Azure MCP Agent for secure, compliant resource deployment
Project description
Azure SFI Agent - MCP Server
An intelligent Model Context Protocol (MCP) server for deploying Azure resources with automatic SFI compliance orchestration.
Features
- 🚀 Interactive Deployment: Agent prompts for missing parameters
- 🔒 Automatic NSP Attachment: Network Security Perimeter for storage, key vault, cosmos-db, sql-db
- 📊 Automatic Log Analytics: Diagnostic settings for monitoring-enabled resources
- ✅ SFI Compliance: Enforced security baselines and governance
- 🎯 Zero Bypass: All deployments go through compliance orchestration
Installation
Via uvx (Recommended for GitHub Copilot)
uvx install azure-sfi-agent
Via pip
pip install azure-sfi-agent
Quick Start
1. Configure in GitHub Copilot (VS Code)
Add to your VS Code settings.json:
{
"github.copilot.mcpServers": {
"azure-sfi-agent": {
"command": "uvx",
"args": ["azure-sfi-agent"]
}
}
}
Or if installed via pip:
{
"github.copilot.mcpServers": {
"azure-sfi-agent": {
"command": "python",
"args": ["-m", "azure_sfi_agent.server"]
}
}
}
2. Login to Azure
az login
3. Use in Copilot Chat
User: "Create a storage account for ADLS"
Agent: 📋 Creating storage-account - Please provide:
✓ resource_group: (Azure resource group name)
✓ storageAccountName: (required)
✓ location: (required)
✓ accessTier: (required)
User: "RG: my-rg, name: datalake001, location: eastus, tier: Hot"
Agent: ✅ Deployment succeeded
✅ NSP attached: my-rg-nsp
Endpoints:
- DFS: https://datalake001.dfs.core.windows.net/
Supported Resources
| Resource Type | NSP | Log Analytics |
|---|---|---|
| storage-account (ADLS) | ✅ | ❌ |
| key-vault | ✅ | ✅ |
| cosmos-db | ✅ | ❌ |
| sql-db | ✅ | ❌ |
| openai | ❌ | ❌ |
| ai-search | ❌ | ✅ |
| ai-foundry | ❌ | ✅ |
| log-analytics | ❌ | ❌ |
Available Tools
create_azure_resource()- Interactive resource creation with compliancelist_permissions()- View active role assignmentslist_resources()- View accessible Azure resourcescreate_resource_group()- Create resource group with taggingget_bicep_requirements()- Check required parameters for a resource type
Requirements
- Python 3.10+
- Azure CLI installed and authenticated
- PowerShell Core (pwsh) for script execution
- Appropriate Azure RBAC permissions (Contributor role)
License
MIT
Support
For issues and questions, please visit the GitHub repository.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
azure_sfi_agent-1.0.32.tar.gz
(24.9 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file azure_sfi_agent-1.0.32.tar.gz.
File metadata
- Download URL: azure_sfi_agent-1.0.32.tar.gz
- Upload date:
- Size: 24.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3bea9d87949047d28bfc54f7aa279a60656664ea72c6a17cac42005204a4214f
|
|
| MD5 |
b33202df372591d3ae74b2950680d574
|
|
| BLAKE2b-256 |
fc9e81cf86efd3cff3c0ffa1db1db0ded66510e72f4e1ccfb239f3e660bae38a
|
File details
Details for the file azure_sfi_agent-1.0.32-py3-none-any.whl.
File metadata
- Download URL: azure_sfi_agent-1.0.32-py3-none-any.whl
- Upload date:
- Size: 30.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ab19c301765a01189b7ac65fde4ca7220d3fcc4c1d2ca121c0b693adae816db8
|
|
| MD5 |
a164bf495214e5bf0d1d228d98ca8a00
|
|
| BLAKE2b-256 |
e0eae4f4195f70439ed8b2570948030eaf73dc74212e9fb95661b4b702972b6b
|
