PR Slash Commands

Airbyte Maintainers (that's you!) can execute the following slash commands on your PR:

• 🛠️ Quick Fixes
  • /format-fix - Fixes most formatting issues.
  • /bump-version - Bumps connector versions, scraping changelog description from the PR title.
    • Bump types: patch (default), minor, major, major_rc, rc, promote.
    • The rc type is a smart default: applies minor_rc if stable, or bumps the RC number if already RC.
    • The promote type strips the RC suffix to finalize a release.
    • Example: /bump-version type=rc or /bump-version type=minor
  • /bump-progressive-rollout-version - Alias for /bump-version type=rc. Bumps with an RC suffix and enables progressive rollout.
• ❇️ AI Testing and Review (internal link: AI-SDLC Docs):
  • /ai-prove-fix - Runs prerelease readiness checks, including testing against customer connections.
  • /ai-canary-prerelease - Rolls out prerelease to 5-10 connections for canary testing.
  • /ai-review - AI-powered PR review for connector safety and quality gates.
• 🚀 Connector Releases:
  • /publish-connectors-prerelease - Publishes pre-release connector builds (tagged as {version}-preview.{git-sha}) for all modified connectors in the PR.
• ☕️ JVM connectors:
  • /update-connector-cdk-version connector=<CONNECTOR_NAME> - Updates the specified connector to the latest CDK version.
    Example: /update-connector-cdk-version connector=destination-bigquery
• 🐍 Python connectors:
  • /poe connector source-example lock - Run the Poe lock task on the source-example connector, committing the results back to the branch.
  • /poe source example lock - Alias for /poe connector source-example lock.
  • /poe source example use-cdk-branch my/branch - Pin the source-example CDK reference to the branch name specified.
  • /poe source example use-cdk-latest - Update the source-example CDK dependency to the latest available version.
• ⚙️ Admin commands:
  • /force-merge reason="<REASON>" - Force merges the PR using admin privileges, bypassing CI checks. Requires a reason.
    Example: /force-merge reason="CI is flaky, tests pass locally"

Helpful Resources

• Breaking Changes Guide - Breaking changes, migration guides, and upgrade deadlines
• Developing Connectors Locally
• Managing Connector Secrets
• On-Demand Regression Tests
• #connector-ci-issues
• #connector-publish-updates
• #connector-build-statuses

📝 Edit this welcome message.

1. This PR appears ready for review and merge.
2. For broader validation before release, consider running /ai-canary-prerelease to test on additional connections.
3. The daily_hands_free_triage automation will monitor the release rollout after merge.
4. Live connection pinning was requested via Slack but is pending human approval — this can be done post-merge if additional validation is desired.

Connector: source-sftp-bulk
PR: #75967
Pre-release Version Tested: 1.9.1-preview.b3844bf
Detailed Results: https://github.com/airbytehq/oncall/issues/11838#issuecomment-4169601037

Proving Criteria

Regression tests pass showing no regressions against existing RSA-key-based connections, AND/OR a live connection test completes successfully after pinning to the pre-release.

Disproving Criteria

• Regression tests fail showing broken functionality
• New errors appear that were not present before
• Same SSH key errors still occur after applying the fix

Cases Attempted

1. Regression Tests (REQUIRED): Workflow Run #23846982244 — PASSED
2. CI Unit Tests: 58 tests, 56 passed, 2 skipped, 0 failed — PASSED
3. Live Connection Test: Qualified internal connection identified, pinning pending Slack approval

• Viability: Fix addresses the reported issue — replaces hardcoded paramiko.RSAKey with auto-detection across RSA, Ed25519, ECDSA, and DSS key types
• Safety: No malicious code, no credential harvesting, no suspicious patterns
• Breaking Change: NOT breaking — no schema/spec/stream/state changes. PATCH version bump (1.9.0 to 1.9.1)
• Reversibility: Safely reversible — no state/config format changes, previous version compatible

Design Intent Note: The original code hardcoded paramiko.RSAKey.from_private_key(). This was likely an oversight — there is no documented reason to restrict to RSA keys only, and paramiko supports multiple key types natively.

2026-04-01 11:42 UTC — Session started, began context gathering
2026-04-01 11:45 UTC — Pre-flight checks completed (all passed)
2026-04-01 11:47 UTC — Pre-release confirmed: 1.9.1-preview.b3844bf
2026-04-01 11:48 UTC — Regression tests triggered (Run #23846982244)
2026-04-01 11:51 UTC — Regression tests completed: PASSED
2026-04-01 11:52 UTC — Evidence plan posted to oncall issue
2026-04-01 11:53 UTC — Escalation for live testing approval sent via Slack
2026-04-01 12:00 UTC — Internal test connection qualified (not pinned, v1.9.0)
2026-04-01 12:04 UTC — Live pinning blocked pending Slack approval; proceeding with report

Note: Connection IDs and detailed logs are recorded in the linked private issue.

Gate 1: PR Hygiene ✅ PASS

• PR Description: Detailed and well-structured (>50 chars after stripping). Includes What/How/Review Guide/User Impact/Revert Safety sections.
• Linked Issue: airbytehq/oncall#11838
• Docs Changelog: docs/integrations/sources/sftp-bulk.md updated with changelog entry for v1.9.1.
• Peer Feedback: Code quality bot flagged unused import io in test file — addressed in commit b3844bf.

Gate 2: Code Hygiene ✅ PASS

• Source code modified: source_sftp_bulk/client.py
• Tests modified: unit_tests/client_test.py — 5 new test functions added.
• Test-to-code ratio is appropriate for the scope of changes.

Gate 3: Test Coverage ✅ PASS

• This is a bug fix (fix/ prefix, linked issue) — behavioral change requires tests.
• New tests cover:
  • test_parse_private_key_auto_detects_key_type — parametrized across RSA, Ed25519, ECDSA, DSS
  • test_parse_private_key_unrecognized_format_raises_config_error
  • test_parse_private_key_catches_value_error
  • test_client_with_private_key_calls_parse
  • test_client_without_private_key_skips_parse

Gate 4: Code Security ✅ PASS

• No auth/credential file patterns in diff.
• Private keys handled as opaque strings passed to paramiko — no key content logged or exposed.
• Error messages do not leak key material.

Gate 5: Per-Record Performance ✅ PASS

• _parse_private_key() is called once during client initialization, not per-record.
• No per-record iteration changes introduced.

Gate 6: Breaking Dependencies ✅ PASS

• No dependency changes in pyproject.toml (only version bump 1.9.0 → 1.9.1).
• No new packages added.

Gate 7: Backwards Compatibility ✅ PASS

• No spec file modifications (no spec.json, spec.yaml, or spec section changes).
• No new required fields, no removed properties.
• RSA key users unaffected — RSAKey is tried first in _KEY_CLASSES list.

Gate 8: Forwards Compatibility ✅ PASS

• No state/cursor/pagination changes.
• No stream discovery or catalog changes.

Gate 9: Behavioral Changes ✅ PASS

• No rate limit/retry/timeout changes.
• Error handling improved: unrecognized key formats now raise AirbyteTracedException with FailureType.config_error instead of raw struct.error.
• Exception catching scope is conservative: only paramiko.SSHException and ValueError.

Gate 10: Out-of-Scope Changes ✅ PASS

• All changes scoped to source-sftp-bulk connector.
• Files modified: client.py, client_test.py, metadata.yaml, pyproject.toml, sftp-bulk.md.
• No cross-connector or platform changes.

Gate 11: CI Checks ✅ PASS

• Core CI: 43 passed, 9 skipped, 0 pending.
• Connector tests: 58 tests, 56 passed, 2 skipped, 0 failed.
• Failed check: pre-release publish validation (docs template sections "For Airbyte Cloud:" / "For Airbyte Open Source:" missing) — excluded per playbook (pre-release checks are not core CI).

Gate 12: Live / E2E Tests ✅ PASS

• Validation required: Yes (bug fix with fix/ prefix).
• Pre-release published: airbyte/source-sftp-bulk:1.9.1-preview.b3844bf (confirmed in prod registry).
• Regression tests: PASSED (Workflow Run #23846982244).
• MCP verification: Pre-release version 1.9.1-preview.b3844bf (version_id: bee6720f-73c4-453d-a25f-64ce047d92f4) confirmed published 2026-04-01. No pinned production syncs found (live pinning pending human approval).
• Prove-fix evidence: Fix Validation Evidence comment confirms regression tests passed with no regressions for existing RSA-key connections.

• In-scope: Yes — connector-only changes.
• Auto-approve eligible: No — PR contains functional code changes (client.py adds _parse_private_key() helper with new key type detection logic). Only docs-only, additive spec, patch/minor deps, or comment/whitespace-only changes are eligible for auto-approval.
• Review action: NO ACTION — All gates pass, but human reviewer sign-off required for functional code changes.