Merge branch 'ft-mvp' into 'dev'

Add Auth See merge request desarrollo/evoluci-n-tecnol-gica/ap01194-orq-cog/orchestrator!2
2026-02-25 15:12:57 +00:00
parent b3f4ddd1a8 c7d9f25fa7
commit 914a23a97e
5 changed files with 38 additions and 2 deletions
--- a/3
+++ b/3
@@ -11,10 +11,12 @@ WORKDIR /app
 # Install dependencies first (cached layer as long as lockfile doesn't change)
 COPY pyproject.toml uv.lock ./
 RUN uv lock --upgrade
 RUN uv sync --locked --no-install-project --no-editable
 # Copy the rest of the project and install it
 COPY . .
 RUN uv lock
 RUN uv sync --locked --no-editable
 # --- Final stage: no uv, no build artifacts ---
@@ -23,6 +25,7 @@ FROM quay.ocp.banorte.com/golden/python-312:latest
 WORKDIR /app
 COPY --from=builder /app/.venv /app/.venv
 COPY --from=builder /app /app
 COPY config.yaml ./
 ENV PATH="/app/.venv/bin:$PATH"
--- a/config.yaml
+++ b/config.yaml
@@ -2,7 +2,10 @@ google_cloud_project: bnt-orquestador-cognitivo-dev
 google_cloud_location: us-central1
 firestore_db: bnt-orquestador-cognitivo-firestore-bdo-dev
-mcp_remote_url: https://ap01194-orq-cog-orchestrator-1007577023101.us-central1.run.app/sse
+
 mcp_remote_url: "https://ap01194-orq-cog-rag-connector-1007577023101.us-central1.run.app/sse"
 # audience sin la ruta, para emitir el ID Token:
 mcp_audience: "https://ap01194-orq-cog-rag-connector-1007577023101.us-central1.run.app"
 agent_name: VAia
 agent_model: gemini-2.5-flash
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -12,6 +12,7 @@ dependencies = [
    "google-adk>=1.14.1",
    "google-cloud-firestore>=2.23.0",
    "pydantic-settings[yaml]>=2.13.1",
    "google-auth>=2.34.0",
 ]
 [build-system]
--- a/src/va_agent/agent.py
+++ b/src/va_agent/agent.py
@@ -10,7 +10,33 @@ from google.cloud.firestore_v1.async_client import AsyncClient
 from va_agent.config import settings
 from va_agent.session import FirestoreSessionService
-connection_params = SseConnectionParams(url=settings.mcp_remote_url)
+
 # --- Autenticación Cloud Run → Cloud Run (ID Token) ---
 from google.oauth2 import id_token
 from google.auth.transport.requests import Request as GAuthRequest
 def _fetch_id_token(audience: str) -> str:
    """Emite un ID Token para invocar un servicio Cloud Run protegido."""
    return id_token.fetch_id_token(GAuthRequest(), audience)
 # Audience = URL del MCP remoto 
 _MCP_URL = settings.mcp_remote_url
 _MCP_AUDIENCE = getattr(settings, "mcp_audience", None) or _MCP_URL
 def _auth_headers_provider() -> dict[str, str]:
    token = _fetch_id_token(_MCP_AUDIENCE)
    return {"Authorization": f"Bearer {token}"}
 connection_params = SseConnectionParams(
    url=_MCP_URL,
    headers=_auth_headers_provider()
 )
 # connection_params = SseConnectionParams(url=settings.mcp_remote_url)
 toolset = McpToolset(connection_params=connection_params)
 agent = Agent(
--- a/src/va_agent/config.py
+++ b/src/va_agent/config.py
@@ -27,6 +27,9 @@ class AgentSettings(BaseSettings):
    firestore_db: str
    # MCP configuration
    mcp_audience: str
    # MCP configuration audience
    mcp_remote_url: str
    model_config = SettingsConfigDict(