Add files from group programming sessions

Author: Ickerday

docker-compose.yml

@@ -22,9 +22,10 @@ services:
             - "./tests/system/test_apps/generating_app:/opt/splunk/etc/apps/generating_app"
             - "./tests/system/test_apps/reporting_app:/opt/splunk/etc/apps/reporting_app"
             - "./tests/system/test_apps/streaming_app:/opt/splunk/etc/apps/streaming_app"
-            - "./tests/system/test_apps/modularinput_app:/opt/splunk/etc/apps/modularinput_app"
+            - "./tests/system/test_apps/mcp_enabled_app:/opt/splunk/etc/apps/mcp_enabled_app"
             - "./splunklib:/opt/splunk/etc/apps/eventing_app/bin/splunklib"
             - "./splunklib:/opt/splunk/etc/apps/generating_app/bin/splunklib"
             - "./splunklib:/opt/splunk/etc/apps/reporting_app/bin/splunklib"
             - "./splunklib:/opt/splunk/etc/apps/streaming_app/bin/splunklib"
             - "./splunklib:/opt/splunk/etc/apps/modularinput_app/bin/splunklib"
+            - "./splunklib:/opt/splunk/etc/apps/mcp_enabled_app/bin/splunklib"

pyproject.toml

@@ -11,7 +11,7 @@ name = "splunk-sdk"
 dynamic = ["version"]
 description = "Splunk Software Development Kit for Python"
 readme = "README.md"
-requires-python = ">=3.7"
+requires-python = ">=3.10"
 license = { text = "Apache-2.0" }
 authors = [{ name = "Splunk, Inc.", email = "[email protected]" }]
 keywords = ["splunk", "sdk"]
@@ -29,7 +29,10 @@ classifiers = [
   "Topic :: Software Development :: Libraries :: Application Frameworks",
 ]
 
-dependencies = ["python-dotenv>=0.21.1"]
+dependencies = [
+    "fastmcp>=2.12.4",
+    "python-dotenv>=0.21.1",
+]
 optional-dependencies = { compat = ["six>=1.17.0"] }
 
 [dependency-groups]
@@ -71,3 +74,6 @@ select = [
   "ANN", # flake8 type annotations
   "RUF", # ruff-specific rules
 ]
+
+[tool.uv.workspace]
+members = ["tests/system/test_apps/mcp_enabled_app"]

tests/system/test_apps/mcp_app/bin/mcp_tool.py

@@ -0,0 +1,15 @@
+# splunk-mcp-poc
+
+This example aspires to verify the points listed in [POC - AI with Splunk Apps](https://cisco-my.sharepoint.com/:w:/r/personal/hbalacha_cisco_com/Documents/POC%20-%20AI%20with%20Splunk%20Apps.docx?d=w2776e089011943abbd84c0fa30a53f34&csf=1&web=1&e=RxvShR)
+
+## Pre-requirements
+
+- Python 3.10+
+- `uv`
+- A way of launching Jupyter notebooks
+
+## Getting started
+
+- Run `uv sync`
+- `source .venv/bin/activate`
+- Run the code blocks `bin/mcp_enabled_app.ipynb`

tests/system/test_apps/mcp_app/default/app.conf

@@ -0,0 +1,235 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "id": "f7f79ace",
+   "metadata": {},
+   "source": [
+    "# POC – MCP Tool Registration\n",
+    "\n",
+    "This example aspires to verify the points listed in [POC - AI with Splunk Apps](https://cisco-my.sharepoint.com/:w:/r/personal/hbalacha_cisco_com/Documents/POC%20-%20AI%20with%20Splunk%20Apps.docx?d=w2776e089011943abbd84c0fa30a53f34&csf=1&web=1&e=RxvShR)\n",
+    "\n",
+    "- Develop @tool Decorator\n",
+    "  - [ ] Capture e.g. tool_name, description, inputs, outputs\n",
+    "- MCP JSONSchema can (and most probably should) be used for tool registration in Splunk\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "c349a502",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from fastmcp import Client\n",
+    "from mcp.types import Tool\n",
+    "\n",
+    "MCP_SERVER_HOST: str = \"0.0.0.0\"\n",
+    "MCP_SERVER_PORT: int = 2137\n",
+    "\n",
+    "\n",
+    "conn_str = f\"http://{MCP_SERVER_HOST}:{MCP_SERVER_PORT}/mcp\"\n",
+    "mcp_client = Client(\"./tools.py\")\n",
+    "\n",
+    "\n",
+    "async def get_tools() -> list[Tool]:\n",
+    "    tools = []\n",
+    "    async with mcp_client:\n",
+    "        tools = await mcp_client.list_tools()\n",
+    "\n",
+    "    return tools\n",
+    "\n",
+    "\n",
+    "call_tool_result = await get_tools()\n",
+    "for tool in call_tool_result:\n",
+    "    print(tool.name)\n",
+    "    print(tool.description)\n",
+    "    print(tool.inputSchema)\n",
+    "    print(tool.outputSchema)\n",
+    "    print(tool.meta)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "cd1da846",
+   "metadata": {},
+   "source": [
+    "- execution_mode (external_http)\n",
+    "  - Is this what MCP calls `transports`?\n",
+    "- execution_metadata (endpoint URL)\n",
+    "  - Isn't that just `/execute_tool` or `tool/call`?"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "931ff98f",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "mcp_client = Client(\"tools.py\")\n",
+    "\n",
+    "\n",
+    "async def call_tool(tool_name: str, arguments: dict[str, int]):\n",
+    "    result = None\n",
+    "    async with mcp_client:\n",
+    "        result = await mcp_client.call_tool(tool_name, arguments)\n",
+    "\n",
+    "    return result\n",
+    "\n",
+    "\n",
+    "call_tool_result = await call_tool(\"generating_csc\", {\"count\": 10})\n",
+    "\n",
+    "[print(data) for data in call_tool_result.data]\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "2da04c9f",
+   "metadata": {},
+   "source": [
+    "- [ ] Support YAML v2 Tool Definition\n",
+    "- [ ] Merge decorator + YAML for complete metadata\n",
+    "\n",
+    "- Implement Post-Install Script (sdk_post_install.py):\n",
+    "  - [ ] Load app modules → decorators populate RegisteredTools\n",
+    "  - [ ] Merge YAML/decorator metadata\n",
+    "  - [ ] Build MCP /tools/register payload\n",
+    "  - [ ] Call MCP registry with credentials (from App Manager)\n",
+    "  - [ ] Log success/fail to MCP audit\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "2e594272",
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "/Users/bjedreck/Projects/spl-mcp-tool/bin/../default/app.conf\n",
+      "name='aws_logs_search' title=None description='Execute SPL queries against AWS logs' inputSchema={'type': 'object', 'properties': {}, 'required': []} outputSchema={'type': 'object', 'properties': {}, 'required': []} icons=None annotations=None meta={'permissions': ['role:search_admin', 'role:aws_analyst'], 'tool_type': 'search', 'schema_version': '1.0'}\n"
+     ]
+    }
+   ],
+   "source": [
+    "import configparser\n",
+    "import os\n",
+    "from dataclasses import asdict, dataclass, field\n",
+    "from typing import Any, Literal\n",
+    "\n",
+    "from mcp.types import Tool\n",
+    "\n",
+    "\n",
+    "@dataclass\n",
+    "class SplunkMeta:\n",
+    "    permissions: list[str]\n",
+    "    tool_type: str\n",
+    "    schema_version: str\n",
+    "\n",
+    "\n",
+    "@dataclass\n",
+    "class McpInputOutputSchema:\n",
+    "    type: Literal[\"object\"] = \"object\"\n",
+    "    properties: dict[str, Any] = field(default_factory=lambda: {})  # pyright: ignore[reportExplicitAny]\n",
+    "    required: list[str] = field(default_factory=lambda: [])\n",
+    "\n",
+    "\n",
+    "tool_reg_prefix = \"app:mcp_tool\"\n",
+    "\n",
+    "\n",
+    "def filter_sections(section_name: str):\n",
+    "    return section_name.startswith(tool_reg_prefix)\n",
+    "\n",
+    "\n",
+    "def match_input_schema(input: Literal[\"query_string\"] | Literal[\"other\"]):\n",
+    "    match input:\n",
+    "        case \"query_string\":\n",
+    "            return {\n",
+    "                \"type\": \"object\",\n",
+    "                \"properties\": {\n",
+    "                    \"query_string\": {\n",
+    "                        \"type\": \"string\",\n",
+    "                        \"description\": \"SPL2 query string\",\n",
+    "                    }\n",
+    "                },\n",
+    "            }\n",
+    "        case _:\n",
+    "            raise NotImplementedError(\"We don't know what to put here lol\")\n",
+    "\n",
+    "\n",
+    "def parse_app_conf_tool_registrations(file_path: str) -> list[Tool]:\n",
+    "    config = configparser.ConfigParser()\n",
+    "    all_sections_len = config.read(file_path)\n",
+    "    if len(all_sections_len) == 0:\n",
+    "        return []\n",
+    "\n",
+    "    tool_reg_sections: list[str] = list(filter(filter_sections, config.sections()))\n",
+    "    if len(tool_reg_sections) == 0:\n",
+    "        return []\n",
+    "\n",
+    "    ini_tools: list[Tool] = []\n",
+    "    for reg_section in tool_reg_sections:\n",
+    "        reg_section_data = config[reg_section]\n",
+    "\n",
+    "        name: str = reg_section.split(\":\")[2]\n",
+    "        description = reg_section_data[\"description\"]\n",
+    "        # https://modelcontextprotocol.io/specification/2025-06-18/schema#tool\n",
+    "        inputSchema = McpInputOutputSchema(properties={}, required=[])\n",
+    "        outputSchema = McpInputOutputSchema(properties={}, required=[])\n",
+    "        meta = SplunkMeta(\n",
+    "            permissions=[\n",
+    "                perm.strip()\n",
+    "                for perm in reg_section_data[\"permissions\"].strip().split(\",\")\n",
+    "            ],\n",
+    "            tool_type=\"search\",\n",
+    "            schema_version=reg_section_data[\"schema_version\"].strip(),\n",
+    "        )\n",
+    "\n",
+    "        ini_tool = Tool(\n",
+    "            name=name,\n",
+    "            description=description,\n",
+    "            inputSchema=asdict(inputSchema),\n",
+    "            outputSchema=asdict(outputSchema),\n",
+    "            _meta=asdict(meta),\n",
+    "        )\n",
+    "        ini_tools.append(ini_tool)\n",
+    "\n",
+    "    return ini_tools\n",
+    "\n",
+    "\n",
+    "async def post_install():\n",
+    "    curr_path = os.path.join(os.getcwd(), \"..\", \"default\", \"app.conf\")\n",
+    "    print(curr_path)\n",
+    "    yaml_tool_registrations: list[Tool] = parse_app_conf_tool_registrations(curr_path)\n",
+    "    [print(toolReg) for toolReg in yaml_tool_registrations]\n",
+    "\n",
+    "\n",
+    "await post_install()\n"
+   ]
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": ".venv",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.13.7"
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 5
+}

tests/system/test_apps/mcp_app/default/commands.conf

@@ -0,0 +1,23 @@
+# Splunk app configuration file
+
+[install]
+is_configured = 0
+
+[ui]
+is_visible = true
+label = [PoC] MCP-Enabled App
+
+[launcher]
+author = Splunk Inc.
+description = Trying to verify the implementation plan for MCP Tool registration
+version = 0.0.1
+
+# Example MCP registration in app.conf
+[app:mcp_tool:generate_csc]
+description = Generate 
+tool_type = search
+inputs = count
+outputs = results
+permissions = role:search_admin, role:mcp_tool
+schema_version = 1.0
+mcp_enabled = true

tests/system/test_apps/mcp_enabled_app/README.md

@@ -0,0 +1,15 @@
+[]
+access = read : [ * ], write : [ admin, power ]
+export = none
+
+[tags]
+export = system
+
+[props]
+export = system
+
+[transforms]
+export = system
+
+[lookups]
+export = system