@@ -4,6 +4,50 @@ All notable changes to **agentlift** are documented here. The format follows
44[ Keep a Changelog] ( https://keepachangelog.com/ ) , and versions match the published PyPI
55releases and git tags ([ semantic versioning] ( https://semver.org/ ) ).
66
7+ ## [ 0.7.0] — 2026-06-05
8+
9+ ** AWS Bedrock AgentCore Runtime is now a live multi-agent hosted deploy** (Stage 2). Both
10+ AgentCore primitives are live-verified: the single-agent ** Harness** (0.6.0) and now the
11+ custom-container ** Runtime** . ` --mode auto ` routes a single agent → Harness and a multi-agent
12+ team → Runtime; mapping stays ** Claude-native** (no remap), with wire-shape receipts on Nova
13+ because Claude inference on Bedrock is a one-time per-account entitlement (Gate A), not a code gap.
14+
15+ ### Added
16+ - ** ` --mode runtime ` — live hosted multi-agent deploy.** `agentlift deploy --target bedrock
17+ --mode runtime` builds the ARM64 Strands/AgentCore container, creates the ECR repo + logs in +
18+ ` docker buildx --platform linux/arm64 --push ` , calls ** ` CreateAgentRuntime ` ** (PUBLIC network,
19+ HTTP ` serverProtocol ` , IAM-only — no JWT authorizer), polls READY, writes
20+ ` .agentlift-bedrock.json ` , and ** ` InvokeAgentRuntime ` ** . Gated by ` _RUNTIME_LIVE_VERIFIED `
21+ (now True) — a bare hosted create refused until a committed receipt.
22+ - ** Subagent delegation live-proven on a Nova receipt** (` tests/live/receipts/20260605-134012-runtime-bedrock ` ):
23+ a coordinator + 2 specialists where create + agent + ** delegation** are all PASS-EXERCISED (the
24+ coordinator's top-level trace named both specialists). A single-agent smoke
25+ (` 20260605-133821-runtime-bedrock ` ) separately got ** remote MCP PASS-EXERCISED** (an objective
26+ root-level ` docs_read_wiki_structure ` DeepWiki call).
27+ - ** Top-level tool-call trace in the generated handler** — returns ` {result, tool_calls?} ` where
28+ ` tool_calls ` is read from ` AgentResult.metrics.tool_metrics ` (fail-open: trace extraction never
29+ breaks the invocation), so the deploy receipt can prove delegation objectively.
30+ - The ` boto3 ` (` bedrock ` ) optional dependency now also covers the Runtime hosted deploy.
31+
32+ ### Changed
33+ - The bare ` agentlift deploy --target bedrock --mode runtime ` now ** deploys live** instead of
34+ refusing; ` --build-only ` still emits just the ARM64 container artifact (its ` NOTES.txt ` now
35+ points at the live hosted-create path).
36+ - ` .agentlift-bedrock.json ` (the Runtime lock) is now live-writing (spec hash → create/update/skip).
37+
38+ ### Notes / honest boundaries
39+ - ** The ` /invocations ` boundary.** ` InvokeAgentRuntime ` returns the container's app-defined JSON
40+ body, not a tool-event stream. So subagent delegation and ** root-level** skill/MCP calls are
41+ objective (PASS-EXERCISED), while a specialist's ** nested** skill/MCP calls don't cross the
42+ boundary → PASS-WIRED + text-corroborated (the runtime analogue of the Google
43+ ` AgentTool ` →` stream_query ` grounding-metadata caveat).
44+ - ** MCP per-tool-filter limitation narrowed.** The unenforced-` allowedTools ` limitation applies only
45+ to the ** direct ` remote_mcp ` attachment** path; for AgentCore ** Gateway** -fronted MCP, tool scoping
46+ is enforced server-side at the Gateway/Policy layer (AWS-documented; agentlift has not yet
47+ live-verified that path).
48+ - Runtime execution role needs: ` bedrock-agentcore.amazonaws.com ` trust (` aws:SourceAccount `
49+ condition — not a region-locked ` SourceArn ` ), ECR pull, ` bedrock:InvokeModel ` , CloudWatch Logs.
50+
751## [ 0.6.0] — 2026-06-05
852
953** AWS Bedrock AgentCore** joins the deploy targets, with two primitives behind ` --mode `
0 commit comments