# Agentic Data Plane - Full Markdown Export > This file contains all Agentic Data Plane documentation pages in markdown format for AI agent consumption. > Generated from 120 pages on 2026-06-15T17:51:23.304Z > Component: agentic-data-plane | Version: > Site: https://docs.redpanda.com ## About This Export This export includes the **latest version** () of the Agentic Data Plane documentation. ### AI-Friendly Documentation Formats We provide multiple formats optimized for AI consumption: - **https://docs.redpanda.com/llms.txt**: Curated overview of all Redpanda documentation - **https://docs.redpanda.com/llms-full.txt**: Complete documentation export with all components - **https://docs.redpanda.com/agentic-data-plane-full.txt**: This file - Agentic Data Plane documentation only - **Individual markdown pages**: Each HTML page has a corresponding .md file --- # Page 1: Connect Data & Tools **URL**: https://docs.redpanda.com/agentic-data-plane/connect.md --- # Connect Data & Tools > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Connect Data & Tools latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: index page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: index.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/index.adoc description: Connect agents, MCP servers, and the apps and data sources behind them. page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-08" --- Bring your agents, tools, and data into the Agentic Data Plane. Build agents, connect MCP servers, set up authentication, and integrate with your existing stack. - [Connect Tools with MCP Servers](mcp-servers/) Learn how MCP servers expose tools and data to agents, then plug in a managed type or build, register, and test your own. - [Set Up Authentication](authentication/) Configure OAuth providers, user-delegated OAuth, and client connections so agents and tools authenticate securely. - [Integrate with Your Stack](integrations/) Choose an integration pattern and connect the Agentic Data Plane to your existing stack, Redpanda pipelines, and developer tools. --- # Page 2: Connect Agents with A2A **URL**: https://docs.redpanda.com/agentic-data-plane/connect/a2a-concepts.md --- # Connect Agents with A2A > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Connect Agents with A2A latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: a2a-concepts page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: a2a-concepts.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/a2a-concepts.adoc description: The A2A protocol enables agents to discover and call each other across platforms. Learn how agent cards, authentication, and protocol versioning work in ADP. page-topic-type: concepts personas: agent_builder learning-objective-1: Describe the A2A protocol and its role in agent communication learning-objective-2: Explain how agent cards enable discovery learning-objective-3: Identify how authentication secures agent communication page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- The Agent-to-Agent (A2A) protocol is an open standard that defines how agents discover, communicate with, and call each other across platforms. Each A2A-compliant agent exposes a machine-readable agent card at a well-known URL, describing its capabilities and how to authenticate with it. Callers fetch the card at runtime, so they reach any A2A agent without prior knowledge of its implementation, and agents can update their capabilities without breaking existing callers. In Redpanda ADP, A2A enables two integration paths: external applications and agents calling ADP agents over HTTP, and Redpanda Connect pipelines invoking agents for each event in a stream. After reading this page, you will be able to: - Describe the A2A protocol and its role in agent communication - Explain how agent cards enable discovery - Identify how authentication secures agent communication ## [](#what-is-the-a2a-protocol)What is the A2A protocol? The Agent-to-Agent (A2A) protocol is an open standard that defines how agents discover, communicate with, and invoke each other. Agents that implement A2A expose their capabilities through a standardized agent card. This allows other systems to interact with them without prior knowledge of their implementation. The protocol provides: - Standardized discovery: Agent cards describe capabilities in a machine-readable format. - Platform independence: Any system can call any A2A-compliant agent. - Version negotiation: Protocol versions ensure compatibility between agents. - Communication mode flexibility: Supports synchronous request/response and streaming. For the complete specification, see [a2a.ag/spec](https://a2a.ag/spec). ## [](#agent-cards)Agent cards Every A2A-compliant agent exposes an agent card at a well-known URL. The agent card is a JSON document that describes what the agent can do and how to interact with it. For the complete agent card specification, see [Agent Card documentation](https://agent2agent.info/docs/concepts/agentcard/). ### [](#agent-card-location)Agent card location ADP agents expose their agent cards at the `/.well-known/agent-card.json` subpath of the agent URL. You can find the agent URL on the **Agents** page. For example, if your agent URL is `https://my-agent.ai-agents.abc123.cloud.redpanda.com`, your agent card URL is `https://my-agent.ai-agents.abc123.cloud.redpanda.com/.well-known/agent-card.json`. The `.well-known` path follows internet standards for service discovery, making agents discoverable without configuration. The agent card is served without authentication. The A2A protocol requires the discovery card to be publicly reachable, because a caller fetches it to learn how to authenticate with the agent. Invoking the agent still requires authentication. For details, see the [Authentication](#authentication) section. To configure the agent card, see [Configure A2A discovery metadata](https://docs.redpanda.com/agentic-data-plane/connect/create-agent/#configure-a2a-discovery-metadata-optional). ## [](#where-a2a-is-used-in-adp)Where A2A is used in ADP ADP uses the A2A protocol in two contexts: ### [](#external-integration)External integration External applications and agents hosted outside ADP use A2A to call ADP agents. This includes backend services, CLI tools, custom UIs, and agents hosted on other platforms. For integration pattern guidance, see [Choose an Integration Pattern](https://docs.redpanda.com/agentic-data-plane/connect/integration-overview/). ### [](#internal-pipeline-to-agent-integration)Internal pipeline-to-agent integration Redpanda Connect pipelines use the [`a2a_message`](https://docs.redpanda.com/cloud-data-platform/develop/connect/components/processors/a2a_message/) processor to invoke agents for each event in a stream. This enables real-time interaction between streaming data and AI agents, enabling use cases like: - Real-time fraud detection on every transaction. - Streaming data enrichment with AI-generated fields. - Event-driven agent invocation for automated processing. The `a2a_message` processor uses the A2A protocol internally to discover and call agents. For pipeline patterns, see [Integrate with Redpanda Pipelines](https://docs.redpanda.com/agentic-data-plane/connect/pipeline-integration-patterns/). ## [](#how-agents-discover-each-other)How agents discover each other A2A enables dynamic discovery without hardcoded configuration: 1. The caller fetches the agent card from the well-known URL. 2. The caller checks the protocol version and supported communication modes. 3. The caller uses the input schema from the agent card to format the request properly. 4. The caller sends the request to the agent’s endpoint. This discovery model allows: - New agents to become available immediately after deployment - Existing agents to update their capabilities while callers adapt dynamically - Callers to understand exactly what agents do through self-describing agent cards ## [](#authentication)Authentication A2A-compliant agents require authentication to prevent unauthorized access. The agent card is the exception. ADP serves the card at the `/.well-known/agent-card.json` subpath without authentication, so that callers can discover how to authenticate before they hold a token. Every other request to the agent, including agent invocation, requires a valid access token. ADP agents use OAuth2 client credentials flow. When you create an agent, the system provisions a service account with a client ID and secret. External callers use these credentials to obtain access tokens: 1. Agent creation automatically provisions a service account with credentials. 2. Applications exchange the client ID and secret for a time-limited access token through OAuth2. 3. Applications include the access token in the Authorization header when calling the agent endpoint. 4. When tokens expire, applications exchange credentials again for a new token. This flow ensures: - Credentials stay secure: Applications never send them directly to agents, only access tokens. - Exposure is limited: Tokens expire, reducing the window for compromised credentials. - Integration is standard: Applications can use existing OAuth2 libraries. ### [](#external-integration-2)External integration External applications must authenticate using the service account credentials. Each agent has its own service account. For step-by-step authentication instructions, see [Authentication](https://docs.redpanda.com/cloud-data-platform/security/cloud-authentication/). ### [](#internal-integration)Internal integration The `a2a_message` processor handles authentication automatically. Pipelines don’t need to manage credentials explicitly because they run within ADP with appropriate permissions. ## [](#protocol-versions)Protocol versions The A2A protocol uses semantic versioning (major.minor.patch). Agents declare their supported version in the agent card. ## [](#next-steps)Next steps - [Choose an Integration Pattern](https://docs.redpanda.com/agentic-data-plane/connect/integration-overview/) - [Create an Agent](https://docs.redpanda.com/agentic-data-plane/connect/create-agent/) --- # Page 3: How Agents Work **URL**: https://docs.redpanda.com/agentic-data-plane/connect/agents-overview.md --- # How Agents Work > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: How Agents Work latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: agents-overview page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: agents-overview.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/agents-overview.adoc description: Learn how ADP agents use a declarative approach backed by a broad library of prebuilt tools and integrations to replace custom agent code. page-topic-type: overview personas: agent_builder, platform_engineer learning-objective-1: Describe what AI agents are and their essential components learning-objective-2: Explain how ADP streaming infrastructure benefits agent architectures learning-objective-3: Identify use cases where ADP agents provide value page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- Redpanda ADP AI agents take a declarative approach: instead of writing Python or JavaScript agent code, you declare the behavior you want by selecting an LLM, writing a system prompt, and attaching prebuilt tools and integrations. The framework handles execution, tool orchestration, and scaling, backed by real-time streaming infrastructure and built-in filtering and data enrichment. After reading this page, you will be able to: - Describe what AI agents are and their essential components - Explain how ADP streaming infrastructure benefits agent architectures - Identify use cases where ADP agents provide value ## [](#what-is-an-ai-agent)What is an AI agent? An AI agent is a system built around a [large language model (LLM)](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#large-language-model-llm) that interprets user intent, selects the right tools, and chains multiple steps into a workflow. In ADP, agents are declarative: you configure the agent’s role, constraints, and available tools rather than writing imperative agent code. Agents reach tools through MCP servers, and Redpanda Connect provides the real-time streaming and data-processing capabilities the framework orchestrates for you. ## [](#declarative-agent-components)Declarative agent components When you create an agent, you configure the components through ADP rather than writing code: - **System prompt**: Defines the agent’s role, responsibilities, and constraints - **LLM**: Interprets user intent and decides which tools to invoke - **Tools**: External capabilities exposed through the [Model Context Protocol (MCP)](https://docs.redpanda.com/agentic-data-plane/connect/mcp-overview/) - **Context**: Conversation history, tool results, and real-time events from Redpanda topics Agents reach these tools through MCP servers. Redpanda Connect pipelines can also invoke agents for event-driven processing, so agents support both interactive workflows and automated streaming. When a user makes a request, the LLM receives the system prompt and context, decides which tools to invoke, and processes the results. This cycle repeats until the task completes. For a deeper understanding of how agents execute, manage context, and maintain state, see [Understand Agent Concepts](https://docs.redpanda.com/agentic-data-plane/connect/concepts/). ## [](#key-benefits)Key benefits ADP agents are designed to reduce the infrastructure and integration work of building production AI systems. - Declarative configuration: Configure agent behavior instead of coding it, with access to a broad library of prebuilt tools and integrations for data sources, APIs, and services. - Real-time streaming data: Agents access live events instead of batch snapshots. - [Remote MCP](https://docs.redpanda.com/agentic-data-plane/connect/mcp-overview/) support: Standardized tool access across any MCP-compatible server. - Managed infrastructure: Deployment, scaling, and security handled for you. - Low-latency execution: Tools run close to your data. - Integrated secrets management: API keys and credentials stored securely. ## [](#use-cases)Use cases ADP AI agents unlock new capabilities across multiple fields. ### [](#for-ai-agent-developers)For AI agent developers Build agents grounded in real-time data instead of static snapshots. Connect your agent to live order status, inventory levels, and customer history so responses reflect current business state, not stale training data. ### [](#for-application-developers)For application developers Add conversational AI to existing applications without rebuilding your backend. Expose your services as MCP tools and let agents orchestrate complex multi-step workflows through natural language. ### [](#for-streaming-developers)For streaming developers Process every event with AI reasoning at scale. Invoke agents automatically from pipelines for fraud detection, content moderation, or sentiment analysis. No batch jobs, no delayed insights. ## [](#limitations)Limitations - MCP servers must be hosted in ADP - Cross-agent calling between separate agents is not supported. Use internal subagents for delegation within a single agent. ## [](#next-steps)Next steps - [Redpanda ADP Quickstart](https://docs.redpanda.com/agentic-data-plane/get-started/adp-quickstart/) - [Understand Agent Concepts](https://docs.redpanda.com/agentic-data-plane/connect/concepts/) - [Create an Agent](https://docs.redpanda.com/agentic-data-plane/connect/create-agent/) --- # Page 4: Build Agents **URL**: https://docs.redpanda.com/agentic-data-plane/connect/agents.md --- # Build Agents > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Build Agents latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: agents page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: agents.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/agents.adoc description: Understand how AI agents work in the Agentic Data Plane, then create, register, and design them. page-git-created-date: "2026-06-01" page-git-modified-date: "2026-06-01" --- Agents are the workloads that call LLMs and tools through the Agentic Data Plane. Start with how agents work, then create a declarative agent, register one you run yourself, and apply architecture and system-prompt best practices. - [How Agents Work](https://docs.redpanda.com/agentic-data-plane/connect/agents-overview/) Learn how ADP agents use a declarative approach backed by a broad library of prebuilt tools and integrations to replace custom agent code. - [Understand Agent Concepts](https://docs.redpanda.com/agentic-data-plane/connect/concepts/) Understand how declaratively configured agents execute reasoning loops, manage context, invoke tools, and handle errors. - [Connect Agents with A2A](https://docs.redpanda.com/agentic-data-plane/connect/a2a-concepts/) The A2A protocol enables agents to discover and call each other across platforms. Learn how agent cards, authentication, and protocol versioning work in ADP. - [Choose an Agent Architecture](https://docs.redpanda.com/agentic-data-plane/connect/architecture-patterns/) Design maintainable agent systems with single-agent and multi-agent patterns based on domain complexity. - [Write Effective System Prompts](https://docs.redpanda.com/agentic-data-plane/connect/system-prompts/) Write system prompts that produce reliable, predictable agent behavior through clear constraints and tool guidance. - [Create an Agent](https://docs.redpanda.com/agentic-data-plane/connect/create-agent/) Configure an ADP agent declaratively through the create form. No Python or JavaScript code required. - [Register Your Own Agent (BYOA)](https://docs.redpanda.com/agentic-data-plane/connect/byoa-register/) Register a self-managed agent so it appears in the ADP agent registry, with its telemetry and cost attributed alongside managed agents. - [Trigger Agents from External Channels](https://docs.redpanda.com/agentic-data-plane/connect/triggers/overview/) Triggers connect a deployed agent to the outside world, so people and systems can invoke it without calling its API directly. --- # Page 5: Choose an Agent Architecture **URL**: https://docs.redpanda.com/agentic-data-plane/connect/architecture-patterns.md --- # Choose an Agent Architecture > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Choose an Agent Architecture latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: architecture-patterns page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: architecture-patterns.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/architecture-patterns.adoc description: Design maintainable agent systems with single-agent and multi-agent patterns based on domain complexity. page-topic-type: best-practices personas: agent_builder learning-objective-1: Evaluate single-agent versus multi-agent architectures for your use case learning-objective-2: Choose appropriate LLM models based on task requirements learning-objective-3: Apply agent boundary design principles for maintainability page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- Design agent systems that are maintainable, discoverable, and reliable by choosing the right architecture pattern and applying clear boundary principles. After reading this page, you will be able to: - Evaluate single-agent versus multi-agent architectures for your use case - Choose appropriate LLM models based on task requirements - Apply agent boundary design principles for maintainability ## [](#why-architecture-matters)Why architecture matters Agent architecture determines how you manage complexity as your system grows. The right pattern depends on your domain complexity, organizational structure, and how you expect requirements to evolve. Starting with a simple architecture is tempting, but can lead to unmaintainable systems as complexity increases. Planning for growth with clear boundaries prevents technical debt and costly refactoring later. Warning signs that you need architectural boundaries, not just better prompts: - System prompts exceeding 2000 words - Too many tools for the LLM to select correctly - Multiple teams modifying the same agent - Changes in one domain breaking others Match agent architecture to domain structure: | Domain Characteristics | Architecture | Pros | Cons | | --- | --- | --- | --- | | Single business area, stable requirements | Single agent | Simple to build and maintain, one deployment, lower latency | Limited flexibility, difficult to scale to multi-domain problems | | Multiple business areas, shared infrastructure | Root agent with internal subagents | Separation of concerns, easier debugging, shared resources reduce cost | Single point of failure, all subagents constrained to same model and budget | | Cross-organization workflows, independent evolution | External agent-to-agent | Independent deployment and scaling, security isolation, flexible infrastructure | Network latency, authentication complexity, harder to debug across boundaries | Every architecture pattern involves trade-offs. - **Latency versus isolation:** Internal subagents have lower latency because they avoid network calls, but they share a failure domain. External agents have higher latency due to network overhead, but they provide independent failure isolation. - **Shared state versus independence:** Single deployments share model, budget, and policies but offer less flexibility. Multiple deployments allow independent scaling and updates but add coordination complexity. - **Complexity now versus complexity later:** Starting simple means faster initial development but may require refactoring. Starting structured requires more upfront work but makes the system easier to extend. For foundational concepts on how agents execute and manage complexity, see [Understand Agent Concepts](https://docs.redpanda.com/agentic-data-plane/connect/concepts/). ## [](#single-agent-pattern)Single-agent pattern A single-agent architecture uses one agent with one system prompt and one tool set to handle all requests. This pattern works best for narrow domains with limited scope, single data sources, and tasks that don’t require specialized subsystems. ### [](#when-to-use-single-agents)When to use single agents Use single agents for focused problems that won’t expand significantly. Examples include order lookup agents that retrieve history from a single topic, weather agents that query APIs and return formatted data, and inventory checkers that report stock levels. ### [](#trade-offs)Trade-offs Single agents are simpler to build and maintain. You have one system prompt, one tool set, and one deployment. However, all capabilities must coexist in one agent. Adding features increases complexity rapidly, making single agents difficult to scale to multi-domain problems. > 💡 **TIP** > > You can migrate from a single agent to a root agent with subagents without starting over. Add subagents to an existing agent in Redpanda ADP, then gradually move tools and responsibilities to the new subagents. ## [](#root-agent-with-subagents-pattern)Root agent with subagents pattern A multi-agent architecture uses a root agent that delegates to specialized internal subagents. This pattern works for complex domains spanning multiple areas, multiple data sources with different access patterns, and tasks requiring specialized expertise within one deployment. > 📝 **NOTE** > > Subagents in ADP are internal specialists within a single agent. They share the parent agent’s model, budget, and policies, but each can have different names, descriptions, system prompts, and MCP tools. ### [](#how-it-works)How it works The root agent interprets user requests and routes them to appropriate subagents. Each subagent owns a specific business area with focused expertise. Subagents access only the MCP tools they need. All subagents share the same LLM model and budget from the parent agent. ### [](#example-e-commerce-platform)Example: E-commerce platform A typical e-commerce agent includes a root agent that interprets requests and delegates to specialists, an order subagent for processing, history, and status updates, an inventory subagent for stock checks and warehouse operations, and a customer subagent for profiles, preferences, and history. All subagents share the same model but have different system prompts and tool access. ### [](#why-choose-internal-subagents)Why choose internal subagents Internal subagents provide domain isolation, allowing you to update the order subagent without affecting inventory. Debugging is easier because each subagent has narrow scope and fewer potential failure points. All subagents share resources, reducing complexity and cost compared to separate deployments. Use internal subagents when you need domain separation within a single agent deployment. ## [](#external-agent-to-agent-pattern)External agent-to-agent pattern External A2A integration connects agents across organizational boundaries, platforms, or independent systems. > 📝 **NOTE** > > Cross-agent calling between separate ADP agents is not supported. This pattern only applies to connecting ADP agents with external agents you host elsewhere. ### [](#when-to-use-external-a2a)When to use external A2A Use external [Agent2Agent (A2A) protocol](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#agent2agent-a2a-protocol) for multi-organization workflows that coordinate agents across company boundaries, for platform integration connecting ADP agents with agents hosted elsewhere, and when agents require different deployment environments such as GPU clusters, air-gapped networks, or regional constraints. ### [](#how-it-works-2)How it works Agents communicate using the [A2A protocol](https://docs.redpanda.com/agentic-data-plane/connect/a2a-concepts/), a standard HTTP-based protocol for discovery and invocation. Each agent manages its own credentials and access control independently, and can deploy, scale, and update without coordinating with other agents. Agent cards define capabilities without exposing implementation details. ### [](#example-multi-platform-customer-service)Example: Multi-platform customer service A customer service workflow might span multiple platforms: - ADP agent accesses real-time order and inventory data - CRM agent hosted elsewhere manages customer profiles and support tickets - Payment agent from a third party handles transactions in a secure environment Each agent runs on its optimal infrastructure while coordinating through A2A. ### [](#why-choose-external-a2a)Why choose external A2A External A2A lets different teams own and deploy their agents independently, with each agent choosing its own LLM, tools, and infrastructure. Sensitive operations stay in controlled environments with security isolation, and you can add agents incrementally without rewriting existing systems. ### [](#trade-offs-2)Trade-offs External A2A adds network latency on every cross-agent call, and authentication complexity multiplies with each agent requiring credential management. Removing capabilities or changing contracts requires coordination across consuming systems, and debugging requires tracing requests across organizational boundaries. For implementation details on external A2A integration, see [Choose an Integration Pattern](https://docs.redpanda.com/agentic-data-plane/connect/integration-overview/). ## [](#common-anti-patterns)Common anti-patterns Avoid these architecture mistakes that lead to unmaintainable agent systems. ### [](#the-monolithic-prompt)The monolithic prompt A monolithic prompt is a single 3000+ word system prompt covering multiple domains. This pattern fails because: - LLM confusion increases with prompt length - Multiple teams modify the same prompt creating conflicts and unclear ownership - Changes to one domain risk breaking others Split into domain-specific subagents instead. Each subagent gets a focused prompt under 500 words. ### [](#the-tool-explosion)The tool explosion A tool explosion occurs when a single agent has too many tools from every MCP server in the environment. This pattern fails because: - The LLM struggles to choose correctly from large tool sets - Tool descriptions compete for limited prompt space - The agent invokes wrong tools with similar names, wasting iteration budget on selection mistakes Limit tools per agent to 10-15 for optimal performance. Agents with more than 20-25 tools often show degraded tool selection accuracy. Use subagents to partition tools by domain. For tool design patterns, see [How MCP Servers Work](https://docs.redpanda.com/agentic-data-plane/connect/mcp-overview/). ### [](#premature-a2a-splitting)Premature A2A splitting Premature splitting creates three separate A2A agents when all logic could fit in one agent with internal subagents. This pattern fails because: - Network latency affects every cross-agent call - Authentication complexity multiplies with three sets of credentials - Debugging requires correlating logs across systems - You manage three deployments instead of one Start with internal subagents for domain separation. Split to external A2A only when you need organizational boundaries or different infrastructure. ### [](#unbounded-tool-chaining)Unbounded tool chaining Unbounded chaining sets max iterations to 100, returns hundreds of items from tools, and places no constraints on tool call frequency. This pattern fails because: - The context window fills with tool results - Requests time out before completion - Costs spiral with many iterations multiplied by large context - The agent loses track of the original goal For best results: - Design workflows to complete in 20-30 iterations - Return paginated results from tools - Add prompt constraints like "Never call the same tool more than 3 times per request" ## [](#model-selection-guide)Model selection guide Choose models based on task complexity, latency requirements, and cost constraints. ADP displays available models with descriptions when creating agents. ### [](#match-models-to-task-complexity)Match models to task complexity For simple queries, choose cost-effective models such as GPT-5 Mini. For balanced workloads, choose mid-tier models such as Claude Sonnet 4.5 or GPT-5.2. For complex reasoning, choose premium models such as Claude Opus 4.5 or GPT-5.2. ### [](#balance-latency-and-model-size)Balance latency and model size For real-time responses, choose smaller models. Use models optimized for speed, such as Mini or base tiers. For batch processing, optimize for accuracy over speed. Use larger models when users aren’t waiting for results. ### [](#optimize-for-cost-and-volume)Optimize for cost and volume For high volume, use cost-effective models. Smaller tiers reduce costs while maintaining acceptable quality. For critical accuracy, use premium models. Higher costs are justified when errors are costly. ### [](#model-provider-documentation)Model provider documentation For complete model specifications, capabilities, and pricing: - [OpenAI Models](https://platform.openai.com/docs/models) - [Anthropic Claude Models](https://docs.anthropic.com/claude/docs/models-overview) - [Google Gemini Models](https://ai.google.dev/gemini-api/docs/models) - [AWS Bedrock Models](https://docs.aws.amazon.com/bedrock/latest/userguide/models-supported.html) ## [](#design-principles)Design principles Follow these principles to create maintainable agent systems. ### [](#explicit-agent-boundaries)Explicit agent boundaries Each agent should have clear scope and responsibilities. Define scope explicitly in the system prompt, assign a specific tool set for the agent’s domain, and specify well-defined inputs and outputs. Do not create agents with overlapping responsibilities. Overlapping domains create confusion about which agent handles which requests. ### [](#tool-scoping-per-agent)Tool scoping per agent Assign tools to the agent that needs them. Don’t give all agents access to all tools. Limit tool access based on agent purpose. Tool scoping reduces misuse risk and makes debugging easier. ### [](#error-handling-and-fallbacks)Error handling and fallbacks Design agents to handle failures gracefully. Use retry logic for transient failures like network timeouts. Report permanent failures like invalid parameters immediately. Provide clear error messages to users. Log errors for debugging. ## [](#next-steps)Next steps - [Choose an Integration Pattern](https://docs.redpanda.com/agentic-data-plane/connect/integration-overview/) - [Connect Agents with A2A](https://docs.redpanda.com/agentic-data-plane/connect/a2a-concepts/) - [How MCP Servers Work](https://docs.redpanda.com/agentic-data-plane/connect/mcp-overview/) --- # Page 6: Set Up Authentication **URL**: https://docs.redpanda.com/agentic-data-plane/connect/authentication.md --- # Set Up Authentication > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Set Up Authentication latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: authentication page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: authentication.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/authentication.adoc description: Configure OAuth providers, user-delegated OAuth, and client connections so agents and tools authenticate securely. page-git-created-date: "2026-06-01" page-git-modified-date: "2026-06-01" --- Agents and tools authenticate through OAuth. Configure an OAuth provider, enable user-delegated access so agents act as the signed-in user, and connect remote MCP clients. - [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/) Register an OAuth provider in ADP so MCP servers can authenticate users (or service accounts) against an upstream system like Slack, Jira, GitHub, or Salesforce. - [Configure User-Delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/) Have each end-user authenticate against the MCP server's upstream system with their own credentials. Redpanda stores their token in the vault and injects it at call time. - [Set Up GitHub OAuth Provider and MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/github-oauth-tutorial/) Complete walkthrough for configuring GitHub as an OAuth provider and creating a user-delegated GitHub MCP server. - [Connect Remote MCP Clients](https://docs.redpanda.com/agentic-data-plane/connect/remote-mcp-clients/) Connect external MCP clients (Claude Desktop, ChatGPT desktop, Gemini Apps) to MCP servers hosted in AI Gateway. Covers the architecture (MCP server, OAuth Provider, OAuth Client) and the OAuth flow that runs end-to-end. --- # Page 7: Register Your Own Agent (BYOA) **URL**: https://docs.redpanda.com/agentic-data-plane/connect/byoa-register.md --- # Register Your Own Agent (BYOA) > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Register Your Own Agent (BYOA) latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: byoa-register page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: byoa-register.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/byoa-register.adoc description: Register a self-managed agent so it appears in the ADP agent registry, with its telemetry and cost attributed alongside managed agents. page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Choose between a self-managed (BYOA) and a Redpanda-managed agent for your use case learning-objective-2: Register a self-managed agent so it appears in the agent registry learning-objective-3: Identify the telemetry and service-account model that attributes a self-managed agent's activity in ADP page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- Register a self-managed agent with Redpanda ADP to bring it under the same observability and governance as managed agents. Your agent gains registry visibility, transcript capture, and cost attribution without moving off your own infrastructure. Registration creates a metadata record: ADP does not host, run, or proxy calls to your agent. After completing this guide, you will be able to: - Choose between a self-managed (BYOA) and a Redpanda-managed agent for your use case - Register a self-managed agent so it appears in the agent registry - Identify the telemetry and service-account model that attributes a self-managed agent’s activity in ADP ## [](#when-to-use-byoa-versus-a-managed-agent)When to use BYOA versus a managed agent The two models differ in who runs the agent, who owns scaling, and how the agent is defined. | Question | Choose BYOA when… | Choose a managed agent when… | | --- | --- | --- | | Where does your agent run? | You have an existing runtime (LangGraph, custom Go, and so on) you want to keep, and you run it yourself. | You want Redpanda to host and operate the agent runtime for you. | | How is the agent defined? | It’s already coded; you don’t want to translate it into the declarative agent format. | You want a declarative agent you configure through the ADP wizard, with no runtime code to maintain. | | Who scales and operates it? | Your team owns scaling, deploys, and the failure model. | Redpanda owns the runtime; you reason about the agent definition only. | | What are you optimizing for? | Maximum control over runtime, libraries, networking, with governance and observability layered on. | Time-to-first-running-agent and built-in observability without integration work. | If you have a Redpanda-managed agent today and you’re considering BYOA, you don’t have to migrate; the two coexist in the same registry and the same dashboard. ## [](#what-registration-gives-you)What registration gives you When a self-managed agent is registered: - It appears on the **Agents** page alongside managed agents, and in cost-attribution queries. - A service-account identity is created for the agent at registration. Mint credentials for it to authenticate the agent’s calls to AI Gateway and its telemetry ingestion. Credential issuance follows the same pattern as managed agents. See [Service account authorization](https://docs.redpanda.com/agentic-data-plane/connect/concepts/#service-account-authorization). Registration does not make the Agentic Data Plane run your agent or route requests to it. The agent runs in your infrastructure, and any clients (including other agents) call it directly. ## [](#prerequisites)Prerequisites Before you register a self-managed agent, make sure you have: - An agent running in your own infrastructure. - The agent instrumented with OpenTelemetry, emitting the minimum required spans contract with its registered name as the `service.name`. See [BYOA telemetry](https://docs.redpanda.com/agentic-data-plane/monitor/byoa-telemetry/). - The `dataplane_adp_agent_create` permission, granted by the Writer built-in role. See [Agent management permissions](https://docs.redpanda.com/agentic-data-plane/control/permissions-reference/#agent-management-permissions). - A name for the agent that follows DNS-1123 conventions (1 to 63 characters, lowercase letters, numbers, and hyphens, starting with a letter). The name is immutable after registration. ## [](#register-the-agent)Register the agent You can register a self-managed agent from the **Agents** page in the console, with the `rpk` CLI, or through `AgentRegistryService.CreateAgent`. The registration carries the agent’s metadata, and you leave the agent-type configuration unset: | Field | What it carries | | --- | --- | | name | DNS-1123 identifier. Immutable. Used in the registry, in cost-attribution queries, and as the agent’s resource identifier. | | display_name | Human-readable label shown in the UI. Editable later. | | description | Free-text description of what the agent does. Editable later. | | tags | Optional key/value labels (up to 50 pairs). Useful for filtering agents in cost-attribution queries. | | agent_type | Leave unset. Populating the managed arm creates a Redpanda-managed agent instead; leaving the whole field unset registers a self-managed (BYOA) metadata record. | Once registered, your agent appears on the **Agents** page. The first time it serves a request and emits telemetry, transcripts begin populating. ## [](#make-your-agent-callable-by-other-agents-optional)Make your agent callable by other agents (optional) If you want other agents or clients to call your agent, expose a standard [A2A protocol](https://a2aproject.org/) endpoint on your own infrastructure (an agent-card document at `/.well-known/agent-card.json`, plus the A2A message endpoints). Callers reach your agent directly at its own address. The Agentic Data Plane does not proxy A2A traffic to self-managed agents; its A2A reverse proxy serves Redpanda-managed agents only. For the agent-card schema and the A2A message-endpoint shapes, see [Agent-to-agent concepts](https://docs.redpanda.com/agentic-data-plane/connect/a2a-concepts/). ## [](#verify-the-registration)Verify the registration After registering, confirm the following end-to-end: 1. **Registry**: The agent appears on the **Agents** page and in cost-attribution queries. At the API level, confirm `AgentRegistryService.ListAgents` returns it. 2. **Telemetry**: Open the transcripts list, filter by your agent’s `service.name`, and confirm a recent execution shows up with non-zero token counts and a non-empty conversation ID. If it doesn’t, see [BYOA telemetry](https://docs.redpanda.com/agentic-data-plane/monitor/byoa-telemetry/) troubleshooting. ## [](#troubleshooting)Troubleshooting | Symptom | What to check | | --- | --- | | Agent registered but doesn’t appear on the Agents page | Confirm AgentRegistryService.ListAgents returns the agent. If ListAgents is empty, the registration didn’t persist; retry. | | Transcripts list shows the agent column blank for your agent’s runs | Your agent’s OpenTelemetry service.name resource attribute doesn’t match the registered name, or isn’t being emitted at all. See BYOA telemetry. | ## [](#limitations)Limitations This page does not cover: - **Building the agent itself.** Bring whatever runtime, framework, and language you want. The integration points (telemetry attributes plus the registry record) are what make it visible in ADP. - **Tool use through MCP.** If your agent calls MCP servers hosted in AI Gateway, see [MCP Servers](https://docs.redpanda.com/agentic-data-plane/connect/mcp-overview/) for the consumer-side flow. Tool calls appear in your agent’s transcript when MCP servers emit their own spans. - **Gateway-proxied A2A routing.** The Agentic Data Plane does not route A2A calls to self-managed agents; that is a managed-agent capability. Clients call your agent directly. - **Migration from a managed declarative agent to BYOA.** The two coexist; BYOA is for agents that already exist outside the managed runtime, not for re-platforming existing managed agents. ## [](#next-steps)Next steps - [Agent-to-agent concepts](https://docs.redpanda.com/agentic-data-plane/connect/a2a-concepts/) - [BYOA telemetry](https://docs.redpanda.com/agentic-data-plane/monitor/byoa-telemetry/) - [Create a declarative agent](https://docs.redpanda.com/agentic-data-plane/connect/create-agent/) --- # Page 8: Use Claude Code with Redpanda ADP **URL**: https://docs.redpanda.com/agentic-data-plane/connect/claude-code.md --- # Use Claude Code with Redpanda ADP > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Use Claude Code with Redpanda ADP latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: claude-code page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: claude-code.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/claude-code.adoc description: Route Claude Code through an ADP Anthropic provider for centralized credentials, usage tracking, and transcript logging. Optionally attach ADP-hosted MCP servers. page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Configure Claude Code to call an Anthropic provider hosted in ADP instead of the public Anthropic API learning-objective-2: Attach ADP-hosted MCP servers to Claude Code so its tools resolve against your managed tool catalog learning-objective-3: Verify the connection and read usage page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- Claude Code is Anthropic’s command-line coding agent. When you point it at an AI Gateway proxy URL instead of the public Anthropic API, your team’s LLM calls flow through ADP: API keys stay in the dataplane secret store, usage rolls up on the **Cost & Usage** page, and the calls land in [the Transcripts view](https://docs.redpanda.com/agentic-data-plane/monitor/transcripts/) for investigation. After completing this guide, you will be able to: - Configure Claude Code to call an Anthropic provider hosted in ADP instead of the public Anthropic API - Attach ADP-hosted MCP servers to Claude Code so its tools resolve against your managed tool catalog - Verify the connection and read usage ## [](#when-to-use-adp-with-claude-code)When to use ADP with Claude Code Use this integration when you want to: - Pull Anthropic API keys out of every developer’s shell and manage them centrally. - Track Claude Code spend per provider, model, and user without parsing each developer’s individual Anthropic invoice. - Apply per-provider transcript logging. For example, route a regulated team to a "no-logging" provider while keeping the default provider’s full conversation history available for review. - Forward each developer’s own Anthropic subscription token through ADP (Anthropic **Authorization passthrough**), so the existing Max- or Team-plan entitlement still applies but the call is observed by ADP. This guide does not cover building agents that **call** Claude Code. For that, see [Integration patterns overview](https://docs.redpanda.com/agentic-data-plane/connect/integration-overview/). ## [](#prerequisites)Prerequisites - An Anthropic LLM provider configured in ADP. If you haven’t created one, follow [Configure an LLM provider](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/) and pick **Anthropic** as the type. Enable at least one Claude model (for example, `claude-sonnet-4-6` or `claude-opus-4-7`) in the model picker. - Claude Code installed on the developer’s workstation. See [Anthropic’s Claude Code documentation](https://docs.anthropic.com/claude-code). - A Redpanda service account with permission to invoke the provider (`dataplane_adp_llmprovider_invoke`). See [LLM provider permissions](https://docs.redpanda.com/agentic-data-plane/control/permissions-reference/#llm-provider-permissions). Both shared-developer-tooling and per-developer setups use the same OIDC client-credentials grant; the differences are operational. ## [](#get-the-proxy-url)Get the proxy URL 1. Open **LLM Providers** in the sidebar. 2. Click into your Anthropic provider. 3. On the **Connection** card, copy the Proxy URL. It looks like: ```text https://aigw..clusters.rdpa.co/llm/v1/providers/ ``` The provider’s **Connect** tab also generates a ready-to-paste Claude Code configuration (environment variables or a settings-file snippet) pre-filled with this URL: pick `Claude Code` from the client dropdown. Use it instead of hand-editing if you want to skip the next section. ## [](#configure-claude-code)Configure Claude Code Claude Code reads the Anthropic base URL and an authentication token from environment variables. Set both to point at the ADP proxy URL. ### OIDC service account (default) Use the OIDC `client_credentials` grant to mint an access token, then hand the token to Claude Code through `ANTHROPIC_AUTH_TOKEN`. This is the same flow [Connect your app to AI Gateway](https://docs.redpanda.com/agentic-data-plane/gateway/connect-agent/) documents for SDK clients; the only thing different here is how Claude Code reads the token. 1. Mint an access token. The full cURL, Python, and Node.js examples live in [Authenticate with OIDC client credentials](https://docs.redpanda.com/agentic-data-plane/gateway/connect-agent/#authenticate-with-oidc-client-credentials). The short version: ```bash ANTHROPIC_AUTH_TOKEN=$(curl -s --request POST \ --url 'https://auth.prd.cloud.redpanda.com/oauth/token' \ --header 'content-type: application/x-www-form-urlencoded' \ --data grant_type=client_credentials \ --data client_id= \ --data client_secret= \ --data audience=cloudv2-production.redpanda.cloud | jq -r .access_token) export ANTHROPIC_AUTH_TOKEN ``` 2. Export the proxy URL: ```bash export ANTHROPIC_BASE_URL="https://aigw..clusters.rdpa.co/llm/v1/providers/" ``` 3. Launch Claude Code as you normally would. Calls flow through ADP. The token has a short TTL: re-mint when it expires. AI Gateway does not refresh OIDC tokens for you. For day-to-day work, wrap the mint-and-export in a shell function or sub-shell so you don’t have to remember the steps. ### Anthropic Authorization passthrough Use when developers authenticate to Anthropic with their own subscription (Max plan, Team plan, enterprise) and ADP only observes the call. 1. Confirm the provider has Authorization passthrough enabled. The Connection card on the provider detail page shows the current setting as `Auth passthrough`. If it is off, an admin needs to flip it. See [Anthropic: Authorization passthrough](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/#anthropic-authorization-passthrough). 2. Set the base URL but pass the developer’s own Anthropic key as the token: ```bash export ANTHROPIC_BASE_URL="https://aigw..clusters.rdpa.co/llm/v1/providers/" export ANTHROPIC_AUTH_TOKEN="" ``` AI Gateway forwards the `Authorization` header to Anthropic unchanged. Usage is still recorded against the provider on the **Cost & Usage** page; the upstream subscription bears the cost. > 📝 **NOTE** > > The model identifier Claude Code sends (for example, `claude-sonnet-4-6`) must be one your Anthropic provider exposes. If you see a "model not found" error, open the provider detail page, confirm the model is ticked in the catalog, and pass the exact identifier shown there. ## [](#attach-adp-hosted-mcp-servers-optional)Attach ADP-hosted MCP servers (optional) Claude Code can call MCP servers for tool access. To use the MCP servers you already host in ADP (managed catalog types, self-managed proxied servers, or both), register each one with Claude Code’s MCP configuration: ```bash claude mcp add https://aigw..clusters.rdpa.co/mcp/v1/ ``` For OAuth-protected MCP servers (most managed types), Claude Code prompts the developer to complete the consent flow on first use. ADP stores the resulting token in the per-user [token vault](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/), so subsequent invocations reuse it. If a server exposes a large tool catalog, turn on [code mode](https://docs.redpanda.com/agentic-data-plane/gateway/code-mode/) and point Claude Code at the server’s code-mode endpoint to cut the token cost of loading every tool definition. ## [](#verify-the-connection)Verify the connection 1. Run a short prompt: ```bash claude "say hello" ``` 2. Open **Cost & Usage** under **Governance** in the sidebar, then filter by your provider. Within a few seconds the request appears in the **Requests over time** chart. 3. Open [Transcripts](https://docs.redpanda.com/agentic-data-plane/monitor/transcripts/) to read the full turn (if transcript logging is enabled on this provider). ## [](#troubleshooting)Troubleshooting | Symptom | What to check | | --- | --- | | 401 Unauthorized | Token is missing, malformed, or expired. Re-mint the OIDC access token (it has a short TTL) and re-export ANTHROPIC_AUTH_TOKEN. Confirm the audience is cloudv2-production.redpanda.cloud and that Claude Code is sending the token as Authorization: Bearer . For Authorization passthrough, confirm the upstream Anthropic key is valid. | | 403 Forbidden | The service account or user lacks dataplane_adp_llmprovider_invoke on the provider. See LLM provider permissions or have an admin assign the LLMProviderInvoker built-in role. | | 404 Not Found | ANTHROPIC_BASE_URL doesn’t match the provider’s Proxy URL. Copy it again from the Connection card on the detail page; the path segment after /providers/ must be exactly the provider’s Name. | | "Model not found" | The model identifier Claude Code is sending is not enabled on the provider. Open the provider detail page, confirm the model row appears, and pass that exact identifier (Claude Code’s --model flag or ANTHROPIC_MODEL env var). | | Spend isn’t appearing in Cost & Usage | Allow a few seconds for the cost-reporting pipeline to catch up. If the chart still shows zero after a minute, verify the request actually reached the provider (the Requests over time chart populates first) and that you’re looking at the right date range. | | MCP tool calls return OAuthConnectionRequired | The developer hasn’t yet completed the consent flow for that MCP server. See User-delegated OAuth; Claude Code surfaces the authorize_url in the error so the developer can finish the handshake. | ## [](#next-steps)Next steps - [Configure an LLM Provider](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/) - [Connect Your App to AI Gateway](https://docs.redpanda.com/agentic-data-plane/gateway/connect-agent/) - [Connect Remote MCP Clients](https://docs.redpanda.com/agentic-data-plane/connect/remote-mcp-clients/) --- # Page 9: Understand Agent Concepts **URL**: https://docs.redpanda.com/agentic-data-plane/connect/concepts.md --- # Understand Agent Concepts > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Understand Agent Concepts latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: concepts page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: concepts.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/concepts.adoc description: Understand how declaratively configured agents execute reasoning loops, manage context, invoke tools, and handle errors. page-topic-type: concepts personas: agent_builder learning-objective-1: Explain how agents execute reasoning loops and make tool invocation decisions learning-objective-2: Describe how agents manage context and state across interactions learning-objective-3: Identify error handling strategies for agent failures page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- When you configure an agent’s LLM, system prompt, and tools, Redpanda ADP manages execution through a reasoning loop: analyze context, invoke a tool, process the result, and repeat until the task completes. Each iteration adds tokens to the context window and runs against your iteration budget, so execution decisions directly shape cost, latency, and reliability. Understanding this model gives you the foundation to set effective iteration limits, design lean tool sets, and diagnose failures before they affect your users. After reading this page, you will be able to: - Explain how agents execute reasoning loops and make tool invocation decisions - Describe how agents manage context and state across interactions - Identify error handling strategies for agent failures ## [](#agent-execution-model)Agent execution model Every agent request follows a reasoning loop. The agent doesn’t execute all tool calls at once. Instead, it makes decisions iteratively. ### [](#the-reasoning-loop)The reasoning loop The following diagram shows how agents process requests through iterative reasoning: ![Diagram showing the agent reasoning loop: User Request flows to LLM Receives Context](https://docs.redpanda.com/agentic-data-plane/_images/agent-reasoning-loop.png) Figure 1. Agent reasoning loop with tool integration When an agent receives a request: 1. The LLM receives the context, including system prompt, conversation history, user request, and previous tool results. 2. The LLM chooses to invoke a tool, requests more information, or responds to user. 3. The tool runs and returns results if invoked. 4. The tool’s results are added to conversation history. 5. The LLM reasons again with an expanded context. The loop continues until one of these conditions is met: ![Diagram showing exit conditions: Task Complete returns response](https://docs.redpanda.com/agentic-data-plane/_images/agent-exit-conditions.png) Figure 2. Reasoning loop exit conditions - Agent completes the task and responds to the user - Agent reaches max iterations limit - Agent encounters an unrecoverable error > 📝 **NOTE** > > If the agent encounters an unrecoverable error on the first iteration, it returns an error immediately. Unrecoverable errors include authentication failures, invalid tool configurations, or LLM API failures. ### [](#why-iterations-matter)Why iterations matter Each iteration includes these phases: 1. **LLM reasoning**: The model processes the growing context to decide the next action. 2. **Tool invocation**: If the agent decides to call a tool, execution happens and waits for results. 3. **Context expansion**: Tool results are added to the conversation history for the next iteration. With higher iteration limits, agents can complete complex tasks but can cost more and take longer. With lower iteration limits, agents can respond faster and are cheaper but may fail on complex requests. #### [](#cost-calculation)Cost calculation Calculate the approximate cost per request by estimating average context tokens per iteration: Cost per request = (iterations x context tokens x model price per token) Example with 30 iterations at $0.000002 per token: Iteration 1: 500 tokens x $0.000002 = $0.001 Iteration 15: 2000 tokens x $0.000002 = $0.004 Iteration 30: 4000 tokens x $0.000002 = $0.008 Total: ~$0.013 per request Actual costs vary based on: - Tool result sizes (large results increase context) - Model pricing (varies by provider and model tier) - Task complexity (determines iteration count) Setting max iterations creates a cost/capability trade-off: | Limit | Range | Use Case | Cost | | --- | --- | --- | --- | | Low | 10-20 | Simple queries, single tool calls | Cost-effective | | Medium | 30-50 | Multi-step workflows, tool chaining | Balanced | | High | 50-100 | Complex analysis, exploratory tasks | Higher | Iteration limits prevent runaway costs when agents encounter complex or ambiguous requests. ## [](#mcp-tool-invocation-patterns)MCP tool invocation patterns MCP tools extend agent capabilities beyond text generation. Understanding when and how tools execute helps you design effective tool sets. ### [](#synchronous-tool-execution)Synchronous tool execution In Redpanda ADP, tool calls block the agent. When the agent decides to invoke a tool, it pauses and waits while the tool executes (querying a database, calling an API, or processing data). When the tool returns its result, the agent resumes reasoning. This synchronous model means latency adds up across multiple tool calls, the agent sees tool results sequentially rather than in parallel, and long-running tools can delay or fail agent requests due to timeouts. ### [](#tool-selection-decisions)Tool selection decisions The LLM decides which tool to invoke based on system prompt guidance (such as "Use get\_orders when customer asks about history"), tool descriptions from the MCP schema that define parameters and purpose, and conversation context where previous tool results influence the next tool choice. Agents can invoke the same tool multiple times with different parameters if the task requires it. ### [](#tool-chaining)Tool chaining Agents chain tools when one tool’s output feeds another tool’s input. For example, an agent might first call `get_customer_info(customer_id)` to retrieve details, then use that data to call `get_order_history(customer_email)`. Tool chaining requires sufficient max iterations because each step in the chain consumes one iteration. ### [](#tool-granularity-considerations)Tool granularity considerations Tool design affects agent behavior. Coarse-grained tools that do many things result in fewer tool calls but less flexibility and more complex implementation. Fine-grained tools that each do one thing require more tool calls but offer higher composability and simpler implementation. Choose granularity based on how often you’ll reuse tool logic across workflows, whether intermediate results help with debugging, and how much control you want over tool invocation order. For tool design guidance, see [How MCP Servers Work](https://docs.redpanda.com/agentic-data-plane/connect/mcp-overview/). ## [](#context-and-state-management)Context and state management Agents handle two types of information: conversation context (what’s been discussed) and state (persistent data across sessions). ### [](#conversation-context)Conversation context The agent’s context includes the system prompt (always present), user messages, agent responses, tool invocation requests, and tool results. As the conversation progresses, context grows. Each tool result adds tokens to the context window, which the LLM uses for reasoning in subsequent iterations. ### [](#context-window-limits)Context window limits LLM context windows limit how much history fits. Small models support 8K-32K tokens, medium models support 32K-128K tokens, and large models support 128K-1M+ tokens. When context exceeds the limit, the oldest tool results get truncated, the agent loses access to early conversation details, and may ask for information it already retrieved. Design workflows to complete within context limits. Avoid unbounded tool chaining. ## [](#service-account-authorization)Service account authorization When you create an MCP server or AI agent, ADP automatically creates a service account to authenticate requests to ADP resources. The service account is created with the following: **Name**: Prepopulated as `cluster----sa`, where `sa` stands for service account. For example: - MCP server: `cluster-d5tp5kntujt599ksadgg-mcp-my-test-server-sa` - AI agent: `cluster-d5tp5kntujt599ksadgg-agent-my-agent-sa` You can customize this name during creation. **Role binding**: Cluster scope with Writer role for the cluster where you created the resource. This allows the resource to read and write data, manage topics, and access cluster resources. ### [](#manage-service-accounts)Manage service accounts You can view and manage service accounts created for MCP servers and AI agents at the organization level in **Organization IAM** > **Service account**. This page shows additional details not visible during creation: | Field | Description | | --- | --- | | Client ID | Unique identifier for OAuth2 authentication | | Description | Optional description of the service account | | Created at | Timestamp when the service account was created | | Updated at | Timestamp of the last modification | From this page you can: - Edit the service account name or description - View and manage role bindings - Rotate credentials - Delete the service account > 📝 **NOTE** > > Deleting a service account removes authentication for the associated MCP server or AI agent. The resource can no longer access cluster data. ### [](#customize-role-bindings)Customize role bindings The default Writer role provides broad access suitable for most use cases. If you need more restrictive permissions: 1. Exit the cluster and navigate to **Organization IAM** > **Service account**. 2. Find the service account for your resource. 3. Edit the role bindings to use a more restrictive role or scope. For more information about roles and permissions, see [Role-based access control](https://docs.redpanda.com/cloud-data-platform/security/authorization/rbac/rbac/) or [Group-based access control](https://docs.redpanda.com/cloud-data-platform/security/authorization/gbac/gbac/). ## [](#next-steps)Next steps - [Choose an Agent Architecture](https://docs.redpanda.com/agentic-data-plane/connect/architecture-patterns/) - [Redpanda ADP Quickstart](https://docs.redpanda.com/agentic-data-plane/get-started/adp-quickstart/) - [How MCP Servers Work](https://docs.redpanda.com/agentic-data-plane/connect/mcp-overview/) --- # Page 10: Create an Agent **URL**: https://docs.redpanda.com/agentic-data-plane/connect/create-agent.md --- # Create an Agent > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Create an Agent latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: create-agent page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: create-agent.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/create-agent.adoc description: Configure an ADP agent declaratively through the create form. No Python or JavaScript code required. page-topic-type: how-to personas: agent_builder learning-objective-1: Create an ADP agent through the create form learning-objective-2: Configure an LLM provider, model, and execution settings learning-objective-3: Configure tools, subagents, and discovery metadata for an agent page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- Create a new [AI agent](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#ai-agent) declaratively through Redpanda ADP. No Python or JavaScript code required. This guide walks through the create form section by section, then covers the post-create steps for discovery metadata and testing. After reading this page, you will be able to: - Create an ADP agent through the create form - Configure an LLM provider, model, and execution settings - Configure tools, subagents, and discovery metadata for an agent ## [](#prerequisites)Prerequisites - At least one [LLM provider configured](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/) in ADP. - Optional: One or more [MCP servers](https://docs.redpanda.com/agentic-data-plane/connect/mcp-overview/) registered in ADP if you want the agent to call tools. - A system prompt prepared in advance (see [System prompt best practices](https://docs.redpanda.com/agentic-data-plane/connect/system-prompts/)). ## [](#open-the-create-form)Open the create form 1. Open **Agents** in the sidebar. 2. Click **Create agent**. 3. Choose how the agent runs. Click **Redpanda manages it**, so Redpanda deploys, runs, and observes the agent for you. (To register an agent you build and run yourself, see [Register Your Own Agent (BYOA)](https://docs.redpanda.com/agentic-data-plane/connect/byoa-register/).) ![The runtime choice in the create-agent flow](https://docs.redpanda.com/agentic-data-plane/shared/_images/create-agent-runtime-choice.png) ADP configures the agent on a single page with five sections: Details, Model, Behavior, Tools, and Subagents. A stepper on the left tracks the sections and summarizes what you’ve set in each; click a step to jump to its section. Required fields are marked with a red asterisk. ## [](#details)Details In the **Details** section, configure the identity fields that appear in the agent registry list, transcripts, and audit logs. 1. Review the **Agent ID**. ADP pre-fills a generated ID and re-derives it from the display name as you type, using lowercase letters, numbers, and hyphens (up to 63 characters). Editing the ID directly stops the auto-derive. The ID is used in URLs and CLI commands and can’t be changed after creation. 2. Enter a **Display name**. Required. Shown in the agent registry list and detail header (for example, `Customer Support Agent`). 3. Optionally, add a **Description**. Up to 1024 characters. 4. Optionally, add **Tags** as key/value pairs to organize and filter agents in the registry. ## [](#model)Model In the **Model** section, select the [large language model (LLM)](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#large-language-model-llm) provider and model the agent uses to interpret user intent and decide which tools to invoke. 1. Select an **LLM provider**. Required. The dropdown lists every LLM provider configured in ADP (for example, `support-bedrock-v2`). To add a new provider, see [Configure an LLM provider](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/). 2. Select a **Model**. Required. The list is populated by the selected provider (for example, `us.anthropic.claude-haiku-4-5-20251001-v1:0`). If the provider has no allowlist, you can type the model identifier directly. For model selection guidance, see [Model selection guide](https://docs.redpanda.com/agentic-data-plane/connect/architecture-patterns/#model-selection-guide). 3. Optionally, expand **Advanced** and set **Max iterations**. Leave it at 0 to use the runtime default. Max iterations is the upper bound on agent reasoning loops per request; the proto contract allows 0-200. Each iteration consumes tokens and adds latency. If you override the default, choose based on task complexity: - Simple queries (10-20): Single tool call, direct answers, minimal reasoning. - Balanced workflows (20-40): Multiple tool calls, data aggregation, moderate analysis. - Complex analysis (40-100): Exploratory queries, extensive tool chaining, deep reasoning. For external model specifications and pricing: - [OpenAI models](https://platform.openai.com/docs/models) - [Anthropic Claude models](https://docs.anthropic.com/claude/docs/models-overview) - [Google Gemini models](https://ai.google.dev/gemini-api/docs/models) - [AWS Bedrock models](https://docs.aws.amazon.com/bedrock/latest/userguide/models-supported.html) ## [](#behavior)Behavior In the **Behavior** section, write the **System prompt** that defines the agent’s role, responsibilities, constraints, and output format. The system prompt is optional but strongly recommended; when set, it’s sent on every invocation as the first message. The prompt field is a Markdown editor: format the prompt visually, or switch to the **Raw** tab to edit the Markdown source directly. A typical prompt defines: - Agent role and responsibilities - Available tools (matches the servers you select in the **Tools** section) - Safety rules and constraints - Expected output format Example structure: ```text You are an [agent role]. Responsibilities: - [Task 1] - [Task 2] Available tools: - [tool_name]: [description] Never: - [Constraint 1] - [Constraint 2] Response format: - [Format guideline] ``` For full guidance on writing effective prompts, see [System prompt best practices](https://docs.redpanda.com/agentic-data-plane/connect/system-prompts/). ## [](#tools)Tools In the **Tools** section, select the Model Context Protocol (MCP) servers that expose tools to the agent. This section is optional, and you can change the list at any time after creation. 1. Under **MCP servers**, select each server you want the agent to call. 2. The agent discovers each server’s tools at runtime; you don’t pre-select individual tools. The agent calls them based on the LLM’s interpretation of the system prompt and the user request. Keep the system prompt aligned with the servers you select so the model knows what’s available. > 💡 **TIP** > > Apply the principle of least privilege. Connect only the servers the agent needs. For registering MCP servers, see [Create an MCP server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/). ## [](#subagents)Subagents In the **Subagents** section, optionally add internal specialists within the same agent. Each subagent has its own name, description, system prompt, and MCP tools, but all subagents share the parent agent’s provider, model, and execution settings. 1. To add a specialist, click **Add subagent** and configure it: - **Name**: Required. Up to 63 characters. Must start with a lowercase letter, contain only lowercase letters, digits, and hyphens, and end with a letter or digit (for example, `order-agent`). The name is also a DNS-1123 / AIP-122 compliant identifier. - **Description**: Optional. Up to 1024 characters. - **System prompt**: Up to 16,384 characters. Domain-specific instructions for what the subagent does. - **MCP tools**: Select the tools this subagent can access. 2. To keep the agent flat, leave the list empty. The root agent orchestrates and delegates work to the appropriate subagent based on the request. For multi-agent design patterns, see [Agent architecture patterns](https://docs.redpanda.com/agentic-data-plane/connect/architecture-patterns/). ## [](#create-the-agent)Create the agent 1. Check the stepper on the left, which summarizes what you set in each section. To change anything, click the step to jump back to its section. 2. Click **Create agent**. If a required field is missing, a "Cannot create agent" error lists what to fix. 3. Wait for the agent to reach the **Running** state. ADP creates the agent’s service account automatically when you create the agent. The default name uses the pattern `cluster--agent--sa`, and ADP applies default permissions. For details and how to manage service accounts, see [Service account authorization](https://docs.redpanda.com/agentic-data-plane/connect/concepts/#service-account-authorization). When the agent is running, ADP shows its A2A endpoint URL on the **Connect** tab, along with authentication guidance and ready-to-paste code examples for calling the agent with the official A2A client SDKs. You can use this URL to call the agent programmatically or integrate it with external systems. See [Choose an Integration Pattern](https://docs.redpanda.com/agentic-data-plane/connect/integration-overview/). ## [](#issue-agent-credentials)Issue agent credentials Every agent has a hidden service account in ADP that scopes the calls the agent makes to MCP servers and the Redpanda broker. To call the agent from an external system as that service account, issue an OAuth 2.0 client credential on the agent’s **Credentials** tab. The **Setup** tab on the agent detail page shows the equivalent OAuth client configuration (token endpoint, scopes, sample request) after a credential exists. The sample requests target a specific LLM provider’s gateway endpoint: pick a provider on the tab and the examples fill in its endpoint URL. > ❗ **IMPORTANT** > > The `client_secret` value is plaintext and returned only at create time. ADP cannot retrieve it again. Capture the value into your secret store before you leave the dialog. To rotate, create a new credential, update the consumer, then delete the old one. 1. Open the agent and click the **Credentials** tab. 2. Click **Create credential**. 3. Optionally enter a Description (up to 1024 characters) to identify what the credential is used for, for example `customer-support-bot prod`. 4. Optionally pick an Expires at date. Leave it unset for a non-expiring credential. 5. Click **Create**. ADP shows a one-time dialog containing: - **Client ID**: An OAuth 2.0 client identifier in the form `serviceaccounts/`. Stable across credentials and rotations: every credential on the same agent carries the same value. - **Client secret**: The plaintext OAuth client secret, shown only at create time. 6. Copy both values into your secret store before closing the dialog. The credential row appears in the Credentials table with its description, expiry, and creation time, but the secret is never retrievable again. To list existing credentials, return to the **Credentials** tab. The list shows the metadata fields for each credential (description, expiry, creation time) but not the secret. To delete a credential, click the delete action on the credential row. Delete is idempotent: deleting a credential that no longer exists succeeds. After delete, the OAuth token endpoint rejects the corresponding `client_id` / `client_secret` pair. ### [](#required-permissions)Required permissions Credential operations are governed by their own permission set: | Permission | Allows | | --- | --- | | dataplane_adp_agent_credential_create | Issue new credentials for the agent. | | dataplane_adp_agent_credential_list | List credential metadata for the agent. | | dataplane_adp_agent_credential_delete | Delete credentials for the agent. | ## [](#configure-a2a-discovery-metadata-optional)Configure A2A discovery metadata (optional) A2A discovery metadata lets external systems find and invoke the agent through capability-based discovery. Configure this after creation, on the agent’s **A2A** tab. For agent card design guidance, see [Create an Agent Card](https://agent2agent.info/docs/guides/create-agent-card/). 1. Open the agent and click the **A2A** tab. 2. Configure identity fields: - **Icon URL**: A publicly accessible image URL (recommended: 256x256 PNG or SVG). - **Documentation URL**: Link to comprehensive agent documentation. 3. Configure provider information: - **Organization**: Your organization or team name. - **URL**: Website or contact URL. 4. Add **Skills** to describe what the agent can do for capability-based discovery. For each skill: - **Skill ID** (required): Lowercase letters, digits, and hyphens (for example, `fraud-analysis`). - **Skill name** (required): Human-readable name displayed in agent directories. - **Description** (required): What the skill does and when to use it. Be specific about inputs, outputs, and use cases. - **Tags** (optional): Categorization terms (for example, `fraud`, `security`, `finance`). - **Examples** (optional): Sample queries demonstrating how to invoke this skill. 5. Save your changes. The updated metadata appears immediately at `https:///.well-known/agent-card.json`. For more about agent cards and how they’re consumed, see [Agent cards](https://docs.redpanda.com/agentic-data-plane/connect/a2a-concepts/#agent-cards). ## [](#test-your-agent)Test your agent Two tabs on the agent detail page support testing and observability: - **Inspector**: Send test prompts interactively and inspect each step of the agent’s reasoning, tool calls, and responses. Use Inspector during development and tuning. - **Transcripts**: Records every conversation against the agent (prompt, tool calls, tool outputs, final response). Use Transcripts to audit production behavior. 1. Open the agent’s **Inspector** tab. 2. Enter a test prompt. 3. Verify the agent: - Selects appropriate tools - Follows the system prompt’s constraints - Returns the expected output format 1. Iterate on the system prompt, MCP tool selection, or model choice as needed. For detailed observability strategies, see [Monitor Agent Activity](https://docs.redpanda.com/agentic-data-plane/monitor/monitor-agents/). ## [](#example-configurations)Example configurations ### [](#simple-query-agent)Simple query agent - **Model**: GPT-5 Mini (fast, cost-effective) - **Tools**: Single MCP server exposing a `get_orders` tool - **Max iterations**: 10 - **Use case**: Customer order lookups ### [](#complex-analytics-agent)Complex analytics agent - **Model**: Claude Sonnet 4.5 (balanced) - **Tools**: Multiple servers for data query, aggregation, and formatting - **Max iterations**: 30 - **Use case**: Multi-step data analysis ### [](#multi-agent-orchestrator)Multi-agent orchestrator - **Model**: Claude Opus 4.5 (advanced reasoning) - **Tools**: Tools the root agent delegates to subagents - **Subagents**: `order-agent`, `inventory-agent`, `customer-agent` - **Max iterations**: 20 - **Use case**: E-commerce operations ## [](#next-steps)Next steps - [Trigger Agents from External Channels](https://docs.redpanda.com/agentic-data-plane/connect/triggers/overview/) - [Choose an Integration Pattern](https://docs.redpanda.com/agentic-data-plane/connect/integration-overview/) - [Write Effective System Prompts](https://docs.redpanda.com/agentic-data-plane/connect/system-prompts/) --- # Page 11: Create an MCP Server **URL**: https://docs.redpanda.com/agentic-data-plane/connect/create-server.md --- # Create an MCP Server > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Create an MCP Server latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: create-server page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: create-server.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/create-server.adoc description: Create an MCP server in the Agentic Data Plane by picking a managed type from the marketplace or registering a self-managed server you host yourself, then configure authentication, code mode, and access. page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Create a managed or self-managed MCP server in ADP learning-objective-2: Configure each authentication mode and pick the right one for your use case learning-objective-3: Save the server, verify the API URL, and confirm tools were discovered page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- Create MCP servers to give agents structured access to your databases, queues, CRMs, and other business systems. Each server exposes [tools](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#tool), [resources](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#resource), and [prompts](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#prompt) that an agent can discover and invoke. Choose managed types that Redpanda hosts for you, or register self-managed servers you host yourself. After completing this guide, you will be able to: - Create a managed or self-managed MCP server in ADP - Configure each authentication mode and pick the right one for your use case - Save the server, verify the API URL, and confirm tools were discovered ## [](#prerequisites)Prerequisites - For any authentication mode that uses upstream credentials: the credentials in hand and a secret already created in the Redpanda ADP secret store. Secret references must be `UPPER_SNAKE_CASE` (proto regex `^[A-Z][A-Z0-9_]*$`). For example: `MCP_API_KEY`, `OPENAI_API_KEY`. - For user-delegated OAuth: an [OAuth provider](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#oauth-provider) resource already configured. See [User-delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/). ## [](#open-the-mcp-servers-page)Open the MCP Servers page 1. Open **MCP Servers** in the sidebar. 2. Click **Create Server**. ## [](#pick-a-backend)Pick a backend The marketplace picker lists every managed type as a card and includes a **Remote (Proxied)** option for self-managed servers. - **Managed**: Pick a card. Redpanda hosts the server in-process. The configuration form is rendered from the type’s protobuf schema; field labels and help text come straight from the proto. - **Self-managed**: Pick **Remote (Proxied)**. You provide a URL and a transport, and Redpanda proxies requests to your server. For a tour of every managed type and which one fits your use case, see [Managed catalog](https://docs.redpanda.com/agentic-data-plane/connect/managed/managed-catalog/). To go deep on the self-managed path (transport choices, TLS, multi-server aggregation), see [Register a self-managed server](https://docs.redpanda.com/agentic-data-plane/connect/register-remote/). ## [](#name-and-basic-fields)Name and basic fields Every server has the same identity fields. | Field | Required | Notes | | --- | --- | --- | | Name | Yes | Lowercase letters, numbers, and hyphens only (proto regex ^[a-z]$); 1–63 characters; must start with a letter. *Immutable after create. Used as the URL path segment. | | Description | No | Up to 256 characters. Shown in list and detail views. | | Enabled | Yes (toggle) | Disabled servers reject every tool call. | The `name` is the server’s identifier and is immutable. The update API preserves it: you can’t rename a server after create. To use a different name, delete the server and create a new one. ## [](#configure-the-managed-flow-managed-types-only)Configure the managed flow (managed types only) Each managed type ships its own configuration schema. The form on this page is rendered from the type’s `_config.proto`, so field labels and help text come directly from the proto definition. No per-type hand-written form code is required. For per-type fields, see the [Managed catalog](https://docs.redpanda.com/agentic-data-plane/connect/managed/managed-catalog/): a reference of every managed MCP type Redpanda hosts, grouped by category, with a description and a link to its setup guide where one exists. > 📝 **NOTE** > > MCP enforces a 64-character limit on tool names. For managed MCP types whose generated names exceed that limit, ADP truncates the prefix and replaces it with a hash, so the long-form name becomes something like `64ghux5adn_github_read_v1_GitHubReadService_GetAuthenticatedUser`. ADP always preserves the version, service, and method suffix, so the short tool name an agent sees (for example, `get_authenticated_user`) stays stable across truncations. > > You don’t configure the truncation. This detail matters only when you correlate tool calls in logs or transcripts against the generated proto names. ## [](#configure-the-self-managed-flow-remoteproxied-only)Configure the self-managed flow (Remote/Proxied only) Two fields on top of the identity fields: | Field | Required | Notes | | --- | --- | --- | | URL | Yes | Endpoint URL of your server. Must start with http:// or https://. HTTPS is required if you choose user-delegated OAuth (proto rule remote_mcp.user_oauth_requires_https). | | Transport | Yes | SSE (server-sent events) or Streamable HTTP (newer bidirectional protocol). Pick whichever your server speaks. See Register a self-managed server for how to test which transport your server uses. | ## [](#configure-authentication)Configure authentication Both managed and self-managed servers offer the same set of authentication modes. Managed types only show the modes that make sense for that type; for example, SQL never offers user-delegated OAuth. | Mode | Use when | | --- | --- | | None | The upstream server doesn’t need authentication, or the managed type wraps an in-process resource that needs no creds. | | Static key | Single shared API key. Provide a key_ref (secret reference, UPPER_SNAKE_CASE) and an optional header_name (defaults to Authorization). | | Token passthrough | Forward the caller’s Authorization header to the upstream server as-is. Use this mode when the upstream already validates upstream tokens. | | Service-account OAuth | 2-legged OAuth client credentials. One shared upstream identity for every caller. Provide client_id, client_secret_ref, token_url, and any required scopes. | | User-delegated OAuth | Each end-user authenticates against the upstream system with their own credentials, and Redpanda injects the user’s token at call time. Pick the configured OAuth Provider and the required scopes. The first time a user calls a tool that needs this server, Redpanda surfaces a consent prompt; Redpanda stores the resulting connection in the token vault, where it shows up under Connections. See User-delegated OAuth for the full flow. | > 📝 **NOTE** > > Choosing between `Service-account OAuth` and `User-delegated OAuth` is the credential-mode decision. Service-account authentication gives every caller the same identity at the upstream; user-delegated authentication gives each caller their own. ## [](#code-mode-optional)Code mode (optional) Toggle **Code mode** to add `{name}_search` and `{name}_execute` tools alongside the server’s own tools. Agents can use `_search` to discover available tools and `_execute` to run sandboxed Python or JavaScript that orchestrates them. This is useful when you’d rather have the agent generate a small program than call tools one at a time. When code mode is enabled, the server’s detail page surfaces a second URL, the **code-mode MCP URL**, that clients can connect to instead of the standard one. > 📝 **NOTE** > > Defer advanced code-mode patterns (sandboxing limits, runtime selection, dependency management) to follow-up content; this page covers only enabling it. ## [](#save-and-verify)Save and verify 1. Click **Create**. The server appears in the list with a **Type** badge: **Managed** or **Self-managed**. 2. Open the detail page. The **Overview** tab shows the **API URL**: this is the MCP URL agents connect to. Copy it for use later. 3. Open the **Connection** tab to see ready-to-paste connection snippets, pre-filled with this server’s API URL, for common MCP clients such as Claude Code, Claude Desktop, and Cursor, plus code examples in several languages. The code examples authenticate with the OAuth authorization-code flow and surface the OAuth client ID to use. 4. Open the **Inspector** tab. Redpanda performs a live `tools/list` against the server and lists every tool it discovered. See [Test a server’s tools](https://docs.redpanda.com/agentic-data-plane/connect/test-tools/) for how to call them. A populated tools list confirms that the connection works and credentials resolve correctly. If the list is empty or the tab shows an error, see [Troubleshooting](#troubleshooting). ## [](#create-from-the-cli)Create from the CLI Use [`rpk ai`](https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai/) for a non-UI path through the same create flow, useful for scripting and CI. ```bash # Managed type (Workday example) rpk ai mcp create --name workday-hr \ --managed-config '{ "@type": "type.googleapis.com/redpanda.mcps.workday.v1.WorkdayMCPConfig", "tenant": "acme", "host": "wd2-impl-services1.workday.com", "oauth_refresh_token": { "username": "isu_user@acme", "password_secret_ref": "${secrets.WORKDAY_PASSWORD}", "refresh_token_secret_ref": "${secrets.WORKDAY_REFRESH_TOKEN}" } }' # Managed type with user-delegated OAuth inside the managed config # (NetSuite example) rpk ai mcp create --name netsuite \ --description "NetSuite ERP with user OAuth" \ --managed-config '{ "@type": "type.googleapis.com/redpanda.mcps.netsuite.v1.NetSuiteMCPConfig", "accountId": "1234567_SB1", "userOauth": { "providerName": "netsuite", "requiredScopes": ["rest_webservices"] } }' # Self-managed server with user-delegated OAuth rpk ai mcp create --name github-proxy \ --url https://mcp.example.com/sse \ --user-oauth-provider github \ --user-oauth-scopes repo,read:org # Update a self-managed server's user-delegated OAuth scopes rpk ai mcp update github-proxy \ --user-oauth-provider github \ --user-oauth-scopes repo,read:org,workflow ``` | Flag | Notes | | --- | --- | | --managed-config | JSON blob carrying the managed type’s _config.proto shape, including a @type URL. | | --user-oauth-provider | Self-managed servers only. Name of an OAuth Provider already registered under OAuth Providers. See Configure an OAuth Provider. The principal needs dataplane_aigateway_oauthprovider_attach on the named provider (AI-893). Managed servers that support user-delegated OAuth carry their auth shape inside --managed-config. | | --user-oauth-scopes | Self-managed servers only. Comma-separated scopes the server requires. Provide every scope any tool may need; user re-consent is required if scopes change later. | The command resolves the gateway URL from your active rpk cloud profile and reads the cached `rpk cloud login` token. ## [](#edit-disable-and-delete-a-server)Edit, disable, and delete a server - **Edit:** most fields can change. The `name` and `type` are immutable after create. - **Disable:** toggle **Enabled** off. The server stays in the list, but every tool call returns an error until you re-enable it. - **Delete:** permanently removes the server record. User OAuth connections are scoped to the OAuth Provider, not the server, so they stay in the token vault and keep working for other servers that use the same provider. If you re-create a server against the same provider, users don’t re-consent unless the new server requires additional scopes. ## [](#troubleshooting)Troubleshooting | Symptom | What to check | | --- | --- | | Secret not found | The secret reference is case-sensitive and must be UPPER_SNAKE_CASE matching the proto regex ^[A-Z][A-Z0-9_]*$. Confirm the secret exists in the ADP secret store and is spelled identically. | | "HTTPS required" error on save (self-managed) | You picked user-delegated OAuth on a server with an http:// URL. Switch to https:// (proto rule remote_mcp.user_oauth_requires_https). | | Inspector / tools list empty after create | The connection or authentication might be failing. Check the Connection tab for upstream errors. For self-managed, confirm the transport (SSE vs. Streamable HTTP) matches what your server actually speaks. | | Tool calls return errors after disable/enable | Disabled servers reject all tool calls. Confirm the Enabled toggle is on. | ## [](#next-steps)Next steps - [Configure User-Delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/) - [Test an MCP Server’s Tools with the Inspector](https://docs.redpanda.com/agentic-data-plane/connect/test-tools/) - [Plug in an App, Database, or Tool](https://docs.redpanda.com/agentic-data-plane/connect/managed/managed-catalog/) --- # Page 12: Set Up GitHub OAuth Provider and MCP Server **URL**: https://docs.redpanda.com/agentic-data-plane/connect/github-oauth-tutorial.md --- # Set Up GitHub OAuth Provider and MCP Server > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Set Up GitHub OAuth Provider and MCP Server latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: github-oauth-tutorial page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: github-oauth-tutorial.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/github-oauth-tutorial.adoc description: Complete walkthrough for configuring GitHub as an OAuth provider and creating a user-delegated GitHub MCP server. page-topic-type: tutorial personas: agent_builder, platform_engineer learning-objective-1: Create a GitHub OAuth app and register it as an OAuth provider in ADP learning-objective-2: Test the OAuth connection proactively on the Connections page learning-objective-3: Configure a GitHub managed MCP server with user-delegated OAuth page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- This tutorial shows how to connect Redpanda ADP to GitHub using OAuth, so users can authenticate with their own GitHub credentials when calling GitHub MCP tools. After completing this tutorial, you will be able to: - Create a GitHub OAuth app and register it as an OAuth provider in ADP - Test the OAuth connection proactively on the Connections page - Configure a GitHub managed MCP server with user-delegated OAuth ## [](#before-you-begin)Before you begin - You need a GitHub account with permission to create OAuth apps (personal account or organization with appropriate role). - You need ADP administrator permissions to create OAuth providers and MCP servers. - You should understand the difference between user-delegated OAuth (each user authenticates as themselves) and service-account OAuth (all users share one identity). This tutorial covers user-delegated OAuth. > 💡 **TIP** > > GitHub recommends considering GitHub Apps instead of OAuth Apps for production use, as they offer fine-grained permissions and short-lived tokens. However, OAuth Apps work well for getting started with Redpanda ADP’s AI Gateway integration. ## [](#create-a-github-oauth-app)Create a GitHub OAuth app Register an OAuth application in GitHub to obtain the client ID and client secret. > 📝 **NOTE** > > Throughout this tutorial, fields marked with \* are required. 1. Sign in to GitHub and navigate to **Settings → Developer settings → OAuth Apps**. 2. Click **New OAuth App** (or **Register a new application** if this is your first OAuth app). 3. Fill in the application details: | Field | Value | | --- | --- | | Application name | ADP AI Gateway (or your preferred name) | | Homepage URL | https://aigw..clusters.rdpa.co+ This must match exactly. Replace with your actual cluster ID, such as https://aigw.d6kjl4h19241bg3ek3t0.cluster.rdpa.co. | | Application description | Optional. For example: "Redpanda AI Gateway GitHub integration". | | Authorization callback URL | https://aigw..clusters.rdpa.co/oauth/v1/callbackThis must match exactly. Replace with your actual cluster ID, such as https://aigw.d6kjl4h19241bg3ek3t0.cluster.rdpa.co/oauth/v1/callback. | 4. Click **Register application**. 5. On the application page, note your **Client ID** (for example, `Iv1.abc123…​`). Copy it for later. 6. Click **Generate a new client secret** and copy it immediately (you won’t see it again). > ❗ **IMPORTANT** > > - GitHub OAuth apps support only **one** callback URL (unlike GitHub apps which support multiple). > > - Store your client secret securely. GitHub will not show it again after you navigate away. ## [](#create-the-github-oauth-provider-in-adp)Create the GitHub OAuth provider in ADP Register GitHub as an OAuth provider in ADP. 1. Open **OAuth Providers** in the sidebar. 2. Click **Create provider** and select **GitHub** from the catalog. 3. Fill in the provider details: ### [](#provider-details)Provider details | Field | Value | Notes | | --- | --- | --- | | Name * | A name for this OAuth provider, for example, github. | Lowercase letters, numbers, and hyphens only. This is the machine identifier used when attaching the provider to an MCP server. Immutable after creation. | | Client ID * | The client ID from your GitHub OAuth app, for example, Iv1.abc123…​ | This is found in GitHub Settings → Developer settings → OAuth Apps → [Your App]. | | Display name * | GitHub | Human-readable name shown in ADP. | | Authorization endpoint * | https://github.com/login/oauth/authorize | GitHub’s OAuth authorization URL where users are redirected to grant permission. | | Token endpoint * | https://github.com/login/oauth/access_token | GitHub’s OAuth token exchange endpoint where authorization codes are exchanged for access tokens. | | Revocation Endpoint | Leave empty | GitHub doesn’t provide a standard RFC 7009 token revocation endpoint. ADP will handle token lifecycle without this. | | Client secret ref * | GITHUB_CLIENT_SECRET | Click New. Enter GITHUB_CLIENT_SECRET as the key name, paste in your client secret from GitHub, and then click Create secret. This creates the secret in the Secrets Store and links it to this provider in ADP. If you already have a secret in Secrets Store, click Existing instead. | ### [](#scopes)Scopes Define the GitHub scopes your MCP servers will need. Click in the **Scopes** field and add the following scopes: - `repo` - Full control of private repositories (read and write) - `read:user` - Read user profile information - `read:org` - Read organization membership - `workflow` - Update GitHub Actions workflows > 💡 **TIP** > > **Common GitHub OAuth scopes:** > > - `repo` - Access to private repositories > > - `public_repo` - Access to public repositories only > > - `read:user`, `user:email` - Read user profile and email > > - `read:org` - Read organization membership > > - `workflow` - Manage GitHub Actions workflows > > - `gist` - Create and read gists > > > See the [GitHub OAuth scopes documentation](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps) for the complete list. > > **Scope management**: Include every scope any MCP server attached to this provider might need. Users must re-consent when scopes are added later, so it’s better to include all necessary scopes upfront. ### [](#grant-types)Grant types - **Browser consent** ✓ (checked) - OAuth 2.0 Authorization Code flow. This is the standard flow for user-delegated OAuth. - **Token exchange** ☐ (unchecked) - RFC 8693 token exchange. Leave unchecked unless you’re implementing advanced token exchange scenarios. ### [](#token-endpoint-auth-method)Token endpoint auth method Select **Client Secret (Basic)** This sends credentials as `client_id:client_secret` in the HTTP Basic Authorization header, which is GitHub’s expected authentication method. | Method | When to use | | --- | --- | | Client Secret (Basic) | Most common. GitHub expects this method. Credentials sent in Authorization header. | | Client Secret (POST) | Credentials sent in the POST body. Use only if the provider requires it. | | None (PKCE only) | For public clients with no client secret. Not applicable for GitHub OAuth Apps. | ### [](#require-pkce)Require PKCE **Enabled** (toggle on) Proof Key for Code Exchange (PKCE) adds an extra layer of security to the OAuth flow. > 📝 **NOTE** > > PKCE (RFC 7636) protects against authorization code interception attacks. When enabled, the gateway generates a code challenge before redirecting the user to GitHub and verifies it when exchanging the authorization code for a token. ### [](#complete-creation)Complete creation 1. Review all fields to ensure they match the values above 2. Click **Create provider** The provider appears in the **OAuth Providers** list with status "Enabled". ## [](#test-the-connection-on-the-connections-page)Test the connection on the Connections page Before creating an MCP server, proactively test the OAuth flow to verify your provider configuration is correct. 1. Open **Connections** in the sidebar. 2. Find the **GitHub** provider card. 3. Click **Connect**. 4. You’ll be redirected to GitHub’s authorization page. 5. Review the requested permissions (scopes) and click **Authorize \[Your App Name\]**. 6. GitHub redirects you back to ADP. 7. The GitHub provider card now shows status "Connected". > 💡 **TIP** > > If the connection fails: > > - Check that the **Homepage URL** and **Authorization callback URL** in your GitHub OAuth app exactly match the expected URLs with your cluster ID. > > - Verify the **Client ID** and **Client secret ref** in the ADP OAuth provider are correct. > > - Check that the secret `GITHUB_CLIENT_SECRET` exists and contains the correct value. > > > See [Troubleshooting](#troubleshooting) for more debugging tips. ## [](#create-the-github-mcp-server)Create the GitHub MCP server Now create an MCP server that uses the GitHub OAuth provider for user-delegated authentication. 1. Open **MCP Servers** in the sidebar. 2. Click **Create server**. 3. The catalog shows managed MCP servers organized by category (AI, Databases, Streaming, Collaboration, AWS, Google, Utilities). 4. Use the search bar or browse to find and select **GitHub**. > 📝 **NOTE** > > GitHub is a managed MCP server, meaning Redpanda provides and maintains the implementation. You only need to configure authentication and select which tools to expose. ### [](#configure-the-github-mcp-server)Configure the GitHub MCP server Fill in the basic server details: | Field | Example value | Notes | | --- | --- | --- | | Name * | my-gh | Unique identifier. Lowercase letters, numbers, and hyphens only. | | Description | What this server does (shown in detail views) | Optional human-readable description. | | Code mode | Toggle on/off | Enable to add search and run tools that let agents run sandboxed code against this server’s tools. Typically enabled for development/testing. | | Restrict to org | redpanda-data | GitHub-specific field. If set, confines this MCP to the named GitHub org (for example, "redpanda-data"). Leave empty for unrestricted access to all repositories the user can access. | ### [](#configure-authentication)Configure authentication 1. In the **Auth** dropdown, select **User OAuth**. This enables user-delegated authentication where each user authenticates with their own GitHub credentials. 2. In the **User OAuth** section that appears: | Field | Value | Notes | | --- | --- | --- | | Provider name * | GitHub | Select the GitHub OAuth provider you created earlier from the dropdown. If "Not set" appears, you haven’t created a provider yet or it’s not visible. | | Required scopes | Click + Add required scopes | Add the same scopes you defined in the OAuth provider, adding each scope to a new line. If a user’s stored connection has fewer scopes than specified here, they’ll be prompted to re-consent with upgraded scopes. | ### [](#token-injection-advanced)Token injection (advanced) The **Injection** section controls how the resolved OAuth token is placed on upstream requests: | Field | Default value | Notes | | --- | --- | --- | | Header name | Authorization | HTTP header name for the token. GitHub expects Authorization, so keep the default. | | Header prefix | Bearer | Value prefix before the token. GitHub expects Bearer , so keep the default. Set empty to omit the prefix entirely (for upstreams that expect a bare API key as the token). | > 💡 **TIP** > > **How to authenticate to GitHub** link explains GitHub’s expected authentication format. For standard GitHub OAuth, the defaults (`Authorization: Bearer `) are correct. ### [](#complete-creation-2)Complete creation 1. Review all fields. 2. Click **Submit**. The GitHub MCP server appears in the **MCP Servers** list showing: - **Name**: `my-gh` (or your chosen name) - **Type**: Managed (badge) - **Status**: Enabled (badge) - **Tools**: A list of available tools like `get_authenticated_user`, `list_my_orgs`, `list_org_repos`, and more > ❗ **IMPORTANT** > > **User OAuth vs service account OAuth:** > > - **User OAuth** (what we’re configuring): Each end-user authenticates with their own GitHub account. The upstream GitHub API sees requests as coming from that individual user and applies their permissions. > > - **Service account OAuth**: All users share one GitHub identity. The upstream sees every request as coming from the same service account. > > > For most scenarios where users need to access their own repositories or respect GitHub’s per-user permissions, choose **User OAuth**. ## [](#verify-the-mcp-server-works)Verify the MCP server works Test that the MCP server is correctly configured and can authenticate users. 1. In ADP, find your GitHub MCP server in the **MCP Servers** list. 2. Click it to view details. 3. If you tested the connection in Connections, you’re already connected and can test immediately. 4. If you skipped the Connections test, the first time you call a tool from this server, you’ll be prompted to authorize GitHub. The flow is: 1. Call a tool (for example, through a Claude Desktop integration pointing to this MCP server). 2. ADP returns `OAuthConnectionRequired` with an authorization URL. 3. The UI prompts you to connect to GitHub. 4. You authorize in GitHub. 5. The tool call automatically retries and succeeds. 5. After successful authorization, subsequent tool calls use your stored GitHub token with no additional prompts (until the token expires or scopes change). ## [](#what-you-accomplished)What you accomplished You have now: - Created a GitHub OAuth app with the correct callback URL - Registered GitHub as an OAuth provider in ADP - Tested the OAuth connection proactively - Created a GitHub managed MCP server with user-delegated OAuth - Verified that users can authenticate and call GitHub tools You could next create an agent using this GitHub MCP server. Each user who calls tools from this MCP server will authenticate with their own GitHub account. User tokens are stored securely in ADP’s token vault and automatically refreshed before expiry. ## [](#troubleshooting)Troubleshooting | Symptom | Solution | | --- | --- | | redirect_uri_mismatch error during authorization | The callback URL in your GitHub OAuth app doesn’t match ADP’s callback. Go to GitHub Settings → Developer settings → OAuth Apps → [Your App] and verify the Authorization callback URL is exactly https://aigw..clusters.rdpa.co/oauth/v1/callback. | | invalid_client error during token exchange | The Client ID or Client secret is incorrect, or the authentication method doesn’t match. Verify the Client ID in the OAuth provider matches GitHub, and that GITHUB_CLIENT_SECRET contains the correct client secret. Ensure Token Endpoint Auth Method is set to "Client Secret (Basic)". | | invalid_scope error during consent | One of the scopes you requested isn’t valid for GitHub OAuth apps. Check the GitHub OAuth scopes documentation and remove or rename invalid scopes. | | "OAuth provider not found" when creating MCP server | The provider name doesn’t match. Verify you created the provider with name github (lowercase) and are selecting the correct provider in the MCP server configuration. | | Connection works in Connections but fails in MCP server | The MCP server’s required scopes might be different from what you consented to in Connections. Edit the OAuth provider to include all necessary scopes, then re-consent in Connections. | | Token expired or OAuthTokenExpired error | GitHub tokens eventually expire or can be revoked. The user needs to re-authorize in Connections or by triggering the consent flow again on the next tool call. | | Permission denied when attaching provider to MCP server | You need the dataplane_aigateway_oauthprovider_attach permission on the GitHub provider. Contact your ADP administrator to grant this permission. | ## [](#next-steps)Next steps - [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/) - [User-delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/) - [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/) --- # Page 13: Choose an Integration Pattern **URL**: https://docs.redpanda.com/agentic-data-plane/connect/integration-overview.md --- # Choose an Integration Pattern > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Choose an Integration Pattern latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: integration-overview page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: integration-overview.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/integration-overview.adoc description: Choose the right integration pattern for connecting agents, pipelines, and external applications. page-topic-type: best-practices personas: agent_builder, platform_engineer learning-objective-1: Choose the integration pattern that fits your use case learning-objective-2: Apply appropriate authentication for internal versus external integration learning-objective-3: Select the right communication protocol for your integration scenario page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- Choose the right integration pattern for how your agents, pipelines, and external applications communicate. The pattern you pick determines who initiates the call, how data flows, and whether the interaction is synchronous or event-driven. After reading this page, you will be able to: - Choose the integration pattern that fits your use case - Apply appropriate authentication for internal versus external integration - Select the right communication protocol for your integration scenario ## [](#integration-scenarios)Integration scenarios ADP supports three primary integration scenarios based on who initiates the call and where the caller is located: | Scenario | Description | When to Use | Guide | | --- | --- | --- | --- | | Agent needs capabilities | Your agent invokes MCP tools to fetch data, call APIs, or access external systems on-demand | Agent-initiated, synchronous, interactive workflows | How MCP Servers Work | | Pipeline processes events | Your Redpanda Connect pipeline invokes agents for each event in a stream using the a2a_message processor | Event-driven, automated, high-volume stream processing | Integrate with Redpanda Pipelines | | External system calls agent | Your application or agent (hosted outside ADP) calls ADP agents using the A2A protocol | Backend services, CLI tools, custom UIs, multi-platform agent workflows | Connect Agents with A2A | ## [](#common-use-cases-by-pattern)Common use cases by pattern Each integration pattern serves different scenarios based on how data flows and who initiates the interaction. ### [](#agent-needs-capabilities)Agent needs capabilities (MCP tools) Use MCP tools when your agent needs on-demand access to data or capabilities. The agent decides when to invoke tools as part of its reasoning process. It waits for responses before continuing. This pattern works well for interactive workflows: customer support lookups, approval flows, or context-aware chatbots. Avoid MCP tools for high-volume stream processing or automated workflows without user interaction. Use pipeline-initiated integration instead. For implementation details, see [How MCP Servers Work](https://docs.redpanda.com/agentic-data-plane/connect/mcp-overview/). ### [](#pipeline-processes-events)Pipeline processes events (`a2a_message`) Use the `a2a_message` processor when your pipeline needs to invoke agents for every event in a stream. The pipeline controls when agents execute. This pattern is ideal for automated, high-volume processing where each event requires AI reasoning. Common scenarios include real-time fraud detection, sentiment scoring for customer reviews, and content moderation that classifies and routes content. For implementation details, see [Integrate with Redpanda Pipelines](https://docs.redpanda.com/agentic-data-plane/connect/pipeline-integration-patterns/). ### [](#external-system-calls-agent)External system calls agent Use external integration when your applications, services, or agents hosted outside ADP need to call ADP agents. External systems send requests using the A2A protocol and receive responses synchronously. This works for backend services, CLI tools, custom UIs, and agents hosted on other platforms. Common scenarios include backend services analyzing data as part of workflows, CLI tools invoking agents for batch tasks, custom UIs displaying agent responses, CRM agents coordinating with Redpanda agents, and multi-platform workflows spanning different infrastructure. To learn how the A2A protocol enables this integration, see [Connect Agents with A2A](https://docs.redpanda.com/agentic-data-plane/connect/a2a-concepts/). ## [](#pattern-comparison)Pattern comparison The following table compares the two primary internal integration patterns: | Criterion | Agents Invoking MCP Tools | Pipelines Calling Agents | | --- | --- | --- | | Trigger | User question or agent decision | Event arrival in topic | | Frequency | Ad-hoc, irregular, as needed | Continuous, every event | | Latency | Low (agent waits for response) | Higher (async acceptable) | | Control Flow | Agent decides when to invoke | Pipeline decides when to invoke | | Use Case | "Fetch me data", "Run this query" | "Process this stream", "Enrich all events" | | Human in Loop | Often yes (user-driven) | Often no (automated) | ## [](#security-considerations-for-external-integration)Security considerations for external integration When integrating external applications with ADP agents, protect credentials and tokens. ### [](#protect-service-account-credentials)Protect service account credentials Store the client ID and secret in secure credential stores, not in code. Use environment variables or [secrets management](https://docs.redpanda.com/cloud-data-platform/security/secrets/). Rotate credentials if compromised and restrict access based on the principle of least privilege. ### [](#protect-access-tokens)Protect access tokens Access tokens grant full access to the agent. Anyone with a valid token can send requests, receive responses, and consume agent resources (subject to rate limits). Treat access tokens like passwords and never log them or include them in error messages. ## [](#next-steps)Next steps - [Connect Agents with A2A](https://docs.redpanda.com/agentic-data-plane/connect/a2a-concepts/) - [How MCP Servers Work](https://docs.redpanda.com/agentic-data-plane/connect/mcp-overview/) - [Integrate with Redpanda Pipelines](https://docs.redpanda.com/agentic-data-plane/connect/pipeline-integration-patterns/) --- # Page 14: Integrate with Your Stack **URL**: https://docs.redpanda.com/agentic-data-plane/connect/integrations.md --- # Integrate with Your Stack > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Integrate with Your Stack latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: integrations page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: integrations.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/integrations.adoc description: Choose an integration pattern and connect the Agentic Data Plane to your existing stack, Redpanda pipelines, and developer tools. page-git-created-date: "2026-06-01" page-git-modified-date: "2026-06-04" --- Connect the Agentic Data Plane to your existing systems. Choose an integration pattern, wire in Redpanda pipelines, and use Redpanda ADP from developer tools like Claude Code. - [Choose an Integration Pattern](https://docs.redpanda.com/agentic-data-plane/connect/integration-overview/) Choose the right integration pattern for connecting agents, pipelines, and external applications. - [Integrate with Redpanda Pipelines](https://docs.redpanda.com/agentic-data-plane/connect/pipeline-integration-patterns/) Build Redpanda Connect pipelines that invoke agents for event-driven processing and streaming enrichment. - [Use Claude Code with Redpanda ADP](https://docs.redpanda.com/agentic-data-plane/connect/claude-code/) Route Claude Code through an ADP Anthropic provider for centralized credentials, usage tracking, and transcript logging. Optionally attach ADP-hosted MCP servers. --- # Page 15: BambooHR Managed MCP Server **URL**: https://docs.redpanda.com/agentic-data-plane/connect/managed/bamboohr.md --- # BambooHR Managed MCP Server > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: BambooHR Managed MCP Server latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: managed/bamboohr page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: managed/bamboohr.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/managed/bamboohr.adoc description: Let agents read BambooHR employee, time-off, and performance data with each caller's BambooHR OAuth identity. page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Configure the BambooHR managed MCP server with a BambooHR subdomain and user-delegated OAuth learning-objective-2: Identify the BambooHR tools available to agents learning-objective-3: Test BambooHR tool calls with an authorized user's connection page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- The **BambooHR** managed MCP server lets agents read BambooHR employee directory, time-off, and performance data with the calling user’s OAuth identity. The BambooHR configuration stores the company subdomain and the name of the BambooHR [OAuth Provider](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#oauth-provider) to authenticate against. OAuth credentials and user tokens come from that provider and the [token vault](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#token-vault). After reading this page, you will be able to: - Configure the BambooHR managed MCP server with a BambooHR subdomain and user-delegated OAuth - Identify the BambooHR tools available to agents - Test BambooHR tool calls with an authorized user’s connection ## [](#what-this-mcp-server-does)What this MCP server does Use BambooHR when an agent needs HR context from BambooHR without sharing one upstream API key across every caller. Each caller authorizes with BambooHR, and tool calls run with the BambooHR permissions available to that caller. | Tool | What it does | | --- | --- | | get_employee | Fetches a single employee by ID. Use employee ID 0 to return the authenticated user’s own record. You can pass a comma-separated fields list, or leave it empty to return all fields the caller can access. | | get_employee_directory | Lists all employee directory entries visible to the authenticated user. | | get_time_off_requests | Queries time-off requests by date range. You can filter by employee ID, status, or time-off type. Supported statuses are approved, denied, superceded, requested, and canceled. | | whos_out | Returns absences and holidays in a date range. If you omit dates, the server starts with today and ends 14 days later. | | get_performance_feedback | Returns peer or manager feedback for an employee. You can filter by completed, pending, or all feedback. | ## [](#prerequisites)Prerequisites - A BambooHR workspace where you can create an OAuth 2.0 application. - A BambooHR OAuth Provider in Redpanda ADP. BambooHR OAuth authorize and token endpoints include your company subdomain. - A BambooHR company subdomain, such as `mycompany` for `mycompany.bamboohr.com`. The managed config accepts letters, numbers, and hyphens. - BambooHR users with the permissions required to read the employee, time-off, or performance data your agent needs. ## [](#configure-bamboohr-oauth)Configure BambooHR OAuth In BambooHR, create an OAuth 2.0 application in the BambooHR developer settings. Use the OAuth callback URL for your AI Gateway deployment. Register a BambooHR OAuth Provider in ADP with tenant-specific endpoints: ```text Authorization endpoint: https://api.bamboohr.com/api/gateway.php//v1/oauth2/authorize Token endpoint: https://api.bamboohr.com/api/gateway.php//v1/oauth2/token ``` Store the BambooHR client secret in the ADP secret store, then reference that secret from the OAuth Provider. ## [](#create-the-managed-mcp-server)Create the managed MCP server Create a managed MCP server with the BambooHR type. Set the `subdomain` field and reference the BambooHR OAuth Provider under the `userOauth` auth variant. BambooHR supports per-user OAuth only, so the `userOauth` block is required. The BambooHR managed config holds the company subdomain and the OAuth provider to authenticate against: ```json { "@type": "type.googleapis.com/redpanda.mcps.bamboohr.v1.BambooHRMCPConfig", "subdomain": "mycompany", "userOauth": { "providerName": "bamboohr" } } ``` `userOauth.providerName` is the resource name of the BambooHR OAuth Provider you registered. The provider’s stored per-user token is injected on each tool call. ## [](#authorize-and-test)Authorize and test Before a caller can use BambooHR tools, the caller must authorize the BambooHR OAuth Provider. After authorization, Redpanda stores the user’s access token in the token vault and subsequent tool calls use that token automatically. Test the server in the Inspector before you connect it to an agent. Start with `get_employee_directory` or `get_employee` with employee ID `0`, because both calls confirm that the user’s OAuth connection resolves and BambooHR returns data visible to that user. ## [](#troubleshooting)Troubleshooting | Symptom | What to check | | --- | --- | | Tool calls return permission errors | Confirm the BambooHR user can access the requested HR data. Restricted BambooHR roles can return permission errors, especially for performance data. | | OAuth succeeds, but tool calls fail | Confirm the OAuth Provider endpoints use the same BambooHR subdomain as the MCP server configuration. | | The server cannot find the BambooHR company | Confirm subdomain contains only the part before .bamboohr.com, such as mycompany. | ## [](#next-steps)Next steps - [Configure User-Delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/) - [Test an MCP Server’s Tools with the Inspector](https://docs.redpanda.com/agentic-data-plane/connect/test-tools/) - [Create an Agent](https://docs.redpanda.com/agentic-data-plane/connect/create-agent/) --- # Page 16: Freshservice Managed MCP Server **URL**: https://docs.redpanda.com/agentic-data-plane/connect/managed/freshservice.md --- # Freshservice Managed MCP Server > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Freshservice Managed MCP Server page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: managed/freshservice page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: managed/freshservice.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/managed/freshservice.adoc # Beta release status page-beta: "true" description: Manage Freshworks Freshservice ITSM tickets, assets, change requests, and agents from an agent, with API-key or per-user OAuth authentication. page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Configure the Freshservice managed MCP server in API-key or User-OAuth mode learning-objective-2: Find the Freshservice credentials each mode needs learning-objective-3: List, create, and update tickets, assets, and changes from the Inspector or an agent page-git-created-date: "2026-06-09" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- The Freshservice managed MCP server lets agents work with your Freshworks Freshservice ITSM instance: list and search tickets, read full ticket detail, create and update tickets, browse CMDB assets, open change requests, and look up support agents. After reading this page, you will be able to: - Configure the Freshservice managed MCP server in API-key or User-OAuth mode - Find the Freshservice credentials each mode needs - List, create, and update tickets, assets, and changes from the Inspector or an agent ## [](#what-this-mcp-server-does)What this MCP server does Wraps the Freshservice REST API v2. The following authentication modes are supported: - API key (Basic authentication): A long-lived Freshservice API key sent as the HTTP Basic authentication username, with the literal string `X` as the password. Best for service-account-style use. - User OAuth: Per-user Freshservice OAuth tokens resolved from the gateway’s [token vault](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#token-vault). Best when you want each agent action attributed to the calling end-user. Responses are curated for token efficiency: high-volume fields (routing headers, internal SLA sub-deadlines, spam and email-config flags, agent scoreboards) are dropped before reaching the LLM, and ticket and change descriptions are returned as plain text rather than HTML. Freshservice error response bodies are never forwarded to the caller; only the HTTP status code is surfaced, so API keys and internal request IDs cannot leak into tool error text. ## [](#prerequisites)Prerequisites Before you create the server, make sure you have: - A Freshservice instance and its domain (for example, `mycompany.freshservice.com`). - For API-key mode: the API key from your Freshservice profile (see [Get Freshservice credentials](#get-freshservice-credentials)). - For User-OAuth mode: a Freshservice OAuth app and an [OAuth Provider](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#oauth-provider) configured in Redpanda ADP. See [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/). ## [](#get-freshservice-credentials)Get Freshservice credentials ### [](#option-1-api-key-recommended-for-service-accounts)Option 1: API key (recommended for service accounts) 1. In Freshservice, open **Profile Settings**. 2. Copy the value from the **API Key** section. 3. Store the key in the ADP secret store under a name like `FRESHSERVICE_API_KEY`. The MCP sends the key as the HTTP Basic authentication username with `X` as the password (`base64(:X)`), which is the Freshservice convention. The API key inherits the permissions of the Freshservice user it belongs to, so use an account with the roles your workflows need (agent, asset, and change permissions). ### [](#option-2-user-oauth)Option 2: User OAuth For per-user authentication, register an OAuth app on Freshservice and a matching OAuth Provider in ADP: 1. Register a Freshservice OAuth app at the Freshworks developer portal to obtain a client ID and client secret. 2. Register a matching OAuth Provider in ADP. See [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/). The `freshservice` preset pre-fills the authorization and token endpoints; ADP substitutes your Freshservice subdomain into the `{domain}` placeholders. 3. Each end-user authenticates once through the OAuth flow; tokens are stored in the gateway’s token vault. The OAuth scopes are `read` and `write`. Drop `write` if the MCP only needs to read. ## [](#configure)Configure Create a new Freshservice MCP server in ADP: 1. Open **MCP Servers > Create Server**. 2. Pick `Freshservice` from the marketplace picker. 3. Fill in identity fields (`name`, `description`). 4. In the Freshservice configuration form: | Field | Notes | | --- | --- | | domain | Your Freshservice host, without the https:// scheme or a trailing slash (for example, mycompany.freshservice.com). | | auth | api_key for service-account mode, or user_oauth for per-user mode. | | api_key (API-key mode) | Secret-store reference holding the API key (for example, FRESHSERVICE_API_KEY). UPPER_SNAKE_CASE. | | user_oauth (User-OAuth mode) | The OAuth Provider you configured, and the minimum scopes a user’s connection must have. | 5. Click **Create**. ### [](#configure-from-the-cli)Configure from the CLI For a managed server, set the auth method inside the `--managed-config` JSON. The `auth` field is required. #### API-key mode ```bash rpk ai mcp create --name acme-freshservice --managed-config '{ "@type": "type.googleapis.com/redpanda.mcps.freshservice.v1.FreshServiceMCPConfig", "domain": "mycompany.freshservice.com", "api_key": { "key_secret_ref": "FRESHSERVICE_API_KEY" } }' ``` #### User-OAuth mode ```bash rpk ai mcp create --name acme-freshservice-oauth --managed-config '{ "@type": "type.googleapis.com/redpanda.mcps.freshservice.v1.FreshServiceMCPConfig", "domain": "mycompany.freshservice.com", "user_oauth": { "provider_name": "freshservice-prod", "required_scopes": ["read", "write"] } }' ``` Replace `freshservice-prod` with the name of the OAuth Provider you configured. ## [](#tools)Tools The Freshservice MCP exposes tools across tickets, assets, changes, and agents: | Tool | Description | | --- | --- | | list_tickets | List tickets, with optional status, priority, and page filters. | | get_ticket | Fetch one ticket with its full description text and attachments. | | create_ticket | Open a new incident or service-request ticket. | | update_ticket | Update ticket fields such as status, priority, and assignee. | | list_assets | List CMDB assets, with optional type and page filters. | | get_asset | Fetch one asset with its dynamic type_fields. | | create_change | Open a new change request with planning fields. | | list_agents | List support agents, with optional active and email filters. | ### [](#example-list-open-tickets)Example: List open tickets ```bash curl -s https://aigw..clusters.rdpa.co/mcp/v1/acme-freshservice \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": { "name": "list_tickets", "arguments": { "status": "open", "priority": "urgent" } } }' ``` Replace `` with your cluster ID and `$TOKEN` with a gateway access token. ### [](#example-create-a-ticket)Example: Create a ticket ```bash curl -s https://aigw..clusters.rdpa.co/mcp/v1/acme-freshservice \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "jsonrpc": "2.0", "id": 2, "method": "tools/call", "params": { "name": "create_ticket", "arguments": { "subject": "Laptop will not boot", "description": "Reported by the Dresden office; powers on but no display.", "priority": 2, "status": 2 } } }' ``` ## [](#troubleshooting)Troubleshooting Common symptoms and fixes: | Symptom | What to check | | --- | --- | | freshservice API error (status 401) | Confirm FRESHSERVICE_API_KEY matches the value from Profile Settings, and that the key’s Freshservice user has the roles the operation needs. | | freshservice API error (status 403) | The API key’s Freshservice user lacks permission for the resource (for example, assets or changes). Grant the role or use an account that has it. | | OAuthConnectionRequired (User-OAuth mode) | First call from a user with no stored token. The user completes the Freshservice OAuth consent flow, the token lands in the vault, and later calls reuse it. See User-delegated OAuth. | | scope_upgrade_required (User-OAuth mode) | The server’s required scopes were extended after users consented. Users re-consent with the higher scope. | > 📝 **NOTE** > > Freshservice error bodies are not forwarded to the caller, so tool errors carry only the HTTP status code. Reproduce the call against the Freshservice API directly to see the full error detail. ## [](#next-steps)Next steps - [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/) - [User-delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/) - [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/) --- # Page 17: Grafana Managed MCP Server **URL**: https://docs.redpanda.com/agentic-data-plane/connect/managed/grafana.md --- # Grafana Managed MCP Server > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Grafana Managed MCP Server page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: managed/grafana page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: managed/grafana.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/managed/grafana.adoc # Beta release status page-beta: "true" description: Query Grafana dashboards, datasources, Prometheus metrics, and Loki logs from an agent, and create or update dashboards, using a service-account token. page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Configure the Grafana managed MCP server with a service-account token learning-objective-2: Pick the right service-account role for read versus write workflows learning-objective-3: Search dashboards, query Prometheus and Loki, and upsert dashboards from the Inspector or an agent page-git-created-date: "2026-06-09" page-git-modified-date: "2026-06-09" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- The Grafana managed MCP server lets agents work with a Grafana instance: search dashboards and folders, list datasources, run PromQL queries against Prometheus datasources, run LogQL queries against Loki datasources, and create or update dashboards. After reading this page, you will be able to: - Configure the Grafana managed MCP server with a service-account token - Pick the right service-account role for read versus write workflows - Search dashboards, query Prometheus and Loki, and upsert dashboards from the Inspector or an agent ## [](#what-this-mcp-server-does)What this MCP server does Wraps Grafana’s HTTP API and proxies Prometheus and Loki queries through Grafana’s datasource proxy (`/api/datasources/proxy/uid/{uid}/…​`). A single base URL plus one service-account token covers both the core API and datasource queries, so the gateway makes no separate network connection to the metric or log backends. The tool surface is read-heavy. The one write tool is `create_or_update_dashboard`; there are no tools to mutate alerts or annotations. Authentication is a single shared service-account token, so every caller of this MCP server acts as that service account, and there is no per-user audit trail. Grafana exposes no OAuth client-registration flow for per-user delegation against an arbitrary instance, so the Grafana MCP server does not offer a User-OAuth mode. ## [](#prerequisites)Prerequisites Before you create the server, make sure you have: - A Grafana instance and its base URL (for example, `[https://myorg.grafana.net](https://myorg.grafana.net)`). - Permission to create a service account and a service-account token in Grafana. ## [](#get-grafana-credentials)Get Grafana credentials 1. In Grafana, go to **Administration > Users and access > Service accounts**. 2. Create a service account. Assign the Viewer role to use every read tool. To use `create_or_update_dashboard`, assign Editor (or a custom role with dashboard write permission) instead. 3. On the service account, select **Add service account token**, then copy the generated token (`glsa_…​`). It is shown only once. 4. Store the token in the ADP secret store under a name like `GRAFANA_SERVICE_ACCOUNT_TOKEN`. Note your instance base URL and, if your instance is multi-org, the numeric org ID. ## [](#configure)Configure Create a new Grafana MCP server in ADP: 1. Open **MCP Servers > Create Server**. 2. Pick `Grafana` from the marketplace picker. 3. Fill in identity fields (`name`, `description`). 4. In the Grafana configuration form: | Field | Notes | | --- | --- | | base_url | Base URL of your Grafana instance (for example, https://myorg.grafana.net). | | org_id | Optional. The numeric organization ID for a multi-org instance. Omit it to use the token’s default organization. | | service_account_token | Secret-store reference holding the service-account token (for example, GRAFANA_SERVICE_ACCOUNT_TOKEN). UPPER_SNAKE_CASE. | 5. Click **Create**. ### [](#configure-from-the-cli)Configure from the CLI ```bash rpk ai mcp create --name acme-grafana --managed-config '{ "@type": "type.googleapis.com/redpanda.mcps.grafana.v1.GrafanaMCPConfig", "base_url": "https://myorg.grafana.net", "org_id": "1", "service_account_token": { "key_secret_ref": "GRAFANA_SERVICE_ACCOUNT_TOKEN" } }' ``` ## [](#tools)Tools The Grafana MCP exposes tools across dashboards, datasources, Prometheus, and Loki: | Tool | Description | | --- | --- | | search_dashboards | Search dashboards and folders by query (title substring), tags, and type (dash-db or dash-folder). Returns curated hits (uid, title, type, tags, url, folder). | | get_dashboard_summary | Fetch a curated summary of one dashboard by uid (title, tags, folder, and a compact per-panel list with each panel’s id, title, type, and datasource). | | list_datasources | List configured datasources (uid, name, type, is_default). Use the uid with the query tools. | | query_prometheus | Run an instant or range PromQL query against a Prometheus datasource (datasource_uid, expr, query_type, and time arguments). Returns the raw Prometheus result JSON. | | list_prometheus_metric_names | List metric names in a Prometheus datasource (datasource_uid, optional limit). | | list_prometheus_label_names | List label names in a Prometheus datasource (datasource_uid). | | list_prometheus_label_values | List the values of one label in a Prometheus datasource (datasource_uid, label). | | query_loki_logs | Run a LogQL query against a Loki datasource over a time range (datasource_uid, query, start, end, limit, direction). Returns the raw Loki result JSON. | | list_loki_label_names | List label names in a Loki datasource (datasource_uid, optional start and end). | | list_loki_label_values | List the values of one label in a Loki datasource (datasource_uid, label, optional start and end). | | create_or_update_dashboard | Create a dashboard or update an existing one (upsert on the model’s uid). Arguments: dashboard_json, folder_uid, overwrite, message. Requires an Editor service account. | ### [](#example-list-datasources)Example: List datasources ```bash curl -s https://aigw..clusters.rdpa.co/mcp/v1/acme-grafana \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": { "name": "list_datasources", "arguments": {} } }' ``` Replace `` with your cluster ID and `$TOKEN` with a gateway access token. ### [](#example-run-an-instant-promql-query)Example: Run an instant PromQL query Find the Prometheus datasource `uid` with `list_datasources` first, then query it: ```bash curl -s https://aigw..clusters.rdpa.co/mcp/v1/acme-grafana \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "jsonrpc": "2.0", "id": 2, "method": "tools/call", "params": { "name": "query_prometheus", "arguments": { "datasource_uid": "PBFA97CFB590B2093", "expr": "up", "query_type": "PROM_QUERY_TYPE_INSTANT" } } }' ``` ## [](#troubleshooting)Troubleshooting Common symptoms and fixes: | Symptom | What to check | | --- | --- | | 401 Unauthorized | Confirm GRAFANA_SERVICE_ACCOUNT_TOKEN matches the token Grafana showed at creation, and that the service account is enabled. | | 403 Forbidden on create_or_update_dashboard | The service account has the Viewer role. Assign Editor (or a role with dashboard write permission). | | Wrong organization’s data | The token resolves to its default organization. Set the org_id field to target a specific organization on a multi-org instance. | ## [](#next-steps)Next steps - [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/) - [Test an MCP Server’s Tools with the Inspector](https://docs.redpanda.com/agentic-data-plane/connect/test-tools/) --- # Page 18: Ironclad Managed MCP Server **URL**: https://docs.redpanda.com/agentic-data-plane/connect/managed/ironclad.md --- # Ironclad Managed MCP Server > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Ironclad Managed MCP Server page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: managed/ironclad page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: managed/ironclad.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/managed/ironclad.adoc # Beta release status page-beta: "true" description: Read and manage contracts in Ironclad CLM. Per-user OAuth so each agent action runs as the calling end-user with their own Ironclad permissions. page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Configure the Ironclad managed MCP server with per-user OAuth learning-objective-2: Pick the right region and scopes for your tenant learning-objective-3: List, fetch, and launch contract workflows from an agent page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- The **Ironclad** managed MCP server gives an LLM read and write access to [Ironclad](https://ironcladapp.com/), a contract lifecycle management (CLM) platform. Useful for agents that need to find contracts, check signature status, launch new contracts from templates, or retrieve executed documents. After reading this page, you will be able to: - Configure the Ironclad managed MCP server with per-user OAuth - Pick the right region and scopes for your tenant - List, fetch, and launch contract workflows from an agent ## [](#what-this-mcp-server-does)What this MCP server does Per-user OAuth 2.0 (Authorization Code grant). No static API key is stored in the MCP config; each user authorizes their own Ironclad account through AI Gateway’s OAuth flow. It is **not** a replacement for the Ironclad web UI for complex workflow management or template authoring. ## [](#prerequisites)Prerequisites Before you create the server, make sure you have: - An Ironclad tenant where you can register an OAuth app. - An [OAuth Provider](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#oauth-provider) configured in Redpanda ADP for Ironclad. See [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/). - Familiarity with [User-delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/). ## [](#get-ironclad-credentials)Get Ironclad credentials Set up the OAuth app on Ironclad and the matching OAuth Provider in ADP: 1. Log in to your Ironclad account and go to **Settings > API > OAuth Apps**. 2. Create a new OAuth app. Set the redirect URI to your AI Gateway callback URL (typically `https://aigw..clusters.rdpa.co/oauth/v1/callback`). 3. Select the following scopes: - `public.workflows.readWorkflows` - `public.workflows.readSchemas` - `public.workflows.createWorkflows` - `public.workflows.readDocuments` 4. Copy the `Client ID` and `Client Secret`. 5. In ADP, register an OAuth Provider with: - **Authorization endpoint**: `https://na1.ironcladapp.com/oauth/authorize` (use `eu1` for EU-hosted accounts; `demo` for sandbox) - **Token endpoint**: `https://na1.ironcladapp.com/oauth/token` (adjust region accordingly) - The Client ID and a secret-store reference for the Client Secret ## [](#configure)Configure Create a new Ironclad MCP server in ADP: 1. Open **MCP Servers > Create Server**. 2. Pick `Ironclad` from the marketplace picker. 3. Fill in identity fields (`name`, `description`). 4. In the Ironclad configuration form: | Field | Notes | | --- | --- | | region | IRONCLAD_REGION_NA (default), IRONCLAD_REGION_EU for EU-hosted accounts, or IRONCLAD_REGION_DEMO for sandbox testing. | | OAuth Provider | The Ironclad OAuth Provider you configured. | | Required scopes | public.workflows.readWorkflows, public.workflows.readSchemas, public.workflows.createWorkflows, public.workflows.readDocuments. | 5. Click **Create**. ### [](#configure-from-the-cli)Configure from the CLI Ironclad authenticates per-user through the Ironclad OAuth Provider you configured. Reference that provider in the managed config’s `userOauth.providerName` field. Ironclad supports per-user OAuth only, so the `userOauth` block is required. The `--user-oauth-provider` and `--user-oauth-scopes` flags apply to remote (`--url`) servers only. ```bash rpk ai mcp create --name my-ironclad --managed-config '{ "@type": "type.googleapis.com/redpanda.mcps.ironclad.v1.IroncladMCPConfig", "region": "IRONCLAD_REGION_NA", "userOauth": { "providerName": "ironclad" } }' ``` For EU-hosted accounts, use `"IRONCLAD_REGION_EU"`. For sandbox testing, use `"IRONCLAD_REGION_DEMO"`. `userOauth.providerName` is the resource name of the Ironclad OAuth Provider you registered. ## [](#tools)Tools The Ironclad MCP exposes the following tools: | Tool | Description | | --- | --- | | list_workflows | List contracts with optional status filter and page/per_page pagination. | | get_workflow | Get full details of a contract by workflow_id. | | list_workflow_schemas | List available contract templates with their field IDs. | | create_workflow | Launch a new contract from a template (schema_id + attributes_json). | | list_workflow_documents | List documents attached to a contract. | ### [](#example-find-all-contracts-awaiting-signature)Example: Find all contracts awaiting signature ```bash curl -X POST https://aigw..clusters.rdpa.co/mcp/v1/my-ironclad \ -H "Authorization: Bearer " \ -H "Content-Type: application/json" \ -d '{ "jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": { "name": "list_workflows", "arguments": {"status": "signing", "per_page": 10} } }' ``` ## [](#troubleshooting)Troubleshooting Common symptoms and fixes: | Symptom | What to check | | --- | --- | | OAuthConnectionRequired | First call from a user with no stored token. The user completes Ironclad’s OAuth consent flow, the token lands in the vault, and subsequent calls reuse it. | | scope_upgrade_required | Server’s required_scopes was extended after users had already consented. Users re-consent with the higher scope. | | Wrong region results | Confirm the Region field matches your Ironclad tenant. EU-hosted accounts use IRONCLAD_REGION_EU; sandbox tenants use IRONCLAD_REGION_DEMO. | | schema_id not found in create_workflow | Run list_workflow_schemas first to get valid IDs for your tenant. | ## [](#limitations)Limitations This page does not cover: - **Template authoring**: Define templates in the Ironclad web UI, then reference them by `schema_id`. - **eSignature flows**: Handled inside Ironclad; this MCP launches and reads workflow state. ## [](#next-steps)Next steps - [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/) - [User-delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/) - [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/) --- # Page 19: Jira Managed MCP Server **URL**: https://docs.redpanda.com/agentic-data-plane/connect/managed/jira.md --- # Jira Managed MCP Server > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Jira Managed MCP Server page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: managed/jira page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: managed/jira.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/managed/jira.adoc # Beta release status page-beta: "true" description: Let agents search, read, and manage Jira issues using either a shared API token or each end-user's own Atlassian identity through user-delegated OAuth. page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Configure the Jira managed MCP server with Basic authentication or Atlassian's OAuth flow learning-objective-2: Pick the right scopes for the tools your agents use learning-objective-3: Walk a user through the consent flow and verify the connection page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- The **Jira** managed MCP server lets agents search, read, and manage Jira issues. It authenticates with either a shared API token (Basic authentication) or, for per-user identity, user-delegated OAuth. With OAuth it’s the enterprise counterpart to [the Slack setup guide](https://docs.redpanda.com/agentic-data-plane/connect/managed/slack/), and Atlassian’s flow has its own scope model and quirks worth calling out. After reading this page, you will be able to: - Configure the Jira managed MCP server with Basic authentication or Atlassian’s OAuth flow - Pick the right scopes for the tools your agents use - Walk a user through the consent flow and verify the connection ## [](#what-this-mcp-server-does)What this MCP server does The Jira managed type exposes the following read tools: - `query`: Search for issues using a JQL query. Returns the matching issues as JSON. - `get_issue`: Retrieve a single issue by its key, for example `PROJ-123`. - `list_projects`: Return visible Jira projects, optionally filtered by a search query. - `get_transitions`: Return the available workflow transitions for an issue. It also exposes the following write tools: - `create_issue`: Create a new issue. - `update_issue`: Update fields on an existing issue. - `transition_issue`: Move an issue to a new workflow state. - `add_comment`: Add a comment to an issue. - `add_worklog`: Log time spent on an issue. - `create_issue_link`: Create a directional link between two issues. ## [](#prerequisites)Prerequisites - A Jira (Atlassian Cloud) site and its base URL, for example `[https://mycompany.atlassian.net](https://mycompany.atlassian.net)`. - Credentials for one of the following authentication modes: - `Basic auth`: An Atlassian account email and an API token from `id.atlassian.com`, with the token stored in the Redpanda ADP secret store. - `User-delegated OAuth`: An Atlassian OAuth 2.0 (3LO) app registered against `[https://api.atlassian.com](https://api.atlassian.com)`, plus an [OAuth Provider](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#oauth-provider) in Redpanda ADP configured for Atlassian’s authorize/token URLs and carrying the app’s client credentials. See [Configure User-Delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/). ## [](#atlassians-scope-model-user-delegated-oauth)Atlassian’s scope model (user-delegated OAuth) When you use user-delegated OAuth, Atlassian uses a granular, prefixed scope namespace. The tools need: | Scope | Allows | | --- | --- | | read:jira-user | Read user profile. | | read:jira-work | Read issues, projects, sprints, and so on. Required by the read tools. | | write:jira-work | Create and update issues, transitions, comments, and worklogs. Required by the write tools. | | offline_access | Issue a refresh token so Redpanda can refresh expired access tokens. Required for any long-lived MCP server: without it, tokens expire after one hour and users re-consent every time. | > 📝 **NOTE** > > Always include `offline_access` in `required_scopes`. Without it, `OAuthTokenExpired` will hit users every hour. ## [](#configure)Configure 1. Open **MCP Servers > Create Server**. 2. Pick **Jira** from the marketplace picker. 3. Fill in identity fields (`name`, `description`). 4. In the Jira configuration form: - `Base URL`: Your Jira instance URL, for example `[https://mycompany.atlassian.net](https://mycompany.atlassian.net)`. - `Max results per page` (optional): Page size for paginated queries. Defaults to `50`. - `Auth`: Choose `Basic auth` or `User-delegated OAuth`. - For `Basic auth`: Provide the account email and the API-token secret reference. - For `User-delegated OAuth`: Pick the Atlassian OAuth Provider you configured, and set `Required scopes` to at least `read:jira-user`, `read:jira-work`, and `offline_access`. Add `write:jira-work` if your agents use the write tools. 5. Click **Create**. ## [](#test-the-consent-flow)Test the consent flow 1. Open the **Inspector** tab. 2. Run an issue-search tool with a small JQL filter. 3. The first call returns `OAuthConnectionRequired` with an Atlassian `authorize_url`. The Inspector surfaces it as a consent prompt. 4. Click **Authorize**. Atlassian asks you to pick a site (Cloud instance) and approve scopes. 5. Atlassian redirects back. Your connection appears under **Connections** with a site label. 6. Re-run the search; results come back. ## [](#use-with-agents)Use with agents Point an agent at the **API URL** on the server’s detail page. Each user calling the agent will trigger their own consent flow on first call. With user-delegated OAuth, define the server’s `required_scopes` to include every scope the tools need: Atlassian doesn’t allow per-tool scope upgrades, so the user consents once with the full set. ## [](#troubleshooting)Troubleshooting | Symptom | What to check | | --- | --- | | OAuthTokenExpired after about an hour | offline_access wasn’t in required_scopes at consent time. Update the server config and have users re-consent. | | "Resource not found" for a project the user has access to | Atlassian’s OAuth grants are site-scoped. The user authorized for one Cloud instance; the project lives on another. They need to re-consent with the second site. | | scope_upgrade_required after widening scopes | You added a scope to required_scopes after users had already consented. Users re-consent with the higher scope. | | invalid_grant during refresh | Refresh tokens expire if unused for ~90 days. The user re-consents. | ## [](#limitations)Limitations - **Atlassian app management**: The OAuth app and its callback URLs are managed in `developer.atlassian.com`, not in ADP. - **Jira Server / Data Center** (self-hosted): This MCP type targets Atlassian Cloud. Self-hosted Jira may need a self-managed MCP server instead. See [Register a self-managed MCP server](https://docs.redpanda.com/agentic-data-plane/connect/register-remote/). - **Confluence access**: Separate scope namespace; not exposed by this MCP server. ## [](#next-steps)Next steps - [Configure User-Delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/) - [Test an MCP Server’s Tools with the Inspector](https://docs.redpanda.com/agentic-data-plane/connect/test-tools/) - [Create an Agent](https://docs.redpanda.com/agentic-data-plane/connect/create-agent/) --- # Page 20: Kafka Managed MCP Server **URL**: https://docs.redpanda.com/agentic-data-plane/connect/managed/kafka.md --- # Kafka Managed MCP Server > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Kafka Managed MCP Server page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: managed/kafka page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: managed/kafka.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/managed/kafka.adoc # Beta release status page-beta: "true" description: Produce messages to topics on Kafka or Redpanda brokers through a managed MCP server hosted in the Agentic Data Plane. page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Configure the Kafka managed MCP server against a Kafka or Redpanda cluster learning-objective-2: Produce a test message through the Inspector learning-objective-3: Pick the right SASL mechanism for your broker (PLAIN or SCRAM-SHA-256/512) page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-09" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- The **Kafka** managed MCP server lets agents produce messages to topics on either an Apache Kafka cluster or a Redpanda cluster. Despite the name, it works against any Kafka-compatible broker. After reading this page, you will be able to: - Configure the Kafka managed MCP server against a Kafka or Redpanda cluster - Produce a test message through the Inspector - Pick the right SASL mechanism for your broker (PLAIN or SCRAM-SHA-256/512) ## [](#what-this-mcp-server-does)What this MCP server does The Kafka managed type proxies a managed Kafka producer. It exposes the following tool: - `produce`: Send a message to a Kafka topic, with an optional key, an optional partition, and optional headers. Consuming messages, listing topics, and inspecting metadata are not currently exposed by this managed type. To read from topics, use a [self-managed MCP server](https://docs.redpanda.com/agentic-data-plane/connect/register-remote/) or Redpanda Connect. ## [](#prerequisites)Prerequisites - A Kafka or Redpanda cluster reachable from the Agentic Data Plane. - The cluster’s bootstrap servers and SASL/TLS settings. - For SCRAM or PLAIN: Secrets in the Redpanda ADP secret store for the username and password (`UPPER_SNAKE_CASE`, for example `KAFKA_SASL_USER` and `KAFKA_SASL_PASSWORD`). ## [](#configure)Configure 1. Open **MCP Servers > Create Server**. 2. Pick **Kafka** from the marketplace picker. 3. Fill in the identity fields (`name`, `description`). 4. In the Kafka configuration form, provide: - `Seed brokers`: Bootstrap broker addresses for the cluster. - `TLS`: Enable for production. You can optionally skip certificate verification for local development only. - `SASL mechanism`: `PLAIN`, `SCRAM-SHA-256`, or `SCRAM-SHA-512`. Leave empty to disable SASL. - `Username / password`: `UPPER_SNAKE_CASE` secret references for the SASL credentials. - `Compression` (optional): Defaults to `lz4`. - `Max in-flight` (optional): Maximum number of in-flight produce requests. Defaults to `10`. - `Timeout` (optional): Produce request timeout. Defaults to `10s`. 5. Click **Create**. ## [](#test)Test 1. Open the **Inspector** tab on the server’s detail page. 2. In **Tools**, select the `produce` tool. 3. Produce a test message to a sandbox topic and confirm a successful response. 4. Verify the message landed by consuming the topic with `rpk topic consume` or another Kafka client. See [Test an MCP Server’s Tools with the Inspector](https://docs.redpanda.com/agentic-data-plane/connect/test-tools/) for general Inspector usage. ## [](#authentication)Authentication The Kafka managed type’s authentication is part of its config, not the generic MCP authentication modes: it uses Kafka protocol authentication (SASL over TLS), not MCP authentication. | Mechanism | Use when | | --- | --- | | PLAIN | Username and password over TLS. Common for managed Kafka services. | | SCRAM-SHA-256 / SCRAM-SHA-512 | Salted challenge-response. Default for Redpanda. | TLS controls transport encryption: enable it, and optionally skip certificate verification for development. Client-certificate (mTLS) and `OAUTHBEARER` authentication are not currently supported by this managed type. ## [](#use-with-agents)Use with agents Once the Kafka server is created, point an agent at the **API URL** on the server’s detail page. The agent can then produce messages to topics through the exposed `produce` tool. ## [](#troubleshooting)Troubleshooting | Symptom | What to check | | --- | --- | | connection refused or dial timeout | Brokers aren’t reachable from ADP egress. Confirm bootstrap addresses and any private-network requirements. | | SASL authentication failed | Check username/password reference content and the SASL mechanism. | | TLS handshake error | Certificate chain isn’t trusted, or you’ve enabled TLS against a plaintext broker. Confirm broker config. | | unknown topic or partition | The target topic doesn’t exist on the broker. Create it first, or confirm the topic name. | ## [](#limitations)Limitations - **Reading and administration**: This server only produces messages. Consuming, listing topics, and managing topics or ACLs aren’t exposed. Use rpk, a Kafka client, or Redpanda Connect. - **Schema registry**: Not exposed by this MCP server. - **Streaming joins or processing**: For stream processing, use Redpanda Connect. --- # Page 21: Plug in an App, Database, or Tool **URL**: https://docs.redpanda.com/agentic-data-plane/connect/managed/managed-catalog.md --- # Plug in an App, Database, or Tool > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Plug in an App, Database, or Tool latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: managed/managed-catalog page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: managed/managed-catalog.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/managed/managed-catalog.adoc description: Reference of every managed MCP server type Redpanda hosts in-process, grouped by category, with display name, description, and a link to a setup guide where one exists. page-topic-type: reference personas: agent_builder, platform_engineer page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-12" --- Managed MCP servers are in-process implementations Redpanda hosts for you. Each type has a fixed set of [tools](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#tool) and a type-specific configuration schema. To create one, open **MCP Servers > Create Server** in Redpanda ADP and pick the type from the marketplace picker. See [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/) for the full create flow. This catalog lists the managed MCP server types Redpanda registers by default, grouped by category. ## [](#choosing-managed-vs-self-managed)Choosing managed vs. self-managed | Question | Choose managed when… | | --- | --- | | Who hosts and operates the server? | You want Redpanda to host it. | | Where do upstream credentials live? | You’re happy storing them in the ADP secret store. | | Do you need custom tool logic? | The fixed tool set of the managed type covers your use case. | | Do you need per-user identities at the upstream? | The managed type supports user-delegated OAuth for that system. | If any of these answers are "no," prefer [a self-managed server](https://docs.redpanda.com/agentic-data-plane/connect/register-remote/) instead. ## [](#ai)AI | Display name | Description | Setup guide | | --- | --- | --- | | AWS Bedrock (beta) | Invoke foundation models (Claude, Llama, Titan) on AWS Bedrock. | | | Cohere (beta) | Generate embeddings and chat completions with the Cohere API. | | | OpenAI (beta) | Chat completions, embeddings, and tools with the OpenAI API. | | ## [](#aws)AWS | Display name | Description | Setup guide | | --- | --- | --- | | AWS S3 (beta) | Read, write, and manage objects in Amazon S3 buckets. | | | AWS SNS (beta) | Publish and manage topics on AWS Simple Notification Service. | | | AWS SQS (beta) | Send, receive, and manage messages on AWS Simple Queue Service. | | ## [](#communication)Communication | Display name | Description | Setup guide | | --- | --- | --- | | Discord (beta) | Post messages, read channels, and manage servers on Discord. | | | Freshservice (beta) | Manage ITSM tickets, assets, and change requests in Freshworks Freshservice. | Setup guide | | GitHub (Read) | Read-only access to GitHub repositories, pull requests, commits, and code. | Setup guide | | Jira (beta) | Manage Jira issues, projects, and workflows. | Setup guide | | Pylon (beta) | Search and manage Pylon issues, accounts, contacts, and knowledge-base articles. | | | ServiceNow (beta) | Create and manage ServiceNow incidents, knowledge articles, and records. | Setup guide | | Slack (beta) | Post messages and read channels on Slack. | Setup guide | | Zendesk (beta) | Search and manage Zendesk Support tickets, users, and Help Center articles. | Setup guide | ## [](#database)Database | Display name | Description | Setup guide | | --- | --- | --- | | Elasticsearch (beta) | Query and index documents in an Elasticsearch cluster. | | | Metabase (beta) | Search tables and metrics, run queries, and inspect saved questions in Metabase. | Setup guide | | MongoDB (beta) | Query collections and documents in MongoDB. | | | Qdrant (beta) | Vector search over a Qdrant collection. | | | Redis (beta) | Read, write, and query keys in Redis. | | | SQL (beta) | Query SQL databases (Postgres, MySQL, ClickHouse, MSSQL, SQLite) with MCP. | Setup guide | ## [](#google)Google | Display name | Description | Setup guide | | --- | --- | --- | | GCP Pub/Sub (beta) | Publish and subscribe to topics on Google Cloud Pub/Sub. | | | Gmail (beta) | Read and send emails via Gmail with a service account or per-user OAuth. | | | Google Calendar | Read and manage Google Calendar events and schedules. | | | Google Drive | Read and search files in Google Drive. | | ## [](#streaming)Streaming | Display name | Description | Setup guide | | --- | --- | --- | | Kafka (beta) | Produce, consume, and inspect topics on Kafka or Redpanda brokers. | Setup guide | | NATS (beta) | Publish and subscribe on NATS and NATS JetStream. | | ## [](#utility)Utility | Display name | Description | Setup guide | | --- | --- | --- | | Azure AD (beta) | Manage Azure Active Directory users and groups with Microsoft Graph API. | | | BambooHR | Access employee directory, time-off, and performance data from BambooHR. | Setup guide | | BILL (bill.com) (beta) | Manage accounts-payable bills, vendors, AR invoices, payments, and customers in BILL. | | | DocuSign (beta) | Send, track, and manage DocuSign signing envelopes. | | | Grafana (beta) | Query Grafana dashboards, datasources, Prometheus metrics and Loki logs, and create or update dashboards. | Setup guide | | Greenhouse (beta) | Manage jobs, candidates, and applications in Greenhouse ATS. | | | Ironclad (beta) | Read and manage contracts in Ironclad CLM. | Setup guide | | Morningstar Portfolio Analytics (beta) | Run X-Ray, performance, risk-score, hypothetical, and ESG analytics on caller-supplied portfolios with Morningstar Direct Web Services. | | | Morningstar Securities (beta) | Search, retrieve, screen, and pull research on funds and equities with the Morningstar Direct Web Services Investment Analysis API. | | | NetSuite (beta) | Query Oracle NetSuite records and run SuiteQL with the SuiteTalk REST API. | Setup guide | | Okta (beta) | Manage Okta users and groups. | | | OpenAPI (beta) | Expose any OpenAPI/Swagger HTTP API as MCP tools. | Setup guide | | Ramp (beta) | Manage Ramp corporate cards, transactions, spend limits, and reimbursements. | Setup guide | | Salesforce | Query, create, update, and delete Salesforce CRM records using SOQL and the REST API, and run and inspect saved Salesforce reports. | Setup guide | | SharePoint (beta) | Access SharePoint sites, document libraries, lists, and files through the Microsoft Graph API. | Setup guide | | Text Chunker (beta) | Split and chunk text for RAG and LLM ingestion pipelines. | | | Workday (beta) | Drive Workday Human Resources business processes with SOAP. | Setup guide | ## [](#next-steps)Next steps - [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/) - [Test an MCP Server’s Tools with the Inspector](https://docs.redpanda.com/agentic-data-plane/connect/test-tools/) - [Configure User-Delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/) --- # Page 22: Metabase Managed MCP Server **URL**: https://docs.redpanda.com/agentic-data-plane/connect/managed/metabase.md --- # Metabase Managed MCP Server > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Metabase Managed MCP Server page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: managed/metabase page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: managed/metabase.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/managed/metabase.adoc # Beta release status page-beta: "true" description: Give an LLM agent read-and-query access to a Metabase analytics instance through the semantic layer (search, get_table, query metrics) and SQL escape hatches (run_native_query, run_card). page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Configure the Metabase managed MCP server with a v0.49+ API key bound to the right Metabase group learning-objective-2: Identify when to use semantic-layer tools (search, get_metric, query) versus the native-SQL escape hatches (run_native_query, run_card) learning-objective-3: Run a metric-first analysis against your Metabase instance from the Inspector or an agent page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- The **Metabase** managed MCP server lets agents read and query a Metabase analytics instance. The tool surface is a hybrid of Metabase’s semantic-layer primitives (tables, metrics, fields, dimensions) and SQL-first escape hatches (native queries and saved questions), wrapping the Metabase REST API with a long-lived API key. After reading this page, you will be able to: - Configure the Metabase managed MCP server with a v0.49+ API key bound to the right Metabase group - Identify when to use semantic-layer tools (`search`, `get_metric`, `query`) versus the native-SQL escape hatches (`run_native_query`, `run_card`) - Run a metric-first analysis against your Metabase instance from the Inspector or an agent ## [](#what-this-mcp-server-does)What this MCP server does Metabase is a self-service analytics platform that exposes data through a **semantic layer** (tables, metrics, fields) plus a SQL editor for ad-hoc native queries. This MCP wraps the Metabase REST API so an LLM can: - Search the semantic layer for relevant tables, metrics, saved questions, and dashboards. - Retrieve a table or metric’s structure (fields, dimensions, related tables). - Run a structured query against a metric or table with filters, group-by, and limits. - Run a saved question (card) or a hand-written native SQL query. The agent’s preferred path is **metric-first**: discover what already exists, fetch the metric’s definition, and call `query` against it so the aggregation logic stays human-vetted. The SQL escape hatches (`run_native_query`, `run_card`) are available when the semantic layer cannot express the question, but a metric is strictly safer because it forecloses common analytics mistakes (averaging averages, double-counting joined rows). It is **not** a Metabase admin tool. Creating dashboards, editing cards, configuring data sources, and managing users live in the Metabase admin UI. ## [](#authentication-model)Authentication model Metabase API keys (v0.49+) inherit the **permissions of the group they’re bound to**. The MCP sends the resolved key in the `X-API-Key` header on every upstream request. The Metabase MCP uses one API key per MCP instance, applied to every tool call, with no per-user delegation. To give different agents different access, mount multiple MCP instances bound to different Metabase groups. Auth is implemented as `oneof auth { StaticKeyAuth api_key }` (single variant today, future-proof for adding session or OAuth modes without a wire-format break). ## [](#prerequisites)Prerequisites Before you create the server, make sure you have: - A Metabase instance on v0.49 or later (API keys are not available on older versions). - Admin access to the Metabase instance to mint an API key. - A Metabase **group** with the right permissions for the data you want the agent to access (typically `Native query editing` on the relevant databases plus `View` on the relevant collections). - One Redpanda ADP secret-store entry for the API key. Secret references must be `UPPER_SNAKE_CASE`, for example `METABASE_API_KEY`. ## [](#get-a-metabase-api-key)Get a Metabase API key Mint the key in the Metabase admin UI: 1. Sign in to your Metabase instance as an admin. 2. Open **Settings > Authentication > API keys**. 3. Click **Create API key**. 4. Give the key a descriptive name, for example `redpanda-mcp`. 5. Bind the key to a group whose permissions match the access you want the agent to have. For an analytics agent, an `Analytics` group with `Native query editing` on the relevant databases and `View` on the relevant collections is typical. 6. Copy the key. Metabase shows it only once. 7. Save the key in your ADP secret store under a name like `METABASE_API_KEY`. > 📝 **NOTE** > > Permission errors surface from the upstream Metabase API as `metabase API error (status 4xx)`. Fix by adjusting the bound group’s permissions in Metabase, not by re-issuing a different key. ## [](#configure)Configure Create a new Metabase MCP server in ADP: 1. Open **MCP Servers > Create Server**. 2. Pick **Metabase** from the marketplace picker. 3. Fill in identity fields (`name`, `description`). 4. In the Metabase configuration form: | Field | Notes | | --- | --- | | Base URL | Your Metabase instance URL, for example https://metabase.mycompany.com. No trailing slash. | | API key ref | Secret-store reference for the Metabase API key (UPPER_SNAKE_CASE). Example: METABASE_API_KEY. | 5. Click **Create**. ### [](#configure-from-the-cli)Configure from the CLI Run `rpk ai mcp create` with the Metabase managed-config payload: ```bash rpk ai mcp create --name metabase --managed-config '{ "@type": "type.googleapis.com/redpanda.mcps.metabase.v1.MetabaseMCPConfig", "base_url": "https://metabase.mycompany.com", "api_key": { "key_secret_ref": "METABASE_API_KEY" } }' ``` The `api_key` field wraps the shared `StaticKeyAuth`; `key_secret_ref` is the bare secret-store key name (`UPPER_SNAKE_CASE`). ## [](#tools)Tools The Metabase MCP exposes tools across a semantic-layer surface and a SQL-first surface. The agent’s preferred path is the semantic-layer surface; the SQL-first surface is an escape hatch. ### [](#semantic-layer-tools)Semantic-layer tools These six tools cover discovery, schema lookup, and structured queries against pre-vetted metrics. | Tool | Description | | --- | --- | | search | Run Metabase’s universal search across tables, metrics, saved questions, dashboards, and collections. Use this first to discover existing analyses before constructing a fresh query. | | get_table | Retrieve a table’s fields, related tables, and metrics defined on it. The field list is what the agent uses to write correct filters and group-bys. | | get_table_field_values | Sample values plus a small statistical summary for one field on a table. Useful before writing a filter; the agent can check actual cardinality and value shape rather than guessing. | | get_metric | Retrieve a metric definition with its queryable dimensions. Metrics are pre-vetted aggregations; calling query against a metric is strictly preferred over hand-rolled SQL when the measure already exists. | | get_metric_field_values | Sample values for a dimension of a metric. Same role as get_table_field_values, scoped to a metric’s queryable dimensions. | | query | One-shot structured query against a table OR a metric, with optional group_by_field_ids, filters (MBQL JSON snippets), and limit. Returns typed columns and rows. | ### [](#sql-first-escape-hatches)SQL-first escape hatches These five tools let an agent enumerate databases, run native SQL, and execute saved questions when the semantic layer cannot express the question. | Tool | Description | | --- | --- | | list_databases | Enumerate the databases Metabase is connected to. The id returned here is what get_table, list_tables, run_native_query, and query take as the database reference. | | list_tables | List tables in a database, optionally filtered by schema. Use this when browsing schema by name; search is the right tool when looking by keyword. | | run_native_query | Execute a native (raw SQL) query against a database. Escape hatch for cases the semantic layer cannot express; prefer query against a metric or table when possible. | | get_card | Retrieve a saved question’s definition (name, description, database, display type, native SQL when applicable). Use this to inspect an analysis a human curated. | | run_card | Execute a saved question and return its result rows. The card carries its own database, query, and parameters; this RPC just runs it as-is. | ## [](#examples)Examples The examples in this section assume `[https://aigw..clusters.rdpa.co/mcp/v1/metabase](https://aigw.\.clusters.rdpa.co/mcp/v1/metabase)` is your MCP server URL and that you’ve already authenticated to the gateway. ### [](#discover-what-exists-then-query-a-metric)Discover what exists, then query a metric Search for revenue-related objects: ```bash curl -sS -X POST https://aigw..clusters.rdpa.co/mcp/v1/metabase \ -H 'Authorization: Bearer ' \ -H 'Content-Type: application/json' \ -d '{ "jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": { "name": "search", "arguments": { "q": "revenue", "models": ["metric", "card"], "page_size": 10 } } }' | jq ``` If `search` returns a metric like `{ "model": "metric", "id": 200, "name": "Monthly Revenue", …​ }`, fetch its dimensions: ```bash curl -sS -X POST https://aigw..clusters.rdpa.co/mcp/v1/metabase \ -H 'Authorization: Bearer ' \ -H 'Content-Type: application/json' \ -d '{ "jsonrpc": "2.0", "id": 2, "method": "tools/call", "params": { "name": "get_metric", "arguments": { "metric_id": 200 } } }' | jq ``` Then run the metric grouped by one of its dimensions (the `field_id` values come from the previous response’s `dimensions[]`): ```bash curl -sS -X POST https://aigw..clusters.rdpa.co/mcp/v1/metabase \ -H 'Authorization: Bearer ' \ -H 'Content-Type: application/json' \ -d '{ "jsonrpc": "2.0", "id": 3, "method": "tools/call", "params": { "name": "query", "arguments": { "database_id": 5, "metric_id": 200, "group_by_field_ids": [12], "limit": 1000 } } }' | jq ``` ### [](#native-sql-escape-hatch)Native SQL escape hatch When a question genuinely needs raw SQL (for example, multi-CTE windowed analysis Metabase’s MBQL doesn’t express), drop down to `run_native_query`: ```bash curl -sS -X POST https://aigw..clusters.rdpa.co/mcp/v1/metabase \ -H 'Authorization: Bearer ' \ -H 'Content-Type: application/json' \ -d '{ "jsonrpc": "2.0", "id": 4, "method": "tools/call", "params": { "name": "run_native_query", "arguments": { "database_id": 5, "query": "SELECT date_trunc(\"month\", created_at) AS m, count(*) FROM orders GROUP BY 1 ORDER BY 1 DESC LIMIT 12" } } }' | jq ``` The bound group’s permissions on the target database determine whether the call succeeds. A key bound to a group without `Native query editing` on the database returns a 403. ## [](#notes-and-limits)Notes and limits Five behaviors are worth knowing before you point an agent at the server: - **Permissions follow the API key’s group.** The MCP doesn’t bypass Metabase’s permission system; permission errors surface as `metabase API error (status 4xx)`. Fix the group, not the MCP. - **Metric vs. saved question.** In Metabase v0.50+ both metrics and saved questions are stored as cards (`/api/card/:id`). `get_metric` validates that the card’s `type == "metric"` and surfaces queryable dimensions; `get_card` works on any card. `run_card` runs whatever is saved. - **Sample database.** The `list_databases` tool exposes Metabase’s bundled Sample Database with an `is_sample` flag set. Agents should usually exclude it from real analyses. - **Body cap.** Query results are capped at 25 MiB on the gateway-side wrapper. Queries that exceed the cap return an error rather than blowing up the agent’s context. Lower the `limit` argument on `query` or `run_native_query` if you hit it. - **Response curation.** The MCP drops Metabase’s internal indexing metadata (search ranking signals, fingerprint blobs, embedded user objects, per-column metadata blobs) so each response is 60–85% smaller than the raw REST API would return. Agents see clean, action-relevant fields. ## [](#troubleshooting)Troubleshooting Common symptoms and fixes: | Symptom | What to check | | --- | --- | | metabase API error (status 401) | API key is invalid or has been revoked. Mint a new key in Settings > Authentication > API keys and update the secret in the ADP secret store under the same name. | | metabase API error (status 403) | The API key’s group lacks the required permission. Check the group’s database and collection permissions in Admin > Permissions. | | metabase API error (status 404) on get_table or get_metric | The table_id or metric_id doesn’t exist in the bound database. Confirm the ID with search or list_tables first. | | Query returns an error about exceeding the body cap | Result set exceeds 25 MiB. Lower limit on the query, or pre-aggregate by calling query against a metric. | | Agent keeps calling run_native_query instead of query | Confirm the relevant metric exists and has queryable dimensions. The agent prefers metrics when search or get_table surfaces them. | ## [](#limitations)Limitations This page does not cover: - **Metabase administration.** Creating dashboards, editing cards, configuring data sources, and managing users live in the Metabase admin UI or its `/api/setup` endpoints. - **Per-user delegation.** The MCP uses one shared API key per instance. To give different agents different access, mount multiple MCP instances bound to different Metabase groups. - **Metabase MBQL reference.** See Metabase’s own documentation for the full MBQL filter shape; the MCP passes `filters` arguments through verbatim. ## [](#next-steps)Next steps - [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/) - [Test a server’s tools](https://docs.redpanda.com/agentic-data-plane/connect/test-tools/) - [Plug in an App, Database, or Tool](https://docs.redpanda.com/agentic-data-plane/connect/managed/managed-catalog/) --- # Page 23: NetSuite Managed MCP Server **URL**: https://docs.redpanda.com/agentic-data-plane/connect/managed/netsuite.md --- # NetSuite Managed MCP Server > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: NetSuite Managed MCP Server page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: managed/netsuite page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: managed/netsuite.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/managed/netsuite.adoc # Beta release status page-beta: "true" description: Let agents read NetSuite records and run SuiteQL with each caller's NetSuite OAuth identity. page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Configure the NetSuite managed MCP server with account ID and user-delegated OAuth learning-objective-2: Identify the NetSuite read-only tools available to agents learning-objective-3: Test NetSuite tool calls with an authorized user's connection page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-09" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- The **NetSuite** managed MCP server lets agents query Oracle NetSuite records and run SuiteQL with the calling user’s OAuth identity. The server wraps SuiteTalk REST APIs and exposes read-only tools for records, customers, sales orders, and items. After reading this page, you will be able to: - Configure the NetSuite managed MCP server with account ID and user-delegated OAuth - Identify the NetSuite read-only tools available to agents - Test NetSuite tool calls with an authorized user’s connection ## [](#what-this-mcp-server-does)What this MCP server does Use NetSuite when an agent needs ERP, finance, or accounting context from records that a NetSuite user can already read. Every tool is read-only. | Tool | What it does | | --- | --- | | suite_ql_query | Runs a SuiteQL query and returns rows as JSON. Use this tool for joins, aggregates, and cross-record analysis. | | get_record | Fetches one record by record type and internal ID. You can expand sub-resources, such as line items and addresses. | | list_records | Lists records of a type with optional NetSuite filter expression and paging. Use typed helpers when they fit. | | get_customer | Fetches a customer record by internal ID. | | list_customers | Lists customers with optional company name, email, modified-since, inactive, and paging filters. | | list_sales_orders | Lists sales orders with optional customer ID, date range, status, modified-since, and paging filters. | | search_items | Searches inventory and service items by SKU, display name, item type, inactive flag, and paging filters. | The managed server does not expose write tools, saved-search execution, or report execution. ## [](#prerequisites)Prerequisites - A NetSuite Integration Record that uses OAuth 2.0 Authorization Code grant. - A NetSuite [OAuth Provider](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#oauth-provider) in Redpanda ADP for the same account. - Your NetSuite account ID. Production accounts use a numeric ID such as `1234567`. Sandbox accounts include a suffix such as `1234567_SB1`; release-preview accounts can use a suffix such as `1234567_RP1`. - NetSuite users with the **REST Web Services** permission on at least one role. ## [](#configure-netsuite-oauth)Configure NetSuite OAuth In NetSuite, create an Integration Record with OAuth 2.0 enabled. Set the redirect URI to the OAuth callback URL for your AI Gateway deployment. Select the **REST Web Services** scope. Find your account ID under **Setup > Company > Company Information > ACCOUNT ID**. The managed server normalizes underscores to hyphens when it builds the SuiteTalk host. Register a NetSuite OAuth Provider in ADP with account-scoped endpoints: ```text Authorization endpoint: https://.app.netsuite.com/app/login/oauth2/authorize.nl Token endpoint: https://.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token Scopes: rest_webservices ``` Store the NetSuite client secret in the ADP secret store, then reference that secret from the OAuth Provider. ## [](#create-the-managed-mcp-server)Create the managed MCP server Create a managed MCP server with the NetSuite type. NetSuite authentication is part of the managed config, so include `user_oauth` inside the JSON. ```json { "@type": "type.googleapis.com/redpanda.mcps.netsuite.v1.NetSuiteMCPConfig", "account_id": "1234567_SB1", "user_oauth": { "provider_name": "netsuite", "required_scopes": ["rest_webservices"] } } ``` For a non-UI path, use `rpk ai mcp create` with `--managed-config`. The top-level `--user-oauth-provider` and `--user-oauth-scopes` flags apply to self-managed servers only. ```bash rpk ai mcp create --name netsuite \ --description "NetSuite ERP with user OAuth" \ --managed-config '{ "@type": "type.googleapis.com/redpanda.mcps.netsuite.v1.NetSuiteMCPConfig", "account_id": "1234567_SB1", "user_oauth": { "provider_name": "netsuite", "required_scopes": ["rest_webservices"] } }' ``` ## [](#authorize-and-test)Authorize and test Before a caller can use NetSuite tools, the caller must authorize the NetSuite OAuth Provider. After authorization, Redpanda stores the user’s access token in the token vault and subsequent tool calls use that token automatically. Test the server in the Inspector before you connect it to an agent. Start with a narrow `suite_ql_query`, `get_customer`, or `list_customers` call to confirm that NetSuite returns records visible to the authorized user. ## [](#netsuite-query-notes)NetSuite query notes NetSuite record filters use NetSuite-specific forms: - Use `CONTAIN` for substring filters, not `CONTAINS`. - Use `M/D/YYYY` date literals for REST collection filters. - Match reference fields by internal ID. For example, sales-order customer filters use `entity ANY_OF [12345]`. - Use NetSuite status IDs such as `_pendingFulfillment` for sales-order status filters, not display labels. ## [](#troubleshooting)Troubleshooting | Symptom | What to check | | --- | --- | | Tool calls return 403 | Confirm the authorizing NetSuite user has the REST Web Services permission. | | OAuth succeeds, but tool calls fail | Confirm the OAuth Provider endpoints and the MCP server account_id refer to the same NetSuite account. | | A sales-order status filter returns no rows | Use the NetSuite internal status ID, such as _pendingFulfillment, instead of the display label. | ## [](#next-steps)Next steps - [Configure User-Delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/) - [Test an MCP Server’s Tools with the Inspector](https://docs.redpanda.com/agentic-data-plane/connect/test-tools/) - [Create an Agent](https://docs.redpanda.com/agentic-data-plane/connect/create-agent/) --- # Page 24: OpenAPI Managed MCP Server **URL**: https://docs.redpanda.com/agentic-data-plane/connect/managed/openapi.md --- # OpenAPI Managed MCP Server > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: OpenAPI Managed MCP Server page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: managed/openapi page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: managed/openapi.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/managed/openapi.adoc # Beta release status page-beta: "true" description: Expose any OpenAPI 3.x-described HTTP API as MCP tools. Point Redpanda at a spec URL and get a fully-typed tool surface for agents, with no custom code. page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Configure the OpenAPI managed MCP server against an OpenAPI 3 spec learning-objective-2: Pick the right authentication mode for the upstream API learning-objective-3: Verify generated tools through the Inspector page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-11" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- The **OpenAPI** managed MCP server is the "bring your own API" escape hatch. Hand it an OpenAPI 3.x spec, and it generates one MCP tool per operation in the spec. No custom code, no per-API managed type: useful when the API you want to expose is not in the catalog. After reading this page, you will be able to: - Configure the OpenAPI managed MCP server against an OpenAPI 3 spec - Pick the right authentication mode for the upstream API - Verify generated tools through the Inspector ## [](#what-this-mcp-server-does)What this MCP server does The OpenAPI managed type: - Loads an OpenAPI 3.x spec (3.0 or 3.1) from a URL or pasted JSON/YAML. Swagger 2.0 specs are not supported. - Generates one MCP tool per operation, with input schemas derived from the spec’s parameter and request-body schemas. `oneOf`, `anyOf`, and `discriminator` are supported; `callbacks` are not. - Forwards calls to the upstream API, applying the configured authentication. By default the generator walks schemas up to a depth of 5 (`max_schema_depth`); schemas nested deeper than that are truncated. ## [](#prerequisites)Prerequisites - An HTTP API with an OpenAPI 3.x spec. - The spec URL or the spec content itself. - Credentials for the API, if it requires them. ## [](#configure)Configure 1. Open **MCP Servers > Create Server**. 2. Pick **OpenAPI** from the marketplace picker. 3. Fill in identity fields (`name`, `description`). 4. In the OpenAPI configuration form: - `Spec`: A URL to the OpenAPI 3.x spec (JSON or YAML), or paste the spec inline. Set exactly one. Inline specs are capped at 3 MiB; host larger specs and use the URL instead. - `Base URL override` (optional): Useful when the spec’s `servers` block doesn’t match your environment. - `Operation filter` (optional): Include or exclude operations by tag, `operationId` glob, path glob, or HTTP method. - `Max schema depth` (optional): Maximum depth for schema conversion. Defaults to 5. - `Extract headers` (optional): Response header names to surface to the agent, such as `X-CSRF-Token` or `Set-Cookie`. Listed headers are appended to the tool result; all other response headers are dropped. Matching is case-insensitive. 5. Configure authentication (see [Authentication](#authentication)). 6. Click **Create**. ## [](#authentication)Authentication OpenAPI is the most flexible managed type for authentication: the upstream API can need anything. All the standard authentication modes apply: | Mode | Use when | | --- | --- | | None | Public APIs (rare in practice). | | Bearer | API expects a bearer token. The handler sends Authorization: Bearer . | | API key | API expects a key in a header or query parameter. Choose the placement and the parameter name. | | Basic | API expects HTTP Basic authentication (a username and password). | | User-delegated OAuth | API supports OAuth on behalf of users and you want per-user identities. Requires an OAuth Provider configured for that API. See Configure User-Delegated OAuth. | ## [](#test)Test 1. Open the **Inspector** tab. 2. The Tools panel lists every operation from your spec, named per the `operationId` (or per the path if `operationId` is missing). Tool names longer than 64 characters are truncated and given a short hash suffix to keep them unique, because LLM providers cap tool-name length. Parameter names that start with `$` (common in OData APIs, such as `$top` and `$filter`) appear without the `$` prefix in the tool schema; the server still sends the original parameter name to the API. 3. Pick one and run it. The Inspector renders a form from the operation’s parameter and request-body schemas. See [Test an MCP Server’s Tools with the Inspector](https://docs.redpanda.com/agentic-data-plane/connect/test-tools/) for general Inspector usage. ## [](#use-with-agents)Use with agents Once tools generate cleanly, point an agent at the **API URL** on the server’s detail page. The agent sees one tool per OpenAPI operation, named accordingly. Every generated tool also accepts an optional `headers` input, which lets the agent set request headers the spec doesn’t declare. Agent-supplied headers can’t override the configured authentication headers or the spec’s own header parameters. Combined with `Extract headers`, this supports APIs that round-trip headers, such as a CSRF token fetched from one response and echoed on the next request. ## [](#troubleshooting)Troubleshooting | Symptom | What to check | | --- | --- | | "Failed to load spec" | Confirm the spec URL is reachable from Redpanda ADP and serves valid JSON or YAML. CORS doesn’t matter (Redpanda fetches server-side). | | Tools list doesn’t include an expected operation | The operation may be missing an operationId, or the operation include/exclude filters might be excluding it. If two operations resolve to the same tool name, the server keeps one, drops the other, and logs a warning naming both. | | Tool input schema looks wrong | oneOf, anyOf, and discriminator are supported, but callbacks are not, and schemas deeper than max_schema_depth (default 5) are truncated. Adjust the spec or raise the depth. | | Calls return 401 | Authentication mode or credentials are wrong. Confirm secret content and the API’s expected authentication header. | | Calls return 404 with the right operation | servers block in the spec doesn’t match your real API endpoint. Use the Base URL override. | ## [](#limitations)Limitations - **Custom tool logic**: The OpenAPI type is purely a spec-to-tools generator. For business logic on top of the API, use a [self-managed MCP server](https://docs.redpanda.com/agentic-data-plane/connect/register-remote/). - **GraphQL APIs**: OpenAPI doesn’t describe GraphQL. For GraphQL APIs, use a self-managed server. - **gRPC services**: Same as GraphQL: use a self-managed server. --- # Page 25: Ramp Managed MCP Server **URL**: https://docs.redpanda.com/agentic-data-plane/connect/managed/ramp.md --- # Ramp Managed MCP Server > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Ramp Managed MCP Server page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: managed/ramp page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: managed/ramp.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/managed/ramp.adoc # Beta release status page-beta: "true" description: Manage Ramp corporate cards, transactions, spend limits, and reimbursements from an LLM agent. Per-user OAuth so each agent action runs as the calling end-user. page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Configure the Ramp managed MCP server with per-user OAuth learning-objective-2: Pick the right scopes and environment for production vs sandbox learning-objective-3: List transactions, manage cards, and adjust spend limits from an agent page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- The **Ramp** managed MCP server lets an LLM read and act on your company’s Ramp spend data: listing and inspecting transactions, browsing cards, managing spend limits, querying users and departments, looking up vendors, and reviewing reimbursements. After reading this page, you will be able to: - Configure the Ramp managed MCP server with per-user OAuth - Pick the right scopes and environment for production vs sandbox - List transactions, manage cards, and adjust spend limits from an agent ## [](#what-this-mcp-server-does)What this MCP server does Wraps the [Ramp Developer API v1](https://docs.ramp.com/developer-api/v1) using per-user OAuth tokens, so each user’s Ramp permissions are enforced automatically and no shared API key is stored. It is suitable for expense analysis, spend-policy enforcement, and corporate card management workflows. It is **not** intended for accounting system integrations or bulk data exports; use Ramp’s native accounting sync or data export features for those tasks. ## [](#prerequisites)Prerequisites Before you create the server, make sure you have: - A Ramp account with admin access to the Ramp Developer Portal. - An [OAuth Provider](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#oauth-provider) configured in Redpanda ADP for Ramp. See [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/). - Familiarity with [User-delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/). ## [](#get-ramp-credentials)Get Ramp credentials Set up the OAuth app on Ramp and the matching OAuth Provider in ADP: 1. Sign in to the [Ramp Developer Portal](https://app.ramp.com/developer). 2. Go to **Developer Settings > Applications** and click **Create Application**. 3. Set the redirect URI to your AI Gateway OAuth callback (typically `https://aigw..clusters.rdpa.co/oauth/v1/callback`). 4. Note the **Client ID** and **Client Secret**. 5. Required scopes: - `transactions:read` - `cards:read` - `cards:write` - `users:read` - `departments:read` - `vendors:read` - `reimbursements:read` - `limits:read` - `limits:write` 6. In ADP, register an OAuth Provider with: - **Authorization endpoint**: `https://app.ramp.com/v1/authorize` - **Token endpoint**: `https://api.ramp.com/developer/v1/token` - The Client ID and a secret-store reference for the Client Secret ## [](#configure)Configure Create a new Ramp MCP server in ADP: 1. Open **MCP Servers > Create Server**. 2. Pick `Ramp` from the marketplace picker. 3. Fill in identity fields (`name`, `description`). 4. In the Ramp configuration form: | Field | Notes | | --- | --- | | environment | production for the live Ramp API. demo for Ramp’s sandbox environment. Omit (or leave empty) for production. | | OAuth Provider | The Ramp OAuth Provider you configured. | | Required scopes | All the scopes listed above. Drop write scopes (cards:write, limits:write) if the MCP only needs to read. | 5. Click **Create**. ### [](#configure-from-the-cli)Configure from the CLI Ramp authenticates per-user through the Ramp OAuth Provider you configured. Reference that provider in the managed config’s `userOauth.providerName` field. Ramp supports per-user OAuth only, so the `userOauth` block is required. The `--user-oauth-provider` and `--user-oauth-scopes` flags apply to remote (`--url`) servers only. ```bash rpk ai mcp create --name my-ramp --managed-config '{ "@type": "type.googleapis.com/redpanda.mcps.ramp.v1.RampMCPConfig", "environment": "production", "userOauth": { "providerName": "ramp" } }' ``` Set `environment` to `"demo"` to target Ramp’s sandbox. `userOauth.providerName` is the resource name of the Ramp OAuth Provider you registered. ## [](#tools)Tools The Ramp MCP exposes the following tools: | Tool | Description | | --- | --- | | list_transactions | List transactions with optional filters. Supports pagination through the start cursor. Returns up to page_size results (max 100). | | get_transaction | Retrieve a single transaction by ID, including line items, accounting selections, and policy violations. | | list_cards | List corporate cards. Supports pagination. | | create_card | Issue a new virtual card. Returns a deferred task ID, since Ramp creates cards asynchronously. | | suspend_card | Suspend an active card by ID. Returns a deferred task ID. | | list_users | List Ramp users in your organization. Supports pagination. | | list_departments | List departments. Supports pagination. | | list_vendors | List vendors. Supports pagination. | | list_reimbursements | List out-of-pocket reimbursement requests. Supports pagination. | | list_limits | List spend limits. Supports pagination. | | create_limit | Create a new spend limit. Returns a deferred task ID, since Ramp creates limits asynchronously. | | update_limit | Update an existing spend limit’s display name or spending restrictions synchronously. | ### [](#example-list-recent-transactions)Example: List recent transactions ```bash curl -s https://aigw..clusters.rdpa.co/mcp/v1/my-ramp \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": { "name": "list_transactions", "arguments": { "page_size": 25 } } }' ``` ### [](#example-create-a-virtual-card-for-a-vendor)Example: Create a virtual card for a vendor ```bash curl -s https://aigw..clusters.rdpa.co/mcp/v1/my-ramp \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "jsonrpc": "2.0", "id": 2, "method": "tools/call", "params": { "name": "create_card", "arguments": { "display_name": "AWS Services", "user_id": "usr_abc123", "idempotency_key": "create-aws-card-2026", "spending_limit_amount": 5000.0, "spending_limit_interval": "MONTHLY", "spending_limit_currency": "USD" } } }' ``` ## [](#troubleshooting)Troubleshooting Common symptoms and fixes: | Symptom | What to check | | --- | --- | | OAuthConnectionRequired | First call from a user with no stored token. The user completes Ramp’s OAuth consent flow, the token lands in the vault, and subsequent calls reuse it. | | scope_upgrade_required | Server’s required_scopes was extended after users had already consented. Users re-consent with the higher scope. | | create_card / create_limit returns a task ID with no card / limit details | These operations are asynchronous on Ramp’s side. The MCP returns a task ID that you can poll against Ramp’s API; the actual card or limit appears once the task completes. | | 403 Forbidden reading or writing | The calling user’s Ramp role doesn’t grant the action. Ramp’s role-based access control runs end-to-end: per-user OAuth means each user only sees what their Ramp account permits. | ## [](#limitations)Limitations This page does not cover: - **Bulk data export**: Use Ramp’s native data export. - **Accounting system integration**: Use Ramp’s accounting sync. - **Receipt management and approvals**: Handled in the Ramp web UI. ## [](#next-steps)Next steps - [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/) - [User-delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/) - [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/) --- # Page 26: Salesforce Managed MCP Server **URL**: https://docs.redpanda.com/agentic-data-plane/connect/managed/salesforce.md --- # Salesforce Managed MCP Server > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Salesforce Managed MCP Server latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: managed/salesforce page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: managed/salesforce.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/managed/salesforce.adoc description: Query, create, update, and delete Salesforce CRM records with SOQL and the REST API, and run saved reports, from an LLM agent. Choose a shared service-account identity or per-user OAuth. page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Choose between service-account OAuth and per-user OAuth for the Salesforce managed MCP server learning-objective-2: Configure the Salesforce managed MCP server against your org learning-objective-3: Query, modify, and report on Salesforce records from an agent page-git-created-date: "2026-06-10" page-git-modified-date: "2026-06-10" --- The **Salesforce** managed MCP server lets agents work with [Salesforce](https://www.salesforce.com/) CRM data: running SOQL queries and SOSL searches, reading and writing records, inspecting object metadata, and running saved Salesforce reports through the REST and Analytics APIs. After reading this page, you will be able to: - Choose between service-account OAuth and per-user OAuth for the Salesforce managed MCP server - Configure the Salesforce managed MCP server against your org - Query, modify, and report on Salesforce records from an agent ## [](#what-this-mcp-server-does)What this MCP server does The Salesforce MCP exposes the following tools: | Tool | What it does | | --- | --- | | query | Execute a SOQL query. | | query_more | Fetch the next page of a large query result, using the nextRecordsUrl returned by query. | | search | Execute a SOSL full-text search. | | list_objects | List all available sObject types in the org. | | describe_object | Get field and schema metadata for an sObject. | | get_record | Fetch a record by ID, with optional field selection. | | create_record | Create a new record. | | update_record | Update an existing record (PATCH). | | delete_record | Delete a record. | | describe_report | Get a report’s metadata: columns, groupings, and filters. | | run_report | Run a saved report synchronously and return its results. | `run_report` executes a saved Salesforce report through the Analytics REST API, applying the report’s built-in groupings, aggregates, and filters that raw SOQL cannot reproduce. Use `describe_report` first to discover a report’s columns and filters. To list reports, use `query` with `SELECT Id, Name, DeveloperName FROM Report`. ## [](#choose-an-authentication-mode)Choose an authentication mode The Salesforce MCP supports two authentication modes. Set exactly one in the managed config: | Mode | When to use | | --- | --- | | Service-account OAuth (serviceAccountOauth) | OAuth 2.0 client-credentials grant through a Connected App. Service-to-service: no browser, no redirect. Every caller shares one Salesforce identity. Use this when a single shared identity is acceptable. | | Per-user OAuth (userOauth) | Each caller’s Salesforce OAuth token is resolved from the token vault on every request, so tool calls respect Salesforce row-level security for the calling user. Requires a Salesforce OAuth Provider. Use this when each user must act as themselves. | ## [](#prerequisites)Prerequisites Before you create the server, make sure you have: - A Salesforce org where you can create a Connected App. A free Developer Edition org or a Sandbox works. - Your Salesforce instance URL (your **My Domain** URL), such as `https://mycompany.my.salesforce.com`. Use the full `https://` base domain with no path. - For **service-account OAuth**: a Connected App configured for the client-credentials flow, and its consumer key and consumer secret. - For **per-user OAuth**: a Salesforce [OAuth Provider](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#oauth-provider) configured in Redpanda ADP. See [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/) and [User-delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/). ## [](#create-a-connected-app-for-service-account-oauth)Create a Connected App for service-account OAuth Skip this section if you are using per-user OAuth. The client-credentials flow is a service-to-service flow: `client_id` + `client_secret` exchange for an `access_token`, with no browser interaction. 1. In Salesforce **Setup**, search for **App Manager** and click **New Connected App**. 2. Enter a Connected App Name and Contact Email. 3. Under **API (Enable OAuth Settings)**: - Check **Enable OAuth Settings**. - Set a Callback URL (required by the form, unused for client credentials). - Add the Manage user data via APIs (api) and Perform requests at any time (refresh\_token, offline\_access) OAuth scopes. - Check **Enable Client Credentials Flow**. 4. Click **Save**, then **Continue**. 5. Open the app from **App Manager**, click **Manage Consumer Details**, and copy the Consumer Key (your `client_id`) and Consumer Secret (your `client_secret`). 6. Set a Run As user: in **App Manager**, open the app, click **Manage > Edit Policies**, and under Client Credentials Flow set Run As to a Salesforce user with API access. Click **Save**. Store the consumer secret in the Redpanda ADP secret store under an `UPPER_SNAKE_CASE` key, such as `SALESFORCE_CLIENT_SECRET`. ## [](#configure)Configure Create a new Salesforce MCP server in ADP: 1. Open **MCP Servers > Create Server**. 2. Pick `Salesforce` from the marketplace picker. 3. Fill in identity fields (`name`, `description`). 4. In the Salesforce configuration form, set the Salesforce instance URL (`orgUrl`) and pick an Auth Method: service-account OAuth or per-user OAuth. For per-user OAuth, select the Salesforce OAuth Provider. 5. Optionally pin a Salesforce REST API version. The default is `v65.0`. 6. Click **Create**. ### [](#configure-from-the-cli)Configure from the CLI Use [`rpk ai`](https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai/) to create the server with a managed config. Set exactly one auth variant. For service-account OAuth, supply the Connected App’s `clientId`, a secret-store reference for the consumer secret (`clientSecretRef`), and the token URL: ```bash rpk ai mcp create --name my-salesforce --managed-config '{ "@type": "type.googleapis.com/redpanda.mcps.salesforce.v1.SalesforceMCPConfig", "orgUrl": "https://mycompany.my.salesforce.com", "serviceAccountOauth": { "clientId": "3MVG9...", "clientSecretRef": "SALESFORCE_CLIENT_SECRET", "tokenUrl": "https://mycompany.my.salesforce.com/services/oauth2/token" } }' ``` For per-user OAuth, reference the Salesforce OAuth Provider by name. The per-user token is resolved from the token vault on each call: ```bash rpk ai mcp create --name my-salesforce --managed-config '{ "@type": "type.googleapis.com/redpanda.mcps.salesforce.v1.SalesforceMCPConfig", "orgUrl": "https://mycompany.my.salesforce.com", "userOauth": { "providerName": "salesforce" } }' ``` To pin a specific API version, add `"apiVersion": "v62.0"` to the config. The default is `v65.0`. ## [](#tool-examples)Tool examples Run a SOQL query: ```bash curl -s https://aigw..clusters.rdpa.co/mcp/v1/my-salesforce \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": { "name": "query", "arguments": { "soql": "SELECT Id, Name, Industry, AnnualRevenue FROM Account ORDER BY AnnualRevenue DESC LIMIT 10" } } }' ``` Fetch a record by ID, restricting the returned fields: ```bash curl -s https://aigw..clusters.rdpa.co/mcp/v1/my-salesforce \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "jsonrpc": "2.0", "id": 2, "method": "tools/call", "params": { "name": "get_record", "arguments": { "sobject": "Account", "record_id": "001xx000003GYkZAAW", "fields": "Id,Name,Industry,AnnualRevenue,BillingCity" } } }' ``` ## [](#troubleshooting)Troubleshooting | Symptom | What to check | | --- | --- | | invalid_client_credentials from OAuth (service-account mode) | Confirm the Connected App has a Run As user set and the api scope, and that you are using the Consumer Key (not the app name) as clientId. | | OAuthConnectionRequired (per-user mode) | First call from a user with no stored token. The user completes Salesforce’s OAuth consent flow, the token lands in the vault, and subsequent calls reuse it. | | INSUFFICIENT_ACCESS errors | The acting identity (the Run As user for service-account mode, or the calling user for per-user mode) lacks permission on that object or record. Grant the appropriate profile or permission set. | | INVALID_FIELD in a SOQL query | The field does not exist or field-level security hides it from the acting identity. Use describe_object to see which fields are visible. | | nextRecordsUrl rejected by query_more | The URL must start with /services/data/. Pass the exact value returned by the query response. | ## [](#next-steps)Next steps - [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/) - [User-delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/) - [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/) - [Test MCP tools](https://docs.redpanda.com/agentic-data-plane/connect/test-tools/) --- # Page 27: ServiceNow Managed MCP Server **URL**: https://docs.redpanda.com/agentic-data-plane/connect/managed/servicenow.md --- # ServiceNow Managed MCP Server > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: ServiceNow Managed MCP Server page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: managed/servicenow page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: managed/servicenow.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/managed/servicenow.adoc # Beta release status page-beta: "true" description: "Read and write a ServiceNow instance from an agent: incidents, knowledge articles, and allow-listed records, with service-account or per-user authentication." page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Configure the ServiceNow managed MCP server with Basic authentication, OAuth client credentials, or User OAuth learning-objective-2: Use projections and hierarchies to shape responses and gate table reads learning-objective-3: Search, create, and update incidents and read allow-listed records from the Inspector or an agent page-git-created-date: "2026-06-09" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- The ServiceNow managed MCP server lets agents work with a ServiceNow instance through the REST Table API: search, create, and update incidents, append work notes, search the knowledge base, look up users and assignment groups, discover table schema and field choices, and read allow-listed tables. After reading this page, you will be able to: - Configure the ServiceNow managed MCP server with Basic authentication, OAuth client credentials, or User OAuth - Use projections and hierarchies to shape responses and gate table reads - Search, create, and update incidents and read allow-listed records from the Inspector or an agent ## [](#what-this-mcp-server-does)What this MCP server does Wraps the ServiceNow REST Table API. The MCP is vendor-generic: ServiceNow records are returned as opaque JSON objects (their field set varies by instance), and the agent learns each table’s shape and valid field values at runtime through the discovery tools (`get_table_schema`, `get_field_choices`). Customer-specific structure is supplied as configuration, not code: - Projections set the default field list returned per table (a ServiceNow incident carries about 100 fields, so projections keep responses small) and gate which tables the generic `query_records` tool may read. - Hierarchies declare dependent-field chains (for example, service area, then category, then subcategory). The agent reads the chain order with `describe_field_hierarchies` and resolves each field’s valid values at runtime with `get_field_choices`. No field values are stored in the configuration. It is not a general SQL interface, and it does not delete records: writes are limited to the typed incident tools plus generic record reads. ## [](#prerequisites)Prerequisites Before you create the server, make sure you have: - A ServiceNow instance and its URL (for example, `[https://acme.service-now.com](https://acme.service-now.com)`). - A ServiceNow service account, or an OAuth client, with the roles your workflows need (typically `itil` for incidents, `knowledge` for the knowledge base, and read access to `sys_dictionary` and `sys_choice` for schema discovery). - For User-OAuth mode: an [OAuth Provider](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#oauth-provider) configured in Redpanda ADP. See [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/). ## [](#choose-an-authentication-method)Choose an authentication method The MCP authenticates to ServiceNow as a single principal; it does not impersonate end-users. When creating an incident, the agent passes the requesting user’s `sys_id` in `caller_id`. Pick one of three methods: - Basic authentication (simplest): A dedicated ServiceNow user (for example, `svc_redpanda`) and its password. The username is plaintext; the password lives in the ADP secret store. - OAuth client credentials (service account): An OAuth API client registered under **System OAuth > Application Registry**. ServiceNow’s token endpoint is `[https://.service-now.com/oauth_token.do](https://\.service-now.com/oauth_token.do)`. - User OAuth: Per-user delegation through an OAuth Provider. ServiceNow’s recommended integration model is the service account, so prefer Basic authentication or OAuth client credentials unless you specifically need per-user attribution. ## [](#configure)Configure Create a new ServiceNow MCP server in ADP: 1. Open **MCP Servers > Create Server**. 2. Pick `ServiceNow` from the marketplace picker. 3. Fill in identity fields (`name`, `description`). 4. In the ServiceNow configuration form: | Field | Notes | | --- | --- | | instance_url | Base URL of your ServiceNow instance (for example, https://acme.service-now.com). Must be an https:// URL. | | auth | basic_auth, oauth, or user_oauth. | | basic_auth (Basic-auth mode) | username (ServiceNow service-account username, for example svc_redpanda) and password_secret_ref (secret-store reference, UPPER_SNAKE_CASE). | | oauth (OAuth mode) | client_id, client_secret_ref (secret-store reference), and token_url (https://.service-now.com/oauth_token.do). | | user_oauth (User-OAuth mode) | provider_name (the OAuth Provider you configured) and the minimum required scopes. | | projections | Per-table default field lists and the read allow-list for query_records. | | hierarchies | Dependent-field chains the agent resolves at runtime. | 5. Click **Create**. ### [](#configure-from-the-cli)Configure from the CLI For a managed server, set the auth method inside the `--managed-config` JSON. The `auth` field is required. #### Basic authentication ```bash rpk ai mcp create --name acme-servicenow --managed-config '{ "@type": "type.googleapis.com/redpanda.mcps.servicenow.v1.ServiceNowMCPConfig", "instance_url": "https://acme.service-now.com", "basic_auth": { "username": "svc_redpanda", "password_secret_ref": "SERVICENOW_PASSWORD" }, "projections": [ { "table": "incident", "default_fields": ["number", "short_description", "state", "priority", "assignment_group", "caller_id"], "queryable": true }, { "table": "change_request", "queryable": true } ], "hierarchies": [ { "table": "incident", "name": "service", "fields": ["u_service_area", "u_service_category", "u_service_subcategory"] } ] }' ``` #### OAuth client credentials ```bash rpk ai mcp create --name acme-servicenow-oauth --managed-config '{ "@type": "type.googleapis.com/redpanda.mcps.servicenow.v1.ServiceNowMCPConfig", "instance_url": "https://acme.service-now.com", "oauth": { "client_id": "", "client_secret_ref": "SERVICENOW_CLIENT_SECRET", "token_url": "https://acme.service-now.com/oauth_token.do" } }' ``` #### User OAuth ```bash rpk ai mcp create --name acme-servicenow-user --managed-config '{ "@type": "type.googleapis.com/redpanda.mcps.servicenow.v1.ServiceNowMCPConfig", "instance_url": "https://acme.service-now.com", "user_oauth": { "provider_name": "servicenow-prod" } }' ``` Replace `` with the client ID from your ServiceNow OAuth application registry, and `servicenow-prod` with the name of the OAuth Provider you configured. ## [](#tools)Tools The ServiceNow MCP exposes tools across incidents, knowledge, schema discovery, lookups, and generic reads: | Tool | Description | | --- | --- | | search_incidents | Search incidents with a ServiceNow encoded query. | | get_incident | Fetch one incident by sys_id. | | create_incident | Create an incident (typed fields plus an additional_fields map for custom fields). | | update_incident | Update state, assignment, notes, urgency, or impact, or resolve or close an incident. | | add_work_note | Append a work note (internal) or comment (customer-visible) to an incident. | | search_knowledge | Full-text search over published knowledge articles. | | get_article | Fetch one knowledge article by sys_id or number. | | get_table_schema | Field metadata (name, type, mandatory, reference) for a table, from sys_dictionary. | | get_field_choices | Valid choice values for a field from sys_choice, optionally scoped to a parent value. | | describe_field_hierarchies | Declared dependent-field chains for a table, from the server configuration. | | lookup_user | Find users by name, email, or username; returns their sys_id. | | lookup_group | Find assignment groups by name; returns their sys_id. | | query_records | Read any allow-listed table with an encoded query. | ### [](#example-search-open-incidents)Example: Search open incidents ```bash curl -s https://aigw..clusters.rdpa.co/mcp/v1/acme-servicenow \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": { "name": "search_incidents", "arguments": { "query": "active=true^priority=1" } } }' ``` Replace `` with your cluster ID and `$TOKEN` with a gateway access token. ### [](#example-create-an-incident)Example: Create an incident The agent typically calls `lookup_user` and `get_field_choices` first to resolve `caller_id` and a valid `category` value. ```bash curl -s https://aigw..clusters.rdpa.co/mcp/v1/acme-servicenow \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "jsonrpc": "2.0", "id": 2, "method": "tools/call", "params": { "name": "create_incident", "arguments": { "short_description": "VPN drops every few minutes in Dresden", "caller_id": "a1b2c3d4e5f6...", "urgency": 2, "impact": 2, "category": "network" } } }' ``` ## [](#troubleshooting)Troubleshooting Common symptoms and fixes: | Symptom | What to check | | --- | --- | | 401 Unauthorized | Confirm the service-account credentials. For Basic authentication, check the username and SERVICENOW_PASSWORD; for OAuth, check the client ID, SERVICENOW_CLIENT_SECRET, and token URL. | | 403 Forbidden | The service account lacks the role for the operation (for example, itil for incidents or read access to sys_dictionary for get_table_schema). Grant the role in ServiceNow. | | query_records rejects a table | The table is not listed in projections with queryable set to true. Add a projection entry for it. | | OAuthConnectionRequired (User-OAuth mode) | First call from a user with no stored token. The user completes the ServiceNow OAuth consent flow, the token lands in the vault, and later calls reuse it. See User-delegated OAuth. | ## [](#limitations)Limitations This MCP server does not cover: - Record deletion: Writes are limited to the typed incident tools; the MCP never deletes records. - Arbitrary SQL: Reads go through the REST Table API and encoded queries, not a SQL interface. Use `query_records` against allow-listed tables instead. ## [](#next-steps)Next steps - [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/) - [User-delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/) - [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/) --- # Page 28: SharePoint Managed MCP Server **URL**: https://docs.redpanda.com/agentic-data-plane/connect/managed/sharepoint.md --- # SharePoint Managed MCP Server > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: SharePoint Managed MCP Server page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: managed/sharepoint page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: managed/sharepoint.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/managed/sharepoint.adoc # Beta release status page-beta: "true" description: Let agents read SharePoint sites, document libraries, lists, and files, upload files, and search content through the Microsoft Graph API, using each end-user's own Microsoft identity through user-delegated OAuth. page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Register a Microsoft Entra app and an OAuth provider for the SharePoint managed MCP server learning-objective-2: Create the SharePoint managed MCP server with the correct Microsoft Graph scopes learning-objective-3: Authorize a user and run the SharePoint tools from the Inspector or an agent page-git-created-date: "2026-06-03" page-git-modified-date: "2026-06-12" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- The **SharePoint** managed MCP server lets agents read SharePoint sites, document libraries, lists, and files, upload files, and search content through the [Microsoft Graph API](https://learn.microsoft.com/en-us/graph/api/resources/sharepoint). Each agent caller authenticates against Microsoft with their own identity through user-delegated OAuth, so every call stays bounded by the signed-in user’s own SharePoint permissions: the server never holds workspace-wide access. After reading this page, you will be able to: - Register a Microsoft Entra app and an OAuth provider for the SharePoint managed MCP server - Create the SharePoint managed MCP server with the correct Microsoft Graph scopes - Authorize a user and run the SharePoint tools from the Inspector or an agent > 📝 **NOTE** > > The SharePoint managed MCP server is in beta. If you don’t see SharePoint in the picker, contact Redpanda support. ## [](#what-this-mcp-server-does)What this MCP server does The SharePoint managed type wraps the Microsoft Graph API (`[https://graph.microsoft.com/v1.0](https://graph.microsoft.com/v1.0)`) and authenticates per user through the gateway’s [token vault](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#token-vault). Per-user OAuth is the only authentication mode this type supports. It exposes the following tools: | Tool | What it does | | --- | --- | | list_sites | Search for SharePoint sites. The search term passes straight to Graph’s /sites?search= endpoint. An empty search returns no results, so pass * to list every site or a name fragment to narrow the search. | | get_site | Fetch a single site by composite ID (contoso.sharepoint.com,,) or hostname path (contoso.sharepoint.com:/sites/team). | | list_drive_items | Browse a site’s default document library. Lists the library root by default; pass folder_id to descend into a folder. | | get_file_content | Read a file from a site’s document library as UTF-8 text, with its filename, MIME type, and size. | | upload_file | Upload a text file to a site’s document library, into the root or a folder. Requires the Sites.ReadWrite.All scope. | | search_content | Search across all SharePoint sites, files, and list items the user can see. The query supports Keyword Query Language (KQL). | | list_lists | List the SharePoint lists on a site. Hidden lists are excluded. | | list_list_items | List the items in a SharePoint list, with each item’s column values returned as JSON in fields_json. | The file tools operate on the site’s own default document library (`/sites//drive/…​`), never on a user’s personal OneDrive. File content travels as UTF-8 text in both directions: downloads through `get_file_content` are capped at 10 MiB, and uploads through `upload_file` are capped at 4 MiB (the Microsoft Graph simple-upload limit). Binary files aren’t supported; open the `web_url` returned by `list_drive_items` to access them directly. The `list_sites`, `list_drive_items`, and `list_list_items` tools return up to 100 items by default and accept a `page_size` of up to 999. The `search_content` tool returns up to 25 hits by default and accepts a `page_size` of up to 500. The `list_lists` tool takes no `page_size`. ## [](#prerequisites)Prerequisites Before you create the server, make sure you have: - Access to a Microsoft SharePoint tenant. - Permission to register an app in the [Microsoft Entra admin center](https://entra.microsoft.com) (or an Entra admin who can register one for you). - A way to write the OAuth client secret into the Redpanda ADP secret store. - For most tenants, a tenant admin who can grant admin consent for the Microsoft Graph scopes. See [Grant admin consent](#grant-admin-consent). - Familiarity with [user-delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/). ## [](#register-the-microsoft-entra-app)Register the Microsoft Entra app In the Microsoft Entra admin center, go to **App registrations > New registration** and create an app: 1. Give the app a descriptive name, for example, `Redpanda AI Gateway - SharePoint MCP`. 2. Set **Supported account types** to single tenant. 3. Set the **Redirect URI** to platform **Web** with the gateway’s OAuth callback for your cluster: ```no-highlight https://aigw..clusters.rdpa.co/oauth/v1/callback ``` Replace `` with your cluster identifier. The callback path is `/oauth/v1/callback`. ![The Entra Register an application form with the app name filled in, Supported account types set to single tenant only, and the Redirect URI row set to platform Web with the gateway’s OAuth callback URL](https://docs.redpanda.com/agentic-data-plane/connect/_images/sharepoint-entra-register.png) 4. After registering, note the **Application (client) ID** and **Directory (tenant) ID** from the app’s Overview page. You need both when you configure the [OAuth provider](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#oauth-provider). ![The Entra app’s Overview page with the Essentials pane showing where the Application (client) ID and Directory (tenant) ID values appear](https://docs.redpanda.com/agentic-data-plane/connect/_images/sharepoint-entra-app-overview.png) > 💡 **TIP** > > Single-tenant apps must use the tenant-specific Microsoft OAuth endpoints (`[https://login.microsoftonline.com//oauth2/v2.0/…​](https://login.microsoftonline.com/\/oauth2/v2.0/…​);`), not the `/common/` endpoints, which can return `AADSTS` errors for single-tenant apps. Replace `` with the Directory (tenant) ID from the app’s Overview page. ## [](#add-microsoft-graph-permissions)Add Microsoft Graph permissions In the Microsoft Entra admin center, open the app’s **API permissions**, select **Add a permission > Microsoft Graph > Delegated permissions**, then add: | Scope | Why | | --- | --- | | Sites.ReadWrite.All | Read and write everything the server touches: sites, document libraries, files, lists, and upload_file. For read-only deployments, use Sites.Read.All instead, which drops upload_file. | | offline_access | Issues refresh tokens so connections stay valid over time. | The `openid`, `profile`, `email`, and `User.Read` scopes come from the OAuth provider’s standard scopes. ![The Entra app’s API permissions page listing the delegated Microsoft Graph permissions Sites.ReadWrite.All, Sites.Read.All, offline\_access, and User.Read, each with admin consent granted](https://docs.redpanda.com/agentic-data-plane/connect/_images/sharepoint-entra-permissions.png) > ❗ **IMPORTANT** > > Use the **Microsoft Graph** permissions, not the legacy **Office 365 SharePoint Online** API in the picker. The server calls Microsoft Graph only. > > Use the `Sites.` **scopes, not `Files.`**. The server’s file and list endpoints all live under `/sites//…​`, and its site lookups and content search are also authorized by the `Sites.*` scopes. The `Files.ReadWrite.All` scope additionally grants access to users' personal OneDrive, which the server never uses. ## [](#create-a-client-secret)Create a client secret In the Microsoft Entra admin center, open the app’s **Certificates & secrets** and select **New client secret**. Give it a description, choose an expiry, and select **Add**. Copy the secret value immediately; Microsoft never shows it again. ![The Entra Certificates & secrets page with the Add a client secret panel open, a description entered, and the recommended 180-day expiry selected](https://docs.redpanda.com/agentic-data-plane/connect/_images/sharepoint-entra-client-secret.png) Store the secret in the ADP secret store under an `UPPER_SNAKE_CASE` key, for example, `SHAREPOINT_CLIENT_SECRET`. The OAuth provider references the secret by name, so the plaintext never enters the MCP server configuration. ## [](#grant-admin-consent)Grant admin consent The SharePoint Graph scopes are high-privilege delegated scopes, so most tenants require a tenant admin to consent before any user can connect. A Global Administrator, Privileged Role Administrator, or Cloud Application Administrator opens the app, selects **API permissions**, then selects **Grant admin consent for ``**. Admin consent does not escalate access: delegated scopes always stay bounded by the signed-in user’s own SharePoint permissions. Admin consent approves the app to request the scopes so that individual users aren’t each prompted. Without it, a non-admin user sees the **Need admin approval** message on the consent screen. ## [](#configure-the-oauth-provider)Configure the OAuth provider Register an OAuth provider in ADP that points at Microsoft’s tenant-specific endpoints and references the client secret. See [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/). The **Microsoft / Azure AD** preset in the provider catalog pre-fills the endpoints, standard scopes, PKCE, and token auth method; for a single-tenant app, replace its `/common/` endpoints with the tenant-specific ones. Use these values: - **Authorization endpoint**: `[https://login.microsoftonline.com//oauth2/v2.0/authorize](https://login.microsoftonline.com/\/oauth2/v2.0/authorize)` - **Token endpoint**: `[https://login.microsoftonline.com//oauth2/v2.0/token](https://login.microsoftonline.com/\/oauth2/v2.0/token)` - **Client ID**: The Application (client) ID from the Entra app. - **Client secret reference**: The secret-store key, for example, `SHAREPOINT_CLIENT_SECRET`. - **Token auth method**: Client secret in the POST body, with PKCE enabled (matches the Microsoft preset). - **Scopes**: `openid`, `email`, `profile`, `User.Read`, `Sites.ReadWrite.All`, `offline_access`. The provider page also shows the **Authorization Callback URL** to register as the Entra app’s redirect URI. ![The SharePoint OAuth provider detail page showing the authorization callback URL, the tenant-specific Microsoft endpoints, the client ID, the SHAREPOINT\_CLIENT\_SECRET reference, the Client Secret POST auth method with PKCE required, and the six default scopes](https://docs.redpanda.com/agentic-data-plane/connect/_images/sharepoint-oauth-provider.png) ## [](#create-the-server)Create the server Create a new SharePoint MCP server in ADP: 1. Open **MCP Servers > Create server**. 2. Pick **SharePoint** from the marketplace picker. ![The Create MCP Server marketplace picker filtered to SharePoint, showing the SharePoint managed type card next to the Remote (Proxied) option](https://docs.redpanda.com/agentic-data-plane/connect/_images/sharepoint-marketplace-picker.png) 3. Fill in the identity fields (`name`, `description`). 4. Under **Auth**, select **User OAuth** (the only option for this type), then set **Provider Name** to the SharePoint OAuth provider you configured. 5. Under **Required Scopes**, add `Sites.ReadWrite.All` (or `Sites.Read.All` for a read-only server). ![The Configure SharePoint MCP Server form with User OAuth selected, the SharePoint provider chosen, Sites.ReadWrite.All as a required scope, and the request preview panel showing the resulting userOauth JSON payload](https://docs.redpanda.com/agentic-data-plane/connect/_images/sharepoint-create-form.png) 6. Click **Submit**. The required scopes are enforced against each user’s connection. A connection with insufficient scopes returns `scope_upgrade_required`, and the user re-consents with the higher scope. ### [](#configure-from-the-cli)Configure from the CLI Use [`rpk ai`](https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai/) to create the server with a managed config. Set the OAuth provider inside the managed config; the top-level `--user-oauth-provider` and `--user-oauth-scopes` flags apply to self-managed servers only. ```bash rpk ai mcp create --name sharepoint \ --description "SharePoint MCP over Microsoft Graph with per-user OAuth" \ --managed-config '{ "@type": "type.googleapis.com/redpanda.mcps.sharepoint.v1.SharePointMCPConfig", "userOauth": { "providerName": "sharepoint", "requiredScopes": ["Sites.ReadWrite.All"] } }' ``` ## [](#authorize-a-user-and-test)Authorize a user and test The SharePoint server uses per-user OAuth, so each user connects their Microsoft identity before tools work for them: 1. Open the server in ADP. If you haven’t connected to the SharePoint OAuth provider yet, a connection banner with a **Connect** button appears above the server’s tabs. Click **Connect**, sign in to Microsoft, and approve the consent screen. The token lands in the vault keyed to your identity. If you call a tool before connecting, the call returns an `OAuthConnectionRequired` error carrying an `authorize_url` that points at the gateway’s `/oauth/v1/authorize` endpoint. Opening that URL in a browser starts the same Microsoft consent flow. ![The SharePoint server page after creation, showing the OAuth connection banner with a Connect button above the Overview, Connection, and Inspector tabs, the MCP server URL, and the Tools section showing a count of eight](https://docs.redpanda.com/agentic-data-plane/connect/_images/sharepoint-connect-banner.png) 2. Open the server’s **Inspector** tab and run `list_sites` with the argument `{"search": "*"}`. It returns the sites you can see. See [Test an MCP Server’s Tools with the Inspector](https://docs.redpanda.com/agentic-data-plane/connect/test-tools/). ![The Inspector tab running list\_sites with the search argument set to an asterisk, with the response panel showing a JSON sites array of the SharePoint sites the signed-in user can access](https://docs.redpanda.com/agentic-data-plane/connect/_images/sharepoint-inspector-list-sites.png) > 💡 **TIP** > > The `list_sites` tool passes the search term straight to Graph’s `/sites?search=` endpoint, which returns nothing for an empty search. Pass `*` to list every site, or a name fragment to narrow the search. ## [](#troubleshooting)Troubleshooting | Symptom | What to check | | --- | --- | | OAuthConnectionRequired | First call from a user with no stored token. The user completes Microsoft’s OAuth consent flow, the token lands in the vault, and subsequent calls reuse it. See User-delegated OAuth. | | Need admin approval on the Microsoft consent screen | A tenant admin hasn’t granted admin consent for the Graph scopes. See Grant admin consent. | | scope_upgrade_required | The user’s connection has fewer scopes than the server requires, either because the server’s required scopes grew or because the user originally consented with fewer. The user re-consents with the higher scope. | | AADSTS errors during authorization | A single-tenant app is using the /common/ OAuth endpoints. Switch the OAuth provider to the tenant-specific endpoints (https://login.microsoftonline.com//oauth2/v2.0/…​;). | | SharePoint API error (status 403, code: accessDenied) | The signed-in user lacks permission on that site, file, or list. Graph errors surface only the HTTP status and Graph error code; the upstream error message is withheld. | | list_sites returns no sites | An empty search returns nothing. Pass * to list every site, or a name fragment. | | upload_file fails | The upload_file tool requires the Sites.ReadWrite.All scope; a read-only server configured with Sites.Read.All cannot upload. Content is also capped at 4 MiB and must be UTF-8 text. | | get_file_content reports the file exceeds the byte cap | Downloads are capped at 10 MiB. Open the file’s web_url directly instead. | | Token expired and no refresh token available | The stored token expired and couldn’t be refreshed. Confirm offline_access is in the OAuth provider’s scopes, then have the user reconnect through the same consent flow. | ## [](#next-steps)Next steps - [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/) - [User-delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/) - [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/) - [Test MCP tools](https://docs.redpanda.com/agentic-data-plane/connect/test-tools/) --- # Page 29: Slack Managed MCP Server **URL**: https://docs.redpanda.com/agentic-data-plane/connect/managed/slack.md --- # Slack Managed MCP Server > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Slack Managed MCP Server page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: managed/slack page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: managed/slack.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/managed/slack.adoc # Beta release status page-beta: "true" description: Let agents read threads, post messages, and add reactions in your Slack workspace using a shared bot token or each end-user's own Slack identity through user-delegated OAuth. page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Configure the Slack managed MCP server with user-delegated OAuth learning-objective-2: Walk through the consent flow and verify the connection on the Connections page learning-objective-3: Send a test message through the Inspector page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- The **Slack** managed MCP server is the canonical user-delegated OAuth example for Redpanda ADP. Each agent caller authenticates against Slack with their own credentials, and Redpanda injects their token at call time: so messages posted by the agent appear as the user, not as a shared bot. After reading this page, you will be able to: - Configure the Slack managed MCP server with user-delegated OAuth - Walk through the consent flow and verify the connection on the Connections page - Send a test message through the Inspector ## [](#what-this-mcp-server-does)What this MCP server does The Slack managed type exposes the following tools: - `read_thread`: Read all messages in a thread, given a channel ID and thread timestamp. - `post`: Send a message to a channel, optionally as a threaded reply, using plain text or Block Kit blocks. - `react`: Add or remove an emoji reaction on a message. ## [](#prerequisites)Prerequisites Before you create the server, make sure you have: - A Slack workspace where you can install or authorize an OAuth app. - A Slack OAuth app registered (your own or a Redpanda-published reference app). - An [OAuth Provider](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#oauth-provider) configured in ADP under **OAuth Providers**, pointing at Slack’s authorize/token URLs and carrying the OAuth app’s client credentials. See [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/). - Familiarity with [Configure User-Delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/). ## [](#configure)Configure Create a new Slack MCP server in ADP: 1. Open **MCP Servers > Create Server**. 2. Pick **Slack** from the marketplace picker. 3. Fill in the identity fields (`name`, `description`). 4. In the Slack configuration form: - `Auth`: Choose a `Bot token` (a shared `xoxb-` token from the secret store) or `User-delegated OAuth` (per-user identity). - For `User-delegated OAuth`: Pick the Slack OAuth Provider you configured and set `Required scopes` for the tools you use (see [Authentication scopes](#authentication-scopes)). - `Post options` (optional): Toggle markdown formatting, link unfurling, media unfurling, and automatic link names. - `Reaction options` (optional): Maximum concurrent reaction calls. Defaults to 64. 5. Click **Create**. There’s no workspace field: the bot token or the user’s OAuth grant determines the workspace. ## [](#test-the-consent-flow)Test the consent flow After creating the server, run a tool that requires Slack authentication to verify the consent flow end-to-end: 1. Open the **Inspector** tab. 2. Run a tool that requires the user’s identity, for example `post`. 3. The first call returns `OAuthConnectionRequired` with a Slack `authorize_url`. The Inspector surfaces it as a consent prompt. 4. Click **Authorize**. You’re redirected to Slack; pick the workspace and approve the requested scopes. 5. Slack redirects back to ADP. Your connection now appears under **Connections**. 6. Re-run the original tool call. The message posts to Slack as your user. ## [](#authentication-scopes)Authentication scopes When you use user-delegated OAuth, the tools need Slack scopes that match what they do: - `post` needs `chat:write`. To post in channels the user isn’t a member of, add `chat:write.public`. - `read_thread` needs a history scope for the channel type, for example `channels:history` (public) or `groups:history` (private). - `react` needs `reactions:write`. Other gotchas: - `chat:write` is a _user_ scope; `chat:write.public` is separate. - Tokens are workspace-scoped: the same user authorizing twice across two workspaces produces two separate connections. ## [](#use-with-agents)Use with agents Once the server is created and at least one user has consented, you can point an agent at the **API URL** on the server’s detail page. Each user calling the agent will trigger their own consent flow if they haven’t connected yet. ## [](#troubleshooting)Troubleshooting Common symptoms and fixes: | Symptom | What to check | | --- | --- | | OAuthConnectionRequired even after consent | The token might be revoked or expired with no refresh. Check Connections; remove and re-add if needed. | | scope_upgrade_required | The server’s required scopes were widened after the user consented. The user re-consents to grant the new scope. | | "channel not found" on a channel the user can see in Slack | Reading a private channel’s thread needs the groups:history scope. Add it to the server’s required scopes and have users re-consent. | | invalid_auth from Slack | The OAuth Provider’s client credentials are wrong, or the OAuth app has been suspended in Slack. Check the provider config. | ## [](#limitations)Limitations This page does not cover: - **Configuring the Slack OAuth app**: Slack-side configuration (creating the app, picking redirect URIs, choosing scopes) happens in api.slack.com, not in ADP. - **Listing channels and looking up users**: Not exposed as tools. The server reads threads, posts messages, and adds reactions. --- # Page 30: SQL Managed MCP Server **URL**: https://docs.redpanda.com/agentic-data-plane/connect/managed/sql.md --- # SQL Managed MCP Server > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: SQL Managed MCP Server page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: managed/sql page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: managed/sql.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/managed/sql.adoc # Beta release status page-beta: "true" description: Query and write to SQL databases (PostgreSQL, MySQL, ClickHouse, SQL Server, and SQLite) through a managed MCP server hosted by Redpanda. page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Configure the SQL managed MCP server for your database learning-objective-2: Run a canonical SELECT query through the Inspector learning-objective-3: Pick the right driver and connection-string pattern for your database page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-09" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- The **SQL** managed MCP server gives agents read and write access to a SQL database through MCP. Redpanda runs the server in-process; you provide a connection string. Guardrails can restrict it to read-only. After reading this page, you will be able to: - Configure the SQL managed MCP server for your database - Run a canonical SELECT query through the Inspector - Pick the right driver and connection-string pattern for your database ## [](#what-this-mcp-server-does)What this MCP server does Redpanda’s SQL managed type proxies SQL statements to one of these database engines: - PostgreSQL (`postgres` or `pgx`) - MySQL / MariaDB - ClickHouse - Microsoft SQL Server (`mssql`) - SQLite (`sqlite3`) It exposes the following tools: - `query`: Run a read-only `SELECT` and return rows. Accepts positional parameters and an optional max-rows cap. - `execute`: Run a write statement (`INSERT`, `UPDATE`, `DELETE`, or DDL) and return the affected row count. Guardrails on the server config can restrict it: set `readonly` to disable `execute`, cap returned rows, restrict allowed schemas, block statement patterns, and set a per-query timeout. ## [](#prerequisites)Prerequisites - A SQL database reachable from the Agentic Data Plane. - A connection string (DSN) for the database, including the credentials. The DSN is stored as a sensitive value. ## [](#configure)Configure 1. Open **MCP Servers > Create Server**. 2. Pick **SQL** from the marketplace picker. 3. Fill in the identity fields (`name`, `description`). 4. In the SQL configuration form, provide: - `Driver`: One of `postgres`, `pgx`, `mysql`, `clickhouse`, `mssql`, or `sqlite3`. - `DSN`: The driver-specific connection string, including credentials. Stored as a sensitive value. - `Connection pool` (optional): Maximum open and idle connections, and connection lifetimes. - `Guardrails` (optional): `readonly` (disables `execute`), default and maximum row caps, a per-query timeout, allowed schemas, and blocked statement patterns. 5. Click **Create**. ## [](#test)Test After create, exercise the server through the Inspector tab. See [Test an MCP Server’s Tools with the Inspector](https://docs.redpanda.com/agentic-data-plane/connect/test-tools/). A canonical first call: 1. Open the **Inspector** tab. 2. In **Tools**, select the `query` tool. 3. Run `SELECT 1` (or your driver’s equivalent). Confirm a single-row response. 4. To list tables, run `query` against the catalog, for example `SELECT table_name FROM information_schema.tables` on PostgreSQL or MySQL. ## [](#authentication)Authentication The SQL managed type has no MCP-level authentication modes. Credentials are carried inside the `DSN` (connection string), which is stored as a sensitive value. Supply them the way your driver expects, for example `postgres://user:password@host:5432/dbname`. User-delegated OAuth and service-account OAuth are not supported for SQL: there’s no per-user identity model that maps to a database connection. ## [](#use-with-agents)Use with agents Once the SQL server is created, point an agent at the **API URL** on the server’s detail page. The agent sees the SQL tools alongside any other MCP servers it has access to. ## [](#troubleshooting)Troubleshooting | Symptom | What to check | | --- | --- | | connection refused from create | Database isn’t reachable from ADP. Confirm host, port, and any egress / firewall rules. | | authentication failed for user | Password reference points at the wrong secret, or the secret content is wrong. Re-create the secret with UPPER_SNAKE_CASE and verify it. | | Query timeout | Long-running queries exceed the configured timeout. Either tighten the query or raise the timeout on the server config. | | Tools list returns empty | The driver couldn’t introspect the schema. Verify the user has read access to information_schema (Postgres/MySQL) or the equivalent. | ## [](#limitations)Limitations - **Write access**: The `execute` tool runs writes and DDL unless `readonly` is set in the guardrails. Scope the database user’s permissions accordingly. - **Per-user database identities**: See [Authentication](#authentication). --- # Page 31: Workday Managed MCP Server **URL**: https://docs.redpanda.com/agentic-data-plane/connect/managed/workday.md --- # Workday Managed MCP Server > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Workday Managed MCP Server page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: managed/workday page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: managed/workday.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/managed/workday.adoc # Beta release status page-beta: "true" description: Drive Workday Human Resources business processes from an LLM agent. The Workday managed MCP wraps Workday's Human_Resources SOAP web services and authenticates with a service-account refresh-token grant. page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Configure the Workday managed MCP server with an Integration System User (ISU) refresh token learning-objective-2: Choose the right WSDL version and tenant settings learning-objective-3: Run a Change_Personal_Information business process from the Inspector or an agent page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- The **Workday** managed MCP server lets agents drive Workday Human Resources business processes (multi-step, approval-driven workflows like onboarding, hiring, and personal-info changes) through Workday’s `Human_Resources` SOAP API. After reading this page, you will be able to: - Configure the Workday managed MCP server with an Integration System User (ISU) refresh token - Choose the right WSDL version and tenant settings - Run a Change\_Personal\_Information business process from the Inspector or an agent ## [](#what-this-mcp-server-does)What this MCP server does Workday is a SaaS HR and payroll platform. Customer mutations land through **business processes**: multi-step, approval-driven workflows. Workday’s REST API covers a partial read-side surface, but the business processes themselves live behind the SOAP `Human_Resources` WSDL. This MCP wraps the SOAP surface so an LLM can drive a business process the same way it would call any other tool. It is **not** a generic Workday browser. There is no SQL/RaaS access, no report execution, and no general "search the tenant" tool. Each MCP tool maps 1:1 to one business process. The current build exposes a single tool, `change_personal_information`, with more business processes landing as customers ask for them. ## [](#authentication-model)Authentication model Workday’s `Human_Resources` SOAP API authenticates with the OAuth 2.0 **refresh-token grant** plus HTTP Basic on the token endpoint. Unlike most managed MCPs, this is a vendor-specific auth shape that doesn’t fit the shared `static_key`, `service_account_oauth`, or `user_delegated_oauth` modes; Workday uses an `oauth_refresh_token` variant. The MCP exchanges the refresh token (in the request body) plus `username:password` (HTTP Basic) for a short-lived access token at `https:///ccx/oauth2//token`, then sends `Authorization: Bearer ` on every SOAP call. Authentication is one ISU per MCP instance, not per end-user. Customers that need per-user-delegated access mount multiple MCP instances (one per ISU/scope), not multiple users behind one MCP. ## [](#prerequisites)Prerequisites Before you create the server, make sure you have: - A Workday tenant where you can create an Integration System User and register an API client - Admin access to **Workday > Create Integration System User** and **Workday > Register API Client for Integrations** - Two Redpanda ADP secret-store entries: - `WORKDAY_PASSWORD`: The ISU password. - `WORKDAY_REFRESH_TOKEN`: The non-expiring refresh token. ## [](#get-workday-credentials)Get Workday credentials Set up authentication on the Workday side before configuring the MCP: 1. **Create an Integration System User (ISU)** under **Workday > Create Integration System User**. Note the username; it usually ends up as `@`. 2. **Register an API Client for Integrations** under **Workday > Register API Client for Integrations**: - **Grant types**: Include both `Refresh Token` (required) and `Authorization Code`. Workday’s UX requires both to be checked even when only the refresh-token grant is used at runtime. - **Non-Expiring Refresh Tokens**: Tick this option. Required for static-credential MCP usage; if Workday rotates the refresh token on every exchange, the cached value goes stale and authentication breaks. - **Scope**: Include `Human Resources` (and any other functional areas your business processes touch). 3. **Issue a refresh token to the ISU** by completing the one-time authorization-code flow Workday walks you through, or by using **View API Clients > Manage Refresh Tokens for Integrations** to mint one directly. 4. Save four values: the `tenant`, the `host` (the Workday data-center hostname, for example `wd2-impl-services1.workday.com`), the ISU `username`, and the ISU `password`. Save the `refresh_token` separately. ## [](#configure)Configure Create a new Workday MCP server in ADP: 1. Open **MCP Servers > Create Server**. 2. Pick **Workday** from the marketplace picker. 3. Fill in identity fields (`name`, `description`). 4. In the Workday configuration form: | Field | Notes | | --- | --- | | Tenant | Your Workday tenant identifier, for example acme. | | Host | The Workday data-center hostname, for example wd2-impl-services1.workday.com. The MCP exchanges credentials at https:///ccx/oauth2//token. | | WSDL version | Optional; defaults to v46.0. Older tenants on v44.x or v45.x must set this explicitly to match the WSDL surface their tenant has enabled. | | Username | The ISU username (typically @). | | Password ref | Secret-store reference for the ISU password (UPPER_SNAKE_CASE). Example: WORKDAY_PASSWORD. | | Refresh token ref | Secret-store reference for the non-expiring refresh token (UPPER_SNAKE_CASE). Example: WORKDAY_REFRESH_TOKEN. | 5. Click **Create**. ### [](#configure-from-the-cli)Configure from the CLI ```bash rpk ai mcp create --name workday-hr --managed-config '{ "@type": "type.googleapis.com/redpanda.mcps.workday.v1.WorkdayMCPConfig", "tenant": "acme", "host": "wd2-impl-services1.workday.com", "wsdl_version": "v46.0", "oauth_refresh_token": { "username": "isu_user@acme", "password_secret_ref": "${secrets.WORKDAY_PASSWORD}", "refresh_token_secret_ref": "${secrets.WORKDAY_REFRESH_TOKEN}" } }' ``` ## [](#tools)Tools The Workday MCP exposes the following tools: | Tool | Description | | --- | --- | | change_personal_information | Kicks off the Change_Personal_Information business process for a worker. All fields except worker_id are optional. Only fields you set are sent to Workday, leaving the rest of the worker’s personal data unchanged. | ### [](#example-change-a-workers-date-of-birth-and-marital-status)Example: Change a worker’s date of birth and marital status ```bash curl -s https://aigw..clusters.rdpa.co/mcp/v1/workday-hr \ -H 'Content-Type: application/json' -d '{ "jsonrpc":"2.0","method":"tools/call","id":1, "params":{ "name":"change_personal_information", "arguments":{ "worker_id":"E1001", "worker_id_type":"Employee_ID", "effective_date":{"year":2026,"month":5,"day":1}, "date_of_birth":{"year":1990,"month":5,"day":20}, "marital_status":"Married" } } }' ``` Dates use the `google.type.Date` shape (`{year, month, day}`); a missing field, or one with `year: 0`, is treated as "unset" and Workday applies its own default (today, for `effective_date`). A successful response surfaces the Workday Event WID and confirms the worker WID: ```json { "result": { "content": [{ "type": "text", "text": "{\"event_wid\":\"ev-wid-001\",\"worker_wid\":\"worker-wid-002\",\"version\":\"v46.0\"}" }] } } ``` If Workday returns a SOAP Fault (validation error, missing permissions, worker not found), the MCP surfaces the `faultstring` as a structured tool error so the LLM can decide whether to retry or ask the user. ## [](#tenant-specific-values)Tenant-specific values `gender`, `marital_status`, and `citizenship_status_ids` accept Workday IDs from the **customer’s** tenant configuration. Common defaults like `Single` / `Married` and ISO country codes work in most tenants, but check Workday’s "Maintain Marital Status" and "Maintain Citizenship Status" reports if a value is rejected. ## [](#troubleshooting)Troubleshooting Common symptoms and fixes: | Symptom | What to check | | --- | --- | | 401 Unauthorized on token exchange | ISU credentials wrong, or the refresh token has been rotated. Confirm WORKDAY_PASSWORD and WORKDAY_REFRESH_TOKEN in the secret store are correct, and re-mint the refresh token in View API Clients > Manage Refresh Tokens for Integrations if needed. | | invalid_grant on every refresh | Non-Expiring Refresh Tokens was not checked when you registered the API client. Edit the client, tick the option, and re-mint the refresh token. | | SOAP fault: Invalid_Field_Value | A tenant-specific field ID (marital status, citizenship status, ethnicity) doesn’t match what your tenant accepts. Check the corresponding "Maintain …​" report in Workday for the exact IDs. | | SOAP fault: Insufficient_Permissions | The ISU lacks rights for the business process you’re invoking. Grant the relevant security domain on the ISU’s security group. | | SOAP fault: Worker_Not_Found | The worker_id plus worker_id_type doesn’t resolve. Verify the type (Employee_ID, Workday_ID, Contingent_Worker_ID) and the value. | ## [](#limitations)Limitations This page does not cover: - **Per-user-delegated access**: Workday authentication is one shared ISU per MCP. For per-user identities, mount multiple MCP instances (one per ISU/scope). - **Custom report execution**: This MCP wraps SOAP business processes, not reports. Use Workday RaaS or the report API for custom reports. - **Read-side data exploration**: There is no general _search Workday_ tool. Add specific business-process tools as needed. ## [](#next-steps)Next steps - [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/) - [Test a server’s tools](https://docs.redpanda.com/agentic-data-plane/connect/test-tools/) --- # Page 32: Zendesk Managed MCP Server **URL**: https://docs.redpanda.com/agentic-data-plane/connect/managed/zendesk.md --- # Zendesk Managed MCP Server > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Zendesk Managed MCP Server page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: managed/zendesk page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: managed/zendesk.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/managed/zendesk.adoc # Beta release status page-beta: "true" description: Search and manage Zendesk Support tickets, users, and Help Center articles. Service-account API token or per-user OAuth, plus token-efficient response shaping for LLM agents. page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Configure the Zendesk managed MCP server in API-token or User-OAuth mode learning-objective-2: Pick the right scopes and Zendesk role for your workflows learning-objective-3: Search, read, create, and update tickets from the Inspector or an agent page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- The **Zendesk** managed MCP server lets agents search, read, create, and update tickets in your Zendesk Support instance, look up users and organizations, and search, read, create, and update Help Center articles. After reading this page, you will be able to: - Configure the Zendesk managed MCP server in API-token or User-OAuth mode - Pick the right scopes and Zendesk role for your workflows - Search, read, create, and update tickets from the Inspector or an agent ## [](#what-this-mcp-server-does)What this MCP server does Wraps the Zendesk REST API. The following authentication modes are supported: - **API token (Basic authentication)**: A long-lived agent token paired with the agent’s email. Best for service-account-style use. - **User OAuth**: Per-user Zendesk OAuth tokens resolved from the gateway’s [token vault](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#token-vault). Best when you want each agent action attributed to the calling end-user. Responses are curated for token efficiency: HATEOAS URLs, transport metadata, and rarely-used fields are dropped before reaching the LLM. Related users, groups, and organizations are resolved into nested ref objects through Zendesk side-loading (single round trip), and Help Center article HTML is converted to GitHub-flavored markdown. Typical responses are 3–7× smaller than raw Zendesk JSON. It is **not** intended for Zendesk admin operations (managing macros, triggers, ticket forms, custom fields, schedules, or SLAs); use the Zendesk Admin Center or a Terraform provider for those. ## [](#prerequisites)Prerequisites Before you create the server, make sure you have: - A Zendesk Support instance. - For **API token** mode: ability to create an API token under **Apps and integrations > APIs > Zendesk API**. - For **User OAuth** mode: a Zendesk OAuth client and an [OAuth Provider](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#oauth-provider) configured in Redpanda ADP. See [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/). ## [](#get-zendesk-credentials)Get Zendesk credentials ### [](#option-1-api-token-recommended-for-service-accounts)Option 1: API token (recommended for service accounts) 1. In the Zendesk Admin Center, go to **Apps and integrations > APIs > Zendesk API**. 2. On the **Settings** tab, enable **Token access**. 3. Click **Add API token**, give it a descriptive label (for example, `redpanda-ai-gateway`), and copy the token value. It is shown only once. 4. Note the **agent email** the token will act as (the email of the user who created the token). The HTTP Basic authentication string the MCP builds is `base64(/token:)`. The `/token` literal is Zendesk’s API-token quirk. 5. Store the token in the ADP secret store under a name like `ZENDESK_API_TOKEN`. **Required role**: Agents and Admins can use the API. Most ticket operations work for the Agent role; reading users with `search_users` requires Light Agent or higher; Help Center search works for any authenticated user. ### [](#option-2-user-oauth)Option 2: User OAuth For per-user authentication, register an OAuth client on Zendesk and a matching OAuth Provider in ADP: 1. Configure a Zendesk OAuth client under **Apps and integrations > APIs > OAuth Clients** (Confidential client, Authorization Code grant). 2. Register a matching OAuth Provider in ADP. See [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/). Use Zendesk’s authorize and token endpoints. 3. Each end-user authenticates once through the OAuth flow; tokens are stored in the gateway’s token vault. **Required scopes**: `read tickets:write hc:read hc:write` covers all tools. Drop `tickets:write` (ticket writes) and `hc:write` (article create/update) if the MCP only needs to read. ## [](#configure)Configure Create a new Zendesk MCP server in ADP: 1. Open **MCP Servers > Create Server**. 2. Pick `Zendesk` from the marketplace picker. 3. Fill in identity fields (`name`, `description`). 4. In the Zendesk configuration form: | Field | Notes | | --- | --- | | subdomain | Your Zendesk subdomain (the part before .zendesk.com). For acme.zendesk.com, set this to acme. | | auth | basic_auth for API-token mode, or user_oauth for per-user mode. | | basic_auth (API-token mode) | username (agent email used with the API token, for example agent@acme.com) and password_secret_ref (secret-store reference for the API token, UPPER_SNAKE_CASE). | | user_oauth (User-OAuth mode) | provider_name (the Zendesk OAuth Provider you configured) and the minimum required scopes (read, tickets:write, hc:read, hc:write covers all tools). | 5. Click **Create**. ### [](#configure-from-the-cli)Configure from the CLI For a managed server, set the auth method inside the `--managed-config` JSON. The `auth` field is required. #### API-token mode ```bash rpk ai mcp create --name acme-zendesk --managed-config '{ "@type": "type.googleapis.com/redpanda.mcps.zendesk.v1.ZendeskMCPConfig", "subdomain": "acme", "basic_auth": { "username": "agent@acme.com", "password_secret_ref": "ZENDESK_API_TOKEN" } }' ``` #### User-OAuth mode ```bash rpk ai mcp create --name acme-zendesk-oauth --managed-config '{ "@type": "type.googleapis.com/redpanda.mcps.zendesk.v1.ZendeskMCPConfig", "subdomain": "acme", "user_oauth": { "provider_name": "zendesk-prod", "required_scopes": ["read", "tickets:write", "hc:read"] } }' ``` ## [](#tools)Tools The Zendesk MCP exposes tools across tickets, users, organizations, and Help Center articles. Article writes (`create_article`, `update_article`) require the `hc:write` scope (User-OAuth mode) or a Help Center manager role (API-token mode): | Tool | Description | | --- | --- | | search_tickets | Search tickets with Zendesk’s search syntax (status:open priority:high tags:bug). The handler enforces a type:ticket qualifier and post-filters results, so non-ticket records can never leak through. | | list_tickets | Filter tickets by discrete fields (status, assignee_id, group_id). Faster than search_tickets and not subject to the search-API quota. Prefer this for "show me all open tickets assigned to X" workflows. | | get_ticket | Fetch a single ticket by ID with side-loaded requester, submitter, assignee, group, and organization. Set include_comments=true to embed up to 500 comments inline in the same response. | | list_ticket_comments | List the comment thread on a ticket with explicit pagination. Use this when the thread exceeds 500 comments; otherwise prefer get_ticket with include_comments=true. | | create_ticket | Open a new ticket (subject, description, optional priority/type/assignee/group/tags). Subject ≤150 chars, description ≤65536 chars, tags ≤50 chars each. | | update_ticket | Modify a ticket: status, priority, type, assignee, group, tags. Optionally append a public or internal comment in the same call. Distinct tags (replace) / add_tags / remove_tags fields. | | search_users | Find a Zendesk user by name, email, or other user-search fields. Returns full User objects. | | get_user | Fetch a single user by ID. Used to drill into a UserRef from a side-load when the agent needs the full User shape. | | list_organizations | List organizations in the Zendesk account. | | get_organization | Fetch a single organization by ID. Drills into an OrganizationRef from a side-load. | | search_articles | Search Help Center articles. Body is converted from HTML to GitHub-flavored markdown (tables included). | | get_article | Fetch a single Help Center article by ID. | | create_article | Create a new Help Center article from markdown (converted to HTML on upload), with an optional list of labels. The article is always created as a draft, so a human must publish it in Zendesk. | | update_article | Update an existing Help Center article. Only the fields you send change; omitted fields are left as-is. Markdown is converted to HTML on upload, and you can toggle draft status or clear all labels by sending an empty label list. | ### [](#example-triage-open-tickets)Example: Triage open tickets ```bash curl -s https://aigw..clusters.rdpa.co/mcp/v1/acme-zendesk \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": { "name": "search_tickets", "arguments": { "query": "status:open priority:urgent", "max_results": 10 } } }' ``` ### [](#example-solve-a-ticket-with-a-closing-comment)Example: Solve a ticket with a closing comment ```bash curl -s https://aigw..clusters.rdpa.co/mcp/v1/acme-zendesk \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "jsonrpc": "2.0", "id": 2, "method": "tools/call", "params": { "name": "update_ticket", "arguments": { "ticket_id": 12345, "status": "solved", "add_tags": ["resolved-by-agent"], "comment": { "body": "Resetting your password should fix this. Reopen if it persists.", "public": true } } } }' ``` ### [](#example-read-a-ticket-with-its-full-comment-thread)Example: Read a ticket with its full comment thread For "summarize this ticket" flows, inline the comments: ```bash curl -s https://aigw..clusters.rdpa.co/mcp/v1/acme-zendesk \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "jsonrpc": "2.0", "id": 4, "method": "tools/call", "params": { "name": "get_ticket", "arguments": { "ticket_id": 12345, "include_comments": true } } }' ``` The handler follows Zendesk’s `next_page` URLs only when they point at the same host as the configured subdomain, so pagination cannot be hijacked by a malicious upstream response. ## [](#troubleshooting)Troubleshooting Common symptoms and fixes: | Symptom | What to check | | --- | --- | | 401 Unauthorized (API-token mode) | Confirm ZENDESK_API_TOKEN content matches the value Zendesk showed at token creation, and the Username field is the agent email of the user who created the token. | | 403 Forbidden on search_users | The agent role on Zendesk’s side is below Light Agent. Upgrade the role or use API-token mode with a Light Agent or Admin email. | | OAuthConnectionRequired (User-OAuth mode) | First call from a user with no stored token. The user completes Zendesk’s OAuth consent flow, the token lands in the vault, and subsequent calls reuse it. See User-delegated OAuth. | | scope_upgrade_required (User-OAuth mode) | Server’s required_scopes was extended after users had already consented. Users re-consent with the higher scope. | | Search returns non-ticket records | Cannot happen: the handler enforces a type:ticket qualifier and post-filters results. If you see something unexpected, file an issue. | ## [](#limitations)Limitations This page does not cover: - **Zendesk admin operations**: Managing macros, triggers, ticket forms, custom fields, schedules, or SLAs. Use the Zendesk Admin Center or a Terraform provider. - **Voice / chat / Talk**: This MCP wraps Support tickets and Help Center; voice and chat are separate Zendesk products with their own APIs. ## [](#next-steps)Next steps - [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/) - [User-delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/) - [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/) --- # Page 33: How MCP Servers Work **URL**: https://docs.redpanda.com/agentic-data-plane/connect/mcp-overview.md --- # How MCP Servers Work > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: How MCP Servers Work latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: mcp-overview page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: mcp-overview.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/mcp-overview.adoc description: Connect AI agents to your databases, APIs, and business systems through managed MCP servers Redpanda hosts for you, or self-managed servers you register with ADP. page-topic-type: overview personas: agent_builder, platform_engineer learning-objective-1: Explain how AI agents connect to tools through MCP servers in ADP learning-objective-2: Distinguish managed from self-managed MCP server backends and choose the right type for your use case learning-objective-3: Identify key MCP capabilities including tool discovery, authentication, and code mode page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- The Model Context Protocol (MCP) is how AI agents talk to tools. In the Agentic Data Plane, you create **MCP Servers** that agents can connect to. Each MCP server exposes a set of [tools](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#tool), [resources](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#resource), and [prompts](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#prompt) that an agent can discover at runtime through `tools/list` and invoke through structured JSON-RPC calls. Redpanda handles upstream credentials, authentication flows, observability, and aggregation, so you can focus on what your agents do, not on the plumbing. After reading this page, you will be able to: - Explain how AI agents connect to tools through MCP servers in ADP - Distinguish managed from self-managed MCP server backends and choose the right type for your use case - Identify key MCP capabilities including tool discovery, authentication, and code mode Redpanda offers two kinds of MCP server backends: | Backend | When to use | | --- | --- | | Managed | Redpanda hosts the server in-process. You pick a type from the marketplace (SQL, Kafka, Slack, Jira, OpenAPI, and many more) and configure it with your credentials. No infrastructure to run. | | Self-managed | You already run an MCP server somewhere and want Redpanda to proxy it for authentication, observability, aggregation, and agent access. Redpanda fronts your server with a managed URL and resolves authentication at the gateway. | The default catalog covers databases, cloud and productivity services, streaming systems, and communication tools. See [Managed catalog](https://docs.redpanda.com/agentic-data-plane/connect/managed/managed-catalog/) for the full list. ## [](#when-to-use-each)When to use each | Concern | Managed | Self-managed | | --- | --- | --- | | Infrastructure ownership | Redpanda hosts and operates | You host and operate | | Upstream credentials | Redpanda secret store; per-type schema | Redpanda secret store or token vault; you control the upstream authentication | | Custom tool logic | Limited to what the type exposes | Anything the MCP protocol supports | | Startup latency | In-process; effectively zero | Network round-trip to your endpoint | | Upgrade cadence | Redpanda manages | You manage | ## [](#whats-in-redpanda-adp)What’s in Redpanda ADP ADP has these top-level areas: - **LLM Providers**: OpenAI, Anthropic, Bedrock, Google AI, OpenAI-compatible endpoints. See [Configure your LLM provider](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/). - **MCP Servers**: You are here. Both managed and self-managed servers live in this list. - **OAuth Providers**: Reusable upstream OAuth provider definitions used by user-delegated MCP authentication. See [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/). - **OAuth Clients**: External tools registered to request access tokens from the gateway. See [Connect Remote MCP Clients](https://docs.redpanda.com/agentic-data-plane/connect/remote-mcp-clients/). - **Connections**: Per-user OAuth connections for user-delegated MCP servers. See [User-delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/). ## [](#key-capabilities)Key capabilities - **Tool discovery**: After you create or register a server, Redpanda performs a live `tools/list` against it and populates the server’s detail page so you can see which tools are visible to agents. - **Service-account and user-delegated authentication**: Pick a single shared upstream identity for all callers, or have each end-user authenticate against the upstream system with their own credentials. - **Code mode**: For a server with a large tool catalog, turn on code mode to expose just two tools, `search` and `execute`, so an agent can find tools by regex and run them through a JavaScript sandbox instead of loading every tool definition into its context. See [Code Mode](https://docs.redpanda.com/agentic-data-plane/gateway/code-mode/). - **Inspector**: Test each tool, resource, and prompt directly from ADP before pointing an agent at the server. See [Test a server’s tools](https://docs.redpanda.com/agentic-data-plane/connect/test-tools/). ## [](#next-steps)Next steps - [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/) - [Register a Self-Managed MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/register-remote/) - [Plug in an App, Database, or Tool](https://docs.redpanda.com/agentic-data-plane/connect/managed/managed-catalog/) --- # Page 34: Connect Tools with MCP Servers **URL**: https://docs.redpanda.com/agentic-data-plane/connect/mcp-servers.md --- # Connect Tools with MCP Servers > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Connect Tools with MCP Servers latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: mcp-servers page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: mcp-servers.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/mcp-servers.adoc description: Learn how MCP servers expose tools and data to agents, then plug in a managed type or build, register, and test your own. page-git-created-date: "2026-06-01" page-git-modified-date: "2026-06-08" --- MCP servers expose tools and data to your agents. Plug in a managed type from the catalog, or build, register, and test a server of your own. - [How MCP Servers Work](https://docs.redpanda.com/agentic-data-plane/connect/mcp-overview/) Connect AI agents to your databases, APIs, and business systems through managed MCP servers Redpanda hosts for you, or self-managed servers you register with ADP. - [Plug in an App, Database, or Tool](https://docs.redpanda.com/agentic-data-plane/connect/managed/managed-catalog/) Reference of every managed MCP server type Redpanda hosts in-process, grouped by category, with display name, description, and a link to a setup guide where one exists. - [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/) Create an MCP server in the Agentic Data Plane by picking a managed type from the marketplace or registering a self-managed server you host yourself, then configure authentication, code mode, and access. - [Register a Self-Managed MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/register-remote/) Front your own MCP server with a managed Redpanda URL. Pick a transport, configure authentication, and let agents discover the server's tools through Redpanda. - [Test an MCP Server’s Tools with the Inspector](https://docs.redpanda.com/agentic-data-plane/connect/test-tools/) Use the Inspector tab to call tools, inspect resources and prompts, and verify your MCP server works without standing up an agent. - [Code Mode](https://docs.redpanda.com/agentic-data-plane/gateway/code-mode/) Turn on code mode for an MCP server to replace a large tool catalog with two tools, search and execute, and cut the token cost of tool-heavy servers. --- # Page 35: Configure an OAuth Provider **URL**: https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers.md --- # Configure an OAuth Provider > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Configure an OAuth Provider latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: oauth-providers page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: oauth-providers.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/oauth-providers.adoc description: Register an OAuth provider in ADP so MCP servers can authenticate users (or service accounts) against an upstream system like Slack, Jira, GitHub, or Salesforce. page-topic-type: how-to personas: platform_engineer, security_compliance_lead learning-objective-1: Register an OAuth provider for an upstream system you want MCP servers to authenticate against learning-objective-2: Grant the right permissions so principals can attach the provider to MCP servers learning-objective-3: Edit, rotate credentials on, or delete an OAuth provider page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-15" --- Register an OAuth provider so AI Gateway can authenticate against an upstream system on behalf of users or service accounts. Any MCP server for that upstream attaches to the provider instead of managing its own credentials. After completing this guide, you will be able to: - Register an OAuth provider for an upstream system you want MCP servers to authenticate against - Grant the right permissions so principals can attach the provider to MCP servers - Edit, rotate credentials on, or delete an OAuth provider > ❗ **IMPORTANT** > > OAuth providers and OAuth clients govern **opposite directions** of authentication and are separate resources. > > - An **OAuth provider** (this page) governs **outbound** authentication: AI Gateway authenticating to an upstream system (GitHub, Slack, Salesforce, and so on) on a user’s behalf so MCP servers can call that upstream. > > - An **OAuth client** governs **inbound** authentication: an external app (Claude Desktop, ChatGPT, Copilot Studio) authenticating to AI Gateway so the app’s users can invoke MCP tools. > > > The two live under separate sidebar entries (**OAuth Providers** and **OAuth Clients**) with separate API definitions, permissions, and lifecycles. To register or manage an OAuth client (including revoking its refresh tokens to force a re-sign-in), see [Connect remote MCP clients to AI Gateway](https://docs.redpanda.com/agentic-data-plane/connect/remote-mcp-clients/). ## [](#prerequisites)Prerequisites Before you register the provider, make sure you have: - An OAuth 2.0 application registered with the upstream provider, with the gateway’s redirect URI configured. The redirect URI is the AI Gateway’s OAuth callback (typically `https://aigw..clusters.rdpa.co/oauth/v1/callback`). - The OAuth app’s **client ID** and **client secret**. - A secret already created in the Redpanda ADP secret store for the client secret. Secret references must be `UPPER_SNAKE_CASE`, for example `SLACK_CLIENT_SECRET`. - The list of **scopes** the upstream API needs. Include every scope any MCP server attached to this provider may need; users re-consent when scopes are added later. ## [](#required-permissions)Required permissions OAuth providers are governed by their own permission set. Granting create/update/delete to an admin role is independent from granting attach to MCP-editor roles. | Permission | Allows | | --- | --- | | dataplane_aigateway_oauthprovider_create | Create new OAuth providers. | | dataplane_aigateway_oauthprovider_get | Read existing OAuth providers. | | dataplane_aigateway_oauthprovider_update | Edit an existing OAuth provider’s endpoints, scopes, or credentials. | | dataplane_aigateway_oauthprovider_delete | Delete an OAuth provider. | | dataplane_aigateway_oauthprovider_attach | Required to attach this provider to an MCP server. Enforced as a sub-resource check in CreateMCPServer and UpdateMCPServer whenever authConfig.userOauth.provider_name is set or swapped. Without this permission, a principal with mcpserver_update could otherwise bind any provider’s token vault to an MCP they control and indirectly consume its tokens. | > 📝 **NOTE** > > The `_attach` permission is independent from `_get`, `_create`, `_update`, and `_delete`. Grant it only to roles that need to bind a given provider’s token vault to an MCP server. ## [](#browse-oauth-providers)Browse OAuth providers The **OAuth Providers** page lists every provider registered in your organization. The list shows the following columns: | Column | What it shows | | --- | --- | | Name | The provider’s machine identifier (used in MCP server configuration to attach this provider). | | Grant types | A badge per grant type. Typically Browser consent for user-delegated OAuth. | | Status | Enabled or Disabled. | | Scopes | A chip list of the supported scopes, for example read:user, repo, read:org for a GitHub provider. | A **Filter** button narrows the list. The **Create provider** button opens the create form. ## [](#register-an-oauth-provider-in-the-ui)Register an OAuth provider in the UI Walk through the create form to register the upstream: 1. Open **OAuth Providers** in the sidebar. 2. Click **Create provider**. 3. Pick a preset from the catalog, or choose **Custom Provider** to enter the endpoints yourself. Picking a preset pre-fills the standard authorization and token endpoints and recommended scopes. The catalog groups presets into categories you can filter with the category chips: **Identity & SSO**, **Code & Dev**, **Productivity**, **Files & Storage**, **Communication**, **CRM & Support**, **Data Platform**, **Observability**, **Infrastructure**, and **HR & Legal**. It covers common providers across these categories, such as GitHub, Google, Okta, Microsoft, and Slack, with more added over time. For any upstream without a preset, use **Custom Provider** and enter its endpoints manually. 4. Fill in the identity fields: | Field | Required | Notes | | --- | --- | --- | | Name | Yes | Lowercase letters, numbers, and hyphens only. Used to reference the provider in MCP server configuration. Immutable after create. | | Display name | Yes | Human-readable label shown in the UI. | | Authorization endpoint | Yes | The upstream’s OAuth authorize URL, for example https://slack.com/oauth/v2/authorize. | | Token endpoint | Yes | The upstream’s OAuth token URL, for example https://slack.com/api/oauth.v2.access. | | Revocation endpoint | No | RFC 7009 token-revocation URL. When set, the gateway calls it on disconnect (best-effort). Not all providers support this. | 5. Pick a `Grant type`: - **Browser Consent**: The user approves access in their browser (OAuth 2.0 Authorization Code flow). The default for user-delegated OAuth. - **Token Exchange**: RFC 8693 server-to-server token exchange. Shown in the form but not yet functional (future release); the gateway exchanges the user’s identity-provider JWT for a provider-scoped token without browser interaction. 6. Pick a `Token-endpoint authentication method`: - **HTTP Basic**: `client_id:client_secret` sent as the Basic authentication header. Most common. - **POST body**: Credentials sent as form fields in the token-request body. - **None**: For public clients that rely on PKCE only. Pick this when the upstream OAuth app is registered as a public client and AI Gateway authenticates by proving possession of a PKCE code verifier rather than a stored client secret. Leave the client-secret reference unset. 7. Provide the `Client ID` and a `Client Secret Ref` (a secret-store key in `UPPER_SNAKE_CASE`, for example `SLACK_CLIENT_SECRET`). Use the **Existing** tab to pick a secret already in the store, or **New** to create one inline. Leave the reference empty only for public clients that authenticate with PKCE. 8. Define the `Scopes`. Include every scope any MCP server may need. 9. Optionally turn on `Require PKCE` to add PKCE (RFC 7636) to the consent flow. Leave `Enabled` on so the provider can start consent flows. 10. Click **Create Provider**. The provider appears in the **OAuth Providers** list. ## [](#register-from-the-cli)Register from the CLI Use [`rpk ai`](https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai/) to script provider registration: ```bash rpk ai oauth create \ --name ramp \ --display-name "Ramp" \ --auth-endpoint "https://app.ramp.com/v1/authorize" \ --token-endpoint "https://api.ramp.com/developer/v1/token" \ --client-id "$RAMP_CLIENT_ID" \ --client-secret-ref RAMP_CLIENT_SECRET \ --scopes "transactions:read,cards:read,users:read" ``` | Flag | Notes | | --- | --- | | --name | Resource name. Lowercase letters, numbers, hyphens. Immutable. Required. | | --display-name | Human-readable display name shown in the UI. Required. | | --auth-endpoint | OAuth authorization endpoint URL. Required. | | --token-endpoint | OAuth token endpoint URL. Required. | | --client-id | Client ID from the upstream OAuth app. Required. | | --client-secret-ref | Secret-store reference (UPPER_SNAKE_CASE). | | --scopes | Comma-separated scope list. | | --grant-types | Grant types: browser-consent (default), token-exchange. Comma-separated. | | --token-auth-method | Token-endpoint authentication method: client-secret-basic (default), client-secret-post, none. | | --pkce | Require PKCE for authorization code grants. | | --revocation-endpoint | OAuth token revocation endpoint URL. | | --enabled | Whether the provider is enabled (default true). | ## [](#attach-to-an-mcp-server)Attach to an MCP server To attach an OAuth provider to an MCP server, the principal needs `dataplane_aigateway_oauthprovider_attach` on the named provider plus the usual `mcpserver_create` / `mcpserver_update` permission. See [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/) for the full attach flow and [User-delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/) for the consent flow that runs on first call. ## [](#view-provider-details)View provider details Click a provider in the list to open its detail page. The header shows the display name, status badge, and resource name, with **Connect**, **Edit**, and **Delete** actions. The page groups the configuration into cards: - **Authorization Callback URL**: The gateway callback to register on the upstream OAuth app. - **OAuth Endpoints**: The authorization, token/refresh, and revocation endpoints. - **Client Configuration**: Client ID, Client Secret Ref, Auth Method, and whether PKCE is required. - **Scopes & Grant Types**: The default scopes and grant types. - **Metadata**: When the provider was created and last updated. ## [](#edit-and-rotate-credentials)Edit and rotate credentials You can change the provider’s configuration or rotate its client secret without re-creating the resource: - **Edit**: Open the provider’s detail page and click **Edit**. Endpoints, scopes, display name, and the client-secret reference can change. The `Name` is immutable. - **Rotate credentials**: Update the secret content in the secret store under the same name (for example, `SLACK_CLIENT_SECRET`). The provider’s reference is unchanged. Existing tokens in the vault stay valid; the new client secret is used the next time AI Gateway exchanges credentials. - **Disable temporarily**: Deleting the provider invalidates every MCP server’s connections that reference it, so disable the dependent MCP servers first if you want to pause traffic without losing user consent. ## [](#delete-a-provider)Delete a provider Deleting an OAuth provider: - Removes the provider record. - Causes every MCP server that referenced it to fail authentication on the next call (the `provider_name` reference no longer resolves). - Leaves user-stored tokens in the vault until garbage-collected, but they’re unusable without the provider definition. Plan the deletion: disable or reconfigure dependent MCP servers first, communicate the cutover to users so they can re-consent against a replacement provider, then delete. ## [](#troubleshooting)Troubleshooting Common symptoms and fixes: | Symptom | What to check | | --- | --- | | PermissionDenied when creating an MCP server with this provider attached | The principal lacks dataplane_aigateway_oauthprovider_attach on this provider. Have an admin grant the permission, or delegate the attach to a role that already has it. | | Consent flow fails with redirect_uri_mismatch | The OAuth app’s registered redirect URI doesn’t match the gateway’s callback. Update the upstream OAuth app to include https://aigw..clusters.rdpa.co/oauth/v1/callback. | | invalid_client during token exchange | Client ID or client secret is wrong, or the Token-endpoint authentication method doesn’t match what the upstream expects. Check the upstream OAuth app’s settings. | | invalid_scope during consent | A scope in Supported scopes isn’t valid for the upstream. Check the upstream’s scope reference and remove or rename the offending scope. | ## [](#next-steps)Next steps - [User-delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/) - [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/) - [Plug in an App, Database, or Tool](https://docs.redpanda.com/agentic-data-plane/connect/managed/managed-catalog/) --- # Page 36: Integrate with Redpanda Pipelines **URL**: https://docs.redpanda.com/agentic-data-plane/connect/pipeline-integration-patterns.md --- # Integrate with Redpanda Pipelines > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Integrate with Redpanda Pipelines latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: pipeline-integration-patterns page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: pipeline-integration-patterns.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/pipeline-integration-patterns.adoc description: Build Redpanda Connect pipelines that invoke agents for event-driven processing and streaming enrichment. page-topic-type: best-practices personas: agent_builder, platform_engineer learning-objective-1: Identify when pipelines should call agents for stream processing learning-objective-2: Design event-driven agent invocation using the a2a_message processor learning-objective-3: Implement streaming enrichment with AI-generated fields page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- Build Redpanda Connect pipelines that invoke agents for automated, event-driven processing. Pipelines use the `a2a_message` processor to call agents for each event in a stream when you need AI reasoning, classification, or enrichment at scale. After reading this page, you will be able to: - Identify when pipelines should call agents for stream processing - Design event-driven agent invocation using the `a2a_message` processor - Implement streaming enrichment with AI-generated fields This page focuses on pipelines calling agents (pipeline-initiated integration). For agents invoking MCP tools, see [Agent needs capabilities](https://docs.redpanda.com/agentic-data-plane/connect/integration-overview/#agent-needs-capabilities). For external applications calling agents, see [External system calls agent](https://docs.redpanda.com/agentic-data-plane/connect/integration-overview/#external-system-calls-agent). ## [](#how-pipelines-invoke-agents)How pipelines invoke agents Pipelines use the [`a2a_message`](https://docs.redpanda.com/cloud-data-platform/develop/connect/components/processors/a2a_message/) processor to invoke agents for each event in a stream. The processor uses the [A2A protocol](https://docs.redpanda.com/agentic-data-plane/connect/a2a-concepts/) to discover and communicate with agents. When the `a2a_message` processor receives an event, it sends the event data to the specified agent along with any prompt you provide. The agent processes the event using its reasoning capabilities and returns a response. The processor then adds the agent’s response to the event for further processing or output. The pipeline determines when to invoke agents based on events, not agent reasoning. ## [](#when-to-use-this-pattern)When to use this pattern Use the `a2a_message` processor when pipelines need AI reasoning for every event in a stream. The `a2a_message` processor is appropriate when: - **Every event needs AI analysis:** Each message requires reasoning, classification, or decision-making. - **You need streaming enrichment:** Add AI-generated fields to events at scale. - **Processing is fully automated:** No human in the loop, event-driven workflows. - **Batch latency is acceptable:** Agent reasoning time is tolerable for your use case. - **You’re handling high-volume streams:** Processing thousands or millions of events. ## [](#use-cases)Use cases Use the `a2a_message` processor in pipelines for these common patterns. ### [](#event-driven-agent-invocation)Event-driven agent invocation Use this pattern for real-time fraud detection on every transaction. Invoke agents automatically for each event: ```yaml # Event-driven agent invocation pipeline # Invokes an agent for each event in a stream input: redpanda: seed_brokers: ["${REDPANDA_BROKERS}"] topics: [transactions] consumer_group: fraud-detector tls: enabled: true sasl: - mechanism: SCRAM-SHA-256 username: "${REDPANDA_USERNAME}" password: "${REDPANDA_PASSWORD}" pipeline: processors: - a2a_message: agent_card_url: "${AGENT_CARD_URL}" prompt: "Analyze this transaction: ${!content()}" output: redpanda: seed_brokers: ["${REDPANDA_BROKERS}"] topic: fraud-alerts tls: enabled: true sasl: - mechanism: SCRAM-SHA-256 username: "${REDPANDA_USERNAME}" password: "${REDPANDA_PASSWORD}" ``` Replace `AGENT_CARD_URL` with your actual agent card URL. See [Agent card location](https://docs.redpanda.com/agentic-data-plane/connect/a2a-concepts/#agent-card-location). ### [](#streaming-data-enrichment)Streaming data enrichment Use this pattern to add sentiment scores to every customer review in real time. Add AI-generated metadata to events: ```yaml processors: - branch: request_map: 'root = this.text' processors: - a2a_message: agent_card_url: "${AGENT_CARD_URL}" result_map: 'root.sentiment = content()' ``` Replace `AGENT_CARD_URL` with your actual agent card URL. See [Agent card location](https://docs.redpanda.com/agentic-data-plane/connect/a2a-concepts/#agent-card-location). ### [](#asynchronous-workflows)Asynchronous workflows Use this pattern for nightly batch summarization of reports where latency is acceptable. Process events in the background: ```yaml input: redpanda: seed_brokers: ["${REDPANDA_BROKERS}"] topics: [daily-reports] consumer_group: report-analyzer tls: enabled: true sasl: - mechanism: SCRAM-SHA-256 username: "${REDPANDA_USERNAME}" password: "${REDPANDA_PASSWORD}" pipeline: processors: - a2a_message: agent_card_url: "${AGENT_CARD_URL}" prompt: "Summarize this report: ${!content()}" ``` Replace `AGENT_CARD_URL` with your actual agent card URL. See [Agent card location](https://docs.redpanda.com/agentic-data-plane/connect/a2a-concepts/#agent-card-location). ### [](#multi-agent-pipeline-orchestration)Multi-agent pipeline orchestration Use this pattern to translate feedback, analyze sentiment, and route it to the appropriate team. Chain multiple agents in sequence: ```yaml processors: - a2a_message: agent_card_url: "${TRANSLATOR_AGENT_URL}" - a2a_message: agent_card_url: "${SENTIMENT_AGENT_URL}" - a2a_message: agent_card_url: "${ROUTER_AGENT_URL}" ``` Replace the agent URL variables with your actual agent card URLs. See [Agent card location](https://docs.redpanda.com/agentic-data-plane/connect/a2a-concepts/#agent-card-location). ### [](#agent-as-transformation-node)Agent as transformation node Use this pattern to convert natural language queries to SQL for downstream processing. Use agent reasoning for complex transformations: ```yaml processors: - a2a_message: agent_card_url: "${AGENT_CARD_URL}" prompt: "Convert to SQL: ${!this.natural_language_query}" ``` Replace `AGENT_CARD_URL` with your actual agent card URL. See [Agent card location](https://docs.redpanda.com/agentic-data-plane/connect/a2a-concepts/#agent-card-location). ## [](#when-not-to-use-this-pattern)When not to use this pattern Do not use the `a2a_message` processor when: - Users need to interact with agents interactively. - The transformation is simple and does not require AI reasoning. - Agents need to dynamically decide what data to fetch based on context. For a detailed comparison between pipeline-initiated and agent-initiated integration patterns, see [Pattern comparison](https://docs.redpanda.com/agentic-data-plane/connect/integration-overview/#pattern-comparison). ## [](#example-real-time-fraud-detection)Example: Real-time fraud detection This example shows a complete pipeline that analyzes every transaction with an agent. ### [](#pipeline-configuration)Pipeline configuration ```yaml # Fraud detection pipeline with score-based routing # Analyzes every transaction and routes to different topics based on fraud score input: redpanda: seed_brokers: ["${REDPANDA_BROKERS}"] topics: [transactions] consumer_group: fraud-detector tls: enabled: true sasl: - mechanism: SCRAM-SHA-256 username: "${REDPANDA_USERNAME}" password: "${REDPANDA_PASSWORD}" pipeline: processors: - branch: request_map: | root.transaction_id = this.id root.amount = this.amount root.merchant = this.merchant root.user_id = this.user_id processors: - a2a_message: agent_card_url: "${AGENT_CARD_URL}" prompt: | Analyze this transaction for fraud: Amount: ${! json("amount") } Merchant: ${! json("merchant") } User: ${! json("user_id") } Return JSON: { "fraud_score": 0-100, "reason": "explanation", "recommend_block": true/false } result_map: | root = this root.fraud_analysis = content().parse_json().catch({}) - mapping: | root = this meta fraud_score = this.fraud_analysis.fraud_score output: switch: cases: - check: 'meta("fraud_score") >= 80' output: redpanda: seed_brokers: ["${REDPANDA_BROKERS}"] topic: fraud-alerts-high tls: enabled: true sasl: - mechanism: SCRAM-SHA-256 username: "${REDPANDA_USERNAME}" password: "${REDPANDA_PASSWORD}" - check: 'meta("fraud_score") >= 50' output: redpanda: seed_brokers: ["${REDPANDA_BROKERS}"] topic: fraud-alerts-medium tls: enabled: true sasl: - mechanism: SCRAM-SHA-256 username: "${REDPANDA_USERNAME}" password: "${REDPANDA_PASSWORD}" - output: redpanda: seed_brokers: ["${REDPANDA_BROKERS}"] topic: transactions-cleared tls: enabled: true sasl: - mechanism: SCRAM-SHA-256 username: "${REDPANDA_USERNAME}" password: "${REDPANDA_PASSWORD}" ``` Replace `AGENT_CARD_URL` with your agent card URL. See [Agent card location](https://docs.redpanda.com/agentic-data-plane/connect/a2a-concepts/#agent-card-location). This pipeline: - Consumes every transaction from the `transactions` topic. - Sends each transaction to the fraud detection agent using `a2a_message`. - Routes transactions to different topics based on fraud score. - Runs continuously, analyzing every transaction in real time. ## [](#next-steps)Next steps - [How MCP Servers Work](https://docs.redpanda.com/agentic-data-plane/connect/mcp-overview/) - [Choose an Integration Pattern](https://docs.redpanda.com/agentic-data-plane/connect/integration-overview/) - [Connect Agents with A2A](https://docs.redpanda.com/agentic-data-plane/connect/a2a-concepts/) --- # Page 37: Register a Self-Managed MCP Server **URL**: https://docs.redpanda.com/agentic-data-plane/connect/register-remote.md --- # Register a Self-Managed MCP Server > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Register a Self-Managed MCP Server latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: register-remote page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: register-remote.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/register-remote.adoc description: Front your own MCP server with a managed Redpanda URL. Pick a transport, configure authentication, and let agents discover the server's tools through Redpanda. page-topic-type: how-to personas: platform_engineer, agent_builder learning-objective-1: Register a self-managed MCP server in ADP learning-objective-2: Pick the right transport (SSE vs. Streamable HTTP) and authentication mode learning-objective-3: Confirm tool discovery completed and the server is reachable through its proxy URL page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- Register your existing MCP server with Redpanda to add authentication, observability, and agent aggregation without changing your server’s code. This guide covers the self-managed path from [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/) in depth. Choose this when you already run a server and want Redpanda to proxy it. After completing this guide, you will be able to: - Register a self-managed MCP server in ADP - Pick the right transport (SSE vs. Streamable HTTP) and authentication mode - Confirm tool discovery completed and the server is reachable through its proxy URL ## [](#when-to-use-this)When to use this Choose self-managed registration when: - The MCP server is already deployed in your environment and you don’t want to migrate it to a managed type. - You need custom tool logic that no managed type provides. - You want a unified MCP URL (and Inspector / observability / agent access) across servers without standing up your own gateway. If you don’t already run a server, prefer a managed type. See [Managed catalog](https://docs.redpanda.com/agentic-data-plane/connect/managed/managed-catalog/) for the catalog. ## [](#prerequisites)Prerequisites - An MCP server reachable from the Agentic Data Plane. - The endpoint URL. `http://` is allowed for everything except user-delegated OAuth, which requires `https://` (proto rule `remote_mcp.user_oauth_requires_https`). - Knowledge of which transport the server speaks (SSE or Streamable HTTP). If you don’t know, see [Transport choice](#test-transport). - If using static-key or service-account-OAuth: secrets pre-created in the Redpanda ADP secret store, `UPPER_SNAKE_CASE` (proto regex `^[A-Z][A-Z0-9_]*$`). - If using user-delegated OAuth: an OAuth Provider already configured. See [User-delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/). ## [](#create-the-server)Create the server 1. Open **MCP Servers** in the sidebar and click **Create Server**. 2. In the marketplace picker, choose **Remote (Proxied)**. 3. Fill in the identity fields (`name`, `description`, `enabled`); same constraints as in [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/). 4. Provide the `URL` and `Transport`. 5. Configure authentication (see [Authentication](#authentication)). 6. Click **Create**. ## [](#test-transport)Transport choice Two transports are available on the proto enum `MCPTransport`: - **SSE**: Server-sent events. The traditional MCP transport. - **Streamable HTTP**: Newer bidirectional protocol. Pick whichever your server actually speaks. To probe a server quickly: ```bash # SSE handshake: expect a stream of `event:` lines on success. curl -N -H "Accept: text/event-stream" https://your-server.example.com/mcp/sse # Streamable HTTP: expect a JSON-RPC response on success. curl -X POST -H "Content-Type: application/json" \ -d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{}}' \ https://your-server.example.com/mcp ``` ## [](#authentication)Authentication The authentication modes from [create-server.adoc](https://docs.redpanda.com/agentic-data-plane/connect/create-server/#configure-authentication) all apply. Several patterns are particularly common for self-managed servers: | Pattern | Use when | | --- | --- | | Static key with a custom header | First-party servers that authenticate with a non-Authorization header. Provide a header_name (for example, X-Api-Key) and a key_ref pointing at a UPPER_SNAKE_CASE secret. | | Service-account OAuth | The upstream system supports OAuth client credentials and you want one shared identity for all callers. Provide client_id, client_secret_ref, token_url, and any required scopes. | | Token passthrough | The upstream server already validates client tokens; Redpanda just forwards the caller’s Authorization header. | For user-delegated OAuth, the URL must be `https://` and you also need an OAuth Provider. See [User-delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/). ## [](#tool-discovery)Tool discovery After create, Redpanda runs a live `tools/list` (the `ListMCPServerTools` RPC) against the server. The result is cached on the `MCPServer.tools` output-only field and shown on the detail page’s **Overview** tab. The **Inspector** tab (see [Test a server’s tools](https://docs.redpanda.com/agentic-data-plane/connect/test-tools/)) exercises individual [tools](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#tool). If the tools list is empty or stale, hit the **Refresh tools** action on the Overview tab to re-query the server. ## [](#connection-errors-and-retry)Connection errors and retry | Error | What it means | | --- | --- | | OAuthConnectionRequired | The user-delegated auth path needs a stored token vault entry for the calling user. Redpanda surfaces an authorize_url so the user can complete the consent flow. See User-delegated OAuth. | | OAuthTokenExpired | The user’s stored token has expired and refresh failed. Surface the new authorize URL and have the user re-consent. | | Plain connection error / 502 / 504 | Redpanda couldn’t reach your server. Look at the Connection tab on the detail page for the upstream error and check the connection-status banner. | ## [](#troubleshooting)Troubleshooting | Symptom | What to check | | --- | --- | | "Transport mismatch" or empty stream | Your server speaks the other transport. Re-probe with curl per Transport choice and update the Transport field on the server’s edit page. | | TLS errors when registering an https:// URL | Confirm the server’s certificate chains to a public CA (or the CA Redpanda’s egress trusts). Self-signed certs aren’t supported. | | 401 Unauthorized from the upstream | Authentication is misconfigured. For static-key or service-account-OAuth, verify the secret content and header_name. For token passthrough, confirm the caller is sending an Authorization header. | | Tool schema parse errors | The server returned a tools/list response with an invalid JSON schema for one or more tool inputs. Fix the upstream tool’s schema and refresh. | ## [](#next-steps)Next steps - [Configure User-Delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/) - [Code Mode](https://docs.redpanda.com/agentic-data-plane/gateway/code-mode/) --- # Page 38: Connect Remote MCP Clients **URL**: https://docs.redpanda.com/agentic-data-plane/connect/remote-mcp-clients.md --- # Connect Remote MCP Clients > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Connect Remote MCP Clients latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: remote-mcp-clients page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: remote-mcp-clients.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/remote-mcp-clients.adoc description: Connect external MCP clients (Claude Desktop, ChatGPT desktop, Gemini Apps) to MCP servers hosted in AI Gateway. Covers the architecture (MCP server, OAuth Provider, OAuth Client) and the OAuth flow that runs end-to-end. page-topic-type: how-to personas: agent_builder, platform_engineer, security_compliance_lead learning-objective-1: Register an OAuth Client in AI Gateway so an external chat app can authenticate users learning-objective-2: Wire a custom connector in Claude Desktop (or another chat client) to your MCP server learning-objective-3: Walk a user through the OAuth flow that runs end-to-end page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-15" --- External MCP clients (Claude Desktop, ChatGPT desktop, Gemini Apps, Cursor) connect to MCP servers hosted in AI Gateway by registering as OAuth clients. End-users get the MCP tools inside their preferred chat app, with Redpanda mediating both client-app authentication and upstream-system authentication. After completing this guide, you will be able to: - Register an OAuth Client in AI Gateway so an external chat app can authenticate users - Wire a custom connector in Claude Desktop (or another chat client) to your MCP server - Walk a user through the OAuth flow that runs end-to-end > ❗ **IMPORTANT** > > OAuth clients and OAuth providers govern _opposite directions_ of authentication and are separate resources. > > - An OAuth client (this page) governs _inbound_ authentication: an external chat app (Claude Desktop, ChatGPT, Copilot Studio, Cursor) authenticating to AI Gateway so its users can invoke MCP tools. > > - An OAuth provider governs _outbound_ authentication: AI Gateway authenticating to an upstream system (GitHub, Slack, Salesforce) on a user’s behalf when an MCP server uses user-delegated OAuth. > > > See [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/) for the outbound authentication side. ## [](#when-to-use-this)When to use this Use a remote MCP client connection when: - You want users to invoke MCP tools from inside Claude Desktop, ChatGPT desktop, Gemini Apps, or Cursor without writing custom integration code. - You already have, or are about to create, an MCP server (managed or self-managed) in AI Gateway. - End-users have accounts with the chat client and the upstream system you’re integrating with. Use a different approach when: - You need programmatic, server-side tool invocation. See [Connect your app to AI Gateway](https://docs.redpanda.com/agentic-data-plane/gateway/connect-agent/) for SDK-based access. - You need an in-house chat UI. Build against the AI Gateway’s MCP endpoints directly with the SDK of your choice. ## [](#architecture-how-the-resources-work-together)Architecture: How the resources work together Wiring a remote chat client to an MCP server uses three resources in AI Gateway: | Resource | Role | | --- | --- | | MCP server | The tool surface itself. Managed (Redpanda hosts it) or self-managed (you host it). See Create an MCP Server. | | OAuth Provider | Defines how AI Gateway authenticates against the upstream system on behalf of users (for example, GitHub) when the MCP server uses user-delegated OAuth. See Configure an OAuth Provider. Optional: only needed if the MCP server requires per-user upstream identity. | | OAuth Client | Defines how an external chat app (Claude Desktop, ChatGPT, Gemini, Cursor) authenticates against AI Gateway on behalf of users. The chat client gets a client_id + client_secret it uses to negotiate access tokens. This is what makes the chat-client integration possible. | Putting it together with a GitHub example: - The **MCP server** is a managed GitHub MCP, configured to use user-delegated OAuth. - The **OAuth Provider** points at GitHub’s OAuth endpoints; AI Gateway uses it to act as each user against GitHub. - The **OAuth Client** is registered for Claude Desktop; Claude Desktop uses it to act as each user against AI Gateway. When a user invokes a tool, AI Gateway runs both authentication handshakes: Claude to AI Gateway through the OAuth Client, then AI Gateway to GitHub through the OAuth Provider. ## [](#prerequisites)Prerequisites Before you wire up the chat-client connector, make sure you have: - An MCP server already created in AI Gateway. See [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/). - The MCP server’s `API URL`. Copy it from the server’s **Overview** tab. - For user-delegated MCP servers: An OAuth Provider configured for the upstream system. See [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/). - End-users have accounts with the chat client (Claude, ChatGPT, Gemini, Cursor) and the upstream system the MCP server connects to. ## [](#register-an-oauth-client-in-ai-gateway)Register an OAuth Client in AI Gateway Create an OAuth Client to give the chat app the credentials it needs to authenticate against AI Gateway: 1. Open **OAuth Clients** in the sidebar. The page lists every external tool registered to request access tokens from this gateway, with its `Name`, `Grant Types`, `Status`, and `Scopes`. 2. Click **Register Client**. 3. Pick a well-known client to prefill its redirect URIs and recommended scopes, or choose **Custom Client** to register one from scratch. The catalog includes **Claude.ai Custom Connectors**, **Claude Desktop**, **ChatGPT**, **Cursor**, **Windsurf**, **Visual Studio Code** (which also covers GitHub Copilot in VS Code), **Zed**, **Gemini CLI**, and **mcp-remote bridge** (a stdio-to-HTTP bridge for clients without native remote OAuth). For any client not in the catalog (for example, the Gemini consumer apps or Microsoft Copilot Studio), use **Custom Client** and paste the redirect URIs the tool publishes. 4. Fill in the form: | Field | Notes | | --- | --- | | Display name | Human-readable label shown in the UI and on the consent screen, for example Claude.ai Custom Connectors. | | Name | Machine identifier, and the OAuth client_id. Lowercase letters, numbers, and hyphens only. Immutable after creation. | | Logo URI | Optional HTTPS URL for a logo shown on the consent screen. | | Redirect URIs | The exact URIs the gateway redirects to after a user approves. Each chat client publishes its own; a well-known client prefills them. Multiple URIs are allowed. Claude.ai, for example, uses two: https://claude.ai/api/mcp/auth_callback and https://claude.ai/api/organizations/custom-connectors/oauth/callback; Claude Desktop uses http://127.0.0.1:54545/callback. | | Allowed MCP Resources | Which MCP servers this client may request tokens for. Defaults to (any MCP server hosted on this gateway). Click *Restrict to limit the client to specific MCP resource URLs. | | Grant Types | Authorization Code (RFC 6749 §4.1) and Refresh Token (RFC 6749 §6, rotating single-use). This is the standard combination for browser-based chat clients with long-lived tokens. | | Token Endpoint Auth Method | How the client authenticates to the token endpoint: Client Secret (Basic) (default), Client Secret (POST), or None (PKCE only) for public clients that can’t store a secret. | | Require PKCE | Strongly recommended and enforced by default (RFC 7636). Adds an extra layer of security to the consent flow. | | Enabled | Whether the client can start new consent flows. Disabled clients reject new flows. | 5. Click **Register Client**. On submit, AI Gateway mints the `client_id`. Confidential clients (those using a Client Secret authentication method) also receive a `client_secret`, **shown only once**. Copy it immediately. The OAuth Server Endpoints panel shows the `Authorization Endpoint` and `Token/Refresh Endpoint` (under `/oauth/idp/`) and the `mcp` scope; paste these into the external app’s OAuth configuration. ## [](#wire-up-claude)Wire up Claude Anthropic supports custom MCP connectors in Claude.ai (web), Claude Desktop, and the Claude organization-settings UI. The setup flow is the same in each: 1. Open **Settings > Connectors** (or **Customize > Connectors** in newer builds; Anthropic surfaces a _Connectors have moved to Customize_ notice during the migration). 2. Click **Add custom connector**. 3. Fill in the connector details: | Field | Value | | --- | --- | | Name | Anything that helps the user identify the connector (for example, Redpanda GitHub). Surfaces in Claude’s tool list. | | Remote MCP server URL | The MCP server’s API URL from AI Gateway. Format: https://aigw..clusters.rdpa.co/mcp/v1/. | | OAuth client ID (optional, under Advanced settings) | The Client ID from the AI Gateway OAuth Client. Required for any MCP server that requires authentication. Leave blank only for public MCP servers that don’t require authentication. | | OAuth client secret (under Advanced settings) | The Client Secret from the AI Gateway OAuth Client. Required whenever Client ID is set. | 4. Click **Add**. The connector appears in the Connectors list with a `CUSTOM` badge. 5. Click **Connect** on the new connector row. Claude opens a browser tab pointed at AI Gateway’s authorization endpoint. Sign in with your AI Gateway identity provider. Once approved, the connector becomes invokable in any conversation. > 📝 **NOTE** > > Anthropic’s modal warns that connectors are user-trust-based; Anthropic doesn’t control which tools developers expose. If you’re publishing a connector for end-users, document the upstream system and scopes clearly so users know what they’re authorizing. ## [](#wire-up-other-chat-clients)Wire up other chat clients The flow mirrors Claude Desktop. **ChatGPT**, **Cursor**, **Windsurf**, **Visual Studio Code**, **Zed**, **Gemini CLI**, and **mcp-remote bridge** have catalog presets in the **Register Client** flow that prefill their redirect URIs; the others use a **Custom Client**. The exact menu paths and field labels differ by client: - **ChatGPT desktop**: Recent builds support remote MCP custom connectors. Confirm the latest menu path; OpenAI iterates on this surface. - **Cursor**: Supports remote MCP servers in recent builds. - **Windsurf**: Supports remote MCP servers in recent builds. - **Visual Studio Code**: Built-in MCP support, shared with GitHub Copilot in VS Code. Has a catalog preset. - **Zed**: Supports remote MCP server OAuth. Has a catalog preset. - **Gemini CLI**: Supports MCP server OAuth. Has a catalog preset. This is the command-line tool, distinct from the consumer Gemini apps, which use a **Custom Client**. - **mcp-remote bridge**: For stdio-only MCP clients bridged through `npx mcp-remote `. Has a catalog preset. - **Gemini apps**: Recent builds support remote MCP custom connectors. Register through **Custom Client**. - **Microsoft Copilot Studio**: Recent builds support remote MCP custom connectors registered against an external OAuth 2.0 authorization server. Register through **Custom Client**, and add Copilot Studio’s published redirect URIs to the AI Gateway OAuth Client before connecting. The required inputs are the same as Claude Desktop: connector name, MCP URL, Client ID, Client Secret. The chat client’s redirect URIs must be registered on the AI Gateway OAuth Client. ## [](#the-oauth-flow)The OAuth flow When a user calls a tool that needs upstream access, two OAuth handshakes run end-to-end. Most users only see the second one (and only on the very first tool call). ### [](#chat-client-connects-to-ai-gateway)Chat client connects to AI Gateway This handshake runs **once per user** when the connector is first added. 1. The user clicks **Connect** in the chat client. 2. The chat client opens a browser tab at the AI Gateway authorization endpoint, parameterized with the OAuth Client’s `client_id` and one of the registered redirect URIs. 3. AI Gateway authenticates the user against the configured IdP (Auth0 today, Zitadel later) and presents an Authorize access consent screen. The screen shows: - The OAuth Client’s name (for example, _Claude (GitHub Read demo) wants to access your data_). - The **Resource** being authorized: The MCP server name and URL. - The **Requested permissions**: The gateway’s internal scopes for this handshake (`mcp` and `offline_access`). These are **not** the upstream system’s scopes; the upstream’s scopes appear during the next handshake. - A footer reminding the user that they can revoke access from their **Connections** page in ADP. 4. The user clicks **Allow**. AI Gateway redirects the chat client back to the redirect URI with an authorization code. 5. The chat client exchanges the code for an access token and a refresh token, and stores them locally in its credential store. 6. Subsequent calls to AI Gateway send the access token in `Authorization: Bearer …​`. The chat client refreshes the token automatically when it expires. ### [](#ai-gateway-connects-to-the-upstream-system)AI Gateway connects to the upstream system (Only for user-delegated MCP servers.) This handshake runs **once per user, per upstream**. For an MCP server using user-delegated OAuth (GitHub, Slack, Atlassian, Workday, and so on): 1. The user invokes a tool that requires upstream authentication. 2. AI Gateway has no stored upstream token for this user yet. The MCP protocol returns a `FAILED_PRECONDITION` response with an `OAuthConnectionRequired` error detail. The detail carries an `authorize_url` pointing at AI Gateway’s OAuth bridge for the configured upstream provider, for example: `https://aigw..clusters.rdpa.co/oauth/v1/authorize?provider_name=github&scopes=read:user,repo`. 3. The chat client renders the link in its response to the user. Inside Claude this appears as a hyperlinked URL with prose telling the user to authorize the upstream connection (for example, _Authorize the GitHub connection first_) before retrying. 4. The user clicks the link. AI Gateway redirects them to the **upstream system’s own OAuth consent page** (for example, GitHub’s standard authorization UI) listing the requested repositories and scopes. 5. The user clicks **Authorize** on the upstream’s consent page. The upstream redirects back to AI Gateway with an authorization code. AI Gateway exchanges the code for a token and stores it in its token vault under the user’s identity. 6. The user tells the chat client they’ve connected. The chat client retries the original tool call, which now succeeds. Subsequent calls reuse the stored upstream token automatically. After both steps complete, the user can invoke any tool on the MCP server transparently. They re-consent only if scopes change or the refresh tokens expire. > 📝 **NOTE** > > Claude (and other chat clients) layer their own **per-tool consent prompts** on top of the OAuth flow described here. The first time a connector tries to invoke a specific tool, Claude shows a prompt of the form _Claude wants to use {tool\_name} from {connector\_name}_ with **Always allow** / **Deny** buttons. This is the chat client’s own user-trust UX, not an additional AI Gateway authentication step. Once a user picks **Always allow** for a tool, Claude won’t prompt again for that tool from that connector. > 📝 **NOTE** > > If the MCP server uses a service-account authentication mode instead of user-delegated OAuth, only Step 1 runs. AI Gateway calls the upstream with one shared identity and the user never sees the upstream consent flow. ## [](#manage-and-rotate)Manage and rotate Maintain registered OAuth Clients without re-creating them: - **List registered clients**: Open **OAuth Clients** in the sidebar. Each row shows the Name, Grant Types, Status, and Scopes. - **Edit a client**: Change the display name, logo URI, redirect URIs, allowed MCP resources, grant types, or token endpoint authentication method. The `client_id` is immutable; delete and recreate the client if you need a new one. - **Reissue the secret**: The Client Secret is shown only once at creation and can’t be regenerated in place. To issue a new secret, delete and recreate the client, then update every chat client that used it. - **Revoke all tokens**: Invalidate every refresh token AI Gateway has issued under this client without deleting the client itself (see [Revoke all tokens](#revoke-all-tokens)). - **Delete a client**: Invalidates every active token issued under it. Token revocation runs automatically as part of delete, so users connected through this client are signed out immediately. Every chat-client connector that depends on this OAuth Client breaks until reconfigured against a replacement. ### [](#revoke-all-tokens)Revoke all tokens Revoking all tokens invalidates every refresh token AI Gateway has issued under an OAuth Client. Use it when you need to force every connected user to sign in again, for example, after a leaked Client Secret, an offboarding event, or a policy change that warrants re-consent. Revoke from the UI: 1. Open **OAuth Clients** in the sidebar and click the client whose tokens you want to revoke. 2. On the client detail page, click **Revoke all tokens**. 3. Confirm the action. Revoke from the CLI: ```bash rpk ai oauth-client revoke-tokens ``` The command prints the number of tokens it revoked, for example `Revoked 12 tokens for OAuth client claude-desktop`. The action is idempotent: a second invocation returns `Revoked 0 tokens for OAuth client claude-desktop` and exits 0. > 📝 **NOTE** > > Already-issued **short-lived access tokens** may continue to work until their natural expiry, typically a few minutes. The revocation invalidates **refresh tokens**, so once the access token expires, the chat client cannot mint a new one and the user is forced to re-authenticate. When AI Gateway auto-revokes tokens (on Client deletion or on lifecycle events that imply a hard cut), the same flow runs server-side without the explicit CLI or button click. Deletion revokes tokens at both levels. Deleting an OAuth client revokes that client’s refresh tokens. Deleting an upstream OAuth provider revokes every active token issued for that provider across all users before it removes the provider config. ## [](#troubleshooting)Troubleshooting Common symptoms and fixes: | Symptom | What to check | | --- | --- | | Couldn’t connect to MCP server or connector setup fails immediately | The MCP URL is wrong, or the Client ID + Client Secret don’t match an OAuth Client. Confirm the API URL on the MCP server’s Overview tab and the credentials on the OAuth Client’s detail page. | | redirect_uri_mismatch during the connect flow | The chat client’s callback URL isn’t registered on the OAuth Client. Add the URL the chat client publishes (Claude Desktop has two; check Claude’s docs for the current set). | | Connector authorized but no tools appear | The MCP server has zero tools, or tools/list failed at connection time. Open the server in the Inspector to confirm tools are discovered. See Test a server’s tools. | | Tool call returns an authorize link to the user | First call from a user with no stored upstream token. The user follows the link, completes upstream consent, and the call retries automatically (Step 2 of the flow above). | | scope_upgrade_required from a tool call | The MCP server’s required_scopes was extended after the user consented at the upstream. The user re-consents at the upstream with the higher scope. | | 401 Unauthorized from every call after working previously | The chat client’s access token expired and the refresh token also expired (or the OAuth Client secret was rotated). Disconnect the connector and re-add it to mint fresh tokens. | ## [](#limitations)Limitations - **No Dynamic Client Registration (RFC 7591)**: AI Gateway does not support OAuth 2.0 Dynamic Client Registration today. Every external MCP client must be registered manually through the **OAuth Clients** page or the `rpk ai oauth-client` CLI before its first connection attempt. MCP clients that **only** support DCR (some experimental connector builds) cannot connect to AI Gateway until a corresponding OAuth Client is registered by an admin. See [Register an OAuth Client](#register-an-oauth-client-in-ai-gateway) for the manual flow. This page does not cover: - **Custom desktop or mobile UIs**: Build against the AI Gateway MCP endpoints directly using your platform’s HTTP client; you don’t need an OAuth Client unless you want the same external-app flow. - **Agent-to-agent calls (A2A)**: See the Agents docs; remote MCP clients are end-user-facing. - **MCP server authoring**: See [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/) for the server side. ## [](#next-steps)Next steps - [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/) - [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/) - [User-delegated OAuth](https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth/) --- # Page 39: Write Effective System Prompts **URL**: https://docs.redpanda.com/agentic-data-plane/connect/system-prompts.md --- # Write Effective System Prompts > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Write Effective System Prompts latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: system-prompts page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: system-prompts.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/system-prompts.adoc description: Write system prompts that produce reliable, predictable agent behavior through clear constraints and tool guidance. page-topic-type: best-practices personas: agent_builder learning-objective-1: Identify effective system prompt patterns for agent reliability learning-objective-2: Apply constraint patterns to prevent unintended agent behavior learning-objective-3: Evaluate system prompts for clarity and completeness page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-09" --- Write system prompts that produce reliable, predictable agent behavior. Good prompts define scope, specify constraints, and guide tool usage. After reading this page, you will be able to: - Identify effective system prompt patterns for agent reliability - Apply constraint patterns to prevent unintended agent behavior - Evaluate system prompts for clarity and completeness ## [](#role-definition)Role definition Define what your agent does and the boundaries of its responsibilities. A clear role prevents scope creep and helps the agent refuse out-of-scope requests appropriately. ### [](#be-specific-about-agent-identity)Be specific about agent identity Define what the agent does, not what it is. Do ```text You are an order fulfillment agent for an e-commerce platform. You help customers track orders, update shipping addresses, and process returns. ``` Don’t ```text You are a helpful assistant. ``` ### [](#define-what-the-agent-does-and-doesnt-do)Define what the agent does and doesn’t do Explicitly state boundaries: what tasks the agent handles, what tasks it should refuse or delegate, and when to ask for human assistance. ```text Responsibilities: - Track customer orders - Update shipping addresses - Process returns up to $500 Do not: - Provide product recommendations (redirect to website) - Process refunds above $500 (escalate to manager) - Access orders from other customers ``` ## [](#tool-specification)Tool specification Tell the agent which tools are available and when to use them. Explicit tool guidance reduces errors and prevents the agent from guessing when to invoke capabilities. ### [](#list-available-tools)List available tools Name each tool the agent can use: ```text Available tools: - get_customer_orders: Retrieve order history for a customer - update_order_status: Change order state (shipped, delivered, canceled) - calculate_refund: Compute refund amount based on return policy ``` ### [](#explain-when-to-use-each-tool)Explain when to use each tool Provide decision criteria for tool selection. Do ```text Use get_customer_orders when: - Customer asks about order history - You need order details to answer a question Use update_order_status only when: - Customer explicitly requests a cancellation - You have confirmed the order is eligible for status changes ``` Don’t ```text Use the tools as needed. ``` ## [](#constraints-and-safety)Constraints and safety Set explicit boundaries to prevent unintended agent behavior. ### [](#define-data-boundaries)Define data boundaries Specify what data the agent can access: ```text Data access: - Only orders from the last 90 days - Only data for the authenticated customer - No access to employee records or internal systems ``` ### [](#set-response-guidelines)Set response guidelines Control output format and content: ```text Response guidelines: - Present order details as tables - Always include order numbers in responses - State the analysis time window when showing trends - If you cannot complete a task, explain why and suggest alternatives ``` ## [](#context-and-conversation-management)Context and conversation management Guide the agent on how to handle unclear requests and stay within conversation scope. These guidelines keep interactions focused and prevent the agent from making assumptions. ### [](#handle-ambiguous-requests)Handle ambiguous requests Guide the agent on how to clarify: ```text When request is unclear: 1. Ask clarifying questions 2. Suggest common interpretations 3. Do not guess customer intent ``` ### [](#define-conversation-boundaries)Define conversation boundaries Set limits on conversation scope: ```text Conversation scope: - Answer questions about orders, shipping, and returns - Do not provide product recommendations (redirect to website) - Do not engage in general conversation unrelated to orders ``` ## [](#error-handling)Error handling Guide agents to handle failures gracefully through clear prompt instructions. Agent errors fall into these categories: tool failures (external system issues) and reasoning failures (agent confusion or limits). ### [](#tool-failure-types)Tool failure types Tools can fail for multiple reasons. Transient failures include network timeouts, temporary unavailability, and rate limits. Permanent failures include invalid parameters, permission denied, and resource not found errors. Partial failures occur when tools return incomplete data or warnings. ### [](#graceful-degradation)Graceful degradation Design prompts so agents continue when tools fail: Example prompt guidance for graceful degradation ```text When a tool fails: 1. Attempt an alternative tool if available 2. If no alternative exists, explain the limitation 3. Offer partial results if you retrieved some data before failure 4. Do not make up information to fill gaps ``` Agents that degrade gracefully provide value even when systems are partially down. Implement retries in tools, not in agent prompts. The tool should retry network calls automatically before returning an error to the agent. ### [](#escalation-patterns)Escalation patterns Some failures require human intervention. Budget exceeded errors occur when max iterations are reached before task completion. Insufficient tools means no tool is available for the required action. Ambiguous requests happen when the agent can’t determine user intent after clarification attempts. Data access failures occur when multiple tools fail with no alternative path. Design prompts to recognize escalation conditions: Example prompt guidance for escalation ```text When you cannot complete the task: 1. Explain what you tried and why it didn't work 2. Tell the user what information or capability is missing 3. Suggest how they can help (provide more details, contact support, and so on) ``` ### [](#common-error-scenarios)Common error scenarios Include guidance for specific error types in your system prompt: **Timeout during tool execution:** When a tool takes longer than the agent timeout limit, the agent receives a timeout error in context. The agent should explain the delay to the user and suggest a retry. **Invalid tool parameters:** When the agent passes a wrong data type or missing required field, the tool returns a validation error. The agent should reformat parameters and retry, or ask the user for correct input. **Authentication failure:** When a tool can’t access a protected resource, it returns a permission denied error. The agent should explain the access limitation without exposing credentials or internal details. ## [](#output-formatting)Output formatting Control how the agent presents information to users. Consistent formatting makes responses easier to read and ensures critical information appears in predictable locations. ### [](#specify-structure)Specify structure Define how the agent presents information: ```text Output format: - Use tables for multiple items - Use bulleted lists for steps or options - Use code blocks for tracking numbers or order IDs - Include units (dollars, kilograms) in all numeric values ``` ## [](#evaluation-and-testing)Evaluation and testing Test system prompts systematically to verify behavior matches intent. Follow this process to validate prompts: | Test Type | What to Test | Example | | --- | --- | --- | | Boundary cases | Requests at edge of agent scope | Just inside: "Track order 123" (should work)Just outside: "Recommend products" (should refuse)Ambiguous: "Help with my order" (should clarify) | | Tool selection | Agent chooses correct tools | Create requests requiring each toolTest multiple applicable tools (verify best choice)Test no applicable tools (verify explanation) | | Constraint compliance | Agent follows "never" rules | Explicit forbidden: "Show payment methods"Indirect forbidden: "What’s the credit card number?"Verify refusal with explanation | | Error handling | Tool failures and limitations | Disable MCP server tool temporarilySend request requiring disabled toolVerify graceful response (no fabricated data) | | Ambiguous requests | Clarification behavior | Vague: "Check my stuff"Verify specific questions: "Orders, returns, or account?"Ensure no guessing of user intent | ## [](#design-principles)Design principles Apply these principles when writing system prompts to create reliable agent systems. ### [](#design-for-inspectability)Design for inspectability Make agent reasoning transparent so you can debug by reading conversation history. Your system prompt should encourage clear explanations: ```text Response format: - State what you're doing before calling each tool - Explain why you chose this tool over alternatives - If a tool fails, describe what went wrong and what you tried ``` Log all tool invocations with parameters, record tool results in structured format, and store agent responses with reasoning traces. Opaque agents that "just work" are impossible to fix when they break. ### [](#design-for-testability)Design for testability Test agents with boundary cases (requests at the edge of agent capability), error injection (simulate tool failures to verify graceful degradation), context limits (long conversations approaching token limits), and ambiguous requests (unclear user input to verify clarification behavior). Use the systematic testing approach in [Evaluation and testing](#evaluation-and-testing). ### [](#design-for-cost-control)Design for cost control Write clear system prompts that reduce wasted iterations. Vague prompts cause agent confusion and unnecessary tool calls. Each wasted iteration costs tokens. Guide agents to: - Request only needed data from tools (use pagination, filters) - Avoid redundant tool calls (check context before calling) - Stop when the task completes (don’t continue exploring) For cost management strategies including iteration limits and monitoring, see [Understand Agent Concepts](https://docs.redpanda.com/agentic-data-plane/connect/concepts/). ## [](#example-system-prompt-with-best-practices)Example: System prompt with best practices This complete example demonstrates all the patterns described in this guide: ```text You are an order analytics agent for Acme E-commerce. Responsibilities: - Answer questions about customer order trends - Analyze order data from Redpanda topics - Provide insights on order patterns Available tools: - get_customer_orders: Retrieve order history (parameters: customer_id, start_date, end_date) - analyze_recent_orders: Compute order statistics (parameters: time_window, group_by) When to use tools: - Use get_customer_orders for individual customer queries - Use analyze_recent_orders for trend analysis across multiple orders Never: - Expose customer payment information or addresses - Analyze data older than 90 days unless explicitly requested - Make business recommendations without data to support them Data access: - Only orders from the authenticated customer account - Maximum of 90 days of historical data Response guidelines: - Present structured data as tables - Always state the analysis time window - Include order counts in trend summaries - If data is unavailable, explain the limitation When request is unclear: - Ask which time period to analyze - Confirm whether to include canceled orders - Do not assume customer intent ``` ## [](#common-anti-patterns)Common anti-patterns Avoid these patterns that lead to unpredictable agent behavior. ### [](#vague-role-definition)Vague role definition Define specific agent responsibilities and scope. Generic role definitions fail because the agent has no guidance on what tasks to handle, what requests to refuse, or when to escalate to humans. Don’t ```text You are a helpful AI assistant. ``` This doesn’t constrain behavior or set expectations. The agent might attempt tasks outside its capabilities or handle requests it should refuse. Do ```text You are an order fulfillment agent for an e-commerce platform. You help customers track orders, update shipping addresses, and process returns up to $500. Do not: - Provide product recommendations (redirect to website) - Process refunds above $500 (escalate to manager) ``` Clear scope prevents the agent from attempting out-of-scope tasks and defines escalation boundaries. ### [](#missing-constraints)Missing constraints Set explicit boundaries on data access and operations. Without constraints, agents may access sensitive data, process excessive historical records, or perform operations beyond their authorization. Don’t ```text You can access customer data to help answer questions. ``` This provides no boundaries on what data, how much history, or which customers. The agent might retrieve payment information, access other customers' data, or query years of records. Do ```text Data access: - Only orders from the authenticated customer - Maximum of 90 days of historical data - No access to payment methods or billing addresses ``` Explicit boundaries prevent unauthorized access and scope queries to reasonable limits. ### [](#implicit-tool-selection)Implicit tool selection Specify when to use each tool with clear decision criteria. Vague tool guidance forces agents to guess based on tool names alone, leading to wrong tool choices, unnecessary calls, or skipped tools. Don’t ```text Use the available tools to complete tasks. ``` The agent must guess which tool applies when. This leads to calling the wrong tool first, calling all tools unnecessarily, or fabricating answers without using tools. Do ```text Use get_customer_orders when: - Customer asks about order history - You need order details to answer a question Use update_order_status only when: - Customer explicitly requests a cancellation - You have confirmed the order is eligible for status changes ``` Decision criteria enable reliable tool selection based on request context. ## [](#next-steps)Next steps - [Redpanda ADP Quickstart](https://docs.redpanda.com/agentic-data-plane/get-started/adp-quickstart/) - [How MCP Servers Work](https://docs.redpanda.com/agentic-data-plane/connect/mcp-overview/) --- # Page 40: Test an MCP Server’s Tools with the Inspector **URL**: https://docs.redpanda.com/agentic-data-plane/connect/test-tools.md --- # Test an MCP Server’s Tools with the Inspector > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Test an MCP Server’s Tools with the Inspector latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: test-tools page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: test-tools.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/test-tools.adoc description: Use the Inspector tab to call tools, inspect resources and prompts, and verify your MCP server works without standing up an agent. page-topic-type: how-to personas: agent_builder learning-objective-1: Run an MCP tool from the Inspector and read its response learning-objective-2: Inspect resources, prompts, and call history learning-objective-3: Diagnose common errors (missing authentication, scope upgrade required, transport mismatch) before pointing an agent at the server page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- Verify that your MCP server’s [tools](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#tool), [resources](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#resource), and [prompts](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#prompt) work correctly before agents depend on them. The Inspector runs on the same JSON-RPC connection agents use, so a passing test means fewer failed tool calls in production. Use the Inspector after creating a server or whenever you change a tool’s schema. After completing this guide, you will be able to: - Run an MCP tool from the Inspector and read its response - Inspect resources, prompts, and call history - Diagnose common errors (missing authentication, scope upgrade required, transport mismatch) before pointing an agent at the server ## [](#when-to-use-the-inspector)When to use the Inspector - After creating or registering a server, to confirm tool discovery completed and tools run correctly. - While iterating on a self-managed server, to test schema changes against a live connection. - When debugging an agent failure, to isolate whether the issue is in the agent or in the MCP server itself. ## [](#open-the-inspector)Open the Inspector 1. Open **MCP Servers** in the sidebar and click into your server. 2. Switch to the **Inspector** tab. The Inspector has four panels: **Tools**, **Resources**, **Prompts**, and **Session**. ## [](#tools-panel)Tools panel The Tools panel lists every tool the server returned from `tools/list`. 1. Select a tool from the list. The right-hand pane renders a form from the tool’s input JSON schema. 2. Fill in the form fields. 3. Click **Run**. The response appears below the form. If the tool returns an error, the response pane shows the structured error detail. See [Common errors](#errors) for what each common error means. ### [](#code-mode-tools)Code-mode tools If the server has **Code mode** enabled, the Tools panel also lists `{name}_search` and `{name}_execute` alongside the server’s regular tools. These are the helpers an agent uses to discover and orchestrate tools through generated Python or JavaScript. Test them like any other tool. ## [](#resources-panel)Resources panel The Resources panel lists any resources the server exposes through `resources/list`. Many MCP servers don’t expose resources at all: if the panel is empty, that’s fine. If your server does expose resources: 1. Click a resource to load its content into the right-hand pane. 2. The Inspector renders text, JSON, and binary types differently; binary types show a download link. ## [](#prompts-panel)Prompts panel The Prompts panel lists any prompt templates the server exposes through `prompts/list`. Prompt templates are parameterized prompts an agent can invoke by name. As with resources, many servers don’t expose prompts. If your server does expose prompts: 1. Click a prompt to render its template. 2. Fill in any required parameters in the rendered form. 3. Click **Run** to see the rendered prompt content. ## [](#session-panel)Session panel The Session panel keeps a running history of every call you’ve made through the Inspector: request, response, latency. Use it to: - Replay a previous call by clicking it in the history list. - Diff two responses side-by-side (useful when iterating on a tool’s logic). - Copy a request as JSON-RPC for use outside the Inspector. ## [](#errors)Common errors | Error | Meaning and fix | | --- | --- | | OAuthConnectionRequired | User-delegated auth has no stored token for the calling user. Redpanda includes an authorize_url in the error detail; complete the consent flow per User-delegated OAuth. | | OAuthTokenExpired | Stored token is expired and refresh failed. Re-consent through Connections. | | scope_upgrade_required | The user’s connection lacks one of the server’s required_scopes. Re-consent with the higher scope. | | Transport / connection error | The Inspector can’t reach the upstream. For self-managed servers, check the Connection tab on the detail page; verify the URL and transport choice. | | Tool input validation error | The form’s input doesn’t match the tool’s schema. The error message includes the offending field. Update and re-run. | ## [](#test-from-the-cli)Test from the CLI Use [`rpk ai`](https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai/) for the same tool calls outside the UI, when scripting smoke tests or running checks from CI. ```bash # List every tool exposed by a server rpk ai mcp tools list # Call a tool with a JSON arg blob rpk ai mcp tools call --input '{"arg1":"value"}' # Get server detail; includes the tool list by default. Add --no-tools # to skip discovery (faster when you only want metadata). rpk ai mcp get ``` The command resolves the gateway URL from your active rpk cloud profile and reads the cached `rpk cloud login` token. See [Connect your app to AI Gateway](https://docs.redpanda.com/agentic-data-plane/gateway/connect-agent/) for installation and profile setup. ## [](#next-steps)Next steps - [Code Mode](https://docs.redpanda.com/agentic-data-plane/gateway/code-mode/) - [Create an Agent](https://docs.redpanda.com/agentic-data-plane/connect/create-agent/) --- # Page 41: Connect an Agent to Microsoft Teams **URL**: https://docs.redpanda.com/agentic-data-plane/connect/triggers/microsoft-teams.md --- # Connect an Agent to Microsoft Teams > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Connect an Agent to Microsoft Teams latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: triggers/microsoft-teams page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: triggers/microsoft-teams.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/triggers/microsoft-teams.adoc description: Add a Microsoft Teams trigger to a deployed agent so people in your organization can chat with it in a personal Teams chat. page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Register a Microsoft Teams bot and configure its Azure app registration for single-tenant access learning-objective-2: Add a Microsoft Teams trigger to an agent and copy its messaging endpoint learning-objective-3: Publish the bot to your organization and verify the agent responds in a Teams chat page-git-created-date: "2026-06-02" page-git-modified-date: "2026-06-11" --- A Microsoft Teams trigger connects a deployed agent to Microsoft Teams so people in your organization can chat with it in a personal Teams chat. Replies stream back into the chat as the agent produces them, and the agent receives the message sender’s verified email address, so it can identify the user. The setup spans three systems: the Microsoft Teams Developer Portal hosts the bot and the Teams app, the Azure portal holds the bot’s authentication settings and permissions, and Redpanda Cloud holds the agent’s trigger. After reading this page, you will be able to: - Register a Microsoft Teams bot and configure its Azure app registration for single-tenant access - Add a Microsoft Teams trigger to an agent and copy its messaging endpoint - Publish the bot to your organization and verify the agent responds in a Teams chat ## [](#prerequisites)Prerequisites - A deployed agent in Redpanda Cloud. If you don’t have one, see [Create an Agent](https://docs.redpanda.com/agentic-data-plane/connect/create-agent/). - Microsoft Entra admin access for your organization. Granting API permission consent and approving the Teams app require an admin. - Access to the [Teams Developer Portal](https://dev.teams.microsoft.com) and the [Teams admin center](https://admin.teams.microsoft.com). > 📝 **NOTE** > > Microsoft and Redpanda each need a value from the other: Redpanda needs the bot credentials before it can show the messaging endpoint URL, and the bot needs that URL to finish its setup. In this guide, you create the bot first without an endpoint, add the trigger in Redpanda to get the URL, and then return to Microsoft to finish. > > The Microsoft steps refer to a third-party product. Specific UI elements may not be up to date. For current instructions, see the [Microsoft Teams Developer Portal documentation](https://learn.microsoft.com/en-us/microsoftteams/platform/concepts/build-and-test/teams-developer-portal). ## [](#create-a-bot-in-the-teams-developer-portal)Create a bot in the Teams Developer Portal 1. Go to the [Teams Developer Portal](https://dev.teams.microsoft.com/tools) and open **Tools** > **Bot management**. 2. Click **New bot**, enter a name, and create it. ![The Bot management page in the Teams Developer Portal](https://docs.redpanda.com/agentic-data-plane/connect/_images/teams-devportal-bots.png) 3. Leave the endpoint address blank for now. You get the URL from Redpanda later. ## [](#generate-a-client-secret)Generate a client secret In the bot’s settings: 1. Click **Client secrets**. 2. Click **New client secret**. 3. Copy the generated secret value and store it securely. The value is shown only when you create it. ![The Client secret created dialog in the Teams Developer Portal](https://docs.redpanda.com/agentic-data-plane/connect/_images/teams-devportal-secret.png) You now have two values from the Teams side: the bot ID, shown in the bot list, and the client secret you just generated. The bot ID and the application (client) ID of the bot’s app registration are the same value. > 💡 **TIP** > > If you can’t create another client secret in the Teams Developer Portal, open the bot’s app registration in the Azure portal and create one under **Certificates & secrets** instead. ## [](#configure-the-app-registration-in-azure)Configure the app registration in Azure Creating a bot in the Teams Developer Portal also creates a matching app registration in Microsoft Entra. Adjust its settings. ### [](#find-the-app-registration)Find the app registration 1. In the [Azure portal](https://portal.azure.com), search for **App registrations**. 2. Open the **Owned applications** tab and select your bot’s app registration. 3. On the **Overview** page, note the application (client) ID and the directory (tenant) ID. You need both when you add the trigger. ![The Essentials pane of an app registration in the Azure portal](https://docs.redpanda.com/agentic-data-plane/connect/_images/azure-app-overview.png) ### [](#set-the-account-type-to-single-tenant)Set the account type to single-tenant > ❗ **IMPORTANT** > > The app registration must be single-tenant. A multi-tenant configuration causes 401 authorization errors on every inbound message. If the bot stops responding after setup, check this first. Changes can take up to 60 minutes to propagate. 1. In the app registration, open **Authentication**. 2. On the **Supported accounts** tab, select the single-tenant option for the supported account types. Depending on the portal experience, it is labeled **Single tenant only** or **Accounts in this organizational directory only**. ![The Supported accounts tab of the app registration’s Authentication page in the Azure portal](https://docs.redpanda.com/agentic-data-plane/connect/_images/azure-supported-accounts.png) 3. Save. ### [](#add-microsoft-graph-permissions)Add Microsoft Graph permissions The trigger uses the bot’s own credentials to look up the message sender’s email address in Microsoft Graph and passes it to the agent as the user identity. This lookup runs as a background service, so it requires application permissions, not delegated permissions. 1. In the app registration, open **API permissions**. 2. Click **Add a permission** and select **Microsoft Graph**. 3. Select **Application permissions**. 4. Add each of these permissions: | Permission | Purpose | | --- | --- | | User.ReadBasic.All | Resolve the sender’s email address from their Microsoft Entra object ID. | | Chat.Read.All | Read chat messages, as required by Teams. | | Chat.ReadBasic.All | Read chat metadata, as required by Teams. | 5. Click **Grant admin consent**. The button includes your organization’s name. The status of each permission changes from **Not granted** to **Granted**. ![The Configured permissions table on the app registration’s API permissions page](https://docs.redpanda.com/agentic-data-plane/connect/_images/azure-api-permissions.png) > 📝 **NOTE** > > Granting admin consent requires a Microsoft Entra admin role, such as Global Administrator or Privileged Role Administrator. If the button is unavailable, ask an admin to grant consent. ## [](#add-the-microsoft-teams-trigger-to-your-agent)Add the Microsoft Teams trigger to your agent 1. In Redpanda Cloud, open your agent’s **Triggers** tab. 2. Click **Add trigger** and select **Microsoft Teams**. 3. Fill in the trigger configuration: | Field | Value | | --- | --- | | Display name | A name for this trigger, for example, Production bot. The trigger’s unique ID is derived from it at creation and can’t be changed afterward. | | Application (client) ID | The application (client) ID from the app registration Overview page. | | Directory (tenant) ID | The directory (tenant) ID from the app registration Overview page. | | Client secret | A reference to a secret in the secret store that holds the client secret you generated. Select Existing to pick one, or New to name the secret, paste the value, and click Create secret. Only the reference is kept on the trigger. | ![The New Microsoft Teams trigger form with display name](https://docs.redpanda.com/agentic-data-plane/connect/_images/teams-trigger-form.png) 4. Click **Add trigger**. A confirmation panel explains the remaining setup. ![The Trigger added panel](https://docs.redpanda.com/agentic-data-plane/connect/_images/teams-trigger-added.png) ## [](#copy-the-messaging-endpoint)Copy the messaging endpoint Redpanda’s messaging bridge picks up the new trigger, validates the bot credentials with Microsoft, and reports the trigger’s messaging endpoint URL. This takes up to a minute, and the **Triggers** tab refreshes on its own. 1. On the **Triggers** tab, expand the trigger’s card. 2. Wait for the status to change from **Pending** to **Connected**. The **Messaging endpoint** field then shows the URL, similar to: ```text https://msteams-bridge..clusters.rdpa.co/teams/v1/ ``` In this URL, `` is the ID of the cluster the agent runs on, and `` is the agent’s ID. 3. Copy the URL exactly as shown. You need it in the next step. ![An expanded Microsoft Teams trigger card with a green Connected badge](https://docs.redpanda.com/agentic-data-plane/connect/_images/teams-trigger-connected.png) If the status changes to **Error** instead, the message on the card explains the reason. See [Troubleshooting](#troubleshooting). ## [](#set-the-endpoint-url-on-the-bot)Set the endpoint URL on the bot 1. Go back to the [Teams Developer Portal](https://dev.teams.microsoft.com/tools). 2. Open **Tools** > **Bot management** and select your bot. 3. Paste the messaging endpoint URL into the endpoint address field. ![The bot’s Configure page in the Teams Developer Portal](https://docs.redpanda.com/agentic-data-plane/connect/_images/teams-devportal-endpoint.png) 4. Save. If you manage the bot as an Azure Bot resource instead, paste the URL into the **Messaging endpoint** field on the bot’s **Configuration** page in the Azure portal. ## [](#create-and-publish-the-teams-app)Create and publish the Teams app A Teams app makes the bot visible to people in your organization. 1. In the Teams Developer Portal, click **Apps**, and then create a new app and give it a name. 2. On the **Basic information** tab, fill in the descriptions, developer information, and the application (client) ID from the app registration. 3. Open **App features**, select **Bot**, and choose the bot you created. Under the scopes where people can use the bot, select **Personal**. With only this scope selected, people use the bot in personal chats and can’t add it to channels or group chats, which matches what the trigger is designed for. 4. Click **Publish** > **Publish to your org**. This submits the app for admin approval. ## [](#approve-the-app-in-the-teams-admin-center)Approve the app in the Teams admin center 1. Go to the [Teams admin center](https://admin.teams.microsoft.com). 2. Open **Teams apps** > **Manage apps** and search for your app. 3. Select the app, then click **Publish** to approve it. The app can take up to 24 hours to appear in the Teams app catalog after approval. > 💡 **TIP** > > By default, the app is available to everyone in the organization. To restrict it, assign it to specific users or groups under **Manage apps**. To pin it to the Teams sidebar, add it to a setup policy under **Setup policies**. ## [](#verify)Verify 1. In Redpanda Cloud, open the agent’s **Triggers** tab and confirm the trigger status is **Connected**. This confirms that Redpanda validated the bot credentials with Microsoft. It does not confirm that the endpoint URL is set correctly on the bot, so also send a real message. 2. In Microsoft Teams, find the app in your chats and send it a message. While the agent works, Teams shows a progress indicator, and then the reply streams into the chat with an AI-generated label. Tool calls appear as cards that update in place as they finish. ## [](#how-a-message-flows)How a message flows When someone messages the bot, Teams delivers the message to the trigger’s messaging endpoint. Redpanda’s messaging bridge authenticates the request against the trigger’s bot credentials, resolves the sender’s email address through Microsoft Graph, and forwards the message to the agent along with that identity. The reply streams back into the chat as the agent produces it. A reply that exceeds the Teams streaming limits finishes as a regular message. An agent can have several Microsoft Teams triggers, each with its own bot registration and credentials. For example, you can expose one agent through a production bot and a test bot at the same time. Inbound messages are matched to the trigger whose bot they were addressed to. Each trigger’s health is rechecked continuously: about every 30 seconds, the bridge validates the trigger’s credentials with Microsoft and updates the status on the **Triggers** tab. If a client secret expires or is rotated to a wrong value, the trigger flips to **Error** with the reason, without anyone sending a message. ## [](#troubleshooting)Troubleshooting | Symptom | What to check | | --- | --- | | The bot never responds, or replies with a 401 error | The app registration is most likely set to multi-tenant. In the Azure portal, open the app registration, click Authentication, and select the single-tenant option for the supported account types. Allow up to 60 minutes for the change to propagate. | | The trigger shows Error with a message that the client secret is not set in the secret store | The messaging bridge could not read the secret from this cluster’s secret store. In Secrets Store, confirm that a secret exists whose ID exactly matches the reference on the trigger. If it does and the error persists, contact Redpanda support. | | The trigger shows Error with a message that Microsoft rejected the bot credentials | The application (client) ID, directory (tenant) ID, and client secret don’t match a valid app registration. The Microsoft error code in the message names the exact cause. For example, AADSTS7000215 means the client secret value is invalid. | | Teams shows a Permissions needed message | A Teams admin has not yet approved the app. Approve it in the Teams admin center. | | The Grant admin consent button is unavailable | The signed-in Azure user lacks admin privileges. Ask a Global Administrator to grant consent on the API permissions page. | | The agent responds but doesn’t receive the sender’s email address | The User.ReadBasic.All Graph permission is missing, or admin consent was not granted. Recheck the Microsoft Graph permissions step. | | The trigger status stays on Pending | The messaging bridge has not reported on the trigger yet. The first report normally arrives within a minute. If it doesn’t, refresh the tab; if the status still doesn’t change, contact Redpanda support. | ## [](#next-steps)Next steps - [Trigger Agents from External Channels](https://docs.redpanda.com/agentic-data-plane/connect/triggers/overview/) - [Create an Agent](https://docs.redpanda.com/agentic-data-plane/connect/create-agent/) - [How Agents Work](https://docs.redpanda.com/agentic-data-plane/connect/agents-overview/) --- # Page 42: Trigger Agents from External Channels **URL**: https://docs.redpanda.com/agentic-data-plane/connect/triggers/overview.md --- # Trigger Agents from External Channels > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Trigger Agents from External Channels latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: triggers/overview page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: triggers/overview.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/triggers/overview.adoc description: Triggers connect a deployed agent to the outside world, so people and systems can invoke it without calling its API directly. page-topic-type: overview personas: agent_builder, platform_engineer learning-objective-1: Describe what an agent trigger is and how a trigger invokes an agent learning-objective-2: Describe how triggers are added, edited, and disconnected on an agent learning-objective-3: Interpret the status that an agent's Triggers tab reports for each trigger page-git-created-date: "2026-06-02" page-git-modified-date: "2026-06-11" --- A trigger is a configured way for the outside world to invoke an agent. Without a trigger, an agent only responds to direct calls against its API. Add a trigger and you connect the agent to a channel: with a Microsoft Teams trigger, people in your organization chat with the agent in a personal Teams chat, and replies stream back as the agent produces them. Each trigger is its own resource on the agent, created, edited, and disconnected on its own, so you can attach several to the same agent. For example, one agent can serve a production Teams bot and a test Teams bot side by side, each through its own trigger. After reading this page, you will be able to: - Describe what an agent trigger is and how a trigger invokes an agent - Describe how triggers are added, edited, and disconnected on an agent - Interpret the status that an agent’s Triggers tab reports for each trigger ## [](#manage-triggers)Manage triggers Triggers live on the agent’s detail page, on the **Triggers** tab: - Click **Add trigger**, pick the trigger type, and fill in its configuration. A Microsoft Teams trigger takes the bot’s application (client) ID, directory (tenant) ID, and a secret store reference to the bot’s client secret. For the full setup, including the Microsoft side, see [Connect an Agent to Microsoft Teams](https://docs.redpanda.com/agentic-data-plane/connect/triggers/microsoft-teams/). - To change a trigger’s configuration, edit it on its card. The trigger’s unique ID, derived from its display name at creation, and the trigger’s type are fixed; the display name, description, and type-specific configuration stay editable. - To remove a trigger, disconnect it on its card. Disconnecting stops the agent from being invoked through that trigger and can’t be undone. A Microsoft Teams trigger also exposes a messaging endpoint: a URL that Teams delivers inbound messages to. Redpanda reports this URL on the trigger’s card shortly after you add the trigger, and you register it with your bot so Teams knows where to send messages. ## [](#trigger-status)Trigger status Adding a trigger does not validate it on the spot. Redpanda’s messaging bridge checks each trigger in the background, about every 30 seconds, by validating its credentials with Microsoft, and reports the result. The **Triggers** tab shows one of three states: - **Pending**: No check has been reported yet. A trigger sits here briefly after you add it. - **Connected**: The latest check passed. For a Microsoft Teams trigger, this means Microsoft accepted the bot credentials. - **Error**: The latest check failed. The message on the card explains the reason, for example, a rejected client secret. Because the check runs continuously, the status also catches problems that appear later: if a bot’s client secret expires, the trigger flips to **Error** without anyone sending a message. The tab refreshes the status on its own, and you can also refresh on demand. ## [](#next-steps)Next steps - [Connect an Agent to Microsoft Teams](https://docs.redpanda.com/agentic-data-plane/connect/triggers/microsoft-teams/) - [Create an Agent](https://docs.redpanda.com/agentic-data-plane/connect/create-agent/) - [How Agents Work](https://docs.redpanda.com/agentic-data-plane/connect/agents-overview/) --- # Page 43: Configure User-Delegated OAuth **URL**: https://docs.redpanda.com/agentic-data-plane/connect/user-delegated-oauth.md --- # Configure User-Delegated OAuth > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Configure User-Delegated OAuth latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: user-delegated-oauth page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: user-delegated-oauth.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/connect/pages/user-delegated-oauth.adoc description: Have each end-user authenticate against the MCP server's upstream system with their own credentials. Redpanda stores their token in the vault and injects it at call time. page-topic-type: how-to personas: platform_engineer, agent_builder, security_compliance_lead learning-objective-1: Configure an MCP server to use user-delegated OAuth with a registered OAuth provider learning-objective-2: Walk an end-user through the consent flow and verify the connection learning-objective-3: Troubleshoot scope upgrades, token expiry, and refresh failures page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- User-delegated OAuth means each end-user authenticates against the MCP server’s upstream system (for example, Slack, Jira, Google) with their own credentials. Redpanda stores their token in the token vault and injects it at call time. Contrast with service-account OAuth, where one shared identity is used for every caller. After completing this guide, you will be able to: - Configure an MCP server to use user-delegated OAuth with a registered OAuth provider - Walk an end-user through the consent flow and verify the connection - Troubleshoot scope upgrades, token expiry, and refresh failures ## [](#prerequisites)Prerequisites - An OAuth provider resource configured in Redpanda ADP under **OAuth providers**. The provider declares the upstream’s `authorize_url`, `token_url`, supported scopes, and client credentials. See [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/). - The required scopes for the upstream API you plan to call. - For **self-managed** MCP servers: the server URL must be `https://` (proto rule `remote_mcp.user_oauth_requires_https`). HTTP is rejected at create time. - For **managed** MCP servers: the type must support user-delegated OAuth. SQL doesn’t; Slack, Jira, and Google managed types do. Check [Managed catalog](https://docs.redpanda.com/agentic-data-plane/connect/managed/managed-catalog/) before configuring. ## [](#configure-the-server)Configure the server 1. Create or edit your MCP server (see [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/)). 2. In the authentication section, choose **User-delegated OAuth**. 3. Pick the configured **OAuth provider** (`UserOAuthAuth.provider_name`). 4. List the **required scopes** (`UserOAuthAuth.required_scopes`). Redpanda enforces these at consent time. 5. (Optional) Override token injection through the API or CLI. By default Redpanda sends `Authorization: Bearer `. To use a different header, set `TokenInjection.header_name`. To omit the prefix entirely (for example, an upstream that expects a bare API key as the token), set `TokenInjection.header_prefix` to the empty string. The create form doesn’t expose these fields; the UI’s user-delegated authentication section takes only the OAuth provider and required scopes. 6. Save. > 📝 **NOTE** > > Choosing user-delegated OAuth instead of service-account OAuth **is** the credential-mode decision: there’s no separate field. User-delegated gives each caller a per-user upstream identity; service-account gives every caller one shared identity. Switching between them later requires re-consent for every active user. > 💡 **TIP** > > To configure user-delegated OAuth from the CLI, use `--user-oauth-provider` and `--user-oauth-scopes` on `rpk ai mcp create` or `rpk ai mcp update`. See [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/). ## [](#the-user-connection-flow)The user connection flow The first time a user calls a tool that needs this server’s authentication, Redpanda doesn’t have a stored token for them. The behavior is: 1. The MCP RPC returns `FAILED_PRECONDITION` with an `OAuthConnectionRequired` error detail. The detail carries an `authorize_url`. 2. ADP surfaces a consent prompt to the user, pointing at the `authorize_url`. 3. The user completes the device-authorization flow with the upstream provider. 4. The upstream provider redirects back to Redpanda with a token. Redpanda stores it in the token vault under that user’s identity. 5. The original tool call retries automatically. Subsequent calls reuse the stored token. After consent, the user can see and revoke their connection under **Connections** in ADP. ## [](#manage-your-connections)Manage your connections The **Connections** page in the sidebar is each user’s view of their own third-party connections: it lists one card per configured OAuth provider, so a user can authorize the providers their MCP servers need without waiting for a tool call to trigger the consent flow. Each card shows the provider’s name, the scopes it requests, and a status of **Not connected** or connected. Click **Connect** to run the consent flow for that provider and store a token in the vault under your identity. Connections persist until you revoke them; remove and re-add a connection if the upstream credentials change. > 📝 **NOTE** > > Connections are per-user. Each user authorizes their own accounts, and one user’s connections are not visible to or usable by another. ## [](#scope-upgrades)Scope upgrades If a user’s stored connection has fewer scopes than the server’s `required_scopes`, the gateway returns a `scope_upgrade_required` error and surfaces a new `authorize_url` requesting the additional scopes. The user re-consents; the connection is updated in place. ## [](#refresh-and-expiry)Refresh and expiry Redpanda transparently refreshes tokens before they expire, using the refresh token returned at consent time. When refresh fails (revoked token, idle too long, upstream error), the next tool call returns `OAuthTokenExpired` with a `reason`. The user must re-consent through the same flow as initial connection. ## [](#service-account-oauth-contrast)Service-account OAuth contrast If you want one shared upstream identity for every caller (instead of per-user identities), choose **Service-account OAuth** on the server instead of **User-delegated OAuth**. With service-account OAuth, every caller of every tool sees the same upstream identity; the upstream system has no idea which ADP user invoked the tool. With user-delegated OAuth, the upstream system sees each end-user as themselves and applies their own permissions. For the field-by-field service-account-OAuth setup, see [create-server.adoc](https://docs.redpanda.com/agentic-data-plane/connect/create-server/#configure-authentication). ## [](#worked-examples)Worked examples - [Slack](https://docs.redpanda.com/agentic-data-plane/connect/managed/slack/): consumer-facing user-delegated OAuth example. Shows the consent flow against a real Slack workspace. - [Jira](https://docs.redpanda.com/agentic-data-plane/connect/managed/jira/): enterprise user-delegated OAuth example. Atlassian’s OAuth flow differs from Slack’s; this page calls out scope-management gotchas. ## [](#troubleshooting)Troubleshooting | Symptom | What to check | | --- | --- | | "OAuth provider not found" | The provider name on the server doesn’t match an OAuth provider in ADP. Check spelling and that the provider exists. | | "HTTPS required" on save (self-managed only) | User-delegated OAuth requires https:// URLs on the MCP server (proto rule remote_mcp.user_oauth_requires_https). Switch the server’s URL to HTTPS. | | OAuthConnectionRequired returned even after the user consented | The user’s vault entry might have been revoked or the token expired with no refresh. Have the user re-consent through Connections. | | scope_upgrade_required returned | The required scopes on the server changed (or the user originally consented with fewer scopes). The user re-consents with the higher scope. | | Connections shows stale entries | Connections persist until manually revoked. Have the user remove and re-add the connection if upstream credentials changed. | ## [](#next-steps)Next steps - [Configure an OAuth Provider](https://docs.redpanda.com/agentic-data-plane/connect/oauth-providers/) - [Service-account OAuth setup](https://docs.redpanda.com/agentic-data-plane/connect/create-server/#configure-authentication) --- # Page 44: Control & Govern **URL**: https://docs.redpanda.com/agentic-data-plane/control.md --- # Control & Govern > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Control & Govern latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: index page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: index.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/control/pages/index.adoc description: Govern agent activity with guardrails, spend limits, and permissions. page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- Govern agent activity across your deployment. Set guardrails and spend limits, and control who can do what with roles and permissions. - [Set Up Guardrails](guardrails/) Understand how guardrails work, create them, review blocked requests, and look up the available policies. - [Set Up Budgets](budgets/) Cap LLM spend with per-agent budgets, and see what the Agentic Data Plane records automatically and where to view it. - [Manage Access](access/) Control who can do what in the Agentic Data Plane with roles and permissions. --- # Page 45: Manage Access **URL**: https://docs.redpanda.com/agentic-data-plane/control/access.md --- # Manage Access > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Manage Access latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: access page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: access.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/control/pages/access.adoc description: Control who can do what in the Agentic Data Plane with roles and permissions. page-git-created-date: "2026-06-01" page-git-modified-date: "2026-06-01" --- Control who can do what in the Agentic Data Plane. Assign roles to users and service accounts, and look up the permissions each role grants. - [Control Who Can Do What](https://docs.redpanda.com/agentic-data-plane/control/permissions-overview/) Understand how ADP permissions, built-in roles, and role bindings fit together to control access to AI Gateway, MCP, agents, pipelines, and governance APIs. - [Roles and Permissions Reference](https://docs.redpanda.com/agentic-data-plane/control/permissions-reference/) Look up the permissions ADP enforces across LLM providers, MCP servers, agents, pipelines, knowledge bases, and governance APIs, and the built-in roles that grant them. --- # Page 46: Set Up Budgets **URL**: https://docs.redpanda.com/agentic-data-plane/control/budgets.md --- # Set Up Budgets > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Set Up Budgets latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: budgets page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: budgets.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/control/pages/budgets.adoc description: Cap LLM spend with per-agent budgets, and see what the Agentic Data Plane records automatically and where to view it. page-topic-type: how-to personas: platform_engineer, pilot_lead learning-objective-1: Set a per-agent budget that caps LLM spend and warns before the cap learning-objective-2: Identify what spending data the Agentic Data Plane records automatically learning-objective-3: View spend breakdowns by agent, model, and provider page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- The Agentic Data Plane caps LLM spend with budgets and records every LLM call as a spending event. Set a budget to enforce a hard spending cap per agent, then read what you actually spend on the **Cost & Usage** page under **Governance**, through individual [transcripts](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#transcript), and through breakdown queries by provider, model, user, agent, or provider type. After completing these steps, you will be able to: - Set a per-agent budget that caps LLM spend and warns before the cap - Identify what spending data the Agentic Data Plane records automatically - View spend breakdowns by agent, model, and provider ## [](#set-a-spend-limit)Set a budget A **budget** caps LLM spend over a recurring period. When an agent’s spend for the period reaches the budget’s hard limit, AI Gateway rejects that agent’s next LLM request with `HTTP 429` until the period resets. A separate warning threshold fires before the cap, so you can react before AI Gateway cuts the agent off. Redpanda ADP enforces budgets per agent. A budget identifies an _agent_ by its resource name in the form `agents/`, the same identity that appears as `agent_name` in spend data. ### [](#how-a-budget-works)How a budget works | Setting | What it does | | --- | --- | | Limit | The hard cap on per-period spend. You set it in dollars in the UI; the API stores it in USD microcents (1 cent = 1,000,000 microcents). When a matching agent’s accrued spend for the period reaches this value, the agent’s next LLM request through the gateway gets HTTP 429. Spend resets to zero at the start of each period. | | Warning threshold | A spend level, lower than the limit, at which ADP warns: gateway responses carry a SpendLimit-Warning header and ADP records a warning metric. Requests still pass. Must be greater than zero and less than the limit. | | Period | How often the spend pool resets: daily, weekly, or monthly. Periods are calendar-aligned in UTC: daily at 00:00 UTC, weekly at 00:00 UTC Monday, monthly at 00:00 UTC on the first of the month. | | Target agent | Which agent the budget applies to. Leave it unset to create the tenant default budget. Set it to an agent’s resource name (agents/) to create a per-agent override. | ### [](#default-and-per-agent-override-budgets)Default and per-agent override budgets You can have one default budget per tenant and at most one override per agent: - The **default** budget (no target agent) gives every agent its own independent pool of the limit per period. One agent reaching its cap doesn’t affect another. - A **per-agent override** targets a single agent by resource name (`agents/`) and replaces the default for that agent. Use an override to give a specific agent a higher or lower cap than the fleet default. The target agent is immutable. To move an override to a different agent, delete it and create a new one. An override matches on the agent’s resource name, so recreating an agent with the same name keeps the override pointed at it; the new instance counts as a continuation for budget purposes. When you read a budget, it also reports the current period’s spend, when the period started, when it resets, and (for the default budget) the agent currently closest to its cap. ### [](#set-a-budget-in-the-ui)Set a budget in the UI Open **Budgets** under **Governance** in the sidebar. The page shows the tenant default budget as a card: its cap and period, the warn threshold, and how many agents are doing fine, getting close, or over the limit. Per-agent overrides appear in a table below the card, with each override’s `Agent override` target, `Period`, current `Usage` against the cap, `Warn at` threshold, and when it was last `Updated`. To create the tenant default budget: 1. Click **Create default budget**. 2. Under `Budget`, set `Cap usage at` to a dollar amount and choose a period (day, week, or month). Use the quick-set chips ($25, $100, $500, $1,000) for common values. 3. Drag the `Warn at` slider to set the warning threshold as a percentage of the cap (80% by default). 4. Review the Configuration preview panel, which summarizes the budget, period, and the warn and block thresholds in dollars, then click **Create default budget**. Open the default budget from the **Budgets** page to see its detail view: the per-agent spending limit (each agent gets its own limit, not one shared pool), the reset schedule, the warn threshold, and how much each agent has spent so far toward its limit. To give one agent a different cap, click **Add override**, pick the agent (each agent can have at most one override; agents that already have one are grayed out), then set the `Budget` and `Warn at` controls the same way. The `Resource name` is auto-derived from the picked agent and is immutable; the `Display name` is editable. ### [](#manage-budgets-through-the-api)Manage budgets through the API `BudgetService` exposes standard create, read, update, and delete operations: | Method | Use it to | | --- | --- | | CreateBudget | Create the tenant default or a per-agent override. | | GetBudget, ListBudgets | Read one budget, or list all budgets, each with current-period spend status. | | UpdateBudget | Change the limit, warning threshold, or period. Send a field mask naming the fields you change. | | DeleteBudget | Remove a budget. Deleting the default removes the per-agent pools; deleting an override falls that agent back to the default. | A service account needs the matching `dataplane_adp_budget_*` permission for each operation (`create`, `get`, `list`, `update`, or `delete`). See [Budget permissions](https://docs.redpanda.com/agentic-data-plane/control/permissions-reference/#budget-permissions). ## [](#what-adp-records-automatically)What ADP records automatically Every LLM call routed through AI Gateway becomes a spending event. Each event captures: - Input tokens, output tokens, and cached tokens. - Total cost (in microcents). - Request count. - The provider, model, user, and organization context the call ran under. No setup required: the gateway captures spending the moment your first agent runs through it. ADP tracks streaming and non-streaming requests the same way, and attributes cache-write tokens (Anthropic 4.x, OpenAI 4.x prompt caches) correctly on streaming responses, so cost rollups stay accurate when an agent reuses long system prompts. > 📝 **NOTE** > > ADP reports cost in **microcents**. 1 cent = 1,000,000 microcents, so $1 = 100,000,000 microcents. Divide `total_cost_microcents` by 100,000,000 to convert to dollars. ### [](#per-request-pricing-variations)Per-request pricing variations A few request- or response-time signals change the rate ADP applies to a single call. You don’t configure these; the spending pipeline picks them up from the upstream response or request and bills accordingly. - **Anthropic fast mode**: Anthropic exposes a fast-mode option on some models (for example, Opus 4.6 fast) that carries a per-token premium over the default rate. ADP reads the `speed` field on each Anthropic response and bills fast-mode calls at the model’s fast-mode rate. Requests without a `speed` field fall back to the default rate. - **Context-tier pricing**: A few models charge a different rate once a request crosses a context-length threshold. Gemini Pro, for example, prices requests above a 128K-token context at a higher tier than shorter requests. ADP uses the call’s context-token count so requests at or above the threshold bill at the tiered rate automatically. ## [](#where-to-view-your-spend)Where to view your spend You don’t view spend on the **Budgets** page. The **Cost & Usage** page, transcripts, and breakdown queries are the read surfaces: | Surface | Use it for | | --- | --- | | Cost & Usage page (Governance sidebar group) | Time-series spend, request, and token charts across providers and models. Use it to group by provider, model, or token type, then filter by provider, model, cost type, token type, user, or agent. See View cost and usage. | | Transcripts | Per-call cost on individual executions. Useful when investigating a specific agent run or debugging a cost anomaly. See Read a transcript. | | Breakdown queries | Aggregated spend by provider, model, user, agent, or provider type, available through GetSpendingBreakdown for programmatic access. | Every breakdown and time-series query reads from the same `SpendingFilter` shape: a time range plus optional `provider_name`, `model_id`, `user_email`, `agent_name`, `agent_uid`, or `organization_id` filters. Combine filters to scope a query (for example, "all spend on Anthropic for user `alice` in April"). You can break results down by provider, model, user, agent, or provider type; `organization_id` is a filter only, not a breakdown dimension. For more expressive queries, `SpendingFilter` also accepts an AIP-160 `filter` expression that lets you combine and negate dimensions in a single string (for example, `provider_name="anthropic" AND model_id!="claude-sonnet-4-6"`). The convenience fields and the `filter` expression compose; populate one or both. `user_email` and `organization_id` are populated automatically from the request’s authenticated identity (the caller’s email and organization), so spend is attributed without any setup on your part. ## [](#query-spend-programmatically)Query spend programmatically `SpendingService.GetSpendingBreakdown` is the canonical RPC for pulling spend out of ADP. Use it for chargeback reporting, scheduled emails, internal cost dashboards, or any workflow the built-in UI doesn’t cover. ### [](#authenticate)Authenticate `SpendingService` uses the same OIDC client-credentials grant as the rest of AI Gateway. Mint a service-account access token using the flow in [Authenticate with OIDC client credentials](https://docs.redpanda.com/agentic-data-plane/gateway/connect-agent/#authenticate-with-oidc-client-credentials), then pass the token in the `Authorization: Bearer ` header on every call. The service account needs `dataplane_adp_spending_get` on the resource you’re querying. See [Spending permissions](https://docs.redpanda.com/agentic-data-plane/control/permissions-reference/#spending-permissions). ### [](#request-shape)Request shape `GetSpendingBreakdown` takes a `SpendingFilter` plus a `dimension`. The filter accepts: | Field | Meaning | | --- | --- | | start_time, end_time | RFC 3339 timestamps bracketing the window. Required. | | provider_name | Restrict to one LLM provider (matches the Name field on the provider’s detail page). | | model_id | Restrict to one model identifier (claude-sonnet-4-6, gpt-5.2, and so on). | | user_email | Restrict to one identified user, matched on the caller’s email. Anonymous traffic is excluded. | | agent_name | Restrict to one agent by its resource name (agents/), recorded on every call made by or on behalf of an agent. Leave it empty to match every row, including direct user calls; set it to scope spend to a single agent, summed across every instance that has used the name. | | agent_uid | Restrict to one agent instance, identified by an opaque UUID. Only valid when agent_name is also set: setting agent_uid alone is rejected. Use it to exclude spend from a previously deleted agent that reused the same name. | | organization_id | Restrict to one organization. Multi-tenant deployments only. | | filter | AIP-160 expression that combines and negates dimensions in a single string (for example, provider_name="anthropic" AND model_id!="claude-sonnet-4-6"). Composes with the structured fields above; populate one or both. | The `dimension` value chooses the breakdown dimension. Valid values are the `BreakdownDimension` enum: `BREAKDOWN_DIMENSION_PROVIDER`, `BREAKDOWN_DIMENSION_MODEL`, `BREAKDOWN_DIMENSION_USER`, `BREAKDOWN_DIMENSION_AGENT`, and `BREAKDOWN_DIMENSION_PROVIDER_TYPE`. A breakdown on `BREAKDOWN_DIMENSION_AGENT` keys on the agent’s resource name (`agents/`) and excludes rows with no agent (direct user calls), the same way the other dimensions skip empty keys. Spend is summed across every instance that has used the name, so an agent that was deleted and recreated appears as a single entry. ### [](#curl-example)cURL example Pull per-user spend for the last 7 days against an Anthropic provider: ```bash ACCESS_TOKEN="" # from the client_credentials flow DATAPLANE_BASE="https://aigw..clusters.rdpa.co" curl -s --request POST \ --url "${DATAPLANE_BASE}/redpanda.api.adp.v1alpha1.SpendingService/GetSpendingBreakdown" \ --header "Authorization: Bearer ${ACCESS_TOKEN}" \ --header 'Content-Type: application/json' \ --data '{ "filter": { "start_time": "2026-05-17T00:00:00Z", "end_time": "2026-05-24T00:00:00Z", "provider_name": "prod-anthropic" }, "dimension": "BREAKDOWN_DIMENSION_USER" }' | jq ``` The response carries one `entries` row per user in the window. Each entry has a `key` (the user) and a `stats` object with `total_cost_microcents`, `total_requests`, `total_tokens` (server-derived), and per-bucket `input`, `output`, and `cached` usage. Divide `total_cost_microcents` by 100,000,000 to convert to dollars. ### [](#python-example)Python example Generated client code lives in the proto bundle; if your project doesn’t already import it from cloudv2, drive `SpendingService` over plain HTTPS: ```python import os, requests from datetime import datetime, timedelta, timezone token = os.environ["ACCESS_TOKEN"] # from the client_credentials flow base = os.environ["DATAPLANE_BASE"] # https://aigw..clusters.rdpa.co end = datetime.now(timezone.utc) start = end - timedelta(days=7) body = { "filter": { "start_time": start.isoformat().replace("+00:00", "Z"), "end_time": end.isoformat().replace("+00:00", "Z"), "filter": 'provider_name="prod-anthropic"', }, "dimension": "BREAKDOWN_DIMENSION_USER", } r = requests.post( f"{base}/redpanda.api.adp.v1alpha1.SpendingService/GetSpendingBreakdown", headers={"Authorization": f"Bearer {token}", "Content-Type": "application/json"}, json=body, ) r.raise_for_status() for entry in r.json().get("entries", []): stats = entry["stats"] dollars = int(stats["total_cost_microcents"]) / 100_000_000 print(f"{entry['key']}: ${dollars:,.2f} ({stats['total_requests']} requests)") ``` The proto-generated client (Connect-Go or grpc-python) is the long-term recommendation; the cURL and `requests` examples are for quick scripting. ### [](#related-methods)Related methods `SpendingService` exposes additional methods that follow the same `SpendingFilter` shape: - `GetSpendingSummary`: Total spend, tokens, and requests for the range, with no breakdown. Also returns the previous comparable period so you can show a trend. - `GetSpendingTimeSeries`: Spend bucketed over the time range (hourly or daily), for chart-style consumers. - `GetSpendingTimeSeriesByDimension`: Time-series buckets split by a breakdown dimension (top-N keys by cost), for stacked charts. Reports `truncated_key_count` when more keys matched than were returned. ## [](#guardrail-cost)Guardrail cost AWS bills guardrail evaluation directly to the AWS account whose credentials the guardrail’s backend uses. This cost does not appear in ADP cost reporting and is not counted against budgets. For current rates, see [AWS Bedrock pricing](https://aws.amazon.com/bedrock/pricing/). For what each policy does, see [How guardrails work](https://docs.redpanda.com/agentic-data-plane/control/guardrails/overview/) and [Guardrail policy reference](https://docs.redpanda.com/agentic-data-plane/control/guardrails/types-reference/). ## [](#override-per-model-pricing)Override per-model pricing The Agentic Data Plane ships with default per-model pricing per provider, covering input, output, and cache-read prices for every model in the built-in catalog. Cost reporting uses these prices when it computes per-call spend, which is why every dollar value on the **Cost & Usage** page, in transcripts, and in `SpendingService` queries works without any setup. If your organization negotiates non-standard pricing, or you want to track spend against an internal chargeback rate, override the rates as part of configuring an LLM provider. Overrides are scoped to a single provider, where you edit the rate per model. See [Override per-model pricing](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/#pricing-overrides). ## [](#next-steps)Next steps - [Read a transcript](https://docs.redpanda.com/agentic-data-plane/monitor/transcripts/) - [How guardrails work](https://docs.redpanda.com/agentic-data-plane/control/guardrails/overview/) --- # Page 47: Set Up Guardrails **URL**: https://docs.redpanda.com/agentic-data-plane/control/guardrails.md --- # Set Up Guardrails > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Set Up Guardrails latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: guardrails/index page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: guardrails/index.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/control/pages/guardrails/index.adoc description: Understand how guardrails work, create them, review blocked requests, and look up the available policies. page-git-created-date: "2026-06-01" page-git-modified-date: "2026-06-11" --- Guardrails inspect and control the requests and responses that flow through your AWS Bedrock LLM providers. Learn how they work, create one, review blocked requests, and look up the available policies. - [How Guardrails Work](overview/) Learn how ADP guardrails use AWS Bedrock policies to inspect and control LLM requests and responses, and how a blocked request surfaces. - [Create a Guardrail](create-guardrail/) Create a guardrail with the wizard, configure its Bedrock authentication and policies, attach it to a Bedrock LLM provider, and verify that it blocks. - [Review Blocked Requests](violations/) Understand how a blocked request surfaces, where guardrail activity is recorded, and what to check when a guardrail blocks too much or too little. - [Guardrail Policy Reference](types-reference/) Reference for the guardrail policy types, their configuration fields, actions, directions, and limits. --- # Page 48: Create a Guardrail **URL**: https://docs.redpanda.com/agentic-data-plane/control/guardrails/create-guardrail.md --- # Create a Guardrail > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Create a Guardrail latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: guardrails/create-guardrail page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: guardrails/create-guardrail.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/control/pages/guardrails/create-guardrail.adoc description: Create a guardrail with the wizard, configure its Bedrock authentication and policies, attach it to a Bedrock LLM provider, and verify that it blocks. page-topic-type: how-to personas: security_compliance_lead, platform_engineer learning-objective-1: Create a guardrail and configure its backend and policies learning-objective-2: Attach the guardrail to an LLM provider and enable it learning-objective-3: Verify the guardrail blocks a request and trace it through the transcript page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-12" --- Create a guardrail to inspect and control the requests and responses that flow through an AWS Bedrock LLM provider. You configure the guardrail in a wizard (details, authentication, and policies), attach it to a Bedrock provider, and confirm it blocks. After reading this page, you will be able to: - Create a guardrail and configure its backend and policies - Attach the guardrail to an LLM provider and enable it - Verify the guardrail blocks a request and trace it through the transcript ## [](#prerequisites)Prerequisites - An AWS region and Bedrock access. A guardrail reconciles against the AWS Bedrock control plane, so you need either AWS credentials it can use or a Bedrock LLM provider whose credentials it can borrow. - At least one AWS Bedrock LLM provider to attach the guardrail to. Guardrails attach to Bedrock providers only. See [Configure an LLM provider](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/). - For the Sensitive information, Content filters, Contextual grounding, and Automated reasoning policies, confirm the features you need are available in your chosen Bedrock region. ## [](#add-the-details)Add the details Open the wizard and give the guardrail its name and the messages that callers see when a policy blocks a request. 1. Open **Guardrails** in the sidebar and click **Create guardrail**. 2. On the Details step, set the following: | Field | Notes | | --- | --- | | Name | Required. Lowercase letters, numbers, and hyphens only, 1 to 63 characters. Used in the resource path and can’t be changed after creation. | | Display Name | Optional. A friendlier name shown in the list and detail views. | | Description | Optional. | | Blocked Input Message | Required. The message returned to the caller when a policy blocks a prompt. 1 to 500 characters. | | Blocked Output Message | Required. The message returned instead of the model’s response when a policy blocks it. 1 to 500 characters. | | Enabled | Leave off for now. Enable the guardrail after you configure its policies. | 3. Click **Next**. ## [](#configure-authentication)Configure authentication This step, labeled **Authentication** in the wizard, sets the AWS region and credentials the guardrail uses to reach Bedrock. 1. Select a region. The region decides which Bedrock models and guardrail features you can reach, because not every feature is available in every region. Use the same region as the Bedrock provider or model you intend to protect. 2. Choose a credential source: - Standalone AWS credentials: Supply credentials for this guardrail directly. - Borrow from a Bedrock provider: Reuse the credentials of a Bedrock LLM provider you already configured. 3. If you chose standalone credentials, choose a credential type: - Default provider chain: Use the credentials available in the runtime environment. - Static access keys: Supply an access key ID and secret access key, each stored as a secret reference in the ADP secret store. - Assume IAM role: Supply a role ARN, with an optional external ID and session name. 4. Click **Next**. ## [](#turn-on-policies)Turn on policies Each policy is optional, but a guardrail must enforce at least one. Turn on the policies you need, then configure each. For the full configuration of every policy, see [Guardrail policy reference](https://docs.redpanda.com/agentic-data-plane/control/guardrails/types-reference/). ### [](#start-from-a-preset)Start from a preset The Quick start row at the top of the Policies step applies a preset, a bundle of policy settings for a common goal: - **Content safety**: Blocks hate speech, insults, sexual content, violence, and misconduct at high strength. - **PII protection**: Masks emails, phone numbers, names, addresses, card numbers, and US Social Security numbers. - **Prompt attack defense**: Blocks jailbreak and prompt-injection attempts before they reach the model. Presets are additive: applying one never removes rules you already configured. Apply a preset, then adjust the individual policies it turned on. ### [](#choose-individual-policies)Choose individual policies Turn on each policy you need and configure its rules: - Content filters: Harmful-content categories (hate, insults, sexual, violence, misconduct, and prompt attacks). - Word filters: Exact words and phrases from your own lists and platform-managed lists such as profanity. - Denied topics: Topics blocked by meaning rather than exact words. - Sensitive information: PII detected by built-in entity types and your own regex patterns, then detected, blocked, or anonymized. - Contextual grounding: Factual grounding and relevance checks for RAG-style output. Output only. - Automated reasoning: Formal Bedrock Automated Reasoning policies. Detect only. Each policy you turn on exposes a separate **Evaluate this policy** toggle. Turn it off to save the policy’s configuration without enforcing it, which lets you stage a policy before it takes effect. > 📝 **NOTE** > > Two separate toggles control evaluation: > > - The guardrail-level **Enabled** toggle, on the Details step, turns the whole guardrail on or off. A disabled guardrail keeps its configuration but evaluates no traffic. > > - The policy-level **Evaluate this policy** toggle controls a single policy within the guardrail. A policy with this toggle off is saved but not evaluated. > > > A policy acts on traffic only when its guardrail is enabled and its own **Evaluate this policy** toggle is on. A policy you turn on needs at least one rule. ADP rejects a guardrail that has no policy turned on, or that turns on a policy with no rules set, such as a content-filter policy with no category configured or a contextual-grounding policy with neither grounding nor relevance enabled. A staged policy does not count toward this minimum, because a policy with its **Evaluate this policy** toggle off is not enforced. A guardrail needs at least one policy that is both turned on and evaluated, so if you stage every policy, ADP rejects the guardrail. When you finish, click **Create guardrail**. ## [](#attach-the-guardrail-to-a-provider)Attach the guardrail to a provider A guardrail takes effect only after a provider references it. On an AWS Bedrock LLM provider, set the guardrail field in the provider’s Bedrock settings to the one you created. Only Bedrock providers expose this setting. A provider references one guardrail, and you can reuse the same guardrail across many providers. See [Configure an LLM provider](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/). ## [](#enable-the-guardrail)Enable the guardrail After you configure the policies and attach the guardrail, set the guardrail to enabled. A disabled guardrail keeps its configuration but skips evaluation entirely, which is useful while you stage a policy or troubleshoot whether the guardrail is responsible for unexpected blocks. Enabling or disabling a guardrail takes effect within about 30 seconds, because the gateway briefly caches guardrail settings. ## [](#verify-the-guardrail-blocks)Verify the guardrail blocks Send a request through an attached provider that violates a policy. For example, with the sensitive-information policy set to block on input, send a prompt that contains an email address or other PII. The request returns your blocked input message instead of a model response. Open the request’s [transcript](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#transcript) and confirm the guardrail recorded its action. See [See what your agent did](https://docs.redpanda.com/agentic-data-plane/monitor/transcripts/) for the transcript walkthrough and [Review blocked requests](https://docs.redpanda.com/agentic-data-plane/control/guardrails/violations/) for how blocked requests surface. ## [](#edit-disable-or-delete-a-guardrail)Edit, disable, or delete a guardrail From the guardrails list or a guardrail’s detail page: - Edit the guardrail to change its backend or policies. Changes take effect within about 30 seconds, because the gateway briefly caches guardrail settings. - Disable the guardrail to stop evaluation without losing its configuration. - Delete the guardrail to remove it permanently. Deletion asks you to confirm by typing the guardrail’s name. > ❗ **IMPORTANT** > > You cannot delete a guardrail while an LLM provider still references it. ADP blocks the delete and names the providers you must detach first. Open each listed provider, clear its `Guardrail` field, then delete the guardrail. This protects in-flight traffic: if the guardrail were removed while a provider still pointed at it, every request through that provider would fail. ## [](#next-steps)Next steps - [Guardrail policy reference](https://docs.redpanda.com/agentic-data-plane/control/guardrails/types-reference/) - [Review blocked requests](https://docs.redpanda.com/agentic-data-plane/control/guardrails/violations/) - [Configure an LLM provider](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/) --- # Page 49: How Guardrails Work **URL**: https://docs.redpanda.com/agentic-data-plane/control/guardrails/overview.md --- # How Guardrails Work > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: How Guardrails Work latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: guardrails/overview page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: guardrails/overview.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/control/pages/guardrails/overview.adoc description: Learn how ADP guardrails use AWS Bedrock policies to inspect and control LLM requests and responses, and how a blocked request surfaces. page-topic-type: overview personas: security_compliance_lead, platform_engineer, agent_builder learning-objective-1: Describe what a guardrail does and how you attach one to an AWS Bedrock LLM provider learning-objective-2: Identify the available policy types and the situations each fits learning-objective-3: Recognize how a blocked request surfaces and which page to read next page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-12" --- A guardrail is a set of safety and policy filters that inspect and control how agents and gateways use models. A guardrail can block prompt injection, deny off-topic content, redact or block personally identifiable information (PII), and check responses for factual grounding. You attach a guardrail to an AWS Bedrock LLM provider, and ADP applies it to every request and response that flows through that provider. ADP guardrails run on AWS Bedrock Guardrails. Each guardrail syncs its policy configuration to the Bedrock control plane, so it needs an AWS region and Bedrock credentials. Guardrails attach to AWS Bedrock providers only; other provider types don’t expose a guardrail setting. After reading this page, you will be able to: - Describe what a guardrail does and how you attach one to an AWS Bedrock LLM provider - Identify the available policy types and the situations each fits - Recognize how a blocked request surfaces and which page to read next ## [](#policy-types)Policy types A guardrail bundles a set of policies. Each is optional, but a guardrail must enforce at least one. Turn on the ones you need. | Policy | What it does | | --- | --- | | Content filters | Classify prompts and responses against harmful-content categories: hate, insults, sexual, violence, misconduct, and prompt attacks. Prompt-attack detection applies to input only. | | Word filters | Block or detect exact words and phrases, using your own lists and platform-managed lists such as profanity. | | Denied topics | Block content by meaning rather than exact words, so it catches paraphrases and misspellings. | | Sensitive information | Detect PII using built-in entity types and your own regex patterns, then detect, block, or anonymize it. | | Contextual grounding | For RAG-style applications, check model output for factual grounding against a source and relevance to the query. Output only. | | Automated reasoning | Mathematically verify model output against formal Bedrock Automated Reasoning policies. Detect only: it never blocks, and findings appear in the trace. | For each policy’s full configuration, see [Guardrail policy reference](https://docs.redpanda.com/agentic-data-plane/control/guardrails/types-reference/). ## [](#where-a-guardrail-runs)Where a guardrail runs A guardrail evaluates both sides of an LLM call: - Input: ADP evaluates the prompt before forwarding it upstream. Use input evaluation to stop sensitive or malicious content from reaching the model. - Output: ADP evaluates the model’s response before returning it to the caller. Use output evaluation to control what the model generates. Some policies are direction-specific. Content-filter prompt-attack detection runs on input only, contextual grounding runs on output only, and automated reasoning runs on output and only reports findings. For streaming responses, ADP skips output evaluation in this release. Input evaluation still applies. ## [](#where-you-attach-a-guardrail)Where you attach a guardrail You attach a guardrail by setting an AWS Bedrock LLM provider’s guardrail. The guardrail setting appears in the provider’s Bedrock settings, and only Bedrock providers can reference a guardrail. Each provider references at most one guardrail, and a single guardrail can be reused across many providers. The guardrail’s detail page lists the providers that use it. You create and configure the guardrail first, then attach it from the provider. See [Create a guardrail](https://docs.redpanda.com/agentic-data-plane/control/guardrails/create-guardrail/). ADP enforces this reference in both directions. A provider can only point at a guardrail that exists, and you cannot delete a guardrail while a provider still references it. To remove a guardrail that is in use, detach it from each provider first. ## [](#what-happens-when-a-guardrail-blocks)What happens when a guardrail blocks When a policy blocks an input, ADP stops the request and returns your configured blocked input message to the caller. When a policy blocks an output, ADP returns your configured blocked output message instead of the model’s response. The sensitive-information policy can also anonymize matched PII in place rather than block, replacing each match with its entity type, such as `{EMAIL}`. The two directions differ: on output, ADP delivers the redacted response to the caller. On input, ADP does not forward the redacted prompt to the model. ADP short-circuits the request like a block and returns your configured blocked input message. ADP records guardrail activity as attributes on the request’s OpenTelemetry trace, which you read in [transcripts](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#transcript). This release does not include a separate violations dashboard. See [Review blocked requests](https://docs.redpanda.com/agentic-data-plane/control/guardrails/violations/) for how a blocked request surfaces. ## [](#next-steps)Next steps - [Create a guardrail](https://docs.redpanda.com/agentic-data-plane/control/guardrails/create-guardrail/) - [Guardrail policy reference](https://docs.redpanda.com/agentic-data-plane/control/guardrails/types-reference/) - [Review blocked requests](https://docs.redpanda.com/agentic-data-plane/control/guardrails/violations/) --- # Page 50: Guardrail Policy Reference **URL**: https://docs.redpanda.com/agentic-data-plane/control/guardrails/types-reference.md --- # Guardrail Policy Reference > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Guardrail Policy Reference latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: guardrails/types-reference page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: guardrails/types-reference.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/control/pages/guardrails/types-reference.adoc description: Reference for the guardrail policy types, their configuration fields, actions, directions, and limits. page-topic-type: reference personas: security_compliance_lead, platform_engineer page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-11" --- A guardrail bundles a set of policies, each backed by AWS Bedrock Guardrails. Each policy is optional, but a guardrail must enforce at least one. This page documents each policy type’s configuration fields, available actions, direction settings, and regional availability. ## [](#common-settings)Common settings Two settings recur across policies: - Action: what the policy does when it matches. `None` detects and records the match in the trace without intervening. `Block` stops the request and returns the configured blocked message. The sensitive-information policy adds `Anonymize`. - Direction: most policies evaluate input, output, or both, and you set the action per direction. Some policies are fixed to one direction (noted below). > 📝 **NOTE** > > Feature availability varies by AWS region. Choose a region that supports the policies you need, and see the [AWS Bedrock Guardrails documentation](https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html) for exhaustive behavior and regional support. ## [](#content-filters)Content filters Classify prompts and responses against harmful-content categories and block or detect them per category. | Field | Description | | --- | --- | | Categories | Hate, Insults, Sexual, Violence, Misconduct, and Prompt attack. Configure each category independently. Prompt-attack detection evaluates input only. | | Strength | Per category and direction. Sets the confidence cutoff for a match: None scores the category in the trace without acting, Low matches only high-confidence content, Medium matches medium-confidence and above, and High matches any non-negligible content. Higher strength is stricter. | | Action | Per category and direction: None (detect) or Block. | | Modality | Text or Image. | ## [](#word-filters)Word filters Block or detect exact words and phrases. | Field | Description | | --- | --- | | Custom words | Your own list of words and phrases to match. | | Managed lists | Platform-managed lists. Profanity is available today. | | Action | Per direction (input and output): None (detect) or Block. Set independently for custom words and for each managed list. | ## [](#denied-topics)Denied topics Block content by meaning rather than exact words, so the policy catches paraphrases and misspellings. A policy holds up to 30 topics. | Field | Description | | --- | --- | | Name | Topic name, 1 to 100 characters. | | Definition | What the topic covers, up to 1000 characters. The definition drives the semantic match, so write it as a clear, self-contained statement. Keep example phrases and negations out of the definition; put concrete examples in the Examples field instead, which improves accuracy. | | Examples | Up to five example phrases, each up to 100 characters, that match the topic. | | Action | Per direction (input and output): None (detect) or Block. | ## [](#sensitive-information)Sensitive information Detect personally identifiable information (PII) by built-in entity type or by your own regular expressions, then detect, block, or anonymize it. | Field | Description | | --- | --- | | Entities | Built-in entity types. Each entity has a per-direction action. | | Regexes | Custom patterns. Each rule has a name (1 to 100 characters), an RE2 pattern (1 to 500 characters; lookaround is not supported), an optional description, and a per-direction action. | | Action | Per direction (input and output): None (detect), Block, or Anonymize. Anonymize replaces each match in place with its entity type, such as {EMAIL}, and applies to text only. The two directions differ: on output, ADP delivers the redacted response to the caller. On input, this release does not forward the redacted prompt to the model. Instead, an anonymize match short-circuits the request like a block: the model is never called, and ADP returns your configured blocked input message rather than the redacted prompt. Block replaces the whole payload with the blocked message. | The built-in entity types are: `ADDRESS`, `AGE`, `NAME`, `EMAIL`, `PHONE`, `USERNAME`, `PASSWORD`, `DRIVER_ID`, `LICENSE_PLATE`, `VEHICLE_IDENTIFICATION_NUMBER`, `CREDIT_DEBIT_CARD_CVV`, `CREDIT_DEBIT_CARD_EXPIRY`, `CREDIT_DEBIT_CARD_NUMBER`, `PIN`, `INTERNATIONAL_BANK_ACCOUNT_NUMBER`, `SWIFT_CODE`, `IP_ADDRESS`, `MAC_ADDRESS`, `URL`, `AWS_ACCESS_KEY`, `AWS_SECRET_KEY`, `US_BANK_ACCOUNT_NUMBER`, `US_BANK_ROUTING_NUMBER`, `US_INDIVIDUAL_TAX_IDENTIFICATION_NUMBER`, `US_PASSPORT_NUMBER`, `US_SOCIAL_SECURITY_NUMBER`, `CA_HEALTH_NUMBER`, `CA_SOCIAL_INSURANCE_NUMBER`, `UK_NATIONAL_HEALTH_SERVICE_NUMBER`, `UK_NATIONAL_INSURANCE_NUMBER`, and `UK_UNIQUE_TAXPAYER_REFERENCE_NUMBER`. ## [](#contextual-grounding)Contextual grounding For retrieval-augmented generation (RAG) applications, check model output against a source and the user’s query. This policy evaluates output only and has two independent sub-filters. | Sub-filter | Description | | --- | --- | | Grounding | Checks that the response is factually grounded in the provided source. | | Relevance | Checks that the response is relevant to the user’s query. | Each sub-filter has its own enable toggle, a threshold between `0.0` and `0.99`, and an action. The action fires when the response scores below the threshold, so higher thresholds are stricter. The action is `None` (detect) or `Block`. ## [](#automated-reasoning)Automated reasoning Mathematically verify model output against formal Bedrock Automated Reasoning policies. This policy is detect-only: it never blocks, and its findings appear in the trace. | Field | Description | | --- | --- | | Policy ARNs | One or two Bedrock Automated Reasoning policy Amazon Resource Names (ARNs) to attach. Each ARN must point at a specific numeric version (for example, ending in :1 or :2); the DRAFT version is rejected. Create and publish the policies in the AWS Bedrock console first, then reference their versioned ARNs here. | | Confidence threshold | A value between 0.0 and 1.0. Below this confidence, a finding is reported as non-definitive. | ## [](#next-steps)Next steps - [Create a guardrail](https://docs.redpanda.com/agentic-data-plane/control/guardrails/create-guardrail/) - [Review blocked requests](https://docs.redpanda.com/agentic-data-plane/control/guardrails/violations/) - [How guardrails work](https://docs.redpanda.com/agentic-data-plane/control/guardrails/overview/) --- # Page 51: Review Blocked Requests **URL**: https://docs.redpanda.com/agentic-data-plane/control/guardrails/violations.md --- # Review Blocked Requests > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Review Blocked Requests latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: guardrails/violations page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: guardrails/violations.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/control/pages/guardrails/violations.adoc description: Understand how a blocked request surfaces, where guardrail activity is recorded, and what to check when a guardrail blocks too much or too little. page-topic-type: how-to personas: security_compliance_lead, platform_engineer, agent_builder learning-objective-1: Review what a caller sees when a guardrail blocks a request learning-objective-2: Find guardrail activity in a request's transcript learning-objective-3: Diagnose a guardrail that blocks too much or doesn't fire page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-11" --- When a guardrail acts on a request, the caller sees a blocked message and ADP records the action on the request’s trace. This release does not include a dedicated violations dashboard, so you review blocked requests through [transcripts](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#transcript). After reading this page, you will be able to: - Review what a caller sees when a guardrail blocks a request - Find guardrail activity in a request’s transcript - Diagnose a guardrail that blocks too much or doesn’t fire ## [](#what-the-caller-sees)What the caller sees - Blocked input: ADP stops the request before it reaches the model and returns your configured blocked input message. - Blocked output: ADP returns your configured blocked output message instead of the model’s response. - Anonymized PII: When the sensitive-information policy anonymizes a match on output, ADP delivers the response with each match replaced in place by its entity type, such as `{EMAIL}`. On input, this release does not forward the redacted prompt to the model: ADP short-circuits the request like a block and returns your configured blocked input message, not the redacted prompt. Automated reasoning never blocks. It records findings on the trace for your application to act on. ## [](#where-guardrail-activity-is-recorded)Where guardrail activity is recorded ADP records guardrail activity as attributes on the request’s OpenTelemetry trace, which you read in the request’s transcript alongside the LLM call, tool calls, and cost data. See [See what your agent did](https://docs.redpanda.com/agentic-data-plane/monitor/transcripts/). For streaming responses, ADP skips output evaluation and marks the skip on the trace. Input evaluation still applies to streaming requests. ## [](#troubleshoot-guardrail-behavior)Troubleshoot guardrail behavior When a guardrail blocks legitimate traffic or fails to act when you expect it to, work through the checks in this section to find the cause. ### [](#a-guardrail-blocks-too-much)A guardrail blocks too much If a guardrail blocks legitimate traffic: - Content filters: Lower the strength for the affected category, or set its action to detect while you tune. - Sensitive information: Narrow the entity types or regex patterns to the data you actually care about. Structured payloads such as code or JSON can contain strings that resemble PII. - Denied topics: Tighten each topic’s definition and examples so the semantic match is more specific. - Contextual grounding: Lower the threshold so only clearly ungrounded or irrelevant responses are caught. To stage a change without enforcing it, turn off a policy’s **Evaluate this policy** toggle, or set the policy’s action to detect, and review the results on the trace before you block. ### [](#a-guardrail-doesnt-fire)A guardrail doesn’t fire If you expect a guardrail to act and it doesn’t: - Confirm the guardrail is enabled. A disabled guardrail keeps its configuration but skips evaluation. - Confirm the specific policy’s **Evaluate this policy** toggle is on. A saved-but-not-evaluated policy takes no action. - Confirm the Bedrock provider the request used references this guardrail. A guardrail acts only on providers that reference it. - Confirm the direction. An output-only policy such as contextual grounding never acts on input, and output policies are skipped for streaming responses. - Confirm the request actually went through the Bedrock provider. Direct-to-provider requests that bypass ADP are not evaluated. ## [](#next-steps)Next steps - [See what your agent did](https://docs.redpanda.com/agentic-data-plane/monitor/transcripts/) - [Guardrail policy reference](https://docs.redpanda.com/agentic-data-plane/control/guardrails/types-reference/) - [Create a guardrail](https://docs.redpanda.com/agentic-data-plane/control/guardrails/create-guardrail/) --- # Page 52: Control Who Can Do What **URL**: https://docs.redpanda.com/agentic-data-plane/control/permissions-overview.md --- # Control Who Can Do What > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Control Who Can Do What latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: permissions-overview page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: permissions-overview.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/control/pages/permissions-overview.adoc description: Understand how ADP permissions, built-in roles, and role bindings fit together to control access to AI Gateway, MCP, agents, pipelines, and governance APIs. page-topic-type: concept personas: security_compliance_lead, platform_engineer learning-objective-1: Explain how ADP permissions, roles, and role bindings fit together learning-objective-2: Differentiate between the Admin, Writer, Reader, and Invoker built-in roles learning-objective-3: Identify which built-in role grants the permissions a user or service account needs page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- Redpanda ADP uses role-based access control (RBAC) to gate every API call, so you can apply least-privilege access across your deployment and keep developers, operators, and service accounts to exactly what they need. RBAC in ADP composes permissions, roles, and role bindings, with scopes that range from the entire organization down to a single dataplane. ADP ships built-in roles for common patterns (Admin, Writer, Reader, and task-specific Invoker roles) and supports custom roles for more granular control. This page explains the three-layer model, the ADP permission families, and how to pick the right role for each workload. After reading this page, you will be able to: - Explain how ADP permissions, roles, and role bindings fit together - Differentiate between the Admin, Writer, Reader, and Invoker built-in roles - Identify which built-in role grants the permissions a user or service account needs ## [](#the-three-layer-model)The three-layer model Redpanda ADP authorization composes multiple layers. Each layer answers a different question. - **Permission**: What action is allowed? A permission is a string like `dataplane_adp_llmprovider_invoke` that names exactly one operation on one resource type. The gRPC service that handles an API call checks the caller’s permission set before executing. - **Role**: Which permissions go together? A role is a named bundle of permissions. ADP ships built-in roles for common access patterns (Admin, Writer, Reader, and a set of Invoker sub-roles), and you can define custom roles for more specific needs. - **Role binding**: Who gets the role, and where? A role binding attaches a role to a principal (user or service account) at a scope. Scopes range from the entire organization down to a single resource group or dataplane, so the same principal can have different permissions in different parts of your deployment. A successful API call requires all three: the caller must hold a role binding whose role contains the permission the endpoint enforces, at a scope that covers the resource being acted on. ## [](#adp-namespaced-permissions)ADP-namespaced permissions ADP permissions live in the following families, named by the namespace prefix: - `dataplane_adp_mcpserver_*`: Manage and call MCP servers (CRUD plus runtime operations like `tools_call` and `resources_read`). - `dataplane_adp_llmprovider_*`: Manage LLM providers and proxy LLM requests through AI Gateway. The `_invoke` permission is what your applications need at runtime. - `dataplane_adp_agent_*` and `dataplane_adp_agent_credential_*`: Manage declarative AI agents and the OIDC credentials issued to them. - `dataplane_adp_transcript_*`: Read agent conversation transcripts. Granted by the dedicated TranscriptReader role (and Admin), not by Writer or Reader, because transcripts carry full conversation content. - `dataplane_adp_spending_*`: Read AI spending data for governance and cost reporting. - `dataplane_aiagent_a2a_*`: Invoke agent-to-agent (A2A) operations on running agents. - `dataplane_aigateway_*`: Manage enterprise AI Gateway features (rate limits, spend limits, guardrails, model providers, audit, pricing, IAM). Two more families belong to Redpanda Connect resources that ADP uses: - `dataplane_pipeline_*`: Manage and invoke Redpanda Connect pipelines. - `dataplane_knowledgebase_*`: Manage retrieval-augmented generation knowledge bases. For the full list of permissions and which built-in role grants each one, see [Roles and Permissions Reference](https://docs.redpanda.com/agentic-data-plane/control/permissions-reference/). ## [](#built-in-roles)Built-in roles ADP includes the following built-in roles. Admin, Writer, and Reader are general-purpose. The remaining roles are narrow: a set of Invoker roles for runtime-only access, plus TranscriptReader for reading agent conversation transcripts. | Role | What it grants | | --- | --- | | Admin | Every permission, on every resource. Use for cluster operators who configure providers, agents, MCP servers, and pricing. | | Writer | Full create, read, update, and delete access across every ADP-namespaced API (LLM provider, MCP server, agent, agent credential, AI Gateway, pipeline, knowledge base). Use for developers who need to build and modify ADP resources. | | Reader | Read-only access (_get and _list) across the same APIs, plus MCP runtime read operations such as resources_list and prompts_get. No create, update, delete, or invoke. Use for auditors, evaluators, and stakeholders who need visibility without mutation rights. | | TranscriptReader | Transcript reads only: dataplane_adp_transcript_get and dataplane_adp_transcript_list. Transcripts carry full conversation content, so this access is granted through a dedicated role rather than bundled into Reader or Writer. Use for users and service accounts that read agent conversation transcripts. Provisioned for organizations with an ADP cluster. | | AIAgentInvoker | A2A runtime only: message_send, message_stream, and the task lifecycle (get, list, cancel, subscribe). Use for service accounts that consume agents over A2A but should not manage them. | | MCPInvoker | MCP runtime only: initialize, ping, the resources_* read methods, the prompts_* read methods, and tools_list / tools_call. No CRUD. Use for service accounts that call MCP tools without managing the servers themselves. | | LLMProviderInvoker | A single permission: dataplane_adp_llmprovider_invoke. Use for applications that proxy LLM requests through AI Gateway but should not see or modify provider configuration. | | PipelineInvoker | Runtime pipeline invocation only: gateway_invoke, otlp_grpc_invoke, otlp_http_invoke. Use for clients that produce telemetry or send data into Connect pipelines without managing them. | Pick the narrowest role that covers a workload. For example, an application that only needs to call an LLM through AI Gateway should hold the LLMProviderInvoker role, not the Writer role. ## [](#identity-and-impersonation)Identity and impersonation ADP API calls authenticate as one of two identity types: - **User identity (OIDC)**: A human user signed in through Redpanda’s OIDC provider. The ADP UI uses this identity when an admin manages ADP resources interactively. - **Service account**: A non-human identity backed by OIDC client credentials. Applications, CI jobs, and `rpk ai` use service accounts. Account impersonation, which lets Redpanda Console reuse a user’s identity for Kafka API and Schema Registry calls, applies to those two subsystems only. ADP endpoints continue to authenticate clients directly through their OIDC tokens, regardless of how account impersonation is configured at the cluster level. ## [](#where-adp-fits-in-cloud-rbac)Where ADP fits in Cloud RBAC ADP permissions are part of the same Cloud RBAC system that gates control-plane resources such as resource groups, networks, and clusters. The Admin, Writer, and Reader built-in roles each cover control-plane permissions, dataplane Kafka permissions, and ADP dataplane permissions in a single bundle, so a single role binding on the Writer role at the organization scope grants a developer access to every layer. ## [](#next-steps)Next steps - [Roles and Permissions Reference](https://docs.redpanda.com/agentic-data-plane/control/permissions-reference/) --- # Page 53: Roles and Permissions Reference **URL**: https://docs.redpanda.com/agentic-data-plane/control/permissions-reference.md --- # Roles and Permissions Reference > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Roles and Permissions Reference latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: permissions-reference page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: permissions-reference.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/control/pages/permissions-reference.adoc description: Look up the permissions ADP enforces across LLM providers, MCP servers, agents, pipelines, knowledge bases, and governance APIs, and the built-in roles that grant them. page-topic-type: reference personas: security_compliance_lead, platform_engineer learning-objective-1: Look up an ADP permission by namespace learning-objective-2: Find which built-in role grants a specific permission learning-objective-3: Identify the operation each permission gates page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- Every Redpanda ADP API call enforces a single permission. This reference lists every ADP-namespaced permission, the operation it gates, and which built-in role grants it. Use this reference to: - Look up an ADP permission by namespace - Find which built-in role grants a specific permission - Identify the operation each permission gates For an explanation of how permissions, roles, and role bindings fit together, see [Control Who Can Do What](https://docs.redpanda.com/agentic-data-plane/control/permissions-overview/). ## [](#how-to-read-this-reference)How to read this reference Each table column means the same thing across every namespace. - The Permission column is the exact string the API enforces. Use it in custom-role definitions and role bindings. - The Operation column is the user-facing action this permission gates. - The Writer, Reader, and Invoker columns indicate whether the built-in role grants this permission, marked with a check mark. The Invoker column also names which Invoker sub-role (when applicable) grants the permission. The Admin role grants every permission and is omitted from individual rows for brevity. Permissions that only resolve on ADP-enabled clusters carry no separate mark; the gating is automatic. The transcript namespace adds a TranscriptReader column in place of the Invoker column. Those permissions are granted by a dedicated role, not by the general-purpose Writer and Reader roles. ## [](#mcp-server-permissions)MCP server permissions The `dataplane_adp_mcpserver_*` permissions gate both server management (CRUD) and the MCP protocol calls a client makes against a running server. | Permission | Operation | Writer | Reader | Invoker | | --- | --- | --- | --- | --- | | dataplane_adp_mcpserver_create | Register a new MCP server | ✓ | | | | dataplane_adp_mcpserver_update | Modify an existing MCP server’s configuration | ✓ | | | | dataplane_adp_mcpserver_delete | Delete an MCP server | ✓ | | | | dataplane_adp_mcpserver_get | View one MCP server’s configuration | ✓ | ✓ | | | dataplane_adp_mcpserver_list | List MCP servers | ✓ | ✓ | | | dataplane_adp_mcpserver_initialize | Initialize an MCP session against a server | ✓ | ✓ | MCPInvoker | | dataplane_adp_mcpserver_ping | Health-check an MCP server | ✓ | ✓ | MCPInvoker | | dataplane_adp_mcpserver_resources_list | List resources a server exposes | ✓ | ✓ | MCPInvoker | | dataplane_adp_mcpserver_resources_templates_list | List resource templates a server exposes | ✓ | ✓ | MCPInvoker | | dataplane_adp_mcpserver_resources_read | Read a resource from a server | ✓ | ✓ | MCPInvoker | | dataplane_adp_mcpserver_prompts_list | List prompts a server exposes | ✓ | ✓ | MCPInvoker | | dataplane_adp_mcpserver_prompts_get | Retrieve a prompt from a server | ✓ | ✓ | MCPInvoker | | dataplane_adp_mcpserver_tools_list | List tools a server exposes | ✓ | ✓ | MCPInvoker | | dataplane_adp_mcpserver_tools_call | Invoke a tool on an MCP server | ✓ | | MCPInvoker | | dataplane_adp_mcpserver_logging_set_level | Adjust an MCP server’s log level | ✓ | | | A legacy `dataplane_mcpserver_*` namespace mirrors these permissions and is still enforced by older proto versions. The Writer and Reader built-in roles include both namespaces, so existing role bindings continue to work without modification. ## [](#llm-provider-permissions)LLM provider permissions The `dataplane_adp_llmprovider_*` permissions gate AI Gateway provider configuration and the runtime proxy that forwards LLM requests upstream. | Permission | Operation | Writer | Reader | Invoker | | --- | --- | --- | --- | --- | | dataplane_adp_llmprovider_create | Create an LLM provider | ✓ | | | | dataplane_adp_llmprovider_get | View one LLM provider’s configuration | ✓ | ✓ | | | dataplane_adp_llmprovider_list | List LLM providers | ✓ | ✓ | | | dataplane_adp_llmprovider_update | Modify an LLM provider’s configuration | ✓ | | | | dataplane_adp_llmprovider_delete | Delete an LLM provider | ✓ | | | | dataplane_adp_llmprovider_invoke | Proxy LLM requests through AI Gateway at runtime | ✓ | | LLMProviderInvoker | ## [](#agent-management-permissions)Agent management permissions The `dataplane_adp_agent_*` permissions gate declarative agent configuration. | Permission | Operation | Writer | Reader | | --- | --- | --- | --- | | dataplane_adp_agent_create | Create a declarative agent | ✓ | | | dataplane_adp_agent_get | View one agent’s configuration | ✓ | ✓ | | dataplane_adp_agent_list | List agents | ✓ | ✓ | | dataplane_adp_agent_update | Modify an agent’s configuration | ✓ | | | dataplane_adp_agent_delete | Delete an agent | ✓ | | ## [](#agent-credential-permissions)Agent credential permissions The `dataplane_adp_agent_credential_*` permissions gate the OIDC client credentials an agent uses for outbound calls. | Permission | Operation | Writer | Reader | | --- | --- | --- | --- | | dataplane_adp_agent_credential_create | Issue a new OIDC client credential for an agent | ✓ | | | dataplane_adp_agent_credential_list | List an agent’s credentials | ✓ | ✓ | | dataplane_adp_agent_credential_delete | Revoke an agent credential | ✓ | | ## [](#agent-trigger-permissions)Agent trigger permissions The `dataplane_adp_agent_trigger_*` permissions gate triggers that start an agent in response to an external event, such as an incoming message or a schedule. See [Trigger Agents from External Channels](https://docs.redpanda.com/agentic-data-plane/connect/triggers/overview/). | Permission | Operation | Writer | Reader | | --- | --- | --- | --- | | dataplane_adp_agent_trigger_create | Create a trigger on an agent | ✓ | | | dataplane_adp_agent_trigger_get | View a trigger on an agent | ✓ | ✓ | | dataplane_adp_agent_trigger_list | List triggers on agents | ✓ | ✓ | | dataplane_adp_agent_trigger_update | Modify a trigger on an agent | ✓ | | | dataplane_adp_agent_trigger_delete | Delete a trigger on an agent | ✓ | | A further `dataplane_adp_agent_trigger_report_health` permission lets internal trigger observers report trigger health. No tenant-facing role grants it. ## [](#transcript-permissions)Transcript permissions The `dataplane_adp_transcript_*` permissions gate read access to agent conversation transcripts. Because transcripts carry the full content of an agent’s conversations (system prompts, user messages, tool arguments, and model output), these permissions stay out of the broad Writer and Reader defaults. Only the dedicated TranscriptReader role and Admin grant them. See [See What Your Agent Did](https://docs.redpanda.com/agentic-data-plane/monitor/transcripts/) for what a transcript records. | Permission | Operation | Writer | Reader | TranscriptReader | | --- | --- | --- | --- | --- | | dataplane_adp_transcript_get | View a single agent conversation transcript | | | ✓ | | dataplane_adp_transcript_list | List agent conversation transcripts | | | ✓ | > 📝 **NOTE** > > Transcript access is no longer bundled with agent read access. A principal that can view an agent’s configuration through `dataplane_adp_agent_get` cannot read that agent’s transcripts unless it also holds the TranscriptReader role (or Admin). Grant TranscriptReader to the users and service accounts that need to read conversation content. ## [](#spending-permissions)Spending permissions The `dataplane_adp_spending_*` permissions gate the governance APIs that surface AI spend, request counts, and token volume. See [Set Up Budgets](https://docs.redpanda.com/agentic-data-plane/control/budgets/) for what spending data ADP records automatically. | Permission | Operation | Writer | Reader | | --- | --- | --- | --- | | dataplane_adp_spending_get | Read AI spending data for governance and cost reports | ✓ | ✓ | ## [](#budget-permissions)Budget permissions The `dataplane_adp_budget_*` permissions gate per-agent LLM spend budgets. See [Set a budget](https://docs.redpanda.com/agentic-data-plane/control/budgets/#set-a-spend-limit). | Permission | Operation | Writer | Reader | | --- | --- | --- | --- | | dataplane_adp_budget_create | Create a budget | ✓ | | | dataplane_adp_budget_get | View a budget and its current-period spend | ✓ | ✓ | | dataplane_adp_budget_list | List budgets | ✓ | ✓ | | dataplane_adp_budget_update | Modify a budget | ✓ | | | dataplane_adp_budget_delete | Delete a budget | ✓ | | ## [](#guardrail-permissions)Guardrail permissions The `dataplane_adp_guardrail_*` permissions gate guardrail policies that screen LLM requests and responses. See [How Guardrails Work](https://docs.redpanda.com/agentic-data-plane/control/guardrails/overview/). | Permission | Operation | Writer | Reader | | --- | --- | --- | --- | | dataplane_adp_guardrail_create | Create a guardrail policy | ✓ | | | dataplane_adp_guardrail_get | View one guardrail policy’s configuration | ✓ | ✓ | | dataplane_adp_guardrail_list | List guardrail policies | ✓ | ✓ | | dataplane_adp_guardrail_update | Modify a guardrail policy | ✓ | | | dataplane_adp_guardrail_delete | Delete a guardrail policy | ✓ | | ## [](#a2a-runtime-permissions)A2A runtime permissions The `dataplane_aiagent_a2a_*` permissions, along with `dataplane_adp_a2a_invoke`, gate agent-to-agent (A2A) runtime traffic. The AIAgentInvoker built-in role grants every A2A permission. | Permission | Operation | Writer | Reader | Invoker | | --- | --- | --- | --- | --- | | dataplane_adp_a2a_invoke | Invoke an A2A agent | ✓ | | AIAgentInvoker | | dataplane_aiagent_a2a_message_send | Send a message to an agent | ✓ | | AIAgentInvoker | | dataplane_aiagent_a2a_message_stream | Open a streaming message connection to an agent | ✓ | | AIAgentInvoker | | dataplane_aiagent_a2a_tasks_get | Read one A2A task | ✓ | ✓ | AIAgentInvoker | | dataplane_aiagent_a2a_tasks_list | List A2A tasks | ✓ | ✓ | AIAgentInvoker | | dataplane_aiagent_a2a_tasks_cancel | Cancel an A2A task | ✓ | | AIAgentInvoker | | dataplane_aiagent_a2a_tasks_subscribe | Subscribe to A2A task events | ✓ | | AIAgentInvoker | | dataplane_aiagent_a2a_get_extended_agent_card | Read an agent’s extended agent card | ✓ | ✓ | AIAgentInvoker | ## [](#pipeline-permissions)Pipeline permissions The `dataplane_pipeline_*` permissions gate Redpanda Connect pipelines used by ADP for ingestion and transformation. The PipelineInvoker role grants only the runtime invocation permissions. | Permission | Operation | Writer | Reader | Invoker | | --- | --- | --- | --- | --- | | dataplane_pipeline_create | Create a pipeline | ✓ | | | | dataplane_pipeline_get | View one pipeline’s configuration | ✓ | ✓ | | | dataplane_pipeline_list | List pipelines | ✓ | ✓ | | | dataplane_pipeline_update | Modify a pipeline’s configuration | ✓ | | | | dataplane_pipeline_delete | Delete a pipeline | ✓ | | | | dataplane_pipeline_start | Start a stopped pipeline | ✓ | | | | dataplane_pipeline_stop | Stop a running pipeline | ✓ | | | | dataplane_pipeline_gateway_invoke | Invoke a pipeline through the gateway endpoint | ✓ | | PipelineInvoker | | dataplane_pipeline_otlp_grpc_invoke | Send OTLP traces to a pipeline over gRPC | ✓ | | PipelineInvoker | | dataplane_pipeline_otlp_http_invoke | Send OTLP traces to a pipeline over HTTP | ✓ | | PipelineInvoker | ## [](#knowledge-base-permissions)Knowledge base permissions The `dataplane_knowledgebase_*` permissions gate retrieval-augmented generation (RAG) knowledge bases. | Permission | Operation | Writer | Reader | | --- | --- | --- | --- | | dataplane_knowledgebase_create | Create a knowledge base | ✓ | | | dataplane_knowledgebase_get | View one knowledge base’s configuration | ✓ | ✓ | | dataplane_knowledgebase_list | List knowledge bases | ✓ | ✓ | | dataplane_knowledgebase_update | Modify a knowledge base’s configuration | ✓ | | | dataplane_knowledgebase_delete | Delete a knowledge base | ✓ | | ## [](#built-in-roles-summary)Built-in roles summary | Role | Use case | | --- | --- | | Admin | Cluster operators who configure providers, agents, MCP servers, pricing, and IAM. Grants every permission. | | Writer | Developers who build and modify ADP resources. Grants full CRUD on every ADP-namespaced API plus pipeline and knowledge-base management. | | Reader | Auditors and evaluators who need visibility without mutation rights. Grants _get and _list plus MCP runtime read methods. | | TranscriptReader | Users and service accounts that read agent conversation transcripts. Grants dataplane_adp_transcript_get and dataplane_adp_transcript_list, which stay out of the Writer and Reader roles because transcripts carry full conversation content. Provisioned for organizations with an ADP cluster. | | AIAgentInvoker | Service accounts that send messages to agents over A2A without managing them. | | MCPInvoker | Service accounts that call MCP tools and read MCP resources without managing the servers. | | LLMProviderInvoker | Applications that proxy LLM requests through AI Gateway. Grants only dataplane_adp_llmprovider_invoke. | | PipelineInvoker | Clients that produce telemetry or send data into Connect pipelines without managing them. | ## [](#next-steps)Next steps - [Control Who Can Do What](https://docs.redpanda.com/agentic-data-plane/control/permissions-overview/) --- # Page 54: Routing & LLM Settings **URL**: https://docs.redpanda.com/agentic-data-plane/gateway.md --- # Routing & LLM Settings > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Routing & LLM Settings latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: index page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: index.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/gateway/pages/index.adoc description: Configure AI Gateway, LLM providers, and routing. page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-01" --- AI Gateway is the proxy that routes agent traffic to your LLM providers. Learn how it works, configure providers, and connect your agents to the gateway. - [How AI Gateway Works](overview/) AI Gateway is ADP's managed proxy for LLM APIs. Create a provider for OpenAI, Anthropic, Google AI, AWS Bedrock, or an OpenAI-compatible endpoint, and point your applications at a Redpanda-hosted URL with managed secrets, authentication, and observability. - [Configure an LLM Provider](configure-provider/) Create an LLM provider to proxy requests to OpenAI, Anthropic, Google AI, AWS Bedrock, or any OpenAI-compatible endpoint through Redpanda ADP. - [Connect Your App to AI Gateway](connect-agent/) Point your application or AI agent at an AI Gateway provider's proxy URL. Covers the URL shape, the local development workflow with rpk ai, the OIDC client-credentials flow for CI and application code, and SDK examples for OpenAI, Anthropic, Google AI, AWS Bedrock, and OpenAI-compatible endpoints. --- # Page 55: Set Up AWS Bedrock as an LLM Provider **URL**: https://docs.redpanda.com/agentic-data-plane/gateway/bedrock-setup.md --- # Set Up AWS Bedrock as an LLM Provider > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Set Up AWS Bedrock as an LLM Provider latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: bedrock-setup page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: bedrock-setup.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/gateway/pages/bedrock-setup.adoc description: Create the IAM user, policy, and access keys required for AI Gateway to invoke Amazon Bedrock models, then register the provider in ADP. page-topic-type: how-to personas: platform_engineer learning-objective-1: Create an IAM policy that grants AI Gateway permission to invoke Bedrock foundation models and cross-region inference profiles learning-objective-2: Create a dedicated IAM user, attach the policy, and generate access keys for AI Gateway learning-objective-3: Register Bedrock as an LLM provider in ADP and select the models you want to expose page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-15" --- This guide walks you through the AWS-side setup AI Gateway needs to invoke Amazon Bedrock, then through the Redpanda ADP flow that registers Bedrock as an LLM provider. For background on how Bedrock foundation models, cross-region inference profiles, and IAM patterns map to the provider form, see [AWS Bedrock: Inference profiles and IAM](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/#bedrock-inference-profiles) on the main provider configuration page. After completing this guide, you will be able to: - Create an IAM policy that grants AI Gateway permission to invoke Bedrock foundation models and cross-region inference profiles - Create a dedicated IAM user, attach the policy, and generate access keys for AI Gateway - Register Bedrock as an LLM provider in ADP and select the models you want to expose ## [](#prerequisites)Prerequisites - An AWS account with Bedrock model access enabled in the region you plan to call. Model availability varies by region; see [Bedrock models by region](https://docs.aws.amazon.com/bedrock/latest/userguide/models-regions.html). - Access to the AWS CLI configured with credentials that can create IAM users, policies, and access keys. - Access to the Redpanda UI. ## [](#create-the-iam-policy)Create the IAM policy Create a policy that grants the two Bedrock invoke actions on both foundation-model ARNs and cross-region inference-profile ARNs: ```bash aws iam create-policy \ --policy-name RedpandaBedrockInvoke \ --policy-document '{ "Version": "2012-10-17", "Statement": [ { "Sid": "BedrockInvoke", "Effect": "Allow", "Action": [ "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream" ], "Resource": [ "arn:aws:bedrock:*::foundation-model/*", "arn:aws:bedrock:*:*:inference-profile/*" ] } ] }' ``` The second resource entry enables cross-region inference profiles such as `us.anthropic.claude-sonnet-4-6`, which AI Gateway uses when the model identifier carries a geography prefix. See [AWS Bedrock: Inference profiles and IAM](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/#bedrock-inference-profiles) for the full prefix list and pricing implications. > 📝 **NOTE** > > Anthropic Claude 4.6 and later models cannot be invoked with the bare foundation-model ID and require an inference profile. Without the second `Resource` entry, those calls fail with `AccessDenied`. To restrict the policy to specific models and regions for production, replace the wildcard resources with explicit ARNs. For example: ```json { "Resource": [ "arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-sonnet-4-6", "arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-haiku-4-5-20251001" ] } ``` ## [](#create-the-iam-user)Create the IAM user Create a dedicated IAM user for AI Gateway and attach the policy: ```bash aws iam create-user --user-name redpanda-bedrock-invoker aws iam attach-user-policy \ --user-name redpanda-bedrock-invoker \ --policy-arn arn:aws:iam:::policy/RedpandaBedrockInvoke ``` Replace `` with the account ID returned in the `create-policy` output (visible in the policy ARN). > 💡 **TIP** > > Don’t reuse an existing IAM user. A dedicated user makes it easy to rotate credentials or revoke access without affecting other AWS workloads. ## [](#generate-access-keys)Generate access keys Generate the access keys AI Gateway uses: ```bash aws iam create-access-key --user-name redpanda-bedrock-invoker ``` Save the `AccessKeyId` and `SecretAccessKey` from the output. You need both in the next section to register them as Redpanda secrets. > ⚠️ **CAUTION** > > AWS displays the secret access key only at creation. Store it in a password manager or pass it directly into the secret-creation flow in the next section. ## [](#verify-bedrock-access-optional)Verify Bedrock access (optional) Confirm the IAM user can invoke Bedrock before moving to the UI: ```bash aws bedrock-runtime invoke-model \ --model-id us.anthropic.claude-haiku-4-5-20251001-v1:0 \ --region us-east-1 \ --content-type application/json \ --accept application/json \ --body "$(echo -n '{"anthropic_version":"bedrock-2023-05-31","max_tokens":32,"messages":[{"role":"user","content":"Hello"}]}' | base64)" \ /tmp/bedrock-test.json \ && jq . /tmp/bedrock-test.json && rm /tmp/bedrock-test.json ``` A successful model response confirms the IAM policy, region, and credentials are correct. If you see `AccessDenied`, check the policy resource list and confirm Bedrock model access is enabled in the target region. ## [](#register-bedrock-as-an-llm-provider)Register Bedrock as an LLM provider 1. Open **LLM Providers** in the sidebar and click **Create provider**. 2. Select **AWS Bedrock** as the provider type. 3. Enter a Name such as `my-bedrock`. Use lowercase letters, digits, and hyphens. The name is immutable and appears in the proxy URL. 4. Select the Region where you want to invoke Bedrock, such as `us-east-1`. 5. For Credential type, select **Static keys**. (This guide uses the access keys you created above. For the default-chain and assume-role options, see [Configure an LLM provider](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/).) 6. Configure the credentials: 1. In the Access key ID ref dropdown, type a secret name such as `AWS_ACCESS_KEY_ID`. 2. Paste the `AccessKeyId` value from the IAM user setup and click **Create**. The secret is stored in the ADP secret store, scoped to AI Gateway. 3. Repeat for Secret access key ref. Use a name such as `AWS_SECRET_ACCESS_KEY` and paste the `SecretAccessKey` value. Secret names are normalized to `UPPER_SNAKE_CASE` automatically and get the AI Gateway scope, which makes them usable across the platform: LLM providers, MCP servers, and agents. 7. Select the models you want to expose through this provider, for example: - `anthropic.claude-sonnet-4-6` - `anthropic.claude-haiku-4-5-20251001` - `amazon.nova-pro-v1:0` For Anthropic Claude 4.6 and later, pick the inference profile (for example, `us.anthropic.claude-sonnet-4-6`) rather than the bare foundation-model ID. 8. Click **Create provider**. 9. On the provider detail page, scroll to the Verify connection section, pick a model, and click **Test Connection**. A successful response confirms that the credentials, region, and IAM policy are correctly configured. ## [](#cross-region-inference-profile-billing)Cross-region inference profile billing When you call a cross-region inference profile (any model identifier with a `us.`, `eu.`, `apac.`, `au.`, `jp.`, or `global.` prefix), AI Gateway bills at the regional rate for that profile. The regional prefix is preserved end to end so usage on the **Cost & Usage** page under **Governance** reflects the correct per-region price. For example, requests to `eu.anthropic.claude-haiku-4-5` bill at the EU Haiku rate, not the headline foundation-model rate. The `global.` profile shares the headline rate; the geography-specific profiles (`us.`, `eu.`, `apac.`, `au.`, `jp.`) carry approximately a 10% cross-region inference premium. ## [](#troubleshooting)Troubleshooting | Symptom | What to check | | --- | --- | | AccessDenied from Bedrock | Confirm the IAM policy includes both bedrock:InvokeModel and bedrock:InvokeModelWithResponseStream, and that the resource list covers the model or inference profile you’re calling. For Claude 4.6 and later, the policy must include arn:aws:bedrock:*:*:inference-profile/* or an explicit inference-profile ARN. | | secret "" not found | Confirm the secret exists in the cloud secret store and the reference in the provider configuration matches exactly. Secret names are UPPER_SNAKE_CASE. | | ValidationException: model ID not supported | The model isn’t enabled in the region you chose. Open the AWS Bedrock console, switch to the target region, and enable model access for the foundation models you want to expose. | | Invocation of model ID … with on-demand throughput isn’t supported | You called a Claude 4.6 or later model with a bare foundation-model ID. Switch to an inference profile, for example us.anthropic.claude-sonnet-4-6 instead of anthropic.claude-sonnet-4-6. See AWS Bedrock: Inference profiles and IAM. | ## [](#next-steps)Next steps - [Configure an LLM provider](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/) - [Connect your app to AI Gateway](https://docs.redpanda.com/agentic-data-plane/gateway/connect-agent/) --- # Page 56: Code Mode **URL**: https://docs.redpanda.com/agentic-data-plane/gateway/code-mode.md --- # Code Mode > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Code Mode latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: code-mode page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: code-mode.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/gateway/pages/code-mode.adoc description: Turn on code mode for an MCP server to replace a large tool catalog with two tools, search and execute, and cut the token cost of tool-heavy servers. page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Explain how code mode reduces tool-token usage for an MCP server learning-objective-2: Enable code mode on an MCP server and find its code-mode endpoint learning-objective-3: Use the search and execute tools to find and call tools through code mode page-git-created-date: "2026-06-09" page-git-modified-date: "2026-06-10" --- Enable code mode on an MCP server to cut the token cost of serving a large tool catalog. Instead of loading every tool definition into context, agents search for the tools they need and run them through a lightweight JavaScript sandbox. After reading this page, you will be able to: - Explain how code mode reduces tool-token usage for an MCP server - Enable code mode on an MCP server and find its code-mode endpoint - Use the search and execute tools to find and call tools through code mode > 📝 **NOTE** > > Code mode applies to one MCP server at a time. It is a token-reduction technique for a server with many tools, not a way to combine multiple servers behind one endpoint. ## [](#how-code-mode-works)How code mode works When code mode is enabled on an MCP server, the AI Gateway serves a virtual sibling endpoint alongside the server’s normal one. If the server is reachable at `https://aigw..clusters.rdpa.co/mcp/v1/`, its code-mode endpoint is the same path with a `-code` suffix: ```none https://aigw..clusters.rdpa.co/mcp/v1/-code ``` That endpoint exposes exactly two tools instead of the server’s full catalog: `search` Find tools in the underlying server’s catalog. Takes an optional `query`, a regular expression (Go RE2 syntax) matched against each tool’s name and description. It returns the full schema (name, description, and input schema) of every match, or null when nothing matches. Omit the query to list the entire catalog, which is large, so prefer a narrow regex. `execute` Run JavaScript in a sandbox that is connected to the same MCP server. The value of the last expression in your code is returned as the tool result. Inside the sandbox, two synchronous host functions are available: - `call_tool({name, arguments})`: Invoke a tool on the server and return its output directly. It throws if the tool returns an error. JSON output is parsed into the matching JavaScript value; anything else is returned as a string. - `search_tools(query)`: Search the catalog by regex, the same as the `search` tool. A typical interaction is: call `search` with a narrow regex to find candidate tools, read the returned input schema, then call `execute` with code that invokes one or more of those tools. ### [](#sandbox-constraints)Sandbox constraints The `execute` sandbox is isolated and intentionally limited: - Code is capped at 64 KiB. - A single `execute` call can make at most 50 tool calls. - Each sandbox has a memory limit and a runtime limit. - The `call_tool` and `search_tools` host functions are synchronous, so do not use `await` on them. Top-level `await` and top-level `return` are syntax errors, promises are not awaited (returning one yields an empty result), and `console.log` output is discarded. Calls that code mode makes to the underlying server run with the same identity and authentication as the server itself, including any per-user [token vault](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#token-vault) credentials. Code mode does not widen what the server can reach. ## [](#when-to-use-code-mode)When to use code mode Turn on code mode when: - A server exposes a large tool catalog, so loading every tool definition on each request is expensive or pushes out other context. - An agent frequently performs multi-step tool sequences that you would rather run in one round trip instead of several model turns. Leave it off for servers with only a handful of tools, where the overhead of searching and writing code outweighs the token savings of a small catalog. ## [](#enable-code-mode)Enable code mode Enable code mode on the MCP server, then point your agent or client at the code-mode endpoint. 1. Open **MCP Servers** in the sidebar. 2. Create a server, or open an existing one to edit it. See [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/). 3. Turn on the **Code mode** toggle. 4. Save the server. The server’s detail page shows the code-mode endpoint URL (the primary URL with a `-code` suffix). 5. Configure your agent or MCP client to connect to the code-mode URL instead of the primary URL. ## [](#test-from-the-cli)Test from the CLI The `--code-mode` flag on `rpk ai mcp tools` targets the virtual `-code` endpoint instead of the server’s primary endpoint, so you can exercise `search` and `execute` directly. List the code-mode tools: ```bash rpk ai mcp tools list --code-mode ``` Search the underlying catalog: ```bash rpk ai mcp tools call search --code-mode \ --args '{"query":"(?i)pull.*create"}' ``` Run code through the `execute` tool: ```bash rpk ai mcp tools call execute --code-mode \ --args '{"code":"var pulls = call_tool({ name: \"github_pulls_list\", arguments: { owner: \"redpanda-data\", repo: \"redpanda\", state: \"open\" } }); JSON.stringify(pulls.map(function (p) { return { number: p.number, title: p.title }; }));"}' ``` The code calls a tool, shapes the result, and returns the value of its last expression. Because `call_tool` is synchronous, a single `execute` call can search, call several tools, and combine the results without extra model round trips. ## [](#next-steps)Next steps - [Create an MCP Server](https://docs.redpanda.com/agentic-data-plane/connect/create-server/) - [How MCP Servers Work](https://docs.redpanda.com/agentic-data-plane/connect/mcp-overview/) - [Test MCP Tools](https://docs.redpanda.com/agentic-data-plane/connect/test-tools/) --- # Page 57: Configure an LLM Provider **URL**: https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider.md --- # Configure an LLM Provider > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Configure an LLM Provider latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: configure-provider page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: configure-provider.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/gateway/pages/configure-provider.adoc description: Create an LLM provider to proxy requests to OpenAI, Anthropic, Google AI, AWS Bedrock, or any OpenAI-compatible endpoint through Redpanda ADP. page-topic-type: how-to personas: platform_engineer, agent_builder learning-objective-1: Create an LLM provider for OpenAI, Anthropic, Google AI, AWS Bedrock, or an OpenAI-compatible endpoint learning-objective-2: Select the models you want to expose through the provider learning-objective-3: Verify the provider is reachable using the built-in Test Connection control page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-15" --- Create an LLM provider to give your applications a managed proxy URL: Redpanda handles the upstream API keys, forwards requests to the provider, and records usage for you. Create a provider for each upstream you use, whether that’s OpenAI, Anthropic, Google AI, AWS Bedrock, or an OpenAI-compatible endpoint. After reading this page, you will be able to: - Create an LLM provider for OpenAI, Anthropic, Google AI, AWS Bedrock, or an OpenAI-compatible endpoint - Select the models you want to expose through the provider - Verify the provider is reachable using the built-in Test Connection control ## [](#prerequisites)Prerequisites - An API key (or AWS credentials for Bedrock) for the upstream provider you want to configure. - One or more secrets already created in your dataplane’s secret store for the provider’s credentials. Secret references must use `UPPER_SNAKE_CASE`. For example: `OPENAI_API_KEY`, `ANTHROPIC_API_KEY`, `AWS_ACCESS_KEY_ID`. ## [](#open-the-create-llm-provider-page)Open the Create LLM provider page 1. Open **LLM Providers** in the sidebar. 2. Click **Create provider**. ## [](#fill-in-the-provider-card)Fill in the provider card The first card on the page collects identity fields. Enter a `Display name`; the form auto-derives the `Resource ID` from it as you type. | Field | Required | Notes | | --- | --- | --- | | Display name | Yes | Human-readable label shown in dashboards and model selectors. Up to 253 characters. The form auto-derives the Resource ID from this value. | | Resource ID | Yes | Machine identifier used in API calls and CLI commands. Lowercase letters, numbers, and hyphens only (^[a-z][a-z0-9-]*$), up to 63 characters. Immutable after creation. Appears in the proxy URL (/llm/v1/providers//…​). Auto-derived from the Display name; edit it if you want something different. | The Summary panel labels the `Resource ID` as `Name`. ## [](#choose-a-provider-type)Choose a provider type The Provider type card shows five cards. Pick the one that matches your upstream. | Type | Use when | | --- | --- | | OpenAI | Proxy GPT, o-series, and embeddings through the OpenAI API. Best when you already hold an OpenAI API key or want the broadest GPT model catalog. | | Anthropic | Call Claude Opus, Sonnet, and Haiku directly. Strong at coding, long-context reasoning, and tool use. Supports forwarding client Authorization headers to Anthropic for enterprise and Max-plan subscription passthrough (see Anthropic: Authorization passthrough). | | Google AI | Reach Gemini Pro, Flash, and multimodal models through Google AI Studio. Ideal for long-context workloads and image/video inputs. | | AWS Bedrock | Invoke foundation models (Claude, Llama, Titan, Nova, Mistral, AI21 Jamba) hosted inside your AWS account. Requires an AWS region and credentials (static, STS-assumed role, or the default credential chain). Supports the native Bedrock APIs (InvokeModel, Converse) and an OpenAI-compatible Chat Completions endpoint for gpt-oss models. See AWS Bedrock: Inference profiles and IAM for picking the right model identifier, and Set up AWS Bedrock as an LLM provider for a step-by-step IAM and access-key walkthrough. | | OpenAI-compatible | Point at any OpenAI-compatible endpoint that ships /v1/chat/completions (vLLM, Ollama, LM Studio, LocalAI, Together, Groq, OpenRouter). Useful for self-hosted models and aggregator gateways. Requires a Base URL. Authentication is optional. | Selecting a type reveals the type-specific configuration fields. ## [](#fill-in-the-type-specific-configuration)Fill in the type-specific configuration Each `API key reference` and credential field points at a secret-store entry, not the secret value itself. Use the **Existing** tab to pick a secret already in your dataplane’s secret store, or the **New** tab to create one inline. ### OpenAI | Field | Notes | | --- | --- | | Base URL | Optional. Leave empty for the standard OpenAI API (https://api.openai.com/v1). Override for Azure OpenAI or other OpenAI-hosted endpoints. | | API key reference | Required. Secret-store reference for the OpenAI API key. Must be UPPER_SNAKE_CASE, for example OPENAI_API_KEY. | ### Anthropic | Field | Notes | | --- | --- | | Base URL | Optional. Leave empty for the standard Anthropic API (https://api.anthropic.com). | | API key reference | Required unless Authorization passthrough is on. UPPER_SNAKE_CASE, for example ANTHROPIC_API_KEY. | | Authorization passthrough | Optional toggle. When on, AI Gateway forwards the client’s Authorization header to Anthropic instead of using a server-side API key. Used for enterprise and Max-plan OAuth passthrough: each client authenticates with its own Anthropic subscription. Leave the API key reference empty when using passthrough. | ### Google AI | Field | Notes | | --- | --- | | Base URL | Optional. Leave empty for the standard Google AI API (https://generativelanguage.googleapis.com). | | API key reference | Required. Secret-store reference for the Google AI API key. UPPER_SNAKE_CASE, for example GOOGLE_AI_API_KEY. | > ❗ **IMPORTANT** > > Gemini uses the `x-goog-api-key` header for authentication, not `Authorization: Bearer`. This matters when you wire up clients. See [Connect your app to AI Gateway](https://docs.redpanda.com/agentic-data-plane/gateway/connect-agent/). ### AWS Bedrock | Field | Notes | | --- | --- | | Region | Required. AWS region where the Bedrock endpoint is deployed, for example us-east-1. | | Base URL | Optional. Override the default regional Bedrock endpoint. | | Credential type | How AI Gateway authenticates to Bedrock: Default chain, Static keys, or Assume IAM role. The fields below depend on the mode you pick. | | Access key ID reference | Static keys only. Secret-store reference for the AWS access key ID, UPPER_SNAKE_CASE (typically AWS_ACCESS_KEY_ID). | | Secret access key reference | Static keys only. Secret-store reference for the AWS secret access key, UPPER_SNAKE_CASE (typically AWS_SECRET_ACCESS_KEY). | | Role ARN | Assume IAM role only. Required. ARN of the IAM role AI Gateway assumes through AWS STS, for example arn:aws:iam::123456789012:role/BedrockRole. | | External ID | Assume IAM role only. Optional. External ID for cross-account role assumption. Set it only when the role’s trust policy mandates an external ID. | | Session name | Assume IAM role only. Optional. Session name that appears in AWS CloudTrail audit logs, for example redpanda-adp. | | Guardrail | Optional. Name of a guardrail to attach to this provider, or empty for none. Only the Bedrock provider type exposes this setting. AI Gateway validates the name when you save: it rejects a guardrail that doesn’t exist or is being deleted, so set the field to an existing guardrail or leave it empty. See Create a guardrail. | Pick a **Credential type** to control how AI Gateway authenticates to Bedrock: - **Default chain** (default): Leave the credentials unset to use the AWS SDK’s default provider chain (environment variables, shared config, EKS Pod Identity, IRSA, or instance profile). Use this when the gateway already runs with an AWS identity. - **Static keys**: An access key pair stored in the secret store. Use this when no ambient AWS identity is available. This is the path the [Bedrock setup guide](https://docs.redpanda.com/agentic-data-plane/gateway/bedrock-setup/) walks through. - **Assume IAM role**: AI Gateway assumes an IAM role through AWS STS. Use this for cross-account access or when your security policy requires short-lived credentials. ### OpenAI-compatible | Field | Notes | | --- | --- | | Base URL | Required. URL of your OpenAI-compatible endpoint, for example http://vllm.internal:8000/v1, http://ollama.local:11434/v1, or an aggregator like Together / Groq / OpenRouter. | | API key reference | Optional. Leave empty for endpoints with no authentication (common for local runtimes). UPPER_SNAKE_CASE if set. | > 💡 **TIP** > > OpenAI-compatible endpoints can serve any model. Enter the exact model identifiers your upstream server exposes (for example, `meta-llama/Llama-3.3-70B-Instruct` or `qwen3:8b`). > 📝 **NOTE** > > For the OpenAI, Google AI, and AWS Bedrock provider types, AI Gateway validates that the credential references resolve before it accepts the create or update. AI Gateway rejects a missing or empty secret reference at save time instead of failing at first call. The OpenAI-compatible type does not require a credential reference, so it can be created with no authentication for local runtimes such as Ollama or vLLM. ## [](#select-models)Select models Models you select on this form become the catalog the provider exposes. Leave the list empty to allow every model the upstream catalog returns. For **OpenAI**, **Anthropic**, **Google AI**, and **AWS Bedrock**, the form shows a picker backed by the provider’s catalog. Each model in the picker shows its input and output price per million tokens. Pick from the list, or type a model identifier the catalog doesn’t show. For **OpenAI-compatible**, the form takes a freeform list: type the exact identifiers your upstream serves. Redpanda maintains the catalog of available models in the picker. When an upstream provider publishes a new model, it usually appears in the picker within a day or two; admins don’t have to wait for a Redpanda release. New models aren’t enabled automatically: an admin still selects the model in the catalog to make it callable through this provider. For Bedrock, the picker exposes inference profiles, not raw foundation-model IDs. See [AWS Bedrock: Inference profiles and IAM](#bedrock-inference-profiles). > 📝 **NOTE** > > Redpanda stores models as structured `ProviderModel` entries (one entry per model, with the model name as the only required field). Each model can carry custom pricing overrides that replace the catalog rates for that model in cost reporting; see [Override per-model pricing](#pricing-overrides). The legacy flat `models` field still works on writes for backward compatibility. ### [](#pricing-overrides)Override per-model pricing Cost reporting prices each call at the catalog rates for the model. If your organization negotiates non-standard rates, or you track spend against an internal chargeback rate, override the rates per model on this provider. In the model picker, each selected model carries a pencil icon (Override pricing). Click it to open the pricing dialog for that model. The dialog lists one field per billing bucket, in the same order as the provider’s published rate card: | Bucket | What it bills | | --- | --- | | Input | Per 1M input tokens. Tool-use input also bills at this rate. | | Output | Per 1M output tokens. Reasoning tokens also bill at this rate. | | Cached input | Per 1M tokens read from prompt cache. | | Cache write (5-minute TTL) | Per 1M tokens written to a 5-minute prompt cache. | | Cache write (1-hour TTL) | Per 1M tokens written to a 1-hour prompt cache. | Enter rates in dollars per million tokens. Each field is independent: - Leave a field blank to keep the catalog rate for that bucket. The catalog rate shows as the field’s placeholder. - Enter a positive value to replace the catalog rate for that bucket only. - Enter `0` to make that bucket explicitly free, which is different from leaving it blank. Cache writes with an unknown TTL always bill at the catalog rate; they have no override field. Use the reset control on a field to clear a single override, or clear every field to drop all overrides for the model. Overrides are scoped to this provider and model, and they change what ADP’s cost reporting computes, not what the upstream provider actually charges you. After you create the provider, its detail page has two tabs. The **Overview** tab carries a Last 7 days KPI strip (`TOTAL SPEND`, `REQUESTS`, `TOKENS`) with sparklines and a **View more** link on each card, the Connection card (provider type, status, authentication passthrough state, proxy URL, upstream base URL, and the API key secret reference), and the model list, where each model shows its input and output prices per million tokens and its spend from requests routed through this provider over the last 7 days. For analysis across providers, use the **Cost & Usage** page under **Governance** (see [View cost and usage](#view-cost-and-usage)). The **Connect** tab generates ready-made client configuration for this provider: a gateway-token step, setup instructions for popular clients such as Claude Code, and code examples in several languages, all with the provider’s proxy URL prefilled. See [Connect your app to AI Gateway](https://docs.redpanda.com/agentic-data-plane/gateway/connect-agent/) for the underlying flow. ## [](#transcript-logging)Configure transcript logging The Transcripts card controls whether AI Gateway records the message bodies this provider proxies. It has two independent toggles, **both off by default**: | Toggle | What it captures | | --- | --- | | Record inputs | Captures the full request body (prompt content and tool-call arguments) on observability traces. | | Record outputs | Captures the full response body (completion content and tool-call results) on observability traces. | Because both toggles default to off, AI Gateway does not retain message bodies for a new provider until you turn them on. Enable them to power turn-by-turn investigation and per-conversation drill-down in [the Transcripts view](https://docs.redpanda.com/agentic-data-plane/monitor/transcripts/). Leave them off for workloads where the message body must not be retained, such as regulated PII or customer secrets. These are per-provider settings, not per-request: applications cannot opt in or out at call time. To split sensitive from non-sensitive traffic, create one provider with recording on and another with it off, and route each application to whichever proxy URL matches its data class. Recording settings do not affect cost and usage telemetry. Token counts, latency, and provider/model attribution are always recorded, so the **Cost & Usage** page reports spend for traffic on the provider regardless of these toggles; only the message bodies are withheld when the toggles are off. > 📝 **NOTE** > > Changing a toggle takes effect for new requests. Transcripts already captured under the previous setting are not retroactively redacted; delete or rotate the provider if you need to purge historical content. ## [](#save-and-verify)Save and verify 1. Click **Create provider**. The button activates after `Name` and `Type` are both set. The Summary panel checks them off as you fill them in. 2. On the provider’s detail page, the Connection card shows your `Proxy URL`, `Discovery` URL, `Base URL`, and `API key ref`. Copy the `Proxy URL`: this is where your applications point. 3. Scroll to the Verify connection section. Pick a model from the dropdown and click **Test Connection**. The status updates from _Not tested yet_ to a pass/fail indicator. Use the **Show commands** disclosure if you want to see the equivalent curl or SDK call. 4. To wire up an application, open **Connect your app** further down the page or follow [Connect your app to AI Gateway](https://docs.redpanda.com/agentic-data-plane/gateway/connect-agent/). A successful Test Connection result confirms that the provider’s credentials, region (Bedrock), and network path are all correct. If the call fails, see [Troubleshooting](#troubleshooting). ## [](#bedrock-inference-profiles)AWS Bedrock: Inference profiles and IAM Bedrock has three concepts that affect how you configure a provider: foundation models, cross-region inference profiles, and IAM. Get these right and the **Test connection** check passes. Get them wrong and you see `AccessDenied` or `ValidationException` errors. ### [](#foundation-models-versus-inference-profiles)Foundation models versus inference profiles A **foundation model** is the base model AWS exposes (for example, `anthropic.claude-sonnet-4-6`). It runs in the AWS region you call. A **cross-region inference profile** wraps a foundation model with a geography prefix that routes requests across multiple regions for higher availability and throughput. The prefix tells AWS which geography the request should run in: | Prefix | Geography | | --- | --- | | us. | US regions | | eu. | EU regions | | apac. | Asia-Pacific regions | | au. | Australia regions | | jp. | Japan regions | | global. | Any region; routes for lowest cost | Examples: `us.anthropic.claude-sonnet-4-6` (Claude Sonnet 4.6 routed across US regions), `eu.anthropic.claude-haiku-4-5` (Haiku 4.5 routed across EU regions). > ❗ **IMPORTANT** > > Anthropic Claude 4.6+ models (Sonnet 4.6, Opus 4.6, Opus 4.7) cannot be invoked with the bare foundation-model ID; they require an inference profile. If you try the bare ID, Bedrock returns: > > "Invocation of model ID … with on-demand throughput isn’t supported. Retry your request with the ID or ARN of an inference profile that contains this model." > > Older 4.5 and earlier Claude models still accept bare IDs. Pricing varies by profile. The bare foundation-model ID and the `global.` profile share AWS’s headline rate; geo profiles (`us.`, `eu.`, `apac.`, `au.`, `jp.`) carry approximately a 10% cross-region inference premium. Use `global.` when you want the headline rate and don’t need a specific geography. Use `us.` / `eu.` / `apac.` when data residency matters. AI Gateway preserves the regional prefix end to end when it records spend, so the **Cost & Usage** page attributes usage to the correct regional rate. A call to `eu.anthropic.claude-haiku-4-5` is billed at the EU Haiku rate, not the headline foundation-model rate. ### [](#iam-policy-patterns)IAM policy patterns Bedrock IAM resources have different ARN structures depending on whether you reference a foundation model, a system-defined inference profile, or an account-scoped application inference profile. The provider’s IAM principal needs `bedrock:InvokeModel` and `bedrock:InvokeModelWithResponseStream` on every resource it calls. | Resource type | ARN shape | | --- | --- | | Foundation model | arn:aws:bedrock:{region}::foundation-model/{model-id} (no account ID; AWS-owned) | | System-defined inference profile | arn:aws:bedrock:{region}:*:inference-profile/{profile-id} (wildcard account; system-defined) | | Application inference profile (account-scoped) | arn:aws:bedrock:{region}:{account-id}:application-inference-profile/{profile-id} | A minimal policy granting access to all foundation models plus all cross-region profiles: ```json { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": ["bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream"], "Resource": [ "arn:aws:bedrock:*::foundation-model/*", "arn:aws:bedrock:*:*:inference-profile/*" ] }] } ``` For production, scope to specific models and regions instead of using wildcards. ## [](#anthropic-authorization-passthrough)Anthropic: Authorization passthrough If you want each client to authenticate against Anthropic with its own subscription (Claude Pro, Max, Team, or enterprise), enable `Authorization passthrough` instead of configuring a server-side API key. In this mode: - Leave the `API key` field empty. - Clients must send their own Anthropic `Authorization` header with every request. AI Gateway forwards it unchanged. - Use this when you want to aggregate individual client subscriptions rather than share a single API account. The provider detail page shows whether Authorization passthrough is enabled in the Connection card. ## [](#browse-providers-in-the-list-view)Browse providers in the list view The **LLM Providers** list page is the at-a-glance home for every provider in your dataplane. Open it from the sidebar’s **LLM Providers** entry. | Column | What it shows | | --- | --- | | Provider | User-given name plus the provider-type icon (OpenAI, Anthropic, Google, AWS Bedrock, OpenAI-compatible) and a copyable preview of the proxy base URL. | | Status | Shows Active for an enabled provider. A disabled provider rejects requests to its proxy URL until you enable it again. | | Models | First two model identifiers exposed by the provider, plus a +N overflow chip when more are configured. | | Spend (7d) | Spend over the last 7 days with a small sparkline. The window is fixed at 7 days on this view. Longer-range analysis runs through the Cost & Usage page under Governance (see View cost and usage). | | Updated | Relative timestamp of the last edit. | The **Filter** button narrows the list by provider type, status, or name. The **Create provider** button opens the create flow described in [Open the Create LLM provider page](#open-the-create-llm-provider-page). The list paginates, with a rows-per-page selector in the footer. ## [](#view-cost-and-usage)View cost and usage The **Cost & Usage** page tracks spend, request volume, and token volume over time across providers and models. Open **Cost & Usage** under **Governance** in the sidebar. Use it when you want to understand which provider or model generated usage during a selected time window. The page includes these charts: - **Spend over time**: Estimated spend in USD for the selected range. - **Requests over time**: Request count for the selected range. - **Tokens over time**: Token count for the selected range. Use **Group by** to switch the chart breakdown between providers, models, and token type. Group by provider to see which upstream consumed the most budget. Group by model to see which model drove spend inside one or more providers. Group by token type to separate input, output, cached, cache-write, and reasoning usage where those buckets apply. Use **Filter** to narrow the charts by provider, model, cost type, token type, user, or agent. Each filter appears as a chip above the chart, and you can combine them. For example, filter to one Anthropic provider, drill into `claude-opus-4-7`, then limit the spend view to input tokens. Selecting an agent also narrows the provider options to the providers that agent used. The date-range picker supports last 7 days, last 14 days, last 30 days, last 90 days, month to date, quarter to date, year to date, and custom ranges. The chart subtitle shows the selected date range and bucket size. A custom range writes `customStart` and `customEnd` ISO-8601 timestamps to the page URL, so the view is shareable: copy the URL after picking a custom range and any teammate who opens it lands on the same window. The chart renders empty buckets in the selected range as zero-height bars rather than gaps, so quiet days line up with their date label and the trend stays readable when traffic is bursty. The chart palette is colorblind-safe. When multiple providers of the same type exist (for example, two OpenAI providers), the chart renders each one with a distinct hatched pattern so the series stay visually distinguishable. The spend chart footer summarizes the selected view by cost bucket, including total, input, output, cached, cache writes, and reasoning when the selected traffic includes those categories. ## [](#edit-disable-or-delete-a-provider)Edit, disable, or delete a provider - **Edit**: Click **Edit** on the detail page. You can change any field **except** `Name` and `Type`, which are immutable. Model lists, credential references, and the enabled state can all change. - **Disable**: Click **Disable** on the detail page. The provider remains in the list, but requests to its proxy URL are rejected until you enable it again. Use this when you want to pause traffic without losing configuration. - **Delete**: Scroll to the Delete this provider section at the bottom of the detail page and click **Delete**. The action is permanent. In-flight requests fail and downstream clients receive errors until reconfigured. ## [](#troubleshooting)Troubleshooting | Symptom | What to check | | --- | --- | | secret "" not found | Confirm the secret exists in your dataplane’s secret store and the reference in the provider configuration is spelled identically (UPPER_SNAKE_CASE, no typos). | | Bedrock returns AccessDenied or region errors | Verify the AWS region field matches the region where your Bedrock models are enabled. Bedrock model availability varies by region. Confirm the IAM principal has bedrock:InvokeModel on the foundation-model and inference-profile ARNs you use. See AWS Bedrock: Inference profiles and IAM. | | Bedrock returns "Invocation of model ID … with on-demand throughput isn’t supported" | You called a Claude 4.6+ model with a bare foundation-model ID. Switch to an inference profile (for example, us.anthropic.claude-sonnet-4-6 instead of anthropic.claude-sonnet-4-6). See AWS Bedrock: Inference profiles and IAM. | | Anthropic returns 401 when passthrough is enabled | Confirm the client is sending its own Authorization header and the API key field on the provider is empty. | | Gemini returns 401 | Gemini uses the x-goog-api-key header, not Authorization. If you’re seeing 401s on Gemini, check that the client is sending the correct header. See Connect your app to AI Gateway. | | Provider list empty or 403 | Confirm your account has the dataplane_adp_llmprovider_* permissions in ADP. The Reader built-in role is the minimum required to list providers. The Writer role is required to create one. See LLM provider permissions. | ## [](#limitations)Limitations AI Gateway does not provide these capabilities. For current status, consult the ADP release notes. - **Multi-provider routing, failover, and retries across providers.** A synthetic provider that fans requests to multiple upstreams is not part of AI Gateway. - **Rate limits.** Requests-per-second, per-minute, or per-day limits are not available. To cap spend rather than request rate, use [budgets](https://docs.redpanda.com/agentic-data-plane/control/budgets/), which enforce a per-agent hard cap. - **Managed MCP aggregation at the gateway.** Register MCP tool servers separately under **MCP Servers** in ADP. ## [](#next-steps)Next steps - [Connect your app to AI Gateway](https://docs.redpanda.com/agentic-data-plane/gateway/connect-agent/) - [Set up budgets](https://docs.redpanda.com/agentic-data-plane/control/budgets/) --- # Page 58: Connect Your App to AI Gateway **URL**: https://docs.redpanda.com/agentic-data-plane/gateway/connect-agent.md --- # Connect Your App to AI Gateway > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Connect Your App to AI Gateway latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: connect-agent page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: connect-agent.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/gateway/pages/connect-agent.adoc description: Point your application or AI agent at an AI Gateway provider's proxy URL. Covers the URL shape, the local development workflow with rpk ai, the OIDC client-credentials flow for CI and application code, and SDK examples for OpenAI, Anthropic, Google AI, AWS Bedrock, and OpenAI-compatible endpoints. page-topic-type: how-to personas: agent_builder learning-objective-1: Construct the proxy URL for an LLM provider you have configured learning-objective-2: Authenticate to AI Gateway with rpk for local development or with OIDC client credentials for CI and programmatic clients learning-objective-3: Send requests through the proxy URL with the SDK of your choice page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- This guide shows how to connect your [AI agent](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#ai-agent) or application to the AI Gateway. You construct the proxy URL for a provider you have already created, authenticate (with [`rpk cloud login`](https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-cloud/rpk-cloud-login/) for local development or with OIDC client credentials for CI and application code), and send your first request with the SDK of your choice. > 💡 **TIP** > > The provider’s **Connect** tab in ADP generates this configuration for you: a gateway-token step, setup instructions for popular clients, and code examples with the provider’s proxy URL prefilled. Copy from the tab for a quick start, or follow this page for the full flow. After completing this guide, you will be able to: - Construct the proxy URL for an LLM provider you have configured - Authenticate to AI Gateway with `rpk` for local development or with OIDC client credentials for CI and programmatic clients - Send requests through the proxy URL with the SDK of your choice ## [](#prerequisites)Prerequisites - A configured LLM provider. If you haven’t created one yet, see [Configure an LLM provider](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/). - For local development, nothing else. You’ll install `rpk ai` in the next section. - For CI or programmatic clients: A Redpanda service account with OIDC client credentials. See [Authenticate to Redpanda Cloud](https://docs.redpanda.com/cloud-data-platform/security/cloud-authentication/). - A development environment with your chosen programming language. ## [](#proxy-url-anatomy)Proxy URL anatomy Every provider you create in AI Gateway gets its own proxy URL: ```text /llm/v1/providers// ``` - ``: The AI Gateway base URL for your dataplane. Cluster-specific subdomain on `clusters.rdpa.co` (for example, `[https://aigw..clusters.rdpa.co](https://aigw.\.clusters.rdpa.co)`). Copy the exact value from the `Proxy URL` field on any provider’s Connection card. - ``: The name you gave the provider when you created it, for example `my-openai` or `prod-anthropic`. - ``: The upstream provider’s native API path (for example, `v1/chat/completions` for OpenAI, `v1/messages` for Anthropic). AI Gateway forwards the request to the upstream provider, attaches the configured credentials, and records the request for observability. Your application never sees the upstream API key. > 💡 **TIP** > > The provider detail page generates ready-to-run snippets pre-filled with the correct proxy URL and paths. When in doubt, copy from the Connect your app section there. ## [](#authenticate-with-rpai)Use `rpk ai` for local development The [`rpk ai`](https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai/) command is the Redpanda AI CLI. Use it to manage AI Gateway resources (LLM providers, MCP servers, OAuth providers) and call MCP tools from the command line. Authentication for `rpk ai` is owned by `rpk cloud login`. The active AI Gateway URL comes from your active rpk cloud profile. 1. [Install `rpk ai`](https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-install/): ```bash rpk ai install ``` Update later with [`rpk ai upgrade`](https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-upgrade/); remove with [`rpk ai uninstall`](https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-uninstall/). 2. Log in to Redpanda: ```bash rpk cloud login ``` This caches a cloud token in `~/.config/rpk/rpk.yaml`. On every invocation, `rpk ai` reads the cached token automatically. 3. Select a [profile](https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-profile/rpk-profile/) that points at a cluster with AI Gateway v2 attached. The AI Gateway URL is cached on the profile when you create it. ```bash rpk profile use # or, to switch the cluster the active profile points at: rpk cloud cluster use ``` See [`rpk cloud cluster`](https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-cloud/rpk-cloud-cluster/) for switching the active cluster. 4. Verify the connection: ```bash rpk ai llm list ``` If the cached cloud token has expired, `rpk ai` returns a 401 with a hint to rerun `rpk cloud login`. > 📝 **NOTE** > > `rpk ai help`, `rpk ai version`, and unknown subcommands run without prompting for authentication, so you can browse the CLI surface offline before signing in. Authentication is only required for commands that hit AI Gateway. > 💡 **TIP** > > To target a specific gateway URL for a single invocation (for example, when running against a staging gateway without switching profiles), pass `--rpai-endpoint`: > > ```bash > rpk ai --rpai-endpoint https://aigw..clusters.rdpa.co llm list > ``` > > You can also export `RPAI_ENDPOINT` to override for the shell session. ### [](#environment-variables)Environment variables The `rpk ai` command honors the following environment variables: | Variable | Purpose | | --- | --- | | RPAI_TOKEN | Bearer token for the gateway. Normally injected automatically from your cached rpk cloud login token; set explicitly to override. | | RPAI_ENDPOINT | AI Gateway URL. Normally resolved from your active rpk cloud profile; set explicitly to override. | | RPAI_PROFILE, RPAI_CONFIG, RPAI_VERBOSE, RPAI_FORMAT | Map to --rpai-profile, --rpai-config, --rpai-verbose, --format. Long flag names are renamed under rpk ai to avoid collision with rpk’s globals; short flags (-p`, -c, -v, -o) are unchanged. | ## [](#authenticate-with-oidc-client-credentials)Authenticate with OIDC client credentials (CI and programmatic) For application code, CI runners, server-side processes, and headless agents, use the OIDC `client_credentials` grant directly. This is the canonical authentication path for SDK-style usage; `rpk ai` is for command-line workflows, not for embedding in application code. Values are surfaced on the provider’s Connection card; defaults at the time of writing are below. | Parameter | Value (today) | | --- | --- | | Discovery URL | https://auth.prd.cloud.redpanda.com/.well-known/openid-configuration. Also surfaced as the Discovery field on the provider’s Connection card. | | Token endpoint | https://auth.prd.cloud.redpanda.com/oauth/token | | Audience | cloudv2-production.redpanda.cloud | | Grant type | client_credentials | #### cURL ```bash AUTH_TOKEN=$(curl -s --request POST \ --url 'https://auth.prd.cloud.redpanda.com/oauth/token' \ --header 'content-type: application/x-www-form-urlencoded' \ --data grant_type=client_credentials \ --data client_id= \ --data client_secret= \ --data audience=cloudv2-production.redpanda.cloud | jq -r .access_token) ``` Replace `` and `` with your service account credentials. #### Python (authlib) ```python from authlib.integrations.requests_client import OAuth2Session import requests # Discover token endpoint from OIDC metadata metadata = requests.get( "https://auth.prd.cloud.redpanda.com/.well-known/openid-configuration" ).json() token_endpoint = metadata["token_endpoint"] client = OAuth2Session( client_id="", client_secret="", token_endpoint=token_endpoint, ) token = client.fetch_token( grant_type="client_credentials", audience="cloudv2-production.redpanda.cloud", ) access_token = token["access_token"] ``` Passing `token_endpoint` to the `OAuth2Session` constructor lets `authlib` handle renewal automatically. For `client_credentials` grants, it fetches a new token rather than using a refresh token. #### Node.js (openid-client) ```javascript import { Issuer } from 'openid-client'; const issuer = await Issuer.discover( 'https://auth.prd.cloud.redpanda.com' ); const client = new issuer.Client({ client_id: '', client_secret: '', }); const tokenSet = await client.grant({ grant_type: 'client_credentials', audience: 'cloudv2-production.redpanda.cloud', }); const accessToken = tokenSet.access_token; ``` ### [](#token-lifecycle-management)Token lifecycle management > ❗ **IMPORTANT** > > Your client is responsible for refreshing tokens before they expire. OIDC access tokens have a limited TTL set by the identity provider and are not automatically renewed by AI Gateway. Check the `expires_in` field in the token response for the exact duration. - Proactively refresh at ~80% of the token’s TTL to avoid failed requests. - `authlib` (Python) handles renewal automatically when you pass `token_endpoint` to `OAuth2Session`. - For other languages, cache the token and its expiry, then request a new token before the current one expires. - For SDK code, refresh OIDC client-credentials tokens through your client library (see the `authlib` example above). ## [](#send-requests-with-your-sdk)Send requests with your SDK The examples in this section assume you’ve set: ```bash export PROXY_URL="/llm/v1/providers/" export AUTH_TOKEN="" # from the client_credentials flow above ``` ### OpenAI SDK ```python import os from openai import OpenAI client = OpenAI( base_url=os.environ["PROXY_URL"], # .../llm/v1/providers/my-openai api_key=os.environ["AUTH_TOKEN"], # OIDC access token ) response = client.chat.completions.create( model="gpt-4o", # native OpenAI model ID messages=[{"role": "user", "content": "Hello from AI Gateway"}], ) print(response.choices[0].message.content) ``` The OpenAI SDK calls the proxy’s `/v1/chat/completions` path, which AI Gateway forwards to OpenAI unchanged. Use it with any OpenAI provider and, with a different `base_url`, with any OpenAI-compatible provider (vLLM, Ollama, LM Studio, Together, Groq, OpenRouter). ### Anthropic SDK ```python import os from anthropic import Anthropic client = Anthropic( base_url=os.environ["PROXY_URL"], # .../llm/v1/providers/my-anthropic auth_token=os.environ["AUTH_TOKEN"], # OIDC access token ) message = client.messages.create( model="claude-sonnet-4-6", max_tokens=1024, messages=[{"role": "user", "content": "Hello from AI Gateway"}], ) print(message.content[0].text) ``` The Anthropic SDK hits `v1/messages` on the proxy, which AI Gateway forwards to Anthropic. If the provider is configured with `Auth passthrough`, send your own Anthropic `Authorization` header instead of an `auth_token`. AI Gateway forwards it unchanged. ### Google Gemini SDK ```python import os from google import genai client = genai.Client( api_key=os.environ["AUTH_TOKEN"], # forwarded as x-goog-api-key http_options={"base_url": os.environ["PROXY_URL"]}, # .../llm/v1/providers/my-google ) response = client.models.generate_content( model="gemini-2.0-flash", contents="Hello from AI Gateway", ) print(response.text) ``` > ❗ **IMPORTANT** > > Gemini authenticates with the `x-goog-api-key` header, not `Authorization: Bearer`. Most Google SDKs set `x-goog-api-key` automatically from the `api_key` parameter. If you hand-roll the request, set the header yourself. ### AWS Bedrock Bedrock is different: SigV4 signing is performed **server-side** by AI Gateway using the credentials on the provider. Your client only needs to call the proxy URL with an OIDC access token. ```python import os, httpx # Bedrock 4.6+ Anthropic models require an inference profile (us./eu./apac./global.). # Replace with the inference profile your provider exposes. response = httpx.post( f"{os.environ['PROXY_URL']}/model/us.anthropic.claude-sonnet-4-6/invoke", headers={"Authorization": f"Bearer {os.environ['AUTH_TOKEN']}"}, json={ "anthropic_version": "bedrock-2023-05-31", "messages": [{"role": "user", "content": "Hello"}], "max_tokens": 1024, }, ) print(response.json()) ``` See [the Bedrock provider reference](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/#bedrock-inference-profiles) for inference-profile selection guidance. > 💡 **TIP** > > Bedrock’s `Converse` API works the same way: send to `/model/{MODEL_ID}/converse` with a Converse-shaped body. Or use the AWS SDK’s `bedrockruntime` client and set its `BaseEndpoint` to the proxy URL; the SDK signs the request, AI Gateway re-signs server-side with the provider’s credentials, and your client never sees AWS keys. ### OpenAI-compatible Use the OpenAI SDK with the proxy URL of the OpenAI-compatible provider and whatever model identifier the upstream exposes: ```python import os from openai import OpenAI client = OpenAI( base_url=os.environ["PROXY_URL"], # .../llm/v1/providers/my-vllm api_key=os.environ["AUTH_TOKEN"], ) response = client.chat.completions.create( model="meta-llama/Llama-3.3-70B-Instruct", # as exposed by your upstream messages=[{"role": "user", "content": "Hello"}], ) ``` > 📝 **NOTE** > > The provider detail page also has client guides for **Claude Code**, **Codex**, and **Gemini** (the desktop client). Open **Connect your app** on the provider’s page to see the per-client setup instructions. ## [](#streaming-responses)Streaming responses Streaming passes through unchanged. Use the SDK’s native streaming API; the proxy forwards the stream byte-for-byte. ```python response = client.chat.completions.create( model="gpt-4o", messages=[{"role": "user", "content": "Write a short poem"}], stream=True, ) for chunk in response: if chunk.choices[0].delta.content: print(chunk.choices[0].delta.content, end="", flush=True) ``` ## [](#handle-errors)Handle errors AI Gateway returns standard HTTP status codes. The upstream provider’s error body passes through, so your existing SDK error handling works: | Status | Meaning | | --- | --- | | 400 | Bad request. Invalid parameters or malformed JSON. | | 401 | Authentication failed. Token invalid, expired, or (for Gemini) sent in the wrong header. | | 403 | Forbidden. The service account lacks the required role, or the provider is disabled. | | 404 | Provider or model not found. Verify the provider name in the URL and the model identifier. | | 429 | Rate limited by the upstream provider. AI Gateway does not enforce its own rate limits today. Respect Retry-After if present. | | 5xx | Upstream or gateway error. Retry with exponential backoff. | ## [](#best-practices)Best practices - Use environment variables for the proxy URL and token. Never hard-code them. - Refresh OIDC tokens through your client library so refresh is invisible to your SDK code (`authlib` for Python, `openid-client` for Node.js, and so on). - Implement retry with exponential backoff for 5xx and timeout conditions. - Respect `Retry-After` on 429 responses. - Rotate service account credentials on a schedule your organization accepts. - Observe usage in Redpanda ADP on each provider’s detail page. ## [](#troubleshooting)Troubleshooting ### [](#401-unauthorized)401 Unauthorized - If you’re using `rpk ai`: Rerun `rpk cloud login` to refresh the cached cloud token. Token expiry surfaces as a 401 with this hint in the error. - If you’re using OIDC client credentials: Check the token hasn’t expired and refresh it. Verify the audience is `cloudv2-production.redpanda.cloud` and the `Authorization` header is formatted `Bearer `. - For Gemini: Ensure the token is sent as `x-goog-api-key`, not `Authorization`. - For Anthropic with passthrough: Ensure the client is sending a valid Anthropic `Authorization` header. ### [](#404-not-found)404 Not found - Re-check the provider name in the proxy URL. The segment after `/providers/` must match the provider’s `Name` exactly. - For model-not-found: Confirm the model identifier is one your provider’s catalog actually serves. OpenAI-compatible endpoints accept whatever model IDs the upstream exposes. ### [](#403-forbidden)403 Forbidden - The service account may lack the required roles. Ask an admin to grant `dataplane_adp_llmprovider_get` at minimum to read provider config, and `dataplane_adp_llmprovider_invoke` to proxy LLM requests through AI Gateway. See [LLM provider permissions](https://docs.redpanda.com/agentic-data-plane/control/permissions-reference/#llm-provider-permissions) or assign the LLMProviderInvoker built-in role for runtime-only access. - The provider may be disabled. Check the `Status` field on its Connection card. ### [](#connection-timeout-or-reset)Connection timeout or reset - Verify the proxy URL is correct (copy directly from the provider’s Connection card). - Check that the provider isn’t pointing at a private base URL your client can’t reach (OpenAI-compatible providers only). - Confirm the upstream provider’s status page. ## [](#next-steps)Next steps - [Configure an LLM provider](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/) --- # Page 59: How AI Gateway Works **URL**: https://docs.redpanda.com/agentic-data-plane/gateway/overview.md --- # How AI Gateway Works > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: How AI Gateway Works latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: overview page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: overview.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/gateway/pages/overview.adoc description: AI Gateway is ADP's managed proxy for LLM APIs. Create a provider for OpenAI, Anthropic, Google AI, AWS Bedrock, or an OpenAI-compatible endpoint, and point your applications at a Redpanda-hosted URL with managed secrets, authentication, and observability. page-topic-type: overview personas: agent_builder, platform_engineer, security_compliance_lead learning-objective-1: Describe what AI Gateway is and how a managed proxy differs from direct upstream calls learning-objective-2: Explain how LLM providers, secrets, and OIDC authentication fit together in AI Gateway learning-objective-3: Identify use cases where AI Gateway fits, and use cases where it does not page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-15" --- AI Gateway is Redpanda ADP’s managed proxy for LLM APIs. Instead of giving every application a provider API key and letting it call the upstream directly, you create an **LLM provider** in ADP and point your applications at a Redpanda-hosted proxy URL. Redpanda handles the upstream credentials, forwards the request, and records usage. Your code continues to use the provider’s native SDK. After reading this page, you will be able to: - Describe what AI Gateway is and how a managed proxy differs from direct upstream calls - Explain how LLM providers, secrets, and OIDC authentication fit together in AI Gateway - Identify use cases where AI Gateway fits, and use cases where it does not ## [](#the-problem-ai-gateway-solves)The problem AI Gateway solves Teams adopting LLMs can quickly hit operational problems: - **Credential sprawl:** Every team that touches an LLM gets its own API key. Rotation is manual, offboarding is manual, and it’s hard to know who’s using what. - **SDK lock-in and switching cost:** Each provider has its own SDK, authentication scheme, and model catalog. Swapping OpenAI for Anthropic means a code change, not a configuration change. - **No shared view of usage:** Provider dashboards tell you what a single API key spent. They don’t tell you what your organization spent, broken down by team or application. ## [](#what-ai-gateway-gives-you)What AI Gateway gives you AI Gateway consolidates provider access behind the following capabilities. ### [](#traffic-stays-in-your-vpc)Traffic stays in your VPC LLM requests are proxied through your dataplane’s AI Gateway. API keys are stored in your dataplane’s secret store and never leave your infrastructure. Upstream calls leave your VPC only when the LLM provider is third-party (OpenAI, Anthropic, Google AI). Self-hosted OpenAI-compatible endpoints stay entirely inside your network. ### [](#centralized-secrets)Centralized secrets The upstream API key (or AWS credentials for Bedrock) lives in the Redpanda secret store and is attached to the provider at configuration time. Your application never sees it; rotation happens in one place. ### [](#a-managed-proxy-url-per-provider)A managed proxy URL per provider Every provider you create has its own URL of the form `/llm/v1/providers//`. Your application points its SDK at this URL instead of the upstream, continues to use the provider’s native API, and authenticates to Redpanda with a short-lived OIDC access token. The gateway base is a cluster-specific subdomain (for example, `aigw..clusters.rdpa.co`). Copy the exact value from the `Proxy URL` field on any provider’s detail page. ### [](#native-sdk-compatibility)Native SDK compatibility Use the provider’s own SDK: OpenAI, Anthropic, Google AI, AWS Bedrock, or any OpenAI-compatible client (vLLM, Ollama, LM Studio, LocalAI, Together, Groq, OpenRouter). AI Gateway does not require a single unified SDK. It forwards native requests to the native upstream. ### [](#managed-authentication)Managed authentication Applications authenticate to ADP with OIDC service accounts instead of long-lived provider API keys. Service accounts use the same role and audit model as every other ADP resource, and mint short-lived tokens that are easy to revoke. For local command-line workflows, use [`rpk cloud login`](https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-cloud/rpk-cloud-login/) to authenticate and [`rpk ai`](https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai/) to talk to the gateway. CI and programmatic clients use the OIDC client-credentials grant directly. See [Connect your app to AI Gateway](https://docs.redpanda.com/agentic-data-plane/gateway/connect-agent/). ### [](#per-provider-observability)Per-provider observability The provider’s detail page in ADP records spend, request counts, and token counts for the last 7 days. The **Cost & Usage** page under **Governance** expands that view with time-series charts, provider and model grouping, date ranges, and filters for provider, model, cost type, token type, user, and agent. ## [](#whats-in-the-ui)What’s in the UI In ADP ([ai.redpanda.com](https://ai.redpanda.com)) you’ll find these areas: - **Home**: The landing page after sign-in. A snapshot of items that need attention (such as a budget over its cap or a disabled resource, with quick actions to resolve them), recent request and spend activity, budget status, and counts of your ADP resources with quick links into each area. - **Agents**: Create and manage Redpanda-hosted agents and registered self-managed agents. - **Guardrails**: Define content policies, word filters, and PII rules that apply to traffic on a Bedrock provider. - **LLM Providers**: Create, edit, enable, and delete providers. This is the home of AI Gateway configuration. - **MCP Servers**: Register [MCP](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#model-context-protocol-mcp) tool servers for agents. Separate from the AI Gateway proxy URL. - **OAuth Providers**: Register upstream identity providers for user-delegated MCP authentication (for example, GitHub or Google). - **OAuth Clients**: Register external tools (Claude.ai, ChatGPT, Cursor) that request access tokens from the gateway. - **Connections**: Per-user OAuth connections to the configured providers. - **Secrets Store**: Create and manage the secrets that providers, MCP servers, and agents reference by name. - **Governance**: The **Cost & Usage** page for spend, request, and token analysis across providers, models, and agents, and the **Budgets** page for per-agent spend caps. LLM Providers is where you configure provider settings. The others are covered by their own docs. ## [](#supported-providers)Supported providers AI Gateway supports the following provider types. The UI labels and short descriptions match the picker on the **Create LLM provider** page. | Type | Typical upstream | | --- | --- | | OpenAI | Proxy GPT, o-series, and embeddings through the OpenAI API. Best when you already hold an OpenAI API key or want the broadest GPT model catalog. | | Anthropic | Call Claude Opus, Sonnet, and Haiku directly. Optionally forwards the client’s Authorization header for enterprise and Max-plan subscription passthrough. | | Google AI | Reach Gemini Pro, Flash, and multimodal models through Google AI Studio. Ideal for long-context workloads and image/video inputs. | | AWS Bedrock | Invoke foundation models (Claude, Llama, Titan, Nova) hosted inside your AWS account. Use when data residency, IAM, or VPC egress matter more than raw feature parity. Signed with SigV4 server-side by AI Gateway. | | OpenAI-compatible | Point at any OpenAI-compatible endpoint (vLLM, Ollama, LM Studio, LocalAI, Together, Groq, OpenRouter). Useful for self-hosted models and aggregator gateways that ship /v1/chat/completions. | See [Configure an LLM provider](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/) for the full form reference for each type. ## [](#when-to-use-ai-gateway)When to use AI Gateway AI Gateway is a good fit when you want to: - Pull provider API keys out of application code and manage them centrally. - Keep LLM traffic inside your dataplane’s VPC and your secrets out of application code. - Authenticate applications to LLMs using the same OIDC identity you use for other ADP resources. - Run a self-hosted OpenAI-compatible endpoint (vLLM, Ollama, LM Studio) alongside 1P providers behind a single management plane. - Separate operator and developer roles. Operators configure providers and credentials; developers point at proxy URLs. It is not the right fit when you: - Only ever call a single provider with a single API key and are happy managing that key inline. - Need routing, failover, or cross-provider load balancing across providers. AI Gateway does not provide these capabilities. ## [](#out-of-scope)Limitations AI Gateway does not provide these capabilities. For current status, consult the ADP release notes. - **Multi-provider routing, failover, and retries.** A synthetic provider that fans requests to multiple upstreams is not part of AI Gateway. - **Rate limits.** Requests-per-second, per-minute, or per-day caps are not available. To cap spend rather than request rate, use [budgets](https://docs.redpanda.com/agentic-data-plane/control/budgets/), which enforce a per-agent hard cap. - **Managed MCP aggregation at the gateway.** Register MCP tool servers separately under **MCP Servers** in ADP. ## [](#next-steps)Next steps 1. [Configure an LLM provider](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/) 2. [Connect your app to AI Gateway](https://docs.redpanda.com/agentic-data-plane/gateway/connect-agent/) --- # Page 60: Get Started **URL**: https://docs.redpanda.com/agentic-data-plane/get-started.md --- # Get Started > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Get Started latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: index page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: index.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/get-started/pages/index.adoc description: Stand up Redpanda ADP and ship your first agent. page-git-created-date: "2026-04-29" page-git-modified-date: "2026-06-01" --- Redpanda’s Agentic Data Plane (ADP) runs and governs AI agents on your streaming data. Get an overview of the platform, then follow a quickstart to stand up ADP and ship your first agent. - [Redpanda ADP Overview](adp-overview/) Enterprise-grade infrastructure for building, deploying, and governing AI agents at scale with compliance-grade audit trails. - [Redpanda ADP Quickstart](adp-quickstart/) Set up Redpanda ADP end to end: configure an LLM provider, create an MCP server from a public OpenAPI spec, and build an agent that calls both. --- # Page 61: Redpanda ADP Overview **URL**: https://docs.redpanda.com/agentic-data-plane/get-started/adp-overview.md --- # Redpanda ADP Overview > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Redpanda ADP Overview latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: adp-overview page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: adp-overview.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/get-started/pages/adp-overview.adoc description: Enterprise-grade infrastructure for building, deploying, and governing AI agents at scale with compliance-grade audit trails. page-topic-type: overview personas: agent_builder, platform_engineer, security_compliance_lead, pilot_lead, domain_evaluator learning-objective-1: Identify the key components of Redpanda ADP and their purposes learning-objective-2: Describe how each component addresses enterprise governance and reliability requirements learning-objective-3: Determine whether Redpanda ADP fits your organization's requirements for AI agent deployment page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" --- Enterprises spent decades building governance for their human workforce: identity, access control, audit trails, and accountability. They never built the same controls for [AI agents](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#ai-agent). Most agents run with broad credentials, no identity of their own, and no record of what they did, which is why enterprise AI so often stalls before it reaches production. Redpanda Agentic Data Plane (ADP) closes that gap. ADP is governance infrastructure for enterprise agents: it sits between your agents and your data, gives every agent an identity, mediates every tool call and data access, and records every action so you can replay and audit it. With ADP, you connect agents to all your enterprise data, from real-time event streams to databases and business systems, and run them safely at scale without losing control. ADP builds on open standards, including MCP, OAuth, OpenTelemetry, and the Kafka protocol, so governance sits above your choice of LLM, cloud, or agent framework. You stay free to adopt new models and frameworks as they emerge, without re-platforming or locking into a single vendor. ADP is its own product surface. It runs on Redpanda, so there’s no separate cluster to stand up first: Redpanda provisions the underlying environment when you add ADP. After reading this page, you will be able to: - Identify the key components of Redpanda ADP and their purposes - Describe how each component addresses enterprise governance and reliability requirements - Determine whether Redpanda ADP fits your organization’s requirements for AI agent deployment ## [](#architecture)Architecture Agents and clients connect through ADP rather than reaching your systems directly. ADP gives every agent an identity and applies guardrails and spend caps, mediates tool and data access through MCP servers to your systems of record, and routes every LLM call through the AI Gateway. All activity streams to the Redpanda Data Platform as OpenTelemetry traces for replay, audit, and cost reporting. ![Architecture diagram: Redpanda-managed agents](https://docs.redpanda.com/agentic-data-plane/get-started/_images/adp-architecture.png) Figure 1. Redpanda ADP sits between your agents and clients and your external systems and LLM providers ## [](#ai-gateway)AI Gateway The AI Gateway is a managed proxy for LLM APIs. You configure an LLM provider once, and applications point at a Redpanda-hosted proxy URL while continuing to use the provider’s native SDK. Redpanda holds the upstream credentials, so application code never carries a provider API key and rotation happens in one place. Because every LLM call flows through one managed entry point, you get usage and cost visibility broken down by provider, model, and user, across any agent framework or platform, including Redpanda’s own, without locking into any single vendor’s SDK. Applications authenticate with short-lived OIDC service-account tokens, and streaming responses pass through unchanged. To control spend, set caps and per-agent [budgets](https://docs.redpanda.com/agentic-data-plane/control/budgets/) in one place. For more information, see [How AI Gateway Works](https://docs.redpanda.com/agentic-data-plane/gateway/overview/). ## [](#mcp-servers)MCP servers [MCP servers](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#mcp-server) translate agent intent into connections to databases, queues, HRIS, CRMs, and other business systems. They are the simplest way to give agents context and capabilities without writing glue code. MCP servers are lightweight, support OIDC-based authentication, and enforce deterministic policies at the tool level. You pick a managed type from the marketplace and configure it with your credentials, or register a self-managed server. Policy enforcement programmatically prevents prompt injection, SQL injection, and other agent-based attacks. With real-time debugging capabilities, you reduce integration time while getting enterprise-grade security. You can reuse your existing infrastructure and data sources rather than building new integrations from scratch. For more information, see [How MCP Servers Work](https://docs.redpanda.com/agentic-data-plane/connect/mcp-overview/). ## [](#ai-agents)AI agents With Redpanda AI agents, you declare the agent behavior you want and Redpanda handles execution and orchestration. Instead of writing Python or JavaScript, you configure agents declaratively: set a system prompt, choose a model, and attach the tools the agent can use. You can orchestrate multiple specialized [sub-agents](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#subagent), or bring your own frameworks like LangChain or LlamaIndex. What makes this practical at scale is a broad library of prebuilt tools and integrations with built-in filtering, enrichment, and routing, which give declarative definitions real power. The result is faster time-to-production, lower maintenance (declarative definitions instead of imperative code), and organizational consistency across teams. For more information, see [How Agents Work](https://docs.redpanda.com/agentic-data-plane/connect/agents-overview/). ## [](#built-in-governance-controls)Built-in governance controls Redpanda ADP addresses critical enterprise requirements across all components. - **Security by design**: MCP servers enforce policies at the tool level, programmatically preventing prompt injection, SQL injection, and other agent-based attacks. Policy enforcement is deterministic and controlled. Agents cannot bypass security constraints even through creative prompting. - **Unified authorization**: All components use OIDC-based authentication with an on-behalf-of authorization model. When a user invokes an agent, the agent inherits the intersection of its own permissions and the user’s permissions, so an agent can only do what the user behind it is allowed to do. This ensures proper data access scoping. An embedded identity provider lets any standards-compliant MCP client, such as Claude Desktop, Claude Code, or Microsoft Copilot Studio, connect over OAuth without custom header handling. - **Complete observability**: Redpanda ADP provides two levels of inspection. Execution logs ([transcripts](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#transcript)) give a read-only view of every agent run, capturing each prompt, response, and tool call with token and USD cost per conversation, plus status, duration, and an interactive timeline. Traces are emitted as OpenTelemetry data into an immutable Redpanda topic with 100% sampling. Real-time debugging tools let you inspect individual MCP server calls down to individual tool invocations with full timing data. You can view detailed agent actions in ADP and replay data for agent evaluations. For more information, see [How Observability Works](https://docs.redpanda.com/agentic-data-plane/monitor/concepts/). - **Compliance and audit**: Redpanda ADP records every agent action and the data sources used in each decision, which supports audit and compliance efforts (for example, frameworks such as ISO 42001 or the EU AI Act). Execution logs are stored in Redpanda topics and can be materialized to Iceberg tables for longer-term retention and analysis. ## [](#use-cases)Use cases Common Redpanda ADP use cases include: - **Automate financial operations**: Build agents that reconcile invoices across vendors and ERP systems, monitor real-time spending against budget, or review contracts against approved templates and flag out-of-policy clauses for legal review. - **Streamline HR and people operations**: Answer employee questions against benefits, payroll, and HRIS systems; automate onboarding and offboarding workflows; or triage internal support tickets to the right team. - **Improve customer experience**: Route customer inquiries to the right team, summarize prior support history before an agent picks up the case, or surface relevant knowledge-base articles in real time. - **Modernize infrastructure operations**: Detect anomalies in real-time telemetry from cloud, network, or factory equipment, correlate signals across disparate monitoring systems, and auto-create maintenance tickets with the relevant context already attached. - **Extend enterprise productivity tools**: Integrate Microsoft Copilot or other workplace agents with internal data sources and systems that are otherwise inaccessible. ## [](#next-steps)Next steps - [ADP Quickstart](https://docs.redpanda.com/agentic-data-plane/get-started/adp-quickstart/) - [Configure an LLM provider](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/) --- # Page 62: Redpanda ADP Quickstart **URL**: https://docs.redpanda.com/agentic-data-plane/get-started/adp-quickstart.md --- # Redpanda ADP Quickstart > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Redpanda ADP Quickstart latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: adp-quickstart page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: adp-quickstart.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/get-started/pages/adp-quickstart.adoc description: "Set up Redpanda ADP end to end: configure an LLM provider, create an MCP server from a public OpenAPI spec, and build an agent that calls both." page-topic-type: quickstart personas: platform_engineer, agent_builder learning-objective-1: Configure your first LLM provider in ADP with an Anthropic API key learning-objective-2: Create an MCP server from a public OpenAPI spec learning-objective-3: Build an agent that calls both the LLM provider and the MCP server page-git-created-date: "2026-06-04" page-git-modified-date: "2026-06-11" --- This quickstart sets up Redpanda ADP from scratch and follows the two roles involved: - An **administrator** configures a [large language model (LLM)](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#large-language-model-llm) provider for your organization. This is a one-time setup task. Until a provider exists, no one can build agents against it. - **Builders** then create [MCP servers](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#mcp-server) and [agents](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#ai-agent) that use the configured provider. Administrators complete the Admins: Configure an LLM provider section, and builders complete the Builders: Create an MCP server and agent section. If you have the Admin role, you can complete both yourself. If your administrator has already configured an LLM provider, skip to [Builders: Create an MCP server and agent](#builders-create-an-mcp-server-and-agent). When you sign in to ADP at [ai.redpanda.com](https://ai.redpanda.com), you land on the Home page: a snapshot of items that need your attention, recent request and spend activity, budget status, and counts of your ADP resources. Start the tasks in this guide from the sidebar. After reading this page, you will be able to: - Configure your first LLM provider in ADP with an Anthropic API key - Create an MCP server from a public OpenAPI spec - Build an agent that calls both the LLM provider and the MCP server ## [](#prerequisites)Prerequisites The [built-in role](https://docs.redpanda.com/agentic-data-plane/control/permissions-overview/) you need depends on which sections you complete. The Reader role can list resources but cannot create them. ### [](#for-admins)For admins This quickstart configures an Anthropic provider, but ADP also supports OpenAI, Google AI, AWS Bedrock, and OpenAI-compatible endpoints. To set up the Anthropic provider, you need: - The [Admin or Writer role](https://docs.redpanda.com/agentic-data-plane/control/permissions-overview/) in ADP. - An Anthropic account. If you don’t have one, the [Get an Anthropic API key](#get-an-anthropic-api-key) section walks through signup. ### [](#for-builders)For builders To create an MCP server and agent: - The [Writer role](https://docs.redpanda.com/agentic-data-plane/control/permissions-overview/) in ADP. - At least one LLM provider configured in your organization. If none exists, complete the admin steps first, or ask your administrator. ## [](#what-you-build)What you build You create the following ADP resources, in order: 1. **Anthropic LLM provider** (administrator). Routes Claude API calls through ADP so credentials, usage, and [transcripts](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#transcript) stay on the platform. 2. **PetStore [MCP server](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#mcp-server)** (builder). Exposes the public Swagger PetStore API as a set of [MCP tools](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#mcp-tool) the agent can call. 3. **Pet store assistant [agent](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#ai-agent)** (builder). Combines the provider and the MCP server so a natural-language question becomes a real API call against PetStore. After the agent works, you can walk through one execution turn-by-turn in the **Transcripts** view. ## [](#admins-configure-an-llm-provider)Admins: Configure an LLM provider A provider is an organization-level resource. Configure it once, and every builder can select it when they create agents. The following sections walk through getting an Anthropic API key and pointing ADP at Anthropic. ### [](#get-an-anthropic-api-key)Get an Anthropic API key Anthropic requires a payment method before it issues an API key. Add billing first, then create the key. 1. Open [platform.claude.com](https://platform.claude.com) and sign in, or create a new account. 2. Add a payment method to your account if you haven’t already. Anthropic requires a payment method before it issues API keys. (Optional: add a small amount of prepaid credit so the quickstart calls don’t fail on a fresh account.) 3. In the sidebar, select a workspace other than `Claude Code`. The `Claude Code` workspace uses a separate key-creation flow that doesn’t fit this quickstart. 4. Click **API keys** in the sidebar. 5. Click **\+ Create key** in the top right. In the Create API key dialog, name the key `adp-quickstart` and click **Add**. 6. Copy the key (it starts with `sk-ant-`). > ❗ **IMPORTANT** > > Anthropic shows the API key value once. If you close the dialog without copying, you can’t recover it. Paste the key into a secure note before continuing. The next section creates the secret in ADP’s secret store as part of the provider form, so you don’t have to keep the key on your local machine. 7. (Optional) On the **API keys** page, confirm the new key appears in the list. ### [](#configure-your-llm-provider)Configure your LLM provider Now point ADP at Anthropic. ADP references provider credentials by secret name, not by raw value, and you create the secret inline as part of this form. 1. Sign in to ADP at [ai.redpanda.com](https://ai.redpanda.com). 2. Open **LLM Providers** in the sidebar. 3. Click **Create provider**. 4. `Display name`: Enter `anthropic-quickstart`. This label appears in dashboards and model selectors. 5. Leave the auto-derived `Resource ID`. ADP generates it from the display name, using lowercase letters, numbers, and hyphens. The ID is used in API calls and CLI commands and can’t be changed after creation. 6. `Provider type`: Select `Anthropic`. 7. `API key reference`: Switch to the **New** tab and create the secret inline: - Name the secret `ANTHROPIC_API_KEY`. ADP uppercases the name automatically, and you can’t change it after creation. - Under `Secret value`, leave the **Text** tab selected and paste the `sk-ant-` key you copied from Anthropic. - Click **Create secret**. The secret value is write-only: ADP can’t show it again after creation, so if you mistype the key, create a new secret. New secrets get the AI Gateway scope automatically, which makes them usable across the platform: LLM providers, MCP servers, and agents. To create secrets ahead of time or manage them later, open **Secrets Store** in the sidebar. 8. Leave `Authorization passthrough` off. This quickstart uses one shared key, not per-user OAuth. 9. Leave the default `Base URL` in place. The form prefills the standard Anthropic endpoint. 10. `Models`: Select these models from the catalog: - `claude-haiku-4-5` (fast and inexpensive, good for testing) - `claude-sonnet-4-6` (higher quality, better tool use, used by the agent in the next sections) The catalog of available models is maintained by Redpanda. Models you select here become the catalog this provider exposes to agents and applications; you can change the list later from the provider detail page. 11. Click **Create provider**. 12. On the provider detail page, confirm the badge next to the provider name shows `Enabled` and the `Status` in the Connection card shows `Active`. If the Status badge stays in a failure state, see the [provider troubleshooting table](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/#troubleshooting). The most common cause is a typo in the secret reference or a key that wasn’t issued in the workspace ADP can read. For the full provider field reference (transcript logging, Bedrock IAM, Anthropic authentication passthrough, OpenAI-compatible endpoints), see [Configure an LLM provider](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/). ## [](#builders-create-an-mcp-server-and-agent)Builders: Create an MCP server and agent With a provider in place, a builder creates a tool server and an agent that uses it. Both are configured in the UI: the server from a marketplace picker, the agent on a single configuration page. > 💡 **TIP** > > If your administrator has already configured an LLM provider, you can skip the provider setup and start here. Select the existing provider in the agent form’s **Model** section. ### [](#create-an-mcp-server-with-a-public-openapi-spec)Create an MCP server with a public OpenAPI spec The OpenAPI managed MCP server type takes any OpenAPI 3.x spec URL and generates one MCP tool per operation. You point it at the public Swagger PetStore, which exposes a small pet-inventory API with no authentication. > 📝 **NOTE** > > PetStore is a public demo that Swagger hosts for testing and is occasionally unavailable. If your agent later returns an HTTP 500 from PetStore, that’s the upstream, not ADP. Retry the prompt, or move on to a real MCP server ([Managed MCP catalog](https://docs.redpanda.com/agentic-data-plane/connect/managed/managed-catalog/)) after you’ve confirmed the rest of the flow works. 1. Open **MCP Servers** in the sidebar and click **Create server**. 2. Search for and select the `OpenAPI` card from the marketplace picker. ![The Create MCP Server marketplace picker filtered by a search for openAPI](https://docs.redpanda.com/agentic-data-plane/get-started/_images/create-mcp-server-picker.png) 3. `Name`: Enter `petstore-quickstart`. 4. `Description`: Enter `Public PetStore API exposed as MCP tools for quickstart testing`. Optional, but helps you find the server later. 5. Leave the `Code mode` toggle off. Code mode adds search and execute tools that let agents run sandboxed code against the server’s tools. The PetStore catalog is small enough that you don’t need it for this quickstart. 6. `Spec`: Enter `[https://petstore3.swagger.io/api/v3/openapi.json](https://petstore3.swagger.io/api/v3/openapi.json)`. 7. `Base URL override`: Leave blank. The PetStore spec already declares the right `servers` block, so no override is needed. 8. Skip all other optional configuration fields. 9. For the authentication mode, select `None`. PetStore is a public API. 10. Click **Create**. 11. Redpanda fetches the spec, parses it, and generates one MCP tool per operation. When the server is ready, open its detail page. 12. On the **Overview** tab, copy the `API URL`. This is the MCP URL the agent connects to. 13. Open the **Inspector** tab. Redpanda runs a live `tools/list` against the server and lists every tool it discovered. Confirm the list includes `findpetsbystatus`, `getpetbyid`, `findpetsbytags`, and `addpet`. The OpenAPI MCP server lowercases tool names when it generates them from the spec’s `operationId` values. The exact tool count depends on the operations defined in the spec at fetch time. A populated list confirms the connection works. If the list is empty or the tab shows an error, see [OpenAPI MCP troubleshooting](https://docs.redpanda.com/agentic-data-plane/connect/managed/openapi/#troubleshooting). For the full OpenAPI MCP reference (authentication modes, operation filters, base URL overrides), see [OpenAPI managed MCP server](https://docs.redpanda.com/agentic-data-plane/connect/managed/openapi/). ### [](#build-your-agent)Build your agent Combine the Anthropic provider and the PetStore MCP server into an agent. ADP configures a managed agent on a single page with five sections: **Details**, **Model**, **Behavior**, **Tools**, and **Subagents**. A stepper on the left tracks the sections and summarizes what you’ve set in each; click a step to jump to its section. For the full reference, see [Create an agent](https://docs.redpanda.com/agentic-data-plane/connect/create-agent/). 1. Open **Agents** in the sidebar. 2. Click **Create agent**. 3. Choose how the agent runs. Click `Redpanda manages it`, so Redpanda deploys, runs, and observes the agent for you. ![The runtime choice in the create-agent flow](https://docs.redpanda.com/agentic-data-plane/shared/_images/create-agent-runtime-choice.png) > 📝 **NOTE** > > The other option, `I host it myself`, registers an agent you run on your own infrastructure. This quickstart uses the managed runtime. 4. In the **Details** section, set the following: - `Agent ID`: Skip for now. ADP pre-fills a generated ID and re-derives it from the display name you enter next. You can’t change the ID after creation. - `Display name`: Enter `pet-store-assistant`. This name appears in the agent registry list and the detail header, and the Agent ID updates to match. - `Description`: Enter `Quickstart agent that answers questions about the PetStore inventory`. - `Tags`: Skip. Tags are optional metadata for filtering and grouping. 5. In the **Model** section, set the following: - `LLM provider`: Select `anthropic-quickstart`. This provider supplies the credentials and routing for the agent. The dropdown lists every provider configured for your organization. If it’s empty, no provider exists yet. Ask your administrator to configure one, or complete the admin steps first. - `Model`: Select `claude-sonnet-4-6`. Sonnet handles multi-step tool use more reliably than Haiku. Leave the `Advanced` options, such as `Max iterations`, at their defaults. 6. In the **Behavior** section, paste the following into the `System prompt` editor: ```text You are a pet store inventory assistant. You have access to PetStore API tools through MCP. Use them to answer questions about pets. The most useful read tools are: - findpetsbystatus: List pets by status (available, pending, sold) - getpetbyid: Look up a specific pet by ID - findpetsbytags: Search by tag Rules: - Always call a tool before answering. Don't make up pet data. - After each tool call, summarize what the tool returned and cite the tool name in your response. - If a tool fails or returns no data, say so and stop. Don't retry with invented IDs. - Stick to read operations for this quickstart. Don't add, update, or delete pets. ``` 7. In the **Tools** section, select `petstore-quickstart` under `MCP servers`. The agent discovers the server’s tools at runtime; you don’t pre-select individual tools. The system prompt’s "stick to read operations" rule constrains behavior. You can change this list at any time. 8. In the **Subagents** section, leave the list empty to keep the agent flat. The quickstart uses a single agent. 9. Confirm the stepper summaries on the left, then click **Create agent**. If a required field is missing, a "Cannot create agent" error lists what to fix. 10. Wait for the agent status to change from `Starting` to `Running`. ADP creates the agent’s service account at this point; for details, see [service account authorization](https://docs.redpanda.com/agentic-data-plane/connect/concepts/#service-account-authorization). ### [](#test-the-agent-in-the-inspector)Test the agent in the Inspector The **Inspector** tab is a chat surface for the agent. Type a prompt into the input at the bottom of the page and click the paper-plane icon in the input’s bottom-right corner to send. Each prompt creates a Task card in the conversation that walks through the agent’s execution turn-by-turn: TaskStatusUpdate entries (`Submitted` → `Working` → `Completed`) with token counts, individual tool-call cards showing the tool name and latency, and an Artifact card holding the final response. **Clear context** (at the bottom of the input) resets the conversation between tests. 1. On the agent detail page, open the **Inspector** tab. 2. Send the first prompt: ```text What pets are available right now? ``` The agent calls `findpetsbystatus` with `status=available` and returns a summary of the pets, naming the tool. This PetStore endpoint is occasionally flaky; if it returns an HTTP 500, retry the prompt. The public PetStore is occasionally down. 3. (Optional) Send an open-ended prompt to confirm multi-step reasoning: ```text Find a pet tagged "friendly" and tell me whether it's available. ``` The agent may call `findpetsbytags` first, then `getpetbyid` for one of the matches, then summarize. If the agent hallucinates data instead of calling a tool, tighten the system prompt’s "Always call a tool before answering" rule. See [system prompt best practices](https://docs.redpanda.com/agentic-data-plane/connect/system-prompts/) for patterns. If a tool card shows an HTTP 500 error and the Artifact apologizes about the pet store API being unavailable, that’s the public Swagger PetStore being intermittently down. The agent is behaving correctly (the "if a tool fails, say so and stop" rule in the system prompt is what produced the apology). Retry the prompt; PetStore usually recovers within a few minutes. ### [](#iterate-on-your-agent)Iterate on your agent Agent configuration isn’t fixed after you create it. Edit the system prompt or model, save, and re-test in the Inspector to see how behavior changes. 1. On the agent detail page, open the **Overview** tab. The tab shows the agent’s full configuration as an editable form. 2. Adjust the `System prompt` to change how the agent responds. For example: - Add a constraint: `Never call more than one tool per response.` - Change the output format: `Always format pet details as a bulleted list.` - Add a confirmation step: `Before answering, restate which tool you plan to call and why.` 3. Click **Save changes**. 4. Open the **Inspector** tab, click **Clear context**, and re-send one of the earlier prompts to compare the agent’s behavior against your change. For system prompt patterns and anti-patterns, see [Write effective system prompts](https://docs.redpanda.com/agentic-data-plane/connect/system-prompts/). ## [](#clean-up)Clean up If this is a one-off quickstart, delete the resources you created so they don’t continue to count against your account. 1. Delete the agent (`pet-store-assistant`) first. Open the agent detail page, scroll to the delete section, and click **Delete**. 2. Delete the MCP server (`petstore-quickstart`). Same pattern. 3. Delete the LLM provider (`anthropic-quickstart`). Same pattern. Note that the underlying secret (`ANTHROPIC_API_KEY`) is not deleted automatically. 4. (Optional) Delete the secret. Open **Secrets Store**, click `ANTHROPIC_API_KEY`, then **Delete**. 5. (Optional, on the Anthropic side) Revoke the API key. Open [platform.claude.com](https://platform.claude.com), navigate to **Manage** > **API keys** in the workspace where you created the key, find `adp-quickstart` in the list, and revoke it from the row’s action menu. If you want to keep the provider but rotate the key, edit the provider and change the `API key` reference to a new secret. ## [](#next-steps)Next steps - Add more LLM providers (OpenAI, Google AI, AWS Bedrock, OpenAI-compatible): [Configure an LLM provider](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/) - Swap the PetStore demo for a real upstream (Slack, Jira, SQL, Kafka, and more): [Plug in an App, Database, or Tool](https://docs.redpanda.com/agentic-data-plane/connect/managed/managed-catalog/) - Track spend across teams: [Set Up Budgets](https://docs.redpanda.com/agentic-data-plane/control/budgets/) --- # Page 63: Monitor & Debug **URL**: https://docs.redpanda.com/agentic-data-plane/monitor.md --- # Monitor & Debug > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Monitor & Debug latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: index page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: index.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/monitor/pages/index.adoc description: See what your agents did, investigate runs, and check speed, cost, and errors. page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-01" --- See what your agents are doing and why. Monitor agent activity, read individual run transcripts, troubleshoot failures, and track speed, cost, and errors. - [How Observability Works](concepts/) Understand how Redpanda captures end-to-end execution transcripts on an immutable distributed log for agent governance and observability. - [Monitor Agent Activity](monitor-agents/) Monitor agent execution, analyze conversation history, track token usage, and debug issues using Inspector, Transcripts, and agent data topics. - [See What Your Agent Did](transcripts/) Open a transcript in ADP, read the conversation turn by turn, and investigate errors, costs, and performance. - [Troubleshoot Agents](troubleshoot-ai-agents/) Diagnose and fix common issues with AI agents including deployment failures, runtime behavior problems, and tool execution errors. - [Send BYOA Telemetry](byoa-telemetry/) Emit OpenTelemetry traces from your BYOA (Bring Your Own Agent) so the Agentic Data Plane can attribute calls, costs, and tool invocations to your agent. Covers the minimum required span contract, common optional attributes, and how it differs from a Redpanda-managed agent. --- # Page 64: Send BYOA Telemetry **URL**: https://docs.redpanda.com/agentic-data-plane/monitor/byoa-telemetry.md --- # Send BYOA Telemetry > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Send BYOA Telemetry latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: byoa-telemetry page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: byoa-telemetry.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/monitor/pages/byoa-telemetry.adoc description: Emit OpenTelemetry traces from your BYOA (Bring Your Own Agent) so the Agentic Data Plane can attribute calls, costs, and tool invocations to your agent. Covers the minimum required span contract, common optional attributes, and how it differs from a Redpanda-managed agent. page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Identify the resource attributes and span attributes a BYOA agent must emit so transcripts and cost rollups can attribute calls correctly learning-objective-2: Choose between optional enrichment attributes that improve cost and usage reporting fidelity (model, tool, agent name, conversation, cache tokens) learning-objective-3: Validate a BYOA agent's telemetry by reading the resulting transcript and confirming non-zero metric values page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- A **BYOA** (Bring Your Own Agent) is an agent you operate yourself, outside Redpanda’s managed runtime. To make it visible across transcripts, cost rollups, and the agent registry, your agent must emit OpenTelemetry traces with a specific minimum set of resource attributes and span attributes. Emit the right attributes from the start to avoid missing traces and misattributed cost data. For the full OTLP ingestion flow (deploying the Connect pipeline, authenticating, sending traces over HTTP or gRPC), see [Ingest custom traces](https://docs.redpanda.com/agentic-data-plane/monitor/ingest-custom-traces/). This page focuses on _what_ to emit; that page covers _how_ to send it. After reading this page, you will be able to: - Identify the resource attributes and span attributes a BYOA agent must emit so transcripts and cost rollups can attribute calls correctly - Choose between optional enrichment attributes that improve cost and usage reporting fidelity (model, tool, agent name, conversation, cache tokens) - Validate a BYOA agent’s telemetry by reading the resulting transcript and confirming non-zero metric values ## [](#why-this-matters)Why this matters When an agent runs, the Agentic Data Plane reconstructs a turn-by-turn transcript from the spans the agent (and its LLM, MCP server, sub-agent calls) emit. The transcripts UI groups, labels, and totals fields read directly from span attributes. If your agent omits a required attribute, the corresponding column in cost and usage reporting or in transcripts shows as empty, zero, or unattributed. Redpanda-managed agents emit the contract automatically through the runtime. BYOA agents must emit it themselves. ## [](#minimum-required-contract)Minimum required contract These attributes _must_ appear on your agent’s spans for transcripts and cost rollups to surface non-empty values. ### [](#resource-attributes)Resource attributes Set on the OTel `Resource` so every span the agent emits inherits them: | Attribute | Required value | | --- | --- | | service.name | A stable identifier for your agent. Surfaces as the agent identity on transcripts and as the Name column in the governance Agents list, and the service.name filter chip. Use a slug-style name like support-bot-prod or pricing-agent-eu. | ### [](#span-attributes)Span attributes Set on every relevant span: | Attribute | Required value | | --- | --- | | gen_ai.conversation.id | A stable identifier shared across every span in the same conversation (system prompt, user turn, assistant turn, tool call, sub-agent call). Drives the Conversation ID in the transcript header and the cross-service-trace filter. Use a UUID per conversation. | | gen_ai.operation.name | One of invoke_agent, chat, or execute_tool. Drives turn-role inference (SYSTEM / USER / ASSISTANT / TOOL). A span with no gen_ai.operation.name cannot be classified into a transcript role. | | gen_ai.request.model | The LLM model identifier the agent calls. Surfaces in the transcript turn header and in the Cost & Usage model breakdown. Required on chat-operation spans; optional on invoke_agent and execute_tool spans. | | gen_ai.usage.input_tokens and gen_ai.usage.output_tokens | Token counts on LLM-call spans. Drive the token totals in cost and usage reporting and the per-turn USD-cost calculation in transcripts. Without them the cost column reads 0. | If your agent emits these five attributes plus the resource `service.name`, every cost and usage report and every transcript field has a non-empty value to render. ## [](#recommended-enrichment)Recommended enrichment Cost and usage reporting degrades gracefully without these, but their presence lets the UI build richer views. | Attribute | Why it helps | | --- | --- | | gen_ai.provider.name | Labels the LLM provider (openai, anthropic, gemini, bedrock). Drives the provider filter and per-provider grouping in cost and usage reporting. Without it, spend groups everything under an unknown-provider bucket. | | gen_ai.agent.name | A human-readable agent label distinct from service.name. Use when the same service runs multiple logical agents (for example, support-bot/refunds, support-bot/onboarding). | | gen_ai.tool.name | On execute_tool spans, identifies which tool was invoked. Drives the Tool name attribute filter and the per-tool latency view in transcripts. | | gen_ai.usage.cache_read_input_tokens | Cache-hit token count on LLM-call spans. Surfaces in the CACHED bucket in cost and usage reporting and in per-turn cost. Without it, the CACHED bucket reads 0 even when your agent reuses a system prompt that the upstream cached. | | gen_ai.input.messages and gen_ai.output.messages | Conversation content. Used to reconstruct turn content, and required for transcript history reconstruction when older spans are evicted from redpanda.otel_traces (see Reconstructed transcript history). Without them, evicted spans render as empty turns rather than reconstructed turns. | > 📝 **NOTE** > > Latency and timestamps come from OTel span `start_time` and `end_time` automatically; you don’t need to add a separate `latency` attribute. ## [](#span-hierarchy)Span hierarchy Transcripts read your agent’s span tree to lay out turns. The recognized span types (matched by `gen_ai.operation.name` and span name) are documented in [Observability](https://docs.redpanda.com/agentic-data-plane/monitor/concepts/). The four span shapes are: - **Top-level span**: One per agent invocation. Sets `gen_ai.operation.name = "invoke_agent"`, carries the conversation ID and service name. - **Reasoning or chat spans**: Set `gen_ai.operation.name = "chat"` for LLM calls. Carry the model, token counts, and provider attributes. - **Tool spans**: Set `gen_ai.operation.name = "execute_tool"` for tool invocations. Carry the tool name and arguments. - **Sub-agent spans**: Set `gen_ai.operation.name = "invoke_agent"` nested under a parent agent’s span when one BYOA agent calls another. Parent-child relationships are expressed through OTel’s standard `parent_span_id`. Keep the tree faithful to your agent’s call graph; the transcript turn order follows it. ## [](#validate-with-a-transcript)Validate with a transcript After your agent emits a few traces, confirm they surface in ADP: 1. Confirm the `Name` column in the governance Agents list shows your `service.name` value. If it shows blank or `unknown`, the resource attribute didn’t make it through. 2. Open one of the agent’s transcripts and confirm the `Conversation ID` in the summary header matches the UUID your agent emitted. 3. Look at the assistant turn in the **Detailed** view for token counts and latency. Non-zero values mean the LLM-call span attributes are correctly emitted. 4. If you sent a tool call, expand the TOOL turn and confirm the `Tool name` renders. If any field shows blank or zero unexpectedly, the corresponding attribute is missing or misnamed in your agent’s instrumentation. ## [](#authentication)Authentication BYOA agents authenticate against the OTLP ingest endpoint with a service-account access token from your organization. Send the token in `Authorization: Bearer ` (HTTP) or `authorization: Bearer ` (gRPC). For the token-acquisition flow and endpoint URL format, see [Ingest custom traces](https://docs.redpanda.com/agentic-data-plane/monitor/ingest-custom-traces/). ## [](#where-to-find-code-examples)Where to find code examples The [Ingest custom traces](https://docs.redpanda.com/agentic-data-plane/monitor/ingest-custom-traces/) page has full HTTP and gRPC examples in Python, Node.js, and Go, each instrumenting an LLM call with the GenAI semantic-convention attributes. Adapt the examples to your agent’s framework. The attribute set is the same; only the OTel SDK ergonomics differ. ## [](#troubleshooting)Troubleshooting Common symptoms and fixes: | Symptom | What to check | | --- | --- | | Agent missing from the governance Agents list | Resource service.name is missing or set after the SDK was initialized. Set it at SDK construction. | | Conversation ID missing in transcript header | gen_ai.conversation.id not on the top-level invoke_agent span. Add it on the agent’s outer span; child spans inherit it through the trace. | | Token / USD cost columns show 0 for assistant turns | gen_ai.usage.input_tokens and gen_ai.usage.output_tokens aren’t on the LLM-call span. The model’s response carries them; lift them onto the span before it ends. | | Tool calls not visible in the transcript | gen_ai.operation.name = "execute_tool" is missing on the tool span. Also confirm the tool span is parented to an assistant span, not the root. | | Agent shows up in transcripts but not in the agent registry (AgentRegistryService.ListAgents) | Transcripts attribute by service.name resource attribute; cost attribution and the agent registry attribute by registered agent resource. BYOA agent registration ships separately. See Register your own agent (BYOA). | | Older turns in a long conversation render as is_reconstructed | Spans were evicted from redpanda.otel_traces retention. Reconstruction works only if your agent emitted gen_ai.input.messages and gen_ai.output.messages on later spans. See Reconstructed transcript history. | ## [](#next-steps)Next steps - [Ingest custom traces](https://docs.redpanda.com/agentic-data-plane/monitor/ingest-custom-traces/) - [Read a transcript](https://docs.redpanda.com/agentic-data-plane/monitor/transcripts/) - [Register your own agent (BYOA)](https://docs.redpanda.com/agentic-data-plane/connect/byoa-register/) --- # Page 65: How Observability Works **URL**: https://docs.redpanda.com/agentic-data-plane/monitor/concepts.md --- # How Observability Works > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: How Observability Works latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: concepts page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: concepts.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/monitor/pages/concepts.adoc description: Understand how Redpanda captures end-to-end execution transcripts on an immutable distributed log for agent governance and observability. page-topic-type: concepts personas: domain_evaluator, security_compliance_lead, platform_engineer, agent_builder learning-objective-1: Explain how transcripts and spans capture execution flow learning-objective-2: Interpret transcript structure for debugging and monitoring learning-objective-3: Distinguish between transcripts and audit logs page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-09" --- Redpanda provides complete observability and governance for AI agents through automated [transcript](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#transcript) capture. Every agent execution, from simple tool calls to complex multi-agent, multi-turn workflows, generates a permanent, write-once record stored on Redpanda’s [log](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#log). The structure of every execution (its reasoning steps, tool invocations, model interactions, and data flows) is captured with 100% sampling and no gaps. ADP records the full message content of each step (the prompts sent to the model and the responses it returns) only when you turn on input and output capture for the LLM provider, because that content can contain sensitive data. See [Configure an LLM Provider](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/). With transcripts, organizations gain the ability to debug agent behavior, identify performance bottlenecks, meet regulatory compliance requirements, and maintain accountability for AI-driven decisions. Transcripts use OpenTelemetry standards and [Raft](https://raft.github.io/)\-based consensus for correctness, establishing a trustworthy foundation for agent governance. After reading this page, you will be able to: - Explain how transcripts and spans capture execution flow - Interpret transcript structure for debugging and monitoring - Distinguish between transcripts and audit logs ## [](#what-are-transcripts)What are transcripts A transcript records the complete execution of an agentic behavior from start to finish. It captures every step (across multiple agents, tools, models, and services) in a single, traceable record. The AI Gateway and every [agent](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#ai-agent) and [MCP server](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#mcp-server) in your Agentic Data Plane (ADP) automatically emit OpenTelemetry traces to a [topic](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#topic) called `redpanda.otel_traces`. Redpanda’s immutable distributed log stores these traces. Transcripts capture: - Tool invocations and results - Agent reasoning steps - Data processing operations - External API calls - Error conditions - Performance metrics With 100% sampling, every operation is captured with no gaps. ADP records message content (the prompts and model responses behind each step) only when you enable input and output capture on the LLM provider. Until then, transcripts hold the execution structure and metadata but not the raw prompt and response bodies. The underlying storage uses a distributed log built on Raft consensus (with TLA+ proven correctness), giving transcripts a trustworthy, immutable record for governance, debugging, and performance analysis. ## [](#traces-and-spans)Traces and spans [OpenTelemetry](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#opentelemetry) traces provide a complete picture of how a request flows through your system: - A _trace_ represents the entire lifecycle of a request (for example, a tool invocation from start to finish). - A _span_ represents a single unit of work within that trace (such as a data processing operation or an external API call). - A trace contains one or more spans organized hierarchically, showing how operations relate to each other. ## [](#agent-transcript-hierarchy)Agent transcript hierarchy Agent executions create a hierarchy of spans that reflect how agents process requests. Understanding this hierarchy helps you interpret agent behavior and identify where issues occur. ### [](#agent-span-types)Agent span types Agent transcripts contain these span types: | Span Type | Description | Use To | | --- | --- | --- | | ai-agent | Top-level span representing the entire agent invocation from start to finish. Includes all processing time, from receiving the request through executing the reasoning loop, calling tools, and returning the final response. | Measure total request duration and identify slow agent invocations. | | agent | Internal agent processing that represents reasoning and decision-making. Shows time spent in the LLM reasoning loop, including context processing, tool selection, and response generation. Multiple agent spans may appear when the agent iterates through its reasoning loop. | Track reasoning time and identify iteration patterns. | | invoke_agent | Agent and sub-agent invocation in multi-agent architectures, following the OpenTelemetry agent invocation semantic conventions. Represents one agent calling another through the A2A protocol. | Trace calls between root agents and sub-agents, measure cross-agent latency, and identify which sub-agent was invoked. | | openai, anthropic, or other LLM providers | LLM provider API call showing calls to the language model. The span name matches the provider, and attributes typically include the model name (like gpt-5.2 or claude-sonnet-4-5). | Identify which model was called, measure LLM response time, and debug LLM API errors. | | rpcn-mcp | MCP tool invocation representing calls to Remote MCP servers. Shows tool execution time, including network latency and tool processing. | Measure tool execution time and identify slow MCP tool calls. | ### [](#typical-agent-execution-flow)Typical agent execution flow A simple agent request creates this hierarchy: ai-agent (6.65 seconds) ├── agent (6.41 seconds) │ ├── invoke\_agent: customer-support-agent (6.39 seconds) │ │ └── openai: chat gpt-5.2 (6.2 seconds) This hierarchy shows that the LLM API call (6.2 seconds) accounts for most of the total agent invocation time (6.65 seconds), revealing the bottleneck in this execution flow. ## [](#mcp-server-transcript-hierarchy)MCP server transcript hierarchy MCP server tool invocations produce a different span hierarchy focused on tool execution and internal processing. This structure reveals performance bottlenecks and helps debug tool-specific issues. ### [](#mcp-server-span-types)MCP server span types MCP server transcripts contain these span types: | Span Type | Description | Use To | | --- | --- | --- | | mcp-{server-id} | Top-level span representing the entire MCP server invocation. The server ID uniquely identifies the MCP server instance. This span encompasses all tool execution from request receipt to response completion. | Measure total MCP server response time and identify slow tool invocations. | | service | Internal service processing span that appears at multiple levels in the hierarchy. Represents internal MCP server operations including routing, processing, and component execution. | Track internal processing overhead and identify where time is spent in the service layer. | | Tool name (for example, get_order_status, get_customer_history) | The specific MCP tool being invoked. This span name matches the tool name defined in the MCP server configuration. | Identify which tool was called and measure tool-specific execution time. | | processors | Processor pipeline execution span showing the collection of processors that process the tool’s data. Appears as a child of the tool invocation span. | Measure total processor pipeline execution time. | | Processor name (for example, mapping, http, branch) | Individual processor execution span representing a single internal processor in the MCP server pipeline. The span name matches the processor type. | Identify slow processors and debug processing logic. | ### [](#typical-mcp-server-execution-flow)Typical MCP server execution flow An MCP tool invocation creates this hierarchy: mcp-d5mnvn251oos73 (4.00 seconds) ├── service > get\_order\_status (4.07 seconds) │ └── service > processors (43 microseconds) │ └── service > mapping (18 microseconds) This shows: 1. Total MCP server invocation: 4.00 seconds 2. Tool execution (get\_order\_status): 4.07 seconds 3. Processor pipeline: 43 microseconds 4. Mapping processor: 18 microseconds (data transformation) The majority of time (4+ seconds) is spent in tool execution, while internal processing (mapping) takes only microseconds. This indicates the tool itself (likely making external API calls or database queries) is the bottleneck, not the MCP server’s internal processing. ## [](#transcript-layers-and-scope)Transcript layers and scope Transcripts contain multiple layers of instrumentation, from HTTP transport through application logic to external service calls. The `scope.name` field in each span identifies which instrumentation layer created that span. ### [](#instrumentation-layers)Instrumentation layers A complete agent transcript includes these layers: | Layer | Scope Name | Purpose | | --- | --- | --- | | HTTP Server | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | HTTP transport layer receiving requests. Shows request/response sizes, status codes, client addresses, and network details. | | AI SDK (Agent) | github.com/redpanda-data/ai-sdk-go/plugins/otel | Agent application logic. Shows agent invocations, LLM calls, tool executions, conversation IDs, token usage, and model details. Includes gen_ai.* semantic convention attributes. | | HTTP Client | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | Outbound HTTP calls from agent to MCP servers. Shows target URLs, request methods, and response codes. | | MCP Server | rpcn-mcp | MCP server tool execution. Shows tool name, input parameters, result size, and execution time. Appears as a separate service.name in resource attributes. | ### [](#how-layers-connect)How layers connect Layers connect through parent-child relationships in a single transcript: ai-agent-http-server (HTTP Server layer) └── invoke\_agent customer-support-agent (AI SDK layer) ├── chat gpt-5-nano (AI SDK layer, LLM call 1) ├── execute\_tool get\_order\_status (AI SDK layer) │ └── HTTP POST (HTTP Client layer) │ └── get\_order\_status (MCP Server layer, different service) │ └── processors (MCP Server layer) └── chat gpt-5-nano (AI SDK layer, LLM call 2) The request flow demonstrates: 1. HTTP request arrives at agent 2. Agent invokes sub-agent 3. Agent makes first LLM call to decide what to do 4. Agent executes tool, making HTTP call to MCP server 5. MCP server processes tool through its pipeline 6. Agent makes second LLM call with tool results 7. Response returns through HTTP layer ### [](#cross-service-transcripts)Cross-service transcripts When agents call MCP tools, the transcript spans multiple services. Each service has a different `service.name` in the resource attributes: - Agent spans: `"service.name": "ai-agent"` - MCP server spans: `"service.name": "mcp-{server-id}"` Both use the same `traceId`, allowing you to follow a request across service boundaries. ### [](#key-attributes-by-layer)Key attributes by layer Different layers expose different attributes: HTTP Server/Client layer (following [OpenTelemetry semantic conventions for HTTP](https://opentelemetry.io/docs/specs/semconv/http/http-spans/)): - `http.request.method`, `http.response.status_code` - `server.address`, `url.path`, `url.full` - `network.peer.address`, `network.peer.port` - `http.request.body.size`, `http.response.body.size` AI SDK layer (following [OpenTelemetry semantic conventions for generative AI](https://opentelemetry.io/docs/specs/semconv/gen-ai/gen-ai-spans/)): - `gen_ai.operation.name`: Operation type (`invoke_agent`, `chat`, `execute_tool`) - `gen_ai.conversation.id`: Links spans to the same conversation session. A conversation may include multiple agent invocations (one per user request). Each invocation creates a separate trace that shares the same conversation ID. - `gen_ai.agent.name`: Sub-agent name for multi-agent systems - `gen_ai.provider.name`, `gen_ai.request.model`: LLM provider and model - `gen_ai.usage.input_tokens`, `gen_ai.usage.output_tokens`: Token consumption - `gen_ai.usage.input_tokens_cost_usd`, `gen_ai.usage.output_tokens_cost_usd`: USD cost per call, derived from token counts and a per-model pricing table - `gen_ai.tool.name`, `gen_ai.tool.call.arguments`: Tool execution details - `gen_ai.input.messages`, `gen_ai.output.messages`: Full LLM conversation context MCP Server layer: - Tool-specific attributes like `order_id`, `customer_id` - `result_prefix`, `result_length`: Tool result metadata - Component-specific attributes from your tool configuration The `scope.name` field identifies which instrumentation layer created each span. ## [](#understand-the-transcript-structure)Understand the transcript structure Each span captures a unit of work. Here’s what a typical MCP tool invocation looks like: ```json { "traceId": "71cad555b35602fbb35f035d6114db54", "spanId": "43ad6bc31a826afd", "name": "http_processor", "attributes": [ {"key": "city_name", "value": {"stringValue": "london"}}, {"key": "result_length", "value": {"intValue": "198"}} ], "startTimeUnixNano": "1765198415253280028", "endTimeUnixNano": "1765198424660663434", "instrumentationScope": {"name": "rpcn-mcp"}, "status": {"code": 0, "message": ""} } ``` - `traceId` links all spans in the same request across services - `spanId` uniquely identifies this span - `name` identifies the operation or tool - `instrumentationScope.name` identifies which layer created the span (for example, `rpcn-mcp` for MCP tools) - `attributes` contain operation-specific metadata - `status.code` indicates success (0) or error (2) ### [](#parent-child-relationships)Parent-child relationships Transcripts show how operations relate. A tool invocation (parent) may trigger internal operations (children): ```json { "traceId": "71cad555b35602fbb35f035d6114db54", "spanId": "ed45544a7d7b08d4", "parentSpanId": "43ad6bc31a826afd", "name": "http", "instrumentationScope": {"name": "redpanda-connect"}, "status": {"code": 0, "message": ""} } ``` The `parentSpanId` links this child span to the parent tool invocation. Both share the same `traceId` so you can reconstruct the complete operation. ## [](#error-events-in-transcripts)Error events in transcripts When something goes wrong, transcripts capture error details: ```json { "traceId": "71cad555b35602fbb35f035d6114db54", "spanId": "ba332199f3af6d7f", "parentSpanId": "43ad6bc31a826afd", "name": "http_request", "events": [ { "name": "event", "timeUnixNano": "1765198420254169629", "attributes": [{"key": "error", "value": {"stringValue": "type"}}] } ], "status": {"code": 0, "message": ""} } ``` The `events` array captures what happened and when. Use `timeUnixNano` to see exactly when the error occurred within the operation. ## [](#opentelemetry-traces-topic)How Redpanda stores trace data The `redpanda.otel_traces` topic stores OpenTelemetry spans using Redpanda’s [Schema Registry](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#schema-registry) wire format, with a custom Protobuf schema named `redpanda.otel_traces-value` that follows the [OpenTelemetry Protocol (OTLP)](https://opentelemetry.io/docs/specs/otel/protocol/) specification. Spans include attributes following OpenTelemetry [semantic conventions for generative AI](https://opentelemetry.io/docs/specs/semconv/gen-ai/), such as `gen_ai.operation.name` and `gen_ai.conversation.id`. The schema is automatically registered in the Schema Registry with the topic, so Kafka clients can consume and deserialize trace data correctly. Redpanda manages both the `redpanda.otel_traces` topic and its schema automatically. If you delete either the topic or the schema, they are recreated automatically. However, deleting the topic permanently deletes all trace data, and the topic comes back empty. Do not produce your own data to this topic. It is reserved for OpenTelemetry traces. ### [](#topic-configuration-and-lifecycle)Topic configuration and lifecycle The `redpanda.otel_traces` topic has a predefined retention policy. Configuration changes to this topic are not supported. If you modify settings, Redpanda reverts them to the default values. The topic persists even after all agents and MCP servers are deleted, allowing you to retain historical trace data for analysis. Transcripts may contain sensitive information from your tool inputs and outputs. Review the data in transcripts before sharing or exporting to external systems. Read access to transcript data is governed by the TranscriptReader role rather than by topic ACLs on `redpanda.otel_traces`. See [Transcript permissions](https://docs.redpanda.com/agentic-data-plane/control/permissions-reference/#transcript-permissions). ## [](#transcripts-compared-to-audit-logs)Transcripts compared to audit logs Transcripts and audit logs serve different but complementary purposes. Transcripts provide: - A complete, immutable record of every execution step, stored on Redpanda’s distributed log with no gaps - Hierarchical view of request flow through your system (parent-child span relationships) - Detailed timing information for performance analysis - Ability to reconstruct execution paths and identify bottlenecks Transcripts are optimized for execution-level observability and governance. For user-level accountability tracking ("who initiated what"), use the session and task topics for agents, which provide records of agent conversations and task execution. ## [](#history-reconstruction)Reconstructed transcript history Trace data on `redpanda.otel_traces` is subject to a retention policy. When a transcript covers a long-running conversation whose earliest spans have already been evicted, Redpanda reconstructs the missing turns from the LLM message context carried on later spans (`gen_ai.input.messages`) and sets the boolean field `is_reconstructed` to `true` on each affected turn. The UI surfaces this as a **Reconstructed** badge on those turns: `is_reconstructed` is the backing data field; "Reconstructed" is the visible label. Reconstructed turns preserve the high-level intent and role ordering of the conversation, but do not preserve byte-level fidelity: token counts, per-turn latency, and tool-call arguments are unavailable for the reconstructed range. ## [](#next-steps)Next steps - [See What Your Agent Did](https://docs.redpanda.com/agentic-data-plane/monitor/transcripts/) - [Monitor Agent Activity](https://docs.redpanda.com/agentic-data-plane/monitor/monitor-agents/) - [Test an MCP Server’s Tools with the Inspector](https://docs.redpanda.com/agentic-data-plane/connect/test-tools/) --- # Page 66: Ingest OpenTelemetry Traces from Custom Agents **URL**: https://docs.redpanda.com/agentic-data-plane/monitor/ingest-custom-traces.md --- # Ingest OpenTelemetry Traces from Custom Agents > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Ingest OpenTelemetry Traces from Custom Agents latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: ingest-custom-traces page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: ingest-custom-traces.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/monitor/pages/ingest-custom-traces.adoc description: Configure a Redpanda Connect pipeline to ingest OpenTelemetry traces from custom agents into Redpanda's immutable log for unified governance and observability. page-topic-type: how-to personas: agent_builder, platform_engineer learning-objective-1: Configure and deploy a Redpanda Connect pipeline to receive OpenTelemetry traces from custom agents through HTTP and publish them to redpanda.otel_traces learning-objective-2: Validate trace data format and compatibility with existing MCP server traces learning-objective-3: Secure the ingestion endpoint using authentication mechanisms page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- You can extend Redpanda’s transcript observability to custom agents built with frameworks like LangChain or instrumented with OpenTelemetry SDKs. By ingesting traces from external applications into the `redpanda.otel_traces` topic, you gain unified visibility across all agent executions, from Redpanda’s declarative agents, Remote MCP servers, to your own custom implementations. After reading this page, you will be able to: - Configure and deploy a Redpanda Connect pipeline to receive OpenTelemetry traces from custom agents through HTTP and publish them to `redpanda.otel_traces` - Validate trace data format and compatibility with existing MCP server traces - Secure the ingestion endpoint using authentication mechanisms ## [](#prerequisites)Prerequisites - A Redpanda Connect pipeline host. Ability to manage secrets on that host. - The latest version of [`rpk`](https://docs.redpanda.com/agentic-data-plane/reference/rpk-install/) installed - Custom agent or application instrumented with OpenTelemetry SDK - Basic understanding of the [OpenTelemetry span format](https://opentelemetry.io/docs/specs/semconv/gen-ai/gen-ai-agent-spans/) and [OpenTelemetry Protocol (OTLP)](https://opentelemetry.io/docs/specs/otlp/) ## [](#quickstart-for-langchain-users)Quickstart for LangChain users If you’re using LangChain with OpenTelemetry tracing, you can send traces to Redpanda’s `redpanda.otel_traces` [topic](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#topic) to view them in the Transcripts view. 1. Configure LangChain’s OpenTelemetry integration by following the [LangChain documentation](https://docs.langchain.com/langsmith/trace-with-opentelemetry). 2. Deploy a Redpanda Connect pipeline using the `otlp_http` input to receive OTLP traces over HTTP. Create the pipeline in the **Connect** page. For a sample configuration, see [Configure the ingestion pipeline](#configure-the-ingestion-pipeline). 3. Configure your OTEL exporter to send traces to your Redpanda Connect pipeline using environment variables: ```bash # Configure LangChain OTEL integration export LANGSMITH_OTEL_ENABLED=true export LANGSMITH_TRACING=true # Send traces to Redpanda Connect pipeline (use your pipeline URL) export OTEL_EXPORTER_OTLP_ENDPOINT="https://.pipelines..clusters.rdpa.co" export OTEL_EXPORTER_OTLP_HEADERS="Authorization=Bearer " ``` By default, traces are sent to both LangSmith and your Redpanda Connect pipeline. If you want to send traces only to Redpanda (not LangSmith), set: ```bash export LANGSMITH_OTEL_ONLY="true" ``` Your LangChain application will send traces to the `redpanda.otel_traces` topic, making them visible in the Transcripts view alongside Remote MCP server and declarative agent traces. For non-LangChain applications or custom instrumentation, continue with the sections below. ## [](#about-custom-trace-ingestion)About custom trace ingestion Custom agents are applications with OpenTelemetry instrumentation that operate independently of Redpanda’s Remote MCP servers or declarative agents (such as LangChain, CrewAI, or manually instrumented applications). When these agents send traces to `redpanda.otel_traces`, you gain unified observability alongside Remote MCP server and declarative agent traces. See [Cross-service transcripts](https://docs.redpanda.com/agentic-data-plane/monitor/concepts/#cross-service-transcripts) for details on how traces correlate across services. ### [](#trace-format-requirements)Trace format requirements Custom agents must emit traces in OTLP format. The [`otlp_http`](https://docs.redpanda.com/connect/components/inputs/otlp_http/) input accepts both OTLP Protobuf (`application/x-protobuf`) and JSON (`application/json`) payloads. For [gRPC transport](#use-grpc), use the [`otlp_grpc`](https://docs.redpanda.com/connect/components/inputs/otlp_grpc/) input. Each trace must follow the OTLP specification with these required fields: | Field | Description | | --- | --- | | traceId | Hex-encoded unique identifier for the entire trace | | spanId | Hex-encoded unique identifier for this span | | name | Descriptive operation name | | startTimeUnixNano and endTimeUnixNano | Timing information in nanoseconds | | instrumentationScope | Identifies the library that created the span | | status | Operation status with code (0 = UNSET, 1 = OK, 2 = ERROR) | Optional but recommended fields: - `parentSpanId` for hierarchical traces - `attributes` for contextual information For complete trace structure details, see [Understand the transcript structure](https://docs.redpanda.com/agentic-data-plane/monitor/concepts/#understand-the-transcript-structure). ## [](#configure-the-ingestion-pipeline)Configure the ingestion pipeline Create a Redpanda Connect pipeline that receives OTLP traces and publishes them to the `redpanda.otel_traces` topic. Choose HTTP or gRPC transport based on your agent’s requirements. ### [](#create-the-pipeline-configuration)Create the pipeline configuration Create a pipeline configuration file that defines the OTLP ingestion endpoint. #### HTTP The `otlp_http` input component: - Exposes an OpenTelemetry Collector HTTP receiver - Accepts traces at the standard `/v1/traces` endpoint - Converts incoming OTLP data into individual Redpanda OTEL v1 Protobuf messages The following example shows a minimal pipeline configuration. Redpanda ADP automatically injects authentication handling, so you don’t need to configure `auth_token` in the input. ```yaml input: otlp_http: {} output: redpanda: seed_brokers: - "${PRIVATE_REDPANDA_BROKERS}" tls: enabled: ${PRIVATE_REDPANDA_TLS_ENABLED} sasl: - mechanism: "REDPANDA_CLOUD_SERVICE_ACCOUNT" topic: "redpanda.otel_traces" ``` #### gRPC The `otlp_grpc` input component: - Exposes an OpenTelemetry Collector gRPC receiver - Accepts traces through the OTLP gRPC protocol - Converts incoming OTLP data into individual Redpanda OTEL v1 Protobuf messages The following example shows a minimal pipeline configuration. ADP automatically injects authentication handling. ```yaml input: otlp_grpc: {} output: redpanda: seed_brokers: - "${PRIVATE_REDPANDA_BROKERS}" tls: enabled: ${PRIVATE_REDPANDA_TLS_ENABLED} sasl: - mechanism: "REDPANDA_CLOUD_SERVICE_ACCOUNT" topic: "redpanda.otel_traces" ``` > 📝 **NOTE** > > Clients must include the authentication token in gRPC metadata as `authorization: Bearer `. The OTLP input automatically handles format conversion, so no processors are needed for basic trace ingestion. Each span becomes a separate message in the `redpanda.otel_traces` topic. ### [](#deploy-the-ingestion-pipeline)Deploy the ingestion pipeline 1. In the **Connect** page, click **Create Pipeline**. 2. For the input, select the **otlp\_http** (or **otlp\_grpc**) component. 3. Skip to **Add a topic** and select `redpanda.otel_traces` from the list of existing topics. Leave the default advanced settings. 4. In the **Add permissions** step, create a service account with write access to the `redpanda.otel_traces` topic. 5. In the **Create pipeline** step, enter a name for your pipeline and paste the configuration. Authentication for incoming requests is handled automatically. ## [](#send-traces-from-your-custom-agent)Send traces from your custom agent Configure your custom agent to send OpenTelemetry traces to the pipeline endpoint. After deploying the pipeline, you can find its URL on the pipeline details page in the host UI. | Transport | URL Format | | --- | --- | | HTTP | https://.pipelines..clusters.rdpa.co/v1/traces | | gRPC | .pipelines..clusters.rdpa.co:443 | ### [](#authenticate-to-the-pipeline)Authenticate to the pipeline The OTLP pipeline authenticates with a service account access token. Obtain an access token using your service account credentials as described in [Authenticate to the Cloud API](https://docs.redpanda.com/cloud-data-platform/security/cloud-authentication/#authenticate-to-the-cloud-api). Include the token in your requests: - HTTP: Set the `Authorization` header to `Bearer ` - gRPC: Set the `authorization` metadata field to `Bearer ` ### [](#configure-your-otel-exporter)Configure your OTEL exporter Install the OpenTelemetry SDK for your language and configure the OTLP exporter to target your Redpanda Connect pipeline endpoint. The exporter configuration requires: - Endpoint: Your pipeline’s URL (the SDK adds `/v1/traces` automatically for HTTP) - Headers: Authorization header with your bearer token - Protocol: HTTP to match the `otlp_http` input (or gRPC for `otlp_grpc`) #### HTTP View Python example ```python from opentelemetry import trace from opentelemetry.exporter.otlp.proto.http.trace_exporter import OTLPSpanExporter from opentelemetry.sdk.trace import TracerProvider from opentelemetry.sdk.trace.export import BatchSpanProcessor from opentelemetry.sdk.resources import Resource # Configure resource attributes to identify your agent resource = Resource(attributes={ "service.name": "my-custom-agent", "service.version": "1.0.0" }) # Configure the OTLP HTTP exporter exporter = OTLPSpanExporter( endpoint="https://.pipelines..clusters.rdpa.co/v1/traces", headers={"Authorization": "Bearer YOUR_TOKEN"} ) # Set up tracing with batch processing provider = TracerProvider(resource=resource) processor = BatchSpanProcessor(exporter) provider.add_span_processor(processor) trace.set_tracer_provider(provider) # Use the tracer with GenAI semantic conventions tracer = trace.get_tracer(__name__) with tracer.start_as_current_span( "invoke_agent my-assistant", kind=trace.SpanKind.INTERNAL ) as span: # Set GenAI semantic convention attributes span.set_attribute("gen_ai.operation.name", "invoke_agent") span.set_attribute("gen_ai.agent.name", "my-assistant") span.set_attribute("gen_ai.provider.name", "openai") span.set_attribute("gen_ai.request.model", "gpt-4") # Your agent logic here result = process_request() # Set token usage if available span.set_attribute("gen_ai.usage.input_tokens", 150) span.set_attribute("gen_ai.usage.output_tokens", 75) ``` View Node.js example ```javascript const { NodeTracerProvider } = require('@opentelemetry/sdk-trace-node'); const { OTLPTraceExporter } = require('@opentelemetry/exporter-trace-otlp-http'); const { BatchSpanProcessor } = require('@opentelemetry/sdk-trace-base'); const { Resource } = require('@opentelemetry/resources'); const { trace, SpanKind } = require('@opentelemetry/api'); // Configure resource const resource = new Resource({ 'service.name': 'my-custom-agent', 'service.version': '1.0.0' }); // Configure OTLP HTTP exporter const exporter = new OTLPTraceExporter({ url: 'https://.pipelines..clusters.rdpa.co/v1/traces', headers: { 'Authorization': 'Bearer YOUR_TOKEN' } }); // Set up provider const provider = new NodeTracerProvider({ resource }); provider.addSpanProcessor(new BatchSpanProcessor(exporter)); provider.register(); // Use the tracer with GenAI semantic conventions const tracer = trace.getTracer('my-agent'); const span = tracer.startSpan('invoke_agent my-assistant', { kind: SpanKind.INTERNAL }); // Set GenAI semantic convention attributes span.setAttribute('gen_ai.operation.name', 'invoke_agent'); span.setAttribute('gen_ai.agent.name', 'my-assistant'); span.setAttribute('gen_ai.provider.name', 'openai'); span.setAttribute('gen_ai.request.model', 'gpt-4'); // Your agent logic processRequest().then(result => { // Set token usage if available span.setAttribute('gen_ai.usage.input_tokens', 150); span.setAttribute('gen_ai.usage.output_tokens', 75); span.end(); }); ``` View Go example ```go package main import ( "context" "log" "go.opentelemetry.io/otel" "go.opentelemetry.io/otel/attribute" "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp" "go.opentelemetry.io/otel/sdk/resource" sdktrace "go.opentelemetry.io/otel/sdk/trace" semconv "go.opentelemetry.io/otel/semconv/v1.26.0" "go.opentelemetry.io/otel/trace" ) func main() { ctx := context.Background() // Configure OTLP HTTP exporter exporter, err := otlptracehttp.New(ctx, otlptracehttp.WithEndpoint(".pipelines..clusters.rdpa.co"), otlptracehttp.WithHeaders(map[string]string{ "Authorization": "Bearer YOUR_TOKEN", }), ) if err != nil { log.Fatalf("Failed to create exporter: %v", err) } // Configure resource res, _ := resource.New(ctx, resource.WithAttributes( semconv.ServiceName("my-custom-agent"), semconv.ServiceVersion("1.0.0"), ), ) // Set up tracer provider tp := sdktrace.NewTracerProvider( sdktrace.WithBatcher(exporter), sdktrace.WithResource(res), ) defer tp.Shutdown(ctx) otel.SetTracerProvider(tp) tracer := tp.Tracer("my-agent") // Create span with GenAI semantic conventions _, span := tracer.Start(ctx, "invoke_agent my-assistant", trace.WithSpanKind(trace.SpanKindInternal), ) span.SetAttributes( attribute.String("gen_ai.operation.name", "invoke_agent"), attribute.String("gen_ai.agent.name", "my-assistant"), attribute.String("gen_ai.provider.name", "openai"), attribute.String("gen_ai.request.model", "gpt-4"), attribute.Int("gen_ai.usage.input_tokens", 150), attribute.Int("gen_ai.usage.output_tokens", 75), ) span.End() tp.ForceFlush(ctx) } ``` #### gRPC View Python example ```python from opentelemetry import trace from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import OTLPSpanExporter from opentelemetry.sdk.trace import TracerProvider from opentelemetry.sdk.trace.export import BatchSpanProcessor from opentelemetry.sdk.resources import Resource resource = Resource(attributes={ "service.name": "my-custom-agent", "service.version": "1.0.0" }) # gRPC endpoint without https:// prefix exporter = OTLPSpanExporter( endpoint=".pipelines..clusters.rdpa.co:443", headers={"authorization": "Bearer YOUR_TOKEN"} ) provider = TracerProvider(resource=resource) provider.add_span_processor(BatchSpanProcessor(exporter)) trace.set_tracer_provider(provider) ``` View Node.js example ```javascript const { NodeTracerProvider } = require('@opentelemetry/sdk-trace-node'); const { OTLPTraceExporter } = require('@opentelemetry/exporter-trace-otlp-grpc'); const { BatchSpanProcessor } = require('@opentelemetry/sdk-trace-base'); const { Resource } = require('@opentelemetry/resources'); const resource = new Resource({ 'service.name': 'my-custom-agent', 'service.version': '1.0.0' }); // gRPC exporter with TLS const exporter = new OTLPTraceExporter({ url: 'https://.pipelines..clusters.rdpa.co:443', headers: { 'authorization': 'Bearer YOUR_TOKEN' } }); const provider = new NodeTracerProvider({ resource }); provider.addSpanProcessor(new BatchSpanProcessor(exporter)); provider.register(); ``` View Go example ```go package main import ( "context" "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc" "google.golang.org/grpc" "google.golang.org/grpc/credentials" ) func createGRPCExporter(ctx context.Context) (*otlptracegrpc.Exporter, error) { return otlptracegrpc.New(ctx, otlptracegrpc.WithEndpoint(".pipelines..clusters.rdpa.co:443"), otlptracegrpc.WithDialOption(grpc.WithTransportCredentials(credentials.NewTLS(nil))), otlptracegrpc.WithHeaders(map[string]string{ "authorization": "Bearer YOUR_TOKEN", }), ) } ``` > 💡 **TIP** > > Use environment variables for the endpoint URL and authentication token to keep credentials out of your code. ### [](#use-recommended-semantic-conventions)Use recommended semantic conventions The Transcripts view recognizes [OpenTelemetry semantic conventions for GenAI operations](https://opentelemetry.io/docs/specs/semconv/gen-ai/gen-ai-agent-spans/). Following these conventions ensures your traces display correctly with proper attribution, token usage, and operation identification. #### [](#required-attributes-for-agent-operations)Required attributes for agent operations Following the OpenTelemetry semantic conventions, agent spans should include these attributes: - Operation identification: - `gen_ai.operation.name` - Set to `"invoke_agent"` for agent execution spans - `gen_ai.agent.name` - Human-readable name of your agent (displayed in Transcripts view) - LLM provider details: - `gen_ai.provider.name` - LLM provider identifier (for example, `"openai"`, `"anthropic"`, `"gcp.vertex_ai"`) - `gen_ai.request.model` - Model name (for example, `"gpt-4"`, `"claude-sonnet-4"`) - Token usage (for cost tracking): - `gen_ai.usage.input_tokens` - Number of input tokens consumed - `gen_ai.usage.output_tokens` - Number of output tokens generated - Session correlation: - `gen_ai.conversation.id` - Identifier linking related agent invocations in the same conversation #### [](#required-attributes-for-proper-display)Required attributes for proper display Set these attributes on your spans for proper display and filtering in the Transcripts view: | Attribute | Purpose | | --- | --- | | gen_ai.operation.name | Set to "invoke_agent" for agent execution spans | | gen_ai.agent.name | Human-readable name displayed in Transcripts view | | gen_ai.provider.name | LLM provider (for example, "openai", "anthropic") | | gen_ai.request.model | Model name (for example, "gpt-4", "claude-sonnet-4") | | gen_ai.usage.input_tokens / gen_ai.usage.output_tokens | Token counts for cost tracking | | gen_ai.conversation.id | Links related agent invocations in the same conversation | See the code examples earlier in this page for how to set these attributes in Python, Node.js, or Go. ### [](#validate-trace-format)Validate trace format Before deploying to production, verify your traces match the expected format: 1. Run your agent locally and enable debug logging in your OpenTelemetry SDK to inspect outgoing spans. 2. Verify required fields are present: - `traceId`, `spanId`, `name` - `startTimeUnixNano`, `endTimeUnixNano` - `instrumentationScope` with a `name` field - `status` with a `code` field (1 for success, 2 for error) 3. Check that `service.name` is set in the resource attributes to identify your agent in the Transcripts view. 4. Verify GenAI semantic convention attributes if you want proper display in the Transcripts view: - `gen_ai.operation.name` set to `"invoke_agent"` for agent spans - `gen_ai.agent.name` for agent identification - Token usage attributes if tracking costs ## [](#verify-trace-ingestion)Verify trace ingestion After deploying your pipeline and configuring your custom agent, verify traces are flowing correctly. ### [](#consume-traces-from-the-topic)Consume traces from the topic Check that traces are being published to the `redpanda.otel_traces` topic: ```bash rpk topic consume redpanda.otel_traces --offset end -n 10 ``` You can also view the `redpanda.otel_traces` topic in the **Topics** page of the host UI. Look for spans with your custom `instrumentationScope.name` to identify traces from your agent. ### [](#view-traces-in-transcripts)View traces in Transcripts After your custom agent sends traces through the pipeline, they appear in the **Transcripts** view in ADP alongside traces from Remote MCP servers, declarative agents, and AI Gateway. #### [](#identify-custom-agent-transcripts)Identify custom agent transcripts Custom agent transcripts are identified by the `service.name` resource attribute, which differs from Redpanda’s built-in services (`ai-agent` for declarative agents, `mcp-{server-id}` for MCP servers). See [Cross-service transcripts](https://docs.redpanda.com/agentic-data-plane/monitor/concepts/#cross-service-transcripts) to understand how the `service.name` attribute identifies transcript sources. Your custom agent transcripts display with: - **Service name** in the service filter dropdown (from your `service.name` resource attribute) - **Agent name** in span details (from the `gen_ai.agent.name` attribute) - **Operation names** like `"invoke_agent my-assistant"` indicating agent executions For detailed instructions on filtering, searching, and navigating transcripts in the UI, see [View Transcripts](https://docs.redpanda.com/agentic-data-plane/monitor/transcripts/). #### [](#token-usage-tracking)Token usage tracking If your spans include the recommended token usage attributes (`gen_ai.usage.input_tokens` and `gen_ai.usage.output_tokens`), they display in the summary panel’s token usage section. This enables cost tracking alongside Remote MCP server and declarative agent transcripts. ## [](#troubleshooting)Troubleshooting If traces from your custom agent aren’t appearing in the Transcripts view, use these diagnostic steps to identify and resolve common ingestion issues. ### [](#pipeline-not-receiving-requests)Pipeline not receiving requests If your custom agent cannot reach the ingestion endpoint: 1. Verify the endpoint URL format: - HTTP: `https://.pipelines..clusters.rdpa.co/v1/traces` - gRPC: `.pipelines..clusters.rdpa.co:443` (no `https://` prefix for gRPC clients) 2. Check network connectivity and firewall rules. 3. Ensure authentication tokens are valid and properly formatted in the `Authorization: Bearer ` header (HTTP) or `authorization` metadata field (gRPC). 4. Verify the Content-Type header matches your data format (`application/x-protobuf` or `application/json`). 5. Review pipeline logs for connection errors or authentication failures. ### [](#traces-not-appearing-in-topic)Traces not appearing in topic If requests succeed but traces do not appear in `redpanda.otel_traces`: 1. Check pipeline output configuration. 2. Verify topic permissions. 3. Validate trace format matches OTLP specification. ## [](#limitations)Limitations - The `otlp_http` and `otlp_grpc` inputs accept only traces, logs, and metrics, not profiles. - Only traces are published to the `redpanda.otel_traces` topic. - Exceeded rate limits return HTTP 429 (HTTP) or ResourceExhausted status (gRPC). ## [](#next-steps)Next steps - [See What Your Agent Did](https://docs.redpanda.com/agentic-data-plane/monitor/transcripts/) - [OTLP HTTP input reference](https://docs.redpanda.com/connect/components/inputs/otlp_http/) - [OTLP gRPC input reference](https://docs.redpanda.com/connect/components/inputs/otlp_grpc/) --- # Page 67: Monitor Agent Activity **URL**: https://docs.redpanda.com/agentic-data-plane/monitor/monitor-agents.md --- # Monitor Agent Activity > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Monitor Agent Activity latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: monitor-agents page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: monitor-agents.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/monitor/pages/monitor-agents.adoc description: Monitor agent execution, analyze conversation history, track token usage, and debug issues using Inspector, Transcripts, and agent data topics. page-topic-type: how-to personas: agent_builder, platform_engineer, domain_evaluator learning-objective-1: Verify agent behavior using the Inspector tab learning-objective-2: Track token usage and performance metrics learning-objective-3: Debug agent execution using Transcripts page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- Use monitoring to track agent performance, analyze conversation patterns, debug execution issues, and optimize token costs. After reading this page, you will be able to: - Verify agent behavior using the **Inspector** tab - Track token usage and performance metrics - Debug agent execution using **Transcripts** For conceptual background on traces and observability, see [How Observability Works](https://docs.redpanda.com/agentic-data-plane/monitor/concepts/). ## [](#prerequisites)Prerequisites You must have a running agent. If you do not have one, see [Redpanda ADP Quickstart](https://docs.redpanda.com/agentic-data-plane/get-started/adp-quickstart/). ## [](#debug-agent-execution-with-transcripts)Debug agent execution with Transcripts An agent’s **Transcripts** tab shows each conversation with timing, errors, and token usage. Use it to debug issues, verify agent behavior, and monitor performance. ### [](#navigate-an-agents-transcripts)Navigate an agent’s transcripts 1. Open **Agents** in the sidebar and select your agent. 2. Open the **Transcripts** tab. The tab lists the agent’s recent conversations, one row per conversation: - `Conversation`: The conversation ID, with the conversation title when one exists. - `Started`: When the conversation began. - `Duration`: End-to-end wall-clock time. - `Turns`: Number of turns in the conversation. - `Status`: `Completed`, `Error`, or `Running`. - `Tokens`: Total tokens across the conversation. Use the search box to match a conversation ID or title, and the status dropdown to narrow the list to `Completed`, `Error`, or `Running` conversations. The list loads in pages; click **Load more** to fetch older conversations. #### [](#conversation-detail)Conversation detail Click a row to open the conversation. The header shows the conversation ID with a status badge, the start time, duration, and turn count, plus a total-tokens chip. Toggle between two views: - **Chat**: The user-visible exchange, as a conversation. - **Detailed**: Adds per-turn metadata: latency, input/output token splits, and each tool call with its arguments, result, latency, and status. If any turns were rebuilt from LLM message context after their original spans were evicted, those turns carry a _reconstructed_ marker. For the mechanics, see [Reconstructed transcript history](https://docs.redpanda.com/agentic-data-plane/monitor/concepts/#history-reconstruction). ### [](#check-agent-health)Check agent health Use the **Transcripts** tab to verify your agent is healthy. Recent conversations should show `Completed` status, duration within your expected range, and stable token usage without unexpected growth. Several warning signs indicate problems. Conversations with `Error` status need investigation. When duration increases over time, your context window may be growing or tool calls could be slowing down. Many LLM calls for simple requests often signal that the agent is stuck in loops or making unnecessary iterations. If you see no new transcripts, the agent may be stopped or encountering deployment issues. Pay attention to patterns across multiple conversations. When all recent transcripts show errors, start by checking agent status, MCP server connectivity, and system prompt configuration. A list that alternates between success and error typically points to intermittent tool failures or external API issues. If duration increases steadily over a session, your context window is likely filling up. Clear the conversation history to reset it. High token usage combined with relatively few LLM calls usually means tool results are large or your system prompts are verbose. ### [](#debug-with-transcripts)Debug with Transcripts Use the **Transcripts** tab to diagnose specific issues: If the agent is not responding: 1. Check the list for recent conversations. If none appear, the agent may be stopped. 2. Verify agent status in the main **Agents** view. 3. Look for error transcripts with deployment or initialization failures. If the agent fails during execution: 1. Set the status dropdown to `Error` and open the failed conversation. 2. Switch to the **Detailed** view and find the turn carrying the error. 3. Check the tool call’s arguments and result for error messages. 4. Cross-reference with MCP server status. If performance is slow: 1. Compare the `Duration` column across recent conversations. 2. Open a slow conversation in the **Detailed** view and scan per-turn latency to find the bottleneck. 3. Check if LLM calls are taking longer than expected. 4. Verify tool execution time on the nested tool calls. ### [](#track-token-usage-and-costs)Track token usage and costs View token consumption in the conversation detail view. The **Detailed** view breaks each turn into input tokens (everything sent to the LLM including system prompt, conversation history, and tool results) and output tokens (what the LLM generates in agent responses); the header chip shows the conversation total. Calculate cost per request: Cost = (input\_tokens x input\_price) + (output\_tokens x output\_price) Example: GPT-5.2 with 4,302 input tokens and 1,340 output tokens at $0.00000175 per input token and $0.000014 per output token costs $0.026 per request. For cost optimization strategies, see [Cost calculation](https://docs.redpanda.com/agentic-data-plane/connect/concepts/#cost-calculation). ## [](#test-agent-behavior-with-inspector)Test agent behavior with Inspector The **Inspector** tab provides real-time conversation testing. Use it to test agent responses interactively and verify behavior before deploying changes. ### [](#access-inspector)Access Inspector 1. Open **Agents** in the sidebar. 2. Click your agent name. 3. Open the **Inspector** tab. 4. Enter test queries and review responses. 5. Check the conversation panel to see tool calls. 6. Start a new session to test fresh conversations or click **Clear context** to reset history. ### [](#testing-best-practices)Testing best practices Test your agents systematically by exploring edge cases and potential failure scenarios. Begin with boundary testing. Requests at the edge of agent capabilities verify that scope enforcement works correctly. Error handling becomes clear when you request unavailable data and observe whether the agent degrades gracefully. Even with proper system prompt constraints, testing confirms that your agent responds appropriately to edge cases. Monitor iteration counts during complex requests to ensure they complete within your configured limits. Ambiguous or vague queries reveal whether the agent asks clarifying questions or makes risky assumptions. Throughout testing, track token usage per request to estimate costs and identify which query patterns consume the most resources. ## [](#next-steps)Next steps - [How Observability Works](https://docs.redpanda.com/agentic-data-plane/monitor/concepts/) - [Troubleshoot Agents](https://docs.redpanda.com/agentic-data-plane/monitor/troubleshoot-ai-agents/) --- # Page 68: See What Your Agent Did **URL**: https://docs.redpanda.com/agentic-data-plane/monitor/transcripts.md --- # See What Your Agent Did > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: See What Your Agent Did latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: transcripts page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: transcripts.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/monitor/pages/transcripts.adoc description: Open a transcript in ADP, read the conversation turn by turn, and investigate errors, costs, and performance. page-topic-type: how-to personas: agent_builder, domain_evaluator, platform_engineer, security_compliance_lead learning-objective-1: Open a transcript from an agent's Transcripts tab learning-objective-2: Read a transcript as a turn-by-turn conversation, including tool calls and token usage learning-objective-3: Investigate errors, slow turns, and cost anomalies from the transcript detail view page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-10" --- Use an agent’s transcripts to read a complete record of each conversation, turn by turn. Each transcript captures the conversation between the user, the agent, any LLM calls, and any tools it invoked, along with token usage, latency, estimated cost, and any errors. For conceptual background on the underlying OpenTelemetry data model, see [How Observability Works](https://docs.redpanda.com/agentic-data-plane/monitor/concepts/). After reading this page, you will be able to: - Open a transcript from an agent’s Transcripts tab - Read a transcript as a turn-by-turn conversation, including tool calls and token usage - Investigate errors, slow turns, and cost anomalies from the transcript detail view ## [](#prerequisites)Prerequisites - A [running agent](https://docs.redpanda.com/agentic-data-plane/connect/create-agent/) with at least one execution. - The [TranscriptReader role](https://docs.redpanda.com/agentic-data-plane/control/permissions-reference/#transcript-permissions) (or Admin). Transcript reads are not part of the default Reader or Writer roles. ## [](#open-an-agents-transcripts)Open an agent’s transcripts 1. Open **Agents** in the sidebar and select the agent. 2. Open the **Transcripts** tab. The tab lists the agent’s recent conversations, one row per conversation. ## [](#read-the-transcripts-list)Read the transcripts list Each row represents one conversation. Columns include: - `Conversation`: The conversation ID, with the conversation title when one exists. - `Started`: When the conversation began. - `Duration`: End-to-end wall-clock time. - `Turns`: Number of turns in the conversation. - `Status`: `Completed`, `Error`, or `Running`. - `Tokens`: Total tokens across the conversation. A transcript marked _reconstructed_ is one in which some turns were rebuilt from LLM message context after the original spans were evicted from `redpanda.otel_traces`. See [Reconstructed transcript history](https://docs.redpanda.com/agentic-data-plane/monitor/concepts/#history-reconstruction) for what that means. ### [](#filter-the-list)Filter the list - Use the search box to match against a conversation ID or title. - Use the status dropdown to narrow the list to `Completed`, `Error`, or `Running` conversations. The list loads in pages. Click **Load more** to fetch older conversations, and use the refresh control to pick up new ones. ## [](#open-a-transcript)Open a transcript Click any row to open the conversation detail view. The view has two parts: a summary header and the conversation. ### [](#summary-header)Summary header The summary header reports: - The conversation ID and a status badge (`Completed`, `Error`, or `Running`). - The start time, end-to-end duration, and turn count. - A total-tokens chip. - A **Chat** / **Detailed** view toggle. Chat shows the user-visible exchange; Detailed adds per-turn metadata such as latency, token splits, and tool calls. If the conversation ended with a top-level error, an error banner appears below the header with the code and message. ### [](#read-the-conversation)Read the conversation Turns are listed in order by role: - **SYSTEM**: The system prompt and any priming instructions. - **USER**: A user message that started or continued the conversation. - **ASSISTANT**: A response from the LLM. In the Detailed view, shows input/output token counts and latency. If the assistant turn called a tool, its tool calls are nested underneath. - **TOOL**: A tool invocation. Shows the tool name, the arguments passed, the result, and the latency of the call. Any turn may carry the `is_reconstructed` marker. Reconstructed turns preserve role order and the high-level content of the conversation but do not carry per-turn token counts, latency, or tool-call arguments. See [Reconstructed transcript history](https://docs.redpanda.com/agentic-data-plane/monitor/concepts/#history-reconstruction) for the mechanics. ### [](#errors)Errors An errored transcript shows `TranscriptStatus.ERROR` in the summary header. The specific failure appears on the turn that raised it, with: - **Code**: `TranscriptError.code` (for example, a provider error code or `INVALID_ARGUMENT`) - **Message**: A short description from the LLM provider, the tool, or the agent runtime If the failure happened during a tool call, the error is attached to the TOOL turn; if it was an LLM call, it’s on the ASSISTANT turn; if neither, it’s on the trace root. ## [](#common-investigation-tasks)Common investigation tasks ### [](#debug-errors)Debug errors 1. Set the status dropdown to `Error`. 2. Open the failing transcript and scroll to the turn carrying the error code. 3. Read the immediately preceding turns (tool arguments, assistant output) for root cause. ### [](#investigate-performance-issues)Investigate performance issues 1. Sort the list visually by the `Duration` column to spot slow conversations. 2. Open a slow transcript, switch to the **Detailed** view, and scan the per-turn latency to find the bottleneck turn. 3. For tool-bound bottlenecks, expand the tool call to see arguments and result size: a large result often correlates with slow tool execution. ### [](#analyze-tool-usage)Analyze tool usage Open a transcript in the **Detailed** view to read each tool call: arguments in, results out, latency, and a status pill. Tool calls are nested under the assistant turn that made them. ### [](#monitor-llm-interactions-and-cost)Monitor LLM interactions and cost The transcript shows token usage per turn. For spend analysis across agents, models, and users, open **Cost & Usage** under **Governance** in the sidebar (see [View cost and usage](https://docs.redpanda.com/agentic-data-plane/gateway/configure-provider/#view-cost-and-usage)), or use breakdown queries through `SpendingService`; per-transcript `estimated_cost_usd` is also available through the Transcripts API. ## [](#limitations)Limitations - The list loads in pages from most recent backward. If the conversation you need is old, keep loading more pages or search by its conversation ID. - Reconstructed turns do not carry token counts, latency, or tool-call arguments for the reconstructed range. For byte-level fidelity, lower the ingestion lag or extend `redpanda.otel_traces` retention (see [How Redpanda stores trace data](https://docs.redpanda.com/agentic-data-plane/monitor/concepts/#opentelemetry-traces-topic)). - Estimated USD cost is only populated for models covered by the pricing table. ## [](#troubleshooting)Troubleshooting ### [](#transcript-stuck-in-running)Transcript stuck in RUNNING A transcript stays in `RUNNING` until the root span closes. Common causes: - The agent or MCP server is still executing (this is normal: Wait, or open a newer transcript). - The root span never flushed because the process was killed mid-execution. Expect this to resolve once the OTLP ingestion lag clears; if it doesn’t after several minutes, the trace is likely orphaned. ### [](#usd-cost-shows-0)USD cost shows 0 `TranscriptUsage.estimated_cost_usd` is populated by the cost-reporting pipeline from the `gen_ai.usage.*` attributes on each LLM-call span combined with a per-model pricing table. For the full list of cost-bearing attributes (including the explicit USD-cost fields), see [Key attributes by layer](https://docs.redpanda.com/agentic-data-plane/monitor/concepts/#key-attributes-by-layer). If cost is `0` for a transcript that clearly used tokens, check: - The model is in the pricing table. To use a custom rate (negotiated contract, internal chargeback), see [Override per-model pricing](https://docs.redpanda.com/agentic-data-plane/control/budgets/#override-per-model-pricing). - The cost-reporting pipeline is enabled on your environment. - The LLM-call spans carry the `gen_ai.usage.*` attributes the pipeline reads: Either the token-count inputs (`gen_ai.usage.input_tokens`, `gen_ai.usage.output_tokens`) or the explicit USD-cost fields listed on the concepts page. > 📝 **NOTE** > > Cache-write tokens (Anthropic 4.x, OpenAI 4.x prompt caches) are attributed to the **CACHED** bucket on streaming and non-streaming responses alike. If a transcript shows zero cache cost on a request that clearly populated a prompt cache, check that the upstream actually wrote to the cache (the response includes a non-zero `cache_creation_input_tokens` or equivalent token-count field) before treating it as a discrepancy. ### [](#all-turns-marked-reconstructed)All turns marked reconstructed Reconstruction happens when the original spans have been evicted from `redpanda.otel_traces`. Causes: - Retention on `redpanda.otel_traces` is aggressive relative to how long the conversation has been running. - OTLP ingestion fell behind and the span was dropped before it reached the topic. For long-running conversations, accept some reconstruction; for short conversations whose turns are all reconstructed, investigate ingestion and retention. ### [](#transcript-missing-entirely)Transcript missing entirely - Confirm the agent or MCP server actually ran: Check its logs and the corresponding session or task topic. - Confirm your user holds the TranscriptReader role (or Admin). Transcript reads require the `dataplane_adp_transcript_get` and `dataplane_adp_transcript_list` permissions, which are not part of the default Reader or Writer roles. See [Transcript permissions](https://docs.redpanda.com/agentic-data-plane/control/permissions-reference/#transcript-permissions). - Confirm the feature flag enabling Transcripts is on for your environment. ## [](#next-steps)Next steps - [Monitor Agent Activity](https://docs.redpanda.com/agentic-data-plane/monitor/monitor-agents/) - [Test an MCP Server’s Tools with the Inspector](https://docs.redpanda.com/agentic-data-plane/connect/test-tools/) - [Troubleshoot Agents](https://docs.redpanda.com/agentic-data-plane/monitor/troubleshoot-ai-agents/) --- # Page 69: Troubleshoot Agents **URL**: https://docs.redpanda.com/agentic-data-plane/monitor/troubleshoot-ai-agents.md --- # Troubleshoot Agents > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Troubleshoot Agents latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: troubleshoot-ai-agents page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: troubleshoot-ai-agents.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/monitor/pages/troubleshoot-ai-agents.adoc description: Diagnose and fix common issues with AI agents including deployment failures, runtime behavior problems, and tool execution errors. page-topic-type: troubleshooting personas: agent_builder, platform_engineer learning-objective-1: Diagnose deployment failures and resource allocation errors learning-objective-2: Resolve runtime behavior issues including tool selection and iteration limits learning-objective-3: Fix tool execution problems and authentication failures page-git-created-date: "2026-05-28" page-git-modified-date: "2026-06-04" --- Use this page to diagnose and fix common issues with AI agents, including deployment failures, runtime behavior problems, tool execution errors, and integration issues. ## [](#deployment-issues)Deployment issues Fix issues that prevent agents from connecting to required resources. ### [](#mcp-server-connection-failures)MCP server connection failures **Symptoms:** Agent starts but the tools don’t respond or return connection errors. **Causes:** - MCP server stopped or crashed after agent creation - Network connectivity issues between agent and MCP server - MCP server authentication or permission issues **Solution:** 1. Verify MCP server status in **Remote MCP**. 2. Check MCP server logs for errors. 3. Restart the MCP server if needed. 4. Verify agent has permission to access the MCP server. **Prevention:** - Monitor MCP server health - Use appropriate retry logic in tools ## [](#runtime-behavior-issues)Runtime behavior issues Resolve problems with agent decision-making, tool selection, and response generation. ### [](#agent-not-calling-tools)Agent not calling tools **Symptoms:** Agent responds without calling any tools, or fabricates information instead of using tools. **Causes:** - System prompt doesn’t clearly specify when to use tools - Tool descriptions are vague or missing - LLM model lacks sufficient reasoning capability - Max iterations is too low **Solution:** 1. Strengthen tool usage guidance in your system prompt: ```text ALWAYS use get_order_status when customer mentions an order ID. NEVER respond about order status without calling the tool first. ``` 2. Review tool descriptions in your MCP server configuration. 3. Use a more capable model from the supported list for your gateway. 4. Increase max iterations if the agent is stopping before reaching tools. **Prevention:** - Write explicit tool selection criteria in system prompts - Test agents with the [systematic testing approach](https://docs.redpanda.com/agentic-data-plane/connect/system-prompts/#evaluation-and-testing) - Use models appropriate for your task complexity ### [](#calling-wrong-tools)Calling wrong tools **Symptoms:** Agent selects incorrect tools for the task, or calls tools with invalid parameters. **Causes:** - Tool descriptions are ambiguous or overlap - Too many similar tools confuse the LLM - System prompt doesn’t provide clear tool selection guidance **Solution:** 1. Make tool descriptions more specific and distinct. 2. Add "when to use" guidance to your system prompt: ```text Use get_order_status when: - Customer provides an order ID (ORD-XXXXX) - You need to check current order state Use get_shipping_info when: - Order status is "shipped" - Customer asks about delivery or tracking ``` 3. Reduce the number of tools you expose to the agent. 4. Use subagents to partition tools by domain. **Prevention:** - Follow tool design patterns in [How MCP Servers Work](https://docs.redpanda.com/agentic-data-plane/connect/mcp-overview/) - Limit each agent to 10-15 tools maximum - Test boundary cases where multiple tools might apply ### [](#stuck-in-loops-or-exceeding-max-iterations)Stuck in loops or exceeding max iterations **Symptoms:** Agent reaches max iterations without completing the task, or repeatedly calls the same tool with the same parameters. **Causes:** - Tool returns errors that the agent doesn’t know how to handle - Agent doesn’t recognize when the task is complete - Tool returns incomplete data that prompts another call - System prompt encourages exhaustive exploration **Solution:** 1. Add completion criteria to your system prompt: ```text When you have retrieved all requested information: 1. Present the results to the user 2. Stop calling additional tools 3. Do not explore related data unless asked ``` 2. Add error handling guidance: ```text If a tool fails after 2 attempts: - Explain what went wrong - Do not retry the same tool again - Move on or ask for user guidance ``` 3. Review tool output to ensure it signals completion clearly. 4. Increase max iterations if the task legitimately requires many steps. **Prevention:** - Design tools to return complete information in one call - Set max iterations appropriate for task complexity (see [Why iterations matter](https://docs.redpanda.com/agentic-data-plane/connect/concepts/#why-iterations-matter)) - Test with ambiguous requests that might cause loops ### [](#making-up-information)Making up information **Symptoms:** Agent provides plausible-sounding answers without calling tools, or invents data when tools fail. **Causes:** - System prompt doesn’t explicitly forbid fabrication - Agent treats tool failures as suggestions rather than requirements - Model is hallucinating due to lack of constraints **Solution:** 1. Add explicit constraints to your system prompt: ```text Critical rules: - NEVER make up order numbers, tracking numbers, or customer data - If a tool fails, explain the failure - do not guess - If you don't have information, say so explicitly ``` 2. Test error scenarios by temporarily disabling tools. 3. Use a more capable model that follows instructions better. **Prevention:** - Include "never fabricate" rules in all system prompts - Test with requests that require unavailable data - Monitor **Transcripts** and session topic for fabricated responses ### [](#analyzing-conversation-patterns)Analyzing conversation patterns **Symptoms:** Agent behavior is inconsistent or produces unexpected results. **Solution:** Review conversation history in **Transcripts** to identify problematic patterns: - Agents calling the same tool repeatedly: Indicates loop detection is needed - Large gaps between messages: Suggests tool timeout or slow execution - Agent responses without tool calls: Indicates a tool selection issue - Fabricated information: Suggests a missing "never make up data" constraint - Truncated early messages: Indicates the context window was exceeded **Analysis workflow:** 1. Use **Inspector** to reproduce the issue. 2. Review full conversation including tool invocations. 3. Identify where agent behavior diverged from expected. 4. Check system prompt for missing guidance. 5. Verify tool responses are formatted correctly. ## [](#performance-issues)Performance issues Diagnose and fix issues related to agent speed and resource consumption. ### [](#slow-response-times)Slow response times **Symptoms:** Agent takes 10+ seconds to respond to simple queries. **Causes:** - LLM model is slow (large context processing) - Too many tool calls in sequence - Tools themselves are slow (database queries, API calls) - Large context window from long conversation history **Solution:** 1. Use a faster, lower-latency model tier for simple queries and reserve larger models for complex reasoning. 2. Review conversation history in the **Inspector** tab to identify unnecessary tool calls. 3. Optimize tool implementations: 1. Add caching where appropriate 2. Reduce query complexity 3. Return only needed data (use pagination, filters) 4. Clear the conversation history if the context is very large. **Prevention:** - Right-size model selection based on task complexity - Design tools to execute quickly (< 2 seconds ideal) - Set appropriate max iterations to prevent excessive exploration - Monitor token usage and conversation length ### [](#high-token-costs)High token costs **Symptoms:** Token usage is higher than expected, costs are increasing rapidly. **Causes:** - Max iterations configured too high - Agent making unnecessary tool calls - Large tool results filling context window - Long conversation history not being managed - Using expensive models for simple tasks **Solution:** 1. Review token usage in **Transcripts**. 2. Lower max iterations for this agent. 3. Optimize tool responses to return less data: ```text Bad: Return all 10,000 customer records Good: Return paginated results, 20 records at a time ``` 4. Add cost control guidance to system prompt: ```text Efficiency guidelines: - Request only the data you need - Stop when you have enough information - Do not call tools speculatively ``` 5. Switch to a more cost-effective model for simple queries. 6. Clear conversation history periodically in the **Inspector** tab. **Prevention:** - Set appropriate max iterations (10-20 for simple, 30-40 for complex) - Design tools to return minimal necessary data - Monitor token usage trends - See cost calculation guidance in [Cost calculation](https://docs.redpanda.com/agentic-data-plane/connect/concepts/#cost-calculation) ## [](#tool-execution-issues)Tool execution issues Fix problems with timeouts, invalid parameters, and error responses. ### [](#tool-timeouts)Tool timeouts **Symptoms:** Tools fail with timeout errors, agent receives incomplete results. **Causes:** - External API is slow or unresponsive - Database query is too complex - Network latency between tool and external system - Tool processing large datasets in memory **Solution:** 1. Add timeout handling to tool implementation: ```yaml http: url: https://api.example.com/data timeout: "5s" # Set explicit timeout ``` 2. Optimize external queries: 1. Add database indexes 2. Reduce query scope 3. Cache frequent queries 3. Increase tool timeout if operation legitimately takes longer. 4. Add retry logic for transient failures. **Prevention:** - Set explicit timeouts in all tool configurations - Test tools under load - Monitor external API performance - Design tools to fail fast on unavailable services ### [](#invalid-parameters)Invalid parameters **Symptoms:** Tools return validation errors about missing or incorrectly formatted parameters. **Causes:** - Tool schema doesn’t match implementation - Agent passes wrong data types - Required parameters not marked as required in schema - Agent misunderstands parameter purpose **Solution:** 1. Verify tool schema matches implementation: ```yaml input_schema: properties: order_id: type: string # Must match what tool expects description: "Order ID in format ORD-12345" ``` 2. Add parameter validation to tools. 3. Improve parameter descriptions in tool schema. 4. Add examples to tool descriptions: ```yaml description: | Get order status by order ID. Example: get_order_status(order_id="ORD-12345") ``` **Prevention:** - Write detailed parameter descriptions - Include format requirements and examples - Test tools with invalid inputs to verify error messages - Use JSON Schema validation in tool implementations ### [](#tool-returns-errors)Tool returns errors **Symptoms:** Tools execute but return error responses or unexpected data formats. **Causes:** - External API returned error - Tool implementation has bugs - Data format changed in external system - Tool lacks error handling **Solution:** 1. Check tool logs in MCP server. 2. Test tool directly (outside agent context). 3. Verify external system is operational. 4. Add error handling to tool implementation: ```yaml processors: - try: - http: url: ${API_URL} catch: - mapping: | root.error = "API unavailable: " + error() ``` 5. Update agent system prompt to handle this error type. **Prevention:** - Implement comprehensive error handling in tools - Monitor external system health - Add retries for transient failures - Log all tool errors for analysis ## [](#integration-issues)Integration issues Fix problems with external applications calling agents and pipeline-to-agent integration. ### [](#agent-card-does-not-contain-a-url)Agent card does not contain a URL **Symptoms:** Pipeline fails with error: `agent card does not contain a URL` or `failed to init processor path root.pipeline.processors.0` **Causes:** - The `agent_card_url` points to the base agent endpoint instead of the agent card JSON file **Solution:** The `agent_card_url` must point to the agent card JSON file, not the base agent endpoint. **Incorrect configuration:** ```yaml processors: - a2a_message: agent_card_url: "https://your-agent-id.ai-agents.your-cluster-id.cloud.redpanda.com" prompt: "Analyze this transaction: ${!content()}" ``` **Correct configuration:** ```yaml processors: - a2a_message: agent_card_url: "https://your-agent-id.ai-agents.your-cluster-id.cloud.redpanda.com/.well-known/agent-card.json" prompt: "Analyze this transaction: ${!content()}" ``` The agent card is always available at `/.well-known/agent-card.json` according to the A2A protocol standard. **Prevention:** - Always append `/.well-known/agent-card.json` to the agent endpoint URL - Test the agent card URL in a browser before using it in pipeline configuration - See [Agent card location](https://docs.redpanda.com/agentic-data-plane/connect/a2a-concepts/#agent-card-location) for details ### [](#pipeline-integration-failures)Pipeline integration failures **Symptoms:** Pipelines using `a2a_message` processor fail or timeout. **Causes:** - Agent is not running or restarting - Agent timeout is too low for pipeline workload - Authentication issues between pipeline and agent - High event volume overwhelming agent **Solution:** 1. Check agent status and resource allocation. 2. Increase agent resource tier for high-volume pipelines. 3. Add error handling in pipeline: ```yaml processors: - try: - a2a_message: agent_card_url: "https://your-agent-url/.well-known/agent-card.json" catch: - log: message: "Agent invocation failed: ${! error() }" ``` **Prevention:** - Test pipeline-agent integration with low volume first - Size agent resources appropriately for event rate - See integration patterns in [Integrate with Redpanda Pipelines](https://docs.redpanda.com/agentic-data-plane/connect/pipeline-integration-patterns/) ## [](#monitor-and-debug-agents)Monitor and debug agents For comprehensive guidance on monitoring agent activity, analyzing conversation history, tracking token usage, and debugging issues, see [Monitor Agent Activity](https://docs.redpanda.com/agentic-data-plane/monitor/monitor-agents/). ## [](#next-steps)Next steps - [Write Effective System Prompts](https://docs.redpanda.com/agentic-data-plane/connect/system-prompts/) - [How MCP Servers Work](https://docs.redpanda.com/agentic-data-plane/connect/mcp-overview/) - [Choose an Agent Architecture](https://docs.redpanda.com/agentic-data-plane/connect/architecture-patterns/) --- # Page 70: Reference **URL**: https://docs.redpanda.com/agentic-data-plane/reference.md --- # Reference > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Reference latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: index page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: index.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/index.adoc description: Field and command reference for Agentic Data Plane. page-git-created-date: "2026-04-29" page-git-modified-date: "2026-06-01" --- Look up the details. This section covers the `rpk` command-line reference and the Agentic Data Plane glossary. - [Install or Update rpk](rpk-install/) Install or update rpk to interact with Redpanda from the command line. - [rpk Command Reference](rpk/) Reference for the rpk commands used to manage the Redpanda Agentic Data Plane from the command line. - [Glossary](glossary/) Definitions of key terms used in Redpanda Agentic Data Plane documentation. --- # Page 71: Glossary **URL**: https://docs.redpanda.com/agentic-data-plane/reference/glossary.md --- # Glossary > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Glossary latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: glossary page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: glossary.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/glossary.adoc description: Definitions of key terms used in Redpanda Agentic Data Plane documentation. page-git-created-date: "2026-04-23" page-git-modified-date: "2026-06-10" --- ## [](#agentic-data-plane-terms)Agentic Data Plane terms - [Agentic Data Plane (ADP)](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#agentic-data-plane-adp) - [AI agent](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#ai-agent) - [AI Gateway](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#ai-gateway) - [declarative agent](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#declarative-agent) - BYOA (bring your own agent) - [MCP server](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#mcp-server) - [MCP tool](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#mcp-tool) - [tool](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#tool) - [resource](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#resource) - [OAuth provider](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#oauth-provider) - [OAuth client](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#oauth-client) - [OAuth connection](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#oauth-connection) - [token vault](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#token-vault) - [transcript](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#transcript) - [spending event](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#spending-event) - [subagent](https://docs.redpanda.com/agentic-data-plane/reference/glossary/#subagent) ## [](#agentic-data-plane)Agentic Data Plane ### [](#agent2agent-a2a-protocol)Agent2Agent (A2A) protocol Communication protocol that enables AI agents to discover, coordinate with, and delegate tasks to other agents in a distributed system. The A2A protocol allows agents to work together by sharing capabilities, coordinating workflows, and distributing complex tasks across multiple specialized agents. It provides standardized messaging, capability discovery, and task delegation mechanisms for multi-agent systems. ### [](#agentic-data-plane-adp)Agentic Data Plane (ADP) Infrastructure layer that enables AI agents to discover, connect to, and interact with data sources and tools through standardized protocols. The Agentic Data Plane provides the underlying infrastructure for AI agents to access streaming data, invoke tools, and coordinate operations across distributed systems using protocols like MCP and A2A. ### [](#ai-agent)AI agent A system built around a large language model (LLM) that interprets user intent, selects the right tools, and chains multiple steps into a workflow. AI agents can understand natural language instructions, reason about tasks, invoke tools through MCP servers, and coordinate multiple operations to accomplish complex workflows. ### [](#ai-gateway)AI Gateway A unified entry point for AI traffic that provides LLM routing, MCP tool aggregation, cost controls, and observability across multiple LLM providers. ### [](#ai-token)AI token A credential used specifically for authenticating AI agents and authorizing their access to resources in agentic systems. AI tokens are specialized authentication credentials for AI agents, distinct from bearer tokens used in traditional API authentication. They enable agents to authenticate with MCP servers and access data plane resources while maintaining audit trails of agent operations. ### [](#byoa)BYOA Bring Your Own Agent (BYOA) is an agent you build and run yourself, in your own runtime and language. You register it with ADP for governance and observability. ADP tracks and attributes its telemetry and cost but does not host or proxy it. ### [](#context-window)context window The maximum amount of text (measured in tokens) that an LLM can process in a single request. The context window determines how much information an agent can consider at once, including the system prompt, conversation history, tool outputs, and retrieved documents. Larger context windows enable more sophisticated reasoning but may increase latency and cost. Common sizes range from 8K to 200K+ tokens. ### [](#declarative-agent)declarative agent An AI agent that runs in Redpanda’s managed runtime, where you configure its behavior (LLM, system prompt, and attached tools) instead of writing agent code. Contrast with a BYOA agent, which you build and run in your own runtime. ### [](#frontier-model)frontier model The most advanced and capable AI models available, representing the current state-of-the-art in language understanding and reasoning. Frontier models are cutting-edge large language models with exceptional reasoning, planning, and problem-solving capabilities. Examples include GPT-4, Claude 3, and Gemini Ultra. These models are commonly used to power sophisticated AI agents that require advanced decision-making and tool orchestration. ### [](#large-language-model-llm)large language model (LLM) An AI model trained on vast amounts of text data that can understand and generate human-like text, reason about tasks, and follow instructions. Large language models power AI agents by providing natural language understanding, reasoning capabilities, and the ability to plan and execute complex tasks. LLMs interpret user requests, decide which tools to invoke, and synthesize responses based on retrieved data. ### [](#mcp-client)MCP client An AI application or agent that connects to MCP servers to discover and invoke tools. MCP clients use the Model Context Protocol to communicate with MCP servers, discovering available tools, understanding their capabilities, and invoking them with appropriate parameters. The client handles authentication, request formatting, and response processing. ### [](#mcp-server)MCP server A service that exposes tools and resources using the Model Context Protocol, allowing AI agents to discover and invoke them. MCP servers act as bridges between AI agents and external systems, providing standardized interfaces for tool discovery, invocation, and resource access. ### [](#model-context-protocol-mcp)Model Context Protocol (MCP) A standardized protocol that enables AI agents to connect with external data sources and tools in Redpanda. MCP provides a consistent interface for AI applications to discover and interact with data sources, services, and computational tools through Redpanda infrastructure. ### [](#oauth-client)OAuth client An ADP resource that governs inbound authentication: an external app (Claude Desktop, ChatGPT, Copilot Studio) authenticating to AI Gateway so the app’s users can invoke MCP tools. Separate from an OAuth provider, which governs outbound authentication. ### [](#oauth-connection)OAuth connection A stored authorization that links a user to a third-party provider, created when the user completes the OAuth consent flow. OAuth connections hold access and refresh tokens in the token vault for agents to use on the user’s behalf. ### [](#oauth-provider)OAuth provider An ADP resource that governs outbound authentication: AI Gateway authenticating to an upstream system (GitHub, Slack, Salesforce, and so on) on a user’s behalf so MCP servers can call it. Separate from an OAuth client, which governs inbound authentication. ### [](#observability-o11y)observability (o11y) The ability to understand a system’s internal state by examining its external outputs, such as traces, metrics, and logs. In Redpanda’s agentic systems, observability enables debugging agent behavior, monitoring performance, analyzing execution flow, and identifying bottlenecks through transcripts captured in the `redpanda.otel_traces` topic. ### [](#opentelemetry)OpenTelemetry Open-source observability framework that provides standardized APIs, libraries, and tools for capturing and exporting telemetry data. OpenTelemetry provides standardized APIs for capturing traces, metrics, and logs from applications. Redpanda agents and MCP servers automatically emit OpenTelemetry traces to the `redpanda.otel_traces` topic to provide complete observability into agentic system operations. ### [](#otlp-opentelemetry-protocol)OTLP (OpenTelemetry Protocol) Standard protocol for encoding and transmitting telemetry data defined by the OpenTelemetry project. OTLP is the OpenTelemetry Protocol specification for encoding and transmitting telemetry data. Redpanda stores spans in the `redpanda.otel_traces` topic using a Protobuf schema that closely follows the OTLP specification. ### [](#prompt)prompt Natural language instructions or context provided to an LLM to guide its behavior and responses. Prompts are the primary way to communicate with LLMs and AI agents. They can include instructions, examples, context, and questions that guide the model’s reasoning and output. Effective prompt design is critical for agent performance and reliability. ### [](#resource)resource Read-only data that an MCP server exposes and agents can fetch by URI. Resources provide file contents, database rows, or API responses without performing side effects. ### [](#span)span A single unit of work within a trace representing one operation, such as a data processing operation or an external API call. Spans are organized in the Redpanda UI as parent-child relationships that show how operations flow through the system. Each span captures details about a specific operation, including timing, status, and metadata. ### [](#spending-event)spending event A record produced by the AI Gateway for every LLM call. Each event captures input, output, and cached token counts, the total cost in microcents, request count, and the provider, model, user, and organization context that the call ran under. ### [](#subagent)subagent A specialized AI agent that handles specific tasks or domains as part of a larger multi-agent system. Subagents are autonomous components within a multi-agent architecture that have focused expertise in particular domains or operations. They communicate with a parent agent or other subagents to accomplish complex workflows that require coordination across multiple specializations. ### [](#system-prompt)system prompt Initial instructions that define an agent’s role, capabilities, and behavioral guidelines. The system prompt is provided at the start of an agent session and establishes the agent’s identity, available tools, operating constraints, and response style. It remains active throughout the conversation and shapes all subsequent agent behavior and decision-making. ### [](#token-vault)token vault Encrypted per-user store for the OAuth access and refresh tokens used to access third-party providers. Redpanda injects a user’s token at call time and refreshes it automatically; connections persist until the user revokes them. ### [](#tool-invocation)tool invocation The process of an AI agent executing an MCP tool to perform a specific operation. Tool invocation occurs when an agent determines that it needs to use a tool, formats the request with appropriate parameters, sends it to the MCP server, and processes the response. Each invocation is captured in transcripts as spans for observability and debugging. ### [](#tool)tool A capability exposed by an MCP server that an AI agent can discover at runtime and invoke through structured JSON-RPC calls. Tools encapsulate operations such as querying a database, calling an API, or sending a message. ### [](#trace)trace The complete lifecycle of a request captured as a collection of spans, showing how operations relate to each other. A trace represents the complete lifecycle of a request (for example, a tool invocation from start to finish). A trace contains one or more spans organized hierarchically, showing how operations relate to each other. ### [](#transcript)transcript Complete observability record of agent or MCP server operations captured as OpenTelemetry traces and stored in the redpanda.otel\_traces topic. Transcripts capture tool invocations, agent reasoning steps, data processing operations, external API calls, error conditions, and performance metrics. They provide a complete record of how agentic systems operate, enabling debugging, auditing, and performance analysis. ## [](#redpanda-cloud)Redpanda Cloud ### [](#beta)beta Features in beta are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. ### [](#byoc)BYOC Bring Your Own Cloud (BYOC) is a fully-managed Redpanda Cloud deployment where clusters run in your private cloud, so all data is contained in your own environment. Redpanda handles provisioning, operations, and maintenance. ### [](#byovnet)BYOVNet A Bring Your Own Virtual Network (BYOVNet) cluster allows you to deploy the Redpanda data plane into your existing Azure VNet to fully manage the networking lifecycle. Compared to standard BYOC, BYOVNet provides more security, but the configuration is more complex. ### [](#byovpc)BYOVPC A Bring Your Own Virtual Private Cloud (BYOVPC) cluster allows you to deploy the Redpanda data plane into your existing VPC on AWS or GCP to fully manage the networking lifecycle. Compared to standard BYOC, BYOVPC provides more security, but the configuration is more complex. ### [](#connector)connector Enables Redpanda to integrate with external systems, such as databases. ### [](#control-plane)control plane This part of Redpanda Cloud enforces rules in the data plane, including cluster management, operations, and maintenance. ### [](#data-plane)data plane This part of Redpanda Cloud contains Redpanda clusters and other components, such as Redpanda Console, Redpanda Operator, and `rpk`. It is managed by an agent that receives cluster specifications from the control plane. Sometimes used interchangeably with clusters. ### [](#data-sovereignty)data sovereignty Containing all your data in your environment. With BYOC, Redpanda handles provisioning, monitoring, and upgrades, but you manage your streaming data without Redpanda’s control plane ever seeing it. Additionally, with BYOVPC, the Redpanda Cloud agent doesn’t create any new resources or alter any settings in your account. ### [](#dedicated-cloud)Dedicated Cloud A fully-managed Redpanda Cloud deployment option where you host your data in Redpanda’s VPC, and Redpanda handles provisioning, operations, and maintenance. Dedicated clusters are single-tenant deployments that support private networking (for example, VPC peering to talk over private IPs) for better data isolation. ### [](#limited-availability)limited availability Features in limited availability (LA) are production-ready and are covered by Redpanda Support for early adopters. ### [](#pipeline)pipeline A single configuration file running in Redpanda Connect with an input connector, an output connector, and optional processors in between. A pipeline typically streams data into Redpanda from an operational source (like PostgreSQL) or streams data out of Redpanda into an analytical system (like Snowflake). ### [](#redpanda-cloud-2)Redpanda Cloud A fully-managed data streaming service deployed with Redpanda Console. It includes automated upgrades and patching, backup and recovery, data and partition balancing, and built-in connectors. Redpanda Cloud is available in Serverless, Dedicated, and Bring Your Own Cloud (BYOC) deployment options to suit different data sovereignty and infrastructure requirements. ### [](#redpanda-console)Redpanda Console The web-based UI for managing and monitoring Redpanda clusters and streaming workloads. You can also set up and manage connectors in Redpanda Console. Redpanda Console is an integral part of Redpanda Cloud, but it also can be used as a standalone program as part of a Redpanda Self-Managed deployment. ### [](#remote-mcp)Remote MCP An MCP server hosted in your Redpanda Cloud cluster. It exposes custom tools that AI assistants can call to access your data and workflows. ### [](#resource-group)resource group A container for Redpanda Cloud resources, including clusters and networks. You can rename your default resource group, and you can create more resource groups. For example, you may want different resource groups for production and testing. ### [](#serverless)Serverless Serverless is the fastest and easiest way to start data streaming. You host your data in Redpanda’s VPC, and Redpanda handles automatic scaling, provisioning, operations, and maintenance. ### [](#sink-connector)sink connector Exports data from a Redpanda cluster into a target system. ### [](#source-connector)source connector Imports data from a source system into a Redpanda cluster. ## [](#redpanda-connect)Redpanda Connect ### [](#mcp-tool)MCP tool A function that an AI assistant can call to perform a specific task, such as fetching data from an API, querying a database, or processing streaming data. Each tool is defined using Redpanda Connect components and annotated with MCP metadata. ### [](#processor)processor A Redpanda Connect component that transforms data, validates inputs, or calls external APIs within a processing pipeline. Processors are stateless components in Redpanda Connect that operate on individual messages or batches. When used as MCP tools, processors handle data transformations, validate parameters, and invoke external services. Each processor executes independently per request with no state maintained between invocations. ### [](#redpanda-connect-mcp-server)Redpanda Connect MCP server A process that exposes Redpanda Connect components to MCP clients. You write each tool’s logic using Redpanda Connect configurations and annotate them with MCP metadata so clients can discover and invoke them. ### [](#redpanda-connect-2)Redpanda Connect A framework for building data streaming applications using declarative YAML configurations. Redpanda Connect provides components such as inputs, processors, outputs, and caches to define data flows and transformations. ## [](#redpanda-sql)Redpanda SQL ### [](#oxla)Oxla The SQL engine technology that powers Redpanda SQL. "Oxla" may appear in version strings, error messages, and some API field names. ### [](#redpanda-catalog)Redpanda catalog A catalog in Redpanda SQL that maps Redpanda topics to SQL tables. The default Redpanda catalog (`default_redpanda_catalog`) is provisioned automatically when Redpanda SQL is enabled. ### [](#redpanda-sql-2)Redpanda SQL A PostgreSQL-compatible SQL engine built into Redpanda Data Platform for querying streaming data in Redpanda topics. Redpanda SQL provides analytical SQL queries over Redpanda topic data without requiring ETL pipelines or a separate analytics system. It can also query the Iceberg-translated history of Iceberg-enabled topics alongside live records. ## [](#redpanda-core)Redpanda core ### [](#availability-zone-az)availability zone (AZ) One or more data centers served by high-bandwidth links with low latency, typically within a close distance of one another. ### [](#broker)broker An instance of Redpanda that stores and manages event streams. Multiple brokers join together to form a Redpanda cluster. Sometimes used interchangeably with node, but a node is typically a physical or virtual server. See also: node ### [](#client)client A producer application that writes events to Redpanda, or a consumer application that reads events from Redpanda. This could also be a client library, like librdkafka or franz-go. ### [](#cluster)cluster One or more brokers that work together to manage real-time data streaming, processing, and storage. ### [](#consumer-group)consumer group A set of consumers that cooperate to read data for better scalability. As group members arrive and leave, partitions are re-assigned so each member receives a proportional share. ### [](#consumer-offset)consumer offset The position of a consumer in a specific topic partition, to track which records they have read. A consumer offset of 3 means it has read messages 0-2 and will next read message 3. ### [](#consumer)consumer A client application that subscribes to Redpanda topics to asynchronously read events. ### [](#controller-broker)controller broker A broker that manages operational metadata for a Redpanda cluster and ensures replicas are distributed among brokers. At any given time, one active controller exists in a cluster. If the controller fails, another broker is automatically elected as the controller. ### [](#data-stream)data stream A continuous flow of events in real time that are produced and consumed by client applications. Redpanda is a data streaming platform. Also known as event stream. ### [](#event)event A record of something changing state at a specific time. Events can be generated by various sources, including sensors, applications, and devices. Producers write events to Redpanda, and consumers read events from Redpanda. ### [](#iceberg-catalog)Iceberg catalog A metadata service that tracks Apache Iceberg tables and their schemas. Redpanda supports REST catalogs (such as AWS Glue, GCP BigLake, Snowflake Open Catalog, or Databricks Unity Catalog) and filesystem-based catalogs. Redpanda SQL connects to a REST catalog with `CREATE ICEBERG CATALOG` to query the Iceberg-committed history of a topic. ### [](#iceberg-mode)Iceberg mode The Redpanda topic property (`redpanda.iceberg.mode`) that controls whether and how the topic’s records are translated into an Apache Iceberg table. ### [](#iceberg-topic)Iceberg topic A Redpanda topic with Iceberg integration enabled, so its data is also stored as an Apache Iceberg table that downstream analytical systems can read directly. Also called an Iceberg-enabled topic. ### [](#iceberg-translation)Iceberg translation The background process that converts records on an Iceberg topic into Apache Iceberg format and commits them to the configured Iceberg catalog. ### [](#kafka-api)Kafka API Producers and consumers interact with Redpanda using the Kafka API. It uses the default port 9092. ### [](#learner)learner A broker that is a follower in a Raft group but is not part of quorum. In a Raft group, a broker can be in learner status. Learners are followers that cannot vote and so do not count towards quorum (the majority). They cannot be elected to leader nor can they trigger leader elections. Brokers can be promoted or demoted between learner and voter. New Raft group members start as learners. ### [](#listener)listener Configuration on a broker that defines how it should accept client or inter-broker connections. Each listener is associated with a specific protocol, hostname, and port combination. The listener defines where the broker should listen for incoming connections. ### [](#log)log An ordered, append-only, immutable sequence of records. The log is Redpanda’s core storage abstraction for event streams. At the conceptual level, topics represent replayable logs. Physically, each partition is implemented as a log file on disk, divided into segments. Redpanda uses the Raft consensus algorithm to coordinate writing data to log files and replicate them across brokers for fault tolerance. See also: topic, partition, segment ### [](#message)message One or more records representing individual events being transmitted. Redpanda transfers messages between producers and consumers. Sometimes used interchangeably with record. ### [](#node)node A machine, which could be a server, a virtual machine (instance), or a Docker container. Every node has its own disk. Partitions are stored locally on nodes. In Kubernetes, a Node is the machine that Redpanda runs on. Outside the context of Kubernetes, this term may be used interchangeably with broker, such as `node_id`. See also: broker ### [](#offset-commit)offset commit An acknowledgement that the event has been read. ### [](#offset)offset A unique integer assigned to each record to show its location in the partition. ### [](#pandaproxy)pandaproxy Original name for the subsystem of Redpanda that allows access to your data through a REST API. This name still appears in the HTTP Proxy API and the Schema Registry API. ### [](#partition-leader)partition leader Every Redpanda partition forms a Raft group with a single elected leader. This leader handles all writes, and it replicates data to followers to ensure that a majority of brokers store the data. ### [](#partition)partition A subset of events in a topic, like a log file. It is an ordered, immutable sequence of records. Partitions allow you to distribute a stream, which lets producers write messages in parallel and consumers read messages in parallel. Partitions are made up of segment files on disk. ### [](#producer)producer A client application that writes events to Redpanda. Redpanda stores these events in sequence and organizes them into topics. ### [](#rack)rack A failure zone that has one or more Redpanda brokers assigned to it. ### [](#raft)Raft The consensus algorithm Redpanda uses to coordinate writing data to log files and replicating that data across brokers. For more details, see [https://raft.github.io/](https://raft.github.io/) ### [](#record)record A self-contained data entity with a defined structure, representing a single event. Sometimes used interchangeably with message. ### [](#replicas)replicas Copies of partitions that are distributed across different brokers, so if one broker goes down, there is a copy of the data. ### [](#retention)retention The mechanism for determining how long Redpanda stores data on local disk or in object storage before purging it. ### [](#replication-factor)replication factor The number of partition copies in a cluster. This is set to 3 in Redpanda Cloud deployments and 1 (no replication) in Self-Managed deployments. A replication factor of at least 3 ensures that each partition has a copy of its data on at least one other broker. One replica acts as the leader, and the other replicas are followers. ### [](#schema)schema An external mechanism to describe the structure of data and its encoding. Schemas validate the structure and ensure that producers and consumers can connect with data in the same format. ### [](#seastar)Seastar An open-source thread-per-core C++ framework, which binds all work to physical cores. Redpanda is built on Seastar. For more details, see [https://seastar.io/](https://seastar.io/) ### [](#seed-server)seed server The initial set of brokers that a Redpanda broker contacts to join the cluster. Seed servers play a crucial role in cluster formation and recovery, acting as a point of reference for new or restarting brokers to understand the current topology of the cluster. ### [](#segment)segment Discrete part of a partition, used to break down a continuous stream into manageable chunks. You can set the maximum duration (`segment.ms`) or size (`segment.bytes`) for a segment to be open for writes. ### [](#serialization)serialization The process of converting a record into a format that can be stored. Deserialization is the process of converting a record back to the original state. Redpanda Schema Registry supports Avro and Protobuf serialization formats. ### [](#shard)shard A CPU core. ### [](#subject)subject A logical grouping or category for schemas. When data formats are updated, a new version of the schema can be registered under the same subject, allowing for backward and forward compatibility. ### [](#thread-per-core)thread-per-core Programming model that allows Redpanda to pin each of its application threads to a CPU core to avoid context switching and blocking. ### [](#topic-partition)topic partition A topic may be partitioned through multiple brokers. A "topic partition" represents this logical separation in Redpanda, which is managed natively by Raft. ### [](#topic)topic A logical stream of related events that are written to the same log. It can be divided into multiple partitions. A topic can have various clients writing events to it and reading events from it. ### [](#wire-format)wire format A serialization format used by Schema Registry that prefixes each record with a magic byte and 4-byte schema ID, so consumers can identify and apply the correct schema. ## [](#redpanda-features)Redpanda features ### [](#admin-api)Admin API A REST API used to manage and monitor Redpanda Self-Managed clusters. It uses the default port 9644. For more information about using this API with Self-Managed Redpanda, see [/api/doc/admin](https://docs.redpanda.com/api/doc/admin). Note: The Redpanda Admin API is different from the [Kafka Admin API](https://kafka.apache.org/documentation/#adminapi). ### [](#cloud-topic)Cloud Topic A Redpanda topic type, Cloud Topics use object storage (S3, GCS, or MinIO) as the primary data store (rather than replicating data across brokers). Unlike standard Redpanda topics, Cloud Topics allow users with flexible latency requirements to lower or eliminate costs associated with cross-AZ networking. ### [](#compaction)compaction Feature that retains the latest value for each key within a partition while discarding older values. ### [](#controller-snapshot)controller snapshot Snapshot of the current cluster metadata state saved to disk, so broker startup is fast. ### [](#data-transforms)data transforms Framework to manipulate or enrich data written to Redpanda topics. You can develop custom data functions, which run asynchronously using a WebAssembly (Wasm) engine inside a Redpanda broker. ### [](#http-proxy)HTTP Proxy Redpanda HTTP Proxy (pandaproxy) allows access to your data through a REST API. It is built into the Redpanda binary and uses the default port 8082. ### [](#leader-pinning)Leader Pinning Feature that places a topic’s partition leaders in a preferred location, such as a cloud availability zone, to reduce networking costs and latency for nearby clients. ### [](#maintenance-mode)maintenance mode A state where a Redpanda broker temporarily doesn’t take any partition leaderships. It continues to store data as a follower. This is usually done for system maintenance or a rolling upgrade. ### [](#rack-awareness)rack awareness Feature that lets you distribute replicas of the same partition across different racks to minimize data loss and improve fault tolerance in the event of a rack failure. ### [](#rebalancing)rebalancing Process of moving partition replicas and transferring partition leadership for improved performance. Redpanda provides various topic-aware tools to balance clusters for best performance. - Leadership balancing changes where data is written to first, but it does not involve any data transfer. The partition leader regularly sends heartbeats to its followers. If a follower does not receive a heartbeat within a timeout, it triggers a new leader election. Redpanda also provides leadership balancing when brokers are added or decommissioned. - Partition replica balancing moves partition replicas to alleviate disk pressure and to honor the configured replication factor across brokers and the additional redundancy across failure domains (such as racks). Redpanda provides partition replica rebalancing when brokers are added or decommissioned. - With an Enterprise license, you can additionally enable Continuous Data Balancing to continuously monitor broker and rack availability and disk usage. ### [](#rolling-upgrade)rolling upgrade The process of upgrading each broker in a Redpanda cluster, one at a time, to minimize disruption and ensure continuous availability. ### [](#rpk)rpk Redpanda’s command-line interface tool for managing Redpanda clusters. ### [](#remote-read-replica)Remote Read Replica A read-only topic that mirrors a topic on a different cluster, using data from Tiered Storage. ### [](#schema-registry)Schema Registry Redpanda Schema Registry (pandaproxy) is the interface for storing and managing event schemas. Producers and consumers register and retrieve schemas they use from the registry. It is built into the Redpanda binary and uses the default port 8081. ### [](#tiered-storage)Tiered Storage Feature that lets you offload log segments to object storage in near real-time, providing long-term data retention and topic recovery. ## [](#redpanda-in-kubernetes)Redpanda in Kubernetes ### [](#cert-manager)cert-manager A Kubernetes controller that simplifies the process of obtaining, renewing, and using certificates. For more details, see [https://cert-manager.io/docs/](https://cert-manager.io/docs/) ### [](#redpanda-helm-chart)Redpanda Helm chart Generates and applies all the manifest files you need for deploying Redpanda in Kubernetes. ### [](#redpanda-operator)Redpanda Operator Extends Kubernetes with custom resource definitions (CRDs), which allow Redpanda clusters to be treated as native Kubernetes resources. ## [](#redpanda-licenses)Redpanda licenses ### [](#redpanda-community-edition)Redpanda Community Edition Redpanda software that is available under the Redpanda Business Source License (BSL). These core features are free and source-available. ### [](#redpanda-enterprise-edition)Redpanda Enterprise Edition Redpanda software that is available under the Redpanda Community License (RCL). It includes the free features licensed with the Redpanda Community Edition, as well enterprise features, such as Tiered Storage, Remote Read Replicas, and Continuous Data Balancing. ### [](#self-managed)Self-Managed Redpanda Self-Managed refers to the product offering that includes both the Enterprise Edition and the Community Edition of Redpanda. Sometimes used interchangeably with self-hosted. ## [](#redpanda-security)Redpanda security ### [](#access-control-list-acl)access control list (ACL) A security feature used to define and enforce granular permissions to resources, ensuring only authorized users or applications can perform specific operations. ACLs act on principals. ### [](#advertised-listener)advertised listener The address a Redpanda broker broadcasts to producers, consumers, and other brokers. It specifies the hostname and port for connections to different listeners. Clients and other brokers use advertised listeners to connect to services such as the Admin API, Kafka API, and HTTP Proxy API. The advertised address might differ from the listener address in scenarios where brokers are behind a NAT, in a Docker container, or in Kubernetes. Advertised addresses ensure clients can reach the Redpanda brokers even in complex network setups. ### [](#authentication)authentication The process of verifying the identity of a principal, user, or service account. Also known as AuthN. ### [](#authorization)authorization The process of specifying access rights to resources. Access rights are enforced through roles or access control lists (ACLs). Also known as AuthZ. ### [](#bearer-token)bearer token An access token used for authentication and authorization in web applications and APIs. It holds user credentials, usually in the form of random strings of characters. ### [](#gbac)GBAC Group-based access control lets you manage Redpanda permissions at scale by assigning them to OIDC groups instead of individual users. GBAC lets you manage Redpanda permissions at scale using the groups that already exist in your identity provider (IdP). You define access once for a group and your IdP controls who belongs to it. You can grant permissions to groups in two ways: create ACLs with `Group:` principals, or assign groups as members of RBAC roles. Both approaches can be used independently or together. ### [](#identity-provider-idp)identity provider (IdP) A service that creates, maintains, and manages identity information while providing authentication services to applications. Identity providers authenticate users and issue tokens that applications can use to verify identity and access permissions. Common IdPs include Okta, Auth0, Azure AD, and Google Identity Platform. ### [](#openid-connect-oidc)OpenID Connect (OIDC) Authentication layer built on OAuth 2.0 that allows clients to verify user identity and obtain basic profile information. OpenID Connect provides a standardized way for applications to authenticate users through identity providers. In Redpanda’s agentic systems, OIDC enables secure authentication for AI agents and MCP servers accessing cloud resources. ### [](#principal)principal An authenticated identity (user, service account, or group) that Redpanda evaluates when enforcing ACLs and role assignments. Redpanda supports `User:` and `Group:` principal types. Permissions are granted to principals through ACLs or RBAC role assignments. ### [](#rbac)RBAC Role-based access control lets you assign users access to specific resources. ### [](#service-account)service account An identity independent of the user who created it that can be used to authenticate and perform operations. This is especially useful for authentication of machines. --- # Page 72: Install or Update rpk **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk-install.md --- # Install or Update rpk > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: Install or Update rpk latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk-install page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk-install.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk-install.adoc description: Install or update rpk to interact with Redpanda from the command line. page-git-created-date: "2026-05-28" page-git-modified-date: "2026-05-28" --- The `rpk` tool is a single binary application that provides a way to interact with your Redpanda clusters from the command line. For example, you can use `rpk` to do the following: - Monitor your cluster’s health - Create, produce, and consume from topics - Set up access control lists (ACLs) and other security features Redpanda Cloud deployments should always use the latest version of `rpk`. ## [](#check-rpk-version)Check rpk version To check your current version of the rpk binary, run `rpk --version`. The following example lists the latest version of `rpk`. If your installed version is lower than this latest version, then update `rpk`. For a list of versions, see [Redpanda releases](https://github.com/redpanda-data/redpanda/releases/). ```bash rpk --version ``` ```bash rpk version 26.1.10 (rev 3d926fb) ``` ## [](#install-or-update-rpk-on-linux)Install or update rpk on Linux To install, or update to, the latest version of `rpk` for Linux, run: ### amd64 ```bash curl -LO https://github.com/redpanda-data/redpanda/releases/latest/download/rpk-linux-amd64.zip && mkdir -p ~/.local/bin && export PATH="~/.local/bin:$PATH" && unzip rpk-linux-amd64.zip -d ~/.local/bin/ ``` ### arm64 ```bash curl -LO https://github.com/redpanda-data/redpanda/releases/latest/download/rpk-linux-arm64.zip && mkdir -p ~/.local/bin && export PATH="~/.local/bin:$PATH" && unzip rpk-linux-arm64.zip -d ~/.local/bin/ ``` > 💡 **TIP** > > You can use `rpk` on Windows only with [WSL](https://learn.microsoft.com/windows/wsl/install). However, commands that require Redpanda to be installed on your machine are not supported, such as [`rpk container`](https://docs.redpanda.com/streaming/current/reference/rpk/rpk-container/rpk-container/) commands, [`rpk iotune`](https://docs.redpanda.com/streaming/current/reference/rpk/rpk-iotune/), and [`rpk redpanda`](https://docs.redpanda.com/streaming/current/reference/rpk/rpk-redpanda/rpk-redpanda/) commands. ## [](#install-or-update-rpk-on-macos)Install or update rpk on macOS ### Homebrew 1. If you don’t have Homebrew installed, [install it](https://brew.sh/). 2. To install or update `rpk`, run: ```bash brew install redpanda-data/tap/redpanda ``` ### Manual Download To install or update `rpk` through a manual download, choose the option for your system architecture. For example, if you have an M1 or newer chip, select **Apple Silicon**. #### Intel macOS To install, or update to, the latest version of `rpk` for Intel macOS, run: ```bash curl -LO https://github.com/redpanda-data/redpanda/releases/latest/download/rpk-darwin-amd64.zip && mkdir -p ~/.local/bin && export PATH="~/.local/bin:$PATH" && unzip rpk-darwin-amd64.zip -d ~/.local/bin/ ``` To install, or update to, a version other than the latest, run: ```bash curl -LO https://github.com/redpanda-data/redpanda/releases/download/v/rpk-darwin-amd64.zip && mkdir -p ~/.local/bin && export PATH="~/.local/bin:$PATH" && unzip rpk-darwin-amd64.zip -d ~/.local/bin/ ``` #### Apple Silicon To install, or update to, the latest version of `rpk` for Apple Silicon, run: ```bash curl -LO https://github.com/redpanda-data/redpanda/releases/latest/download/rpk-darwin-arm64.zip && mkdir -p ~/.local/bin && export PATH="~/.local/bin:$PATH" && unzip rpk-darwin-arm64.zip -d ~/.local/bin/ ``` To install, or update to, a version other than the latest, run: ```bash curl -LO https://github.com/redpanda-data/redpanda/releases/download/v/rpk-darwin-arm64.zip && mkdir -p ~/.local/bin && export PATH="~/.local/bin:$PATH" && unzip rpk-darwin-arm64.zip -d ~/.local/bin/ ``` ## [](#next-steps)Next steps For the complete list of `rpk` commands and their syntax, see the [rpk reference](https://docs.redpanda.com/agentic-data-plane/reference/rpk/). --- # Page 73: rpk Command Reference **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk.md --- # rpk Command Reference > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk Command Reference latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/index page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/index.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/index.adoc description: Reference for the rpk commands used to manage the Redpanda Agentic Data Plane from the command line. page-git-created-date: "2026-05-11" page-git-modified-date: "2026-05-29" --- This section documents the `rpk` commands you use to manage the Redpanda Agentic Data Plane (ADP) from the command line. Use `rpk ai` to manage AI Gateway resources (LLM providers, MCP servers, OAuth providers) and call MCP tools directly from your terminal. Authentication is owned by `rpk cloud login`. The `rpk ai` commands reuse your active `rpk profile` and the cached cloud token. The active AI Gateway URL is resolved from the same profile unless you override it with `--rpai-endpoint`. For subcommands available after install (`rpk ai llm`, `rpk ai mcp`, `rpk ai oauth`, and more), run `rpk ai --help` from your terminal. - [rpk ai](rpk-ai/rpk-ai/) - [rpk cloud](rpk-cloud/rpk-cloud/) - [rpk profile](rpk-profile/rpk-profile/) - [rpk -X](rpk-x-options/) --- # Page 74: rpk ai agent list **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-agent-list.md --- # rpk ai agent list > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai agent list page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-agent-list page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-agent-list.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-agent-list.adoc description: rpk ai agent list # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- List agents. ## [](#usage)Usage ```bash rpk ai agent list [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | help for list. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 75: rpk ai agent **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-agent.md --- # rpk ai agent > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai agent page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-agent page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-agent.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-agent.adoc description: rpk ai agent # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Manage agents. ## [](#usage)Usage ```bash rpk ai agent [flags] rpk ai agent [command] ``` ## [](#aliases)Aliases ```bash agent, agents ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | help for agent. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 76: rpk ai connection list **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-connection-list.md --- # rpk ai connection list > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai connection list page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-connection-list page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-connection-list.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-connection-list.adoc description: rpk ai connection list # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- List OAuth connections. ## [](#usage)Usage ```bash rpk ai connection list [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | help for list. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 77: rpk ai connection revoke **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-connection-revoke.md --- # rpk ai connection revoke > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai connection revoke page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-connection-revoke page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-connection-revoke.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-connection-revoke.adoc description: rpk ai connection revoke # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Revoke an OAuth connection. ## [](#usage)Usage ```bash rpk ai connection revoke [name] [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | help for revoke. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 78: rpk ai connection **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-connection.md --- # rpk ai connection > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai connection page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-connection page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-connection.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-connection.adoc description: rpk ai connection # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Manage OAuth connections. ## [](#usage)Usage ```bash rpk ai connection [flags] rpk ai connection [command] ``` ## [](#aliases)Aliases ```bash connection, connections, conn ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | help for connection. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 79: rpk ai install **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-install.md --- # rpk ai install > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai install page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-install page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-install.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-install.adoc description: rpk ai install # Beta release status page-beta: "true" page-git-created-date: "2026-05-11" page-git-modified-date: "2026-05-27" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Install the Redpanda AI CLI. This command installs the latest version by default. Alternatively, you may specify an rpk ai version using the --ai-version flag. You may force the installation using the --force flag. ## [](#usage)Usage ```bash rpk ai install [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | --ai-version | string | Redpanda AI CLI version to install (e.g. 0.1.2) (default "latest"). | | --force | - | Force install of the Redpanda AI CLI. | | -h, --help | - | Help for install. | | --config | string | Redpanda or rpk config file; default search paths are /var/lib/redpanda/.config/rpk/rpk.yaml, $PWD/redpanda.yaml, and /etc/redpanda/redpanda.yaml. | | -X, --config-opt | stringArray | Override rpk configuration settings; '-X help' for detail or '-X list' for terser detail. | | --ignore-profile | - | Ignore rpk.yaml and redpanda.yaml; use default settings. | | --profile | string | rpk profile to use. | | -v, --verbose | - | Enable verbose logging. | --- # Page 80: rpk ai llm create **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-llm-create.md --- # rpk ai llm create > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai llm create page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-llm-create page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-llm-create.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-llm-create.adoc description: rpk ai llm create # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Create an LLM provider ## [](#usage)Usage ```bash rpk ai llm create [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | --api-key-ref | string | API key or AWS Secret Access Key secret reference (bedrock). | | --authorization-passthrough | - | forward client’s Authorization header to upstream (Anthropic enterprise/Max OAuth). | | --base-url | string | base URL. | | --bedrock-access-key-id-ref | string | AWS Access Key ID or secret reference for Bedrock. | | --bedrock-region | string | AWS region for Bedrock (e.g. us-east-1). | | --display-name | string | display name. | | --enabled | - | whether provider is enabled (default true). | | -h, --help | - | help for create. | | --models | strings | supported models. | | --name | string | provider name (required). | | --type | string | provider type: openai, anthropic, google, bedrock. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 81: rpk ai llm delete **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-llm-delete.md --- # rpk ai llm delete > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai llm delete page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-llm-delete page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-llm-delete.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-llm-delete.adoc description: rpk ai llm delete # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Delete an LLM provider ## [](#usage)Usage ```bash rpk ai llm delete [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | help for delete. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 82: rpk ai llm get **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-llm-get.md --- # rpk ai llm get > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai llm get page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-llm-get page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-llm-get.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-llm-get.adoc description: rpk ai llm get # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Get an LLM provider ## [](#usage)Usage ```bash rpk ai llm get [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | help for get. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 83: rpk ai llm list **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-llm-list.md --- # rpk ai llm list > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai llm list page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-llm-list page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-llm-list.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-llm-list.adoc description: rpk ai llm list # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- List LLM providers ## [](#usage)Usage ```bash rpk ai llm list [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | --filter-name | string | filter by name (contains). | | -h, --help | - | help for list. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 84: rpk ai llm update **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-llm-update.md --- # rpk ai llm update > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai llm update page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-llm-update page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-llm-update.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-llm-update.adoc description: rpk ai llm update # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Update an LLM provider ## [](#usage)Usage ```bash rpk ai llm update [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | --api-key-ref | string | new API key reference — must be UPPER_SNAKE_CASE (provider-specific). | | --base-url | string | new base URL (provider-specific). | | --display-name | string | new display name. | | --enabled | - | whether provider is enabled (default true). | | -h, --help | - | help for update. | | --models | strings | new models list. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 85: rpk ai llm **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-llm.md --- # rpk ai llm > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai llm page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-llm page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-llm.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-llm.adoc description: rpk ai llm # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Manage LLM providers registered with the Redpanda AI gateway. Supported provider types: openai, anthropic, google, bedrock. Aliases: `llm-provider` (compat with aigwctl), `provider`, `lp`. ## [](#usage)Usage ```bash rpk ai llm [command] ``` ## [](#aliases)Aliases ```bash llm, llm-provider, provider, lp ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | help for llm. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 86: rpk ai mcp create **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-mcp-create.md --- # rpk ai mcp create > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai mcp create page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-mcp-create page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-mcp-create.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-mcp-create.adoc description: rpk ai mcp create # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Create an MCP server ## [](#usage)Usage ```bash rpk ai mcp create [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | --description | string | human-readable description of the server. | | --enabled | - | whether server is enabled (default true). | | -h, --help | - | help for create. | | --managed-config | - | rpai mcp types managed MCP config JSON. The @type may be the short name from rpai mcp types (e.g. '{"@type":"SQLMCP","driver":"sqlite3","dsn":":memory:"}') or the full proto URL. The per-MCP oneof auth carries any credentials (static_key / user_oauth) — specify it inside the JSON. | | --name | string | server name (required). | | --transport | string | transport: sse, streamable-http (default "sse"). | | --url | string | server URL (for remote backend). | | --user-oauth-provider | string | for --url (remote) servers: name of the OAuthProvider whose per-user tokens should authenticate upstream requests. Ignored for managed servers — set auth.user_oauth inside --managed-config instead. | | --user-oauth-scopes | strings | minimum OAuth scopes a user’s connection must have (user_oauth.required_scopes). Applies only when --user-oauth-provider is set. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 87: rpk ai mcp delete **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-mcp-delete.md --- # rpk ai mcp delete > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai mcp delete page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-mcp-delete page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-mcp-delete.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-mcp-delete.adoc description: rpk ai mcp delete # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Delete an MCP server ## [](#usage)Usage ```bash rpk ai mcp delete [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | help for delete. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 88: rpk ai mcp get **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-mcp-get.md --- # rpk ai mcp get > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai mcp get page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-mcp-get page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-mcp-get.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-mcp-get.adoc description: rpk ai mcp get # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Get an MCP server ## [](#usage)Usage ```bash rpk ai mcp get [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | help for get. | | --no-tools | - | skip live tool discovery (avoids a second RPC + upstream call). | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 89: rpk ai mcp list **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-mcp-list.md --- # rpk ai mcp list > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai mcp list page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-mcp-list page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-mcp-list.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-mcp-list.adoc description: rpk ai mcp list # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- List MCP servers ## [](#usage)Usage ```bash rpk ai mcp list [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | --filter-name | string | filter by name (contains). | | -h, --help | - | help for list. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 90: rpk ai mcp tools call **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-mcp-tools-call.md --- # rpk ai mcp tools call > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai mcp tools call page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-mcp-tools-call page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-mcp-tools-call.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-mcp-tools-call.adoc description: rpk ai mcp tools call # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Invoke a tool on an MCP server through the aigw MCP proxy. The server’s /mcp/v1/ endpoint is reached with the same bearer token used by the rest of rpk ai; aigw resolves user-delegated OAuth tokens from the vault when the MCP server is configured with --user-oauth-provider. Arguments passed to the tool are a JSON object supplied via --args. Example: rpk ai mcp tools call gf-servicenow-sand2 listtablerecords \\ --args '{"tableName":"incident","sysparm\_limit":3}' With --code-mode the call targets the virtual code-mode sibling endpoint (/mcp/v1/-code). That endpoint exposes search (tool catalog for the primary) and execute (runs JavaScript in a sandbox with call\_tool bound to the primary’s tools). Example: rpk ai mcp tools call pg-garrett execute --code-mode \\ --args '{"code":"var r = call\_tool({name:\\"query\\", arguments:{query:\\"SELECT 1\\"}}); JSON.stringify(r);"}' ## [](#usage)Usage ```bash rpk ai mcp tools call [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | --args | string | JSON object of tool arguments, e.g. '{"foo":"bar"}'. Empty means no arguments. | | --code-mode | - | Target the virtual code-mode sibling endpoint (-code) instead of the primary. | | -h, --help | - | help for call. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 91: rpk ai mcp tools list **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-mcp-tools-list.md --- # rpk ai mcp tools list > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai mcp tools list page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-mcp-tools-list page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-mcp-tools-list.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-mcp-tools-list.adoc description: rpk ai mcp tools list # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- List tools on an MCP server by calling tools/list through the aigw MCP proxy. Hits the server’s /mcp/v1/ endpoint, so the same auth and token-vault path used by tools/call is exercised here. Useful for checking that a managed MCP’s tool schema loaded correctly and that a user-delegated server is reachable with the caller’s vault token. With --code-mode the session targets the virtual code-mode sibling endpoint (/mcp/v1/-code), which exposes the sandbox meta-tools (search, execute). To see the parent’s tool catalog from the sandbox, invoke the search tool explicitly: rpk ai mcp tools call search --code-mode ## [](#usage)Usage ```bash rpk ai mcp tools list [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | --code-mode | - | Target the virtual code-mode sibling endpoint (-code) instead of the primary. | | -h, --help | - | help for list. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 92: rpk ai mcp tools **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-mcp-tools.md --- # rpk ai mcp tools > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai mcp tools page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-mcp-tools page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-mcp-tools.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-mcp-tools.adoc description: rpk ai mcp tools # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Interact with tools on an MCP server ## [](#usage)Usage ```bash rpk ai mcp tools [command] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | help for tools. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 93: rpk ai mcp types **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-mcp-types.md --- # rpk ai mcp types > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai mcp types page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-mcp-types page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-mcp-types.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-mcp-types.adoc description: rpk ai mcp types # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- List available managed MCP types ## [](#usage)Usage ```bash rpk ai mcp types [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | help for types. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 94: rpk ai mcp update **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-mcp-update.md --- # rpk ai mcp update > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai mcp update page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-mcp-update page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-mcp-update.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-mcp-update.adoc description: rpk ai mcp update # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Update an MCP server ## [](#usage)Usage ```bash rpk ai mcp update [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | --description | string | human-readable description of the server. | | --enabled | - | whether server is enabled (default true). | | -h, --help | - | help for update. | | --transport | string | new transport. | | --url | string | new server URL. | | --user-oauth-provider | string | for remote servers: name of the OAuthProvider whose per-user tokens should authenticate upstream requests. Managed MCPs carry their own auth oneof inside the per-MCP config and are not updated via this flag. | | --user-oauth-scopes | strings | minimum OAuth scopes a user’s connection must have (user_oauth.required_scopes). | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 95: rpk ai mcp **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-mcp.md --- # rpk ai mcp > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai mcp page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-mcp page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-mcp.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-mcp.adoc description: rpk ai mcp # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Manage MCP servers (create, get, list, update, delete, types) ## [](#usage)Usage ```bash rpk ai mcp [command] ``` ## [](#aliases)Aliases ```bash mcp, mcp-server ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | help for mcp. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 96: rpk ai model get **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-model-get.md --- # rpk ai model get > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai model get page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-model-get page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-model-get.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-model-get.adoc description: rpk ai model get # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Get model details from the catalog ## [](#usage)Usage ```bash rpk ai model get [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | help for get. | | --provider-type | string | provider type (for disambiguation when a model is exposed by multiple providers). | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 97: rpk ai model list **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-model-list.md --- # rpk ai model list > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai model list page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-model-list page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-model-list.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-model-list.adoc description: rpk ai model list # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- List available models in the catalog ## [](#usage)Usage ```bash rpk ai model list [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | help for list. | | --provider-type | string | filter by provider type (openai, openai-compatible, anthropic, google, bedrock). | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 98: rpk ai model **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-model.md --- # rpk ai model > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai model page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-model page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-model.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-model.adoc description: rpk ai model # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Discover the models the Redpanda AI gateway exposes. The catalog is read-only — `model list` and `model get` are the only verbs. The catalog is populated from each LLM provider’s metadata plus any extras the operator has pinned to a tenant. Aliases: `models`, `m`. ## [](#usage)Usage ```bash rpk ai model [command] ``` ## [](#aliases)Aliases ```bash model, models, m ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | help for model. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 99: rpk ai oauth-client create **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-oauth-client-create.md --- # rpk ai oauth-client create > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai oauth-client create page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-oauth-client-create page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-oauth-client-create.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-oauth-client-create.adoc description: rpk ai oauth-client create # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Register an OAuth client. The generated client\_secret is printed once to stderr with a "copy this now" banner — it cannot be retrieved afterward. Store it in whatever secret manager the external tool uses. ## [](#usage)Usage ```bash rpk ai oauth-client create [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | --allowed-resource | strings | MCP URL this client can request tokens for; "" = any. repeatable (default []). | | --display-name | string | human-readable display name shown on the consent card (required). | | --enabled | - | whether the client may request tokens (default true). | | --grant-types | strings | grant types: authorization_code, refresh_token (default [authorization_code,refresh_token]). | | -h, --help | - | help for create. | | --logo-uri | string | https:// logo URI shown on the consent card. | | --name | string | client name (required; AIP-122 resource identifier). | | --pkce-required | - | require PKCE (RFC 7636) on authorization requests (default true). | | --redirect-uri | strings | allowed redirect URI (exact match; repeatable, required). | | --token-endpoint-auth-method | string | token endpoint auth: client_secret_basic, client_secret_post, none (default "client_secret_basic"). | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 100: rpk ai oauth-client delete **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-oauth-client-delete.md --- # rpk ai oauth-client delete > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai oauth-client delete page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-oauth-client-delete page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-oauth-client-delete.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-oauth-client-delete.adoc description: rpk ai oauth-client delete # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Delete an OAuth client ## [](#usage)Usage ```bash rpk ai oauth-client delete [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | help for delete. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 101: rpk ai oauth-client get **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-oauth-client-get.md --- # rpk ai oauth-client get > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai oauth-client get page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-oauth-client-get page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-oauth-client-get.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-oauth-client-get.adoc description: rpk ai oauth-client get # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Get an OAuth client ## [](#usage)Usage ```bash rpk ai oauth-client get [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | help for get. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 102: rpk ai oauth-client list **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-oauth-client-list.md --- # rpk ai oauth-client list > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai oauth-client list page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-oauth-client-list page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-oauth-client-list.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-oauth-client-list.adoc description: rpk ai oauth-client list # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- List OAuth clients ## [](#usage)Usage ```bash rpk ai oauth-client list [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | --filter-name | string | filter by name (contains). | | -h, --help | - | help for list. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 103: rpk ai oauth-client **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-oauth-client.md --- # rpk ai oauth-client > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai oauth-client page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-oauth-client page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-oauth-client.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-oauth-client.adoc description: rpk ai oauth-client # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Manage OAuth clients registered with the AI gateway’s in-dataplane OAuth Authorization Server. An OAuthClient is the external tool (Claude.ai, ChatGPT, Cursor, …) that requests access tokens for an MCP. Create one per tool you want to allow in; the client\_secret is returned exactly once on create and cannot be retrieved afterward. Rotate via delete + re-create until Phase 2 lands a dedicated rotation RPC. Aliases: `oauth-clients`, `oc`. ## [](#usage)Usage ```bash rpk ai oauth-client [command] ``` ## [](#aliases)Aliases ```bash oauth-client, oauth-clients, oc ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | help for oauth-client. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 104: rpk ai oauth create **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-oauth-create.md --- # rpk ai oauth create > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai oauth create page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-oauth-create page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-oauth-create.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-oauth-create.adoc description: rpk ai oauth create # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Create an OAuth provider ## [](#usage)Usage ```bash rpk ai oauth create [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | --auth-endpoint | string | OAuth authorization endpoint URL (required). | | --client-id | string | OAuth client ID (required). | | --client-secret-ref | string | secret name for the client secret (UPPER_SNAKE_CASE). | | --display-name | string | human-readable display name (required). | | --enabled | - | whether provider is enabled (default true). | | --grant-types | strings | grant types: browser-consent, token-exchange (default [browser-consent]). | | -h, --help | - | help for create. | | --name | string | provider name (required). | | --pkce | - | require PKCE for authorization code grants. | | --revocation-endpoint | string | OAuth token revocation endpoint URL. | | --scopes | strings | default OAuth scopes. | | --token-auth-method | string | token endpoint auth: client-secret-basic, client-secret-post, none (default "client-secret-basic"). | | --token-endpoint | string | OAuth token endpoint URL (required). | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 105: rpk ai oauth delete **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-oauth-delete.md --- # rpk ai oauth delete > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai oauth delete page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-oauth-delete page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-oauth-delete.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-oauth-delete.adoc description: rpk ai oauth delete # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Delete an OAuth provider ## [](#usage)Usage ```bash rpk ai oauth delete [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | help for delete. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 106: rpk ai oauth get **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-oauth-get.md --- # rpk ai oauth get > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai oauth get page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-oauth-get page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-oauth-get.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-oauth-get.adoc description: rpk ai oauth get # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Get an OAuth provider ## [](#usage)Usage ```bash rpk ai oauth get [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | help for get. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 107: rpk ai oauth list **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-oauth-list.md --- # rpk ai oauth list > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai oauth list page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-oauth-list page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-oauth-list.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-oauth-list.adoc description: rpk ai oauth list # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- List OAuth providers ## [](#usage)Usage ```bash rpk ai oauth list [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | --filter-name | string | filter by name (contains). | | -h, --help | - | help for list. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 108: rpk ai oauth update **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-oauth-update.md --- # rpk ai oauth update > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai oauth update page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-oauth-update page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-oauth-update.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-oauth-update.adoc description: rpk ai oauth update # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Update an OAuth provider ## [](#usage)Usage ```bash rpk ai oauth update [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | --auth-endpoint | string | new authorization endpoint URL. | | --client-secret-ref | string | new client secret reference. | | --display-name | string | new display name. | | --enabled | - | whether provider is enabled (default true). | | -h, --help | - | help for update. | | --pkce | - | require PKCE. | | --revocation-endpoint | string | new revocation endpoint URL. | | --scopes | strings | new default scopes. | | --token-endpoint | string | new token endpoint URL. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 109: rpk ai oauth **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-oauth.md --- # rpk ai oauth > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai oauth page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-oauth page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-oauth.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-oauth.adoc description: rpk ai oauth # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Manage OAuth authorization-server configurations registered with the Redpanda AI gateway. OAuth providers describe third-party authorization servers (GitHub, Google, Slack, …​) that user-facing MCP servers can authenticate against via the device-consent flow. Aliases: `oauth-provider` (compat with aigwctl), `op`. ## [](#usage)Usage ```bash rpk ai oauth [command] ``` ## [](#aliases)Aliases ```bash oauth, oauth-provider, op ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | help for oauth. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 110: rpk ai uninstall **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-uninstall.md --- # rpk ai uninstall > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai uninstall page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-uninstall page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-uninstall.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-uninstall.adoc description: rpk ai uninstall # Beta release status page-beta: "true" page-git-created-date: "2026-05-11" page-git-modified-date: "2026-05-27" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Uninstall the Redpanda AI CLI ## [](#usage)Usage ```bash rpk ai uninstall [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | Help for uninstall. | | --config | string | Redpanda or rpk config file; default search paths are /var/lib/redpanda/.config/rpk/rpk.yaml, $PWD/redpanda.yaml, and /etc/redpanda/redpanda.yaml. | | -X, --config-opt | stringArray | Override rpk configuration settings; '-X help' for detail or '-X list' for terser detail. | | --ignore-profile | - | Ignore rpk.yaml and redpanda.yaml; use default settings. | | --profile | string | rpk profile to use. | | -v, --verbose | - | Enable verbose logging. | --- # Page 111: rpk ai upgrade **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-upgrade.md --- # rpk ai upgrade > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai upgrade page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-upgrade page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-upgrade.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-upgrade.adoc description: rpk ai upgrade # Beta release status page-beta: "true" page-git-created-date: "2026-05-11" page-git-modified-date: "2026-05-27" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Upgrade to the latest Redpanda AI CLI version ## [](#usage)Usage ```bash rpk ai upgrade [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | Help for upgrade. | | --no-confirm | - | Disable confirmation prompt for major version upgrades. | | --config | string | Redpanda or rpk config file; default search paths are /var/lib/redpanda/.config/rpk/rpk.yaml, $PWD/redpanda.yaml, and /etc/redpanda/redpanda.yaml. | | -X, --config-opt | stringArray | Override rpk configuration settings; '-X help' for detail or '-X list' for terser detail. | | --ignore-profile | - | Ignore rpk.yaml and redpanda.yaml; use default settings. | | --profile | string | rpk profile to use. | | -v, --verbose | - | Enable verbose logging. | --- # Page 112: rpk ai version **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai-version.md --- # rpk ai version > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai version page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai-version page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai-version.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai-version.adoc description: rpk ai version # Beta release status page-beta: "true" page-git-created-date: "2026-05-27" page-git-modified-date: "2026-06-10" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Print rpai version and commit ## [](#usage)Usage ```bash rpk ai version [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | help for version. | | -o, --format | string | output format: table | | wide | json | yaml | | markdown (env: RPAI_FORMAT) (default "table"). | --no-color | - | | disable colored output (env: NO_COLOR). | -c, --rpai-config | string | | path to rpai config (env: RPAI_CONFIG) (default "/var/lib/redpanda/.rpai/config"). | -s, --rpai-endpoint | string | | override dataplane URL (env: RPAI_ENDPOINT). | -p, --rpai-profile | string | | rpai profile name (env: RPAI_PROFILE). | -v, --rpai-verbose | - | | verbose debug logging to stderr (env: RPAI_VERBOSE). | --token | string | --- # Page 113: rpk ai **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-ai/rpk-ai.md --- # rpk ai > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk ai page-beta-text: This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-ai/rpk-ai page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-ai/rpk-ai.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-ai/rpk-ai.adoc description: rpk ai # Beta release status page-beta: "true" page-git-created-date: "2026-05-11" page-git-modified-date: "2026-05-27" release-status: beta - This is a beta feature. Beta features are available for testing and feedback. They are not supported by Redpanda and should not be used in production environments. --- Manage the Redpanda AI Gateway ## [](#usage)Usage ```bash rpk ai [flags] rpk ai [command] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | Help for ai. | | --config | string | Redpanda or rpk config file; default search paths are /var/lib/redpanda/.config/rpk/rpk.yaml, $PWD/redpanda.yaml, and /etc/redpanda/redpanda.yaml. | | -X, --config-opt | stringArray | Override rpk configuration settings; '-X help' for detail or '-X list' for terser detail. | | --ignore-profile | - | Ignore rpk.yaml and redpanda.yaml; use default settings. | | --profile | string | rpk profile to use. | | -v, --verbose | - | Enable verbose logging. | --- # Page 114: rpk cloud cluster select **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-cloud/rpk-cloud-cluster-select.md --- # rpk cloud cluster select > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk cloud cluster select latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-cloud/rpk-cloud-cluster-select page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-cloud/rpk-cloud-cluster-select.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-cloud/rpk-cloud-cluster-select.adoc page-git-created-date: "2026-05-11" page-git-modified-date: "2026-05-27" --- Update your rpk profile to communicate with the requested cluster. This command is essentially an alias for the following command: ```bash rpk profile create --from-cloud=${NAME} ``` If you want to name this profile rather than creating or updating values in the default cloud-dedicated profile, you can use the `--profile` flag. For Serverless clusters that support both public and private networking, you are prompted to select a network type unless you specify `--serverless-network`. To avoid prompts in automation, explicitly set `--serverless-network` to `public` or `private`. ## [](#usage)Usage ```bash rpk cloud cluster select [NAME] [flags] ``` ## [](#aliases)Aliases ```bash select, use ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | Help for select. | | --profile | string | Name of a profile to create or update (avoids updating "rpk-cloud"). | | --serverless-network | string | Networking type for Serverless clusters: public or private (if not specified, will prompt if both are available). | | --config | string | Redpanda or rpk config file; default search paths are /var/lib/redpanda/.config/rpk/rpk.yaml, $PWD/redpanda.yaml, and /etc/redpanda/redpanda.yaml. | | -X, --config-opt | stringArray | Override rpk configuration settings; '-X help' for detail or '-X list' for terser detail. | | -v, --verbose | - | Enable verbose logging. | --- # Page 115: rpk cloud cluster **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-cloud/rpk-cloud-cluster.md --- # rpk cloud cluster > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk cloud cluster latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-cloud/rpk-cloud-cluster page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-cloud/rpk-cloud-cluster.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-cloud/rpk-cloud-cluster.adoc page-git-created-date: "2026-05-11" page-git-modified-date: "2026-05-27" --- Manage rpk cloud clusters. This command allows you to manage cloud clusters, and to easily switch between the clusters you are communicating with. ## [](#usage)Usage ```bash rpk cloud cluster [command] [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | Help for cluster. | | --config | string | Redpanda or rpk config file; default search paths are /var/lib/redpanda/.config/rpk/rpk.yaml, $PWD/redpanda.yaml, and /etc/redpanda/redpanda.yaml. | | -X, --config-opt | stringArray | Override rpk configuration settings; '-X help' for detail or '-X list' for terser detail. | | --profile | string | rpk profile to use. | | -v, --verbose | - | Enable verbose logging. | --- # Page 116: rpk cloud login **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-cloud/rpk-cloud-login.md --- # rpk cloud login > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk cloud login latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-cloud/rpk-cloud-login page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-cloud/rpk-cloud-login.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-cloud/rpk-cloud-login.adoc page-git-created-date: "2026-05-11" page-git-modified-date: "2026-05-27" --- Log in to Redpanda Cloud. This command checks for an existing Redpanda Cloud API token and, if present, ensures it is still valid. If no token is found or the token is no longer valid, this command will login and save your token along with the client ID used to request the token. ## [](#login-credentials)Login credentials You may use either SSO or client credentials to log in. ### [](#sso)SSO This will automatically launch your default web browser and prompt you to authenticate via our Redpanda Cloud page. Once you have successfully authenticated, you will be ready to use `rpk cloud` commands. ### [](#client-credentials)Client credentials Cloud client credentials can be used to login to Redpanda, they can be created in the Clients tab of the Users section in the Redpanda Cloud online interface. client credentials can be provided in three ways, in order of preference: - In your `rpk cloud auth`, `client_id` and `client_secret` fields - Through `RPK_CLOUD_CLIENT_ID` and `RPK_CLOUD_CLIENT_SECRET` environment variables - Through the `--client-id` and `--client-secret` flags If none of these are provided, `rpk` will use the SSO method to login. If you specify environment variables or flags, they will not be synced to the `rpk.yaml` file unless the `--save` flag is passed. The cloud authorization token and client ID is always synced. ## [](#usage)Usage ```bash rpk cloud login [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | --client-id | string | The client ID of the organization in Redpanda Cloud. | | --client-secret | string | The client secret of the organization in Redpanda Cloud. | | -h, --help | - | Help for login. | | --no-profile | - | Skip automatic profile creation and any associated prompts. | | --save | - | Save environment or flag specified client ID and client secret to the configuration file. | | --config | string | Redpanda or rpk config file; default search paths are /var/lib/redpanda/.config/rpk/rpk.yaml, $PWD/redpanda.yaml, and /etc/redpanda/redpanda.yaml. | | -X, --config-opt | stringArray | Override rpk configuration settings. See rpk -X or execute rpk -X help for inline detail or rpk -X list for terser detail. | | --profile | string | Profile to use. See rpk profile for more details. | | -v, --verbose | - | Enable verbose logging. | --- # Page 117: rpk cloud logout **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-cloud/rpk-cloud-logout.md --- # rpk cloud logout > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk cloud logout latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-cloud/rpk-cloud-logout page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-cloud/rpk-cloud-logout.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-cloud/rpk-cloud-logout.adoc page-git-created-date: "2026-05-11" page-git-modified-date: "2026-05-27" --- Log out from Redpanda cloud. This command deletes your cloud authentication token. If you want to log out entirely and switch to a different organization, you can use the `--clear-credentials` flag to additionally clear your client ID and client secret. You can use the --all flag to log out of all organizations you may be logged into. ## [](#usage)Usage ```bash rpk cloud logout [flags] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -a, --all | - | Log out of all organizations you may be logged into, rather than just the current authentication’s organization. | | -c, --clear-credentials | - | Clear the client ID and client secret in addition to the authentication token. | | -h, --help | - | Help for logout. | | --config | string | Redpanda or rpk config file; default search paths are /var/lib/redpanda/.config/rpk/rpk.yaml, $PWD/redpanda.yaml, and /etc/redpanda/redpanda.yaml. | | -X, --config-opt | stringArray | Override rpk configuration settings. See rpk -X or execute rpk -X help for inline detail or rpk -X list for terser detail. | | --profile | string | Profile to use. See rpk profile for more details. | | -v, --verbose | - | Enable verbose logging. | --- # Page 118: rpk cloud **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-cloud/rpk-cloud.md --- # rpk cloud > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk cloud latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-cloud/rpk-cloud page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-cloud/rpk-cloud.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-cloud/rpk-cloud.adoc page-git-created-date: "2026-05-11" page-git-modified-date: "2026-05-27" --- Interact with Redpanda Cloud. ## [](#usage)Usage ```bash rpk cloud [flags] [command] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | Help for cloud. | | --config | string | Redpanda or rpk config file; default search paths are /var/lib/redpanda/.config/rpk/rpk.yaml, $PWD/redpanda.yaml, and /etc/redpanda/redpanda.yaml. | | -X, --config-opt | stringArray | Override rpk configuration settings. See rpk -X or execute rpk -X help for inline detail or rpk -X list for terser detail. | | --profile | string | Profile to use. See rpk profile for more details. | | -v, --verbose | - | Enable verbose logging. | --- # Page 119: rpk profile **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-profile/rpk-profile.md --- # rpk profile > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk profile latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-profile/rpk-profile page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-profile/rpk-profile.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-profile/rpk-profile.adoc page-git-created-date: "2026-05-11" page-git-modified-date: "2026-05-27" --- Manage `rpk profiles`. An `rpk profile` talks to a single Redpanda cluster. You can create multiple profiles for multiple clusters and swap between them with `rpk profile use`. Multiple profiles may be useful if, for example, you use `rpk` to talk to a localhost cluster, a dev cluster, and a prod cluster, and you want to keep your configuration in one place. You can also use the `RPK_PROFILE` environment variable to temporarily override the current profile without modifying your configuration. The `--profile` flag takes precedence over the environment variable if both are set. ## [](#usage)Usage ```bash rpk profile [flags] [command] ``` ## [](#flags)Flags | Value | Type | Description | | --- | --- | --- | | -h, --help | - | Help for profile. | | --config | string | Redpanda or rpk config file; default search paths are /var/lib/redpanda/.config/rpk/rpk.yaml, $PWD/redpanda.yaml, and /etc/redpanda/redpanda.yaml. | | -X, --config-opt | stringArray | Override rpk configuration settings. See rpk -X or execute rpk -X help for inline detail or rpk -X list for terser detail. | | --ignore-profile | - | Ignore rpk.yaml and redpanda.yaml; use default settings. | | --profile | string | Profile to use. | | -v, --verbose | - | Enable verbose logging. | --- # Page 120: rpk -X **URL**: https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-x-options.md --- # rpk -X > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [agentic-data-plane-full.txt](https://docs.redpanda.com/agentic-data-plane-full.txt) --- title: rpk -X latest-operator-version: v26.1.5 latest-console-tag: v3.7.4 latest-connect-version: 4.96.1 latest-redpanda-tag: v26.1.10 docname: rpk/rpk-x-options page-component-name: agentic-data-plane page-version: master page-component-version: master page-component-title: Agentic Data Plane page-relative-src-path: rpk/rpk-x-options.adoc page-edit-url: https://github.com/redpanda-data/adp-docs/edit/main/modules/reference/pages/rpk/rpk-x-options.adoc page-git-created-date: "2026-05-11" page-git-modified-date: "2026-05-26" --- Use the `-X` flag to override any rpk-specific configuration option for a single command, without modifying your rpk profile. Each option follows the form `key=value`: for example, `rpk -X tls.enabled=true` enables TLS for the Kafka API. Every `-X` option also has an environment-variable equivalent: prefix with `RPK_` and replace periods (`.`) with underscores (`_`). For example, `tls.enabled` becomes `RPK_TLS_ENABLED`. To list every available option, run: ```bash rpk -X list ``` Run `rpk -X help` for inline descriptions, or see the [full `rpk -X` reference](https://docs.redpanda.com/current/reference/rpk/rpk-x-options/) in the Redpanda docs. > 💡 **TIP** > > For persistent configuration across commands and sessions, prefer [rpk profiles](https://docs.redpanda.com/agentic-data-plane/reference/rpk/rpk-profile/rpk-profile/) over environment variables or `-X` flags. ---