Add AgentCore memory search adapter, remove dead extensions

config/openclaw.json5

@@ -0,0 +1,51 @@
+// Hyperion Assistant Service — OC Gateway base config.
+// Loaded via OC_GATEWAY_CONFIG secret in ECS container.
+// Per-tenant config (model, tools, personality) is loaded from DynamoDB at runtime
+// by the Hyperion plugin; this file only defines platform-level gateway settings.
+{
+  // Gateway binds to 0.0.0.0 on port 18789 (overridden by CMD in ECS task def).
+  gateway: {
+    mode: "local",
+    port: 18789,
+    bind: "lan",
+    auth: {
+      // ALB is the trusted reverse proxy; user identity arrives in Amz-Mons-Idp-Subject
+      // header set by the IDP via CloudFront/ALB. WAF + ALB SG restrict network access.
+      mode: "trusted-proxy",
+      trustedProxy: {
+        userHeader: "Amz-Mons-Idp-Subject",
+      },
+    },
+    // ALB is a trusted reverse proxy — trust x-forwarded-for for client IP.
+    trustedProxies: ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"],
+  },
+
+  // ACP runtime — route agent turns to AgentCore (registered by agentcore extension).
+  acp: {
+    enabled: true,
+    backend: "agentcore",
+  },
+
+  // Extensions loaded at startup (built into the container image via OPENCLAW_EXTENSIONS).
+  plugins: {
+    enabled: true,
+    // Use AgentCore Memory for memory_search instead of built-in SQLite + embeddings.
+    // This avoids needing a local embedding provider (OpenAI, Gemini, etc.) in the container.
+    slots: {
+      memory: "memory-agentcore",
+    },
+  },
+
+  // Logging — structured JSON for CloudWatch ingestion.
+  logging: {
+    consoleStyle: "json",
+  },
+
+  // Disable features not needed in headless server mode.
+  update: {
+    checkOnStart: false,
+  },
+  discovery: {
+    mdns: { mode: "off" },
+  },
+}

docs/providers/amazon-nova.md

@@ -0,0 +1,125 @@
+---
+summary: "Configure Nova models via nova.amazon.com"
+read_when:
+  - You want to use Nova models via the API
+  - You need to set up NOVA_API_KEY authentication
+  - You want copy/paste config for Nova
+title: "Nova"
+---
+
+# Nova
+
+Nova provides frontier AI models with extended thinking capabilities. Configure the
+provider and set the default model to `amazon-nova/nova-2-lite-v1`.
+
+Available models:
+
+- `nova-2-lite-v1` - 1M context, 65k output, multimodal (text + image), extended thinking
+- `nova-2-pro-v1` - 1M context, 65k output, multimodal (text + image), extended thinking
+
+```bash
+openclaw onboard --auth-choice amazon-nova-api-key
+```
+
+## Usage
+
+```bash
+openclaw agent --model amazon-nova/nova-2-lite-v1
+```
+
+## Extended Thinking
+
+Nova models support extended reasoning. Use the `--thinking` flag:
+
+```bash
+openclaw agent --thinking high
+```
+
+Or configure it in your model params:
+
+```json5
+{
+  agents: {
+    defaults: {
+      model: { primary: "amazon-nova/nova-2-lite-v1" },
+      models: {
+        "amazon-nova/nova-2-lite-v1": {
+          alias: "Nova 2 Lite",
+          params: {
+            reasoning_effort: "high", // "low", "medium", "high"
+          },
+        },
+      },
+    },
+  },
+}
+```
+
+| Level    | Behavior                     |
+| -------- | ---------------------------- |
+| `low`    | Fast, basic reasoning        |
+| `medium` | Balanced reasoning and speed |
+| `high`   | Deep, thorough analysis      |
+
+## Config snippet
+
+```json5
+{
+  env: { NOVA_API_KEY: "your-api-key" },
+  agents: {
+    defaults: {
+      model: { primary: "amazon-nova/nova-2-lite-v1" },
+      models: {
+        "amazon-nova/nova-2-lite-v1": { alias: "Nova 2 Lite" },
+        "amazon-nova/nova-2-pro-v1": { alias: "Nova 2 Pro" },
+      },
+    },
+  },
+  models: {
+    mode: "merge",
+    providers: {
+      "amazon-nova": {
+        baseUrl: "https://api.nova.amazon.com/v1",
+        apiKey: "${NOVA_API_KEY}",
+        api: "openai-completions",
+        headers: { "Accept-Encoding": "identity" },
+        models: [
+          {
+            id: "nova-2-lite-v1",
+            name: "Amazon Nova 2 Lite",
+            reasoning: true,
+            input: ["text", "image"],
+            cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+            contextWindow: 1000000,
+            maxTokens: 65535,
+            compat: {
+              supportsReasoningEffort: true,
+              supportsDeveloperRole: false,
+              maxTokensField: "max_tokens",
+            },
+          },
+          {
+            id: "nova-2-pro-v1",
+            name: "Amazon Nova 2 Pro",
+            reasoning: true,
+            input: ["text", "image"],
+            cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+            contextWindow: 1000000,
+            maxTokens: 65535,
+            compat: {
+              supportsReasoningEffort: true,
+              supportsDeveloperRole: false,
+              maxTokensField: "max_tokens",
+            },
+          },
+        ],
+      },
+    },
+  },
+}
+```
+
+## Notes
+
+- The `Accept-Encoding: identity` header is required by the Nova API.
+- Model refs use `amazon-nova/<modelId>` format.

extensions/agentcore/index.ts

@@ -0,0 +1,45 @@
+import type { OpenClawPluginApi } from "openclaw/plugin-sdk/acpx";
+import { createAgentCoreRuntimeService } from "./src/service.js";
+
+type AgentCorePluginConfig = {
+  ssmPrefix?: string;
+  region?: string;
+  endpoint?: string;
+  invokeTimeoutMs?: number;
+};
+
+const plugin = {
+  id: "agentcore",
+  name: "AgentCore Runtime",
+  description: "ACP runtime backend powered by AWS Bedrock AgentCore.",
+  register(api: OpenClawPluginApi) {
+    const pluginConfig = (api.pluginConfig ?? {}) as AgentCorePluginConfig;
+
+    // Derive SSM prefix from HYPERION_STAGE env var if not configured.
+    const stage = process.env.HYPERION_STAGE;
+    const ssmPrefix =
+      pluginConfig.ssmPrefix ?? (stage ? `/hyperion/${stage}/agentcore` : undefined);
+
+    if (!ssmPrefix) {
+      api.logger.warn(
+        "AgentCore plugin: no ssmPrefix configured and HYPERION_STAGE not set. " +
+          "Set plugins.agentcore.ssmPrefix in config or HYPERION_STAGE env var.",
+      );
+      return;
+    }
+
+    const region = pluginConfig.region ?? process.env.AWS_REGION ?? "us-west-2";
+
+    api.registerService(
+      createAgentCoreRuntimeService({
+        configSource: {
+          ssmPrefix,
+          region,
+          endpointOverride: pluginConfig.endpoint,
+        },
+      }),
+    );
+  },
+};
+
+export default plugin;

extensions/agentcore/openclaw.plugin.json

@@ -0,0 +1,48 @@
+{
+  "id": "agentcore",
+  "name": "AgentCore Runtime",
+  "description": "ACP runtime backend powered by AWS Bedrock AgentCore. Replaces embedded Pi Agent with per-tenant Firecracker microVMs.",
+  "configSchema": {
+    "type": "object",
+    "additionalProperties": false,
+    "properties": {
+      "ssmPrefix": {
+        "type": "string",
+        "description": "SSM parameter path prefix (e.g. /hyperion/beta/agentcore)"
+      },
+      "region": {
+        "type": "string",
+        "description": "AWS region for AgentCore API calls"
+      },
+      "endpoint": {
+        "type": "string",
+        "description": "AgentCore endpoint override (for local testing)"
+      },
+      "invokeTimeoutMs": {
+        "type": "number",
+        "minimum": 1000,
+        "description": "Timeout for agent invocations in milliseconds"
+      }
+    }
+  },
+  "uiHints": {
+    "ssmPrefix": {
+      "label": "SSM Parameter Prefix",
+      "help": "SSM path prefix for AgentCore config (e.g. /hyperion/beta/agentcore). Runtime ARNs, memory config, and default model are read from sub-parameters."
+    },
+    "region": {
+      "label": "AWS Region",
+      "help": "AWS region for AgentCore. Defaults to AWS_REGION env var or us-west-2."
+    },
+    "endpoint": {
+      "label": "Endpoint Override",
+      "help": "Custom AgentCore endpoint for local development.",
+      "advanced": true
+    },
+    "invokeTimeoutMs": {
+      "label": "Invoke Timeout (ms)",
+      "help": "Maximum time to wait for an agent invocation (default: 300000 = 5 minutes).",
+      "advanced": true
+    }
+  }
+}

extensions/agentcore/package.json

@@ -0,0 +1,18 @@
+{
+  "name": "@openclaw/agentcore",
+  "version": "2026.3.10",
+  "description": "OpenClaw ACP runtime backend via AWS Bedrock AgentCore",
+  "type": "module",
+  "dependencies": {
+    "@aws-sdk/client-bedrock-agentcore": "^3.0.0",
+    "@aws-sdk/client-ssm": "^3.0.0"
+  },
+  "devDependencies": {
+    "openclaw": "workspace:*"
+  },
+  "openclaw": {
+    "extensions": [
+      "./index.ts"
+    ]
+  }
+}