Update: Fix the import and add runtime permission instruction#1321
Merged
dhawalkp merged 100 commits intoawslabs:mainfrom Apr 12, 2026
Merged
Update: Fix the import and add runtime permission instruction#1321dhawalkp merged 100 commits intoawslabs:mainfrom
dhawalkp merged 100 commits intoawslabs:mainfrom
Conversation
) * adding browser profile and firewall examples * Fix browser samples and add domain filtering notebook - Rename test_firewall.py to verify_domain_filtering.py - Add verify_domain_filtering.ipynb notebook version - Fix hhtp typo in SigV4 signing (both samples) - Remove debug prints and unused imports - Add BROWSER_ID env var validation with CFN export hint - Replace httpbin.org with github.com (matches CFN AllowedDomains) - Fix hardcoded S3 bucket name, add LocationConstraint - Translate Portuguese comments/strings to English - Remove unused strands-agents-tools from requirements.txt - Remove commented-out code - Add samples 09/10 to parent README * Add sample 11: Browser with Squid proxy and S3 logging - CFN template: VPC, Squid EC2 with basic auth, AgentCore Browser (VPC mode) - Proxy credentials auto-generated in Secrets Manager - Squid access logs synced to S3 every 5 minutes - Browser security group locked to Squid:3128 only (no NAT) - verify_proxy.py and .ipynb: start proxied session, verify IP matches Squid - Parent README updated with sample 11 link * adding / fixing features * Fix browser execution role trust policy for CFN deployment Add SourceAccount and SourceArn conditions to the browser execution role trust policy in both CFN templates. Without these conditions, the BrowserCustom CFN handler fails with HandlerInternalFailure. Uses AWS::AccountId and wildcard region so it works in any account. * adding extension / refactoring * adding extension / refactoring * finishing samples * Clean up browser tool samples: remove local playwright install, fix lint and docs - Remove 'playwright install chromium' from READMEs (remote browser, not local) - Remove unnecessary f-string prefix in verify_domain_filtering.py - Fix ASCII diagram alignment in proxy README - Remove secret ARN from verify_proxy.py stdout - Replace 'jupyter notebook' command with IDE-agnostic guidance * fix: proxy auth bug + ruff lint/format across browser tutorials 11-browser-with-proxy: - Fix htpasswd parsing passwords starting with '-' as flags (use stdin) - Use ExcludePunctuation for secret generation instead of partial char list - Use session.client() consistently, remove secret ARN printing - Clear notebook outputs 09/10/12 + helpers: - Fix ruff lint errors (unused import re, f-string without placeholders) - Apply ruff formatting (line wrapping, quote consistency) - Clear notebook outputs (12 had leaked AWS credentials) - Update kernel metadata * fix: install cronie on AL2023 for squid log sync cron job * fix: browser tutorials cross-region bucket naming, deploy.sh region, and boto3 version pin - Profiles & Extensions notebooks: bucket name now includes region to prevent cross-region S3 collisions when running demos in different regions - deploy.sh: use AWS_DEFAULT_REGION/aws configure instead of hardcoded us-east-1 - Proxy requirements.txt: pin boto3>=1.42.47 (proxyConfiguration support) --------- Co-authored-by: Joshua Samuel <sauhsoj@amazon.com>
Bumps [jsonpath](https://github.com/dchester/jsonpath) from 1.1.1 to 1.2.1. - [Commits](https://github.com/dchester/jsonpath/commits/1.2.1) --- updated-dependencies: - dependency-name: jsonpath dependency-version: 1.2.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…S Code - Agentcore Gateway - Confluence (awslabs#790) * Updating Policy tutorial for FGAC * Updating Policy tutorial for FGAC * Updating Policy tutorial for FGAC * Updating Policy turorial for FGAC * Adding IDE Gateway integration example * Fixing python-lint issues * Fixing python-lint issues * Fixing python-lint issues * Adjusting proxy Lambda with commented lines * Updated readme * Updating README
…queness (awslabs#979) The Cognito domain prefix previously used only appName and region, which could cause collisions across AWS accounts deploying the same stack. Adding the account ID guarantees uniqueness. Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
awslabs#982) * added full example of enterprise mcp platform with policy engine mcp server filtering based on user_tag, guardrail for PII data * fixed linting * fixed linting * fixing lint * fixing lint * fixinf ruff * FIXING RUFF * fixing ruff --------- Co-authored-by: brnaba-aws <brnaba@amazon.com>
* update evals package name * update evals package name
* feat: add missing CDK infrastructure files for knowledge-base-rag-agent - Add all CDK stack files (api, cognito, storage, web-console, etc.) - Add CDK constructs and utilities - Fix web console S3 content-type bug with single BucketDeployment - Add @aws-lambda-powertools/logger dependency for Lambda bundling - Enable esbuild-based Lambda bundling (no Docker required) This completes the knowledge-base-rag-agent infrastructure that was missing from the original PR. * fix: add missing infrastructure files for knowledge-base-rag-agent - Add exception to root .gitignore for knowledge-base-rag-agent/infrastructure/lib/ - This allows the critical CDK stack definitions and constructs to be tracked - Without these files, developers cannot deploy the infrastructure - Fixes the incomplete PR awslabs#923 that was missing the entire lib/ directory The missing files include: - 6 CDK constructs (API proxy, CORS config, Lambda utilities, etc.) - 12 CDK stacks (API, Cognito, Database, Memory, Runtime, etc.) - 1 utility file (NAG suppressions) These are essential TypeScript source files, not build artifacts. --------- Co-authored-by: Jerad Engebreth <awsjerad@amazon.com>
* Add prompt injection prevention tutorial * Updated Lambda * SQL changes * Lambda changes * SQL naming changes * fixes * Added read me and minor changes * Update service names * fixes * remove outputs * fixes-1 * lambda lint --------- Co-authored-by: jsbeardaws <jsbeard@amazon.com>
…awslabs#1008) Expand the Prerequisites section with inline guidance for AWS CLI version requirements, IAM permissions, and Bedrock model access — addressing common first-time setup failures. README.md: - Add tip that deploy.sh runs pre-flight checks for all prerequisites - Specify AWS CLI v2.32.0+ requirement (needed for `aws login`) - Add step-by-step AWS credentials and permissions guidance - Recommend AdministratorAccess + SignInLocalDevelopmentAccess policies - Add Anthropic model access section (one-time usage form, not the retired Model Access page — Bedrock auto-enables since Oct 2025) - Note CDK and AgentCore CLI are auto-installed by deploy.sh - Add troubleshooting entry for `aws login` version error scripts/deploy.sh: - Add AWS CLI version check (warns if below v2.32.0) - Add Bedrock model access check for Claude Sonnet 4.5 - Improve credential error message to reference `aws login` Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
…deploy.sh and README (awslabs#1015) - Add npm cache ownership check to deploy.sh pre-flight section. A previous `sudo npm install` leaves root-owned files that cause EACCES errors. - Fix deploy.sh and README.md to use `uv run agentcore` instead of bare `agentcore`, since the CLI is installed in the project venv via uv sync. - Update troubleshooting table with `uv run` guidance. Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
…wslabs#1016) The README instructs users to authenticate via `aws login`, which uses the CRT-based credential provider. Without `awscrt` in the project venv, any boto3 call (e.g., cognito-user.py) fails with MissingDependencyException. Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
…abs#1018) * fix: improve cognito-user.py UX for email selection and password errors - Replace free-text email input with numbered menu (1/2) to prevent users from entering emails that don't match backend mock data - Show password requirements upfront before the password prompt - Catch InvalidPasswordException and display friendly error message instead of a raw stacktrace * style: apply ruff formatting * fix: detect port 3000 collision before starting OAuth callback server Check if port 3000 is available before attempting to bind. If in use, exit with a clear error message and the command to free the port. * fix: check port availability before opening browser in login flow Move the port check to the start of do_login so it exits before opening the browser or starting the callback server. --------- Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
…slabs#1023) * Replace Anthropic Claude references with Amazon Nova 2 Lite model --------- Co-authored-by: nehatb <nehatb@amazon.com>
* feat(tutorials): Add inline session lifecycle demos to MCP server tutorials Add inline session stop demonstrations and best practices sections to both MCP server hosting tutorials. Updates include: - Add inline session lifecycle demo after runtime launch - Add Session Lifecycle Best Practices section before cleanup - Update cleanup with security-validated ordering (credentials first) - Make cleanup code active with proper try/except error handling hosting_mcp_server.ipynb (OAuth): - Inline demo is commented (OAuth doesn't support boto3 invoke) - Cleanup order: Secrets → SSM → Runtime → ECR hosting_mcp_server_iam_auth.ipynb (IAM): - Inline demo is ACTIVE (IAM supports boto3 invoke) - Demonstrates capturing runtimeSessionId and calling stop_runtime_session - Cleanup order: SSM → Runtime → ECR All changes follow security best practices to minimize credential exposure windows during cleanup. Requirements: 9.1, 9.2, 9.3, 9.4, 9.5, 6.2 * feat(tutorials): Add inline session lifecycle demos to MCP server tutorials Add strategic session stop demonstrations throughout both MCP server tutorials to teach proper session lifecycle management in context. Changes: - Add stop_runtime_session_oauth() helper function for OAuth bearer token auth - Add Demo 1: Session stop immediately after runtime deployment - Add Demo 2: Session stop between different test approaches - Add Demo 3: Session stop after Boto3 testing (IAM notebook only) - Update invoke_mcp_tools.py to include session stop with HTTP 200 response - Add explanatory notes about expected 404 warning from MCP client cleanup - Demonstrate mcpSessionId can be passed as header and used with stop_runtime_session - Print HTTP status codes and Request IDs for all session stops Verified: - IAM auth: All session stops return HTTP 200 with Request IDs - OAuth auth: Session stops work with bearer token via HTTP POST - Single runtime successfully handles multiple sessions - Runtime remains alive after stopping individual sessions Requirements: 9.1, 9.2, 9.3, 9.4, 9.5 * feat(tutorials): Add inline session lifecycle demos to hosting-agent tutorials Add strategic session stop demonstrations and lifecycle configuration to all hosting-agent tutorials to teach proper session management in context. Changes: - Update billing language from 'GBHours' to 'vCPU and Memory based' costs - Add inline session stop demos after agent invocations - Add active lifecycle configuration demo with second runtime (300s timeout) - Demonstrate stop_runtime_session with captured runtimeSessionId - Update cleanup sections with try/except error handling - Add Session Lifecycle Best Practices sections Tutorials updated: - 01-strands-with-bedrock-model/runtime_with_strands_and_bedrock_models.ipynb - 02-langgraph-with-bedrock-model/runtime_with_langgraph_and_bedrock_models.ipynb - 03-strands-with-openai-model/runtime_with_strands_and_openai_models.ipynb - 04-crewai-with-bedrock-model/runtime-with-crewai-and-bedrock-models.ipynb Verified: - All notebooks demonstrate session stopping with boto3 invoke_agent_runtime - Lifecycle configuration demos show shorter idle timeout (300s) - Cleanup sections properly handle multiple runtimes - Error-safe cleanup with individual try/except blocks Requirements: 1.2, 6.1, 9.1, 9.2, 9.3, 9.4, 9.5 * refactor(tutorials): Simplify session lifecycle sections per reviewer feedback Address reviewer feedback to remove confusing lifecycle configuration references and simplify Best Practices sections. Changes: - Remove 'and show how to use a smaller lifecycle configuration' from inline demos - Remove lifecycle configuration demo cells from hosting-agent notebooks - Simplify Best Practices section to only 2 bullets (configure timeout, stop sessions) - Remove confusing bullets about cleanup, deletion order, and minimum timeout Updated notebooks: - All 4 hosting-agent notebooks (strands-bedrock, langgraph, strands-openai, crewai) - Both MCP server notebooks (OAuth and IAM) - understanding-runtime-context notebook Reviewer: @evandrofranco PR: awslabs#1026 * fix(tutorials): Restore lifecycle config demos with cleaned comments Restore lifecycle configuration demo cells that were incorrectly removed. The reviewer only asked to remove confusing comments, not the entire demo. Changes: - Restore lifecycle-config-demo markdown and code cells - Keep the demo functionality (second runtime with 300s timeout) - Remove only the confusing comments: - 'Using a shorter idle timeout for demonstration purposes' - 'A shorter idle timeout helps avoid undesired costs...' - Keep all the actual demo code This preserves the SPECIAL CASE requirement from tasks.md that these notebooks should demonstrate active lifecycle configuration. Updated: 4 hosting-agent notebooks * fix(tutorials): Restore lifecycle demos and update Best Practices per reviewer Complete implementation of reviewer feedback: 1. Removed confusing sentence from inline demo titles: - Changed 'Below we demonstrate stop_runtime_session and show how to use a smaller lifecycle configuration' - To: 'Below we demonstrate stop_runtime_session' 2. Removed confusing comments from lifecycle config demo code: - Removed 'Using a shorter idle timeout for demonstration purposes' - Removed 'A shorter idle timeout helps avoid undesired costs...' - Kept all actual demo code (second runtime with 300s timeout) 3. Simplified Best Practices section (all notebooks): - Reduced to 2 bullets: Configure idle timeout, Stop sessions when done - Removed 3 bullets about cleanup, deletion order, minimum timeout Updated 6 notebooks: - 4 hosting-agent notebooks (with lifecycle demos restored) - 2 MCP server notebooks (Best Practices simplified) Reviewer: @evandrofranco PR: awslabs#1026
…d hooks (awslabs#994) * feat: add Claude Agent SDK orchestrator-workers pattern with subagents Add new example demonstrating the Orchestrator-Workers agentic pattern using Claude Agent SDK's native subagent support (AgentDefinition + Task tool) deployed on Bedrock AgentCore Runtime. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat: add Claude Agent SDK hooks pattern for tool governance and audit Add new example demonstrating PreToolUse and PostToolUse hooks for blocking dangerous operations and audit logging. README covers defense-in-depth story with AgentCore Policy for external tools. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * docs: add contributor name Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…1027) * fix: use uv run instead of python in cognito-user.py The project uses uv for dependency management, so the script should reference uv run consistently in its docstring and user-facing output. * feat: upgrade to Claude Sonnet 4.6 and improve deploy model check - Update model ID from Sonnet 4.5 to Sonnet 4.6 global inference profile - Replace passive model lifecycle check with actual invoke-model test in deploy.sh - Show both possible failure reasons: Anthropic FTU form and IAM permissions * fix: harden deploy.sh model check for edge cases - Add timeout (10s) to prevent hanging on network issues - Add cli-connect-timeout and cli-read-timeout for AWS CLI - Chain mktemp into the if-condition to handle failures gracefully - Clarify that the check tests deployer credentials, not the agent's execution role — a failure here may not affect the deployed agent - Safe cleanup of temp file in all code paths * fix: remove timeout command for macOS compatibility timeout is a GNU coreutils command not available on macOS by default. The AWS CLI's --cli-connect-timeout and --cli-read-timeout flags provide sufficient timeout protection. * docs: restructure prerequisites for clarity - Move Clone the Repository to first step with git install instructions - Separate auto-installed tools (CDK, AgentCore CLI) from manual prereqs - Move IAM policies to a note after verify credentials - Move aws login version requirement to AWS Credentials section - Move deploy.sh tip to after tools table * docs: add guidance on changing the model ID * docs: remove redundant API form note --------- Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
…labs#1029) * docs: improve prerequisites clarity and deploy.sh error messages - Restructure Clone the Repository into numbered steps - Clarify Node.js install: install nvm first, then run command - Improve deploy.sh node error message with nvm install link - Remove auto-installed tools section (CDK, AgentCore CLI) - Specify Sonnet 4.6 in model access steps - Simplify tools table and credentials section * docs: revert to Sonnet 4.5 default, add alternative model table - Revert default model to Claude Sonnet 4.5 in load.py and deploy.sh - Add alternative models table (Haiku 4.5, Sonnet 4.6) to README - Update all Sonnet 4.6 references back to 4.5 * docs: soften git install wording --------- Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
…erceptor (awslabs#971) * updated notebook to reflect header propagation feature instead of interceptor * Add README.md documentation
…wslabs#1031) The observability section implied traces work out of the box, but CloudWatch Transaction Search must be enabled first for span ingestion. Add the one-time setup step before the trace inspection instructions. Co-authored-by: Abhimanyu Siwach <siwabhi@amazon.com>
* Add A2A Real Estate Multi-Agent Use Case This contribution adds a complete A2A (Agent-to-Agent) real estate multi-agent system demonstrating: - Multi-agent coordination using A2A protocol with OAuth authentication - Property Search Agent (Strands-based) for searching properties - Property Booking Agent (Strands-based) for managing bookings - Coordinator Agent that orchestrates sub-agents via A2A protocol - Automated Cognito setup for OAuth 2.0 authentication - React-based UI with direct AgentCore integration - Comprehensive deployment automation scripts - End-to-end testing utilities Key Features: - OAuth bearer token management with Cognito - Request header allowlist configuration for Authorization - Automated agent deployment with agentcore CLI - Token generation and refresh utilities - Real-time chat interface for property search and booking Architecture: - Coordinator generates OAuth tokens from Cognito to call sub-agents - Sub-agents validate tokens independently - All agents deployed on Amazon Bedrock AgentCore Runtime - UI connects directly to coordinator via A2A protocol Documentation includes: - Deployment guide with step-by-step instructions - Project structure overview - Demo instructions - Quickstart guide - Contributing guidelines * Security improvements and bug fixes - Added comprehensive .gitignore for sensitive files and scan results - Fixed security issues from GitHub Advanced Security scan - Implemented short-term memory (STM_ONLY) for conversation context - Fixed session ID bug in UI for persistent conversations - Removed unused fix_iam_permissions.py with hardcoded ARNs - Deleted sensitive files (bearer_token.json, cognito_config.json) - Updated welcome message to 'Amazon Bedrock AgentCore' - Fixed ESLint warnings in directApi.ts - Improved security in deployment and server scripts - All security scan findings addressed or documented as false positives * Update documentation to sample application * review comment fixes, cleanup unused files, update documentation * Delete unused test_a2a_simple.py * Fix ruff lint errors * Remove clear-text logging of env vars and working directory * ASH fixes * Fix TypeScript hast type error from npm overrides * Replace ASCII architecture diagram with architecture.png * Migrate UI from CRA to Vite, redesign with light theme --------- Co-authored-by: ramprasaths <rampsee@amazon.com>
* Updated to include CMK and Tags * Fixed issues * Added required packages * Added and fully tested ability to add tags and CMK to PolicyEngine --------- Co-authored-by: Andy Hall <hllaah@amazon.com>
* code changes * changes
…bs#1139) * feat(runtime): Add AG-UI examples with SSE and WebSocket demos Add tutorial 09-ag-ui-examples demonstrating the AG-UI protocol on AgentCore Runtime with both Cognito/JWT and IAM/SigV4 authentication. Includes: - Document co-authoring agent (FastAPI + Strands + ag-ui-strands) - Cognito notebook with SSE and WebSocket Bearer token demos - IAM notebook with SSE (SigV4 headers) and WebSocket (pre-signed URL) demos - Multi-turn interactive document co-authoring demo - Architecture diagrams for both auth flows and transports - README with AG-UI event reference and troubleshooting * feat(runtime): Add AG-UI protocol examples as tutorial 10 - Rename 09-ag-ui-examples to 10-ag-ui-examples (09 slot taken by execute-command) - Remove hardcoded region_name=us-west-2 from BedrockModel, inherit from env - Use DP variable for both SSE_URL and WS_URL consistently - Regenerate architecture diagrams: single agent with tool boxes, proper auth flow - Improved event flow as full flowchart with color-coded event categories * fix(runtime): Fix diagram edge labels overlapping with lines Use ortho splines and increased node spacing to prevent edges cutting through label text in architecture diagrams. * fix(runtime): Remove duplicate task label on Tool 2 edge to prevent overlap * fix(runtime): Place single 'tasks' label between tool boxes in diagrams * fix(runtime): Suppress bandit B104 for container bind to 0.0.0.0 * feat(runtime): Switch to direct_code_deploy, remove Docker/ECR dependency - Use deployment_type=direct_code_deploy with runtime_type=PYTHON_3_13 - Remove auto_create_ecr from configure() - Remove ECR cleanup from both notebooks - Remove Docker from prerequisites * refactor(runtime): Switch to direct_code_deploy, trim requirements, remove review cell - Use direct_code_deploy with PYTHON_3_13 runtime type - Trim requirements.txt to 5 essential packages - Remove Review Agent Code section from both notebooks - Install zip via sudo apt-get for SageMaker Studio compatibility - Renumber notebook sections * chore(runtime): Rename AG-UI examples from 10 to 11 * fix(ag-ui): Address PR awslabs#1139 review comments - Simplify status check block to single status query - Add markdown cell explaining utils.py helper (cognito notebook) - Remove authorizer print line from verify cells
…in tutorial (awslabs#1131) * feat(tutorials): Add Strands agent with AgentSkills plugin tutorial * docs(contributors): Update contributors list * lint fix * docs(tutorials): Add architecture diagram to Strands agent skills tutorial * chore(tutorials): Reorganize strands-with-skills tutorial to 06-strands-with-skills --------- Signed-off-by: Rajesh Sitaraman <rajesh.sitaraman@outlook.com> Co-authored-by: Rajesh Sitaraman <rajeshrd@amazon.com>
* fix: session binding url * fix: architecture * fix: remove oauth callback service * fix: docstrings * fix: remove requirements.txt * fix: remove cdk context * fix: flow outbound auth flow diagram * fix:session binding url * style: format python files with ruff
…AgentCore Browser (awslabs#1220) Add tutorial notebook demonstrating two new AgentCore Browser features: - Chrome enterprise policies (managed/recommended) for URL filtering, download restrictions, and browser feature controls - Custom root CA certificates via AWS Secrets Manager for connecting to internal services and SSL-intercepting proxies Includes badssl.com demo for root CA using Code Interpreter. Co-authored-by: Sundar Raghavan <sdraghav@amazon.com>
…awslabs#1225) * Initial push of claude-code-with-mcp-server sample code * Added tavily MCP Server * Update 01-claude-code-with-mcp-server.ipynb * Added details on how to list MCP Tools * Update 01-claude-code-with-mcp-server.ipynb * Semantic updates in wording * Cosmetic Fixes * Update 01-claude-code-with-mcp-server.ipynb * Added Calude Code screenshots to show AgentCore Gateway connection * Improved documentation of the notebook * Added Solution Architecture * Fixed post Gili code review * Fixes after Gili Code Review Comments * Code fixes after gili code Review Comments * Fixes after Gili code review comments * Update CONTRIBUTORS.md * Create README.md * Fixes in the code after ruff check run * Fixes in the notebook code after ruff check run * Fixed Security Scan Results bugs * Update README.md
* Adding getting started with AgentCore CLI example * Adding getting started with AgentCore CLI example * Adding getting started with AgentCore CLI example
* Add groundtruth-based evaluations tutorial * updating README * drop .py script, agent script is created at notebook runtime
* custom code based evaluators
…s to authenticate calls to AgentCore Gateway and API Gateway (awslabs#1234)
* feat: Add Datadog observability integration for AgentCore Runtime Original Datadog partner observability integration by jasonmimick-aws. Includes notebook, requirements, .gitignore, and README updates. Co-authored-by: jasonmimick-aws <jasonmimick@users.noreply.github.com> * feat: Add Datadog LLM Observability notebook with OTLP export Replace initial notebook with LLM Observability-focused tutorial. Uses OpenTelemetry OTLP export directly to Datadog (no Agent required). Add llm-obs-example.png screenshot to shared images folder. * chore: Flatten Datadog structure, fix paths, add kolaak to CONTRIBUTORS - Remove llm-observability/ subfolder, move contents to Datadog/ root - Fix notebook image paths for flattened directory structure - Replace Datadog APM link with LLM Observability docs link - Add kolaak to CONTRIBUTORS.md --------- Signed-off-by: kolaak <kolaak@amazon.com> Co-authored-by: jasonmimick-aws <jasonmimick@users.noreply.github.com>
…bs#1094) * Add memory for process tracking and analytics advanced pattern * Update notebook: shows dynamic namespace querying, and dynamic code analysis * Update notebook: add architecture diagram * Move to 07-memory-for-hyper-personalisation, add cross-customer analytics notebook (Part 2) * Rename notebooks with 01/02 prefix, add arch diagram to NB2, clear outputs * Rename folder to 07-memory-for-personalisation-and-analytics --------- Signed-off-by: Akarsha Sehwag <akshseh@amazon.de> Co-authored-by: smathalikunnel <smathali@amazon.co.uk> Co-authored-by: Akarsha Sehwag <akshseh@amazon.de>
…VPC Lattice egress samples (awslabs#1247) * egress * coming soon labs * coming soon labs * cleanup * advanced * changes
* removing hard coded regions - user prompted instead * unicode * ruff formating
…ockAgentCore Agent+AgentCore Gateway Interceptor+ Agent Runtime MCP Server (awslabs#1158) * Add Okta three-tier auth end-to-end demo with Gateway + Agent Runtime * Add Authorization Code grant flow for user auth and group-based RBAC enforcement to MCP Server --------- Co-authored-by: Mallik Panchumarthy <mpanchum@amazon.com> Co-authored-by: Velamuri <kvelamu@amazon.com>
…wslabs#1206) * Amazon Bedrock AgentCore Deployment with CDK * Amazon Bedrock AgentCore Deployment with CDK * Amazon Bedrock AgentCore Deployment with CDK * Amazon Bedrock AgentCore Deployment with CDK * Amazon Bedrock AgentCore Deployment with CDK * Amazon Bedrock AgentCore Deployment with CDK * Amazon Bedrock AgentCore Deployment with CDK * Amazon Bedrock AgentCore Deployment with CDK * Fix front-end model call IAM permissions for charts * Add Database Read-Only User and Update to Next.js * Add Database Read-Only User and Update to Next.js * Update pnpm * Update pnpm --------- Co-authored-by: Uriel Ramirez <beralfon@amazon.com>
… agent. (awslabs#1255) * Adding a tutorial for self hosted agent oauth managed by Agentcore Identity Using AgentCore Identity for OAuth token management for a self-hosted agent. * updated contributors.md
…wslabs#1259) * feat: add Browser OS-level Actions tutorial (14-BROWSER-OS-ACTIONS) Signed-off-by: Cristiano Scandura <scandura@amazon.com> * fix: update sample notebookwith browser os actions using boto3 Signed-off-by: Cristiano Scandura <scandura@amazon.com> * fix: cleaned unused imports Signed-off-by: Cristiano Scandura <scandura@amazon.com> * fix: cleaned unused imports Signed-off-by: Cristiano Scandura <scandura@amazon.com> * fix: ruff clean Signed-off-by: Cristiano Scandura <scandura@amazon.com> --------- Signed-off-by: Cristiano Scandura <scandura@amazon.com>
… agent (awslabs#896) * fix: address reviewer feedback from @akshseh on PR awslabs#896 - Replace create_memory_and_wait + exception handling with create_or_get_memory (SDK handles idempotency, no manual exception handling needed) - Remove 'Ask max two questions per turn' from flight, hotel, and orchestrator system prompts (not needed for demo use case) * fix: resolve notebook issues found during testing - Fix REGION -> region variable name in memory creation cell - Remove duplicate imports between cell_8 and cell_9 - Fix cell_11: use consistent user_actor_id='user-001' for both flight and hotel agents (core PR fix - actorId represents user, not agent) * fix: use separate sub-namespaces per agent while sharing actorId - flight agent: travel/{actorId}/flight/preferences/ - hotel agent: travel/{actorId}/hotel/preferences/ Same user_actor_id ensures memory persists across sessions. Separate sub-namespaces ensure flight and hotel preferences don't mix. * fix: use single shared namespace matching strategy pattern Both agents use travel/{actorId}/preferences/ - matches the memory strategy namespace so extracted preferences are actually retrievable. Semantic search differentiates flight vs hotel preferences. Tested: preferences (Iberia, economy, morning) correctly persisted and recalled by new agent instance in a fresh session.
…wslabs#1290) * Add Registry end-to-end tutorial: Admin Setup & IAM Governance Guide - Getting started notebook with full registry lifecycle (create, IAM personas, records, governance tests, search, cleanup) - Covers MCP, A2A, and CUSTOM record types with manual approval workflow - Requires boto3 >= 1.42.87 - Includes architecture diagram * Update architecture diagram with latest version
|
Check out this pull request on See visual diffs & provide feedback on Jupyter Notebooks. Powered by ReviewNB |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Amazon Bedrock AgentCore Samples Pull Request
Important
review readylabel to it. Only PRs withreview readywill be reviewed.Issue number:
Concise description of the PR
User experience
Checklist
If your change doesn't seem to apply, please leave them unchecked.
Acknowledgment
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the project license.