Bump version to 0.4.0

Author: kaleko

CHANGELOG.md

@@ -7,8 +7,25 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.4.0] - 2026-03-12
+
 ### Added
 
+- Claude Agent SDK agent pattern (`patterns/claude-agent-sdk/`) with single-agent and multi-agent variants
+- AgentCore client library (`frontend/src/lib/agentcore-client/`) with SSE streaming and parsers for Strands, LangGraph, and Bedrock Converse agents
+- Inline tool call rendering with message segments approach in the frontend
+- Markdown rendering with syntax highlighting and copy button for chat messages
+- Tool renderer registry and default `ToolCallDisplay` component for extensible tool output rendering
+- Streaming documentation update (`docs/STREAMING.md`) with new parser architecture and event flow
+- Local Docker testing for AgentCore with Docker Compose support (`docker/`)
+- GitHub repo-stats workflow for daily traffic tracking
+- ASH (Automated Security Helper) scan workflows for PR and full repository scanning
+- Dependabot auto-merge and PR labeler GitHub Actions workflows
+- JS/TS and Python linting workflows for pull requests
+- Prettier configuration and formatting for frontend source files
+- Prettier added to Makefile lint pipeline and frontend dev dependencies
+- READMEs for strands, langgraph, and claude-agent-sdk agent patterns
+- Permission boundary for CodeBuild temporary IAM role
 - VPC deployment mode (`network_mode: VPC`) for deploying AgentCore Runtime into an existing user-provided VPC for private network isolation
 - VPC configuration in `config.yaml` with `vpc_id`, `subnet_ids`, and optional `security_group_ids`
 - VPC configuration validation in `ConfigManager` for required fields when VPC mode is enabled
@@ -17,6 +34,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - CodeBuild-based deployment script (`scripts/deploy-with-codebuild.py`) that enables deploying FAST without requiring Docker
 - [Terraform] Full Terraform infrastructure alternative to CDK (`infra-terraform/`) with modules for Amplify Hosting, Cognito, and Backend (Runtime, Gateway, Memory, Feedback API, SSM)
 - [Terraform] Support for both Docker and Zip deployment types via `deployment_type` variable
+- [Terraform] OAuth2 Credential Provider support
+- [Terraform] VPC deployment mode with input/output parity to CDK
 - [Terraform] Dedicated scripts for frontend deployment (`deploy-frontend.py`, `deploy-frontend.sh`), Docker image build (`build-and-push-image.sh`), and agent testing (`test-agent.py`)
 - [Terraform] S3 backend configuration example (`backend.tf.example`) for remote state management
 - [Terraform] Version bump playbook (`TF_VERSION_BUMP_PLAYBOOK.md`) with independent versioning scheme
@@ -32,6 +51,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
+- Removed `userId` from client invocation — user identity now extracted server-side from JWT to prevent impersonation via prompt injection
+- Split claude-agent-sdk into single-agent and multi-agent pattern variants
+- Frontend switched from `access_token` to `id_token` for AgentCore authentication (`access_token` lacks required `aud` claim)
+- Removed old JS service files, replaced by new `agentcore-client` library
 - Migrated Gateway authentication to AgentCore SDK `@requires_access_token` decorator
 - Simplified agent code in `patterns/strands-single-agent/basic_agent.py` and `patterns/langgraph-single-agent/langgraph_agent.py`
 - Use `cr.Provider` pattern for OAuth2 provider to avoid IAM propagation delays
@@ -41,6 +64,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Moved Secrets Manager permissions from base `AgentCoreRole` utility class to backend-stack.ts for better separation of concerns
 - Updated `README.md` to reference new architecture diagram and clarify OAuth2 M2M authentication flow descriptions
 - Updated `test-scripts/README.md` to remove Docker container testing documentation
+- Updated contributing docs to use `main` branch instead of `develop`
 
 ### Removed
 
@@ -50,16 +74,36 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Manual token fetching logic from agent code
 - Direct Secrets Manager access from agents
 - Wildcard Secrets Manager IAM permissions from base `AgentCoreRole` utility class
+- Old JS service files (replaced by `agentcore-client` library)
 
 ### Fixed
 
+- LangGraph plain string content handling in `AIMessageChunk`
+- Test-agent `user_id` bug, added streaming parser and dynamic tool name lookup to test scripts
+- Frontend build issues: unused `sessionId` param and excluded test directory from `tsc`
+- Repo-stats workflow failing on forks
+- Real VPC/subnet IDs replaced with placeholders in `config.yaml`
+- Backend agent entrypoints
+- Docker Compose v2 syntax and outdated `userId` references in docs
+- JWT auth compatibility, Vite host binding, and credential docs
 - Stale token errors in agents by implementing fresh token retrieval on MCP Gateway reconnection (Strands) and per-request (LangGraph)
 - IAM permission scoping to prevent overly broad wildcard access
+- Removed `iam:PutRolePolicy` from CodeBuild permission boundary, added `cdk bootstrap`, fixed region detection
+- Resolved all ESLint warnings in frontend
+- CI: pinned `tj-actions/changed-files` to SHA and bumped Node to 20
 
 ### Security
 
 - Enhanced security by delegating OAuth2 token management to AgentCore Identity service
 - Improved token lifecycle management with automatic refresh and error handling via Token Vault
+- Bumped `hono` from 4.11.9 to 4.12.7 in frontend
+- Bumped `@hono/node-server` in frontend
+- Bumped `rollup` from 4.56.0 to 4.59.0 in frontend
+- Bumped `minimatch` in frontend and `aws-cdk-lib` in infra-cdk
+- Bumped `fast-xml-parser` and `@aws-sdk/xml-builder` in frontend and infra-cdk
+- Bumped `qs` from 6.14.1 to 6.14.2 in frontend
+- Bumped `langgraph` in patterns/langgraph-single-agent
+- Bumped `@aws-sdk/client-bedrock-agentcore` in infra-cdk
 
 ## [0.3.1] - 2026-02-11
 

VERSION

@@ -1 +1 @@
-0.3.1
+0.4.0

frontend/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "fullstack-agentcore-solution-template-frontend",
-  "version": "0.3.1",
+  "version": "0.4.0",
   "private": true,
   "scripts": {
     "dev": "vite",

frontend/package.json

@@ -13,7 +13,6 @@ interface ChatMessageProps {
   onFeedbackSubmit: (feedbackType: "positive" | "negative", comment: string) => Promise<void>
 }
 
-// eslint-disable-next-line @typescript-eslint/no-unused-vars
 export function ChatMessage({
   message,
   sessionId: _sessionId,

frontend/src/components/chat/ChatMessage.tsx

@@ -18,7 +18,7 @@ export class FastMainStack extends cdk.Stack {
 
   constructor(scope: Construct, id: string, props: FastAmplifyStackProps) {
     const description =
-      "Fullstack AgentCore Solution Template - Main Stack (v0.3.1) (uksb-v6dos0t5g8)"
+      "Fullstack AgentCore Solution Template - Main Stack (v0.4.0) (uksb-v6dos0t5g8)"
     super(scope, id, { ...props, description })
 
     // Step 1: Create the Amplify stack to get the predictable domain

infra-cdk/lib/fast-main-stack.ts

@@ -1,6 +1,6 @@
 {
   "name": "fast-cdk",
-  "version": "0.3.1",
+  "version": "0.4.0",
   "bin": {
     "fast-cdk": "bin/fast-cdk.js"
   },

infra-cdk/package-lock.json

@@ -1 +1 @@
-0.3.1-tf.0
+0.4.0-tf.0

infra-cdk/package.json

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "fullstack-agentcore-solution-template"
-version = "0.3.1"
+version = "0.4.0"
 description = "Fullstack AgentCore Solution Template - A template for building AgentCore applications"
 readme = "README.md"
 license = { text = "Apache-2.0" }