Skip to content

fix(patterns): align langgraph and strands agents with AG-UI docs#81

Closed
ranst91 wants to merge 2 commits intoawslabs:mainfrom
CopilotKit:fix/agui-impl-docs-alignment
Closed

fix(patterns): align langgraph and strands agents with AG-UI docs#81
ranst91 wants to merge 2 commits intoawslabs:mainfrom
CopilotKit:fix/agui-impl-docs-alignment

Conversation

@ranst91
Copy link
Copy Markdown

@ranst91 ranst91 commented Apr 3, 2026

Description of changes:
Both patterns were using the legacy HTTP streaming approach — parsing prompt/runtimeSessionId from the payload and yielding raw dicts — instead of the AG-UI protocol described in the AgentCore docs.

Switch to RunAgentInput as the input format and wrap agents with LangGraphAgent (ag_ui_langgraph) and StrandsAgent (ag_ui_strands) so both patterns produce proper AG-UI event streams when deployed with --protocol AGUI.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@ranst91
fix(patterns): align langgraph and strands agents with AG-UI docs
8ce5958 
Both patterns were using the legacy HTTP streaming approach — parsing
prompt/runtimeSessionId from the payload and yielding raw dicts — instead
of the AG-UI protocol described in the AgentCore docs.

Switch to RunAgentInput as the input format and wrap agents with
LangGraphAgent (ag_ui_langgraph) and StrandsAgent (ag_ui_strands) so both
patterns produce proper AG-UI event streams when deployed with --protocol AGUI.
@ranst91 ranst91 requested a review from a team April 3, 2026 17:09
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 3, 2026

Latest scan for commit: 8ce5958 | Updated: 2026-04-03 17:18:14 UTC

Security Scan Results

Scan Metadata

  • Project: ASH
  • Scan executed: 2026-04-03T17:17:55+00:00
  • ASH version: 3.2.2

Summary

Scanner Results

The table below shows findings by scanner, with status based on severity thresholds and dependencies:

Column Explanations:

Severity Levels (S/C/H/M/L/I):

  • Suppressed (S): Security findings that have been explicitly suppressed/ignored and don't affect the scanner's pass/fail status
  • Critical (C): The most severe security vulnerabilities requiring immediate remediation (e.g., SQL injection, remote code execution)
  • High (H): Serious security vulnerabilities that should be addressed promptly (e.g., authentication bypasses, privilege escalation)
  • Medium (M): Moderate security risks that should be addressed in normal development cycles (e.g., weak encryption, input validation issues)
  • Low (L): Minor security concerns with limited impact (e.g., information disclosure, weak recommendations)
  • Info (I): Informational findings for awareness with minimal security risk (e.g., code quality suggestions, best practice recommendations)

Other Columns:

  • Time: Duration taken by each scanner to complete its analysis
  • Action: Total number of actionable findings at or above the configured severity threshold that require attention

Scanner Results:

  • PASSED: Scanner found no security issues at or above the configured severity threshold - code is clean for this scanner
  • FAILED: Scanner found security vulnerabilities at or above the threshold that require attention and remediation
  • MISSING: Scanner could not run because required dependencies/tools are not installed or available
  • SKIPPED: Scanner was intentionally disabled or excluded from this scan
  • ERROR: Scanner encountered an execution error and could not complete successfully

Severity Thresholds (Thresh Column):

  • CRITICAL: Only Critical severity findings cause scanner to fail
  • HIGH: High and Critical severity findings cause scanner to fail
  • MEDIUM (MED): Medium, High, and Critical severity findings cause scanner to fail
  • LOW: Low, Medium, High, and Critical severity findings cause scanner to fail
  • ALL: Any finding of any severity level causes scanner to fail

Threshold Source: Values in parentheses indicate where the threshold is configured:

  • (g) = global: Set in the global_settings section of ASH configuration
  • (c) = config: Set in the individual scanner configuration section
  • (s) = scanner: Default threshold built into the scanner itself

Statistics calculation:

  • All statistics are calculated from the final aggregated SARIF report
  • Suppressed findings are counted separately and do not contribute to actionable findings
  • Scanner status is determined by comparing actionable findings to the threshold
Scanner S C H M L I Time Action Result Thresh
bandit 0 0 0 0 0 0 780ms 0 PASSED MED (g)
cdk-nag 0 0 0 0 0 0 36.1s 0 PASSED MED (g)
cfn-nag 0 0 0 0 0 0 6ms 0 PASSED MED (g)
checkov 0 0 0 0 0 0 5.3s 0 PASSED MED (g)
detect-secrets 0 0 0 0 0 0 168ms 0 PASSED MED (g)
grype 0 0 0 0 0 0 39.7s 0 PASSED MED (g)
npm-audit 0 0 0 0 0 0 352ms 0 PASSED MED (g)
opengrep 0 0 0 0 0 0 22.1s 0 PASSED MED (g)
semgrep 0 0 0 0 0 0 22.0s 0 PASSED MED (g)
syft 0 0 0 0 0 0 1.9s 0 PASSED MED (g)

@razkenari
Copy link
Copy Markdown
Contributor

razkenari commented Apr 3, 2026

@ranst91 The files in patterns/strands-single-agent and patterns/langgraph-single-agent are showing native Strands and LangGraph streaming implementations. The AG-UI patterns are in patterns/agui-langgraph-agent and patterns/agui-strands-agent. Please review those to see if any updates are needed based on this approach, and push changes to those patterns accordingly

@ranst91 ranst91 closed this Apr 6, 2026
@ranst91 ranst91 deleted the fix/agui-impl-docs-alignment branch April 6, 2026 10:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@razkenari razkenari

Labels

backend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ranst91 @razkenari