From 8faf4ec4da3caea4e236cb7670384d8623e371f8 Mon Sep 17 00:00:00 2001 From: Hassan Date: Sun, 19 Apr 2026 12:54:44 -0500 Subject: [PATCH] fix: correct module path mapping for ZIP deployment type The ZIP packager was reading the wrong source directories when building the deployment artifact, causing ModuleNotFoundError crashes at runtime. Also fixes AgentCore Runtime not picking up updated ZIPs on redeploy. --- infra-cdk/lib/backend-stack.ts | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/infra-cdk/lib/backend-stack.ts b/infra-cdk/lib/backend-stack.ts index 2f838d9f..35de1b2d 100644 --- a/infra-cdk/lib/backend-stack.ts +++ b/infra-cdk/lib/backend-stack.ts @@ -112,6 +112,7 @@ export class BackendStack extends cdk.NestedStack { // Create the agent runtime artifact based on deployment type let agentRuntimeArtifact: agentcore.AgentRuntimeArtifact let zipPackagerResource: cdk.CustomResource | undefined + let zipContentHash: string | undefined if (deploymentType === "zip" && (pattern === "claude-agent-sdk-single-agent" || pattern === "claude-agent-sdk-multi-agent")) { throw new Error( @@ -156,12 +157,28 @@ export class BackendStack extends cdk.NestedStack { } } - // Read shared modules (gateway/, tools/) - for (const module of ["gateway", "tools"]) { - const moduleDir = path.join(repoRoot, module) // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal - if (fs.existsSync(moduleDir)) { - this.readDirRecursive(moduleDir, module, agentCode) - } + // Read shared gateway/ module from repo root (mirrors Docker: COPY gateway/ gateway/) + const gatewayDir = path.join(repoRoot, "gateway") // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal + if (fs.existsSync(gatewayDir)) { + this.readDirRecursive(gatewayDir, "gateway", agentCode) + } + + // Read root tools/ as agentcore_tools/ (mirrors Docker: COPY tools/ agentcore_tools/) + const rootToolsDir = path.join(repoRoot, "tools") // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal + if (fs.existsSync(rootToolsDir)) { + this.readDirRecursive(rootToolsDir, "agentcore_tools", agentCode) + } + + // Read pattern-specific tools/ (mirrors Docker: COPY patterns/{pattern}/tools/ tools/) + const patternToolsDir = path.join(patternDir, "tools") // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal + if (fs.existsSync(patternToolsDir)) { + this.readDirRecursive(patternToolsDir, "tools", agentCode) + } + + // Read shared utils/ (mirrors Docker: COPY patterns/utils/ utils/) + const sharedUtilsDir = path.join(repoRoot, "patterns", "utils") // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal + if (fs.existsSync(sharedUtilsDir)) { + this.readDirRecursive(sharedUtilsDir, "utils", agentCode) } // Read requirements @@ -174,6 +191,7 @@ export class BackendStack extends cdk.NestedStack { // Create hash for change detection // We use this to trigger update when content changes const contentHash = this.hashContent(JSON.stringify({ requirements, agentCode })) + zipContentHash = contentHash // Custom Resource to trigger packaging const provider = new cr.Provider(this, "ZipPackagerProvider", { @@ -361,7 +379,7 @@ export class BackendStack extends cdk.NestedStack { requestHeaderConfiguration: { allowlistedHeaders: ["Authorization"], }, - description: `${pattern} agent runtime for ${config.stack_name_base}`, + description: `${pattern} agent runtime for ${config.stack_name_base}${zipContentHash ? ` [${zipContentHash.slice(0, 8)}]` : ""}`, }) // AGUI protocol override — CloudFormation doesn't support AGUI enum yet