabinets and collections as the organized drawers within—each with its own configuration.
+#### Flexible Document Organization
+
+- **Custom Chunking Strategies**: Configure different chunking approaches per collection (fixed-size or no chunking). If using a Bedrock Knowledge Base all service chunking strategies are supported
+- **Flexible Embedding Models**: Each collection can use its own embedding model, optimizing retrieval for specific document types
+- **Access Control**: Set collection-level permissions with group-based access control, making it easy to share some collections organization-wide while keeping others restricted within the same repository
+- **Rich Metadata Support**: Tag documents with custom metadata at the repository, collection, or document level for powerful filtering and organization
+#### Intelligent Document Lifecycle Management
+
+- **Smart Deletion Workflows**: Delete collections asynchronously with optimized cleanup for each supported Repository
+- **Document Preservation**: User-managed documents in Bedrock Knowledge Bases are automatically preserved during collection operations, ensuring you never lose important content
+- **Enhanced UI Experience**: Browse, filter, and sort collections with visual status indicators, intuitive creation wizards, and document library integration with breadcrumb navigation
+- **Admin-Controlled Operations**: Collection creation, updates, and deletion are restricted to administrators while regular users can continue to view and upload documents to collections they have permission to access
+- **Backward Compatibility**: Existing repositories automatically get a virtual "Default" collection using the repository's embedding model with zero downtime and no database migrations required
+#### Bedrock Knowledge Base Updates
+
+- **Automatic Collection Creation**: Each Bedrock Knowledge Base Data Source gets its own collection with LISA's management capabilities
+- **Custom Metadata & Tagging**: Add LISA's metadata to your Bedrock Knowledge Base documents for enhanced organization and filtering
+### Other Enhancements
+- Updated the prompt area to auto-expand from 2 rows to 20 rows when typing a large prompt.
+- Updates for easier prisma client generation
+- Enhanced logging in LISA Rest ECS cluster to include LiteLLM logs
+
+## Acknowledgements
+* @bedanley
+* @dustins
+* @estohlmann
+* @jmharold
+
+**Full Changelog**: https://github.com/awslabs/LISA/compare/v5.4.0..v6.0.0
+
 # v5.4.0
 
 ## Key Features
@@ -32,8 +93,6 @@ Enhanced the user experience of the MCP Workbench with tool validation, error di
 * @estohlmann
 * @jmharold
 
-**Full Changelog**: https://github.com/awslabs/LISA/compare/v5.3.2..v5.4.0
-
 # v5.3.2
 
 ## Key Features

Makefile

@@ -372,4 +372,4 @@ test-coverage:
           --cov-report term-missing \
           --cov-report html:build/coverage \
           --cov-report xml:build/coverage/coverage.xml \
-          --cov-fail-under 85
+          --cov-fail-under 83

README.md

@@ -1,14 +1,27 @@
 # LLM Inference Solution for Amazon Dedicated Cloud (LISA)
 [![Full Documentation](https://img.shields.io/badge/Full%20Documentation-blue?style=for-the-badge&logo=Vite&logoColor=white)](https://awslabs.github.io/LISA/)
+[![Contact Us](https://img.shields.io/badge/Contact%20Us-green?style=for-the-badge&logo=maildotru&logoColor=white)](mailto:lisa-product-team@amazon.com)
 ## What is LISA?
-Our large language model (LLM) inference solution for the Amazon Dedicated Cloud (ADC), LISA, is an open source infrastructure-as-code solution. Customers deploy LISA directly into an Amazon Web Services (AWS) account. While specially designed for ADC regions that support government customers' most sensitive workloads, LISA is also compatible with commercial regions. LISA supports model self-hosting via Amazon Elastic Container Service (ECS). LISA's LiteLLM support also makes it compatible with 100+ models hosted by external model providers, including Amazon Bedrock. LISA further complements Amazon Bedrock by accelerating GenAI adoption. LISA's optional chat assistant user interface (UI) supports model management, model prompting, document summarization, chat session management, prompt libraries, retrieval augmented generation (RAG), automated document ingestion pipelines, and other advanced features. Customers can choose to integrate custom UIs directly with LISA, relying on LISA for centralized model orchestration, chat session management, and RAG. LISA is scalable and ready to support production use cases. The roadmap is customer-driven, with new capabilities launching monthly.
+Our large language model (LLM) inference solution for the Amazon Dedicated Cloud (ADC), LISA, is open source infrastructure-as-code. Customers deploy it directly into an Amazon Web Services (AWS) account in any region. LISA is scalable and ready to support production use cases.
+
+LISA accelerates GenAI adoption by offering built-in configurability with Amazon Bedrock models, Knowledge Bases, and Guardrails. Also by offering advanced capabilities like an optional enterprise-ready chat user interface (UI) with configurable features, authentication, resource access control, centralized model orchestration via LiteLLM, model self-hosting via Amazon ECS, retrieval augmented generation (RAG), APIs, and broad model context protocol (MCP) support and features. LISA is also compatible with OpenAI’s API specification making it easily configurable with supporting solutions. For example, the Continue plugin for VSCode and JetBrains integrated development environments (IDE).
+
+LISA's roadmap is customer-driven, with new capabilities launching monthly. Reach out to the product team to ask questions, provide feedback, and send feature requests via the "Contact Us" button above.
+
 ## Key Features
-* **Open source**: No subscription or licensing fees. LISA costs are based on service usage. The roadmap is customer-driven with monthly releases. LISA is backed by a software development team.
-* **Model Flexibility**: Bring your own models for self-hosting, or quickly configure LISA with 100+ models supported by third-party model providers, including Amazon Bedrock.
+* **Open Source**: No subscription or licensing fees. LISA costs are based on service usage.
+* **Ongoing Releases**: The product roadmap is customer-driven with releases typically every 2-4 weeks. LISA is backed by a software development team that builds production grade solutions to accelerate customers' GenAI adoption.
+* **Model Flexibility**: Bring your own models for self-hosting, or quickly configure LISA with 100+ models supported by third-party model providers, including Amazon Bedrock and Jumpstart.
 * **Model Orchestration**: Centralize and standardize unique API calls to third-party model providers automatically with LISA via LiteLLM. LISA standardizes the unique API calls into the OpenAI format automatically. All that is required is an API key, model name, and API endpoint.
 * **Modular Components**: Accelerate GenAI adoption with secure, scalable software. LISA supports various use cases through configurable components: model serving and orchestration, chat user interface with advanced capabilities, authentication, retrieval augmented generation (RAG), Anthropic’s Model Context Protocol (MCP), and APIs.
-* **CodeGen**: Supports OpenAI’s API specification, making LISA easily configurable with compatible solutions like the Continue plugin for VSCode and JetBrains integrated development environments (IDEs). This allows users to select from any LISA configured model to support LLM prompting directly in their IDE.
+* **CodeGen**: LISA supports OpenAI’s API specification, making it easily configurable with compatible solutions like the Continue plugin for VSCode and JetBrains IDEs.
 * **FedRAMP**: Leverages FedRAMP High compliant services.
+
+## Major Components
+LISA’s four major components include Serve, a Chat UI, RAG, and MCP. LISA Serve and LISA MCP are standalone, foundational core solutions with APIs for customers not leveraging LISA’s Chat UI. Both LISA’s Chat UI and RAG are optional components, but must be used with Serve.
+
+Read more in the Architecture Overview section of LISA's documentation site linked above.
+
 ## Deployment Prerequisites
 ### Pre-Deployment Steps
 * Set up or have access to an AWS account.

VERSION

@@ -1 +1 @@
-5.4.0
+6.0.0

cypress/package.json

@@ -17,7 +17,8 @@
         "cypress:smoke:run": "cypress run --config-file cypress.smoke.config.ts",
         "clean": "rm -rf node_modules/",
         "lint:fix": "eslint --fix src/",
-        "format": "eslint --fix src/"
+        "format": "eslint --fix src/",
+        "test": "echo \"E2E tests run separately via cypress:e2e:run or cypress:smoke:run\""
     },
     "lint-staged": {
         "**/*.{js,jsx,ts,tsx}": [

cypress/src/smoke/fixtures/env.json

@@ -7,5 +7,6 @@
   "RESTAPI_URI": "",
   "RESTAPI_VERSION": "v2",
   "RAG_ENABLED": true,
+  "HOSTED_MCP_ENABLED": true,
   "API_BASE_URL": "/dev/"
 }

cypress/src/support/adminHelpers.ts

@@ -37,14 +37,16 @@ export function expandAdminMenu () {
         .should('be.visible');
 
     cy.get('[role="menuitem"]')
-        .should('have.length', 2)
+        .should('have.length', 4)
         .then(($items) => {
             const labels = $items
                 .map((_, el) => Cypress.$(el).text().trim())
                 .get();
             expect(labels).to.deep.equal([
                 'Configuration',
                 'Model Management',
+                'RAG Management',
+                'MCP Management',
             ]);
         });
 }

ecs_model_deployer/package.json

@@ -9,7 +9,7 @@
     "pack:prod": "cd ./dist && npm i --omit dev",
     "copy-dist": "mkdir -p ../dist/ecs_model_deployer && cp -r ./dist/* ../dist/ecs_model_deployer/",
     "clean": "rm -rf ./dist/",
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "test": "echo \"No tests for ECS model deployer package\""
   },
   "author": "",
   "license": "Apache-2.0",

ecs_model_deployer/src/lib/ecs-model.ts

@@ -21,7 +21,7 @@ import { Construct } from 'constructs';
 
 import { ECSCluster } from './ecsCluster';
 import { getModelIdentifier } from './utils';
-import { Ec2Metadata, EcsClusterConfig, EcsSourceType, PartialConfig } from '../../../lib/schema';
+import { APP_MANAGEMENT_KEY, Ec2Metadata, EcsClusterConfig, EcsSourceType, PartialConfig } from '../../../lib/schema';
 import { StringParameter } from 'aws-cdk-lib/aws-ssm';
 
 // This is the amount of memory to buffer (or subtract off) from the total instance memory, if we don't include this,
@@ -106,7 +106,7 @@ export class EcsModel extends Construct {
             MODEL_NAME: modelConfig.modelName,
             LOCAL_CODE_PATH: modelConfig.localModelCode, // Only needed when s5cmd is used, but just keep for now
             AWS_REGION: config.region ?? '', // needed for s5cmd
-            MANAGEMENT_KEY_NAME: StringParameter.valueForStringParameter(this, `${config.deploymentPrefix}/managementKeySecretName`)
+            MANAGEMENT_KEY_NAME: StringParameter.valueForStringParameter(this, `${config.deploymentPrefix}/${APP_MANAGEMENT_KEY}`)
         };
 
         if (modelConfig.modelType === 'embedding') {