Skip to content

Release 1.0.0-beta.23: Voice streaming, multi-agent architecture, Age…#198

Merged
colinmxs merged 1 commit into
developfrom
main
Apr 30, 2026
Merged

Release 1.0.0-beta.23: Voice streaming, multi-agent architecture, Age…#198
colinmxs merged 1 commit into
developfrom
main

Conversation

@colinmxs

Copy link
Copy Markdown
Contributor

…ntCore Identity connectors, E2E testing

Voice Mode — Bidirectional Audio Streaming:

  • VoiceAgent with Nova Sonic 2 via Strands BidiAgent
  • WebSocket endpoint at /voice/stream with JWT auth
  • Frontend voice overlay with AudioWorklet mic capture, gapless PCM playback, and state machine (idle → connecting → listening → speaking)
  • Voice-text continuity loads prior text session history into voice context
  • Accept-first WebSocket pattern aligned with AgentCore reference architecture

Multi-Agent Architecture:

  • BaseAgent ABC → ChatAgent → MainAgent hierarchy with factory registry
  • create_agent(agent_type) routes requests at runtime (chat, skill, voice)
  • SkillAgent with three-level progressive skill disclosure (catalog → SKILL.md dispatch → tool execution)
  • Approval hooks for dangerous tool operations via BeforeToolCallEvent
  • Environment variables and magic strings centralized into config/constants.py

External MCP Connectors via AgentCore Identity:

  • Replaces bespoke OAuth token vault (DynamoDB + KMS + Secrets Manager) with AgentCore Identity managed credential providers
  • AgentCoreContextMiddleware bridges Runtime headers into BedrockAgentCoreContext
  • oauth_required SSE event + frontend consent popup flow
  • Shared CfnWorkloadIdentity between app-api and inference-api for unified token vault keying
  • Admin UI rebranded from OAuth Providers to Connectors
  • Legacy OAuth service, token cache, encryption layer, and user routes deleted

Per-Tool MCP Approval Gate:

  • MCPExternalApprovalHook driven by per-tool needs_approval flags in catalog
  • tool_approval_required SSE event with inline approve/decline prompt
  • Admin tool discovery endpoint for MCP server tool listing
  • PendingInterrupt rehydration on page refresh

Tool Catalog Simplification:

  • DynamoDB as single source of truth; "Sync from Registry" removed
  • ToolAccessService sourced from TTL-cached DynamoDB snapshot
  • Bootstrap script seeds code-defined tools; admins add rest via form

E2E Testing:

  • 3,400+ lines of Playwright specs across 12 test files
  • Cognito user provisioning for nightly runs (seed-e2e-users.sh)
  • Dynamic CloudFront URL discovery and callback URL registration

Bug Fixes:

  • Duplicate sidebar entries from ensure_session_metadata_exists put_item race
  • OAuth2CallbackUrl query string rejected by middleware redirect-pivot guard
  • Workload identity service-linking preventing cross-service token minting
  • CloudFormation GetAtt on nested WorkloadIdentityDetails attribute
  • Delete-failed document state resilience

UI:

  • Copy agent response button
  • Markdown links open in new tab (target="_blank", rel="noopener noreferrer")
  • ngx-markdown link security against reverse-tabnabbing

Dependencies (Dependabot):

  • fastapi 0.135.3→0.136.1, uvicorn 0.44.0→0.46.0, boto3 1.42.83→1.42.96
  • strands-agents 1.34.1→1.37.0, strands-agents-tools 0.3.0→0.5.1
  • bedrock-agentcore 1.6.0→1.6.4, authlib 1.6.9→1.7.0
  • openai 2.30.0→2.32.0, google-genai 1.70.0→1.73.1
  • ruff 0.15.9→0.15.12, mypy 1.20.0→1.20.2, hypothesis 6.151.11→6.152.3
  • trivy-action 0.35.0→0.36.0, actions/cache 5.0.4→5.0.5
  • docker/build-push-action 7.0.0→7.1.0, actions/setup-node 6.3.0→6.4.0

252 files changed, 23,296 insertions(+), 7,999 deletions(-)

…ntCore Identity connectors, E2E testing

Voice Mode — Bidirectional Audio Streaming:
- VoiceAgent with Nova Sonic 2 via Strands BidiAgent
- WebSocket endpoint at /voice/stream with JWT auth
- Frontend voice overlay with AudioWorklet mic capture, gapless PCM playback,
  and state machine (idle → connecting → listening → speaking)
- Voice-text continuity loads prior text session history into voice context
- Accept-first WebSocket pattern aligned with AgentCore reference architecture

Multi-Agent Architecture:
- BaseAgent ABC → ChatAgent → MainAgent hierarchy with factory registry
- create_agent(agent_type) routes requests at runtime (chat, skill, voice)
- SkillAgent with three-level progressive skill disclosure
  (catalog → SKILL.md dispatch → tool execution)
- Approval hooks for dangerous tool operations via BeforeToolCallEvent
- Environment variables and magic strings centralized into config/constants.py

External MCP Connectors via AgentCore Identity:
- Replaces bespoke OAuth token vault (DynamoDB + KMS + Secrets Manager)
  with AgentCore Identity managed credential providers
- AgentCoreContextMiddleware bridges Runtime headers into BedrockAgentCoreContext
- oauth_required SSE event + frontend consent popup flow
- Shared CfnWorkloadIdentity between app-api and inference-api for unified
  token vault keying
- Admin UI rebranded from OAuth Providers to Connectors
- Legacy OAuth service, token cache, encryption layer, and user routes deleted

Per-Tool MCP Approval Gate:
- MCPExternalApprovalHook driven by per-tool needs_approval flags in catalog
- tool_approval_required SSE event with inline approve/decline prompt
- Admin tool discovery endpoint for MCP server tool listing
- PendingInterrupt rehydration on page refresh

Tool Catalog Simplification:
- DynamoDB as single source of truth; "Sync from Registry" removed
- ToolAccessService sourced from TTL-cached DynamoDB snapshot
- Bootstrap script seeds code-defined tools; admins add rest via form

E2E Testing:
- 3,400+ lines of Playwright specs across 12 test files
- Cognito user provisioning for nightly runs (seed-e2e-users.sh)
- Dynamic CloudFront URL discovery and callback URL registration

Bug Fixes:
- Duplicate sidebar entries from ensure_session_metadata_exists put_item race
- OAuth2CallbackUrl query string rejected by middleware redirect-pivot guard
- Workload identity service-linking preventing cross-service token minting
- CloudFormation GetAtt on nested WorkloadIdentityDetails attribute
- Delete-failed document state resilience

UI:
- Copy agent response button
- Markdown links open in new tab (target="_blank", rel="noopener noreferrer")
- ngx-markdown link security against reverse-tabnabbing

Dependencies (Dependabot):
- fastapi 0.135.3→0.136.1, uvicorn 0.44.0→0.46.0, boto3 1.42.83→1.42.96
- strands-agents 1.34.1→1.37.0, strands-agents-tools 0.3.0→0.5.1
- bedrock-agentcore 1.6.0→1.6.4, authlib 1.6.9→1.7.0
- openai 2.30.0→2.32.0, google-genai 1.70.0→1.73.1
- ruff 0.15.9→0.15.12, mypy 1.20.0→1.20.2, hypothesis 6.151.11→6.152.3
- trivy-action 0.35.0→0.36.0, actions/cache 5.0.4→5.0.5
- docker/build-push-action 7.0.0→7.1.0, actions/setup-node 6.3.0→6.4.0

252 files changed, 23,296 insertions(+), 7,999 deletions(-)
@colinmxs colinmxs merged commit 5764775 into develop Apr 30, 2026
62 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant