docs(payments): add Tutorial 06 research agent with payment memory; renumber multi-agent orchestrator to 07

[hasantariqta]

Summary

Adds a new Tutorial 06 demonstrating how to combine AgentCore payments with AgentCore Memory so an agent recalls past data and user preferences across sessions and avoids redundant paid calls.

The previous Tutorial 06 (multi-agent orchestrator) is renumbered to Tutorial 07 to make room.

What's in this PR

• New 06-research-agent-with-payment-memory/
  • research_agent_with_memory.ipynb — Strands agent with AgentCorePaymentsPlugin + AgentCore Memory using a semantic strategy. Walks through memory hydration, recall-then-decide-then-pay flow, budget enforcement, and a tiny-budget rejection demo.
  • README.md — overview, what-you'll-learn table, architecture diagram, prerequisites, scoped IAM permissions for Memory actions, Cleanup, Conclusion.
  • requirements.txt, images/diagrams.md
• Renamed 06-multi-agent-payment-orchestrator/ → 07-multi-agent-payment-orchestrator/ (no content changes beyond two prose lines added under the existing image headings to satisfy stacked-heading requirements).
• Updated cross-references in:
  • 00-getting-started/README.md — Path B → Tutorial 07, tutorial table now lists 06 (memory) and 07 (orchestrator), feature-mapping table includes a Memory row, repo-structure block updated.
  • 13-AgentCore-payments/README.md — top-level tutorials table updated.
  • 00-setup-agentcore-payments/.env.sample — multi-provider note now points at Tutorial 07.
  • 00-getting-started/utils.py — comment references Tutorial 07.
  • 04-...bazaar_gateway_agent.ipynb — "Multi-agent with Gateway" pointer to Tutorial 07.

Testing

• All notebooks parse as valid JSON.
• Local ASH scan (v3.1.2) on changed files: 0 actionable findings (bandit, cdk-nag, checkov, detect-secrets, npm-audit, semgrep all pass MEDIUM threshold).
• IAM example for Memory actions is split into account-level (CreateMemory, ListMemories with *) and resource-level statements (arn:aws:bedrock-agentcore:<REGION>:<ACCOUNT_ID>:memory/*) per least-privilege guidance.

Notes for reviewers

• The merge with upstream main (docs(payments): update AgentCore payments tutorials with security gui… #1507) introduced a one-line conflict in bazaar_gateway_agent.ipynb (ours: Tutorial 07; theirs: Tutorial 06 + literal em-dashes). Resolved by keeping the Tutorial 07 reference and adopting upstream's em-dash formatting.
• Tutorial 06 still uses claude-sonnet-4-6 consistent with the rest of the tutorial set.

[review-notebook-app]

Check out this pull request on 

See visual diffs & provide feedback on Jupyter Notebooks.

---

Powered by ReviewNB

[mvangara10]

Remove diagrams.md

[github-actions]

Latest scan for commit: d3c8f07 | Updated: 2026-05-15 15:23:13 UTC

Security Scan Results

Scan Metadata

• Project: ASH
• Scan executed: 2026-05-15T15:22:59+00:00
• ASH version: 3.0.0

Summary

Scanner Results

The table below shows findings by scanner, with status based on severity thresholds and dependencies:

Column Explanations:

Severity Levels (S/C/H/M/L/I):

• Suppressed (S): Security findings that have been explicitly suppressed/ignored and don't affect the scanner's pass/fail status
• Critical (C): The most severe security vulnerabilities requiring immediate remediation (e.g., SQL injection, remote code execution)
• High (H): Serious security vulnerabilities that should be addressed promptly (e.g., authentication bypasses, privilege escalation)
• Medium (M): Moderate security risks that should be addressed in normal development cycles (e.g., weak encryption, input validation issues)
• Low (L): Minor security concerns with limited impact (e.g., information disclosure, weak recommendations)
• Info (I): Informational findings for awareness with minimal security risk (e.g., code quality suggestions, best practice recommendations)

Other Columns:

• Time: Duration taken by each scanner to complete its analysis
• Action: Total number of actionable findings at or above the configured severity threshold that require attention

Scanner Results:

• PASSED: Scanner found no security issues at or above the configured severity threshold - code is clean for this scanner
• FAILED: Scanner found security vulnerabilities at or above the threshold that require attention and remediation
• MISSING: Scanner could not run because required dependencies/tools are not installed or available
• SKIPPED: Scanner was intentionally disabled or excluded from this scan
• ERROR: Scanner encountered an execution error and could not complete successfully

Severity Thresholds (Thresh Column):

• CRITICAL: Only Critical severity findings cause scanner to fail
• HIGH: High and Critical severity findings cause scanner to fail
• MEDIUM (MED): Medium, High, and Critical severity findings cause scanner to fail
• LOW: Low, Medium, High, and Critical severity findings cause scanner to fail
• ALL: Any finding of any severity level causes scanner to fail

Threshold Source: Values in parentheses indicate where the threshold is configured:

• (g) = global: Set in the global_settings section of ASH configuration
• (c) = config: Set in the individual scanner configuration section
• (s) = scanner: Default threshold built into the scanner itself

Statistics calculation:

• All statistics are calculated from the final aggregated SARIF report
• Suppressed findings are counted separately and do not contribute to actionable findings
• Scanner status is determined by comparing actionable findings to the threshold

Scanner	S	C	H	M	L	I	Time	Action	Result	Thresh
bandit	0	0	0	0	1	0	810ms	0	PASSED	MED (g)
cdk-nag	0	0	0	0	0	0	28.0s	0	PASSED	MED (g)
cfn-nag	0	0	0	0	0	0	9ms	0	PASSED	MED (g)
checkov	0	0	0	0	0	0	5.0s	0	PASSED	MED (g)
detect-secrets	0	0	0	0	0	0	780ms	0	PASSED	MED (g)
grype	0	0	0	0	0	0	40.5s	0	PASSED	MED (g)
npm-audit	0	0	0	0	0	0	180ms	0	PASSED	MED (g)
opengrep	0	0	0	0	0	0	<1ms	0	SKIPPED	MED (g)
semgrep	0	0	0	0	0	0	<1ms	0	MISSING	MED (g)
syft	0	0	0	0	0	0	1.9s	0	PASSED	MED (g)

[mvangara10]

Please update the test queries