@thotischner/observability-mcp 1.0.0

package/dist/tools/validation.js

@@ -0,0 +1,45 @@
+const DURATION_RE = /^\d+[mhd]$/;
+const SAFE_LABEL_RE = /^[a-zA-Z0-9_\-.:]+$/;
+export function validateDuration(duration) {
+    if (!DURATION_RE.test(duration)) {
+        return `Invalid duration "${duration}". Expected format: <number><unit> where unit is m (minutes), h (hours), or d (days). Examples: 5m, 1h, 24h, 7d`;
+    }
+    return null;
+}
+export function validateMetricName(metric, registry) {
+    const allMetrics = new Set();
+    for (const c of registry.getBySignal("metrics")) {
+        for (const m of c.getMetrics())
+            allMetrics.add(m.name);
+    }
+    if (allMetrics.size > 0 && !allMetrics.has(metric)) {
+        return `Unknown metric "${metric}". Available metrics: ${[...allMetrics].join(", ")}`;
+    }
+    return null;
+}
+/**
+ * Sanitize a label value for use in PromQL/LogQL queries.
+ * Only allows alphanumeric, hyphens, underscores, dots, colons.
+ * Rejects anything that could be used for injection.
+ */
+export function sanitizeLabelValue(value) {
+    if (!value || value.length > 128) {
+        return null;
+    }
+    if (!SAFE_LABEL_RE.test(value)) {
+        return null;
+    }
+    return value;
+}
+export function validateServiceName(service) {
+    if (!sanitizeLabelValue(service)) {
+        return `Invalid service name "${service}". Only alphanumeric characters, hyphens, underscores, dots, and colons are allowed (max 128 chars).`;
+    }
+    return null;
+}
+export function errorResponse(message) {
+    return {
+        content: [{ type: "text", text: JSON.stringify({ error: message }) }],
+        isError: true,
+    };
+}

package/dist/tools/validation.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/tools/validation.test.js

@@ -0,0 +1,84 @@
+import { describe, it } from "node:test";
+import assert from "node:assert/strict";
+import { validateDuration, validateServiceName, sanitizeLabelValue, errorResponse } from "./validation.js";
+describe("validateDuration", () => {
+    it("accepts valid durations", () => {
+        assert.equal(validateDuration("5m"), null);
+        assert.equal(validateDuration("1h"), null);
+        assert.equal(validateDuration("24h"), null);
+        assert.equal(validateDuration("7d"), null);
+        assert.equal(validateDuration("30m"), null);
+        assert.equal(validateDuration("365d"), null);
+    });
+    it("rejects invalid durations", () => {
+        assert.ok(validateDuration("") !== null);
+        assert.ok(validateDuration("5") !== null);
+        assert.ok(validateDuration("m") !== null);
+        assert.ok(validateDuration("5s") !== null); // seconds not supported
+        assert.ok(validateDuration("5min") !== null); // only single-char units
+        assert.ok(validateDuration("-5m") !== null); // no negative
+        assert.ok(validateDuration("5.5m") !== null); // no decimals
+        assert.ok(validateDuration("5m 1h") !== null); // no spaces
+        assert.ok(validateDuration("abc") !== null);
+    });
+    it("returns helpful error message", () => {
+        const err = validateDuration("5s");
+        assert.ok(err.includes("Invalid duration"));
+        assert.ok(err.includes("5m")); // example in message
+    });
+});
+describe("sanitizeLabelValue", () => {
+    it("accepts valid label values", () => {
+        assert.equal(sanitizeLabelValue("api-gateway"), "api-gateway");
+        assert.equal(sanitizeLabelValue("payment_service"), "payment_service");
+        assert.equal(sanitizeLabelValue("svc.prod.us-east-1"), "svc.prod.us-east-1");
+        assert.equal(sanitizeLabelValue("host:8080"), "host:8080");
+        assert.equal(sanitizeLabelValue("a"), "a");
+    });
+    it("rejects empty string", () => {
+        assert.equal(sanitizeLabelValue(""), null);
+    });
+    it("rejects strings over 128 characters", () => {
+        assert.equal(sanitizeLabelValue("a".repeat(129)), null);
+    });
+    it("accepts exactly 128 characters", () => {
+        assert.equal(sanitizeLabelValue("a".repeat(128)), "a".repeat(128));
+    });
+    it("rejects injection attempts", () => {
+        assert.equal(sanitizeLabelValue('service"}[5m])'), null); // PromQL injection
+        assert.equal(sanitizeLabelValue("service`rm -rf`"), null); // command injection
+        assert.equal(sanitizeLabelValue("svc;drop"), null); // semicolon
+        assert.equal(sanitizeLabelValue("svc name"), null); // spaces
+        assert.equal(sanitizeLabelValue('svc"name'), null); // quotes
+        assert.equal(sanitizeLabelValue("svc'name"), null); // single quotes
+        assert.equal(sanitizeLabelValue("svc{name}"), null); // braces
+        assert.equal(sanitizeLabelValue("svc|name"), null); // pipe
+    });
+});
+describe("validateServiceName", () => {
+    it("returns null for valid service names", () => {
+        assert.equal(validateServiceName("api-gateway"), null);
+        assert.equal(validateServiceName("payment-service"), null);
+        assert.equal(validateServiceName("my_svc_v2"), null);
+    });
+    it("returns error for invalid service names", () => {
+        assert.ok(validateServiceName("") !== null);
+        assert.ok(validateServiceName("svc name") !== null);
+        assert.ok(validateServiceName('svc"injection') !== null);
+    });
+    it("returns helpful error message", () => {
+        const err = validateServiceName("bad name!");
+        assert.ok(err.includes("Invalid service name"));
+        assert.ok(err.includes("alphanumeric"));
+    });
+});
+describe("errorResponse", () => {
+    it("returns MCP error format", () => {
+        const res = errorResponse("something went wrong");
+        assert.equal(res.isError, true);
+        assert.equal(res.content.length, 1);
+        assert.equal(res.content[0].type, "text");
+        const parsed = JSON.parse(res.content[0].text);
+        assert.equal(parsed.error, "something went wrong");
+    });
+});

package/dist/types.d.ts

@@ -0,0 +1,171 @@
+export type SignalType = "metrics" | "logs" | "traces";
+export type HealthStatus = "healthy" | "degraded" | "critical";
+export type Trend = "rising" | "falling" | "stable";
+export type AnomalySeverity = "low" | "medium" | "high";
+/** A metric definition tied to a specific connector type's query language */
+export interface MetricDefinition {
+    name: string;
+    query: string;
+    unit: string;
+    description: string;
+}
+export interface SourceAuth {
+    type: "none" | "basic" | "bearer";
+    username?: string;
+    password?: string;
+    token?: string;
+}
+export interface SourceTls {
+    skipVerify?: boolean;
+    caCert?: string;
+    clientCert?: string;
+    clientKey?: string;
+}
+export interface SourceConfig {
+    name: string;
+    type: string;
+    url: string;
+    enabled: boolean;
+    auth?: SourceAuth;
+    tls?: SourceTls;
+    /** @deprecated Use tls.skipVerify instead */
+    tlsSkipVerify?: boolean;
+    metrics?: MetricDefinition[];
+}
+export interface GeneralSettings {
+    checkIntervalMs: number;
+    defaultSensitivity: "low" | "medium" | "high";
+}
+export interface HealthThresholds {
+    weights: {
+        errorRate: number;
+        latency: number;
+        cpu: number;
+        logErrors: number;
+    };
+    cpu: {
+        good: number;
+        warn: number;
+        crit: number;
+    };
+    errorRate: {
+        good: number;
+        warn: number;
+        crit: number;
+    };
+    latencyP99: {
+        good: number;
+        warn: number;
+        crit: number;
+    };
+    logErrors: {
+        good: number;
+        warn: number;
+        crit: number;
+    };
+    statusBoundaries: {
+        healthy: number;
+        degraded: number;
+    };
+}
+export interface Config {
+    sources: SourceConfig[];
+    settings: GeneralSettings;
+    healthThresholds: HealthThresholds;
+}
+export interface ConnectorHealth {
+    status: "up" | "down";
+    latencyMs: number;
+    message?: string;
+}
+export interface ServiceInfo {
+    name: string;
+    source: string;
+    signalType: SignalType;
+    labels?: Record<string, string>;
+}
+export interface MetricInfo {
+    name: string;
+    type: string;
+    help: string;
+    unit?: string;
+}
+export interface MetricQuery {
+    service: string;
+    metric: string;
+    duration: string;
+    step?: string;
+}
+export interface LogQuery {
+    service: string;
+    query?: string;
+    duration: string;
+    limit?: number;
+    level?: string;
+}
+export interface DataPoint {
+    timestamp: string;
+    value: number;
+}
+export interface MetricSummary {
+    current: number;
+    average: number;
+    min: number;
+    max: number;
+    trend: Trend;
+}
+export interface MetricResult {
+    source: string;
+    service: string;
+    metric: string;
+    unit: string;
+    values: DataPoint[];
+    summary: MetricSummary;
+}
+export interface LogEntry {
+    timestamp: string;
+    level: string;
+    message: string;
+    labels: Record<string, string>;
+}
+export interface LogSummary {
+    total: number;
+    errorCount: number;
+    warnCount: number;
+    topPatterns: string[];
+}
+export interface LogResult {
+    source: string;
+    service: string;
+    entries: LogEntry[];
+    summary: LogSummary;
+}
+export interface AnomalyReport {
+    metric: string;
+    severity: AnomalySeverity;
+    description: string;
+    currentValue: number;
+    baselineValue: number;
+    deviationPercent: number;
+    source: string;
+    service: string;
+}
+export interface ServiceHealth {
+    service: string;
+    status: HealthStatus;
+    score: number;
+    signals: {
+        metrics: {
+            cpu: number;
+            memory: number;
+            errorRate: number;
+            latencyP99: number;
+        };
+        logs: {
+            errorRate: number;
+            topErrors: string[];
+        };
+    };
+    anomalies: AnomalyReport[];
+    correlations: string[];
+}

package/dist/types.js

@@ -0,0 +1 @@
+export {};