Files · Azure AI Agent Auth Gateway for Multi-Tenant SMB SaaS
24 (0 binary, 243.2 kB total)attempt 2
README.md·2016 B·markdown
markdown
# Azure AI Agent Auth Gateway for Multi-Tenant SMB SaaS
A drop-in authentication proxy that forces every AI agent tool call to carry a valid Azure AD token, so multi-tenant SMB apps stay secure by default.
## Architecture
```
Client → Fastify → Auth Middleware (Azure AD) → A2A-MCP Bridge → AI Agent
↓
PolicyStore (SQLite)
```
## Prerequisites
- Node.js >= 22
- pnpm 10.x
- Azure AD tenant
## Setup
```bash
pnpm install
cp .env.example .env
# Fill in your Azure AD credentials
```
## Commands
```bash
pnpm typecheck # TypeScript type checking
pnpm lint # ESLint
pnpm test # Run tests with coverage
pnpm build # Compile TypeScript
pnpm start # Start the server
```
## API Usage
### Agent Tool Call
```bash
curl -H "Authorization: Bearer <azure-ad-token>" http://localhost:3000/agent/tools/<tool-name>
```
### Admin Policy CRUD
```bash
# List policies
curl -H "Authorization: Bearer <admin-jwt>" http://localhost:3000/admin/api/policies
# Create policy
curl -X POST -H "Authorization: Bearer <admin-jwt>" \
-H "Content-Type: application/json" \
-d '{"tenantId":"<uuid>","toolId":"read","allowedRoles":["user"],"scopes":["user.read"]}' \
http://localhost:3000/admin/api/policies
# Update policy
curl -X PUT -H "Authorization: Bearer <admin-jwt>" \
-H "Content-Type: application/json" \
-d '{"allowedRoles":["admin"]}' \
http://localhost:3000/admin/api/policies/<id>
# Delete policy
curl -X DELETE -H "Authorization: Bearer <admin-jwt>" \
http://localhost:3000/admin/api/policies/<id>
```
## Environment Variables
| Variable | Description |
|---|---|
| `PORT` | Server port (default: 3000) |
| `ALLOWED_ORIGINS` | CORS origins (comma-separated) |
| `AZURE_AD_TENANT_ID` | Azure AD tenant ID |
| `AZURE_AD_CLIENT_ID` | Azure AD app client ID |
| `AZURE_AD_CLIENT_SECRET` | Azure AD app client secret |
| `DATABASE_PATH` | SQLite database path |
| `A2A_AGENT_URL` | A2A agent base URL |
## License
MIT