feat: add use-supervisor-api skill#155
Open
smurching wants to merge 6 commits intodatabricks:mainfrom
Open
Conversation
Adds a new app template that uses the Databricks Supervisor API
(AI Gateway at /mlflow/v1/responses) for server-side tool execution,
instead of managing an agent loop with the OpenAI Agents SDK.
Key implementation detail: DatabricksOpenAI defaults to
{host}/serving-endpoints, but the Supervisor API is at
{host}/mlflow/v1/responses. _get_client() overrides base_url to
point to the correct AI Gateway endpoint.
Includes unit tests (9 passing) and integration test stubs for the
live staging endpoint.
Signed-off-by: Sid Murching <sid.murching@databricks.com>
- Derive AI Gateway base URL from workspace ID + domain (not workspace host) e.g. https://<workspace_id>.ai-gateway.<domain>/mlflow/v1 - Add liteswap staging header via extra_headers per-call - Fix output serialization: call .model_dump() on each response.output item - Swap example tool to Genie (NYC taxi space) to demonstrate hosted tools - Update MODEL to databricks-claude-opus-4-6 - Add unit tests for _ai_gateway_base_url, _get_client, invoke/stream handlers Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
smurching
changed the title
Adds a skill that guides users to build agents using the Databricks Supervisor API (hosted tools) instead of a client-side agent loop. Syncs the skill to all existing templates. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…tern - Replace manual AI Gateway URL derivation with use_ai_gateway=True - Add OBO pattern: cache base URL at startup, create per-request client with forwarded user token via x-forwarded-access-token custom_input - Bump minimum databricks-openai version to 0.14.0 - Drop beta/workspace availability caveats; keep real API constraints Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…sor-api skill The agent_endpoint tool type routes through KATool which always sends ka_query as the input parameter — a KA-specific protocol. Regular LangGraph/OpenAI agents don't implement this protocol and will fail. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- genie -> genie_space (drop name field) - uc_function -> unity_catalog_function (drop name_alias) - mcp -> external_mcp_server (drop name field) - Update permissions table and troubleshooting section Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
jennsun
reviewed
Apr 9, 2026
| | `unity_catalog_function` | `uc_securable` (FUNCTION) with `EXECUTE` | | ||
| | `agent_endpoint` | `serving_endpoint` with `CAN_QUERY` (KA endpoints only) | | ||
| | `external_mcp_server` | `uc_securable` (CONNECTION) with `USE_CONNECTION` | | ||
|
|
Contributor
There was a problem hiding this comment.
Will update these to correspond with the latest:
Here is the **complete, up-to-date list** of all tool types supported by the Supervisor API (`POST /api/2.0/mas/responses`), based on the current codebase:
## Allowlisted tool types (via `/responses` endpoint)
These are the tool types accepted by `_validate_responses_tool_types()` — the default allowlist in `_RESPONSES_DEFAULT_ALLOWED_TOOL_TYPES`:
| # | Tool type (as sent in `tools[].type`) | Description |
|---|---|---|
| 1 | **`genie_space`** | Genie AI/BI space — queries a Genie room by `space_id` |
| 2 | **`serving_endpoint`** | Serving endpoint (e.g., Knowledge Agent) — calls a model serving endpoint |
| 3 | **`unity_catalog_function`** | Unity Catalog function — executes a UC function by its 3-level path |
| 4 | **`external_mcp_server`** | External MCP server via UC connection — connects to an MCP server through a UC connection name |
| 5 | **`databricks_apps_mcp`** | Databricks Apps MCP — connects to an MCP server hosted as a Databricks App |
| 6 | **`code_interpreter`** | Code interpreter — executes Python code in a sandboxed REPL |
## Additional tool types (handled in code but not in the `/responses` allowlist by default)
These are processed by `_build_supervisor_conf_from_openai_format()` but are gated behind the `databricks.tiles.mas.enabledTools` Safe flag or used internally:
| # | Tool type | Description |
|---|---|---|
| 7 | **`function`** | Client-defined function tools (OpenAI-compatible) — always allowed, passed to the LLM as callable functions |
| 8 | **`agent`** | Sub-agent tool — delegates to another agent |
| 9 | **`vector_search`** | Vector search index — searches a Databricks vector search index (internal, stored in `request_context`) |
| 10 | **`iretriever`** | Instructed retriever — semantic document retrieval with knowledge sources (internal, stored in `request_context`) |
## Alias mapping
The codebase also accepts **alternative names** for some tool types via `_TOOL_TYPE_ALIASES`. These are Supervisor Agent naming conventions that map to the internal MAS names:
| Alias (what you can send) | Maps to internally |
|---|---|
| `genie_space` | `genie` |
| `serving_endpoint` | `agent_endpoint` |
| `unity_catalog_function` | `uc_function` |
| `external_mcp_server` | `mcp` |
| `databricks_apps_mcp` | `mcp` |
So for example, sending `type: "genie_space"` or `type: "genie"` both work — the alias is resolved before processing.
## Connector shorthands (sub-type of `external_mcp_server` / `mcp`)
When using `external_mcp_server` or `mcp` tool type, you can specify a `connector` shorthand instead of a `connection_name`. These auto-create system-managed UC connections:
| Connector shorthand | Service | Has built-in MCP server? |
|---|---|---|
| `google_drive` | Google Drive | Yes (uses internal MAS adapter) |
| `sharepoint` | SharePoint | Yes (uses internal MAS adapter) |
| `github_mcp` | GitHub | No (uses external MCP proxy) |
| `atlassian_mcp` | Atlassian (Jira/Confluence) | No (uses external MCP proxy) |
---
So your table should be updated to:
| Tool type | Resource to grant |
|-----------|-------------------|
| `genie_space` | `genie_space` with `CAN_RUN` |
| `unity_catalog_function` | `uc_securable` (FUNCTION) with `EXECUTE` |
| `serving_endpoint` | `serving_endpoint` with `CAN_QUERY` (KA endpoints only) |
| `external_mcp_server` | `uc_securable` (CONNECTION) with `USE_CONNECTION` |
| `databricks_apps_mcp` | *(Databricks App access)* |
| `code_interpreter` | *(no external resource — sandboxed REPL)* |
| `function` | *(client-side — no server resource)* |
| `agent` | *(sub-agent delegation)* |
| `vector_search` | *(vector search index access)* |
| `iretriever` | *(instructed retriever — knowledge sources)* |
Contributor
|
taking over this pr: #183 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
use-supervisor-apiskill that guides users to build agents using the Databricks Supervisor APIdatabricks-openai, declaring hosted tools (Genie spaces, UC functions, agent endpoints, MCP servers), updatingagent_server/agent.pyto callDatabricksOpenAI().responses.create(), granting resource permissions indatabricks.yml, and beta limitationssync-skills.pyWhat is the Supervisor API
The Supervisor API (
POST https://{workspace_id}.ai-gateway.{domain}/mlflow/v1/responses) lets Databricks run the tool-selection and synthesis loop server-side. Users declare hostedtools and call
responses.create()— no agent loop code needed.Currently in Beta — requires AI Gateway (Beta) preview enabled in the workspace.
Beta limitations noted in skill
temperature) are not supported when tools are passedTest plan
.claude/skills/directories after runninguv run python .scripts/sync-skills.py