feat(aws): agentcore harness adapter#7287
Conversation
Add initial implementation of AgentCoreHarnessAdapter that implements AiFrameworkAdapter interface for AWS Bedrock AgentCore Harness integration. Components: - AgentCoreHarnessAiFrameworkChatResponse: Response record with session ID - HarnessMessageConverter: Converts Camunda messages to/from Harness format - HarnessToolConverter: Converts ToolDefinition to HarnessTool (inline_function) - AgentCoreHarnessAdapter: Main adapter calling InvokeHarness API The adapter uses inline_function tools so Harness returns tool calls back to Camunda for BPMN element activation, preserving visibility and control.
- Add AgentCoreHarnessJobWorker and AgentCoreHarnessRequest for ad-hoc subprocess - Add element template for 'AgentCore Managed Agent' in modeler - Wire up Spring bean configuration in AgenticAiConnectorsAutoConfiguration - Handle stopReason from Harness response (tool_use vs end_turn) - Filter tool calls to only activate BPMN elements for inline_function tools - Built-in tools (shell, browser) are executed by Harness internally - Add allowedTools support to scope which tools Harness can use - Add INFO logging for debugging Harness invocations
|
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| } | ||
|
|
||
| /** Accumulates data from streaming Harness response events. */ | ||
| private class HarnessResponseData { |
| textBuilder.append(text); | ||
| } | ||
|
|
||
| void startToolUse(HarnessContentBlock.Builder toolUseBuilder) { |
- Add HarnessToolConverterTest (7 tests) - Add HarnessMessageConverterTest (12 tests) - Cover tool definition conversion, message conversion, and error handling
| @@ -0,0 +1,247 @@ | |||
| { | |||
| "$schema": "https://unpkg.com/@camunda/zeebe-element-templates-json-schema/resources/schema.json", | |||
| "name": "AgentCore Managed Agent", | |||
There was a problem hiding this comment.
❓ should we name it Amazon Bedrock AgentCore Managed Agent?
There was a problem hiding this comment.
we should also highlight it as an Alpha Feature while the AgentCore Harness itself is still in Preview.
| "name": "AgentCore Managed Agent", | ||
| "id": "io.camunda.connectors.agenticai.agentcore.harness.v1", | ||
| "description": "Drive an AWS Bedrock AgentCore Harness through a re-entrant tool-call loop, exposing the AHSP inner elements as inline_function tools.", | ||
| "keywords": ["AI", "AI Agent", "AWS", "AgentCore", "Harness", "Bedrock"], |
There was a problem hiding this comment.
| "keywords": ["AI", "AI Agent", "AWS", "AgentCore", "Harness", "Bedrock"], | |
| "keywords": ["AI", "AI Agent", "Amazon", "AWS", "AgentCore", "Harness", "Bedrock"], |
🔧 we should add Amazon as a keyword
| "value": "bpmn:AdHocSubProcess" | ||
| }, | ||
| "engines": { | ||
| "camunda": "^8.9" |
There was a problem hiding this comment.
| "camunda": "^8.9" | |
| "camunda": "^8.10" |
| LOGGER.trace("Activating tool {}: {}", toolCall.metadata().name(), toolCall); | ||
| } else { | ||
| LOGGER.debug("Activating tool {}", toolCall.metadata().name()); | ||
| LOGGER.info("Activating tool {}", toolCall.metadata().name()); |
There was a problem hiding this comment.
❓ do we need that log on the info level?
There was a problem hiding this comment.
Reverted to debug. The info level was added during development for debugging
| AgentCoreHarnessJobWorker.USER_PROMPT_VARIABLE, | ||
| AgentCoreHarnessJobWorker.MAX_ITERATIONS_VARIABLE | ||
| }) | ||
| public class AgentCoreHarnessJobWorker implements AgentConnectorFunction { |
There was a problem hiding this comment.
🔧 we should actually start to call it AgentCoreHarnessSubProcess to begin getting rid of the JobWorker suffix.
There was a problem hiding this comment.
✅ . Renamed to AgentCoreHarnessSubProcess and updated constants from JOB_WORKER_NAME/TYPE to CONNECTOR_NAME/TYPE
| agentContext, | ||
| toolCallResults, | ||
| null, // provider is not used for Harness | ||
| new JobWorkerAgentRequestData( |
There was a problem hiding this comment.
💭 I think this shows that we need to adjust the JobWorkerExecutionContext to maybe have a different type of AgentRequest that it can carry, as currently you are glueing here a lot of data to a completely different execution model.
There was a problem hiding this comment.
True, this is a workaround to reuse the existing JobWorkerAgentRequestHandler. A cleaner approach would be to introduce a more generic AgentExecutionContext, or something that doesn't assume the Langchain provider model. I'd suggest we track this as a follow-up refactor to keep this PR focused on the Harness integration. WDYT?
| @NotBlank String harnessArn, String region, List<String> allowedTools) { | ||
|
|
||
| /** Extract region from ARN if not explicitly provided. */ | ||
| public String effectiveRegion() { |
There was a problem hiding this comment.
💭 Nice feature, but currently i think the region is an explicity and mandatory config param, which we should also enforce in such a case.
There was a problem hiding this comment.
The region inference from ARN was added for convenience since the ARN always contains the region (arn:aws:bedrock-agentcore:REGION:ACCOUNT:harness/NAME). But I can make it mandatory for consistency with other AWS connectors.
| updatedAgentContext, assistantMessage, sessionId); | ||
| } | ||
|
|
||
| private String getOrCreateSessionId(AgentContext agentContext) { |
There was a problem hiding this comment.
❓ Is the session subject to timeouts? Can we restore sessions or is it eternal until we close it?
There was a problem hiding this comment.
Per AWS documentation, the runtimeSessionId is used for conversation continuity within a Harness invocation session. The session is managed by Harness and persists across multiple InvokeHarness calls with the same session ID. I'll add a comment documenting this behavior. Regarding timeouts, this depends on the Harness config AWS, the session ID itself doesn't expire but the underlying Harness session may have idle timeouts configured.
| return responseData; | ||
| } | ||
|
|
||
| private AssistantMessage buildAssistantMessage( |
There was a problem hiding this comment.
🔧 Likely this should also move to the HarnessMessageConverter somehow
There was a problem hiding this comment.
Agreed. The challenge is that buildAssistantMessage needs access to inlineToolNames (the set of BPMN element names) to filter tool calls, which is context the converter doesn't currently have. I can either:
- Pass
inlineToolNamesas a parameter to the converter - Keep filtering in the adapter and move only the message building to the converter
WDYT?
| * @param toolUseBlock the Harness tool use block | ||
| * @return Camunda ToolCall | ||
| */ | ||
| public ToolCall toToolCall(HarnessToolUseBlock toolUseBlock) { |
There was a problem hiding this comment.
❓ Where is this method being used? I can't see it being used here besides the test class.
There was a problem hiding this comment.
You're right it was created anticipating we'd need to convert HarnessToolUseBlock from the response but we don't need it so I'll remove it.
| AwsBasicCredentials.create(staticAuth.accessKey(), staticAuth.secretKey()); | ||
| builder.credentialsProvider(StaticCredentialsProvider.create(credentials)); | ||
| } | ||
| case AwsAuthentication.AwsDefaultCredentialsChainAuthentication ignored -> |
| builder.credentialsProvider(StaticCredentialsProvider.create(credentials)); | ||
| } | ||
| case AwsAuthentication.AwsDefaultCredentialsChainAuthentication ignored -> | ||
| builder.credentialsProvider(DefaultCredentialsProvider.create()); |
| } | ||
| case AwsAuthentication.AwsDefaultCredentialsChainAuthentication ignored -> | ||
| builder.credentialsProvider(DefaultCredentialsProvider.create()); | ||
| case AwsAuthentication.AwsApiKeyAuthentication ignored -> |
- Rename template to 'Amazon Bedrock AgentCore Managed Agent (Alpha)' - Add [Alpha] prefix to description and 'Amazon' keyword - Update engine version to ^8.10 - Revert log level from INFO to DEBUG - Rename AgentCoreHarnessJobWorker to AgentCoreHarnessSubProcess - Add session timeout documentation comment - Remove unused toToolCall method from HarnessMessageConverter
tshepomaredi
force-pushed
the
tshepo-agentcore-harness-adapter
branch
from
228f99f to
aba3ff4
Compare
6 participants
Description
This PR adds AWS Bedrock AgentCore Harness integration to the agentic-ai framework, enabling BPMN ad-hoc subprocesses to use AWS-managed AI agents (AgentCore Harness) with full visibility of custom in-line tool calls as BPMN element activations.
Key features
Related issues
closes #
Checklist
release, as this branch will be rebased onto main before the next release. Example backport labels:
backport stable/8.8: for changes that should be included in the next 8.8.x release.backport release-8.8.7: for changes that should be included in the specific release 8.8.7, and thisrelease has already been created. The release branch will be merged back into stable/8.8 later, so the change
will be included in future 8.8.x releases as well.