feat: Auto-configure Authorization header forwarding for OAuth authentication

[mikegc-aws]

Description

Automatically configure Authorization header forwarding when OAuth authentication is enabled via CLI. This enhancement eliminates the need for manual header configuration when using OAuth, ensuring that JWT tokens are properly forwarded to agent containers for claim access.

Type of Change

• New feature (non-breaking change which adds functionality)
• Documentation update
• Bug fix (non-breaking change which fixes an issue)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Performance improvement
• Code refactoring

Testing

• Unit tests pass locally
• Integration tests pass (if applicable)
• Test coverage remains above 80%
• Manual testing completed

Checklist

• My code follows the project's style guidelines (ruff/pre-commit)
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published

Security Checklist

• No hardcoded secrets or credentials
• No new security warnings from bandit
• Dependencies are from trusted sources
• No sensitive data logged

Breaking Changes

List any breaking changes and migration instructions:

N/A

Additional Notes

Key Changes

• CLI Enhancement: When OAuth is configured via agentcore configure, the Authorization header is automatically added to request_header_configuration
• Documentation: Added comprehensive quickstart documentation explaining automatic OAuth header forwarding and custom header configuration
• Service Layer: Updated runtime service to handle request header configuration in agent creation/updates
• Schema Updates: Added request_header_configuration field and get_request_header_configuration() method

Design Decision

This automation is CLI-only and maintains the Python SDK's explicit configuration philosophy. CLI users get smart defaults for OAuth, while Python SDK users retain full control over header configuration.

Files Changed

• documentation/docs/user-guide/runtime/quickstart.md - OAuth header documentation
• src/bedrock_agentcore_starter_toolkit/cli/runtime/commands.py - Auto-configure headers for OAuth
• src/bedrock_agentcore_starter_toolkit/cli/runtime/configuration_manager.py - Added OAuth header config method
• src/bedrock_agentcore_starter_toolkit/operations/runtime/configure.py - Pass header config to operations
• src/bedrock_agentcore_starter_toolkit/operations/runtime/launch.py - Include header config in deployment
• src/bedrock_agentcore_starter_toolkit/services/runtime.py - Handle header config in service calls
• src/bedrock_agentcore_starter_toolkit/utils/runtime/schema.py - Added header config schema and methods
• Test files - Comprehensive test coverage for new functionality

Impact

• Developer Experience: Eliminates manual configuration step for OAuth header forwarding
• Security: Ensures OAuth tokens are forwarded to agent containers
• Flexibility: Still allows custom header configuration when needed

[siwachabhi]

Hi, thanks for raising these changes, #193 (review) is another PR from a team member which will be merged soon.