Feat/agui strands pattern

[razkenari]

Summary

Adds AG-UI protocol support to FAST with two new agent patterns (agui-strands-agent, agui-langgraph-agent), a shared frontend parser, and restructures the project layout for consistency across all patterns.

Changes

Commit 1: Restructure agent patterns and shared modules

• Rename patterns/ → agent_patterns/, gateway/ → agentcore_gateway/, tools/ → agentcore_tools/
• Rewrite strands-agent and langgraph-agent with consistent structure — each pattern now has its own tools/ module (gateway, code_interpreter) and imports shared utilities from utils/
• Pin all Python dependency versions with == in requirements.txt
• Fix existing ruff lint issues (import sorting, unused variables, f-string without placeholders)

Commit 2: Add AG-UI agent patterns and frontend support

• agui-strands-agent: Strands agent wrapped with ag-ui-strands (StrandsAgent). Creates agent per-request to ensure correct Memory scoping and fresh MCP connections.
• agui-langgraph-agent: LangGraph agent wrapped with copilotkit (LangGraphAGUIAgent). Uses ActorAwareLangGraphAgent subclass to rebuild the graph per-request for fresh Gateway tokens.
• Frontend AG-UI parser (parsers/agui.ts): Maps AG-UI events (TEXT_MESSAGE_CONTENT, TOOL_CALL_START, etc.) to the shared StreamEvent types. Auto-selected for any pattern with agui- prefix.
• AG-UI payload format: AgentCoreClient.invoke() automatically sends RunAgentInput (threadId, messages, runId) for agui-* patterns.
• Documentation: docs/AGUI_INTEGRATION.md — covers architecture, patterns, frontend integration, deployment, and CopilotKit reference.
• Bump CDK dependencies (@aws-cdk/aws-bedrock-agentcore-alpha, @aws-cdk/aws-bedrock-alpha)
• Add AGUI protocol comments in backend-stack.ts and config.yaml

Key design decisions

• Both AG-UI patterns use BedrockAgentCoreApp as the entrypoint (not standalone FastAPI), so AgentCore Runtime headers (WorkloadAccessToken, Authorization, Session-Id) are available for Gateway auth, Memory, and secure user identity extraction from JWT.
• AG-UI patterns deploy with HTTP protocol — AgentCore Runtime's AGUI protocol flag only changes error formatting (RUN_ERROR events vs HTTP error codes). The agent container handles AG-UI event formatting internally.
• One parser for all AG-UI patterns — both Strands and LangGraph AG-UI wrappers produce standard AG-UI events, so a single parseAguiChunk parser handles both.
• CopilotKit kept separate — CopilotKit is referenced in docs as an optional richer frontend.

Testing

• Deployed and validated both agui-strands-agent and agui-langgraph-agent patterns end-to-end (CDK deploy → AgentCore Runtime → Amplify frontend)
• Verified: text streaming, tool calls (Gateway + Code Interpreter), Memory persistence, user identity extraction

[github-actions]

Latest scan for commit: b0c7223 | Updated: 2026-03-21 18:00:30 UTC

Security Scan Results

Scan Metadata

• Project: ASH
• Scan executed: 2026-03-21T18:00:15+00:00
• ASH version: 3.2.2

Summary

Scanner Results

The table below shows findings by scanner, with status based on severity thresholds and dependencies:

Column Explanations:

Severity Levels (S/C/H/M/L/I):

• Suppressed (S): Security findings that have been explicitly suppressed/ignored and don't affect the scanner's pass/fail status
• Critical (C): The most severe security vulnerabilities requiring immediate remediation (e.g., SQL injection, remote code execution)
• High (H): Serious security vulnerabilities that should be addressed promptly (e.g., authentication bypasses, privilege escalation)
• Medium (M): Moderate security risks that should be addressed in normal development cycles (e.g., weak encryption, input validation issues)
• Low (L): Minor security concerns with limited impact (e.g., information disclosure, weak recommendations)
• Info (I): Informational findings for awareness with minimal security risk (e.g., code quality suggestions, best practice recommendations)

Other Columns:

• Time: Duration taken by each scanner to complete its analysis
• Action: Total number of actionable findings at or above the configured severity threshold that require attention

Scanner Results:

• PASSED: Scanner found no security issues at or above the configured severity threshold - code is clean for this scanner
• FAILED: Scanner found security vulnerabilities at or above the threshold that require attention and remediation
• MISSING: Scanner could not run because required dependencies/tools are not installed or available
• SKIPPED: Scanner was intentionally disabled or excluded from this scan
• ERROR: Scanner encountered an execution error and could not complete successfully

Severity Thresholds (Thresh Column):

• CRITICAL: Only Critical severity findings cause scanner to fail
• HIGH: High and Critical severity findings cause scanner to fail
• MEDIUM (MED): Medium, High, and Critical severity findings cause scanner to fail
• LOW: Low, Medium, High, and Critical severity findings cause scanner to fail
• ALL: Any finding of any severity level causes scanner to fail

Threshold Source: Values in parentheses indicate where the threshold is configured:

• (g) = global: Set in the global_settings section of ASH configuration
• (c) = config: Set in the individual scanner configuration section
• (s) = scanner: Default threshold built into the scanner itself

Statistics calculation:

• All statistics are calculated from the final aggregated SARIF report
• Suppressed findings are counted separately and do not contribute to actionable findings
• Scanner status is determined by comparing actionable findings to the threshold

Scanner	S	C	H	M	L	I	Time	Action	Result	Thresh
bandit	0	0	0	0	0	0	701ms	0	PASSED	MED (g)
cdk-nag	0	0	0	0	0	0	41.4s	0	PASSED	MED (g)
cfn-nag	0	0	0	0	0	0	590ms	0	PASSED	MED (g)
checkov	0	0	0	0	0	0	6.5s	0	PASSED	MED (g)
detect-secrets	0	0	0	0	0	0	1.0s	0	PASSED	MED (g)
grype	0	1	0	1	0	0	43.8s	2	FAILED	MED (g)
npm-audit	0	0	0	0	0	0	1.1s	0	PASSED	MED (g)
opengrep	0	9	0	0	0	0	28.9s	9	FAILED	MED (g)
semgrep	0	9	0	0	0	0	20.4s	9	FAILED	MED (g)
syft	0	0	0	0	0	0	2.3s	0	PASSED	MED (g)

Detailed Findings

Show 20 actionable findings

Finding 1: python.jwt.security.unverified-jwt-decode.unverified-jwt-decode

• Severity: HIGH
• Scanner: semgrep
• Rule ID: python.jwt.security.unverified-jwt-decode.unverified-jwt-decode
• Location: agent_patterns/utils/auth.py:66

Description:
Detected JWT token decoded with 'verify=False'. This bypasses any integrity checks for the token which means the token could be tampered with by malicious actors. Ensure that the JWT token is verified.

Code Snippet:

options={"verify_signature": False},

---

Finding 2: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal

• Severity: HIGH
• Scanner: semgrep
• Rule ID: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
• Location: infra-cdk/lib/backend-stack.ts:126

Description:
Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Code Snippet:

const patternDir = path.join(repoRoot, "patterns", pattern)

---

Finding 3: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal

• Severity: HIGH
• Scanner: semgrep
• Rule ID: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
• Location: infra-cdk/lib/backend-stack.ts:154

Description:
Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Code Snippet:

const content = fs.readFileSync(path.join(patternDir, file))

---

Finding 4: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal

• Severity: HIGH
• Scanner: semgrep
• Rule ID: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
• Location: infra-cdk/lib/backend-stack.ts:154

Description:
Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Code Snippet:

const content = fs.readFileSync(path.join(patternDir, file))

---

Finding 5: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal

• Severity: HIGH
• Scanner: semgrep
• Rule ID: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
• Location: infra-cdk/lib/backend-stack.ts:168

Description:
Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Code Snippet:

const requirementsPath = path.join(patternDir, "requirements.txt")

---

Finding 6: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal

• Severity: HIGH
• Scanner: semgrep
• Rule ID: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
• Location: infra-cdk/lib/backend-stack.ts:1005

Description:
Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Code Snippet:

const fullPath = path.join(dirPath, entry.name)

---

Finding 7: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal

• Severity: HIGH
• Scanner: semgrep
• Rule ID: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
• Location: infra-cdk/lib/backend-stack.ts:1005

Description:
Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Code Snippet:

const fullPath = path.join(dirPath, entry.name)

---

Finding 8: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal

• Severity: HIGH
• Scanner: semgrep
• Rule ID: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
• Location: infra-cdk/lib/backend-stack.ts:1006

Description:
Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Code Snippet:

const relativePath = path.join(prefix, entry.name)

---

Finding 9: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal

• Severity: HIGH
• Scanner: semgrep
• Rule ID: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
• Location: infra-cdk/lib/backend-stack.ts:1006

Description:
Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Code Snippet:

const relativePath = path.join(prefix, entry.name)

---

Finding 10: python.jwt.security.unverified-jwt-decode.unverified-jwt-decode

• Severity: HIGH
• Scanner: opengrep
• Rule ID: python.jwt.security.unverified-jwt-decode.unverified-jwt-decode
• Location: agent_patterns/utils/auth.py:66

Description:
Detected JWT token decoded with 'verify=False'. This bypasses any integrity checks for the token which means the token could be tampered with by malicious actors. Ensure that the JWT token is verified.

Code Snippet:

options={"verify_signature": False},

---

Finding 11: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal

• Severity: HIGH
• Scanner: opengrep
• Rule ID: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
• Location: infra-cdk/lib/backend-stack.ts:126

Description:
Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Code Snippet:

const patternDir = path.join(repoRoot, "patterns", pattern)

---

Finding 12: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal

• Severity: HIGH
• Scanner: opengrep
• Rule ID: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
• Location: infra-cdk/lib/backend-stack.ts:154

Description:
Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Code Snippet:

const content = fs.readFileSync(path.join(patternDir, file))

---

Finding 13: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal

• Severity: HIGH
• Scanner: opengrep
• Rule ID: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
• Location: infra-cdk/lib/backend-stack.ts:154

Description:
Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Code Snippet:

const content = fs.readFileSync(path.join(patternDir, file))

---

Finding 14: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal

• Severity: HIGH
• Scanner: opengrep
• Rule ID: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
• Location: infra-cdk/lib/backend-stack.ts:168

Description:
Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Code Snippet:

const requirementsPath = path.join(patternDir, "requirements.txt")

---

Finding 15: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal

• Severity: HIGH
• Scanner: opengrep
• Rule ID: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
• Location: infra-cdk/lib/backend-stack.ts:1005

Description:
Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Code Snippet:

const fullPath = path.join(dirPath, entry.name)

---

Finding 16: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal

• Severity: HIGH
• Scanner: opengrep
• Rule ID: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
• Location: infra-cdk/lib/backend-stack.ts:1005

Description:
Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Code Snippet:

const fullPath = path.join(dirPath, entry.name)

---

Finding 17: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal

• Severity: HIGH
• Scanner: opengrep
• Rule ID: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
• Location: infra-cdk/lib/backend-stack.ts:1006

Description:
Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Code Snippet:

const relativePath = path.join(prefix, entry.name)

---

Finding 18: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal

• Severity: HIGH
• Scanner: opengrep
• Rule ID: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
• Location: infra-cdk/lib/backend-stack.ts:1006

Description:
Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Code Snippet:

const relativePath = path.join(prefix, entry.name)

---

Finding 19: GHSA-8gc5-j5rx-235r-fast-xml-parser

• Severity: HIGH
• Scanner: grype
• Rule ID: GHSA-8gc5-j5rx-235r-fast-xml-parser
• Location: infra-cdk/package-lock.json:1

Description:
A high vulnerability in npm package: fast-xml-parser, version 5.4.1 was found at: /infra-cdk/package-lock.json

---

Finding 20: GHSA-jp2q-39xq-3w4g-fast-xml-parser

• Severity: MEDIUM
• Scanner: grype
• Rule ID: GHSA-jp2q-39xq-3w4g-fast-xml-parser
• Location: infra-cdk/package-lock.json:1

Description:
A medium vulnerability in npm package: fast-xml-parser, version 5.4.1 was found at: /infra-cdk/package-lock.json

---

Report generated by Automated Security Helper (ASH) at 2026-03-21T18:00:09+00:00