Skip to content

refactor: move harness resources to .github/harness/#992

Merged
jesseturner21 merged 3 commits intomainfrom
refactor/move-scripts-to-automation
Apr 30, 2026
Merged

refactor: move harness resources to .github/harness/#992
jesseturner21 merged 3 commits intomainfrom
refactor/move-scripts-to-automation

Conversation

@jesseturner21
Copy link
Copy Markdown
Contributor

@jesseturner21 jesseturner21 commented Apr 27, 2026
edited
Loading

Summary

  • Create .github/harness/ for AgentCore Harness resources (PR reviewer now, tester later)
  • Move harness_review.py and prompts/ from .github/scripts/ to .github/harness/
  • Add Dockerfile for the harness container (dual-token: CLONE_TOKEN for git clones, GITHUB_TOKEN for gh CLI/PR comments)
  • Add README.md documenting the harness directory and build instructions
  • Update pr-ai-review.yml workflow to reference new path
  • .github/scripts/ stays untouched for Strands workflows

Test plan

  • Built container image from new Dockerfile with finch build
  • Verified CLONE_TOKEN clones repos inside container
  • Verified GITHUB_TOKEN authenticates gh CLI and can post PR comments
  • Triggered pr-ai-review workflow — ran successfully and posted review comment
  • CI checks pass (format, lint, build, e2e)

@jesseturner21 jesseturner21 requested a review from a team April 27, 2026 21:57
@github-actions github-actions Bot added the size/s PR size: S label Apr 27, 2026
@github-actions github-actions Bot added the agentcore-harness-reviewing AgentCore Harness review in progress label Apr 27, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 27, 2026

Package Tarball

aws-agentcore-0.11.0.tgz

How to install

npm install https://github.com/aws/agentcore-cli/releases/download/pr-992-tarball/aws-agentcore-0.11.0.tgz

@agentcore-cli-automation
Copy link
Copy Markdown

agentcore-cli-automation commented Apr 27, 2026

Tokens baked into image layers are extractable by anyone who can pull the image

The Dockerfile comment claims "Tokens are passed as build args only — not stored in env vars", but using build args in RUN commands still persists the token values into the image layers:

  • Line 23 writes the CLONE_TOKEN into /root/.gitconfig in plaintext as part of that layer.
  • Lines 26–30 write the GITHUB_TOKEN into /root/.config/gh/hosts.yml in plaintext as part of that layer.
  • docker history --no-trunc <image> will also show the interpolated ARG values in the RUN command strings themselves (since the shell substitution happens before the layer is committed, the resolved command is what Docker records).

Anyone with pull access to the resulting image (e.g., the ECR repo the harness pulls from, any cached layers on build hosts, any mirror/backup) can extract both tokens. This is materially different from "not stored in env vars" — it's arguably worse, because env-var tokens die with the container while baked-in tokens live with every copy of the image.

A few options:

  1. Don't bake the tokens in at all. Have the harness runtime mount /root/.gitconfig and /root/.config/gh/hosts.yml (or inject the tokens via env vars and let the entrypoint configure git/gh at container start). This keeps the image itself token-free and allows rotating tokens without rebuilding.

  2. Use BuildKit secrets (RUN --mount=type=secret,id=clone_token …) so the token is available during build but never written into a layer. The git config / gh hosts.yml files would need to be generated at container start from the mounted secret, not at build time.

  3. If baking in is truly intentional (e.g., the image is stored in a private registry with access equivalent to the tokens themselves, and rotation-via-rebuild is acceptable), then at minimum update the comment on line 18 to be accurate — something like "Tokens are baked into the image at build time; this image must be treated as a secret and stored only in a registry with equivalent access controls." The current comment reads as a security guarantee that isn't true.

Also worth noting: the README's finch build example passes tokens as plain --build-arg, which means they'll also show up in shell history and any CI build logs that echo the command. If you go with option 1 or 2, the README example should change too.

@github-actions github-actions Bot removed the agentcore-harness-reviewing AgentCore Harness review in progress label Apr 27, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 27, 2026
edited
Loading

Coverage Report

Status Category Percentage Covered / Total
🔵 Lines 43.01% 7793 / 18117
🔵 Statements 42.41% 8245 / 19439
🔵 Functions 40.4% 1347 / 3334
🔵 Branches 40.65% 5108 / 12564
Generated in workflow #2184 for commit 1633959 by the Vitest Coverage Report Action

@jesseturner21
refactor: move harness resources to .github/harness/
e1d63ba 
Move PR reviewer harness files into a dedicated .github/harness/ directory,
separate from the general .github/scripts/ used by Strands workflows.

- Move harness_review.py, prompts/ to .github/harness/
- Add Dockerfile for the harness container (dual-token: CLONE_TOKEN for
  git clones, GITHUB_TOKEN for gh CLI/PR comments)
- Add README documenting the harness directory
- Update pr-ai-review workflow to reference new path
- Update .prettierignore for new prompts location
@jesseturner21 jesseturner21 force-pushed the refactor/move-scripts-to-automation branch from bf3ff79 to e1d63ba Compare April 28, 2026 14:21
@jesseturner21 jesseturner21 changed the title refactor: move .github/scripts to .github/automation and add Dockerfile refactor: move harness resources to .github/harness/ Apr 28, 2026
@github-actions github-actions Bot added size/s PR size: S and removed size/s PR size: S labels Apr 28, 2026
@jesseturner21
Copy link
Copy Markdown
Contributor Author

jesseturner21 commented Apr 30, 2026

Thanks for the thorough review. Going with option 3 for now — updated the Dockerfile comment in ce006eb to accurately state that tokens are baked into the image at build time and the image must be treated as a secret (stored only in a registry with equivalent access controls).

This image is only stored in a private ECR repo with access scoped to the same principals that already have the tokens, and rotation-via-rebuild is acceptable for our use case. We can revisit with BuildKit secrets or runtime injection if the access model changes.

@github-actions github-actions Bot added size/s PR size: S and removed size/s PR size: S labels Apr 30, 2026
@jesseturner21
fix(harness): update Dockerfile comment to accurately describe token …
cf66f28 
…handling

Tokens are baked into image layers at build time — the previous comment
incorrectly implied they were not stored. Updated to make the security
posture explicit: the image itself must be treated as a secret.
@jesseturner21 jesseturner21 force-pushed the refactor/move-scripts-to-automation branch from ce006eb to cf66f28 Compare April 30, 2026 14:41
@github-actions github-actions Bot added size/s PR size: S and removed size/s PR size: S labels Apr 30, 2026
@jesseturner21 @claude
refactor(harness): use boto3 invoke_harness instead of raw SigV4 HTTP
1633959 
Replace manual SigV4 signing + urllib3 + EventStreamBuffer parsing with
the native boto3 bedrock-agentcore client's invoke_harness method.
This simplifies the code significantly and leverages the typed event
stream response from the SDK.

Rejected: keep raw HTTP approach | boto3 now supports invoke_harness natively
Confidence: high
Scope-risk: narrow

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@github-actions github-actions Bot added size/m PR size: M and removed size/s PR size: S labels Apr 30, 2026
@jesseturner21 jesseturner21 merged commit aef3890 into main Apr 30, 2026
22 checks passed
@jesseturner21 jesseturner21 deleted the refactor/move-scripts-to-automation branch April 30, 2026 15:00
@jesseturner21 jesseturner21 mentioned this pull request Apr 30, 2026
Merged
1 task
avi-alpert pushed a commit to avi-alpert/agentcore-cli that referenced this pull request Apr 30, 2026
@jesseturner21
Revert "refactor: move harness resources to .github/harness/ (aws#992)"
b8a90c9 
This reverts commit aef3890.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aidandaly24 aidandaly24 aidandaly24 approved these changes

Assignees

No one assigned

Labels

size/m PR size: M

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jesseturner21 @agentcore-cli-automation @aidandaly24