A professional enterprise content discovery assistant powered by Gemini, specializing in Box content search, AI analysis, document generation, and MCP integration.
- Box Content Search: Find files, documents, and folders in Box
- Box AI Ask: Ask intelligent questions about specific file content
- Box Hub Ask: Automatically discover and use the most relevant Box Hub
- Box Doc Gen: Generate professional capital call notices and other documents using templates
- Box MCP Integration: Leverage Box MCP Remote Server for enhanced AI capabilities and cross-platform integration
- Enterprise Content Discovery: Locate specific documents, regulatory files, reports, and business content
- Professional Communication: Business-appropriate responses with enterprise focus
- Box Search - Find documents and files across your Box enterprise
- Box AI Ask - Ask questions about specific file content using Box AI
- Box Hub Ask - Automatically discover and use the most relevant knowledge hub
- Box Doc Gen - Generate capital call notices and other documents using Box Doc Gen API
- Box MCP Tools - Enhanced AI capabilities through Box MCP Remote Server
- Capital Call Workflow - Complete workflow for capital call notice creation
- Google ADK (Agent Development Kit): Powers the GeminiAgent
- Box Python SDK: Handles Box API authentication and operations
- JWT Authentication: Secure server-to-server authentication with Box
- Cloud Run: Deployed as a scalable containerized service
- AgentSpace Integration: Ready for Discovery Engine registration
- Python 3.9+
- Google Cloud Platform account
- Box Developer account with JWT app credentials
-
Clone the repository
git clone <your-repo-url> cd A2A_CR_Box
-
Install dependencies
pip install -r requirements.txt
-
Configure Box JWT Authentication
Option A: Local JWT Config (Development)
- Copy
box_jwt_config.example.jsontobox_jwt_config.json - Fill in your Box JWT app credentials:
clientIDclientSecretenterpriseIDpublicKeyIDprivateKeypassphrase
Option B: Google Secret Manager (Production - Recommended)
This is the secure, production-ready approach that stores your JWT credentials in Google Secret Manager instead of local files.
Step 1: Enable Secret Manager API
gcloud services enable secretmanager.googleapis.com --project=your-project-idStep 2: Create Box JWT Secrets
# Create secret for Box Client ID echo -n "your_client_id_here" | gcloud secrets create box-client-id --data-file=- --project=your-project-id # Create secret for Box Client Secret echo -n "your_client_secret_here" | gcloud secrets create box-client-secret --data-file=- --project=your-project-id # Create secret for Box Public Key ID echo -n "your_public_key_id_here" | gcloud secrets create box-public-key-id --data-file=- --project=your-project-id # Create secret for Box Private Key (the entire PEM content) gcloud secrets create box-private-key --data-file=path/to/your/private_key.pem --project=your-project-id # Create secret for Box Private Key Passphrase echo -n "your_passphrase_here" | gcloud secrets create box-private-key-passphrase --data-file=- --project=your-project-id # Create secret for Box Enterprise ID echo -n "your_enterprise_id_here" | gcloud secrets create box-enterprise-id --data-file=- --project=your-project-id
Step 3: Use the Setup Script (Easiest Method)
Save this script as
box_jwt_secrets_setup.sh:#!/bin/bash # box_jwt_secrets_setup.sh echo "π Setting up Box JWT secrets in Google Secret Manager..." echo "" # Prompt for credentials read -p "Enter Box Client ID: " BOX_CLIENT_ID read -p "Enter Box Client Secret: " BOX_CLIENT_SECRET read -p "Enter Box Public Key ID: " BOX_PUBLIC_KEY_ID read -p "Enter Box Enterprise ID: " BOX_ENTERPRISE_ID read -s -p "Enter Box Private Key Passphrase: " BOX_PASSPHRASE echo "" read -p "Enter path to Box Private Key PEM file: " BOX_PRIVATE_KEY_PATH # Set project PROJECT_ID="your-project-id" echo "" echo "π Creating secrets in project: $PROJECT_ID" echo "" # Create secrets echo "Creating box-client-id..." echo -n "$BOX_CLIENT_ID" | gcloud secrets create box-client-id --data-file=- --project=$PROJECT_ID echo "Creating box-client-secret..." echo -n "$BOX_CLIENT_SECRET" | gcloud secrets create box-client-secret --data-file=- --project=$PROJECT_ID echo "Creating box-public-key-id..." echo -n "$BOX_PUBLIC_KEY_ID" | gcloud secrets create box-public-key-id --data-file=- --project=$PROJECT_ID echo "Creating box-enterprise-id..." echo -n "$BOX_ENTERPRISE_ID" | gcloud secrets create box-enterprise-id --data-file=- --project=$PROJECT_ID echo "Creating box-private-key-passphrase..." echo -n "$BOX_PASSPHRASE" | gcloud secrets create box-private-key-passphrase --data-file=- --project=$PROJECT_ID echo "Creating box-private-key..." gcloud secrets create box-private-key --data-file="$BOX_PRIVATE_KEY_PATH" --project=$PROJECT_ID echo "" echo "β All Box JWT secrets created successfully!" echo "π Your credentials are now securely stored in Google Secret Manager"
Make it executable and run:
chmod +x box_jwt_secrets_setup.sh ./box_jwt_secrets_setup.sh
Step 4: Update Requirements.txt Add the Secret Manager client library:
google-cloud-secret-manager>=2.0.0
Step 5: Update .gitignore Now you can safely ignore the JWT config file:
# Box Configuration (Sensitive) box_jwt_config.json *.jwt *.pem *.key *.p12 *.pfx
- Copy
-
Set environment variables
export GOOGLE_CLOUD_PROJECT="your-project-id" export GOOGLE_CLOUD_LOCATION="us-central1" export GOOGLE_GENAI_USE_VERTEXAI="TRUE" export MODEL="gemini-2.5-flash"
python -m uvicorn agent_executor:app --reload./deploy.sh <project-id> <service-name>After deployment, register your agent in Google Cloud Discovery Engine:
curl -X POST \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type: application/json" \
"https://discoveryengine.googleapis.com/v1alpha/projects/<PROJECT_ID>/locations/global/collections/default_collection/engines/<ENGINE_ID>/assistants/default_assistant/agents" \
-d '{
"name": "Box_Search_Agent",
"displayName": "Box Search Agent",
"description": "Enterprise content discovery agent for Box",
"a2aAgentDefinition": {
"jsonAgentCard": "{\"provider\": {\"url\": \"<YOUR_CLOUD_RUN_URL>\"},\"name\": \"box_search_agent\",\"description\": \"A Box search assistant that helps you find content in your Box enterprise\"}"
}
}'User: "Find regulatory documents"
Agent: [Searches Box and returns organized results with file counts and details]
User: "What are the key points in Capital Call Notice.pdf?"
Agent: [Uses Box AI to analyze the specific file and provide insights]
User: "What are our company policies?"
Agent: [Automatically discovers relevant hubs and provides answers from the best knowledge base]
User: "Search for Project Phoenix files using MCP"
Agent: [Uses Box MCP Remote Server for enhanced search with advanced filtering]
User: "Analyze this document with Box AI via MCP"
Agent: [Leverages Box AI through MCP for deeper document analysis]
User: "Extract structured data from this file via MCP"
Agent: [Uses Box MCP to convert unstructured documents into structured data]
User: "Get project status from Box Hub via MCP"
Agent: [Provides project-level insights using Box Hub analysis via MCP]
User: "Help me create capital call notices"
Agent: [Guides through complete workflow from template selection to document generation]
User: "Find templates for capital call notices"
Agent: [Discovers available templates and provides guidance]
User: "Show me sample LP data structure"
Agent: [Provides comprehensive sample data structure for capital call notices]
- JWT Authentication: Secure server-to-server authentication with Box
- Environment Variables: Sensitive configuration stored securely
- Box API Permissions: Minimal required permissions for enterprise access
- Cloud Run Security: No unauthenticated access, secure by default
Using Google Secret Manager for JWT credentials provides several security advantages:
- π Enhanced Security: Credentials stored in Google's secure Secret Manager instead of local files
- π Easier Deployment: No need to include sensitive files in deployments
- π Version Control: Secrets can be versioned and rotated without code changes
- π₯ Access Control: IAM controls who can access secrets
- π Easy Updates: Update secrets without redeploying code
- π Audit Logging: Track who accessed secrets and when
- π Multi-Region: Secrets can be replicated across regions for availability
- Use Google Secret Manager for production deployments
- Keep local JWT config only for development/testing
- Regularly rotate JWT credentials
- Use least-privilege access for secret permissions
- Monitor secret access through Cloud Logging
A2A_CR_Box/
βββ agent_executor.py # Main A2A executor
βββ gemini_agent.py # Gemini agent with tools
βββ box_auth.py # Box JWT authentication
βββ box_search.py # Box content search
βββ box_ai_ask.py # Box AI file analysis
βββ box_hub_ask.py # Box Hub discovery and querying
βββ box_doc_gen.py # Box Doc Gen for capital call notices
βββ box_mcp_client.py # Box MCP Remote Server integration
βββ requirements.txt # Python dependencies
βββ deploy.sh # Cloud Run deployment script
βββ box_jwt_config.example.json # JWT configuration template
βββ box_jwt_secrets_setup.sh # Secret Manager setup script
βββ README.md # This file
- Create your tool function in a new Python file
- Import it in
gemini_agent.py - Add it to the
toolslist - Update the agent instructions
- Add corresponding skills
This project is licensed under the Box TOS. This project is delivered as is with no commitments to maintanence.
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
For issues and questions:
- Check the logs in Google Cloud Console
- Review Box API documentation
- Check Google ADK documentation
- v1.0.0: Initial release with Box search and AI capabilities
- v1.1.0: Added Box Hub Ask functionality
- v1.2.0: Enhanced enterprise focus and professional communication
- v1.3.0: Added Box Doc Gen integration for capital call notices
- v1.4.0: Added Box MCP Remote Server integration for enhanced AI capabilities
- v1.5.0: Enhanced workflow assistants and cross-platform MCP support