From 7e17aaaf260409c449018ab358ac318f1afb0f94 Mon Sep 17 00:00:00 2001 From: Art Berger Date: Fri, 1 May 2026 13:34:53 -0400 Subject: [PATCH 1/2] Docs for agent sandbox Signed-off-by: Art Berger --- public/sitemap.xml | 231 +++++++------- src/app/docs/kagent/concepts/agents/page.mdx | 6 + .../kagent/examples/agent-sandbox/page.mdx | 290 ++++++++++++++++++ src/app/docs/kagent/examples/page.mdx | 1 + src/config/navigation.json | 5 + 5 files changed, 421 insertions(+), 112 deletions(-) create mode 100644 src/app/docs/kagent/examples/agent-sandbox/page.mdx diff --git a/public/sitemap.xml b/public/sitemap.xml index 739fb9c..68aa249 100644 --- a/public/sitemap.xml +++ b/public/sitemap.xml @@ -2,784 +2,791 @@ https://kagent.dev/agents - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/blog - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/community - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/concepts/agent-memory - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/concepts/agents - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/concepts/architecture - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/concepts - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/concepts/tools - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/examples/a2a-agents - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/examples/a2a-byo - 2026-04-01 + 2026-05-01 + weekly + 0.8 + + + + https://kagent.dev/docs/kagent/examples/agent-sandbox + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/examples/agents-mcp - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/examples/crewai-byo - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/examples/discord-a2a - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/examples/documentation - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/examples/human-in-the-loop - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/examples/langchain-byo - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/examples - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/examples/skills - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/examples/slack-a2a - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/examples/telegram-bot - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/getting-started/first-agent - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/getting-started/first-mcp-tool - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/getting-started/local-development - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/getting-started - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/getting-started/quickstart - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/getting-started/system-prompts - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/introduction/installation - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/introduction - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/introduction/what-is-kagent - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/observability/audit-prompts - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/observability/launch-ui - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/observability - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/observability/tracing - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/operations/debug - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/operations/operational-considerations - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/operations - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/operations/uninstall - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/operations/upgrade - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/resources/api-ref - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/resources/cli/kagent-add-mcp - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/resources/cli/kagent-bug-report - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/resources/cli/kagent-build - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/resources/cli/kagent-completion - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/resources/cli/kagent-dashboard - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/resources/cli/kagent-deploy - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/resources/cli/kagent-get - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/resources/cli/kagent-help - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/resources/cli/kagent-init - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/resources/cli/kagent-install - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/resources/cli/kagent-invoke - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/resources/cli/kagent-mcp - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/resources/cli/kagent-run - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/resources/cli/kagent-uninstall - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/resources/cli/kagent-version - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/resources/cli - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/resources/faq - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/resources/helm - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/resources - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/resources/release-notes - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/resources/tools-ecosystem - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/supported-providers/amazon-bedrock - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/supported-providers/anthropic - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/supported-providers/azure-openai - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/supported-providers/byo-openai - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/supported-providers/gemini - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/supported-providers/google-vertexai - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/supported-providers/ollama - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/supported-providers/openai - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kagent/supported-providers - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kmcp/deploy/install-controller - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kmcp/deploy - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kmcp/deploy/server - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kmcp/develop/fastmcp-python - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kmcp/develop/mcp-go - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kmcp/develop - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kmcp/introduction - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kmcp - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kmcp/quickstart - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kmcp/reference/api-ref - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kmcp/reference/kmcp-add-tool - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kmcp/reference/kmcp-build - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kmcp/reference/kmcp-completion - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kmcp/reference/kmcp-deploy - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kmcp/reference/kmcp-help - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kmcp/reference/kmcp-init - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kmcp/reference/kmcp-install - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kmcp/reference/kmcp-run - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kmcp/reference/kmcp-secrets - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kmcp/reference - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs/kmcp/secrets - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/docs - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/enterprise - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/page.tsx - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/tools - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/agents/argo-rollouts-conversion-agent - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/agents/cilium-crd-agent - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/agents/helm-agent - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/agents/istio-agent - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/agents/k8s-agent - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/agents/kgateway-agent - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/agents/observability-agent - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/agents/promql-agent - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/tools/istio - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/tools/kubernetes - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/tools/prometheus - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/tools/documentation - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/tools/helm - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/tools/argo - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/tools/grafana - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/tools/other - 2026-04-01 + 2026-05-01 weekly 0.8 https://kagent.dev/tools/cilium - 2026-04-01 + 2026-05-01 weekly 0.8 diff --git a/src/app/docs/kagent/concepts/agents/page.mdx b/src/app/docs/kagent/concepts/agents/page.mdx index a7dc881..357b8d3 100644 --- a/src/app/docs/kagent/concepts/agents/page.mdx +++ b/src/app/docs/kagent/concepts/agents/page.mdx @@ -298,6 +298,12 @@ spec: Compaction removes older conversation events to free up space in the context window. By default, compacted events are discarded. To preserve a summary of compacted events, configure the `summarizer` field with a `modelConfig` reference. Enable compaction for agents that handle long-running conversations, call many tools with large outputs, or need to support extended interactions. +## Sandboxed Agents + +You can run agents in an isolated sandbox by creating a `SandboxAgent` resource instead of a regular `Agent`. The `SandboxAgent` spec is identical to the `Agent` spec, but the kagent controller creates an upstream [agent-sandbox](https://github.com/kubernetes-sigs/agent-sandbox) workload instead of a Deployment. Sandboxed agents enforce process isolation, deny all outbound network access by default, and restrict filesystem writes to the working directory and `/tmp`. To allow outbound access to specific domains, set the `spec.sandbox.network.allowedDomains` field. + +For setup steps, see the [Agent Sandbox example](/docs/kagent/examples/agent-sandbox). + ## Agents as Tools Kagent also supports using agents as tools. Any agent you create can be referenced and used by other agents you have. An example use case would be to have a PromQL agent that knows how to create PromQL queries from natural language. Then you'd create a second agent that would use the PromQL agent whenever it needs to create a PromQL query. diff --git a/src/app/docs/kagent/examples/agent-sandbox/page.mdx b/src/app/docs/kagent/examples/agent-sandbox/page.mdx new file mode 100644 index 0000000..8e91b84 --- /dev/null +++ b/src/app/docs/kagent/examples/agent-sandbox/page.mdx @@ -0,0 +1,290 @@ +--- +title: "Agent Sandbox" +pageOrder: 1 +description: "Run agents in isolated sandboxes with deny-by-default networking and filesystem restrictions." +--- + +export const metadata = { + title: "Agent Sandbox", + description: "Run agents in isolated sandboxes with deny-by-default networking and filesystem restrictions.", + author: "kagent.dev" +}; + +# Agent Sandbox + +Sandboxed agents run in isolated pods managed by the upstream [agent-sandbox](https://github.com/kubernetes-sigs/agent-sandbox) project. Each sandbox enforces process isolation, denies all outbound network access by default, and restricts filesystem writes to the working directory and `/tmp`. + +## About + +When the kagent controller reconciles a `SandboxAgent`, it does the following. + +1. Generates an `srt-settings.json` file with the sandbox runtime configuration and mounts it into the pod. +2. Creates an upstream `agents.x-k8s.io/v1alpha1` Sandbox resource instead of a Deployment. +3. Delegates pod lifecycle to the agent-sandbox controller, which manages process-level isolation. + +The default runtime settings are: + +| Category | Default | +| --- | --- | +| Network | All outbound denied unless listed in `allowedDomains` | +| Filesystem writes | Allowed in `.` (working directory) and `/tmp` | +| Filesystem reads | Unrestricted | + +## Before you begin + +1. Install kagent v0.9.0 or later by following the [quick start](/docs/kagent/getting-started/quickstart) guide. + +2. Install the agent-sandbox controller and CRDs. The example uses version 0.3.10. + + ```bash + kubectl apply -f https://github.com/kubernetes-sigs/agent-sandbox/releases/download/v0.3.10/manifest.yaml + kubectl apply -f https://github.com/kubernetes-sigs/agent-sandbox/releases/download/v0.3.10/extensions.yaml + ``` + +3. If you installed agent-sandbox after kagent was already running, restart the kagent controller so it registers the new Sandbox API. + + ```bash + kubectl -n kagent rollout restart deploy/kagent-controller + ``` + +## Create a sandboxed agent + +A `SandboxAgent` has the same spec as a regular `Agent`. The only difference is `kind: SandboxAgent`. Instead of creating a Deployment, the kagent controller creates an upstream `agents.x-k8s.io` Sandbox CR. + +1. Apply the following SandboxAgent resource. + + ```yaml + kubectl apply -f - < SKILL.md <<'EOF' + --- + name: fetch-url-skill + description: Fetch a URL using curl and return the HTTP status code. Use this when the user asks to fetch, get, or download a URL. + --- + + # Fetch URL skill + + Use this skill when the user asks you to fetch, GET, or test a URL. + + ## Instructions + + - Run the `bash` tool with the command `curl -sS -o /dev/null -w "HTTP %{http_code}\n" --max-time 10 ` where `` is the URL the user wants to fetch. + - Report the exact HTTP status line back to the user, including any error message that curl prints. + EOF + ``` + +2. Build the skill image and push it to a local registry. For full prerequisites and registry setup, see [Add skills to agents](/docs/kagent/examples/skills). + + ```bash + cat > Dockerfile <<'EOF' + FROM scratch + COPY . / + EOF + docker build -t localhost:5000/fetch-url-skill:latest . + docker push localhost:5000/fetch-url-skill:latest + ``` + +### Step 2: Add the skill to the SandboxAgent + +Re-apply `sandbox-agent` with the skill reference and an updated system message that points the agent at the skill. + +```yaml +kubectl apply -f - <//` endpoint. Sandboxed agents support exactly one chat session, so the second request must reuse the `contextId` returned by the first. + +1. Port-forward the kagent controller. + + ```bash + kubectl -n kagent port-forward svc/kagent-controller 8083:8083 + ``` + +2. Send a request that hits an allowed domain. Capture the `contextId` from the response. + + ```bash + UUID=$(uuidgen) + curl -sS -X POST 'http://localhost:8083/api/a2a-sandboxes/kagent/sandbox-agent/' \ + -H 'Content-Type: application/json' \ + -d "{\"jsonrpc\":\"2.0\",\"id\":\"$UUID\",\"method\":\"message/send\",\"params\":{\"message\":{\"role\":\"user\",\"parts\":[{\"kind\":\"text\",\"text\":\"Fetch https://api.github.com/zen and tell me exactly what curl returned\"}],\"messageId\":\"$UUID\",\"kind\":\"message\"}}}" + ``` + + The agent runs `curl https://api.github.com/zen` through `srt`, which lets the request through. Example response (truncated): + + ```json + { + "result": { + "status": { "state": "completed" }, + "contextId": "707433f6-6d11-4a4d-9756-b4e0b1d9203a", + "artifacts": [{ + "parts": [{ + "kind": "text", + "text": "The exact response from curl when fetching https://api.github.com/zen is: ..." + }] + }] + } + } + ``` + +3. Send a second request with a denied domain, reusing the `contextId` from the first response. + + ```bash + CTX="707433f6-6d11-4a4d-9756-b4e0b1d9203a" # from previous response + UUID=$(uuidgen) + curl -sS -X POST 'http://localhost:8083/api/a2a-sandboxes/kagent/sandbox-agent/' \ + -H 'Content-Type: application/json' \ + -d "{\"jsonrpc\":\"2.0\",\"id\":\"$UUID\",\"method\":\"message/send\",\"params\":{\"message\":{\"role\":\"user\",\"parts\":[{\"kind\":\"text\",\"text\":\"Fetch https://example.com and tell me exactly what curl returned, including any error messages\"}],\"messageId\":\"$UUID\",\"contextId\":\"$CTX\",\"kind\":\"message\"}}}" + ``` + + The sandbox blocks the request because `example.com` is not in the allowlist. The agent reports the curl error verbatim: + + ```txt + The exact response from curl when fetching https://example.com is: + + curl: (56) CONNECT tunnel failed, response 403 + ``` + + The `403` comes from `srt`'s outbound HTTPS proxy, which rejects connections to hosts outside `allowedDomains`. Add `example.com` to `spec.sandbox.network.allowedDomains` and reapply if you want to permit it. + +## Cleanup + +When you are done, remove the resources that you created. + +1. Delete the SandboxAgent. The kagent controller deletes the upstream Sandbox resource and pod with it. + + ```bash + kubectl delete sandboxagent sandbox-agent -n kagent + ``` + +2. Remove the skill image from your local registry and delete the skill directory. + + ```bash + docker rmi localhost:5000/fetch-url-skill:latest + cd .. + rm -rf fetch-url-skill + ``` + +3. Optionally, uninstall the agent-sandbox controller and CRDs if you no longer need sandboxed agents in this cluster. + + ```bash + kubectl delete -f https://github.com/kubernetes-sigs/agent-sandbox/releases/download/v0.3.10/extensions.yaml + kubectl delete -f https://github.com/kubernetes-sigs/agent-sandbox/releases/download/v0.3.10/manifest.yaml + ``` + +## Next steps + +Continue configuring your sandboxed agent, such as with [skills](/docs/kagent/examples/skills), [tools](/docs/kagent/concepts/tools), or [human-in-the-loop](/docs/kagent/examples/human-in-the-loop) safeguards. diff --git a/src/app/docs/kagent/examples/page.mdx b/src/app/docs/kagent/examples/page.mdx index 6f56558..124e18b 100644 --- a/src/app/docs/kagent/examples/page.mdx +++ b/src/app/docs/kagent/examples/page.mdx @@ -30,5 +30,6 @@ import QuickLink from '@/components/quick-link'; + diff --git a/src/config/navigation.json b/src/config/navigation.json index f476224..9aada64 100644 --- a/src/config/navigation.json +++ b/src/config/navigation.json @@ -153,6 +153,11 @@ "href": "/docs/kagent/examples/a2a-byo", "description": "Bring your own ADK agent to kagent" }, + { + "title": "Agent Sandbox", + "href": "/docs/kagent/examples/agent-sandbox", + "description": "Run agents in isolated sandboxes with deny-by-default networking and filesystem restrictions." + }, { "title": "Using Kagent agents via MCP", "href": "/docs/kagent/examples/agents-mcp", From 96d75d576fff27a20c390fa0ef6765f307c303fc Mon Sep 17 00:00:00 2001 From: Art Berger Date: Fri, 1 May 2026 15:20:15 -0400 Subject: [PATCH 2/2] add version constants Signed-off-by: Art Berger --- src/app/docs/_constants.ts | 22 +++++++++++++++++++ .../kagent/examples/agent-sandbox/page.mdx | 20 +++++++++++------ .../observability/audit-prompts/page.mdx | 6 +++-- .../kagent/observability/tracing/page.mdx | 4 +++- .../kmcp/deploy/install-controller/page.mdx | 4 +++- src/app/docs/kmcp/quickstart/page.mdx | 4 +++- 6 files changed, 48 insertions(+), 12 deletions(-) create mode 100644 src/app/docs/_constants.ts diff --git a/src/app/docs/_constants.ts b/src/app/docs/_constants.ts new file mode 100644 index 0000000..469df6f --- /dev/null +++ b/src/app/docs/_constants.ts @@ -0,0 +1,22 @@ +/** + * Shared version constants for kagent documentation examples. + * Update these values to automatically propagate changes across all example guides. + */ + +export const VERSIONS = { + // Core kagent version requirements + kagent: "0.9.1", + kmcp: "0.2.8", + + // External dependencies + agentSandbox: "0.3.10", + loki: "6.24.0", + tempo: "1.16.0", + jaeger: "4.4.7", + + // Kubernetes API versions + kubernetesAppsApi: "apps/v1", + kubernetesApi: "v1", + kagentApi: "kagent.dev/v1alpha2", + agentSandboxApi: "agents.x-k8s.io/v1alpha1", +}; diff --git a/src/app/docs/kagent/examples/agent-sandbox/page.mdx b/src/app/docs/kagent/examples/agent-sandbox/page.mdx index 8e91b84..e6ed0b0 100644 --- a/src/app/docs/kagent/examples/agent-sandbox/page.mdx +++ b/src/app/docs/kagent/examples/agent-sandbox/page.mdx @@ -4,6 +4,8 @@ pageOrder: 1 description: "Run agents in isolated sandboxes with deny-by-default networking and filesystem restrictions." --- +import { VERSIONS } from "../../../_constants"; + export const metadata = { title: "Agent Sandbox", description: "Run agents in isolated sandboxes with deny-by-default networking and filesystem restrictions.", @@ -32,13 +34,13 @@ The default runtime settings are: ## Before you begin -1. Install kagent v0.9.0 or later by following the [quick start](/docs/kagent/getting-started/quickstart) guide. +1. Install kagent v{VERSIONS.kagent} or later by following the [quick start](/docs/kagent/getting-started/quickstart) guide. -2. Install the agent-sandbox controller and CRDs. The example uses version 0.3.10. +2. Install the agent-sandbox controller and CRDs. The example uses version {VERSIONS.agentSandbox}. ```bash - kubectl apply -f https://github.com/kubernetes-sigs/agent-sandbox/releases/download/v0.3.10/manifest.yaml - kubectl apply -f https://github.com/kubernetes-sigs/agent-sandbox/releases/download/v0.3.10/extensions.yaml + kubectl apply -f https://github.com/kubernetes-sigs/agent-sandbox/releases/download/v{VERSIONS.agentSandbox}/manifest.yaml + kubectl apply -f https://github.com/kubernetes-sigs/agent-sandbox/releases/download/v{VERSIONS.agentSandbox}/extensions.yaml ``` 3. If you installed agent-sandbox after kagent was already running, restart the kagent controller so it registers the new Sandbox API. @@ -128,6 +130,8 @@ EOF To verify the network allowlist enforces correctly, give the agent a way to make outbound HTTP requests. The simplest path is a [container-based skill](/docs/kagent/examples/skills) that runs `curl`, because skills give the agent a `bash` tool that runs through the `srt` sandbox runtime, and `srt` is what reads `srt-settings.json` and applies the allowlist. +To invoke a sandboxed agent, you can use A2A requests or the kagent UI. + ### Step 1: Build a curl skill 1. Create a skill directory with a `SKILL.md` file that tells the agent how to use the skill. @@ -206,7 +210,9 @@ sandbox-agent True True ### Step 3: Send requests to the sandbox A2A endpoint -The kagent CLI does not yet support `SandboxAgent` because it looks up `Agent` resources only. To invoke a sandboxed agent, send A2A JSON-RPC requests directly to the controller's `/api/a2a-sandboxes///` endpoint. Sandboxed agents support exactly one chat session, so the second request must reuse the `contextId` returned by the first. +Send A2A JSON-RPC requests directly to the controller's `/api/a2a-sandboxes///` endpoint. Sandboxed agents support exactly one chat session, so the second request must reuse the `contextId` returned by the first. + +> Alternatively, you can [open the agent in the kagent UI](/docs/kagent/getting-started/first-agent#testing-the-agent) and then send requests through the UI's chat interface to try to access allowed or denied domains. 1. Port-forward the kagent controller. @@ -281,8 +287,8 @@ When you are done, remove the resources that you created. 3. Optionally, uninstall the agent-sandbox controller and CRDs if you no longer need sandboxed agents in this cluster. ```bash - kubectl delete -f https://github.com/kubernetes-sigs/agent-sandbox/releases/download/v0.3.10/extensions.yaml - kubectl delete -f https://github.com/kubernetes-sigs/agent-sandbox/releases/download/v0.3.10/manifest.yaml + kubectl delete -f https://github.com/kubernetes-sigs/agent-sandbox/releases/download/v{VERSIONS.agentSandbox}/extensions.yaml + kubectl delete -f https://github.com/kubernetes-sigs/agent-sandbox/releases/download/v{VERSIONS.agentSandbox}/manifest.yaml ``` ## Next steps diff --git a/src/app/docs/kagent/observability/audit-prompts/page.mdx b/src/app/docs/kagent/observability/audit-prompts/page.mdx index 3a4e471..39cabae 100644 --- a/src/app/docs/kagent/observability/audit-prompts/page.mdx +++ b/src/app/docs/kagent/observability/audit-prompts/page.mdx @@ -4,6 +4,8 @@ pageOrder: 1 description: "Review and audit prompts used by kagent agents." --- +import { VERSIONS } from "../../../_constants"; + export const metadata = { title: "Audit kagent prompts", description: "Review and audit prompts used by kagent agents.", @@ -41,7 +43,7 @@ Kagent supports logging input/output messages for the following LLM providers: ```yaml helm upgrade --install loki loki \ --repo https://grafana.github.io/helm-charts \ - --version 6.24.0 \ + --version {VERSIONS.loki} \ --namespace telemetry \ --create-namespace \ --values - <