feat(linear): resolve API token via AgentCore Identity (Phase 2.0a)

Migrates the agent runtime's Linear personal API token resolution from
AWS Secrets Manager to AWS Bedrock AgentCore Identity. This is the
"validate Identity SDK" step of the v2 plan; Phase 2.0b will swap the
API key for OAuth and converge Linear MCP onto AgentCore Gateway in
one cutover.

Per Alain's guidance: "start by using api key, if it works, switch to
oauth. you will setup an outbound auth for your server using agentcore
identity. that identity can be (AC identity is like a wrapper around
secrets manager) api key or oauth."

## Scope: agent runtime only

Lambdas (orchestrator + processor) intentionally keep using Secrets
Manager via the existing `LinearApiTokenSecret` for now. The Python
`bedrock_agentcore` SDK has no Node.js equivalent — Lambda migration
requires `@aws-sdk/client-bedrock-agentcore` raw API calls and folds
into 2.0b's bigger refactor. End-state of 2.0a: agent reads from
Identity, Lambdas read from Secrets Manager, both pointing at the same
underlying token value (admin populates both).

## What changed

`agent/src/config.py::resolve_linear_api_token`:

  - Drops boto3 SecretsManager fetch + `LINEAR_API_TOKEN_SECRET_ARN` env.
  - Reads new env `LINEAR_API_KEY_PROVIDER_NAME` (provider name in
    Identity vault).
  - Calls `IdentityClient.get_api_key()` with the workload access token
    auto-injected into `BedrockAgentCoreContext` by AgentCore Runtime
    (verified by reading the SDK's `auth.py` decorator implementation —
    no manual workload-identity mint needed inside the runtime).
  - Caches the resolved token in `LINEAR_API_TOKEN` so downstream
    consumers stay unchanged: `channel_mcp.py`'s `${LINEAR_API_TOKEN}`
    placeholder in `.mcp.json` and `linear_reactions.py`'s GraphQL
    Authorization header.

Preserves PR #87's nice-to-have improvements:

  - `ImportError` graceful fallback (now for `bedrock_agentcore` instead
    of `boto3`) — degrade with WARN, don't crash the agent.
  - `AccessDeniedException` and `ResourceNotFoundException` logged at
    ERROR severity (persistent IAM/config bugs that should page).
    Other ClientErrors stay at WARN (transient throttle/network).

`agent/pyproject.toml`: adds `bedrock-agentcore==1.9.1` dep.

`cdk/src/stacks/agent.ts`:

  - On the AgentCore runtime: drops `linearIntegration.apiTokenSecret.
    grantRead(runtime)` and the `LINEAR_API_TOKEN_SECRET_ARN` env-var
    override. Adds `LINEAR_API_KEY_PROVIDER_NAME` env (hardcoded
    `'linear-api-key'` for now; can parametrize later via context if
    multi-environment naming is needed) and IAM permissions for
    `bedrock-agentcore:GetResourceApiKey` and
    `bedrock-agentcore:GetWorkloadAccessToken`.
  - Lambdas (orchestrator + processor) untouched — they still grant on
    the Linear secret and read from Secrets Manager.
  - Resource scope on the new IAM is `*` for now; AgentCore Identity ARN
    format isn't fully standardized in public docs as of 2026-05-15.
    Tighten in 2.0b when OAuth migration documents the canonical
    resource shape.

`docs/guides/LINEAR_SETUP_GUIDE.md`: adds Step 4.5 documenting the
one-time `agentcore add credential --type api-key --name linear-api-key`
admin command users must run alongside the existing `bgagent linear
setup` wizard. Notes that Lambdas keep Secrets Manager temporarily and
2.0b will retire the dual-store setup. Starlight mirror synced.

## Tests

`agent/tests/test_config.py::TestResolveLinearApiToken` — 10 tests
covering: cached env var fast-path; missing provider name; missing
region; workload token absent (outside runtime); happy path with
env-var side-effect; botocore error swallowed with WARN; SDK returns
None defensively; ImportError fallback; AccessDeniedException → ERROR
severity; ResourceNotFoundException → ERROR severity.

542 agent / 1271 cdk / 196 cli, all green. Lint + typecheck clean.
CDK synth clean.

## Migration notes for reviewer

`bedrock_agentcore` SDK confirmed working in our runtime image (verified
in `node_modules` post-install). The `BedrockAgentCoreContext` workload
token auto-injection is documented behaviour for code running inside
AgentCore Runtime — verified by reading the SDK's `@requires_api_key`
decorator implementation, which uses the same context lookup we use
here.

Stacked on PR #87 (`feat/linear-processor-feedback`). Will conflict on
`config.py` and `test_config.py` if #87 needs further rework before
merge — happy to rebase.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: bgagent

agent/pyproject.toml

@@ -5,6 +5,7 @@ description = "Background coding agent — runs tasks in isolated cloud environm
 requires-python = ">=3.13"
 dependencies = [
     "boto3==1.43.6", #https://pypi.org/project/boto3/
+    "bedrock-agentcore==1.9.1", #https://pypi.org/project/bedrock-agentcore/
     "claude-agent-sdk==0.1.81", #https://github.com/anthropics/claude-agent-sdk-python
     "requests==2.34.0", #https://pypi.org/project/requests/
     "fastapi==0.136.1", #https://pypi.org/project/fastapi/

agent/src/config.py

@@ -39,54 +39,101 @@ def resolve_github_token() -> str:
 
 
 def resolve_linear_api_token() -> str:
-    """Resolve the Linear personal API token from Secrets Manager or env.
+    """Resolve the Linear personal API token via AgentCore Identity.
 
-    Mirrors ``resolve_github_token``: in deployed mode
-    ``LINEAR_API_TOKEN_SECRET_ARN`` is set and the token is fetched once
-    and cached in ``LINEAR_API_TOKEN``. For local development, falls back
-    to ``LINEAR_API_TOKEN`` directly.
+    In deployed mode, ``LINEAR_API_KEY_PROVIDER_NAME`` names a credential
+    provider in AgentCore Identity (the token vault). The agent runtime
+    auto-injects a workload access token into ``BedrockAgentCoreContext``;
+    we exchange that for the API key value and cache it in
+    ``LINEAR_API_TOKEN`` so downstream consumers (the Linear MCP's
+    ``${LINEAR_API_TOKEN}`` placeholder in ``.mcp.json`` and
+    ``linear_reactions.py``'s GraphQL Authorization header) keep working
+    unchanged.
 
-    Returns an empty string if the secret is absent or empty — the agent-side
+    For local development, falls back to a pre-set ``LINEAR_API_TOKEN``
+    env var so the agent can run outside AgentCore Runtime.
+
+    Returns an empty string if the credential is absent — the agent-side
     MCP config then renders with an unresolved ``${LINEAR_API_TOKEN}`` env
     placeholder, and the Linear MCP will reject the request (fail-closed).
     This function is only called when ``channel_source == 'linear'``.
+
+    Phase 2.0a: replaces the prior Secrets Manager path. Phase 2.0b will
+    swap this function entirely for the ``@requires_access_token`` OAuth
+    decorator pattern; this imperative shape exists because API keys
+    don't need refresh and the MCP config expects a static token.
     """
     cached = os.environ.get("LINEAR_API_TOKEN", "")
     if cached:
         return cached
-    secret_arn = os.environ.get("LINEAR_API_TOKEN_SECRET_ARN")
-    if not secret_arn:
+
+    provider_name = os.environ.get("LINEAR_API_KEY_PROVIDER_NAME")
+    if not provider_name:
         return ""
+
+    region = os.environ.get("AWS_REGION") or os.environ.get("AWS_DEFAULT_REGION")
+    if not region:
+        log("WARN", "resolve_linear_api_token: AWS_REGION not set; cannot resolve API key")
+        return ""
+
     try:
-        import boto3
+        import asyncio
+
+        from bedrock_agentcore.runtime import BedrockAgentCoreContext
+        from bedrock_agentcore.services.identity import IdentityClient
         from botocore.exceptions import BotoCoreError, ClientError
     except ImportError as e:
-        # boto3 missing from the container image — degrade gracefully rather
-        # than hard-crashing the agent. The Linear MCP will fail on first
-        # call with a clear auth error.
-        log("WARN", f"resolve_linear_api_token: boto3 unavailable ({e}); skipping")
+        # bedrock_agentcore SDK missing from the container image — degrade
+        # gracefully rather than hard-crashing the agent. The Linear MCP
+        # will fail on first call with a clear auth error.
+        log("WARN", f"resolve_linear_api_token: bedrock_agentcore unavailable ({e}); skipping")
         return ""
 
     try:
-        region = os.environ.get("AWS_REGION") or os.environ.get("AWS_DEFAULT_REGION")
-        client = boto3.client("secretsmanager", region_name=region)
-        resp = client.get_secret_value(SecretId=secret_arn)
-        token = resp.get("SecretString", "") or ""
+        workload_token = BedrockAgentCoreContext.get_workload_access_token()
+        if workload_token is None:
+            # Outside the AgentCore Runtime container (e.g. local dev). The
+            # SDK's `_set_up_local_auth` fallback writes `.agentcore.json`
+            # which doesn't fit our flow; bail out and let the caller see
+            # an empty token so the MCP config fails closed.
+            log(
+                "WARN",
+                "resolve_linear_api_token: workload access token not in context "
+                "(agent must run inside AgentCore Runtime, or set LINEAR_API_TOKEN "
+                "directly for local dev)",
+            )
+            return ""
+
+        client = IdentityClient(region=region)
+        token = (
+            asyncio.run(
+                client.get_api_key(
+                    provider_name=provider_name,
+                    agent_identity_token=workload_token,
+                )
+            )
+            or ""
+        )
         if token:
             os.environ["LINEAR_API_TOKEN"] = token
         return token
     except ClientError as e:
-        # Narrowed from a broader `except` per #63 review — broader catches
-        # hid genuine bugs in the Secrets Manager call shape. AccessDenied
-        # is logged at ERROR because it's a persistent IAM misconfig that
-        # should page someone, not a transient blip.
+        # Narrowed from a broader `except` per #63 review. AccessDenied is
+        # logged at ERROR because it's a persistent IAM misconfig (likely
+        # the runtime role missing bedrock-agentcore:GetResourceApiKey or
+        # GetWorkloadAccessToken) that should page someone, not a transient
+        # blip. ResourceNotFound (provider name unknown) is also persistent
+        # — same severity. Other ClientErrors are likely transient (throttle,
+        # network blip) and stay at WARN.
         code = e.response.get("Error", {}).get("Code", "")
-        severity = "ERROR" if code == "AccessDeniedException" else "WARN"
+        severity = (
+            "ERROR" if code in ("AccessDeniedException", "ResourceNotFoundException") else "WARN"
+        )
         log(severity, f"resolve_linear_api_token failed: {type(e).__name__}: {e}")
         return ""
     except BotoCoreError as e:
-        # Never let a Secrets Manager outage crash the agent. The Linear MCP
-        # will simply fail on first call with a clear auth error.
+        # Never let an Identity outage crash the agent. The Linear MCP will
+        # fail on first call with a clear auth error.
         log("WARN", f"resolve_linear_api_token failed: {type(e).__name__}: {e}")
         return ""