kubiya-control-plane-api 0.1.0__py3-none-any.whl → 0.3.4__py3-none-any.whl

control_plane_api/app/routers/health.py

@@ -0,0 +1,92 @@
+"""Health check endpoints"""
+
+from fastapi import APIRouter, Request, HTTPException, status
+from datetime import datetime
+import structlog
+
+logger = structlog.get_logger()
+
+router = APIRouter()
+
+
+@router.get("/health")
+async def health_check(request: Request):
+    """
+    Health check endpoint (no authentication required).
+
+    Returns basic health status and service information.
+    """
+    return {
+        "status": "healthy",
+        "service": "agent-control_plane_api",
+        "timestamp": datetime.utcnow().isoformat(),
+    }
+
+
+@router.get("/ready")
+async def readiness_check():
+    """Readiness check endpoint (no authentication required)"""
+    return {"status": "ready", "timestamp": datetime.utcnow().isoformat()}
+
+
+@router.get("/health/detailed")
+async def detailed_health_check(request: Request):
+    """
+    Detailed health check with dependency status.
+
+    Checks connectivity to database, Redis, and Temporal.
+    No authentication required for health checks.
+    """
+    checks = {
+        "api": "healthy",
+        "timestamp": datetime.utcnow().isoformat(),
+    }
+
+    # Try Supabase (new way)
+    try:
+        from control_plane_api.app.lib.supabase import get_supabase
+        client = get_supabase()
+        result = client.table("organizations").select("id").limit(1).execute()
+        checks["database"] = "healthy"
+    except Exception as e1:
+        # Fallback to SQLAlchemy (old way)
+        try:
+            from control_plane_api.app.database import get_db
+            from sqlalchemy import text
+            db = next(get_db())
+            db.execute(text("SELECT 1"))
+            checks["database"] = "healthy (legacy)"
+        except Exception as e2:
+            logger.error("database_health_check_failed", supabase_error=str(e1), sqlalchemy_error=str(e2))
+            checks["database"] = f"unhealthy"
+
+    # Check Redis
+    try:
+        import redis
+        from control_plane_api.app.config import settings
+        r = redis.from_url(settings.redis_url)
+        r.ping()
+        checks["redis"] = "healthy"
+    except Exception as e:
+        logger.error("redis_health_check_failed", error=str(e))
+        checks["redis"] = f"unhealthy: {str(e)}"
+
+    # Check Temporal (just configuration check, not actual connection)
+    try:
+        from control_plane_api.app.config import settings
+        if settings.temporal_host and settings.temporal_namespace:
+            checks["temporal"] = "configured"
+        else:
+            checks["temporal"] = "not configured"
+    except Exception as e:
+        logger.error("temporal_health_check_failed", error=str(e))
+        checks["temporal"] = f"error: {str(e)}"
+
+    # Determine overall status
+    checks["status"] = "healthy" if all(
+        v in ["healthy", "healthy (legacy)", "configured"]
+        for k, v in checks.items()
+        if k not in ["timestamp", "status"]
+    ) else "degraded"
+
+    return checks

control_plane_api/app/routers/health_v2.py

@@ -0,0 +1,326 @@
+"""
+Enhanced health check endpoints for production monitoring.
+
+Provides:
+- Basic health check (/health)
+- Readiness check with dependency validation (/health/ready)
+- Liveness check (/health/live)
+- Detailed health status (/health/detailed)
+"""
+
+from fastapi import APIRouter, Depends, HTTPException, status
+from fastapi.responses import JSONResponse
+from typing import Dict, Any, Optional
+from datetime import datetime, timezone
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy import text
+import structlog
+import httpx
+import asyncio
+import time
+import os
+import psutil
+
+from control_plane_api.app.database import get_session
+from control_plane_api.app.lib.redis_client import get_redis_client
+from control_plane_api.app.lib.temporal_client import get_temporal_client
+from control_plane_api.app.config import settings
+
+logger = structlog.get_logger()
+
+router = APIRouter()
+
+# Track application start time
+APP_START_TIME = time.time()
+
+
+@router.get("/health", tags=["Health"])
+async def health_check() -> Dict[str, str]:
+    """
+    Basic health check endpoint.
+    
+    Returns 200 if the service is running.
+    Used by load balancers for basic availability checks.
+    """
+    return {
+        "status": "healthy",
+        "service": "agent-control-plane",
+        "version": settings.api_version,
+        "timestamp": datetime.now(timezone.utc).isoformat(),
+    }
+
+
+@router.get("/health/live", tags=["Health"])
+async def liveness_check() -> Dict[str, Any]:
+    """
+    Liveness probe for Kubernetes.
+    
+    Checks if the application is running and not deadlocked.
+    Returns 200 if alive, 503 if the application needs to be restarted.
+    """
+    try:
+        # Simple check - can we allocate memory and respond?
+        test_data = list(range(1000))
+        
+        uptime = time.time() - APP_START_TIME
+        
+        return {
+            "status": "alive",
+            "uptime_seconds": round(uptime, 2),
+            "timestamp": datetime.now(timezone.utc).isoformat(),
+        }
+    except Exception as e:
+        logger.error("liveness_check_failed", error=str(e))
+        raise HTTPException(
+            status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
+            detail="Liveness check failed",
+        )
+
+
+@router.get("/health/ready", tags=["Health"])
+async def readiness_check(
+    db_session: Optional[AsyncSession] = Depends(get_session),
+) -> Dict[str, Any]:
+    """
+    Readiness probe for Kubernetes and monitoring.
+    
+    Checks if the application is ready to serve traffic by validating:
+    - Database connectivity
+    - Redis connectivity (if configured)
+    - Temporal connectivity (if configured)
+    
+    Returns 200 if ready, 503 if not ready to serve traffic.
+    """
+    checks = {
+        "database": False,
+        "redis": False,
+        "temporal": False,
+    }
+    
+    errors = []
+    
+    # Check database
+    if db_session:
+        try:
+            result = await db_session.execute(text("SELECT 1"))
+            checks["database"] = result.scalar() == 1
+        except Exception as e:
+            logger.warning("database_health_check_failed", error=str(e))
+            errors.append(f"Database: {str(e)}")
+    else:
+        errors.append("Database: No session available")
+    
+    # Check Redis (if configured)
+    try:
+        redis_client = get_redis_client()
+        if redis_client:
+            await redis_client.ping()
+            checks["redis"] = True
+    except Exception as e:
+        logger.warning("redis_health_check_failed", error=str(e))
+        errors.append(f"Redis: {str(e)}")
+    
+    # Check Temporal (if configured)
+    try:
+        temporal_client = await get_temporal_client()
+        if temporal_client:
+            # Try to describe the namespace
+            await temporal_client.service_client.describe_namespace(
+                settings.temporal_namespace
+            )
+            checks["temporal"] = True
+    except Exception as e:
+        logger.warning("temporal_health_check_failed", error=str(e))
+        errors.append(f"Temporal: {str(e)}")
+    
+    # Determine overall readiness
+    # Database is required, Redis and Temporal are optional
+    is_ready = checks["database"]
+    
+    response = {
+        "status": "ready" if is_ready else "not_ready",
+        "timestamp": datetime.now(timezone.utc).isoformat(),
+        "checks": checks,
+    }
+    
+    if errors:
+        response["errors"] = errors
+    
+    if not is_ready:
+        return JSONResponse(
+            status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
+            content=response,
+        )
+    
+    return response
+
+
+@router.get("/health/detailed", tags=["Health"])
+async def detailed_health_check(
+    db_session: Optional[AsyncSession] = Depends(get_session),
+) -> Dict[str, Any]:
+    """
+    Detailed health check with comprehensive system information.
+    
+    Provides:
+    - Service health status
+    - Dependency health checks
+    - System metrics (CPU, memory, disk)
+    - Configuration information
+    
+    Used for debugging and monitoring dashboards.
+    """
+    uptime = time.time() - APP_START_TIME
+    
+    # System metrics
+    cpu_percent = psutil.cpu_percent(interval=0.1)
+    memory = psutil.virtual_memory()
+    disk = psutil.disk_usage('/')
+    
+    # Dependency checks
+    dependencies = {}
+    
+    # Database check with latency
+    db_latency = None
+    if db_session:
+        try:
+            start = time.time()
+            result = await db_session.execute(text("SELECT 1"))
+            db_latency = (time.time() - start) * 1000  # Convert to ms
+            dependencies["database"] = {
+                "healthy": result.scalar() == 1,
+                "latency_ms": round(db_latency, 2),
+            }
+        except Exception as e:
+            dependencies["database"] = {
+                "healthy": False,
+                "error": str(e),
+            }
+    
+    # Redis check with latency
+    try:
+        redis_client = get_redis_client()
+        if redis_client:
+            start = time.time()
+            await redis_client.ping()
+            redis_latency = (time.time() - start) * 1000
+            dependencies["redis"] = {
+                "healthy": True,
+                "latency_ms": round(redis_latency, 2),
+            }
+    except Exception as e:
+        dependencies["redis"] = {
+            "healthy": False,
+            "error": str(e),
+        }
+    
+    # Temporal check
+    try:
+        temporal_client = await get_temporal_client()
+        if temporal_client:
+            start = time.time()
+            await temporal_client.service_client.describe_namespace(
+                settings.temporal_namespace
+            )
+            temporal_latency = (time.time() - start) * 1000
+            dependencies["temporal"] = {
+                "healthy": True,
+                "latency_ms": round(temporal_latency, 2),
+                "namespace": settings.temporal_namespace,
+            }
+    except Exception as e:
+        dependencies["temporal"] = {
+            "healthy": False,
+            "error": str(e),
+        }
+    
+    # External services check (if configured)
+    external_services = {}
+    
+    # Check Kubiya API
+    if settings.kubiya_api_base:
+        try:
+            async with httpx.AsyncClient(timeout=5.0) as client:
+                start = time.time()
+                response = await client.get(f"{settings.kubiya_api_base}/health")
+                kubiya_latency = (time.time() - start) * 1000
+                external_services["kubiya_api"] = {
+                    "healthy": response.status_code == 200,
+                    "latency_ms": round(kubiya_latency, 2),
+                    "status_code": response.status_code,
+                }
+        except Exception as e:
+            external_services["kubiya_api"] = {
+                "healthy": False,
+                "error": str(e),
+            }
+    
+    # Check LiteLLM Proxy
+    if settings.litellm_api_base:
+        try:
+            async with httpx.AsyncClient(timeout=5.0) as client:
+                start = time.time()
+                response = await client.get(f"{settings.litellm_api_base}/health")
+                litellm_latency = (time.time() - start) * 1000
+                external_services["litellm_proxy"] = {
+                    "healthy": response.status_code == 200,
+                    "latency_ms": round(litellm_latency, 2),
+                    "status_code": response.status_code,
+                }
+        except Exception as e:
+            external_services["litellm_proxy"] = {
+                "healthy": False,
+                "error": str(e),
+            }
+    
+    # Determine overall health
+    all_healthy = all(
+        dep.get("healthy", False) for dep in dependencies.values()
+    )
+    
+    return {
+        "status": "healthy" if all_healthy else "degraded",
+        "timestamp": datetime.now(timezone.utc).isoformat(),
+        "version": settings.api_version,
+        "environment": settings.environment,
+        "uptime": {
+            "seconds": round(uptime, 2),
+            "human_readable": _format_uptime(uptime),
+        },
+        "system": {
+            "cpu": {
+                "percent": cpu_percent,
+                "cores": psutil.cpu_count(),
+            },
+            "memory": {
+                "percent": memory.percent,
+                "used_gb": round(memory.used / (1024**3), 2),
+                "total_gb": round(memory.total / (1024**3), 2),
+            },
+            "disk": {
+                "percent": disk.percent,
+                "used_gb": round(disk.used / (1024**3), 2),
+                "total_gb": round(disk.total / (1024**3), 2),
+            },
+        },
+        "dependencies": dependencies,
+        "external_services": external_services if external_services else None,
+    }
+
+
+def _format_uptime(seconds: float) -> str:
+    """Format uptime in human-readable format."""
+    days, remainder = divmod(int(seconds), 86400)
+    hours, remainder = divmod(remainder, 3600)
+    minutes, seconds = divmod(remainder, 60)
+    
+    parts = []
+    if days > 0:
+        parts.append(f"{days}d")
+    if hours > 0:
+        parts.append(f"{hours}h")
+    if minutes > 0:
+        parts.append(f"{minutes}m")
+    parts.append(f"{seconds}s")
+    
+    return " ".join(parts)

control_plane_api/app/routers/integrations.py

@@ -0,0 +1,274 @@
+"""
+Integrations Router - Proxy to Kubiya Integrations API
+
+This router provides access to organization integrations from Kubiya API.
+Integrations provide delegated credentials to third-party services (GitHub, Jira, AWS, etc.)
+"""
+
+import httpx
+from fastapi import APIRouter, Depends, HTTPException, Request
+from typing import Optional, List, Dict, Any
+import structlog
+
+from control_plane_api.app.middleware.auth import get_current_organization
+from control_plane_api.app.lib.kubiya_client import get_kubiya_client, KUBIYA_API_BASE
+
+logger = structlog.get_logger()
+
+router = APIRouter(prefix="/integrations", tags=["integrations"])
+
+
+@router.get("")
+async def list_integrations(
+    request: Request,
+    organization: dict = Depends(get_current_organization),
+    connected_only: bool = False,
+) -> List[Dict[str, Any]]:
+    """
+    List all integrations available in the organization.
+
+    This endpoint proxies to Kubiya Integrations API and returns a list of
+    integrations with their metadata and connection status.
+
+    Args:
+        connected_only: If True, only return connected/active integrations (default: False)
+
+    Returns:
+        List of integrations with metadata
+    """
+    try:
+        token = request.state.kubiya_token
+        auth_type = getattr(request.state, "kubiya_auth_type", "Bearer")
+        org_id = organization["id"]
+
+        logger.debug(
+            "integrations_list_auth",
+            auth_type=auth_type,
+            token_prefix=token[:20] if token else None,
+            org_id=org_id
+        )
+
+        # Prepare headers for Kubiya API
+        headers = {
+            "Authorization": f"{auth_type} {token}",
+            "Accept": "application/json",
+            "Content-Type": "application/json",
+            "X-Kubiya-Client": "agent-control-plane",
+            "X-Organization-ID": org_id,
+        }
+
+        # Call Kubiya Integrations API with full details
+        async with httpx.AsyncClient(timeout=30.0) as client:
+            response = await client.get(
+                f"{KUBIYA_API_BASE}/api/v2/integrations?full=true",
+                headers=headers,
+            )
+
+            if response.status_code == 200:
+                integrations = response.json()
+
+                # Filter to only connected integrations if requested
+                if connected_only:
+                    integrations = [
+                        i for i in integrations
+                        if i.get("connected") or i.get("status") == "active"
+                    ]
+
+                logger.info(
+                    "integrations_fetched",
+                    org_id=org_id,
+                    total_count=len(response.json()),
+                    connected_count=len(integrations),
+                )
+                return integrations
+            else:
+                logger.error(
+                    "kubiya_api_error",
+                    status=response.status_code,
+                    response=response.text[:500],
+                )
+                raise HTTPException(
+                    status_code=response.status_code,
+                    detail=f"Failed to fetch integrations from Kubiya API: {response.text[:200]}",
+                )
+
+    except httpx.TimeoutException:
+        logger.error("kubiya_api_timeout", endpoint="integrations")
+        raise HTTPException(status_code=504, detail="Kubiya API request timed out")
+    except httpx.RequestError as e:
+        logger.error("kubiya_api_request_error", error=str(e))
+        raise HTTPException(status_code=502, detail=f"Failed to connect to Kubiya API: {str(e)}")
+    except Exception as e:
+        logger.error("unexpected_error", error=str(e), error_type=type(e).__name__)
+        raise HTTPException(status_code=500, detail=f"Internal server error: {str(e)}")
+
+
+@router.get("/{integration_id}")
+async def get_integration(
+    integration_id: str,
+    request: Request,
+    organization: dict = Depends(get_current_organization),
+) -> Dict[str, Any]:
+    """
+    Get details of a specific integration.
+
+    Args:
+        integration_id: Integration UUID
+
+    Returns:
+        Integration details
+    """
+    try:
+        token = request.state.kubiya_token
+        auth_type = getattr(request.state, "kubiya_auth_type", "Bearer")
+        org_id = organization["id"]
+
+        # Prepare headers for Kubiya API
+        headers = {
+            "Authorization": f"{auth_type} {token}",
+            "Accept": "application/json",
+            "Content-Type": "application/json",
+            "X-Kubiya-Client": "agent-control-plane",
+            "X-Organization-ID": org_id,
+        }
+
+        # Call Kubiya Integrations API
+        async with httpx.AsyncClient(timeout=30.0) as client:
+            response = await client.get(
+                f"{KUBIYA_API_BASE}/api/v2/integrations/{integration_id}",
+                headers=headers,
+            )
+
+            if response.status_code == 200:
+                integration = response.json()
+                logger.info(
+                    "integration_fetched",
+                    org_id=org_id,
+                    integration_id=integration_id[:8],
+                )
+                return integration
+            else:
+                logger.error(
+                    "kubiya_api_error",
+                    status=response.status_code,
+                    integration_id=integration_id[:8],
+                    response=response.text[:500],
+                )
+                raise HTTPException(
+                    status_code=response.status_code,
+                    detail=f"Failed to fetch integration from Kubiya API: {response.text[:200]}",
+                )
+
+    except httpx.TimeoutException:
+        logger.error("kubiya_api_timeout", endpoint=f"integrations/{integration_id[:8]}")
+        raise HTTPException(status_code=504, detail="Kubiya API request timed out")
+    except httpx.RequestError as e:
+        logger.error("kubiya_api_request_error", error=str(e))
+        raise HTTPException(status_code=502, detail=f"Failed to connect to Kubiya API: {str(e)}")
+    except Exception as e:
+        logger.error("unexpected_error", error=str(e), error_type=type(e).__name__)
+        raise HTTPException(status_code=500, detail=f"Internal server error: {str(e)}")
+
+
+@router.get("/{integration_type}/{integration_id}/token")
+async def get_integration_token(
+    integration_type: str,
+    integration_id: str,
+    request: Request,
+    organization: dict = Depends(get_current_organization),
+) -> Dict[str, Any]:
+    """
+    Get delegated credentials/token for a specific integration.
+
+    This endpoint is used by workers at runtime to get integration credentials.
+    Should be called securely from backend only, not exposed to frontend.
+
+    Args:
+        integration_type: Type of integration (github, github_app, jira, etc.)
+        integration_id: Integration UUID or installation ID
+
+    Returns:
+        Integration credentials/token
+
+    Examples:
+        - /api/v1/integrations/github/uuid-here/token
+        - /api/v1/integrations/github_app/installation-id/token
+        - /api/v1/integrations/jira/uuid-here/token
+    """
+    try:
+        token = request.state.kubiya_token
+        auth_type = getattr(request.state, "kubiya_auth_type", "Bearer")
+        org_id = organization["id"]
+
+        # Prepare headers for Kubiya API
+        headers = {
+            "Authorization": f"{auth_type} {token}",
+            "Accept": "application/json",
+            "Content-Type": "application/json",
+            "X-Kubiya-Client": "agent-control-plane",
+            "X-Organization-ID": org_id,
+        }
+
+        # Build token URL based on integration type
+        integration_type_lower = integration_type.lower()
+
+        if integration_type_lower == "github":
+            token_url = f"{KUBIYA_API_BASE}/api/v1/integration/github/token/{integration_id}"
+        elif integration_type_lower == "github_app":
+            token_url = f"{KUBIYA_API_BASE}/api/v1/integration/github_app/token/{integration_id}"
+        elif integration_type_lower == "jira":
+            token_url = f"{KUBIYA_API_BASE}/api/v1/integration/jira/token/{integration_id}"
+        else:
+            raise HTTPException(
+                status_code=400,
+                detail=f"Unsupported integration type: {integration_type}. Supported types: github, github_app, jira",
+            )
+
+        # Get token
+        async with httpx.AsyncClient(timeout=30.0) as client:
+            token_response = await client.get(token_url, headers=headers)
+
+            if token_response.status_code == 200:
+                # Try to parse as JSON first
+                try:
+                    token_data = token_response.json()
+                    logger.info(
+                        "integration_token_fetched",
+                        org_id=org_id,
+                        integration_id=integration_id[:8] if len(integration_id) > 8 else integration_id,
+                        integration_type=integration_type,
+                    )
+                    return token_data
+                except:
+                    # If not JSON, return as plain text value
+                    token_value = token_response.text
+                    logger.info(
+                        "integration_token_fetched",
+                        org_id=org_id,
+                        integration_id=integration_id[:8] if len(integration_id) > 8 else integration_id,
+                        integration_type=integration_type,
+                    )
+                    return {"token": token_value}
+            else:
+                logger.error(
+                    "kubiya_api_error",
+                    status=token_response.status_code,
+                    integration_id=integration_id[:8] if len(integration_id) > 8 else integration_id,
+                    response=token_response.text[:500],
+                )
+                raise HTTPException(
+                    status_code=token_response.status_code,
+                    detail=f"Failed to fetch integration token: {token_response.text[:200]}",
+                )
+
+    except httpx.TimeoutException:
+        logger.error("kubiya_api_timeout", endpoint=f"integrations/{integration_id[:8]}/token")
+        raise HTTPException(status_code=504, detail="Kubiya API request timed out")
+    except httpx.RequestError as e:
+        logger.error("kubiya_api_request_error", error=str(e))
+        raise HTTPException(status_code=502, detail=f"Failed to connect to Kubiya API: {str(e)}")
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error("unexpected_error", error=str(e), error_type=type(e).__name__)
+        raise HTTPException(status_code=500, detail=f"Internal server error: {str(e)}")