TIBCOSoftware
diff --git a/‎.gitignore‎
Lines changed: 3 additions & 0 deletions b/‎.gitignore‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎charts/provisioner-config-local/Chart.yaml‎
Lines changed: 1 addition & 1 deletion b/‎charts/provisioner-config-local/Chart.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎charts/provisioner-config-local/recipes/tp-base-on-prem-https.yaml‎
Lines changed: 16 additions & 3 deletions b/‎charts/provisioner-config-local/recipes/tp-base-on-prem-https.yaml‎
Lines changed: 16 additions & 3 deletions
diff --git a/‎charts/provisioner-config-local/recipes/tp-base-on-prem.yaml‎
Lines changed: 16 additions & 3 deletions b/‎charts/provisioner-config-local/recipes/tp-base-on-prem.yaml‎
Lines changed: 16 additions & 3 deletions
diff --git a/‎docs/recipes/automation/tp-setup/bootstrap/CHANGELOG.md‎
Lines changed: 10 additions & 0 deletions b/‎docs/recipes/automation/tp-setup/bootstrap/CHANGELOG.md‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎docs/recipes/automation/tp-setup/bootstrap/mcps/K8S_MCP_AUTHENTICATION.md‎
Lines changed: 108 additions & 0 deletions b/‎docs/recipes/automation/tp-setup/bootstrap/mcps/K8S_MCP_AUTHENTICATION.md‎
Lines changed: 108 additions & 0 deletions
diff --git a/‎docs/recipes/automation/tp-setup/bootstrap/mcps/MCP_SERVERS_CONFIG.md‎
Lines changed: 65 additions & 0 deletions b/‎docs/recipes/automation/tp-setup/bootstrap/mcps/MCP_SERVERS_CONFIG.md‎
Lines changed: 65 additions & 0 deletions
@@ -30,6 +30,9 @@ Temporary Items
 # Chart dependencies
 **/charts/*.tgz
 
+/.venv/
+/.vscode/
+/.history/
 /docs/recipes/automation/1.3/
 /docs/recipes/automation/1.4/
 /docs/recipes/automation/gcp/
 
@@ -8,7 +8,7 @@ apiVersion: v2
 name: provisioner-config-local
 description: Platform Provisioner local config
 type: application
-version: "1.7.10"
+version: "1.7.15"
 appVersion: "2.0.1"
 home: https://github.com/TIBCOSoftware/tp-helm-charts
 maintainers:
 
@@ -413,7 +413,7 @@ helmCharts:
         enabled: true
         image:
           repository: ghcr.io/tibcosoftware/platform-provisioner/platform-provisioner
-          tag: 1.4.1-auto-on-prem-jammy
+          tag: 1.4.2-auto-on-prem-jammy
         ports:
           http:
             enabled: true
@@ -429,6 +429,19 @@ helmCharts:
             protocol: TCP
             containerPort: 8091
             servicePort: 8091
+        env:
+        - name: K8S_MCP_TRANSPORT
+          value: "sse" # "streamable-http" or "sse"
+        - name: K8S_MCP_HTTP_BEARER_TOKEN
+          value: ""
+        - name: K8S_MCP_DEBUG
+          value: "false"
+        - name: TP_MCP_TRANSPORT
+          value: "sse" # "streamable-http" or "sse"
+        - name: TP_MCP_HTTP_BEARER_TOKEN
+          value: ""
+        - name: TP_MCP_DEBUG
+          value: "false"
         others:
           dnsPolicy: ClusterFirstWithHostNet
           # hostNetwork: true
@@ -480,7 +493,7 @@ helmCharts:
   version: 1.4.0
   condition: ${TP_AUTOMATION_INSTALL}
   namespace: ${TP_AUTOMATION_NAMESPACE}
-  releaseName: mcp-infra-tp
+  releaseName: mcp-infra-tp-automation
   repo:
     helm:
       url: https://test-server.github.yyzd.me
@@ -495,7 +508,7 @@ helmCharts:
         spec:
           ingressClassName: ${TP_PROVISIONER_UI_INGRESS_CLASSNAME}
           rules:
-            - host: 'mcp-infra-tp.${TP_DNS_DOMAIN}'
+            - host: 'mcp-infra-tp-automation.${TP_DNS_DOMAIN}'
               http:
                 paths:
                   - path: /
 
@@ -367,7 +367,7 @@ helmCharts:
         enabled: true
         image:
           repository: ghcr.io/tibcosoftware/platform-provisioner/platform-provisioner
-          tag: 1.4.1-auto-on-prem-jammy
+          tag: 1.4.2-auto-on-prem-jammy
         ports:
           http:
             enabled: true
@@ -383,6 +383,19 @@ helmCharts:
             protocol: TCP
             containerPort: 8091
             servicePort: 8091
+        env:
+        - name: K8S_MCP_TRANSPORT
+          value: "sse" # "streamable-http" or "sse"
+        - name: K8S_MCP_HTTP_BEARER_TOKEN
+          value: ""
+        - name: K8S_MCP_DEBUG
+          value: "false"
+        - name: TP_MCP_TRANSPORT
+          value: "sse" # "streamable-http" or "sse"
+        - name: TP_MCP_HTTP_BEARER_TOKEN
+          value: ""
+        - name: TP_MCP_DEBUG
+          value: "false"
         others:
           dnsPolicy: ClusterFirstWithHostNet
           # hostNetwork: true
@@ -434,7 +447,7 @@ helmCharts:
   version: 1.4.0
   condition: ${TP_AUTOMATION_INSTALL}
   namespace: ${TP_AUTOMATION_NAMESPACE}
-  releaseName: mcp-infra-tp
+  releaseName: mcp-infra-tp-automation
   repo:
     helm:
       url: https://test-server.github.yyzd.me
@@ -449,7 +462,7 @@ helmCharts:
         spec:
           ingressClassName: ${TP_PROVISIONER_UI_INGRESS_CLASSNAME}
           rules:
-            - host: 'mcp-infra-tp.${TP_DNS_DOMAIN}'
+            - host: 'mcp-infra-tp-automation.${TP_DNS_DOMAIN}'
               http:
                 paths:
                   - path: /
 
@@ -1,3 +1,13 @@
+## [06/16/2025 23:41]
+### Fixed
+- Fix the issue that the Set Endpoint visibility dialog cannot be found when setting Endpoint visibility for bwce
+- Fix the issue that clicking the provision button does not respond when provisioning flogo/bwce
+
+## [06/13/2025 16:39]
+### Fixed
+- Fix the issue that the endpoint visibility cannot be set correctly when setting the endpoint visibility of the bw app
+- Fix the issue that the dom xpath is incorrect when judging whether the swagger UI title is displayed
+
 ## [06/12/2025 11:57]
 ### Added
 - Add tooltips for CP URL and CLI Token input field in One-Click Setup CP UI
 
@@ -0,0 +1,108 @@
+# K8s MCP Server Authentication Setup
+
+K8s MCP Server now supports Bearer Token authentication, similar to the TIBCO Platform MCP Server.
+
+## Configuration
+
+### Environment Variables
+
+Add the following environment variable to enable authentication:
+
+```bash
+export K8S_MCP_HTTP_BEARER_TOKEN="your-k8s-secret-token"
+```
+
+### Complete Configuration Example
+
+```bash
+# Server settings
+export K8S_MCP_TRANSPORT="streamable-http"
+export K8S_MCP_HOST="0.0.0.0"
+export K8S_MCP_PORT="8091"
+
+# Authentication
+export K8S_MCP_HTTP_BEARER_TOKEN="k8s-secret-token"
+
+# Debug settings
+export K8S_MCP_DEBUG="true"
+export K8S_MCP_LOG_REQUESTS="true"
+
+# Start server
+./run-mcp-k8s.sh
+```
+
+## MCP Inspector Configuration
+
+### For K8s MCP Server
+
+1. **Transport Type**: Streamable HTTP
+2. **URL**: `http://localhost:8091/mcp/`
+3. **Authentication**: 
+   - Header Name: `Authorization`
+   - Bearer Token: `k8s-secret-token` (or whatever you set in K8S_MCP_HTTP_BEARER_TOKEN)
+
+### Server Comparison
+
+| Feature        | TIBCO Platform MCP         | K8s MCP Server              |
+|----------------|----------------------------|-----------------------------|
+| Default Port   | 8090                       | 8091                        |
+| Token Variable | `TP_MCP_HTTP_BEARER_TOKEN` | `K8S_MCP_HTTP_BEARER_TOKEN` |
+| URL Path       | `/mcp/`                    | `/mcp/`                     |
+| Transport      | streamable-http            | streamable-http             |
+
+## Authentication Behavior
+
+- **Without token**: Server runs without authentication (all requests allowed)
+- **With token**: Authentication is enforced for `/mcp` endpoints
+- **Health endpoint**: Always accessible without authentication (`/health`)
+- **Invalid token**: Returns HTTP 403 Forbidden
+- **Missing header**: Returns HTTP 401 Unauthorized
+
+## Testing Authentication
+
+Use the provided test script:
+
+```bash
+# Set the token you want to test with
+export K8S_MCP_HTTP_BEARER_TOKEN="k8s-test-token"
+
+# Run the test
+./debug_k8s_auth.sh
+```
+
+## Security Notes
+
+1. **Token Storage**: Store tokens securely (environment variables, secrets management)
+2. **HTTPS**: Use HTTPS in production environments
+3. **Token Rotation**: Regularly rotate bearer tokens
+4. **Logging**: Be careful not to log bearer tokens in debug output
+
+## Troubleshooting
+
+### Common Issues
+
+1. **Connection Refused**: Check if server is running on correct port (8091)
+2. **403 Forbidden**: Verify bearer token matches exactly
+3. **401 Unauthorized**: Check Authorization header format (`Bearer token`)
+4. **Wrong Port**: K8s MCP uses 8091, TP MCP uses 8090
+
+### Debug Commands
+
+```bash
+# Check if server is running
+curl -v http://localhost:8091/health
+
+# Test without authentication (should work if no token set)
+curl -v http://localhost:8091/mcp/
+
+# Test with authentication
+curl -v -H "Authorization: Bearer your-token" http://localhost:8091/mcp/
+```
+
+## Implementation Details
+
+The authentication is implemented using:
+- **Middleware**: `BearerTokenMiddleware` class
+- **Scope**: Applied only to `/mcp` paths
+- **Method**: Standard HTTP Bearer Token authentication
+- **Error Responses**: JSON formatted error messages
@@ -0,0 +1,65 @@
+# MCP Servers Environment Variable Configuration
+
+This document describes the environment variables available for configuring the two FastMCP-based servers.
+
+## k8s_mcp_server
+
+The Kubernetes MCP server supports the following environment variables:
+
+### Server Configuration
+- `K8S_MCP_HOST`: Host to bind the server to (default: "127.0.0.1")
+- `K8S_MCP_PORT`: Port to bind the server to (default: 8091)
+- `K8S_MCP_TRANSPORT`: Transport protocol ("stdio", "sse", or "streamable-http", default: "stdio")
+
+### Command Execution Settings
+- `K8S_MCP_TIMEOUT`: Custom timeout in seconds (default: 300)
+- `K8S_MCP_MAX_OUTPUT`: Maximum output size in characters (default: 100000)
+- `K8S_MCP_INIT_TIMEOUT`: Server initialization timeout (default: 30)
+- `K8S_MCP_STARTUP_DELAY`: Additional startup delay for streamable-http (default: 2.0)
+
+### Kubernetes Settings
+- `K8S_CONTEXT`: Kubernetes context to use (default: current context)
+- `K8S_NAMESPACE`: Kubernetes namespace to use (default: "default")
+
+### Security Settings
+- `K8S_MCP_SECURITY_MODE`: Security mode for command validation ("strict" or "permissive", default: "strict")
+- `K8S_MCP_SECURITY_CONFIG`: Path to YAML config file for security rules (default: None)
+
+## tp_mcp_server
+
+The TIBCO Platform MCP server supports the following environment variables:
+
+### Server Configuration
+- `K8S_MCP_SERVER_HOST`: Host to bind the server to (default: "127.0.0.1")
+- `K8S_MCP_SERVER_PORT`: Port to bind the server to (default: 8090)
+- `K8S_MCP_TRANSPORT`: Transport protocol (default: "streamable-http")
+- `K8S_MCP_HTTP_BEARER_TOKEN`: Optional bearer token for HTTP authentication
+
+## Container Deployment
+
+To deploy both servers in containers and bind them to all interfaces (0.0.0.0):
+
+### k8s_mcp_server
+```bash
+docker run -e K8S_MCP_HOST=0.0.0.0 -e K8S_MCP_PORT=8091 -p 8091:8091 k8s-mcp-server
+```
+
+### tp_mcp_server
+```bash
+docker run -e K8S_MCP_SERVER_HOST=0.0.0.0 -e K8S_MCP_SERVER_PORT=8090 -p 8090:8090 tp-mcp-server
+```
+
+## FastMCP Compatibility
+
+Both servers now include:
+- Minimal async lifespan functions for streamable-http mode compatibility
+- Pre-initialization to avoid async race conditions
+- Robust error handling with chunked reading for HTTP requests
+- Configurable host/port binding via environment variables
+
+## Error Handling Improvements
+
+The tp_mcp_server includes enhanced error handling in automation_executor.py:
+- Chunked reading for large HTTP responses
+- Retry logic for urllib requests
+- Graceful handling of IncompleteRead errors with partial output recovery