@thotischner/observability-mcp 1.4.1 → 1.6.0

package/dist/index.js

@@ -1,5 +1,6 @@
 #!/usr/bin/env node
 import express from "express";
+import rateLimit from "express-rate-limit";
 import { randomUUID } from "node:crypto";
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
@@ -7,6 +8,9 @@ import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"
 import { z } from "zod";
 import { loadConfig, saveConfig, DEFAULT_HEALTH_THRESHOLDS, DEFAULT_SETTINGS } from "./config/loader.js";
 import { ConnectorRegistry, getSupportedTypes } from "./connectors/registry.js";
+import { defaultContext, principalContext } from "./context.js";
+import { enforceEntitledAccess, enterpriseGateStatus, enterpriseGateInfo, enterprisePolicyView, enterpriseCatalogView, enterpriseAuditTail, authorizeAdmin, updateRbacPolicy, updateCatalog, } from "./enterprise-gate.js";
+import { loadCredentials, credentialsConfigured, extractToken, resolveToken, } from "./auth/credentials.js";
 import { getPluginLoader } from "./connectors/loader.js";
 import { resolveHubCatalogUrl, describeInstalled, mergeCatalog, fetchHubCatalog, } from "./connectors/hub.js";
 import { isValidConnectorName, installTarball } from "./connectors/install.js";
@@ -75,35 +79,18 @@ function validateSourceUrl(url) {
 // Hard cap for a downloaded/uploaded connector tarball (defence against
 // a hostile or accidental huge artifact OOM-ing the server).
 const MAX_CONNECTOR_TGZ_BYTES = 64 * 1024 * 1024;
-// Dependency-free fixed-window per-client rate limiter for the runtime
-// connector install/upload routes (expensive: fetch + extract + verify +
-// fs write + loader rescan). Bounds abuse even with ENABLE_UI_INSTALL on.
-const installRateState = new Map();
-function installRateLimit(req, res, next) {
-    const WINDOW_MS = 60_000;
-    const MAX = 5;
-    const now = Date.now();
-    if (installRateState.size > 5000) {
-        for (const [k, v] of installRateState)
-            if (v.resetAt < now)
-                installRateState.delete(k);
-    }
-    const key = req.ip || "unknown";
-    let s = installRateState.get(key);
-    if (!s || s.resetAt < now) {
-        s = { count: 0, resetAt: now + WINDOW_MS };
-        installRateState.set(key, s);
-    }
-    s.count++;
-    if (s.count > MAX) {
-        res.setHeader("Retry-After", String(Math.ceil((s.resetAt - now) / 1000)));
-        res.status(429).json({
-            error: "rate limit exceeded — too many connector install attempts, slow down",
-        });
-        return;
-    }
-    next();
-}
+// Per-client rate limiter for the expensive runtime routes (connector
+// install/upload: fetch + extract + verify + fs write + loader rescan;
+// add/test source: outbound backend connect). Uses express-rate-limit
+// so the control is explicit and well-tested. Bounds abuse even with
+// ENABLE_UI_INSTALL on.
+const installRateLimit = rateLimit({
+    windowMs: 60_000,
+    limit: 5,
+    standardHeaders: true,
+    legacyHeaders: false,
+    message: { error: "rate limit exceeded — too many attempts, slow down" },
+});
 async function main() {
     // Stdio transport mode (MCP catalogs / desktop clients / Glama's
     // mcp-proxy spawn a stdio MCP server and read JSON-RPC from stdout).
@@ -124,7 +111,7 @@ async function main() {
     // so we cannot share a single McpServer across HTTP sessions. Each new
     // session needs its own server. The factory captures the live registry
     // by reference so tool handlers always see the current configuration.
-    function createMcpServer() {
+    function createMcpServer(ctx) {
         const mcpServer = new McpServer({
             name: "observability-mcp",
             version: SERVER_VERSION,
@@ -135,7 +122,10 @@ async function main() {
             "When to use: call this first to learn which source names exist and are healthy before passing `source` to other tools, or to debug why a query returns no data.",
             "Behavior: read-only, no side effects. Returns one entry per source with its name, type, configured URL, signal types (metrics/logs), and a live up/down status. Never throws for an unreachable backend — the backend is reported as down instead.",
             "Related: use `list_services` to see what is monitored within these sources.",
-        ].join(" "), {}, async () => withToolMetrics("list_sources", () => listSourcesHandler(registry)));
+        ].join(" "), {}, async () => {
+            await enforceEntitledAccess(ctx, { tool: "list_sources" });
+            return withToolMetrics("list_sources", () => listSourcesHandler(registry, ctx));
+        });
         mcpServer.tool("list_services", [
             "Discover the service names that can be queried, aggregated across every connected backend.",
             "When to use: call this before `query_metrics`, `query_logs`, or `get_service_health` to obtain the exact, case-sensitive service name those tools require.",
@@ -146,7 +136,10 @@ async function main() {
                 .string()
                 .optional()
                 .describe("Optional case-insensitive substring to narrow the result to matching service names (e.g. 'payment'). Omit to list every discovered service."),
-        }, async (args) => withToolMetrics("list_services", () => listServicesHandler(registry, args)));
+        }, async (args) => {
+            await enforceEntitledAccess(ctx, { tool: "list_services" });
+            return withToolMetrics("list_services", () => listServicesHandler(registry, args, ctx));
+        });
         const metricsList = getAvailableMetricNames(registry);
         const metricNames = registry.getBySignal("metrics").flatMap(c => c.getMetrics().map(m => m.name));
         const uniqueNames = [...new Set(metricNames)];
@@ -175,7 +168,10 @@ async function main() {
                 .string()
                 .optional()
                 .describe("Optional. Metric label to break the result down by, e.g. 'instance', 'pod', 'node'. When set, the response contains one series per distinct label value under `groups`. Default: a single aggregated series."),
-        }, async (args) => withToolMetrics("query_metrics", () => queryMetricsHandler(registry, args)));
+        }, async (args) => {
+            await enforceEntitledAccess(ctx, { tool: "query_metrics", source: args?.source, service: args?.service });
+            return withToolMetrics("query_metrics", () => queryMetricsHandler(registry, args, ctx));
+        });
         mcpServer.tool("query_logs", [
             "Fetch recent log entries for ONE service over a look-back window, with a pre-computed summary (error/warning counts and the most frequent error patterns).",
             "When to use: to inspect what a service actually logged, or to investigate an error spike surfaced by `detect_anomalies` / `get_service_health`. For numeric metrics use `query_metrics` instead.",
@@ -203,7 +199,10 @@ async function main() {
                 .positive()
                 .optional()
                 .describe("Optional. Maximum number of log entries to return (most recent first). Default: 100."),
-        }, async (args) => withToolMetrics("query_logs", () => queryLogsHandler(registry, args)));
+        }, async (args) => {
+            await enforceEntitledAccess(ctx, { tool: "query_logs", source: args?.source, service: args?.service });
+            return withToolMetrics("query_logs", () => queryLogsHandler(registry, args, ctx));
+        });
         mcpServer.tool("get_service_health", [
             "Produce a single aggregated health verdict for ONE service by combining its metrics and logs.",
             "When to use: the fastest way to answer 'is this service healthy right now and why?'. Use `query_metrics`/`query_logs` to drill into the underlying numbers, or `detect_anomalies` to scan many services at once.",
@@ -213,7 +212,10 @@ async function main() {
             service: z
                 .string()
                 .describe("Required. Exact, case-sensitive service name exactly as returned by `list_services` (e.g. 'payment-service')."),
-        }, async (args) => withToolMetrics("get_service_health", () => getServiceHealthHandler(registry, args)));
+        }, async (args) => {
+            await enforceEntitledAccess(ctx, { tool: "get_service_health", service: args?.service });
+            return withToolMetrics("get_service_health", () => getServiceHealthHandler(registry, args, ctx));
+        });
         mcpServer.tool("detect_anomalies", [
             "Scan one or all monitored services for abnormal behavior and return the findings ranked by severity.",
             "When to use: the entry point for 'is anything wrong anywhere?' triage. Once a service is flagged, follow up with `get_service_health` for the verdict or `query_metrics`/`query_logs` for the raw evidence.",
@@ -232,7 +234,10 @@ async function main() {
                 .enum(["low", "medium", "high"])
                 .optional()
                 .describe("Optional. Detection threshold: 'low' flags only strong deviations (>3σ), 'medium' is balanced (>2σ), 'high' is most sensitive and noisier (>1.5σ). Default: 'medium'."),
-        }, async (args) => withToolMetrics("detect_anomalies", () => detectAnomaliesHandler(registry, args)));
+        }, async (args) => {
+            await enforceEntitledAccess(ctx, { tool: "detect_anomalies", source: args?.source, service: args?.service });
+            return withToolMetrics("detect_anomalies", () => detectAnomaliesHandler(registry, args, ctx));
+        });
         return mcpServer;
     }
     // --- HTTP server ---
@@ -327,6 +332,7 @@ async function main() {
         res.json({
             name: "observability-mcp",
             version: SERVER_VERSION,
+            enterpriseGate: await enterpriseGateStatus(),
             mcpProtocolVersion: "2025-03-26",
             build: {
                 commit: process.env.GIT_COMMIT || null,
@@ -350,6 +356,58 @@ async function main() {
     app.get("/api/connectors", (_req, res) => {
         res.json({ connectors: describeInstalled(getPluginLoader().list()) });
     });
+    // --- Enterprise console (read-only introspection) -------------------
+    // Drives the management UI's Enterprise page. Read-only in this phase;
+    // never exposes the entitlement token or any key. Same trusted-local
+    // management plane as the other /api/* endpoints (see auth-and-tls).
+    app.get("/api/enterprise/status", async (_req, res) => {
+        try {
+            res.json(await enterpriseGateInfo());
+        }
+        catch (e) {
+            res.status(500).json({ error: String(e) });
+        }
+    });
+    app.get("/api/enterprise/policy", (_req, res) => {
+        res.json(enterprisePolicyView());
+    });
+    app.get("/api/enterprise/catalog", (_req, res) => {
+        res.json(enterpriseCatalogView());
+    });
+    app.get("/api/enterprise/audit", async (req, res) => {
+        const limit = Math.min(Number(req.query.limit) || 50, 500);
+        try {
+            res.json(await enterpriseAuditTail(limit));
+        }
+        catch (e) {
+            res.status(500).json({ error: String(e) });
+        }
+    });
+    // Phase 2: edit the RBAC policy. NOT on the open local plane — requires
+    // an API-key principal the CURRENT policy grants `enterprise:admin`.
+    app.put("/api/enterprise/policy", async (req, res) => {
+        const cred = resolveToken(extractToken(req.headers), loadCredentials());
+        const principal = cred ? cred.name : null;
+        const authz = await authorizeAdmin(principal);
+        if (!authz.ok)
+            return res.status(authz.status).json({ error: authz.error });
+        const result = await updateRbacPolicy(principal, req.body);
+        if (!result.ok)
+            return res.status(result.status).json({ error: result.error });
+        res.json({ ok: true });
+    });
+    // Phase 3: edit the product catalog. Same admin model as the RBAC write.
+    app.put("/api/enterprise/catalog", async (req, res) => {
+        const cred = resolveToken(extractToken(req.headers), loadCredentials());
+        const principal = cred ? cred.name : null;
+        const authz = await authorizeAdmin(principal);
+        if (!authz.ok)
+            return res.status(authz.status).json({ error: authz.error });
+        const result = await updateCatalog(principal, req.body);
+        if (!result.ok)
+            return res.status(result.status).json({ error: result.error });
+        res.json({ ok: true });
+    });
     // Server-side proxy of the connector hub catalog (so the browser
     // needn't reach the hub directly — works behind a proxy / against a
     // mirror via HUB_CATALOG_URL). Installed status merged in.
@@ -485,7 +543,7 @@ async function main() {
         }
     });
     // Add a new source
-    app.post("/api/sources", async (req, res) => {
+    app.post("/api/sources", installRateLimit, async (req, res) => {
         const { name, type, url, enabled, auth, tls } = req.body;
         if (!name || !type || !url) {
             res.status(400).json({ error: "name, type, and url are required" });
@@ -548,7 +606,7 @@ async function main() {
         res.json({ ok: true });
     });
     // Test a source connection (without saving)
-    app.post("/api/sources/test", async (req, res) => {
+    app.post("/api/sources/test", installRateLimit, async (req, res) => {
         const { name, type, url, enabled, auth, tls } = req.body;
         if (!type || !url) {
             res.status(400).json({ error: "type and url are required" });
@@ -594,7 +652,7 @@ async function main() {
     // List discovered services
     app.get("/api/services", async (_req, res) => {
         try {
-            const result = await listServicesHandler(registry, {});
+            const result = await listServicesHandler(registry, {}, defaultContext());
             res.json(parseToolResult(result));
         }
         catch {
@@ -604,7 +662,7 @@ async function main() {
     // Health endpoint for UI dashboard
     app.get("/api/health/:service", async (req, res) => {
         try {
-            const result = await getServiceHealthHandler(registry, { service: req.params.service });
+            const result = await getServiceHealthHandler(registry, { service: req.params.service }, defaultContext());
             res.json(parseToolResult(result));
         }
         catch {
@@ -614,13 +672,13 @@ async function main() {
     // Health for all services
     app.get("/api/health", async (_req, res) => {
         try {
-            const servicesResult = await listServicesHandler(registry, {});
+            const servicesResult = await listServicesHandler(registry, {}, defaultContext());
             const parsed = parseToolResult(servicesResult);
             const services = parsed?.services || [];
             const health = {};
             for (const svc of services) {
                 try {
-                    const result = await getServiceHealthHandler(registry, { service: svc.name });
+                    const result = await getServiceHealthHandler(registry, { service: svc.name }, defaultContext());
                     health[svc.name] = parseToolResult(result);
                 }
                 catch {
@@ -703,7 +761,7 @@ async function main() {
     });
     // Stdio transport: one server over stdin/stdout, no HTTP listener.
     if (STDIO) {
-        const server = createMcpServer();
+        const server = createMcpServer(defaultContext());
         await server.connect(new StdioServerTransport());
         console.error(`observability-mcp running on stdio transport · connectors: ${registry
             .getAll()
@@ -727,7 +785,26 @@ async function main() {
         }
         mcpActiveSessions.set(transports.size);
     }, 5 * 60 * 1000);
+    // Single-tenant auth gate. No credentials configured → anonymous (current
+    // behaviour, fully backward compatible). Configured → require a valid
+    // Bearer/X-API-Key on every /mcp request; resolve the principal + its
+    // coarse source allow-list into the RequestContext.
+    function gateCtx(req, res) {
+        if (!credentialsConfigured())
+            return defaultContext();
+        const cred = resolveToken(extractToken(req.headers), loadCredentials());
+        if (!cred) {
+            res
+                .status(401)
+                .json({ error: "unauthorized: valid Bearer token or X-API-Key required" });
+            return null;
+        }
+        return principalContext(cred.name, cred.allowedSources);
+    }
     app.post("/mcp", async (req, res) => {
+        const ctx = gateCtx(req, res);
+        if (!ctx)
+            return;
         const sessionId = req.headers["mcp-session-id"];
         let transport;
         if (sessionId && transports.has(sessionId)) {
@@ -747,7 +824,7 @@ async function main() {
                 }
                 mcpActiveSessions.set(transports.size);
             };
-            const sessionMcpServer = createMcpServer();
+            const sessionMcpServer = createMcpServer(ctx);
             await sessionMcpServer.connect(transport);
         }
         await transport.handleRequest(req, res, req.body);
@@ -761,6 +838,8 @@ async function main() {
         mcpActiveSessions.set(transports.size);
     });
     app.get("/mcp", async (req, res) => {
+        if (!gateCtx(req, res))
+            return;
         const sessionId = req.headers["mcp-session-id"];
         const transport = transports.get(sessionId);
         if (!transport) {
@@ -770,6 +849,8 @@ async function main() {
         await transport.handleRequest(req, res);
     });
     app.delete("/mcp", async (req, res) => {
+        if (!gateCtx(req, res))
+            return;
         const sessionId = req.headers["mcp-session-id"];
         const transport = transports.get(sessionId);
         if (transport) {

package/dist/net/egress-policy.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Verifiable offline mode — egress policy.
+ *
+ * The server performs **no telemetry, analytics, phone-home, or update
+ * checks**. The only outbound network calls it ever makes are to backends
+ * the operator explicitly configures (Prometheus/Loki/... source URLs) or to
+ * an artifact URL the operator/registry explicitly asks it to install.
+ *
+ * This module is the machine-checkable statement of that guarantee:
+ * `egress-policy.test.ts` fails CI if any source file outside the allowlist
+ * introduces an outbound call — so the "no data egress" property cannot
+ * silently regress.
+ */
+export declare const OFFLINE_STATEMENT: string;
+/** Regex of outbound-call shapes the guard scans for. */
+export declare const OUTBOUND_PATTERN: RegExp;
+/**
+ * Files/prefixes permitted to make outbound calls, each with the reason.
+ * Anything matching OUTBOUND_PATTERN outside these paths is a policy breach
+ * (e.g. a newly added analytics/telemetry module).
+ */
+export declare const EGRESS_ALLOWLIST: ReadonlyArray<{
+    prefix: string;
+    reason: string;
+}>;
+/**
+ * Hard-blocked analytics/telemetry SDKs — matches an *import/require of the
+ * package*, not the word in prose, so comments/policy text don't false-positive.
+ */
+export declare const FORBIDDEN_TELEMETRY: RegExp;
+export declare function isEgressAllowed(relPath: string): boolean;

package/dist/net/egress-policy.js

@@ -0,0 +1,37 @@
+/**
+ * Verifiable offline mode — egress policy.
+ *
+ * The server performs **no telemetry, analytics, phone-home, or update
+ * checks**. The only outbound network calls it ever makes are to backends
+ * the operator explicitly configures (Prometheus/Loki/... source URLs) or to
+ * an artifact URL the operator/registry explicitly asks it to install.
+ *
+ * This module is the machine-checkable statement of that guarantee:
+ * `egress-policy.test.ts` fails CI if any source file outside the allowlist
+ * introduces an outbound call — so the "no data egress" property cannot
+ * silently regress.
+ */
+export const OFFLINE_STATEMENT = "observability-mcp makes no telemetry/analytics/phone-home/update calls. " +
+    "Outbound traffic goes only to operator-configured source backends and " +
+    "operator/registry-requested plugin artifacts. It runs fully air-gapped.";
+/** Regex of outbound-call shapes the guard scans for. */
+export const OUTBOUND_PATTERN = /\b(fetch\s*\(|https?\.request\s*\(|new\s+WebSocket\s*\(|import\s*\(\s*['"]https?:)/;
+/**
+ * Files/prefixes permitted to make outbound calls, each with the reason.
+ * Anything matching OUTBOUND_PATTERN outside these paths is a policy breach
+ * (e.g. a newly added analytics/telemetry module).
+ */
+export const EGRESS_ALLOWLIST = [
+    { prefix: "connectors/", reason: "connectors query operator-configured source backends" },
+    { prefix: "cli/index.ts", reason: "CLI fetches a source location the operator passed explicitly" },
+    { prefix: "index.ts", reason: "connector-hub plugin install of an operator/registry-requested tarball URL" },
+];
+/**
+ * Hard-blocked analytics/telemetry SDKs — matches an *import/require of the
+ * package*, not the word in prose, so comments/policy text don't false-positive.
+ */
+export const FORBIDDEN_TELEMETRY = /(?:from\s*['"]|require\(\s*['"])[^'"]*(sentry|posthog|mixpanel|amplitude|@segment|datadog-rum|analytics-node|google-analytics)/i;
+export function isEgressAllowed(relPath) {
+    const p = relPath.replace(/\\/g, "/");
+    return EGRESS_ALLOWLIST.some((a) => p === a.prefix || p.startsWith(a.prefix));
+}

package/dist/net/egress-policy.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/net/egress-policy.test.js

@@ -0,0 +1,52 @@
+import { describe, it } from "node:test";
+import assert from "node:assert/strict";
+import { readFileSync, readdirSync, statSync } from "node:fs";
+import { fileURLToPath } from "node:url";
+import { dirname, join, relative } from "node:path";
+import { OUTBOUND_PATTERN, FORBIDDEN_TELEMETRY, isEgressAllowed, EGRESS_ALLOWLIST, } from "./egress-policy.js";
+// Verifiable offline mode: static guard so the "no data egress" guarantee
+// cannot silently regress. Any new outbound call outside the documented
+// allowlist, or any analytics/telemetry SDK anywhere, fails CI here.
+const srcRoot = join(dirname(fileURLToPath(import.meta.url)), "..");
+function walk(dir) {
+    const out = [];
+    for (const e of readdirSync(dir)) {
+        const p = join(dir, e);
+        if (statSync(p).isDirectory())
+            out.push(...walk(p));
+        else if (e.endsWith(".ts") && !e.endsWith(".test.ts"))
+            out.push(p);
+    }
+    return out;
+}
+describe("verifiable offline mode — egress policy", () => {
+    const files = walk(srcRoot)
+        .map((f) => ({
+        rel: relative(srcRoot, f).replace(/\\/g, "/"),
+        src: readFileSync(f, "utf8"),
+    }))
+        // The policy module itself names these tokens by design.
+        .filter((f) => f.rel !== "net/egress-policy.ts");
+    it("scans a non-trivial number of source files", () => {
+        assert.ok(files.length > 20, `only scanned ${files.length} files`);
+    });
+    it("no outbound call outside the egress allowlist", () => {
+        const breaches = files
+            .filter((f) => OUTBOUND_PATTERN.test(f.src) && !isEgressAllowed(f.rel))
+            .map((f) => f.rel);
+        assert.deepEqual(breaches, [], `outbound calls found outside allowlist (${EGRESS_ALLOWLIST.map((a) => a.prefix).join(", ")}): ` +
+            `${breaches.join(", ")} — telemetry/phone-home is forbidden; if legitimate, extend EGRESS_ALLOWLIST with a reason`);
+    });
+    it("no analytics/telemetry SDK anywhere in source", () => {
+        const hits = files
+            .filter((f) => FORBIDDEN_TELEMETRY.test(f.src))
+            .map((f) => f.rel);
+        assert.deepEqual(hits, [], `forbidden telemetry/analytics identifiers in: ${hits.join(", ")}`);
+    });
+    it("allowlisted files are still present (allowlist not stale)", () => {
+        for (const { prefix } of EGRESS_ALLOWLIST) {
+            const covered = files.some((f) => f.rel === prefix || f.rel.startsWith(prefix));
+            assert.ok(covered, `allowlist entry "${prefix}" matches no source file — prune it`);
+        }
+    });
+});

package/dist/tools/context-seam.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/tools/context-seam.test.js

@@ -0,0 +1,23 @@
+import { describe, it } from "node:test";
+import assert from "node:assert/strict";
+import { readFileSync, readdirSync } from "node:fs";
+import { fileURLToPath } from "node:url";
+import { dirname, join } from "node:path";
+// Keystone guard: every tool handler must accept the RequestContext seam.
+// This prevents a new handler (or a refactor) from silently bypassing the
+// request-scoped context that access-control / scoping / audit attach to.
+const here = dirname(fileURLToPath(import.meta.url));
+describe("RequestContext seam", () => {
+    const handlerFiles = readdirSync(here).filter((f) => f.endsWith(".ts") && !f.endsWith(".test.ts"));
+    for (const file of handlerFiles) {
+        const src = readFileSync(join(here, file), "utf8");
+        const hasHandler = /export\s+(async\s+)?function\s+\w*Handler\s*\(/.test(src);
+        if (!hasHandler)
+            continue;
+        it(`${file}: handler accepts a RequestContext`, () => {
+            assert.match(src, /_ctx:\s*RequestContext/, `${file} exports a *Handler but does not thread RequestContext — ` +
+                `add the ctx seam (see context.ts)`);
+            assert.match(src, /from "\.\.\/context\.js"/, `${file} must import from ../context.js`);
+        });
+    }
+});

package/dist/tools/detect-anomalies.d.ts

@@ -1,4 +1,5 @@
 import type { ConnectorRegistry } from "../connectors/registry.js";
+import { type RequestContext } from "../context.js";
 export declare const detectAnomaliesDefinition: {
     name: "detect_anomalies";
     description: string;
@@ -25,7 +26,7 @@ export declare function detectAnomaliesHandler(registry: ConnectorRegistry, args
     service?: string;
     duration?: string;
     sensitivity?: string;
-}): Promise<{
+}, _ctx?: RequestContext): Promise<{
     content: {
         type: "text";
         text: string;

package/dist/tools/detect-anomalies.js

@@ -1,4 +1,6 @@
-import { detectRecentAnomaly } from "../analysis/anomaly.js";
+import { defaultContext } from "../context.js";
+import { detectAnomaly, classifyMetric } from "../analysis/anomaly.js";
+import { rankRootCause } from "../analysis/correlator.js";
 export const detectAnomaliesDefinition = {
     name: "detect_anomalies",
     description: "Scan for anomalies across all monitored services (or a specific service). Detects metric deviations using z-score analysis against recent baseline, checks log error spikes, and correlates signals across metrics and logs. Returns anomalies with severity ratings and cross-signal correlations.",
@@ -26,8 +28,12 @@ const SENSITIVITY_THRESHOLDS = {
     medium: 2.0,
     high: 1.5,
 };
-const KEY_METRICS = ["cpu", "error_rate", "latency_p99", "request_rate"];
-export async function detectAnomaliesHandler(registry, args) {
+const KEY_METRICS = ["cpu", "memory", "error_rate", "latency_p99", "request_rate"];
+// Patterns that signal a serious incident even at warn level and even when
+// the overall error ratio is low (e.g. a memory leak emits a handful of
+// "OutOfMemoryWarning" lines long before it turns into 5xx errors).
+const CRITICAL_LOG_PATTERN = /\b(out\s?of\s?memory|oom|outofmemory|heap (usage|exhaust)|memory leak|panic|fatal|deadlock|segfault|stack overflow|cannot allocate)\b/i;
+export async function detectAnomaliesHandler(registry, args, _ctx = defaultContext()) {
     const duration = args.duration || "10m";
     const threshold = SENSITIVITY_THRESHOLDS[args.sensitivity || "medium"] || 2.0;
     // Discover services to scan
@@ -56,18 +62,21 @@ export async function detectAnomaliesHandler(registry, args) {
             for (const metric of KEY_METRICS) {
                 try {
                     const result = await connector.queryMetrics({ service: serviceName, metric, duration });
-                    const values = result.values.map((v) => v.value);
-                    const anomaly = detectRecentAnomaly(values, 5, threshold);
+                    const points = result.values.map((v) => ({ timestamp: v.timestamp, value: v.value }));
+                    const anomaly = detectAnomaly(points, {
+                        threshold,
+                        metricKind: classifyMetric(metric),
+                    });
                     if (anomaly.isAnomaly) {
-                        const deviationPercent = anomaly.baselineAvg === 0
+                        const deviationPercent = anomaly.baselineValue === 0
                             ? 100
-                            : Math.round(((anomaly.recentAvg - anomaly.baselineAvg) / anomaly.baselineAvg) * 100);
+                            : Math.round(((anomaly.recentValue - anomaly.baselineValue) / anomaly.baselineValue) * 100);
                         allAnomalies.push({
                             metric,
-                            severity: Math.abs(anomaly.zScore) >= 3 ? "high" : Math.abs(anomaly.zScore) >= 2 ? "medium" : "low",
-                            description: `${metric} is ${anomaly.zScore.toFixed(1)}σ ${anomaly.zScore > 0 ? "above" : "below"} baseline (${anomaly.baselineAvg.toFixed(2)} → ${anomaly.recentAvg.toFixed(2)})`,
-                            currentValue: anomaly.recentAvg,
-                            baselineValue: anomaly.baselineAvg,
+                            severity: Math.abs(anomaly.score) >= 6 ? "high" : Math.abs(anomaly.score) >= 4 ? "medium" : "low",
+                            description: `${metric}: ${anomaly.reason}`,
+                            currentValue: anomaly.recentValue,
+                            baselineValue: anomaly.baselineValue,
                             deviationPercent,
                             source: connector.name,
                             service: serviceName,
@@ -85,6 +94,21 @@ export async function detectAnomaliesHandler(registry, args) {
                 continue;
             try {
                 const logs = await connector.queryLogs({ service: serviceName, duration, limit: 500 });
+                // Critical-pattern scan — independent of the error-ratio gate, so a
+                // warn-level OOM/leak signal is not silently dropped.
+                const criticalPattern = logs.summary.topPatterns.find((p) => CRITICAL_LOG_PATTERN.test(p));
+                if (criticalPattern) {
+                    allAnomalies.push({
+                        metric: "log_critical_pattern",
+                        severity: "high",
+                        description: `Critical log pattern detected: "${criticalPattern}"`,
+                        currentValue: logs.summary.errorCount + logs.summary.warnCount,
+                        baselineValue: 0,
+                        deviationPercent: 100,
+                        source: connector.name,
+                        service: serviceName,
+                    });
+                }
                 if (logs.summary.errorCount > 5) {
                     const errorRatio = logs.summary.total > 0
                         ? logs.summary.errorCount / logs.summary.total
@@ -123,10 +147,22 @@ export async function detectAnomaliesHandler(registry, args) {
             }
         }
     }
+    // Dependency-aware root-cause ranking. The service graph / change markers
+    // are empty here (no trace source wired yet); ranking then degrades to
+    // severity-weighted ordering and still names the most likely culprit
+    // instead of just listing "both signals bad".
+    const rootCause = allAnomalies.length > 0
+        ? rankRootCause(allAnomalies.map((a) => ({
+            service: a.service,
+            metric: a.metric,
+            severity: a.severity,
+        })))
+        : { ranked: [], summary: "" };
     const result = {
         scannedServices: serviceNames.length,
         anomalies: allAnomalies,
         correlations: allCorrelations,
+        rootCause,
         summary: allAnomalies.length === 0
             ? "All services healthy — no anomalies detected."
             : `${allAnomalies.length} anomal${allAnomalies.length === 1 ? "y" : "ies"} detected across ${[...new Set(allAnomalies.map((a) => a.service))].length} service(s).`,

package/dist/tools/get-service-health.d.ts

@@ -1,4 +1,5 @@
 import type { ConnectorRegistry } from "../connectors/registry.js";
+import { type RequestContext } from "../context.js";
 import type { HealthThresholds } from "../types.js";
 export declare function setHealthThresholds(t: HealthThresholds): void;
 export declare const getServiceHealthDefinition: {
@@ -17,7 +18,7 @@ export declare const getServiceHealthDefinition: {
 };
 export declare function getServiceHealthHandler(registry: ConnectorRegistry, args: {
     service: string;
-}): Promise<{
+}, _ctx?: RequestContext): Promise<{
     content: {
         type: "text";
         text: string;

package/dist/tools/get-service-health.js

@@ -1,5 +1,6 @@
+import { defaultContext } from "../context.js";
 import { calculateHealthScore } from "../analysis/health.js";
-import { detectRecentAnomaly } from "../analysis/anomaly.js";
+import { detectRobustAnomaly, classifyMetric } from "../analysis/anomaly.js";
 import { sanitizeForLog } from "../util/sanitize.js";
 let _thresholds = null;
 export function setHealthThresholds(t) {
@@ -19,7 +20,7 @@ export const getServiceHealthDefinition = {
         required: ["service"],
     },
 };
-export async function getServiceHealthHandler(registry, args) {
+export async function getServiceHealthHandler(registry, args, _ctx = defaultContext()) {
     const metricsConnectors = registry.getBySignal("metrics");
     const logConnectors = registry.getBySignal("logs");
     // Gather metrics
@@ -93,17 +94,20 @@ export async function getServiceHealthHandler(registry, args) {
     };
 }
 function checkAnomaly(values, metric, service, source, anomalies) {
-    const result = detectRecentAnomaly(values);
+    // Robust, metric-type-aware detector (same path as detect_anomalies):
+    // latency/error_rate/saturation are one-sided, so a *decrease* (e.g.
+    // latency dropping) is correctly NOT flagged as an anomaly.
+    const result = detectRobustAnomaly(values, { metricKind: classifyMetric(metric) });
     if (result.isAnomaly) {
-        const deviationPercent = result.baselineAvg === 0
+        const deviationPercent = result.baselineValue === 0
             ? 100
-            : Math.round(((result.recentAvg - result.baselineAvg) / result.baselineAvg) * 100);
+            : Math.round(((result.recentValue - result.baselineValue) / result.baselineValue) * 100);
         anomalies.push({
             metric,
-            severity: Math.abs(result.zScore) >= 3 ? "high" : Math.abs(result.zScore) >= 2 ? "medium" : "low",
-            description: `${metric} is ${result.zScore.toFixed(1)}σ ${result.zScore > 0 ? "above" : "below"} baseline (${result.baselineAvg.toFixed(2)} → ${result.recentAvg.toFixed(2)})`,
-            currentValue: result.recentAvg,
-            baselineValue: result.baselineAvg,
+            severity: Math.abs(result.score) >= 6 ? "high" : Math.abs(result.score) >= 4 ? "medium" : "low",
+            description: `${metric}: ${result.reason}`,
+            currentValue: result.recentValue,
+            baselineValue: result.baselineValue,
             deviationPercent,
             source,
             service,