Fix manifest/gateway parsing and add local dev per-server token support

- Normalize "default" audience → None and "null" scope → None in both
  _parse_manifest_server_config() and _parse_gateway_server_config() so
  Dataverse-style servers are correctly treated as V1 (shared ATG token)
  instead of triggering a bogus V2 token exchange
- Add "default" guard to resolve_token_scope_for_server() as defense-in-depth
- Fall back to mcpServerName when mcpServerUniqueName is absent from the
  manifest or gateway response
- Add _attach_dev_tokens() — reads BEARER_TOKEN_<SERVER_UNIQUE_NAME> and
  BEARER_TOKEN env vars written by `a365 develop get-token` and attaches
  per-server Authorization headers during local dev manifest loading;
  no-op in production where OBO via _attach_per_audience_tokens() is used

Author: biswapm

libraries/microsoft-agents-a365-tooling/CHANGELOG.md

@@ -9,21 +9,27 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
-- Added V1/V2 per-audience token acquisition support in `McpToolServerConfigurationService.list_tool_servers()`. When `authorization`, `auth_handler_name`, and `turn_context` are provided, each MCP server receives its own OAuth token scoped to its audience — V1 servers (no audience, or shared ATG AppId) share a single ATG-scoped token; V2 servers (unique non-ATG audience GUID or `api://` URI) each receive a token scoped to `{audience}/{scope}` (or `{audience}/.default` when scope is absent and pre-consented)
+- Added MCP V1/V2 per-audience token acquisition support in `McpToolServerConfigurationService.list_tool_servers()`. When `authorization`, `auth_handler_name`, and `turn_context` are provided, each MCP server receives its own OAuth token scoped to its audience — V1 servers (no audience, or shared ATG AppId) share a single ATG-scoped token; V2 servers (unique non-ATG audience GUID or `api://` URI) each receive a token scoped to `{audience}/{scope}` (or `{audience}/.default` when scope is absent and pre-consented)
 - Added `_attach_per_audience_tokens()` private method to `McpToolServerConfigurationService` — acquires one token per unique scope, caches within the call to avoid redundant exchanges, and attaches `Authorization: Bearer` headers to each server config
 - Added `resolve_token_scope_for_server()` utility function to derive the correct OAuth scope for a given `MCPServerConfig` based on its `audience` and `scope` fields
 - Added `audience`, `scope`, `publisher`, and `headers` fields to `MCPServerConfig`
 - Gateway discovery endpoint bumped to `/agents/v2/{id}/mcpServers`
 - `_parse_gateway_server_config()` and `_parse_manifest_server_config()` now map `audience`, `scope`, and `publisher` fields from gateway/manifest responses into `MCPServerConfig`
 
+- Added `_attach_dev_tokens()` private method to `McpToolServerConfigurationService` — reads `BEARER_TOKEN_<SERVER_UNIQUE_NAME>` and `BEARER_TOKEN` environment variables written by the `a365 develop get-token` CLI and attaches per-server `Authorization: Bearer` headers during local dev manifest loading; no-op in production
+
 ### Changed
 
 - OpenAI, Semantic Kernel, and Google ADK extensions now pass auth context to `list_tool_servers()` and merge per-server headers (`{**base_headers, **server.headers}`) instead of injecting a single shared ATG token for all servers — fully backward compatible, V1 agents continue to receive the same shared ATG token
+- `_extract_server_unique_name()` now falls back to `mcpServerName` when `mcpServerUniqueName` is absent from the manifest or gateway response
+- `_parse_manifest_server_config()` and `_parse_gateway_server_config()` now normalize `"null"` scope strings and `"default"` audience strings to `None` to prevent incorrect V2 token scope resolution
+- `resolve_token_scope_for_server()` now treats `"default"` audience as V1 (shared ATG token) as a defense-in-depth guard
 
 ### Notes
 
 - **Backward compatible**: agents with V1 manifests (null audience or shared ATG AppId) work identically with the new SDK — no token exchange behaviour changes
 - **Migration required for V2**: agents upgraded to V2 blueprint permissions (per-audience MCP servers) require this SDK version. Running a V2 blueprint with the old SDK will result in MCP tool auth failures (401/403)
+- **Local dev token flow**: run `a365 develop get-token` before starting the agent locally; the CLI writes `BEARER_TOKEN` (V1 shared) and `BEARER_TOKEN_<SERVER_NAME>` (V2 per-server) to the environment, which the SDK reads automatically from the manifest path
 
 - Added `send_chat_history` method to `McpToolServerConfigurationService` for sending chat conversation history to the MCP platform for real-time threat protection analysis
 - Added `ChatHistoryMessage` Pydantic model for representing individual messages in chat history

libraries/microsoft-agents-a365-tooling/microsoft_agents_a365/tooling/services/mcp_tool_server_configuration_service.py

@@ -267,6 +267,7 @@ def _load_servers_from_manifest(self) -> List[MCPServerConfig]:
             if manifest_path and manifest_path.exists():
                 self._logger.info(f"Loading MCP servers from: {manifest_path}")
                 mcp_servers = self._parse_manifest_file(manifest_path)
+                self._attach_dev_tokens(mcp_servers)
             else:
                 self._log_manifest_search_failure()
 
@@ -568,12 +569,18 @@ def _parse_manifest_server_config(
             # Determine the final URL: use custom URL if provided, otherwise construct it
             final_url = endpoint if endpoint else build_mcp_server_url(server_name)
 
+            scope_raw = server_element.get("scope")
+            scope = None if not scope_raw or scope_raw.lower() == "null" else scope_raw
+
+            audience_raw = server_element.get("audience")
+            audience = None if not audience_raw or audience_raw.lower() == "default" else audience_raw
+
             return MCPServerConfig(
                 mcp_server_name=mcp_server_name,
                 mcp_server_unique_name=mcp_server_unique_name,
                 url=final_url,
-                audience=server_element.get("audience"),
-                scope=server_element.get("scope"),
+                audience=audience,
+                scope=scope,
                 publisher=server_element.get("publisher"),
             )
 
@@ -608,12 +615,18 @@ def _parse_gateway_server_config(
             # Determine the final URL: use custom URL if provided, otherwise construct it
             final_url = endpoint if endpoint else build_mcp_server_url(server_name)
 
+            scope_raw = server_element.get("scope")
+            scope = None if not scope_raw or scope_raw.lower() == "null" else scope_raw
+
+            audience_raw = server_element.get("audience")
+            audience = None if not audience_raw or audience_raw.lower() == "default" else audience_raw
+
             return MCPServerConfig(
                 mcp_server_name=mcp_server_name,
                 mcp_server_unique_name=mcp_server_unique_name,
                 url=final_url,
-                audience=server_element.get("audience"),
-                scope=server_element.get("scope"),
+                audience=audience,
+                scope=scope,
                 publisher=server_element.get("publisher"),
             )
 
@@ -624,6 +637,46 @@ def _parse_gateway_server_config(
     # VALIDATION AND UTILITY HELPERS
     # --------------------------------------------------------------------------
 
+    def _attach_dev_tokens(self, servers: List[MCPServerConfig]) -> None:
+        """
+        Attach per-server Authorization headers from environment variables (local dev only).
+
+        The CLI (``a365 develop get-token``) pre-acquires tokens interactively and writes
+        them to the environment before the agent starts:
+
+        - ``BEARER_TOKEN_<SERVER_UNIQUE_NAME_UPPER>`` — V2 per-server token
+        - ``BEARER_TOKEN`` — V1 shared ATG token (fallback)
+
+        For each server, the resolution order is:
+        1. ``BEARER_TOKEN_<MCP_SERVER_UNIQUE_NAME.upper()>`` (per-audience V2 token)
+        2. ``BEARER_TOKEN`` (shared V1 ATG token)
+
+        If neither is set, no Authorization header is injected and the server is left as-is.
+        This method is a no-op in production (``_load_servers_from_manifest`` is never called
+        there) and when ``authorization`` is provided (``_attach_per_audience_tokens`` takes
+        precedence via the caller in ``list_tool_servers``).
+
+        Args:
+            servers: List of MCP server configs parsed from ToolingManifest.json.
+        """
+        shared_token = os.getenv("BEARER_TOKEN")
+
+        for server in servers:
+            unique_name = server.mcp_server_unique_name or ""
+            per_server_token = os.getenv(f"BEARER_TOKEN_{unique_name.upper()}")
+            token = per_server_token or shared_token
+
+            if token:
+                existing = dict(server.headers) if server.headers else {}
+                existing[Constants.Headers.AUTHORIZATION] = (
+                    f"{Constants.Headers.BEARER_PREFIX} {token}"
+                )
+                server.headers = existing
+                self._logger.debug(
+                    f"Attached {'per-server' if per_server_token else 'shared'} "
+                    f"dev token for '{server.mcp_server_unique_name}'"
+                )
+
     def _validate_input_parameters(self, agentic_app_id: str, auth_token: str) -> None:
         """
         Validates input parameters for the main API method.
@@ -668,6 +721,9 @@ def _extract_server_unique_name(self, server_element: Dict[str, Any]) -> Optiona
             server_element["mcpServerUniqueName"], str
         ):
             return server_element["mcpServerUniqueName"]
+        # Fall back to mcpServerName when mcpServerUniqueName is absent
+        if "mcpServerName" in server_element and isinstance(server_element["mcpServerName"], str):
+            return server_element["mcpServerName"]
         return None
 
     def _extract_server_url(self, server_element: Dict[str, Any]) -> Optional[str]:

libraries/microsoft-agents-a365-tooling/microsoft_agents_a365/tooling/utils/utility.py

@@ -137,6 +137,7 @@ def resolve_token_scope_for_server(server: MCPServerConfig) -> str:
     """
     if (
         server.audience is not None
+        and server.audience.lower() != "default"
         and server.audience != ATG_APP_ID
         and server.audience != ATG_APP_ID_URI
     ):