ibm-watsonx-orchestrate 1.11.0b0__py3-none-any.whl → 1.11.1__py3-none-any.whl

ibm_watsonx_orchestrate/cli/commands/environment/environment_command.py

@@ -43,9 +43,13 @@ def activate_env(
         test_package_version_override: Annotated[
             str,
             typer.Option("--test-package-version-override", help="Which prereleased package version to reference when using --registry testpypi", hidden=True),
+        ] = None,
+        skip_version_check: Annotated[
+            bool,
+            typer.Option('--skip-version-check/--enable-version-check', help='Use this flag to skip validating that adk version in use exists in pypi (for clients who mirror the ADK to a local registry and do not have local access to pypi).')
         ] = None
 ):
-    environment_controller.activate(name=name, apikey=apikey,username=username, password=password, registry=registry, test_package_version_override=test_package_version_override)
+    environment_controller.activate(name=name, apikey=apikey, username=username, password=password, registry=registry, test_package_version_override=test_package_version_override, skip_version_check=skip_version_check)
 
 
 @environment_app.command(name="add")
@@ -70,7 +74,7 @@ def add_env(
         ] = None,
         type: Annotated[
             EnvironmentAuthType,
-            typer.Option("--type", "-t", help="The type of auth you wish to use"),
+            typer.Option("--type", "-t", help="The type of auth you wish to use. This overrides the auth type that is inferred from the url"),
         ] = None,
         insecure: Annotated[
             bool,

ibm_watsonx_orchestrate/cli/commands/environment/environment_controller.py

@@ -18,8 +18,9 @@ from ibm_watsonx_orchestrate.cli.config import (
     ENV_IAM_URL_OPT,
     ENVIRONMENTS_SECTION_HEADER,
     PROTECTED_ENV_NAME,
-    ENV_AUTH_TYPE, PYTHON_REGISTRY_HEADER, PYTHON_REGISTRY_TYPE_OPT, PYTHON_REGISTRY_TEST_PACKAGE_VERSION_OVERRIDE_OPT, BYPASS_SSL, VERIFY,
-    DEFAULT_CONFIG_FILE_CONTENT
+    ENV_AUTH_TYPE, PYTHON_REGISTRY_HEADER, PYTHON_REGISTRY_TYPE_OPT, PYTHON_REGISTRY_TEST_PACKAGE_VERSION_OVERRIDE_OPT,
+    BYPASS_SSL, VERIFY,
+    DEFAULT_CONFIG_FILE_CONTENT, PYTHON_REGISTRY_SKIP_VERSION_CHECK_OPT
 )
 from ibm_watsonx_orchestrate.client.client import Client
 from ibm_watsonx_orchestrate.client.client_errors import ClientError
@@ -131,7 +132,7 @@ def _login(name: str, apikey: str = None, username: str = None, password: str =
     except ClientError as e:
         raise ClientError(e)
 
-def activate(name: str, apikey: str=None, username: str=None, password: str=None, registry: RegistryType=None, test_package_version_override=None) -> None:
+def activate(name: str, apikey: str=None, username: str=None, password: str=None, registry: RegistryType=None, test_package_version_override=None, skip_version_check=None) -> None:
     cfg = Config()
     auth_cfg = Config(AUTH_CONFIG_FILE_FOLDER, AUTH_CONFIG_FILE)
     env_cfg = cfg.read(ENVIRONMENTS_SECTION_HEADER, name)
@@ -159,6 +160,8 @@ def activate(name: str, apikey: str=None, username: str=None, password: str=None
         elif cfg.read(PYTHON_REGISTRY_HEADER, PYTHON_REGISTRY_TYPE_OPT) is None:
             cfg.write(PYTHON_REGISTRY_HEADER, PYTHON_REGISTRY_TYPE_OPT, DEFAULT_CONFIG_FILE_CONTENT[PYTHON_REGISTRY_HEADER][PYTHON_REGISTRY_TYPE_OPT])
             cfg.write(PYTHON_REGISTRY_HEADER, PYTHON_REGISTRY_TEST_PACKAGE_VERSION_OVERRIDE_OPT, test_package_version_override)
+        if skip_version_check is not None:
+            cfg.write(PYTHON_REGISTRY_HEADER, PYTHON_REGISTRY_SKIP_VERSION_CHECK_OPT, skip_version_check)
 
     logger.info(f"Environment '{name}' is now active")
     is_cpd = is_cpd_env(url)

ibm_watsonx_orchestrate/cli/commands/evaluations/evaluations_command.py

@@ -16,7 +16,7 @@ from typing import Optional
 from typing_extensions import Annotated
 
 from ibm_watsonx_orchestrate import __version__
-from ibm_watsonx_orchestrate.cli.commands.evaluations.evaluations_controller import EvaluationsController
+from ibm_watsonx_orchestrate.cli.commands.evaluations.evaluations_controller import EvaluationsController, EvaluateMode
 from ibm_watsonx_orchestrate.cli.commands.agents.agents_controller import AgentsController
 
 logger = logging.getLogger(__name__)
@@ -220,6 +220,13 @@ def analyze(data_path: Annotated[
             help="Path to the directory that has the saved results"
         )
     ],
+    tool_definition_path: Annotated[
+        Optional[str],
+        typer.Option(
+            "--tools-path", "-t",
+            help="Path to the directory containing tool definitions."
+        )
+    ] = None,
     user_env_file: Annotated[
         Optional[str],
         typer.Option(
@@ -230,7 +237,10 @@ def analyze(data_path: Annotated[
 
     validate_watsonx_credentials(user_env_file)
     controller = EvaluationsController()
-    controller.analyze(data_path=data_path)
+    controller.analyze(
+        data_path=data_path,
+        tool_definition_path=tool_definition_path
+        )
 
 @evaluation_app.command(name="validate-external", help="Validate an external agent against a set of inputs")
 def validate_external(
@@ -375,3 +385,165 @@ def validate_external(
             msg = f"[dark_orange]Schema validation did not succeed. See '{str(validation_folder)}' for failures.[/dark_orange]"
 
         rich.print(Panel(msg))
+
+@evaluation_app.command(name="quick-eval",
+                        short_help="Evaluate agent against a suite of static metrics and LLM-as-a-judge metrics",
+                        help="""
+                        Use the quick-eval command to evaluate your agent against a suite of static metrics and LLM-as-a-judge metrics.
+                        """)
+def quick_eval(
+    config_file: Annotated[
+        Optional[str],
+        typer.Option(
+            "--config", "-c",
+            help="Path to YAML configuration file containing evaluation settings."
+        )
+    ] = None,
+    test_paths: Annotated[
+        Optional[str],
+        typer.Option(
+            "--test-paths", "-p", 
+            help="Paths to the test files and/or directories to evaluate, separated by commas."
+        ),
+    ] = None,
+    tools_path: Annotated[
+        str,
+        typer.Option(
+            "--tools-path", "-t",
+            help="Path to the directory containing tool definitions."
+        )
+    ] = None,
+    output_dir: Annotated[
+        Optional[str], 
+        typer.Option(
+            "--output-dir", "-o",
+            help="Directory to save the evaluation results."
+        )
+    ] = None,
+    user_env_file: Annotated[
+        Optional[str],
+        typer.Option(
+            "--env-file", "-e", 
+            help="Path to a .env file that overrides default.env. Then environment variables override both."
+        ),
+    ] = None
+):
+    if not config_file:
+        if not test_paths or not output_dir:
+            logger.error("Error: Both --test-paths and --output-dir must be provided when not using a config file")
+            exit(1)
+    
+    validate_watsonx_credentials(user_env_file)
+
+    if tools_path is None:
+        logger.error("When running `quick-eval`, please provide the path to your tools file.")
+        sys.exit(1)
+    
+    controller = EvaluationsController()
+    controller.evaluate(
+        config_file=config_file,
+        test_paths=test_paths,
+        output_dir=output_dir,
+        tools_path=tools_path, mode=EvaluateMode.referenceless
+    )
+
+
+red_teaming_app = typer.Typer(no_args_is_help=True)
+evaluation_app.add_typer(red_teaming_app, name="red-teaming")
+
+
+@red_teaming_app.command("list", help="List available red-teaming attack plans")
+def list_plans():
+    controller = EvaluationsController()
+    controller.list_red_teaming_attacks()
+
+
+@red_teaming_app.command("plan", help="Generate red-teaming attacks")
+def plan(
+    attacks_list: Annotated[
+        str,
+        typer.Option(
+            "--attacks-list",
+            "-a",
+            help="Comma-separated list of red-teaming attacks to generate.",
+        ),
+    ],
+    datasets_path: Annotated[
+        str,
+        typer.Option(
+            "--datasets-path",
+            "-d",
+            help="Path to datasets for red-teaming. This can also be a comma-separated list of files or directories.",
+        ),
+    ],
+    agents_path: Annotated[
+        str, typer.Option("--agents-path", "-g", help="Path to the directory containing all agent definitions.")
+    ],
+    target_agent_name: Annotated[
+        str,
+        typer.Option(
+            "--target-agent-name",
+            "-t",
+            help="Name of the target agent to attack (should be present in agents-path).",
+        ),
+    ],
+    output_dir: Annotated[
+        Optional[str],
+        typer.Option("--output-dir", "-o", help="Directory to save generated attacks.")
+    ]=None,
+    user_env_file: Annotated[
+        Optional[str],
+        typer.Option(
+            "--env-file",
+            "-e",
+            help="Path to a .env file that overrides default.env. Then environment variables override both.",
+        ),
+    ] = None,
+    max_variants: Annotated[
+        Optional[int],
+        typer.Option(
+            "--max_variants",
+            "-n",
+            help="Number of variants to generate per attack type.",
+        ),
+    ] = None,
+
+):
+    validate_watsonx_credentials(user_env_file)
+    controller = EvaluationsController()
+    controller.generate_red_teaming_attacks(
+        attacks_list=attacks_list,
+        datasets_path=datasets_path,
+        agents_path=agents_path,
+        target_agent_name=target_agent_name,
+        output_dir=output_dir,
+        max_variants=max_variants,
+    )
+
+
+@red_teaming_app.command("run", help="Run red-teaming attacks")
+def run(
+    attack_paths: Annotated[
+        str,
+        typer.Option(
+            "--attack-paths",
+            "-a",
+            help="Path or list of paths (comma-separated) to directories containing attack files.",
+        ),
+    ],
+    output_dir: Annotated[
+        Optional[str],
+        typer.Option("--output-dir", "-o", help="Directory to save attack results."),
+    ] = None,
+    user_env_file: Annotated[
+        Optional[str],
+        typer.Option(
+            "--env-file",
+            "-e",
+            help="Path to a .env file that overrides default.env. Then environment variables override both.",
+        ),
+    ] = None,
+):
+    validate_watsonx_credentials(user_env_file)
+    controller = EvaluationsController()
+    controller.run_red_teaming_attacks(attack_paths=attack_paths, output_dir=output_dir)

ibm_watsonx_orchestrate/cli/commands/evaluations/evaluations_controller.py

@@ -1,17 +1,23 @@
 import logging
 import os.path
 from typing import List, Dict, Optional, Tuple
+from enum import StrEnum
 import csv
 from pathlib import Path
 import sys
 from wxo_agentic_evaluation import main as evaluate
+from wxo_agentic_evaluation import quick_eval
 from wxo_agentic_evaluation.tool_planner import build_snapshot
-from wxo_agentic_evaluation.analyze_run import analyze
+from wxo_agentic_evaluation.analyze_run import Analyzer
 from wxo_agentic_evaluation.batch_annotate import generate_test_cases_from_stories
-from wxo_agentic_evaluation.arg_configs import TestConfig, AuthConfig, LLMUserConfig, ChatRecordingConfig, AnalyzeConfig, ProviderConfig
+from wxo_agentic_evaluation.arg_configs import TestConfig, AuthConfig, LLMUserConfig, ChatRecordingConfig, AnalyzeConfig, ProviderConfig, AttackConfig, QuickEvalConfig
 from wxo_agentic_evaluation.record_chat import record_chats
 from wxo_agentic_evaluation.external_agent.external_validate import ExternalAgentValidation
 from wxo_agentic_evaluation.external_agent.performance_test import ExternalAgentPerformanceTest
+from wxo_agentic_evaluation.red_teaming.attack_list import print_attacks
+from wxo_agentic_evaluation.red_teaming import attack_generator
+from wxo_agentic_evaluation.red_teaming.attack_runner import run_attacks
+from wxo_agentic_evaluation.arg_configs import AttackGeneratorConfig
 from ibm_watsonx_orchestrate import __version__
 from ibm_watsonx_orchestrate.cli.config import Config, ENV_WXO_URL_OPT, AUTH_CONFIG_FILE, AUTH_CONFIG_FILE_FOLDER, AUTH_SECTION_HEADER, AUTH_MCSP_TOKEN_OPT
 from ibm_watsonx_orchestrate.utils.utils import yaml_safe_load
@@ -21,6 +27,9 @@ import uuid
 
 logger = logging.getLogger(__name__)
 
+class EvaluateMode(StrEnum):
+    default = "default" # referenceFUL evaluation
+    referenceless = "referenceless"
 
 class EvaluationsController:
     def __init__(self):
@@ -38,7 +47,7 @@ class EvaluationsController:
 
         return url, tenant_name, token
 
-    def evaluate(self, config_file: Optional[str] = None, test_paths: Optional[str] = None, output_dir: Optional[str] = None) -> None:
+    def evaluate(self, config_file: Optional[str] = None, test_paths: Optional[str] = None, output_dir: Optional[str] = None, tools_path: str = None, mode: str = EvaluateMode.default) -> None:
         url, tenant_name, token = self._get_env_config()
 
         if "WATSONX_SPACE_ID" in os.environ and "WATSONX_APIKEY" in os.environ:
@@ -90,9 +99,13 @@ class EvaluationsController:
             config_data["output_dir"] = output_dir
             logger.info(f"Using output directory: {config_data['output_dir']}")
 
-        config = TestConfig(**config_data)
-        
-        evaluate.main(config)
+        if mode == EvaluateMode.default:
+            config = TestConfig(**config_data)
+            evaluate.main(config)
+        elif mode == EvaluateMode.referenceless:
+            config_data["tools_path"] = tools_path
+            config = QuickEvalConfig(**config_data)
+            quick_eval.main(config)
 
     def record(self, output_dir) -> None:
 
@@ -160,9 +173,13 @@ class EvaluationsController:
 
         logger.info("Test cases stored at: %s", output_dir)
 
-    def analyze(self, data_path: str) -> None:
-        config = AnalyzeConfig(data_path=data_path)
-        analyze(config)
+    def analyze(self, data_path: str, tool_definition_path: str) -> None:
+        config = AnalyzeConfig(
+            data_path=data_path,
+            tool_definition_path=tool_definition_path
+            )
+        analyzer = Analyzer()
+        analyzer.analyze(config)
 
     def summarize(self) -> None:
         pass
@@ -187,3 +204,70 @@ class EvaluationsController:
         generated_performance_tests = performance_test.generate_tests()
 
         return generated_performance_tests
+    
+    def list_red_teaming_attacks(self):
+        print_attacks()
+
+    def generate_red_teaming_attacks(
+        self,
+        attacks_list: str,
+        datasets_path: str,
+        agents_path: str,
+        target_agent_name: str,
+        output_dir: Optional[str] = None,
+        max_variants: Optional[int] = None,
+    ):
+        if output_dir is None:
+            output_dir = os.path.join(os.getcwd(), "red_teaming_attacks")
+            os.makedirs(output_dir, exist_ok=True)
+            logger.info(f"No output directory specified. Using default: {output_dir}")
+
+        results = attack_generator.main(
+            AttackGeneratorConfig(
+                attacks_list=attacks_list.split(","),
+                datasets_path=datasets_path.split(","),
+                agents_path=agents_path,
+                target_agent_name=target_agent_name,
+                output_dir=output_dir,
+                max_variants=max_variants,
+            )
+        )
+        logger.info(f"Generated {len(results)} attacks and saved to {output_dir}")
+
+    def run_red_teaming_attacks(self, attack_paths: str, output_dir: Optional[str] = None) -> None:
+        url, tenant_name, token = self._get_env_config()
+
+        if "WATSONX_SPACE_ID" in os.environ and "WATSONX_APIKEY" in os.environ:
+            provider = "watsonx"
+        elif "WO_INSTANCE" in os.environ and "WO_API_KEY" in os.environ:
+            provider = "model_proxy"
+        else:
+            logger.error(
+                "No provider found. Please either provide a config_file or set either WATSONX_SPACE_ID and WATSONX_APIKEY or WO_INSTANCE and WO_API_KEY in your system environment variables."
+            )
+            sys.exit(1)
+
+        config_data = {
+            "auth_config": AuthConfig(
+                url=url,
+                tenant_name=tenant_name,
+                token=token,
+            ),
+            "provider_config": ProviderConfig(
+                provider=provider,
+                model_id="meta-llama/llama-3-405b-instruct",
+            ),
+        }
+
+        config_data["attack_paths"] = attack_paths.split(",")
+        if output_dir:
+            config_data["output_dir"] = output_dir
+        else:
+            config_data["output_dir"] = os.path.join(os.getcwd(), "red_teaming_results")
+            os.makedirs(config_data["output_dir"], exist_ok=True)
+            logger.info(f"No output directory specified. Using default: {config_data['output_dir']}")
+            
+
+        config = AttackConfig(**config_data)
+
+        run_attacks(config)

ibm_watsonx_orchestrate/cli/commands/server/types.py

@@ -92,7 +92,7 @@ class ModelGatewayEnvConfig(BaseModel):
                     inferred_auth_url = config.get("WO_INSTANCE") + '/icp4d-api/v1/authorize'   
                 else: 
                     logger.error(f"No 'AUTHORIZATION_URL' found. Auth type '{auth_type}' does not support defaulting. Please set the 'AUTHORIZATION_URL' explictly")
-                sys.exit(1)
+                    sys.exit(1)
             config["AUTHORIZATION_URL"] = inferred_auth_url
         
         if auth_type != WoAuthType.CPD:

ibm_watsonx_orchestrate/cli/commands/tools/tools_controller.py

@@ -32,7 +32,7 @@ from ibm_watsonx_orchestrate.cli.commands.connections.connections_controller imp
 from ibm_watsonx_orchestrate.agent_builder.connections.types import  ConnectionType, ConnectionEnvironment, ConnectionPreference
 from ibm_watsonx_orchestrate.cli.config import Config, CONTEXT_SECTION_HEADER, CONTEXT_ACTIVE_ENV_OPT, \
     PYTHON_REGISTRY_HEADER, PYTHON_REGISTRY_TYPE_OPT, PYTHON_REGISTRY_TEST_PACKAGE_VERSION_OVERRIDE_OPT, \
-    DEFAULT_CONFIG_FILE_CONTENT
+    DEFAULT_CONFIG_FILE_CONTENT, PYTHON_REGISTRY_SKIP_VERSION_CHECK_OPT
 from ibm_watsonx_orchestrate.agent_builder.connections import ConnectionSecurityScheme, ExpectedCredentials
 from ibm_watsonx_orchestrate.flow_builder.flows.decorators import FlowWrapper
 from ibm_watsonx_orchestrate.client.tools.tool_client import ToolClient
@@ -746,15 +746,18 @@ class ToolsController:
 
                         cfg = Config()
                         registry_type = cfg.read(PYTHON_REGISTRY_HEADER, PYTHON_REGISTRY_TYPE_OPT) or DEFAULT_CONFIG_FILE_CONTENT[PYTHON_REGISTRY_HEADER][PYTHON_REGISTRY_TYPE_OPT]
+                        skip_version_check = cfg.read(PYTHON_REGISTRY_HEADER, PYTHON_REGISTRY_SKIP_VERSION_CHECK_OPT) or DEFAULT_CONFIG_FILE_CONTENT[PYTHON_REGISTRY_HEADER][PYTHON_REGISTRY_SKIP_VERSION_CHECK_OPT]
 
                         version = __version__
                         if registry_type == RegistryType.LOCAL:
+                            logger.warning(f"Using a local registry which is for development purposes only")
                             requirements.append(f"/packages/ibm_watsonx_orchestrate-0.6.0-py3-none-any.whl\n")
                         elif registry_type == RegistryType.PYPI:
-                            wheel_file = get_whl_in_registry(registry_url='https://pypi.org/simple/ibm-watsonx-orchestrate', version=version)
-                            if not wheel_file:
-                                logger.error(f"Could not find ibm-watsonx-orchestrate@{version} on https://pypi.org/project/ibm-watsonx-orchestrate")
-                                exit(1)
+                            if not skip_version_check:
+                                wheel_file = get_whl_in_registry(registry_url='https://pypi.org/simple/ibm-watsonx-orchestrate', version=version)
+                                if not wheel_file:
+                                    logger.error(f"Could not find ibm-watsonx-orchestrate@{version} on https://pypi.org/project/ibm-watsonx-orchestrate")
+                                    exit(1)
                             requirements.append(f"ibm-watsonx-orchestrate=={version}\n")
                         elif registry_type == RegistryType.TESTPYPI:
                             override_version = cfg.get(PYTHON_REGISTRY_HEADER, PYTHON_REGISTRY_TEST_PACKAGE_VERSION_OVERRIDE_OPT) or version

ibm_watsonx_orchestrate/cli/config.py

@@ -22,6 +22,7 @@ AUTH_MCSP_TOKEN_OPT = "wxo_mcsp_token"
 AUTH_MCSP_TOKEN_EXPIRY_OPT = "wxo_mcsp_token_expiry"
 CONTEXT_ACTIVE_ENV_OPT = "active_environment"
 PYTHON_REGISTRY_TYPE_OPT = "type"
+PYTHON_REGISTRY_SKIP_VERSION_CHECK_OPT = "skip_version_check"
 PYTHON_REGISTRY_TEST_PACKAGE_VERSION_OVERRIDE_OPT = "test_package_version_override"
 ENV_WXO_URL_OPT = "wxo_url"
 ENV_IAM_URL_OPT = "iam_url"
@@ -40,7 +41,8 @@ DEFAULT_CONFIG_FILE_CONTENT = {
     CONTEXT_SECTION_HEADER: {CONTEXT_ACTIVE_ENV_OPT: None},
     PYTHON_REGISTRY_HEADER: {
         PYTHON_REGISTRY_TYPE_OPT: str(RegistryType.PYPI),
-        PYTHON_REGISTRY_TEST_PACKAGE_VERSION_OVERRIDE_OPT: None
+        PYTHON_REGISTRY_TEST_PACKAGE_VERSION_OVERRIDE_OPT: None,
+        PYTHON_REGISTRY_SKIP_VERSION_CHECK_OPT: False
     },
     ENVIRONMENTS_SECTION_HEADER: {
         PROTECTED_ENV_NAME: {

ibm_watsonx_orchestrate/client/base_api_client.py

@@ -1,9 +1,22 @@
 import json
-
+from ibm_watsonx_orchestrate.utils.exceptions import BadRequest
 import requests
 from abc import ABC, abstractmethod
 from ibm_cloud_sdk_core.authenticators import MCSPAuthenticator
 from typing_extensions import List
+from contextlib import contextmanager
+
+@contextmanager
+def ssl_handler():
+    try:
+        yield
+    except requests.exceptions.SSLError as e:
+        error_message = str(e)
+        if "self-signed certificate in certificate chain" in error_message:
+            reason = "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain"
+        else:
+            reason = error_message
+        raise BadRequest(f"SSL handshake failed for request '{e.request.path_url}'. Reason: '{reason}'")
 
 
 class ClientAPIException(requests.HTTPError):
@@ -50,7 +63,8 @@ class BaseAPIClient:
 
     def _get(self, path: str, params: dict = None, data=None, return_raw=False) -> dict:
         url = f"{self.base_url}{path}"
-        response = requests.get(url, headers=self._get_headers(), params=params, data=data, verify=self.verify)
+        with ssl_handler():
+            response = requests.get(url, headers=self._get_headers(), params=params, data=data, verify=self.verify)
         self._check_response(response)
         if not return_raw:
             return response.json()
@@ -59,13 +73,15 @@ class BaseAPIClient:
 
     def _post(self, path: str, data: dict = None, files: dict = None) -> dict:
         url = f"{self.base_url}{path}"
-        response = requests.post(url, headers=self._get_headers(), json=data, files=files, verify=self.verify)
+        with ssl_handler():
+            response = requests.post(url, headers=self._get_headers(), json=data, files=files, verify=self.verify)
         self._check_response(response)
         return response.json() if response.text else {}
     
     def _post_nd_json(self, path: str, data: dict = None, files: dict = None) -> List[dict]:
         url = f"{self.base_url}{path}"
-        response = requests.post(url, headers=self._get_headers(), json=data, files=files)
+        with ssl_handler():
+            response = requests.post(url, headers=self._get_headers(), json=data, files=files)
         self._check_response(response)
 
         res = []
@@ -76,33 +92,38 @@ class BaseAPIClient:
     
     def _post_form_data(self, path: str, data: dict = None, files: dict = None) -> dict:
         url = f"{self.base_url}{path}"
-        # Use data argument instead of json so data is encoded as application/x-www-form-urlencoded
-        response = requests.post(url, headers=self._get_headers(), data=data, files=files, verify=self.verify)
+        with ssl_handler():
+            # Use data argument instead of json so data is encoded as application/x-www-form-urlencoded
+            response = requests.post(url, headers=self._get_headers(), data=data, files=files, verify=self.verify)
         self._check_response(response)
         return response.json() if response.text else {}
 
     def _put(self, path: str, data: dict = None) -> dict:
 
         url = f"{self.base_url}{path}"
-        response = requests.put(url, headers=self._get_headers(), json=data, verify=self.verify)
+        with ssl_handler():
+            response = requests.put(url, headers=self._get_headers(), json=data, verify=self.verify)
         self._check_response(response)
         return response.json() if response.text else {}
 
     def _patch(self, path: str, data: dict = None) -> dict:
         url = f"{self.base_url}{path}"
-        response = requests.patch(url, headers=self._get_headers(), json=data, verify=self.verify)
+        with ssl_handler():
+            response = requests.patch(url, headers=self._get_headers(), json=data, verify=self.verify)
         self._check_response(response)
         return response.json() if response.text else {}
     
     def _patch_form_data(self, path: str, data: dict = None, files = None) -> dict:
         url = f"{self.base_url}{path}"
-        response = requests.patch(url, headers=self._get_headers(), data=data, files=files, verify=self.verify)
+        with ssl_handler():
+            response = requests.patch(url, headers=self._get_headers(), data=data, files=files, verify=self.verify)
         self._check_response(response)
         return response.json() if response.text else {}
 
     def _delete(self, path: str, data=None) -> dict:
         url = f"{self.base_url}{path}"
-        response = requests.delete(url, headers=self._get_headers(), json=data, verify=self.verify)
+        with ssl_handler():
+            response = requests.delete(url, headers=self._get_headers(), json=data, verify=self.verify)
         self._check_response(response)
         return response.json() if response.text else {}
 

ibm_watsonx_orchestrate/client/connections/connections_client.py

@@ -177,3 +177,17 @@ class ConnectionsClient(BaseAPIClient):
                 logger.warning(f"Connections not found. Returning connection ID: {conn_id}")
                 return conn_id
             raise e
+
+    def get_drafts_by_ids(self, conn_ids) -> List[ListConfigsResponse]:
+        try:
+            res = self._get(f"/connections/applications?connectionIds={','.join(conn_ids)}")
+            import json
+            json.dumps(res)
+            return [ListConfigsResponse.model_validate(conn) for conn in res.get("applications", [])]
+        except ValidationError as e:
+            logger.error("Recieved unexpected response from server")
+            raise e
+        except ClientAPIException as e:
+            if e.response.status_code == 404:
+                return []
+            raise e

ibm_watsonx_orchestrate/client/service_instance.py

@@ -10,7 +10,7 @@ from ibm_cloud_sdk_core.authenticators import MCSPV2Authenticator
 from ibm_cloud_sdk_core.authenticators import IAMAuthenticator
 from ibm_cloud_sdk_core.authenticators import CloudPakForDataAuthenticator
 
-from ibm_watsonx_orchestrate.client.utils import check_token_validity, is_cpd_env
+from ibm_watsonx_orchestrate.client.utils import check_token_validity, is_cpd_env, is_ibm_cloud_platform
 from ibm_watsonx_orchestrate.client.base_service_instance import BaseServiceInstance
 from ibm_watsonx_orchestrate.cli.commands.environment.types import EnvironmentAuthType
 
@@ -21,14 +21,6 @@ from ibm_watsonx_orchestrate.client.client_errors import (
 import logging
 logger = logging.getLogger(__name__)
 
-from ibm_watsonx_orchestrate.cli.config import (
-    Config,
-    CONTEXT_SECTION_HEADER,
-    CONTEXT_ACTIVE_ENV_OPT,
-    ENVIRONMENTS_SECTION_HEADER,
-    ENV_WXO_URL_OPT
-)
-
 class ServiceInstance(BaseServiceInstance):
     """Connect, get details, and check usage of a Watson Machine Learning service instance."""
 
@@ -50,29 +42,28 @@ class ServiceInstance(BaseServiceInstance):
         return self._client.token
     
     def _create_token(self) -> str:
-        if not self._credentials.auth_type:
-            if ".cloud.ibm.com" in self._credentials.url:
-                logger.warning("Using IBM IAM Auth Type. If this is incorrect please use the '--type' flag to explicitly choose one of 'mcsp', 'mcsp_v1', 'mcsp_v2' or 'cpd' ")
-                return self._authenticate(EnvironmentAuthType.IBM_CLOUD_IAM)
-            elif is_cpd_env(self._credentials.url):
-                logger.warning("Using CPD Auth Type. If this is incorrect please use the '--type' flag to explicitly choose one of 'ibm_iam', 'mcsp', 'mcsp_v1' or 'mcsp_v2' ")
-                return self._authenticate(EnvironmentAuthType.CPD)
-            else:
-                logger.warning("Using MCSP Auth Type. If this is incorrect please use the '--type' flag to explicitly choose one of 'ibm_iam', 'mcsp_v1', 'mcsp_v2' or 'cpd' ")
-                try:
-                    return self._authenticate(EnvironmentAuthType.MCSP_V1)
-                except:
-                    return self._authenticate(EnvironmentAuthType.MCSP_V2)
-        auth_type = self._credentials.auth_type.lower()
+        inferred_auth_type = None
+        if is_ibm_cloud_platform(self._credentials.url):
+            inferred_auth_type = EnvironmentAuthType.IBM_CLOUD_IAM
+        elif is_cpd_env(self._credentials.url):
+            inferred_auth_type = EnvironmentAuthType.CPD
+        else:
+            inferred_auth_type = EnvironmentAuthType.MCSP
+        
+        if self._credentials.auth_type:
+            if self._credentials.auth_type != inferred_auth_type:
+                logger.warning(f"Overriding the default authentication type '{inferred_auth_type}' for url '{self._credentials.url}' with '{self._credentials.auth_type.lower()}'")
+            auth_type = self._credentials.auth_type.lower()
+        else:
+            inferred_type_options = [t for t in EnvironmentAuthType if t != inferred_auth_type]
+            logger.warning(f"Using '{inferred_auth_type}' Auth Type. If this is incorrect please use the '--type' flag to explicitly choose one of {', '.join(inferred_type_options[:-1])} or {inferred_type_options[-1]}")
+            auth_type = inferred_auth_type
+        
         if auth_type == "mcsp":
             try:
                 return self._authenticate(EnvironmentAuthType.MCSP_V1)
             except:
                 return self._authenticate(EnvironmentAuthType.MCSP_V2)
-        elif auth_type == "mcsp_v1":
-            return self._authenticate(EnvironmentAuthType.MCSP_V1)
-        elif auth_type == "mcsp_v2":
-            return self._authenticate(EnvironmentAuthType.MCSP_V2)
         else:
             return self._authenticate(auth_type)
 
@@ -100,13 +91,7 @@ class ServiceInstance(BaseServiceInstance):
                     if self._credentials.iam_url is not None: 
                         url = self._credentials.iam_url
                     else: 
-                        cfg = Config()
-                        env_cfg = cfg.get(ENVIRONMENTS_SECTION_HEADER)
-                        matching_wxo_url = next(
-                            (env_config['wxo_url'] for env_config in env_cfg.values() if 'bypass_ssl' in env_config and 'verify' in env_config),
-                            None
-                        )
-                        base_url = matching_wxo_url.split("/orchestrate")[0]
+                        base_url = self._credentials.url.split("/orchestrate")[0]
                         url = f"{base_url}/icp4d-api"
 
                     password = self._credentials.password if self._credentials.password is not None else None