Release 1.0.0-beta.22

Release Date: April 8, 2026
Previous Release: v1.0.0-beta.20 (April 1, 2026)

---

Highlights

This release replaces the authentication system end-to-end with a Cognito-native identity broker and zero-configuration first-boot experience. The previous generic OIDC flow, backend token exchange, and manual auth provider seeding are gone entirely. Alongside the auth migration, CORS handling is unified across all six CDK stacks via a shared buildCorsOrigins helper, the RBAC authorization layer is consolidated to a single require_app_roles dependency with role enrichment from stored user profiles, and a documentation cleanup purges 54,000+ lines of outdated specs and AI-generated artifacts.

---

⚠️ Breaking Change — Cognito Authentication Migration

This is a breaking change release. The entire authentication system has been replaced with AWS Cognito as the sole identity broker. The previous generic OIDC implementation — including the backend token exchange service, OIDC discovery endpoint, PKCE flow, and multi-provider auth bootstrapping — has been removed. There is no backward compatibility layer and no migration path that preserves the old auth flow. The legacy implementation is not supported going forward.

If you are upgrading an existing deployment, you must:

1. Deploy the Infrastructure stack first to provision the new Cognito User Pool, App Client, and Domain
2. Reconfigure any federated identity providers (e.g., Entra ID, Okta) as Cognito federated IdPs — the old auth provider table format is not compatible
3. Re-bootstrap your admin user via the new first-boot flow (the first user to access the app after upgrade creates the admin account)
4. Update all CI/CD workflows with CDK_DOMAIN_NAME and CDK_CORS_ORIGINS environment variables

If you are deploying fresh, the new first-boot experience handles everything automatically — no manual seeding or Secrets Manager configuration required.

---

Cognito First-Boot Authentication

The entire authentication architecture has been rearchitected around AWS Cognito as the native identity provider. The previous generic OIDC flow — including manual auth provider seeding, Secrets Manager client secret configuration, and the multi-step bootstrap process — has been removed with no backward compatibility.

First-Boot Experience

On initial deployment, the first user to access the application is presented with a setup page to create the admin account directly in Cognito. This eliminates the previous multi-step bootstrap process (seed auth provider secrets, configure OIDC endpoints, create initial user). The first-boot flow uses race-condition-safe DynamoDB writes to ensure only one admin account is created.

Infrastructure

A Cognito User Pool, App Client, and Domain are now provisioned in the Infrastructure CDK stack. SSM parameters wire the Cognito configuration across stacks. The AgentCore Runtime is configured with a single Cognito JWT authorizer, replacing the previous generic OIDC validator.

Backend

• New CognitoJWTValidator replaces GenericOIDCJWTValidator with Cognito-specific JWKS validation and claim extraction
• New system/ module (cognito_service.py, repository.py, routes.py, models.py) handles first-boot setup, system status, and Cognito user/group management
• New cognito_idp_service.py in shared/auth_providers/ manages federated identity provider CRUD via Cognito IdP APIs
• add_user_to_group method manages Cognito group membership with rollback on failure
• Bootstrap script (seed_bootstrap_data.py) simplified — no longer seeds auth provider secrets, focuses on RBAC roles and JWT mappings
• Runtime-provisioner and runtime-updater Lambda functions removed entirely (2,800+ lines deleted)

Frontend

• New first-boot page (first-boot.page.ts) with admin account creation form and first-boot.guard.ts route guard
• Login page simplified — delegates to Cognito OAuth 2.0 + PKCE flow instead of managing tokens directly
• auth-api.service.ts removed — frontend communicates directly with Cognito
• callback.service.ts rewritten for Cognito token exchange
• Auth provider form now displays the required Cognito redirect URI ({cognitoDomainUrl}/oauth2/idpresponse) with a copy button for zero-friction IdP registration
• Provider list page simplified — runtime status UI and unused icon imports removed
• Updated favicon and logo assets with refreshed branding and cross-platform icon support

Test Coverage

1,177 lines of new CognitoIdPService tests, 316 lines of CognitoJWTValidator tests, 286 lines of first-boot tests, 278 lines of system service tests, plus updated auth route, dependency, RBAC, and auth sweep tests. Frontend gains SystemService unit tests and updated auth guard/callback/interceptor specs.

---

Cognito-Managed Auth Flow Migration

The backend OIDC authentication service and token exchange layer have been removed entirely with no compatibility shim. The frontend now communicates directly with Cognito for all auth operations. The legacy OIDC implementation is not supported and will not be restored.

Removed

• Backend auth/models.py, auth/service.py, and associated test files (test_oidc_auth_service.py, test_pkce.py)
• Token refresh and logout endpoints from backend auth routes
• OIDC discovery endpoint (POST /discover) from admin auth provider routes
• 1,318 lines of backend auth code deleted

Simplified

• Auth routes reduced to a single public provider listing endpoint
• User service updated to work with Cognito-provided user information
• Auth provider repository gains JSON parsing error handling for malformed Secrets Manager values

---

RBAC Authorization Consolidation

The authorization system has been consolidated from multiple role-checking functions to a single require_app_roles dependency that resolves permissions through AppRoleService.

Removed

• require_roles, require_all_roles, has_any_role, has_all_roles
• Role-specific decorators: require_faculty, require_staff, require_developer, require_aws_ai_access
• Auth module exports simplified to only require_app_roles and require_admin

Added

• User roles enriched from stored DynamoDB profile during token processing, ensuring RBAC uses correct IdP-mapped roles instead of Cognito provider group names
• User profile cache invalidation on sync_my_profile — subsequent requests pick up fresh roles immediately instead of waiting for the 5-minute cache TTL
• JSON array parsing for custom:roles claim (CognitoJWTValidator) — supports both '["Admin","Staff"]' and comma-separated formats for Entra ID role mapping
• parseRolesFromToken utility function on the frontend with 118 lines of test coverage
• jwt_role_mappings updates now allowed on system_admin role — validation changed from error-raising to silent field filtering with logging
• Role priority maximum increased from 999 to 1000

---

CORS Unification

All six CDK stacks now use a single shared buildCorsOrigins() helper in config.ts that builds CORS origins from CDK_DOMAIN_NAME (always), localhost:4200 (always, for local dev), and optional per-section additionalCorsOrigins. This replaces the previous per-stack corsOrigins fields that were inconsistent and error-prone.

Changes

• S3 CORS configuration made conditional — undefined when no origins are configured, preventing empty CORS rules
• RAG CORS Lambda fix: ExposedHeaders corrected to ExposeHeaders (the valid boto3 S3 CORS parameter name), fixing CloudFormation custom resource failures during frontend stack deployment
• Both Python APIs (app_api, inference_api) read CORS_ORIGINS env var, replacing hardcoded allow_origins=['*'] with an env-driven allowlist
• Regression tests added for CORS_ORIGINS in app-api and inference-api stack tests

---

Bootstrap & Seeding Fixes

• Bootstrap script (seed_bootstrap_data.py) is now the sole owner of RBAC role seeding — ensure_system_roles() removed from app-api startup to prevent overwriting admin customizations on every boot
• system_admin role seeded with jwt_role_mappings=['system_admin'] instead of empty array — fixes the issue where Cognito first-boot admin users had the right cognito:groups claim but no matching AppRole
• Additive JWT mapping seeding: if the role exists but is missing required mappings, they're added without removing existing custom mappings

---

CI/CD Improvements

• CDK_DOMAIN_NAME and CDK_CORS_ORIGINS added to all workflow jobs that run synth or deploy (previously missing from inference-api.yml and gateway.yml, causing loadConfig validation failures)
• CDK_CORS_ORIGINS and CDK_FILE_UPLOAD_CORS_ORIGINS added to nightly deploy pipeline
• SSM StringParameter creation guarded with conditional check to prevent empty string values (SSM parameter tier rejects empty strings)
• File upload CORS validation softened from hard error to warning since loadConfig runs for all stacks
• Infrastructure workflow updated with Cognito context values
• Trivy image scanning action upgraded from v0.28.0 to v0.35.0 with corrected SHA pin — the previous pin (18f2510) was actually the v0.29.0 commit SHA mislabeled as v0.28.0, and was among the tags compromised in the March 2026 trivy-action supply chain attack. The new pin (57a97c7e) points to the post-remediation immutable v0.35.0 release
• App API synth-cdk job now actually skipped on pull requests — the if: github.event_name != 'pull_request' guard was missing despite being documented in beta.20. PRs no longer require AWS credentials or ARM runners for the app-api workflow

---

Bug Fixes

• Model form validation summary now displayed above submit button showing all invalid fields — fixes the greyed-out submit button with no visible errors on edit
• "Add Model" bu...

Release 1.0.0-beta.20

Release Date: April 1, 2026
Previous Release: v1.0.0-beta.19 (March 25, 2026)

---

Highlights

This release delivers reliable document deletion with a soft-delete lifecycle and background cleanup, a displayText system that preserves original user messages when RAG augmentation or file attachments modify the prompt, a fine-tuning cost dashboard for admin visibility into SageMaker training spend, and a major dependency refresh across all three ecosystems via Dependabot. The security and code quality hardening from the initial beta.20 scope is also included — all CodeQL findings resolved, four Dependabot security vulnerabilities patched, cyclic imports eliminated, and silent exception swallowing replaced with proper logging.

---

Reliable Document Deletion

Document deletion has been rearchitected with a soft-delete pattern and background cleanup to prevent orphaned S3 objects and vector embeddings.

Soft-Delete Lifecycle

Documents now transition through a deleting status before removal. The delete endpoint marks the document immediately and returns, while cleanup runs asynchronously. A DynamoDB TTL field (7-day expiry) acts as a backstop for failed cleanups.

Cleanup Service

A new cleanup_service.py handles retry logic for S3 vector deletion and source file removal. Deterministic vector key generation ensures reliable cleanup even if the original ingestion metadata is incomplete.

Search Filtering

The search path now filters out non-complete documents, preventing stale results from appearing when a document is mid-deletion. The RAG service cross-checks document status during search.

Assistant Deletion

When an assistant is deleted, all associated documents are batch soft-deleted with background cleanup. A new delete_vectors_for_assistant function removes embeddings from the vector store by assistant ID.

Upload Failure Reporting

A new POST /{document_id}/upload-failed endpoint allows the frontend to report client-side upload errors, marking documents as failed with error details for debugging.

Test Coverage

4,200+ lines of new tests across property-based tests (cleanup service, document deletion, search filtering, vector deletion) and integration tests (delete endpoints, cleanup service, document deletion flows).

---

DisplayText for RAG-Augmented and File Attachment Messages

When RAG augmentation or file attachments modify the user's prompt before sending it to the agent, the original message text is now preserved and displayed in the UI instead of the augmented version.

How It Works

• The stream_async and StreamCoordinator accept an original_message parameter to capture the user's input before modification
• When the original differs from the augmented version, a displayText metadata record (D# prefix) is stored in DynamoDB alongside the cost record
• The metadata retrieval path queries both cost records (C#) and display text records (D#)
• The frontend user-message component renders displayText when available, falling back to the stored message content

Debug Output Toggle

A new showDebugOutput setting in Chat Preferences lets users toggle visibility of debug information, useful for inspecting what the agent actually received versus what the UI displays.

---

Fine-Tuning Cost Dashboard

A new admin page provides visibility into SageMaker fine-tuning costs and usage.

Admin Cost Endpoint

GET /admin/fine-tuning/costs returns aggregated cost data for fine-tuning jobs, with per-user breakdowns showing training hours consumed and quota utilization.

Default Quota Hours

Fine-tuning access control now supports a default monthly quota for users without explicit grants, configurable via CDK_FINE_TUNING_DEFAULT_QUOTA_HOURS in the infrastructure config.

Frontend

A dedicated /admin/fine-tuning-costs page displays cost summaries, per-user breakdowns, and usage statistics with period selection.

Fine-Tuning Dashboard Polish

The fine-tuning dashboard also received an informational section explaining the fine-tuning workflow and updated icons for better visual clarity.

---

Assistant Simplification

Archive Removal

The assistant archive functionality has been removed entirely. The ARCHIVED status, archive_assistant endpoint, and include_archived query parameter are gone. Assistants now have a single delete operation — simpler lifecycle, less code.

---

Conversation Sharing Fixes

Shared Conversation Deletion

Deleting a session now properly cascades to associated shared conversations. The shares service cleans up all share records when the parent session is deleted, and the frontend session list reflects the deletion state correctly.

Message Export Fix

The share export feature (POST /shares/{share_id}/export) was failing to persist messages to AgentCore Memory. Fixed by switching from the deprecated append_message API to create_message with proper SessionMessage wrapping and index-based ordering.

UI Improvements

• Shared conversation header simplified — metadata and export button repositioned for cleaner layout
• Export button moved to a floating action bar at the bottom of the shared view
• Icon updates: share icon replaced with heroAdjustmentsHorizontal in session management, heroChatBubbleLeftRight in shared view header

---

Testing Infrastructure

Analog.js Migration

Frontend testing has been migrated to Analog.js tooling (@analogjs/vite-plugin-angular and @analogjs/vitest-angular v3.0.0-alpha.18). The standalone vitest.config.ts has been removed in favor of Analog.js configuration. Analog.js dependencies are pinned to exact versions per the supply chain policy.

Property-Based Testing

fast-check has been added as a dev dependency (v4.6.0, exact pin) for property-based testing in the frontend test suite.

---

Security Vulnerability Patches

Four Dependabot-flagged vulnerabilities have been patched across all three package ecosystems:

Package	Version Change	Severity	Issue
requests (Python)	2.32.5 → 2.33.0	Medium	Insecure temp file reuse in extract_zipped_paths()
picomatch (frontend)	4.0.3 → 4.0.4	High / Medium	ReDoS via extglob quantifiers; method injection in POSIX character classes
picomatch (infrastructure)	2.3.1 → 2.3.2	Medium	Method injection in POSIX character classes
diff (infrastructure)	patched	Low	DoS in parsePatch / applyPatch

Frontend and infrastructure picomatch fixes use npm overrides to force patched versions through transitive dependency trees (@angular-devkit/core, @angular/build).

Known unfixable: yaml@1.10.2 is bundled inside aws-cdk-lib@2.244.0 (latest) — awaiting an AWS CDK update. Pygments@2.19.2 (latest) has no patched version yet.

---

CodeQL Remediation — All Findings Resolved

Two passes resolved every open CodeQL finding on develop, covering 130+ files across Python, TypeScript, and GitHub Actions.

Log Injection (180 fixes)

User-controlled values removed from f-string log statements across the entire backend. All logging now uses %s-style parameterized formatting, preventing log injection attacks where user input could forge log entries.

Silent Exception Swallowing (5 fixes)

Empty except: pass blocks — a recurring source of hidden bugs — have been eliminated:

• event_formatter.py — Errors during final result extraction now log a warning instead of vanishing silently. This was masking streaming failures that were impossible to diagnose.
• url_fetcher.py — Bare except: (catching BaseException including KeyboardInterrupt) narrowed to Exception with an explanatory comment.
• code_interpreter_diagram_tool.py — Same bare except: fix as above.
• admin/users/service.py — Invalid pagination cursors now log a warning instead of silently resetting to page 1.
• tool_result_processor.py — JSONDecodeError catch annotated with intent comment.

Cyclic Import Eliminated

The circular dependency between metadata_storage.py and dynamodb_storage.py has been broken by moving the get_metadata_storage() factory function to the package __init__.py. The dependency graph is now one-directional:

storage/__init__.py (factory) → dynamodb_storage.py → metadata_storage.py (ABC)

Three callers updated to import from apis.app_api.storage instead of apis.app_api.storage.metadata_storage.

Other Fixes

• Unreachable code — Dead if result_seen: break removed from stream_processor.py (result_seen was initialized to False and never set to True)
• Redundant assignment — Unused job = on create_inference_job() call removed in fine-tuning routes
• Print during import — print() statements in inference_api/main.py replaced with logging
• Commented-out code — Stale InvocationRequest class removed from inference API models
• Unnecessary lambdas — lambda v: int(v) simplified to int in fine-tuning repositories
• 13 unused local variables removed across 10 files
• 3 unused imports removed (including dead re-exports in bedrock_embeddings.py)

False Positives Dismissed (11 alerts)

• 9× actions/untrusted-checkout on nightly workflows — these are schedule/dispatch only, never triggered by PRs
• 1× py/non-iterable-in-for-loop — iterating over Enum members is valid Python
• 1× py/unused-global-variable — _generic_validator_initialized is used via global statement (CodeQL doesn't track this)

---

RAG Ingestion Fixes

Lambda Image Digest Refresh

Fixed an issue where RAG ingestion Lambda deployments would report "no changes" even after pushing a fresh Docker image. The root cause: CDK resolves the image tag via SSM at synth time, and if the tag hasn't changed (only the underlying layers), CloudFormation sees no diff. The deploy script now ...

Release 1.0.0-beta.19

Release Date: March 25, 2026
Previous Release: v1.0.0-beta.18 (March 24, 2026)

---

Highlights

This release introduces Conversation Sharing — a full-stack feature that lets users share point-in-time snapshots of conversations via URL, with public or email-restricted access controls. Alongside that, session compaction has been refactored and enabled by default to automatically manage context window size in long conversations, fine-tuning gains drag-and-drop dataset uploads and custom HuggingFace model support, and a round of security hardening resolves all remaining CodeQL clear-text logging alerts. The frontend production build is now fully optimized (4.96 MB initial, down from 8.85 MB), and PR workflows have been slimmed down to only run build and test steps.

---

New Feature: Conversation Sharing

Users can now share conversations with others via shareable URLs. Shares are point-in-time snapshots — the shared view captures the conversation as it existed at the moment of sharing, so subsequent messages don't leak into shared links.

How It Works

• Share modal accessible from the session UI lets users create a share with either public (anyone with the link) or specific (restricted to a list of email addresses) access
• Manage shares dialog on the session management page shows all active shares with options to update access levels or revoke
• Read-only shared view at /shared/:shareId renders the conversation with full markdown formatting, no authentication required for public shares
• Export support for downloading shared conversations

Backend

Three new API routers handle the sharing lifecycle:

• POST /conversations/{session_id}/share — Create a share snapshot
• GET /conversations/{session_id}/shares — List shares for a session
• PUT /shares/{share_id} — Update access level or allowed emails
• DELETE /shares/{share_id} — Revoke a share
• GET /shares/{share_id}/export — Export shared conversation
• GET /shared/{share_id} — Public read-only retrieval

Infrastructure

A new shared-conversations DynamoDB table is provisioned in the Infrastructure stack with two GSIs:

• SessionShareIndex — Lookup shares by original session ID
• OwnerShareIndex — List shares by owner, sorted by creation time

The table name and ARN are exported via SSM parameters and imported by the App API stack, which grants full CRUD permissions to the Fargate task role.

Test Coverage

1,300+ lines of new tests across three test files covering share CRUD operations, access control enforcement, export functionality, and property validation.

---

Session Compaction — Enabled by Default

The session compaction system has been refactored and is now enabled by default for all conversations. Compaction automatically manages context window size by summarizing older turns when the token count exceeds the threshold, keeping conversations responsive without manual intervention.

• Default configuration: enabled, 100K token threshold, 3 protected recent turns, 500-char max tool content length
• Turn-based session manager rewritten with cleaner separation of concerns (870-line net reduction)
• Expanded test suite with 481+ new lines of test coverage for compaction behavior

---

Fine-Tuning Enhancements

Drag-and-Drop Dataset Upload

The training job creation page now supports drag-and-drop file upload with visual feedback, replacing the basic file picker. Upload instructions have been updated to guide users through dataset formatting requirements.

Custom HuggingFace Model Support

Users are no longer limited to the preset model list. The training job form now includes a searchable model selector that accepts any valid HuggingFace model identifier. The backend validates and passes custom model IDs through to SageMaker. Frontend tests cover the custom model selection and submission flow.

---

Security Hardening

Clear-Text Logging Remediation

All remaining CodeQL clear-text logging alerts have been resolved:

• seed_auth_provider — Client IDs masked to first 8 characters, Secrets Manager ARNs fully redacted from output
• seed_bootstrap_data — Full exception objects replaced with error codes in log messages
• external_mcp_client — Server URLs removed from logs, MCP client configuration logging downgraded from info to debug
• oauth_tool_service — Decrypted tokens isolated into _try_get_token() to prevent taint propagation, lazy log formatting applied
• config.ts — AWS account IDs and CORS origins removed from CDK config log output

OAuth Redirect Validation

The OAuth callback endpoint now validates redirect URLs to prevent open redirect vulnerabilities.

Workflow Permissions

All 13 GitHub Actions workflows now declare explicit permissions: contents: read, implementing the principle of least privilege instead of relying on default token permissions.

---

Frontend Production Optimization

The Angular production build is now fully optimized:

• Removed optimization: false override from base build options that was blocking the production configuration
• Production config now enables full optimization, disables source maps, and extracts licenses
• anyComponentStyle budget increased from 4 kB to 200 kB to accommodate Tailwind CSS
• Result: 4.96 MB initial bundle (871 KB gzipped), down from 8.85 MB unoptimized
• BUILD_CONFIG is now branch-aware: main → production, develop → development, manual dispatch → user input

Google Fonts Fix

Google Fonts @import statements moved from component CSS to index.html <link> tags, fixing a CI build failure where the CSS optimizer couldn't resolve external font URLs.

---

CI/CD Improvements

Lighter PR Workflows

Pull request workflow runs have been significantly trimmed across all 7 deployment workflows. PRs now only run:

• Dependency installation and caching
• Stack dependency validation
• CDK TypeScript compilation (catches build errors)
• Python tests (app-api, inference-api)
• Frontend tests (Vitest)

Skipped on PRs: Docker image builds, Docker image tests, CDK synthesis, CDK validation, ECR push, and deployment. This reduces PR CI time and eliminates the need for AWS credentials on pull requests.

---

Bug Fixes

• Bedrock prompt caching — Caching configuration commented out in model config due to current Bedrock limitations. Tests updated to reflect the change.

---

Deployment Notes

This release adds a new DynamoDB table (shared-conversations) to the Infrastructure stack. Deploy the Infrastructure stack first, then the App API stack. If deploying all stacks simultaneously, the App API deployment may fail on first run due to the SSM parameter dependency — just rerun it after Infrastructure completes.

---

Release 1.0.0-beta.18

Release Date: March 24, 2026
Previous Release: v1.0.0-beta.17 (March 23, 2026)

---

Highlights

This release is a supply chain security hardening release. Every dependency across all three ecosystems (Python, npm, GitHub Actions) has been pinned to exact versions, all GitHub Actions are SHA-pinned, CI runners are locked to ubuntu-24.04, Dockerfile apt/dnf packages are version-pinned, and a new 11-file property-based test suite enforces these invariants going forward. Alongside the hardening, the release adds CodeQL Advanced security scanning, a flexible nightly track system that replaces the monolithic nightly pipeline, and migrates RAG resources out of the App API stack into the dedicated RAG Ingestion stack.

---

⚠️ Deployment Note — RAG Data Loss on Existing Deployments

This release removes the assistants documents S3 bucket (assistants-documents), S3 Vector Bucket (assistants-vector-store-v1), and Vector Index (assistants-vector-index-v1) from AppApiStack. These resources are now created in RagIngestionStack under new names (rag-vector-store-v1, etc.). Because CloudFormation tracks resources by logical ID within a stack, deploying this release will cause CDK to delete the old resources from the App API stack. Any existing assistant documents and vector embeddings stored in those buckets will be lost.

If your deployment has data in these resources, you should manually back up or migrate the contents before deploying. If CDK_RETAIN_DATA_ON_DELETE is true in your environment, the removal policy may be set to RETAIN, which would orphan the resources instead of deleting them — but you should verify this against your configuration before relying on it.

---

Supply Chain Security Hardening

A comprehensive security audit identified 17 findings across GitHub Actions, dependency manifests, Dockerfiles, and install scripts. This release addresses all of them.

GitHub Actions SHA Pinning

All third-party GitHub Actions are now pinned to specific commit SHAs with version comments (e.g., actions/checkout@de0fac2e... # v6.0.2). This prevents tag-rewriting supply chain attacks where a compromised action could inject malicious code into CI runs.

Runner Pinning

All workflow jobs now use ubuntu-24.04 instead of ubuntu-latest, ensuring consistent and reproducible build environments that won't silently change behavior when GitHub rolls forward the latest tag.

Exact Dependency Pinning

All three ecosystems have been migrated from range specifiers (>=, ^, ~) to exact version pins:

• Python (pyproject.toml): Every dependency uses == pins (e.g., fastapi==0.135.2, boto3==1.42.73, strands-agents==1.32.0)
• npm frontend (package.json): All ^ prefixes removed, exact versions throughout (e.g., @angular/core 21.2.5, tailwindcss 4.2.1)
• npm infrastructure (package.json): Same treatment (e.g., aws-cdk-lib 2.244.0, aws-cdk 2.1113.0)

Dockerfile Package Pinning

All apt-get install and dnf install commands now specify exact package versions:

• App API and Inference API Dockerfiles: gcc=4:14.2.0-1, g++=4:14.2.0-1, curl=8.14.1-2+deb13u2
• RAG Ingestion Dockerfile: All 9 dnf packages pinned (gcc, make, mesa-libGL, glib2, tar, gzip, ca-certificates, unzip)

Script Hardening

All deployment and install scripts now use npm ci exclusively (no npm install fallback), ensuring lockfile-driven deterministic installs across all environments.

Artifact Retention Policy

A new .github/ARTIFACT_RETENTION.md defines tiered retention periods: Docker tarballs and CDK build artifacts at 1 day, synthesized templates and test results at 7 days, deployment outputs and Trivy scan reports at 30 days. All workflow retention-days values have been aligned to this policy.

Supply Chain Test Suite

A new backend/tests/supply_chain/ directory contains 11 property-based test files that validate security invariants:

• Action SHA pinning, runner version pinning, dependency exact pinning
• Dockerfile package pinning, artifact retention consistency
• Concurrency configuration, secret scoping, script hardening
• Dependabot configuration, documentation presence

These tests run as part of the standard pytest suite and will catch regressions if anyone reintroduces range specifiers or unpinned actions.

---

CodeQL Advanced Security Scanning

A new codeql.yml workflow provides static analysis across three languages: Python, TypeScript, and GitHub Actions. It uses the security-and-quality query suite for broad vulnerability and code quality coverage, plus the github-actions threat model for full Actions taint tracking (18 queries covering code injection, artifact poisoning, cache poisoning, and secret exposure).

The workflow runs on push and PR to develop, plus a weekly scheduled scan to catch new CVEs even when code hasn't changed. A custom codeql-config.yml excludes vendored, generated, test, and build artifact paths to keep scan times reasonable. The first scan already surfaced unused imports and variables in the supply chain test suite, which have been cleaned up in this release.

---

Flexible Nightly Track Selection

The monolithic nightly pipeline has been replaced with a composable track-based system. Instead of a single NIGHTLY_ENABLED boolean, the workflow now reads a NIGHTLY_TRACKS variable (or workflow_dispatch input) containing comma-separated track tokens:

• test-backend-<branch> / test-frontend-<branch> — Run tests against any branch
• deploy-<branch> — Deploy full stack from any branch
• merge-validation:<base>:<overlay> — Deploy base, then overlay (simulates merge)
• scan-images-<branch> — Scan Docker images for vulnerabilities
• all — Run everything with default branches

A new resolve-tracks job parses the tokens into boolean flags and branch refs consumed by downstream jobs. The deploy pipeline is extracted into a reusable nightly-deploy-pipeline.yml called up to 3 times (deploy track, MV base, MV overlay), eliminating all duplication. Fork safety is preserved — if NIGHTLY_TRACKS is empty, nothing runs.

---

RAG Resources Migration

RAG resources (assistants documents bucket, S3 Vector Bucket, Vector Index) have been removed from AppApiStack and are now exclusively managed by RagIngestionStack. The App API stack imports these resources via SSM parameters, improving separation of concerns and eliminating cross-stack resource ownership issues.

The vector store IAM permissions in the App API task role now reference the RAG vector bucket imported from SSM (/${projectPrefix}/rag/vector-bucket-name) instead of a locally-created bucket, with a named SID (RagVectorStoreAccess) for better auditability.

---

Embeddings Refactor

Core embedding and vector store operations have been extracted from the ingestion pipeline into a new shared module at apis.shared.embeddings. The functions generate_embeddings, store_embeddings_in_s3, search_assistant_knowledgebase, and delete_vectors_for_document now live in apis.shared.embeddings.bedrock_embeddings, with the ingestion-specific module re-exporting them for backward compatibility.

A new skip_token_validation parameter on generate_embeddings allows callers to bypass tiktoken-based token validation for short inputs in environments where tiktoken is unavailable (e.g., search Lambda functions). The ingestion pipeline retains its own token validation and chunk-splitting logic.

---

Dependabot Configuration

A new .github/dependabot.yml monitors all four ecosystems (pip, frontend npm, infrastructure npm, GitHub Actions) on a weekly Monday 9 AM Mountain Time schedule. Minor and patch updates are grouped to reduce PR noise (Angular updates grouped separately from other frontend deps, AWS CDK grouped separately from other infrastructure deps). All PRs target the develop branch with ecosystem-specific labels.

---

CI/CD Improvements

• AWS credentials action upgraded to v6.0.0 with SHA pinning, plus a new sanitization step that replaces illegal characters in OIDC role session names and truncates to the 64-character AWS limit
• Explicit OIDC permissions added to nightly deploy, MV base, and MV overlay jobs (id-token: write, contents: read)
• SageMaker conditional gating — synth job now outputs an enabled flag based on CDK_FINE_TUNING_ENABLED; test and deploy jobs skip when fine-tuning is disabled
• Node.js 24 action warnings fixed after SHA-pinning reintroduced older action references

---

Dependency Upgrades

Component	From	To
FastAPI	0.116.1	0.135.2
Starlette	0.47.3	1.0.0
strands-agents	1.27.0+	1.32.0
strands-agents-tools	0.2.20	0.2.23
boto3	1.40.1+	1.42.73
bedrock-agentcore	latest	1.4.7
Angular packages	21.0.x	21.2.5
@angular/cdk	21.0.3	21.2.3
Tailwind CSS	4.1.12+	4.2.1
aws-cdk-lib	2.235.1	2.244.0
aws-cdk (CLI)	2.1033.0	2.1113.0
DOMPurify	3.3.1	3.3.3
undici	7.22.0	7.24.5
hono	4.12.2	4.12.9
katex	0.16.25	0.16.33
mermaid	11.12.1	11.12.3
Vitest	4.0.8	4.0.18
mypy target	py3.9	py3.10

---

Bug Fixes

• Fine-tuning dashboard — Removed an incorrect "retention" label from the inference job display on the SageMaker fine-tuning dashboard.

---

Documentation & Developer Experience

• Added CONTRIBUTING.md with prerequisites, clone/install instructions, environment configuration, testing commands, and contribution workflow
• Supply chain hardening spec (requirements, design, tasks) added under .kiro/specs/supply-chain-hardening/

---

---

Release 1.0.0-beta.17

Release Date: March 23, 2026
Previous Release: v1.0.0-beta.16 (March 20, 2026)

---

Highlights

This release delivers three major improvements: a centralized Settings experience that consolidates scattered user preferences into dedicated pages backed by a new DynamoDB table, a pip-to-uv migration that modernizes the entire Python build pipeline with hardened Docker images, and runtime environment refresh so AgentCore containers always pick up the latest SSM parameter values on every deploy instead of carrying forward stale configuration.

---

Centralized User Settings

The user dropdown menu has been slimmed down to just email, admin link, settings, and logout. All user-facing features that were previously scattered across the dropdown and standalone pages have been consolidated into a /settings/* route hierarchy with dedicated pages:

• Profile — Read-only user info display with a link to My Files
• Appearance — Theme chooser (persisted to localStorage) with placeholders for density and font size
• Chat Preferences — Default model selector backed by a new User Settings API (GET/PUT /users/me/settings), show-token-count toggle, and links to Manage Conversations and Memories
• Connections — Full OAuth connect/disconnect flow via a new ConnectionsService
• API Keys — Migrated from the standalone /api-keys page with loading states
• Usage — Migrated from the standalone /costs dashboard with a month picker for historical data

Backend

A new user-settings DynamoDB table and repository store per-user preferences (starting with defaultModelId). The table is provisioned in the Infrastructure stack with IAM permissions granted to both the App API Fargate tasks and Inference API runtime roles. Graceful degradation is built in — if the table doesn't exist yet, the API returns defaults without errors.

Removed

The standalone Notifications and Privacy settings pages were removed as unnecessary.

---

pip → uv Migration

The entire Python toolchain has been migrated from pip to uv, affecting Docker builds, CI pipelines, and local development workflows.

Docker Security Hardening

• All base images pinned to @sha256 digests (Python 3.13-slim, Lambda Python 3.12)
• Non-root USER directive added to the App API Dockerfile
• Rust toolchain installed via COPY --from=rust:1.87-slim (pinned digest) instead of curl | sh
• Torch pinned to exact version (2.10.0) in RAG ingestion with --require-hashes install from a generated requirements.lock
• curl removed from builder stages

CI/CD

• All three Dockerfiles (app-api, inference-api, rag-ingestion) rewritten for uv
• CI install and test scripts updated for both app-api and inference-api
• Workflow caching switched to uv cache paths
• backend/uv.lock added to workflow path triggers
• sync-version.sh now handles uv.lock regeneration with PEP 440 version conversion

New Release Workflow

A standalone release.yml workflow triggers on push to main, creating annotated git tags and GitHub Releases from RELEASE_NOTES.md. Pre-release versions (alpha/beta/rc/dev) are automatically detected and flagged.

Dependabot

A new .github/dependabot.yml monitors pip, npm, and GitHub Actions dependencies.

---

Runtime Provisioner: SSM Environment Refresh

Previously, when an AgentCore runtime was updated (e.g., on redeploy), the provisioner Lambda preserved the existing environment variables from the original runtime creation. This meant renamed tables, new SSM parameters, or changed values were never picked up.

Now, update_runtime() re-fetches all environment variables from SSM on every update. A fallback to existing values is included if the SSM refresh fails, maintaining stability. The runtime-updater Lambda also gained a get_fresh_environment_variables() function for consistent handling.

---

Configurable Memory Retrieval Thresholds

AgentCore Memory retrieval is now tunable via two new environment variables:

• AGENTCORE_MEMORY_RELEVANCE_SCORE — Minimum relevance score for retrieved memories (default raised from 0.3–0.5 to 0.7)
• AGENTCORE_MEMORY_TOP_K — Maximum number of memories to retrieve

All memory-related environment variables have been renamed from COMPACTION_* to AGENTCORE_MEMORY_COMPACTION_* for consistent naming.

---

Assistant UX Improvements

The assistant experience in the chat interface received several polish updates:

• Action dropdown on the assistant indicator with options to start a new session, edit the assistant, or share it
• Share dialog on the assistant form page for sharing assistants with other users
• Skeleton loading indicators replace blank states while the assistant and chat input are loading
• Improved greeting visibility — the assistant greeting now shows/hides properly based on loading state
• Sidenav updates — the new session button and assistant navigation link are now accessible from the sidebar
• Responsive card layout fix for the assistant list page

---

SageMaker Fine-Tuning Fixes

• Job name scoping — Training and transform job names are now prefixed with PROJECT_PREFIX to match the IAM policy's ${projectPrefix}-* resource constraint. Previously, jobs used ft- and inf- prefixes which caused AccessDeniedException on CreateTrainingJob.
• Missing IAM actions — Added sagemaker:CreateModel and sagemaker:DeleteModel actions plus the model resource ARN to the IAM policy for transform job support.
• Log access — Added logs:DescribeLogStreams to the IAM policy so the fine-tuning dashboard can display SageMaker training logs.
• CDK toggle — Added CDK_FINE_TUNING_ENABLED environment variable to the app-api CI workflow for conditional stack deployment.

---

Bug Fixes

• User settings API trailing slashes — Removed trailing slashes from the /users/me/settings routes that caused 307 redirects on some HTTP clients.
• Assistant list card layout — Fixed responsive grid breakpoints on the assistant list page so cards don't overflow on narrow viewports.

---

Documentation & Developer Experience

• Updated CLAUDE.md with revised coding standards, testing guidelines, and file creation rules
• README logo and header formatting refreshed for better visibility and alignment

---

---