quarkiverse
diff --git a/‎docs/modules/ROOT/pages/includes/quarkus-langchain4j-mcp.adoc‎
Lines changed: 63 additions & 0 deletions b/‎docs/modules/ROOT/pages/includes/quarkus-langchain4j-mcp.adoc‎
Lines changed: 63 additions & 0 deletions
diff --git a/‎docs/modules/ROOT/pages/includes/quarkus-langchain4j-mcp_quarkus.langchain4j.adoc‎
Lines changed: 63 additions & 0 deletions b/‎docs/modules/ROOT/pages/includes/quarkus-langchain4j-mcp_quarkus.langchain4j.adoc‎
Lines changed: 63 additions & 0 deletions
diff --git a/‎integration-tests/mcp/pom.xml‎
Lines changed: 6 additions & 0 deletions b/‎integration-tests/mcp/pom.xml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎integration-tests/mcp/src/test/java/io/quarkiverse/langchain4j/mcp/test/McpServerHelper.java‎
Lines changed: 18 additions & 5 deletions b/‎integration-tests/mcp/src/test/java/io/quarkiverse/langchain4j/mcp/test/McpServerHelper.java‎
Lines changed: 18 additions & 5 deletions
diff --git a/‎integration-tests/mcp/src/test/java/io/quarkiverse/langchain4j/mcp/test/tls/McpTlsHttpTransportTest.java‎
Lines changed: 70 additions & 0 deletions b/‎integration-tests/mcp/src/test/java/io/quarkiverse/langchain4j/mcp/test/tls/McpTlsHttpTransportTest.java‎
Lines changed: 70 additions & 0 deletions
diff --git a/‎integration-tests/mcp/src/test/java/io/quarkiverse/langchain4j/mcp/test/tls/McpTlsStreamableHttpTransportTest.java‎
Lines changed: 68 additions & 0 deletions b/‎integration-tests/mcp/src/test/java/io/quarkiverse/langchain4j/mcp/test/tls/McpTlsStreamableHttpTransportTest.java‎
Lines changed: 68 additions & 0 deletions
diff --git a/‎integration-tests/mcp/src/test/java/io/quarkiverse/langchain4j/mcp/test/tls/McpTlsTestBase.java‎
Lines changed: 41 additions & 0 deletions b/‎integration-tests/mcp/src/test/java/io/quarkiverse/langchain4j/mcp/test/tls/McpTlsTestBase.java‎
Lines changed: 41 additions & 0 deletions
@@ -72,6 +72,27 @@ endif::add-copy-button-to-env-var[]
 |boolean
 |`true`
 
+a| [[quarkus-langchain4j-mcp_quarkus-langchain4j-mcp-expose-resources-as-tools]] [.property-path]##link:#quarkus-langchain4j-mcp_quarkus-langchain4j-mcp-expose-resources-as-tools[`quarkus.langchain4j.mcp.expose-resources-as-tools`]##
+ifdef::add-copy-button-to-config-props[]
+config_property_copy_button:+++quarkus.langchain4j.mcp.expose-resources-as-tools+++[]
+endif::add-copy-button-to-config-props[]
+
+
+[.description]
+--
+Whether resources should be exposed as MCP tools.
+
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++QUARKUS_LANGCHAIN4J_MCP_EXPOSE_RESOURCES_AS_TOOLS+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++QUARKUS_LANGCHAIN4J_MCP_EXPOSE_RESOURCES_AS_TOOLS+++`
+endif::add-copy-button-to-env-var[]
+--
+|boolean
+|`false`
+
 h|[[quarkus-langchain4j-mcp_section_quarkus-langchain4j-mcp]] [.section-name.section-level0]##link:#quarkus-langchain4j-mcp_section_quarkus-langchain4j-mcp[Configured MCP clients]##
 h|Type
 h|Default
@@ -265,6 +286,48 @@ endif::add-copy-button-to-env-var[]
 |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-langchain4j-mcp_quarkus-langchain4j[icon:question-circle[title=More information about the Duration format]]
 |`10S`
 
+a| [[quarkus-langchain4j-mcp_quarkus-langchain4j-mcp-client-name-roots]] [.property-path]##link:#quarkus-langchain4j-mcp_quarkus-langchain4j-mcp-client-name-roots[`quarkus.langchain4j.mcp."client-name".roots`]##
+ifdef::add-copy-button-to-config-props[]
+config_property_copy_button:+++quarkus.langchain4j.mcp."client-name".roots+++[]
+endif::add-copy-button-to-config-props[]
+
+
+[.description]
+--
+The initial list of MCP roots that the client can present to the server. The list can be later updated programmatically during runtime. The list is formatted as key-value pairs separated by commas. For example: workspace1=/path/to/workspace1,workspace2=/path/to/workspace2
+
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++QUARKUS_LANGCHAIN4J_MCP__CLIENT_NAME__ROOTS+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++QUARKUS_LANGCHAIN4J_MCP__CLIENT_NAME__ROOTS+++`
+endif::add-copy-button-to-env-var[]
+--
+|list of string
+|
+
+a| [[quarkus-langchain4j-mcp_quarkus-langchain4j-mcp-client-name-tls-configuration-name]] [.property-path]##link:#quarkus-langchain4j-mcp_quarkus-langchain4j-mcp-client-name-tls-configuration-name[`quarkus.langchain4j.mcp."client-name".tls-configuration-name`]##
+ifdef::add-copy-button-to-config-props[]
+config_property_copy_button:+++quarkus.langchain4j.mcp."client-name".tls-configuration-name+++[]
+endif::add-copy-button-to-config-props[]
+
+
+[.description]
+--
+The name of the TLS configuration (bucket) used for client authentication in the TLS registry. This does not have any effect when the stdio transport is used.
+
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++QUARKUS_LANGCHAIN4J_MCP__CLIENT_NAME__TLS_CONFIGURATION_NAME+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++QUARKUS_LANGCHAIN4J_MCP__CLIENT_NAME__TLS_CONFIGURATION_NAME+++`
+endif::add-copy-button-to-env-var[]
+--
+|string
+|
+
 
 |===
 
 
@@ -72,6 +72,27 @@ endif::add-copy-button-to-env-var[]
 |boolean
 |`true`
 
+a| [[quarkus-langchain4j-mcp_quarkus-langchain4j-mcp-expose-resources-as-tools]] [.property-path]##link:#quarkus-langchain4j-mcp_quarkus-langchain4j-mcp-expose-resources-as-tools[`quarkus.langchain4j.mcp.expose-resources-as-tools`]##
+ifdef::add-copy-button-to-config-props[]
+config_property_copy_button:+++quarkus.langchain4j.mcp.expose-resources-as-tools+++[]
+endif::add-copy-button-to-config-props[]
+
+
+[.description]
+--
+Whether resources should be exposed as MCP tools.
+
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++QUARKUS_LANGCHAIN4J_MCP_EXPOSE_RESOURCES_AS_TOOLS+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++QUARKUS_LANGCHAIN4J_MCP_EXPOSE_RESOURCES_AS_TOOLS+++`
+endif::add-copy-button-to-env-var[]
+--
+|boolean
+|`false`
+
 h|[[quarkus-langchain4j-mcp_section_quarkus-langchain4j-mcp]] [.section-name.section-level0]##link:#quarkus-langchain4j-mcp_section_quarkus-langchain4j-mcp[Configured MCP clients]##
 h|Type
 h|Default
@@ -265,6 +286,48 @@ endif::add-copy-button-to-env-var[]
 |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-langchain4j-mcp_quarkus-langchain4j[icon:question-circle[title=More information about the Duration format]]
 |`10S`
 
+a| [[quarkus-langchain4j-mcp_quarkus-langchain4j-mcp-client-name-roots]] [.property-path]##link:#quarkus-langchain4j-mcp_quarkus-langchain4j-mcp-client-name-roots[`quarkus.langchain4j.mcp."client-name".roots`]##
+ifdef::add-copy-button-to-config-props[]
+config_property_copy_button:+++quarkus.langchain4j.mcp."client-name".roots+++[]
+endif::add-copy-button-to-config-props[]
+
+
+[.description]
+--
+The initial list of MCP roots that the client can present to the server. The list can be later updated programmatically during runtime. The list is formatted as key-value pairs separated by commas. For example: workspace1=/path/to/workspace1,workspace2=/path/to/workspace2
+
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++QUARKUS_LANGCHAIN4J_MCP__CLIENT_NAME__ROOTS+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++QUARKUS_LANGCHAIN4J_MCP__CLIENT_NAME__ROOTS+++`
+endif::add-copy-button-to-env-var[]
+--
+|list of string
+|
+
+a| [[quarkus-langchain4j-mcp_quarkus-langchain4j-mcp-client-name-tls-configuration-name]] [.property-path]##link:#quarkus-langchain4j-mcp_quarkus-langchain4j-mcp-client-name-tls-configuration-name[`quarkus.langchain4j.mcp."client-name".tls-configuration-name`]##
+ifdef::add-copy-button-to-config-props[]
+config_property_copy_button:+++quarkus.langchain4j.mcp."client-name".tls-configuration-name+++[]
+endif::add-copy-button-to-config-props[]
+
+
+[.description]
+--
+The name of the TLS configuration (bucket) used for client authentication in the TLS registry. This does not have any effect when the stdio transport is used.
+
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++QUARKUS_LANGCHAIN4J_MCP__CLIENT_NAME__TLS_CONFIGURATION_NAME+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++QUARKUS_LANGCHAIN4J_MCP__CLIENT_NAME__TLS_CONFIGURATION_NAME+++`
+endif::add-copy-button-to-env-var[]
+--
+|string
+|
+
 
 |===
 
 
@@ -50,6 +50,12 @@
             <version>${quarkus-langchain4j.version}</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>io.smallrye.certs</groupId>
+            <artifactId>smallrye-certificate-generator-junit5</artifactId>
+            <version>${smallrye-certificate-generator.version}</version>
+            <scope>test</scope>
+        </dependency>
 
         <!-- Make sure the deployment artifact is built before executing this module -->
         <dependency>
 
@@ -3,7 +3,9 @@
 import static org.junit.jupiter.api.Assumptions.assumeTrue;
 
 import java.io.File;
+import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.List;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.TimeoutException;
 
@@ -19,15 +21,26 @@ public class McpServerHelper {
 
     private static final Logger log = LoggerFactory.getLogger(McpServerHelper.class);
 
-    static Process startServerHttp(String scriptName) throws Exception {
+    public static Process startServerHttp(String scriptName) throws Exception {
         return startServerHttp(scriptName, 8082);
     }
 
-    static Process startServerHttp(String scriptName, int port) throws Exception {
+    public static Process startServerHttp(String scriptName, int port) throws Exception {
+        return startServerHttp(scriptName, port, port + 1000, new String[] {});
+    }
+
+    public static Process startServerHttp(String scriptName, int port, int sslPort, String[] extraArgs) throws Exception {
         skipTestsIfJbangNotAvailable();
         String path = getPathToScript(scriptName);
-        String[] command = new String[] { getJBangCommand(), "--quiet", "--fresh", "run", "-Dquarkus.http.port=" + port, path };
-        log.info("Starting the MCP server using command: " + Arrays.toString(command));
+        List<String> command = new ArrayList<>();
+        command.add(getJBangCommand());
+        command.add("--quiet");
+        command.add("--fresh");
+        command.addAll(Arrays.asList(extraArgs));
+        command.add("-Dquarkus.http.ssl-port=" + sslPort);
+        command.add("-Dquarkus.http.port=" + port);
+        command.add(path);
+        log.info("Starting the MCP server using command: " + command);
         Process process = new ProcessBuilder().command(command).inheritIO().start();
         waitForPort(port, 120);
         log.info("MCP server has started");
@@ -49,7 +62,7 @@ static String getJBangCommand() {
         return command;
     }
 
-    static void skipTestsIfJbangNotAvailable() {
+    public static void skipTestsIfJbangNotAvailable() {
         String command = getJBangCommand();
         try {
             new ProcessBuilder().command(command, "--version").start().waitFor();
 
@@ -0,0 +1,70 @@
+package io.quarkiverse.langchain4j.mcp.test.tls;
+
+import static io.quarkiverse.langchain4j.mcp.test.McpServerHelper.skipTestsIfJbangNotAvailable;
+import static io.quarkiverse.langchain4j.mcp.test.McpServerHelper.startServerHttp;
+
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.JavaArchive;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+import io.quarkiverse.langchain4j.mcp.test.McpServerHelper;
+import io.quarkus.test.QuarkusUnitTest;
+import io.smallrye.certs.Format;
+import io.smallrye.certs.junit5.Certificate;
+import io.smallrye.certs.junit5.Certificates;
+
+@Certificates(baseDir = "target/certs", certificates = {
+        @Certificate(name = "mcp", password = "password", formats = { Format.PKCS12 }, client = true),
+        @Certificate(name = "mcp-bad", password = "password", formats = { Format.PKCS12 }, client = true)
+})
+class McpTlsHttpTransportTest extends McpTlsTestBase {
+
+    private static Process process;
+
+    @RegisterExtension
+    static QuarkusUnitTest unitTest = new QuarkusUnitTest()
+            .setArchiveProducer(() -> ShrinkWrap.create(JavaArchive.class)
+                    .addClasses(McpServerHelper.class))
+            .overrideConfigKey("quarkus.tls.tls-client-correct.key-store.p12.path", "target/certs/mcp-client-keystore.p12")
+            .overrideConfigKey("quarkus.tls.tls-client-correct.key-store.p12.password", "password")
+            .overrideConfigKey("quarkus.tls.tls-client-correct.trust-store.p12.path", "target/certs/mcp-client-truststore.p12")
+            .overrideConfigKey("quarkus.tls.tls-client-correct.trust-store.p12.password", "password")
+            .overrideConfigKey("quarkus.langchain4j.mcp.client1.transport-type", "http")
+            .overrideConfigKey("quarkus.langchain4j.mcp.client1.url", "https://localhost:8083/mcp/sse")
+            .overrideConfigKey("quarkus.langchain4j.mcp.client1.log-requests", "true")
+            .overrideConfigKey("quarkus.langchain4j.mcp.client1.log-responses", "true")
+            .overrideConfigKey("quarkus.langchain4j.mcp.client1.tls-configuration-name", "tls-client-correct")
+            // 'tls-client-bad' and therefore MCP client 'client2' is using a truststore that does not trust the server
+            .overrideConfigKey("quarkus.tls.tls-client-bad.key-store.p12.path", "target/certs/mcp-client-keystore.p12")
+            .overrideConfigKey("quarkus.tls.tls-client-bad.key-store.p12.password", "password")
+            .overrideConfigKey("quarkus.tls.tls-client-bad.trust-store.p12.path", "target/certs/mcp-bad-client-truststore.p12")
+            .overrideConfigKey("quarkus.tls.tls-client-bad.trust-store.p12.password", "password")
+            .overrideConfigKey("quarkus.langchain4j.mcp.client2.transport-type", "http")
+            .overrideConfigKey("quarkus.langchain4j.mcp.client2.url", "https://localhost:8083/mcp/sse")
+            .overrideConfigKey("quarkus.langchain4j.mcp.client2.log-requests", "true")
+            .overrideConfigKey("quarkus.langchain4j.mcp.client2.log-responses", "true")
+            .overrideConfigKey("quarkus.langchain4j.mcp.client2.tool-execution-timeout", "3s")
+            .overrideConfigKey("quarkus.langchain4j.mcp.client2.tls-configuration-name", "tls-client-bad")
+
+            .overrideConfigKey("quarkus.log.category.\"io.quarkiverse\".level", "DEBUG");
+
+    @BeforeAll
+    static void setup() throws Exception {
+        skipTestsIfJbangNotAvailable();
+        String[] serverTlsConfiguration = new String[] {
+                "-Dquarkus.tls.key-store.p12.path=target/certs/mcp-keystore.p12",
+                "-Dquarkus.tls.key-store.p12.password=password",
+                "-Dquarkus.tls.trust-store.p12.path=target/certs/mcp-server-truststore.p12",
+                "-Dquarkus.tls.trust-store.p12.password=password" };
+        process = McpServerHelper.startServerHttp("tls_mcp_server.java", 8082, 8083, serverTlsConfiguration);
+    }
+
+    @AfterAll
+    static void teardown() {
+        if (process != null && process.isAlive()) {
+            process.destroyForcibly();
+        }
+    }
+}
@@ -0,0 +1,68 @@
+package io.quarkiverse.langchain4j.mcp.test.tls;
+
+import static io.quarkiverse.langchain4j.mcp.test.McpServerHelper.skipTestsIfJbangNotAvailable;
+
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.JavaArchive;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+import io.quarkiverse.langchain4j.mcp.test.McpServerHelper;
+import io.quarkus.test.QuarkusUnitTest;
+import io.smallrye.certs.Format;
+import io.smallrye.certs.junit5.Certificate;
+import io.smallrye.certs.junit5.Certificates;
+
+@Certificates(baseDir = "target/certs", certificates = {
+        @Certificate(name = "mcp", password = "password", formats = { Format.PKCS12 }, client = true),
+        @Certificate(name = "mcp-bad", password = "password", formats = { Format.PKCS12 }, client = true)
+})
+class McpTlsStreamableHttpTransportTest extends McpTlsTestBase {
+
+    private static Process process;
+
+    @RegisterExtension
+    static QuarkusUnitTest unitTest = new QuarkusUnitTest()
+            .setArchiveProducer(() -> ShrinkWrap.create(JavaArchive.class)
+                    .addClasses(McpServerHelper.class))
+            .overrideConfigKey("quarkus.tls.tls-client-correct.key-store.p12.path", "target/certs/mcp-client-keystore.p12")
+            .overrideConfigKey("quarkus.tls.tls-client-correct.key-store.p12.password", "password")
+            .overrideConfigKey("quarkus.tls.tls-client-correct.trust-store.p12.path", "target/certs/mcp-client-truststore.p12")
+            .overrideConfigKey("quarkus.tls.tls-client-correct.trust-store.p12.password", "password")
+            .overrideConfigKey("quarkus.langchain4j.mcp.client1.transport-type", "streamable-http")
+            .overrideConfigKey("quarkus.langchain4j.mcp.client1.url", "https://localhost:8083/mcp")
+            .overrideConfigKey("quarkus.langchain4j.mcp.client1.log-requests", "true")
+            .overrideConfigKey("quarkus.langchain4j.mcp.client1.log-responses", "true")
+            .overrideConfigKey("quarkus.langchain4j.mcp.client1.tls-configuration-name", "tls-client-correct")
+            // 'tls-client-bad' and therefore MCP client 'client2' is using a truststore that does not trust the server
+            .overrideConfigKey("quarkus.tls.tls-client-bad.key-store.p12.path", "target/certs/mcp-client-keystore.p12")
+            .overrideConfigKey("quarkus.tls.tls-client-bad.key-store.p12.password", "password")
+            .overrideConfigKey("quarkus.tls.tls-client-bad.trust-store.p12.path", "target/certs/mcp-bad-client-truststore.p12")
+            .overrideConfigKey("quarkus.tls.tls-client-bad.trust-store.p12.password", "password")
+            .overrideConfigKey("quarkus.langchain4j.mcp.client2.transport-type", "streamable-http")
+            .overrideConfigKey("quarkus.langchain4j.mcp.client2.url", "https://localhost:8083/mcp")
+            .overrideConfigKey("quarkus.langchain4j.mcp.client2.log-requests", "true")
+            .overrideConfigKey("quarkus.langchain4j.mcp.client2.log-responses", "true")
+            .overrideConfigKey("quarkus.langchain4j.mcp.client2.tls-configuration-name", "tls-client-bad")
+
+            .overrideConfigKey("quarkus.log.category.\"io.quarkiverse\".level", "DEBUG");
+
+    @BeforeAll
+    static void setup() throws Exception {
+        skipTestsIfJbangNotAvailable();
+        String[] serverTlsConfiguration = new String[] {
+                "-Dquarkus.tls.key-store.p12.path=target/certs/mcp-keystore.p12",
+                "-Dquarkus.tls.key-store.p12.password=password",
+                "-Dquarkus.tls.trust-store.p12.path=target/certs/mcp-server-truststore.p12",
+                "-Dquarkus.tls.trust-store.p12.password=password" };
+        process = McpServerHelper.startServerHttp("tls_mcp_server.java", 8082, 8083, serverTlsConfiguration);
+    }
+
+    @AfterAll
+    static void teardown() {
+        if (process != null && process.isAlive()) {
+            process.destroyForcibly();
+        }
+    }
+}
@@ -0,0 +1,41 @@
+package io.quarkiverse.langchain4j.mcp.test.tls;
+
+import jakarta.inject.Inject;
+
+import org.assertj.core.api.Assertions;
+import org.junit.jupiter.api.Test;
+
+import dev.langchain4j.agent.tool.ToolExecutionRequest;
+import dev.langchain4j.mcp.client.*;
+import io.quarkiverse.langchain4j.mcp.runtime.McpClientName;
+
+public abstract class McpTlsTestBase {
+
+    @Inject
+    @McpClientName("client1")
+    McpClient mcpClient;
+
+    @Inject
+    @McpClientName("client2")
+    McpClient clientWithBadTrustStore;
+
+    @Test
+    void testAuthenticationSuccessful() throws Exception {
+        ToolExecutionRequest toolExecutionRequest = ToolExecutionRequest.builder()
+                .name("echoString")
+                .arguments("{\"input\": \"abc\"}")
+                .build();
+        Assertions.assertThat(mcpClient.executeTool(toolExecutionRequest)).isEqualTo("abc");
+    }
+
+    @Test
+    void testClientWithBadTrustStore() throws Exception {
+        ToolExecutionRequest toolExecutionRequest = ToolExecutionRequest.builder()
+                .name("echoString")
+                .arguments("{\"input\": \"abc\"}")
+                .build();
+        Assertions.assertThatThrownBy(() -> clientWithBadTrustStore.executeTool(toolExecutionRequest))
+                .isNotNull();
+    }
+
+}