AWS Launches AgentCore Runtime for Persistent Coding Agent Sessions That Don't Die When Laptops Close

AWS Launches AgentCore Runtime for Persistent Coding Agent Sessions

Amazon Web Services has launched AgentCore Runtime on Amazon Bedrock, providing dedicated environments for coding agents that persist independently of developer laptops. Each session runs in an isolated Firecracker microVM with persistent storage that survives for 14 days of inactivity.

The service addresses a growing problem where developers keep laptops open during meetings, commutes, and overnight to maintain coding agent sessions running tools like Claude Code, Codex, Kiro, OpenCode, Gemini CLI, and Cursor CLI. When a laptop closes or suspends, the agent session terminates along with any in-progress work.

Technical Architecture

AgentCore Runtime provides three core infrastructure components:

Isolated execution environment: Each session receives a dedicated Firecracker microVM with its own Linux shell, filesystem, and command execution environment. Agents can be deployed as containers pushed to Amazon ECR or as zip-deployed Python/Node.js projects.

Persistent storage: A zero-configuration /mnt/workspace directory retains all files—including node_modules, .git, build caches, and project files—for 14 days after the last activity. When a session resumes, a fresh microVM mounts the existing filesystem in milliseconds.

Identity and access management: The identity layer allows agents to act as the user who triggered them. A gateway provides access to tools like GitHub, Jira, and Slack through Model Context Protocol (MCP) endpoints with credentials held outside the agent environment. All activity logs to CloudWatch.

Model and Provider Flexibility

The runtime is model-agnostic and supports three routing options:

1. Through Amazon Bedrock, which hosts Anthropic's Claude family, OpenAI models, and others including Nova, Llama, Mistral, Qwen, and Kimi
2. Direct provider APIs from Anthropic, OpenAI, Google, and self-hosted models over HTTPS
3. Custom LLM gateways for routing and cost controls

According to AWS, the Bedrock route keeps prompts, tokens, and outputs within the AWS network—a requirement commonly requested by security teams.

Parallel Execution

The architecture supports running multiple agent sessions simultaneously without resource conflicts. Developers can:

• Run the same agent against multiple branches
• A/B test different agents (Claude Code on Opus vs Codex on GPT-class models vs Kiro) against the same task
• Avoid localhost port collisions and shared credential conflicts

AWS provides a companion GitHub repository with scripts demonstrating parallel execution scenarios.

Security Model

AgentCore addresses four security issues inherent in laptop-hosted agents:

1. Isolation: Agents no longer share the developer's shell, filesystem, VPN, or loaded SSH keys
2. Credential separation: Secrets like .env files, ~/.aws/credentials, and SSH keys are not accessible from the agent environment
3. VPC traffic routing: Network traffic flows through the company VPC rather than public internet
4. Audit trails: CloudTrail records every invocation; CloudWatch traces every step

What This Means

This is AWS positioning Bedrock as infrastructure for agentic workflows, not just model inference. The 14-day persistent storage and microVM isolation directly compete with developer-facing agent platforms like Replit and Cursor, but target enterprise platform teams who want centralized control over agent execution, credentials, and observability. The model-agnostic approach means teams can evaluate multiple coding agents without rebuilding infrastructure for each one. The key limitation: this is AWS-only infrastructure, requiring teams to commit to running agent workloads on AWS rather than multi-cloud or local development environments.