Skip to content

Commit 12af7bf

Browse files
aidandaly24aidandaly24
committed
refactor: use mcp-proxy-for-aws for gateway auth, remove AutoGen gateway support
Replace custom SigV4HTTPXAuth class with official mcp-proxy-for-aws package: - Strands: aws_iam_streamablehttp_client factory pattern - LangChain: SigV4HTTPXAuth via auth param in MultiServerMCPClient config - OpenAI Agents: SigV4HTTPXAuth via httpx_client_factory param - Google ADK: SigV4HTTPXAuth via httpx_client_factory in StreamableHTTPConnectionParams Revert AutoGen to original upstream — SDK doesn't support custom httpx auth (no httpx_client_factory param).
1 parent d9b90be commit 12af7bf

File tree

11 files changed

+77
-233
lines changed

11 files changed

+77
-233
lines changed

src/assets/__tests__/__snapshots__/assets.snapshot.test.ts.snap

Lines changed: 39 additions & 117 deletions
Original file line numberDiff line numberDiff line change
@@ -918,11 +918,7 @@ from autogen_agentchat.agents import AssistantAgent
918918
from autogen_core.tools import FunctionTool
919919
from bedrock_agentcore.runtime import BedrockAgentCoreApp
920920
from model.load import load_model
921-
{{#if hasGateway}}
922-
from mcp_client.client import get_all_gateway_mcp_tools
923-
{{else}}
924921
from mcp_client.client import get_streamable_http_mcp_tools
925-
{{/if}}
926922
927923
app = BedrockAgentCoreApp()
928924
log = app.logger
@@ -947,13 +943,7 @@ async def invoke(payload, context):
947943
log.info("Invoking Agent.....")
948944
949945
# Get MCP Tools
950-
{{#if hasGateway}}
951-
mcp_tools = await get_all_gateway_mcp_tools()
952-
{{else}}
953946
mcp_tools = await get_streamable_http_mcp_tools()
954-
{{/if}}
955-
if mcp_tools is None:
956-
mcp_tools = []
957947
958948
# Define an AssistantAgent with the model and tools
959949
agent = AssistantAgent(
@@ -984,41 +974,24 @@ exports[`Assets Directory Snapshots > Python framework assets > python/python/au
984974
`;
985975
986976
exports[`Assets Directory Snapshots > Python framework assets > python/python/autogen/base/mcp_client/client.py should match snapshot 1`] = `
987-
"import os
988-
import logging
989-
from typing import List
977+
"from typing import List
990978
from autogen_ext.tools.mcp import (
991979
StreamableHttpMcpToolAdapter,
992980
StreamableHttpServerParams,
993981
mcp_server_tools,
994982
)
995983
996-
logger = logging.getLogger(__name__)
997-
998-
{{#if hasGateway}}
999-
async def get_all_gateway_mcp_tools() -> List[StreamableHttpMcpToolAdapter]:
1000-
"""Returns MCP Tools from all configured gateways."""
1001-
tools = []
1002-
{{#each gatewayProviders}}
1003-
url = os.environ.get("{{envVarName}}")
1004-
if url:
1005-
server_params = StreamableHttpServerParams(url=url)
1006-
tools.extend(await mcp_server_tools(server_params))
1007-
else:
1008-
logger.warning("{{envVarName}} not set — {{name}} gateway tools unavailable")
1009-
{{/each}}
1010-
return tools
1011-
{{else}}
1012984
# ExaAI provides information about code through web searches, crawling and code context searches through their platform. Requires no authentication
1013985
EXAMPLE_MCP_ENDPOINT = "https://mcp.exa.ai/mcp"
1014986
1015987
1016988
async def get_streamable_http_mcp_tools() -> List[StreamableHttpMcpToolAdapter]:
1017-
"""Returns MCP Tools compatible with AutoGen."""
989+
"""
990+
Returns MCP Tools compatible with AutoGen.
991+
"""
1018992
# to use an MCP server that supports bearer authentication, add headers={"Authorization": f"Bearer {access_token}"}
1019993
server_params = StreamableHttpServerParams(url=EXAMPLE_MCP_ENDPOINT)
1020994
return await mcp_server_tools(server_params)
1021-
{{/if}}
1022995
"
1023996
`;
1024997
@@ -1735,13 +1708,27 @@ from google.adk.tools.mcp_tool.mcp_session_manager import StreamableHTTPConnecti
17351708
logger = logging.getLogger(__name__)
17361709
17371710
{{#if hasGateway}}
1711+
{{#if (includes gatewayAuthTypes "AWS_IAM")}}
1712+
import httpx
1713+
from mcp_proxy_for_aws.sigv4_helper import SigV4HTTPXAuth, create_aws_session
1714+
{{/if}}
1715+
17381716
def get_all_gateway_mcp_toolsets() -> list[MCPToolset]:
17391717
"""Returns MCP Toolsets for all configured gateways."""
17401718
toolsets = []
17411719
{{#each gatewayProviders}}
17421720
url = os.environ.get("{{envVarName}}")
17431721
if url:
1722+
{{#if (eq authType "AWS_IAM")}}
1723+
session = create_aws_session()
1724+
auth = SigV4HTTPXAuth(session.get_credentials(), "bedrock-agentcore", session.region_name)
1725+
toolsets.append(MCPToolset(connection_params=StreamableHTTPConnectionParams(
1726+
url=url,
1727+
httpx_client_factory=lambda **kwargs: httpx.AsyncClient(auth=auth, **kwargs)
1728+
)))
1729+
{{else}}
17441730
toolsets.append(MCPToolset(connection_params=StreamableHTTPConnectionParams(url=url)))
1731+
{{/if}}
17451732
else:
17461733
logger.warning("{{envVarName}} not set — {{name}} gateway tools unavailable")
17471734
{{/each}}
@@ -1828,6 +1815,8 @@ dependencies = [
18281815
"google-adk >= 1.17.0",
18291816
"bedrock-agentcore >= 1.0.3",
18301817
"botocore[crt] >= 1.35.0",
1818+
{{#if hasGateway}}{{#if (includes gatewayAuthTypes "AWS_IAM")}}"mcp-proxy-for-aws >= 1.1.0",
1819+
{{/if}}{{/if}}
18311820
]
18321821
18331822
[tool.hatch.build.targets.wheel]
@@ -2007,44 +1996,19 @@ logger = logging.getLogger(__name__)
20071996
20081997
{{#if hasGateway}}
20091998
{{#if (includes gatewayAuthTypes "AWS_IAM")}}
2010-
import boto3
2011-
import httpx
2012-
from botocore.auth import SigV4Auth
2013-
from botocore.awsrequest import AWSRequest
2014-
2015-
2016-
class SigV4HTTPXAuth(httpx.Auth):
2017-
"""Signs HTTP requests with AWS SigV4 for Lambda function URL authentication."""
2018-
2019-
def __init__(self):
2020-
session = boto3.Session()
2021-
credentials = session.get_credentials().get_frozen_credentials()
2022-
region = session.region_name or os.environ.get("AWS_REGION", "us-east-1")
2023-
self.signer = SigV4Auth(credentials, "lambda", region)
2024-
2025-
def auth_flow(self, request):
2026-
headers = dict(request.headers)
2027-
headers.pop("connection", None)
2028-
aws_request = AWSRequest(
2029-
method=request.method,
2030-
url=str(request.url),
2031-
data=request.content,
2032-
headers=headers,
2033-
)
2034-
self.signer.add_auth(aws_request)
2035-
request.headers.update(dict(aws_request.headers))
2036-
yield request
1999+
from mcp_proxy_for_aws.sigv4_helper import SigV4HTTPXAuth, create_aws_session
20372000
{{/if}}
20382001
2039-
20402002
def get_all_gateway_mcp_client() -> MultiServerMCPClient | None:
20412003
"""Returns an MCP Client connected to all configured gateways."""
20422004
servers = {}
20432005
{{#each gatewayProviders}}
20442006
url = os.environ.get("{{envVarName}}")
20452007
if url:
20462008
{{#if (eq authType "AWS_IAM")}}
2047-
servers["{{name}}"] = {"transport": "streamable_http", "url": url, "http_client": httpx.AsyncClient(auth=SigV4HTTPXAuth())}
2009+
session = create_aws_session()
2010+
auth = SigV4HTTPXAuth(session.get_credentials(), "bedrock-agentcore", session.region_name)
2011+
servers["{{name}}"] = {"transport": "streamable_http", "url": url, "auth": auth}
20482012
{{else}}
20492013
servers["{{name}}"] = {"transport": "streamable_http", "url": url}
20502014
{{/if}}
@@ -2239,6 +2203,8 @@ dependencies = [
22392203
{{#if (eq modelProvider "Gemini")}}
22402204
"langchain-google-genai >= 3.0.3",
22412205
{{/if}}
2206+
{{#if hasGateway}}{{#if (includes gatewayAuthTypes "AWS_IAM")}}"mcp-proxy-for-aws >= 1.1.0",
2207+
{{/if}}{{/if}}
22422208
]
22432209
22442210
[tool.hatch.build.targets.wheel]
@@ -2455,44 +2421,23 @@ logger = logging.getLogger(__name__)
24552421
24562422
{{#if hasGateway}}
24572423
{{#if (includes gatewayAuthTypes "AWS_IAM")}}
2458-
import boto3
24592424
import httpx
2460-
from botocore.auth import SigV4Auth
2461-
from botocore.awsrequest import AWSRequest
2462-
2463-
2464-
class SigV4HTTPXAuth(httpx.Auth):
2465-
"""Signs HTTP requests with AWS SigV4 for Lambda function URL authentication."""
2466-
2467-
def __init__(self):
2468-
session = boto3.Session()
2469-
credentials = session.get_credentials().get_frozen_credentials()
2470-
region = session.region_name or os.environ.get("AWS_REGION", "us-east-1")
2471-
self.signer = SigV4Auth(credentials, "lambda", region)
2472-
2473-
def auth_flow(self, request):
2474-
headers = dict(request.headers)
2475-
headers.pop("connection", None)
2476-
aws_request = AWSRequest(
2477-
method=request.method,
2478-
url=str(request.url),
2479-
data=request.content,
2480-
headers=headers,
2481-
)
2482-
self.signer.add_auth(aws_request)
2483-
request.headers.update(dict(aws_request.headers))
2484-
yield request
2425+
from mcp_proxy_for_aws.sigv4_helper import SigV4HTTPXAuth, create_aws_session
24852426
{{/if}}
24862427
2487-
24882428
def get_all_gateway_mcp_servers() -> list[MCPServerStreamableHttp]:
24892429
"""Returns MCP servers for all configured gateways."""
24902430
servers = []
24912431
{{#each gatewayProviders}}
24922432
url = os.environ.get("{{envVarName}}")
24932433
if url:
24942434
{{#if (eq authType "AWS_IAM")}}
2495-
servers.append(MCPServerStreamableHttp(name="{{name}}", params={"url": url, "http_client": httpx.AsyncClient(auth=SigV4HTTPXAuth())}))
2435+
session = create_aws_session()
2436+
auth = SigV4HTTPXAuth(session.get_credentials(), "bedrock-agentcore", session.region_name)
2437+
servers.append(MCPServerStreamableHttp(
2438+
name="{{name}}",
2439+
params={"url": url, "httpx_client_factory": lambda **kwargs: httpx.AsyncClient(auth=auth, **kwargs)}
2440+
))
24962441
{{else}}
24972442
servers.append(MCPServerStreamableHttp(name="{{name}}", params={"url": url}))
24982443
{{/if}}
@@ -2577,6 +2522,8 @@ dependencies = [
25772522
"openai-agents >= 0.4.2",
25782523
"bedrock-agentcore >= 1.0.3",
25792524
"botocore[crt] >= 1.35.0",
2525+
{{#if hasGateway}}{{#if (includes gatewayAuthTypes "AWS_IAM")}}"mcp-proxy-for-aws >= 1.1.0",
2526+
{{/if}}{{/if}}
25802527
]
25812528
25822529
[tool.hatch.build.targets.wheel]
@@ -2786,33 +2733,7 @@ logger = logging.getLogger(__name__)
27862733
27872734
{{#if hasGateway}}
27882735
{{#if (includes gatewayAuthTypes "AWS_IAM")}}
2789-
import boto3
2790-
import httpx
2791-
from botocore.auth import SigV4Auth
2792-
from botocore.awsrequest import AWSRequest
2793-
2794-
2795-
class SigV4HTTPXAuth(httpx.Auth):
2796-
"""Signs HTTP requests with AWS SigV4 for Lambda function URL authentication."""
2797-
2798-
def __init__(self):
2799-
session = boto3.Session()
2800-
credentials = session.get_credentials().get_frozen_credentials()
2801-
region = session.region_name or os.environ.get("AWS_REGION", "us-east-1")
2802-
self.signer = SigV4Auth(credentials, "lambda", region)
2803-
2804-
def auth_flow(self, request):
2805-
headers = dict(request.headers)
2806-
headers.pop("connection", None)
2807-
aws_request = AWSRequest(
2808-
method=request.method,
2809-
url=str(request.url),
2810-
data=request.content,
2811-
headers=headers,
2812-
)
2813-
self.signer.add_auth(aws_request)
2814-
request.headers.update(dict(aws_request.headers))
2815-
yield request
2736+
from mcp_proxy_for_aws.client import aws_iam_streamablehttp_client
28162737
{{/if}}
28172738
28182739
{{#each gatewayProviders}}
@@ -2823,8 +2744,7 @@ def get_{{snakeCase name}}_mcp_client() -> MCPClient | None:
28232744
logger.warning("{{envVarName}} not set — {{name}} gateway tools unavailable")
28242745
return None
28252746
{{#if (eq authType "AWS_IAM")}}
2826-
http_client = httpx.AsyncClient(auth=SigV4HTTPXAuth())
2827-
return MCPClient(lambda: streamablehttp_client(url, http_client=http_client))
2747+
return MCPClient(lambda: aws_iam_streamablehttp_client(url, aws_service="bedrock-agentcore"))
28282748
{{else}}
28292749
return MCPClient(lambda: streamablehttp_client(url))
28302750
{{/if}}
@@ -3003,6 +2923,8 @@ dependencies = [
30032923
{{/if}}"mcp >= 1.19.0",
30042924
{{#if (eq modelProvider "OpenAI")}}"openai >= 1.0.0",
30052925
{{/if}}"strands-agents >= 1.13.0",
2926+
{{#if hasGateway}}{{#if (includes gatewayAuthTypes "AWS_IAM")}}"mcp-proxy-for-aws >= 1.1.0",
2927+
{{/if}}{{/if}}
30062928
]
30072929
30082930
[tool.hatch.build.targets.wheel]

src/assets/python/autogen/base/main.py

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,7 @@
33
from autogen_core.tools import FunctionTool
44
from bedrock_agentcore.runtime import BedrockAgentCoreApp
55
from model.load import load_model
6-
{{#if hasGateway}}
7-
from mcp_client.client import get_all_gateway_mcp_tools
8-
{{else}}
96
from mcp_client.client import get_streamable_http_mcp_tools
10-
{{/if}}
117

128
app = BedrockAgentCoreApp()
139
log = app.logger
@@ -32,13 +28,7 @@ async def invoke(payload, context):
3228
log.info("Invoking Agent.....")
3329

3430
# Get MCP Tools
35-
{{#if hasGateway}}
36-
mcp_tools = await get_all_gateway_mcp_tools()
37-
{{else}}
3831
mcp_tools = await get_streamable_http_mcp_tools()
39-
{{/if}}
40-
if mcp_tools is None:
41-
mcp_tools = []
4232

4333
# Define an AssistantAgent with the model and tools
4434
agent = AssistantAgent(

src/assets/python/autogen/base/mcp_client/client.py

Lines changed: 3 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -1,35 +1,18 @@
1-
import os
2-
import logging
31
from typing import List
42
from autogen_ext.tools.mcp import (
53
StreamableHttpMcpToolAdapter,
64
StreamableHttpServerParams,
75
mcp_server_tools,
86
)
97

10-
logger = logging.getLogger(__name__)
11-
12-
{{#if hasGateway}}
13-
async def get_all_gateway_mcp_tools() -> List[StreamableHttpMcpToolAdapter]:
14-
"""Returns MCP Tools from all configured gateways."""
15-
tools = []
16-
{{#each gatewayProviders}}
17-
url = os.environ.get("{{envVarName}}")
18-
if url:
19-
server_params = StreamableHttpServerParams(url=url)
20-
tools.extend(await mcp_server_tools(server_params))
21-
else:
22-
logger.warning("{{envVarName}} not set — {{name}} gateway tools unavailable")
23-
{{/each}}
24-
return tools
25-
{{else}}
268
# ExaAI provides information about code through web searches, crawling and code context searches through their platform. Requires no authentication
279
EXAMPLE_MCP_ENDPOINT = "https://mcp.exa.ai/mcp"
2810

2911

3012
async def get_streamable_http_mcp_tools() -> List[StreamableHttpMcpToolAdapter]:
31-
"""Returns MCP Tools compatible with AutoGen."""
13+
"""
14+
Returns MCP Tools compatible with AutoGen.
15+
"""
3216
# to use an MCP server that supports bearer authentication, add headers={"Authorization": f"Bearer {access_token}"}
3317
server_params = StreamableHttpServerParams(url=EXAMPLE_MCP_ENDPOINT)
3418
return await mcp_server_tools(server_params)
35-
{{/if}}

src/assets/python/googleadk/base/mcp_client/client.py

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,13 +6,27 @@
66
logger = logging.getLogger(__name__)
77

88
{{#if hasGateway}}
9+
{{#if (includes gatewayAuthTypes "AWS_IAM")}}
10+
import httpx
11+
from mcp_proxy_for_aws.sigv4_helper import SigV4HTTPXAuth, create_aws_session
12+
{{/if}}
13+
914
def get_all_gateway_mcp_toolsets() -> list[MCPToolset]:
1015
"""Returns MCP Toolsets for all configured gateways."""
1116
toolsets = []
1217
{{#each gatewayProviders}}
1318
url = os.environ.get("{{envVarName}}")
1419
if url:
20+
{{#if (eq authType "AWS_IAM")}}
21+
session = create_aws_session()
22+
auth = SigV4HTTPXAuth(session.get_credentials(), "bedrock-agentcore", session.region_name)
23+
toolsets.append(MCPToolset(connection_params=StreamableHTTPConnectionParams(
24+
url=url,
25+
httpx_client_factory=lambda **kwargs: httpx.AsyncClient(auth=auth, **kwargs)
26+
)))
27+
{{else}}
1528
toolsets.append(MCPToolset(connection_params=StreamableHTTPConnectionParams(url=url)))
29+
{{/if}}
1630
else:
1731
logger.warning("{{envVarName}} not set — {{name}} gateway tools unavailable")
1832
{{/each}}

src/assets/python/googleadk/base/pyproject.toml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,8 @@ dependencies = [
1414
"google-adk >= 1.17.0",
1515
"bedrock-agentcore >= 1.0.3",
1616
"botocore[crt] >= 1.35.0",
17+
{{#if hasGateway}}{{#if (includes gatewayAuthTypes "AWS_IAM")}}"mcp-proxy-for-aws >= 1.1.0",
18+
{{/if}}{{/if}}
1719
]
1820

1921
[tool.hatch.build.targets.wheel]

0 commit comments

Comments
 (0)