PyPI - solace-agent-mesh - Versions diffs - 1.4.11__py3-none-any.whl → 1.5.0__py3-none-any.whl - Mend

solace-agent-mesh 1.4.11py3-none-any.whl → 1.5.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of solace-agent-mesh might be problematic. Click here for more details.

Files changed (189) hide show

solace_agent_mesh/agent/adk/invocation_monitor.py DELETED Viewed

@@ -1,295 +0,0 @@
-import copy
-import datetime
-import json
-import os
-import yaml
-from solace_ai_connector.common.log import log
-class InvocationMonitor:
-    LOG_DIRECTORY = "/tmp/solace-agent-mesh"
-    START_TOPIC_SUFFIX = "a2a/v1/agent/request/OrchestratorAgent"
-    END_TOPIC_CONTAINS = "a2a/v1/gateway/response/"
-    EXCLUDE_TOPIC_SUFFIX = "/discovery/agentcards"
-    LOG_FILE_VERSION = "1.0"
-    def __init__(self):
-        self._is_logging_active = False
-        self._current_log_buffer = []
-        self._current_logfile_path = None
-        self._invocation_start_time = None
-        self._triggering_event_details = None
-        self._current_invocation_id = None
-        self._current_session_id = None
-        try:
-            os.makedirs(self.LOG_DIRECTORY, exist_ok=True)
-            log.info(
-                f"InvocationMonitor initialized. Logging to directory: {self.LOG_DIRECTORY}"
-            )
-        except Exception as e:
-            log.error(
-                f"InvocationMonitor: Failed to create log directory {self.LOG_DIRECTORY}: {e}"
-            )
-            self.LOG_DIRECTORY = None
-    def _sanitize(self, value):
-        """Replace underscores with dashes and convert to string."""
-        return str(value).replace("_", "-") if value is not None else "unknown"
-    def _generate_logfile_path(self, invocation_id, gateway) -> str:
-        if not self.LOG_DIRECTORY:
-            return None
-        timestamp = str(int(datetime.datetime.now(datetime.timezone.utc).timestamp()))
-        invocation_id = self._sanitize(invocation_id)
-        gateway = self._sanitize(gateway)
-        filename = f"{invocation_id}_{gateway}_{timestamp}.stim"
-        return os.path.join(self.LOG_DIRECTORY, filename)
-    def _finalize_log_file(self, terminating_event_details=None):
-        if not self._is_logging_active or not self._current_logfile_path:
-            if self._is_logging_active:
-                log.warning("InvocationMonitor: Finalize called but no log file path.")
-            self._reset_session()
-            return
-        if not self._current_log_buffer and not self._triggering_event_details:
-            log.info(
-                f"InvocationMonitor: No messages were logged for {self._current_logfile_path}. Skipping file creation."
-            )
-            self._reset_session()
-            return
-        invocation_end_time = datetime.datetime.now(datetime.timezone.utc).timestamp()
-        yaml_data = {
-            "invocation_details": {
-                "log_file_version": self.LOG_FILE_VERSION,
-                "start_time": self._invocation_start_time,
-                "end_time": invocation_end_time,
-                "triggering_event": self._triggering_event_details,
-                "terminating_event": terminating_event_details,
-            },
-            "invocation_flow": self._current_log_buffer,
-        }
-        try:
-            with open(self._current_logfile_path, "w", encoding="utf-8") as f:
-                yaml.dump(
-                    yaml_data,
-                    f,
-                    sort_keys=False,
-                    allow_unicode=True,
-                    indent=2,
-                    default_flow_style=False,
-                )
-            log.info(
-                f"InvocationMonitor: YAML content saved to .stim file: {self._current_logfile_path}"
-            )
-        except Exception as e:
-            log.error(
-                f"InvocationMonitor: Failed to write YAML content to .stim file {self._current_logfile_path}: {e}"
-            )
-        finally:
-            self._reset_session()
-    def _reset_session(self):
-        self._is_logging_active = False
-        self._current_log_buffer = []
-        self._current_logfile_path = None
-        self._invocation_start_time = None
-        self._triggering_event_details = None
-        self._current_invocation_id = None
-        self._current_session_id = None
-    def _prepare_payload_for_yaml(self, payload):
-        if isinstance(payload, str):
-            try:
-                return json.loads(payload)
-            except json.JSONDecodeError:
-                return payload
-        elif isinstance(payload, (dict, list)):
-            return payload
-        elif isinstance(payload, bytes):
-            try:
-                return payload.decode("utf-8")
-            except UnicodeDecodeError:
-                return repr(payload)
-        return str(payload)
-    def _add_log_entry(
-        self,
-        direction: str,
-        topic: str,
-        payload: any,
-        component_identifier: str,
-        is_trigger_event=False,
-    ):
-        timestamp = datetime.datetime.now(datetime.timezone.utc).timestamp()
-        prepared_payload = self._prepare_payload_for_yaml(payload)
-        log_entry_dict = {
-            "topic": topic,
-            "timestamp": timestamp,
-            "component": component_identifier,
-            "direction": direction,
-            "payload": prepared_payload,
-        }
-        if is_trigger_event:
-            return {
-                "timestamp": timestamp,
-                "component": component_identifier,
-                "direction": direction,
-                "topic": topic,
-                "payload": prepared_payload,
-            }
-        if self._is_logging_active:
-            self._current_log_buffer.append(log_entry_dict)
-        return log_entry_dict
-    def log_message_event(
-        self,
-        direction: str,
-        topic: str,
-        payload: any,
-        component_identifier: str = "A2A_Host",
-    ):
-        if not self.LOG_DIRECTORY:
-            log.error(
-                "InvocationMonitor: Log directory not available. Skipping log_message_event."
-            )
-            return
-        if topic.endswith(self.EXCLUDE_TOPIC_SUFFIX):
-            return
-        if self.START_TOPIC_SUFFIX in topic:
-            method = None
-            invocation_id = None
-            session_id = None
-            if isinstance(payload, dict):
-                method = payload.get("method")
-                invocation_id = payload.get("id") or "unknown"
-                session_id = payload.get("params", {}).get("sessionId", None)
-            elif isinstance(payload, str):
-                try:
-                    payload_obj = json.loads(payload)
-                    method = payload_obj.get("method")
-                    invocation_id = payload_obj.get("id") or "unknown"
-                    session_id = payload_obj.get("params", {}).get("sessionId", None)
-                except Exception:
-                    invocation_id = "unknown"
-                    session_id = None
-            if method != "tasks/sendSubscribe":
-                if self._is_logging_active and method == "tasks/cancel":
-                    log.warning(
-                        f"InvocationMonitor: Cancel event received for topic {topic} (id={invocation_id}, sessionId={session_id}) while a session for {self._current_logfile_path} was active. "
-                        "Finalizing previous session with reason: 'Request was canceled'."
-                    )
-                    self._finalize_log_file(
-                        terminating_event_details={
-                            "reason": "Request was canceled",
-                            "topic": topic,
-                            "method": method,
-                            "invocation_id": invocation_id,
-                            "session_id": session_id,
-                        }
-                    )
-                return
-            if self._is_logging_active:
-                log.warning(
-                    f"InvocationMonitor: New start event received for topic {topic} (id={invocation_id}, sessionId={session_id}, method={method}) while a session for {self._current_logfile_path} was active. "
-                    "Finalizing previous session with reason: 'New session started before old one ended'."
-                )
-                self._finalize_log_file(
-                    terminating_event_details={
-                        "reason": "New session started before old one ended",
-                        "topic": topic,
-                        "method": method,
-                        "invocation_id": invocation_id,
-                        "session_id": session_id,
-                    }
-                )
-            self._is_logging_active = True
-            self._current_log_buffer = []
-            self._current_invocation_id = invocation_id
-            self._current_session_id = session_id
-            log.debug(
-                f"InvocationMonitor: Received start event for topic {topic}. Payload: {payload}"
-            )
-            gateway = "unknown"
-            if session_id and "web-session" in session_id:
-                gateway = "web"
-            elif session_id and "slack" in session_id:
-                gateway = "slack"
-            self._current_logfile_path = self._generate_logfile_path(
-                invocation_id, gateway
-            )
-            if not self._current_logfile_path:
-                log.error(
-                    "InvocationMonitor: Could not generate logfile path. Aborting logging for this session."
-                )
-                self._reset_session()
-                return
-            self._invocation_start_time = datetime.datetime.now(
-                datetime.timezone.utc
-            ).timestamp()
-            self._triggering_event_details = self._add_log_entry(
-                direction, topic, payload, component_identifier, is_trigger_event=True
-            )
-            if self._triggering_event_details:
-                first_flow_entry = {
-                    "topic": self._triggering_event_details["topic"],
-                    "timestamp": self._triggering_event_details["timestamp"],
-                    "component": self._triggering_event_details["component"],
-                    "direction": self._triggering_event_details["direction"],
-                    "payload": copy.deepcopy(self._triggering_event_details["payload"]),
-                }
-                self._current_log_buffer.append(first_flow_entry)
-            log.info(
-                f"InvocationMonitor: Started YAML logging (to .stim file) for new invocation. File: {self._current_logfile_path}. Trigger: {topic}"
-            )
-        elif self._is_logging_active:
-            current_event_details = self._add_log_entry(
-                direction, topic, payload, component_identifier, is_trigger_event=False
-            )
-            if self.END_TOPIC_CONTAINS in topic:
-                log.info(
-                    f"InvocationMonitor: End condition met by topic {topic}. Finalizing YAML content to .stim file: {self._current_logfile_path}"
-                )
-                terminating_event_info = {
-                    "timestamp": current_event_details["timestamp"],
-                    "component": current_event_details["component"],
-                    "direction": current_event_details["direction"],
-                    "topic": current_event_details["topic"],
-                    "payload": copy.deepcopy(current_event_details["payload"]),
-                }
-                self._finalize_log_file(
-                    terminating_event_details=terminating_event_info
-                )
-    def cleanup(self):
-        log.info("InvocationMonitor: Cleanup called.")
-        if self._is_logging_active and self._current_logfile_path:
-            log.warning(
-                f"InvocationMonitor: Finalizing YAML content to .stim file {self._current_logfile_path} during cleanup."
-            )
-            self._finalize_log_file(
-                terminating_event_details={"reason": "Session finalized during cleanup"}
-            )

solace_agent_mesh/assets/docs/assets/js/0e682baa.d054e1d8.js DELETED Viewed

@@ -1 +0,0 @@

- "use strict";(self.webpackChunksolace_agenitc_mesh_docs=self.webpackChunksolace_agenitc_mesh_docs||[]).push([[1430],{7977:(e,n,t)=>{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>a,default:()=>h,frontMatter:()=>r,metadata:()=>o,toc:()=>c});const o=JSON.parse('{"id":"documentation/tutorials/mcp-integration","title":"MCP Integration","description":"This tutorial walks you through the process of integrating a Model Context Protocol (MCP) Server into Solace Agent Mesh.","source":"@site/docs/documentation/tutorials/mcp-integration.md","sourceDirName":"documentation/tutorials","slug":"/documentation/tutorials/mcp-integration","permalink":"/solace-agent-mesh/docs/documentation/tutorials/mcp-integration","draft":false,"unlisted":false,"editUrl":"https://github.com/SolaceLabs/solace-agent-mesh/edit/main/docs/docs/documentation/tutorials/mcp-integration.md","tags":[],"version":"current","sidebarPosition":10,"frontMatter":{"title":"MCP Integration","sidebar_position":10},"sidebar":"docSidebar","previous":{"title":"Build Your Own Agent","permalink":"/solace-agent-mesh/docs/documentation/tutorials/custom-agent"},"next":{"title":"REST Gateway","permalink":"/solace-agent-mesh/docs/documentation/tutorials/rest-gateway"}}');var s=t(4848),i=t(8453);const r={title:"MCP Integration",sidebar_position:10},a="MCP Integration",l={},c=[{value:"Setting Up the Environment",id:"setting-up-the-environment",level:2},{value:"Adding MCP Tools to an Agent",id:"adding-mcp-tools-to-an-agent",level:2},{value:"1. Stdio Connection (Local MCP Servers)",id:"1-stdio-connection-local-mcp-servers",level:3},{value:"2. SSE Connection (Remote MCP Servers)",id:"2-sse-connection-remote-mcp-servers",level:3},{value:"3. Docker Connection (Containerized MCP Servers)",id:"3-docker-connection-containerized-mcp-servers",level:3},{value:"Complete Example: Filesystem MCP Agent",id:"complete-example-filesystem-mcp-agent",level:2},{value:"Configuration Options",id:"configuration-options",level:2},{value:"Tool-Specific Configuration",id:"tool-specific-configuration",level:3},{value:"Environment Variables",id:"environment-variables",level:3},{value:"Running Your MCP-Enabled Agent",id:"running-your-mcp-enabled-agent",level:2},{value:"How MCP Integration Works",id:"how-mcp-integration-works",level:2},{value:"Testing Your MCP Integration",id:"testing-your-mcp-integration",level:2}];function d(e){const n={a:"a",admonition:"admonition",code:"code",h1:"h1",h2:"h2",h3:"h3",header:"header",li:"li",ol:"ol",p:"p",pre:"pre",strong:"strong",ul:"ul",...(0,i.R)(),...e.components};return(0,s.jsxs)(s.Fragment,{children:[(0,s.jsx)(n.header,{children:(0,s.jsx)(n.h1,{id:"mcp-integration",children:"MCP Integration"})}),"\n",(0,s.jsx)(n.p,{children:"This tutorial walks you through the process of integrating a Model Context Protocol (MCP) Server into Solace Agent Mesh."}),"\n",(0,s.jsx)(n.admonition,{title:"Learn about agents",type:"info",children:(0,s.jsxs)(n.p,{children:["You should have an understanding of agents in Solace Agent Mesh. For more information, see ",(0,s.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/concepts/agents",children:"Agents"}),"."]})}),"\n",(0,s.jsxs)(n.p,{children:["Solace Agent Mesh now provides ",(0,s.jsx)(n.strong,{children:"native MCP support"})," through the framework itself. No additional plugins are required - you can connect to MCP servers directly by configuring your agent YAML file with MCP tools."]}),"\n",(0,s.jsx)(n.p,{children:"MCP integration allows your agents to connect to external MCP servers and use their tools, resources, and prompts seamlessly within the A2A protocol ecosystem."}),"\n",(0,s.jsx)(n.h2,{id:"setting-up-the-environment",children:"Setting Up the Environment"}),"\n",(0,s.jsxs)(n.p,{children:["You must ",(0,s.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/getting-started/installation",children:"install Solace Agent Mesh and Solace Agent Mesh CLI"}),", and then ",(0,s.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/getting-started/quick-start",children:"create a new Solace Agent Mesh project"}),"."]}),"\n",(0,s.jsx)(n.p,{children:"For this tutorial using the filesystem MCP server, you also need Node.js and NPM installed."}),"\n",(0,s.jsx)(n.h2,{id:"adding-mcp-tools-to-an-agent",children:"Adding MCP Tools to an Agent"}),"\n",(0,s.jsx)(n.p,{children:"MCP integration is accomplished by adding MCP tools directly to your agent configuration. There are three main connection types supported:"}),"\n",(0,s.jsx)(n.h3,{id:"1-stdio-connection-local-mcp-servers",children:"1. Stdio Connection (Local MCP Servers)"}),"\n",(0,s.jsx)(n.p,{children:"This is the most common method for connecting to MCP servers that run as local processes:"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-yaml",children:'tools:\n - tool_type: mcp\n connection_params:\n type: stdio\n command: "npx"\n args:\n - "-y"\n - "@modelcontextprotocol/server-filesystem"\n - "/tmp/samv2"\n'})}),"\n",(0,s.jsx)(n.h3,{id:"2-sse-connection-remote-mcp-servers",children:"2. SSE Connection (Remote MCP Servers)"}),"\n",(0,s.jsx)(n.p,{children:"For connecting to remote MCP servers using Server-Sent Events:"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-yaml",children:'tools:\n - tool_type: mcp\n connection_params:\n type: sse\n url: "https://mcp.example.com/v1/sse"\n headers:\n Authorization: "Bearer ${MCP_AUTH_TOKEN}"\n'})}),"\n",(0,s.jsx)(n.h3,{id:"3-docker-connection-containerized-mcp-servers",children:"3. Docker Connection (Containerized MCP Servers)"}),"\n",(0,s.jsx)(n.p,{children:"For running MCP servers in Docker containers:"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-yaml",children:'tools:\n - tool_type: mcp\n connection_params:\n type: stdio\n command: "docker"\n args:\n - "run"\n - "-i"\n - "--rm"\n - "-e"\n - "API_KEY"\n - "mcp-server-image:latest"\n environment_variables:\n API_KEY: ${MY_API_KEY}\n'})}),"\n",(0,s.jsx)(n.h2,{id:"complete-example-filesystem-mcp-agent",children:"Complete Example: Filesystem MCP Agent"}),"\n",(0,s.jsx)(n.p,{children:"Here is a complete example of an agent that uses the filesystem MCP server:"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-yaml",children:'# configs/agents/filesystem_agent.yaml\nlog:\n stdout_log_level: INFO\n log_file_level: DEBUG\n log_file: filesystem_agent.log\n\n!include ../shared_config.yaml\n\napps:\n - name: filesystem_mcp_agent_app\n app_base_path: .\n app_module: solace_agent_mesh.agent.sac.app\n broker:\n <<: *broker_connection\n\n app_config:\n namespace: ${NAMESPACE}\n supports_streaming: true\n agent_name: "FileSystemAgent"\n display_name: "File System"\n model: *general_model\n \n instruction: |\n You can interact with the local filesystem using MCP tools.\n Use the available tools to read, write, and manage files as requested.\n\n tools:\n - tool_type: mcp\n connection_params:\n type: stdio\n command: "npx"\n args:\n - "-y"\n - "@modelcontextprotocol/server-filesystem"\n - "/tmp/samv2"\n - tool_type: builtin-group\n group_name: "artifact_management"\n\n session_service: *default_session_service\n artifact_service: *default_artifact_service\n\n # Agent discovery and communication\n agent_card:\n description: "An agent that interacts with the local filesystem via MCP."\n defaultInputModes: ["text"]\n defaultOutputModes: ["text", "file"]\n skills: []\n\n agent_card_publishing: { interval_seconds: 10 }\n agent_discovery: { enabled: true }\n inter_agent_communication:\n allow_list: ["*"]\n request_timeout_seconds: 30\n'})}),"\n",(0,s.jsx)(n.h2,{id:"configuration-options",children:"Configuration Options"}),"\n",(0,s.jsx)(n.h3,{id:"tool-specific-configuration",children:"Tool-Specific Configuration"}),"\n",(0,s.jsx)(n.p,{children:"You can limit which tools from an MCP server are available by specifying a specific tool name:"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-yaml",children:'tools:\n - tool_type: mcp\n tool_name: "read_file" # Only expose the read_file tool\n connection_params:\n type: stdio\n command: "npx"\n args: ["-y", "@modelcontextprotocol/server-filesystem", "/tmp/samv2"]\n'})}),"\n",(0,s.jsx)(n.h3,{id:"environment-variables",children:"Environment Variables"}),"\n",(0,s.jsxs)(n.p,{children:["Pass environment variables to MCP servers using the ",(0,s.jsx)(n.code,{children:"environment_variables"})," block:"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-yaml",children:'tools:\n - tool_type: mcp\n connection_params:\n type: stdio\n command: "my-mcp-server"\n environment_variables:\n API_KEY: ${MY_API_KEY}\n DEBUG_MODE: "true"\n CONFIG_PATH: "/etc/myconfig"\n'})}),"\n",(0,s.jsx)(n.h2,{id:"running-your-mcp-enabled-agent",children:"Running Your MCP-Enabled Agent"}),"\n",(0,s.jsxs)(n.ol,{children:["\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Create the working directory"})," (for filesystem example):"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-sh",children:'mkdir -p /tmp/samv2\necho "Hello MCP!" > /tmp/samv2/test.txt\n'})}),"\n"]}),"\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Set required environment variables"}),":"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-sh",children:'export NAMESPACE="myorg/dev"\nexport SOLACE_BROKER_URL="ws://localhost:8008"\n# ... other Solace broker settings\n'})}),"\n"]}),"\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Run the agent"}),":"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-sh",children:"sam run configs/agents/filesystem_agent.yaml\n"})}),"\n"]}),"\n"]}),"\n",(0,s.jsx)(n.h2,{id:"how-mcp-integration-works",children:"How MCP Integration Works"}),"\n",(0,s.jsx)(n.p,{children:"When your agent starts:"}),"\n",(0,s.jsxs)(n.ol,{children:["\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.strong,{children:"Connection"}),": The framework establishes a connection to the MCP server using the specified connection parameters"]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.strong,{children:"Discovery"}),": It queries the MCP server for available tools, resources, and prompts"]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.strong,{children:"Registration"}),": Available capabilities are registered as agent tools."]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.strong,{children:"Communication"}),": The agent can use these tools through the standard A2A protocol, with the framework handling MCP protocol translation"]}),"\n"]}),"\n",(0,s.jsx)(n.h2,{id:"testing-your-mcp-integration",children:"Testing Your MCP Integration"}),"\n",(0,s.jsx)(n.p,{children:"Once your MCP-enabled agent is running, you can test it through any gateway in your project (such as the Web UI gateway):"}),"\n",(0,s.jsxs)(n.ol,{children:["\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.strong,{children:"Access your gateway"})," (for example, Web UI at ",(0,s.jsx)(n.code,{children:"http://localhost:8000"}),")"]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.strong,{children:"Send a request"})," to test the MCP functionality:","\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsx)(n.li,{children:'"List the files in the directory"'}),"\n",(0,s.jsx)(n.li,{children:'"Create a simple text file with some content"'}),"\n",(0,s.jsx)(n.li,{children:'"Read the contents of test.txt"'}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,s.jsx)(n.p,{children:"The agent uses the MCP tools to interact with the filesystem and provide responses through the A2A protocol."})]})}function h(e={}){const{wrapper:n}={...(0,i.R)(),...e.components};return n?(0,s.jsx)(n,{...e,children:(0,s.jsx)(d,{...e})}):d(e)}},8453:(e,n,t)=>{t.d(n,{R:()=>r,x:()=>a});var o=t(6540);const s={},i=o.createContext(s);function r(e){const n=o.useContext(i);return o.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function a(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(s):e.components||s:r(e.components),o.createElement(i.Provider,{value:n},e.children)}}}]);

solace_agent_mesh/assets/docs/assets/js/483cef9a.4736f2d8.js DELETED Viewed

@@ -1 +0,0 @@

- "use strict";(self.webpackChunksolace_agenitc_mesh_docs=self.webpackChunksolace_agenitc_mesh_docs||[]).push([[2274],{4700:(e,n,t)=>{t.r(n),t.d(n,{assets:()=>c,contentTitle:()=>a,default:()=>x,frontMatter:()=>r,metadata:()=>o,toc:()=>l});const o=JSON.parse('{"id":"documentation/Enterprise/single-sign-on","title":"SSO","description":"How to enable SSO","source":"@site/docs/documentation/Enterprise/single-sign-on.md","sourceDirName":"documentation/Enterprise","slug":"/documentation/Enterprise/single-sign-on","permalink":"/solace-agent-mesh/docs/documentation/Enterprise/single-sign-on","draft":false,"unlisted":false,"editUrl":"https://github.com/SolaceLabs/solace-agent-mesh/edit/main/docs/docs/documentation/Enterprise/single-sign-on.md","tags":[],"version":"current","sidebarPosition":10,"frontMatter":{"title":"SSO","sidebar_position":10},"sidebar":"docSidebar","previous":{"title":"RBAC Setup Guide","permalink":"/solace-agent-mesh/docs/documentation/Enterprise/rbac-setup-guilde"}}');var i=t(4848),s=t(8453);const r={title:"SSO",sidebar_position:10},a=void 0,c={},l=[{value:"How to enable SSO",id:"how-to-enable-sso",level:2},{value:"Running Solace Agent Mesh Enterprise with SSO enabled",id:"running-solace-agent-mesh-enterprise-with-sso-enabled",level:2}];function h(e){const n={a:"a",admonition:"admonition",code:"code",h2:"h2",p:"p",pre:"pre",strong:"strong",...(0,s.R)(),...e.components},{Details:t}=n;return t||function(e,n){throw new Error("Expected "+(n?"component":"object")+" `"+e+"` to be defined: you likely forgot to import, pass, or provide it.")}("Details",!0),(0,i.jsxs)(i.Fragment,{children:[(0,i.jsx)(n.h2,{id:"how-to-enable-sso",children:"How to enable SSO"}),"\n",(0,i.jsx)(n.p,{children:"Before running the Docker container, create two configuration files for SSO under the root directory in your Named Docker Volume. Use the content provided below for each file:"}),"\n",(0,i.jsxs)(t,{children:[(0,i.jsx)("summary",{children:"Configuration files for SSO"}),(0,i.jsx)(n.p,{children:(0,i.jsx)(n.strong,{children:"oauth2_server.yaml"})}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-yaml",children:'---\n# Example gateway configuration with OAuth2 service integration\n# This shows how to configure a gateway to use the OAuth2 authentication service\n\nlog:\n stdout_log_level: INFO\n log_file_level: DEBUG\n log_file: oauth_server.log\n\n!include ../shared_config.yaml\n\nshared_config:\n # OAuth2 service configuration\n - oauth2_config: &oauth2_config\n enabled: true\n config_file: "config/sso_vol/oauth2_config.yaml"\n host: ${OAUTH2_HOST, localhost}\n port: ${OAUTH2_PORT, 9000}\n ssl_cert: "" # Optional: path to SSL certificate\n ssl_key: "" # Optional: path to SSL private key\n\nflows:\n # Initialize OAuth2 service\n - name: oauth2_service\n components:\n - component_name: oauth2_auth_service\n component_module: src.components.oauth2_component\n component_config:\n <<: *oauth2_config\n'})}),(0,i.jsx)(n.p,{children:(0,i.jsx)(n.strong,{children:"oauth2_config.yaml"})}),(0,i.jsx)(n.p,{children:"In the oauth2_config.yaml file, uncomment the authentication provider you want to use.\nNote that the Azure provider is configured as the default option."}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-yaml",children:'---\n# OAuth2 Service Configuration\n# This file configures the OAuth2 authentication service that supports multiple providers\n# All providers now use the unified OIDC approach with automatic endpoint discovery\n\n# Enable or disable the OAuth2 service\nenabled: ${OAUTH2_ENABLED:false}\n\n# Development mode - enables insecure transport and relaxed token scope for local development\n# Set OAUTH2_DEV_MODE=true for local development (NEVER use in production!)\ndevelopment_mode: ${OAUTH2_DEV_MODE:false}\n\n# OAuth2 providers configuration\n# All providers now use the unified OIDCProvider with automatic endpoint discovery\nproviders:\n # Google OAuth2 provider\n # google:\n # # OIDC issuer URL - endpoints will be discovered automatically\n # issuer: "https://accounts.google.com"\n # client_id: ${GOOGLE_CLIENT_ID}\n # client_secret: ${GOOGLE_CLIENT_SECRET}\n # redirect_uri: ${GOOGLE_REDIRECT_URI:http://localhost:8080/callback}\n # scope: "openid email profile"\n\n # Azure/Microsoft OAuth2 provider\n azure:\n # Azure OIDC issuer URL includes tenant ID\n issuer: https://login.microsoftonline.com/${AZURE_TENANT_ID}/v2.0\n client_id: ${AZURE_CLIENT_ID}\n client_secret: ${AZURE_CLIENT_SECRET}\n redirect_uri: ${AZURE_REDIRECT_URI:http://localhost:8080/callback}\n scope: "openid email profile offline_access"\n\n # Auth0 OAuth2 provider\n # auth0:\n # # Auth0 issuer URL\n # issuer: ${AUTH0_ISSUER:https://your-domain.auth0.com/}\n # client_id: ${AUTH0_CLIENT_ID}\n # client_secret: ${AUTH0_CLIENT_SECRET}\n # redirect_uri: ${AUTH0_REDIRECT_URI:http://localhost:8080/callback}\n # scope: "openid email profile"\n # # Optional: Auth0 audience for API access\n # audience: ${AUTH0_AUDIENCE:}\n\n # # Okta OAuth2 provider (example)\n # okta:\n # issuer: ${OKTA_ISSUER:https://your-okta-domain.okta.com/oauth2/default}\n # client_id: ${OKTA_CLIENT_ID}\n # client_secret: ${OKTA_CLIENT_SECRET}\n # redirect_uri: ${OKTA_REDIRECT_URI:http://localhost:8080/callback}\n # scope: "openid email profile"\n\n # # Keycloak OAuth2 provider (example)\n # keycloak:\n # issuer: ${KEYCLOAK_ISSUER:https://your-keycloak.com/auth/realms/your-realm}\n # client_id: ${KEYCLOAK_CLIENT_ID}\n # client_secret: ${KEYCLOAK_CLIENT_SECRET}\n # redirect_uri: ${KEYCLOAK_REDIRECT_URI:http://localhost:8080/callback}\n # scope: "openid email profile"\n\n # # Generic OIDC provider (for any standard OIDC-compliant provider)\n # custom_oidc:\n # # Just provide the issuer URL and the service will discover all endpoints\n # issuer: ${CUSTOM_OIDC_ISSUER:https://your-provider.com}\n # client_id: ${CUSTOM_OIDC_CLIENT_ID}\n # client_secret: ${CUSTOM_OIDC_CLIENT_SECRET}\n # redirect_uri: ${CUSTOM_OIDC_REDIRECT_URI:http://localhost:8080/callback}\n # scope: "openid email profile"\n\n# Logging configuration\nlogging:\n level: ${OAUTH2_LOG_LEVEL:INFO}\n\n# Session configuration\nsession:\n # Session timeout in seconds (default: 1 hour)\n timeout: ${OAUTH2_SESSION_TIMEOUT:3600}\n\n# Security configuration\nsecurity:\n # CORS settings\n cors:\n enabled: ${OAUTH2_CORS_ENABLED:true}\n origins: ${OAUTH2_CORS_ORIGINS:*}\n\n # Rate limiting\n rate_limit:\n enabled: ${OAUTH2_RATE_LIMIT_ENABLED:true}\n requests_per_minute: ${OAUTH2_RATE_LIMIT_RPM:60}\n'})})]}),"\n",(0,i.jsx)(n.h2,{id:"running-solace-agent-mesh-enterprise-with-sso-enabled",children:"Running Solace Agent Mesh Enterprise with SSO enabled"}),"\n",(0,i.jsx)(n.p,{children:"Here is an example of Docker run command with Azure SSO provider for production use case:"}),"\n",(0,i.jsx)(n.admonition,{type:"tip",children:(0,i.jsxs)(n.p,{children:["You may need to include ",(0,i.jsx)(n.code,{children:"--platform linux/amd64"})," depending on the host machine you\u2019re using."]})}),"\n",(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-bash",children:'docker run -itd -p 8000:8000 -p 9000:9000 \\\n -e LLM_SERVICE_API_KEY="<YOUR_LLM_TOKEN>" \\\n -e LLM_SERVICE_ENDPOINT="<YOUR_LLM_SERVICE_ENDPOINT>" \\\n -e LLM_SERVICE_PLANNING_MODEL_NAME="<YOUR_MODEL_NAME>" \\\n -e LLM_SERVICE_GENERAL_MODEL_NAME="<YOUR_MODEL_NAME>" \\\n -e NAMESPACE="<YOUR_NAMESPACE>" \\\n -e SOLACE_DEV_MODE="false" \\\n -e SOLACE_BROKER_URL="<YOUR_BROKER_URL>" \\\n -e SOLACE_BROKER_VPN="<YOUR_BROKER_VPN>" \\\n -e SOLACE_BROKER_USERNAME="<YOUR_BROKER_USERNAME>" \\\n -e SOLACE_BROKER_PASSWORD="<YOUR_BROKER_PASSWORD>" \\\n -e FASTAPI_HOST="0.0.0.0" \\\n -e FASTAPI_PORT="8000" \\\n -e AZURE_TENANT_ID="xxxxxxxxx-xxxxxx-xxxxxxxx-xxxxxxxxxx" \\\n -e AZURE_CLIENT_ID="xxxxxxxxx-xxxxxx-xxxxxxxx-xxxxxxxxxx" \\\n -e AZURE_CLIENT_SECRET="xxxxxxxxx-xxxxxx-xxxxxxxx-xxxxxxxxxx" \\\n -e OAUTH2_ENABLED="true" \\\n -e OAUTH2_LOG_LEVEL="DEBUG" \\\n -e OAUTH2_DEV_MODE="true" \\\n -e OAUTH2_HOST="0.0.0.0" \\\n -e OAUTH2_PORT="9000" \\\n -e FRONTEND_USE_AUTHORIZATION="true" \\\n -e FRONTEND_REDIRECT_URL="http://localhost:8000" \\\n -e FRONTEND_AUTH_LOGIN_URL="http://localhost:8000/api/v1/auth/login" \\\n -e EXTERNAL_AUTH_SERVICE_URL="http://localhost:9000" \\\n -e EXTERNAL_AUTH_PROVIDER="azure" \\\n -e EXTERNAL_AUTH_CALLBACK="http://localhost:8000/api/v1/auth/callback" \\\n -v <YOUR_NAMED_DOCKER_VOLUME>:/app/config/sso_vol/ \\\n --name sam-ent-prod-sso \\\nsolace-agent-mesh-enterprise:<tag> run config/sso_vol/oauth2_server.yaml config/webui_backend.yaml config/a2a_orchestrator.yaml config/a2a_agents.yaml\n'})}),"\n",(0,i.jsxs)(n.p,{children:["You can then access Solace Agent Mesh Enterprise UI through ",(0,i.jsx)(n.a,{href:"http://localhost:8000",children:"http://localhost:8000"})]}),"\n",(0,i.jsxs)(t,{children:[(0,i.jsx)("summary",{children:"Configuration Options"}),(0,i.jsx)(n.p,{children:(0,i.jsx)(n.strong,{children:"Specify the hostname and port for the UI running in the docker container. The main UI runs on port 8000 by default. Using 0.0.0.0 as the host allows external access to the container."})}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-bash",children:'-e FASTAPI_HOST="0.0.0.0" \\\n-e FASTAPI_PORT="8000" \\ \n'})}),(0,i.jsx)(n.p,{children:(0,i.jsx)(n.strong,{children:"Enable single sign-on processing on the frontend."})}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-bash",children:'-e FRONTEND_USE_AUTHORIZATION="true" \\\n'})}),(0,i.jsx)(n.p,{children:(0,i.jsxs)(n.strong,{children:["Specify the main URL of the UI. For instance, this could be ",(0,i.jsx)(n.a,{href:"https://www.example.com",children:"https://www.example.com"})]})}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-bash",children:'-e FRONTEND_REDIRECT_URL="http://localhost:8000" \\\n'})}),(0,i.jsx)(n.p,{children:(0,i.jsxs)(n.strong,{children:["Set the login URL used by the main UI. For instance, this could be ",(0,i.jsx)(n.a,{href:"https://www.example.com/api/v1/auth/login",children:"https://www.example.com/api/v1/auth/login"})]})}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-bash",children:'-e FRONTEND_AUTH_LOGIN_URL="http://localhost:8000/api/v1/auth/login" \\\n'})}),(0,i.jsx)(n.p,{children:(0,i.jsx)(n.strong,{children:"Enable the OAUTH2 server and set the log level"})}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-bash",children:'-e OAUTH2_ENABLED="true" \\\n-e OAUTH2_LOG_LEVEL="DEBUG" \\\n'})}),(0,i.jsx)(n.p,{children:(0,i.jsx)(n.strong,{children:"Specify the hostname and port for the authorization server running in the docker container. Using 0.0.0.0 as the host allows external access to the container."})}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-bash",children:'-e OAUTH2_HOST="0.0.0.0" \\\n-e OAUTH2_PORT="9000" \\\n'})}),(0,i.jsx)(n.p,{children:(0,i.jsx)(n.strong,{children:"Specify whether the Oauth2 checks use dev mode. When dev mode is true the following environment variables are added to allow http access and relax the token scope. This MUST be set false in a production environment."})}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-bash",children:'-e OAUTH2_DEV_MODE="true" \\\n'})}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-bash",children:'OAUTHLIB_RELAX_TOKEN_SCOPE="1"\nOAUTHLIB_INSECURE_TRANSPORT="1"\n'})}),(0,i.jsx)(n.p,{children:(0,i.jsx)(n.strong,{children:"Configure the environment variables for your chosen authentication provider. Refer to the oauth2_config.yaml file to identify the required variables. For example, with Azure set the following"})}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-bash",children:'-e AZURE_TENANT_ID="xxxxxxxxx-xxxxxx-xxxxxxxx-xxxxxxxxxx" \\\n-e AZURE_CLIENT_ID="xxxxxxxxx-xxxxxx-xxxxxxxx-xxxxxxxxxx" \\\n-e AZURE_CLIENT_SECRET="xxxxxxxxx-xxxxxx-xxxxxxxx-xxxxxxxxxx" \\\n'})}),(0,i.jsx)(n.p,{children:(0,i.jsx)(n.strong,{children:"Configure the authorization server's public URL (accessible from outside the Docker container) and specify the OAuth2 provider\u2019s name from oauth2_config.yaml (this example uses the azure profile):"})}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-bash",children:'-e EXTERNAL_AUTH_SERVICE_URL="http://localhost:9000" \\\n-e EXTERNAL_AUTH_PROVIDER="azure" \\\n'})}),(0,i.jsx)(n.p,{children:(0,i.jsxs)(n.strong,{children:["Lastly, set the callback URL that your auth provider will use to redirect with the auth code. For instance, this could be ",(0,i.jsx)(n.a,{href:"https://www.example.com/api/v1/auth/callback",children:"https://www.example.com/api/v1/auth/callback"})]})}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-bash",children:'-e EXTERNAL_AUTH_CALLBACK="http://localhost:8000/api/v1/auth/callback" \\\n'})}),(0,i.jsx)(n.p,{children:(0,i.jsx)(n.strong,{children:"Note that both the main UI and authorization server ports must be mapped to the host machine, as shown in the Docker run command above:"})}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-bash",children:"-p 8000:8000 -p 9000:9000 \\\n"})}),(0,i.jsx)(n.p,{children:(0,i.jsx)(n.strong,{children:"The oauth 2 configuration files must be mounted inside the container:"})}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-bash",children:"-v <YOUR_NAMED_DOCKER_VOLUME>:/app/config/sso_vol/ \\\n"})})]})]})}function x(e={}){const{wrapper:n}={...(0,s.R)(),...e.components};return n?(0,i.jsx)(n,{...e,children:(0,i.jsx)(h,{...e})}):h(e)}},8453:(e,n,t)=>{t.d(n,{R:()=>r,x:()=>a});var o=t(6540);const i={},s=o.createContext(i);function r(e){const n=o.useContext(s);return o.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function a(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(i):e.components||i:r(e.components),o.createElement(s.Provider,{value:n},e.children)}}}]);

solace-agent-mesh 1.4.11__py3-none-any.whl → 1.5.0__py3-none-any.whl

Potentially problematic release.

solace-agent-mesh 1.4.11py3-none-any.whl → 1.5.0py3-none-any.whl