fix: Fix issue causing masking of empty loop or thread check while loading tool/toolset (#227)

* chore: Add unit test cases

* chore: Delint

* feat: Warn on insecure tool invocation with authentication

This change introduces a warning that is displayed immediately before a tool invocation if:
1. The invocation includes an authentication header.
2. The connection is being made over non-secure HTTP.

> [!IMPORTANT]
The purpose of this warning is to alert the user to the security risk of sending credentials over an unencrypted channel and to encourage the use of HTTPS.

* fix!: Warn about https only during tool initialization

* fix: Fix issue causing masking of emtpy loop or thread check while loading tool/toolset

* chore: Remove unused condition in client test mocks

Author: anubhav756

packages/toolbox-core/src/toolbox_core/sync_client.py

@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+
 import asyncio
 from threading import Thread
 from typing import Any, Callable, Coroutine, Mapping, Optional, TypeVar, Union
@@ -59,7 +60,7 @@ async def create_client():
 
         # Ignoring type since we're already checking the existence of a loop above.
         self.__async_client = asyncio.run_coroutine_threadsafe(
-            create_client(), self.__class__.__loop  # type: ignore
+            create_client(), self.__class__.__loop
         ).result()
 
     def close(self):
@@ -101,11 +102,10 @@ def load_tool(
         """
         coro = self.__async_client.load_tool(name, auth_token_getters, bound_params)
 
-        # We have already created a new loop in the init method in case it does not already exist
-        async_tool = asyncio.run_coroutine_threadsafe(coro, self.__loop).result()  # type: ignore
-
         if not self.__loop or not self.__thread:
             raise ValueError("Background loop or thread cannot be None.")
+
+        async_tool = asyncio.run_coroutine_threadsafe(coro, self.__loop).result()
         return ToolboxSyncTool(async_tool, self.__loop, self.__thread)
 
     def load_toolset(
@@ -130,11 +130,10 @@ def load_toolset(
         """
         coro = self.__async_client.load_toolset(name, auth_token_getters, bound_params)
 
-        # We have already created a new loop in the init method in case it does not already exist
-        async_tools = asyncio.run_coroutine_threadsafe(coro, self.__loop).result()  # type: ignore
-
         if not self.__loop or not self.__thread:
             raise ValueError("Background loop or thread cannot be None.")
+
+        async_tools = asyncio.run_coroutine_threadsafe(coro, self.__loop).result()  # type: ignore
         return [
             ToolboxSyncTool(async_tool, self.__loop, self.__thread)
             for async_tool in async_tools

packages/toolbox-core/tests/test_client.py

@@ -301,10 +301,8 @@ async def client(self, aioresponses, test_tool_auth, tool_name, expected_header)
 
         # mock tool INVOKE call
         def require_headers(url, **kwargs):
-            if kwargs["headers"].get("my-auth-service_token") == expected_header:
-                return CallbackResult(status=200, body="{}")
-            else:
-                return CallbackResult(status=400, body="{}")
+            assert kwargs["headers"].get("my-auth-service_token") == expected_header
+            return CallbackResult(status=200, body="{}")
 
         aioresponses.post(
             f"{TEST_BASE_URL}/api/tool/{tool_name}/invoke",