airbyte-internal-ops 0.2.2__py3-none-any.whl → 0.2.4__py3-none-any.whl

{airbyte_internal_ops-0.2.2.dist-info → airbyte_internal_ops-0.2.4.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: airbyte-internal-ops
-Version: 0.2.2
+Version: 0.2.4
 Summary: MCP and API interfaces that let the agents do the admin work
 Author-email: Aaron Steers <aj@airbyte.io>
 Keywords: admin,airbyte,api,mcp

{airbyte_internal_ops-0.2.2.dist-info → airbyte_internal_ops-0.2.4.dist-info}/RECORD

@@ -2,7 +2,8 @@ airbyte_ops_mcp/__init__.py,sha256=tuzdlMkfnWBnsri5KGHM2M_xuNnzFk2u_aR79mmN7Yg,7
 airbyte_ops_mcp/_annotations.py,sha256=MO-SBDnbykxxHDESG7d8rviZZ4WlZgJKv0a8eBqcEzQ,1757
 airbyte_ops_mcp/constants.py,sha256=GeZ2_WWluMSrGkyqGvqUVFCy-5PD-lyzZbQ7eO-vyUo,5192
 airbyte_ops_mcp/gcp_auth.py,sha256=5k-k145ZoYhHLjyDES8nrA8f8BBihRI0ykrdD1IcfOs,3599
-airbyte_ops_mcp/github_actions.py,sha256=hcwwew98r0yetWsM7Qmdar3ATLBJQGIn3fJfJ_n59So,8599
+airbyte_ops_mcp/github_actions.py,sha256=wKnuIVmF4u1gMYNdSoryD_PUmvMz5SaHgOvbU0dsolA,9957
+airbyte_ops_mcp/github_api.py,sha256=uupbYKAkm7yLHK_1cDXYKl1bOYhUygZhG5IHspS7duE,8104
 airbyte_ops_mcp/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 airbyte_ops_mcp/_legacy/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 airbyte_ops_mcp/_legacy/airbyte_ci/README.md,sha256=qEYx4geDR8AEDjrcA303h7Nol-CMDLojxUyiGzQprM8,236
@@ -354,7 +355,7 @@ airbyte_ops_mcp/cli/_shared.py,sha256=jg-xMyGzTCGPqKd8VTfE_3kGPIyO_3Kx5sQbG4rPc0
 airbyte_ops_mcp/cli/app.py,sha256=SEdBpqFUG2O8zGV5ifwptxrLGFph_dLr66-MX9d69gQ,789
 airbyte_ops_mcp/cli/cloud.py,sha256=JJusGl67ca41rvoS8BPl5Kmb7Kyu7iMH-tvbaJsKsPs,41359
 airbyte_ops_mcp/cli/gh.py,sha256=91b1AxFXvHQCFyXhrrym-756ZjnMCqvxFdmwCtma1zI,2046
-airbyte_ops_mcp/cli/registry.py,sha256=-yiLJWSslV_qGi6ImXZYfXOJSE4oJBO7yICkyA_RiUo,5792
+airbyte_ops_mcp/cli/registry.py,sha256=tcf_CDiUVJpSdBRNqlEL3zFKMqK53AhFpJjAETM4gLs,9781
 airbyte_ops_mcp/cli/repo.py,sha256=G1hoQpH0XYhUH3FFOsia9xabGB0LP9o3XcwBuqvFVo0,16331
 airbyte_ops_mcp/cloud_admin/__init__.py,sha256=cqE96Q10Kp6elhH9DAi6TVsIwSUy3sooDLLrxTaktGk,816
 airbyte_ops_mcp/cloud_admin/api_client.py,sha256=tx1kwGIKMPesibflQkFOlbNp0t0CfJD4Ab097ngsjHA,19126
@@ -369,13 +370,13 @@ airbyte_ops_mcp/mcp/__init__.py,sha256=QqkNkxzdXlg-W03urBAQ3zmtOKFPf35rXgO9ceUjp
 airbyte_ops_mcp/mcp/_guidance.py,sha256=48tQSnDnxqXtyGJxxgjz0ZiI814o_7Fj7f6R8jpQ7so,2375
 airbyte_ops_mcp/mcp/_http_headers.py,sha256=9TAH2RYhFR3z2JugW4Q3WrrqJIdaCzAbyA1GhtQ_EMM,7278
 airbyte_ops_mcp/mcp/_mcp_utils.py,sha256=WNwcGzF7XGKZNAYRt0Uhj5BkRfmwqnFABCrk77OZjRw,11512
-airbyte_ops_mcp/mcp/cloud_connector_versions.py,sha256=1ppgqRo6GU_KltSLzTZluPiPlAK74gMygCJJue7bezs,14751
+airbyte_ops_mcp/mcp/cloud_connector_versions.py,sha256=sSMTMk1_2zqD-fr5EENZ1FgbBT6mpNHBrRJuk0jm_iI,15391
 airbyte_ops_mcp/mcp/connector_analysis.py,sha256=OC4KrOSkMkKPkOisWnSv96BDDE5TQYHq-Jxa2vtjJpo,298
 airbyte_ops_mcp/mcp/connector_qa.py,sha256=aImpqdnqBPDrz10BS0owsV4kuIU2XdalzgbaGZsbOL0,258
 airbyte_ops_mcp/mcp/github.py,sha256=h3M3VJrq09y_F9ueQVCq3bUbVBNFuTNKprHtGU_ttio,8045
 airbyte_ops_mcp/mcp/github_repo_ops.py,sha256=PiERpt8abo20Gz4CfXhrDNlVM4o4FOt5sweZJND2a0s,5314
 airbyte_ops_mcp/mcp/metadata.py,sha256=fwGW97WknR5lfKcQnFtK6dU87aA6TmLj1NkKyqDAV9g,270
-airbyte_ops_mcp/mcp/prerelease.py,sha256=6G4zMo0KeCIYJPEIryHKHoZUiBHQMagPJU-uw-IzK94,8939
+airbyte_ops_mcp/mcp/prerelease.py,sha256=nc6VU03ADVHWM3OjGKxbS5XqY4VoyRyrZNU_fyAtaOI,10465
 airbyte_ops_mcp/mcp/prod_db_queries.py,sha256=FfGoq3aEj6ZUT4ysBIs1w7LzzwBeRXTaRvPGEx62RzI,25474
 airbyte_ops_mcp/mcp/prompts.py,sha256=mJld9mdPECXYZffWXGSvNs4Xevx3rxqUGNlzGKVC2_s,1599
 airbyte_ops_mcp/mcp/registry.py,sha256=PW-VYUj42qx2pQ_apUkVaoUFq7VgB9zEU7-aGrkSCCw,290
@@ -410,7 +411,7 @@ airbyte_ops_mcp/regression_tests/regression/comparators.py,sha256=MJkLZEKHivgrG0
 airbyte_ops_mcp/regression_tests/validation/__init__.py,sha256=MBEwGOoNuqT4_oCahtoK62OKWIjUCfWa7vZTxNj_0Ek,1532
 airbyte_ops_mcp/regression_tests/validation/catalog_validators.py,sha256=jqqVAMOk0mtdPgwu4d0hA0ZEjtsNh5gapvGydRv3_qk,12553
 airbyte_ops_mcp/regression_tests/validation/record_validators.py,sha256=RjauAhKWNwxMBTu0eNS2hMFNQVs5CLbQU51kp6FOVDk,7432
-airbyte_internal_ops-0.2.2.dist-info/METADATA,sha256=1ah9ZGR3rZ1676mhAJzJvrbfqOQsV_fuedRitpJG9h8,5679
-airbyte_internal_ops-0.2.2.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-airbyte_internal_ops-0.2.2.dist-info/entry_points.txt,sha256=WxP0l7bRFss4Cr5uQqVj9mTEKwnRKouNuphXQF0lotA,171
-airbyte_internal_ops-0.2.2.dist-info/RECORD,,
+airbyte_internal_ops-0.2.4.dist-info/METADATA,sha256=MN7C0ze-rXRcES0sQ2IS_HjBQHKTaZ_8tP3N1WrVT88,5679
+airbyte_internal_ops-0.2.4.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+airbyte_internal_ops-0.2.4.dist-info/entry_points.txt,sha256=WxP0l7bRFss4Cr5uQqVj9mTEKwnRKouNuphXQF0lotA,171
+airbyte_internal_ops-0.2.4.dist-info/RECORD,,

airbyte_ops_mcp/cli/registry.py

@@ -5,6 +5,7 @@ This module provides CLI wrappers for registry operations. The core logic
 lives in the `airbyte_ops_mcp.registry` capability module.
 
 Commands:
+    airbyte-ops registry connector compute-prerelease-tag - Compute prerelease version tag
     airbyte-ops registry connector publish-prerelease - Publish connector prerelease
     airbyte-ops registry connector publish - Publish connector (apply/rollback version override)
     airbyte-ops registry image inspect - Inspect Docker image on DockerHub
@@ -12,9 +13,12 @@ Commands:
 
 from __future__ import annotations
 
+import contextlib
+import sys
 from pathlib import Path
 from typing import Annotated
 
+import yaml
 from cyclopts import App, Parameter
 
 from airbyte_ops_mcp.cli._base import app
@@ -24,8 +28,15 @@ from airbyte_ops_mcp.cli._shared import (
     print_json,
     print_success,
 )
+from airbyte_ops_mcp.github_actions import (
+    get_file_contents_at_ref,
+    resolve_github_token,
+)
 from airbyte_ops_mcp.mcp.github import get_docker_image_info
-from airbyte_ops_mcp.mcp.prerelease import publish_connector_to_airbyte_registry
+from airbyte_ops_mcp.mcp.prerelease import (
+    compute_prerelease_docker_image_tag,
+    publish_connector_to_airbyte_registry,
+)
 from airbyte_ops_mcp.registry import (
     ConnectorPublishResult,
     PublishAction,
@@ -47,6 +58,111 @@ image_app = App(name="image", help="Docker image operations.")
 registry_app.command(image_app)
 
 
+AIRBYTE_REPO_OWNER = "airbytehq"
+AIRBYTE_REPO_NAME = "airbyte"
+CONNECTOR_PATH_PREFIX = "airbyte-integrations/connectors"
+
+
+def _get_connector_version_from_github(
+    connector_name: str,
+    ref: str,
+    token: str | None = None,
+) -> str | None:
+    """Fetch connector version from metadata.yaml via GitHub API.
+
+    Args:
+        connector_name: Connector name (e.g., "source-github")
+        ref: Git ref (commit SHA, branch name, or tag)
+        token: GitHub API token (optional for public repos)
+
+    Returns:
+        Version string from metadata.yaml, or None if not found.
+    """
+    path = f"{CONNECTOR_PATH_PREFIX}/{connector_name}/metadata.yaml"
+    contents = get_file_contents_at_ref(
+        owner=AIRBYTE_REPO_OWNER,
+        repo=AIRBYTE_REPO_NAME,
+        path=path,
+        ref=ref,
+        token=token,
+    )
+    if contents is None:
+        return None
+
+    metadata = yaml.safe_load(contents)
+    return metadata.get("data", {}).get("dockerImageTag")
+
+
+@connector_app.command(name="compute-prerelease-tag")
+def compute_prerelease_tag(
+    connector_name: Annotated[
+        str,
+        Parameter(help="Connector name (e.g., 'source-github')."),
+    ],
+    sha: Annotated[
+        str,
+        Parameter(help="Git commit SHA (full or at least 7 characters)."),
+    ],
+    base_version: Annotated[
+        str | None,
+        Parameter(
+            help="Base version override. If not provided, fetched from metadata.yaml at the given SHA."
+        ),
+    ] = None,
+) -> None:
+    """Compute the pre-release docker image tag.
+
+    Outputs the version tag to stdout for easy capture in shell scripts.
+    This is the single source of truth for pre-release version format.
+
+    The command fetches the connector's metadata.yaml from GitHub at the given SHA
+    to determine the base version. It also compares against the master branch and
+    prints a warning to stderr if no version bump is detected.
+
+    If --base-version is provided, it is used directly instead of fetching from GitHub.
+
+    Example:
+        airbyte-ops registry connector compute-prerelease-tag --connector-name source-github --sha abcdef1234567
+        # Output: 1.2.3-preview.abcdef1
+
+        airbyte-ops registry connector compute-prerelease-tag --connector-name source-github --sha abcdef1234567 --base-version 1.2.3
+        # Output: 1.2.3-preview.abcdef1 (uses provided version, skips GitHub API)
+    """
+    # Try to get a GitHub token (optional, but helps avoid rate limiting)
+    # Token resolution may fail if no token is configured, which is fine for public repos
+    token: str | None = None
+    with contextlib.suppress(ValueError):
+        token = resolve_github_token()
+
+    # Determine base version
+    version: str
+    if base_version:
+        version = base_version
+    else:
+        # Fetch version from metadata.yaml at the given SHA
+        fetched_version = _get_connector_version_from_github(connector_name, sha, token)
+        if fetched_version is None:
+            print(
+                f"Error: Could not fetch metadata.yaml for {connector_name} at ref {sha}",
+                file=sys.stderr,
+            )
+            sys.exit(1)
+        version = fetched_version
+
+    # Compare with master branch version and warn if no bump detected
+    master_version = _get_connector_version_from_github(connector_name, "master", token)
+    if master_version and master_version == version:
+        print(
+            f"Warning: No version bump detected for {connector_name}. "
+            f"Version {version} matches master branch.",
+            file=sys.stderr,
+        )
+
+    # Compute and output the prerelease tag
+    tag = compute_prerelease_docker_image_tag(version, sha)
+    print(tag)
+
+
 @connector_app.command(name="publish-prerelease")
 def publish_prerelease(
     connector_name: Annotated[

airbyte_ops_mcp/github_actions.py

@@ -106,6 +106,51 @@ class WorkflowJobInfo:
     """ISO 8601 timestamp when the job completed"""
 
 
+def get_file_contents_at_ref(
+    owner: str,
+    repo: str,
+    path: str,
+    ref: str,
+    token: str | None = None,
+) -> str | None:
+    """Fetch file contents from GitHub at a specific ref.
+
+    Uses the GitHub Contents API to retrieve file contents at a specific
+    commit SHA, branch, or tag. This allows reading files without having
+    the repository checked out locally.
+
+    Args:
+        owner: Repository owner (e.g., "airbytehq")
+        repo: Repository name (e.g., "airbyte")
+        path: Path to the file within the repository
+        ref: Git ref (commit SHA, branch name, or tag)
+        token: GitHub API token (optional for public repos, but recommended
+            to avoid rate limiting)
+
+    Returns:
+        File contents as a string, or None if the file doesn't exist.
+
+    Raises:
+        requests.HTTPError: If API request fails (except 404).
+    """
+    url = f"{GITHUB_API_BASE}/repos/{owner}/{repo}/contents/{path}"
+    headers = {
+        "Accept": "application/vnd.github.raw+json",
+        "X-GitHub-Api-Version": "2022-11-28",
+    }
+    if token:
+        headers["Authorization"] = f"Bearer {token}"
+
+    params = {"ref": ref}
+
+    response = requests.get(url, headers=headers, params=params, timeout=30)
+    if response.status_code == 404:
+        return None
+    response.raise_for_status()
+
+    return response.text
+
+
 def get_workflow_jobs(
     owner: str,
     repo: str,

airbyte_ops_mcp/github_api.py

@@ -0,0 +1,264 @@
+# Copyright (c) 2025 Airbyte, Inc., all rights reserved.
+"""GitHub API utilities for user and comment operations.
+
+This module provides utilities for interacting with GitHub's REST API
+to retrieve user information and comment details. These utilities are
+used by MCP tools for authorization and audit purposes.
+"""
+
+from __future__ import annotations
+
+import re
+from dataclasses import dataclass
+from urllib.parse import urlparse
+
+import requests
+
+from airbyte_ops_mcp.github_actions import GITHUB_API_BASE, resolve_github_token
+
+
+class GitHubCommentParseError(Exception):
+    """Raised when a GitHub comment URL cannot be parsed."""
+
+
+class GitHubUserEmailNotFoundError(Exception):
+    """Raised when a GitHub user's public email cannot be found."""
+
+
+class GitHubAPIError(Exception):
+    """Raised when a GitHub API call fails."""
+
+
+@dataclass(frozen=True)
+class GitHubCommentInfo:
+    """Information about a GitHub comment and its author."""
+
+    comment_id: int
+    """The numeric comment ID."""
+
+    owner: str
+    """Repository owner (e.g., 'airbytehq')."""
+
+    repo: str
+    """Repository name (e.g., 'oncall')."""
+
+    author_login: str
+    """GitHub username of the comment author."""
+
+    author_association: str
+    """Author's association with the repo (e.g., 'MEMBER', 'OWNER', 'CONTRIBUTOR')."""
+
+    comment_type: str
+    """Type of comment: 'issue_comment' or 'review_comment'."""
+
+
+@dataclass(frozen=True)
+class GitHubUserInfo:
+    """Information about a GitHub user."""
+
+    login: str
+    """GitHub username."""
+
+    email: str | None
+    """Public email address, if set."""
+
+    name: str | None
+    """Display name, if set."""
+
+
+def _parse_github_comment_url(url: str) -> tuple[str, str, int, str]:
+    """Parse a GitHub comment URL to extract owner, repo, comment_id, and comment_type.
+
+    Supports two URL formats:
+    - Issue/PR timeline comments: https://github.com/{owner}/{repo}/issues/{num}#issuecomment-{id}
+    - PR review comments: https://github.com/{owner}/{repo}/pull/{num}#discussion_r{id}
+
+    Args:
+        url: GitHub comment URL.
+
+    Returns:
+        Tuple of (owner, repo, comment_id, comment_type).
+        comment_type is either 'issue_comment' or 'review_comment'.
+
+    Raises:
+        GitHubCommentParseError: If the URL cannot be parsed.
+    """
+    parsed = urlparse(url)
+
+    if parsed.scheme != "https":
+        raise GitHubCommentParseError(
+            f"Invalid URL scheme: expected 'https', got '{parsed.scheme}'"
+        )
+
+    if parsed.netloc != "github.com":
+        raise GitHubCommentParseError(
+            f"Invalid URL host: expected 'github.com', got '{parsed.netloc}'"
+        )
+
+    path_parts = parsed.path.strip("/").split("/")
+    if len(path_parts) < 2:
+        raise GitHubCommentParseError(
+            f"Invalid URL path: expected at least owner/repo, got '{parsed.path}'"
+        )
+
+    owner = path_parts[0]
+    repo = path_parts[1]
+    fragment = parsed.fragment
+
+    issue_comment_match = re.match(r"^issuecomment-(\d+)$", fragment)
+    if issue_comment_match:
+        comment_id = int(issue_comment_match.group(1))
+        return owner, repo, comment_id, "issue_comment"
+
+    review_comment_match = re.match(r"^discussion_r(\d+)$", fragment)
+    if review_comment_match:
+        comment_id = int(review_comment_match.group(1))
+        return owner, repo, comment_id, "review_comment"
+
+    raise GitHubCommentParseError(
+        f"Invalid URL fragment: expected '#issuecomment-<id>' or '#discussion_r<id>', "
+        f"got '#{fragment}'"
+    )
+
+
+def get_github_comment_info(
+    owner: str,
+    repo: str,
+    comment_id: int,
+    comment_type: str,
+    token: str | None = None,
+) -> GitHubCommentInfo:
+    """Fetch comment information from GitHub API.
+
+    Args:
+        owner: Repository owner.
+        repo: Repository name.
+        comment_id: Numeric comment ID.
+        comment_type: Either 'issue_comment' or 'review_comment'.
+        token: GitHub API token. If None, will be resolved from environment.
+
+    Returns:
+        GitHubCommentInfo with comment and author details.
+
+    Raises:
+        GitHubAPIError: If the API request fails.
+        ValueError: If comment_type is invalid.
+    """
+    if token is None:
+        token = resolve_github_token()
+
+    if comment_type == "issue_comment":
+        url = f"{GITHUB_API_BASE}/repos/{owner}/{repo}/issues/comments/{comment_id}"
+    elif comment_type == "review_comment":
+        url = f"{GITHUB_API_BASE}/repos/{owner}/{repo}/pulls/comments/{comment_id}"
+    else:
+        raise ValueError(f"Invalid comment_type: {comment_type}")
+
+    headers = {
+        "Authorization": f"Bearer {token}",
+        "Accept": "application/vnd.github+json",
+        "X-GitHub-Api-Version": "2022-11-28",
+    }
+
+    response = requests.get(url, headers=headers, timeout=30)
+    if not response.ok:
+        raise GitHubAPIError(
+            f"Failed to fetch comment {comment_id} from {owner}/{repo}: "
+            f"{response.status_code} {response.text}"
+        )
+
+    data = response.json()
+    user = data.get("user", {})
+
+    return GitHubCommentInfo(
+        comment_id=comment_id,
+        owner=owner,
+        repo=repo,
+        author_login=user.get("login", ""),
+        author_association=data.get("author_association", "NONE"),
+        comment_type=comment_type,
+    )
+
+
+def get_github_user_info(login: str, token: str | None = None) -> GitHubUserInfo:
+    """Fetch user information from GitHub API.
+
+    Args:
+        login: GitHub username.
+        token: GitHub API token. If None, will be resolved from environment.
+
+    Returns:
+        GitHubUserInfo with user details.
+
+    Raises:
+        GitHubAPIError: If the API request fails.
+    """
+    if token is None:
+        token = resolve_github_token()
+
+    url = f"{GITHUB_API_BASE}/users/{login}"
+    headers = {
+        "Authorization": f"Bearer {token}",
+        "Accept": "application/vnd.github+json",
+        "X-GitHub-Api-Version": "2022-11-28",
+    }
+
+    response = requests.get(url, headers=headers, timeout=30)
+    if not response.ok:
+        raise GitHubAPIError(
+            f"Failed to fetch user {login}: {response.status_code} {response.text}"
+        )
+
+    data = response.json()
+
+    return GitHubUserInfo(
+        login=data.get("login", login),
+        email=data.get("email"),
+        name=data.get("name"),
+    )
+
+
+def get_admin_email_from_approval_comment(approval_comment_url: str) -> str:
+    """Derive the admin email from a GitHub approval comment URL.
+
+    This function:
+    1. Parses the comment URL to extract owner, repo, and comment ID.
+    2. Fetches the comment from GitHub API to get the author's username.
+    3. Fetches the user's profile to get their public email.
+    4. Validates the email is an @airbyte.io address.
+
+    Args:
+        approval_comment_url: GitHub comment URL where approval was given.
+
+    Returns:
+        The admin's @airbyte.io email address.
+
+    Raises:
+        GitHubCommentParseError: If the URL cannot be parsed.
+        GitHubAPIError: If GitHub API calls fail.
+        GitHubUserEmailNotFoundError: If the user has no public email or
+            the email is not an @airbyte.io address.
+    """
+    owner, repo, comment_id, comment_type = _parse_github_comment_url(
+        approval_comment_url
+    )
+
+    comment_info = get_github_comment_info(owner, repo, comment_id, comment_type)
+
+    user_info = get_github_user_info(comment_info.author_login)
+
+    if not user_info.email:
+        raise GitHubUserEmailNotFoundError(
+            f"GitHub user '{comment_info.author_login}' does not have a public email set. "
+            f"To use this tool, the approver must have a public @airbyte.io email "
+            f"configured on their GitHub profile (Settings > Public email)."
+        )
+
+    if not user_info.email.endswith("@airbyte.io"):
+        raise GitHubUserEmailNotFoundError(
+            f"GitHub user '{comment_info.author_login}' has public email '{user_info.email}' "
+            f"which is not an @airbyte.io address. Only @airbyte.io emails are authorized "
+            f"for admin operations."
+        )
+
+    return user_info.email

airbyte_ops_mcp/mcp/cloud_connector_versions.py

@@ -27,6 +27,12 @@ from airbyte_ops_mcp.cloud_admin.models import (
     ConnectorVersionInfo,
     VersionOverrideOperationResult,
 )
+from airbyte_ops_mcp.github_api import (
+    GitHubAPIError,
+    GitHubCommentParseError,
+    GitHubUserEmailNotFoundError,
+    get_admin_email_from_approval_comment,
+)
 from airbyte_ops_mcp.mcp._http_headers import (
     resolve_bearer_token,
     resolve_client_id,
@@ -155,6 +161,15 @@ def set_cloud_connector_version_override(
         Literal["source", "destination"],
         "The type of connector (source or destination)",
     ],
+    approval_comment_url: Annotated[
+        str,
+        Field(
+            description="URL to a GitHub comment where the admin has explicitly "
+            "requested or authorized this deployment. Must be a valid GitHub comment URL. "
+            "Required for authorization. The admin email is automatically derived from "
+            "the comment author's GitHub profile.",
+        ),
+    ],
     version: Annotated[
         str | None,
         Field(
@@ -186,14 +201,6 @@ def set_cloud_connector_version_override(
             default=None,
         ),
     ],
-    admin_user_email: Annotated[
-        str | None,
-        Field(
-            description="Email of the admin user authorizing this operation. "
-            "Must be an @airbyte.io email address. Required for authorization.",
-            default=None,
-        ),
-    ],
     issue_url: Annotated[
         str | None,
         Field(
@@ -202,15 +209,6 @@ def set_cloud_connector_version_override(
             default=None,
         ),
     ],
-    approval_comment_url: Annotated[
-        str | None,
-        Field(
-            description="URL to a GitHub comment where the admin has explicitly "
-            "requested or authorized this deployment. Must be a valid GitHub comment URL. "
-            "Required for authorization.",
-            default=None,
-        ),
-    ],
     ai_agent_session_url: Annotated[
         str | None,
         Field(
@@ -224,9 +222,13 @@ def set_cloud_connector_version_override(
 
     **Admin-only operation** - Requires:
     - AIRBYTE_INTERNAL_ADMIN_FLAG=airbyte.io environment variable
-    - admin_user_email parameter (must be @airbyte.io email)
     - issue_url parameter (GitHub issue URL for context)
-    - approval_comment_url parameter (GitHub comment URL with approval)
+    - approval_comment_url parameter (GitHub comment URL with approval from an @airbyte.io user)
+
+    The admin user email is automatically derived from the approval_comment_url by:
+    1. Fetching the comment from GitHub API to get the author's username
+    2. Fetching the user's profile to get their public email
+    3. Validating the email is an @airbyte.io address
 
     You must specify EXACTLY ONE of `version` OR `unset=True`, but not both.
     When setting a version, `override_reason` is required.
@@ -252,16 +254,9 @@ def set_cloud_connector_version_override(
             connector_type=actor_type,
         )
 
-    # Validate new authorization parameters
+    # Validate authorization parameters
     validation_errors: list[str] = []
 
-    if not admin_user_email:
-        validation_errors.append("admin_user_email is required for authorization")
-    elif "@airbyte.io" not in admin_user_email:
-        validation_errors.append(
-            f"admin_user_email must be an @airbyte.io email address, got: {admin_user_email}"
-        )
-
     if not issue_url:
         validation_errors.append(
             "issue_url is required for authorization (GitHub issue URL)"
@@ -271,11 +266,7 @@ def set_cloud_connector_version_override(
             f"issue_url must be a valid GitHub URL (https://github.com/...), got: {issue_url}"
         )
 
-    if not approval_comment_url:
-        validation_errors.append(
-            "approval_comment_url is required for authorization (GitHub comment URL)"
-        )
-    elif not approval_comment_url.startswith("https://github.com/"):
+    if not approval_comment_url.startswith("https://github.com/"):
         validation_errors.append(
             f"approval_comment_url must be a valid GitHub URL, got: {approval_comment_url}"
         )
@@ -296,6 +287,31 @@ def set_cloud_connector_version_override(
             connector_type=actor_type,
         )
 
+    # Derive admin email from approval comment URL
+    try:
+        admin_user_email = get_admin_email_from_approval_comment(approval_comment_url)
+    except GitHubCommentParseError as e:
+        return VersionOverrideOperationResult(
+            success=False,
+            message=f"Failed to parse approval comment URL: {e}",
+            connector_id=actor_id,
+            connector_type=actor_type,
+        )
+    except GitHubAPIError as e:
+        return VersionOverrideOperationResult(
+            success=False,
+            message=f"Failed to fetch approval comment from GitHub: {e}",
+            connector_id=actor_id,
+            connector_type=actor_type,
+        )
+    except GitHubUserEmailNotFoundError as e:
+        return VersionOverrideOperationResult(
+            success=False,
+            message=str(e),
+            connector_id=actor_id,
+            connector_type=actor_type,
+        )
+
     # Build enhanced override reason with audit fields (only for 'set' operations)
     enhanced_override_reason = override_reason
     if not unset and override_reason:

airbyte_ops_mcp/mcp/prerelease.py

@@ -31,6 +31,45 @@ PRERELEASE_TOKEN_ENV_VARS = [
     "GITHUB_TOKEN",
 ]
 
+# =============================================================================
+# Pre-release Version Tag Constants
+# =============================================================================
+
+PRERELEASE_TAG_PREFIX = "preview"
+"""The prefix used for pre-release version tags (e.g., '1.2.3-preview.abcde12')."""
+
+PRERELEASE_SHA_LENGTH = 7
+"""The number of characters from the git SHA to include in pre-release tags."""
+
+
+def compute_prerelease_docker_image_tag(base_version: str, sha: str) -> str:
+    """Compute the pre-release docker image tag.
+
+    This is the SINGLE SOURCE OF TRUTH for pre-release version format.
+    All other code should receive this value as a parameter, not recompute it.
+
+    The format is: {base_version}-preview.{short_sha}
+
+    Where:
+        - base_version: The base version from metadata.yaml (e.g., "1.2.3")
+        - short_sha: The first 7 characters of the git commit SHA
+
+    Examples:
+        >>> compute_prerelease_docker_image_tag("1.2.3", "abcdef1234567890")
+        '1.2.3-preview.abcdef1'
+        >>> compute_prerelease_docker_image_tag("0.1.0", "1234567")
+        '0.1.0-preview.1234567'
+
+    Args:
+        base_version: The base version from metadata.yaml (e.g., "1.2.3")
+        sha: The full git commit SHA (or at least 7 characters)
+
+    Returns:
+        Pre-release version tag (e.g., "1.2.3-preview.abcde12")
+    """
+    short_sha = sha[:PRERELEASE_SHA_LENGTH]
+    return f"{base_version}-{PRERELEASE_TAG_PREFIX}.{short_sha}"
+
 
 class PRHeadInfo(BaseModel):
     """Information about a PR's head commit."""
@@ -268,7 +307,9 @@ def publish_connector_to_airbyte_registry(
         docker_image = data.get("dockerRepository")
         base_version = data.get("dockerImageTag")
         if base_version:
-            docker_image_tag = f"{base_version}-preview.{head_info.short_sha}"
+            docker_image_tag = compute_prerelease_docker_image_tag(
+                base_version, head_info.sha
+            )
 
     return PrereleaseWorkflowResult(
         success=True,