Merge pull request #272 from giedri/main

Kiro Power for centralized guidance

Author: giedri

apigw-ai-agents/README.md

@@ -39,6 +39,12 @@ This set of samples includes three different implementations of the AI agents us
 
 All implementations follow the same core architecture and implement similar components.
 
+### Kiro Power
+
+In addition to the agents, sample includes sample custom [Kiro Power](./kiro-power/POWER.md) which allows organizations to provide centralized guidance in [Kiro](https://kiro.dev/) - agentic AI with an IDE and CLI. 
+
+The power uses Knowledge Base and MCP server implemented in the [Strands framework and Amazon Bedrock AgentCore](./strands-agentcore/) example.
+
 ### Knowledge base
 
 Knowledge base focuses on covering information that is changing, need to be curated, and may include sources that aren't available publicly (or need processing, such as re:Invent video transcriptions)

apigw-ai-agents/kiro-power/POWER.md

@@ -0,0 +1,169 @@
+---
+name: "centralized-developer-guidance"
+displayName: "Centralized Developer Guidance"
+description: "Provides organization-wide, centralized developer guidance. API expertise, best practices, and configuration inspection directly in your IDE."
+keywords: ["api-gateway", "governance", "best-practices", "api-expert"]
+author: "Your Organization"
+---
+
+# Centralized Developer Guidance
+
+## Overview
+
+This power provides centralized, AI-powered developer guidance for your organization. It connects to an Amazon Bedrock AgentCore-based agent that has access to your organization's knowledge base containing best practices, governance requirements, and curated documentation.
+
+**This is a sample implementation, not limited to API development.** While this example focuses on API development guidance, the underlying architecture can be tailored for any use case or development area - security practices, infrastructure patterns, data engineering, frontend development, or any domain where your organization wants to provide centralized guidance. The Knowledge Base content, agent prompts, and tools can all be customized to fit your specific needs.
+
+Unlike project-specific steering files, this power enables organization-wide guidance that can be shared across all teams from a central location. Teams can install this power from a shared directory and receive consistent guidance alongside their project-specific steering files.
+
+**Key capabilities (in this API-focused example):**
+- **API Expert Consultation** - Get answers about API development, security, AWS services, and your organization's specific standards
+- **API Inspector** - Analyze existing API Gateway configurations and receive improvement recommendations based on AWS best practices and your organization's requirements
+
+**Adapt for your use case** by modifying the Knowledge Base content, agent instructions, and MCP tools to cover your organization's specific domain expertise.
+
+## Available Steering Files
+
+This power includes steering files that provide detailed workflow guidance:
+
+- **api-requirements** - Comprehensive guide for gathering API requirements, covering all aspects from endpoints and authentication to performance and security requirements
+
+## When to Use This Power
+
+Use this power when you need:
+- Organization-specific development standards and best practices
+- Guidance on API development, management, and governance
+- Help with Amazon API Gateway configuration
+- Inspection of existing API configurations
+
+## Onboarding
+
+### Prerequisites
+
+Before using this power, your organization needs to deploy the backend infrastructure:
+
+1. **Knowledge Base** - See [strands-agentcore/iac](../strands-agentcore/iac/README.md) for deployment instructions:
+   - CloudFormation template: [bedrock-kb-s3.yaml](../strands-agentcore/iac/bedrock-kb-s3.yaml)
+   - S3 bucket with organization documentation
+   - Bedrock Knowledge Base with vector embeddings
+   - Data sources for your content and optionally AWS public docs
+
+2. **AgentCore Agent** - See [strands-agentcore/api-expert-agent](../strands-agentcore/api-expert-agent/README.md) for deployment instructions:
+   - Strands-based agent with Knowledge Base access
+   - Deployed to Amazon Bedrock AgentCore Runtime
+
+3. **MCP Server** - See [strands-agentcore/mcp](../strands-agentcore/mcp/README.md) for setup details:
+   - Python-based FastMCP server
+   - Requirements: [api-helper/requirements.txt](../strands-agentcore/mcp/api-helper/requirements.txt)
+
+> **Important:** For production environments, organizations should deploy a remote MCP server with appropriate authentication and authorization instead of running locally on each developer's machine.
+
+### Local Setup
+
+1. Ensure AWS CLI is configured with appropriate credentials
+2. Install this power from your organization's shared location
+
+## Best Practices
+
+- **Combine with project steering** - Use this power for organization-wide guidance alongside project-specific `.kiro/steering/` files
+- **Keep Knowledge Base updated** - Ensure your platform team regularly syncs the Knowledge Base with latest documentation
+- **Review recommendations** - AI-generated advice should be reviewed by humans, especially for security-related decisions
+- **Add organization content** - Customize the Knowledge Base with your internal standards, patterns, and governance requirements
+
+## Configuration
+
+### Local MCP Server Setup (Development/Testing)
+
+For local development and testing, configure the MCP server to run on your machine:
+
+**Step 1: Update `mcp.json` with the actual path to `api_helper.py`**
+
+```json
+{
+  "mcpServers": {
+    "api-expert-server": {
+      "command": "python",
+      "args": [
+        "/absolute/path/to/strands-agentcore/mcp/api-helper/api_helper.py"
+      ],
+      "disabled": false,
+      "env": {
+        "AWS_REGION": "us-east-1",
+        "AGENTCORE_AGENT_ARN": "arn:aws:bedrock-agentcore:us-east-1:123456789012:agent-runtime/XXXXXXXXXX"
+      }
+    }
+  }
+}
+```
+
+**Step 2: Replace placeholders with your actual values**
+
+| Placeholder | Description | How to Get It |
+|-------------|-------------|---------------|
+| `/absolute/path/to/.../api_helper.py` | Full path to the MCP server script | Run `pwd` in the `strands-agentcore/mcp/api-helper` directory and append `/api_helper.py` |
+| `AWS_REGION` | AWS region where your agent is deployed | Check your AgentCore deployment output |
+| `AGENTCORE_AGENT_ARN` | ARN of your Bedrock AgentCore Runtime agent | Get from deployment output or AWS Console: Bedrock → AgentCore → Agents |
+
+**Step 3: Configure AWS credentials**
+
+The MCP server uses boto3 which reads credentials from your AWS configuration. Ensure your `~/.aws/config` has valid credentials
+
+**Step 4: Install Python dependencies**
+
+```bash
+cd strands-agentcore/mcp/api-helper
+pip install -r requirements.txt
+```
+
+**Step 5: Reconnect the MCP server**
+
+After updating `mcp.json`, reconnect the MCP server from the Kiro MCP Server panel to apply changes.
+
+### Remote MCP Server Setup (Production)
+
+> **Important:** For production environments, organizations should deploy a remote MCP server with appropriate authentication and authorization instead of running locally on each developer's machine.
+
+**Benefits of remote MCP server:**
+- Centralized credential management (no AWS credentials on developer machines)
+- Consistent configuration across all developers
+- Audit logging and access control
+- Easier updates and maintenance
+
+**Remote server configuration in `mcp.json`:**
+
+```json
+{
+  "mcpServers": {
+    "api-expert-server": {
+      "url": "https://your-mcp-server.example.com/sse",
+      "headers": {
+        "Authorization": "Bearer YOUR_AUTH_TOKEN"
+      }
+    }
+  }
+}
+```
+
+**Recommended production architecture:**
+- Deploy the MCP server behind an API Gateway or Application Load Balancer
+- Use OAuth 2.0, OIDC, or your organization's SSO for authentication
+- Implement IAM roles for the server to access Bedrock AgentCore
+- Enable CloudWatch logging for audit and troubleshooting
+- Consider using AWS PrivateLink for private connectivity
+
+### Environment Variables Reference
+
+| Variable | Description | Required |
+|----------|-------------|----------|
+| `AWS_REGION` | AWS region where AgentCore agent is deployed | Yes |
+| `AGENTCORE_AGENT_ARN` | ARN of the Bedrock AgentCore Runtime agent | Yes |
+
+## Sharing This Power
+
+To share this power across your organization:
+
+1. **Host on shared storage** - Place the power directory on a network drive or shared location
+2. **Teams install locally** - Each developer adds the power via Kiro Powers UI → "Add Custom Power" → "Local Directory"
+3. **Keep synchronized** - Update the shared copy when infrastructure changes
+
+

apigw-ai-agents/kiro-power/README.md

@@ -0,0 +1,5 @@
+# Centralized Developer Guidance - Kiro Power Sample
+
+This is a sample Kiro Power implementation that demonstrates how organizations can provide centralized, AI-powered developer guidance across all teams. The sample connects to an Amazon Bedrock AgentCore-based agent with access to a Knowledge Base containing best practices, governance requirements, and curated documentation. While this example focuses on API development guidance, the architecture can be adapted for any domain — security practices, infrastructure patterns, data engineering, or any area where your organization wants to deliver consistent guidance from a central location.
+
+For detailed information about capabilities, configuration, and deployment, see [POWER.md](./POWER.md).

apigw-ai-agents/kiro-power/mcp.json

@@ -0,0 +1,15 @@
+{
+  "mcpServers": {
+    "api-expert-server": {
+      "command": "python",
+      "args": [
+        "<path to helper directory>/api_helper.py"
+      ],
+      "disabled": false,
+      "env": {
+        "AWS_REGION": "us-east-1",
+        "AGENTCORE_AGENT_ARN": "XXXX"
+      }
+    }
+  }
+}

apigw-ai-agents/kiro-power/steering/api-requirements.md

@@ -0,0 +1,162 @@
+# API Requirements Gathering Guide
+
+When helping users define requirements for APIs, guide them through a structured process covering all aspects of API development. Ask one question at a time—do not overwhelm with lists of questions.
+
+## Requirements Categories to Cover
+
+### 1. API Purpose and Overview
+- What problem does the API solve?
+- Who are the primary users/consumers?
+- Expected usage volume (requests per day/hour)?
+- Business context and value proposition?
+
+### 2. Endpoints and Operations
+- Resources to expose (users, orders, products, etc.)?
+- Operations needed for each resource (GET, POST, PUT, DELETE, PATCH)?
+- URL paths and naming conventions?
+- Nested resources or relationships?
+- Query parameters for filtering, sorting, pagination?
+
+### 3. Request/Response Specifications
+- Data sent in request bodies?
+- Required or optional headers?
+- Query parameters needed?
+- Data returned in responses?
+- Expected response codes for success and error scenarios?
+- Response format (JSON, XML, etc.)?
+
+### 4. Data Models and Schemas
+- Domain entities and their attributes?
+- Data types for each field?
+- Relationships between entities?
+- Required vs optional fields?
+- Validation rules and constraints?
+- Enumerations or fixed value sets?
+
+### 5. Authentication and Authorization
+- Authentication method (API keys, JWT, OAuth 2.0, AWS Cognito)?
+- Authorization model (RBAC, ABAC, resource-based)?
+- Different permission levels or user roles?
+- Lambda authorizers for custom authorization?
+- IP whitelisting or other access controls?
+
+### 6. Integration Requirements
+- Backend services to integrate (Lambda, DynamoDB, RDS, etc.)?
+- External API integrations?
+- Integration type preference (Lambda proxy vs custom)?
+- VPC integrations for private resources?
+- Data transformations needed?
+
+### 7. Performance and Scalability
+- Expected request rates (per second)?
+- Latency requirements (target response time)?
+- Caching at API Gateway level?
+- Appropriate cache TTL?
+- Throttling limits (rate limit, burst limit)?
+- Different throttling for different endpoints or tiers?
+
+### 8. Error Handling
+- Error scenarios to handle?
+- Error messages for clients?
+- Custom error responses for different types?
+- Error format (standard vs custom)?
+- How to communicate validation errors?
+
+### 9. Logging and Monitoring
+- Level of logging (execution logs, access logs, both)?
+- Appropriate log level (ERROR, INFO, DEBUG)?
+- AWS X-Ray tracing for request tracing?
+- Metrics to track?
+- Alarms to configure?
+- CloudWatch dashboard requirements?
+
+### 10. Security Requirements
+- AWS WAF configuration?
+- CORS requirements?
+- Data encryption requirements?
+- API keys or usage plans?
+- Compliance requirements (HIPAA, PCI-DSS, etc.)?
+
+### 11. Deployment and Environment
+- Environments needed (dev, staging, production)?
+- Stage-specific configurations?
+- Canary deployments?
+- Deployment strategy preference?
+- Stage variables needed?
+
+### 12. Documentation
+- Level of API documentation needed?
+- OpenAPI/Swagger UI for interactive docs?
+- Specific documentation standards?
+- Example requests and responses?
+- Internal documentation requirements?
+
+## Requirements Gathering Workflow
+
+1. Greet user and explain you'll help gather comprehensive API requirements
+2. Use the `ask_api_expert` tool to check for internal standards before detailed questions
+3. Start with API purpose and overview, incorporating internal standards
+4. Progress through each category systematically
+5. Use `ask_api_expert` tool as needed for internal policies and best practices
+6. Ask clarifying questions for gaps, referencing internal standards
+7. Once complete, generate a final requirements summary
+8. Present summary for confirmation and refinement
+
+## Guidelines
+
+- **Start Broad, Then Narrow**: Begin with high-level questions, then drill into specifics
+- **Ask One Category at a Time**: Don't overwhelm users
+- **Provide Examples**: Clarify technical details with examples
+- **Confirm Understanding**: Summarize and ask for confirmation
+- **Identify Gaps**: Proactively identify and address missing information
+- **Be Conversational**: Use natural language, not rigid questionnaire format
+- **Adapt to Expertise**: Adjust technical depth based on user responses
+- **Suggest Best Practices**: Offer AWS best practices when appropriate
+- **Reference Internal Standards**: Always check the Knowledge Base for organization-specific requirements
+
+## Output Format
+
+When requirements gathering is complete, produce a structured summary:
+
+```markdown
+# API Requirements Summary
+
+## Overview
+- API Name: [name]
+- Purpose: [description]
+- Target Users: [consumers]
+- Expected Volume: [requests/day]
+
+## Endpoints
+| Resource | Method | Path | Description |
+|----------|--------|------|-------------|
+| ... | ... | ... | ... |
+
+## Authentication & Authorization
+- Method: [auth method]
+- Authorization Model: [model]
+- Roles/Permissions: [details]
+
+## Data Models
+[Entity definitions with attributes and types]
+
+## Performance Requirements
+- Target Latency: [ms]
+- Rate Limits: [requests/second]
+- Caching: [yes/no, TTL]
+
+## Security Requirements
+- WAF: [yes/no]
+- CORS: [configuration]
+- Encryption: [requirements]
+- Compliance: [standards]
+
+## Monitoring & Logging
+- Logging Level: [level]
+- Tracing: [yes/no]
+- Key Metrics: [list]
+
+## Deployment
+- Environments: [list]
+- Strategy: [approach]
+```

apigw-ai-agents/strands-agentcore/mcp/api-helper/api_helper.py

@@ -114,7 +114,7 @@ async def inspect_API(request: str) -> str:
     )
     try:
         logger.debug(f"API Inspector tool request: {request}")
-        session_id= "api_inspector_session_"+api_id+str(uuid.uuid4())
+        session_id= "api_inspector_session_"+str(uuid.uuid4())
         payload = json.dumps({"request": f"Inspect API with ID {request} and provide improvement recommendations"}).encode()
 
         # Invoke bedrock API Expert agent and get response