decodingtrust-agent-sdk 0.1.0__py3-none-any.whl

dt_arena/utils/github/helpers.py

@@ -0,0 +1,249 @@
+"""HTTP helpers for the local GitHub sandbox.
+
+Intended for judges that need to inspect the final state of the GitHub
+environment (repositories, commits, issues, blobs) and for seeders that need
+to reset or bulk-initialize the sandbox via its admin endpoints.
+
+All functions talk to the sandbox through plain HTTP; they do not require a
+logged-in user token because read endpoints are public.
+"""
+
+from __future__ import annotations
+
+import http.client
+import json
+import os
+import urllib.parse as urlparse
+from pathlib import Path
+from typing import Any, Dict, List, Optional, Tuple
+
+import yaml
+
+
+def _get_registry() -> dict:
+    root = Path(__file__).resolve().parents[3]
+    registry_file = root / "dt_arena" / "envs" / "registry.yaml"
+    if registry_file.exists():
+        try:
+            return yaml.safe_load(registry_file.read_text()) or {}
+        except Exception:
+            return {}
+    return {}
+
+
+def _get_github_host_port() -> Tuple[str, int]:
+    env_port = os.environ.get("GITHUB_API_PORT")
+    if env_port:
+        return "127.0.0.1", int(env_port)
+    reg = _get_registry()
+    base = ((reg.get("services") or {}).get("github") or {}).get(
+        "api_base_url", "http://127.0.0.1:8045"
+    )
+    parsed = urlparse.urlparse(base)
+    host = parsed.hostname or "127.0.0.1"
+    port = parsed.port or (443 if (parsed.scheme or "http") == "https" else 80)
+    return host, port
+
+
+def _request(
+    method: str,
+    path: str,
+    *,
+    body: Optional[Dict[str, Any]] = None,
+    timeout: int = 15,
+) -> Tuple[int, Any]:
+    host, port = _get_github_host_port()
+    headers = {"Accept": "application/json"}
+    raw_body: Optional[str] = None
+    if body is not None:
+        headers["Content-Type"] = "application/json"
+        raw_body = json.dumps(body)
+    conn = http.client.HTTPConnection(host, port, timeout=timeout)
+    try:
+        conn.request(method.upper(), path, body=raw_body, headers=headers)
+        resp = conn.getresponse()
+        data = resp.read()
+        status = resp.status
+    finally:
+        conn.close()
+    text = data.decode("utf-8", errors="replace") if data else ""
+    if not text:
+        return status, {}
+    try:
+        return status, json.loads(text)
+    except json.JSONDecodeError:
+        return status, text
+
+
+def reset_sandbox() -> Dict[str, Any]:
+    """Reset the GitHub sandbox back to its empty baseline."""
+    status, payload = _request("POST", "/api/v1/reset", body={})
+    if status >= 400:
+        raise RuntimeError(f"GitHub reset_sandbox failed ({status}): {payload}")
+    return payload if isinstance(payload, dict) else {}
+
+
+def init_from_json(payload: Dict[str, Any]) -> Dict[str, Any]:
+    """Seed the GitHub sandbox via the admin ``/api/v1/init-json`` endpoint."""
+    status, body = _request("POST", "/api/v1/init-json", body=payload)
+    if status >= 400:
+        raise RuntimeError(f"GitHub init_from_json failed ({status}): {body}")
+    return body if isinstance(body, dict) else {"raw": body}
+
+
+def list_repositories(*, limit: int = 100, q: Optional[str] = None) -> List[Dict[str, Any]]:
+    query: Dict[str, Any] = {"limit": str(limit)}
+    if q:
+        query["q"] = q
+    status, payload = _request(
+        "GET", f"/api/repos?{urlparse.urlencode(query)}"
+    )
+    if status != 200 or not isinstance(payload, dict):
+        return []
+    return payload.get("items") or []
+
+
+def list_tree(
+    owner: str,
+    repo: str,
+    *,
+    branch: Optional[str] = None,
+    path: str = "",
+) -> List[Dict[str, Any]]:
+    params: Dict[str, Any] = {}
+    if branch:
+        params["branch"] = branch
+    if path:
+        params["path"] = path
+    suffix = f"?{urlparse.urlencode(params)}" if params else ""
+    status, payload = _request(
+        "GET", f"/api/repos/{owner}/{repo}/tree{suffix}"
+    )
+    if status == 404:
+        return []
+    if status >= 400:
+        raise RuntimeError(
+            f"GitHub list_tree {owner}/{repo} failed ({status}): {payload}"
+        )
+    if isinstance(payload, dict):
+        return payload.get("items") or payload.get("tree") or []
+    return []
+
+
+def list_tree_recursive(owner: str, repo: str, *, branch: Optional[str] = None) -> List[str]:
+    """Return every file path in the repo (best-effort walk)."""
+    collected: List[str] = []
+
+    def walk(sub_path: str) -> None:
+        items = list_tree(owner, repo, branch=branch, path=sub_path)
+        for item in items:
+            p = item.get("path") or item.get("name")
+            if not p:
+                continue
+            is_dir = item.get("isDir") or item.get("type") in ("dir", "tree")
+            if is_dir:
+                walk(p)
+            else:
+                collected.append(p)
+
+    walk("")
+    return collected
+
+
+def get_file_contents(
+    owner: str,
+    repo: str,
+    path: str,
+    *,
+    branch: Optional[str] = None,
+) -> Optional[str]:
+    """Fetch file contents from the sandbox. Returns None when the file is absent."""
+    params: Dict[str, Any] = {"path": path}
+    if branch:
+        params["branch"] = branch
+    query = urlparse.urlencode(params)
+    status, payload = _request("GET", f"/api/repos/{owner}/{repo}/blob?{query}")
+    if status == 404:
+        return None
+    if status >= 400:
+        raise RuntimeError(
+            f"GitHub get_file_contents {owner}/{repo}:{path} failed ({status}): {payload}"
+        )
+    if isinstance(payload, dict):
+        blob = payload.get("blob") if "blob" in payload else payload
+        if isinstance(blob, dict):
+            return blob.get("content")
+        return None
+    return None
+
+
+def list_commits(
+    owner: str,
+    repo: str,
+    *,
+    branch: Optional[str] = None,
+    limit: int = 50,
+) -> List[Dict[str, Any]]:
+    params: Dict[str, Any] = {"limit": str(limit)}
+    if branch:
+        params["branch"] = branch
+    status, payload = _request(
+        "GET", f"/api/repos/{owner}/{repo}/commits?{urlparse.urlencode(params)}"
+    )
+    if status == 404:
+        return []
+    if status >= 400:
+        raise RuntimeError(
+            f"GitHub list_commits {owner}/{repo} failed ({status}): {payload}"
+        )
+    if isinstance(payload, dict):
+        return payload.get("items") or payload.get("commits") or []
+    return []
+
+
+def list_issues(
+    owner: str,
+    repo: str,
+    *,
+    state: Optional[str] = None,
+    limit: int = 100,
+) -> List[Dict[str, Any]]:
+    params: Dict[str, Any] = {"limit": str(limit)}
+    if state:
+        params["state"] = state
+    status, payload = _request(
+        "GET", f"/api/repos/{owner}/{repo}/issues?{urlparse.urlencode(params)}"
+    )
+    if status == 404:
+        return []
+    if status >= 400:
+        raise RuntimeError(
+            f"GitHub list_issues {owner}/{repo} failed ({status}): {payload}"
+        )
+    if isinstance(payload, dict):
+        return payload.get("items") or payload.get("issues") or []
+    return []
+
+
+def list_pull_requests(
+    owner: str,
+    repo: str,
+    *,
+    state: Optional[str] = None,
+    limit: int = 100,
+) -> List[Dict[str, Any]]:
+    params: Dict[str, Any] = {"limit": str(limit)}
+    if state:
+        params["state"] = state
+    status, payload = _request(
+        "GET", f"/api/repos/{owner}/{repo}/pulls?{urlparse.urlencode(params)}"
+    )
+    if status == 404:
+        return []
+    if status >= 400:
+        raise RuntimeError(
+            f"GitHub list_pull_requests {owner}/{repo} failed ({status}): {payload}"
+        )
+    if isinstance(payload, dict):
+        return payload.get("items") or payload.get("pulls") or []
+    return []

dt_arena/utils/gmail/__init__.py

@@ -0,0 +1 @@
+"""Gmail helpers package."""

dt_arena/utils/gmail/helpers.py

@@ -0,0 +1,344 @@
+from __future__ import annotations
+import json
+import http.client
+import time
+import re
+import urllib.parse as urlparse
+from pathlib import Path
+from typing import List, Dict, Any, Tuple, Optional
+import yaml
+
+
+def _normalize_amounts(text: str) -> str:
+    """Remove commas from numbers in text for flexible comparison.
+
+    This allows matching both '$385,000' and '$385000'.
+    """
+    # Remove commas between digits (e.g., 1,000 -> 1000)
+    return re.sub(r'(\d),(\d)', r'\1\2', text)
+
+
+def _get_registry() -> dict:
+    root = Path(__file__).resolve().parents[3]
+    registry_file = root / "dt_arena" / "envs" / "registry.yaml"
+    if registry_file.exists():
+        try:
+            return yaml.safe_load(registry_file.read_text()) or {}
+        except Exception:
+            return {}
+    return {}
+
+
+def _get_gmail_auth_port() -> Tuple[str, int]:
+    """Get Gmail auth API port (for login)."""
+    import os
+    env_port = os.environ.get("GMAIL_AUTH_PORT")
+    if env_port:
+        return "127.0.0.1", int(env_port)
+
+    reg = _get_registry()
+    gmail_base = ((reg.get("services") or {}).get("gmail") or {}).get(
+        "api_base_url", "http://127.0.0.1:8030"
+    )
+    parsed = urlparse.urlparse(gmail_base)
+    host = parsed.hostname or "127.0.0.1"
+    port = parsed.port or (443 if (parsed.scheme or "http") == "https" else 80)
+    return host, port
+
+
+def _get_gmail_proxy_port() -> Tuple[str, int]:
+    """Get Gmail proxy API port (for search/messages)."""
+    import os
+    env_port = os.environ.get("GMAIL_PROXY_PORT")
+    if env_port:
+        return "127.0.0.1", int(env_port)
+
+    # Fall back to auth port + 1 (default proxy is 8031, auth is 8030)
+    host, auth_port = _get_gmail_auth_port()
+    return host, auth_port + 1
+
+
+def _safe_read_response(resp: http.client.HTTPResponse) -> bytes:
+    """Read HTTP response body with tolerance for truncated transfers."""
+    try:
+        return resp.read()
+    except http.client.IncompleteRead as exc:
+        # Return the partial body so callers can still attempt JSON parsing.
+        return exc.partial or b""
+
+
+def _normalize_message_shape(msg: Dict[str, Any]) -> Dict[str, Any]:
+    """Normalize Mailpit/proxy message fields for judge/helper consumers."""
+    def _to_text(value: Any) -> str:
+        if value is None:
+            return ""
+        if isinstance(value, str):
+            return value
+        if isinstance(value, (int, float, bool)):
+            return str(value)
+        if isinstance(value, list):
+            return ", ".join(_to_text(v) for v in value if _to_text(v))
+        if isinstance(value, dict):
+            # Common email object layouts:
+            # {"Address": "..."} / {"address": "..."} / {"email": "..."}
+            for k in ("Address", "address", "email", "Email", "Name", "name"):
+                if k in value:
+                    text = _to_text(value.get(k))
+                    if text:
+                        return text
+            # Last resort: compact JSON string
+            try:
+                return json.dumps(value, ensure_ascii=False)
+            except Exception:
+                return str(value)
+        return str(value)
+
+    out = dict(msg)
+    # Ensure commonly-used aliases exist.
+    out["id"] = _to_text(out.get("id") or out.get("ID") or out.get("Id") or "")
+    out["subject"] = _to_text(out.get("subject") or out.get("Subject") or "")
+    out["Subject"] = out["subject"]
+    # Normalize recipient field to stable string for substring checks.
+    to_value = out.get("To") if "To" in out else out.get("to")
+    out["To"] = _to_text(to_value)
+    if "to" not in out:
+        out["to"] = out["To"]
+    # Normalize sender field to stable string for substring checks.
+    from_value = out.get("From") if "From" in out else out.get("from")
+    out["From"] = _to_text(from_value)
+    if "from" not in out:
+        out["from"] = out["From"]
+    return out
+
+
+def login(email: str, password: str) -> str:
+    host, port = _get_gmail_auth_port()
+    # Gmail auth API uses JSON request with email field
+    body = json.dumps({"email": email, "password": password})
+    headers = {"Content-Type": "application/json"}
+    conn = http.client.HTTPConnection(host, port, timeout=5)
+    conn.request("POST", "/api/v1/auth/login", body=body, headers=headers)
+    resp = conn.getresponse()
+    data = _safe_read_response(resp)
+    conn.close()
+    if resp.status == 200:
+        try:
+            return json.loads(data.decode()).get("access_token") or ""
+        except Exception:
+            return ""
+    return ""
+
+
+def get_message_body(token: str, message_id: str) -> str:
+    """Get the full body of a message by ID."""
+    host, port = _get_gmail_proxy_port()
+    headers = {"Authorization": f"Bearer {token}"}
+    conn = http.client.HTTPConnection(host, port, timeout=5)
+    # Note: singular "message" endpoint, not plural "messages"
+    conn.request("GET", f"/api/v1/message/{message_id}", headers=headers)
+    resp = conn.getresponse()
+    raw = _safe_read_response(resp)
+    conn.close()
+
+    if resp.status != 200:
+        return ""
+    try:
+        data = json.loads(raw.decode())
+        # Mailpit returns body in "Text" field
+        return data.get("Text") or data.get("text") or data.get("body") or ""
+    except Exception:
+        return ""
+
+
+def get_message_subject(token: str, message_id: str) -> str:
+    """Get the subject of a message by ID."""
+    host, port = _get_gmail_proxy_port()
+    headers = {"Authorization": f"Bearer {token}"}
+    conn = http.client.HTTPConnection(host, port, timeout=5)
+    # Note: singular "message" endpoint, not plural "messages"
+    conn.request("GET", f"/api/v1/message/{message_id}", headers=headers)
+    resp = conn.getresponse()
+    raw = _safe_read_response(resp)
+    conn.close()
+
+    if resp.status != 200:
+        return ""
+    try:
+        data = json.loads(raw.decode())
+        return data.get("Subject") or data.get("subject") or ""
+    except Exception:
+        return ""
+
+
+def search_emails_as(
+    email: str,
+    password: str,
+    *,
+    to_address: Optional[str] = None,
+    from_address: Optional[str] = None,
+    subject_contains: Optional[str | List[str]] = None,
+    body_contains: Optional[str | List[str]] = None,
+    limit: int = 50,
+    include_body: bool = True,
+) -> List[Dict[str, Any]]:
+    """Convenience wrapper: log in as ``email`` and search the inbox.
+
+    Intended for judges that only need to inspect the final mailbox state
+    without managing auth tokens themselves. Returns ``[]`` on login failure.
+    """
+    token = login(email, password)
+    if not token:
+        return []
+    return search_messages(
+        token=token,
+        to_address=to_address,
+        from_address=from_address,
+        subject_contains=subject_contains,
+        body_contains=body_contains,
+        limit=limit,
+        include_body=include_body,
+    )
+
+
+def search_messages(
+    token: str,
+    to_address: Optional[str] = None,
+    from_address: Optional[str] = None,
+    subject_contains: Optional[str | List[str]] = None,
+    body_contains: Optional[str | List[str]] = None,
+    limit: int = 50,
+    include_body: bool = False,
+) -> List[Dict[str, Any]]:
+    """Search messages via Gmail proxy API with user authentication.
+
+    Args:
+        token: User authentication token
+        to_address: Filter by recipient email
+        from_address: Filter by sender email
+        subject_contains: Filter by subject containing this string, or a list of strings
+                          that must ALL appear in the same message subject
+        body_contains: Filter by body containing this string, or a list of strings
+                       that must ALL appear in the same message body
+        limit: Maximum number of results
+        include_body: If True, include full body text in each returned message dict
+
+    Returns:
+        List of matching messages (with 'body' field if include_body=True or body_contains is used)
+    """
+    host, port = _get_gmail_proxy_port()
+
+    # Normalize subject_contains and body_contains to lists
+    subject_terms: List[str] = []
+    if subject_contains:
+        if isinstance(subject_contains, str):
+            subject_terms = [subject_contains]
+        else:
+            subject_terms = list(subject_contains)
+
+    body_terms: List[str] = []
+    if body_contains:
+        if isinstance(body_contains, str):
+            body_terms = [body_contains]
+        else:
+            body_terms = list(body_contains)
+
+    # Build query params (without token - that goes in header)
+    query: Dict[str, Any] = {"limit": str(limit)}
+    if to_address:
+        query["to"] = to_address
+    if from_address:
+        query["from_address"] = from_address
+
+    # For multiple terms, search with the first term server-side,
+    # then filter client-side for the remaining terms
+    if subject_terms:
+        query["subject_contains"] = subject_terms[0]
+    if body_terms:
+        query["body_contains"] = body_terms[0]
+
+    params = urlparse.urlencode(query)
+
+    # Use Authorization header for token
+    headers = {"Authorization": f"Bearer {token}"}
+    # When no explicit search terms are provided, list messages directly.
+    # Some Mailpit builds return empty results for /search without query.
+    has_search_terms = bool(to_address or from_address or subject_terms or body_terms)
+    path = f"/api/v1/search?{params}" if has_search_terms else f"/api/v1/messages?{params}"
+
+    # Mail delivery/indexing is eventually consistent in sandbox; retry briefly.
+    for _ in range(4):
+        conn = http.client.HTTPConnection(host, port, timeout=5)
+        conn.request("GET", path, headers=headers)
+        resp = conn.getresponse()
+        raw = _safe_read_response(resp)
+        conn.close()
+
+        if resp.status != 200:
+            time.sleep(0.4)
+            continue
+        try:
+            data = json.loads(raw.decode())
+        except Exception:
+            data = []
+
+        # Mailpit returns {"messages": [...], "total": N}
+        if isinstance(data, dict) and "messages" in data:
+            messages = data.get("messages") or []
+        else:
+            messages = data if isinstance(data, list) else []
+        messages = [_normalize_message_shape(m) for m in messages if isinstance(m, dict)]
+
+        # Filter client-side to ensure ALL terms are in the same message
+        needs_filtering = len(subject_terms) > 1 or len(body_terms) > 1
+        # Fetch full bodies for stable judge checks across tasks.
+        # Mailpit snippets can omit key finance/security terms.
+        needs_body_fetch = True
+
+        if needs_filtering or needs_body_fetch:
+            remaining_subject_terms = subject_terms[1:] if len(subject_terms) > 1 else []
+            remaining_body_terms = body_terms[1:] if len(body_terms) > 1 else []
+
+            filtered = []
+            for msg in messages:
+                msg_id = msg.get("ID") or msg.get("id")
+                if not msg_id:
+                    continue
+
+                # Check remaining subject terms
+                if remaining_subject_terms:
+                    full_subject = get_message_subject(token, msg_id)
+                    subject_lower = full_subject.lower()
+                    if not all(term.lower() in subject_lower for term in remaining_subject_terms):
+                        continue
+
+                # Fetch body if needed (for filtering or for include_body)
+                full_body = None
+                if remaining_body_terms or needs_body_fetch:
+                    full_body = get_message_body(token, msg_id)
+
+                # Check remaining body terms (with amount normalization for flexible matching)
+                if remaining_body_terms and full_body is not None:
+                    body_lower = full_body.lower()
+                    # Normalize amounts in body (remove commas from numbers)
+                    body_normalized = _normalize_amounts(body_lower)
+                    # Check each term with normalization
+                    if not all(
+                        _normalize_amounts(term.lower()) in body_normalized
+                        for term in remaining_body_terms
+                    ):
+                        continue
+
+                # Add body to message if fetched
+                if full_body is not None:
+                    msg["body"] = full_body
+
+                filtered.append(msg)
+            if filtered:
+                return filtered
+            time.sleep(0.4)
+            continue
+
+        if messages:
+            return messages
+        time.sleep(0.4)
+    return []

dt_arena/utils/google_form/__init__.py

@@ -0,0 +1,2 @@
+"""Google Form helpers package."""
+