fix(policy): correct INSULTS content-filter enum and validate --form-filters

[jesseturner21]

Description

agentcore add policy --form-category contentFilter --form-filters INSULT succeeded locally but agentcore deploy failed at the CFN service with an opaque ValidationException (Valid categories: VIOLENCE, HATE, SEXUAL, MISCONDUCT, INSULTS).

Two root causes, both fixed here:

1. Enum typo. CONTENT_FILTER_FILTERS listed 'INSULT' (singular); the service enum is 'INSULTS' (plural). The TUI offered the bad value because its options derive from this constant. Fixed in src/cli/tui/screens/policy/types.ts — one-word change that also fixes the TUI.
2. No client-side validation of --form-filters. The non-interactive path split the flag and passed raw values straight to synthesizeCedar, so any string (e.g. NOTAREAL) was accepted and only failed at deploy. Added FILTERS_BY_CATEGORY + invalidFiltersForCategory() helpers in types.ts (reusing the per-category enums already defined there as the single source of truth) and wired validation into PolicyPrimitive, throwing a ValidationError with a clear message listing the invalid filter(s) and the allowed set.

Per maintainer guidance on the issue, validation is scoped to the form-filter enums the TUI/CLI already offers — not a blanket validation of every flag.

Related Issue

Closes #1571

Type of Change

• Bug fix

Testing

• I ran npm run test:unit (24 policy tests pass, incl. new regression coverage)
• I ran npm run typecheck (zero errors)
• I ran npm run lint (passes via pre-commit hooks)

New tests:

• types.test.ts — valid filters per category pass; unknown filter rejected; cross-category filter rejected; regression guard that INSULTS is accepted while INSULT is rejected.
• synthesize-cedar.test.ts — added an INSULTS case to lock in the canonical name.

Checklist

• I have added any necessary tests that prove my fix is effective
• My changes generate no new warnings
• Docs update — N/A (no user-facing doc changes; valid filter list unchanged in count)

[agentcore-devx-automation]

Claude Security Review: no high-confidence findings. (run)

[github-actions]

Package Tarball

aws-agentcore-0.20.1.tgz

How to install

gh release download pr-1576-tarball --repo aws/agentcore-cli --pattern "*.tgz" --dir /tmp/pr-tarball
npm install -g /tmp/pr-tarball/aws-agentcore-0.20.1.tgz

[agentcore-cli-automation]

LGTM. Clean, focused bug fix.

Verified:

• Typo fix INSULT → INSULTS in CONTENT_FILTER_FILTERS flows through to the TUI automatically since GUARDRAIL_CATEGORY_OPTIONS references the constant (AddPolicyScreen.tsx consumes it).
• No other source/test/doc references to the legacy singular INSULT remain (grep -rn INSULT src/ test/ is clean apart from the regression test).
• FILTERS_BY_CATEGORY reuses the per-category enums as the single source of truth — no duplication.
• New validation in PolicyPrimitive runs inside the existing runCliCommand('add.policy', ...) block, so the ValidationError is captured by telemetry without extra instrumentation.
• The category cast on line 418 is safe because allowedCategories is checked at lines 405–410 just above.
• Tests are pure-function tests with no mocking — exactly the right level for what's being validated. The #1571 regression guard for INSULT is a nice touch.

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	36.92%	13502 / 36562
🔵	Statements	36.21%	14357 / 39642
🔵	Functions	31.47%	2306 / 7327
🔵	Branches	30.69%	8915 / 29044

Generated in workflow #3698 for commit a4dd5ba by the Vitest Coverage Report Action

[agentcore-devx-automation]

Claude Security Review: no high-confidence findings. (run)

[notgitika]

LGTM, just a question for follow up

[notgitika]

maybe as a future follow up, can we inherit these types from the sdk?