Metadata-Version: 2.4
Name: enablement-agent
Version: 1.6.0
Summary: Centralized Enablement Agent — the canonical knowledge hub for Partner Core enablement content.
Project-URL: Homepage, https://w.amazon.com/bin/view/AWS/Teams/PartnerCore/EnablementAgent/
Project-URL: Repository, https://code.amazon.com/packages/EnablementAgent
Author: Partner Core - Enablement Shared Services
License-Expression: MIT
Keywords: enablement,knowledge-hub,mcp,partner-core
Classifier: Development Status :: 4 - Beta
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Requires-Python: >=3.11
Requires-Dist: aiohttp>=3.9.0
Requires-Dist: boto3>=1.34.0
Requires-Dist: fastmcp>=2.0.0
Requires-Dist: mcp>=1.0.0
Requires-Dist: opensearch-py>=2.4.0
Requires-Dist: pdfplumber>=0.10.0
Requires-Dist: python-docx>=1.0.0
Requires-Dist: requests-aws4auth>=1.2.0
Provides-Extra: dev
Requires-Dist: moto[athena,s3]>=5.0.0; extra == 'dev'
Requires-Dist: mypy>=1.9.0; extra == 'dev'
Requires-Dist: pytest-asyncio>=0.23.0; extra == 'dev'
Requires-Dist: pytest>=7.0; extra == 'dev'
Requires-Dist: ruff>=0.4.0; extra == 'dev'
Description-Content-Type: text/markdown

# Centralized Enablement Agent

The canonical knowledge hub for all enablement content across Partner Core.

## What it does

This agent ingests, indexes, and serves enablement content — user guides, FAQs, demo scripts, training decks, playbooks, and more. Anyone in Partner Core can query it for answers, search for content, and monitor content freshness.

## Architecture

```
┌─────────────────────────────────────────────────────────────────┐
│  Content IN                                                      │
│  ┌──────────────┐ ┌──────────────┐ ┌────────────┐ ┌──────────┐ │
│  │ Delivery     │ │ Manual       │ │ Wiki       │ │ Highspot │ │
│  │ Agent Push   │ │ Upload       │ │ Scraper    │ │ Scraper  │ │
│  └──────┬───────┘ └──────┬───────┘ └─────┬──────┘ └────┬─────┘ │
│         │                │               │              │       │
│         └────────────────┴───────────────┴──────────────┘       │
│                                  │                               │
│                          ┌───────▼───────┐                      │
│                          │  Orchestrator  │                      │
│                          └───────┬───────┘                      │
│                                  │                               │
│         ┌────────────────────────┼────────────────────┐         │
│         │                        │                    │         │
│  ┌──────▼──────┐  ┌─────────────▼────────┐  ┌───────▼───────┐ │
│  │ S3 Bucket   │  │ OpenSearch Serverless │  │ Content       │ │
│  │ (raw files) │  │ (vector embeddings)  │  │ Registry      │ │
│  └─────────────┘  └──────────────────────┘  └───────────────┘ │
│                                                                  │
│  Content OUT (MCP Tools via SSE)                                │
│  ┌──────────────────────────────────────────────────────────┐   │
│  │ query · search · upload · status · stale · refresh       │   │
│  │ check_permissions · request_access                       │   │
│  └──────────────────────────────────────────────────────────┘   │
└─────────────────────────────────────────────────────────────────┘
```

## Quick Start (for users)

Install and configure in one step:

```bash
pip install enablement-agent
enablement-agent configure
```

Or if you use `uvx` (recommended):

```bash
uvx enablement-agent configure
```

This writes your `~/.kiro/settings/mcp.json` with:

```json
{
  "mcpServers": {
    "enablement-agent": {
      "command": "uvx",
      "args": ["enablement-agent", "serve"],
      "env": {
        "AWS_REGION": "us-east-1"
      },
      "disabled": false,
      "autoApprove": ["ask", "status"]
    }
  }
}
```

Or add it manually — that's the whole config.

**Prerequisites:** AWS credentials configured (`midway` or `~/.aws/config`) with access to the shared S3 bucket, OpenSearch, and Bedrock.

## Deployment

Two modes:

### Local (stdio) — current default
Users install from PyPI and run locally. Shared backend (S3, OpenSearch, Bedrock) is accessed directly via AWS credentials.

### Centralized (SSE) — future
Once a domain + HTTPS cert is provisioned, the server can run on ECS Fargate with SSE transport. Users would just add a URL to their mcp.json.

### Backend Infrastructure (shared, required for both modes)

Deploy with CDK:

```bash
cd infra/
pip install aws-cdk-lib constructs
cdk deploy
```

### Environment Variables

| Variable | Description |
|----------|-------------|
| `OPENSEARCH_ENDPOINT` | OpenSearch Serverless collection endpoint |
| `S3_BUCKET` | S3 bucket name for content storage |
| `AWS_REGION` | AWS region (default: us-east-1) |
| `HIGHSPOT_API_KEY` | Highspot API key (or loaded from Secrets Manager) |
| `LOG_LEVEL` | Logging level (default: INFO) |

## Development

```bash
# Install with dev dependencies
pip install -e ".[dev]"

# Run tests
pytest

# Lint
ruff check .

# Type check
mypy enablement_agent/
```

## Modules

| Module | Purpose |
|--------|---------|
| `orchestrator.py` | Central coordinator, request routing, background jobs |
| `mcp_tools.py` | FastMCP tool registration (9 tools) |
| `search.py` | Hybrid BM25 + vector + metadata search engine |
| `vector_store.py` | OpenSearch Serverless knn integration |
| `query_handler.py` | NL question answering with LLM synthesis |
| `ingestion.py` | 4 ingestion pipelines |
| `content_registry.py` | Metadata store with CRUD and bulk queries |
| `freshness_monitor.py` | Staleness detection and auto-refresh |
| `rls_guard.py` | Unified RLS enforcement via Galaxi |
| `permissions_cache.py` | TTL cache for RLS permission lookups |
| `wiki_scraper.py` | Wiki page discovery and change detection |
| `highspot_scraper.py` | Highspot spot monitoring |
| `config.py` | All configuration constants and enums |
| `cli.py` | CLI entry point (serve, configure, health) |

## RLS (Row-Level Security)

Content containing customer data is automatically classified:

- **NONE** — General enablement, open to all ASP/SMGS
- **TERRITORY** — Contains territory-level customer data
- **PARTNER** — Contains partner-specific data (SPMS IDs)
- **BROAD** — Requires Geo+ level access (L8 approval)

Blocked content is always *visible* (title + lock icon) but redacted. Users get links to request access.

## Freshness

Content is flagged stale after 4 months (120 days) without update. Wiki and Highspot sources auto-refresh when the source changes. Notifications go to the `enablement-freshness-alerts` channel.
