Pi Bedrock runtime fails in bundled GitHub Action with missing ./amazon-bedrock.js module

[tylerzey]

Summary

Using runtime = "pi" with an Amazon Bedrock model in the GitHub Action can fail before any Bedrock request is sent. In our case the action failed with:

Runtime execution failed: Cannot find module './amazon-bedrock.js'

This only reproduced in the bundled GitHub Action path. Running Warden locally with the same warden.toml and AWS credentials worked.

Environment

• Warden action based on v0.29.1
• runtime = "pi"
• model selector: amazon-bedrock/us.anthropic.claude-sonnet-4-6
• GitHub-hosted Ubuntu runner

Repro shape

warden.toml:

[defaults]
runtime = "pi"
model = "amazon-bedrock/us.anthropic.claude-sonnet-4-6"

[defaults.auxiliary]
model = "amazon-bedrock/us.anthropic.claude-sonnet-4-6"

[defaults.synthesis]
model = "amazon-bedrock/us.anthropic.claude-sonnet-4-6"

Workflow step:

- uses: getsentry/warden@v0.29.1
  with:
    config-path: warden.toml

Failure from action logs:

security-review first hunk failure: type=analysis; code=provider_unavailable; location=.github/workflows/warden-review.yml:1-42; message=Runtime execution failed: Cannot find module './amazon-bedrock.js'

Notes

From tracing the bundle, this looks like Pi's lazy Bedrock provider load path trying to import ./amazon-bedrock.js from the bundled action runtime, where that relative module is not available.

We were able to make this work in a fork by preloading/registering Pi's exported Bedrock provider module before the action starts analysis, so the fallback lazy import path is never exercised.

If a PR would be useful, we can send one with the minimal fix.

[dcramer]

Yeah we're probably missing a few things here yet. Will take a look to see if this is a quick one.