Merge branch 'develop'

Author: Bob Strahan

.github/workflows/developer-tests.yml

@@ -15,6 +15,12 @@ jobs:
     name: Lint, Type Check, and Test
     runs-on: ubuntu-latest
     timeout-minutes: 120 # 2 hours
+    
+    permissions:
+      contents: read
+      issues: read
+      checks: write
+      # pull-requests: write - Not needed: PR comments are disabled (see line 115)
 
     # Use Python 3.13 to match GitLab configuration
     container:

.gitignore

@@ -31,4 +31,9 @@ package-lock.json
 
 # Type checking
 pyrightconfig.temp.json
-.pyright/
+.pyright/
+
+# Python virtual environments
+.venv/
+.venv-*/
+venv/

.gitlab-ci.yml

@@ -95,6 +95,8 @@ deployment_validation:
 integration_tests:
   stage: integration_tests
   timeout: 2h
+  variables:
+    IDP_ADMIN_EMAIL: ${GITLAB_USER_EMAIL}
   # variables:
   #   # In order to run tests in another account, add a AWS_CREDS_TARGET_ROLE variable to the Gitlab pipeline variables.
   #   AWS_CREDS_TARGET_ROLE: ${AWS_CREDS_TARGET_ROLE}
@@ -136,3 +138,34 @@ integration_tests:
 
     # Run integration test deployment
     - python3 scripts/integration_test_deployment.py
+
+  after_script:
+    # Display CodeBuild logs directly in GitLab runner console
+    - |
+      if [ -f "pipeline_execution_id.txt" ]; then
+        EXECUTION_ID=$(cat pipeline_execution_id.txt)
+        echo "Pipeline Execution: $EXECUTION_ID"
+        
+        # Get CodeBuild ID from the pipeline execution
+        BUILD_ID=$(aws codepipeline list-action-executions --pipeline-name ${IDP_PIPELINE_NAME:-idp-sdlc-deploy-pipeline} --filter pipelineExecutionId=$EXECUTION_ID --query 'actionExecutionDetails[?actionName==`BuildAction`].output.executionResult.externalExecutionId' --output text 2>/dev/null || echo "")
+        
+        if [ "$BUILD_ID" != "" ] && [ "$BUILD_ID" != "None" ]; then
+          echo "CodeBuild ID: $BUILD_ID"
+          # Extract just the build ID part (after the colon)
+          LOG_STREAM_NAME="${BUILD_ID#*:}"
+          echo "Log Stream: $LOG_STREAM_NAME"
+          echo ""
+          echo "=== CODEBUILD LOGS ==="
+          aws logs get-log-events --log-group-name "/aws/codebuild/app-sdlc" --log-stream-name "$LOG_STREAM_NAME" --start-from-head --query 'events[].message' --output text 2>/dev/null || echo "Could not retrieve CodeBuild logs"
+        else
+          echo "Could not find CodeBuild execution"
+        fi
+      else
+        echo "No pipeline execution ID found"
+      fi
+
+  artifacts:
+    when: always
+    paths:
+      - pipeline_execution_id.txt
+    expire_in: 1 week

ANALYSIS_JSON_SCHEMA_LIBRARIES.md

@@ -5,6 +5,34 @@ SPDX-License-Identifier: MIT-0
 
 ## [Unreleased]
 
+## [0.4.1]
+
+### Changed
+
+- **Configuration Library Updates with JSON Schema Support**
+  - Updated configuration library with JSON schema format for lending package, bank statement, and RVL-CDIP package samples
+  - Enhanced configuration files to align with JSON Schema Draft 2020-12 format introduced in v0.4.0
+  - Updated notebooks and documentation to reflect JSON schema configuration structure
+
+### Fixed
+
+- **UI Few Shot Examples Display** - Fixed issue where few shot examples were not displaying correctly from configuration in the Web UI
+- **Re-enabled Regex Functionality** - Restored document name and page content regex functionality for Pattern-2 classification that was temporarily missing
+- **Pattern-2 ECR Enhanced Scanning Support** - Added required IAM permissions (inspector2:ListCoverage, inspector2:ListFindings) to Pattern2DockerBuildRole to support AWS accounts with Amazon Inspector Enhanced Scanning enabled. Also added KMS permissions (kms:Decrypt, kms:CreateGrant) for customer-managed encryption keys. This resolves AccessDenied errors and CodeBuild timeouts when deploying Pattern-2 in accounts with enhanced scanning enabled.
+- **Reporting Database Data Loss After Evaluation Refactoring - Fixes #121**
+  - Fixed bug where metering data and document_section data stopped being written to the reporting database after evaluation was migrated from EventBridge to Step Functions workflow
+- **IDP CLI Deploy Command Parameter Preservation Bug**
+  - Fixed bug where `idp-cli deploy` command was resetting ALL stack parameters to their default values during updates, even when users only intended to change specific parameters
+- **Pattern-2 Intermittent HITLStatusUpdateFunction ECR Access Failure**
+  - Fixed intermittent "Lambda does not have permission to access the ECR image" (403) errors during Pattern-2 deployment
+  - **Root Cause**: Race condition where Lambda functions were created before ECR images were fully available and scannable
+  - **Solution**: Enhanced CodeBuild custom resource to verify ECR image availability before completing, including:
+    - Verification that all required Lambda images exist in ECR repository
+    - Check that image scanning is complete (repository has `ScanOnPush: true`)
+  - **New Parameter**: Added `EnablePattern2ECRImageScanning` parameter (current default: false) to allow users to enable/disable ECR vulnerability scanning if experiencing deployment issues
+    - Recommended: Set enabled (true) for production to maintain security posture
+    - Optional: Disable (false) only as temporary workaround for deployment reliability
+
 ## [0.4.0]
 
 > **⚠️ IMPORTANT NOTICE - SIGNIFICANT CONFIGURATION CHANGES**

CHANGELOG.md

@@ -15,7 +15,7 @@ test:
 	cd idp_cli && python -m pytest -v
 
 # Run both linting and formatting in one command
-lint: ruff-lint format check-arn-partitions
+lint: ruff-lint format check-arn-partitions validate-buildspec ui-lint
 
 # Run linting checks and fix issues automatically
 ruff-lint:
@@ -38,9 +38,28 @@ lint-cicd:
 		echo -e "$(RED)ERROR: Code formatting check failed!$(NC)"; \
 		echo -e "$(YELLOW)Please run 'make format' locally to fix these issues.$(NC)"; \
 		exit 1; \
+	fi; \
+	echo "All checks passed!"
+	@echo "Frontend checks"
+	@if ! make ui-lint; then \
+		echo -e "$(RED)ERROR: UI lint failed$(NC)"; \
+		exit 1; \
+	fi
+
+	@if ! make ui-build; then \
+		echo -e "$(RED)ERROR: UI build failed$(NC)"; \
+		exit 1; \
 	fi
+	
 	@echo -e "$(GREEN)All code quality checks passed!$(NC)"
 
+# Validate AWS CodeBuild buildspec files
+validate-buildspec:
+	@echo "Validating buildspec files..."
+	@python3 scripts/validate_buildspec.py patterns/*/buildspec.yml || \
+		(echo -e "$(RED)ERROR: Buildspec validation failed!$(NC)" && exit 1)
+	@echo -e "$(GREEN)✅ All buildspec files are valid!$(NC)"
+
 # Check CloudFormation templates for hardcoded AWS partition ARNs and service principals
 check-arn-partitions:
 	@echo "Checking CloudFormation templates for hardcoded ARN partitions and service principals..."
@@ -90,6 +109,14 @@ typecheck-pr:
 	python3 scripts/typecheck_pr_changes.py $(TARGET_BRANCH)
 
 
+ui-lint:
+	@echo "Checking UI lint"
+	cd src/ui && npm ci --prefer-offline --no-audit && npm run lint
+
+ui-build:
+	@echo "Checking UI build"
+	cd src/ui && npm ci --prefer-offline --no-audit && npm run build
+
 commit: lint test
 	$(info Generating commit message...)
 	export COMMIT_MESSAGE="$(shell q chat --no-interactive --trust-all-tools "Understand pending local git change and changes to be committed, then infer a commit message. Return this commit message only" | tail -n 1 | sed 's/\x1b\[[0-9;]*m//g')" && \

Makefile

@@ -1 +1 @@
-0.4.0
+0.4.1