Update app.py

app.py

@@ -1,6 +1,6 @@
 import os
 import requests
-from fastapi import FastAPI, HTTPException, Header, Depends
+from fastapi import FastAPI, HTTPException, Depends
 from fastapi.responses import JSONResponse
 from fastapi.security.api_key import APIKeyHeader
 
@@ -9,40 +9,44 @@ from fastapi.security.api_key import APIKeyHeader
 # -------------------------------------------------
 HUGGINGFACE_BACKEND = os.getenv("SAP_BACKEND_URL", "https://pd03-agentkit.hf.space/purchase-orders")
 AGENTKIT_API_KEY = os.getenv("AGENTKIT_API_KEY", None)
+BASE_URL = os.getenv("PUBLIC_URL", "https://<your-space>.hf.space")  # Replace if testing locally
 
 app = FastAPI(
     title="SAP MCP Server",
-    description="MCP-compatible server exposing SAP purchase order API for AgentKit.",
-    version="1.1.0",
+    description=(
+        "MCP-compatible FastAPI server exposing the SAP Purchase Order API tool "
+        "for OpenAI AgentKit (October 2025+)."
+    ),
+    version="1.2.0",
 )
 
 # -------------------------------------------------
-# AUTH SETUP
+# AUTHENTICATION
 # -------------------------------------------------
 api_key_header = APIKeyHeader(name="x-agentkit-api-key", auto_error=False)
 
 def verify_api_key(api_key: str = Depends(api_key_header)):
-    """Check for valid API key in request headers."""
+    """Verifies the x-agentkit-api-key header, if configured."""
     if AGENTKIT_API_KEY is None:
-        # Running in open mode
+        # Open mode (no auth configured)
         return True
     if api_key != AGENTKIT_API_KEY:
         raise HTTPException(status_code=401, detail="Invalid or missing API key")
     return True
 
 # -------------------------------------------------
-# MCP Manifest (for AgentKit autodiscovery)
+# MCP MANIFEST (AgentKit autodiscovery)
 # -------------------------------------------------
 @app.get("/.well-known/mcp/manifest.json", include_in_schema=False)
 async def get_manifest():
     """
-    Returns the MCP manifest so AgentKit can auto-discover the tool.
-    Includes auth metadata for API key header usage.
+    Returns the MCP manifest that AgentKit uses to discover tools.
+    The manifest defines auth and the tool's absolute URL.
     """
     manifest = {
         "name": "sap_mcp_server",
         "description": "MCP server exposing a tool for retrieving SAP purchase orders.",
-        "version": "1.1.0",
+        "version": "1.2.0",
         "auth": {
             "type": "api_key",
             "location": "header",
@@ -60,7 +64,7 @@ async def get_manifest():
                 "output_schema": {"type": "object"},
                 "http": {
                     "method": "GET",
-                    "url": "/tools/get_purchase_orders"
+                    "url": f"{BASE_URL}/tools/get_purchase_orders"
                 }
             }
         ]
@@ -73,8 +77,8 @@ async def get_manifest():
 @app.get("/tools/get_purchase_orders", tags=["MCP Tools"])
 async def get_purchase_orders(auth=Depends(verify_api_key)):
     """
-    Fetch the top 50 SAP purchase orders from the backend.
-    Requires a valid AgentKit API key (if configured).
+    Fetches SAP purchase orders via the Hugging Face backend.
+    Requires a valid x-agentkit-api-key header if configured.
     """
     try:
         resp = requests.get(HUGGINGFACE_BACKEND, timeout=30)