diff --git a/.DS_Store b/.DS_Store deleted file mode 100644 index 19055052..00000000 Binary files a/.DS_Store and /dev/null differ diff --git a/modules/.DS_Store b/modules/.DS_Store deleted file mode 100644 index c858e8dd..00000000 Binary files a/modules/.DS_Store and /dev/null differ diff --git a/modules/ROOT/.DS_Store b/modules/ROOT/.DS_Store deleted file mode 100644 index c3288384..00000000 Binary files a/modules/ROOT/.DS_Store and /dev/null differ diff --git a/modules/ROOT/assets/.DS_Store b/modules/ROOT/assets/.DS_Store deleted file mode 100644 index a25ef3d6..00000000 Binary files a/modules/ROOT/assets/.DS_Store and /dev/null differ diff --git a/modules/ROOT/assets/image-source-files/.DS_Store b/modules/ROOT/assets/image-source-files/.DS_Store deleted file mode 100644 index 5a334282..00000000 Binary files a/modules/ROOT/assets/image-source-files/.DS_Store and /dev/null differ diff --git a/modules/ROOT/assets/image-source-files/mcp-bridge-instance.graffle b/modules/ROOT/assets/image-source-files/mcp-bridge-instance.graffle new file mode 100644 index 00000000..2b126953 Binary files /dev/null and b/modules/ROOT/assets/image-source-files/mcp-bridge-instance.graffle differ diff --git a/modules/ROOT/assets/images/mcp-bridge-instance.png b/modules/ROOT/assets/images/mcp-bridge-instance.png new file mode 100644 index 00000000..197b11e6 Binary files /dev/null and b/modules/ROOT/assets/images/mcp-bridge-instance.png differ diff --git a/modules/ROOT/nav.adoc b/modules/ROOT/nav.adoc index f3c61c60..fb0048c6 100644 --- a/modules/ROOT/nav.adoc +++ b/modules/ROOT/nav.adoc @@ -7,6 +7,7 @@ *** xref:create-instance-task-mule.adoc[Add a Mule Gateway API Instance] *** xref:create-instance-task-flex.adoc[Add a Flex Gateway API Instance] *** xref:create-instance-task-agent-tool.adoc[Add a Flex Gateway Agent or Tool instance] + *** xref:create-instance-task-mcp-bridge.adoc[Add a Flex Gateway MCP Bridge instance] ** xref:find-api-id-task.adoc[Obtain an API Instance ID] ** xref:export-api-latest-task.adoc[Export an API Instance] ** xref:access-developer-portal-task.adoc[Access the Developer Portal] diff --git a/modules/ROOT/pages/_partials/task-add-api-instance.adoc b/modules/ROOT/pages/_partials/task-add-api-instance.adoc index 98d36acc..aa5ccdf6 100644 --- a/modules/ROOT/pages/_partials/task-add-api-instance.adoc +++ b/modules/ROOT/pages/_partials/task-add-api-instance.adoc @@ -14,9 +14,13 @@ Use Flex Gateway for any agent, broker, LLM, or MCP server that needs a flexible //end::flex-agent-tool-intro[] +//tag::mcp-bridge-intro[] +Use Flex Gateway MCP Bridge to create MCP servers to expose your current API instances as MCP tools so agents can discover and call them. + +//end::mcp-bridge-intro[] + //tag::mule-intro[] -Use Mule Gateway if you have APIs on Mule Runtime that need an API gateway to manage, observe, -and secure your APIs. +Use Mule Gateway if you have APIs on Mule Runtime that need an API gateway to manage, observe, and secure your APIs. //end::mule-intro[] @@ -227,7 +231,7 @@ include::partial$api-configuration-tables.adoc[tags=mule-proxy-upstream] //tag::last-steps[] . Review your selections and edit them if necessary. -. If you are ready to deploy, click **Save & Deploy**. Otherwise, you can select **Save**, to save the API instance +. If you are ready to deploy, click *Save & Deploy*. Otherwise, you can select *Save*, to save the instance and deploy it at a later time. + // end::last-steps[] \ No newline at end of file diff --git a/modules/ROOT/pages/add-api-instances.adoc b/modules/ROOT/pages/add-api-instances.adoc index 77c731d3..68f70ce2 100644 --- a/modules/ROOT/pages/add-api-instances.adoc +++ b/modules/ROOT/pages/add-api-instances.adoc @@ -9,3 +9,5 @@ include::partial$task-add-api-instance.adoc[tags=mule-intro] include::partial$task-add-api-instance.adoc[tags=flex-intro] * xref:create-instance-task-agent-tool.adoc[] + include::partial$task-add-api-instance.adoc[tags=flex-agent-tool-intro] +* xref:create-instance-task-mcp-bridge.adoc[] + +include::partial$task-add-api-instance.adoc[tags=mcp-bridge-intro] diff --git a/modules/ROOT/pages/api-instance-landing-page.adoc b/modules/ROOT/pages/api-instance-landing-page.adoc index ef4dcf10..14b2eda4 100644 --- a/modules/ROOT/pages/api-instance-landing-page.adoc +++ b/modules/ROOT/pages/api-instance-landing-page.adoc @@ -22,6 +22,7 @@ To manage instances in API Manager: ** xref:create-instance-task-mule.adoc[] ** xref:create-instance-task-flex.adoc[] ** xref:create-instance-task-agent-tool.adoc[] +** xref:create-instance-public-exchange.adoc[] . View an instance's summary for information or to export it: ** xref:find-api-id-task.adoc[] - API Manager generates the `apiId` of new APIs managed by API Manager for use with Mule 4. ** xref:export-api-latest-task.adoc[] - After creating an instance, you can export it. This exports the instance configuration and Exchange asset relationship. You can then import it into another environment in the same business group to create a new instance. diff --git a/modules/ROOT/pages/create-instance-public-exchange.adoc b/modules/ROOT/pages/create-instance-public-exchange.adoc new file mode 100644 index 00000000..f8222d4c --- /dev/null +++ b/modules/ROOT/pages/create-instance-public-exchange.adoc @@ -0,0 +1,54 @@ += Adding an MCP Server from Public Exchange +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] + +This workflow describes how to create an MCP server in API Manager by selecting an asset published in the public Exchange (Provided by MuleSoft). + +To base a new instance on an MCP server published to Exchange and maintained outside your organization, use this workflow. + +== Add an MCP Server or Agent Instance from Public Exchange + +. Navigate to *Anypoint Platform* > *API Manager*. +. Select an instance type. +. Click *Add* to start the guided experience. +. Click *Next* until you reach the *Select asset from Exchange* step. + +. In *Organization*, select *Provided by MuleSoft*. ++ +Selecting *Provided by MuleSoft* lets you browse and search assets that are publicly available in Exchange. + +. To find an asset, search by name or filter using the *Provided by Mulesoft* tag. ++ +Use tags to narrow down the list of available assets. + +. Select an asset from the list. ++ +The asset list shows the latest available version and the date it was published to Exchange. You can select a different version if needed. + +. To review the asset details before continuing, click *View in Exchange*. + +. Click *Next*. + +[NOTE] +-- +When you select an asset from *Provided by MuleSoft*, API Manager automatically populates the instance metadata from Exchange, including the asset name and version. +-- + +. Continue through the remaining steps of the guided experience to configure the instance. ++ +The remaining configuration steps are the same as when creating an instance from a private Exchange asset. + +. Review the configuration and click *Save*. + +== What Happens Next + +After the instance is created, you can manage it in API Manager like any other instance. This includes applying policies, viewing instance details, and monitoring its status. + +Public Exchange assets are treated as read-only sources. The instance maintains a reference to the original Exchange asset rather than copying it into your organization’s private Exchange. + +== See Also + +* xref:latest-overview-concept.adoc[] +* xref:exchange::index.adoc[] +* xref:create-instance-task-agent-tool.adoc[] diff --git a/modules/ROOT/pages/create-instance-task-mcp-bridge.adoc b/modules/ROOT/pages/create-instance-task-mcp-bridge.adoc new file mode 100644 index 00000000..dcdc7313 --- /dev/null +++ b/modules/ROOT/pages/create-instance-task-mcp-bridge.adoc @@ -0,0 +1,81 @@ += Adding an MCP Bridge Instance +ifndef::env-site,env-github[] +include::_attributes.adoc[] +endif::[] +:product: flex + +Flex Gateway MCP Bridge enables you to create MCP servers from your existing API instances. With the MCP Bridge, you can expose your current API instances as MCP tools so agents can discover and call them. + +Define your MCP bridge by selecting API instances and mapping them to MCP tools. When an agent requests the list of available tools (`tools/list`),the gateway responds using an MCP descriptor that defines each tool's name, description, and input schema. When an agent calls a tool (`tools/call`), the MCP Bridge maps the tool name and arguments to an HTTP request based on your configuration. + +This diagram shows the relationship of the upstream and downstream configurations to your upstream service and agent client: + +image:mcp-bridge-instance.png[The MCP Bridge instance is deployed on a gateway between the upstream apis and downstream configuration] + +NOTE: MCP Bridge doesn't support API instances with multiple upstream services. + +== Before You Begin + +[[add-server]] +== Add a New Agent or Tool Instance + +To add and a new MCP Bridge for Flex Gateway: + +. Ensure that all API instances you want to add to your MCP Server are running on the same Flex Gateway you want to add your MCP Server to. +. To begin creating your MCP Server instance, you can start from these locations: +** From *API Instances*: +... Click on an API instance you want to add to an MCP Server. +... Click *Actions* > *Add to new MCP Server instance*. + +** From *Agent and Tool Instances*: +... Click *Add* > *MCP Bridge*. +. Select a Flex Gateway to deploy the MCP server instance to from *Select a gateway*. +. Click *Next*. +. Select the API instances you want to add to your MCP Server. +. Define a *MCP asset name*. +. Click *Next*. +. Configure the downstream configuration settings: ++ +.Managed Flex Gateway +[%collapsible] +==== +include::partial$api-configuration-tables.adoc[tags=flex-downstream-agent-tool-managed] +==== ++ +.Self-Managed Flex Gateway (Connected Mode) +[%collapsible] +==== +include::partial$api-configuration-tables.adoc[tags=flex-downstream-agent-tool-self-managed] +==== + +. Click *Next*. +. Configure the upstream services for your API instances: ++ +|=== +| Field Name | Description | Required | Notes +| *Route Label* | Label to better identify multiple API instances. | Yes | By default, the label if the API name. +| *Upstream URL* | URL to access for the upstream service. This must end with a `/`. | Yes | For example, you can use the URL of your asset in Exchange. +| *Outbound TLS* | TLS Context used for the outbound traffic to the upstream service | No | xref:gateway::flex-conn-tls-config.adoc[Configure a TLS Context for Flex Gateway] before adding a TLS Context to your server. +|=== ++ +To switch amoung API instances, select the name of the API. +. Click *Next*. +. Define your API Tools: + +include::partial$task-add-api-instance.adoc[tags=last-steps] + +[[agent-network-projects]] +== Edit Agent Network Project Instances + +Some instances in *Agent and Tool Instances* can be created by supplying a YAML file in an agent network project. For instances created with the YAML file, the YAML file is treated as the source of truth. If you edit the instance in API Manager (for example, to add policies), the changes are reverted to the YAML file when the instance is redeployed from the agent network project. + +To ensure changes to instances created from a YAML source are present after redeployment, edit the YAML source. + +For more information, see xref:anypoint-code-builder::af-define-your-agent-network-specification.adoc[]. + +== See Also + +* xref:latest-overview-concept.adoc[] +* xref:anypoint-code-builder::af-define-your-agent-network-specification.adoc[] +* xref:gateway::flex-install.adoc[] +* xref:gateway::flex-conn-reg-run.adoc[] diff --git a/modules/ROOT/pages/mule-oauth-provider-landing-page.adoc b/modules/ROOT/pages/mule-oauth-provider-landing-page.adoc index c0ab9467..edbfdac5 100644 --- a/modules/ROOT/pages/mule-oauth-provider-landing-page.adoc +++ b/modules/ROOT/pages/mule-oauth-provider-landing-page.adoc @@ -63,7 +63,7 @@ image::mule-oauth-provider.png[height=150,width=250] === Implementing Scopes -The OAuth 2.0 https://tools.ietf.org/html/rfc6749#page-23[scopes] enable you to further limit access to a resource protected by OAuth. You can define words, such as `READ` and `WRITE`, or others specific to your organization, such as `CONTRACTOR`, `PUBLIC`, `EMPLOYEES_ONLY`, and so on. +The OAuth 2.0 https://datatracker.ietf.org/doc/html/rfc6749#page-23[scopes] enable you to further limit access to a resource protected by OAuth. You can define words, such as `READ` and `WRITE`, or others specific to your organization, such as `CONTRACTOR`, `PUBLIC`, `EMPLOYEES_ONLY`, and so on. You can define scopes in three different places: diff --git a/modules/ROOT/pages/oauth-grant-types-about.adoc b/modules/ROOT/pages/oauth-grant-types-about.adoc index 89af9fd7..0abf1d91 100644 --- a/modules/ROOT/pages/oauth-grant-types-about.adoc +++ b/modules/ROOT/pages/oauth-grant-types-about.adoc @@ -37,7 +37,7 @@ To get a token using this grant type, the following information needs to be spec * Redirect URL as specified on the client application definition === HTTP request example against the provider to get a token -Assuming that the provider is accessible on http://localhost:8081 and the redirect URL of your client application is "http://localhost:1234": +Assuming that the provider is accessible on `\http://localhost:8081` and the redirect URL of your client application is `\http://localhost:1234`: Request authorization: [source,console] @@ -75,7 +75,7 @@ JSon Response: The implicit grant type is not as secure as, but easier to use than the authorization code grant type. Javascript clients and mobile applications often use this grant type. The authorization server issues an access token directly and skips the step of issuing an intermediate access code. === HTTP request example against the provider to get a token -Assuming that the provider is accessible on http://localhost:8081 and the redirect URL of your client application is "http://localhost:1234": +Assuming that the provider is accessible on `\http://localhost:8081` and the redirect URL of your client application is `\http://localhost:1234`: Invoke the authorization endpoint with a request that includes the client ID, the type of authorization you want to perform, the redirect URL, and the scopes you want to authorize. The structure of the request should look like the URI below: @@ -97,7 +97,7 @@ http://localhost:1234/#access_token=&token_type=bearer&expires_in=8 The resource owner password credentials grant type is less secure than both the implicit and the authorization code grant types. The client needs to handle the user's credentials. This requires that users have a high degree of trust in the client. This grant type is often used when the consumer of the protected resource is a widget of the same service. === HTTP request example against the provider to get a token -Assuming that the provider is accessible on http://localhost:8081 : +Assuming that the provider is accessible on `\http://localhost:8081`: Send a POST request to the token endpoint that includes the user name and password: @@ -123,7 +123,7 @@ JSon Response Example: The client credentials grant type is the least secure grant type. Use this grant type when the client is the resource owner or an authorization has previously been arranged with the authorization server. In this grant type, an access token is obtained if the client identifier and the client secret are valid. === HTTP request example against the provider to get a token -Assuming that the provider is accessible on http://localhost:8081 and the redirect URL of your client application is "http://localhost:1234": +Assuming that the provider is accessible on `\http://localhost:8081` and the redirect URL of your client application is `\http://localhost:1234`: Send a POST request to the token endpoint that includes the user name and password: