aegis-bedrock 1.1.1

AWS Bedrock Agents governance middleware for Aegis ACP

aegis-bedrock

AWS Bedrock Agents governance middleware for Aegis ACP. Intercepts invoke_agent action-group calls and consults Aegis /execute before any tool runs — same SDK contract as aegis-anthropic and aegis-openai.

Install

pip install "aegis-bedrock[bedrock]"

Use

Drop-in replacement for boto3.client("bedrock-agent-runtime"):

from aegis_bedrock import AegisBedrockAgentRuntime

client = AegisBedrockAgentRuntime(
    aegis_key="acp_…",
    aegis_url="https://ha.aegisagent.in",
    tenant_id="00000000-0000-0000-0000-000000000001",
    agent_id="<your-aegis-agent-id>",
    region_name="us-east-1",          # standard boto3 kwarg
)

response = client.invoke_agent(
    agentId="…",
    agentAliasId="…",
    sessionId="…",
    inputText="Find the customer that owes the most.",
)

Every Bedrock action-group invocation is checked by Aegis before the underlying lambda fires. Blocked actions are replaced with a text-only response explaining the denial; the buyer's Bedrock agent sees a clean governance message instead of a side-effecting tool call.

What Aegis governs

Bedrock primitive	Aegis maps to	Notes
Action group invocation	tool.<action_name>	arguments = the JSON parameter block
Knowledge-base query	tool.kb_search	arguments = {query, retrievalConfiguration}
Code-interpreter call	tool.python_exec	arguments.code is the Python body

The same per-tool ALLOW grants you've already configured for your Aegis agent are honoured by Bedrock calls — no separate Bedrock permission model.

Standard wrapper guarantees

• Verdicts are pre-checked. A blocked tool never invokes the lambda / knowledge base / interpreter.
• HTML 403 (WAFv2) surfaces as findings=["waf_blocked"], same as the other SDKs.
• JSON parse / network errors fail closed (action="deny").