Azure MCP Agent for secure, compliant resource deployment
Project description
Azure SFI Agent - MCP Server
An intelligent Model Context Protocol (MCP) server for deploying Azure resources with automatic SFI compliance orchestration.
Features
- 🚀 Interactive Deployment: Agent prompts for missing parameters
- 🔒 Automatic NSP Attachment: Network Security Perimeter for storage, key vault, cosmos-db, sql-db
- 📊 Automatic Log Analytics: Diagnostic settings for monitoring-enabled resources
- ✅ SFI Compliance: Enforced security baselines and governance
- 🎯 Zero Bypass: All deployments go through compliance orchestration
Installation
Via uvx (Recommended for GitHub Copilot)
uvx install azure-sfi-agent
Via pip
pip install azure-sfi-agent
Quick Start
1. Configure in GitHub Copilot (VS Code)
Add to your VS Code settings.json:
{
"github.copilot.mcpServers": {
"azure-sfi-agent": {
"command": "uvx",
"args": ["azure-sfi-agent"]
}
}
}
Or if installed via pip:
{
"github.copilot.mcpServers": {
"azure-sfi-agent": {
"command": "python",
"args": ["-m", "azure_sfi_agent.server"]
}
}
}
2. Login to Azure
az login
3. Use in Copilot Chat
User: "Create a storage account for ADLS"
Agent: 📋 Creating storage-account - Please provide:
✓ resource_group: (Azure resource group name)
✓ storageAccountName: (required)
✓ location: (required)
✓ accessTier: (required)
User: "RG: my-rg, name: datalake001, location: eastus, tier: Hot"
Agent: ✅ Deployment succeeded
✅ NSP attached: my-rg-nsp
Endpoints:
- DFS: https://datalake001.dfs.core.windows.net/
Supported Resources
| Resource Type | NSP | Log Analytics |
|---|---|---|
| storage-account (ADLS) | ✅ | ❌ |
| key-vault | ✅ | ✅ |
| cosmos-db | ✅ | ❌ |
| sql-db | ✅ | ❌ |
| openai | ❌ | ❌ |
| ai-search | ❌ | ✅ |
| ai-foundry | ❌ | ✅ |
| log-analytics | ❌ | ❌ |
Available Tools
create_azure_resource()- Interactive resource creation with compliancelist_permissions()- View active role assignmentslist_resources()- View accessible Azure resourcescreate_resource_group()- Create resource group with taggingget_bicep_requirements()- Check required parameters for a resource type
Requirements
- Python 3.10+
- Azure CLI installed and authenticated
- PowerShell Core (pwsh) for script execution
- Appropriate Azure RBAC permissions (Contributor role)
License
MIT
Support
For issues and questions, please visit the GitHub repository.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
azure_sfi_agent-1.0.33.tar.gz
(25.6 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file azure_sfi_agent-1.0.33.tar.gz.
File metadata
- Download URL: azure_sfi_agent-1.0.33.tar.gz
- Upload date:
- Size: 25.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
74b502579c63bf57f8212658edaec2a2e82e20a6a188c0310ff88a4822154b0d
|
|
| MD5 |
024801f41c46514f831b226f22dd3740
|
|
| BLAKE2b-256 |
ffbe55bca528fe928f7ed55caa43b6ec6d1dca41c159645e4dfe3ac2e2d3962c
|
File details
Details for the file azure_sfi_agent-1.0.33-py3-none-any.whl.
File metadata
- Download URL: azure_sfi_agent-1.0.33-py3-none-any.whl
- Upload date:
- Size: 31.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ff1f8ced1f768fb9749fb7dc5c1a3bf0741c1e3e6fa7986c2403a1d8ca259ce2
|
|
| MD5 |
4c5f9b6525d6f5450f42b6b7fc4a09ad
|
|
| BLAKE2b-256 |
1604780d083026ff0899c14e6a25f4adfafb69d5398f3aa3ba6df65984ac477e
|
