import { Duration, RemovalPolicy } from 'aws-cdk-lib'; import { CognitoUserPoolsAuthorizer, RestApi } from 'aws-cdk-lib/aws-apigateway'; import { CfnRuntime } from 'aws-cdk-lib/aws-bedrockagentcore'; import { UserPool, UserPoolClient } from 'aws-cdk-lib/aws-cognito'; import { ITable } from 'aws-cdk-lib/aws-dynamodb'; import { ISecurityGroup, SubnetSelection } from 'aws-cdk-lib/aws-ec2'; import { IGrantable, Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam'; import { IKey, Key } from 'aws-cdk-lib/aws-kms'; import { IFunction, Architecture, ILayerVersion } from 'aws-cdk-lib/aws-lambda'; import { IBucket } from 'aws-cdk-lib/aws-s3'; import { Construct } from 'constructs'; import { BaseAgent, BaseAgentProps } from './base-agent'; import { Network } from '../foundation'; /** * Strategy interface for pluggable communication mechanisms. * Default implementation is StreamingHttpAdapter (API Gateway REST API with response streaming). */ export interface ICommunicationAdapter { /** * Attach the adapter to a Lambda function and create communication infrastructure. * Returns the public endpoint URL for client connections. */ attachToFunction(lambdaFunction: IFunction): string; /** * Grant the Lambda function permission to send responses back to clients. */ grantInvoke(lambdaFunction: IFunction): void; } /** * Throttle settings for REST API. */ export interface ThrottleSettings { /** * Rate limit (requests per second). */ readonly rateLimit?: number; /** * Burst limit (maximum concurrent requests). */ readonly burstLimit?: number; } /** * Configuration properties for StreamingHttpAdapter. */ export interface StreamingHttpAdapterProps { /** * REST API stage name. * * @default 'prod' */ readonly stageName?: string; /** * Throttle settings for REST API. * * @default No throttling */ readonly throttle?: ThrottleSettings; /** * Authenticator for securing API endpoints. * * @default Uses authenticator from InteractiveAgent */ readonly authenticator?: IAuthenticator; /** * HTTP methods to allow in CORS preflight responses. * Use this to enable additional methods (GET, DELETE, PUT) for custom routes * added to the REST API. * * @default ['POST', 'OPTIONS'] */ readonly corsAllowMethods?: string[]; } /** * Streaming HTTP adapter for real-time agent communication via SSE. * * This adapter creates an API Gateway REST API with response streaming enabled, * allowing the Lambda function to stream SSE (Server-Sent Events) responses * back to clients as the Strands Agent generates tokens. * * ## Architecture * * ``` * Client → POST /chat → API Gateway REST API (STREAM mode) → Lambda (FastAPI + LWA) → Bedrock * Client ← SSE stream ← API Gateway ← Lambda response streaming ← Agent tokens * ``` * * ## Features * * - **Response Streaming**: Progressive SSE delivery via API Gateway response streaming * - **15-Minute Timeout**: Extended timeout for long-running agent conversations * - **Cognito Auth**: Native COGNITO_USER_POOLS authorizer on REST API * - **CORS**: Built-in CORS support for browser clients * - **Throttling**: Configurable rate and burst limits * * ## Example * * ```typescript * import { Asset } from 'aws-cdk-lib/aws-s3-assets'; * import { InteractiveAgent, StreamingHttpAdapter } from '@cdklabs/cdk-appmod-catalog-blueprints'; * * const myPrompt = new Asset(this, 'Prompt', { path: './prompt.txt' }); * const adapter = new StreamingHttpAdapter({ * stageName: 'prod', * throttle: { rateLimit: 100, burstLimit: 200 } * }); * * const agent = new InteractiveAgent(this, 'Agent', { * agentName: 'ChatAgent', * agentDefinition: { bedrockModel: {}, systemPrompt: myPrompt }, * communicationAdapter: adapter * }); * ``` */ export declare class StreamingHttpAdapter implements ICommunicationAdapter { /** * The REST API Gateway. */ readonly restApi?: RestApi; /** * The Cognito User Pools authorizer (if Cognito authentication is enabled). */ readonly cognitoAuthorizer?: CognitoUserPoolsAuthorizer; /** * The API endpoint URL. */ readonly apiEndpoint?: string; private readonly props; private scope?; constructor(props?: StreamingHttpAdapterProps); /** * Attach the adapter to a Lambda function and create REST API infrastructure. * Creates API Gateway REST API with POST /chat endpoint and response streaming. */ attachToFunction(lambdaFunction: IFunction): string; /** * Grant the Lambda function permissions for API Gateway integration. * For REST API streaming, no additional permissions are needed beyond the invoke permission. */ grantInvoke(_lambdaFunction: IFunction): void; /** * Initialize the adapter with a CDK scope. * Must be called before attachToFunction or grantInvoke. * * @internal */ _setScope(scope: Construct): void; } /** * Strategy interface for session persistence. * * Session stores manage conversation state persistence across HTTP requests. * The default implementation (S3SessionManager) uses S3 for durable storage. * * @deprecated Use Strands-native `S3SessionManager` from `strands.session.s3_session_manager` instead. * The Python handler now uses Strands-native session management automatically. */ export interface ISessionStore { /** * The S3 bucket used for session storage (if S3-based). */ readonly sessionBucket?: IBucket; /** * Grant read/write permissions to a Lambda function. * * @param lambdaFunction - The Lambda function that needs access to the session store */ grantReadWrite(lambdaFunction: IFunction): void; } /** * Configuration properties for S3SessionManager. * * @deprecated Use Strands-native `S3SessionManager` from `strands.session.s3_session_manager` instead. */ export interface S3SessionManagerProps { /** * S3 bucket for session storage. * * @default Auto-created bucket with KMS encryption */ readonly bucket?: IBucket; /** * Time-to-live for sessions. * Sessions older than this duration will be automatically deleted. * * @default Duration.hours(24) */ readonly sessionTTL?: Duration; /** * KMS encryption key for the session bucket. * * @default Auto-created KMS key with rotation enabled */ readonly encryptionKey?: IKey; /** * Removal policy for the session bucket. * * @default RemovalPolicy.DESTROY */ readonly removalPolicy?: RemovalPolicy; } /** * S3-based session manager for persisting conversation state. * * Uses S3 for durable storage of session data with automatic expiration * via lifecycle policies. Each HTTP request loads/saves session state, * enabling multi-turn conversations over stateless HTTP. * * ## Features * * - **Durable Storage**: Sessions persisted to S3 survive Lambda restarts * - **Automatic Expiration**: Lifecycle policy removes old sessions * - **Encryption**: KMS encryption at rest * - **Cost Optimization**: S3 Standard storage with lifecycle management * * ## Usage * * ```typescript * import { Asset } from 'aws-cdk-lib/aws-s3-assets'; * import { InteractiveAgent, S3SessionManager } from '@cdklabs/cdk-appmod-catalog-blueprints'; * import { Duration } from 'aws-cdk-lib'; * * const myPrompt = new Asset(this, 'Prompt', { path: './prompt.txt' }); * const sessionManager = new S3SessionManager(this, 'SessionManager', { * sessionTTL: Duration.hours(48) * }); * * const agent = new InteractiveAgent(this, 'Agent', { * agentName: 'ChatAgent', * agentDefinition: { bedrockModel: {}, systemPrompt: myPrompt }, * sessionStore: sessionManager * }); * ``` * * @deprecated Use Strands-native `S3SessionManager` from `strands.session.s3_session_manager` instead. * The Python handler now uses Strands-native session management automatically. * An S3 bucket is still created for the Strands session manager; this CDK class * is no longer needed to configure session persistence. */ export declare class S3SessionManager implements ISessionStore { /** * The S3 bucket used for session storage. */ readonly bucket: IBucket; /** * The session TTL duration. */ readonly sessionTTL: Duration; constructor(scope: Construct, id: string, props?: S3SessionManagerProps); /** * The S3 bucket used for session storage (ISessionStore interface). */ get sessionBucket(): IBucket | undefined; /** * Grant read/write permissions to a Lambda function. */ grantReadWrite(lambdaFunction: IFunction): void; } /** * Strategy interface for conversation history management. * * Context strategies control how conversation history is maintained and provided * to the agent. Different strategies enable different conversation patterns. * * @deprecated Use Strands-native `SlidingWindowConversationManager` from * `strands.agent.conversation_manager` instead. The Python handler now uses * Strands-native conversation management automatically. */ export interface IContextStrategy { /** * Get environment variables for Lambda configuration. * * @returns Environment variables to configure the context manager */ environmentVariables(): Record; } /** * Configuration properties for SlidingWindowConversationManager. * * @deprecated Use Strands-native `SlidingWindowConversationManager` from * `strands.agent.conversation_manager` instead. */ export interface SlidingWindowConversationManagerProps { /** * Maximum number of messages to keep in conversation history. * * @default 20 messages */ readonly windowSize?: number; } /** * Sliding window conversation manager for maintaining recent conversation history. * * Keeps a fixed-size window of recent messages, automatically discarding older * messages as new ones arrive. Provides consistent context size for the agent. * * ## Usage * * ```typescript * import { Asset } from 'aws-cdk-lib/aws-s3-assets'; * import { InteractiveAgent, SlidingWindowConversationManager } from '@cdklabs/cdk-appmod-catalog-blueprints'; * * const myPrompt = new Asset(this, 'Prompt', { path: './prompt.txt' }); * const contextManager = new SlidingWindowConversationManager({ windowSize: 30 }); * * const agent = new InteractiveAgent(this, 'Agent', { * agentName: 'ChatAgent', * agentDefinition: { bedrockModel: {}, systemPrompt: myPrompt }, * contextStrategy: contextManager * }); * ``` * * @deprecated Use Strands-native `SlidingWindowConversationManager` from * `strands.agent.conversation_manager` instead. The Python handler now handles * conversation windowing natively. */ export declare class SlidingWindowConversationManager implements IContextStrategy { /** * The window size (number of messages to keep). */ readonly windowSize: number; constructor(props?: SlidingWindowConversationManagerProps); /** * Get environment variables for Lambda configuration. */ environmentVariables(): Record; } /** * Null conversation manager for stateless interactions. * * Disables conversation history, treating each message as independent. * Useful for stateless use cases where context is not needed. * * @deprecated The Python handler now uses Strands-native conversation management. * To disable conversation history, omit the session bucket configuration. */ export declare class NullConversationManager implements IContextStrategy { /** * Get environment variables for Lambda configuration. */ environmentVariables(): Record; } /** * Strategy interface for authentication mechanisms. * * Authenticators control how API endpoints are secured. * Different implementations support various authentication methods. */ export interface IAuthenticator { /** * Grant authentication permissions to a Lambda function. */ grantAuthenticate(lambdaFunction: IFunction): void; /** * Get environment variables for Lambda configuration. */ environmentVariables(): Record; } /** * Configuration properties for CognitoAuthenticator. */ export interface CognitoAuthenticatorProps { /** * Cognito User Pool for authentication. * * @default Auto-created User Pool with secure defaults */ readonly userPool?: UserPool; /** * Cognito User Pool Client. * * @default Auto-created client with appropriate auth flows */ readonly userPoolClient?: UserPoolClient; /** * Removal policy for Cognito resources. * * @default RemovalPolicy.DESTROY */ readonly removalPolicy?: RemovalPolicy; } /** * Cognito-based authenticator for securing REST API endpoints. * * Creates a Cognito User Pool and integrates with API Gateway REST API * using the native COGNITO_USER_POOLS authorizer type. Clients send * JWT tokens in the Authorization header. * * ## Features * * - **Native JWT Validation**: API Gateway validates tokens without custom Lambda * - **User Management**: Built-in user registration and management * - **Password Policies**: Enforces strong password requirements * - **Account Recovery**: Email-based account recovery * * ## Usage * * ```typescript * import { Asset } from 'aws-cdk-lib/aws-s3-assets'; * import { RemovalPolicy } from 'aws-cdk-lib'; * import { InteractiveAgent, CognitoAuthenticator } from '@cdklabs/cdk-appmod-catalog-blueprints'; * * const myPrompt = new Asset(this, 'Prompt', { path: './prompt.txt' }); * const authenticator = new CognitoAuthenticator({ * removalPolicy: RemovalPolicy.RETAIN * }); * * const agent = new InteractiveAgent(this, 'Agent', { * agentName: 'ChatAgent', * agentDefinition: { bedrockModel: {}, systemPrompt: myPrompt }, * authenticator * }); * ``` */ export declare class CognitoAuthenticator implements IAuthenticator { /** * The Cognito User Pool. */ readonly userPool?: UserPool; /** * The Cognito User Pool Client. */ readonly userPoolClient?: UserPoolClient; private scope?; private readonly removalPolicy; constructor(props?: CognitoAuthenticatorProps); /** * Grant authentication permissions to a Lambda function. * Grants permissions to verify Cognito tokens. */ grantAuthenticate(lambdaFunction: IFunction): void; /** * Get environment variables for Lambda configuration. */ environmentVariables(): Record; /** * Initialize the authenticator with a CDK scope. * Creates User Pool and Client if not provided. * * @internal */ _setScope(scope: Construct): void; } /** * Strategy interface for session index storage. * * Session indexes provide fast user to session lookups for listing and managing sessions. * The default implementation (DynamoDBSessionIndex) uses DynamoDB for efficient queries. */ export interface ISessionIndex { /** * Grant read/write permissions to a grantee. * * @param grantee - The principal that needs access to the session index */ grantReadWrite(grantee: IGrantable): void; /** * Get environment variables for Lambda configuration. * * @returns Environment variables to configure the session index */ environmentVariables(): Record; } /** * Configuration properties for DynamoDBSessionIndex. */ export interface DynamoDBSessionIndexProps { /** * Existing DynamoDB table to use. * Table must have partition key 'user_id' (String) and sort key 'session_id' (String). * * @default Auto-created table */ readonly table?: ITable; /** * Time-to-live for session index records. * When set, expired records are automatically removed by DynamoDB TTL. * * @default No TTL (sessions persist until explicitly deleted) */ readonly sessionTTL?: Duration; /** * KMS key for table encryption. * * @default AWS managed encryption */ readonly encryptionKey?: IKey; /** * Removal policy for the DynamoDB table. * * @default RemovalPolicy.DESTROY */ readonly removalPolicy?: RemovalPolicy; } /** * DynamoDB-based session index for fast user to session lookups. * * Creates a DynamoDB table indexed by user_id (partition key) and session_id (sort key) * for efficient querying of a user's sessions. The table stores session metadata * including creation time, last update time, and optional TTL for automatic cleanup. * * ## Table Schema * * - **Partition Key**: user_id (String) - User identifier from authentication * - **Sort Key**: session_id (String) - Unique session identifier * - **Attributes**: created_at, updated_at, last_message, expires_at (optional) * * ## Features * * - **Fast Lookups**: Query all sessions for a user in O(1) using partition key * - **Automatic Expiration**: Optional TTL removes stale sessions automatically * - **On-Demand Capacity**: Pay-per-request billing, no capacity planning needed * - **Encryption**: AWS managed or customer-managed KMS encryption * * ## Usage * * ```typescript * import { Asset } from 'aws-cdk-lib/aws-s3-assets'; * import { Duration } from 'aws-cdk-lib'; * import { InteractiveAgent, DynamoDBSessionIndex } from '@cdklabs/cdk-appmod-catalog-blueprints'; * * const myPrompt = new Asset(this, 'Prompt', { path: './prompt.txt' }); * const sessionIndex = new DynamoDBSessionIndex(this, 'SessionIndex', { * sessionTTL: Duration.days(7) * }); * * const agent = new InteractiveAgent(this, 'Agent', { * agentName: 'ChatAgent', * agentDefinition: { bedrockModel: {}, systemPrompt: myPrompt }, * sessionIndex * }); * ``` */ export declare class DynamoDBSessionIndex implements ISessionIndex { /** * The DynamoDB table used for session index storage. */ readonly table: ITable; /** * The session TTL duration (if configured). */ readonly sessionTTL?: Duration; constructor(scope: Construct, id: string, props?: DynamoDBSessionIndexProps); /** * Grant read/write permissions to a grantee. */ grantReadWrite(grantee: IGrantable): void; /** * Get environment variables for Lambda configuration. */ environmentVariables(): Record; } /** * No-authentication authenticator for development and testing. * * Disables authentication entirely, allowing any client to connect * without credentials. This should ONLY be used for development * and testing environments. * * ## Security Warning * * This authenticator provides NO security. Never use in production. */ export declare class NoAuthenticator implements IAuthenticator { /** * No-op for NoAuthenticator since no authentication is performed. */ grantAuthenticate(_lambdaFunction: IFunction): void; /** * Get environment variables for Lambda configuration. */ environmentVariables(): Record; } /** * Configuration passed to a hosting adapter's deploy method. */ export interface AgentHostingConfig { /** CDK scope for creating resources. */ readonly scope: Construct; /** Agent name identifier. */ readonly agentName: string; /** IAM role for the agent runtime. */ readonly agentRole: Role; /** Environment variables to set on the runtime. */ readonly environment: Record; /** KMS encryption key. */ readonly encryptionKey: Key; /** Optional VPC network configuration. */ readonly network?: Network; /** Lambda architecture (Lambda hosting only). */ readonly architecture?: Architecture; /** Lambda memory size in MB (Lambda hosting only). */ readonly memorySize?: number; /** Lambda timeout (Lambda hosting only). */ readonly timeout?: Duration; /** Reserved concurrent executions (Lambda hosting only). */ readonly reservedConcurrentExecutions?: number; /** Lambda layers from agent definition (Lambda hosting only). */ readonly lambdaLayers?: ILayerVersion[]; /** Lambda layers from knowledge bases (Lambda hosting only). */ readonly knowledgeBaseLayers?: ILayerVersion[]; /** Whether observability is enabled. */ readonly enableObservability?: boolean; /** Agent tools location definitions (JSON serialized). */ readonly toolsConfig: string; /** System prompt S3 bucket name. */ readonly systemPromptBucket: string; /** System prompt S3 key. */ readonly systemPromptKey: string; /** Knowledge base configs (JSON serialized). */ readonly knowledgeBaseConfigs?: string; /** Knowledge base system prompt addition. */ readonly knowledgeBaseSystemPromptAddition?: string; /** Removal policy for resources. */ readonly removalPolicy?: RemovalPolicy; } /** * Result returned by a hosting adapter's deploy method. */ export interface AgentHostingResult { /** The agent endpoint URL or ARN. */ readonly endpoint: string; /** The Lambda function (if Lambda-hosted). */ readonly agentFunction?: IFunction; /** The AgentCore CfnRuntime (if AgentCore-hosted). */ readonly cfnRuntime?: CfnRuntime; } /** * Strategy interface for pluggable hosting backends. * * Hosting adapters encapsulate the infrastructure needed to run an agent. * The default implementation is `LambdaHostingAdapter` (Lambda + LWA + API Gateway). * `AgentCoreRuntimeHostingAdapter` provides an alternative using AgentCore Runtime. */ export interface IHostingAdapter { /** * The IAM service principal that this hosting backend requires. * * BaseAgent uses this to create the agent role with the correct trust policy. * For example, Lambda hosting requires `lambda.amazonaws.com` while AgentCore * hosting requires `bedrock-agentcore.amazonaws.com`. */ readonly servicePrincipal: ServicePrincipal; /** * Deploy the agent hosting infrastructure. * * @param config - Configuration for the agent hosting * @returns The hosting result including endpoint and optional resources */ deploy(config: AgentHostingConfig): AgentHostingResult; } /** * Configuration properties for LambdaHostingAdapter. */ export interface LambdaHostingAdapterProps { /** * Communication adapter for client-agent interaction. * * @default StreamingHttpAdapter */ readonly communicationAdapter?: ICommunicationAdapter; /** * Authenticator for securing API endpoints. * * @default CognitoAuthenticator */ readonly authenticator?: IAuthenticator; /** * HTTP methods to allow in CORS preflight responses. * Use this to enable additional methods (GET, DELETE, PUT) for custom routes * added to the REST API. * * @default ['POST', 'OPTIONS'] */ readonly corsAllowMethods?: string[]; /** * Lambda function memory size in MB. * * @default 1024 */ readonly memorySize?: number; /** * Lambda function timeout. * * @default Duration.minutes(15) */ readonly timeout?: Duration; /** * Lambda function architecture. * * @default Architecture.X86_64 */ readonly architecture?: Architecture; /** * Reserved concurrent executions for the Lambda function. * * @default No reserved concurrency */ readonly reservedConcurrentExecutions?: number; } /** * Lambda hosting adapter for InteractiveAgent. * * Deploys the agent as a Lambda function behind Lambda Web Adapter and API Gateway * REST API with response streaming. This is the default hosting backend. * * ## Architecture * * ``` * Client → POST /chat → API Gateway REST API (STREAM) → Lambda (FastAPI + LWA) → Bedrock * Client ← SSE stream ← API Gateway ← Lambda response streaming ← Agent tokens * ``` */ export declare class LambdaHostingAdapter implements IHostingAdapter { /** The communication adapter. */ readonly communicationAdapter?: ICommunicationAdapter; /** The authenticator. */ readonly authenticator?: IAuthenticator; private readonly props; constructor(props?: LambdaHostingAdapterProps); get servicePrincipal(): ServicePrincipal; /** * Deploy Lambda + LWA + API Gateway hosting infrastructure. */ deploy(config: AgentHostingConfig): AgentHostingResult; } /** * Custom JWT authorizer configuration for AgentCore Runtime. */ export interface AgentCoreJwtAuthorizerConfig { /** OIDC discovery URL. */ readonly discoveryUrl: string; /** Allowed audiences. */ readonly allowedAudience?: string[]; /** Allowed client IDs. */ readonly allowedClients?: string[]; } /** * Configuration properties for AgentCoreRuntimeHostingAdapter. */ /** * Network mode for AgentCore Runtime hosting. * * Determines whether the AgentCore Runtime runs on the public internet * or inside a VPC with private networking. */ export declare enum NetworkMode { /** * Runtime is publicly accessible (default). * No VPC configuration required. */ PUBLIC = "PUBLIC", /** * Runtime runs inside a VPC. * * AgentCore creates ENIs in the specified subnets. You must provide * either explicit `vpcSubnets` and `securityGroups`, or pass a * `Network` construct via `InteractiveAgent.network`. * * Use private subnets with a NAT Gateway for internet access. * Public subnets do NOT provide internet access to AgentCore ENIs. * * @see https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/agentcore-vpc.html */ VPC = "VPC" } export interface AgentCoreRuntimeHostingAdapterProps { /** * ECR container image URI. If not provided, builds from the bundled handler source. * * @default Builds from agentcore-agent-handler directory */ readonly containerImageUri?: string; /** * Network mode for the AgentCore Runtime. * * When set to `NetworkMode.VPC`, the runtime runs inside a VPC and AgentCore creates * ENIs in the specified subnets. You must provide either explicit `vpcSubnets` * and `securityGroups`, or pass a `Network` construct via `AgentHostingConfig.network` * (which is set automatically by `InteractiveAgent` when `network` is provided). * * For VPC mode, use private subnets with a NAT Gateway for internet access. * Public subnets do NOT provide internet access to AgentCore ENIs. * * @see https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/agentcore-vpc.html * @default NetworkMode.PUBLIC */ readonly networkMode?: NetworkMode; /** * Subnet selection for VPC network mode. * * Selects which subnets the AgentCore Runtime ENIs are placed in. * Requires a VPC to be provided via `AgentHostingConfig.network` * (set automatically by `InteractiveAgent` when `network` is provided) * so that subnets can be resolved. * * Best practice is to select private subnets with a NAT Gateway * in at least 2 Availability Zones. Maximum 16 subnets. * * When both `vpcSubnets` and `AgentHostingConfig.network` are provided, * `vpcSubnets` takes precedence over the network's default application subnets. * * @default - Derived from AgentHostingConfig.network.applicationSubnetSelection() if available */ readonly vpcSubnets?: SubnetSelection; /** * Security groups for VPC network mode. * * Attached to the AgentCore Runtime ENIs. Maximum 16 security groups. * * When both `securityGroups` and `AgentHostingConfig.network` are provided, * `securityGroups` takes precedence. * * @default - A new security group allowing all outbound traffic is created * from AgentHostingConfig.network if available */ readonly securityGroups?: ISecurityGroup[]; /** * Custom JWT authorizer configuration. * Omit for IAM-only auth. */ readonly customJwtAuthorizer?: AgentCoreJwtAuthorizerConfig; /** * Protocol configuration: 'HTTP' | 'MCP' | 'A2A'. * * @default 'HTTP' */ readonly protocolConfiguration?: string; /** * Runtime endpoint name. * * @default Auto-generated from agent name */ readonly endpointName?: string; } /** * AgentCore Runtime hosting adapter for InteractiveAgent. * * Deploys the agent as a container running on AgentCore Runtime (microVM). * Uses L1 constructs `CfnRuntime` and `CfnRuntimeEndpoint` from * `aws-cdk-lib/aws-bedrockagentcore`. * * ## Architecture * * ``` * Client → AgentCore Runtime Endpoint → Container (FastAPI on port 8080) → Bedrock * ``` * * ## Features * * - **Session Isolation**: microVM provides per-session isolation (no S3 session bucket needed) * - **Managed Infrastructure**: No Lambda cold starts or timeout limits * - **Multiple Protocols**: HTTP, MCP, or A2A protocol support * - **Container-Based**: Standard Docker image deployment * - **VPC Support**: Run inside a VPC with private subnets for network isolation * * ## Usage * * ```typescript * import { Asset } from 'aws-cdk-lib/aws-s3-assets'; * import { InteractiveAgent, AgentCoreRuntimeHostingAdapter, NetworkMode } from '@cdklabs/cdk-appmod-catalog-blueprints'; * * declare const myPrompt: Asset; * * new InteractiveAgent(this, 'Agent', { * agentName: 'MyChatbot', * agentDefinition: { bedrockModel: {}, systemPrompt: myPrompt }, * hostingAdapter: new AgentCoreRuntimeHostingAdapter({ * networkMode: NetworkMode.PUBLIC, * }), * }); * ``` */ export declare class AgentCoreRuntimeHostingAdapter implements IHostingAdapter { private readonly props; constructor(props?: AgentCoreRuntimeHostingAdapterProps); get servicePrincipal(): ServicePrincipal; /** * Deploy AgentCore Runtime hosting infrastructure. */ deploy(config: AgentHostingConfig): AgentHostingResult; } /** * Configuration properties for InteractiveAgent. * * Extends BaseAgentProps with communication, session, context, and authentication * strategy interfaces for building real-time conversational AI agents. */ export interface InteractiveAgentProps extends BaseAgentProps { /** * Hosting adapter for deploying the agent runtime. * * Use `LambdaHostingAdapter` for Lambda + API Gateway (default) or * `AgentCoreRuntimeHostingAdapter` for AgentCore Runtime hosting. * * When provided, `communicationAdapter`, `authenticator`, `memorySize`, * `timeout`, `architecture`, and `reservedConcurrentExecutions` props * are ignored (configure them on the adapter directly). * * @default LambdaHostingAdapter */ readonly hostingAdapter?: IHostingAdapter; /** * Communication adapter for client-agent interaction. * * @default StreamingHttpAdapter with CognitoAuthenticator */ readonly communicationAdapter?: ICommunicationAdapter; /** * Session store for persisting conversation state. * Set to undefined to disable session persistence (stateless mode). * * @default S3SessionManager with 24-hour TTL * @deprecated Session management is now handled by Strands-native `S3SessionManager`. * An S3 bucket is always created and passed as `SESSION_BUCKET` env var. */ readonly sessionStore?: ISessionStore; /** * S3 bucket for session storage (shorthand for S3SessionManager). * Ignored if sessionStore is provided. * * @default Auto-created bucket */ readonly sessionBucket?: IBucket; /** * Time-to-live for sessions. * * @default Duration.hours(24) */ readonly sessionTTL?: Duration; /** * Session index for fast user to session lookups. * Provides efficient querying of a user's sessions for listing and management. * * @default DynamoDBSessionIndex (auto-created) */ readonly sessionIndex?: ISessionIndex; /** * Context strategy for conversation history management. * * @default SlidingWindowConversationManager with 20 messages * @deprecated Conversation management is now handled by Strands-native * `SlidingWindowConversationManager` in the Python handler. */ readonly contextStrategy?: IContextStrategy; /** * Maximum number of messages to keep in conversation history. * Shorthand for SlidingWindowConversationManager windowSize. * Ignored if contextStrategy is provided. * * @default 20 * @deprecated Conversation windowing is now handled by Strands-native * `SlidingWindowConversationManager` in the Python handler (default: 20). */ readonly messageHistoryLimit?: number; /** * Authenticator for securing API endpoints. * * @default CognitoAuthenticator */ readonly authenticator?: IAuthenticator; /** * HTTP methods to allow in CORS preflight responses. * Use this to enable additional methods (GET, DELETE, PUT) for custom routes * added to the REST API. * * @default ['POST', 'OPTIONS'] */ readonly corsAllowMethods?: string[]; /** * Lambda function memory size in MB. * * @default 1024 */ readonly memorySize?: number; /** * Lambda function timeout. * * @default Duration.minutes(15) */ readonly timeout?: Duration; /** * Lambda function architecture. * * @default Architecture.X86_64 */ readonly architecture?: Architecture; /** * Reserved concurrent executions for the Lambda function. * * @default No reserved concurrency */ readonly reservedConcurrentExecutions?: number; } /** * Interactive Agent for real-time conversational AI with SSE streaming. * * Creates a complete serverless infrastructure for interactive AI conversations * using API Gateway REST API with response streaming, Lambda Web Adapter, * FastAPI, and standard Strands Agent. * * ## Architecture * * ``` * Client (fetch + ReadableStream) * ↓ POST /chat (Authorization: Bearer JWT) * API Gateway REST API (responseTransferMode: STREAM) * ↓ InvokeWithResponseStream * Lambda (Python + Lambda Web Adapter + FastAPI) * ↓ strands.Agent streaming * Amazon Bedrock (Claude) * ``` * * ## Features * * - **SSE Streaming**: Real-time token-by-token response streaming * - **15-Minute Timeout**: Extended timeout for long conversations * - **Session Management**: S3-based conversation persistence * - **Context Windowing**: Sliding window conversation history * - **Cognito Auth**: Native JWT validation on REST API * - **Strategy Interfaces**: Pluggable adapters for all components * - **Observability**: Lambda Powertools integration * * ## Usage * * ```typescript * import { Asset } from 'aws-cdk-lib/aws-s3-assets'; * import { InteractiveAgent } from '@cdklabs/cdk-appmod-catalog-blueprints'; * * const systemPrompt = new Asset(this, 'Prompt', { path: './prompt.txt' }); * * const agent = new InteractiveAgent(this, 'ChatAgent', { * agentName: 'MyChatbot', * agentDefinition: { * bedrockModel: { useCrossRegionInference: true }, * systemPrompt: systemPrompt, * }, * }); * * // Access outputs * agent.apiEndpoint; // REST API endpoint URL * agent.sessionBucket; // S3 session bucket * agent.authenticator; // Cognito authenticator (for User Pool info) * ``` */ export declare class InteractiveAgent extends BaseAgent { readonly agentFunction?: IFunction; readonly adapter?: ICommunicationAdapter; readonly sessionStore?: ISessionStore; readonly contextStrategy?: IContextStrategy; readonly authenticator?: IAuthenticator; readonly apiEndpoint: string; readonly sessionBucket?: IBucket; readonly cfnRuntime?: CfnRuntime; /** * The session index for fast user to session lookups. */ readonly sessionIndex?: ISessionIndex; /** * The REST API Gateway (only available when using LambdaHostingAdapter with StreamingHttpAdapter). */ readonly restApi?: RestApi; /** * The Cognito User Pools authorizer (only available when using LambdaHostingAdapter with CognitoAuthenticator). */ readonly cognitoAuthorizer?: CognitoUserPoolsAuthorizer; constructor(scope: Construct, id: string, props: InteractiveAgentProps); /** * Validates InteractiveAgent props. */ private validateProps; }