daniel/agent-claw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
893c1107298ed0ad83c4aef1cb28466c9ab42976
agent-claw/cdk/cdk.out/AgentClawStack.template.json
daniel 893c110729 multi-tenant Phase 1: user registry + per-user memory 
- CDK: add agent-claw-users DynamoDB table (actor_id PK, RETAIN policy)
- CDK: grant agent-runner read/write on users table; add USERS_TABLE_NAME env
- CDK: fix cdk.json app field (was object, must be command string)
- CDK: add UsersTableName output
- agent-runner: get_or_create_user() auto-registers users on first contact
  (stores display_name, telegram_username, created_at, allowed)
- agent-runner: pass user_profile in AgentCore payload
- prompt_builder: split base prompt (cached) from per-user context (injected per-call)
  removes USER.md/MEMORY.md from shared load; user name/username injected dynamically
- main.py: extract user_profile from payload, build user_context string for prompt
2026-05-06 20:36:22 -05:00

885 lines
21 KiB
JSON
Raw Blame History

{
"Description": "agent-claw: serverless personal assistant on AgentCore",
"Resources": {
"SessionStore8C86EEFE": {
"Type": "AWS::DynamoDB::Table",
"Properties": {
"AttributeDefinitions": [
{
"AttributeName": "actor_id",
"AttributeType": "S"
}
],
"BillingMode": "PAY_PER_REQUEST",
"KeySchema": [
{
"AttributeName": "actor_id",
"KeyType": "HASH"
}
],
"TableName": "agent-claw-sessions",
"TimeToLiveSpecification": {
"AttributeName": "ttl",
"Enabled": true
}
},
"UpdateReplacePolicy": "Retain",
"DeletionPolicy": "Retain",
"Metadata": {
"aws:cdk:path": "AgentClawStack/SessionStore/Resource"
}
},
"UsersTable9725E9C8": {
"Type": "AWS::DynamoDB::Table",
"Properties": {
"AttributeDefinitions": [
{
"AttributeName": "actor_id",
"AttributeType": "S"
}
],
"BillingMode": "PAY_PER_REQUEST",
"KeySchema": [
{
"AttributeName": "actor_id",
"KeyType": "HASH"
}
],
"TableName": "agent-claw-users"
},
"UpdateReplacePolicy": "Retain",
"DeletionPolicy": "Retain",
"Metadata": {
"aws:cdk:path": "AgentClawStack/UsersTable/Resource"
}
},
"MessageQueue7A3BF959": {
"Type": "AWS::SQS::Queue",
"Properties": {
"ContentBasedDeduplication": false,
"FifoQueue": true,
"QueueName": "agent-claw-messages.fifo",
"ReceiveMessageWaitTimeSeconds": 20,
"VisibilityTimeout": 900
},
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete",
"Metadata": {
"aws:cdk:path": "AgentClawStack/MessageQueue/Resource"
}
},
"TgIngestServiceRoleB96980B6": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"ManagedPolicyArns": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
]
]
}
]
},
"Metadata": {
"aws:cdk:path": "AgentClawStack/TgIngest/ServiceRole/Resource"
}
},
"TgIngestServiceRoleDefaultPolicyCC51E135": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": [
"sqs:SendMessage",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl"
],
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"MessageQueue7A3BF959",
"Arn"
]
}
},
{
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret"
],
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/telegram-bot-token-Oq3in3"
}
],
"Version": "2012-10-17"
},
"PolicyName": "TgIngestServiceRoleDefaultPolicyCC51E135",
"Roles": [
{
"Ref": "TgIngestServiceRoleB96980B6"
}
]
},
"Metadata": {
"aws:cdk:path": "AgentClawStack/TgIngest/ServiceRole/DefaultPolicy/Resource"
}
},
"TgIngest4CB35C2F": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Code": {
"S3Bucket": "cdk-hnb659fds-assets-495395224548-us-east-1",
"S3Key": "8da48fd743d1e2cb70d8d1935cee795b6f8cf02609db05e2b8f28449be9ef875.zip"
},
"Environment": {
"Variables": {
"MESSAGE_QUEUE_URL": {
"Ref": "MessageQueue7A3BF959"
},
"TELEGRAM_BOT_TOKEN_SECRET_ARN": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/telegram-bot-token-Oq3in3",
"TELEGRAM_WEBHOOK_SECRET": ""
}
},
"FunctionName": "agent-claw-tg-ingest",
"Handler": "handler.handler",
"MemorySize": 128,
"Role": {
"Fn::GetAtt": [
"TgIngestServiceRoleB96980B6",
"Arn"
]
},
"Runtime": "python3.12",
"Timeout": 10
},
"DependsOn": [
"TgIngestServiceRoleDefaultPolicyCC51E135",
"TgIngestServiceRoleB96980B6"
],
"Metadata": {
"aws:cdk:path": "AgentClawStack/TgIngest/Resource",
"aws:asset:path": "asset.8da48fd743d1e2cb70d8d1935cee795b6f8cf02609db05e2b8f28449be9ef875",
"aws:asset:is-bundled": false,
"aws:asset:property": "Code"
}
},
"AgentRunnerServiceRole40CA0A00": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"ManagedPolicyArns": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
]
]
}
]
},
"Metadata": {
"aws:cdk:path": "AgentClawStack/AgentRunner/ServiceRole/Resource"
}
},
"AgentRunnerServiceRoleDefaultPolicyA584A5CF": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": [
"dynamodb:BatchGetItem",
"dynamodb:Query",
"dynamodb:GetItem",
"dynamodb:Scan",
"dynamodb:ConditionCheckItem",
"dynamodb:BatchWriteItem",
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:DescribeTable"
],
"Effect": "Allow",
"Resource": [
{
"Fn::GetAtt": [
"SessionStore8C86EEFE",
"Arn"
]
}
]
},
{
"Action": [
"dynamodb:GetRecords",
"dynamodb:GetShardIterator"
],
"Effect": "Allow",
"Resource": [
{
"Fn::GetAtt": [
"SessionStore8C86EEFE",
"Arn"
]
}
]
},
{
"Action": [
"dynamodb:BatchGetItem",
"dynamodb:Query",
"dynamodb:GetItem",
"dynamodb:Scan",
"dynamodb:ConditionCheckItem",
"dynamodb:BatchWriteItem",
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:DescribeTable"
],
"Effect": "Allow",
"Resource": [
{
"Fn::GetAtt": [
"UsersTable9725E9C8",
"Arn"
]
}
]
},
{
"Action": [
"dynamodb:GetRecords",
"dynamodb:GetShardIterator"
],
"Effect": "Allow",
"Resource": [
{
"Fn::GetAtt": [
"UsersTable9725E9C8",
"Arn"
]
}
]
},
{
"Action": [
"s3:GetObject*",
"s3:GetBucket*",
"s3:List*"
],
"Effect": "Allow",
"Resource": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":s3:::agent-claw-workspace-495395224548"
]
]
},
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":s3:::agent-claw-workspace-495395224548/*"
]
]
}
]
},
{
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret"
],
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/telegram-bot-token-Oq3in3"
},
{
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret"
],
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/brave-api-key-uUSgzi"
},
{
"Action": [
"sqs:ReceiveMessage",
"sqs:ChangeMessageVisibility",
"sqs:GetQueueUrl",
"sqs:DeleteMessage",
"sqs:GetQueueAttributes"
],
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"MessageQueue7A3BF959",
"Arn"
]
}
},
{
"Action": "bedrock-agentcore:InvokeAgentRuntime",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyName": "AgentRunnerServiceRoleDefaultPolicyA584A5CF",
"Roles": [
{
"Ref": "AgentRunnerServiceRole40CA0A00"
}
]
},
"Metadata": {
"aws:cdk:path": "AgentClawStack/AgentRunner/ServiceRole/DefaultPolicy/Resource"
}
},
"AgentRunnerBDE3FA56": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Code": {
"S3Bucket": "cdk-hnb659fds-assets-495395224548-us-east-1",
"S3Key": "7053cd1618f5f520a7aac409588128f920d8fe76791c1dbcc65610454d1a5387.zip"
},
"Environment": {
"Variables": {
"SESSION_TABLE_NAME": {
"Ref": "SessionStore8C86EEFE"
},
"WORKSPACE_BUCKET_NAME": "agent-claw-workspace-495395224548",
"TELEGRAM_BOT_TOKEN_SECRET_ARN": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/telegram-bot-token-Oq3in3",
"BRAVE_API_KEY_SECRET_ARN": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/brave-api-key-uUSgzi",
"RUNTIME_1_ARN": "arn:aws:bedrock-agentcore:us-east-1:495395224548:runtime/agentclaw_agent_claw_main-vTRGIEG6ON",
"AWS_REGION_NAME": "us-east-1",
"USERS_TABLE_NAME": {
"Ref": "UsersTable9725E9C8"
},
"WORKSPACE_MCP_URL": "https://25hugrzw4uwtueeg77jsmft6lq0wunmd.lambda-url.us-east-1.on.aws/mcp"
}
},
"FunctionName": "agent-claw-agent-runner",
"Handler": "handler.handler",
"MemorySize": 256,
"Role": {
"Fn::GetAtt": [
"AgentRunnerServiceRole40CA0A00",
"Arn"
]
},
"Runtime": "python3.12",
"Timeout": 900
},
"DependsOn": [
"AgentRunnerServiceRoleDefaultPolicyA584A5CF",
"AgentRunnerServiceRole40CA0A00"
],
"Metadata": {
"aws:cdk:path": "AgentClawStack/AgentRunner/Resource",
"aws:asset:path": "asset.7053cd1618f5f520a7aac409588128f920d8fe76791c1dbcc65610454d1a5387",
"aws:asset:is-bundled": false,
"aws:asset:property": "Code"
}
},
"AgentRunnerSqsEventSourceAgentClawStackMessageQueue9AF4DF234671B32B": {
"Type": "AWS::Lambda::EventSourceMapping",
"Properties": {
"BatchSize": 10,
"Enabled": true,
"EventSourceArn": {
"Fn::GetAtt": [
"MessageQueue7A3BF959",
"Arn"
]
},
"FunctionName": {
"Ref": "AgentRunnerBDE3FA56"
}
},
"Metadata": {
"aws:cdk:path": "AgentClawStack/AgentRunner/SqsEventSource:AgentClawStackMessageQueue9AF4DF23/Resource"
}
},
"WebhookApi28122C53": {
"Type": "AWS::ApiGatewayV2::Api",
"Properties": {
"Name": "agent-claw-webhook",
"ProtocolType": "HTTP"
},
"Metadata": {
"aws:cdk:path": "AgentClawStack/WebhookApi/Resource"
}
},
"WebhookApiDefaultStageC0BC9CA5": {
"Type": "AWS::ApiGatewayV2::Stage",
"Properties": {
"ApiId": {
"Ref": "WebhookApi28122C53"
},
"AutoDeploy": true,
"StageName": "$default"
},
"Metadata": {
"aws:cdk:path": "AgentClawStack/WebhookApi/DefaultStage/Resource"
}
},
"WebhookApiPOSTtelegramTgIngestIntegration9EE5BB85": {
"Type": "AWS::ApiGatewayV2::Integration",
"Properties": {
"ApiId": {
"Ref": "WebhookApi28122C53"
},
"IntegrationType": "AWS_PROXY",
"IntegrationUri": {
"Fn::GetAtt": [
"TgIngest4CB35C2F",
"Arn"
]
},
"PayloadFormatVersion": "2.0"
},
"Metadata": {
"aws:cdk:path": "AgentClawStack/WebhookApi/POST--telegram/TgIngestIntegration/Resource"
}
},
"WebhookApiPOSTtelegramTgIngestIntegrationPermissionFEBC2E3B": {
"Type": "AWS::Lambda::Permission",
"Properties": {
"Action": "lambda:InvokeFunction",
"FunctionName": {
"Fn::GetAtt": [
"TgIngest4CB35C2F",
"Arn"
]
},
"Principal": "apigateway.amazonaws.com",
"SourceArn": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":execute-api:us-east-1:495395224548:",
{
"Ref": "WebhookApi28122C53"
},
"/*/*/telegram"
]
]
}
},
"Metadata": {
"aws:cdk:path": "AgentClawStack/WebhookApi/POST--telegram/TgIngestIntegration-Permission"
}
},
"WebhookApiPOSTtelegramF7127CFF": {
"Type": "AWS::ApiGatewayV2::Route",
"Properties": {
"ApiId": {
"Ref": "WebhookApi28122C53"
},
"AuthorizationType": "NONE",
"RouteKey": "POST /telegram",
"Target": {
"Fn::Join": [
"",
[
"integrations/",
{
"Ref": "WebhookApiPOSTtelegramTgIngestIntegration9EE5BB85"
}
]
]
}
},
"Metadata": {
"aws:cdk:path": "AgentClawStack/WebhookApi/POST--telegram/Resource"
}
},
"Runtime1RoleA7A82078": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "bedrock-agentcore.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"Description": "Execution role for agent-claw Runtime 1 (main assistant)"
},
"Metadata": {
"aws:cdk:path": "AgentClawStack/Runtime1Role/Resource"
}
},
"Runtime1RoleDefaultPolicy1A3D5ACF": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": [
"bedrock:InvokeModel",
"bedrock:InvokeModelWithResponseStream"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject*",
"s3:GetBucket*",
"s3:List*"
],
"Effect": "Allow",
"Resource": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":s3:::agent-claw-workspace-495395224548"
]
]
},
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":s3:::agent-claw-workspace-495395224548/*"
]
]
}
]
},
{
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret"
],
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/telegram-bot-token-Oq3in3"
},
{
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret"
],
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:us-east-1:495395224548:secret:agent-claw/brave-api-key-uUSgzi"
},
{
"Action": [
"bedrock-agentcore:CreateEvent",
"bedrock-agentcore:ListEvents",
"bedrock-agentcore:RetrieveMemoryRecords"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "lambda:InvokeFunctionUrl",
"Condition": {
"StringEquals": {
"lambda:FunctionUrlAuthType": "AWS_IAM"
}
},
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":lambda:us-east-1:495395224548:function:agent-claw-workspace-mcp"
]
]
},
"Sid": "WorkspaceMcpInvoke"
},
{
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret"
],
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":secretsmanager:us-east-1:495395224548:secret:agent-claw/google-workspace-credentials-??????"
]
]
}
},
{
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret"
],
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client-??????"
]
]
}
}
],
"Version": "2012-10-17"
},
"PolicyName": "Runtime1RoleDefaultPolicy1A3D5ACF",
"Roles": [
{
"Ref": "Runtime1RoleA7A82078"
}
]
},
"Metadata": {
"aws:cdk:path": "AgentClawStack/Runtime1Role/DefaultPolicy/Resource"
}
},
"WorkspaceMcpRolePolicy5B8B0072": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret"
],
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":secretsmanager:us-east-1:495395224548:secret:agent-claw/google-workspace-credentials-??????"
]
]
}
},
{
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret"
],
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":secretsmanager:us-east-1:495395224548:secret:agent-claw/google-oauth-client-??????"
]
]
}
}
],
"Version": "2012-10-17"
},
"PolicyName": "WorkspaceMcpRolePolicy5B8B0072",
"Roles": [
"agent-claw-workspace-mcp-role"
]
},
"Metadata": {
"aws:cdk:path": "AgentClawStack/WorkspaceMcpRole/Policy/Resource"
}
},
"CDKMetadata": {
"Type": "AWS::CDK::Metadata",
"Properties": {
"Analytics": "v2:deflate64:H4sIAAAAAAAA/22PwU7DMAyGn2X31IxuPMCGQHBAjI775KZela1NSu1sqqK8O0rKOCBO/+ff+WO7hPKhhOUCr1zo5lx0poawF9RnVRE7P2pSeOVD4BVsvT6TbJFJNZPF3jU1hE+sO1KPR5shKv5iCB+efDYzRNVhXzcI4dlbLcbZ1PrlpwtZ2edRbzgMxrap/b+7o7E3zCl2y6d9ojLYQ6jcvErWneuMnnIoU1S8OiAzCcMmicLBtCh0xelSQngRGTaDSYEkqdwLtvnDGZJVOS8zvVqhdsTbOX/K/C5GlSel+M8B714GL1FZ1xCc+O5SruF+DcvFiY0pRm/F9ATVrN8RDS1cnQEAAA=="
},
"Metadata": {
"aws:cdk:path": "AgentClawStack/CDKMetadata/Default"
}
}
},
"Outputs": {
"WorkspaceMcpFunctionUrl": {
"Description": "workspace-mcp Lambda Function URL (MCP endpoint for Gmail/Calendar)",
"Value": "https://25hugrzw4uwtueeg77jsmft6lq0wunmd.lambda-url.us-east-1.on.aws"
},
"GoogleCredentialsSecretArn": {
"Description": "Google OAuth user credentials secret ARN",
"Value": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":secretsmanager:us-east-1:495395224548:secret:agent-claw/google-workspace-credentials"
]
]
}
},
"WebhookUrl": {
"Description": "Register this URL with Telegram BotFather as webhook endpoint",
"Value": {
"Fn::Join": [
"",
[
"https://",
{
"Ref": "WebhookApi28122C53"
},
".execute-api.us-east-1.",
{
"Ref": "AWS::URLSuffix"
},
"/telegram"
]
]
}
},
"WorkspaceBucketName": {
"Description": "S3 bucket containing agent workspace files",
"Value": "agent-claw-workspace-495395224548"
},
"SessionTableName": {
"Description": "DynamoDB table for session mapping",
"Value": {
"Ref": "SessionStore8C86EEFE"
}
},
"UsersTableName": {
"Description": "DynamoDB user registry table",
"Value": {
"Ref": "UsersTable9725E9C8"
}
},
"MessageQueueUrl": {
"Description": "SQS FIFO queue for incoming messages",
"Value": {
"Ref": "MessageQueue7A3BF959"
}
},
"Runtime1RoleArn": {
"Description": "IAM execution role ARN for AgentCore Runtime 1",
"Value": {
"Fn::GetAtt": [
"Runtime1RoleA7A82078",
"Arn"
]
}
}
},
"Parameters": {
"BootstrapVersion": {
"Type": "AWS::SSM::Parameter::Value<String>",
"Default": "/cdk-bootstrap/hnb659fds/version",
"Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
}
},
"Rules": {
"CheckBootstrapVersion": {
"Assertions": [
{
"Assert": {
"Fn::Not": [
{
"Fn::Contains": [
[
"1",
"2",
"3",
"4",
"5"
],
{
"Ref": "BootstrapVersion"
}
]
}
]
},
"AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
}
]
}
}
}
Reference in New Issue View Git Blame Copy Permalink