alita-sdk 0.3.257__py3-none-any.whl → 0.3.584__py3-none-any.whl

alita_sdk/configurations/github.py

@@ -84,4 +84,68 @@ class GithubConfiguration(BaseModel):
             "Authentication is misconfigured: provide either Token (access_token), "
             "Password (username + password), App private key (app_id + app_private_key), "
             "or leave all blank for anonymous access."
-        )
+        )
+
+    @staticmethod
+    def check_connection(settings: dict) -> str | None:
+        """
+        Check GitHub connection using provided settings.
+        Returns None if connection is successful, error message otherwise.
+        """
+        import requests
+        from requests.auth import HTTPBasicAuth
+        import jwt
+        import time
+
+        base_url = settings.get('base_url', 'https://api.github.com')
+        access_token = settings.get('access_token')
+        username = settings.get('username')
+        password = settings.get('password')
+        app_id = settings.get('app_id')
+        app_private_key = settings.get('app_private_key')
+
+        # if all auth methods are None or empty, allow anonymous access
+        if not any([access_token, (username and password), (app_id and app_private_key)]):
+            return None
+
+        headers = {'Accept': 'application/vnd.github.v3+json'}
+        auth = None
+
+        try:
+            # Determine authentication method
+            if access_token:
+                headers['Authorization'] = f'token {access_token}'
+            elif username and password:
+                auth = HTTPBasicAuth(username, password)
+            elif app_id and app_private_key:
+                # Generate JWT for GitHub App authentication
+                payload = {
+                    'iat': int(time.time()),
+                    'exp': int(time.time()) + 600,  # 10 minutes
+                    'iss': app_id
+                }
+                jwt_token = jwt.encode(payload, app_private_key, algorithm='RS256')
+                headers['Authorization'] = f'Bearer {jwt_token}'
+
+            # Test connection with user endpoint
+            response = requests.get(f'{base_url}/user', headers=headers, auth=auth, timeout=10)
+
+            if response.status_code == 200:
+                return None
+            elif response.status_code == 401:
+                return "Authentication failed: Invalid credentials"
+            elif response.status_code == 403:
+                return "Access forbidden: Check your permissions"
+            elif response.status_code == 404:
+                return "GitHub API endpoint not found"
+            else:
+                return f"Connection failed with status {response.status_code}: {response.text}"
+
+        except requests.exceptions.ConnectionError:
+            return "Connection error: Unable to reach GitHub API"
+        except requests.exceptions.Timeout:
+            return "Connection timeout: GitHub API did not respond in time"
+        except jwt.InvalidKeyError:
+            return "Invalid private key format for GitHub App authentication"
+        except Exception as e:
+            return f"Unexpected error: {str(e)}"

alita_sdk/configurations/gitlab.py

@@ -29,3 +29,84 @@ class GitlabConfiguration(BaseModel):
     )
     url: str = Field(description="GitLab URL")
     private_token: SecretStr = Field(description="GitLab private token")
+
+    @staticmethod
+    def check_connection(settings: dict) -> str | None:
+        """
+        Check the connection to GitLab.
+        
+        Args:
+            settings: Dictionary containing GitLab configuration
+                - url: GitLab instance URL (required)
+                - private_token: GitLab private token for authentication (required)
+        
+        Returns:
+            None if connection successful, error message string if failed
+        """
+        import requests
+        
+        # Validate url
+        url = settings.get("url", "").strip()
+        if not url:
+            return "GitLab URL is required"
+        
+        # Normalize URL - remove trailing slashes
+        url = url.rstrip("/")
+        
+        # Basic URL validation
+        if not url.startswith(("http://", "https://")):
+            return "GitLab URL must start with http:// or https://"
+        
+        # Validate private_token
+        private_token = settings.get("private_token")
+        if not private_token:
+            return "GitLab private token is required"
+        
+        # Extract token value if it's a SecretStr
+        token_value = private_token.get_secret_value() if hasattr(private_token, 'get_secret_value') else private_token
+        
+        if not token_value or not str(token_value).strip():
+            return "GitLab private token cannot be empty"
+        
+        # Test connection using /api/v4/user endpoint
+        # This endpoint returns current authenticated user info
+        test_url = f"{url}/api/v4/user"
+        
+        # GitLab supports both PRIVATE-TOKEN header and Authorization Bearer
+        # Using PRIVATE-TOKEN is GitLab-specific and more explicit
+        headers = {
+            "PRIVATE-TOKEN": str(token_value).strip()
+        }
+        
+        try:
+            response = requests.get(
+                test_url,
+                headers=headers,
+                timeout=10
+            )
+            
+            # Check response status
+            if response.status_code == 200:
+                # Successfully connected and authenticated
+                return None
+            elif response.status_code == 401:
+                return "Authentication failed: invalid private token"
+            elif response.status_code == 403:
+                return "Access forbidden: token lacks required permissions"
+            elif response.status_code == 404:
+                return "GitLab API endpoint not found: verify the GitLab URL"
+            else:
+                return f"GitLab API returned status code {response.status_code}"
+
+        except requests.exceptions.SSLError as e:
+            if 'Hostname mismatch' in str(e):
+                return "GitLab API endpoint not found: verify the GitLab URL"
+            return f"SSL certificate verification failed: {str(e)}"
+        except requests.exceptions.ConnectionError:
+            return f"Cannot connect to GitLab at {url}: connection refused"
+        except requests.exceptions.Timeout:
+            return f"Connection to GitLab at {url} timed out"
+        except requests.exceptions.RequestException as e:
+            return f"Error connecting to GitLab: {str(e)}"
+        except Exception as e:
+            return f"Unexpected error: {str(e)}"

alita_sdk/configurations/google_places.py

@@ -0,0 +1,17 @@
+from pydantic import BaseModel, ConfigDict, Field, SecretStr
+
+
+class GooglePlacesConfiguration(BaseModel):
+    model_config = ConfigDict(
+        json_schema_extra={
+            "metadata": {
+                "label": "Google Places",
+                "icon_url": "google.svg",
+                "section": "credentials",
+                "type": "google_places",
+                "categories": ["other"],
+                "extra_categories": ["google", "places", "maps", "location", "geocoding"],
+            }
+        }
+    )
+    api_key: SecretStr = Field(description="Google Places API Key")

alita_sdk/configurations/jira.py

@@ -35,3 +35,106 @@ class JiraConfiguration(BaseModel):
     username: Optional[str] = Field(description="Jira Username", default=None)
     api_key: Optional[SecretStr] = Field(description="Jira API Key", default=None)
     token: Optional[SecretStr] = Field(description="Jira Token", default=None)
+
+    @staticmethod
+    def check_connection(settings: dict) -> str | None:
+        """
+        Check Jira connection using provided settings.
+        Returns None if connection is successful, error message otherwise.
+        
+        Tests authentication by calling the /rest/api/latest/myself endpoint,
+        which returns information about the currently authenticated user.
+        """
+        import requests
+        from requests.auth import HTTPBasicAuth
+
+        # Extract and validate settings
+        base_url = settings.get('base_url', '').rstrip('/')
+        username = settings.get('username')
+        api_key = settings.get('api_key')
+        token = settings.get('token')
+
+        # Validate base URL
+        if not base_url:
+            return "Base URL is required"
+        
+        if not base_url.startswith(('http://', 'https://')):
+            return "Base URL must start with http:// or https://"
+
+        # Validate authentication - at least one method must be provided
+        has_basic_auth = bool(username and api_key)
+        has_token = bool(token and str(token).strip())
+
+        if not (has_basic_auth or has_token):
+            return "Authentication required: Provide either username + API key, or bearer token"
+
+        # Setup authentication headers
+        headers = {'Accept': 'application/json'}
+        auth = None
+
+        if has_token:
+            # Bearer token authentication
+            token_value = token.get_secret_value() if hasattr(token, 'get_secret_value') else token
+            headers['Authorization'] = f'Bearer {token_value}'
+        elif has_basic_auth:
+            # Basic authentication
+            api_key_value = api_key.get_secret_value() if hasattr(api_key, 'get_secret_value') else api_key
+            auth = HTTPBasicAuth(username, api_key_value)
+
+        # Build API endpoint - using 'latest' for version independence
+        api_endpoint = f"{base_url}/rest/api/latest/myself"
+
+        try:
+            # Make authenticated request to verify credentials
+            response = requests.get(
+                api_endpoint,
+                headers=headers,
+                auth=auth,
+                timeout=10
+            )
+
+            # Handle different response codes
+            if response.status_code == 200:
+                return None  # Success - credentials are valid
+            
+            elif response.status_code == 401:
+                # Authentication failed
+                if has_token:
+                    return "Authentication failed: Invalid bearer token"
+                else:
+                    return "Authentication failed: Invalid username or API key"
+            
+            elif response.status_code == 403:
+                # Authenticated but insufficient permissions
+                return "Access forbidden: Your account has insufficient permissions to access Jira API"
+            
+            elif response.status_code == 404:
+                # API endpoint not found - likely wrong URL
+                return "Jira API endpoint not found: Verify your base URL (e.g., 'https://yourinstance.atlassian.net')"
+            
+            else:
+                # Other HTTP errors - try to extract Jira error messages
+                error_detail = ""
+                try:
+                    error_json = response.json()
+                    if 'errorMessages' in error_json and error_json['errorMessages']:
+                        error_detail = ": " + ", ".join(error_json['errorMessages'])
+                    elif 'message' in error_json:
+                        error_detail = f": {error_json['message']}"
+                except:
+                    pass
+                
+                return f"Connection failed with status {response.status_code}{error_detail}"
+
+        except requests.exceptions.SSLError:
+            return "SSL certificate verification failed: Check your Jira URL or network settings"
+        except requests.exceptions.ConnectionError:
+            return "Connection error: Unable to reach Jira server - check URL and network connectivity"
+        except requests.exceptions.Timeout:
+            return "Connection timeout: Jira server did not respond within 10 seconds"
+        except requests.exceptions.MissingSchema:
+            return "Invalid URL format: URL must include protocol (http:// or https://)"
+        except requests.exceptions.InvalidURL:
+            return "Invalid URL format: Please check your Jira base URL"
+        except Exception as e:
+            return f"Unexpected error: {str(e)}"

alita_sdk/configurations/openapi.py

@@ -0,0 +1,323 @@
+from typing import Any, Literal, Optional
+from pydantic import BaseModel, ConfigDict, Field, SecretStr, model_validator
+
+import base64
+import requests
+
+
+class OpenApiConfiguration(BaseModel):
+    """
+    OpenAPI configuration for authentication.
+    
+    Supports three authentication modes:
+    - Anonymous: No authentication (all fields empty)
+    - API Key: Static key sent via header (Bearer, Basic, or Custom)
+    - OAuth2 Client Credentials: Machine-to-machine authentication flow
+    
+    Note: Only OAuth2 Client Credentials flow is supported. Authorization Code flow
+    is not supported as it requires user interaction and pre-registered redirect URLs.
+    """
+    
+    model_config = ConfigDict(
+        extra='allow',
+        json_schema_extra={
+            "metadata": {
+                "label": "OpenAPI",
+                "icon_url": "openapi.svg",
+                "categories": ["integrations"],
+                "type": "openapi",
+                "extra_categories": ["api", "openapi", "swagger"],
+                "sections": {
+                    "auth": {
+                        "required": False,
+                        "subsections": [
+                            {
+                                "name": "API Key",
+                                "fields": ["api_key", "auth_type", "custom_header_name"],
+                            },
+                            {
+                                "name": "OAuth",
+                                "fields": [
+                                    "client_id",
+                                    "client_secret",
+                                    "token_url",
+                                    "scope",
+                                    "method",
+                                ],
+                            },
+                        ],
+                    },
+                },
+                "section": "credentials",
+            }
+        }
+    )
+
+    # =========================================================================
+    # API Key Authentication Fields
+    # =========================================================================
+    
+    api_key: Optional[SecretStr] = Field(
+        default=None,
+        description=(
+            "API key value (stored as a secret). Used when selecting 'API Key' authentication subsection."
+        ),
+    )
+    auth_type: Optional[Literal['Basic', 'Bearer', 'Custom']] = Field(
+        default='Bearer',
+        description=(
+            "How to apply the API key. "
+            "- 'Bearer': sets 'Authorization: Bearer <api_key>' "
+            "- 'Basic': sets 'Authorization: Basic <api_key>' "
+            "- 'custom': sets '<custom_header_name>: <api_key>'"
+        ),
+    )
+    custom_header_name: Optional[str] = Field(
+        default=None,
+        description="Custom header name to use when auth_type='custom' (e.g. 'X-Api-Key').",
+        json_schema_extra={'visible_when': {'field': 'auth_type', 'value': 'custom'}},
+    )
+
+    # =========================================================================
+    # OAuth2 Client Credentials Flow Fields
+    # =========================================================================
+    
+    client_id: Optional[str] = Field(
+        default=None, 
+        description='OAuth2 client ID (also known as Application ID or App ID)'
+    )
+    client_secret: Optional[SecretStr] = Field(
+        default=None, 
+        description='OAuth2 client secret (stored securely)'
+    )
+    token_url: Optional[str] = Field(
+        default=None, 
+        description=(
+            'OAuth2 token endpoint URL for obtaining access tokens. '
+            'Examples: '
+            'Azure AD: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token, '
+            'Google: https://oauth2.googleapis.com/token, '
+            'Auth0: https://{domain}/oauth/token, '
+            'Spotify: https://accounts.spotify.com/api/token'
+        )
+    )
+    scope: Optional[str] = Field(
+        default=None, 
+        description=(
+            'OAuth2 scope(s), space-separated if multiple (per OAuth2 RFC 6749). '
+            'Examples: "user-read-private user-read-email" (Spotify), '
+            '"api://app-id/.default" (Azure), '
+            '"https://www.googleapis.com/auth/cloud-platform" (Google)'
+        )
+    )
+    method: Optional[Literal['default', 'Basic']] = Field(
+        default='default',
+        description=(
+            "Token exchange method for client credentials flow. "
+            "'default': Sends client_id and client_secret in POST body (Azure AD, Auth0, most providers). "
+            "'Basic': Sends credentials via HTTP Basic auth header - required by Spotify, some AWS services, and certain OAuth providers."
+        ),
+    )
+
+    @model_validator(mode='before')
+    @classmethod
+    def _validate_auth_consistency(cls, values):
+        if not isinstance(values, dict):
+            return values
+
+        # OAuth: if any OAuth field is provided, require the essential ones
+        has_any_oauth = any(
+            (values.get('client_id'), values.get('client_secret'), values.get('token_url'))
+        )
+        if has_any_oauth:
+            missing = []
+            if not values.get('client_id'):
+                missing.append('client_id')
+            if not values.get('client_secret'):
+                missing.append('client_secret')
+            if not values.get('token_url'):
+                missing.append('token_url')
+            if missing:
+                raise ValueError(f"OAuth is misconfigured; missing: {', '.join(missing)}")
+
+        # API key: if auth_type is custom, custom_header_name must be present
+        auth_type = values.get('auth_type')
+        if isinstance(auth_type, str) and auth_type.strip().lower() == 'custom' and values.get('api_key'):
+            if not values.get('custom_header_name'):
+                raise ValueError("custom_header_name is required when auth_type='custom'")
+
+        return values
+
+    @staticmethod
+    def check_connection(settings: dict) -> str | None:
+        """
+        Validate the OpenAPI configuration by testing connectivity where possible.
+        
+        Validation behavior by authentication type:
+        
+        1. ANONYMOUS (no auth fields configured):
+           - Cannot validate without making actual API calls
+           - Returns None (success) - validation skipped
+           
+        2. API KEY (api_key field configured):
+           - Cannot validate without knowing which endpoint to call
+           - The OpenAPI spec is not available at configuration time
+           - Returns None (success) - validation skipped
+           
+        3. OAUTH2 CLIENT CREDENTIALS (client_id, client_secret, token_url configured):
+           - CAN validate by attempting token exchange with the OAuth provider
+           - Makes a real HTTP request to token_url
+           - Returns None on success, error message on failure
+        
+        Args:
+            settings: Dictionary containing OpenAPI configuration fields
+        
+        Returns:
+            None: Configuration is valid (or cannot be validated for this auth type)
+            str: Error message describing the validation failure
+        """
+        
+        # =====================================================================
+        # Determine authentication type from configured fields
+        # =====================================================================
+        
+        client_id = settings.get('client_id')
+        client_secret = settings.get('client_secret')
+        token_url = settings.get('token_url')
+        
+        has_oauth_fields = client_id or client_secret or token_url
+        
+        # =====================================================================
+        # ANONYMOUS or API KEY: Cannot validate, return success
+        # =====================================================================
+        
+        if not has_oauth_fields:
+            # No OAuth fields configured - this is either:
+            # - Anonymous authentication (no auth at all)
+            # - API Key authentication (api_key field may be set)
+            # 
+            # Neither can be validated without making actual API calls to the
+            # target service, and we don't have the OpenAPI spec available here.
+            return None
+        
+        # =====================================================================
+        # OAUTH2: Validate by attempting token exchange
+        # =====================================================================
+        
+        # Check for required OAuth fields
+        if not client_id:
+            return "OAuth client_id is required when using OAuth authentication"
+        if not client_secret:
+            return "OAuth client_secret is required when using OAuth authentication"
+        if not token_url:
+            return "OAuth token_url is required when using OAuth authentication"
+        
+        # Extract secret value if it's a SecretStr
+        if hasattr(client_secret, 'get_secret_value'):
+            client_secret = client_secret.get_secret_value()
+        
+        if not client_secret or not str(client_secret).strip():
+            return "OAuth client_secret cannot be empty"
+        
+        # Validate token_url format
+        token_url = token_url.strip()
+        if not token_url.startswith(('http://', 'https://')):
+            return "OAuth token_url must start with http:// or https://"
+        
+        # Get optional OAuth settings
+        scope = settings.get('scope')
+        method = settings.get('method', 'default') or 'default'
+        
+        # ---------------------------------------------------------------------
+        # Attempt OAuth2 Client Credentials token exchange
+        # ---------------------------------------------------------------------
+        
+        try:
+            headers = {
+                'Content-Type': 'application/x-www-form-urlencoded',
+                'Accept': 'application/json',
+            }
+            
+            data = {
+                'grant_type': 'client_credentials',
+            }
+            
+            # Apply credentials based on method
+            if method == 'Basic':
+                # Basic method: credentials in Authorization header (Spotify, some AWS)
+                credentials = f"{client_id}:{client_secret}"
+                encoded = base64.b64encode(credentials.encode('utf-8')).decode('utf-8')
+                headers['Authorization'] = f'Basic {encoded}'
+            else:
+                # Default method: credentials in POST body (Azure AD, Auth0, most providers)
+                data['client_id'] = client_id
+                data['client_secret'] = str(client_secret)
+            
+            if scope:
+                data['scope'] = scope
+            
+            response = requests.post(
+                token_url,
+                headers=headers,
+                data=data,
+                timeout=30,
+            )
+            
+            # ---------------------------------------------------------------------
+            # Handle response
+            # ---------------------------------------------------------------------
+            
+            if response.status_code == 200:
+                try:
+                    token_data = response.json()
+                    if 'access_token' in token_data:
+                        return None  # Success - token obtained
+                    return "OAuth response did not contain 'access_token'"
+                except Exception:
+                    return "Failed to parse OAuth token response"
+            
+            # Handle common error status codes with helpful messages
+            if response.status_code == 400:
+                try:
+                    error_data = response.json()
+                    error = error_data.get('error', 'bad_request')
+                    error_desc = error_data.get('error_description', '')
+                    if error_desc:
+                        return f"OAuth error: {error} - {error_desc}"
+                    return f"OAuth error: {error}"
+                except Exception:
+                    return "OAuth request failed: bad request (400)"
+            
+            if response.status_code == 401:
+                return "OAuth authentication failed: invalid client_id or client_secret"
+            
+            if response.status_code == 403:
+                return "OAuth access forbidden: client may lack required permissions"
+            
+            if response.status_code == 404:
+                return f"OAuth token endpoint not found: {token_url}"
+            
+            return f"OAuth token request failed with status {response.status_code}"
+            
+        except requests.exceptions.SSLError as e:
+            error_str = str(e).lower()
+            if 'hostname mismatch' in error_str:
+                return "OAuth token_url hostname does not match SSL certificate - verify the URL is correct"
+            if 'certificate verify failed' in error_str:
+                return "SSL certificate verification failed for OAuth endpoint - the server may have an invalid or self-signed certificate"
+            if 'certificate has expired' in error_str:
+                return "SSL certificate has expired for OAuth endpoint"
+            return "SSL error connecting to OAuth endpoint - verify the token_url is correct"
+        except requests.exceptions.ConnectionError as e:
+            error_str = str(e).lower()
+            if 'name or service not known' in error_str or 'nodename nor servname provided' in error_str:
+                return "OAuth token_url hostname could not be resolved - verify the URL is correct"
+            if 'connection refused' in error_str:
+                return "Connection refused by OAuth endpoint - verify the token_url and port are correct"
+            return "Cannot connect to OAuth token endpoint - verify the token_url is correct"
+        except requests.exceptions.Timeout:
+            return "OAuth token request timed out - the endpoint may be unreachable"
+        except requests.exceptions.RequestException:
+            return "OAuth request failed - verify the token_url is correct and accessible"
+        except Exception:
+            return "Unexpected error during OAuth configuration validation"

alita_sdk/configurations/postman.py

@@ -22,7 +22,7 @@ class PostmanConfiguration(BaseModel):
                 },
                 "section": "credentials",
                 "type": "postman",
-                "categories": ["api testing"],
+                "categories": ["other"],
                 "extra_categories": ["postman", "api", "testing", "collection"],
             }
         }