amazon-bedrock-agentcore-sa.../02-use-cases/SRE-agent/scripts/configure_gateway.sh

#!/bin/bash

# Configure Gateway Script for SRE Agent
# Manages gateway configuration and backend services

set -e

# Get the directory where this script is located
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"

# File paths
GATEWAY_URI_FILE="$PROJECT_ROOT/gateway/.gateway_uri"
ACCESS_TOKEN_FILE="$PROJECT_ROOT/gateway/.access_token"
AGENT_CONFIG_FILE="$PROJECT_ROOT/sre_agent/config/agent_config.yaml"
ENV_FILE="$PROJECT_ROOT/sre_agent/.env"

# Default gateway URI for reverse operation
DEFAULT_GATEWAY_URI="https://your-agentcore-gateway-endpoint.gateway.bedrock-agentcore.us-east-1.amazonaws.com"

# Function to show usage
show_usage() {
    echo "Usage: $0 [OPTIONS]"
    echo ""
    echo "Options:"
    echo "  --cleanup       Reset gateway URI to default placeholder"
    echo "  --help, -h      Show this help message"
    echo ""
    echo "Description:"
    echo "  This script configures the SRE Agent to use a real AgentCore gateway."
    echo "  It reads the gateway URI and access token from the gateway directory"
    echo "  and updates the configuration files accordingly."
    echo ""
    echo "  Normal operation:"
    echo "  1. Stops running backend servers"
    echo "  2. Generates new access token"
    echo "  3. Gets EC2 instance private IP"
    echo "  4. Starts backend servers with SSL"
    echo "  5. Updates gateway URI in agent config"
    echo "  6. Updates access token in .env file"
    echo ""
    echo "  Cleanup operation (--cleanup):"
    echo "  - Resets gateway URI to placeholder value"
    echo "  - Useful for development/testing mode"
}

# Function to check if file exists
check_file() {
    local file="$1"
    local description="$2"
    
    if [ ! -f "$file" ]; then
        echo "❌ Error: $description not found at $file"
        return 1
    fi
    return 0
}

# Function to update YAML file
update_gateway_uri_in_yaml() {
    local uri="$1"
    local config_file="$2"
    
    echo "📝 Updating gateway URI in $config_file"
    
    # Use sed to update the gateway URI line
    if grep -q "^  uri:" "$config_file"; then
        # Update existing uri line
        sed -i "s|^  uri:.*|  uri: \"$uri\"|" "$config_file"
    else
        # Add uri line if gateway section exists
        if grep -q "^gateway:" "$config_file"; then
            sed -i "/^gateway:/a\\  uri: \"$uri\"" "$config_file"
        else
            # Add entire gateway section
            echo "" >> "$config_file"
            echo "# Gateway configuration" >> "$config_file"
            echo "gateway:" >> "$config_file"
            echo "  uri: \"$uri\"" >> "$config_file"
        fi
    fi
    
    echo "✅ Gateway URI updated to: $uri"
}

# Function to update or create .env file
update_env_file() {
    local token="$1"
    local env_file="$2"
    
    echo "📝 Updating access token in $env_file"
    
    # Create .env file if it doesn't exist
    if [ ! -f "$env_file" ]; then
        echo "# SRE Agent Environment Variables" > "$env_file"
    fi
    
    # Update or add GATEWAY_ACCESS_TOKEN
    if grep -q "^GATEWAY_ACCESS_TOKEN=" "$env_file"; then
        # Update existing token
        sed -i "s|^GATEWAY_ACCESS_TOKEN=.*|GATEWAY_ACCESS_TOKEN=\"$token\"|" "$env_file"
    else
        # Add new token
        echo "GATEWAY_ACCESS_TOKEN=\"$token\"" >> "$env_file"
    fi
    
    echo "✅ Access token updated in .env file"
}

# Function to get EC2 instance private IP
get_private_ip() {
    echo "🌐 Getting EC2 instance private IP..."
    
    TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" \
      -H "X-aws-ec2-metadata-token-ttl-seconds: 21600" -s)
    PRIVATE_IP=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" \
      -s http://169.254.169.254/latest/meta-data/local-ipv4)
    
    if [ -z "$PRIVATE_IP" ]; then
        echo "❌ Failed to get private IP address"
        exit 1
    fi
    
    echo "📍 Private IP: $PRIVATE_IP"
}

# Function to stop backend servers
stop_backend() {
    echo "🛑 Stopping backend servers..."
    if [ -f "$PROJECT_ROOT/backend/scripts/stop_demo_backend.sh" ]; then
        cd "$PROJECT_ROOT"
        bash backend/scripts/stop_demo_backend.sh
    else
        echo "⚠️  Backend stop script not found, continuing..."
    fi
}

# Function to start backend servers
start_backend() {
    echo "🚀 Starting backend servers..."
    
    # Check if SSL certificates exist
    SSL_KEY="/etc/letsencrypt/live/$(hostname -f)/privkey.pem"
    SSL_CERT="/etc/letsencrypt/live/$(hostname -f)/fullchain.pem"
    
    # Alternative SSL paths to check
    if [ ! -f "$SSL_KEY" ] || [ ! -f "$SSL_CERT" ]; then
        SSL_KEY="/opt/ssl/privkey.pem"
        SSL_CERT="/opt/ssl/fullchain.pem"
    fi
    
    if [ -f "$SSL_KEY" ] && [ -f "$SSL_CERT" ]; then
        echo "🔒 Found SSL certificates, starting with HTTPS"
        cd "$PROJECT_ROOT"
        echo "🔧 Executing: bash backend/scripts/start_demo_backend.sh --host \"$PRIVATE_IP\" --ssl-keyfile \"$SSL_KEY\" --ssl-certfile \"$SSL_CERT\""
        bash backend/scripts/start_demo_backend.sh --host "$PRIVATE_IP" --ssl-keyfile "$SSL_KEY" --ssl-certfile "$SSL_CERT"
    else
        echo "⚠️  SSL certificates not found, starting with HTTP"
        cd "$PROJECT_ROOT"
        echo "🔧 Executing: bash backend/scripts/start_demo_backend.sh --host \"$PRIVATE_IP\""
        bash backend/scripts/start_demo_backend.sh --host "$PRIVATE_IP"
    fi
}

# Function to generate new token
generate_token() {
    echo "🔑 Generating new access token..."
    if [ -f "$PROJECT_ROOT/gateway/generate_token.sh" ]; then
        cd "$PROJECT_ROOT/gateway"
        bash generate_token.sh
    else
        echo "❌ Error: Token generation script not found"
        exit 1
    fi
}

# Parse command line arguments
CLEANUP_MODE=false

while [[ $# -gt 0 ]]; do
    case $1 in
        --cleanup)
            CLEANUP_MODE=true
            shift
            ;;
        --help|-h)
            show_usage
            exit 0
            ;;
        *)
            echo "❌ Unknown argument: $1"
            echo "Use --help for usage information"
            exit 1
            ;;
    esac
done

echo "🔧 SRE Agent Gateway Configuration Script"
echo "=========================================="

if [ "$CLEANUP_MODE" = true ]; then
    echo "🔄 Running in cleanup mode - resetting to default configuration"
    
    # Check if agent config file exists
    if ! check_file "$AGENT_CONFIG_FILE" "Agent config file"; then
        exit 1
    fi
    
    # Update gateway URI to default
    update_gateway_uri_in_yaml "$DEFAULT_GATEWAY_URI" "$AGENT_CONFIG_FILE"
    
    # Remove or comment out access token from .env file
    if [ -f "$ENV_FILE" ]; then
        echo "🧹 Removing access token from .env file"
        if grep -q "^GATEWAY_ACCESS_TOKEN=" "$ENV_FILE"; then
            # Comment out the existing token line
            sed -i 's|^GATEWAY_ACCESS_TOKEN=.*|# GATEWAY_ACCESS_TOKEN=removed_in_reverse_mode|' "$ENV_FILE"
            echo "✅ Access token removed from .env file"
        else
            echo "ℹ️  No access token found in .env file"
        fi
    else
        echo "ℹ️  No .env file found"
    fi
    
    echo "✅ Configuration reset to default (development mode)"
    echo "🔧 Gateway URI set to: $DEFAULT_GATEWAY_URI"
    echo "🔑 Access token removed from .env file"
    
else
    echo "⚙️  Running in normal mode - configuring for production gateway"
    
    # Step 1: Stop running servers
    stop_backend
    
    # Step 2: Generate new token
    generate_token
    
    # Step 3: Get private IP
    get_private_ip
    
    # Step 4: Start backend servers
    start_backend
    
    # Step 5: Check required files
    echo "📂 Checking required files..."
    
    if ! check_file "$GATEWAY_URI_FILE" "Gateway URI file"; then
        echo "💡 Please ensure gateway/.gateway_uri contains your AgentCore gateway endpoint"
        exit 1
    fi
    
    if ! check_file "$ACCESS_TOKEN_FILE" "Access token file"; then
        echo "💡 Please run gateway/generate_token.sh first to create access token"
        exit 1
    fi
    
    if ! check_file "$AGENT_CONFIG_FILE" "Agent config file"; then
        exit 1
    fi
    
    # Step 6: Read gateway URI and access token
    echo "📖 Reading configuration files..."
    
    GATEWAY_URI=$(cat "$GATEWAY_URI_FILE" | tr -d '\n\r' | xargs)
    ACCESS_TOKEN=$(cat "$ACCESS_TOKEN_FILE" | tr -d '\n\r' | xargs)
    
    if [ -z "$GATEWAY_URI" ]; then
        echo "❌ Error: Gateway URI is empty"
        exit 1
    fi
    
    if [ -z "$ACCESS_TOKEN" ]; then
        echo "❌ Error: Access token is empty"
        exit 1
    fi
    
    echo "📋 Gateway URI: $GATEWAY_URI"
    echo "🔑 Access token: ${ACCESS_TOKEN:0:20}..." # Show first 20 chars only
    
    # Step 7: Update configuration files
    update_gateway_uri_in_yaml "$GATEWAY_URI" "$AGENT_CONFIG_FILE"
    update_env_file "$ACCESS_TOKEN" "$ENV_FILE"
    
    echo ""
    echo "✅ Configuration completed successfully!"
    echo "🎯 Gateway URI: $GATEWAY_URI"
    echo "📁 Updated files:"
    echo "   - $AGENT_CONFIG_FILE"
    echo "   - $ENV_FILE"
    echo ""
    echo "🚀 Backend servers are running with SSL on $PRIVATE_IP"
    echo "🔧 SRE Agent is now configured for production gateway"
fi

echo ""
echo "🏁 Script completed!"
-												feat(02-use-cases): integrate AgentCore Memory with SRE Agent for intelligent context-aware incident response (#210)

* feat: integrate long-term memory system into SRE agent

- Add AgentCore Memory integration with three memory strategies:
  * User preferences (escalation, notification, workflow preferences)
  * Infrastructure knowledge (dependencies, patterns, baselines)
  * Investigation summaries (timeline, actions, findings)

- Implement memory tools for save/retrieve operations
- Add automatic memory capture through hooks and pattern recognition
- Extend agent state to support memory context
- Integrate memory-aware planning in supervisor agent
- Add comprehensive test coverage for memory functionality
- Create detailed documentation with usage examples

This transforms the SRE agent from stateless to learning assistant
that becomes more valuable over time by remembering user preferences,
infrastructure patterns, and investigation outcomes.

Addresses issue #164

* feat: environment variable config, agent routing fixes, and project organization

- Move USER_ID/SESSION_ID from metadata parsing to environment variables
- Add .memory_id to .gitignore for local memory state
- Update .gitignore to use .scratchpad/ folder instead of .scratchpad.md
- Fix agent routing issues with supervisor prompt and graph node naming
- Add conversation memory tracking for all agents and supervisor
- Improve agent metadata system with centralized constants
- Add comprehensive logging and debugging for agent tool access
- Update deployment script to pass user_id/session_id in payload
- Create .scratchpad/ folder structure for better project organization

* feat: enhance SRE agent with automatic report archiving and error fixes

- Add automatic archiving system for reports by date
- Include user_id in report filenames for better organization
- Fix Pydantic validation error with string-to-list conversion for investigation steps
- Add content length truncation for memory storage to prevent validation errors
- Remove status line from report output for cleaner formatting
- Implement date-based folder organization (YYYY-MM-DD format)
- Add memory content length limits configuration in constants

Key improvements:
- Reports now auto-archive old files when saving new ones
- User-specific filenames: query_user_id_UserName_YYYYMMDD_HHMMSS.md
- Robust error handling for memory content length limits
- Backward compatibility with existing filename formats

* feat: fix memory retrieval system for cross-session searches and user personalization

Key fixes and improvements:
- Fix case preservation in actor_id sanitization (Carol remains Carol, not carol)
- Enable cross-session memory searches for infrastructure and investigation memories
- Add XML parsing support for investigation summaries stored in XML format
- Enhance user preference integration throughout the system
- Add comprehensive debug logging for memory retrieval processes
- Update prompts to support user-specific communication styles and preferences

Memory system now properly:
- Preserves user case in memory namespaces (/sre/users/Carol vs /sre/users/carol)
- Searches across all sessions for planning context vs session-specific for current state
- Parses both JSON and XML formatted investigation memories
- Adapts investigation approach based on user preferences and historical patterns
- Provides context-aware planning using infrastructure knowledge and past investigations

* feat: enhance SRE agent with user-specific memory isolation and anti-hallucination measures

Memory System Improvements:
- Fix memory isolation to retrieve only user-specific memories (Alice doesn't see Carol's data)
- Implement proper namespace handling for cross-session vs session-specific searches
- Add detailed logging for memory retrieval debugging and verification
- Remove verbose success logs, keep only error logs for cleaner output

Anti-Hallucination Enhancements:
- Add tool output validation requirements to agent prompts
- Implement timestamp fabrication prevention (use 2024-* format from backend)
- Require tool attribution for all metrics and findings in reports
- Add backend data alignment patterns for consistent data references
- Update supervisor aggregation prompts to flag unverified claims

Code Organization:
- Extract hardcoded prompts from supervisor.py to external prompt files
- Add missing session_id parameters to SaveInfrastructureTool and SaveInvestigationTool
- Improve memory client namespace documentation and cross-session search logic
- Reduce debug logging noise while maintaining error tracking

Verification Complete:
- Memory isolation working correctly (only user-specific data retrieval)
- Cross-session memory usage properly configured for planning and investigations
- Memory integration confirmed in report generation pipeline
- Anti-hallucination measures prevent fabricated metrics and timestamps

* feat: organize utility scripts in dedicated scripts folder

Script Organization:
- Move manage_memories.py to scripts/ folder with updated import paths
- Move configure_gateway.sh to scripts/ folder with corrected PROJECT_ROOT path
- Copy user_config.yaml to scripts/ folder for self-contained script usage

Path Fixes:
- Update manage_memories.py to import sre_agent module from correct relative path
- Fix .memory_id file path resolution for new script location
- Update configure_gateway.sh PROJECT_ROOT to point to correct parent directory
- Add fallback logic to find user_config.yaml in scripts/ or project root

Script Improvements:
- Update help text and examples to use 'uv run python scripts/' syntax
- Make manage_memories.py executable with proper permissions
- Maintain backward compatibility for custom config file paths
- Self-contained scripts folder with all required dependencies

Verification:
- All scripts work correctly from new location
- Memory management functions operate properly
- Gateway configuration handles paths correctly
- User preferences loading works from scripts directory

* docs: update SSL certificate paths to use /opt/ssl standard location

- Update README.md to reference /opt/ssl for SSL certificate paths
- Update docs/demo-environment.md to use /opt/ssl paths
- Clean up scripts/configure_gateway.sh SSL fallback paths
- Remove duplicate and outdated SSL path references
- Establish /opt/ssl as the standard SSL certificate location

This ensures consistent SSL certificate management across all
documentation and scripts, supporting the established /opt/ssl
directory with proper ubuntu:ubuntu ownership.

* feat: enhance memory system with infrastructure parsing fix and user personalization analysis

Infrastructure Memory Parsing Improvements:
- Fix infrastructure memory parsing to handle both JSON and plain text formats
- Convert plain text memories to structured InfrastructureKnowledge objects
- Change warning logs to debug level for normal text-to-structure conversion
- Ensure all infrastructure memories are now retrievable and usable

User Personalization Documentation:
- Add comprehensive memory system analysis comparing Alice vs Carol reports
- Create docs/examples/ folder with real investigation reports demonstrating personalization
- Document side-by-side communication differences based on user preferences
- Show how same technical incident produces different reports for different user roles

Example Reports Added:
- Alice's technical detailed investigation report (technical role preferences)
- Carol's business-focused executive summary report (executive role preferences)
- Memory system analysis with extensive side-by-side comparisons

This demonstrates the memory system's ability to:
- Maintain technical accuracy while adapting presentation style
- Apply user-specific escalation procedures and communication channels
- Build institutional knowledge about recurring infrastructure patterns
- Personalize identical technical incidents for different organizational roles

* feat: enhance memory system with automatic pattern extraction and improved logging

## Memory System Enhancements
- **Individual agent memory integration**: Every agent response now triggers automatic memory pattern extraction through on_agent_response() hooks
- **Enhanced conversation logging**: Added detailed message breakdown showing USER/ASSISTANT/TOOL message counts and tool names called
- **Fixed infrastructure extraction**: Resolved hardcoded agent name issues by using SREConstants for agent identification
- **Comprehensive memory persistence**: All agent responses and tool executions stored as conversation memory with proper session tracking

## Tool Architecture Clarification
- **Centralized memory access**: Confirmed only supervisor agent has direct access to memory tools (retrieve_memory, save_*)
- **Individual agent focus**: Individual agents have NO memory tools, only domain-specific tools (5 tools each for metrics, logs, k8s, runbooks)
- **Automatic pattern recognition**: Memory capture happens automatically through hooks, not manual tool calls by individual agents

## Documentation Updates
- **Updated memory-system.md**: Comprehensive design documentation reflecting current implementation
- **Added example analyses**: Created flight-booking-analysis.md and api-response-time-analysis.md in docs/examples/
- **Enhanced README.md**: Added memory system overview and personalized investigation examples
- **Updated .gitignore**: Now ignores entire reports/ folder instead of just .md files

## Implementation Improvements
- **Event ID tracking**: All memory operations generate and log event IDs for verification
- **Pattern extraction confirmation**: Logs confirm pattern extraction working for all agent types
- **Memory save verification**: Comprehensive logging shows successful saves across all memory types
- **Script enhancements**: manage_memories.py now handles duplicate removal and improved user management

* docs: enhance memory system documentation with planning agent memory usage examples

- Add real agent.log snippets showing planning agent retrieving and using memory context
- Document XML-structured prompts for improved Claude model interaction
- Explain JSON response format enforcement and infrastructure knowledge extraction
- Add comprehensive logging and monitoring details
- Document actor ID design for proper memory namespace isolation
- Fix ASCII flow diagram alignment for better readability
- Remove temporal framing and present features as current design facts

* docs: add AWS documentation links and clean up memory system documentation

- Add hyperlink to Amazon Bedrock AgentCore Memory main documentation
- Link to Memory Getting Started Guide for the three memory strategies
- Remove Legacy Pattern Recognition section from documentation (code remains)
- Remove Error Handling and Fallbacks section to focus on core functionality
- Keep implementation details in code while streamlining public documentation

* docs: reorganize memory-system.md to eliminate redundancies

- Merged Memory Tool Architecture and Planning sections into unified section
- Consolidated all namespace/actor_id explanations in architecture section
- Combined pattern recognition and memory capture content
- Created dedicated Agent Memory Integration section with examples
- Removed ~15-20% redundant content while improving clarity
- Improved document structure for better navigation

* style: apply ruff formatting and fix code style issues

- Applied ruff auto-formatting to all Python files
- Fixed 383 style issues automatically
- Remaining issues require manual intervention:
  - 29 ruff errors (bare except, unused variables, etc.)
  - 61 mypy type errors (missing annotations, implicit Optional)
- Verified memory system functionality matches documentation
- Confirmed user personalization working correctly in reports

* docs: make benefits section more succinct in memory-system.md

- Consolidated 12 bullet points into 5 focused benefits
- Removed redundant three-category structure (Users/Teams/Operations)
- Maintained all key value propositions while improving readability
- Reduced section length by ~60% while preserving essential information

* feat: add comprehensive cleanup script with memory deletion

- Added cleanup.sh script to delete all AWS resources (gateway, runtime, memory)
- Integrated memory deletion using bedrock_agentcore MemoryClient
- Added proper error handling and graceful fallbacks
- Updated execution order: servers → gateway → memory → runtime → local files
- Added memory deletion to README.md cleanup instructions
- Includes confirmation prompts and --force option for automation

* fix: preserve .env, .venv, and reports in cleanup script

- Modified cleanup script to only remove AWS-generated configuration files
- Preserved .env files for development continuity
- Preserved .venv directories to avoid reinstalling dependencies
- Preserved reports/ directory containing investigation history
- Files removed: gateway URIs, tokens, agent ARNs, memory IDs only
- Updated documentation to clarify preserved vs removed files

* fix: use correct bedrock-agentcore-control client for gateway operations

- Changed boto3 client from 'bedrock-agentcore' to 'bedrock-agentcore-control'
- Fixes 'list_gateways' method not found error during gateway deletion
- Both gateway and runtime deletion now use the correct control plane client

* docs: add memory system initialization timing guidance

- Added note that memory system takes 10-12 minutes to be ready
- Added steps to check memory status with list command after 10 minutes
- Added instruction to run update command again once memory is ready
- Provides clear workflow for memory system setup and prevents user confusion

* docs: comprehensive documentation update and cleanup

- Remove unused root .env and .env.example files (not referenced by any code)
- Update configuration.md with comprehensive config file documentation
- Add configuration overview table with setup instructions and auto-generation info
- Consolidate specialized-agents.md content into system-components.md
- Update system-components.md with complete AgentCore architecture
- Add detailed sections for AgentCore Runtime, Gateway, and Memory primitives
- Remove cli-reference.md (excessive documentation for limited use)
- Update README.md to reference configuration guide in setup section
- Clean up documentation links and organization

The documentation now provides a clear, consolidated view of the system
architecture and configuration with proper cross-references and setup guidance.

* feat: improve runtime deployment and invocation robustness

- Increase deletion wait time to 150s for agent runtime cleanup
- Add retry logic with exponential backoff for MCP rate limiting (429 errors)
- Add session_id and user_id to agent state for memory retrieval
- Filter out /ping endpoint logs to reduce noise
- Increase boto3 read timeout to 5 minutes for long-running operations
- Add clear error messages for agent name conflicts
- Update README to clarify virtual environment requirement for scripts
- Fix session ID generation to meet 33+ character requirement

These changes improve reliability when deploying and invoking agents,
especially under heavy load or with complex queries that take time.

* chore: remove accidentally committed reports folder

Removed 130+ markdown report files from the reports/ directory that were
accidentally committed. The .gitignore already includes reports/ to prevent
future commits of these generated files.
											
										
										
											2025-08-06 17:49:56 -04:00
+								#!/bin/bash
 								# Configure Gateway Script for SRE Agent
 								# Manages gateway configuration and backend services
 								set -e
 								# Get the directory where this script is located
 								SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 								PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
 								# File paths
 								GATEWAY_URI_FILE="$PROJECT_ROOT/gateway/.gateway_uri"
 								ACCESS_TOKEN_FILE="$PROJECT_ROOT/gateway/.access_token"
 								AGENT_CONFIG_FILE="$PROJECT_ROOT/sre_agent/config/agent_config.yaml"
 								ENV_FILE="$PROJECT_ROOT/sre_agent/.env"
 								# Default gateway URI for reverse operation
 								DEFAULT_GATEWAY_URI="https://your-agentcore-gateway-endpoint.gateway.bedrock-agentcore.us-east-1.amazonaws.com"
 								# Function to show usage
 								show_usage() {
 								    echo "Usage: $0 [OPTIONS]"
 								    echo ""
 								    echo "Options:"
 								    echo "  --cleanup       Reset gateway URI to default placeholder"
 								    echo "  --help, -h      Show this help message"
 								    echo ""
 								    echo "Description:"
 								    echo "  This script configures the SRE Agent to use a real AgentCore gateway."
 								    echo "  It reads the gateway URI and access token from the gateway directory"
 								    echo "  and updates the configuration files accordingly."
 								    echo ""
 								    echo "  Normal operation:"
 								    echo "  1. Stops running backend servers"
 								    echo "  2. Generates new access token"
 								    echo "  3. Gets EC2 instance private IP"
 								    echo "  4. Starts backend servers with SSL"
 								    echo "  5. Updates gateway URI in agent config"
 								    echo "  6. Updates access token in .env file"
 								    echo ""
 								    echo "  Cleanup operation (--cleanup):"
 								    echo "  - Resets gateway URI to placeholder value"
 								    echo "  - Useful for development/testing mode"
 								}
 								# Function to check if file exists
 								check_file() {
 								    local file="$1"
 								    local description="$2"
 								    if [ ! -f "$file" ]; then
 								        echo "❌ Error: $description not found at $file"
 								        return 1
 								    fi
 								    return 0
 								}
 								# Function to update YAML file
 								update_gateway_uri_in_yaml() {
 								    local uri="$1"
 								    local config_file="$2"
 								    echo "📝 Updating gateway URI in $config_file"
 								    # Use sed to update the gateway URI line
 								    if grep -q "^  uri:" "$config_file"; then
 								        # Update existing uri line
 								        sed -i "s|^  uri:.*|  uri: \"$uri\"|" "$config_file"
 								    else
 								        # Add uri line if gateway section exists
 								        if grep -q "^gateway:" "$config_file"; then
 								            sed -i "/^gateway:/a\\  uri: \"$uri\"" "$config_file"
 								        else
 								            # Add entire gateway section
 								            echo "" >> "$config_file"
 								            echo "# Gateway configuration" >> "$config_file"
 								            echo "gateway:" >> "$config_file"
 								            echo "  uri: \"$uri\"" >> "$config_file"
 								        fi
 								    fi
 								    echo "✅ Gateway URI updated to: $uri"
 								}
 								# Function to update or create .env file
 								update_env_file() {
 								    local token="$1"
 								    local env_file="$2"
 								    echo "📝 Updating access token in $env_file"
 								    # Create .env file if it doesn't exist
 								    if [ ! -f "$env_file" ]; then
 								        echo "# SRE Agent Environment Variables" > "$env_file"
 								    fi
 								    # Update or add GATEWAY_ACCESS_TOKEN
 								    if grep -q "^GATEWAY_ACCESS_TOKEN=" "$env_file"; then
 								        # Update existing token
 								        sed -i "s|^GATEWAY_ACCESS_TOKEN=.*|GATEWAY_ACCESS_TOKEN=\"$token\"|" "$env_file"
 								    else
 								        # Add new token
 								        echo "GATEWAY_ACCESS_TOKEN=\"$token\"" >> "$env_file"
 								    fi
 								    echo "✅ Access token updated in .env file"
 								}
 								# Function to get EC2 instance private IP
 								get_private_ip() {
 								    echo "🌐 Getting EC2 instance private IP..."
 								    TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" \
 								      -H "X-aws-ec2-metadata-token-ttl-seconds: 21600" -s)
 								    PRIVATE_IP=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" \
 								      -s http://169.254.169.254/latest/meta-data/local-ipv4)
 								    if [ -z "$PRIVATE_IP" ]; then
 								        echo "❌ Failed to get private IP address"
 								        exit 1
 								    fi
 								    echo "📍 Private IP: $PRIVATE_IP"
 								}
 								# Function to stop backend servers
 								stop_backend() {
 								    echo "🛑 Stopping backend servers..."
 								    if [ -f "$PROJECT_ROOT/backend/scripts/stop_demo_backend.sh" ]; then
 								        cd "$PROJECT_ROOT"
 								        bash backend/scripts/stop_demo_backend.sh
 								    else
 								        echo "⚠️  Backend stop script not found, continuing..."
 								    fi
 								}
 								# Function to start backend servers
 								start_backend() {
 								    echo "🚀 Starting backend servers..."
 								    # Check if SSL certificates exist
 								    SSL_KEY="/etc/letsencrypt/live/$(hostname -f)/privkey.pem"
 								    SSL_CERT="/etc/letsencrypt/live/$(hostname -f)/fullchain.pem"
 								    # Alternative SSL paths to check
 								    if [ ! -f "$SSL_KEY" ] || [ ! -f "$SSL_CERT" ]; then
 								        SSL_KEY="/opt/ssl/privkey.pem"
 								        SSL_CERT="/opt/ssl/fullchain.pem"
 								    fi
 								    if [ -f "$SSL_KEY" ] && [ -f "$SSL_CERT" ]; then
 								        echo "🔒 Found SSL certificates, starting with HTTPS"
 								        cd "$PROJECT_ROOT"
 								        echo "🔧 Executing: bash backend/scripts/start_demo_backend.sh --host \"$PRIVATE_IP\" --ssl-keyfile \"$SSL_KEY\" --ssl-certfile \"$SSL_CERT\""
 								        bash backend/scripts/start_demo_backend.sh --host "$PRIVATE_IP" --ssl-keyfile "$SSL_KEY" --ssl-certfile "$SSL_CERT"
 								    else
 								        echo "⚠️  SSL certificates not found, starting with HTTP"
 								        cd "$PROJECT_ROOT"
 								        echo "🔧 Executing: bash backend/scripts/start_demo_backend.sh --host \"$PRIVATE_IP\""
 								        bash backend/scripts/start_demo_backend.sh --host "$PRIVATE_IP"
 								    fi
 								}
 								# Function to generate new token
 								generate_token() {
 								    echo "🔑 Generating new access token..."
 								    if [ -f "$PROJECT_ROOT/gateway/generate_token.sh" ]; then
 								        cd "$PROJECT_ROOT/gateway"
 								        bash generate_token.sh
 								    else
 								        echo "❌ Error: Token generation script not found"
 								        exit 1
 								    fi
 								}
 								# Parse command line arguments
 								CLEANUP_MODE=false
 								while [[ $# -gt 0 ]]; do
 								    case $1 in
 								        --cleanup)
 								            CLEANUP_MODE=true
 								            shift
 								            ;;
 								        --help|-h)
 								            show_usage
 								            exit 0
 								            ;;
 								        *)
 								            echo "❌ Unknown argument: $1"
 								            echo "Use --help for usage information"
 								            exit 1
 								            ;;
 								    esac
 								done
 								echo "🔧 SRE Agent Gateway Configuration Script"
 								echo "=========================================="
 								if [ "$CLEANUP_MODE" = true ]; then
 								    echo "🔄 Running in cleanup mode - resetting to default configuration"
 								    # Check if agent config file exists
 								    if ! check_file "$AGENT_CONFIG_FILE" "Agent config file"; then
 								        exit 1
 								    fi
 								    # Update gateway URI to default
 								    update_gateway_uri_in_yaml "$DEFAULT_GATEWAY_URI" "$AGENT_CONFIG_FILE"
 								    # Remove or comment out access token from .env file
 								    if [ -f "$ENV_FILE" ]; then
 								        echo "🧹 Removing access token from .env file"
 								        if grep -q "^GATEWAY_ACCESS_TOKEN=" "$ENV_FILE"; then
 								            # Comment out the existing token line
 								            sed -i 's|^GATEWAY_ACCESS_TOKEN=.*|# GATEWAY_ACCESS_TOKEN=removed_in_reverse_mode|' "$ENV_FILE"
 								            echo "✅ Access token removed from .env file"
 								        else
 								            echo "ℹ️  No access token found in .env file"
 								        fi
 								    else
 								        echo "ℹ️  No .env file found"
 								    fi
 								    echo "✅ Configuration reset to default (development mode)"
 								    echo "🔧 Gateway URI set to: $DEFAULT_GATEWAY_URI"
 								    echo "🔑 Access token removed from .env file"
 								else
 								    echo "⚙️  Running in normal mode - configuring for production gateway"
 								    # Step 1: Stop running servers
 								    stop_backend
 								    # Step 2: Generate new token
 								    generate_token
 								    # Step 3: Get private IP
 								    get_private_ip
 								    # Step 4: Start backend servers
 								    start_backend
 								    # Step 5: Check required files
 								    echo "📂 Checking required files..."
 								    if ! check_file "$GATEWAY_URI_FILE" "Gateway URI file"; then
 								        echo "💡 Please ensure gateway/.gateway_uri contains your AgentCore gateway endpoint"
 								        exit 1
 								    fi
 								    if ! check_file "$ACCESS_TOKEN_FILE" "Access token file"; then
 								        echo "💡 Please run gateway/generate_token.sh first to create access token"
 								        exit 1
 								    fi
 								    if ! check_file "$AGENT_CONFIG_FILE" "Agent config file"; then
 								        exit 1
 								    fi
 								    # Step 6: Read gateway URI and access token
 								    echo "📖 Reading configuration files..."
 								    GATEWAY_URI=$(cat "$GATEWAY_URI_FILE" | tr -d '\n\r' | xargs)
 								    ACCESS_TOKEN=$(cat "$ACCESS_TOKEN_FILE" | tr -d '\n\r' | xargs)
 								    if [ -z "$GATEWAY_URI" ]; then
 								        echo "❌ Error: Gateway URI is empty"
 								        exit 1
 								    fi
 								    if [ -z "$ACCESS_TOKEN" ]; then
 								        echo "❌ Error: Access token is empty"
 								        exit 1
 								    fi
 								    echo "📋 Gateway URI: $GATEWAY_URI"
 								    echo "🔑 Access token: ${ACCESS_TOKEN:0:20}..." # Show first 20 chars only
 								    # Step 7: Update configuration files
 								    update_gateway_uri_in_yaml "$GATEWAY_URI" "$AGENT_CONFIG_FILE"
 								    update_env_file "$ACCESS_TOKEN" "$ENV_FILE"
 								    echo ""
 								    echo "✅ Configuration completed successfully!"
 								    echo "🎯 Gateway URI: $GATEWAY_URI"
 								    echo "📁 Updated files:"
 								    echo "   - $AGENT_CONFIG_FILE"
 								    echo "   - $ENV_FILE"
 								    echo ""
 								    echo "🚀 Backend servers are running with SSL on $PRIVATE_IP"
 								    echo "🔧 SRE Agent is now configured for production gateway"
 								fi
 								echo ""
 								echo "🏁 Script completed!"