Skip to content

feat: add VPC network mode support for agent runtimes#423

Closed
tejaskash wants to merge 1 commit intomainfrom
feat/vpc-network-mode
Closed

feat: add VPC network mode support for agent runtimes#423
tejaskash wants to merge 1 commit intomainfrom
feat/vpc-network-mode

Conversation

@tejaskash
Copy link
Contributor

@tejaskash tejaskash commented Feb 24, 2026
edited
Loading

Summary

  • Fix NetworkModeSchema: Correct enum values from PUBLIC | PRIVATE to PUBLIC | VPC to match the AWS API
  • Add VPC configuration schema: New NetworkConfigSchema with subnet/security group ID validation, cross-field validation (VPC mode requires networkConfig, PUBLIC mode rejects it)
  • Add CLI flags: --network-mode, --subnets, --security-groups for both create and add agent commands with shared validation utilities
  • Propagate VPC config: Schema mapper, GenerateConfig, and BYO agent path all pass VPC fields through to the AgentEnvSpec
  • Developer experience: Info messages in dev command and VPC Endpoint guidance in invoke command when agents use VPC mode
  • Tests: 23 new unit tests covering schema validation, CLI validation, and schema mapping for VPC configurations

Files changed (23)

Area Files Change
Schema constants.ts, agent-env.ts, llm-compacted/*.ts Fix enum, add NetworkConfig, update docs
Create cmd command.tsx, action.ts, validate.ts, types.ts Add VPC CLI flags and validation
Add cmd command.tsx, actions.ts, validate.ts, types.ts Add VPC CLI flags and validation
Dev cmd command.tsx VPC info message
Invoke cmd action.ts VPC Endpoint guidance warning
Shared shared/vpc-utils.ts (new) Consolidated VPC parsing and validation
Operations schema-mapper.ts, generate/types.ts Pass VPC fields through
Tests 6 test files 23 new VPC-related tests

Companion PR

CDK construct changes: https://github.com/aws/agentcore-l3-cdk-constructs/pull/54

Test plan

  • All 1776 unit tests pass (npm test)
  • TypeScript compiles clean (tsc --noEmit)
  • Lint passes with 0 errors
  • Prettier formatting verified
  • Manual test: agentcore create --name test --defaults --network-mode VPC --subnets subnet-xxx --security-groups sg-xxx --dry-run
  • Manual test: Deploy VPC-mode agent and verify CloudFormation template includes NetworkModeConfig
  • Manual test: Invoke VPC-mode agent from within VPC

@tejaskash
feat: add VPC network mode support for agent runtimes
eb8aee7 
Add support for deploying AgentCore Runtimes in VPC network mode,
enabling agents to run within customer VPCs with specified subnets
and security groups.

Changes:
- Fix NetworkModeSchema enum: PRIVATE → VPC to match AWS API
- Add NetworkConfigSchema with subnet/security group validation
- Add networkConfig field to AgentEnvSpec with cross-field validation
- Add --network-mode, --subnets, --security-groups CLI flags to
  create and add commands
- Extract shared VPC validation and parsing utilities
- Add VPC info messages to dev and invoke commands
- Update LLM-compacted schema documentation
- Add comprehensive unit tests for VPC validation
@tejaskash tejaskash requested a review from a team February 24, 2026 20:19
@github-actions github-actions bot added the size/l PR size: L label Feb 24, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Feb 24, 2026

Coverage Report

Status Category Percentage Covered / Total
🔵 Lines 44.06% 2988 / 6781
🔵 Statements 43.67% 3147 / 7206
🔵 Functions 45.88% 619 / 1349
🔵 Branches 48.76% 1957 / 4013
Generated in workflow #629 for commit eb8aee7 by the Vitest Coverage Report Action

@tejaskash
Copy link
Contributor Author

tejaskash commented Feb 24, 2026

Splitting into 3 stacked PRs for easier review.

@tejaskash tejaskash closed this Feb 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size/l PR size: L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tejaskash