Copy disabled (too large)
Download .txt
Showing preview only (14,504K chars total). Download the full file to get everything.
Repository: agentic-community/mcp-gateway-registry
Branch: main
Commit: 7484ec63a5fd
Files: 1081
Total size: 13.6 MB
Directory structure:
gitextract_s_yfwmf8/
├── .bandit
├── .claudeignore
├── .dockerignore
├── .env.example
├── .github/
│ └── workflows/
│ ├── auth-server-test.yml
│ ├── build-auth-server.yml
│ ├── build-mcpgw.yml
│ ├── build-registry.yml
│ ├── docs.yml
│ ├── helm-chart-update.yml
│ ├── helm-release-retag.yml
│ ├── helm-test.yml
│ ├── metrics-service-test.yml
│ ├── registry-test.yml
│ ├── release-images.yml
│ └── terraform-test.yml
├── .gitignore
├── .pre-commit-config.yaml
├── .secrets.baseline
├── .semgrepignore
├── CLAUDE.md
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── DEV_INSTRUCTIONS.md
├── Dockerfile
├── LICENSE
├── Makefile
├── NOTICE
├── README.md
├── SECURITY.md
├── agents/
│ ├── a2a/
│ │ ├── .dockerignore
│ │ ├── .env.example
│ │ ├── .gitignore
│ │ ├── README.md
│ │ ├── deploy_live.sh
│ │ ├── deploy_local.sh
│ │ ├── docker-compose.arm.yml
│ │ ├── docker-compose.local.yml
│ │ ├── pyproject.toml
│ │ ├── shutdown_local.sh
│ │ ├── src/
│ │ │ ├── flight-booking-agent/
│ │ │ │ ├── Dockerfile
│ │ │ │ ├── __init__.py
│ │ │ │ ├── agent.py
│ │ │ │ ├── database.py
│ │ │ │ ├── dependencies.py
│ │ │ │ ├── env_settings.py
│ │ │ │ └── tools.py
│ │ │ └── travel-assistant-agent/
│ │ │ ├── Dockerfile
│ │ │ ├── __init__.py
│ │ │ ├── agent.py
│ │ │ ├── database.py
│ │ │ ├── dependencies.py
│ │ │ ├── env_settings.py
│ │ │ ├── models.py
│ │ │ ├── registry_discovery_client.py
│ │ │ ├── remote_agent_client.py
│ │ │ ├── server.py
│ │ │ └── tools.py
│ │ └── test/
│ │ ├── agent_discovery_test.py
│ │ ├── agent_simple_test.py
│ │ ├── check_agent_cards.sh
│ │ ├── flight_booking_agent_card.json
│ │ ├── simple_agents_test.py
│ │ └── travel_assistant_agent_card.json
│ ├── agent.py
│ ├── cli_user_auth.py
│ ├── client.py
│ ├── registry_client.py
│ └── system_prompt.txt
├── api/
│ ├── .gitignore
│ ├── README.md
│ ├── USER-GROUP-MANAGEMENT.md
│ ├── get-m2m-token.sh
│ ├── populate-registry.sh
│ ├── registry_client.py
│ ├── registry_management.py
│ ├── test-management-api-e2e.md
│ ├── test-management-api-e2e.sh
│ └── test-mcp-client.sh
├── auth_server/
│ ├── __init__.py
│ ├── cognito_utils.py
│ ├── metrics_middleware.py
│ ├── mongodb_groups_enrichment.py
│ ├── oauth2_providers.yml
│ ├── providers/
│ │ ├── __init__.py
│ │ ├── auth0.py
│ │ ├── base.py
│ │ ├── cognito.py
│ │ ├── entra.py
│ │ ├── factory.py
│ │ ├── keycloak.py
│ │ └── okta.py
│ ├── pyproject.toml
│ ├── scopes.yml
│ ├── scopes.yml.backup
│ └── server.py
├── build-config.yaml
├── build_and_run.sh
├── charts/
│ ├── README.md
│ ├── auth-server/
│ │ ├── Chart.yaml
│ │ ├── templates/
│ │ │ ├── configmap-app-log.yaml
│ │ │ ├── deployment.yaml
│ │ │ ├── ingress.yaml
│ │ │ ├── secret.yaml
│ │ │ └── service.yaml
│ │ └── values.yaml
│ ├── keycloak-configure/
│ │ ├── Chart.yaml
│ │ ├── templates/
│ │ │ ├── configmap.yaml
│ │ │ ├── job.yaml
│ │ │ ├── role.yaml
│ │ │ ├── rolebinding.yaml
│ │ │ ├── sa.yaml
│ │ │ └── secret.yaml
│ │ └── values.yaml
│ ├── mcp-gateway-registry-stack/
│ │ ├── Chart.yaml
│ │ ├── README.md
│ │ ├── templates/
│ │ │ ├── _helpers.tpl
│ │ │ ├── keycloak-admin-secret.yaml
│ │ │ ├── keycloak-ingress-patch.yaml
│ │ │ ├── keycloak-pg-secret.yaml
│ │ │ ├── mongodb-cluster.yaml
│ │ │ ├── mongodb-secret.yaml
│ │ │ ├── oauth-provider-secret.yaml
│ │ │ ├── shared-secret.yaml
│ │ │ └── version-configmap.yaml
│ │ └── values.yaml
│ ├── mcpgw/
│ │ ├── Chart.yaml
│ │ ├── templates/
│ │ │ ├── deployment.yaml
│ │ │ ├── ingress.yaml
│ │ │ ├── secret.yaml
│ │ │ └── service.yaml
│ │ └── values.yaml
│ ├── mongodb-configure/
│ │ ├── Chart.yaml
│ │ ├── templates/
│ │ │ ├── configmap.yaml
│ │ │ ├── job.yaml
│ │ │ └── secret.yaml
│ │ └── values.yaml
│ └── registry/
│ ├── Chart.yaml
│ ├── templates/
│ │ ├── configmap-app-log.yaml
│ │ ├── configmap-otel.yaml
│ │ ├── deployment.yaml
│ │ ├── ingress.yaml
│ │ ├── secret.yaml
│ │ └── service.yaml
│ └── values.yaml
├── cli/
│ ├── agent_mgmt.py
│ ├── agent_mgmt.sh
│ ├── agentcore/
│ │ ├── __init__.py
│ │ ├── __main__.py
│ │ ├── discovery.py
│ │ ├── models.py
│ │ ├── registration.py
│ │ ├── sync.py
│ │ └── token_refresher.py
│ ├── anthropic_transformer.py
│ ├── bin/
│ │ └── registry.js
│ ├── bootstrap_user_and_m2m_setup.sh
│ ├── examples/
│ │ ├── README.md
│ │ ├── airegistry.json
│ │ ├── aws-kb-server.json
│ │ ├── cloudflare-docs-server-config.json
│ │ ├── code_reviewer_agent.json
│ │ ├── complete-agent-example.json
│ │ ├── complete-server-example.json
│ │ ├── context7-server-config.json
│ │ ├── context7-v2-server-config.json
│ │ ├── currenttime-users.json
│ │ ├── currenttime-v2.json
│ │ ├── currenttime.json
│ │ ├── data_analysis_agent.json
│ │ ├── devops_deployment_agent.json
│ │ ├── documentation_agent.json
│ │ ├── federation-config-agentcore-example.json
│ │ ├── federation-config-example.json
│ │ ├── flight_booking_agent_card.json
│ │ ├── flight_booking_agent_ecs.json
│ │ ├── geospatial_route_planner_agent.json
│ │ ├── invalid-config.json
│ │ ├── jewel_homes_support_agent_card.json
│ │ ├── minimal-server-config.json
│ │ ├── peer-registry-lob-1.json.example
│ │ ├── public-mcp-users.json
│ │ ├── realserverfaketools.json
│ │ ├── security_analyzer_agent.json
│ │ ├── server-config.json
│ │ ├── test-peer-config.json
│ │ ├── test-timing-server.json
│ │ ├── test_automation_agent.json
│ │ ├── test_code_reviewer_agent.json
│ │ ├── tourist_guide_agent_card.json
│ │ ├── travel_assistant_agent_card.json
│ │ ├── travel_assistant_agent_ecs.json
│ │ ├── virtual-server-combined-example.json
│ │ ├── virtual-server-scoped-example.json
│ │ ├── virtual-server-scoped-users.json
│ │ └── working_agent.json
│ ├── get_user_token.py
│ ├── import_from_anthropic_registry.sh
│ ├── import_server_list.txt
│ ├── mcp_client.py
│ ├── mcp_security_scanner.py
│ ├── mcp_utils.py
│ ├── package.json
│ ├── registry_cli_wrapper.py
│ ├── scan_all_servers.py
│ ├── service_mgmt.sh
│ ├── src/
│ │ ├── agent/
│ │ │ ├── agentRunner.ts
│ │ │ ├── anthropicClient.ts
│ │ │ ├── bedrockClient.ts
│ │ │ ├── modelClient.ts
│ │ │ └── tools.ts
│ │ ├── app.tsx
│ │ ├── auth.ts
│ │ ├── chat/
│ │ │ ├── commandParser.ts
│ │ │ └── taskInterpreter.ts
│ │ ├── commands/
│ │ │ └── executor.ts
│ │ ├── components/
│ │ │ ├── Banner.tsx
│ │ │ ├── CallToolForm.tsx
│ │ │ ├── CommandSuggestions.tsx
│ │ │ ├── JsonViewer.tsx
│ │ │ ├── MultiStepForm.tsx
│ │ │ ├── StatusMessage.tsx
│ │ │ ├── TaskRunner.tsx
│ │ │ ├── TokenFileEditor.tsx
│ │ │ ├── TokenStatusFooter.tsx
│ │ │ └── UrlEditor.tsx
│ │ ├── index.tsx
│ │ ├── parseArgs.ts
│ │ ├── paths.ts
│ │ ├── runtime/
│ │ │ ├── mcp.ts
│ │ │ ├── pythonClient.ts
│ │ │ └── script.ts
│ │ ├── tasks/
│ │ │ ├── index.ts
│ │ │ └── types.ts
│ │ ├── types/
│ │ │ └── mcp.ts
│ │ └── utils/
│ │ ├── commands.ts
│ │ ├── cost.json
│ │ ├── costCalculator.ts
│ │ ├── docsReader.ts
│ │ ├── markdown.ts
│ │ └── tokenRefresh.ts
│ ├── sync_okta_m2m.py
│ ├── test_a2a_agents.py
│ ├── test_anthropic_api.py
│ ├── test_asor_complete.py
│ ├── tsconfig.json
│ └── user_mgmt.sh
├── config/
│ ├── grafana/
│ │ ├── dashboards/
│ │ │ ├── dashboard.yml
│ │ │ └── mcp-analytics-comprehensive.json
│ │ └── datasources/
│ │ └── prometheus.yml
│ └── prometheus.yml
├── credentials-provider/
│ ├── add_noauth_services.py
│ ├── agentcore-auth/
│ │ ├── .env.example
│ │ ├── README.md
│ │ └── get_m2m_token.py
│ ├── auth0/
│ │ ├── README.md
│ │ ├── __init__.py
│ │ └── get_m2m_token.py
│ ├── check_and_refresh_creds.sh
│ ├── entra/
│ │ ├── __init__.py
│ │ └── get_m2m_token.py
│ ├── generate_creds.sh
│ ├── keycloak/
│ │ └── get_m2m_token.py
│ ├── oauth/
│ │ ├── .env.example
│ │ ├── egress_oauth.py
│ │ ├── generic_oauth_flow.py
│ │ ├── ingress_oauth.py
│ │ └── oauth_providers.yaml
│ ├── okta/
│ │ ├── __init__.py
│ │ └── get_m2m_token.py
│ ├── token_refresher.py
│ └── utils.py
├── docker/
│ ├── 502.html
│ ├── Dockerfile.auth
│ ├── Dockerfile.mcp-server
│ ├── Dockerfile.mcp-server-cpu
│ ├── Dockerfile.mcp-server-light
│ ├── Dockerfile.metrics-db
│ ├── Dockerfile.registry
│ ├── Dockerfile.registry-cpu
│ ├── Dockerfile.scopes-init
│ ├── auth-entrypoint.sh
│ ├── keycloak/
│ │ └── Dockerfile
│ ├── lua/
│ │ ├── capture_body.lua
│ │ ├── emit_metrics.lua
│ │ ├── flush_metrics.lua
│ │ └── virtual_router.lua
│ ├── nginx_rev_proxy_http_and_https.conf
│ ├── nginx_rev_proxy_http_only.conf
│ └── registry-entrypoint.sh
├── docker-compose.dhi.yml
├── docker-compose.podman.yml
├── docker-compose.prebuilt.yml
├── docker-compose.yml
├── docs/
│ ├── FEATURES.md
│ ├── OBSERVABILITY.md
│ ├── README.md
│ ├── TELEMETRY.md
│ ├── a2a-agent-management.md
│ ├── a2a.md
│ ├── agent-skills-operational-guide.md
│ ├── agent-visibility-and-group-access.md
│ ├── agentcore-auto-registration-prerequisites.md
│ ├── agentcore.md
│ ├── ai-coding-assistants-setup.md
│ ├── ai-registry-tools.md
│ ├── anthropic-registry-import.md
│ ├── anthropic_registry_api.md
│ ├── api-reference.md
│ ├── audit-logging.md
│ ├── auth-mgmt.md
│ ├── auth.md
│ ├── auth0-m2m-setup.md
│ ├── auth0.md
│ ├── aws-agent-registry-federation.md
│ ├── cli.md
│ ├── cognito.md
│ ├── complete-setup-guide.md
│ ├── configuration.md
│ ├── custom-metadata.md
│ ├── database-design.md
│ ├── datastore-management.md
│ ├── deployment-modes.md
│ ├── design/
│ │ ├── a2a-protocol-integration.md
│ │ ├── agent-skills-architecture.md
│ │ ├── agentcore-scanner-design.md
│ │ ├── ans-integration.md
│ │ ├── anthropic-api-implementation.md
│ │ ├── anthropic-api-test-commands.md
│ │ ├── architectural-decision-reverse-proxy-vs-application-layer-gateway.md
│ │ ├── authentication-design.md
│ │ ├── aws-agent-registry-federation.md
│ │ ├── cookie-security-design.md
│ │ ├── database-abstraction-layer.md
│ │ ├── federation-architecture.md
│ │ ├── hybrid-search-architecture.md
│ │ ├── idp-provider-support.md
│ │ ├── server-versioning.md
│ │ ├── storage-architecture-mongodb-documentdb.md
│ │ ├── virtual-mcp-server-explained.md
│ │ └── virtual-mcp-server.md
│ ├── dynamic-tool-discovery.md
│ ├── embeddings.md
│ ├── entra-id-setup.md
│ ├── entra.md
│ ├── faq/
│ │ ├── agent-autonomous-tool-discovery.md
│ │ ├── connecting-multiple-mcp-servers.md
│ │ ├── deploying-and-registering-servers-agents.md
│ │ ├── discovering-mcp-tools.md
│ │ ├── filtering-agents-by-tags-and-fields.md
│ │ ├── group-restricted-agent-visibility.md
│ │ ├── index.md
│ │ ├── local-testing-agent-integration.md
│ │ ├── monitoring-server-health.md
│ │ ├── registering-auth-protected-servers.md
│ │ ├── registering-m2m-client-without-idp-admin-token.md
│ │ ├── registry-api-auth-faq.md
│ │ ├── restrict-server-visibility-by-entra-group.md
│ │ ├── use-entra-token-for-registry-api.md
│ │ └── what-is-mcp-and-gateway.md
│ ├── federation-operational-guide.md
│ ├── federation.md
│ ├── iam-settings-ui.md
│ ├── img/
│ │ ├── MCPGW-Registry.drawio
│ │ └── architecture-with-dataplane.md
│ ├── index.md
│ ├── installation.md
│ ├── jwt-token-vending.md
│ ├── keycloak-integration.md
│ ├── llms.txt
│ ├── logging.md
│ ├── macos-setup-guide.md
│ ├── mcp-registry-cli.md
│ ├── metrics-architecture.md
│ ├── mongodb-m2m-collections.md
│ ├── okta-setup.md
│ ├── podman-apple-silicon.md
│ ├── prebuilt-images.md
│ ├── quickstart.md
│ ├── registration-webhooks.md
│ ├── registry-api-auth.md
│ ├── registry-auth-architecture.md
│ ├── registry-auth-detailed.md
│ ├── registry-deployment-modes.md
│ ├── registry_api.md
│ ├── remote-desktop-setup.md
│ ├── scan_report_example.md
│ ├── scopes-mgmt.md
│ ├── scopes.md
│ ├── security-posture.md
│ ├── security-scanner.md
│ ├── server-versioning-operations.md
│ ├── service-management.md
│ ├── static-token-auth.md
│ ├── supported-protocol-and-trust-fields.md
│ ├── testing/
│ │ ├── MAINTENANCE.md
│ │ ├── QUICK-START.md
│ │ ├── README.md
│ │ ├── WRITING_TESTS.md
│ │ ├── memory-management.md
│ │ └── test-categories.md
│ ├── testing.md
│ ├── token-refresh-service.md
│ └── virtual-server-operations.md
├── frontend/
│ ├── .gitignore
│ ├── README.md
│ ├── e2e/
│ │ ├── helpers/
│ │ │ └── auth.ts
│ │ ├── virtual-server-accessibility.spec.ts
│ │ ├── virtual-server-crud.spec.ts
│ │ ├── virtual-server-dashboard.spec.ts
│ │ ├── virtual-server-e2e-full.spec.ts
│ │ └── virtual-server-form.spec.ts
│ ├── package.json
│ ├── patches/
│ │ └── react-scripts+5.0.1.patch
│ ├── playwright.config.ts
│ ├── postcss.config.js
│ ├── public/
│ │ └── index.html
│ ├── src/
│ │ ├── App.tsx
│ │ ├── components/
│ │ │ ├── ANSBadge.tsx
│ │ │ ├── AddRegistryEntryModal.tsx
│ │ │ ├── AgentCard.tsx
│ │ │ ├── AgentDetailsModal.tsx
│ │ │ ├── ApplicationLogs.tsx
│ │ │ ├── AuditEventDetail.tsx
│ │ │ ├── AuditFilterBar.tsx
│ │ │ ├── AuditLogTable.tsx
│ │ │ ├── AuditStatistics.tsx
│ │ │ ├── ConfigPanel.tsx
│ │ │ ├── ConfirmModal.tsx
│ │ │ ├── DataExport.tsx
│ │ │ ├── DeleteConfirmation.tsx
│ │ │ ├── DeploymentModeIndicator.tsx
│ │ │ ├── DetailsModal.tsx
│ │ │ ├── DiscoverListRow.tsx
│ │ │ ├── DiscoverTab.tsx
│ │ │ ├── ExternalRegistries.tsx
│ │ │ ├── FederationPeerForm.tsx
│ │ │ ├── FederationPeers.tsx
│ │ │ ├── IAMGroups.tsx
│ │ │ ├── IAMM2M.tsx
│ │ │ ├── IAMUsers.tsx
│ │ │ ├── Layout.tsx
│ │ │ ├── ProtectedRoute.tsx
│ │ │ ├── RegistryCardSettings.tsx
│ │ │ ├── SearchableSelect.tsx
│ │ │ ├── SecurityScanModal.tsx
│ │ │ ├── SemanticSearchResults.tsx
│ │ │ ├── ServerCard.tsx
│ │ │ ├── ServerConfigModal.tsx
│ │ │ ├── ServerDetailsModal.tsx
│ │ │ ├── Sidebar.tsx
│ │ │ ├── SkillCard.tsx
│ │ │ ├── StarRatingWidget.tsx
│ │ │ ├── StatusBadge.tsx
│ │ │ ├── ToolSelector.tsx
│ │ │ ├── UptimeDisplay.tsx
│ │ │ ├── VersionBadge.tsx
│ │ │ ├── VersionSelectorModal.tsx
│ │ │ ├── VirtualServerCard.tsx
│ │ │ ├── VirtualServerDetailsModal.tsx
│ │ │ ├── VirtualServerForm.tsx
│ │ │ ├── VirtualServerList.tsx
│ │ │ └── __tests__/
│ │ │ ├── ConfigPanel.test.tsx
│ │ │ ├── DiscoverTab.test.tsx
│ │ │ ├── ServerConfigModal.test.tsx
│ │ │ └── SettingsPageConfigIntegration.test.tsx
│ │ ├── contexts/
│ │ │ ├── AuthContext.tsx
│ │ │ └── ThemeContext.tsx
│ │ ├── hooks/
│ │ │ ├── useAgentList.ts
│ │ │ ├── useEscapeKey.ts
│ │ │ ├── useFederationPeers.ts
│ │ │ ├── useIAM.ts
│ │ │ ├── useRegistryConfig.ts
│ │ │ ├── useSemanticSearch.ts
│ │ │ ├── useServerStats.ts
│ │ │ ├── useSkills.ts
│ │ │ ├── useToolCatalog.ts
│ │ │ └── useVirtualServers.ts
│ │ ├── index.css
│ │ ├── index.tsx
│ │ ├── pages/
│ │ │ ├── AuditLogsPage.tsx
│ │ │ ├── Dashboard.tsx
│ │ │ ├── Login.tsx
│ │ │ ├── Logout.tsx
│ │ │ ├── OAuthCallback.tsx
│ │ │ ├── RegisterPage.tsx
│ │ │ ├── SettingsPage.tsx
│ │ │ └── TokenGeneration.tsx
│ │ ├── react-app-env.d.ts
│ │ ├── setupTests.ts
│ │ ├── types/
│ │ │ ├── skill.ts
│ │ │ ├── stats.ts
│ │ │ └── virtualServer.ts
│ │ └── utils/
│ │ ├── dateUtils.ts
│ │ └── permissions.ts
│ ├── tailwind.config.js
│ ├── tests/
│ │ └── reports/
│ │ ├── report.html
│ │ └── report.json
│ ├── tsconfig.e2e.json
│ └── tsconfig.json
├── get_asor_token.py
├── keycloak/
│ ├── README.md
│ ├── import/
│ │ └── realm-config.json
│ └── setup/
│ ├── clean-keycloak.sh
│ ├── disable-ssl.sh
│ ├── generate-agent-token.sh
│ ├── get-all-client-credentials.sh
│ ├── init-keycloak.sh
│ ├── setup-agent-service-account.sh
│ ├── setup-federation-service-account.sh
│ └── setup-m2m-service-account.sh
├── metrics-service/
│ ├── .env.example
│ ├── Dockerfile
│ ├── add_test_key.py
│ ├── app/
│ │ ├── __init__.py
│ │ ├── api/
│ │ │ ├── __init__.py
│ │ │ ├── auth.py
│ │ │ └── routes.py
│ │ ├── config.py
│ │ ├── core/
│ │ │ ├── __init__.py
│ │ │ ├── models.py
│ │ │ ├── processor.py
│ │ │ ├── rate_limiter.py
│ │ │ ├── retention.py
│ │ │ └── validator.py
│ │ ├── main.py
│ │ ├── otel/
│ │ │ ├── __init__.py
│ │ │ ├── exporters.py
│ │ │ └── instruments.py
│ │ ├── storage/
│ │ │ ├── __init__.py
│ │ │ ├── database.py
│ │ │ └── migrations.py
│ │ └── utils/
│ │ ├── __init__.py
│ │ └── helpers.py
│ ├── create_api_key.py
│ ├── docs/
│ │ ├── README.md
│ │ ├── api-reference.md
│ │ ├── data-retention.md
│ │ ├── database-schema.md
│ │ └── deployment.md
│ ├── metrics_client.py
│ ├── migrate.py
│ ├── pyproject.toml
│ ├── pytest.ini
│ └── tests/
│ ├── __init__.py
│ ├── conftest.py
│ ├── test_api.py
│ ├── test_auth.py
│ ├── test_database.py
│ ├── test_migrations.py
│ ├── test_processor.py
│ ├── test_rate_limiter.py
│ ├── test_retention.py
│ └── test_validator.py
├── mkdocs.yml
├── package.json
├── pyproject.toml
├── registry/
│ ├── api/
│ │ ├── __init__.py
│ │ ├── agent_routes.py
│ │ ├── ans_routes.py
│ │ ├── auth0_m2m_routes.py
│ │ ├── config_routes.py
│ │ ├── export_routes.py
│ │ ├── federation_export_routes.py
│ │ ├── federation_routes.py
│ │ ├── internal_routes.py
│ │ ├── log_routes.py
│ │ ├── m2m_management_routes.py
│ │ ├── management_routes.py
│ │ ├── okta_m2m_routes.py
│ │ ├── peer_management_routes.py
│ │ ├── registry_management_routes.py
│ │ ├── registry_routes.py
│ │ ├── search_routes.py
│ │ ├── server_routes.py
│ │ ├── skill_routes.py
│ │ ├── system_routes.py
│ │ ├── virtual_server_routes.py
│ │ └── wellknown_routes.py
│ ├── audit/
│ │ ├── __init__.py
│ │ ├── context.py
│ │ ├── mcp_logger.py
│ │ ├── middleware.py
│ │ ├── models.py
│ │ ├── routes.py
│ │ └── service.py
│ ├── auth/
│ │ ├── __init__.py
│ │ ├── csrf.py
│ │ ├── dependencies.py
│ │ ├── internal.py
│ │ └── routes.py
│ ├── common/
│ │ ├── __init__.py
│ │ └── scopes_loader.py
│ ├── config/
│ │ └── scopes.yml
│ ├── constants.py
│ ├── core/
│ │ ├── __init__.py
│ │ ├── config.py
│ │ ├── endpoint_utils.py
│ │ ├── mcp_client.py
│ │ ├── metrics.py
│ │ ├── nginx_service.py
│ │ ├── schemas.py
│ │ └── telemetry.py
│ ├── embeddings/
│ │ ├── README.md
│ │ ├── __init__.py
│ │ └── client.py
│ ├── exceptions.py
│ ├── health/
│ │ ├── __init__.py
│ │ ├── routes.py
│ │ └── service.py
│ ├── main.py
│ ├── metrics/
│ │ ├── __init__.py
│ │ ├── client.py
│ │ ├── middleware.py
│ │ └── utils.py
│ ├── middleware/
│ │ ├── __init__.py
│ │ └── mode_filter.py
│ ├── models/
│ │ └── idp_m2m_client.py
│ ├── repositories/
│ │ ├── __init__.py
│ │ ├── app_log_repository.py
│ │ ├── audit_repository.py
│ │ ├── documentdb/
│ │ │ ├── __init__.py
│ │ │ ├── agent_repository.py
│ │ │ ├── backend_session_repository.py
│ │ │ ├── client.py
│ │ │ ├── federation_config_repository.py
│ │ │ ├── peer_federation_repository.py
│ │ │ ├── registry_card_repository.py
│ │ │ ├── scope_repository.py
│ │ │ ├── search_repository.py
│ │ │ ├── security_scan_repository.py
│ │ │ ├── server_repository.py
│ │ │ ├── skill_repository.py
│ │ │ ├── skill_security_scan_repository.py
│ │ │ └── virtual_server_repository.py
│ │ ├── factory.py
│ │ ├── file/
│ │ │ ├── __init__.py
│ │ │ ├── agent_repository.py
│ │ │ ├── federation_config_repository.py
│ │ │ ├── peer_federation_repository.py
│ │ │ ├── scope_repository.py
│ │ │ ├── search_repository.py
│ │ │ ├── security_scan_repository.py
│ │ │ ├── server_repository.py
│ │ │ └── skill_security_scan_repository.py
│ │ ├── interfaces.py
│ │ └── stats_repository.py
│ ├── schemas/
│ │ ├── __init__.py
│ │ ├── agent_models.py
│ │ ├── agent_security.py
│ │ ├── ans_models.py
│ │ ├── anthropic_schema.py
│ │ ├── backend_session_models.py
│ │ ├── federation_schema.py
│ │ ├── idp_m2m_client.py
│ │ ├── management.py
│ │ ├── okta_m2m_client.py
│ │ ├── peer_federation_schema.py
│ │ ├── registration_gate_models.py
│ │ ├── registry_card.py
│ │ ├── security.py
│ │ ├── skill_models.py
│ │ ├── skill_security.py
│ │ └── virtual_server_models.py
│ ├── scripts/
│ │ └── inspect-documentdb.py
│ ├── search/
│ │ ├── __init__.py
│ │ └── service.py
│ ├── servers/
│ │ ├── atlassian.json
│ │ ├── currenttime.json
│ │ ├── fininfo.json
│ │ ├── mcpgw.json
│ │ ├── realserverfaketools.json
│ │ ├── server_state.json
│ │ └── sre-gateway.json
│ ├── services/
│ │ ├── __init__.py
│ │ ├── agent_scanner.py
│ │ ├── agent_service.py
│ │ ├── agent_transform_service.py
│ │ ├── ans_client.py
│ │ ├── ans_service.py
│ │ ├── ans_sync_scheduler.py
│ │ ├── auth0_m2m_sync.py
│ │ ├── demo_servers_init.py
│ │ ├── federation/
│ │ │ ├── __init__.py
│ │ │ ├── agentcore_client.py
│ │ │ ├── anthropic_client.py
│ │ │ ├── asor_client.py
│ │ │ ├── base_client.py
│ │ │ ├── federation_auth.py
│ │ │ └── peer_registry_client.py
│ │ ├── federation_audit_service.py
│ │ ├── federation_reconciliation.py
│ │ ├── github_auth.py
│ │ ├── m2m_management_service.py
│ │ ├── okta_m2m_sync.py
│ │ ├── peer_federation_service.py
│ │ ├── peer_sync_scheduler.py
│ │ ├── rating_service.py
│ │ ├── registration_gate_service.py
│ │ ├── scope_service.py
│ │ ├── security_scanner.py
│ │ ├── server_service.py
│ │ ├── skill_scanner.py
│ │ ├── skill_service.py
│ │ ├── tool_catalog_service.py
│ │ ├── tool_validation_service.py
│ │ ├── transform_service.py
│ │ ├── virtual_server_service.py
│ │ └── webhook_service.py
│ ├── static/
│ │ ├── asset-manifest.json
│ │ ├── index.html
│ │ └── static/
│ │ ├── css/
│ │ │ └── main.509e9b60.css
│ │ └── js/
│ │ ├── main.d2eb0b7d.js
│ │ └── main.d2eb0b7d.js.LICENSE.txt
│ ├── templates/
│ │ ├── components/
│ │ │ ├── server_card.html
│ │ │ └── sidebar.html
│ │ ├── edit_server.html
│ │ ├── index.html
│ │ ├── login.html
│ │ ├── pages/
│ │ │ └── dashboard.html
│ │ └── token_generation.html
│ ├── utils/
│ │ ├── __init__.py
│ │ ├── agent_validator.py
│ │ ├── auth0_manager.py
│ │ ├── credential_encryption.py
│ │ ├── entra_manager.py
│ │ ├── federation_encryption.py
│ │ ├── iam_manager.py
│ │ ├── keycloak_manager.py
│ │ ├── logging_setup.py
│ │ ├── metadata.py
│ │ ├── mongodb_connection.py
│ │ ├── mongodb_log_handler.py
│ │ ├── okta_manager.py
│ │ ├── path_utils.py
│ │ ├── request_utils.py
│ │ ├── scopes_manager.py
│ │ ├── scopes_manager_old.py
│ │ ├── url_utils.py
│ │ └── visibility.py
│ └── version.py
├── release-notes/
│ ├── DISCLAIMER.md
│ ├── v1.0.10.md
│ ├── v1.0.12.md
│ ├── v1.0.13.md
│ ├── v1.0.14.md
│ ├── v1.0.15.md
│ ├── v1.0.16.md
│ ├── v1.0.17.md
│ ├── v1.0.18.md
│ ├── v1.0.19.md
│ ├── v1.0.20.md
│ ├── v1.0.21.md
│ ├── v1.0.3.md
│ ├── v1.0.4.md
│ ├── v1.0.5.md
│ ├── v1.0.6.md
│ ├── v1.0.9-patch1.md
│ └── v1.0.9.md
├── scripts/
│ ├── README.md
│ ├── backfill_agent_fields.py
│ ├── build-images.sh
│ ├── debug-scopes.py
│ ├── deploy.sh
│ ├── docs-dev.sh
│ ├── download-documentdb-ca-bundle.sh
│ ├── fix_auth_tests.py
│ ├── generate-image-manifest.sh
│ ├── generate-mongodb-keyfile.sh
│ ├── init-documentdb-indexes.py
│ ├── init-documentdb.sh
│ ├── init-mongodb-ce.py
│ ├── init-mongodb.sh
│ ├── load-scopes.py
│ ├── manage-documentdb.py
│ ├── mcp-registry-admin.json
│ ├── mcp-servers-unrestricted-execute.json
│ ├── mcp-servers-unrestricted-read.json
│ ├── migrate-file-to-mongodb.py
│ ├── migrate-servers-add-is-active.py
│ ├── mongodb-entrypoint.sh
│ ├── opensearch-schemas/
│ │ ├── hybrid-search-pipeline.json
│ │ ├── mcp-agents.json
│ │ ├── mcp-embeddings-serverless.json
│ │ ├── mcp-embeddings.json
│ │ ├── mcp-scopes.json
│ │ ├── mcp-security-scans.json
│ │ └── mcp-servers.json
│ ├── publish_containers.sh
│ ├── refresh_m2m_token.sh
│ ├── registry-admins.json
│ ├── run-oauth-setup.sh
│ ├── scan-images-trivy.sh
│ ├── setup-atlassian-env.sh
│ ├── test-mcpgw-tools-README.md
│ ├── test-mcpgw-tools.sh
│ ├── test-peer-federation-docker.sh
│ ├── test-peer-federation.sh
│ ├── test.py
│ └── validate-dockerfiles.sh
├── servers/
│ ├── currenttime/
│ │ ├── .dockerignore
│ │ ├── pyproject.toml
│ │ └── server.py
│ ├── example-server/
│ │ ├── pyproject.toml
│ │ └── server.py
│ ├── fininfo/
│ │ ├── .dockerignore
│ │ ├── .keys.yml.template
│ │ ├── README.md
│ │ ├── README_SECRETS.md
│ │ ├── client.py
│ │ ├── encrypt_secrets.py
│ │ ├── pyproject.toml
│ │ ├── secrets_manager.py
│ │ └── server.py
│ ├── mcpgw/
│ │ ├── .dockerignore
│ │ ├── models.py
│ │ ├── pyproject.toml
│ │ └── server.py
│ └── realserverfaketools/
│ ├── .dockerignore
│ ├── README.md
│ ├── pyproject.toml
│ └── server.py
├── start_token_refresher.sh
├── terraform/
│ ├── README.md
│ ├── aws-ecs/
│ │ ├── .gitignore
│ │ ├── OPERATIONS.md
│ │ ├── README.md
│ │ ├── alb-logging.tf
│ │ ├── build-and-push-all.sh
│ │ ├── build-minimal.sh
│ │ ├── cloudfront-acm.tf
│ │ ├── cloudfront-logging.tf
│ │ ├── cloudfront.tf
│ │ ├── cloudwatch-alarms.tf
│ │ ├── codebuild.tf
│ │ ├── docs/
│ │ │ └── observability-architecture.md
│ │ ├── documentdb-elastic.tf.disabled
│ │ ├── documentdb.tf
│ │ ├── ecs.tf
│ │ ├── grafana/
│ │ │ ├── Dockerfile
│ │ │ ├── dashboards/
│ │ │ │ └── mcp-analytics-comprehensive.json
│ │ │ └── provisioning/
│ │ │ ├── dashboards/
│ │ │ │ └── dashboards.yaml
│ │ │ └── datasources/
│ │ │ └── datasources.yaml
│ │ ├── keycloak-alb.tf
│ │ ├── keycloak-database.tf
│ │ ├── keycloak-dns.tf
│ │ ├── keycloak-ecr.tf
│ │ ├── keycloak-ecs.tf
│ │ ├── keycloak-security-groups.tf
│ │ ├── lambda/
│ │ │ ├── README.md
│ │ │ ├── rotate-documentdb/
│ │ │ │ ├── index.py
│ │ │ │ └── requirements.txt
│ │ │ ├── rotate-rds/
│ │ │ │ ├── index.py
│ │ │ │ └── requirements.txt
│ │ │ └── verify-deployment.sh
│ │ ├── locals.tf
│ │ ├── main.tf
│ │ ├── modules/
│ │ │ └── mcp-gateway/
│ │ │ ├── data.tf
│ │ │ ├── ecs-services.tf
│ │ │ ├── iam.tf
│ │ │ ├── locals.tf
│ │ │ ├── main.tf
│ │ │ ├── monitoring.tf
│ │ │ ├── networking.tf
│ │ │ ├── observability.tf
│ │ │ ├── outputs.tf
│ │ │ ├── secrets.tf
│ │ │ ├── storage.tf
│ │ │ ├── variables.tf
│ │ │ └── versions.tf
│ │ ├── outputs.tf
│ │ ├── push-all-images-to-ecr.sh
│ │ ├── registry-dns.tf
│ │ ├── scripts/
│ │ │ ├── README-DOCUMENTDB-CLI.md
│ │ │ ├── README.md
│ │ │ ├── ecs-ssh.sh
│ │ │ ├── init-documentdb.sh
│ │ │ ├── init-keycloak.sh
│ │ │ ├── post-deployment-setup.sh
│ │ │ ├── pre-destroy-cleanup.sh
│ │ │ ├── requirements.txt
│ │ │ ├── rotate-keycloak-web-client-secret.sh
│ │ │ ├── run-documentdb-cli.sh
│ │ │ ├── run-documentdb-init.sh
│ │ │ ├── run-scopes-init-task.sh
│ │ │ ├── save-terraform-outputs.sh
│ │ │ ├── service_mgmt.sh
│ │ │ ├── user_mgmt.sh
│ │ │ ├── view-cloudwatch-logs.sh
│ │ │ └── view-logs.sh
│ │ ├── secret-rotation-config.tf
│ │ ├── secret-rotation.tf
│ │ ├── setup-documentdb-env.sh
│ │ ├── terraform.tfvars.example
│ │ ├── variables.tf
│ │ ├── vpc.tf
│ │ └── waf.tf
│ └── telemetry-collector/
│ ├── README.md
│ ├── bastion-scripts/
│ │ ├── connect.sh
│ │ ├── query.sh
│ │ ├── setup-bastion.sh
│ │ └── telemetry_db.py
│ ├── bastion.tf
│ ├── check-status.sh
│ ├── cloudwatch.tf
│ ├── create-indexes.js
│ ├── deploy.sh
│ ├── destroy.sh
│ ├── documentdb.tf
│ ├── domain.tf
│ ├── dynamodb.tf
│ ├── iam.tf
│ ├── lambda/
│ │ ├── collector/
│ │ │ ├── index.py
│ │ │ ├── requirements.txt
│ │ │ └── schemas.py
│ │ └── index-setup/
│ │ ├── index.py
│ │ └── requirements.txt
│ ├── lambda.tf
│ ├── main.tf
│ ├── outputs.tf
│ ├── secrets.tf
│ ├── terraform.tfvars.example
│ ├── variables.tf
│ └── vpc.tf
├── test-keycloak-mcp.sh
└── tests/
├── README.md
├── __init__.py
├── auth_server/
│ ├── __init__.py
│ ├── conftest.py
│ ├── fixtures/
│ │ ├── __init__.py
│ │ ├── mock_jwt.py
│ │ └── mock_providers.py
│ └── unit/
│ ├── __init__.py
│ ├── providers/
│ │ ├── __init__.py
│ │ ├── test_auth0.py
│ │ ├── test_base.py
│ │ ├── test_keycloak.py
│ │ └── test_okta.py
│ └── test_server.py
├── conftest.py
├── e2e/
│ ├── __init__.py
│ ├── test_virtual_mcp_latency.py
│ ├── test_virtual_mcp_protocol.py
│ └── test_virtual_mcp_stress.py
├── e2e_agent_skills_test.py
├── fixtures/
│ ├── __init__.py
│ ├── constants.py
│ ├── factories.py
│ ├── helpers.py
│ ├── mocks/
│ │ ├── __init__.py
│ │ ├── mock_auth.py
│ │ ├── mock_embeddings.py
│ │ ├── mock_faiss.py
│ │ └── mock_http.py
│ ├── skill_scan_medium_output.json
│ ├── skill_scan_safe_output.json
│ └── skill_scan_unsafe_output.json
├── integration/
│ ├── __init__.py
│ ├── conftest.py
│ ├── test_agentcore_sync_integration.py
│ ├── test_deployment_mode_integration.py
│ ├── test_mongodb_connectivity.py
│ ├── test_peer_federation_e2e.py
│ ├── test_search_integration.py
│ ├── test_server_lifecycle.py
│ ├── test_skill_api.py
│ ├── test_skill_scanner_repository.py
│ ├── test_telemetry_e2e.py
│ ├── test_virtual_server_api.py
│ └── test_virtual_server_scopes_e2e.sh
├── security/
│ └── test_container_security.py
├── test_infrastructure.py
└── unit/
├── __init__.py
├── api/
│ ├── __init__.py
│ ├── test_agent_routes.py
│ ├── test_config_export.py
│ ├── test_federation_export_routes.py
│ ├── test_log_routes.py
│ ├── test_m2m_management_routes.py
│ ├── test_management_routes.py
│ ├── test_peer_management_routes.py
│ ├── test_search_routes.py
│ ├── test_server_get_endpoint.py
│ ├── test_server_routes.py
│ ├── test_skill_inline_content.py
│ └── test_wellknown_routes.py
├── audit/
│ ├── __init__.py
│ ├── test_audit_composite_key.py
│ ├── test_audit_repository.py
│ ├── test_filter_statistics.py
│ ├── test_mcp_logger.py
│ ├── test_middleware.py
│ ├── test_models_properties.py
│ ├── test_routes.py
│ └── test_service.py
├── auth/
│ ├── __init__.py
│ ├── test_csrf.py
│ └── test_dependencies.py
├── cli/
│ ├── __init__.py
│ ├── test_agentcore_cross_account.py
│ ├── test_agentcore_discovery.py
│ ├── test_agentcore_registration.py
│ └── test_agentcore_token_refresher.py
├── conftest.py
├── core/
│ ├── __init__.py
│ ├── test_config.py
│ ├── test_endpoint_utils.py
│ ├── test_mcp_client.py
│ ├── test_nginx_service.py
│ ├── test_schemas_protocol_trust_fields.py
│ ├── test_schemas_registry_card_fields.py
│ ├── test_telemetry.py
│ └── test_visibility_normalization.py
├── embeddings/
│ ├── __init__.py
│ └── test_embeddings_client.py
├── health/
│ ├── __init__.py
│ └── test_health_service.py
├── lambda/
│ ├── __init__.py
│ ├── conftest.py
│ └── test_collector.py
├── middleware/
│ ├── __init__.py
│ └── test_mode_filter.py
├── repositories/
│ ├── __init__.py
│ ├── test_app_log_repository.py
│ ├── test_file_server_repository.py
│ ├── test_registry_card_repository.py
│ └── test_search_result_distribution.py
├── schemas/
│ ├── __init__.py
│ ├── test_agent_models.py
│ ├── test_agentcore_federation_schema.py
│ ├── test_peer_federation_schema.py
│ ├── test_registry_card.py
│ ├── test_skill_models_registry_card_fields.py
│ ├── test_uuid_federation.py
│ └── test_uuid_fields.py
├── search/
│ ├── __init__.py
│ └── test_faiss_service.py
├── servers/
│ ├── __init__.py
│ └── mcpgw/
│ ├── __init__.py
│ └── test_intelligent_tool_finder.py
├── services/
│ ├── __init__.py
│ ├── federation/
│ │ ├── __init__.py
│ │ ├── test_agentcore_client.py
│ │ ├── test_federation_auth.py
│ │ └── test_peer_registry_client.py
│ ├── test_agent_service.py
│ ├── test_agentcore_reconciliation.py
│ ├── test_m2m_management_service.py
│ ├── test_peer_federation_service.py
│ ├── test_peer_federation_sync.py
│ ├── test_registration_gate_service.py
│ ├── test_server_service.py
│ └── test_webhook_service.py
├── test_backend_session_repository.py
├── test_deployment_mode.py
├── test_entra_manager.py
├── test_github_auth.py
├── test_iam_manager.py
├── test_lifecycle_status.py
├── test_safe_eval_arithmetic.py
├── test_skill_models.py
├── test_skill_routes_github_auth.py
├── test_skill_routes_security.py
├── test_skill_scanner_service.py
├── test_skill_security_schemas.py
├── test_skill_service_github_auth.py
├── test_skill_service_parsing.py
├── test_stats_endpoint.py
├── test_url_validation.py
├── test_virtual_server_models.py
├── test_virtual_server_nginx.py
├── test_virtual_server_service.py
└── utils/
├── __init__.py
├── test_credential_encryption.py
├── test_logging_setup.py
├── test_metadata.py
├── test_mongodb_log_handler.py
├── test_okta_manager.py
├── test_request_utils.py
├── test_url_utils.py
└── test_visibility.py
================================================
FILE CONTENTS
================================================
================================================
FILE: .bandit
================================================
# Exclude test directories and virtual environment from Bandit scans
# B101 (assert_used) only appears in test code; excluding test dirs resolves it
# For pyproject.toml config (used by pre-commit), see [tool.bandit] in pyproject.toml
# NOTE: cli/ and scripts/ are NOT excluded - they contain operational code that should be scanned
exclude_dirs:
- ./tests
- ./agents/a2a/test
- ./metrics-service/tests
- ./.venv
================================================
FILE: .claudeignore
================================================
cat .claudeignore
```
Should look like this:
```
# Dependencies
**/node_modules/
node_modules/
# Python
**/.venv/
**/__pycache__/
*.pyc
# Terraform
**/.terraform/
*.tfstate
*.tfstate.*
*.log
tfplan
# Test/Build outputs
htmlcov/
site/
.coverage
*.egg-info/
# Caches
.hypothesis/
.ruff_cache/
.pytest_cache/
.scratchpad/
.tmp/
.oauth-tokens/
# Log files
*.log
**/*.log
================================================
FILE: .dockerignore
================================================
# Virtual environments
**/.venv
.venv/
.venv
registry/.venv/
servers/*/.venv/
venv/
# Node.js
node_modules/
frontend/node_modules/
npm-debug.log*
yarn-debug.log*
yarn-error.log*
# Python build artifacts
__pycache__/
*.pyc
*.pyo
*.pyd
*.egg-info/
**/*.egg-info/
dist/
build/
# Logs
logs/
*.log
oauth_cognito.log
registry.log
*_tests*.log
full-test-run.log
# Git
.git/
.gitignore
# Documentation
docs/
*.md
README*
# Tests
tests/
test/
**/tests/
**/*test*
# IDE/Editor files
.vscode/
.idea/
*.swp
*.swo
# OS files
.DS_Store
Thumbs.db
# Temporary files
tmp/
temp/
*.tmp
# Large binaries
*.bin
*.model
*.pkl
*.h5
# Specific large directories
mcp-atlassian/
terraform/
htmlcov/
site/
cli/*
!cli/examples/
security_scans/
agent_security_scans/
skill_security_scans/
credentials-provider/
.oauth-tokens/
.scratchpad/
# frontend/build/ - KEEP THIS, needed by registry service
================================================
FILE: .env.example
================================================
# =============================================================================
# MCP Gateway Registry - Environment Configuration Sample
# =============================================================================
# Copy this file to .env and update with your actual values
# Never commit real credentials to version control
# =============================================================================
# REGISTRY CONFIGURATION
# =============================================================================
# Public URL where the MCP Gateway Registry is accessible
# For custom HTTPS domain: https://mcpgateway.mycorp.com
REGISTRY_URL=http://localhost
# =============================================================================
# REGISTRY CARD CONFIGURATION
# =============================================================================
# Registry identity and metadata for federation and discovery
# These values populate the registry card shown in federated environments
# Human-readable registry name (display name for your registry)
# If not set, a random Docker-style name will be generated (e.g., "brave-falcon-registry")
# Displayed in federated registry listings and UI headers
REGISTRY_NAME="AI Gateway Registry"
# Organization that operates this registry
# If not set, defaults to "ACME Inc."
# Used to identify the organization operating this registry instance
REGISTRY_ORGANIZATION_NAME="ACME Inc."
# Registry description for federation
# Describes the purpose and scope of this registry
REGISTRY_DESCRIPTION="Central registry for all your AI assets"
# Contact email for registry administrators
# Leave empty if not publicly shared
REGISTRY_CONTACT_EMAIL=
# Documentation or support URL for this registry
# Leave empty if not available
REGISTRY_CONTACT_URL=
# =============================================================================
# Deployment Mode Configuration
# =============================================================================
# DEPLOYMENT_MODE controls how the registry integrates with the gateway/nginx
# Options:
# - with-gateway (default): Full integration with nginx reverse proxy
# - Nginx config is regenerated when servers are registered/deleted
# - Frontend shows gateway authentication instructions
# - registry-only: Registry operates as catalog/discovery service only
# - Nginx config is NOT updated on server changes
# - Frontend shows direct connection mode (proxy_pass_url)
# - Use when registry is separate from gateway infrastructure
# Default: with-gateway (uncomment to change)
# DEPLOYMENT_MODE=with-gateway
# REGISTRY_MODE controls which features are enabled (informational - for UI feature flags)
# This setting affects the /api/config response which the frontend can use
# to show/hide navigation elements. Currently informational only - all APIs remain active.
# Options:
# - full (default): All features enabled (mcp_servers, agents, skills, federation)
# - skills-only: Only skills feature flag enabled
# - mcp-servers-only: Only MCP server feature flag enabled
# - agents-only: Only A2A agent feature flag enabled
# Note: with-gateway + skills-only is invalid and auto-corrects to registry-only + skills-only
# Default: full (uncomment to change)
# REGISTRY_MODE=full
# Tab visibility overrides (AND-ed with REGISTRY_MODE feature flags)
# These control which tabs are shown in the UI without affecting backend APIs.
# REGISTRY_MODE is the master control — SHOW_*_TAB can only further restrict, never expand.
# Formula: tab_visible = REGISTRY_MODE_enables_feature AND SHOW_*_TAB
# All default to true (backward compatible). Set to false to hide a tab.
# SHOW_SERVERS_TAB=true
# SHOW_VIRTUAL_SERVERS_TAB=true
# SHOW_SKILLS_TAB=true
# SHOW_AGENTS_TAB=true
# =============================================================================
# AUTH SERVER CONFIGURATION
# =============================================================================
# Internal auth server URL (for Docker network communication)
AUTH_SERVER_URL=http://auth-server:8888
# External auth server URL (public-facing, for browser redirects)
# For local development: http://localhost:8888
# For custom HTTPS domain: https://mcpgateway.mycorp.com
AUTH_SERVER_EXTERNAL_URL=http://localhost:8888
# =============================================================================
# NETWORK-TRUSTED API ACCESS (Enterprise Perimeter Security)
# =============================================================================
#
# Allow Registry API access without full token validation.
#
# Use case: Enterprise deployments where the MCP Gateway Registry operates
# within a secure network perimeter (VPC, private subnet, VPN, etc.)
#
# When enabled (true):
# - Registry API endpoints (/api/*, /v0.1/*) use static token auth
# instead of IdP-based JWT validation
# - Clients must send: Authorization: Bearer <REGISTRY_API_TOKEN>
# - Useful for trusted networks, CI/CD pipelines, and internal automation
# - MCP Gateway server access STILL requires full IdP authentication
#
# When disabled (false, default):
# - All endpoints require valid JWT tokens from the configured IdP
# - Standard security posture
#
# Security considerations:
# - Always set REGISTRY_API_TOKEN when enabling this feature
# - Network-level security (firewalls, security groups) should be in place
# - Audit logs will show "network-trusted" as auth method
# - MCP server tool invocations remain fully protected by the IdP
#
# Default: false
REGISTRY_STATIC_TOKEN_AUTH_ENABLED=false
# Static API key for Registry API when REGISTRY_STATIC_TOKEN_AUTH_ENABLED=true.
# Clients must send this value as: Authorization: Bearer <token>
# This single key gets full admin access (legacy mode). For per-key scoping
# see REGISTRY_API_KEYS below.
# Generate with: python3 -c "import secrets; print(secrets.token_urlsafe(32))"
REGISTRY_API_TOKEN=
# Multiple static API keys with per-key group assignments (Issue #779).
# JSON map: name -> {key, groups}. Each key gets only the scopes that its
# groups resolve to via group_mappings in scopes.yml / mcp_scope_default.
#
# When set, these keys are merged with REGISTRY_API_TOKEN (which becomes a
# legacy entry with admin groups). On parse error the feature is disabled
# entirely (fail-closed).
#
# Format (must be valid JSON on a single line, wrap in single quotes in shell):
# REGISTRY_API_KEYS='{"monitoring":{"key":"<token-1>","groups":["mcp-readonly"]},"deploy":{"key":"<token-2>","groups":["mcp-registry-admin"]}}'
#
# Rules:
# - name: ^[a-z0-9][a-z0-9_-]{0,63}$ (log-safe identifier)
# - key: minimum 32 characters
# - groups: non-empty list of group names from your scopes.yml group_mappings
# - Names "legacy", "network-user", "network-trusted" are reserved
# - Key values must be unique across entries
#
# Generate a key: python3 -c "import secrets; print(secrets.token_urlsafe(32))"
#
# See docs/registry-api-auth.md and docs/faq/registry-api-auth-faq.md for details.
REGISTRY_API_KEYS=
# =============================================================================
# REGISTRATION WEBHOOK (Issue #742)
# =============================================================================
#
# Fire an async POST to a URL when a server, agent, or skill is registered
# (added) or deleted (removed). The call is fire-and-forget: failures are
# logged but never propagated to the caller.
#
# REGISTRATION_WEBHOOK_URL: Full URL to POST to. Disabled when empty.
# Only http:// and https:// schemes are accepted. A warning is logged
# when HTTP (not HTTPS) is used.
#
# REGISTRATION_WEBHOOK_AUTH_HEADER: Name of the header used for auth.
# Default: "Authorization". If set to "Authorization", the token is
# auto-prefixed with "Bearer ". For any other header (e.g. X-API-Key)
# the token is sent as-is.
#
# REGISTRATION_WEBHOOK_AUTH_TOKEN: Auth token value. Leave empty for
# unauthenticated webhooks.
#
# REGISTRATION_WEBHOOK_TIMEOUT_SECONDS: HTTP timeout in seconds.
# Default: 10
#
REGISTRATION_WEBHOOK_URL=
REGISTRATION_WEBHOOK_AUTH_HEADER=Authorization
REGISTRATION_WEBHOOK_AUTH_TOKEN=
REGISTRATION_WEBHOOK_TIMEOUT_SECONDS=10
# =============================================================================
# REGISTRATION GATE / ADMISSION CONTROL (Issue #809)
# =============================================================================
#
# Call an external endpoint to approve or deny registration and update
# requests BEFORE they are persisted. The gate is fail-closed: if the
# endpoint is unreachable after retries, the registration is blocked.
#
# REGISTRATION_GATE_ENABLED: Master switch. Default: false
#
# REGISTRATION_GATE_URL: Full URL to POST to. Must be set when enabled.
# Only http:// and https:// schemes are accepted. HTTPS is strongly
# recommended for production.
#
# REGISTRATION_GATE_AUTH_TYPE: How to authenticate with the gate endpoint.
# Options: none, api_key, bearer. Default: none
#
# REGISTRATION_GATE_AUTH_CREDENTIAL: Credential value for api_key or bearer.
# For bearer: sent as "Authorization: Bearer <value>".
# For api_key: sent as "<REGISTRATION_GATE_AUTH_HEADER_NAME>: <value>".
#
# REGISTRATION_GATE_AUTH_HEADER_NAME: Header name when auth_type=api_key.
# Default: X-Api-Key
#
# REGISTRATION_GATE_TIMEOUT_SECONDS: HTTP timeout per attempt. Default: 5
#
# REGISTRATION_GATE_MAX_RETRIES: Number of retries after the first attempt.
# Uses exponential backoff (0.5s, 1s, 2s, ...). Default: 2
#
REGISTRATION_GATE_ENABLED=false
REGISTRATION_GATE_URL=
REGISTRATION_GATE_AUTH_TYPE=none
REGISTRATION_GATE_AUTH_CREDENTIAL=
REGISTRATION_GATE_AUTH_HEADER_NAME=X-Api-Key
REGISTRATION_GATE_TIMEOUT_SECONDS=5
REGISTRATION_GATE_MAX_RETRIES=2
# =============================================================================
# FEDERATION STATIC TOKEN AUTH (Scoped Access for Peer Registries)
# =============================================================================
#
# Allow peer registries to access federation and peer management endpoints
# using a static Bearer token instead of OAuth2 JWT.
#
# IMPORTANT: This token only grants access to:
# - /api/federation/* (federation export endpoints)
# - /api/peers/* (peer management endpoints)
# It does NOT grant access to other registry APIs.
#
# When enabled (true):
# - Federation/peer endpoints accept: Authorization: Bearer <FEDERATION_STATIC_TOKEN>
# - Used for quick setup of peer-to-peer federation without OAuth2 infrastructure
# - Audit logs will show "federation-static" as auth method
#
# When disabled (false, default):
# - Federation endpoints require OAuth2 JWT with federation-service scope
#
# Default: false
FEDERATION_STATIC_TOKEN_AUTH_ENABLED=false
# Static token for federation API access.
# Generate with: python3 -c "import secrets; print(secrets.token_urlsafe(32))"
FEDERATION_STATIC_TOKEN=
# Encryption key for storing federation tokens in MongoDB (required on importing registry).
# When peer configs contain federation_token, it is encrypted before storage using this key.
# Generate with: python3 -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
FEDERATION_ENCRYPTION_KEY=
# =============================================================================
# M2M DIRECT CLIENT REGISTRATION (Issue #851)
# =============================================================================
#
# Enables the admin API at /api/iam/m2m-clients that lets operators register
# M2M client_ids and their group mappings by writing directly to the
# idp_m2m_clients MongoDB collection, WITHOUT requiring an IdP Admin API
# token (e.g. OKTA_API_TOKEN). Useful when IdP Admin API access is gated.
#
# Records created via this API are tagged provider="manual" and cannot be
# modified or deleted by this API if they were written by IdP sync.
#
# Endpoints gated by this flag:
# POST /api/iam/m2m-clients (admin)
# GET /api/iam/m2m-clients (any authenticated user)
# GET /api/iam/m2m-clients/{id} (any authenticated user)
# PATCH /api/iam/m2m-clients/{id} (admin)
# DELETE /api/iam/m2m-clients/{id} (admin)
#
# Default: true (feature is on; set to false to disable the router entirely)
M2M_DIRECT_REGISTRATION_ENABLED=true
# =============================================================================
# AUTHENTICATION PROVIDER CONFIGURATION
# =============================================================================
# Choose authentication provider: 'cognito', 'keycloak', 'entra', 'okta', or 'auth0'
AUTH_PROVIDER=keycloak
# =============================================================================
# KEYCLOAK CONFIGURATION (if AUTH_PROVIDER=keycloak)
# =============================================================================
# Keycloak server URL (internal URL for server-to-server communication)
# DO NOT CHANGE: This should always be http://keycloak:8080 for Docker network communication
KEYCLOAK_URL=http://keycloak:8080
# Keycloak external URL (for browser redirects)
# For local development: http://localhost:8080
# For custom HTTPS domain: https://mcpgateway.mycorp.com
KEYCLOAK_EXTERNAL_URL=http://localhost:8080
# Keycloak admin URL (for setup scripts - internal access)
# Typically http://localhost:8080 for local access to Keycloak admin
# For custom HTTPS domain: https://mcpgateway.mycorp.com
KEYCLOAK_ADMIN_URL=http://localhost:8080
# Keycloak realm name
KEYCLOAK_REALM=mcp-gateway
# Keycloak admin credentials (for initial setup)
KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD=your-secure-keycloak-admin-password
# Keycloak database password
KEYCLOAK_DB_PASSWORD=your-secure-db-password
# Keycloak client credentials for web authentication
# These are auto-generated when you run keycloak/setup/init-keycloak.sh
# To retrieve: Check script output or Keycloak Admin Console → Clients → Credentials tab
KEYCLOAK_CLIENT_ID=mcp-gateway-web
KEYCLOAK_CLIENT_SECRET=your-keycloak-client-secret-here
# Keycloak M2M client credentials for machine-to-machine authentication
# These are auto-generated when you run keycloak/setup/init-keycloak.sh
# To retrieve: Check script output or Keycloak Admin Console → Clients → Credentials tab
KEYCLOAK_M2M_CLIENT_ID=mcp-gateway-m2m
KEYCLOAK_M2M_CLIENT_SECRET=your-keycloak-m2m-secret-here
# Enable Keycloak in OAuth2 providers
KEYCLOAK_ENABLED=true
# Initial admin and test user passwords for Keycloak setup
INITIAL_ADMIN_PASSWORD=your-secure-keycloak-admin-password
INITIAL_USER_PASSWORD=your-secure-keycloak-user-password
# =============================================================================
# MCPGW (MCP GATEWAY SERVER) CONFIGURATION
# =============================================================================
# These settings configure the MCPGW MCP server that provides tool access
# to the registry. Required only when running the MCPGW server component.
# **WARNING**: Before enabling OIDC, review the security gaps documented in
# GitHub issue #895. The M2M token flow does NOT propagate user identity to
# the registry, which bypasses per-user authorization and audit logging.
# Do NOT set OIDC_ENABLED=true in any environment until issue #895 is resolved.
# Enable OIDC/OAuth2 authentication for the MCPGW server
# When true, MCPGW uses Keycloak OAuthProxy for client authentication
# When false (default), MCPGW uses bearer-token passthrough
# OIDC_ENABLED=false
# OIDC client credentials (used when OIDC_ENABLED=true)
# These should match a Keycloak client configured for the MCPGW server
# OIDC_CLIENT_ID=mcp-gateway-web
# OIDC_CLIENT_SECRET=your-oidc-client-secret-here
# Keycloak internal URL for server-to-server OIDC communication
# Used by MCPGW to reach Keycloak within the Docker network
# KEYCLOAK_INTERNAL_URL=http://keycloak:8080
# M2M (machine-to-machine) client credentials for MCPGW to call registry APIs
# MCPGW uses these to obtain tokens for authenticated registry API calls
# M2M_CLIENT_ID=mcp-gateway-m2m
# M2M_CLIENT_SECRET=your-m2m-client-secret-here
# Base URL where the MCPGW server is reachable (for OAuth redirect URIs)
# MCPGW_BASE_URL=http://localhost:18003
# Bind host for the MCPGW server
# Use 127.0.0.1 for local-only access (default), 0.0.0.0 for containers
# HOST=127.0.0.1
# =============================================================================
# GATEWAY HOST CONFIGURATION
# =============================================================================
# Optional: Additional server names for nginx reverse proxy gateway access
# Use this to add custom domain names, public IPs, or private IPs to the nginx server_name directive
# Supports multiple names separated by spaces
#
# Examples:
# - Custom domain: mcpgateway.example.com
# - Public IP: 54.123.45.67
# - Private IP: 10.0.1.42
# - Multiple: mcpgateway.example.com 54.123.45.67
# - Custom domain: mcpgateway.ddns.net
#
# Default: Empty (will auto-detect private IP if available)
# WARNING: HTTP access is not recommended for production. Use HTTPS with valid SSL certificates.
GATEWAY_ADDITIONAL_SERVER_NAMES=
# =============================================================================
# AMAZON COGNITO OAUTH2 CONFIGURATION (if AUTH_PROVIDER=cognito)
# =============================================================================
# AWS Configuration
AWS_REGION=us-east-1
# Amazon Cognito User Pool ID
# Format: {region}_{random_string}
COGNITO_USER_POOL_ID=us-east-1_XXXXXXXXX
# Cognito App Client ID
# Get this from Amazon Cognito console > User Pools > App Integration > App clients
COGNITO_CLIENT_ID=your_cognito_client_id_here
# Cognito App Client Secret
# Get this from Amazon Cognito console > User Pools > App Integration > App clients
COGNITO_CLIENT_SECRET=your_cognito_client_secret_here
# Enable Cognito in OAuth2 providers
COGNITO_ENABLED=false
# =============================================================================
# MICROSOFT ENTRA ID CONFIGURATION (if AUTH_PROVIDER=entra)
# =============================================================================
# Azure AD Tenant ID (Directory/tenant ID from Azure Portal)
# Format: GUID (e.g., 12345678-1234-1234-1234-123456789012)
# Get from: Azure Portal → Azure Active Directory → Overview → Tenant ID
ENTRA_TENANT_ID=your-tenant-id-here
# Entra ID Application (client) ID
# Format: GUID (e.g., 87654321-4321-4321-4321-210987654321)
# Get from: Azure Portal → App registrations → Your App → Application (client) ID
ENTRA_CLIENT_ID=your-client-id-here
# Entra ID Client Secret (Application secret value)
# Get from: Azure Portal → App registrations → Your App → Certificates & secrets
# NOTE: Copy the secret VALUE immediately after creation (not the secret ID)
ENTRA_CLIENT_SECRET=your-client-secret-here
# Enable Entra ID in OAuth2 providers (set to true when using Entra ID)
ENTRA_ENABLED=false
# Entra ID Login Base URL (optional - defaults to https://login.microsoftonline.com)
# Change this only if using a sovereign cloud (e.g., Azure Government, Azure China)
# Examples:
# - Azure Public Cloud (default): https://login.microsoftonline.com
# - Azure Government: https://login.microsoftonline.us
# - Azure China: https://login.chinacloudapi.cn
# - Azure Germany: https://login.microsoftonline.de
# ENTRA_LOGIN_BASE_URL=https://login.microsoftonline.com
# Azure AD Group Object IDs for authorization (configured in scopes.yml)
# Admin Group Example
ENTRA_GROUP_ADMIN_ID=your-admin-group-object-id-here
# Users Group Example
ENTRA_GROUP_USERS_ID=your-users-group-object-id-here
# IdP Group Filtering (optional, applies to all identity providers)
# Comma-separated list of prefixes. Only groups whose name starts with
# any of these prefixes are shown in IAM > Groups page.
# For Entra ID, uses Microsoft Graph $filter for server-side filtering.
# For Keycloak, Okta, Auth0, filtering is applied client-side.
# Leave empty to show all groups (default).
# Examples:
# IDP_GROUP_FILTER_PREFIX=mcp-
# IDP_GROUP_FILTER_PREFIX=mcp-,registry-,ai-
IDP_GROUP_FILTER_PREFIX=
# =============================================================================
# OKTA CONFIGURATION (if AUTH_PROVIDER=okta)
# =============================================================================
# Okta org domain (without https://)
# Format: dev-123456.okta.com
# Get from: Okta Admin Console URL (remove -admin suffix)
OKTA_DOMAIN=dev-123456.okta.com
# Okta OAuth2 Application Client ID
# Get from: Okta Admin Console → Applications → Your App → General tab
OKTA_CLIENT_ID=your_okta_client_id_here
# Okta OAuth2 Application Client Secret
# Get from: Okta Admin Console → Applications → Your App → General tab
OKTA_CLIENT_SECRET=your_okta_client_secret_here
# Optional: Separate M2M client credentials (defaults to above if not set)
# OKTA_M2M_CLIENT_ID=your_okta_m2m_client_id_here
# OKTA_M2M_CLIENT_SECRET=your_okta_m2m_client_secret_here
# Optional: Okta Admin API token for IAM operations (user/group management)
# Get from: Okta Admin Console → Security → API → Tokens
# OKTA_API_TOKEN=your_okta_api_token_here
# Optional: Okta Custom Authorization Server ID (for M2M tokens)
# Get from: Okta Admin Console → Security → API → Authorization Servers
# If using custom authorization server for M2M, specify the ID here (e.g., aus1108sx6pwGzb8T698)
# If not set, uses the default Org Authorization Server
# OKTA_AUTH_SERVER_ID=your_auth_server_id_here
# =============================================================================
# GITHUB OAUTH2 CONFIGURATION
# =============================================================================
# GitHub OAuth App Client ID
# Get this from GitHub > Settings > Developer settings > OAuth Apps
GITHUB_CLIENT_ID=your_github_client_id_here
# GitHub OAuth App Client Secret
GITHUB_CLIENT_SECRET=your_github_client_secret_here
# Enable GitHub in OAuth2 providers
GITHUB_ENABLED=false
# =============================================================================
# GITHUB PRIVATE REPOSITORY ACCESS (SKILL.md fetching)
# =============================================================================
# Enable authenticated access to SKILL.md files in private GitHub repositories.
# Two options: Personal Access Token (simple) or GitHub App (enterprise).
# If both are configured, GitHub App takes priority.
# Option 1: Personal Access Token
# Generate at https://github.com/settings/tokens with 'repo' scope
# Fine-grained PATs: scope to 'contents: read' on specific repos
# GITHUB_PAT=ghp_your_token_here
# Option 2: GitHub App (recommended for organizations)
# Create at https://github.com/settings/apps
# Required permissions: Contents (read-only)
# GITHUB_APP_ID=123456
# GITHUB_APP_INSTALLATION_ID=78901234
# GITHUB_APP_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----"
# Extra GitHub hosts for enterprise instances (comma-separated)
# Auth headers are sent ONLY to github.com, raw.githubusercontent.com, and hosts listed here
# GITHUB_EXTRA_HOSTS=github.mycompany.com,raw.github.mycompany.com
# GitHub API base URL (default: https://api.github.com)
# For GitHub Enterprise Server, use: https://github.mycompany.com/api/v3
# GITHUB_API_BASE_URL=https://api.github.com
# =============================================================================
# GOOGLE OAUTH2 CONFIGURATION
# =============================================================================
# Google OAuth2 Client ID
# Get this from Google Cloud Console > APIs & Services > Credentials
GOOGLE_CLIENT_ID=your_google_client_id_here
# Google OAuth2 Client Secret
GOOGLE_CLIENT_SECRET=your_google_client_secret_here
# Enable Google in OAuth2 providers
GOOGLE_ENABLED=false
# =============================================================================
# AUTH0 OAUTH2 CONFIGURATION
# =============================================================================
# Auth0 Domain (your Auth0 tenant domain)
# Get this from Auth0 Dashboard > Applications > Your App > Settings
# Example: your-tenant.auth0.com
AUTH0_DOMAIN=your-tenant.auth0.com
# Auth0 Client ID
AUTH0_CLIENT_ID=your_auth0_client_id_here
# Auth0 Client Secret
AUTH0_CLIENT_SECRET=your_auth0_client_secret_here
# Auth0 API Audience (required for M2M token validation)
# This is the API Identifier from Auth0 Dashboard > APIs
# Use the Management API audience: https://<your-domain>.auth0.com/api/v2/
# Or a custom API audience you created in Auth0
# AUTH0_AUDIENCE=https://dev-example.us.auth0.com/api/v2/
# Auth0 Groups Claim (custom claim for group memberships)
# Auth0 requires a custom Action/Rule to add groups to tokens.
# The claim must be a namespaced URI to avoid conflicts.
# Default: https://mcp-gateway/groups
AUTH0_GROUPS_CLAIM=https://mcp-gateway/groups
# Enable Auth0 in OAuth2 providers
AUTH0_ENABLED=false
# Auth0 M2M Client ID (REQUIRED for IAM Management - user/role administration)
# Create an M2M application in Auth0 with Auth0 Management API permissions
# See docs/auth0.md for setup instructions
# AUTH0_M2M_CLIENT_ID=your_m2m_client_id
# Auth0 M2M Client Secret (REQUIRED for IAM Management)
# AUTH0_M2M_CLIENT_SECRET=your_m2m_client_secret
# Auth0 Management API Token (alternative to M2M credentials)
# You can use a static Management API token instead of M2M client credentials
# Generate in Auth0 Dashboard > Applications > APIs > Auth0 Management API > API Explorer
# WARNING: Static tokens expire after 24 hours - M2M credentials recommended for production
# AUTH0_MANAGEMENT_API_TOKEN=your_management_api_token
# =============================================================================
# APPLICATION SECURITY
# =============================================================================
# CRITICAL: CHANGE THIS SECRET KEY IMMEDIATELY!
# This is used for:
# - JWT token signing and session security
# - Backend MCP server credential encryption (Bearer tokens, API keys)
# Generate a strong, random 64-character string in production
# WARNING: Using the default value is a security risk!
# WARNING: Changing this key will invalidate all encrypted credentials!
SECRET_KEY=CHANGE-THIS-IMMEDIATELY-use-a-strong-random-key-in-production
# =============================================================================
# SESSION COOKIE CONFIGURATION
# =============================================================================
# Session cookie secure flag (HTTPS-only transmission)
# IMPORTANT: Set based on your environment:
# - Local development (localhost via HTTP): Set to false
# - Production with HTTPS: Set to true
#
# If set to true, cookies will ONLY be sent over HTTPS connections.
# Setting this to true on localhost (HTTP) will cause login to fail!
#
# Default: false (safe for local development)
# Production: MUST be true
SESSION_COOKIE_SECURE=false
# Session cookie domain (for cross-subdomain authentication)
# Leave unset or empty for single-domain deployments (RECOMMENDED for most cases)
# Set to domain with leading dot for cross-subdomain sharing
#
# Examples:
# Single domain (mcpgateway.ddns.net): Leave unset or set to empty string
# SESSION_COOKIE_DOMAIN=
#
# Cross-subdomain (auth.example.com + registry.example.com): Set to .example.com
# SESSION_COOKIE_DOMAIN=.example.com
#
# Multi-level domains (registry.region-1.corp.company.internal): Set to your org domain
# SESSION_COOKIE_DOMAIN=.corp.company.internal
#
# Default: Empty (cookie scoped to exact host only - safest option)
SESSION_COOKIE_DOMAIN=
# =============================================================================
# OAUTH TOKEN STORAGE CONFIGURATION
# =============================================================================
# Control whether OAuth provider tokens are stored in session cookies
# When enabled (true, default):
# - OAuth access_token, refresh_token, and expiration stored in session
# - May cause cookie size issues with large tokens (e.g., Microsoft Entra ID)
#
# When disabled (false):
# - OAuth tokens NOT stored in session cookies
# - Reduces cookie size significantly
# - Recommended for Entra ID deployments experiencing cookie size errors
#
# Default: false (tokens are not used functionally, reduces cookie size)
OAUTH_STORE_TOKENS_IN_SESSION=false
# =============================================================================
# EXTERNAL MCP SERVER AUTH TOKENS (Auto-generated from OAuth flows)
# =============================================================================
# These tokens are automatically populated by the OAuth credential scripts
# Do not set these manually - they are managed by credentials-provider/
# ATLASSIAN_AUTH_TOKEN="auto_generated_by_oauth_flow"
# SRE_GATEWAY_AUTH_TOKEN="auto_generated_by_oauth_flow"
# Smithery API Key for accessing Smithery-hosted MCP servers
# Get this from https://smithery.ai/
SMITHERY_API_KEY=your_smithery_api_key_here
# =============================================================================
# AI/LLM CONFIGURATION
# =============================================================================
# Anthropic API Key for Claude models (required for agent functionality)
# Get this from https://console.anthropic.com/
ANTHROPIC_API_KEY=your_anthropic_api_key_here
# =============================================================================
# SECURITY SCANNING CONFIGURATION (Cisco AI Defense Integration)
# =============================================================================
# Enable/disable security scanning for MCP servers
# When enabled, servers are scanned during registration for security threats
SECURITY_SCAN_ENABLED=true
# Automatically scan servers when they are registered
# Set to false to disable automatic scanning on registration
SECURITY_SCAN_ON_REGISTRATION=true
# Block (disable) servers that fail security scans
# When true, unsafe servers are automatically disabled
# When false, unsafe servers remain enabled but tagged
SECURITY_BLOCK_UNSAFE_SERVERS=true
# Analyzers to use for security scanning (comma-separated)
# Available: yara, llm, api
# - yara: Pattern matching with YARA rules (no API key required)
# - llm: LLM-as-a-judge evaluation (requires MCP_SCANNER_LLM_API_KEY)
# - api: Cisco AI Defense inspect API (requires Cisco credentials)
SECURITY_ANALYZERS=yara
# Security scan timeout in seconds (default: 300 = 5 minutes)
SECURITY_SCAN_TIMEOUT=60
# Add 'security-pending' tag to servers that fail security scan
# This helps identify servers awaiting security review
SECURITY_ADD_PENDING_TAG=true
# MCP Security Scanner LLM API Key (optional - only needed for LLM-based security analysis)
# Default analyzer is YARA (no API key required)
# To use LLM analyzer: ./cli/service_mgmt.sh add config.json yara,llm
# Get OpenAI API key from https://platform.openai.com/api-keys
MCP_SCANNER_LLM_API_KEY=your_openai_api_key_here
# =============================================================================
# EMBEDDINGS CONFIGURATION
# =============================================================================
# Embeddings provider: 'sentence-transformers' (local) or 'litellm' (cloud-based)
# Default: sentence-transformers (no API key required)
EMBEDDINGS_PROVIDER=litellm
# Model name for embeddings generation
# For sentence-transformers: model name from Hugging Face (e.g., all-MiniLM-L6-v2)
# For litellm: provider-prefixed model (e.g., bedrock/amazon.titan-embed-text-v1,
# openai/text-embedding-3-small, cohere/embed-english-v3.0)
EMBEDDINGS_MODEL_NAME=bedrock/amazon.titan-embed-text-v2:0
# Embedding dimension (must match the model's output dimension)
# all-MiniLM-L6-v2: 384
# text-embedding-3-small: 1536
# amazon.titan-embed-text-v1: 1536
# cohere/embed-english-v3.0: 1024
EMBEDDINGS_MODEL_DIMENSIONS=1024
# LiteLLM-specific settings (only used when EMBEDDINGS_PROVIDER=litellm)
# API key for cloud embeddings provider (provider-specific)
# For OpenAI: Get from https://platform.openai.com/api-keys
# For Cohere: Get from https://dashboard.cohere.com/api-keys
# For Bedrock: Not used - configure AWS credentials via standard methods (see below)
# EMBEDDINGS_API_KEY=your_api_key_here
# Optional: Custom API base URL for embeddings provider
# EMBEDDINGS_API_BASE=https://api.custom-endpoint.com
# AWS region for Amazon Bedrock embeddings (only needed for Bedrock)
# Note: For Bedrock authentication, use standard AWS credential chain:
# - IAM roles (recommended for EC2/EKS)
# - Environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
# - AWS credentials file (~/.aws/credentials)
# EMBEDDINGS_AWS_REGION=us-east-1
# =============================================================================
# ANS (AGENT NAMING SERVICE) CONFIGURATION
# =============================================================================
# Enable ANS integration for agent identity verification
# When enabled, agents can be linked to ANS records for verified identity
ANS_INTEGRATION_ENABLED=false
# ANS API endpoint URL
ANS_API_ENDPOINT=https://api.godaddy.com
# ANS API credentials (required when ANS_INTEGRATION_ENABLED=true)
# Get these from your ANS provider account
ANS_API_KEY=
ANS_API_SECRET=
# ANS API request timeout in seconds
ANS_API_TIMEOUT_SECONDS=30
# How often to re-sync ANS verification status (in hours)
ANS_SYNC_INTERVAL_HOURS=6
# Cache TTL for ANS verification results (in seconds)
ANS_VERIFICATION_CACHE_TTL_SECONDS=3600
# =============================================================================
# A2A AGENT SECURITY SCANNING CONFIGURATION
# =============================================================================
# Enable/disable security scanning for A2A agents
# When enabled, agents are scanned during registration for security threats
AGENT_SECURITY_SCAN_ENABLED=true
# Automatically scan agents when they are registered
# Set to false to disable automatic scanning on registration
AGENT_SECURITY_SCAN_ON_REGISTRATION=true
# Block (disable) agents that fail security scans
# When true, unsafe agents are automatically disabled
# When false, unsafe agents remain enabled but tagged
AGENT_SECURITY_BLOCK_UNSAFE_AGENTS=true
# Analyzers to use for agent security scanning (comma-separated)
# Available: yara, spec, heuristic, llm, endpoint
# - yara: Pattern matching with YARA rules (no API key required)
# - spec: A2A protocol specification validation (no API key required)
# - heuristic: Logic-based threat detection (no API key required)
# - llm: LLM-as-a-judge evaluation (requires A2A_SCANNER_LLM_API_KEY)
# - endpoint: Dynamic endpoint security testing (requires live agent)
AGENT_SECURITY_ANALYZERS=yara,spec
# Agent security scan timeout in seconds (default: 60 = 1 minute)
AGENT_SECURITY_SCAN_TIMEOUT=60
# Add 'security-pending' tag to agents that fail security scan
# This helps identify agents awaiting security review
AGENT_SECURITY_ADD_PENDING_TAG=true
# A2A Security Scanner LLM API Key (optional - only needed for LLM-based agent analysis)
# Default analyzers are YARA and Spec (no API key required)
# Get Azure OpenAI API key from https://portal.azure.com/
A2A_SCANNER_LLM_API_KEY=your_azure_openai_api_key_here
# =============================================================================
# CONTAINER REGISTRY CREDENTIALS (for CI/CD and local builds)
# =============================================================================
# Docker Hub credentials for publishing container images
# Get these from https://hub.docker.com/settings/security
DOCKERHUB_USERNAME=your_dockerhub_username
DOCKERHUB_TOKEN=your_dockerhub_access_token
# GitHub Container Registry credentials (optional - for publishing to ghcr.io)
# The GITHUB_TOKEN is automatically provided in GitHub Actions
# For local builds, generate a Personal Access Token with packages:write scope
# Get this from https://github.com/settings/tokens
# GITHUB_USERNAME=your_github_username
# GITHUB_TOKEN=your_github_personal_access_token
# # Container registry organization names
# DOCKERHUB_ORG=mcpgateway
# GITHUB_ORG=agentic-community
# =============================================================================
# EXTERNAL REGISTRY CONFIGURATION
# =============================================================================
# Comma-separated list of tags that identify external registry servers
# These tags are used by the frontend to separate internal MCP servers from
# external registry integrations (e.g., Anthropic, Workday, AWS Agent Registry)
# Servers tagged with these values will appear in the "External Registries" tab
# Default: anthropic-registry,workday-asor,agentcore
EXTERNAL_REGISTRY_TAGS=anthropic-registry,workday-asor,agentcore
# =============================================================================
# AWS REGISTRY FEDERATION (optional)
# =============================================================================
# Overrides the aws_registry.enabled flag in the federation config (MongoDB).
# Registry IDs, region, sync settings are managed via /api/federation/config API.
#
# Required IAM permissions on the ECS task role:
# - bedrock-agentcore:ListRegistries
# - bedrock-agentcore:ListRegistryRecords
# - bedrock-agentcore:GetRegistryRecord
#
# Enable AWS Agent Registry federation (default: false)
AWS_REGISTRY_FEDERATION_ENABLED=false
# =============================================================================
# STORAGE BACKEND CONFIGURATION
# =============================================================================
# Storage Backend Selection
# Options:
# "file" - Uses JSON files (simple, local development)
# "documentdb" - Uses Amazon DocumentDB or MongoDB (production, with native vector search)
# "mongodb-ce" - Uses MongoDB Community Edition 8.2 (local dev, application-level vector search)
# For production deployments, DocumentDB is recommended for scalability and concurrent access
# Options: file, mongodb-ce, documentdb
STORAGE_BACKEND=mongodb-ce
# DocumentDB Configuration (used when STORAGE_BACKEND=documentdb or mongodb-ce)
# Amazon DocumentDB (MongoDB-compatible) or MongoDB connection settings
# For local MongoDB CE (mongodb-ce backend):
# Authentication with SCRAM-SHA-256 (stronger than SCRAM-SHA-1)
DOCUMENTDB_HOST=mongodb
DOCUMENTDB_PORT=27017
DOCUMENTDB_DATABASE=mcp_registry
DOCUMENTDB_USERNAME=admin
DOCUMENTDB_PASSWORD=admin
DOCUMENTDB_USE_TLS=false
DOCUMENTDB_NAMESPACE=default
# For AWS DocumentDB (documentdb backend):
# Uses SCRAM-SHA-1 (AWS DocumentDB v5.0 limitation)
# DOCUMENTDB_HOST=your-documentdb-cluster.cluster-xxxxx.us-east-1.docdb.amazonaws.com
# DOCUMENTDB_PORT=27017
# DOCUMENTDB_DATABASE=mcp_registry
# DOCUMENTDB_USERNAME=your_username
# DOCUMENTDB_PASSWORD=your_password
# DOCUMENTDB_USE_TLS=true
# DOCUMENTDB_TLS_CA_FILE=global-bundle.pem
# DOCUMENTDB_USE_IAM=false
# DOCUMENTDB_REPLICA_SET=rs0
# DOCUMENTDB_READ_PREFERENCE=secondaryPreferred
# DOCUMENTDB_NAMESPACE=default
# =============================================================================
# GRAFANA CONFIGURATION
# =============================================================================
# Grafana admin password for the local metrics dashboard
# IMPORTANT: You must set a strong, random password before starting Grafana
# Generate with: python3 -c "import secrets; print(secrets.token_urlsafe(24))"
GRAFANA_ADMIN_PASSWORD=CHANGE-ME-SET-STRONG-PASSWORD
# =============================================================================
# OTLP PUSH EXPORT CONFIGURATION
# =============================================================================
# Push OpenTelemetry metrics to an external observability platform via OTLP/HTTP.
# When OTEL_OTLP_ENDPOINT is set, the metrics service pushes all 9 OTel metrics
# to the configured endpoint in parallel with the existing Prometheus exporter.
# When unset, only the Prometheus exporter is active (default behavior).
# OTLP endpoint URL (leave empty to disable OTLP export)
# OTEL_OTLP_ENDPOINT=
# Datadog (US1):
# OTEL_OTLP_ENDPOINT=https://otlp.datadoghq.com
# OTEL_EXPORTER_OTLP_HEADERS=dd-api-key=YOUR_DATADOG_API_KEY
# Datadog (EU1):
# OTEL_OTLP_ENDPOINT=https://otlp.datadoghq.eu
# OTEL_EXPORTER_OTLP_HEADERS=dd-api-key=YOUR_DATADOG_API_KEY
# New Relic:
# OTEL_OTLP_ENDPOINT=https://otlp.nr-data.net
# OTEL_EXPORTER_OTLP_HEADERS=api-key=YOUR_NEW_RELIC_LICENSE_KEY
# Export interval in milliseconds (default: 30000 = 30 seconds)
# OTEL_OTLP_EXPORT_INTERVAL_MS=30000
# Metric temporality preference (default: cumulative)
# Datadog requires "delta" — set this when using Datadog as the OTLP endpoint
# Other platforms (New Relic, Honeycomb, Grafana Cloud) work with the default "cumulative"
# OTEL_EXPORTER_OTLP_METRICS_TEMPORALITY_PREFERENCE=cumulative
# =============================================================================
# AGENTCORE TOKEN REFRESHER - CLIENT SECRETS
# =============================================================================
# Used by: uv run python -m cli.agentcore.token_refresher
#
# The token refresher resolves OAuth client secrets in this order:
# 1. Per-client env var: OAUTH_CLIENT_SECRET_<client_id>
# 2. Cognito auto-retrieval via AWS describe_user_pool_client API
# 3. Vendor-level env var (AUTH0_CLIENT_SECRET, OKTA_CLIENT_SECRET, etc.)
#
# For Cognito gateways, no env var is needed -- secrets are auto-retrieved
# from AWS if the IAM role has cognito-idp:DescribeUserPoolClient permission.
# Set per-client env vars below to override auto-retrieval or for non-Cognito IdPs.
#
# The client_id values come from the allowed_clients field in
# token_refresh_manifest.json (generated by cli.agentcore sync).
# --- Cognito per-client secrets (override auto-retrieval) ---
# OAUTH_CLIENT_SECRET_49ujl0b9ser72gnp6q1ph9v6vs=your_cognito_client_secret
# OAUTH_CLIENT_SECRET_5m3bmqg5jjdadkqrecibp5t03j=your_cognito_client_secret
# --- Auth0 (vendor-level, shared across all Auth0 gateways) ---
# Falls back to AUTH0_CLIENT_SECRET defined above if per-client var not set
# OAUTH_CLIENT_SECRET_your_auth0_client_id=your_auth0_client_secret
# --- Okta (vendor-level, shared across all Okta gateways) ---
# Falls back to OKTA_CLIENT_SECRET defined above if per-client var not set
# OAUTH_CLIENT_SECRET_your_okta_client_id=your_okta_client_secret
# --- Entra ID (vendor-level, shared across all Entra gateways) ---
# Falls back to ENTRA_CLIENT_SECRET defined above if per-client var not set
# OAUTH_CLIENT_SECRET_your_entra_client_id=your_entra_client_secret
# --- Keycloak (vendor-level, shared across all Keycloak gateways) ---
# Falls back to KEYCLOAK_CLIENT_SECRET defined above if per-client var not set
# OAUTH_CLIENT_SECRET_your_keycloak_client_id=your_keycloak_client_secret
# =============================================================================
# ADDITIONAL CONFIGURATION
# =============================================================================
# Optional: Set specific Cognito domain if using custom domain
# COGNITO_DOMAIN=your-custom-domain.auth.{region}.amazoncognito.com
# Optional: Additional service-specific environment variables
# Add any additional configuration variables your deployment requires
# =============================================================================
# AUDIT LOGGING CONFIGURATION
# =============================================================================
# Enable/disable audit logging
# When enabled, all API and MCP requests are logged to MongoDB for compliance
# Default: true
AUDIT_LOG_ENABLED=true
# Audit log retention period in days
# Logs older than this are automatically deleted via MongoDB TTL index
# Common values: 7 (dev), 30 (standard), 90 (compliance)
# Default: 7
AUDIT_LOG_MONGODB_TTL_DAYS=7
# =============================================================================
# APPLICATION LOG CONFIGURATION (Issue #886)
# =============================================================================
# Controls RotatingFileHandler and optional MongoDB log storage for
# centralized log retrieval across pods.
# Max size per log file in bytes before rotation (default: 50 MB)
# APP_LOG_MAX_BYTES=52428800
# Number of rotated backup files to keep (default: 5)
# APP_LOG_BACKUP_COUNT=5
# Write application logs to centralized storage (default: true)
# When enabled, log entries are written to the application_logs collection
# with TTL auto-expiry. Requires MongoDB/DocumentDB backend.
APP_LOG_CENTRALIZED_ENABLED=true
# Days to retain application logs in centralized storage (default: 1)
# APP_LOG_CENTRALIZED_TTL_DAYS=1
# Number of log records to buffer before flushing to MongoDB (default: 50)
# APP_LOG_MONGODB_BUFFER_SIZE=50
# Seconds between periodic flushes to MongoDB (default: 5.0)
# APP_LOG_MONGODB_FLUSH_INTERVAL_SECONDS=5.0
# Application log level: DEBUG, INFO, WARNING, ERROR, CRITICAL (default: INFO)
# APP_LOG_LEVEL=INFO
# Comma-separated logger names to exclude from MongoDB log writes (default: uvicorn.access,httpx,pymongo,motor)
# APP_LOG_EXCLUDED_LOGGERS=uvicorn.access,httpx,pymongo,motor
# =============================================================================
# FEDERATION PEER SYNC CONFIGURATION
# =============================================================================
# OAuth2 client credentials for peer-to-peer registry federation
# Run keycloak/setup/setup-federation-service-account.sh to create the client
# FEDERATION_TOKEN_ENDPOINT=http://keycloak:8080/realms/mcp-gateway/protocol/openid-connect/token
# FEDERATION_CLIENT_ID=federation-peer-m2m
# FEDERATION_CLIENT_SECRET=your-federation-client-secret
# =============================================================================
# WORKDAY ASOR FEDERATION CONFIGURATION (optional)
# =============================================================================
# Required only if using Workday ASOR federation
# Replace 'your-tenant' and 'your_instance' with your actual Workday tenant identifiers
# Example: https://services.wd101.myworkday.com/ccx/oauth2/production_instance/token
# IMPORTANT: Must use HTTPS in production environments
# If not configured with a valid URL, ASOR federation will be automatically disabled with a warning logged
WORKDAY_TOKEN_URL=https://your-tenant.workday.com/ccx/oauth2/your_instance/token
# =============================================================================
# TELEMETRY CONFIGURATION
# =============================================================================
# Anonymous usage telemetry for tracking registry adoption
# Privacy-first: no PII, no IP addresses, no hostnames
# Disable telemetry entirely (default: not set, telemetry is ON)
# MCP_TELEMETRY_DISABLED=1
# Disable daily heartbeat telemetry only (default: not set, heartbeat ON)
# Startup ping is still sent. Set to 1 to opt out of heartbeat only.
# MCP_TELEMETRY_OPT_OUT=1
# Heartbeat telemetry interval in minutes (default: 1440 = 24 hours)
MCP_TELEMETRY_HEARTBEAT_INTERVAL_MINUTES=1440
# Telemetry collector endpoint (default: central collector)
# Override to use a self-hosted collector
# MCP_TELEMETRY_ENDPOINT=https://m3ijrhd020.execute-api.us-east-1.amazonaws.com/v1/collect
# Debug mode: log telemetry payloads instead of sending (default: false)
# TELEMETRY_DEBUG=true
# Disable built-in airegistry-tools server auto-registration
# Set to true for production/GitOps deployments that manage their own server registrations
# DISABLE_AI_REGISTRY_TOOLS_SERVER=false
================================================
FILE: .github/workflows/auth-server-test.yml
================================================
name: Auth Server Test Suite
on:
push:
branches: [main, develop]
paths:
- 'auth_server/**'
- 'tests/auth_server/**'
- '.github/workflows/auth-server-test.yml'
pull_request:
branches: [main, develop]
paths:
- 'auth_server/**'
- 'tests/auth_server/**'
- '.github/workflows/auth-server-test.yml'
workflow_dispatch:
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
test:
name: "Auth Server Tests (Python ${{ matrix.python-version }})"
runs-on: ubuntu-latest
timeout-minutes: 20
strategy:
matrix:
python-version: ["3.14"]
fail-fast: false
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install uv
uses: astral-sh/setup-uv@v4
with:
version: "latest"
- name: Cache dependencies
uses: actions/cache@v4
with:
path: ~/.cache/uv
key: ${{ runner.os }}-uv-authserver-${{ matrix.python-version }}-${{ hashFiles('pyproject.toml') }}
restore-keys: |
${{ runner.os }}-uv-authserver-${{ matrix.python-version }}-
${{ runner.os }}-uv-authserver-
- name: Install dependencies
run: uv sync --extra dev
- name: Run auth server tests
run: |
uv run pytest tests/auth_server/ -v -o "addopts=" --cov=auth_server --cov-report=xml --cov-report=html --cov-report=term
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v5
with:
file: ./coverage.xml
flags: auth-server
name: codecov-auth-server-${{ matrix.python-version }}
fail_ci_if_error: false
- name: Upload coverage HTML report
uses: actions/upload-artifact@v4
if: always()
with:
name: auth-server-coverage-${{ matrix.python-version }}
path: htmlcov/
retention-days: 14
lint:
name: "Auth Server Code Quality"
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.14"
- name: Install uv
uses: astral-sh/setup-uv@v4
with:
version: "latest"
- name: Install linting tools
run: uv pip install --system ruff
- name: Run ruff check
run: ruff check auth_server/
continue-on-error: true
- name: Run ruff format check
run: ruff format --check auth_server/
continue-on-error: true
================================================
FILE: .github/workflows/build-auth-server.yml
================================================
name: Build Auth Server Image
on:
push:
branches: [main]
paths:
- 'auth_server/**'
- 'registry/**'
- 'docker/Dockerfile.auth'
- 'docker/auth-entrypoint.sh'
- '.github/workflows/build-auth-server.yml'
workflow_dispatch:
permissions:
contents: read
packages: write
attestations: write
id-token: write
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
REGISTRY: public.ecr.aws
IMAGE_NAME: p3v1o3c6/auth-server
jobs:
build-and-push:
if: github.repository == 'agentic-community/mcp-gateway-registry'
name: Build and Push
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up QEMU
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: Configure Role to Acquire Credentials
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
with:
aws-region: us-east-1
role-session-name: auth-server-build
role-to-assume: ${{ secrets.ECR_ROLE }}
- name: Login to Amazon ECR Public
id: login-ecr-public
uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
with:
registry-type: public
- name: Extract metadata
id: meta
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=sha,prefix=,format=long
- name: Build and push
id: push
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
with:
context: .
file: docker/Dockerfile.auth
push: true
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
BUILD_VERSION=${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Generate attestation
uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
- name: Image Summary
run: |
echo "## Auth Server Image Published" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Tags:**" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
echo "${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
================================================
FILE: .github/workflows/build-mcpgw.yml
================================================
name: Build MCPGW Image
on:
push:
branches: [main]
paths:
- 'servers/mcpgw/**'
- 'registry/**'
- 'docker/Dockerfile.mcp-server'
- '.github/workflows/build-mcpgw.yml'
workflow_dispatch:
permissions:
contents: read
packages: write
attestations: write
id-token: write
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
REGISTRY: public.ecr.aws
IMAGE_NAME: p3v1o3c6/mcpgw
jobs:
build-and-push:
if: github.repository == 'agentic-community/mcp-gateway-registry'
name: Build and Push
runs-on: ubuntu-latest
timeout-minutes: 45
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up QEMU
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: Configure Role to Acquire Credentials
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
with:
aws-region: us-east-1
role-session-name: mcpgw-build
role-to-assume: ${{ secrets.ECR_ROLE }}
- name: Login to Amazon ECR Public
id: login-ecr-public
uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
with:
registry-type: public
- name: Extract metadata
id: meta
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=sha,prefix=,format=long
- name: Build and push
id: push
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
with:
context: .
file: docker/Dockerfile.mcp-server
push: true
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
BUILD_VERSION=${{ github.sha }}
SERVER_DIR=servers/mcpgw
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Generate attestation
uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
- name: Image Summary
run: |
echo "## MCPGW Image Published" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Tags:**" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
echo "${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
================================================
FILE: .github/workflows/build-registry.yml
================================================
name: Build Registry Image
on:
push:
branches: [main]
paths:
- 'registry/**'
- 'auth_server/**'
- 'api/**'
- 'frontend/**'
- 'scripts/**'
- 'docker/Dockerfile.registry'
- 'docker/registry-entrypoint.sh'
- 'pyproject.toml'
- '.github/workflows/build-registry.yml'
workflow_dispatch:
permissions:
contents: read
packages: write
attestations: write
id-token: write
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
REGISTRY: public.ecr.aws
IMAGE_NAME: p3v1o3c6/registry
jobs:
build-and-push:
if: github.repository == 'agentic-community/mcp-gateway-registry'
name: Build and Push
runs-on: ubuntu-latest
timeout-minutes: 45
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up QEMU
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: Configure Role to Acquire Credentials
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
with:
aws-region: us-east-1
role-session-name: registry-build
role-to-assume: ${{ secrets.ECR_ROLE }}
- name: Login to Amazon ECR Public
id: login-ecr-public
uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
with:
registry-type: public
- name: Extract metadata
id: meta
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=sha,prefix=,format=long
- name: Build and push
id: push
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
with:
context: .
file: docker/Dockerfile.registry
push: true
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
BUILD_VERSION=${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Generate attestation
uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
- name: Image Summary
run: |
echo "## Registry Image Published" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Tags:**" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
echo "${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
================================================
FILE: .github/workflows/docs.yml
================================================
name: Build and Deploy Documentation
on:
push:
branches: [main]
paths:
- 'docs/**'
- 'mkdocs.yml'
- 'README.md'
- '.github/workflows/docs.yml'
pull_request:
branches: [main]
paths:
- 'docs/**'
- 'mkdocs.yml'
- 'README.md'
workflow_dispatch:
permissions:
contents: read
pages: write
id-token: write
concurrency:
group: pages-${{ github.ref }}
cancel-in-progress: false
jobs:
build:
name: "Build Documentation"
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0 # Fetch all history for git plugins
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: '3.14'
- name: Install uv
uses: astral-sh/setup-uv@v4
with:
version: "latest"
- name: Cache dependencies
uses: actions/cache@v4
with:
path: ~/.cache/uv
key: ${{ runner.os }}-uv-${{ hashFiles('pyproject.toml') }}
restore-keys: |
${{ runner.os }}-uv-
- name: Install dependencies
run: |
uv pip install --system -e ".[docs]"
- name: Setup Pages
id: pages
uses: actions/configure-pages@v4
- name: Build documentation
run: |
mkdocs build --clean
- name: Upload artifact
uses: actions/upload-pages-artifact@v3
with:
path: ./site
deploy:
name: "Deploy to GitHub Pages"
if: github.ref == 'refs/heads/main'
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
runs-on: ubuntu-latest
timeout-minutes: 10
needs: build
steps:
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v4
================================================
FILE: .github/workflows/helm-chart-update.yml
================================================
name: Update Helm Charts on Release
on:
workflow_run:
workflows: ["Release Docker Images"]
types: [completed]
permissions:
contents: write
pull-requests: write
jobs:
update-helm-charts:
name: Update Helm Chart Image Tags
runs-on: ubuntu-latest
if: >-
github.event.workflow_run.conclusion == 'success' &&
github.repository == 'agentic-community/mcp-gateway-registry'
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
persist-credentials: false
- name: Extract version from tag
id: version
env:
HEAD_BRANCH: ${{ github.event.workflow_run.head_branch }}
run: |
TAG="$HEAD_BRANCH"
VERSION="${TAG#v}"
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
echo "tag=$TAG" >> "$GITHUB_OUTPUT"
echo "Extracted version: $VERSION from tag: $TAG"
- name: Update image tags in Helm charts
id: update
run: |
VERSION="${{ steps.version.outputs.version }}"
for VALUES_FILE in \
charts/mcp-gateway-registry-stack/values.yaml \
charts/auth-server/values.yaml \
charts/registry/values.yaml \
charts/mcpgw/values.yaml; do
sed -i "s/^\(\s*tag:\s*\).*/\1${VERSION}/" "$VALUES_FILE"
echo "Updated $VALUES_FILE"
done
if git diff --quiet; then
echo "Charts already at version $VERSION, skipping PR creation"
echo "changed=false" >> "$GITHUB_OUTPUT"
else
echo "changed=true" >> "$GITHUB_OUTPUT"
fi
- name: Check for new environment variables
id: envcheck
env:
TAG: ${{ steps.version.outputs.tag }}
run: |
TAG="$TAG"
# Find the previous release tag
PREV_TAG=$(git tag --list 'v*.*.*' --sort=-v:refname | grep -v "^${TAG}$" | head -n 1)
if [ -z "$PREV_TAG" ]; then
echo "No previous tag found, skipping env var check"
echo "comment=" >> "$GITHUB_OUTPUT"
exit 0
fi
echo "Comparing env vars between $PREV_TAG and $TAG"
# Extract env var names from app code at each tag
extract_env_vars() {
local ref="$1"
git show "${ref}:registry/core/config.py" 2>/dev/null | \
grep -oP '(?:env=")[A-Z_][A-Z0-9_]*(?:")' | sed 's/env="//;s/"//' || true
for f in auth_server/server.py servers/mcpgw/server.py; do
git show "${ref}:${f}" 2>/dev/null | \
grep -oP '(?:os\.environ\.get|os\.getenv|os\.environ\[)\s*\(?\s*["\x27]([A-Z_][A-Z0-9_]*)["\x27]' | \
grep -oP '[A-Z_][A-Z0-9_]+' || true
done
}
extract_env_vars "$PREV_TAG" | sort -u > /tmp/env_old.txt
extract_env_vars "$TAG" | sort -u > /tmp/env_new.txt
# Find newly added env vars
NEW_VARS=$(comm -13 /tmp/env_old.txt /tmp/env_new.txt)
if [ -z "$NEW_VARS" ]; then
echo "No new environment variables detected"
echo "comment=" >> "$GITHUB_OUTPUT"
exit 0
fi
# Check which new vars are missing from helm templates
MISSING=""
for VAR in $NEW_VARS; do
if ! grep -rq "$VAR" charts/*/templates/; then
MISSING="${MISSING}\n- \`${VAR}\`"
fi
done
if [ -z "$MISSING" ]; then
echo "All new env vars are already in helm templates"
echo "comment=" >> "$GITHUB_OUTPUT"
else
COMMENT=$(cat <<INNEREOF
**Warning: New environment variables detected that are not in Helm chart templates.**
The following env vars were added between \`$PREV_TAG\` and \`$TAG\` but are not referenced in any chart template under \`charts/*/templates/\`:
$(echo -e "$MISSING")
Please verify whether these need to be added to the Helm secret/configmap templates and \`values.yaml\` files before merging.
INNEREOF
)
# Write multiline output
{
echo "comment<<EOF"
echo "$COMMENT"
echo "EOF"
} >> "$GITHUB_OUTPUT"
fi
- name: Create Pull Request
id: create-pr
if: steps.update.outputs.changed == 'true'
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
with:
branch: helm-update-${{ steps.version.outputs.version }}
commit-message: "chore: update Helm chart image tags to ${{ steps.version.outputs.version }}"
title: "chore: update Helm chart image tags to ${{ steps.version.outputs.version }}"
body: |
Automated update of Helm chart image tags to `${{ steps.version.outputs.version }}` following release `${{ steps.version.outputs.tag }}`.
Updated files:
- `charts/mcp-gateway-registry-stack/values.yaml`
- `charts/auth-server/values.yaml`
- `charts/registry/values.yaml`
- `charts/mcpgw/values.yaml`
labels: helm
- name: Comment on PR with missing env vars
if: steps.update.outputs.changed == 'true' && steps.envcheck.outputs.comment != ''
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
issue-number: ${{ steps.create-pr.outputs.pull-request-number }}
body: ${{ steps.envcheck.outputs.comment }}
================================================
FILE: .github/workflows/helm-release-retag.yml
================================================
name: Move Release Tag After Helm Chart Update
on:
pull_request:
types: [closed]
branches: [main]
permissions:
contents: write
jobs:
retag-release:
name: Move Release Tag to Main
runs-on: ubuntu-latest
if: >-
github.event.pull_request.merged == true &&
startsWith(github.event.pull_request.head.ref, 'helm-update-') &&
github.repository == 'agentic-community/mcp-gateway-registry'
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Extract version and move tag
run: |
BRANCH="${{ github.event.pull_request.head.ref }}"
VERSION="${BRANCH#helm-update-}"
TAG="v${VERSION}"
echo "Moving tag $TAG to current main HEAD"
git tag -f "$TAG"
git push origin "$TAG" --force
================================================
FILE: .github/workflows/helm-test.yml
================================================
name: Helm Chart Tests
on:
push:
branches: [main, develop]
paths:
- 'charts/**'
- '.github/workflows/helm-test.yml'
pull_request:
paths:
- 'charts/**'
- '.github/workflows/helm-test.yml'
workflow_dispatch:
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
lint:
name: "Helm Lint"
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Helm
uses: azure/setup-helm@v4
with:
version: '3.14.0'
- name: Add Helm repositories
run: |
helm repo add bitnami https://charts.bitnami.com/bitnami || true
helm repo update
- name: Build chart dependencies
run: |
for chart in charts/*/; do
if [ -f "${chart}Chart.yaml" ]; then
echo "Building dependencies for ${chart}..."
helm dependency build "$chart" || true
fi
done
- name: Lint all charts
run: |
echo "## Helm Lint Results" >> $GITHUB_STEP_SUMMARY
failed=0
for chart in charts/*/; do
if [ -f "${chart}Chart.yaml" ]; then
echo "Linting ${chart}..."
if helm lint "$chart" 2>&1; then
echo "- ${chart}: PASSED" >> $GITHUB_STEP_SUMMARY
else
echo "- ${chart}: WARNING (lint issues found)" >> $GITHUB_STEP_SUMMARY
# Don't fail on lint warnings, only errors
fi
fi
done
template:
name: "Helm Template Validation"
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Helm
uses: azure/setup-helm@v4
with:
version: '3.14.0'
- name: Template validation
run: |
echo "## Helm Template Results" >> $GITHUB_STEP_SUMMARY
for chart in charts/*/; do
if [ -f "${chart}Chart.yaml" ]; then
echo "Validating template for ${chart}..."
if helm template test "$chart" --debug > /dev/null 2>&1; then
echo "- ${chart}: PASSED" >> $GITHUB_STEP_SUMMARY
else
echo "- ${chart}: FAILED" >> $GITHUB_STEP_SUMMARY
helm template test "$chart" --debug || true
fi
fi
done
kubeconform:
name: "Kubernetes Manifest Validation"
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Helm
uses: azure/setup-helm@v4
with:
version: '3.14.0'
- name: Install kubeconform
run: |
curl -sL https://github.com/yannh/kubeconform/releases/download/v0.6.4/kubeconform-linux-amd64.tar.gz | tar xz
sudo mv kubeconform /usr/local/bin/
- name: Validate Kubernetes manifests
run: |
echo "## Kubeconform Results" >> $GITHUB_STEP_SUMMARY
for chart in charts/*/; do
if [ -f "${chart}Chart.yaml" ]; then
echo "Validating ${chart}..."
helm template test "$chart" 2>/dev/null | kubeconform -strict -summary -ignore-missing-schemas || true
fi
done
dependency-check:
name: "Helm Dependency Check"
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Helm
uses: azure/setup-helm@v4
with:
version: '3.14.0'
- name: Add Helm repositories
run: |
helm repo add bitnami https://charts.bitnami.com/bitnami || true
helm repo update
- name: Build dependencies for umbrella chart
run: |
if [ -f "charts/mcp-gateway-registry-stack/Chart.yaml" ]; then
echo "Building dependencies for umbrella chart..."
helm dependency build charts/mcp-gateway-registry-stack || true
fi
summary:
name: "Helm Test Summary"
runs-on: ubuntu-latest
timeout-minutes: 5
needs: [lint, template, kubeconform, dependency-check]
if: always()
steps:
- name: Results Summary
run: |
echo "## Helm Chart Test Summary" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Job | Status |" >> $GITHUB_STEP_SUMMARY
echo "|-----|--------|" >> $GITHUB_STEP_SUMMARY
echo "| Lint | ${{ needs.lint.result }} |" >> $GITHUB_STEP_SUMMARY
echo "| Template | ${{ needs.template.result }} |" >> $GITHUB_STEP_SUMMARY
echo "| Kubeconform | ${{ needs.kubeconform.result }} |" >> $GITHUB_STEP_SUMMARY
echo "| Dependencies | ${{ needs.dependency-check.result }} |" >> $GITHUB_STEP_SUMMARY
================================================
FILE: .github/workflows/metrics-service-test.yml
================================================
name: Metrics Service Test Suite
on:
push:
branches: [main, develop]
paths:
- 'metrics-service/**'
- '.github/workflows/metrics-service-test.yml'
pull_request:
branches: [main, develop]
paths:
- 'metrics-service/**'
- '.github/workflows/metrics-service-test.yml'
workflow_dispatch:
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
test:
name: "Metrics Service Tests (Python ${{ matrix.python-version }})"
runs-on: ubuntu-latest
timeout-minutes: 20
strategy:
matrix:
python-version: ["3.14"]
fail-fast: false
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install uv
uses: astral-sh/setup-uv@v4
with:
version: "latest"
- name: Cache dependencies
uses: actions/cache@v4
with:
path: ~/.cache/uv
key: ${{ runner.os }}-uv-metrics-${{ matrix.python-version }}-${{ hashFiles('metrics-service/pyproject.toml') }}
restore-keys: |
${{ runner.os }}-uv-metrics-${{ matrix.python-version }}-
${{ runner.os }}-uv-metrics-
- name: Install dependencies
working-directory: metrics-service
run: uv sync --extra dev
- name: Run metrics service tests
working-directory: metrics-service
run: |
uv run pytest tests/ -v --cov=. --cov-report=xml --cov-report=html --cov-report=term
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v5
with:
file: ./metrics-service/coverage.xml
flags: metrics-service
name: codecov-metrics-service-${{ matrix.python-version }}
fail_ci_if_error: false
- name: Upload coverage HTML report
uses: actions/upload-artifact@v4
if: always()
with:
name: metrics-service-coverage-${{ matrix.python-version }}
path: metrics-service/htmlcov/
retention-days: 14
lint:
name: "Metrics Service Code Quality"
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.14"
- name: Install uv
uses: astral-sh/setup-uv@v4
with:
version: "latest"
- name: Install linting tools
run: uv pip install --system ruff
- name: Run ruff check
working-directory: metrics-service
run: ruff check .
- name: Run ruff format check
working-directory: metrics-service
run: ruff format --check .
continue-on-error: true
================================================
FILE: .github/workflows/registry-test.yml
================================================
name: Registry Test Suite
on:
push:
branches: [main, develop]
# No path filters - run on every merge to main/develop
pull_request:
branches: [main, develop]
paths:
- 'registry/**'
- 'tests/**'
- 'pyproject.toml'
- 'scripts/test.py'
- '.github/workflows/registry-test.yml'
workflow_dispatch:
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
test:
name: "Test (Python ${{ matrix.python-version }})"
runs-on: ubuntu-latest
timeout-minutes: 30
strategy:
matrix:
python-version: ["3.14"]
fail-fast: false
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install uv
uses: astral-sh/setup-uv@v4
with:
version: "latest"
- name: Cache dependencies
uses: actions/cache@v4
with:
path: ~/.cache/uv
key: ${{ runner.os }}-uv-${{ matrix.python-version }}-${{ hashFiles('pyproject.toml') }}
restore-keys: |
${{ runner.os }}-uv-${{ matrix.python-version }}-
${{ runner.os }}-uv-
- name: Install dependencies
run: |
uv sync --extra dev
- name: Check dependencies
run: |
uv run python scripts/test.py check
- name: Run all tests with coverage
run: |
uv run python scripts/test.py coverage -n 8
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v5
with:
file: ./coverage.xml
flags: unittests
name: codecov-python-${{ matrix.python-version }}
fail_ci_if_error: false
- name: Upload coverage HTML report
uses: actions/upload-artifact@v4
if: always()
with:
name: coverage-report-${{ matrix.python-version }}
path: htmlcov/
retention-days: 14
- name: Upload test reports
uses: actions/upload-artifact@v4
if: always()
with:
name: test-reports-${{ matrix.python-version }}
path: tests/reports/
retention-days: 14
lint:
name: "Code Quality"
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.14"
- name: Install uv
uses: astral-sh/setup-uv@v4
with:
version: "latest"
- name: Cache dependencies
uses: actions/cache@v4
with:
path: ~/.cache/uv
key: ${{ runner.os }}-uv-lint-${{ hashFiles('pyproject.toml') }}
restore-keys: |
${{ runner.os }}-uv-lint-
- name: Install dependencies
run: |
uv pip install --system ruff
- name: Run ruff check
run: |
ruff check registry/ tests/
continue-on-error: true
- name: Run ruff format check
run: |
ruff format --check registry/ tests/
continue-on-error: true
security:
name: "Security Check"
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.14"
- name: Install uv
uses: astral-sh/setup-uv@v4
with:
version: "latest"
- name: Install bandit
run: |
uv pip install --system bandit
- name: Run bandit security scan
run: |
bandit -r registry/ -f json -o bandit-report.json || true
- name: Upload security report
uses: actions/upload-artifact@v4
if: always()
with:
name: security-report
path: bandit-report.json
retention-days: 14
summary:
name: "Test Summary"
runs-on: ubuntu-latest
timeout-minutes: 5
needs: [test, lint, security]
if: always()
steps:
- name: Test Results Summary
run: |
echo "## Test Results Summary" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Job | Status |" >> $GITHUB_STEP_SUMMARY
echo "|-----|--------|" >> $GITHUB_STEP_SUMMARY
echo "| Tests | ${{ needs.test.result }} |" >> $GITHUB_STEP_SUMMARY
echo "| Code Quality | ${{ needs.lint.result }} |" >> $GITHUB_STEP_SUMMARY
echo "| Security | ${{ needs.security.result }} |" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
if [[ "${{ needs.test.result }}" == "success" && "${{ needs.lint.result }}" == "success" && "${{ needs.security.result }}" == "success" ]]; then
echo "All checks passed!" >> $GITHUB_STEP_SUMMARY
else
echo "Some checks failed. Please review the logs." >> $GITHUB_STEP_SUMMARY
fi
================================================
FILE: .github/workflows/release-images.yml
================================================
name: Release Docker Images
on:
push:
tags:
- 'v*.*.*'
workflow_dispatch:
inputs:
tag:
description: 'Release tag (e.g., v1.0.0)'
required: true
type: string
permissions:
contents: read
packages: write
attestations: write
id-token: write
env:
REGISTRY: public.ecr.aws
NAMESPACE: p3v1o3c6
jobs:
build-release-images:
name: Build ${{ matrix.service }} Release
runs-on: ubuntu-latest
timeout-minutes: 45
if: github.repository == 'agentic-community/mcp-gateway-registry'
strategy:
matrix:
include:
- service: auth-server
dockerfile: docker/Dockerfile.auth
- service: registry
dockerfile: docker/Dockerfile.registry
- service: mcpgw
dockerfile: docker/Dockerfile.mcp-server
extra_build_args: |-
SERVER_DIR=servers/mcpgw
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up QEMU
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
with:
aws-region: us-east-1
role-session-name: ${{ matrix.service }}-release
role-to-assume: ${{ secrets.ECR_ROLE }}
- name: Login to Amazon ECR Public
uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
with:
registry-type: public
- name: Extract metadata
id: meta
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
with:
images: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/${{ matrix.service }}
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=raw,value=latest
- name: Build and push
id: push
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
with:
context: .
file: ${{ matrix.dockerfile }}
push: true
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
BUILD_VERSION=${{ github.ref_name }}
${{ matrix.extra_build_args }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Generate attestation
uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0
with:
subject-name: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/${{ matrix.service }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
- name: Image Summary
run: |
echo "## ${{ matrix.service }} Release Image Published" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Tags:**" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
echo "${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
================================================
FILE: .github/workflows/terraform-test.yml
================================================
name: Terraform Tests
on:
push:
branches: [main, develop]
paths:
- 'terraform/**'
- '.github/workflows/terraform-test.yml'
pull_request:
paths:
- 'terraform/**'
- '.github/workflows/terraform-test.yml'
workflow_dispatch:
permissions:
contents: read
security-events: write
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
validate:
name: "Terraform Validate"
runs-on: ubuntu-latest
timeout-minutes: 10
defaults:
run:
working-directory: terraform/aws-ecs
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: "1.12.0"
- name: Terraform fmt check
id: fmt
run: terraform fmt -check -recursive
continue-on-error: true
- name: Terraform init
id: init
run: terraform init -backend=false
- name: Terraform validate
id: validate
run: terraform validate
continue-on-error: true
- name: Post validation results
run: |
echo "## Terraform Validation Results" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Check | Status |" >> $GITHUB_STEP_SUMMARY
echo "|-------|--------|" >> $GITHUB_STEP_SUMMARY
echo "| Format | ${{ steps.fmt.outcome }} |" >> $GITHUB_STEP_SUMMARY
echo "| Init | ${{ steps.init.outcome }} |" >> $GITHUB_STEP_SUMMARY
echo "| Validate | ${{ steps.validate.outcome }} |" >> $GITHUB_STEP_SUMMARY
tflint:
name: "TFLint"
runs-on: ubuntu-latest
timeout-minutes: 10
defaults:
run:
working-directory: terraform/aws-ecs
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup TFLint
uses: terraform-linters/setup-tflint@v4
with:
tflint_version: v0.50.0
- name: Init TFLint
run: tflint --init
continue-on-error: true
- name: Run TFLint
run: tflint --recursive --format compact
continue-on-error: true
tfsec:
name: "TFSec Security Scan"
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run tfsec
uses: aquasecurity/tfsec-action@v1.0.3
with:
working_directory: terraform/aws-ecs
soft_fail: true
format: sarif
out: tfsec-results.sarif
continue-on-error: true
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: tfsec-results.sarif
continue-on-error: true
checkov:
name: "Checkov Security Scan"
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run Checkov
uses: bridgecrewio/checkov-action@v12
with:
directory: terraform/aws-ecs
framework: terraform
soft_fail: true
output_format: cli,sarif
output_file_path: console,checkov-results.sarif
download_external_modules: true
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: checkov-results.sarif
continue-on-error: true
summary:
name: "Terraform Test Summary"
runs-on: ubuntu-latest
timeout-minutes: 5
needs: [validate, tflint, tfsec, checkov]
if: always()
steps:
- name: Results Summary
run: |
echo "## Terraform Test Summary" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Job | Status |" >> $GITHUB_STEP_SUMMARY
echo "|-----|--------|" >> $GITHUB_STEP_SUMMARY
echo "| Validate | ${{ needs.validate.result }} |" >> $GITHUB_STEP_SUMMARY
echo "| TFLint | ${{ needs.tflint.result }} |" >> $GITHUB_STEP_SUMMARY
echo "| TFSec | ${{ needs.tfsec.result }} |" >> $GITHUB_STEP_SUMMARY
echo "| Checkov | ${{ needs.checkov.result }} |" >> $GITHUB_STEP_SUMMARY
================================================
FILE: .gitignore
================================================
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# Models
.models/
# C extensions
*.so
# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.py,cover
.hypothesis/
.pytest_cache/
cover/
tests/reports/
# Translations
*.mo
*.pot
# Django stuff:
*.log
local_settings.py
db.sqlite3
db.sqlite3-journal
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
# PyBuilder
.pybuilder/
target/
# Jupyter Notebook
.ipynb_checkpoints
# IPython
profile_default/
ipython_config.py
# pyenv
# For a library or package, you might want to ignore these files since the code is
# intended to run in multiple environments; otherwise, check them in:
# .python-version
# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that don't work, or not
# install all needed dependencies.
#Pipfile.lock
# UV
# Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
# This is especially recommended for binary packages to ensure reproducibility, and is more
# commonly ignored for libraries.
#uv.lock
# poetry
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
# This is especially recommended for binary packages to ensure reproducibility, and is more
# commonly ignored for libraries.
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
#poetry.lock
# pdm
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
#pdm.lock
# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
# in version control.
# https://pdm.fming.dev/latest/usage/project/#working-with-version-control
.pdm.toml
.pdm-python
.pdm-build/
# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
__pypackages__/
# Celery stuff
celerybeat-schedule
celerybeat.pid
# SageMath parsed files
*.sage.py
# Environments
.env
.env.*
!.env.example
.env.backup
.env.user
.env.docker
# Configuration files with sensitive data
credentials-provider/agentcore-auth/config.yaml
credentials-provider/oauth/config.yaml
cli/examples/peer-registry-lob-1.json
cli/examples/peer-sales-registry.json
.venv
env/
venv/
ENV/
env.bak/
venv.bak/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/
.dmypy.json
dmypy.json
# Pyre type checker
.pyre/
# pytype static type analyzer
.pytype/
# Cython debug symbols
cython_debug/
# PyCharm
# JetBrains specific template is maintained in a separate JetBrains.gitignore that can
# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
# and can be added to the global gitignore or merged into this file. For a more nuclear
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
.idea/
# Ruff stuff:
.ruff_cache/
.cache/
# PyPI configuration file
.pypirc
cookies.txt
.cookies
# Scratchpad for temporary notes and planning
.scratchpad/
# MongoDB keyfile for replica set authentication
.mongodb-keyfile
# Roo IDE files
.roo/
# VS Code / IDE files
.vscode/
# Kiro files
.kiro
.kiro/
# Agent config
agents/agent_config.json
# Jules files
.Jules/
# OAuth tokens and credentials - never commit these!
.oauth-tokens/
.agentcore-params
.cognito_access_token
.network-trusted-token
.token*
api/.token
api/.mcp-session
# Keycloak client secrets (generated by init-keycloak.sh)
keycloak/setup/keycloak-client-secrets.txt
keycloak/setup/retrieved-keycloak-secrets.txt
# MCP Gateway specific
registry/server_state.json
registry/nginx_mcp_revproxy.conf
registry/agents/
registry/data/
logs/
token_refresher.pid
token_refresher.log
token_refresh_manifest.json
.mcp.json
# Secrets and API keys - never commit these!
.keys.yml
.keys.yml.encrypted
*.keys.yml
*.keys.yml.encrypted
# SSL certificates and keys - never commit these!
*.pem
*.key
*.crt
*.csr
*.p12
*.pfx
/etc/ssl/
# Agent testing
agents/test_results/
agents/.env.user
ssl_data/
agents/.env.agent
# Frontend / Node.js / React / TypeScript
frontend/node_modules/
frontend/build/
frontend/dist/
frontend/.env
frontend/.env.local
frontend/.env.development.local
frontend/.env.test.local
frontend/.env.production.local
frontend/npm-debug.log*
frontend/yarn-debug.log*
frontend/yarn-error.log*
frontend/.pnpm-debug.log*
frontend/lerna-debug.log*
frontend/.DS_Store
frontend/.vscode/
frontend/.idea/
frontend/*.tsbuildinfo
frontend/.nyc_output
frontend/coverage/
frontend/.cache/
frontend/.parcel-cache/
frontend/.next/
frontend/out/
frontend/.nuxt/
frontend/.vuepress/dist
frontend/.serverless/
frontend/.fusebox/
frontend/.dynamodb/
frontend/.tern-port
frontend/storybook-static/
# Node.js (global patterns)
node_modules/
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
.pnpm-debug.log*
lerna-debug.log*
.DS_Store
*.tsbuildinfo
.nyc_output
coverage/
.cache/
.parcel-cache/
.scratchpad/
#MCP Json
.tmp/anthropic-import
# Anthropic registry temporary files
anthropic_servers_*.json
curated_import_list.txt
#Security scans
security_scans/
#Temporary directories
.tmp
#AgentCore CLI generated files
.bedrock_agentcore
.bedrock_agentcore.yaml
# Terraform user-specific configuration (NEVER COMMIT!)
# Users should copy terraform.tfvars.example to terraform.tfvars and edit it
terraform.tfvars
terraform.tfvars.json
override.tf
override.tf.json
*_override.tf
*_override.tf.json
.terraform/
.terraform.lock.hcl
crash.log
crash.*.log
tfplan*
terraform.tfstate*
terraform-outputs.json.backup*
# Terraform outputs and region-specific configs (environment-specific, do not commit)
terraform-outputs.json
terraform-outputs.txt
terraform/aws-ecs/scripts/terraform-outputs.json
terraform/aws-ecs/terraform-outputs.txt
terraform.tfvars.*
!terraform.tfvars.example
terraform/aws-ecs/terraform.tfvars.*
!terraform/aws-ecs/terraform.tfvars.example
# Generated image manifest for container builds (generated by Makefile)
image-manifest.json# Admin password files
*.admin_password
terraform/.admin_password
image-manifest.json
agent_security_scans/
skill_security_scans/
# Helm dependency charts and lock files (fetched via helm dependency build)
charts/*/charts/
charts/*/Chart.lock
# Shell config artifacts
.ash/
# Claude
.claude/*
!.claude/skills/
.claude/skills/search-registry/
.token?
# Telemetry collector build artifacts and state
terraform/telemetry-collector/terraform.tfstate
terraform/telemetry-collector/terraform.tfstate.backup
terraform/telemetry-collector/tfplan
terraform/telemetry-collector/terraform-apply.log
terraform/telemetry-collector/deployment-info-testing.txt
terraform/telemetry-collector/lambda_function.zip
terraform/telemetry-collector/lambda/collector/lambda_function_linux.zip
terraform/telemetry-collector/lambda/index-setup/index_setup.zip
terraform/telemetry-collector/lambda/lambda_function.zip
terraform/telemetry-collector/global-bundle.pem
terraform/telemetry-collector/terraform.tfvars
terraform/telemetry-collector/DEPLOYMENT-SUMMARY.md
terraform/telemetry-collector/INTEGRATION-TEST-SUMMARY.md
terraform/telemetry-collector/MONITORING-GUIDE.md
terraform/telemetry-collector/PROGRESS.md
terraform/telemetry-collector/lambda/collector/package/
terraform/telemetry-collector/lambda/index-setup/package/
terraform/telemetry-collector/.terraform/
terraform/telemetry-collector/.terraform.lock.hcl
# Vendored Python packages in Lambda directories (build artifacts)
terraform/telemetry-collector/lambda/collector/*.dist-info/
terraform/telemetry-collector/lambda/collector/bson/
terraform/telemetry-collector/lambda/collector/dns/
terraform/telemetry-collector/lambda/collector/gridfs/
terraform/telemetry-collector/lambda/collector/motor/
terraform/telemetry-collector/lambda/collector/pymongo/
terraform/telemetry-collector/lambda/collector/pydantic/
terraform/telemetry-collector/lambda/collector/pydantic_core/
terraform/telemetry-collector/lambda/collector/annotated_types/
terraform/telemetry-collector/lambda/collector/typing_inspection/
terraform/telemetry-collector/lambda/collector/typing_extensions.py
terraform/telemetry-collector/lambda/collector/boto3/
terraform/telemetry-collector/lambda/collector/botocore/
terraform/telemetry-collector/lambda/collector/dateutil/
terraform/telemetry-collector/lambda/collector/jmespath/
terraform/telemetry-collector/lambda/collector/s3transfer/
terraform/telemetry-collector/lambda/collector/urllib3/
terraform/telemetry-collector/lambda/collector/bin/
terraform/telemetry-collector/lambda/collector/six.py
terraform/telemetry-collector/lambda/collector/*.dist-info/
terraform/telemetry-collector/lambda/index-setup/*.dist-info/
terraform/telemetry-collector/lambda/index-setup/bson/
terraform/telemetry-collector/lambda/index-setup/pymongo/
# Root-level telemetry test scripts (not part of the project)
test-telemetry-*.sh
test-telemetry-*.py
verify-telemetry-test.sh
watch-collector-logs.sh
NEXT-STEPS-TELEMETRY.md
.env.telemetry-test
registry_metrics.csv
.claude/skills/usage-report/known-internal-instances.md
================================================
FILE: .pre-commit-config.yaml
================================================
# Pre-commit hooks for MCP Gateway Registry
# Install with: pre-commit install
# Run manually: pre-commit run --all-files
repos:
# Ruff - Fast Python linter and formatter
- repo: https://github.com/astral-sh/ruff-pre-commit
rev: v0.8.2
hooks:
# Run the linter with auto-fixes
- id: ruff
args: [--fix]
name: Ruff linter
description: Run ruff linter with auto-fixes
# Run the formatter
- id: ruff-format
name: Ruff formatter
description: Run ruff formatter
# Pre-commit hooks for file quality
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v5.0.0
hooks:
# Remove trailing whitespace
- id: trailing-whitespace
name: Trim trailing whitespace
description: Remove trailing whitespace
# Ensure files end with newline
- id: end-of-file-fixer
name: Fix end of files
description: Ensure files end with a newline
# Check YAML syntax
- id: check-yaml
name: Check YAML
description: Validate YAML file syntax
exclude: ^(docker/|\.github/)
# Check JSON syntax
- id: check-json
name: Check JSON
description: Validate JSON file syntax
# Prevent large files from being committed
- id: check-added-large-files
name: Check for large files
description: Prevent files larger than 500KB
args: ['--maxkb=500']
# Check for merge conflict markers
- id: check-merge-conflict
name: Check for merge conflicts
description: Check for merge conflict markers
# Detect private keys
- id: detect-private-key
name: Detect private keys
description: Check for private SSH keys
# Check for case conflicts in filenames
- id: check-case-conflict
name: Check filename case conflicts
description: Check for case conflicts in filenames
# Check Python docstrings
- id: check-docstring-first
name: Check docstring is first
description: Ensure docstring comes first in Python files
# Check for debugger imports
- id: debug-statements
name: Check for debugger statements
description: Check for pdb and ipdb debugger statements
# Detect-secrets - Prevent secrets from being committed
- repo: https://github.com/Yelp/detect-secrets
rev: v1.5.0
hooks:
- id: detect-secrets
name: Detect secrets
description: Prevent hardcoded secrets from being committed
args: ['--baseline', '.secrets.baseline']
exclude: ^(tests/|docs/|cli/examples/)
# Bandit - Security vulnerability scanner
- repo: https://github.com/PyCQA/bandit
rev: '1.8.3'
hooks:
- id: bandit
name: Bandit security scan
description: Scan for security vulnerabilities
args: ['-c', 'pyproject.toml']
additional_dependencies: ['bandit[toml]']
exclude: ^tests/
# MyPy - Static type checker
- repo: https://github.com/pre-commit/mirrors-mypy
rev: v1.11.2
hooks:
- id: mypy
name: MyPy type checking
description: Static type checking
additional_dependencies:
- types-requests
- types-PyYAML
- pydantic
args: [--ignore-missing-imports, --no-strict-optional]
exclude: ^(tests/|scripts/)
# Local hooks for project-specific checks
- repo: local
hooks:
# Run fast unit tests
- id: pytest-fast
name: Run fast tests
entry: uv run pytest -m "not slow" --tb=short
language: system
pass_filenames: false
always_run: true
stages: [commit]
# Python syntax check
- id: python-syntax
name: Check Python syntax
entry: python -m py_compile
language: system
types: [python]
# Shell script syntax check
- id: shell-syntax
name: Check shell script syntax
entry: bash -n
language: system
types: [shell]
exclude: ^(docker/|scripts/setup/)
# Default stages
default_stages: [commit]
# Default language version
default_language_version:
python: python3.14
# Fail fast - stop on first error
fail_fast: false
# Minimum pre-commit version
minimum_pre_commit_version: '2.20.0'
================================================
FILE: .secrets.baseline
================================================
{
"version": "1.5.0",
"plugins_used": [
{
"name": "ArtifactoryDetector"
},
{
"name": "AWSKeyDetector"
},
{
"name": "AzureStorageKeyDetector"
},
{
"name": "Base64HighEntropyString",
"limit": 4.5
},
{
"name": "BasicAuthDetector"
},
{
"name": "CloudantDetector"
},
{
"name": "DiscordBotTokenDetector"
},
{
"name": "GitHubTokenDetector"
},
{
"name": "GitLabTokenDetector"
},
{
"name": "HexHighEntropyString",
"limit": 3.0
},
{
"name": "IbmCloudIamDetector"
},
{
"name": "IbmCosHmacDetector"
},
{
"name": "IPPublicDetector"
},
{
"name": "JwtTokenDetector"
},
{
"name": "KeywordDetector",
"keyword_exclude": ""
},
{
"name": "MailchimpDetector"
},
{
"name": "NpmDetector"
},
{
"name": "OpenAIDetector"
},
{
"name": "PrivateKeyDetector"
},
{
"name": "PypiTokenDetector"
},
{
"name": "SendGridDetector"
},
{
"name": "SlackDetector"
},
{
"name": "SoftlayerDetector"
},
{
"name": "SquareOAuthDetector"
},
{
"name": "StripeDetector"
},
{
"name": "TelegramBotTokenDetector"
},
{
"name": "TwilioKeyDetector"
}
],
"filters_used": [
{
"path": "detect_secrets.filters.allowlist.is_line_allowlisted"
},
{
"path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
"min_level": 2
},
{
"path": "detect_secrets.filters.heuristic.is_indirect_reference"
},
{
"path": "detect_secrets.filters.heuristic.is_likely_id_string"
},
{
"path": "detect_secrets.filters.heuristic.is_lock_file"
},
{
"path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
},
{
"path": "detect_secrets.filters.heuristic.is_potential_uuid"
},
{
"path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
},
{
"path": "detect_secrets.filters.heuristic.is_sequential_string"
},
{
"path": "detect_secrets.filters.heuristic.is_swagger_file"
},
{
"path": "detect_secrets.filters.heuristic.is_templated_secret"
},
{
"path": "detect_secrets.filters.regex.should_exclude_file",
"pattern": [
"^(tests/|docs/|cli/examples/|\\.git/)"
]
}
],
"results": {
"api/get-m2m-token.sh": [
{
"type": "Secret Keyword",
"filename": "api/get-m2m-token.sh",
"hashed_secret": "2be88ca4242c76e8253ac62474851065032d6833",
"is_verified": false,
"line_number": 211
}
],
"api/registry_client.py": [
{
"type": "Secret Keyword",
"filename": "api/registry_client.py",
"hashed_secret": "fca71afec681b7c2932610046e8e524820317e47",
"is_verified": false,
"line_number": 268
}
],
"api/registry_management.py": [
{
"type": "Secret Keyword",
"filename": "api/registry_management.py",
"hashed_secret": "fca71afec681b7c2932610046e8e524820317e47",
"is_verified": false,
"line_number": 1519
},
{
"type": "Secret Keyword",
"filename": "api/registry_management.py",
"hashed_secret": "665b1e3851eefefa3fb878654292f16597d25155",
"is_verified": false,
"line_number": 1733
}
],
"api/test-management-api-e2e.md": [
{
"type": "Secret Keyword",
"filename": "api/test-management-api-e2e.md",
"hashed_secret": "b60c1b0150f701d3ea5375a34a43e3e9b63ada2c",
"is_verified": false,
"line_number": 65
}
],
"auth_server/.env.template": [
{
"type": "Secret Keyword",
"filename": "auth_server/.env.template",
"hashed_secret": "1bb9fef4dcaec0c4c0ba677e927f904500ab6c4b",
"is_verified": false,
"line_number": 11
},
{
"type": "Secret Keyword",
"filename": "auth_server/.env.template",
"hashed_secret": "29b8dca3de5ff27bcf8bd3b622adf9970f29381c",
"is_verified": false,
"line_number": 23
}
],
"build_and_run.sh": [
{
"type": "Secret Keyword",
"filename": "build_and_run.sh",
"hashed_secret": "c35bdb821a941808a150db95d0f934f449bbff17",
"is_verified": false,
"line_number": 433
}
],
"charts/auth-server/values.yaml": [
{
"type": "Secret Keyword",
"filename": "charts/auth-server/values.yaml",
"hashed_secret": "8d44de1035672968b3e922b3d15e08c1dce4f9b6",
"is_verified": false,
"line_number": 12
}
],
"charts/keycloak-configure/templates/configmap.yaml": [
{
"type": "Secret Keyword",
"filename": "charts/keycloak-configure/templates/configmap.yaml",
"hashed_secret": "5ffe533b830f08a0326348a9160afafc8ada44db",
"is_verified": false,
"line_number": 95
},
{
"type": "Secret Keyword",
"filename": "charts/keycloak-configure/templates/configmap.yaml",
"hashed_secret": "9723444fb302ebd3cac2b5e5f0a1ade0d40c03c7",
"is_verified": false,
"line_number": 724
}
],
"charts/mcp-gateway-registry-stack/README.md": [
{
"type": "Secret Keyword",
"filename": "charts/mcp-gateway-registry-stack/README.md",
"hashed_secret": "2d5978d21d2072d7922a49935dcb363378eab0bc",
"is_verified": false,
"line_number": 118
}
],
"charts/mcp-gateway-registry-stack/templates/mongodb-cluster.yaml": [
{
"type": "Secret Keyword",
"filename": "charts/mcp-gateway-registry-stack/templates/mongodb-cluster.yaml",
"hashed_secret": "7d4295ea62a0fb8fb7f8f5707db8cd4db689d9c2",
"is_verified": false,
"line_number": 26
}
],
"charts/mcp-gateway-registry-stack/templates/oauth-provider-secret.yaml": [
{
"type": "Secret Keyword",
"filename": "charts/mcp-gateway-registry-stack/templates/oauth-provider-secret.yaml",
"hashed_secret": "e3568c17ddb547dd50c4b4990152e9ad46ac29ea",
"is_verified": false,
"line_number": 42
}
],
"charts/mcp-gateway-registry-stack/templates/shared-secret.yaml": [
{
"type": "Secret Keyword",
"filename": "charts/mcp-gateway-registry-stack/templates/shared-secret.yaml",
"hashed_secret": "e3568c17ddb547dd50c4b4990152e9ad46ac29ea",
"is_verified": false,
"line_number": 12
},
{
"type": "Secret Keyword",
"filename": "charts/mcp-gateway-registry-stack/templates/shared-secret.yaml",
"hashed_secret": "94c6c8fdccfc8f4fe660af892feaabdc8d8d2201",
"is_verified": false,
"line_number": 14
}
],
"charts/mcp-gateway-registry-stack/values.yaml": [
{
"type": "Secret Keyword",
"filename": "charts/mcp-gateway-registry-stack/values.yaml",
"hashed_secret": "76ed0a056aa77060de25754586440cff390791d0",
"is_verified": false,
"line_number": 18
},
{
"type": "Secret Keyword",
"filename": "charts/mcp-gateway-registry-stack/values.yaml",
"hashed_secret": "f880fa90169f5214a7e9c6a817b3f31aeb71f5c7",
"is_verified": false,
"line_number": 22
},
{
"type": "Secret Keyword",
"filename": "charts/mcp-gateway-registry-stack/values.yaml",
"hashed_secret": "54053db99b49b4cc046f7b4854a80de3d6dfae71",
"is_verified": false,
"line_number": 70
}
],
"charts/mcpgw/values.yaml": [
{
"type": "Secret Keyword",
"filename": "charts/mcpgw/values.yaml",
"hashed_secret": "aa90ae690498f4d84834974d12a9990b594e338e",
"is_verified": false,
"line_number": 12
}
],
"charts/mongodb-configure/templates/configmap.yaml": [
{
"type": "Secret Keyword",
"filename": "charts/mongodb-configure/templates/configmap.yaml",
"hashed_secret": "3442496b96dd01591a8cd44b1eec1368ab728aba",
"is_verified": false,
"line_number": 226
}
],
"charts/mongodb-configure/values.yaml": [
{
"type": "Secret Keyword",
"filename": "charts/mongodb-configure/values.yaml",
"hashed_secret": "54053db99b49b4cc046f7b4854a80de3d6dfae71",
"is_verified": false,
"line_number": 15
}
],
"charts/registry/values.yaml": [
{
"type": "Secret Keyword",
"filename": "charts/registry/values.yaml",
"hashed_secret": "c83acc39662eea92bcfbd9dc69d4dbe5fc0f2951",
"is_verified": false,
"line_number": 12
}
],
"cli/mcp_security_scanner.py": [
{
"type": "Secret Keyword",
"filename": "cli/mcp_security_scanner.py",
"hashed_secret": "80bcbe9821472b00da2dcece9bf1f7ee27acf22c",
"is_verified": false,
"line_number": 31
}
],
"cli/src/utils/cost.json": [
{
"type": "Base64 High Entropy String",
"filename": "cli/src/utils/cost.json",
"hashed_secret": "0e58cba3de592ca22002e9b5a355102bfc738f05",
"is_verified": false,
"line_number": 3142
},
{
"type": "Base64 High Entropy String",
"filename": "cli/src/utils/cost.json",
"hashed_secret": "9b45b018ce366a8d8b440df12fadc183406c92d6",
"is_verified": false,
"line_number": 7148
},
{
"type": "Base64 High Entropy String",
"filename": "cli/src/utils/cost.json",
"hashed_secret": "4ad9c5ebcdbd110afa5ca680854dd5bd72314bb8",
"is_verified": false,
"line_number": 7453
},
{
"type": "Base64 High Entropy String",
"filename": "cli/src/utils/cost.json",
"hashed_secret": "8927d5a0b386ac18deffa37f02fd808f3fb8bcbd",
"is_verified": false,
"line_number": 8488
},
{
"type": "Base64 High Entropy String",
"filename": "cli/src/utils/cost.json",
"hashed_secret": "c8883fc592bf698b29fd2304fa1ad570df1f9abf",
"is_verified": false,
"line_number": 14119
},
{
"type": "Base64 High Entropy String",
"filename": "cli/src/utils/cost.json",
"hashed_secret": "61da47b9d42215793e5604b478982f4cb21fdee1",
"is_verified": false,
"line_number": 20303
},
{
"type": "Base64 High Entropy String",
"filename": "cli/src/utils/cost.json",
"hashed_secret": "aa684a0841bf2d1fd7e9b774262fcddc9920ffc6",
"is_verified": false,
"line_number": 20388
}
],
"cli/user_mgmt.sh": [
{
"type": "Secret Keyword",
"filename": "cli/user_mgmt.sh",
"hashed_secret": "2be88ca4242c76e8253ac62474851065032d6833",
"is_verified": false,
"line_number": 244
}
],
"credentials-provider/entra/generate_tokens.py": [
{
"type": "Secret Keyword",
"filename": "credentials-provider/entra/generate_tokens.py",
"hashed_secret": "c303df00cd0a72b21c62900b758b06fc541664ce",
"is_verified": false,
"line_number": 327
}
],
"frontend/e2e/helpers/auth.ts": [
{
"type": "Secret Keyword",
"filename": "frontend/e2e/helpers/auth.ts",
"hashed_secret": "d033e22ae348aeb5660fc2140aec35850c4da997",
"is_verified": false,
"line_number": 7
}
],
"frontend/src/components/IAMUsers.tsx": [
{
"type": "Secret Keyword",
"filename": "frontend/src/components/IAMUsers.tsx",
"hashed_secret": "6c56a9249cba324d029f725f1f7c0e47184e2dcf",
"is_verified": false,
"line_number": 111
}
],
"frontend/src/pages/Login.tsx": [
{
"type": "Secret Keyword",
"filename": "frontend/src/pages/Login.tsx",
"hashed_secret": "6c56a9249cba324d029f725f1f7c0e47184e2dcf",
"is_verified": false,
"line_number": 93
},
{
"type": "Secret Keyword",
"filename": "frontend/src/pages/Login.tsx",
"hashed_secret": "73e350f9131d07e887b1e22e114101a90d44ebb0",
"is_verified": false,
"line_number": 95
}
],
"keycloak/README.md": [
{
"type": "Secret Keyword",
"filename": "keycloak/README.md",
"hashed_secret": "534c57bf48f9277e7ee50c5febcdb3dab99f0051",
"is_verified": false,
"line_number": 12
},
{
"type": "Secret Keyword",
"filename": "keycloak/README.md",
"hashed_secret": "001c1654cb8dff7c4ddb1ae6d2203d0dd15a6096",
"is_verified": false,
"line_number": 13
},
{
"type": "Secret Keyword",
"filename": "keycloak/README.md",
"hashed_secret": "354b3a4b7715d3694c88a4fa7db49e41de86568e",
"is_verified": false,
"line_number": 82
},
{
"type": "Secret Keyword",
"filename": "keycloak/README.md",
"hashed_secret": "7b0e6379ca79d9a02abc556232d503a86c37012e",
"is_verified": false,
"line_number": 83
},
{
"type": "Secret Keyword",
"filename": "keycloak/README.md",
"hashed_secret": "45d676e7c6ab44cf4b8fa366ef2d8fccd3e6d6e6",
"is_verified": false,
"line_number": 165
}
],
"keycloak/setup/disable-ssl.sh": [
{
"type": "Secret Keyword",
"filename": "keycloak/setup/disable-ssl.sh",
"hashed_secret": "6eef6648406c333a4035cd5e60d0bf2ecf2606d7",
"is_verified": false,
"line_number": 80
}
],
"keycloak/setup/get-all-client-credentials.sh": [
{
"type": "Secret Keyword",
"filename": "keycloak/setup/get-all-client-credentials.sh",
"hashed_secret": "08d2e98e6754af941484848930ccbaddfefe13d6",
"is_verified": false,
"line_number": 104
}
],
"keycloak/setup/setup-federation-service-account.sh": [
{
"type": "Secret Keyword",
"filename": "keycloak/setup/setup-federation-service-account.sh",
"hashed_secret": "45d676e7c6ab44cf4b8fa366ef2d8fccd3e6d6e6",
"is_verified": false,
"line_number": 17
},
{
"type": "Secret Keyword",
"filename": "keycloak/setup/setup-federation-service-account.sh",
"hashed_secret": "2be88ca4242c76e8253ac62474851065032d6833",
"is_verified": false,
"line_number": 156
}
],
"metrics-service/add_test_key.py": [
{
"type": "Hex High Entropy String",
"filename": "metrics-service/add_test_key.py",
"hashed_secret": "41bc5baca453bd6dc49f421ece29f5d57bb581bb",
"is_verified": false,
"line_number": 13
}
],
"metrics-service/docs/README.md": [
{
"type": "Secret Keyword",
"filename": "metrics-service/docs/README.md",
"hashed_secret": "b310da45b1ebf444106a41b7832ab2fbe25dab41",
"is_verified": false,
"line_number": 446
}
],
"metrics-service/tests/conftest.py": [
{
"type": "Secret Keyword",
"filename": "metrics-service/tests/conftest.py",
"hashed_secret": "bd33830043487aed705b9aff291a77d69f27adb3",
"is_verified": false,
"line_number": 98
}
],
"metrics-service/tests/test_auth.py": [
{
"type": "Hex High Entropy String",
"filename": "metrics-service/tests/test_auth.py",
"hashed_secret": "244f421f896bdcdd2784dccf4eaf7c8dfd5189b5",
"is_verified": false,
"line_number": 151
},
{
"type": "Secret Keyword",
"filename": "metrics-service/tests/test_auth.py",
"hashed_secret": "52adafa10bb9e78a57950036e8b266c51ef8ef88",
"is_verified": false,
"line_number": 243
}
],
"registry/constants.py": [
{
"type": "Secret Keyword",
"filename": "registry/constants.py",
"hashed_secret": "665b1e3851eefefa3fb878654292f16597d25155",
"is_verified": false,
"line_number": 46
}
],
"registry/embeddings/README.md": [
{
"type": "Secret Keyword",
"filename": "registry/embeddings/README.md",
"hashed_secret": "235ca8ecd22dbaae08d2971367bebdc1d1bd0224",
"is_verified": false,
"line_number": 65
}
],
"registry/utils/credential_encryption.py": [
{
"type": "Secret Keyword",
"filename": "registry/utils/credential_encryption.py",
"hashed_secret": "665b1e3851eefefa3fb878654292f16597d25155",
"is_verified": false,
"line_number": 211
}
],
"release-notes/v1.0.9.md": [
{
"type": "Basic Auth Credentials",
"filename": "release-notes/v1.0.9.md",
"hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
"is_verified": false,
"line_number": 104
}
],
"scripts/init-mongodb.sh": [
{
"type": "Secret Keyword",
"filename": "scripts/init-mongodb.sh",
"hashed_secret": "d033e22ae348aeb5660fc2140aec35850c4da997",
"is_verified": false,
"line_number": 27
}
],
"scripts/refresh_m2m_token.sh": [
{
"type": "Secret Keyword",
"filename": "scripts/refresh_m2m_token.sh",
"hashed_secret": "2be88ca4242c76e8253ac62474851065032d6833",
"is_verified": false,
"line_number": 49
}
],
"servers/fininfo/README.md": [
{
"type": "Secret Keyword",
"filename": "servers/fininfo/README.md",
"hashed_secret": "af2fdf068ba0c919287d6931c8dc993edaf01f3b",
"is_verified": false,
"line_number": 24
}
],
"terraform/aws-ecs/README.md": [
{
"type": "Secret Keyword",
"filename": "terraform/aws-ecs/README.md",
"hashed_secret": "4d0d3c53f51abc7660789000a958332860aa8280",
"is_verified": false,
"line_number": 335
},
{
"type": "Secret Keyword",
"filename": "terraform/aws-ecs/README.md",
"hashed_secret": "145f85ed29830a933e12fb56dcfb94ce29172f65",
"is_verified": false,
"line_number": 336
},
{
"type": "Secret Keyword",
"filename": "terraform/aws-ecs/README.md",
"hashed_secret": "19a4df734b1b7b83858d6002352ba67c91f1f4b5",
"is_verified": false,
"line_number": 359
},
{
"type": "Secret Keyword",
"filename": "terraform/aws-ecs/README.md",
"hashed_secret": "8b603b119fa2980e0e6d3b186fe5e7c02d9d9bd1",
"is_verified": false,
"line_number": 429
},
{
"type": "Secret Keyword",
"filename": "terraform/aws-ecs/README.md",
"hashed_secret": "c303df00cd0a72b21c62900b758b06fc541664ce",
"is_verified": false,
"line_number": 803
}
],
"terraform/aws-ecs/documentdb-elastic.tf.disabled": [
{
"type": "Basic Auth Credentials",
"filename": "terraform/aws-ecs/documentdb-elastic.tf.disabled",
"hashed_secret": "347cd9c53ff77d41a7b22aa56c7b4efaf54658e3",
"is_verified": false,
"line_number": 226
}
],
"terraform/aws-ecs/documentdb.tf": [
{
"type": "Basic Auth Credentials",
"filename": "terraform/aws-ecs/documentdb.tf",
"hashed_secret": "347cd9c53ff77d41a7b22aa56c7b4efaf54658e3",
"is_verified": false,
"line_number": 356
}
],
"terraform/aws-ecs/keycloak-database.tf": [
{
"type": "Secret Keyword",
"filename": "terraform/aws-ecs/keycloak-database.tf",
"hashed_secret": "f8be3d043f32db05fe41961eb713644aa21b6222",
"is_verified": false,
"line_number": 13
}
],
"terraform/aws-ecs/modules/mcp-gateway/secrets.tf": [
{
"type": "Secret Keyword",
"filename": "terraform/aws-ecs/modules/mcp-gateway/secrets.tf",
"hashed_secret": "be4c27293b0757101cbef01b36ac78028aefc399",
"is_verified": false,
"line_number": 56
}
],
"terraform/aws-ecs/scripts/init-keycloak.sh": [
{
"type": "Secret Keyword",
"filename": "terraform/aws-ecs/scripts/init-keycloak.sh",
"hashed_secret": "2be88ca4242c76e8253ac62474851065032d6833",
"is_verified": false,
"line_number": 1103
},
{
"type": "Secret Keyword",
"filename": "terraform/aws-ecs/scripts/init-keycloak.sh",
"hashed_secret": "e3eba309413812b94096a6477501e13853a616b4",
"is_verified": false,
"line_number": 1124
}
],
"terraform/aws-ecs/scripts/post-deployment-setup.sh": [
{
"type": "Secret Keyword",
"filename": "terraform/aws-ecs/scripts/post-deployment-setup.sh",
"hashed_secret": "6eef6648406c333a4035cd5e60d0bf2ecf2606d7",
"is_verified": false,
"line_number": 469
},
{
"type": "Secret Keyword",
"filename": "terraform/aws-ecs/scripts/post-deployment-setup.sh",
"hashed_secret": "e3eba309413812b94096a6477501e13853a616b4",
"is_verified": false,
"line_number": 487
}
],
"terraform/aws-ecs/scripts/run-documentdb-cli.sh": [
{
"type": "Secret Keyword",
"filename": "terraform/aws-ecs/scripts/run-documentdb-cli.sh",
"hashed_secret": "6eef6648406c333a4035cd5e60d0bf2ecf2606d7",
"is_verified": false,
"line_number": 178
}
],
"terraform/aws-ecs/scripts/run-documentdb-init.sh": [
{
"type": "Secret Keyword",
"filename": "terraform/aws-ecs/scripts/run-documentdb-init.sh",
"hashed_secret": "6eef6648406c333a4035cd5e60d0bf2ecf2606d7",
"is_verified": false,
"line_number": 179
}
],
"terraform/aws-ecs/scripts/user_mgmt.sh": [
{
"type": "Secret Keyword",
"filename": "terraform/aws-ecs/scripts/user_mgmt.sh",
"hashed_secret": "2be88ca4242c76e8253ac62474851065032d6833",
"is_verified": false,
"line_number": 261
}
],
"terraform/aws-ecs/setup-documentdb-env.sh": [
{
"type": "Secret Keyword",
"filename": "terraform/aws-ecs/setup-documentdb-env.sh",
"hashed_secret": "d4758e20bc459a501939d69dd4bfa383debac93a",
"is_verified": false,
"line_number": 20
}
],
"terraform/aws-ecs/terraform.tfvars.example": [
{
"type": "Secret Keyword",
"filename": "terraform/aws-ecs/terraform.tfvars.example",
"hashed_secret": "b81a4503bd668cde97ef070bfe9cf2baca9872e0",
"is_verified": false,
"line_number": 53
},
{
"type": "Secret Keyword",
"filename": "terraform/aws-ecs/terraform.tfvars.example",
"hashed_secret": "f60d623e416a938ffa3a98bba1d5cdcd38eba18a",
"is_verified": false,
"line_number": 57
},
{
"type": "Secret Keyword",
"filename": "terraform/aws-ecs/terraform.tfvars.example",
"hashed_secret": "01b1a021a74c4b51fe616e4c1487962a96ccaa78",
"is_verified": false,
"line_number": 184
},
{
"type": "Secret Keyword",
"filename": "terraform/aws-ecs/terraform.tfvars.example",
"hashed_secret": "4d0d3c53f51abc7660789000a958332860aa8280",
"is_verified": false,
"line_number": 201
},
{
"type": "Secret Keyword",
"filename": "terraform/aws-ecs/terraform.tfvars.example",
"hashed_secret": "5fe9c3b9f7d89f322a2b0749e74652ec152c05c3",
"is_verified": false,
"line_number": 205
},
{
"type": "Base64 High Entropy String",
"filename": "terraform/aws-ecs/terraform.tfvars.example",
"hashed_secret": "e5575d5cd84e9e2f6620e721e2b71b88cdb47bba",
"is_verified": false,
"line_number": 234
},
{
"type": "Secret Keyword",
"filename": "terraform/aws-ecs/terraform.tfvars.example",
"hashed_secret": "c303df00cd0a72b21c62900b758b06fc541664ce",
"is_verified": false,
"line_number": 299
},
{
"type": "Secret Keyword",
"filename": "terraform/aws-ecs/terraform.tfvars.example",
"hashed_secret": "a6778f1880744bd1a342a8e3789135412d8f9da2",
"is_verified": false,
"line_number": 354
},
{
"type": "Secret Keyword",
"filename": "terraform/aws-ecs/terraform.tfvars.example",
"hashed_secret": "788b6b2bfd50bb3353254fb8a62d7388cf6f7aa6",
"is_verified": false,
"line_number": 355
}
]
},
"generated_at": "2026-03-10T06:00:15Z"
}
================================================
FILE: .semgrepignore
================================================
# Documentation - contains example credentials and test data
docs/
*.md
# Test files - contains test credentials and mock data
**/test/**
**/tests/**
*test*.py
*test*.sh
*test*.ts
*test*.js
cli/test_*.py
cli/test_*.sh
agents/*/test/
# Test configurations
docker-compose.federation-test.yml
# Reports and build artifacts - not source code
*.json
**/semgrep_report.json
**/bandit_report.json
build/
dist/
.pytest_cache/
*.log
# Node modules and dependencies
node_modules/
.venv/
venv/
ENV/
# CI/CD and generated files
.github/workflows/
*.pyc
__pycache__/
================================================
FILE: CLAUDE.md
================================================
# Claude Coding Rules
## Overview
This document contains coding standards and best practices that must be followed for all code development. These rules prioritize maintainability, simplicity, and modern Python development practices.
## Core Principles
- Write code with minimal complexity for maximum maintainability and clarity
- Choose simple, readable solutions over clever or complex implementations
- Prioritize code that any team member can confidently understand, modify, and debug
## Pull Request Evaluation
When evaluating pull requests for merge, adopt the **Merge Specialist** persona defined in [TEAM.md](TEAM.md). This persona provides comprehensive guidelines for:
- Running and verifying tests
- Assessing code quality against these standards
- Reviewing architecture and design decisions
- Checking for breaking changes
- Evaluating performance impact
- Ensuring documentation is complete
**IMPORTANT**: Before approving any PR for merge, the Merge Specialist must verify that all tests pass and no existing functionality is broken. A PR with failing tests should NEVER be approved for merge.
## Technology Stack
### Package Management
- Always use `uv` and `pyproject.toml` for package management
- Never use `pip` directly
### Modern Python Libraries
- **Data Processing**: Use `polars` instead of `pandas`
- **Web APIs**: Use `fastapi` instead of `flask`
- **Code Formatting/Linting**: Use `ruff` for both linting and formatting
- **Type Checking**: Use `mypy` - type checks have become actually useful and should be part of CI/CD
- **Performance**: Leverage modern CPython improvements - CPython is now much faster
## Code Style Guidelines
### Function Structure
- All internal/private functions must start with an underscore (`_`)
- Private functions should be placed at the top of the file, followed by public functions
- Functions should be modular, containing no more than 30-50 lines
- Use two blank lines between function definitions
- One function parameter per line for better readability
### Type Annotations
- Use clear type annotations for all function parameters
- One function parameter per line for better readability
- Use modern Python 3.10+ type hint syntax (PEP 604/585)
- Example:
```python
def process_data(
input_file: str,
output_format: str,
validate: bool = True
) -> dict[str, Any]:
pass
```
### Modern Type Hint Standards (Python 3.10+)
**IMPORTANT**: This codebase uses modern Python 3.10+ type hint syntax (PEP 604 and PEP 585). Always use built-in types instead of importing from `typing` module.
#### PEP 604: Union Types with `|`
Use `X | None` instead of `Optional[X]`:
```python
# Good - Modern syntax (Python 3.10+)
def process_data(
sample_size: int | None = None,
language: str | None = None
) -> list[dict[str, Any]]:
pass
# Avoid - Legacy syntax
from typing import Optional, List, Dict, Any
def process_data(
sample_size: Optional[int] = None,
language: Optional[str] = None
) -> List[Dict[str, Any]]:
pass
```
#### PEP 585: Built-in Generic Types
Use `list`, `dict`, `tuple`, `set` directly instead of importing from `typing`:
```python
# Good - Built-in generic types
def process_items(
data: list[dict[str, Any]],
filters: set[str],
metadata: tuple[str, int]
) -> dict[str, list[Any]]:
pass
# Avoid - typing module imports
from typing import List, Dict, Set, Tuple, Any
def process_items(
data: List[Dict[str, Any]],
filters: Set[str],
metadata: Tuple[str, int]
) -> Dict[str, List[Any]]:
pass
```
#### Type Hint Migration Examples
**Example 1: Optional Parameters**
```python
# Old style
from typing import Optional
def get_user(user_id: int, token: Optional[str] = None) -> Optional[dict]:
pass
# New style - no imports needed
def get_user(user_id: int, token: str | None = None) -> dict | None:
pass
```
**Example 2: Complex Types**
```python
# Old style
from typing import List, Dict, Optional, Tuple
def process_samples(
sample_size: Optional[int] = None,
language: Optional[str] = None
) -> List[dict]:
"""Process dataset samples.
Args:
sample_size: Number of samples. None uses default, 0 means all.
language: Language filter. None means all languages.
"""
if sample_size == 0:
return process_all()
elif sample_size is None:
sample_size = DEFAULT_SAMPLE_SIZE
return process_with_size(sample_size)
# New style - cleaner and more Pythonic
def process_samples(
sample_size: int | None = None,
language: str | None = None
) -> list[dict[str, Any]]:
"""Process dataset samples.
Args:
sample_size: Number of samples. None uses default, 0 means all.
language: Language filter. None means all languages.
"""
if sample_size == 0:
return process_all()
elif sample_size is None:
sample_size = DEFAULT_SAMPLE_SIZE
return process_with_size(sample_size)
```
**Example 3: Nested Generic Types**
```python
# Old style
from typing import Dict, List, Tuple, Optional
def get_user_data(
user_id: int
) -> Optional[Dict[str, List[Tuple[str, int]]]]:
pass
# New style - much cleaner
def get_user_data(
user_id: int
) -> dict[str, list[tuple[str, int]]] | None:
pass
```
#### Benefits of Modern Type Hints
1. **Fewer imports**: No need to import from `typing` for basic types
2. **More readable**: `X | None` is clearer than `Optional[X]`
3. **Consistent with Python evolution**: PEP 585 and PEP 604 are the future
4. **Better IDE support**: Native type inference without imports
5. **Simpler syntax**: Less typing, easier to understand
### Class Definitions with Pydantic
- Consider using Pydantic BaseModel for all class definitions to leverage validation, serialization, and other powerful features
- Pydantic provides automatic validation, type coercion, and serialization capabilities
- Use modern type hints (PEP 604/585) in Pydantic models
- Example:
```python
from pydantic import BaseModel, Field, validator
class UserConfig(BaseModel):
"""User configuration settings."""
username: str = Field(..., min_length=3, max_length=50)
email: str = Field(..., regex=r'^[\w\.-]+@[\w\.-]+\.\w+$')
timeout_seconds: int = Field(default=30, ge=1, le=300)
debug_enabled: bool = False
tags: list[str] = Field(default_factory=list)
metadata: dict[str, str] | None = None
@validator('username')
def username_alphanumeric(cls, v: str) -> str:
if not v.replace('_', '').isalnum():
raise ValueError('Username must be alphanumeric')
return v.lower()
```
### Main Function Pattern
- The main function should act as a control flow orchestrator
- Parse command line arguments and delegate to other functions
- Avoid implementing business logic directly in main()
### Command-Line Interface Design
When creating CLI applications:
1. **Use argparse with comprehensive help**:
```python
parser = argparse.ArgumentParser(
description="Clear description of what the tool does",
formatter_class=argparse.RawDescriptionHelpFormatter,
epilog="""
Example usage:
# Basic usage
uv run python -m module --param value
# With environment variable
export PARAM=value
uv run python -m module
"""
)
```
2. **Support both CLI args and environment variables**:
```python
def _get_config_value(cli_value: Optional[str] = None) -> str:
if cli_value:
return cli_value
env_value = os.getenv("CONFIG_VAR")
if env_value:
return env_value
raise ValueError("Value must be provided via --param or CONFIG_VAR env var")
```
3. **Provide sensible defaults**:
```python
parser.add_argument(
"--sample-size",
type=int,
help=f"Number of samples (default: {DEFAULT_SIZE}). Use 0 for all",
)
```
4. **Use special values for "all" options**:
```python
if sample_size == 0 or sample_size is None:
# Process entire dataset
else:
# Process sample
```
### Imports
- Write imports as multi-line imports for better readability
- Example:
```python
from .services.output_formatter import (
_display_evaluation_results,
_print_results_summary,
_check_mcp_generation_criteria
)
```
### Constants
- Don't hard code constants within functions
- For trivial constants, declare them at the top of the file:
```python
STARTUP_DELAY: int = 10
MAX_RETRIES: int = 3
```
- For many constants, create a separate `constants.py` file with a class structure
### Logging Configuration
- Always use the following logging configuration:
```python
import logging
# Configure logging with basicConfig
logging.basicConfig(
level=logging.INFO, # Set the log level to INFO
# Define log message format
format="%(asctime)s,p%(process)s,{%(filename)s:%(lineno)d},%(levelname)s,%(message)s",
)
```
### Logging Best Practices
- Add sufficient log messages throughout the code to aid in debugging and monitoring
- Don't shy away from adding debug logs using `logging.debug()` for detailed tracing
- When printing a dictionary as part of a trace message, always pretty print it:
```python
logger.info(f"Processing data:\n{json.dumps(data_dict, indent=2, default=str)}")
```
- Consider adding a `--debug` flag to the application that sets the logging level to DEBUG:
```python
if args.debug:
logging.getLogger().setLevel(logging.DEBUG)
```
### Performance Feedback
Provide users with feedback on long-running operations:
1. **Display elapsed time after completion**:
```python
start_time = time.time()
# ... perform operation ...
elapsed_time = time.time() - start_time
minutes = int(elapsed_time // 60)
seconds = elapsed_time % 60
if minutes > 0:
logger.info(f"Completed in {minutes} minutes and {seconds:.1f} seconds")
else:
logger.info(f"Completed in {seconds:.1f} seconds")
```
2. **Warn about potentially long operations**:
```python
if processing_full_dataset:
logger.warning("Processing FULL dataset. This may take a long time.")
else:
logger.info(f"Processing {sample_size} samples.")
```
3. **Show configuration at startup**:
```python
logger.info(f"Configuration: {config.model_dump()}")
```
### Performance Optimization
- Use `@lru_cache` decorator where appropriate for expensive computations
### External Resource Management
When working with external data sources (APIs, datasets, databases):
1. **Version/pin external dependencies**:
```python
# Specify exact versions or commits for reproducibility
API_VERSION = "v2"
SCHEMA_VERSION = "2024-01-15"
```
2. **Document external resources in code**:
```python
# Constants file with clear documentation
DATA_SOURCE: str = "source-name" # Documentation URL: https://...
API_ENDPOINT: str = "https://api.example.com/v1" # API docs: https://...
```
3. **Handle data filtering and edge cases gracefully**:
```python
def load_filtered_data(
filters: Dict[str, Any],
limit: Optional[int] = None
) -> List[dict]:
data = fetch_from_source()
# Apply filters with clear feedback
for key, value in filters.items():
filtered = [item for item in data if item.get(key) == value]
logger.info(f"Filter '{key}={value}': {len(data)} -> {len(filtered)} items")
data = filtered
if not data:
raise ValueError(f"No data found matching filters: {filters}")
# Handle size limits
if limit and len(data) < limit:
logger.warning(f"Only {len(data)} items available (requested: {limit})")
return data[:limit] if limit else data
```
4. **Provide actionable error messages**:
```python
if not data:
raise ValueError(
f"No data retrieved from {DATA_SOURCE}. "
f"Check connection and credentials. "
f"Documentation: {DOCS_URL}"
)
```
### Decorators and Functional Patterns
#### Guidelines for Using Decorators and Functional Patterns Appropriately
**Use Decorators When:**
- They're built-in or widely known (`@property`, `@staticmethod`, `@dataclass`)
- They have a single, clear purpose (`@login_required`, `@cache`)
- They don't change function behavior dramatically
Example - Good use of decorators:
```python
# Good - clear, single purpose
@dataclass
class User:
name: str
email: str
@lru_cache(maxsize=128)
def expensive_calculation(n: int) -> int:
return sum(i**2 for i in range(n))
```
**Use Functional Patterns When:**
- Simple transformations are clearer than loops
- You need pure functions for testing
- The functional approach is more readable
Example - Good use of functional patterns:
```python
# Good - simple and clear
numbers = [1, 2, 3, 4, 5]
squared = [n**2 for n in numbers]
evens = [n for n in numbers if n % 2 == 0]
# Good - simple map operation
names = ["alice", "bob", "charlie"]
capitalized = list(map(str.capitalize, names))
```
**Avoid When:**
- You're chaining multiple complex operations
- The code requires explaining how it works
- An entry-level developer would struggle to modify it
- You're using advanced functional programming concepts
Example - Avoid complex patterns:
```python
# Bad - too complex, hard to understand
result = reduce(lambda x, y: x + y,
filter(lambda x: x % 2 == 0,
map(lambda x: x**2, range(10))))
# Good - clear and simple
total = 0
for i in range(10):
squared = i ** 2
if squared % 2 == 0:
total += squared
```
#### Avoid Deep Nesting
- Limit nesting to 2-3 levels maximum
- Extract nested logic into well-named functions
- Use early returns to reduce nesting
Example - Reducing nesting:
```python
# Bad - too much nesting
def process_data(data):
if data:
if data.get("users"):
for user in data["users"]:
if user.get("active"):
if user.get("email"):
send_email(user["email"])
# Good - reduced nesting with early returns
def process_data(data):
if not data:
return
users = data.get("users", [])
if not users:
return
for user in users:
_process_active_user(user)
def _process_active_user(user):
if not user.get("active"):
return
email = user.get("email")
if email:
send_email(email)
```
### Code Validation
- Always run `uv run python -m py_compile <filename>` after making changes to Python files
- Always run `bash -n <filename>` after making changes to bash/shell scripts to check syntax
## Error Handling and Exceptions
### Exception Handling Principles
- Use specific exception types, avoid bare `except:` clauses
- Always log exceptions with proper context
- Fail fast and fail clearly - don't suppress errors silently
- Use custom exceptions for domain-specific errors
### Exception Pattern
```python
import logging
logger = logging.getLogger(__name__)
class DomainSpecificError(Exception):
"""Base exception for our application"""
pass
def process_data(data: dict) -> dict:
try:
# Process data
result = _validate_and_transform(data)
return result
except ValidationError as e:
logger.error(f"Validation failed for data: {e}")
raise DomainSpecificError(f"Invalid input data: {e}") from e
except Exception as e:
logger.exception("Unexpected error in process_data")
raise
```
### Error Messages
- Write clear, actionable error messages
- Include context about what was being attempted
- Suggest possible solutions when appropriate
## Testing Standards
### Testing Framework
- Use `pytest` as the primary testing framework
- Maintain minimum 80% code coverage
- Use `pytest-cov` for coverage reporting
### Test Structure
```python
import pytest
from unittest.mock import Mock, patch
class TestFeatureName:
"""Tests for feature_name module"""
def test_happy_path(self):
"""Test normal operation with valid inputs"""
# Arrange
input_data = {"key": "value"}
# Act
result = function_under_test(input_data)
# Assert
assert result["status"] == "success"
def test_edge_case(self):
"""Test boundary conditions"""
pass
def test_error_handling(self):
"""Test error scenarios"""
with pytest.raises(ValueError, match="Invalid input"):
function_under_test(None)
```
### Testing Best Practices
- Follow AAA pattern: Arrange, Act, Assert
- One assertion per test when possible
- Use descriptive test names that explain what is being tested
- Mock external dependencies
- Use fixtures for common test data
- Test both happy paths and error cases
### Running Tests Before Pull Requests
**CRITICAL**: Always run the full test suite before submitting a pull request or after completing a major feature.
#### When to Run Tests
1. **Before submitting a pull request**: All tests must pass before creating a PR
2. **After completing a major feature**: Verify no regressions were introduced
3. **After making significant refactoring changes**: Ensure existing functionality still works
4. **After updating dependencies**: Verify compatibility with new versions
#### How to Run Tests
Run the complete test suite with parallel execution:
```bash
# Run all tests in parallel (using 8 workers)
uv run pytest tests/ -n 8
# Expected output (as of 2026-01-06):
# - 701 passed
# - 57 skipped
# - Coverage: ~39.50%
# - Execution time: ~30 seconds
```
#### Test Execution Options
```bash
# Run tests serially (slower, but uses less memory)
uv run pytest tests/
# Run only unit tests
uv run pytest tests/unit/
# Run only integration tests
uv run pytest tests/integration/
# Run with verbose output
uv run pytest tests/ -n 8 -v
# Run and stop at first failure
uv run pytest tests/ -n 8 -x
# Run with coverage report
uv run pytest tests/ -n 8 --cov=registry --cov-report=term-missing
```
#### Test Prerequisites
Before running tests, ensure:
1. **MongoDB is running** (for integration tests):
```bash
docker ps | grep mongo
# Should show: mcp-mongodb running on 0.0.0.0:27017
```
2. **Test environment is configured**:
- Tests automatically set `DOCUMENTDB_HOST=localhost`
- Tests use `mongodb-ce` storage backend
- Tests use `directConnection=true` for single-node MongoDB
#### Continuous Integration
Tests run automatically via GitHub Actions when:
- Pull requests are created targeting `main` or `develop` branches
- Code is pushed to `main` or `develop` branches
See [.github/workflows/registry-test.yml](.github/workflows/registry-test.yml:7-8) for CI configuration.
#### Acceptable Test Results
- **All unit tests must pass** (no failures allowed in unit tests)
- **Integration tests**: Some tests may be skipped due to known issues
- **Coverage**: Minimum 35% coverage required (configured in pyproject.toml:87)
- **Warnings**: Minor warnings are acceptable, but investigate new warnings
#### What to Do If Tests Fail
1. Review the test failure output carefully
2. Fix the failing test(s) before submitting PR
3. Re-run tests to verify the fix
4. Never submit a PR with failing tests
5. If a test failure is unrelated to your changes, investigate and fix it or document why it should be skipped
## Async/Await Best Practices
### Async Code Structure
```python
import asyncio
from typing import List
async def fetch_data(url: str) -> dict:
"""Fetch data from URL asynchronously"""
async with aiohttp.ClientSession() as session:
async with session.get(url) as response:
return await response.json()
async def process_urls(urls: List[str]) -> List[dict]:
"""Process multiple URLs concurrently"""
tasks = [fetch_data(url) for url in urls]
return await asyncio.gather(*tasks, return_exceptions=True)
```
### Async Guidelines
- Use `async with` for async context managers
- Use `asyncio.gather()` for concurrent operations
- Handle exceptions in async code properly
- Don't mix blocking and async code
- Use `asyncio.run()` to run async functions from sync code
## Documentation Standards
### Docstring Format
Use Google-style docstrings:
```python
def calculate_metrics(
data: List[float],
threshold: float = 0.5
) -> Dict[str, float]:
"""Calculate statistical metrics for the given data.
Args:
data: List of numerical values to analyze
threshold: Minimum value to include in calculations
Returns:
Dictionary containing calculated metrics:
- mean: Average value
- std: Standard deviation
- count: Number of values above threshold
Raises:
ValueError: If data is empty or contains non-numeric values
Example:
>>> metrics = calculate_metrics([1.0, 2.0, 3.0])
>>> print(metrics['mean'])
2.0
"""
pass
```
### Documentation Requirements
- All public functions must have docstrings
- Include type hints in function signatures
- Document exceptions that can be raised
- Provide usage examples for complex functions
- Keep docstrings up-to-date with code changes
## Security Guidelines
### Input Validation
- Always validate and sanitize user inputs
- Use Pydantic models for request/response validation
- Never trust external data
### Secrets Management
```python
import os
from typing import Optional
def get_secret(key: str, default: Optional[str] = None) -> str:
"""Retrieve secret from environment variable.
Never hardcode secrets in source code.
"""
value = os.environ.get(key, default)
if value is None:
raise ValueError(f"Required secret '{key}' not found in environment")
return value
```
### Security Best Practices
- Never log sensitive information (passwords, tokens, PII)
- Use environment variables for configuration
- Validate all inputs, especially from external sources
- Use parameterized queries for database operations
- Keep dependencies updated for security patches
### Security Scanning with Bandit
- Run Bandit regularly as part of the development workflow
- Handle false positives with `# nosec` comments and clear justification
- Common patterns to handle:
```python
# When using random for ML reproducibility (not cryptography)
# This is not for security/cryptographic purposes - nosec B311
random.seed(random_seed)
samples = random.sample(dataset, size) # nosec B311
# When loading from trusted sources with version pinning
# This is acceptable for evaluation tools using well-known datasets - nosec B615
ds = load_dataset(DATASET_NAME, revision="main") # nosec B615
```
- Run security scans with: `uv run bandit -r src/`
### Server Binding Security
- When starting a server, never bind it to `0.0.0.0` unless absolutely necessary
- Prefer binding to `127.0.0.1` for local-only access
- If external access is needed, bind to the specific private IP address:
```python
# Bad - exposes to all interfaces
app.run(host="0.0.0.0", port=8000)
# Good - local only
app.run(host="127.0.0.1", port=8000)
# Good - specific private IP
import socket
private_ip = socket.gethostbyname(socket.gethostname())
app.run(host=private_ip, port=8000)
```
### Subprocess Security Guidelines
When using the `subprocess` module, follow these security patterns to prevent Bandit B603/B607 findings and avoid shell injection vulnerabilities.
#### ✅ ALWAYS Use List Form (Not String Commands)
```python
# Good - list form prevents shell injection
result = subprocess.run(
["nginx", "-s", "reload"],
capture_output=True,
text=True,
timeout=5,
)
# Bad - string form with shell=True is vulnerable to injection
result = subprocess.run("nginx -s reload", shell=True) # NEVER DO THIS
```
#### ✅ ALWAYS Add Timeout
```python
# Good - prevents DoS from hanging processes
result = subprocess.run(cmd, timeout=30, capture_output=True)
# Bad - no timeout can cause infinite hangs
result = subprocess.run(cmd, capture_output=True) # Missing timeout!
```
#### ✅ ALWAYS Handle Errors
```python
# Good - proper error handling
try:
result = subprocess.run(
cmd,
capture_output=True,
text=True,
check=True, # Raises CalledProcessError on non-zero exit
timeout=30,
)
except subprocess.TimeoutExpired:
logger.error("Command timed out")
return False
except subprocess.CalledProcessError as e:
logger.error(f"Command failed: {e.stderr}")
return False
```
#### ✅ Approved Subprocess Patterns
**Pattern 1: System Utilities (hardcoded commands)**
```python
# System commands with hardcoded paths and flags
result = subprocess.run(
["nginx", "-t"], # nosec B603 B607 - hardcoded command
capture_output=True,
text=True,
timeout=5,
)
result = subprocess.run(
["hostname", "-I"], # nosec B603 B607 - hardcoded command
capture_output=True,
text=True,
timeout=2,
)
```
**Pattern 2: Internal Scripts (controlled paths)**
```python
# Internal scripts with validated arguments
script_path = os.path.join(project_root, "scripts/generate_token.sh")
result = subprocess.run(
[script_path, validated_arg], # nosec B603 - hardcoded internal script path
capture_output=True,
text=True,
timeout=30,
cwd=working_directory,
)
```
**Pattern 3: External Tools (hardcoded flags, data as arguments)**
```python
# External tools with hardcoded flags - user data passed as arguments, not commands
cmd = ["mcp-scanner", "--format", "json", "--url", user_provided_url]
result = subprocess.run( # nosec B603 - args are hardcoded flags passed to mcp-scanner tool
cmd,
capture_output=True,
text=True,
check=True,
timeout=60,
)
```
#### ✅ Security Comment Standards for Subprocess
When suppressing Bandit warnings for subprocess calls, **always include a clear justification**:
```python
# Good - explains why it's safe
subprocess.run(
["nginx", "-s", "reload"],
...
) # nosec B603 B607 - hardcoded command
# Good - explains the security model
subprocess.run(
[script_path, arg],
...
) # nosec B603 - hardcoded internal script path
# Good - explains what's hardcoded
subprocess.run(
cmd,
...
) # nosec B603 - args are hardcoded flags passed to tool
# Bad - no justification
subprocess.run(cmd, ...) # nosec B603
```
**Valid Justification Templates:**
- `# nosec B603 B607 - hardcoded command` - for system utilities (nginx, hostname, etc.)
- `# nosec B603 - hardcoded internal script path` - for internal project scripts
- `# nosec B603 - hardcoded internal script path and flags` - when both path and flags are hardcoded
- `# nosec B603 - args are hardcoded flags passed to [tool-name]` - for external tools
#### ❌ NEVER Do These With Subprocess
```python
# NEVER use shell=True with any user input
user_cmd = f"tool --arg {user_input}"
subprocess.run(user_cmd, shell=True) # VULNERABLE TO INJECTION
# NEVER construct commands from user input
cmd = f"grep {user_search_term} file.txt" # VULNERABLE
subprocess.run(cmd, shell=True)
# NEVER skip timeout - can hang forever
subprocess.run(["long-running-command"]) # NO TIMEOUT
# NEVER ignore errors without logging
result = subprocess.run(cmd, capture_output=True)
# No error handling - failures go unnoticed
```
### SQL Security Guidelines
When working with databases, follow these patterns to prevent SQL injection vulnerabilities (Bandit B608).
#### ✅ ALWAYS Use Parameterized Queries
```python
# Good - parameterized query with placeholders
cutoff = datetime.now().isoformat()
query = "DELETE FROM table_name WHERE created_at < ?"
cursor.execute(query, (cutoff,))
# Bad - string formatting is vulnerable to SQL injection
cutoff_str = f"'{datetime.now().isoformat()}'"
query = f"DELETE FROM table_name WHERE created_at < {cutoff_str}" # VULNERABLE
cursor.execute(query)
```
#### ✅ Validate Identifiers Against Allowlists
For table names and column names that cannot be parameterized, use allowlist validation:
```python
# Define allowlists for table and column names
ALLOWED_TABLES = {"users", "metrics", "auth_logs"}
ALLOWED_COLUMNS = {"created_at", "updated_at", "timestamp"}
def validate_table_name(table: str) -> str:
"""Validate table name against allowlist."""
if table not in ALLOWED_TABLES:
raise ValueError(f"Invalid table: {table}")
return table
def validate_column_name(column: str) -> str:
"""Validate column name against allowlist."""
if column not in ALLOWED_COLUMNS:
raise ValueError(f"Invalid column: {column}")
return column
# Use validated identifiers with nosec comment
table = validate_table_name(user_provided_table)
column = validate_column_name(user_provided_column)
query = f"SELECT * FROM {table} WHERE {column} = ?" # nosec B608 - table and column validated against allowlists
cursor.execute(query, (value,))
```
#### ✅ Return Query and Parameters as Tuple
For query-building methods, return both query string and parameters:
```python
def get_cleanup_query(
table_name: str,
days: int
) -> tuple[str, tuple]:
"""Get cleanup query and parameters.
Returns:
Tuple of (query_string, parameters)
"""
# Validate table name against allowlist
table_name = validate_table_name(table_name)
# Calculate cutoff date
cutoff = (datetime.now() - timedelta(days=days)).isoformat()
# Build parameterized query
query = f"DELETE FROM {table_name} WHERE created_at < ?" # nosec B608 - table_name validated against allowlist
return query, (cutoff,)
# Use the query and parameters
query, params = get_cleanup_query("metrics", 90)
cursor.execute(query, params)
```
#### ✅ Security Comment Standards for SQL
When suppressing B608 warnings, **always document the validation**:
```python
# Good - documents allowlist validation
query = f"SELECT * FROM {table}" # nosec B608 - table name validated against allowlist
cursor.execute(query, params)
# Good - references validation function
query = f"DELETE FROM {table}" # nosec B608 - table validated by validate_table_name()
cursor.execute(query, params)
# Good - explains multiple validations
query = f"SELECT {column} FROM {table}" # nosec B608 - table and column validated against allowlists
cursor.execute(query, params)
# Bad - no justification
query = f"SELECT * FROM {table}" # nosec B608
cursor.execute(query)
```
**Valid Justification Templates:**
- `# nosec B608 - table name validated against allowlist`
- `# nosec B608 - column name validated against allowlist`
- `# nosec B608 - table and column validated against allowlists`
- `# nosec B608 - identifier validated by _validate_identifier()`
#### ❌ NEVER Do These With SQL
```python
# NEVER use string formatting for values
value = user_input
query = f"SELECT * FROM users WHERE name = '{value}'" # VULNERABLE TO SQL INJECTION
cursor.execute(query)
# NEVER concatenate user input into queries
query = "SELECT * FROM " + user_table + " WHERE id = " + user_id # VULNERABLE
cursor.execute(query)
# NEVER skip validation for identifiers
table = request.args.get('table') # No validation!
query = f"SELECT * FROM {table}" # VULNERABLE
cursor.execute(query)
# NEVER use datetime() SQL functions with interpolated values
days = user_input
query = f"DELETE FROM t WHERE created_at < datetime('now', '-{days} days')" # VULNERABLE
cursor.execute(query)
```
### Security Checklist for Code Review
When reviewing code with subprocess or SQL operations, verify:
**Subprocess Checklist:**
- [ ] Using list form (not string commands)
- [ ] No `shell=True` anywhere
- [ ] Timeout specified
- [ ] Error handling includes `TimeoutExpired` and `CalledProcessError`
- [ ] Commands are hardcoded (no dynamic construction from user input)
- [ ] `# nosec` comments include clear justifications
- [ ] Arguments passed as list elements (not interpolated into commands)
**SQL Checklist:**
- [ ] Using parameterized queries for all values
- [ ] Table and column names validated against allowlists
- [ ] No string formatting or concatenation for SQL values
- [ ] Query methods return `tuple[str, tuple]`
- [ ] `# nosec` comments document validation method
- [ ] No datetime() SQL functions with interpolated parameters
## Development Workflow
### Recommended Development Tools
- **Ruff**: For linting and formatting (replaces multiple tools like isort and many flake8 plugins)
- **Bandit**: For security vulnerability scanning
- **MyPy**: For type checking
- **Pytest**: For testing
### Pre-commit Workflow
#### Option 1: Automated Pre-commit Hooks (Recommended)
Install pre-commit hooks to automatically run checks before each commit:
```bash
# Install pre-commit (one-time setup)
uv pip install pre-commit
# Install the git hooks (one-time per repo clone)
pre-commit install
# Now all checks run automatically on git commit
git add file.py
git commit -m "Your message" # Hooks run automatically
# Run hooks manually on all files
pre-commit run --all-files
```
**What runs automatically:**
- ✅ Ruff linter with auto-fixes
- ✅ Ruff formatter (PEP 604/585 modernization)
- ✅ Trailing whitespace removal
- ✅ End-of-file fixes
- ✅ YAML/JSON validation
- ✅ Bandit security scan
- ✅ MyPy type checking
- ✅ Fast unit tests
- ✅ Python/shell syntax checks
#### Option 2: Manual Workflow
Before committing code, run these checks in order:
```bash
# 1. Format and lint with auto-fixes
uv run ruff check --fix . && uv run ruff format .
# 2. Security scanning
uv run bandit -r src/
# 3. Type checking
uv run mypy src/
# 4. Run tests
uv run pytest
# Or run all checks in one command:
uv run ruff check --fix . && uv run ruff format . && uv run bandit -r src/ && uv run mypy src/ && uv run pytest
```
### Code Formatting Standards
**Ruff Configuration**: This project uses ruff for formatting with the following key settings (see `pyproject.toml`):
- **Target Python**: 3.10+ (enables PEP 604/585)
- **Line Length**: 100 characters
- **Type Hint Modernization**: Automatic via ruff rules:
- `UP006`: Use PEP 585 built-in generics (`list`, `dict`, `tuple`)
- `UP007`: Use PEP 604 union syntax (`X | Y` instead of `Union[X, Y]`)
- `UP037`: Remove quotes from type annotations
- `I001`: Auto-sort imports (isort compatible)
**Formatting automatically handles:**
- Type hint modernization (PEP 604/585)
- Import organization (stdlib, third-party, local)
- Trailing whitespace removal
- Consistent indentation (4 spaces)
- Line length enforcement
- Docstring formatting
**Example ruff modernizations:**
```python
# Before ruff format
from typing import Optional, List, Dict
def func(x: Optional[List[Dict]]) -> Optional[str]: pass
# After ruff format (automatic)
def func(x: list[dict] | None) -> str | None: pass
```
### Adding Development Dependencies
```bash
# Add development dependencies
uv add --dev ruff mypy bandit pytest pytest-cov pre-commit
```
## Dependency Management
### Project Configuration
Always specify Python version in `pyproject.toml` to avoid warnings:
```toml
[project]
name = "project-name"
version = "0.1.0"
description = "Project description"
requires-python = ">=3.14" # Always specify this!
dependencies = [
# ... dependencies
]
```
### Version Pinning
In `pyproject.toml`:
```toml
[project]
dependencies = [
"fastapi>=0.100.0,<0.200.0", # Minor version flexibility
"pydantic==2.5.0", # Exact version for critical dependencies
"polars>=0.19.0", # Minimum version only
]
[tool.uv]
dev-dependencies = [
"pytest>=7.0.0",
"ruff>=0.1.0",
"mypy>=1.0.0",
"bandit>=1.7.0",
]
```
### Dependency Guidelines
- Pin exact versions for critical dependencies
- Use version ranges for stable libraries
- Separate dev dependencies from runtime dependencies
- Regularly update dependencies for security patches
- Document why specific versions are pinned
## Project Structure
### Standard Layout
```
project_name/
├── src/
│ └── project_name/
│ ├── __init__.py
│ ├── main.py
│ ├── models/
│ │ ├── __init__.py
│ │ └── domain.py
│ ├── services/
│ │ ├── __init__.py
│ │ └── business_logic.py
│ ├── api/
│ │ ├── __init__.py
│ │ └── endpoints.py
│ └── utils/
│ ├── __init__.py
│ └── helpers.py
├── tests/
│ ├── __init__.py
│ ├── conftest.py
│ ├── unit/
│ └── integration/
├── scripts/
│ └── deploy.sh
├── docs/
├── pyproject.toml
├── README.md
└── .env.example
```
### Module Organization
- Keep related functionality together
- Use clear, descriptive module names
- Avoid circular imports
- Keep modules focused on a single responsibility
### Comprehensive .gitignore
Ensure your `.gitignore` includes all necessary entries:
```gitignore
# Python
__pycache__/
*.py[cod]
*$py.class
*.so
.Python
build/
dist/
*.egg-info/
*.egg
# Virtual environments
.env
.venv
env/
venv/
ENV/
# Testing and linting caches
.ruff_cache/
.mypy_cache/
.pytest_cache/
.coverage
htmlcov/
# Security reports
bandit_report.json
# IDE
.vscode/
.idea/
*.swp
*.swo
# OS
.DS_Store
Thumbs.db
# Project specific
*.csv # Or specific output files
.scratchpad/
logs/
output/
# AWS
.aws/
```
## Scratchpad for Planning & Design
The `.scratchpad/` folder contains intermediate and temporary documents used during development that are not meant for long-term storage or committed to the repository.
**Contents:**
- Design discussions and architecture sketches
- Todo lists and task planning documents
- GitHub issue creation planning
- LinkedIn posts and social media drafts
- Session notes and decision logs
- Meeting minutes and action items
- Prototype diagrams and brainstorming documents
- Any other context-specific content created during active work
**Important:**
- `.scratchpad/` is in `.gitignore` and will NOT be committed
- These files are temporary and may be deleted at any time
- Only relevant within the context of current work sessions
- Not suitable for documentation or long-term reference
- Use for active planning, not for finalized documentation
**Naming Convention:**
- Design files: `design-feature-name.md` or `design-YYYY-MM-DD.md`
- Planning files: `plan-feature-name.md` or `task-status.md`
- Drafts: `draft-linkedin-post.md`, `draft-github-issue.md`
- Notes: `session-notes-YYYY-MM-DD.md`, `meeting-minutes.md`
- Sub-tasks: `sub-tasks-issue-NUMBER-feature-name.md`
## Environment Configuration
### Environment Variables
```python
from pydantic import BaseSettings
from typing import Optional
class Settings(BaseSettings):
"""Application settings from environment variables."""
app_name: str = "MyApp"
debug: bool = False
database_url: str
api_key: str
redis_url: Optional[str] = None
class Config:
env_file = ".env"
env_file_encoding = "utf-8"
case_sensitive = False
# Global settings instance
settings = Settings()
```
### Configuration Best Practices
- Use Pydantic Settings for type-safe configuration
- Provide `.env.example` with all required variables
- Never commit `.env` files to version control
- Document all environment variables
- Use sensible defaults where appropriate
## Data Validation with Pydantic
### Model Definition
```python
from pydantic import BaseModel, Field, validator
from typing import Optional
from datetime import datetime
class UserRequest(BaseModel):
"""User creation request model."""
username: str = Field(..., min_length=3, max_length=50)
email: str = Field(..., regex=r'^[\w\.-]+@[\w\.-]+\.\w+$')
age: Optional[int] = Field(None, ge=0, le=150)
created_at: datetime = Field(default_factory=datetime.utcnow)
@validator('username')
def username_alphanumeric(cls, v: str) -> str:
if not v.replace('_', '').isalnum():
raise ValueError('Username must be alphanumeric')
return v.lower()
class Config:
json_schema_extra = {
"example": {
"username": "john_doe",
"email": "john@example.com",
"age": 25
}
}
```
### Validation Guidelines
- Use Pydantic for all API request/response models
- Define clear validation rules with Field()
- Use custom validators for complex logic
- Provide examples in model configuration
- Return validation errors with clear messages
## Platform Naming
- Always refer to the service as "Amazon Bedrock" (never "AWS Bedrock")
## GitHub Commit and Pull Request Guidelines
- Never include auto-generated messages like "🤖 Generated with [Claude Code]"
- Never include "Co-Authored-By: Claude <noreply@anthropic.com>"
- Keep commit messages clean and professional
- When creating pull requests, do not include Claude Code attribution or generation messages
- Pull request descriptions should be professional and focus on the technical changes
## Documentation Guidelines
- Never add emojis to README.md files in repositories
- Keep README files professional and emoji-free
### Emoji Usage Guidelines
- **Code**: Absolutely no emojis in source code, comments, or docstrings
- **Documentation**: Avoid emojis in all documentation files (.md, .rst, etc.)
- **Log Messages**: Use plain text only for log messages - no emojis
- **Shell Scripts**: Avoid emojis in shell scripts - prefer plain text status messages
- **Comments**: Use clear, descriptive text instead of emojis in code comments
**Rationale**: Emojis can cause encoding issues, reduce accessibility, appear unprofessional in enterprise environments, and may not render consistently across different systems and terminals.
### README Best Practices
A well-structured README should include:
1. **Prerequisites Section**: List external dependencies and setup requirements
```markdown
## Prerequisites
- Python 3.14+
- AWS credentials configured
- Amazon Bedrock Guardrail with sensitive information filters
```
2. **Links to External Resources**: Provide links to datasets, documentation, and services
```markdown
- Evaluate performance on the [dataset-name](https://link-to-dataset)
- See [AWS documentation](https://docs.aws.amazon.com/...) for setup
```
3. **Clear Command Examples**: Show all command-line options with examples
```markdown
## Usage
# Basic usage
uv run python -m module_name --required-param value
# With all options
uv run python -m module_name --param1 value1 --param2 value2
# Using environment variables
export CONFIG_VAR=value
uv run python -m module_name
```
4. **Development Workflow**: Include a section on development practices
```markdown
## Development Workflow
# Run all checks before committing
uv run ruff check --fix . && uv run ruff format . && uv run bandit -r src/
```
5. **Performance Warnings**: Alert users about time-intensive operations
```markdown
# Evaluate full dataset (warning: this may take a long time)
uv run python -m module_name --sample-size 0
```
## Project Notes and Planning Guidelines
### Scratchpad Usage
- Always create and maintain a `.scratchpad/` folder in each project root for temporary markdown files, task status, and planning documents
- Add `.scratchpad/` to the project's `.gitignore` file to keep notes local
- Use this folder to store:
- Technical analysis and findings (`analysis-YYYY-MM-DD.md`)
- Implementation plans and strategies (`plan-feature-name.md`)
- Code refactoring ideas (`refactor-component-name.md`)
- Architecture decisions and considerations (`architecture-decisions.md`)
- Development progress and next steps (`progress-notes.md`)
- Task status and temporary working documents
### Plan Documentation Process
1. **Default Behavior**: When asked to create plans, create individual markdown files in `.scratchpad/` folder
2. **File Naming**: Use descriptive names with dates when relevant:
- `plan-agent-refactoring-2024-07-31.md`
- `analysis-memory-system.md`
- `task-status-current.md`
3. **Organization**: Each file should have clear headings, timestamps, and be self-contained
### Scratchpad Folder Structure Example
```
project_root/
├── .scratchpad/
│ ├── plan-agent-refactoring-2024-07-31.md
│ ├── analysis-hardcoded-names.md
│ ├── task-status-current.md
│ ├── architecture-decisions.md
│ └── progress-notes.md
├── .gitignore # Contains .scratchpad/
└── ... other project files
```
### Individual File Structure Example
```markdown
# Agent Name Refactoring Plan
*Created: 2024-07-31*
## Investigation Summary
- Found hardcoded constants in multiple files
- Plan to centralize in constants.py
## Implementation Strategy
- Phase 1: Extend constants
- Phase 2: Update core infrastructure
- [Detailed steps follow...]
## Next Steps
- [ ] Implement constants centralization
- [ ] Create utility methods
```
## Docker Build and Deployment
When building and pushing Docker containers, create a shell script following this pattern:
```bash
#!/bin/bash
# Exit on error
set -e
# Get the directory where this script is located
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
PARENT_DIR="$(dirname "$SCRIPT_DIR")"
# Configuration
AWS_REGION="${AWS_REGION:-us-east-1}"
ECR_REPO_NAME="your_app_name"
AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
ECR_REPO_URI="$AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$ECR_REPO_NAME"
# Login to Amazon ECR
echo "Logging in to Amazon ECR..."
aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin "$AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com"
# Create repository if it doesn't exist
echo "Creating ECR repository if it doesn't exist..."
aws ecr describe-repositories --repository-names "$ECR_REPO_NAME" --region "$AWS_REGION" || \
aws ecr create-repository --repository-name "$ECR_REPO_NAME" --region "$AWS_REGION"
# Build the Docker image
echo "Building Docker image..."
docker build -f "$PARENT_DIR/Dockerfile" -t "$ECR_REPO_NAME" "$PARENT_DIR"
# Tag the image
echo "Tagging image..."
docker tag "$ECR_REPO_NAME":latest "$ECR_REPO_URI":latest
# Push the image to ECR
echo "Pushing image to ECR..."
docker push "$ECR_REPO_URI":latest
echo "Successfully built and pushed image to:"
echo "$ECR_REPO_URI:latest"
# Save the container URI to a file for reference
echo "$ECR_REPO_URI:latest" > "$SCRIPT_DIR/.container_uri"
```
### Docker Script Best Practices
- Always use `set -e` to exit on error
- Use environment variables for configuration with sensible defaults
- Login to ECR before pushing
- Create ECR repository if it doesn't exist
- Use clear echo statements to show progress (avoid emojis for compatibility)
- Save container URI to a file for reference by other scripts
### ARM64 Support
For ARM64 builds, add QEMU setup:
```bash
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
DOCKER_BUILDKIT=0 docker build -f "$PARENT_DIR/Dockerfile" -t "$ECR_REPO_NAME" "$PARENT_DIR"
```
## GitHub Issue Management
### Label Management Best Practices
When creating GitHub issues:
1. **Check Available Labels First**: Always get a list of available labels for the repository before creating issues
```bash
gh label list
```
2. **Use Only Existing Labels**: Only apply labels that already exist in the repository to avoid errors during issue creation
3. **Suggest New Labels**: If you believe a new label would be beneficial, make a suggestion in the issue description or as a separate comment, but don't attempt to add non-existent labels during issue creation
4. **Label Application**: Apply labels that are available and relevant to the issue type and scope
**Example Workflow**:
```bash
# First check available labels
gh label list
# Create issue with only existing labels
gh issue create --title "..." --body-file "..." --label "enhancement,bug"
# If new labels are needed, suggest them in issue comments
gh issue comment 123 --body "Suggest adding 'agentcore' label for AgentCore-related issues"
```
## Summary
These guidelines ensure consistent, maintainable, and modern Python code. Key principles:
- **Simplicity First**: Write code maintainable by entry-level developers
- **Modern Python**: Use Python 3.10+ features (PEP 604/585 type hints)
- **Automated Quality**: Use pre-commit hooks for consistent formatting
- **Security**: Follow subprocess and SQL security patterns
- **Type Safety**: Clear type annotations with modern syntax
Always prioritize simplicity and clarity over cleverness.
## Federated Registry Implementation Workflow
When implementing the federated registry feature, follow this 3-agent workflow for each sub-feature:
### Agent Roles
1. **Writer Agent** - Implement code following CLAUDE.md standards
2. **Reviewer Agent** - Analyze time/space complexity, evaluate trade-offs, check production readiness
3. **Tester Agent** - Write property-based tests, integration tests, validate acceptance criteria
### Workflow Per Sub-Feature
1. Writer Agent implements all tasks
2. Reviewer Agent analyzes and suggests improvements
3. Writer Agent addresses reviewer suggestions
4. Tester Agent writes tests and validates
5. Update plan if new scope discovered
6. Final validation before marking complete
### Quality Gates
- All acceptance criteria verified with tests
- Reviewer approved production readiness
- Property-based tests cover invariants
- No TODO or FIXME left unaddressed
- Code compiles without warnings
- Existing tests still pass
================================================
FILE: CODE_OF_CONDUCT.md
================================================
## Code of Conduct
This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
opensource-codeofconduct@amazon.com with any additional questions or comments.
================================================
FILE: CONTRIBUTING.md
================================================
# Contributing Guidelines
Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional
documentation, we greatly value feedback and contributions from our community.
Please read through this document before submitting any issues or pull requests to ensure we have all the necessary
information to effectively respond to your bug report or contribution.
## Reporting Bugs/Feature Requests
We welcome you to use the GitHub issue tracker to report bugs or suggest features.
When filing an issue, please check existing open, or recently closed, issues to make sure somebody else hasn't already
reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
* A reproducible test case or series of steps
* The version of our code being used
* Any modifications you've made relevant to the bug
* Anything unusual about your environment or deployment
## Contributing via Pull Requests
Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
1. You are working against the latest source on the *main* branch.
2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
To send us a pull request, please:
1. Fork the repository.
2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change.
3. Ensure local tests pass.
4. Commit to your fork using clear commit messages.
5. Send us a pull request, answering any default questions in the pull request interface.
6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and
[creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
## Finding contributions to work on
Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted' issues is a great place to start.
## Code of Conduct
This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
opensource-codeofconduct@amazon.com with any additional questions or comments.
## Security issue notifications
If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
## Licensing
See the [LICENSE](LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
================================================
FILE: DEV_INSTRUCTIONS.md
================================================
# Getting Started
## Prerequisite Reading
**READ THIS FIRST:** [CONTRIBUTING.md](CONTRIBUTING.md)
Before you start contributing, please review the project's contribution guidelines.
## Setup Instructions for Contributors
### Step 1: Choose Your Development Environment
We recommend the fastest option to get started:
#### Option A: macOS Setup (Fastest ⚡)
Complete this setup guide first:
- [macOS Setup Guide](macos-setup-guide.md)
- Time to first run: ~30 minutes
#### Option B: EC2 Complete Configuration (Preferred for Server Setup)
If working on EC2 or a Linux server, complete this guide first:
- [Complete Configuration Guide](complete-configuration-guide.md)
- Time to first run: ~60 minutes
## Before You Start Coding
### 1. Ask Your Coding Assistant to Read Documentation
Before making any code changes, ask your AI coding assistant to read:
**LLM/AI Documentation (Critical for understanding the project):**
- [docs/llms.txt](docs/llms.txt)
**Coding Standards and Guidelines:**
- [CLAUDE.md](CLAUDE.md) - Project-specific coding standards
### 2. Review the CLAUDE.md File
This project uses [CLAUDE.md](CLAUDE.md) for coding standards. The file is already included in the repository root - make sure to review it before contributing.
## Testing Your Changes
Before submitting a pull request, you must run and pass the test suite:
### Quick Start Testing
```bash
# Generate fresh credentials (tokens expire in 5 minutes)
./credentials-provider/generate_creds.sh
# Run tests locally (skip production for fast iteration)
./tests/run_all_tests.sh --skip-production
```
### For PR Merge (REQUIRED)
```bash
# Full test suite including production tests
./tests/run_all_tests.sh
# All tests must pass (0 failures) before merging
```
### Understanding the Tests
See the comprehensive testing documentation:
- **[tests/README.md](tests/README.md)** - Start here! Navigation guide with access control overview
- **[tests/TEST_QUICK_REFERENCE.md](tests/TEST_QUICK_REFERENCE.md)** - Quick reference for how-to guides
- **[tests/lob-bot-access-control-testing.md](tests/lob-bot-access-control-testing.md)** - Access control test details
- **[auth_server/scopes.yml](auth_server/scopes.yml)** - Permission definitions (admin, LOB1, LOB2)
### Common Testing Workflows
**Agent CRUD Testing:**
```bash
./credentials-provider/generate_creds.sh
bash tests/agent_crud_test.sh
```
**Access Control Testing (LOB Bots):**
```bash
./keycloak/setup/generate-agent-token.sh admin-bot
./keycloak/setup/generate-agent-token.sh lob1-bot
./keycloak/setup/generate-agent-token.sh lob2-bot
bash tests/run-lob-bot-tests.sh
```
**Check Test Logs:**
```bash
ls -lh /tmp/*_*.log
grep -i "error\|fail" /tmp/*.log
```
## Fork and Contribute
### Repository Access
**Important:** There is no direct access to this repository. To contribute:
1. **Fork the repository on GitHub**
```
https://github.com/agentic-community/mcp-gateway-registry
```
2. **Clone your fork locally**
```bash
git clone https://github.com/YOUR-USERNAME/mcp-gateway-registry.git
cd mcp-gateway-registry
```
3. **Create a feature branch**
```bash
git checkout -b feat/your-feature-name
```
4. **Make your changes** following the coding standards in CLAUDE.md
5. **Commit and push to your fork**
```bash
git push origin feat/your-feature-name
```
6. **Create a Pull Request** to the main repository
- Use a clear, descriptive PR title
- Reference any related issues
- Include test results and screenshots if applicable
## Development Checklist
Before submitting a pull request:
- [ ] Completed one of the setup guides (macOS or EC2)
- [ ] Read docs/llms.txt
- [ ] Read CLAUDE.md (coding standards)
- [ ] Code follows project conventions (use ruff, mypy, pytest)
- [ ] Generated fresh credentials: `./credentials-provider/generate_creds.sh`
- [ ] Local tests pass: `./tests/run_all_tests.sh --skip-production`
- [ ] PR merge tests pass: `./tests/run_all_tests.sh` (all tests must pass)
- [ ] Reviewed test documentation: [tests/README.md](tests/README.md)
- [ ] Changes are pushed to a fork, not directly to this repo
- [ ] Pull request is created with clear description
## Questions?
- Check the [CONTRIBUTING.md](CONTRIBUTING.md) file for more details
- Review existing PRs to see contribution patterns
- Ask your coding assistant to review the documentation with you
Happy coding! 🚀
================================================
FILE: Dockerfile
================================================
# Use an official Python runtime as a parent image
FROM python:3.14-slim
# Set environment variables to prevent interactive prompts during installation
ENV PYTHONUNBUFFERED=1 \
PIP_NO_CACHE_DIR=1 \
DEBIAN_FRONTEND=noninteractive
# Install system dependencies including nginx with lua module
RUN apt-get update && apt-get install -y --no-install-recommends \
nginx \
nginx-extras \
lua-cjson \
curl \
procps \
openssl \
git \
build-essential \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Set the working directory in the container
WORKDIR /app
# Copy the application code
COPY . /app/
# Copy nginx configurations (both HTTP-only and HTTP+HTTPS versions)
COPY docker/nginx_rev_proxy_http_only.conf /app/docker/nginx_rev_proxy_http_only.conf
COPY docker/nginx_rev_proxy_http_and_https.conf /app/docker/nginx_rev_proxy_http_and_https.conf
# Copy custom error pages for nginx
COPY docker/502.html /usr/share/nginx/html/502.html
# Make the entrypoint script executable
COPY docker/entrypoint.sh /app/docker/entrypoint.sh
RUN chmod +x /app/docker/entrypoint.sh
# Create nginx lua directories and remove default sites (needed by entrypoint script)
RUN mkdir -p /etc/nginx/lua/virtual_mappings && \
rm -f /etc/nginx/sites-enabled/default /etc/nginx/sites-available/default && \
mkdir -p /var/lib/nginx/body /var/lib/nginx/proxy /var/lib/nginx/fastcgi /var/lib/nginx/uwsgi /var/lib/nginx/scgi && \
mkdir -p /var/log/nginx && \
mkdir -p /run/nginx
# Expose ports for Nginx (HTTP/HTTPS on high ports for non-root) and the Registry
EXPOSE 8080 8443 7860
# Define environment variables for registry/server configuration (can be overridden at runtime)
# Provide sensible defaults or leave empty if they should be explicitly set
ARG BUILD_VERSION="1.0.0"
ARG SECRET_KEY=""
ARG POLYGON_API_KEY=""
ENV BUILD_VERSION=$BUILD_VERSION
ENV SECRET_KEY=$SECRET_KEY
ENV POLYGON_API_KEY=$POLYGON_API_KEY
# Add health check using the new HTTP endpoint
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
CMD curl -f http://localhost:7860/health || exit 1
# Create non-root user for security (CIS Docker Benchmark 4.1)
RUN groupadd -g 1000 appuser && useradd -u 1000 -g appuser appuser
# Create security scan directories and certs directory with proper permissions
RUN mkdir -p /app/security_scans /app/skill_security_scans /app/agent_security_scans /app/certs && \
chown -R appuser:appuser /app/security_scans /app/skill_security_scans /app/agent_security_scans /app/certs
# Set ownership of application files, nginx configs, and entrypoint
RUN chown -R appuser:appuser /app /etc/nginx /var/log/nginx /var/lib/nginx /run/nginx /app/docker/entrypoint.sh
# Switch to non-root user
USER appuser
# Run the entrypoint script when the container launches
ENTRYPOINT ["/app/docker/entrypoint.sh"]
================================================
FILE: LICENSE
================================================
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following
gitextract_s_yfwmf8/
├── .bandit
├── .claudeignore
├── .dockerignore
├── .env.example
├── .github/
│ └── workflows/
│ ├── auth-server-test.yml
│ ├── build-auth-server.yml
│ ├── build-mcpgw.yml
│ ├── build-registry.yml
│ ├── docs.yml
│ ├── helm-chart-update.yml
│ ├── helm-release-retag.yml
│ ├── helm-test.yml
│ ├── metrics-service-test.yml
│ ├── registry-test.yml
│ ├── release-images.yml
│ └── terraform-test.yml
├── .gitignore
├── .pre-commit-config.yaml
├── .secrets.baseline
├── .semgrepignore
├── CLAUDE.md
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── DEV_INSTRUCTIONS.md
├── Dockerfile
├── LICENSE
├── Makefile
├── NOTICE
├── README.md
├── SECURITY.md
├── agents/
│ ├── a2a/
│ │ ├── .dockerignore
│ │ ├── .env.example
│ │ ├── .gitignore
│ │ ├── README.md
│ │ ├── deploy_live.sh
│ │ ├── deploy_local.sh
│ │ ├── docker-compose.arm.yml
│ │ ├── docker-compose.local.yml
│ │ ├── pyproject.toml
│ │ ├── shutdown_local.sh
│ │ ├── src/
│ │ │ ├── flight-booking-agent/
│ │ │ │ ├── Dockerfile
│ │ │ │ ├── __init__.py
│ │ │ │ ├── agent.py
│ │ │ │ ├── database.py
│ │ │ │ ├── dependencies.py
│ │ │ │ ├── env_settings.py
│ │ │ │ └── tools.py
│ │ │ └── travel-assistant-agent/
│ │ │ ├── Dockerfile
│ │ │ ├── __init__.py
│ │ │ ├── agent.py
│ │ │ ├── database.py
│ │ │ ├── dependencies.py
│ │ │ ├── env_settings.py
│ │ │ ├── models.py
│ │ │ ├── registry_discovery_client.py
│ │ │ ├── remote_agent_client.py
│ │ │ ├── server.py
│ │ │ └── tools.py
│ │ └── test/
│ │ ├── agent_discovery_test.py
│ │ ├── agent_simple_test.py
│ │ ├── check_agent_cards.sh
│ │ ├── flight_booking_agent_card.json
│ │ ├── simple_agents_test.py
│ │ └── travel_assistant_agent_card.json
│ ├── agent.py
│ ├── cli_user_auth.py
│ ├── client.py
│ ├── registry_client.py
│ └── system_prompt.txt
├── api/
│ ├── .gitignore
│ ├── README.md
│ ├── USER-GROUP-MANAGEMENT.md
│ ├── get-m2m-token.sh
│ ├── populate-registry.sh
│ ├── registry_client.py
│ ├── registry_management.py
│ ├── test-management-api-e2e.md
│ ├── test-management-api-e2e.sh
│ └── test-mcp-client.sh
├── auth_server/
│ ├── __init__.py
│ ├── cognito_utils.py
│ ├── metrics_middleware.py
│ ├── mongodb_groups_enrichment.py
│ ├── oauth2_providers.yml
│ ├── providers/
│ │ ├── __init__.py
│ │ ├── auth0.py
│ │ ├── base.py
│ │ ├── cognito.py
│ │ ├── entra.py
│ │ ├── factory.py
│ │ ├── keycloak.py
│ │ └── okta.py
│ ├── pyproject.toml
│ ├── scopes.yml
│ ├── scopes.yml.backup
│ └── server.py
├── build-config.yaml
├── build_and_run.sh
├── charts/
│ ├── README.md
│ ├── auth-server/
│ │ ├── Chart.yaml
│ │ ├── templates/
│ │ │ ├── configmap-app-log.yaml
│ │ │ ├── deployment.yaml
│ │ │ ├── ingress.yaml
│ │ │ ├── secret.yaml
│ │ │ └── service.yaml
│ │ └── values.yaml
│ ├── keycloak-configure/
│ │ ├── Chart.yaml
│ │ ├── templates/
│ │ │ ├── configmap.yaml
│ │ │ ├── job.yaml
│ │ │ ├── role.yaml
│ │ │ ├── rolebinding.yaml
│ │ │ ├── sa.yaml
│ │ │ └── secret.yaml
│ │ └── values.yaml
│ ├── mcp-gateway-registry-stack/
│ │ ├── Chart.yaml
│ │ ├── README.md
│ │ ├── templates/
│ │ │ ├── _helpers.tpl
│ │ │ ├── keycloak-admin-secret.yaml
│ │ │ ├── keycloak-ingress-patch.yaml
│ │ │ ├── keycloak-pg-secret.yaml
│ │ │ ├── mongodb-cluster.yaml
│ │ │ ├── mongodb-secret.yaml
│ │ │ ├── oauth-provider-secret.yaml
│ │ │ ├── shared-secret.yaml
│ │ │ └── version-configmap.yaml
│ │ └── values.yaml
│ ├── mcpgw/
│ │ ├── Chart.yaml
│ │ ├── templates/
│ │ │ ├── deployment.yaml
│ │ │ ├── ingress.yaml
│ │ │ ├── secret.yaml
│ │ │ └── service.yaml
│ │ └── values.yaml
│ ├── mongodb-configure/
│ │ ├── Chart.yaml
│ │ ├── templates/
│ │ │ ├── configmap.yaml
│ │ │ ├── job.yaml
│ │ │ └── secret.yaml
│ │ └── values.yaml
│ └── registry/
│ ├── Chart.yaml
│ ├── templates/
│ │ ├── configmap-app-log.yaml
│ │ ├── configmap-otel.yaml
│ │ ├── deployment.yaml
│ │ ├── ingress.yaml
│ │ ├── secret.yaml
│ │ └── service.yaml
│ └── values.yaml
├── cli/
│ ├── agent_mgmt.py
│ ├── agent_mgmt.sh
│ ├── agentcore/
│ │ ├── __init__.py
│ │ ├── __main__.py
│ │ ├── discovery.py
│ │ ├── models.py
│ │ ├── registration.py
│ │ ├── sync.py
│ │ └── token_refresher.py
│ ├── anthropic_transformer.py
│ ├── bin/
│ │ └── registry.js
│ ├── bootstrap_user_and_m2m_setup.sh
│ ├── examples/
│ │ ├── README.md
│ │ ├── airegistry.json
│ │ ├── aws-kb-server.json
│ │ ├── cloudflare-docs-server-config.json
│ │ ├── code_reviewer_agent.json
│ │ ├── complete-agent-example.json
│ │ ├── complete-server-example.json
│ │ ├── context7-server-config.json
│ │ ├── context7-v2-server-config.json
│ │ ├── currenttime-users.json
│ │ ├── currenttime-v2.json
│ │ ├── currenttime.json
│ │ ├── data_analysis_agent.json
│ │ ├── devops_deployment_agent.json
│ │ ├── documentation_agent.json
│ │ ├── federation-config-agentcore-example.json
│ │ ├── federation-config-example.json
│ │ ├── flight_booking_agent_card.json
│ │ ├── flight_booking_agent_ecs.json
│ │ ├── geospatial_route_planner_agent.json
│ │ ├── invalid-config.json
│ │ ├── jewel_homes_support_agent_card.json
│ │ ├── minimal-server-config.json
│ │ ├── peer-registry-lob-1.json.example
│ │ ├── public-mcp-users.json
│ │ ├── realserverfaketools.json
│ │ ├── security_analyzer_agent.json
│ │ ├── server-config.json
│ │ ├── test-peer-config.json
│ │ ├── test-timing-server.json
│ │ ├── test_automation_agent.json
│ │ ├── test_code_reviewer_agent.json
│ │ ├── tourist_guide_agent_card.json
│ │ ├── travel_assistant_agent_card.json
│ │ ├── travel_assistant_agent_ecs.json
│ │ ├── virtual-server-combined-example.json
│ │ ├── virtual-server-scoped-example.json
│ │ ├── virtual-server-scoped-users.json
│ │ └── working_agent.json
│ ├── get_user_token.py
│ ├── import_from_anthropic_registry.sh
│ ├── import_server_list.txt
│ ├── mcp_client.py
│ ├── mcp_security_scanner.py
│ ├── mcp_utils.py
│ ├── package.json
│ ├── registry_cli_wrapper.py
│ ├── scan_all_servers.py
│ ├── service_mgmt.sh
│ ├── src/
│ │ ├── agent/
│ │ │ ├── agentRunner.ts
│ │ │ ├── anthropicClient.ts
│ │ │ ├── bedrockClient.ts
│ │ │ ├── modelClient.ts
│ │ │ └── tools.ts
│ │ ├── app.tsx
│ │ ├── auth.ts
│ │ ├── chat/
│ │ │ ├── commandParser.ts
│ │ │ └── taskInterpreter.ts
│ │ ├── commands/
│ │ │ └── executor.ts
│ │ ├── components/
│ │ │ ├── Banner.tsx
│ │ │ ├── CallToolForm.tsx
│ │ │ ├── CommandSuggestions.tsx
│ │ │ ├── JsonViewer.tsx
│ │ │ ├── MultiStepForm.tsx
│ │ │ ├── StatusMessage.tsx
│ │ │ ├── TaskRunner.tsx
│ │ │ ├── TokenFileEditor.tsx
│ │ │ ├── TokenStatusFooter.tsx
│ │ │ └── UrlEditor.tsx
│ │ ├── index.tsx
│ │ ├── parseArgs.ts
│ │ ├── paths.ts
│ │ ├── runtime/
│ │ │ ├── mcp.ts
│ │ │ ├── pythonClient.ts
│ │ │ └── script.ts
│ │ ├── tasks/
│ │ │ ├── index.ts
│ │ │ └── types.ts
│ │ ├── types/
│ │ │ └── mcp.ts
│ │ └── utils/
│ │ ├── commands.ts
│ │ ├── cost.json
│ │ ├── costCalculator.ts
│ │ ├── docsReader.ts
│ │ ├── markdown.ts
│ │ └── tokenRefresh.ts
│ ├── sync_okta_m2m.py
│ ├── test_a2a_agents.py
│ ├── test_anthropic_api.py
│ ├── test_asor_complete.py
│ ├── tsconfig.json
│ └── user_mgmt.sh
├── config/
│ ├── grafana/
│ │ ├── dashboards/
│ │ │ ├── dashboard.yml
│ │ │ └── mcp-analytics-comprehensive.json
│ │ └── datasources/
│ │ └── prometheus.yml
│ └── prometheus.yml
├── credentials-provider/
│ ├── add_noauth_services.py
│ ├── agentcore-auth/
│ │ ├── .env.example
│ │ ├── README.md
│ │ └── get_m2m_token.py
│ ├── auth0/
│ │ ├── README.md
│ │ ├── __init__.py
│ │ └── get_m2m_token.py
│ ├── check_and_refresh_creds.sh
│ ├── entra/
│ │ ├── __init__.py
│ │ └── get_m2m_token.py
│ ├── generate_creds.sh
│ ├── keycloak/
│ │ └── get_m2m_token.py
│ ├── oauth/
│ │ ├── .env.example
│ │ ├── egress_oauth.py
│ │ ├── generic_oauth_flow.py
│ │ ├── ingress_oauth.py
│ │ └── oauth_providers.yaml
│ ├── okta/
│ │ ├── __init__.py
│ │ └── get_m2m_token.py
│ ├── token_refresher.py
│ └── utils.py
├── docker/
│ ├── 502.html
│ ├── Dockerfile.auth
│ ├── Dockerfile.mcp-server
│ ├── Dockerfile.mcp-server-cpu
│ ├── Dockerfile.mcp-server-light
│ ├── Dockerfile.metrics-db
│ ├── Dockerfile.registry
│ ├── Dockerfile.registry-cpu
│ ├── Dockerfile.scopes-init
│ ├── auth-entrypoint.sh
│ ├── keycloak/
│ │ └── Dockerfile
│ ├── lua/
│ │ ├── capture_body.lua
│ │ ├── emit_metrics.lua
│ │ ├── flush_metrics.lua
│ │ └── virtual_router.lua
│ ├── nginx_rev_proxy_http_and_https.conf
│ ├── nginx_rev_proxy_http_only.conf
│ └── registry-entrypoint.sh
├── docker-compose.dhi.yml
├── docker-compose.podman.yml
├── docker-compose.prebuilt.yml
├── docker-compose.yml
├── docs/
│ ├── FEATURES.md
│ ├── OBSERVABILITY.md
│ ├── README.md
│ ├── TELEMETRY.md
│ ├── a2a-agent-management.md
│ ├── a2a.md
│ ├── agent-skills-operational-guide.md
│ ├── agent-visibility-and-group-access.md
│ ├── agentcore-auto-registration-prerequisites.md
│ ├── agentcore.md
│ ├── ai-coding-assistants-setup.md
│ ├── ai-registry-tools.md
│ ├── anthropic-registry-import.md
│ ├── anthropic_registry_api.md
│ ├── api-reference.md
│ ├── audit-logging.md
│ ├── auth-mgmt.md
│ ├── auth.md
│ ├── auth0-m2m-setup.md
│ ├── auth0.md
│ ├── aws-agent-registry-federation.md
│ ├── cli.md
│ ├── cognito.md
│ ├── complete-setup-guide.md
│ ├── configuration.md
│ ├── custom-metadata.md
│ ├── database-design.md
│ ├── datastore-management.md
│ ├── deployment-modes.md
│ ├── design/
│ │ ├── a2a-protocol-integration.md
│ │ ├── agent-skills-architecture.md
│ │ ├── agentcore-scanner-design.md
│ │ ├── ans-integration.md
│ │ ├── anthropic-api-implementation.md
│ │ ├── anthropic-api-test-commands.md
│ │ ├── architectural-decision-reverse-proxy-vs-application-layer-gateway.md
│ │ ├── authentication-design.md
│ │ ├── aws-agent-registry-federation.md
│ │ ├── cookie-security-design.md
│ │ ├── database-abstraction-layer.md
│ │ ├── federation-architecture.md
│ │ ├── hybrid-search-architecture.md
│ │ ├── idp-provider-support.md
│ │ ├── server-versioning.md
│ │ ├── storage-architecture-mongodb-documentdb.md
│ │ ├── virtual-mcp-server-explained.md
│ │ └── virtual-mcp-server.md
│ ├── dynamic-tool-discovery.md
│ ├── embeddings.md
│ ├── entra-id-setup.md
│ ├── entra.md
│ ├── faq/
│ │ ├── agent-autonomous-tool-discovery.md
│ │ ├── connecting-multiple-mcp-servers.md
│ │ ├── deploying-and-registering-servers-agents.md
│ │ ├── discovering-mcp-tools.md
│ │ ├── filtering-agents-by-tags-and-fields.md
│ │ ├── group-restricted-agent-visibility.md
│ │ ├── index.md
│ │ ├── local-testing-agent-integration.md
│ │ ├── monitoring-server-health.md
│ │ ├── registering-auth-protected-servers.md
│ │ ├── registering-m2m-client-without-idp-admin-token.md
│ │ ├── registry-api-auth-faq.md
│ │ ├── restrict-server-visibility-by-entra-group.md
│ │ ├── use-entra-token-for-registry-api.md
│ │ └── what-is-mcp-and-gateway.md
│ ├── federation-operational-guide.md
│ ├── federation.md
│ ├── iam-settings-ui.md
│ ├── img/
│ │ ├── MCPGW-Registry.drawio
│ │ └── architecture-with-dataplane.md
│ ├── index.md
│ ├── installation.md
│ ├── jwt-token-vending.md
│ ├── keycloak-integration.md
│ ├── llms.txt
│ ├── logging.md
│ ├── macos-setup-guide.md
│ ├── mcp-registry-cli.md
│ ├── metrics-architecture.md
│ ├── mongodb-m2m-collections.md
│ ├── okta-setup.md
│ ├── podman-apple-silicon.md
│ ├── prebuilt-images.md
│ ├── quickstart.md
│ ├── registration-webhooks.md
│ ├── registry-api-auth.md
│ ├── registry-auth-architecture.md
│ ├── registry-auth-detailed.md
│ ├── registry-deployment-modes.md
│ ├── registry_api.md
│ ├── remote-desktop-setup.md
│ ├── scan_report_example.md
│ ├── scopes-mgmt.md
│ ├── scopes.md
│ ├── security-posture.md
│ ├── security-scanner.md
│ ├── server-versioning-operations.md
│ ├── service-management.md
│ ├── static-token-auth.md
│ ├── supported-protocol-and-trust-fields.md
│ ├── testing/
│ │ ├── MAINTENANCE.md
│ │ ├── QUICK-START.md
│ │ ├── README.md
│ │ ├── WRITING_TESTS.md
│ │ ├── memory-management.md
│ │ └── test-categories.md
│ ├── testing.md
│ ├── token-refresh-service.md
│ └── virtual-server-operations.md
├── frontend/
│ ├── .gitignore
│ ├── README.md
│ ├── e2e/
│ │ ├── helpers/
│ │ │ └── auth.ts
│ │ ├── virtual-server-accessibility.spec.ts
│ │ ├── virtual-server-crud.spec.ts
│ │ ├── virtual-server-dashboard.spec.ts
│ │ ├── virtual-server-e2e-full.spec.ts
│ │ └── virtual-server-form.spec.ts
│ ├── package.json
│ ├── patches/
│ │ └── react-scripts+5.0.1.patch
│ ├── playwright.config.ts
│ ├── postcss.config.js
│ ├── public/
│ │ └── index.html
│ ├── src/
│ │ ├── App.tsx
│ │ ├── components/
│ │ │ ├── ANSBadge.tsx
│ │ │ ├── AddRegistryEntryModal.tsx
│ │ │ ├── AgentCard.tsx
│ │ │ ├── AgentDetailsModal.tsx
│ │ │ ├── ApplicationLogs.tsx
│ │ │ ├── AuditEventDetail.tsx
│ │ │ ├── AuditFilterBar.tsx
│ │ │ ├── AuditLogTable.tsx
│ │ │ ├── AuditStatistics.tsx
│ │ │ ├── ConfigPanel.tsx
│ │ │ ├── ConfirmModal.tsx
│ │ │ ├── DataExport.tsx
│ │ │ ├── DeleteConfirmation.tsx
│ │ │ ├── DeploymentModeIndicator.tsx
│ │ │ ├── DetailsModal.tsx
│ │ │ ├── DiscoverListRow.tsx
│ │ │ ├── DiscoverTab.tsx
│ │ │ ├── ExternalRegistries.tsx
│ │ │ ├── FederationPeerForm.tsx
│ │ │ ├── FederationPeers.tsx
│ │ │ ├── IAMGroups.tsx
│ │ │ ├── IAMM2M.tsx
│ │ │ ├── IAMUsers.tsx
│ │ │ ├── Layout.tsx
│ │ │ ├── ProtectedRoute.tsx
│ │ │ ├── RegistryCardSettings.tsx
│ │ │ ├── SearchableSelect.tsx
│ │ │ ├── SecurityScanModal.tsx
│ │ │ ├── SemanticSearchResults.tsx
│ │ │ ├── ServerCard.tsx
│ │ │ ├── ServerConfigModal.tsx
│ │ │ ├── ServerDetailsModal.tsx
│ │ │ ├── Sidebar.tsx
│ │ │ ├── SkillCard.tsx
│ │ │ ├── StarRatingWidget.tsx
│ │ │ ├── StatusBadge.tsx
│ │ │ ├── ToolSelector.tsx
│ │ │ ├── UptimeDisplay.tsx
│ │ │ ├── VersionBadge.tsx
│ │ │ ├── VersionSelectorModal.tsx
│ │ │ ├── VirtualServerCard.tsx
│ │ │ ├── VirtualServerDetailsModal.tsx
│ │ │ ├── VirtualServerForm.tsx
│ │ │ ├── VirtualServerList.tsx
│ │ │ └── __tests__/
│ │ │ ├── ConfigPanel.test.tsx
│ │ │ ├── DiscoverTab.test.tsx
│ │ │ ├── ServerConfigModal.test.tsx
│ │ │ └── SettingsPageConfigIntegration.test.tsx
│ │ ├── contexts/
│ │ │ ├── AuthContext.tsx
│ │ │ └── ThemeContext.tsx
│ │ ├── hooks/
│ │ │ ├── useAgentList.ts
│ │ │ ├── useEscapeKey.ts
│ │ │ ├── useFederationPeers.ts
│ │ │ ├── useIAM.ts
│ │ │ ├── useRegistryConfig.ts
│ │ │ ├── useSemanticSearch.ts
│ │ │ ├── useServerStats.ts
│ │ │ ├── useSkills.ts
│ │ │ ├── useToolCatalog.ts
│ │ │ └── useVirtualServers.ts
│ │ ├── index.css
│ │ ├── index.tsx
│ │ ├── pages/
│ │ │ ├── AuditLogsPage.tsx
│ │ │ ├── Dashboard.tsx
│ │ │ ├── Login.tsx
│ │ │ ├── Logout.tsx
│ │ │ ├── OAuthCallback.tsx
│ │ │ ├── RegisterPage.tsx
│ │ │ ├── SettingsPage.tsx
│ │ │ └── TokenGeneration.tsx
│ │ ├── react-app-env.d.ts
│ │ ├── setupTests.ts
│ │ ├── types/
│ │ │ ├── skill.ts
│ │ │ ├── stats.ts
│ │ │ └── virtualServer.ts
│ │ └── utils/
│ │ ├── dateUtils.ts
│ │ └── permissions.ts
│ ├── tailwind.config.js
│ ├── tests/
│ │ └── reports/
│ │ ├── report.html
│ │ └── report.json
│ ├── tsconfig.e2e.json
│ └── tsconfig.json
├── get_asor_token.py
├── keycloak/
│ ├── README.md
│ ├── import/
│ │ └── realm-config.json
│ └── setup/
│ ├── clean-keycloak.sh
│ ├── disable-ssl.sh
│ ├── generate-agent-token.sh
│ ├── get-all-client-credentials.sh
│ ├── init-keycloak.sh
│ ├── setup-agent-service-account.sh
│ ├── setup-federation-service-account.sh
│ └── setup-m2m-service-account.sh
├── metrics-service/
│ ├── .env.example
│ ├── Dockerfile
│ ├── add_test_key.py
│ ├── app/
│ │ ├── __init__.py
│ │ ├── api/
│ │ │ ├── __init__.py
│ │ │ ├── auth.py
│ │ │ └── routes.py
│ │ ├── config.py
│ │ ├── core/
│ │ │ ├── __init__.py
│ │ │ ├── models.py
│ │ │ ├── processor.py
│ │ │ ├── rate_limiter.py
│ │ │ ├── retention.py
│ │ │ └── validator.py
│ │ ├── main.py
│ │ ├── otel/
│ │ │ ├── __init__.py
│ │ │ ├── exporters.py
│ │ │ └── instruments.py
│ │ ├── storage/
│ │ │ ├── __init__.py
│ │ │ ├── database.py
│ │ │ └── migrations.py
│ │ └── utils/
│ │ ├── __init__.py
│ │ └── helpers.py
│ ├── create_api_key.py
│ ├── docs/
│ │ ├── README.md
│ │ ├── api-reference.md
│ │ ├── data-retention.md
│ │ ├── database-schema.md
│ │ └── deployment.md
│ ├── metrics_client.py
│ ├── migrate.py
│ ├── pyproject.toml
│ ├── pytest.ini
│ └── tests/
│ ├── __init__.py
│ ├── conftest.py
│ ├── test_api.py
│ ├── test_auth.py
│ ├── test_database.py
│ ├── test_migrations.py
│ ├── test_processor.py
│ ├── test_rate_limiter.py
│ ├── test_retention.py
│ └── test_validator.py
├── mkdocs.yml
├── package.json
├── pyproject.toml
├── registry/
│ ├── api/
│ │ ├── __init__.py
│ │ ├── agent_routes.py
│ │ ├── ans_routes.py
│ │ ├── auth0_m2m_routes.py
│ │ ├── config_routes.py
│ │ ├── export_routes.py
│ │ ├── federation_export_routes.py
│ │ ├── federation_routes.py
│ │ ├── internal_routes.py
│ │ ├── log_routes.py
│ │ ├── m2m_management_routes.py
│ │ ├── management_routes.py
│ │ ├── okta_m2m_routes.py
│ │ ├── peer_management_routes.py
│ │ ├── registry_management_routes.py
│ │ ├── registry_routes.py
│ │ ├── search_routes.py
│ │ ├── server_routes.py
│ │ ├── skill_routes.py
│ │ ├── system_routes.py
│ │ ├── virtual_server_routes.py
│ │ └── wellknown_routes.py
│ ├── audit/
│ │ ├── __init__.py
│ │ ├── context.py
│ │ ├── mcp_logger.py
│ │ ├── middleware.py
│ │ ├── models.py
│ │ ├── routes.py
│ │ └── service.py
│ ├── auth/
│ │ ├── __init__.py
│ │ ├── csrf.py
│ │ ├── dependencies.py
│ │ ├── internal.py
│ │ └── routes.py
│ ├── common/
│ │ ├── __init__.py
│ │ └── scopes_loader.py
│ ├── config/
│ │ └── scopes.yml
│ ├── constants.py
│ ├── core/
│ │ ├── __init__.py
│ │ ├── config.py
│ │ ├── endpoint_utils.py
│ │ ├── mcp_client.py
│ │ ├── metrics.py
│ │ ├── nginx_service.py
│ │ ├── schemas.py
│ │ └── telemetry.py
│ ├── embeddings/
│ │ ├── README.md
│ │ ├── __init__.py
│ │ └── client.py
│ ├── exceptions.py
│ ├── health/
│ │ ├── __init__.py
│ │ ├── routes.py
│ │ └── service.py
│ ├── main.py
│ ├── metrics/
│ │ ├── __init__.py
│ │ ├── client.py
│ │ ├── middleware.py
│ │ └── utils.py
│ ├── middleware/
│ │ ├── __init__.py
│ │ └── mode_filter.py
│ ├── models/
│ │ └── idp_m2m_client.py
│ ├── repositories/
│ │ ├── __init__.py
│ │ ├── app_log_repository.py
│ │ ├── audit_repository.py
│ │ ├── documentdb/
│ │ │ ├── __init__.py
│ │ │ ├── agent_repository.py
│ │ │ ├── backend_session_repository.py
│ │ │ ├── client.py
│ │ │ ├── federation_config_repository.py
│ │ │ ├── peer_federation_repository.py
│ │ │ ├── registry_card_repository.py
│ │ │ ├── scope_repository.py
│ │ │ ├── search_repository.py
│ │ │ ├── security_scan_repository.py
│ │ │ ├── server_repository.py
│ │ │ ├── skill_repository.py
│ │ │ ├── skill_security_scan_repository.py
│ │ │ └── virtual_server_repository.py
│ │ ├── factory.py
│ │ ├── file/
│ │ │ ├── __init__.py
│ │ │ ├── agent_repository.py
│ │ │ ├── federation_config_repository.py
│ │ │ ├── peer_federation_repository.py
│ │ │ ├── scope_repository.py
│ │ │ ├── search_repository.py
│ │ │ ├── security_scan_repository.py
│ │ │ ├── server_repository.py
│ │ │ └── skill_security_scan_repository.py
│ │ ├── interfaces.py
│ │ └── stats_repository.py
│ ├── schemas/
│ │ ├── __init__.py
│ │ ├── agent_models.py
│ │ ├── agent_security.py
│ │ ├── ans_models.py
│ │ ├── anthropic_schema.py
│ │ ├── backend_session_models.py
│ │ ├── federation_schema.py
│ │ ├── idp_m2m_client.py
│ │ ├── management.py
│ │ ├── okta_m2m_client.py
│ │ ├── peer_federation_schema.py
│ │ ├── registration_gate_models.py
│ │ ├── registry_card.py
│ │ ├── security.py
│ │ ├── skill_models.py
│ │ ├── skill_security.py
│ │ └── virtual_server_models.py
│ ├── scripts/
│ │ └── inspect-documentdb.py
│ ├── search/
│ │ ├── __init__.py
│ │ └── service.py
│ ├── servers/
│ │ ├── atlassian.json
│ │ ├── currenttime.json
│ │ ├── fininfo.json
│ │ ├── mcpgw.json
│ │ ├── realserverfaketools.json
│ │ ├── server_state.json
│ │ └── sre-gateway.json
│ ├── services/
│ │ ├── __init__.py
│ │ ├── agent_scanner.py
│ │ ├── agent_service.py
│ │ ├── agent_transform_service.py
│ │ ├── ans_client.py
│ │ ├── ans_service.py
│ │ ├── ans_sync_scheduler.py
│ │ ├── auth0_m2m_sync.py
│ │ ├── demo_servers_init.py
│ │ ├── federation/
│ │ │ ├── __init__.py
│ │ │ ├── agentcore_client.py
│ │ │ ├── anthropic_client.py
│ │ │ ├── asor_client.py
│ │ │ ├── base_client.py
│ │ │ ├── federation_auth.py
│ │ │ └── peer_registry_client.py
│ │ ├── federation_audit_service.py
│ │ ├── federation_reconciliation.py
│ │ ├── github_auth.py
│ │ ├── m2m_management_service.py
│ │ ├── okta_m2m_sync.py
│ │ ├── peer_federation_service.py
│ │ ├── peer_sync_scheduler.py
│ │ ├── rating_service.py
│ │ ├── registration_gate_service.py
│ │ ├── scope_service.py
│ │ ├── security_scanner.py
│ │ ├── server_service.py
│ │ ├── skill_scanner.py
│ │ ├── skill_service.py
│ │ ├── tool_catalog_service.py
│ │ ├── tool_validation_service.py
│ │ ├── transform_service.py
│ │ ├── virtual_server_service.py
│ │ └── webhook_service.py
│ ├── static/
│ │ ├── asset-manifest.json
│ │ ├── index.html
│ │ └── static/
│ │ ├── css/
│ │ │ └── main.509e9b60.css
│ │ └── js/
│ │ ├── main.d2eb0b7d.js
│ │ └── main.d2eb0b7d.js.LICENSE.txt
│ ├── templates/
│ │ ├── components/
│ │ │ ├── server_card.html
│ │ │ └── sidebar.html
│ │ ├── edit_server.html
│ │ ├── index.html
│ │ ├── login.html
│ │ ├── pages/
│ │ │ └── dashboard.html
│ │ └── token_generation.html
│ ├── utils/
│ │ ├── __init__.py
│ │ ├── agent_validator.py
│ │ ├── auth0_manager.py
│ │ ├── credential_encryption.py
│ │ ├── entra_manager.py
│ │ ├── federation_encryption.py
│ │ ├── iam_manager.py
│ │ ├── keycloak_manager.py
│ │ ├── logging_setup.py
│ │ ├── metadata.py
│ │ ├── mongodb_connection.py
│ │ ├── mongodb_log_handler.py
│ │ ├── okta_manager.py
│ │ ├── path_utils.py
│ │ ├── request_utils.py
│ │ ├── scopes_manager.py
│ │ ├── scopes_manager_old.py
│ │ ├── url_utils.py
│ │ └── visibility.py
│ └── version.py
├── release-notes/
│ ├── DISCLAIMER.md
│ ├── v1.0.10.md
│ ├── v1.0.12.md
│ ├── v1.0.13.md
│ ├── v1.0.14.md
│ ├── v1.0.15.md
│ ├── v1.0.16.md
│ ├── v1.0.17.md
│ ├── v1.0.18.md
│ ├── v1.0.19.md
│ ├── v1.0.20.md
│ ├── v1.0.21.md
│ ├── v1.0.3.md
│ ├── v1.0.4.md
│ ├── v1.0.5.md
│ ├── v1.0.6.md
│ ├── v1.0.9-patch1.md
│ └── v1.0.9.md
├── scripts/
│ ├── README.md
│ ├── backfill_agent_fields.py
│ ├── build-images.sh
│ ├── debug-scopes.py
│ ├── deploy.sh
│ ├── docs-dev.sh
│ ├── download-documentdb-ca-bundle.sh
│ ├── fix_auth_tests.py
│ ├── generate-image-manifest.sh
│ ├── generate-mongodb-keyfile.sh
│ ├── init-documentdb-indexes.py
│ ├── init-documentdb.sh
│ ├── init-mongodb-ce.py
│ ├── init-mongodb.sh
│ ├── load-scopes.py
│ ├── manage-documentdb.py
│ ├── mcp-registry-admin.json
│ ├── mcp-servers-unrestricted-execute.json
│ ├── mcp-servers-unrestricted-read.json
│ ├── migrate-file-to-mongodb.py
│ ├── migrate-servers-add-is-active.py
│ ├── mongodb-entrypoint.sh
│ ├── opensearch-schemas/
│ │ ├── hybrid-search-pipeline.json
│ │ ├── mcp-agents.json
│ │ ├── mcp-embeddings-serverless.json
│ │ ├── mcp-embeddings.json
│ │ ├── mcp-scopes.json
│ │ ├── mcp-security-scans.json
│ │ └── mcp-servers.json
│ ├── publish_containers.sh
│ ├── refresh_m2m_token.sh
│ ├── registry-admins.json
│ ├── run-oauth-setup.sh
│ ├── scan-images-trivy.sh
│ ├── setup-atlassian-env.sh
│ ├── test-mcpgw-tools-README.md
│ ├── test-mcpgw-tools.sh
│ ├── test-peer-federation-docker.sh
│ ├── test-peer-federation.sh
│ ├── test.py
│ └── validate-dockerfiles.sh
├── servers/
│ ├── currenttime/
│ │ ├── .dockerignore
│ │ ├── pyproject.toml
│ │ └── server.py
│ ├── example-server/
│ │ ├── pyproject.toml
│ │ └── server.py
│ ├── fininfo/
│ │ ├── .dockerignore
│ │ ├── .keys.yml.template
│ │ ├── README.md
│ │ ├── README_SECRETS.md
│ │ ├── client.py
│ │ ├── encrypt_secrets.py
│ │ ├── pyproject.toml
│ │ ├── secrets_manager.py
│ │ └── server.py
│ ├── mcpgw/
│ │ ├── .dockerignore
│ │ ├── models.py
│ │ ├── pyproject.toml
│ │ └── server.py
│ └── realserverfaketools/
│ ├── .dockerignore
│ ├── README.md
│ ├── pyproject.toml
│ └── server.py
├── start_token_refresher.sh
├── terraform/
│ ├── README.md
│ ├── aws-ecs/
│ │ ├── .gitignore
│ │ ├── OPERATIONS.md
│ │ ├── README.md
│ │ ├── alb-logging.tf
│ │ ├── build-and-push-all.sh
│ │ ├── build-minimal.sh
│ │ ├── cloudfront-acm.tf
│ │ ├── cloudfront-logging.tf
│ │ ├── cloudfront.tf
│ │ ├── cloudwatch-alarms.tf
│ │ ├── codebuild.tf
│ │ ├── docs/
│ │ │ └── observability-architecture.md
│ │ ├── documentdb-elastic.tf.disabled
│ │ ├── documentdb.tf
│ │ ├── ecs.tf
│ │ ├── grafana/
│ │ │ ├── Dockerfile
│ │ │ ├── dashboards/
│ │ │ │ └── mcp-analytics-comprehensive.json
│ │ │ └── provisioning/
│ │ │ ├── dashboards/
│ │ │ │ └── dashboards.yaml
│ │ │ └── datasources/
│ │ │ └── datasources.yaml
│ │ ├── keycloak-alb.tf
│ │ ├── keycloak-database.tf
│ │ ├── keycloak-dns.tf
│ │ ├── keycloak-ecr.tf
│ │ ├── keycloak-ecs.tf
│ │ ├── keycloak-security-groups.tf
│ │ ├── lambda/
│ │ │ ├── README.md
│ │ │ ├── rotate-documentdb/
│ │ │ │ ├── index.py
│ │ │ │ └── requirements.txt
│ │ │ ├── rotate-rds/
│ │ │ │ ├── index.py
│ │ │ │ └── requirements.txt
│ │ │ └── verify-deployment.sh
│ │ ├── locals.tf
│ │ ├── main.tf
│ │ ├── modules/
│ │ │ └── mcp-gateway/
│ │ │ ├── data.tf
│ │ │ ├── ecs-services.tf
│ │ │ ├── iam.tf
│ │ │ ├── locals.tf
│ │ │ ├── main.tf
│ │ │ ├── monitoring.tf
│ │ │ ├── networking.tf
│ │ │ ├── observability.tf
│ │ │ ├── outputs.tf
│ │ │ ├── secrets.tf
│ │ │ ├── storage.tf
│ │ │ ├── variables.tf
│ │ │ └── versions.tf
│ │ ├── outputs.tf
│ │ ├── push-all-images-to-ecr.sh
│ │ ├── registry-dns.tf
│ │ ├── scripts/
│ │ │ ├── README-DOCUMENTDB-CLI.md
│ │ │ ├── README.md
│ │ │ ├── ecs-ssh.sh
│ │ │ ├── init-documentdb.sh
│ │ │ ├── init-keycloak.sh
│ │ │ ├── post-deployment-setup.sh
│ │ │ ├── pre-destroy-cleanup.sh
│ │ │ ├── requirements.txt
│ │ │ ├── rotate-keycloak-web-client-secret.sh
│ │ │ ├── run-documentdb-cli.sh
│ │ │ ├── run-documentdb-init.sh
│ │ │ ├── run-scopes-init-task.sh
│ │ │ ├── save-terraform-outputs.sh
│ │ │ ├── service_mgmt.sh
│ │ │ ├── user_mgmt.sh
│ │ │ ├── view-cloudwatch-logs.sh
│ │ │ └── view-logs.sh
│ │ ├── secret-rotation-config.tf
│ │ ├── secret-rotation.tf
│ │ ├── setup-documentdb-env.sh
│ │ ├── terraform.tfvars.example
│ │ ├── variables.tf
│ │ ├── vpc.tf
│ │ └── waf.tf
│ └── telemetry-collector/
│ ├── README.md
│ ├── bastion-scripts/
│ │ ├── connect.sh
│ │ ├── query.sh
│ │ ├── setup-bastion.sh
│ │ └── telemetry_db.py
│ ├── bastion.tf
│ ├── check-status.sh
│ ├── cloudwatch.tf
│ ├── create-indexes.js
│ ├── deploy.sh
│ ├── destroy.sh
│ ├── documentdb.tf
│ ├── domain.tf
│ ├── dynamodb.tf
│ ├── iam.tf
│ ├── lambda/
│ │ ├── collector/
│ │ │ ├── index.py
│ │ │ ├── requirements.txt
│ │ │ └── schemas.py
│ │ └── index-setup/
│ │ ├── index.py
│ │ └── requirements.txt
│ ├── lambda.tf
│ ├── main.tf
│ ├── outputs.tf
│ ├── secrets.tf
│ ├── terraform.tfvars.example
│ ├── variables.tf
│ └── vpc.tf
├── test-keycloak-mcp.sh
└── tests/
├── README.md
├── __init__.py
├── auth_server/
│ ├── __init__.py
│ ├── conftest.py
│ ├── fixtures/
│ │ ├── __init__.py
│ │ ├── mock_jwt.py
│ │ └── mock_providers.py
│ └── unit/
│ ├── __init__.py
│ ├── providers/
│ │ ├── __init__.py
│ │ ├── test_auth0.py
│ │ ├── test_base.py
│ │ ├── test_keycloak.py
│ │ └── test_okta.py
│ └── test_server.py
├── conftest.py
├── e2e/
│ ├── __init__.py
│ ├── test_virtual_mcp_latency.py
│ ├── test_virtual_mcp_protocol.py
│ └── test_virtual_mcp_stress.py
├── e2e_agent_skills_test.py
├── fixtures/
│ ├── __init__.py
│ ├── constants.py
│ ├── factories.py
│ ├── helpers.py
│ ├── mocks/
│ │ ├── __init__.py
│ │ ├── mock_auth.py
│ │ ├── mock_embeddings.py
│ │ ├── mock_faiss.py
│ │ └── mock_http.py
│ ├── skill_scan_medium_output.json
│ ├── skill_scan_safe_output.json
│ └── skill_scan_unsafe_output.json
├── integration/
│ ├── __init__.py
│ ├── conftest.py
│ ├── test_agentcore_sync_integration.py
│ ├── test_deployment_mode_integration.py
│ ├── test_mongodb_connectivity.py
│ ├── test_peer_federation_e2e.py
│ ├── test_search_integration.py
│ ├── test_server_lifecycle.py
│ ├── test_skill_api.py
│ ├── test_skill_scanner_repository.py
│ ├── test_telemetry_e2e.py
│ ├── test_virtual_server_api.py
│ └── test_virtual_server_scopes_e2e.sh
├── security/
│ └── test_container_security.py
├── test_infrastructure.py
└── unit/
├── __init__.py
├── api/
│ ├── __init__.py
│ ├── test_agent_routes.py
│ ├── test_config_export.py
│ ├── test_federation_export_routes.py
│ ├── test_log_routes.py
│ ├── test_m2m_management_routes.py
│ ├── test_management_routes.py
│ ├── test_peer_management_routes.py
│ ├── test_search_routes.py
│ ├── test_server_get_endpoint.py
│ ├── test_server_routes.py
│ ├── test_skill_inline_content.py
│ └── test_wellknown_routes.py
├── audit/
│ ├── __init__.py
│ ├── test_audit_composite_key.py
│ ├── test_audit_repository.py
│ ├── test_filter_statistics.py
│ ├── test_mcp_logger.py
│ ├── test_middleware.py
│ ├── test_models_properties.py
│ ├── test_routes.py
│ └── test_service.py
├── auth/
│ ├── __init__.py
│ ├── test_csrf.py
│ └── test_dependencies.py
├── cli/
│ ├── __init__.py
│ ├── test_agentcore_cross_account.py
│ ├── test_agentcore_discovery.py
│ ├── test_agentcore_registration.py
│ └── test_agentcore_token_refresher.py
├── conftest.py
├── core/
│ ├── __init__.py
│ ├── test_config.py
│ ├── test_endpoint_utils.py
│ ├── test_mcp_client.py
│ ├── test_nginx_service.py
│ ├── test_schemas_protocol_trust_fields.py
│ ├── test_schemas_registry_card_fields.py
│ ├── test_telemetry.py
│ └── test_visibility_normalization.py
├── embeddings/
│ ├── __init__.py
│ └── test_embeddings_client.py
├── health/
│ ├── __init__.py
│ └── test_health_service.py
├── lambda/
│ ├── __init__.py
│ ├── conftest.py
│ └── test_collector.py
├── middleware/
│ ├── __init__.py
│ └── test_mode_filter.py
├── repositories/
│ ├── __init__.py
│ ├── test_app_log_repository.py
│ ├── test_file_server_repository.py
│ ├── test_registry_card_repository.py
│ └── test_search_result_distribution.py
├── schemas/
│ ├── __init__.py
│ ├── test_agent_models.py
│ ├── test_agentcore_federation_schema.py
│ ├── test_peer_federation_schema.py
│ ├── test_registry_card.py
│ ├── test_skill_models_registry_card_fields.py
│ ├── test_uuid_federation.py
│ └── test_uuid_fields.py
├── search/
│ ├── __init__.py
│ └── test_faiss_service.py
├── servers/
│ ├── __init__.py
│ └── mcpgw/
│ ├── __init__.py
│ └── test_intelligent_tool_finder.py
├── services/
│ ├── __init__.py
│ ├── federation/
│ │ ├── __init__.py
│ │ ├── test_agentcore_client.py
│ │ ├── test_federation_auth.py
│ │ └── test_peer_registry_client.py
│ ├── test_agent_service.py
│ ├── test_agentcore_reconciliation.py
│ ├── test_m2m_management_service.py
│ ├── test_peer_federation_service.py
│ ├── test_peer_federation_sync.py
│ ├── test_registration_gate_service.py
│ ├── test_server_service.py
│ └── test_webhook_service.py
├── test_backend_session_repository.py
├── test_deployment_mode.py
├── test_entra_manager.py
├── test_github_auth.py
├── test_iam_manager.py
├── test_lifecycle_status.py
├── test_safe_eval_arithmetic.py
├── test_skill_models.py
├── test_skill_routes_github_auth.py
├── test_skill_routes_security.py
├── test_skill_scanner_service.py
├── test_skill_security_schemas.py
├── test_skill_service_github_auth.py
├── test_skill_service_parsing.py
├── test_stats_endpoint.py
├── test_url_validation.py
├── test_virtual_server_models.py
├── test_virtual_server_nginx.py
├── test_virtual_server_service.py
└── utils/
├── __init__.py
├── test_credential_encryption.py
├── test_logging_setup.py
├── test_metadata.py
├── test_mongodb_log_handler.py
├── test_okta_manager.py
├── test_request_utils.py
├── test_url_utils.py
└── test_visibility.py
Showing preview only (793K chars total). Download the full file or copy to clipboard to get everything.
SYMBOL INDEX (8438 symbols across 482 files)
FILE: agents/a2a/src/flight-booking-agent/agent.py
function lifespan (line 44) | async def lifespan(
function ping (line 65) | def ping():
function health (line 72) | def health():
function api_check_availability (line 79) | def api_check_availability(
function api_reserve_flight (line 90) | def api_reserve_flight(
function api_confirm_booking (line 105) | def api_confirm_booking(
function api_process_payment (line 116) | def api_process_payment(
function api_get_reservation (line 130) | def api_get_reservation(
function api_cancel_reservation (line 141) | def api_cancel_reservation(
function main (line 156) | def main() -> None:
FILE: agents/a2a/src/flight-booking-agent/database.py
function _create_tables (line 21) | def _create_tables(
function _insert_seed_data (line 105) | def _insert_seed_data(
class BookingDatabaseManager (line 249) | class BookingDatabaseManager:
method __init__ (line 252) | def __init__(
method init_database (line 261) | def init_database(self) -> None:
method get_connection (line 269) | def get_connection(self) -> sqlite3.Connection:
method get_flight_availability (line 273) | def get_flight_availability(
method create_reservation (line 308) | def create_reservation(
method confirm_booking (line 397) | def confirm_booking(
method process_payment (line 455) | def process_payment(
method get_booking_details (line 522) | def get_booking_details(
method cancel_booking (line 576) | def cancel_booking(
FILE: agents/a2a/src/flight-booking-agent/dependencies.py
function get_env (line 20) | def get_env() -> EnvSettings:
function get_db_manager (line 27) | def get_db_manager() -> BookingDatabaseManager:
FILE: agents/a2a/src/flight-booking-agent/env_settings.py
class EnvSettings (line 15) | class EnvSettings:
method __init__ (line 18) | def __init__(self) -> None:
FILE: agents/a2a/src/flight-booking-agent/tools.py
function check_availability (line 19) | def check_availability(
function reserve_flight (line 41) | def reserve_flight(
function confirm_booking (line 63) | def confirm_booking(
function process_payment (line 82) | def process_payment(
function manage_reservation (line 106) | def manage_reservation(
FILE: agents/a2a/src/travel-assistant-agent/agent.py
function search_flights (line 17) | def search_flights(
function check_prices (line 48) | def check_prices(
function get_recommendations (line 70) | def get_recommendations(
function create_trip_plan (line 96) | def create_trip_plan(
function discover_remote_agents (line 149) | async def discover_remote_agents(query: str, max_results: int = 5) -> str:
function view_cached_remote_agents (line 226) | async def view_cached_remote_agents() -> str:
function invoke_remote_agent (line 270) | async def invoke_remote_agent(agent_id: str, message: str) -> str:
function get_agent_instance (line 329) | def get_agent_instance():
FILE: agents/a2a/src/travel-assistant-agent/database.py
function _insert_seed_data (line 17) | def _insert_seed_data(
class FlightDatabaseManager (line 116) | class FlightDatabaseManager:
method __init__ (line 119) | def __init__(
method init_database (line 128) | def init_database(self) -> None:
method get_connection (line 167) | def get_connection(self) -> sqlite3.Connection:
method search_flights (line 171) | def search_flights(
method get_flight_details (line 216) | def get_flight_details(
method get_recommendations (line 252) | def get_recommendations(
method create_trip_plan (line 297) | def create_trip_plan(
FILE: agents/a2a/src/travel-assistant-agent/dependencies.py
function get_env (line 19) | def get_env() -> EnvSettings:
function get_db_manager (line 26) | def get_db_manager() -> FlightDatabaseManager:
function get_registry_client (line 34) | def get_registry_client() -> RegistryDiscoveryClient | None:
function get_remote_agent_cache (line 70) | def get_remote_agent_cache() -> RemoteAgentCache:
FILE: agents/a2a/src/travel-assistant-agent/env_settings.py
class EnvSettings (line 15) | class EnvSettings:
method __init__ (line 18) | def __init__(self) -> None:
FILE: agents/a2a/src/travel-assistant-agent/models.py
class AgentSkill (line 8) | class AgentSkill(BaseModel):
class DiscoveredAgent (line 21) | class DiscoveredAgent(BaseModel):
method agent_name (line 38) | def agent_name(self) -> str:
method skill_names (line 43) | def skill_names(self) -> list[str]:
FILE: agents/a2a/src/travel-assistant-agent/registry_discovery_client.py
class RegistryDiscoveryClient (line 16) | class RegistryDiscoveryClient:
method __init__ (line 19) | def __init__(
method _get_token (line 48) | async def _get_token(self) -> str:
method discover_by_semantic_search (line 96) | async def discover_by_semantic_search(
method discover_by_skills (line 149) | async def discover_by_skills(
FILE: agents/a2a/src/travel-assistant-agent/remote_agent_client.py
class RemoteAgentClient (line 18) | class RemoteAgentClient:
method __init__ (line 27) | def __init__(
method _ensure_initialized (line 48) | async def _ensure_initialized(self):
method send_message (line 73) | async def send_message(self, message: str) -> str:
method close (line 104) | async def close(self):
class RemoteAgentCache (line 111) | class RemoteAgentCache:
method __init__ (line 112) | def __init__(self):
method get (line 116) | def get(self, agent_id: str) -> RemoteAgentClient | None:
method get_all (line 119) | def get_all(self) -> dict[str, RemoteAgentClient]:
method add (line 122) | def add(self, agent_id: str, agent_client: RemoteAgentClient):
method cache_discovered_agents (line 126) | def cache_discovered_agents(
method clear (line 155) | async def clear(self):
method __len__ (line 163) | def __len__(self) -> int:
method __contains__ (line 166) | def __contains__(self, agent_id: str) -> bool:
FILE: agents/a2a/src/travel-assistant-agent/server.py
function lifespan (line 36) | async def lifespan(
function ping (line 55) | def ping():
function health (line 62) | def health():
function api_search_flights (line 69) | def api_search_flights(
function api_check_prices (line 82) | def api_check_prices(
function api_recommendations (line 93) | def api_recommendations(
function api_create_trip_plan (line 108) | def api_create_trip_plan(
function api_discover_agents (line 126) | async def api_discover_agents(query: str):
function main (line 154) | def main() -> None:
FILE: agents/a2a/src/travel-assistant-agent/tools.py
function search_flights (line 19) | def search_flights(
function check_prices (line 50) | def check_prices(
function get_recommendations (line 72) | def get_recommendations(
function create_trip_plan (line 98) | def create_trip_plan(
FILE: agents/a2a/test/agent_discovery_test.py
class AgentTester (line 28) | class AgentTester:
method __init__ (line 31) | def __init__(self, endpoints, is_live=False):
method send_agent_message (line 35) | def send_agent_message(self, agent_type, message):
method extract_response_text (line 57) | def extract_response_text(self, response):
class AgentDiscoveryTests (line 72) | class AgentDiscoveryTests:
method __init__ (line 75) | def __init__(self, tester):
method test_search_flight_solo (line 79) | def test_search_flight_solo(self):
method test_book_flight_with_discovery (line 98) | def test_book_flight_with_discovery(self):
function run_tests (line 121) | def run_tests(endpoint_type):
function main (line 157) | def main():
FILE: agents/a2a/test/agent_simple_test.py
class AgentTester (line 42) | class AgentTester:
method __init__ (line 45) | def __init__(
method send_agent_message (line 55) | def send_agent_message(
method _invoke_agentcore_runtime (line 105) | def _invoke_agentcore_runtime(
method call_api_endpoint (line 186) | def call_api_endpoint(
method ping_agent (line 219) | def ping_agent(
class TravelAssistantTests (line 245) | class TravelAssistantTests:
method __init__ (line 248) | def __init__(
method test_ping (line 255) | def test_ping(self) -> None:
method test_agent_flight_search (line 262) | def test_agent_flight_search(self) -> None:
method test_api_search_flights (line 288) | def test_api_search_flights(self) -> None:
method test_api_recommendations (line 311) | def test_api_recommendations(self) -> None:
class FlightBookingTests (line 334) | class FlightBookingTests:
method __init__ (line 337) | def __init__(
method test_ping (line 344) | def test_ping(self) -> None:
method test_agent_availability_check (line 351) | def test_agent_availability_check(self) -> None:
method test_agent_booking (line 367) | def test_agent_booking(self) -> None:
method test_api_check_availability (line 382) | def test_api_check_availability(self) -> None:
function run_tests (line 402) | def run_tests(
function main (line 450) | def main() -> None:
FILE: agents/a2a/test/simple_agents_test.py
class AgentTester (line 42) | class AgentTester:
method __init__ (line 45) | def __init__(
method send_agent_message (line 55) | def send_agent_message(
method _invoke_agentcore_runtime (line 105) | def _invoke_agentcore_runtime(
method call_api_endpoint (line 186) | def call_api_endpoint(
method ping_agent (line 219) | def ping_agent(
class TravelAssistantTests (line 245) | class TravelAssistantTests:
method __init__ (line 248) | def __init__(
method test_ping (line 255) | def test_ping(self) -> None:
method test_agent_flight_search (line 262) | def test_agent_flight_search(self) -> None:
method test_api_search_flights (line 288) | def test_api_search_flights(self) -> None:
method test_api_recommendations (line 311) | def test_api_recommendations(self) -> None:
class FlightBookingTests (line 334) | class FlightBookingTests:
method __init__ (line 337) | def __init__(
method test_ping (line 344) | def test_ping(self) -> None:
method test_agent_availability_check (line 351) | def test_agent_availability_check(self) -> None:
method test_agent_booking (line 367) | def test_agent_booking(self) -> None:
method test_api_check_availability (line 382) | def test_api_check_availability(self) -> None:
class AgentDiscoveryTests (line 402) | class AgentDiscoveryTests:
method __init__ (line 411) | def __init__(
method _is_registry_available (line 419) | def _is_registry_available(self) -> bool:
method test_discover_and_delegate_booking (line 427) | def test_discover_and_delegate_booking(self) -> None:
function run_tests (line 494) | def run_tests(
function main (line 553) | def main() -> None:
FILE: agents/agent.py
class ProgressSpinner (line 102) | class ProgressSpinner:
method __init__ (line 107) | def __init__(self):
method _spin (line 111) | def _spin(self) -> None:
method start (line 120) | def start(self) -> "ProgressSpinner":
method stop (line 126) | def stop(
function print_step (line 140) | def print_step(
function load_server_config (line 148) | def load_server_config(config_file: str = "server_config.yml") -> dict[s...
function resolve_env_vars (line 179) | def resolve_env_vars(value: str, server_name: str = None) -> str:
function get_server_headers (line 222) | def get_server_headers(server_name: str, config: dict[str, Any]) -> dict...
function enable_verbose_logging (line 262) | def enable_verbose_logging():
function parse_arguments (line 285) | def parse_arguments() -> argparse.Namespace:
function _safe_eval_arithmetic (line 388) | def _safe_eval_arithmetic(expression: str) -> int | float:
function calculator (line 437) | def calculator(expression: str) -> str:
function search_registry_tools (line 479) | async def search_registry_tools(
function invoke_mcp_tool (line 582) | async def invoke_mcp_tool(
function _add_egress_auth (line 662) | def _add_egress_auth(
function _invoke_via_sse (line 701) | async def _invoke_via_sse(
function _invoke_via_http (line 715) | async def _invoke_via_http(
function _format_tool_response (line 733) | def _format_tool_response(result: Any) -> str:
class AgentSettings (line 747) | class AgentSettings:
method __init__ (line 750) | def __init__(self):
function load_system_prompt (line 761) | def load_system_prompt():
function print_agent_response (line 788) | def print_agent_response(
function _print_verbose_messages (line 819) | def _print_verbose_messages(messages: list[Any]) -> None:
class InteractiveAgent (line 848) | class InteractiveAgent:
method __init__ (line 851) | def __init__(
method process_message (line 862) | async def process_message(
method run_interactive_session (line 894) | async def run_interactive_session(self) -> None:
method _print_history (line 935) | def _print_history(self) -> None:
function main (line 949) | async def main():
function _create_model (line 1021) | def _create_model(
FILE: agents/cli_user_auth.py
class OAuthCallbackHandler (line 105) | class OAuthCallbackHandler(BaseHTTPRequestHandler):
method log_message (line 108) | def log_message(self, format, *args):
method do_GET (line 112) | def do_GET(self):
method exchange_code_for_tokens (line 158) | def exchange_code_for_tokens(self, auth_code):
method create_session_cookie (line 210) | def create_session_cookie(self, user_info):
method send_success_response (line 235) | def send_success_response(self):
method send_error_response (line 263) | def send_error_response(self, error_message):
method send_404 (line 287) | def send_404(self):
function generate_pkce_challenge (line 293) | def generate_pkce_challenge():
function start_callback_server (line 305) | def start_callback_server():
function save_cookie_to_file (line 316) | def save_cookie_to_file(cookie_value, file_path):
function main (line 337) | def main():
FILE: agents/client.py
class CustomFormatter (line 59) | class CustomFormatter(logging.Formatter):
method format (line 60) | def format(self, record):
function load_env_config (line 86) | def load_env_config() -> dict[str, str | None]:
function parse_arguments (line 128) | def parse_arguments():
function main (line 213) | def main():
FILE: agents/registry_client.py
class MatchingTool (line 24) | class MatchingTool(BaseModel):
class ServerSearchResult (line 37) | class ServerSearchResult(BaseModel):
class ToolSearchResult (line 53) | class ToolSearchResult(BaseModel):
class SearchResponse (line 65) | class SearchResponse(BaseModel):
class RegistryClient (line 75) | class RegistryClient:
method __init__ (line 78) | def __init__(
method _get_token (line 116) | async def _get_token(self) -> str:
method search_tools (line 170) | async def search_tools(
method get_server_info (line 237) | async def get_server_info(
function _format_tool_result (line 299) | def _format_tool_result(
function _format_server_result (line 329) | def _format_server_result(
FILE: api/registry_client.py
class HealthStatus (line 33) | class HealthStatus(str, Enum):
class ServiceRegistration (line 42) | class ServiceRegistration(BaseModel):
class InternalServiceRegistration (line 54) | class InternalServiceRegistration(BaseModel):
class Server (line 100) | class Server(BaseModel):
class ServerDetail (line 114) | class ServerDetail(BaseModel):
class ServerDetailResponse (line 138) | class ServerDetailResponse(BaseModel):
class ServerListResponse (line 159) | class ServerListResponse(BaseModel):
class ServiceResponse (line 169) | class ServiceResponse(BaseModel):
class ToggleResponse (line 177) | class ToggleResponse(BaseModel):
class ErrorResponse (line 185) | class ErrorResponse(BaseModel):
class SecurityScanResult (line 193) | class SecurityScanResult(BaseModel):
class RescanResponse (line 200) | class RescanResponse(BaseModel):
class AgentSecurityScanResponse (line 217) | class AgentSecurityScanResponse(BaseModel):
class AgentRescanResponse (line 228) | class AgentRescanResponse(BaseModel):
class SkillSecurityScanResponse (line 245) | class SkillSecurityScanResponse(BaseModel):
class SkillRescanResponse (line 262) | class SkillRescanResponse(BaseModel):
class GroupListResponse (line 279) | class GroupListResponse(BaseModel):
class AgentProvider (line 289) | class AgentProvider(str, Enum):
class AgentVisibility (line 297) | class AgentVisibility(str, Enum):
class Provider (line 305) | class Provider(BaseModel):
class SecuritySchemeType (line 317) | class SecuritySchemeType(str, Enum):
class SecurityScheme (line 326) | class SecurityScheme(BaseModel):
class Config (line 362) | class Config:
class Skill (line 366) | class Skill(BaseModel):
class Config (line 387) | class Config:
class AgentRegistration (line 391) | class AgentRegistration(BaseModel):
class Config (line 480) | class Config:
class AgentCard (line 484) | class AgentCard(BaseModel):
class Config (line 509) | class Config:
class AgentRegistrationResponse (line 513) | class AgentRegistrationResponse(BaseModel):
class SkillDetail (line 520) | class SkillDetail(BaseModel):
class Config (line 541) | class Config:
class AgentDetail (line 545) | class AgentDetail(BaseModel):
class Config (line 644) | class Config:
class AgentListItem (line 648) | class AgentListItem(BaseModel):
class Config (line 685) | class Config:
class AgentListResponse (line 689) | class AgentListResponse(BaseModel):
class AgentToggleResponse (line 699) | class AgentToggleResponse(BaseModel):
class SkillDiscoveryRequest (line 707) | class SkillDiscoveryRequest(BaseModel):
class DiscoveredAgent (line 714) | class DiscoveredAgent(BaseModel):
class AgentDiscoveryResponse (line 723) | class AgentDiscoveryResponse(BaseModel):
class SemanticDiscoveredAgent (line 729) | class SemanticDiscoveredAgent(BaseModel):
class Config (line 759) | class Config:
class AgentSemanticDiscoveryResponse (line 763) | class AgentSemanticDiscoveryResponse(BaseModel):
class MatchingToolResult (line 769) | class MatchingToolResult(BaseModel):
class SyncMetadata (line 781) | class SyncMetadata(BaseModel):
class SemanticDiscoveredServer (line 793) | class SemanticDiscoveredServer(BaseModel):
class ToolSearchResult (line 825) | class ToolSearchResult(BaseModel):
class AgentSearchResult (line 841) | class AgentSearchResult(BaseModel):
class SkillSearchResult (line 854) | class SkillSearchResult(BaseModel):
class VirtualServerSearchResult (line 874) | class VirtualServerSearchResult(BaseModel):
class ToolMapping (line 896) | class ToolMapping(BaseModel):
class ToolScopeOverride (line 906) | class ToolScopeOverride(BaseModel):
class VirtualServerCreateRequest (line 915) | class VirtualServerCreateRequest(BaseModel):
class VirtualServerConfig (line 937) | class VirtualServerConfig(BaseModel):
class VirtualServerListResponse (line 962) | class VirtualServerListResponse(BaseModel):
class VirtualServerToggleResponse (line 971) | class VirtualServerToggleResponse(BaseModel):
class VirtualServerDeleteResponse (line 979) | class VirtualServerDeleteResponse(BaseModel):
class SemanticSearchResponse (line 986) | class SemanticSearchResponse(BaseModel):
class ServerSemanticSearchResponse (line 1007) | class ServerSemanticSearchResponse(BaseModel):
class RatingDetail (line 1016) | class RatingDetail(BaseModel):
class RatingRequest (line 1023) | class RatingRequest(BaseModel):
class RatingResponse (line 1029) | class RatingResponse(BaseModel):
class RatingInfoResponse (line 1036) | class RatingInfoResponse(BaseModel):
class AnthropicRepository (line 1046) | class AnthropicRepository(BaseModel):
class AnthropicStdioTransport (line 1055) | class AnthropicStdioTransport(BaseModel):
class AnthropicStreamableHttpTransport (line 1064) | class AnthropicStreamableHttpTransport(BaseModel):
class AnthropicSseTransport (line 1072) | class AnthropicSseTransport(BaseModel):
class AnthropicPackage (line 1079) | class AnthropicPackage(BaseModel):
class AnthropicServerDetail (line 1090) | class AnthropicServerDetail(BaseModel):
class AnthropicServerResponse (line 1107) | class AnthropicServerResponse(BaseModel):
class AnthropicPaginationMetadata (line 1118) | class AnthropicPaginationMetadata(BaseModel):
class AnthropicServerList (line 1125) | class AnthropicServerList(BaseModel):
class AnthropicErrorResponse (line 1132) | class AnthropicErrorResponse(BaseModel):
class RegistryCapabilitiesResponse (line 1141) | class RegistryCapabilitiesResponse(BaseModel):
class RegistryAuthConfigResponse (line 1153) | class RegistryAuthConfigResponse(BaseModel):
class RegistryContactResponse (line 1162) | class RegistryContactResponse(BaseModel):
class RegistryCardResponse (line 1169) | class RegistryCardResponse(BaseModel):
class M2MAccountRequest (line 1194) | class M2MAccountRequest(BaseModel):
class HumanUserRequest (line 1202) | class HumanUserRequest(BaseModel):
class UserSummary (line 1213) | class UserSummary(BaseModel):
class UserListResponse (line 1225) | class UserListResponse(BaseModel):
class UserDeleteResponse (line 1232) | class UserDeleteResponse(BaseModel):
class M2MAccountResponse (line 1239) | class M2MAccountResponse(BaseModel):
class GroupCreateRequest (line 1249) | class GroupCreateRequest(BaseModel):
class GroupSummary (line 1256) | class GroupSummary(BaseModel):
class IdPM2MClient (line 1265) | class IdPM2MClient(BaseModel):
class M2MClientListResponse (line 1286) | class M2MClientListResponse(BaseModel):
class GroupSyncStatusResponse (line 1295) | class GroupSyncStatusResponse(BaseModel):
class GroupDeleteResponse (line 1311) | class GroupDeleteResponse(BaseModel):
class SkillRegistrationRequest (line 1323) | class SkillRegistrationRequest(BaseModel):
class SkillCard (line 1344) | class SkillCard(BaseModel):
class SkillListResponse (line 1374) | class SkillListResponse(BaseModel):
class SkillHealthResponse (line 1384) | class SkillHealthResponse(BaseModel):
class SkillContentResponse (line 1394) | class SkillContentResponse(BaseModel):
class SkillSearchResponse (line 1401) | class SkillSearchResponse(BaseModel):
class SkillToggleResponse (line 1409) | class SkillToggleResponse(BaseModel):
class SkillRatingResponse (line 1416) | class SkillRatingResponse(BaseModel):
class AppLogEntry (line 1425) | class AppLogEntry(BaseModel):
class AppLogResponse (line 1440) | class AppLogResponse(BaseModel):
class AppLogMetadataResponse (line 1450) | class AppLogMetadataResponse(BaseModel):
class RegistryClient (line 1458) | class RegistryClient:
method __init__ (line 1471) | def __init__(self, registry_url: str, token: str):
method _get_headers (line 1486) | def _get_headers(self) -> dict[str, str]:
method _make_request (line 1495) | def _make_request(
method register_service (line 1563) | def register_service(self, registration: InternalServiceRegistration) ...
method remove_service (line 1598) | def remove_service(self, service_path: str) -> dict[str, Any]:
method toggle_service (line 1620) | def toggle_service(self, service_path: str) -> ToggleResponse:
method update_server_credential (line 1643) | def update_server_credential(
method list_services (line 1682) | def list_services(
method healthcheck (line 1725) | def healthcheck(self) -> dict[str, Any]:
method get_config (line 1743) | def get_config(self) -> dict[str, Any]:
method get_well_known_registry_card (line 1765) | def get_well_known_registry_card(self) -> RegistryCardResponse:
method get_registry_card (line 1789) | def get_registry_card(self) -> RegistryCardResponse:
method update_registry_card (line 1813) | def update_registry_card(self, card_data: dict[str, Any]) -> dict[str,...
method patch_registry_card (line 1839) | def patch_registry_card(self, updates: dict[str, Any]) -> dict[str, Any]:
method add_server_to_groups (line 1865) | def add_server_to_groups(self, server_name: str, group_names: list[str...
method remove_server_from_groups (line 1890) | def remove_server_from_groups(self, server_name: str, group_names: lis...
method create_group (line 1915) | def create_group(
method delete_group (line 1946) | def delete_group(
method import_group (line 1978) | def import_group(self, group_definition: dict[str, Any]) -> dict[str, ...
method list_groups (line 2011) | def list_groups(
method get_group (line 2043) | def get_group(self, group_name: str) -> dict[str, Any]:
method register_agent (line 2065) | def register_agent(self, agent: AgentRegistration) -> AgentRegistratio...
method list_agents (line 2091) | def list_agents(
method get_agent (line 2140) | def get_agent(self, path: str) -> AgentDetail:
method update_agent (line 2161) | def update_agent(self, path: str, agent: AgentRegistration) -> AgentDe...
method delete_agent (line 2187) | def delete_agent(self, path: str) -> None:
method toggle_agent (line 2203) | def toggle_agent(self, path: str, enabled: bool) -> AgentToggleResponse:
method discover_agents_by_skills (line 2231) | def discover_agents_by_skills(
method discover_agents_semantic (line 2264) | def discover_agents_semantic(
method semantic_search_servers (line 2292) | def semantic_search_servers(
method semantic_search (line 2335) | def semantic_search(
method rate_agent (line 2387) | def rate_agent(self, path: str, rating: int) -> RatingResponse:
method get_agent_rating (line 2417) | def get_agent_rating(self, path: str) -> RatingInfoResponse:
method rescan_agent (line 2443) | def rescan_agent(self, path: str) -> AgentRescanResponse:
method get_agent_security_scan (line 2473) | def get_agent_security_scan(self, path: str) -> AgentSecurityScanRespo...
method agent_ans_link (line 2498) | def agent_ans_link(
method agent_ans_status (line 2528) | def agent_ans_status(
method agent_ans_unlink (line 2555) | def agent_ans_unlink(
method rate_server (line 2582) | def rate_server(self, path: str, rating: int) -> RatingResponse:
method get_server (line 2612) | def get_server(
method get_server_rating (line 2636) | def get_server_rating(self, path: str) -> RatingInfoResponse:
method get_security_scan (line 2662) | def get_security_scan(self, path: str) -> SecurityScanResult:
method rescan_server (line 2686) | def rescan_server(self, path: str) -> RescanResponse:
method anthropic_list_servers (line 2717) | def anthropic_list_servers(
method anthropic_list_server_versions (line 2750) | def anthropic_list_server_versions(self, server_name: str) -> Anthropi...
method anthropic_get_server_version (line 2780) | def anthropic_get_server_version(
method remove_server_version (line 2815) | def remove_server_version(self, path: str, version: str) -> dict:
method set_default_version (line 2840) | def set_default_version(self, path: str, version: str) -> dict:
method get_server_versions (line 2866) | def get_server_versions(self, path: str) -> dict:
method list_users (line 2891) | def list_users(self, search: str | None = None, limit: int = 500) -> U...
method create_m2m_account (line 2936) | def create_m2m_account(
method create_human_user (line 2967) | def create_human_user(
method delete_user (line 3013) | def delete_user(self, username: str) -> UserDeleteResponse:
method list_keycloak_iam_groups (line 3036) | def list_keycloak_iam_groups(self) -> GroupListResponse:
method create_keycloak_group (line 3057) | def create_keycloak_group(self, name: str, description: str | None = N...
method delete_keycloak_group (line 3085) | def delete_keycloak_group(self, name: str) -> GroupDeleteResponse:
method get_federation_config (line 3108) | def get_federation_config(self, config_id: str = "default") -> dict[st...
method save_federation_config (line 3131) | def save_federation_config(
method delete_federation_config (line 3160) | def delete_federation_config(self, config_id: str = "default") -> dict...
method list_federation_configs (line 3183) | def list_federation_configs(self) -> dict[str, Any]:
method add_anthropic_server (line 3201) | def add_anthropic_server(self, server_name: str, config_id: str = "def...
method remove_anthropic_server (line 3227) | def remove_anthropic_server(
method add_asor_agent (line 3254) | def add_asor_agent(self, agent_id: str, config_id: str = "default") ->...
method remove_asor_agent (line 3280) | def remove_asor_agent(self, agent_id: str, config_id: str = "default")...
method sync_federation (line 3304) | def sync_federation(
method list_peers (line 3340) | def list_peers(self, enabled: bool | None = None) -> dict[str, Any]:
method add_peer (line 3367) | def add_peer(self, config: dict[str, Any]) -> dict[str, Any]:
method get_peer (line 3389) | def get_peer(self, peer_id: str) -> dict[str, Any]:
method update_peer (line 3410) | def update_peer(self, peer_id: str, config: dict[str, Any]) -> dict[st...
method update_peer_token (line 3432) | def update_peer_token(self, peer_id: str, federation_token: str) -> di...
method remove_peer (line 3461) | def remove_peer(self, peer_id: str) -> dict[str, Any]:
method sync_peer (line 3487) | def sync_peer(self, peer_id: str) -> dict[str, Any]:
method sync_all_peers (line 3508) | def sync_all_peers(self) -> dict[str, Any]:
method get_peer_status (line 3526) | def get_peer_status(self, peer_id: str) -> dict[str, Any]:
method enable_peer (line 3547) | def enable_peer(self, peer_id: str) -> dict[str, Any]:
method disable_peer (line 3568) | def disable_peer(self, peer_id: str) -> dict[str, Any]:
method get_peer_connections (line 3589) | def get_peer_connections(self) -> dict[str, Any]:
method get_shared_resources (line 3607) | def get_shared_resources(self) -> dict[str, Any]:
method register_skill (line 3629) | def register_skill(self, request: SkillRegistrationRequest) -> SkillCard:
method list_skills (line 3652) | def list_skills(
method get_skill (line 3706) | def get_skill(self, path: str) -> SkillCard:
method update_skill (line 3729) | def update_skill(self, path: str, request: SkillRegistrationRequest) -...
method delete_skill (line 3756) | def delete_skill(self, path: str) -> bool:
method toggle_skill (line 3777) | def toggle_skill(self, path: str, enabled: bool) -> SkillToggleResponse:
method check_skill_health (line 3802) | def check_skill_health(self, path: str) -> SkillHealthResponse:
method get_skill_content (line 3824) | def get_skill_content(self, path: str) -> SkillContentResponse:
method search_skills (line 3847) | def search_skills(self, query: str, tags: str | None = None) -> SkillS...
method rate_skill (line 3873) | def rate_skill(self, path: str, rating: int) -> dict[str, Any]:
method get_skill_rating (line 3901) | def get_skill_rating(self, path: str) -> SkillRatingResponse:
method get_skill_security_scan (line 3923) | def get_skill_security_scan(self, path: str) -> SkillSecurityScanRespo...
method rescan_skill (line 3945) | def rescan_skill(self, path: str) -> SkillRescanResponse:
method create_virtual_server (line 3976) | def create_virtual_server(self, request: VirtualServerCreateRequest) -...
method list_virtual_servers (line 4000) | def list_virtual_servers(
method get_virtual_server (line 4033) | def get_virtual_server(self, path: str) -> VirtualServerConfig:
method update_virtual_server (line 4055) | def update_virtual_server(
method delete_virtual_server (line 4083) | def delete_virtual_server(self, path: str) -> VirtualServerDeleteRespo...
method toggle_virtual_server (line 4105) | def toggle_virtual_server(self, path: str, enable: bool) -> VirtualSer...
method rate_virtual_server (line 4131) | def rate_virtual_server(self, path: str, rating: int) -> dict[str, Any]:
method get_virtual_server_rating (line 4159) | def get_virtual_server_rating(self, path: str) -> dict[str, Any]:
method force_heartbeat (line 4183) | def force_heartbeat(self) -> dict[str, Any]:
method force_startup_ping (line 4205) | def force_startup_ping(self) -> dict[str, Any]:
method create_m2m_client (line 4234) | def create_m2m_client(
method list_m2m_clients (line 4273) | def list_m2m_clients(
method get_m2m_client (line 4305) | def get_m2m_client(self, client_id: str) -> IdPM2MClient:
method patch_m2m_client (line 4325) | def patch_m2m_client(
method delete_m2m_client (line 4374) | def delete_m2m_client(self, client_id: str) -> None:
method get_logs (line 4398) | def get_logs(
method get_log_metadata (line 4445) | def get_log_metadata(self) -> AppLogMetadataResponse:
method get_log_services (line 4457) | def get_log_services(self) -> list[str]:
function _format_tool_result (line 4467) | def _format_tool_result(
FILE: api/registry_management.py
function _serialize_security_schemes (line 271) | def _serialize_security_schemes(
function _get_registry_url (line 296) | def _get_registry_url(cli_value: str | None = None) -> str:
function _mask_sensitive_fields (line 323) | def _mask_sensitive_fields(
function _get_client_name (line 358) | def _get_client_name() -> str:
function _get_token_script (line 370) | def _get_token_script() -> str:
function _get_jwt_token (line 385) | def _get_jwt_token(aws_region: str | None = None, keycloak_url: str | No...
function _load_json_config (line 434) | def _load_json_config(config_path: str) -> dict[str, Any]:
function _create_client (line 460) | def _create_client(args: argparse.Namespace) -> RegistryClient:
function cmd_register (line 561) | def cmd_register(args: argparse.Namespace) -> int:
function cmd_list (line 618) | def cmd_list(args: argparse.Namespace) -> int:
function cmd_toggle (line 688) | def cmd_toggle(args: argparse.Namespace) -> int:
function cmd_remove (line 712) | def cmd_remove(args: argparse.Namespace) -> int:
function cmd_healthcheck (line 740) | def cmd_healthcheck(args: argparse.Namespace) -> int:
function cmd_config (line 764) | def cmd_config(args: argparse.Namespace) -> int:
function cmd_add_to_groups (line 802) | def cmd_add_to_groups(args: argparse.Namespace) -> int:
function cmd_remove_from_groups (line 825) | def cmd_remove_from_groups(args: argparse.Namespace) -> int:
function cmd_create_group (line 848) | def cmd_create_group(args: argparse.Namespace) -> int:
function cmd_delete_group (line 872) | def cmd_delete_group(args: argparse.Namespace) -> int:
function cmd_import_group (line 902) | def cmd_import_group(args: argparse.Namespace) -> int:
function cmd_list_groups (line 942) | def cmd_list_groups(args: argparse.Namespace) -> int:
function cmd_describe_group (line 1011) | def cmd_describe_group(args: argparse.Namespace) -> int:
function cmd_server_get (line 1093) | def cmd_server_get(args: argparse.Namespace) -> int:
function cmd_server_rate (line 1131) | def cmd_server_rate(args: argparse.Namespace) -> int:
function cmd_server_rating (line 1155) | def cmd_server_rating(args: argparse.Namespace) -> int:
function cmd_security_scan (line 1189) | def cmd_security_scan(args: argparse.Namespace) -> int:
function cmd_rescan (line 1241) | def cmd_rescan(args: argparse.Namespace) -> int:
function cmd_server_update_credential (line 1285) | def cmd_server_update_credential(args: argparse.Namespace) -> int:
function cmd_server_search (line 1327) | def cmd_server_search(args: argparse.Namespace) -> int:
function cmd_list_versions (line 1461) | def cmd_list_versions(args: argparse.Namespace) -> int:
function cmd_remove_version (line 1497) | def cmd_remove_version(args: argparse.Namespace) -> int:
function cmd_set_default_version (line 1523) | def cmd_set_default_version(args: argparse.Namespace) -> int:
function cmd_agent_register (line 1552) | def cmd_agent_register(args: argparse.Namespace) -> int:
function cmd_agent_list (line 1693) | def cmd_agent_list(args: argparse.Namespace) -> int:
function cmd_agent_get (line 1763) | def cmd_agent_get(args: argparse.Namespace) -> int:
function cmd_agent_update (line 1810) | def cmd_agent_update(args: argparse.Namespace) -> int:
function cmd_agent_delete (line 1927) | def cmd_agent_delete(args: argparse.Namespace) -> int:
function cmd_agent_toggle (line 1955) | def cmd_agent_toggle(args: argparse.Namespace) -> int:
function cmd_agent_discover (line 1979) | def cmd_agent_discover(args: argparse.Namespace) -> int:
function cmd_agent_search (line 2016) | def cmd_agent_search(args: argparse.Namespace) -> int:
function cmd_agent_rate (line 2062) | def cmd_agent_rate(args: argparse.Namespace) -> int:
function cmd_agent_rating (line 2086) | def cmd_agent_rating(args: argparse.Namespace) -> int:
function cmd_agent_security_scan (line 2120) | def cmd_agent_security_scan(args: argparse.Namespace) -> int:
function cmd_agent_rescan (line 2143) | def cmd_agent_rescan(args: argparse.Namespace) -> int:
function cmd_agent_ans_link (line 2195) | def cmd_agent_ans_link(args: argparse.Namespace) -> int:
function cmd_agent_ans_status (line 2227) | def cmd_agent_ans_status(args: argparse.Namespace) -> int:
function cmd_agent_ans_unlink (line 2260) | def cmd_agent_ans_unlink(args: argparse.Namespace) -> int:
function cmd_skill_register (line 2292) | def cmd_skill_register(args: argparse.Namespace) -> int:
function cmd_skill_list (line 2347) | def cmd_skill_list(args: argparse.Namespace) -> int:
function cmd_skill_get (line 2402) | def cmd_skill_get(args: argparse.Namespace) -> int:
function cmd_skill_delete (line 2447) | def cmd_skill_delete(args: argparse.Namespace) -> int:
function cmd_skill_toggle (line 2470) | def cmd_skill_toggle(args: argparse.Namespace) -> int:
function cmd_skill_health (line 2494) | def cmd_skill_health(args: argparse.Namespace) -> int:
function cmd_skill_content (line 2529) | def cmd_skill_content(args: argparse.Namespace) -> int:
function cmd_skill_search (line 2559) | def cmd_skill_search(args: argparse.Namespace) -> int:
function cmd_skill_rate (line 2594) | def cmd_skill_rate(args: argparse.Namespace) -> int:
function cmd_skill_rating (line 2629) | def cmd_skill_rating(args: argparse.Namespace) -> int:
function cmd_skill_security_scan (line 2661) | def cmd_skill_security_scan(args: argparse.Namespace) -> int:
function cmd_skill_rescan (line 2683) | def cmd_skill_rescan(args: argparse.Namespace) -> int:
function cmd_anthropic_list_servers (line 2715) | def cmd_anthropic_list_servers(args: argparse.Namespace) -> int:
function cmd_anthropic_list_versions (line 2763) | def cmd_anthropic_list_versions(args: argparse.Namespace) -> int:
function cmd_anthropic_get_server (line 2800) | def cmd_anthropic_get_server(args: argparse.Namespace) -> int:
function cmd_user_list (line 2865) | def cmd_user_list(args: argparse.Namespace) -> int:
function cmd_user_create_m2m (line 2906) | def cmd_user_create_m2m(args: argparse.Namespace) -> int:
function cmd_user_create_human (line 2943) | def cmd_user_create_human(args: argparse.Namespace) -> int:
function cmd_user_delete (line 2982) | def cmd_user_delete(args: argparse.Namespace) -> int:
function _print_m2m_client (line 3010) | def _print_m2m_client(client: Any) -> None:
function cmd_m2m_client_create (line 3023) | def cmd_m2m_client_create(args: argparse.Namespace) -> int:
function cmd_m2m_client_list (line 3049) | def cmd_m2m_client_list(args: argparse.Namespace) -> int:
function cmd_m2m_client_get (line 3082) | def cmd_m2m_client_get(args: argparse.Namespace) -> int:
function cmd_m2m_client_update (line 3106) | def cmd_m2m_client_update(args: argparse.Namespace) -> int:
function cmd_m2m_client_delete (line 3141) | def cmd_m2m_client_delete(args: argparse.Namespace) -> int:
function cmd_group_create (line 3166) | def cmd_group_create(args: argparse.Namespace) -> int:
function cmd_group_delete (line 3194) | def cmd_group_delete(args: argparse.Namespace) -> int:
function cmd_group_list (line 3222) | def cmd_group_list(args: argparse.Namespace) -> int:
function cmd_federation_get (line 3257) | def cmd_federation_get(args: argparse.Namespace) -> int:
function cmd_federation_save (line 3279) | def cmd_federation_save(args: argparse.Namespace) -> int:
function cmd_federation_delete (line 3310) | def cmd_federation_delete(args: argparse.Namespace) -> int:
function cmd_federation_list (line 3340) | def cmd_federation_list(args: argparse.Namespace) -> int:
function cmd_federation_add_anthropic_server (line 3378) | def cmd_federation_add_anthropic_server(args: argparse.Namespace) -> int:
function cmd_federation_remove_anthropic_server (line 3403) | def cmd_federation_remove_anthropic_server(args: argparse.Namespace) -> ...
function cmd_federation_add_asor_agent (line 3428) | def cmd_federation_add_asor_agent(args: argparse.Namespace) -> int:
function cmd_federation_remove_asor_agent (line 3451) | def cmd_federation_remove_asor_agent(args: argparse.Namespace) -> int:
function cmd_federation_sync (line 3474) | def cmd_federation_sync(args: argparse.Namespace) -> int:
function cmd_peer_list (line 3532) | def cmd_peer_list(args: argparse.Namespace) -> int:
function cmd_peer_add (line 3580) | def cmd_peer_add(args: argparse.Namespace) -> int:
function cmd_peer_get (line 3615) | def cmd_peer_get(args: argparse.Namespace) -> int:
function cmd_peer_update (line 3663) | def cmd_peer_update(args: argparse.Namespace) -> int:
function cmd_peer_update_token (line 3698) | def cmd_peer_update_token(args: argparse.Namespace) -> int:
function cmd_peer_remove (line 3729) | def cmd_peer_remove(args: argparse.Namespace) -> int:
function cmd_peer_sync (line 3759) | def cmd_peer_sync(args: argparse.Namespace) -> int:
function cmd_peer_sync_all (line 3801) | def cmd_peer_sync_all(args: argparse.Namespace) -> int:
function cmd_peer_status (line 3837) | def cmd_peer_status(args: argparse.Namespace) -> int:
function cmd_peer_enable (line 3892) | def cmd_peer_enable(args: argparse.Namespace) -> int:
function cmd_peer_disable (line 3916) | def cmd_peer_disable(args: argparse.Namespace) -> int:
function cmd_peer_connections (line 3940) | def cmd_peer_connections(args: argparse.Namespace) -> int:
function cmd_peer_shared_resources (line 3978) | def cmd_peer_shared_resources(args: argparse.Namespace) -> int:
function cmd_vs_create (line 4010) | def cmd_vs_create(args: argparse.Namespace) -> int:
function cmd_vs_list (line 4093) | def cmd_vs_list(args: argparse.Namespace) -> int:
function cmd_vs_get (line 4137) | def cmd_vs_get(args: argparse.Namespace) -> int:
function cmd_vs_update (line 4190) | def cmd_vs_update(args: argparse.Namespace) -> int:
function cmd_vs_delete (line 4268) | def cmd_vs_delete(args: argparse.Namespace) -> int:
function cmd_vs_toggle (line 4305) | def cmd_vs_toggle(args: argparse.Namespace) -> int:
function cmd_vs_rate (line 4339) | def cmd_vs_rate(args: argparse.Namespace) -> int:
function cmd_vs_rating (line 4366) | def cmd_vs_rating(args: argparse.Namespace) -> int:
function cmd_registry_card_get (line 4388) | def cmd_registry_card_get(args: argparse.Namespace) -> int:
function cmd_registry_card_discover (line 4410) | def cmd_registry_card_discover(args: argparse.Namespace) -> int:
function cmd_registry_card_update (line 4432) | def cmd_registry_card_update(args: argparse.Namespace) -> int:
function cmd_telemetry_heartbeat (line 4468) | def cmd_telemetry_heartbeat(args: argparse.Namespace) -> int:
function cmd_telemetry_startup (line 4496) | def cmd_telemetry_startup(args: argparse.Namespace) -> int:
function cmd_logs (line 4524) | def cmd_logs(args: argparse.Namespace) -> int:
function main (line 4570) | def main() -> int:
FILE: auth_server/cognito_utils.py
function generate_token (line 12) | def generate_token(
FILE: auth_server/metrics_middleware.py
class AuthMetricsMiddleware (line 30) | class AuthMetricsMiddleware(BaseHTTPMiddleware):
method __init__ (line 42) | def __init__(self, app, service_name: str = "auth-server"):
method hash_username (line 64) | def hash_username(self, username: str) -> str:
method _cleanup_sessions_if_needed (line 70) | async def _cleanup_sessions_if_needed(self):
method extract_server_name_from_url (line 106) | def extract_server_name_from_url(self, original_url: str) -> str:
method extract_tool_and_method_info (line 121) | async def extract_tool_and_method_info(self, request: Request) -> dict...
method dispatch (line 161) | async def dispatch(self, request: Request, call_next: Callable) -> Res...
method _emit_auth_metric (line 282) | async def _emit_auth_metric(
method _emit_tool_execution_metric (line 328) | async def _emit_tool_execution_metric(
method _emit_protocol_latency_metric (line 397) | async def _emit_protocol_latency_metric(
function add_auth_metrics_middleware (line 512) | def add_auth_metrics_middleware(app, service_name: str = "auth-server"):
FILE: auth_server/mongodb_groups_enrichment.py
function _get_mongodb (line 27) | async def _get_mongodb() -> AsyncIOMotorDatabase:
function enrich_groups_from_mongodb (line 67) | async def enrich_groups_from_mongodb(
function should_enrich_groups (line 118) | def should_enrich_groups(validation_result: dict) -> bool:
FILE: auth_server/providers/auth0.py
class Auth0Provider (line 28) | class Auth0Provider(AuthProvider):
method __init__ (line 39) | def __init__(
method validate_token (line 87) | def validate_token(self, token: str, **kwargs: Any) -> dict[str, Any]:
method _validate_self_signed_token (line 189) | def _validate_self_signed_token(self, token: str) -> dict[str, Any]:
method get_jwks (line 261) | def get_jwks(self) -> dict[str, Any]:
method exchange_code_for_token (line 292) | def exchange_code_for_token(self, code: str, redirect_uri: str) -> dic...
method get_user_info (line 330) | def get_user_info(self, access_token: str) -> dict[str, Any]:
method get_auth_url (line 358) | def get_auth_url(self, redirect_uri: str, state: str, scope: str | Non...
method get_logout_url (line 388) | def get_logout_url(self, redirect_uri: str) -> str:
method refresh_token (line 408) | def refresh_token(self, refresh_token: str) -> dict[str, Any]:
method validate_m2m_token (line 444) | def validate_m2m_token(self, token: str) -> dict[str, Any]:
method get_m2m_token (line 458) | def get_m2m_token(
method extract_user_from_tokens (line 510) | def extract_user_from_tokens(self, token_data: dict[str, Any]) -> dict...
method get_provider_info (line 577) | def get_provider_info(self) -> dict[str, Any]:
FILE: auth_server/providers/base.py
class AuthProvider (line 15) | class AuthProvider(ABC):
method validate_token (line 19) | def validate_token(self, token: str, **kwargs: Any) -> dict[str, Any]:
method get_jwks (line 43) | def get_jwks(self) -> dict[str, Any]:
method exchange_code_for_token (line 55) | def exchange_code_for_token(self, code: str, redirect_uri: str) -> dic...
method get_user_info (line 76) | def get_user_info(self, access_token: str) -> dict[str, Any]:
method get_auth_url (line 95) | def get_auth_url(self, redirect_uri: str, state: str, scope: str | Non...
method get_logout_url (line 109) | def get_logout_url(self, redirect_uri: str) -> str:
method refresh_token (line 121) | def refresh_token(self, refresh_token: str) -> dict[str, Any]:
method validate_m2m_token (line 136) | def validate_m2m_token(self, token: str) -> dict[str, Any]:
method get_m2m_token (line 151) | def get_m2m_token(
FILE: auth_server/providers/cognito.py
class CognitoProvider (line 21) | class CognitoProvider(AuthProvider):
method __init__ (line 24) | def __init__(
method validate_token (line 72) | def validate_token(self, token: str, **kwargs: Any) -> dict[str, Any]:
method get_jwks (line 135) | def get_jwks(self) -> dict[str, Any]:
method exchange_code_for_token (line 159) | def exchange_code_for_token(self, code: str, redirect_uri: str) -> dic...
method get_user_info (line 186) | def get_user_info(self, access_token: str) -> dict[str, Any]:
method get_auth_url (line 204) | def get_auth_url(self, redirect_uri: str, state: str, scope: str | Non...
method get_logout_url (line 221) | def get_logout_url(self, redirect_uri: str) -> str:
method refresh_token (line 232) | def refresh_token(self, refresh_token: str) -> dict[str, Any]:
method validate_m2m_token (line 258) | def validate_m2m_token(self, token: str) -> dict[str, Any]:
method get_m2m_token (line 263) | def get_m2m_token(
method get_provider_info (line 296) | def get_provider_info(self) -> dict[str, Any]:
FILE: auth_server/providers/entra.py
class EntraIdProvider (line 30) | class EntraIdProvider(AuthProvider):
method __init__ (line 41) | def __init__(self, tenant_id: str, client_id: str, client_secret: str):
method validate_token (line 78) | def validate_token(self, token: str, **kwargs: Any) -> dict[str, Any]:
method _validate_self_signed_token (line 187) | def _validate_self_signed_token(self, token: str) -> dict[str, Any]:
method get_jwks (line 259) | def get_jwks(self) -> dict[str, Any]:
method exchange_code_for_token (line 290) | def exchange_code_for_token(self, code: str, redirect_uri: str) -> dic...
method get_user_info (line 333) | def get_user_info(self, access_token: str) -> dict[str, Any]:
method get_auth_url (line 366) | def get_auth_url(self, redirect_uri: str, state: str, scope: str | Non...
method get_logout_url (line 392) | def get_logout_url(self, redirect_uri: str) -> str:
method refresh_token (line 410) | def refresh_token(self, refresh_token: str) -> dict[str, Any]:
method validate_m2m_token (line 446) | def validate_m2m_token(self, token: str) -> dict[str, Any]:
method get_m2m_token (line 460) | def get_m2m_token(
method initiate_device_code_flow (line 513) | def initiate_device_code_flow(self, scope: str | None = None) -> dict[...
method poll_device_code_token (line 561) | def poll_device_code_token(
method get_provider_info (line 632) | def get_provider_info(self) -> dict[str, Any]:
FILE: auth_server/providers/factory.py
function get_auth_provider (line 21) | def get_auth_provider(provider_type: str | None = None) -> AuthProvider:
function _create_keycloak_provider (line 52) | def _create_keycloak_provider() -> KeycloakProvider:
function _create_cognito_provider (line 95) | def _create_cognito_provider() -> CognitoProvider:
function _create_entra_provider (line 134) | def _create_entra_provider() -> EntraIdProvider:
function _create_okta_provider (line 161) | def _create_okta_provider() -> OktaProvider:
function _create_auth0_provider (line 194) | def _create_auth0_provider() -> Auth0Provider:
function _get_provider_health_info (line 235) | def _get_provider_health_info() -> dict:
FILE: auth_server/providers/keycloak.py
class KeycloakProvider (line 29) | class KeycloakProvider(AuthProvider):
method __init__ (line 32) | def __init__(
method validate_token (line 80) | def validate_token(self, token: str, **kwargs: Any) -> dict[str, Any]:
method _validate_self_signed_token (line 170) | def _validate_self_signed_token(self, token: str) -> dict[str, Any]:
method get_jwks (line 242) | def get_jwks(self) -> dict[str, Any]:
method exchange_code_for_token (line 266) | def exchange_code_for_token(self, code: str, redirect_uri: str) -> dic...
method get_user_info (line 291) | def get_user_info(self, access_token: str) -> dict[str, Any]:
method get_auth_url (line 311) | def get_auth_url(self, redirect_uri: str, state: str, scope: str | Non...
method get_logout_url (line 328) | def get_logout_url(self, redirect_uri: str) -> str:
method refresh_token (line 339) | def refresh_token(self, refresh_token: str) -> dict[str, Any]:
method validate_m2m_token (line 363) | def validate_m2m_token(self, token: str) -> dict[str, Any]:
method get_m2m_token (line 368) | def get_m2m_token(
method _get_openid_configuration (line 398) | def _get_openid_configuration(self) -> dict[str, Any]:
method _check_keycloak_health (line 414) | def _check_keycloak_health(self) -> bool:
method get_provider_info (line 423) | def get_provider_info(self) -> dict[str, Any]:
FILE: auth_server/providers/okta.py
class OktaProvider (line 28) | class OktaProvider(AuthProvider):
method __init__ (line 39) | def __init__(
method validate_token (line 103) | def validate_token(self, token: str, **kwargs: Any) -> dict[str, Any]:
method _validate_self_signed_token (line 223) | def _validate_self_signed_token(self, token: str) -> dict[str, Any]:
method get_jwks (line 299) | def get_jwks(self) -> dict[str, Any]:
method exchange_code_for_token (line 354) | def exchange_code_for_token(self, code: str, redirect_uri: str) -> dic...
method get_user_info (line 389) | def get_user_info(self, access_token: str) -> dict[str, Any]:
method get_auth_url (line 413) | def get_auth_url(self, redirect_uri: str, state: str, scope: str | Non...
method get_logout_url (line 436) | def get_logout_url(self, redirect_uri: str) -> str:
method refresh_token (line 457) | def refresh_token(self, refresh_token: str) -> dict[str, Any]:
method validate_m2m_token (line 501) | def validate_m2m_token(self, token: str) -> dict[str, Any]:
method get_m2m_token (line 518) | def get_m2m_token(
method get_provider_info (line 558) | def get_provider_info(self) -> dict[str, Any]:
FILE: auth_server/server.py
class _RegistryApiKeyEntry (line 140) | class _RegistryApiKeyEntry(BaseModel):
method _validate_name (line 163) | def _validate_name(
function _repair_stripped_json (line 176) | def _repair_stripped_json(
function _parse_registry_api_keys (line 204) | def _parse_registry_api_keys(
function _build_static_token_map (line 264) | async def _build_static_token_map() -> None:
function is_request_https (line 386) | def is_request_https(request) -> bool:
function mask_sensitive_id (line 415) | def mask_sensitive_id(value: str) -> str:
function hash_username (line 422) | def hash_username(username: str) -> str:
function anonymize_ip (line 429) | def anonymize_ip(ip_address: str) -> str:
function mask_token (line 446) | def mask_token(token: str) -> str:
function _is_safe_redirect_url (line 455) | def _is_safe_redirect_url(
function _mask_sensitive_dict (line 488) | def _mask_sensitive_dict(
function mask_headers (line 525) | def mask_headers(headers: dict) -> dict:
function map_groups_to_scopes (line 547) | async def map_groups_to_scopes(groups: list[str]) -> list[str]:
function validate_session_cookie (line 593) | async def validate_session_cookie(cookie_value: str) -> dict[str, any]:
function parse_server_and_tool_from_url (line 652) | def parse_server_and_tool_from_url(original_url: str) -> tuple[str | Non...
function _normalize_server_name (line 682) | def _normalize_server_name(name: str) -> str:
function _server_names_match (line 700) | def _server_names_match(name1: str, name2: str) -> bool:
function validate_server_tool_access (line 718) | async def validate_server_tool_access(
function validate_scope_subset (line 838) | def validate_scope_subset(user_scopes: list[str], requested_scopes: list...
function check_rate_limit (line 864) | def check_rate_limit(username: str) -> bool:
function lifespan (line 903) | async def lifespan(app: FastAPI):
function startup_event (line 938) | async def startup_event():
class TokenValidationResponse (line 956) | class TokenValidationResponse(BaseModel):
class GenerateTokenRequest (line 967) | class GenerateTokenRequest(BaseModel):
class GenerateTokenResponse (line 976) | class GenerateTokenResponse(BaseModel):
class SimplifiedCognitoValidator (line 989) | class SimplifiedCognitoValidator:
method __init__ (line 994) | def __init__(self, region: str = "us-east-1"):
method _get_cognito_client (line 1005) | def _get_cognito_client(self, region: str):
method _get_jwks (line 1011) | def _get_jwks(self, user_pool_id: str, region: str) -> dict:
method validate_jwt_token (line 1037) | def validate_jwt_token(
method validate_with_boto3 (line 1136) | def validate_with_boto3(self, access_token: str, region: str = None) -...
method validate_self_signed_token (line 1195) | def validate_self_signed_token(self, access_token: str) -> dict:
method validate_token (line 1269) | def validate_token(
function _is_registry_api_request (line 1348) | def _is_registry_api_request(
function _check_registry_static_token (line 1376) | def _check_registry_static_token(
function _is_federation_api_request (line 1419) | def _is_federation_api_request(
function health_check (line 1444) | async def health_check():
function validate_request (line 1450) | async def validate_request(request: Request):
function get_auth_config (line 2046) | async def get_auth_config():
function manage_federation_token (line 2082) | async def manage_federation_token(request: Request):
function generate_user_token (line 2147) | async def generate_user_token(request: GenerateTokenRequest):
function reload_scopes (line 2327) | async def reload_scopes(request: Request, authorization: str | None = He...
function parse_arguments (line 2400) | def parse_arguments():
function main (line 2428) | def main():
function load_oauth2_config (line 2447) | def load_oauth2_config():
function auto_derive_cognito_domain (line 2462) | def auto_derive_cognito_domain(user_pool_id: str) -> str:
function substitute_env_vars (line 2477) | def substitute_env_vars(config):
function get_mcp_logger (line 2536) | def get_mcp_logger() -> MCPLogger | None:
function get_enabled_providers (line 2580) | def get_enabled_providers():
function get_oauth2_providers (line 2648) | async def get_oauth2_providers():
function oauth2_login (line 2663) | async def oauth2_login(provider: str, request: Request, redirect_uri: st...
function oauth2_callback (line 2767) | async def oauth2_callback(
function exchange_code_for_token (line 3113) | async def exchange_code_for_token(
function get_user_info (line 3140) | async def get_user_info(access_token: str, provider_config: dict) -> dict:
function map_user_info (line 3150) | def map_user_info(user_info: dict, provider_config: dict) -> dict:
function oauth2_logout (line 3194) | async def oauth2_logout(
FILE: cli/agent_mgmt.py
function _extract_username_from_jwt (line 74) | def _extract_username_from_jwt(token: str) -> str:
function _get_token_expiration (line 95) | def _get_token_expiration(token: str) -> int | None:
function _is_token_expired (line 118) | def _is_token_expired(token: str, buffer_seconds: int = 30) -> bool:
function _regenerate_token (line 136) | def _regenerate_token(token_file: str) -> bool:
function _load_token (line 204) | def _load_token(token_file: str) -> tuple[str, str]:
function _make_request (line 249) | def _make_request(
function _print_response (line 333) | def _print_response(response: requests.Response) -> None:
function list_agents (line 342) | def list_agents(
function get_agent (line 384) | def get_agent(
function _check_agent_health (line 419) | def _check_agent_health(
function test_agent (line 466) | def test_agent(
function test_all_agents (line 528) | def test_all_agents(
function search_agents (line 596) | def search_agents(
function register_agent (line 644) | def register_agent(
function update_agent (line 735) | def update_agent(
function delete_agent (line 790) | def delete_agent(
function toggle_agent (line 825) | def toggle_agent(
function main (line 866) | def main() -> None:
FILE: cli/agentcore/discovery.py
class AgentCoreScanner (line 21) | class AgentCoreScanner:
method __init__ (line 29) | def __init__(
method scan_gateways (line 72) | def scan_gateways(self) -> list[dict[str, Any]]:
method _get_gateway_targets (line 102) | def _get_gateway_targets(
method scan_runtimes (line 136) | def scan_runtimes(self) -> list[dict[str, Any]]:
method _get_runtime_endpoints (line 167) | def _get_runtime_endpoints(
FILE: cli/agentcore/models.py
class TargetInfo (line 35) | class TargetInfo(BaseModel):
class GatewayInfo (line 46) | class GatewayInfo(BaseModel):
class RuntimeInfo (line 60) | class RuntimeInfo(BaseModel):
class SyncResult (line 73) | class SyncResult(BaseModel):
class SyncSummary (line 85) | class SyncSummary(BaseModel):
function _slugify (line 105) | def _slugify(name: str) -> str:
function _display_name (line 138) | def _display_name(name: str) -> str:
function _validate_https_url (line 158) | def _validate_https_url(url: str, resource_name: str) -> bool:
function _build_invocation_url (line 181) | def _build_invocation_url(region: str, runtime_arn: str) -> str:
function _get_auth_scheme (line 190) | def _get_auth_scheme(authorizer_type: str) -> str:
function _load_token (line 204) | def _load_token(token_file: str) -> str:
FILE: cli/agentcore/registration.py
function _detect_idp_vendor (line 62) | def _detect_idp_vendor(discovery_url: str) -> str:
function _retry_registry_call (line 75) | def _retry_registry_call(func):
function _is_conflict_error (line 99) | def _is_conflict_error(exc: Exception) -> bool:
class RegistrationBuilder (line 134) | class RegistrationBuilder:
method __init__ (line 137) | def __init__(
method _get_account_id (line 148) | def _get_account_id(self) -> str:
method build_gateway_registration (line 155) | def build_gateway_registration(
method build_target_registration (line 205) | def build_target_registration(
method build_runtime_mcp_registration (line 251) | def build_runtime_mcp_registration(
method build_runtime_agent_registration (line 282) | def build_runtime_agent_registration(
class SyncOrchestrator (line 332) | class SyncOrchestrator:
method __init__ (line 345) | def __init__(
method sync_gateways (line 371) | def sync_gateways(self) -> None:
method sync_runtimes (line 383) | def sync_runtimes(self) -> None:
method write_manifest (line 391) | def write_manifest(self) -> None:
method print_summary (line 412) | def print_summary(self) -> None:
method _collect_manifest_entry (line 466) | def _collect_manifest_entry(
method _register_gateway (line 498) | def _register_gateway(self, gateway: dict[str, Any]) -> None:
method _register_target (line 561) | def _register_target(self, gateway: dict[str, Any], target: dict[str, ...
method _register_runtime (line 602) | def _register_runtime(self, runtime: dict[str, Any]) -> None:
method _register_runtime_as_server (line 611) | def _register_runtime_as_server(self, runtime: dict[str, Any]) -> None:
method _register_runtime_as_agent (line 644) | def _register_runtime_as_agent(self, runtime: dict[str, Any]) -> None:
method _register_service_with_retry (line 693) | def _register_service_with_retry(self, registration: InternalServiceRe...
method _register_agent_with_retry (line 697) | def _register_agent_with_retry(self, registration: AgentRegistration) ...
method _update_agent_with_retry (line 701) | def _update_agent_with_retry(
FILE: cli/agentcore/sync.py
function build_parser (line 36) | def build_parser() -> argparse.ArgumentParser:
function _parse_account_ids (line 172) | def _parse_account_ids(accounts_str: str) -> list[str]:
function _assume_role_session (line 179) | def _assume_role_session(
function cmd_sync (line 225) | def cmd_sync(args: argparse.Namespace) -> int:
function cmd_list (line 310) | def cmd_list(args: argparse.Namespace) -> int:
function _print_list_text (line 380) | def _print_list_text(
function main (line 426) | def main(argv: list[str] | None = None) -> int:
FILE: cli/agentcore/token_refresher.py
function _read_manifest (line 74) | def _read_manifest(
function _detect_idp_vendor (line 105) | def _detect_idp_vendor(
function _get_cognito_client_secret (line 124) | def _get_cognito_client_secret(
function _get_client_secret (line 161) | def _get_client_secret(
function _get_token_endpoint (line 205) | def _get_token_endpoint(
function _request_token (line 234) | def _request_token(
function _update_registry_credential (line 270) | def _update_registry_credential(
function _trigger_security_scan (line 324) | def _trigger_security_scan(
function _load_registry_token (line 380) | def _load_registry_token(
function refresh_all (line 423) | def refresh_all(
function main (line 529) | def main() -> None:
FILE: cli/anthropic_transformer.py
function _substitute_env_vars_in_headers (line 33) | def _substitute_env_vars_in_headers(headers: list[dict[str, str]]) -> li...
function _extract_remote_info (line 78) | def _extract_remote_info(
function _generate_tags (line 132) | def _generate_tags(name: str) -> list[str]:
function transform_anthropic_to_gateway (line 146) | def transform_anthropic_to_gateway(
function _run_example (line 197) | def _run_example() -> None:
FILE: cli/get_user_token.py
function _get_env_or_error (line 44) | def _get_env_or_error(name: str, default: str | None = None) -> str:
function _initiate_device_code_flow (line 63) | def _initiate_device_code_flow(tenant_id: str, client_id: str, scope: st...
function _poll_for_token (line 96) | def _poll_for_token(
function _save_token (line 154) | def _save_token(token_data: dict, output_path: str) -> None:
function _extract_access_token (line 173) | def _extract_access_token(token_data: dict) -> str:
function main (line 185) | def main() -> int:
FILE: cli/mcp_client.py
function _check_token_expiration (line 21) | def _check_token_expiration(access_token: str) -> None:
function _load_token_from_file (line 95) | def _load_token_from_file(file_path: str) -> str | None:
function _load_m2m_credentials (line 138) | def _load_m2m_credentials() -> str | None:
function main (line 175) | def main():
FILE: cli/mcp_security_scanner.py
class SecurityScanResult (line 37) | class SecurityScanResult(BaseModel):
function _get_llm_api_key (line 51) | def _get_llm_api_key(cli_value: str | None = None) -> str:
function _ensure_output_directory (line 73) | def _ensure_output_directory() -> Path:
function _run_mcp_scanner (line 79) | def _run_mcp_scanner(
function _analyze_scan_results (line 213) | def _analyze_scan_results(raw_output: dict) -> tuple[bool, int, int, int...
function _save_scan_output (line 258) | def _save_scan_output(server_url: str, raw_output: dict) -> str:
function _disable_unsafe_server (line 308) | def _disable_unsafe_server(server_path: str) -> bool:
function _extract_server_path_from_url (line 340) | def _extract_server_path_from_url(server_url: str) -> str | None:
function scan_server (line 370) | def scan_server(
function main (line 501) | def main():
FILE: cli/mcp_utils.py
function _validate_url_scheme (line 35) | def _validate_url_scheme(url: str) -> None:
function _load_oauth_token_from_file (line 54) | def _load_oauth_token_from_file(token_file_path: str | Path) -> str | None:
function _get_auth_token (line 95) | def _get_auth_token(
class MCPClient (line 127) | class MCPClient:
method __init__ (line 135) | def __init__(
method _get_next_request_id (line 165) | def _get_next_request_id(self) -> int:
method _build_headers (line 170) | def _build_headers(self) -> dict[str, str]:
method _make_request (line 191) | def _make_request(self, payload: dict[str, Any]) -> dict[str, Any]:
method _parse_sse_response (line 248) | def _parse_sse_response(self, sse_data: str) -> dict[str, Any]:
method initialize (line 268) | def initialize(self) -> dict[str, Any]:
method _send_initialized (line 293) | def _send_initialized(self) -> None:
method ping (line 302) | def ping(self) -> dict[str, Any]:
method list_tools (line 312) | def list_tools(self) -> dict[str, Any]:
method call_tool (line 322) | def call_tool(self, tool_name: str, arguments: dict[str, Any] | None =...
method call_mcpgw_tool (line 354) | def call_mcpgw_tool(self, tool_name: str, params: dict[str, Any]) -> d...
class MCPSession (line 371) | class MCPSession:
method __init__ (line 379) | def __init__(self, client: MCPClient):
method __enter__ (line 389) | def __enter__(self) -> MCPClient:
method __exit__ (line 400) | def __exit__(self, exc_type, exc_val, exc_tb):
function create_mcp_client (line 406) | def create_mcp_client(
function create_mcp_session (line 423) | def create_mcp_session(
FILE: cli/registry_cli_wrapper.py
function _load_token_from_file (line 33) | def _load_token_from_file(
function _get_registry_client (line 52) | def _get_registry_client(
function _print_json_response (line 76) | def _print_json_response(
function _handle_service_add (line 87) | def _handle_service_add(
function _handle_service_delete (line 101) | def _handle_service_delete(
function _handle_service_list (line 111) | def _handle_service_list(
function _handle_service_monitor (line 121) | def _handle_service_monitor(
function _handle_group_create (line 129) | def _handle_group_create(
function _handle_group_delete (line 139) | def _handle_group_delete(
function _handle_group_list (line 149) | def _handle_group_list(
function _handle_user_create_m2m (line 159) | def _handle_user_create_m2m(
function _handle_user_create_human (line 171) | def _handle_user_create_human(
function _handle_user_delete (line 190) | def _handle_user_delete(
function _handle_user_list (line 200) | def _handle_user_list(
function _handle_anthropic_list (line 210) | def _handle_anthropic_list(
function _handle_anthropic_get (line 220) | def _handle_anthropic_get(
function _handle_agent_list (line 230) | def _handle_agent_list(
function _handle_agent_get (line 243) | def _handle_agent_get(
function _handle_agent_search (line 253) | def _handle_agent_search(
function main (line 263) | def main() -> None:
FILE: cli/scan_all_servers.py
function _run_security_scan (line 47) | def _run_security_scan(
function _generate_markdown_report (line 197) | def _generate_markdown_report(
function _scan_all_servers (line 361) | def _scan_all_servers(
function main (line 509) | def main():
FILE: cli/src/agent/agentRunner.ts
type AgentMessage (line 5) | interface AgentMessage {
type AgentConfig (line 10) | interface AgentConfig {
type AgentResult (line 19) | interface AgentResult {
constant DEFAULT_PROVIDER (line 25) | const DEFAULT_PROVIDER = getDefaultProvider();
constant DEFAULT_MODEL (line 26) | const DEFAULT_MODEL = getDefaultModel(DEFAULT_PROVIDER);
type ConversationEntry (line 28) | type ConversationEntry = {
function runAgentTurn (line 34) | async function runAgentTurn(history: AgentMessage[], config: AgentConfig...
function buildSystemPrompt (line 136) | function buildSystemPrompt(registryVersion?: string): string {
FILE: cli/src/agent/anthropicClient.ts
function getAnthropicClient (line 5) | function getAnthropicClient(): Anthropic {
FILE: cli/src/agent/bedrockClient.ts
function getBedrockClient (line 5) | function getBedrockClient(): BedrockRuntimeClient {
FILE: cli/src/agent/modelClient.ts
type ModelProvider (line 5) | type ModelProvider = "bedrock" | "anthropic";
type MessageRequest (line 7) | interface MessageRequest {
type TokenUsage (line 15) | interface TokenUsage {
type MessageResponse (line 21) | interface MessageResponse {
function sendMessage (line 27) | async function sendMessage(
function sendBedrockMessage (line 38) | async function sendBedrockMessage(request: MessageRequest): Promise<Mess...
function sendAnthropicMessage (line 94) | async function sendAnthropicMessage(request: MessageRequest): Promise<Me...
function getDefaultProvider (line 133) | function getDefaultProvider(): ModelProvider {
function getDefaultModel (line 153) | function getDefaultModel(provider: ModelProvider): string {
FILE: cli/src/agent/tools.ts
type AgentToolInvocation (line 6) | interface AgentToolInvocation {
function mapToolCall (line 83) | function mapToolCall(tool: any): AgentToolInvocation {
function executeMappedTool (line 103) | async function executeMappedTool(
function buildTaskContext (line 188) | function buildTaskContext(gatewayUrl: string, baseUrl: string, gatewayTo...
function describeAvailableTasks (line 197) | function describeAvailableTasks(): string {
FILE: cli/src/app.tsx
type ChatRole (line 22) | type ChatRole = "system" | "user" | "assistant" | "tool";
type ChatMessage (line 24) | interface ChatMessage {
type AuthReadyState (line 30) | interface AuthReadyState {
type AuthState (line 35) | type AuthState = {status: "loading"} | AuthReadyState | {status: "error"...
type AppProps (line 37) | interface AppProps {
function App (line 41) | function App({options}: AppProps) {
function buildAgentHistory (line 577) | function buildAgentHistory(messages: ChatMessage[]): AgentMessage[] {
function summariseAuth (line 591) | function summariseAuth(_authState: AuthReadyState, gatewayUrl: string): ...
type MessageBubbleProps (line 599) | interface MessageBubbleProps {
function MessageBubble (line 604) | function MessageBubble({role, text}: MessageBubbleProps) {
function roleLabel (line 644) | function roleLabel(role: ChatRole): string {
function roleColor (line 658) | function roleColor(role: ChatRole): string | undefined {
function deriveGatewayBase (line 672) | function deriveGatewayBase(url: string): string {
FILE: cli/src/auth.ts
type BackendSource (line 5) | type BackendSource = "none" | "token-file" | "m2m" | "explicit";
type GatewaySource (line 6) | type GatewaySource = "none" | "ingress-json" | "env" | "token-file";
type TokenInspection (line 8) | interface TokenInspection {
type AuthContext (line 16) | interface AuthContext {
type ResolveAuthOptions (line 26) | interface ResolveAuthOptions {
constant ONE_MINUTE (line 32) | const ONE_MINUTE = 60;
function resolveAuth (line 34) | async function resolveAuth(options: ResolveAuthOptions): Promise<AuthCon...
function loadTokenFromPlainFile (line 103) | async function loadTokenFromPlainFile(filePath: string): Promise<string ...
function resolveGatewayToken (line 114) | async function resolveGatewayToken(cwd: string): Promise<{token?: string...
function loadOAuthTokenFromFile (line 154) | async function loadOAuthTokenFromFile(filePath: string): Promise<string ...
function fetchM2MToken (line 189) | async function fetchM2MToken(): Promise<{token?: string; warning?: strin...
function buildInspection (line 242) | function buildInspection(label: string, token: string): TokenInspection {
function inspectJwt (line 264) | function inspectJwt(token: string): {
function base64UrlDecode (line 301) | function base64UrlDecode(segment: string): string {
FILE: cli/src/chat/commandParser.ts
type CommandKind (line 3) | type CommandKind = "help" | "ping" | "list" | "servers" | "init" | "call...
type BaseParsedCommand (line 5) | interface BaseParsedCommand {
type HelpCommand (line 9) | interface HelpCommand extends BaseParsedCommand {
type ExitCommand (line 13) | interface ExitCommand extends BaseParsedCommand {
type PingCommand (line 17) | interface PingCommand extends BaseParsedCommand {
type CallCommand (line 21) | interface CallCommand extends BaseParsedCommand {
type TaskCommand (line 28) | interface TaskCommand extends BaseParsedCommand {
type AgentsCommand (line 35) | interface AgentsCommand extends BaseParsedCommand {
type UnknownCommand (line 41) | interface UnknownCommand extends BaseParsedCommand {
type ParsedCommand (line 46) | type ParsedCommand = HelpCommand | ExitCommand | PingCommand | CallComma...
constant TASK_PREFIXES (line 48) | const TASK_PREFIXES: Record<string, TaskCategory> = {
constant SIMPLE_COMMANDS (line 62) | const SIMPLE_COMMANDS: Record<string, PingCommand["kind"]> = {
function parseCommand (line 71) | function parseCommand(input: string): ParsedCommand {
function parseCall (line 159) | function parseCall(tokens: string[]): CallCommand {
function describeCategory (line 188) | function describeCategory(category: TaskCategory): string {
function tokenize (line 203) | function tokenize(text: string): string[] {
function unquote (line 214) | function unquote(token: string): string {
function splitToken (line 226) | function splitToken(token: string): [string | undefined, string | undefi...
FILE: cli/src/chat/taskInterpreter.ts
type TaskResolutionSuccess (line 6) | interface TaskResolutionSuccess {
type TaskResolutionError (line 11) | interface TaskResolutionError {
type TaskResolution (line 15) | type TaskResolution = TaskResolutionSuccess | TaskResolutionError;
function resolveTaskCommand (line 17) | function resolveTaskCommand(command: TaskCommand): TaskResolution {
function resolveTaskKey (line 81) | function resolveTaskKey(category: TaskCategory, subcommand: string): str...
function findField (line 96) | function findField(fields: TaskField[], inputKey: string): TaskField | u...
FILE: cli/src/commands/executor.ts
type CommandExecutionContext (line 9) | interface CommandExecutionContext extends TaskContext {}
function callRegistryWrapper (line 12) | async function callRegistryWrapper(args: string[], context: CommandExecu...
function executeSlashCommand (line 59) | async function executeSlashCommand(
function executeMcp (line 109) | async function executeMcp(command: "ping" | "list" | "init", context: Co...
function executeServers (line 120) | async function executeServers(context: CommandExecutionContext) {
function executeCall (line 173) | async function executeCall(parsed: CallCommand, context: CommandExecutio...
function executeAgents (line 198) | async function executeAgents(parsed: AgentsCommand, context: CommandExec...
function executeAgentsList (line 234) | async function executeAgentsList(context: CommandExecutionContext) {
function executeAgentsGet (line 247) | async function executeAgentsGet(agentPath: string, context: CommandExecu...
function executeAgentsSearch (line 260) | async function executeAgentsSearch(query: string, context: CommandExecut...
function executeAgentsTest (line 273) | async function executeAgentsTest(agentPath: string, context: CommandExec...
function executeAgentsTestAll (line 302) | async function executeAgentsTestAll(context: CommandExecutionContext) {
function describeAgents (line 346) | function describeAgents(): string {
function overviewMessage (line 368) | function overviewMessage(): string {
function detailedHelpMessage (line 391) | function detailedHelpMessage(): string {
FILE: cli/src/components/Banner.tsx
function Banner (line 4) | function Banner() {
FILE: cli/src/components/CallToolForm.tsx
type CallToolPayload (line 5) | interface CallToolPayload {
type CallToolFormProps (line 10) | interface CallToolFormProps {
constant DEFAULT_ARGS (line 17) | const DEFAULT_ARGS = "{}";
function CallToolForm (line 19) | function CallToolForm({initialTool, initialArgs, onSubmit, onCancel}: Ca...
FILE: cli/src/components/CommandSuggestions.tsx
type CommandSuggestionsProps (line 5) | interface CommandSuggestionsProps {
function CommandSuggestions (line 10) | function CommandSuggestions({ suggestions, selectedIndex }: CommandSugge...
FILE: cli/src/components/JsonViewer.tsx
type JsonViewerProps (line 4) | interface JsonViewerProps {
function JsonViewer (line 10) | function JsonViewer({data, label, raw}: JsonViewerProps) {
function stringify (line 25) | function stringify(data: unknown, raw = false): string {
FILE: cli/src/components/MultiStepForm.tsx
type MultiStepFormProps (line 7) | interface MultiStepFormProps {
function MultiStepForm (line 15) | function MultiStepForm({fields, initialValues = {}, onSubmit, onCancel, ...
FILE: cli/src/components/StatusMessage.tsx
type StatusMessageProps (line 4) | interface StatusMessageProps {
function StatusMessage (line 9) | function StatusMessage({variant, message}: StatusMessageProps) {
FILE: cli/src/components/TaskRunner.tsx
type RunnerStatus (line 8) | type RunnerStatus = "running" | "success" | "error";
type LogEntry (line 10) | interface LogEntry {
type TaskRunnerProps (line 16) | interface TaskRunnerProps {
function TaskRunner (line 23) | function TaskRunner({title, description, command, onDone}: TaskRunnerPro...
FILE: cli/src/components/TokenFileEditor.tsx
type TokenFileEditorProps (line 5) | interface TokenFileEditorProps {
function TokenFileEditor (line 11) | function TokenFileEditor({initialPath, onSubmit, onCancel}: TokenFileEdi...
FILE: cli/src/components/TokenStatusFooter.tsx
type TokenStatusFooterProps (line 3) | interface TokenStatusFooterProps {
function TokenStatusFooter (line 16) | function TokenStatusFooter({
FILE: cli/src/components/UrlEditor.tsx
type UrlEditorProps (line 5) | interface UrlEditorProps {
function UrlEditor (line 11) | function UrlEditor({initialUrl, onSubmit, onCancel}: UrlEditorProps) {
FILE: cli/src/parseArgs.ts
type CommandName (line 1) | type CommandName = "ping" | "list" | "call" | "init";
type ParsedArgs (line 3) | interface ParsedArgs {
constant COMMANDS (line 16) | const COMMANDS = new Set<CommandName>(["ping", "list", "call", "init"]);
constant HELP_TEXT (line 18) | const HELP_TEXT = `
function parseArgs (line 41) | function parseArgs(argv: string[]): ParsedArgs {
function isCommand (line 159) | function isCommand(value: string): value is CommandName {
FILE: cli/src/paths.ts
constant SRC_DIR (line 4) | const SRC_DIR = fileURLToPath(new URL(".", import.meta.url));
constant CLI_ROOT (line 5) | const CLI_ROOT = path.resolve(SRC_DIR, "..");
constant REPO_ROOT (line 6) | const REPO_ROOT = path.resolve(CLI_ROOT, "..");
constant REGISTRY_CLI_WRAPPER (line 9) | const REGISTRY_CLI_WRAPPER = path.join(CLI_ROOT, "registry_cli_wrapper.p...
constant SERVICE_MANAGEMENT_SCRIPT (line 12) | const SERVICE_MANAGEMENT_SCRIPT = path.join(CLI_ROOT, "service_mgmt.sh");
constant IMPORT_ANTHROPIC_SCRIPT (line 13) | const IMPORT_ANTHROPIC_SCRIPT = path.join(CLI_ROOT, "import_from_anthrop...
constant USER_MANAGEMENT_SCRIPT (line 14) | const USER_MANAGEMENT_SCRIPT = path.join(CLI_ROOT, "user_mgmt.sh");
constant TEST_ANTHROPIC_SCRIPT (line 15) | const TEST_ANTHROPIC_SCRIPT = path.join(CLI_ROOT, "test_anthropic_api.py");
constant DEFAULT_IMPORT_LIST (line 16) | const DEFAULT_IMPORT_LIST = path.join(CLI_ROOT, "import_server_list.txt");
FILE: cli/src/runtime/mcp.ts
type McpExecutionResult (line 5) | interface McpExecutionResult {
function executeMcpCommand (line 16) | async function executeMcpCommand(
function formatMcpResult (line 33) | function formatMcpResult(
FILE: cli/src/runtime/pythonClient.ts
type PythonMcpExecutionResult (line 12) | interface PythonMcpExecutionResult {
function executePythonMcpCommand (line 23) | async function executePythonMcpCommand(
FILE: cli/src/runtime/script.ts
type ScriptRunResult (line 7) | interface ScriptRunResult {
function resolveTask (line 15) | function resolveTask(category: TaskCategory, key: string): ScriptTask | ...
function runScriptTaskToString (line 19) | async function runScriptTaskToString(
FILE: cli/src/tasks/index.ts
method build (line 75) | build(values, context) {
method build (line 102) | build(values, context) {
method build (line 126) | build(values, context) {
method build (line 151) | build(values, context) {
method build (line 174) | build(values, context) {
method build (line 190) | build(_values, context) {
method build (line 213) | build(values, context) {
method build (line 239) | build(values, context) {
method build (line 277) | build(values, context) {
method build (line 319) | build(values, context) {
method build (line 360) | build(values, context) {
method build (line 373) | build(_values, context) {
method build (line 382) | build(_values, context) {
method build (line 407) | build(values, context) {
method build (line 449) | build(values, context) {
FILE: cli/src/tasks/types.ts
type TaskField (line 1) | interface TaskField {
type ScriptCommand (line 9) | interface ScriptCommand {
type TaskContext (line 15) | interface TaskContext {
type ScriptTask (line 22) | interface ScriptTask {
type TaskCategory (line 30) | type TaskCategory = "service" | "import" | "user" | "diagnostic";
FILE: cli/src/types/mcp.ts
type JsonRpcRequest (line 8) | interface JsonRpcRequest {
type JsonRpcResponse (line 15) | interface JsonRpcResponse<T = unknown> {
type ToolArguments (line 22) | type ToolArguments = Record<string, unknown>;
FILE: cli/src/utils/commands.ts
type CommandOption (line 5) | interface CommandOption {
constant AVAILABLE_COMMANDS (line 11) | const AVAILABLE_COMMANDS: CommandOption[] = [
function getCommandSuggestions (line 23) | function getCommandSuggestions(input: string): CommandOption[] {
function getCommandsByCategory (line 38) | function getCommandsByCategory(category: string): CommandOption[] {
FILE: cli/src/utils/costCalculator.ts
type ModelCost (line 3) | interface ModelCost {
function calculateCost (line 17) | function calculateCost(
function formatCost (line 43) | function formatCost(cost: number): string {
FILE: cli/src/utils/docsReader.ts
constant DOCS_DIR (line 8) | const DOCS_DIR = path.resolve(__dirname, '../../..', 'docs');
type DocFile (line 10) | interface DocFile {
function _walkDirectory (line 17) | function _walkDirectory(dir: string, baseDir: string, files: string[] = ...
function _scoreDocument (line 47) | function _scoreDocument(content: string, fileName: string, keywords: str...
function getAllDocFiles (line 69) | function getAllDocFiles(): string[] {
function readDocFile (line 78) | function readDocFile(filePath: string): DocFile | null {
function searchDocs (line 112) | function searchDocs(query: string): DocFile[] {
FILE: cli/src/utils/markdown.ts
function renderMarkdown (line 5) | function renderMarkdown(markdown: string): string {
function renderMarkdownTables (line 42) | function renderMarkdownTables(text: string): string {
function hasMarkdown (line 91) | function hasMarkdown(text: string): boolean {
function formatToolOutput (line 109) | function formatToolOutput(toolName: string, output: string, isError: boo...
FILE: cli/src/utils/tokenRefresh.ts
type TokenRefreshResult (line 7) | interface TokenRefreshResult {
function refreshTokens (line 17) | async function refreshTokens(projectRoot?: string): Promise<TokenRefresh...
function shouldRefreshToken (line 68) | function shouldRefreshToken(secondsRemaining: number | undefined): boole...
FILE: cli/sync_okta_m2m.py
function main (line 27) | async def main():
FILE: cli/test_a2a_agents.py
class TestResult (line 51) | class TestResult:
method __init__ (line 54) | def __init__(self, test_name: str) -> None:
function _check_token_expiration (line 64) | def _check_token_expiration(access_token: str) -> None:
function _load_token_file (line 121) | def _load_token_file(token_file_path: Path) -> dict[str, Any]:
function _make_api_request (line 141) | def _make_api_request(
function _format_json_output (line 185) | def _format_json_output(data: Any, verbose: bool = False) -> str:
function _print_test_result (line 201) | def _print_test_result(result: TestResult, verbose: bool = False) -> None:
function _test_list_agents (line 224) | def _test_list_agents(access_token: str, base_url: str, limit: int = 10)...
function _test_list_agents_paginated (line 260) | def _test_list_agents_paginated(access_token: str, base_url: str, limit:...
function _test_get_agent (line 296) | def _test_get_agent(access_token: str, base_url: str, agent_name: str) -...
function _test_get_agent_versions (line 332) | def _test_get_agent_versions(access_token: str, base_url: str, agent_nam...
function _test_pagination_flow (line 364) | def _test_pagination_flow(access_token: str, base_url: str) -> TestResult:
function _test_error_invalid_token (line 421) | def _test_error_invalid_token(base_url: str) -> TestResult:
function _test_error_missing_agent (line 455) | def _test_error_missing_agent(access_token: str, base_url: str) -> TestR...
function _run_all_tests (line 490) | def _run_all_tests(
function _print_summary (line 545) | def _print_summary(results: list[TestResult]) -> None:
function _parse_arguments (line 564) | def _parse_arguments() -> argparse.Namespace:
function _execute_test (line 631) | def _execute_test(
function main (line 689) | def main():
FILE: cli/test_anthropic_api.py
function _check_token_expiration (line 64) | def _check_token_expiration(access_token: str) -> None:
function _load_token_file (line 128) | def _load_token_file(token_file_path: Path) -> dict[str, Any]:
function _save_token_file (line 148) | def _save_token_file(token_file_path: Path, token_data: dict[str, Any]) ...
function _make_api_request (line 164) | def _make_api_request(
function _test_list_servers (line 209) | def _test_list_servers(access_token: str, base_url: str, limit: int = 5)...
function _test_get_server_versions (line 240) | def _test_get_server_versions(access_token: str, base_url: str, server_n...
function _test_get_server_version_details (line 266) | def _test_get_server_version_details(
function _run_all_tests (line 297) | def _run_all_tests(access_token: str, base_url: str) -> None:
function main (line 320) | def main():
FILE: cli/test_asor_complete.py
function get_token (line 20) | def get_token():
function api_call (line 68) | def api_call(token, method, endpoint, data=None):
function test_agent_definition_crud (line 92) | def test_agent_definition_crud(token):
function main (line 130) | def main():
FILE: credentials-provider/add_noauth_services.py
function _load_env_file (line 27) | def _load_env_file() -> None:
function _load_json_file (line 51) | def _load_json_file(file_path: Path) -> dict[str, Any] | None:
function _save_json_file (line 61) | def _save_json_file(file_path: Path, data: dict[str, Any], description: ...
function _get_registry_servers_dir (line 72) | def _get_registry_servers_dir() -> Path:
function _get_oauth_tokens_dir (line 83) | def _get_oauth_tokens_dir() -> Path:
function _scan_noauth_services (line 95) | def _scan_noauth_services() -> list[dict[str, Any]]:
function _get_ingress_headers (line 131) | def _get_ingress_headers() -> dict[str, str] | None:
function _update_vscode_config (line 175) | def _update_vscode_config(
function _update_roocode_config (line 222) | def _update_roocode_config(
function _parse_arguments (line 276) | def _parse_arguments() -> argparse.Namespace:
function main (line 288) | def main() -> None:
FILE: credentials-provider/agentcore-auth/get_m2m_token.py
function _load_gateway_configs (line 45) | def _load_gateway_configs() -> list[dict[str, Any]]:
function _extract_cognito_region_from_pool_id (line 80) | def _extract_cognito_region_from_pool_id(user_pool_id: str) -> str:
function _get_cognito_token (line 97) | def _get_cognito_token(
function _save_egress_token (line 161) | def _save_egress_token(
function _get_cognito_domain_from_env (line 226) | def _get_cognito_domain_from_env() -> tuple[str, str | None]:
function generate_access_token (line 245) | def generate_access_token(
function _parse_arguments (line 353) | def _parse_arguments() -> argparse.Namespace:
function main (line 434) | def main() -> None:
FILE: credentials-provider/auth0/get_m2m_token.py
function _get_auth0_domain (line 26) | def _get_auth0_domain() -> str:
function _get_client_id (line 42) | def _get_client_id() -> str:
function _get_client_secret (line 58) | def _get_client_secret() -> str:
function _request_m2m_token (line 76) | def _request_m2m_token(
function _decode_token (line 147) | def _decode_token(access_token: str) -> dict[str, str]:
function _display_decoded_token (line 164) | def _display_decoded_token(claims: dict[str, str]) -> None:
function _save_token_to_file (line 201) | def _save_token_to_file(token_data: dict[str, str]) -> str:
function main (line 237) | def main() -> None:
FILE: credentials-provider/entra/get_m2m_token.py
class Colors (line 36) | class Colors:
function _redact_sensitive_value (line 46) | def _redact_sensitive_value(
function _get_token_from_entra (line 56) | def _get_token_from_entra(
function _save_token_file (line 133) | def _save_token_file(
function _load_identities_file (line 193) | def _load_identities_file(
function generate_tokens (line 219) | def generate_tokens(
function main (line 305) | def main() -> None:
FILE: credentials-provider/keycloak/get_m2m_token.py
class Colors (line 19) | class Colors:
class TokenGenerator (line 29) | class TokenGenerator:
method __init__ (line 32) | def __init__(self, verbose: bool = False):
method setup_logging (line 36) | def setup_logging(self):
method log (line 42) | def log(self, message: str):
method error (line 47) | def error(self, message: str):
method success (line 51) | def success(self, message: str):
method warning (line 55) | def warning(self, message: str):
method load_agent_config (line 59) | def load_agent_config(self, agent_name: str, oauth_tokens_dir: str) ->...
method get_token_from_keycloak (line 80) | def get_token_from_keycloak(
method save_token_files (line 125) | def save_token_files(
method generate_token_for_agent (line 228) | def generate_token_for_agent(
method find_agent_configs (line 291) | def find_agent_configs(self, oauth_tokens_dir: str) -> list[str]:
method generate_tokens_for_all_agents (line 312) | def generate_tokens_for_all_agents(
function main (line 361) | def main():
FILE: credentials-provider/oauth/egress_oauth.py
function _find_available_configurations (line 70) | def _find_available_configurations() -> list[int]:
function _validate_environment_variables (line 88) | def _validate_environment_variables() -> None:
function _run_generic_oauth_flow_for_config (line 106) | def _run_generic_oauth_flow_for_config(
function _run_generic_oauth_flow (line 192) | def _run_generic_oauth_flow(
function _load_provider_tokens (line 241) | def _load_provider_tokens(provider: str) -> dict[str, Any]:
function _save_egress_tokens (line 267) | def _save_egress_tokens(
function _load_existing_tokens (line 314) | def _load_existing_tokens(
function _get_supported_providers (line 357) | def _get_supported_providers() -> list[str]:
function main (line 405) | def main() -> int:
FILE: credentials-provider/oauth/generic_oauth_flow.py
function _validate_environment_variables (line 91) | def _validate_environment_variables() -> None:
function _load_oauth_providers (line 145) | def _load_oauth_providers() -> dict[str, Any]:
class OAuthConfig (line 192) | class OAuthConfig:
method is_token_expired (line 208) | def is_token_expired(self) -> bool:
method get_authorization_url (line 214) | def get_authorization_url(self, state: str, pkce_challenge: str | None...
method exchange_code_for_tokens (line 241) | def exchange_code_for_tokens(self, code: str, pkce_verifier: str | Non...
method refresh_access_token (line 326) | def refresh_access_token(self) -> bool:
method ensure_valid_token (line 362) | def ensure_valid_token(self) -> bool:
method _get_provider_info (line 368) | def _get_provider_info(self) -> None:
method _save_tokens (line 396) | def _save_tokens(self) -> None:
method _save_tokens_to_file (line 414) | def _save_tokens_to_file(self, token_data: dict) -> None:
method _create_vscode_mcp_config (line 483) | def _create_vscode_mcp_config(self, token_dir: Path) -> None:
method _create_roocode_mcp_config (line 534) | def _create_roocode_mcp_config(self, token_dir: Path) -> None:
method load_tokens (line 589) | def load_tokens(provider: str, client_id: str) -> dict[str, Any]:
method _load_tokens_from_file (line 599) | def _load_tokens_from_file(provider: str, client_id: str) -> dict[str,...
function generate_pkce_pair (line 616) | def generate_pkce_pair() -> tuple[str, str]:
class CallbackHandler (line 631) | class CallbackHandler(http.server.BaseHTTPRequestHandler):
method do_GET (line 634) | def do_GET(self) -> None:
method _send_response (line 702) | def _send_response(self, message: str, status: int = 200) -> None:
method log_message (line 806) | def log_message(self, format: str, *args) -> None:
function start_callback_server (line 811) | def start_callback_server(port: int) -> socketserver.TCPServer:
function wait_for_callback (line 822) | def wait_for_callback(timeout: int = 300) -> bool:
function parse_redirect_uri (line 847) | def parse_redirect_uri(redirect_uri: str) -> tuple[str, int]:
function load_config_file (line 854) | def load_config_file(config_path: str) -> dict[str, Any]:
function interactive_provider_selection (line 864) | def interactive_provider_selection() -> str:
function interactive_input (line 896) | def interactive_input(prompt: str, required: bool = True, is_secret: boo...
function interactive_scopes_input (line 917) | def interactive_scopes_input(provider_config: dict[str, Any]) -> list[str]:
function interactive_configuration (line 939) | def interactive_configuration() -> dict[str, Any]:
function run_m2m_flow (line 1067) | def run_m2m_flow(config: OAuthConfig) -> bool:
function run_oauth_flow (line 1148) | def run_oauth_flow(config: OAuthConfig, force_new: bool = False) -> bool:
function _delete_existing_tokens (line 1283) | def _delete_existing_tokens(provider: str, client_id: str) -> None:
function main (line 1313) | def main() -> int:
FILE: credentials-provider/oauth/ingress_oauth.py
function _validate_environment_variables (line 79) | def _validate_environment_variables() -> None:
function _get_cognito_domain (line 117) | def _get_cognito_domain(user_pool_id: str, region: str) -> str:
function _perform_keycloak_m2m_authentication (line 124) | def _perform_keycloak_m2m_authentication(
function _perform_entra_m2m_authentication (line 203) | def _perform_entra_m2m_authentication(
function _perform_m2m_authentication (line 282) | def _perform_m2m_authentication(
function _save_ingress_tokens (line 368) | def _save_ingress_tokens(token_data: dict[str, Any]) -> str:
function _load_existing_tokens (line 435) | def _load_existing_tokens() -> dict[str, Any] | None:
function main (line 462) | def main() -> int:
FILE: credentials-provider/okta/get_m2m_token.py
function _get_okta_domain (line 26) | def _get_okta_domain() -> str:
function _get_client_id (line 42) | def _get_client_id() -> str:
function _get_client_secret (line 58) | def _get_client_secret() -> str:
function _request_m2m_token (line 76) | def _request_m2m_token(
function _decode_token (line 148) | def _decode_token(access_token: str) -> dict[str, str]:
function _display_decoded_token (line 165) | def _display_decoded_token(claims: dict[str, str]) -> None:
function _save_token_to_file (line 201) | def _save_token_to_file(token_data: dict[str, str]) -> str:
function main (line 237) | def main() -> None:
FILE: credentials-provider/token_refresher.py
function _load_env_file (line 39) | def _load_env_file() -> None:
function _should_ignore_file (line 84) | def _should_ignore_file(filename: str) -> bool:
function _parse_token_file (line 105) | def _parse_token_file(filepath: Path) -> dict | None:
function _get_all_tokens (line 130) | def _get_all_tokens() -> list[tuple[Path, dict]]:
function _get_expiring_tokens (line 161) | def _get_expiring_tokens(buffer_seconds: int = DEFAULT_EXPIRY_BUFFER) ->...
function _determine_refresh_method (line 226) | def _determine_refresh_method(token_data: dict, filename: str) -> str | ...
function _refresh_agentcore_token (line 259) | def _refresh_agentcore_token(token_data: dict, filename: str) -> bool:
function _refresh_oauth_token (line 314) | def _refresh_oauth_token(token_data: dict, filename: str) -> bool:
function _refresh_token (line 386) | def _refresh_token(filepath: Path, token_data: dict) -> bool:
function _scan_noauth_services (line 413) | def _scan_noauth_services() -> list[dict]:
function _regenerate_mcp_configs (line 461) | def _regenerate_mcp_configs() -> bool:
function _get_ingress_headers (line 512) | def _get_ingress_headers(ingress_file: Path) -> dict[str, str]:
function _create_egress_server_config (line 599) | def _create_egress_server_config(
function _create_noauth_server_config (line 674) | def _create_noauth_server_config(
function _generate_vscode_config (line 720) | def _generate_vscode_config(
function _generate_roocode_config (line 797) | def _generate_roocode_config(
function _run_refresh_cycle (line 874) | def _run_refresh_cycle(
function _get_pidfile_path (line 926) | def _get_pidfile_path() -> Path:
function _write_pidfile (line 936) | def _write_pidfile() -> None:
function _remove_pidfile (line 946) | def _remove_pidfile() -> None:
function _kill_existing_instance (line 959) | def _kill_existing_instance() -> bool:
function _setup_signal_handlers (line 1021) | def _setup_signal_handlers() -> None:
function main (line 1035) | def main():
FILE: credentials-provider/utils.py
function redact_sensitive_value (line 6) | def redact_sensitive_value(value: str, show_chars: int = 8) -> str:
function redact_credentials_in_text (line 27) | def redact_credentials_in_text(text: str, show_chars: int = 8) -> str:
FILE: frontend/e2e/helpers/auth.ts
constant BASE_URL (line 3) | const BASE_URL = 'http://localhost';
constant BACKEND_URL (line 8) | const BACKEND_URL = 'http://localhost:7860';
constant ADMIN_AUTH_HEADERS (line 13) | const ADMIN_AUTH_HEADERS: Record<string, string> = {
constant ADMIN_ME_RESPONSE (line 24) | const ADMIN_ME_RESPONSE = {
constant MOCK_RESPONSES (line 54) | const MOCK_RESPONSES: Record<string, unknown> = {
function loginAsAdmin (line 73) | async function loginAsAdmin(page: Page): Promise<void> {
function navigateToVirtualServers (line 163) | async function navigateToVirtualServers(page: Page): Promise<void> {
FILE: frontend/src/App.tsx
function App (line 25) | function App() {
FILE: frontend/src/components/ANSBadge.tsx
type ANSFunction (line 4) | interface ANSFunction {
type ANSEndpoint (line 10) | interface ANSEndpoint {
type ANSLink (line 18) | interface ANSLink {
type ANSMetadata (line 23) | interface ANSMetadata {
type ANSBadgeProps (line 46) | interface ANSBadgeProps {
constant STATUS_CONFIG (line 51) | const STATUS_CONFIG = {
constant LINK_LABELS (line 99) | const LINK_LABELS: Record<string, string> = {
type ANSCertificateModalProps (line 138) | interface ANSCertificateModalProps {
FILE: frontend/src/components/AddRegistryEntryModal.tsx
type RegistrySourceType (line 9) | type RegistrySourceType = 'aws_registry' | 'anthropic' | 'asor';
type AddRegistryEntryModalProps (line 15) | interface AddRegistryEntryModalProps {
type AwsRegistryFormData (line 27) | interface AwsRegistryFormData {
constant ALL_DESCRIPTOR_TYPES (line 40) | const ALL_DESCRIPTOR_TYPES = ['MCP', 'A2A', 'CUSTOM', 'AGENT_SKILLS'];
constant SOURCE_TITLES (line 46) | const SOURCE_TITLES: Record<RegistrySourceType, string> = {
constant INPUT_CLASS (line 56) | const INPUT_CLASS =
constant LABEL_CLASS (line 66) | const LABEL_CLASS = 'block text-sm font-medium text-gray-700 dark:text-g...
function _defaultAwsFormData (line 72) | function _defaultAwsFormData(): AwsRegistryFormData {
FILE: frontend/src/components/AgentCard.tsx
type SyncMetadata (line 26) | interface SyncMetadata {
type Agent (line 39) | interface Agent {
type AgentCardProps (line 80) | interface AgentCardProps {
FILE: frontend/src/components/AgentDetailsModal.tsx
type AgentLike (line 5) | interface AgentLike {
type AgentDetailsModalProps (line 16) | interface AgentDetailsModalProps {
FILE: frontend/src/components/ApplicationLogs.tsx
type LogEntry (line 14) | interface LogEntry {
type LogQueryResponse (line 25) | interface LogQueryResponse {
type LogMetadata (line 33) | interface LogMetadata {
type LogFilters (line 39) | interface LogFilters {
type ApplicationLogsProps (line 48) | interface ApplicationLogsProps {
constant LEVEL_COLORS (line 52) | const LEVEL_COLORS: Record<string, string> = {
constant PAGE_SIZE (line 60) | const PAGE_SIZE = 50;
FILE: frontend/src/components/AuditEventDetail.tsx
type AuditEventDetailProps (line 9) | interface AuditEventDetailProps {
FILE: frontend/src/components/AuditFilterBar.tsx
type AuditFilters (line 10) | interface AuditFilters {
type AuditFilterBarProps (line 21) | interface AuditFilterBarProps {
constant REGISTRY_OPERATION_OPTIONS (line 28) | const REGISTRY_OPERATION_OPTIONS = [
constant MCP_OPERATION_OPTIONS (line 42) | const MCP_OPERATION_OPTIONS = [
constant REGISTRY_RESOURCE_TYPE_OPTIONS (line 52) | const REGISTRY_RESOURCE_TYPE_OPTIONS = [
constant MCP_RESOURCE_TYPE_OPTIONS (line 62) | const MCP_RESOURCE_TYPE_OPTIONS = [
constant STATUS_PRESETS (line 66) | const STATUS_PRESETS = [
type FilterOptionsCache (line 74) | interface FilterOptionsCache {
FILE: frontend/src/components/AuditLogTable.tsx
type AuditEvent (line 14) | interface AuditEvent {
type AuditLogTableProps (line 79) | interface AuditLogTableProps {
type PaginationState (line 85) | interface PaginationState {
FILE: frontend/src/components/AuditStatistics.tsx
type UsageSummaryItem (line 10) | interface UsageSummaryItem {
type TimeSeriesBucket (line 15) | interface TimeSeriesBucket {
type StatusDistribution (line 20) | interface StatusDistribution {
type UserActivityItem (line 26) | interface UserActivityItem {
type AuditStatisticsData (line 32) | interface AuditStatisticsData {
type AuditStatisticsProps (line 42) | interface AuditStatisticsProps {
constant STORAGE_KEY (line 48) | const STORAGE_KEY = 'audit-statistics-collapsed';
constant WEEKDAY_NAMES (line 125) | const WEEKDAY_NAMES = ['Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat'];
function _fillTimelineDays (line 131) | function _fillTimelineDays(timeline: TimeSeriesBucket[], days: number): ...
function _formatDateLabel (line 146) | function _formatDateLabel(period: string): string {
constant VB_W (line 154) | const VB_W = 600;
constant VB_H (line 155) | const VB_H = 180;
constant PAD (line 156) | const PAD = { top: 20, right: 50, bottom: 32, left: 45 };
FILE: frontend/src/components/ConfigPanel.tsx
type ConfigField (line 19) | interface ConfigField {
type ConfigSubgroup (line 28) | interface ConfigSubgroup {
type ConfigGroup (line 34) | interface ConfigGroup {
type ConfigResponse (line 42) | interface ConfigResponse {
type ExportFormat (line 48) | type ExportFormat = 'env' | 'json' | 'tfvars' | 'yaml';
type ConfigPanelProps (line 50) | interface ConfigPanelProps {
constant EXPORT_OPTIONS (line 59) | const EXPORT_OPTIONS: { format: ExportFormat; label: string }[] = [
constant DEFAULT_EXPANDED (line 66) | const DEFAULT_EXPANDED: Set<string> = new Set(['deployment', 'storage']);
function highlightMatch (line 71) | function highlightMatch(text: string, term: string): React.ReactNode {
type ConfigGroupPanelProps (line 88) | interface ConfigGroupPanelProps {
FILE: frontend/src/components/ConfirmModal.tsx
type ConfirmModalProps (line 9) | interface ConfirmModalProps {
FILE: frontend/src/components/DataExport.tsx
type ExportableCollection (line 12) | interface ExportableCollection {
constant EXPORTABLE_COLLECTIONS (line 26) | const EXPORTABLE_COLLECTIONS: ExportableCollection[] = [
function _buildDateSuffix (line 163) | function _buildDateSuffix(): string {
function _fetchAllPages (line 168) | async function _fetchAllPages(
function _triggerBlobDownload (line 204) | function _triggerBlobDownload(
function _recordAuditEvent (line 219) | async function _recordAuditEvent(
function _fetchCount (line 234) | async function _fetchCount(
type DataExportProps (line 268) | interface DataExportProps {
FILE: frontend/src/components/DeleteConfirmation.tsx
type DeleteConfirmationProps (line 7) | interface DeleteConfirmationProps {
FILE: frontend/src/components/DetailsModal.tsx
type DetailsModalProps (line 4) | interface DetailsModalProps {
constant MAX_WIDTH_CLASSES (line 14) | const MAX_WIDTH_CLASSES = {
FILE: frontend/src/components/DiscoverListRow.tsx
type ItemType (line 24) | type ItemType = 'server' | 'agent' | 'skill' | 'virtual';
type DiscoverListRowProps (line 27) | interface DiscoverListRowProps {
function _getAverageRating (line 41) | function _getAverageRating(
function _getTypeBadge (line 55) | function _getTypeBadge(type: ItemType) {
function _getServerRegistrySource (line 89) | function _getServerRegistrySource(server: Server): string | null {
function _extractDisplayFields (line 108) | function _extractDisplayFields(
FILE: frontend/src/components/DiscoverTab.tsx
constant AI_REGISTRY_TOOLS_PATH (line 12) | const AI_REGISTRY_TOOLS_PATH = '/airegistry-tools/';
constant MAX_FEATURED (line 15) | const MAX_FEATURED = 4;
type DiscoverTabProps (line 18) | interface DiscoverTabProps {
function _getAverageRating (line 46) | function _getAverageRating(
function _sortServersByRating (line 60) | function _sortServersByRating(servers: Server[]): Server[] {
function _sortSkillsByStars (line 72) | function _sortSkillsByStars(skills: Skill[]): Skill[] {
function _sortVirtualServersByRating (line 84) | function _sortVirtualServersByRating(vs: VirtualServerInfo[]): VirtualSe...
function _matchesKeyword (line 97) | function _matchesKeyword(
function _countFragment (line 114) | function _countFragment(
function _buildSummaryText (line 128) | function _buildSummaryText(
function _virtualServerMatchesKeyword (line 165) | function _virtualServerMatchesKeyword(
function _getFeaturedItems (line 184) | function _getFeaturedItems(
FILE: frontend/src/components/ExternalRegistries.tsx
type ExternalRegistriesProps (line 21) | interface ExternalRegistriesProps {
type AnthropicServerConfig (line 29) | interface AnthropicServerConfig {
type AnthropicConfig (line 37) | interface AnthropicConfig {
type AsorAgentConfig (line 48) | interface AsorAgentConfig {
type AsorConfig (line 56) | interface AsorConfig {
type AgentCoreRegistryConfig (line 68) | interface AgentCoreRegistryConfig {
type AgentCoreConfig (line 81) | interface AgentCoreConfig {
type FederationConfig (line 95) | interface FederationConfig {
type SyncResults (line 105) | interface SyncResults {
function _formatRelativeTime (line 115) | function _formatRelativeTime(dateString: string | null | undefined): str...
function _truncateArn (line 137) | function _truncateArn(arn: string, maxLen: number = 60): string {
function _renderAgentCoreCard (line 414) | function _renderAgentCoreCard(
function _renderAnthropicCard (line 612) | function _renderAnthropicCard(
function _renderAsorCard (line 744) | function _renderAsorCard(
function GlobeIcon (line 876) | function GlobeIcon(props: React.ComponentProps<'svg'>) {
FILE: frontend/src/components/FederationPeerForm.tsx
type FederationPeerFormProps (line 19) | interface FederationPeerFormProps {
type FormErrors (line 28) | interface FormErrors {
FILE: frontend/src/components/FederationPeers.tsx
type FederationPeersProps (line 28) | interface FederationPeersProps {
type PeerHealthStatus (line 36) | type PeerHealthStatus = 'healthy' | 'warning' | 'error' | 'unknown';
function getHealthColorClasses (line 42) | function getHealthColorClasses(health: PeerHealthStatus): string {
function formatLastSync (line 59) | function formatLastSync(dateString: string | null | undefined): string {
type PeerActionMenuProps (line 81) | interface PeerActionMenuProps {
FILE: frontend/src/components/IAMGroups.tsx
type IAMGroupsProps (line 30) | interface IAMGroupsProps {
type View (line 34) | type View = 'list' | 'create' | 'edit';
type ServerAccessEntry (line 37) | interface ServerAccessEntry {
constant UI_PERMISSION_KEYS (line 44) | const UI_PERMISSION_KEYS = [
constant COMMON_METHODS (line 58) | const COMMON_METHODS = [
constant EXAMPLE_SCOPE_JSON (line 73) | const EXAMPLE_SCOPE_JSON = {
constant EMPTY_SERVER_ENTRY (line 92) | const EMPTY_SERVER_ENTRY: ServerAccessEntry = { server: '', methods: [.....
type ServerToolsSelectorProps (line 99) | interface ServerToolsSelectorProps {
function _buildScopeJson (line 234) | function _buildScopeJson(
FILE: frontend/src/components/IAMM2M.tsx
type IAMM2MProps (line 16) | interface IAMM2MProps {
type View (line 20) | type View = 'list' | 'create' | 'credentials' | 'edit';
type FormErrors (line 22) | interface FormErrors {
FILE: frontend/src/components/IAMUsers.tsx
type IAMUsersProps (line 18) | interface IAMUsersProps {
type View (line 22) | type View = 'list' | 'create';
type FormErrors (line 27) | interface FormErrors {
FILE: frontend/src/components/Layout.tsx
type LayoutProps (line 17) | interface LayoutProps {
FILE: frontend/src/components/ProtectedRoute.tsx
type ProtectedRouteProps (line 6) | interface ProtectedRouteProps {
FILE: frontend/src/components/RegistryCardSettings.tsx
type RegistryCardData (line 11) | interface RegistryCardData {
type RegistryCardSettingsProps (line 40) | interface RegistryCardSettingsProps {
FILE: frontend/src/components/SearchableSelect.tsx
type SelectOption (line 12) | interface SelectOption {
type SearchableSelectProps (line 18) | interface SearchableSelectProps {
function _truncateWords (line 35) | function _truncateWords(text: string, maxWords: number): string {
FILE: frontend/src/components/SecurityScanModal.tsx
type SecurityScanResult (line 14) | interface SecurityScanResult {
type SecurityScanModalProps (line 36) | interface SecurityScanModalProps {
type StatusInfo (line 49) | interface StatusInfo {
constant SEVERITY_BOX_STYLES (line 56) | const SEVERITY_BOX_STYLES: Record<string, string> = {
FILE: frontend/src/components/SemanticSearchResults.tsx
type SemanticSearchResultsProps (line 28) | interface SemanticSearchResultsProps {
type ToolSchemaModalProps (line 39) | interface ToolSchemaModalProps {
type ServerDetailsModalProps (line 119) | interface ServerDetailsModalProps {
type SkillContentModalProps (line 246) | interface SkillContentModalProps {
type VirtualServerDetailsModalProps (line 443) | interface VirtualServerDetailsModalProps {
type VirtualServerResultCardProps (line 667) | interface VirtualServerResultCardProps {
FILE: frontend/src/components/ServerCard.tsx
type ServerVersion (line 32) | interface ServerVersion {
type SyncMetadata (line 42) | interface SyncMetadata {
type Server (line 52) | interface Server {
type ServerCardProps (line 98) | interface ServerCardProps {
type Tool (line 113) | interface Tool {
FILE: frontend/src/components/ServerConfigModal.tsx
type IDE (line 8) | type IDE = 'cursor' | 'roo-code' | 'claude-code' | 'kiro';
type ServerConfigModalProps (line 10) | interface ServerConfigModalProps {
FILE: frontend/src/components/ServerDetailsModal.tsx
type ServerDetailsModalProps (line 5) | interface ServerDetailsModalProps {
FILE: frontend/src/components/Sidebar.tsx
type SidebarProps (line 20) | interface SidebarProps {
FILE: frontend/src/components/SkillCard.tsx
type SkillCardProps (line 33) | interface SkillCardProps {
FILE: frontend/src/components/StarRatingWidget.tsx
type RatingDetail (line 6) | interface RatingDetail {
type RatingInfoResponse (line 11) | interface RatingInfoResponse {
type StarRatingWidgetProps (line 16) | interface StarRatingWidgetProps {
FILE: frontend/src/components/StatusBadge.tsx
type LifecycleStatus (line 3) | type LifecycleStatus = 'active' | 'deprecated' | 'draft' | 'beta';
type StatusBadgeProps (line 5) | interface StatusBadgeProps {
constant STATUS_CONFIG (line 10) | const STATUS_CONFIG: Record<
FILE: frontend/src/components/ToolSelector.tsx
type ToolSelectorProps (line 17) | interface ToolSelectorProps {
type ServerGroup (line 26) | interface ServerGroup {
FILE: frontend/src/components/VersionBadge.tsx
type ServerVersion (line 5) | interface ServerVersion {
type VersionBadgeProps (line 16) | interface VersionBadgeProps {
FILE: frontend/src/components/VersionSelectorModal.tsx
type ServerVersion (line 12) | interface ServerVersion {
type VersionSelectorModalProps (line 23) | interface VersionSelectorModalProps {
FILE: frontend/src/components/VirtualServerCard.tsx
type VirtualServerCardProps (line 21) | interface VirtualServerCardProps {
FILE: frontend/src/components/VirtualServerDetailsModal.tsx
type VirtualServerDetailsModalProps (line 8) | interface VirtualServerDetailsModalProps {
FILE: frontend/src/components/VirtualServerForm.tsx
type VirtualServerFormProps (line 15) | interface VirtualServerFormProps {
constant STEPS (line 27) | const STEPS = [
type StepId (line 34) | type StepId = typeof STEPS[number]['id'];
function _generatePathFromName (line 40) | function _generatePathFromName(name: string): string {
FILE: frontend/src/components/VirtualServerList.tsx
type VirtualServerListProps (line 26) | interface VirtualServerListProps {
FILE: frontend/src/components/__tests__/ServerConfigModal.test.tsx
function renderModal (line 24) | function renderModal(serverOverrides: Partial<Server> = {}, configOverri...
function getDisplayedConfig (line 36) | function getDisplayedConfig(): any {
FILE: frontend/src/contexts/AuthContext.tsx
type UIPermissions (line 19) | interface UIPermissions {
type User (line 33) | interface User {
type AuthContextType (line 45) | interface AuthContextType {
type AuthProviderProps (line 61) | interface AuthProviderProps {
FILE: frontend/src/contexts/ThemeContext.tsx
type Theme (line 3) | type Theme = 'light' | 'dark';
type ThemeContextType (line 5) | interface ThemeContextType {
type ThemeProviderProps (line 20) | interface ThemeProviderProps {
FILE: frontend/src/hooks/useAgentList.ts
type AgentInfo (line 12) | interface AgentInfo {
type AgentListResponse (line 18) | interface AgentListResponse {
type UseAgentListReturn (line 27) | interface UseAgentListReturn {
function useAgentList (line 35) | function useAgentList(): UseAgentListReturn {
FILE: frontend/src/hooks/useFederationPeers.ts
type PeerRegistry (line 8) | interface PeerRegistry {
type PeerSyncStatus (line 29) | interface PeerSyncStatus {
type SyncResult (line 46) | interface SyncResult {
type PeerFormData (line 62) | interface PeerFormData {
type PeerWithStatus (line 79) | interface PeerWithStatus extends PeerRegistry {
type UseFederationPeersReturn (line 87) | interface UseFederationPeersReturn {
function fetchPeerStatus (line 100) | async function fetchPeerStatus(peerId: string): Promise<PeerSyncStatus |...
function useFederationPeers (line 115) | function useFederationPeers(): UseFederationPeersReturn {
type UseFederationPeerReturn (line 169) | interface UseFederationPeerReturn {
function useFederationPeer (line 183) | function useFederationPeer(peerId: string | undefined): UseFederationPee...
function createPeer (line 239) | async function createPeer(data: PeerFormData): Promise<PeerRegistry> {
function updatePeer (line 245) | async function updatePeer(
function deletePeer (line 254) | async function deletePeer(peerId: string): Promise<void> {
function syncPeer (line 259) | async function syncPeer(peerId: string): Promise<SyncResult> {
function enablePeer (line 265) | async function enablePeer(peerId: string): Promise<PeerRegistry> {
function disablePeer (line 271) | async function disablePeer(peerId: string): Promise<PeerRegistry> {
FILE: frontend/src/hooks/useIAM.ts
type IAMGroup (line 6) | interface IAMGroup {
type IAMUser (line 13) | interface IAMUser {
type M2MCredentials (line 25) | interface M2MCredentials {
type CreateHumanUserPayload (line 31) | interface CreateHumanUserPayload {
type CreateM2MPayload (line 40) | interface CreateM2MPayload {
type CreateGroupPayload (line 46) | interface CreateGroupPayload {
function useIAMGroups (line 56) | function useIAMGroups() {
function createGroup (line 79) | async function createGroup(payload: CreateGroupPayload): Promise<any> {
function deleteGroup (line 84) | async function deleteGroup(name: string): Promise<void> {
type GroupDetail (line 90) | interface GroupDetail {
type UpdateGroupPayload (line 101) | interface UpdateGroupPayload {
function getGroup (line 110) | async function getGroup(groupName: string): Promise<GroupDetail> {
function updateGroup (line 115) | async function updateGroup(
function useIAMUsers (line 128) | function useIAMUsers(search?: string) {
function createHumanUser (line 153) | async function createHumanUser(payload: CreateHumanUserPayload): Promise...
function createM2MAccount (line 158) | async function createM2MAccount(payload: CreateM2MPayload): Promise<M2MC...
function deleteUser (line 163) | async function deleteUser(username: string): Promise<void> {
type UpdateUserGroupsResponse (line 167) | interface UpdateUserGroupsResponse {
function updateUserGroups (line 174) | async function updateUserGroups(
FILE: frontend/src/hooks/useRegistryConfig.ts
type RegistryConfig (line 4) | interface RegistryConfig {
constant DEFAULT_CONFIG (line 18) | const DEFAULT_CONFIG: RegistryConfig = {
function useRegistryConfig (line 34) | function useRegistryConfig(): {
FILE: frontend/src/hooks/useSemanticSearch.ts
type EntityType (line 4) | type EntityType = 'mcp_server' | 'tool' | 'a2a_agent' | 'skill' | 'virtu...
constant DEFAULT_ENTITY_TYPES (line 6) | const DEFAULT_ENTITY_TYPES: EntityType[] = ['mcp_server', 'tool', 'a2a_a...
constant DEFAULT_ENTITY_TYPES_KEY (line 7) | const DEFAULT_ENTITY_TYPES_KEY = DEFAULT_ENTITY_TYPES.join('|');
type MatchingToolHit (line 9) | interface MatchingToolHit {
type SyncMetadata (line 16) | interface SyncMetadata {
type SemanticServerHit (line 26) | interface SemanticServerHit {
type SemanticToolHit (line 46) | interface SemanticToolHit {
type SemanticAgentHit (line 58) | interface SemanticAgentHit {
type SemanticSkillHit (line 67) | interface SemanticSkillHit {
type VirtualServerToolHit (line 86) | interface VirtualServerToolHit {
type SemanticVirtualServerHit (line 94) | interface SemanticVirtualServerHit {
type SemanticSearchResponse (line 110) | interface SemanticSearchResponse {
type UseSemanticSearchOptions (line 124) | interface UseSemanticSearchOptions {
type UseSemanticSearchReturn (line 132) | interface UseSemanticSearchReturn {
FILE: frontend/src/hooks/useServerStats.ts
type ServerVersion (line 5) | interface ServerVersion {
type SyncMetadata (line 12) | interface SyncMetadata {
type Server (line 20) | interface Server {
type ServerStats (line 60) | interface ServerStats {
type UseServerStatsReturn (line 67) | interface UseServerStatsReturn {
FILE: frontend/src/hooks/useSkills.ts
type UseSkillsReturn (line 7) | interface UseSkillsReturn {
FILE: frontend/src/hooks/useToolCatalog.ts
type ServerInfo (line 12) | interface ServerInfo {
type ToolInfo (line 19) | interface ToolInfo {
type ServerListResponse (line 25) | interface ServerListResponse {
type VirtualServerListResponse (line 35) | interface VirtualServerListResponse {
type ToolCatalogResponse (line 45) | interface ToolCatalogResponse {
type UseServerListReturn (line 58) | interface UseServerListReturn {
type UseServerToolsReturn (line 65) | interface UseServerToolsReturn {
function useServerList (line 76) | function useServerList(): UseServerListReturn {
function useServerTools (line 148) | function useServerTools(serverPath: string): UseServerToolsReturn {
FILE: frontend/src/hooks/useVirtualServers.ts
type UseVirtualServersReturn (line 16) | interface UseVirtualServersReturn {
function _encodeServerPath (line 34) | function _encodeServerPath(path: string): string {
type UseVirtualServerReturn (line 134) | interface UseVirtualServerReturn {
type UseVirtualServerToolsReturn (line 199) | interface UseVirtualServerToolsReturn {
type UseToolCatalogReturn (line 267) | interface UseToolCatalogReturn {
function createVirtualServer (line 324) | async function createVirtualServer(
function updateVirtualServer (line 332) | async function updateVirtualServer(
function deleteVirtualServer (line 344) | async function deleteVirtualServer(path: string): Promise<void> {
function toggleVirtualServer (line 349) | async function toggleVirtualServer(
FILE: frontend/src/pages/AuditLogsPage.tsx
type AuditLogsPageProps (line 9) | interface AuditLogsPageProps {
FILE: frontend/src/pages/Dashboard.tsx
type SyncMetadata (line 25) | interface SyncMetadata {
type Server (line 35) | interface Server {
type Agent (line 56) | interface Agent {
type ToastProps (line 89) | interface ToastProps {
type DashboardProps (line 140) | interface DashboardProps {
FILE: frontend/src/pages/Login.tsx
type OAuthProvider (line 6) | interface OAuthProvider {
FILE: frontend/src/pages/RegisterPage.tsx
type ToastProps (line 19) | interface ToastProps {
type RegistrationType (line 58) | type RegistrationType = 'server' | 'agent';
type RegistrationMode (line 59) | type RegistrationMode = 'form' | 'json';
type ServerFormData (line 62) | interface ServerFormData {
type AgentFormData (line 84) | interface AgentFormData {
type FormErrors (line 113) | interface FormErrors {
FILE: frontend/src/pages/SettingsPage.tsx
type ToastState (line 32) | interface ToastState {
type SettingsItem (line 38) | interface SettingsItem {
type SettingsCategory (line 44) | interface SettingsCategory {
constant SETTINGS_CATEGORIES (line 66) | const SETTINGS_CATEGORIES: SettingsCategory[] = [
FILE: frontend/src/types/skill.ts
type AllowedTool (line 8) | interface AllowedTool {
type SkillRequirement (line 18) | interface SkillRequirement {
type SkillMetadata (line 32) | interface SkillMetadata {
type Skill (line 39) | interface Skill {
FILE: frontend/src/types/stats.ts
type DatabaseStatus (line 11) | interface DatabaseStatus {
type AuthStatus (line 21) | interface AuthStatus {
type RegistryStatsData (line 31) | interface RegistryStatsData {
type SystemStats (line 41) | interface SystemStats {
FILE: frontend/src/types/virtualServer.ts
type ToolMapping (line 15) | interface ToolMapping {
type ToolScopeOverride (line 30) | interface ToolScopeOverride {
type VirtualServerConfig (line 43) | interface VirtualServerConfig {
type RatingDetail (line 68) | interface RatingDetail {
type VirtualServerInfo (line 80) | interface VirtualServerInfo {
type CreateVirtualServerRequest (line 104) | interface CreateVirtualServerRequest {
type UpdateVirtualServerRequest (line 120) | interface UpdateVirtualServerRequest {
type ToolCatalogEntry (line 136) | interface ToolCatalogEntry {
type ResolvedTool (line 152) | interface ResolvedTool {
FILE: frontend/src/utils/dateUtils.ts
function formatRelativeTime (line 9) | function formatRelativeTime(date: string | Date | null | undefined): str...
function formatAbsoluteDate (line 34) | function formatAbsoluteDate(date: string | Date | null | undefined): str...
function formatDateWithTooltip (line 65) | function formatDateWithTooltip(date: string | Date | null | undefined): {
FILE: frontend/src/utils/permissions.ts
type SettingsUser (line 12) | interface SettingsUser {
function canAccessSettings (line 20) | function canAccessSettings(user: SettingsUser | null): boolean {
FILE: get_asor_token.py
function get_asor_token (line 21) | def get_asor_token():
FILE: metrics-service/add_test_key.py
function add_test_key (line 10) | async def add_test_key():
FILE: metrics-service/app/api/auth.py
function verify_api_key (line 12) | async def verify_api_key(request: Request) -> str:
function get_rate_limit_status (line 60) | async def get_rate_limit_status(api_key: str) -> dict:
FILE: metrics-service/app/api/routes.py
function collect_metrics (line 18) | async def collect_metrics(
function flush_metrics (line 56) | async def flush_metrics(
function get_rate_limit (line 76) | async def get_rate_limit(request: Request):
function get_cleanup_preview (line 92) | async def get_cleanup_preview(
function run_cleanup (line 123) | async def run_cleanup(
function get_retention_policies (line 153) | async def get_retention_policies(api_key: str = Depends(verify_api_key)):
function update_retention_policy (line 171) | async def update_retention_policy(
function get_database_stats (line 208) | async def get_database_stats(api_key: str = Depends(verify_api_key)):
function get_database_size (line 219) | async def get_database_size(api_key: str = Depends(verify_api_key)):
FILE: metrics-service/app/config.py
class Settings (line 5) | class Settings:
FILE: metrics-service/app/core/models.py
class MetricType (line 7) | class MetricType(StrEnum):
class Metric (line 17) | class Metric(BaseModel):
class MetricRequest (line 26) | class MetricRequest(BaseModel):
class MetricResponse (line 33) | class MetricResponse(BaseModel):
class ErrorResponse (line 41) | class ErrorResponse(BaseModel):
FILE: metrics-service/app/core/processor.py
function _normalize_label_value (line 12) | def _normalize_label_value(value: object) -> str:
class ProcessingResult (line 24) | class ProcessingResult:
method __init__ (line 25) | def __init__(self):
class MetricsProcessor (line 31) | class MetricsProcessor:
method __init__ (line 34) | def __init__(self):
method process_metrics (line 49) | async def process_metrics(
method _validate_metric (line 93) | def _validate_metric(self, metric: Metric) -> bool:
method _emit_to_otel (line 101) | async def _emit_to_otel(self, metric: Metric, service: str):
method _buffer_for_storage (line 137) | async def _buffer_for_storage(self, metric: Metric, request: MetricReq...
method _flush_buffer (line 146) | async def _flush_buffer(self):
method force_flush (line 162) | async def force_flush(self):
FILE: metrics-service/app/core/rate_limiter.py
class RateLimiter (line 13) | class RateLimiter:
method __init__ (line 16) | def __init__(self):
method check_rate_limit (line 21) | async def check_rate_limit(self, key_hash: str, rate_limit: int) -> Tu...
method get_bucket_status (line 73) | async def get_bucket_status(self, key_hash: str, rate_limit: int) -> D...
method cleanup_old_buckets (line 106) | async def cleanup_old_buckets(self, max_age_hours: int = 24):
FILE: metrics-service/app/core/retention.py
function _enable_test_tables (line 49) | def _enable_test_tables() -> None:
function _disable_test_tables (line 59) | def _disable_test_tables() -> None:
function _get_allowed_table_names (line 68) | def _get_allowed_table_names() -> Set[str]:
function _validate_table_name (line 79) | def _validate_table_name(table_name: str) -> str:
function _validate_timestamp_column (line 99) | def _validate_timestamp_column(column_name: str) -> str:
function _validate_identifier (line 119) | def _validate_identifier(identifier: str) -> str:
class RetentionPolicy (line 144) | class RetentionPolicy:
method __init__ (line 147) | def __init__(
method get_cleanup_query (line 162) | def get_cleanup_query(self) -> tuple[str, tuple]:
method get_count_query (line 180) | def get_count_query(self) -> tuple[str, tuple]:
class RetentionManager (line 196) | class RetentionManager:
method __init__ (line 199) | def __init__(self):
method _load_default_policies (line 204) | def _load_default_policies(self):
method load_policies_from_database (line 244) | async def load_policies_from_database(self):
method save_policies_to_database (line 276) | async def save_policies_to_database(self):
method get_cleanup_preview (line 299) | async def get_cleanup_preview(self, table_name: str | None = None) -> ...
method cleanup_table (line 375) | async def cleanup_table(self, table_name: str, dry_run: bool = False) ...
method cleanup_all_tables (line 441) | async def cleanup_all_tables(self, dry_run: bool = False) -> Dict[str,...
method update_policy (line 491) | async def update_policy(self, table_name: str, retention_days: int, is...
method get_table_stats (line 521) | async def get_table_stats(self) -> Dict[str, Dict[str, Any]]:
method get_database_size (line 606) | async def get_database_size(self) -> Dict[str, Any]:
FILE: metrics-service/app/core/validator.py
class ValidationError (line 12) | class ValidationError(Exception):
method __init__ (line 15) | def __init__(self, field: str, message: str, value: Any = None):
class ValidationResult (line 22) | class ValidationResult:
method __init__ (line 25) | def __init__(self):
method add_error (line 30) | def add_error(self, field: str, message: str, value: Any = None):
method add_warning (line 35) | def add_warning(self, message: str):
method get_error_messages (line 39) | def get_error_messages(self) -> List[str]:
class MetricsValidator (line 44) | class MetricsValidator:
method validate_metric_request (line 75) | def validate_metric_request(self, request: MetricRequest) -> Validatio...
method _validate_service_name (line 103) | def _validate_service_name(self, service: str, result: ValidationResult):
method _validate_version (line 128) | def _validate_version(self, version: str, result: ValidationResult):
method _validate_instance_id (line 137) | def _validate_instance_id(self, instance_id: str, result: ValidationRe...
method _validate_metric (line 158) | def _validate_metric(self, metric: Metric, field_prefix: str, result: ...
method _validate_timestamp (line 182) | def _validate_timestamp(self, timestamp: datetime, field: str, result:...
method _validate_metric_value (line 203) | def _validate_metric_value(self, value: float, field: str, result: Val...
method _validate_duration (line 228) | def _validate_duration(self, duration: float, field: str, result: Vali...
method _validate_dimensions (line 242) | def _validate_dimensions(
method _validate_dimension_key (line 261) | def _validate_dimension_key(self, key: str, field: str, result: Valida...
method _validate_dimension_value (line 280) | def _validate_dimension_value(self, value: Any, field: str, result: Va...
method _validate_metadata (line 300) | def _validate_metadata(self, metadata: Dict[str, Any], field: str, res...
method _validate_metadata_key (line 315) | def _validate_metadata_key(self, key: str, field: str, result: Validat...
method _validate_metadata_value (line 327) | def _validate_metadata_value(self, value: Any, field: str, result: Val...
FILE: metrics-service/app/main.py
function lifespan (line 22) | async def lifespan(app: FastAPI):
function rate_limit_cleanup_task (line 77) | async def rate_limit_cleanup_task():
function retention_cleanup_task (line 90) | async def retention_cleanup_task():
function metrics_flush_task (line 115) | async def metrics_flush_task():
function setup_preshared_api_keys (line 132) | async def setup_preshared_api_keys():
function health_check (line 177) | async def health_check():
function root (line 183) | async def root():
FILE: metrics-service/app/otel/exporters.py
function setup_otel (line 25) | def setup_otel():
FILE: metrics-service/app/otel/instruments.py
class MetricsInstruments (line 9) | class MetricsInstruments:
method __init__ (line 12) | def __init__(self):
FILE: metrics-service/app/storage/database.py
function wait_for_database (line 13) | async def wait_for_database(max_retries: int = 10, delay: float = 2.0):
function _migrate_schema_if_needed (line 35) | async def _migrate_schema_if_needed(db):
function init_database (line 99) | async def init_database():
class MetricsStorage (line 225) | class MetricsStorage:
method __init__ (line 228) | def __init__(self):
method store_metrics_batch (line 231) | async def store_metrics_batch(self, metrics_batch: List[Dict[str, Any]]):
method _store_specialized_metric (line 277) | async def _store_specialized_metric(self, db, metric, request, request...
method get_api_key (line 352) | async def get_api_key(self, key_hash: str) -> Dict[str, Any] | None:
method update_api_key_usage (line 373) | async def update_api_key_usage(self, key_hash: str):
method create_api_key (line 386) | async def create_api_key(
FILE: metrics-service/app/storage/migrations.py
class Migration (line 16) | class Migration:
method __init__ (line 19) | def __init__(
method __str__ (line 35) | def __str__(self):
class MigrationManager (line 39) | class MigrationManager:
method __init__ (line 42) | def __init__(self, db_path: str = None):
method _register_migrations (line 47) | def _register_migrations(self):
method get_current_version (line 375) | async def get_current_version(self) -> int:
method get_applied_migrations (line 400) | async def get_applied_migrations(self) -> List[Dict[str, Any]]:
method apply_migration (line 415) | async def apply_migration(self, migration: Migration) -> bool:
method rollback_migration (line 454) | async def rollback_migration(self, migration: Migration) -> bool:
method migrate_up (line 492) | async def migrate_up(self, target_version: int | None = None) -> bool:
method migrate_down (line 524) | async def migrate_down(self, target_version: int) -> bool:
method list_migrations (line 556) | def list_migrations(self) -> List[Migration]:
method get_migration_status (line 560) | async def get_migration_status(self) -> Dict[str, Any]:
FILE: metrics-service/app/utils/helpers.py
function generate_api_key (line 11) | def generate_api_key() -> str:
function hash_api_key (line 16) | def hash_api_key(api_key: str) -> str:
function generate_request_id (line 21) | def generate_request_id() -> str:
FILE: metrics-service/create_api_key.py
function create_api_key_for_service (line 18) | async def create_api_key_for_service(service_name: str):
function main (line 48) | async def main():
FILE: metrics-service/metrics_client.py
class MetricsClient (line 19) | class MetricsClient:
method __init__ (line 22) | def __init__(
method _get_client (line 47) | async def _get_client(self):
method _emit_metric (line 53) | async def _emit_metric(
method emit_metric_sync (line 120) | def emit_metric_sync(self, *args, **kwargs):
method emit_auth_metric (line 127) | async def emit_auth_metric(
method emit_auth_metric_sync (line 150) | def emit_auth_metric_sync(self, *args, **kwargs):
method emit_registry_metric (line 155) | async def emit_registry_metric(
method emit_registry_metric_sync (line 180) | def emit_registry_metric_sync(self, *args, **kwargs):
method emit_discovery_metric (line 185) | async def emit_discovery_metric(
method emit_discovery_metric_sync (line 212) | def emit_discovery_metric_sync(self, *args, **kwargs):
method emit_tool_execution_metric (line 217) | async def emit_tool_execution_metric(
method emit_tool_execution_metric_sync (line 246) | def emit_tool_execution_metric_sync(self, *args, **kwargs):
method emit_health_metric (line 251) | async def emit_health_metric(
method emit_health_metric_sync (line 262) | def emit_health_metric_sync(self, *args, **kwargs):
method emit_custom_metric (line 267) | async def emit_custom_metric(
method emit_custom_metric_sync (line 288) | def emit_custom_metric_sync(self, *args, **kwargs):
method emit_metrics_batch (line 293) | async def emit_metrics_batch(self, metrics: List[Dict[str, Any]]) -> b...
method close (line 336) | async def close(self):
method __aenter__ (line 341) | async def __aenter__(self):
method __aexit__ (line 345) | async def __aexit__(self, exc_type, exc_val, exc_tb):
function create_metrics_client (line 351) | def create_metrics_client(
function emit_auth_metric (line 359) | async def emit_auth_metric(success: bool, method: str, duration_ms: floa...
function emit_registry_metric (line 368) | async def emit_registry_metric(
function emit_discovery_metric (line 381) | async def emit_discovery_metric(query: str, results_count: int, duration...
function emit_tool_execution_metric (line 390) | async def emit_tool_execution_metric(
FILE: metrics-service/migrate.py
function cmd_status (line 17) | async def cmd_status():
function cmd_up (line 50) | async def cmd_up(target_version: int = None):
function cmd_down (line 75) | async def cmd_down(target_version: int):
function cmd_list (line 110) | async def cmd_list():
function cmd_create (line 129) | async def cmd_create(name: str):
function main (line 178) | async def main():
FILE: metrics-service/tests/conftest.py
function event_loop (line 23) | def event_loop():
function temp_db (line 31) | def temp_db():
function initialized_db (line 51) | async def initialized_db(temp_db):
function test_settings (line 58) | def test_settings():
function sample_metric (line 70) | def sample_metric():
function sample_metric_request (line 88) | def sample_metric_request(sample_metric):
function test_api_key (line 96) | def test_api_key():
function storage_with_api_key (line 104) | async def storage_with_api_key(initialized_db, test_api_key):
function mock_otel_instruments (line 115) | def mock_otel_instruments():
FILE: metrics-service/tests/test_api.py
function client (line 14) | def client():
function valid_metric_request (line 20) | def valid_metric_request():
class TestHealthEndpoints (line 43) | class TestHealthEndpoints:
method test_health_endpoint (line 46) | def test_health_endpoint(self, client):
method test_root_endpoint (line 52) | def test_root_endpoint(self, client):
class TestMetricsEndpoint (line 63) | class TestMetricsEndpoint:
method test_metrics_without_api_key (line 66) | def test_metrics_without_api_key(self, client, valid_metric_request):
method test_metrics_with_invalid_api_key (line 73) | def test_metrics_with_invalid_api_key(self, mock_storage_class, client...
method test_metrics_with_valid_api_key (line 87) | def test_metrics_with_valid_api_key(
method test_metrics_with_invalid_payload (line 123) | def test_metrics_with_invalid_payload(self, mock_storage_class, client):
method test_metrics_with_missing_required_fields (line 142) | def test_metrics_with_missing_required_fields(self, mock_storage_class...
method test_metrics_with_invalid_metric_type (line 164) | def test_metrics_with_invalid_metric_type(self, mock_storage_class, cl...
method test_metrics_processor_error (line 192) | def test_metrics_processor_error(
method test_metrics_with_multiple_metrics (line 218) | def test_metrics_with_multiple_metrics(self, mock_processor_class, moc...
class TestFlushEndpoint (line 256) | class TestFlushEndpoint:
method test_flush_without_api_key (line 259) | def test_flush_without_api_key(self, client):
method test_flush_with_valid_api_key (line 267) | def test_flush_with_valid_api_key(self, mock_processor_class, mock_sto...
FILE: metrics-service/tests/test_auth.py
class TestAPIKeyVerification (line 13) | class TestAPIKeyVerification:
method test_verify_valid_api_key (line 17) | async def test_verify_valid_api_key(self, mock_storage_class):
method test_verify_missing_api_key (line 43) | async def test_verify_missing_api_key(self, mock_storage_class):
method test_verify_invalid_api_key (line 57) | async def test_verify_invalid_api_key(self, mock_storage_class):
method test_verify_inactive_api_key (line 76) | async def test_verify_inactive_api_key(self, mock_storage_class):
method test_verify_api_key_updates_usage (line 100) | async def test_verify_api_key_updates_usage(self, mock_storage_class):
class TestAPIKeyHashingHelpers (line 125) | class TestAPIKeyHashingHelpers:
method test_hash_api_key_consistency (line 128) | def test_hash_api_key_consistency(self):
method test_hash_different_keys_produce_different_hashes (line 137) | def test_hash_different_keys_produce_different_hashes(self):
method test_hash_empty_string (line 147) | def test_hash_empty_string(self):
class TestAuthenticationIntegration (line 154) | class TestAuthenticationIntegration:
method test_metrics_endpoint_auth_integration (line 158) | def test_metrics_endpoint_auth_integration(self, mock_storage_class):
method test_flush_endpoint_auth_integration (line 177) | def test_flush_endpoint_auth_integration(self, mock_storage_class):
method test_health_endpoint_no_auth_required (line 195) | def test_health_endpoint_no_auth_required(self):
method test_root_endpoint_no_auth_required (line 202) | def test_root_endpoint_no_auth_required(self):
class TestSecurityBestPractices (line 210) | class TestSecurityBestPractices:
method test_api_key_not_logged_in_error_messages (line 214) | async def test_api_key_not_logged_in_error_messages(self, mock_storage...
method test_api_key_hashed_before_storage_lookup (line 234) | async def test_api_key_hashed_before_storage_lookup(self, mock_storage...
FILE: metrics-service/tests/test_database.py
class TestDatabaseInitialization (line 13) | class TestDatabaseInitialization:
method test_wait_for_database_success (line 16) | async def test_wait_for_database_success(self, temp_db):
method test_init_database_succeeds (line 21) | async def test_init_database_succeeds(self, temp_db):
class TestAPIKeyManagement (line 31) | class TestAPIKeyManagement:
method test_create_api_key (line 34) | async def test_create_api_key(self, initialized_db):
method test_get_api_key_nonexistent (line 48) | async def test_get_api_key_nonexistent(self, initialized_db):
method test_update_api_key_usage (line 54) | async def test_update_api_key_usage(self, storage_with_api_key):
class TestMetricsStorage (line 70) | class TestMetricsStorage:
method test_store_single_metric_batch (line 73) | async def test_store_single_metric_batch(self, initialized_db, sample_...
method test_store_empty_batch (line 91) | async def test_store_empty_batch(self, initialized_db):
method test_store_multiple_metrics_batch (line 100) | async def test_store_multiple_metrics_batch(self, initialized_db):
method test_store_discovery_metric (line 128) | async def test_store_discovery_metric(self, initialized_db):
FILE: metrics-service/tests/test_migrations.py
class TestMigration (line 13) | class TestMigration:
method test_migration_creation (line 16) | def test_migration_creation(self):
method test_migration_with_python_functions (line 31) | def test_migration_with_python_functions(self):
class TestMigrationManager (line 52) | class TestMigrationManager:
method temp_db (line 56) | def temp_db(self):
method migration_manager (line 64) | def migration_manager(self, temp_db):
method test_get_current_version_no_table (line 69) | async def test_get_current_version_no_table(self, migration_manager):
method test_get_current_version_empty_table (line 75) | async def test_get_current_version_empty_table(self, migration_manager...
method test_get_current_version_with_data (line 92) | async def test_get_current_version_with_data(self, migration_manager, ...
method test_get_applied_migrations (line 117) | async def test_get_applied_migrations(self, migration_manager, temp_db):
method test_apply_migration_sql_only (line 142) | async def test_apply_migration_sql_only(self, migration_manager, temp_...
method test_apply_migration_with_python (line 177) | async def test_apply_migration_with_python(self, migration_manager, te...
method test_apply_migration_failure (line 214) | async def test_apply_migration_failure(self, migration_manager):
method test_rollback_migration (line 226) | async def test_rollback_migration(self, migration_manager, temp_db):
method test_list_migrations (line 263) | def test_list_migrations(self, migration_manager):
method test_migrate_up_all (line 276) | async def test_migrate_up_all(self, migration_manager, temp_db):
method test_migrate_up_to_target (line 311) | async def test_migrate_up_to_target(self, migration_manager, temp_db):
method test_migrate_up_already_current (line 341) | async def test_migrate_up_already_current(self, migration_manager, tem...
method test_migrate_down (line 363) | async def test_migrate_down(self, migration_manager, temp_db):
method test_get_migration_status (line 404) | async def test_get_migration_status(self, migration_manager, temp_db):
FILE: metrics-service/tests/test_processor.py
class TestProcessingResult (line 12) | class TestProcessingResult:
method test_processing_result_initialization (line 15) | def test_processing_result_initialization(self):
method test_processing_result_modification (line 22) | def test_processing_result_modification(self):
class TestMetricsProcessor (line 34) | class TestMetricsProcessor:
method test_processor_initialization (line 38) | def test_processor_initialization(self, mock_storage_class):
method test_processor_initialization_with_otel (line 49) | def test_processor_initialization_with_otel(self, mock_storage_class):
method test_processor_initialization_without_otel (line 59) | def test_processor_initialization_without_otel(self, mock_storage_class):
class TestMetricValidation (line 70) | class TestMetricValidation:
method test_validate_valid_metric (line 74) | def test_validate_valid_metric(self, mock_storage_class):
method test_validate_metric_with_null_value (line 83) | def test_validate_metric_with_null_value(self, mock_storage_class):
method test_validate_metric_with_zero_value (line 97) | def test_validate_metric_with_zero_value(self, mock_storage_class):
class TestMetricsProcessing (line 110) | class TestMetricsProcessing:
method test_process_single_valid_metric (line 114) | async def test_process_single_valid_metric(self, mock_storage_class):
method test_process_invalid_metric (line 135) | async def test_process_invalid_metric(self, mock_storage_class, mock_v...
method test_process_mixed_valid_invalid_metrics (line 170) | async def test_process_mixed_valid_invalid_metrics(self, mock_storage_...
method test_process_metrics_with_otel_emission (line 208) | async def test_process_metrics_with_otel_emission(self, mock_storage_c...
method test_process_metrics_storage_error (line 239) | async def test_process_metrics_storage_error(self, mock_storage_class):
class TestOTelEmission (line 269) | class TestOTelEmission:
method test_emit_auth_metric_to_otel (line 273) | async def test_emit_auth_metric_to_otel(self, mock_storage_class):
method test_emit_discovery_metric_to_otel (line 312) | async def test_emit_discovery_metric_to_otel(self, mock_storage_class):
method test_emit_tool_metric_to_otel (line 332) | async def test_emit_tool_metric_to_otel(self, mock_storage_class):
method test_emit_without_otel (line 352) | async def test_emit_without_otel(self, mock_storage_class):
class TestBufferedStorage (line 363) | class TestBufferedStorage:
method test_buffer_for_storage (line 367) | async def test_buffer_for_storage(self, mock_storage_class):
method test_force_flush (line 385) | async def test_force_flush(self, mock_storage_class):
FILE: metrics-service/tests/test_rate_limiter.py
class TestRateLimiter (line 17) | class TestRateLimiter:
method rate_limiter (line 21) | def rate_limiter(self):
method test_rate_limiter_initialization (line 26) | async def test_rate_limiter_initialization(self, rate_limiter):
method test_first_request_allowed (line 32) | async def test_first_request_allowed(self, rate_limiter):
method test_rate_limit_enforcement (line 43) | async def test_rate_limit_enforcement(self, rate_limiter):
method test_token_refill_over_time (line 64) | async def test_token_refill_over_time(self, rate_limiter):
method test_different_keys_independent_limits (line 87) | async def test_different_keys_independent_limits(self, rate_limiter):
method test_rate_limit_change (line 107) | async def test_rate_limit_change(self, rate_limiter):
method test_get_bucket_status (line 123) | async def test_get_bucket_status(self, rate_limiter):
method test_get_bucket_status_new_key (line 139) | async def test_get_bucket_status_new_key(self, rate_limiter):
method test_cleanup_old_buckets (line 151) | async def test_cleanup_old_buckets(self, rate_limiter):
class TestRateLimitIntegration (line 171) | class TestRateLimitIntegration:
method clear_rate_limiter (line 175) | def clear_rate_limiter(self):
method client (line 182) | def client(self):
method mock_request (line 187) | def mock_request(self):
method test_auth_with_rate_limiting (line 196) | async def test_auth_with_rate_limiting(self, mock_storage_class, mock_...
method test_rate_limit_exceeded (line 219) | async def test_rate_limit_exceeded(self, mock_storage_class, mock_requ...
method test_get_rate_limit_status_function (line 248) | async def test_get_rate_limit_status_function(self, mock_storage_class):
method test_get_rate_limit_status_invalid_key (line 269) | async def test_get_rate_limit_status_invalid_key(self, mock_storage_cl...
class TestRateLimitEndpoint (line 283) | class TestRateLimitEndpoint:
method clear_rate_limiter (line 287) | def clear_rate_limiter(self):
method client (line 294) | def client(self):
method test_rate_limit_endpoint_without_key (line 298) | def test_rate_limit_endpoint_without_key(self, client):
method test_rate_limit_endpoint_with_key (line 305) | def test_rate_limit_endpoint_with_key(self, mock_get_status, client):
method test_rate_limit_endpoint_error (line 325) | def test_rate_limit_endpoint_error(self, mock_get_status, client):
FILE: metrics-service/tests/test_retention.py
function enable_test_tables (line 26) | def enable_test_tables():
function temp_db (line 34) | async def temp_db():
class TestRetentionPolicy (line 80) | class TestRetentionPolicy:
method test_policy_creation (line 83) | def test_policy_creation(self):
method test_custom_cleanup_query (line 92) | def test_custom_cleanup_query(self):
method test_default_cleanup_query (line 103) | def test_default_cleanup_query(self):
method test_count_query (line 114) | def test_count_query(self):
class TestRetentionManager (line 127) | class TestRetentionManager:
method manager (line 131) | async def manager(self, temp_db):
method test_load_default_policies (line 138) | async def test_load_default_policies(self, manager):
method test_update_policy (line 146) | async def test_update_policy(self, manager):
method test_get_cleanup_preview (line 155) | async def test_get_cleanup_preview(self, manager, temp_db):
method test_cleanup_table_dry_run (line 176) | async def test_cleanup_table_dry_run(self, manager, temp_db):
method test_cleanup_table_actual (line 196) | async def test_cleanup_table_actual(self, manager, temp_db):
method test_cleanup_inactive_policy (line 216) | async def test_cleanup_inactive_policy(self, manager):
method test_cleanup_no_policy (line 228) | async def test_cleanup_no_policy(self, manager):
method test_cleanup_all_tables (line 234) | async def test_cleanup_all_tables(self, manager, temp_db):
method test_get_table_stats (line 248) | async def test_get_table_stats(self, manager, temp_db):
method test_get_database_size (line 264) | async def test_get_database_size(self, manager):
method test_save_and_load_policies (line 276) | async def test_save_and_load_policies(self, manager, temp_db):
class TestRetentionIntegration (line 297) | class TestRetentionIntegration:
method test_end_to_end_cleanup (line 301) | async def test_end_to_end_cleanup(self, temp_db):
class TestSQLInjectionPrevention (line 340) | class TestSQLInjectionPrevention:
method test_table_name_with_sql_injection_rejected (line 348) | def test_table_name_with_sql_injection_rejected(self):
method test_table_name_with_spaces_rejected (line 365) | def test_table_name_with_spaces_rejected(self):
method test_table_name_with_special_chars_rejected (line 370) | def test_table_name_with_special_chars_rejected(self):
method test_timestamp_column_with_sql_injection_rejected (line 388) | def test_timestamp_column_with_sql_injection_rejected(self):
method test_identifier_validation_rejects_invalid_patterns (line 400) | def test_identifier_validation_rejects_invalid_patterns(self):
method test_identifier_validation_accepts_valid_patterns (line 417) | def test_identifier_validation_accepts_valid_patterns(self):
method test_valid_table_names_accepted (line 432) | def test_valid_table_names_accepted(self):
method test_valid_timestamp_columns_accepted (line 438) | def test_valid_timestamp_columns_accepted(self):
method test_retention_policy_rejects_invalid_table (line 444) | def test_retention_policy_rejects_invalid_table(self):
method test_retention_policy_rejects_invalid_timestamp_column (line 454) | def test_retention_policy_rejects_invalid_timestamp_column(self):
method test_update_policy_rejects_invalid_table (line 462) | async def test_update_policy_rejects_invalid_table(self, temp_db):
method test_get_cleanup_preview_rejects_invalid_table (line 476) | async def test_get_cleanup_preview_rejects_invalid_table(self, temp_db):
method test_cleanup_table_rejects_invalid_table (line 490) | async def test_cleanup_table_rejects_invalid_table(self, temp_db):
class TestAllowlistConfiguration (line 501) | class TestAllowlistConfiguration:
method test_allowlist_contains_expected_tables (line 504) | def test_allowlist_contains_expected_tables(self):
method test_allowlist_contains_expected_timestamp_columns (line 518) | def test_allowlist_contains_expected_timestamp_columns(self):
method test_allowlist_is_immutable_set (line 528) | def test_allowlist_is_immutable_set(self):
FILE: metrics-service/tests/test_validator.py
class TestValidationResult (line 11) | class TestValidationResult:
method test_validation_result_initialization (line 14) | def test_validation_result_initialization(self):
method test_add_error (line 21) | def test_add_error(self):
method test_add_warning (line 32) | def test_add_warning(self):
method test_get_error_messages (line 41) | def test_get_error_messages(self):
class TestValidationError (line 53) | class TestValidationError:
method test_validation_error_creation (line 56) | def test_validation_error_creation(self):
class TestServiceValidation (line 66) | class TestServiceValidation:
method validator (line 70) | def validator(self):
method test_valid_service_names (line 74) | def test_valid_service_names(self, validator):
method test_invalid_service_names (line 92) | def test_invalid_service_names(self, validator):
method test_non_string_service_name (line 109) | def test_non_string_service_name(self, validator):
class TestVersionValidation (line 118) | class TestVersionValidation:
method validator (line 122) | def validator(self):
method test_valid_versions (line 126) | def test_valid_versions(self, validator):
method test_invalid_versions (line 145) | def test_invalid_versions(self, validator):
class TestMetricValueValidation (line 158) | class TestMetricValueValidation:
method validator (line 162) | def validator(self):
method test_valid_metric_values (line 166) | def test_valid_metric_values(self, validator):
method test_invalid_metric_values (line 178) | def test_invalid_metric_values(self, validator):
class TestDimensionsValidation (line 198) | class TestDimensionsValidation:
method validator (line 202) | def validator(self):
method test_valid_dimensions (line 206) | def test_valid_dimensions(self, validator):
method test_invalid_dimension_keys (line 223) | def test_invalid_dimension_keys(self, validator):
method test_too_many_dimensions (line 239) | def test_too_many_dimensions(self, validator):
method test_dimension_value_length (line 251) | def test_dimension_value_length(self, validator):
class TestTimestampValidation (line 264) | class TestTimestampValidation:
method validator (line 268) | def validator(self):
method test_valid_timestamps (line 272) | def test_valid_timestamps(self, validator):
method test_future_timestamp (line 286) | def test_future_timestamp(self, validator):
method test_old_timestamp (line 296) | def test_old_timestamp(self, validator):
class TestFullRequestValidation (line 308) | class TestFullRequestValidation:
method validator (line 312) | def validator(self):
method test_valid_request (line 316) | def test_valid_request(self, validator):
method test_empty_metrics_array (line 338) | def test_empty_metrics_array(self, validator):
method test_too_many_metrics (line 347) | def test_too_many_metrics(self, validator):
method test_invalid_service_propagates (line 361) | def test_invalid_service_propagates(self, validator):
method test_metric_validation_with_index (line 373) | def test_metric_validation_with_index(self, validator):
FILE: registry/api/agent_routes.py
function get_search_repo (line 46) | def get_search_repo() -> SearchRepositoryBase:
function _perform_agent_security_scan_on_registration (line 63) | async def _perform_agent_security_scan_on_registration(
class RatingRequest (line 149) | class RatingRequest(BaseModel):
function _build_agent_health_urls (line 153) | def _build_agent_health_urls(
function _normalize_path (line 175) | def _normalize_path(
function _check_agent_permission (line 209) | def _check_agent_permission(
function _has_delete_agent_permission (line 242) | def _has_delete_agent_permission(user_context: dict[str, Any], agent_pat...
function _filter_agents_by_access (line 281) | def _filter_agents_by_access(
function register_agent (line 335) | async def register_agent(
function list_agents (line 596) | async def list_agents(
function check_agent_health (line 778) | async def check_agent_health(
function rate_agent (line 911) | async def rate_agent(
function get_agent_rating (line 969) | async def get_agent_rating(
function toggle_agent (line 997) | async def toggle_agent(
function get_agent_security_scan (line 1066) | async def get_agent_security_scan(
function rescan_agent (line 1123) | async def rescan_agent(
function get_agent (line 1199) | async def get_agent(
function update_agent (line 1248) | async def update_agent(
function delete_agent (line 1410) | async def delete_agent(
function discover_agents_by_skills (line 1501) | async def discover_agents_by_skills(
function discover_agents_semantic (line 1618) | async def discover_agents_semantic(
FILE: registry/api/ans_routes.py
function _check_rate_limit (line 48) | def _check_rate_limit(
function _check_ans_enabled (line 73) | def _check_ans_enabled() -> None:
function _get_username (line 82) | def _get_username(
function _check_admin (line 98) | def _check_admin(
function _normalize_path (line 123) | def _normalize_path(path: str) -> str:
function link_ans_to_agent_endpoint (line 136) | async def link_ans_to_agent_endpoint(
function get_agent_ans_status (line 165) | async def get_agent_ans_status(
function unlink_ans_from_agent_endpoint (line 188) | async def unlink_ans_from_agent_endpoint(
function link_ans_to_server_endpoint (line 218) | async def link_ans_to_server_endpoint(
function get_server_ans_status (line 247) | async def get_server_ans_status(
function unlink_ans_from_server_endpoint (line 270) | async def unlink_ans_from_server_endpoint(
function trigger_ans_sync (line 300) | async def trigger_ans_sync(
function get_ans_metrics_endpoint (line 318) | async def get_ans_metrics_endpoint(
function get_ans_health (line 332) | async def get_ans_health(
FILE: registry/api/auth0_m2m_routes.py
class Auth0SyncRequest (line 31) | class Auth0SyncRequest(BaseModel):
class Auth0SyncResponse (line 37) | class Auth0SyncResponse(BaseModel):
function _require_admin (line 47) | def _require_admin(user_context: dict | None) -> None:
function sync_auth0_m2m_clients (line 68) | async def sync_auth0_m2m_clients(
function list_auth0_m2m_clients (line 111) | async def list_auth0_m2m_clients(
function get_client_groups (line 151) | async def get_client_groups(
function update_client_groups (line 189) | async def update_client_groups(
FILE: registry/api/config_routes.py
function _is_sensitive_field (line 314) | def _is_sensitive_field(field_name: str) -> bool:
function _mask_sensitive_value (line 320) | def _mask_sensitive_value(value: Any) -> str:
function _format_value (line 334) | def _format_value(
function _get_field_value (line 380) | def _get_field_value(field_name: str) -> Any:
function _check_rate_limit (line 400) | def _check_rate_limit(user_id: str) -> bool:
function _get_cached_config_response (line 430) | def _get_cached_config_response() -> dict[str, Any]:
function _build_fields_list (line 443) | def _build_fields_list(
function _build_config_response (line 466) | def _build_config_response() -> dict[str, Any]:
function get_full_config (line 515) | async def get_full_config(
function get_config (line 601) | async def get_config() -> dict[str, Any]:
class ExportFormat (line 637) | class ExportFormat(str, Enum):
function _iter_group_fields (line 646) | def _iter_group_fields(
function _export_as_env (line 663) | def _export_as_env(include_sensitive: bool = False) -> str:
function _export_as_json (line 703) | def _export_as_json(include_sensitive: bool = False) -> str:
function _export_as_tfvars (line 735) | def _export_as_tfvars(include_sensitive: bool = False) -> str:
function _export_as_yaml (line 781) | def _export_as_yaml(include_sensitive: bool = False) -> str:
function export_config (line 866) | async def export_config(
FILE: registry/api/export_routes.py
class ExportAuditRequest (line 34) | class ExportAuditRequest(BaseModel):
function _require_admin (line 49) | def _require_admin(
function record_export_audit_event (line 66) | async def record_export_audit_event(
function export_scopes (line 91) | async def export_scopes(
FILE: registry/api/federation_export_routes.py
function _get_current_sync_generation (line 37) | async def _get_current_sync_generation() -> int:
function _get_registry_id (line 66) | def _get_registry_id() -> str:
function _check_federation_scope (line 89) | def _check_federation_scope(
function _get_item_attr (line 117) | def _get_item_attr(
function _is_federated_item (line 138) | def _is_federated_item(
function _filter_by_visibility (line 163) | def _filter_by_visibility(
function _filter_by_generation (line 223) | def _filter_by_generation(
function _item_to_dict (line 269) | def _item_to_dict(
function _paginate (line 288) | def _paginate(
function federation_auth (line 312) | async def federation_auth(
function federation_health (line 351) | async def federation_health():
function export_servers (line 372) | async def export_servers(
function export_agents (line 485) | async def export_agents(
function export_security_scans (line 595) | async def export_security_scans(
FILE: registry/api/federation_routes.py
function _get_federation_repo (line 33) | def _get_federation_repo() -> FederationConfigRepositoryBase:
function get_federation_config (line 39) | async def get_federation_config(
function save_federation_config (line 87) | async def save_federation_config(
function update_federation_config (line 193) | async def update_federation_config(
function delete_federation_config (line 272) | async def delete_federation_config(
function list_federation_configs (line 311) | async def list_federation_configs(
function add_anthropic_server (line 337) | async def add_anthropic_server(
function remove_anthropic_server (line 391) | async def remove_anthropic_server(
function add_asor_agent (line 473) | async def add_asor_agent(
function remove_asor_agent (line 527) | async def remove_asor_agent(
function add_aws_registry (line 578) | async def add_aws_registry(
function remove_aws_registry (line 641) | async def remove_aws_registry(
function _deregister_entities_from_registry (line 714) | async def _deregister_entities_from_registry(
function _deregister_servers_from_registry (line 742) | async def _deregister_servers_from_registry(
function _deregister_agents_from_registry (line 776) | async def _deregister_agents_from_registry(
function _deregister_skills_from_registry (line 822) | async def _deregister_skills_from_registry(
function sync_federation (line 877) | async def sync_federation(
FILE: registry/api/internal_routes.py
function _get_repo (line 32) | def _get_repo():
function create_client_session (line 48) | async def create_client_session(
function validate_client_session (line 79) | async def validate_client_session(
function get_backend_session (line 100) | async def get_backend_session(
function store_backend_session (line 136) | async def store_backend_session(
function delete_backend_session (line 172) | async def delete_backend_session(
FILE: registry/api/log_routes.py
function _check_rate_limit (line 39) | def _check_rate_limit(user_id: str) -> bool:
function _sanitize_search (line 56) | def _sanitize_search(search: str | None) -> str | None:
function _require_admin (line 63) | def _require_admin(
function _get_repo (line 79) | def _get_repo() -> AppLogRepository:
class LogEntry (line 90) | class LogEntry(BaseModel):
class LogQueryResponse (line 105) | class LogQueryResponse(BaseModel):
class LogMetadataResponse (line 115) | class LogMetadataResponse(BaseModel):
function query_logs (line 131) | async def query_logs(
function export_logs (line 184) | async def export_logs(
function get_log_metadata (line 244) | async def get_log_metadata(
FILE: registry/api/m2m_management_routes.py
function _require_admin (line 49) | def _require_admin(
function _get_service (line 62) | async def _get_service() -> M2MManagementService:
function create_m2m_client (line 72) | async def create_m2m_client(
function list_m2m_clients (line 101) | async def list_m2m_clients(
function get_m2m_client (line 118) | async def get_m2m_client(
function patch_m2m_client (line 140) | async def patch_m2m_client(
function delete_m2m_client (line 178) | async def delete_m2m_client(
FILE: registry/api/management_routes.py
function _translate_iam_error (line 35) | def _translate_iam_error(exc: Exception) -> HTTPException:
function _normalize_agent_path (line 57) | def _normalize_agent_path(path: str) -> str:
function _normalize_agent_paths_in_scope_config (line 77) | def _normalize_agent_paths_in_scope_config(
function _require_admin (line 109) | def _require_admin(user_context: dict) -> None:
function management_list_users (line 127) | async def management_list_users(
function management_create_m2m_user (line 191) | async def management_create_m2m_user(
function management_create_human_user (line 246) | async def management_create_human_user(
function management_delete_user (line 279) | async def management_delete_user(
function management_update_user_groups (line 297) | async def management_update_user_groups(
function management_list_groups (line 377) | async def management_list_groups(
function management_create_group (line 406) | async def management_create_group(
function management_delete_group (line 511) | async def management_delete_group(
function management_get_group (line 568) | async def management_get_group(
function management_update_group (line 612) | async def management_update_group(
FILE: registry/api/okta_m2m_routes.py
function _require_admin (line 32) | def _require_admin(user_context: dict | None) -> None:
function sync_okta_m2m_clients (line 53) | async def sync_okta_m2m_clients(
function list_okta_m2m_clients (line 96) | async def list_okta_m2m_clients(
function get_client_groups (line 136) | async def get_client_groups(
function update_client_groups (line 174) | async def update_client_groups(
FILE: registry/api/peer_management_routes.py
function _check_peer_management_scope (line 35) | def _check_peer_management_scope(
function list_peers (line 87) | async def list_peers(
function create_peer (line 117) | async def create_peer(
function sync_all_peers (line 172) | async def sync_all_peers(
function get_all_connections (line 215) | async def get_all_connections(
function get_shared_resources (line 254) | async def get_shared_resources(
function get_peer (line 289) | async def get_peer(
function update_peer (line 326) | async def update_peer(
function update_peer_token (line 381) | async def update_peer_token(
function delete_peer (line 457) | async def delete_peer(
function sync_peer (line 493) | async def sync_peer(
function get_peer_status (line 544) | async def get_peer_status(
function enable_peer (line 582) | async def enable_peer(
function disable_peer (line 620) | async def disable_peer(
function get_peer_connections (line 658) | async def get_peer_connections(
function get_peer_shared_resources (line 702) | async def get_peer_shared_resources(
FILE: registry/api/registry_management_routes.py
function _require_admin (line 20) | def _require_admin(user_context: dict) -> None:
function force_heartbeat (line 38) | async def force_heartbeat(
function force_startup_ping (line 65) | async def force_startup_ping(
FILE: registry/api/registry_routes.py
function list_servers (line 49) | async def list_servers(
function list_server_versions (line 123) | async def list_server_versions(
function get_server_version (line 216) | async def get_server_version(
function _auto_initialize_registry_card (line 312) | async def _auto_initialize_registry_card():
function get_registry_card (line 445) | async def get_registry_card():
function update_registry_card (line 469) | async def update_registry_card(
function patch_registry_card (line 585) | async def patch_registry_card(
FILE: registry/api/search_routes.py
function get_search_repo (line 27) | def get_search_repo() -> SearchRepositoryBase:
class MatchingToolResult (line 32) | class MatchingToolResult(BaseModel):
class SyncMetadata (line 44) | class SyncMetadata(BaseModel):
function _compute_endpoint_url (line 56) | def _compute_endpoint_url(
class ServerSearchResult (line 97) | class ServerSearchResult(BaseModel):
class ToolSearchResult (line 129) | class ToolSearchResult(BaseModel):
class AgentSearchResult (line 143) | class AgentSearchResult(BaseModel):
class SkillSearchResult (line 160) | class SkillSearchResult(BaseModel):
class VirtualServerSearchResult (line 179) | class VirtualServerSearchResult(BaseModel):
class SemanticSearchRequest (line 197) | class SemanticSearchRequest(BaseModel):
class SemanticSearchResponse (line 227) | class SemanticSearchResponse(BaseModel):
function _get_tool_schema_for_virtual_server (line 244) | async def _get_tool_schema_for_virtual_server(
function _user_can_access_server (line 295) | async def _user_can_access_server(path: str, server_name: str, user_cont...
function _user_can_access_agent (line 320) | async def _user_can_access_agent(agent_path: str, user_context: dict) ->...
function _user_can_access_skill (line 347) | async def _user_can_access_skill(
function _compute_trust_verified (line 383) | def _compute_trust_verified(
function _parse_hashtags (line 404) | def _parse_hashtags(
function _entity_has_all_tags (line 420) | def _entity_has_all_tags(
function semantic_search (line 434) | async def semantic_search(
function get_all_tags (line 813) | async def get_all_tags(
FILE: registry/api/server_routes.py
class RatingRequest (line 32) | class RatingRequest(BaseModel):
function _build_scan_headers_from_credentials (line 40) | def _build_scan_headers_from_credentials(
function _perform_security_scan_on_registration (line 89) | async def _perform_security_scan_on_registration(
function read_root (line 184) | async def read_root(
function get_servers_json (line 330) | async def get_servers_json(
function toggle_service_route (line 544) | async def toggle_service_route(
function register_service (line 652) | async def register_service(
function internal_register_service (line 907) | async def internal_register_service(
function internal_remove_service (line 1217) | async def internal_remove_service(
function internal_toggle_service (line 1329) | async def internal_toggle_service(
function internal_healthcheck (line 1442) | async def internal_healthcheck(
function edit_server_form (line 1468) | async def edit_server_form(
function edit_server_submit (line 1524) | async def edit_server_submit(
function token_generation_page (line 1725) | async def token_generation_page(
function get_server_details (line 1742) | async def get_server_details(
function get_service_tools (line 1827) | async def get_service_tools(
function refresh_service (line 1962) | async def refresh_service(service_path: str, user_context: Annotated[dic...
function _add_server_to_groups_impl (line 2055) | async def _add_server_to_groups_impl(
function internal_add_server_to_groups (line 2107) | async def internal_add_server_to_groups(
function _remove_server_from_groups_impl (line 2120) | async def _remove_server_from_groups_impl(
function internal_remove_server_from_groups (line 2172) | async def internal_remove_server_from_groups(
function internal_list_services (line 2186) | async def internal_list_services(
function internal_create_group (line 2243) | async def internal_create_group(
function internal_delete_group (line 2258) | async def internal_delete_group(
function _list_groups_impl (line 2272) | async def _list_groups_impl(
function internal_list_groups (line 2344) | async def internal_list_groups(
function generate_user_token (line 2358) | async def generate_user_token(
function register_service_api (line 2532) | async def register_service_api(
function update_server_auth_credential (line 2883) | async def update_server_auth_credential(
function toggle_service_api (line 3006) | async def toggle_service_api(
function remove_service_api (line 3118) | async def remove_service_api(
function healthcheck_api (line 3268) | async def healthcheck_api(
function add_server_to_groups_api (line 3309) | async def add_server_to_groups_api(
function remove_server_from_groups_api (line 3348) | async def remove_server_from_groups_api(
function _create_group_impl (line 3386) | async def _create_group_impl(
function create_group_api (line 3460) | async def create_group_api(
function _delete_group_impl (line 3501) | async def _delete_group_impl(
function delete_group_api (line 3588) | async def delete_group_api(
function list_groups_api (line 3630) | async def list_groups_api(
function get_group_api (line 3663) | async def get_group_api(
function import_group_definition (line 3723) | async def import_group_definition(
function rate_server (line 3885) | async def rate_server(
function get_server_rating (line 3956) | async def get_server_rating(
function get_server_security_scan (line 3994) | async def get_server_security_scan(
function rescan_server (line 4053) | async def rescan_server(
function get_service_tools_api (line 4149) | async def get_service_tools_api(
class SetDefaultVersion (line 4191) | class SetDefaultVersion(BaseModel):
function remove_server_version (line 4198) | async def remove_server_version(
function set_default_version (line 4233) | async def set_default_version(
function get_server_versions (line 4271) | async def get_server_versions(
function get_server (line 4295) | async def get_server(
FILE: registry/api/skill_routes.py
class RatingRequest (line 80) | class RatingRequest(BaseModel):
function get_normalized_path (line 92) | def get_normalized_path(
function discover_skills (line 104) | async def discover_skills(
function list_skills (line 160) | async def list_skills(
function parse_skill_md (line 251) | async def parse_skill_md(
function search_skills (line 291) | async def search_skills(
function get_integrity_status (line 385) | async def get_integrity_status(
function check_skill_health (line 433) | async def check_skill_health(
function get_skill_content (line 457) | async def get_skill_content(
function get_skill_tools (line 587) | async def get_skill_tools(
function get_skill_rating (line 606) | async def get_skill_rating(
function get_skill_security_scan (line 645) | async def get_skill_security_scan(
function rescan_skill (line 680) | async def rescan_skill(
function refresh_skill_resources (line 733) | async def refresh_skill_resources(
function get_skill (line 788) | async def get_skill(
function register_skill (line 816) | async def register_skill(
function update_skill (line 890) | async def update_skill(
function delete_skill (line 975) | async def delete_skill(
function toggle_skill (line 1022) | async def toggle_skill(
function rate_skill (line 1064) | async def rate_skill(
function _log_task_exception (line 1120) | def _log_task_exception(task: asyncio.Task) -> None:
function _user_can_access_skill (line 1134) | def _user_can_access_skill(
function _user_can_modify_skill (line 1157) | def _user_can_modify_skill(
function _perform_skill_security_scan_on_registration (line 1168) | async def _perform_skill_security_scan_on_registration(
FILE: registry/api/system_routes.py
function set_server_start_time (line 27) | def set_server_start_time(
function get_server_start_time (line 36) | def get_server_start_time() -> datetime | None:
function _detect_deployment_type (line 45) | def _detect_deployment_type() -> str:
function _get_registry_stats (line 73) | async def _get_registry_stats() -> dict:
function _get_auth_status (line 114) | async def _get_auth_status() -> dict:
function _get_database_status (line 163) | async def _get_database_status() -> dict:
function _get_registry_card_status (line 206) | async def _get_registry_card_status() -> dict:
function _get_cached_stats (line 239) | async def _get_cached_stats() -> dict:
function get_version (line 294) | async def get_version():
function get_system_stats (line 304) | async def get_system_stats():
FILE: registry/api/virtual_server_routes.py
function _require_admin (line 52) | def _require_admin(
function _normalize_virtual_path (line 82) | def _normalize_virtual_path(
function list_virtual_servers (line 135) | async def list_virtual_servers(
function get_virtual_server_tools (line 170) | async def get_virtual_server_tools(
class RatingRequest (line 198) | class RatingRequest(BaseModel):
function rate_virtual_server (line 209) | async def rate_virtual_server(
function get_virtual_server_rating (line 256) | async def get_virtual_server_rating(
function get_virtual_server (line 278) | async def get_virtual_server(
function create_virtual_server (line 302) | async def create_virtual_server(
function update_virtual_server (line 357) | async def update_virtual_server(
function delete_virtual_server (line 418) | async def delete_virtual_server(
function toggle_virtual_server (line 459) | async def toggle_virtual_server(
function get_tool_catalog (line 518) | async def get_tool_catalog(
FILE: registry/api/wellknown_routes.py
function get_wellknown_mcp_servers (line 19) | async def get_wellknown_mcp_servers(
function _format_server_discovery (line 89) | def _format_server_discovery(server_info: dict, request: Request) -> dict:
function _get_server_url (line 122) | def _get_server_url(server_path: str, request: Request, server_info: dic...
function _get_transport_type (line 146) | def _get_transport_type(server_config: dict) -> str:
function _get_authentication_info (line 153) | def _get_authentication_info(server_info: dict) -> dict:
function _get_tools_preview (line 178) | def _get_tools_preview(server_info: dict, max_tools: int = 5) -> list:
function _get_normalized_health_status (line 199) | def _get_normalized_health_status(server_path: str) -> str:
function _auto_initialize_registry_card (line 232) | async def _auto_initialize_registry_card():
function get_well_known_registry_card (line 350) | async def get_well_known_registry_card():
FILE: registry/audit/context.py
function set_audit_action (line 11) | def set_audit_action(
function set_audit_authorization (line 45) | def set_audit_authorization(
FILE: registry/audit/mcp_logger.py
class MCPLogger (line 26) | class MCPLogger:
method __init__ (line 38) | def __init__(self, audit_logger: AuditLogger):
method parse_jsonrpc_body (line 47) | def parse_jsonrpc_body(self, body: bytes | str) -> dict:
method log_mcp_access (line 116) | async def log_mcp_access(
FILE: registry/audit/middleware.py
class AuditMiddleware (line 37) | class AuditMiddleware(BaseHTTPMiddleware):
method __init__ (line 51) | def __init__(
method _should_log (line 75) | def _should_log(self, path: str) -> bool:
method _get_credential_type (line 118) | def _get_credential_type(self, request: Request) -> str:
method _get_credential_hint (line 141) | def _get_credential_hint(self, request: Request) -> str | None:
method _extract_identity (line 167) | def _extract_identity(self, request: Request) -> Identity:
method _extract_action (line 203) | def _extract_action(self, request: Request) -> Action | None:
method _extract_authorization (line 228) | def _extract_authorization(self, request: Request) -> Authorization | ...
method dispatch (line 252) | async def dispatch(self, request: Request, call_next: Callable) -> Res...
function add_audit_middleware (line 341) | def add_audit_middleware(
FILE: registry/audit/models.py
function mask_credential (line 15) | def mask_credential(value: str) -> str:
class Identity (line 49) | class Identity(BaseModel):
method mask_credential_hint (line 74) | def mask_credential_hint(cls, v: str | None) -> str | None:
class Request (line 81) | class Request(BaseModel):
method mask_sensitive_params (line 103) | def mask_sensitive_params(cls, v: dict[str, Any] | None) -> dict[str, ...
class Response (line 113) | class Response(BaseModel):
class Action (line 125) | class Action(BaseModel):
class Authorization (line 147) | class Authorization(BaseModel):
class RegistryApiAccessRecord (line 161) | class RegistryApiAccessRecord(BaseModel):
class MCPServer (line 191) | class MCPServer(BaseModel):
class MCPRequest (line 205) | class MCPRequest(BaseModel):
class MCPResponse (line 227) | class MCPResponse(BaseModel):
class MCPServerAccessRecord (line 245) | class MCPServerAccessRecord(BaseModel):
FILE: registry/audit/routes.py
function get_audit_repository (line 36) | def get_audit_repository() -> DocumentDBAuditRepository:
function require_admin (line 44) | def require_admin(user_context: dict[str, Any] = Depends(enhanced_auth))...
class AuditEventSummary (line 70) | class AuditEventSummary(BaseModel):
class AuditEventsResponse (line 88) | class AuditEventsResponse(BaseModel):
class AuditEventDetail (line 97) | class AuditEventDetail(BaseModel):
class AuditFilterOptions (line 103) | class AuditFilterOptions(BaseModel):
class UsageSummaryItem (line 116) | class UsageSummaryItem(BaseModel):
class TimeSeriesBucket (line 123) | class TimeSeriesBucket(BaseModel):
class StatusDistribution (line 130) | class StatusDistribution(BaseModel):
class UserActivityItem (line 138) | class UserActivityItem(BaseModel):
class AuditStatisticsResponse (line 149) | class AuditStatisticsResponse(BaseModel):
function _build_query (line 179) | def _build_query(
function get_filter_options (line 283) | async def get_filter_options(
function get_statistics (line 322) | async def get_statistics(
function get_audit_events (line 568) | async def get_audit_events(
function get_audit_event (line 694) | async def get_audit_event(
function _generate_jsonl (line 745) | def _generate_jsonl(events: list[dict[str, Any]]):
function _generate_csv (line 756) | def _generate_csv(events: list[dict[str, Any]]):
function export_audit_events (line 822) | async def export_audit_events(
FILE: registry/audit/service.py
class AuditLogger (line 20) | class AuditLogger:
method __init__ (line 32) | def __init__(
method log_event (line 66) | async def log_event(
method close (line 90) | async def close(self) -> None:
method current_file_path (line 99) | def current_file_path(self) -> str | None:
method is_open (line 104) | def is_open(self) -> bool:
FILE: registry/auth/csrf.py
function generate_csrf_token (line 21) | def generate_csrf_token(
function validate_csrf_token (line 37) | def validate_csrf_token(
function verify_csrf_token (line 72) | async def verify_csrf_token(
function verify_csrf_token_flexible (line 107) | async def verify_csrf_token_flexible(
FILE: registry/auth/dependencies.py
function get_current_user (line 15) | def get_current_user(
function get_user_session_data (line 59) | def get_user_session_data(
function reload_scopes_from_repository (line 117) | async def reload_scopes_from_repository():
function map_cognito_groups_to_scopes (line 145) | async def map_cognito_groups_to_scopes(groups: list[str]) -> list[str]:
function get_ui_permissions_for_user (line 180) | async def get_ui_permissions_for_user(user_scopes: list[str]) -> dict[st...
function user_has_ui_permission_for_service (line 224) | def user_has_ui_permission_for_service(
function get_accessible_services_for_user (line 252) | def get_accessible_services_for_user(user_ui_permissions: dict[str, list...
function get_accessible_agents_for_user (line 270) | def get_accessible_agents_for_user(user_ui_permissions: dict[str, list[s...
function get_servers_for_scope (line 288) | async def get_servers_for_scope(scope: str) -> list[str]:
function user_has_wildcard_access (line 311) | async def user_has_wildcard_access(user_scopes: list[str]) -> bool:
function _user_is_admin (line 353) | def _user_is_admin(
function get_user_accessible_servers (line 384) | async def get_user_accessible_servers(user_scopes: list[str]) -> list[str]:
function user_can_modify_servers (line 411) | def user_can_modify_servers(user_groups: list[str], user_scopes: list[st...
function user_can_access_server (line 442) | async def user_can_access_server(server_name: str, user_scopes: list[str...
function api_auth (line 457) | def api_auth(
function web_auth (line 467) | def web_auth(
function enhanced_auth (line 477) | async def enhanced_auth(
function nginx_proxied_auth (line 538) | async def nginx_proxied_auth(
function create_session_cookie (line 688) | def create_session_cookie(
function ui_permission_required (line 696) | def ui_permission_required(permission: str, service_name: str = None):
FILE: registry/auth/internal.py
function generate_internal_token (line 30) | def generate_internal_token(
function validate_internal_auth (line 66) | async def validate_internal_auth(request: Request) -> str:
function _validate_bearer_token (line 99) | def _validate_bearer_token(auth_header: str) -> str:
FILE: registry/auth/routes.py
function _validate_jwt_format (line 46) | def _validate_jwt_format(token: str) -> bool:
function get_oauth2_providers (line 59) | async def get_oauth2_providers():
function login_form (line 83) | async def login_form(request: Request, error: str | None = None):
function oauth2_login_redirect (line 92) | async def oauth2_login_redirect(provider: str, request: Request):
function oauth2_callback (line 128) | async def oauth2_callback(request: Request, error: str = None, details: ...
function logout_handler (line 176) | async def logout_handler(
function logout_get (line 289) | async def logout_get(
function logout_post (line 298) | async def logout_post(
function get_providers_api (line 308) | async def get_providers_api():
function get_auth_config (line 315) | async def get_auth_config():
function get_csrf_token (line 321) | async def get_csrf_token(
FILE: registry/common/scopes_loader.py
function load_scopes_from_repository (line 19) | async def load_scopes_from_repository(
function load_scopes_from_yaml (line 125) | def load_scopes_from_yaml(scopes_path: str | None = None) -> dict[str, A...
function reload_scopes_config (line 167) | async def reload_scopes_config(storage_backend: str | None = None) -> di...
FILE: registry/constants.py
class HealthStatus (line 11) | class HealthStatus(str, Enum):
method get_healthy_statuses (line 24) | def get_healthy_statuses(cls) -> list[str]:
method is_healthy (line 29) | def is_healthy(cls, status: str) -> bool:
class TransportType (line 34) | class TransportType(str, Enum):
class AuthScheme (line 41) | class AuthScheme(str, Enum):
class RegistryConstants (line 55) | class RegistryConstants(BaseModel):
class Config (line 58) | class Config:
FILE: registry/core/config.py
class DeploymentMode (line 11) | class DeploymentMode(str, Enum):
class RegistryMode (line 18) | class RegistryMode(str, Enum):
class Settings (line 27) | class Settings(BaseSettings):
method nginx_updates_enabled (line 472) | def nginx_updates_enabled(self) -> bool:
method is_local_dev (line 502) | def is_local_dev(self) -> bool:
method __init__ (line 506) | def __init__(self, **kwargs):
method embeddings_model_dir (line 513) | def embeddings_model_dir(self) -> Path:
method servers_dir (line 519) | def servers_dir(self) -> Path:
method static_dir (line 525) | def static_dir(self) -> Path:
method templates_dir (line 531) | def templates_dir(self) -> Path:
method nginx_config_path (line 537) | def nginx_config_path(self) -> Path:
method state_file_path (line 541) | def state_file_path(self) -> Path:
method log_dir (line 545) | def log_dir(self) -> Path:
method log_file_path (line 552) | def log_file_path(self) -> Path:
method faiss_index_path (line 558) | def faiss_index_path(self) -> Path:
method faiss_metadata_path (line 562) | def faiss_metadata_path(self) -> Path:
method dotenv_path (line 566) | def dotenv_path(self) -> Path:
method agents_dir (line 572) | def agents_dir(self) -> Path:
method agent_state_file_path (line 579) | def agent_state_file_path(self) -> Path:
method peers_dir (line 584) | def peers_dir(self) -> Path:
method peer_sync_state_file_path (line 590) | def peer_sync_state_file_path(self) -> Path:
method audit_log_path (line 596) | def audit_log_path(self) -> Path:
method data_dir (line 603) | def data_dir(self) -> Path:
class EmbeddingConfig (line 610) | class EmbeddingConfig:
method __init__ (line 613) | def __init__(self, settings_instance: Settings):
method model_family (line 617) | def model_family(self) -> str:
method index_name (line 638) | def index_name(self) -> str:
method get_embedding_metadata (line 651) | def get_embedding_metadata(self) -> dict:
function _validate_mode_combination (line 691) | def _validate_mode_combination(
function _print_config_warning_banner (line 712) | def _print_config_warning_banner(
function log_tab_visibility_warnings (line 735) | def log_tab_visibility_warnings(s: Settings) -> None:
FILE: registry/core/endpoint_utils.py
function _url_contains_transport_path (line 16) | def _url_contains_transport_path(url: str) -> bool:
function get_endpoint_url (line 28) | def get_endpoint_url(
function get_endpoint_url_from_server_info (line 91) | def get_endpoint_url_from_server_info(
FILE: registry/core/mcp_client.py
class MCPServerInfo (line 23) | class MCPServerInfo(TypedDict, total=False):
class MCPConnectionResult (line 30) | class MCPConnectionResult(TypedDict, total=False):
function normalize_sse_endpoint_url (line 37) | def normalize_sse_endpoint_url(endpoint_url: str) -> str:
function _build_headers_for_server (line 73) | def _build_headers_for_server(server_info: dict = None) -> dict[str, str]:
function normalize_sse_endpoint_url_for_request (line 130) | def normalize_sse_endpoint_url_for_request(url_str: str) -> str:
function detect_server_transport_aware (line 160) | async def detect_server_transport_aware(base_url: str, server_info: dict...
function detect_server_transport (line 204) | async def detect_server_transport(base_url: str) -> str:
function get_tools_from_server_with_transport (line 240) | async def get_tools_from_server_with_transport(
function _get_tools_streamable_http (line 279) | async def _get_tools_streamable_http(base_url: str, server_info: dict = ...
function _get_tools_sse (line 390) | async def _get_tools_sse(base_url: str, server_info: dict = None) -> lis...
function _extract_tool_details (line 441) | def _extract_tool_details(tools_response) -> list[dict]:
function get_tools_from_server_with_server_info (line 525) | async def get_tools_from_server_with_server_info(
function get_mcp_connection_result (line 567) | async def get_mcp_connection_result(
class MCPClientService (line 703) | class MCPClientService:
method get_tools_from_server_with_server_info (line 706) | async def get_tools_from_server_with_server_info(
method get_mcp_connection_result (line 712) | async def get_mcp_connection_result(
FILE: registry/core/nginx_service.py
function _ensure_mcp_compliant_schema (line 20) | def _ensure_mcp_compliant_schema(input_schema: dict[str, Any]) -> dict[s...
class NginxConfigService (line 63) | class NginxConfigService:
method __init__ (line 66) | def __init__(self):
method get_additional_server_names (line 89) | async def get_additional_server_names(self) -> str:
method generate_config (line 191) | def generate_config(self, servers: dict[str, dict[str, Any]]) -> bool:
method generate_config_async (line 218) | async def generate_config_async(
method reload_nginx (line 524) | def reload_nginx(self, force: bool = False) -> bool:
method _generate_registry_only_block (line 561) | def _generate_registry_only_block(self) -> str:
method _generate_version_map (line 588) | async def _generate_version_map(self, servers: dict[str, dict[str, Any...
method _sanitize_path_for_location (line 682) | def _sanitize_path_for_location(
method _sanitize_for_nginx_comment (line 699) | def _sanitize_for_nginx_comment(
method _sanitize_for_nginx_set (line 716) | def _sanitize_for_nginx_set(
method _generate_virtual_server_blocks (line 734) | async def _generate_virtual_server_blocks(self) -> str:
method _generate_virtual_backend_locations (line 781) | async def _generate_virtual_backend_locations(
method _write_virtual_server_mappings
Copy disabled (too large)
Download .json
Condensed preview — 1081 files, each showing path, character count, and a content snippet. Download the .json file for the full structured content (15,086K chars).
[
{
"path": ".bandit",
"chars": 422,
"preview": "# Exclude test directories and virtual environment from Bandit scans\n# B101 (assert_used) only appears in test code; exc"
},
{
"path": ".claudeignore",
"chars": 373,
"preview": "cat .claudeignore\n```\n\nShould look like this:\n```\n# Dependencies\n**/node_modules/\nnode_modules/\n\n# Python\n**/.venv/\n**/_"
},
{
"path": ".dockerignore",
"chars": 882,
"preview": "# Virtual environments\n**/.venv\n.venv/\n.venv\nregistry/.venv/\nservers/*/.venv/\nvenv/\n\n# Node.js\nnode_modules/\nfrontend/no"
},
{
"path": ".env.example",
"chars": 47321,
"preview": "# =============================================================================\n# MCP Gateway Registry - Environment Con"
},
{
"path": ".github/workflows/auth-server-test.yml",
"chars": 2842,
"preview": "name: Auth Server Test Suite\n\non:\n push:\n branches: [main, develop]\n paths:\n - 'auth_server/**'\n - 'tes"
},
{
"path": ".github/workflows/build-auth-server.yml",
"chars": 3073,
"preview": "name: Build Auth Server Image\n\non:\n push:\n branches: [main]\n paths:\n - 'auth_server/**'\n - 'registry/**"
},
{
"path": ".github/workflows/build-mcpgw.yml",
"chars": 3058,
"preview": "name: Build MCPGW Image\n\non:\n push:\n branches: [main]\n paths:\n - 'servers/mcpgw/**'\n - 'registry/**'\n "
},
{
"path": ".github/workflows/build-registry.yml",
"chars": 3155,
"preview": "name: Build Registry Image\n\non:\n push:\n branches: [main]\n paths:\n - 'registry/**'\n - 'auth_server/**'\n "
},
{
"path": ".github/workflows/docs.yml",
"chars": 1947,
"preview": "name: Build and Deploy Documentation\n\non:\n push:\n branches: [main]\n paths:\n - 'docs/**'\n - 'mkdocs.yml'"
},
{
"path": ".github/workflows/helm-chart-update.yml",
"chars": 5661,
"preview": "name: Update Helm Charts on Release\n\non:\n workflow_run:\n workflows: [\"Release Docker Images\"]\n types: [completed]"
},
{
"path": ".github/workflows/helm-release-retag.yml",
"chars": 904,
"preview": "name: Move Release Tag After Helm Chart Update\n\non:\n pull_request:\n types: [closed]\n branches: [main]\n\npermission"
},
{
"path": ".github/workflows/helm-test.yml",
"chars": 4955,
"preview": "name: Helm Chart Tests\n\non:\n push:\n branches: [main, develop]\n paths:\n - 'charts/**'\n - '.github/workfl"
},
{
"path": ".github/workflows/metrics-service-test.yml",
"chars": 2945,
"preview": "name: Metrics Service Test Suite\n\non:\n push:\n branches: [main, develop]\n paths:\n - 'metrics-service/**'\n "
},
{
"path": ".github/workflows/registry-test.yml",
"chars": 4919,
"preview": "name: Registry Test Suite\n\non:\n push:\n branches: [main, develop]\n # No path filters - run on every merge to main/"
},
{
"path": ".github/workflows/release-images.yml",
"chars": 3452,
"preview": "name: Release Docker Images\n\non:\n push:\n tags:\n - 'v*.*.*'\n workflow_dispatch:\n inputs:\n tag:\n "
},
{
"path": ".github/workflows/terraform-test.yml",
"chars": 4253,
"preview": "name: Terraform Tests\n\non:\n push:\n branches: [main, develop]\n paths:\n - 'terraform/**'\n - '.github/work"
},
{
"path": ".gitignore",
"chars": 9845,
"preview": "# Byte-compiled / optimized / DLL files\n__pycache__/\n*.py[cod]\n*$py.class\n\n# Models\n.models/\n\n# C extensions\n*.so\n\n# Dis"
},
{
"path": ".pre-commit-config.yaml",
"chars": 4329,
"preview": "# Pre-commit hooks for MCP Gateway Registry\n# Install with: pre-commit install\n# Run manually: pre-commit run --all-file"
},
{
"path": ".secrets.baseline",
"chars": 25111,
"preview": "{\n \"version\": \"1.5.0\",\n \"plugins_used\": [\n {\n \"name\": \"ArtifactoryDetector\"\n },\n {\n \"name\": \"AWSKey"
},
{
"path": ".semgrepignore",
"chars": 559,
"preview": "# Documentation - contains example credentials and test data\ndocs/\n*.md\n\n# Test files - contains test credentials and mo"
},
{
"path": "CLAUDE.md",
"chars": 49709,
"preview": "# Claude Coding Rules\n\n## Overview\nThis document contains coding standards and best practices that must be followed for "
},
{
"path": "CODE_OF_CONDUCT.md",
"chars": 309,
"preview": "## Code of Conduct\nThis project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-condu"
},
{
"path": "CONTRIBUTING.md",
"chars": 3160,
"preview": "# Contributing Guidelines\n\nThank you for your interest in contributing to our project. Whether it's a bug report, new fe"
},
{
"path": "DEV_INSTRUCTIONS.md",
"chars": 4409,
"preview": "# Getting Started\n\n## Prerequisite Reading\n**READ THIS FIRST:** [CONTRIBUTING.md](CONTRIBUTING.md)\n\nBefore you start con"
},
{
"path": "Dockerfile",
"chars": 2879,
"preview": "# Use an official Python runtime as a parent image\nFROM python:3.14-slim\n\n# Set environment variables to prevent interac"
},
{
"path": "LICENSE",
"chars": 10142,
"preview": "\n Apache License\n Version 2.0, January 2004\n "
},
{
"path": "Makefile",
"chars": 10494,
"preview": ".PHONY: help test test-unit test-integration test-e2e test-fast test-coverage test-auth test-servers test-search test-he"
},
{
"path": "NOTICE",
"chars": 135,
"preview": "Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\nQ2 2025 Contributions Copyright Dheeraj Oruganty unde"
},
{
"path": "README.md",
"chars": 76341,
"preview": "<div align=\"center\">\n<img src=\"docs/img/mcp_gateway_horizontal_white_logo.png\" alt=\"MCP Gateway & Registry Logo\" width=\""
},
{
"path": "SECURITY.md",
"chars": 522,
"preview": "# Reporting Security Issues\n\nWe take all security reports seriously.\nWhen we receive such reports,\nwe will investigate a"
},
{
"path": "agents/a2a/.dockerignore",
"chars": 466,
"preview": "# Python\n__pycache__/\n*.py[cod]\n*$py.class\n*.so\n.Python\nbuild/\ndevelop-eggs/\ndist/\ndownloads/\neggs/\n.eggs/\nlib/\nlib64/\np"
},
{
"path": "agents/a2a/.env.example",
"chars": 311,
"preview": "# MCP Registry URL (use Docker service name when running in Docker network)\nMCP_REGISTRY_URL=http://registry\n\n# JWT Toke"
},
{
"path": "agents/a2a/.gitignore",
"chars": 221,
"preview": "# Environment variables with secrets\n.env\n\n# Python\n__pycache__/\n*.py[cod]\n*$py.class\n*.so\n.Python\n\n# Virtual environmen"
},
{
"path": "agents/a2a/README.md",
"chars": 9946,
"preview": "# Travel Booking Agents\n\nTwo AI agents built with AWS Bedrock AgentCore and the Strands framework for flight search and "
},
{
"path": "agents/a2a/deploy_live.sh",
"chars": 7345,
"preview": "#!/bin/bash\n\n# AgentCore Live Deployment Script\n#\n# Deploys A2A agents to AWS using AgentCore CLI with custom Dockerfile"
},
{
"path": "agents/a2a/deploy_local.sh",
"chars": 4938,
"preview": "#!/bin/bash\n\nset -e\n\n# Find the agents/a2a directory\nSCRIPT_DIR=\"$( cd \"$( dirname \"${BASH_SOURCE[0]}\" )\" && pwd )\"\nA2A_"
},
{
"path": "agents/a2a/docker-compose.arm.yml",
"chars": 3010,
"preview": "services:\n travel-assistant-agent:\n image: travel-assistant-agent:latest\n build:\n context: ./src/travel-assi"
},
{
"path": "agents/a2a/docker-compose.local.yml",
"chars": 3137,
"preview": "services:\n travel-assistant-agent:\n image: travel-assistant-agent:latest\n build:\n context: ./src/travel-assi"
},
{
"path": "agents/a2a/pyproject.toml",
"chars": 554,
"preview": "[project]\nname = \"a2a\"\nversion = \"0.1.0\"\ndescription = \"Travel and Flight Booking Agents\"\nrequires-python = \">=3.14\"\ndep"
},
{
"path": "agents/a2a/shutdown_local.sh",
"chars": 1431,
"preview": "#!/bin/bash\n\nset -e\n\n# Find the agents/a2a directory\nSCRIPT_DIR=\"$( cd \"$( dirname \"${BASH_SOURCE[0]}\" )\" && pwd )\"\nA2A_"
},
{
"path": "agents/a2a/src/flight-booking-agent/Dockerfile",
"chars": 1506,
"preview": "ARG TARGETPLATFORM\nFROM --platform=${TARGETPLATFORM} public.ecr.aws/docker/library/python:3.14-slim\n\nWORKDIR /app\n\n# Ins"
},
{
"path": "agents/a2a/src/flight-booking-agent/__init__.py",
"chars": 588,
"preview": "\"\"\"Flight Booking Agent Package.\"\"\"\n\nimport logging\n\nfrom .agent import (\n agent,\n app,\n)\nfrom .database import Bo"
},
{
"path": "agents/a2a/src/flight-booking-agent/agent.py",
"chars": 4739,
"preview": "\"\"\"Flight Booking Agent - Main application module.\"\"\"\n\nimport logging\nfrom contextlib import asynccontextmanager\n\nimport"
},
{
"path": "agents/a2a/src/flight-booking-agent/database.py",
"chars": 22604,
"preview": "\"\"\"Database management module for Flight Booking Agent.\"\"\"\n\nimport logging\nimport os\nimport sqlite3\nimport uuid\nfrom dat"
},
{
"path": "agents/a2a/src/flight-booking-agent/dependencies.py",
"chars": 900,
"preview": "\"\"\"Dependency injection module for Flight Booking Agent.\"\"\"\n\nimport logging\nfrom functools import lru_cache\n\nfrom databa"
},
{
"path": "agents/a2a/src/flight-booking-agent/env_settings.py",
"chars": 1769,
"preview": "\"\"\"Environment settings for Flight Booking Agent.\"\"\"\n\nimport logging\nimport os\n\n# Configure logging with basicConfig\nlog"
},
{
"path": "agents/a2a/src/flight-booking-agent/tools.py",
"chars": 5803,
"preview": "\"\"\"Tools for Flight Booking Agent - Direct SQLite operations for booking management.\"\"\"\n\nimport json\nimport logging\n\nfro"
},
{
"path": "agents/a2a/src/travel-assistant-agent/Dockerfile",
"chars": 1507,
"preview": "ARG TARGETPLATFORM\nFROM --platform=${TARGETPLATFORM} public.ecr.aws/docker/library/python:3.14-slim\n\nWORKDIR /app\n\n# Ins"
},
{
"path": "agents/a2a/src/travel-assistant-agent/__init__.py",
"chars": 494,
"preview": "\"\"\"Travel Assistant Agent Package.\"\"\"\n\nimport logging\n\nfrom .agent import (\n agent,\n app,\n)\nfrom .database import "
},
{
"path": "agents/a2a/src/travel-assistant-agent/agent.py",
"chars": 11176,
"preview": "\"\"\"Tools for Travel Assistant Agent - Flight search and trip planning utilities.\"\"\"\n\nimport json\nimport logging\n\nfrom de"
},
{
"path": "agents/a2a/src/travel-assistant-agent/database.py",
"chars": 10198,
"preview": "\"\"\"Database management module for Travel Assistant Agent.\"\"\"\n\nimport logging\nimport os\nimport sqlite3\nfrom typing import"
},
{
"path": "agents/a2a/src/travel-assistant-agent/dependencies.py",
"chars": 2279,
"preview": "\"\"\"Dependency injection module for Travel Assistant Agent.\"\"\"\n\nimport logging\nfrom functools import lru_cache\n\nfrom data"
},
{
"path": "agents/a2a/src/travel-assistant-agent/env_settings.py",
"chars": 2588,
"preview": "\"\"\"Environment settings for Travel Assistant Agent.\"\"\"\n\nimport logging\nimport os\n\n# Configure logging with basicConfig\nl"
},
{
"path": "agents/a2a/src/travel-assistant-agent/models.py",
"chars": 1943,
"preview": "\"\"\"Data models for Travel Assistant Agent.\"\"\"\n\nfrom typing import Any\n\nfrom pydantic import BaseModel, Field\n\n\nclass Age"
},
{
"path": "agents/a2a/src/travel-assistant-agent/registry_discovery_client.py",
"chars": 7349,
"preview": "\"\"\"Client for agent discovery through MCP Gateway Registry.\"\"\"\n\nimport logging\nimport time\n\nimport aiohttp\nfrom models i"
},
{
"path": "agents/a2a/src/travel-assistant-agent/remote_agent_client.py",
"chars": 5749,
"preview": "\"\"\"Client for communicating with remote A2A agents.\"\"\"\n\nimport logging\nfrom uuid import uuid4\n\nimport httpx\nfrom a2a.cli"
},
{
"path": "agents/a2a/src/travel-assistant-agent/server.py",
"chars": 4614,
"preview": "\"\"\"Travel Assistant Agent - Main application module.\"\"\"\n\nimport logging\nfrom contextlib import asynccontextmanager\n\nimpo"
},
{
"path": "agents/a2a/src/travel-assistant-agent/tools.py",
"chars": 5382,
"preview": "\"\"\"Tools for Travel Assistant Agent - Flight search and trip planning utilities.\"\"\"\n\nimport json\nimport logging\n\nfrom de"
},
{
"path": "agents/a2a/test/agent_discovery_test.py",
"chars": 5878,
"preview": "#!/usr/bin/env python3\n\"\"\"\nTest script for agent discovery and booking workflow.\n\nTest 1: Travel agent searches for flig"
},
{
"path": "agents/a2a/test/agent_simple_test.py",
"chars": 16969,
"preview": "#!/usr/bin/env python3\n\"\"\"\nTest script for Travel Assistant and Flight Booking agents\nUsage: python simple_agents_test.p"
},
{
"path": "agents/a2a/test/check_agent_cards.sh",
"chars": 2112,
"preview": "#!/bin/bash\n\n# Check agent cards for local deployments and save to local files\n\nset -e\n\n# Get script directory\nSCRIPT_DI"
},
{
"path": "agents/a2a/test/flight_booking_agent_card.json",
"chars": 1204,
"preview": "{\n \"capabilities\": {\n \"streaming\": true\n },\n \"defaultInputModes\": [\n \"text\"\n ],\n \"defaultOutputModes\": [\n "
},
{
"path": "agents/a2a/test/simple_agents_test.py",
"chars": 21801,
"preview": "#!/usr/bin/env python3\n\"\"\"\nTest script for Travel Assistant and Flight Booking agents\nUsage: python simple_agents_test.p"
},
{
"path": "agents/a2a/test/travel_assistant_agent_card.json",
"chars": 1768,
"preview": "{\n \"capabilities\": {\n \"streaming\": true\n },\n \"defaultInputModes\": [\n \"text\"\n ],\n \"defaultOutputModes\": [\n "
},
{
"path": "agents/agent.py",
"chars": 34195,
"preview": "#!/usr/bin/env python3\n\"\"\"\nInteractive LangGraph Agent with Registry Tool Discovery\n\nThis agent discovers and invokes MC"
},
{
"path": "agents/cli_user_auth.py",
"chars": 15400,
"preview": "#!/usr/bin/env python3\n\"\"\"\nCLI tool for MCP Gateway user authentication via Cognito OAuth.\nCaptures session cookie and s"
},
{
"path": "agents/client.py",
"chars": 10950,
"preview": "\"\"\"\nClient for the Auth Server REST API.\n\nThis script demonstrates connecting to the Auth Server with Cognito authentica"
},
{
"path": "agents/registry_client.py",
"chars": 12695,
"preview": "\"\"\"Client for MCP Registry API - tool discovery and search.\"\"\"\n\nimport json\nimport logging\nimport time\nfrom typing impor"
},
{
"path": "agents/system_prompt.txt",
"chars": 3313,
"preview": "<instructions>\nYou are a highly capable AI assistant designed to solve a wide range of problems for users. You have acce"
},
{
"path": "api/.gitignore",
"chars": 75,
"preview": "# Temporary JSON files created during testing\n*.json\n\n# Token files\n.token\n"
},
{
"path": "api/README.md",
"chars": 7254,
"preview": "# MCP Gateway Registry Management API\n\nCommand-line tools for managing users, groups, servers, and agents in the MCP Gat"
},
{
"path": "api/USER-GROUP-MANAGEMENT.md",
"chars": 8377,
"preview": "# User and Group Management Guide\n\nThis guide provides the correct sequence of operations for managing users, groups, an"
},
{
"path": "api/get-m2m-token.sh",
"chars": 13384,
"preview": "#!/bin/bash\n\n# Script to get M2M JWT token for a Keycloak client with smart caching\n# Usage: ./get-m2m-token.sh [OPTIONS"
},
{
"path": "api/populate-registry.sh",
"chars": 8447,
"preview": "#!/bin/bash\n# Populate MCP Gateway Registry with example servers and agents\n# This script registers all example MCP serv"
},
{
"path": "api/registry_client.py",
"chars": 163660,
"preview": "#!/usr/bin/env python3\n\"\"\"\nMCP Gateway Registry Client - Standalone Pydantic-based client for the Registry API.\n\nThis cl"
},
{
"path": "api/registry_management.py",
"chars": 194185,
"preview": "#!/usr/bin/env python3\n\"\"\"\nMCP Gateway Registry Management CLI.\n\nHigh-level wrapper for the RegistryClient providing com"
},
{
"path": "api/test-management-api-e2e.md",
"chars": 16778,
"preview": "# Management API End-to-End Test Guide\n\n**Date:** 2025-12-12\n**Purpose:** Comprehensive end-to-end test of the Managemen"
},
{
"path": "api/test-management-api-e2e.sh",
"chars": 23747,
"preview": "#!/bin/bash\n\n# Continue on error - we want to run all tests and report results at the end\n# set -e # Disabled to allow "
},
{
"path": "api/test-mcp-client.sh",
"chars": 6980,
"preview": "#!/bin/bash\n\n# Simple MCP client for testing MCP servers\n# Usage: ./test-mcp-client.sh [--verbose|-v] <method> <server-u"
},
{
"path": "auth_server/__init__.py",
"chars": 54,
"preview": "\"\"\"\nAuth server package for MCP Gateway Registry.\n\"\"\"\n"
},
{
"path": "auth_server/cognito_utils.py",
"chars": 2011,
"preview": "\"\"\"\nCognito utilities for token generation and AWS Cognito operations.\n\"\"\"\n\nimport logging\n\nimport requests\n\nlogger = lo"
},
{
"path": "auth_server/metrics_middleware.py",
"chars": 20805,
"preview": "\"\"\"\nFastAPI middleware for comprehensive metrics collection in the auth server.\n\nThis middleware automatically tracks de"
},
{
"path": "auth_server/mongodb_groups_enrichment.py",
"chars": 4533,
"preview": "\"\"\"DocumentDB/MongoDB Groups Enrichment for M2M Tokens.\n\nThis module provides functionality to enrich M2M tokens with gr"
},
{
"path": "auth_server/oauth2_providers.yml",
"chars": 5742,
"preview": "providers:\n keycloak:\n display_name: \"Keycloak\"\n client_id: \"${KEYCLOAK_CLIENT_ID}\"\n client_secret: \"${KEYCLOA"
},
{
"path": "auth_server/providers/__init__.py",
"chars": 481,
"preview": "\"\"\"Authentication provider package for MCP Gateway Registry.\"\"\"\n\nfrom .auth0 import Auth0Provider\nfrom .base import Auth"
},
{
"path": "auth_server/providers/auth0.py",
"chars": 21563,
"preview": "\"\"\"Auth0 authentication provider implementation.\"\"\"\n\nimport logging\nimport os\nimport time\nfrom typing import Any\nfrom ur"
},
{
"path": "auth_server/providers/base.py",
"chars": 4881,
"preview": "\"\"\"Base authentication provider interface.\"\"\"\n\nimport logging\nfrom abc import ABC, abstractmethod\nfrom typing import Any"
},
{
"path": "auth_server/providers/cognito.py",
"chars": 11049,
"preview": "\"\"\"AWS Cognito authentication provider implementation.\"\"\"\n\nimport logging\nimport time\nfrom typing import Any\nfrom urllib"
},
{
"path": "auth_server/providers/entra.py",
"chars": 24228,
"preview": "\"\"\"Microsoft Entra ID (Azure AD) authentication provider implementation.\"\"\"\n\nimport logging\nimport os\nimport time\nfrom t"
},
{
"path": "auth_server/providers/factory.py",
"chars": 8348,
"preview": "\"\"\"Factory for creating authentication provider instances.\"\"\"\n\nimport logging\nimport os\n\nfrom .auth0 import Auth0Provide"
},
{
"path": "auth_server/providers/keycloak.py",
"chars": 17028,
"preview": "\"\"\"Keycloak authentication provider implementation.\"\"\"\n\nimport logging\nimport os\nimport time\nfrom functools import lru_c"
},
{
"path": "auth_server/providers/okta.py",
"chars": 21842,
"preview": "\"\"\"Okta authentication provider implementation.\"\"\"\n\nimport logging\nimport os\nimport re\nimport time\nfrom typing import An"
},
{
"path": "auth_server/pyproject.toml",
"chars": 946,
"preview": "[build-system]\nrequires = [\"setuptools>=42.0\", \"wheel\"]\nbuild-backend = \"setuptools.build_meta\"\n\n[tool.setuptools]\npacka"
},
{
"path": "auth_server/scopes.yml",
"chars": 10159,
"preview": "# Scopes Configuration for MCP Gateway Registry\n#\n# This file defines three main top-level groups:\n# 1. UI-Scopes: Agent"
},
{
"path": "auth_server/scopes.yml.backup",
"chars": 6967,
"preview": "# Scopes Configuration for MCP Gateway Registry\n#\n# This file defines three main top-level groups:\n# 1. UI-Scopes: Agent"
},
{
"path": "auth_server/server.py",
"chars": 134046,
"preview": "\"\"\"\nSimplified Authentication server that validates JWT tokens against Amazon Cognito.\nConfiguration is passed via heade"
},
{
"path": "build-config.yaml",
"chars": 5314,
"preview": "# Unified Container Build Configuration\n# Central definition of all Docker images to build and push to ECR\n# This is the"
},
{
"path": "build_and_run.sh",
"chars": 25832,
"preview": "#!/bin/bash\n\n# Enable error handling\nset -e\n\n# Function for logging with timestamp\nlog() {\n echo \"[$(date '+%Y-%m-%d "
},
{
"path": "charts/README.md",
"chars": 9395,
"preview": "# MCP Gateway Registry Helm Charts\n\nThis directory contains Helm charts for deploying the MCP Gateway Registry stack on "
},
{
"path": "charts/auth-server/Chart.yaml",
"chars": 153,
"preview": "apiVersion: v2\nname: auth-server\ndescription: A Helm chart for auth-server for MCP Gateway Registry\ntype: application\nve"
},
{
"path": "charts/auth-server/templates/configmap-app-log.yaml",
"chars": 1015,
"preview": "apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: auth-server-app-log-config\n namespace: {{ .Release.Namespace | quote }"
},
{
"path": "charts/auth-server/templates/deployment.yaml",
"chars": 5354,
"preview": "{{- /* Determine auth provider type - prefer global, fallback to local, default to keycloak */ -}}\n{{- $authProviderType"
},
{
"path": "charts/auth-server/templates/ingress.yaml",
"chars": 1776,
"preview": "{{- if .Values.ingress.enabled }}\n{{- $routingMode := .Values.global.ingress.routingMode | default \"subdomain\" }}\n{{- $d"
},
{
"path": "charts/auth-server/templates/secret.yaml",
"chars": 10720,
"preview": "{{- if and .Values.entra.clientSecret .Values.entra.clientSecretExistingSecret }}\n {{- fail \"Cannot set both entra.clie"
},
{
"path": "charts/auth-server/templates/service.yaml",
"chars": 486,
"preview": "apiVersion: v1\nkind: Service\nmetadata:\n name: {{ .Values.app.name }}\n namespace: {{ .Release.Namespace | quote }}\n {{"
},
{
"path": "charts/auth-server/values.yaml",
"chars": 6135,
"preview": "# Global configuration\nglobal:\n image:\n repository: public.ecr.aws/p3v1o3c6/auth-server\n tag: 1.0.21\n pullPoli"
},
{
"path": "charts/keycloak-configure/Chart.yaml",
"chars": 144,
"preview": "apiVersion: v2\nname: keycloak-configure\ndescription: A Helm chart for configuring Keycloak\ntype: application\nversion: 0."
},
{
"path": "charts/keycloak-configure/templates/configmap.yaml",
"chars": 29459,
"preview": "apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: setup-keycloak\n namespace: {{ .Release.Namespace | quote }}\ndata:\n sc"
},
{
"path": "charts/keycloak-configure/templates/job.yaml",
"chars": 946,
"preview": "apiVersion: batch/v1\nkind: Job\nmetadata:\n name: setup-keycloak\n namespace: {{ .Release.Namespace | quote }}\nspec:\n te"
},
{
"path": "charts/keycloak-configure/templates/role.yaml",
"chars": 269,
"preview": "apiVersion: rbac.authorization.k8s.io/v1\nkind: Role\nmetadata:\n name: secret-read-write\n namespace: {{ .Release.Namespa"
},
{
"path": "charts/keycloak-configure/templates/rolebinding.yaml",
"chars": 507,
"preview": "apiVersion: rbac.authorization.k8s.io/v1\nkind: RoleBinding\nmetadata:\n name: secret-read-write\n namespace: {{ .Release."
},
{
"path": "charts/keycloak-configure/templates/sa.yaml",
"chars": 157,
"preview": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: keycloak-configure-sa\n namespace: {{ .Release.Namespace | quote }"
},
{
"path": "charts/keycloak-configure/templates/secret.yaml",
"chars": 1367,
"preview": "{{- if not .Values.keycloak.existingSecret }}\n{{- $routingMode := .Values.global.ingress.routingMode | default \"subdomai"
},
{
"path": "charts/keycloak-configure/values.yaml",
"chars": 234,
"preview": "# Keycloak configuration\nkeycloak:\n adminUser: user\n realm: mcp-gateway\n existingSecret: \"\" # If set, use this exist"
},
{
"path": "charts/mcp-gateway-registry-stack/Chart.yaml",
"chars": 971,
"preview": "apiVersion: v2\nname: mcp-gateway-registry-stack\ndescription: A Helm chart for deploying the MCP Gateway Registry Stack\nt"
},
{
"path": "charts/mcp-gateway-registry-stack/README.md",
"chars": 22888,
"preview": "# MCP Gateway Registry Stack Charts\n\nThis collection of charts deploys everything needed to install the MCP Gateway Regi"
},
{
"path": "charts/mcp-gateway-registry-stack/templates/_helpers.tpl",
"chars": 1459,
"preview": "{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"mcp-gateway-registry-stack.name\" -}}\n{{- default .Chart.Name .Values"
},
{
"path": "charts/mcp-gateway-registry-stack/templates/keycloak-admin-secret.yaml",
"chars": 906,
"preview": "{{/*\nKeycloak admin password secret.\nGenerates a random password on first install and preserves it across helm upgrades."
},
{
"path": "charts/mcp-gateway-registry-stack/templates/keycloak-ingress-patch.yaml",
"chars": 1871,
"preview": "# This template patches the Keycloak ingress hostname to use the global domain\n# Only deployed when the auth provider is"
},
{
"path": "charts/mcp-gateway-registry-stack/templates/keycloak-pg-secret.yaml",
"chars": 1128,
"preview": "{{/*\nKeycloak PostgreSQL secret.\nGenerates random passwords on first install and preserves them across helm upgrades.\nTh"
},
{
"path": "charts/mcp-gateway-registry-stack/templates/mongodb-cluster.yaml",
"chars": 1072,
"preview": "{{ if .Values.mongodb.enabled }}\napiVersion: mongodbcommunity.mongodb.com/v1\nkind: MongoDBCommunity\nmetadata:\n name: {{"
},
{
"path": "charts/mcp-gateway-registry-stack/templates/mongodb-secret.yaml",
"chars": 294,
"preview": "{{ if .Values.mongodb.enabled }}\n{{- if not .Values.mongodb.existingPasswordSecret }}\napiVersion: v1\nkind: Secret\nmetada"
},
{
"path": "charts/mcp-gateway-registry-stack/templates/oauth-provider-secret.yaml",
"chars": 13662,
"preview": "{{/*\nShared OAuth provider secret for auth-server and registry.\nContains the auth provider type and identity provider cr"
},
{
"path": "charts/mcp-gateway-registry-stack/templates/shared-secret.yaml",
"chars": 4151,
"preview": "{{/*\nShared secret for auth-server and registry.\nGenerates random values if not provided via global values.\nBoth service"
},
{
"path": "charts/mcp-gateway-registry-stack/templates/version-configmap.yaml",
"chars": 231,
"preview": "{{ if .Values.global.chartVersion }}\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: chart-version\n namespace: {{ incl"
},
{
"path": "charts/mcp-gateway-registry-stack/values.yaml",
"chars": 15280,
"preview": "# Global configuration - these values are passed to all subcharts\nglobal:\n # Image tag for all services (auth-server, r"
},
{
"path": "charts/mcpgw/Chart.yaml",
"chars": 155,
"preview": "apiVersion: v2\nname: mcpgw\ndescription: A Helm chart for the MCPGW MCP server with embeddings support\ntype: application\n"
},
{
"path": "charts/mcpgw/templates/deployment.yaml",
"chars": 4128,
"preview": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: {{ .Values.app.name }}\n namespace: {{ .Release.Namespace | quote"
},
{
"path": "charts/mcpgw/templates/ingress.yaml",
"chars": 1761,
"preview": "{{- if .Values.ingress.enabled }}\n{{- $routingMode := .Values.global.ingress.routingMode | default \"subdomain\" }}\n{{- $d"
},
{
"path": "charts/mcpgw/templates/secret.yaml",
"chars": 1671,
"preview": "{{- if and .Values.app.embeddingsApiKey .Values.app.embeddingsApiKeyExistingSecret }}\n {{- fail \"Cannot set both app.em"
},
{
"path": "charts/mcpgw/templates/service.yaml",
"chars": 486,
"preview": "apiVersion: v1\nkind: Service\nmetadata:\n name: {{ .Values.app.name }}\n namespace: {{ .Release.Namespace | quote }}\n {{"
},
{
"path": "charts/mcpgw/values.yaml",
"chars": 2142,
"preview": "# Global configuration\nglobal:\n image:\n repository: public.ecr.aws/p3v1o3c6/mcpgw\n tag: 1.0.21\n pullPolicy: If"
},
{
"path": "charts/mongodb-configure/Chart.yaml",
"chars": 142,
"preview": "apiVersion: v2\nname: mongodb-configure\ndescription: A Helm chart for configuring MongoDB\ntype: application\nversion: 0.1."
},
{
"path": "charts/mongodb-configure/templates/configmap.yaml",
"chars": 18939,
"preview": "apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: setup-mongodb\n namespace: {{ .Release.Namespace | quote }}\ndata:\n reg"
},
{
"path": "charts/mongodb-configure/templates/job.yaml",
"chars": 2063,
"preview": "{{- $existingSecret := .Values.mongodb.existingSecret | default .Values.global.existingMongoCredentialsSecret }}\napiVers"
},
{
"path": "charts/mongodb-configure/templates/secret.yaml",
"chars": 1077,
"preview": "{{- $existingSecret := .Values.mongodb.existingSecret | default .Values.global.existingMongoCredentialsSecret }}\n{{- if "
},
{
"path": "charts/mongodb-configure/values.yaml",
"chars": 653,
"preview": "global:\n existingMongoCredentialsSecret: \"\" # If set, use this existing secret instead of creating one\n authProvider:"
},
{
"path": "charts/registry/Chart.yaml",
"chars": 147,
"preview": "apiVersion: v2\nname: registry\ndescription: A Helm chart for registry for MCP Gateway Registry\ntype: application\nversion:"
},
{
"path": "charts/registry/templates/configmap-app-log.yaml",
"chars": 1012,
"preview": "apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: registry-app-log-config\n namespace: {{ .Release.Namespace | quote }}\n "
},
{
"path": "charts/registry/templates/configmap-otel.yaml",
"chars": 1556,
"preview": "apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: registry-otel-config\n namespace: {{ .Release.Namespace | quote }}\n la"
},
{
"path": "charts/registry/templates/deployment.yaml",
"chars": 7341,
"preview": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: {{ .Values.app.name }}\n namespace: {{ .Release.Namespace | quote"
},
{
"path": "charts/registry/templates/ingress.yaml",
"chars": 1715,
"preview": "{{- if .Values.ingress.enabled }}\n{{- $routingMode := .Values.global.ingress.routingMode | default \"subdomain\" }}\n{{- $d"
},
{
"path": "charts/registry/templates/secret.yaml",
"chars": 14619,
"preview": "{{- if and .Values.entra.clientSecret .Values.entra.clientSecretExistingSecret }}\n {{- fail \"Cannot set both entra.clie"
},
{
"path": "charts/registry/templates/service.yaml",
"chars": 649,
"preview": "apiVersion: v1\nkind: Service\nmetadata:\n name: {{ .Values.app.name }}\n namespace: {{ .Release.Namespace | quote }}\n {{"
},
{
"path": "charts/registry/values.yaml",
"chars": 10178,
"preview": "# Global configuration\nglobal:\n image:\n repository: public.ecr.aws/p3v1o3c6/registry\n tag: 1.0.21\n pullPolicy:"
},
{
"path": "cli/agent_mgmt.py",
"chars": 36756,
"preview": "#!/usr/bin/env python3\n\"\"\"\nAgent Management Script for MCP Gateway Registry.\n\nThis tool provides CLI commands for managi"
},
{
"path": "cli/agent_mgmt.sh",
"chars": 3735,
"preview": "#!/bin/bash\n\n# DEPRECATED: This script is deprecated in favor of the Registry Management API\n# Use: uv run python api/re"
},
{
"path": "cli/agentcore/__init__.py",
"chars": 256,
"preview": "\"\"\"AgentCore Auto-Registration CLI package.\n\nAutomates discovery and registration of AWS Bedrock AgentCore Gateways\nand "
},
{
"path": "cli/agentcore/__main__.py",
"chars": 106,
"preview": "\"\"\"Allow ``python -m cli.agentcore`` invocation.\"\"\"\n\nimport sys\n\nfrom .sync import main\n\nsys.exit(main())\n"
},
{
"path": "cli/agentcore/discovery.py",
"chars": 6595,
"preview": "\"\"\"AWS AgentCore resource discovery via boto3.\n\nScans AgentCore Gateways and Agent Runtimes using the\n``bedrock-agentcor"
},
{
"path": "cli/agentcore/models.py",
"chars": 8070,
"preview": "\"\"\"Pydantic models and helper functions for AgentCore auto-registration.\n\nContains data models for discovered resources "
},
{
"path": "cli/agentcore/registration.py",
"chars": 26912,
"preview": "\"\"\"Registry integration -- build registrations and orchestrate sync.\n\nContains ``RegistrationBuilder`` (maps discovered "
},
{
"path": "cli/agentcore/sync.py",
"chars": 15151,
"preview": "\"\"\"CLI entry point for AgentCore auto-registration.\n\nProvides ``sync`` and ``list`` subcommands via argparse.\n\nUsage::\n\n"
},
{
"path": "cli/agentcore/token_refresher.py",
"chars": 20418,
"preview": "\"\"\"Token refresher for AgentCore CUSTOM_JWT gateways.\n\nReads token_refresh_manifest.json (produced by ``cli.agentcore sy"
},
{
"path": "cli/anthropic_transformer.py",
"chars": 7385,
"preview": "#!/usr/bin/env python3\n\"\"\"Transform Anthropic MCP Registry server format to Gateway Registry format.\n\nThis module provid"
},
{
"path": "cli/bin/registry.js",
"chars": 461,
"preview": "#!/usr/bin/env node\n\nimport { spawn } from 'child_process';\nimport { fileURLToPath } from 'url';\nimport { dirname, join "
},
{
"path": "cli/bootstrap_user_and_m2m_setup.sh",
"chars": 11330,
"preview": "#!/bin/bash\n# Bootstrap script for setting up LOB users and M2M service accounts\n# Creates registry-users-lob1 and regis"
},
{
"path": "cli/examples/README.md",
"chars": 8992,
"preview": "# Agent Management Examples\n\nThis directory contains example JSON files for registering A2A agents using the agent manag"
},
{
"path": "cli/examples/airegistry.json",
"chars": 598,
"preview": "{\n \"server_name\": \"AI Registry tools\",\n \"description\": \"Provides tools to discover and list servers, agents, and skill"
},
{
"path": "cli/examples/aws-kb-server.json",
"chars": 765,
"preview": "{\n \"server_name\": \"AWS kb\",\n \"description\": \"A fully managed remote MCP server that provides up-to-date documentation,"
},
{
"path": "cli/examples/cloudflare-docs-server-config.json",
"chars": 607,
"preview": "{\n \"server_name\": \"Cloudflare Documentation MCP Server\",\n \"description\": \"Search Cloudflare documentation and get migr"
},
{
"path": "cli/examples/code_reviewer_agent.json",
"chars": 2492,
"preview": "{\n \"protocolVersion\": \"1.0\",\n \"name\": \"Code Reviewer Agent\",\n \"description\": \"Comprehensive code review agent that an"
},
{
"path": "cli/examples/complete-agent-example.json",
"chars": 853,
"preview": "{\n \"protocolVersion\": \"0.3.0\",\n \"name\": \"Complete Agent Example\",\n \"description\": \"Example showing all available agen"
},
{
"path": "cli/examples/complete-server-example.json",
"chars": 788,
"preview": "{\n \"server_name\": \"Complete Server Example\",\n \"description\": \"Example showing all available server configuration field"
},
{
"path": "cli/examples/context7-server-config.json",
"chars": 351,
"preview": "{\n \"server_name\": \"Context7 MCP Server\",\n \"description\": \"Up-to-date Docs for LLMs and AI code editors\",\n \"path\": \"/c"
},
{
"path": "cli/examples/context7-v2-server-config.json",
"chars": 393,
"preview": "{\n \"server_name\": \"Context7 MCP Server\",\n \"description\": \"Up-to-date Docs for LLMs and AI code editors (Version 2 - Be"
},
{
"path": "cli/examples/currenttime-users.json",
"chars": 1004,
"preview": "{\n \"scope_name\": \"currenttime-users\",\n \"description\": \"Users with access to currenttime server\",\n \"server_access\": [\n"
},
{
"path": "cli/examples/currenttime-v2.json",
"chars": 691,
"preview": "{\n \"server_name\": \"Current Time API\",\n \"description\": \"A simple API that returns the current server time in various fo"
},
{
"path": "cli/examples/currenttime.json",
"chars": 386,
"preview": "{\n \"server_name\": \"Current Time API\",\n \"description\": \"A simple API that returns the current server time in various fo"
},
{
"path": "cli/examples/data_analysis_agent.json",
"chars": 6455,
"preview": "{\n \"protocol_version\": \"1.0\",\n \"name\": \"Data Analysis Agent\",\n \"description\": \"Advanced data analysis agent for stati"
},
{
"path": "cli/examples/devops_deployment_agent.json",
"chars": 8106,
"preview": "{\n \"protocol_version\": \"1.0\",\n \"name\": \"DevOps Deployment Agent\",\n \"description\": \"DevOps automation agent for infras"
},
{
"path": "cli/examples/documentation_agent.json",
"chars": 6241,
"preview": "{\n \"protocol_version\": \"1.0\",\n \"name\": \"Documentation Agent\",\n \"description\": \"Intelligent documentation agent that g"
},
{
"path": "cli/examples/federation-config-agentcore-example.json",
"chars": 946,
"preview": "{\n\"anthropic\": {\n \"enabled\": true,\n \"endpoint\": \"https://registry.modelcontextprotocol.io\",\n \"sync_on_startup\":"
},
{
"path": "cli/examples/federation-config-example.json",
"chars": 559,
"preview": "{\n \"anthropic\": {\n \"enabled\": true,\n \"endpoint\": \"https://registry.modelcontextprotocol.io\",\n \"sync_on_startup"
},
{
"path": "cli/examples/flight_booking_agent_card.json",
"chars": 1658,
"preview": "{\n \"protocolVersion\": \"0.3.0\",\n \"supportedProtocol\": \"a2a\",\n \"name\": \"Flight Booking Agent\",\n \"description\": \"Flight"
},
{
"path": "cli/examples/flight_booking_agent_ecs.json",
"chars": 1664,
"preview": "{\n \"protocolVersion\": \"0.3.0\",\n \"name\": \"Flight Booking Agent\",\n \"description\": \"Flight booking and reservation manag"
},
{
"path": "cli/examples/geospatial_route_planner_agent.json",
"chars": 3389,
"preview": "{\n \"protocolVersion\": \"0.2.9\",\n \"name\": \"GeoSpatial Route Planner Agent\",\n \"description\": \"Provides advanced route pl"
},
{
"path": "cli/examples/invalid-config.json",
"chars": 120,
"preview": "{\n \"server_name\": \"Invalid Server\",\n \"description\": \"Missing required fields\",\n \"proxy_pass_url\": \"not-a-valid-url\"\n}"
},
{
"path": "cli/examples/jewel_homes_support_agent_card.json",
"chars": 1262,
"preview": "{\n \"name\": \"Jewel Homes Support Agent\",\n \"description\": \"AI customer support agent for Jewel Homes: answers questions "
},
{
"path": "cli/examples/minimal-server-config.json",
"chars": 286,
"preview": "{\n \"server_name\": \"Minimal MCP Server\",\n \"description\": \"A minimal server configuration with only required fields\",\n "
},
{
"path": "cli/examples/peer-registry-lob-1.json.example",
"chars": 239,
"preview": "{\n \"peer_id\": \"peer-registry-lob-1\",\n \"name\": \"LOB-1 Peer Registry\",\n \"endpoint\": \"https://mcpregistry.ddns.net\",\n \""
},
{
"path": "cli/examples/public-mcp-users.json",
"chars": 2222,
"preview": "{\n \"scope_name\": \"public-mcp-users\",\n \"description\": \"Users with access to public MCP servers (context7, cloudflare-do"
},
{
"path": "cli/examples/realserverfaketools.json",
"chars": 11013,
"preview": "{\n \"server_name\": \"Real Server Fake Tools\",\n \"description\": \"A collection of fake tools with interesting names that ta"
},
{
"path": "cli/examples/security_analyzer_agent.json",
"chars": 6131,
"preview": "{\n \"protocol_version\": \"1.0\",\n \"name\": \"Security Analyzer Agent\",\n \"description\": \"Comprehensive security analysis ag"
},
{
"path": "cli/examples/server-config.json",
"chars": 271,
"preview": "{\n \"server_name\": \"Example MCP Server\",\n \"description\": \"An example MCP server configuration for the CLI tool\",\n \"pat"
},
{
"path": "cli/examples/test-peer-config.json",
"chars": 292,
"preview": "{\n \"peer_id\": \"test-peer-registry-1\",\n \"name\": \"Test Peer Registry 1\",\n \"endpoint\": \"https://peer1.registry.example.c"
},
{
"path": "cli/examples/test-timing-server.json",
"chars": 284,
"preview": "{\n \"server_name\": \"Test Timing Server\",\n \"description\": \"Test server to verify timing optimizations\",\n \"path\": \"/test"
},
{
"path": "cli/examples/test_automation_agent.json",
"chars": 4743,
"preview": "{\n \"protocol_version\": \"1.0\",\n \"name\": \"Test Automation Agent\",\n \"description\": \"Intelligent test automation agent th"
},
{
"path": "cli/examples/test_code_reviewer_agent.json",
"chars": 448,
"preview": "{\n \"name\": \"Test Code Reviewer Agent\",\n \"path\": \"/test-reviewer\",\n \"description\": \"A test A2A agent for code review a"
},
{
"path": "cli/examples/tourist_guide_agent_card.json",
"chars": 922,
"preview": "{\n \"name\": \"AI Tourist Guide\",\n \"description\": \"AI tourist guide - destination + duration + interests to day-by-day it"
},
{
"path": "cli/examples/travel_assistant_agent_card.json",
"chars": 1341,
"preview": "{\n \"capabilities\": {\n \"streaming\": true\n },\n \"defaultInputModes\": [\n \"text\"\n ],\n \"defaultOutputModes\": [\n "
},
{
"path": "cli/examples/travel_assistant_agent_ecs.json",
"chars": 1729,
"preview": "{\n \"protocolVersion\": \"0.3.0\",\n \"name\": \"Travel Assistant Agent\",\n \"description\": \"Intelligent travel planning and as"
},
{
"path": "cli/examples/virtual-server-combined-example.json",
"chars": 808,
"preview": "{\n \"path\": \"/virtual/combined-tools\",\n \"server_name\": \"Combined Context7 and CurrentTime Tools\",\n \"description\": \"Vir"
},
{
"path": "cli/examples/virtual-server-scoped-example.json",
"chars": 862,
"preview": "{\n \"path\": \"/virtual/scoped-tools\",\n \"server_name\": \"Scoped Documentation and Time Tools\",\n \"description\": \"Virtual s"
},
{
"path": "cli/examples/virtual-server-scoped-users.json",
"chars": 619,
"preview": "{\n \"scope_name\": \"virtual-scoped-tools-users\",\n \"description\": \"Users with access to the scoped virtual server combini"
},
{
"path": "cli/examples/working_agent.json",
"chars": 2392,
"preview": "{\n \"protocol_version\": \"1.0\",\n \"name\": \"Flight Booking Agent\",\n \"description\": \"Flight booking and reservation manage"
},
{
"path": "cli/get_user_token.py",
"chars": 9620,
"preview": "#!/usr/bin/env python3\n\"\"\"\nCLI tool to authenticate users and obtain access tokens for programmatic API access.\n\nThis sc"
},
{
"path": "cli/import_from_anthropic_registry.sh",
"chars": 9230,
"preview": "#!/bin/bash\n#\n# Import MCP servers from Anthropic Registry\n#\n# This script fetches server definitions from the Anthropic"
},
{
"path": "cli/import_server_list.txt",
"chars": 824,
"preview": "# MCP Servers to Import from Anthropic Registry\n# One server name per line, comments start with #\n#\n# Curated list of po"
},
{
"path": "cli/mcp_client.py",
"chars": 10812,
"preview": "#!/usr/bin/env python3\n\"\"\"\nSimple MCP Client using shared MCP utilities\n\nThis client uses the shared mcp_utils module wh"
}
]
// ... and 881 more files (download for full content)
About this extraction
This page contains the full source code of the agentic-community/mcp-gateway-registry GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 1081 files (13.6 MB), approximately 3.6M tokens, and a symbol index with 8438 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.