# Mawakala wa Azure AI na Usaidizi wa Model Context Protocol (MCP) - Python

Daftari hili linaonyesha jinsi ya kutumia Mawakala wa Azure AI na zana za Model Context Protocol (MCP) katika Python. Linaonyesha jinsi ya kuunda wakala mwenye akili anayeweza kutumia seva za nje za MCP (kama Microsoft Learn) kwa uwezo ulioboreshwa kwa kutumia uthibitishaji usiohitaji funguo.


## Sakinisha Vifurushi vya Python Vinavyohitajika

Kwanza, tunahitaji kusakinisha vifurushi muhimu vya Python:  
- **azure-ai-projects**: SDK ya Msingi ya Miradi ya Azure AI  
- **azure-ai-agents**: SDK ya Azure AI Agents kwa kuunda na kusimamia mawakala  
- **azure-identity**: Inatoa uthibitishaji bila funguo kwa kutumia DefaultAzureCredential  
- **mcp**: Utekelezaji wa Model Context Protocol kwa Python  


## Faida za Uthibitishaji Bila Funguo

Notebook hii inaonyesha **uthibitishaji bila funguo** ambao unatoa faida kadhaa:
- ✅ **Hakuna funguo za API za kusimamia** - Inatumia uthibitishaji unaotegemea utambulisho wa Azure
- ✅ **Usalama ulioboreshwa** - Hakuna siri zinazohifadhiwa kwenye msimbo au faili za usanidi
- ✅ **Mzunguko wa kiotomatiki wa hati za uthibitisho** - Azure inasimamia mzunguko wa maisha wa hati za uthibitisho
- ✅ **Udhibiti wa ufikiaji unaotegemea majukumu** - Inatumia Azure RBAC kwa ruhusa za kina
- ✅ **Msaada wa mazingira mengi** - Inafanya kazi bila matatizo katika maendeleo na uzalishaji

`DefaultAzureCredential` huchagua chanzo bora cha hati za uthibitisho kiotomatiki:
1. **Managed Identity** (wakati wa kuendesha ndani ya Azure)
2. Hati za **Azure CLI** (wakati wa maendeleo ya ndani)
3. Hati za **Visual Studio**
4. **Mabadiliko ya mazingira** (ikiwa yamewekwa)
5. Uthibitishaji wa **kivinjari cha maingiliano** (kama suluhisho la mwisho)


## Usanidi wa Uthibitishaji Bila Funguo

**Mahitaji ya awali kwa uthibitishaji bila funguo:**

### Kwa Maendeleo ya Kawaida:
```bash
# Install Azure CLI and login
az login
# Verify your identity
az account show
```

### Kwa Mazingira ya Azure:
- Washa **Utambulisho Uliopewa na Mfumo** kwenye rasilimali yako ya Azure
- Peana majukumu sahihi ya **RBAC** kwa utambulisho uliopewa:
  - `Cognitive Services OpenAI User` kwa ufikiaji wa Azure OpenAI
  - `AI Developer` kwa ufikiaji wa Miradi ya Azure AI

### Vigezo vya Mazingira (Hiari):
```python
# These are automatically detected by DefaultAzureCredential
# AZURE_CLIENT_ID=<your-client-id>
# AZURE_CLIENT_SECRET=<your-client-secret>
# AZURE_TENANT_ID=<your-tenant-id>
```

**Hakuna funguo za API au nyuzi za muunganisho zinazohitajika!** 🔐


In [None]:
! pip install azure-ai-projects -U
! pip install azure-ai-agents==1.1.0b4 -U
! pip install azure-identity -U
! pip install mcp==1.11.0 -U

## Ingiza Maktaba Zinazohitajika

Ingiza moduli muhimu za Python:
- **os, time**: Maktaba za kawaida za Python kwa ajili ya vigezo vya mazingira na ucheleweshaji
- **AIProjectClient**: Mteja mkuu kwa miradi ya Azure AI
- **DefaultAzureCredential**: Uthibitishaji bila funguo kwa huduma za Azure
- **MCP-related classes**: Kwa ajili ya kuunda na kusimamia zana za MCP na kushughulikia idhini


In [None]:
import os, time
from azure.ai.projects import AIProjectClient
from azure.identity import DefaultAzureCredential
from azure.ai.agents.models import McpTool, RequiredMcpToolCall, SubmitToolApprovalAction, ToolApproval


## Sanidi Mpangilio wa Seva ya MCP

Sanidi usanidi wa seva ya MCP kwa kutumia vigezo vya mazingira na thamani za msingi za akiba:  
- **MCP_SERVER_URL**: URL ya seva ya MCP (chaguo-msingi ni Microsoft Learn API)  
- **MCP_SERVER_LABEL**: Lebo ya kutambulisha seva ya MCP (chaguo-msingi ni "mslearn")  

Mbinu hii inaruhusu usanidi rahisi katika mazingira tofauti.


In [None]:
mcp_server_url = os.environ.get("MCP_SERVER_URL", "https://learn.microsoft.com/api/mcp")
mcp_server_label = os.environ.get("MCP_SERVER_LABEL", "mslearn")

## Unda Mteja wa Mradi wa Azure AI (Uthibitishaji Bila Funguo)

Anzisha mteja wa Mradi wa Azure AI ukitumia **uthibitishaji bila funguo**:
- **endpoint**: URL ya endpoint ya mradi wa Azure AI Foundry
- **credential**: Inatumia `DefaultAzureCredential()` kwa uthibitishaji salama bila funguo
- **Hakuna funguo za API zinazohitajika**: Inagundua na kutumia kitambulisho bora kinachopatikana moja kwa moja

**Mtiririko wa Uthibitishaji:**
1. Hukagua Managed Identity (katika mazingira ya Azure)
2. Inarudi kwa kitambulisho cha Azure CLI (kwa maendeleo ya ndani)
3. Inatumia vyanzo vingine vya kitambulisho vinavyopatikana inapohitajika

Njia hii huondoa hitaji la kusimamia funguo za API au nyuzi za muunganisho katika msimbo wako.


In [None]:
project_client = AIProjectClient(
    endpoint="Your Azure AI Foundry Endpoint",
    credential=DefaultAzureCredential(),
)

## Unda Ufafanuzi wa Zana ya MCP

Unda zana ya MCP inayounganisha na seva ya Microsoft Learn MCP:
- **server_label**: Kitambulisho cha seva ya MCP
- **server_url**: Kiungo cha mwisho cha URL cha seva ya MCP
- **allowed_tools**: Orodha ya hiari ya kuzuia zana ambazo zinaweza kutumika (orodha tupu inaruhusu zana zote)

Zana hii itamwezesha wakala kufikia nyaraka na rasilimali za Microsoft Learn.


In [None]:
mcp_tool = McpTool(
    server_label=mcp_server_label,
    server_url=mcp_server_url,
    allowed_tools=[],  # Optional: specify allowed tools
)


## Unda Wakala na Kutekeleza Mazungumzo (Mfumo Usiohitaji Funguo)

Sehemu hii ya kina inaonyesha mchakato kamili wa **mfumo wa wakala usiohitaji funguo**:

1. **Unda Wakala wa AI**: Sanidi wakala kwa kutumia mfano wa GPT-4.1 nano na zana za MCP  
2. **Unda Thread**: Anzisha mfululizo wa mazungumzo kwa mawasiliano  
3. **Tuma Ujumbe**: Uliza wakala kuhusu tofauti kati ya Azure OpenAI na OpenAI  
4. **Shughulikia Idhini za Zana**: Idhinisha moja kwa moja miito ya zana za MCP inapohitajika  
5. **Fuatilia Utekelezaji**: Fuata maendeleo ya wakala na shughulikia hatua zozote zinazohitajika  
6. **Onyesha Matokeo**: Onyesha mazungumzo na maelezo ya matumizi ya zana  

**Vipengele vya Mfumo Usiohitaji Funguo:**  
- ✅ **Hakuna siri zilizowekwa moja kwa moja** - Uthibitishaji wote unashughulikiwa na utambulisho wa Azure  
- ✅ **Salama kwa chaguo-msingi** - Hutumia udhibiti wa ufikiaji unaotegemea majukumu  
- ✅ **Utekelezaji rahisi** - Hakuna usimamizi wa hati za siri unaohitajika  
- ✅ **Rafiki wa ukaguzi** - Ufikiaji wote unafuatiliwa kupitia utambulisho wa Azure  

Wakala atatumia zana za MCP kufikia rasilimali za Microsoft Learn kwa usalama kamili bila usimamizi wa funguo za API.


In [None]:
with project_client:
    agents_client = project_client.agents

    # Create a new agent with keyless authentication
    # NOTE: To reuse existing agent, fetch it with get_agent(agent_id)
    agent = agents_client.create_agent(
        model="Your Azure OpenAI Model Deployment Name",
        name="my-mcp-agent",
        instructions="You are a helpful agent that can use MCP tools to assist users. Use the available MCP tools to answer questions and perform tasks.",
        tools=mcp_tool.definitions,
    )
    print(f"Created agent, ID: {agent.id}")
    print(f"MCP Server: {mcp_tool.server_label} at {mcp_tool.server_url}")

    # Create thread for communication
    thread = agents_client.threads.create()
    print(f"Created thread, ID: {thread.id}")

    # Create message to thread
    message = agents_client.messages.create(
        thread_id=thread.id,
        role="user",
        content="What's difference between Azure OpenAI and OpenAI?",
    )
    print(f"Created message, ID: {message.id}")

    # KEYLESS APPROACH: Handle tool approvals without hardcoded secrets
    
    # Option 1: Completely keyless (recommended for Azure identity-enabled MCP servers)
    # run = agents_client.runs.create(thread_id=thread.id, agent_id=agent.id, tool_resources=mcp_tool.resources)
    
    # Option 2: With minimal headers (if MCP server requires specific headers)
    # For demonstration purposes, using a placeholder header
    mcp_tool.update_headers("SuperSecret", "123456")  # Replace with actual auth if needed
    
    # Set approval mode - uncomment next line to disable approval requirement completely
    # mcp_tool.set_approval_mode("never")  # Fully automated, no approval needed
    
    run = agents_client.runs.create(thread_id=thread.id, agent_id=agent.id, tool_resources=mcp_tool.resources)
    print(f"Created run, ID: {run.id}")

    while run.status in ["queued", "in_progress", "requires_action"]:
        time.sleep(1)
        run = agents_client.runs.get(thread_id=thread.id, run_id=run.id)

        if run.status == "requires_action" and isinstance(run.required_action, SubmitToolApprovalAction):
            tool_calls = run.required_action.submit_tool_approval.tool_calls
            if not tool_calls:
                print("No tool calls provided - cancelling run")
                agents_client.runs.cancel(thread_id=thread.id, run_id=run.id)
                break

            tool_approvals = []
            for tool_call in tool_calls:
                if isinstance(tool_call, RequiredMcpToolCall):
                    try:
                        print(f"Approving tool call: {tool_call}")
                        
                        # KEYLESS APPROVAL OPTIONS:
                        
                        # Option 1: No headers (fully keyless)
                        # tool_approvals.append(
                        #     ToolApproval(
                        #         tool_call_id=tool_call.id,
                        #         approve=True,
                        #         headers={}  # No headers needed for keyless
                        #     )
                        # )
                        
                        # Option 2: With headers (if MCP server requires them)
                        tool_approvals.append(
                            ToolApproval(
                                tool_call_id=tool_call.id,
                                approve=True,
                                headers=mcp_tool.headers,  # Uses configured headers if needed
                            )
                        )
                    except Exception as e:
                        print(f"Error approving tool_call {tool_call.id}: {e}")

            print(f"tool_approvals: {tool_approvals}")
            if tool_approvals:
                agents_client.runs.submit_tool_outputs(
                    thread_id=thread.id, run_id=run.id, tool_approvals=tool_approvals
                )

        print(f"Current run status: {run.status}")

    print(f"Run completed with status: {run.status}")
    if run.status == "failed":
        print(f"Run failed: {run.last_error}")

    # Display run steps and tool calls
    run_steps = agents_client.run_steps.list(thread_id=thread.id, run_id=run.id)

    # Loop through each step
    for step in run_steps:
        print(f"Step {step['id']} status: {step['status']}")

        # Check if there are tool calls in the step details
        step_details = step.get("step_details", {})
        tool_calls = step_details.get("tool_calls", [])

        if tool_calls:
            print("  MCP Tool calls:")
            for call in tool_calls:
                print(f"    Tool Call ID: {call.get('id')}")
                print(f"    Type: {call.get('type')}")

        print()  # add an extra newline between steps

    # Fetch and log all messages
    messages = agents_client.messages.list(thread_id=thread.id)
    print("\nConversation:")
    print("-" * 50)
    for msg in messages:
        if msg.text_messages:
            last_text = msg.text_messages[-1]
            print(f"{msg.role.upper()}: {last_text.text.value}")
            print("-" * 50)

    # Example of dynamic tool management (keyless)
    print(f"\nDemonstrating keyless dynamic tool management:")
    print(f"Current allowed tools: {mcp_tool.allowed_tools}")
    print("✅ All operations completed using keyless authentication!")


---

**Kanusho**:  
Hati hii imetafsiriwa kwa kutumia huduma ya tafsiri ya AI [Co-op Translator](https://github.com/Azure/co-op-translator). Ingawa tunajitahidi kuhakikisha usahihi, tafsiri za kiotomatiki zinaweza kuwa na makosa au kutokuwa sahihi. Hati ya asili katika lugha yake ya awali inapaswa kuchukuliwa kama chanzo cha mamlaka. Kwa taarifa muhimu, tafsiri ya kitaalamu ya binadamu inapendekezwa. Hatutawajibika kwa kutoelewana au tafsiri zisizo sahihi zinazotokana na matumizi ya tafsiri hii.
