solace-agent-mesh 1.6.1__py3-none-any.whl → 1.13.2__py3-none-any.whl

solace_agent_mesh/assets/docs/assets/js/05749d90.19ac4f35.js

@@ -0,0 +1 @@
+"use strict";(self.webpackChunksolace_agenitc_mesh_docs=self.webpackChunksolace_agenitc_mesh_docs||[]).push([[9259],{5992:(e,n,s)=>{s.r(n),s.d(n,{assets:()=>l,contentTitle:()=>a,default:()=>h,frontMatter:()=>o,metadata:()=>r,toc:()=>c});const r=JSON.parse('{"id":"documentation/enterprise/secure-user-delegated-access","title":"Secure User Delegated Access","description":"This guide walks you through configuring Secure User Delegated Access for Agent Mesh Enterprise. You will learn how to enable users to authenticate with remote MCP tools using their own credentials through OAuth2, providing enhanced security and user-specific access control.","source":"@site/docs/documentation/enterprise/secure-user-delegated-access.md","sourceDirName":"documentation/enterprise","slug":"/documentation/enterprise/secure-user-delegated-access","permalink":"/solace-agent-mesh/docs/documentation/enterprise/secure-user-delegated-access","draft":false,"unlisted":false,"editUrl":"https://github.com/SolaceLabs/solace-agent-mesh/edit/main/docs/docs/documentation/enterprise/secure-user-delegated-access.md","tags":[],"version":"current","sidebarPosition":15,"frontMatter":{"title":"Secure User Delegated Access","sidebar_position":15},"sidebar":"docSidebar","previous":{"title":"Enabling SSO","permalink":"/solace-agent-mesh/docs/documentation/enterprise/single-sign-on"},"next":{"title":"OpenAPI Tools","permalink":"/solace-agent-mesh/docs/documentation/enterprise/openapi-tools"}}');var i=s(4848),t=s(8453);const o={title:"Secure User Delegated Access",sidebar_position:15},a=void 0,l={},c=[{value:"Table of Contents",id:"table-of-contents",level:2},{value:"Overview",id:"overview",level:2},{value:"Why Use Secure User Delegated Access",id:"why-use-secure-user-delegated-access",level:3},{value:"Supported MCP Providers",id:"supported-mcp-providers",level:3},{value:"Understanding Secure User Delegated Access",id:"understanding-secure-user-delegated-access",level:2},{value:"How the OAuth2 Flow Works",id:"how-the-oauth2-flow-works",level:3},{value:"Credential Storage",id:"credential-storage",level:3},{value:"Credential Lifecycle",id:"credential-lifecycle",level:3},{value:"Prerequisites",id:"prerequisites",level:2},{value:"MCP Provider Access",id:"mcp-provider-access",level:3},{value:"Callback URI Configuration",id:"callback-uri-configuration",level:3},{value:"Database Setup (For Production)",id:"database-setup-for-production",level:3},{value:"Configuration Steps",id:"configuration-steps",level:2},{value:"Step 1: Configure Credential Storage and Lifecycle",id:"step-1-configure-credential-storage-and-lifecycle",level:3},{value:"Configure Credential Time-to-Live",id:"configure-credential-time-to-live",level:4},{value:"Configure OAuth2 Callback URI",id:"configure-oauth2-callback-uri",level:4},{value:"Configure Session Service Type",id:"configure-session-service-type",level:4},{value:"Step 2: Configure Trust Manager (Recommended)",id:"step-2-configure-trust-manager-recommended",level:3},{value:"Understanding Trust Manager",id:"understanding-trust-manager",level:4},{value:"Enable Trust Manager on SSE Gateway",id:"enable-trust-manager-on-sse-gateway",level:4},{value:"Enable Trust Manager on Agents",id:"enable-trust-manager-on-agents",level:4},{value:"Example Configuration",id:"example-configuration",level:4},{value:"Secure Solace Broker Provisioning for Trust Manager",id:"secure-solace-broker-provisioning-for-trust-manager",level:4},{value:"Step 3: Configure MCP Tools with OAuth2 Authentication",id:"step-3-configure-mcp-tools-with-oauth2-authentication",level:3},{value:"Basic MCP Tool Structure",id:"basic-mcp-tool-structure",level:4},{value:"Understanding the Manifest Requirement",id:"understanding-the-manifest-requirement",level:4},{value:"Obtaining the Manifest",id:"obtaining-the-manifest",level:4},{value:"Manifest Format",id:"manifest-format",level:4},{value:"Step 4: Deploy Configuration",id:"step-4-deploy-configuration",level:3},{value:"Security Considerations",id:"security-considerations",level:2},{value:"Encryption at Rest",id:"encryption-at-rest",level:3},{value:"Trust Manager for Identity Verification",id:"trust-manager-for-identity-verification",level:3},{value:"Credential Aging and Expiration",id:"credential-aging-and-expiration",level:3},{value:"Provider-Side Revocation",id:"provider-side-revocation",level:3},{value:"Network Security",id:"network-security",level:3},{value:"Logging and Monitoring",id:"logging-and-monitoring",level:3},{value:"Best Practices",id:"best-practices",level:2},{value:"Always Enable Trust Manager in Production",id:"always-enable-trust-manager-in-production",level:3},{value:"Use SQL Persistence in Production",id:"use-sql-persistence-in-production",level:3},{value:"Set Appropriate TTL Values",id:"set-appropriate-ttl-values",level:3},{value:"Configure Separate Session Storage Per Agent",id:"configure-separate-session-storage-per-agent",level:3},{value:"Use HTTPS in Production",id:"use-https-in-production",level:3},{value:"Troubleshooting",id:"troubleshooting",level:2},{value:"OAuth2 Authentication Flow Fails",id:"oauth2-authentication-flow-fails",level:3},{value:"Credentials Not Persisting Across Restarts",id:"credentials-not-persisting-across-restarts",level:3},{value:"Trust Manager Denying Access",id:"trust-manager-denying-access",level:3},{value:"Credentials Expire Too Quickly or Too Slowly",id:"credentials-expire-too-quickly-or-too-slowly",level:3},{value:"Manifest Configuration Errors",id:"manifest-configuration-errors",level:3},{value:"Conclusion",id:"conclusion",level:2}];function d(e){const n={a:"a",code:"code",h2:"h2",h3:"h3",h4:"h4",li:"li",ol:"ol",p:"p",pre:"pre",strong:"strong",ul:"ul",...(0,t.R)(),...e.components};return(0,i.jsxs)(i.Fragment,{children:[(0,i.jsx)(n.p,{children:"This guide walks you through configuring Secure User Delegated Access for Agent Mesh Enterprise. You will learn how to enable users to authenticate with remote MCP tools using their own credentials through OAuth2, providing enhanced security and user-specific access control."}),"\n",(0,i.jsx)(n.h2,{id:"table-of-contents",children:"Table of Contents"}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsx)(n.li,{children:(0,i.jsx)(n.a,{href:"#overview",children:"Overview"})}),"\n",(0,i.jsx)(n.li,{children:(0,i.jsx)(n.a,{href:"#understanding-secure-user-delegated-access",children:"Understanding Secure User Delegated Access"})}),"\n",(0,i.jsx)(n.li,{children:(0,i.jsx)(n.a,{href:"#prerequisites",children:"Prerequisites"})}),"\n",(0,i.jsx)(n.li,{children:(0,i.jsx)(n.a,{href:"#configuration-steps",children:"Configuration Steps"})}),"\n",(0,i.jsx)(n.li,{children:(0,i.jsx)(n.a,{href:"#security-considerations",children:"Security Considerations"})}),"\n",(0,i.jsx)(n.li,{children:(0,i.jsx)(n.a,{href:"#best-practices",children:"Best Practices"})}),"\n",(0,i.jsx)(n.li,{children:(0,i.jsx)(n.a,{href:"#troubleshooting",children:"Troubleshooting"})}),"\n"]}),"\n",(0,i.jsx)(n.h2,{id:"overview",children:"Overview"}),"\n",(0,i.jsx)(n.p,{children:"Secure User Delegated Access allows users to interact with remote MCP (Model Context Protocol) tools using their own credentials rather than shared service credentials. When a user needs to access a remote MCP tool configured in an agent, they complete an OAuth2 authentication flow with the MCP provider's authorization server. This provides user-specific credentials that are securely stored and managed by Agent Mesh Enterprise."}),"\n",(0,i.jsx)(n.h3,{id:"why-use-secure-user-delegated-access",children:"Why Use Secure User Delegated Access"}),"\n",(0,i.jsx)(n.p,{children:"This feature provides several important benefits for enterprise deployments:"}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Enhanced Security"}),": Each user authenticates with their own credentials, eliminating shared service accounts and reducing the blast radius of compromised credentials. All API calls to remote services are made in the context of the authenticated user."]}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Audit and Compliance"}),": User-specific credentials create clear audit trails showing exactly which user performed which actions. This is essential for compliance requirements and security investigations."]}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Fine-Grained Access Control"}),": MCP providers can enforce their own access policies based on the authenticated user's permissions. Users only access resources they are authorized to use within the remote service."]}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Credential Lifecycle Management"}),": User credentials can be individually revoked at the MCP provider level without affecting other users. This simplifies offboarding and incident response."]}),"\n",(0,i.jsx)(n.h3,{id:"supported-mcp-providers",children:"Supported MCP Providers"}),"\n",(0,i.jsx)(n.p,{children:"Agent Mesh Enterprise supports remote MCP servers that implement the OAuth2.1 authentication flow. The following providers have been tested and validated:"}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Atlassian MCP Server"}),": Access Jira, Confluence, and other Atlassian services"]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Stripe MCP Server"}),": Interact with Stripe payment and billing APIs"]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Cloudflare MCP Server"}),": Manage Cloudflare resources and configurations"]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Canva MCP Server"}),": Access Canva design and content APIs"]}),"\n"]}),"\n",(0,i.jsx)(n.p,{children:"The feature works with both SSE (Server-Sent Events) and HTTP streaming remote MCP server types."}),"\n",(0,i.jsx)(n.h2,{id:"understanding-secure-user-delegated-access",children:"Understanding Secure User Delegated Access"}),"\n",(0,i.jsx)(n.p,{children:"Before you configure this feature, you need to understand how it works and how credentials flow through the system."}),"\n",(0,i.jsx)(n.h3,{id:"how-the-oauth2-flow-works",children:"How the OAuth2 Flow Works"}),"\n",(0,i.jsx)(n.p,{children:"When a user attempts to use an MCP tool that requires OAuth2 authentication, Agent Mesh Enterprise initiates the following flow:"}),"\n",(0,i.jsxs)(n.ol,{children:["\n",(0,i.jsxs)(n.li,{children:["\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Authentication Challenge"}),": The user's request triggers an authentication check. If no valid credentials exist for this user and MCP tool combination, the system prompts the user to authenticate."]}),"\n"]}),"\n",(0,i.jsxs)(n.li,{children:["\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"OAuth2 Authorization"}),": The user is redirected to the MCP provider's authorization server (for example, Atlassian or Stripe). The user logs in using their credentials for that service and grants permission for Agent Mesh Enterprise to access their resources."]}),"\n"]}),"\n",(0,i.jsxs)(n.li,{children:["\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Authorization Code Exchange"}),": After successful authentication, the provider redirects back to Agent Mesh Enterprise with an authorization code. The system exchanges this code for access tokens at the provider's token endpoint."]}),"\n"]}),"\n",(0,i.jsxs)(n.li,{children:["\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Credential Storage"}),": Agent Mesh Enterprise stores the access token (and refresh token if provided) in the credential service. Credentials are encrypted at rest (when using a database) and isolated per agent, user, and MCP tool."]}),"\n"]}),"\n",(0,i.jsxs)(n.li,{children:["\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Authenticated Requests"}),": Subsequent requests to the MCP tool use the stored credentials automatically. The user does not need to re-authenticate unless credentials expire or are revoked."]}),"\n"]}),"\n",(0,i.jsxs)(n.li,{children:["\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Token Refresh"}),": If the MCP provider supports refresh tokens and an access token expires, Agent Mesh Enterprise automatically obtains a new access token without requiring user interaction."]}),"\n"]}),"\n"]}),"\n",(0,i.jsx)(n.p,{children:"From an administrator's perspective, this flow is transparent once configured. Users experience a one-time authentication prompt per MCP tool, after which their access works seamlessly."}),"\n",(0,i.jsx)(n.h3,{id:"credential-storage",children:"Credential Storage"}),"\n",(0,i.jsx)(n.p,{children:"Agent Mesh Enterprise manages user credentials through a dedicated credential service with several important characteristics:"}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Encryption at Rest"}),": When using database persistence, all stored credentials are automatically encrypted using the agent's unique identifier as the encryption key. This ensures that credentials cannot be used if extracted from database storage. Memory-based storage does not persist credentials to disk."]}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Multi-Tenant Isolation"}),": Credentials are scoped to the combination of agent ID, user identity, and MCP tool. Credentials for one agent cannot be accessed by another agent, even for the same user and tool. This provides strong isolation in multi-tenant deployments."]}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Configurable Expiration"}),": You can configure a time-to-live (TTL) for stored credentials. After the TTL expires, Agent Mesh Enterprise removes credentials from storage, requiring users to re-authenticate. This reduces the risk of long-lived credential compromise."]}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Persistence Options"}),": Credentials can be stored in memory (for development or ephemeral deployments) or in a database (for production deployments where credentials should survive agent restarts)."]}),"\n",(0,i.jsx)(n.h3,{id:"credential-lifecycle",children:"Credential Lifecycle"}),"\n",(0,i.jsx)(n.p,{children:"Understanding the credential lifecycle helps you plan operational procedures:"}),"\n",(0,i.jsxs)(n.ol,{children:["\n",(0,i.jsxs)(n.li,{children:["\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Acquisition"}),": Credentials are acquired when a user first authenticates with an MCP provider through the OAuth2 flow."]}),"\n"]}),"\n",(0,i.jsxs)(n.li,{children:["\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Active Use"}),": Stored credentials are used automatically for all subsequent requests to that MCP tool by that user."]}),"\n"]}),"\n",(0,i.jsxs)(n.li,{children:["\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Expiration"}),": Credentials expire either through TTL timeout (configured by you) or token expiration (set by the MCP provider). Agent Mesh Enterprise attempts to refresh expired tokens if refresh tokens are available."]}),"\n"]}),"\n",(0,i.jsxs)(n.li,{children:["\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Revocation"}),": Users or administrators can revoke credentials at the MCP provider level. When Agent Mesh Enterprise attempts to use revoked credentials, the request fails and the user must re-authenticate."]}),"\n"]}),"\n",(0,i.jsxs)(n.li,{children:["\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Deletion"}),": Credentials are marked as deleted when they expire (TTL timeout), but are retained in the persistence layer for audit purposes. With memory storage, credentials are removed from storage when the agent is restarted."]}),"\n"]}),"\n"]}),"\n",(0,i.jsx)(n.h2,{id:"prerequisites",children:"Prerequisites"}),"\n",(0,i.jsx)(n.p,{children:"Before you configure Secure User Delegated Access, ensure you have the following in place:"}),"\n",(0,i.jsx)(n.h3,{id:"mcp-provider-access",children:"MCP Provider Access"}),"\n",(0,i.jsx)(n.p,{children:"Some MCP providers require administrative access to authorize Agent Mesh Enterprise before users can authenticate. The requirements vary by provider:"}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Example providers requiring domain authorization"})," (Atlassian, Stripe, Canva):"]}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsx)(n.li,{children:"Administrative access to the MCP provider's admin console"}),"\n",(0,i.jsx)(n.li,{children:"Ability to add your Agent Mesh Enterprise domain to the provider's authorized domains list"}),"\n"]}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Example providers without administrative requirements"})," (Cloudflare):"]}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsx)(n.li,{children:"No administrative setup required"}),"\n",(0,i.jsx)(n.li,{children:"Users can authenticate directly through the OAuth2 flow"}),"\n"]}),"\n",(0,i.jsx)(n.p,{children:"Check the specific requirements for your chosen MCP provider."}),"\n",(0,i.jsx)(n.h3,{id:"callback-uri-configuration",children:"Callback URI Configuration"}),"\n",(0,i.jsx)(n.p,{children:"Your Agent Mesh Enterprise deployment must be accessible via a stable URL for OAuth2 callbacks. During the OAuth2 flow, users are redirected to the MCP provider for authentication, then redirected back to this callback URI."}),"\n",(0,i.jsxs)(n.p,{children:["You will configure this callback URI as an environment variable (see ",(0,i.jsx)(n.a,{href:"#configure-oauth2-callback-uri",children:"Configure OAuth2 Callback URI"}),"). For providers requiring domain authorization (for example: Atlassian, Stripe, Canva), you will also register this domain in the provider's admin console."]}),"\n",(0,i.jsx)(n.h3,{id:"database-setup-for-production",children:"Database Setup (For Production)"}),"\n",(0,i.jsx)(n.p,{children:"For production deployments, you should use SQL persistence to ensure credentials survive agent restarts. You need:"}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsx)(n.li,{children:"A supported SQL database (SQLite, PostgreSQL, MySQL, or other SQL database supported by SQLAlchemy)"}),"\n",(0,i.jsx)(n.li,{children:"Appropriate database credentials and connection information"}),"\n",(0,i.jsx)(n.li,{children:"Sufficient storage for credential data"}),"\n"]}),"\n",(0,i.jsxs)(n.p,{children:["See ",(0,i.jsx)(n.a,{href:"#configure-session-service-type",children:"Configure Session Service Type"})," for details on setting up persistence. For development or testing, you can use memory storage, but credentials will be lost when the agent restarts."]}),"\n",(0,i.jsx)(n.h2,{id:"configuration-steps",children:"Configuration Steps"}),"\n",(0,i.jsx)(n.p,{children:"Configuring Secure User Delegated Access involves several steps: configuring credential storage and lifecycle, optionally configuring the trust manager for enhanced security, and configuring your MCP tools with OAuth2 authentication."}),"\n",(0,i.jsx)(n.h3,{id:"step-1-configure-credential-storage-and-lifecycle",children:"Step 1: Configure Credential Storage and Lifecycle"}),"\n",(0,i.jsx)(n.p,{children:"The credential service is automatically created and manages storage, retrieval, and lifecycle of user credentials. You configure it through environment variables and your session service configuration."}),"\n",(0,i.jsx)(n.h4,{id:"configure-credential-time-to-live",children:"Configure Credential Time-to-Live"}),"\n",(0,i.jsx)(n.p,{children:"Set the credential TTL to control how long credentials remain valid in storage:"}),"\n",(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-bash",children:"export SECRETS_TTL_SECONDS=86400  # 24 hours\n"})}),"\n",(0,i.jsx)(n.p,{children:"The TTL value is specified in seconds. Common values include:"}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.code,{children:"3600"})," - 1 hour (high security, frequent re-authentication)"]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.code,{children:"86400"})," - 24 hours (balance of security and convenience)"]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.code,{children:"604800"})," - 7 days (low security, infrequent re-authentication)"]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.code,{children:"2592000"})," - 30 days (default if not specified)"]}),"\n"]}),"\n",(0,i.jsx)(n.p,{children:"Choose a TTL based on your security requirements and user experience considerations. Shorter TTLs require users to re-authenticate more frequently but reduce the window of exposure for compromised credentials."}),"\n",(0,i.jsx)(n.h4,{id:"configure-oauth2-callback-uri",children:"Configure OAuth2 Callback URI"}),"\n",(0,i.jsx)(n.p,{children:"Set the callback URI where MCP providers will redirect users after authentication:"}),"\n",(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-bash",children:"export OAUTH_TOOL_REDIRECT_URI=https://my.domain.com/api/v1/auth/tool/callback\n"})}),"\n",(0,i.jsxs)(n.p,{children:["Replace ",(0,i.jsx)(n.code,{children:"https://my.domain.com"})," with your actual Agent Mesh Enterprise domain."]}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Important"}),": The path ",(0,i.jsx)(n.code,{children:"/api/v1/auth/tool/callback"})," must not be changed. This is the required callback endpoint path."]}),"\n",(0,i.jsx)(n.p,{children:"This URL must:"}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsx)(n.li,{children:"Match exactly what you register with your MCP provider (for providers requiring domain authorization)"}),"\n",(0,i.jsx)(n.li,{children:"Use HTTPS in production (HTTP is only acceptable for local development)"}),"\n",(0,i.jsx)(n.li,{children:"Be accessible from users' browsers"}),"\n"]}),"\n",(0,i.jsx)(n.h4,{id:"configure-session-service-type",children:"Configure Session Service Type"}),"\n",(0,i.jsxs)(n.p,{children:["User credentials are stored in the same database configured for session storage. For details on configuring session storage, see the ",(0,i.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/installing-and-configuring/session-storage",children:"Session Storage documentation"}),"."]}),"\n",(0,i.jsx)(n.p,{children:"Memory storage does not persist credentials across agent restarts. Use this only for development and testing."}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Important"}),": Ensure each agent has its own database to maintain proper credential isolation between agents."]}),"\n",(0,i.jsx)(n.h3,{id:"step-2-configure-trust-manager-recommended",children:"Step 2: Configure Trust Manager (Recommended)"}),"\n",(0,i.jsx)(n.p,{children:"The trust manager provides critical security for Secure User Delegated Access by cryptographically verifying user identities throughout the system. It ensures that credentials can only be accessed by the user who created them, preventing unauthorized access even if agent communication is compromised."}),"\n",(0,i.jsx)(n.p,{children:(0,i.jsx)(n.strong,{children:"Enabling the trust manager is strongly recommended for production deployments."})}),"\n",(0,i.jsx)(n.h4,{id:"understanding-trust-manager",children:"Understanding Trust Manager"}),"\n",(0,i.jsx)(n.p,{children:"The trust manager uses public/private key cryptography to verify user identity:"}),"\n",(0,i.jsxs)(n.ol,{children:["\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Gateway Authentication"}),": The WebUI Gateway verifies the user's identity during login (via SSO or other authentication)"]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Cryptographic Signing"}),": The gateway cryptographically signs each user's identity using its private key"]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Agent Verification"}),": When an agent receives a request, it uses the gateway's public key to verify the signed identity"]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Credential Access Control"}),": The agent only grants access to credentials if the verified identity matches the credential owner"]}),"\n"]}),"\n",(0,i.jsx)(n.p,{children:"This cryptographic verification ensures that:"}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsx)(n.li,{children:"User identities cannot be forged or tampered with in transit"}),"\n",(0,i.jsx)(n.li,{children:"Each user can only access their own credentials"}),"\n",(0,i.jsx)(n.li,{children:"Compromised agents cannot access other users' credentials"}),"\n",(0,i.jsx)(n.li,{children:"All credential operations have verifiable audit trails"}),"\n"]}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"The trust manager must be enabled on both the WebUI Gateway and all agents"})," to function correctly."]}),"\n",(0,i.jsx)(n.h4,{id:"enable-trust-manager-on-sse-gateway",children:"Enable Trust Manager on SSE Gateway"}),"\n",(0,i.jsx)(n.p,{children:"Add the trust manager configuration to your SSE Gateway configuration:"}),"\n",(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-yaml",children:"# In your gateway configuration\ntrust_manager:\n  enabled: true\n"})}),"\n",(0,i.jsx)(n.h4,{id:"enable-trust-manager-on-agents",children:"Enable Trust Manager on Agents"}),"\n",(0,i.jsx)(n.p,{children:"Add the same trust manager configuration to each agent's configuration:"}),"\n",(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-yaml",children:"# In each agent's configuration YAML\ntrust_manager:\n  enabled: true\n"})}),"\n",(0,i.jsx)(n.h4,{id:"example-configuration",children:"Example Configuration"}),"\n",(0,i.jsx)(n.p,{children:"Here is an example showing the trust manager full configuration (default values) on the gateway:"}),"\n",(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-yaml",children:'# webui_gateway.yaml\napps:\n  - name: a2a_webui_app\n    app_config:\n      # ... other configuration ...\n\n      trust_manager:\n        enabled: true\n        card_publish_interval_seconds: 10\n        card_expiration_days: 7\n        verification_mode: "permissive"  # or "strict" for production\n        clock_skew_tolerance_seconds: 300\n        enable_time_validation: true\n        jwt_default_ttl_seconds: 3600\n        jwt_max_ttl_seconds: 86400\n'})}),"\n",(0,i.jsx)(n.h4,{id:"secure-solace-broker-provisioning-for-trust-manager",children:"Secure Solace Broker Provisioning for Trust Manager"}),"\n",(0,i.jsx)(n.p,{children:"When using the trust manager, you should configure the Solace broker with proper credentials and ACLs to ensure secure trust card publishing. This prevents components from impersonating each other."}),"\n",(0,i.jsx)(n.p,{children:(0,i.jsx)(n.strong,{children:"Distinct Credentials Per Component"})}),"\n",(0,i.jsx)(n.p,{children:"Each gateway and agent instance should have its own unique broker credentials:"}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsxs)(n.li,{children:["Each gateway instance requires unique ",(0,i.jsx)(n.code,{children:"client_username"})," and ",(0,i.jsx)(n.code,{children:"client_password"})]}),"\n",(0,i.jsxs)(n.li,{children:["Each agent instance requires unique ",(0,i.jsx)(n.code,{children:"client_username"})," and ",(0,i.jsx)(n.code,{children:"client_password"})]}),"\n",(0,i.jsx)(n.li,{children:"Never share credentials between different component instances"}),"\n"]}),"\n",(0,i.jsx)(n.p,{children:(0,i.jsx)(n.strong,{children:"ACL Configuration for Trust Card Publishing"})}),"\n",(0,i.jsx)(n.p,{children:"Configure Access Control Lists (ACLs) on your Solace broker to restrict which topics each component can publish to:"}),"\n",(0,i.jsx)(n.p,{children:(0,i.jsx)(n.strong,{children:"For Gateway instances:"})}),"\n",(0,i.jsx)(n.p,{children:"Only the specific gateway instance is allowed to publish on its trust card topic:"}),"\n",(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{children:"Topic: {namespace}/a2a/v1/trust/gateway/{gateway_broker_client_username}\nPermission: Publish (allow only for this gateway's client username)\n"})}),"\n",(0,i.jsx)(n.p,{children:(0,i.jsx)(n.strong,{children:"For Agent instances:"})}),"\n",(0,i.jsx)(n.p,{children:"Only the specific agent instance is allowed to publish on its trust card topic:"}),"\n",(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{children:"Topic: {namespace}/a2a/v1/trust/agent/{agent_broker_client_username}\nPermission: Publish (allow only for this agent's client username)\n"})}),"\n",(0,i.jsx)(n.p,{children:"Where:"}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.code,{children:"{namespace}"})," is your configured namespace (e.g., ",(0,i.jsx)(n.code,{children:"a2a/dev"})," or ",(0,i.jsx)(n.code,{children:"a2a/prod"}),")"]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.code,{children:"{gateway_broker_client_username}"})," is the unique broker username for the gateway"]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.code,{children:"{agent_broker_client_username}"})," is the unique broker username for each agent"]}),"\n"]}),"\n",(0,i.jsx)(n.p,{children:(0,i.jsx)(n.strong,{children:"Example ACL Configuration:"})}),"\n",(0,i.jsxs)(n.p,{children:["If your namespace is ",(0,i.jsx)(n.code,{children:"a2a/prod"}),", gateway username is ",(0,i.jsx)(n.code,{children:"webui-gateway-01"}),", and agent username is ",(0,i.jsx)(n.code,{children:"employee-agent-01"}),":"]}),"\n",(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{children:"# Gateway ACL\nTopic: a2a/prod/a2a/v1/trust/gateway/webui-gateway-01\nClient Username: webui-gateway-01\nPermission: Publish\n\n# Agent ACL\nTopic: a2a/prod/a2a/v1/trust/agent/employee-agent-01\nClient Username: employee-agent-01\nPermission: Publish\n"})}),"\n",(0,i.jsx)(n.p,{children:"These ACLs ensure that:"}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsx)(n.li,{children:"Components cannot publish trust cards pretending to be other components"}),"\n",(0,i.jsx)(n.li,{children:"Trust card verification remains cryptographically secure"}),"\n",(0,i.jsx)(n.li,{children:"Compromised credentials for one component cannot affect other components"}),"\n"]}),"\n",(0,i.jsx)(n.h3,{id:"step-3-configure-mcp-tools-with-oauth2-authentication",children:"Step 3: Configure MCP Tools with OAuth2 Authentication"}),"\n",(0,i.jsx)(n.p,{children:"To use Secure User Delegated Access, you must configure your MCP tools to use OAuth2 authentication and provide a manifest of available tools."}),"\n",(0,i.jsx)(n.h4,{id:"basic-mcp-tool-structure",children:"Basic MCP Tool Structure"}),"\n",(0,i.jsx)(n.p,{children:"An MCP tool configuration with OAuth2 authentication follows this structure:"}),"\n",(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-yaml",children:'tools:\n  - tool_type: mcp\n    connection_params:\n      type: sse  # or streamable-http\n      url: "https://mcp.example.com/v1/sse"\n    auth:\n      type: oauth2\n    manifest:\n      - name: exampleTool\n        description: Example tool description\n        inputSchema:\n          type: object\n          properties: {}\n          additionalProperties: false\n          $schema: http://json-schema.org/draft-07/schema#\n'})}),"\n",(0,i.jsx)(n.p,{children:"The key components are:"}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:(0,i.jsx)(n.code,{children:"tool_type: mcp"})}),": Identifies this as an MCP tool configuration."]}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:(0,i.jsx)(n.code,{children:"connection_params"})}),": Specifies how to connect to the remote MCP server:"]}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.code,{children:"type"}),": Either ",(0,i.jsx)(n.code,{children:"sse"})," (Server-Sent Events) or ",(0,i.jsx)(n.code,{children:"streamable-http"})]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.code,{children:"url"}),": The endpoint URL for the MCP server"]}),"\n"]}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:(0,i.jsx)(n.code,{children:"auth"})}),": Specifies the authentication type:"]}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.code,{children:"type: oauth2"}),": Enables OAuth2 user delegated access for this tool"]}),"\n"]}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:(0,i.jsx)(n.code,{children:"manifest"})}),": Defines the tools available from this MCP server (explained below)."]}),"\n",(0,i.jsx)(n.h4,{id:"understanding-the-manifest-requirement",children:"Understanding the Manifest Requirement"}),"\n",(0,i.jsx)(n.p,{children:"Due to limitations in the MCP protocol, Agent Mesh Enterprise cannot automatically discover available tools from OAuth2-protected MCP servers. The OAuth2 flow requires user interaction, which prevents the automatic tool discovery process from working."}),"\n",(0,i.jsx)(n.p,{children:"To work around this limitation, you must provide a manifest that lists the tools available from the MCP server. This manifest is identical to what the MCP server would return from its tools list command."}),"\n",(0,i.jsx)(n.h4,{id:"obtaining-the-manifest",children:"Obtaining the Manifest"}),"\n",(0,i.jsx)(n.p,{children:"You can obtain the manifest in several ways:"}),"\n",(0,i.jsx)(n.p,{children:(0,i.jsx)(n.strong,{children:"Method 1: Use MCP Provider Documentation"})}),"\n",(0,i.jsx)(n.p,{children:"Many MCP providers document their available tools. Check the provider's documentation for a list of tools and their schemas."}),"\n",(0,i.jsx)(n.p,{children:(0,i.jsx)(n.strong,{children:"Method 2: Use MCP Inspector"})}),"\n",(0,i.jsxs)(n.p,{children:["Use a tool like ",(0,i.jsx)(n.a,{href:"https://github.com/modelcontextprotocol/inspector",children:"MCP Inspector"})," to connect to the MCP server and retrieve the output of the tools list command. You can then use this output directly as your manifest configuration."]}),"\n",(0,i.jsx)(n.h4,{id:"manifest-format",children:"Manifest Format"}),"\n",(0,i.jsx)(n.p,{children:"Each tool in the manifest follows this format:"}),"\n",(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-yaml",children:"- name: toolName\n  description: Tool description explaining what it does\n  inputSchema:\n    type: object\n    properties:\n      parameterName:\n        type: string\n        description: Parameter description\n    required:\n      - parameterName\n    additionalProperties: false\n    $schema: http://json-schema.org/draft-07/schema#\n"})}),"\n",(0,i.jsxs)(n.p,{children:["The ",(0,i.jsx)(n.code,{children:"inputSchema"})," is a standard JSON Schema (draft-07) that defines what parameters the tool accepts. This schema is used for validation and to help the AI model understand how to call the tool."]}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Note"}),": Complete sample MCP configurations are available in the ",(0,i.jsx)(n.a,{href:"https://github.com/SolaceLabs/solace-agent-mesh/tree/main/examples/agents/remote-mcp",children:"examples/agents/remote-mcp directory"})," for each of the tested remote MCP providers (Atlassian, Stripe, Cloudflare, Canva) to simplify setup."]}),"\n",(0,i.jsx)(n.h3,{id:"step-4-deploy-configuration",children:"Step 4: Deploy Configuration"}),"\n",(0,i.jsx)(n.p,{children:"After configuring credential storage, trust manager, and MCP tools, deploy these configurations to your Agent Mesh Enterprise installation. Ensure that:"}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsx)(n.li,{children:"Configuration files with MCP tool definitions are accessible to the agents"}),"\n",(0,i.jsxs)(n.li,{children:["Environment variables (",(0,i.jsx)(n.code,{children:"SECRETS_TTL_SECONDS"}),", ",(0,i.jsx)(n.code,{children:"OAUTH_TOOL_REDIRECT_URI"}),") are set"]}),"\n",(0,i.jsx)(n.li,{children:"Database URLs are configured if using SQL persistence"}),"\n",(0,i.jsx)(n.li,{children:"The installation is restarted to load the new configuration"}),"\n"]}),"\n",(0,i.jsx)(n.p,{children:"After deployment, test the OAuth2 flow by attempting to use an OAuth2-enabled MCP tool. Users should be prompted to authenticate with the MCP provider."}),"\n",(0,i.jsx)(n.h2,{id:"security-considerations",children:"Security Considerations"}),"\n",(0,i.jsx)(n.p,{children:"Secure User Delegated Access involves storing and managing user credentials, which requires careful attention to security. This section outlines the security features built into the system and additional measures you should implement."}),"\n",(0,i.jsx)(n.h3,{id:"encryption-at-rest",children:"Encryption at Rest"}),"\n",(0,i.jsx)(n.p,{children:"When using SQL persistence, all stored credentials are automatically encrypted before being written to the database. Agent Mesh Enterprise uses the agent's unique identifier as the encryption key, ensuring that credentials cannot be used if extracted from storage."}),"\n",(0,i.jsx)(n.p,{children:"This encryption is automatic and requires no configuration. However, it means that:"}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsx)(n.li,{children:"Credentials encrypted by one agent cannot be decrypted by another agent"}),"\n",(0,i.jsx)(n.li,{children:"If an agent's unique identifier changes, existing credentials become inaccessible"}),"\n",(0,i.jsx)(n.li,{children:"Database backups contain encrypted credentials that are useless without the agent"}),"\n"]}),"\n",(0,i.jsx)(n.p,{children:"For additional security, ensure your database is stored on encrypted storage volumes provided by your infrastructure (for example, encrypted EBS volumes in AWS, encrypted persistent disks in GCP)."}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Note"}),": Memory-based storage does not persist credentials to disk, so encryption at rest does not apply. Memory storage should only be used for development and testing."]}),"\n",(0,i.jsx)(n.h3,{id:"trust-manager-for-identity-verification",children:"Trust Manager for Identity Verification"}),"\n",(0,i.jsx)(n.p,{children:"The trust manager provides defense-in-depth by verifying user identity on every credential operation. This prevents several attack scenarios:"}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Credential Theft via Agent Compromise"}),": If an attacker compromises an agent and attempts to retrieve another user's credentials, the trust manager validates the user's identity token and denies access."]}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Man-in-the-Middle Attacks"}),": The trust manager validates that identity tokens are signed by a trusted issuer, preventing token forgery."]}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Replay Attacks"}),": Identity tokens include expiration times, limiting the window for replay attacks."]}),"\n",(0,i.jsx)(n.p,{children:"To maximize trust manager security:"}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsxs)(n.li,{children:["Always enable trust manager (",(0,i.jsx)(n.code,{children:"enabled: true"}),") in production"]}),"\n",(0,i.jsx)(n.li,{children:"Monitor trust manager logs for denied access attempts"}),"\n"]}),"\n",(0,i.jsx)(n.h3,{id:"credential-aging-and-expiration",children:"Credential Aging and Expiration"}),"\n",(0,i.jsxs)(n.p,{children:["The ",(0,i.jsx)(n.code,{children:"SECRETS_TTL_SECONDS"})," configuration provides defense against long-lived credential compromise. By setting an appropriate TTL, you ensure that:"]}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsx)(n.li,{children:"Stolen credentials have a limited lifetime"}),"\n",(0,i.jsx)(n.li,{children:"Terminated users' credentials expire automatically"}),"\n",(0,i.jsx)(n.li,{children:"Users periodically re-authenticate, allowing detection of account compromise"}),"\n"]}),"\n",(0,i.jsx)(n.p,{children:"The default TTL is 30 days (2592000 seconds) if not specified."}),"\n",(0,i.jsx)(n.h3,{id:"provider-side-revocation",children:"Provider-Side Revocation"}),"\n",(0,i.jsx)(n.p,{children:"MCP providers can revoke user credentials at any time through their own admin consoles. This provides an additional security control:"}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"User Offboarding"}),": When a user leaves the organization, revoke their access at the MCP provider level (Atlassian, Stripe, etc.) in addition to removing their access to Agent Mesh Enterprise."]}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Incident Response"}),": If you suspect credential compromise, immediately revoke access at the MCP provider level. This blocks credential use even before they expire in Agent Mesh Enterprise."]}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Audit Compliance"}),": Provider-side revocation creates audit logs in the provider's system, which may be required for compliance purposes."]}),"\n",(0,i.jsx)(n.p,{children:"Document your incident response procedures to include MCP provider credential revocation as a standard step."}),"\n",(0,i.jsx)(n.h3,{id:"network-security",children:"Network Security"}),"\n",(0,i.jsx)(n.p,{children:"Secure User Delegated Access involves network communication between users, Agent Mesh Enterprise, and MCP providers. Implement these network security measures:"}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Use HTTPS Everywhere"}),": All communication must use HTTPS in production:"]}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsx)(n.li,{children:"User to Agent Mesh Enterprise: HTTPS"}),"\n",(0,i.jsx)(n.li,{children:"Agent Mesh Enterprise to MCP providers: HTTPS"}),"\n",(0,i.jsx)(n.li,{children:"MCP provider redirects back to Agent Mesh Enterprise: HTTPS"}),"\n"]}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Internal Communication Security"}),": If using the trust manager, ensure communication between agents and the SSE gateway is encrypted and authenticated."]}),"\n",(0,i.jsx)(n.h3,{id:"logging-and-monitoring",children:"Logging and Monitoring"}),"\n",(0,i.jsx)(n.p,{children:"Enable comprehensive logging to detect and respond to security issues."}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Anomalous Patterns"}),": Monitor for unusual patterns such as:"]}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsx)(n.li,{children:"Multiple failed authentication attempts from a single user"}),"\n",(0,i.jsx)(n.li,{children:"Credential access from unusual IP addresses or locations"}),"\n",(0,i.jsx)(n.li,{children:"Rapid credential creation/deletion cycles"}),"\n"]}),"\n",(0,i.jsx)(n.p,{children:"Integrate these logs with your SIEM (Security Information and Event Management) system for centralized monitoring and alerting."}),"\n",(0,i.jsx)(n.h2,{id:"best-practices",children:"Best Practices"}),"\n",(0,i.jsx)(n.p,{children:"Following these best practices helps you deploy Secure User Delegated Access securely and reliably."}),"\n",(0,i.jsx)(n.h3,{id:"always-enable-trust-manager-in-production",children:"Always Enable Trust Manager in Production"}),"\n",(0,i.jsx)(n.p,{children:"The trust manager provides critical defense-in-depth security. Always enable it in production deployments:"}),"\n",(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-yaml",children:"trust_manager:\n  enabled: true\n"})}),"\n",(0,i.jsx)(n.p,{children:"Only disable the trust manager in development or testing environments where security is not a concern."}),"\n",(0,i.jsx)(n.h3,{id:"use-sql-persistence-in-production",children:"Use SQL Persistence in Production"}),"\n",(0,i.jsx)(n.p,{children:"Memory persistence is only suitable for development and testing. Production deployments must use SQL persistence:"}),"\n",(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-yaml",children:'session_service:\n  type: "sql"\n  database_url: ${AGENT_DATABASE_URL}\n  default_behavior: "PERSISTENT"\n'})}),"\n",(0,i.jsx)(n.h3,{id:"set-appropriate-ttl-values",children:"Set Appropriate TTL Values"}),"\n",(0,i.jsx)(n.p,{children:"Choose TTL values based on your security requirements and user experience considerations."}),"\n",(0,i.jsx)(n.p,{children:"Never exceed 30 days (2592000 seconds). Document your TTL policy and rationale in your security documentation."}),"\n",(0,i.jsx)(n.h3,{id:"configure-separate-session-storage-per-agent",children:"Configure Separate Session Storage Per Agent"}),"\n",(0,i.jsx)(n.p,{children:"Each agent should have its own session storage database, which will automatically be used for credential storage as well."}),"\n",(0,i.jsxs)(n.p,{children:["This isolation provides defense-in-depth and simplifies multi-tenant deployments. See the ",(0,i.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/installing-and-configuring/session-storage",children:"Session Storage documentation"})," for more details on configuring session storage."]}),"\n",(0,i.jsx)(n.h3,{id:"use-https-in-production",children:"Use HTTPS in Production"}),"\n",(0,i.jsx)(n.p,{children:"Configure HTTPS for all endpoints in production:"}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsxs)(n.li,{children:["Set ",(0,i.jsx)(n.code,{children:"OAUTH_TOOL_REDIRECT_URI"})," to an HTTPS URL"]}),"\n",(0,i.jsx)(n.li,{children:"Configure SSL certificates for Agent Mesh Enterprise"}),"\n",(0,i.jsx)(n.li,{children:"Verify that MCP providers use HTTPS endpoints"}),"\n",(0,i.jsx)(n.li,{children:"Never use HTTP in production (only acceptable for local development)"}),"\n"]}),"\n",(0,i.jsx)(n.h2,{id:"troubleshooting",children:"Troubleshooting"}),"\n",(0,i.jsx)(n.p,{children:"This section addresses common issues you may encounter when configuring or operating Secure User Delegated Access."}),"\n",(0,i.jsx)(n.h3,{id:"oauth2-authentication-flow-fails",children:"OAuth2 Authentication Flow Fails"}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Symptoms"}),": Users report that they are redirected to the MCP provider but never redirected back to Agent Mesh Enterprise, or they see an error after attempting to authenticate."]}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Possible Causes and Solutions"}),":"]}),"\n",(0,i.jsxs)(n.ol,{children:["\n",(0,i.jsxs)(n.li,{children:["\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Incorrect Callback URI"}),":"]}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Verify"}),": Check that ",(0,i.jsx)(n.code,{children:"OAUTH_TOOL_REDIRECT_URI"})," exactly matches the redirect URI registered with the MCP provider."]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Common mistake"}),": Mismatched protocols (HTTP vs HTTPS), missing ports, trailing slashes."]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Solution"}),": Update either the environment variable or the MCP provider configuration to match exactly."]}),"\n"]}),"\n"]}),"\n",(0,i.jsxs)(n.li,{children:["\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Domain Not Authorized"})," (For providers requiring domain authorization):"]}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Verify"}),": Check that your domain is listed in the MCP provider's authorized domains for MCP access."]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Solution"}),": Add your domain to the provider's authorized domain list following their documentation."]}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,i.jsx)(n.h3,{id:"credentials-not-persisting-across-restarts",children:"Credentials Not Persisting Across Restarts"}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Symptoms"}),": Users must re-authenticate every time the agent restarts, even though SQL persistence is configured."]}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Possible Causes and Solutions"}),":"]}),"\n",(0,i.jsxs)(n.ol,{children:["\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Memory Storage Configured Instead of SQL"}),":","\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Verify"}),": Check the agent configuration to ensure ",(0,i.jsx)(n.code,{children:"session_service.type"})," is set to ",(0,i.jsx)(n.code,{children:'"sql"'}),", not ",(0,i.jsx)(n.code,{children:'"memory"'}),"."]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Solution"}),": Update the configuration and restart the agent."]}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,i.jsx)(n.h3,{id:"trust-manager-denying-access",children:"Trust Manager Denying Access"}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Symptoms"}),': Users receive "Access Denied" errors when attempting to use MCP tools, or logs show trust manager access denials.']}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Possible Causes and Solutions"}),":"]}),"\n",(0,i.jsxs)(n.ol,{children:["\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Trust Manager Not Configured on All Components"}),":","\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Verify"}),": Ensure trust manager is enabled on both the SSE Gateway and all agents."]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Solution"}),": Add trust manager configuration to all component configurations and restart."]}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,i.jsx)(n.h3,{id:"credentials-expire-too-quickly-or-too-slowly",children:"Credentials Expire Too Quickly or Too Slowly"}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Symptoms"}),": Users report that they need to re-authenticate too frequently, or credentials remain valid longer than expected."]}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Possible Causes and Solutions"}),":"]}),"\n",(0,i.jsxs)(n.ol,{children:["\n",(0,i.jsxs)(n.li,{children:["\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"TTL Not Set Correctly"}),":"]}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Verify"}),": Check the ",(0,i.jsx)(n.code,{children:"SECRETS_TTL_SECONDS"})," environment variable value."]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Solution"}),": Update the environment variable to the desired TTL and restart the agent."]}),"\n"]}),"\n"]}),"\n",(0,i.jsxs)(n.li,{children:["\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"MCP Provider Token Expiration"}),":"]}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Note"}),": Even if your TTL is long, MCP providers may issue short-lived tokens."]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Verify"}),": Check the MCP provider's token expiration policy."]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Solution"}),": This is controlled by the MCP provider and cannot be changed. Ensure refresh tokens are working correctly to automatically renew expired tokens."]}),"\n"]}),"\n"]}),"\n",(0,i.jsxs)(n.li,{children:["\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Refresh Tokens Not Working"}),":"]}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Verify"}),": Check that the MCP provider issues refresh tokens and that Agent Mesh Enterprise is configured to use them."]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Diagnostic"}),": Look for token refresh attempts in the logs."]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Solution"}),": Ensure the OAuth2 scope includes ",(0,i.jsx)(n.code,{children:"offline_access"})," or equivalent for the provider."]}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,i.jsx)(n.h3,{id:"manifest-configuration-errors",children:"Manifest Configuration Errors"}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Symptoms"}),": MCP tools are not available, or the AI model reports that tools are missing or incorrectly defined."]}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Possible Causes and Solutions"}),":"]}),"\n",(0,i.jsxs)(n.ol,{children:["\n",(0,i.jsxs)(n.li,{children:["\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Manifest Missing or Empty"}),":"]}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Verify"}),": Check that the ",(0,i.jsx)(n.code,{children:"manifest"})," section in your MCP tool configuration is populated."]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Solution"}),": Add the manifest with tool definitions as described in the Configuration Steps section."]}),"\n"]}),"\n"]}),"\n",(0,i.jsxs)(n.li,{children:["\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Manifest Format Errors"}),":"]}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Verify"}),": Ensure the manifest follows the correct YAML structure and JSON Schema format."]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Common mistakes"}),": Missing required fields (",(0,i.jsx)(n.code,{children:"name"}),", ",(0,i.jsx)(n.code,{children:"description"}),", ",(0,i.jsx)(n.code,{children:"inputSchema"}),"), invalid JSON Schema."]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Solution"}),": Validate your manifest structure against the examples in this document."]}),"\n"]}),"\n"]}),"\n",(0,i.jsxs)(n.li,{children:["\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"JSON Schema Version Issues"}),":"]}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Note"}),": Manifests typically use the ",(0,i.jsx)(n.code,{children:"http://json-schema.org/draft-07/schema#"})," standard. However, some LLM providers may require the newer ",(0,i.jsx)(n.code,{children:"https://json-schema.org/specification-links#2020-12"})," specification, which can lead to errors at inference time."]}),"\n",(0,i.jsxs)(n.li,{children:[(0,i.jsx)(n.strong,{children:"Solution"}),": Check your LLM provider's requirements and adjust the ",(0,i.jsx)(n.code,{children:"$schema"})," field in your manifest accordingly."]}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,i.jsx)(n.p,{children:"If you encounter issues, check the latest Agent Mesh Enterprise documentation or enable debug logging to review detailed error information:"}),"\n",(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-yaml",children:"log:\n  stdout_log_level: DEBUG\n  log_file_level: DEBUG\n"})}),"\n",(0,i.jsx)(n.h2,{id:"conclusion",children:"Conclusion"}),"\n",(0,i.jsx)(n.p,{children:"Secure User Delegated Access provides enhanced security and user-specific access control for Agent Mesh Enterprise deployments using remote MCP tools. By following the configuration steps, security considerations, and best practices in this guide, you can deploy this feature securely and reliably."}),"\n",(0,i.jsx)(n.p,{children:"Key takeaways:"}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsx)(n.li,{children:"Always enable the trust manager in production for defense-in-depth security"}),"\n",(0,i.jsx)(n.li,{children:"Use SQL persistence to ensure credentials survive agent restarts"}),"\n",(0,i.jsx)(n.li,{children:"Set appropriate TTL values balancing security and user experience"}),"\n",(0,i.jsx)(n.li,{children:"Configure database-per-agent isolation for multi-tenant security"}),"\n",(0,i.jsx)(n.li,{children:"Follow provider-specific setup instructions carefully"}),"\n",(0,i.jsx)(n.li,{children:"Implement comprehensive monitoring and logging"}),"\n",(0,i.jsx)(n.li,{children:"Maintain regular security reviews of your configuration"}),"\n"]}),"\n",(0,i.jsx)(n.p,{children:"Remember to keep your configuration updated as MCP providers evolve their APIs and authentication requirements, and regularly review your security posture to ensure continued protection of user credentials."})]})}function h(e={}){const{wrapper:n}={...(0,t.R)(),...e.components};return n?(0,i.jsx)(n,{...e,children:(0,i.jsx)(d,{...e})}):d(e)}},8453:(e,n,s)=>{s.d(n,{R:()=>o,x:()=>a});var r=s(6540);const i={},t=r.createContext(i);function o(e){const n=r.useContext(t);return r.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function a(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(i):e.components||i:o(e.components),r.createElement(t.Provider,{value:n},e.children)}}}]);

solace_agent_mesh/assets/docs/assets/js/15ba94aa.e186750d.js

@@ -0,0 +1 @@
+"use strict";(self.webpackChunksolace_agenitc_mesh_docs=self.webpackChunksolace_agenitc_mesh_docs||[]).push([[7791],{8634:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>r,default:()=>h,frontMatter:()=>i,metadata:()=>s,toc:()=>l});const s=JSON.parse('{"id":"documentation/getting-started/architecture","title":"Architecture Overview","description":"Agent Mesh is an event-driven framework that creates a distributed ecosystem of collaborative AI agents. The architecture decouples agent logic from communication and orchestration, enabling you to build scalable, resilient, and modular AI systems.","source":"@site/docs/documentation/getting-started/architecture.md","sourceDirName":"documentation/getting-started","slug":"/documentation/getting-started/architecture","permalink":"/solace-agent-mesh/docs/documentation/getting-started/architecture","draft":false,"unlisted":false,"editUrl":"https://github.com/SolaceLabs/solace-agent-mesh/edit/main/docs/docs/documentation/getting-started/architecture.md","tags":[],"version":"current","sidebarPosition":18,"frontMatter":{"title":"Architecture Overview","sidebar_position":18},"sidebar":"docSidebar","previous":{"title":"Try Agent Mesh","permalink":"/solace-agent-mesh/docs/documentation/getting-started/try-agent-mesh"},"next":{"title":"Vibe Coding","permalink":"/solace-agent-mesh/docs/documentation/getting-started/vibe_coding"}}');var a=n(4848),o=n(8453);const i={title:"Architecture Overview",sidebar_position:18},r=void 0,c={},l=[{value:"Architectural Principles",id:"architectural-principles",level:2},{value:"System Components",id:"system-components",level:2},{value:"Solace Event Broker",id:"solace-event-broker",level:3},{value:"Gateways",id:"gateways",level:3},{value:"Agent Hosts and Agents",id:"agent-hosts-and-agents",level:3},{value:"Key Architectural Flows",id:"key-architectural-flows",level:2},{value:"User Task Processing Flow",id:"user-task-processing-flow",level:3},{value:"Agent-to-Agent Delegation Flow",id:"agent-to-agent-delegation-flow",level:3},{value:"Agent Discovery Flow",id:"agent-discovery-flow",level:3},{value:"A2A Protocol and Topic Structure",id:"a2a-protocol-and-topic-structure",level:2}];function d(e){const t={a:"a",code:"code",h2:"h2",h3:"h3",li:"li",mermaid:"mermaid",ol:"ol",p:"p",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",ul:"ul",...(0,o.R)(),...e.components};return(0,a.jsxs)(a.Fragment,{children:[(0,a.jsx)(t.p,{children:"Agent Mesh is an event-driven framework that creates a distributed ecosystem of collaborative AI agents. The architecture decouples agent logic from communication and orchestration, enabling you to build scalable, resilient, and modular AI systems."}),"\n",(0,a.jsx)(t.p,{children:"The framework integrates three primary technologies:"}),"\n",(0,a.jsxs)(t.ul,{children:["\n",(0,a.jsxs)(t.li,{children:[(0,a.jsx)(t.strong,{children:"Solace Event Broker"}),": Provides the messaging fabric for all asynchronous communication, utilizing topic-based routing for the Agent-to-Agent (A2A) protocol"]}),"\n",(0,a.jsxs)(t.li,{children:[(0,a.jsx)(t.strong,{children:"Solace AI Connector (SAC)"}),": Serves as the runtime environment for hosting and managing the lifecycle of all system components"]}),"\n",(0,a.jsxs)(t.li,{children:[(0,a.jsx)(t.strong,{children:"Google Agent Development Kit (ADK)"}),": Provides the core logic for individual agents, including LLM interaction, tool execution, and state management"]}),"\n"]}),"\n",(0,a.jsx)(t.h2,{id:"architectural-principles",children:"Architectural Principles"}),"\n",(0,a.jsx)(t.p,{children:"The design of Agent Mesh is founded on several key architectural principles:"}),"\n",(0,a.jsxs)(t.ul,{children:["\n",(0,a.jsxs)(t.li,{children:[(0,a.jsx)(t.strong,{children:"Event-Driven Architecture (EDA)"}),": All interactions between major components are asynchronous and mediated by the Solace event broker. This eliminates direct dependencies, allowing components to be developed, deployed, and scaled independently."]}),"\n",(0,a.jsxs)(t.li,{children:[(0,a.jsx)(t.strong,{children:"Component Decoupling"}),": Gateways, Agent Hosts, and other services communicate through standardized A2A protocol messages over the event mesh. They do not require knowledge of each other's network location, implementation language, or internal logic."]}),"\n",(0,a.jsxs)(t.li,{children:[(0,a.jsx)(t.strong,{children:"Scalability and Resilience"}),": The architecture supports horizontal scaling of Agent Hosts and Gateways. The Solace event broker provides fault tolerance and guaranteed message delivery, ensuring system resilience even if individual components fail or are restarted."]}),"\n"]}),"\n",(0,a.jsx)(t.h2,{id:"system-components",children:"System Components"}),"\n",(0,a.jsxs)(t.p,{children:["The architecture comprises several distinct types of components that interact through the Solace Event Broker. External systems connect through gateways, which translate requests into the A2A protocol, while agent hosts run individual agents that can communicate with each other and access backend services like LLMs and databases. For detailed information about each component, see ",(0,a.jsx)(t.a,{href:"/solace-agent-mesh/docs/documentation/components/",children:"Components"}),". The architecture diagram below illustrates how these components work together."]}),"\n",(0,a.jsx)(t.mermaid,{value:'graph TB\n    subgraph External Systems\n        direction TB\n        UserInterfaces("User Interfaces<br/>(Web UI, Slack, CLI)")\n        APIs("External Systems & APIs")\n    end\n\n    subgraph SolaceAgentMesh ["Agent Mesh"]\n        direction TB\n        subgraph Gateways\n            WebUIGateway("Web UI Gateway")\n            CustomGateway("Custom Gateway")\n        end\n\n        Broker("Solace Event Broker<br/>(A2A Protocol Over Topics)")\n\n        subgraph AgentHosts ["Agent Hosts (SAC Applications)"]\n            AgentHost1("Agent Host<br/>(Runs Agent A)")\n            AgentHost2("Agent Host<br/>(Runs Agent B)")\n            AgentHostN("...")\n        end\n    end\n\n    subgraph BackendServices [Backend Services & Tools]\n        direction TB\n        LLM("Large Language Models")\n        CustomTools("Custom Tools<br/>(Python, MCP)")\n        DataStores("Databases & Vector Stores")\n        ArtifactService("Artifact Service<br/>(Filesystem, Cloud Storage)")\n    end\n\n    %% Connections\n    UserInterfaces -- Interacts with --\x3e Gateways\n    APIs -- Interacts with --\x3e Gateways\n\n    Gateways -- Pub/Sub --\x3e Broker\n    AgentHosts -- Pub/Sub --\x3e Broker\n\n    AgentHost1 -- Uses --\x3e LLM\n    AgentHost1 -- Uses --\x3e CustomTools\n    AgentHost1 -- Uses --\x3e DataStores\n    AgentHost1 -- Uses --\x3e ArtifactService\n\n    AgentHost2 -- Uses --\x3e LLM\n    AgentHost2 -- Uses --\x3e CustomTools\n    AgentHost2 -- Uses --\x3e DataStores\n    AgentHost2 -- Uses --\x3e ArtifactService\n\n\n    %% Styling\n    classDef externalBoxes fill:#FFF7C2,stroke:#03213B,stroke-width:2px,color:#03213B;\n    classDef gatewayContainer fill:#F4F4F4,stroke:#03213B,stroke-width:2px,color:#03213B;\n    classDef gatewayBoxes fill:#C2F7FF,stroke:#03213B,stroke-width:2px,color:#03213B;\n    classDef mesh fill:#E8FFF0,stroke:#03213B,stroke-width:2px,color:#03213B;\n    classDef broker fill:#00C895,stroke:#03213B,stroke-width:2px,color:#03213B;\n    classDef agentContainer fill:#F4F4F4,stroke:#03213B,stroke-width:2px,color:#03213B;\n    classDef agentBoxes fill:#C2F7FF,stroke:#03213B,stroke-width:2px,color:#03213B;\n    classDef serviceBoxes fill:#FFF7C2,stroke:#03213B,stroke-width:2px,color:#03213B\n\n    class UserInterfaces,APIs externalBoxes;\n    class WebUIGateway,CustomGateway gatewayBoxes;\n    class Gateways gatewayContainer;\n    class Broker broker;\n    class SolaceAgentMesh mesh;\n    class AgentHosts agentContainer;\n    class AgentHost1,AgentHost2,AgentHostN agentBoxes;\n    class LLM,CustomTools,DataStores,ArtifactService serviceBoxes;'}),"\n",(0,a.jsx)(t.h3,{id:"solace-event-broker",children:"Solace Event Broker"}),"\n",(0,a.jsxs)(t.p,{children:["The Solace Event Broker serves as the central messaging fabric that enables all communication within the agent mesh. It routes A2A protocol messages between components using a hierarchical topic structure, supporting patterns like request/reply, streaming updates, and publish/subscribe for agent discovery. See ",(0,a.jsx)(t.a,{href:"https://solace.com/products/event-broker/",children:"Event Broker"})," for more information."]}),"\n",(0,a.jsx)(t.h3,{id:"gateways",children:"Gateways"}),"\n",(0,a.jsx)(t.p,{children:"Gateways are SAC applications that act as bridges between external systems and the agent mesh. They handle protocol translation, converting external protocols (such as HTTP, WebSockets, or Slack RTM) into the standardized A2A protocol and vice versa. Gateways also manage authentication and authorization, authenticate incoming requests, and use a pluggable AuthorizationService to retrieve user permission scopes. Additionally, they manage external user sessions and map them to A2A task lifecycles, while handling asynchronous responses and status updates from agents."}),"\n",(0,a.jsxs)(t.p,{children:["The Gateway Development Kit (GDK) provides BaseGatewayApp and BaseGatewayComponent classes that abstract common gateway logic, including A2A protocol handling, agent discovery, and late-stage embed resolution. For more information about gateways, see ",(0,a.jsx)(t.a,{href:"/solace-agent-mesh/docs/documentation/components/gateways",children:"Gateways"}),"."]}),"\n",(0,a.jsx)(t.h3,{id:"agent-hosts-and-agents",children:"Agent Hosts and Agents"}),"\n",(0,a.jsx)(t.p,{children:"An Agent Host is a SAC application (SamAgentApp) that hosts a single ADK-based agent. It manages the lifecycle of the ADK Runner and LlmAgent, handles A2A protocol translation between incoming requests and ADK Task objects, enforces permission scopes by filtering available tools, and initializes ADK services like the ArtifactService and MemoryService."}),"\n",(0,a.jsxs)(t.p,{children:["An agent is the logical entity within an Agent Host that performs tasks. Each agent is defined by its configuration, which includes instructions that define its persona and capabilities, LLM configuration specifying which large language model to use, and a toolset containing built-in tools, custom Python functions, or MCP Toolsets. For more information about agents, see ",(0,a.jsx)(t.a,{href:"/solace-agent-mesh/docs/documentation/components/agents",children:"Agents"}),"."]}),"\n",(0,a.jsx)(t.h2,{id:"key-architectural-flows",children:"Key Architectural Flows"}),"\n",(0,a.jsx)(t.p,{children:"The following flows illustrate how data moves through the system and demonstrate the relationships between components in the event-driven architecture."}),"\n",(0,a.jsx)(t.h3,{id:"user-task-processing-flow",children:"User Task Processing Flow"}),"\n",(0,a.jsx)(t.p,{children:"When you submit a request through any gateway, the system processes it through several stages:"}),"\n",(0,a.jsxs)(t.ol,{children:["\n",(0,a.jsx)(t.li,{children:"An external client sends a request to a gateway"}),"\n",(0,a.jsx)(t.li,{children:"The gateway authenticates the request, retrieves your permission scopes via its AuthorizationService, and translates the request into an A2A task message, including the scopes in the Solace message's user properties"}),"\n",(0,a.jsx)(t.li,{children:"The gateway publishes the message to the target agent's request topic on the Solace Broker"}),"\n",(0,a.jsx)(t.li,{children:"The corresponding Agent Host receives the message, with the SamAgentComponent extracting the scopes and initiating an ADK task"}),"\n",(0,a.jsx)(t.li,{children:"The ADK LlmAgent processes the task, with a before_model_callback filtering the available tools based on your scopes before invoking the LLM"}),"\n",(0,a.jsx)(t.li,{children:"As the agent executes, the SamAgentComponent translates ADK events into A2A status and artifact update messages, publishing them to the originating gateway's status topic"}),"\n",(0,a.jsx)(t.li,{children:"The gateway receives these streaming updates, performs any necessary late-stage processing (such as resolving artifact_content embeds), and forwards them to you"}),"\n",(0,a.jsx)(t.li,{children:"Upon completion, the Agent Host sends a final A2A response message to the gateway, which delivers it to you"}),"\n"]}),"\n",(0,a.jsx)(t.h3,{id:"agent-to-agent-delegation-flow",children:"Agent-to-Agent Delegation Flow"}),"\n",(0,a.jsx)(t.p,{children:"Agents can delegate subtasks to other agents while maintaining security context:"}),"\n",(0,a.jsxs)(t.ol,{children:["\n",(0,a.jsx)(t.li,{children:"Agent A, while processing a task, determines that a subtask should be delegated to Agent B"}),"\n",(0,a.jsx)(t.li,{children:"Agent A uses its PeerAgentTool to construct a new A2A task request for Agent B, propagating the original user's permission scopes to maintain the security context"}),"\n",(0,a.jsx)(t.li,{children:"The request is published to Agent B's request topic"}),"\n",(0,a.jsx)(t.li,{children:"Agent B's Host receives and processes the subtask, enforcing the propagated scopes on its own toolset"}),"\n",(0,a.jsx)(t.li,{children:"Agent B sends status updates and a final response to topics designated by Agent A"}),"\n",(0,a.jsx)(t.li,{children:"Agent A receives the results and incorporates them into its ongoing task"}),"\n"]}),"\n",(0,a.jsx)(t.h3,{id:"agent-discovery-flow",children:"Agent Discovery Flow"}),"\n",(0,a.jsx)(t.p,{children:"The system automatically discovers available agents through a publish-subscribe mechanism:"}),"\n",(0,a.jsxs)(t.ol,{children:["\n",(0,a.jsx)(t.li,{children:"On startup and periodically, each Agent Host publishes an AgentCard (a JSON document describing its agent's capabilities) to a well-known discovery topic"}),"\n",(0,a.jsx)(t.li,{children:"Gateways and other Agent Hosts subscribe to this topic"}),"\n",(0,a.jsx)(t.li,{children:"Upon receiving an AgentCard, components update their local AgentRegistry, making them aware of available agents for user selection (at gateways) or peer delegation (at agents)"}),"\n"]}),"\n",(0,a.jsx)(t.h2,{id:"a2a-protocol-and-topic-structure",children:"A2A Protocol and Topic Structure"}),"\n",(0,a.jsx)(t.p,{children:"The A2A protocol is based on JSON-RPC 2.0 and defines the message formats for all interactions between components. Communication is routed via a hierarchical topic structure on the Solace event broker, which allows for precise, point-to-point routing in a decoupled, asynchronous environment."}),"\n",(0,a.jsxs)(t.table,{children:[(0,a.jsx)(t.thead,{children:(0,a.jsxs)(t.tr,{children:[(0,a.jsx)(t.th,{children:"Purpose"}),(0,a.jsx)(t.th,{children:"Topic Pattern"})]})}),(0,a.jsxs)(t.tbody,{children:[(0,a.jsxs)(t.tr,{children:[(0,a.jsx)(t.td,{children:(0,a.jsx)(t.strong,{children:"Agent Discovery"})}),(0,a.jsx)(t.td,{children:(0,a.jsx)(t.code,{children:"{namespace}/a2a/v1/discovery/agentcards"})})]}),(0,a.jsxs)(t.tr,{children:[(0,a.jsx)(t.td,{children:(0,a.jsx)(t.strong,{children:"Task Requests"})}),(0,a.jsx)(t.td,{children:(0,a.jsx)(t.code,{children:"{namespace}/a2a/v1/agent/request/{target_agent_name}"})})]}),(0,a.jsxs)(t.tr,{children:[(0,a.jsx)(t.td,{children:(0,a.jsx)(t.strong,{children:"Status Updates"})}),(0,a.jsx)(t.td,{children:(0,a.jsx)(t.code,{children:"{namespace}/a2a/v1/gateway/status/{gateway_id}/{task_id}"})})]}),(0,a.jsxs)(t.tr,{children:[(0,a.jsx)(t.td,{children:(0,a.jsx)(t.strong,{children:"Final Responses"})}),(0,a.jsx)(t.td,{children:(0,a.jsx)(t.code,{children:"{namespace}/a2a/v1/gateway/response/{gateway_id}/{task_id}"})})]}),(0,a.jsxs)(t.tr,{children:[(0,a.jsx)(t.td,{children:(0,a.jsx)(t.strong,{children:"Peer Delegation Status"})}),(0,a.jsx)(t.td,{children:(0,a.jsx)(t.code,{children:"{namespace}/a2a/v1/agent/status/{delegating_agent_name}/{sub_task_id}"})})]}),(0,a.jsxs)(t.tr,{children:[(0,a.jsx)(t.td,{children:(0,a.jsx)(t.strong,{children:"Peer Delegation Response"})}),(0,a.jsx)(t.td,{children:(0,a.jsx)(t.code,{children:"{namespace}/a2a/v1/agent/response/{delegating_agent_name}/{sub_task_id}"})})]})]})]}),"\n",(0,a.jsxs)(t.p,{children:["For more information about the CLI tools that help you work with these components, see ",(0,a.jsx)(t.a,{href:"/solace-agent-mesh/docs/documentation/components/cli",children:"CLI"}),". To learn about extending the system with custom functionality, see ",(0,a.jsx)(t.a,{href:"/solace-agent-mesh/docs/documentation/components/plugins",children:"Plugins"}),"."]})]})}function h(e={}){const{wrapper:t}={...(0,o.R)(),...e.components};return t?(0,a.jsx)(t,{...e,children:(0,a.jsx)(d,{...e})}):d(e)}},8453:(e,t,n)=>{n.d(t,{R:()=>i,x:()=>r});var s=n(6540);const a={},o=s.createContext(a);function i(e){const t=s.useContext(o);return s.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function r(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(a):e.components||a:i(e.components),s.createElement(o.Provider,{value:t},e.children)}}}]);

solace_agent_mesh/assets/docs/assets/js/15e40e79.434bb30f.js

@@ -0,0 +1 @@
+"use strict";(self.webpackChunksolace_agenitc_mesh_docs=self.webpackChunksolace_agenitc_mesh_docs||[]).push([[6179],{5150:(e,n,s)=>{s.r(n),s.d(n,{assets:()=>l,contentTitle:()=>a,default:()=>h,frontMatter:()=>o,metadata:()=>i,toc:()=>c});const i=JSON.parse('{"id":"documentation/components/projects","title":"Projects","description":"Projects are a powerful organizational feature in Agent Mesh that enable users to group related chat sessions, manage artifacts and maintain context across multiple conversations. They provide a workspace-like environment for managing AI interactions around specific topics, tasks, or domains.","source":"@site/docs/documentation/components/projects.md","sourceDirName":"documentation/components","slug":"/documentation/components/projects","permalink":"/solace-agent-mesh/docs/documentation/components/projects","draft":false,"unlisted":false,"editUrl":"https://github.com/SolaceLabs/solace-agent-mesh/edit/main/docs/docs/documentation/components/projects.md","tags":[],"version":"current","sidebarPosition":270,"frontMatter":{"title":"Projects","sidebar_position":270},"sidebar":"docSidebar","previous":{"title":"Plugins","permalink":"/solace-agent-mesh/docs/documentation/components/plugins"},"next":{"title":"Agent Mesh CLI","permalink":"/solace-agent-mesh/docs/documentation/components/cli"}}');var t=s(4848),r=s(8453);const o={title:"Projects",sidebar_position:270},a="Projects",l={},c=[{value:"Key Features",id:"key-features",level:2},{value:"How Projects Work",id:"how-projects-work",level:2},{value:"Project Components",id:"project-components",level:2},{value:"Project Metadata",id:"project-metadata",level:3},{value:"Chat Sessions",id:"chat-sessions",level:3},{value:"Knowledge (Artifacts)",id:"knowledge-artifacts",level:3},{value:"Configuration",id:"configuration",level:2},{value:"Disabling Projects",id:"disabling-projects",level:3},{value:"Feature Flag Control",id:"feature-flag-control",level:3},{value:"Soft Delete Pattern",id:"soft-delete-pattern",level:3},{value:"Best Practices",id:"best-practices",level:2},{value:"Project Organization",id:"project-organization",level:3},{value:"Knowledge Management",id:"knowledge-management",level:3},{value:"Session Management",id:"session-management",level:3},{value:"Troubleshooting",id:"troubleshooting",level:2},{value:"Projects Not Visible",id:"projects-not-visible",level:3},{value:"API Returns 501 Error",id:"api-returns-501-error",level:3},{value:"Performance Considerations",id:"performance-considerations",level:2},{value:"Database Optimization",id:"database-optimization",level:3},{value:"Artifact Storage",id:"artifact-storage",level:3},{value:"Security",id:"security",level:2},{value:"Authorization",id:"authorization",level:3},{value:"Data Privacy",id:"data-privacy",level:3},{value:"Related Documentation",id:"related-documentation",level:2}];function d(e){const n={a:"a",admonition:"admonition",code:"code",h1:"h1",h2:"h2",h3:"h3",header:"header",li:"li",ol:"ol",p:"p",pre:"pre",strong:"strong",ul:"ul",...(0,r.R)(),...e.components};return(0,t.jsxs)(t.Fragment,{children:[(0,t.jsx)(n.header,{children:(0,t.jsx)(n.h1,{id:"projects",children:"Projects"})}),"\n",(0,t.jsx)(n.p,{children:"Projects are a powerful organizational feature in Agent Mesh that enable users to group related chat sessions, manage artifacts and maintain context across multiple conversations. They provide a workspace-like environment for managing AI interactions around specific topics, tasks, or domains."}),"\n",(0,t.jsx)(n.admonition,{title:"In one sentence",type:"tip",children:(0,t.jsx)(n.p,{children:"Projects are organizational containers that group related chat sessions and knowledge artifacts together, enabling better context management and collaboration across multiple AI conversations."})}),"\n",(0,t.jsx)(n.h2,{id:"key-features",children:"Key Features"}),"\n",(0,t.jsxs)(n.ol,{children:["\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsxs)(n.p,{children:[(0,t.jsx)(n.strong,{children:"Session Organization"}),": Group related chat sessions under a single project for better organization and context management."]}),"\n"]}),"\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsxs)(n.p,{children:[(0,t.jsx)(n.strong,{children:"Knowledge Management"}),": Store and manage files, documents, and other artifacts that can be referenced across all sessions within a project."]}),"\n"]}),"\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsxs)(n.p,{children:[(0,t.jsx)(n.strong,{children:"Custom Instructions"}),": Define project-specific instructions (system prompt) that apply to all chat sessions within the project, ensuring consistent AI behavior."]}),"\n"]}),"\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsxs)(n.p,{children:[(0,t.jsx)(n.strong,{children:"Default Agent Configuration"}),": Set a default agent for the project, streamlining the chat creation process."]}),"\n"]}),"\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsxs)(n.p,{children:[(0,t.jsx)(n.strong,{children:"Soft Delete"}),": Projects and sessions can be safely deleted with the ability to recover them if needed (logical delete)."]}),"\n"]}),"\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsxs)(n.p,{children:[(0,t.jsx)(n.strong,{children:"Search Capabilities"}),": Search chat titles within a project or across all projects to quickly find relevant conversations."]}),"\n"]}),"\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsxs)(n.p,{children:[(0,t.jsx)(n.strong,{children:"Session Mobility"}),": Move chat sessions between projects to reorganize your work as needs evolve."]}),"\n"]}),"\n"]}),"\n",(0,t.jsx)(n.h2,{id:"how-projects-work",children:"How Projects Work"}),"\n",(0,t.jsx)(n.p,{children:"Projects provide a hierarchical structure for organizing your AI interactions. Each project contains:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Project Metadata"}),": Name, description, system prompt, and default agent configuration"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Chat Sessions"}),": Multiple conversation threads that inherit project settings"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Project Knowledge"}),": Files and documents accessible across all sessions"]}),"\n"]}),"\n",(0,t.jsx)(n.h2,{id:"project-components",children:"Project Components"}),"\n",(0,t.jsx)(n.h3,{id:"project-metadata",children:"Project Metadata"}),"\n",(0,t.jsx)(n.p,{children:"Each project contains the following metadata:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Name"}),": A descriptive name for the project (required)"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Description"}),": Optional detailed description of the project's purpose"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"System Prompt"}),": Custom instructions that apply to all chat sessions in the project"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Default Agent"}),": The agent that will be used by default for new sessions in this project"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Created/Updated Timestamps"}),": Automatic tracking of project creation and modification times"]}),"\n"]}),"\n",(0,t.jsx)(n.h3,{id:"chat-sessions",children:"Chat Sessions"}),"\n",(0,t.jsx)(n.p,{children:"Projects can contain multiple chat sessions, each representing a separate conversation thread. Sessions within a project:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsx)(n.li,{children:"Inherit the project's instructions (if defined)"}),"\n",(0,t.jsx)(n.li,{children:"Use the project's default agent (if specified)"}),"\n",(0,t.jsx)(n.li,{children:"Can access project-level artifacts"}),"\n",(0,t.jsx)(n.li,{children:"Can be moved between projects"}),"\n",(0,t.jsx)(n.li,{children:"Can be searched and filtered"}),"\n"]}),"\n",(0,t.jsx)(n.h3,{id:"knowledge-artifacts",children:"Knowledge (Artifacts)"}),"\n",(0,t.jsx)(n.p,{children:"Projects support two types of knowledge artifacts:"}),"\n",(0,t.jsxs)(n.ol,{children:["\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Project-Level Knowledge"}),': Files attached to the project itself (shown in the "Knowledge" section), accessible by all sessions']}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Session-Level Artifacts"}),": Files attached to specific chat sessions within the project"]}),"\n"]}),"\n",(0,t.jsx)(n.p,{children:"Knowledge artifacts can include:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsx)(n.li,{children:"Documents (PDF, DOCX, TXT, MD)"}),"\n",(0,t.jsx)(n.li,{children:"Images (PNG, JPG, GIF)"}),"\n",(0,t.jsx)(n.li,{children:"Code files"}),"\n",(0,t.jsx)(n.li,{children:"Data files (JSON, CSV, YAML)"}),"\n",(0,t.jsx)(n.li,{children:"Any other file type supported by the system"}),"\n"]}),"\n",(0,t.jsx)(n.h2,{id:"configuration",children:"Configuration"}),"\n",(0,t.jsx)(n.h3,{id:"disabling-projects",children:"Disabling Projects"}),"\n",(0,t.jsxs)(n.p,{children:["Projects require SQL database persistence to function. Configure persistence in your ",(0,t.jsx)(n.code,{children:"shared_config.yaml"}),":"]}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:'session_service:\n  type: sql\n  database_url: "sqlite:///./data/sessions.db"\n'})}),"\n",(0,t.jsx)(n.p,{children:"Projects are enabled by default when persistence is configured. To disable the feature:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:"# Disable projects explicitly\nprojects:\n  enabled: false\n"})}),"\n",(0,t.jsx)(n.h3,{id:"feature-flag-control",children:"Feature Flag Control"}),"\n",(0,t.jsx)(n.p,{children:"You can also control projects via feature flags:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:"frontend_feature_enablement:\n  projects: false  # Disable projects\n  taskLogging: true\n"})}),"\n",(0,t.jsxs)(n.admonition,{title:"Configuration Priority",type:"note",children:[(0,t.jsx)(n.p,{children:"The feature flag resolution follows this priority:"}),(0,t.jsxs)(n.ol,{children:["\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Persistence Check"}),": If persistence is disabled, projects are disabled (non-negotiable)"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Explicit Config"}),": ",(0,t.jsx)(n.code,{children:"projects.enabled"})," setting"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Feature Flag"}),": ",(0,t.jsx)(n.code,{children:"frontend_feature_enablement.projects"})," setting"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Default"}),": Enabled (if persistence is enabled and no explicit disable)"]}),"\n"]})]}),"\n",(0,t.jsx)(n.h3,{id:"soft-delete-pattern",children:"Soft Delete Pattern"}),"\n",(0,t.jsx)(n.p,{children:"Projects and sessions use a soft delete pattern for data preservation:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsxs)(n.li,{children:["Deleted items are marked with ",(0,t.jsx)(n.code,{children:"deleted_at"})," timestamp"]}),"\n",(0,t.jsx)(n.li,{children:"Deleted items are automatically filtered from queries"}),"\n",(0,t.jsx)(n.li,{children:"Data remains in database for audit trails"}),"\n",(0,t.jsx)(n.li,{children:"Can be recovered if needed"}),"\n"]}),"\n",(0,t.jsx)(n.h2,{id:"best-practices",children:"Best Practices"}),"\n",(0,t.jsx)(n.h3,{id:"project-organization",children:"Project Organization"}),"\n",(0,t.jsxs)(n.ol,{children:["\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Use Descriptive Names"}),": Give projects clear, descriptive names that reflect their purpose"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Define Instructions"}),": Set project-specific instructions (system prompts) to ensure consistent AI behavior"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Organize by Topic"}),": Group related conversations under the same project"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Regular Cleanup"}),": Periodically review and delete unused projects"]}),"\n"]}),"\n",(0,t.jsx)(n.h3,{id:"knowledge-management",children:"Knowledge Management"}),"\n",(0,t.jsxs)(n.ol,{children:["\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Upload Relevant Files"}),": Only upload files that are relevant to the project in the Knowledge section"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Use Metadata"}),": Add descriptions to knowledge artifacts for better organization"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"File Naming"}),": Use clear, descriptive filenames"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Size Considerations"}),": Be mindful of file sizes for performance"]}),"\n"]}),"\n",(0,t.jsx)(n.h3,{id:"session-management",children:"Session Management"}),"\n",(0,t.jsxs)(n.ol,{children:["\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Move Sessions"}),": Reorganize sessions between projects as needs evolve"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Use Search"}),": Leverage search to find relevant conversations quickly"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Delete Unused Sessions"}),": Clean up old or irrelevant sessions"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Consistent Naming"}),": Use clear session names for easier searching"]}),"\n"]}),"\n",(0,t.jsx)(n.h2,{id:"troubleshooting",children:"Troubleshooting"}),"\n",(0,t.jsx)(n.h3,{id:"projects-not-visible",children:"Projects Not Visible"}),"\n",(0,t.jsx)(n.p,{children:"If projects are not showing up in the UI:"}),"\n",(0,t.jsxs)(n.ol,{children:["\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsxs)(n.p,{children:[(0,t.jsx)(n.strong,{children:"Check Persistence Configuration"}),":"]}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:"session_service:\n  type: sql  # Must be 'sql', not 'memory'\n"})}),"\n"]}),"\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsxs)(n.p,{children:[(0,t.jsx)(n.strong,{children:"Check if Projects are Explicitly Disabled"}),":"]}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:"projects:\n  enabled: false  # Remove this line or set to true\n"})}),"\n"]}),"\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsxs)(n.p,{children:[(0,t.jsx)(n.strong,{children:"Check Feature Flags"}),":"]}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:"frontend_feature_enablement:\n  projects: true  # Should be true or omitted\n"})}),"\n"]}),"\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsxs)(n.p,{children:[(0,t.jsx)(n.strong,{children:"Verify Config Endpoint"}),":"]}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-bash",children:"curl http://localhost:8000/api/v1/config | jq '.frontend_feature_enablement.projects'\n"})}),"\n"]}),"\n"]}),"\n",(0,t.jsx)(n.h3,{id:"api-returns-501-error",children:"API Returns 501 Error"}),"\n",(0,t.jsx)(n.p,{children:"When project endpoints return 501 Not Implemented:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Persistence disabled"}),": Configure ",(0,t.jsx)(n.code,{children:"session_service.type: sql"})]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Explicitly disabled"}),": Remove ",(0,t.jsx)(n.code,{children:"projects.enabled: false"})," or set to ",(0,t.jsx)(n.code,{children:"true"})]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Feature flag disabled"}),": Set ",(0,t.jsx)(n.code,{children:"frontend_feature_enablement.projects: true"})]}),"\n"]}),"\n",(0,t.jsx)(n.h2,{id:"performance-considerations",children:"Performance Considerations"}),"\n",(0,t.jsx)(n.h3,{id:"database-optimization",children:"Database Optimization"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Indexes"}),": Projects use indexes on ",(0,t.jsx)(n.code,{children:"user_id"}),", ",(0,t.jsx)(n.code,{children:"deleted_at"}),", and search columns"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Eager Loading"}),": Related data is loaded efficiently to prevent N+1 queries"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Pagination"}),": Search results are paginated to handle large datasets"]}),"\n"]}),"\n",(0,t.jsx)(n.h3,{id:"artifact-storage",children:"Artifact Storage"}),"\n",(0,t.jsxs)(n.p,{children:["Project artifacts use the configured artifact store. See ",(0,t.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/installing-and-configuring/configurations#artifact-service",children:"Configurations - Artifact Service"})," for more details."]}),"\n",(0,t.jsx)(n.h2,{id:"security",children:"Security"}),"\n",(0,t.jsx)(n.h3,{id:"authorization",children:"Authorization"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsx)(n.li,{children:"All project operations validate user ownership"}),"\n",(0,t.jsx)(n.li,{children:"Sessions can only be moved to projects owned by the user"}),"\n",(0,t.jsx)(n.li,{children:"Knowledge artifacts are scoped to user and project/session context"}),"\n"]}),"\n",(0,t.jsx)(n.h3,{id:"data-privacy",children:"Data Privacy"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsx)(n.li,{children:"Soft-deleted data remains in database (consider retention policies)"}),"\n",(0,t.jsx)(n.li,{children:"User ID tracked for all operations"}),"\n",(0,t.jsx)(n.li,{children:"Consider implementing hard delete for GDPR compliance"}),"\n"]}),"\n",(0,t.jsx)(n.h2,{id:"related-documentation",children:"Related Documentation"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/components/gateways",children:"Gateways"})," - Learn about gateway configuration"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/components/agents",children:"Agents"})," - Configure agents for your projects"]}),"\n"]})]})}function h(e={}){const{wrapper:n}={...(0,r.R)(),...e.components};return n?(0,t.jsx)(n,{...e,children:(0,t.jsx)(d,{...e})}):d(e)}},8453:(e,n,s)=>{s.d(n,{R:()=>o,x:()=>a});var i=s(6540);const t={},r=i.createContext(t);function o(e){const n=i.useContext(r);return i.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function a(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(t):e.components||t:o(e.components),i.createElement(r.Provider,{value:n},e.children)}}}]);

solace_agent_mesh/assets/docs/assets/js/17896441.e612dfb4.js

@@ -0,0 +1 @@
+(self.webpackChunksolace_agenitc_mesh_docs=self.webpackChunksolace_agenitc_mesh_docs||[]).push([[8401],{1142:(e,t,n)=>{"use strict";n.r(t),n.d(t,{default:()=>Un});var s=n(6540),a=n(5500),i=n(9532),r=n(4848);const o=s.createContext(null);function c({children:e,content:t}){const n=function(e){return(0,s.useMemo)((()=>({metadata:e.metadata,frontMatter:e.frontMatter,assets:e.assets,contentTitle:e.contentTitle,toc:e.toc})),[e])}(t);return(0,r.jsx)(o.Provider,{value:n,children:e})}function l(){const e=(0,s.useContext)(o);if(null===e)throw new i.dV("DocProvider");return e}function d(){const{metadata:e,frontMatter:t,assets:n}=l();return(0,r.jsx)(a.be,{title:e.title,description:e.description,keywords:t.keywords,image:n.image??t.image})}var u=n(4164),m=n(4581),h=n(1312),f=n(8774);function p(e){const{permalink:t,title:n,subLabel:s,isNext:a}=e;return(0,r.jsxs)(f.A,{className:(0,u.A)("pagination-nav__link",a?"pagination-nav__link--next":"pagination-nav__link--prev"),to:t,children:[s&&(0,r.jsx)("div",{className:"pagination-nav__sublabel",children:s}),(0,r.jsx)("div",{className:"pagination-nav__label",children:n})]})}function x(e){const{className:t,previous:n,next:s}=e;return(0,r.jsxs)("nav",{className:(0,u.A)(t,"pagination-nav"),"aria-label":(0,h.T)({id:"theme.docs.paginator.navAriaLabel",message:"Docs pages",description:"The ARIA label for the docs pagination"}),children:[n&&(0,r.jsx)(p,{...n,subLabel:(0,r.jsx)(h.A,{id:"theme.docs.paginator.previous",description:"The label used to navigate to the previous doc",children:"Previous"})}),s&&(0,r.jsx)(p,{...s,subLabel:(0,r.jsx)(h.A,{id:"theme.docs.paginator.next",description:"The label used to navigate to the next doc",children:"Next"}),isNext:!0})]})}function g(){const{metadata:e}=l();return(0,r.jsx)(x,{className:"docusaurus-mt-lg",previous:e.previous,next:e.next})}var b=n(4586),j=n(8295),v=n(7559),N=n(3886),A=n(3025);const C={unreleased:function({siteTitle:e,versionMetadata:t}){return(0,r.jsx)(h.A,{id:"theme.docs.versions.unreleasedVersionLabel",description:"The label used to tell the user that he's browsing an unreleased doc version",values:{siteTitle:e,versionLabel:(0,r.jsx)("b",{children:t.label})},children:"This is unreleased documentation for {siteTitle} {versionLabel} version."})},unmaintained:function({siteTitle:e,versionMetadata:t}){return(0,r.jsx)(h.A,{id:"theme.docs.versions.unmaintainedVersionLabel",description:"The label used to tell the user that he's browsing an unmaintained doc version",values:{siteTitle:e,versionLabel:(0,r.jsx)("b",{children:t.label})},children:"This is documentation for {siteTitle} {versionLabel}, which is no longer actively maintained."})}};function y(e){const t=C[e.versionMetadata.banner];return(0,r.jsx)(t,{...e})}function L({versionLabel:e,to:t,onClick:n}){return(0,r.jsx)(h.A,{id:"theme.docs.versions.latestVersionSuggestionLabel",description:"The label used to tell the user to check the latest version",values:{versionLabel:e,latestVersionLink:(0,r.jsx)("b",{children:(0,r.jsx)(f.A,{to:t,onClick:n,children:(0,r.jsx)(h.A,{id:"theme.docs.versions.latestVersionLinkLabel",description:"The label used for the latest version suggestion link label",children:"latest version"})})})},children:"For up-to-date documentation, see the {latestVersionLink} ({versionLabel})."})}function k({className:e,versionMetadata:t}){const{siteConfig:{title:n}}=(0,b.A)(),{pluginId:s}=(0,j.vT)({failfast:!0}),{savePreferredVersionName:a}=(0,N.g1)(s),{latestDocSuggestion:i,latestVersionSuggestion:o}=(0,j.HW)(s),c=i??(l=o).docs.find((e=>e.id===l.mainDocId));var l;return(0,r.jsxs)("div",{className:(0,u.A)(e,v.G.docs.docVersionBanner,"alert alert--warning margin-bottom--md"),role:"alert",children:[(0,r.jsx)("div",{children:(0,r.jsx)(y,{siteTitle:n,versionMetadata:t})}),(0,r.jsx)("div",{className:"margin-top--md",children:(0,r.jsx)(L,{versionLabel:o.label,to:c.path,onClick:()=>a(o.name)})})]})}function _({className:e}){const t=(0,A.r)();return t.banner?(0,r.jsx)(k,{className:e,versionMetadata:t}):null}function w({className:e}){const t=(0,A.r)();return t.badge?(0,r.jsx)("span",{className:(0,u.A)(e,v.G.docs.docVersionBadge,"badge badge--secondary"),children:(0,r.jsx)(h.A,{id:"theme.docs.versionBadge.label",values:{versionLabel:t.label},children:"Version: {versionLabel}"})}):null}const T={tag:"tag_zVej",tagRegular:"tagRegular_sFm0",tagWithCount:"tagWithCount_h2kH"};function B({permalink:e,label:t,count:n,description:s}){return(0,r.jsxs)(f.A,{rel:"tag",href:e,title:s,className:(0,u.A)(T.tag,n?T.tagWithCount:T.tagRegular),children:[t,n&&(0,r.jsx)("span",{children:n})]})}const M={tags:"tags_jXut",tag:"tag_QGVx"};function H({tags:e}){return(0,r.jsxs)(r.Fragment,{children:[(0,r.jsx)("b",{children:(0,r.jsx)(h.A,{id:"theme.tags.tagsListLabel",description:"The label alongside a tag list",children:"Tags:"})}),(0,r.jsx)("ul",{className:(0,u.A)(M.tags,"padding--none","margin-left--sm"),children:e.map((e=>(0,r.jsx)("li",{className:M.tag,children:(0,r.jsx)(B,{...e})},e.permalink)))})]})}const E={iconEdit:"iconEdit_Z9Sw"};function I({className:e,...t}){return(0,r.jsx)("svg",{fill:"currentColor",height:"20",width:"20",viewBox:"0 0 40 40",className:(0,u.A)(E.iconEdit,e),"aria-hidden":"true",...t,children:(0,r.jsx)("g",{children:(0,r.jsx)("path",{d:"m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"})})})}function S({editUrl:e}){return(0,r.jsxs)(f.A,{to:e,className:v.G.common.editThisPage,children:[(0,r.jsx)(I,{}),(0,r.jsx)(h.A,{id:"theme.common.editThisPage",description:"The link label to edit the current page",children:"Edit this page"})]})}function V(e={}){const{i18n:{currentLocale:t}}=(0,b.A)(),n=function(){const{i18n:{currentLocale:e,localeConfigs:t}}=(0,b.A)();return t[e].calendar}();return new Intl.DateTimeFormat(t,{calendar:n,...e})}function U({lastUpdatedAt:e}){const t=new Date(e),n=V({day:"numeric",month:"short",year:"numeric",timeZone:"UTC"}).format(t);return(0,r.jsx)(h.A,{id:"theme.lastUpdated.atDate",description:"The words used to describe on which date a page has been last updated",values:{date:(0,r.jsx)("b",{children:(0,r.jsx)("time",{dateTime:t.toISOString(),itemProp:"dateModified",children:n})})},children:" on {date}"})}function R({lastUpdatedBy:e}){return(0,r.jsx)(h.A,{id:"theme.lastUpdated.byUser",description:"The words used to describe by who the page has been last updated",values:{user:(0,r.jsx)("b",{children:e})},children:" by {user}"})}function z({lastUpdatedAt:e,lastUpdatedBy:t}){return(0,r.jsxs)("span",{className:v.G.common.lastUpdated,children:[(0,r.jsx)(h.A,{id:"theme.lastUpdated.lastUpdatedAtBy",description:"The sentence used to display when a page has been last updated, and by who",values:{atDate:e?(0,r.jsx)(U,{lastUpdatedAt:e}):"",byUser:t?(0,r.jsx)(R,{lastUpdatedBy:t}):""},children:"Last updated{atDate}{byUser}"}),!1]})}const O={lastUpdated:"lastUpdated_JAkA",noPrint:"noPrint_WFHX"};function P({className:e,editUrl:t,lastUpdatedAt:n,lastUpdatedBy:s}){return(0,r.jsxs)("div",{className:(0,u.A)("row",e),children:[(0,r.jsx)("div",{className:(0,u.A)("col",O.noPrint),children:t&&(0,r.jsx)(S,{editUrl:t})}),(0,r.jsx)("div",{className:(0,u.A)("col",O.lastUpdated),children:(n||s)&&(0,r.jsx)(z,{lastUpdatedAt:n,lastUpdatedBy:s})})]})}function $(){const{metadata:e}=l(),{editUrl:t,lastUpdatedAt:n,lastUpdatedBy:s,tags:a}=e,i=a.length>0,o=!!(t||n||s);return i||o?(0,r.jsxs)("footer",{className:(0,u.A)(v.G.docs.docFooter,"docusaurus-mt-lg"),children:[i&&(0,r.jsx)("div",{className:(0,u.A)("row margin-top--sm",v.G.docs.docFooterTagsRow),children:(0,r.jsx)("div",{className:"col",children:(0,r.jsx)(H,{tags:a})})}),o&&(0,r.jsx)(P,{className:(0,u.A)("margin-top--sm",v.G.docs.docFooterEditMetaRow),editUrl:t,lastUpdatedAt:n,lastUpdatedBy:s})]}):null}var D=n(1422),F=n(6342);function G(e){const t=e.map((e=>({...e,parentIndex:-1,children:[]}))),n=Array(7).fill(-1);t.forEach(((e,t)=>{const s=n.slice(2,e.level);e.parentIndex=Math.max(...s),n[e.level]=t}));const s=[];return t.forEach((e=>{const{parentIndex:n,...a}=e;n>=0?t[n].children.push(a):s.push(a)})),s}function W({toc:e,minHeadingLevel:t,maxHeadingLevel:n}){return e.flatMap((e=>{const s=W({toc:e.children,minHeadingLevel:t,maxHeadingLevel:n});return function(e){return e.level>=t&&e.level<=n}(e)?[{...e,children:s}]:s}))}function q(e){const t=e.getBoundingClientRect();return t.top===t.bottom?q(e.parentNode):t}function J(e,{anchorTopOffset:t}){const n=e.find((e=>q(e).top>=t));if(n){return function(e){return e.top>0&&e.bottom<window.innerHeight/2}(q(n))?n:e[e.indexOf(n)-1]??null}return e[e.length-1]??null}function Z(){const e=(0,s.useRef)(0),{navbar:{hideOnScroll:t}}=(0,F.p)();return(0,s.useEffect)((()=>{e.current=t?0:document.querySelector(".navbar").clientHeight}),[t]),e}function X(e){const t=(0,s.useRef)(void 0),n=Z();(0,s.useEffect)((()=>{if(!e)return()=>{};const{linkClassName:s,linkActiveClassName:a,minHeadingLevel:i,maxHeadingLevel:r}=e;function o(){const e=function(e){return Array.from(document.getElementsByClassName(e))}(s),o=function({minHeadingLevel:e,maxHeadingLevel:t}){const n=[];for(let s=e;s<=t;s+=1)n.push(`h${s}.anchor`);return Array.from(document.querySelectorAll(n.join()))}({minHeadingLevel:i,maxHeadingLevel:r}),c=J(o,{anchorTopOffset:n.current}),l=e.find((e=>c&&c.id===function(e){return decodeURIComponent(e.href.substring(e.href.indexOf("#")+1))}(e)));e.forEach((e=>{!function(e,n){n?(t.current&&t.current!==e&&t.current.classList.remove(a),e.classList.add(a),t.current=e):e.classList.remove(a)}(e,e===l)}))}return document.addEventListener("scroll",o),document.addEventListener("resize",o),o(),()=>{document.removeEventListener("scroll",o),document.removeEventListener("resize",o)}}),[e,n])}function Y({toc:e,className:t,linkClassName:n,isChild:s}){return e.length?(0,r.jsx)("ul",{className:s?void 0:t,children:e.map((e=>(0,r.jsxs)("li",{children:[(0,r.jsx)(f.A,{to:`#${e.id}`,className:n??void 0,dangerouslySetInnerHTML:{__html:e.value}}),(0,r.jsx)(Y,{isChild:!0,toc:e.children,className:t,linkClassName:n})]},e.id)))}):null}const Q=s.memo(Y);function K({toc:e,className:t="table-of-contents table-of-contents__left-border",linkClassName:n="table-of-contents__link",linkActiveClassName:a,minHeadingLevel:i,maxHeadingLevel:o,...c}){const l=(0,F.p)(),d=i??l.tableOfContents.minHeadingLevel,u=o??l.tableOfContents.maxHeadingLevel,m=function({toc:e,minHeadingLevel:t,maxHeadingLevel:n}){return(0,s.useMemo)((()=>W({toc:G(e),minHeadingLevel:t,maxHeadingLevel:n})),[e,t,n])}({toc:e,minHeadingLevel:d,maxHeadingLevel:u});return X((0,s.useMemo)((()=>{if(n&&a)return{linkClassName:n,linkActiveClassName:a,minHeadingLevel:d,maxHeadingLevel:u}}),[n,a,d,u])),(0,r.jsx)(Q,{toc:m,className:t,linkClassName:n,...c})}const ee={tocCollapsibleButton:"tocCollapsibleButton_TO0P",tocCollapsibleButtonExpanded:"tocCollapsibleButtonExpanded_MG3E"};function te({collapsed:e,...t}){return(0,r.jsx)("button",{type:"button",...t,className:(0,u.A)("clean-btn",ee.tocCollapsibleButton,!e&&ee.tocCollapsibleButtonExpanded,t.className),children:(0,r.jsx)(h.A,{id:"theme.TOCCollapsible.toggleButtonLabel",description:"The label used by the button on the collapsible TOC component",children:"On this page"})})}const ne={tocCollapsible:"tocCollapsible_ETCw",tocCollapsibleContent:"tocCollapsibleContent_vkbj",tocCollapsibleExpanded:"tocCollapsibleExpanded_sAul"};function se({toc:e,className:t,minHeadingLevel:n,maxHeadingLevel:s}){const{collapsed:a,toggleCollapsed:i}=(0,D.u)({initialState:!0});return(0,r.jsxs)("div",{className:(0,u.A)(ne.tocCollapsible,!a&&ne.tocCollapsibleExpanded,t),children:[(0,r.jsx)(te,{collapsed:a,onClick:i}),(0,r.jsx)(D.N,{lazy:!0,className:ne.tocCollapsibleContent,collapsed:a,children:(0,r.jsx)(K,{toc:e,minHeadingLevel:n,maxHeadingLevel:s})})]})}const ae={tocMobile:"tocMobile_ITEo"};function ie(){const{toc:e,frontMatter:t}=l();return(0,r.jsx)(se,{toc:e,minHeadingLevel:t.toc_min_heading_level,maxHeadingLevel:t.toc_max_heading_level,className:(0,u.A)(v.G.docs.docTocMobile,ae.tocMobile)})}const re={tableOfContents:"tableOfContents_bqdL",docItemContainer:"docItemContainer_F8PC"},oe="table-of-contents__link toc-highlight",ce="table-of-contents__link--active";function le({className:e,...t}){return(0,r.jsx)("div",{className:(0,u.A)(re.tableOfContents,"thin-scrollbar",e),children:(0,r.jsx)(K,{...t,linkClassName:oe,linkActiveClassName:ce})})}function de(){const{toc:e,frontMatter:t}=l();return(0,r.jsx)(le,{toc:e,minHeadingLevel:t.toc_min_heading_level,maxHeadingLevel:t.toc_max_heading_level,className:v.G.docs.docTocDesktop})}var ue=n(1107),me=n(8453),he=n(5260),fe=n(2303),pe=n(5293);function xe(){const{prism:e}=(0,F.p)(),{colorMode:t}=(0,pe.G)(),n=e.theme,s=e.darkTheme||n;return"dark"===t?s:n}var ge=n(8426),be=n.n(ge);const je=/title=(?<quote>["'])(?<title>.*?)\1/,ve=/\{(?<range>[\d,-]+)\}/,Ne={js:{start:"\\/\\/",end:""},jsBlock:{start:"\\/\\*",end:"\\*\\/"},jsx:{start:"\\{\\s*\\/\\*",end:"\\*\\/\\s*\\}"},bash:{start:"#",end:""},html:{start:"\x3c!--",end:"--\x3e"}},Ae={...Ne,lua:{start:"--",end:""},wasm:{start:"\\;\\;",end:""},tex:{start:"%",end:""},vb:{start:"['\u2018\u2019]",end:""},vbnet:{start:"(?:_\\s*)?['\u2018\u2019]",end:""},rem:{start:"[Rr][Ee][Mm]\\b",end:""},f90:{start:"!",end:""},ml:{start:"\\(\\*",end:"\\*\\)"},cobol:{start:"\\*>",end:""}},Ce=Object.keys(Ne);function ye(e,t){const n=e.map((e=>{const{start:n,end:s}=Ae[e];return`(?:${n}\\s*(${t.flatMap((e=>[e.line,e.block?.start,e.block?.end].filter(Boolean))).join("|")})\\s*${s})`})).join("|");return new RegExp(`^\\s*(?:${n})\\s*$`)}function Le({showLineNumbers:e,metastring:t}){return"boolean"==typeof e?e?1:void 0:"number"==typeof e?e:function(e){const t=e?.split(" ").find((e=>e.startsWith("showLineNumbers")));if(t){if(t.startsWith("showLineNumbers=")){const e=t.replace("showLineNumbers=","");return parseInt(e,10)}return 1}}(t)}function ke(e,t){const{language:n,magicComments:s}=t;if(void 0===n)return{lineClassNames:{},code:e};const a=function(e,t){switch(e){case"js":case"javascript":case"ts":case"typescript":return ye(["js","jsBlock"],t);case"jsx":case"tsx":return ye(["js","jsBlock","jsx"],t);case"html":return ye(["js","jsBlock","html"],t);case"python":case"py":case"bash":return ye(["bash"],t);case"markdown":case"md":return ye(["html","jsx","bash"],t);case"tex":case"latex":case"matlab":return ye(["tex"],t);case"lua":case"haskell":return ye(["lua"],t);case"sql":return ye(["lua","jsBlock"],t);case"wasm":return ye(["wasm"],t);case"vb":case"vba":case"visual-basic":return ye(["vb","rem"],t);case"vbnet":return ye(["vbnet","rem"],t);case"batch":return ye(["rem"],t);case"basic":return ye(["rem","f90"],t);case"fsharp":return ye(["js","ml"],t);case"ocaml":case"sml":return ye(["ml"],t);case"fortran":return ye(["f90"],t);case"cobol":return ye(["cobol"],t);default:return ye(Ce,t)}}(n,s),i=e.split(/\r?\n/),r=Object.fromEntries(s.map((e=>[e.className,{start:0,range:""}]))),o=Object.fromEntries(s.filter((e=>e.line)).map((({className:e,line:t})=>[t,e]))),c=Object.fromEntries(s.filter((e=>e.block)).map((({className:e,block:t})=>[t.start,e]))),l=Object.fromEntries(s.filter((e=>e.block)).map((({className:e,block:t})=>[t.end,e])));for(let u=0;u<i.length;){const e=i[u].match(a);if(!e){u+=1;continue}const t=e.slice(1).find((e=>void 0!==e));o[t]?r[o[t]].range+=`${u},`:c[t]?r[c[t]].start=u:l[t]&&(r[l[t]].range+=`${r[l[t]].start}-${u-1},`),i.splice(u,1)}const d={};return Object.entries(r).forEach((([e,{range:t}])=>{be()(t).forEach((t=>{d[t]??=[],d[t].push(e)}))})),{code:i.join("\n"),lineClassNames:d}}function _e(e,t){const n=e.replace(/\r?\n$/,"");return function(e,{metastring:t,magicComments:n}){if(t&&ve.test(t)){const s=t.match(ve).groups.range;if(0===n.length)throw new Error(`A highlight range has been given in code block's metastring (\`\`\` ${t}), but no magic comment config is available. Docusaurus applies the first magic comment entry's className for metastring ranges.`);const a=n[0].className,i=be()(s).filter((e=>e>0)).map((e=>[e-1,[a]]));return{lineClassNames:Object.fromEntries(i),code:e}}return null}(n,{...t})??ke(n,{...t})}function we(e){const t=function(e){return t=e.language??function(e){if(!e)return;const t=e.split(" ").find((e=>e.startsWith("language-")));return t?.replace(/language-/,"")}(e.className)??e.defaultLanguage,t?.toLowerCase()??"text";var t}({language:e.language,defaultLanguage:e.defaultLanguage,className:e.className}),{lineClassNames:n,code:s}=_e(e.code,{metastring:e.metastring,magicComments:e.magicComments,language:t}),a=function({className:e,language:t}){return(0,u.A)(e,t&&!e?.includes(`language-${t}`)&&`language-${t}`)}({className:e.className,language:t}),i=(r=e.metastring,(r?.match(je)?.groups.title??"")||e.title);var r;const o=Le({showLineNumbers:e.showLineNumbers,metastring:e.metastring});return{codeInput:e.code,code:s,className:a,language:t,title:i,lineNumbersStart:o,lineClassNames:n}}const Te=(0,s.createContext)(null);function Be({metadata:e,wordWrap:t,children:n}){const a=(0,s.useMemo)((()=>({metadata:e,wordWrap:t})),[e,t]);return(0,r.jsx)(Te.Provider,{value:a,children:n})}function Me(){const e=(0,s.useContext)(Te);if(null===e)throw new i.dV("CodeBlockContextProvider");return e}const He="codeBlockContainer_Ckt0";function Ee({as:e,...t}){const n=function(e){const t={color:"--prism-color",backgroundColor:"--prism-background-color"},n={};return Object.entries(e.plain).forEach((([e,s])=>{const a=t[e];a&&"string"==typeof s&&(n[a]=s)})),n}(xe());return(0,r.jsx)(e,{...t,style:n,className:(0,u.A)(t.className,He,v.G.common.codeBlock)})}const Ie="codeBlock_bY9V",Se="codeBlockStandalone_MEMb",Ve="codeBlockLines_e6Vv",Ue="codeBlockLinesWithNumbering_o6Pm";function Re({children:e,className:t}){return(0,r.jsx)(Ee,{as:"pre",tabIndex:0,className:(0,u.A)(Se,"thin-scrollbar",t),children:(0,r.jsx)("code",{className:Ve,children:e})})}const ze={attributes:!0,characterData:!0,childList:!0,subtree:!0};function Oe(e,t){const[n,a]=(0,s.useState)(),r=(0,s.useCallback)((()=>{a(e.current?.closest("[role=tabpanel][hidden]"))}),[e,a]);(0,s.useEffect)((()=>{r()}),[r]),function(e,t,n=ze){const a=(0,i._q)(t),r=(0,i.Be)(n);(0,s.useEffect)((()=>{const t=new MutationObserver(a);return e&&t.observe(e,r),()=>t.disconnect()}),[e,a,r])}(n,(e=>{e.forEach((e=>{"attributes"===e.type&&"hidden"===e.attributeName&&(t(),r())}))}),{attributes:!0,characterData:!1,childList:!1,subtree:!1})}function Pe({children:e}){return e}var $e=n(1765);function De({line:e,token:t,...n}){return(0,r.jsx)("span",{...n})}const Fe="codeLine_lJS_",Ge="codeLineNumber_Tfdd",We="codeLineContent_feaV";function qe({line:e,classNames:t,showLineNumbers:n,getLineProps:s,getTokenProps:a}){const i=function(e){const t=1===e.length&&"\n"===e[0].content?e[0]:void 0;return t?[{...t,content:""}]:e}(e),o=s({line:i,className:(0,u.A)(t,n&&Fe)}),c=i.map(((e,t)=>{const n=a({token:e});return(0,r.jsx)(De,{...n,line:i,token:e,children:n.children},t)}));return(0,r.jsxs)("span",{...o,children:[n?(0,r.jsxs)(r.Fragment,{children:[(0,r.jsx)("span",{className:Ge}),(0,r.jsx)("span",{className:We,children:c})]}):c,(0,r.jsx)("br",{})]})}const Je=s.forwardRef(((e,t)=>(0,r.jsx)("pre",{ref:t,tabIndex:0,...e,className:(0,u.A)(e.className,Ie,"thin-scrollbar")})));function Ze(e){const{metadata:t}=Me();return(0,r.jsx)("code",{...e,className:(0,u.A)(e.className,Ve,void 0!==t.lineNumbersStart&&Ue),style:{...e.style,counterReset:void 0===t.lineNumbersStart?void 0:"line-count "+(t.lineNumbersStart-1)}})}function Xe({className:e}){const{metadata:t,wordWrap:n}=Me(),s=xe(),{code:a,language:i,lineNumbersStart:o,lineClassNames:c}=t;return(0,r.jsx)($e.f4,{theme:s,code:a,language:i,children:({className:t,style:s,tokens:a,getLineProps:i,getTokenProps:l})=>(0,r.jsx)(Je,{ref:n.codeBlockRef,className:(0,u.A)(e,t),style:s,children:(0,r.jsx)(Ze,{children:a.map(((e,t)=>(0,r.jsx)(qe,{line:e,getLineProps:i,getTokenProps:l,classNames:c[t],showLineNumbers:void 0!==o},t)))})})})}function Ye({children:e,fallback:t}){return(0,fe.A)()?(0,r.jsx)(r.Fragment,{children:e?.()}):t??null}function Qe({className:e,...t}){return(0,r.jsx)("button",{type:"button",...t,className:(0,u.A)("clean-btn",e)})}function Ke(e){return(0,r.jsx)("svg",{viewBox:"0 0 24 24",...e,children:(0,r.jsx)("path",{fill:"currentColor",d:"M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"})})}function et(e){return(0,r.jsx)("svg",{viewBox:"0 0 24 24",...e,children:(0,r.jsx)("path",{fill:"currentColor",d:"M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"})})}const tt={copyButtonCopied:"copyButtonCopied_Vdqa",copyButtonIcons:"copyButtonIcons_IEyt",copyButtonIcon:"copyButtonIcon_TrPX",copyButtonSuccessIcon:"copyButtonSuccessIcon_cVMy"};function nt(e){return e?(0,h.T)({id:"theme.CodeBlock.copied",message:"Copied",description:"The copied button label on code blocks"}):(0,h.T)({id:"theme.CodeBlock.copyButtonAriaLabel",message:"Copy code to clipboard",description:"The ARIA label for copy code blocks button"})}function st({className:e}){const{copyCode:t,isCopied:n}=function(){const{metadata:{code:e}}=Me(),[t,n]=(0,s.useState)(!1),a=(0,s.useRef)(void 0),i=(0,s.useCallback)((()=>{navigator.clipboard.writeText(e).then((()=>{n(!0),a.current=window.setTimeout((()=>{n(!1)}),1e3)}))}),[e]);return(0,s.useEffect)((()=>()=>window.clearTimeout(a.current)),[]),{copyCode:i,isCopied:t}}();return(0,r.jsx)(Qe,{"aria-label":nt(n),title:(0,h.T)({id:"theme.CodeBlock.copy",message:"Copy",description:"The copy button label on code blocks"}),className:(0,u.A)(e,tt.copyButton,n&&tt.copyButtonCopied),onClick:t,children:(0,r.jsxs)("span",{className:tt.copyButtonIcons,"aria-hidden":"true",children:[(0,r.jsx)(Ke,{className:tt.copyButtonIcon}),(0,r.jsx)(et,{className:tt.copyButtonSuccessIcon})]})})}function at(e){return(0,r.jsx)("svg",{viewBox:"0 0 24 24",...e,children:(0,r.jsx)("path",{fill:"currentColor",d:"M4 19h6v-2H4v2zM20 5H4v2h16V5zm-3 6H4v2h13.25c1.1 0 2 .9 2 2s-.9 2-2 2H15v-2l-3 3l3 3v-2h2c2.21 0 4-1.79 4-4s-1.79-4-4-4z"})})}const it="wordWrapButtonIcon_b1P5",rt="wordWrapButtonEnabled_uzNF";function ot({className:e}){const{wordWrap:t}=Me();if(!(t.isEnabled||t.isCodeScrollable))return!1;const n=(0,h.T)({id:"theme.CodeBlock.wordWrapToggle",message:"Toggle word wrap",description:"The title attribute for toggle word wrapping button of code block lines"});return(0,r.jsx)(Qe,{onClick:()=>t.toggle(),className:(0,u.A)(e,t.isEnabled&&rt),"aria-label":n,title:n,children:(0,r.jsx)(at,{className:it,"aria-hidden":"true"})})}const ct="buttonGroup_M5ko";function lt({className:e}){return(0,r.jsx)(Ye,{children:()=>(0,r.jsxs)("div",{className:(0,u.A)(e,ct),children:[(0,r.jsx)(ot,{}),(0,r.jsx)(st,{})]})})}const dt="codeBlockContent_QJqH",ut="codeBlockTitle_OeMC";function mt({className:e}){const{metadata:t}=Me();return(0,r.jsxs)(Ee,{as:"div",className:(0,u.A)(e,t.className),children:[t.title&&(0,r.jsx)("div",{className:ut,children:(0,r.jsx)(Pe,{children:t.title})}),(0,r.jsxs)("div",{className:dt,children:[(0,r.jsx)(Xe,{}),(0,r.jsx)(lt,{})]})]})}function ht(e){const t=function(e){const{prism:t}=(0,F.p)();return we({code:e.children,className:e.className,metastring:e.metastring,magicComments:t.magicComments,defaultLanguage:t.defaultLanguage,language:e.language,title:e.title,showLineNumbers:e.showLineNumbers})}(e),n=function(){const[e,t]=(0,s.useState)(!1),[n,a]=(0,s.useState)(!1),i=(0,s.useRef)(null),r=(0,s.useCallback)((()=>{const n=i.current.querySelector("code");e?n.removeAttribute("style"):(n.style.whiteSpace="pre-wrap",n.style.overflowWrap="anywhere"),t((e=>!e))}),[i,e]),o=(0,s.useCallback)((()=>{const{scrollWidth:e,clientWidth:t}=i.current,n=e>t||i.current.querySelector("code").hasAttribute("style");a(n)}),[i]);return Oe(i,o),(0,s.useEffect)((()=>{o()}),[e,o]),(0,s.useEffect)((()=>(window.addEventListener("resize",o,{passive:!0}),()=>{window.removeEventListener("resize",o)})),[o]),{codeBlockRef:i,isEnabled:e,isCodeScrollable:n,toggle:r}}();return(0,r.jsx)(Be,{metadata:t,wordWrap:n,children:(0,r.jsx)(mt,{})})}function ft({children:e,...t}){const n=(0,fe.A)(),a=function(e){return s.Children.toArray(e).some((e=>(0,s.isValidElement)(e)))?e:Array.isArray(e)?e.join(""):e}(e),i="string"==typeof a?ht:Re;return(0,r.jsx)(i,{...t,children:a},String(n))}function pt(e){return(0,r.jsx)("code",{...e})}var xt=n(3535);var gt=n(3427);const bt="details_lb9f",jt="isBrowser_bmU9",vt="collapsibleContent_i85q";function Nt(e){return!!e&&("SUMMARY"===e.tagName||Nt(e.parentElement))}function At(e,t){return!!e&&(e===t||At(e.parentElement,t))}function Ct({summary:e,children:t,...n}){(0,gt.A)().collectAnchor(n.id);const a=(0,fe.A)(),i=(0,s.useRef)(null),{collapsed:o,setCollapsed:c}=(0,D.u)({initialState:!n.open}),[l,d]=(0,s.useState)(n.open),m=s.isValidElement(e)?e:(0,r.jsx)("summary",{children:e??"Details"});return(0,r.jsxs)("details",{...n,ref:i,open:l,"data-collapsed":o,className:(0,u.A)(bt,a&&jt,n.className),onMouseDown:e=>{Nt(e.target)&&e.detail>1&&e.preventDefault()},onClick:e=>{e.stopPropagation();const t=e.target;Nt(t)&&At(t,i.current)&&(e.preventDefault(),o?(c(!1),d(!0)):c(!0))},children:[m,(0,r.jsx)(D.N,{lazy:!1,collapsed:o,onCollapseTransitionEnd:e=>{c(e),d(!e)},children:(0,r.jsx)("div",{className:vt,children:t})})]})}const yt="details_b_Ee";function Lt({...e}){return(0,r.jsx)(Ct,{...e,className:(0,u.A)("alert alert--info",yt,e.className)})}function kt(e){const t=s.Children.toArray(e.children),n=t.find((e=>s.isValidElement(e)&&"summary"===e.type)),a=(0,r.jsx)(r.Fragment,{children:t.filter((e=>e!==n))});return(0,r.jsx)(Lt,{...e,summary:n,children:a})}function _t(e){return(0,r.jsx)(ue.A,{...e})}const wt="containsTaskList_mC6p";function Tt(e){if(void 0!==e)return(0,u.A)(e,e?.includes("contains-task-list")&&wt)}const Bt="img_ev3q";function Mt(e){const{mdxAdmonitionTitle:t,rest:n}=function(e){const t=s.Children.toArray(e),n=t.find((e=>s.isValidElement(e)&&"mdxAdmonitionTitle"===e.type)),a=t.filter((e=>e!==n)),i=n?.props.children;return{mdxAdmonitionTitle:i,rest:a.length>0?(0,r.jsx)(r.Fragment,{children:a}):null}}(e.children),a=e.title??t;return{...e,...a&&{title:a},children:n}}const Ht="admonition_xJq3",Et="admonitionHeading_Gvgb",It="admonitionIcon_Rf37",St="admonitionContent_BuS1";function Vt({type:e,className:t,children:n}){return(0,r.jsx)("div",{className:(0,u.A)(v.G.common.admonition,v.G.common.admonitionType(e),Ht,t),children:n})}function Ut({icon:e,title:t}){return(0,r.jsxs)("div",{className:Et,children:[(0,r.jsx)("span",{className:It,children:e}),t]})}function Rt({children:e}){return e?(0,r.jsx)("div",{className:St,children:e}):null}function zt(e){const{type:t,icon:n,title:s,children:a,className:i}=e;return(0,r.jsxs)(Vt,{type:t,className:i,children:[s||n?(0,r.jsx)(Ut,{title:s,icon:n}):null,(0,r.jsx)(Rt,{children:a})]})}function Ot(e){return(0,r.jsx)("svg",{viewBox:"0 0 14 16",...e,children:(0,r.jsx)("path",{fillRule:"evenodd",d:"M6.3 5.69a.942.942 0 0 1-.28-.7c0-.28.09-.52.28-.7.19-.18.42-.28.7-.28.28 0 .52.09.7.28.18.19.28.42.28.7 0 .28-.09.52-.28.7a1 1 0 0 1-.7.3c-.28 0-.52-.11-.7-.3zM8 7.99c-.02-.25-.11-.48-.31-.69-.2-.19-.42-.3-.69-.31H6c-.27.02-.48.13-.69.31-.2.2-.3.44-.31.69h1v3c.02.27.11.5.31.69.2.2.42.31.69.31h1c.27 0 .48-.11.69-.31.2-.19.3-.42.31-.69H8V7.98v.01zM7 2.3c-3.14 0-5.7 2.54-5.7 5.68 0 3.14 2.56 5.7 5.7 5.7s5.7-2.55 5.7-5.7c0-3.15-2.56-5.69-5.7-5.69v.01zM7 .98c3.86 0 7 3.14 7 7s-3.14 7-7 7-7-3.12-7-7 3.14-7 7-7z"})})}const Pt={icon:(0,r.jsx)(Ot,{}),title:(0,r.jsx)(h.A,{id:"theme.admonition.note",description:"The default label used for the Note admonition (:::note)",children:"note"})};function $t(e){return(0,r.jsx)(zt,{...Pt,...e,className:(0,u.A)("alert alert--secondary",e.className),children:e.children})}function Dt(e){return(0,r.jsx)("svg",{viewBox:"0 0 12 16",...e,children:(0,r.jsx)("path",{fillRule:"evenodd",d:"M6.5 0C3.48 0 1 2.19 1 5c0 .92.55 2.25 1 3 1.34 2.25 1.78 2.78 2 4v1h5v-1c.22-1.22.66-1.75 2-4 .45-.75 1-2.08 1-3 0-2.81-2.48-5-5.5-5zm3.64 7.48c-.25.44-.47.8-.67 1.11-.86 1.41-1.25 2.06-1.45 3.23-.02.05-.02.11-.02.17H5c0-.06 0-.13-.02-.17-.2-1.17-.59-1.83-1.45-3.23-.2-.31-.42-.67-.67-1.11C2.44 6.78 2 5.65 2 5c0-2.2 2.02-4 4.5-4 1.22 0 2.36.42 3.22 1.19C10.55 2.94 11 3.94 11 5c0 .66-.44 1.78-.86 2.48zM4 14h5c-.23 1.14-1.3 2-2.5 2s-2.27-.86-2.5-2z"})})}const Ft={icon:(0,r.jsx)(Dt,{}),title:(0,r.jsx)(h.A,{id:"theme.admonition.tip",description:"The default label used for the Tip admonition (:::tip)",children:"tip"})};function Gt(e){return(0,r.jsx)(zt,{...Ft,...e,className:(0,u.A)("alert alert--success",e.className),children:e.children})}function Wt(e){return(0,r.jsx)("svg",{viewBox:"0 0 14 16",...e,children:(0,r.jsx)("path",{fillRule:"evenodd",d:"M7 2.3c3.14 0 5.7 2.56 5.7 5.7s-2.56 5.7-5.7 5.7A5.71 5.71 0 0 1 1.3 8c0-3.14 2.56-5.7 5.7-5.7zM7 1C3.14 1 0 4.14 0 8s3.14 7 7 7 7-3.14 7-7-3.14-7-7-7zm1 3H6v5h2V4zm0 6H6v2h2v-2z"})})}const qt={icon:(0,r.jsx)(Wt,{}),title:(0,r.jsx)(h.A,{id:"theme.admonition.info",description:"The default label used for the Info admonition (:::info)",children:"info"})};function Jt(e){return(0,r.jsx)(zt,{...qt,...e,className:(0,u.A)("alert alert--info",e.className),children:e.children})}function Zt(e){return(0,r.jsx)("svg",{viewBox:"0 0 16 16",...e,children:(0,r.jsx)("path",{fillRule:"evenodd",d:"M8.893 1.5c-.183-.31-.52-.5-.887-.5s-.703.19-.886.5L.138 13.499a.98.98 0 0 0 0 1.001c.193.31.53.501.886.501h13.964c.367 0 .704-.19.877-.5a1.03 1.03 0 0 0 .01-1.002L8.893 1.5zm.133 11.497H6.987v-2.003h2.039v2.003zm0-3.004H6.987V5.987h2.039v4.006z"})})}const Xt={icon:(0,r.jsx)(Zt,{}),title:(0,r.jsx)(h.A,{id:"theme.admonition.warning",description:"The default label used for the Warning admonition (:::warning)",children:"warning"})};function Yt(e){return(0,r.jsx)("svg",{viewBox:"0 0 12 16",...e,children:(0,r.jsx)("path",{fillRule:"evenodd",d:"M5.05.31c.81 2.17.41 3.38-.52 4.31C3.55 5.67 1.98 6.45.9 7.98c-1.45 2.05-1.7 6.53 3.53 7.7-2.2-1.16-2.67-4.52-.3-6.61-.61 2.03.53 3.33 1.94 2.86 1.39-.47 2.3.53 2.27 1.67-.02.78-.31 1.44-1.13 1.81 3.42-.59 4.78-3.42 4.78-5.56 0-2.84-2.53-3.22-1.25-5.61-1.52.13-2.03 1.13-1.89 2.75.09 1.08-1.02 1.8-1.86 1.33-.67-.41-.66-1.19-.06-1.78C8.18 5.31 8.68 2.45 5.05.32L5.03.3l.02.01z"})})}const Qt={icon:(0,r.jsx)(Yt,{}),title:(0,r.jsx)(h.A,{id:"theme.admonition.danger",description:"The default label used for the Danger admonition (:::danger)",children:"danger"})};const Kt={icon:(0,r.jsx)(Zt,{}),title:(0,r.jsx)(h.A,{id:"theme.admonition.caution",description:"The default label used for the Caution admonition (:::caution)",children:"caution"})};const en={...{note:$t,tip:Gt,info:Jt,warning:function(e){return(0,r.jsx)(zt,{...Xt,...e,className:(0,u.A)("alert alert--warning",e.className),children:e.children})},danger:function(e){return(0,r.jsx)(zt,{...Qt,...e,className:(0,u.A)("alert alert--danger",e.className),children:e.children})}},...{secondary:e=>(0,r.jsx)($t,{title:"secondary",...e}),important:e=>(0,r.jsx)(Jt,{title:"important",...e}),success:e=>(0,r.jsx)(Gt,{title:"success",...e}),caution:function(e){return(0,r.jsx)(zt,{...Kt,...e,className:(0,u.A)("alert alert--warning",e.className),children:e.children})}}};function tn(e){const t=Mt(e),n=(s=t.type,en[s]||(console.warn(`No admonition component found for admonition type "${s}". Using Info as fallback.`),en.info));var s;return(0,r.jsx)(n,{...t})}var nn=n(7489),sn=n(2181);let an=null;async function rn(){return an||(an=async function(){return(await n.e(2279).then(n.bind(n,2279))).default}()),an}function on(){const{colorMode:e}=(0,pe.G)(),t=(0,F.p)().mermaid,n=t.theme[e],{options:a}=t;return(0,s.useMemo)((()=>({startOnLoad:!1,...a,theme:n})),[n,a])}function cn({text:e,config:t}){const[n,a]=(0,s.useState)(null),i=(0,s.useState)(`mermaid-svg-${Math.round(1e7*Math.random())}`)[0],r=on(),o=t??r;return(0,s.useEffect)((()=>{(async function({id:e,text:t,config:n}){const s=await rn();s.initialize(n);try{return await s.render(e,t)}catch(a){throw document.querySelector(`#d${e}`)?.remove(),a}})({id:i,text:e,config:o}).then(a).catch((e=>{a((()=>{throw e}))}))}),[i,e,o]),n}const ln="container_lyt7";function dn({renderResult:e}){const t=(0,s.useRef)(null);return(0,s.useEffect)((()=>{const n=t.current;e.bindFunctions?.(n)}),[e]),(0,r.jsx)("div",{ref:t,className:`docusaurus-mermaid-container ${ln}`,dangerouslySetInnerHTML:{__html:e.svg}})}function un({value:e}){const t=cn({text:e});return null===t?null:(0,r.jsx)(dn,{renderResult:t})}const mn={Head:he.A,details:kt,Details:kt,code:function(e){return function(e){return void 0!==e.children&&s.Children.toArray(e.children).every((e=>"string"==typeof e&&!e.includes("\n")))}(e)?(0,r.jsx)(pt,{...e}):(0,r.jsx)(ft,{...e})},a:function(e){const t=(0,xt.v)(e.id);return(0,r.jsx)(f.A,{...e,className:(0,u.A)(t,e.className)})},pre:function(e){return(0,r.jsx)(r.Fragment,{children:e.children})},ul:function(e){return(0,r.jsx)("ul",{...e,className:Tt(e.className)})},li:function(e){(0,gt.A)().collectAnchor(e.id);const t=(0,xt.v)(e.id);return(0,r.jsx)("li",{className:(0,u.A)(t,e.className),...e})},img:function(e){return(0,r.jsx)("img",{decoding:"async",loading:"lazy",...e,className:(t=e.className,(0,u.A)(t,Bt))});var t},h1:e=>(0,r.jsx)(_t,{as:"h1",...e}),h2:e=>(0,r.jsx)(_t,{as:"h2",...e}),h3:e=>(0,r.jsx)(_t,{as:"h3",...e}),h4:e=>(0,r.jsx)(_t,{as:"h4",...e}),h5:e=>(0,r.jsx)(_t,{as:"h5",...e}),h6:e=>(0,r.jsx)(_t,{as:"h6",...e}),admonition:tn,mermaid:function(e){return(0,r.jsx)(nn.A,{fallback:e=>(0,r.jsx)(sn.MN,{...e}),children:(0,r.jsx)(un,{...e})})}};function hn({children:e}){return(0,r.jsx)(me.x,{components:mn,children:e})}function fn({children:e}){const t=function(){const{metadata:e,frontMatter:t,contentTitle:n}=l();return t.hide_title||void 0!==n?null:e.title}();return(0,r.jsxs)("div",{className:(0,u.A)(v.G.docs.docMarkdown,"markdown"),children:[t&&(0,r.jsx)("header",{children:(0,r.jsx)(ue.A,{as:"h1",children:t})}),(0,r.jsx)(hn,{children:e})]})}var pn=n(4718),xn=n(9169),gn=n(6025);function bn(e){return(0,r.jsx)("svg",{viewBox:"0 0 24 24",...e,children:(0,r.jsx)("path",{d:"M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z",fill:"currentColor"})})}const jn={breadcrumbHomeIcon:"breadcrumbHomeIcon_YNFT"};function vn(){const e=(0,gn.Ay)("/");return(0,r.jsx)("li",{className:"breadcrumbs__item",children:(0,r.jsx)(f.A,{"aria-label":(0,h.T)({id:"theme.docs.breadcrumbs.home",message:"Home page",description:"The ARIA label for the home page in the breadcrumbs"}),className:"breadcrumbs__link",href:e,children:(0,r.jsx)(bn,{className:jn.breadcrumbHomeIcon})})})}function Nn(e){const t=function({breadcrumbs:e}){const{siteConfig:t}=(0,b.A)();return{"@context":"https://schema.org","@type":"BreadcrumbList",itemListElement:e.filter((e=>e.href)).map(((e,n)=>({"@type":"ListItem",position:n+1,name:e.label,item:`${t.url}${e.href}`})))}}({breadcrumbs:e.breadcrumbs});return(0,r.jsx)(he.A,{children:(0,r.jsx)("script",{type:"application/ld+json",children:JSON.stringify(t)})})}const An={breadcrumbsContainer:"breadcrumbsContainer_Z_bl"};function Cn({children:e,href:t,isLast:n}){const s="breadcrumbs__link";return n?(0,r.jsx)("span",{className:s,children:e}):t?(0,r.jsx)(f.A,{className:s,href:t,children:(0,r.jsx)("span",{children:e})}):(0,r.jsx)("span",{className:s,children:e})}function yn({children:e,active:t}){return(0,r.jsx)("li",{className:(0,u.A)("breadcrumbs__item",{"breadcrumbs__item--active":t}),children:e})}function Ln(){const e=(0,pn.OF)(),t=(0,xn.Dt)();return e?(0,r.jsxs)(r.Fragment,{children:[(0,r.jsx)(Nn,{breadcrumbs:e}),(0,r.jsx)("nav",{className:(0,u.A)(v.G.docs.docBreadcrumbs,An.breadcrumbsContainer),"aria-label":(0,h.T)({id:"theme.docs.breadcrumbs.navAriaLabel",message:"Breadcrumbs",description:"The ARIA label for the breadcrumbs"}),children:(0,r.jsxs)("ul",{className:"breadcrumbs",children:[t&&(0,r.jsx)(vn,{}),e.map(((t,n)=>{const s=n===e.length-1,a="category"===t.type&&t.linkUnlisted?void 0:t.href;return(0,r.jsx)(yn,{active:s,children:(0,r.jsx)(Cn,{href:a,isLast:s,children:t.label})},n)}))]})})]}):null}function kn(){return(0,r.jsx)(h.A,{id:"theme.contentVisibility.unlistedBanner.title",description:"The unlisted content banner title",children:"Unlisted page"})}function _n(){return(0,r.jsx)(h.A,{id:"theme.contentVisibility.unlistedBanner.message",description:"The unlisted content banner message",children:"This page is unlisted. Search engines will not index it, and only users having a direct link can access it."})}function wn(){return(0,r.jsx)(he.A,{children:(0,r.jsx)("meta",{name:"robots",content:"noindex, nofollow"})})}function Tn(){return(0,r.jsx)(h.A,{id:"theme.contentVisibility.draftBanner.title",description:"The draft content banner title",children:"Draft page"})}function Bn(){return(0,r.jsx)(h.A,{id:"theme.contentVisibility.draftBanner.message",description:"The draft content banner message",children:"This page is a draft. It will only be visible in dev and be excluded from the production build."})}function Mn({className:e}){return(0,r.jsx)(tn,{type:"caution",title:(0,r.jsx)(Tn,{}),className:(0,u.A)(e,v.G.common.draftBanner),children:(0,r.jsx)(Bn,{})})}function Hn({className:e}){return(0,r.jsx)(tn,{type:"caution",title:(0,r.jsx)(kn,{}),className:(0,u.A)(e,v.G.common.unlistedBanner),children:(0,r.jsx)(_n,{})})}function En(e){return(0,r.jsxs)(r.Fragment,{children:[(0,r.jsx)(wn,{}),(0,r.jsx)(Hn,{...e})]})}function In({metadata:e}){const{unlisted:t,frontMatter:n}=e;return(0,r.jsxs)(r.Fragment,{children:[(t||n.unlisted)&&(0,r.jsx)(En,{}),n.draft&&(0,r.jsx)(Mn,{})]})}const Sn={docItemContainer:"docItemContainer_Djhp",docItemCol:"docItemCol_VOVn"};function Vn({children:e}){const t=function(){const{frontMatter:e,toc:t}=l(),n=(0,m.l)(),s=e.hide_table_of_contents,a=!s&&t.length>0;return{hidden:s,mobile:a?(0,r.jsx)(ie,{}):void 0,desktop:!a||"desktop"!==n&&"ssr"!==n?void 0:(0,r.jsx)(de,{})}}(),{metadata:n}=l();return(0,r.jsxs)("div",{className:"row",children:[(0,r.jsxs)("div",{className:(0,u.A)("col",!t.hidden&&Sn.docItemCol),children:[(0,r.jsx)(In,{metadata:n}),(0,r.jsx)(_,{}),(0,r.jsxs)("div",{className:Sn.docItemContainer,children:[(0,r.jsxs)("article",{children:[(0,r.jsx)(Ln,{}),(0,r.jsx)(w,{}),t.mobile,(0,r.jsx)(fn,{children:e}),(0,r.jsx)($,{})]}),(0,r.jsx)(g,{})]})]}),t.desktop&&(0,r.jsx)("div",{className:"col col--3",children:t.desktop})]})}function Un(e){const t=`docs-doc-id-${e.content.metadata.id}`,n=e.content;return(0,r.jsx)(c,{content:e.content,children:(0,r.jsxs)(a.e3,{className:t,children:[(0,r.jsx)(d,{}),(0,r.jsx)(Vn,{children:(0,r.jsx)(n,{})})]})})}},8426:(e,t)=>{function n(e){let t,n=[];for(let s of e.split(",").map((e=>e.trim())))if(/^-?\d+$/.test(s))n.push(parseInt(s,10));else if(t=s.match(/^(-?\d+)(-|\.\.\.?|\u2025|\u2026|\u22EF)(-?\d+)$/)){let[e,s,a,i]=t;if(s&&i){s=parseInt(s),i=parseInt(i);const e=s<i?1:-1;"-"!==a&&".."!==a&&"\u2025"!==a||(i+=e);for(let t=s;t!==i;t+=e)n.push(t)}}return n}t.default=n,e.exports=n},8453:(e,t,n)=>{"use strict";n.d(t,{R:()=>r,x:()=>o});var s=n(6540);const a={},i=s.createContext(a);function r(e){const t=s.useContext(i);return s.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function o(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(a):e.components||a:r(e.components),s.createElement(i.Provider,{value:t},e.children)}}}]);