Skip to content

Commit 931a3f4

Browse files
aidandaly24aidandaly24
committed
docs: fix stale gateway flags and add missing CLI flags
- Rename --agent-client-id → --client-id, --agent-client-secret → --client-secret in gateway docs (naming unification #705) - Add missing flags to add agent: --authorizer-type, --discovery-url, --allowed-audience, --allowed-clients, --allowed-scopes, --custom-claims, --client-id, --client-secret, --idle-timeout, --max-lifetime - Add missing flags to create: --idle-timeout, --max-lifetime - Add missing flags to add gateway: --runtimes, --custom-claims, --policy-engine, --policy-engine-mode - Fix --exception-level values: NONE/ALL (was undocumented) Confidence: high Scope-risk: narrow
1 parent 859b5c4 commit 931a3f4

File tree

2 files changed

+80
-64
lines changed

2 files changed

+80
-64
lines changed

docs/commands.md

Lines changed: 76 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -65,30 +65,32 @@ agentcore create \
6565
--memory none
6666
```
6767

68-
| Flag | Description |
69-
| ------------------------- | -------------------------------------------------------------------------------------------------------------- |
70-
| `--name <name>` | Project name (alphanumeric, starts with letter, max 23 chars) |
71-
| `--defaults` | Use defaults (Python, Strands, Bedrock, no memory) |
72-
| `--no-agent` | Skip agent creation |
73-
| `--type <type>` | `create` (default) or `import` |
74-
| `--language <lang>` | `Python` (default) |
75-
| `--framework <fw>` | `Strands`, `LangChain_LangGraph`, `GoogleADK`, `OpenAIAgents` |
76-
| `--model-provider <p>` | `Bedrock`, `Anthropic`, `OpenAI`, `Gemini` |
77-
| `--build <type>` | `CodeZip` (default) or `Container` (see [Container Builds](container-builds.md)) |
78-
| `--api-key <key>` | API key for non-Bedrock providers |
79-
| `--memory <opt>` | `none`, `shortTerm`, `longAndShortTerm` (see [Memory Shorthand Mapping](memory.md#--memory-shorthand-mapping)) |
80-
| `--protocol <protocol>` | `HTTP` (default), `MCP`, `A2A` |
81-
| `--network-mode <mode>` | `PUBLIC` (default) or `VPC` |
82-
| `--subnets <ids>` | Comma-separated subnet IDs (required for VPC mode) |
83-
| `--security-groups <ids>` | Comma-separated security group IDs (required for VPC mode) |
84-
| `--agent-id <id>` | Bedrock Agent ID (import only) |
85-
| `--agent-alias-id <id>` | Bedrock Agent Alias ID (import only) |
86-
| `--region <region>` | AWS region for Bedrock Agent (import only) |
87-
| `--output-dir <dir>` | Output directory |
88-
| `--skip-git` | Skip git initialization |
89-
| `--skip-python-setup` | Skip venv setup |
90-
| `--dry-run` | Preview without creating |
91-
| `--json` | JSON output |
68+
| Flag | Description |
69+
| -------------------------- | -------------------------------------------------------------------------------------------------------------- |
70+
| `--name <name>` | Project name (alphanumeric, starts with letter, max 23 chars) |
71+
| `--defaults` | Use defaults (Python, Strands, Bedrock, no memory) |
72+
| `--no-agent` | Skip agent creation |
73+
| `--type <type>` | `create` (default) or `import` |
74+
| `--language <lang>` | `Python` (default) |
75+
| `--framework <fw>` | `Strands`, `LangChain_LangGraph`, `GoogleADK`, `OpenAIAgents` |
76+
| `--model-provider <p>` | `Bedrock`, `Anthropic`, `OpenAI`, `Gemini` |
77+
| `--build <type>` | `CodeZip` (default) or `Container` (see [Container Builds](container-builds.md)) |
78+
| `--api-key <key>` | API key for non-Bedrock providers |
79+
| `--memory <opt>` | `none`, `shortTerm`, `longAndShortTerm` (see [Memory Shorthand Mapping](memory.md#--memory-shorthand-mapping)) |
80+
| `--protocol <protocol>` | `HTTP` (default), `MCP`, `A2A` |
81+
| `--network-mode <mode>` | `PUBLIC` (default) or `VPC` |
82+
| `--subnets <ids>` | Comma-separated subnet IDs (required for VPC mode) |
83+
| `--security-groups <ids>` | Comma-separated security group IDs (required for VPC mode) |
84+
| `--agent-id <id>` | Bedrock Agent ID (import only) |
85+
| `--agent-alias-id <id>` | Bedrock Agent Alias ID (import only) |
86+
| `--region <region>` | AWS region for Bedrock Agent (import only) |
87+
| `--idle-timeout <seconds>` | Idle session timeout in seconds |
88+
| `--max-lifetime <seconds>` | Max instance lifetime in seconds |
89+
| `--output-dir <dir>` | Output directory |
90+
| `--skip-git` | Skip git initialization |
91+
| `--skip-python-setup` | Skip venv setup |
92+
| `--dry-run` | Preview without creating |
93+
| `--json` | JSON output |
9294

9395
### deploy
9496

@@ -193,26 +195,36 @@ agentcore add agent \
193195
--memory none
194196
```
195197

196-
| Flag | Description |
197-
| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- |
198-
| `--name <name>` | Agent name (alphanumeric + underscores, starts with letter, max 48 chars) |
199-
| `--type <type>` | `create` (default), `byo`, or `import` |
200-
| `--build <type>` | `CodeZip` (default) or `Container` (see [Container Builds](container-builds.md)) |
201-
| `--language <lang>` | `Python` (create); `Python`, `TypeScript`, `Other` (BYO) |
202-
| `--framework <fw>` | `Strands`, `LangChain_LangGraph`, `GoogleADK`, `OpenAIAgents` |
203-
| `--model-provider <p>` | `Bedrock`, `Anthropic`, `OpenAI`, `Gemini` |
204-
| `--api-key <key>` | API key for non-Bedrock providers |
205-
| `--memory <opt>` | `none`, `shortTerm`, `longAndShortTerm` (create and import; see [Memory Shorthand Mapping](memory.md#--memory-shorthand-mapping)) |
206-
| `--protocol <protocol>` | `HTTP` (default), `MCP`, `A2A` |
207-
| `--code-location <path>` | Path to existing code (BYO only) |
208-
| `--entrypoint <file>` | Entry file relative to code-location (BYO, default: `main.py`) |
209-
| `--network-mode <mode>` | `PUBLIC` (default) or `VPC` |
210-
| `--subnets <ids>` | Comma-separated subnet IDs (required for VPC mode) |
211-
| `--security-groups <ids>` | Comma-separated security group IDs (required for VPC mode) |
212-
| `--agent-id <id>` | Bedrock Agent ID (import only) |
213-
| `--agent-alias-id <id>` | Bedrock Agent Alias ID (import only) |
214-
| `--region <region>` | AWS region for Bedrock Agent (import only) |
215-
| `--json` | JSON output |
198+
| Flag | Description |
199+
| --------------------------- | --------------------------------------------------------------------------------------------------------------------------------- |
200+
| `--name <name>` | Agent name (alphanumeric + underscores, starts with letter, max 48 chars) |
201+
| `--type <type>` | `create` (default), `byo`, or `import` |
202+
| `--build <type>` | `CodeZip` (default) or `Container` (see [Container Builds](container-builds.md)) |
203+
| `--language <lang>` | `Python` (create); `Python`, `TypeScript`, `Other` (BYO) |
204+
| `--framework <fw>` | `Strands`, `LangChain_LangGraph`, `GoogleADK`, `OpenAIAgents` |
205+
| `--model-provider <p>` | `Bedrock`, `Anthropic`, `OpenAI`, `Gemini` |
206+
| `--api-key <key>` | API key for non-Bedrock providers |
207+
| `--memory <opt>` | `none`, `shortTerm`, `longAndShortTerm` (create and import; see [Memory Shorthand Mapping](memory.md#--memory-shorthand-mapping)) |
208+
| `--protocol <protocol>` | `HTTP` (default), `MCP`, `A2A` |
209+
| `--code-location <path>` | Path to existing code (BYO only) |
210+
| `--entrypoint <file>` | Entry file relative to code-location (BYO, default: `main.py`) |
211+
| `--network-mode <mode>` | `PUBLIC` (default) or `VPC` |
212+
| `--subnets <ids>` | Comma-separated subnet IDs (required for VPC mode) |
213+
| `--security-groups <ids>` | Comma-separated security group IDs (required for VPC mode) |
214+
| `--agent-id <id>` | Bedrock Agent ID (import only) |
215+
| `--agent-alias-id <id>` | Bedrock Agent Alias ID (import only) |
216+
| `--region <region>` | AWS region for Bedrock Agent (import only) |
217+
| `--authorizer-type <type>` | Inbound auth: `AWS_IAM` or `CUSTOM_JWT` |
218+
| `--discovery-url <url>` | OIDC discovery URL (for CUSTOM_JWT) |
219+
| `--allowed-audience <vals>` | Comma-separated allowed audiences (for CUSTOM_JWT) |
220+
| `--allowed-clients <vals>` | Comma-separated allowed client IDs (for CUSTOM_JWT) |
221+
| `--allowed-scopes <scopes>` | Comma-separated allowed scopes (for CUSTOM_JWT) |
222+
| `--custom-claims <json>` | Custom claim validations as JSON array (for CUSTOM_JWT) |
223+
| `--client-id <id>` | OAuth client ID for agent bearer token |
224+
| `--client-secret <secret>` | OAuth client secret |
225+
| `--idle-timeout <seconds>` | Idle session timeout in seconds |
226+
| `--max-lifetime <seconds>` | Max instance lifetime in seconds |
227+
| `--json` | JSON output |
216228

217229
### add memory
218230

@@ -250,24 +262,28 @@ agentcore add gateway \
250262
--discovery-url https://idp.example.com/.well-known/openid-configuration \
251263
--allowed-audience my-api \
252264
--allowed-clients my-client-id \
253-
--agent-client-id agent-client-id \
254-
--agent-client-secret agent-client-secret
265+
--client-id agent-client-id \
266+
--client-secret agent-client-secret
255267
```
256268

257-
| Flag | Description |
258-
| -------------------------------- | ------------------------------------------------------------ |
259-
| `--name <name>` | Gateway name |
260-
| `--description <desc>` | Gateway description |
261-
| `--authorizer-type <type>` | `NONE` (default) or `CUSTOM_JWT` |
262-
| `--discovery-url <url>` | OIDC discovery URL (required for CUSTOM_JWT) |
263-
| `--allowed-audience <values>` | Comma-separated allowed audiences (required for CUSTOM_JWT) |
264-
| `--allowed-clients <values>` | Comma-separated allowed client IDs (required for CUSTOM_JWT) |
265-
| `--allowed-scopes <scopes>` | Comma-separated allowed scopes (optional for CUSTOM_JWT) |
266-
| `--agent-client-id <id>` | Agent OAuth client ID for Bearer token auth (CUSTOM_JWT) |
267-
| `--agent-client-secret <secret>` | Agent OAuth client secret (CUSTOM_JWT) |
268-
| `--no-semantic-search` | Disable semantic search for tool discovery |
269-
| `--exception-level <level>` | Exception verbosity level (default: `NONE`) |
270-
| `--json` | JSON output |
269+
| Flag | Description |
270+
| ----------------------------- | ------------------------------------------------------------ |
271+
| `--name <name>` | Gateway name |
272+
| `--description <desc>` | Gateway description |
273+
| `--runtimes <names>` | Comma-separated runtime names to expose through this gateway |
274+
| `--authorizer-type <type>` | `NONE` (default) or `CUSTOM_JWT` |
275+
| `--discovery-url <url>` | OIDC discovery URL (required for CUSTOM_JWT) |
276+
| `--allowed-audience <values>` | Comma-separated allowed audiences (required for CUSTOM_JWT) |
277+
| `--allowed-clients <values>` | Comma-separated allowed client IDs (required for CUSTOM_JWT) |
278+
| `--allowed-scopes <scopes>` | Comma-separated allowed scopes (optional for CUSTOM_JWT) |
279+
| `--custom-claims <json>` | Custom claim validations as JSON array (CUSTOM_JWT) |
280+
| `--client-id <id>` | OAuth client ID for gateway bearer tokens (CUSTOM_JWT) |
281+
| `--client-secret <secret>` | OAuth client secret for gateway bearer tokens (CUSTOM_JWT) |
282+
| `--no-semantic-search` | Disable semantic search for tool discovery |
283+
| `--exception-level <level>` | Exception verbosity level: `NONE` (default) or `ALL` |
284+
| `--policy-engine <name>` | Policy engine name for Cedar-based authorization |
285+
| `--policy-engine-mode <mode>` | Policy engine mode: `LOG_ONLY` or `ENFORCE` |
286+
| `--json` | JSON output |
271287

272288
### add gateway-target
273289

docs/gateway.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -137,12 +137,12 @@ agentcore add gateway \
137137
--discovery-url https://idp.example.com/.well-known/openid-configuration \
138138
--allowed-audience my-api \
139139
--allowed-clients my-client-id \
140-
--agent-client-id agent-client-id \
141-
--agent-client-secret agent-client-secret
140+
--client-id agent-client-id \
141+
--client-secret agent-client-secret
142142
```
143143

144-
When you provide `--agent-client-id` and `--agent-client-secret`, the CLI automatically creates a managed OAuth
145-
credential that your agent uses to obtain Bearer tokens at runtime.
144+
When you provide `--client-id` and `--client-secret`, the CLI automatically creates a managed OAuth credential that your
145+
agent uses to obtain Bearer tokens at runtime.
146146

147147
### Outbound Authentication
148148

0 commit comments

Comments
 (0)