re:Invent 2025 Feature Launch: AgentCore Policy Engine, Evals and Identity Custom Claims (#387)

* Add support of inbound authorizer configurations for allowed scopes and custom claims

* Add support of inbound authorizer configurations for allowed scopes and custom claims

* Add support of inbound authorizer configurations for allowed scopes and custom claims

* Add support of inbound authorizer configurations for allowed scopes and custom claims

* feat: Add comprehensive evaluation support

* docs: Clean up evaluation documentation

* Fix evaluation tests to work without AWS credentials

* feat: support policy in AgentCore

* fix: remove safety block for staging repo

* feat: Adding Policy CLI refernce

* feat: Policy - bug fixes

* Properly hanle authorizer configurations as JSON string

* chore: clean up and fixes

* chore: fix policy documentation

* feat: add runtime client integration and validation to evaluation control plane

* chore: Update policy documentation

* fix: remove buggy interactive flow from evaluator update command

* fix: fixed unit tests

* Resolving merge conflict in src/bedrock_agentcore_starter_toolkit/cli/cli.py

* fix: linting error

* fix: restore original safety check for integ testing

* feat: Bumping boto3 and botocore to capture new APIs

---------

Signed-off-by: Tejas Kashinath <42380254+tejaskash@users.noreply.github.com>
Co-authored-by: Brian Lao <brianlao@amazon.com>
Co-authored-by: Vivek Bhadauria <vivekbh@amazon.com>
Co-authored-by: Sainath Reddy Bobbala <bsnr@amazon.com>
Co-authored-by: Sundar Raghavan <sdraghav@amazon.com>
Co-authored-by: Sundar Raghavan <101336114+sundargthb@users.noreply.github.com>
Co-authored-by: brianlaoaws <104795877+brianlaoaws@users.noreply.github.com>
Co-authored-by: sainathreddyb <39425617+sainathreddyb@users.noreply.github.com>
Co-authored-by: T.J Ariyawansa <tjariy@amazon.com>
Co-authored-by: gitikavj <53349492+notgitika@users.noreply.github.com>
Co-authored-by: Gitika <53349492+notgitika@users.noreply.github.com>
Co-authored-by: Tejas Kashinath <42380254+tejaskash@users.noreply.github.com
Co-authored-by: notgitika <gitijh@gmail.com>

Author: 9 people

README.md

@@ -70,11 +70,21 @@ AgentCore Observability helps developers trace, debug, and monitor agent perform
 
 **[Observability Quick Start](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/observability-get-started.html)**
 
+## 🎯 Amazon Bedrock AgentCore Evaluation
+AgentCore Evaluation enables developers to assess and improve agent quality through built-in and custom evaluators. With support for on-demand evaluation and continuous monitoring via online evaluation, developers can measure agent performance metrics like helpfulness, correctness, and goal success rates. Evaluation integrates seamlessly with observability to provide actionable insights for maintaining and improving agent quality at scale.
+
+**[Evaluation Documentation](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/evaluations.html)** • **[Quick Start](https://aws.github.io/bedrock-agentcore-starter-toolkit/user-guide/evaluation/quickstart.html)**
+
 ## 🔐 Amazon Bedrock AgentCore Identity
 AgentCore Identity provides a secure, scalable agent identity and access management capability accelerating AI agent development. It is compatible with existing identity providers, eliminating needs for user migration or rebuilding authentication flows. AgentCore Identity's helps to minimize consent fatigue with a secure token vault and allows you to build streamlined AI agent experiences. Just-enough access and secure permission delegation allow agents to securely access AWS resources and third-party tools and services.
 
 **[Identity Quick Start](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/identity-getting-started-cognito.html)**
 
+## 🛡️ Amazon Bedrock AgentCore Policy
+Policy in AgentCore gives you real time, deterministic control over agent's actions through AgentCore Gateway, ensuring agents stay within defined boundaries and business rules without slowing them down. Easily express fine-grained rules using natural language description or author them directly using Cedar - AWS's open-source policy language - giving you complete control over who can perform which actions under what conditions.
+
+**[Policy Quick Start](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/policy-getting-started.html)**
+
 ## 🔐 Import Amazon Bedrock Agents to Bedrock AgentCore
 AgentCore Import-Agent enables seamless migration of existing Amazon Bedrock Agents to LangChain/LangGraph or Strands frameworks while automatically integrating AgentCore primitives like Memory, Code Interpreter, and Gateway. Developers can migrate agents in minutes with full feature parity and deploy directly to AgentCore Runtime for serverless operation.