ibm-watsonx-orchestrate 1.10.1__py3-none-any.whl → 1.11.0__py3-none-any.whl

ibm_watsonx_orchestrate/cli/commands/evaluations/evaluations_command.py

@@ -16,7 +16,7 @@ from typing import Optional
 from typing_extensions import Annotated
 
 from ibm_watsonx_orchestrate import __version__
-from ibm_watsonx_orchestrate.cli.commands.evaluations.evaluations_controller import EvaluationsController
+from ibm_watsonx_orchestrate.cli.commands.evaluations.evaluations_controller import EvaluationsController, EvaluateMode
 from ibm_watsonx_orchestrate.cli.commands.agents.agents_controller import AgentsController
 
 logger = logging.getLogger(__name__)
@@ -220,6 +220,13 @@ def analyze(data_path: Annotated[
             help="Path to the directory that has the saved results"
         )
     ],
+    tool_definition_path: Annotated[
+        Optional[str],
+        typer.Option(
+            "--tools-path", "-t",
+            help="Path to the directory containing tool definitions."
+        )
+    ] = None,
     user_env_file: Annotated[
         Optional[str],
         typer.Option(
@@ -230,7 +237,10 @@ def analyze(data_path: Annotated[
 
     validate_watsonx_credentials(user_env_file)
     controller = EvaluationsController()
-    controller.analyze(data_path=data_path)
+    controller.analyze(
+        data_path=data_path,
+        tool_definition_path=tool_definition_path
+        )
 
 @evaluation_app.command(name="validate-external", help="Validate an external agent against a set of inputs")
 def validate_external(
@@ -375,3 +385,165 @@ def validate_external(
             msg = f"[dark_orange]Schema validation did not succeed. See '{str(validation_folder)}' for failures.[/dark_orange]"
 
         rich.print(Panel(msg))
+
+@evaluation_app.command(name="quick-eval",
+                        short_help="Evaluate agent against a suite of static metrics and LLM-as-a-judge metrics",
+                        help="""
+                        Use the quick-eval command to evaluate your agent against a suite of static metrics and LLM-as-a-judge metrics.
+                        """)
+def quick_eval(
+    config_file: Annotated[
+        Optional[str],
+        typer.Option(
+            "--config", "-c",
+            help="Path to YAML configuration file containing evaluation settings."
+        )
+    ] = None,
+    test_paths: Annotated[
+        Optional[str],
+        typer.Option(
+            "--test-paths", "-p", 
+            help="Paths to the test files and/or directories to evaluate, separated by commas."
+        ),
+    ] = None,
+    tools_path: Annotated[
+        str,
+        typer.Option(
+            "--tools-path", "-t",
+            help="Path to the directory containing tool definitions."
+        )
+    ] = None,
+    output_dir: Annotated[
+        Optional[str], 
+        typer.Option(
+            "--output-dir", "-o",
+            help="Directory to save the evaluation results."
+        )
+    ] = None,
+    user_env_file: Annotated[
+        Optional[str],
+        typer.Option(
+            "--env-file", "-e", 
+            help="Path to a .env file that overrides default.env. Then environment variables override both."
+        ),
+    ] = None
+):
+    if not config_file:
+        if not test_paths or not output_dir:
+            logger.error("Error: Both --test-paths and --output-dir must be provided when not using a config file")
+            exit(1)
+    
+    validate_watsonx_credentials(user_env_file)
+
+    if tools_path is None:
+        logger.error("When running `quick-eval`, please provide the path to your tools file.")
+        sys.exit(1)
+    
+    controller = EvaluationsController()
+    controller.evaluate(
+        config_file=config_file,
+        test_paths=test_paths,
+        output_dir=output_dir,
+        tools_path=tools_path, mode=EvaluateMode.referenceless
+    )
+
+
+red_teaming_app = typer.Typer(no_args_is_help=True)
+evaluation_app.add_typer(red_teaming_app, name="red-teaming")
+
+
+@red_teaming_app.command("list", help="List available red-teaming attack plans")
+def list_plans():
+    controller = EvaluationsController()
+    controller.list_red_teaming_attacks()
+
+
+@red_teaming_app.command("plan", help="Generate red-teaming attacks")
+def plan(
+    attacks_list: Annotated[
+        str,
+        typer.Option(
+            "--attacks-list",
+            "-a",
+            help="Comma-separated list of red-teaming attacks to generate.",
+        ),
+    ],
+    datasets_path: Annotated[
+        str,
+        typer.Option(
+            "--datasets-path",
+            "-d",
+            help="Path to datasets for red-teaming. This can also be a comma-separated list of files or directories.",
+        ),
+    ],
+    agents_path: Annotated[
+        str, typer.Option("--agents-path", "-g", help="Path to the directory containing all agent definitions.")
+    ],
+    target_agent_name: Annotated[
+        str,
+        typer.Option(
+            "--target-agent-name",
+            "-t",
+            help="Name of the target agent to attack (should be present in agents-path).",
+        ),
+    ],
+    output_dir: Annotated[
+        Optional[str],
+        typer.Option("--output-dir", "-o", help="Directory to save generated attacks.")
+    ]=None,
+    user_env_file: Annotated[
+        Optional[str],
+        typer.Option(
+            "--env-file",
+            "-e",
+            help="Path to a .env file that overrides default.env. Then environment variables override both.",
+        ),
+    ] = None,
+    max_variants: Annotated[
+        Optional[int],
+        typer.Option(
+            "--max_variants",
+            "-n",
+            help="Number of variants to generate per attack type.",
+        ),
+    ] = None,
+
+):
+    validate_watsonx_credentials(user_env_file)
+    controller = EvaluationsController()
+    controller.generate_red_teaming_attacks(
+        attacks_list=attacks_list,
+        datasets_path=datasets_path,
+        agents_path=agents_path,
+        target_agent_name=target_agent_name,
+        output_dir=output_dir,
+        max_variants=max_variants,
+    )
+
+
+@red_teaming_app.command("run", help="Run red-teaming attacks")
+def run(
+    attack_paths: Annotated[
+        str,
+        typer.Option(
+            "--attack-paths",
+            "-a",
+            help="Path or list of paths (comma-separated) to directories containing attack files.",
+        ),
+    ],
+    output_dir: Annotated[
+        Optional[str],
+        typer.Option("--output-dir", "-o", help="Directory to save attack results."),
+    ] = None,
+    user_env_file: Annotated[
+        Optional[str],
+        typer.Option(
+            "--env-file",
+            "-e",
+            help="Path to a .env file that overrides default.env. Then environment variables override both.",
+        ),
+    ] = None,
+):
+    validate_watsonx_credentials(user_env_file)
+    controller = EvaluationsController()
+    controller.run_red_teaming_attacks(attack_paths=attack_paths, output_dir=output_dir)

ibm_watsonx_orchestrate/cli/commands/evaluations/evaluations_controller.py

@@ -1,17 +1,23 @@
 import logging
 import os.path
 from typing import List, Dict, Optional, Tuple
+from enum import StrEnum
 import csv
 from pathlib import Path
 import sys
 from wxo_agentic_evaluation import main as evaluate
+from wxo_agentic_evaluation import quick_eval
 from wxo_agentic_evaluation.tool_planner import build_snapshot
-from wxo_agentic_evaluation.analyze_run import analyze
+from wxo_agentic_evaluation.analyze_run import Analyzer
 from wxo_agentic_evaluation.batch_annotate import generate_test_cases_from_stories
-from wxo_agentic_evaluation.arg_configs import TestConfig, AuthConfig, LLMUserConfig, ChatRecordingConfig, AnalyzeConfig, ProviderConfig
+from wxo_agentic_evaluation.arg_configs import TestConfig, AuthConfig, LLMUserConfig, ChatRecordingConfig, AnalyzeConfig, ProviderConfig, AttackConfig, QuickEvalConfig
 from wxo_agentic_evaluation.record_chat import record_chats
 from wxo_agentic_evaluation.external_agent.external_validate import ExternalAgentValidation
 from wxo_agentic_evaluation.external_agent.performance_test import ExternalAgentPerformanceTest
+from wxo_agentic_evaluation.red_teaming.attack_list import print_attacks
+from wxo_agentic_evaluation.red_teaming import attack_generator
+from wxo_agentic_evaluation.red_teaming.attack_runner import run_attacks
+from wxo_agentic_evaluation.arg_configs import AttackGeneratorConfig
 from ibm_watsonx_orchestrate import __version__
 from ibm_watsonx_orchestrate.cli.config import Config, ENV_WXO_URL_OPT, AUTH_CONFIG_FILE, AUTH_CONFIG_FILE_FOLDER, AUTH_SECTION_HEADER, AUTH_MCSP_TOKEN_OPT
 from ibm_watsonx_orchestrate.utils.utils import yaml_safe_load
@@ -21,6 +27,9 @@ import uuid
 
 logger = logging.getLogger(__name__)
 
+class EvaluateMode(StrEnum):
+    default = "default" # referenceFUL evaluation
+    referenceless = "referenceless"
 
 class EvaluationsController:
     def __init__(self):
@@ -38,7 +47,7 @@ class EvaluationsController:
 
         return url, tenant_name, token
 
-    def evaluate(self, config_file: Optional[str] = None, test_paths: Optional[str] = None, output_dir: Optional[str] = None) -> None:
+    def evaluate(self, config_file: Optional[str] = None, test_paths: Optional[str] = None, output_dir: Optional[str] = None, tools_path: str = None, mode: str = EvaluateMode.default) -> None:
         url, tenant_name, token = self._get_env_config()
 
         if "WATSONX_SPACE_ID" in os.environ and "WATSONX_APIKEY" in os.environ:
@@ -90,9 +99,13 @@ class EvaluationsController:
             config_data["output_dir"] = output_dir
             logger.info(f"Using output directory: {config_data['output_dir']}")
 
-        config = TestConfig(**config_data)
-        
-        evaluate.main(config)
+        if mode == EvaluateMode.default:
+            config = TestConfig(**config_data)
+            evaluate.main(config)
+        elif mode == EvaluateMode.referenceless:
+            config_data["tools_path"] = tools_path
+            config = QuickEvalConfig(**config_data)
+            quick_eval.main(config)
 
     def record(self, output_dir) -> None:
 
@@ -160,9 +173,13 @@ class EvaluationsController:
 
         logger.info("Test cases stored at: %s", output_dir)
 
-    def analyze(self, data_path: str) -> None:
-        config = AnalyzeConfig(data_path=data_path)
-        analyze(config)
+    def analyze(self, data_path: str, tool_definition_path: str) -> None:
+        config = AnalyzeConfig(
+            data_path=data_path,
+            tool_definition_path=tool_definition_path
+            )
+        analyzer = Analyzer()
+        analyzer.analyze(config)
 
     def summarize(self) -> None:
         pass
@@ -187,3 +204,70 @@ class EvaluationsController:
         generated_performance_tests = performance_test.generate_tests()
 
         return generated_performance_tests
+    
+    def list_red_teaming_attacks(self):
+        print_attacks()
+
+    def generate_red_teaming_attacks(
+        self,
+        attacks_list: str,
+        datasets_path: str,
+        agents_path: str,
+        target_agent_name: str,
+        output_dir: Optional[str] = None,
+        max_variants: Optional[int] = None,
+    ):
+        if output_dir is None:
+            output_dir = os.path.join(os.getcwd(), "red_teaming_attacks")
+            os.makedirs(output_dir, exist_ok=True)
+            logger.info(f"No output directory specified. Using default: {output_dir}")
+
+        results = attack_generator.main(
+            AttackGeneratorConfig(
+                attacks_list=attacks_list.split(","),
+                datasets_path=datasets_path.split(","),
+                agents_path=agents_path,
+                target_agent_name=target_agent_name,
+                output_dir=output_dir,
+                max_variants=max_variants,
+            )
+        )
+        logger.info(f"Generated {len(results)} attacks and saved to {output_dir}")
+
+    def run_red_teaming_attacks(self, attack_paths: str, output_dir: Optional[str] = None) -> None:
+        url, tenant_name, token = self._get_env_config()
+
+        if "WATSONX_SPACE_ID" in os.environ and "WATSONX_APIKEY" in os.environ:
+            provider = "watsonx"
+        elif "WO_INSTANCE" in os.environ and "WO_API_KEY" in os.environ:
+            provider = "model_proxy"
+        else:
+            logger.error(
+                "No provider found. Please either provide a config_file or set either WATSONX_SPACE_ID and WATSONX_APIKEY or WO_INSTANCE and WO_API_KEY in your system environment variables."
+            )
+            sys.exit(1)
+
+        config_data = {
+            "auth_config": AuthConfig(
+                url=url,
+                tenant_name=tenant_name,
+                token=token,
+            ),
+            "provider_config": ProviderConfig(
+                provider=provider,
+                model_id="meta-llama/llama-3-405b-instruct",
+            ),
+        }
+
+        config_data["attack_paths"] = attack_paths.split(",")
+        if output_dir:
+            config_data["output_dir"] = output_dir
+        else:
+            config_data["output_dir"] = os.path.join(os.getcwd(), "red_teaming_results")
+            os.makedirs(config_data["output_dir"], exist_ok=True)
+            logger.info(f"No output directory specified. Using default: {config_data['output_dir']}")
+            
+
+        config = AttackConfig(**config_data)
+
+        run_attacks(config)

ibm_watsonx_orchestrate/cli/commands/server/types.py

@@ -92,7 +92,7 @@ class ModelGatewayEnvConfig(BaseModel):
                     inferred_auth_url = config.get("WO_INSTANCE") + '/icp4d-api/v1/authorize'   
                 else: 
                     logger.error(f"No 'AUTHORIZATION_URL' found. Auth type '{auth_type}' does not support defaulting. Please set the 'AUTHORIZATION_URL' explictly")
-                sys.exit(1)
+                    sys.exit(1)
             config["AUTHORIZATION_URL"] = inferred_auth_url
         
         if auth_type != WoAuthType.CPD:

ibm_watsonx_orchestrate/client/base_api_client.py

@@ -1,9 +1,22 @@
 import json
-
+from ibm_watsonx_orchestrate.utils.exceptions import BadRequest
 import requests
 from abc import ABC, abstractmethod
 from ibm_cloud_sdk_core.authenticators import MCSPAuthenticator
 from typing_extensions import List
+from contextlib import contextmanager
+
+@contextmanager
+def ssl_handler():
+    try:
+        yield
+    except requests.exceptions.SSLError as e:
+        error_message = str(e)
+        if "self-signed certificate in certificate chain" in error_message:
+            reason = "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain"
+        else:
+            reason = error_message
+        raise BadRequest(f"SSL handshake failed for request '{e.request.path_url}'. Reason: '{reason}'")
 
 
 class ClientAPIException(requests.HTTPError):
@@ -50,7 +63,8 @@ class BaseAPIClient:
 
     def _get(self, path: str, params: dict = None, data=None, return_raw=False) -> dict:
         url = f"{self.base_url}{path}"
-        response = requests.get(url, headers=self._get_headers(), params=params, data=data, verify=self.verify)
+        with ssl_handler():
+            response = requests.get(url, headers=self._get_headers(), params=params, data=data, verify=self.verify)
         self._check_response(response)
         if not return_raw:
             return response.json()
@@ -59,13 +73,15 @@ class BaseAPIClient:
 
     def _post(self, path: str, data: dict = None, files: dict = None) -> dict:
         url = f"{self.base_url}{path}"
-        response = requests.post(url, headers=self._get_headers(), json=data, files=files, verify=self.verify)
+        with ssl_handler():
+            response = requests.post(url, headers=self._get_headers(), json=data, files=files, verify=self.verify)
         self._check_response(response)
         return response.json() if response.text else {}
     
     def _post_nd_json(self, path: str, data: dict = None, files: dict = None) -> List[dict]:
         url = f"{self.base_url}{path}"
-        response = requests.post(url, headers=self._get_headers(), json=data, files=files)
+        with ssl_handler():
+            response = requests.post(url, headers=self._get_headers(), json=data, files=files)
         self._check_response(response)
 
         res = []
@@ -76,33 +92,38 @@ class BaseAPIClient:
     
     def _post_form_data(self, path: str, data: dict = None, files: dict = None) -> dict:
         url = f"{self.base_url}{path}"
-        # Use data argument instead of json so data is encoded as application/x-www-form-urlencoded
-        response = requests.post(url, headers=self._get_headers(), data=data, files=files, verify=self.verify)
+        with ssl_handler():
+            # Use data argument instead of json so data is encoded as application/x-www-form-urlencoded
+            response = requests.post(url, headers=self._get_headers(), data=data, files=files, verify=self.verify)
         self._check_response(response)
         return response.json() if response.text else {}
 
     def _put(self, path: str, data: dict = None) -> dict:
 
         url = f"{self.base_url}{path}"
-        response = requests.put(url, headers=self._get_headers(), json=data, verify=self.verify)
+        with ssl_handler():
+            response = requests.put(url, headers=self._get_headers(), json=data, verify=self.verify)
         self._check_response(response)
         return response.json() if response.text else {}
 
     def _patch(self, path: str, data: dict = None) -> dict:
         url = f"{self.base_url}{path}"
-        response = requests.patch(url, headers=self._get_headers(), json=data, verify=self.verify)
+        with ssl_handler():
+            response = requests.patch(url, headers=self._get_headers(), json=data, verify=self.verify)
         self._check_response(response)
         return response.json() if response.text else {}
     
     def _patch_form_data(self, path: str, data: dict = None, files = None) -> dict:
         url = f"{self.base_url}{path}"
-        response = requests.patch(url, headers=self._get_headers(), data=data, files=files, verify=self.verify)
+        with ssl_handler():
+            response = requests.patch(url, headers=self._get_headers(), data=data, files=files, verify=self.verify)
         self._check_response(response)
         return response.json() if response.text else {}
 
     def _delete(self, path: str, data=None) -> dict:
         url = f"{self.base_url}{path}"
-        response = requests.delete(url, headers=self._get_headers(), json=data, verify=self.verify)
+        with ssl_handler():
+            response = requests.delete(url, headers=self._get_headers(), json=data, verify=self.verify)
         self._check_response(response)
         return response.json() if response.text else {}
 

ibm_watsonx_orchestrate/client/connections/connections_client.py

@@ -177,3 +177,17 @@ class ConnectionsClient(BaseAPIClient):
                 logger.warning(f"Connections not found. Returning connection ID: {conn_id}")
                 return conn_id
             raise e
+
+    def get_drafts_by_ids(self, conn_ids) -> List[ListConfigsResponse]:
+        try:
+            res = self._get(f"/connections/applications?connectionIds={','.join(conn_ids)}")
+            import json
+            json.dumps(res)
+            return [ListConfigsResponse.model_validate(conn) for conn in res.get("applications", [])]
+        except ValidationError as e:
+            logger.error("Recieved unexpected response from server")
+            raise e
+        except ClientAPIException as e:
+            if e.response.status_code == 404:
+                return []
+            raise e

ibm_watsonx_orchestrate/client/service_instance.py

@@ -10,7 +10,7 @@ from ibm_cloud_sdk_core.authenticators import MCSPV2Authenticator
 from ibm_cloud_sdk_core.authenticators import IAMAuthenticator
 from ibm_cloud_sdk_core.authenticators import CloudPakForDataAuthenticator
 
-from ibm_watsonx_orchestrate.client.utils import check_token_validity, is_cpd_env
+from ibm_watsonx_orchestrate.client.utils import check_token_validity, is_cpd_env, is_ibm_cloud_platform
 from ibm_watsonx_orchestrate.client.base_service_instance import BaseServiceInstance
 from ibm_watsonx_orchestrate.cli.commands.environment.types import EnvironmentAuthType
 
@@ -21,14 +21,6 @@ from ibm_watsonx_orchestrate.client.client_errors import (
 import logging
 logger = logging.getLogger(__name__)
 
-from ibm_watsonx_orchestrate.cli.config import (
-    Config,
-    CONTEXT_SECTION_HEADER,
-    CONTEXT_ACTIVE_ENV_OPT,
-    ENVIRONMENTS_SECTION_HEADER,
-    ENV_WXO_URL_OPT
-)
-
 class ServiceInstance(BaseServiceInstance):
     """Connect, get details, and check usage of a Watson Machine Learning service instance."""
 
@@ -50,29 +42,28 @@ class ServiceInstance(BaseServiceInstance):
         return self._client.token
     
     def _create_token(self) -> str:
-        if not self._credentials.auth_type:
-            if ".cloud.ibm.com" in self._credentials.url:
-                logger.warning("Using IBM IAM Auth Type. If this is incorrect please use the '--type' flag to explicitly choose one of 'mcsp', 'mcsp_v1', 'mcsp_v2' or 'cpd' ")
-                return self._authenticate(EnvironmentAuthType.IBM_CLOUD_IAM)
-            elif is_cpd_env(self._credentials.url):
-                logger.warning("Using CPD Auth Type. If this is incorrect please use the '--type' flag to explicitly choose one of 'ibm_iam', 'mcsp', 'mcsp_v1' or 'mcsp_v2' ")
-                return self._authenticate(EnvironmentAuthType.CPD)
-            else:
-                logger.warning("Using MCSP Auth Type. If this is incorrect please use the '--type' flag to explicitly choose one of 'ibm_iam', 'mcsp_v1', 'mcsp_v2' or 'cpd' ")
-                try:
-                    return self._authenticate(EnvironmentAuthType.MCSP_V1)
-                except:
-                    return self._authenticate(EnvironmentAuthType.MCSP_V2)
-        auth_type = self._credentials.auth_type.lower()
+        inferred_auth_type = None
+        if is_ibm_cloud_platform(self._credentials.url):
+            inferred_auth_type = EnvironmentAuthType.IBM_CLOUD_IAM
+        elif is_cpd_env(self._credentials.url):
+            inferred_auth_type = EnvironmentAuthType.CPD
+        else:
+            inferred_auth_type = EnvironmentAuthType.MCSP
+        
+        if self._credentials.auth_type:
+            if self._credentials.auth_type != inferred_auth_type:
+                logger.warning(f"Overriding the default authentication type '{inferred_auth_type}' for url '{self._credentials.url}' with '{self._credentials.auth_type.lower()}'")
+            auth_type = self._credentials.auth_type.lower()
+        else:
+            inferred_type_options = [t for t in EnvironmentAuthType if t != inferred_auth_type]
+            logger.warning(f"Using '{inferred_auth_type}' Auth Type. If this is incorrect please use the '--type' flag to explicitly choose one of {', '.join(inferred_type_options[:-1])} or {inferred_type_options[-1]}")
+            auth_type = inferred_auth_type
+        
         if auth_type == "mcsp":
             try:
                 return self._authenticate(EnvironmentAuthType.MCSP_V1)
             except:
                 return self._authenticate(EnvironmentAuthType.MCSP_V2)
-        elif auth_type == "mcsp_v1":
-            return self._authenticate(EnvironmentAuthType.MCSP_V1)
-        elif auth_type == "mcsp_v2":
-            return self._authenticate(EnvironmentAuthType.MCSP_V2)
         else:
             return self._authenticate(auth_type)
 
@@ -100,13 +91,7 @@ class ServiceInstance(BaseServiceInstance):
                     if self._credentials.iam_url is not None: 
                         url = self._credentials.iam_url
                     else: 
-                        cfg = Config()
-                        env_cfg = cfg.get(ENVIRONMENTS_SECTION_HEADER)
-                        matching_wxo_url = next(
-                            (env_config['wxo_url'] for env_config in env_cfg.values() if 'bypass_ssl' in env_config and 'verify' in env_config),
-                            None
-                        )
-                        base_url = matching_wxo_url.split("/orchestrate")[0]
+                        base_url = self._credentials.url.split("/orchestrate")[0]
                         url = f"{base_url}/icp4d-api"
 
                     password = self._credentials.password if self._credentials.password is not None else None

ibm_watsonx_orchestrate/client/utils.py

@@ -66,7 +66,7 @@ def is_ibm_cloud_platform(url:str | None = None) -> bool:
     if url is None:
         url = get_current_env_url()
 
-    if url.__contains__("cloud.ibm.com"):
+    if ".cloud.ibm.com" in url:
         return True
     return False
 
@@ -161,6 +161,8 @@ def instantiate_client(client: type[T] , url: str | None=None) -> T:
                     client_instance = client(base_url=url, api_key=token, is_local=is_local_dev(url), verify=False)
                 elif verify is not None:
                     client_instance = client(base_url=url, api_key=token, is_local=is_local_dev(url), verify=verify)
+                else:
+                    client_instance = client(base_url=url, api_key=token, is_local=is_local_dev(url))
             else:
                 client_instance = client(base_url=url, api_key=token, is_local=is_local_dev(url))
 

ibm_watsonx_orchestrate/docker/compose-lite.yml

@@ -133,7 +133,7 @@ services:
       DOCPROC_ENABLED: ${DOCPROC_ENABLED:-false}
       IS_OBSERVABILITY_FEATURE_ENABLED: "true"
       ALLOW_INSECURE_TLS: "true"
-      ENABLE_EDIT_PROMPTS: "true"
+      ENABLE_EDIT_PROMPTS: "false"
       LANGFLOW_ENABLED: ${LANGFLOW_ENABLED:-false}
     command: 'npm start'
     ports:
@@ -378,6 +378,7 @@ services:
       IS_WXO_LITE: "TRUE"
       TRM_BASE_URL: http://tools-runtime-manager:8080
       AGENT_STEP_DETAILS: redis://wxo-server-redis:6379/0
+      RECURSION_LIMIT: ${RECURSION_LIMIT}
       AGENT_GATEWAY_URI: http://wxo-agent-gateway:8989
       JWT_SECRET: ${JWT_SECRET}
       POSTGRES_URL: postgresql://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-postgres}@wxo-server-db:5432/postgres
@@ -886,18 +887,18 @@ services:
       PREFLIGHT_MAX_SIZE: 10Mb
       PREFLIGHT_MAX_PAGES: 600
       RUNTIME_LIBRARY: "watson_doc_understanding"
-      WXAI_API_KEY: ${WXAI_API_KEY:-}
-      WXAI_IMAGE_DESCRIPTION_MODEL_ID: ${WXAI_IMAGE_DESCRIPTION_MODEL_ID:-mistralai/pixtral-12b}
-      WXAI_IMAGE_DESCRIPTION_PROJECT_ID: ${WXAI_IMAGE_DESCRIPTION_PROJECT_ID:-}
-      WXAI_KVP_MODEL_ID: ${WXAI_KVP_MODEL_ID:-}
-      WXAI_KVP_PROJECT_ID: ${WXAI_KVP_PROJECT_ID:-}
-      WXAI_SEMANTIC_KVP_PROJECT_ID: ${WXAI_SEMANTIC_KVP_PROJECT_ID:-}
-      WXAI_SEMANTIC_KVP_MODEL_ID: ${WXAI_SEMANTIC_KVP_MODEL_ID:-mistralai/pixtral-12b}
-      WXAI_SEMANTIC_KVP_SPACE_ID: ${WXAI_SEMANTIC_KVP_SPACE_ID:-}
-      WXAI_URL: ${WXAI_URL:-}
+      WXAI_API_KEY: ${WXAI_API_KEY:-"gateway"}
+      WXAI_IMAGE_DESCRIPTION_MODEL_ID: ${WXAI_IMAGE_DESCRIPTION_MODEL_ID:-mistralai/mistral-small-3-1-24b-instruct-2503}
+      WXAI_IMAGE_DESCRIPTION_SPACE_ID: ${WATSONX_SPACE_ID:-}
+      WXAI_KVP_MODEL_ID: ${WXAI_KVP_MODEL_ID:-mistralai/mistral-small-3-1-24b-instruct-2503}
+      WXAI_KVP_SPACE_ID: ${WATSONX_SPACE_ID:-}
+      WXAI_SEMANTIC_KVP_MODEL_ID: ${WXAI_SEMANTIC_KVP_MODEL_ID:-mistralai/mistral-small-3-1-24b-instruct-2503}
+      WXAI_SEMANTIC_KVP_SPACE_ID: ${WATSONX_SPACE_ID:-}
+      WXAI_URL: ${AI_GATEWAY_BASE_URL:-}
       WXAI_USERNAME: ${WXAI_USERNAME:-}
       WXAI_INSTANCE_ID: ${WXAI_INSTANCE_ID:-}
-      WXAI_VERSION: ${WXAI_VERSION:-5.1}
+      WXAI_VERSION: ${WXAI_VERSION:-2023-05-29}
+      WXAI_PROVIDER: ${WXAI_PROVIDER:-gateway}
       
     profiles:
       - docproc