verifywise-ai
diff --git a/‎.claude/commands/beautify-charts.md‎
Lines changed: 62 additions & 0 deletions b/‎.claude/commands/beautify-charts.md‎
Lines changed: 62 additions & 0 deletions
diff --git a/‎.claude/settings.local.json‎
Lines changed: 3 additions & 1 deletion b/‎.claude/settings.local.json‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎.gitignore‎
Lines changed: 5 additions & 0 deletions b/‎.gitignore‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎AIGateway/requirements.txt‎
Lines changed: 4 additions & 1 deletion b/‎AIGateway/requirements.txt‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎AIGateway/src/app.py‎
Lines changed: 19 additions & 0 deletions b/‎AIGateway/src/app.py‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎AIGateway/src/config.py‎
Lines changed: 8 additions & 0 deletions b/‎AIGateway/src/config.py‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎AIGateway/src/crud/mcp_agent_keys.py‎
Lines changed: 245 additions & 0 deletions b/‎AIGateway/src/crud/mcp_agent_keys.py‎
Lines changed: 245 additions & 0 deletions
@@ -0,0 +1,62 @@
+Review and beautify all Recharts charts in the specified file (or all files using Recharts if no argument given).
+
+## Strategy: Replace raw Recharts with VWCharts components
+
+The project has reusable chart components at `Clients/src/presentation/components/Charts/VWCharts.tsx`. These replace raw Recharts boilerplate with consistent styling.
+
+### Available components
+
+| Component | Replaces | Key props |
+|-----------|----------|-----------|
+| `VWBarChart` | `<BarChart>` + axes + grid + tooltip | `data, series, categoryKey, layout` |
+| `VWAreaChart` | `<AreaChart>` + gradient defs + axes | `data, series, categoryKey` |
+| `VWDonutChart` | `<PieChart>` + `<Pie>` + center label | `data, dataKey, colors, centerValue` |
+| `VWLineChart` | `<LineChart>` + axes + grid | `data, series, categoryKey` |
+| `vwTooltipStyle` | Inline tooltip `contentStyle` objects | Use as `contentStyle={vwTooltipStyle}` |
+| `VWGradient` | Raw `<linearGradient>` in `<defs>` | `id, color, opacity` |
+
+### Additional utilities at `Charts/chartEnhancements.tsx` (on feat/ai-gateway)
+
+| Utility | Use when |
+|---------|----------|
+| `ChartCard` | Chart needs its own card container |
+| `AnimatedNumber` | Stat value should count up on load |
+| `GradientProgressBar` | Progress/percentage bar needed |
+| `Sparkline` | Stat card has trend data array |
+| `PROVIDER_COLORS` / `getProviderColor()` | Chart shows LLM provider data |
+
+## What to do
+
+For each file with Recharts usage:
+
+1. **Replace raw chart code with VWCharts components**
+   - `<ResponsiveContainer><BarChart>...</BarChart></ResponsiveContainer>` → `<VWBarChart data={...} series={[...]} categoryKey="..." />`
+   - `<ResponsiveContainer><AreaChart>...</AreaChart></ResponsiveContainer>` → `<VWAreaChart data={...} series={[...]} categoryKey="..." />`
+   - `<ResponsiveContainer><PieChart>...</PieChart></ResponsiveContainer>` → `<VWDonutChart data={...} dataKey="..." colors={[...]} />`
+   - `<ResponsiveContainer><LineChart>...</LineChart></ResponsiveContainer>` → `<VWLineChart data={...} series={[...]} categoryKey="..." />`
+
+2. **Replace inline tooltip styles** with `vwTooltipStyle`
+
+3. **Remove redundant imports** — after migration, remove individual Recharts imports (XAxis, YAxis, CartesianGrid, etc.) that are now handled internally
+
+4. **Apply enhancements where appropriate**
+   - Add `gradientOpacity` to area charts for subtle fills
+   - Add `centerValue` / `centerLabel` to donut charts
+   - Use `AnimatedNumber` for stat card values
+   - Use `getProviderColor()` for provider-specific colors
+
+## Rules
+
+- Import from relative path to `components/Charts/VWCharts` (adjust `../` depth)
+- Do NOT change chart data, queries, or business logic — only presentation
+- Do NOT force-fit components where custom behavior is needed (e.g., PerformanceChart with dynamic legend + custom tooltip — may only benefit from `vwTooltipStyle`)
+- Keep existing chart dimensions and layout
+- Use `palette` tokens from `themes/palette` for any new colors — never hardcode hex
+- Preserve all existing interactivity (click handlers, tooltips, legends)
+- Run TypeScript check after changes: `cd Clients && npx tsc --noEmit`
+
+## Target file
+
+$ARGUMENTS
+
+If no file specified, search for all files importing from "recharts" under `Clients/src/` and beautify each one.
@@ -11,7 +11,9 @@
       "Bash(find /Users/harsh/Data/vw/verifywise/Clients -type f \\\\\\(-name *.yaml -o -name *.yml -o -name docker-compose* \\\\\\))",
       "Bash(find /Users/harsh/Data/vw/verifywise -type f \\\\\\(-name *.yaml -o -name *.yml -o -name docker-compose* \\\\\\) -not -path */node_modules/*)",
       "Bash(grep -r \"superadmin\\\\|super.admin\\\\|SuperAdmin\" /Users/harsh/Data/vw/verifywise/Servers/src --include=*.ts -i)",
-      "Bash(grep:*)"
+      "Bash(grep:*)",
+      "Bash(git log:*)",
+      "Bash(echo \"EXIT=$?\")"
     ]
   }
 }
@@ -41,3 +41,8 @@ EvaluationModule/data/uploads/*
 nul
 agent-plan.md
 pdf-templates/
+
+# WebReel generated videos and screenshots
+videos/
+screenshots/
+.webreel/
@@ -14,7 +14,7 @@ asyncpg>=0.30.0
 
 # LiteLLM SDK (MIT licensed)
 # Pinned to a specific version — updated per VerifyWise release
-litellm==1.82.2
+litellm==1.83.0
 
 # Database migrations (Alembic)
 sqlalchemy[asyncio]>=2.0.0
@@ -26,3 +26,6 @@ presidio-analyzer>=2.2.0
 presidio-anonymizer>=2.2.0
 # spaCy model: python -m spacy download en_core_web_md
 spacy>=3.7.0
+
+# MCP Gateway — Model Context Protocol SDK
+mcp>=1.0.0
@@ -21,6 +21,13 @@
 from routers.prompts import router as prompts_router
 from routers.risk import router as risk_router
 from routers.cache import router as cache_router
+from routers.mcp_agent_keys import router as mcp_agent_keys_router
+from routers.mcp_servers import router as mcp_servers_router
+from routers.mcp_approvals import router as mcp_approvals_router
+from routers.mcp_audit import router as mcp_audit_router
+from routers.mcp_guardrails import router as mcp_guardrails_router
+from routers.mcp_tools import router as mcp_tools_router
+from routers.mcp_proxy import router as mcp_proxy_router
 from routers.tenant_chat import router as tenant_chat_router
 
 # Disable LiteLLM verbose logging to prevent key leakage
@@ -75,6 +82,14 @@
 app.include_router(risk_router, prefix="/internal", tags=["CRUD"])
 app.include_router(cache_router, prefix="/internal", tags=["CRUD"])
 
+# MCP Gateway CRUD routes (internal)
+app.include_router(mcp_agent_keys_router, prefix="/internal", tags=["MCP CRUD"])
+app.include_router(mcp_servers_router, prefix="/internal", tags=["MCP CRUD"])
+app.include_router(mcp_approvals_router, prefix="/internal", tags=["MCP CRUD"])
+app.include_router(mcp_audit_router, prefix="/internal", tags=["MCP CRUD"])
+app.include_router(mcp_guardrails_router, prefix="/internal", tags=["MCP CRUD"])
+app.include_router(mcp_tools_router, prefix="/internal", tags=["MCP CRUD"])
+
 # Tenant proxy routes (Express proxy → Gateway, JWT-authenticated via headers)
 # Chat, streaming, embeddings, providers, model catalog
 app.include_router(tenant_chat_router, prefix="/internal", tags=["Tenant Proxy"])
@@ -83,6 +98,10 @@
 # OpenAI-compatible: /v1/chat/completions, /v1/embeddings, /v1/models
 app.include_router(proxy_router, tags=["Proxy"])
 
+# MCP Gateway public routes (Agent SDK → Gateway, authenticated via agent key)
+# Streamable HTTP: POST /v1/mcp, GET /v1/mcp
+app.include_router(mcp_proxy_router, tags=["MCP Proxy"])
+
 
 @app.get("/health")
 async def health():
 
@@ -16,5 +16,13 @@ class Settings(BaseSettings):
     encryption_key: str = ""
     express_backend_url: str = "http://localhost:3000"
 
+    # MCP Gateway
+    mcp_tool_cache_ttl_seconds: int = 300
+    mcp_session_ttl_seconds: int = 3600
+    mcp_circuit_breaker_threshold: int = 5
+    mcp_circuit_breaker_timeout_seconds: int = 30
+    mcp_approval_expiry_seconds: int = 900
+    mcp_audit_retention_days: int = 30
+
 
 settings = Settings()
@@ -0,0 +1,245 @@
+import json
+import secrets
+import hashlib
+from typing import Any, Optional
+from sqlalchemy import text
+from database.db import get_db
+
+
+def generate_agent_key() -> dict:
+    plain_key = "sk-mcp-" + secrets.token_hex(16)
+    key_hash = hashlib.sha256(plain_key.encode()).hexdigest()
+    prefix = plain_key[:13] + "..."
+    return {
+        "plain_key": plain_key,
+        "key_hash": key_hash,
+        "prefix": prefix,
+    }
+
+
+async def get_all_agent_keys(org_id: int) -> list[dict]:
+    async with get_db() as db:
+        result = await db.execute(
+            text("""
+                SELECT
+                    ak.id,
+                    ak.key_prefix,
+                    ak.name,
+                    ak.description,
+                    ak.allowed_tools,
+                    ak.blocked_tools,
+                    ak.allowed_server_ids,
+                    ak.rate_limit_rpm,
+                    ak.metadata,
+                    ak.expires_at,
+                    ak.is_active,
+                    ak.revoked_at,
+                    ak.created_by,
+                    ak.created_at,
+                    ak.updated_at,
+                    u.name AS created_by_name
+                FROM ai_gateway_mcp_agent_keys ak
+                LEFT JOIN users u ON u.id = ak.created_by
+                WHERE ak.organization_id = :org_id
+                ORDER BY ak.created_at DESC
+            """),
+            {"org_id": org_id},
+        )
+        rows = result.mappings().all()
+        return [dict(row) for row in rows]
+    return []
+
+
+async def create_agent_key(org_id: int, data: dict) -> Optional[dict]:
+    key_data = generate_agent_key()
+
+    allowed_server_ids = data.get("allowed_server_ids") or []
+    metadata_value = data.get("metadata")
+    metadata_json = json.dumps(metadata_value) if metadata_value is not None else "{}"
+    expires_at = data.get("expires_at")
+    created_by = data.get("created_by")
+    rate_limit_rpm = data.get("rate_limit_rpm")
+    name = data.get("name")
+    description = data.get("description")
+    allowed_tools = data.get("allowed_tools") or []
+    blocked_tools = data.get("blocked_tools") or []
+
+    async with get_db() as db:
+        result = await db.execute(
+            text("""
+                INSERT INTO ai_gateway_mcp_agent_keys (
+                    organization_id,
+                    key_hash,
+                    key_prefix,
+                    name,
+                    description,
+                    allowed_tools,
+                    blocked_tools,
+                    allowed_server_ids,
+                    rate_limit_rpm,
+                    metadata,
+                    expires_at,
+                    created_by
+                ) VALUES (
+                    :org_id,
+                    :key_hash,
+                    :key_prefix,
+                    :name,
+                    :description,
+                    :allowed_tools,
+                    :blocked_tools,
+                    :allowed_server_ids,
+                    :rate_limit_rpm,
+                    CAST(:metadata AS jsonb),
+                    :expires_at,
+                    :created_by
+                )
+                RETURNING
+                    id,
+                    key_prefix,
+                    name,
+                    description,
+                    allowed_tools,
+                    blocked_tools,
+                    allowed_server_ids,
+                    rate_limit_rpm,
+                    metadata,
+                    expires_at,
+                    is_active,
+                    revoked_at,
+                    created_by,
+                    created_at,
+                    updated_at
+            """),
+            {
+                "org_id": org_id,
+                "key_hash": key_data["key_hash"],
+                "key_prefix": key_data["prefix"],
+                "name": name,
+                "description": description,
+                "allowed_tools": allowed_tools,
+                "blocked_tools": blocked_tools,
+                "allowed_server_ids": allowed_server_ids,
+                "rate_limit_rpm": rate_limit_rpm,
+                "metadata": metadata_json,
+                "expires_at": expires_at,
+                "created_by": created_by,
+            },
+        )
+        await db.commit()
+        row = result.mappings().first()
+        if row is None:
+            return None
+        record = dict(row)
+        record["plain_key"] = key_data["plain_key"]
+        return record
+    return None
+
+
+async def update_agent_key(org_id: int, key_id: int, data: dict) -> Optional[dict]:
+    set_clauses = []
+    params: dict[str, Any] = {"org_id": org_id, "key_id": key_id}
+
+    if "name" in data:
+        set_clauses.append("name = :name")
+        params["name"] = data["name"]
+
+    if "description" in data:
+        set_clauses.append("description = :description")
+        params["description"] = data["description"]
+
+    for field in ("allowed_tools", "blocked_tools"):
+        if field in data:
+            set_clauses.append(f"{field} = :{field}")
+            params[field] = data[field] if data[field] else []
+
+    if "allowed_server_ids" in data:
+        set_clauses.append("allowed_server_ids = :allowed_server_ids")
+        params["allowed_server_ids"] = data["allowed_server_ids"] or []
+
+    if "rate_limit_rpm" in data:
+        set_clauses.append("rate_limit_rpm = :rate_limit_rpm")
+        params["rate_limit_rpm"] = data["rate_limit_rpm"]
+
+    if "metadata" in data:
+        set_clauses.append("metadata = CAST(:metadata AS jsonb)")
+        metadata_value = data["metadata"]
+        params["metadata"] = json.dumps(metadata_value) if metadata_value is not None else "{}"
+
+    if "expires_at" in data:
+        set_clauses.append("expires_at = :expires_at")
+        params["expires_at"] = data["expires_at"]
+
+    if not set_clauses:
+        return None
+
+    set_clauses.append("updated_at = NOW()")
+
+    sql = f"""
+        UPDATE ai_gateway_mcp_agent_keys
+        SET {", ".join(set_clauses)}
+        WHERE organization_id = :org_id
+          AND id = :key_id
+        RETURNING
+            id,
+            key_prefix,
+            name,
+            description,
+            allowed_tools,
+            blocked_tools,
+            allowed_server_ids,
+            rate_limit_rpm,
+            metadata,
+            expires_at,
+            is_active,
+            revoked_at,
+            created_by,
+            created_at,
+            updated_at
+    """
+
+    async with get_db() as db:
+        result = await db.execute(text(sql), params)
+        await db.commit()
+        row = result.mappings().first()
+        if row is None:
+            return None
+        return dict(row)
+    return None
+
+
+async def revoke_agent_key(org_id: int, key_id: int) -> bool:
+    async with get_db() as db:
+        result = await db.execute(
+            text("""
+                UPDATE ai_gateway_mcp_agent_keys
+                SET is_active = false, revoked_at = NOW(), updated_at = NOW()
+                WHERE organization_id = :org_id
+                  AND id = :key_id
+                  AND is_active = true
+                RETURNING id
+            """),
+            {"org_id": org_id, "key_id": key_id},
+        )
+        await db.commit()
+        row = result.first()
+        return row is not None
+    return False
+
+
+async def delete_agent_key(org_id: int, key_id: int) -> bool:
+    async with get_db() as db:
+        result = await db.execute(
+            text("""
+                DELETE FROM ai_gateway_mcp_agent_keys
+                WHERE organization_id = :org_id
+                  AND id = :key_id
+                  AND is_active = false
+                RETURNING id
+            """),
+            {"org_id": org_id, "key_id": key_id},
+        )
+        await db.commit()
+        row = result.first()
+        return row is not None
+    return False
Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,9 @@`
`11`	`11`	`"Bash(find /Users/harsh/Data/vw/verifywise/Clients -type f \\\\\\(-name .yaml -o -name .yml -o -name docker-compose* \\\\\\))",`
`12`	`12`	`"Bash(find /Users/harsh/Data/vw/verifywise -type f \\\\\\(-name .yaml -o -name .yml -o -name docker-compose* \\\\\\) -not -path /node_modules/)",`
`13`	`13`	`"Bash(grep -r \"superadmin\\\\\|super.admin\\\\\|SuperAdmin\" /Users/harsh/Data/vw/verifywise/Servers/src --include=*.ts -i)",`
`14`		`- "Bash(grep:*)"`
	`14`	`+ "Bash(grep:*)",`
	`15`	`+ "Bash(git log:*)",`
	`16`	`+ "Bash(echo \"EXIT=$?\")"`
`15`	`17`	`]`
`16`	`18`	`}`
`17`	`19`	`}`