documentaion

Author: Ravi80335

Agent.md

@@ -0,0 +1,84 @@
+## Teams AI Agent: System Architecture
+
+This diagram illustrates the high-level components of the application and their relationships. It shows how our services, hosted on Azure, interact with each other and with external services to deliver the full functionality to a user within Microsoft Teams.
+
+### Architectural Summary
+
+1.  **Client-Side:** The user interacts with the React application, which is served as a Tab inside the Microsoft Teams client. The frontend's primary responsibilities are rendering the UI, managing client-side state, and initiating authenticated API calls.
+2.  **Authentication:** Azure Active Directory is the identity provider. The frontend uses the Teams JS SDK to get an SSO token, which is sent with every API request. The backend validates this token on every call to ensure the request is secure and authorized.
+3.  **Backend:** The Node.js application, hosted on Azure App Service, is the core of the system.
+    *   It securely loads all its secrets (API keys, connection strings) from **Azure Key Vault** using a passwordless **Managed Identity**.
+    *   It exposes a single primary API endpoint (`/v6/mcp/agent/chat`) that uses Server-Sent Events (SSE) for real-time communication.
+    *   It instantiates a **LangChain Agent** to handle the conversational logic.
+4.  **AI & Tools:** The LangChain Agent orchestrates calls to external services. It sends the user's prompt and conversation history to **AWS Bedrock** for processing and calls the **Topcoder MCP Gateway** when the AI model decides a tool is needed to answer a question.
+5.  **Data Persistence:** All conversation history is stored in MongoDB API, providing a scalable and durable memory for the agent.
+
+### Sequence Diagram: A Single Chat Message with a Tool Call
+
+This diagram illustrates the step-by-step flow of data and method calls for a "happy path" scenario where a user sends a message, the agent decides to use a tool, and then responds with a summary.
+
+```mermaid
+sequenceDiagram
+    participant User
+    participant Frontend as React Frontend
+    participant Backend as Node.js Backend
+    participant LangChain as LangChain Agent
+    participant CosmosDB as MongoDB
+    participant Bedrock as AWS Bedrock
+    participant MCP as Topcoder MCP
+
+    User->>Frontend: Types "Show me an active challenge" and clicks Send
+    Frontend->>Backend: POST /v6/mcp/agent/chat (with SSO Token)
+
+    rect rgb(230, 240, 255)
+        note over Backend: Middleware: `validateToken` runs
+        Backend->>AzureAD: Verify Token Signature (using cached public keys)
+        AzureAD-->>Backend: OK
+    end
+
+    Backend->>LangChain: Create Agent Instance
+    LangChain->>CosmosDB: getMessageHistory(sessionId)
+    CosmosDB-->>LangChain: Return previous messages
+
+    LangChain->>Bedrock: streamEvents(prompt, history, tools)
+    Bedrock-->>LangChain: Stream Chunks (Decides to use a tool)
+
+    loop Streaming Response to Client
+        LangChain-->>Backend: Yields 'thinking' chunks
+        Backend-->>Frontend: SSE: event: message, data: {type: "chunk", ...}
+    end
+
+    LangChain-->>Backend: Yields 'tool_start' event for `query-tc-challenges`
+    Backend-->>Frontend: SSE: event: message, data: {type: "tool_start", ...}
+
+    LangChain->>MCP: callTool('query-tc-challenges', {status: 'Active'})
+    MCP-->>LangChain: Return JSON result of challenges
+
+    LangChain-->>Backend: Yields 'tool_result' event with data
+    Backend-->>Frontend: SSE: event: message, data: {type: "tool_result", ...}
+
+    LangChain->>Bedrock: streamEvents(prompt, history, tool_result)
+    Bedrock-->>LangChain: Stream Final Summary Chunks
+
+    loop Streaming Final Response
+        LangChain-->>Backend: Yields final 'text' chunks
+        Backend-->>Frontend: SSE: event: message, data: {type: "chunk", ...}
+    end
+
+    rect rgb(255, 245, 230)
+        note over Backend, CosmosDB: Finalization
+        LangChain->>CosmosDB: addMessages(user_prompt, final_ai_response)
+        CosmosDB-->>LangChain: OK
+        Backend-->>Frontend: SSE: event: end
+    end
+```
+
+### Sequence Summary
+
+1.  **Request & Auth:** The user sends a prompt. The frontend sends it to the backend API along with the SSO token, which is validated.
+2.  **Memory Retrieval:** The LangChain agent is created and immediately fetches the conversation history from Cosmos DB to provide context for the LLM.
+3.  **First LLM Call:** The agent sends the full context to AWS Bedrock. Bedrock analyzes the request and decides that it needs to use the `query-tc-challenges` tool. It streams back its initial thoughts and this tool-use instruction.
+4.  **Tool Execution:** The backend streams the "thinking" and "tool_start" status to the frontend. It then makes a direct API call to the Topcoder MCP Gateway.
+5.  **Second LLM Call:** Once the tool result is received, the agent sends this new information back to AWS Bedrock, asking it to synthesize a final, human-readable answer.
+6.  **Final Response:** Bedrock streams the final summary. The backend relays these text chunks to the frontend, which displays them to the user.
+7.  **Finalization:** Once the stream is complete, the agent's memory manager saves the new user message and the final AI response back to Mongo DB for future conversations. The SSE connection is then closed.

README.md

@@ -1,56 +1,241 @@
-# Topcoder Model Context Protocol (MCP) Server
-
-## Authentication Based Access via Guards
-
-Tools/Resources/Prompts support authentication via TC JWT and/or M2M JWT. Providing JWT in the requests to the MCP server will result in specific listings and bahavior based on JWT access level/roles/permissions.
-
-#### Using `authGuard` - requires TC jwt presence for access
-
-```ts
-  @Tool({
-    name: 'query-tc-challenges-private',
-    description:
-      'Returns a list of Topcoder challenges based on the query parameters.',
-    parameters: QUERY_CHALLENGES_TOOL_PARAMETERS,
-    outputSchema: QUERY_CHALLENGES_TOOL_OUTPUT_SCHEMA,
-    annotations: {
-      title: 'Query Public Topcoder Challenges',
-      readOnlyHint: true,
-    },
-    canActivate: authGuard,
-  })
-```
-
-#### Using `checkHasUserRole(Role.Admin)` - TC Role based guard
-
-```ts
-  @Tool({
-    name: 'query-tc-challenges-protected',
-    description:
-      'Returns a list of Topcoder challenges based on the query parameters.',
-    parameters: QUERY_CHALLENGES_TOOL_PARAMETERS,
-    outputSchema: QUERY_CHALLENGES_TOOL_OUTPUT_SCHEMA,
-    annotations: {
-      title: 'Query Public Topcoder Challenges',
-      readOnlyHint: true,
-    },
-    canActivate: checkHasUserRole(Role.Admin),
-  })
-```
-
-#### Using `canActivate: checkM2MScope(M2mScope.QueryPublicChallenges)` - M2M based access via scopes
-
-```ts
-  @Tool({
-    name: 'query-tc-challenges-m2m',
-    description:
-      'Returns a list of Topcoder challenges based on the query parameters.',
-    parameters: QUERY_CHALLENGES_TOOL_PARAMETERS,
-    outputSchema: QUERY_CHALLENGES_TOOL_OUTPUT_SCHEMA,
-    annotations: {
-      title: 'Query Public Topcoder Challenges',
-      readOnlyHint: true,
-    },
-    canActivate: checkM2MScope(M2mScope.QueryPublicChallenges),
-  })
+# Microsoft Teams AI Agent
+
+A production-grade Microsoft Teams Tab app featuring a conversational AI agent powered by **LangChain.js** and **AWS Bedrock**.
+The agent integrates with mcp tools to answer real-time queries beyond its base model knowledge.
+
+---
+
+## ✨ Key Features
+
+* **Conversational AI:** Powered by LangChain.js + AWS Bedrock (Claude 3.5 Sonnet).
+* **External Tools:** Fetch live contextual data through external integrations.
+* **Real-time Chat Streaming:** Uses SSE for continuous agent thought updates.
+* **Conversation History:** Stored and grouped in MongoDB for persistence.
+* **Azure AD SSO:** Secure Teams authentication for verified access.
+* **Fluent UI + Teams SDK:** Seamless user experience inside Teams.
+* **Flexible Deployment:** Manual dev setup + production-ready Docker build.
+
+---
+
+## 🧩 Technology Stack
+
+| Frontend (Vite)             | Backend (Node.js + Express)               |
+| --------------------------- | ----------------------------------------- |
+| ✅ React + TypeScript (Vite) | ✅ LangChain.js + AWS Bedrock (Claude 3.5) |
+| ✅ Fluent UI + Teams SDK     | ✅ MongoDB (Mongoose ODM)                  |
+| ✅ Vite environment support  | ✅ MCP Gateway for tool access             |
+
+| AI & Security                     | Infrastructure                    |
+| --------------------------------- | --------------------------------- |
+| ✅ AWS Bedrock (Claude 3.5 Sonnet) | ✅ Docker-based production build   |
+| ✅ Azure Active Directory (SSO)    | ✅ Environment-based configuration |
+| ✅ JWT Validation + JWKS-RSA       | ✅ ngrok for local Teams testing   |
+
+---
+
+## 🧠 Local Development Setup (Manual)
+
+You can run the frontend and backend separately for local testing.
+This is the preferred approach during active development.
+
+## Prerequisites
+
+* **Node.js:** v22.x
+* **MongoDB:** Local instance or MongoDB Atlas
+* **ngrok:** To expose your servers for Teams testing
+* **Azure AD App Registration:** For SSO
+* **AWS Bedrock access**
+
+### Azure App Registration
+
+This is a mandatory step to enable SSO and secure Agent. 
+
+1.  Go to the **Azure Portal** -> **Azure Active Directory** -> **App registrations** -> **+ New registration**.
+2.  **Name:** `Teams AI Agent`
+3.  **Supported account types:** Select `Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts`.
+4.  Click **Register**.
+    * **Save the `Application (client) ID` and `Directory (tenant) ID`.** You will need these for your environment variables.
+5.  Go to the **Expose an API** blade.
+    * Click **Set** next to "Application ID URI". The default `api://<frontend_uri>/<this_azure_app_client_id>` is fine for now. We will update this with our Railway URL later.
+6.  Click **+ Add a scope**.
+    *   **Scope name:** `access_as_user`
+    *   **Who can consent?:** `Admins and users`
+    *   Fill in the admin/user consent descriptions (e.g., "Allows the app to access the AI agent API as the signed-in user.").
+    *   Click **Add scope**.
+7.  Click **+ Add a client application**.
+    * Add MS Teams client id `1fec8e78-bce4-4aaf-ab1b-5451cc387264`
+    * Select `access_as_user` in Authorize scopes
+8. Go to the **API permissions** blade.
+    * Click **+ Add a permission** -> **APIs of my Org**.
+    * Select your `Teams AI Agent` app.
+    * Check the box for the `access_as_user` permission and click **Add permissions**.
+    * Click the **Grant admin consent** button.
+9.  Go to the **Authentication** blade.
+    * Click **+ Add a platform** -> **Web**.
+    * **Redirect URIs:** You will add your Railway frontend URL here later (e.g., `https://my-frontend.up.railway.app`)
+    * And also add `Mobile and desktop applications` and check all default urls
+
+---
+
+
+
+### Step 1: Clone Repository
+
+```bash
+git clone https://github.com/topcoder-platform/tc-mcp.git
+cd tc-mcp
+```
+
+---
+
+### Step 2: Backend Setup
+
+```bash
+pnpm install
+cp .env.example .env
+# Edit .env with MongoDB, Azure, AWS credentials
+pnpm start:dev
+```
+
+Backend will run at `http://localhost:3000/v6/mcp/*`.
+
+---
+
+### Step 3: Frontend Setup
+
+```bash
+cd teamsTab
+pnpm install
+cp .env.example .env
+# Add your API base URL and Teams App config
+pnpm run dev
+```
+
+Frontend will run at `http://localhost:5173`.
+
+> **Note:**
+>
+> * During development, you can set `VITE_API_BASE_URL=http://localhost:3000/v6/mcp/agent`
+> * In production build, Vite will read VITE_API_BASE_URL from the container environment that was hardcoded in Dockerfile.
+
+---
+
+### Step 4: Expose Local Servers for Teams
+
+To test inside Teams, both servers must be public.
+
+```bash
+# For frontend
+ngrok http 5173
+# For backend
+ngrok http 3000
+```
+
+You’ll get two public URLs:
+
+* Frontend → `https://<frontend-id>.ngrok-free.app`
+* Backend → `https://<backend-id>.ngrok-free.app`
+
+> **Note:**
+> ngrok frontend url should be added to `teamsTab\vite.config.ts` allowed hosts for development environment
+
+---
+
+### Step 5: Configure Teams Manifest
+
+Edit:
+
+```
+teamsTab/appPackageDev/manifest.json
+```
+
+Update:
+
+```json
+{
+  "id": "<azure-client-id>",
+  "contentUrl": "https://<frontend-id>.ngrok-free.app",
+  "validDomains": [
+    "<frontend-id>.ngrok-free.app",
+    "<backend-id>.ngrok-free.app"
+  ],
+  "webApplicationInfo": {
+    "id": "<azure-client-id>",
+    "resource": "api://<frontend-id>.ngrok-free.app/<azure-client-id>"
+  }
+}
+```
+
+---
+
+### Step 6: Sideload App in Teams
+
+1. Zip the following from `teamsTab/appPackageDev/`:
+
+   * `manifest.json`
+   * `color.png`
+   * `outline.png`
+2. Go to **Microsoft Teams → Apps → Upload a custom app** and upload the zip.
+
+You can now test the full AI agent directly in the Teams client.
+
+---
+
+## 🐳 Production / Deployment (Dockerized)
+
+When you’re ready to deploy (e.g., on **Railway**, **Render**, or **AWS ECS**), use the provided `Dockerfile`.
+
+### Dockerfile Overview
+
+The Docker build:
+
+* Installs dependencies
+* Builds the frontend (`teamsTab/`)
+* Builds the backend
+* Starts the server using `appStartUp.sh`
+* Frontend & Backend Agent will be available in single url
+    - http://localhost:3000/teamsTab
+    - http://localhost:3000/v6/mcp/agent
+
+
+### Build and Run
+
+```bash
+docker build -t teams-ai-agent .
+docker run -d -p 3000:3000 --env-file .env teams-ai-agent
 ```
+
+> **💡 Note:**
+> * The `VITE_API_BASE_URL` is already **hardcoded in your Dockerfile** using:
+>
+>   ```dockerfile
+>   ENV VITE_API_BASE_URL=https://api.example.com
+>   ```
+>   This means the frontend is built with that value baked in at build time.
+> * Configure environment variables **directly in your hosting platform’s dashboard**, such as **Railway**, **AWS ECS / Lightsail**, or **Render** — no `.env` file needed.
+> * If you prefer using an `.env` file, mount or include it at runtime using the `--env-file .env` option (as shown above).
+>
+
+---
+
+
+### Optional: ngrok for Local Preview in Docker
+
+You can still run:
+
+```bash
+ngrok http 3000
+```
+
+And use that public URL in your Teams manifest for quick cloud-like testing.
+
+---
+
+### Summary
+
+| Mode           | How to Run                                     | Notes                                         |
+| -------------- | ---------------------------------------------- | --------------------------------------------- |
+| **Local Dev**  | frontend + backend separately | Fast iteration, live reload                   |
+| **Production** | `docker build && docker run`                   | Uses built Vite files, NestJS will serve frontend        |
+| **Teams Test** | Use ngrok URLs                                 | Needed for Teams to access your local servers |
+