AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2026-02-25 · Documentation low

File: cli/latest/reference/bedrock/get-automated-reasoning-policy-build-workflow-result-assets.md

Summary

Added support for new asset types (FIDELITY_REPORT, ASSET_MANIFEST, SOURCE_DOCUMENT) and introduced the --asset-id parameter. Documented new fidelity report structure with integrity verification features.

Security assessment

The change introduces SHA-256 document hashing for integrity verification in both source documents and fidelity reports. While this enhances security through integrity checks, there's no evidence it addresses a specific vulnerability. The hashing provides tamper detection but isn't tied to a disclosed security incident.

Diff

diff --git a/cli/latest/reference/bedrock/get-automated-reasoning-policy-build-workflow-result-assets.md b/cli/latest/reference/bedrock/get-automated-reasoning-policy-build-workflow-result-assets.md
index 4c605dfe5..24606892f 100644
--- a//cli/latest/reference/bedrock/get-automated-reasoning-policy-build-workflow-result-assets.md
+++ b//cli/latest/reference/bedrock/get-automated-reasoning-policy-build-workflow-result-assets.md
@@ -15 +15 @@
-  * [AWS CLI 2.33.27 Command Reference](../../index.html) »
+  * [AWS CLI 2.33.29 Command Reference](../../index.html) »
@@ -69,0 +70 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/bedroc
+    [--asset-id <value>]
@@ -120 +121 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/bedroc
-> The type of asset to retrieve (e.g., BUILD_LOG, QUALITY_REPORT, POLICY_DEFINITION).
+> The type of asset to retrieve (e.g., BUILD_LOG, QUALITY_REPORT, POLICY_DEFINITION, GENERATED_TEST_CASES, POLICY_SCENARIOS, FIDELITY_REPORT, ASSET_MANIFEST, SOURCE_DOCUMENT).
@@ -128,0 +130,15 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/bedroc
+>   * `FIDELITY_REPORT`
+>   * `ASSET_MANIFEST`
+>   * `SOURCE_DOCUMENT`
+> 
+
+
+`--asset-id` (string)
+
+> The unique identifier of the specific asset to retrieve when multiple assets of the same type exist. This is required when retrieving SOURCE_DOCUMENT assets, as multiple source documents may have been used in the workflow. The asset ID can be obtained from the asset manifest.
+> 
+> Constraints:
+> 
+>   * min: `0`
+>   * max: `36`
+>   * pattern: `[0-9a-fA-F\-]+`
@@ -261 +277 @@ buildWorkflowAssets -> (tagged union structure)
-> This is a Tagged Union structure. Only one of the following top level keys can be set: `policyDefinition`, `qualityReport`, `buildLog`, `generatedTestCases`, `policyScenarios`.
+> This is a Tagged Union structure. Only one of the following top level keys can be set: `policyDefinition`, `qualityReport`, `buildLog`, `generatedTestCases`, `policyScenarios`, `assetManifest`, `document`, `fidelityReport`.
@@ -1848,0 +1865,457 @@ buildWorkflowAssets -> (tagged union structure)
+> 
+> assetManifest -> (structure)
+>
+>> A manifest listing all available artifacts produced by the build workflow. This provides a catalog of all assets that can be retrieved, including their types, names, and identifiers.
+>> 
+>> entries -> (list) [required]
+>>
+>>> The list of asset entries in the manifest, each describing an available artifact that can be retrieved.
+>>> 
+>>> (structure)
+>>>
+>>>> Represents a single entry in the asset manifest, describing one artifact produced by the build workflow.
+>>>> 
+>>>> assetType -> (string) [required]
+>>>>
+>>>>> The type of asset (e.g., BUILD_LOG, QUALITY_REPORT, POLICY_DEFINITION, GENERATED_TEST_CASES, POLICY_SCENARIOS, FIDELITY_REPORT, ASSET_MANIFEST, SOURCE_DOCUMENT).
+>>>>> 
+>>>>> Possible values:
+>>>>> 
+>>>>>   * `BUILD_LOG`
+>>>>>   * `QUALITY_REPORT`
+>>>>>   * `POLICY_DEFINITION`
+>>>>>   * `GENERATED_TEST_CASES`
+>>>>>   * `POLICY_SCENARIOS`
+>>>>>   * `FIDELITY_REPORT`
+>>>>>   * `ASSET_MANIFEST`
+>>>>>   * `SOURCE_DOCUMENT`
+>>>>> 
+
+>>>> 
+>>>> assetName -> (string)
+>>>>
+>>>>> A human-readable name for the asset, if applicable. This helps identify specific documents or reports within the workflow results.
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * min: `0`
+>>>>>   * max: `256`
+>>>>> 
+
+>>>> 
+>>>> assetId -> (string)
+>>>>
+>>>>> A unique identifier for the asset, if applicable. Use this ID when requesting specific assets through the API.
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * min: `0`
+>>>>>   * max: `36`
+>>>>>   * pattern: `[0-9a-fA-F\-]+`
+>>>>> 
+
+> 
+> document -> (structure)
+>
+>> A source document that was used as input during the build workflow. This allows you to retrieve the original documents that were processed to generate the policy.
+>> 
+>> document -> (blob) [required]
+>>
+>>> The raw content of the source document as a binary blob.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `1`
+>>>   * max: `5000000`
+>>> 
+
+>> 
+>> documentContentType -> (string) [required]
+>>
+>>> The MIME type of the document (e.g., application/pdf, text/plain).
+>>> 
+>>> Possible values:
+>>> 
+>>>   * `pdf`
+>>>   * `txt`
+>>> 
+
+>> 
+>> documentName -> (string) [required]
+>>
+>>> The name of the source document for identification purposes.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `0`
+>>>   * max: `256`
+>>> 
+
+>> 
+>> documentDescription -> (string)
+>>
+>>> An optional description providing context about the document’s content and purpose.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `0`
+>>>   * max: `4000`
+>>> 
+
+>> 
+>> documentHash -> (string) [required]
+>>
+>>> A SHA-256 hash of the document content, used for verification and integrity checking.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `64`
+>>>   * max: `64`
+>>> 
+
+> 
+> fidelityReport -> (structure)
+>
+>> A comprehensive fidelity report that measures how accurately the generated policy represents the source documents. The report includes coverage and accuracy scores, along with detailed grounding information for rules and variables.
+>> 
+>> coverageScore -> (double) [required]
+>>
+>>> A score from 0.0 to 1.0 indicating how well the policy covers the statements in the source documents. A higher score means more of the source content is represented in the policy.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `0.0`
+>>>   * max: `1.0`
+>>> 
+
+>> 
+>> accuracyScore -> (double) [required]
+>>
+>>> A score from 0.0 to 1.0 indicating how accurate the policy rules are relative to the source documents. A higher score means the policy rules more faithfully represent the source material.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `0.0`
+>>>   * max: `1.0`
+>>> 
+
+>> 
+>> ruleReports -> (map) [required]
+>>
+>>> A mapping from rule identifiers to detailed fidelity reports for each rule, showing which source statements ground each rule and how accurate it is.
+>>> 
+>>> key -> (string)
+>>>
+>>>> Constraints:
+>>>> 
+>>>>   * min: `12`
+>>>>   * max: `12`
+>>>>   * pattern: `[A-Z][0-9A-Z]{11}`
+>>>> 
+
+>>> 
+>>> value -> (structure)
+>>>
+>>>> Provides detailed fidelity analysis for a specific policy rule, including which source document statements support it and how accurate the rule is.
+>>>> 
+>>>> rule -> (string) [required]
+>>>>
+>>>>> The identifier of the policy rule being analyzed in this report.
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * min: `12`
+>>>>>   * max: `12`
+>>>>>   * pattern: `[A-Z][0-9A-Z]{11}`
+>>>>> 
+
+>>>>