Skip to content

Update to version v4.0.0 #220

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tabdunabi merged 2 commits into from
Nov 21, 2025
Merged

Update to version v4.0.0 #220

tabdunabi merged 2 commits into from
Nov 21, 2025

Conversation

@tabdunabi
Copy link
Member

@tabdunabi tabdunabi commented Nov 21, 2025

Added

  • Multi-Agent workflow orchestration to address complex tasks with multiple coordinated agents.
  • Agent Builder use case for configuring, deploying, and managing AI Agents from the Management Dashboard.
  • MCP Server deployment using images, Lambda functions, OpenAPI specs, or Smitty files.
  • Multimodal input capabilities for Agent Builder and workflow use cases.
  • AWS Lambda provisioned concurrency support for text and bedrock agent use cases to improve performance and reduce cold starts.

Security

ihmaws and others added 2 commits November 20, 2025 23:27
@ihmaws
Update to version v4.0.0
2bd21d9
@tabdunabi
Update to version v4.0.0
0af6f3c 
### Added

- Multi-Agent workflow orchestration to address complex tasks with multiple coordinated agents.
- Agent Builder use case for configuring, deploying, and managing AI Agents from the Management Dashboard.
- MCP Server deployment using images, Lambda functions, OpenAPI specs, or Smitty files.
- Multimodal input capabilities for Agent Builder and workflow use cases.
- AWS Lambda provisioned concurrency support for text and bedrock agent use cases to improve performance and reduce cold starts.

### Security

- Upgraded js-yaml to `3.14.2` and `4.1.1` to mitigate CVE-2025-64718
- Upgraded glob to `10.5.0` to mitigate CVE-2025-64756
- Upgraded langchain-core to `0.3.80` to mitigate CVE-2025-65106
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 21, 2025
View reviewed changes
source/infrastructure/lib/utils/constants.ts
];
// Pattern that allows safe file names while preventing path traversal attacks
// Must end with a supported file extension and cannot contain path separators (/ or \)
export const MULTIMODAL_FILENAME_PATTERN = `^[a-zA-Z0-9](?:[a-zA-Z0-9_-]|[\x20](?=[a-zA-Z0-9_-]))*\.(${SUPPORTED_MULTIMODAL_FILE_EXTENSIONS.join('|')})$`;

Check failure

Code scanning / CodeQL

Useless regular-expression character escape High

The escape sequence '.' is equivalent to just '.', so the sequence may still represent a meta-character when it is used in a
regular expression
Loading
.

Copilot Autofix

AI 19 days ago

To fix the problem, the dot (.) in the regular expression should be properly escaped. In JS string literals intended as regex patterns, you must use a double backslash (\\.) so that when passed to a regex engine, the pattern matches a literal dot rather than any character. Specifically, in the definition of MULTIMODAL_FILENAME_PATTERN on line 410 of source/infrastructure/lib/utils/constants.ts, the .(${SUPPORTED_MULTIMODAL_FILE_EXTENSIONS.join('|')}) should be changed to \\. so the final regex, when interpreted, will correctly match file extensions separated by a dot.

No new methods, types, or imports are needed; simply change \. to \\. in the template literal.

Suggested changeset 1
source/infrastructure/lib/utils/constants.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/source/infrastructure/lib/utils/constants.ts b/source/infrastructure/lib/utils/constants.ts
--- a/source/infrastructure/lib/utils/constants.ts
+++ b/source/infrastructure/lib/utils/constants.ts
@@ -407,5 +407,5 @@
 ];
 // Pattern that allows safe file names while preventing path traversal attacks
 // Must end with a supported file extension and cannot contain path separators (/ or \)
-export const MULTIMODAL_FILENAME_PATTERN = `^[a-zA-Z0-9](?:[a-zA-Z0-9_-]|[\x20](?=[a-zA-Z0-9_-]))*\.(${SUPPORTED_MULTIMODAL_FILE_EXTENSIONS.join('|')})$`;
+export const MULTIMODAL_FILENAME_PATTERN = `^[a-zA-Z0-9](?:[a-zA-Z0-9_-]|[\x20](?=[a-zA-Z0-9_-]))*\\\.(${SUPPORTED_MULTIMODAL_FILE_EXTENSIONS.join('|')})$`;
 export const MULTIMODAL_FILE_EXPIRATION_DAYS = 2;
EOF
@@ -407,5 +407,5 @@
];
// Pattern that allows safe file names while preventing path traversal attacks
// Must end with a supported file extension and cannot contain path separators (/ or \)
export const MULTIMODAL_FILENAME_PATTERN = `^[a-zA-Z0-9](?:[a-zA-Z0-9_-]|[\x20](?=[a-zA-Z0-9_-]))*\.(${SUPPORTED_MULTIMODAL_FILE_EXTENSIONS.join('|')})$`;
export const MULTIMODAL_FILENAME_PATTERN = `^[a-zA-Z0-9](?:[a-zA-Z0-9_-]|[\x20](?=[a-zA-Z0-9_-]))*\\\.(${SUPPORTED_MULTIMODAL_FILE_EXTENSIONS.join('|')})$`;
export const MULTIMODAL_FILE_EXPIRATION_DAYS = 2;
Copilot is powered by AI and may make mistakes. Always verify output.
source/ui-chat/src/utils/constants.ts
...MULTIMODAL_SUPPORTED_DOCUMENT_FORMATS
];

export const MULTIMODAL_FILENAME_PATTERN = `^[a-zA-Z0-9](?:[a-zA-Z0-9_-]|[\x20](?=[a-zA-Z0-9_-]))*\.(${MULTIMODAL_SUPPORTED_FILE_FORMATS.join('|')})$`;

Check failure

Code scanning / CodeQL

Useless regular-expression character escape High

The escape sequence '.' is equivalent to just '.', so the sequence may still represent a meta-character when it is used in a
regular expression
Loading
.

Copilot Autofix

AI 19 days ago

To fix the problem, ensure that when building a regular expression string intended to match a literal . (dot), the dot is escaped twice in the string: once for the string itself and once for the RegExp, i.e., \\.. You only need to edit the line assigning MULTIMODAL_FILENAME_PATTERN in source/ui-chat/src/utils/constants.ts: change \. to \\.. No changes to imports or definitions are needed, as only the string literal must be updated.

Suggested changeset 1
source/ui-chat/src/utils/constants.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/source/ui-chat/src/utils/constants.ts b/source/ui-chat/src/utils/constants.ts
--- a/source/ui-chat/src/utils/constants.ts
+++ b/source/ui-chat/src/utils/constants.ts
@@ -75,7 +75,7 @@
     ...MULTIMODAL_SUPPORTED_DOCUMENT_FORMATS
 ];
 
-export const MULTIMODAL_FILENAME_PATTERN = `^[a-zA-Z0-9](?:[a-zA-Z0-9_-]|[\x20](?=[a-zA-Z0-9_-]))*\.(${MULTIMODAL_SUPPORTED_FILE_FORMATS.join('|')})$`;
+export const MULTIMODAL_FILENAME_PATTERN = `^[a-zA-Z0-9](?:[a-zA-Z0-9_-]|[\x20](?=[a-zA-Z0-9_-]))*\\\.(${MULTIMODAL_SUPPORTED_FILE_FORMATS.join('|')})$`;
 
 //model provider
 export const MODEL_PROVIDER = {
EOF
@@ -75,7 +75,7 @@
...MULTIMODAL_SUPPORTED_DOCUMENT_FORMATS
];

export const MULTIMODAL_FILENAME_PATTERN = `^[a-zA-Z0-9](?:[a-zA-Z0-9_-]|[\x20](?=[a-zA-Z0-9_-]))*\.(${MULTIMODAL_SUPPORTED_FILE_FORMATS.join('|')})$`;
export const MULTIMODAL_FILENAME_PATTERN = `^[a-zA-Z0-9](?:[a-zA-Z0-9_-]|[\x20](?=[a-zA-Z0-9_-]))*\\\.(${MULTIMODAL_SUPPORTED_FILE_FORMATS.join('|')})$`;

//model provider
export const MODEL_PROVIDER = {
Copilot is powered by AI and may make mistakes. Always verify output.
@tabdunabi tabdunabi merged commit fc5c571 into main Nov 21, 2025
4 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ihmaws ihmaws ihmaws approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tabdunabi @ihmaws