airbyte-internal-ops 0.2.3__py3-none-any.whl → 0.2.4__py3-none-any.whl

{airbyte_internal_ops-0.2.3.dist-info → airbyte_internal_ops-0.2.4.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: airbyte-internal-ops
-Version: 0.2.3
+Version: 0.2.4
 Summary: MCP and API interfaces that let the agents do the admin work
 Author-email: Aaron Steers <aj@airbyte.io>
 Keywords: admin,airbyte,api,mcp

{airbyte_internal_ops-0.2.3.dist-info → airbyte_internal_ops-0.2.4.dist-info}/RECORD

@@ -3,6 +3,7 @@ airbyte_ops_mcp/_annotations.py,sha256=MO-SBDnbykxxHDESG7d8rviZZ4WlZgJKv0a8eBqcE
 airbyte_ops_mcp/constants.py,sha256=GeZ2_WWluMSrGkyqGvqUVFCy-5PD-lyzZbQ7eO-vyUo,5192
 airbyte_ops_mcp/gcp_auth.py,sha256=5k-k145ZoYhHLjyDES8nrA8f8BBihRI0ykrdD1IcfOs,3599
 airbyte_ops_mcp/github_actions.py,sha256=wKnuIVmF4u1gMYNdSoryD_PUmvMz5SaHgOvbU0dsolA,9957
+airbyte_ops_mcp/github_api.py,sha256=uupbYKAkm7yLHK_1cDXYKl1bOYhUygZhG5IHspS7duE,8104
 airbyte_ops_mcp/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 airbyte_ops_mcp/_legacy/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 airbyte_ops_mcp/_legacy/airbyte_ci/README.md,sha256=qEYx4geDR8AEDjrcA303h7Nol-CMDLojxUyiGzQprM8,236
@@ -369,7 +370,7 @@ airbyte_ops_mcp/mcp/__init__.py,sha256=QqkNkxzdXlg-W03urBAQ3zmtOKFPf35rXgO9ceUjp
 airbyte_ops_mcp/mcp/_guidance.py,sha256=48tQSnDnxqXtyGJxxgjz0ZiI814o_7Fj7f6R8jpQ7so,2375
 airbyte_ops_mcp/mcp/_http_headers.py,sha256=9TAH2RYhFR3z2JugW4Q3WrrqJIdaCzAbyA1GhtQ_EMM,7278
 airbyte_ops_mcp/mcp/_mcp_utils.py,sha256=WNwcGzF7XGKZNAYRt0Uhj5BkRfmwqnFABCrk77OZjRw,11512
-airbyte_ops_mcp/mcp/cloud_connector_versions.py,sha256=1ppgqRo6GU_KltSLzTZluPiPlAK74gMygCJJue7bezs,14751
+airbyte_ops_mcp/mcp/cloud_connector_versions.py,sha256=sSMTMk1_2zqD-fr5EENZ1FgbBT6mpNHBrRJuk0jm_iI,15391
 airbyte_ops_mcp/mcp/connector_analysis.py,sha256=OC4KrOSkMkKPkOisWnSv96BDDE5TQYHq-Jxa2vtjJpo,298
 airbyte_ops_mcp/mcp/connector_qa.py,sha256=aImpqdnqBPDrz10BS0owsV4kuIU2XdalzgbaGZsbOL0,258
 airbyte_ops_mcp/mcp/github.py,sha256=h3M3VJrq09y_F9ueQVCq3bUbVBNFuTNKprHtGU_ttio,8045
@@ -410,7 +411,7 @@ airbyte_ops_mcp/regression_tests/regression/comparators.py,sha256=MJkLZEKHivgrG0
 airbyte_ops_mcp/regression_tests/validation/__init__.py,sha256=MBEwGOoNuqT4_oCahtoK62OKWIjUCfWa7vZTxNj_0Ek,1532
 airbyte_ops_mcp/regression_tests/validation/catalog_validators.py,sha256=jqqVAMOk0mtdPgwu4d0hA0ZEjtsNh5gapvGydRv3_qk,12553
 airbyte_ops_mcp/regression_tests/validation/record_validators.py,sha256=RjauAhKWNwxMBTu0eNS2hMFNQVs5CLbQU51kp6FOVDk,7432
-airbyte_internal_ops-0.2.3.dist-info/METADATA,sha256=c-kIcUr44n9G4r4yImy7oEQuSrLRueORjI4SeW-2ZNI,5679
-airbyte_internal_ops-0.2.3.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-airbyte_internal_ops-0.2.3.dist-info/entry_points.txt,sha256=WxP0l7bRFss4Cr5uQqVj9mTEKwnRKouNuphXQF0lotA,171
-airbyte_internal_ops-0.2.3.dist-info/RECORD,,
+airbyte_internal_ops-0.2.4.dist-info/METADATA,sha256=MN7C0ze-rXRcES0sQ2IS_HjBQHKTaZ_8tP3N1WrVT88,5679
+airbyte_internal_ops-0.2.4.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+airbyte_internal_ops-0.2.4.dist-info/entry_points.txt,sha256=WxP0l7bRFss4Cr5uQqVj9mTEKwnRKouNuphXQF0lotA,171
+airbyte_internal_ops-0.2.4.dist-info/RECORD,,

airbyte_ops_mcp/github_api.py

@@ -0,0 +1,264 @@
+# Copyright (c) 2025 Airbyte, Inc., all rights reserved.
+"""GitHub API utilities for user and comment operations.
+
+This module provides utilities for interacting with GitHub's REST API
+to retrieve user information and comment details. These utilities are
+used by MCP tools for authorization and audit purposes.
+"""
+
+from __future__ import annotations
+
+import re
+from dataclasses import dataclass
+from urllib.parse import urlparse
+
+import requests
+
+from airbyte_ops_mcp.github_actions import GITHUB_API_BASE, resolve_github_token
+
+
+class GitHubCommentParseError(Exception):
+    """Raised when a GitHub comment URL cannot be parsed."""
+
+
+class GitHubUserEmailNotFoundError(Exception):
+    """Raised when a GitHub user's public email cannot be found."""
+
+
+class GitHubAPIError(Exception):
+    """Raised when a GitHub API call fails."""
+
+
+@dataclass(frozen=True)
+class GitHubCommentInfo:
+    """Information about a GitHub comment and its author."""
+
+    comment_id: int
+    """The numeric comment ID."""
+
+    owner: str
+    """Repository owner (e.g., 'airbytehq')."""
+
+    repo: str
+    """Repository name (e.g., 'oncall')."""
+
+    author_login: str
+    """GitHub username of the comment author."""
+
+    author_association: str
+    """Author's association with the repo (e.g., 'MEMBER', 'OWNER', 'CONTRIBUTOR')."""
+
+    comment_type: str
+    """Type of comment: 'issue_comment' or 'review_comment'."""
+
+
+@dataclass(frozen=True)
+class GitHubUserInfo:
+    """Information about a GitHub user."""
+
+    login: str
+    """GitHub username."""
+
+    email: str | None
+    """Public email address, if set."""
+
+    name: str | None
+    """Display name, if set."""
+
+
+def _parse_github_comment_url(url: str) -> tuple[str, str, int, str]:
+    """Parse a GitHub comment URL to extract owner, repo, comment_id, and comment_type.
+
+    Supports two URL formats:
+    - Issue/PR timeline comments: https://github.com/{owner}/{repo}/issues/{num}#issuecomment-{id}
+    - PR review comments: https://github.com/{owner}/{repo}/pull/{num}#discussion_r{id}
+
+    Args:
+        url: GitHub comment URL.
+
+    Returns:
+        Tuple of (owner, repo, comment_id, comment_type).
+        comment_type is either 'issue_comment' or 'review_comment'.
+
+    Raises:
+        GitHubCommentParseError: If the URL cannot be parsed.
+    """
+    parsed = urlparse(url)
+
+    if parsed.scheme != "https":
+        raise GitHubCommentParseError(
+            f"Invalid URL scheme: expected 'https', got '{parsed.scheme}'"
+        )
+
+    if parsed.netloc != "github.com":
+        raise GitHubCommentParseError(
+            f"Invalid URL host: expected 'github.com', got '{parsed.netloc}'"
+        )
+
+    path_parts = parsed.path.strip("/").split("/")
+    if len(path_parts) < 2:
+        raise GitHubCommentParseError(
+            f"Invalid URL path: expected at least owner/repo, got '{parsed.path}'"
+        )
+
+    owner = path_parts[0]
+    repo = path_parts[1]
+    fragment = parsed.fragment
+
+    issue_comment_match = re.match(r"^issuecomment-(\d+)$", fragment)
+    if issue_comment_match:
+        comment_id = int(issue_comment_match.group(1))
+        return owner, repo, comment_id, "issue_comment"
+
+    review_comment_match = re.match(r"^discussion_r(\d+)$", fragment)
+    if review_comment_match:
+        comment_id = int(review_comment_match.group(1))
+        return owner, repo, comment_id, "review_comment"
+
+    raise GitHubCommentParseError(
+        f"Invalid URL fragment: expected '#issuecomment-<id>' or '#discussion_r<id>', "
+        f"got '#{fragment}'"
+    )
+
+
+def get_github_comment_info(
+    owner: str,
+    repo: str,
+    comment_id: int,
+    comment_type: str,
+    token: str | None = None,
+) -> GitHubCommentInfo:
+    """Fetch comment information from GitHub API.
+
+    Args:
+        owner: Repository owner.
+        repo: Repository name.
+        comment_id: Numeric comment ID.
+        comment_type: Either 'issue_comment' or 'review_comment'.
+        token: GitHub API token. If None, will be resolved from environment.
+
+    Returns:
+        GitHubCommentInfo with comment and author details.
+
+    Raises:
+        GitHubAPIError: If the API request fails.
+        ValueError: If comment_type is invalid.
+    """
+    if token is None:
+        token = resolve_github_token()
+
+    if comment_type == "issue_comment":
+        url = f"{GITHUB_API_BASE}/repos/{owner}/{repo}/issues/comments/{comment_id}"
+    elif comment_type == "review_comment":
+        url = f"{GITHUB_API_BASE}/repos/{owner}/{repo}/pulls/comments/{comment_id}"
+    else:
+        raise ValueError(f"Invalid comment_type: {comment_type}")
+
+    headers = {
+        "Authorization": f"Bearer {token}",
+        "Accept": "application/vnd.github+json",
+        "X-GitHub-Api-Version": "2022-11-28",
+    }
+
+    response = requests.get(url, headers=headers, timeout=30)
+    if not response.ok:
+        raise GitHubAPIError(
+            f"Failed to fetch comment {comment_id} from {owner}/{repo}: "
+            f"{response.status_code} {response.text}"
+        )
+
+    data = response.json()
+    user = data.get("user", {})
+
+    return GitHubCommentInfo(
+        comment_id=comment_id,
+        owner=owner,
+        repo=repo,
+        author_login=user.get("login", ""),
+        author_association=data.get("author_association", "NONE"),
+        comment_type=comment_type,
+    )
+
+
+def get_github_user_info(login: str, token: str | None = None) -> GitHubUserInfo:
+    """Fetch user information from GitHub API.
+
+    Args:
+        login: GitHub username.
+        token: GitHub API token. If None, will be resolved from environment.
+
+    Returns:
+        GitHubUserInfo with user details.
+
+    Raises:
+        GitHubAPIError: If the API request fails.
+    """
+    if token is None:
+        token = resolve_github_token()
+
+    url = f"{GITHUB_API_BASE}/users/{login}"
+    headers = {
+        "Authorization": f"Bearer {token}",
+        "Accept": "application/vnd.github+json",
+        "X-GitHub-Api-Version": "2022-11-28",
+    }
+
+    response = requests.get(url, headers=headers, timeout=30)
+    if not response.ok:
+        raise GitHubAPIError(
+            f"Failed to fetch user {login}: {response.status_code} {response.text}"
+        )
+
+    data = response.json()
+
+    return GitHubUserInfo(
+        login=data.get("login", login),
+        email=data.get("email"),
+        name=data.get("name"),
+    )
+
+
+def get_admin_email_from_approval_comment(approval_comment_url: str) -> str:
+    """Derive the admin email from a GitHub approval comment URL.
+
+    This function:
+    1. Parses the comment URL to extract owner, repo, and comment ID.
+    2. Fetches the comment from GitHub API to get the author's username.
+    3. Fetches the user's profile to get their public email.
+    4. Validates the email is an @airbyte.io address.
+
+    Args:
+        approval_comment_url: GitHub comment URL where approval was given.
+
+    Returns:
+        The admin's @airbyte.io email address.
+
+    Raises:
+        GitHubCommentParseError: If the URL cannot be parsed.
+        GitHubAPIError: If GitHub API calls fail.
+        GitHubUserEmailNotFoundError: If the user has no public email or
+            the email is not an @airbyte.io address.
+    """
+    owner, repo, comment_id, comment_type = _parse_github_comment_url(
+        approval_comment_url
+    )
+
+    comment_info = get_github_comment_info(owner, repo, comment_id, comment_type)
+
+    user_info = get_github_user_info(comment_info.author_login)
+
+    if not user_info.email:
+        raise GitHubUserEmailNotFoundError(
+            f"GitHub user '{comment_info.author_login}' does not have a public email set. "
+            f"To use this tool, the approver must have a public @airbyte.io email "
+            f"configured on their GitHub profile (Settings > Public email)."
+        )
+
+    if not user_info.email.endswith("@airbyte.io"):
+        raise GitHubUserEmailNotFoundError(
+            f"GitHub user '{comment_info.author_login}' has public email '{user_info.email}' "
+            f"which is not an @airbyte.io address. Only @airbyte.io emails are authorized "
+            f"for admin operations."
+        )
+
+    return user_info.email

airbyte_ops_mcp/mcp/cloud_connector_versions.py

@@ -27,6 +27,12 @@ from airbyte_ops_mcp.cloud_admin.models import (
     ConnectorVersionInfo,
     VersionOverrideOperationResult,
 )
+from airbyte_ops_mcp.github_api import (
+    GitHubAPIError,
+    GitHubCommentParseError,
+    GitHubUserEmailNotFoundError,
+    get_admin_email_from_approval_comment,
+)
 from airbyte_ops_mcp.mcp._http_headers import (
     resolve_bearer_token,
     resolve_client_id,
@@ -155,6 +161,15 @@ def set_cloud_connector_version_override(
         Literal["source", "destination"],
         "The type of connector (source or destination)",
     ],
+    approval_comment_url: Annotated[
+        str,
+        Field(
+            description="URL to a GitHub comment where the admin has explicitly "
+            "requested or authorized this deployment. Must be a valid GitHub comment URL. "
+            "Required for authorization. The admin email is automatically derived from "
+            "the comment author's GitHub profile.",
+        ),
+    ],
     version: Annotated[
         str | None,
         Field(
@@ -186,14 +201,6 @@ def set_cloud_connector_version_override(
             default=None,
         ),
     ],
-    admin_user_email: Annotated[
-        str | None,
-        Field(
-            description="Email of the admin user authorizing this operation. "
-            "Must be an @airbyte.io email address. Required for authorization.",
-            default=None,
-        ),
-    ],
     issue_url: Annotated[
         str | None,
         Field(
@@ -202,15 +209,6 @@ def set_cloud_connector_version_override(
             default=None,
         ),
     ],
-    approval_comment_url: Annotated[
-        str | None,
-        Field(
-            description="URL to a GitHub comment where the admin has explicitly "
-            "requested or authorized this deployment. Must be a valid GitHub comment URL. "
-            "Required for authorization.",
-            default=None,
-        ),
-    ],
     ai_agent_session_url: Annotated[
         str | None,
         Field(
@@ -224,9 +222,13 @@ def set_cloud_connector_version_override(
 
     **Admin-only operation** - Requires:
     - AIRBYTE_INTERNAL_ADMIN_FLAG=airbyte.io environment variable
-    - admin_user_email parameter (must be @airbyte.io email)
     - issue_url parameter (GitHub issue URL for context)
-    - approval_comment_url parameter (GitHub comment URL with approval)
+    - approval_comment_url parameter (GitHub comment URL with approval from an @airbyte.io user)
+
+    The admin user email is automatically derived from the approval_comment_url by:
+    1. Fetching the comment from GitHub API to get the author's username
+    2. Fetching the user's profile to get their public email
+    3. Validating the email is an @airbyte.io address
 
     You must specify EXACTLY ONE of `version` OR `unset=True`, but not both.
     When setting a version, `override_reason` is required.
@@ -252,16 +254,9 @@ def set_cloud_connector_version_override(
             connector_type=actor_type,
         )
 
-    # Validate new authorization parameters
+    # Validate authorization parameters
     validation_errors: list[str] = []
 
-    if not admin_user_email:
-        validation_errors.append("admin_user_email is required for authorization")
-    elif "@airbyte.io" not in admin_user_email:
-        validation_errors.append(
-            f"admin_user_email must be an @airbyte.io email address, got: {admin_user_email}"
-        )
-
     if not issue_url:
         validation_errors.append(
             "issue_url is required for authorization (GitHub issue URL)"
@@ -271,11 +266,7 @@ def set_cloud_connector_version_override(
             f"issue_url must be a valid GitHub URL (https://github.com/...), got: {issue_url}"
         )
 
-    if not approval_comment_url:
-        validation_errors.append(
-            "approval_comment_url is required for authorization (GitHub comment URL)"
-        )
-    elif not approval_comment_url.startswith("https://github.com/"):
+    if not approval_comment_url.startswith("https://github.com/"):
         validation_errors.append(
             f"approval_comment_url must be a valid GitHub URL, got: {approval_comment_url}"
         )
@@ -296,6 +287,31 @@ def set_cloud_connector_version_override(
             connector_type=actor_type,
         )
 
+    # Derive admin email from approval comment URL
+    try:
+        admin_user_email = get_admin_email_from_approval_comment(approval_comment_url)
+    except GitHubCommentParseError as e:
+        return VersionOverrideOperationResult(
+            success=False,
+            message=f"Failed to parse approval comment URL: {e}",
+            connector_id=actor_id,
+            connector_type=actor_type,
+        )
+    except GitHubAPIError as e:
+        return VersionOverrideOperationResult(
+            success=False,
+            message=f"Failed to fetch approval comment from GitHub: {e}",
+            connector_id=actor_id,
+            connector_type=actor_type,
+        )
+    except GitHubUserEmailNotFoundError as e:
+        return VersionOverrideOperationResult(
+            success=False,
+            message=str(e),
+            connector_id=actor_id,
+            connector_type=actor_type,
+        )
+
     # Build enhanced override reason with audit fields (only for 'set' operations)
     enhanced_override_reason = override_reason
     if not unset and override_reason: