AWS bedrock-agentcore documentation change
Summary
Added CLI examples for invoking agents with payment context using --payment-instrument-id and --payment-user-id flags
Security assessment
The changes document payment processing workflows without addressing vulnerabilities or weaknesses. The added flags relate to payment functionality, not security controls.
Diff
diff --git a/bedrock-agentcore/latest/devguide/payments-process-payment.md b/bedrock-agentcore/latest/devguide/payments-process-payment.md index bf4a37a31..da32eb016 100644 --- a//bedrock-agentcore/latest/devguide/payments-process-payment.md +++ b//bedrock-agentcore/latest/devguide/payments-process-payment.md @@ -136,0 +137,23 @@ Use the `PaymentManager` class to generate payment headers manually within any a +AgentCore CLI + + +If your agent is deployed with payment capabilities configured, invoke it with payment context and the x402 interceptor handles payment processing automatically: + + + agentcore invoke \ + --prompt "Access the premium endpoint at https://example-x402-merchant.com/paid-api" \ + --payment-instrument-id <INSTRUMENT_ID> \ + --auto-session \ + --payment-user-id [email protected] + +To use an explicit session instead of auto-creating one: + + + agentcore invoke \ + --prompt "Access the premium endpoint at https://example-x402-merchant.com/paid-api" \ + --payment-instrument-id <INSTRUMENT_ID> \ + --payment-session-id <SESSION_ID> \ + --payment-user-id [email protected] + +The deployed agent’s x402 plugin intercepts HTTP 402 responses, calls `ProcessPayment`, and retries the request with proof. Requires AgentCore CLI v0.19.0 or later. +