@thotischner/observability-mcp 1.7.1 → 3.0.0

package/dist/tenancy/migration.test.js

@@ -0,0 +1,75 @@
+/**
+ * Migration regression suite — pre-E7 single-tenant deployments must
+ * continue to work without any config change. These tests pin the
+ * "everything defaults to `default`" contract by simulating the
+ * exact data shapes a pre-E7 server / file / token would carry.
+ */
+import { test } from "node:test";
+import assert from "node:assert/strict";
+import { defaultContext, principalContext } from "../context.js";
+import { issueSession, verifySession } from "../auth/session.js";
+import { loadCredentials } from "../auth/credentials.js";
+import { CatalogStore } from "../catalog/loader.js";
+import { AuditLog } from "../audit/log.js";
+import { DEFAULT_TENANT } from "./context.js";
+const SECRET = "x".repeat(32);
+test("migration — anonymous context lands in DEFAULT_TENANT", () => {
+    const ctx = defaultContext();
+    assert.equal(ctx.tenant, DEFAULT_TENANT);
+});
+test("migration — principalContext without tenant opt → DEFAULT_TENANT", () => {
+    const ctx = principalContext("agent", ["prom-prod"]);
+    assert.equal(ctx.tenant, DEFAULT_TENANT);
+});
+test("migration — pre-E7 session cookie (no tenant field) verifies + reads back fine", () => {
+    // Session minted as it would have been pre-E7: no tenant.
+    const { cookie } = issueSession({ sub: "alice", name: "Alice", roles: ["operator"] }, { secret: SECRET });
+    const verified = verifySession(cookie, { secret: SECRET });
+    assert.ok(verified, "verifySession should accept a pre-E7 cookie");
+    assert.equal(verified.tenant, undefined, "tenant stays undefined; consumers default to 'default'");
+});
+test("migration — pre-E7 OMCP_API_KEYS (no OMCP_KEY_TENANTS) leaves credentials in DEFAULT_TENANT", () => {
+    const creds = loadCredentials({ OMCP_API_KEYS: "agent:tok_abc,ci:tok_def" });
+    assert.equal(creds.length, 2);
+    for (const c of creds) {
+        assert.equal(c.tenant, undefined, "no env → no tenant assignment → consumers default to 'default'");
+    }
+});
+test("migration — pre-E7 catalog (entries without tenant field) still enriches DEFAULT_TENANT callers", () => {
+    const store = new CatalogStore({
+        services: {
+            "payments": { owner: "team-payments" }, // pre-E7 shape
+            "shipping": { owner: "team-shipping" },
+        },
+    });
+    // A pre-E7 caller (no session, ctx.tenant = "default") sees both
+    // entries through the tenant-aware get().
+    assert.equal(store.get("payments", DEFAULT_TENANT)?.owner, "team-payments");
+    assert.equal(store.get("shipping", DEFAULT_TENANT)?.owner, "team-shipping");
+    // Same caller via the unfiltered get path also sees them (admins).
+    assert.equal(store.get("payments")?.owner, "team-payments");
+});
+test("migration — pre-E7 audit entries (no tenant field) surface under ?tenant=default", async () => {
+    const log = new AuditLog();
+    // Pre-E7 record: no tenant.
+    await log.record({ actor: { sub: "alice" }, resource: "sources", action: "write", method: "POST", path: "/api/sources", status: 200 });
+    const entries = log.list({ tenant: "default" });
+    assert.equal(entries.length, 1);
+    assert.equal(entries[0].actor.sub, "alice");
+});
+test("migration — opt-in is per-entry: an admin defining `tenant: acme` doesn't break the rest", () => {
+    const store = new CatalogStore({
+        services: {
+            "acme-app": { owner: "acme-team", tenant: "acme" }, // opted in
+            "shared-cdn": { owner: "infra" }, // pre-E7 shape
+        },
+    });
+    // The acme-tenant caller sees only their entry.
+    assert.equal(store.count("acme"), 1);
+    assert.equal(store.get("shared-cdn", "acme"), undefined);
+    // The default-tenant caller (anonymous / single-tenant) sees only
+    // the pre-E7 entry — the acme entry is correctly hidden.
+    assert.equal(store.count("default"), 1);
+    assert.equal(store.get("acme-app", "default"), undefined);
+    assert.equal(store.get("shared-cdn", "default")?.owner, "infra");
+});

package/dist/tools/context-seam.test.js

@@ -15,7 +15,12 @@ describe("RequestContext seam", () => {
         if (!hasHandler)
             continue;
         it(`${file}: handler accepts a RequestContext`, () => {
-            assert.match(src, /_ctx:\s*RequestContext/, `${file} exports a *Handler but does not thread RequestContext — ` +
+            // Accept both the read-and-use form (`ctx: RequestContext`) and
+            // the historic placeholder form (`_ctx: RequestContext`) — the
+            // seam is the same; the underscore was only there to silence
+            // unused-param lints. Handlers that actually consume the ctx
+            // (tenant-aware tools, post-E7) drop it.
+            assert.match(src, /\b_?ctx:\s*RequestContext/, `${file} exports a *Handler but does not thread RequestContext — ` +
                 `add the ctx seam (see context.ts)`);
             assert.match(src, /from "\.\.\/context\.js"/, `${file} must import from ../context.js`);
         });

package/dist/tools/detect-anomalies.d.ts

@@ -26,7 +26,7 @@ export declare function detectAnomaliesHandler(registry: ConnectorRegistry, args
     service?: string;
     duration?: string;
     sensitivity?: string;
-}, _ctx?: RequestContext): Promise<{
+}, ctx?: RequestContext): Promise<{
     content: {
         type: "text";
         text: string;

package/dist/tools/detect-anomalies.js

@@ -33,12 +33,13 @@ const KEY_METRICS = ["cpu", "memory", "error_rate", "latency_p99", "request_rate
 // the overall error ratio is low (e.g. a memory leak emits a handful of
 // "OutOfMemoryWarning" lines long before it turns into 5xx errors).
 const CRITICAL_LOG_PATTERN = /\b(out\s?of\s?memory|oom|outofmemory|heap (usage|exhaust)|memory leak|panic|fatal|deadlock|segfault|stack overflow|cannot allocate)\b/i;
-export async function detectAnomaliesHandler(registry, args, _ctx = defaultContext()) {
+export async function detectAnomaliesHandler(registry, args, ctx = defaultContext()) {
     const duration = args.duration || "10m";
     const threshold = SENSITIVITY_THRESHOLDS[args.sensitivity || "medium"] || 2.0;
-    // Discover services to scan
-    const metricsConnectors = registry.getBySignal("metrics");
-    const logConnectors = registry.getBySignal("logs");
+    // Discover services to scan — tenant-scoped.
+    const tenantConnectors = registry.getByTenant(ctx.tenant);
+    const metricsConnectors = tenantConnectors.filter((c) => c.signalType === "metrics");
+    const logConnectors = tenantConnectors.filter((c) => c.signalType === "logs");
     let serviceNames = [];
     if (args.service) {
         serviceNames = [args.service];

package/dist/tools/generate-postmortem.d.ts

@@ -0,0 +1,35 @@
+import type { ConnectorRegistry } from "../connectors/registry.js";
+import { type RequestContext } from "../context.js";
+export declare const generatePostmortemDefinition: {
+    name: "generate_postmortem";
+    description: string;
+    inputSchema: {
+        type: "object";
+        properties: {
+            service: {
+                type: string;
+                description: string;
+            };
+            duration: {
+                type: string;
+                description: string;
+            };
+            format: {
+                type: string;
+                description: string;
+            };
+        };
+        required: string[];
+    };
+};
+export declare function generatePostmortemHandler(registry: ConnectorRegistry, args: {
+    service: string;
+    duration?: string;
+    format?: string;
+}, ctx?: RequestContext): Promise<{
+    content: {
+        type: "text";
+        text: string;
+    }[];
+    isError: boolean;
+}>;

package/dist/tools/generate-postmortem.js

@@ -0,0 +1,191 @@
+// generate_postmortem — Phase F19a.
+//
+// Stitches together anomaly history (F15), trace summaries (F13),
+// and the topology blast-radius (existing get_blast_radius
+// machinery) into a single markdown post-mortem report.
+//
+// The synthesizer is pure compute (see ./../postmortem/synthesizer);
+// this handler is just the orchestration: pull each upstream
+// primitive in parallel, hand the result to the synthesizer.
+import { defaultContext } from "../context.js";
+import { validateDuration, validateServiceName, errorResponse } from "./validation.js";
+import { synthesizePostmortem, } from "../postmortem/synthesizer.js";
+export const generatePostmortemDefinition = {
+    name: "generate_postmortem",
+    description: [
+        "Stitch the gateway's primitives (anomaly history, blast-radius, traces, log highlights) into a single markdown post-mortem report for one service over a given window.",
+        "When to use: after an incident, when the operator or LLM wants 'one document the on-call can read in 60 seconds' instead of poking the individual tools.",
+        "Prerequisites: anomaly history requires OMCP_ANOMALY_HISTORY_REMOTE_WRITE configured AND a Prometheus source pointed at the same TSDB (see docs/anomaly-history.md). Traces require a Tempo / Jaeger source. Blast-radius requires a topology provider.",
+        "Behavior: read-only. Returns BOTH a structured JSON shape AND a markdown body suitable to paste straight into a ticket. Output is capped (timeline truncated to 20 rows in the markdown, 30 nodes in the blast radius table, 10 traces) — the structured shape carries the full data.",
+        "Related: `get_anomaly_history` for the raw scores; `query_traces` for individual traces; `get_blast_radius` for the topology.",
+    ].join(" "),
+    inputSchema: {
+        type: "object",
+        properties: {
+            service: { type: "string", description: "Suspected root-cause service (the operator's first guess)." },
+            duration: { type: "string", description: "Rolling window the incident took place in, e.g. '1h', '6h'. Default '1h'." },
+            format: { type: "string", description: "Output format: 'markdown' (default) or 'json'." },
+        },
+        required: ["service"],
+    },
+};
+export async function generatePostmortemHandler(registry, args, ctx = defaultContext()) {
+    const svcErr = validateServiceName(args.service);
+    if (svcErr)
+        return errorResponse(svcErr);
+    const duration = args.duration || "1h";
+    const durationErr = validateDuration(duration);
+    if (durationErr)
+        return errorResponse(durationErr);
+    const now = new Date();
+    const fromIso = new Date(now.getTime() - parseDurationMs(duration)).toISOString();
+    const toIso = now.toISOString();
+    // Parallel-fetch every upstream primitive. Each fetch swallows
+    // its own errors and returns an empty result — the post-mortem
+    // must always synthesise SOMETHING (even "no signal found").
+    const [anomalies, traces, blastRadius, logHighlights] = await Promise.all([
+        fetchAnomalies(registry, args.service, duration, ctx),
+        fetchTraces(registry, args.service, duration, ctx),
+        fetchBlastRadius(registry, args.service, ctx),
+        fetchLogHighlights(registry, args.service, duration, ctx),
+    ]);
+    const report = synthesizePostmortem({
+        service: args.service,
+        window: duration,
+        tenant: ctx.tenant || "default",
+        fromIso,
+        toIso,
+        anomalies,
+        blastRadius,
+        traces,
+        logHighlights,
+    });
+    if ((args.format || "markdown").toLowerCase() === "json") {
+        return {
+            content: [{ type: "text", text: JSON.stringify(report) }],
+            isError: false,
+        };
+    }
+    // Default: return the markdown body. The structured sections live
+    // in JSON if the caller asked for them.
+    return {
+        content: [{ type: "text", text: report.markdown }],
+        isError: false,
+    };
+}
+function parseDurationMs(d) {
+    const m = d.match(/^(\d+)([smhd])$/);
+    if (!m)
+        return 60 * 60 * 1000;
+    const n = parseInt(m[1], 10);
+    const unit = m[2];
+    return unit === "s" ? n * 1000
+        : unit === "m" ? n * 60_000
+            : unit === "h" ? n * 3_600_000
+                : n * 86_400_000;
+}
+async function fetchAnomalies(registry, service, duration, ctx) {
+    const metric = `omcp_anomaly_score{service="${escLabel(service)}"}`;
+    for (const c of registry.getByTenant(ctx.tenant).filter((x) => typeof x.queryMetrics === "function")) {
+        try {
+            const r = await c.queryMetrics({ service, metric, duration });
+            if (r && r.values && r.values.length > 0) {
+                return r.values.map((v) => ({
+                    ts: typeof v.timestamp === "number" ? new Date(v.timestamp).toISOString() : String(v.timestamp),
+                    service,
+                    score: typeof v.value === "number" ? v.value : Number(v.value) || 0,
+                    method: "mad",
+                    severity: "warn",
+                }));
+            }
+        }
+        catch {
+            /* fall through to next source */
+        }
+    }
+    return [];
+}
+async function fetchTraces(registry, service, duration, ctx) {
+    for (const c of registry.getByTenant(ctx.tenant).filter((x) => typeof x.queryTraces === "function")) {
+        try {
+            const r = await c.queryTraces({ service, duration, limit: 10 });
+            if (r && r.traces && r.traces.length > 0) {
+                return r.traces.map((t) => ({
+                    traceId: t.traceId,
+                    rootName: t.rootName,
+                    rootService: t.rootService,
+                    durationMs: t.durationMs,
+                    hasError: t.hasError,
+                }));
+            }
+        }
+        catch {
+            /* fall through */
+        }
+    }
+    return [];
+}
+async function fetchBlastRadius(registry, service, ctx) {
+    // We don't have a direct "give me blast radius for service X" helper at
+    // this layer — the existing get_blast_radius is a tool that takes a
+    // resource id. For the post-mortem we settle for the full topology
+    // snapshot of the caller's tenant and let the synthesizer mark the
+    // suspect-named node as root. Future F19b can plumb the real walker.
+    for (const c of registry.getByTenant(ctx.tenant)) {
+        if (typeof c.getTopologySnapshot !== "function")
+            continue;
+        try {
+            const snap = await c.getTopologySnapshot();
+            if (!snap?.resources?.length)
+                continue;
+            // Pick nodes whose name matches the suspected service (case-
+            // insensitive substring is conservative-enough for the
+            // synopsis; the real walker can be precise later).
+            const needle = service.toLowerCase();
+            const matching = snap.resources.filter((r) => r.name?.toLowerCase().includes(needle) ||
+                (r.labels && Object.values(r.labels).some((v) => String(v).toLowerCase() === needle)));
+            if (matching.length === 0)
+                continue;
+            const matchedIds = new Set(matching.map((r) => r.id));
+            const connected = snap.edges.filter((e) => matchedIds.has(e.from) || matchedIds.has(e.to));
+            const neighborIds = new Set([
+                ...matching.map((r) => r.id),
+                ...connected.map((e) => e.from),
+                ...connected.map((e) => e.to),
+            ]);
+            const nodes = snap.resources
+                .filter((r) => neighborIds.has(r.id))
+                .map((r) => ({
+                id: r.id,
+                kind: r.kind,
+                name: r.name,
+                root: matchedIds.has(r.id),
+            }));
+            return {
+                nodes,
+                edges: connected.map((e) => ({ from: e.from, to: e.to, relation: e.relation })),
+            };
+        }
+        catch {
+            /* fall through */
+        }
+    }
+    return { nodes: [], edges: [] };
+}
+async function fetchLogHighlights(registry, service, duration, ctx) {
+    for (const c of registry.getByTenant(ctx.tenant).filter((x) => typeof x.queryLogs === "function")) {
+        try {
+            const r = await c.queryLogs({ service, duration, limit: 5 });
+            if (r?.summary?.errorCount && r.summary.errorCount > 0) {
+                return [`${service}: ${r.summary.errorCount} error log line(s) in window (source: ${r.source}).`];
+            }
+        }
+        catch {
+            /* skip */
+        }
+    }
+    return [];
+}
+function escLabel(v) {
+    return v.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
+}

package/dist/tools/get-anomaly-history.d.ts

@@ -0,0 +1,35 @@
+import type { ConnectorRegistry } from "../connectors/registry.js";
+import { type RequestContext } from "../context.js";
+export declare const getAnomalyHistoryDefinition: {
+    name: "get_anomaly_history";
+    description: string;
+    inputSchema: {
+        type: "object";
+        properties: {
+            service: {
+                type: string;
+                description: string;
+            };
+            duration: {
+                type: string;
+                description: string;
+            };
+            method: {
+                type: string;
+                description: string;
+            };
+        };
+        required: string[];
+    };
+};
+export declare function getAnomalyHistoryHandler(registry: ConnectorRegistry, args: {
+    service: string;
+    duration?: string;
+    method?: string;
+}, ctx?: RequestContext): Promise<{
+    content: {
+        type: "text";
+        text: string;
+    }[];
+    isError: boolean;
+}>;

package/dist/tools/get-anomaly-history.js

@@ -0,0 +1,126 @@
+// get_anomaly_history — Phase F15.
+//
+// Reads anomaly scores previously written to the TSDB by the
+// AnomalyHistory writer. The tool is a thin convenience wrapper: it
+// builds the PromQL query `omcp_anomaly_score{service="..."}` and
+// dispatches via any Prometheus-shaped connector in the caller's
+// tenant.
+//
+// Operators wire the round-trip themselves (Prometheus scrapes the
+// same remote-write endpoint the writer pushes to) — the gateway
+// doesn't need a direct TSDB query path because it already speaks
+// PromQL via the Prometheus connector.
+import { defaultContext } from "../context.js";
+import { validateDuration, validateServiceName, errorResponse } from "./validation.js";
+export const getAnomalyHistoryDefinition = {
+    name: "get_anomaly_history",
+    description: [
+        "Replay historical anomaly scores for a service from the TSDB the gateway writes to (omcp_anomaly_score series).",
+        "When to use: post-mortem reconstruction (what did the gateway see at 03:42?), trend analysis on detector noise, or pulling context for the LLM when an incident is reviewed after the fact.",
+        "Prerequisites: the operator must have OMCP_ANOMALY_HISTORY_REMOTE_WRITE configured AND a Prometheus connector pointed at the same TSDB so the round-trip closes.",
+        "Behavior: read-only. Returns the time-series of scores with per-method/severity labels. Empty result means either no anomalies in the window or history is disabled.",
+        "Related: `detect_anomalies` for the live scores; `query_metrics` if you want to write the PromQL by hand.",
+    ].join(" "),
+    inputSchema: {
+        type: "object",
+        properties: {
+            service: { type: "string", description: "Service name to filter on." },
+            duration: { type: "string", description: "Rolling window (e.g. '1h', '24h'). Default '1h'." },
+            method: { type: "string", description: "Filter by detector method ('mad', 'seasonality', 'correlator'). Optional." },
+        },
+        required: ["service"],
+    },
+};
+export async function getAnomalyHistoryHandler(registry, args, ctx = defaultContext()) {
+    const svcErr = validateServiceName(args.service);
+    if (svcErr)
+        return errorResponse(svcErr);
+    const duration = args.duration || "1h";
+    const durationErr = validateDuration(duration);
+    if (durationErr)
+        return errorResponse(durationErr);
+    // Pick any metrics connector. The operator is expected to have
+    // their TSDB scraped by Prometheus, so any metric source can serve
+    // the query. We don't try to auto-detect "the right source" — the
+    // query is global by metric name.
+    const candidates = registry
+        .getByTenant(ctx.tenant)
+        .filter((c) => typeof c.queryMetrics === "function");
+    if (candidates.length === 0) {
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: JSON.stringify({
+                        error: "No metrics backend configured to query the TSDB. Configure a Prometheus source pointed at the same TSDB OMCP_ANOMALY_HISTORY_REMOTE_WRITE writes to.",
+                    }),
+                },
+            ],
+            isError: true,
+        };
+    }
+    // Build the PromQL. The recording metric `omcp_anomaly_score` is
+    // expected to exist; if the writer is disabled or never fired, the
+    // query just returns an empty series — that's a valid result.
+    const labelFilters = [`service="${escLabel(args.service)}"`];
+    if (args.method)
+        labelFilters.push(`method="${escLabel(args.method)}"`);
+    const metric = `omcp_anomaly_score{${labelFilters.join(",")}}`;
+    // Fan out across every metrics connector; first non-empty answer wins.
+    for (const c of candidates) {
+        if (!c.queryMetrics)
+            continue;
+        try {
+            const r = await c.queryMetrics({
+                service: args.service,
+                metric,
+                duration,
+            });
+            if (r && Array.isArray(r.values) && r.values.length > 0) {
+                return {
+                    content: [
+                        {
+                            type: "text",
+                            text: JSON.stringify({
+                                service: args.service,
+                                duration,
+                                method: args.method,
+                                source: r.source,
+                                values: r.values,
+                                summary: r.summary,
+                                metric,
+                            }),
+                        },
+                    ],
+                    isError: false,
+                };
+            }
+        }
+        catch (err) {
+            console.warn("get_anomaly_history: %s threw: %s", c.name, err instanceof Error ? err.message : String(err));
+        }
+    }
+    // No connector returned data — either the metric doesn't exist or
+    // there were no anomalies in the window. Both are useful answers.
+    return {
+        content: [
+            {
+                type: "text",
+                text: JSON.stringify({
+                    service: args.service,
+                    duration,
+                    method: args.method,
+                    values: [],
+                    summary: { count: 0 },
+                    metric,
+                    hint: "No anomaly history found. Either the window is clean, or OMCP_ANOMALY_HISTORY_REMOTE_WRITE was unset when the anomalies fired, or the configured Prometheus source isn't scraping the TSDB this writer pushes to.",
+                }),
+            },
+        ],
+        isError: false,
+    };
+}
+/** Escape a PromQL label value (backslash + double-quote). */
+function escLabel(v) {
+    return v.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
+}

package/dist/tools/get-service-health.d.ts

@@ -18,7 +18,7 @@ export declare const getServiceHealthDefinition: {
 };
 export declare function getServiceHealthHandler(registry: ConnectorRegistry, args: {
     service: string;
-}, _ctx?: RequestContext): Promise<{
+}, ctx?: RequestContext): Promise<{
     content: {
         type: "text";
         text: string;

package/dist/tools/get-service-health.js

@@ -20,9 +20,10 @@ export const getServiceHealthDefinition = {
         required: ["service"],
     },
 };
-export async function getServiceHealthHandler(registry, args, _ctx = defaultContext()) {
-    const metricsConnectors = registry.getBySignal("metrics");
-    const logConnectors = registry.getBySignal("logs");
+export async function getServiceHealthHandler(registry, args, ctx = defaultContext()) {
+    const tenantConnectors = registry.getByTenant(ctx.tenant);
+    const metricsConnectors = tenantConnectors.filter((c) => c.signalType === "metrics");
+    const logConnectors = tenantConnectors.filter((c) => c.signalType === "logs");
     // Gather metrics
     let cpu = 0, memory = 0, errorRate = 0, latencyP99 = 0;
     const anomalies = [];

package/dist/tools/list-services.d.ts

@@ -15,7 +15,7 @@ export declare const listServicesDefinition: {
 };
 export declare function listServicesHandler(registry: ConnectorRegistry, args: {
     filter?: string;
-}, _ctx?: RequestContext): Promise<{
+}, ctx?: RequestContext): Promise<{
     content: {
         type: "text";
         text: string;

package/dist/tools/list-services.js

@@ -12,8 +12,9 @@ export const listServicesDefinition = {
         },
     },
 };
-export async function listServicesHandler(registry, args, _ctx = defaultContext()) {
-    const connectors = registry.getAll();
+export async function listServicesHandler(registry, args, ctx = defaultContext()) {
+    // Tenant-scoped: only consult sources the caller can see.
+    const connectors = registry.getByTenant(ctx.tenant);
     const allServices = [];
     for (const connector of connectors) {
         try {

package/dist/tools/list-sources.d.ts

@@ -8,7 +8,7 @@ export declare const listSourcesDefinition: {
         properties: {};
     };
 };
-export declare function listSourcesHandler(registry: ConnectorRegistry, _ctx?: RequestContext): Promise<{
+export declare function listSourcesHandler(registry: ConnectorRegistry, ctx?: RequestContext): Promise<{
     content: {
         type: "text";
         text: string;

package/dist/tools/list-sources.js

@@ -7,9 +7,13 @@ export const listSourcesDefinition = {
         properties: {},
     },
 };
-export async function listSourcesHandler(registry, _ctx = defaultContext()) {
+export async function listSourcesHandler(registry, ctx = defaultContext()) {
     const healthResults = await registry.healthCheckAll();
-    const connectors = registry.getAll();
+    // Tenant-scoped: caller only sees sources tagged with their tenant
+    // plus untagged (global) sources. Pre-E7 deployments (no tenant
+    // labels on any source) behave identically — every source is
+    // global and visible to every tenant.
+    const connectors = registry.getByTenant(ctx.tenant);
     const sources = connectors.map((c) => ({
         name: c.name,
         type: c.type,

package/dist/tools/query-logs.d.ts

@@ -36,7 +36,7 @@ export declare function queryLogsHandler(registry: ConnectorRegistry, args: {
     duration?: string;
     level?: string;
     limit?: number;
-}, _ctx?: RequestContext): Promise<{
+}, ctx?: RequestContext): Promise<{
     content: {
         type: "text";
         text: string;

package/dist/tools/query-logs.js

@@ -30,7 +30,7 @@ export const queryLogsDefinition = {
         required: ["service"],
     },
 };
-export async function queryLogsHandler(registry, args, _ctx = defaultContext()) {
+export async function queryLogsHandler(registry, args, ctx = defaultContext()) {
     const svcErr = validateServiceName(args.service);
     if (svcErr)
         return errorResponse(svcErr);
@@ -38,7 +38,7 @@ export async function queryLogsHandler(registry, args, _ctx = defaultContext())
     const durationErr = validateDuration(duration);
     if (durationErr)
         return errorResponse(durationErr);
-    const connectors = registry.getBySignal("logs");
+    const connectors = registry.getByTenant(ctx.tenant).filter((c) => c.signalType === "logs");
     if (connectors.length === 0) {
         return {
             content: [

package/dist/tools/query-metrics.d.ts

@@ -36,7 +36,7 @@ export declare function queryMetricsHandler(registry: ConnectorRegistry, args: {
     duration?: string;
     source?: string;
     groupBy?: string;
-}, _ctx?: RequestContext): Promise<{
+}, ctx?: RequestContext): Promise<{
     content: {
         type: "text";
         text: string;