fix: formatting, docker compose v2 syntax, and outdated userId references in docs

- Fix ruff formatting in scripts/utils.py
- Replace docker-compose (v1) with docker compose (v2) in LOCAL_DEVELOPMENT.md
- Fix manual curl example in LOCAL_DOCKER_TESTING.md to use mock JWT
  Authorization header instead of userId in payload
- Update AGENT_CONFIGURATION.md example to use extract_user_id_from_context()
  with RequestContext instead of payload.get('userId')

Author: kaleko

docs/AGENT_CONFIGURATION.md

@@ -114,17 +114,21 @@ Create your agent code that:
 **Example Structure**:
 
 ```python
-from bedrock_agentcore.runtime import BedrockAgentCoreApp
+from bedrock_agentcore.runtime import BedrockAgentCoreApp, RequestContext
+from utils.auth import extract_user_id_from_context
 
 app = BedrockAgentCoreApp()
 
 @app.entrypoint
-async def agent_handler(payload):
+async def agent_handler(payload, context: RequestContext):
     """Main entrypoint for the agent"""
     user_query = payload.get("prompt")
-    user_id = payload.get("userId")
     session_id = payload.get("runtimeSessionId")
 
+    # Extract user ID securely from the validated JWT token
+    # instead of trusting the payload body (which could be manipulated)
+    user_id = extract_user_id_from_context(context)
+
     # Your agent logic here
     # ...
 

docs/LOCAL_DEVELOPMENT.md

@@ -60,7 +60,7 @@ aws cloudformation describe-stacks --stack-name your-stack-name --query 'Stacks[
 
 2. **Start the Stack**:
    ```bash
-   cd docker && docker-compose up --build
+   cd docker && docker compose up --build
    ```
 
 3. **Access the Application**:
@@ -90,7 +90,7 @@ AWS_SECRET_ACCESS_KEY=your-secret
 AWS_SESSION_TOKEN=your-token
 ```
 
-Then run: `cd docker && docker-compose up --build`
+Then run: `cd docker && docker compose up --build`
 
 ## Development Workflow
 
@@ -99,7 +99,7 @@ Then run: `cd docker && docker-compose up --build`
 - **Frontend Changes**: Files are mounted as volumes, so changes appear immediately
 - **Agent Changes**: Rebuild the agent container:
   ```bash
-  cd docker && docker-compose up --build agent
+  cd docker && docker compose up --build agent
   ```
 
 ### Using Different Agent Patterns
@@ -115,22 +115,22 @@ To use a different agent pattern (e.g., LangGraph):
 
 2. **Rebuild**:
    ```bash
-   cd docker && docker-compose up --build agent
+   cd docker && docker compose up --build agent
    ```
 
 ### Logs and Debugging
 
 ```bash
 # View all logs
-docker-compose logs -f
+docker compose logs -f
 
 # View specific service logs
-docker-compose logs -f agent
-docker-compose logs -f frontend
+docker compose logs -f agent
+docker compose logs -f frontend
 
 # Access container shell
-docker-compose exec agent bash
-docker-compose exec frontend sh
+docker compose exec agent bash
+docker compose exec frontend sh
 ```
 
 ## Troubleshooting
@@ -143,7 +143,7 @@ docker-compose exec frontend sh
 1. Verify AWS credentials: `aws sts get-caller-identity`
 2. Check environment variables are set correctly
 3. Ensure deployed stack exists and is healthy
-4. Check agent logs: `docker-compose logs agent`
+4. Check agent logs: `docker compose logs agent`
 
 ### Frontend Can't Connect to Agent
 
@@ -176,13 +176,13 @@ docker-compose exec frontend sh
 
 ```bash
 # Stop all services
-cd docker && docker-compose down
+cd docker && docker compose down
 
 # Stop and remove volumes
-cd docker && docker-compose down -v
+cd docker && docker compose down -v
 
 # Stop and remove images
-cd docker && docker-compose down --rmi all
+cd docker && docker compose down --rmi all
 ```
 
 ## Production Deployment

docs/LOCAL_DOCKER_TESTING.md

@@ -189,10 +189,11 @@ docker run --rm -it -p 8080:8080 \
   -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN \
   fast-agent-local
 
-# Test with curl
+# Test with curl (mock JWT with sub=test-user)
 curl -X POST http://localhost:8080/invocations \
   -H "Content-Type: application/json" \
-  -d '{"prompt": "Hello", "userId": "test", "runtimeSessionId": "test-123"}'
+  -H "Authorization: Bearer $(python3 -c "import base64,json; h=base64.urlsafe_b64encode(json.dumps({'alg':'none','typ':'JWT'}).encode()).rstrip(b'=').decode(); p=base64.urlsafe_b64encode(json.dumps({'sub':'test-user'}).encode()).rstrip(b'=').decode(); print(f'{h}.{p}.')")" \
+  -d '{"prompt": "Hello", "runtimeSessionId": "test-123"}'
 ```
 
 ### Testing Health Endpoint

scripts/utils.py

@@ -227,10 +227,14 @@ def create_mock_jwt(user_id: str) -> str:
     Returns:
         str: A mock JWT string (header.payload.signature).
     """
-    header = base64.urlsafe_b64encode(
-        json.dumps({"alg": "none", "typ": "JWT"}).encode()
-    ).rstrip(b"=").decode()
-    payload = base64.urlsafe_b64encode(
-        json.dumps({"sub": user_id}).encode()
-    ).rstrip(b"=").decode()
+    header = (
+        base64.urlsafe_b64encode(json.dumps({"alg": "none", "typ": "JWT"}).encode())
+        .rstrip(b"=")
+        .decode()
+    )
+    payload = (
+        base64.urlsafe_b64encode(json.dumps({"sub": user_id}).encode())
+        .rstrip(b"=")
+        .decode()
+    )
     return f"{header}.{payload}."