airbyte-agent-jira 0.1.22__py3-none-any.whl

airbyte_agent_jira/_vendored/connector_sdk/schema/security.py

@@ -0,0 +1,223 @@
+"""
+Security scheme models for OpenAPI 3.1.
+
+References:
+- https://spec.openapis.org/oas/v3.1.0#security-scheme-object
+- https://spec.openapis.org/oas/v3.1.0#oauth-flows-object
+"""
+
+from typing import Any, Dict, List, Literal, Optional
+
+from pydantic import BaseModel, ConfigDict, Field, field_validator, model_validator
+
+
+class OAuth2Flow(BaseModel):
+    """
+    OAuth 2.0 flow configuration.
+
+    OpenAPI Reference: https://spec.openapis.org/oas/v3.1.0#oauth-flow-object
+    """
+
+    model_config = ConfigDict(populate_by_name=True, extra="forbid")
+
+    authorization_url: Optional[str] = Field(None, alias="authorizationUrl")
+    token_url: Optional[str] = Field(None, alias="tokenUrl")
+    refresh_url: Optional[str] = Field(None, alias="refreshUrl")
+    scopes: Dict[str, str] = Field(default_factory=dict)
+
+
+class OAuth2Flows(BaseModel):
+    """
+    Collection of OAuth 2.0 flows.
+
+    OpenAPI Reference: https://spec.openapis.org/oas/v3.1.0#oauth-flows-object
+    """
+
+    model_config = ConfigDict(populate_by_name=True, extra="forbid")
+
+    implicit: Optional[OAuth2Flow] = None
+    password: Optional[OAuth2Flow] = None
+    client_credentials: Optional[OAuth2Flow] = Field(None, alias="clientCredentials")
+    authorization_code: Optional[OAuth2Flow] = Field(None, alias="authorizationCode")
+
+
+class AuthConfigFieldSpec(BaseModel):
+    """
+    Specification for a user-facing authentication config field.
+
+    This defines a single input field that users provide for authentication.
+    """
+
+    model_config = ConfigDict(populate_by_name=True, extra="forbid")
+
+    type: Literal["string", "integer", "boolean", "number"] = "string"
+    title: Optional[str] = None
+    description: Optional[str] = None
+    format: Optional[str] = None  # e.g., "email", "uri"
+    pattern: Optional[str] = None  # Regex validation
+    airbyte_secret: bool = Field(False, alias="airbyte_secret")
+    default: Optional[Any] = None
+
+
+class AuthConfigOption(BaseModel):
+    """
+    A single authentication configuration option.
+
+    Defines user-facing fields and how they map to auth parameters.
+    """
+
+    model_config = ConfigDict(populate_by_name=True, extra="forbid")
+
+    title: Optional[str] = None
+    description: Optional[str] = None
+    type: Literal["object"] = "object"
+    required: List[str] = Field(default_factory=list)
+    properties: Dict[str, AuthConfigFieldSpec] = Field(default_factory=dict)
+    auth_mapping: Dict[str, str] = Field(
+        default_factory=dict,
+        description="Mapping from auth parameters (e.g., 'username', 'password', 'token') to template strings using ${field} syntax",
+    )
+    replication_auth_key_mapping: Optional[Dict[str, str]] = Field(
+        None,
+        description="Mapping from source config paths (e.g., 'credentials.api_key') to auth config keys for direct connectors",
+    )
+
+
+class AirbyteAuthConfig(BaseModel):
+    """
+    Airbyte auth configuration extension (x-airbyte-auth-config).
+
+    Defines user-facing authentication configuration and how it maps to
+    the underlying OpenAPI security scheme.
+
+    Either a single auth option or multiple options via oneOf.
+    """
+
+    model_config = ConfigDict(populate_by_name=True, extra="forbid")
+
+    # Single option fields
+    title: Optional[str] = None
+    description: Optional[str] = None
+    type: Optional[Literal["object"]] = None
+    required: Optional[List[str]] = None
+    properties: Optional[Dict[str, AuthConfigFieldSpec]] = None
+    auth_mapping: Optional[Dict[str, str]] = None
+
+    # Replication connector auth mapping
+    replication_auth_key_mapping: Optional[Dict[str, str]] = Field(
+        None,
+        description="Mapping from source config paths (e.g., 'credentials.api_key') to auth config keys for direct connectors",
+    )
+
+    # Multiple options (oneOf)
+    one_of: Optional[List[AuthConfigOption]] = Field(None, alias="oneOf")
+
+    @model_validator(mode="after")
+    def validate_config_structure(self) -> "AirbyteAuthConfig":
+        """Validate that either single option or oneOf is provided, not both."""
+        has_single = self.type is not None or self.properties is not None or self.auth_mapping is not None
+        has_one_of = self.one_of is not None and len(self.one_of) > 0
+
+        if not has_single and not has_one_of:
+            raise ValueError("Either single auth option (type/properties/auth_mapping) or oneOf must be provided")
+
+        if has_single and has_one_of:
+            raise ValueError("Cannot have both single auth option and oneOf")
+
+        if has_single:
+            # Validate single option has required fields
+            if self.type != "object":
+                raise ValueError("Single auth option must have type='object'")
+            if not self.properties:
+                raise ValueError("Single auth option must have properties")
+            if not self.auth_mapping:
+                raise ValueError("Single auth option must have auth_mapping")
+
+        return self
+
+
+class SecurityScheme(BaseModel):
+    """
+    Security scheme definition.
+
+    OpenAPI Reference: https://spec.openapis.org/oas/v3.1.0#security-scheme-object
+
+    Supported Types:
+    - apiKey: API key in header/query/cookie
+    - http: HTTP authentication (basic, bearer, digest, etc.)
+    - oauth2: OAuth 2.0 flows
+
+    Extensions:
+    - x-airbyte-token-path: JSON path to extract token from auth response (Airbyte extension)
+    - x-airbyte-token-refresh: OAuth2 token refresh configuration (dict with auth_style, body_format)
+    - x-airbyte-auth-config: User-facing authentication configuration (Airbyte extension)
+
+    Future extensions (not yet active):
+    - x-grant-type: OAuth grant type for refresh tokens
+    - x-refresh-endpoint: Custom refresh endpoint URL
+    """
+
+    model_config = ConfigDict(populate_by_name=True, extra="allow")
+
+    # Standard OpenAPI fields
+    type: Literal["apiKey", "http", "oauth2", "openIdConnect"]
+    description: Optional[str] = None
+
+    # apiKey specific
+    name: Optional[str] = None
+    in_: Optional[Literal["query", "header", "cookie"]] = Field(None, alias="in")
+
+    # http specific
+    scheme: Optional[str] = None  # e.g., "basic", "bearer", "digest"
+    bearer_format: Optional[str] = Field(None, alias="bearerFormat")
+
+    # oauth2 specific
+    flows: Optional[OAuth2Flows] = None
+
+    # openIdConnect specific
+    open_id_connect_url: Optional[str] = Field(None, alias="openIdConnectUrl")
+
+    # Airbyte extensions
+    x_token_path: Optional[str] = Field(None, alias="x-airbyte-token-path")
+    x_token_refresh: Optional[Dict[str, Any]] = Field(None, alias="x-airbyte-token-refresh")
+    x_airbyte_auth_config: Optional[AirbyteAuthConfig] = Field(None, alias="x-airbyte-auth-config")
+    x_airbyte_token_extract: Optional[List[str]] = Field(
+        None,
+        alias="x-airbyte-token-extract",
+        description="List of fields to extract from OAuth2 token responses and use as server variables",
+    )
+
+    @field_validator("x_airbyte_token_extract", mode="after")
+    @classmethod
+    def validate_token_extract(cls, v: Optional[List[str]]) -> Optional[List[str]]:
+        """Validate x-airbyte-token-extract has no duplicates."""
+        if v is not None:
+            if len(v) != len(set(v)):
+                duplicates = [x for x in v if v.count(x) > 1]
+                raise ValueError(f"x-airbyte-token-extract contains duplicate fields: {set(duplicates)}")
+        return v
+
+    # Future extensions (commented out, defined for future use)
+    # x_grant_type: Optional[Literal["refresh_token", "client_credentials"]] = Field(None, alias="x-grant-type")
+    # x_refresh_endpoint: Optional[str] = Field(None, alias="x-refresh-endpoint")
+
+    @model_validator(mode="after")
+    def validate_security_scheme(self) -> "SecurityScheme":
+        """Validate that required fields are present based on security type."""
+        if self.type == "apiKey":
+            if not self.name or not self.in_:
+                raise ValueError("apiKey type requires 'name' and 'in' fields")
+        elif self.type == "http":
+            if not self.scheme:
+                raise ValueError("http type requires 'scheme' field")
+        elif self.type == "oauth2":
+            if not self.flows:
+                raise ValueError("oauth2 type requires 'flows' field")
+        elif self.type == "openIdConnect":
+            if not self.open_id_connect_url:
+                raise ValueError("openIdConnect type requires 'openIdConnectUrl' field")
+        return self
+
+
+# SecurityRequirement is a dict mapping security scheme name to list of scopes
+SecurityRequirement = Dict[str, List[str]]

airbyte_agent_jira/_vendored/connector_sdk/secrets.py

@@ -0,0 +1,182 @@
+"""Secret handling utilities for the Airbyte SDK.
+
+This module provides utilities for handling sensitive data like API keys, tokens,
+and passwords. It uses Pydantic's SecretStr to ensure secrets are obfuscated in
+logs, error messages, and string representations.
+
+Example:
+    >>> from .secrets import SecretStr
+    >>> api_key = SecretStr("my-secret-key")
+    >>> print(api_key)  # Outputs: **********
+    >>> print(repr(api_key))  # Outputs: SecretStr('**********')
+    >>> api_key.get_secret_value()  # Returns: 'my-secret-key'
+"""
+
+import os
+import re
+from typing import Any, Dict, Optional
+
+from pydantic import SecretStr
+
+__all__ = [
+    "SecretStr",
+    "convert_to_secret_dict",
+    "get_secret_values",
+    "resolve_env_var_references",
+]
+
+
+def convert_to_secret_dict(secrets: Dict[str, str]) -> Dict[str, SecretStr]:
+    """Convert a dictionary of plain string secrets to SecretStr values.
+
+    Args:
+        secrets: Dictionary with string keys and plain string secret values
+
+    Returns:
+        Dictionary with string keys and SecretStr values
+
+    Example:
+        >>> plain_secrets = {"api_key": "secret123", "token": "token456"}
+        >>> secret_dict = convert_to_secret_dict(plain_secrets)
+        >>> print(secret_dict["api_key"])  # Outputs: **********
+    """
+    return {key: SecretStr(value) for key, value in secrets.items()}
+
+
+def get_secret_values(secrets: Dict[str, SecretStr]) -> Dict[str, str]:
+    """Extract plain string values from a dictionary of SecretStr values.
+
+    Args:
+        secrets: Dictionary with string keys and SecretStr values
+
+    Returns:
+        Dictionary with string keys and plain string values
+
+    Warning:
+        Use with caution. This exposes the actual secret values.
+
+    Example:
+        >>> secret_dict = {"api_key": SecretStr("secret123")}
+        >>> plain_dict = get_secret_values(secret_dict)
+        >>> print(plain_dict["api_key"])  # Outputs: secret123
+    """
+    return {key: value.get_secret_value() for key, value in secrets.items()}
+
+
+class SecretResolutionError(Exception):
+    """Raised when environment variable resolution fails."""
+
+    pass
+
+
+def resolve_env_var_references(
+    secret_mappings: Dict[str, Any],
+    strict: bool = True,
+    env_vars: Optional[Dict[str, str]] = None,
+) -> Dict[str, str]:
+    """Resolve environment variable references in secret values.
+
+    This function processes a dictionary of secret mappings and resolves any
+    environment variable references using the ${ENV_VAR_NAME} syntax. All
+    environment variable references in the values will be replaced with their
+    actual values from the provided environment variable map or os.environ.
+
+    Args:
+        secret_mappings: Dictionary mapping secret keys to values that may contain
+                        environment variable references (e.g., {"token": "${API_KEY}"})
+        strict: If True, raises SecretResolutionError when a referenced environment
+               variable is not found. If False, leaves unresolved references as-is.
+        env_vars: Optional dictionary of environment variables to use for resolution.
+                 If None, uses os.environ.
+
+    Returns:
+        Dictionary with the same keys but environment variable references resolved
+        to their actual values as plain strings
+
+    Raises:
+        SecretResolutionError: When strict=True and a referenced environment variable
+                              is not found or is empty
+        ValueError: When an environment variable name doesn't match valid naming
+                   conventions (must start with letter or underscore, followed by
+                   alphanumeric characters or underscores)
+
+    Example:
+        >>> import os
+        >>> os.environ["MY_TOKEN"] = "secret_value_123"
+        >>> mappings = {"token": "${MY_TOKEN}", "literal": "plain_value"}
+        >>> resolved = resolve_env_var_references(mappings)
+        >>> print(resolved)
+        {'token': 'secret_value_123', 'literal': 'plain_value'}
+
+        >>> # Using custom env_vars dict
+        >>> custom_env = {"CUSTOM_TOKEN": "my_secret"}
+        >>> mappings = {"token": "${CUSTOM_TOKEN}"}
+        >>> resolved = resolve_env_var_references(mappings, env_vars=custom_env)
+        >>> print(resolved)
+        {'token': 'my_secret'}
+
+        >>> # Multiple references in one value
+        >>> mappings = {"combined": "${PREFIX}_${SUFFIX}"}
+        >>> os.environ["PREFIX"] = "api"
+        >>> os.environ["SUFFIX"] = "key"
+        >>> resolved = resolve_env_var_references(mappings)
+        >>> print(resolved["combined"])
+        'api_key'
+
+        >>> # Missing variable with strict=True (raises error)
+        >>> try:
+        ...     resolve_env_var_references({"token": "${MISSING_VAR}"})
+        ... except SecretResolutionError as e:
+        ...     print(f"Error: {e}")
+        Error: Environment variable 'MISSING_VAR' not found or empty
+
+        >>> # Missing variable with strict=False (keeps reference)
+        >>> resolved = resolve_env_var_references(
+        ...     {"token": "${MISSING_VAR}"},
+        ...     strict=False
+        ... )
+        >>> print(resolved["token"])
+        ${MISSING_VAR}
+    """
+    resolved = {}
+
+    # Use provided env_vars or default to os.environ
+    env_source = env_vars if env_vars is not None else os.environ
+
+    # Environment variable name pattern: starts with letter or underscore,
+    # followed by alphanumeric or underscores
+    env_var_pattern = re.compile(r"\$\{([A-Za-z_][A-Za-z0-9_]*)\}")
+
+    for key, value in secret_mappings.items():
+        if isinstance(value, str):
+
+            def replacer(match: re.Match) -> str:
+                """Replace a single ${ENV_VAR} reference with its value."""
+                env_var_name = match.group(1)
+
+                # Validate environment variable name format
+                if not re.match(r"^[A-Za-z_][A-Za-z0-9_]*$", env_var_name):
+                    raise ValueError(
+                        f"Invalid environment variable name: '{env_var_name}'. "
+                        "Must start with a letter or underscore, followed by "
+                        "alphanumeric characters or underscores."
+                    )
+
+                env_value = env_source.get(env_var_name)
+
+                if env_value is None or env_value == "":
+                    if strict:
+                        raise SecretResolutionError(f"Environment variable '{env_var_name}' not found or empty")
+                    # In non-strict mode, keep the original reference
+                    return match.group(0)
+
+                return env_value
+
+            # Replace all ${ENV_VAR} references in the value
+            resolved_value = env_var_pattern.sub(replacer, value)
+            resolved[key] = resolved_value
+        else:
+            # Non-string values are converted to strings
+            resolved[key] = str(value)
+
+    return resolved

airbyte_agent_jira/_vendored/connector_sdk/telemetry/__init__.py

@@ -0,0 +1,10 @@
+"""Telemetry tracking for Airbyte SDK."""
+
+from .config import TelemetryConfig, TelemetryMode
+from .tracker import SegmentTracker
+
+__all__ = [
+    "TelemetryConfig",
+    "TelemetryMode",
+    "SegmentTracker",
+]

airbyte_agent_jira/_vendored/connector_sdk/telemetry/config.py

@@ -0,0 +1,32 @@
+"""Telemetry configuration from environment variables."""
+
+import os
+from enum import Enum
+
+# Hardcoded Segment write key for Airbyte telemetry
+SEGMENT_WRITE_KEY = "sFM7q98HtHTMmCW3d6nsPWYCIdrbs7gq"
+
+
+class TelemetryMode(Enum):
+    """Telemetry tracking modes."""
+
+    BASIC = "basic"
+    DISABLED = "disabled"
+
+
+class TelemetryConfig:
+    """Telemetry configuration from environment variables."""
+
+    @staticmethod
+    def get_mode() -> TelemetryMode:
+        """Get telemetry mode from environment variable."""
+        mode_str = os.getenv("AIRBYTE_TELEMETRY_MODE", "basic").lower()
+        try:
+            return TelemetryMode(mode_str)
+        except ValueError:
+            return TelemetryMode.BASIC
+
+    @staticmethod
+    def is_enabled() -> bool:
+        """Telemetry is enabled if mode is not disabled."""
+        return TelemetryConfig.get_mode() != TelemetryMode.DISABLED

airbyte_agent_jira/_vendored/connector_sdk/telemetry/events.py

@@ -0,0 +1,58 @@
+"""Telemetry event models."""
+
+from dataclasses import asdict, dataclass
+from datetime import datetime
+from typing import Any, Dict, Optional
+
+
+@dataclass
+class BaseEvent:
+    """Base class for all telemetry events."""
+
+    timestamp: datetime
+    session_id: str
+    user_id: str
+    execution_context: str
+
+    def to_dict(self) -> Dict[str, Any]:
+        """Convert event to dictionary with ISO formatted timestamp."""
+        data = asdict(self)
+        data["timestamp"] = self.timestamp.isoformat()
+        return data
+
+
+@dataclass
+class ConnectorInitEvent(BaseEvent):
+    """Connector initialization event."""
+
+    connector_name: str
+    python_version: str
+    os_name: str
+    os_version: str
+    public_ip: Optional[str] = None
+    connector_version: Optional[str] = None
+
+
+@dataclass
+class OperationEvent(BaseEvent):
+    """API operation event."""
+
+    connector_name: str
+    entity: str
+    action: str
+    timing_ms: float
+    public_ip: Optional[str] = None
+    status_code: Optional[int] = None
+    error_type: Optional[str] = None
+
+
+@dataclass
+class SessionEndEvent(BaseEvent):
+    """Session end event."""
+
+    connector_name: str
+    duration_seconds: float
+    operation_count: int
+    success_count: int
+    failure_count: int
+    public_ip: Optional[str] = None

airbyte_agent_jira/_vendored/connector_sdk/telemetry/tracker.py

@@ -0,0 +1,151 @@
+"""Anonymous telemetry tracker using Segment."""
+
+import logging
+import platform
+import sys
+from datetime import datetime
+from typing import Optional
+
+from ..observability import ObservabilitySession
+
+from .config import SEGMENT_WRITE_KEY, TelemetryConfig, TelemetryMode
+from .events import ConnectorInitEvent, OperationEvent, SessionEndEvent
+
+logger = logging.getLogger(__name__)
+
+
+class SegmentTracker:
+    """Anonymous telemetry tracker using Segment."""
+
+    def __init__(
+        self,
+        session: ObservabilitySession,
+        mode: Optional[TelemetryMode] = None,
+    ):
+        self.session = session
+        self.mode = mode or TelemetryConfig.get_mode()
+        self.success_count = 0
+        self.failure_count = 0
+        self.enabled = TelemetryConfig.is_enabled()
+        self._analytics = None
+
+        if self.enabled:
+            try:
+                import segment.analytics as analytics
+
+                analytics.write_key = SEGMENT_WRITE_KEY
+                self._analytics = analytics
+                self._log_startup_message()
+            except ImportError:
+                logger.warning("Telemetry disabled: segment-analytics-python not installed")
+                self.enabled = False
+
+    def _log_startup_message(self):
+        """Log message when telemetry is enabled."""
+        logger.info(f"Anonymous telemetry enabled (mode: {self.mode.value})")
+        logger.info("To opt-out: export AIRBYTE_TELEMETRY_MODE=disabled")
+
+    def track_connector_init(
+        self,
+        connector_version: Optional[str] = None,
+    ) -> None:
+        """Track connector initialization."""
+        if not self.enabled or not self._analytics:
+            return
+
+        try:
+            event = ConnectorInitEvent(
+                timestamp=datetime.utcnow(),
+                session_id=self.session.session_id,
+                user_id=self.session.user_id,
+                execution_context=self.session.execution_context,
+                public_ip=self.session.public_ip,
+                connector_name=self.session.connector_name,
+                connector_version=connector_version,
+                python_version=f"{sys.version_info.major}.{sys.version_info.minor}.{sys.version_info.micro}",
+                os_name=platform.system(),
+                os_version=platform.release(),
+            )
+
+            self._analytics.track(
+                user_id=self.session.user_id,
+                anonymous_id=event.session_id,
+                event="Connector Initialized",
+                properties=event.to_dict(),
+            )
+        except Exception as e:
+            # Never fail on tracking errors
+            logger.error(f"Telemetry error: {e}")
+
+    def track_operation(
+        self,
+        entity: str,
+        action: str,
+        status_code: Optional[int],
+        timing_ms: float,
+        error_type: Optional[str] = None,
+    ) -> None:
+        """Track API operation."""
+        # Always track success/failure counts (useful even when tracking is disabled)
+        if status_code and 200 <= status_code < 300:
+            self.success_count += 1
+        else:
+            self.failure_count += 1
+
+        if not self.enabled or not self._analytics:
+            return
+
+        try:
+            event = OperationEvent(
+                timestamp=datetime.utcnow(),
+                session_id=self.session.session_id,
+                user_id=self.session.user_id,
+                execution_context=self.session.execution_context,
+                public_ip=self.session.public_ip,
+                connector_name=self.session.connector_name,
+                entity=entity,
+                action=action,
+                status_code=status_code,
+                timing_ms=timing_ms,
+                error_type=error_type,
+            )
+
+            self._analytics.track(
+                user_id=self.session.user_id,
+                anonymous_id=event.session_id,
+                event="Operation Executed",
+                properties=event.to_dict(),
+            )
+        except Exception as e:
+            logger.error(f"Telemetry error: {e}")
+
+    def track_session_end(self) -> None:
+        """Track session end."""
+        if not self.enabled or not self._analytics:
+            return
+
+        try:
+            event = SessionEndEvent(
+                timestamp=datetime.utcnow(),
+                session_id=self.session.session_id,
+                user_id=self.session.user_id,
+                execution_context=self.session.execution_context,
+                public_ip=self.session.public_ip,
+                connector_name=self.session.connector_name,
+                duration_seconds=self.session.duration_seconds(),
+                operation_count=self.session.operation_count,
+                success_count=self.success_count,
+                failure_count=self.failure_count,
+            )
+
+            self._analytics.track(
+                user_id=self.session.user_id,
+                anonymous_id=event.session_id,
+                event="Session Ended",
+                properties=event.to_dict(),
+            )
+
+            # Ensure events are sent before shutdown
+            self._analytics.flush()
+        except Exception as e:
+            logger.error(f"Telemetry error: {e}")