- /goal set|status|checkpoint|pause|resume|clear intercept in main.py
- GOAL.md injected into system prompt when active (prompt_builder.py)
- Goal context added to heartbeat for autonomous progress
- CDK: add compute/build, broad read-only, IAM self-modify (scoped to own role),
IAM policy management, and SSM read permissions to runtime1Role
- config.py: load /agent-claw/aws-mcp-url from SSM at cold start
- main.py: connect to AWS MCP Server with SigV4 auth (_AwsMcpSigV4Auth);
add request_iam_permission and apply_iam_permission tools
- agentcore.json: add EXECUTION_ROLE_ARN env var
- manage_mcp_connection tool: add/remove/enable/disable/list MCP servers
- mcp_loader: dynamic connection with OAuth/bearer/none auth, token caching
- Secrets stored in SSM, never in DynamoDB
- MCP clients loaded per-session and cleaned up in finally block
- New memory_manager.py with:
- check_and_compact: runs compaction on flagged sessions (extracts LTM via
Claude Haiku, stores as AgentCore Memory event, deletes old events)
- check_window_and_flag: sets DynamoDB flag when session > 100 events
- load_ltm: retrieves LTM extractions and formats as system prompt block
- Wired into main.py:
- Compaction runs before session_manager creation (trims old events)
- LTM block injected into system prompt
- Window check runs after session close
- SESSION_WINDOW_SIZE = 100 (named constant)
- Compaction is idempotent (uses event timestamps as cursor)
- LTM retrieval failure is non-fatal (logs and continues)
Inbound:
- tg-ingest detects document/photo/audio/video/voice attachments
- Downloads files via Telegram Bot API (getFile + download)
- Inlines small text files (<50KB) directly in the prompt
- Stores binary/large files to S3 (attachments/{chat_id}/{update_id}/{filename})
- agent-runner appends file context to the AgentCore prompt
Outbound:
- New send_file tool for the agent to send documents back to users
- TelegramAdapter.send_document uses multipart/form-data POST
- CDK grants tg-ingest S3 write access and passes bucket name env var
- Add workspace-mcp >= 1.20.0 to pyproject.toml (pulls google-api-python-client etc. transitively)
- Remove redundant google-api-python-client/google-auth/google-auth-httplib2 direct deps
- Rewrite google_workspace.py: single Secrets Manager call per tool (client_id/client_secret
are already in the credentials secret stored by oauth-handler, no separate oauth-client secret needed)
- Mirror workspace-mcp output format for list_calendars and get_calendar_events
- Add body_format param to get_gmail_message (text/html/raw) matching workspace-mcp API
- Update uv.lock
