fix: implement update_message() for guardrail redaction support#388
Open
fix: implement update_message() for guardrail redaction support#388
Conversation
Contributor
✅ No Breaking Changes DetectedNo public API breaking changes found in this PR. |
Hweinstock
reviewed
Apr 2, 2026
src/bedrock_agentcore/memory/integrations/strands/session_manager.py
Outdated
Show resolved
Hide resolved
| Note: AgentCore Memory doesn't support updating events, | ||
| so this is primarily for validation and logging. | ||
| Since AgentCore Memory events are immutable, this method performs an update by | ||
| creating a new event with the updated content and deleting the old event. |
Contributor
There was a problem hiding this comment.
is there a risk that anyone maintains a pointer/reference to the old eventId? My understanding is that recreating it will generate a completely different ID.
Contributor
Author
There was a problem hiding this comment.
added logic to update _latest_agent_message with the new eventId after a successful replacement, so it doesn't hold a reference to the deleted event
noorullr
reviewed
Apr 2, 2026
If create_message succeeds but delete_event fails, attempt to roll back the newly created event to avoid leaving duplicate messages. Addresses review comment about partial failure handling.
…essage Prevents stale eventId references by updating the tracked latest message with the new eventId after a successful create+delete replacement.
notgitika
force-pushed
the
fix/update-message-guardrail-redaction
branch
from
828699f to
a6df5f4
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
update_message()inAgentCoreMemorySessionManagerso that Strands' built-in guardrail redaction (redact_latest_message()) works out of the boxupdate_agent())batch_size > 1case by replacing messages in the send buffer before they are flushedContext
When using Bedrock Guardrails with AgentCore Memory as the Strands session store,
update_message()was a no-op. This meant guardrail-blocked user messages were persisted unredacted, creating a permanent dead-end conversation — on subsequent turns or reconnect, the guardrail would block again on the persisted offending message.Test plan
test_update_message— verifies new event created + old event deleted for persisted messagestest_update_message_wrong_session— session ID mismatch raisesSessionExceptiontest_update_message_no_message_id— graceful skip when message has no event IDtest_update_message_create_fails— raisesSessionExceptionon create failuretest_update_message_delete_fails— raisesSessionExceptionon delete failuretest_update_buffered_message— in-buffer replacement whenbatch_size > 1