bedrock-agentcore-starter-toolkit 0.1.10__py3-none-any.whl → 0.1.12__py3-none-any.whl

bedrock_agentcore_starter_toolkit/cli/cli.py

@@ -5,7 +5,7 @@ import typer
 from ..cli.gateway.commands import create_mcp_gateway, create_mcp_gateway_target, gateway_app
 from ..utils.logging_config import setup_toolkit_logging
 from .import_agent.commands import import_agent
-from .runtime.commands import configure_app, invoke, launch, status, destroy
+from .runtime.commands import configure_app, destroy, invoke, launch, status
 
 app = typer.Typer(name="agentcore", help="BedrockAgentCore CLI", add_completion=False, rich_markup_mode="rich")
 

bedrock_agentcore_starter_toolkit/cli/runtime/commands.py

@@ -20,7 +20,9 @@ from ...operations.runtime import (
     launch_bedrock_agentcore,
     validate_agent_name,
 )
+from ...utils.runtime.config import load_config
 from ...utils.runtime.entrypoint import parse_entrypoint
+from ...utils.runtime.logs import get_agent_log_paths, get_aws_tail_commands, get_genai_observability_url
 from ..common import _handle_error, _print_success, console
 from .configuration_manager import ConfigurationManager
 
@@ -66,7 +68,7 @@ def _prompt_for_requirements_file(prompt_text: str, default: str = "") -> Option
     return None
 
 
-def _handle_requirements_file_display(requirements_file: Optional[str]) -> Optional[str]:
+def _handle_requirements_file_display(requirements_file: Optional[str], non_interactive: bool = False) -> Optional[str]:
     """Handle requirements file with display logic for CLI."""
     from ...utils.runtime.entrypoint import detect_dependencies
 
@@ -74,6 +76,15 @@ def _handle_requirements_file_display(requirements_file: Optional[str]) -> Optio
         # User provided file - validate and show confirmation
         return _validate_requirements_file(requirements_file)
 
+    if non_interactive:
+        # Auto-detection for non-interactive mode
+        deps = detect_dependencies(Path.cwd())
+        if deps.found:
+            _print_success(f"Using detected file: [dim]{deps.file}[/dim]")
+            return None  # Use detected file
+        else:
+            _handle_error("No requirements file specified and none found automatically")
+
     # Auto-detection with interactive prompt
     deps = detect_dependencies(Path.cwd())
 
@@ -112,8 +123,6 @@ def list_agents():
     """List configured agents."""
     config_path = Path.cwd() / ".bedrock_agentcore.yaml"
     try:
-        from ...utils.runtime.config import load_config
-
         project_config = load_config(config_path)
         if not project_config.agents:
             console.print("[yellow]No agents configured.[/yellow]")
@@ -170,6 +179,9 @@ def configure(
     verbose: bool = typer.Option(False, "--verbose", "-v", help="Enable verbose output"),
     region: Optional[str] = typer.Option(None, "--region", "-r"),
     protocol: Optional[str] = typer.Option(None, "--protocol", "-p", help="Server protocol (HTTP or MCP)"),
+    non_interactive: bool = typer.Option(
+        False, "--non-interactive", "-ni", help="Skip prompts; use defaults unless overridden"
+    ),
 ):
     """Configure a Bedrock AgentCore agent. The agent name defaults to your Python file name."""
     if ctx.invoked_subcommand is not None:
@@ -196,7 +208,7 @@ def configure(
 
     # Create configuration manager for clean, elegant prompting
     config_path = Path.cwd() / ".bedrock_agentcore.yaml"
-    config_manager = ConfigurationManager(config_path)
+    config_manager = ConfigurationManager(config_path, non_interactive)
 
     # Interactive prompts for missing values - clean and elegant
     if not execution_role:
@@ -217,7 +229,7 @@ def configure(
         _print_success(f"Using existing ECR repository: [dim]{ecr_repository}[/dim]")
 
     # Handle dependency file selection with simplified logic
-    final_requirements_file = _handle_requirements_file_display(requirements_file)
+    final_requirements_file = _handle_requirements_file_display(requirements_file, non_interactive)
 
     # Handle OAuth authorization configuration
     oauth_config = None
@@ -404,6 +416,8 @@ def launch(
                 auto_update_on_conflict=auto_update_on_conflict,
             )
 
+        project_config = load_config(config_path)
+        agent_config = project_config.get_agent_config(agent)
         # Handle result based on mode
         if result.mode == "local":
             _print_success(f"Docker image built: {result.tag}")
@@ -422,6 +436,10 @@ def launch(
         elif result.mode == "codebuild":
             # Show deployment success panel
             agent_name = result.tag.split(":")[0].replace("bedrock_agentcore-", "")
+
+            # Get region from configuration
+            region = agent_config.aws.region if agent_config else "us-east-1"
+
             deploy_panel = (
                 f"✅ [green]CodeBuild Deployment Successful![/green]\n\n"
                 f"[bold]Agent Details:[/bold]\n"
@@ -437,18 +455,18 @@ def launch(
 
             # Add log information if we have agent_id
             if result.agent_id:
-                from ...utils.runtime.logs import get_agent_log_paths, get_aws_tail_commands
-
                 runtime_logs, otel_logs = get_agent_log_paths(result.agent_id)
                 follow_cmd, since_cmd = get_aws_tail_commands(runtime_logs)
-                deploy_panel += (
-                    f"\n\n📋 [cyan]CloudWatch Logs:[/cyan]\n"
-                    f"   {runtime_logs}\n"
-                    f"   {otel_logs}\n\n"
-                    f"💡 [dim]Tail logs with:[/dim]\n"
-                    f"   {follow_cmd}\n"
-                    f"   {since_cmd}"
-                )
+                deploy_panel += f"\n\n📋 [cyan]CloudWatch Logs:[/cyan]\n   {runtime_logs}\n   {otel_logs}\n\n"
+                # Only show GenAI Observability Dashboard if OTEL is enabled
+                if agent_config and agent_config.aws.observability.enabled:
+                    deploy_panel += (
+                        f"🔍 [cyan]GenAI Observability Dashboard:[/cyan]\n"
+                        f"   {get_genai_observability_url(region)}\n\n"
+                        f"⏱️  [dim]Note: Observability data may take up to 10 minutes to appear "
+                        f"after first launch[/dim]\n\n"
+                    )
+                deploy_panel += f"💡 [dim]Tail logs with:[/dim]\n   {follow_cmd}\n   {since_cmd}"
 
             console.print(
                 Panel(
@@ -483,8 +501,6 @@ def launch(
             )
 
             if result.agent_id:
-                from ...utils.runtime.logs import get_agent_log_paths, get_aws_tail_commands
-
                 runtime_logs, otel_logs = get_agent_log_paths(result.agent_id)
                 follow_cmd, since_cmd = get_aws_tail_commands(runtime_logs)
                 deploy_panel += (
@@ -530,15 +546,17 @@ def _show_invoke_info_panel(agent_name: str, invoke_result=None, config=None):
     # Agent ARN
     if invoke_result and invoke_result.agent_arn:
         info_lines.append(f"ARN: [cyan]{invoke_result.agent_arn}[/cyan]")
-    # CloudWatch logs (if we have config with agent_id)
+    # CloudWatch logs and GenAI Observability Dashboard (if we have config with agent_id)
     if config and hasattr(config, "bedrock_agentcore") and config.bedrock_agentcore.agent_id:
         try:
-            from ...utils.runtime.logs import get_agent_log_paths, get_aws_tail_commands
-
             runtime_logs, _ = get_agent_log_paths(config.bedrock_agentcore.agent_id)
             follow_cmd, since_cmd = get_aws_tail_commands(runtime_logs)
             info_lines.append(f"Logs: {follow_cmd}")
             info_lines.append(f"      {since_cmd}")
+
+            # Only show GenAI Observability Dashboard if OTEL is enabled
+            if config.aws.observability.enabled:
+                info_lines.append(f"GenAI Dashboard: {get_genai_observability_url(config.aws.region)}")
         except Exception:
             pass  # nosec B110
     panel_content = "\n".join(info_lines) if info_lines else "Invoke information unavailable"
@@ -580,8 +598,6 @@ def invoke(
     config_path = Path.cwd() / ".bedrock_agentcore.yaml"
 
     try:
-        from ...utils.runtime.config import load_config
-
         # Load project configuration to check if auth is configured
         project_config = load_config(config_path)
         config = project_config.get_agent_config(agent)
@@ -671,8 +687,6 @@ def invoke(
             agent_name = config.name if config else (agent or "unknown")
         except (NameError, AttributeError):
             try:
-                from ...utils.runtime.config import load_config
-
                 fallback_project_config = load_config(config_path)
                 agent_config = fallback_project_config.get_agent_config(agent)
                 agent_name = agent_config.name if agent_config else (agent or "unknown")
@@ -777,20 +791,24 @@ def status(
                     agent_id = status_json.get("config", {}).get("agent_id")
                     if agent_id:
                         try:
-                            from ...utils.runtime.logs import get_agent_log_paths, get_aws_tail_commands
-
                             endpoint_name = endpoint_data.get("name")
                             runtime_logs, otel_logs = get_agent_log_paths(agent_id, endpoint_name)
                             follow_cmd, since_cmd = get_aws_tail_commands(runtime_logs)
 
-                            panel_content += (
-                                f"📋 [cyan]CloudWatch Logs:[/cyan]\n"
-                                f"   {runtime_logs}\n"
-                                f"   {otel_logs}\n\n"
-                                f"💡 [dim]Tail logs with:[/dim]\n"
-                                f"   {follow_cmd}\n"
-                                f"   {since_cmd}\n\n"
-                            )
+                            panel_content += f"📋 [cyan]CloudWatch Logs:[/cyan]\n   {runtime_logs}\n   {otel_logs}\n\n"
+
+                            # Only show GenAI Observability Dashboard if OTEL is enabled
+                            project_config = load_config(config_path)
+                            agent_config = project_config.get_agent_config(agent)
+                            if agent_config and agent_config.aws.observability.enabled:
+                                panel_content += (
+                                    f"🔍 [cyan]GenAI Observability Dashboard:[/cyan]\n"
+                                    f"   {get_genai_observability_url(status_json['config']['region'])}\n\n"
+                                    f"⏱️  [dim]Note: Observability data may take up to 10 minutes to appear "
+                                    f"after first launch[/dim]\n\n"
+                                )
+
+                            panel_content += f"💡 [dim]Tail logs with:[/dim]\n   {follow_cmd}\n   {since_cmd}\n\n"
                         except Exception:  # nosec B110
                             # If log retrieval fails, continue without logs section
                             pass
@@ -870,15 +888,13 @@ def destroy(
     dry_run: bool = typer.Option(
         False, "--dry-run", help="Show what would be destroyed without actually destroying anything"
     ),
-    force: bool = typer.Option(
-        False, "--force", help="Skip confirmation prompts and destroy immediately"
-    ),
+    force: bool = typer.Option(False, "--force", help="Skip confirmation prompts and destroy immediately"),
     delete_ecr_repo: bool = typer.Option(
         False, "--delete-ecr-repo", help="Also delete the ECR repository after removing images"
     ),
 ) -> None:
     """Destroy Bedrock AgentCore resources.
-    
+
     This command removes the following AWS resources for the specified agent:
     - Bedrock AgentCore endpoint (if exists)
     - Bedrock AgentCore agent runtime
@@ -887,26 +903,27 @@ def destroy(
     - IAM execution role (only if not used by other agents)
     - Agent deployment configuration
     - ECR repository (only if --delete-ecr-repo is specified)
-    
+
     CAUTION: This action cannot be undone. Use --dry-run to preview changes first.
     """
     config_path = Path.cwd() / ".bedrock_agentcore.yaml"
 
     try:
-        from ...utils.runtime.config import load_config
-
         # Load project configuration to get agent details
         project_config = load_config(config_path)
         agent_config = project_config.get_agent_config(agent)
-        
+
         if not agent_config:
             _handle_error(f"Agent '{agent or 'default'}' not found in configuration")
-            
+
         actual_agent_name = agent_config.name
 
         # Show what will be destroyed
         if dry_run:
-            console.print(f"[cyan]🔍 Dry run: Preview of resources that would be destroyed for agent '{actual_agent_name}'[/cyan]\n")
+            console.print(
+                f"[cyan]🔍 Dry run: Preview of resources that would be destroyed for agent "
+                f"'{actual_agent_name}'[/cyan]\n"
+            )
         else:
             console.print(f"[yellow]⚠️  About to destroy resources for agent '{actual_agent_name}'[/yellow]\n")
 
@@ -956,7 +973,9 @@ def destroy(
             color = "cyan"
         else:
             if result.errors:
-                console.print(f"[yellow]⚠️  Destruction completed with errors for agent '{result.agent_name}'[/yellow]\n")
+                console.print(
+                    f"[yellow]⚠️  Destruction completed with errors for agent '{result.agent_name}'[/yellow]\n"
+                )
                 title = "Destruction Results (With Errors)"
                 color = "yellow"
             else:
@@ -987,7 +1006,7 @@ def destroy(
             console.print("  • Run 'agentcore configure --entrypoint <file>' to set up a new agent")
             console.print("  • Run 'agentcore launch' to deploy to Bedrock AgentCore")
         elif dry_run:
-            console.print(f"\n[dim]To actually destroy these resources, run:[/dim]")
+            console.print("\n[dim]To actually destroy these resources, run:[/dim]")
             destroy_cmd = f"  agentcore destroy{f' --agent {actual_agent_name}' if agent else ''}"
             if delete_ecr_repo:
                 destroy_cmd += " --delete-ecr-repo"

bedrock_agentcore_starter_toolkit/cli/runtime/configuration_manager.py

@@ -10,19 +10,25 @@ from ..common import _handle_error, _print_success, _prompt_with_default, consol
 class ConfigurationManager:
     """Manages interactive configuration prompts with existing configuration defaults."""
 
-    def __init__(self, config_path: Path):
+    def __init__(self, config_path: Path, non_interactive: bool = False):
         """Initialize the ConfigPrompt with a configuration path.
 
         Args:
             config_path: Path to the configuration file
+            non_interactive: If True, use defaults without prompting
         """
         from ...utils.runtime.config import load_config_if_exists
 
         project_config = load_config_if_exists(config_path)
         self.existing_config = project_config.get_agent_config() if project_config else None
+        self.non_interactive = non_interactive
 
     def prompt_execution_role(self) -> Optional[str]:
         """Prompt for execution role. Returns role name/ARN or None for auto-creation."""
+        if self.non_interactive:
+            _print_success("Will auto-create execution role")
+            return None
+
         console.print("\n🔐 [cyan]Execution Role[/cyan]")
         console.print(
             "[dim]Press Enter to auto-create execution role, or provide execution role ARN/name to use existing[/dim]"
@@ -43,6 +49,10 @@ class ConfigurationManager:
 
     def prompt_ecr_repository(self) -> tuple[Optional[str], bool]:
         """Prompt for ECR repository. Returns (repository, auto_create_flag)."""
+        if self.non_interactive:
+            _print_success("Will auto-create ECR repository")
+            return None, True
+
         console.print("\n🏗️  [cyan]ECR Repository[/cyan]")
         console.print(
             "[dim]Press Enter to auto-create ECR repository, or provide ECR Repository URI to use existing[/dim]"
@@ -63,6 +73,10 @@ class ConfigurationManager:
 
     def prompt_oauth_config(self) -> Optional[dict]:
         """Prompt for OAuth configuration. Returns OAuth config dict or None."""
+        if self.non_interactive:
+            _print_success("Using default IAM authorization")
+            return None
+
         console.print("\n🔐 [cyan]Authorization Configuration[/cyan]")
         console.print("[dim]By default, Bedrock AgentCore uses IAM authorization.[/dim]")
 

bedrock_agentcore_starter_toolkit/operations/gateway/client.py

@@ -176,6 +176,145 @@ class GatewayClient:
         self.logger.info("\n✅Target is ready")
         return target
 
+    def fix_iam_permissions(self, gateway: dict) -> None:
+        """Fix IAM role trust policy for the gateway.
+
+        :param gateway: the gateway dict containing roleArn
+        """
+        # Check for None gateway
+        if gateway is None:
+            return
+
+        # Check for missing roleArn
+        role_arn = gateway.get("roleArn")
+        if not role_arn:
+            return
+
+        sts = boto3.client("sts")
+        iam = boto3.client("iam")
+
+        account_id = sts.get_caller_identity()["Account"]
+        role_name = role_arn.split("/")[-1]
+
+        # Update trust policy
+        trust_policy = {
+            "Version": "2012-10-17",
+            "Statement": [
+                {
+                    "Effect": "Allow",
+                    "Principal": {"Service": "bedrock-agentcore.amazonaws.com"},
+                    "Action": "sts:AssumeRole",
+                    "Condition": {
+                        "StringEquals": {"aws:SourceAccount": account_id},
+                        "ArnLike": {"aws:SourceArn": f"arn:aws:bedrock-agentcore:{self.region}:{account_id}:*"},
+                    },
+                }
+            ],
+        }
+
+        try:
+            iam.update_assume_role_policy(RoleName=role_name, PolicyDocument=json.dumps(trust_policy))
+
+            # Add Lambda permissions
+            iam.put_role_policy(
+                RoleName=role_name,
+                PolicyName="LambdaInvokePolicy",
+                PolicyDocument=json.dumps(
+                    {
+                        "Version": "2012-10-17",
+                        "Statement": [
+                            {
+                                "Effect": "Allow",
+                                "Action": ["lambda:InvokeFunction"],
+                                "Resource": (
+                                    f"arn:aws:lambda:{self.region}:{account_id}:function:AgentCoreLambdaTestFunction"
+                                ),
+                            }
+                        ],
+                    }
+                ),
+            )
+            self.logger.info("✓ Fixed IAM permissions for Gateway")
+        except Exception as e:
+            self.logger.warning("⚠️ IAM role update failed: %s. Continuing with best effort.", str(e))
+
+    def cleanup_gateway(self, gateway_id: str, client_info: Optional[Dict] = None) -> None:
+        """Remove all resources associated with a gateway.
+
+        :param gateway_id: the ID of the gateway to clean up
+        :param client_info: optional Cognito client info for cleanup
+        """
+        self.logger.info("🧹 Cleaning up Gateway resources...")
+
+        gateway_client = self.client
+
+        # Step 1: List and delete all targets
+        self.logger.info("  • Finding targets for gateway: %s", gateway_id)
+
+        try:
+            response = gateway_client.list_gateway_targets(gatewayIdentifier=gateway_id)
+            # API returns targets in 'items' field
+            targets = response.get("items", [])
+            self.logger.info("    Found %s targets to delete", len(targets))
+
+            for target in targets:
+                target_id = target["targetId"]
+                self.logger.info("  • Deleting target: %s", target_id)
+                try:
+                    gateway_client.delete_gateway_target(gatewayIdentifier=gateway_id, targetId=target_id)
+                    self.logger.info("    ✓ Target deletion initiated: %s", target_id)
+                    # Wait for deletion to complete
+                    time.sleep(5)
+                except Exception as e:
+                    self.logger.warning("    ⚠️ Error deleting target %s: %s", target_id, str(e))
+
+            # Verify all targets are deleted
+            self.logger.info("  • Verifying targets deletion...")
+            time.sleep(5)  # Additional wait
+            verify_response = gateway_client.list_gateway_targets(gatewayIdentifier=gateway_id)
+            remaining_targets = verify_response.get("items", [])
+            if remaining_targets:
+                self.logger.warning("    ⚠️ %s targets still remain", len(remaining_targets))
+            else:
+                self.logger.info("    ✓ All targets deleted")
+
+        except Exception as e:
+            self.logger.warning("    ⚠️ Error managing targets: %s", str(e))
+
+        # Step 2: Delete the gateway
+        try:
+            self.logger.info("  • Deleting gateway: %s", gateway_id)
+            gateway_client.delete_gateway(gatewayIdentifier=gateway_id)
+            self.logger.info("    ✓ Gateway deleted: %s", gateway_id)
+        except Exception as e:
+            self.logger.warning("    ⚠️ Error deleting gateway: %s", str(e))
+
+        # Step 3: Delete Cognito resources if provided
+        if client_info and "user_pool_id" in client_info:
+            cognito = boto3.client("cognito-idp", region_name=self.region)
+            user_pool_id = client_info["user_pool_id"]
+
+            # Delete domain first
+            if "domain_prefix" in client_info:
+                domain_prefix = client_info["domain_prefix"]
+                self.logger.info("  • Deleting Cognito domain: %s", domain_prefix)
+                try:
+                    cognito.delete_user_pool_domain(UserPoolId=user_pool_id, Domain=domain_prefix)
+                    self.logger.info("    ✓ Cognito domain deleted")
+                    time.sleep(5)  # Wait for domain deletion
+                except Exception as e:
+                    self.logger.warning("    ⚠️ Error deleting Cognito domain: %s", str(e))
+
+            # Now delete the user pool
+            self.logger.info("  • Deleting Cognito user pool: %s", user_pool_id)
+            try:
+                cognito.delete_user_pool(UserPoolId=user_pool_id)
+                self.logger.info("    ✓ Cognito user pool deleted")
+            except Exception as e:
+                self.logger.warning("    ⚠️ Error deleting Cognito user pool: %s", str(e))
+
+        self.logger.info("✅ Cleanup complete")
+
     def __handle_lambda_target_creation(self, role_arn: str) -> Dict[str, Any]:
         """Create a test lambda.