PyPI - airbyte-internal-ops - Versions diffs - 0.1.11__py3-none-any.whl → 0.2.0__py3-none-any.whl - Mend

airbyte-internal-ops 0.1.11py3-none-any.whl → 0.2.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

{airbyte_internal_ops-0.1.11.dist-info → airbyte_internal_ops-0.2.0.dist-info}/METADATA +1 -1
{airbyte_internal_ops-0.1.11.dist-info → airbyte_internal_ops-0.2.0.dist-info}/RECORD +16 -15
{airbyte_internal_ops-0.1.11.dist-info → airbyte_internal_ops-0.2.0.dist-info}/entry_points.txt +1 -0
airbyte_ops_mcp/cli/cloud.py +62 -0
airbyte_ops_mcp/cloud_admin/auth.py +32 -0
airbyte_ops_mcp/constants.py +18 -0
airbyte_ops_mcp/github_actions.py +25 -4
airbyte_ops_mcp/mcp/_http_headers.py +198 -0
airbyte_ops_mcp/mcp/cloud_connector_versions.py +118 -22
airbyte_ops_mcp/mcp/live_tests.py +9 -7
airbyte_ops_mcp/mcp/prod_db_queries.py +67 -24
airbyte_ops_mcp/mcp/server.py +81 -8
airbyte_ops_mcp/prod_db_access/db_engine.py +8 -0
airbyte_ops_mcp/prod_db_access/queries.py +27 -15
airbyte_ops_mcp/prod_db_access/sql.py +17 -16
{airbyte_internal_ops-0.1.11.dist-info → airbyte_internal_ops-0.2.0.dist-info}/WHEEL +0 -0

{airbyte_internal_ops-0.1.11.dist-info → airbyte_internal_ops-0.2.0.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: airbyte-internal-ops
-Version: 0.1.11
+Version: 0.2.0
 Summary: MCP and API interfaces that let the agents do the admin work
 Author-email: Aaron Steers <aj@airbyte.io>
 Keywords: admin,airbyte,api,mcp

{airbyte_internal_ops-0.1.11.dist-info → airbyte_internal_ops-0.2.0.dist-info}/RECORD RENAMED Viewed

@@ -1,8 +1,8 @@
 airbyte_ops_mcp/__init__.py,sha256=HhzURuYr29_UIdMrnWYaZB8ENr_kFkBdm4uqeiIW3Vw,760
 airbyte_ops_mcp/_annotations.py,sha256=MO-SBDnbykxxHDESG7d8rviZZ4WlZgJKv0a8eBqcEzQ,1757
-airbyte_ops_mcp/constants.py,sha256=col6-5BUWuIYhbtKmlvSRR8URBoSNExoz94cn4_kujI,2333
+airbyte_ops_mcp/constants.py,sha256=THmvIjU3pb7kpNjn7TpRWD86gtDLmtlQwYuFnaQp_rg,3095
 airbyte_ops_mcp/gcp_auth.py,sha256=5k-k145ZoYhHLjyDES8nrA8f8BBihRI0ykrdD1IcfOs,3599
-airbyte_ops_mcp/github_actions.py,sha256=51rHxqTR-1yHPKfZZLKldz8f-4jZbMd71ICF_LQWvCs,5995
+airbyte_ops_mcp/github_actions.py,sha256=KwpQ0BrmCa6wiGRmSFGcFN-yIdlzLXN8kUxpi1ME3Tc,6740
 airbyte_ops_mcp/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 airbyte_ops_mcp/_legacy/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 airbyte_ops_mcp/_legacy/airbyte_ci/README.md,sha256=qEYx4geDR8AEDjrcA303h7Nol-CMDLojxUyiGzQprM8,236
@@ -352,13 +352,13 @@ airbyte_ops_mcp/cli/__init__.py,sha256=XpL7FyVfgabfBF2JR7u7NwJ2krlYqjd_OwLcWf-Xc
 airbyte_ops_mcp/cli/_base.py,sha256=I8tWnyQf0ks4r3J8N8h-5GZxyn37T-55KsbuHnxYlcg,415
 airbyte_ops_mcp/cli/_shared.py,sha256=jg-xMyGzTCGPqKd8VTfE_3kGPIyO_3Kx5sQbG4rPc0Y,1311
 airbyte_ops_mcp/cli/app.py,sha256=SEdBpqFUG2O8zGV5ifwptxrLGFph_dLr66-MX9d69gQ,789
-airbyte_ops_mcp/cli/cloud.py,sha256=idkqBKUlWx9toNGiZy8tVq6MOpQoi4ZWfIRVpdsIdiQ,42494
+airbyte_ops_mcp/cli/cloud.py,sha256=Vv1nAXGPQlpKvDbKJ2cg86yGpkRlOZtHy0cWI_-dYJA,45116
 airbyte_ops_mcp/cli/gh.py,sha256=91b1AxFXvHQCFyXhrrym-756ZjnMCqvxFdmwCtma1zI,2046
 airbyte_ops_mcp/cli/registry.py,sha256=-yiLJWSslV_qGi6ImXZYfXOJSE4oJBO7yICkyA_RiUo,5792
 airbyte_ops_mcp/cli/repo.py,sha256=G1hoQpH0XYhUH3FFOsia9xabGB0LP9o3XcwBuqvFVo0,16331
 airbyte_ops_mcp/cloud_admin/__init__.py,sha256=cqE96Q10Kp6elhH9DAi6TVsIwSUy3sooDLLrxTaktGk,816
 airbyte_ops_mcp/cloud_admin/api_client.py,sha256=6PovHDwOzo4fxSyk6viwvnXjCRIiC4uPZo0pGMx0Bdk,17359
-airbyte_ops_mcp/cloud_admin/auth.py,sha256=j45pRR8fg6CLwVdn7Uu5KW_kTz_CjRP6ZJGUzqHj_Dk,2558
+airbyte_ops_mcp/cloud_admin/auth.py,sha256=qE2Aqe0qbZB755KscL65s54Jz78-F-X5a8fXKsrYEOQ,3749
 airbyte_ops_mcp/cloud_admin/connection_config.py,sha256=UtbIwuB7CA3WJr9oYRwlKDsjciqd_9ewWdml2f8DuXw,4887
 airbyte_ops_mcp/cloud_admin/models.py,sha256=YZ3FbEW-tZa50khKTTl4Bzvy_LsGyyQd6qcpXo62jls,2670
 airbyte_ops_mcp/connection_config_retriever/__init__.py,sha256=Xoi-YvARrNPhECdpwEDDkdwEpnvj8zuUlwULpf4iRrU,800
@@ -387,29 +387,30 @@ airbyte_ops_mcp/live_tests/validation/catalog_validators.py,sha256=jqqVAMOk0mtdP
 airbyte_ops_mcp/live_tests/validation/record_validators.py,sha256=-7Ir2LWGCrtadK2JLuBgppSyk0RFJX6Nsy0lrabtwrs,7411
 airbyte_ops_mcp/mcp/__init__.py,sha256=QqkNkxzdXlg-W03urBAQ3zmtOKFPf35rXgO9ceUjpng,334
 airbyte_ops_mcp/mcp/_guidance.py,sha256=48tQSnDnxqXtyGJxxgjz0ZiI814o_7Fj7f6R8jpQ7so,2375
+airbyte_ops_mcp/mcp/_http_headers.py,sha256=NfrbxYROOqisZFLjCNDvv7wFsFHDBzwr6l0U6xs209M,5563
 airbyte_ops_mcp/mcp/_mcp_utils.py,sha256=nhztHcoc-_ASPpJfoDBjxjjqEvQM6_QIrhp7F2UCrQk,11494
-airbyte_ops_mcp/mcp/cloud_connector_versions.py,sha256=XxaS6WBP0sJPRwT7TTPhVH2PzhPqVWMNU5fVdWdxLLk,10361
+airbyte_ops_mcp/mcp/cloud_connector_versions.py,sha256=Iz0SirqNAJigdyei-Qqi059OFxixt0VvXdC5CVBXZHc,14331
 airbyte_ops_mcp/mcp/connector_analysis.py,sha256=OC4KrOSkMkKPkOisWnSv96BDDE5TQYHq-Jxa2vtjJpo,298
 airbyte_ops_mcp/mcp/connector_qa.py,sha256=aImpqdnqBPDrz10BS0owsV4kuIU2XdalzgbaGZsbOL0,258
 airbyte_ops_mcp/mcp/github.py,sha256=Wum5V99A9vTsjK0YVoE1UOVu75F-M9chg0AnUGkiiT4,7215
 airbyte_ops_mcp/mcp/github_repo_ops.py,sha256=PiERpt8abo20Gz4CfXhrDNlVM4o4FOt5sweZJND2a0s,5314
-airbyte_ops_mcp/mcp/live_tests.py,sha256=WnWUeGb_fxf6oBjp1ye51Y2fP-Ld-CDbFnTO-_dnV-Q,17134
+airbyte_ops_mcp/mcp/live_tests.py,sha256=8Nh0jZ9Un_jzAGJf88POgRVxJsomh8TVPyGhDKltx3Y,17158
 airbyte_ops_mcp/mcp/metadata.py,sha256=fwGW97WknR5lfKcQnFtK6dU87aA6TmLj1NkKyqDAV9g,270
 airbyte_ops_mcp/mcp/prerelease.py,sha256=LHLaSd8q0l7boAsVqTXOjFGDxAGsPZdtL3kj5_IOTEE,8852
-airbyte_ops_mcp/mcp/prod_db_queries.py,sha256=RkBVISfkbwML3grWONxYsULRnFEYdqDZVBZIyo6W8xE,14311
+airbyte_ops_mcp/mcp/prod_db_queries.py,sha256=_eNMFM1CBQ4OM_daf2iq-L7lvlytqbI_6v48m5vJdSQ,15632
 airbyte_ops_mcp/mcp/prompts.py,sha256=mJld9mdPECXYZffWXGSvNs4Xevx3rxqUGNlzGKVC2_s,1599
 airbyte_ops_mcp/mcp/registry.py,sha256=PW-VYUj42qx2pQ_apUkVaoUFq7VgB9zEU7-aGrkSCCw,290
-airbyte_ops_mcp/mcp/server.py,sha256=7zi91xioVTx1q-bEleekZH2c2JnbzDQt_6zxdEwnLbg,2958
+airbyte_ops_mcp/mcp/server.py,sha256=-nMufnrpE55urarz0FTi7tG_WGgdqpCk9KnxbK-78xs,5184
 airbyte_ops_mcp/mcp/server_info.py,sha256=Yi4B1auW64QZGBDas5mro_vwTjvrP785TFNSBP7GhRg,2361
 airbyte_ops_mcp/prod_db_access/__init__.py,sha256=5pxouMPY1beyWlB0UwPnbaLTKTHqU6X82rbbgKY2vYU,1069
-airbyte_ops_mcp/prod_db_access/db_engine.py,sha256=11xNZTk4I8SKYhsnmE7-LVrkJXN4dCRbBeD1_hj3f-s,9027
+airbyte_ops_mcp/prod_db_access/db_engine.py,sha256=sG_yXRsP_KAEndJmiaooPk-BS-AHEdS-M2Cas0CrXzc,9384
 airbyte_ops_mcp/prod_db_access/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-airbyte_ops_mcp/prod_db_access/queries.py,sha256=q7PcI15EGh6jFS9MVB_gZt1a56YvrZV5hnwa5lgU2q0,10844
-airbyte_ops_mcp/prod_db_access/sql.py,sha256=tWQAwMk8DzG8HpLIYglljlReI2oeYulQPsV31ocUJSw,16251
+airbyte_ops_mcp/prod_db_access/queries.py,sha256=txeqRPbovgqbk7lu8ttiZXgA77abFzzeO3hql2o8c44,11228
+airbyte_ops_mcp/prod_db_access/sql.py,sha256=P6UbIHafg3ibs901DPlJxLilxsc-RrCPvnyzSwP-fMw,16300
 airbyte_ops_mcp/registry/__init__.py,sha256=iEaPlt9GrnlaLbc__98TguNeZG8wuQu7S-_2QkhHcbA,858
 airbyte_ops_mcp/registry/models.py,sha256=B4L4TKr52wo0xs0CqvCBrpowqjShzVnZ5eTr2-EyhNs,2346
 airbyte_ops_mcp/registry/publish.py,sha256=VoPxsM2_0zJ829orzCRN-kjgcJtuBNyXgW4I9J680ro,12717
-airbyte_internal_ops-0.1.11.dist-info/METADATA,sha256=AgQjwFgwAvefxtJxe234AHdr61u1n_FOBy61CU4wYq4,5283
-airbyte_internal_ops-0.1.11.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-airbyte_internal_ops-0.1.11.dist-info/entry_points.txt,sha256=eUgJ9xIy9PlR-CgRbqRMsh1NVp6jz08v9bul9vCYlU4,111
-airbyte_internal_ops-0.1.11.dist-info/RECORD,,
+airbyte_internal_ops-0.2.0.dist-info/METADATA,sha256=rakGRwvZx1XV9JszUAAJo9nx_ayyP7NJvC7P3mzK9Tk,5282
+airbyte_internal_ops-0.2.0.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+airbyte_internal_ops-0.2.0.dist-info/entry_points.txt,sha256=WxP0l7bRFss4Cr5uQqVj9mTEKwnRKouNuphXQF0lotA,171
+airbyte_internal_ops-0.2.0.dist-info/RECORD,,

{airbyte_internal_ops-0.1.11.dist-info → airbyte_internal_ops-0.2.0.dist-info}/entry_points.txt RENAMED Viewed

@@ -1,3 +1,4 @@
 [console_scripts]
 airbyte-ops = airbyte_ops_mcp.cli.app:main
 airbyte-ops-mcp = airbyte_ops_mcp.mcp.server:main
+airbyte-ops-mcp-http = airbyte_ops_mcp.mcp.server:main_http

airbyte_ops_mcp/cli/cloud.py CHANGED Viewed

@@ -59,6 +59,10 @@ from airbyte_ops_mcp.live_tests.connection_fetcher import (
     fetch_connection_data,
     save_connection_data_to_files,
 )
+from airbyte_ops_mcp.live_tests.connection_secret_retriever import (
+    enrich_config_with_secrets,
+    should_use_secret_retriever,
+)
 from airbyte_ops_mcp.live_tests.connector_runner import (
     ConnectorRunner,
     ensure_image_available,
@@ -318,6 +322,20 @@ def set_version_override(
         str,
         Parameter(help="Explanation for the override (min 10 characters)."),
     ],
+    issue_url: Annotated[
+        str,
+        Parameter(help="GitHub issue URL providing context for this operation."),
+    ],
+    approval_comment_url: Annotated[
+        str,
+        Parameter(help="GitHub comment URL where admin authorized this deployment."),
+    ],
+    ai_agent_session_url: Annotated[
+        str | None,
+        Parameter(
+            help="URL to AI agent session driving this operation (for auditability)."
+        ),
+    ] = None,
     reason_url: Annotated[
         str | None,
         Parameter(help="Optional URL with more context (e.g., issue link)."),
@@ -328,6 +346,7 @@ def set_version_override(
     Requires admin authentication via AIRBYTE_INTERNAL_ADMIN_FLAG and
     AIRBYTE_INTERNAL_ADMIN_USER environment variables.
     """
+    admin_user_email = os.environ.get("AIRBYTE_INTERNAL_ADMIN_USER")
     result = set_cloud_connector_version_override(
         workspace_id=workspace_id,
         actor_id=connector_id,
@@ -336,6 +355,10 @@ def set_version_override(
         unset=False,
         override_reason=reason,
         override_reason_reference_url=reason_url,
+        admin_user_email=admin_user_email,
+        issue_url=issue_url,
+        approval_comment_url=approval_comment_url,
+        ai_agent_session_url=ai_agent_session_url,
     )
     if result.success:
         print_success(result.message)
@@ -358,12 +381,27 @@ def clear_version_override(
         Literal["source", "destination"],
         Parameter(help="The type of connector."),
     ],
+    issue_url: Annotated[
+        str,
+        Parameter(help="GitHub issue URL providing context for this operation."),
+    ],
+    approval_comment_url: Annotated[
+        str,
+        Parameter(help="GitHub comment URL where admin authorized this deployment."),
+    ],
+    ai_agent_session_url: Annotated[
+        str | None,
+        Parameter(
+            help="URL to AI agent session driving this operation (for auditability)."
+        ),
+    ] = None,
 ) -> None:
     """Clear a version override from a deployed connector.
     Requires admin authentication via AIRBYTE_INTERNAL_ADMIN_FLAG and
     AIRBYTE_INTERNAL_ADMIN_USER environment variables.
     """
+    admin_user_email = os.environ.get("AIRBYTE_INTERNAL_ADMIN_USER")
     result = set_cloud_connector_version_override(
         workspace_id=workspace_id,
         actor_id=connector_id,
@@ -372,6 +410,10 @@ def clear_version_override(
         unset=True,
         override_reason=None,
         override_reason_reference_url=None,
+        admin_user_email=admin_user_email,
+        issue_url=issue_url,
+        approval_comment_url=approval_comment_url,
+        ai_agent_session_url=ai_agent_session_url,
     )
     if result.success:
         print_success(result.message)
@@ -941,6 +983,26 @@ def regression_test(
         print_success(f"Fetching config/catalog from connection: {connection_id}")
         connection_data = fetch_connection_data(connection_id)
+        # Check if we should retrieve unmasked secrets
+        if should_use_secret_retriever():
+            print_success(
+                "USE_CONNECTION_SECRET_RETRIEVER enabled - enriching config with unmasked secrets..."
+            )
+            try:
+                connection_data = enrich_config_with_secrets(
+                    connection_data,
+                    retrieval_reason="Regression test with USE_CONNECTION_SECRET_RETRIEVER=true",
+                )
+                print_success("Successfully retrieved unmasked secrets from database")
+            except Exception as e:
+                print_error(f"Failed to retrieve unmasked secrets: {e}")
+                print_error(
+                    "Proceeding with masked config from public API - tests may fail due to masked credentials. "
+                    "If you expected unmasked secrets, verify that the USE_CONNECTION_SECRET_RETRIEVER flag is enabled "
+                    f"and that the {ENV_GCP_PROD_DB_ACCESS_CREDENTIALS} environment variable is set with valid database credentials."
+                )
         config_file, catalog_file = save_connection_data_to_files(
             connection_data, output_path / "connection_data"
         )

airbyte_ops_mcp/cloud_admin/auth.py CHANGED Viewed

@@ -41,6 +41,20 @@ def check_internal_admin_flag() -> bool:
     return bool(admin_user and EXPECTED_ADMIN_EMAIL_DOMAIN in admin_user)
+def check_internal_admin_flag_only() -> bool:
+    """Check if internal admin flag is set (without requiring user email env var).
+    This is a lighter check that only validates AIRBYTE_INTERNAL_ADMIN_FLAG,
+    allowing the admin user email to be provided as a parameter instead of
+    an environment variable.
+    Returns:
+        True if AIRBYTE_INTERNAL_ADMIN_FLAG is set correctly, False otherwise
+    """
+    admin_flag = os.environ.get(ENV_AIRBYTE_INTERNAL_ADMIN_FLAG)
+    return admin_flag == EXPECTED_ADMIN_FLAG_VALUE
 def require_internal_admin() -> None:
     """Require internal admin access for the current operation.
@@ -59,6 +73,24 @@ def require_internal_admin() -> None:
         )
+def require_internal_admin_flag_only() -> None:
+    """Require internal admin flag for the current operation.
+    This is a lighter check that only validates AIRBYTE_INTERNAL_ADMIN_FLAG,
+    allowing the admin user email to be provided as a parameter instead of
+    an environment variable.
+    Raises:
+        CloudAuthError: If AIRBYTE_INTERNAL_ADMIN_FLAG is not properly configured
+    """
+    if not check_internal_admin_flag_only():
+        raise CloudAuthError(
+            "This operation requires internal admin access. "
+            f"Set {ENV_AIRBYTE_INTERNAL_ADMIN_FLAG}={EXPECTED_ADMIN_FLAG_VALUE} "
+            "environment variable."
+        )
 def get_admin_user_email() -> str:
     """Get the admin user email from environment.

airbyte_ops_mcp/constants.py CHANGED Viewed

@@ -20,6 +20,24 @@ ENV_GCP_PROD_DB_ACCESS_CREDENTIALS = "GCP_PROD_DB_ACCESS_CREDENTIALS"
 EXPECTED_ADMIN_FLAG_VALUE = "airbyte.io"
 EXPECTED_ADMIN_EMAIL_DOMAIN = "@airbyte.io"
+# =============================================================================
+# HTTP Header Names for Airbyte Cloud Authentication
+# =============================================================================
+# These headers follow the PyAirbyte convention for passing credentials
+# via HTTP when running as an MCP HTTP server.
+HEADER_AIRBYTE_CLOUD_CLIENT_ID = "X-Airbyte-Cloud-Client-Id"
+"""HTTP header for OAuth client ID."""
+HEADER_AIRBYTE_CLOUD_CLIENT_SECRET = "X-Airbyte-Cloud-Client-Secret"
+"""HTTP header for OAuth client secret."""
+HEADER_AIRBYTE_CLOUD_WORKSPACE_ID = "X-Airbyte-Cloud-Workspace-Id"
+"""HTTP header for default workspace ID."""
+HEADER_AIRBYTE_CLOUD_API_URL = "X-Airbyte-Cloud-Api-Url"
+"""HTTP header for API root URL override."""
 # =============================================================================
 # GCP and Prod DB Constants (from connection-retriever)
 # =============================================================================

airbyte_ops_mcp/github_actions.py CHANGED Viewed

@@ -9,6 +9,8 @@ are used by MCP tools but are not MCP-specific.
 from __future__ import annotations
 import os
+import shutil
+import subprocess
 import time
 from dataclasses import dataclass
 from datetime import datetime, timedelta
@@ -19,10 +21,11 @@ GITHUB_API_BASE = "https://api.github.com"
 def resolve_github_token(preferred_env_vars: list[str] | None = None) -> str:
-    """Resolve GitHub token from environment variables.
+    """Resolve GitHub token from environment variables or gh CLI.
     Checks environment variables in order of preference, returning the first
-    non-empty value found.
+    non-empty value found. If no environment variables are set, attempts to
+    get a token from the gh CLI tool using 'gh auth token'.
     Args:
         preferred_env_vars: List of environment variable names to check in order.
@@ -32,19 +35,37 @@ def resolve_github_token(preferred_env_vars: list[str] | None = None) -> str:
         GitHub token string.
     Raises:
-        ValueError: If no GitHub token is found in any of the specified env vars.
+        ValueError: If no GitHub token is found in env vars or gh CLI.
     """
     if preferred_env_vars is None:
         preferred_env_vars = ["GITHUB_CI_WORKFLOW_TRIGGER_PAT", "GITHUB_TOKEN"]
+    # Check environment variables first
     for env_var in preferred_env_vars:
         token = os.getenv(env_var)
         if token:
             return token
+    # Fall back to gh CLI if available
+    gh_path = shutil.which("gh")
+    if gh_path:
+        try:
+            result = subprocess.run(
+                [gh_path, "auth", "token"],
+                capture_output=True,
+                text=True,
+                timeout=5,
+                check=False,
+            )
+            if result.returncode == 0 and result.stdout.strip():
+                return result.stdout.strip()
+        except (subprocess.TimeoutExpired, subprocess.SubprocessError):
+            pass
     env_var_list = ", ".join(preferred_env_vars)
     raise ValueError(
-        f"No GitHub token found. Set one of: {env_var_list} environment variable."
+        f"No GitHub token found. Set one of: {env_var_list} environment variable, "
+        "or authenticate with 'gh auth login'."
     )

airbyte_ops_mcp/mcp/_http_headers.py ADDED Viewed

@@ -0,0 +1,198 @@
+# Copyright (c) 2025 Airbyte, Inc., all rights reserved.
+"""HTTP header extraction for Airbyte Cloud credentials.
+This module provides internal helper functions for extracting Airbyte Cloud
+authentication credentials from HTTP headers when running as an MCP HTTP server.
+This enables per-request credential passing from upstream services like coral-agents.
+The resolution order for credentials is:
+1. HTTP headers (when running as MCP HTTP server)
+2. Environment variables (fallback)
+Note: This module is prefixed with "_" to indicate it is internal helper logic
+for the MCP module and should not be imported directly by external code.
+"""
+from __future__ import annotations
+from airbyte.cloud.auth import (
+    resolve_cloud_api_url,
+    resolve_cloud_client_id,
+    resolve_cloud_client_secret,
+    resolve_cloud_workspace_id,
+)
+from airbyte.secrets.base import SecretString
+from fastmcp.server.dependencies import get_http_headers
+from airbyte_ops_mcp.constants import (
+    HEADER_AIRBYTE_CLOUD_API_URL,
+    HEADER_AIRBYTE_CLOUD_CLIENT_ID,
+    HEADER_AIRBYTE_CLOUD_CLIENT_SECRET,
+    HEADER_AIRBYTE_CLOUD_WORKSPACE_ID,
+)
+def _get_header_value(headers: dict[str, str], header_name: str) -> str | None:
+    """Get a header value from a headers dict, case-insensitively.
+    Args:
+        headers: Dictionary of HTTP headers.
+        header_name: The header name to look for (case-insensitive).
+    Returns:
+        The header value if found, None otherwise.
+    """
+    header_name_lower = header_name.lower()
+    for key, value in headers.items():
+        if key.lower() == header_name_lower:
+            return value
+    return None
+def get_client_id_from_headers() -> SecretString | None:
+    """Extract client ID from HTTP headers.
+    Returns:
+        The client ID as a SecretString, or None if not found or not in HTTP context.
+    """
+    headers = get_http_headers()
+    if not headers:
+        return None
+    value = _get_header_value(headers, HEADER_AIRBYTE_CLOUD_CLIENT_ID)
+    if value:
+        return SecretString(value)
+    return None
+def get_client_secret_from_headers() -> SecretString | None:
+    """Extract client secret from HTTP headers.
+    Returns:
+        The client secret as a SecretString, or None if not found or not in HTTP context.
+    """
+    headers = get_http_headers()
+    if not headers:
+        return None
+    value = _get_header_value(headers, HEADER_AIRBYTE_CLOUD_CLIENT_SECRET)
+    if value:
+        return SecretString(value)
+    return None
+def get_workspace_id_from_headers() -> str | None:
+    """Extract workspace ID from HTTP headers.
+    Returns:
+        The workspace ID, or None if not found or not in HTTP context.
+    """
+    headers = get_http_headers()
+    if not headers:
+        return None
+    return _get_header_value(headers, HEADER_AIRBYTE_CLOUD_WORKSPACE_ID)
+def get_api_url_from_headers() -> str | None:
+    """Extract API URL from HTTP headers.
+    Returns:
+        The API URL, or None if not found or not in HTTP context.
+    """
+    headers = get_http_headers()
+    if not headers:
+        return None
+    return _get_header_value(headers, HEADER_AIRBYTE_CLOUD_API_URL)
+def resolve_client_id() -> SecretString:
+    """Resolve client ID from HTTP headers or environment variables.
+    Resolution order:
+    1. HTTP header X-Airbyte-Cloud-Client-Id
+    2. Environment variable AIRBYTE_CLOUD_CLIENT_ID (via PyAirbyte)
+    Returns:
+        The resolved client ID as a SecretString.
+    Raises:
+        PyAirbyteSecretNotFoundError: If no client ID can be resolved.
+    """
+    header_value = get_client_id_from_headers()
+    if header_value:
+        return header_value
+    return resolve_cloud_client_id()
+def resolve_client_secret() -> SecretString:
+    """Resolve client secret from HTTP headers or environment variables.
+    Resolution order:
+    1. HTTP header X-Airbyte-Cloud-Client-Secret
+    2. Environment variable AIRBYTE_CLOUD_CLIENT_SECRET (via PyAirbyte)
+    Returns:
+        The resolved client secret as a SecretString.
+    Raises:
+        PyAirbyteSecretNotFoundError: If no client secret can be resolved.
+    """
+    header_value = get_client_secret_from_headers()
+    if header_value:
+        return header_value
+    return resolve_cloud_client_secret()
+def resolve_workspace_id(workspace_id: str | None = None) -> str:
+    """Resolve workspace ID from multiple sources.
+    Resolution order:
+    1. Explicit workspace_id parameter (if provided)
+    2. HTTP header X-Airbyte-Cloud-Workspace-Id
+    3. Environment variable AIRBYTE_CLOUD_WORKSPACE_ID (via PyAirbyte)
+    Args:
+        workspace_id: Optional explicit workspace ID.
+    Returns:
+        The resolved workspace ID.
+    Raises:
+        PyAirbyteSecretNotFoundError: If no workspace ID can be resolved.
+    """
+    if workspace_id is not None:
+        return workspace_id
+    header_value = get_workspace_id_from_headers()
+    if header_value:
+        return header_value
+    return resolve_cloud_workspace_id()
+def resolve_api_url(api_url: str | None = None) -> str:
+    """Resolve API URL from multiple sources.
+    Resolution order:
+    1. Explicit api_url parameter (if provided)
+    2. HTTP header X-Airbyte-Cloud-Api-Url
+    3. Environment variable / default (via PyAirbyte)
+    Args:
+        api_url: Optional explicit API URL.
+    Returns:
+        The resolved API URL.
+    """
+    if api_url is not None:
+        return api_url
+    header_value = get_api_url_from_headers()
+    if header_value:
+        return header_value
+    return resolve_cloud_api_url()

airbyte_ops_mcp/mcp/cloud_connector_versions.py CHANGED Viewed

@@ -15,10 +15,6 @@ from typing import Annotated, Literal
 from airbyte import constants
 from airbyte.cloud import CloudWorkspace
-from airbyte.cloud.auth import (
-    resolve_cloud_client_id,
-    resolve_cloud_client_secret,
-)
 from airbyte.exceptions import PyAirbyteInputError
 from fastmcp import FastMCP
 from pydantic import Field
@@ -26,19 +22,26 @@ from pydantic import Field
 from airbyte_ops_mcp.cloud_admin import api_client
 from airbyte_ops_mcp.cloud_admin.auth import (
     CloudAuthError,
-    get_admin_user_email,
-    require_internal_admin,
+    require_internal_admin_flag_only,
 )
 from airbyte_ops_mcp.cloud_admin.models import (
     ConnectorVersionInfo,
     VersionOverrideOperationResult,
 )
+from airbyte_ops_mcp.mcp._http_headers import (
+    resolve_client_id,
+    resolve_client_secret,
+)
 from airbyte_ops_mcp.mcp._mcp_utils import mcp_tool, register_mcp_tools
 def _get_workspace(workspace_id: str) -> CloudWorkspace:
     """Get a CloudWorkspace instance for the specified workspace.
+    Credentials are resolved in priority order:
+    1. HTTP headers (X-Airbyte-Cloud-Client-Id, X-Airbyte-Cloud-Client-Secret)
+    2. Environment variables (AIRBYTE_CLOUD_CLIENT_ID, AIRBYTE_CLOUD_CLIENT_SECRET)
     Args:
         workspace_id: The Airbyte Cloud workspace ID (required).
@@ -46,19 +49,21 @@ def _get_workspace(workspace_id: str) -> CloudWorkspace:
         CloudWorkspace instance configured for the specified workspace.
     Raises:
-        CloudAuthError: If required environment variables are not set.
+        CloudAuthError: If credentials cannot be resolved from headers or env vars.
     """
     try:
         return CloudWorkspace(
             workspace_id=workspace_id,
-            client_id=resolve_cloud_client_id(),
-            client_secret=resolve_cloud_client_secret(),
+            client_id=resolve_client_id(),
+            client_secret=resolve_client_secret(),
             api_root=constants.CLOUD_API_ROOT,  # Used for workspace operations
         )
     except Exception as e:
         raise CloudAuthError(
-            f"Failed to initialize CloudWorkspace. Ensure AIRBYTE_CLIENT_ID "
-            f"and AIRBYTE_CLIENT_SECRET are set. Error: {e}"
+            f"Failed to initialize CloudWorkspace. Ensure credentials are provided "
+            f"via HTTP headers (X-Airbyte-Cloud-Client-Id, X-Airbyte-Cloud-Client-Secret) "
+            f"or environment variables (AIRBYTE_CLOUD_CLIENT_ID, AIRBYTE_CLOUD_CLIENT_SECRET). "
+            f"Error: {e}"
         ) from e
@@ -85,8 +90,9 @@ def get_cloud_connector_version(
     Returns version details including the current version string and whether
     an override (pin) is applied.
-    The `AIRBYTE_CLIENT_ID`, `AIRBYTE_CLIENT_SECRET`, and `AIRBYTE_API_ROOT`
-    environment variables will be used to authenticate with the Airbyte Cloud API.
+    Authentication credentials are resolved in priority order:
+    1. HTTP headers: X-Airbyte-Cloud-Client-Id, X-Airbyte-Cloud-Client-Secret
+    2. Environment variables: AIRBYTE_CLOUD_CLIENT_ID, AIRBYTE_CLOUD_CLIENT_SECRET
     """
     try:
         workspace = _get_workspace(workspace_id)
@@ -163,11 +169,47 @@ def set_cloud_connector_version_override(
             default=None,
         ),
     ],
+    admin_user_email: Annotated[
+        str | None,
+        Field(
+            description="Email of the admin user authorizing this operation. "
+            "Must be an @airbyte.io email address. Required for authorization.",
+            default=None,
+        ),
+    ],
+    issue_url: Annotated[
+        str | None,
+        Field(
+            description="URL to the GitHub issue providing context for this operation. "
+            "Must be a valid GitHub URL (https://github.com/...). Required for authorization.",
+            default=None,
+        ),
+    ],
+    approval_comment_url: Annotated[
+        str | None,
+        Field(
+            description="URL to a GitHub comment where the admin has explicitly "
+            "requested or authorized this deployment. Must be a valid GitHub comment URL. "
+            "Required for authorization.",
+            default=None,
+        ),
+    ],
+    ai_agent_session_url: Annotated[
+        str | None,
+        Field(
+            description="URL to the AI agent session driving this operation, if applicable. "
+            "Provides additional auditability for AI-driven operations.",
+            default=None,
+        ),
+    ],
 ) -> VersionOverrideOperationResult:
     """Set or clear a version override for a deployed connector.
-    **Admin-only operation** - Requires AIRBYTE_INTERNAL_ADMIN_FLAG=airbyte.io
-    and AIRBYTE_INTERNAL_ADMIN_USER environment variables.
+    **Admin-only operation** - Requires:
+    - AIRBYTE_INTERNAL_ADMIN_FLAG=airbyte.io environment variable
+    - admin_user_email parameter (must be @airbyte.io email)
+    - issue_url parameter (GitHub issue URL for context)
+    - approval_comment_url parameter (GitHub comment URL with approval)
     You must specify EXACTLY ONE of `version` OR `unset=True`, but not both.
     When setting a version, `override_reason` is required.
@@ -177,13 +219,13 @@ def set_cloud_connector_version_override(
     - Production versions: Require strong justification mentioning customer/support/investigation
     - Release candidates (-rc): Any admin can pin/unpin RC versions
-    The `AIRBYTE_CLIENT_ID`, `AIRBYTE_CLIENT_SECRET`, and `AIRBYTE_API_ROOT`
-    environment variables will be used to authenticate with the Airbyte Cloud API.
+    Authentication credentials are resolved in priority order:
+    1. HTTP headers: X-Airbyte-Cloud-Client-Id, X-Airbyte-Cloud-Client-Secret
+    2. Environment variables: AIRBYTE_CLOUD_CLIENT_ID, AIRBYTE_CLOUD_CLIENT_SECRET
     """
-    # Validate admin access
+    # Validate admin access (check env var flag)
     try:
-        require_internal_admin()
-        user_email = get_admin_user_email()
+        require_internal_admin_flag_only()
     except CloudAuthError as e:
         return VersionOverrideOperationResult(
             success=False,
@@ -192,6 +234,60 @@ def set_cloud_connector_version_override(
             connector_type=actor_type,
         )
+    # Validate new authorization parameters
+    validation_errors: list[str] = []
+    if not admin_user_email:
+        validation_errors.append("admin_user_email is required for authorization")
+    elif "@airbyte.io" not in admin_user_email:
+        validation_errors.append(
+            f"admin_user_email must be an @airbyte.io email address, got: {admin_user_email}"
+        )
+    if not issue_url:
+        validation_errors.append(
+            "issue_url is required for authorization (GitHub issue URL)"
+        )
+    elif not issue_url.startswith("https://github.com/"):
+        validation_errors.append(
+            f"issue_url must be a valid GitHub URL (https://github.com/...), got: {issue_url}"
+        )
+    if not approval_comment_url:
+        validation_errors.append(
+            "approval_comment_url is required for authorization (GitHub comment URL)"
+        )
+    elif not approval_comment_url.startswith("https://github.com/"):
+        validation_errors.append(
+            f"approval_comment_url must be a valid GitHub URL, got: {approval_comment_url}"
+        )
+    elif (
+        "#issuecomment-" not in approval_comment_url
+        and "#discussion_r" not in approval_comment_url
+    ):
+        validation_errors.append(
+            "approval_comment_url must be a GitHub comment URL "
+            "(containing #issuecomment- or #discussion_r)"
+        )
+    if validation_errors:
+        return VersionOverrideOperationResult(
+            success=False,
+            message="Authorization validation failed: " + "; ".join(validation_errors),
+            connector_id=actor_id,
+            connector_type=actor_type,
+        )
+    # Build enhanced override reason with audit fields (only for 'set' operations)
+    enhanced_override_reason = override_reason
+    if not unset and override_reason:
+        audit_parts = [override_reason]
+        audit_parts.append(f"Issue: {issue_url}")
+        audit_parts.append(f"Approval: {approval_comment_url}")
+        if ai_agent_session_url:
+            audit_parts.append(f"AI Session: {ai_agent_session_url}")
+        enhanced_override_reason = " | ".join(audit_parts)
     # Get workspace and current version info
     try:
         workspace = _get_workspace(workspace_id)
@@ -233,9 +329,9 @@ def set_cloud_connector_version_override(
             workspace_id=workspace_id,
             version=version,
             unset=unset,
-            override_reason=override_reason,
+            override_reason=enhanced_override_reason,
             override_reason_reference_url=override_reason_reference_url,
-            user_email=user_email,
+            user_email=admin_user_email,
         )
         # Get updated version info after the operation

airbyte_ops_mcp/mcp/live_tests.py CHANGED Viewed

@@ -296,11 +296,11 @@ def run_live_connection_tests(
         "For live tests, this builds the test image. For regression tests, this builds "
         "the target image while control is auto-detected from the connection.",
     ] = None,
-    airbyte_ref: Annotated[
-        str | None,
-        "Git ref or PR number to checkout from the airbyte monorepo "
-        "(e.g., 'master', '70847', 'refs/pull/70847/head'). "
-        "Only used when connector_name is provided. Defaults to 'master' if not specified.",
+    pr: Annotated[
+        int | None,
+        "PR number from the airbyte monorepo to checkout and build from "
+        "(e.g., 70847). Only used when connector_name is provided. "
+        "If not specified, builds from the default branch (master).",
     ] = None,
 ) -> RunLiveConnectionTestsResponse:
     """Start a live connection test run via GitHub Actions workflow.
@@ -374,6 +374,8 @@ def run_live_connection_tests(
             workflow_inputs["connector_image"] = connector_image
         if connector_name:
             workflow_inputs["connector_name"] = connector_name
+            if pr:
+                workflow_inputs["pr"] = str(pr)
         try:
             dispatch_result = trigger_workflow_dispatch(
@@ -427,8 +429,8 @@ def run_live_connection_tests(
         workflow_inputs["control_image"] = control_image
     if connector_name:
         workflow_inputs["connector_name"] = connector_name
-        if airbyte_ref:
-            workflow_inputs["airbyte_ref"] = airbyte_ref
+        if pr:
+            workflow_inputs["pr"] = str(pr)
     try:
         dispatch_result = trigger_workflow_dispatch(

airbyte_ops_mcp/mcp/prod_db_queries.py CHANGED Viewed

@@ -20,7 +20,7 @@ from airbyte_ops_mcp.prod_db_access.queries import (
     query_connections_by_connector,
     query_connector_versions,
     query_dataplanes_list,
-    query_failed_sync_attempts_for_version,
+    query_failed_sync_attempts_for_connector,
     query_new_connector_releases,
     query_sync_results_for_version,
     query_workspace_info,
@@ -249,12 +249,41 @@ def query_prod_connector_version_sync_results(
 @mcp_tool(
     read_only=True,
     idempotent=True,
+    open_world=True,
 )
-def query_prod_failed_sync_attempts_for_version(
-    connector_version_id: Annotated[
-        str,
-        Field(description="Connector version UUID to find failed sync attempts for"),
-    ],
+def query_prod_failed_sync_attempts_for_connector(
+    source_definition_id: Annotated[
+        str | None,
+        Field(
+            description=(
+                "Source connector definition ID (UUID) to search for. "
+                "Exactly one of this or source_canonical_name is required. "
+                "Example: 'afa734e4-3571-11ec-991a-1e0031268139' for YouTube Analytics."
+            ),
+            default=None,
+        ),
+    ] = None,
+    source_canonical_name: Annotated[
+        str | None,
+        Field(
+            description=(
+                "Canonical source connector name to search for. "
+                "Exactly one of this or source_definition_id is required. "
+                "Examples: 'source-youtube-analytics', 'YouTube Analytics'."
+            ),
+            default=None,
+        ),
+    ] = None,
+    organization_id: Annotated[
+        str | None,
+        Field(
+            description=(
+                "Optional organization ID (UUID) to filter results. "
+                "If provided, only failed attempts from this organization will be returned."
+            ),
+            default=None,
+        ),
+    ] = None,
     days: Annotated[
         int,
         Field(description="Number of days to look back (default: 7)", default=7),
@@ -264,29 +293,43 @@ def query_prod_failed_sync_attempts_for_version(
         Field(description="Maximum number of results (default: 100)", default=100),
     ] = 100,
 ) -> list[dict[str, Any]]:
-    """List failed sync attempts with failure details for actors pinned to a connector version.
+    """List failed sync attempts for ALL actors using a source connector type.
-    Returns failed attempt records for connections using actors pinned to the specified
-    version. Includes failure_summary from the attempts table for debugging.
+    This tool finds all actors with the given connector definition and returns their
+    failed sync attempts, regardless of whether they have explicit version pins.
-    Key fields:
-    - latest_job_attempt_status: Final job status after all retries ('succeeded' means
-      the job eventually succeeded despite this failed attempt)
-    - failed_attempt_number: Which attempt this was (0-indexed)
-    - failure_summary: JSON containing failure details including failureType and messages
+    This is useful for investigating connector issues across all users. Use this when
+    you want to find failures for a connector type regardless of which version users
+    are on.
-    Note: May return multiple rows per job (one per failed attempt). Results ordered by
-    job_updated_at DESC, then failed_attempt_number DESC.
+    Note: This tool only supports SOURCE connectors. For destination connectors,
+    a separate tool would be needed.
-    Returns list of dicts with keys: job_id, connection_id, latest_job_attempt_status,
-    job_started_at, job_updated_at, connection_name, actor_id, actor_name,
-    actor_definition_id, pin_origin_type, pin_origin, workspace_id, workspace_name,
-    organization_id, dataplane_group_id, dataplane_name, failed_attempt_id,
-    failed_attempt_number, failed_attempt_status, failed_attempt_created_at,
-    failed_attempt_ended_at, failure_summary, processing_task_queue
+    Key fields in results:
+    - failure_summary: JSON containing failure details including failureType and messages
+    - pin_origin_type, pin_origin, pinned_version_id: Version pin context (NULL if not pinned)
     """
-    return query_failed_sync_attempts_for_version(
-        connector_version_id,
+    # Validate that exactly one of the two parameters is provided
+    if (source_definition_id is None) == (source_canonical_name is None):
+        raise PyAirbyteInputError(
+            message=(
+                "Exactly one of source_definition_id or source_canonical_name "
+                "must be provided, but not both."
+            ),
+        )
+    # Resolve canonical name to definition ID if needed
+    resolved_definition_id: str
+    if source_canonical_name:
+        resolved_definition_id = _resolve_canonical_name_to_definition_id(
+            canonical_name=source_canonical_name,
+        )
+    else:
+        resolved_definition_id = source_definition_id  # type: ignore[assignment]
+    return query_failed_sync_attempts_for_connector(
+        connector_definition_id=resolved_definition_id,
+        organization_id=organization_id,
         days=days,
         limit=limit,
     )

airbyte_ops_mcp/mcp/server.py CHANGED Viewed

@@ -2,9 +2,18 @@
 """Airbyte Admin MCP server implementation.
 This module provides the main MCP server for Airbyte admin operations.
+The server can run in two modes:
+- **stdio mode** (default): For direct MCP client connections via stdin/stdout
+- **HTTP mode**: For HTTP-based MCP connections, useful for containerized deployments
+Environment Variables:
+    MCP_HTTP_HOST: Host to bind HTTP server to (default: 127.0.0.1)
+    MCP_HTTP_PORT: Port for HTTP server (default: 8082)
 """
 import asyncio
+import os
 import sys
 from pathlib import Path
@@ -23,6 +32,10 @@ from airbyte_ops_mcp.mcp.prod_db_queries import register_prod_db_query_tools
 from airbyte_ops_mcp.mcp.prompts import register_prompts
 from airbyte_ops_mcp.mcp.server_info import register_server_info_resources
+# Default HTTP server configuration
+DEFAULT_HTTP_HOST = "127.0.0.1"
+DEFAULT_HTTP_PORT = 8082
 app: FastMCP = FastMCP(MCP_SERVER_NAME)
@@ -56,27 +69,87 @@ def register_server_assets(app: FastMCP) -> None:
 register_server_assets(app)
-def main() -> None:
-    """Main entry point for the Airbyte Admin MCP server."""
-    # Load environment variables from .env file in current working directory
+def _load_env() -> None:
+    """Load environment variables from .env file if present."""
     env_file = Path.cwd() / ".env"
     if env_file.exists():
         load_dotenv(env_file)
         print(f"Loaded environment from: {env_file}", flush=True, file=sys.stderr)
+def main() -> None:
+    """Main entry point for the Airbyte Admin MCP server (stdio mode).
+    This is the default entry point that runs the server in stdio mode,
+    suitable for direct MCP client connections.
+    """
+    _load_env()
     print("=" * 60, flush=True, file=sys.stderr)
-    print("Starting Airbyte Admin MCP server.", file=sys.stderr)
+    print("Starting Airbyte Admin MCP server (stdio mode).", file=sys.stderr)
     try:
         asyncio.run(app.run_stdio_async(show_banner=False))
     except KeyboardInterrupt:
         print("Airbyte Admin MCP server interrupted by user.", file=sys.stderr)
-    except Exception as ex:
-        print(f"Error running Airbyte Admin MCP server: {ex}", file=sys.stderr)
-        sys.exit(1)
     print("Airbyte Admin MCP server stopped.", file=sys.stderr)
     print("=" * 60, flush=True, file=sys.stderr)
-    sys.exit(0)
+def _parse_port(port_str: str | None, default: int) -> int:
+    """Parse and validate a port number from string.
+    Args:
+        port_str: Port string from environment variable, or None if not set
+        default: Default port to use if port_str is None
+    Returns:
+        Validated port number
+    Raises:
+        ValueError: If port_str is not a valid integer or out of range
+    """
+    if port_str is None:
+        return default
+    port_str = port_str.strip()
+    if not port_str.isdecimal():
+        raise ValueError(f"MCP_HTTP_PORT must be a valid integer, got: {port_str!r}")
+    port = int(port_str)
+    if not 1 <= port <= 65535:
+        raise ValueError(f"MCP_HTTP_PORT must be between 1 and 65535, got: {port}")
+    return port
+def main_http() -> None:
+    """HTTP entry point for the Airbyte Admin MCP server.
+    This entry point runs the server in HTTP mode, suitable for containerized
+    deployments where the server needs to be accessible over HTTP.
+    Environment Variables:
+        MCP_HTTP_HOST: Host to bind to (default: 127.0.0.1)
+        MCP_HTTP_PORT: Port to listen on (default: 8082)
+    """
+    _load_env()
+    host = os.getenv("MCP_HTTP_HOST", DEFAULT_HTTP_HOST)
+    port = _parse_port(os.getenv("MCP_HTTP_PORT"), DEFAULT_HTTP_PORT)
+    print("=" * 60, flush=True, file=sys.stderr)
+    print(
+        f"Starting Airbyte Admin MCP server (HTTP mode) on {host}:{port}",
+        file=sys.stderr,
+    )
+    try:
+        app.run(transport="http", host=host, port=port)
+    except KeyboardInterrupt:
+        print("Airbyte Admin MCP server interrupted by user.", file=sys.stderr)
+    print("Airbyte Admin MCP server stopped.", file=sys.stderr)
+    print("=" * 60, flush=True, file=sys.stderr)
 if __name__ == "__main__":

airbyte_ops_mcp/prod_db_access/db_engine.py CHANGED Viewed

@@ -52,6 +52,7 @@ def _is_tailscale_connected() -> bool:
     Detection methods:
     1. Check for tailscale0 network interface (Linux)
     2. Run 'tailscale status --json' and check backend state (cross-platform)
+    3. Check macOS-specific Tailscale.app location if tailscale not in PATH
     """
     # Method 1: Check for tailscale0 interface (Linux)
     try:
@@ -63,6 +64,13 @@ def _is_tailscale_connected() -> bool:
     # Method 2: Check tailscale CLI status
     tailscale_path = shutil.which("tailscale")
+    # Method 3: On macOS, check the standard Tailscale.app location if not in PATH
+    if not tailscale_path and os.path.exists(
+        "/Applications/Tailscale.app/Contents/MacOS/Tailscale"
+    ):
+        tailscale_path = "/Applications/Tailscale.app/Contents/MacOS/Tailscale"
     if tailscale_path:
         try:
             result = subprocess.run(

airbyte_ops_mcp/prod_db_access/queries.py CHANGED Viewed

@@ -24,7 +24,7 @@ from airbyte_ops_mcp.prod_db_access.sql import (
     SELECT_CONNECTIONS_BY_CONNECTOR_AND_ORG,
     SELECT_CONNECTOR_VERSIONS,
     SELECT_DATAPLANES_LIST,
-    SELECT_FAILED_SYNC_ATTEMPTS_FOR_VERSION,
+    SELECT_FAILED_SYNC_ATTEMPTS_FOR_CONNECTOR,
     SELECT_NEW_CONNECTOR_RELEASES,
     SELECT_ORG_WORKSPACES,
     SELECT_SUCCESSFUL_SYNCS_FOR_VERSION,
@@ -225,43 +225,55 @@ def query_sync_results_for_version(
     )
-def query_failed_sync_attempts_for_version(
-    connector_version_id: str,
+def query_failed_sync_attempts_for_connector(
+    connector_definition_id: str,
+    organization_id: str | None = None,
     days: int = 7,
     limit: int = 100,
     *,
     gsm_client: secretmanager.SecretManagerServiceClient | None = None,
 ) -> list[dict[str, Any]]:
-    """Query failed sync job results with attempt details for actors pinned to a version.
+    """Query failed sync attempts for ALL actors using a connector definition.
-    This query joins to the attempts table to include failure_summary and other
-    attempt-level details useful for debugging. Date filters are applied to both
-    jobs and attempts tables to optimize join performance.
+    Finds all actors with the given actor_definition_id and returns their failed
+    sync attempts, regardless of whether they have explicit version pins.
-    Note: This may return multiple rows per job (one per attempt). Results are
-    ordered by job_updated_at DESC, then attempt_number DESC.
+    This is useful for investigating connector issues across all users.
+    Note: This query only supports SOURCE connectors (joins via connection.source_id).
+    For destination connectors, a separate query would be needed.
     Args:
-        connector_version_id: Connector version UUID to filter by
+        connector_definition_id: Connector definition UUID to filter by
+        organization_id: Optional organization UUID to filter results by (post-query filter)
         days: Number of days to look back (default: 7)
         limit: Maximum number of results (default: 100)
         gsm_client: GCP Secret Manager client. If None, a new client will be instantiated.
     Returns:
-        List of failed sync job results with attempt details including failure_summary
+        List of failed sync attempt records with failure_summary and workspace info
     """
     cutoff_date = datetime.now(timezone.utc) - timedelta(days=days)
-    return _run_sql_query(
-        SELECT_FAILED_SYNC_ATTEMPTS_FOR_VERSION,
+    results = _run_sql_query(
+        SELECT_FAILED_SYNC_ATTEMPTS_FOR_CONNECTOR,
         parameters={
-            "actor_definition_version_id": connector_version_id,
+            "connector_definition_id": connector_definition_id,
             "cutoff_date": cutoff_date,
             "limit": limit,
         },
-        query_name="SELECT_FAILED_SYNC_ATTEMPTS_FOR_VERSION",
+        query_name="SELECT_FAILED_SYNC_ATTEMPTS_FOR_CONNECTOR",
         gsm_client=gsm_client,
     )
+    # Post-query filter by organization_id if provided
+    if organization_id is not None:
+        results = [
+            r for r in results if str(r.get("organization_id")) == organization_id
+        ]
+    return results
 def query_dataplanes_list(
     *,

airbyte_ops_mcp/prod_db_access/sql.py CHANGED Viewed

@@ -305,32 +305,33 @@ SELECT_SUCCESSFUL_SYNCS_FOR_VERSION = sqlalchemy.text(
     """
 )
-# Get failed attempt results for actors pinned to a specific connector definition VERSION ID
-# Includes attempt details (failure_summary, etc.) for research/debugging
-# Filters on attempts.status = 'failed' to capture all failed attempts, including those
-# from jobs that eventually succeeded via retry. The latest_job_attempt_status field
-# indicates whether the job eventually succeeded or remained failed.
-# Query starts from attempts table to leverage indexed columns (ended_at, status)
-# Note: attempts.ended_at and attempts.status are indexed (btree)
-SELECT_FAILED_SYNC_ATTEMPTS_FOR_VERSION = sqlalchemy.text(
+# Get failed attempt results for ALL actors using a connector definition.
+# Finds all actors with the given actor_definition_id and returns their failed sync attempts,
+# regardless of whether they have explicit version pins.
+# Query starts from attempts table to leverage indexed columns (ended_at, status).
+# Note: This query only supports SOURCE connectors (joins via connection.source_id).
+# The LEFT JOIN to scoped_configuration provides pin context when available (pin_origin_type,
+# pin_origin, pinned_version_id will be NULL for unpinned actors).
+SELECT_FAILED_SYNC_ATTEMPTS_FOR_CONNECTOR = sqlalchemy.text(
     """
     SELECT
          jobs.id AS job_id,
          jobs.scope AS connection_id,
-         jobs.status AS latest_job_attempt_status,
+         jobs.status AS latest_job_status,
          jobs.started_at AS job_started_at,
          jobs.updated_at AS job_updated_at,
          connection.name AS connection_name,
          actor.id AS actor_id,
          actor.name AS actor_name,
          actor.actor_definition_id,
-         scoped_configuration.origin_type AS pin_origin_type,
-         scoped_configuration.origin AS pin_origin,
          workspace.id AS workspace_id,
          workspace.name AS workspace_name,
          workspace.organization_id,
          workspace.dataplane_group_id,
          dataplane_group.name AS dataplane_name,
+         scoped_configuration.origin_type AS pin_origin_type,
+         scoped_configuration.origin AS pin_origin,
+         scoped_configuration.value AS pinned_version_id,
          attempts.id AS failed_attempt_id,
          attempts.attempt_number AS failed_attempt_number,
          attempts.status AS failed_attempt_status,
@@ -347,15 +348,15 @@ SELECT_FAILED_SYNC_ATTEMPTS_FOR_VERSION = sqlalchemy.text(
       ON jobs.scope = connection.id::text
     JOIN actor
       ON connection.source_id = actor.id
-    JOIN scoped_configuration
-      ON scoped_configuration.scope_id = actor.id
-     AND scoped_configuration.key = 'connector_version'
-     AND scoped_configuration.scope_type = 'actor'
-     AND scoped_configuration.value = :actor_definition_version_id
+     AND actor.actor_definition_id = :connector_definition_id
     JOIN workspace
       ON actor.workspace_id = workspace.id
     LEFT JOIN dataplane_group
       ON workspace.dataplane_group_id = dataplane_group.id
+    LEFT JOIN scoped_configuration
+      ON scoped_configuration.scope_id = actor.id
+     AND scoped_configuration.key = 'connector_version'
+     AND scoped_configuration.scope_type = 'actor'
     WHERE
          attempts.ended_at >= :cutoff_date
      AND attempts.status = 'failed'

{airbyte_internal_ops-0.1.11.dist-info → airbyte_internal_ops-0.2.0.dist-info}/WHEEL RENAMED Viewed

File without changes

airbyte-internal-ops 0.1.11__py3-none-any.whl → 0.2.0__py3-none-any.whl

airbyte-internal-ops 0.1.11py3-none-any.whl → 0.2.0py3-none-any.whl