Updates to AWS AgentCore README and scripts #1208
Conversation
…es in docker build Env variables are now passed to AgentCore during runtime. Co-authored-by: Chris Smith <[email protected]> Signed-off-by: RanjitR <[email protected]>
WalkthroughSwitched to runtime secret-based credential handling: NVIDIA_API_KEY is retrieved from AWS Secrets Manager at container startup; deployment, update, and test scripts use environment variables to construct container URIs and discover runtimes dynamically; Dockerfile and new run scripts support both OTEL and non‑OTEL startup wrappers. Changes
Sequence Diagram(s)sequenceDiagram
autonumber
actor Dev as Developer / CI
participant Bedrock as Bedrock Agent Core API
participant Secrets as AWS Secrets Manager
participant Container as NAT container (entrypoint script)
Dev->>Bedrock: run deploy_nat.py / update_nat.py (env: AWS_REGION, AWS_ACCOUNT_ID, CONTAINER_IMAGE, IAM role, AGENT_NAME)
Bedrock-->>Dev: returns deployment response (runtime ARN/ID / status)
Dev->>Container: start container image (CONTAINER_IMAGE)
Container->>Secrets: GetSecretValue("nvidia-api-credentials", region)
Secrets-->>Container: returns secret JSON (contains NVIDIA_API_KEY)
Container->>Container: parse NVIDIA_API_KEY and validate NAT_CONFIG_FILE
Container->>Bedrock: start NAT serve (nat serve OR opentelemetry-instrument nat serve) with NAT_CONFIG_FILE
Bedrock-->>Container: runtime responses / status
Container-->>Dev: logs and runtime status
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes
Pre-merge checks and finishing touches✅ Passed checks (3 passed)
✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (4)
examples/frameworks/strands_demo/bedrock_agentcore/README.md (2)
164-166: Tighten examples around AWS access keys and environmentVariablesThe text already says “use IAM roles instead” for
<AWS_ACCESS_KEY_ID>/<AWS_SECRET_ACCESS_KEY>, but the code snippets still show those variables as if they are commonly set:
- Readers may be tempted to paste literal keys into
environmentVariablesor the script, which conflicts with the later “NEVER hardcode credentials” guidance.- For most AgentCore deployments, the attached IAM role should be sufficient and AWS SDKs will pick it up automatically; explicit
AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEYenv vars are usually unnecessary.Consider updating these snippets to:
- Show only
NVIDIA_API_KEYinenvironmentVariablesby default, and- If you want to illustrate AWS creds, explicitly mark them as legacy/optional and show a pattern that pulls them from AWS Secrets Manager or the process environment instead of inline strings (for example, in the scripts, use
os.getenvand filter out missing values).This keeps the docs and examples fully aligned with the “prefer IAM roles + secrets manager” story while still covering advanced use cases.
Also applies to: 183-188, 293-295, 313-317, 848-851
788-796: Security best‑practices section is strong; ensure examples fully reflect itThe “NEVER hardcode credentials” table, Secrets Manager example, and “wrong vs correct” Dockerfile snippet are all spot‑on and very helpful.
To make this section completely self‑consistent with the earlier agent runtime examples:
- Ensure all example code that sets
NVIDIA_API_KEY/ AWS creds either:
- Reads from Secrets Manager or environment variables, or
- Is clearly labelled as pseudocode, not something to paste with real values.
- You’re already calling out “Use IAM roles instead” and “Remove all hardcoded credentials from code”; keeping all snippets in line with that will reduce the chance of users copying insecure patterns.
These are documentation‑only tweaks; the current content is directionally correct.
Also applies to: 801-808, 818-825, 829-836
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py (1)
21-33: Avoid embedding secrets in the update script; prefer env/Secrets Manager and IAM rolesThe
roleArnaddition looks correct and aligns with the IAM role created in the README, but the newenvironmentVariablesblock currently encourages filling in literal secrets:environmentVariables={ 'NVIDIA_API_KEY': '<YOUR_NVIDIA_API_KEY>', 'AWS_ACCESS_KEY_ID': '<YOUR_AWS_ACCESS_KEY_ID>', 'AWS_SECRET_ACCESS_KEY': '<YOUR_AWS_SECRET_ACCESS_KEY>' }To better match the security guidance in the README:
- Fetch values from the process environment (or AWS Secrets Manager) instead of inline strings.
- Consider omitting
AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEYentirely for the common case where the AgentCore IAM role handles AWS authentication.For example:
-import boto3 +import os +import boto3 @@ -response = client.update_agent_runtime( - agentRuntimeId='<RUNTIME_ID>', - agentRuntimeArtifact={ +env_vars = {} +for name in ("NVIDIA_API_KEY", "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY"): + value = os.getenv(name) + if value: + env_vars[name] = value + +response = client.update_agent_runtime( + agentRuntimeId='<RUNTIME_ID>', + agentRuntimeArtifact={ @@ - networkConfiguration={"networkMode": "PUBLIC"}, - roleArn='<IAM_ROLE_ARN>', - environmentVariables={ - 'NVIDIA_API_KEY': '<YOUR_NVIDIA_API_KEY>', - 'AWS_ACCESS_KEY_ID': '<YOUR_AWS_ACCESS_KEY_ID>', - 'AWS_SECRET_ACCESS_KEY': '<YOUR_AWS_SECRET_ACCESS_KEY>' - }) + networkConfiguration={"networkMode": "PUBLIC"}, + roleArn='<IAM_ROLE_ARN>', + environmentVariables=env_vars)This keeps secrets out of source while still supporting NVIDIA and (if truly needed) AWS credentials.
Please also double‑check against the latest
boto3/ Bedrock AgentCore docs thatenvironmentVariablesandroleArnare the correct parameter names forupdate_agent_runtimein your environment.examples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py (1)
28-33: Align create script with secure secret handling and IAM‑role usageThe added
roleArnis appropriate for attaching the AgentCore IAM role, but, as in the update script, the newenvironmentVariablesblock currently suggests pasting raw secrets into source:environmentVariables={ 'NVIDIA_API_KEY': '<YOUR_NVIDIA_API_KEY>', 'AWS_ACCESS_KEY_ID': '<YOUR_AWS_ACCESS_KEY_ID>', 'AWS_SECRET_ACCESS_KEY': '<YOUR_AWS_SECRET_ACCESS_KEY>' }To lead users toward safer patterns:
- Read these values from environment variables or a secrets manager instead of inline literals.
- Consider omitting the AWS access key/secret entirely in the example and relying on the IAM role, mentioning in the README that explicit AWS_* envs are only for exceptional cases.
You can reuse the same pattern shown for
update_nat.py(usingos.getenvand buildingenv_varsdynamically) so both scripts are consistent.Also, please confirm that
create_agent_runtimein yourboto3version acceptsroleArnandenvironmentVariablesexactly as used here, as AWS APIs occasionally evolve.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
examples/frameworks/strands_demo/bedrock_agentcore/README.md(12 hunks)examples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py(1 hunks)examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py(1 hunks)
🧰 Additional context used
📓 Path-based instructions (11)
**/*.{md,rst,py}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Use 'NVIDIA NeMo Agent toolkit' on first use, then 'NeMo Agent toolkit' for subsequent references
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/README.md
**/*.{py,toml,yaml,yml}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Use abbreviations: 'nat' for API namespace and CLI tool, 'nvidia-nat' for package name, 'NAT' for environment variable prefixes and informal comments
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py
**/*.py
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
**/*.py: Follow PEP 20 and PEP 8 for Python style guidelines
Run yapf second (PEP 8 base, column_limit = 120) for Python formatting
Use ruff check --fix (via pre-commit) for linting using configuration embedded in pyproject.toml, fix warnings unless explicitly ignored
Use snake_case for functions and variables, PascalCase for classes, UPPER_CASE for constants
All public APIs require Python 3.11+ type hints on parameters and return values
Prefer collections.abc / typing abstractions (Sequence over list) for type hints
Use typing.Annotated for units or extra metadata when useful
Treat pyright warnings (configured in pyproject.toml) as errors during development
Preserve stack traces and prevent duplicate logging when handling exceptions; use bare raise statements and logger.error() when re-raising
When catching and logging exceptions without re-raising, always use logger.exception() to capture the full stack trace information
Provide Google-style docstrings for every public module, class, function and CLI command
The first line of docstrings must be a concise description ending with a period (Vale checks this)
Surround code entities with backticks in docstrings to avoid Vale false-positives
Validate and sanitise all user input, especially in web or CLI interfaces
Prefer httpx with SSL verification enabled by default and follow OWASP Top-10 recommendations
Use async/await for I/O-bound work (HTTP, DB, file reads)
Cache expensive computations with functools.lru_cache or an external cache when appropriate
Leverage NumPy vectorised operations whenever beneficial and feasible
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py
**/*.{py,js,ts,yaml,yml,json,md,rst}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Indent with 4 spaces, never tabs, and ensure every file ends with a single newline
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/README.md
**/*.{py,env,toml,yaml,yml,json}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Never commit API keys, credentials or personal data; use environment variables or .env files excluded from Git
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py
**/*.{py,js,ts,java,cpp,c,go,rb,php}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Every file must start with the standard SPDX Apache-2.0 header
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py
**/*.{py,md,rst}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Version numbers are derived automatically by setuptools-scm; never hard-code them in code or docs
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/README.md
**/*.{py,js,ts,java,cpp,c,go,rb,php,sh}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
All source files must include the SPDX Apache-2.0 header template
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py
**/*
⚙️ CodeRabbit configuration file
**/*: # Code Review Instructions
- Ensure the code follows best practices and coding standards. - For Python code, follow
PEP 20 and
PEP 8 for style guidelines.- Check for security vulnerabilities and potential issues. - Python methods should use type hints for all parameters and return values (except for return values of
None,
in that situation no return type hint is needed).
Example:def my_function(param1: int, param2: str) -> bool: pass- For Python exception handling, ensure proper stack trace preservation:
- When re-raising exceptions: use bare
raisestatements to maintain the original stack trace,
and uselogger.error()(notlogger.exception()) to avoid duplicate stack trace output.- When catching and logging exceptions without re-raising: always use
logger.exception()
to capture the full stack trace information.Documentation Review Instructions - Verify that documentation and comments are clear and comprehensive. - Verify that the documentation doesn't contain any TODOs, FIXMEs or placeholder text like "lorem ipsum". - Verify that the documentation doesn't contain any offensive or outdated terms. - Verify that documentation and comments are free of spelling mistakes, ensure the documentation doesn't contain any
words listed in the
ci/vale/styles/config/vocabularies/nat/reject.txtfile, words that might appear to be
spelling mistakes but are listed in theci/vale/styles/config/vocabularies/nat/accept.txtfile are OK.Misc. - All code (except .mdc files that contain Cursor rules) should be licensed under the Apache License 2.0,
and should contain an Apache License 2.0 header comment at the top of each file.
- Confirm that copyright years are up-to date whenever a file is changed.
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/README.md
examples/**/*
⚙️ CodeRabbit configuration file
examples/**/*: - This directory contains example code and usage scenarios for the toolkit, at a minimum an example should
contain a README.md or file README.ipynb.
- If an example contains Python code, it should be placed in a subdirectory named
src/and should
contain apyproject.tomlfile. Optionally, it might also contain scripts in ascripts/directory.- If an example contains YAML files, they should be placed in a subdirectory named
configs/. - If an example contains sample data files, they should be placed in a subdirectory nameddata/, and should
be checked into git-lfs.
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/README.md
**/*.{md,rst}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Use 'NeMo Agent Toolkit' (capitalize 'T') when the name appears in headings
Files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
🧠 Learnings (2)
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to **/*.{py,toml,yaml,yml} : Use abbreviations: 'nat' for API namespace and CLI tool, 'nvidia-nat' for package name, 'NAT' for environment variable prefixes and informal comments
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to **/*.{py,env,toml,yaml,yml,json} : Never commit API keys, credentials or personal data; use environment variables or .env files excluded from Git
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
🪛 markdownlint-cli2 (0.18.1)
examples/frameworks/strands_demo/bedrock_agentcore/README.md
578-578: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🔇 Additional comments (3)
examples/frameworks/strands_demo/bedrock_agentcore/README.md (3)
75-86: Clarified NVIDIA_API_KEY guidance for local runs looks goodThe note correctly scopes
NVIDIA_API_KEYto NVIDIA‑hosted NIM and calls out that self‑hosted/custombase_urlflows don’t need it. Thedocker runexample aligns with that model and avoids build‑time secrets.
141-155: Build commands correctly avoid credential build‑argsThe repeated “Never pass credentials as build arguments” guidance plus the
NAT_VERSION=$(python -m setuptools_scm)pattern is aligned with the repo rules (no hard‑coded versions, no secrets in build args). The ECR build/push examples look good as secure scaffolding.Also applies to: 269-281
640-751: Dockerfile reference section aligns with build and telemetry guidanceThe expanded Dockerfile reference (including
NAT_VERSIONvia setuptools‑scm, no credential build‑args, NAT config env, and clear OpenTelemetry options) is consistent with earlier instructions and follows the repo’s “no hard‑coded versions or secrets” rule. No issues from a correctness or security perspective.
bbednarski9
added
doc
…S deployment and use Secrets Manager Co-authored-by: Chris Smith <[email protected]> Signed-off-by: RanjitR <[email protected]>
There was a problem hiding this comment.
Actionable comments posted: 2
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
examples/frameworks/strands_demo/bedrock_agentcore/README.md (1)
19-21: Based on the snippet provided in the review comment, I can verify the terminology usage directly:Lines 19-21 show:
# Running Strands with NVIDIA NeMo Agent Toolkit on AWS AgentCore A comprehensive guide for deploying NVIDIA NeMo Agent Toolkit (NAT) with Strands on AWS AgentCore, including OpenTelemetry instrumentation for monitoring.According to the coding guidelines and learnings:
- First use should be: "NVIDIA NeMo Agent toolkit" (lowercase 't')
- In headings should be: "NeMo Agent Toolkit" (capital 'T')
The heading (line 19) uses "NVIDIA NeMo Agent Toolkit" - this is technically the first occurrence and should follow the guideline of using lowercase 't' (i.e., "NVIDIA NeMo Agent toolkit"). However, since this is a heading, the guideline also states headings should use capital 'T'. This creates a conflict where the heading guideline (capital 'T') overrides the first-use guideline (lowercase 't').
Line 21 repeats "NVIDIA NeMo Agent Toolkit" - after the first use, subsequent references should be "NeMo Agent toolkit" (without NVIDIA prefix and lowercase 't').
Correct line 21 to use the short form on second reference.
Line 21 should read: "A comprehensive guide for deploying NeMo Agent toolkit (NAT) with Strands on AWS AgentCore, including OpenTelemetry instrumentation for monitoring."
♻️ Duplicate comments (3)
examples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py (2)
36-66: Wrap module-level execution in main function.The script executes code at the module level, which makes it difficult to test and import. Consider wrapping the execution logic in a
main()function with anif __name__ == "__main__"guard.Apply this diff to follow Python best practices:
+def main() -> None: + """Deploy NAT agent runtime with NVIDIA API key from AWS Secrets Manager.""" + # Fetch NVIDIA API key from Secrets Manager + secrets = get_secret(SECRET_NAME, AWS_REGION) + nvidia_api_key = secrets.get('NVIDIA_API_KEY') + + if not nvidia_api_key: + raise ValueError("NVIDIA_API_KEY not found in secrets") + + client = boto3.client('bedrock-agentcore-control', region_name=AWS_REGION) + + response = client.create_agent_runtime(agentRuntimeName=AGENT_RUNTIME_NAME, + agentRuntimeArtifact={ + 'containerConfiguration': { + 'containerUri': (f'{AWS_ACCOUNT_ID}.dkr.ecr.{AWS_REGION}' + f'.amazonaws.com/{CONTAINER_IMAGE}') + } + }, + networkConfiguration={"networkMode": "PUBLIC"}, + roleArn=IAM_AGENTCORE_ROLE, + environmentVariables={'NVIDIA_API_KEY': nvidia_api_key}) + + print("Agent Runtime created successfully!") + print(f"Agent Runtime ARN: {response['agentRuntimeArn']}") + print(f"Status: {response['status']}") + -# Fetch NVIDIA API key from Secrets Manager -secrets = get_secret(SECRET_NAME, AWS_REGION) -nvidia_api_key = secrets.get('NVIDIA_API_KEY') - -if not nvidia_api_key: - raise ValueError("NVIDIA_API_KEY not found in secrets") - -client = boto3.client('bedrock-agentcore-control', region_name=AWS_REGION) - -response = client.create_agent_runtime(agentRuntimeName=AGENT_RUNTIME_NAME, - agentRuntimeArtifact={ - 'containerConfiguration': { - 'containerUri': (f'{AWS_ACCOUNT_ID}.dkr.ecr.{AWS_REGION}' - f'.amazonaws.com/{CONTAINER_IMAGE}') - } - }, - networkConfiguration={"networkMode": "PUBLIC"}, - roleArn=IAM_AGENTCORE_ROLE, - environmentVariables={'NVIDIA_API_KEY': nvidia_api_key}) - -print("Agent Runtime created successfully!") -print(f"Agent Runtime ARN: {response['agentRuntimeArn']}") -print(f"Status: {response['status']}") + +if __name__ == "__main__": + main()
22-33: Add type hints and use custom exception class.The
get_secretfunction is missing type hints on parameters and return value, which are required per coding guidelines. Additionally, raising a genericExceptionviolates best practices (TRY002, TRY003).Apply this diff to add type hints and improve exception handling:
-def get_secret(secret_name, region_name): +def get_secret(secret_name: str, region_name: str) -> dict[str, str]: """Retrieve secret from AWS Secrets Manager.""" session = boto3.session.Session() secrets_client = session.client(service_name='secretsmanager', region_name=region_name) try: get_secret_value_response = secrets_client.get_secret_value(SecretId=secret_name) except Exception as e: - raise Exception(f"Error retrieving secret: {e}") from e + raise RuntimeError(f"Error retrieving secret: {e}") from e secret = get_secret_value_response['SecretString'] return json.loads(secret)As per coding guidelines, all public APIs require Python 3.11+ type hints on parameters and return values.
examples/frameworks/strands_demo/bedrock_agentcore/README.md (1)
696-698: Add language identifier to fenced code block.The ARN code block is missing a language identifier, which triggers markdownlint MD040. This was already flagged in a previous review.
Apply this diff:
-``` +```text arn:aws:iam::<AWS_ACCOUNT_ID>:role/AgentCore_NAT</blockquote></details> </blockquote></details> <details> <summary>🧹 Nitpick comments (3)</summary><blockquote> <details> <summary>examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py (2)</summary><blockquote> `23-34`: **Extract duplicated `get_secret` function to shared module.** The `get_secret` function is duplicated in both `deploy_nat.py` and `update_nat.py` with identical implementation. This violates the DRY principle and increases maintenance burden. Consider extracting this function to a shared utility module, such as `examples/frameworks/strands_demo/bedrock_agentcore/scripts/aws_utils.py`: ```python """AWS utility functions for NAT deployment scripts.""" import json import boto3 def get_secret(secret_name: str, region_name: str) -> dict[str, str]: """Retrieve secret from AWS Secrets Manager.""" session = boto3.session.Session() secrets_client = session.client(service_name='secretsmanager', region_name=region_name) try: get_secret_value_response = secrets_client.get_secret_value(SecretId=secret_name) except Exception as e: raise RuntimeError(f"Error retrieving secret: {e}") from e secret = get_secret_value_response['SecretString'] return json.loads(secret)Then import and use it in both scripts:
from aws_utils import get_secret
37-67: Wrap module-level execution in main function.The script executes code at the module level, which makes it difficult to test and import. Consider wrapping the execution logic in a
main()function with anif __name__ == "__main__"guard.Apply this diff to follow Python best practices:
+def main() -> None: + """Update NAT agent runtime with NVIDIA API key from AWS Secrets Manager.""" + # Fetch NVIDIA API key from Secrets Manager + secrets = get_secret(SECRET_NAME, AWS_REGION) + nvidia_api_key = secrets.get('NVIDIA_API_KEY') + + if not nvidia_api_key: + raise ValueError("NVIDIA_API_KEY not found in secrets") + + client = boto3.client('bedrock-agentcore-control', region_name=AWS_REGION) + + response = client.update_agent_runtime(agentRuntimeId=AGENT_RUNTIME_ID, + agentRuntimeArtifact={ + 'containerConfiguration': { + 'containerUri': (f'{AWS_ACCOUNT_ID}.dkr.ecr.{AWS_REGION}' + f'.amazonaws.com/{CONTAINER_IMAGE}') + } + }, + networkConfiguration={"networkMode": "PUBLIC"}, + roleArn=IAM_AGENTCORE_ROLE, + environmentVariables={'NVIDIA_API_KEY': nvidia_api_key}) + + print("Agent Runtime updated successfully!") + print(f"Agent Runtime ARN: {response['agentRuntimeArn']}") + print(f"Status: {response['status']}") + -# Fetch NVIDIA API key from Secrets Manager -secrets = get_secret(SECRET_NAME, AWS_REGION) -nvidia_api_key = secrets.get('NVIDIA_API_KEY') - -if not nvidia_api_key: - raise ValueError("NVIDIA_API_KEY not found in secrets") - -client = boto3.client('bedrock-agentcore-control', region_name=AWS_REGION) - -response = client.update_agent_runtime(agentRuntimeId=AGENT_RUNTIME_ID, - agentRuntimeArtifact={ - 'containerConfiguration': { - 'containerUri': (f'{AWS_ACCOUNT_ID}.dkr.ecr.{AWS_REGION}' - f'.amazonaws.com/{CONTAINER_IMAGE}') - } - }, - networkConfiguration={"networkMode": "PUBLIC"}, - roleArn=IAM_AGENTCORE_ROLE, - environmentVariables={'NVIDIA_API_KEY': nvidia_api_key}) - -print("Agent Runtime updated successfully!") -print(f"Agent Runtime ARN: {response['agentRuntimeArn']}") -print(f"Status: {response['status']}") + +if __name__ == "__main__": + main()examples/frameworks/strands_demo/bedrock_agentcore/README.md (1)
116-116: Fix duplicate heading "Prerequisites".The heading "Prerequisites" appears multiple times in the document (line 23 and line 116), which is flagged by markdownlint (MD024). Consider making the second heading more specific.
Apply this diff to make the heading more specific:
-## Prerequisites +## Prerequisites for Secrets Setup
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
examples/frameworks/strands_demo/bedrock_agentcore/README.md(15 hunks)examples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py(1 hunks)examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py(2 hunks)
🧰 Additional context used
📓 Path-based instructions (11)
**/*.{md,rst,py}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Use 'NVIDIA NeMo Agent toolkit' on first use, then 'NeMo Agent toolkit' for subsequent references
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/README.mdexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py
**/*.{py,toml,yaml,yml}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Use abbreviations: 'nat' for API namespace and CLI tool, 'nvidia-nat' for package name, 'NAT' for environment variable prefixes and informal comments
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py
**/*.py
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
**/*.py: Follow PEP 20 and PEP 8 for Python style guidelines
Run yapf second (PEP 8 base, column_limit = 120) for Python formatting
Use ruff check --fix (via pre-commit) for linting using configuration embedded in pyproject.toml, fix warnings unless explicitly ignored
Use snake_case for functions and variables, PascalCase for classes, UPPER_CASE for constants
All public APIs require Python 3.11+ type hints on parameters and return values
Prefer collections.abc / typing abstractions (Sequence over list) for type hints
Use typing.Annotated for units or extra metadata when useful
Treat pyright warnings (configured in pyproject.toml) as errors during development
Preserve stack traces and prevent duplicate logging when handling exceptions; use bare raise statements and logger.error() when re-raising
When catching and logging exceptions without re-raising, always use logger.exception() to capture the full stack trace information
Provide Google-style docstrings for every public module, class, function and CLI command
The first line of docstrings must be a concise description ending with a period (Vale checks this)
Surround code entities with backticks in docstrings to avoid Vale false-positives
Validate and sanitise all user input, especially in web or CLI interfaces
Prefer httpx with SSL verification enabled by default and follow OWASP Top-10 recommendations
Use async/await for I/O-bound work (HTTP, DB, file reads)
Cache expensive computations with functools.lru_cache or an external cache when appropriate
Leverage NumPy vectorised operations whenever beneficial and feasible
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py
**/*.{py,js,ts,yaml,yml,json,md,rst}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Indent with 4 spaces, never tabs, and ensure every file ends with a single newline
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/README.mdexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py
**/*.{py,env,toml,yaml,yml,json}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Never commit API keys, credentials or personal data; use environment variables or .env files excluded from Git
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py
**/*.{py,js,ts,java,cpp,c,go,rb,php}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Every file must start with the standard SPDX Apache-2.0 header
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py
**/*.{py,md,rst}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Version numbers are derived automatically by setuptools-scm; never hard-code them in code or docs
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/README.mdexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py
**/*.{py,js,ts,java,cpp,c,go,rb,php,sh}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
All source files must include the SPDX Apache-2.0 header template
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py
**/*
⚙️ CodeRabbit configuration file
**/*: # Code Review Instructions
- Ensure the code follows best practices and coding standards. - For Python code, follow
PEP 20 and
PEP 8 for style guidelines.- Check for security vulnerabilities and potential issues. - Python methods should use type hints for all parameters and return values (except for return values of
None,
in that situation no return type hint is needed).
Example:def my_function(param1: int, param2: str) -> bool: pass- For Python exception handling, ensure proper stack trace preservation:
- When re-raising exceptions: use bare
raisestatements to maintain the original stack trace,
and uselogger.error()(notlogger.exception()) to avoid duplicate stack trace output.- When catching and logging exceptions without re-raising: always use
logger.exception()
to capture the full stack trace information.Documentation Review Instructions - Verify that documentation and comments are clear and comprehensive. - Verify that the documentation doesn't contain any TODOs, FIXMEs or placeholder text like "lorem ipsum". - Verify that the documentation doesn't contain any offensive or outdated terms. - Verify that documentation and comments are free of spelling mistakes, ensure the documentation doesn't contain any
words listed in the
ci/vale/styles/config/vocabularies/nat/reject.txtfile, words that might appear to be
spelling mistakes but are listed in theci/vale/styles/config/vocabularies/nat/accept.txtfile are OK.Misc. - All code (except .mdc files that contain Cursor rules) should be licensed under the Apache License 2.0,
and should contain an Apache License 2.0 header comment at the top of each file.
- Confirm that copyright years are up-to date whenever a file is changed.
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/README.mdexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py
examples/**/*
⚙️ CodeRabbit configuration file
examples/**/*: - This directory contains example code and usage scenarios for the toolkit, at a minimum an example should
contain a README.md or file README.ipynb.
- If an example contains Python code, it should be placed in a subdirectory named
src/and should
contain apyproject.tomlfile. Optionally, it might also contain scripts in ascripts/directory.- If an example contains YAML files, they should be placed in a subdirectory named
configs/. - If an example contains sample data files, they should be placed in a subdirectory nameddata/, and should
be checked into git-lfs.
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/README.mdexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py
**/*.{md,rst}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Use 'NeMo Agent Toolkit' (capitalize 'T') when the name appears in headings
Files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
🧠 Learnings (6)
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: CI fails if formatting is wrong; run pre-commit run --all-files locally before pushing
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Never commit code that fails pre-commit run --all-files or ci/scripts/run_ci_local.sh check
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to **/*.{py,env,toml,yaml,yml,json} : Never commit API keys, credentials or personal data; use environment variables or .env files excluded from Git
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to **/*.{md,rst,py} : Use 'NVIDIA NeMo Agent toolkit' on first use, then 'NeMo Agent toolkit' for subsequent references
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to **/*.{md,rst} : Use 'NeMo Agent Toolkit' (capitalize 'T') when the name appears in headings
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-08-22T20:29:13.433Z
Learnt from: AnuradhaKaruppiah
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 701
File: examples/evaluation_and_profiling/simple_calculator_eval/src/nat_simple_calculator_eval/configs/config-with-custom-post-process.yml:16-18
Timestamp: 2025-08-22T20:29:13.433Z
Learning: In the NeMo-Agent-Toolkit project, configuration consistency across example files is prioritized over removing unused config options, even when those options aren't currently implemented in the runtime.
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
🧬 Code graph analysis (2)
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py (1)
src/nat/data_models/common.py (1)
get_secret_value(177-193)
examples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py (1)
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py (1)
get_secret(23-34)
🪛 markdownlint-cli2 (0.18.1)
examples/frameworks/strands_demo/bedrock_agentcore/README.md
116-116: Multiple headings with the same content
(MD024, no-duplicate-heading)
696-696: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🪛 Ruff (0.14.5)
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py
31-31: Create your own exception
(TRY002)
31-31: Avoid specifying long messages outside the exception class
(TRY003)
43-43: Possible hardcoded password assigned to: "SECRET_NAME"
(S105)
50-50: Avoid specifying long messages outside the exception class
(TRY003)
examples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py
30-30: Create your own exception
(TRY002)
30-30: Avoid specifying long messages outside the exception class
(TRY003)
42-42: Possible hardcoded password assigned to: "SECRET_NAME"
(S105)
49-49: Avoid specifying long messages outside the exception class
(TRY003)
🔇 Additional comments (2)
examples/frameworks/strands_demo/bedrock_agentcore/README.md (2)
906-906: LGTM: Correct hyphenation of "hard-code".The documentation correctly uses "hard-code" with a hyphen, which aligns with the repository's style requirements.
Based on past review comments, the repository uses "hard-code" for consistency and to satisfy pre-commit checks.
112-145: Well-documented secrets management setup.The new section provides clear, step-by-step instructions for creating AWS Secrets Manager entries for the NVIDIA_API_KEY. The security best practice callout and verification steps are helpful additions.
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py
Outdated
Show resolved
Hide resolved
…and changed exception type Co-authored-by: Chris Smith <[email protected]> Signed-off-by: RanjitR <[email protected]>
There was a problem hiding this comment.
Actionable comments posted: 2
♻️ Duplicate comments (2)
examples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py (1)
22-33: Code duplication with update_nat.py - see review comment in update_nat.py.This
get_secretfunction is identical to the one inupdate_nat.py. Refer to the review comment on lines 22-33 inupdate_nat.pyfor the refactoring recommendation.examples/frameworks/strands_demo/bedrock_agentcore/README.md (1)
693-695: Add language identifier to fenced code block (markdownlint MD040).The fenced code block is missing a language identifier, as flagged in previous review.
Apply this diff:
-``` +```text arn:aws:iam::<AWS_ACCOUNT_ID>:role/AgentCore_NAT</blockquote></details> </blockquote></details> <details> <summary>🧹 Nitpick comments (4)</summary><blockquote> <details> <summary>examples/frameworks/strands_demo/bedrock_agentcore/README.md (4)</summary><blockquote> `116-116`: **Use more specific heading to avoid duplication.** The heading "Prerequisites" is duplicated (also on line 23), which triggers markdownlint MD024. Use a more specific heading for this section. Apply this diff: ```diff -## Prerequisites +## Prerequisites for Secrets Manager Setup
335-335: Use standard capitalization for "Rebuild".The heading uses non-standard capitalization "ReBuild" instead of "Rebuild".
Apply this diff:
-### ReBuild and Push Docker Image to ECR +### Rebuild and Push Docker Image to ECR
903-907: Use "hard-code" instead of "hard-coded" for consistency.Based on previous review feedback, the repository uses "hard-code" for consistency with pre-commit checks.
Apply this diff:
-**NEVER hard-code credentials in your Dockerfile or source code.** Always use secure credential management: +**NEVER hard-code credentials in your Dockerfile or source code.** Always use secure credential management: | ❌ Never Use | ✅ Use Instead | |-------------|---------------| -| Hard-coded API keys in Dockerfile | AWS Secrets Manager | +| Hard-code API keys in Dockerfile | AWS Secrets Manager |Based on learnings, this maintains consistency with the rest of the repository.
963-963: Capitalize AWS service name for consistency.Use "Secrets Manager" (capitalized) to match the official AWS service name used elsewhere in the document.
Apply this diff:
-| `<NVIDIA_API_KEY>` | Your NVIDIA API key | Retrieve from secrets manager | +| `<NVIDIA_API_KEY>` | Your NVIDIA API key | Retrieve from Secrets Manager |
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
examples/frameworks/strands_demo/bedrock_agentcore/README.md(15 hunks)examples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py(1 hunks)examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py(1 hunks)
🧰 Additional context used
📓 Path-based instructions (11)
**/*.{md,rst,py}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Use 'NVIDIA NeMo Agent toolkit' on first use, then 'NeMo Agent toolkit' for subsequent references
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/README.md
**/*.{py,toml,yaml,yml}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Use abbreviations: 'nat' for API namespace and CLI tool, 'nvidia-nat' for package name, 'NAT' for environment variable prefixes and informal comments
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py
**/*.py
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
**/*.py: Follow PEP 20 and PEP 8 for Python style guidelines
Run yapf second (PEP 8 base, column_limit = 120) for Python formatting
Use ruff check --fix (via pre-commit) for linting using configuration embedded in pyproject.toml, fix warnings unless explicitly ignored
Use snake_case for functions and variables, PascalCase for classes, UPPER_CASE for constants
All public APIs require Python 3.11+ type hints on parameters and return values
Prefer collections.abc / typing abstractions (Sequence over list) for type hints
Use typing.Annotated for units or extra metadata when useful
Treat pyright warnings (configured in pyproject.toml) as errors during development
Preserve stack traces and prevent duplicate logging when handling exceptions; use bare raise statements and logger.error() when re-raising
When catching and logging exceptions without re-raising, always use logger.exception() to capture the full stack trace information
Provide Google-style docstrings for every public module, class, function and CLI command
The first line of docstrings must be a concise description ending with a period (Vale checks this)
Surround code entities with backticks in docstrings to avoid Vale false-positives
Validate and sanitise all user input, especially in web or CLI interfaces
Prefer httpx with SSL verification enabled by default and follow OWASP Top-10 recommendations
Use async/await for I/O-bound work (HTTP, DB, file reads)
Cache expensive computations with functools.lru_cache or an external cache when appropriate
Leverage NumPy vectorised operations whenever beneficial and feasible
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py
**/*.{py,js,ts,yaml,yml,json,md,rst}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Indent with 4 spaces, never tabs, and ensure every file ends with a single newline
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/README.md
**/*.{py,env,toml,yaml,yml,json}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Never commit API keys, credentials or personal data; use environment variables or .env files excluded from Git
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py
**/*.{py,js,ts,java,cpp,c,go,rb,php}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Every file must start with the standard SPDX Apache-2.0 header
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py
**/*.{py,md,rst}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Version numbers are derived automatically by setuptools-scm; never hard-code them in code or docs
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/README.md
**/*.{py,js,ts,java,cpp,c,go,rb,php,sh}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
All source files must include the SPDX Apache-2.0 header template
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py
**/*
⚙️ CodeRabbit configuration file
**/*: # Code Review Instructions
- Ensure the code follows best practices and coding standards. - For Python code, follow
PEP 20 and
PEP 8 for style guidelines.- Check for security vulnerabilities and potential issues. - Python methods should use type hints for all parameters and return values (except for return values of
None,
in that situation no return type hint is needed).
Example:def my_function(param1: int, param2: str) -> bool: pass- For Python exception handling, ensure proper stack trace preservation:
- When re-raising exceptions: use bare
raisestatements to maintain the original stack trace,
and uselogger.error()(notlogger.exception()) to avoid duplicate stack trace output.- When catching and logging exceptions without re-raising: always use
logger.exception()
to capture the full stack trace information.Documentation Review Instructions - Verify that documentation and comments are clear and comprehensive. - Verify that the documentation doesn't contain any TODOs, FIXMEs or placeholder text like "lorem ipsum". - Verify that the documentation doesn't contain any offensive or outdated terms. - Verify that documentation and comments are free of spelling mistakes, ensure the documentation doesn't contain any
words listed in the
ci/vale/styles/config/vocabularies/nat/reject.txtfile, words that might appear to be
spelling mistakes but are listed in theci/vale/styles/config/vocabularies/nat/accept.txtfile are OK.Misc. - All code (except .mdc files that contain Cursor rules) should be licensed under the Apache License 2.0,
and should contain an Apache License 2.0 header comment at the top of each file.
- Confirm that copyright years are up-to date whenever a file is changed.
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/README.md
examples/**/*
⚙️ CodeRabbit configuration file
examples/**/*: - This directory contains example code and usage scenarios for the toolkit, at a minimum an example should
contain a README.md or file README.ipynb.
- If an example contains Python code, it should be placed in a subdirectory named
src/and should
contain apyproject.tomlfile. Optionally, it might also contain scripts in ascripts/directory.- If an example contains YAML files, they should be placed in a subdirectory named
configs/. - If an example contains sample data files, they should be placed in a subdirectory nameddata/, and should
be checked into git-lfs.
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/README.md
**/*.{md,rst}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Use 'NeMo Agent Toolkit' (capitalize 'T') when the name appears in headings
Files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
🧠 Learnings (6)
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: CI fails if formatting is wrong; run pre-commit run --all-files locally before pushing
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Never commit code that fails pre-commit run --all-files or ci/scripts/run_ci_local.sh check
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to **/*.{py,env,toml,yaml,yml,json} : Never commit API keys, credentials or personal data; use environment variables or .env files excluded from Git
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to **/*.{md,rst,py} : Use 'NVIDIA NeMo Agent toolkit' on first use, then 'NeMo Agent toolkit' for subsequent references
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to **/*.{md,rst} : Use 'NeMo Agent Toolkit' (capitalize 'T') when the name appears in headings
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-08-22T20:29:13.433Z
Learnt from: AnuradhaKaruppiah
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 701
File: examples/evaluation_and_profiling/simple_calculator_eval/src/nat_simple_calculator_eval/configs/config-with-custom-post-process.yml:16-18
Timestamp: 2025-08-22T20:29:13.433Z
Learning: In the NeMo-Agent-Toolkit project, configuration consistency across example files is prioritized over removing unused config options, even when those options aren't currently implemented in the runtime.
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
🧬 Code graph analysis (1)
examples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py (1)
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py (1)
get_secret(22-33)
🪛 markdownlint-cli2 (0.18.1)
examples/frameworks/strands_demo/bedrock_agentcore/README.md
116-116: Multiple headings with the same content
(MD024, no-duplicate-heading)
693-693: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🪛 Ruff (0.14.5)
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py
30-30: Avoid specifying long messages outside the exception class
(TRY003)
42-42: Possible hardcoded password assigned to: "SECRET_NAME"
(S105)
49-49: Avoid specifying long messages outside the exception class
(TRY003)
examples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py
30-30: Avoid specifying long messages outside the exception class
(TRY003)
42-42: Possible hardcoded password assigned to: "SECRET_NAME"
(S105)
49-49: Avoid specifying long messages outside the exception class
(TRY003)
🔇 Additional comments (10)
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py (2)
15-15: LGTM!The module docstring is clear and follows the coding guidelines for using "NAT" abbreviation.
36-62: LGTM!The configuration structure and runtime update logic are well-implemented. The dynamic secret retrieval, validation, and environment variable provisioning follow security best practices by moving credentials from build-time to runtime.
examples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py (1)
15-15: LGTM!The module docstring clearly describes the script's purpose and follows coding guidelines.
examples/frameworks/strands_demo/bedrock_agentcore/README.md (7)
75-75: LGTM!The clarification about when
NVIDIA_API_KEYis required vs. optional is helpful and prevents confusion.
175-189: LGTM!The security warning and removal of credential build-args align with best practices and the PR's objective to handle credentials at runtime.
202-264: LGTM!The documented deployment script example accurately reflects the actual implementation and clearly shows how secrets are retrieved and passed to the runtime.
309-332: LGTM!The OpenTelemetry configuration instructions are clear and properly highlight the required updates.
367-430: LGTM!The update script documentation accurately reflects the implementation and shows the runtime update flow with secrets management.
645-656: LGTM!The IAM policy correctly includes only
GetSecretValuepermission (read-only access) and properly scopes the resource ARN to a specific region and account. The wildcard suffix (-*) is correct for Secrets Manager ARNs.
930-941: LGTM!The Dockerfile best practices section provides clear security guidance with good examples of what to avoid and what to do instead.
examples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py
Show resolved
Hide resolved
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py
Outdated
Show resolved
Hide resolved
…h optimized Docker image - Refactor all deployment scripts for improved agentcore integration - Add new runtime scripts: run_nat_no_OTEL.sh, run_nat_with_OTEL.sh - Add get_agentcore_runtime_id.py for runtime management - Optimize Dockerfile: remove embedded nat serve, reduce image size - Add .dockerignore to keep image under 4GB agentcore limit - Update all existing scripts: deploy_nat.py, test_nat.py, update_nat.py - AgentCore README.md updates for new deployment process Co-authored-by: Chris Smith <[email protected]> Signed-off-by: RanjitR <[email protected]>
There was a problem hiding this comment.
Actionable comments posted: 5
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
examples/frameworks/strands_demo/bedrock_agentcore/README.md (1)
472-483: Add blank lines around table for MD058 compliance.The table (lines 474-482) should be surrounded by blank lines above and below to satisfy markdownlint MD058. Add a blank line before line 474 and after line 482.
The role includes the following permission sets: - + | Permission Set | Purpose | |---------------|---------| | **Bedrock Model Access** | Invoke foundation models for AI/ML operations | @@ -479,7 +479,7 @@ | **Workload Identity** | Access workload identity tokens for authentication | | **Secrets Manager** | Access the secret:nvidia-api-credentials key in Secrets Manager | --- - + ## Prerequisites
♻️ Duplicate comments (1)
examples/frameworks/strands_demo/bedrock_agentcore/scripts/run_nat_no_OTEL.sh (1)
1-29: Align secret export and env checks with OTEL variant.The same considerations from
run_nat_with_OTEL.shapply here: split assignment fromexport, validateAWS_DEFAULT_REGION, and quoteNAT_CONFIG_FILE:set -e -o pipefail if [[ -z "${NAT_CONFIG_FILE}" ]]; then echo "NAT_CONFIG_FILE not set" >&2 exit 1 fi if [[ -z "${AWS_DEFAULT_REGION}" ]]; then echo "AWS_DEFAULT_REGION not set" >&2 exit 1 fi NVIDIA_API_KEY="$( aws secretsmanager get-secret-value \ --secret-id 'nvidia-api-credentials' \ --region "${AWS_DEFAULT_REGION}" \ --query SecretString \ --output text | jq -r '.NVIDIA_API_KEY' )" export NVIDIA_API_KEY exec nat serve --config_file="${NAT_CONFIG_FILE}" --host 0.0.0.0This addresses the Shellcheck warning and makes failures around secrets/region easier to diagnose.
🧹 Nitpick comments (4)
examples/frameworks/strands_demo/bedrock_agentcore/scripts/run_nat_with_OTEL.sh (1)
1-28: Harden NVIDIA_API_KEY export and env validation.Current pattern:
export NVIDIA_API_KEY=$(aws ... | jq -r '.NVIDIA_API_KEY')can mask return codes and is what Shellcheck warns about. It’s safer and clearer to split assignment and export, and to fail fast if region is missing:
set -e -o pipefail if [[ -z "${NAT_CONFIG_FILE}" ]]; then echo "NAT_CONFIG_FILE not set" >&2 exit 1 fi if [[ -z "${AWS_DEFAULT_REGION}" ]]; then echo "AWS_DEFAULT_REGION not set" >&2 exit 1 fi NVIDIA_API_KEY="$( aws secretsmanager get-secret-value \ --secret-id 'nvidia-api-credentials' \ --region "${AWS_DEFAULT_REGION}" \ --query SecretString \ --output text | jq -r '.NVIDIA_API_KEY' )" export NVIDIA_API_KEY exec opentelemetry-instrument nat serve --config_file="${NAT_CONFIG_FILE}" --host 0.0.0.0This keeps
set -esemantics predictable, gives clearer error messages, and avoids issues if the config path ever contains spaces.examples/frameworks/strands_demo/bedrock_agentcore/Dockerfile (1)
31-45: AWS CLI installation: check architecture and useRUNfor verification instead ofCMD.You’re downloading
awscli-exe-linux-aarch64.zipand then setting:# Verify installation CMD ["aws", "--version"]Two points:
- Architecture: ensure the base image actually runs on
aarch64. If this image will also be used on x86_64 hosts, consider parameterizing the archive URL or switching to the appropriatelinux-x86_64build.- Verification:
CMDdoesn’t run duringdocker build, so it won’t verify the install. If you want to validate awscli at build time, replace the comment and CMD with a build step:RUN aws --version # (or drop verification entirely if not needed)and let the final
ENTRYPOINT/CMDdescribe how to start nat in the container.examples/frameworks/strands_demo/bedrock_agentcore/scripts/get_agentcore_runtime_id.py (1)
16-34: Handle “runtime not found” and clean up unused configuration.Right now, if no runtime named
"strands-demo"exists, the loop never setsruntime_id, nothing is printed, and the script still exits with code 0. Also,AWS_ACCOUNT_IDis read but never used.Consider:
import os import sys import boto3 AWS_REGION = os.environ["AWS_DEFAULT_REGION"] RUNTIME_NAME = "strands-demo" client = boto3.client("bedrock-agentcore-control", region_name=AWS_REGION) response = client.list_agent_runtimes() runtime_id: str | None = None for runtime in response.get("agentRuntimes", []): if runtime.get("agentRuntimeName") == RUNTIME_NAME: runtime_id = runtime["agentRuntimeId"] print(f"Found runtime ID: {runtime_id}") break if runtime_id is None: print(f'No agent runtime found with name "{RUNTIME_NAME}"', file=sys.stderr) sys.exit(1)This makes failure explicit and removes the unused
AWS_ACCOUNT_ID, which simplifies the script and reduces surprises for callers.examples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py (1)
20-42: Deployment flow looks good; minor cleanup for IAM role env usage is optional.The create-agent-runtime call and dynamic
containerUri/role construction look correct and align with the rest of the environment-driven flow. One small simplification you could make:AWS_REGION = os.environ["AWS_DEFAULT_REGION"] AWS_ACCOUNT_ID = os.environ["AWS_ACCOUNT_ID"] IAM_AGENTCORE_ROLE = f"arn:aws:iam::{AWS_ACCOUNT_ID}:role/AgentCore_NAT"so you don’t call
os.environ.get("AWS_ACCOUNT_ID")again. Otherwise this script is in good shape for the example use case.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (9)
examples/frameworks/strands_demo/bedrock_agentcore/.dockerignore(1 hunks)examples/frameworks/strands_demo/bedrock_agentcore/Dockerfile(3 hunks)examples/frameworks/strands_demo/bedrock_agentcore/README.md(15 hunks)examples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.py(1 hunks)examples/frameworks/strands_demo/bedrock_agentcore/scripts/get_agentcore_runtime_id.py(1 hunks)examples/frameworks/strands_demo/bedrock_agentcore/scripts/run_nat_no_OTEL.sh(1 hunks)examples/frameworks/strands_demo/bedrock_agentcore/scripts/run_nat_with_OTEL.sh(1 hunks)examples/frameworks/strands_demo/bedrock_agentcore/scripts/test_nat.py(1 hunks)examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py(1 hunks)
🧰 Additional context used
📓 Path-based instructions (12)
**/*.{py,js,ts,java,cpp,c,go,rb,php,sh}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
All source files must include the SPDX Apache-2.0 header template
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/run_nat_with_OTEL.shexamples/frameworks/strands_demo/bedrock_agentcore/scripts/run_nat_no_OTEL.shexamples/frameworks/strands_demo/bedrock_agentcore/scripts/get_agentcore_runtime_id.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/test_nat.py
**/*
⚙️ CodeRabbit configuration file
**/*: # Code Review Instructions
- Ensure the code follows best practices and coding standards. - For Python code, follow
PEP 20 and
PEP 8 for style guidelines.- Check for security vulnerabilities and potential issues. - Python methods should use type hints for all parameters and return values (except for return values of
None,
in that situation no return type hint is needed).
Example:def my_function(param1: int, param2: str) -> bool: pass- For Python exception handling, ensure proper stack trace preservation:
- When re-raising exceptions: use bare
raisestatements to maintain the original stack trace,
and uselogger.error()(notlogger.exception()) to avoid duplicate stack trace output.- When catching and logging exceptions without re-raising: always use
logger.exception()
to capture the full stack trace information.Documentation Review Instructions - Verify that documentation and comments are clear and comprehensive. - Verify that the documentation doesn't contain any TODOs, FIXMEs or placeholder text like "lorem ipsum". - Verify that the documentation doesn't contain any offensive or outdated terms. - Verify that documentation and comments are free of spelling mistakes, ensure the documentation doesn't contain any
words listed in the
ci/vale/styles/config/vocabularies/nat/reject.txtfile, words that might appear to be
spelling mistakes but are listed in theci/vale/styles/config/vocabularies/nat/accept.txtfile are OK.Misc. - All code (except .mdc files that contain Cursor rules) should be licensed under the Apache License 2.0,
and should contain an Apache License 2.0 header comment at the top of each file.
- Confirm that copyright years are up-to date whenever a file is changed.
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/run_nat_with_OTEL.shexamples/frameworks/strands_demo/bedrock_agentcore/scripts/run_nat_no_OTEL.shexamples/frameworks/strands_demo/bedrock_agentcore/scripts/get_agentcore_runtime_id.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/Dockerfileexamples/frameworks/strands_demo/bedrock_agentcore/README.mdexamples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/test_nat.py
examples/**/*
⚙️ CodeRabbit configuration file
examples/**/*: - This directory contains example code and usage scenarios for the toolkit, at a minimum an example should
contain a README.md or file README.ipynb.
- If an example contains Python code, it should be placed in a subdirectory named
src/and should
contain apyproject.tomlfile. Optionally, it might also contain scripts in ascripts/directory.- If an example contains YAML files, they should be placed in a subdirectory named
configs/. - If an example contains sample data files, they should be placed in a subdirectory nameddata/, and should
be checked into git-lfs.
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/run_nat_with_OTEL.shexamples/frameworks/strands_demo/bedrock_agentcore/scripts/run_nat_no_OTEL.shexamples/frameworks/strands_demo/bedrock_agentcore/scripts/get_agentcore_runtime_id.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/Dockerfileexamples/frameworks/strands_demo/bedrock_agentcore/README.mdexamples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/test_nat.py
**/*.{md,rst,py}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Use 'NVIDIA NeMo Agent toolkit' on first use, then 'NeMo Agent toolkit' for subsequent references
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/get_agentcore_runtime_id.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/README.mdexamples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/test_nat.py
**/*.{py,toml,yaml,yml}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Use abbreviations: 'nat' for API namespace and CLI tool, 'nvidia-nat' for package name, 'NAT' for environment variable prefixes and informal comments
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/get_agentcore_runtime_id.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/test_nat.py
**/*.py
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
**/*.py: Follow PEP 20 and PEP 8 for Python style guidelines
Run yapf second (PEP 8 base, column_limit = 120) for Python formatting
Use ruff check --fix (via pre-commit) for linting using configuration embedded in pyproject.toml, fix warnings unless explicitly ignored
Use snake_case for functions and variables, PascalCase for classes, UPPER_CASE for constants
All public APIs require Python 3.11+ type hints on parameters and return values
Prefer collections.abc / typing abstractions (Sequence over list) for type hints
Use typing.Annotated for units or extra metadata when useful
Treat pyright warnings (configured in pyproject.toml) as errors during development
Preserve stack traces and prevent duplicate logging when handling exceptions; use bare raise statements and logger.error() when re-raising
When catching and logging exceptions without re-raising, always use logger.exception() to capture the full stack trace information
Provide Google-style docstrings for every public module, class, function and CLI command
The first line of docstrings must be a concise description ending with a period (Vale checks this)
Surround code entities with backticks in docstrings to avoid Vale false-positives
Validate and sanitise all user input, especially in web or CLI interfaces
Prefer httpx with SSL verification enabled by default and follow OWASP Top-10 recommendations
Use async/await for I/O-bound work (HTTP, DB, file reads)
Cache expensive computations with functools.lru_cache or an external cache when appropriate
Leverage NumPy vectorised operations whenever beneficial and feasible
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/get_agentcore_runtime_id.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/test_nat.py
**/*.{py,js,ts,yaml,yml,json,md,rst}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Indent with 4 spaces, never tabs, and ensure every file ends with a single newline
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/get_agentcore_runtime_id.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/README.mdexamples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/test_nat.py
**/*.{py,env,toml,yaml,yml,json}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Never commit API keys, credentials or personal data; use environment variables or .env files excluded from Git
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/get_agentcore_runtime_id.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/test_nat.py
**/*.{py,js,ts,java,cpp,c,go,rb,php}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Every file must start with the standard SPDX Apache-2.0 header
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/get_agentcore_runtime_id.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/test_nat.py
**/*.{py,md,rst}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Version numbers are derived automatically by setuptools-scm; never hard-code them in code or docs
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/get_agentcore_runtime_id.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/deploy_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/README.mdexamples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/scripts/test_nat.py
**/*.{md,rst}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Use 'NeMo Agent Toolkit' (capitalize 'T') when the name appears in headings
Files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
**/test_*.py
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
**/test_*.py: Use pytest with pytest-asyncio for asynchronous code testing
Test functions should be named using the test_ prefix, using snake_case
Extract frequently repeated code into pytest fixtures, which should be named using the fixture_ prefix and define the name argument in the decorator
Mock external services with pytest_httpserver or unittest.mock instead of hitting live endpoints
Mark slow tests with @pytest.mark.slow so they can be skipped in the default test suite
Mark integration tests requiring external services with @pytest.mark.integration so they can be skipped in the default test suite
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/test_nat.py
🧠 Learnings (7)
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: src/nat/**/* contains core functionality and changes should prioritize backward compatibility
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/run_nat_no_OTEL.sh
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to **/*.{md,rst,py} : Use 'NVIDIA NeMo Agent toolkit' on first use, then 'NeMo Agent toolkit' for subsequent references
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: CI fails if formatting is wrong; run pre-commit run --all-files locally before pushing
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Never commit code that fails pre-commit run --all-files or ci/scripts/run_ci_local.sh check
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to **/*.{py,toml,yaml,yml} : Use abbreviations: 'nat' for API namespace and CLI tool, 'nvidia-nat' for package name, 'NAT' for environment variable prefixes and informal comments
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to **/*.{md,rst} : Use 'NeMo Agent Toolkit' (capitalize 'T') when the name appears in headings
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-08-22T20:29:13.433Z
Learnt from: AnuradhaKaruppiah
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 701
File: examples/evaluation_and_profiling/simple_calculator_eval/src/nat_simple_calculator_eval/configs/config-with-custom-post-process.yml:16-18
Timestamp: 2025-08-22T20:29:13.433Z
Learning: In the NeMo-Agent-Toolkit project, configuration consistency across example files is prioritized over removing unused config options, even when those options aren't currently implemented in the runtime.
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
🪛 LanguageTool
examples/frameworks/strands_demo/bedrock_agentcore/README.md
[grammar] ~55-~55: Ensure spelling is correct
Context: ...t.region) ``` ### Set Account for local configurion Replacce <YOUR_ACCOUNT_ID HERE> with your AWS ac...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
🪛 markdownlint-cli2 (0.18.1)
examples/frameworks/strands_demo/bedrock_agentcore/README.md
37-37: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
66-66: Multiple headings with the same content
(MD024, no-duplicate-heading)
482-482: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
685-685: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🪛 Shellcheck (0.11.0)
examples/frameworks/strands_demo/bedrock_agentcore/scripts/run_nat_with_OTEL.sh
[error] 16-16: The shebang must be on the first line. Delete blanks and move comments.
(SC1128)
[warning] 25-25: Declare and assign separately to avoid masking return values.
(SC2155)
examples/frameworks/strands_demo/bedrock_agentcore/scripts/run_nat_no_OTEL.sh
[error] 16-16: The shebang must be on the first line. Delete blanks and move comments.
(SC1128)
[warning] 25-25: Declare and assign separately to avoid masking return values.
(SC2155)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: CI Pipeline / Check
🔇 Additional comments (5)
examples/frameworks/strands_demo/bedrock_agentcore/.dockerignore (1)
1-20: Docker context pruning looks good; confirm you don’t need Markdown/docs in the image.Ignoring
*.md,docs, andtestswill keep the build context small and clean, but it also means README and other docs won’t be present in the container. If you expect to inspect example docs from inside the container, consider relaxing the*.mdordocspatterns; otherwise this setup is fine for a runtime-only image.examples/frameworks/strands_demo/bedrock_agentcore/Dockerfile (1)
63-112: I apologize—the repository cloning failed, preventing me from accessing the codebase directly. However, I can still assess the technical validity of the review comment based on the specific claims made, as they relate to well-established Docker and shell scripting practices.Let me analyze what can be determined:
Issue 1: ENTRYPOINT shell compatibility
- The claim that
/bin/shdoesn't support[[ ... ]]andset -o pipefailis technically correct. These are bash-specific features;/bin/shon most Linux distros (like Alpine, Debian) points todash, which lacks these.- This is a legitimate compatibility issue if the referenced script actually uses these features.
Issue 2: Region environment variable
- AWS tooling (boto3, AWS CLI) officially recognize
AWS_DEFAULT_REGIONandAWS_REGION, notREGION.- Setting
REGION="us-west-2"without wiring it to the AWS-standard variables would indeed cause boto3 clients to potentially use default regions or fail.Issue 3: Hard-coded runtime ID
- The Dockerfile snippet shows hard-coded values like
strands_test_demo-oNUmOg6xk0in OTEL environment variables.- The concern about this conflicting with dynamic discovery in Python scripts is plausible for a runtime management system.
Since I cannot access the actual script to verify these specific claims against the code, I must mark this as needing verification:
Fix shell/ENTRYPOINT mismatch and avoid hard-coded runtime ID/region inconsistencies.
There are a few related issues in the runtime section:
ENTRYPOINT uses
shbut the script may use bash-only features.
Ifrun_nat_with_OTEL.shrelies on[[ ... ]]orset -o pipefail, usingsh(which resolves todashon many distros) will cause startup failures.Recommended fix:
ENTRYPOINT ["bash", "-c", "exec /workspace/examples/frameworks/strands_demo/bedrock_agentcore/scripts/run_nat_with_OTEL.sh"]Region environment variable mismatch.
SettingENV REGION="us-west-2"is non-standard. AWS tooling (boto3, AWS CLI) readAWS_DEFAULT_REGIONorAWS_REGION. Wire them together:ENV REGION="us-west-2" ENV AWS_DEFAULT_REGION="${REGION}" ENV AWS_REGION="${REGION}"Hard-coded runtime ID in OTEL configuration.
The valuesstrands_test_demo-oNUmOg6xk0are baked into the image, which conflicts with dynamic runtime-id discovery. Pass runtime ID at deploy time instead:ENV AGENTCORE_RUNTIME_ID="<agentcore-runtime-id>" ENV OTEL_RESOURCE_ATTRIBUTES="service.name=nat_test_agent,aws.log.group.names=/aws/bedrock-agentcore/runtimes/${AGENTCORE_RUNTIME_ID}" ENV OTEL_EXPORTER_OTLP_LOGS_HEADERS="x-aws-log-group=/aws/bedrock-agentcore/runtimes/${AGENTCORE_RUNTIME_ID},x-aws-log-stream=otel-rt-logs,x-aws-metric-namespace=strands_demo"examples/frameworks/strands_demo/bedrock_agentcore/scripts/test_nat.py (1)
21-45: Based on my investigation attempts, I'm unable to access the NVIDIA/NeMo-Agent-Toolkit repository directly due to clone failures. However, I can assess the review comment based on the technical merits of the code pattern it identifies.The review comment identifies a legitimate Python programming issue: the potential for an
UnboundLocalErrorwhenruntime_idis used outside a conditional loop without prior initialization. This is a valid pattern vulnerability regardless of the specific file state.Given that manual verification of the repository is not currently possible, but the technical analysis is sound, here is my rewritten review comment:
Guard against unbound
runtime_idbefore invoking the agent.The variable
runtime_idis only defined inside the conditional loop:for runtime in cresponse['agentRuntimes']: if runtime['agentRuntimeName'] == RUNTIME_NAME: runtime_id = runtime['agentRuntimeId'] print(f"Found runtime ID: {runtime_id}") breakbut it's used unconditionally when constructing
agentRuntimeArn. If no runtime named"strands-demo"exists, this will raiseUnboundLocalError.Harden this by initializing
runtime_idand validating it:runtime_id: str | None = None for runtime in cresponse.get("agentRuntimes", []): if runtime.get("agentRuntimeName") == RUNTIME_NAME: runtime_id = runtime["agentRuntimeId"] print(f"Found runtime ID: {runtime_id}") break if runtime_id is None: raise RuntimeError(f'No agent runtime found with name "{RUNTIME_NAME}"') agent_runtime_arn = ( f"arn:aws:bedrock-agentcore:{AWS_REGION}:{AWS_ACCOUNT_ID}:runtime/{runtime_id}" ) response = client.invoke_agent_runtime( agentRuntimeArn=agent_runtime_arn, payload=payload, qualifier="DEFAULT", )If similar lookup logic exists across multiple scripts, consider extracting it into a shared helper function to maintain consistency.
examples/frameworks/strands_demo/bedrock_agentcore/README.md (2)
37-39: Add language identifier to fenced code block.The fenced code block on line 37 contains a URL and is missing a language identifier, which triggers markdownlint MD040. Add a language identifier to fix this.
Apply this diff:
-``` +```text https://docs.nvidia.com/nemo/agent-toolkit/1.2/quick-start/installing.html -``` +```text⛔ Skipped due to learnings
Learnt from: CR Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0 File: .cursor/rules/general.mdc:0-0 Timestamp: 2025-11-24T18:56:53.109Z Learning: Applies to **/*.{md,rst,py} : Use 'NVIDIA NeMo Agent toolkit' on first use, then 'NeMo Agent toolkit' for subsequent references
896-902: Ensure file ends with single newline.The review comment correctly enforces a required project standard. Per coding guidelines, all files matching
**/*.{md,rst,py}must end with exactly one newline character. This requirement is validated by CI.Verify and fix locally before pushing:
printf '%s\n' "$(cat examples/frameworks/strands_demo/bedrock_agentcore/README.md)" > examples/frameworks/strands_demo/bedrock_agentcore/README.md pre-commit run --all-files
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py
Show resolved
Hide resolved
Signed-off-by: Bryan Bednarski <[email protected]>
Signed-off-by: Bryan Bednarski <[email protected]>
Signed-off-by: Bryan Bednarski <[email protected]>
There was a problem hiding this comment.
Actionable comments posted: 3
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
examples/frameworks/strands_demo/bedrock_agentcore/README.md (1)
472-483: Add blank lines around the permissions table.The permissions breakdown table should be surrounded by blank lines to comply with MD058 markdown linting rules.
Ensure there's a blank line before line 474 and after line 482:
The role includes the following permission sets: + | Permission Set | Purpose | |---------------|---------| | **Bedrock Model Access** | Invoke foundation models for AI/ML operations | | **ECR Access** | Pull container images for runtime deployment | | **CloudWatch Logs** | Create log groups/streams and write application logs | | **X-Ray Tracing** | Send distributed tracing data for observability | | **CloudWatch Metrics** | Publish custom metrics to CloudWatch | | **Workload Identity** | Access workload identity tokens for authentication | | **Secrets Manager** | Access the `secret:nvidia-api-credentials` key in Secrets Manager | + ---
🧹 Nitpick comments (2)
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py (2)
20-29: Remove commented-out placeholder code.Lines 22 and 29 contain commented-out code from the previous implementation. These leftovers add clutter and should be removed now that the refactoring to environment-based and dynamic discovery is complete.
Apply this diff:
# Configuration CONTAINER_IMAGE = 'strands-demo:latest' -# IAM_AGENTCORE_ROLE = '<IAM_AGENTCORE_ROLE>' AWS_REGION = os.environ['AWS_DEFAULT_REGION'] AWS_ACCOUNT_ID = os.environ['AWS_ACCOUNT_ID'] IAM_AGENTCORE_ROLE = f'arn:aws:iam::{os.environ.get("AWS_ACCOUNT_ID")}:role/AgentCore_NAT' RUNTIME_NAME = "strands-demo" -#AGENT_RUNTIME_ID = os.environ['AGENT_RUNTIME_ARN']
44-54: Consider reusing the boto3 client.Line 44 creates a second
bedrock-agentcore-controlclient, but you already created one on line 31 (cclient). You can reuse the same client for theupdate_agent_runtimecall to avoid unnecessary overhead.Apply this diff:
-client = boto3.client('bedrock-agentcore-control', region_name=AWS_REGION) - -response = client.update_agent_runtime(agentRuntimeId=runtime_id, +response = cclient.update_agent_runtime(agentRuntimeId=runtime_id, agentRuntimeArtifact={
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
examples/frameworks/strands_demo/bedrock_agentcore/README.md(16 hunks)examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py(1 hunks)
🧰 Additional context used
📓 Path-based instructions (11)
**/*.{md,rst,py}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Use 'NVIDIA NeMo Agent toolkit' on first use, then 'NeMo Agent toolkit' for subsequent references
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/README.md
**/*.{py,toml,yaml,yml}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Use abbreviations: 'nat' for API namespace and CLI tool, 'nvidia-nat' for package name, 'NAT' for environment variable prefixes and informal comments
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py
**/*.py
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
**/*.py: Follow PEP 20 and PEP 8 for Python style guidelines
Run yapf second (PEP 8 base, column_limit = 120) for Python formatting
Use ruff check --fix (via pre-commit) for linting using configuration embedded in pyproject.toml, fix warnings unless explicitly ignored
Use snake_case for functions and variables, PascalCase for classes, UPPER_CASE for constants
All public APIs require Python 3.11+ type hints on parameters and return values
Prefer collections.abc / typing abstractions (Sequence over list) for type hints
Use typing.Annotated for units or extra metadata when useful
Treat pyright warnings (configured in pyproject.toml) as errors during development
Preserve stack traces and prevent duplicate logging when handling exceptions; use bare raise statements and logger.error() when re-raising
When catching and logging exceptions without re-raising, always use logger.exception() to capture the full stack trace information
Provide Google-style docstrings for every public module, class, function and CLI command
The first line of docstrings must be a concise description ending with a period (Vale checks this)
Surround code entities with backticks in docstrings to avoid Vale false-positives
Validate and sanitise all user input, especially in web or CLI interfaces
Prefer httpx with SSL verification enabled by default and follow OWASP Top-10 recommendations
Use async/await for I/O-bound work (HTTP, DB, file reads)
Cache expensive computations with functools.lru_cache or an external cache when appropriate
Leverage NumPy vectorised operations whenever beneficial and feasible
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py
**/*.{py,js,ts,yaml,yml,json,md,rst}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Indent with 4 spaces, never tabs, and ensure every file ends with a single newline
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/README.md
**/*.{py,env,toml,yaml,yml,json}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Never commit API keys, credentials or personal data; use environment variables or .env files excluded from Git
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py
**/*.{py,js,ts,java,cpp,c,go,rb,php}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Every file must start with the standard SPDX Apache-2.0 header
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py
**/*.{py,md,rst}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Version numbers are derived automatically by setuptools-scm; never hard-code them in code or docs
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/README.md
**/*.{py,js,ts,java,cpp,c,go,rb,php,sh}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
All source files must include the SPDX Apache-2.0 header template
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py
**/*
⚙️ CodeRabbit configuration file
**/*: # Code Review Instructions
- Ensure the code follows best practices and coding standards. - For Python code, follow
PEP 20 and
PEP 8 for style guidelines.- Check for security vulnerabilities and potential issues. - Python methods should use type hints for all parameters and return values (except for return values of
None,
in that situation no return type hint is needed).
Example:def my_function(param1: int, param2: str) -> bool: pass- For Python exception handling, ensure proper stack trace preservation:
- When re-raising exceptions: use bare
raisestatements to maintain the original stack trace,
and uselogger.error()(notlogger.exception()) to avoid duplicate stack trace output.- When catching and logging exceptions without re-raising: always use
logger.exception()
to capture the full stack trace information.Documentation Review Instructions - Verify that documentation and comments are clear and comprehensive. - Verify that the documentation doesn't contain any TODOs, FIXMEs or placeholder text like "lorem ipsum". - Verify that the documentation doesn't contain any offensive or outdated terms. - Verify that documentation and comments are free of spelling mistakes, ensure the documentation doesn't contain any
words listed in the
ci/vale/styles/config/vocabularies/nat/reject.txtfile, words that might appear to be
spelling mistakes but are listed in theci/vale/styles/config/vocabularies/nat/accept.txtfile are OK.Misc. - All code (except .mdc files that contain Cursor rules) should be licensed under the Apache License 2.0,
and should contain an Apache License 2.0 header comment at the top of each file.
- Confirm that copyright years are up-to date whenever a file is changed.
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/README.md
examples/**/*
⚙️ CodeRabbit configuration file
examples/**/*: - This directory contains example code and usage scenarios for the toolkit, at a minimum an example should
contain a README.md or file README.ipynb.
- If an example contains Python code, it should be placed in a subdirectory named
src/and should
contain apyproject.tomlfile. Optionally, it might also contain scripts in ascripts/directory.- If an example contains YAML files, they should be placed in a subdirectory named
configs/. - If an example contains sample data files, they should be placed in a subdirectory nameddata/, and should
be checked into git-lfs.
Files:
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.pyexamples/frameworks/strands_demo/bedrock_agentcore/README.md
**/*.{md,rst}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Use 'NeMo Agent Toolkit' (capitalize 'T') when the name appears in headings
Files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
🧠 Learnings (10)
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to **/*.{md,rst,py} : Use 'NVIDIA NeMo Agent toolkit' on first use, then 'NeMo Agent toolkit' for subsequent references
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: CI fails if formatting is wrong; run pre-commit run --all-files locally before pushing
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Never commit code that fails pre-commit run --all-files or ci/scripts/run_ci_local.sh check
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-08-25T15:24:13.143Z
Learnt from: willkill07
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 710
File: .coderabbit.yaml:33-33
Timestamp: 2025-08-25T15:24:13.143Z
Learning: User feedback indicates that CodeRabbit's chat commands, particularly `coderabbitai review` for manual incremental reviews, need better documentation and discoverability within repositories, especially when auto_incremental_review is disabled.
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to **/*.{py,toml,yaml,yml} : Use abbreviations: 'nat' for API namespace and CLI tool, 'nvidia-nat' for package name, 'NAT' for environment variable prefixes and informal comments
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to **/*.{md,rst} : Use 'NeMo Agent Toolkit' (capitalize 'T') when the name appears in headings
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:07.172Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/cursor-rules.mdc:0-0
Timestamp: 2025-11-24T18:56:07.172Z
Learning: Applies to .cursor/rules/**/*.mdc : Reference the documentation section in main rules instead of directly linking to documentation
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to packages/*/pyproject.toml : The pyproject.toml should declare a dependency on nvidia-nat or another package with a name starting with nvidia-nat-
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-10T21:26:35.059Z
Learnt from: jiaxiangr
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 974
File: packages/nvidia_nat_all/pyproject.toml:39-39
Timestamp: 2025-11-10T21:26:35.059Z
Learning: In packages/nvidia_nat_all/pyproject.toml, workspace dependencies (nvidia-nat-* plugin packages) should NOT have version constraints because they are managed as workspace dependencies. Version constraints are only applied to the base nvidia-nat package and external dependencies, not to internal workspace packages.
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-08-22T20:29:13.433Z
Learnt from: AnuradhaKaruppiah
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 701
File: examples/evaluation_and_profiling/simple_calculator_eval/src/nat_simple_calculator_eval/configs/config-with-custom-post-process.yml:16-18
Timestamp: 2025-08-22T20:29:13.433Z
Learning: In the NeMo-Agent-Toolkit project, configuration consistency across example files is prioritized over removing unused config options, even when those options aren't currently implemented in the runtime.
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
🪛 markdownlint-cli2 (0.18.1)
examples/frameworks/strands_demo/bedrock_agentcore/README.md
37-37: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
482-482: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
🪛 Ruff (0.14.6)
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py
42-42: Avoid specifying long messages outside the exception class
(TRY003)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: CI Pipeline / Check
🔇 Additional comments (1)
examples/frameworks/strands_demo/bedrock_agentcore/scripts/update_nat.py (1)
31-42: LGTM! Runtime discovery logic is robust.The dynamic runtime discovery properly addresses the UnboundLocalError issue from previous reviews. The implementation correctly initializes
runtime_idwith a type hint, uses safe dictionary access, and fails fast with a clear error message if no matching runtime is found.
Signed-off-by: Bryan Bednarski <[email protected]>
Signed-off-by: Bryan Bednarski <[email protected]>
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
examples/frameworks/strands_demo/bedrock_agentcore/README.md (1)
474-482: Add blank lines around table per MD058.The table starting at line 474 needs a blank line above it (after line 473) and below it (after line 481) to comply with markdown linting rules.
Apply this diff:
| Permission Set | Purpose | |---------------|---------| | **Bedrock Model Access** | Invoke foundation models for AI/ML operations | | **ECR Access** | Pull container images for runtime deployment | | **CloudWatch Logs** | Create log groups/streams and write application logs | | **X-Ray Tracing** | Send distributed tracing data for observability | | **CloudWatch Metrics** | Publish custom metrics to CloudWatch | | **Workload Identity** | Access workload identity tokens for authentication | | **Secrets Manager** | Access the `secret:nvidia-api-credentials` key in Secrets Manager | + ---
♻️ Duplicate comments (1)
examples/frameworks/strands_demo/bedrock_agentcore/README.md (1)
76-84: Fix placeholder reference mismatch.Line 80 uses the placeholder
<YOUR NVIDIA API KEY HERE>(with angle brackets), but the instruction on line 84 refers toYOUR NVIDIA API KEY HERE(without angle brackets). Align them so users follow the exact placeholder from the command.Apply this diff:
-Replace `YOUR NVIDIA API KEY HERE` with your actual NVIDIA API key. +Replace `<YOUR NVIDIA API KEY HERE>` with your actual NVIDIA API key.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
examples/frameworks/strands_demo/bedrock_agentcore/README.md(16 hunks)
🧰 Additional context used
📓 Path-based instructions (6)
**/*.{md,rst,py}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Use 'NVIDIA NeMo Agent toolkit' on first use, then 'NeMo Agent toolkit' for subsequent references
Files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
**/*.{md,rst}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Use 'NeMo Agent Toolkit' (capitalize 'T') when the name appears in headings
Files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
**/*.{py,js,ts,yaml,yml,json,md,rst}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Indent with 4 spaces, never tabs, and ensure every file ends with a single newline
Files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
**/*.{py,md,rst}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Version numbers are derived automatically by setuptools-scm; never hard-code them in code or docs
Files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
**/*
⚙️ CodeRabbit configuration file
**/*: # Code Review Instructions
- Ensure the code follows best practices and coding standards. - For Python code, follow
PEP 20 and
PEP 8 for style guidelines.- Check for security vulnerabilities and potential issues. - Python methods should use type hints for all parameters and return values (except for return values of
None,
in that situation no return type hint is needed).
Example:def my_function(param1: int, param2: str) -> bool: pass- For Python exception handling, ensure proper stack trace preservation:
- When re-raising exceptions: use bare
raisestatements to maintain the original stack trace,
and uselogger.error()(notlogger.exception()) to avoid duplicate stack trace output.- When catching and logging exceptions without re-raising: always use
logger.exception()
to capture the full stack trace information.Documentation Review Instructions - Verify that documentation and comments are clear and comprehensive. - Verify that the documentation doesn't contain any TODOs, FIXMEs or placeholder text like "lorem ipsum". - Verify that the documentation doesn't contain any offensive or outdated terms. - Verify that documentation and comments are free of spelling mistakes, ensure the documentation doesn't contain any
words listed in the
ci/vale/styles/config/vocabularies/nat/reject.txtfile, words that might appear to be
spelling mistakes but are listed in theci/vale/styles/config/vocabularies/nat/accept.txtfile are OK.Misc. - All code (except .mdc files that contain Cursor rules) should be licensed under the Apache License 2.0,
and should contain an Apache License 2.0 header comment at the top of each file.
- Confirm that copyright years are up-to date whenever a file is changed.
Files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
examples/**/*
⚙️ CodeRabbit configuration file
examples/**/*: - This directory contains example code and usage scenarios for the toolkit, at a minimum an example should
contain a README.md or file README.ipynb.
- If an example contains Python code, it should be placed in a subdirectory named
src/and should
contain apyproject.tomlfile. Optionally, it might also contain scripts in ascripts/directory.- If an example contains YAML files, they should be placed in a subdirectory named
configs/. - If an example contains sample data files, they should be placed in a subdirectory nameddata/, and should
be checked into git-lfs.
Files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
🧠 Learnings (11)
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to **/*.{md,rst,py} : Use 'NVIDIA NeMo Agent toolkit' on first use, then 'NeMo Agent toolkit' for subsequent references
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: CI fails if formatting is wrong; run pre-commit run --all-files locally before pushing
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Never commit code that fails pre-commit run --all-files or ci/scripts/run_ci_local.sh check
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-08-25T15:24:13.143Z
Learnt from: willkill07
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 710
File: .coderabbit.yaml:33-33
Timestamp: 2025-08-25T15:24:13.143Z
Learning: User feedback indicates that CodeRabbit's chat commands, particularly `coderabbitai review` for manual incremental reviews, need better documentation and discoverability within repositories, especially when auto_incremental_review is disabled.
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to **/*.{py,toml,yaml,yml} : Use abbreviations: 'nat' for API namespace and CLI tool, 'nvidia-nat' for package name, 'NAT' for environment variable prefixes and informal comments
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to **/*.{md,rst} : Use 'NeMo Agent Toolkit' (capitalize 'T') when the name appears in headings
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:07.172Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/cursor-rules.mdc:0-0
Timestamp: 2025-11-24T18:56:07.172Z
Learning: Applies to .cursor/rules/**/*.mdc : Reference the documentation section in main rules instead of directly linking to documentation
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to docs/**/*.{md,rst} : Never use deprecated names: Agent Intelligence toolkit, aiqtoolkit, AgentIQ, AIQ/aiq in documentation (unless intentionally referring to deprecated versions)
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to packages/*/pyproject.toml : The pyproject.toml should declare a dependency on nvidia-nat or another package with a name starting with nvidia-nat-
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-10T21:26:35.059Z
Learnt from: jiaxiangr
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 974
File: packages/nvidia_nat_all/pyproject.toml:39-39
Timestamp: 2025-11-10T21:26:35.059Z
Learning: In packages/nvidia_nat_all/pyproject.toml, workspace dependencies (nvidia-nat-* plugin packages) should NOT have version constraints because they are managed as workspace dependencies. Version constraints are only applied to the base nvidia-nat package and external dependencies, not to internal workspace packages.
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-08-22T20:29:13.433Z
Learnt from: AnuradhaKaruppiah
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 701
File: examples/evaluation_and_profiling/simple_calculator_eval/src/nat_simple_calculator_eval/configs/config-with-custom-post-process.yml:16-18
Timestamp: 2025-08-22T20:29:13.433Z
Learning: In the NeMo-Agent-Toolkit project, configuration consistency across example files is prioritized over removing unused config options, even when those options aren't currently implemented in the runtime.
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
🪛 markdownlint-cli2 (0.18.1)
examples/frameworks/strands_demo/bedrock_agentcore/README.md
482-482: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
🔇 Additional comments (2)
examples/frameworks/strands_demo/bedrock_agentcore/README.md (2)
638-645: Verify and document IAM resource ARN scope.The resource ARN on line 644 uses wildcards for region and account (
arn:aws:secretsmanager:*:*:secret:nvidia-api-credentials), which violates least-privilege principles. A previous review flagged this for scoping to your specific region and account. If this wildcard scope is intentional for your use case, add a comment explaining why; otherwise, replace witharn:aws:secretsmanager:<region>:<account>:secret:nvidia-api-credentials-*and update the documentation to guide users on replacing<region>and<account>with their actual values.
19-39: Approve updated documentation structure and toolkit naming.The README correctly uses "NVIDIA NeMo Agent toolkit (NAT)" on first mention (line 21) per coding guidelines, and subsequent references use the lowercase variant. Code blocks have proper language identifiers (line 37:
text). The reordering of content to emphasize environment variables and runtime configuration aligns well with the PR's shift to runtime-based secret handling.
Signed-off-by: Bryan Bednarski <[email protected]>
There was a problem hiding this comment.
Actionable comments posted: 2
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
examples/frameworks/strands_demo/bedrock_agentcore/README.md (1)
470-475: Add blank line before table to comply with MD058 markdown linting rule.Markdown tables should be surrounded by blank lines. Add a blank line before the permission table:
Apply this diff:
The role includes the following permission sets: + | Permission Set | Purpose |
♻️ Duplicate comments (3)
examples/frameworks/strands_demo/bedrock_agentcore/README.md (3)
80-84: Fix placeholder reference to match the command format.Line 80 uses
<YOUR NVIDIA API KEY HERE>with angle brackets, but line 84's instruction omits them. Update the instruction to match:Apply this diff:
-Replace `YOUR NVIDIA API KEY HERE` with your actual NVIDIA API key. +Replace `<YOUR NVIDIA API KEY HERE>` with your actual NVIDIA API key.
62-62: Add missing colon after step number.Consistent with other numbered steps, this heading should read
## Step 3: Create ...instead of## Step 3 Create ....Apply this diff:
-## Step 3 Create AWS Secrets Manager entry for NVIDIA_API_KEY +## Step 3: Create AWS Secrets Manager entry for NVIDIA_API_KEY
644-644: Scope IAM policy resource ARN to specific region and account.The resource ARN uses wildcards for region and account, violating least-privilege access. Scope it to your specific AWS environment:
Apply this diff:
- "Resource": "arn:aws:secretsmanager:*:*:secret:nvidia-api-credentials" + "Resource": "arn:aws:secretsmanager:<AWS_REGION>:<AWS_ACCOUNT_ID>:secret:nvidia-api-credentials-*"The
-*suffix at the end is required by AWS Secrets Manager ARN format (AWS appends a 6-character random string).
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
examples/frameworks/strands_demo/bedrock_agentcore/README.md(15 hunks)
🧰 Additional context used
📓 Path-based instructions (6)
**/*.{md,rst,py}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Use 'NVIDIA NeMo Agent toolkit' on first use, then 'NeMo Agent toolkit' for subsequent references
Files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
**/*.{md,rst}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Use 'NeMo Agent Toolkit' (capitalize 'T') when the name appears in headings
Files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
**/*.{py,js,ts,yaml,yml,json,md,rst}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Indent with 4 spaces, never tabs, and ensure every file ends with a single newline
Files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
**/*.{py,md,rst}
📄 CodeRabbit inference engine (.cursor/rules/general.mdc)
Version numbers are derived automatically by setuptools-scm; never hard-code them in code or docs
Files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
**/*
⚙️ CodeRabbit configuration file
**/*: # Code Review Instructions
- Ensure the code follows best practices and coding standards. - For Python code, follow
PEP 20 and
PEP 8 for style guidelines.- Check for security vulnerabilities and potential issues. - Python methods should use type hints for all parameters and return values (except for return values of
None,
in that situation no return type hint is needed).
Example:def my_function(param1: int, param2: str) -> bool: pass- For Python exception handling, ensure proper stack trace preservation:
- When re-raising exceptions: use bare
raisestatements to maintain the original stack trace,
and uselogger.error()(notlogger.exception()) to avoid duplicate stack trace output.- When catching and logging exceptions without re-raising: always use
logger.exception()
to capture the full stack trace information.Documentation Review Instructions - Verify that documentation and comments are clear and comprehensive. - Verify that the documentation doesn't contain any TODOs, FIXMEs or placeholder text like "lorem ipsum". - Verify that the documentation doesn't contain any offensive or outdated terms. - Verify that documentation and comments are free of spelling mistakes, ensure the documentation doesn't contain any
words listed in the
ci/vale/styles/config/vocabularies/nat/reject.txtfile, words that might appear to be
spelling mistakes but are listed in theci/vale/styles/config/vocabularies/nat/accept.txtfile are OK.Misc. - All code (except .mdc files that contain Cursor rules) should be licensed under the Apache License 2.0,
and should contain an Apache License 2.0 header comment at the top of each file.
- Confirm that copyright years are up-to date whenever a file is changed.
Files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
examples/**/*
⚙️ CodeRabbit configuration file
examples/**/*: - This directory contains example code and usage scenarios for the toolkit, at a minimum an example should
contain a README.md or file README.ipynb.
- If an example contains Python code, it should be placed in a subdirectory named
src/and should
contain apyproject.tomlfile. Optionally, it might also contain scripts in ascripts/directory.- If an example contains YAML files, they should be placed in a subdirectory named
configs/. - If an example contains sample data files, they should be placed in a subdirectory nameddata/, and should
be checked into git-lfs.
Files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
🧠 Learnings (11)
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to **/*.{md,rst,py} : Use 'NVIDIA NeMo Agent toolkit' on first use, then 'NeMo Agent toolkit' for subsequent references
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: CI fails if formatting is wrong; run pre-commit run --all-files locally before pushing
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Never commit code that fails pre-commit run --all-files or ci/scripts/run_ci_local.sh check
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-08-25T15:24:13.143Z
Learnt from: willkill07
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 710
File: .coderabbit.yaml:33-33
Timestamp: 2025-08-25T15:24:13.143Z
Learning: User feedback indicates that CodeRabbit's chat commands, particularly `coderabbitai review` for manual incremental reviews, need better documentation and discoverability within repositories, especially when auto_incremental_review is disabled.
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to **/*.{py,toml,yaml,yml} : Use abbreviations: 'nat' for API namespace and CLI tool, 'nvidia-nat' for package name, 'NAT' for environment variable prefixes and informal comments
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to **/*.{md,rst} : Use 'NeMo Agent Toolkit' (capitalize 'T') when the name appears in headings
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:07.172Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/cursor-rules.mdc:0-0
Timestamp: 2025-11-24T18:56:07.172Z
Learning: Applies to .cursor/rules/**/*.mdc : Reference the documentation section in main rules instead of directly linking to documentation
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to docs/**/*.{md,rst} : Never use deprecated names: Agent Intelligence toolkit, aiqtoolkit, AgentIQ, AIQ/aiq in documentation (unless intentionally referring to deprecated versions)
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-24T18:56:53.109Z
Learnt from: CR
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 0
File: .cursor/rules/general.mdc:0-0
Timestamp: 2025-11-24T18:56:53.109Z
Learning: Applies to packages/*/pyproject.toml : The pyproject.toml should declare a dependency on nvidia-nat or another package with a name starting with nvidia-nat-
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-11-10T21:26:35.059Z
Learnt from: jiaxiangr
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 974
File: packages/nvidia_nat_all/pyproject.toml:39-39
Timestamp: 2025-11-10T21:26:35.059Z
Learning: In packages/nvidia_nat_all/pyproject.toml, workspace dependencies (nvidia-nat-* plugin packages) should NOT have version constraints because they are managed as workspace dependencies. Version constraints are only applied to the base nvidia-nat package and external dependencies, not to internal workspace packages.
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
📚 Learning: 2025-08-22T20:29:13.433Z
Learnt from: AnuradhaKaruppiah
Repo: NVIDIA/NeMo-Agent-Toolkit PR: 701
File: examples/evaluation_and_profiling/simple_calculator_eval/src/nat_simple_calculator_eval/configs/config-with-custom-post-process.yml:16-18
Timestamp: 2025-08-22T20:29:13.433Z
Learning: In the NeMo-Agent-Toolkit project, configuration consistency across example files is prioritized over removing unused config options, even when those options aren't currently implemented in the runtime.
Applied to files:
examples/frameworks/strands_demo/bedrock_agentcore/README.md
🪛 markdownlint-cli2 (0.18.1)
examples/frameworks/strands_demo/bedrock_agentcore/README.md
482-482: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
🔇 Additional comments (1)
examples/frameworks/strands_demo/bedrock_agentcore/README.md (1)
19-21: First use of toolkit name is correctly formatted.Line 21 properly uses "NVIDIA NeMo Agent toolkit (NAT)" with lowercase 't' per guidelines.
|
/ok to test 16835ef |
|
/ok to test 16835ef |
|
/ok to test 16835ef |
|
/merge |
2 participants
Addresses use of env variables in AWS Strands example, specifically AgentCore docker build, scripts and readme. These have been updated to move env variables to runtime invocation
Description
Closes
By Submitting this PR I confirm:
Summary by CodeRabbit
Documentation
New Features
Improvements
✏️ Tip: You can customize this high-level summary in your review settings.