Language: English / Japanese

A multi-agent orchestration chat platform built on Amazon Bedrock AgentCore.

This is a multi-agent platform that enables teams to create and customize AI agents and share them across your organization. Built on Amazon Bedrock AgentCore, you can easily build agents tailored to your needs.

Preset agents are also available for immediate use, covering various domains including software development, data analysis, and content creation.

Agent Chat You can interact with specialized AI agents through a simple UI	Share Agent You can discover and share custom agents across your team
Event-Driven Automation Trigger agents automatically via schedules and external events	Extensible Tools Add and configure tools to extend agent capabilities

• Custom Agent Creation - You can design and build agents freely according to your needs
• Organization-Wide Sharing - You can discover and share agents across your team
• Preset Agents - Ready-to-use agents including Software Developer, Data Analyst, Physicist, and more
• Extensible Tools - Supports command execution, web search, image generation, and external service integration
• File Storage - Includes built-in cloud storage for documents and resources
• Enterprise Ready - Supports JWT authentication, session management, and AWS Cognito integration
• Memory and Context - Recognizes persistent conversation history and context

This application uses a fully serverless architecture built on Amazon Bedrock AgentCore. User requests flow from the React frontend through Cognito authentication to the AgentCore Runtime, which orchestrates AI agent execution with tool integration via the AgentCore Gateway.

The backend API is responsible for agent management, session persistence, and file operations. AgentCore Runtime executes agents using the Strands Agents SDK (TypeScript), with short-term memory (session history) for conversational context and long-term memory (persistent memory) enabled. Real-time streaming is achieved via AppSync Events, allowing agents to be automatically executed by schedule triggers.

First, install the dependencies.

npm ci

If needed, store API keys and tokens in AWS Secrets Manager for your target environment.

Tavily API Key (for web search tools)

aws secretsmanager create-secret \
  --name "agentcore/default/tavily-api-key" \
  --secret-string "tvly-your-api-key-here" \
  --region ap-northeast-1

You can get your API key from Tavily.

GitHub Token (for GitHub CLI integration)

aws secretsmanager create-secret \
  --name "agentcore/default/github-token" \
  --secret-string "ghp_your-token-here" \
  --region ap-northeast-1

You can generate a token from GitHub Settings.

GitHub Webhook Secret (for receiving GitHub webhook events)

aws secretsmanager create-secret \
  --name "agentcore/default/github-webhook-secret" \
  --secret-string "$(uuidgen)" \
  --region ap-northeast-1

This secret is used to verify HMAC-SHA256 signatures on incoming GitHub webhooks. See GitHub Webhook Setup for full configuration instructions.

For local development, you can also set these as environment variables in packages/agent/.env.

ValidationException: data retention mode 'default' is not available for this model

For the first deployment, run CDK bootstrap.

npx -w packages/cdk cdk bootstrap

Before deploying, edit packages/cdk/config/environments.ts and set a globally unique cognitoDomainPrefix for each environment you plan to deploy. This prefix becomes part of the Cognito managed-login URL (https://{prefix}.auth.{region}.amazoncognito.com) and must be unique across all AWS accounts worldwide — include an organization-specific identifier to avoid collisions.

// packages/cdk/config/environments.ts
default: {
  cognitoDomainPrefix: 'moca-<your-unique-suffix>', // ← replace with your own value
  // ...
},

See Cognito Domain Prefix for details.

Deploy the stack with the following commands.

npm run deploy

Self sign-up is disabled by default. After deployment, you need to create a user in the Cognito User Pool before you can log in.

We recommend creating users through the AWS Management Console.

1. Open the Amazon Cognito console.
2. Select the User Pool that matches the UserPoolId in the CloudFormation stack outputs.
3. Go to the Users tab and click Create user.
4. Enter a username, email, and password.

You can then log in to the frontend URL (see the WebAppFrontendUrl stack output) with the created credentials.

If you want to enable self sign-up from the app, set selfSignUpEnabled: true in packages/cdk/config/environments.ts and optionally specify allowedSignUpEmailDomains.

# 1. Create the user (no email verification)
aws cognito-idp admin-create-user \
  --user-pool-id <UserPoolId> \
  --username <your-username> \
  --message-action SUPPRESS \
  --region <region>

# 2. Set a permanent password (skip forced change at first login)
aws cognito-idp admin-set-user-password \
  --user-pool-id <UserPoolId> \
  --username <your-username> \
  --password <YourPassword123!> \
  --permanent \
  --region <region>

After deployment, seed the default system agents into DynamoDB. This is a one-time operation that populates the shared agents directory with the built-in agents.

npm run seed-system-agents -- --env default

To update system agents after changing DEFAULT_AGENTS definitions, use --force to replace existing ones:

npm run seed-system-agents -- --env default --force

After deployment, you can find the Frontend URL in the CloudFormation stack outputs.

For advanced configuration options such as custom domains, environment-specific settings, and event rules, see the Deployment Options documentation.

The following table provides a cost breakdown for deploying this system in the ap-northeast-1 (Tokyo) region for one month.

Here we assume 100 chat sessions per month using the default model (Claude Sonnet 4.6, ~5 turns/session). The monthly cost is proportional to the number of sessions. (e.g. If you only run 50 sessions/month, multiply it with 50/100.)

Additionally, when the system is not in use (i.e., no active chat sessions), the ongoing costs are minimal (~$1/month for DynamoDB, S3, and Cognito base charges only). There are no upfront or fixed costs for compute.

• Deployment Options - Environment configuration and customization
• Local Development Setup - Explains environment setup automation

Contributions are welcome. Please feel free to submit a Pull Request.

This application is not designed for production use. Please treat it as a proof-of-concept (PoC) for exploring AI agent use cases. It is not intended to support usage by more than a few hundred users.

In addition, please be mindful of the information you input into this system. Inputs are processed and stored across multiple AWS services (Amazon Bedrock, AgentCore, DynamoDB, S3, CloudWatch Logs, etc.), and it is the deployer's responsibility to handle that information appropriately.

Note: this asset represents a proof-of-value for the services included and is not intended as a production-ready solution. You must determine how the AWS Shared Responsibility applies to their specific use case and implement the needed controls to achieve their desired security outcomes. AWS offers a broad set of security tools and configurations to enable our customers. This repository is an experimental sample application and may be updated without considering backward compatibility.

Ultimately it is your responsibility as the developer of a full stack application to ensure all of its aspects are secure. We provide security best practices in repository documentation and provide a secure baseline but Amazon holds no responsibility for the security of applications built from this tool.