Hack26 Tia Connect Agentgateway
MCP_HACK//26 β Industrial Zero-Trust AI: T-IA Connect + AgentGateway for Siemens TIA Portal
Ask AI about Hack26 Tia Connect Agentgateway
Powered by Claude Β· Grounded in docs
I know everything about Hack26 Tia Connect Agentgateway. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Reviews
Documentation
T-IA Connect + AgentGateway β Industrial Zero-Trust MCP
MCP_HACK//26 Submission β Solo.io & a16z Hackathon
AI-powered TIA Portal with an industrial-grade Zero-Trust proxy. T-IA Connect exposes Siemens TIA Portal as an MCP server β AgentGateway secures every single call.
Demo Video
Blog Post
T-IA Connect + AgentGateway: Industrial Zero-Trust AI in Action
Quick Overview for Judges
What: An AI agent (Claude) that creates, configures and manages Siemens TIA Portal PLC projects β with every MCP call routed through AgentGateway for Zero-Trust security.
Why: In industrial automation, AI agents interacting with PLCs need strict guardrails. A single unauthorized command (stopping a CPU, closing a project) can halt a production line. AgentGateway adds the missing security layer.
How:
Claude Code (CLI) β AgentGateway (port 4000) β T-IA Connect (port 9000 SSE)
β T-IA Connect REST (OpenAPI β MCP)
Key Results:
- 190+ MCP tools exposed from TIA Portal (SSE + OpenAPI merged)
- Zero-Trust policy enforcement β blocked tools disappear from the agent's view
- Full audit logging of every AI action
- Real-time demo: project creation, CPU config, ladder logic β all via natural language
Architecture
Components
| Component | Role | Port |
|---|---|---|
| T-IA Connect | MCP Server for Siemens TIA Portal V20 (Openness API) | 9000 |
| AgentGateway | Zero-Trust MCP proxy (Solo.io) | 4000 |
| Admin / Playground | AgentGateway UI | 15000 |
| Claude Code | AI Agent (Anthropic CLI) | β |
Two Backends, One Endpoint
AgentGateway merges two backends into a single MCP endpoint:
siemens-tia-portal_*β Native SSE tools from T-IA Connecttia-openapi_*β Full REST API auto-converted to MCP tools via OpenAPI spec
Deployment
Prerequisites
- Windows 10/11 with Docker Desktop
- Siemens TIA Portal V20 (with Openness API enabled)
- T-IA Connect v2.0.335+ running on port 9000
- Claude Code CLI
1. AgentGateway Configuration
See agent-gateway.yaml for the full configuration.
Key features:
- SSE backend pointing to
host.docker.internal:9000(DockerβWindows bridge) - OpenAPI backend with recursive-ref-free spec (
tia-openapi3-norec.json) - CORS configured for Playground UI
Host: localhost:9000header override (required by Windows HTTP.sys)
2. Start AgentGateway
docker run -d --name agent-gateway --restart always \
-p 4000:4000 -p 15000:15000 \
-e ADMIN_ADDR=0.0.0.0:15000 \
-v "$(pwd)/agent-gateway.yaml:/config.yaml" \
-v "$(pwd)/tia-openapi3-norec.json:/tia-openapi3-norec.json" \
ghcr.io/agentgateway/agentgateway:v1.0.0-alpha.2 -f /config.yaml
Important: Use
v1.0.0-alpha.2specifically. Thelatesttag causes stack overflow on OpenAPI specs with recursive references.
3. Configure Claude Code
In your .claude.json, add the MCP server:
{
"mcpServers": {
"tia-connect": {
"type": "http",
"url": "http://localhost:4000/mcp"
}
}
}
4. Verify
- Open AgentGateway Playground: http://localhost:15000/ui
- Check that both backends are connected
- Call
tia-openapi_Health_Pingto verify TIA Portal connectivity
Zero-Trust Policy Example
Block the close_project tool so no AI agent can close a TIA Portal project:
policies:
mcpAuthorization:
rules:
- deny: mcp.tool.name == "close_project"
Once applied, the tool disappears from the agent's tool list entirely. No error, no bypass β it simply doesn't exist from the agent's perspective.
OpenAPI Spec Processing
The TIA Portal REST API spec contains recursive $ref references that cause stack overflow in AgentGateway. We provide a script to remove them:
node fix-recursive-refs.js
# Input: tia-openapi3-slim.json (622KB, 146 paths)
# Output: tia-openapi3-norec.json (368KB, no recursive refs)
See fix-recursive-refs.js for details.
Known Limitations
- Hot reload not supported: Policy changes require a container restart (alpha software)
- OpenAPI recursive refs: Must be pre-processed with
fix-recursive-refs.js - Windows only: T-IA Connect requires Windows + TIA Portal (Openness API is Windows-native)
Tech Stack
- Siemens TIA Portal V20 β Openness API
- T-IA Connect v2.0.335 β Industrial MCP Server (t-ia-connect.com)
- AgentGateway v1.0.0-alpha.2 β Solo.io
- Claude Code β Anthropic CLI
Links
- T-IA Connect: feelautom.fr
- AgentGateway: github.com/agentgateway/agentgateway
- Demo Video: YouTube
- Blog Post: feelautom.fr/blog
Author: Franck Pichard β feelautom.fr