diff --git a/client-sdks/stainless/openapi.yml b/client-sdks/stainless/openapi.yml index 27fe184e6..2a03104e3 100644 --- a/client-sdks/stainless/openapi.yml +++ b/client-sdks/stainless/openapi.yml @@ -7656,7 +7656,7 @@ components: title: ResponseGuardrailSpec description: >- Specification for a guardrail to apply during response generation. - MCPAuthentication: + MCPAuthorization: type: object properties: type: @@ -7666,19 +7666,19 @@ components: - basic - api_key description: >- - Authentication type ("bearer", "basic", or "api_key") + Authorization type ("bearer", "basic", or "api_key") token: type: string - description: Bearer token for bearer authentication + description: Bearer token for bearer authorization username: type: string - description: Username for basic authentication + description: Username for basic authorization password: type: string - description: Password for basic authentication + description: Password for basic authorization api_key: type: string - description: API key for api_key authentication + description: API key for api_key authorization header_name: type: string default: X-API-Key @@ -7688,9 +7688,9 @@ components: required: - type - header_name - title: MCPAuthentication + title: MCPAuthorization description: >- - Authentication configuration for MCP servers. + Authorization configuration for MCP servers. OpenAIResponseInputTool: oneOf: - $ref: '#/components/schemas/OpenAIResponseInputToolWebSearch' @@ -7730,10 +7730,10 @@ components: - type: object description: >- (Optional) HTTP headers to include when connecting to the server - authentication: - $ref: '#/components/schemas/MCPAuthentication' + authorization: + $ref: '#/components/schemas/MCPAuthorization' description: >- - (Optional) Authentication configuration for the MCP server + (Optional) Authorization configuration for the MCP server require_approval: oneOf: - type: string diff --git a/docs/static/deprecated-llama-stack-spec.yaml b/docs/static/deprecated-llama-stack-spec.yaml index 51f6e7ecb..4f3d4bc93 100644 --- a/docs/static/deprecated-llama-stack-spec.yaml +++ b/docs/static/deprecated-llama-stack-spec.yaml @@ -7711,7 +7711,7 @@ components: title: ResponseGuardrailSpec description: >- Specification for a guardrail to apply during response generation. - MCPAuthentication: + MCPAuthorization: type: object properties: type: @@ -7721,19 +7721,19 @@ components: - basic - api_key description: >- - Authentication type ("bearer", "basic", or "api_key") + Authorization type ("bearer", "basic", or "api_key") token: type: string - description: Bearer token for bearer authentication + description: Bearer token for bearer authorization username: type: string - description: Username for basic authentication + description: Username for basic authorization password: type: string - description: Password for basic authentication + description: Password for basic authorization api_key: type: string - description: API key for api_key authentication + description: API key for api_key authorization header_name: type: string default: X-API-Key @@ -7743,9 +7743,9 @@ components: required: - type - header_name - title: MCPAuthentication + title: MCPAuthorization description: >- - Authentication configuration for MCP servers. + Authorization configuration for MCP servers. OpenAIResponseInputTool: oneOf: - $ref: '#/components/schemas/OpenAIResponseInputToolWebSearch' @@ -7785,10 +7785,10 @@ components: - type: object description: >- (Optional) HTTP headers to include when connecting to the server - authentication: - $ref: '#/components/schemas/MCPAuthentication' + authorization: + $ref: '#/components/schemas/MCPAuthorization' description: >- - (Optional) Authentication configuration for the MCP server + (Optional) Authorization configuration for the MCP server require_approval: oneOf: - type: string diff --git a/docs/static/llama-stack-spec.yaml b/docs/static/llama-stack-spec.yaml index dc9178af4..8b0256974 100644 --- a/docs/static/llama-stack-spec.yaml +++ b/docs/static/llama-stack-spec.yaml @@ -6443,7 +6443,7 @@ components: title: ResponseGuardrailSpec description: >- Specification for a guardrail to apply during response generation. - MCPAuthentication: + MCPAuthorization: type: object properties: type: @@ -6453,19 +6453,19 @@ components: - basic - api_key description: >- - Authentication type ("bearer", "basic", or "api_key") + Authorization type ("bearer", "basic", or "api_key") token: type: string - description: Bearer token for bearer authentication + description: Bearer token for bearer authorization username: type: string - description: Username for basic authentication + description: Username for basic authorization password: type: string - description: Password for basic authentication + description: Password for basic authorization api_key: type: string - description: API key for api_key authentication + description: API key for api_key authorization header_name: type: string default: X-API-Key @@ -6475,9 +6475,9 @@ components: required: - type - header_name - title: MCPAuthentication + title: MCPAuthorization description: >- - Authentication configuration for MCP servers. + Authorization configuration for MCP servers. OpenAIResponseInputTool: oneOf: - $ref: '#/components/schemas/OpenAIResponseInputToolWebSearch' @@ -6517,10 +6517,10 @@ components: - type: object description: >- (Optional) HTTP headers to include when connecting to the server - authentication: - $ref: '#/components/schemas/MCPAuthentication' + authorization: + $ref: '#/components/schemas/MCPAuthorization' description: >- - (Optional) Authentication configuration for the MCP server + (Optional) Authorization configuration for the MCP server require_approval: oneOf: - type: string diff --git a/docs/static/stainless-llama-stack-spec.yaml b/docs/static/stainless-llama-stack-spec.yaml index 27fe184e6..2a03104e3 100644 --- a/docs/static/stainless-llama-stack-spec.yaml +++ b/docs/static/stainless-llama-stack-spec.yaml @@ -7656,7 +7656,7 @@ components: title: ResponseGuardrailSpec description: >- Specification for a guardrail to apply during response generation. - MCPAuthentication: + MCPAuthorization: type: object properties: type: @@ -7666,19 +7666,19 @@ components: - basic - api_key description: >- - Authentication type ("bearer", "basic", or "api_key") + Authorization type ("bearer", "basic", or "api_key") token: type: string - description: Bearer token for bearer authentication + description: Bearer token for bearer authorization username: type: string - description: Username for basic authentication + description: Username for basic authorization password: type: string - description: Password for basic authentication + description: Password for basic authorization api_key: type: string - description: API key for api_key authentication + description: API key for api_key authorization header_name: type: string default: X-API-Key @@ -7688,9 +7688,9 @@ components: required: - type - header_name - title: MCPAuthentication + title: MCPAuthorization description: >- - Authentication configuration for MCP servers. + Authorization configuration for MCP servers. OpenAIResponseInputTool: oneOf: - $ref: '#/components/schemas/OpenAIResponseInputToolWebSearch' @@ -7730,10 +7730,10 @@ components: - type: object description: >- (Optional) HTTP headers to include when connecting to the server - authentication: - $ref: '#/components/schemas/MCPAuthentication' + authorization: + $ref: '#/components/schemas/MCPAuthorization' description: >- - (Optional) Authentication configuration for the MCP server + (Optional) Authorization configuration for the MCP server require_approval: oneOf: - type: string diff --git a/src/llama_stack/apis/agents/openai_responses.py b/src/llama_stack/apis/agents/openai_responses.py index b67b1d589..705f57152 100644 --- a/src/llama_stack/apis/agents/openai_responses.py +++ b/src/llama_stack/apis/agents/openai_responses.py @@ -403,7 +403,11 @@ class OpenAIResponseText(BaseModel): # Must match type Literals of OpenAIResponseInputToolWebSearch below -WebSearchToolTypes = ["web_search", "web_search_preview", "web_search_preview_2025_03_11"] +WebSearchToolTypes = [ + "web_search", + "web_search_preview", + "web_search_preview_2025_03_11", +] @json_schema_type @@ -480,14 +484,14 @@ class AllowedToolsFilter(BaseModel): @json_schema_type -class MCPAuthentication(BaseModel): - """Authentication configuration for MCP servers. +class MCPAuthorization(BaseModel): + """Authorization configuration for MCP servers. - :param type: Authentication type ("bearer", "basic", or "api_key") - :param token: Bearer token for bearer authentication - :param username: Username for basic authentication - :param password: Password for basic authentication - :param api_key: API key for api_key authentication + :param type: Authorization type ("bearer", "basic", or "api_key") + :param token: Bearer token for bearer authorization + :param username: Username for basic authorization + :param password: Password for basic authorization + :param api_key: API key for api_key authorization :param header_name: Custom header name for API key (default: "X-API-Key") """ @@ -507,7 +511,7 @@ class OpenAIResponseInputToolMCP(BaseModel): :param server_label: Label to identify this MCP server :param server_url: URL endpoint of the MCP server :param headers: (Optional) HTTP headers to include when connecting to the server - :param authentication: (Optional) Authentication configuration for the MCP server + :param authorization: (Optional) Authorization configuration for the MCP server :param require_approval: Approval requirement for tool calls ("always", "never", or filter) :param allowed_tools: (Optional) Restriction on which tools can be used from this server """ @@ -516,7 +520,7 @@ class OpenAIResponseInputToolMCP(BaseModel): server_label: str server_url: str headers: dict[str, Any] | None = None - authentication: MCPAuthentication | None = None + authorization: MCPAuthorization | None = None require_approval: Literal["always"] | Literal["never"] | ApprovalFilter = "never" allowed_tools: list[str] | AllowedToolsFilter | None = None diff --git a/tests/integration/responses/test_mcp_authentication.py b/tests/integration/responses/test_mcp_authentication.py index 374e61ec7..bf095ed3c 100644 --- a/tests/integration/responses/test_mcp_authentication.py +++ b/tests/integration/responses/test_mcp_authentication.py @@ -16,12 +16,12 @@ from .helpers import setup_mcp_tools # Skip these tests in replay mode until recordings are generated pytestmark = pytest.mark.skipif( os.environ.get("LLAMA_STACK_TEST_INFERENCE_MODE") == "replay", - reason="No recordings yet for authentication tests. Run with --inference-mode=record-if-missing to generate.", + reason="No recordings yet for authorization tests. Run with --inference-mode=record-if-missing to generate.", ) -def test_mcp_authentication_bearer(compat_client, text_model_id): - """Test that bearer authentication is correctly applied to MCP requests.""" +def test_mcp_authorization_bearer(compat_client, text_model_id): + """Test that bearer authorization is correctly applied to MCP requests.""" if not isinstance(compat_client, LlamaStackAsLibraryClient): pytest.skip("in-process MCP server is only supported in library client") @@ -33,7 +33,7 @@ def test_mcp_authentication_bearer(compat_client, text_model_id): "type": "mcp", "server_label": "auth-mcp", "server_url": "", - "authentication": { + "authorization": { "type": "bearer", "token": test_token, }, @@ -42,7 +42,7 @@ def test_mcp_authentication_bearer(compat_client, text_model_id): mcp_server_info, ) - # Create response - authentication should be applied + # Create response - authorization should be applied response = compat_client.responses.create( model=text_model_id, input="What is the boiling point of myawesomeliquid?", @@ -60,8 +60,8 @@ def test_mcp_authentication_bearer(compat_client, text_model_id): assert response.output[1].error is None -def test_mcp_authentication_different_token(compat_client, text_model_id): - """Test authentication with a different bearer token.""" +def test_mcp_authorization_different_token(compat_client, text_model_id): + """Test authorization with a different bearer token.""" if not isinstance(compat_client, LlamaStackAsLibraryClient): pytest.skip("in-process MCP server is only supported in library client") @@ -73,7 +73,7 @@ def test_mcp_authentication_different_token(compat_client, text_model_id): "type": "mcp", "server_label": "auth2-mcp", "server_url": "", - "authentication": { + "authorization": { "type": "bearer", "token": test_token, }, @@ -82,7 +82,7 @@ def test_mcp_authentication_different_token(compat_client, text_model_id): mcp_server_info, ) - # Create response - authentication should be applied + # Create response - authorization should be applied response = compat_client.responses.create( model=text_model_id, input="What is the boiling point of myawesomeliquid?", @@ -97,8 +97,8 @@ def test_mcp_authentication_different_token(compat_client, text_model_id): assert response.output[1].error is None -def test_mcp_authentication_fallback_to_headers(compat_client, text_model_id): - """Test that authentication parameter doesn't override existing headers.""" +def test_mcp_authorization_fallback_to_headers(compat_client, text_model_id): + """Test that authorization parameter doesn't override existing headers.""" if not isinstance(compat_client, LlamaStackAsLibraryClient): pytest.skip("in-process MCP server is only supported in library client") @@ -112,7 +112,7 @@ def test_mcp_authentication_fallback_to_headers(compat_client, text_model_id): "server_label": "headers-mcp", "server_url": "", "headers": {"Authorization": f"Bearer {test_token}"}, - "authentication": { + "authorization": { "type": "bearer", "token": "should-not-override", }, @@ -136,19 +136,25 @@ def test_mcp_authentication_fallback_to_headers(compat_client, text_model_id): assert response.output[1].error is None -def test_mcp_authentication_backward_compatibility(compat_client, text_model_id): - """Test that MCP tools work without authentication (backward compatibility).""" +def test_mcp_authorization_backward_compatibility(compat_client, text_model_id): + """Test that MCP tools work without authorization (backward compatibility).""" if not isinstance(compat_client, LlamaStackAsLibraryClient): pytest.skip("in-process MCP server is only supported in library client") - # No authentication required + # No authorization required with make_mcp_server(required_auth_token=None) as mcp_server_info: tools = setup_mcp_tools( - [{"type": "mcp", "server_label": "noauth-mcp", "server_url": ""}], + [ + { + "type": "mcp", + "server_label": "noauth-mcp", + "server_url": "", + } + ], mcp_server_info, ) - # Create response without authentication + # Create response without authorization response = compat_client.responses.create( model=text_model_id, input="What is the boiling point of myawesomeliquid?",