UI Cleanup

[Light/Dark Theme Fixes]

Some UI elements in light mode were being rendered in a dark theme, such as code blocks, Mermaid tables, message metadata, etc. This change ensures elements render in their appropriate theme based on the user's selection.

[Auto-Scrolling Fix]

Allows users to break out of auto-scrolling during streamed responses by scrolling away from the bottom of the screen. Users can reset auto-scrolling by scrolling back down to the bottom of the stream.

[API Token Dashboard Metrics]

This change ensures that users who programmatically interact with LISA are captured in the metrics dashboard. Additionally, it introduces a reorganization of the metrics dashboard to enhance readability.

[Cypress Smoke Test Refactor]

Significantly enhanced the smoke tests to be more reliable. Added new E2E tests that reuse the smoke tests and a new model creation workflow E2E test.

[Session History Reload Fix]

Fixed session history not loading when selected, and updated session hooks to correctly invalidate and retrieve the session after selecting a new session.

[Markdown Table Support]

Introduced GitHub Flavored Markdown (GFM) to support markdown tables. Added Tailwind CSS overrides to render markdown in chat prompts. Enhanced the system prompt to render math expressions without additional prompting.

Key Changes

• Documentation: Added access control details to the Getting Started section along with general updates, added instructions on how to accept the self-signed certificate in the browser, and updates to configuration labels.
• Cypress Tests: Added additional smoke tests to ensure admin pages load with data, chat prompts render responses, chat sessions are selectable and load properly, and non-admins can't navigate to admin pages.
• Administrative: Added an AdminRoute wrapper around the McpWorkbench component.

Acknowledgements

• @bedanley
• @estohlmann
• @jmharold

Full Changelog: https://github.com/awslabs/LISA/compare/v6.1.0..v6.1.1

⚠️ Important: Major Dependency Updates

This release includes comprehensive dependency updates across the entire platform. While these updates are not breaking changes, they represent significant infrastructure improvements that enhance security and platform stability:

• Lambda Runtime Upgrades: All Lambda functions now use Node.js v24 and Python v3.13 (upgraded from EOL versions)
• Security Vulnerability Remediation: Updated all Python and npm dependencies to address outstanding CVEs
• Platform Modernization: Comprehensive updates to core libraries including React, AWS CDK, LangChain, Boto3, LiteLLM, and more

Recommendation: Test thoroughly in non-production environments before deploying to production systems.

Key Features

API Token Management

To further support multi-tenant environments, LISA Admins can now manage and associate API tokens with specific users or systems. This feature adds an API Management UI where Admins can create, view, and delete API tokens. This feature can be extended to non-admin users by configuring user groups and enabling it in the UI as a configuration option.

User Experience:

• Admin UI: Admins can view, create, and delete API tokens for users and system users
• User UI: Users can create and delete their own API tokens if enabled by the admin

Schedule Management

This feature delivers automatic resource scheduling with LISA self-hosted models through AWS Auto Scaling Groups and Schedule Actions, enabling automated start/stop scheduling that reduces operational costs while maintaining service availability during business hours. The solution supports both UI-driven and API-driven workflows, eliminating manual intervention overhead and providing intelligent resource management.
Scheduling Types:

• DAILY: Configure different start/stop times for each day of the week
• RECURRING: Configure a single start/stop time to be used throughout the week
• NONE: The model will run continuously with no scheduled downtime

RAG UI Enhancements

This set of UI enhancements improves the overall user experience of the Repository, Analysis, and Guardrail (RAG) components:

• Consolidated Components: Standardized common features across the UI such as User Admin Groups inputs, Metadata/Tags forms, Chunking Strategies forms, time rendering elements, and solidified sentence casing for element labels
• Expanded Tables: Exposed more fields to the user in the Repository and Collection tables
• Model In-Use Deletion Notification: Better handles models that are currently in use by collections or pipelines when deleting models
• Placeholder Descriptions: Added placeholder descriptions to improve discoverability
• Reorganized Forms: Reorganized Collection and Repository fields into separate wizard forms

Dependency Updates

This release includes several dependency updates to address security vulnerabilities and keep the project up to date:

• Python and Node Lambda runtimes: Upgraded Lambda runtimes to Node v24 and Python v3.13 to correct EOL versions
• Python Dependencies: Updated Python dependencies to the latest compatible versions, addressing outstanding CVEs: Boto3, LiteLLM, LangChain, Cryptography, etc.
• npm Dependencies: Updated npm dependencies to latest compatible versions, addressing outstanding CVEs: React, cdk-lib, LangChain, Tailwind, Vite, etc...

Bug Fixes and Other Improvements

• Consistent Date Handling: Applied consistent UTC timezone handling for object creation and UI rendering
• VPC/Cert/Guardrail Config Updates: Ensured consistent VPC and Cert configurations across all Lambdas and updated the Guardrail table config
• MCP API Deployment Fix: Ensured MCP APIs are deployed even when the MCP Workbench is disabled
• Document Tagging Improvements: Improved the logic for applying tags from all levels (repository, collection, document, pipeline) during document ingestion

Key Changes

• Feature: Added API Token Management UI for admins and users
• Feature: Implemented automated resource scheduling through AWS Auto Scaling Groups
• Enhancement: Improved the overall user experience of the RAG components
• Dependency Update: Updated various npm, GitHub Actions, and Python dependencies
• Bug Fix: Applied consistent date handling, VPC configurations, and fixed various other bugs

Acknowledgements

• @batzela
• @bedanley
• @dustins
• @jmharold
• @nishi7409

Full Changelog: https://github.com/awslabs/LISA/compare/v6.0.1..v6.1.0

LISA v6.0.1 Hotfix Release

We're releasing a hotfix to address several important configuration, security, and caching improvements following the v6.0.0 launch.

What's Fixed

Prisma Caching Improvements

Enhanced Prisma dependency pre-caching for offline Docker deployments. The system now uses PRISMA_CACHE_DIR with conditional fallback logic, making deployments more reliable in air-gapped environments.

UI Data Refresh Behavior

Updated how the React application handles cached data across all reducers. The app now refetches data on reloads, instead of whenever RTK feels like it. This ensures you always see the most current state.

Model Management Security Enhancement

Important Security Fix: Model management endpoints (create, update, delete) now properly enforce admin-only access control. Non-admin users attempting these operations will receive a 403 Forbidden response. This closes a security gap where model operations weren't validating admin permissions.

Model Health Check Fix

Resolved an issue with the health endpoint during new model creation.

Acknowledgements

• @bedanley
• @dustins
• @estohlmann
• @jmharold

Full Changelog: v6.0.0...v6.0.1

Happy Thanksgiving! We are proud to announce the launch of our next major version, 6.0.0! This launch aligns with AWS re:invent in Las Vegas from Dec 1-5th. LISA 6.0.0 includes major enhancements to LISA's RAG capabilities. It also includes a new standalone solution, LISA MCP.

We hope you enjoy this release as much as we enjoyed building it. Please reach out to our product team via the "Contact us" button in the readme. Our product roadmap is customer driven, and we want to hear your feedback, questions, and needs as we look to 2026.

Breaking Changes

• API Token Table Migration: The API token table has been renamed and moved from the Serve stack to the API Base stack (LisaServeTokenTable → LisaApiBaseTokenTable). Export all existing API keys before upgrading and recreate them in the new table after deployment. This affects admin keys, service accounts, and any programmatic API access.
• Management Key Secret Migration: The LISA management key secret has been moved to the API Base stack with a new name format: ${deploymentName}-management-key (removed lisa- prefix). Update any scripts or integrations that reference the secret by name. The secret value will be auto-generated during deployment; export from AWS Secrets Manager before upgrading if you need to preserve the existing value. Code using the SSM parameter ${deploymentPrefix}/appManagementKeySecretName will continue to work without changes.
• Existing Bedrock Knowledge Base Repositories must be redeployed to support the new collections infrastructure. This is a simple update operation that creates the necessary infrastructure for automatic data source collection creation. Use the repository update API or UI to redeploy existing Bedrock Knowledge Base repositories.

Key Features

LISA MCP

LISA MCP is a standalone infrastructure-as-code solution that allows administrators to deploy and host any Model Context Protocol (MCP) servers directly within LISA. This enterprise hosting platform provides turn-key infrastructure deployment, automatic scaling, and secure networking, allowing organizations to build and operate custom MCP tools without managing underlying infrastructure.

Enterprise Hosting Capabilities

• Turn-key Deployment: Deploy STDIO, HTTP, or SSE MCP servers through a single API call or intuitive UI workflow, eliminating the need for manual infrastructure configuration
• Dynamic Container Management: Bring your own pre-built container images or point to S3 artifacts that are automatically packaged into containers at deployment time
• Automatic Scaling: Configure auto-scaling policies with customizable min/max capacity, CPU, and memory settings to handle varying workloads efficiently
• Secure VPC Networking: All MCP servers run within your private VPC with Application and Network Load Balancers, ensuring traffic never leaves your secure network boundaries
• API Gateway Integration: Hosted MCP servers are automatically exposed through LISA's existing API Gateway, inheriting the same authentication, authorization, and security controls (API keys, IDP lockdown, JWT group enforcement) used across the platform

Administrative Control

• MCP Management UI: Complete lifecycle management through a dedicated admin interface where administrators create, update, start, stop, and delete hosted MCP servers
• Group-Based Access Control: Restrict server visibility and usage to specific identity provider groups or make them available organization-wide
• Lifecycle Automation: Step Functions orchestrate provisioning, health monitoring, failure handling, and connection publishing with full auditability through DynamoDB status records
• Health Monitoring: Built-in health checks at both the container and load balancer levels ensure reliable service availability

Integration & Extensibility

• External Integration Support: Hosted MCP servers can be accessed by external agents, copilots, RPA bots, or SaaS workloads using the same API Gateway endpoints and authentication mechanisms
• mcp-proxy Support: STDIO servers are automatically wrapped with mcp-proxy and exposed over HTTP, simplifying deployment of standard MCP server implementations
• UI & API Parity: Manage servers through either the MCP Management admin page or REST API endpoints (/mcp), providing flexibility for automation and programmatic workflows

LISA RAG Collections

LISA's RAG capabilities just got a major upgrade! We've completely reimagined how you organize and manage RAG documents with the introduction of Collections. Collections transform how you structure your RAG content. Think of repositories as filing cabinets and collections as the organized drawers within—each with its own configuration.

Flexible Document Organization

• Custom Chunking Strategies: Configure different chunking approaches per collection (fixed-size or no chunking). If using a Bedrock Knowledge Base all service chunking strategies are supported
• Flexible Embedding Models: Each collection can use its own embedding model, optimizing retrieval for specific document types
• Access Control: Set collection-level permissions with group-based access control, making it easy to share some collections organization-wide while keeping others restricted within the same repository
• Rich Metadata Support: Tag documents with custom metadata at the repository, collection, or document level for powerful filtering and organization

Intelligent Document Lifecycle Management

• Smart Deletion Workflows: Delete collections asynchronously with optimized cleanup for each supported Repository
• Document Preservation: User-managed documents in Bedrock Knowledge Bases are automatically preserved during collection operations, ensuring you never lose important content
• Enhanced UI Experience: Browse, filter, and sort collections with visual status indicators, intuitive creation wizards, and document library integration with breadcrumb navigation
• Admin-Controlled Operations: Collection creation, updates, and deletion are restricted to administrators while regular users can continue to view and upload documents to collections they have permission to access
• Backward Compatibility: Existing repositories automatically get a virtual "Default" collection using the repository's embedding model with zero downtime and no database migrations required

Bedrock Knowledge Base Updates

• Automatic Collection Creation: Each Bedrock Knowledge Base Data Source gets its own collection with LISA's management capabilities
• Custom Metadata & Tagging: Add LISA's metadata to your Bedrock Knowledge Base documents for enhanced organization and filtering

Other Enhancements

• Updated the prompt area to auto-expand from 2 rows to 20 rows when typing a large prompt.
• Updates for easier prisma client generation
• Enhanced logging in LISA Rest ECS cluster to include LiteLLM logs

Acknowledgements

• @bedanley
• @dustins
• @estohlmann
• @jmharold

Full Changelog: https://github.com/awslabs/LISA/compare/v5.4.0..v6.0.0

Key Features

Bedrock Guardrails Integration

LISA Administrators can now Bedrock Guardrails to any models via the Model Management page or API

• Comprehensive Protection: Integrated with Bedrock Guardrails through LiteLLM's proxy support of the ApplyGuardrail API, enabling guardrails during prompt input, response generation, and prompt output.
• Advanced Capabilities: Supports topic denial, word filtering, sensitive information limitation, contextual grounding checks, and automated reasoning for factual accuracy.
• Flexible Administration: Administrators can apply Guardrails to any LISA model (self hosted or 3rd party) via the Model Management UI or API, with customizable permissions for different user groups.
• Adaptive Policies: Guardrails and group permissions can be updated anytime to evolve content moderation alongside organizational needs.

Offline/Air-gapped Deployment Support

Enhanced the platform to support offline and air-gapped deployments by enabling pre-caching of external dependencies for the REST API and MCP Workbench.

• Nodeenv Pre-caching: Added support for pre-caching the required nodeenv in the REST API container to enable offline deployments.
• Offline Deployment: Enabled configuration of pre-cached external dependencies for the MCP Workbench via to support offline and air-gapped deployments.

MCP Workbench Refactoring

Migrated the MCP Workbench deployment to use the shared LisaServe ECS cluster, improving modularity and enabling conditional deployment.

• MCP Workbench Stack: Created a dedicated stack that deploys the MCP Workbench as a separate ECS service on the shared cluster.
• Conditional Deployment: Introduced a configuration flag to control the optional deployment of the MCP Workbench.
• Container Overrides: Added support for overriding the MCP Workbench container image during deployment..

MCP Workbench UX Improvements

Enhanced the user experience of the MCP Workbench with tool validation, error display, and theme support.

• Validation: Implemented tool validation to improve the user experience.
• Theming: Introduced theme support for the MCP Workbench UI.

Acknowledgements

• @batzela
• @bedanley
• @dustins
• @estohlmann
• @jmharold

Key Features

Enabling OAuth Backed MCP Connections

• MCP OAuth Support: LISA now supports OAuth authentication for the MCP (Model Context Protocol) connection feature, enabling users to securely authenticate and access their connections
• Connection Management: Users can now reset their connections through the connection management interface allowing users to update previously configured settings stored in local storage

Rag Ingestion JobStatus Update

• DDB: The GSI (Global Secondary Index) for the JobStatusTable has been updated to improve the querying and filtering capabilities of the job status information
• Job Status Widget: The RAG ingestion UI now features a new status tracking widget that displays your recent document ingestion job history, enabling monitoring of processing progress

Chat Widget Performance Optimization

This release includes significant performance improvements to the chat widget, addressing performance degradation issues caused by excessive re-rendering

• Memoization: The chat widget has been optimized using memoization techniques, reducing the number of unnecessary re-renders and improving the overall responsiveness of the application
• Conditional Dependencies: The chat widget's dependency handling has been improved, ensuring that only the necessary components are re-rendered based on changes in the data

Langfuse Documentation

This release includes updates to our documentation site where a guide was created on how to integrate Langfuse into LISA Serve to view your LLM traces

Acknowledgements

• @bedanley
• @dustinps
• @estohlmann
• @jmharold

Full Changelog: https://github.com/awslabs/LISA/compare/v5.3.1..v5.3.2

Key Features

Session Encryption

LISA now supports optional session encryption. Administrators can activate encryption which applies to all sessions. When activated, chat sessions are encrypted prior to storage in DynamoDB and automatically decrypted when retrieving data, enhancing data security at rest.

Embedding Client Consolidation

• Unified Configuration: Consolidated embedding clients so both embedding and retrieval use the same configuration logic
• LiteLLM Integration: Removed OpenAIEmbedding in favor of LiteLLM provided embedding through RagEmbedding
• Authentication Streamlining: Merged LisaServe Auth to follow same flow for LiteLLM requests and passthrough

Security Improvements and Vulnerability Remediation

This release includes security related updates across the codebase.
Security Enhancements:

• Dependency Security: Updated vulnerable dependencies across Python and Node.js packages with Dependabot configuration for automated security updates
• Container Security: Updated Dockerfiles with security-focused base images and improved container build processes
• Infrastructure Security: Added CodeQL security scanning workflow and enhanced CI/CD pipeline with security checks
• API Security: Improved API key handling and cleanup mechanisms with enhanced LiteLLM integration

Bug Fixes

• Model ID Normalization: Force model-id to use lowercase per OpenSearch requirements
• Text Encoding: Encode text files using UTF-8 to remove special character double encoding
• Documentation Cleanup: Update cleanup docs function to correct signature
• Model Refresh: Fix refresh of models functionality
• UI Optimization: Remove duplicate similar_search queries from UI
• Threading Fix: Fix threading of async auth calls in RestAPI

Additional Features

• Expanded SDK: Enhanced SDK functionality with integration script for setting up models and vector stores
• Request Caching: Cache repeated requests for configs and keys

Acknowledgements

• @bedanley
• @estohlmann
• @jmharold
• @dustins

Full Changelog: v5.3.0...v5.3.1

Key Features

Model Context Protocol (MCP) Workbench

LISA now includes a comprehensive MCP Workbench that enables administrators to create, test, manage and host custom MCP tools directly within LISA.

MCP Tool Development

• Custom Tool Creation: Administrators can create and edit custom MCP tools using a built-in code editor with syntax highlighting
• Tool Testing Environment: Integrated testing capabilities for validating MCP tools before enterprise rollout
• Template-Based Development: Pre-built template and examples to accelerate tool development
• MCP file hosting support: Administrators can upload MCP tool code directly to S3. The MCP Workbench connection will automatically host this tool for use
• Improved Authentication: Enhanced authentication mechanisms for MCP server connections, if users specify {LISA_BEARER_TOKEN} in the header field, LISA will populate this with the users active token. This is important for proxying calls to internally hosted servers that use the same authentication mechanisms as LISA

Administrative Control

• Tool Management: Administrators can manage and configure the MCP workbench capabilities for their organization
• IDP Group Locking: MCP connections can now be locked down to specific Identity Provider (IdP) groups for enhanced security

Enhanced Model Control

• Custom API Key Support: Support for handling custom API keys for third-party models added to Model Management

Mermaid Diagram Sanitization

• Security Enhancement: Implemented sanitization for Mermaid diagrams to prevent potential security vulnerabilities
• Safe Rendering: Ensures that Mermaid diagrams are rendered safely without executing malicious code

What's Next?

We'll be launching broader MCP tool hosting capabilities in an upcoming LISA release.

Acknowledgements

• @bedanley
• @estohlmann
• @jmharold
• @dustins
• @jonleeh
• @drduhe

Full Changelog: v5.2.0...v5.3.0

Key Features

Model Context Protocol (MCP) Enhancements

• Connection Validation: Real-time connection testing with detailed feedback on server connectivity during connection creation/edit
• Enhanced Debugging: Improved error handling and connection status reporting for MCP servers

Session Management Improvements

• Time-Based Session Grouping: Sessions are now automatically organized into time-based groups based on updated date (Last Day, Last 7 Days, Last Month, Last 3 Months, Older)
• Session ID Removal: Removed session ID from prompt input for cleaner user interface

Retrieval-Augmented Generation (RAG) Improvements

Document Processing

• Document Chunk Processing Fixes: Resolved issues with document chunk processing and ingestion
• Document Library Pagination: Added pagination support for the Document Library to handle large numbers of documents efficiently

Vector Store Configuration

• Default Embedding Model Support: Added ability to define a default embedding model when creating or updating vector stores
• IAM Permissions Optimization: Trimmed vector store IAM permissions to follow the principle of least privilege
• Container Configuration: Added container override configuration for batch ingestion processes

Batch Ingestion

• Container Configuration: Added support for container override configuration in batch ingestion jobs
• Max Batch Jobs Setting: Implemented dynamic maximum batch jobs limit
• Ingestion Rules Updates: Automatic updates to ingestion rules when Lambda functions are updated

Model Management Improvements

• Base Container Configuration: Added support for using prebuilt model containers, instead of building during model deployment

UI/UX Enhancements

• General UI Improvements: Various user interface enhancements to improve usability
• Updated Default System Prompt: Updated LISAs default system prompt to take advantage of new rendering capabilities. Pairing this prompt with new UI components supports the display of:
  • Inline-Code
  • Mathematic equations using LaTex syntax
  • Mermaid Diagrams. These diagrams can also be copied and downloaded as images

Acknowledgements

• @bedanley
• @estohlmann
• @dustins
• @jmharold

Full Changelog: v5.1.0...v5.2.0

Model Management Enhancements

We updated LISA's Model Management wizard experience that supports creating and updating configured models.

Administrative Enhancements

• Renamed "Create Model" to "Configure Model" for clarity in the model setup process
• Improved the model management configuration wizard for more intuitive field organization and workflow:
  • Moved "LISA Hosted Model" toggle to the top of the wizard to drive workflow
  • Added a dedicated "Model Description" field to better document model purposes
  • Decluttered creation wizard for third-party models to only display relevant fields
• Enhanced post-creation model management:
  • Administrators can now view all configuration details for both self-hosted and third-party models post creation
  • Expanded editable fields post-creation for self-hosted and third-party models. This includes model features, streaming capabilities, access controls, and others. See LISA's Documentation for more details.

Access Control Improvements

• Added enterprise group-based access control for models, allowing administrators to:
  • Restrict model access to specific IdP groups
  • Configure models with open access when no groups are specified

New Model Library for All Users

• When activated, all users can view the "Model Library" page under the Library menu
• Users see the models that they have access to in the Model Library. Users have visibility into the features and capabilities that each model supports (e.g., imagegen, MCP, Streaming, Document summarization). This is useful in environments with many available models.

Amazon Bedrock Knowledge Base Integration

LISA now supports Amazon Bedrock Knowledge Bases for enhanced RAG capabilities.

Administrative Features

• Bring Your Own Knowledge Base (BYOKB) support:
  • Administrators can connect pre-created Bedrock Knowledge Bases to LISA. This includes Amazon Neptune, which supports GraphRAG.
  • Simple configuration requiring only basic BRKB info
  • Integration available through both UI and API interfaces
• Granular access control:
  • Restrict Knowledge Base access to specific user groups
  • Manage permissions at the Knowledge Base level

Document Management

• Comprehensive document ingestion options:
  • Automated document ingestion pipeline support
  • Direct document uploads to Knowledge Bases via the LISA UI leveraging Bedrock's supported chunking strategies
• Full integration with LISA's Document Library:
  • View documents stored within Bedrock Knowledge Bases
  • Download documents for offline use

RAG Capabilities

• Seamless integration with LISA's RAG workflow:
  • Users can select Bedrock Knowledge Bases as vector stores for RAG prompting
  • Support for Bedrock's query options for optimized retrieval

UI Improvements

We made several user experience enhancements to improve productivity and workflow:

Session Management

• Session Title Filtering: Quickly locate specific sessions with new filtering capabilities
• Session Renaming: Easily rename existing sessions through a new action menu item with a simple text input dialog
• Persistent Name Changes: Session name changes are now saved and maintained across sessions

Model Preferences

• Global Default Model: Administrators can set a preferred model as the global default from the Model Library view
• Automatic Application: Default model settings are automatically applied to all new sessions

Model Comparison Tool

• Multi-Model Evaluation: Select and compare responses from up to 4 models side-by-side. Administrators can activate or deactivate the feature in the Configuration page.
• Configurable Prompts: Apply custom prompt parameters for each comparison session
• Ephemeral Results: View comparison results without creating permanent sessions
• Response Format: Results displayed in a familiar chat-like interface for easy evaluation
• Export Capability: Download comparison results in JSON format for further analysis

Acknowledgements

• @bedanley
• @estohlmann
• @dustins
• @jmharold

Full Changelog: v5.0.0...v5.1.0