@aws/agentcore 1.0.0-preview.1 → 1.0.0-preview.2

package/dist/assets/__tests__/__snapshots__/assets.snapshot.test.ts.snap

@@ -110,11 +110,14 @@ async function main() {
     memoryName?: string;
     containerUri?: string;
     hasDockerfile?: boolean;
+    dockerfileName?: string;
+    harnessDir?: string;
     tools?: { type: string; name: string }[];
     apiKeyArn?: string;
   }[] = [];
   for (const entry of specAny.harnesses ?? []) {
-    const harnessPath = path.resolve(projectRoot, entry.path, 'harness.json');
+    const harnessDir = path.resolve(projectRoot, entry.path);
+    const harnessPath = path.resolve(harnessDir, 'harness.json');
     try {
       const harnessSpec = JSON.parse(fs.readFileSync(harnessPath, 'utf-8'));
       harnessConfigs.push({
@@ -123,6 +126,8 @@ async function main() {
         memoryName: harnessSpec.memory?.name,
         containerUri: harnessSpec.containerUri,
         hasDockerfile: !!harnessSpec.dockerfile,
+        dockerfileName: harnessSpec.dockerfile,
+        harnessDir,
         tools: harnessSpec.tools,
         apiKeyArn: harnessSpec.model?.apiKeyArn,
       });
@@ -184,7 +189,7 @@ exports[`Assets Directory Snapshots > CDK assets > cdk/cdk/cdk.json should match
     "@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener": true,
     "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
     "@aws-cdk/core:checkSecretUsage": true,
-    "@aws-cdk/core:target-partitions": ["aws", "aws-cn"],
+    "@aws-cdk/core:target-partitions": ["aws", "aws-cn", "aws-us-gov"],
     "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
     "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
     "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
@@ -296,10 +301,26 @@ exports[`Assets Directory Snapshots > CDK assets > cdk/cdk/lib/cdk-stack.ts shou
   AgentCoreMcp,
   type AgentCoreProjectSpec,
   type AgentCoreMcpSpec,
+  ContainerSourceAssetFromPath,
+  AgentEcrRepository,
+  ContainerBuildProject,
+  ContainerImageBuilder,
 } from '@aws/agentcore-cdk';
 import { CfnOutput, Stack, type StackProps } from 'aws-cdk-lib';
 import { Construct } from 'constructs';
 
+export interface HarnessConfig {
+  name: string;
+  executionRoleArn?: string;
+  memoryName?: string;
+  containerUri?: string;
+  hasDockerfile?: boolean;
+  dockerfileName?: string;
+  harnessDir?: string;
+  tools?: { type: string; name: string }[];
+  apiKeyArn?: string;
+}
+
 export interface AgentCoreStackProps extends StackProps {
   /**
    * The AgentCore project specification containing agents, memories, and credentials.
@@ -316,15 +337,7 @@ export interface AgentCoreStackProps extends StackProps {
   /**
    * Harness role configurations. Each entry creates an IAM execution role for a harness.
    */
-  harnesses?: {
-    name: string;
-    executionRoleArn?: string;
-    memoryName?: string;
-    containerUri?: string;
-    hasDockerfile?: boolean;
-    tools?: { type: string; name: string }[];
-    apiKeyArn?: string;
-  }[];
+  harnesses?: HarnessConfig[];
 }
 
 /**
@@ -342,10 +355,46 @@ export class AgentCoreStack extends Stack {
 
     const { spec, mcpSpec, credentials, harnesses } = props;
 
+    // Build container images for harnesses that specify a dockerfile (no containerUri).
+    // Produces CDK outputs consumed by the imperative harness deployer.
+    const harnessesForCdk = harnesses ? [...harnesses] : [];
+    if (harnesses) {
+      for (let i = 0; i < harnesses.length; i++) {
+        const h = harnesses[i]!;
+        if (h.hasDockerfile && !h.containerUri && h.harnessDir) {
+          const pascalName = h.name.replace(/(^|_)([a-z])/g, (_: string, __: string, c: string) => c.toUpperCase());
+          const sourceAsset = new ContainerSourceAssetFromPath(this, \`Harness\${pascalName}SourceAsset\`, {
+            sourcePath: h.harnessDir,
+          });
+          const ecrRepo = new AgentEcrRepository(this, \`Harness\${pascalName}EcrRepo\`, {
+            projectName: spec.name,
+            agentName: \`harness-\${h.name}\`,
+          });
+          const buildProject = ContainerBuildProject.getOrCreate(this);
+          buildProject.grantPushTo(ecrRepo.repository);
+          sourceAsset.asset.grantRead(buildProject.role);
+
+          const builder = new ContainerImageBuilder(this, \`Harness\${pascalName}ContainerBuild\`, {
+            buildProject,
+            sourceAsset,
+            repository: ecrRepo,
+            dockerfile: h.dockerfileName ?? 'Dockerfile',
+          });
+
+          new CfnOutput(this, \`Harness\${pascalName}ContainerUriOutput\`, {
+            value: builder.containerUri,
+          });
+
+          // Pass the built containerUri to the harness role construct so it gets ECR pull permissions
+          harnessesForCdk[i] = { ...h, containerUri: builder.containerUri };
+        }
+      }
+    }
+
     // Create AgentCoreApplication with all agents and harness roles
     this.application = new AgentCoreApplication(this, 'Application', {
       spec,
-      harnesses,
+      harnesses: harnessesForCdk.length > 0 ? harnessesForCdk : undefined,
     });
 
     // Create AgentCoreMcp if there are gateways configured

package/dist/assets/cdk/bin/cdk.ts

@@ -65,11 +65,14 @@ async function main() {
     memoryName?: string;
     containerUri?: string;
     hasDockerfile?: boolean;
+    dockerfileName?: string;
+    harnessDir?: string;
     tools?: { type: string; name: string }[];
     apiKeyArn?: string;
   }[] = [];
   for (const entry of specAny.harnesses ?? []) {
-    const harnessPath = path.resolve(projectRoot, entry.path, 'harness.json');
+    const harnessDir = path.resolve(projectRoot, entry.path);
+    const harnessPath = path.resolve(harnessDir, 'harness.json');
     try {
       const harnessSpec = JSON.parse(fs.readFileSync(harnessPath, 'utf-8'));
       harnessConfigs.push({
@@ -78,6 +81,8 @@ async function main() {
         memoryName: harnessSpec.memory?.name,
         containerUri: harnessSpec.containerUri,
         hasDockerfile: !!harnessSpec.dockerfile,
+        dockerfileName: harnessSpec.dockerfile,
+        harnessDir,
         tools: harnessSpec.tools,
         apiKeyArn: harnessSpec.model?.apiKeyArn,
       });

package/dist/assets/cdk/cdk.json

@@ -9,7 +9,7 @@
     "@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener": true,
     "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
     "@aws-cdk/core:checkSecretUsage": true,
-    "@aws-cdk/core:target-partitions": ["aws", "aws-cn"],
+    "@aws-cdk/core:target-partitions": ["aws", "aws-cn", "aws-us-gov"],
     "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
     "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
     "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,

package/dist/assets/cdk/lib/cdk-stack.ts

@@ -3,10 +3,26 @@ import {
   AgentCoreMcp,
   type AgentCoreProjectSpec,
   type AgentCoreMcpSpec,
+  ContainerSourceAssetFromPath,
+  AgentEcrRepository,
+  ContainerBuildProject,
+  ContainerImageBuilder,
 } from '@aws/agentcore-cdk';
 import { CfnOutput, Stack, type StackProps } from 'aws-cdk-lib';
 import { Construct } from 'constructs';
 
+export interface HarnessConfig {
+  name: string;
+  executionRoleArn?: string;
+  memoryName?: string;
+  containerUri?: string;
+  hasDockerfile?: boolean;
+  dockerfileName?: string;
+  harnessDir?: string;
+  tools?: { type: string; name: string }[];
+  apiKeyArn?: string;
+}
+
 export interface AgentCoreStackProps extends StackProps {
   /**
    * The AgentCore project specification containing agents, memories, and credentials.
@@ -23,15 +39,7 @@ export interface AgentCoreStackProps extends StackProps {
   /**
    * Harness role configurations. Each entry creates an IAM execution role for a harness.
    */
-  harnesses?: {
-    name: string;
-    executionRoleArn?: string;
-    memoryName?: string;
-    containerUri?: string;
-    hasDockerfile?: boolean;
-    tools?: { type: string; name: string }[];
-    apiKeyArn?: string;
-  }[];
+  harnesses?: HarnessConfig[];
 }
 
 /**
@@ -49,10 +57,46 @@ export class AgentCoreStack extends Stack {
 
     const { spec, mcpSpec, credentials, harnesses } = props;
 
+    // Build container images for harnesses that specify a dockerfile (no containerUri).
+    // Produces CDK outputs consumed by the imperative harness deployer.
+    const harnessesForCdk = harnesses ? [...harnesses] : [];
+    if (harnesses) {
+      for (let i = 0; i < harnesses.length; i++) {
+        const h = harnesses[i]!;
+        if (h.hasDockerfile && !h.containerUri && h.harnessDir) {
+          const pascalName = h.name.replace(/(^|_)([a-z])/g, (_: string, __: string, c: string) => c.toUpperCase());
+          const sourceAsset = new ContainerSourceAssetFromPath(this, `Harness${pascalName}SourceAsset`, {
+            sourcePath: h.harnessDir,
+          });
+          const ecrRepo = new AgentEcrRepository(this, `Harness${pascalName}EcrRepo`, {
+            projectName: spec.name,
+            agentName: `harness-${h.name}`,
+          });
+          const buildProject = ContainerBuildProject.getOrCreate(this);
+          buildProject.grantPushTo(ecrRepo.repository);
+          sourceAsset.asset.grantRead(buildProject.role);
+
+          const builder = new ContainerImageBuilder(this, `Harness${pascalName}ContainerBuild`, {
+            buildProject,
+            sourceAsset,
+            repository: ecrRepo,
+            dockerfile: h.dockerfileName ?? 'Dockerfile',
+          });
+
+          new CfnOutput(this, `Harness${pascalName}ContainerUriOutput`, {
+            value: builder.containerUri,
+          });
+
+          // Pass the built containerUri to the harness role construct so it gets ECR pull permissions
+          harnessesForCdk[i] = { ...h, containerUri: builder.containerUri };
+        }
+      }
+    }
+
     // Create AgentCoreApplication with all agents and harness roles
     this.application = new AgentCoreApplication(this, 'Application', {
       spec,
-      harnesses,
+      harnesses: harnessesForCdk.length > 0 ? harnessesForCdk : undefined,
     });
 
     // Create AgentCoreMcp if there are gateways configured

package/dist/assets/evaluators/python-lambda/execution-role-policy.json

@@ -4,7 +4,7 @@
     {
       "Effect": "Allow",
       "Action": ["logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents"],
-      "Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/*"
+      "Resource": "arn:*:logs:*:*:log-group:/aws/lambda/*"
     }
   ]
 }