@prodisco/k8s-mcp 0.1.4 → 0.1.5

package/README.md

@@ -1,10 +1,10 @@
 # ProDisco (Progressive Disclosure Kubernetes MCP Server)
 
-ProDisco gives AI agents **Kubernetes access + Prometheus metrics analysis** through a single unified search tool. It follows Anthropic's [Progressive Disclosure](https://www.anthropic.com/engineering/code-execution-with-mcp) pattern: the MCP server exposes search tools which surface TypeScript modules, agents discover them to write code, and only the final console output returns to the agent.
+ProDisco gives AI agents **Kubernetes access + Prometheus metrics analysis** through two unified tools. It follows Anthropic's [Progressive Disclosure](https://www.anthropic.com/engineering/code-execution-with-mcp) pattern: the MCP server exposes search tools which surface API methods, agents discover them to write code, execute it in a sandbox, and only the final console output returns to the agent.
 
-**One tool, two domains:**
-- **Kubernetes Operations** - Discover API methods from `@kubernetes/client-node` to manage pods, deployments, services, and more
-- **Prometheus Metrics** - Discover methods from `prometheus-query` for PromQL queries and metrics analysis
+**Two tools:**
+- **kubernetes.searchTools** - Discover API methods, type definitions, cached scripts, and Prometheus methods
+- **kubernetes.runSandbox** - Execute TypeScript code in a sandboxed VM environment
 
 ## Why Progressive Disclosure Matters
 
@@ -58,6 +58,8 @@ claude mcp remove ProDisco
 | `K8S_CONTEXT` | No | Kubernetes context (defaults to current context) |
 | `PROMETHEUS_URL` | No | Prometheus server URL for metrics queries |
 
+> **Important:** These environment variables must be set where the MCP server runs. The `runSandbox` tool executes code within the MCP server process, which needs access to your kubeconfig and/or Prometheus endpoint.
+
 > **Tip:** If you're using a kind cluster for local testing, you can port-forward to Prometheus:
 > ```bash
 > kubectl port-forward -n monitoring svc/prometheus-server 9090:80
@@ -77,17 +79,63 @@ claude mcp add --transport stdio prodisco -- node dist/server.js
 claude mcp remove prodisco # remove when you're done
 ```
 
-### Scripts cache convention
+### Startup Options
 
-**Script Location:** `~/.prodisco/scripts/cache/`
+| Flag | Description |
+|------|-------------|
+| `--clear-cache` | Clear the scripts cache before starting |
 
-ProDisco automatically creates a `~/.prodisco/scripts/cache/` directory in your home directory for storing helper scripts. This ensures scripts work from any directory and persist across sessions.
+Example:
+```bash
+node dist/server.js --clear-cache
+```
 
 ---
 
 ## Available Tools
 
-ProDisco exposes a single unified tool with four modes:
+ProDisco exposes two tools:
+
+### kubernetes.runSandbox
+
+Execute TypeScript code in a sandboxed VM environment for Kubernetes and Prometheus operations.
+
+**Input:**
+```typescript
+{
+  // Provide one of:
+  code?: string;     // TypeScript code to execute directly
+  cached?: string;   // Name of a cached script to run (from searchTools results)
+
+  timeout?: number;  // Execution timeout in ms (default: 30000, max: 120000)
+}
+```
+
+**Sandbox Environment:**
+- `k8s` - Full `@kubernetes/client-node` library
+- `kc` - Pre-configured KubeConfig instance
+- `console` - Captured output (log, error, warn, info)
+- `require()` - Whitelisted modules: `@kubernetes/client-node`, `prometheus-query`
+- `process.env` - Environment variables (PROMETHEUS_URL, etc.)
+
+**Examples:**
+```typescript
+// Execute code directly
+{
+  code: `
+    const api = kc.makeApiClient(k8s.CoreV1Api);
+    const pods = await api.listNamespacedPod({ namespace: 'default' });
+    console.log(\`Found \${pods.items.length} pods\`);
+  `
+}
+
+// Run a cached script by name
+{ cached: "script-2025-01-01T12-00-00-abc123.ts" }
+```
+
+### kubernetes.searchTools
+
+A unified search interface with four modes:
 
 | Mode | Purpose | Example |
 |------|---------|---------|
@@ -98,10 +146,6 @@ ProDisco exposes a single unified tool with four modes:
 
 For comprehensive documentation including architecture details and example workflows, see [docs/search-tools.md](docs/search-tools.md).
 
-### kubernetes.searchTools
-
-A unified search interface for Kubernetes operations and metrics analysis.
-
 **Input:**
 ```typescript
 {

package/dist/server.js

@@ -3,15 +3,16 @@ import { createRequire } from 'node:module';
 import * as path from 'node:path';
 import { fileURLToPath } from 'node:url';
 import * as fs from 'node:fs';
-import * as os from 'node:os';
 import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import { logger } from './util/logger.js';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
 const require = createRequire(import.meta.url);
 const pkg = require('../package.json');
 import { searchToolsTool, warmupSearchIndex, shutdownSearchIndex } from './tools/kubernetes/searchTools.js';
+import { runSandboxTool } from './tools/kubernetes/runSandbox.js';
 import { PUBLIC_GENERATED_ROOT_PATH_WITH_SLASH, listGeneratedFiles, readGeneratedFile, } from './resources/filesystem.js';
 import { probeClusterConnectivity } from './kube/client.js';
+import { SCRIPTS_CACHE_DIR } from './util/paths.js';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 const GENERATED_DIR = path.resolve(__dirname, 'tools/kubernetes');
@@ -19,10 +20,10 @@ const server = new McpServer({
     name: 'kubernetes-mcp',
     version: typeof pkg.version === 'string' ? pkg.version : '0.0.0',
 }, {
-    instructions: 'Kubernetes operations via Progressive Disclosure. Use the kubernetes.searchTools tool to discover available operations. ' +
-        'The tool returns available Kubernetes API methods and a "paths.scriptsDirectory" for writing scripts. ' +
-        'Write scripts to scriptsDirectory and use bare imports: import * as k8s from \'@kubernetes/client-node\'. ' +
-        'The scriptsDirectory has a node_modules symlink that handles package resolution automatically.',
+    instructions: 'Kubernetes and Prometheus operations via Progressive Disclosure. ' +
+        'Use kubernetes.searchTools to discover available APIs. ' +
+        'Use kubernetes.runSandbox to execute TypeScript scripts directly. ' +
+        'The sandbox provides: k8s, kc (pre-configured KubeConfig), console, and require("prometheus-query").',
 });
 // Expose generated TypeScript files as MCP resources using ResourceTemplate
 import { ResourceTemplate } from '@modelcontextprotocol/sdk/server/mcp.js';
@@ -157,7 +158,44 @@ server.registerTool(searchToolsTool.name, {
         };
     }
 });
+// Register kubernetes.runSandbox tool for executing scripts in a sandboxed environment
+server.registerTool(runSandboxTool.name, {
+    title: 'Kubernetes Run Sandbox',
+    description: runSandboxTool.description,
+    inputSchema: runSandboxTool.schema,
+}, async (args) => {
+    const parsedArgs = await runSandboxTool.schema.parseAsync(args);
+    const result = await runSandboxTool.execute(parsedArgs);
+    // Build the output message
+    const cachedInfo = result.cachedScript ? ` [cached: ${result.cachedScript}]` : '';
+    const successMsg = `Execution successful${cachedInfo} (${result.executionTime}ms)\n\nOutput:\n${result.output}`;
+    const failMsg = `Execution failed${cachedInfo} (${result.executionTime}ms)\n\nError: ${result.error}\n\nOutput:\n${result.output}`;
+    return {
+        content: [
+            {
+                type: 'text',
+                text: result.success ? successMsg : failMsg,
+            },
+        ],
+        structuredContent: result,
+    };
+});
 async function main() {
+    // Parse command line arguments
+    const args = process.argv.slice(2);
+    const clearCache = args.includes('--clear-cache');
+    // Handle --clear-cache flag
+    if (clearCache) {
+        logger.info('Clearing scripts cache...');
+        try {
+            await fs.promises.rm(SCRIPTS_CACHE_DIR, { recursive: true, force: true });
+            logger.info('Scripts cache cleared');
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            logger.warn(`Failed to clear cache: ${message}`);
+        }
+    }
     // Probe cluster connectivity before starting the server
     // This ensures we fail fast if the cluster is not reachable
     logger.info('Probing Kubernetes cluster connectivity...');
@@ -170,10 +208,9 @@ async function main() {
         logger.error(`Failed to connect to Kubernetes cluster: ${message}`);
         throw new Error(`Kubernetes cluster is not accessible: ${message}`);
     }
-    // Ensure ~/.prodisco/scripts/cache/ directory exists (using async API for consistency)
-    const scriptsDir = path.join(os.homedir(), '.prodisco', 'scripts', 'cache');
-    await fs.promises.mkdir(scriptsDir, { recursive: true });
-    logger.info(`Scripts directory: ${scriptsDir}`);
+    // Ensure scripts cache directory exists (server-controlled location)
+    await fs.promises.mkdir(SCRIPTS_CACHE_DIR, { recursive: true });
+    logger.info(`Scripts cache directory: ${SCRIPTS_CACHE_DIR}`);
     // Pre-warm the Orama search index to avoid delay on first search
     await warmupSearchIndex();
     const transport = new StdioServerTransport();

package/dist/server.js.map

@@ -1 +1 @@
-{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AAEjF,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAyB,CAAC;AAC/D,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AAC5G,OAAO,EACL,qCAAqC,EACrC,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,wBAAwB,EAAE,MAAM,kBAAkB,CAAC;AAE5D,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;AAC3C,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;AAElE,MAAM,MAAM,GAAG,IAAI,SAAS,CAC1B;IACE,IAAI,EAAE,gBAAgB;IACtB,OAAO,EAAE,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO;CACjE,EACD;IACE,YAAY,EACV,0HAA0H;QAC1H,wGAAwG;QACxG,4GAA4G;QAC5G,gGAAgG;CACnG,CACF,CAAC;AAEF,4EAA4E;AAC5E,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAE3E,MAAM,gBAAgB,GAAG,IAAI,gBAAgB,CAC3C,UAAU,qCAAqC,QAAQ,EACvD;IACE,IAAI,EAAE,KAAK,IAAI,EAAE;QACf,MAAM,KAAK,GAAG,MAAM,kBAAkB,CAAC,aAAa,CAAC,CAAC;QACtD,OAAO;YACL,SAAS,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC3B,GAAG,EAAE,CAAC,CAAC,GAAG;gBACV,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,WAAW,EAAE,CAAC,CAAC,WAAW;gBAC1B,QAAQ,EAAE,CAAC,CAAC,QAAQ;aACrB,CAAC,CAAC;SACJ,CAAC;IACJ,CAAC;CACF,CACF,CAAC;AAEF,MAAM,CAAC,gBAAgB,CACrB,4BAA4B,EAC5B,gBAAgB,EAChB;IACE,WAAW,EAAE,wDAAwD;CACtE,EACD,KAAK,EAAE,GAAG,EAAE,EAAE;IACZ,2CAA2C;IAC3C,MAAM,aAAa,GAAG,kBAAkB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACvD,MAAM,cAAc,GAAG,qCAAqC,CAAC;IAE7D,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,YAAY,aAAa,eAAe,cAAc,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,MAAM,iBAAiB,GAAG,aAAa,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IACrE,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC3C,CAAC;IAED,MAAM,YAAY,GAAG,iBAAiB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjE,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IAErE,OAAO;QACL,QAAQ,EAAE;YACR;gBACE,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE;gBACnB,QAAQ,EAAE,iBAAiB;gBAC3B,IAAI,EAAE,OAAO;aACd;SACF;KACF,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,MAAM,CAAC,IAAI,CAAC,WAAW,aAAa,mBAAmB,CAAC,CAAC;AAEzD,6DAA6D;AAC7D,8FAA8F;AAC9F,MAAM,CAAC,YAAY,CACjB,eAAe,CAAC,IAAI,EACpB;IACE,KAAK,EAAE,yBAAyB;IAChC,WAAW,EAAE,eAAe,CAAC,WAAW;IACxC,WAAW,EAAE,eAAe,CAAC,MAAM;CACpC,EACD,KAAK,EAAE,IAA6B,EAAE,EAAE;IACtC,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACjE,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAEzD,gCAAgC;IAChC,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QAC5B,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,MAAM,CAAC,OAAO;iBACrB;gBACD;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;iBAC5C;aACF;YACD,iBAAiB,EAAE,MAAM;SAC1B,CAAC;IACJ,CAAC;SAAM,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QACrC,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,MAAM,CAAC,OAAO;iBACrB;gBACD;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;iBAC9C;aACF;YACD,iBAAiB,EAAE,MAAM;SAC1B,CAAC;IACJ,CAAC;SAAM,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QACxC,iFAAiF;QACjF,IAAI,UAAU,IAAI,MAAM,IAAI,MAAM,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC1D,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,MAAM,CAAC,OAAO;qBACrB;oBACD;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;qBAC9C;iBACF;gBACD,iBAAiB,EAAE,MAAM;aAC1B,CAAC;QACJ,CAAC;QACD,uGAAuG;QACvG,MAAM,aAAa,GAAG,MAAoG,CAAC;QAC3H,MAAM,OAAO,GAAG,SAAS,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACpD,GAAG,aAAa,CAAC,KAAK,KAAK,aAAa,CAAC,OAAO,cAAc,aAAa,CAAC,OAAO,EAAE,CAAC;QACxF,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,OAAO;iBACd;gBACD;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;iBACrD;aACF;YACD,iBAAiB,EAAE,MAAM;SAC1B,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,qBAAqB;QACrB,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,MAAM,CAAC,OAAO;iBACrB;gBACD;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;iBAC5C;aACF;YACD,iBAAiB,EAAE,MAAM;SAC1B,CAAC;IACJ,CAAC;AACH,CAAC,CACF,CAAC;AAEF,KAAK,UAAU,IAAI;IACjB,wDAAwD;IACxD,4DAA4D;IAC5D,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;IAC1D,IAAI,CAAC;QACH,MAAM,wBAAwB,EAAE,CAAC;QACjC,MAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;IACjD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,CAAC,KAAK,CAAC,4CAA4C,OAAO,EAAE,CAAC,CAAC;QACpE,MAAM,IAAI,KAAK,CAAC,yCAAyC,OAAO,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,uFAAuF;IACvF,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IAC5E,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzD,MAAM,CAAC,IAAI,CAAC,sBAAsB,UAAU,EAAE,CAAC,CAAC;IAEhD,iEAAiE;IACjE,MAAM,iBAAiB,EAAE,CAAC;IAE1B,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;AACtD,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,QAAQ,CAAC,MAAc;IACpC,MAAM,CAAC,IAAI,CAAC,YAAY,MAAM,+BAA+B,CAAC,CAAC;IAC/D,IAAI,CAAC;QACH,MAAM,mBAAmB,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QACjC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;QAC7C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,6BAA6B;AAC7B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;AACjD,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;AAE/C,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,MAAM,CAAC,KAAK,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAC;IACvD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AAEjF,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAyB,CAAC;AAC/D,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AAC5G,OAAO,EAAE,cAAc,EAAE,MAAM,kCAAkC,CAAC;AAClE,OAAO,EACL,qCAAqC,EACrC,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,wBAAwB,EAAE,MAAM,kBAAkB,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAEpD,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;AAC3C,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;AAElE,MAAM,MAAM,GAAG,IAAI,SAAS,CAC1B;IACE,IAAI,EAAE,gBAAgB;IACtB,OAAO,EAAE,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO;CACjE,EACD;IACE,YAAY,EACV,mEAAmE;QACnE,yDAAyD;QACzD,oEAAoE;QACpE,sGAAsG;CACzG,CACF,CAAC;AAEF,4EAA4E;AAC5E,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAE3E,MAAM,gBAAgB,GAAG,IAAI,gBAAgB,CAC3C,UAAU,qCAAqC,QAAQ,EACvD;IACE,IAAI,EAAE,KAAK,IAAI,EAAE;QACf,MAAM,KAAK,GAAG,MAAM,kBAAkB,CAAC,aAAa,CAAC,CAAC;QACtD,OAAO;YACL,SAAS,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC3B,GAAG,EAAE,CAAC,CAAC,GAAG;gBACV,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,WAAW,EAAE,CAAC,CAAC,WAAW;gBAC1B,QAAQ,EAAE,CAAC,CAAC,QAAQ;aACrB,CAAC,CAAC;SACJ,CAAC;IACJ,CAAC;CACF,CACF,CAAC;AAEF,MAAM,CAAC,gBAAgB,CACrB,4BAA4B,EAC5B,gBAAgB,EAChB;IACE,WAAW,EAAE,wDAAwD;CACtE,EACD,KAAK,EAAE,GAAG,EAAE,EAAE;IACZ,2CAA2C;IAC3C,MAAM,aAAa,GAAG,kBAAkB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACvD,MAAM,cAAc,GAAG,qCAAqC,CAAC;IAE7D,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,YAAY,aAAa,eAAe,cAAc,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,MAAM,iBAAiB,GAAG,aAAa,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IACrE,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC3C,CAAC;IAED,MAAM,YAAY,GAAG,iBAAiB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjE,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IAErE,OAAO;QACL,QAAQ,EAAE;YACR;gBACE,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE;gBACnB,QAAQ,EAAE,iBAAiB;gBAC3B,IAAI,EAAE,OAAO;aACd;SACF;KACF,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,MAAM,CAAC,IAAI,CAAC,WAAW,aAAa,mBAAmB,CAAC,CAAC;AAEzD,6DAA6D;AAC7D,8FAA8F;AAC9F,MAAM,CAAC,YAAY,CACjB,eAAe,CAAC,IAAI,EACpB;IACE,KAAK,EAAE,yBAAyB;IAChC,WAAW,EAAE,eAAe,CAAC,WAAW;IACxC,WAAW,EAAE,eAAe,CAAC,MAAM;CACpC,EACD,KAAK,EAAE,IAA6B,EAAE,EAAE;IACtC,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACjE,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAEzD,gCAAgC;IAChC,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QAC5B,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,MAAM,CAAC,OAAO;iBACrB;gBACD;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;iBAC5C;aACF;YACD,iBAAiB,EAAE,MAAM;SAC1B,CAAC;IACJ,CAAC;SAAM,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QACrC,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,MAAM,CAAC,OAAO;iBACrB;gBACD;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;iBAC9C;aACF;YACD,iBAAiB,EAAE,MAAM;SAC1B,CAAC;IACJ,CAAC;SAAM,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QACxC,iFAAiF;QACjF,IAAI,UAAU,IAAI,MAAM,IAAI,MAAM,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC1D,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,MAAM,CAAC,OAAO;qBACrB;oBACD;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;qBAC9C;iBACF;gBACD,iBAAiB,EAAE,MAAM;aAC1B,CAAC;QACJ,CAAC;QACD,uGAAuG;QACvG,MAAM,aAAa,GAAG,MAAoG,CAAC;QAC3H,MAAM,OAAO,GAAG,SAAS,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACpD,GAAG,aAAa,CAAC,KAAK,KAAK,aAAa,CAAC,OAAO,cAAc,aAAa,CAAC,OAAO,EAAE,CAAC;QACxF,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,OAAO;iBACd;gBACD;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;iBACrD;aACF;YACD,iBAAiB,EAAE,MAAM;SAC1B,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,qBAAqB;QACrB,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,MAAM,CAAC,OAAO;iBACrB;gBACD;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;iBAC5C;aACF;YACD,iBAAiB,EAAE,MAAM;SAC1B,CAAC;IACJ,CAAC;AACH,CAAC,CACF,CAAC;AAEF,uFAAuF;AACvF,MAAM,CAAC,YAAY,CACjB,cAAc,CAAC,IAAI,EACnB;IACE,KAAK,EAAE,wBAAwB;IAC/B,WAAW,EAAE,cAAc,CAAC,WAAW;IACvC,WAAW,EAAE,cAAc,CAAC,MAAM;CACnC,EACD,KAAK,EAAE,IAA6B,EAAE,EAAE;IACtC,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IAChE,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAExD,2BAA2B;IAC3B,MAAM,UAAU,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,aAAa,MAAM,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAClF,MAAM,UAAU,GAAG,uBAAuB,UAAU,KAAK,MAAM,CAAC,aAAa,mBAAmB,MAAM,CAAC,MAAM,EAAE,CAAC;IAChH,MAAM,OAAO,GAAG,mBAAmB,UAAU,KAAK,MAAM,CAAC,aAAa,iBAAiB,MAAM,CAAC,KAAK,gBAAgB,MAAM,CAAC,MAAM,EAAE,CAAC;IAEnI,OAAO;QACL,OAAO,EAAE;YACP;gBACE,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO;aAC5C;SACF;QACD,iBAAiB,EAAE,MAAM;KAC1B,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,KAAK,UAAU,IAAI;IACjB,+BAA+B;IAC/B,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACnC,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IAElD,4BAA4B;IAC5B,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QACzC,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,iBAAiB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;YAC1E,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACvC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,MAAM,CAAC,IAAI,CAAC,0BAA0B,OAAO,EAAE,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,wDAAwD;IACxD,4DAA4D;IAC5D,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;IAC1D,IAAI,CAAC;QACH,MAAM,wBAAwB,EAAE,CAAC;QACjC,MAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;IACjD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,CAAC,KAAK,CAAC,4CAA4C,OAAO,EAAE,CAAC,CAAC;QACpE,MAAM,IAAI,KAAK,CAAC,yCAAyC,OAAO,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,qEAAqE;IACrE,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,iBAAiB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAChE,MAAM,CAAC,IAAI,CAAC,4BAA4B,iBAAiB,EAAE,CAAC,CAAC;IAE7D,iEAAiE;IACjE,MAAM,iBAAiB,EAAE,CAAC;IAE1B,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;AACtD,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,QAAQ,CAAC,MAAc;IACpC,MAAM,CAAC,IAAI,CAAC,YAAY,MAAM,+BAA+B,CAAC,CAAC;IAC/D,IAAI,CAAC;QACH,MAAM,mBAAmB,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QACjC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;QAC7C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,6BAA6B;AAC7B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;AACjD,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;AAE/C,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,MAAM,CAAC,KAAK,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAC;IACvD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/tools/kubernetes/metadata.d.ts

@@ -1,10 +1,12 @@
 /**
  * Kubernetes tool metadata
  *
- * Exports searchTools which provides both API method discovery (mode: 'methods')
- * and TypeScript type definitions (mode: 'types').
+ * Exports:
+ * - searchTools: API method discovery (mode: 'methods'), type definitions (mode: 'types'),
+ *   script search (mode: 'scripts'), and Prometheus methods (mode: 'prometheus')
+ * - runSandbox: Execute TypeScript scripts in a sandboxed environment
  */
-export declare const kubernetesToolMetadata: {
+export declare const kubernetesToolMetadata: ({
     tool: import("../types.js").ToolDefinition<{
         mode: "methods";
         summary: string;
@@ -53,7 +55,6 @@ export declare const kubernetesToolMetadata: {
         cachedScripts: string[];
         relevantScripts: {
             filename: string;
-            filePath: string;
             description: string;
             apiClasses: string[];
         }[];
@@ -82,7 +83,6 @@ export declare const kubernetesToolMetadata: {
         summary: string;
         scripts: {
             filename: string;
-            filePath: string;
             description: string;
             apiClasses: string[];
         }[];
@@ -217,7 +217,7 @@ export declare const kubernetesToolMetadata: {
         scope: "namespaced" | "cluster" | "all";
         category: "all" | "query" | "metadata" | "alerts" | "metrics";
         types?: string[] | undefined;
-        mode?: "methods" | "types" | "scripts" | "prometheus" | undefined;
+        mode?: "scripts" | "methods" | "types" | "prometheus" | undefined;
         resourceType?: string | undefined;
         action?: string | undefined;
         exclude?: {
@@ -231,7 +231,7 @@ export declare const kubernetesToolMetadata: {
         offset?: number | undefined;
     }, {
         types?: string[] | undefined;
-        mode?: "methods" | "types" | "scripts" | "prometheus" | undefined;
+        mode?: "scripts" | "methods" | "types" | "prometheus" | undefined;
         resourceType?: string | undefined;
         action?: string | undefined;
         scope?: "namespaced" | "cluster" | "all" | undefined;
@@ -247,5 +247,35 @@ export declare const kubernetesToolMetadata: {
         offset?: number | undefined;
     }>>;
     sourceModulePath: string;
-}[];
+} | {
+    tool: import("../types.js").ToolDefinition<{
+        success: boolean;
+        output: string;
+        returnValue?: unknown;
+        error?: string;
+        executionTime: number;
+        cachedScript?: string;
+    }, import("zod").ZodEffects<import("zod").ZodObject<{
+        code: import("zod").ZodOptional<import("zod").ZodString>;
+        cached: import("zod").ZodOptional<import("zod").ZodString>;
+        timeout: import("zod").ZodOptional<import("zod").ZodDefault<import("zod").ZodNumber>>;
+    }, "strip", import("zod").ZodTypeAny, {
+        code?: string | undefined;
+        cached?: string | undefined;
+        timeout?: number | undefined;
+    }, {
+        code?: string | undefined;
+        cached?: string | undefined;
+        timeout?: number | undefined;
+    }>, {
+        code?: string | undefined;
+        cached?: string | undefined;
+        timeout?: number | undefined;
+    }, {
+        code?: string | undefined;
+        cached?: string | undefined;
+        timeout?: number | undefined;
+    }>>;
+    sourceModulePath: string;
+})[];
 //# sourceMappingURL=metadata.d.ts.map

package/dist/tools/kubernetes/metadata.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"metadata.d.ts","sourceRoot":"","sources":["../../../src/tools/kubernetes/metadata.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;2BAM06H,CAAC;;;;;;;;;+BAAmP,CAAC;4BAAkB,CAAC;;;;;;;;;;;;;;qBAAuR,CAAC;sBAAoB,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2BAAswD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2BAAD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GADxwM,CAAC"}
+{"version":3,"file":"metadata.d.ts","sourceRoot":"","sources":["../../../src/tools/kubernetes/metadata.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;2BAU0qH,CAAC;;;;;;;;;+BAAmP,CAAC;4BAAkB,CAAC;;;;;;;;;;;;;;qBAAuR,CAAC;sBAAoB,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2BAAgzD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2BAAD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IADljM,CAAC"}

package/dist/tools/kubernetes/metadata.js

@@ -1,14 +1,21 @@
 /**
  * Kubernetes tool metadata
  *
- * Exports searchTools which provides both API method discovery (mode: 'methods')
- * and TypeScript type definitions (mode: 'types').
+ * Exports:
+ * - searchTools: API method discovery (mode: 'methods'), type definitions (mode: 'types'),
+ *   script search (mode: 'scripts'), and Prometheus methods (mode: 'prometheus')
+ * - runSandbox: Execute TypeScript scripts in a sandboxed environment
  */
 import { searchToolsTool } from './searchTools.js';
+import { runSandboxTool } from './runSandbox.js';
 export const kubernetesToolMetadata = [
     {
         tool: searchToolsTool,
         sourceModulePath: './searchTools.ts',
     },
+    {
+        tool: runSandboxTool,
+        sourceModulePath: './runSandbox.ts',
+    },
 ];
 //# sourceMappingURL=metadata.js.map

package/dist/tools/kubernetes/metadata.js.map

@@ -1 +1 @@
-{"version":3,"file":"metadata.js","sourceRoot":"","sources":["../../../src/tools/kubernetes/metadata.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAEnD,MAAM,CAAC,MAAM,sBAAsB,GAAG;IACpC;QACE,IAAI,EAAE,eAAe;QACrB,gBAAgB,EAAE,kBAAkB;KACrC;CACF,CAAC"}
+{"version":3,"file":"metadata.js","sourceRoot":"","sources":["../../../src/tools/kubernetes/metadata.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAEjD,MAAM,CAAC,MAAM,sBAAsB,GAAG;IACpC;QACE,IAAI,EAAE,eAAe;QACrB,gBAAgB,EAAE,kBAAkB;KACrC;IACD;QACE,IAAI,EAAE,cAAc;QACpB,gBAAgB,EAAE,iBAAiB;KACpC;CACF,CAAC"}

package/dist/tools/kubernetes/runSandbox.d.ts

@@ -0,0 +1,34 @@
+import { z } from 'zod';
+import type { ToolDefinition } from '../types.js';
+declare const RunSandboxInputSchema: z.ZodEffects<z.ZodObject<{
+    code: z.ZodOptional<z.ZodString>;
+    cached: z.ZodOptional<z.ZodString>;
+    timeout: z.ZodOptional<z.ZodDefault<z.ZodNumber>>;
+}, "strip", z.ZodTypeAny, {
+    code?: string | undefined;
+    cached?: string | undefined;
+    timeout?: number | undefined;
+}, {
+    code?: string | undefined;
+    cached?: string | undefined;
+    timeout?: number | undefined;
+}>, {
+    code?: string | undefined;
+    cached?: string | undefined;
+    timeout?: number | undefined;
+}, {
+    code?: string | undefined;
+    cached?: string | undefined;
+    timeout?: number | undefined;
+}>;
+type RunSandboxResult = {
+    success: boolean;
+    output: string;
+    returnValue?: unknown;
+    error?: string;
+    executionTime: number;
+    cachedScript?: string;
+};
+export declare const runSandboxTool: ToolDefinition<RunSandboxResult, typeof RunSandboxInputSchema>;
+export {};
+//# sourceMappingURL=runSandbox.d.ts.map

package/dist/tools/kubernetes/runSandbox.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"runSandbox.d.ts","sourceRoot":"","sources":["../../../src/tools/kubernetes/runSandbox.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAQxB,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAmFlD,QAAA,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;EAU1B,CAAC;AAEF,KAAK,gBAAgB,GAAG;IACtB,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AA4CF,eAAO,MAAM,cAAc,EAAE,cAAc,CAAC,gBAAgB,EAAE,OAAO,qBAAqB,CA8JzF,CAAC"}

package/dist/tools/kubernetes/runSandbox.js

@@ -0,0 +1,264 @@
+import { z } from 'zod';
+import vm from 'node:vm';
+import { createHash } from 'node:crypto';
+import { mkdirSync, writeFileSync, existsSync, readdirSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { transform } from 'esbuild';
+import * as k8s from '@kubernetes/client-node';
+import * as prometheusQuery from 'prometheus-query';
+import { SCRIPTS_CACHE_DIR } from '../../util/paths.js';
+import { searchToolsService } from './searchTools.js';
+// ============================================================================
+// Simple Mutex for Concurrent Script Caching
+// ============================================================================
+/**
+ * Simple async mutex to prevent race conditions during script caching.
+ * Ensures only one cacheAndIndex operation runs at a time.
+ */
+class CacheMutex {
+    locked = false;
+    queue = [];
+    async acquire() {
+        if (!this.locked) {
+            this.locked = true;
+            return;
+        }
+        return new Promise((resolve) => {
+            this.queue.push(resolve);
+        });
+    }
+    release() {
+        const next = this.queue.shift();
+        if (next) {
+            next();
+        }
+        else {
+            this.locked = false;
+        }
+    }
+}
+const cacheMutex = new CacheMutex();
+/**
+ * Cache a successfully executed script to disk and index it.
+ * Uses a mutex to handle concurrent requests safely.
+ * Uses a hash of the code to create a unique filename, avoiding duplicates.
+ */
+async function cacheAndIndexScript(code) {
+    await cacheMutex.acquire();
+    try {
+        // Ensure cache directory exists
+        if (!existsSync(SCRIPTS_CACHE_DIR)) {
+            mkdirSync(SCRIPTS_CACHE_DIR, { recursive: true });
+        }
+        // Create a hash-based filename to deduplicate by content
+        const hash = createHash('sha256').update(code).digest('hex').slice(0, 12);
+        // Check if any script with this hash already exists (regardless of timestamp)
+        const existingFiles = readdirSync(SCRIPTS_CACHE_DIR);
+        const existingScript = existingFiles.find(f => f.includes(hash) && f.endsWith('.ts'));
+        if (existingScript) {
+            // Script with same content already cached, nothing to do
+            return;
+        }
+        // Create new script file with timestamp and hash
+        const timestamp = new Date().toISOString().replace(/[:.]/g, '-').slice(0, 19);
+        const filename = `script-${timestamp}-${hash}.ts`;
+        const filepath = join(SCRIPTS_CACHE_DIR, filename);
+        // Add a header comment with execution timestamp
+        const header = `// Executed via runSandbox at ${new Date().toISOString()}\n`;
+        writeFileSync(filepath, header + code, 'utf-8');
+        // Index immediately so it's searchable
+        await searchToolsService.indexScriptImmediately(filepath);
+    }
+    catch {
+        // Silently ignore caching errors - don't fail the execution
+    }
+    finally {
+        cacheMutex.release();
+    }
+}
+const RunSandboxInputSchema = z.object({
+    code: z.string().optional()
+        .describe('TypeScript code to execute (required if "cached" is not provided)'),
+    cached: z.string().optional()
+        .describe('Name of a cached script to execute (from searchTools results). Can be filename or partial match.'),
+    timeout: z.number().int().positive().max(120000).default(30000).optional()
+        .describe('Execution timeout in milliseconds (default: 30000, max: 120000)'),
+}).refine((data) => data.code !== undefined || data.cached !== undefined, { message: 'Either "code" or "cached" must be provided' });
+/**
+ * Find a cached script by name (exact or partial match).
+ * Returns the full path and filename if found, or null if not found.
+ */
+function findCachedScript(scriptName) {
+    if (!existsSync(SCRIPTS_CACHE_DIR)) {
+        return null;
+    }
+    const files = readdirSync(SCRIPTS_CACHE_DIR).filter(f => f.endsWith('.ts'));
+    // Try exact match first (with or without .ts extension)
+    const exactName = scriptName.endsWith('.ts') ? scriptName : `${scriptName}.ts`;
+    if (files.includes(exactName)) {
+        return { path: join(SCRIPTS_CACHE_DIR, exactName), filename: exactName };
+    }
+    // Try partial match (script name contains the search term)
+    const partialMatch = files.find(f => f.toLowerCase().includes(scriptName.toLowerCase()));
+    if (partialMatch) {
+        return { path: join(SCRIPTS_CACHE_DIR, partialMatch), filename: partialMatch };
+    }
+    return null;
+}
+/**
+ * Read and return the code from a cached script file.
+ * Strips the auto-generated header comment if present.
+ */
+function readCachedScript(filePath) {
+    const content = readFileSync(filePath, 'utf-8');
+    // Strip the auto-generated header comment (first line if it starts with "// Executed via runSandbox")
+    const lines = content.split('\n');
+    if (lines[0]?.startsWith('// Executed via runSandbox')) {
+        return lines.slice(1).join('\n').trim();
+    }
+    return content;
+}
+export const runSandboxTool = {
+    name: 'kubernetes.runSandbox',
+    description: 'Execute TypeScript code in a sandboxed environment for Kubernetes and Prometheus operations. ' +
+        'TWO MODES: ' +
+        '(1) code: Provide TypeScript code directly. Start with a descriptive comment for indexing. ' +
+        '(2) cached: Run a previously cached script by name (from searchTools results). ' +
+        'The sandbox provides: k8s, kc (pre-configured KubeConfig), console, process.env, require("prometheus-query"). ' +
+        'Use searchTools first to discover APIs and find cached scripts.',
+    schema: RunSandboxInputSchema,
+    async execute(input) {
+        const { code: inputCode, cached, timeout = 30000 } = input;
+        const startTime = Date.now();
+        const outputLines = [];
+        // Resolve the code to execute
+        let code;
+        let cachedScriptName;
+        if (cached) {
+            // Find and load the cached script
+            const found = findCachedScript(cached);
+            if (!found) {
+                return {
+                    success: false,
+                    output: '',
+                    error: `Cached script "${cached}" not found. Use searchTools with mode: "scripts" to list available scripts.`,
+                    executionTime: Date.now() - startTime,
+                };
+            }
+            code = readCachedScript(found.path);
+            cachedScriptName = found.filename;
+        }
+        else if (inputCode) {
+            code = inputCode;
+        }
+        else {
+            return {
+                success: false,
+                output: '',
+                error: 'Either "code" or "cached" must be provided',
+                executionTime: Date.now() - startTime,
+            };
+        }
+        try {
+            // 1. Wrap code in async IIFE BEFORE transforming so esbuild sees await inside a function
+            const wrappedTs = `(async () => {\n${code}\n})()`;
+            // 2. Transform TypeScript to JavaScript
+            const { code: jsCode } = await transform(wrappedTs, {
+                loader: 'ts',
+                format: 'cjs', // CommonJS for vm compatibility
+                target: 'es2022',
+            });
+            // 3. Create sandbox context with full capabilities
+            const kc = new k8s.KubeConfig();
+            kc.loadFromDefault();
+            const sandbox = {
+                console: {
+                    log: (...args) => outputLines.push(args.map(String).join(' ')),
+                    error: (...args) => outputLines.push('[ERROR] ' + args.map(String).join(' ')),
+                    warn: (...args) => outputLines.push('[WARN] ' + args.map(String).join(' ')),
+                    info: (...args) => outputLines.push('[INFO] ' + args.map(String).join(' ')),
+                },
+                // Kubernetes (pre-configured for convenience)
+                k8s, // Full @kubernetes/client-node library
+                kc, // Pre-configured KubeConfig
+                // Module loading (for all libraries including prometheus-query)
+                require: (mod) => {
+                    if (mod === '@kubernetes/client-node')
+                        return k8s;
+                    if (mod === 'prometheus-query')
+                        return prometheusQuery;
+                    throw new Error(`Module '${mod}' not available in sandbox`);
+                },
+                // Environment & globals
+                process: { env: process.env }, // Environment access (PROMETHEUS_URL, etc.)
+                setTimeout,
+                setInterval,
+                clearTimeout,
+                clearInterval,
+                Promise,
+                JSON,
+                Buffer,
+                Date,
+                Math,
+                Array,
+                Object,
+                String,
+                Number,
+                Boolean,
+                Error,
+            };
+            // 4. Create a promise that will be resolved when the async code completes
+            let resolveResult;
+            let rejectResult;
+            const resultPromise = new Promise((resolve, reject) => {
+                resolveResult = resolve;
+                rejectResult = reject;
+            });
+            // Add the resolver to sandbox context
+            sandbox.__resolve__ = resolveResult;
+            sandbox.__reject__ = rejectResult;
+            const context = vm.createContext(sandbox);
+            // 5. Wrap the transformed code to capture completion/errors
+            // esbuild adds a trailing semicolon, so we need to remove it before adding .then()
+            const trimmedJsCode = jsCode.trim().replace(/;$/, '');
+            const finalCode = `
+        ${trimmedJsCode}
+        .then(() => __resolve__(undefined))
+        .catch((e) => __reject__(e));
+      `;
+            // 6. Execute in sandbox
+            const script = new vm.Script(finalCode, {
+                filename: 'sandbox-script.js',
+            });
+            // Start execution (returns immediately, async work continues)
+            script.runInContext(context);
+            // Wait for the async code to complete with timeout
+            const timeoutPromise = new Promise((_, reject) => {
+                setTimeout(() => reject(new Error('Script execution timed out')), timeout);
+            });
+            await Promise.race([resultPromise, timeoutPromise]);
+            // Cache successful scripts for searchability and index immediately
+            // Skip caching if we're running a cached script (it's already cached)
+            if (!cachedScriptName) {
+                await cacheAndIndexScript(code);
+            }
+            return {
+                success: true,
+                output: outputLines.join('\n'),
+                returnValue: undefined,
+                executionTime: Date.now() - startTime,
+                cachedScript: cachedScriptName,
+            };
+        }
+        catch (error) {
+            return {
+                success: false,
+                output: outputLines.join('\n'),
+                error: error instanceof Error ? error.message : String(error),
+                executionTime: Date.now() - startTime,
+                cachedScript: cachedScriptName,
+            };
+        }
+    },
+};
+//# sourceMappingURL=runSandbox.js.map