agentic-community · gauravrele87 · Nov 8, 2025 · Nov 19, 2025 · Dec 4, 2025 · Dec 4, 2025
diff --git a/.env.example b/.env.example
@@ -182,6 +182,44 @@ ANTHROPIC_API_KEY=your_anthropic_api_key_here
 # Get OpenAI API key from https://platform.openai.com/api-keys
 MCP_SCANNER_LLM_API_KEY=your_openai_api_key_here
 
+# =============================================================================
+# EMBEDDINGS CONFIGURATION
+# =============================================================================
+
+# Embeddings provider: 'sentence-transformers' (local) or 'litellm' (cloud-based)
+# Default: sentence-transformers (no API key required)
+EMBEDDINGS_PROVIDER=litellm
+
+# Model name for embeddings generation
+# For sentence-transformers: model name from Hugging Face (e.g., all-MiniLM-L6-v2)
+# For litellm: provider-prefixed model (e.g., bedrock/amazon.titan-embed-text-v1,
+#              openai/text-embedding-3-small, cohere/embed-english-v3.0)
+EMBEDDINGS_MODEL_NAME=bedrock/amazon.titan-embed-text-v2:0
+
+# Embedding dimension (must match the model's output dimension)
+# all-MiniLM-L6-v2: 384
+# text-embedding-3-small: 1536
+# amazon.titan-embed-text-v1: 1536
+# cohere/embed-english-v3.0: 1024
+EMBEDDINGS_MODEL_DIMENSIONS=1024
+
+# LiteLLM-specific settings (only used when EMBEDDINGS_PROVIDER=litellm)
+# API key for cloud embeddings provider (provider-specific)
+# For OpenAI: Get from https://platform.openai.com/api-keys
+# For Cohere: Get from https://dashboard.cohere.com/api-keys
+# For Bedrock: Not used - configure AWS credentials via standard methods (see below)
+# EMBEDDINGS_API_KEY=your_api_key_here
+
+# Optional: Custom API base URL for embeddings provider
+# EMBEDDINGS_API_BASE=https://api.custom-endpoint.com
+
+# AWS region for Amazon Bedrock embeddings (only needed for Bedrock)
+# Note: For Bedrock authentication, use standard AWS credential chain:
+#       - IAM roles (recommended for EC2/EKS)
+#       - Environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
+#       - AWS credentials file (~/.aws/credentials)
+# EMBEDDINGS_AWS_REGION=us-east-1
+
 # =============================================================================
 # CONTAINER REGISTRY CREDENTIALS (for CI/CD and local builds)
 # =============================================================================

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -40,6 +40,13 @@ services:
       - EXTERNAL_REGISTRY_TAGS=${EXTERNAL_REGISTRY_TAGS:-anthropic-registry,workday-asor}
       - ASOR_ACCESS_TOKEN=${ASOR_ACCESS_TOKEN}
       - ASOR_CLIENT_CREDENTIALS=${ASOR_CLIENT_CREDENTIALS}
+      # Embeddings Configuration
+      - EMBEDDINGS_PROVIDER=${EMBEDDINGS_PROVIDER:-sentence-transformers}
+      - EMBEDDINGS_MODEL_NAME=${EMBEDDINGS_MODEL_NAME:-all-MiniLM-L6-v2}
+      - EMBEDDINGS_MODEL_DIMENSIONS=${EMBEDDINGS_MODEL_DIMENSIONS:-384}
+      - EMBEDDINGS_API_KEY=${EMBEDDINGS_API_KEY}
+      - EMBEDDINGS_API_BASE=${EMBEDDINGS_API_BASE}
+      - EMBEDDINGS_AWS_REGION=${EMBEDDINGS_AWS_REGION:-us-east-1}
     ports:
       - "80:80"
       - "443:443"

diff --git a/docker/registry-entrypoint.sh b/docker/registry-entrypoint.sh
@@ -103,26 +103,48 @@ else
     echo "HTTP + HTTPS Nginx configuration installed."
 fi
 
-# --- Model Check ---
-EMBEDDINGS_MODEL_NAME="all-MiniLM-L6-v2"
-EMBEDDINGS_MODEL_DIR="/app/registry/models/$EMBEDDINGS_MODEL_NAME"
-
-echo "Checking for sentence-transformers model..."
-if [ ! -d "$EMBEDDINGS_MODEL_DIR" ] || [ -z "$(ls -A "$EMBEDDINGS_MODEL_DIR")" ]; then
-    echo "=========================================="
-    echo "WARNING: Embeddings model not found!"
-    echo "=========================================="
-    echo ""
-    echo "The registry requires the sentence-transformers model to function properly."
-    echo "Please download the model to: $EMBEDDINGS_MODEL_DIR"
-    echo ""
-    echo "Run this command to download the model:"
-    echo "  docker run --rm -v \$(pwd)/models:/models huggingface/transformers-pytorch-cpu python -c \"from sentence_transformers import SentenceTransformer; SentenceTransformer('sentence-transformers/$EMBEDDINGS_MODEL_NAME').save('/models/$EMBEDDINGS_MODEL_NAME')\""
-    echo ""
-    echo "Or see the README for alternative download methods."
-    echo "=========================================="
-else
-    echo "Embeddings model found at $EMBEDDINGS_MODEL_DIR"
+# --- Embeddings Configuration ---
+# Get embeddings configuration from environment or use defaults
+EMBEDDINGS_PROVIDER="${EMBEDDINGS_PROVIDER:-sentence-transformers}"
+EMBEDDINGS_MODEL_NAME="${EMBEDDINGS_MODEL_NAME:-all-MiniLM-L6-v2}"
+EMBEDDINGS_MODEL_DIMENSIONS="${EMBEDDINGS_MODEL_DIMENSIONS:-384}"
+
+echo "Embeddings Configuration:"
+echo "  Provider: $EMBEDDINGS_PROVIDER"
+echo "  Model: $EMBEDDINGS_MODEL_NAME"
+echo "  Dimensions: $EMBEDDINGS_MODEL_DIMENSIONS"
+
+# Only check for local model if using sentence-transformers
+if [ "$EMBEDDINGS_PROVIDER" = "sentence-transformers" ]; then
+    EMBEDDINGS_MODEL_DIR="/app/registry/models/$EMBEDDINGS_MODEL_NAME"
+
+    echo "Checking for sentence-transformers model..."
+    if [ ! -d "$EMBEDDINGS_MODEL_DIR" ] || [ -z "$(ls -A "$EMBEDDINGS_MODEL_DIR")" ]; then
+        echo "=========================================="
+        echo "WARNING: Embeddings model not found!"
+        echo "=========================================="
+        echo ""
+        echo "The registry requires the sentence-transformers model to function properly."
+        echo "Please download the model to: $EMBEDDINGS_MODEL_DIR"
+        echo ""
+        echo "Run this command to download the model:"
+        echo "  docker run --rm -v \$(pwd)/models:/models huggingface/transformers-pytorch-cpu python -c \"from sentence_transformers import SentenceTransformer; SentenceTransformer('sentence-transformers/$EMBEDDINGS_MODEL_NAME').save('/models/$EMBEDDINGS_MODEL_NAME')\""
+        echo ""
+        echo "Or see the README for alternative download methods."
+        echo "=========================================="
+    else
+        echo "Embeddings model found at $EMBEDDINGS_MODEL_DIR"
+    fi
+elif [ "$EMBEDDINGS_PROVIDER" = "litellm" ]; then
+    echo "Using LiteLLM provider - no local model download required"
+    echo "Model: $EMBEDDINGS_MODEL_NAME"
+    if [[ "$EMBEDDINGS_MODEL_NAME" == bedrock/* ]]; then
+        echo "Bedrock model will use AWS credential chain for authentication"
+    elif [ ! -z "$EMBEDDINGS_API_KEY" ]; then
+        echo "API key configured for cloud embeddings"
+    else
+        echo "WARNING: No EMBEDDINGS_API_KEY set for cloud provider"
+    fi
 fi
 
 # --- Environment Variable Substitution for MCP Server Auth Tokens ---
@@ -140,8 +162,10 @@ done
 echo "MCP Server configuration processing completed."
 
 # --- Start Background Services ---
+# Export embeddings configuration for the registry service
+export EMBEDDINGS_PROVIDER=$EMBEDDINGS_PROVIDER
 export EMBEDDINGS_MODEL_NAME=$EMBEDDINGS_MODEL_NAME
-export EMBEDDINGS_MODEL_DIMENSIONS=384
+export EMBEDDINGS_MODEL_DIMENSIONS=$EMBEDDINGS_MODEL_DIMENSIONS
 
 echo "Starting MCP Registry in the background..."
 cd /app

diff --git a/docs/complete-setup-guide.md b/docs/complete-setup-guide.md
@@ -217,19 +217,19 @@ For now, make these additional essential changes in the `.env` file:
 
 ```bash
 # Set authentication provider to Keycloak
-AUTH_PROVIDER=keycloak
+AUTH_PROVIDER=keycloak #Do not change
 
 # Set a secure admin password (change this!)
 # This is used for Keycloak API authentication during setup
-KEYCLOAK_ADMIN_PASSWORD=YourSecureAdminPassword123!
+KEYCLOAK_ADMIN_PASSWORD=YourSecureAdminPassword123! # change me
 
 # CRITICAL: Set INITIAL_ADMIN_PASSWORD to the SAME VALUE as KEYCLOAK_ADMIN_PASSWORD
 # This is used to set the password for the initial admin user in the realm
 # THESE MUST MATCH - see Step 5 for details
-INITIAL_ADMIN_PASSWORD=YourSecureAdminPassword123!
+INITIAL_ADMIN_PASSWORD=YourSecureAdminPassword123! # change me
 
 # Set Keycloak database password (change this!)
-KEYCLOAK_DB_PASSWORD=SecureKeycloakDB123!
+KEYCLOAK_DB_PASSWORD=SecureKeycloakDB123! # change me
 
 # Leave other Keycloak settings as default for now
 KEYCLOAK_URL=http://localhost:8080
@@ -307,13 +307,13 @@ If these passwords don't match:
 
 ```bash
 # Start only the database and Keycloak services first
-docker-compose up -d keycloak-db keycloak
+docker compose up -d keycloak-db keycloak
 
 # Check if services are starting
-docker-compose ps
+docker compose ps
 
 # Monitor logs to see when Keycloak is ready
-docker-compose logs -f keycloak
+docker compose logs -f keycloak
 # Wait for message: "Keycloak 25.x.x started in xxxms"
 # Press Ctrl+C to exit logs when you see this message
 ```

diff --git a/pyproject.toml b/pyproject.toml
@@ -41,6 +41,7 @@ dependencies = [
     "cisco-ai-mcp-scanner>=3.0.1",
     "awscli>=1.36.0",
     "boto3>=1.35.0",
+    ""litellm>=1.50.0"
 ]
 
 [project.optional-dependencies]

diff --git a/registry/core/config.py b/registry/core/config.py
@@ -1,6 +1,8 @@
 import os
 import secrets
 from pathlib import Path
+from typing import Optional
+
 from pydantic import ConfigDict
 from pydantic_settings import BaseSettings
 
@@ -23,9 +25,19 @@ class Settings(BaseSettings):
     auth_server_url: str = "http://localhost:8888"
     auth_server_external_url: str = "http://localhost:8888"  # External URL for OAuth redirects
 
-    # Embeddings settings
+    # Embeddings settings [Default]
+    embeddings_provider: str = "sentence-transformers"  # 'sentence-transformers' or 'litellm'
     embeddings_model_name: str = "all-MiniLM-L6-v2"
-    embeddings_model_dimensions: int = 384
+    embeddings_model_dimensions: int = 384 # 384 for default and 1024 for bedrock titan v2
+    print(embeddings_provider, embeddings_model_name, embeddings_model_dimensions)
+
+    # LiteLLM-specific settings (only used when embeddings_provider='litellm')
+    # For Bedrock: Set to None and configure AWS credentials via standard methods
+    # (IAM roles, AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY env vars, or ~/.aws/credentials)
+    embeddings_api_key: Optional[str] = None
+    embeddings_secret_key: Optional[str] = None
+    embeddings_api_base: Optional[str] = None
+    embeddings_aws_region: Optional[str] = "us-east-1"
 
     # Health check settings
     health_check_interval_seconds: int = 300  # 5 minutes for automatic background checks (configurable via env var)