Skip to content

feat(runtime): Add AG-UI examples with SSE and WebSocket demos#1139

Open
rajjainl wants to merge 9 commits intoawslabs:mainfrom
rajjainl:feat/09-ag-ui-examples
Open

feat(runtime): Add AG-UI examples with SSE and WebSocket demos#1139
rajjainl wants to merge 9 commits intoawslabs:mainfrom
rajjainl:feat/09-ag-ui-examples

Conversation

@rajjainl
Copy link
Contributor

@rajjainl rajjainl commented Mar 18, 2026

Add tutorial 09-ag-ui-examples demonstrating the AG-UI protocol on AgentCore Runtime with both Cognito/JWT and IAM/SigV4 authentication.

Includes:

  • Document co-authoring agent (FastAPI + Strands + ag-ui-strands)
  • Cognito notebook with SSE and WebSocket Bearer token demos
  • IAM notebook with SSE (SigV4 headers) and WebSocket (pre-signed URL) demos
  • Multi-turn interactive document co-authoring demo
  • Architecture diagrams for both auth flows and transports
  • README with AG-UI event reference and troubleshooting

Amazon Bedrock AgentCore Samples Pull Request

Important

  1. We strictly follow a issue-first approach, please first open an issue relating to this Pull Request.
  2. Once this Pull Request is ready for review please attach review ready label to it. Only PRs with review ready will be reviewed.

Issue number:

Concise description of the PR

Changes to ..., because ...

User experience

Please share what the user experience looks like before and after this change

Checklist

If your change doesn't seem to apply, please leave them unchecked.

  • I have reviewed the contributing guidelines
  • Add your name to CONTRIBUTORS.md
  • Have you checked to ensure there aren't other open Pull Requests for the same update/change?
  • Are you uploading a dataset?
  • Have you documented Introduction, Architecture Diagram, Prerequisites, Usage, Sample Prompts, and Clean Up steps in your example README?
  • I agree to resolve any issues created for this example in the future.
  • I have performed a self-review of this change
  • Changes have been tested
  • Changes are documented

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the project license.

@review-notebook-app
Copy link

review-notebook-app bot commented Mar 18, 2026

Check out this pull request on  ReviewNB

See visual diffs & provide feedback on Jupyter Notebooks.

Powered by ReviewNB

@github-actions github-actions bot added 01-tutorials 01-tutorials 01-AgentCore-runtime 01-tutorials/01-AgentCore-runtime labels Mar 18, 2026
@rajjainl
Copy link
Contributor Author

rajjainl commented Mar 18, 2026

Tagging @evandrofranco for the ag_ui notebook creation

rajjainl added 2 commits March 24, 2026 13:44
@rajjainl
feat(runtime): Add AG-UI examples with SSE and WebSocket demos
28d52cc 
Add tutorial 09-ag-ui-examples demonstrating the AG-UI protocol on
AgentCore Runtime with both Cognito/JWT and IAM/SigV4 authentication.

Includes:
- Document co-authoring agent (FastAPI + Strands + ag-ui-strands)
- Cognito notebook with SSE and WebSocket Bearer token demos
- IAM notebook with SSE (SigV4 headers) and WebSocket (pre-signed URL) demos
- Multi-turn interactive document co-authoring demo
- Architecture diagrams for both auth flows and transports
- README with AG-UI event reference and troubleshooting
@rajjainl
feat(runtime): Add AG-UI protocol examples as tutorial 10
cb1880b 
- Rename 09-ag-ui-examples to 10-ag-ui-examples (09 slot taken by execute-command)
- Remove hardcoded region_name=us-west-2 from BedrockModel, inherit from env
- Use DP variable for both SSE_URL and WS_URL consistently
- Regenerate architecture diagrams: single agent with tool boxes, proper auth flow
- Improved event flow as full flowchart with color-coded event categories
@rajjainl rajjainl force-pushed the feat/09-ag-ui-examples branch from 8e57d16 to cb1880b Compare March 24, 2026 20:45
@rajjainl
Copy link
Contributor Author

rajjainl commented Mar 24, 2026

@evandrofranco This is the latest PR

@github-actions
Copy link

github-actions bot commented Mar 24, 2026

Latest scan for commit: cb1880b | Updated: 2026-03-24 21:03:21 UTC

Security Scan Results

Scan Metadata

  • Project: ASH
  • Scan executed: 2026-03-24T21:03:07+00:00
  • ASH version: 3.0.0

Summary

Scanner Results

The table below shows findings by scanner, with status based on severity thresholds and dependencies:

Column Explanations:

Severity Levels (S/C/H/M/L/I):

  • Suppressed (S): Security findings that have been explicitly suppressed/ignored and don't affect the scanner's pass/fail status
  • Critical (C): The most severe security vulnerabilities requiring immediate remediation (e.g., SQL injection, remote code execution)
  • High (H): Serious security vulnerabilities that should be addressed promptly (e.g., authentication bypasses, privilege escalation)
  • Medium (M): Moderate security risks that should be addressed in normal development cycles (e.g., weak encryption, input validation issues)
  • Low (L): Minor security concerns with limited impact (e.g., information disclosure, weak recommendations)
  • Info (I): Informational findings for awareness with minimal security risk (e.g., code quality suggestions, best practice recommendations)

Other Columns:

  • Time: Duration taken by each scanner to complete its analysis
  • Action: Total number of actionable findings at or above the configured severity threshold that require attention

Scanner Results:

  • PASSED: Scanner found no security issues at or above the configured severity threshold - code is clean for this scanner
  • FAILED: Scanner found security vulnerabilities at or above the threshold that require attention and remediation
  • MISSING: Scanner could not run because required dependencies/tools are not installed or available
  • SKIPPED: Scanner was intentionally disabled or excluded from this scan
  • ERROR: Scanner encountered an execution error and could not complete successfully

Severity Thresholds (Thresh Column):

  • CRITICAL: Only Critical severity findings cause scanner to fail
  • HIGH: High and Critical severity findings cause scanner to fail
  • MEDIUM (MED): Medium, High, and Critical severity findings cause scanner to fail
  • LOW: Low, Medium, High, and Critical severity findings cause scanner to fail
  • ALL: Any finding of any severity level causes scanner to fail

Threshold Source: Values in parentheses indicate where the threshold is configured:

  • (g) = global: Set in the global_settings section of ASH configuration
  • (c) = config: Set in the individual scanner configuration section
  • (s) = scanner: Default threshold built into the scanner itself

Statistics calculation:

  • All statistics are calculated from the final aggregated SARIF report
  • Suppressed findings are counted separately and do not contribute to actionable findings
  • Scanner status is determined by comparing actionable findings to the threshold
Scanner S C H M L I Time Action Result Thresh
bandit 0 1 0 0 0 0 694ms 1 FAILED MED (g)
cdk-nag 0 0 0 0 0 0 30.1s 0 PASSED MED (g)
cfn-nag 0 0 0 0 0 0 8ms 0 PASSED MED (g)
checkov 0 0 0 0 0 0 4.6s 0 PASSED MED (g)
detect-secrets 0 0 0 0 0 0 690ms 0 PASSED MED (g)
grype 0 0 0 0 0 0 34.2s 0 PASSED MED (g)
npm-audit 0 0 0 0 0 0 169ms 0 PASSED MED (g)
opengrep 0 0 0 0 0 0 <1ms 0 SKIPPED MED (g)
semgrep 0 0 0 0 0 0 14.4s 0 PASSED MED (g)
syft 0 0 0 0 0 0 1.9s 0 PASSED MED (g)

Detailed Findings

Show 1 actionable findings

Finding 1: B104

  • Severity: HIGH
  • Scanner: bandit
  • Rule ID: B104
  • Location: 01-tutorials/01-AgentCore-runtime/10-ag-ui-examples/agui_agent.py:170-172

Description:
Possible binding to all interfaces.

Code Snippet:

if __name__ == "__main__":
    host = os.environ.get("AGENT_RUNTIME_HOST", "0.0.0.0")
    port = int(os.environ.get("AGENT_PORT", 8080))

Report generated by Automated Security Helper (ASH) at 2026-03-24T21:03:01+00:00

rajjainl added 7 commits March 24, 2026 14:25
@rajjainl
fix(runtime): Fix diagram edge labels overlapping with lines
ed667b1 
Use ortho splines and increased node spacing to prevent edges
cutting through label text in architecture diagrams.
@rajjainl
fix(runtime): Remove duplicate task label on Tool 2 edge to prevent o…
bb7e2d2 
…verlap
@rajjainl
fix(runtime): Place single 'tasks' label between tool boxes in diagrams
145deba
@rajjainl
fix(runtime): Suppress bandit B104 for container bind to 0.0.0.0
a25889c
@rajjainl
feat(runtime): Switch to direct_code_deploy, remove Docker/ECR depend…
33549f5 
…ency

- Use deployment_type=direct_code_deploy with runtime_type=PYTHON_3_13
- Remove auto_create_ecr from configure()
- Remove ECR cleanup from both notebooks
- Remove Docker from prerequisites
@rajjainl
refactor(runtime): Switch to direct_code_deploy, trim requirements, r…
0f57134 
…emove review cell

- Use direct_code_deploy with PYTHON_3_13 runtime type
- Trim requirements.txt to 5 essential packages
- Remove Review Agent Code section from both notebooks
- Install zip via sudo apt-get for SageMaker Studio compatibility
- Renumber notebook sections
@rajjainl
chore(runtime): Rename AG-UI examples from 10 to 11
1b5c9a0
evandrofranco
evandrofranco requested changes Mar 25, 2026
View reviewed changes
Copy link
Contributor

@evandrofranco evandrofranco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please take a look

01-tutorials/01-AgentCore-runtime/11-ag-ui-examples/hosting_agui_agent_cognito.ipynb
"id": "status",
"metadata": {},
"outputs": [],
"source": [
Copy link
Contributor

@evandrofranco evandrofranco Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can this block be simplified:

status_response = agentcore_runtime.status()
status = status_response.endpoint['status']
print(f'\n\u2705 Runtime status: {status}')

01-tutorials/01-AgentCore-runtime/11-ag-ui-examples/hosting_agui_agent_cognito.ipynb
"sys.path.insert(0, os.path.abspath(os.path.join('.', '..', '..')))\n",
"from utils import setup_cognito_user_pool\n",
"\n",
"cognito_config = setup_cognito_user_pool(pool_name='DocGeneratorPool')\n",
Copy link
Contributor

@evandrofranco evandrofranco Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add a markdown before this, explaining the helper util.py that we are using to create this?

01-tutorials/01-AgentCore-runtime/11-ag-ui-examples/hosting_agui_agent_cognito.ipynb
"\n",
"print(f'Status: {sr.get(\"status\")}')\n",
"print(f'Protocol: {sr.get(\"protocolConfiguration\", {})}')\n",
"print(f'Authorizer: {sr.get(\"authorizerConfiguration\", \"NOT SET\")}')\n",
Copy link
Contributor

@evandrofranco evandrofranco Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove this line.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@evandrofranco evandrofranco evandrofranco requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

01-AgentCore-runtime 01-tutorials/01-AgentCore-runtime 01-tutorials 01-tutorials

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rajjainl @evandrofranco