airbyte-internal-ops 0.1.10__py3-none-any.whl → 0.2.0__py3-none-any.whl

{airbyte_internal_ops-0.1.10.dist-info → airbyte_internal_ops-0.2.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: airbyte-internal-ops
-Version: 0.1.10
+Version: 0.2.0
 Summary: MCP and API interfaces that let the agents do the admin work
 Author-email: Aaron Steers <aj@airbyte.io>
 Keywords: admin,airbyte,api,mcp

{airbyte_internal_ops-0.1.10.dist-info → airbyte_internal_ops-0.2.0.dist-info}/RECORD

@@ -1,7 +1,8 @@
 airbyte_ops_mcp/__init__.py,sha256=HhzURuYr29_UIdMrnWYaZB8ENr_kFkBdm4uqeiIW3Vw,760
 airbyte_ops_mcp/_annotations.py,sha256=MO-SBDnbykxxHDESG7d8rviZZ4WlZgJKv0a8eBqcEzQ,1757
-airbyte_ops_mcp/constants.py,sha256=col6-5BUWuIYhbtKmlvSRR8URBoSNExoz94cn4_kujI,2333
+airbyte_ops_mcp/constants.py,sha256=THmvIjU3pb7kpNjn7TpRWD86gtDLmtlQwYuFnaQp_rg,3095
 airbyte_ops_mcp/gcp_auth.py,sha256=5k-k145ZoYhHLjyDES8nrA8f8BBihRI0ykrdD1IcfOs,3599
+airbyte_ops_mcp/github_actions.py,sha256=KwpQ0BrmCa6wiGRmSFGcFN-yIdlzLXN8kUxpi1ME3Tc,6740
 airbyte_ops_mcp/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 airbyte_ops_mcp/_legacy/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 airbyte_ops_mcp/_legacy/airbyte_ci/README.md,sha256=qEYx4geDR8AEDjrcA303h7Nol-CMDLojxUyiGzQprM8,236
@@ -351,13 +352,13 @@ airbyte_ops_mcp/cli/__init__.py,sha256=XpL7FyVfgabfBF2JR7u7NwJ2krlYqjd_OwLcWf-Xc
 airbyte_ops_mcp/cli/_base.py,sha256=I8tWnyQf0ks4r3J8N8h-5GZxyn37T-55KsbuHnxYlcg,415
 airbyte_ops_mcp/cli/_shared.py,sha256=jg-xMyGzTCGPqKd8VTfE_3kGPIyO_3Kx5sQbG4rPc0Y,1311
 airbyte_ops_mcp/cli/app.py,sha256=SEdBpqFUG2O8zGV5ifwptxrLGFph_dLr66-MX9d69gQ,789
-airbyte_ops_mcp/cli/cloud.py,sha256=semAuPqruWfe7JiVmtbELZgcpeqtoIn4LGD0kEvIS30,38981
+airbyte_ops_mcp/cli/cloud.py,sha256=Vv1nAXGPQlpKvDbKJ2cg86yGpkRlOZtHy0cWI_-dYJA,45116
 airbyte_ops_mcp/cli/gh.py,sha256=91b1AxFXvHQCFyXhrrym-756ZjnMCqvxFdmwCtma1zI,2046
 airbyte_ops_mcp/cli/registry.py,sha256=-yiLJWSslV_qGi6ImXZYfXOJSE4oJBO7yICkyA_RiUo,5792
 airbyte_ops_mcp/cli/repo.py,sha256=G1hoQpH0XYhUH3FFOsia9xabGB0LP9o3XcwBuqvFVo0,16331
 airbyte_ops_mcp/cloud_admin/__init__.py,sha256=cqE96Q10Kp6elhH9DAi6TVsIwSUy3sooDLLrxTaktGk,816
 airbyte_ops_mcp/cloud_admin/api_client.py,sha256=6PovHDwOzo4fxSyk6viwvnXjCRIiC4uPZo0pGMx0Bdk,17359
-airbyte_ops_mcp/cloud_admin/auth.py,sha256=j45pRR8fg6CLwVdn7Uu5KW_kTz_CjRP6ZJGUzqHj_Dk,2558
+airbyte_ops_mcp/cloud_admin/auth.py,sha256=qE2Aqe0qbZB755KscL65s54Jz78-F-X5a8fXKsrYEOQ,3749
 airbyte_ops_mcp/cloud_admin/connection_config.py,sha256=UtbIwuB7CA3WJr9oYRwlKDsjciqd_9ewWdml2f8DuXw,4887
 airbyte_ops_mcp/cloud_admin/models.py,sha256=YZ3FbEW-tZa50khKTTl4Bzvy_LsGyyQd6qcpXo62jls,2670
 airbyte_ops_mcp/connection_config_retriever/__init__.py,sha256=Xoi-YvARrNPhECdpwEDDkdwEpnvj8zuUlwULpf4iRrU,800
@@ -365,11 +366,12 @@ airbyte_ops_mcp/connection_config_retriever/audit_logging.py,sha256=GjT4dVa0TtvG
 airbyte_ops_mcp/connection_config_retriever/retrieval.py,sha256=s6yeCyrboWkUd6KdaheEo87x-rLtQNTL8XeR8O9z2HI,12160
 airbyte_ops_mcp/connection_config_retriever/secrets_resolution.py,sha256=12g0lZzhCzAPl4Iv4eMW6d76mvXjIBGspOnNhywzks4,3644
 airbyte_ops_mcp/live_tests/__init__.py,sha256=qJac67dt6DQCqif39HqeiG3Tr9xrxfP-ala8HsLZKis,1020
-airbyte_ops_mcp/live_tests/ci_output.py,sha256=NQATOGid0OCbLEl2NOtGK4cHLL5OxXhjmtanBjIlCyE,11369
+airbyte_ops_mcp/live_tests/cdk_secrets.py,sha256=TJ0Vbk5jfTvYElREh4fQFHWof0_bIxZfJqT33dDhtrE,3198
+airbyte_ops_mcp/live_tests/ci_output.py,sha256=rrvCVKKShc1iVPMuQJDBqSbsiAHIDpX8SA9j0Uwl_Cg,12718
 airbyte_ops_mcp/live_tests/config.py,sha256=dwWeY0tatdbwl9BqbhZ7EljoZDCtKmGO5fvOAIxeXmA,5873
 airbyte_ops_mcp/live_tests/connection_fetcher.py,sha256=5wIiA0VvCFNEc-fr6Po18gZMX3E5fyPOGf2SuVOqv5U,12799
 airbyte_ops_mcp/live_tests/connection_secret_retriever.py,sha256=DtZYB4Y8CXfUXTFhmzrqzjuEFoICzz5Md3Ol_y9HCq0,4861
-airbyte_ops_mcp/live_tests/connector_runner.py,sha256=fGE_TCii9zhC3pbyBupJ3JVkuxOWB59Q1DgigcF3q04,9707
+airbyte_ops_mcp/live_tests/connector_runner.py,sha256=BLy2RY-KLCK9jNmPz5EsPCk55fJ9WlOOaxr_Xw-GOjY,9914
 airbyte_ops_mcp/live_tests/evaluation_modes.py,sha256=lAL6pEDmy_XCC7_m4_NXjt_f6Z8CXeAhMkc0FU8bm_M,1364
 airbyte_ops_mcp/live_tests/http_metrics.py,sha256=oTD7f2MnQOvx4plOxHop2bInQ0-whvuToSsrC7TIM-M,12469
 airbyte_ops_mcp/live_tests/models.py,sha256=brtAT9oO1TwjFcP91dFcu0XcUNqQb-jf7di1zkoVEuo,8782
@@ -385,29 +387,30 @@ airbyte_ops_mcp/live_tests/validation/catalog_validators.py,sha256=jqqVAMOk0mtdP
 airbyte_ops_mcp/live_tests/validation/record_validators.py,sha256=-7Ir2LWGCrtadK2JLuBgppSyk0RFJX6Nsy0lrabtwrs,7411
 airbyte_ops_mcp/mcp/__init__.py,sha256=QqkNkxzdXlg-W03urBAQ3zmtOKFPf35rXgO9ceUjpng,334
 airbyte_ops_mcp/mcp/_guidance.py,sha256=48tQSnDnxqXtyGJxxgjz0ZiI814o_7Fj7f6R8jpQ7so,2375
+airbyte_ops_mcp/mcp/_http_headers.py,sha256=NfrbxYROOqisZFLjCNDvv7wFsFHDBzwr6l0U6xs209M,5563
 airbyte_ops_mcp/mcp/_mcp_utils.py,sha256=nhztHcoc-_ASPpJfoDBjxjjqEvQM6_QIrhp7F2UCrQk,11494
-airbyte_ops_mcp/mcp/cloud_connector_versions.py,sha256=XxaS6WBP0sJPRwT7TTPhVH2PzhPqVWMNU5fVdWdxLLk,10361
+airbyte_ops_mcp/mcp/cloud_connector_versions.py,sha256=Iz0SirqNAJigdyei-Qqi059OFxixt0VvXdC5CVBXZHc,14331
 airbyte_ops_mcp/mcp/connector_analysis.py,sha256=OC4KrOSkMkKPkOisWnSv96BDDE5TQYHq-Jxa2vtjJpo,298
 airbyte_ops_mcp/mcp/connector_qa.py,sha256=aImpqdnqBPDrz10BS0owsV4kuIU2XdalzgbaGZsbOL0,258
-airbyte_ops_mcp/mcp/github.py,sha256=opmVWRwjNs_jeWejv8wHOtb-3J09hOlqxg98GCzmFLo,7627
+airbyte_ops_mcp/mcp/github.py,sha256=Wum5V99A9vTsjK0YVoE1UOVu75F-M9chg0AnUGkiiT4,7215
 airbyte_ops_mcp/mcp/github_repo_ops.py,sha256=PiERpt8abo20Gz4CfXhrDNlVM4o4FOt5sweZJND2a0s,5314
-airbyte_ops_mcp/mcp/live_tests.py,sha256=eHfgNkEcY1OKzYiJmkxwOluLPiFHIdP4nm_H1H0MXDg,17940
+airbyte_ops_mcp/mcp/live_tests.py,sha256=8Nh0jZ9Un_jzAGJf88POgRVxJsomh8TVPyGhDKltx3Y,17158
 airbyte_ops_mcp/mcp/metadata.py,sha256=fwGW97WknR5lfKcQnFtK6dU87aA6TmLj1NkKyqDAV9g,270
-airbyte_ops_mcp/mcp/prerelease.py,sha256=08G6ogRqEauQyDxFLirUVaYeU3exAJd-DJn_8fXCNXg,9450
-airbyte_ops_mcp/mcp/prod_db_queries.py,sha256=RkBVISfkbwML3grWONxYsULRnFEYdqDZVBZIyo6W8xE,14311
+airbyte_ops_mcp/mcp/prerelease.py,sha256=LHLaSd8q0l7boAsVqTXOjFGDxAGsPZdtL3kj5_IOTEE,8852
+airbyte_ops_mcp/mcp/prod_db_queries.py,sha256=_eNMFM1CBQ4OM_daf2iq-L7lvlytqbI_6v48m5vJdSQ,15632
 airbyte_ops_mcp/mcp/prompts.py,sha256=mJld9mdPECXYZffWXGSvNs4Xevx3rxqUGNlzGKVC2_s,1599
 airbyte_ops_mcp/mcp/registry.py,sha256=PW-VYUj42qx2pQ_apUkVaoUFq7VgB9zEU7-aGrkSCCw,290
-airbyte_ops_mcp/mcp/server.py,sha256=7zi91xioVTx1q-bEleekZH2c2JnbzDQt_6zxdEwnLbg,2958
+airbyte_ops_mcp/mcp/server.py,sha256=-nMufnrpE55urarz0FTi7tG_WGgdqpCk9KnxbK-78xs,5184
 airbyte_ops_mcp/mcp/server_info.py,sha256=Yi4B1auW64QZGBDas5mro_vwTjvrP785TFNSBP7GhRg,2361
 airbyte_ops_mcp/prod_db_access/__init__.py,sha256=5pxouMPY1beyWlB0UwPnbaLTKTHqU6X82rbbgKY2vYU,1069
-airbyte_ops_mcp/prod_db_access/db_engine.py,sha256=11xNZTk4I8SKYhsnmE7-LVrkJXN4dCRbBeD1_hj3f-s,9027
+airbyte_ops_mcp/prod_db_access/db_engine.py,sha256=sG_yXRsP_KAEndJmiaooPk-BS-AHEdS-M2Cas0CrXzc,9384
 airbyte_ops_mcp/prod_db_access/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-airbyte_ops_mcp/prod_db_access/queries.py,sha256=q7PcI15EGh6jFS9MVB_gZt1a56YvrZV5hnwa5lgU2q0,10844
-airbyte_ops_mcp/prod_db_access/sql.py,sha256=tWQAwMk8DzG8HpLIYglljlReI2oeYulQPsV31ocUJSw,16251
+airbyte_ops_mcp/prod_db_access/queries.py,sha256=txeqRPbovgqbk7lu8ttiZXgA77abFzzeO3hql2o8c44,11228
+airbyte_ops_mcp/prod_db_access/sql.py,sha256=P6UbIHafg3ibs901DPlJxLilxsc-RrCPvnyzSwP-fMw,16300
 airbyte_ops_mcp/registry/__init__.py,sha256=iEaPlt9GrnlaLbc__98TguNeZG8wuQu7S-_2QkhHcbA,858
 airbyte_ops_mcp/registry/models.py,sha256=B4L4TKr52wo0xs0CqvCBrpowqjShzVnZ5eTr2-EyhNs,2346
 airbyte_ops_mcp/registry/publish.py,sha256=VoPxsM2_0zJ829orzCRN-kjgcJtuBNyXgW4I9J680ro,12717
-airbyte_internal_ops-0.1.10.dist-info/METADATA,sha256=I3WAz4JM1tgyGMcFaV5ElRwvwYjlRLR9kXKzifetd1Q,5283
-airbyte_internal_ops-0.1.10.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-airbyte_internal_ops-0.1.10.dist-info/entry_points.txt,sha256=eUgJ9xIy9PlR-CgRbqRMsh1NVp6jz08v9bul9vCYlU4,111
-airbyte_internal_ops-0.1.10.dist-info/RECORD,,
+airbyte_internal_ops-0.2.0.dist-info/METADATA,sha256=rakGRwvZx1XV9JszUAAJo9nx_ayyP7NJvC7P3mzK9Tk,5282
+airbyte_internal_ops-0.2.0.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+airbyte_internal_ops-0.2.0.dist-info/entry_points.txt,sha256=WxP0l7bRFss4Cr5uQqVj9mTEKwnRKouNuphXQF0lotA,171
+airbyte_internal_ops-0.2.0.dist-info/RECORD,,

{airbyte_internal_ops-0.1.10.dist-info → airbyte_internal_ops-0.2.0.dist-info}/entry_points.txt

@@ -1,3 +1,4 @@
 [console_scripts]
 airbyte-ops = airbyte_ops_mcp.cli.app:main
 airbyte-ops-mcp = airbyte_ops_mcp.mcp.server:main
+airbyte-ops-mcp-http = airbyte_ops_mcp.mcp.server:main_http

airbyte_ops_mcp/cli/cloud.py

@@ -18,10 +18,13 @@ import shutil
 import signal
 import socket
 import subprocess
+import tempfile
 import time
 from pathlib import Path
 from typing import Annotated, Literal
 
+import requests
+import yaml
 from airbyte_cdk.models.connector_metadata import MetadataFile
 from airbyte_cdk.utils.connector_paths import find_connector_root_from_name
 from airbyte_cdk.utils.docker import build_connector_image, verify_docker_installation
@@ -42,6 +45,7 @@ from airbyte_ops_mcp.constants import (
     DEFAULT_CLOUD_SQL_PROXY_PORT,
     ENV_GCP_PROD_DB_ACCESS_CREDENTIALS,
 )
+from airbyte_ops_mcp.live_tests.cdk_secrets import get_first_config_from_secrets
 from airbyte_ops_mcp.live_tests.ci_output import (
     generate_regression_report,
     get_report_summary,
@@ -55,6 +59,10 @@ from airbyte_ops_mcp.live_tests.connection_fetcher import (
     fetch_connection_data,
     save_connection_data_to_files,
 )
+from airbyte_ops_mcp.live_tests.connection_secret_retriever import (
+    enrich_config_with_secrets,
+    should_use_secret_retriever,
+)
 from airbyte_ops_mcp.live_tests.connector_runner import (
     ConnectorRunner,
     ensure_image_available,
@@ -314,6 +322,20 @@ def set_version_override(
         str,
         Parameter(help="Explanation for the override (min 10 characters)."),
     ],
+    issue_url: Annotated[
+        str,
+        Parameter(help="GitHub issue URL providing context for this operation."),
+    ],
+    approval_comment_url: Annotated[
+        str,
+        Parameter(help="GitHub comment URL where admin authorized this deployment."),
+    ],
+    ai_agent_session_url: Annotated[
+        str | None,
+        Parameter(
+            help="URL to AI agent session driving this operation (for auditability)."
+        ),
+    ] = None,
     reason_url: Annotated[
         str | None,
         Parameter(help="Optional URL with more context (e.g., issue link)."),
@@ -324,6 +346,7 @@ def set_version_override(
     Requires admin authentication via AIRBYTE_INTERNAL_ADMIN_FLAG and
     AIRBYTE_INTERNAL_ADMIN_USER environment variables.
     """
+    admin_user_email = os.environ.get("AIRBYTE_INTERNAL_ADMIN_USER")
     result = set_cloud_connector_version_override(
         workspace_id=workspace_id,
         actor_id=connector_id,
@@ -332,6 +355,10 @@ def set_version_override(
         unset=False,
         override_reason=reason,
         override_reason_reference_url=reason_url,
+        admin_user_email=admin_user_email,
+        issue_url=issue_url,
+        approval_comment_url=approval_comment_url,
+        ai_agent_session_url=ai_agent_session_url,
     )
     if result.success:
         print_success(result.message)
@@ -354,12 +381,27 @@ def clear_version_override(
         Literal["source", "destination"],
         Parameter(help="The type of connector."),
     ],
+    issue_url: Annotated[
+        str,
+        Parameter(help="GitHub issue URL providing context for this operation."),
+    ],
+    approval_comment_url: Annotated[
+        str,
+        Parameter(help="GitHub comment URL where admin authorized this deployment."),
+    ],
+    ai_agent_session_url: Annotated[
+        str | None,
+        Parameter(
+            help="URL to AI agent session driving this operation (for auditability)."
+        ),
+    ] = None,
 ) -> None:
     """Clear a version override from a deployed connector.
 
     Requires admin authentication via AIRBYTE_INTERNAL_ADMIN_FLAG and
     AIRBYTE_INTERNAL_ADMIN_USER environment variables.
     """
+    admin_user_email = os.environ.get("AIRBYTE_INTERNAL_ADMIN_USER")
     result = set_cloud_connector_version_override(
         workspace_id=workspace_id,
         actor_id=connector_id,
@@ -368,6 +410,10 @@ def clear_version_override(
         unset=True,
         override_reason=None,
         override_reason_reference_url=None,
+        admin_user_email=admin_user_email,
+        issue_url=issue_url,
+        approval_comment_url=approval_comment_url,
+        ai_agent_session_url=ai_agent_session_url,
     )
     if result.success:
         print_success(result.message)
@@ -507,6 +553,49 @@ def _build_connector_image_from_source(
     return built_image
 
 
+def _fetch_control_image_from_metadata(connector_name: str) -> str | None:
+    """Fetch the current released connector image from metadata.yaml on main branch.
+
+    This fetches the connector's metadata.yaml from the airbyte monorepo's master branch
+    and extracts the dockerRepository and dockerImageTag to construct the control image.
+
+    Args:
+        connector_name: The connector name (e.g., 'source-github').
+
+    Returns:
+        The full connector image with tag (e.g., 'airbyte/source-github:1.0.0'),
+        or None if the metadata could not be fetched or parsed.
+    """
+    metadata_url = (
+        f"https://raw.githubusercontent.com/airbytehq/airbyte/master/"
+        f"airbyte-integrations/connectors/{connector_name}/metadata.yaml"
+    )
+    response = requests.get(metadata_url, timeout=30)
+    if not response.ok:
+        print_error(
+            f"Failed to fetch metadata for {connector_name}: "
+            f"HTTP {response.status_code} from {metadata_url}"
+        )
+        return None
+
+    metadata = yaml.safe_load(response.text)
+    if not isinstance(metadata, dict):
+        print_error(f"Invalid metadata format for {connector_name}: expected dict")
+        return None
+
+    data = metadata.get("data", {})
+    docker_repository = data.get("dockerRepository")
+    docker_image_tag = data.get("dockerImageTag")
+
+    if not docker_repository or not docker_image_tag:
+        print_error(
+            f"Could not find dockerRepository/dockerImageTag in metadata for {connector_name}"
+        )
+        return None
+
+    return f"{docker_repository}:{docker_image_tag}"
+
+
 @connector_app.command(name="live-test")
 def live_test(
     connector_image: Annotated[
@@ -894,6 +983,26 @@ def regression_test(
 
         print_success(f"Fetching config/catalog from connection: {connection_id}")
         connection_data = fetch_connection_data(connection_id)
+
+        # Check if we should retrieve unmasked secrets
+        if should_use_secret_retriever():
+            print_success(
+                "USE_CONNECTION_SECRET_RETRIEVER enabled - enriching config with unmasked secrets..."
+            )
+            try:
+                connection_data = enrich_config_with_secrets(
+                    connection_data,
+                    retrieval_reason="Regression test with USE_CONNECTION_SECRET_RETRIEVER=true",
+                )
+                print_success("Successfully retrieved unmasked secrets from database")
+            except Exception as e:
+                print_error(f"Failed to retrieve unmasked secrets: {e}")
+                print_error(
+                    "Proceeding with masked config from public API - tests may fail due to masked credentials. "
+                    "If you expected unmasked secrets, verify that the USE_CONNECTION_SECRET_RETRIEVER flag is enabled "
+                    f"and that the {ENV_GCP_PROD_DB_ACCESS_CREDENTIALS} environment variable is set with valid database credentials."
+                )
+
         config_file, catalog_file = save_connection_data_to_files(
             connection_data, output_path / "connection_data"
         )
@@ -906,10 +1015,48 @@ def regression_test(
         if not resolved_control_image and connection_data.connector_image:
             resolved_control_image = connection_data.connector_image
             print_success(f"Auto-detected control image: {resolved_control_image}")
+    elif config_path:
+        config_file = Path(config_path)
+        catalog_file = Path(catalog_path) if catalog_path else None
+    elif connector_name:
+        # Fallback: fetch integration test secrets from GSM using PyAirbyte API
+        print_success(
+            f"No connection_id or config_path provided. "
+            f"Attempting to fetch integration test config from GSM for {connector_name}..."
+        )
+        gsm_config = get_first_config_from_secrets(connector_name)
+        if gsm_config:
+            # Write config to a temp file (not in output_path to avoid artifact upload)
+            gsm_config_dir = Path(
+                tempfile.mkdtemp(prefix=f"gsm-config-{connector_name}-")
+            )
+            gsm_config_dir.chmod(0o700)
+            gsm_config_file = gsm_config_dir / "config.json"
+            gsm_config_file.write_text(json.dumps(gsm_config, indent=2))
+            gsm_config_file.chmod(0o600)
+            config_file = gsm_config_file
+            catalog_file = None
+            print_success(
+                f"Fetched integration test config from GSM for {connector_name}"
+            )
+        else:
+            print_error(
+                f"Failed to fetch integration test config from GSM for {connector_name}."
+            )
+            config_file = None
+            catalog_file = None
     else:
-        config_file = Path(config_path) if config_path else None
+        config_file = None
         catalog_file = Path(catalog_path) if catalog_path else None
 
+    # Auto-detect control_image from metadata.yaml if connector_name is provided
+    if not resolved_control_image and connector_name:
+        resolved_control_image = _fetch_control_image_from_metadata(connector_name)
+        if resolved_control_image:
+            print_success(
+                f"Auto-detected control image from metadata.yaml: {resolved_control_image}"
+            )
+
     # Validate that we have both images
     if not resolved_target_image:
         write_github_output("success", False)
@@ -923,8 +1070,9 @@ def regression_test(
         write_github_output("success", False)
         write_github_output("error", "No control image specified")
         exit_with_error(
-            "You must provide one of the following: a control_image or a connection_id "
-            "for a connection that has an associated connector image."
+            "You must provide one of the following: a control_image, a connection_id "
+            "for a connection that has an associated connector image, or a connector_name "
+            "to auto-detect the control image from the airbyte repo's metadata.yaml."
         )
 
     # Pull images if they weren't just built locally

airbyte_ops_mcp/cloud_admin/auth.py

@@ -41,6 +41,20 @@ def check_internal_admin_flag() -> bool:
     return bool(admin_user and EXPECTED_ADMIN_EMAIL_DOMAIN in admin_user)
 
 
+def check_internal_admin_flag_only() -> bool:
+    """Check if internal admin flag is set (without requiring user email env var).
+
+    This is a lighter check that only validates AIRBYTE_INTERNAL_ADMIN_FLAG,
+    allowing the admin user email to be provided as a parameter instead of
+    an environment variable.
+
+    Returns:
+        True if AIRBYTE_INTERNAL_ADMIN_FLAG is set correctly, False otherwise
+    """
+    admin_flag = os.environ.get(ENV_AIRBYTE_INTERNAL_ADMIN_FLAG)
+    return admin_flag == EXPECTED_ADMIN_FLAG_VALUE
+
+
 def require_internal_admin() -> None:
     """Require internal admin access for the current operation.
 
@@ -59,6 +73,24 @@ def require_internal_admin() -> None:
         )
 
 
+def require_internal_admin_flag_only() -> None:
+    """Require internal admin flag for the current operation.
+
+    This is a lighter check that only validates AIRBYTE_INTERNAL_ADMIN_FLAG,
+    allowing the admin user email to be provided as a parameter instead of
+    an environment variable.
+
+    Raises:
+        CloudAuthError: If AIRBYTE_INTERNAL_ADMIN_FLAG is not properly configured
+    """
+    if not check_internal_admin_flag_only():
+        raise CloudAuthError(
+            "This operation requires internal admin access. "
+            f"Set {ENV_AIRBYTE_INTERNAL_ADMIN_FLAG}={EXPECTED_ADMIN_FLAG_VALUE} "
+            "environment variable."
+        )
+
+
 def get_admin_user_email() -> str:
     """Get the admin user email from environment.
 

airbyte_ops_mcp/constants.py

@@ -20,6 +20,24 @@ ENV_GCP_PROD_DB_ACCESS_CREDENTIALS = "GCP_PROD_DB_ACCESS_CREDENTIALS"
 EXPECTED_ADMIN_FLAG_VALUE = "airbyte.io"
 EXPECTED_ADMIN_EMAIL_DOMAIN = "@airbyte.io"
 
+# =============================================================================
+# HTTP Header Names for Airbyte Cloud Authentication
+# =============================================================================
+# These headers follow the PyAirbyte convention for passing credentials
+# via HTTP when running as an MCP HTTP server.
+
+HEADER_AIRBYTE_CLOUD_CLIENT_ID = "X-Airbyte-Cloud-Client-Id"
+"""HTTP header for OAuth client ID."""
+
+HEADER_AIRBYTE_CLOUD_CLIENT_SECRET = "X-Airbyte-Cloud-Client-Secret"
+"""HTTP header for OAuth client secret."""
+
+HEADER_AIRBYTE_CLOUD_WORKSPACE_ID = "X-Airbyte-Cloud-Workspace-Id"
+"""HTTP header for default workspace ID."""
+
+HEADER_AIRBYTE_CLOUD_API_URL = "X-Airbyte-Cloud-Api-Url"
+"""HTTP header for API root URL override."""
+
 # =============================================================================
 # GCP and Prod DB Constants (from connection-retriever)
 # =============================================================================

airbyte_ops_mcp/github_actions.py

@@ -0,0 +1,218 @@
+# Copyright (c) 2025 Airbyte, Inc., all rights reserved.
+"""GitHub Actions API utilities.
+
+This module provides core utilities for interacting with GitHub Actions workflows,
+including workflow dispatch, run discovery, and authentication. These utilities
+are used by MCP tools but are not MCP-specific.
+"""
+
+from __future__ import annotations
+
+import os
+import shutil
+import subprocess
+import time
+from dataclasses import dataclass
+from datetime import datetime, timedelta
+
+import requests
+
+GITHUB_API_BASE = "https://api.github.com"
+
+
+def resolve_github_token(preferred_env_vars: list[str] | None = None) -> str:
+    """Resolve GitHub token from environment variables or gh CLI.
+
+    Checks environment variables in order of preference, returning the first
+    non-empty value found. If no environment variables are set, attempts to
+    get a token from the gh CLI tool using 'gh auth token'.
+
+    Args:
+        preferred_env_vars: List of environment variable names to check in order.
+            Defaults to ["GITHUB_CI_WORKFLOW_TRIGGER_PAT", "GITHUB_TOKEN"].
+
+    Returns:
+        GitHub token string.
+
+    Raises:
+        ValueError: If no GitHub token is found in env vars or gh CLI.
+    """
+    if preferred_env_vars is None:
+        preferred_env_vars = ["GITHUB_CI_WORKFLOW_TRIGGER_PAT", "GITHUB_TOKEN"]
+
+    # Check environment variables first
+    for env_var in preferred_env_vars:
+        token = os.getenv(env_var)
+        if token:
+            return token
+
+    # Fall back to gh CLI if available
+    gh_path = shutil.which("gh")
+    if gh_path:
+        try:
+            result = subprocess.run(
+                [gh_path, "auth", "token"],
+                capture_output=True,
+                text=True,
+                timeout=5,
+                check=False,
+            )
+            if result.returncode == 0 and result.stdout.strip():
+                return result.stdout.strip()
+        except (subprocess.TimeoutExpired, subprocess.SubprocessError):
+            pass
+
+    env_var_list = ", ".join(preferred_env_vars)
+    raise ValueError(
+        f"No GitHub token found. Set one of: {env_var_list} environment variable, "
+        "or authenticate with 'gh auth login'."
+    )
+
+
+@dataclass
+class WorkflowDispatchResult:
+    """Result of triggering a workflow dispatch."""
+
+    workflow_url: str
+    """URL to the workflow file (e.g., .../actions/workflows/my-workflow.yml)"""
+
+    run_id: int | None = None
+    """GitHub Actions run ID, if discovered"""
+
+    run_url: str | None = None
+    """Direct URL to the workflow run, if discovered"""
+
+
+def find_workflow_run(
+    owner: str,
+    repo: str,
+    workflow_file: str,
+    ref: str,
+    token: str,
+    created_after: datetime,
+    max_wait_seconds: float = 5.0,
+) -> tuple[int, str] | None:
+    """Find a workflow run that was created after a given time.
+
+    This is used to find the run that was just triggered via workflow_dispatch.
+    Polls for up to max_wait_seconds to handle GitHub API eventual consistency.
+
+    Args:
+        owner: Repository owner
+        repo: Repository name
+        workflow_file: Workflow file name
+        ref: Git ref the workflow was triggered on
+        token: GitHub API token
+        created_after: Only consider runs created after this time
+        max_wait_seconds: Maximum time to wait for run to appear (default 5 seconds)
+
+    Returns:
+        Tuple of (run_id, run_url) if found, None otherwise.
+    """
+    url = (
+        f"{GITHUB_API_BASE}/repos/{owner}/{repo}/actions/workflows/{workflow_file}/runs"
+    )
+    headers = {
+        "Authorization": f"Bearer {token}",
+        "Accept": "application/vnd.github+json",
+        "X-GitHub-Api-Version": "2022-11-28",
+    }
+    params = {
+        "branch": ref,
+        "event": "workflow_dispatch",
+        "per_page": 5,
+    }
+
+    # Add a small buffer to handle timestamp precision differences between
+    # local time and GitHub's created_at (which has second resolution)
+    search_after = created_after - timedelta(seconds=2)
+
+    deadline = time.monotonic() + max_wait_seconds
+    attempt = 0
+
+    while time.monotonic() < deadline:
+        if attempt > 0:
+            time.sleep(1.0)
+        attempt += 1
+
+        response = requests.get(url, headers=headers, params=params, timeout=30)
+        if not response.ok:
+            continue
+
+        data = response.json()
+        runs = data.get("workflow_runs", [])
+
+        for run in runs:
+            run_created_at = datetime.fromisoformat(
+                run["created_at"].replace("Z", "+00:00")
+            )
+            if run_created_at >= search_after:
+                return run["id"], run["html_url"]
+
+    return None
+
+
+def trigger_workflow_dispatch(
+    owner: str,
+    repo: str,
+    workflow_file: str,
+    ref: str,
+    inputs: dict,
+    token: str,
+    find_run: bool = True,
+    max_wait_seconds: float = 5.0,
+) -> WorkflowDispatchResult:
+    """Trigger a GitHub Actions workflow via workflow_dispatch.
+
+    Args:
+        owner: Repository owner (e.g., "airbytehq")
+        repo: Repository name (e.g., "airbyte-ops-mcp")
+        workflow_file: Workflow file name (e.g., "connector-live-test.yml")
+        ref: Git ref to run the workflow on (branch name)
+        inputs: Workflow inputs dictionary
+        token: GitHub API token
+        find_run: Whether to attempt to find the run after dispatch (default True)
+        max_wait_seconds: Maximum time to wait for run discovery (default 5 seconds)
+
+    Returns:
+        WorkflowDispatchResult with workflow URL and optionally run ID/URL.
+
+    Raises:
+        requests.HTTPError: If API request fails.
+    """
+    dispatch_time = datetime.now(tz=datetime.now().astimezone().tzinfo)
+
+    url = f"{GITHUB_API_BASE}/repos/{owner}/{repo}/actions/workflows/{workflow_file}/dispatches"
+    headers = {
+        "Authorization": f"Bearer {token}",
+        "Accept": "application/vnd.github+json",
+        "X-GitHub-Api-Version": "2022-11-28",
+    }
+    payload = {
+        "ref": ref,
+        "inputs": inputs,
+    }
+
+    response = requests.post(url, headers=headers, json=payload, timeout=30)
+    response.raise_for_status()
+
+    workflow_url = (
+        f"https://github.com/{owner}/{repo}/actions/workflows/{workflow_file}"
+    )
+
+    if not find_run:
+        return WorkflowDispatchResult(workflow_url=workflow_url)
+
+    # Best-effort lookup of the run that was just triggered
+    run_info = find_workflow_run(
+        owner, repo, workflow_file, ref, token, dispatch_time, max_wait_seconds
+    )
+    if run_info:
+        run_id, run_url = run_info
+        return WorkflowDispatchResult(
+            workflow_url=workflow_url,
+            run_id=run_id,
+            run_url=run_url,
+        )
+
+    return WorkflowDispatchResult(workflow_url=workflow_url)