solace-agent-mesh 1.6.1__py3-none-any.whl → 1.13.2__py3-none-any.whl

solace_agent_mesh/assets/docs/assets/js/547e15cc.8e6da617.js

@@ -0,0 +1 @@
+"use strict";(self.webpackChunksolace_agenitc_mesh_docs=self.webpackChunksolace_agenitc_mesh_docs||[]).push([[9324],{305:(e,n,t)=>{t.r(n),t.d(n,{assets:()=>r,contentTitle:()=>o,default:()=>h,frontMatter:()=>a,metadata:()=>i,toc:()=>c});const i=JSON.parse('{"id":"documentation/components/plugins","title":"Plugins","description":"Plugins provide a mechanism to extend the functionality of Agent Mesh in a modular, shareable, and reusable way. The current plugin ecosystem includes agents, gateways, and specialized integrations.","source":"@site/docs/documentation/components/plugins.md","sourceDirName":"documentation/components","slug":"/documentation/components/plugins","permalink":"/solace-agent-mesh/docs/documentation/components/plugins","draft":false,"unlisted":false,"editUrl":"https://github.com/SolaceLabs/solace-agent-mesh/edit/main/docs/docs/documentation/components/plugins.md","tags":[],"version":"current","sidebarPosition":270,"frontMatter":{"title":"Plugins","sidebar_position":270},"sidebar":"docSidebar","previous":{"title":"Platform Service","permalink":"/solace-agent-mesh/docs/documentation/components/platform-service"},"next":{"title":"Projects","permalink":"/solace-agent-mesh/docs/documentation/components/projects"}}');var s=t(4848),l=t(8453);const a={title:"Plugins",sidebar_position:270},o=void 0,r={},c=[{value:"Official Core Plugins",id:"official-core-plugins",level:3},{value:"Create a Plugin",id:"create-a-plugin",level:2},{value:"Build the Plugin",id:"build-the-plugin",level:3},{value:"Share the Plugin",id:"share-the-plugin",level:3},{value:"Use a Plugin",id:"use-a-plugin",level:2},{value:"Plugin Catalog Dashboard",id:"plugin-catalog-dashboard",level:2},{value:"Agent or Plugin: Which To Use?",id:"agent-or-plugin-which-to-use",level:2},{value:"When To Use a Standalone Agent",id:"when-to-use-a-standalone-agent",level:3},{value:"When To Use an Agent Plugin",id:"when-to-use-an-agent-plugin",level:3},{value:"Recommendation",id:"recommendation",level:3}];function d(e){const n={a:"a",admonition:"admonition",code:"code",h2:"h2",h3:"h3",li:"li",p:"p",pre:"pre",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",ul:"ul",...(0,l.R)(),...e.components};return(0,s.jsxs)(s.Fragment,{children:[(0,s.jsx)(n.p,{children:"Plugins provide a mechanism to extend the functionality of Agent Mesh in a modular, shareable, and reusable way. The current plugin ecosystem includes agents, gateways, and specialized integrations."}),"\n",(0,s.jsx)(n.admonition,{title:"In one sentence",type:"tip",children:(0,s.jsx)(n.p,{children:"Plugins are modular Python packages that extend Solace the capabilities of Agent Mesh through agents, gateways, and specialized integrations."})}),"\n",(0,s.jsxs)(n.p,{children:["Plugins are packaged as Python modules that can be installed using various package managers (",(0,s.jsx)(n.code,{children:"pip"}),", ",(0,s.jsx)(n.code,{children:"uv"}),", ",(0,s.jsx)(n.code,{children:"poetry"}),", ",(0,s.jsx)(n.code,{children:"conda"}),"). They integrate seamlessly with the A2A protocol and can provide:"]}),"\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.strong,{children:"Agent Plugins"}),": Specialized agents with domain-specific capabilities"]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.strong,{children:"Gateway Plugins"}),": New interface types for external system integration"]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.strong,{children:"Custom Plugins"}),": Custom integrations such as HR providers."]}),"\n"]}),"\n",(0,s.jsx)(n.p,{children:"All plugin interactions (create, build, add) are managed through the Agent Mesh CLI."}),"\n",(0,s.jsx)(n.admonition,{type:"info",children:(0,s.jsxs)(n.p,{children:["Run ",(0,s.jsx)(n.code,{children:"sam plugin --help"})," to see the list of available commands for plugins."]})}),"\n",(0,s.jsx)(n.h3,{id:"official-core-plugins",children:"Official Core Plugins"}),"\n",(0,s.jsxs)(n.p,{children:["Agent Mesh comes with a set of official core plugins that can be used to extend the functionality of the system. You can find the repository of the official core plugins ",(0,s.jsx)(n.a,{href:"https://github.com/SolaceLabs/solace-agent-mesh-core-plugins",children:"here \ud83d\udd17"}),"."]}),"\n",(0,s.jsxs)(n.p,{children:["For more information about how to use the official core plugins, see ",(0,s.jsx)(n.a,{href:"#use-a-plugin",children:"Use Plugins"}),"."]}),"\n",(0,s.jsx)(n.h2,{id:"create-a-plugin",children:"Create a Plugin"}),"\n",(0,s.jsxs)(n.p,{children:["To get started, ",(0,s.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/installing-and-configuring/installation",children:"install the Agent Mesh CLI"})," and run the following command:"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"solace-agent-mesh plugin create <plugin-name>\n"})}),"\n",(0,s.jsx)(n.p,{children:"Follow the prompts to create a new plugin. A plugin can be one of the following types:"}),"\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.strong,{children:"Agent Plugin"}),": Contains custom agents that can be used in a Agent Mesh project."]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.strong,{children:"Gateway Plugin"}),": Contains custom gateways that can be used in a Agent Mesh project."]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.strong,{children:"Custom Plugin"}),": Contains custom integrations such as HR providers or other specialized functionality."]}),"\n"]}),"\n",(0,s.jsx)(n.p,{children:"The Agent Mesh CLI creates a directory with the provided name and the following structure:"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{children:"plugin-name/\n\u251c\u2500 config.yaml\n\u251c\u2500 src/\n\u2502  \u251c\u2500 __init__.py\n\u2502  \u251c\u2500 [...Other type specific python files]\n\u251c\u2500 .gitignore\n\u251c\u2500 pyproject.toml\n\u251c\u2500 README.md\n"})}),"\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsxs)(n.li,{children:["The ",(0,s.jsx)(n.code,{children:"src"})," directory contains the python source code."]}),"\n",(0,s.jsxs)(n.li,{children:["The ",(0,s.jsx)(n.code,{children:"config.yaml"})," file holds the configuration for the plugin, and how to be used in a Agent Mesh application."]}),"\n"]}),"\n",(0,s.jsx)(n.p,{children:"Once the plugin is created, you can start customizing the config.yaml or the python files."}),"\n",(0,s.jsx)(n.h3,{id:"build-the-plugin",children:"Build the Plugin"}),"\n",(0,s.jsxs)(n.p,{children:["Building the plugin creates a Python wheel package that can be installed using ",(0,s.jsx)(n.code,{children:"pip"})," or other package managers."]}),"\n",(0,s.jsxs)(n.p,{children:["Python ",(0,s.jsx)(n.code,{children:"build"})," package must be installed already since ",(0,s.jsx)(n.code,{children:"sam plugin build"})," command uses ",(0,s.jsx)(n.code,{children:"build"})," package, if not, run ",(0,s.jsx)(n.code,{children:"pip install build"}),"."]}),"\n",(0,s.jsx)(n.p,{children:"To build the plugin, run the following Agent Mesh CLI command:"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"solace-agent-mesh plugin build\n"})}),"\n",(0,s.jsxs)(n.p,{children:["The plugin uses the standard ",(0,s.jsx)(n.code,{children:"pyproject.toml"})," file to build the package."]}),"\n",(0,s.jsx)(n.h3,{id:"share-the-plugin",children:"Share the Plugin"}),"\n",(0,s.jsxs)(n.p,{children:["To share the plugin, you can upload the wheel package to a package repository or share the wheel package directly, or any other valid way to share a ",(0,s.jsx)(n.code,{children:"pyproject"})," project."]}),"\n",(0,s.jsx)(n.h2,{id:"use-a-plugin",children:"Use a Plugin"}),"\n",(0,s.jsxs)(n.p,{children:["To use a plugin in your project, use the ",(0,s.jsx)(n.code,{children:"plugin add"})," command, which performs two steps under-the-hood:"]}),"\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsxs)(n.li,{children:["Locates the plugin or installs the plugin package using a Python package manager (like ",(0,s.jsx)(n.code,{children:"pip"})," or ",(0,s.jsx)(n.code,{children:"uv"}),")"]}),"\n",(0,s.jsx)(n.li,{children:"Creates a component instance based on the plugin"}),"\n"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"solace-agent-mesh plugin add <COMPONENT_NAME> --plugin <PLUGIN_NAME>\n"})}),"\n",(0,s.jsx)(n.p,{children:"where:"}),"\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.code,{children:"<COMPONENT_NAME>"})," is the name you choose for the component instance in your project."]}),"\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.code,{children:"<PLUGIN_NAME>"}),", you can use:"]}),"\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsxs)(n.li,{children:["Name of the plugin as published to a package manager like ",(0,s.jsx)(n.code,{children:"pypi"}),", for example ",(0,s.jsx)(n.code,{children:"my-plugin"})]}),"\n",(0,s.jsx)(n.li,{children:"Name of the plugin that has been already installed into your Python environment."}),"\n",(0,s.jsxs)(n.li,{children:["A local path to the plugin directory, for example ",(0,s.jsx)(n.code,{children:"./my-plugin"})]}),"\n",(0,s.jsxs)(n.li,{children:["A path to a wheel package, for example ",(0,s.jsx)(n.code,{children:"./my-plugin/dist/my_plugin-0.1.0-py3-none-any.whl"})]}),"\n",(0,s.jsxs)(n.li,{children:["A URL to a git repository, for example ",(0,s.jsx)(n.code,{children:"git+https://github.com/<USERNAME>/<REPOSITORY>"}),"\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsxs)(n.li,{children:["If the plugin is in a subdirectory of the repository, you can specify the subdirectory using the ",(0,s.jsx)(n.code,{children:"git+https://github.com/<USERNAME>/<REPOSITORY>#subdirectory=<PLUGIN_NAME>"})," syntax."]}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,s.jsx)(n.p,{children:"The CLI handles both steps automatically, or you can manage the plugin installation yourself using your preferred Python package manager."}),"\n",(0,s.jsxs)(n.admonition,{type:"tip",children:[(0,s.jsxs)(n.p,{children:["You can also customize the python package manager command used to install the plugin by setting the ",(0,s.jsx)(n.code,{children:"SAM_PLUGIN_INSTALL_COMMAND"})," environment variable or passing the ",(0,s.jsx)(n.code,{children:"--install-command"})," option to the ",(0,s.jsx)(n.code,{children:"plugin add"})," command.\nFor example, to use ",(0,s.jsx)(n.code,{children:"uv"})," as the package manager, you can run:"]}),(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:'export SAM_PLUGIN_INSTALL_COMMAND="uv pip install {package}"\n'})}),(0,s.jsx)(n.p,{children:"or"}),(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:'solace-agent-mesh plugin add <COMPONENT_NAME> --plugin <PLUGIN_NAME> --install-command "uv pip install {package}"\n'})})]}),"\n",(0,s.jsxs)(n.p,{children:["This command adds the plugin instance configuration to your ",(0,s.jsx)(n.code,{children:"configs"})," directory."]}),"\n",(0,s.jsx)(n.p,{children:"Depending on the plugin, you may need to update the newly added plugin configuration file. Follow the instructions provided by the plugin author for any specific configurations."}),"\n",(0,s.jsx)(n.h2,{id:"plugin-catalog-dashboard",children:"Plugin Catalog Dashboard"}),"\n",(0,s.jsxs)(n.p,{children:["You can manage available plugins with the ",(0,s.jsx)(n.code,{children:"plugin catalog"})," command, which launches a user-friendly interface."]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"solace-agent-mesh plugin catalog\n"})}),"\n",(0,s.jsx)(n.h2,{id:"agent-or-plugin-which-to-use",children:"Agent or Plugin: Which To Use?"}),"\n",(0,s.jsx)(n.p,{children:"In simple terms, plugins of type agent are just packaged agents. However, there are distinct advantages to each approach, and choosing the right one depends on your use case."}),"\n",(0,s.jsx)(n.p,{children:"Here\u2019s a detailed comparison to help you decide."}),"\n",(0,s.jsxs)(n.table,{children:[(0,s.jsx)(n.thead,{children:(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.th,{style:{textAlign:"left"},children:"Feature"}),(0,s.jsxs)(n.th,{style:{textAlign:"left"},children:["Standalone Agent (",(0,s.jsx)(n.code,{children:"sam add agent"}),")"]}),(0,s.jsxs)(n.th,{style:{textAlign:"left"},children:["Agent Plugin (",(0,s.jsx)(n.code,{children:"sam plugin create"}),")"]})]})}),(0,s.jsxs)(n.tbody,{children:[(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{style:{textAlign:"left"},children:(0,s.jsx)(n.strong,{children:"Creation"})}),(0,s.jsx)(n.td,{style:{textAlign:"left"},children:"A single command creates a configuration file in your project."}),(0,s.jsx)(n.td,{style:{textAlign:"left"},children:"Creates a complete, standard Python project structure."})]}),(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{style:{textAlign:"left"},children:(0,s.jsx)(n.strong,{children:"Structure"})}),(0,s.jsx)(n.td,{style:{textAlign:"left"},children:"Consists of a YAML configuration file and associated Python tool files within a Agent Mesh project."}),(0,s.jsxs)(n.td,{style:{textAlign:"left"},children:["A self-contained Python package with ",(0,s.jsx)(n.code,{children:"pyproject.toml"}),", a ",(0,s.jsx)(n.code,{children:"src"})," directory, and configuration templates."]})]}),(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{style:{textAlign:"left"},children:(0,s.jsx)(n.strong,{children:"Packaging"})}),(0,s.jsx)(n.td,{style:{textAlign:"left"},children:"Not packaged. It exists as a component within a larger Agent Mesh project."}),(0,s.jsxs)(n.td,{style:{textAlign:"left"},children:["Packaged into a standard Python wheel (",(0,s.jsx)(n.code,{children:".whl"}),") file using ",(0,s.jsx)(n.code,{children:"sam plugin build"}),"."]})]}),(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{style:{textAlign:"left"},children:(0,s.jsx)(n.strong,{children:"Distribution"})}),(0,s.jsx)(n.td,{style:{textAlign:"left"},children:"Shared by copying files or sharing the entire project."}),(0,s.jsx)(n.td,{style:{textAlign:"left"},children:"Easily distributed as a wheel file, via a Git repository, or published to a package index like PyPI."})]}),(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{style:{textAlign:"left"},children:(0,s.jsx)(n.strong,{children:"Reusability"})}),(0,s.jsx)(n.td,{style:{textAlign:"left"},children:"Primarily for use within the project where it was created."}),(0,s.jsx)(n.td,{style:{textAlign:"left"},children:"Designed for high reusability across different projects, teams, and communities."})]}),(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{style:{textAlign:"left"},children:(0,s.jsx)(n.strong,{children:"Installation"})}),(0,s.jsx)(n.td,{style:{textAlign:"left"},children:"No installation needed. The agent is configured and run as part of the main project."}),(0,s.jsxs)(n.td,{style:{textAlign:"left"},children:["Installed into the Python environment using ",(0,s.jsx)(n.code,{children:"sam plugin add"}),", which handles the package installation."]})]}),(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{style:{textAlign:"left"},children:(0,s.jsx)(n.strong,{children:"Versioning"})}),(0,s.jsx)(n.td,{style:{textAlign:"left"},children:"Versioned along with the main project."}),(0,s.jsxs)(n.td,{style:{textAlign:"left"},children:["Can be versioned independently according to Python packaging standards (e.g., ",(0,s.jsx)(n.code,{children:"v0.1.0"}),", ",(0,s.jsx)(n.code,{children:"v0.2.0"}),")."]})]}),(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{style:{textAlign:"left"},children:(0,s.jsx)(n.strong,{children:"Development"})}),(0,s.jsx)(n.td,{style:{textAlign:"left"},children:"Simple and direct. Edit files and run. Ideal for rapid prototyping."}),(0,s.jsx)(n.td,{style:{textAlign:"left"},children:"Involves a build/install cycle. Better for structured, long-term development."})]})]})]}),"\n",(0,s.jsx)(n.h3,{id:"when-to-use-a-standalone-agent",children:"When To Use a Standalone Agent"}),"\n",(0,s.jsx)(n.p,{children:"Create a standalone agent when:"}),"\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsx)(n.li,{children:"You need to quickly test an idea or build a proof-of-concept."}),"\n",(0,s.jsx)(n.li,{children:"The agent is tightly coupled to a single project and is not intended for reuse."}),"\n",(0,s.jsx)(n.li,{children:"You want the most straightforward path to adding a simple agent without the overhead of a full package structure."}),"\n"]}),"\n",(0,s.jsx)(n.h3,{id:"when-to-use-an-agent-plugin",children:"When To Use an Agent Plugin"}),"\n",(0,s.jsx)(n.p,{children:"Create an agent as a plugin when:"}),"\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsx)(n.li,{children:"You plan to use the same agent in multiple projects."}),"\n",(0,s.jsx)(n.li,{children:"You want to share your agent with other developers, teams, or the open-source community."}),"\n",(0,s.jsx)(n.li,{children:"You are building a robust, production-ready agent that benefits from a formal package structure, dependency management, and versioning."}),"\n",(0,s.jsx)(n.li,{children:"You are building a collection of standardized agents for your organization."}),"\n"]}),"\n",(0,s.jsx)(n.h3,{id:"recommendation",children:"Recommendation"}),"\n",(0,s.jsx)(n.p,{children:"The choice of how to build your agent depends on your goals and the requirements of your project:"}),"\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Standalone Agents"})," should be viewed as tactical tools for rapid, isolated prototyping. They serve immediate, project-specific needs but do not contribute to a scalable, long-term asset library."]}),"\n"]}),"\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Agent Plugins"})," are the foundation for building a robust, governable, and reusable AI ecosystem. This model treats AI capabilities as enterprise assets, promoting standardization, reducing redundant development costs, and accelerating innovation across the organization. For any capability intended for broader use or long-term value, the plugin framework is the mandated path to maximize return on investment and ensure architectural integrity."]}),"\n"]}),"\n"]})]})}function h(e={}){const{wrapper:n}={...(0,l.R)(),...e.components};return n?(0,s.jsx)(n,{...e,children:(0,s.jsx)(d,{...e})}):d(e)}},8453:(e,n,t)=>{t.d(n,{R:()=>a,x:()=>o});var i=t(6540);const s={},l=i.createContext(s);function a(e){const n=i.useContext(l);return i.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function o(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(s):e.components||s:a(e.components),i.createElement(l.Provider,{value:n},e.children)}}}]);

solace_agent_mesh/assets/docs/assets/js/55b7b518.29d6e75d.js

@@ -0,0 +1 @@
+"use strict";(self.webpackChunksolace_agenitc_mesh_docs=self.webpackChunksolace_agenitc_mesh_docs||[]).push([[3936],{56:(e,n,s)=>{s.r(n),s.d(n,{assets:()=>l,contentTitle:()=>a,default:()=>h,frontMatter:()=>o,metadata:()=>i,toc:()=>c});const i=JSON.parse('{"id":"documentation/installing-and-configuring/installation","title":"Installing Agent Mesh","description":"Before you begin, ensure you have the following:","source":"@site/docs/documentation/installing-and-configuring/installation.md","sourceDirName":"documentation/installing-and-configuring","slug":"/documentation/installing-and-configuring/installation","permalink":"/solace-agent-mesh/docs/documentation/installing-and-configuring/installation","draft":false,"unlisted":false,"editUrl":"https://github.com/SolaceLabs/solace-agent-mesh/edit/main/docs/docs/documentation/installing-and-configuring/installation.md","tags":[],"version":"current","sidebarPosition":310,"frontMatter":{"title":"Installing Agent Mesh","sidebar_position":310},"sidebar":"docSidebar","previous":{"title":"Installing and Configuring Agent Mesh","permalink":"/solace-agent-mesh/docs/documentation/installing-and-configuring/"},"next":{"title":"Creating and Running an Agent Mesh Project","permalink":"/solace-agent-mesh/docs/documentation/installing-and-configuring/run-project"}}');var t=s(4848),r=s(8453);const o={title:"Installing Agent Mesh",sidebar_position:310},a="Prerequisites",l={},c=[{value:"Install Agent Mesh",id:"install-agent-mesh",level:2},{value:"Verify Installation",id:"verify-installation",level:2},{value:"Next Steps",id:"next-steps",level:2}];function d(e){const n={a:"a",admonition:"admonition",code:"code",h1:"h1",h2:"h2",header:"header",li:"li",ol:"ol",p:"p",pre:"pre",strong:"strong",ul:"ul",...(0,r.R)(),...e.components},{Details:s}=n;return s||function(e,n){throw new Error("Expected "+(n?"component":"object")+" `"+e+"` to be defined: you likely forgot to import, pass, or provide it.")}("Details",!0),(0,t.jsxs)(t.Fragment,{children:[(0,t.jsx)(n.header,{children:(0,t.jsx)(n.h1,{id:"prerequisites",children:"Prerequisites"})}),"\n",(0,t.jsx)(n.p,{children:"Before you begin, ensure you have the following:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsx)(n.li,{children:(0,t.jsx)(n.strong,{children:"Python 3.10.16+"})}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"pip"})," (usually included with Python) or ",(0,t.jsx)(n.strong,{children:"uv"})," (install ",(0,t.jsx)(n.a,{href:"https://docs.astral.sh/uv/getting-started/installation/",children:"uv"}),")"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Operating System"}),": macOS, Linux, or Windows (via ",(0,t.jsx)(n.a,{href:"https://learn.microsoft.com/en-us/windows/wsl/",children:"WSL"}),")"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"LLM API key"})," from any major provider or your own custom endpoint"]}),"\n"]}),"\n",(0,t.jsx)(n.h1,{id:"installation",children:"Installation"}),"\n",(0,t.jsxs)(n.p,{children:["The ",(0,t.jsx)(n.a,{href:"https://pypi.org/project/solace-agent-mesh",children:"Solace Agent Mesh Module"})," includes two components:"]}),"\n",(0,t.jsxs)(n.ol,{children:["\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Agent Mesh CLI"}),": Create, build, run, and extend Agent Mesh"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Agent Mesh framework"}),": A Python-based framework for customizing and extending SAM's capabilities"]}),"\n"]}),"\n",(0,t.jsx)(n.p,{children:"Installing the PyPI package provides both the Agent Mesh CLI and the framework (which is built on the Python SDK)."}),"\n",(0,t.jsx)(n.p,{children:"First, create a project directory and navigate into it:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-sh",children:"mkdir my-sam && cd my-sam\n"})}),"\n",(0,t.jsx)(n.admonition,{type:"tip",children:(0,t.jsx)(n.p,{children:"We recommend installing the package in a virtual environment to avoid conflicts with other Python packages."})}),"\n",(0,t.jsxs)(s,{children:[(0,t.jsx)("summary",{children:"Creating a Virtual Environment"}),(0,t.jsxs)(s,{children:[(0,t.jsx)("summary",{children:"Using pip"}),(0,t.jsxs)(n.ol,{children:["\n",(0,t.jsx)(n.li,{children:"Create a virtual environment:"}),"\n"]}),(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{children:"python3 -m venv .venv\n"})}),(0,t.jsxs)(n.ol,{start:"2",children:["\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsx)(n.p,{children:"Activate the environment:"}),"\n",(0,t.jsx)(n.p,{children:"On Linux or Unix platforms:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-sh",children:"source .venv/bin/activate\n"})}),"\n",(0,t.jsx)(n.p,{children:"On Windows:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-cmd",children:".venv\\Scripts\\activate\n"})}),"\n"]}),"\n"]})]}),(0,t.jsxs)(s,{children:[(0,t.jsx)("summary",{children:"Using uv"}),(0,t.jsxs)(n.ol,{children:["\n",(0,t.jsx)(n.li,{children:"Create a virtual environment:"}),"\n"]}),(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{children:"uv venv .venv\n"})}),(0,t.jsxs)(n.ol,{start:"2",children:["\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsx)(n.p,{children:"Activate the environment:"}),"\n",(0,t.jsx)(n.p,{children:"On Linux or Unix platforms:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-sh",children:"source .venv/bin/activate\n"})}),"\n",(0,t.jsx)(n.p,{children:"On Windows:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-cmd",children:".venv\\Scripts\\activate\n"})}),"\n"]}),"\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsx)(n.p,{children:"Set the following environment variables:"}),"\n",(0,t.jsx)(n.p,{children:"On Linux or Unix platforms:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-sh",children:'export SAM_PLUGIN_INSTALL_COMMAND="uv pip install {package}"\n'})}),"\n",(0,t.jsx)(n.p,{children:"On Windows:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-cmd",children:'set SAM_PLUGIN_INSTALL_COMMAND="uv pip install {package}"\n'})}),"\n"]}),"\n"]})]})]}),"\n",(0,t.jsx)(n.h2,{id:"install-agent-mesh",children:"Install Agent Mesh"}),"\n",(0,t.jsx)(n.p,{children:"The following command installs Agent Mesh CLI in your environment:"}),"\n",(0,t.jsxs)(s,{children:[(0,t.jsx)("summary",{children:"Using pip"}),(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-sh",children:"pip install solace-agent-mesh\n"})})]}),"\n",(0,t.jsxs)(s,{children:[(0,t.jsx)("summary",{children:"Using uv"}),(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-sh",children:"uv pip install solace-agent-mesh\n"})})]}),"\n",(0,t.jsxs)(n.admonition,{title:"Docker Alternative",type:"info",children:[(0,t.jsxs)(n.p,{children:["Alternatively, you can use our pre-built Docker image to run Agent Mesh CLI commands without a local Python installation. This approach is useful for quick tasks or CI/CD environments. The pre-built Docker image is configured with group ",(0,t.jsx)(n.code,{children:"solaceai"})," and non-root user ",(0,t.jsx)(n.code,{children:"solaceai"}),"."]}),(0,t.jsx)(n.p,{children:"To verify the installation using Docker, run:"}),(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-sh",children:"docker run --rm solace/solace-agent-mesh:latest --version\n"})}),(0,t.jsxs)(n.p,{children:["This command pulls the latest image (if not already present) and executes ",(0,t.jsx)(n.code,{children:"solace-agent-mesh --version"})," inside the container. The ",(0,t.jsx)(n.code,{children:"--rm"})," flag ensures the container is removed after execution."]}),(0,t.jsxs)(n.p,{children:["If your host OS architecture is not ",(0,t.jsx)(n.code,{children:"linux/amd64"}),", you need to add ",(0,t.jsx)(n.code,{children:"--platform linux/amd64"})," when running the container."]}),(0,t.jsxs)(n.p,{children:["For more complex operations like building a project, you need to mount your project directory into the container. See the ",(0,t.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/getting-started/try-agent-mesh",children:"Quick Start guide"})," for examples."]})]}),"\n",(0,t.jsxs)(n.admonition,{title:"Browser Requirement",type:"warning",children:[(0,t.jsxs)(n.p,{children:["The ",(0,t.jsx)(n.code,{children:"Mermaid"})," agent requires a browser with headless mode support to render diagrams. Use ",(0,t.jsx)(n.code,{children:"playwright"})," to install the browser dependencies. If you are using the Docker image, this is already included."]}),(0,t.jsx)(n.p,{children:"To install the browser dependencies, run:"}),(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-sh",children:"playwright install\n"})})]}),"\n",(0,t.jsx)(n.h2,{id:"verify-installation",children:"Verify Installation"}),"\n",(0,t.jsx)(n.p,{children:"Run the following Agent Mesh CLI command to verify your installation:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-sh",children:"solace-agent-mesh --version\n"})}),"\n",(0,t.jsxs)(n.admonition,{type:"tip",children:[(0,t.jsxs)(n.p,{children:["For easier access to the Agent Mesh CLI, you can also use the ",(0,t.jsx)(n.code,{children:"sam"})," alias:"]}),(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-sh",children:"sam --version\n"})})]}),"\n",(0,t.jsx)(n.p,{children:"To get a list of available commands, run:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-sh",children:"solace-agent-mesh --help\n"})}),"\n",(0,t.jsx)(n.h2,{id:"next-steps",children:"Next Steps"}),"\n",(0,t.jsx)(n.p,{children:"After successful installation, choose your next step based on your goals:"}),"\n",(0,t.jsxs)(n.p,{children:[(0,t.jsx)(n.strong,{children:"For Quick Exploration"}),": If you want to try SAM's capabilities immediately without project setup, use the ",(0,t.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/getting-started/try-agent-mesh",children:"Docker quick start"})," to explore SAM with minimal configuration."]}),"\n",(0,t.jsxs)(n.p,{children:[(0,t.jsx)(n.strong,{children:"For Development Work"}),": If you're ready to build a complete project with full control over configuration, proceed directly to the ",(0,t.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/installing-and-configuring/run-project",children:"project setup guide"}),"."]}),"\n",(0,t.jsxs)(n.p,{children:[(0,t.jsx)(n.strong,{children:"To Learn More"}),": Explore the system components by reading about ",(0,t.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/components/agents",children:"agents"})," and ",(0,t.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/components/gateways",children:"gateways"}),"."]})]})}function h(e={}){const{wrapper:n}={...(0,r.R)(),...e.components};return n?(0,t.jsx)(n,{...e,children:(0,t.jsx)(d,{...e})}):d(e)}},8453:(e,n,s)=>{s.d(n,{R:()=>o,x:()=>a});var i=s(6540);const t={},r=i.createContext(t);function o(e){const n=i.useContext(r);return i.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function a(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(t):e.components||t:o(e.components),i.createElement(r.Provider,{value:n},e.children)}}}]);

solace_agent_mesh/assets/docs/assets/js/5b8d9c11.d4eb37b8.js

@@ -0,0 +1 @@
+"use strict";(self.webpackChunksolace_agenitc_mesh_docs=self.webpackChunksolace_agenitc_mesh_docs||[]).push([[8396],{1781:(e,n,i)=>{i.r(n),i.d(n,{assets:()=>l,contentTitle:()=>o,default:()=>h,frontMatter:()=>a,metadata:()=>t,toc:()=>c});const t=JSON.parse('{"id":"documentation/migrations/platform-service-split","title":"Migration to Platform Service (Enterprise v1.27.0+)","description":"\u2705 This Guide Applies To:","source":"@site/docs/documentation/migrations/platform-service-split.md","sourceDirName":"documentation/migrations","slug":"/documentation/migrations/platform-service-split","permalink":"/solace-agent-mesh/docs/documentation/migrations/platform-service-split","draft":false,"unlisted":false,"editUrl":"https://github.com/SolaceLabs/solace-agent-mesh/edit/main/docs/docs/documentation/migrations/platform-service-split.md","tags":[],"version":"current","sidebarPosition":20,"frontMatter":{"title":"Migration to Platform Service (Enterprise v1.27.0+)","sidebar_position":20},"sidebar":"docSidebar","previous":{"title":"Proxy Configuration","permalink":"/solace-agent-mesh/docs/documentation/deploying/proxy_configuration"},"next":{"title":"Migration Guide: Upgrading to the A2A SDK","permalink":"/solace-agent-mesh/docs/documentation/migrations/a2a-upgrade/a2a-gateway-upgrade-to-0.3.0"}}');var s=i(4848),r=i(8453);const a={title:"Migration to Platform Service (Enterprise v1.27.0+)",sidebar_position:20},o=void 0,l={},c=[{value:"\u2705 This Guide Applies To:",id:"-this-guide-applies-to",level:3},{value:"\u274c This Guide Does NOT Apply To:",id:"-this-guide-does-not-apply-to",level:3},{value:"Overview",id:"overview",level:2},{value:"What's Changing",id:"whats-changing",level:2},{value:"Split",id:"split",level:3},{value:"Functionality Distribution",id:"functionality-distribution",level:3},{value:"Migration Steps",id:"migration-steps",level:2},{value:"Step 1: Create Platform Service Configuration",id:"step-1-create-platform-service-configuration",level:3},{value:"Step 2: Update WebUI Configuration",id:"step-2-update-webui-configuration",level:3},{value:"Step 3: Run Platform Service",id:"step-3-run-platform-service",level:3},{value:"Verification",id:"verification",level:2}];function d(e){const n={a:"a",admonition:"admonition",code:"code",h2:"h2",h3:"h3",li:"li",ol:"ol",p:"p",pre:"pre",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",ul:"ul",...(0,r.R)(),...e.components};return(0,s.jsxs)(s.Fragment,{children:[(0,s.jsx)(n.h3,{id:"-this-guide-applies-to",children:"\u2705 This Guide Applies To:"}),"\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.strong,{children:"Users running SAM manually with YAML files"})," - Typically after generating your SAM application with ",(0,s.jsx)(n.code,{children:"sam init"}),", you run SAM directly using configuration files (e.g., ",(0,s.jsx)(n.code,{children:"sam run configs/gateways/webui.yaml"}),")"]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsxs)(n.strong,{children:["Users using Enterprise features and have an existing ",(0,s.jsx)(n.code,{children:"platform.db"})]})," - You are using features like Agent Builder, Connectors, or other enterprise capabilities that have created a ",(0,s.jsx)(n.code,{children:"platform.db"})," file"]}),"\n"]}),"\n",(0,s.jsx)(n.h3,{id:"-this-guide-does-not-apply-to",children:"\u274c This Guide Does NOT Apply To:"}),"\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.strong,{children:"Users using Docker images"})," - If you're using Solace's pre-packaged Docker images via the Docker quickstart or Kubernetes deployments with Helm charts, this migration is handled automatically"]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsxs)(n.strong,{children:["Users with no existing ",(0,s.jsx)(n.code,{children:"platform.db"})]})," - If you don't have an existing ",(0,s.jsx)(n.code,{children:"platform.db"})," file or have not been using enterprise features"]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.strong,{children:"SAM Community Edition users"})," - This migration only applies to SAM Enterprise"]}),"\n"]}),"\n",(0,s.jsx)(n.h2,{id:"overview",children:"Overview"}),"\n",(0,s.jsx)(n.p,{children:"Previously, backend enterprise functionality was served from the WebUI Gateway. With version 1.27.0+, the architecture splits the WebUI Gateway into two separate services:"}),"\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.strong,{children:"WebUI Gateway"})," (port 8000): Handles chat sessions, task submissions, and real-time streaming"]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.strong,{children:"Platform Service"})," (port 8001): Handles Agent Builder, Connector management, and deployment orchestration"]}),"\n"]}),"\n",(0,s.jsx)(n.h2,{id:"whats-changing",children:"What's Changing"}),"\n",(0,s.jsx)(n.h3,{id:"split",children:"Split"}),"\n",(0,s.jsxs)(n.table,{children:[(0,s.jsx)(n.thead,{children:(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.th,{}),(0,s.jsx)(n.th,{children:"Until v1.24.x"}),(0,s.jsx)(n.th,{children:"After v1.27.0"})]})}),(0,s.jsxs)(n.tbody,{children:[(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{children:(0,s.jsx)(n.strong,{children:"Architecture"})}),(0,s.jsx)(n.td,{children:"WebUI Gateway"}),(0,s.jsx)(n.td,{children:"WebUI Gateway + Platform Service"})]}),(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{children:(0,s.jsx)(n.strong,{children:"Ports"})}),(0,s.jsx)(n.td,{children:"Single port (8000)"}),(0,s.jsx)(n.td,{children:"WebUI (8000) + Platform (8001)"})]}),(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{children:(0,s.jsx)(n.strong,{children:"Configuration"})}),(0,s.jsx)(n.td,{children:"One YAML file"}),(0,s.jsx)(n.td,{children:"Two YAML files"})]})]})]}),"\n",(0,s.jsx)(n.h3,{id:"functionality-distribution",children:"Functionality Distribution"}),"\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"WebUI Gateway (port 8000)"}),":"]}),"\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsx)(n.li,{children:"Chat interface and sessions"}),"\n",(0,s.jsx)(n.li,{children:"Task submission and management"}),"\n",(0,s.jsx)(n.li,{children:"Server-Sent Events (SSE) streaming"}),"\n",(0,s.jsx)(n.li,{children:"Artifact management"}),"\n",(0,s.jsx)(n.li,{children:"Real-time agent interactions"}),"\n"]}),"\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Platform Service (port 8001)"}),":"]}),"\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsx)(n.li,{children:"Agent Builder (UI-based agent creation)"}),"\n",(0,s.jsx)(n.li,{children:"Connector management"}),"\n",(0,s.jsx)(n.li,{children:"Deployment orchestration"}),"\n",(0,s.jsx)(n.li,{children:"Background tasks (heartbeat monitoring, deployment tracking)"}),"\n"]}),"\n",(0,s.jsx)(n.admonition,{type:"warning",children:(0,s.jsx)(n.p,{children:"If you upgrade to v1.27.0+ without completing this migration, users will lose access to the Agent Builder, Connector management, and dynamic agent deployment capabilities. Chat functionality will continue to work, but enterprise features will be unavailable."})}),"\n",(0,s.jsx)(n.h2,{id:"migration-steps",children:"Migration Steps"}),"\n",(0,s.jsx)(n.h3,{id:"step-1-create-platform-service-configuration",children:"Step 1: Create Platform Service Configuration"}),"\n",(0,s.jsxs)(n.p,{children:["Create a new file ",(0,s.jsx)(n.code,{children:"configs/services/platform.yaml"})," in your project with the contents from ",(0,s.jsx)(n.a,{href:"https://raw.githubusercontent.com/SolaceLabs/solace-agent-mesh/main/templates/platform.yaml",children:"templates/platform.yaml"}),":"]}),"\n",(0,s.jsx)(n.admonition,{type:"important",children:(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.code,{children:"app_config.database_url"})," must point to the existing ",(0,s.jsx)(n.code,{children:"platform.db"})," to retain agent and deployment data."]})}),"\n",(0,s.jsx)(n.h3,{id:"step-2-update-webui-configuration",children:"Step 2: Update WebUI Configuration"}),"\n",(0,s.jsxs)(n.p,{children:["Update your existing ",(0,s.jsx)(n.code,{children:"configs/gateways/webui.yaml"})," to include the Platform Service URL:"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-yaml",children:'apps:\n  - name: a2a_webui_app\n    app_module: solace_agent_mesh.gateway.http_sse.app\n     \n    # Omitted sections for brevity...\n\n    app_config:\n      namespace: ${NAMESPACE}\n\n      # Add the following section to point to the Platform Service\n      platform_service:\n        url: "${PLATFORM_SERVICE_URL, http://localhost:8001}"\n'})}),"\n",(0,s.jsxs)(n.p,{children:["Delete ",(0,s.jsx)(n.code,{children:"platform_service.database_url"})," from your WebUI yaml, as it is no longer needed."]}),"\n",(0,s.jsx)(n.h3,{id:"step-3-run-platform-service",children:"Step 3: Run Platform Service"}),"\n",(0,s.jsx)(n.p,{children:"In addition to running the WebUI Gateway, also start the Platform Service:"}),"\n",(0,s.jsx)(n.p,{children:"Within the same process:"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"sam run configs/gateways/webui.yaml configs/services/platform.yaml\n"})}),"\n",(0,s.jsx)(n.p,{children:"Or within its own process:"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"sam run configs/services/platform.yaml\n"})}),"\n",(0,s.jsx)(n.h2,{id:"verification",children:"Verification"}),"\n",(0,s.jsx)(n.p,{children:"After completing the migration, verify both services are running correctly:"}),"\n",(0,s.jsxs)(n.ol,{children:["\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Check WebUI Gateway"}),":"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:'curl http://localhost:8000/health\n# Should return: {"status":"A2A Web UI Backend is running"}\n'})}),"\n"]}),"\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Check Platform Service"}),":"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:'curl http://localhost:8001/health\n# Should return: {"status":"healthy","service":"Platform Service"}\n'})}),"\n"]}),"\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Verify Frontend Configuration"}),":"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:'curl http://localhost:8000/api/v1/config\n# Should include frontend_platform_server_url set to the Platform Service URL"\n'})}),"\n"]}),"\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Test Agent Builder"})," - Access the web UI and navigate to Agent Builder. You should be able to create and manage agents through the UI."]}),"\n"]}),"\n"]})]})}function h(e={}){const{wrapper:n}={...(0,r.R)(),...e.components};return n?(0,s.jsx)(n,{...e,children:(0,s.jsx)(d,{...e})}):d(e)}},8453:(e,n,i)=>{i.d(n,{R:()=>a,x:()=>o});var t=i(6540);const s={},r=t.createContext(s);function a(e){const n=t.useContext(r);return t.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function o(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(s):e.components||s:a(e.components),t.createElement(r.Provider,{value:n},e.children)}}}]);

solace_agent_mesh/assets/docs/assets/js/5c2bd65f.1ee87753.js

@@ -0,0 +1 @@
+"use strict";(self.webpackChunksolace_agenitc_mesh_docs=self.webpackChunksolace_agenitc_mesh_docs||[]).push([[5236],{4473:(e,n,t)=>{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>a,default:()=>u,frontMatter:()=>r,metadata:()=>i,toc:()=>c});const i=JSON.parse('{"id":"documentation/deploying/deployment-options","title":"Choosing Deployment Options","description":"Agent Mesh offers flexible deployment options designed to meet different operational requirements. Understanding these options helps you choose the right approach for your specific environment and scale needs.","source":"@site/docs/documentation/deploying/deployment-options.md","sourceDirName":"documentation/deploying","slug":"/documentation/deploying/deployment-options","permalink":"/solace-agent-mesh/docs/documentation/deploying/deployment-options","draft":false,"unlisted":false,"editUrl":"https://github.com/SolaceLabs/solace-agent-mesh/edit/main/docs/docs/documentation/deploying/deployment-options.md","tags":[],"version":"current","sidebarPosition":10,"frontMatter":{"title":"Choosing Deployment Options","sidebar_position":10},"sidebar":"docSidebar","previous":{"title":"Deploying Agent Mesh","permalink":"/solace-agent-mesh/docs/documentation/deploying/"},"next":{"title":"Kubernetes","permalink":"/solace-agent-mesh/docs/documentation/deploying/kubernetes/"}}');var s=t(4848),o=t(8453);const r={title:"Choosing Deployment Options",sidebar_position:10},a="Choosing Deployment Options",l={},c=[{value:"Development Environment",id:"development-environment",level:2},{value:"Production Environment",id:"production-environment",level:2},{value:"Deploying with Docker",id:"deploying-with-docker",level:3},{value:"Deploying with Kubernetes",id:"deploying-with-kubernetes",level:3},{value:"Separating and Scaling Components",id:"separating-and-scaling-components",level:3},{value:"Managing Storage Requirements",id:"managing-storage-requirements",level:3},{value:"Implementing Security Best Practices",id:"implementing-security-best-practices",level:3},{value:"Configuring Solace Event Broker",id:"configuring-solace-event-broker",level:3},{value:"Setting up Queue Templates",id:"setting-up-queue-templates",level:3}];function d(e){const n={a:"a",admonition:"admonition",br:"br",code:"code",em:"em",h1:"h1",h2:"h2",h3:"h3",header:"header",li:"li",ol:"ol",p:"p",pre:"pre",strong:"strong",ul:"ul",...(0,o.R)(),...e.components};return(0,s.jsxs)(s.Fragment,{children:[(0,s.jsx)(n.header,{children:(0,s.jsx)(n.h1,{id:"choosing-deployment-options",children:"Choosing Deployment Options"})}),"\n",(0,s.jsx)(n.p,{children:"Agent Mesh offers flexible deployment options designed to meet different operational requirements. Understanding these options helps you choose the right approach for your specific environment and scale needs."}),"\n",(0,s.jsx)(n.h2,{id:"development-environment",children:"Development Environment"}),"\n",(0,s.jsx)(n.p,{children:"During development, simplicity and rapid iteration are key priorities. The Agent Mesh CLI provides a streamlined way to run your entire project as a single application, making it easy to test changes and debug issues locally."}),"\n",(0,s.jsxs)(n.p,{children:["The development setup automatically loads environment variables from your configuration file (typically a ",(0,s.jsx)(n.code,{children:".env"})," file at the project root), eliminating the need for complex environment management:"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"sam run\n"})}),"\n",(0,s.jsx)(n.p,{children:"This command starts all configured components together, providing immediate feedback and allowing you to see how different agents interact within your mesh."}),"\n",(0,s.jsx)(n.h2,{id:"production-environment",children:"Production Environment"}),"\n",(0,s.jsx)(n.p,{children:"Production deployments require different considerations than development environments. You need reproducible builds, scalable infrastructure, and robust monitoring capabilities. Containerization addresses these requirements by providing consistent runtime environments and enabling modern orchestration platforms."}),"\n",(0,s.jsx)(n.p,{children:"We recommend using Docker for single-node deployments or Kubernetes for multi-node, scalable deployments. These technologies ensure your application runs consistently across different environments and can scale to meet demand."}),"\n",(0,s.jsx)(n.admonition,{title:"Platform Compatibility",type:"note",children:(0,s.jsxs)(n.p,{children:["If your host system architecture is not ",(0,s.jsx)(n.code,{children:"linux/amd64"}),", add the ",(0,s.jsx)(n.code,{children:"--platform linux/amd64"})," flag when you run the container to ensure compatibility with the pre-built images."]})}),"\n",(0,s.jsx)(n.h3,{id:"deploying-with-docker",children:"Deploying with Docker"}),"\n",(0,s.jsx)(n.p,{children:"Docker provides an excellent foundation for production deployments because it packages your application with all its dependencies into a portable container. This approach ensures consistent behavior across different environments and simplifies deployment processes."}),"\n",(0,s.jsx)(n.p,{children:"The following Dockerfile demonstrates how to containerize an Agent Mesh project:"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-Dockerfile",children:'FROM solace/solace-agent-mesh:latest\nWORKDIR /app\n\n# Install Python dependencies\nCOPY ./requirements.txt /app/requirements.txt\nRUN python3.11 -m pip install --no-cache-dir -r /app/requirements.txt\n\n# Copy project files\nCOPY . /app\n\nCMD ["run", "--system-env"]\n\n# To run one specific component, use:\n# CMD ["run", "--system-env", "configs/agents/main_orchestrator.yaml"]\n\n'})}),"\n",(0,s.jsxs)(n.p,{children:["To optimize build performance and security, create a ",(0,s.jsx)(n.code,{children:".dockerignore"})," file that excludes unnecessary files from the Docker build context:"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{children:".env\n*.log\ndist\n.git\n.vscode\n.DS_Store\n"})}),"\n",(0,s.jsx)(n.h3,{id:"deploying-with-kubernetes",children:"Deploying with Kubernetes"}),"\n",(0,s.jsx)(n.p,{children:"Kubernetes excels at managing containerized applications at scale, providing features like automatic scaling, rolling updates, and self-healing capabilities. When your Agent Mesh deployment needs to handle varying loads or requires high availability, Kubernetes becomes the preferred orchestration platform."}),"\n",(0,s.jsxs)(n.p,{children:["Agent Mesh provides Helm charts for Kubernetes deployments that handle resource management, scaling, and configuration. For prerequisites, Helm setup, and production configurations, see ",(0,s.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/deploying/kubernetes/",children:"Kubernetes"}),"."]}),"\n",(0,s.jsx)(n.h3,{id:"separating-and-scaling-components",children:"Separating and Scaling Components"}),"\n",(0,s.jsx)(n.p,{children:"A microservices approach to deployment offers significant advantages for production systems. By splitting your Agent Mesh components into separate containers, you achieve better fault isolation, independent scaling, and more granular resource management."}),"\n",(0,s.jsx)(n.p,{children:"This architectural pattern ensures that if one component experiences issues, the rest of your system continues operating normally. When the failed component restarts, it automatically rejoins the mesh through the Solace event broker, maintaining system resilience."}),"\n",(0,s.jsx)(n.p,{children:"To implement component separation:"}),"\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Reuse the same Docker image"}),": Your base container image remains consistent across all components, simplifying maintenance and ensuring compatibility."]}),"\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Customize startup commands"}),": Each container runs only the components it needs by specifying different configuration files in the startup command."]}),"\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Scale independently"}),": Components with higher resource demands or traffic can be scaled separately, optimizing resource utilization and cost."]}),"\n",(0,s.jsx)(n.p,{children:"For example, you might run your main orchestrator in one deployment while scaling your specialized tool agents in separate deployments based on demand."}),"\n",(0,s.jsx)(n.h3,{id:"managing-storage-requirements",children:"Managing Storage Requirements"}),"\n",(0,s.jsx)(n.p,{children:"When deploying multiple containers, shared storage becomes critical for maintaining consistency across your Agent Mesh deployment. All container instances must access the same storage location with identical configurations to ensure proper operation."}),"\n",(0,s.jsx)(n.admonition,{title:"Shared Storage Requirement",type:"warning",children:(0,s.jsx)(n.p,{children:"If using multiple containers, ensure all instances access the same storage with identical configurations. Inconsistent storage configurations can lead to data synchronization issues and unpredictable behavior."})}),"\n",(0,s.jsx)(n.p,{children:"Consider using persistent volumes in Kubernetes or shared file systems in Docker deployments to meet this requirement."}),"\n",(0,s.jsx)(n.h3,{id:"implementing-security-best-practices",children:"Implementing Security Best Practices"}),"\n",(0,s.jsx)(n.p,{children:"Production deployments require robust security measures to protect sensitive data and ensure system integrity. Implementing these practices helps safeguard your Agent Mesh deployment against common security threats."}),"\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Environment Variables and Secrets Management"}),": Never store sensitive information like API keys, passwords, or certificates in ",(0,s.jsx)(n.code,{children:".env"})," files or container images. Instead, use dedicated secret management solutions such as AWS Secrets Manager, HashiCorp Vault, or Kubernetes Secrets. These tools provide encryption at rest, access controls, and audit trails for sensitive data."]}),"\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"TLS Encryption"}),": All communication channels should use TLS encryption to protect data in transit. This includes communication between Agent Mesh components and connections to the Solace event broker. TLS prevents eavesdropping and ensures data integrity during transmission."]}),"\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Container Security"}),": Maintain security throughout your container lifecycle by regularly updating base images to include the latest security patches. Implement security scanning tools like Trivy or Clair in your CI/CD pipeline to identify vulnerabilities before deployment. Additionally, run containers with minimal privileges and avoid running processes as root when possible."]}),"\n",(0,s.jsx)(n.h3,{id:"configuring-solace-event-broker",children:"Configuring Solace Event Broker"}),"\n",(0,s.jsx)(n.p,{children:"The Solace event broker serves as the communication backbone for your agent mesh, handling all message routing and delivery between components. For production environments, using a Solace Cloud-managed event broker provides significant advantages over self-managed installations."}),"\n",(0,s.jsx)(n.p,{children:"Solace Cloud-managed event brokers offer built-in high availability, automatic scaling, security updates, and professional support. These managed services eliminate the operational overhead of maintaining event broker infrastructure while providing enterprise-grade reliability and performance."}),"\n",(0,s.jsxs)(n.p,{children:["For more information about cloud-managed options, see ",(0,s.jsx)(n.a,{href:"https://solace.com/products/event-broker/",children:"Solace Cloud"}),". For detailed configuration instructions, see ",(0,s.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/installing-and-configuring/configurations#event-broker-connection",children:"Configuring the Event Broker Connection"}),"."]}),"\n",(0,s.jsx)(n.h3,{id:"setting-up-queue-templates",children:"Setting up Queue Templates"}),"\n",(0,s.jsxs)(n.p,{children:["When the ",(0,s.jsx)(n.code,{children:"app.broker.temporary_queue"})," parameter is set to ",(0,s.jsx)(n.code,{children:"true"})," (default), the system uses ",(0,s.jsx)(n.a,{href:"https://docs.solace.com/Messaging/Guaranteed-Msg/Endpoints.htm#temporary-endpoints",children:"temporary endpoints"})," for A2A communication. Temporary queues are automatically created and deleted by the broker, which simplifies management and removes the need for manual cleanup. However, temporary queues do not support multiple client connections to the same queue, which may be limiting in scenarios where you run multiple instances of the same agent or need to start a new instance while an old one is still running."]}),"\n",(0,s.jsxs)(n.p,{children:["If you set ",(0,s.jsx)(n.code,{children:"temporary_queue"})," to ",(0,s.jsx)(n.code,{children:"false"}),", the system will create a durable queue for the client. Durable queues persist beyond the lifetime of a client connection, allowing multiple clients to connect to the same queue and ensuring messages are not lost if the client disconnects. However, this requires manual management of queues, including cleanup of unused ones."]}),"\n",(0,s.jsx)(n.admonition,{type:"tip",children:(0,s.jsxs)(n.p,{children:["For production environments that are container-managed (for example, Kubernetes), we recommend setting ",(0,s.jsx)(n.code,{children:"temporary_queue"})," to ",(0,s.jsx)(n.code,{children:"false"})," by setting the environment variable ",(0,s.jsx)(n.code,{children:"USE_TEMPORARY_QUEUES=false"}),".",(0,s.jsx)(n.br,{}),"\n","Using temporary queues in these environments can cause startup issues, since a new container may fail to connect if the previous instance is still running and holding the queue. Durable queues avoid this by allowing multiple agent instances to share the same queue."]})}),"\n",(0,s.jsxs)(n.p,{children:["To prevent messages from piling up in a durable queue when an agent is not running, the queue should be configured with a message TTL (time-to-live) and the ",(0,s.jsx)(n.strong,{children:"Respect Message TTL"})," option enabled. To apply these settings automatically for all new queues, you can create a ",(0,s.jsx)(n.a,{href:"https://docs.solace.com/Messaging/Guaranteed-Msg/Configuring-Endpoint-Templates.htm",children:"Queue Template"})," for your Solace Agent Mesh clients."]}),"\n",(0,s.jsx)(n.p,{children:"To create a queue template in the Solace Cloud Console:"}),"\n",(0,s.jsxs)(n.ol,{children:["\n",(0,s.jsxs)(n.li,{children:["Navigate to ",(0,s.jsx)(n.strong,{children:"Message VPNs"})," and select your VPN."]}),"\n",(0,s.jsxs)(n.li,{children:["Go to the ",(0,s.jsx)(n.strong,{children:"Queues"})," page."]}),"\n",(0,s.jsxs)(n.li,{children:["Open the ",(0,s.jsx)(n.strong,{children:"Templates"})," tab."]}),"\n",(0,s.jsxs)(n.li,{children:["Click ",(0,s.jsx)(n.strong,{children:"+ Queue Template"}),"."]}),"\n"]}),"\n",(0,s.jsx)(n.p,{children:"Use the following settings for the template:"}),"\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.strong,{children:"Queue Name Filter"})," = ",(0,s.jsx)(n.code,{children:"{NAMESPACE}/>"}),(0,s.jsx)(n.br,{}),"\n","(Replace ",(0,s.jsx)(n.code,{children:"{NAMESPACE}"})," with the namespace defined in your configuration, for example, ",(0,s.jsx)(n.code,{children:"sam/"}),")"]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.strong,{children:"Respect TTL"})," = ",(0,s.jsx)(n.code,{children:"true"}),(0,s.jsx)(n.br,{}),"\n",(0,s.jsx)(n.em,{children:"(Under: Advanced Settings > Message Expiry)"})]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.strong,{children:"Maximum TTL (sec)"})," = ",(0,s.jsx)(n.code,{children:"18000"}),(0,s.jsx)(n.br,{}),"\n",(0,s.jsx)(n.em,{children:"(Under: Advanced Settings > Message Expiry)"})]}),"\n"]}),"\n",(0,s.jsxs)(n.admonition,{type:"info",children:[(0,s.jsxs)(n.p,{children:["Queue templates are only applied when a new queue is created from the messaging client.",(0,s.jsx)(n.br,{}),"\n","If you have already been running SAM with ",(0,s.jsx)(n.code,{children:"temporary_queue"})," set to ",(0,s.jsx)(n.code,{children:"false"}),", your durable queues were created before the template existed.",(0,s.jsx)(n.br,{}),"\n","To apply TTL settings to those queues, either:"]}),(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsxs)(n.li,{children:["Enable ",(0,s.jsx)(n.strong,{children:"TTL"})," and ",(0,s.jsx)(n.strong,{children:"Respect TTL"})," manually in the Solace console on each queue, or"]}),"\n",(0,s.jsx)(n.li,{children:"Delete the existing queues and restart SAM to have them recreated automatically using the new template."}),"\n"]})]})]})}function u(e={}){const{wrapper:n}={...(0,o.R)(),...e.components};return n?(0,s.jsx)(n,{...e,children:(0,s.jsx)(d,{...e})}):d(e)}},8453:(e,n,t)=>{t.d(n,{R:()=>r,x:()=>a});var i=t(6540);const s={},o=i.createContext(s);function r(e){const n=i.useContext(o);return i.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function a(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(s):e.components||s:r(e.components),i.createElement(o.Provider,{value:n},e.children)}}}]);

solace_agent_mesh/assets/docs/assets/js/60702c0e.a8bdd79b.js

@@ -0,0 +1 @@
+"use strict";(self.webpackChunksolace_agenitc_mesh_docs=self.webpackChunksolace_agenitc_mesh_docs||[]).push([[1428],{1263:(e,n,t)=>{t.r(n),t.d(n,{assets:()=>c,contentTitle:()=>a,default:()=>p,frontMatter:()=>o,metadata:()=>i,toc:()=>l});const i=JSON.parse('{"id":"documentation/developing/tutorials/teams-integration","title":"Microsoft Teams Integration (Enterprise)","description":"This tutorial shows you how to integrate Microsoft Teams with Agent Mesh Enterprise, allowing users to interact with the system directly from Teams workspaces and channels.","source":"@site/docs/documentation/developing/tutorials/teams-integration.md","sourceDirName":"documentation/developing/tutorials","slug":"/documentation/developing/tutorials/teams-integration","permalink":"/solace-agent-mesh/docs/documentation/developing/tutorials/teams-integration","draft":false,"unlisted":false,"editUrl":"https://github.com/SolaceLabs/solace-agent-mesh/edit/main/docs/docs/documentation/developing/tutorials/teams-integration.md","tags":[],"version":"current","sidebarPosition":70,"frontMatter":{"title":"Microsoft Teams Integration (Enterprise)","sidebar_position":70},"sidebar":"docSidebar","previous":{"title":"RAG Integration","permalink":"/solace-agent-mesh/docs/documentation/developing/tutorials/rag-integration"},"next":{"title":"Deploying Agent Mesh","permalink":"/solace-agent-mesh/docs/documentation/deploying/"}}');var s=t(4848),r=t(8453);const o={title:"Microsoft Teams Integration (Enterprise)",sidebar_position:70},a="Microsoft Teams Integration (Enterprise)",c={},l=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Overview",id:"overview",level:2},{value:"Bot Configuration: Multi-Tenant vs Single-Tenant",id:"bot-configuration-multi-tenant-vs-single-tenant",level:2},{value:"Single-Tenant (Recommended)",id:"single-tenant-recommended",level:3},{value:"Multi-Tenant (Deprecated July 2025)",id:"multi-tenant-deprecated-july-2025",level:3},{value:"Azure Setup",id:"azure-setup",level:2},{value:"Step 1: Create Azure App Registration",id:"step-1-create-azure-app-registration",level:3},{value:"Step 2: Create Azure Bot Service",id:"step-2-create-azure-bot-service",level:3},{value:"Step 3: Add Teams Channel",id:"step-3-add-teams-channel",level:3},{value:"Step 4: Create Teams App Package",id:"step-4-create-teams-app-package",level:3},{value:"Step 5: Upload Teams App",id:"step-5-upload-teams-app",level:3},{value:"Configuring the Gateway",id:"configuring-the-gateway",level:2},{value:"Environment Variables",id:"environment-variables",level:3},{value:"Docker Compose Example",id:"docker-compose-example",level:3},{value:"Kubernetes ConfigMap/Secret",id:"kubernetes-configmapsecret",level:3},{value:"Gateway Configuration Options",id:"gateway-configuration-options",level:3},{value:"Troubleshooting",id:"troubleshooting",level:2},{value:"Error: "App is missing service principal in tenant"",id:"error-app-is-missing-service-principal-in-tenant",level:3}];function d(e){const n={a:"a",admonition:"admonition",code:"code",h1:"h1",h2:"h2",h3:"h3",header:"header",li:"li",ol:"ol",p:"p",pre:"pre",strong:"strong",ul:"ul",...(0,r.R)(),...e.components};return(0,s.jsxs)(s.Fragment,{children:[(0,s.jsx)(n.header,{children:(0,s.jsx)(n.h1,{id:"microsoft-teams-integration-enterprise",children:"Microsoft Teams Integration (Enterprise)"})}),"\n",(0,s.jsx)(n.p,{children:"This tutorial shows you how to integrate Microsoft Teams with Agent Mesh Enterprise, allowing users to interact with the system directly from Teams workspaces and channels."}),"\n",(0,s.jsxs)(n.admonition,{title:"Enterprise Feature - Docker Image Only",type:"warning",children:[(0,s.jsx)(n.p,{children:"The Microsoft Teams Gateway is an Enterprise feature included in the Docker image. It works with both Docker and Kubernetes deployments but is not available when installing via PyPI or wheel files. This feature requires:"}),(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsx)(n.li,{children:"Agent Mesh Enterprise Docker image (deployed via Docker or Kubernetes)"}),"\n",(0,s.jsx)(n.li,{children:"Azure Active Directory tenant access"}),"\n",(0,s.jsx)(n.li,{children:"Azure Bot Service setup"}),"\n"]})]}),"\n",(0,s.jsx)(n.admonition,{title:"Learn about gateways",type:"info",children:(0,s.jsxs)(n.p,{children:["For an introduction to gateways and how they work, see ",(0,s.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/components/gateways",children:"Gateways"}),"."]})}),"\n",(0,s.jsx)(n.h2,{id:"prerequisites",children:"Prerequisites"}),"\n",(0,s.jsx)(n.p,{children:"Before you begin, make sure you have the following:"}),"\n",(0,s.jsxs)(n.ol,{children:["\n",(0,s.jsx)(n.li,{children:"Agent Mesh Enterprise deployed via Docker or Kubernetes"}),"\n",(0,s.jsx)(n.li,{children:"Access to an Azure Active Directory tenant"}),"\n",(0,s.jsx)(n.li,{children:"An Azure subscription for creating Bot Service resources"}),"\n",(0,s.jsx)(n.li,{children:"A public HTTPS endpoint for production, or ngrok for development and testing"}),"\n"]}),"\n",(0,s.jsx)(n.h2,{id:"overview",children:"Overview"}),"\n",(0,s.jsx)(n.p,{children:"The Microsoft Teams Gateway connects your Agent Mesh deployment to Microsoft Teams, enabling several interaction modes. Users can chat directly with the bot in personal conversations, collaborate with the bot in group chats when they mention it, and interact with it in team channels. The gateway handles file uploads in formats including CSV, JSON, PDF, YAML, XML, and images. It also manages file downloads through Microsoft Teams' FileConsentCard approval flow."}),"\n",(0,s.jsx)(n.p,{children:"When users send messages, the gateway streams responses back in real time, updating messages as the agent processes the request. The system automatically extracts user identities through Azure AD authentication, ensuring secure access control. To maintain performance and clarity, sessions reset automatically at midnight UTC each day."}),"\n",(0,s.jsx)(n.p,{children:"The gateway operates in single-tenant mode, meaning it works within your organization's Azure AD tenant. This approach provides better security and simpler management for enterprise deployments."}),"\n",(0,s.jsx)(n.h2,{id:"bot-configuration-multi-tenant-vs-single-tenant",children:"Bot Configuration: Multi-Tenant vs Single-Tenant"}),"\n",(0,s.jsxs)(n.p,{children:["Microsoft Teams bots can be configured as either ",(0,s.jsx)(n.strong,{children:"multi-tenant"})," or ",(0,s.jsx)(n.strong,{children:"single-tenant"}),". The difference is controlled by the ",(0,s.jsx)(n.code,{children:"microsoft_app_tenant_id"})," field:"]}),"\n",(0,s.jsx)(n.h3,{id:"single-tenant-recommended",children:"Single-Tenant (Recommended)"}),"\n",(0,s.jsxs)(n.p,{children:["Users from ",(0,s.jsx)(n.strong,{children:"your organization only"})," can access the bot."]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-yaml",children:"microsoft_app_id: ${TEAMS_BOT_ID}\nmicrosoft_app_password: ${TEAMS_BOT_PASSWORD}\nmicrosoft_app_tenant_id: ${AZURE_TENANT_ID}  # Include this line\n"})}),"\n",(0,s.jsx)(n.h3,{id:"multi-tenant-deprecated-july-2025",children:"Multi-Tenant (Deprecated July 2025)"}),"\n",(0,s.jsxs)(n.p,{children:["Users from ",(0,s.jsx)(n.strong,{children:"any Azure AD organization"})," can access the bot."]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-yaml",children:"microsoft_app_id: ${TEAMS_BOT_ID}\nmicrosoft_app_password: ${TEAMS_BOT_PASSWORD}\n# Do NOT include microsoft_app_tenant_id\n"})}),"\n",(0,s.jsx)(n.admonition,{type:"warning",children:(0,s.jsx)(n.p,{children:"Multi-tenant apps are being deprecated by Microsoft after July 2025. Use single-tenant configuration for new deployments."})}),"\n",(0,s.jsx)(n.p,{children:(0,s.jsx)(n.strong,{children:"This guide uses single-tenant configuration throughout."})}),"\n",(0,s.jsx)(n.p,{children:(0,s.jsx)(n.strong,{children:"Additional Configuration Resources:"})}),"\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsxs)(n.li,{children:["Bot Framework Portal: ",(0,s.jsx)(n.a,{href:"https://dev.botframework.com/bots",children:"https://dev.botframework.com/bots"})]}),"\n",(0,s.jsxs)(n.li,{children:["Teams Developer Portal: ",(0,s.jsx)(n.a,{href:"https://dev.teams.cloud.microsoft/",children:"https://dev.teams.cloud.microsoft/"})]}),"\n"]}),"\n",(0,s.jsx)(n.h2,{id:"azure-setup",children:"Azure Setup"}),"\n",(0,s.jsx)(n.p,{children:"Setting up the Teams integration requires creating several Azure resources. You configure these resources in a specific order because each one depends on information from the previous step."}),"\n",(0,s.jsx)(n.h3,{id:"step-1-create-azure-app-registration",children:"Step 1: Create Azure App Registration"}),"\n",(0,s.jsxs)(n.p,{children:["The App Registration establishes your bot's identity within Azure Active Directory. Go to ",(0,s.jsx)(n.a,{href:"https://portal.azure.com",children:"https://portal.azure.com"}),", then navigate to Azure Active Directory and select ",(0,s.jsx)(n.code,{children:"App registrations"}),". Click ",(0,s.jsx)(n.code,{children:"New registration"}),"."]}),"\n",(0,s.jsxs)(n.p,{children:['Enter a descriptive name like "SAM Teams Bot". Under ',(0,s.jsx)(n.code,{children:"Supported account types"}),", select ",(0,s.jsx)(n.code,{children:"Accounts in this organizational directory only (Single tenant)"}),". Leave the ",(0,s.jsx)(n.code,{children:"Redirect URI"})," blank and click ",(0,s.jsx)(n.code,{children:"Register"}),"."]}),"\n",(0,s.jsxs)(n.p,{children:["Copy both the ",(0,s.jsx)(n.code,{children:"Application (client) ID"})," and ",(0,s.jsx)(n.code,{children:"Directory (tenant) ID"})," from the details page\u2014you need both for later steps."]}),"\n",(0,s.jsxs)(n.p,{children:["Next, go to ",(0,s.jsx)(n.code,{children:"Certificates & secrets"})," and click ",(0,s.jsx)(n.code,{children:"New client secret"}),'. Enter a description like "SAM Bot Secret" and choose an expiration period. Click ',(0,s.jsx)(n.code,{children:"Add"}),"."]}),"\n",(0,s.jsx)(n.admonition,{title:"Save Your Secret",type:"danger",children:(0,s.jsxs)(n.p,{children:["The client secret value appears only once. Copy it immediately and store it securely. This becomes your ",(0,s.jsx)(n.code,{children:"TEAMS_BOT_PASSWORD"})," environment variable."]})}),"\n",(0,s.jsx)(n.h3,{id:"step-2-create-azure-bot-service",children:"Step 2: Create Azure Bot Service"}),"\n",(0,s.jsxs)(n.p,{children:["In the Azure Portal, search for ",(0,s.jsx)(n.code,{children:"Azure Bot"})," and click ",(0,s.jsx)(n.code,{children:"Create"}),". Enter a unique name like ",(0,s.jsx)(n.code,{children:"sam-teams-bot"}),", select your subscription and resource group, and choose a pricing tier (F0 for development, S1 for production)."]}),"\n",(0,s.jsxs)(n.p,{children:["Under ",(0,s.jsx)(n.code,{children:"Microsoft App ID"}),", select ",(0,s.jsx)(n.code,{children:"Use existing app registration"}),". Paste the ",(0,s.jsx)(n.code,{children:"Application (client) ID"})," from Step 1 into the ",(0,s.jsx)(n.code,{children:"App ID"})," field and enter your Azure AD tenant ID in the ",(0,s.jsx)(n.code,{children:"Tenant ID"})," field. Click ",(0,s.jsx)(n.code,{children:"Review + create"}),", then ",(0,s.jsx)(n.code,{children:"Create"}),"."]}),"\n",(0,s.jsxs)(n.p,{children:["After deployment, navigate to the bot resource and go to the ",(0,s.jsx)(n.code,{children:"Configuration"})," section. Set the ",(0,s.jsx)(n.code,{children:"Messaging endpoint"})," to your public HTTPS URL with ",(0,s.jsx)(n.code,{children:"/api/messages"})," appended (e.g., ",(0,s.jsx)(n.code,{children:"https://your-domain.com/api/messages"}),"). This endpoint must be publicly accessible from the internet. Click ",(0,s.jsx)(n.code,{children:"Apply"}),"."]}),"\n",(0,s.jsxs)(n.admonition,{title:"Development Setup",type:"tip",children:[(0,s.jsxs)(n.p,{children:["For local testing, use ",(0,s.jsx)(n.a,{href:"https://ngrok.com/",children:"ngrok"})," to expose your local port:"]}),(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"ngrok http 8080\n"})}),(0,s.jsxs)(n.p,{children:["Then use the ngrok HTTPS URL as your messaging endpoint (e.g., ",(0,s.jsx)(n.code,{children:"https://abc123.ngrok.io/api/messages"}),")"]})]}),"\n",(0,s.jsx)(n.h3,{id:"step-3-add-teams-channel",children:"Step 3: Add Teams Channel"}),"\n",(0,s.jsxs)(n.p,{children:["In your Azure Bot resource, navigate to ",(0,s.jsx)(n.code,{children:"Channels"})," and click the ",(0,s.jsx)(n.code,{children:"Microsoft Teams"})," icon. Leave ",(0,s.jsx)(n.code,{children:"Calling"})," disabled and ensure ",(0,s.jsx)(n.code,{children:"Messaging"})," is enabled. Click ",(0,s.jsx)(n.code,{children:"Apply"})," to activate the channel."]}),"\n",(0,s.jsx)(n.h3,{id:"step-4-create-teams-app-package",children:"Step 4: Create Teams App Package"}),"\n",(0,s.jsxs)(n.p,{children:["Create a new directory with a file named ",(0,s.jsx)(n.code,{children:"manifest.json"})," containing the following:"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-json",children:'{\n  "$schema": "https://developer.microsoft.com/json-schemas/teams/v1.16/MicrosoftTeams.schema.json",\n  "manifestVersion": "1.16",\n  "version": "1.0.0",\n  "id": "YOUR-APP-ID-HERE",\n  "packageName": "com.solace.agentmesh.teams",\n  "developer": {\n    "name": "Your Organization",\n    "websiteUrl": "https://your-company.com",\n    "privacyUrl": "https://your-company.com/privacy",\n    "termsOfUseUrl": "https://your-company.com/terms"\n  },\n  "name": {\n    "short": "Agent Mesh Bot",\n    "full": "Solace Agent Mesh Bot"\n  },\n  "description": {\n    "short": "AI-powered assistant for your organization",\n    "full": "Solace Agent Mesh provides intelligent assistance through Microsoft Teams"\n  },\n  "icons": {\n    "outline": "outline.png",\n    "color": "color.png"\n  },\n  "accentColor": "#00C895",\n  "bots": [\n    {\n      "botId": "YOUR-BOT-ID-HERE",\n      "scopes": ["personal", "team", "groupchat"],\n      "supportsFiles": true,\n      "isNotificationOnly": false\n    }\n  ],\n  "permissions": [\n    "identity",\n    "messageTeamMembers"\n  ],\n  "validDomains": []\n}\n'})}),"\n",(0,s.jsxs)(n.p,{children:["Replace ",(0,s.jsx)(n.code,{children:"YOUR-APP-ID-HERE"})," with your ",(0,s.jsx)(n.code,{children:"Application (client) ID"})," from Step 1 and ",(0,s.jsx)(n.code,{children:"YOUR-BOT-ID-HERE"})," with your Azure Bot ID (usually the same as your App ID). Update the ",(0,s.jsx)(n.code,{children:"developer"})," fields with your organization's information and URLs."]}),"\n",(0,s.jsxs)(n.p,{children:["The ",(0,s.jsx)(n.code,{children:"supportsFiles"})," property enables file uploads and downloads. The ",(0,s.jsx)(n.code,{children:"scopes"})," array specifies where users interact with the bot (personal, team, or group chat). The ",(0,s.jsx)(n.code,{children:"permissions"})," array grants access to user identity and team messaging."]}),"\n",(0,s.jsx)(n.p,{children:"Create two icon files:"}),"\n",(0,s.jsx)(n.admonition,{title:"Icon Requirements",type:"tip",children:(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.code,{children:"color.png"}),": 192x192 pixels, full color"]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.code,{children:"outline.png"}),": 32x32 pixels, white icon on transparent background"]}),"\n"]})}),"\n",(0,s.jsxs)(n.p,{children:["Create a ZIP file containing ",(0,s.jsx)(n.code,{children:"manifest.json"}),", ",(0,s.jsx)(n.code,{children:"color.png"}),", and ",(0,s.jsx)(n.code,{children:"outline.png"}),". Name it ",(0,s.jsx)(n.code,{children:"teams-app.zip"}),"."]}),"\n",(0,s.jsx)(n.h3,{id:"step-5-upload-teams-app",children:"Step 5: Upload Teams App"}),"\n",(0,s.jsxs)(n.p,{children:["Open Microsoft Teams and click ",(0,s.jsx)(n.code,{children:"Apps"})," in the left sidebar. Click ",(0,s.jsx)(n.code,{children:"Manage your apps"}),", then ",(0,s.jsx)(n.code,{children:"Upload an app"}),". Select ",(0,s.jsx)(n.code,{children:"Upload a custom app"})," and choose your ",(0,s.jsx)(n.code,{children:"teams-app.zip"})," file."]}),"\n",(0,s.jsxs)(n.p,{children:["Click ",(0,s.jsx)(n.code,{children:"Add"})," to install the bot in your Teams workspace."]}),"\n",(0,s.jsx)(n.h2,{id:"configuring-the-gateway",children:"Configuring the Gateway"}),"\n",(0,s.jsx)(n.p,{children:"After you set up the Azure resources, you need to configure Agent Mesh Enterprise to connect to Teams. This configuration requires setting environment variables and updating your deployment configuration."}),"\n",(0,s.jsx)(n.h3,{id:"environment-variables",children:"Environment Variables"}),"\n",(0,s.jsx)(n.p,{children:"Set three environment variables for Teams authentication:"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:'TEAMS_BOT_ID="your-azure-bot-id"\nTEAMS_BOT_PASSWORD="your-client-secret-value"\nAZURE_TENANT_ID="your-azure-tenant-id"\n'})}),"\n",(0,s.jsx)(n.admonition,{title:"Tenant ID",type:"info",children:(0,s.jsxs)(n.p,{children:["Find the tenant ID in Azure Portal \u2192 Azure Active Directory \u2192 Overview \u2192 ",(0,s.jsx)(n.code,{children:"Tenant ID"}),". It enables single-tenant authentication, restricting bot access to your organization's Azure AD users."]})}),"\n",(0,s.jsx)(n.h3,{id:"docker-compose-example",children:"Docker Compose Example"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-yaml",children:"version: '3.8'\nservices:\n  agent-mesh-enterprise:\n    image: solace-agent-mesh-enterprise:latest\n    ports:\n      - \"8080:8080\"\n    environment:\n      - TEAMS_BOT_ID=${TEAMS_BOT_ID}\n      - TEAMS_BOT_PASSWORD=${TEAMS_BOT_PASSWORD}\n      - AZURE_TENANT_ID=${AZURE_TENANT_ID}\n      - NAMESPACE=your-namespace\n      - SOLACE_BROKER_URL=ws://broker:8080\n"})}),"\n",(0,s.jsxs)(n.p,{children:["Set ",(0,s.jsx)(n.code,{children:"NAMESPACE"})," to your message broker topic namespace and ",(0,s.jsx)(n.code,{children:"SOLACE_BROKER_URL"})," to your Solace broker instance."]}),"\n",(0,s.jsx)(n.h3,{id:"kubernetes-configmapsecret",children:"Kubernetes ConfigMap/Secret"}),"\n",(0,s.jsxs)(n.p,{children:["Create ",(0,s.jsx)(n.code,{children:"Secret"})," and ",(0,s.jsx)(n.code,{children:"ConfigMap"})," resources in your deployment namespace:"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-yaml",children:'apiVersion: v1\nkind: Secret\nmetadata:\n  name: teams-gateway-credentials\ntype: Opaque\nstringData:\n  bot-id: "your-azure-bot-id"\n  bot-password: "your-client-secret-value"\n  tenant-id: "your-azure-tenant-id"\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n  name: teams-gateway-config\ndata:\n  default-agent: "orchestrator-agent"\n  http-port: "8080"\n'})}),"\n",(0,s.jsx)(n.p,{children:"Reference these resources in your deployment to inject values as environment variables."}),"\n",(0,s.jsx)(n.h3,{id:"gateway-configuration-options",children:"Gateway Configuration Options"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-yaml",children:'component_name: teams-gateway\ncomponent_module: sam_teams_gateway\ncomponent_config:\n  microsoft_app_id: ${TEAMS_BOT_ID}\n  microsoft_app_password: ${TEAMS_BOT_PASSWORD}\n  microsoft_app_tenant_id: ${AZURE_TENANT_ID}  # Required for single-tenant auth\n  default_agent_name: orchestrator-agent\n  http_port: 8080\n  enable_typing_indicator: true\n  buffer_update_interval_seconds: 2\n  initial_status_message: "Processing your request..."\n  system_purpose: |\n    You are an AI assistant helping users through Microsoft Teams.\n  response_format: |\n    Provide clear, concise responses. Use markdown formatting when appropriate.\n'})}),"\n",(0,s.jsx)(n.p,{children:"Key parameters:"}),"\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.code,{children:"microsoft_app_tenant_id"}),": Required for single-tenant authentication; must match your Azure AD tenant ID"]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.code,{children:"default_agent_name"}),": Agent that handles incoming messages"]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.code,{children:"http_port"}),": Must match your container's exposed port"]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.code,{children:"enable_typing_indicator"}),": Shows typing indicator while processing requests"]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.code,{children:"buffer_update_interval_seconds"}),": Controls streaming response update frequency (lower = more real-time, higher = fewer API calls)"]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.code,{children:"initial_status_message"}),": Feedback shown when users first send a message"]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.code,{children:"system_purpose"}),": Defines the bot's role and behavior"]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.code,{children:"response_format"}),": Instructions for response formatting (e.g., markdown)"]}),"\n"]}),"\n",(0,s.jsx)(n.h2,{id:"troubleshooting",children:"Troubleshooting"}),"\n",(0,s.jsx)(n.h3,{id:"error-app-is-missing-service-principal-in-tenant",children:'Error: "App is missing service principal in tenant"'}),"\n",(0,s.jsxs)(n.p,{children:["This error occurs when using single-tenant configuration (with ",(0,s.jsx)(n.code,{children:"microsoft_app_tenant_id"})," set) but the app isn't properly registered in that tenant."]}),"\n",(0,s.jsx)(n.p,{children:(0,s.jsx)(n.strong,{children:"Solution:"})}),"\n",(0,s.jsxs)(n.ol,{children:["\n",(0,s.jsxs)(n.li,{children:["Verify the ",(0,s.jsx)(n.code,{children:"AZURE_TENANT_ID"})," matches your Azure AD tenant"]}),"\n",(0,s.jsxs)(n.li,{children:["Use multi-tenant by removing ",(0,s.jsx)(n.code,{children:"microsoft_app_tenant_id"})," (temporary workaround)"]}),"\n",(0,s.jsxs)(n.li,{children:["Register service principal: ",(0,s.jsx)(n.code,{children:"az ad sp create --id YOUR-APP-ID"})]}),"\n",(0,s.jsxs)(n.li,{children:["Verify your configuration: ",(0,s.jsx)(n.a,{href:"https://dev.botframework.com/bots",children:"https://dev.botframework.com/bots"})]}),"\n"]})]})}function p(e={}){const{wrapper:n}={...(0,r.R)(),...e.components};return n?(0,s.jsx)(n,{...e,children:(0,s.jsx)(d,{...e})}):d(e)}},8453:(e,n,t)=>{t.d(n,{R:()=>o,x:()=>a});var i=t(6540);const s={},r=i.createContext(s);function o(e){const n=i.useContext(r);return i.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function a(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(s):e.components||s:o(e.components),i.createElement(r.Provider,{value:n},e.children)}}}]);

solace_agent_mesh/assets/docs/assets/js/631738c7.fa471607.js

@@ -0,0 +1 @@
+"use strict";(self.webpackChunksolace_agenitc_mesh_docs=self.webpackChunksolace_agenitc_mesh_docs||[]).push([[1445],{3190:(e,n,i)=>{i.r(n),i.d(n,{assets:()=>l,contentTitle:()=>r,default:()=>g,frontMatter:()=>a,metadata:()=>t,toc:()=>c});const t=JSON.parse('{"id":"documentation/deploying/debugging","title":"Diagnosing and Resolving Problems","description":"Effective debugging in Agent Mesh requires a systematic approach that leverages the platform\'s distributed architecture. Because your system consists of multiple agents communicating through a Solace event broker, issues can arise at various levels\u2014from individual agent logic to inter-component communication patterns.","source":"@site/docs/documentation/deploying/debugging.md","sourceDirName":"documentation/deploying","slug":"/documentation/deploying/debugging","permalink":"/solace-agent-mesh/docs/documentation/deploying/debugging","draft":false,"unlisted":false,"editUrl":"https://github.com/SolaceLabs/solace-agent-mesh/edit/main/docs/docs/documentation/deploying/debugging.md","tags":[],"version":"current","sidebarPosition":30,"frontMatter":{"title":"Diagnosing and Resolving Problems","sidebar_position":30},"sidebar":"docSidebar","previous":{"title":"Monitoring Your Agent Mesh","permalink":"/solace-agent-mesh/docs/documentation/deploying/observability"},"next":{"title":"Logging","permalink":"/solace-agent-mesh/docs/documentation/deploying/logging"}}');var s=i(4848),o=i(8453);const a={title:"Diagnosing and Resolving Problems",sidebar_position:30},r="Diagnosing and Resolving Problems",l={},c=[{value:"Isolating Components",id:"isolating-components",level:2},{value:"Examining STIM Files",id:"examining-stim-files",level:2},{value:"Monitoring Event Broker Activity",id:"monitoring-event-broker-activity",level:2},{value:"Using Debug Mode",id:"using-debug-mode",level:2},{value:"Setting Up VSCode Debugging",id:"setting-up-vscode-debugging",level:3},{value:"Invoking Agents Directly",id:"invoking-agents-directly",level:2},{value:"Using Tools for Direct Message Testing",id:"using-tools-for-direct-message-testing",level:3},{value:"Formatting Messages for Direct Invocation",id:"formatting-messages-for-direct-invocation",level:3},{value:"Analyzing System Logs",id:"analyzing-system-logs",level:2}];function d(e){const n={a:"a",code:"code",h1:"h1",h2:"h2",h3:"h3",header:"header",li:"li",ol:"ol",p:"p",pre:"pre",strong:"strong",ul:"ul",...(0,o.R)(),...e.components};return(0,s.jsxs)(s.Fragment,{children:[(0,s.jsx)(n.header,{children:(0,s.jsx)(n.h1,{id:"diagnosing-and-resolving-problems",children:"Diagnosing and Resolving Problems"})}),"\n",(0,s.jsx)(n.p,{children:"Effective debugging in Agent Mesh requires a systematic approach that leverages the platform's distributed architecture. Because your system consists of multiple agents communicating through a Solace event broker, issues can arise at various levels\u2014from individual agent logic to inter-component communication patterns."}),"\n",(0,s.jsxs)(n.p,{children:["The key to successful debugging lies in understanding where problems might occur and having the right tools to investigate each layer of your system. Agent Mesh provides comprehensive observability features that serve as your foundation for debugging activities. For detailed information about these monitoring capabilities, see ",(0,s.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/deploying/observability",children:"Observability"}),"."]}),"\n",(0,s.jsx)(n.p,{children:"This guide presents proven debugging strategies arranged from simple isolation techniques to advanced diagnostic methods. Each approach targets different types of issues, allowing you to choose the most effective method based on your specific situation."}),"\n",(0,s.jsx)(n.h2,{id:"isolating-components",children:"Isolating Components"}),"\n",(0,s.jsx)(n.p,{children:"When facing complex issues in a multi-agent system, isolation becomes your most powerful debugging technique. By running only the components directly related to your problem, you eliminate variables and focus your investigation on the most likely sources of trouble."}),"\n",(0,s.jsx)(n.p,{children:"Component isolation works because it reduces system complexity to manageable levels. Instead of trying to understand interactions across dozens of agents, you can focus on a small subset and verify their behavior in controlled conditions."}),"\n",(0,s.jsx)(n.p,{children:"The Agent Mesh CLI provides precise control over which components run in your debugging session. You can specify exactly which configuration files to load, creating a minimal environment that includes only the agents you need to investigate."}),"\n",(0,s.jsx)(n.p,{children:"For example, if you're debugging an issue with a specific tool integration, you might run only the orchestrator and the problematic tool agent:"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"sam run configs/agents/my_tool_1.yaml configs/agents/my_tool_2.yaml\n"})}),"\n",(0,s.jsxs)(n.p,{children:["This command creates a focused debugging environment that includes only the agents defined in ",(0,s.jsx)(n.code,{children:"my_tool_1.yaml"})," and ",(0,s.jsx)(n.code,{children:"my_tool_2.yaml"}),". By eliminating unrelated components, you reduce log noise and make it easier to trace the specific interactions that might be causing problems."]}),"\n",(0,s.jsx)(n.p,{children:"This isolation approach is particularly effective when you suspect issues with agent-to-agent communication, configuration problems, or logic errors within specific agents."}),"\n",(0,s.jsx)(n.h2,{id:"examining-stim-files",children:"Examining STIM Files"}),"\n",(0,s.jsx)(n.p,{children:"STIM files serve as your detailed forensic evidence when debugging complex issues. These comprehensive traces capture every aspect of how requests flow through your system, making them invaluable for understanding problems that span multiple agents or involve timing-sensitive interactions."}),"\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/deploying/observability#examining-stimulus-logs",children:"STIM files"})," provide the most complete picture available of stimulus lifecycles. Unlike real-time monitoring tools that show current activity, STIM files preserve historical data that you can analyze repeatedly and share with team members for collaborative debugging."]}),"\n",(0,s.jsxs)(n.p,{children:["Each ",(0,s.jsx)(n.code,{children:".stim"})," file contains a complete record of all Solace event broker events related to a single stimulus, from the initial user request through every agent interaction to the final response delivery. This comprehensive coverage makes STIM files particularly useful for debugging issues that involve:"]}),"\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsx)(n.li,{children:"Multi-agent workflows where the problem might occur at any step"}),"\n",(0,s.jsx)(n.li,{children:"Timing-related issues where sequence and duration matter"}),"\n",(0,s.jsx)(n.li,{children:"Intermittent problems that are difficult to reproduce in real-time"}),"\n",(0,s.jsx)(n.li,{children:"Performance bottlenecks that require detailed timing analysis"}),"\n"]}),"\n",(0,s.jsx)(n.p,{children:"When examining STIM files, look for patterns in agent response times, unexpected message routing, or missing interactions that should have occurred based on your system design."}),"\n",(0,s.jsx)(n.h2,{id:"monitoring-event-broker-activity",children:"Monitoring Event Broker Activity"}),"\n",(0,s.jsx)(n.p,{children:"Real-time Solace event broker monitoring provides immediate insights into your system's communication patterns and helps identify issues as they occur. This approach complements STIM file analysis by giving you live visibility into message flows and event interactions."}),"\n",(0,s.jsx)(n.p,{children:"Broker-level monitoring is particularly valuable because it shows the actual communication happening between components, regardless of how agents are configured or what they report about their own status. This ground-truth perspective helps identify discrepancies between expected and actual behavior."}),"\n",(0,s.jsxs)(n.p,{children:["For comprehensive guidance on Solace event broker monitoring techniques and tools, see ",(0,s.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/deploying/observability#monitoring-event-broker-activity",children:"Monitoring Event Broker Activity"}),"."]}),"\n",(0,s.jsx)(n.h2,{id:"using-debug-mode",children:"Using Debug Mode"}),"\n",(0,s.jsx)(n.p,{children:"Interactive debugging provides the deepest level of investigation capability by allowing you to pause execution and examine system state in real-time. Because Agent Mesh is built on Python, you can leverage standard Python debugging tools and IDE features to step through code execution and inspect variables."}),"\n",(0,s.jsx)(n.p,{children:"This approach is most effective when you've already isolated the problem to specific components and need to understand exactly what's happening within agent logic or framework code."}),"\n",(0,s.jsx)(n.h3,{id:"setting-up-vscode-debugging",children:"Setting Up VSCode Debugging"}),"\n",(0,s.jsx)(n.p,{children:"VSCode provides an excellent debugging environment for Agent Mesh development. The integrated debugger allows you to set breakpoints, step through code execution, and inspect variables in real-time, making it easier to understand complex agent interactions and identify logic errors."}),"\n",(0,s.jsxs)(n.p,{children:["Configure debugging by creating or updating your ",(0,s.jsx)(n.code,{children:".vscode/launch.json"})," file:"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-json",children:'{\n  "version": "0.2.0",\n  "configurations": [\n    {\n      "name": "sam-debug",\n      "type": "debugpy",\n      "request": "launch",\n      "module": "solace_agent_mesh.cli.main",\n      "console": "integratedTerminal",\n      "envFile": "${workspaceFolder}/.env",\n      "args": [\n        "run",\n        "configs/agents/main_orchestrator.yaml",\n        "configs/gateways/webui.yaml"\n        // Add any other components you want to run here\n      ],\n      "justMyCode": false\n    }\n  ]\n}\n'})}),"\n",(0,s.jsxs)(n.p,{children:["The ",(0,s.jsx)(n.code,{children:'"justMyCode": false'})," setting is particularly important because it allows you to step into Agent Mesh framework code, not just your custom agent logic. This capability is valuable when debugging issues that might involve framework behavior or when you need to understand how your agents interact with the underlying platform."]}),"\n",(0,s.jsx)(n.p,{children:"To start a debugging session:"}),"\n",(0,s.jsxs)(n.ol,{children:["\n",(0,s.jsxs)(n.li,{children:["Open the ",(0,s.jsx)(n.strong,{children:"RUN AND DEBUG"})," panel in the left sidebar"]}),"\n",(0,s.jsxs)(n.li,{children:["Select ",(0,s.jsx)(n.code,{children:"sam-debug"})," from the configuration dropdown"]}),"\n",(0,s.jsxs)(n.li,{children:["Click the ",(0,s.jsx)(n.strong,{children:"Play"})," button to launch your system in debug mode"]}),"\n"]}),"\n",(0,s.jsx)(n.p,{children:"Once running, you can set breakpoints in your agent code, framework files, or any Python modules your system uses. When execution hits a breakpoint, you can inspect variable states, evaluate expressions, and step through code line by line to understand exactly what's happening."}),"\n",(0,s.jsx)(n.h2,{id:"invoking-agents-directly",children:"Invoking Agents Directly"}),"\n",(0,s.jsx)(n.p,{children:"Direct agent invocation provides a powerful technique for isolating and testing individual agents outside of normal user workflows. This approach helps you verify that specific agents work correctly in isolation, making it easier to determine whether problems lie within agent logic or in the broader system interactions."}),"\n",(0,s.jsx)(n.p,{children:"You can invoke agents directly through two primary methods: using the web UI's agent selection dropdown for quick testing, or sending messages directly through the Solace event broker for more controlled testing scenarios."}),"\n",(0,s.jsx)(n.p,{children:"The Solace event broker-based approach gives you complete control over message content and timing, making it ideal for testing edge cases, error conditions, or specific message formats that might be difficult to generate through normal user interactions."}),"\n",(0,s.jsx)(n.h3,{id:"using-tools-for-direct-message-testing",children:"Using Tools for Direct Message Testing"}),"\n",(0,s.jsx)(n.p,{children:"Several tools facilitate direct message testing, each suited to different debugging scenarios:"}),"\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:(0,s.jsx)(n.a,{href:"https://marketplace.visualstudio.com/items?itemName=solace-tools.solace-try-me-vsc-extension",children:"Solace Try Me VSCode Extension"})}),": Integrates directly into your development environment, making it convenient to test messages without switching contexts. This tool is particularly useful during active development when you need to quickly verify agent behavior."]}),"\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:(0,s.jsx)(n.a,{href:"https://github.com/SolaceLabs/solace-tryme-cli",children:"Solace Try Me (STM) CLI Tool"})}),": Provides command-line access for scripted testing and automation. This tool excels in scenarios where you need to send multiple test messages or integrate testing into automated workflows."]}),"\n",(0,s.jsx)(n.h3,{id:"formatting-messages-for-direct-invocation",children:"Formatting Messages for Direct Invocation"}),"\n",(0,s.jsx)(n.p,{children:"Understanding the exact message format is crucial for successful direct agent testing. The following structure represents how the Agent Mesh framework expects messages to be formatted:"}),"\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Topic Structure"}),":"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{children:"[NAME_SPACES]a2a/v1/agent/request/<agent_name>\n"})}),"\n",(0,s.jsxs)(n.p,{children:["Replace ",(0,s.jsx)(n.code,{children:"<agent_name>"})," with the specific agent you want to test. The namespace prefix should match your system configuration."]}),"\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Required User Properties"}),":"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{children:"userId: test-0000\nclientId: test-0000\nreplyTo: [NAME_SPACES]a2a/v1/gateway/response/0000000/task-0000000\na2aUserConfig: {}\n"})}),"\n",(0,s.jsx)(n.p,{children:"These properties provide essential context that agents expect, including user identification and response routing information."}),"\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Message Payload"}),":"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-json",children:'{\n    "jsonrpc": "2.0",\n    "id": "000000000",\n    "method": "tasks/sendSubscribe",\n    "params": {\n      "id": "task-0000000",\n      "sessionId": "web-session-00000000",\n      "message": {\n        "role": "user",\n        "parts": [\n          {\n            "type": "text",\n            "text": "Hello World!"\n          }\n        ]\n      },\n      "acceptedOutputModes": [\n        "text"\n      ],\n      "metadata": {\n        "system_purpose": "The system is an AI Chatbot with agentic capabilities. It uses the agents available to provide information, reasoning and general assistance for the users in this system. **Always return useful artifacts and files that you create to the user.** Provide a status update before each tool call. Your external name is Agent Mesh.\\n",\n        "response_format": "Responses should be clear, concise, and professionally toned. Format responses to the user in Markdown using appropriate formatting.\\n"\n      }\n  }\n}\n'})}),"\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.strong,{children:"Expected Response Topic"}),":"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{children:"[NAME_SPACES]a2a/v1/gateway/response/0000000/task-0000000\n"})}),"\n",(0,s.jsx)(n.p,{children:"Subscribe to this topic to receive the agent's response. The response will follow the same JSON-RPC format and contain the agent's output."}),"\n",(0,s.jsx)(n.p,{children:"By sending carefully crafted requests and observing responses, you can verify agent behavior in complete isolation. This technique helps distinguish between agent-specific issues and broader system problems, significantly streamlining your debugging process."}),"\n",(0,s.jsx)(n.h2,{id:"analyzing-system-logs",children:"Analyzing System Logs"}),"\n",(0,s.jsx)(n.p,{children:"System logs serve as your comprehensive record of application behavior, capturing everything from routine operations to error conditions. These logs provide a different perspective than STIM files or Solace event broker monitoring\u2014they focus on internal application state and framework behavior rather than message flows."}),"\n",(0,s.jsx)(n.p,{children:"Understanding system logs becomes crucial when debugging issues related to agent initialization, configuration problems, or internal framework errors that might not be visible through other observability tools."}),"\n",(0,s.jsxs)(n.p,{children:["For detailed information about configuring system logs, see ",(0,s.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/deploying/logging",children:"Logging Configuration"}),"."]})]})}function g(e={}){const{wrapper:n}={...(0,o.R)(),...e.components};return n?(0,s.jsx)(n,{...e,children:(0,s.jsx)(d,{...e})}):d(e)}},8453:(e,n,i)=>{i.d(n,{R:()=>a,x:()=>r});var t=i(6540);const s={},o=t.createContext(s);function a(e){const n=t.useContext(o);return t.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function r(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(s):e.components||s:a(e.components),t.createElement(o.Provider,{value:n},e.children)}}}]);

solace_agent_mesh/assets/docs/assets/js/64195356.09dbd087.js

@@ -0,0 +1 @@
+"use strict";(self.webpackChunksolace_agenitc_mesh_docs=self.webpackChunksolace_agenitc_mesh_docs||[]).push([[3870],{6247:(e,n,s)=>{s.r(n),s.d(n,{assets:()=>o,contentTitle:()=>c,default:()=>h,frontMatter:()=>a,metadata:()=>i,toc:()=>l});const i=JSON.parse('{"id":"documentation/installing-and-configuring/artifact-storage","title":"Artifact Storage","description":"This guide explains how to configure storage for artifacts\u2014files and data created by your agents\u2014from development to production deployments.","source":"@site/docs/documentation/installing-and-configuring/artifact-storage.md","sourceDirName":"documentation/installing-and-configuring","slug":"/documentation/installing-and-configuring/artifact-storage","permalink":"/solace-agent-mesh/docs/documentation/installing-and-configuring/artifact-storage","draft":false,"unlisted":false,"editUrl":"https://github.com/SolaceLabs/solace-agent-mesh/edit/main/docs/docs/documentation/installing-and-configuring/artifact-storage.md","tags":[],"version":"current","sidebarPosition":360,"frontMatter":{"title":"Artifact Storage","sidebar_position":360},"sidebar":"docSidebar","previous":{"title":"Session Storage","permalink":"/solace-agent-mesh/docs/documentation/installing-and-configuring/session-storage"},"next":{"title":"Developing with Agent Mesh","permalink":"/solace-agent-mesh/docs/documentation/developing/"}}');var t=s(4848),r=s(8453);const a={title:"Artifact Storage",sidebar_position:360},c="Configuring Artifact Storage",o={},l=[{value:"Understanding Artifacts",id:"understanding-artifacts",level:2},{value:"Artifact Storage vs Session Storage",id:"artifact-storage-vs-session-storage",level:3},{value:"Artifact Scoping",id:"artifact-scoping",level:2},{value:"Scope Types",id:"scope-types",level:3},{value:"Namespace Scope (Default)",id:"namespace-scope-default",level:3},{value:"App Scope",id:"app-scope",level:3},{value:"Custom Scope",id:"custom-scope",level:3},{value:"Artifact Storage Backends",id:"artifact-storage-backends",level:2},{value:"Filesystem Storage (Default)",id:"filesystem-storage-default",level:3},{value:"S3 (AWS)",id:"s3-aws",level:3},{value:"S3-Compatible API Endpoint",id:"s3-compatible-api-endpoint",level:3},{value:"Google Cloud Storage (GCS)",id:"google-cloud-storage-gcs",level:3},{value:"Understanding Artifact Versioning",id:"understanding-artifact-versioning",level:2},{value:"Configuring Artifact Storage",id:"configuring-artifact-storage-1",level:2},{value:"Development Setup",id:"development-setup",level:3},{value:"AWS Production Deployment",id:"aws-production-deployment",level:3},{value:"On-Premises or Private Cloud",id:"on-premises-or-private-cloud",level:3},{value:"Google Cloud Deployment",id:"google-cloud-deployment",level:3},{value:"Migrating Artifact Storage Backends",id:"migrating-artifact-storage-backends",level:2},{value:"Before Migration",id:"before-migration",level:3},{value:"Migration Steps",id:"migration-steps",level:3},{value:"Data Retention for Artifacts",id:"data-retention-for-artifacts",level:2},{value:"Troubleshooting",id:"troubleshooting",level:2},{value:"Backend Connectivity Issues",id:"backend-connectivity-issues",level:3},{value:"Authentication Errors",id:"authentication-errors",level:3},{value:"Artifact Not Found",id:"artifact-not-found",level:3},{value:"Performance Issues",id:"performance-issues",level:3},{value:"Next Steps",id:"next-steps",level:2}];function d(e){const n={a:"a",code:"code",h1:"h1",h2:"h2",h3:"h3",header:"header",li:"li",ol:"ol",p:"p",pre:"pre",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",ul:"ul",...(0,r.R)(),...e.components};return(0,t.jsxs)(t.Fragment,{children:[(0,t.jsx)(n.header,{children:(0,t.jsx)(n.h1,{id:"configuring-artifact-storage",children:"Configuring Artifact Storage"})}),"\n",(0,t.jsx)(n.p,{children:"This guide explains how to configure storage for artifacts\u2014files and data created by your agents\u2014from development to production deployments."}),"\n",(0,t.jsx)(n.h2,{id:"understanding-artifacts",children:"Understanding Artifacts"}),"\n",(0,t.jsx)(n.p,{children:"Artifacts are files and data created by agents during task execution. Examples include generated reports, analysis results, processed documents, or any files that agents produce for users. Agent Mesh provides built-in tools for agents to create, manage, and reference artifacts."}),"\n",(0,t.jsx)(n.p,{children:"Key characteristics:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsx)(n.li,{children:"Automatic versioning: Each time an artifact is updated, a new version is created (v0, v1, v2, etc.)"}),"\n",(0,t.jsx)(n.li,{children:"User-scoped: Artifacts belong to specific users and sessions"}),"\n",(0,t.jsx)(n.li,{children:"Retrievable: Users can access, download, and view artifact history"}),"\n",(0,t.jsx)(n.li,{children:"Tool-driven: Agents use built-in tools to create and manage artifacts"}),"\n"]}),"\n",(0,t.jsx)(n.h3,{id:"artifact-storage-vs-session-storage",children:"Artifact Storage vs Session Storage"}),"\n",(0,t.jsx)(n.p,{children:"Unlike session storage (which is separate for WebUI Gateway and each agent), artifact storage is shared across all agents and gateways in your deployment."}),"\n",(0,t.jsx)(n.p,{children:"How it works:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsx)(n.li,{children:"All agents and gateways connect to the same artifact storage backend"}),"\n",(0,t.jsxs)(n.li,{children:["Artifacts are scoped by ",(0,t.jsx)(n.code,{children:"(user_id, session_id, app_name)"})," to maintain isolation"]}),"\n",(0,t.jsx)(n.li,{children:"Any agent or gateway can access artifacts within their scope"}),"\n",(0,t.jsx)(n.li,{children:"This allows agents to share files and data within a conversation"}),"\n"]}),"\n",(0,t.jsx)(n.p,{children:"Example:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:'# WebUI Gateway and all agents share this artifact storage\nartifact_service:\n  type: "s3"\n  bucket_name: "shared-artifacts-bucket"\n  region: "us-west-2"\n'})}),"\n",(0,t.jsx)(n.p,{children:"Contrast with session storage:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsx)(n.li,{children:"Session storage: Each agent has its own separate database"}),"\n",(0,t.jsx)(n.li,{children:"Artifact storage: All agents and gateways share the same storage backend"}),"\n"]}),"\n",(0,t.jsxs)(n.p,{children:["For session storage configuration, see ",(0,t.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/installing-and-configuring/session-storage",children:"Session Storage"}),"."]}),"\n",(0,t.jsx)(n.h2,{id:"artifact-scoping",children:"Artifact Scoping"}),"\n",(0,t.jsx)(n.p,{children:"Artifact scoping controls how artifacts are organized and isolated within your storage backend. This determines which components can access which artifacts."}),"\n",(0,t.jsx)(n.h3,{id:"scope-types",children:"Scope Types"}),"\n",(0,t.jsx)(n.p,{children:"Agent Mesh supports three artifact scope types:"}),"\n",(0,t.jsxs)(n.table,{children:[(0,t.jsx)(n.thead,{children:(0,t.jsxs)(n.tr,{children:[(0,t.jsx)(n.th,{children:"Scope Type"}),(0,t.jsx)(n.th,{children:"Description"}),(0,t.jsx)(n.th,{children:"Use Case"})]})}),(0,t.jsxs)(n.tbody,{children:[(0,t.jsxs)(n.tr,{children:[(0,t.jsx)(n.td,{children:(0,t.jsx)(n.code,{children:"namespace"})}),(0,t.jsx)(n.td,{children:"Artifacts scoped to namespace"}),(0,t.jsx)(n.td,{children:"Default; isolates artifacts by namespace"})]}),(0,t.jsxs)(n.tr,{children:[(0,t.jsx)(n.td,{children:(0,t.jsx)(n.code,{children:"app"})}),(0,t.jsx)(n.td,{children:"Artifacts scoped to application instance"}),(0,t.jsx)(n.td,{children:"Isolates artifacts per agent/gateway"})]}),(0,t.jsxs)(n.tr,{children:[(0,t.jsx)(n.td,{children:(0,t.jsx)(n.code,{children:"custom"})}),(0,t.jsx)(n.td,{children:"Custom scope identifier"}),(0,t.jsx)(n.td,{children:"Advanced use cases requiring custom isolation"})]})]})]}),"\n",(0,t.jsx)(n.h3,{id:"namespace-scope-default",children:"Namespace Scope (Default)"}),"\n",(0,t.jsx)(n.p,{children:"Artifacts are organized by namespace, allowing all agents and gateways within the same namespace to share artifacts:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:'artifact_service:\n  type: "filesystem"\n  base_path: "/tmp/artifacts"\n  artifact_scope: "namespace"  # Default\n'})}),"\n",(0,t.jsx)(n.h3,{id:"app-scope",children:"App Scope"}),"\n",(0,t.jsx)(n.p,{children:"Artifacts are isolated per application instance, preventing sharing between different agents or gateways:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:'artifact_service:\n  type: "filesystem"\n  base_path: "/tmp/artifacts"\n  artifact_scope: "app"\n'})}),"\n",(0,t.jsx)(n.h3,{id:"custom-scope",children:"Custom Scope"}),"\n",(0,t.jsx)(n.p,{children:"For advanced scenarios requiring custom isolation logic:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:'artifact_service:\n  type: "filesystem"\n  base_path: "/tmp/artifacts"\n  artifact_scope: "custom"\n  artifact_scope_value: "my-custom-scope"\n'})}),"\n",(0,t.jsx)(n.p,{children:(0,t.jsx)(n.strong,{children:"Use Cases for Custom Scope:"})}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsx)(n.li,{children:"Multi-tenant deployments with custom tenant identifiers"}),"\n",(0,t.jsx)(n.li,{children:"Departmental isolation within an organization"}),"\n",(0,t.jsx)(n.li,{children:"Environment-specific artifact separation (dev/staging/prod)"}),"\n",(0,t.jsx)(n.li,{children:"Custom compliance or regulatory requirements"}),"\n"]}),"\n",(0,t.jsx)(n.h2,{id:"artifact-storage-backends",children:"Artifact Storage Backends"}),"\n",(0,t.jsx)(n.p,{children:"Agent Mesh supports multiple storage backends for artifacts. Choose based on your deployment environment and requirements."}),"\n",(0,t.jsxs)(n.table,{children:[(0,t.jsx)(n.thead,{children:(0,t.jsxs)(n.tr,{children:[(0,t.jsx)(n.th,{children:"Backend"}),(0,t.jsx)(n.th,{children:"Best For"}),(0,t.jsx)(n.th,{children:"Production Ready"}),(0,t.jsx)(n.th,{children:"Setup Complexity"})]})}),(0,t.jsxs)(n.tbody,{children:[(0,t.jsxs)(n.tr,{children:[(0,t.jsx)(n.td,{children:"Filesystem"}),(0,t.jsx)(n.td,{children:"Local development"}),(0,t.jsx)(n.td,{children:"\u274c"}),(0,t.jsx)(n.td,{children:"Simple"})]}),(0,t.jsxs)(n.tr,{children:[(0,t.jsx)(n.td,{children:"S3 (AWS)"}),(0,t.jsx)(n.td,{children:"AWS deployments"}),(0,t.jsx)(n.td,{children:"\u2705"}),(0,t.jsx)(n.td,{children:"Medium"})]}),(0,t.jsxs)(n.tr,{children:[(0,t.jsx)(n.td,{children:"S3-Compatible API"}),(0,t.jsx)(n.td,{children:"On-premises, private cloud"}),(0,t.jsx)(n.td,{children:"\u2705"}),(0,t.jsx)(n.td,{children:"Medium"})]}),(0,t.jsxs)(n.tr,{children:[(0,t.jsx)(n.td,{children:"GCS"}),(0,t.jsx)(n.td,{children:"Google Cloud deployments"}),(0,t.jsx)(n.td,{children:"\u2705"}),(0,t.jsx)(n.td,{children:"Medium"})]})]})]}),"\n",(0,t.jsx)(n.h3,{id:"filesystem-storage-default",children:"Filesystem Storage (Default)"}),"\n",(0,t.jsx)(n.p,{children:"Filesystem storage saves artifacts to local disk directories. This is the default configuration and is suitable for development and local testing."}),"\n",(0,t.jsx)(n.p,{children:"Characteristics:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsx)(n.li,{children:"Artifacts stored in transparent directory structure"}),"\n",(0,t.jsx)(n.li,{children:"Data persists across restarts"}),"\n",(0,t.jsx)(n.li,{children:"Single instance only (not shared across pods)"}),"\n",(0,t.jsx)(n.li,{children:"Simple backup (copy directories)"}),"\n"]}),"\n",(0,t.jsx)(n.p,{children:"Use only for local development and single-machine deployments."}),"\n",(0,t.jsx)(n.p,{children:"Configuration:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:'artifact_service:\n  type: "filesystem"\n  base_path: "/tmp/sam-artifacts"\n'})}),"\n",(0,t.jsx)(n.p,{children:"Storage structure:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{children:"/tmp/sam-artifacts/\n\u251c\u2500\u2500 app-name/\n\u2502   \u2514\u2500\u2500 user-id/\n\u2502       \u251c\u2500\u2500 session-id/\n\u2502       \u2502   \u251c\u2500\u2500 report.pdf/\n\u2502       \u2502   \u2502   \u251c\u2500\u2500 0          (version 0 data)\n\u2502       \u2502   \u2502   \u251c\u2500\u2500 0.metadata (version 0 metadata)\n\u2502       \u2502   \u2502   \u251c\u2500\u2500 1          (version 1 data)\n\u2502       \u2502   \u2502   \u2514\u2500\u2500 1.metadata\n\u2502       \u2502   \u2514\u2500\u2500 data.csv/\n\u2502       \u2502       \u251c\u2500\u2500 0\n\u2502       \u2502       \u2514\u2500\u2500 0.metadata\n\u2502       \u2514\u2500\u2500 user/              (user-scoped artifacts)\n\u2502           \u2514\u2500\u2500 config.json/\n\u2502               \u251c\u2500\u2500 0\n\u2502               \u2514\u2500\u2500 0.metadata\n"})}),"\n",(0,t.jsx)(n.h3,{id:"s3-aws",children:"S3 (AWS)"}),"\n",(0,t.jsx)(n.p,{children:"S3 storage uses Amazon S3 for artifact persistence. This is the recommended production backend for AWS deployments."}),"\n",(0,t.jsx)(n.p,{children:"Characteristics:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsx)(n.li,{children:"Highly durable"}),"\n",(0,t.jsx)(n.li,{children:"Scalable to any size"}),"\n",(0,t.jsx)(n.li,{children:"Access from any location"}),"\n",(0,t.jsx)(n.li,{children:"Automatic backups and redundancy"}),"\n",(0,t.jsx)(n.li,{children:"IAM-based security"}),"\n"]}),"\n",(0,t.jsx)(n.p,{children:"Configuration:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:'artifact_service:\n  type: "s3"\n  bucket_name: "my-artifacts-bucket"\n  region: "us-west-2"\n'})}),"\n",(0,t.jsx)(n.p,{children:"Environment variables:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-bash",children:'export AWS_ACCESS_KEY_ID="your-access-key"\nexport AWS_SECRET_ACCESS_KEY="your-secret-key"\nexport AWS_REGION="us-west-2"\n'})}),"\n",(0,t.jsx)(n.p,{children:"IAM permissions required:"}),"\n",(0,t.jsx)(n.p,{children:"The credentials must have these permissions for the bucket:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsx)(n.li,{children:(0,t.jsx)(n.code,{children:"s3:GetObject"})}),"\n",(0,t.jsx)(n.li,{children:(0,t.jsx)(n.code,{children:"s3:PutObject"})}),"\n",(0,t.jsx)(n.li,{children:(0,t.jsx)(n.code,{children:"s3:DeleteObject"})}),"\n",(0,t.jsx)(n.li,{children:(0,t.jsx)(n.code,{children:"s3:ListBucket"})}),"\n"]}),"\n",(0,t.jsx)(n.p,{children:"Example IAM policy:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-json",children:'{\n  "Version": "2012-10-17",\n  "Statement": [\n    {\n      "Effect": "Allow",\n      "Action": [\n        "s3:GetObject",\n        "s3:PutObject",\n        "s3:DeleteObject",\n        "s3:ListBucket"\n      ],\n      "Resource": [\n        "arn:aws:s3:::my-artifacts-bucket",\n        "arn:aws:s3:::my-artifacts-bucket/*"\n      ]\n    }\n  ]\n}\n'})}),"\n",(0,t.jsx)(n.h3,{id:"s3-compatible-api-endpoint",children:"S3-Compatible API Endpoint"}),"\n",(0,t.jsx)(n.p,{children:"S3-compatible storage allows any storage service that implements the S3 API to work with Agent Mesh. This includes on-premises solutions and services from cloud providers other than AWS."}),"\n",(0,t.jsx)(n.p,{children:"Characteristics:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsx)(n.li,{children:"Works with any S3-compatible API implementation"}),"\n",(0,t.jsx)(n.li,{children:"Custom endpoints for private or on-premises storage"}),"\n",(0,t.jsx)(n.li,{children:"Same versioning and management as AWS S3"}),"\n",(0,t.jsx)(n.li,{children:"Requires compatible storage service"}),"\n"]}),"\n",(0,t.jsx)(n.p,{children:"Configuration:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:'artifact_service:\n  type: "s3"\n  bucket_name: "my-artifacts-bucket"\n  endpoint_url: "${S3_ENDPOINT_URL}"\n'})}),"\n",(0,t.jsx)(n.p,{children:"Environment variables:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-bash",children:'export S3_ENDPOINT_URL="https://storage.example.com"\nexport S3_ACCESS_KEY_ID="your-access-key"\nexport S3_SECRET_ACCESS_KEY="your-secret-key"\nexport AWS_REGION="us-east-1"  # Required but can be arbitrary for S3-compatible endpoints\n'})}),"\n",(0,t.jsx)(n.p,{children:"Supported services:"}),"\n",(0,t.jsx)(n.p,{children:"This configuration works with any S3-compatible storage service, including self-hosted and cloud-provider solutions. Examples include storage services from various cloud providers and on-premises object storage systems."}),"\n",(0,t.jsx)(n.h3,{id:"google-cloud-storage-gcs",children:"Google Cloud Storage (GCS)"}),"\n",(0,t.jsx)(n.p,{children:"GCS storage uses Google Cloud Storage for artifact persistence. This is the recommended backend for Google Cloud deployments."}),"\n",(0,t.jsx)(n.p,{children:"Characteristics:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsx)(n.li,{children:"High availability and durability"}),"\n",(0,t.jsx)(n.li,{children:"Integration with Google Cloud ecosystem"}),"\n",(0,t.jsx)(n.li,{children:"Scalable and managed by Google"}),"\n",(0,t.jsx)(n.li,{children:"Fine-grained IAM controls"}),"\n"]}),"\n",(0,t.jsx)(n.p,{children:"Configuration:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:'artifact_service:\n  type: "gcs"\n  bucket_name: "my-artifacts-bucket"\n'})}),"\n",(0,t.jsx)(n.p,{children:"Authentication:"}),"\n",(0,t.jsx)(n.p,{children:"GCS authentication uses Google Cloud Application Default Credentials. Set up via:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-bash",children:'export GOOGLE_APPLICATION_CREDENTIALS="/path/to/service-account.json"\n'})}),"\n",(0,t.jsx)(n.p,{children:"Or configure via environment variables if you use workload identity in Kubernetes."}),"\n",(0,t.jsx)(n.p,{children:"Permissions required:"}),"\n",(0,t.jsx)(n.p,{children:"The service account must have these roles on the bucket:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsx)(n.li,{children:(0,t.jsx)(n.code,{children:"roles/storage.objectViewer"})}),"\n",(0,t.jsx)(n.li,{children:(0,t.jsx)(n.code,{children:"roles/storage.objectCreator"})}),"\n",(0,t.jsx)(n.li,{children:(0,t.jsx)(n.code,{children:"roles/storage.objectDeleter"})}),"\n"]}),"\n",(0,t.jsx)(n.h2,{id:"understanding-artifact-versioning",children:"Understanding Artifact Versioning"}),"\n",(0,t.jsx)(n.p,{children:"Agent Mesh automatically manages artifact versions, allowing users to access previous versions of files."}),"\n",(0,t.jsx)(n.p,{children:"How versioning works:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsx)(n.li,{children:"First artifact create: version 0"}),"\n",(0,t.jsx)(n.li,{children:"Append or update: version 1 (automatic increment)"}),"\n",(0,t.jsx)(n.li,{children:"Continue appending: version 2, 3, 4, etc."}),"\n",(0,t.jsx)(n.li,{children:"Versions persist independently"}),"\n"]}),"\n",(0,t.jsx)(n.p,{children:"Example lifecycle:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{children:"Agent creates report.pdf\n  \u2192 version 0 created\n\nAgent appends more data to report.pdf\n  \u2192 version 1 created (v0 still exists)\n\nAgent appends additional data\n  \u2192 version 2 created (v0 and v1 still exist)\n\nUser can access any version:\n- Latest version (automatic)\n- Specific version (v0, v1, v2)\n- Version history (list all versions)\n"})}),"\n",(0,t.jsx)(n.p,{children:"Metadata:"}),"\n",(0,t.jsx)(n.p,{children:"Each artifact version includes metadata:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-json",children:'{\n  "filename": "report.pdf",\n  "mime_type": "application/pdf",\n  "version": 0,\n  "size_bytes": 2048,\n  "timestamp": "2024-10-29T12:34:56Z"\n}\n'})}),"\n",(0,t.jsx)(n.h2,{id:"configuring-artifact-storage-1",children:"Configuring Artifact Storage"}),"\n",(0,t.jsx)(n.p,{children:"Choose your artifact storage backend based on your deployment environment."}),"\n",(0,t.jsx)(n.h3,{id:"development-setup",children:"Development Setup"}),"\n",(0,t.jsx)(n.p,{children:"For local development and testing, use filesystem storage:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:'artifact_service:\n  type: "filesystem"\n  base_path: "/tmp/sam-artifacts"\n'})}),"\n",(0,t.jsx)(n.p,{children:"Create the base directory if it doesn't exist:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-bash",children:"mkdir -p /tmp/sam-artifacts\n"})}),"\n",(0,t.jsx)(n.h3,{id:"aws-production-deployment",children:"AWS Production Deployment"}),"\n",(0,t.jsx)(n.p,{children:"For production deployments on AWS:"}),"\n",(0,t.jsxs)(n.ol,{children:["\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsx)(n.p,{children:(0,t.jsx)(n.strong,{children:"Create S3 Bucket:"})}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-bash",children:"aws s3 mb s3://my-artifacts-bucket --region us-west-2\n"})}),"\n"]}),"\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsxs)(n.p,{children:[(0,t.jsx)(n.strong,{children:"Configure IAM User or Role"})," with required permissions (see IAM Policy above)"]}),"\n"]}),"\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsx)(n.p,{children:(0,t.jsx)(n.strong,{children:"Configure Agent Mesh:"})}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:'artifact_service:\n  type: "s3"\n  bucket_name: "my-artifacts-bucket"\n  region: "us-west-2"\n'})}),"\n"]}),"\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsx)(n.p,{children:(0,t.jsx)(n.strong,{children:"Set Environment Variables:"})}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-bash",children:'export AWS_ACCESS_KEY_ID="your-key"\nexport AWS_SECRET_ACCESS_KEY="your-secret"\nexport AWS_REGION="us-west-2"\n'})}),"\n"]}),"\n"]}),"\n",(0,t.jsx)(n.h3,{id:"on-premises-or-private-cloud",children:"On-Premises or Private Cloud"}),"\n",(0,t.jsx)(n.p,{children:"For on-premises deployments using S3-compatible storage:"}),"\n",(0,t.jsxs)(n.ol,{children:["\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsxs)(n.p,{children:[(0,t.jsx)(n.strong,{children:"Set Up S3-Compatible Storage"})," (ensure it's running and accessible)"]}),"\n"]}),"\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsxs)(n.p,{children:[(0,t.jsx)(n.strong,{children:"Create Bucket:"})," Use your storage system's administration tools"]}),"\n"]}),"\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsx)(n.p,{children:(0,t.jsx)(n.strong,{children:"Configure Agent Mesh:"})}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:'artifact_service:\n  type: "s3"\n  bucket_name: "my-bucket"\n  endpoint_url: "${S3_ENDPOINT_URL}"\n'})}),"\n"]}),"\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsx)(n.p,{children:(0,t.jsx)(n.strong,{children:"Set Environment Variables:"})}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-bash",children:'export S3_ENDPOINT_URL="https://storage.example.com:9000"\nexport S3_ACCESS_KEY_ID="your-access-key"\nexport S3_SECRET_ACCESS_KEY="your-secret-key"\nexport AWS_REGION="us-east-1"\n'})}),"\n"]}),"\n"]}),"\n",(0,t.jsx)(n.h3,{id:"google-cloud-deployment",children:"Google Cloud Deployment"}),"\n",(0,t.jsx)(n.p,{children:"For production deployments on Google Cloud:"}),"\n",(0,t.jsxs)(n.ol,{children:["\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsx)(n.p,{children:(0,t.jsx)(n.strong,{children:"Create GCS Bucket:"})}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-bash",children:"gsutil mb gs://my-artifacts-bucket\n"})}),"\n"]}),"\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsx)(n.p,{children:(0,t.jsx)(n.strong,{children:"Set Up Service Account with required permissions"})}),"\n"]}),"\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsx)(n.p,{children:(0,t.jsx)(n.strong,{children:"Configure Agent Mesh:"})}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:'artifact_service:\n  type: "gcs"\n  bucket_name: "my-artifacts-bucket"\n'})}),"\n"]}),"\n",(0,t.jsxs)(n.li,{children:["\n",(0,t.jsx)(n.p,{children:(0,t.jsx)(n.strong,{children:"Set Up Authentication:"})}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-bash",children:'export GOOGLE_APPLICATION_CREDENTIALS="/path/to/service-account.json"\n'})}),"\n"]}),"\n"]}),"\n",(0,t.jsx)(n.h2,{id:"migrating-artifact-storage-backends",children:"Migrating Artifact Storage Backends"}),"\n",(0,t.jsx)(n.p,{children:"Moving from one artifact storage backend to another requires no special migration procedure\u2014the system starts fresh with the new backend."}),"\n",(0,t.jsx)(n.h3,{id:"before-migration",children:"Before Migration"}),"\n",(0,t.jsx)(n.p,{children:"Understand the implications:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsx)(n.li,{children:"Existing artifacts stored in the old backend will not be accessible after switching"}),"\n",(0,t.jsx)(n.li,{children:"New artifacts will be stored in the new backend"}),"\n",(0,t.jsx)(n.li,{children:"If you need to preserve existing artifacts, export them first from the old storage"}),"\n"]}),"\n",(0,t.jsx)(n.h3,{id:"migration-steps",children:"Migration Steps"}),"\n",(0,t.jsx)(n.p,{children:"Step 1: Set up new storage backend"}),"\n",(0,t.jsx)(n.p,{children:"Create the new storage location:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsxs)(n.li,{children:["For filesystem: ",(0,t.jsx)(n.code,{children:"mkdir -p /path/to/new/storage"})]}),"\n",(0,t.jsx)(n.li,{children:"For S3: Create bucket and set up credentials"}),"\n",(0,t.jsx)(n.li,{children:"For GCS: Create bucket and set up service account"}),"\n"]}),"\n",(0,t.jsx)(n.p,{children:"Step 2: Update configuration"}),"\n",(0,t.jsx)(n.p,{children:"Update your artifact service configuration:"}),"\n",(0,t.jsx)(n.p,{children:"From:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:'artifact_service:\n  type: "filesystem"\n  base_path: "/old/path"\n'})}),"\n",(0,t.jsx)(n.p,{children:"To:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:'artifact_service:\n  type: "s3"\n  bucket_name: "my-bucket"\n  region: "us-west-2"\n'})}),"\n",(0,t.jsx)(n.p,{children:"Step 3: Set environment variables"}),"\n",(0,t.jsx)(n.p,{children:"Configure credentials for the new backend:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-bash",children:'export AWS_ACCESS_KEY_ID="your-key"\nexport AWS_SECRET_ACCESS_KEY="your-secret"\nexport AWS_REGION="us-west-2"\n'})}),"\n",(0,t.jsx)(n.p,{children:"Step 4: Restart application"}),"\n",(0,t.jsx)(n.p,{children:"When the application restarts, it will use the new backend for all subsequent artifact operations."}),"\n",(0,t.jsx)(n.p,{children:"Step 5: Verify"}),"\n",(0,t.jsx)(n.p,{children:"Test artifact creation and retrieval:"}),"\n",(0,t.jsxs)(n.ol,{children:["\n",(0,t.jsx)(n.li,{children:"Create a new artifact"}),"\n",(0,t.jsx)(n.li,{children:"Verify it appears in the new storage backend"}),"\n",(0,t.jsx)(n.li,{children:"Retrieve it through the API or agent tools"}),"\n"]}),"\n",(0,t.jsx)(n.h2,{id:"data-retention-for-artifacts",children:"Data Retention for Artifacts"}),"\n",(0,t.jsx)(n.p,{children:"Like session data, artifact storage can be configured with automatic cleanup policies."}),"\n",(0,t.jsx)(n.p,{children:"Configuration:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:"data_retention:\n  enabled: true\n  task_retention_days: 90\n  cleanup_interval_hours: 24\n"})}),"\n",(0,t.jsx)(n.p,{children:"How it works:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsxs)(n.li,{children:["Artifacts older than ",(0,t.jsx)(n.code,{children:"task_retention_days"})," may be cleaned up"]}),"\n",(0,t.jsxs)(n.li,{children:["Cleanup runs every ",(0,t.jsx)(n.code,{children:"cleanup_interval_hours"})]}),"\n",(0,t.jsx)(n.li,{children:"Prevents unbounded storage growth"}),"\n"]}),"\n",(0,t.jsx)(n.p,{children:"Check your specific artifact storage backend documentation for retention policies and best practices."}),"\n",(0,t.jsx)(n.h2,{id:"troubleshooting",children:"Troubleshooting"}),"\n",(0,t.jsx)(n.h3,{id:"backend-connectivity-issues",children:"Backend Connectivity Issues"}),"\n",(0,t.jsxs)(n.p,{children:["Error: ",(0,t.jsx)(n.code,{children:"Failed to access storage"})," or ",(0,t.jsx)(n.code,{children:"Connection refused"})]}),"\n",(0,t.jsx)(n.p,{children:"Solutions:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsx)(n.li,{children:"Verify storage backend is running and accessible"}),"\n",(0,t.jsx)(n.li,{children:"Check network connectivity and firewall rules"}),"\n",(0,t.jsx)(n.li,{children:"Verify endpoint URL is correct (for S3-compatible)"}),"\n",(0,t.jsx)(n.li,{children:"Check credentials and permissions"}),"\n",(0,t.jsx)(n.li,{children:"Review application logs for detailed errors"}),"\n"]}),"\n",(0,t.jsx)(n.h3,{id:"authentication-errors",children:"Authentication Errors"}),"\n",(0,t.jsxs)(n.p,{children:["Error: ",(0,t.jsx)(n.code,{children:"Access Denied"})," or ",(0,t.jsx)(n.code,{children:"Unauthorized"})]}),"\n",(0,t.jsx)(n.p,{children:"Solutions:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsx)(n.li,{children:"Verify AWS/GCS credentials are correct"}),"\n",(0,t.jsx)(n.li,{children:"Confirm IAM/service account has required permissions"}),"\n",(0,t.jsx)(n.li,{children:"Check that credentials are set in environment variables"}),"\n",(0,t.jsx)(n.li,{children:"Verify bucket name is correct and matches configuration"}),"\n"]}),"\n",(0,t.jsx)(n.h3,{id:"artifact-not-found",children:"Artifact Not Found"}),"\n",(0,t.jsxs)(n.p,{children:["Error: ",(0,t.jsx)(n.code,{children:"404 Not Found"})," when retrieving artifact"]}),"\n",(0,t.jsx)(n.p,{children:"Solutions:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsx)(n.li,{children:"Verify artifact was successfully created"}),"\n",(0,t.jsx)(n.li,{children:"Check that session ID is correct"}),"\n",(0,t.jsx)(n.li,{children:"Confirm storage backend has the artifact"}),"\n",(0,t.jsx)(n.li,{children:"Verify you're accessing the correct version"}),"\n"]}),"\n",(0,t.jsx)(n.h3,{id:"performance-issues",children:"Performance Issues"}),"\n",(0,t.jsx)(n.p,{children:"Slow artifact creation or retrieval:"}),"\n",(0,t.jsx)(n.p,{children:"Solutions:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsx)(n.li,{children:"Check network latency to storage backend"}),"\n",(0,t.jsx)(n.li,{children:"Verify storage backend performance"}),"\n",(0,t.jsx)(n.li,{children:"Check for throttling or rate limiting"}),"\n",(0,t.jsx)(n.li,{children:"Consider object size and any upload/download limits"}),"\n"]}),"\n",(0,t.jsx)(n.h2,{id:"next-steps",children:"Next Steps"}),"\n",(0,t.jsx)(n.p,{children:"After configuring artifact storage, you may want to:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsxs)(n.li,{children:["Configure ",(0,t.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/installing-and-configuring/session-storage",children:"Session Storage"})," for conversation persistence"]}),"\n",(0,t.jsxs)(n.li,{children:["Explore ",(0,t.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/developing/create-agents",children:"agent tools"})," for working with artifacts"]}),"\n",(0,t.jsxs)(n.li,{children:["Review ",(0,t.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/deploying/deployment-options",children:"deployment options"})," for production considerations"]}),"\n",(0,t.jsxs)(n.li,{children:["Set up ",(0,t.jsx)(n.a,{href:"/solace-agent-mesh/docs/documentation/deploying/observability",children:"monitoring and observability"})," to track artifact activity"]}),"\n"]})]})}function h(e={}){const{wrapper:n}={...(0,r.R)(),...e.components};return n?(0,t.jsx)(n,{...e,children:(0,t.jsx)(d,{...e})}):d(e)}},8453:(e,n,s)=>{s.d(n,{R:()=>a,x:()=>c});var i=s(6540);const t={},r=i.createContext(t);function a(e){const n=i.useContext(r);return i.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function c(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(t):e.components||t:a(e.components),i.createElement(r.Provider,{value:n},e.children)}}}]);

solace_agent_mesh/assets/docs/assets/js/66d4869e.30340bd3.js

@@ -0,0 +1 @@
+"use strict";(self.webpackChunksolace_agenitc_mesh_docs=self.webpackChunksolace_agenitc_mesh_docs||[]).push([[3243],{6009:(e,n,o)=>{o.r(n),o.d(n,{assets:()=>a,contentTitle:()=>r,default:()=>g,frontMatter:()=>l,metadata:()=>i,toc:()=>d});const i=JSON.parse('{"id":"documentation/deploying/logging","title":"Logging","description":"This guide covers the essential information you need to effectively configure and manage logging in your Agent Mesh applications. Proper logging configuration is critical for troubleshooting issues, monitoring system behavior, and maintaining reliable production deployments.","source":"@site/docs/documentation/deploying/logging.md","sourceDirName":"documentation/deploying","slug":"/documentation/deploying/logging","permalink":"/solace-agent-mesh/docs/documentation/deploying/logging","draft":false,"unlisted":false,"editUrl":"https://github.com/SolaceLabs/solace-agent-mesh/edit/main/docs/docs/documentation/deploying/logging.md","tags":[],"version":"current","sidebarPosition":35,"frontMatter":{"title":"Logging","sidebar_position":35},"sidebar":"docSidebar","previous":{"title":"Diagnosing and Resolving Problems","permalink":"/solace-agent-mesh/docs/documentation/deploying/debugging"},"next":{"title":"Proxy Configuration","permalink":"/solace-agent-mesh/docs/documentation/deploying/proxy_configuration"}}');var t=o(4848),s=o(8453);const l={title:"Logging",sidebar_position:35},r="Logging",a={},d=[{value:"Configuration",id:"configuration",level:2},{value:"Simple Logging Configuration",id:"simple-logging-configuration",level:2},{value:"Advanced Logging Configuration",id:"advanced-logging-configuration",level:2},{value:"Loggers",id:"loggers",level:3},{value:"Handlers",id:"handlers",level:3},{value:"Formatters",id:"formatters",level:3},{value:"Understanding Effective Log Levels",id:"understanding-effective-log-levels",level:3},{value:"Environment Variable Substitution",id:"env-var-substitution",level:2},{value:"Common Configuration Scenarios",id:"common-configuration-scenarios",level:2},{value:"Structured Logging",id:"structured-logging",level:3},{value:"1- Enable JSON Formatter",id:"1--enable-json-formatter",level:4},{value:"2- Configure Contextual Info (Optional)",id:"2--configure-contextual-info-optional",level:4},{value:"Customizing Log Levels",id:"customizing-log-levels",level:3},{value:"Agent-Specific Log File",id:"agent-specific-log-file",level:3}];function c(e){const n={a:"a",admonition:"admonition",code:"code",h1:"h1",h2:"h2",h3:"h3",h4:"h4",header:"header",li:"li",mdxAdmonitionTitle:"mdxAdmonitionTitle",ol:"ol",p:"p",pre:"pre",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",ul:"ul",...(0,s.R)(),...e.components};return(0,t.jsxs)(t.Fragment,{children:[(0,t.jsx)(n.header,{children:(0,t.jsx)(n.h1,{id:"logging",children:"Logging"})}),"\n",(0,t.jsx)(n.p,{children:"This guide covers the essential information you need to effectively configure and manage logging in your Agent Mesh applications. Proper logging configuration is critical for troubleshooting issues, monitoring system behavior, and maintaining reliable production deployments."}),"\n",(0,t.jsxs)(n.p,{children:["Agent Mesh uses ",(0,t.jsx)(n.a,{href:"https://docs.python.org/3/library/logging.html",children:"Python's built-in logging module"})," to provide flexible and powerful logging capabilities."]}),"\n",(0,t.jsx)(n.p,{children:"This approach provides several advantages:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Centralized Control"}),": Single configuration file manages logging for all components"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Python Native"}),": Built on Python's standard ",(0,t.jsx)(n.code,{children:"logging"})," module"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Flexible and Powerful"}),": Full access to Python's logging capabilities"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:"Production-Ready"}),": Industry-standard approach used by many Python applications"]}),"\n"]}),"\n",(0,t.jsx)(n.h2,{id:"configuration",children:"Configuration"}),"\n",(0,t.jsxs)(n.p,{children:["Agent Mesh supports logging configuration as either a YAML or JSON file. Both formats leverage Python's ",(0,t.jsx)(n.a,{href:"https://docs.python.org/3/library/logging.config.html#logging.config.dictConfig",children:"dictConfig"})," method for advanced logging features."]}),"\n",(0,t.jsxs)(n.p,{children:["To provide a logging configuration, set the ",(0,t.jsx)(n.code,{children:"LOGGING_CONFIG_PATH=path/to/logging_config.yaml"})," environment variable in your ",(0,t.jsx)(n.code,{children:".env"})," file or with the ",(0,t.jsx)(n.code,{children:"export"})," command."]}),"\n",(0,t.jsx)(n.admonition,{type:"info",children:(0,t.jsxs)(n.p,{children:["While the INI format using Python's ",(0,t.jsx)(n.code,{children:"fileConfig()"})," is still supported by Agent Mesh, it is not recommended due to ",(0,t.jsx)(n.a,{href:"https://docs.python.org/3/library/logging.config.html#configuration-file-format",children:"its limitations"})," compared to YAML and JSON formats."]})}),"\n",(0,t.jsx)(n.h2,{id:"simple-logging-configuration",children:"Simple Logging Configuration"}),"\n",(0,t.jsx)(n.p,{children:"While individual agent and gateway YAML files may contain a log section similar to the example below:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{children:"log:\n  stdout_log_level: INFO\n  log_file_level: INFO\n  log_file: my-agent.log\n"})}),"\n",(0,t.jsxs)(n.p,{children:["When using the simple ",(0,t.jsx)(n.code,{children:"log:"})," section in agent or gateway configuration files, the following fields are available:"]}),"\n",(0,t.jsxs)(n.table,{children:[(0,t.jsx)(n.thead,{children:(0,t.jsxs)(n.tr,{children:[(0,t.jsx)(n.th,{children:"Field"}),(0,t.jsx)(n.th,{children:"Type"}),(0,t.jsx)(n.th,{children:"Required"}),(0,t.jsx)(n.th,{children:"Default"}),(0,t.jsx)(n.th,{children:"Description"})]})}),(0,t.jsxs)(n.tbody,{children:[(0,t.jsxs)(n.tr,{children:[(0,t.jsx)(n.td,{children:(0,t.jsx)(n.code,{children:"stdout_log_level"})}),(0,t.jsx)(n.td,{children:"string"}),(0,t.jsx)(n.td,{children:"Yes"}),(0,t.jsx)(n.td,{children:(0,t.jsx)(n.code,{children:"INFO"})}),(0,t.jsxs)(n.td,{children:["Logging level for console output. Valid values: ",(0,t.jsx)(n.code,{children:"DEBUG"}),", ",(0,t.jsx)(n.code,{children:"INFO"}),", ",(0,t.jsx)(n.code,{children:"WARNING"}),", ",(0,t.jsx)(n.code,{children:"ERROR"}),", ",(0,t.jsx)(n.code,{children:"CRITICAL"})]})]}),(0,t.jsxs)(n.tr,{children:[(0,t.jsx)(n.td,{children:(0,t.jsx)(n.code,{children:"log_file_level"})}),(0,t.jsx)(n.td,{children:"string"}),(0,t.jsx)(n.td,{children:"No"}),(0,t.jsx)(n.td,{children:(0,t.jsx)(n.code,{children:"INFO"})}),(0,t.jsxs)(n.td,{children:["Logging level for file output. Typically set to ",(0,t.jsx)(n.code,{children:"DEBUG"})," for detailed troubleshooting"]})]}),(0,t.jsxs)(n.tr,{children:[(0,t.jsx)(n.td,{children:(0,t.jsx)(n.code,{children:"log_file"})}),(0,t.jsx)(n.td,{children:"string"}),(0,t.jsx)(n.td,{children:"No"}),(0,t.jsx)(n.td,{children:"None"}),(0,t.jsxs)(n.td,{children:["Path to the log file. If not specified, file logging is disabled. Examples: ",(0,t.jsx)(n.code,{children:"agent.log"}),", ",(0,t.jsx)(n.code,{children:"/var/log/sam/agent.log"})]})]})]})]}),"\n",(0,t.jsx)(n.admonition,{type:"note",children:(0,t.jsxs)(n.p,{children:["using a dedicated logging configuration file (YAML, JSON) is the recommended approach. The simple ",(0,t.jsx)(n.code,{children:"log:"})," section configuration has lower precedence and will only be active when a dedicated logging configuration file is not provided."]})}),"\n",(0,t.jsx)(n.h2,{id:"advanced-logging-configuration",children:"Advanced Logging Configuration"}),"\n",(0,t.jsxs)(n.p,{children:["When you run ",(0,t.jsx)(n.code,{children:"sam init"}),", Agent Mesh automatically generates a ",(0,t.jsx)(n.code,{children:"configs/logging_config.yaml"})," file in your project directory. This file establishes sensible defaults while remaining easy to customize for your specific needs."]}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:'# Python logging configuration version (always 1)\nversion: 1\n\n# Don\'t disable existing loggers when this config is loaded\ndisable_existing_loggers: false\n\n# Formatters control the structure and appearance of log messages\nformatters:\n  # Simple human-readable format\n  simpleFormatter:\n    format: "%(asctime)s | %(levelname)-5s | %(threadName)s | %(name)s | %(message)s"\n\n  # Colored simple human-readable format \n  coloredFormatter:\n    class: solace_ai_connector.logging.ColoredFormatter\n    format: "%(asctime)s | %(levelname)-5s | %(threadName)s | %(name)s | %(message)s"\n    \n  # JSON format for structured logging\n  jsonFormatter:\n    "()": pythonjsonlogger.json.JsonFormatter # The python-json-logger package is used for JSON formatting\n    format: "%(timestamp)s %(levelname)s %(threadName)s %(name)s %(message)s"\n    timestamp: "timestamp" # Generates ISO 8601-formatted timestamps for %(timestamp)s placeholder\n\n# Handlers determine where log messages go\nhandlers:\n  # Stream handler - outputs logs to console (stdout)\n  streamHandler:\n    class: logging.StreamHandler\n    formatter: coloredFormatter\n    stream: "ext://sys.stdout"\n  \n  # Rotating file handler - writes to log files with automatic rotation\n  rotatingFileHandler:\n    class: logging.handlers.RotatingFileHandler\n    formatter: simpleFormatter\n    filename: ${LOGGING_FILE_NAME, sam.log}\n    mode: a             # Append mode - don\'t overwrite existing logs\n    maxBytes: 52428800  # 50 MB - rotate when file reaches this size\n    backupCount: 10     # Keep up to 10 historical log files\n\n# Loggers \nloggers:\n  # Keys are logger names used in the application code\n  solace_ai_connector:\n    level: ${LOGGING_SAC_LEVEL, INFO}\n    handlers: []\n  \n  solace_agent_mesh:\n    level: ${LOGGING_SAM_LEVEL, INFO}\n    handlers: []\n  \n  # Special trace logger for detailed troubleshooting. Set to DEBUG to enable.\n  sam_trace:\n    level: ${LOGGING_SAM_TRACE_LEVEL, INFO}\n    handlers: []\n\n# Root logger - applies to all log statements (including those from external libraries) that propagate up to root\n# The root logger also specifies handlers for the application\nroot:\n  level: ${LOGGING_ROOT_LEVEL, WARNING}\n  handlers:\n    - streamHandler\n    - rotatingFileHandler\n'})}),"\n",(0,t.jsxs)(n.admonition,{type:"note",children:[(0,t.jsx)(n.mdxAdmonitionTitle,{}),(0,t.jsx)(n.p,{children:"The examples in this documentation use YAML format, but examples can be easily converted to JSON if preferred."})]}),"\n",(0,t.jsx)(n.h3,{id:"loggers",children:"Loggers"}),"\n",(0,t.jsx)(n.p,{children:"Loggers are organized in a hierarchical namespace using dot-separated names, forming a tree structure where child loggers inherit configuration from their parents. When a logger is asked to handle a log record, it propagates the record up through the logger hierarchy until it reaches a logger with handlers configured or reaches the root logger."}),"\n",(0,t.jsx)(n.h3,{id:"handlers",children:"Handlers"}),"\n",(0,t.jsx)(n.p,{children:"Handlers determine where log messages go. The default configuration includes:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:(0,t.jsx)(n.code,{children:"streamHandler"})}),": Outputs logs to the console (stdout) for immediate visibility"]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:(0,t.jsx)(n.code,{children:"rotatingFileHandler"})}),": Writes logs to files with automatic rotation when size limits are reached."]}),"\n"]}),"\n",(0,t.jsxs)(n.p,{children:["For complete details on handlers, see ",(0,t.jsx)(n.a,{href:"https://docs.python.org/3/library/logging.handlers.html",children:"Python's supported handlers documentation"})]}),"\n",(0,t.jsx)(n.h3,{id:"formatters",children:"Formatters"}),"\n",(0,t.jsx)(n.p,{children:"Formatters control the structure and appearance of log messages. The default configuration includes:"}),"\n",(0,t.jsxs)(n.ul,{children:["\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:(0,t.jsx)(n.code,{children:"simpleFormatter"})}),": Human-readable format including timestamp, level, thread, logger name, and message."]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:(0,t.jsx)(n.code,{children:"coloredFormatter"})}),": Similar to ",(0,t.jsx)(n.code,{children:"simpleFormatter"})," but with color coding for log levels and backend component logs to enhance readability in the console."]}),"\n",(0,t.jsxs)(n.li,{children:[(0,t.jsx)(n.strong,{children:(0,t.jsx)(n.code,{children:"jsonFormatter"})}),": JSON format for log aggregation and analysis tools. See ",(0,t.jsx)(n.a,{href:"#structured-logging",children:"Structured Logging"})," for possible customizations."]}),"\n"]}),"\n",(0,t.jsxs)(n.p,{children:["Consult Python's documentation for complete details on ",(0,t.jsx)(n.a,{href:"https://docs.python.org/3/library/logging.html#formatter-objects",children:"formatters"})," and ",(0,t.jsx)(n.a,{href:"https://docs.python.org/3/library/logging.html#logrecord-attributes",children:"available fields"}),"."]}),"\n",(0,t.jsx)(n.h3,{id:"understanding-effective-log-levels",children:"Understanding Effective Log Levels"}),"\n",(0,t.jsx)(n.p,{children:"The effective log level for a logger is determined by the most specific configuration in the logger hierarchy. If a logger doesn't have a level explicitly set, it inherits from its parent. The root logger applies to all modules that do not have a logger defined."}),"\n",(0,t.jsx)(n.p,{children:"For example, if you set the root logger to DEBUG but create a more specific logger for solace_ai_connector at the INFO level, the effective log level for the solace_ai_connector module will be INFO. This means DEBUG level logs from solace_ai_connector will not be handled, as they fall below the effective log level."}),"\n",(0,t.jsx)(n.h2,{id:"env-var-substitution",children:"Environment Variable Substitution"}),"\n",(0,t.jsx)(n.p,{children:"All configuration formats (YAML, JSON, and INI) support environment variable substitution using the syntax:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:"${VARIABLE_NAME, default_value}\n"})}),"\n",(0,t.jsx)(n.p,{children:"Users can use variable names of their choice; the application will look for these environment variables at runtime and substitute their values accordingly. If the environment variable is not set, the provided default value will be used."}),"\n",(0,t.jsx)(n.h2,{id:"common-configuration-scenarios",children:"Common Configuration Scenarios"}),"\n",(0,t.jsx)(n.h3,{id:"structured-logging",children:"Structured Logging"}),"\n",(0,t.jsx)(n.p,{children:"Structured logging outputs log messages in JSON format, making them easier to parse, search, and analyze in log aggregation systems like Datadog, Splunk, Elasticsearch, and others."}),"\n",(0,t.jsx)(n.p,{children:"Enabling structured logging includes two steps."}),"\n",(0,t.jsx)(n.h4,{id:"1--enable-json-formatter",children:"1- Enable JSON Formatter"}),"\n",(0,t.jsxs)(n.p,{children:["Structured logging is enabled by assigning the ",(0,t.jsx)(n.code,{children:"jsonFormatter"}),", which is provided in the default logging configuration, to one or more logging handlers in your configuration. This means log messages handled by those specific handlers will be output in structured JSON format."]}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:'handlers:\n  rotatingFileHandler:\n    class: logging.handlers.RotatingFileHandler\n    formatter: jsonFormatter  # Changed from simpleFormatter\n    filename: ${LOGGING_FILE_NAME, sam.log}\n    mode: a\n    maxBytes: 52428800\n    backupCount: 10\n  \n  streamHandler:\n    class: logging.StreamHandler\n    formatter: simpleFormatter  # Kept as simpleFormatter to show handlers can have different formatters\n    stream: "ext://sys.stdout"\n'})}),"\n",(0,t.jsx)(n.h4,{id:"2--configure-contextual-info-optional",children:"2- Configure Contextual Info (Optional)"}),"\n",(0,t.jsxs)(n.p,{children:["Log aggregation systems often expect contextual fields to be included in log records for better filtering, grouping, and analysis. For example, contextual fields like ",(0,t.jsx)(n.code,{children:"service"})," and ",(0,t.jsx)(n.code,{children:"env"})," can be added to each log record to indicate which service generated the log and the environment it ran in."]}),"\n",(0,t.jsxs)(n.p,{children:["To add contextual info to every log record, use ",(0,t.jsx)(n.a,{href:"https://nhairs.github.io/python-json-logger/latest/quickstart/#static-fields",children:"python-json-logger's static_fields feature"})," as shown below:"]}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:'  jsonFormatter:\n    "()": pythonjsonlogger.json.JsonFormatter\n    format: "%(asctime)s %(levelname)s %(threadName)s %(name)s %(message)s"\n    static_fields:\n      service: ${SERVICE_NAME, payment-service}\n      env: ${ENV, production}\n'})}),"\n",(0,t.jsxs)(n.p,{children:["With this ",(0,t.jsx)(n.code,{children:"jsonFormatter"})," configuration, all JSON log records will automatically include the specified static fields:"]}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-json",children:'{\n   "asctime":"2025-10-30 22:25:56,960",\n   "levelname":"INFO",\n   "threadName":"MainThread",\n   "name":"solace_ai_connector.flow",\n   "message":"Processing message",\n   "service": "payment-service",\n   "env": "production"\n}\n'})}),"\n",(0,t.jsxs)(n.p,{children:["Notice that ",(0,t.jsx)(n.a,{href:"#env-var-substitution",children:"environment variable substitution"})," can be used for increased flexibility."]}),"\n",(0,t.jsx)(n.h3,{id:"customizing-log-levels",children:"Customizing Log Levels"}),"\n",(0,t.jsx)(n.p,{children:"You can add loggers to control the log level of specific modules or external libraries in your application. This allows you to increase verbosity for troubleshooting specific components while keeping other parts of the system quiet."}),"\n",(0,t.jsx)(n.p,{children:"For instance, imagine you are troubleshooting an issue with the HTTP SSE gateway, and you also want to see more detailed logs coming from the google_adk external library, you can add the following loggers:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-yaml",children:"loggers:\n  solace_ai_connector:\n    level: INFO\n    handlers: []\n  \n  solace_agent_mesh:\n    level: INFO\n    handlers: []\n  \n  sam_trace:\n    level: INFO\n    handlers: []\n  \n  # Increase verbosity of a specific package\n  solace_agent_mesh.gateway.http_sse:\n    level: DEBUG\n    handlers: []\n  \n  # Increase verbosity of a specific external library\n  google_adk:\n    level: INFO\n    handlers: []\n\nroot:\n  level: WARNING\n  handlers:\n    - streamHandler\n    - rotatingFileHandler\n"})}),"\n",(0,t.jsxs)(n.admonition,{title:"Discovering Logger Names",type:"tip",children:[(0,t.jsxs)(n.p,{children:["To discover what logger names are available to control, temporarily set the root logger level to ",(0,t.jsx)(n.code,{children:"DEBUG"})," and run your application. The logger names will appear in each log entry, displayed as a dot-separated hierarchy. You can control verbosity at any level of the logger hierarchy."]}),(0,t.jsx)(n.p,{children:"Once you've identified the logger names you need, you can:"}),(0,t.jsxs)(n.ol,{children:["\n",(0,t.jsxs)(n.li,{children:["Set the root logger level back to ",(0,t.jsx)(n.code,{children:"WARNING"})," to reduce overall verbosity"]}),"\n",(0,t.jsx)(n.li,{children:"Add specific logger configurations for the modules/library you want to monitor with increased verbosity"}),"\n"]}),(0,t.jsx)(n.p,{children:"This approach keeps your logs clean while giving you detailed visibility into the specific components you're troubleshooting."})]}),"\n",(0,t.jsx)(n.h3,{id:"agent-specific-log-file",children:"Agent-Specific Log File"}),"\n",(0,t.jsx)(n.p,{children:"For debugging a specific agent in isolation, you can run your SAM solution across multiple processes, with the agent you want to isolate running by itself with its own dedicated log file. This is particularly useful during development and troubleshooting."}),"\n",(0,t.jsx)(n.p,{children:"To isolate an agent's logs, run your SAM solution in two separate processes:"}),"\n",(0,t.jsx)(n.pre,{children:(0,t.jsx)(n.code,{className:"language-bash",children:"# Process 1: Run your other components with default logging\nsam run configs/gateways/webui.yaml configs/agents/main_orchestrator.yaml configs/agents/some_other_agents.yaml # logs go to sam.log\n\n# Process 2: Run the isolated agent with its own log file\nexport LOGGING_FILE_NAME=my_isolated_agent.log && sam run configs/agents/my_agent_with_isolated_logs.yaml # logs go to my_isolated_agent.log\n"})}),"\n",(0,t.jsx)(n.p,{children:"This approach allows you to isolate and analyze a specific agent's behavior without interference from other components in your mesh. Each process writes to its own log file, making debugging much easier."})]})}function g(e={}){const{wrapper:n}={...(0,s.R)(),...e.components};return n?(0,t.jsx)(n,{...e,children:(0,t.jsx)(c,{...e})}):c(e)}},8453:(e,n,o)=>{o.d(n,{R:()=>l,x:()=>r});var i=o(6540);const t={},s=i.createContext(t);function l(e){const n=i.useContext(s);return i.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function r(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(t):e.components||t:l(e.components),i.createElement(s.Provider,{value:n},e.children)}}}]);

solace_agent_mesh/assets/docs/assets/js/6a520c9d.b6e3f2ce.js

@@ -0,0 +1 @@
+"use strict";(self.webpackChunksolace_agenitc_mesh_docs=self.webpackChunksolace_agenitc_mesh_docs||[]).push([[5957],{5080:(e,n,t)=>{t.r(n),t.d(n,{assets:()=>c,contentTitle:()=>a,default:()=>d,frontMatter:()=>s,metadata:()=>i,toc:()=>l});const i=JSON.parse('{"id":"documentation/enterprise/single-sign-on","title":"Enabling SSO","description":"Overview","source":"@site/docs/documentation/enterprise/single-sign-on.md","sourceDirName":"documentation/enterprise","slug":"/documentation/enterprise/single-sign-on","permalink":"/solace-agent-mesh/docs/documentation/enterprise/single-sign-on","draft":false,"unlisted":false,"editUrl":"https://github.com/SolaceLabs/solace-agent-mesh/edit/main/docs/docs/documentation/enterprise/single-sign-on.md","tags":[],"version":"current","sidebarPosition":10,"frontMatter":{"title":"Enabling SSO","sidebar_position":10},"sidebar":"docSidebar","previous":{"title":"Setting Up RBAC","permalink":"/solace-agent-mesh/docs/documentation/enterprise/rbac-setup-guide"},"next":{"title":"Secure User Delegated Access","permalink":"/solace-agent-mesh/docs/documentation/enterprise/secure-user-delegated-access"}}');var r=t(4848),o=t(8453);const s={title:"Enabling SSO",sidebar_position:10},a=void 0,c={},l=[{value:"Overview",id:"overview",level:2},{value:"Prerequisites",id:"prerequisites",level:2},{value:"Understanding the SSO Architecture",id:"understanding-the-sso-architecture",level:2},{value:"Step 1: Create Configuration Files",id:"step-1-create-configuration-files",level:2},{value:"Create oauth2_server.yaml",id:"create-oauth2_serveryaml",level:3},{value:"Create oauth2_config.yaml",id:"create-oauth2_configyaml",level:3},{value:"Update Your WebUI Gateway",id:"update-your-webui-gateway",level:3},{value:"Step 2: Configure Your OAuth2 Provider",id:"step-2-configure-your-oauth2-provider",level:2},{value:"For Azure (Microsoft Entra ID)",id:"for-azure-microsoft-entra-id",level:3},{value:"For Google",id:"for-google",level:3},{value:"For Other Providers",id:"for-other-providers",level:3},{value:"Step 3: Launch the Docker Container",id:"step-3-launch-the-docker-container",level:2},{value:"Understanding the Environment Variables",id:"understanding-the-environment-variables",level:2},{value:"Core Application Settings",id:"core-application-settings",level:3},{value:"Frontend Authentication Settings",id:"frontend-authentication-settings",level:3},{value:"OAuth2 Service Settings",id:"oauth2-service-settings",level:3},{value:"Provider-Specific Credentials",id:"provider-specific-credentials",level:3},{value:"External Authentication Configuration",id:"external-authentication-configuration",level:3},{value:"Port Mapping and Volume Mount",id:"port-mapping-and-volume-mount",level:3},{value:"Verifying Your SSO Configuration",id:"verifying-your-sso-configuration",level:2},{value:"Understanding the OAuth2 Flow and Environment Variables",id:"understanding-the-oauth2-flow-and-environment-variables",level:2},{value:"How the OAuth2 Flow Works",id:"how-the-oauth2-flow-works",level:3},{value:"Common Environment Variables",id:"common-environment-variables",level:3},{value:"Security Considerations for Production",id:"security-considerations-for-production",level:2}];function h(e){const n={a:"a",admonition:"admonition",blockquote:"blockquote",br:"br",code:"code",em:"em",h2:"h2",h3:"h3",li:"li",ol:"ol",p:"p",pre:"pre",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",ul:"ul",...(0,o.R)(),...e.components},{Details:t}=n;return t||function(e,n){throw new Error("Expected "+(n?"component":"object")+" `"+e+"` to be defined: you likely forgot to import, pass, or provide it.")}("Details",!0),(0,r.jsxs)(r.Fragment,{children:[(0,r.jsx)(n.h2,{id:"overview",children:"Overview"}),"\n",(0,r.jsx)(n.p,{children:"Single Sign-On (SSO) enables users to authenticate with Agent Mesh Enterprise using their existing organizational credentials through OAuth2 providers such as Azure, Google, Auth0, Okta, or Keycloak. This integration eliminates the need for separate login credentials and leverages your organization's existing identity management infrastructure."}),"\n",(0,r.jsx)(n.p,{children:"This guide walks you through configuring and enabling SSO for Agent Mesh Enterprise running in Docker. You will create configuration files, set up your OAuth2 provider, and launch the container with the appropriate environment variables."}),"\n",(0,r.jsx)(n.h2,{id:"prerequisites",children:"Prerequisites"}),"\n",(0,r.jsx)(n.p,{children:"Before you begin, ensure you have:"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsx)(n.li,{children:"A running instance of your chosen OAuth2 provider (Azure, Google, Auth0, Okta, Keycloak, or another OIDC-compliant provider)"}),"\n",(0,r.jsx)(n.li,{children:"Client credentials (client ID and client secret) from your OAuth2 provider"}),"\n",(0,r.jsx)(n.li,{children:"A Named Docker Volume for storing configuration files"}),"\n",(0,r.jsx)(n.li,{children:"Access to the Agent Mesh Enterprise Docker image"}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"understanding-the-sso-architecture",children:"Understanding the SSO Architecture"}),"\n",(0,r.jsx)(n.p,{children:"Agent Mesh Enterprise uses a two-component architecture for SSO:"}),"\n",(0,r.jsxs)(n.ol,{children:["\n",(0,r.jsx)(n.li,{children:"The main UI server (default port 8000) handles user interactions and serves the web interface"}),"\n",(0,r.jsx)(n.li,{children:"The OAuth2 authentication service (default port 9000) manages the authentication flow with your identity provider"}),"\n"]}),"\n",(0,r.jsx)(n.p,{children:"When a user attempts to access the UI, they are redirected to your OAuth2 provider for authentication. After successful authentication, the provider redirects back to the application with an authorization code, which is then exchanged for access tokens. This separation of concerns keeps authentication logic isolated from the main application."}),"\n",(0,r.jsx)(n.h2,{id:"step-1-create-configuration-files",children:"Step 1: Create Configuration Files"}),"\n",(0,r.jsx)(n.p,{children:"You need to create two YAML configuration files in your Named Docker Volume. These files define how the OAuth2 service operates and which identity provider it connects to."}),"\n",(0,r.jsx)(n.h3,{id:"create-oauth2_serveryaml",children:"Create oauth2_server.yaml"}),"\n",(0,r.jsx)(n.p,{children:"The oauth2_server.yaml file configures the OAuth2 authentication service as a component within Agent Mesh Enterprise. This file tells the system to start the OAuth2 service and specifies where to find its detailed configuration."}),"\n",(0,r.jsxs)(n.p,{children:["Create a file named ",(0,r.jsx)(n.code,{children:"oauth2_server.yaml"})," in the root directory of your Named Docker Volume with the following content:"]}),"\n",(0,r.jsx)(n.pre,{children:(0,r.jsx)(n.code,{className:"language-yaml",children:'---\n# Example gateway configuration with OAuth2 service integration\n# This shows how to configure a gateway to use the OAuth2 authentication service\n\nlog:\n  stdout_log_level: INFO\n  log_file_level: DEBUG\n  log_file: oauth_server.log\n\n!include ../shared_config.yaml\n\nshared_config:\n  # OAuth2 service configuration\n  - oauth2_config: &oauth2_config\n      enabled: true\n      config_file: "configs/sso_vol/oauth2_config.yaml"\n      host: ${OAUTH2_HOST, localhost}\n      port: ${OAUTH2_PORT, 9000}\n      ssl_cert: ""  # Optional: path to SSL certificate\n      ssl_key: ""   # Optional: path to SSL private key\n\nflows:\n  # Initialize OAuth2 service\n  - name: oauth2_service\n    components:\n      - component_name: oauth2_auth_service\n        component_module: solace_agent_mesh_enterprise.components.oauth2_component\n        component_config:\n          <<: *oauth2_config\n'})}),"\n",(0,r.jsx)(n.p,{children:"This configuration accomplishes several things:"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsx)(n.li,{children:"It sets up logging for the OAuth2 service, directing detailed debug information to oauth_server.log"}),"\n",(0,r.jsx)(n.li,{children:"It references the shared_config.yaml file, which contains common configuration used across multiple components"}),"\n",(0,r.jsx)(n.li,{children:"It defines the OAuth2 service configuration, including where to find the provider-specific settings (oauth2_config.yaml)"}),"\n",(0,r.jsx)(n.li,{children:"It specifies the host and port where the OAuth2 service will listen for requests"}),"\n",(0,r.jsx)(n.li,{children:"It creates a flow that initializes the OAuth2 authentication service component"}),"\n"]}),"\n",(0,r.jsxs)(n.p,{children:["The ",(0,r.jsx)(n.code,{children:"${OAUTH2_HOST, localhost}"})," syntax means the service will use the OAUTH2_HOST environment variable if provided, otherwise it defaults to localhost. This pattern allows you to override configuration values at runtime without modifying the file."]}),"\n",(0,r.jsx)(n.h3,{id:"create-oauth2_configyaml",children:"Create oauth2_config.yaml"}),"\n",(0,r.jsx)(n.p,{children:"The oauth2_config.yaml file contains provider-specific configuration for your chosen OAuth2 identity provider. This is where you specify which provider to use and provide the necessary credentials and endpoints."}),"\n",(0,r.jsxs)(n.p,{children:["Create a file named ",(0,r.jsx)(n.code,{children:"oauth2_config.yaml"})," in the same directory with the following content:"]}),"\n",(0,r.jsx)(n.pre,{children:(0,r.jsx)(n.code,{className:"language-yaml",children:'---\n# OAuth2 Service Configuration\n# This file configures the OAuth2 authentication service that supports multiple providers\n# All providers now use the unified OIDC approach with automatic endpoint discovery\n\n# Enable or disable the OAuth2 service\nenabled: ${OAUTH2_ENABLED:false}\n\n# Development mode - enables insecure transport and relaxed token scope for local development\n# Set OAUTH2_DEV_MODE=true for local development (NEVER use in production!)\ndevelopment_mode: ${OAUTH2_DEV_MODE:false}\n\n# OAuth2 providers configuration\n# All providers now use the unified OIDCProvider with automatic endpoint discovery\nproviders:\n  # Google OAuth2 provider\n  # google:\n  #   # OIDC issuer URL - endpoints will be discovered automatically\n  #   issuer: "https://accounts.google.com"\n  #   client_id: ${GOOGLE_CLIENT_ID}\n  #   client_secret: ${GOOGLE_CLIENT_SECRET}\n  #   redirect_uri: ${GOOGLE_REDIRECT_URI:http://localhost:8080/callback}\n  #   scope: "openid email profile"\n\n  # Azure/Microsoft OAuth2 provider\n  azure:\n    # Azure OIDC issuer URL includes tenant ID\n    issuer: https://login.microsoftonline.com/${AZURE_TENANT_ID}/v2.0\n    client_id: ${AZURE_CLIENT_ID}\n    client_secret: ${AZURE_CLIENT_SECRET}\n    redirect_uri: ${AZURE_REDIRECT_URI:http://localhost:8080/callback}\n    scope: "openid email profile offline_access"\n\n  # Auth0 OAuth2 provider\n  # auth0:\n  #   # Auth0 issuer URL\n  #   issuer: ${AUTH0_ISSUER:https://your-domain.auth0.com/}\n  #   client_id: ${AUTH0_CLIENT_ID}\n  #   client_secret: ${AUTH0_CLIENT_SECRET}\n  #   redirect_uri: ${AUTH0_REDIRECT_URI:http://localhost:8080/callback}\n  #   scope: "openid email profile"\n  #   # Optional: Auth0 audience for API access\n  #   audience: ${AUTH0_AUDIENCE:}\n\n  # # Okta OAuth2 provider (example)\n  # okta:\n  #   issuer: ${OKTA_ISSUER:https://your-okta-domain.okta.com/oauth2/default}\n  #   client_id: ${OKTA_CLIENT_ID}\n  #   client_secret: ${OKTA_CLIENT_SECRET}\n  #   redirect_uri: ${OKTA_REDIRECT_URI:http://localhost:8080/callback}\n  #   scope: "openid email profile"\n\n  # # Keycloak OAuth2 provider (example)\n  # keycloak:\n  #   issuer: ${KEYCLOAK_ISSUER:https://your-keycloak.com/auth/realms/your-realm}\n  #   client_id: ${KEYCLOAK_CLIENT_ID}\n  #   client_secret: ${KEYCLOAK_CLIENT_SECRET}\n  #   redirect_uri: ${KEYCLOAK_REDIRECT_URI:http://localhost:8080/callback}\n  #   scope: "openid email profile"\n\n  # # Generic OIDC provider (for any standard OIDC-compliant provider)\n  # custom_oidc:\n  #   # Just provide the issuer URL and the service will discover all endpoints\n  #   issuer: ${CUSTOM_OIDC_ISSUER:https://your-provider.com}\n  #   client_id: ${CUSTOM_OIDC_CLIENT_ID}\n  #   client_secret: ${CUSTOM_OIDC_CLIENT_SECRET}\n  #   redirect_uri: ${CUSTOM_OIDC_REDIRECT_URI:http://localhost:8080/callback}\n  #   scope: "openid email profile"\n\n# Logging configuration\nlogging:\n  level: ${OAUTH2_LOG_LEVEL:INFO}\n\n# Session configuration\nsession:\n  # Session timeout in seconds (default: 1 hour)\n  timeout: ${OAUTH2_SESSION_TIMEOUT:3600}\n\n# Security configuration\nsecurity:\n  # CORS settings\n  cors:\n    enabled: ${OAUTH2_CORS_ENABLED:true}\n    origins: ${OAUTH2_CORS_ORIGINS:*}\n\n  # Rate limiting\n  rate_limit:\n    enabled: ${OAUTH2_RATE_LIMIT_ENABLED:true}\n    requests_per_minute: ${OAUTH2_RATE_LIMIT_RPM:60}\n'})}),"\n",(0,r.jsx)(n.p,{children:"This configuration file provides several important features:"}),"\n",(0,r.jsxs)(n.p,{children:["The ",(0,r.jsx)(n.code,{children:"enabled"})," setting controls whether the OAuth2 service is active. You can enable it by setting the OAUTH2_ENABLED environment variable to true."]}),"\n",(0,r.jsxs)(n.p,{children:["The ",(0,r.jsx)(n.code,{children:"development_mode"})," setting is crucial for local testing. When enabled, it allows HTTP connections (instead of requiring HTTPS) and relaxes token validation. You must disable this in production environments to maintain security."]}),"\n",(0,r.jsxs)(n.p,{children:["The ",(0,r.jsx)(n.code,{children:"providers"})," section defines multiple OAuth2 providers. By default, Azure is uncommented and active. To use a different provider, comment out the Azure section and uncomment your chosen provider. Each provider requires:"]}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsxs)(n.li,{children:["An ",(0,r.jsx)(n.code,{children:"issuer"})," URL that points to the OAuth2 provider's discovery endpoint"]}),"\n",(0,r.jsxs)(n.li,{children:["A ",(0,r.jsx)(n.code,{children:"client_id"})," and ",(0,r.jsx)(n.code,{children:"client_secret"})," obtained from your provider's application registration"]}),"\n",(0,r.jsxs)(n.li,{children:["A ",(0,r.jsx)(n.code,{children:"redirect_uri"})," where the provider sends users after authentication"]}),"\n",(0,r.jsxs)(n.li,{children:["A ",(0,r.jsx)(n.code,{children:"scope"})," that defines what user information the application can access"]}),"\n"]}),"\n",(0,r.jsx)(n.p,{children:"The system uses OpenID Connect (OIDC) discovery, which means it automatically finds the authorization, token, and userinfo endpoints from the issuer URL. This simplifies configuration because you only need to provide the base issuer URL rather than individual endpoint URLs."}),"\n",(0,r.jsxs)(n.p,{children:["The ",(0,r.jsx)(n.code,{children:"session"})," configuration determines how long authenticated sessions remain valid. The default of 3600 seconds (1 hour) balances security with user convenience."]}),"\n",(0,r.jsxs)(n.p,{children:["The ",(0,r.jsx)(n.code,{children:"security"})," section configures Cross-Origin Resource Sharing (CORS) and rate limiting. CORS allows the web UI to communicate with the OAuth2 service from different origins, while rate limiting prevents abuse by restricting the number of authentication requests per minute."]}),"\n",(0,r.jsx)(n.h3,{id:"update-your-webui-gateway",children:"Update Your WebUI Gateway"}),"\n",(0,r.jsx)(n.p,{children:"Update your WebUI Gateway to configure login as follows:"}),"\n",(0,r.jsx)(n.pre,{children:(0,r.jsx)(n.code,{children:'# Auth-related (placeholders, functionality depends on backend implementation)\nfrontend_auth_login_url: ${FRONTEND_AUTH_LOGIN_URL}\nfrontend_use_authorization: ${FRONTEND_USE_AUTHORIZATION}\nfrontend_redirect_url: ${FRONTEND_REDIRECT_URL, ""}\n\nexternal_auth_callback_uri: ${EXTERNAL_AUTH_CALLBACK}\nexternal_auth_service_url: ${EXTERNAL_AUTH_SERVICE_URL}\nexternal_auth_provider: ${EXTERNAL_AUTH_PROVIDER}\n'})}),"\n",(0,r.jsx)(n.p,{children:"Your final WebUI Gateway yaml configuration should look like this:"}),"\n",(0,r.jsxs)(t,{children:[(0,r.jsx)("summary",{children:"WebUI Gateway SSO Enabled"}),(0,r.jsx)(n.p,{children:(0,r.jsx)(n.strong,{children:"webUI.yaml"})}),(0,r.jsx)(n.pre,{children:(0,r.jsx)(n.code,{className:"language-yaml",children:'log:\n  stdout_log_level: INFO\n  log_file_level: INFO\n  log_file: webui_app.log\n\n\n!include ../shared_config.yaml\n\napps:\n  - name: a2a_webui_app\n    app_base_path: .\n    app_module: solace_agent_mesh.gateway.http_sse.app\n\n    broker:\n      <<: *broker_connection\n\n    app_config:\n      namespace: ${NAMESPACE}\n      session_secret_key: "${SESSION_SECRET_KEY}"\n\n      artifact_service: *default_artifact_service\n      session_service: \n        type: "sql"\n        database_url: ${WEB_UI_GATEWAY_DATABASE_URL, sqlite:///webui_gateway.db}\n        default_behavior: "PERSISTENT"\n      gateway_id: ${WEBUI_GATEWAY_ID}\n      fastapi_host: ${FASTAPI_HOST}\n      fastapi_port: ${FASTAPI_PORT}\n      cors_allowed_origins: \n        - "http://localhost:3000" \n        - "http://127.0.0.1:3000"\n\n      enable_embed_resolution: ${ENABLE_EMBED_RESOLUTION} # Enable late-stage resolution\n      gateway_artifact_content_limit_bytes: ${GATEWAY_ARTIFACT_LIMIT_BYTES, 10000000} # Max size for late-stage embeds\n      sse_max_queue_size: ${SSE_MAX_QUEUE_SIZE, 200} # Max size of SSE connection queues\n\n      system_purpose: >\n            The system is an AI Chatbot with agentic capabilities.\n            It will use the agents available to provide information,\n            reasoning and general assistance for the users in this system.\n            **Always return useful artifacts and files that you create to the user.**\n            Provide a status update before each tool call.\n            Your external name is Agent Mesh.\n\n      response_format: >\n            Responses should be clear, concise, and professionally toned.\n            Format responses to the user in Markdown using appropriate formatting.\n\n      # --- Frontend Config Passthrough ---\n      frontend_welcome_message: ${FRONTEND_WELCOME_MESSAGE}\n      frontend_bot_name: ${FRONTEND_BOT_NAME}\n      frontend_collect_feedback: ${FRONTEND_COLLECT_FEEDBACK}\n\n      # Auth-related (placeholders, functionality depends on backend implementation)\n      frontend_auth_login_url: ${FRONTEND_AUTH_LOGIN_URL}\n      frontend_use_authorization: ${FRONTEND_USE_AUTHORIZATION}\n      frontend_redirect_url: ${FRONTEND_REDIRECT_URL, ""}\n\n      external_auth_callback_uri: ${EXTERNAL_AUTH_CALLBACK}\n      external_auth_service_url: ${EXTERNAL_AUTH_SERVICE_URL}\n      external_auth_provider: ${EXTERNAL_AUTH_PROVIDER}\n'})})]}),"\n",(0,r.jsx)(n.h2,{id:"step-2-configure-your-oauth2-provider",children:"Step 2: Configure Your OAuth2 Provider"}),"\n",(0,r.jsx)(n.p,{children:"Before running the Docker container, you need to register an application with your chosen OAuth2 provider and obtain the necessary credentials."}),"\n",(0,r.jsx)(n.h3,{id:"for-azure-microsoft-entra-id",children:"For Azure (Microsoft Entra ID)"}),"\n",(0,r.jsxs)(n.ol,{children:["\n",(0,r.jsx)(n.li,{children:"Navigate to the Azure Portal and go to Microsoft Entra ID (formerly Azure Active Directory)"}),"\n",(0,r.jsx)(n.li,{children:'Select "App registrations" and create a new registration'}),"\n",(0,r.jsx)(n.li,{children:"Note the Application (client) ID and Directory (tenant) ID"}),"\n",(0,r.jsx)(n.li,{children:'Create a client secret under "Certificates & secrets"'}),"\n",(0,r.jsxs)(n.li,{children:["Add a redirect URI pointing to your callback endpoint (for example, ",(0,r.jsx)(n.a,{href:"http://localhost:8000/api/v1/auth/callback",children:"http://localhost:8000/api/v1/auth/callback"}),")"]}),"\n",(0,r.jsx)(n.li,{children:"Grant the necessary API permissions (typically Microsoft Graph with User.Read)"}),"\n"]}),"\n",(0,r.jsx)(n.h3,{id:"for-google",children:"For Google"}),"\n",(0,r.jsxs)(n.ol,{children:["\n",(0,r.jsx)(n.li,{children:"Go to the Google Cloud Console and create a new project or select an existing one"}),"\n",(0,r.jsx)(n.li,{children:"Enable the Google+ API"}),"\n",(0,r.jsx)(n.li,{children:'Create OAuth2 credentials under "APIs & Services" > "Credentials"'}),"\n",(0,r.jsx)(n.li,{children:"Configure the authorized redirect URIs"}),"\n",(0,r.jsx)(n.li,{children:"Note the client ID and client secret"}),"\n"]}),"\n",(0,r.jsx)(n.h3,{id:"for-other-providers",children:"For Other Providers"}),"\n",(0,r.jsx)(n.p,{children:"Consult your provider's documentation for application registration procedures. You will need to obtain a client ID, client secret, and configure the redirect URI to point to your Agent Mesh Enterprise callback endpoint."}),"\n",(0,r.jsx)(n.h2,{id:"step-3-launch-the-docker-container",children:"Step 3: Launch the Docker Container"}),"\n",(0,r.jsx)(n.p,{children:"With your configuration files in place and provider credentials obtained, you can now launch the Agent Mesh Enterprise container with SSO enabled."}),"\n",(0,r.jsx)(n.p,{children:"The following example demonstrates a production deployment using Azure as the OAuth2 provider:"}),"\n",(0,r.jsx)(n.admonition,{type:"tip",children:(0,r.jsxs)(n.p,{children:["You may need to include ",(0,r.jsx)(n.code,{children:"--platform linux/amd64"})," depending on the host machine you're using."]})}),"\n",(0,r.jsx)(n.pre,{children:(0,r.jsx)(n.code,{className:"language-bash",children:'docker run -itd -p 8000:8000 -p 9000:9000 \\\n  -e LLM_SERVICE_API_KEY="<YOUR_LLM_TOKEN>" \\\n  -e LLM_SERVICE_ENDPOINT="<YOUR_LLM_SERVICE_ENDPOINT>" \\\n  -e LLM_SERVICE_PLANNING_MODEL_NAME="<YOUR_MODEL_NAME>" \\\n  -e LLM_SERVICE_GENERAL_MODEL_NAME="<YOUR_MODEL_NAME>" \\\n  -e NAMESPACE="<YOUR_NAMESPACE>" \\\n  -e SOLACE_DEV_MODE="false" \\\n  -e SOLACE_BROKER_URL="<YOUR_BROKER_URL>" \\\n  -e SOLACE_BROKER_VPN="<YOUR_BROKER_VPN>" \\\n  -e SOLACE_BROKER_USERNAME="<YOUR_BROKER_USERNAME>" \\\n  -e SOLACE_BROKER_PASSWORD="<YOUR_BROKER_PASSWORD>" \\\n  -e FASTAPI_HOST="0.0.0.0" \\\n  -e FASTAPI_PORT="8000" \\\n  -e AZURE_TENANT_ID="xxxxxxxxx-xxxxxx-xxxxxxxx-xxxxxxxxxx" \\\n  -e AZURE_CLIENT_ID="xxxxxxxxx-xxxxxx-xxxxxxxx-xxxxxxxxxx" \\\n  -e AZURE_CLIENT_SECRET="xxxxxxxxx-xxxxxx-xxxxxxxx-xxxxxxxxxx" \\\n  -e OAUTH2_ENABLED="true" \\\n  -e OAUTH2_LOG_LEVEL="DEBUG" \\\n  -e OAUTH2_DEV_MODE="true" \\\n  -e OAUTH2_HOST="0.0.0.0" \\\n  -e OAUTH2_PORT="9000" \\\n  -e FRONTEND_USE_AUTHORIZATION="true" \\\n  -e FRONTEND_REDIRECT_URL="http://localhost:8000" \\\n  -e FRONTEND_AUTH_LOGIN_URL="http://localhost:8000/api/v1/auth/login" \\\n  -e EXTERNAL_AUTH_SERVICE_URL="http://localhost:9000" \\\n  -e EXTERNAL_AUTH_PROVIDER="azure" \\\n  -e EXTERNAL_AUTH_CALLBACK="http://localhost:8000/api/v1/auth/callback" \\\n  -v <YOUR_NAMED_DOCKER_VOLUME>:/app/config/sso_vol/ \\\n  --name sam-ent-prod-sso \\\nsolace-agent-mesh-enterprise:<tag> run config/sso_vol/oauth2_server.yaml config/webui_backend.yaml config/a2a_orchestrator.yaml config/a2a_agents.yaml\n'})}),"\n",(0,r.jsxs)(n.p,{children:["This command starts the container in detached mode with interactive terminal support. The ",(0,r.jsx)(n.code,{children:"-p"})," flags expose both the main UI port (8000) and the OAuth2 service port (9000) to the host machine. The volume mount makes your configuration files available inside the container at the expected location."]}),"\n",(0,r.jsxs)(n.p,{children:["After the container starts successfully, you can access the Agent Mesh Enterprise UI at ",(0,r.jsx)(n.a,{href:"http://localhost:8000",children:"http://localhost:8000"}),". When you navigate to this URL, the system will redirect you to your OAuth2 provider's login page for authentication."]}),"\n",(0,r.jsx)(n.h2,{id:"understanding-the-environment-variables",children:"Understanding the Environment Variables"}),"\n",(0,r.jsx)(n.p,{children:"The Docker run command includes numerous environment variables that control different aspects of the SSO configuration. Understanding these variables helps you customize the deployment for your specific environment."}),"\n",(0,r.jsx)(n.h3,{id:"core-application-settings",children:"Core Application Settings"}),"\n",(0,r.jsx)(n.p,{children:"These variables configure the main Agent Mesh Enterprise application:"}),"\n",(0,r.jsx)(n.pre,{children:(0,r.jsx)(n.code,{className:"language-bash",children:'-e FASTAPI_HOST="0.0.0.0" \\\n-e FASTAPI_PORT="8000" \\ \n'})}),"\n",(0,r.jsx)(n.p,{children:'The FASTAPI_HOST setting determines which network interfaces the main UI server binds to. Using "0.0.0.0" allows external access to the container, which is necessary for production deployments. The FASTAPI_PORT specifies which port the UI listens on inside the container.'}),"\n",(0,r.jsx)(n.h3,{id:"frontend-authentication-settings",children:"Frontend Authentication Settings"}),"\n",(0,r.jsx)(n.p,{children:"These variables control how the web UI handles authentication:"}),"\n",(0,r.jsx)(n.pre,{children:(0,r.jsx)(n.code,{className:"language-bash",children:'-e FRONTEND_USE_AUTHORIZATION="true" \\\n'})}),"\n",(0,r.jsx)(n.p,{children:'Setting FRONTEND_USE_AUTHORIZATION to "true" enables SSO processing on the frontend. When enabled, the UI will redirect unauthenticated users to the login flow instead of allowing direct access.'}),"\n",(0,r.jsx)(n.pre,{children:(0,r.jsx)(n.code,{className:"language-bash",children:'-e FRONTEND_REDIRECT_URL="http://localhost:8000" \\\n'})}),"\n",(0,r.jsxs)(n.p,{children:["The FRONTEND_REDIRECT_URL specifies the main URL of your UI. In production, this would be your public-facing domain (for example, ",(0,r.jsx)(n.a,{href:"https://www.example.com",children:"https://www.example.com"}),"). The system uses this URL to construct proper redirect chains during authentication."]}),"\n",(0,r.jsx)(n.pre,{children:(0,r.jsx)(n.code,{className:"language-bash",children:'-e FRONTEND_AUTH_LOGIN_URL="http://localhost:8000/api/v1/auth/login" \\\n'})}),"\n",(0,r.jsx)(n.p,{children:"The FRONTEND_AUTH_LOGIN_URL tells the frontend where to send users who need to authenticate. This endpoint initiates the OAuth2 flow by redirecting to your identity provider."}),"\n",(0,r.jsx)(n.h3,{id:"oauth2-service-settings",children:"OAuth2 Service Settings"}),"\n",(0,r.jsx)(n.p,{children:"These variables configure the OAuth2 authentication service itself:"}),"\n",(0,r.jsx)(n.pre,{children:(0,r.jsx)(n.code,{className:"language-bash",children:'-e OAUTH2_ENABLED="true" \\\n-e OAUTH2_LOG_LEVEL="DEBUG" \\\n'})}),"\n",(0,r.jsx)(n.p,{children:'The OAUTH2_ENABLED variable activates the OAuth2 service. Setting OAUTH2_LOG_LEVEL to "DEBUG" provides detailed logging information, which is helpful during initial setup and troubleshooting. You can change this to "INFO" or "WARNING" in production to reduce log verbosity.'}),"\n",(0,r.jsx)(n.pre,{children:(0,r.jsx)(n.code,{className:"language-bash",children:'-e OAUTH2_HOST="0.0.0.0" \\\n-e OAUTH2_PORT="9000" \\\n'})}),"\n",(0,r.jsx)(n.p,{children:'These variables specify where the OAuth2 authentication service listens for requests. Using "0.0.0.0" as the host allows external access to the container, which is necessary because the OAuth2 provider needs to reach the callback endpoint. The port must match the port mapping in your Docker run command.'}),"\n",(0,r.jsx)(n.pre,{children:(0,r.jsx)(n.code,{className:"language-bash",children:'-e OAUTH2_DEV_MODE="true" \\\n'})}),"\n",(0,r.jsx)(n.p,{children:'The OAUTH2_DEV_MODE setting controls whether the OAuth2 service operates in development mode. When set to "true", the service sets these internal environment variables:'}),"\n",(0,r.jsx)(n.pre,{children:(0,r.jsx)(n.code,{className:"language-bash",children:'OAUTHLIB_RELAX_TOKEN_SCOPE="1"\nOAUTHLIB_INSECURE_TRANSPORT="1"\n'})}),"\n",(0,r.jsx)(n.p,{children:'These settings allow HTTP connections (instead of requiring HTTPS) and relax token scope validation. This is convenient for local development and testing, but you must set OAUTH2_DEV_MODE to "false" in production environments to maintain security. Production deployments should always use HTTPS with valid SSL certificates.'}),"\n",(0,r.jsx)(n.h3,{id:"provider-specific-credentials",children:"Provider-Specific Credentials"}),"\n",(0,r.jsx)(n.p,{children:"These variables provide the credentials obtained from your OAuth2 provider. The example shows Azure configuration:"}),"\n",(0,r.jsx)(n.pre,{children:(0,r.jsx)(n.code,{className:"language-bash",children:'-e AZURE_TENANT_ID="xxxxxxxxx-xxxxxx-xxxxxxxx-xxxxxxxxxx" \\\n-e AZURE_CLIENT_ID="xxxxxxxxx-xxxxxx-xxxxxxxx-xxxxxxxxxx" \\\n-e AZURE_CLIENT_SECRET="xxxxxxxxx-xxxxxx-xxxxxxxx-xxxxxxxxxx" \\\n'})}),"\n",(0,r.jsx)(n.p,{children:"The required variables depend on which provider you configured in oauth2_config.yaml. For Google, you would use GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET. For Auth0, you would use AUTH0_CLIENT_ID, AUTH0_CLIENT_SECRET, and AUTH0_ISSUER. Refer to the oauth2_config.yaml file to identify the exact variable names for your chosen provider."}),"\n",(0,r.jsx)(n.h3,{id:"external-authentication-configuration",children:"External Authentication Configuration"}),"\n",(0,r.jsx)(n.p,{children:"These variables connect the main UI to the OAuth2 service:"}),"\n",(0,r.jsx)(n.pre,{children:(0,r.jsx)(n.code,{className:"language-bash",children:'-e EXTERNAL_AUTH_SERVICE_URL="http://localhost:9000" \\\n-e EXTERNAL_AUTH_PROVIDER="azure" \\\n'})}),"\n",(0,r.jsx)(n.p,{children:'The EXTERNAL_AUTH_SERVICE_URL specifies the public URL where the OAuth2 service can be reached. This must be accessible from outside the Docker container because your OAuth2 provider will redirect users to this service. The EXTERNAL_AUTH_PROVIDER must match one of the provider names defined in your oauth2_config.yaml file (in this example, "azure").'}),"\n",(0,r.jsx)(n.pre,{children:(0,r.jsx)(n.code,{className:"language-bash",children:'-e EXTERNAL_AUTH_CALLBACK="http://localhost:8000/api/v1/auth/callback" \\\n'})}),"\n",(0,r.jsxs)(n.p,{children:["The EXTERNAL_AUTH_CALLBACK is the URL where your OAuth2 provider redirects users after successful authentication. This URL must be registered with your OAuth2 provider as an authorized redirect URI. In production, this would be your public domain followed by the callback path (for example, ",(0,r.jsx)(n.a,{href:"https://www.example.com/api/v1/auth/callback",children:"https://www.example.com/api/v1/auth/callback"}),")."]}),"\n",(0,r.jsx)(n.h3,{id:"port-mapping-and-volume-mount",children:"Port Mapping and Volume Mount"}),"\n",(0,r.jsx)(n.p,{children:"Two additional configuration elements are essential for SSO to function:"}),"\n",(0,r.jsx)(n.pre,{children:(0,r.jsx)(n.code,{className:"language-bash",children:"-p 8000:8000 -p 9000:9000 \\\n"})}),"\n",(0,r.jsx)(n.p,{children:"Both the main UI port (8000) and the OAuth2 service port (9000) must be mapped to the host machine. This allows external access to both services, which is necessary for the authentication flow to complete successfully."}),"\n",(0,r.jsx)(n.pre,{children:(0,r.jsx)(n.code,{className:"language-bash",children:"-v <YOUR_NAMED_DOCKER_VOLUME>:/app/config/sso_vol/ \\\n"})}),"\n",(0,r.jsxs)(n.p,{children:["The volume mount makes your OAuth2 configuration files available inside the container at the expected location. Replace ",(0,r.jsx)(n.code,{children:"<YOUR_NAMED_DOCKER_VOLUME>"})," with the path to your Named Docker Volume containing the oauth2_server.yaml and oauth2_config.yaml files."]}),"\n",(0,r.jsx)(n.h2,{id:"verifying-your-sso-configuration",children:"Verifying Your SSO Configuration"}),"\n",(0,r.jsx)(n.p,{children:"After starting the container, you can verify that SSO is working correctly:"}),"\n",(0,r.jsxs)(n.ol,{children:["\n",(0,r.jsxs)(n.li,{children:["Navigate to ",(0,r.jsx)(n.a,{href:"http://localhost:8000",children:"http://localhost:8000"})," in your web browser"]}),"\n",(0,r.jsx)(n.li,{children:"You should be automatically redirected to your OAuth2 provider's login page"}),"\n",(0,r.jsx)(n.li,{children:"After entering your credentials, you should be redirected back to the Agent Mesh Enterprise UI"}),"\n",(0,r.jsxs)(n.li,{children:["Check the container logs for any authentication errors: ",(0,r.jsx)(n.code,{children:"docker logs sam-ent-prod-sso"})]}),"\n"]}),"\n",(0,r.jsx)(n.p,{children:"If you encounter issues, check that:"}),"\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsx)(n.li,{children:"Your OAuth2 provider credentials are correct"}),"\n",(0,r.jsx)(n.li,{children:"The redirect URI in your provider's configuration matches the EXTERNAL_AUTH_CALLBACK value"}),"\n",(0,r.jsx)(n.li,{children:"Both ports (8000 and 9000) are accessible from your network"}),"\n",(0,r.jsx)(n.li,{children:"The configuration files are properly mounted in the container"}),"\n"]}),"\n",(0,r.jsx)(n.h2,{id:"understanding-the-oauth2-flow-and-environment-variables",children:"Understanding the OAuth2 Flow and Environment Variables"}),"\n",(0,r.jsx)(n.p,{children:"When using SSO, it\u2019s important to understand how the authentication flow works between the WebUI Gateway, the OAuth2 service, and your identity provider (IdP). This section clarifies the purpose of each variable and common configuration mistakes."}),"\n",(0,r.jsx)(n.h3,{id:"how-the-oauth2-flow-works",children:"How the OAuth2 Flow Works"}),"\n",(0,r.jsxs)(n.ol,{children:["\n",(0,r.jsxs)(n.li,{children:["A user opens the frontend application (for example, ",(0,r.jsx)(n.code,{children:"http://localhost:8000"}),").","\n",(0,r.jsxs)(n.ul,{children:["\n",(0,r.jsx)(n.li,{children:"The frontend checks whether a valid access token exists (e.g., in local storage or cookies)."}),"\n",(0,r.jsxs)(n.li,{children:["If no valid token is found or the token has expired, the frontend automatically calls the backend endpoint defined by ",(0,r.jsx)(n.code,{children:"FRONTEND_AUTH_LOGIN_URL"})," (for example, ",(0,r.jsx)(n.code,{children:"http://localhost:8000/api/v1/auth/login"}),") to start the authentication process."]}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(n.li,{children:["The WebUI Gateway calls the ",(0,r.jsx)(n.code,{children:"EXTERNAL_AUTH_SERVICE_URL"})," (typically ",(0,r.jsx)(n.code,{children:"http://localhost:9000"}),") and passes the ",(0,r.jsx)(n.code,{children:"EXTERNAL_AUTH_PROVIDER"})," value (such as ",(0,r.jsx)(n.code,{children:"azure"})," or ",(0,r.jsx)(n.code,{children:"keycloak"})," or ",(0,r.jsx)(n.code,{children:"auth0"}),", or ",(0,r.jsx)(n.code,{children:"google"}),")."]}),"\n",(0,r.jsxs)(n.li,{children:["The OAuth2 service looks up the provider in ",(0,r.jsx)(n.code,{children:"oauth2_config.yaml"})," and automatically constructs the correct authorization request using the provider\u2019s ",(0,r.jsx)(n.code,{children:"issuer"}),", ",(0,r.jsx)(n.code,{children:"client_id"}),", ",(0,r.jsx)(n.code,{children:"redirect_uri"}),", and ",(0,r.jsx)(n.code,{children:"scope"}),"."]}),"\n",(0,r.jsx)(n.li,{children:"The user is redirected to the IdP (e.g., Azure AD, Auth0, or Keycloak) for login."}),"\n",(0,r.jsxs)(n.li,{children:["After successful login, the IdP redirects back to ",(0,r.jsx)(n.code,{children:"EXTERNAL_AUTH_CALLBACK"})," (for example, ",(0,r.jsx)(n.code,{children:"http://localhost:8000/api/v1/auth/callback"}),")."]}),"\n",(0,r.jsx)(n.li,{children:"The OAuth2 service exchanges the authorization code for tokens and finalizes authentication."}),"\n"]}),"\n",(0,r.jsxs)(n.blockquote,{children:["\n",(0,r.jsxs)(n.p,{children:[(0,r.jsx)(n.strong,{children:"Note:"}),(0,r.jsx)(n.br,{}),"\n","You do ",(0,r.jsx)(n.em,{children:"not"})," need to manually append ",(0,r.jsx)(n.code,{children:"client_id"}),", ",(0,r.jsx)(n.code,{children:"scope"}),", or ",(0,r.jsx)(n.code,{children:"redirect_uri"})," query parameters to the login URL.",(0,r.jsx)(n.br,{}),"\n","The OAuth2 service automatically handles these based on the selected provider in ",(0,r.jsx)(n.code,{children:"oauth2_config.yaml"}),"."]}),"\n"]}),"\n",(0,r.jsx)(n.h3,{id:"common-environment-variables",children:"Common Environment Variables"}),"\n",(0,r.jsxs)(n.table,{children:[(0,r.jsx)(n.thead,{children:(0,r.jsxs)(n.tr,{children:[(0,r.jsx)(n.th,{children:"Variable"}),(0,r.jsx)(n.th,{children:"Purpose"}),(0,r.jsx)(n.th,{children:"Example"})]})}),(0,r.jsxs)(n.tbody,{children:[(0,r.jsxs)(n.tr,{children:[(0,r.jsx)(n.td,{children:(0,r.jsx)(n.code,{children:"FRONTEND_AUTH_LOGIN_URL"})}),(0,r.jsxs)(n.td,{children:["The frontend endpoint that triggers authentication. It should ",(0,r.jsx)(n.strong,{children:"not"})," include OAuth query parameters."]}),(0,r.jsx)(n.td,{children:(0,r.jsx)(n.code,{children:"http://localhost:8000/api/v1/auth/login"})})]}),(0,r.jsxs)(n.tr,{children:[(0,r.jsx)(n.td,{children:(0,r.jsx)(n.code,{children:"EXTERNAL_AUTH_SERVICE_URL"})}),(0,r.jsx)(n.td,{children:"URL of the OAuth2 authentication service."}),(0,r.jsx)(n.td,{children:(0,r.jsx)(n.code,{children:"http://localhost:9000"})})]}),(0,r.jsxs)(n.tr,{children:[(0,r.jsx)(n.td,{children:(0,r.jsx)(n.code,{children:"EXTERNAL_AUTH_PROVIDER"})}),(0,r.jsxs)(n.td,{children:["The IdP name as defined under ",(0,r.jsx)(n.code,{children:"providers:"})," in ",(0,r.jsx)(n.code,{children:"oauth2_config.yaml"}),"."]}),(0,r.jsxs)(n.td,{children:[(0,r.jsx)(n.code,{children:"azure"})," or ",(0,r.jsx)(n.code,{children:"keycloak"})]})]}),(0,r.jsxs)(n.tr,{children:[(0,r.jsx)(n.td,{children:(0,r.jsx)(n.code,{children:"EXTERNAL_AUTH_CALLBACK"})}),(0,r.jsx)(n.td,{children:"Callback URI used after login. Must match the redirect URI registered with your IdP."}),(0,r.jsx)(n.td,{children:(0,r.jsx)(n.code,{children:"http://localhost:8000/api/v1/auth/callback"})})]}),(0,r.jsxs)(n.tr,{children:[(0,r.jsx)(n.td,{children:(0,r.jsx)(n.code,{children:"FRONTEND_REDIRECT_URL"})}),(0,r.jsx)(n.td,{children:"Where users are redirected after login completes."}),(0,r.jsx)(n.td,{children:(0,r.jsx)(n.code,{children:"http://localhost:8000"})})]})]})]}),"\n",(0,r.jsx)(n.h2,{id:"security-considerations-for-production",children:"Security Considerations for Production"}),"\n",(0,r.jsx)(n.p,{children:"When deploying SSO in a production environment, follow these security best practices:"}),"\n",(0,r.jsx)(n.p,{children:'Set OAUTH2_DEV_MODE to "false" to disable insecure transport and enforce proper token validation. This ensures that all OAuth2 communication uses HTTPS with valid SSL certificates.'}),"\n",(0,r.jsx)(n.p,{children:"Use HTTPS for all URLs (FRONTEND_REDIRECT_URL, FRONTEND_AUTH_LOGIN_URL, EXTERNAL_AUTH_SERVICE_URL, and EXTERNAL_AUTH_CALLBACK). Configure SSL certificates using the ssl_cert and ssl_key parameters in oauth2_server.yaml."}),"\n",(0,r.jsx)(n.p,{children:'Restrict CORS origins by setting OAUTH2_CORS_ORIGINS to your specific domain instead of using the wildcard "*". This prevents unauthorized websites from making requests to your authentication service.'}),"\n",(0,r.jsx)(n.p,{children:"Regularly rotate your OAuth2 client secrets and update the corresponding environment variables. Store sensitive credentials securely using Docker secrets or a secrets management service rather than passing them directly in the command line."}),"\n",(0,r.jsx)(n.p,{children:"Configure appropriate session timeouts based on your security requirements. Shorter timeouts increase security but may inconvenience users who need to reauthenticate more frequently."}),"\n",(0,r.jsx)(n.p,{children:"Monitor authentication logs for suspicious activity and failed login attempts. The OAuth2 service logs all authentication events, which you can review for security auditing."})]})}function d(e={}){const{wrapper:n}={...(0,o.R)(),...e.components};return n?(0,r.jsx)(n,{...e,children:(0,r.jsx)(h,{...e})}):h(e)}},8453:(e,n,t)=>{t.d(n,{R:()=>s,x:()=>a});var i=t(6540);const r={},o=i.createContext(r);function s(e){const n=i.useContext(o);return i.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function a(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(r):e.components||r:s(e.components),i.createElement(o.Provider,{value:n},e.children)}}}]);