recce 1.34.0__py3-none-any.whl → 1.34.1__py3-none-any.whl

recce/data/query/index.txt

@@ -9,13 +9,13 @@
 9:I[159525,["/_next/static/chunks/a86a0aa30d03f88d.js","/_next/static/chunks/2bc5c51da5e54973.js"],"ClientPageRoot"]
 a:I[884916,["/_next/static/chunks/1bbfc841a3bbdeab.js","/_next/static/chunks/9469a701a796ba64.js","/_next/static/chunks/ee2093563445f2b0.js","/_next/static/chunks/7bb921acbf2d3876.js","/_next/static/chunks/dafbfe5da3f2c3e7.js","/_next/static/chunks/a30fe1ec4d0d0199.js","/_next/static/chunks/f7f40fdbc2f80591.js","/_next/static/chunks/c141122216926f40.js"],"default"]
 11:I[253348,["/_next/static/chunks/5d86ee6b69e79ebd.js","/_next/static/chunks/962acc699ca0cfa9.js"],"default"]
-:HL["/_next/static/chunks/f6d41978531cd9db.css","style"]
+:HL["/_next/static/chunks/b83721c72340cd2d.css","style"]
 :HL["/_next/static/chunks/43e0b34d1dad593f.css","style"]
 :HL["/_next/static/chunks/923964f18c87d0f1.css","style"]
 :HL["/_next/static/chunks/1e4334d18b8a3acd.css","style"]
 :HL["/_next/static/chunks/8a5bd6fe3abc8091.css","style"]
 :HC["/",""]
-0:{"P":null,"b":"OyDG3WjH0168IzuuFgRC6","c":["","query",""],"q":"","i":false,"f":[[["",{"children":["query",{"children":["__PAGE__",{}]}],"lineage":["__DEFAULT__",{}]},"$undefined","$undefined",true],[["$","$L1","c",{"notFound":[[["$","link","0",{"rel":"stylesheet","href":"/_next/static/chunks/f6d41978531cd9db.css","precedence":"next","crossOrigin":"$undefined","nonce":"$undefined"}],["$","link","1",{"rel":"stylesheet","href":"/_next/static/chunks/43e0b34d1dad593f.css","precedence":"next","crossOrigin":"$undefined","nonce":"$undefined"}],["$","link","2",{"rel":"stylesheet","href":"/_next/static/chunks/923964f18c87d0f1.css","precedence":"next","crossOrigin":"$undefined","nonce":"$undefined"}],["$","link","3",{"rel":"stylesheet","href":"/_next/static/chunks/1e4334d18b8a3acd.css","precedence":"next","crossOrigin":"$undefined","nonce":"$undefined"}],["$","script","script-0",{"src":"/_next/static/chunks/1bbfc841a3bbdeab.js","async":true,"nonce":"$undefined"}],["$","script","script-1",{"src":"/_next/static/chunks/9469a701a796ba64.js","async":true,"nonce":"$undefined"}],["$","script","script-2",{"src":"/_next/static/chunks/ee2093563445f2b0.js","async":true,"nonce":"$undefined"}],["$","script","script-3",{"src":"/_next/static/chunks/7bb921acbf2d3876.js","async":true,"nonce":"$undefined"}],["$","script","script-4",{"src":"/_next/static/chunks/dafbfe5da3f2c3e7.js","async":true,"nonce":"$undefined"}],["$","script","script-5",{"src":"/_next/static/chunks/a30fe1ec4d0d0199.js","async":true,"nonce":"$undefined"}]],["$","html",null,{"lang":"en","suppressHydrationWarning":true,"children":[["$","$L2",null,{"gtmId":"GTM-M2HVJQFD"}],["$","$L3",null,{"dangerouslySetInnerHTML":{"__html":"\n    (function() {\n      const hash = window.location.hash;\n      if (hash.startsWith('#!')) {\n        const newLocation = window.location.origin + window.location.pathname;\n        window.location.assign(newLocation);\n      }\n    })();\n  "}}],["$","body",null,{"children":["$","$L4",null,{"lineage":"$undefined","children":[[],[[["$","title",null,{"children":"404: This page could not be found."}],["$","div",null,{"style":{"fontFamily":"system-ui,\"Segoe UI\",Roboto,Helvetica,Arial,sans-serif,\"Apple Color Emoji\",\"Segoe UI Emoji\"","height":"100vh","textAlign":"center","display":"flex","flexDirection":"column","alignItems":"center","justifyContent":"center"},"children":["$","div",null,{"children":[["$","style",null,{"dangerouslySetInnerHTML":{"__html":"body{color:#000;background:#fff;margin:0}.next-error-h1{border-right:1px solid rgba(0,0,0,.3)}@media (prefers-color-scheme:dark){body{color:#fff;background:#000}.next-error-h1{border-right:1px solid rgba(255,255,255,.3)}}"}}],["$","h1",null,{"className":"next-error-h1","style":{"display":"inline-block","margin":"0 20px 0 0","padding":"0 23px 0 0","fontSize":24,"fontWeight":500,"verticalAlign":"top","lineHeight":"49px"},"children":404}],["$","div",null,{"style":{"display":"inline-block"},"children":["$","h2",null,{"style":{"fontSize":14,"fontWeight":400,"lineHeight":"49px","margin":0},"children":"This page could not be found."}]}]]}]}]],"$0:f:0:1:0:props:notFound:1:props:children:2:props:children:props:children:0"]]}]}]]}]],"children":["$0:f:0:1:0:props:notFound:0",["$","html",null,{"lang":"en","suppressHydrationWarning":true,"children":[["$","$L2",null,{"gtmId":"GTM-M2HVJQFD"}],["$","$L3",null,{"dangerouslySetInnerHTML":{"__html":"\n    (function() {\n      const hash = window.location.hash;\n      if (hash.startsWith('#!')) {\n        const newLocation = window.location.origin + window.location.pathname;\n        window.location.assign(newLocation);\n      }\n    })();\n  "}}],["$","body",null,{"children":["$","$L4",null,{"lineage":["$","$L5",null,{"parallelRouterKey":"lineage","error":"$6","errorStyles":[],"errorScripts":[["$","script","script-0",{"src":"/_next/static/chunks/123e829f169c0100.js","async":true}],["$","script","script-1",{"src":"/_next/static/chunks/962acc699ca0cfa9.js","async":true}]],"template":["$","$L7",null,{}],"templateStyles":"$undefined","templateScripts":"$undefined","notFound":"$undefined","forbidden":"$undefined","unauthorized":"$undefined"}],"children":["$","$L5",null,{"parallelRouterKey":"children","error":"$6","errorStyles":"$0:f:0:1:0:props:children:1:props:children:2:props:children:props:lineage:props:errorStyles","errorScripts":"$0:f:0:1:0:props:children:1:props:children:2:props:children:props:lineage:props:errorScripts","template":["$","$L7",null,{}],"templateStyles":"$undefined","templateScripts":"$undefined","notFound":"$0:f:0:1:0:props:notFound:1:props:children:2:props:children:props:children:1","forbidden":"$undefined","unauthorized":"$undefined"}]}]}]]}]]}],{"children":[["$","$8","c",{"children":[null,["$","$L5",null,{"parallelRouterKey":"children","error":"$undefined","errorStyles":"$undefined","errorScripts":"$undefined","template":["$","$L7",null,{}],"templateStyles":"$undefined","templateScripts":"$undefined","notFound":"$undefined","forbidden":"$undefined","unauthorized":"$undefined"}]]}],{"children":[["$","$8","c",{"children":[["$","$L9",null,{"Component":"$a","serverProvidedParams":{"searchParams":{},"params":{},"promises":["$@b","$@c"]}}],[["$","script","script-0",{"src":"/_next/static/chunks/f7f40fdbc2f80591.js","async":true,"nonce":"$undefined"}],"$Ld"],"$Le"]}],{},null,false,false]},null,false,false],"lineage":["$Lf",{},null,false,false]},null,false,false],"$L10",false]],"m":"$undefined","G":["$11",[]],"S":true}
+0:{"P":null,"b":"rRopaMiU51gUmORexSTEw","c":["","query",""],"q":"","i":false,"f":[[["",{"children":["query",{"children":["__PAGE__",{}]}],"lineage":["__DEFAULT__",{}]},"$undefined","$undefined",true],[["$","$L1","c",{"notFound":[[["$","link","0",{"rel":"stylesheet","href":"/_next/static/chunks/b83721c72340cd2d.css","precedence":"next","crossOrigin":"$undefined","nonce":"$undefined"}],["$","link","1",{"rel":"stylesheet","href":"/_next/static/chunks/43e0b34d1dad593f.css","precedence":"next","crossOrigin":"$undefined","nonce":"$undefined"}],["$","link","2",{"rel":"stylesheet","href":"/_next/static/chunks/923964f18c87d0f1.css","precedence":"next","crossOrigin":"$undefined","nonce":"$undefined"}],["$","link","3",{"rel":"stylesheet","href":"/_next/static/chunks/1e4334d18b8a3acd.css","precedence":"next","crossOrigin":"$undefined","nonce":"$undefined"}],["$","script","script-0",{"src":"/_next/static/chunks/1bbfc841a3bbdeab.js","async":true,"nonce":"$undefined"}],["$","script","script-1",{"src":"/_next/static/chunks/9469a701a796ba64.js","async":true,"nonce":"$undefined"}],["$","script","script-2",{"src":"/_next/static/chunks/ee2093563445f2b0.js","async":true,"nonce":"$undefined"}],["$","script","script-3",{"src":"/_next/static/chunks/7bb921acbf2d3876.js","async":true,"nonce":"$undefined"}],["$","script","script-4",{"src":"/_next/static/chunks/dafbfe5da3f2c3e7.js","async":true,"nonce":"$undefined"}],["$","script","script-5",{"src":"/_next/static/chunks/a30fe1ec4d0d0199.js","async":true,"nonce":"$undefined"}]],["$","html",null,{"lang":"en","suppressHydrationWarning":true,"children":[["$","$L2",null,{"gtmId":"GTM-M2HVJQFD"}],["$","$L3",null,{"dangerouslySetInnerHTML":{"__html":"\n    (function() {\n      const hash = window.location.hash;\n      if (hash.startsWith('#!')) {\n        const newLocation = window.location.origin + window.location.pathname;\n        window.location.assign(newLocation);\n      }\n    })();\n  "}}],["$","body",null,{"children":["$","$L4",null,{"lineage":"$undefined","children":[[],[[["$","title",null,{"children":"404: This page could not be found."}],["$","div",null,{"style":{"fontFamily":"system-ui,\"Segoe UI\",Roboto,Helvetica,Arial,sans-serif,\"Apple Color Emoji\",\"Segoe UI Emoji\"","height":"100vh","textAlign":"center","display":"flex","flexDirection":"column","alignItems":"center","justifyContent":"center"},"children":["$","div",null,{"children":[["$","style",null,{"dangerouslySetInnerHTML":{"__html":"body{color:#000;background:#fff;margin:0}.next-error-h1{border-right:1px solid rgba(0,0,0,.3)}@media (prefers-color-scheme:dark){body{color:#fff;background:#000}.next-error-h1{border-right:1px solid rgba(255,255,255,.3)}}"}}],["$","h1",null,{"className":"next-error-h1","style":{"display":"inline-block","margin":"0 20px 0 0","padding":"0 23px 0 0","fontSize":24,"fontWeight":500,"verticalAlign":"top","lineHeight":"49px"},"children":404}],["$","div",null,{"style":{"display":"inline-block"},"children":["$","h2",null,{"style":{"fontSize":14,"fontWeight":400,"lineHeight":"49px","margin":0},"children":"This page could not be found."}]}]]}]}]],"$0:f:0:1:0:props:notFound:1:props:children:2:props:children:props:children:0"]]}]}]]}]],"children":["$0:f:0:1:0:props:notFound:0",["$","html",null,{"lang":"en","suppressHydrationWarning":true,"children":[["$","$L2",null,{"gtmId":"GTM-M2HVJQFD"}],["$","$L3",null,{"dangerouslySetInnerHTML":{"__html":"\n    (function() {\n      const hash = window.location.hash;\n      if (hash.startsWith('#!')) {\n        const newLocation = window.location.origin + window.location.pathname;\n        window.location.assign(newLocation);\n      }\n    })();\n  "}}],["$","body",null,{"children":["$","$L4",null,{"lineage":["$","$L5",null,{"parallelRouterKey":"lineage","error":"$6","errorStyles":[],"errorScripts":[["$","script","script-0",{"src":"/_next/static/chunks/123e829f169c0100.js","async":true}],["$","script","script-1",{"src":"/_next/static/chunks/962acc699ca0cfa9.js","async":true}]],"template":["$","$L7",null,{}],"templateStyles":"$undefined","templateScripts":"$undefined","notFound":"$undefined","forbidden":"$undefined","unauthorized":"$undefined"}],"children":["$","$L5",null,{"parallelRouterKey":"children","error":"$6","errorStyles":"$0:f:0:1:0:props:children:1:props:children:2:props:children:props:lineage:props:errorStyles","errorScripts":"$0:f:0:1:0:props:children:1:props:children:2:props:children:props:lineage:props:errorScripts","template":["$","$L7",null,{}],"templateStyles":"$undefined","templateScripts":"$undefined","notFound":"$0:f:0:1:0:props:notFound:1:props:children:2:props:children:props:children:1","forbidden":"$undefined","unauthorized":"$undefined"}]}]}]]}]]}],{"children":[["$","$8","c",{"children":[null,["$","$L5",null,{"parallelRouterKey":"children","error":"$undefined","errorStyles":"$undefined","errorScripts":"$undefined","template":["$","$L7",null,{}],"templateStyles":"$undefined","templateScripts":"$undefined","notFound":"$undefined","forbidden":"$undefined","unauthorized":"$undefined"}]]}],{"children":[["$","$8","c",{"children":[["$","$L9",null,{"Component":"$a","serverProvidedParams":{"searchParams":{},"params":{},"promises":["$@b","$@c"]}}],[["$","script","script-0",{"src":"/_next/static/chunks/f7f40fdbc2f80591.js","async":true,"nonce":"$undefined"}],"$Ld"],"$Le"]}],{},null,false,false]},null,false,false],"lineage":["$Lf",{},null,false,false]},null,false,false],"$L10",false]],"m":"$undefined","G":["$11",[]],"S":true}
 12:I[612109,["/_next/static/chunks/a86a0aa30d03f88d.js","/_next/static/chunks/2bc5c51da5e54973.js"],"OutletBoundary"]
 13:"$Sreact.suspense"
 15:I[670337,["/_next/static/chunks/1bbfc841a3bbdeab.js","/_next/static/chunks/9469a701a796ba64.js","/_next/static/chunks/ee2093563445f2b0.js","/_next/static/chunks/7bb921acbf2d3876.js","/_next/static/chunks/dafbfe5da3f2c3e7.js","/_next/static/chunks/a30fe1ec4d0d0199.js","/_next/static/chunks/c89352f5e745d873.js","/_next/static/chunks/b491ab151a29aba2.js","/_next/static/chunks/49dd9a35f25a3c78.js"],"default"]

recce/models/check.py

@@ -225,8 +225,16 @@ class CheckDAO:
                 org_id, project_id, session_id = self._get_session_info()
                 cloud_client = self._get_cloud_client()
 
+                # Get cloud user context for attribution (shared instance scenario)
+                from recce.websocket import get_current_cloud_user
+
+                cloud_user = get_current_cloud_user()
+                acting_user_id = str(cloud_user.user_id) if cloud_user else None
+
                 check_data = self._check_to_cloud_format(check)
-                cloud_check = cloud_client.create_check(org_id, project_id, session_id, check_data)
+                cloud_check = cloud_client.create_check(
+                    org_id, project_id, session_id, check_data, acting_user_id=acting_user_id
+                )
                 new_check = self._cloud_to_check(cloud_check)
 
                 logger.debug(f"Created check {new_check.check_id} in cloud")
@@ -288,9 +296,20 @@ class CheckDAO:
                 org_id, project_id, session_id = self._get_session_info()
                 cloud_client = self._get_cloud_client()
 
+                # Get cloud user context for attribution (shared instance scenario)
+                from recce.websocket import get_current_cloud_user
+
+                cloud_user = get_current_cloud_user()
+                acting_user_id = str(cloud_user.user_id) if cloud_user else None
+
                 # Directly send the patch object to the cloud API
                 cloud_data = cloud_client.update_check(
-                    org_id, project_id, session_id, str(check_id), patch.model_dump(exclude_unset=True)
+                    org_id,
+                    project_id,
+                    session_id,
+                    str(check_id),
+                    patch.model_dump(exclude_unset=True),
+                    acting_user_id=acting_user_id,
                 )
 
                 logger.debug(f"Updated check {check_id} in cloud")

recce/models/websocket.py

@@ -0,0 +1,66 @@
+"""
+WebSocket message types and user context models.
+
+This module defines the data structures for WebSocket messages,
+particularly the cloud_user_context message sent from Recce Cloud
+when proxying connections to shared instances.
+"""
+
+from dataclasses import dataclass, field
+from datetime import datetime
+from typing import Dict, Optional
+
+from pydantic import BaseModel
+
+
+@dataclass
+class CloudUserContext:
+    """
+    User context received from Recce Cloud for shared instance connections.
+
+    This context identifies the authenticated user who is accessing the
+    shared instance through Recce Cloud's proxy.
+    """
+
+    user_id: str
+    user_login: str
+    user_email: Optional[str] = None
+    received_at: datetime = field(default_factory=datetime.utcnow)
+
+    def to_dict(self) -> Dict:
+        """Convert to dictionary for API responses or logging."""
+        return {
+            "user_id": self.user_id,
+            "user_login": self.user_login,
+            "user_email": self.user_email,
+            "received_at": self.received_at.isoformat() if self.received_at else None,
+        }
+
+
+class CloudUserContextMessage(BaseModel):
+    """
+    Pydantic model for parsing cloud_user_context WebSocket messages.
+
+    Example message:
+    {
+        "type": "cloud_user_context",
+        "version": 1,
+        "user_id": "uuid-string",
+        "user_login": "username",
+        "user_email": "user@example.com"
+    }
+    """
+
+    type: str
+    version: int
+    user_id: str
+    user_login: str
+    user_email: Optional[str] = None
+
+    def to_context(self) -> CloudUserContext:
+        """Convert the message to a CloudUserContext instance."""
+        return CloudUserContext(
+            user_id=self.user_id,
+            user_login=self.user_login,
+            user_email=self.user_email,
+        )

recce/server.py

@@ -47,9 +47,15 @@ from .event import get_recce_api_token, log_api_event, log_single_env_event
 from .exceptions import RecceException
 from .github import is_github_codespace
 from .models.types import CllData
+from .models.websocket import CloudUserContextMessage
 from .run import load_preset_checks
 from .state import RecceShareStateManager, RecceStateLoader
 from .util.startup_perf import track_timing
+from .websocket import (
+    extract_cloud_user_from_headers,
+    get_connection_manager,
+    set_current_cloud_user,
+)
 
 logger = logging.getLogger("uvicorn")
 
@@ -316,8 +322,6 @@ def dbt_env_updated_callback():
     asyncio.run(broadcast(payload))
 
 
-clients = set()
-
 origins = [
     "http://localhost:3000",
     "http://localhost:3001",
@@ -358,6 +362,36 @@ async def track_activity_for_idle_timeout(request: Request, call_next):
     return response
 
 
+@app.middleware("http")
+async def extract_cloud_user_context(request: Request, call_next):
+    """
+    Extract cloud user context from HTTP headers sent by Recce Cloud proxy.
+
+    When Recce Cloud proxies HTTP requests to a shared instance, it can include
+    headers identifying the authenticated user. This middleware extracts those
+    headers and sets the user context for the duration of the request.
+
+    Headers:
+        X-Recce-User-Id: The user's UUID
+        X-Recce-User-Login: The user's login/username
+        X-Recce-User-Email: The user's email (optional)
+    """
+    # Extract user context from headers
+    cloud_user = extract_cloud_user_from_headers(dict(request.headers))
+
+    if cloud_user:
+        # Set the context for this request
+        set_current_cloud_user(cloud_user)
+
+    try:
+        response = await call_next(request)
+        return response
+    finally:
+        # Clear the context after the request completes
+        if cloud_user:
+            set_current_cloud_user(None)
+
+
 @app.middleware("http")
 async def set_context_by_cookie(request: Request, call_next):
     response = await call_next(request)
@@ -824,19 +858,102 @@ async def version():
 @app.websocket("/api/ws")
 async def websocket_endpoint(websocket: WebSocket):
     await websocket.accept()
-    clients.add(websocket)
+    manager = get_connection_manager()
+    manager.connect(websocket)
     try:
         while True:
             data = await websocket.receive_text()
-            if data == "ping":
-                await websocket.send_text("pong")
+            await _handle_websocket_message(websocket, data, manager)
     except WebSocketDisconnect:
-        clients.remove(websocket)
+        manager.disconnect(websocket)
+
+
+async def _handle_websocket_message(websocket: WebSocket, data: str, manager) -> None:
+    """
+    Handle incoming WebSocket messages.
+
+    Supports:
+    - Plain text "ping" messages (backward compatibility)
+    - JSON messages with "type" field for routing
+    """
+    # Handle plain text ping for backward compatibility
+    if data == "ping":
+        await websocket.send_text("pong")
+        return
+
+    # Try to parse as JSON
+    try:
+        message = json.loads(data)
+    except json.JSONDecodeError:
+        logger.warning(f"Received non-JSON WebSocket message: {data[:100]}")
+        return
+
+    # Route based on message type
+    message_type = message.get("type")
+
+    if message_type == "cloud_user_context":
+        await _handle_cloud_user_context(websocket, message, manager)
+    elif message_type == "ping":
+        # JSON ping format
+        await websocket.send_text(json.dumps({"type": "pong"}))
+    else:
+        logger.debug(f"Unhandled WebSocket message type: {message_type}")
+
+
+async def _handle_cloud_user_context(websocket: WebSocket, message: dict, manager) -> None:
+    """
+    Handle cloud_user_context message from Recce Cloud.
+
+    This message is sent when Recce Cloud proxies a WebSocket connection
+    to identify the authenticated user.
+    """
+    try:
+        # Validate and parse the message
+        context_message = CloudUserContextMessage(**message)
+
+        # Check version compatibility
+        if context_message.version > 1:
+            logger.warning(
+                f"Received cloud_user_context with unsupported version: "
+                f"{context_message.version}. Some fields may be ignored."
+            )
+
+        # Store the user context
+        user_context = context_message.to_context()
+        manager.set_user_context(websocket, user_context)
+
+        # Send acknowledgment
+        await websocket.send_text(
+            json.dumps(
+                {
+                    "type": "cloud_user_context_ack",
+                    "status": "ok",
+                    "user_login": user_context.user_login,
+                }
+            )
+        )
+
+    except Exception as e:
+        logger.error(f"Failed to process cloud_user_context message: {e}")
+        await websocket.send_text(
+            json.dumps(
+                {
+                    "type": "cloud_user_context_ack",
+                    "status": "error",
+                    "error": str(e),
+                }
+            )
+        )
 
 
 async def broadcast(data: str):
-    for client in clients:
-        await client.send_text(data)
+    """Broadcast a message to all connected WebSocket clients."""
+    manager = get_connection_manager()
+    for client in manager.clients:
+        try:
+            await client.send_text(data)
+        except Exception as e:
+            logger.debug(f"Failed to send to client: {e}")
 
 
 @app.post("/api/connect")

recce/util/cloud/base.py

@@ -49,7 +49,14 @@ class CloudBase:
         self.base_url = f"{RECCE_CLOUD_API_HOST}/api/v1"
         self.base_url_v2 = f"{RECCE_CLOUD_API_HOST}/api/v2"
 
-    def _request(self, method: str, url: str, headers: Optional[Dict] = None, **kwargs):
+    def _request(
+        self,
+        method: str,
+        url: str,
+        headers: Optional[Dict] = None,
+        acting_user_id: Optional[str] = None,
+        **kwargs,
+    ):
         """
         Make an authenticated HTTP request to Recce Cloud API.
 
@@ -57,6 +64,7 @@ class CloudBase:
             method: HTTP method (GET, POST, PATCH, DELETE, etc.)
             url: Full URL for the request
             headers: Optional additional headers
+            acting_user_id: Optional user ID to act on behalf of (for shared instances)
             **kwargs: Additional arguments passed to requests.request
 
         Returns:
@@ -66,6 +74,11 @@ class CloudBase:
             **(headers or {}),
             "Authorization": f"Bearer {self.token}",
         }
+
+        # Include acting user header for shared instance user attribution
+        if acting_user_id:
+            headers["X-Recce-Acting-User-Id"] = acting_user_id
+
         url = self._replace_localhost_with_docker_internal(url)
         return requests.request(method, url, headers=headers, **kwargs)
 

recce/util/cloud/check_events.py

@@ -5,7 +5,7 @@ This module provides methods for managing check events (timeline/conversation) i
 including CRUD operations for comments and retrieving state change events.
 """
 
-from typing import Dict, List
+from typing import Dict, List, Optional
 
 from recce.util.cloud.base import CloudBase
 
@@ -94,7 +94,15 @@ class CheckEventsCloud(CloudBase):
         # Response is wrapped: {"event": {...}}
         return data.get("event", {})
 
-    def create_comment(self, org_id: str, project_id: str, session_id: str, check_id: str, content: str) -> Dict:
+    def create_comment(
+        self,
+        org_id: str,
+        project_id: str,
+        session_id: str,
+        check_id: str,
+        content: str,
+        acting_user_id: Optional[str] = None,
+    ) -> Dict:
         """
         Create a new comment on a check.
 
@@ -104,6 +112,7 @@ class CheckEventsCloud(CloudBase):
             session_id: Session ID
             check_id: Check ID
             content: Comment content (plain text or markdown)
+            acting_user_id: Optional user ID to attribute the comment to (for shared instances)
 
         Returns:
             Created event dictionary
@@ -119,7 +128,7 @@ class CheckEventsCloud(CloudBase):
             >>> print(f"Created comment with ID: {event['id']}")
         """
         api_url = self._build_events_url(org_id, project_id, session_id, check_id)
-        response = self._request("POST", api_url, json={"content": content})
+        response = self._request("POST", api_url, json={"content": content}, acting_user_id=acting_user_id)
 
         self._raise_for_status(
             response,
@@ -131,7 +140,14 @@ class CheckEventsCloud(CloudBase):
         return data.get("event", {})
 
     def update_comment(
-        self, org_id: str, project_id: str, session_id: str, check_id: str, event_id: str, content: str
+        self,
+        org_id: str,
+        project_id: str,
+        session_id: str,
+        check_id: str,
+        event_id: str,
+        content: str,
+        acting_user_id: Optional[str] = None,
     ) -> Dict:
         """
         Update an existing comment.
@@ -145,6 +161,7 @@ class CheckEventsCloud(CloudBase):
             check_id: Check ID
             event_id: Event ID of the comment to update
             content: New comment content
+            acting_user_id: Optional user ID performing the update (for shared instances)
 
         Returns:
             Updated event dictionary
@@ -153,7 +170,7 @@ class CheckEventsCloud(CloudBase):
             RecceCloudException: If the request fails or user is not authorized
         """
         api_url = f"{self._build_events_url(org_id, project_id, session_id, check_id)}/{event_id}"
-        response = self._request("PATCH", api_url, json={"content": content})
+        response = self._request("PATCH", api_url, json={"content": content}, acting_user_id=acting_user_id)
 
         self._raise_for_status(
             response,

recce/util/cloud/checks.py

@@ -5,7 +5,7 @@ This module provides methods for managing checks (validation operations) in Recc
 including CRUD operations for checks within sessions.
 """
 
-from typing import Dict, List
+from typing import Dict, List, Optional
 
 from recce.util.cloud.base import CloudBase
 
@@ -60,6 +60,7 @@ class ChecksCloud(CloudBase):
         project_id: str,
         session_id: str,
         check_data: Dict,
+        acting_user_id: Optional[str] = None,
     ) -> Dict:
         """
         Create a new check in a session.
@@ -69,6 +70,7 @@ class ChecksCloud(CloudBase):
             project_id: Project ID
             session_id: Session ID
             check_data: Check data to create (should include check type, params, etc.)
+            acting_user_id: Optional user ID to act on behalf of (for shared instances)
 
         Returns:
             Created check dictionary
@@ -86,7 +88,7 @@ class ChecksCloud(CloudBase):
             >>> print(f"Created check with ID: {check['id']}")
         """
         api_url = f"{self.base_url_v2}/organizations/{org_id}/projects/{project_id}/sessions/{session_id}/checks"
-        response = self._request("POST", api_url, json=check_data)
+        response = self._request("POST", api_url, json=check_data, acting_user_id=acting_user_id)
 
         self._raise_for_status(
             response,
@@ -142,6 +144,7 @@ class ChecksCloud(CloudBase):
         session_id: str,
         check_id: str,
         check_data: Dict,
+        acting_user_id: Optional[str] = None,
     ) -> Dict:
         """
         Update an existing check.
@@ -152,6 +155,7 @@ class ChecksCloud(CloudBase):
             session_id: Session ID
             check_id: Check ID
             check_data: Updated check data (partial updates supported)
+            acting_user_id: Optional user ID to act on behalf of (for shared instances)
 
         Returns:
             Updated check dictionary
@@ -170,7 +174,7 @@ class ChecksCloud(CloudBase):
         api_url = (
             f"{self.base_url_v2}/organizations/{org_id}/projects/{project_id}/sessions/{session_id}/checks/{check_id}"
         )
-        response = self._request("PATCH", api_url, json=check_data)
+        response = self._request("PATCH", api_url, json=check_data, acting_user_id=acting_user_id)
 
         self._raise_for_status(
             response,

recce/websocket.py

@@ -0,0 +1,166 @@
+"""
+WebSocket connection manager with per-connection user context storage.
+
+This module provides thread-safe storage and retrieval of user context
+for WebSocket connections, particularly for shared instances where
+Recce Cloud proxies authenticated user information.
+"""
+
+import logging
+from contextvars import ContextVar
+from threading import Lock
+from typing import Dict, Optional, Set
+
+from fastapi import WebSocket
+
+from recce.models.websocket import CloudUserContext
+
+logger = logging.getLogger("uvicorn")
+
+
+class WebSocketConnectionManager:
+    """
+    Thread-safe manager for WebSocket connections and their associated user contexts.
+
+    This class maintains:
+    - A set of active WebSocket connections (for broadcasting)
+    - A mapping of connections to user contexts (for attribution)
+    """
+
+    def __init__(self):
+        self._clients: Set[WebSocket] = set()
+        self._user_contexts: Dict[int, CloudUserContext] = {}  # Use id(websocket) as key
+        self._lock = Lock()
+
+    @property
+    def clients(self) -> Set[WebSocket]:
+        """Get a copy of the current client set."""
+        with self._lock:
+            return set(self._clients)
+
+    def connect(self, websocket: WebSocket) -> None:
+        """Register a new WebSocket connection."""
+        with self._lock:
+            self._clients.add(websocket)
+            logger.debug(f"WebSocket connected. Total clients: {len(self._clients)}")
+
+    def disconnect(self, websocket: WebSocket) -> None:
+        """
+        Remove a WebSocket connection and its associated user context.
+
+        This method is safe to call even if the websocket was never registered.
+        """
+        with self._lock:
+            self._clients.discard(websocket)
+            self._user_contexts.pop(id(websocket), None)
+            logger.debug(f"WebSocket disconnected. Total clients: {len(self._clients)}")
+
+    def set_user_context(self, websocket: WebSocket, context: CloudUserContext) -> None:
+        """
+        Associate a user context with a WebSocket connection.
+
+        Args:
+            websocket: The WebSocket connection
+            context: The user context from Recce Cloud
+        """
+        with self._lock:
+            self._user_contexts[id(websocket)] = context
+            logger.info(
+                f"User context set for WebSocket: user_login={context.user_login}, " f"user_id={context.user_id}"
+            )
+
+    def get_user_context(self, websocket: WebSocket) -> Optional[CloudUserContext]:
+        """
+        Get the user context for a WebSocket connection.
+
+        Args:
+            websocket: The WebSocket connection
+
+        Returns:
+            The user context if set, None otherwise
+        """
+        with self._lock:
+            return self._user_contexts.get(id(websocket))
+
+    def has_user_context(self, websocket: WebSocket) -> bool:
+        """Check if a WebSocket has an associated user context."""
+        with self._lock:
+            return id(websocket) in self._user_contexts
+
+
+# Global connection manager instance
+connection_manager = WebSocketConnectionManager()
+
+
+def get_connection_manager() -> WebSocketConnectionManager:
+    """Get the global connection manager instance."""
+    return connection_manager
+
+
+# Context variable to store the current user context during request processing
+_current_user_context: ContextVar[Optional[CloudUserContext]] = ContextVar("current_user_context", default=None)
+
+
+def get_current_cloud_user() -> Optional[CloudUserContext]:
+    """
+    Get the current cloud user context.
+
+    This returns the user context set for the current async context,
+    which is typically set when processing actions from a WebSocket
+    connection with an associated user.
+
+    Returns:
+        The CloudUserContext if available, None otherwise
+    """
+    return _current_user_context.get()
+
+
+def set_current_cloud_user(context: Optional[CloudUserContext]) -> None:
+    """
+    Set the current cloud user context.
+
+    This should be called when processing actions that need user attribution.
+
+    Args:
+        context: The user context or None to clear
+    """
+    _current_user_context.set(context)
+
+
+# HTTP header names for cloud user context
+CLOUD_USER_ID_HEADER = "X-Recce-User-Id"
+CLOUD_USER_LOGIN_HEADER = "X-Recce-User-Login"
+CLOUD_USER_EMAIL_HEADER = "X-Recce-User-Email"
+
+
+def extract_cloud_user_from_headers(headers: dict) -> Optional[CloudUserContext]:
+    """
+    Extract cloud user context from HTTP request headers.
+
+    This is used by middleware to set user context for HTTP requests
+    when Recce Cloud proxies requests with user identification headers.
+
+    Args:
+        headers: Dictionary of HTTP headers (case-insensitive keys)
+
+    Returns:
+        CloudUserContext if required headers are present, None otherwise
+    """
+    # Headers may be case-insensitive, so normalize to lowercase for lookup
+    normalized = {k.lower(): v for k, v in headers.items()}
+
+    user_id = normalized.get(CLOUD_USER_ID_HEADER.lower())
+    user_login = normalized.get(CLOUD_USER_LOGIN_HEADER.lower())
+    user_email = normalized.get(CLOUD_USER_EMAIL_HEADER.lower())
+
+    # Both user_id and user_login are required
+    if not user_id or not user_login:
+        return None
+
+    context = CloudUserContext(
+        user_id=user_id,
+        user_login=user_login,
+        user_email=user_email,
+    )
+    logger.debug(f"Extracted cloud user from headers: user_login={user_login}, user_id={user_id}")
+    return context

{recce-1.34.0.dist-info → recce-1.34.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: recce
-Version: 1.34.0
+Version: 1.34.1
 Summary: Environment diff tool for dbt
 Project-URL: Bug Tracker, https://github.com/InfuseAI/recce/issues
 Project-URL: Homepage, https://github.com/InfuseAI/recce