airbyte-internal-ops 0.3.0__py3-none-any.whl → 0.4.0__py3-none-any.whl

{airbyte_internal_ops-0.3.0.dist-info → airbyte_internal_ops-0.4.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: airbyte-internal-ops
-Version: 0.3.0
+Version: 0.4.0
 Summary: MCP and API interfaces that let the agents do the admin work
 Author-email: Aaron Steers <aj@airbyte.io>
 Keywords: admin,airbyte,api,mcp

{airbyte_internal_ops-0.3.0.dist-info → airbyte_internal_ops-0.4.0.dist-info}/RECORD

@@ -1,7 +1,7 @@
 airbyte_ops_mcp/__init__.py,sha256=tuzdlMkfnWBnsri5KGHM2M_xuNnzFk2u_aR79mmN7Yg,772
 airbyte_ops_mcp/_annotations.py,sha256=MO-SBDnbykxxHDESG7d8rviZZ4WlZgJKv0a8eBqcEzQ,1757
 airbyte_ops_mcp/constants.py,sha256=khcv9W3WkApIyPygEGgE2noBIqLomjoOMLxFBU1ArjA,5308
-airbyte_ops_mcp/gcp_auth.py,sha256=5k-k145ZoYhHLjyDES8nrA8f8BBihRI0ykrdD1IcfOs,3599
+airbyte_ops_mcp/gcp_auth.py,sha256=i0cm1_xX4fj_31iKlfARpNvTaSr85iGTSw9KMf4f4MU,7206
 airbyte_ops_mcp/github_actions.py,sha256=wKnuIVmF4u1gMYNdSoryD_PUmvMz5SaHgOvbU0dsolA,9957
 airbyte_ops_mcp/github_api.py,sha256=uupbYKAkm7yLHK_1cDXYKl1bOYhUygZhG5IHspS7duE,8104
 airbyte_ops_mcp/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -363,11 +363,11 @@ airbyte_ops_mcp/cloud_admin/auth.py,sha256=qE2Aqe0qbZB755KscL65s54Jz78-F-X5a8fXK
 airbyte_ops_mcp/cloud_admin/connection_config.py,sha256=9opGQer-cGMJANmm-LFLMwvMCNu3nzxa2n2XHkZj9Fw,4899
 airbyte_ops_mcp/cloud_admin/models.py,sha256=YZ3FbEW-tZa50khKTTl4Bzvy_LsGyyQd6qcpXo62jls,2670
 airbyte_ops_mcp/connection_config_retriever/__init__.py,sha256=Xoi-YvARrNPhECdpwEDDkdwEpnvj8zuUlwULpf4iRrU,800
-airbyte_ops_mcp/connection_config_retriever/audit_logging.py,sha256=GjT4dVa0TtvGDmiBz9qwzcYCnSf9hTo7UM6l7ubUNE8,2846
+airbyte_ops_mcp/connection_config_retriever/audit_logging.py,sha256=QdOG9984NXeMaKeJnFUZ4oCOmqi37PBRG2NRBBjrZQQ,2753
 airbyte_ops_mcp/connection_config_retriever/retrieval.py,sha256=s6yeCyrboWkUd6KdaheEo87x-rLtQNTL8XeR8O9z2HI,12160
 airbyte_ops_mcp/connection_config_retriever/secrets_resolution.py,sha256=12g0lZzhCzAPl4Iv4eMW6d76mvXjIBGspOnNhywzks4,3644
 airbyte_ops_mcp/gcp_logs/__init__.py,sha256=IqkxclXJnD1U4L2at7aC9GYqPXnuLdYLgmkm3ZiIu6s,409
-airbyte_ops_mcp/gcp_logs/error_lookup.py,sha256=wtC2pXwUuJQcVyonIcduDyGxk8kjJ8Dj-Vyq9AdnYh4,12763
+airbyte_ops_mcp/gcp_logs/error_lookup.py,sha256=Ufl1FtNQJKP_yWndVT1Xku1mT-gxW_0atmNMCYMXvOo,12757
 airbyte_ops_mcp/mcp/__init__.py,sha256=QqkNkxzdXlg-W03urBAQ3zmtOKFPf35rXgO9ceUjpng,334
 airbyte_ops_mcp/mcp/_guidance.py,sha256=48tQSnDnxqXtyGJxxgjz0ZiI814o_7Fj7f6R8jpQ7so,2375
 airbyte_ops_mcp/mcp/_http_headers.py,sha256=9TAH2RYhFR3z2JugW4Q3WrrqJIdaCzAbyA1GhtQ_EMM,7278
@@ -379,18 +379,18 @@ airbyte_ops_mcp/mcp/gcp_logs.py,sha256=IPtq4098_LN1Cgeba4jATO1iYFFFpL2-aRO0pGcOd
 airbyte_ops_mcp/mcp/github.py,sha256=h3M3VJrq09y_F9ueQVCq3bUbVBNFuTNKprHtGU_ttio,8045
 airbyte_ops_mcp/mcp/github_repo_ops.py,sha256=PiERpt8abo20Gz4CfXhrDNlVM4o4FOt5sweZJND2a0s,5314
 airbyte_ops_mcp/mcp/metadata.py,sha256=fwGW97WknR5lfKcQnFtK6dU87aA6TmLj1NkKyqDAV9g,270
-airbyte_ops_mcp/mcp/prerelease.py,sha256=nc6VU03ADVHWM3OjGKxbS5XqY4VoyRyrZNU_fyAtaOI,10465
-airbyte_ops_mcp/mcp/prod_db_queries.py,sha256=FfGoq3aEj6ZUT4ysBIs1w7LzzwBeRXTaRvPGEx62RzI,25474
+airbyte_ops_mcp/mcp/prerelease.py,sha256=GI4p1rGDCLZ6QbEG57oD_M3_buIHwq9B0In6fbj7Ptk,11883
+airbyte_ops_mcp/mcp/prod_db_queries.py,sha256=VsiBBnVbOjc8lBb2Xr1lmcH3wu7QHQfjd4lORarEE1s,42700
 airbyte_ops_mcp/mcp/prompts.py,sha256=mJld9mdPECXYZffWXGSvNs4Xevx3rxqUGNlzGKVC2_s,1599
 airbyte_ops_mcp/mcp/registry.py,sha256=PW-VYUj42qx2pQ_apUkVaoUFq7VgB9zEU7-aGrkSCCw,290
-airbyte_ops_mcp/mcp/regression_tests.py,sha256=S1h-5S5gcZA4WEtIZyAQ836hd04tjSRRqMiYMx0S93g,16079
+airbyte_ops_mcp/mcp/regression_tests.py,sha256=VpXS36Ox2qPxtxnDhVoNfr83UfppWx8rMgCoDiKWzWg,16727
 airbyte_ops_mcp/mcp/server.py,sha256=lKAXxt4u4bz7dsKvAYFFHziMbun2pOnxYmrMtRxsZvM,5317
 airbyte_ops_mcp/mcp/server_info.py,sha256=Yi4B1auW64QZGBDas5mro_vwTjvrP785TFNSBP7GhRg,2361
 airbyte_ops_mcp/prod_db_access/__init__.py,sha256=5pxouMPY1beyWlB0UwPnbaLTKTHqU6X82rbbgKY2vYU,1069
 airbyte_ops_mcp/prod_db_access/db_engine.py,sha256=VUqEWZtharJUR-Cri_pMwtGh1C4Neu4s195mbEXlm-w,9190
 airbyte_ops_mcp/prod_db_access/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-airbyte_ops_mcp/prod_db_access/queries.py,sha256=BBPAQEfcing4G0Q9PEmI8C_9kN26sZc65ZGXd9WuFSw,14257
-airbyte_ops_mcp/prod_db_access/sql.py,sha256=hTbPY4r_rrtJ34B5eVpwyuBMLotyuP--UTv0vl3ZwBw,19432
+airbyte_ops_mcp/prod_db_access/queries.py,sha256=pyW5GxDZ5ibwXawxyI_IR7VFcmoX7pZyZ2jdADqhJRY,20276
+airbyte_ops_mcp/prod_db_access/sql.py,sha256=lzFOYfkb-rFTaZ6vrAK9G8Ym4KTUdhPMBzK44NSRzcg,35362
 airbyte_ops_mcp/registry/__init__.py,sha256=iEaPlt9GrnlaLbc__98TguNeZG8wuQu7S-_2QkhHcbA,858
 airbyte_ops_mcp/registry/models.py,sha256=B4L4TKr52wo0xs0CqvCBrpowqjShzVnZ5eTr2-EyhNs,2346
 airbyte_ops_mcp/registry/publish.py,sha256=VoPxsM2_0zJ829orzCRN-kjgcJtuBNyXgW4I9J680ro,12717
@@ -399,8 +399,8 @@ airbyte_ops_mcp/regression_tests/cdk_secrets.py,sha256=iRjqqBS96KZoswfgT7ju-pE_p
 airbyte_ops_mcp/regression_tests/ci_output.py,sha256=rrvCVKKShc1iVPMuQJDBqSbsiAHIDpX8SA9j0Uwl_Cg,12718
 airbyte_ops_mcp/regression_tests/config.py,sha256=dwWeY0tatdbwl9BqbhZ7EljoZDCtKmGO5fvOAIxeXmA,5873
 airbyte_ops_mcp/regression_tests/connection_fetcher.py,sha256=5wIiA0VvCFNEc-fr6Po18gZMX3E5fyPOGf2SuVOqv5U,12799
-airbyte_ops_mcp/regression_tests/connection_secret_retriever.py,sha256=_qd_nBLx6Xc6yVQHht716sFELX8SgIE5q3R3R708tfw,4879
-airbyte_ops_mcp/regression_tests/connector_runner.py,sha256=bappfBSq8dn3IyVAMS_XuzYEwWus23hkDCHLa2RFysI,9920
+airbyte_ops_mcp/regression_tests/connection_secret_retriever.py,sha256=FhWNVWq7sON4nwUmVJv8BgXBOqg1YV4b5WuWyCzZ0LU,4695
+airbyte_ops_mcp/regression_tests/connector_runner.py,sha256=OZzUa2aLh0sHaEARsDePOA-e3qEX4cvh3Jhnvi8S1rY,10130
 airbyte_ops_mcp/regression_tests/evaluation_modes.py,sha256=lAL6pEDmy_XCC7_m4_NXjt_f6Z8CXeAhMkc0FU8bm_M,1364
 airbyte_ops_mcp/regression_tests/http_metrics.py,sha256=oTD7f2MnQOvx4plOxHop2bInQ0-whvuToSsrC7TIM-M,12469
 airbyte_ops_mcp/regression_tests/models.py,sha256=brtAT9oO1TwjFcP91dFcu0XcUNqQb-jf7di1zkoVEuo,8782
@@ -414,7 +414,7 @@ airbyte_ops_mcp/regression_tests/regression/comparators.py,sha256=MJkLZEKHivgrG0
 airbyte_ops_mcp/regression_tests/validation/__init__.py,sha256=MBEwGOoNuqT4_oCahtoK62OKWIjUCfWa7vZTxNj_0Ek,1532
 airbyte_ops_mcp/regression_tests/validation/catalog_validators.py,sha256=jqqVAMOk0mtdPgwu4d0hA0ZEjtsNh5gapvGydRv3_qk,12553
 airbyte_ops_mcp/regression_tests/validation/record_validators.py,sha256=RjauAhKWNwxMBTu0eNS2hMFNQVs5CLbQU51kp6FOVDk,7432
-airbyte_internal_ops-0.3.0.dist-info/METADATA,sha256=Gx40HXaZtFle9mxFDJQNYMGccjrZ3d0xirHsaWcg04s,5679
-airbyte_internal_ops-0.3.0.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-airbyte_internal_ops-0.3.0.dist-info/entry_points.txt,sha256=WxP0l7bRFss4Cr5uQqVj9mTEKwnRKouNuphXQF0lotA,171
-airbyte_internal_ops-0.3.0.dist-info/RECORD,,
+airbyte_internal_ops-0.4.0.dist-info/METADATA,sha256=K9rJIUSobD2QWdHccHpKZooawgipH8ZozDqTl0FrG-8,5679
+airbyte_internal_ops-0.4.0.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+airbyte_internal_ops-0.4.0.dist-info/entry_points.txt,sha256=WxP0l7bRFss4Cr5uQqVj9mTEKwnRKouNuphXQF0lotA,171
+airbyte_internal_ops-0.4.0.dist-info/RECORD,,

airbyte_ops_mcp/connection_config_retriever/audit_logging.py

@@ -11,9 +11,8 @@ import logging
 import subprocess
 from typing import TYPE_CHECKING, Any, Callable
 
-from google.cloud import logging as gcloud_logging
-
 from airbyte_ops_mcp.constants import GCP_PROJECT_NAME
+from airbyte_ops_mcp.gcp_auth import get_logging_client
 
 if TYPE_CHECKING:
     from airbyte_ops_mcp.connection_config_retriever.retrieval import (
@@ -23,21 +22,18 @@ if TYPE_CHECKING:
 LOGGER = logging.getLogger(__name__)
 
 # Lazy-initialized to avoid import-time GCP calls
-_logging_client: gcloud_logging.Client | None = None
 _airbyte_gcloud_logger: Any = None
 
 
 def _get_logger() -> Any:
     """Get the GCP Cloud Logger, initializing lazily on first use."""
-    global _logging_client, _airbyte_gcloud_logger
+    global _airbyte_gcloud_logger
 
     if _airbyte_gcloud_logger is not None:
         return _airbyte_gcloud_logger
 
-    _logging_client = gcloud_logging.Client(project=GCP_PROJECT_NAME)
-    _airbyte_gcloud_logger = _logging_client.logger(
-        "airbyte-cloud-connection-retriever"
-    )
+    logging_client = get_logging_client(GCP_PROJECT_NAME)
+    _airbyte_gcloud_logger = logging_client.logger("airbyte-cloud-connection-retriever")
     return _airbyte_gcloud_logger
 
 

airbyte_ops_mcp/gcp_auth.py

@@ -6,94 +6,187 @@ the airbyte-ops-mcp codebase. It supports both standard Application Default
 Credentials (ADC) and the GCP_PROD_DB_ACCESS_CREDENTIALS environment variable
 used internally at Airbyte.
 
+The preferred approach is to pass credentials directly to GCP client constructors
+rather than relying on file-based ADC discovery. This module provides helpers
+that construct credentials from JSON content in environment variables.
+
 Usage:
-    from airbyte_ops_mcp.gcp_auth import get_secret_manager_client
+    from airbyte_ops_mcp.gcp_auth import get_gcp_credentials, get_secret_manager_client
+
+    # Get credentials object to pass to any GCP client
+    credentials = get_gcp_credentials()
+    client = logging.Client(project="my-project", credentials=credentials)
 
-    # Get a properly authenticated Secret Manager client
+    # Or use the convenience helper for Secret Manager
     client = get_secret_manager_client()
 """
 
 from __future__ import annotations
 
+import json
 import logging
 import os
-import tempfile
-from pathlib import Path
+import sys
+import threading
 
+import google.auth
+from google.cloud import logging as gcp_logging
 from google.cloud import secretmanager
+from google.oauth2 import service_account
 
 from airbyte_ops_mcp.constants import ENV_GCP_PROD_DB_ACCESS_CREDENTIALS
 
 logger = logging.getLogger(__name__)
 
-# Environment variable name (internal to GCP libraries)
-ENV_GOOGLE_APPLICATION_CREDENTIALS = "GOOGLE_APPLICATION_CREDENTIALS"
 
-# Module-level cache for the credentials file path
-_credentials_file_path: str | None = None
+def _get_identity_from_service_account_info(info: dict) -> str | None:
+    """Extract service account identity from parsed JSON info.
+
+    Only accesses the 'client_email' key to avoid any risk of leaking
+    other credential material.
 
+    Args:
+        info: Parsed service account JSON as a dict.
 
-def ensure_adc_credentials() -> str | None:
-    """Ensure GCP Application Default Credentials are available.
+    Returns:
+        The client_email if present and a string, otherwise None.
+    """
+    client_email = info.get("client_email")
+    if isinstance(client_email, str):
+        return client_email
+    return None
 
-    If GOOGLE_APPLICATION_CREDENTIALS is not set but GCP_PROD_DB_ACCESS_CREDENTIALS is,
-    write the JSON credentials to a temp file and set GOOGLE_APPLICATION_CREDENTIALS
-    to point to that file. This provides a fallback for internal employees who use
-    GCP_PROD_DB_ACCESS_CREDENTIALS as their standard credential source.
 
-    Note: GOOGLE_APPLICATION_CREDENTIALS must be a file path, not JSON content.
-    The GCP_PROD_DB_ACCESS_CREDENTIALS env var contains the JSON content directly,
-    so we write it to a temp file first.
+def _get_identity_from_credentials(
+    credentials: google.auth.credentials.Credentials,
+) -> str | None:
+    """Extract identity from a credentials object using safe attribute access.
 
-    This function is idempotent and safe to call multiple times.
+    Only accesses known-safe attributes that don't trigger network calls
+    or token refresh.
+
+    Args:
+        credentials: A GCP credentials object.
 
     Returns:
-        The path to the credentials file if one was created, or None if
-        GOOGLE_APPLICATION_CREDENTIALS was already set.
+        The service account email if available, otherwise None.
     """
-    global _credentials_file_path
+    # Try service_account_email first (most common for service accounts)
+    identity = getattr(credentials, "service_account_email", None)
+    if isinstance(identity, str):
+        return identity
+
+    # Try signer_email as fallback (sometimes present on impersonated creds)
+    identity = getattr(credentials, "signer_email", None)
+    if isinstance(identity, str):
+        return identity
+
+    return None
+
 
-    # If GOOGLE_APPLICATION_CREDENTIALS is already set, nothing to do
-    if ENV_GOOGLE_APPLICATION_CREDENTIALS in os.environ:
-        return None
+# Default scopes for GCP services used by this module
+DEFAULT_GCP_SCOPES = ["https://www.googleapis.com/auth/cloud-platform"]
 
-    # Check if we have the fallback credentials
-    gsm_creds = os.getenv(ENV_GCP_PROD_DB_ACCESS_CREDENTIALS)
-    if not gsm_creds:
-        return None
+# Module-level cache for credentials (thread-safe)
+_cached_credentials: google.auth.credentials.Credentials | None = None
+_credentials_lock = threading.Lock()
 
-    # Reuse the same file path if we've already written credentials and file still exists
-    if _credentials_file_path is not None and Path(_credentials_file_path).exists():
-        os.environ[ENV_GOOGLE_APPLICATION_CREDENTIALS] = _credentials_file_path
-        return _credentials_file_path
 
-    # Write credentials to a temp file
-    # Use a unique filename based on PID to avoid collisions between processes
-    creds_file = Path(tempfile.gettempdir()) / f"gcp_prod_db_creds_{os.getpid()}.json"
-    creds_file.write_text(gsm_creds)
+def get_gcp_credentials() -> google.auth.credentials.Credentials:
+    """Get GCP credentials, preferring direct JSON parsing over file-based ADC.
 
-    # Set restrictive permissions (owner read/write only)
-    creds_file.chmod(0o600)
+    This function resolves credentials in the following order:
+    1. GCP_PROD_DB_ACCESS_CREDENTIALS env var (JSON content) - parsed directly
+    2. Standard ADC discovery (workload identity, gcloud auth, GOOGLE_APPLICATION_CREDENTIALS)
 
-    _credentials_file_path = str(creds_file)
-    os.environ[ENV_GOOGLE_APPLICATION_CREDENTIALS] = _credentials_file_path
+    The credentials are cached after first resolution for efficiency.
+    Uses the cloud-platform scope which provides access to all GCP services.
 
-    logger.debug(
-        f"Wrote {ENV_GCP_PROD_DB_ACCESS_CREDENTIALS} to {creds_file} and set "
-        f"{ENV_GOOGLE_APPLICATION_CREDENTIALS}"
-    )
+    Returns:
+        A Credentials object that can be passed to any GCP client constructor.
 
-    return _credentials_file_path
+    Raises:
+        google.auth.exceptions.DefaultCredentialsError: If no credentials can be found.
+    """
+    global _cached_credentials
+
+    # Return cached credentials if available (fast path without lock)
+    if _cached_credentials is not None:
+        return _cached_credentials
+
+    # Acquire lock for thread-safe credential initialization
+    with _credentials_lock:
+        # Double-check after acquiring lock (another thread may have initialized)
+        if _cached_credentials is not None:
+            return _cached_credentials
+
+        # Try GCP_PROD_DB_ACCESS_CREDENTIALS first (JSON content in env var)
+        creds_json = os.getenv(ENV_GCP_PROD_DB_ACCESS_CREDENTIALS)
+        if creds_json:
+            try:
+                creds_dict = json.loads(creds_json)
+                credentials = service_account.Credentials.from_service_account_info(
+                    creds_dict,
+                    scopes=DEFAULT_GCP_SCOPES,
+                )
+                # Extract identity safely (only after successful credential creation)
+                identity = _get_identity_from_service_account_info(creds_dict)
+                identity_str = f" (identity: {identity})" if identity else ""
+                print(
+                    f"GCP credentials loaded from {ENV_GCP_PROD_DB_ACCESS_CREDENTIALS}{identity_str}",
+                    file=sys.stderr,
+                )
+                logger.debug(
+                    f"Loaded GCP credentials from {ENV_GCP_PROD_DB_ACCESS_CREDENTIALS} env var"
+                )
+                _cached_credentials = credentials
+                return credentials
+            except (json.JSONDecodeError, ValueError) as e:
+                # Log only exception type to avoid any risk of leaking credential content
+                logger.warning(
+                    f"Failed to parse {ENV_GCP_PROD_DB_ACCESS_CREDENTIALS}: "
+                    f"{type(e).__name__}. Falling back to ADC discovery."
+                )
+
+        # Fall back to standard ADC discovery
+        credentials, project = google.auth.default(scopes=DEFAULT_GCP_SCOPES)
+        # Extract identity safely from ADC credentials
+        identity = _get_identity_from_credentials(credentials)
+        identity_str = f" (identity: {identity})" if identity else ""
+        project_str = f" (project: {project})" if project else ""
+        print(
+            f"GCP credentials loaded via ADC{project_str}{identity_str}",
+            file=sys.stderr,
+        )
+        logger.debug(f"Loaded GCP credentials via ADC discovery (project: {project})")
+        _cached_credentials = credentials
+        return credentials
 
 
 def get_secret_manager_client() -> secretmanager.SecretManagerServiceClient:
     """Get a Secret Manager client with proper credential handling.
 
-    This function ensures GCP credentials are available (supporting the
-    GCP_PROD_DB_ACCESS_CREDENTIALS fallback) before creating the client.
+    This function uses get_gcp_credentials() to resolve credentials and passes
+    them directly to the client constructor.
 
     Returns:
         A configured SecretManagerServiceClient instance.
     """
-    ensure_adc_credentials()
-    return secretmanager.SecretManagerServiceClient()
+    credentials = get_gcp_credentials()
+    return secretmanager.SecretManagerServiceClient(credentials=credentials)
+
+
+def get_logging_client(project: str) -> gcp_logging.Client:
+    """Get a Cloud Logging client with proper credential handling.
+
+    This function uses get_gcp_credentials() to resolve credentials and passes
+    them directly to the client constructor.
+
+    Args:
+        project: The GCP project ID to use for logging operations.
+
+    Returns:
+        A configured Cloud Logging Client instance.
+    """
+    credentials = get_gcp_credentials()
+    return gcp_logging.Client(project=project, credentials=credentials)

airbyte_ops_mcp/gcp_logs/error_lookup.py

@@ -24,10 +24,12 @@ from datetime import UTC, datetime, timedelta
 from enum import StrEnum
 from typing import Any
 
-from google.cloud import logging
+from google.cloud import logging as gcp_logging
 from google.cloud.logging_v2 import entries
 from pydantic import BaseModel, Field
 
+from airbyte_ops_mcp.gcp_auth import get_logging_client
+
 # Default GCP project for Airbyte Cloud
 DEFAULT_GCP_PROJECT = "prod-ab-cloud-proj"
 
@@ -291,14 +293,13 @@ def fetch_error_logs(
     specified error ID, then fetches related log entries (multi-line stack traces)
     from the same timestamp and resource.
     """
-    client_options = {"quota_project_id": project}
-    client = logging.Client(project=project, client_options=client_options)
+    client = get_logging_client(project)
 
     filter_str = _build_filter(error_id, lookback_days, min_severity_filter)
 
     entries_iterator = client.list_entries(
         filter_=filter_str,
-        order_by=logging.DESCENDING,
+        order_by=gcp_logging.DESCENDING,
     )
 
     initial_matches = list(entries_iterator)
@@ -356,7 +357,7 @@ def fetch_error_logs(
 
         related_entries = client.list_entries(
             filter_=related_filter,
-            order_by=logging.ASCENDING,
+            order_by=gcp_logging.ASCENDING,
         )
 
         for entry in related_entries:

airbyte_ops_mcp/mcp/prerelease.py

@@ -2,12 +2,15 @@
 """MCP tools for triggering connector pre-release workflows.
 
 This module provides MCP tools for triggering the publish-connectors-prerelease
-workflow in the airbytehq/airbyte repository via GitHub's workflow dispatch API.
+workflow in the airbytehq/airbyte repository (for OSS connectors) or the
+publish_enterprise_connectors workflow in airbytehq/airbyte-enterprise
+(for enterprise connectors) via GitHub's workflow dispatch API.
 """
 
 from __future__ import annotations
 
 import base64
+from enum import StrEnum
 from typing import Annotated, Literal
 
 import requests
@@ -18,12 +21,25 @@ from pydantic import BaseModel, Field
 from airbyte_ops_mcp.github_actions import GITHUB_API_BASE, resolve_github_token
 from airbyte_ops_mcp.mcp._mcp_utils import mcp_tool, register_mcp_tools
 
+
+class ConnectorRepo(StrEnum):
+    """Repository where connector code is located."""
+
+    AIRBYTE = "airbyte"
+    AIRBYTE_ENTERPRISE = "airbyte-enterprise"
+
+
 DEFAULT_REPO_OWNER = "airbytehq"
-DEFAULT_REPO_NAME = "airbyte"
+DEFAULT_REPO_NAME = ConnectorRepo.AIRBYTE
 DEFAULT_BRANCH = "master"
 PRERELEASE_WORKFLOW_FILE = "publish-connectors-prerelease-command.yml"
 CONNECTOR_PATH_PREFIX = "airbyte-integrations/connectors"
 
+# Enterprise repository constants
+ENTERPRISE_REPO_NAME = ConnectorRepo.AIRBYTE_ENTERPRISE
+ENTERPRISE_DEFAULT_BRANCH = "main"
+ENTERPRISE_PRERELEASE_WORKFLOW_FILE = "publish_enterprise_connectors.yml"
+
 # Token env vars for prerelease publishing (in order of preference)
 PRERELEASE_TOKEN_ENV_VARS = [
     "GITHUB_CONNECTOR_PUBLISHING_PAT",
@@ -238,6 +254,14 @@ def publish_connector_to_airbyte_registry(
         int,
         Field(description="The pull request number containing the connector changes"),
     ],
+    repo: Annotated[
+        ConnectorRepo,
+        Field(
+            default=ConnectorRepo.AIRBYTE,
+            description="Repository where the connector PR is located. "
+            "Use 'airbyte' for OSS connectors (default) or 'airbyte-enterprise' for enterprise connectors.",
+        ),
+    ],
     prerelease: Annotated[
         Literal[True],
         Field(
@@ -249,8 +273,10 @@ def publish_connector_to_airbyte_registry(
     """Publish a connector to the Airbyte registry.
 
     Currently only supports pre-release publishing. This tool triggers the
-    publish-connectors-prerelease workflow in the airbytehq/airbyte repository,
-    which publishes a pre-release version of the specified connector from the PR branch.
+    publish-connectors-prerelease workflow in the airbytehq/airbyte repository
+    (for OSS connectors) or the publish_enterprise_connectors workflow in
+    airbytehq/airbyte-enterprise (for enterprise connectors), which publishes
+    a pre-release version of the specified connector from the PR branch.
 
     Pre-release versions are tagged with the format: {version}-preview.{7-char-git-sha}
     These versions are available for version pinning via the scoped_configuration API.
@@ -267,17 +293,27 @@ def publish_connector_to_airbyte_registry(
     # Guard: Check for required token
     token = resolve_github_token(PRERELEASE_TOKEN_ENV_VARS)
 
+    # Determine repo-specific settings
+    is_enterprise = repo == ConnectorRepo.AIRBYTE_ENTERPRISE
+    target_repo_name = ENTERPRISE_REPO_NAME if is_enterprise else DEFAULT_REPO_NAME
+    target_branch = ENTERPRISE_DEFAULT_BRANCH if is_enterprise else DEFAULT_BRANCH
+    target_workflow = (
+        ENTERPRISE_PRERELEASE_WORKFLOW_FILE
+        if is_enterprise
+        else PRERELEASE_WORKFLOW_FILE
+    )
+
     # Get the PR's head SHA for computing the docker image tag
     # Note: We no longer pass gitref to the workflow - it derives the ref from PR number
     head_info = _get_pr_head_info(
-        DEFAULT_REPO_OWNER, DEFAULT_REPO_NAME, pr_number, token
+        DEFAULT_REPO_OWNER, target_repo_name, pr_number, token
     )
 
     # Prepare workflow inputs
     # The workflow uses refs/pull/{pr}/head directly - no gitref needed
     # Note: The workflow auto-detects modified connectors from the PR
     workflow_inputs = {
-        "repo": f"{DEFAULT_REPO_OWNER}/{DEFAULT_REPO_NAME}",
+        "repo": f"{DEFAULT_REPO_OWNER}/{target_repo_name}",
         "pr": str(pr_number),
     }
 
@@ -285,9 +321,9 @@ def publish_connector_to_airbyte_registry(
     # The workflow will checkout the PR branch via inputs.gitref
     workflow_url = _trigger_workflow_dispatch(
         owner=DEFAULT_REPO_OWNER,
-        repo=DEFAULT_REPO_NAME,
-        workflow_file=PRERELEASE_WORKFLOW_FILE,
-        ref=DEFAULT_BRANCH,
+        repo=target_repo_name,
+        workflow_file=target_workflow,
+        ref=target_branch,
         inputs=workflow_inputs,
         token=token,
     )
@@ -297,7 +333,7 @@ def publish_connector_to_airbyte_registry(
     docker_image_tag: str | None = None
     metadata = _get_connector_metadata(
         DEFAULT_REPO_OWNER,
-        DEFAULT_REPO_NAME,
+        target_repo_name,
         connector_name,
         head_info.sha,
         token,
@@ -311,9 +347,10 @@ def publish_connector_to_airbyte_registry(
                 base_version, head_info.sha
             )
 
+    repo_info = f" from {repo}" if is_enterprise else ""
     return PrereleaseWorkflowResult(
         success=True,
-        message=f"Successfully triggered pre-release workflow for {connector_name} from PR #{pr_number}",
+        message=f"Successfully triggered pre-release workflow for {connector_name}{repo_info} from PR #{pr_number}",
         workflow_url=workflow_url,
         connector_name=connector_name,
         pr_number=pr_number,