fix(toolbox-core)!: Throw PermissionError on unauthenticated tool invocation (#233)

* chore: Add unit test cases

* chore: Delint

* feat: Warn on insecure tool invocation with authentication

This change introduces a warning that is displayed immediately before a tool invocation if:
1. The invocation includes an authentication header.
2. The connection is being made over non-secure HTTP.

> [!IMPORTANT]
The purpose of this warning is to alert the user to the security risk of sending credentials over an unencrypted channel and to encourage the use of HTTPS.

* fix!: Warn about https only during tool initialization

* fix!: Make unauth call error message as PermissionError

* chore: Fix tests

Author: anubhav756

packages/toolbox-core/src/toolbox_core/tool.py

@@ -239,7 +239,7 @@ async def __call__(self, *args: Any, **kwargs: Any) -> str:
             for s in self.__required_authn_params.values():
                 req_auth_services.update(s)
             req_auth_services.update(self.__required_authz_tokens)
-            raise ValueError(
+            raise PermissionError(
                 f"One or more of the following authn services are required to invoke this tool"
                 f": {','.join(req_auth_services)}"
             )

packages/toolbox-core/tests/test_e2e.py

@@ -147,7 +147,7 @@ async def test_run_tool_no_auth(self, toolbox: ToolboxClient):
         """Tests running a tool requiring auth without providing auth."""
         tool = await toolbox.load_tool("get-row-by-id-auth")
         with pytest.raises(
-            Exception,
+            PermissionError,
             match="One or more of the following authn services are required to invoke this tool: my-test-auth",
         ):
             await tool(id="2")
@@ -188,7 +188,7 @@ async def test_run_tool_param_auth_no_auth(self, toolbox: ToolboxClient):
         """Tests running a tool with a param requiring auth, without auth."""
         tool = await toolbox.load_tool("get-row-by-email-auth")
         with pytest.raises(
-            ValueError,
+            PermissionError,
             match="One or more of the following authn services are required to invoke this tool: my-test-auth",
         ):
             await tool()

packages/toolbox-core/tests/test_sync_client.py

@@ -541,7 +541,7 @@ def test_auth_with_load_tool_fail_no_token(
 
         tool = sync_client.load_tool(tool_name_auth)
         with pytest.raises(
-            ValueError,
+            PermissionError,
             match="One or more of the following authn services are required to invoke this tool: my-auth-service",
         ):
             tool(argA=15, argB=True)

packages/toolbox-core/tests/test_sync_e2e.py

@@ -129,7 +129,7 @@ def test_run_tool_no_auth(self, toolbox: ToolboxSyncClient):
         """Tests running a tool requiring auth without providing auth."""
         tool = toolbox.load_tool("get-row-by-id-auth")
         with pytest.raises(
-            Exception,
+            PermissionError,
             match="One or more of the following authn services are required to invoke this tool: my-test-auth",
         ):
             tool(id="2")
@@ -156,7 +156,7 @@ def test_run_tool_param_auth_no_auth(self, toolbox: ToolboxSyncClient):
         """Tests running a tool with a param requiring auth, without auth."""
         tool = toolbox.load_tool("get-row-by-email-auth")
         with pytest.raises(
-            ValueError,
+            PermissionError,
             match="One or more of the following authn services are required to invoke this tool: my-test-auth",
         ):
             tool()