feat: AgentCore tool search plugin for Strands Agents

[senthilkumarmohan]

Description of changes:

This pull request introduces the AgentCore Tool Search Plugin for Strands Agents, enabling dynamic semantic tool discovery from AgentCore Gateway based on conversation intent.

AgentCore Tool Search Plugin:

• Added AgentCoreToolSearchPlugin that hooks into before_invocation to derive user intent from conversation history, search the gateway via x_amz_bedrock_agentcore_search, and dynamically register matching tools into the agent. (src/bedrock_agentcore/gateway/integrations/strands/plugins/agentcore_tool_search/plugin.py)
• Implemented IntentProvider abstract interface for pluggable intent derivation strategies. (src/bedrock_agentcore/gateway/integrations/strands/plugins/agentcore_tool_search/intent_providers/intent_provider.py)
• Implemented DefaultIntentProvider which uses an LLM to classify the last N messages into a concise intent string, with support for explicit model override or automatic reuse of the agent's model. (src/bedrock_agentcore/gateway/integrations/strands/plugins/agentcore_tool_search/intent_providers/default_intent_provider.py)

Documentation and Examples:

• Added a comprehensive README.md with usage examples (default and custom intent provider), architecture diagram, prerequisites, and custom intent provider guide. (src/bedrock_agentcore/gateway/integrations/strands/plugins/agentcore_tool_search/README.md)

Testing and Validation:

• Added unit tests for the plugin and intent providers (31 tests). (tests/bedrock_agentcore/gateway/integrations/strands/test_agentcore_tool_search_plugin.py, tests/bedrock_agentcore/gateway/integrations/strands/test_intent_providers.py)
• Added integration tests with a deployable Lambda handler for live gateway testing. (tests_integ/gateway/integrations/test_agentcore_tool_search_plugin.py, tests_integ/gateway/integrations/lambda_function/lambda_function.py)

---

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[notgitika]

thanks for contributing! added some comments

[notgitika]

could this be prone to user manipulation? like ignore all previous instructions and... is there a way we can validate that?

[senthilkumarmohan]

DefaultIntentProvider uses the agent's model (which can be configured with Bedrock Guardrails). Users can also pass a custom BedrockModel with guardrails attached via the constructor. Additionally, the intent classifier has a constrained system prompt, no tools, and only receives user-typed messages — so the worst case of prompt injection is a poor search query, not code execution or data leakage.

Open to recommendations if you think we should add additional hardening here.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 94.64286% with 6 lines in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (main@0b2b34f). Learn more about missing BASE report.

Files with missing lines	Patch %	Lines
...ns/strands/plugins/agentcore_tool_search/plugin.py	93.84%	2 Missing and 2 partials ⚠️
...search/intent_providers/default_intent_provider.py	97.05%	0 Missing and 1 partial ⚠️
...re_tool_search/intent_providers/intent_provider.py	80.00%	1 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #494   +/-   ##
=======================================
  Coverage        ?   89.47%           
=======================================
  Files           ?       89           
  Lines           ?     7745           
  Branches        ?     1157           
=======================================
  Hits            ?     6930           
  Misses          ?      517           
  Partials        ?      298           

Flag	Coverage Δ
unittests	89.47% <94.64%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[jariy17]

Can we rename this to StrandsIntentProvider to indicate we are using a Strands Agent to derive intent?

[jariy17]

I think we should allow customers to configure the system prompt. Set the default to INTENT_SYSTEM_PROMPT.

[jariy17]

Missing __init__.py at gateway/integrations/ and gateway/integrations/strands/. Without those, this won't be importable from an installed wheel since pyproject.toml uses packages = ["src/bedrock_agentcore"].

[jariy17]

mcp isn't declared as a dependency in pyproject.toml — you're relying on it being pulled in transitively by strands-agents. If that ever changes, this breaks with no clear error. Worth adding it explicitly.

[jariy17]

This package doesn't exist — it's part of bedrock-agentcore. Same issue on line 25 with the import path. The examples further down (line 90+) have the correct import; these first ones will confuse people.