cloudcost-cli 0.1.0__py3-none-any.whl

backend/app/github_client.py

@@ -0,0 +1,197 @@
+import base64
+import time
+from dataclasses import dataclass
+from typing import Any
+
+import httpx
+import jwt
+
+from backend.app.comments import CLOUDCOST_COMMENT_MARKER
+from backend.app.config import Settings
+
+
+def _raise_for_github_status(response: httpx.Response) -> None:
+    try:
+        response.raise_for_status()
+    except httpx.HTTPStatusError as exc:
+        detail = response.text.strip() or response.reason_phrase
+        accepted_permissions = response.headers.get("x-accepted-github-permissions")
+        permission_hint = f" Accepted permissions: {accepted_permissions}." if accepted_permissions else ""
+        raise RuntimeError(
+            f"GitHub API returned {response.status_code} for "
+            f"{response.request.method} {response.request.url}: {detail[:1000]}{permission_hint}"
+        ) from exc
+
+
+@dataclass(frozen=True)
+class PullRequestContext:
+    owner: str
+    repo: str
+    full_name: str
+    number: int
+    title: str
+    head_sha: str
+    installation_id: int
+    is_draft: bool
+
+    @classmethod
+    def from_payload(cls, payload: dict[str, Any]) -> "PullRequestContext":
+        repository = payload["repository"]
+        pull_request = payload["pull_request"]
+        return cls(
+            owner=repository["owner"]["login"],
+            repo=repository["name"],
+            full_name=repository["full_name"],
+            number=int(pull_request["number"]),
+            title=pull_request.get("title") or f"PR #{pull_request['number']}",
+            head_sha=pull_request["head"]["sha"],
+            installation_id=int(payload["installation"]["id"]),
+            is_draft=bool(pull_request.get("draft")),
+        )
+
+
+@dataclass(frozen=True)
+class PlanFile:
+    path: str
+    sha: str
+    size: int | None = None
+
+
+class GitHubAppClient:
+    def __init__(self, settings: Settings, client: httpx.AsyncClient | None = None) -> None:
+        self.settings = settings
+        self.client = client or httpx.AsyncClient(timeout=30.0)
+
+    def _headers(self, token: str) -> dict[str, str]:
+        return {
+            "Accept": "application/vnd.github+json",
+            "Authorization": f"Bearer {token}",
+            "X-GitHub-Api-Version": self.settings.github_api_version,
+        }
+
+    def app_jwt(self) -> str:
+        now = int(time.time())
+        payload = {
+            "iat": now - 60,
+            "exp": now + (9 * 60),
+            "iss": self.settings.github_jwt_issuer,
+        }
+        return jwt.encode(payload, self.settings.load_github_private_key(), algorithm="RS256")
+
+    async def create_installation_token(self, installation_id: int) -> str:
+        url = f"{self.settings.github_api_url}/app/installations/{installation_id}/access_tokens"
+        response = await self.client.post(url, headers=self._headers(self.app_jwt()))
+        _raise_for_github_status(response)
+        return response.json()["token"]
+
+
+class GitHubInstallationClient:
+    def __init__(self, settings: Settings, token: str, client: httpx.AsyncClient | None = None) -> None:
+        self.settings = settings
+        self.token = token
+        self.client = client or httpx.AsyncClient(timeout=30.0)
+
+    @property
+    def headers(self) -> dict[str, str]:
+        return {
+            "Accept": "application/vnd.github+json",
+            "Authorization": f"Bearer {self.token}",
+            "X-GitHub-Api-Version": self.settings.github_api_version,
+        }
+
+    async def list_pull_files(self, owner: str, repo: str, pull_number: int) -> list[dict[str, Any]]:
+        files: list[dict[str, Any]] = []
+        page = 1
+        while page <= 30:
+            url = f"{self.settings.github_api_url}/repos/{owner}/{repo}/pulls/{pull_number}/files"
+            response = await self.client.get(
+                url,
+                headers=self.headers,
+                params={"per_page": 100, "page": page},
+            )
+            _raise_for_github_status(response)
+            batch = response.json()
+            files.extend(batch)
+            if len(batch) < 100:
+                break
+            page += 1
+        return files
+
+    async def fetch_blob(self, owner: str, repo: str, sha: str) -> bytes:
+        url = f"{self.settings.github_api_url}/repos/{owner}/{repo}/git/blobs/{sha}"
+        response = await self.client.get(url, headers=self.headers)
+        _raise_for_github_status(response)
+        payload = response.json()
+        if payload.get("encoding") != "base64":
+            raise RuntimeError(f"Unsupported GitHub blob encoding: {payload.get('encoding')}")
+        compact = "".join(str(payload["content"]).splitlines())
+        return base64.b64decode(compact)
+
+    async def list_repository_tree_files(self, owner: str, repo: str, commit_sha: str) -> list[dict[str, Any]]:
+        commit_url = f"{self.settings.github_api_url}/repos/{owner}/{repo}/git/commits/{commit_sha}"
+        commit_response = await self.client.get(commit_url, headers=self.headers)
+        _raise_for_github_status(commit_response)
+        tree_sha = commit_response.json()["tree"]["sha"]
+
+        tree_url = f"{self.settings.github_api_url}/repos/{owner}/{repo}/git/trees/{tree_sha}"
+        tree_response = await self.client.get(
+            tree_url,
+            headers=self.headers,
+            params={"recursive": "1"},
+        )
+        _raise_for_github_status(tree_response)
+        tree = tree_response.json()
+        return [
+            {"filename": item["path"], "sha": item["sha"], "changes": item.get("size")}
+            for item in tree.get("tree", [])
+            if item.get("type") == "blob"
+        ]
+
+    async def list_issue_comments(self, owner: str, repo: str, issue_number: int) -> list[dict[str, Any]]:
+        url = f"{self.settings.github_api_url}/repos/{owner}/{repo}/issues/{issue_number}/comments"
+        response = await self.client.get(url, headers=self.headers, params={"per_page": 100})
+        _raise_for_github_status(response)
+        return response.json()
+
+    async def upsert_pr_comment(self, owner: str, repo: str, pull_number: int, body: str) -> dict[str, Any]:
+        comments = await self.list_issue_comments(owner, repo, pull_number)
+        existing = next(
+            (comment for comment in comments if CLOUDCOST_COMMENT_MARKER in str(comment.get("body", ""))),
+            None,
+        )
+
+        if existing:
+            url = existing["url"]
+            response = await self.client.patch(url, headers=self.headers, json={"body": body})
+        else:
+            url = f"{self.settings.github_api_url}/repos/{owner}/{repo}/issues/{pull_number}/comments"
+            response = await self.client.post(url, headers=self.headers, json={"body": body})
+
+        _raise_for_github_status(response)
+        return response.json()
+
+
+def find_terraform_plan_file(files: list[dict[str, Any]], settings: Settings) -> PlanFile | None:
+    candidates: list[PlanFile] = []
+    for file in files:
+        path = str(file.get("filename", ""))
+        name = path.rsplit("/", 1)[-1].lower()
+        lowered_path = path.lower()
+        if name in settings.plan_names or lowered_path.endswith(settings.plan_suffixes):
+            sha = file.get("sha")
+            if sha:
+                candidates.append(PlanFile(path=path, sha=str(sha), size=file.get("changes")))
+
+    if not candidates:
+        return None
+
+    def priority(item: PlanFile) -> tuple[int, str]:
+        name = item.path.rsplit("/", 1)[-1].lower()
+        if name == "plan.json":
+            return (0, item.path)
+        if name in settings.plan_names:
+            return (1, item.path)
+        return (2, item.path)
+
+    candidates.sort(key=priority)
+    return candidates[0]

backend/app/infracost.py

@@ -0,0 +1,129 @@
+import asyncio
+import json
+import os
+import tempfile
+from dataclasses import dataclass
+from pathlib import Path
+from typing import Any
+
+import httpx
+
+from backend.app.config import Settings
+
+
+@dataclass(frozen=True)
+class InfracostEstimate:
+    raw: dict[str, Any]
+    diff_total_monthly_cost: Any
+    total_monthly_cost: Any
+    past_total_monthly_cost: Any
+
+
+class InfracostClient:
+    def __init__(self, settings: Settings, client: httpx.AsyncClient | None = None) -> None:
+        self.settings = settings
+        self.client = client or httpx.AsyncClient(timeout=60.0)
+
+    async def estimate_plan_json(self, plan_json: bytes, filename: str) -> InfracostEstimate:
+        mode = self.settings.infracost_mode.strip().lower()
+        if mode == "api":
+            return await self._estimate_plan_json_api(plan_json, filename)
+        if mode == "cli":
+            return await self._estimate_plan_json_cli(plan_json, filename)
+        raise RuntimeError("Set INFRACOST_MODE to either 'cli' or 'api'.")
+
+    async def _estimate_plan_json_api(self, plan_json: bytes, filename: str) -> InfracostEstimate:
+        response = await self.client.post(
+            self.settings.infracost_api_url,
+            headers={"x-api-key": self.settings.require_infracost_api_key()},
+            data={
+                "format": "json",
+                "no-color": "true",
+                "ci-platform": self.settings.infracost_ci_platform,
+            },
+            files={
+                "path": (filename, plan_json, "application/json"),
+            },
+        )
+        response.raise_for_status()
+        payload = response.json()
+        return self._estimate_from_payload(payload)
+
+    async def _estimate_plan_json_cli(self, plan_json: bytes, filename: str) -> InfracostEstimate:
+        with tempfile.TemporaryDirectory(prefix="cloudcost-infracost-") as temp_dir:
+            safe_name = Path(filename).name or "plan.json"
+            plan_path = Path(temp_dir) / safe_name
+            output_path = Path(temp_dir) / "infracost.json"
+            plan_path.write_bytes(plan_json)
+
+            env = self._cli_environment()
+            command = [
+                self.settings.infracost_cli_path,
+                "breakdown",
+                "--path",
+                str(plan_path),
+                "--format",
+                "json",
+                "--out-file",
+                str(output_path),
+            ]
+
+            try:
+                process = await asyncio.create_subprocess_exec(
+                    *command,
+                    stdout=asyncio.subprocess.PIPE,
+                    stderr=asyncio.subprocess.PIPE,
+                    env=env,
+                )
+            except FileNotFoundError as exc:
+                raise RuntimeError(
+                    "Infracost CLI was not found. Install it and set INFRACOST_CLI_PATH if it is not on PATH."
+                ) from exc
+
+            try:
+                stdout, stderr = await asyncio.wait_for(
+                    process.communicate(),
+                    timeout=self.settings.infracost_timeout_seconds,
+                )
+            except asyncio.TimeoutError as exc:
+                process.kill()
+                await process.communicate()
+                raise RuntimeError(
+                    f"Infracost CLI timed out after {self.settings.infracost_timeout_seconds} seconds."
+                ) from exc
+
+            if process.returncode != 0:
+                stderr_text = stderr.decode("utf-8", errors="replace").strip()
+                stdout_text = stdout.decode("utf-8", errors="replace").strip()
+                detail = stderr_text or stdout_text or f"exit code {process.returncode}"
+                raise RuntimeError(f"Infracost CLI failed: {detail[:2000]}")
+
+            if output_path.exists():
+                payload = json.loads(output_path.read_text(encoding="utf-8"))
+            else:
+                stdout_text = stdout.decode("utf-8", errors="replace").strip()
+                if not stdout_text:
+                    raise RuntimeError("Infracost CLI did not produce JSON output.")
+                payload = json.loads(stdout_text)
+
+            return self._estimate_from_payload(payload)
+
+    def _cli_environment(self) -> dict[str, str]:
+        env = os.environ.copy()
+        env["INFRACOST_CI_PLATFORM"] = self.settings.infracost_ci_platform
+        env["INFRACOST_SKIP_UPDATE_CHECK"] = "true"
+        env["INFRACOST_LOG_LEVEL"] = "warn"
+        env["DISABLE_TELEMETRY"] = "true"
+        if self.settings.infracost_api_key:
+            env["INFRACOST_API_KEY"] = self.settings.infracost_api_key
+        if self.settings.infracost_pricing_api_endpoint:
+            env["INFRACOST_PRICING_API_ENDPOINT"] = self.settings.infracost_pricing_api_endpoint
+        return env
+
+    def _estimate_from_payload(self, payload: dict[str, Any]) -> InfracostEstimate:
+        return InfracostEstimate(
+            raw=payload,
+            diff_total_monthly_cost=payload.get("diffTotalMonthlyCost"),
+            total_monthly_cost=payload.get("totalMonthlyCost"),
+            past_total_monthly_cost=payload.get("pastTotalMonthlyCost"),
+        )

backend/app/litellm_admin.py

@@ -0,0 +1,41 @@
+from typing import Any
+
+import httpx
+from pydantic import BaseModel, Field
+
+from backend.app.config import Settings
+
+
+class VirtualKeyRequest(BaseModel):
+    user_id: str | None = None
+    team_id: str | None = None
+    key_alias: str | None = None
+    models: list[str] = Field(default_factory=list)
+    max_budget: float | None = None
+    budget_duration: str | None = "30d"
+    tpm_limit: int | None = None
+    rpm_limit: int | None = None
+    metadata: dict[str, Any] = Field(default_factory=dict)
+
+
+class LiteLLMAdminClient:
+    def __init__(self, settings: Settings, client: httpx.AsyncClient | None = None) -> None:
+        self.settings = settings
+        self.client = client or httpx.AsyncClient(timeout=30.0)
+
+    @property
+    def headers(self) -> dict[str, str]:
+        return {
+            "Authorization": f"Bearer {self.settings.require_litellm_master_key()}",
+            "Content-Type": "application/json",
+        }
+
+    async def create_virtual_key(self, request: VirtualKeyRequest) -> dict[str, Any]:
+        body = request.model_dump(exclude_none=True)
+        response = await self.client.post(
+            f"{self.settings.litellm_base_url.rstrip('/')}/key/generate",
+            headers=self.headers,
+            json=body,
+        )
+        response.raise_for_status()
+        return response.json()