@thotischner/observability-mcp 1.0.0

package/dist/connectors/prometheus.js

@@ -0,0 +1,196 @@
+import { buildTlsAgent } from "./tls.js";
+const DEFAULT_PROMETHEUS_METRICS = [
+    { name: "cpu", query: 'service_cpu_usage_percent{job="{{service}}"}', unit: "percent", description: "CPU usage percentage" },
+    { name: "memory", query: 'service_memory_usage_bytes{job="{{service}}"}', unit: "bytes", description: "Memory usage in bytes" },
+    { name: "error_rate", query: 'rate(http_requests_total{job="{{service}}",status=~"5.."}[1m])', unit: "req/s", description: "HTTP 5xx error rate" },
+    { name: "request_rate", query: 'rate(http_requests_total{job="{{service}}"}[1m])', unit: "req/s", description: "Total HTTP request rate" },
+    { name: "latency_p99", query: 'histogram_quantile(0.99, rate(http_request_duration_seconds_bucket{job="{{service}}"}[1m]))', unit: "seconds", description: "99th percentile latency" },
+    { name: "latency_p50", query: 'histogram_quantile(0.50, rate(http_request_duration_seconds_bucket{job="{{service}}"}[1m]))', unit: "seconds", description: "50th percentile latency" },
+    { name: "latency_avg", query: 'rate(http_request_duration_seconds_sum{job="{{service}}"}[1m]) / rate(http_request_duration_seconds_count{job="{{service}}"}[1m])', unit: "seconds", description: "Average request latency" },
+];
+export class PrometheusConnector {
+    type = "prometheus";
+    signalType = "metrics";
+    name = "";
+    baseUrl = "";
+    auth;
+    tlsAgent;
+    metrics = [];
+    async connect(config) {
+        this.name = config.name;
+        this.baseUrl = config.url.replace(/\/$/, "");
+        this.auth = config.auth;
+        this.tlsAgent = buildTlsAgent(config);
+        // Use source-level metrics if provided, otherwise connector defaults
+        this.metrics = config.metrics && config.metrics.length > 0
+            ? config.metrics
+            : [...DEFAULT_PROMETHEUS_METRICS];
+    }
+    getDefaultMetrics() {
+        return DEFAULT_PROMETHEUS_METRICS;
+    }
+    getMetrics() {
+        return this.metrics;
+    }
+    setMetrics(metrics) {
+        this.metrics = metrics;
+    }
+    async healthCheck() {
+        const start = Date.now();
+        try {
+            const res = await fetch(`${this.baseUrl}/-/ready`, this.fetchOptions());
+            return {
+                status: res.ok ? "up" : "down",
+                latencyMs: Date.now() - start,
+                message: res.ok ? "Prometheus is ready" : `HTTP ${res.status}`,
+            };
+        }
+        catch (err) {
+            return { status: "down", latencyMs: Date.now() - start, message: String(err) };
+        }
+    }
+    async disconnect() { }
+    async listServices() {
+        const data = await this.apiGet("/api/v1/targets");
+        const targets = data?.data?.activeTargets || [];
+        const services = new Map();
+        for (const t of targets) {
+            const name = t.labels?.service || t.labels?.job || t.discoveredLabels?.__address__ || "unknown";
+            if (!services.has(name)) {
+                services.set(name, {
+                    name,
+                    source: this.name,
+                    signalType: "metrics",
+                    labels: t.labels,
+                });
+            }
+        }
+        return Array.from(services.values());
+    }
+    async listAvailableMetrics(_service) {
+        const data = await this.apiGet("/api/v1/metadata");
+        if (!data?.data)
+            return [];
+        const metrics = [];
+        for (const [name, entries] of Object.entries(data.data)) {
+            const entry = entries[0];
+            if (entry) {
+                metrics.push({ name, type: entry.type, help: entry.help, unit: entry.unit || undefined });
+            }
+        }
+        return metrics;
+    }
+    async queryMetrics(params) {
+        const promql = this.buildQuery(params.service, params.metric);
+        const { start, end, step } = this.parseTimeRange(params.duration, params.step);
+        const data = await this.apiGet(`/api/v1/query_range?query=${encodeURIComponent(promql)}&start=${start}&end=${end}&step=${step}`);
+        const values = [];
+        const rawValues = [];
+        const resultData = data?.data?.result?.[0]?.values || [];
+        for (const [ts, val] of resultData) {
+            const numVal = parseFloat(val);
+            if (!isNaN(numVal)) {
+                values.push({ timestamp: new Date(ts * 1000).toISOString(), value: numVal });
+                rawValues.push(numVal);
+            }
+        }
+        return {
+            source: this.name,
+            service: params.service,
+            metric: params.metric,
+            unit: this.getUnit(params.metric),
+            values,
+            summary: this.computeSummary(rawValues),
+        };
+    }
+    // --- Private helpers ---
+    buildQuery(service, metric) {
+        const def = this.metrics.find((m) => m.name === metric);
+        if (def) {
+            return def.query.replace(/\{\{service\}\}/g, service);
+        }
+        return `${metric}{job="${service}"}`;
+    }
+    getUnit(metric) {
+        const def = this.metrics.find((m) => m.name === metric);
+        if (def)
+            return def.unit;
+        return "";
+    }
+    parseTimeRange(duration, step) {
+        const now = Math.floor(Date.now() / 1000);
+        const match = duration.match(/^(\d+)([mhd])$/);
+        if (!match)
+            throw new Error(`Invalid duration: ${duration}`);
+        const value = parseInt(match[1]);
+        const unit = match[2];
+        const seconds = unit === "m" ? value * 60 : unit === "h" ? value * 3600 : value * 86400;
+        const autoStep = Math.max(Math.floor(seconds / 100), 5);
+        return { start: now - seconds, end: now, step: step || `${autoStep}s` };
+    }
+    computeSummary(values) {
+        if (values.length === 0) {
+            return { current: 0, average: 0, min: 0, max: 0, trend: "stable" };
+        }
+        const current = values[values.length - 1];
+        const average = values.reduce((a, b) => a + b, 0) / values.length;
+        const min = Math.min(...values);
+        const max = Math.max(...values);
+        return { current, average, min, max, trend: this.computeTrend(values) };
+    }
+    computeTrend(values) {
+        if (values.length < 4)
+            return "stable";
+        const mid = Math.floor(values.length / 2);
+        const avgFirst = values.slice(0, mid).reduce((a, b) => a + b, 0) / mid;
+        const avgSecond = values.slice(mid).reduce((a, b) => a + b, 0) / (values.length - mid);
+        const changePercent = ((avgSecond - avgFirst) / (avgFirst || 1)) * 100;
+        if (changePercent > 10)
+            return "rising";
+        if (changePercent < -10)
+            return "falling";
+        return "stable";
+    }
+    buildAuthHeaders() {
+        if (!this.auth || this.auth.type === "none")
+            return {};
+        if (this.auth.type === "bearer" && this.auth.token) {
+            return { Authorization: `Bearer ${this.auth.token}` };
+        }
+        if (this.auth.type === "basic" && this.auth.username) {
+            const encoded = Buffer.from(`${this.auth.username}:${this.auth.password || ""}`).toString("base64");
+            return { Authorization: `Basic ${encoded}` };
+        }
+        return {};
+    }
+    fetchOptions() {
+        const opts = { headers: this.buildAuthHeaders() };
+        if (this.tlsAgent) {
+            // @ts-expect-error Node.js extension for native fetch
+            opts.dispatcher = this.tlsAgent;
+        }
+        return opts;
+    }
+    async apiGet(path, timeoutMs = 10000) {
+        const controller = new AbortController();
+        const timer = setTimeout(() => controller.abort(), timeoutMs);
+        try {
+            const res = await fetch(`${this.baseUrl}${path}`, {
+                ...this.fetchOptions(),
+                signal: controller.signal,
+            });
+            if (!res.ok)
+                throw new Error(`Prometheus API error: ${res.status} ${res.statusText}`);
+            return res.json();
+        }
+        catch (err) {
+            if (err instanceof DOMException && err.name === "AbortError") {
+                throw new Error(`Prometheus query timed out after ${timeoutMs}ms`);
+            }
+            throw err;
+        }
+        finally {
+            clearTimeout(timer);
+        }
+    }
+}

package/dist/connectors/prometheus.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/connectors/prometheus.test.js

@@ -0,0 +1,103 @@
+import { describe, it } from "node:test";
+import assert from "node:assert/strict";
+import { PrometheusConnector } from "./prometheus.js";
+// Access private methods via prototype for testing pure logic
+const proto = PrometheusConnector.prototype;
+describe("PrometheusConnector", () => {
+    describe("parseTimeRange", () => {
+        it("parses minutes", () => {
+            const { start, end, step } = proto.parseTimeRange("5m");
+            assert.ok(end - start >= 299 && end - start <= 301); // ~300s
+            assert.equal(step, "5s"); // max(floor(300/100), 5) = 5
+        });
+        it("parses hours", () => {
+            const { start, end, step } = proto.parseTimeRange("1h");
+            assert.ok(end - start >= 3599 && end - start <= 3601); // ~3600s
+            assert.equal(step, "36s"); // floor(3600/100) = 36
+        });
+        it("parses days", () => {
+            const { start, end, step } = proto.parseTimeRange("7d");
+            assert.ok(end - start >= 604799 && end - start <= 604801);
+            assert.equal(step, "6048s"); // floor(604800/100)
+        });
+        it("uses custom step when provided", () => {
+            const { step } = proto.parseTimeRange("1h", "15s");
+            assert.equal(step, "15s");
+        });
+        it("throws on invalid duration", () => {
+            assert.throws(() => proto.parseTimeRange("invalid"));
+            assert.throws(() => proto.parseTimeRange("5s"));
+            assert.throws(() => proto.parseTimeRange(""));
+        });
+    });
+    describe("computeTrend", () => {
+        it("returns stable for fewer than 4 values", () => {
+            assert.equal(proto.computeTrend([1, 2, 3]), "stable");
+            assert.equal(proto.computeTrend([1]), "stable");
+            assert.equal(proto.computeTrend([]), "stable");
+        });
+        it("detects rising trend", () => {
+            assert.equal(proto.computeTrend([1, 1, 10, 10]), "rising");
+            assert.equal(proto.computeTrend([1, 2, 5, 8, 10, 15]), "rising");
+        });
+        it("detects falling trend", () => {
+            assert.equal(proto.computeTrend([10, 10, 1, 1]), "falling");
+            assert.equal(proto.computeTrend([20, 18, 5, 3, 2, 1]), "falling");
+        });
+        it("returns stable for flat data", () => {
+            assert.equal(proto.computeTrend([5, 5, 5, 5]), "stable");
+            assert.equal(proto.computeTrend([10, 10.5, 10, 10.5]), "stable");
+        });
+        it("returns stable for small changes within 10%", () => {
+            assert.equal(proto.computeTrend([100, 100, 105, 105]), "stable");
+        });
+    });
+    describe("computeSummary", () => {
+        it("returns zeros for empty array", () => {
+            const s = proto.computeSummary([]);
+            assert.equal(s.current, 0);
+            assert.equal(s.average, 0);
+            assert.equal(s.min, 0);
+            assert.equal(s.max, 0);
+            assert.equal(s.trend, "stable");
+        });
+        it("computes correct summary for values", () => {
+            const s = proto.computeSummary([10, 20, 30, 40]);
+            assert.equal(s.current, 40);
+            assert.equal(s.average, 25);
+            assert.equal(s.min, 10);
+            assert.equal(s.max, 40);
+        });
+        it("handles single value", () => {
+            const s = proto.computeSummary([42]);
+            assert.equal(s.current, 42);
+            assert.equal(s.average, 42);
+            assert.equal(s.min, 42);
+            assert.equal(s.max, 42);
+        });
+    });
+    describe("buildQuery", () => {
+        it("replaces {{service}} placeholder in known metrics", async () => {
+            const connector = new PrometheusConnector();
+            await connector.connect({ name: "test", type: "prometheus", url: "http://localhost:9090", enabled: true });
+            const query = proto.buildQuery.call(connector, "payment-service", "cpu");
+            assert.ok(query.includes("payment-service"));
+            assert.ok(!query.includes("{{service}}"));
+        });
+        it("falls back to generic query for unknown metrics", async () => {
+            const connector = new PrometheusConnector();
+            await connector.connect({ name: "test", type: "prometheus", url: "http://localhost:9090", enabled: true });
+            const query = proto.buildQuery.call(connector, "my-svc", "unknown_metric");
+            assert.equal(query, 'unknown_metric{job="my-svc"}');
+        });
+        it("uses custom metrics from source config", async () => {
+            const connector = new PrometheusConnector();
+            await connector.connect({
+                name: "test", type: "prometheus", url: "http://localhost:9090", enabled: true,
+                metrics: [{ name: "custom", query: 'my_custom_metric{svc="{{service}}"}', unit: "ops", description: "Custom" }],
+            });
+            const query = proto.buildQuery.call(connector, "api", "custom");
+            assert.equal(query, 'my_custom_metric{svc="api"}');
+        });
+    });
+});

package/dist/connectors/registry.d.ts

@@ -0,0 +1,18 @@
+import type { ObservabilityConnector } from "./interface.js";
+import type { Config, ConnectorHealth, SignalType, SourceConfig } from "../types.js";
+export declare function getSupportedTypes(): string[];
+export declare class ConnectorRegistry {
+    private connectors;
+    private sourceConfigs;
+    initialize(config: Config): Promise<void>;
+    private connectSource;
+    addSource(source: SourceConfig): Promise<void>;
+    removeSource(name: string): Promise<void>;
+    updateSource(name: string, source: SourceConfig): Promise<void>;
+    testConnection(source: SourceConfig): Promise<ConnectorHealth>;
+    getSourceConfigs(): SourceConfig[];
+    getAll(): ObservabilityConnector[];
+    getByName(name: string): ObservabilityConnector | undefined;
+    getBySignal(signal: SignalType): ObservabilityConnector[];
+    healthCheckAll(): Promise<Record<string, ConnectorHealth>>;
+}

package/dist/connectors/registry.js

@@ -0,0 +1,90 @@
+import { PrometheusConnector } from "./prometheus.js";
+import { LokiConnector } from "./loki.js";
+const connectorFactories = {
+    prometheus: () => new PrometheusConnector(),
+    loki: () => new LokiConnector(),
+};
+export function getSupportedTypes() {
+    return Object.keys(connectorFactories);
+}
+export class ConnectorRegistry {
+    connectors = new Map();
+    sourceConfigs = new Map();
+    async initialize(config) {
+        for (const source of config.sources) {
+            this.sourceConfigs.set(source.name, source);
+            if (!source.enabled)
+                continue;
+            await this.connectSource(source);
+        }
+    }
+    async connectSource(source) {
+        const factory = connectorFactories[source.type];
+        if (!factory) {
+            console.warn(`Unknown connector type: ${source.type}, skipping ${source.name}`);
+            return;
+        }
+        const connector = factory();
+        try {
+            await connector.connect(source);
+            this.connectors.set(source.name, connector);
+            console.log(`Connector "${source.name}" (${source.type}) connected`);
+        }
+        catch (err) {
+            console.error(`Failed to connect "${source.name}":`, err);
+        }
+    }
+    async addSource(source) {
+        this.sourceConfigs.set(source.name, source);
+        if (source.enabled) {
+            await this.connectSource(source);
+        }
+    }
+    async removeSource(name) {
+        const connector = this.connectors.get(name);
+        if (connector) {
+            await connector.disconnect();
+            this.connectors.delete(name);
+        }
+        this.sourceConfigs.delete(name);
+    }
+    async updateSource(name, source) {
+        await this.removeSource(name);
+        await this.addSource(source);
+    }
+    async testConnection(source) {
+        const factory = connectorFactories[source.type];
+        if (!factory) {
+            return { status: "down", latencyMs: 0, message: `Unknown type: ${source.type}` };
+        }
+        const connector = factory();
+        try {
+            await connector.connect(source);
+            const health = await connector.healthCheck();
+            await connector.disconnect();
+            return health;
+        }
+        catch (err) {
+            return { status: "down", latencyMs: 0, message: String(err) };
+        }
+    }
+    getSourceConfigs() {
+        return Array.from(this.sourceConfigs.values());
+    }
+    getAll() {
+        return Array.from(this.connectors.values());
+    }
+    getByName(name) {
+        return this.connectors.get(name);
+    }
+    getBySignal(signal) {
+        return this.getAll().filter((c) => c.signalType === signal);
+    }
+    async healthCheckAll() {
+        const results = {};
+        for (const [name, connector] of this.connectors) {
+            results[name] = await connector.healthCheck();
+        }
+        return results;
+    }
+}

package/dist/connectors/registry.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/connectors/registry.test.js

@@ -0,0 +1,93 @@
+import { describe, it } from "node:test";
+import assert from "node:assert/strict";
+import { getSupportedTypes, ConnectorRegistry } from "./registry.js";
+import { DEFAULT_SETTINGS, DEFAULT_HEALTH_THRESHOLDS } from "../config/loader.js";
+function makeConfig(sources = []) {
+    return { sources, settings: DEFAULT_SETTINGS, healthThresholds: DEFAULT_HEALTH_THRESHOLDS };
+}
+describe("getSupportedTypes", () => {
+    it("returns prometheus and loki", () => {
+        const types = getSupportedTypes();
+        assert.ok(types.includes("prometheus"));
+        assert.ok(types.includes("loki"));
+        assert.equal(types.length, 2);
+    });
+});
+describe("ConnectorRegistry", () => {
+    describe("initialize", () => {
+        it("stores source configs even when disabled", async () => {
+            const reg = new ConnectorRegistry();
+            await reg.initialize(makeConfig([
+                { name: "prom1", type: "prometheus", url: "http://invalid:9090", enabled: false },
+            ]));
+            const configs = reg.getSourceConfigs();
+            assert.equal(configs.length, 1);
+            assert.equal(configs[0].name, "prom1");
+            // Not connected since disabled
+            assert.equal(reg.getAll().length, 0);
+        });
+        it("skips unknown connector types gracefully", async () => {
+            const reg = new ConnectorRegistry();
+            await reg.initialize(makeConfig([
+                { name: "unknown1", type: "influxdb", url: "http://localhost:8086", enabled: true },
+            ]));
+            assert.equal(reg.getSourceConfigs().length, 1);
+            assert.equal(reg.getAll().length, 0); // not connected
+        });
+        it("handles empty sources", async () => {
+            const reg = new ConnectorRegistry();
+            await reg.initialize(makeConfig([]));
+            assert.equal(reg.getSourceConfigs().length, 0);
+            assert.equal(reg.getAll().length, 0);
+        });
+    });
+    describe("getByName", () => {
+        it("returns undefined for non-existent source", () => {
+            const reg = new ConnectorRegistry();
+            assert.equal(reg.getByName("nonexistent"), undefined);
+        });
+    });
+    describe("getBySignal", () => {
+        it("returns empty array when no connectors", () => {
+            const reg = new ConnectorRegistry();
+            assert.deepEqual(reg.getBySignal("metrics"), []);
+            assert.deepEqual(reg.getBySignal("logs"), []);
+        });
+    });
+    describe("addSource and removeSource", () => {
+        it("adds disabled source without connecting", async () => {
+            const reg = new ConnectorRegistry();
+            await reg.addSource({ name: "prom-disabled", type: "prometheus", url: "http://invalid:9090", enabled: false });
+            assert.equal(reg.getSourceConfigs().length, 1);
+            assert.equal(reg.getAll().length, 0);
+        });
+        it("removes source config and connector", async () => {
+            const reg = new ConnectorRegistry();
+            await reg.addSource({ name: "test-src", type: "prometheus", url: "http://invalid:9090", enabled: false });
+            assert.equal(reg.getSourceConfigs().length, 1);
+            await reg.removeSource("test-src");
+            assert.equal(reg.getSourceConfigs().length, 0);
+        });
+        it("removeSource is safe for non-existent name", async () => {
+            const reg = new ConnectorRegistry();
+            await reg.removeSource("does-not-exist"); // should not throw
+        });
+    });
+    describe("testConnection", () => {
+        it("returns error for unknown connector type", async () => {
+            const reg = new ConnectorRegistry();
+            const result = await reg.testConnection({
+                name: "test", type: "unknown_type", url: "http://localhost", enabled: true,
+            });
+            assert.equal(result.status, "down");
+            assert.ok(result.message?.includes("Unknown type"));
+        });
+    });
+    describe("healthCheckAll", () => {
+        it("returns empty object when no connectors", async () => {
+            const reg = new ConnectorRegistry();
+            const results = await reg.healthCheckAll();
+            assert.deepEqual(results, {});
+        });
+    });
+});

package/dist/connectors/tls.d.ts

@@ -0,0 +1,7 @@
+import { Agent } from "node:https";
+import type { SourceConfig } from "../types.js";
+/**
+ * Build an https.Agent from a SourceConfig's TLS settings.
+ * Returns undefined if no custom TLS config is needed (plain HTTP or default HTTPS).
+ */
+export declare function buildTlsAgent(config: SourceConfig): Agent | undefined;

package/dist/connectors/tls.js

@@ -0,0 +1,25 @@
+import { Agent } from "node:https";
+import { readFileSync } from "node:fs";
+/**
+ * Build an https.Agent from a SourceConfig's TLS settings.
+ * Returns undefined if no custom TLS config is needed (plain HTTP or default HTTPS).
+ */
+export function buildTlsAgent(config) {
+    const tls = config.tls;
+    const skipVerify = tls?.skipVerify || config.tlsSkipVerify;
+    // No TLS customization needed
+    if (!skipVerify && !tls?.caCert && !tls?.clientCert)
+        return undefined;
+    const opts = {};
+    if (skipVerify) {
+        opts.rejectUnauthorized = false;
+    }
+    if (tls?.caCert) {
+        opts.ca = readFileSync(tls.caCert);
+    }
+    if (tls?.clientCert && tls?.clientKey) {
+        opts.cert = readFileSync(tls.clientCert);
+        opts.key = readFileSync(tls.clientKey);
+    }
+    return new Agent(opts);
+}

package/dist/connectors/tls.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/connectors/tls.test.js

@@ -0,0 +1,99 @@
+import { describe, it, before, after } from "node:test";
+import assert from "node:assert/strict";
+import { Agent } from "node:https";
+import { writeFileSync, mkdirSync, rmSync } from "node:fs";
+import { join } from "node:path";
+import { tmpdir } from "node:os";
+import { buildTlsAgent } from "./tls.js";
+const TMP_DIR = join(tmpdir(), "tls-test-" + Date.now());
+function makeConfig(overrides = {}) {
+    return { name: "test", type: "prometheus", url: "https://localhost:9090", enabled: true, ...overrides };
+}
+describe("buildTlsAgent", () => {
+    it("returns undefined when no TLS config is set", () => {
+        const agent = buildTlsAgent(makeConfig());
+        assert.equal(agent, undefined);
+    });
+    it("returns undefined for plain HTTP URLs without TLS config", () => {
+        const agent = buildTlsAgent(makeConfig({ url: "http://localhost:9090" }));
+        assert.equal(agent, undefined);
+    });
+    it("returns Agent with rejectUnauthorized=false when skipVerify is true", () => {
+        const agent = buildTlsAgent(makeConfig({ tls: { skipVerify: true } }));
+        assert.ok(agent instanceof Agent);
+        assert.equal(agent.options.rejectUnauthorized, false);
+    });
+    it("supports legacy tlsSkipVerify field", () => {
+        const agent = buildTlsAgent(makeConfig({ tlsSkipVerify: true }));
+        assert.ok(agent instanceof Agent);
+        assert.equal(agent.options.rejectUnauthorized, false);
+    });
+    it("prefers tls.skipVerify over legacy tlsSkipVerify", () => {
+        const agent = buildTlsAgent(makeConfig({
+            tlsSkipVerify: false,
+            tls: { skipVerify: true },
+        }));
+        assert.ok(agent instanceof Agent);
+        assert.equal(agent.options.rejectUnauthorized, false);
+    });
+    describe("with certificate files", () => {
+        before(() => {
+            mkdirSync(TMP_DIR, { recursive: true });
+            writeFileSync(join(TMP_DIR, "ca.pem"), "-----BEGIN CERTIFICATE-----\nfake-ca\n-----END CERTIFICATE-----\n");
+            writeFileSync(join(TMP_DIR, "client.pem"), "-----BEGIN CERTIFICATE-----\nfake-client\n-----END CERTIFICATE-----\n");
+            writeFileSync(join(TMP_DIR, "client-key.pem"), "-----BEGIN PRIVATE KEY-----\nfake-key\n-----END PRIVATE KEY-----\n");
+        });
+        after(() => {
+            rmSync(TMP_DIR, { recursive: true, force: true });
+        });
+        it("loads custom CA certificate", () => {
+            const agent = buildTlsAgent(makeConfig({
+                tls: { caCert: join(TMP_DIR, "ca.pem") },
+            }));
+            assert.ok(agent instanceof Agent);
+            assert.ok(agent.options.ca);
+        });
+        it("loads client cert and key for mTLS", () => {
+            const agent = buildTlsAgent(makeConfig({
+                tls: {
+                    clientCert: join(TMP_DIR, "client.pem"),
+                    clientKey: join(TMP_DIR, "client-key.pem"),
+                },
+            }));
+            assert.ok(agent instanceof Agent);
+            assert.ok(agent.options.cert);
+            assert.ok(agent.options.key);
+        });
+        it("combines CA + mTLS + skipVerify", () => {
+            const agent = buildTlsAgent(makeConfig({
+                tls: {
+                    skipVerify: true,
+                    caCert: join(TMP_DIR, "ca.pem"),
+                    clientCert: join(TMP_DIR, "client.pem"),
+                    clientKey: join(TMP_DIR, "client-key.pem"),
+                },
+            }));
+            assert.ok(agent instanceof Agent);
+            assert.equal(agent.options.rejectUnauthorized, false);
+            assert.ok(agent.options.ca);
+            assert.ok(agent.options.cert);
+            assert.ok(agent.options.key);
+        });
+        it("ignores clientCert without clientKey (no cert/key set on agent)", () => {
+            const agent = buildTlsAgent(makeConfig({
+                tls: { clientCert: join(TMP_DIR, "client.pem") },
+            }));
+            // Agent is created (clientCert triggers it) but cert/key are not set without both
+            assert.ok(agent instanceof Agent);
+            assert.equal(agent.options.cert, undefined);
+            assert.equal(agent.options.key, undefined);
+        });
+    });
+    it("throws when CA cert file does not exist", () => {
+        assert.throws(() => {
+            buildTlsAgent(makeConfig({
+                tls: { caCert: "/nonexistent/ca.pem" },
+            }));
+        });
+    });
+});

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};