AVA v3.0 — Plan, Operate, Govern, Service Onboarding, and 22 App Templates

v3.0 takes AVA from "deploy and secure agents" to a full plan → build → secure → operate → govern lifecycle on AWS. Five new pillars land in the Control Plane plus a refreshed AaaS catalog.

Highlights

App Templates — Hemal Gadhiya

22 deployable starter templates surfaced through the App Templates tab in the Control Plane, covering 8 categories: foundation & observability, agent scaffolds (Strands + LangGraph), multi-agent patterns (orchestration kit, supervisor-specialists, plan-and-execute, evaluator-optimizer, sequential pipeline, event-driven, RAG report generator), human-in-the-loop, memory & knowledge (AgentCore Runtime, AgentCore Memory, Bedrock Knowledge Base), security & auth (Bedrock Guardrails, Cognito), and API & tools (API Gateway, structured output, test harness). Replaces the v2.5 template set.

AgentCore Observability — Daniela Vargas

AVA now emits to two complementary observability stacks at deploy time: AgentCore Observability for service-level runtime telemetry (CloudWatch GenAI Observability + X-Ray Transaction Search, capturing InvokeAgentRuntime spans, payload metadata, cold-starts, IAM denials) and Langfuse for application-level traces, prompts, evals, and cost. Wired into every AgentCore runtime stack via APPLICATION_LOGS log delivery and X-Ray trace destinations. Per-account prereq enables X-Ray Transaction Search via a one-time null_resource.

Service Onboarding — Bikash Behera & Aditi Pendharkar

A guided 5-gate approval workflow — Risk → Security → Compliance → Architecture → Executive — for any new AI service. Powered by a Claude Code plugin that runs each phase as an autonomous reviewer and produces a signed approval report with an evidence bundle (threat model, control mapping, risk register, architecture review, executive summary) ready for auditors. Step Functions orchestrates phase progression with full audit trail in DynamoDB.

Plan section — Bikash Behera & Sushil Pramanick

Four interactive frameworks turn ambition into an investable plan before you build. Use them in order (Assess → Design → Identify → Justify) or jump to the one you need:

• Maturity Assessment — score across 5 dimensions with 25+ indicators, gap analysis, L1–L5 rating
• Operating Model — pick a TOM pattern (Centralized CoE / Hub-and-Spoke / Federated) by scoring 7 dimensions across 21 questions
• Use Case Prioritization — rank ideas with the AWS Enterprise AI Scoring Model (25 weighted criteria)
• Business Cases — CFO-grade DCF with NPV, IRR, payback, ROI; 8-category risk scorecard

Backed by per-framework backend routes, services, and persistence to DynamoDB. Includes a written Use Case Discovery Guide.

Govern — Gregg Sorrels

Replaces the v2.5 single-page command center with a full GRC pillar — one Command Center plus seven deeper workspaces:

• Command Center — AI Platform Activity grid, Trust Stack snapshot, Compliance · Guardrails · Cost summary, Recent Activity
• Trust Stack — 3-layer model (Foundation → Production → Scale) with AWS service mapping and 3 Lines of Defense
• Fleet Overview — fleet-wide KPIs, 30-day trust trend, agent × risk heatmap, top risky use cases
• Risk Management — heatmap, control effectiveness, risk register; aligned to NIST AI RMF and SR 26-2
• Model Management — model registry; 4-framework MRM compliance (SR 26-2, OSFI E-23, NIST AI RMF, EU AI Act)
• Compliance Center — interactive checklists for SR 26-2, OSFI E-23, NIST AI RMF, EU AI Act, ISO 42001
• Cost & FinOps — health score, spend velocity, 12-month forecast, unit economics, chargeback statement
• Audit & Incidents — searchable timeline of events, approvals, deployments; per-event evidence drawer

AWS Security Agent + Federated Console Launch — Vivian Bui

Amazon's managed Security Agent is now in AaaS — design review, code review, on-demand pentest — deployable in three IaC flavors (Terraform, CDK, CloudFormation). After deploy, hit Launch in Console on any Frontier Agent (DevOps or Security) and the backend mints an STS-backed federated sign-in URL that drops you straight into the agent's AWS Console with the right operator role — no manual role-switching.

User-facing changes

• New top-level Plan section with 4 framework workspaces.
• New Secure → Service Onboarding workflow page.
• New Operate page surfacing both observability stacks.
• New Govern pillar with 8 workspaces under /govern/*.
• Frontier Agents catalog adds Security Agent; Launch in Console button on every deployed Frontier Agent.
• App Templates tab now lists 22 templates across 8 categories.
• DeploymentList: clickable status chips for filtering and a status-priority default sort.
• Refreshed home screenshots.

Infrastructure

• New Terraform modules: service_approval (Step Functions + DynamoDB + S3 + Lambda runner), frontier_agents_pipeline, X-Ray Transaction Search prereq via null_resource.
• AgentCore runtime stacks now include APPLICATION_LOGS log delivery and X-Ray trace destinations.
• Cognito module supports optional demo-user seeding for fresh stamps.
• Docker Hub credentials wiring for the Langfuse Foundation Stack.

Security

• Real AWS identifiers replaced with placeholders in test scripts, runtime configs, and sample-data scripts.

Upgrade notes

• The v2.5 template set (tool-calling-agent, multi-agent-orchestration, rag-application, langraph-agentcore, strands-agentcore) is replaced by the new 22-template catalog. If you forked any of those, migrate to the closest v3.0 equivalent (agent-scaffold-langgraph, agent-scaffold-strands, multi-agent-kit, research-report-generator).
• The v2.5 GovernLanding (single-page command center) is replaced by the new 8-workspace pillar. The same /govern route lands on the new pillar; deep links to the old single-page sections need updated paths (/govern/command-center, /govern/trust-stack, etc.).
• AgentCore Observability requires a one-time per-account/region X-Ray Transaction Search enable. Set enable_xray_transaction_search=true on your first Control Plane deploy.

Contributors

• Hemal Gadhiya (gadhiy@amazon.com) — App Templates
• Daniela Vargas (awsdaniv@amazon.com) — AgentCore Observability
• Bikash Behera (behebika@amazon.com) — Plan section design and implementation, Service Onboarding implementation
• Aditi Pendharkar (aditipen@amazon.com) — Service Onboarding review workflow, Claude Code plugin design
• Sushil Pramanick (sushipra@amazon.com) — Plan section design, AI use case discovery methodology
• Gregg Sorrels (gsorrels@amazon.com) — Govern pillar design, AI Trust Stack model, MRM framework alignment
• Vivian Bui (vivibui@amazon.com) — AWS Security Agent IaC, federated AWS console launch, Control Plane integration, README + Architecture refresh

Full Changelog: v2.5...v3.0

AVA v2.5 — Guardrails, Capabilities, and Governance

v2.5 rounds out the AVA platform with three additions that move the story from "deploy agents" to "deploy, secure, and govern agents" end-to-end.

Highlights

Guardrails

Amazon Bedrock Guardrails are now a first-class concept in the Control Plane. Build templates with content filters, PII detection, denied topics, word filters, and contextual grounding; attach one or more to any agent at deploy time. Post-processing guardrails are wired into the customer_service use case and the foundation base classes, so any Foundry UC can opt in. Ships with three FSI-tuned presets (FSI Standard, Market Surveillance, Customer Service).

Capabilities

New top-level section under Build for the composable primitives every agent depends on:

• Tools — pre-built MCP Gateway, Code Interpreter, Web Browser, API Connector, Notifications, plus a builder for custom tools from Lambda/OpenAPI/MCP.
• Knowledge — data sources (S3, RDS, APIs), knowledge bases (Bedrock KBs with vector + hybrid retrieval), document stores, and streaming feeds — with attached-agent counts, refresh cadence, and backend stack.
• Prompts — versioned system prompts, response templates, evaluation rubrics, and guardrail clauses backed by Amazon Bedrock Prompt Management.

The old "Tools Factory" page moved out of Agent-as-a-Service into Capabilities; legacy /aaas/tools redirects.

Governance Command Center

A new pillar focused on the governance story regulators and executives expect. Single-page command center shows AI Trust Stack posture across 7 layers (infrastructure, data, model, application, agent, access, governance), fleet KPIs, a 30-day trust & guardrail trend, agent × risk heatmap, model inventory, compliance coverage (NIST AI RMF · ISO 42001 · NYDFS Part 500 + AI circular · EU AI Act · SR 11-7 · SOC 2 Type II), Cost & FinOps summary, and recent activity.

Three deep sub-pages for analysts and auditors:

• Model Registry — filters, attestation board, EU AI Act classification, approval pipeline, fleet eval trend.
• Cost & FinOps — health score, 12-month forecast scenarios, unit economics, chargeback by BU, commitment planner.
• Audit & Incidents — filterable timeline with per-event evidence drawer (trace, CloudTrail, exportable bundles).

Drill-down drawers open per model, per heatmap cell, and per compliance framework.

User-facing changes

• Sidebar: Applications, Agent-as-a-Service, Capabilities, Observability, and Govern are now collapsible with chevron toggles; expanded state persists in localStorage. Collapsed sidebar shows flyouts.
• Home page: new Capabilities banner below Apps/AaaS; Govern gets a tile alongside Secure and Operate.
• Observability (Langfuse): probes the advertised URL on load and shows the "Deploy Langfuse" CTA if the server is unreachable.
• README: refreshed hero image, new Capabilities / Secure (Guardrails available) / Govern sections; footer attribution is "FSI PACE".

Infrastructure

• cors_origins takes an extra_cors_origins variable so vanity domains can be allowed without drifting out of Terraform.
• aws_s3_bucket_policy.frontend_cloudfront takes additional_cloudfront_distribution_arns for the same reason.
• Guardrails DynamoDB table, ecs_task_bedrock_guardrails IAM policy, and GUARDRAILS_TABLE_NAME env var added to the ECS task.
• Use-case UI buildspec stops importing aws_lambda_permission.apigw (which couldn't reconcile when API Gateway was recreated) and instead removes existing AllowAPIGateway* statements pre-plan so Terraform creates a fresh, correct one on every apply.

Security

• Pre-release scan scrubbed real CloudFront distribution IDs, API Gateway IDs, ALB DNS names, and S3 bucket names from source and from all historical commits (1,206 commits rewritten). No AKIA keys, private keys, or terraform.tfstate files are tracked.
• Placeholders like <api-id>, <region>, <ACCOUNT_ID>, and <alb-name> must be substituted at deploy time.

Upgrade notes

• Users upgrading from v2.0 should re-clone the repository rather than pulling. Pre-existing forks and clones from v2.0 or earlier may diverge on rebased commit hashes.
• Recharts is a new dependency of the Control Plane frontend. Run npm install before starting the dev server or building.

Full Changelog: v2.0...v2.5

AVA v2.0 — Agentic Value Accelerator

AVA v2.0 — Agentic Value Accelerator

Plan, build, operate, and secure AI agents for financial services on AWS.

v2.0 turns AVA into a full end-to-end agent platform: every product surface — from 34 FSI use cases to blueprint-driven app generation to managed Frontier Agents — now shares one control plane, one CI/CD pipeline, and one Langfuse-backed observability layer.

Highlights

New product areas

• Agent-as-a-Service (AaaS) — Deploy Amazon's managed Frontier Agents (AWS DevOps Agent in Terraform / CDK / CloudFormation, with Security Agent and Kiro on deck) into your own AWS account with one click. Operator App launcher, session-expiry banner, and dedicated Frontier Agents CI/CD pipeline included.
• App Factory — Answer a guided questionnaire and the pipeline uses Claude Code (via Bedrock) to generate agents, sample data, Terraform, and a UI — then deploys to Bedrock AgentCore through the same CodeBuild pipeline as every other deployment. Subagent-driven builder (builder.py) for UI / infra / data / docs.
• Reference Implementations — Four new fork-and-customize full-stack apps with dedicated frontends, backends, and infrastructure:
  • Market Surveillance — Fixed-income trade surveillance with 29 decision-tree rules, multi-agent orchestration, and audit-ready reports (Strands + Terraform).
  • Shopping Concierge Agent — Product search, cart management, and mock payments with Strands SDK, MCP tools, and CDK (Amplify + AgentCore).
  • Case Management — Real-time fraud scoring with pattern recognition (smurfing, velocity, mule accounts) and natural-language investigation (Claude on Bedrock).
  • Agent Safety Controls — Human-in-the-loop safety toolkit with kill switch (IAM deny), cost / evaluation / observability signals, and per-session intervention controls.

Platform upgrades

• FSI Foundry UI per use case — 34 use cases moved from a shared UI to dedicated React frontends served via S3 + CloudFront + Lambda proxy to AgentCore, with a registry-driven offerings catalog.
• Langfuse v3 observability — First-class Langfuse + OpenTelemetry surface. The new Foundation Stack template provisions Langfuse v3 on ECS Fargate (managed Aurora + ElastiCache + ClickHouse) plus the networking it needs. Deploy once per account; every use case auto-provisions its own Langfuse project, stores API keys in Secrets Manager, and injects them into the AgentCore runtime.
• Deploy-from-Git path — Pre-seeded CodeCommit repos for every FSI use case. Users can customize source in their own repo, push, and deploy through the UI — same CodeBuild pipeline as Quick Deploy (S3).
• Pipeline inputs dataclasses — Centralized Step Functions parameter handling (PipelineInput, FoundryPipelineInput, AppFactoryPipelineInput, TemplatePipelineInput) so every route passes a consistent, defaulted env-var contract into CodeBuild.
• Import-existing buildspec shims — UI TF module imports pre-existing resources (DynamoDB sessions table, Lambdas, IAM roles, Lambda permission) so redeploys into an account with prior history reconcile cleanly.

UI surface

• New Applications landing page with FSI Foundry, Reference Implementations, App Factory, AaaS, Custom Agents (coming soon), and Tools Factory (coming soon).
• Deployment Detail page: per-stage pipeline progress, structured logs, outputs card, "Open App" / "Open Operator App" launchers, Operator App session-expiry banner, download source, delete deployment.
• Observability tab embeds the Langfuse UI directly.
• Test Drawer with streamed agent responses.
• Contacts link added to the top navigation.

Contributors

• @vivibui — Control Plane platform, Frontier Agents, AaaS, FSI Foundry foundations, 34 use-case agentic design, CI/CD pipeline, CodeCommit integration, deployment automation, testing panel, Case Management reference implementation, v2.0 docs
• @ethanalmeida7 — App Factory end-to-end (questionnaire, builder, subagents, hooks), Strands AgentCore integration, deployment scripts
• @AdarshParakh — FSI Foundry 34 frontend UIs, guidance design, workflow-driven orchestration pattern
• @vargas-dann-0896 — Langfuse observability end-to-end (Foundation Stack, per-use-case project provisioning, iframe UI), Shopping Concierge Agent reference implementation
• @MilanBavadiyaMB, Prasanth Ponnoth, Rhia Bipin Roy, Sonia Mahankali — Agent Safety Controls reference implementation
• @mrpaguay, Alseny Diallo — Market Surveillance reference implementation
• @hemalgadhiya — App Templates, Role-based access control (coming soon)
• Sudhir Kalidindi — Case Management reference implementation

See the README for full documentation.

Upgrading from v1.0

v2.0 is additive for existing deployments — the v1.0 control plane stack keeps working. To adopt v2.0 in place:

1. Redeploy the control plane backend + frontend from this release.
2. Deploy the new Foundation Stack template once per account/region to stand up Langfuse.
3. Redeploy any FSI Foundry use cases you had on v1.0 — the control plane will auto-wire them into your Foundation Stack's Langfuse project.

The buildspec imports pre-existing resources, so redeploys against accounts with v1.0 artifacts reconcile without manual cleanup.

AVA v1.0 - Agentic Value Accelerator

AVA v1.0 - Agentic Value Accelerator

Plan, build, operate, and secure AI agents for financial services on AWS.

An open-source platform with 34 multi-agent use cases, a full control plane, and CI/CD pipelines — ready to deploy on AWS with Amazon Bedrock AgentCore.

Highlights

• Full Control Plane — Web UI + FastAPI API for deploying, managing, and testing agent applications
• 34 FSI Use Cases — Banking, insurance, capital markets, operations, risk & compliance, and modernization
• Dual Framework Support — Every use case implemented in both LangGraph/LangChain and Strands Agents SDK
• CI/CD Pipeline — Automated build, deploy, and validation via CodeBuild with Terraform/CDK
• 8 Starter Templates — Observability (Langfuse), Networking, AgentCore (Strands + LangGraph), RAG, Multi-Agent Orchestration
• Per-Use-Case Frontend UIs — 34 dedicated React frontends deployed via CloudFront
• One-Click Deployment — Deploy any use case from the control plane UI with infrastructure provisioned automatically
• Built for AWS — Amazon Bedrock AgentCore, ECS, Lambda, DynamoDB, CloudFront, Cognito, S3, and more

See the README for full documentation.