hyperpocket 0.0.3__py3-none-any.whl → 0.1.9__py3-none-any.whl

hyperpocket/cli/auth.py

@@ -0,0 +1,83 @@
+import os
+import click
+from pathlib import Path
+from hyperpocket.cli.codegen.auth import get_server_auth_token_template, get_auth_context_template, get_auth_token_context_template, get_auth_token_handler_template, get_auth_token_schema_template
+
+@click.command()
+@click.argument('service_name', type=str)
+def create_token_auth_template(service_name):
+    ## Validate service_name
+    if not service_name.islower() or not service_name.replace('_', '').isalpha():
+        raise ValueError("service_name must be lowercase and contain only letters and underscores")
+    
+    capitliazed_service_name = service_name.capitalize()
+    if '_' in service_name:
+        capitliazed_service_name = ''.join([word.capitalize() for word in service_name.split('_')])
+    
+    ## Get the current working directory
+    cwd = Path.cwd()
+    parent_path = cwd.parent
+    
+    generate_server_auth(service_name, parent_path)
+    generate_hyperpocket_auth_dir(service_name, parent_path)
+    generate_auth_context(service_name, capitliazed_service_name, parent_path)
+    generate_auth_token_context(service_name, capitliazed_service_name, parent_path)
+    generate_auth_token_handler(service_name, capitliazed_service_name, parent_path)
+    generate_auth_token_schema(service_name, capitliazed_service_name, parent_path)
+    ##TODO: Add service to hyperpocket/auth/provider
+
+def generate_server_auth(service_name, parent_path):
+    print(f"Generating server/auth for '{service_name}'.")
+    output_from_parsed_template = get_server_auth_token_template().render(service_name=service_name)
+    output_path = parent_path / f'hyperpocket/hyperpocket/server/auth/{service_name}.py'
+    with open(output_path, "w") as f:
+        f.write(output_from_parsed_template)
+
+def generate_hyperpocket_auth_dir(service_name, parent_path):
+    if not os.path.exists(parent_path / f'hyperpocket/hyperpocket/auth/{service_name}'):
+        os.makedirs(parent_path / f'hyperpocket/hyperpocket/auth/{service_name}')
+    
+    output_path = parent_path / f'hyperpocket/hyperpocket/auth/{service_name}/__init__.py'
+    with open(output_path, "w") as f:
+        pass
+
+def generate_auth_context(service_name, capitliazed_service_name, parent_path):
+    print(f"Generating auth/context for '{service_name}'.")
+    output_from_parsed_template = get_auth_context_template().render(
+        caplitalized_service_name=capitliazed_service_name, 
+        upper_service_name=service_name.upper()
+    )
+    output_path = parent_path / f'hyperpocket/hyperpocket/auth/{service_name}/context.py'
+    with open(output_path, "w") as f:
+        f.write(output_from_parsed_template)
+
+def generate_auth_token_context(service_name, capitliazed_service_name, parent_path):
+    print(f"Generating auth/token context for '{service_name}'.")
+    output_from_parsed_template = get_auth_token_context_template().render(
+        service_name = service_name,
+        caplitalized_service_name=capitliazed_service_name, 
+    )
+    output_path = parent_path / f'hyperpocket/hyperpocket/auth/{service_name}/token_context.py'
+    with open(output_path, "w") as f:
+        f.write(output_from_parsed_template)
+
+def generate_auth_token_handler(service_name, capitliazed_service_name, parent_path):
+    print(f"Generating auth/token handler for '{service_name}'.")
+    output_from_parsed_template = get_auth_token_handler_template().render(
+        service_name = service_name,
+        auth_handler_name = service_name.replace('_','-'),
+        caplitalized_service_name=capitliazed_service_name,
+        upper_service_name=service_name.upper()
+    )
+    output_path = parent_path / f'hyperpocket/hyperpocket/auth/{service_name}/token_handler.py'
+    with open(output_path, "w") as f:
+        f.write(output_from_parsed_template)
+
+def generate_auth_token_schema(service_name, capitliazed_service_name, parent_path):
+    print(f"Generating auth/token schema for '{service_name}'.")
+    output_from_parsed_template = get_auth_token_schema_template().render(
+        caplitalized_service_name=capitliazed_service_name,
+    )
+    output_path = parent_path / f'hyperpocket/hyperpocket/auth/{service_name}/token_schema.py'
+    with open(output_path, "w") as f:
+        f.write(output_from_parsed_template)

hyperpocket/cli/codegen/auth/__init__.py

@@ -0,0 +1,13 @@
+from .auth_context_template import get_auth_context_template
+from .auth_token_context_template import get_auth_token_context_template
+from .auth_token_handler_template import get_auth_token_handler_template
+from .auth_token_schema_template import get_auth_token_schema_template
+from .server_auth_template import get_server_auth_token_template
+
+__all__ = [
+    "get_auth_context_template",
+    "get_auth_token_context_template",
+    "get_auth_token_handler_template",
+    "get_auth_token_schema_template",
+    "get_server_auth_token_template",
+]

hyperpocket/cli/codegen/auth/auth_context_template.py

@@ -0,0 +1,16 @@
+from jinja2 import Template
+
+def get_auth_context_template() -> Template:
+    return Template('''
+from hyperpocket.auth.context import AuthContext
+class {{ caplitalized_service_name }}AuthContext(AuthContext):
+    _ACCESS_TOKEN_KEY: str = "{{ upper_service_name }}_TOKEN"
+    def to_dict(self) -> dict[str, str]:
+        return {
+            self._ACCESS_TOKEN_KEY: self.access_token,
+        }
+    def to_profiled_dict(self, profile: str) -> dict[str, str]:
+        return {
+            f"{profile.upper()}_{self._ACCESS_TOKEN_KEY}": self.access_token,
+        }
+''')

hyperpocket/cli/codegen/auth/auth_token_context_template.py

@@ -0,0 +1,16 @@
+from jinja2 import Template
+
+def get_auth_token_context_template() -> Template:
+    return Template('''
+from hyperpocket.auth.{{ service_name }}.context import {{ caplitalized_service_name }}AuthContext
+from hyperpocket.auth.{{ service_name }}.token_schema import {{ caplitalized_service_name }}TokenResponse
+class {{ caplitalized_service_name }}TokenAuthContext({{ caplitalized_service_name }}AuthContext):
+    @classmethod
+    def from_{{ service_name }}_token_response(cls, response: {{ caplitalized_service_name }}TokenResponse):
+        description = f'{{ caplitalized_service_name }} Token Context logged in'
+        return cls(
+            access_token=response.access_token,
+            description=description,
+            expires_at=None
+        )
+''')

hyperpocket/cli/codegen/auth/auth_token_handler_template.py

@@ -0,0 +1,69 @@
+from jinja2 import Template
+
+def get_auth_token_handler_template() -> Template:
+    return Template('''
+from typing import Optional
+from urllib.parse import urljoin, urlencode
+
+from hyperpocket.auth import AuthProvider
+from hyperpocket.auth.context import AuthContext
+from hyperpocket.auth.handler import AuthHandlerInterface, AuthenticateRequest
+from hyperpocket.auth.{{ service_name }}.token_context import {{ caplitalized_service_name }}TokenAuthContext
+from hyperpocket.auth.{{ service_name }}.token_schema import {{ caplitalized_service_name }}TokenResponse, {{ caplitalized_service_name }}TokenRequest
+from hyperpocket.config import config
+from hyperpocket.futures import FutureStore
+
+
+class {{ caplitalized_service_name }}TokenAuthHandler(AuthHandlerInterface):
+    name: str = "{{ auth_handler_name }}-token"
+    description: str = "This handler is used to authenticate users using the {{ caplitalized_service_name }} token."
+    scoped: bool = False
+
+    _TOKEN_URL: str = urljoin(config.public_base_url + "/", f"{config.callback_url_rewrite_prefix}/auth/token")
+
+    @staticmethod
+    def provider() -> AuthProvider:
+        return AuthProvider.{{ upper_service_name }}
+
+    @staticmethod
+    def recommended_scopes() -> set[str]:
+        return set()
+
+    def prepare(self, auth_req: {{ caplitalized_service_name }}TokenRequest, thread_id: str, profile: str,
+                future_uid: str, *args, **kwargs) -> str:
+        redirect_uri = urljoin(
+            config.public_base_url + "/",
+            f"{config.callback_url_rewrite_prefix}/auth/{{ service_name }}/token/callback",
+        )
+        url = self._make_auth_url(auth_req=auth_req, redirect_uri=redirect_uri, state=future_uid)
+        FutureStore.create_future(future_uid, data={
+            "redirect_uri": redirect_uri,
+            "thread_id": thread_id,
+            "profile": profile,
+        })
+
+        return f'User needs to authenticate using the following URL: {url}'
+
+    async def authenticate(self, auth_req: {{ caplitalized_service_name }}TokenRequest, future_uid: str, *args, **kwargs) -> AuthContext:
+        future_data = FutureStore.get_future(future_uid)
+        access_token = await future_data.future
+
+        response = {{ caplitalized_service_name }}TokenResponse(access_token=access_token)
+        context = {{ caplitalized_service_name }}TokenAuthContext.from_{{ service_name }}_token_response(response)
+
+        return context
+
+    async def refresh(self, auth_req: {{ caplitalized_service_name }}TokenRequest, context: AuthContext, *args, **kwargs) -> AuthContext:
+        raise Exception("{{ caplitalized_service_name }} token doesn't support refresh")
+
+    def _make_auth_url(self, auth_req: {{ caplitalized_service_name }}TokenRequest, redirect_uri: str, state: str):
+        params = {
+            "redirect_uri": redirect_uri,
+            "state": state,
+        }
+        auth_url = f"{self._TOKEN_URL}?{urlencode(params)}"
+        return auth_url
+
+    def make_request(self, auth_scopes: Optional[list[str]] = None, **kwargs) -> {{ caplitalized_service_name }}TokenRequest:
+        return {{ caplitalized_service_name }}TokenRequest()
+''')

hyperpocket/cli/codegen/auth/auth_token_schema_template.py

@@ -0,0 +1,12 @@
+from jinja2 import Template
+
+def get_auth_token_schema_template() -> Template:
+    return Template('''
+from typing import List, Optional
+from pydantic import BaseModel
+from hyperpocket.auth.schema import AuthenticateRequest, AuthenticateResponse
+class {{ caplitalized_service_name }}TokenRequest(AuthenticateRequest):
+    pass
+class {{ caplitalized_service_name }}TokenResponse(AuthenticateResponse):
+    access_token: str
+''')

hyperpocket/cli/codegen/auth/server_auth_template.py

@@ -0,0 +1,18 @@
+from jinja2 import Template
+
+def get_server_auth_token_template() -> Template:
+    return Template('''
+from fastapi import APIRouter
+from starlette.responses import HTMLResponse
+from hyperpocket.futures import FutureStore
+{{ service_name }}_auth_router = APIRouter(
+    prefix="/{{ service_name }}"
+)
+@{{ service_name }}_auth_router.get("/token/callback")
+async def {{ service_name }}_token_callback(state: str, token: str):
+    try:
+        FutureStore.resolve_future(state, token)
+    except ValueError:
+        return HTMLResponse(content="failed")
+    return HTMLResponse(content="success")                    
+''')

hyperpocket/cli/eject.py

@@ -0,0 +1,19 @@
+import pathlib
+from typing import Optional
+
+import click
+
+import hyperpocket.repository as repository
+
+
+@click.command()
+@click.argument("url", type=str)
+@click.argument("ref", type=str)
+@click.argument("remote_path", type=str)
+@click.option("--lockfile", envvar="PATHS", type=click.Path(exists=True))
+def eject(url: str, ref: str, remote_path: str, lockfile: Optional[pathlib.Path]):
+    if not lockfile:
+        lockfile = pathlib.Path.cwd() / "pocket.lock"
+    if not lockfile.exists():
+        raise ValueError("To eject a tool, you first need to pull it")
+    repository.eject(url, ref, remote_path, repository.Lockfile(lockfile))

hyperpocket/cli/sync.py

@@ -7,11 +7,11 @@ import hyperpocket.repository as repository
 
 
 @click.command()
-@click.option("--lockfile", envvar='PATHS', type=click.Path(exists=True))
-@click.option("--force-update", type=str, default='HEAD')
-def sync(url: str, lockfile: Optional[pathlib.Path], force_update: bool):
+@click.option("--lockfile", envvar="PATHS", type=click.Path(exists=True))
+@click.option("--force-update", type=str, default="HEAD")
+def sync(lockfile: Optional[pathlib.Path], force_update: bool):
     if not lockfile:
-        lockfile = pathlib.Path.cwd() / 'pocket.lock'
+        lockfile = pathlib.Path.cwd() / "pocket.lock"
     if not lockfile.exists():
         lockfile.touch()
-    repository.sync(repository.Lockfile(path=lockfile), force_update)
+    repository.sync(repository.Lockfile(path=lockfile), force_update)

hyperpocket/config/settings.py

@@ -1,26 +1,28 @@
 import os
 from pathlib import Path
-from typing import Literal
 
 from dynaconf import Dynaconf
-from pydantic import BaseModel
+from pydantic import BaseModel, Field
 
 from hyperpocket.config.auth import AuthConfig, DefaultAuthConfig
-from hyperpocket.config.git import DefaultGitConfig, GitConfig
 from hyperpocket.config.session import DefaultSessionConfig, SessionConfig
 
-pocket_root = Path.home() / ".pocket"
-if not pocket_root.exists():
-    os.makedirs(pocket_root)
-settings_path = pocket_root / "settings.toml"
+POCKET_ROOT = Path.home() / ".pocket"
+SETTING_ROOT = Path.cwd()
+
+
+settings_path = SETTING_ROOT / "settings.toml"
 if not settings_path.exists():
     with open(settings_path, "w"):
         pass
-secret_path = pocket_root / ".secrets.toml"
+
+secret_path = SETTING_ROOT / ".secrets.toml"
 if not secret_path.exists():
     with open(secret_path, "w"):
         pass
-toolpkg_path = pocket_root / "toolpkg"
+
+
+toolpkg_path = POCKET_ROOT / "toolpkg"
 if not toolpkg_path.exists():
     os.makedirs(toolpkg_path)
 
@@ -43,8 +45,8 @@ class Config(BaseModel):
     callback_url_rewrite_prefix: str = "proxy"  # should not start with a slash
     log_level: str = "INFO"
     auth: AuthConfig = DefaultAuthConfig
-    git: GitConfig = DefaultGitConfig
     session: SessionConfig = DefaultSessionConfig
+    tool_vars: dict[str, str] = Field(default_factory=dict)
 
     @property
     def internal_base_url(self):
@@ -52,9 +54,9 @@ class Config(BaseModel):
 
     @property
     def public_base_url(self):
-        if self.public_server_protocol == 'https' and self.public_server_port == 443:
+        if self.public_server_protocol == "https" and self.public_server_port == 443:
             return f"{self.public_server_protocol}://{self.public_hostname}"
-        elif self.public_server_protocol == 'http' and self.public_server_port == 80:
+        elif self.public_server_protocol == "http" and self.public_server_port == 80:
             return f"{self.public_server_protocol}://{self.public_hostname}"
         return f"{self.public_server_protocol}://{self.public_hostname}:{self.public_server_port}"
 

hyperpocket/futures/futurestore.py

@@ -1,5 +1,4 @@
 import asyncio
-import enum
 from typing import Any
 
 from hyperpocket.config import pocket_logger

hyperpocket/pocket_auth.py

@@ -9,7 +9,7 @@ from hyperpocket.auth.handler import AuthHandlerInterface, AuthenticateRequest
 from hyperpocket.config import config, pocket_logger
 from hyperpocket.futures import FutureStore
 from hyperpocket.session import SESSION_STORAGE_LIST
-from hyperpocket.session.interface import SessionStorageInterface
+from hyperpocket.session.interface import SessionStorageInterface, BaseSessionValue
 
 
 class AuthState(enum.Enum):
@@ -99,7 +99,12 @@ class PocketAuth(object):
         """
         handler = self.find_handler_instance(auth_handler_name, auth_provider)
         session = self.session_storage.get(handler.provider(), thread_id, profile)
+        auth_state = self.get_session_state(session=session, auth_req=auth_req)
 
+        return auth_state
+
+    @staticmethod
+    def get_session_state(session: Optional[BaseSessionValue], auth_req: Optional[AuthenticateRequest]) -> AuthState:
         if not session:
             return AuthState.NO_SESSION
 
@@ -110,7 +115,8 @@ class PocketAuth(object):
 
             return AuthState.PENDING_RESOLVE
 
-        if not session.is_auth_applicable(auth_provider_name=handler.provider().name, auth_req=auth_req):
+        if auth_req is not None and not session.is_auth_applicable(auth_provider_name=session.auth_provider_name,
+                                                                   auth_req=auth_req):
             return AuthState.DO_AUTH
 
         if session.is_near_expires():
@@ -282,9 +288,6 @@ class PocketAuth(object):
             FutureStore.delete_future(session.auth_resolve_uid)
             raise e
 
-    def delete_session(self, auth_provider: AuthProvider, thread_id: str = "default", profile: str = "default") -> bool:
-        return self.session_storage.delete(auth_provider, thread_id, profile)
-
     def get_auth_context(self, auth_provider: AuthProvider, thread_id: str = "default", profile: str = "default",
                          **kwargs) -> Optional[AuthContext]:
         session = self.session_storage.get(auth_provider, thread_id, profile, **kwargs)
@@ -293,6 +296,23 @@ class PocketAuth(object):
 
         return session.auth_context
 
+    def list_session_state(self, thread_id: str, auth_provider: Optional[AuthProvider] = None):
+        session_list = self.session_storage.get_by_thread_id(thread_id=thread_id, auth_provider=auth_provider)
+        session_state_list = []
+        for session in session_list:
+            state = self.get_session_state(session=session, auth_req=None)
+
+            session_state_list.append({
+                "provider": session.auth_provider_name,
+                "scope": session.auth_scopes,
+                "state": state,
+            })
+
+        return session_state_list
+
+    def delete_session(self, auth_provider: AuthProvider, thread_id: str = "default", profile: str = "default") -> bool:
+        return self.session_storage.delete(auth_provider, thread_id, profile)
+
     def find_handler_instance(self, name: Optional[str] = None,
                               auth_provider: Optional[AuthProvider] = None) -> AuthHandlerInterface:
         if name:

hyperpocket/pocket_core.py

@@ -0,0 +1,264 @@
+import asyncio
+import pathlib
+from typing import Any, Optional, Callable, List, Union
+
+from hyperpocket.builtin import get_builtin_tools
+from hyperpocket.config import pocket_logger
+from hyperpocket.pocket_auth import PocketAuth
+from hyperpocket.repository import Lockfile
+from hyperpocket.repository.lock import LocalLock, GitLock
+from hyperpocket.tool import Tool, ToolRequest
+from hyperpocket.tool.function import from_func
+from hyperpocket.tool.wasm import WasmTool
+from hyperpocket.tool.wasm.tool import WasmToolRequest
+from hyperpocket.tool_like import ToolLike
+
+
+class PocketCore:
+    auth: PocketAuth
+    tools: dict[str, Tool]
+
+    def __init__(self,
+                 tools: list[ToolLike],
+                 auth: PocketAuth = None,
+                 lockfile_path: Optional[str] = None,
+                 force_update: bool = False):
+        if auth is None:
+            auth = PocketAuth()
+        self.auth = auth
+
+        if lockfile_path is None:
+            lockfile_path = "./pocket.lock"
+        lockfile_pathlib_path = pathlib.Path(lockfile_path)
+        lockfile = Lockfile(lockfile_pathlib_path)
+        tool_likes = []
+        for tool_like in tools:
+            if isinstance(tool_like, str):
+                if pathlib.Path(tool_like).exists():
+                    lock = LocalLock(tool_like)
+                    req = WasmToolRequest(lock, "")
+                else:
+                    base_repo_url, git_ref, rel_path = GitLock.parsing_repo_url(repo_url=tool_like)
+                    lock = GitLock(repository_url=base_repo_url, git_ref=git_ref)
+                    req = WasmToolRequest(lock=lock, rel_path=rel_path, tool_vars={})
+
+                lockfile.add_lock(lock)
+                tool_likes.append(req)
+            elif isinstance(tool_like, WasmToolRequest):
+                lockfile.add_lock(tool_like.lock)
+                tool_likes.append(tool_like)
+            elif isinstance(tool_like, ToolRequest):
+                raise ValueError(f"unreachable. tool_like:{tool_like}")
+            elif isinstance(tool_like, WasmTool):
+                raise ValueError("WasmTool should pass ToolRequest instance instead.")
+            else:
+                tool_likes.append(tool_like)
+        lockfile.sync(force_update=force_update, referenced_only=True)
+
+        self.tools = dict()
+        for tool_like in tool_likes:
+            tool = self._load_tool(tool_like, lockfile)
+            if tool.name in self.tools:
+                pocket_logger.error(f"Duplicate tool name: {tool.name}.")
+                raise ValueError(f"Duplicate tool name: {tool.name}")
+            self.tools[tool.name] = tool
+
+        pocket_logger.info(f"All Registered Tools Loaded successfully. total registered tools : {len(self.tools)}")
+
+        builtin_tools = get_builtin_tools(self.auth)
+        for tool in builtin_tools:
+            self.tools[tool.name] = tool
+        pocket_logger.info(f"All BuiltIn Tools Loaded successfully. total tools : {len(self.tools)}")
+
+    async def acall(self,
+                    tool_name: str,
+                    body: Any,
+                    thread_id: str = 'default',
+                    profile: str = 'default',
+                    *args, **kwargs) -> tuple[str, bool]:
+        """
+        Invoke tool asynchronously, not that different from `Pocket.invoke`
+        But this method is called only in subprocess.
+
+        This function performs the following steps:
+            1. `prepare_auth` : preparing the authentication process for the tool if necessary.
+            2. `authenticate` : performing authentication that needs to invoke tool.
+            3. `tool_call` : Executing tool actually with authentication information.
+
+        Args:
+            tool_name(str): tool name to invoke
+            body(Any): tool arguments. should be json format
+            thread_id(str): thread id
+            profile(str): profile name
+
+        Returns:
+            tuple[str, bool]: tool result and state.
+        """
+        tool = self._tool_instance(tool_name)
+        if tool.auth is not None:
+            callback_info = self.prepare_auth(tool_name, thread_id, profile, **kwargs)
+            if callback_info:
+                return callback_info, True
+        # 02. authenticate
+        credentials = await self.authenticate(tool_name, thread_id, profile, **kwargs)
+        # 03. call tool
+        result = await self.tool_call(tool_name, body=body, envs=credentials, **kwargs)
+        return result, False
+
+    def prepare_auth(self,
+                     tool_name: Union[str, List[str]],
+                     thread_id: str = 'default',
+                     profile: str = 'default',
+                     **kwargs) -> Optional[str]:
+        """
+        Prepares the authentication process for the tool if necessary.
+        Returns callback URL and whether the tool requires authentication.
+
+        Args:
+            tool_name(Union[str,List[str]]): tool name to invoke
+            thread_id(str): thread id
+            profile(str): profile name
+
+        Returns:
+            Optional[str]: callback URI if necessary
+        """
+
+        if isinstance(tool_name, str):
+            tool_name = [tool_name]
+
+        tools: List[Tool] = []
+        for name in tool_name:
+            tool = self._tool_instance(name)
+            if tool.auth is not None:
+                tools.append(tool)
+
+        if len(tools) == 0:
+            return None
+
+        auth_handler_name = tools[0].auth.auth_handler
+        auth_provider = tools[0].auth.auth_provider
+        auth_scopes = set()
+
+        for tool in tools:
+            if tool.auth.auth_handler != auth_handler_name:
+                pocket_logger.error(
+                    f"All Tools should have same auth handler. but it's different {tool.auth.auth_handler}, {auth_handler_name}")
+
+                return f"All Tools should have same auth handler. but it's different {tool.auth.auth_handler}, {auth_handler_name}"
+            if tool.auth.auth_provider != auth_provider:
+                pocket_logger.error(
+                    f"All Tools should have same auth provider. but it's different {tool.auth.auth_provider}, {auth_provider}")
+                return f"All Tools should have same auth provider. but it's different {tool.auth.auth_provider}, {auth_provider}"
+
+            if tool.auth.scopes is not None:
+                auth_scopes |= set(tool.auth.scopes)
+
+        auth_req = self.auth.make_request(
+            auth_handler_name=auth_handler_name,
+            auth_provider=auth_provider,
+            auth_scopes=list(auth_scopes))
+
+        return self.auth.prepare(
+            auth_req=auth_req,
+            auth_handler_name=auth_handler_name,
+            auth_provider=auth_provider,
+            thread_id=thread_id,
+            profile=profile,
+            **kwargs
+        )
+
+    async def authenticate(
+            self,
+            tool_name: str,
+            thread_id: str = 'default',
+            profile: str = 'default',
+            **kwargs) -> dict[str, str]:
+        """
+        Authenticates the handler included in the tool and returns credentials.
+
+        Args:
+            tool_name(str): tool name to invoke
+            thread_id(str): thread id
+            profile(str): profile name
+
+        Returns:
+            dict[str, str]: credentials
+        """
+        tool = self._tool_instance(tool_name)
+        if tool.auth is None:
+            return {}
+        auth_req = self.auth.make_request(
+            auth_handler_name=tool.auth.auth_handler,
+            auth_provider=tool.auth.auth_provider,
+            auth_scopes=tool.auth.scopes)
+        auth_ctx = await self.auth.authenticate_async(
+            auth_req=auth_req,
+            auth_handler_name=tool.auth.auth_handler,
+            auth_provider=tool.auth.auth_provider,
+            thread_id=thread_id,
+            profile=profile,
+            **kwargs,
+        )
+        return auth_ctx.to_dict()
+
+    async def tool_call(self, tool_name: str, **kwargs) -> str:
+        """
+        Executing tool actually
+
+        Args:
+            tool_name(str): tool name to invoke
+            kwargs(dict): keyword arguments. authentication information is passed through this.
+
+        Returns:
+            str: tool result
+        """
+        tool = self._tool_instance(tool_name)
+        try:
+            result = await asyncio.wait_for(tool.ainvoke(**kwargs), timeout=180)
+        except asyncio.TimeoutError:
+            pocket_logger.warning("Timeout tool call.")
+            return "timeout tool call"
+
+        if tool.postprocessings is not None:
+            for postprocessing in tool.postprocessings:
+                try:
+                    result = postprocessing(result)
+                except Exception as e:
+                    exception_str = (
+                        f"Error in postprocessing `{postprocessing.__name__}`: {e}"
+                    )
+                    pocket_logger.error(exception_str)
+                    return exception_str
+
+        return result
+
+    def grouping_tool_by_auth_provider(self) -> dict[str, List[Tool]]:
+        tool_by_provider = {}
+        for tool_name, tool in self.tools.items():
+            if tool.auth is None:
+                continue
+
+            auth_provider_name = tool.auth.auth_provider.name
+            if tool_by_provider.get(auth_provider_name):
+                tool_by_provider[auth_provider_name].append(tool)
+            else:
+                tool_by_provider[auth_provider_name] = [tool]
+        return tool_by_provider
+
+    def _tool_instance(self, tool_name: str) -> Tool:
+        return self.tools[tool_name]
+
+    @staticmethod
+    def _load_tool(tool_like: ToolLike, lockfile: Lockfile) -> Tool:
+        pocket_logger.info(f"Loading Tool {tool_like}")
+        if isinstance(tool_like, Tool):
+            tool = tool_like
+        elif isinstance(tool_like, ToolRequest):
+            tool = Tool.from_tool_request(tool_like, lockfile=lockfile)
+        elif isinstance(tool_like, Callable):
+            tool = from_func(tool_like)
+        else:
+            raise ValueError(f"Invalid tool type: {type(tool_like)}")
+
+        pocket_logger.info(f"Complete Loading Tool {tool.name}")
+        return tool