Metadata-Version: 2.4
Name: aegis-bedrock
Version: 1.1.5
Summary: AWS Bedrock Agents governance middleware for Aegis ACP (maintenance-only — Anthropic SDK is the active hero)
Home-page: https://github.com/Abhi-mishra998/aegis
Author: Aegis ACP
License: Apache-2.0
Project-URL: Homepage, https://github.com/Abhi-mishra998/aegis
Project-URL: Documentation, https://github.com/Abhi-mishra998/aegis/blob/main/integrations/aegis-bedrock/README.md
Project-URL: Repository, https://github.com/Abhi-mishra998/aegis
Project-URL: Bug Tracker, https://github.com/Abhi-mishra998/aegis/issues
Keywords: ai,governance,bedrock,aws,security,aegis,guardrails,tool-use
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Information Technology
Classifier: Topic :: Security
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: httpx>=0.25
Provides-Extra: bedrock
Requires-Dist: boto3>=1.34; extra == "bedrock"
Dynamic: author
Dynamic: classifier
Dynamic: description
Dynamic: description-content-type
Dynamic: home-page
Dynamic: keywords
Dynamic: license
Dynamic: license-file
Dynamic: project-url
Dynamic: provides-extra
Dynamic: requires-dist
Dynamic: requires-python
Dynamic: summary

# aegis-bedrock

> ⚠️ **Sprint 25 freeze (2026-06-26):** `aegis-bedrock` is now **maintenance-only**. The Aegis team has narrowed focus to a single hero SDK, `aegis-anthropic`, while we drive design-partner revenue. `aegis-bedrock` continues to receive **security patches** but **no new features** until further notice. The drop-in Bedrock contract below remains fully supported against the canonical `/execute` API; you can keep using it in production.

AWS Bedrock Agents governance middleware for Aegis ACP. Intercepts
`invoke_agent` action-group calls and consults Aegis `/execute` before any
tool runs — same SDK contract as `aegis-anthropic` and `aegis-openai`.

## Install

```bash
pip install "aegis-bedrock[bedrock]"
```

## Use

Drop-in replacement for `boto3.client("bedrock-agent-runtime")`:

```python
from aegis_bedrock import AegisBedrockAgentRuntime

client = AegisBedrockAgentRuntime(
    aegis_key="acp_…",
    aegis_url="https://aegisagent.in",
    tenant_id="00000000-0000-0000-0000-000000000001",
    agent_id="<your-aegis-agent-id>",
    region_name="us-east-1",          # standard boto3 kwarg
)

response = client.invoke_agent(
    agentId="…",
    agentAliasId="…",
    sessionId="…",
    inputText="Find the customer that owes the most.",
)
```

Every Bedrock action-group invocation is checked by Aegis before the
underlying lambda fires. Blocked actions are replaced with a text-only
response explaining the denial; the buyer's Bedrock agent sees a clean
governance message instead of a side-effecting tool call.

## What Aegis governs

| Bedrock primitive | Aegis maps to | Notes |
|---|---|---|
| Action group invocation | `tool.<action_name>` | `arguments` = the JSON parameter block |
| Knowledge-base query | `tool.kb_search` | `arguments` = `{query, retrievalConfiguration}` |
| Code-interpreter call | `tool.python_exec` | `arguments.code` is the Python body |

The same per-tool ALLOW grants you've already configured for your Aegis
agent are honoured by Bedrock calls — no separate Bedrock permission
model.

## Standard wrapper guarantees

* Verdicts are pre-checked. A blocked tool never invokes the lambda /
  knowledge base / interpreter.
* HTML 403 (WAFv2) surfaces as `findings=["waf_blocked"]`, same as the
  other SDKs.
* JSON parse / network errors fail closed (`action="deny"`).
