feat(iac): add protocol, authorization, and gateway configuration

Add AgentCore-specific configuration options:
- Protocol field for HTTP, MCP, A2A communication
- AuthorizerConfig for IAM/Lambda authorization
- EnableMemory for stateful agents
- GatewayConfig for multi-agent routing

Includes validation, defaults, and helper functions.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: grokify

CHANGELOG.json

@@ -0,0 +1,38 @@
+{
+  "ir_version": "1.0",
+  "project": "agentkit",
+  "repository": "https://github.com/agentplexus/agentkit",
+  "releases": [
+    {
+      "version": "0.2.0",
+      "date": "2025-12-31",
+      "added": [
+        { "description": "IaC configuration package for AgentCore deployments" }
+      ],
+      "changed": [
+        { "description": "Bump `github.com/agentplexus/vaultguard` from 0.1.0 to 0.2.0", "component": "vaultguard", "version": "0.2.0" }
+      ]
+    },
+    {
+      "version": "0.1.0",
+      "date": "2025-12-29",
+      "added": [
+        { "description": "Initial release with core agent framework" },
+        { "description": "A2A protocol server factory" },
+        { "description": "HTTP server factory" },
+        { "description": "Multi-provider LLM abstraction (Gemini, Claude, OpenAI, xAI, Ollama)" },
+        { "description": "Eino workflow orchestration integration" },
+        { "description": "AWS Bedrock AgentCore runtime support" },
+        { "description": "Kubernetes + Helm deployment support" },
+        { "description": "VaultGuard credential management integration" },
+        { "description": "Configuration management utilities" }
+      ],
+      "changed": [
+        { "description": "Bump `github.com/cloudwego/eino` from 0.7.14 to 0.7.15", "component": "eino", "version": "0.7.15" }
+      ],
+      "fixed": [
+        { "description": "Remove unused error return from `loadSecureCredentials`" }
+      ]
+    }
+  ]
+}

CHANGELOG.md

@@ -0,0 +1,62 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html),
+and this changelog is generated by [Structured Changelog](https://github.com/grokify/structured-changelog).
+
+## [Unreleased]
+
+## [0.3.0] - 2026-01-04
+
+### Added
+
+- Protocol configuration for agents (`HTTP`, `MCP`, `A2A`)
+- Authorization configuration (`AuthorizerConfig` type)
+- Memory support for stateful agents (`EnableMemory` field)
+- Gateway configuration for multi-agent routing (`GatewayConfig` type)
+- `ValidProtocols()` helper function
+- `ValidAuthorizerTypes()` helper function
+
+### Changed
+
+- Enhanced validation for protocol and authorizer fields
+- Gateway targets validated against defined agent names
+
+## [0.2.0] - 2025-12-31
+
+### Added
+
+- IaC configuration package for AgentCore deployments
+
+### Changed
+
+- Bump `github.com/agentplexus/vaultguard` from 0.1.0 to 0.2.0
+
+## [0.1.0] - 2025-12-29
+
+### Added
+
+- Initial release with core agent framework
+- A2A protocol server factory
+- HTTP server factory
+- Multi-provider LLM abstraction (Gemini, Claude, OpenAI, xAI, Ollama)
+- Eino workflow orchestration integration
+- AWS Bedrock AgentCore runtime support
+- Kubernetes + Helm deployment support
+- VaultGuard credential management integration
+- Configuration management utilities
+
+### Changed
+
+- Bump `github.com/cloudwego/eino` from 0.7.14 to 0.7.15
+
+### Fixed
+
+- Remove unused error return from `loadSecureCredentials`
+
+[unreleased]: https://github.com/agentplexus/agentkit/compare/v0.3.0...HEAD
+[0.3.0]: https://github.com/agentplexus/agentkit/compare/v0.2.0...v0.3.0
+[0.2.0]: https://github.com/agentplexus/agentkit/compare/v0.1.0...v0.2.0
+[0.1.0]: https://github.com/agentplexus/agentkit/releases/tag/v0.1.0

RELEASE_NOTES_v0.3.0.md

@@ -0,0 +1,210 @@
+# AgentKit v0.3.0 Release Notes
+
+**Release Date:** January 4, 2026
+
+This release adds AgentCore-specific configuration options for protocol selection, authorization, memory, and multi-agent gateway support.
+
+## Highlights
+
+- **Protocol configuration** - Choose HTTP, MCP, or A2A communication protocols
+- **Authorization support** - Configure IAM or Lambda authorizers for inbound requests
+- **Memory support** - Enable persistent memory for stateful agents
+- **Gateway configuration** - Configure multi-agent routing gateways
+
+## New Features
+
+### Protocol Configuration
+
+Agents can now specify their communication protocol:
+
+```yaml
+agents:
+  - name: research
+    containerImage: ghcr.io/example/research:latest
+    protocol: HTTP  # or MCP, A2A
+```
+
+```go
+agent := iac.AgentConfig{
+    Name:           "research",
+    ContainerImage: "ghcr.io/example/research:latest",
+    Protocol:       "MCP",  // Model Context Protocol
+}
+```
+
+Supported protocols:
+
+| Protocol | Description |
+|----------|-------------|
+| `HTTP` | Standard HTTP/REST (default) |
+| `MCP` | Model Context Protocol for tool integration |
+| `A2A` | Agent-to-Agent Protocol for inter-agent communication |
+
+### Authorization Configuration
+
+Configure inbound authorization for agent endpoints:
+
+```yaml
+agents:
+  - name: secure-agent
+    containerImage: ghcr.io/example/agent:latest
+    authorizer:
+      type: IAM  # or LAMBDA, NONE
+```
+
+```go
+agent := iac.AgentConfig{
+    Name:           "secure-agent",
+    ContainerImage: "ghcr.io/example/agent:latest",
+    Authorizer: &iac.AuthorizerConfig{
+        Type: "LAMBDA",
+        LambdaARN: "arn:aws:lambda:us-east-1:123456789012:function:my-authorizer",
+    },
+}
+```
+
+Supported authorizer types:
+
+| Type | Description |
+|------|-------------|
+| `NONE` | No authorization (default) |
+| `IAM` | AWS IAM-based authorization |
+| `LAMBDA` | Custom Lambda authorizer |
+
+### Memory Support
+
+Enable persistent memory for stateful agents:
+
+```yaml
+agents:
+  - name: assistant
+    containerImage: ghcr.io/example/assistant:latest
+    enableMemory: true
+```
+
+### Gateway Configuration
+
+Configure multi-agent gateways for routing requests:
+
+```yaml
+gateway:
+  enabled: true
+  name: my-gateway
+  description: Multi-agent routing gateway
+  targets:
+    - research
+    - synthesis
+    - orchestration
+```
+
+```go
+config := &iac.StackConfig{
+    StackName: "my-agents",
+    Gateway: &iac.GatewayConfig{
+        Enabled:     true,
+        Name:        "my-gateway",
+        Description: "Multi-agent routing gateway",
+        Targets:     []string{"research", "synthesis"},
+    },
+}
+```
+
+## New Types
+
+### AuthorizerConfig
+
+```go
+type AuthorizerConfig struct {
+    Type      string `json:"type" yaml:"type"`                           // IAM, LAMBDA, NONE
+    LambdaARN string `json:"lambdaArn,omitempty" yaml:"lambdaArn,omitempty"`
+}
+```
+
+### GatewayConfig
+
+```go
+type GatewayConfig struct {
+    Enabled     bool     `json:"enabled,omitempty" yaml:"enabled,omitempty"`
+    Name        string   `json:"name,omitempty" yaml:"name,omitempty"`
+    Description string   `json:"description,omitempty" yaml:"description,omitempty"`
+    Targets     []string `json:"targets,omitempty" yaml:"targets,omitempty"`
+}
+```
+
+## New Helper Functions
+
+```go
+// ValidProtocols returns valid agent protocols
+iac.ValidProtocols() // ["HTTP", "MCP", "A2A"]
+
+// ValidAuthorizerTypes returns valid authorizer types
+iac.ValidAuthorizerTypes() // ["IAM", "LAMBDA", "NONE"]
+```
+
+## Enhanced Validation
+
+- Protocol values validated against allowed list
+- Authorizer type validated against allowed list
+- Lambda ARN required when authorizer type is LAMBDA
+- Gateway targets validated against defined agent names
+
+## Example Configuration
+
+```yaml
+stackName: stats-agent-team
+description: Statistics research and verification system
+
+agents:
+  - name: research
+    containerImage: ghcr.io/agentplexus/stats-agent-research:v0.5.1
+    memoryMB: 512
+    timeoutSeconds: 30
+    protocol: HTTP
+    description: Research agent
+
+  - name: orchestration
+    containerImage: ghcr.io/agentplexus/stats-agent-orchestration:v0.5.1
+    memoryMB: 512
+    timeoutSeconds: 300
+    protocol: HTTP
+    isDefault: true
+    authorizer:
+      type: IAM
+
+gateway:
+  enabled: true
+  name: stats-gateway
+  targets:
+    - research
+    - orchestration
+
+vpc:
+  createVPC: true
+
+observability:
+  provider: opik
+  project: stats-agent-team
+```
+
+## Breaking Changes
+
+None. This release is fully backward compatible with v0.2.0.
+
+## Migration Guide
+
+No migration required. New fields are optional with sensible defaults:
+
+- `protocol` defaults to `"HTTP"`
+- `authorizer` defaults to `nil` (no authorization)
+- `enableMemory` defaults to `false`
+- `gateway` defaults to `nil` (no gateway)
+
+## Installation
+
+```bash
+go get github.com/agentplexus/agentkit@v0.3.0
+```
+
+## License
+
+MIT License