feat(gateway): add multi-ISV orchestration tutorial (Salesforce + SAP)#1487
Open
aumanjoa wants to merge 7 commits into
Open
feat(gateway): add multi-ISV orchestration tutorial (Salesforce + SAP)#1487aumanjoa wants to merge 7 commits into
aumanjoa wants to merge 7 commits into
Conversation
Add 3 Jupyter notebooks demonstrating how to connect Salesforce Lightning Platform and AWS for SAP MCP Server to a single AgentCore Gateway, enabling cross-system AI agent workflows through one unified MCP endpoint. Notebooks: - 01: Salesforce as integration target (CustomOauth2, 43 tools) - 02: SAP MCP Server as MCP target (9 tools, read-only default) - 03: Cross-ISV queries (Customer 360, pipeline reconciliation) Includes gateway_mcp_client.py utility, Mermaid architecture diagrams, and documented workarounds (Content-Type, domainName, org hibernation). Refs: awslabs#1456 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace non-existent strands-agents-tools-mcp package with strands-agents[mcp] extra. Replace ASCII/mermaid architecture diagrams with generated PNG image. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… correctness Major fixes validated by running all 3 notebooks end-to-end: - Salesforce target uses built-in Integration Provider Template (Console step) - SAP target uses authorizationServerMetadata for cross-region OAuth - Gateway creation consolidated into single cell with IAM confused-deputy protection - NB02/NB03 auto-detect gateway from API (only need Gateway ID) - Model ID derived dynamically from region (us/eu/ap prefix) - All tool responses parsed into readable formatted output - Cross-ISV agent (NB03 Use Case 4) uses custom @tool wrapper to bypass Strands MCPClient pagination limitation - Domain input strips accidental URL suffixes - Credential provider uses discoveryUrl for SF, authorizationServerMetadata for SAP - Python 3.14 incompatibility documented (requires 3.11-3.13) - Removed hardcoded S3 schema URI (was inaccessible cross-region) - Fixed sObjectType → sObject parameter name - Fixed scopes: [] required for both SF and SAP client_credentials - Removed all Content-Type system prompt instructions - Added requirements upper bounds Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The time.sleep(10) is an intentional polling interval while waiting for async gateway target provisioning to complete. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
Check out this pull request on See visual diffs & provide feedback on Jupyter Notebooks. Powered by ReviewNB |
github-actions
Bot
added
01-tutorials
aumanjoa
changed the title
- Remove weasel word 'some' (NB01 Cell 18) - Remove filler 'actually' (NB02 Cell 21) - Remove weasel 'often' (NB02 Cell 21) - Split 33-word sentence into two (NB03 Cell 1)
…mpatibility The CUSTOM_JWT authorizer in us-east-1 enforces scope validation on Cognito M2M tokens. Without allowedScopes, the gateway returns 403 "insufficient_scope". Adding the scope explicitly fixes cross-region compatibility. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Amazon Bedrock AgentCore Samples Pull Request
Important
We strictly follow a issue-first approach, please first open an issue relating to this Pull Request.
Once this Pull Request is ready for review please attach
review readylabel to it. Only PRs withreview readywill be reviewed.Issue number: #1456
Concise description of the PR
Adds a multi-ISV orchestration tutorial demonstrating how to connect Salesforce Lightning Platform and AWS for SAP MCP Server to a single Amazon Bedrock AgentCore Gateway, enabling cross-system AI agent workflows through one unified MCP endpoint.
What's included:
01-salesforce-gateway-target.ipynb— Add Salesforce via Integration Provider Template with CustomOauth202-sap-mcp-server-target.ipynb— Add AWS for SAP MCP Server as a Gateway MCP target03-cross-isv-queries.ipynb— Cross-system queries combining both ISVs (52 tools) through one gatewaygateway_mcp_client.py— Shared MCP client utility for JSON-RPC 2.0 communicationKey technical details:
CustomOauth2credential provider for both targets (Salesforce Connected App + SAP Cognito)2025-03-26bedrock-agentcore.amazonaws.comUser experience
Before: No tutorial exists for connecting multiple ISV platforms to a single AgentCore Gateway. Salesforce is listed as "Coming soon" in
03-authorization-code-flow/.After: Users can follow three sequential notebooks to set up a multi-ISV gateway with Salesforce + SAP, run cross-system queries, and understand the architecture patterns.
Checklist
mainbranchgetpass)This is sample code for demonstration purposes only. Not intended for production use without additional security review.