Progressing with agent-testing. Refactored mcp to have a wrapper run call. Verified simplest agent answering. Implemented new secret loading for google api

R-Rudolf · R-Rudolf · commit 5990638d4c13 · 2025-11-21T23:37:33.000+01:00
diff --git a/agent-test/.gitignore b/agent-test/.gitignore
@@ -1 +1,3 @@
 config.yaml
+*.secrets.yaml
+*.env
diff --git a/agent-test/mcp-agent.yaml b/agent-test/mcp-agent.yaml
@@ -0,0 +1,4 @@
+google:
+  default_model: gemini-2.5-flash
+  api_key: "${GOOGLE_API_KEY}"
+  vertexai: false
diff --git a/agent-test/spendee_agent.py b/agent-test/spendee_agent.py
@@ -1,9 +1,16 @@
+#!/usr/bin/env python3
+
 import asyncio
 import os
 
+import dotenv
 from mcp_agent.app import MCPApp
 from mcp_agent.agents.agent import Agent
-from mcp_agent.workflows.llm.augmented_llm_openai import GoogleAugmentedLLM
+from mcp_agent.workflows.llm.augmented_llm_google import GoogleAugmentedLLM
+
+
+
+dotenv.load_dotenv()
 
 app = MCPApp(name="hello_world_agent")
 
@@ -12,7 +19,7 @@ async def example_usage():
         logger = mcp_agent_app.logger
         # This agent can read the filesystem or fetch URLs
         finder_agent = Agent(
-            name="Lumi-test",
+            name="test",
             instruction="""You are a helpful assistant""",
              #server_names=["fetch", "filesystem"], # MCP servers this Agent can use
         )
diff --git a/requirements.txt b/requirements.txt
@@ -16,4 +16,4 @@ pytest-asyncio
 python-dotenv
 
 # agent
-mcp-agent
+mcp-agent[google]
diff --git a/setup.sh b/setup.sh
@@ -3,8 +3,6 @@ set -euo pipefail
 
 cd "$(dirname "$0")"
 
-REQUIRED_PASSWORD="spendee-password"
-
 # --- Mise environment setup ---
 if ! command -v curl >/dev/null 2>&1; then
   echo "curl not found. Installing curl via apt..."
@@ -42,21 +40,47 @@ mise install
 
 
 # --- Bitwarden credential setup ---
+
+function load_spendee_env() {
+  REQUIRED_PASSWORD="spendee-password"
+  if ! bws secret list | jq -r '.[] | .key' | grep -qx "$REQUIRED_PASSWORD"; then
+    echo "Secret key '$REQUIRED_PASSWORD' not found in Bitwarden secrets. Verify if access key is right, or access to the project/key was set."
+    exit 1
+  fi
+  PASSWORD=$(bws secret list  | jq -r '.[] | select(.key == "'$REQUIRED_PASSWORD'") | .value')
+  EMAIL_LINE=$(bws secret list  | jq -r '.[] | select(.key == "'$REQUIRED_PASSWORD'") | .note') # example value: EMAIL=lumi.8.lumiere@gmail.com
+
+  echo "export PASSWORD='${PASSWORD}'" > .env
+  echo "export ${EMAIL_LINE}" >> .env
+}
+
+function load_mcp_agent_env() {
+  REQUIRED_API_KEY="GOOGLE_API_KEY"
+  if ! bws secret list | jq -r '.[] | .key' | grep -qx "$REQUIRED_API_KEY"; then
+    echo "Secret key '$REQUIRED_API_KEY' not found in Bitwarden secrets. Verify if access key is right, or access to the project/key was set."
+    exit 1
+  fi
+  GOOGLE_API_KEY=$(bws secret list  | jq -r '.[] | select(.key == "'$REQUIRED_API_KEY'") | .value') 
+  echo "GOOGLE_API_KEY='${GOOGLE_API_KEY}'" > agent-test/.env
+  echo "GGOOGLE_API_KEY set in agent-test/.env"
+}
+
 if [ ! -f ".env" ]; then
   if [ -z "${BWS_ACCESS_TOKEN:-}" ]; then
     echo "Neither .env file is set, nor BWS_ACCESS_TOKEN environment variable is not set or empty. Setup can not be complete without them."
     exit 1
   fi
   echo ".env file does not exist, loading it via Bitwarden"
-  if ! bws secret list | jq -r '.[] | .key' | grep -qx "$REQUIRED_PASSWORD"; then
-    echo "Secret key '$REQUIRED_PASSWORD' not found in Bitwarden secrets. Verify if access key is right, or access to the project/key was set."
+  load_spendee_env
+fi
+
+if [ ! -f "agent-test/.env" ]; then
+  if [ -z "${BWS_ACCESS_TOKEN:-}" ]; then
+    echo "Neither .env file is set, nor BWS_ACCESS_TOKEN environment variable is not set or empty. Setup can not be complete without them."
     exit 1
   fi
-  PASSWORD=$(bws secret list  | jq -r '.[] | select(.key == "'$REQUIRED_PASSWORD'") | .value')
-  EMAIL_LINE=$(bws secret list  | jq -r '.[] | select(.key == "'$REQUIRED_PASSWORD'") | .note') # example value: EMAIL=lumi.8.lumiere@gmail.com
-
-  echo "PASSWORD='${PASSWORD}'" > .env
-  echo "${EMAIL_LINE}" >> .env
+  echo "agent-test/.env file does not exist, loading it via Bitwarden"
+  load_mcp_agent_env
 fi
 
 
@@ -70,6 +94,6 @@ echo  "Activate the python virtual environment"
 source .venv/bin/activate
 
 echo "Install dependencies"
-pip install -r requirements.txt
+#pip install -r requirements.txt
 
 echo "Setup completed!"
diff --git a/spendee/spendee_mcp.py b/spendee/spendee_mcp.py
@@ -33,46 +33,63 @@
 # setup for "Transport Type": "SSE"
 #    "Server URL" to "http://localhost:8000/sse"
 
-EMAIL = os.getenv('EMAIL')
-PASSWORD = os.getenv('PASSWORD')
 
-ACCEPTED_TOKEN = os.environ.get("MCP_TOKEN", "spendee-token")
-PORT = int(os.environ.get("MCP_PORT", 8000))
 DEBUG_MODE = os.environ.get("DEBUG_MODE", "") != ""
-TRANSFER_MODE = os.environ.get("TRANSFER_MODE", "sse").lower()
-
-
-if TRANSFER_MODE not in ["sse", "streamable-http"]:
-    raise ValueError("TRANSFER_MODE must be either 'sse' or 'streamable-http'")
-
-if not EMAIL or not PASSWORD:
-    raise ValueError('Please set EMAIL and PASSWORD as an ENV variable.')
 
 logging.basicConfig(level=logging.DEBUG)
 logger = logging.getLogger(__name__)
 
-mcp = FastMCP("spendee", host="0.0.0.0", port=PORT)
 
-spendee = SpendeeFirestore(EMAIL, PASSWORD)
-
-# Automatically register all MCP tools from the client
-for name, func in MCP_TOOLS.items():
-    # Bind the method to the spendee instance if it's a class method
-    bound_func = getattr(spendee, name)
-    mcp.tool()(bound_func)
-
-def main():
-    #debug_secret(ACCEPTED_TOKEN, "MCP_TOKEN")
-    #debug_secret(PASSWORD, "PASSWORD")
+def run(email=None, password=None, port=8000, accepted_token="spendee-token", transfer_mode="sse"):
+    
+    if transfer_mode not in ["sse", "streamable-http"]:
+        raise ValueError("TRANSFER_MODE must be either 'sse' or 'streamable-http'")
+
+    if not email or not password:
+        raise ValueError('Please set EMAIL and PASSWORD as an ENV variable.')
+
+    mcp = FastMCP("spendee", host="0.0.0.0", port=port)
+
+    spendee = SpendeeFirestore(EMAIL, PASSWORD)
+
+    # Automatically register all MCP tools from the client
+    for name, func in MCP_TOOLS.items():
+        # Bind the method to the spendee instance if it's a class method
+        bound_func = getattr(spendee, name)
+        mcp.tool()(bound_func)
+    
+    async def check_bearer_auth(request, error_response=None):
+        if accepted_token == "disabled":
+            logger.info("Bearer token authentication is disabled.")
+            return None
+
+        if DEBUG_MODE:
+            logger.debug(f"Incoming request: method={request.method}, url={request.url}")
+            logger.debug(f"Request headers: {dict(request.headers)}")
+
+        auth_header = request.headers.get("authorization")
+        if not auth_header or not auth_header.lower().startswith("bearer "):
+            logger.warning("Missing or invalid Authorization header.")
+            if error_response:
+                return await error_response("Missing or invalid Authorization header.", 401)
+            raise HTTPException(401, "Missing or invalid Authorization header.")
+
+        token = auth_header.split(" ", 1)[1]
+        if token != accepted_token:
+            logger.warning("Invalid token.")
+            if error_response:
+                return await error_response("Invalid token.", 401)
+            raise HTTPException(401, "Invalid token.")
+        return None
 
     logger.info("Starting Spendee MCP Server")
     # I failed to unify both transfer modes, because of some lifecycle issues
-    if TRANSFER_MODE == "streamable-http":
+    if transfer_mode == "streamable-http":
         logger.info("Using Streamable HTTP transport")
-        streaming_server()
+        streaming_server(mcp, port, check_bearer_auth)
     else:
         logger.info("Using SSE transport")
-        sse_server()
+        sse_server(mcp, port, check_bearer_auth)
 
 # Authentication middleware and server setup
 
@@ -82,32 +99,8 @@ def debug_secret(secret, name):
     logger.debug(f"sha256('{salt}' + token): {token_hash}")
     logger.debug(f"You can verify with: echo -n \"{salt}${name}\" | sha256sum")
 
-async def check_bearer_auth(request, error_response=None):
-    if ACCEPTED_TOKEN == "disabled":
-        logger.info("Bearer token authentication is disabled.")
-        return None
-
-    if DEBUG_MODE:
-        logger.debug(f"Incoming request: method={request.method}, url={request.url}")
-        logger.debug(f"Request headers: {dict(request.headers)}")
-
-    auth_header = request.headers.get("authorization")
-    if not auth_header or not auth_header.lower().startswith("bearer "):
-        logger.warning("Missing or invalid Authorization header.")
-        if error_response:
-            return await error_response("Missing or invalid Authorization header.", 401)
-        raise HTTPException(401, "Missing or invalid Authorization header.")
-
-    token = auth_header.split(" ", 1)[1]
-    if token != ACCEPTED_TOKEN:
-        logger.warning("Invalid token.")
-        if error_response:
-            return await error_response("Invalid token.", 401)
-        raise HTTPException(401, "Invalid token.")
-    return None
-
 
-def streaming_server():
+def streaming_server(mcp, port, check_bearer_auth):
     # maybe this would be simpler: https://gofastmcp.com/deployment/self-hosted#environment-variables
     session_manager = StreamableHTTPSessionManager(
         app=mcp._mcp_server,
@@ -130,12 +123,12 @@ async def lifespan(app: FastAPI):
     app = FastAPI(lifespan=lifespan)
     app.mount("/mcp", auth_middleware)
 
-    logger.info(f"Starting Spendee MCP Server with Bearer Token Authentication on port {PORT}")
-    logger.info(f"Access the MCP endpoint at http://0.0.0.0:{PORT}/mcp")
-    uvicorn.run(app, host="0.0.0.0", port=PORT)
+    logger.info(f"Starting Spendee MCP Server with Bearer Token Authentication on port {port}")
+    logger.info(f"Access the MCP endpoint at http://0.0.0.0:{port}/mcp")
+    uvicorn.run(app, host="0.0.0.0", port=port)
 
 
-def sse_server():
+def sse_server(mcp, port, check_bearer_auth):
     sse_transport = SseServerTransport("/messages/")
 
     async def error_response(msg, status):
@@ -169,10 +162,15 @@ async def sse_auth_middleware(scope: Scope, receive: Receive, send: Send):
             Mount("/", sse_auth_middleware),
         ],
     )
-    uvicorn.run(app, host="0.0.0.0", port=PORT)
+    uvicorn.run(app, host="0.0.0.0", port=port)
 
 
 if __name__ == "__main__":
-    main()
-else:
-    main()
+    
+    EMAIL = os.getenv('EMAIL')
+    PASSWORD = os.getenv('PASSWORD')
+    ACCEPTED_TOKEN = os.environ.get("MCP_TOKEN", "spendee-token")
+    PORT = int(os.environ.get("MCP_PORT", 8000))
+    TRANSFER_MODE = os.environ.get("TRANSFER_MODE", "sse").lower()
+
+    run(email=EMAIL, password=PASSWORD, port=PORT, accepted_token=ACCEPTED_TOKEN, transfer_mode=TRANSFER_MODE)

Original file line number	Diff line number	Diff line change
`@@ -1 +1,3 @@`
`1`	`1`	`config.yaml`
	`2`	`+*.secrets.yaml`
	`3`	`+*.env`