phoenix-oss/llama-stack-mirror
0
0
Fork 1
mirror of https://github.com/meta-llama/llama-stack.git synced 2025-12-03 09:53:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Removed the MCPAuthorization class relying on bearer token

Browse source
This commit is contained in:
Omar Abdelwahab 2025-11-03 19:57:58 -08:00
parent 376f0fcd23
commit 9dbeeaca97
7 changed files with 24 additions and 216 deletions
Download patch file Download diff file Expand all files Collapse all files

39
client-sdks/stainless/openapi.yml
View file

@ -7656,41 +7656,6 @@ components:
title: ResponseGuardrailSpec title: ResponseGuardrailSpec
description: >- description: >-
Specification for a guardrail to apply during response generation. Specification for a guardrail to apply during response generation.
MCPAuthorization:
type: object
properties:
type:
type: string
enum:
- bearer
- basic
- api_key
description: >-
Authorization type ("bearer", "basic", or "api_key")
token:
type: string
description: Bearer token for bearer authorization
username:
type: string
description: Username for basic authorization
password:
type: string
description: Password for basic authorization
api_key:
type: string
description: API key for api_key authorization
header_name:
type: string
default: X-API-Key
description: >-
Custom header name for API key (default: "X-API-Key")
additionalProperties: false
required:
- type
- header_name
title: MCPAuthorization
description: >-
Authorization configuration for MCP servers.
OpenAIResponseInputTool: OpenAIResponseInputTool:
oneOf: oneOf:
- $ref: '#/components/schemas/OpenAIResponseInputToolWebSearch' - $ref: '#/components/schemas/OpenAIResponseInputToolWebSearch'
@ -7731,9 +7696,9 @@ components:
description: >- description: >-
(Optional) HTTP headers to include when connecting to the server (Optional) HTTP headers to include when connecting to the server
authorization: authorization:
$ref: '#/components/schemas/MCPAuthorization' type: string
description: >- description: >-
(Optional) Authorization configuration for the MCP server (Optional) Bearer token authorization string (format: "Bearer <token>")
require_approval: require_approval:
oneOf: oneOf:
- type: string - type: string

39
docs/static/deprecated-llama-stack-spec.yaml vendored
View file

@ -7711,41 +7711,6 @@ components:
title: ResponseGuardrailSpec title: ResponseGuardrailSpec
description: >- description: >-
Specification for a guardrail to apply during response generation. Specification for a guardrail to apply during response generation.
MCPAuthorization:
type: object
properties:
type:
type: string
enum:
- bearer
- basic
- api_key
description: >-
Authorization type ("bearer", "basic", or "api_key")
token:
type: string
description: Bearer token for bearer authorization
username:
type: string
description: Username for basic authorization
password:
type: string
description: Password for basic authorization
api_key:
type: string
description: API key for api_key authorization
header_name:
type: string
default: X-API-Key
description: >-
Custom header name for API key (default: "X-API-Key")
additionalProperties: false
required:
- type
- header_name
title: MCPAuthorization
description: >-
Authorization configuration for MCP servers.
OpenAIResponseInputTool: OpenAIResponseInputTool:
oneOf: oneOf:
- $ref: '#/components/schemas/OpenAIResponseInputToolWebSearch' - $ref: '#/components/schemas/OpenAIResponseInputToolWebSearch'
@ -7786,9 +7751,9 @@ components:
description: >- description: >-
(Optional) HTTP headers to include when connecting to the server (Optional) HTTP headers to include when connecting to the server
authorization: authorization:
$ref: '#/components/schemas/MCPAuthorization' type: string
description: >- description: >-
(Optional) Authorization configuration for the MCP server (Optional) Bearer token authorization string (format: "Bearer <token>")
require_approval: require_approval:
oneOf: oneOf:
- type: string - type: string

39
docs/static/llama-stack-spec.yaml vendored
View file

@ -6443,41 +6443,6 @@ components:
title: ResponseGuardrailSpec title: ResponseGuardrailSpec
description: >- description: >-
Specification for a guardrail to apply during response generation. Specification for a guardrail to apply during response generation.
MCPAuthorization:
type: object
properties:
type:
type: string
enum:
- bearer
- basic
- api_key
description: >-
Authorization type ("bearer", "basic", or "api_key")
token:
type: string
description: Bearer token for bearer authorization
username:
type: string
description: Username for basic authorization
password:
type: string
description: Password for basic authorization
api_key:
type: string
description: API key for api_key authorization
header_name:
type: string
default: X-API-Key
description: >-
Custom header name for API key (default: "X-API-Key")
additionalProperties: false
required:
- type
- header_name
title: MCPAuthorization
description: >-
Authorization configuration for MCP servers.
OpenAIResponseInputTool: OpenAIResponseInputTool:
oneOf: oneOf:
- $ref: '#/components/schemas/OpenAIResponseInputToolWebSearch' - $ref: '#/components/schemas/OpenAIResponseInputToolWebSearch'
@ -6518,9 +6483,9 @@ components:
description: >- description: >-
(Optional) HTTP headers to include when connecting to the server (Optional) HTTP headers to include when connecting to the server
authorization: authorization:
$ref: '#/components/schemas/MCPAuthorization' type: string
description: >- description: >-
(Optional) Authorization configuration for the MCP server (Optional) Bearer token authorization string (format: "Bearer <token>")
require_approval: require_approval:
oneOf: oneOf:
- type: string - type: string

39
docs/static/stainless-llama-stack-spec.yaml vendored
View file

@ -7656,41 +7656,6 @@ components:
title: ResponseGuardrailSpec title: ResponseGuardrailSpec
description: >- description: >-
Specification for a guardrail to apply during response generation. Specification for a guardrail to apply during response generation.
MCPAuthorization:
type: object
properties:
type:
type: string
enum:
- bearer
- basic
- api_key
description: >-
Authorization type ("bearer", "basic", or "api_key")
token:
type: string
description: Bearer token for bearer authorization
username:
type: string
description: Username for basic authorization
password:
type: string
description: Password for basic authorization
api_key:
type: string
description: API key for api_key authorization
header_name:
type: string
default: X-API-Key
description: >-
Custom header name for API key (default: "X-API-Key")
additionalProperties: false
required:
- type
- header_name
title: MCPAuthorization
description: >-
Authorization configuration for MCP servers.
OpenAIResponseInputTool: OpenAIResponseInputTool:
oneOf: oneOf:
- $ref: '#/components/schemas/OpenAIResponseInputToolWebSearch' - $ref: '#/components/schemas/OpenAIResponseInputToolWebSearch'
@ -7731,9 +7696,9 @@ components:
description: >- description: >-
(Optional) HTTP headers to include when connecting to the server (Optional) HTTP headers to include when connecting to the server
authorization: authorization:
$ref: '#/components/schemas/MCPAuthorization' type: string
description: >- description: >-
(Optional) Authorization configuration for the MCP server (Optional) Bearer token authorization string (format: "Bearer <token>")
require_approval: require_approval:
oneOf: oneOf:
- type: string - type: string

26
src/llama_stack/apis/agents/openai_responses.py
View file

@ -483,26 +483,6 @@ class AllowedToolsFilter(BaseModel):
tool_names: list[str] | None = None tool_names: list[str] | None = None
@json_schema_type
class MCPAuthorization(BaseModel):
"""Authorization configuration for MCP servers.
:param type: Authorization type ("bearer", "basic", or "api_key")
:param token: Bearer token for bearer authorization
:param username: Username for basic authorization
:param password: Password for basic authorization
:param api_key: API key for api_key authorization
:param header_name: Custom header name for API key (default: "X-API-Key")
"""
type: Literal["bearer", "basic", "api_key"]
token: str | None = None
username: str | None = None
password: str | None = None
api_key: str | None = None
header_name: str = "X-API-Key"
@json_schema_type @json_schema_type
class OpenAIResponseInputToolMCP(BaseModel): class OpenAIResponseInputToolMCP(BaseModel):
"""Model Context Protocol (MCP) tool configuration for OpenAI response inputs. """Model Context Protocol (MCP) tool configuration for OpenAI response inputs.
@ -511,7 +491,7 @@ class OpenAIResponseInputToolMCP(BaseModel):
:param server_label: Label to identify this MCP server :param server_label: Label to identify this MCP server
:param server_url: URL endpoint of the MCP server :param server_url: URL endpoint of the MCP server
:param headers: (Optional) HTTP headers to include when connecting to the server :param headers: (Optional) HTTP headers to include when connecting to the server
:param authorization: (Optional) Authorization configuration for the MCP server :param authorization: (Optional) Bearer token authorization string (format: "Bearer <token>")
:param require_approval: Approval requirement for tool calls ("always", "never", or filter) :param require_approval: Approval requirement for tool calls ("always", "never", or filter)
:param allowed_tools: (Optional) Restriction on which tools can be used from this server :param allowed_tools: (Optional) Restriction on which tools can be used from this server
""" """
@ -520,7 +500,9 @@ class OpenAIResponseInputToolMCP(BaseModel):
server_label: str server_label: str
server_url: str server_url: str
headers: dict[str, Any] | None = None headers: dict[str, Any] | None = None
authorization: MCPAuthorization | None = None # OpenAI's MCP authorization currently only supports bearer tokens as a simple string
# Format: "Bearer <token>" (e.g., "Bearer my-secret-token")
authorization: str | None = None
require_approval: Literal["always"] | Literal["never"] | ApprovalFilter = "never" require_approval: Literal["always"] | Literal["never"] | ApprovalFilter = "never"
allowed_tools: list[str] | AllowedToolsFilter | None = None allowed_tools: list[str] | AllowedToolsFilter | None = None

29
src/llama_stack/providers/inline/agents/meta_reference/responses/streaming.py
View file

@ -11,7 +11,6 @@ from typing import Any
from llama_stack.apis.agents.openai_responses import ( from llama_stack.apis.agents.openai_responses import (
AllowedToolsFilter, AllowedToolsFilter,
ApprovalFilter, ApprovalFilter,
MCPAuthorization,
MCPListToolsTool, MCPListToolsTool,
OpenAIResponseContentPartOutputText, OpenAIResponseContentPartOutputText,
OpenAIResponseContentPartReasoningText, OpenAIResponseContentPartReasoningText,
@ -83,32 +82,16 @@ from .utils import (
logger = get_logger(name=__name__, category="agents::meta_reference") logger = get_logger(name=__name__, category="agents::meta_reference")
def _convert_authentication_to_headers(auth: MCPAuthorization) -> dict[str, str]: def _convert_authorization_to_headers(authorization: str) -> dict[str, str]:
"""Convert MCPAuthorization config to HTTP headers. """Convert authorization string to HTTP headers.
Args: Args:
auth: Authorization configuration authorization: Authorization header value (e.g., "Bearer token")
Returns: Returns:
Dictionary of HTTP headers for authorization Dictionary of HTTP headers with Authorization header
""" """
headers = {} return {"Authorization": authorization}
if auth.type == "bearer":
if auth.token:
headers["Authorization"] = f"Bearer {auth.token}"
elif auth.type == "basic":
if auth.username and auth.password:
import base64
credentials = f"{auth.username}:{auth.password}"
encoded = base64.b64encode(credentials.encode()).decode()
headers["Authorization"] = f"Basic {encoded}"
elif auth.type == "api_key":
if auth.api_key:
headers[auth.header_name] = auth.api_key
return headers
def convert_tooldef_to_chat_tool(tool_def): def convert_tooldef_to_chat_tool(tool_def):
@ -1131,7 +1114,7 @@ class StreamingResponseOrchestrator:
# Prepare headers with authorization from tool config # Prepare headers with authorization from tool config
headers = dict(mcp_tool.headers or {}) headers = dict(mcp_tool.headers or {})
if mcp_tool.authorization: if mcp_tool.authorization:
auth_headers = _convert_authentication_to_headers(mcp_tool.authorization) auth_headers = _convert_authorization_to_headers(mcp_tool.authorization)
# Don't override existing headers (case-insensitive check) # Don't override existing headers (case-insensitive check)
existing_keys_lower = {k.lower() for k in headers.keys()} existing_keys_lower = {k.lower() for k in headers.keys()}
for key, value in auth_headers.items(): for key, value in auth_headers.items():

29
src/llama_stack/providers/inline/agents/meta_reference/responses/tool_executor.py
View file

@ -10,7 +10,6 @@ from collections.abc import AsyncIterator
from typing import Any from typing import Any
from llama_stack.apis.agents.openai_responses import ( from llama_stack.apis.agents.openai_responses import (
MCPAuthorization,
OpenAIResponseInputToolFileSearch, OpenAIResponseInputToolFileSearch,
OpenAIResponseInputToolMCP, OpenAIResponseInputToolMCP,
OpenAIResponseObjectStreamResponseFileSearchCallCompleted, OpenAIResponseObjectStreamResponseFileSearchCallCompleted,
@ -45,32 +44,16 @@ from .types import ChatCompletionContext, ToolExecutionResult
logger = get_logger(name=__name__, category="agents::meta_reference") logger = get_logger(name=__name__, category="agents::meta_reference")
def _convert_authentication_to_headers(auth: MCPAuthorization) -> dict[str, str]: def _convert_authorization_to_headers(authorization: str) -> dict[str, str]:
"""Convert MCPAuthorization config to HTTP headers. """Convert authorization string to HTTP headers.
Args: Args:
auth: Authentication configuration authorization: Authorization header value (e.g., "Bearer token")
Returns: Returns:
Dictionary of HTTP headers for authentication Dictionary of HTTP headers with Authorization header
""" """
headers = {} return {"Authorization": authorization}
if auth.type == "bearer":
if auth.token:
headers["Authorization"] = f"Bearer {auth.token}"
elif auth.type == "basic":
if auth.username and auth.password:
import base64
credentials = f"{auth.username}:{auth.password}"
encoded = base64.b64encode(credentials.encode()).decode()
headers["Authorization"] = f"Basic {encoded}"
elif auth.type == "api_key":
if auth.api_key:
headers[auth.header_name] = auth.api_key
return headers
class ToolExecutor: class ToolExecutor:
@ -347,7 +330,7 @@ class ToolExecutor:
# Prepare headers with authorization from tool config # Prepare headers with authorization from tool config
headers = dict(mcp_tool.headers or {}) headers = dict(mcp_tool.headers or {})
if mcp_tool.authorization: if mcp_tool.authorization:
auth_headers = _convert_authentication_to_headers(mcp_tool.authorization) auth_headers = _convert_authorization_to_headers(mcp_tool.authorization)
# Don't override existing headers (case-insensitive check) # Don't override existing headers (case-insensitive check)
existing_keys_lower = {k.lower() for k in headers.keys()} existing_keys_lower = {k.lower() for k in headers.keys()}
for key, value in auth_headers.items(): for key, value in auth_headers.items():