Skip to content

Commit 574b205

Browse files
feat: add FargateAgentStack as alternative compute backend
Add a new CDK stack that runs autonomous coding agents on AWS Fargate, orchestrated by Step Functions, as an alternative to AgentCore Runtime. Key changes: - Expose shared resources from AgentStack as public properties - Add FargateAgentCluster construct (ECS cluster, task def, ARM64 container) - Add TaskStepFunction construct (Step Functions state machine with Load → Admit → Hydrate → Transition → RunFargate → Finalize flow) - Add 6 thin Lambda handlers for Step Functions steps - Add VPC endpoints for ECS and Step Functions - Wire FargateAgentStack into main.ts alongside existing AgentStack - Self-install trivy in security:image task to avoid GitHub API rate limits
1 parent 03b8c83 commit 574b205

31 files changed

Lines changed: 3346 additions & 56 deletions

.github/workflows/build.yml

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.projenrc.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,7 @@ const project = new awscdk.AwsCdkTypeScriptApp({
8080
],
8181
buildWorkflowOptions: {
8282
env: {
83-
GITHUB_TOKEN: '${{ secrets.PROJEN_GITHUB_TOKEN }}',
83+
GITHUB_TOKEN: '${{ secrets.PROJEN_GITHUB_TOKEN || github.token }}',
8484
},
8585
},
8686
gitignore: [

agent/mise.toml

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,6 @@ semgrep = "latest"
77
uv = "latest"
88
"grype" = "0.109.0"
99
osv-scanner = "latest"
10-
"aqua:aquasecurity/trivy" = "0.69.2"
1110

1211
[env]
1312
_.python.venv = { path = ".venv", create = true }
@@ -75,10 +74,15 @@ run = [
7574

7675
[tasks."security:image"]
7776
description = "Scan container image with trivy"
78-
run = [
79-
"docker image inspect bgagent-local:latest >/dev/null 2>&1 || (ARCH=\"$(uname -m)\"; PLATFORM=\"linux/arm64\"; if [ \"$ARCH\" = \"x86_64\" ]; then PLATFORM=\"linux/amd64\"; fi; docker build --build-arg TARGETPLATFORM=\"$PLATFORM\" --build-arg CACHE_BUST=\"$(date +%s)\" -t bgagent-local:latest .)",
80-
"trivy image --scanners vuln --ignore-unfixed --ignorefile .trivyignore --severity HIGH,CRITICAL --exit-code 1 bgagent-local:latest",
81-
]
77+
run = '''
78+
#!/usr/bin/env bash
79+
set -euo pipefail
80+
TRIVY_VERSION=v0.69.2
81+
export PATH="$HOME/.local/bin:$PATH"
82+
command -v trivy >/dev/null 2>&1 || (mkdir -p "$HOME/.local/bin" && curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b "$HOME/.local/bin" "$TRIVY_VERSION")
83+
docker image inspect bgagent-local:latest >/dev/null 2>&1 || (ARCH="$(uname -m)"; PLATFORM="linux/arm64"; if [ "$ARCH" = "x86_64" ]; then PLATFORM="linux/amd64"; fi; docker build --build-arg TARGETPLATFORM="$PLATFORM" --build-arg CACHE_BUST="$(date +%s)" -t bgagent-local:latest .)
84+
trivy image --scanners vuln --ignore-unfixed --ignorefile .trivyignore --severity HIGH,CRITICAL --exit-code 1 bgagent-local:latest
85+
'''
8286

8387
[tasks.quality]
8488
description = "Run quality checks"

docs/.gitattributes

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

docs/.gitignore

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

docs/.projen/files.json

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

docs/design/FARGATE_STACK.md

Lines changed: 661 additions & 0 deletions
Large diffs are not rendered by default.

docs/src/content/docs/design/Fargate-stack.md

Lines changed: 665 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

docs/src/content/docs/roadmap/Roadmap.md

Lines changed: 21 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/constructs/agent-vpc.ts

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -134,6 +134,10 @@ export class AgentVpc extends Construct {
134134
{ id: 'BedrockRuntimeEndpoint', service: ec2.InterfaceVpcEndpointAwsService.BEDROCK_RUNTIME },
135135
{ id: 'StsEndpoint', service: ec2.InterfaceVpcEndpointAwsService.STS },
136136
{ id: 'XRayEndpoint', service: ec2.InterfaceVpcEndpointAwsService.XRAY },
137+
{ id: 'EcsEndpoint', service: ec2.InterfaceVpcEndpointAwsService.ECS },
138+
{ id: 'EcsAgentEndpoint', service: ec2.InterfaceVpcEndpointAwsService.ECS_AGENT },
139+
{ id: 'EcsTelemetryEndpoint', service: ec2.InterfaceVpcEndpointAwsService.ECS_TELEMETRY },
140+
{ id: 'StepFunctionsEndpoint', service: ec2.InterfaceVpcEndpointAwsService.STEP_FUNCTIONS },
137141
];
138142

139143
for (const ep of interfaceEndpoints) {

0 commit comments

Comments
 (0)