thinkwork-cli 0.9.0 → 0.9.1

package/dist/terraform/modules/app/agentcore-flue/variables.tf

@@ -0,0 +1,91 @@
+################################################################################
+# AgentCore Flue — App Module (variables)
+#
+# Plan §005 U2 — provisions the Flue agent runtime as a Lambda+LWA function
+# (the same shape as the Strands runtime in `../agentcore-runtime`, NOT the
+# Bedrock AgentCore Runtime ECR-substrate pattern in `../agentcore-code-
+# interpreter`).
+#
+# ECR repo + async DLQ are shared with the Strands runtime — they're injected
+# from `module.agentcore` outputs at the parent composition layer rather than
+# being created here. This avoids a duplicate ECR repository and a parallel DLQ
+# while still letting Flue carry its own IAM role, log group, Lambda function,
+# and event-invoke config.
+################################################################################
+
+variable "stage" {
+  description = "Deployment stage"
+  type        = string
+}
+
+variable "account_id" {
+  description = "AWS account ID"
+  type        = string
+}
+
+variable "region" {
+  description = "AWS region"
+  type        = string
+}
+
+variable "bucket_name" {
+  description = "Primary S3 bucket for skills and workspace files."
+  type        = string
+}
+
+variable "ecr_repository_url" {
+  description = "ECR repository URL for the AgentCore container image. Shared with the Strands runtime (thinkwork-<stage>-agentcore); the Flue runtime pulls the flue-latest / <sha>-flue image tags from this repo."
+  type        = string
+}
+
+variable "async_dlq_arn" {
+  description = "SQS DLQ ARN for failed `kind=run_skill` async invokes. Shared with the Strands runtime so operator inspection has a single queue to watch."
+  type        = string
+}
+
+variable "hindsight_endpoint" {
+  description = "Hindsight API endpoint. Empty string (default) disables Hindsight tools in the container; set to an endpoint URL to enable Hindsight as an add-on alongside the always-on managed memory."
+  type        = string
+  default     = ""
+}
+
+variable "agentcore_memory_id" {
+  description = "AgentCore Memory resource ID. Populated automatically by the agentcore-memory module; injected into the container as AGENTCORE_MEMORY_ID for auto-retention."
+  type        = string
+  default     = ""
+}
+
+variable "api_endpoint" {
+  description = "Deployed API Gateway base URL. Injected as THINKWORK_API_URL so the composition runner (run_skill dispatch) can POST terminal state back to /api/skills/complete."
+  type        = string
+  default     = ""
+}
+
+variable "api_auth_secret" {
+  description = "Service-auth bearer shared secret. Injected as API_AUTH_SECRET so the composition runner can authenticate to /api/skills/complete. Matches the lambda-api module's value."
+  type        = string
+  default     = ""
+  sensitive   = true
+}
+
+variable "memory_engine" {
+  description = "Active long-term memory engine ('hindsight' or 'agentcore'). Surfaced to the runtime as MEMORY_ENGINE for telemetry/debugging only; engine selection itself happens in the API's normalized memory layer when memory-retain is invoked."
+  type        = string
+  default     = "hindsight"
+  validation {
+    condition     = contains(["hindsight", "agentcore"], var.memory_engine)
+    error_message = "memory_engine must be 'hindsight' or 'agentcore'."
+  }
+}
+
+variable "db_cluster_arn" {
+  description = "Aurora DB cluster ARN. Injected as DB_CLUSTER_ARN so AuroraSessionStore (plan §005 U4) can target the cluster via the RDS Data API. The cluster's IAM resource scope (thinkwork-<stage>-db-* in agentcore-flue's role policy) covers any cluster-id suffix."
+  type        = string
+  default     = ""
+}
+
+variable "db_secret_arn" {
+  description = "Secrets Manager ARN for the Aurora cluster credentials. Injected as DB_SECRET_ARN so AuroraSessionStore can authenticate against the cluster via the RDS Data API. Matches the secret graphql-http already consumes — single source of truth."
+  type        = string
+  default     = ""
+}

package/dist/terraform/modules/app/agentcore-runtime/main.tf

@@ -38,6 +38,26 @@ variable "agentcore_memory_id" {
   default     = ""
 }
 
+variable "api_endpoint" {
+  description = "Deployed API Gateway base URL. Injected as THINKWORK_API_URL so the composition runner (run_skill dispatch) can POST terminal state back to /api/skills/complete."
+  type        = string
+  default     = ""
+}
+
+variable "api_auth_secret" {
+  description = "Service-auth bearer shared secret. Injected as API_AUTH_SECRET so the composition runner can authenticate to /api/skills/complete. Matches the lambda-api module's value."
+  type        = string
+  default     = ""
+  sensitive   = true
+}
+
+variable "nova_act_api_key" {
+  description = "Nova Act API key used by the Strands Browser Automation tool. Stored as SSM SecureString at /thinkwork/<stage>/agentcore/nova-act-api-key. Empty string creates a placeholder; rotate the real value with aws ssm put-parameter --overwrite."
+  type        = string
+  default     = ""
+  sensitive   = true
+}
+
 variable "memory_engine" {
   description = "Active long-term memory engine ('hindsight' or 'agentcore'). Surfaced to the runtime as MEMORY_ENGINE for telemetry/debugging only; engine selection itself happens in the API's normalized memory layer when memory-retain is invoked."
   type        = string
@@ -58,6 +78,19 @@ locals {
   memory_retain_fn_arn  = "arn:aws:lambda:${var.region}:${var.account_id}:function:${local.memory_retain_fn_name}"
 }
 
+resource "aws_ssm_parameter" "nova_act_api_key" {
+  name        = "/thinkwork/${var.stage}/agentcore/nova-act-api-key"
+  type        = "SecureString"
+  value       = var.nova_act_api_key != "" ? var.nova_act_api_key : "PLACEHOLDER_SET_VIA_CLI"
+  description = "Nova Act API key consumed by the Strands Browser Automation tool."
+
+  lifecycle {
+    # Allow operator rotation to stick across applies. The runtime treats
+    # PLACEHOLDER_SET_VIA_CLI as unconfigured until the real key is populated.
+    ignore_changes = [value]
+  }
+}
+
 ################################################################################
 # ECR Repository
 ################################################################################
@@ -113,6 +146,11 @@ resource "aws_iam_role" "agentcore" {
 }
 
 resource "aws_iam_role_policy" "agentcore" {
+  # Sibling policy: ../agentcore-flue/main.tf `aws_iam_role_policy.agentcore_flue`.
+  # The two policies share ~83% of statements (S3, Bedrock, AgentCore Memory,
+  # Code Interpreter, Logs, X-Ray, ECR, SSM, MemoryRetain). Flue adds Aurora
+  # Data API + Secrets Manager for U4 SessionStore. Keep both surfaces in
+  # sync for shared statements.
   name = "agentcore-permissions"
   role = aws_iam_role.agentcore.id
 
@@ -153,6 +191,50 @@ resource "aws_iam_role_policy" "agentcore" {
         ]
         Resource = "*"
       },
+      {
+        # Code Sandbox (execute_code tool). The runtime starts a
+        # Code Interpreter session at the top of every sandbox-
+        # registered turn and executes the preamble + user code
+        # against it. Without this, the runtime role can register
+        # the tool but every invocation fails with
+        # AccessDeniedException on StartCodeInterpreterSession.
+        # Resource wildcards under code-interpreter-custom/* so any
+        # tenant's interpreter (provisioned under this account) is
+        # reachable by the Strands runtime.
+        Sid    = "AgentCoreCodeInterpreter"
+        Effect = "Allow"
+        Action = [
+          "bedrock-agentcore:StartCodeInterpreterSession",
+          "bedrock-agentcore:StopCodeInterpreterSession",
+          "bedrock-agentcore:InvokeCodeInterpreter",
+          "bedrock-agentcore:GetCodeInterpreterSession",
+          "bedrock-agentcore:ListCodeInterpreterSessions",
+          "bedrock-agentcore:GetCodeInterpreter",
+        ]
+        Resource = "arn:aws:bedrock-agentcore:${var.region}:${var.account_id}:code-interpreter-custom/*"
+      },
+      {
+        # Browser Automation (browser_automation tool). The Strands runtime
+        # starts a managed AgentCore Browser session, then connects to the
+        # automation stream over CDP. The AWS-managed browser resource uses the
+        # literal account segment `aws`, while AWS docs show account-scoped
+        # browser ARNs for the stream actions; grant both shapes.
+        Sid    = "AgentCoreBrowser"
+        Effect = "Allow"
+        Action = [
+          "bedrock-agentcore:StartBrowserSession",
+          "bedrock-agentcore:StopBrowserSession",
+          "bedrock-agentcore:GetBrowserSession",
+          "bedrock-agentcore:ListBrowserSessions",
+          "bedrock-agentcore:UpdateBrowserStream",
+          "bedrock-agentcore:ConnectBrowserAutomationStream",
+          "bedrock-agentcore:ConnectBrowserLiveViewStream",
+        ]
+        Resource = [
+          "arn:aws:bedrock-agentcore:${var.region}:aws:browser/aws.browser.v1",
+          "arn:aws:bedrock-agentcore:${var.region}:${var.account_id}:browser/*",
+        ]
+      },
       {
         Sid    = "CloudWatchLogs"
         Effect = "Allow"
@@ -260,6 +342,11 @@ resource "aws_lambda_function" "agentcore" {
       AGENTCORE_FILES_BUCKET = var.bucket_name
       MEMORY_ENGINE          = var.memory_engine
       MEMORY_RETAIN_FN_NAME  = local.memory_retain_fn_name
+      # Needed by run_skill_dispatch.py to POST terminal state back to
+      # /api/skills/complete after a composition run finishes.
+      THINKWORK_API_URL       = var.api_endpoint
+      API_AUTH_SECRET         = var.api_auth_secret
+      NOVA_ACT_SSM_PARAM_NAME = aws_ssm_parameter.nova_act_api_key.name
     }
   }
 
@@ -277,6 +364,67 @@ resource "aws_lambda_function" "agentcore" {
 # chat-agent-invoke — no Function URL is needed, and exposing one would be
 # a public attack surface for prompt injection.
 
+################################################################################
+# Async-invoke hardening — plan §U4 (InvocationType=Event)
+#
+# Post §U4 the kind=run_skill dispatch flipped to InvocationType=Event so the
+# agent loop has the full 900s Lambda budget. AWS Lambda async-invoke defaults
+# to MaximumRetryAttempts=2, which on this path means a single transient
+# failure (5xx on the /api/skills/complete callback, container OOM, etc.)
+# causes the whole agent turn to run again on a fresh invocation. The agent
+# turn is NOT idempotent — Bedrock tokens get re-burned and (in pathological
+# cases) a second partial deliverable could overwrite the first before
+# /api/skills/complete's atomic CAS rejects it with 409.
+#
+# MaximumRetryAttempts=0 makes the dispatch one-shot. The two durable
+# backstops remain:
+#   1. /api/skills/complete's atomic compare-and-swap on status='running' —
+#      idempotent writeback even if a retry did somehow fire.
+#   2. skill-runs-reconciler cron — flips rows stuck in `running` past the
+#      stale cutoff (default 15 min) to `failed` so the dedup slot frees.
+#
+# Failed invokes (IAM, image-pull, crash-before-callback) land in the
+# `async_dlq` SQS queue for operator visibility. 14-day retention matches
+# the reconciler's backstop window with margin.
+################################################################################
+
+resource "aws_sqs_queue" "agentcore_async_dlq" {
+  name                       = "thinkwork-${var.stage}-agentcore-async-dlq"
+  message_retention_seconds  = 1209600 # 14 days
+  visibility_timeout_seconds = 900     # matches Lambda timeout
+  sqs_managed_sse_enabled    = true
+
+  tags = {
+    Name = "thinkwork-${var.stage}-agentcore-async-dlq"
+  }
+}
+
+resource "aws_iam_role_policy" "agentcore_dlq_send" {
+  name = "agentcore-dlq-send"
+  role = aws_iam_role.agentcore.id
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [{
+      Effect   = "Allow"
+      Action   = ["sqs:SendMessage"]
+      Resource = aws_sqs_queue.agentcore_async_dlq.arn
+    }]
+  })
+}
+
+resource "aws_lambda_function_event_invoke_config" "agentcore" {
+  function_name                = aws_lambda_function.agentcore.function_name
+  maximum_retry_attempts       = 0
+  maximum_event_age_in_seconds = 3600
+
+  destination_config {
+    on_failure {
+      destination = aws_sqs_queue.agentcore_async_dlq.arn
+    }
+  }
+}
+
 ################################################################################
 # Outputs
 ################################################################################
@@ -300,3 +448,20 @@ output "agentcore_function_arn" {
   description = "AgentCore Lambda function ARN (for IAM policy on callers)"
   value       = aws_lambda_function.agentcore.arn
 }
+
+output "agentcore_async_dlq_arn" {
+  description = "SQS queue ARN that catches failed kind=run_skill async invokes"
+  value       = aws_sqs_queue.agentcore_async_dlq.arn
+}
+
+output "agentcore_async_dlq_url" {
+  description = "SQS queue URL for operator inspection of failed async invokes"
+  value       = aws_sqs_queue.agentcore_async_dlq.url
+}
+
+# Plan §005 U1 → U2 — the `agentcore_flue` resources that previously lived here
+# (renamed from `agentcore_pi` in U1) moved out to `../agentcore-flue/main.tf` in
+# U2. Cross-module state migration is declared in `terraform/modules/thinkwork/main.tf`
+# via `moved {}` blocks at the parent composition layer. The U1 in-module `moved`
+# blocks (`agentcore_pi` → `agentcore_flue`) were applied on the U1 deploy and
+# are no longer needed here — the resources have left the module entirely.

package/dist/terraform/modules/app/appsync-subscriptions/main.tf

@@ -77,6 +77,7 @@ locals {
     "notifyThreadUpdate",
     "notifyInboxItemUpdate",
     "notifyThreadTurnUpdate",
+    "publishComputerThreadChunk",
     "notifyOrgUpdate",
   ]
 }
@@ -101,6 +102,9 @@ resource "aws_appsync_resolver" "notifications" {
     #if(!$result.createdAt)
       #set($result.createdAt = $util.time.nowISO8601())
     #end
+    #if(!$result.publishedAt)
+      #set($result.publishedAt = $util.time.nowISO8601())
+    #end
     $util.toJson($result)
   EOF
 }

package/dist/terraform/modules/app/appsync-subscriptions/outputs.tf

@@ -3,6 +3,11 @@ output "graphql_api_id" {
   value       = aws_appsync_graphql_api.subscriptions.id
 }
 
+output "graphql_api_arn" {
+  description = "AppSync GraphQL API ARN"
+  value       = aws_appsync_graphql_api.subscriptions.arn
+}
+
 output "graphql_api_url" {
   description = "AppSync GraphQL endpoint URL (used by backend to push notifications)"
   value       = aws_appsync_graphql_api.subscriptions.uris["GRAPHQL"]

package/dist/terraform/modules/app/computer-runtime/README.md

@@ -0,0 +1,15 @@
+# Computer Runtime
+
+Shared ECS/EFS substrate for ThinkWork Computers.
+
+This module creates shared infrastructure only:
+
+- ECR repository for the Computer runtime image.
+- ECS/Fargate cluster.
+- Encrypted EFS filesystem and mount targets.
+- Task and EFS security groups, with NFS scoped to runtime tasks.
+- Optional public-IP task networking for low-cost outbound API/CLI access without a NAT gateway.
+- Execution/task roles and CloudWatch log group.
+- Manager IAM policy for per-Computer access points, task definitions, and services.
+
+Per-Computer EFS access points, task-definition revisions, and ECS services are created by the Computer manager Lambda from database rows. Terraform should not create one resource set per user.