Skip to main content

Agent package for communicating with LeanIX Enterprise Architecture Management via REST APIs and GraphQL.

Project description

LeanIX Agent - A2A | AG-UI | MCP

PyPI - Version MCP Server PyPI - Downloads GitHub Repo stars GitHub forks GitHub contributors PyPI - License GitHub

GitHub last commit (by committer) GitHub pull requests GitHub closed pull requests GitHub issues

GitHub top language GitHub language count GitHub repo size GitHub repo file count (file type) PyPI - Wheel PyPI - Implementation

Version: 0.11.1

Overview

LeanIX Agent MCP Server + A2A Agent

Agent package for communicating with LeanIX Enterprise Architecture Management via REST APIs and GraphQL.

This repository is actively maintained - Contributions are welcome!

Features

Core Capabilities

  • FactSheet Management: Create, read, update FactSheets (Applications, Components, etc.)
  • GraphQL Queries: Execute flexible GraphQL queries with variables and operations
  • Metrics & KPIs: Access custom metrics, KPIs, and performance data
  • Discovery Integration: SaaS, SAP, and AI agent discovery services
  • Architecture Relations: Query FactSheet relationships and hierarchies
  • User & Workspace Management: Manage users, permissions, and workspace settings
  • Authentication: Automatic OAuth token management and session handling

API Coverage

The agent provides access to 30+ LeanIX API services with 500+ methods:

  • Pathfinder API: FactSheet operations, relations, and resource models
  • Metrics API: Schema management, KPI tracking, and data points
  • MTM API: Account management, workspace administration, and OAuth
  • Discovery APIs: SaaS, SAP, and AI agent discovery
  • Integration APIs: Collibra, ServiceNow, and Signavio connectors
  • Support APIs: Documents, impacts, navigation, polls, and webhooks

MCP

Using as an MCP Server

The MCP Server can be run in two modes: stdio (for local testing) or http (for networked access).

Environment Variables

  • LEANIX_WORKSPACE: The URL of the target service.
  • LEANIX_API_TOKEN: The API token or access token.

Run in stdio mode (default):

export LEANIX_WORKSPACE="http://localhost:8080"
export LEANIX_API_TOKEN="your_token"
leanix-mcp --transport "stdio"

Run in HTTP mode:

export LEANIX_WORKSPACE="http://localhost:8080"
export LEANIX_API_TOKEN="your_token"
leanix-mcp --transport "http" --host "0.0.0.0" --port "8000"

A2A Agent

Run A2A Server

export LEANIX_WORKSPACE="http://localhost:8080"
export LEANIX_API_TOKEN="your_token"
leanix-agent --provider openai --model-id gpt-4o --api-key sk-...

Security & Governance

This project is built on agent-utilities, inheriting enterprise-grade security and governance features.

Authentication & Authorization

Feature Description
OIDC Token Delegation RFC 8693 token exchange for user-context propagation from A2A → MCP
Eunomia Policies Fine-grained, policy-driven tool authorization (none, embedded, remote)
Scoped Credentials Tools execute with the caller's scoped identity where possible
3LO / OAuth / API Token Multiple auth strategies with graceful fallback

Eunomia Policy Enforcement

Eunomia provides a policy enforcement point for all tool calls:

  • Embedded mode: Load local mcp_policies.json for role-based access, sensitivity gating, and audit logging
  • Remote mode: Forward authorization decisions to a central Eunomia policy server for multi-agent governance
  • Enable via CLI: --eunomia-type embedded --eunomia-policy-file mcp_policies.json

Runtime Protections

Protection Description
Tool Guard Sensitivity detection with human-in-the-loop approval gating
Prompt Injection Defense Input scanning and repetition/loop guards
Content Filtering Output schema enforcement and cost budget controls
Stuck Loop Detection Automatic detection and recovery from agent loops
Context Limit Warnings Proactive alerts before context window exhaustion

Graph Agent Architecture

The A2A agent uses pydantic-graph orchestration with:

  • RouterNode: Lightweight classifier that routes queries to specialized domains
  • DomainNode: Focused executor with only relevant tools loaded, preventing tool hallucination
  • Approval Gates: Policy-driven approval workflows before sensitive operations
  • Usage Guards: Budget and rate limiting enforcement

Production Recommendation: Enable --eunomia-type embedded (or remote) + OIDC delegation + containerized deployment. See agent-utilities documentation for full policy configuration.

Docker

Build

docker build -t leanix-agent .

Run MCP Server

docker run -d \
  --name leanix-agent \
  -p 8000:8000 \
  -e TRANSPORT=http \
  -e LEANIX_WORKSPACE="http://your-service:8080" \
  -e LEANIX_API_TOKEN="your_token" \
  knucklessg1/leanix-agent:latest

Deploy with Docker Compose

services:
  leanix-agent:
    image: knucklessg1/leanix-agent:latest
    environment:
      - HOST=0.0.0.0
      - PORT=8000
      - TRANSPORT=http
      - LEANIX_WORKSPACE=http://your-service:8080
      - LEANIX_API_TOKEN=your_token
    ports:
      - 8000:8000

Configure mcp.json for AI Integration (e.g. Claude Desktop)

{
  "mcpServers": {
    "leanix": {
      "command": "uv",
      "args": [
        "run",
        "--with",
        "leanix-agent",
        "leanix-mcp"
      ],
      "env": {
        "LEANIX_WORKSPACE": "http://your-service:8080",
        "LEANIX_API_TOKEN": "your_token"
      }
    }
  }
}

Install Python Package

python -m pip install leanix-agent
uv pip install leanix-agent

Repository Owners

GitHub followers GitHub User's stars

Graph Architecture

This agent uses pydantic-graph orchestration for intelligent routing and optimal context management.

---
title: LeanIX Agent Graph Agent
---
stateDiagram-v2
  [*] --> RouterNode: User Query
  RouterNode --> DomainNode: Classified Domain
  RouterNode --> [*]: Low confidence / Error
  DomainNode --> [*]: Domain Result
  • RouterNode: A fast, lightweight LLM (e.g., nvidia/nemotron-3-super) that classifies the user's query into one of the specialized domains.
  • DomainNode: The executor node. For the selected domain, it dynamically sets environment variables to temporarily enable ONLY the tools relevant to that domain, creating a highly focused sub-agent (e.g., gpt-4o) to complete the request. This preserves LLM context and prevents tool hallucination.

MCP Configuration Examples

stdio (recommended for local development)

{
  "mcpServers": {
    "leanix": {
      "command": ".venv/bin/leanix-mcp",
      "args": [],
      "env": {
        "LEANIX_WORKSPACE": "",
        "LEANIX_API_TOKEN": ""
}
    }
  }
}

Streamable HTTP (recommended for production)

{
  "mcpServers": {
    "leanix": {
      "url": "http://localhost:8080/leanix-mcp/mcp"
    }
  }
}

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

leanix_agent-0.11.1.tar.gz (66.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

leanix_agent-0.11.1-py3-none-any.whl (103.5 kB view details)

Uploaded Python 3

File details

Details for the file leanix_agent-0.11.1.tar.gz.

File metadata

  • Download URL: leanix_agent-0.11.1.tar.gz
  • Upload date:
  • Size: 66.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.3

File hashes

Hashes for leanix_agent-0.11.1.tar.gz
Algorithm Hash digest
SHA256 8893d1ed94fa98a4ac5b696c50963678ad5d7db6d379ed922f5d007e790a588d
MD5 f06e5ae666d271f4da86cb82725b267c
BLAKE2b-256 75507235a83ad6fd1caa97d80c2fd8616cd4d3c7f3d6a14764abefb9656b0ab4

See more details on using hashes here.

File details

Details for the file leanix_agent-0.11.1-py3-none-any.whl.

File metadata

  • Download URL: leanix_agent-0.11.1-py3-none-any.whl
  • Upload date:
  • Size: 103.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.3

File hashes

Hashes for leanix_agent-0.11.1-py3-none-any.whl
Algorithm Hash digest
SHA256 03771b757cc18ccc4a0cc43fd5af4e672b0c0c2bbbdf55891706843c3a29e91c
MD5 ed4df3ebdfdb47aa2ef94dfbf85a81bf
BLAKE2b-256 a141a164dad3426b8210b036e0bbb64cec1794ff115d6c844b1d0bc93dbe6470

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page