Skip to content

fix: relax custom header regex to allow any valid HTTP header#1194

Open
jesseturner21 wants to merge 3 commits into
mainfrom
jesseturner21/relax-header-regex
Open

fix: relax custom header regex to allow any valid HTTP header#1194
jesseturner21 wants to merge 3 commits into
mainfrom
jesseturner21/relax-header-regex

Conversation

@jesseturner21
Copy link
Copy Markdown
Contributor

@jesseturner21 jesseturner21 commented May 11, 2026
edited
Loading

Summary

Fixes #1151

  • Removes auto-prefixing of X-Amzn-Bedrock-AgentCore-Runtime-Custom- from header names in the allowlist config
  • Replaces strict prefix-only validation with service-aligned rules: blocks x-amz-/x-amzn- prefixes and restricted standard HTTP headers
  • Allows underscores in header names per service docs
  • Updates TUI help text and CLI option descriptions
  • Moves RESTRICTED_HEADERS to schema module as single source of truth
  • Adds case-insensitive duplicate detection in Zod schema
  • Backwards-compatible: invoke -H / dev -H auto-prefixes when the agent's allowlist uses the prefixed form

Test plan

  • Unit tests pass (3853+ tests)
  • agentcore add agent --request-header-allowlist "X-Custom-Signature, X-Api-Key" stores headers without prefix
  • agentcore add agent --request-header-allowlist "x-amz-bad" is rejected
  • agentcore add agent --request-header-allowlist "Content-Type" is rejected
  • agentcore add agent --request-header-allowlist "X-Amzn-Bedrock-AgentCore-Runtime-Custom-Foo" still works (backwards compat)
  • agentcore add agent --request-header-allowlist "Authorization" still works
  • Existing agentcore.json with prefixed headers still validates
  • invoke -H "MyHeader: val" auto-prefixes when allowlist has the prefixed form (backwards compat)
  • invoke -H "X-Custom-Sig: val" passes through when allowlist has it as-is

@jesseturner21 jesseturner21 requested a review from a team May 11, 2026 14:19
@github-actions github-actions Bot added the size/m PR size: M label May 11, 2026
@github-actions github-actions Bot added the agentcore-harness-reviewing AgentCore Harness review in progress label May 11, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 11, 2026

Package Tarball

aws-agentcore-0.13.1.tgz

How to install

npm install https://github.com/aws/agentcore-cli/releases/download/pr-1194-tarball/aws-agentcore-0.13.1.tgz

agentcore-cli-automation
agentcore-cli-automation suggested changes May 11, 2026
View reviewed changes
Copy link
Copy Markdown

@agentcore-cli-automation agentcore-cli-automation left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for cleaning this up — the relaxed validation and the CLI/TUI copy changes look good. I've got three things to flag before this can merge, the first of which is a correctness blocker.

The biggest concern is a cross-repo schema mismatch: the vended CDK project depends on @aws/agentcore-cdk (agentcore-l3-cdk-constructs), and its ConfigIO.readProjectSpec() still uses the old strict RequestHeaderAllowlistSchema at cdk synth time. With this PR merged, a user who configures e.g. X-Custom-Signature via the CLI will write it to agentcore.json, and then cdk deploy will fail schema validation locally before the request ever reaches AWS. A matching PR in agentcore-l3-cdk-constructs to relax RequestHeaderAllowlistSchema needs to land and ship in a released version of @aws/agentcore-cdk that this CLI's vended project pins to (see src/assets/cdk/package.json).

The other two comments are schema drift within this repo — the Zod schema is now weaker than validateHeaderAllowlist and can accept configs the CLI validators would reject.

Comment thread src/schema/schemas/agent-env.ts Outdated
Comment thread src/schema/schemas/agent-env.ts
Comment thread src/cli/commands/shared/header-utils.ts Outdated
@github-actions github-actions Bot removed the agentcore-harness-reviewing AgentCore Harness review in progress label May 11, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 11, 2026
edited
Loading

Coverage Report

Status Category Percentage Covered / Total
🔵 Lines 43.36% 9115 / 21020
🔵 Statements 42.63% 9678 / 22699
🔵 Functions 40.19% 1578 / 3926
🔵 Branches 40.16% 5893 / 14672
Generated in workflow #2888 for commit 0855c6c by the Vitest Coverage Report Action

@github-actions github-actions Bot added size/m PR size: M and removed size/m PR size: M labels May 11, 2026
@github-actions github-actions Bot added size/m PR size: M and removed size/m PR size: M labels May 11, 2026
@aidandaly24
fix(schema): relax request header allowlist validation per AWS docs
05b419a 
Relaxes header allowlist to accept any valid HTTP header name (alphanumeric,
hyphens, underscores) that isn't structurally reserved (x-amz-*, x-amzn-*
except Runtime-Custom-*), per the AWS AgentCore Runtime documentation.

- Updates schema refine to validate character pattern + block reserved prefixes
- Updates normalizeHeaderName to pass through X-* headers unchanged
- Adds case-insensitive deduplication
- Adds tests for X-Api-Key, X-Custom-Signature, restricted prefix rejection

Refs #1151
@aidandaly24
fix(tui): update header allowlist help text to reflect relaxed valida…
6f9fde0 
…tion

Updates CLI flag description and TUI hints to show examples of newly-accepted
header names (X-Api-Key, X-Custom-Signature) and clarify when auto-prefixing
applies.

Refs #1151
@aidandaly24 aidandaly24 force-pushed the jesseturner21/relax-header-regex branch from cb3a48d to 6f9fde0 Compare May 13, 2026 14:41
@github-actions github-actions Bot added size/m PR size: M and removed size/m PR size: M labels May 13, 2026
@aidandaly24
fix(schema): per-branch error messages and remove dead-code prefix check
0855c6c 
Addresses review feedback on PR #1163:
- Schema now returns specific error per violated rule (character pattern,
  x-amz- reserved, x-amzn- reserved-except-Custom-) instead of a single
  three-rule string. Easier to act on for users.
- Removes dead-code clause '&& !lower.startsWith('x-amzn-')' on the x-amz-
  check; 'x-amz-' and 'x-amzn-' are disjoint prefixes (position 5 differs:
  '-' vs 'n'), so the carve-out is unnecessary.
- Extracts checkAllowlistHeader() in agent-env.ts as the single source of
  truth; header-utils.ts now consumes it instead of duplicating the rules.
- Adds test pinning the documented suffix-preservation behavior of
  normalizeHeaderName() for the Runtime-Custom- branch.
- Updates --request-header-allowlist flag help to clarify X-prefixed names
  pass through unchanged.

Refs #1151
@github-actions github-actions Bot added size/m PR size: M and removed size/m PR size: M labels May 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@agentcore-cli-automation agentcore-cli-automation agentcore-cli-automation requested changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

size/m PR size: M

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Relax Custom Header regex to allow new pattern

3 participants

@jesseturner21 @agentcore-cli-automation @aidandaly24