feat: runtime inbound auth (Custom JWT) for agents (#657)

* test: add integ tests for evaluator and online-eval resource lifecycle

* test: remove redundant levels/rating-scales section

* refactor: type readProjectConfig return as AgentCoreProjectSpec

* refactor(schema): extract shared auth schemas to auth.ts

Move JWT authorizer schemas (GatewayAuthorizerTypeSchema,
CustomJwtAuthorizerConfigSchema, etc.) from mcp.ts into a dedicated
auth.ts module. Add RuntimeAuthorizerTypeSchema (AWS_IAM | CUSTOM_JWT)
for Runtime resources. The resource-agnostic AuthorizerConfigSchema
replaces GatewayAuthorizerConfigSchema (kept as deprecated alias).

* refactor(tui): extract JWT config components to shared module

Move JWT authorizer TUI components from AddGatewayScreen into
src/cli/tui/components/jwt-config/:
- types.ts: shared types and constants
- CustomClaimForm.tsx: single claim tab-field form
- CustomClaimsManager.tsx: CRUD for custom claims
- JwtConfigInput.tsx: main JWT config component
- useJwtConfigFlow.ts: hook for JWT wizard state management

AddGatewayScreen now uses the shared useJwtConfigFlow hook and
JwtConfigInput component.

* refactor(primitives): extract shared auth utilities from GatewayPrimitive

Extract buildAuthorizerConfigFromJwtConfig and createManagedOAuthCredential
into auth-utils.ts so they can be reused by AgentPrimitive for Runtime
inbound auth. GatewayPrimitive now imports these shared functions instead
of defining them as private methods.

* refactor(validation): extract shared JWT authorizer validation

Extract JWT validation logic from validateAddGatewayOptions into a
reusable validateJwtAuthorizerOptions function in auth-options.ts.
This enables reuse by the agent command for Runtime inbound auth.

* feat(schema): add authorizerType and authorizerConfiguration to AgentEnvSpec

Add Runtime inbound auth fields to the agent schema. Supports AWS_IAM
(default) and CUSTOM_JWT authorizer types with cross-field validation
ensuring authorizerConfiguration is required for CUSTOM_JWT.

* feat(tui): add inbound auth step to BYO agent wizard

Add authorizerType selection and JWT config flow to the BYO agent
creation wizard. Users can choose between AWS_IAM (default) and
CUSTOM_JWT with full OIDC configuration including discovery URL,
audience/client/scope constraints, and custom claims.

* feat(cli): wire Runtime inbound auth to AgentPrimitive and CLI flags

Add --authorizer-type, --discovery-url, --allowed-audience, --allowed-clients,
--allowed-scopes, --custom-claims, --client-id, and --client-secret CLI flags
to `agentcore add agent`. Wire auth options through to the BYO path for
authorizer configuration building and OAuth credential auto-creation.

Add validation for agent auth options reusing shared validateJwtAuthorizerOptions.

* fix(tui): add missing OAuth credential creation in BYO agent path

The TUI BYO path silently discarded OAuth client credentials when
CUSTOM_JWT was selected. Now calls createManagedOAuthCredential to
persist the credential and write secrets to .env, matching the CLI path.

* test(integ): add integration tests for agent inbound auth CLI flags

Tests adding BYO agents with CUSTOM_JWT authorizer via CLI, including:
- Audience constraints, client/scope constraints, custom claims
- OAuth credential auto-creation with .env secrets
- Default AWS_IAM behavior
- Validation of missing discovery URL, missing constraints, misplaced client credentials

* feat(tui): add inbound auth to all agent paths (create, BYO, import)

Add authorizerType and jwtConfig steps to the GenerateWizard (create/template
path) and import path, matching existing BYO path support. Auth config is
persisted to agentcore.json via schema-mapper. OAuth credential is auto-created
for CUSTOM_JWT in all three paths.

Also fix request header allowlist TextInput to allow empty submission (skip),
and add E2E test for BYO custom JWT auth flow with real Cognito.

* fix: wire auth config through useCreateFlow (agentcore create path)

The create command's useCreateFlow.ts duplicates agent creation logic
from useAddAgent.ts but was missing authorizerType/jwtConfig in the
GenerateConfig, import params, and OAuth credential creation for all
three sub-paths (create, import, BYO).

* feat(invoke): add bearer token auth for CUSTOM_JWT agents

Add thin HTTP invoke client that bypasses SigV4 when a bearer token is
provided, supporting agents configured with CUSTOM_JWT authorizers.

- Add --bearer-token CLI flag to invoke command
- Add bearer token input to invoke TUI (auto-prompts for CUSTOM_JWT agents,
  press T to set/change token in chat mode)
- Build invokeWithBearerToken and invokeWithBearerTokenStreaming HTTP clients
  with SSE parsing matching the SDK streaming pattern
- Wire bearerToken through InvokeOptions, useInvokeFlow, and InvokeScreen
- Expose authorizerType in invoke flow config for agent auth detection

* revert: remove allowEmpty from requestHeaderAllowlist TextInputs

Being handled separately by another agent.

* feat(invoke): auto-fetch OAuth token for CUSTOM_JWT agents

Extract shared OAuth client_credentials flow from fetchGatewayToken into
oauth-token.ts (fetchOAuthToken), then add fetchRuntimeToken for agents.

TUI: auto-fetches token on agent selection for CUSTOM_JWT agents. Shows
fetch status in header (fetching/fetched/error). Press R to refresh, T
for manual entry. Falls back to manual input on fetch failure.

CLI: auto-fetches token when --bearer-token is not provided and agent
has CUSTOM_JWT auth. Surfaces clear error with manual fallback hint.

* fix(invoke): silently skip token auto-fetch when no OAuth credential exists

Add canFetchRuntimeToken pre-check that verifies the managed OAuth
credential and client secret exist before attempting the fetch. When
credentials aren't configured, the TUI shows the manual token prompt
(T key) without an error, and the CLI proceeds without a token.

* fix(invoke): use Ctrl+T and Ctrl+R for token shortcuts

Plain T/R conflict with typing those characters in chat mode.

* refactor(invoke): replace key shortcuts with dedicated token screen

Instead of Ctrl+T/Ctrl+R shortcuts in chat mode (which conflict with
terminal input), show a dedicated bearer token screen before chat when
a CUSTOM_JWT agent is selected. The screen auto-populates with a
fetched token if OAuth credentials are configured, otherwise shows an
empty field for the user to paste into. Enter confirms, Esc skips.

* feat(fetch): extend fetch access to support agents

Add --type flag to agentcore fetch access (gateway | agent). When
--type agent is used, performs OAuth client_credentials flow for the
agent's CUSTOM_JWT credential instead of a gateway.

Usage: agentcore fetch access --type agent --name MyAgent [--json]

* feat(tui): extend fetch access screen to support both gateways and agents

The TUI fetch access screen previously only listed gateways. Now it loads
both gateways and agents, shows the resource type in the picker, and
dispatches to the correct token fetcher based on resource type.

* fix(tui): handle agent fetch access gracefully without OAuth credentials

For agents, use canFetchRuntimeToken pre-check before attempting token
fetch. AWS_IAM agents show auth guidance without fetching. CUSTOM_JWT
agents without managed credentials show a message instead of erroring.

* fix(tui): gate auth screen behind advanced config and fix lint errors

Auth type selection (CUSTOM_JWT vs AWS_IAM) now only appears when the
user selects advanced config in the generate wizard and BYO agent paths.
Skipping advanced goes directly to confirm with default AWS_IAM auth.

Also fixes 4 lint errors: unused import, optional chain preferences,
and unsafe argument type cast.

* fix(tui): fetch agent token directly instead of pre-check in fetch access

The canFetchRuntimeToken pre-check swallows all errors and returns false,
which incorrectly showed "no managed OAuth credential" even when one was
configured. For the fetch access screen (explicit user action), call
fetchRuntimeToken directly and let real errors surface in the error phase.
The pre-check remains in the invoke flow where silent skip is desired.

* fix(fetch): use _CLIENT_SECRET suffix when reading OAuth secret from env

The write path stores secrets as AGENTCORE_CREDENTIAL_{NAME}_CLIENT_SECRET
but the read path was looking for AGENTCORE_CREDENTIAL_{NAME} without the
suffix, causing token fetch to always fail with "Client secret not found".

* fix(ci): add @aws-sdk/client-cognito-identity-provider dev dependency

The e2e test for BYO custom JWT imports this SDK but it wasn't in package.json,
causing typecheck to fail in CI.

* style: fix prettier formatting across all changed files

* fix: wire auth config through handleCreatePath for template agents

handleCreatePath was silently dropping auth options (authorizerType,
discoveryUrl, etc.) because generateConfig didn't include them. This
meant `agentcore add agent --type create --authorizer-type CUSTOM_JWT`
would succeed but write agentcore.json without auth fields.

Fixes: pass authorizerType and jwtConfig into generateConfig so
mapGenerateConfigToAgent picks them up. Also fixes misleading comment
in validate.ts that said auth validation was BYO-only.

---------

Co-authored-by: Harrison Weinstock <hkobew@amazon.com>

Author: tejaskash

e2e-tests/byo-custom-jwt.test.ts

@@ -0,0 +1,271 @@
+/**
+ * E2E test: BYO agent with CUSTOM_JWT inbound auth (Cognito).
+ *
+ * Creates a Cognito user pool as the OIDC provider, deploys a BYO agent
+ * configured with CUSTOM_JWT authorizer, and verifies that:
+ * - Deploy succeeds with AuthorizerConfiguration in the CloudFormation template
+ * - SigV4 invocation is rejected (auth method mismatch)
+ * - Status reports the agent as deployed
+ *
+ * Unlike other E2E tests that use the globally installed CLI, this test uses
+ * the local build (`runCLI`) because it exercises unreleased schema and CDK
+ * changes. Set CDK_TARBALL to a path to the modified CDK package tarball.
+ *
+ * Requires: AWS credentials, npm, git, uv, CDK_TARBALL env var.
+ */
+import {
+  type RunResult,
+  hasAwsCredentials,
+  parseJsonOutput,
+  prereqs,
+  runCLI,
+  stripAnsi,
+} from '../src/test-utils/index.js';
+import { CloudFormationClient, GetTemplateCommand } from '@aws-sdk/client-cloudformation';
+import {
+  CognitoIdentityProviderClient,
+  CreateResourceServerCommand,
+  CreateUserPoolClientCommand,
+  CreateUserPoolCommand,
+  CreateUserPoolDomainCommand,
+  DeleteResourceServerCommand,
+  DeleteUserPoolCommand,
+  DeleteUserPoolDomainCommand,
+} from '@aws-sdk/client-cognito-identity-provider';
+import { execSync } from 'node:child_process';
+import { randomUUID } from 'node:crypto';
+import { mkdir, readFile, rm, writeFile } from 'node:fs/promises';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { afterAll, beforeAll, describe, expect, it } from 'vitest';
+
+const hasAws = hasAwsCredentials();
+const hasCdkTarball = !!process.env.CDK_TARBALL;
+const canRun = prereqs.npm && prereqs.git && prereqs.uv && hasAws && hasCdkTarball;
+const region = process.env.AWS_REGION ?? 'us-east-1';
+
+/**
+ * Run the local CLI build without skipping install (needed for deploy).
+ */
+function runLocalCLI(args: string[], cwd: string): Promise<RunResult> {
+  return runCLI(args, cwd, /* skipInstall */ false);
+}
+
+describe.sequential('e2e: BYO agent with CUSTOM_JWT auth', () => {
+  let testDir: string;
+  let projectPath: string;
+  let agentName: string;
+
+  // Cognito resources
+  let userPoolId: string;
+  let clientId: string;
+  let domainPrefix: string;
+  let discoveryUrl: string;
+
+  const cognitoClient = new CognitoIdentityProviderClient({ region });
+  const cfnClient = new CloudFormationClient({ region });
+
+  beforeAll(async () => {
+    if (!canRun) return;
+
+    // ── Create Cognito user pool as OIDC provider ──
+    const suffix = randomUUID().slice(0, 8);
+    const poolName = `agentcore-e2e-jwt-${suffix}`;
+    domainPrefix = `agentcore-e2e-jwt-${suffix}`;
+
+    const poolResult = await cognitoClient.send(new CreateUserPoolCommand({ PoolName: poolName }));
+    userPoolId = poolResult.UserPool!.Id!;
+
+    await cognitoClient.send(new CreateUserPoolDomainCommand({ UserPoolId: userPoolId, Domain: domainPrefix }));
+
+    await cognitoClient.send(
+      new CreateResourceServerCommand({
+        UserPoolId: userPoolId,
+        Identifier: 'agentcore',
+        Name: 'AgentCore API',
+        Scopes: [{ ScopeName: 'invoke', ScopeDescription: 'Invoke the runtime' }],
+      })
+    );
+
+    const clientResult = await cognitoClient.send(
+      new CreateUserPoolClientCommand({
+        UserPoolId: userPoolId,
+        ClientName: 'e2e-test-client',
+        GenerateSecret: true,
+        AllowedOAuthFlows: ['client_credentials'],
+        AllowedOAuthScopes: ['agentcore/invoke'],
+        AllowedOAuthFlowsUserPoolClient: true,
+        ExplicitAuthFlows: ['ALLOW_REFRESH_TOKEN_AUTH'],
+      })
+    );
+    clientId = clientResult.UserPoolClient!.ClientId!;
+
+    discoveryUrl = `https://cognito-idp.${region}.amazonaws.com/${userPoolId}/.well-known/openid-configuration`;
+
+    // ── Create test project using local CLI build ──
+    testDir = join(tmpdir(), `agentcore-e2e-jwt-${randomUUID()}`);
+    await mkdir(testDir, { recursive: true });
+
+    agentName = `E2eJwt${String(Date.now()).slice(-8)}`;
+    const createResult = await runLocalCLI(
+      [
+        'create',
+        '--name',
+        agentName,
+        '--language',
+        'Python',
+        '--framework',
+        'Strands',
+        '--model-provider',
+        'Bedrock',
+        '--memory',
+        'none',
+        '--json',
+      ],
+      testDir
+    );
+    expect(createResult.exitCode, `Create failed: ${createResult.stderr}`).toBe(0);
+    const createJson = parseJsonOutput(createResult.stdout) as { projectPath: string };
+    projectPath = createJson.projectPath;
+
+    // Write AWS targets
+    const account =
+      process.env.AWS_ACCOUNT_ID ??
+      execSync('aws sts get-caller-identity --query Account --output text').toString().trim();
+    await writeFile(
+      join(projectPath, 'agentcore', 'aws-targets.json'),
+      JSON.stringify([{ name: 'default', account, region }])
+    );
+
+    // Install modified CDK tarball (required for auth fields support)
+    execSync(`npm install -f ${process.env.CDK_TARBALL}`, {
+      cwd: join(projectPath, 'agentcore', 'cdk'),
+      stdio: 'pipe',
+    });
+
+    // ── Patch agent with CUSTOM_JWT auth ──
+    const specPath = join(projectPath, 'agentcore', 'agentcore.json');
+    const spec = JSON.parse(await readFile(specPath, 'utf8'));
+    const agent = spec.agents[0];
+    agent.authorizerType = 'CUSTOM_JWT';
+    agent.authorizerConfiguration = {
+      customJwtAuthorizer: {
+        discoveryUrl,
+        allowedAudience: [clientId],
+      },
+    };
+    await writeFile(specPath, JSON.stringify(spec, null, 2));
+  }, 300000);
+
+  afterAll(async () => {
+    if (!canRun) return;
+
+    // ── Tear down deployed stack ──
+    if (projectPath) {
+      try {
+        await runLocalCLI(['remove', 'all', '--json'], projectPath);
+        await runLocalCLI(['deploy', '--yes', '--json'], projectPath);
+      } catch {
+        // Best-effort cleanup
+      }
+    }
+
+    // ── Delete Cognito resources ──
+    if (userPoolId) {
+      try {
+        await cognitoClient.send(new DeleteResourceServerCommand({ UserPoolId: userPoolId, Identifier: 'agentcore' }));
+      } catch {
+        /* best-effort */
+      }
+      try {
+        await cognitoClient.send(new DeleteUserPoolDomainCommand({ UserPoolId: userPoolId, Domain: domainPrefix }));
+      } catch {
+        /* best-effort */
+      }
+      try {
+        await cognitoClient.send(new DeleteUserPoolCommand({ UserPoolId: userPoolId }));
+      } catch {
+        /* best-effort */
+      }
+    }
+
+    // ── Clean up temp directory ──
+    if (testDir) {
+      await rm(testDir, { recursive: true, force: true, maxRetries: 3, retryDelay: 1000 });
+    }
+  }, 600000);
+
+  it.skipIf(!canRun)(
+    'deploys with CUSTOM_JWT authorizer configuration',
+    async () => {
+      expect(projectPath, 'Project should have been created').toBeTruthy();
+
+      const result = await runLocalCLI(['deploy', '--yes', '--json'], projectPath);
+
+      if (result.exitCode !== 0) {
+        console.log('Deploy stdout:', result.stdout);
+        console.log('Deploy stderr:', result.stderr);
+      }
+
+      expect(result.exitCode, `Deploy failed: ${result.stderr}`).toBe(0);
+
+      const json = parseJsonOutput(result.stdout) as { success: boolean; stackName: string };
+      expect(json.success, 'Deploy should report success').toBe(true);
+
+      // Verify CloudFormation template contains AuthorizerConfiguration
+      const templateResult = await cfnClient.send(new GetTemplateCommand({ StackName: json.stackName }));
+      const template = JSON.parse(templateResult.TemplateBody!) as {
+        Resources: Record<string, { Type: string; Properties: Record<string, unknown> }>;
+      };
+
+      const runtimeResource = Object.values(template.Resources).find(r => r.Type === 'AWS::BedrockAgentCore::Runtime');
+      expect(runtimeResource, 'Template should contain a Runtime resource').toBeDefined();
+
+      const props = runtimeResource!.Properties;
+      const authConfig = props.AuthorizerConfiguration as {
+        CustomJWTAuthorizer: { DiscoveryUrl: string; AllowedAudience: string[] };
+      };
+      expect(authConfig, 'Runtime should have AuthorizerConfiguration').toBeDefined();
+      expect(authConfig.CustomJWTAuthorizer.DiscoveryUrl).toBe(discoveryUrl);
+      expect(authConfig.CustomJWTAuthorizer.AllowedAudience).toContain(clientId);
+    },
+    600000
+  );
+
+  it.skipIf(!canRun)(
+    'rejects SigV4 invocation (auth method mismatch)',
+    async () => {
+      expect(projectPath, 'Project should have been deployed').toBeTruthy();
+
+      // The CLI uses SigV4 by default — a CUSTOM_JWT runtime should reject it
+      const result = await runLocalCLI(
+        ['invoke', '--prompt', 'Say hello', '--agent', agentName, '--json'],
+        projectPath
+      );
+
+      // Expect failure due to auth method mismatch
+      const output = stripAnsi(result.stdout + result.stderr);
+      expect(output).toMatch(/[Aa]uthoriz(ation|er).*mismatch|different.*authorization/i);
+    },
+    180000
+  );
+
+  it.skipIf(!canRun)(
+    'status shows the deployed agent',
+    async () => {
+      const result = await runLocalCLI(['status', '--json'], projectPath);
+      expect(result.exitCode, `Status failed: ${result.stderr}`).toBe(0);
+
+      const json = parseJsonOutput(result.stdout) as {
+        success: boolean;
+        resources: { resourceType: string; name: string; deploymentState: string }[];
+      };
+      expect(json.success).toBe(true);
+
+      const agent = json.resources.find(r => r.resourceType === 'agent' && r.name === agentName);
+      expect(agent, `Agent "${agentName}" should appear in status`).toBeDefined();
+      expect(agent!.deploymentState).toBe('deployed');
+    },
+    120000
+  );
+});