@thotischner/observability-mcp 1.8.1 → 3.0.0

package/dist/sdk/hooks.test.js

@@ -0,0 +1,159 @@
+import { test } from "node:test";
+import assert from "node:assert/strict";
+import { HookRegistry } from "./hooks.js";
+function ctx(target = "list_services") {
+    return {
+        principal: "alice",
+        tenant: "default",
+        kind: "tool_pre_invoke",
+        target,
+    };
+}
+test("HookRegistry.register: adds an entry with defaults applied", () => {
+    const r = new HookRegistry();
+    r.register({
+        pluginName: "p1",
+        kind: "tool_pre_invoke",
+        handler: () => ({ allow: true }),
+    });
+    const list = r.list("tool_pre_invoke");
+    assert.equal(list.length, 1);
+    assert.equal(list[0]?.priority, 100);
+    assert.equal(list[0]?.mode, "enforce");
+});
+test("HookRegistry.register: re-registering same (plugin,kind) replaces prior entry", () => {
+    const r = new HookRegistry();
+    r.register({ pluginName: "p", kind: "tool_pre_invoke", priority: 10, handler: () => ({ allow: true }) });
+    r.register({ pluginName: "p", kind: "tool_pre_invoke", priority: 20, handler: () => ({ allow: true }) });
+    const list = r.list("tool_pre_invoke");
+    assert.equal(list.length, 1);
+    assert.equal(list[0]?.priority, 20);
+});
+test("HookRegistry.list: orders by priority (lower runs first)", () => {
+    const r = new HookRegistry();
+    r.register({ pluginName: "a", kind: "tool_pre_invoke", priority: 50, handler: () => ({ allow: true }) });
+    r.register({ pluginName: "b", kind: "tool_pre_invoke", priority: 10, handler: () => ({ allow: true }) });
+    r.register({ pluginName: "c", kind: "tool_pre_invoke", priority: 99, handler: () => ({ allow: true }) });
+    const names = r.list("tool_pre_invoke").map((e) => e.pluginName);
+    assert.deepEqual(names, ["b", "a", "c"]);
+});
+test("HookRegistry.list: disabled hooks are filtered out", () => {
+    const r = new HookRegistry();
+    r.register({ pluginName: "a", kind: "tool_pre_invoke", handler: () => ({ allow: true }) });
+    r.register({ pluginName: "b", kind: "tool_pre_invoke", mode: "disabled", handler: () => ({ allow: true }) });
+    const names = r.list("tool_pre_invoke").map((e) => e.pluginName);
+    assert.deepEqual(names, ["a"]);
+});
+test("HookRegistry.unregisterPlugin: drops every entry for a plugin", () => {
+    const r = new HookRegistry();
+    r.register({ pluginName: "p", kind: "tool_pre_invoke", handler: () => ({ allow: true }) });
+    r.register({ pluginName: "p", kind: "tool_post_invoke", handler: () => ({ allow: true }) });
+    r.register({ pluginName: "q", kind: "tool_pre_invoke", handler: () => ({ allow: true }) });
+    const dropped = r.unregisterPlugin("p");
+    assert.equal(dropped, 2);
+    assert.equal(r.all().length, 1);
+    assert.equal(r.all()[0]?.pluginName, "q");
+});
+test("HookRegistry.fire: chains payload mutations and returns the final", async () => {
+    const r = new HookRegistry();
+    r.register({
+        pluginName: "a",
+        kind: "tool_pre_invoke",
+        priority: 10,
+        handler: (_c, p) => ({ allow: true, payload: { ...p, a: 1 } }),
+    });
+    r.register({
+        pluginName: "b",
+        kind: "tool_pre_invoke",
+        priority: 20,
+        handler: (_c, p) => ({ allow: true, payload: { ...p, b: 2 } }),
+    });
+    const result = await r.fire("tool_pre_invoke", ctx(), { initial: true });
+    assert.equal(result.allow, true);
+    assert.deepEqual(result.payload, { initial: true, a: 1, b: 2 });
+});
+test("HookRegistry.fire: first allow:false short-circuits subsequent hooks", async () => {
+    const r = new HookRegistry();
+    let sawSecond = false;
+    r.register({
+        pluginName: "a",
+        kind: "tool_pre_invoke",
+        priority: 10,
+        handler: () => ({ allow: false, reason: "denied by policy" }),
+    });
+    r.register({
+        pluginName: "b",
+        kind: "tool_pre_invoke",
+        priority: 20,
+        handler: () => {
+            sawSecond = true;
+            return { allow: true };
+        },
+    });
+    const result = await r.fire("tool_pre_invoke", ctx(), {});
+    assert.equal(result.allow, false);
+    assert.equal(result.reason, "denied by policy");
+    assert.equal(sawSecond, false);
+});
+test("HookRegistry.fire: enforce-mode throw blocks the chain", async () => {
+    const r = new HookRegistry();
+    let sawSecond = false;
+    r.register({
+        pluginName: "a",
+        kind: "tool_pre_invoke",
+        handler: () => {
+            throw new Error("boom");
+        },
+    });
+    r.register({
+        pluginName: "b",
+        kind: "tool_pre_invoke",
+        priority: 200,
+        handler: () => {
+            sawSecond = true;
+            return { allow: true };
+        },
+    });
+    const result = await r.fire("tool_pre_invoke", ctx(), {});
+    assert.equal(result.allow, false);
+    assert.match(result.reason ?? "", /boom/);
+    assert.equal(sawSecond, false);
+});
+test("HookRegistry.fire: permissive-mode throw is logged + chain continues with prior payload", async () => {
+    const r = new HookRegistry();
+    r.register({
+        pluginName: "a",
+        kind: "tool_pre_invoke",
+        priority: 10,
+        handler: (_c, p) => ({ allow: true, payload: { ...p, a: 1 } }),
+    });
+    r.register({
+        pluginName: "b",
+        kind: "tool_pre_invoke",
+        priority: 20,
+        mode: "permissive",
+        handler: () => {
+            throw new Error("intermittent failure");
+        },
+    });
+    r.register({
+        pluginName: "c",
+        kind: "tool_pre_invoke",
+        priority: 30,
+        handler: (_c, p) => ({ allow: true, payload: { ...p, c: 3 } }),
+    });
+    const logs = [];
+    const result = await r.fire("tool_pre_invoke", ctx(), {}, (lvl, m) => {
+        if (lvl === "warn")
+            logs.push(m);
+    });
+    assert.equal(result.allow, true);
+    assert.deepEqual(result.payload, { a: 1, c: 3 });
+    assert.equal(logs.length, 1);
+    assert.match(logs[0] ?? "", /b\/tool_pre_invoke/);
+});
+test("HookRegistry.fire: no hooks => allow with the initial payload", async () => {
+    const r = new HookRegistry();
+    const result = await r.fire("tool_pre_invoke", ctx(), { x: 1 });
+    assert.deepEqual(result, { allow: true, payload: { x: 1 } });
+});

package/dist/sdk/index.d.ts

@@ -1,6 +1,8 @@
 export type { ObservabilityConnector } from "../connectors/interface.js";
 export { manifestSchema } from "./manifest-schema.js";
 export type { ValidatedConnectorManifest } from "./manifest-schema.js";
+export { HookRegistry } from "./hooks.js";
+export type { HookKind, HookContext, HookPayload, HookResult, HookRegistration, } from "./hooks.js";
 export type { SignalType, SourceConfig, SourceAuth, SourceTls, ConnectorHealth, ServiceInfo, MetricInfo, MetricQuery, MetricResult, MetricSummary, DataPoint, LogQuery, LogResult, LogEntry, LogSummary, MetricDefinition, Resource, Edge, TopologySnapshot, TopologyChangeEvent, TopologyChangeListener, } from "../types.js";
 /**
  * Manifest shape declared in a plugin's `manifest.json`. The server

package/dist/sdk/index.js

@@ -11,3 +11,4 @@
 // against that package and an `observabilityMcp.compat.serverVersion`
 // constraint in their package.json (see docs/plugin-architecture.md).
 export { manifestSchema } from "./manifest-schema.js";
+export { HookRegistry } from "./hooks.js";

package/dist/sdk/manifest-schema.d.ts

@@ -25,5 +25,22 @@ export declare const manifestSchema: z.ZodObject<{
         serverVersion: z.ZodOptional<z.ZodString>;
     }, z.core.$strip>>;
     integrity: z.ZodOptional<z.ZodString>;
+    hooks: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        kind: z.ZodEnum<{
+            tool_pre_invoke: "tool_pre_invoke";
+            tool_post_invoke: "tool_post_invoke";
+            resource_pre_fetch: "resource_pre_fetch";
+            resource_post_fetch: "resource_post_fetch";
+            prompt_pre_fetch: "prompt_pre_fetch";
+            prompt_post_fetch: "prompt_post_fetch";
+        }>;
+        module: z.ZodString;
+        priority: z.ZodOptional<z.ZodNumber>;
+        mode: z.ZodOptional<z.ZodEnum<{
+            enforce: "enforce";
+            permissive: "permissive";
+            disabled: "disabled";
+        }>>;
+    }, z.core.$strip>>>;
 }, z.core.$strip>;
 export type ValidatedConnectorManifest = z.infer<typeof manifestSchema>;

package/dist/sdk/manifest-schema.js

@@ -44,4 +44,25 @@ export const manifestSchema = z.object({
         message: 'integrity must be "sha256-<base64>"',
     })
         .optional(),
+    // Lifecycle hooks the plugin wants to fire at. Each entry points to
+    // a module path INSIDE the plugin's bundled files. The loader
+    // resolves the module relative to the plugin root, imports its
+    // default export as the handler, and registers it on the gateway's
+    // HookRegistry. Hot-reloadable: install/upgrade of a plugin
+    // re-registers its hooks without restart.
+    hooks: z
+        .array(z.object({
+        kind: z.enum([
+            "tool_pre_invoke",
+            "tool_post_invoke",
+            "resource_pre_fetch",
+            "resource_post_fetch",
+            "prompt_pre_fetch",
+            "prompt_post_fetch",
+        ]),
+        module: z.string().min(1),
+        priority: z.number().int().optional(),
+        mode: z.enum(["enforce", "permissive", "disabled"]).optional(),
+    }))
+        .optional(),
 });

package/dist/tools/context-seam.test.js

@@ -15,7 +15,12 @@ describe("RequestContext seam", () => {
         if (!hasHandler)
             continue;
         it(`${file}: handler accepts a RequestContext`, () => {
-            assert.match(src, /_ctx:\s*RequestContext/, `${file} exports a *Handler but does not thread RequestContext — ` +
+            // Accept both the read-and-use form (`ctx: RequestContext`) and
+            // the historic placeholder form (`_ctx: RequestContext`) — the
+            // seam is the same; the underscore was only there to silence
+            // unused-param lints. Handlers that actually consume the ctx
+            // (tenant-aware tools, post-E7) drop it.
+            assert.match(src, /\b_?ctx:\s*RequestContext/, `${file} exports a *Handler but does not thread RequestContext — ` +
                 `add the ctx seam (see context.ts)`);
             assert.match(src, /from "\.\.\/context\.js"/, `${file} must import from ../context.js`);
         });

package/dist/tools/detect-anomalies.d.ts

@@ -26,7 +26,7 @@ export declare function detectAnomaliesHandler(registry: ConnectorRegistry, args
     service?: string;
     duration?: string;
     sensitivity?: string;
-}, _ctx?: RequestContext): Promise<{
+}, ctx?: RequestContext): Promise<{
     content: {
         type: "text";
         text: string;

package/dist/tools/detect-anomalies.js

@@ -33,12 +33,13 @@ const KEY_METRICS = ["cpu", "memory", "error_rate", "latency_p99", "request_rate
 // the overall error ratio is low (e.g. a memory leak emits a handful of
 // "OutOfMemoryWarning" lines long before it turns into 5xx errors).
 const CRITICAL_LOG_PATTERN = /\b(out\s?of\s?memory|oom|outofmemory|heap (usage|exhaust)|memory leak|panic|fatal|deadlock|segfault|stack overflow|cannot allocate)\b/i;
-export async function detectAnomaliesHandler(registry, args, _ctx = defaultContext()) {
+export async function detectAnomaliesHandler(registry, args, ctx = defaultContext()) {
     const duration = args.duration || "10m";
     const threshold = SENSITIVITY_THRESHOLDS[args.sensitivity || "medium"] || 2.0;
-    // Discover services to scan
-    const metricsConnectors = registry.getBySignal("metrics");
-    const logConnectors = registry.getBySignal("logs");
+    // Discover services to scan — tenant-scoped.
+    const tenantConnectors = registry.getByTenant(ctx.tenant);
+    const metricsConnectors = tenantConnectors.filter((c) => c.signalType === "metrics");
+    const logConnectors = tenantConnectors.filter((c) => c.signalType === "logs");
     let serviceNames = [];
     if (args.service) {
         serviceNames = [args.service];

package/dist/tools/generate-postmortem.d.ts

@@ -0,0 +1,35 @@
+import type { ConnectorRegistry } from "../connectors/registry.js";
+import { type RequestContext } from "../context.js";
+export declare const generatePostmortemDefinition: {
+    name: "generate_postmortem";
+    description: string;
+    inputSchema: {
+        type: "object";
+        properties: {
+            service: {
+                type: string;
+                description: string;
+            };
+            duration: {
+                type: string;
+                description: string;
+            };
+            format: {
+                type: string;
+                description: string;
+            };
+        };
+        required: string[];
+    };
+};
+export declare function generatePostmortemHandler(registry: ConnectorRegistry, args: {
+    service: string;
+    duration?: string;
+    format?: string;
+}, ctx?: RequestContext): Promise<{
+    content: {
+        type: "text";
+        text: string;
+    }[];
+    isError: boolean;
+}>;

package/dist/tools/generate-postmortem.js

@@ -0,0 +1,191 @@
+// generate_postmortem — Phase F19a.
+//
+// Stitches together anomaly history (F15), trace summaries (F13),
+// and the topology blast-radius (existing get_blast_radius
+// machinery) into a single markdown post-mortem report.
+//
+// The synthesizer is pure compute (see ./../postmortem/synthesizer);
+// this handler is just the orchestration: pull each upstream
+// primitive in parallel, hand the result to the synthesizer.
+import { defaultContext } from "../context.js";
+import { validateDuration, validateServiceName, errorResponse } from "./validation.js";
+import { synthesizePostmortem, } from "../postmortem/synthesizer.js";
+export const generatePostmortemDefinition = {
+    name: "generate_postmortem",
+    description: [
+        "Stitch the gateway's primitives (anomaly history, blast-radius, traces, log highlights) into a single markdown post-mortem report for one service over a given window.",
+        "When to use: after an incident, when the operator or LLM wants 'one document the on-call can read in 60 seconds' instead of poking the individual tools.",
+        "Prerequisites: anomaly history requires OMCP_ANOMALY_HISTORY_REMOTE_WRITE configured AND a Prometheus source pointed at the same TSDB (see docs/anomaly-history.md). Traces require a Tempo / Jaeger source. Blast-radius requires a topology provider.",
+        "Behavior: read-only. Returns BOTH a structured JSON shape AND a markdown body suitable to paste straight into a ticket. Output is capped (timeline truncated to 20 rows in the markdown, 30 nodes in the blast radius table, 10 traces) — the structured shape carries the full data.",
+        "Related: `get_anomaly_history` for the raw scores; `query_traces` for individual traces; `get_blast_radius` for the topology.",
+    ].join(" "),
+    inputSchema: {
+        type: "object",
+        properties: {
+            service: { type: "string", description: "Suspected root-cause service (the operator's first guess)." },
+            duration: { type: "string", description: "Rolling window the incident took place in, e.g. '1h', '6h'. Default '1h'." },
+            format: { type: "string", description: "Output format: 'markdown' (default) or 'json'." },
+        },
+        required: ["service"],
+    },
+};
+export async function generatePostmortemHandler(registry, args, ctx = defaultContext()) {
+    const svcErr = validateServiceName(args.service);
+    if (svcErr)
+        return errorResponse(svcErr);
+    const duration = args.duration || "1h";
+    const durationErr = validateDuration(duration);
+    if (durationErr)
+        return errorResponse(durationErr);
+    const now = new Date();
+    const fromIso = new Date(now.getTime() - parseDurationMs(duration)).toISOString();
+    const toIso = now.toISOString();
+    // Parallel-fetch every upstream primitive. Each fetch swallows
+    // its own errors and returns an empty result — the post-mortem
+    // must always synthesise SOMETHING (even "no signal found").
+    const [anomalies, traces, blastRadius, logHighlights] = await Promise.all([
+        fetchAnomalies(registry, args.service, duration, ctx),
+        fetchTraces(registry, args.service, duration, ctx),
+        fetchBlastRadius(registry, args.service, ctx),
+        fetchLogHighlights(registry, args.service, duration, ctx),
+    ]);
+    const report = synthesizePostmortem({
+        service: args.service,
+        window: duration,
+        tenant: ctx.tenant || "default",
+        fromIso,
+        toIso,
+        anomalies,
+        blastRadius,
+        traces,
+        logHighlights,
+    });
+    if ((args.format || "markdown").toLowerCase() === "json") {
+        return {
+            content: [{ type: "text", text: JSON.stringify(report) }],
+            isError: false,
+        };
+    }
+    // Default: return the markdown body. The structured sections live
+    // in JSON if the caller asked for them.
+    return {
+        content: [{ type: "text", text: report.markdown }],
+        isError: false,
+    };
+}
+function parseDurationMs(d) {
+    const m = d.match(/^(\d+)([smhd])$/);
+    if (!m)
+        return 60 * 60 * 1000;
+    const n = parseInt(m[1], 10);
+    const unit = m[2];
+    return unit === "s" ? n * 1000
+        : unit === "m" ? n * 60_000
+            : unit === "h" ? n * 3_600_000
+                : n * 86_400_000;
+}
+async function fetchAnomalies(registry, service, duration, ctx) {
+    const metric = `omcp_anomaly_score{service="${escLabel(service)}"}`;
+    for (const c of registry.getByTenant(ctx.tenant).filter((x) => typeof x.queryMetrics === "function")) {
+        try {
+            const r = await c.queryMetrics({ service, metric, duration });
+            if (r && r.values && r.values.length > 0) {
+                return r.values.map((v) => ({
+                    ts: typeof v.timestamp === "number" ? new Date(v.timestamp).toISOString() : String(v.timestamp),
+                    service,
+                    score: typeof v.value === "number" ? v.value : Number(v.value) || 0,
+                    method: "mad",
+                    severity: "warn",
+                }));
+            }
+        }
+        catch {
+            /* fall through to next source */
+        }
+    }
+    return [];
+}
+async function fetchTraces(registry, service, duration, ctx) {
+    for (const c of registry.getByTenant(ctx.tenant).filter((x) => typeof x.queryTraces === "function")) {
+        try {
+            const r = await c.queryTraces({ service, duration, limit: 10 });
+            if (r && r.traces && r.traces.length > 0) {
+                return r.traces.map((t) => ({
+                    traceId: t.traceId,
+                    rootName: t.rootName,
+                    rootService: t.rootService,
+                    durationMs: t.durationMs,
+                    hasError: t.hasError,
+                }));
+            }
+        }
+        catch {
+            /* fall through */
+        }
+    }
+    return [];
+}
+async function fetchBlastRadius(registry, service, ctx) {
+    // We don't have a direct "give me blast radius for service X" helper at
+    // this layer — the existing get_blast_radius is a tool that takes a
+    // resource id. For the post-mortem we settle for the full topology
+    // snapshot of the caller's tenant and let the synthesizer mark the
+    // suspect-named node as root. Future F19b can plumb the real walker.
+    for (const c of registry.getByTenant(ctx.tenant)) {
+        if (typeof c.getTopologySnapshot !== "function")
+            continue;
+        try {
+            const snap = await c.getTopologySnapshot();
+            if (!snap?.resources?.length)
+                continue;
+            // Pick nodes whose name matches the suspected service (case-
+            // insensitive substring is conservative-enough for the
+            // synopsis; the real walker can be precise later).
+            const needle = service.toLowerCase();
+            const matching = snap.resources.filter((r) => r.name?.toLowerCase().includes(needle) ||
+                (r.labels && Object.values(r.labels).some((v) => String(v).toLowerCase() === needle)));
+            if (matching.length === 0)
+                continue;
+            const matchedIds = new Set(matching.map((r) => r.id));
+            const connected = snap.edges.filter((e) => matchedIds.has(e.from) || matchedIds.has(e.to));
+            const neighborIds = new Set([
+                ...matching.map((r) => r.id),
+                ...connected.map((e) => e.from),
+                ...connected.map((e) => e.to),
+            ]);
+            const nodes = snap.resources
+                .filter((r) => neighborIds.has(r.id))
+                .map((r) => ({
+                id: r.id,
+                kind: r.kind,
+                name: r.name,
+                root: matchedIds.has(r.id),
+            }));
+            return {
+                nodes,
+                edges: connected.map((e) => ({ from: e.from, to: e.to, relation: e.relation })),
+            };
+        }
+        catch {
+            /* fall through */
+        }
+    }
+    return { nodes: [], edges: [] };
+}
+async function fetchLogHighlights(registry, service, duration, ctx) {
+    for (const c of registry.getByTenant(ctx.tenant).filter((x) => typeof x.queryLogs === "function")) {
+        try {
+            const r = await c.queryLogs({ service, duration, limit: 5 });
+            if (r?.summary?.errorCount && r.summary.errorCount > 0) {
+                return [`${service}: ${r.summary.errorCount} error log line(s) in window (source: ${r.source}).`];
+            }
+        }
+        catch {
+            /* skip */
+        }
+    }
+    return [];
+}
+function escLabel(v) {
+    return v.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
+}

package/dist/tools/get-anomaly-history.d.ts

@@ -0,0 +1,35 @@
+import type { ConnectorRegistry } from "../connectors/registry.js";
+import { type RequestContext } from "../context.js";
+export declare const getAnomalyHistoryDefinition: {
+    name: "get_anomaly_history";
+    description: string;
+    inputSchema: {
+        type: "object";
+        properties: {
+            service: {
+                type: string;
+                description: string;
+            };
+            duration: {
+                type: string;
+                description: string;
+            };
+            method: {
+                type: string;
+                description: string;
+            };
+        };
+        required: string[];
+    };
+};
+export declare function getAnomalyHistoryHandler(registry: ConnectorRegistry, args: {
+    service: string;
+    duration?: string;
+    method?: string;
+}, ctx?: RequestContext): Promise<{
+    content: {
+        type: "text";
+        text: string;
+    }[];
+    isError: boolean;
+}>;

package/dist/tools/get-anomaly-history.js

@@ -0,0 +1,126 @@
+// get_anomaly_history — Phase F15.
+//
+// Reads anomaly scores previously written to the TSDB by the
+// AnomalyHistory writer. The tool is a thin convenience wrapper: it
+// builds the PromQL query `omcp_anomaly_score{service="..."}` and
+// dispatches via any Prometheus-shaped connector in the caller's
+// tenant.
+//
+// Operators wire the round-trip themselves (Prometheus scrapes the
+// same remote-write endpoint the writer pushes to) — the gateway
+// doesn't need a direct TSDB query path because it already speaks
+// PromQL via the Prometheus connector.
+import { defaultContext } from "../context.js";
+import { validateDuration, validateServiceName, errorResponse } from "./validation.js";
+export const getAnomalyHistoryDefinition = {
+    name: "get_anomaly_history",
+    description: [
+        "Replay historical anomaly scores for a service from the TSDB the gateway writes to (omcp_anomaly_score series).",
+        "When to use: post-mortem reconstruction (what did the gateway see at 03:42?), trend analysis on detector noise, or pulling context for the LLM when an incident is reviewed after the fact.",
+        "Prerequisites: the operator must have OMCP_ANOMALY_HISTORY_REMOTE_WRITE configured AND a Prometheus connector pointed at the same TSDB so the round-trip closes.",
+        "Behavior: read-only. Returns the time-series of scores with per-method/severity labels. Empty result means either no anomalies in the window or history is disabled.",
+        "Related: `detect_anomalies` for the live scores; `query_metrics` if you want to write the PromQL by hand.",
+    ].join(" "),
+    inputSchema: {
+        type: "object",
+        properties: {
+            service: { type: "string", description: "Service name to filter on." },
+            duration: { type: "string", description: "Rolling window (e.g. '1h', '24h'). Default '1h'." },
+            method: { type: "string", description: "Filter by detector method ('mad', 'seasonality', 'correlator'). Optional." },
+        },
+        required: ["service"],
+    },
+};
+export async function getAnomalyHistoryHandler(registry, args, ctx = defaultContext()) {
+    const svcErr = validateServiceName(args.service);
+    if (svcErr)
+        return errorResponse(svcErr);
+    const duration = args.duration || "1h";
+    const durationErr = validateDuration(duration);
+    if (durationErr)
+        return errorResponse(durationErr);
+    // Pick any metrics connector. The operator is expected to have
+    // their TSDB scraped by Prometheus, so any metric source can serve
+    // the query. We don't try to auto-detect "the right source" — the
+    // query is global by metric name.
+    const candidates = registry
+        .getByTenant(ctx.tenant)
+        .filter((c) => typeof c.queryMetrics === "function");
+    if (candidates.length === 0) {
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: JSON.stringify({
+                        error: "No metrics backend configured to query the TSDB. Configure a Prometheus source pointed at the same TSDB OMCP_ANOMALY_HISTORY_REMOTE_WRITE writes to.",
+                    }),
+                },
+            ],
+            isError: true,
+        };
+    }
+    // Build the PromQL. The recording metric `omcp_anomaly_score` is
+    // expected to exist; if the writer is disabled or never fired, the
+    // query just returns an empty series — that's a valid result.
+    const labelFilters = [`service="${escLabel(args.service)}"`];
+    if (args.method)
+        labelFilters.push(`method="${escLabel(args.method)}"`);
+    const metric = `omcp_anomaly_score{${labelFilters.join(",")}}`;
+    // Fan out across every metrics connector; first non-empty answer wins.
+    for (const c of candidates) {
+        if (!c.queryMetrics)
+            continue;
+        try {
+            const r = await c.queryMetrics({
+                service: args.service,
+                metric,
+                duration,
+            });
+            if (r && Array.isArray(r.values) && r.values.length > 0) {
+                return {
+                    content: [
+                        {
+                            type: "text",
+                            text: JSON.stringify({
+                                service: args.service,
+                                duration,
+                                method: args.method,
+                                source: r.source,
+                                values: r.values,
+                                summary: r.summary,
+                                metric,
+                            }),
+                        },
+                    ],
+                    isError: false,
+                };
+            }
+        }
+        catch (err) {
+            console.warn("get_anomaly_history: %s threw: %s", c.name, err instanceof Error ? err.message : String(err));
+        }
+    }
+    // No connector returned data — either the metric doesn't exist or
+    // there were no anomalies in the window. Both are useful answers.
+    return {
+        content: [
+            {
+                type: "text",
+                text: JSON.stringify({
+                    service: args.service,
+                    duration,
+                    method: args.method,
+                    values: [],
+                    summary: { count: 0 },
+                    metric,
+                    hint: "No anomaly history found. Either the window is clean, or OMCP_ANOMALY_HISTORY_REMOTE_WRITE was unset when the anomalies fired, or the configured Prometheus source isn't scraping the TSDB this writer pushes to.",
+                }),
+            },
+        ],
+        isError: false,
+    };
+}
+/** Escape a PromQL label value (backslash + double-quote). */
+function escLabel(v) {
+    return v.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
+}

package/dist/tools/get-service-health.d.ts

@@ -18,7 +18,7 @@ export declare const getServiceHealthDefinition: {
 };
 export declare function getServiceHealthHandler(registry: ConnectorRegistry, args: {
     service: string;
-}, _ctx?: RequestContext): Promise<{
+}, ctx?: RequestContext): Promise<{
     content: {
         type: "text";
         text: string;