feat: add BYO filesystem e2e test and supporting infrastructure#1461
Merged
Conversation
Contributor
padmak30
commented
Jun 4, 2026
padmak30
commented
- Add strands-bedrock-byo-filesystem.test.ts: e2e test for EFS and S3 Files mounts with unique file content assertion
- Add e2e-tests/fixtures/filesystem/setup_byo_filesystem.py: one-time setup script to provision VPC, EFS, S3 Files access points in AWS
- Extend E2EConfig with apiKeyEnvVar, requiredEnvVars, efsAccessPoints, s3AccessPoints, networkConfig, invokePrompt, invokeResponseCheck
- Fix VPC warning in invoke action to suppress when --json is passed
- Add filesystem env vars to e2e-tests.yml env blocks
- Add filesystem resources fixture file
- Add strands-bedrock-byo-filesystem.test.ts: e2e test for EFS and S3 Files mounts with unique file content assertion - Add e2e-tests/fixtures/filesystem/setup_byo_filesystem.py: one-time setup script to provision VPC, EFS, S3 Files access points in AWS - Extend E2EConfig with apiKeyEnvVar, requiredEnvVars, efsAccessPoints, s3AccessPoints, networkConfig, invokePrompt, invokeResponseCheck - Fix VPC warning in invoke action to suppress when --json is passed - Add filesystem env vars to e2e-tests.yml env blocks - Add filesystem resources fixture file
github-actions
Bot
added
the
agentcore-harness-reviewing
agentcore-devx-automation
Bot
added
the
claude-security-reviewing
Contributor
Package TarballHow to installgh release download pr-1461-tarball --repo aws/agentcore-cli --pattern "*.tgz" --dir /tmp/pr-tarball
npm install -g /tmp/pr-tarball/aws-agentcore-0.17.0.tgz |
Contributor
|
Claude Security Review: no high-confidence findings. (run) |
agentcore-devx-automation
Bot
removed
the
claude-security-reviewing
agentcore-cli-automation
suggested changes
Jun 4, 2026
agentcore-cli-automation
left a comment
agentcore-cli-automation
left a comment
There was a problem hiding this comment.
Nice work setting up filesystem e2e coverage end-to-end. A few issues to address before merging:
- The S3 Files IAM trust policy looks wrong — it allows
elasticfilesystem.amazonaws.comto assume the role, which is the EFS service principal, not S3 Files. This will likely make the S3 Files mount unable to read the bucket. - The new
invokeResponseCheckis silently skipped whenjson.responseis falsy, which weakens the assertion. The whole point of this check is to fail when the response is wrong (or missing). - The test prompt only exercises the EFS mount; the S3 Files mount is configured but never read or written from at runtime, so a misconfigured S3 mount would still pass.
Inline comments below.
github-actions
Bot
removed
the
agentcore-harness-reviewing
Contributor
Coverage Report
|
- Fix invokeResponseCheck to assert response is truthy before running the check — previously silently skipped on empty/undefined response - Extend filesystem test prompt to write and read unique tokens on both EFS (/mnt/efs) and S3 Files (/mnt/s3) mounts, asserting both appear in the response so a misconfigured S3 mount is caught
agentcore-devx-automation
Bot
added
the
claude-security-reviewing
Contributor
|
Claude Security Review: no high-confidence findings. (run) |
agentcore-devx-automation
Bot
removed
the
claude-security-reviewing
jariy17
approved these changes
Jun 5, 2026
| modelProvider: string; | ||
| requiredEnvVar?: string; | ||
| /** Env var holding the API key — must be set for the suite to run, and its value is passed as --api-key. */ | ||
| apiKeyEnvVar?: string; |
Contributor
There was a problem hiding this comment.
Why did we seperate out the apiKey into their own variable?
Contributor
Author
There was a problem hiding this comment.
requiredEnvVar was doing two different things: (1) gating the test suite, and (2) forwarding the env var's value as --api-key to the create command. These had to be separated because the filesystem test needs to gate on 4 env vars (E2E_EFS_ACCESS_POINT_ARN, E2E_S3_ACCESS_POINT_ARN, E2E_FILESYSTEM_SUBNET_ID, E2E_FILESYSTEM_SECURITY_GROUP_ID) that are not API keys — they're ARNs/IDs used in the --efs-access-point-arn etc. args. requiredEnvVars: string[] handles "gate only" for any number of vars; apiKeyEnvVar handles the "gate + pass as --api-key" case that existing tests need.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.