Merge pull request #92 from agentic-community/feature/sre-gateway-integration-issue-91

Enhanced MCP Gateway & Registry with SRE Gateway Integration

Author: aarora79

agents/.env.template

@@ -24,4 +24,6 @@ SECRET_KEY=your-secret-key-here
 # Either http://localhost:8000 or the HTTPS URL of your deployed MCP Gateway
 REGISTRY_URL=your_registry_url_here
 
-ANTHROPIC_API_KEY=your_anthropic_api_key_here
+ANTHROPIC_API_KEY=your_anthropic_api_key_here
+
+SRE_GATEWAY_AUTH_TOKEN=your_sre_gateway_auth_token_here

agents/agent.py

@@ -81,6 +81,32 @@
 # Get logger
 logger = logging.getLogger(__name__)
 
+# Global constant for default MCP tool name to filter and use
+DEFAULT_MCP_TOOL_NAME = "intelligent_tool_finder"
+
+
+def enable_verbose_logging():
+    """Enable verbose debug logging for HTTP libraries and main logger."""
+    # Set main logger to DEBUG level
+    logger.setLevel(logging.DEBUG)
+    
+    # Enable debug logging for httpx to see request/response details
+    httpx_logger = logging.getLogger("httpx")
+    httpx_logger.setLevel(logging.DEBUG)
+    httpx_logger.propagate = True
+
+    # Enable debug logging for httpcore (underlying HTTP library)
+    httpcore_logger = logging.getLogger("httpcore")
+    httpcore_logger.setLevel(logging.DEBUG)
+    httpcore_logger.propagate = True
+
+    # Enable debug logging for mcp client libraries
+    mcp_logger = logging.getLogger("mcp")
+    mcp_logger.setLevel(logging.DEBUG)
+    mcp_logger.propagate = True
+    
+    logger.info("Verbose logging enabled for httpx, httpcore, mcp libraries, and main logger")
+
 def get_auth_mode_from_args() -> tuple[bool, str, str]:
     """
     Parse command line arguments to determine authentication mode and env file names.
@@ -231,6 +257,14 @@ def parse_arguments() -> argparse.Namespace:
     parser.add_argument('--message', type=str, default='what is the current time in Clarksburg, MD',
                         help='Message to send to the agent')
 
+    # MCP tool filtering arguments
+    parser.add_argument('--mcp-tool-name', type=str, default=DEFAULT_MCP_TOOL_NAME,
+                        help=f'Name of the MCP tool to filter and use (default: {DEFAULT_MCP_TOOL_NAME})')
+    
+    # Verbose logging argument
+    parser.add_argument('--verbose', '-v', action='store_true',
+                        help='Enable verbose HTTP debugging output')
+    
     # Authentication method arguments
     parser.add_argument('--use-session-cookie', action='store_true',
                         help='Use session cookie authentication instead of M2M')
@@ -261,6 +295,10 @@ def parse_arguments() -> argparse.Namespace:
 
     args = parser.parse_args()
 
+    # Enable verbose logging if requested
+    if args.verbose:
+        enable_verbose_logging()
+    
     # Validate authentication parameters based on method
     if args.use_session_cookie:
         # For session cookie auth, we just need the cookie file
@@ -394,19 +432,29 @@ async def invoke_mcp_tool(mcp_registry_url: str, server_name: str, tool_name: st
     }
 
     # TRACE: Print all parameters received by invoke_mcp_tool
-    logger.info(f"invoke_mcp_tool TRACE - Parameters received:")
-    logger.info(f"  mcp_registry_url: {mcp_registry_url}")
-    logger.info(f"  server_name: {server_name}")
-    logger.info(f"  tool_name: {tool_name}")
-    logger.info(f"  arguments: {arguments}")
-    logger.info(f"  auth_token: {auth_token[:50] if auth_token else 'None'}...")
-    logger.info(f"  user_pool_id: {user_pool_id}")
-    logger.info(f"  client_id: {client_id}")
-    logger.info(f"  region: {region}")
-    logger.info(f"  auth_method: {auth_method}")
-    logger.info(f"  session_cookie: {session_cookie}")
-    logger.info(f"  supported_transports: {supported_transports}")
-    logger.info(f"invoke_mcp_tool TRACE - Headers built: {headers}")
+    logger.debug(f"invoke_mcp_tool TRACE - Parameters received:")
+    logger.debug(f"  mcp_registry_url: {mcp_registry_url}")
+    logger.debug(f"  server_name: {server_name}")
+    logger.debug(f"  tool_name: {tool_name}")
+    logger.debug(f"  arguments: {arguments}")
+    logger.debug(f"  auth_token: {auth_token[:50] if auth_token else 'None'}...")
+    logger.debug(f"  user_pool_id: {user_pool_id}")
+    logger.debug(f"  client_id: {client_id}")
+    logger.debug(f"  region: {region}")
+    logger.debug(f"  auth_method: {auth_method}")
+    logger.debug(f"  session_cookie: {session_cookie}")
+    logger.debug(f"  supported_transports: {supported_transports}")
+    logger.debug(f"invoke_mcp_tool TRACE - Headers built: {headers}")
+    
+    # Check for server-specific AUTH_TOKEN environment variable
+    # Convert server_name to env var format: /sre-gateway -> SRE_GATEWAY_AUTH_TOKEN
+    server_env_name = server_name.strip('/').upper().replace('-', '_') + '_AUTH_TOKEN'
+    server_auth_token = os.environ.get(server_env_name)
+    
+    if server_auth_token:
+        logger.info(f"Found server-specific auth token in environment variable: {server_env_name}")
+        # Use the server-specific token for Authorization header
+        headers['Authorization'] = f'Bearer {server_auth_token}'
 
     if auth_method == "session_cookie" and session_cookie:
         headers['Cookie'] = f'mcp_gateway_session={session_cookie}'
@@ -416,10 +464,16 @@ async def invoke_mcp_tool(mcp_registry_url: str, server_name: str, tool_name: st
             'X-Client-Id': redact_sensitive_value(client_id) if client_id else '',
             'X-Region': region or 'us-east-1'
         }
+        if server_auth_token:
+            redacted_headers['Authorization'] = f'Bearer {redact_sensitive_value(server_auth_token)}'
     else:
-        headers['Authorization'] = f'Bearer {auth_token}'
+        headers['X-Authorization'] = f'Bearer {auth_token}'
+        # If no server-specific token, use the general auth_token
+        if not server_auth_token:
+            headers['Authorization'] = f'Bearer {auth_token}'
         redacted_headers = {
-            'Authorization': f'Bearer {redact_sensitive_value(auth_token)}',
+            'Authorization': f'Bearer {redact_sensitive_value(server_auth_token or auth_token)}',
+            'X-Authorization': f'Bearer {redact_sensitive_value(auth_token)}',
             'X-User-Pool-Id': redact_sensitive_value(user_pool_id) if user_pool_id else '',
             'X-Client-Id': redact_sensitive_value(client_id) if client_id else '',
             'X-Region': region or 'us-east-1'
@@ -707,7 +761,8 @@ async def main():
     model = ChatAnthropic(
         model=args.model,
         api_key=anthropic_api_key,
-        temperature=0
+        temperature=0,
+        max_tokens=8192,
     )
 
     try:
@@ -722,7 +777,7 @@ async def main():
         else:
             # For both M2M and pre-generated JWT tokens
             auth_headers = {
-                'Authorization': f'Bearer {access_token}',
+                'X-Authorization': f'Bearer {access_token}',
                 'X-User-Pool-Id': args.user_pool_id,
                 'X-Client-Id': args.client_id,
                 'X-Region': args.region
@@ -731,7 +786,7 @@ async def main():
         # Log redacted headers
         redacted_headers = {}
         for k, v in auth_headers.items():
-            if k in ['Authorization', 'Cookie', 'X-User-Pool-Id', 'X-Client-Id']:
+            if k in ['X-Authorization', 'Cookie', 'X-User-Pool-Id', 'X-Client-Id']:
                 redacted_headers[k] = redact_sensitive_value(v) if v else ''
             else:
                 redacted_headers[k] = v
@@ -755,9 +810,12 @@ async def main():
                 mcp_tools = await client.get_tools()
                 logger.info(f"Available MCP tools: {[tool.name for tool in mcp_tools]}")
 
-                # Add the calculator and invoke_mcp_tool to the tools array
-                # The invoke_mcp_tool function already supports authentication parameters
-                all_tools = [calculator, invoke_mcp_tool] + mcp_tools
+                # Filter MCP tools to only include the specified tool
+                filtered_tools = [tool for tool in mcp_tools if tool.name == args.mcp_tool_name]
+                logger.info(f"Filtered MCP tools ({args.mcp_tool_name} only): {[tool.name for tool in filtered_tools]}")
+                
+                # Add only the calculator, invoke_mcp_tool, and the specified MCP tool to the tools array
+                all_tools = [calculator, invoke_mcp_tool] + filtered_tools
                 logger.info(f"All available tools: {[tool.name if hasattr(tool, 'name') else tool.__name__ for tool in all_tools]}")
 
                 # Create the agent with the model and all tools

agents/system_prompt.txt

@@ -16,7 +16,7 @@ You have direct access to these built-in tools:
 - And other specialized capabilities that may be available
 
 When using intelligent_tool_finder and invoke_mcp_tool:
-1. Use intelligent_tool_finder to discover tools: `intelligent_tool_finder("description of needed capability")`
+1. Use intelligent_tool_finder to discover tools with maximum scope: `intelligent_tool_finder("description of needed capability", top_k_services=500, top_n_tools=5000)`
 2. Always use the "service_path" field from the finder results as the server_name parameter
 3. Use invoke_mcp_tool with the discovered information:
 

auth_server/scopes.yml

@@ -116,6 +116,36 @@ mcp-servers-unrestricted/read:
     tools:
       - get_stock_aggregates
       - print_stock_data
+  - server: sre-gateway
+    methods:
+      - initialize
+      - notifications/initialized
+      - ping
+      - tools/list
+      - tools/call
+    tools:
+      - x_amz_bedrock_agentcore_search
+      - k8s-api___get_cluster_events
+      - k8s-api___get_deployment_status
+      - k8s-api___get_node_status
+      - k8s-api___get_pod_status
+      - k8s-api___get_resource_usage
+      - logs-api___analyze_log_patterns
+      - logs-api___count_log_events
+      - logs-api___get_error_logs
+      - logs-api___get_recent_logs
+      - logs-api___search_logs
+      - metrics-api___analyze_trends
+      - metrics-api___get_availability_metrics
+      - metrics-api___get_error_rates
+      - metrics-api___get_performance_metrics
+      - metrics-api___get_resource_metrics
+      - runbooks-api___get_common_resolutions
+      - runbooks-api___get_escalation_procedures
+      - runbooks-api___get_incident_playbook
+      - runbooks-api___get_troubleshooting_guide
+      - runbooks-api___search_runbooks
+
 
 mcp-servers-unrestricted/execute:
     - server: auth_server
@@ -174,6 +204,35 @@ mcp-servers-unrestricted/execute:
       tools:
         - get_stock_aggregates
         - print_stock_data
+    - server: sre-gateway
+      methods:
+        - initialize
+        - notifications/initialized
+        - ping
+        - tools/list
+        - tools/call
+      tools:
+        - x_amz_bedrock_agentcore_search
+        - k8s-api___get_cluster_events
+        - k8s-api___get_deployment_status
+        - k8s-api___get_node_status
+        - k8s-api___get_pod_status
+        - k8s-api___get_resource_usage
+        - logs-api___analyze_log_patterns
+        - logs-api___count_log_events
+        - logs-api___get_error_logs
+        - logs-api___get_recent_logs
+        - logs-api___search_logs
+        - metrics-api___analyze_trends
+        - metrics-api___get_availability_metrics
+        - metrics-api___get_error_rates
+        - metrics-api___get_performance_metrics
+        - metrics-api___get_resource_metrics
+        - runbooks-api___get_common_resolutions
+        - runbooks-api___get_escalation_procedures
+        - runbooks-api___get_incident_playbook
+        - runbooks-api___get_troubleshooting_guide
+        - runbooks-api___search_runbooks
 
 mcp-servers-restricted/read:
   - server: auth_server

auth_server/server.py

@@ -743,7 +743,7 @@ async def validate_request(request: Request):
 
     try:
         # Extract headers
-        authorization = request.headers.get("Authorization")
+        authorization = request.headers.get("X-Authorization")
         cookie_header = request.headers.get("Cookie", "")
         user_pool_id = request.headers.get("X-User-Pool-Id")
         client_id = request.headers.get("X-Client-Id")

docker-compose.yml

@@ -18,6 +18,7 @@ services:
       - COGNITO_CLIENT_SECRET=${COGNITO_CLIENT_SECRET}
       - COGNITO_USER_POOL_ID=${COGNITO_USER_POOL_ID}
       - AWS_REGION=${AWS_REGION:-us-east-1}
+      - MCP_SERVER1_AUTH_TOKEN=${MCP_SERVER1_AUTH_TOKEN}
     ports:
       - "80:80"
       - "443:443"

docker/nginx_rev_proxy.conf

@@ -34,6 +34,8 @@ server {
         proxy_set_header X-User-Pool-Id $http_x_user_pool_id;
         proxy_set_header X-Client-Id $http_x_client_id;
         proxy_set_header X-Region $http_x_region;
+        proxy_set_header X-Authorization $http_x_authorization; 
+
 
         # Pass all original headers (including Authorization and X-Body from Lua)
         proxy_pass_request_headers on;
@@ -187,6 +189,7 @@ server {
         proxy_set_header X-User-Pool-Id $http_x_user_pool_id;
         proxy_set_header X-Client-Id $http_x_client_id;
         proxy_set_header X-Region $http_x_region;
+        proxy_set_header X-Authorization $http_x_authorization; 
 
         # Pass all original headers (including Authorization and X-Body from Lua)
         proxy_pass_request_headers on;

docker/registry-entrypoint.sh

@@ -112,6 +112,20 @@ else
     echo "Model already exists, skipping download."
 fi
 
+# --- Environment Variable Substitution for MCP Server Auth Tokens ---
+echo "Processing MCP Server configuration files..."
+for i in $(seq 1 99); do
+    env_var_name="MCP_SERVER${i}_AUTH_TOKEN"
+    env_var_value=$(eval echo \$$env_var_name)
+    
+    if [ ! -z "$env_var_value" ]; then
+        echo "Found $env_var_name, substituting in server JSON files..."
+        # Replace the literal environment variable name with its value in all JSON files
+        find /app/registry/servers -name "*.json" -type f -exec sed -i "s|$env_var_name|$env_var_value|g" {} \;
+    fi
+done
+echo "MCP Server configuration processing completed."
+
 # --- Start Background Services ---
 export EMBEDDINGS_MODEL_NAME=$EMBEDDINGS_MODEL_NAME
 export EMBEDDINGS_MODEL_DIMENSIONS=384