@thotischner/observability-mcp 1.8.1 → 3.0.0

package/dist/conformance/mcp-2025-11-25.test.js

@@ -0,0 +1,206 @@
+// MCP 2025-11-25 conformance harness.
+//
+// Run against a running gateway by setting OMCP_CONFORMANCE_URL to
+// its Streamable HTTP endpoint (default http://localhost:3000/mcp).
+// When the env var is unset, every test skips — this lets the suite
+// live in `find src -name "*.test.ts"` without requiring a server
+// during a plain unit-test run.
+//
+//   OMCP_CONFORMANCE_URL=http://localhost:3000/mcp \
+//   npx tsx --test src/conformance/mcp-2025-11-25.test.ts
+//
+// The `make conformance` target boots the demo stack, waits for
+// /healthz, then runs this file with the URL pointed at the live
+// server.
+import { test } from "node:test";
+import assert from "node:assert/strict";
+const URL_ENV = process.env.OMCP_CONFORMANCE_URL;
+const PROTOCOL_VERSION = "2025-11-25";
+const skip = !URL_ENV;
+const opts = skip ? { skip: "OMCP_CONFORMANCE_URL not set" } : {};
+async function jsonRpc(method, params, opts = {}) {
+    if (!URL_ENV)
+        throw new Error("OMCP_CONFORMANCE_URL not set");
+    const reqHeaders = {
+        "content-type": "application/json",
+        accept: "application/json, text/event-stream",
+    };
+    if (opts.session)
+        reqHeaders["mcp-session-id"] = opts.session;
+    const body = {
+        jsonrpc: "2.0",
+        id: opts.id ?? 1,
+        method,
+        params: params ?? {},
+    };
+    const res = await fetch(URL_ENV, {
+        method: "POST",
+        headers: reqHeaders,
+        body: JSON.stringify(body),
+    });
+    const headers = {};
+    res.headers.forEach((v, k) => {
+        headers[k] = v;
+    });
+    // Streamable HTTP may answer with either JSON or SSE; both carry a
+    // single JSON-RPC envelope for unary calls. Strip the SSE framing
+    // if present so the test only deals with the JSON shape.
+    const text = await res.text();
+    let response;
+    if (text.startsWith("event:") || text.includes("data: ")) {
+        const match = text.match(/^data:\s*(.+)$/m);
+        response = match ? JSON.parse(match[1]) : {};
+    }
+    else if (text.trim().startsWith("{")) {
+        response = JSON.parse(text);
+    }
+    else {
+        response = {};
+    }
+    return { response, headers, status: res.status };
+}
+async function notify(method, session) {
+    if (!URL_ENV)
+        return;
+    await fetch(URL_ENV, {
+        method: "POST",
+        headers: {
+            "content-type": "application/json",
+            accept: "application/json, text/event-stream",
+            "mcp-session-id": session,
+        },
+        body: JSON.stringify({ jsonrpc: "2.0", method, params: {} }),
+    });
+}
+async function newSession() {
+    const { headers, response } = await jsonRpc("initialize", {
+        protocolVersion: PROTOCOL_VERSION,
+        capabilities: {},
+        clientInfo: { name: "conformance-harness", version: "0" },
+    }, { id: 1 });
+    assert.ok(response.result, "initialize must return a result");
+    const session = headers["mcp-session-id"];
+    assert.ok(session, "server must issue mcp-session-id on initialize");
+    await notify("notifications/initialized", session);
+    return session;
+}
+test("MCP 2025-11-25: initialize returns spec-compliant InitializeResult", opts, async () => {
+    const { response, headers } = await jsonRpc("initialize", {
+        protocolVersion: PROTOCOL_VERSION,
+        capabilities: {},
+        clientInfo: { name: "harness", version: "0" },
+    });
+    assert.equal(response.jsonrpc, "2.0");
+    assert.equal(response.id, 1);
+    assert.ok(response.result && typeof response.result === "object");
+    const r = response.result;
+    assert.ok(r.protocolVersion, "InitializeResult must include protocolVersion");
+    assert.ok(r.capabilities && typeof r.capabilities === "object", "capabilities object required");
+    assert.ok(r.serverInfo && typeof r.serverInfo === "object", "serverInfo required");
+    assert.ok(r.serverInfo?.name, "serverInfo.name required");
+    assert.ok(r.serverInfo?.version, "serverInfo.version required");
+    assert.ok(headers["mcp-session-id"], "Mcp-Session-Id header required on initialize response");
+});
+test("MCP 2025-11-25: tools/list returns a Tool[] each with name + inputSchema", opts, async () => {
+    const session = await newSession();
+    const { response } = await jsonRpc("tools/list", {}, { id: 2, session });
+    assert.ok(response.result, JSON.stringify(response.error ?? {}));
+    const r = response.result;
+    assert.ok(Array.isArray(r.tools), "tools must be an array");
+    assert.ok(r.tools && r.tools.length > 0, "gateway must expose at least one tool");
+    for (const t of r.tools) {
+        assert.ok(t.name && typeof t.name === "string", `tool name required, got ${JSON.stringify(t)}`);
+        assert.ok(t.inputSchema && typeof t.inputSchema === "object", `tool ${t.name} missing inputSchema`);
+    }
+});
+test("MCP 2025-11-25: tools/call dispatches and returns CallToolResult", opts, async () => {
+    const session = await newSession();
+    const { response } = await jsonRpc("tools/call", { name: "list_sources", arguments: {} }, { id: 3, session });
+    // Either a result (success path) or a JSON-RPC error — both are
+    // spec-compliant; we just verify shape.
+    if (response.error) {
+        assert.equal(typeof response.error.code, "number");
+        assert.equal(typeof response.error.message, "string");
+    }
+    else {
+        const r = response.result;
+        assert.ok(Array.isArray(r.content), "CallToolResult.content must be an array");
+    }
+});
+test("MCP 2025-11-25: unknown method returns -32601 Method not found", opts, async () => {
+    const session = await newSession();
+    const { response } = await jsonRpc("this/method/does/not/exist", {}, { id: 99, session });
+    assert.ok(response.error, "expected an error envelope");
+    assert.equal(response.error?.code, -32601, "spec-mandated error code for unknown method");
+});
+test("MCP 2025-11-25: ping returns an empty result", opts, async () => {
+    const session = await newSession();
+    const { response } = await jsonRpc("ping", {}, { id: 4, session });
+    assert.ok(response.result !== undefined, "ping must return a result (may be empty object)");
+});
+test("MCP 2025-11-25: resources/list returns Resource[] or method-not-found", opts, async () => {
+    const session = await newSession();
+    const { response } = await jsonRpc("resources/list", {}, { id: 5, session });
+    if (response.error) {
+        assert.equal(response.error.code, -32601, "if not supported, must be -32601");
+    }
+    else {
+        const r = response.result;
+        assert.ok(Array.isArray(r.resources), "resources must be an array");
+    }
+});
+test("MCP 2025-11-25: prompts/list returns Prompt[] or method-not-found", opts, async () => {
+    const session = await newSession();
+    const { response } = await jsonRpc("prompts/list", {}, { id: 6, session });
+    if (response.error) {
+        assert.equal(response.error.code, -32601, "if not supported, must be -32601");
+    }
+    else {
+        const r = response.result;
+        assert.ok(Array.isArray(r.prompts), "prompts must be an array");
+    }
+});
+test("MCP 2025-11-25: logging/setLevel accepts spec levels or method-not-found", opts, async () => {
+    const session = await newSession();
+    const { response } = await jsonRpc("logging/setLevel", { level: "info" }, { id: 7, session });
+    if (response.error) {
+        assert.equal(response.error.code, -32601, "if not supported, must be -32601");
+    }
+    else {
+        // Spec says the result is `EmptyResult` — we don't enforce
+        // strictly empty (some implementations include diagnostics) but
+        // it must be a JSON object.
+        assert.ok(typeof response.result === "object");
+    }
+});
+test("MCP 2025-11-25: tools/call with invalid params returns -32602 or isError result", opts, async () => {
+    const session = await newSession();
+    const { response } = await jsonRpc("tools/call", { name: "list_sources", arguments: { __invalid_arg: { nested: 1 } } }, { id: 8, session });
+    // The spec allows either a JSON-RPC error or an isError CallToolResult.
+    // We accept either; reject only on a successful non-error result for
+    // input that should not validate.
+    if (response.error) {
+        assert.ok([-32602, -32600].includes(response.error.code) || response.error.code <= -32000);
+    }
+    else {
+        const r = response.result;
+        // list_sources happens to ignore unknown args — that's fine, the
+        // spec doesn't require strict input rejection for tools that opt
+        // out. Just confirm we got a shape-conformant CallToolResult.
+        assert.ok(Array.isArray(r.content));
+    }
+});
+test("MCP 2025-11-25: server advertises protocolVersion equal to or newer than 2025-11-25", opts, async () => {
+    const { response } = await jsonRpc("initialize", {
+        protocolVersion: PROTOCOL_VERSION,
+        capabilities: {},
+        clientInfo: { name: "harness", version: "0" },
+    }, { id: 100 });
+    const r = response.result;
+    assert.ok(r.protocolVersion, "protocolVersion must be present in InitializeResult");
+    // Spec contract: the server picks the highest version it supports
+    // that the client also offered, OR returns the highest it knows
+    // about and lets the client decide. We just require it's a
+    // recognised date-style version string.
+    assert.match(r.protocolVersion, /^\d{4}-\d{2}-\d{2}$/, "protocolVersion must be a YYYY-MM-DD date");
+});

package/dist/connectors/interface.d.ts

@@ -1,4 +1,4 @@
-import type { SignalType, ConnectorHealth, ServiceInfo, MetricInfo, MetricQuery, MetricResult, LogQuery, LogResult, SourceConfig, MetricDefinition, Resource, Edge, TopologySnapshot, TopologyChangeListener } from "../types.js";
+import type { SignalType, ConnectorHealth, ServiceInfo, MetricInfo, MetricQuery, MetricResult, LogQuery, LogResult, TraceQuery, TraceResult, SourceConfig, MetricDefinition, Resource, Edge, TopologySnapshot, TopologyChangeListener } from "../types.js";
 export interface ObservabilityConnector {
     readonly name: string;
     readonly type: string;
@@ -14,6 +14,10 @@ export interface ObservabilityConnector {
     listAvailableMetrics?(service: string): Promise<MetricInfo[]>;
     queryMetrics?(params: MetricQuery): Promise<MetricResult>;
     queryLogs?(params: LogQuery): Promise<LogResult>;
+    /** Optional traces capability — Tempo / Jaeger / OTLP backends
+     *  implement this. The MCP `query_traces` tool fans out to every
+     *  connector that has it. */
+    queryTraces?(params: TraceQuery): Promise<TraceResult>;
     /** Current in-memory resource list. Should be O(1) — backed by the watch cache. */
     listResources?(): Promise<Resource[]>;
     /** Current in-memory edge list. Should be O(1) — backed by the watch cache. */

package/dist/connectors/loader.js

@@ -23,9 +23,11 @@ export class PluginLoader {
     pluginsDir;
     disabled;
     // Fail-closed verification for filesystem plugins. Builtins are part
-    // of the trusted image and are never gated. Default off so existing
-    // deployments are unchanged; recommended on in prod/airgapped (the
-    // Helm chart sets it).
+    // of the trusted image and are never gated. Default ON — operators
+    // who want to load unsigned filesystem plugins must opt out with
+    // VERIFY_PLUGINS=false. Without a trust root configured, no
+    // filesystem plugins load (only builtins), so the demo and any
+    // deployment without /app/plugins is unaffected.
     verify;
     trustRootPath;
     trustRoot;
@@ -39,7 +41,7 @@ export class PluginLoader {
             .map((s) => s.trim())
             .filter(Boolean);
         this.disabled = new Set([...(opts.disabled ?? []), ...envDisabled]);
-        this.verify = opts.verify ?? /^(1|true|yes)$/i.test(process.env.VERIFY_PLUGINS ?? "");
+        this.verify = opts.verify ?? !/^(0|false|no|off)$/i.test(process.env.VERIFY_PLUGINS ?? "true");
         this.trustRootPath = opts.trustRoot ?? process.env.PLUGIN_TRUST_ROOT;
     }
     async load() {

package/dist/connectors/loader.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/connectors/loader.test.js

@@ -0,0 +1,78 @@
+import { test } from "node:test";
+import assert from "node:assert/strict";
+import { mkdtempSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { PluginLoader } from "./loader.js";
+function tmp() {
+    return mkdtempSync(join(tmpdir(), "loader-default-"));
+}
+function withEnv(overrides, fn) {
+    const saved = {};
+    for (const k of Object.keys(overrides)) {
+        saved[k] = process.env[k];
+        if (overrides[k] === undefined)
+            delete process.env[k];
+        else
+            process.env[k] = overrides[k];
+    }
+    try {
+        fn();
+    }
+    finally {
+        for (const k of Object.keys(saved)) {
+            if (saved[k] === undefined)
+                delete process.env[k];
+            else
+                process.env[k] = saved[k];
+        }
+    }
+}
+test("PluginLoader: VERIFY_PLUGINS defaults to ON when env var unset", () => {
+    withEnv({ VERIFY_PLUGINS: undefined, PLUGIN_TRUST_ROOT: undefined }, () => {
+        const loader = new PluginLoader({ pluginsDir: tmp() });
+        assert.equal(loader["verify"], true, "verify default should be true (fail-closed)");
+    });
+});
+test("PluginLoader: VERIFY_PLUGINS=false opts out explicitly", () => {
+    withEnv({ VERIFY_PLUGINS: "false" }, () => {
+        const loader = new PluginLoader({ pluginsDir: tmp() });
+        assert.equal(loader["verify"], false);
+    });
+});
+test("PluginLoader: VERIFY_PLUGINS=0 / no / off also opt out", () => {
+    for (const v of ["0", "no", "off", "FALSE", "Off"]) {
+        withEnv({ VERIFY_PLUGINS: v }, () => {
+            const loader = new PluginLoader({ pluginsDir: tmp() });
+            assert.equal(loader["verify"], false, `value ${v} should disable verify`);
+        });
+    }
+});
+test("PluginLoader: VERIFY_PLUGINS=true / 1 / yes keep verify on", () => {
+    for (const v of ["true", "1", "yes", "TRUE", "Yes"]) {
+        withEnv({ VERIFY_PLUGINS: v }, () => {
+            const loader = new PluginLoader({ pluginsDir: tmp() });
+            assert.equal(loader["verify"], true);
+        });
+    }
+});
+test("PluginLoader: opts.verify overrides env var", () => {
+    withEnv({ VERIFY_PLUGINS: "false" }, () => {
+        const onLoader = new PluginLoader({ pluginsDir: tmp(), verify: true });
+        assert.equal(onLoader["verify"], true);
+    });
+    withEnv({ VERIFY_PLUGINS: "true" }, () => {
+        const offLoader = new PluginLoader({ pluginsDir: tmp(), verify: false });
+        assert.equal(offLoader["verify"], false);
+    });
+});
+test("PluginLoader.load(): with verify on + no trust root → builtins still load, filesystem skipped", async () => {
+    withEnv({ VERIFY_PLUGINS: undefined, PLUGIN_TRUST_ROOT: undefined }, async () => {
+        const loader = new PluginLoader({ pluginsDir: tmp() });
+        await loader.load();
+        const names = loader.supportedTypes();
+        assert.ok(names.includes("prometheus"), "prometheus builtin must remain available");
+        assert.ok(names.includes("loki"), "loki builtin must remain available");
+        assert.ok(names.includes("kubernetes"), "kubernetes builtin must remain available");
+    });
+});

package/dist/connectors/prometheus.test.js

@@ -77,27 +77,45 @@ describe("PrometheusConnector", () => {
         });
     });
     describe("buildQuery", () => {
-        it("replaces {{service}} placeholder in known metrics", async () => {
+        // buildQuery is private async and returns `{ promql, label, candidate }`.
+        // To keep these tests off the network, every case uses a user-
+        // override metric — that short-circuits the candidate-probe path
+        // (which would otherwise call Prometheus to pick the best variant
+        // and resolveServiceLabel to discover the right scoping label).
+        // The label / candidate fields are exercised via the public
+        // queryMetrics path elsewhere.
+        const fakeSource = { name: "test", type: "prometheus", url: "http://localhost:9090", enabled: true };
+        it("replaces {{service}} placeholder in user-defined metrics", async () => {
             const connector = new PrometheusConnector();
-            await connector.connect({ name: "test", type: "prometheus", url: "http://localhost:9090", enabled: true });
-            const query = proto.buildQuery.call(connector, "payment-service", "cpu");
-            assert.ok(query.includes("payment-service"));
-            assert.ok(!query.includes("{{service}}"));
-        });
-        it("falls back to generic query for unknown metrics", async () => {
+            await connector.connect({
+                ...fakeSource,
+                metrics: [{ name: "cpu", query: 'cpu_usage{svc="{{service}}"}', unit: "%", description: "CPU" }],
+            });
+            const { promql } = await proto.buildQuery.call(connector, "payment-service", "cpu");
+            assert.ok(promql.includes("payment-service"));
+            assert.ok(!promql.includes("{{service}}"));
+        });
+        it("respects an explicit {{service}} substitution outside the {{selector}} sugar", async () => {
+            // Different from the other two: the override here uses {{service}}
+            // directly inside a hand-written selector (no {{selector}} sugar).
+            // Confirms the substitution applies to the raw template, not only
+            // through the label-resolver path.
             const connector = new PrometheusConnector();
-            await connector.connect({ name: "test", type: "prometheus", url: "http://localhost:9090", enabled: true });
-            const query = proto.buildQuery.call(connector, "my-svc", "unknown_metric");
-            assert.equal(query, 'unknown_metric{job="my-svc"}');
+            await connector.connect({
+                ...fakeSource,
+                metrics: [{ name: "explicit_selector", query: 'explicit_metric{job="{{service}}"}', unit: "", description: "" }],
+            });
+            const { promql } = await proto.buildQuery.call(connector, "my-svc", "explicit_selector");
+            assert.equal(promql, 'explicit_metric{job="my-svc"}');
         });
         it("uses custom metrics from source config", async () => {
             const connector = new PrometheusConnector();
             await connector.connect({
-                name: "test", type: "prometheus", url: "http://localhost:9090", enabled: true,
+                ...fakeSource,
                 metrics: [{ name: "custom", query: 'my_custom_metric{svc="{{service}}"}', unit: "ops", description: "Custom" }],
             });
-            const query = proto.buildQuery.call(connector, "api", "custom");
-            assert.equal(query, 'my_custom_metric{svc="api"}');
+            const { promql } = await proto.buildQuery.call(connector, "api", "custom");
+            assert.equal(promql, 'my_custom_metric{svc="api"}');
         });
     });
 });

package/dist/connectors/registry.d.ts

@@ -17,5 +17,18 @@ export declare class ConnectorRegistry {
     getAll(): ObservabilityConnector[];
     getByName(name: string): ObservabilityConnector | undefined;
     getBySignal(signal: SignalType): ObservabilityConnector[];
+    /** Connectors visible to the named tenant: every source whose
+     *  config.tenant matches OR is unset (global). Unset = available
+     *  everywhere — keeps single-tenant deployments untouched.
+     *  Anonymous traffic / the agent / internal callers can pass
+     *  the DEFAULT_TENANT sentinel and see exactly what the default-
+     *  tenant operator sees. */
+    getByTenant(tenant: string): ObservabilityConnector[];
+    /** Same as `getByName`, but enforces the tenant gate: a source
+     *  whose config.tenant is set and differs from the calling tenant
+     *  returns undefined — indistinguishable from "no such source",
+     *  per the rest of the tenancy layer (no cross-tenant existence
+     *  leak). Unset source tenant = global, always resolves. */
+    getByNameForTenant(name: string, tenant: string): ObservabilityConnector | undefined;
     healthCheckAll(): Promise<Record<string, ConnectorHealth>>;
 }

package/dist/connectors/registry.js

@@ -80,6 +80,36 @@ export class ConnectorRegistry {
     getBySignal(signal) {
         return this.getAll().filter((c) => c.signalType === signal);
     }
+    /** Connectors visible to the named tenant: every source whose
+     *  config.tenant matches OR is unset (global). Unset = available
+     *  everywhere — keeps single-tenant deployments untouched.
+     *  Anonymous traffic / the agent / internal callers can pass
+     *  the DEFAULT_TENANT sentinel and see exactly what the default-
+     *  tenant operator sees. */
+    getByTenant(tenant) {
+        const out = [];
+        for (const [name, c] of this.connectors) {
+            const cfg = this.sourceConfigs.get(name);
+            const srcTenant = cfg?.tenant;
+            if (!srcTenant || srcTenant === tenant)
+                out.push(c);
+        }
+        return out;
+    }
+    /** Same as `getByName`, but enforces the tenant gate: a source
+     *  whose config.tenant is set and differs from the calling tenant
+     *  returns undefined — indistinguishable from "no such source",
+     *  per the rest of the tenancy layer (no cross-tenant existence
+     *  leak). Unset source tenant = global, always resolves. */
+    getByNameForTenant(name, tenant) {
+        const c = this.connectors.get(name);
+        if (!c)
+            return undefined;
+        const cfg = this.sourceConfigs.get(name);
+        if (cfg?.tenant && cfg.tenant !== tenant)
+            return undefined;
+        return c;
+    }
     async healthCheckAll() {
         const results = {};
         for (const [name, connector] of this.connectors) {

package/dist/connectors/registry.test.js

@@ -2,15 +2,21 @@ import { describe, it } from "node:test";
 import assert from "node:assert/strict";
 import { getSupportedTypes, ConnectorRegistry } from "./registry.js";
 import { DEFAULT_SETTINGS, DEFAULT_HEALTH_THRESHOLDS } from "../config/loader.js";
+import { getPluginLoader } from "./loader.js";
 function makeConfig(sources = []) {
     return { sources, settings: DEFAULT_SETTINGS, healthThresholds: DEFAULT_HEALTH_THRESHOLDS };
 }
 describe("getSupportedTypes", () => {
-    it("returns prometheus and loki", () => {
+    it("returns the builtins (prometheus, loki, kubernetes) after loader.load()", async () => {
+        // The PluginLoader registers builtins inside load(), not the
+        // constructor — at server boot index.ts awaits load() before any
+        // tool registration code runs. Mirror that here so the test
+        // reflects the real wiring rather than a transient empty state.
+        await getPluginLoader().load();
         const types = getSupportedTypes();
         assert.ok(types.includes("prometheus"));
         assert.ok(types.includes("loki"));
-        assert.equal(types.length, 2);
+        assert.ok(types.includes("kubernetes"));
     });
 });
 describe("ConnectorRegistry", () => {
@@ -90,4 +96,52 @@ describe("ConnectorRegistry", () => {
             assert.deepEqual(results, {});
         });
     });
+    describe("getByTenant / getByNameForTenant", () => {
+        it("untagged sources are visible to every tenant (pre-E7 single-tenant default)", async () => {
+            await getPluginLoader().load();
+            const reg = new ConnectorRegistry();
+            await reg.initialize(makeConfig([
+                // No tenant on either source — both are "global".
+                { name: "prom-global", type: "prometheus", url: "http://p:9090", enabled: true },
+                { name: "loki-global", type: "loki", url: "http://l:3100", enabled: true },
+            ]));
+            const acmeVisible = reg.getByTenant("acme").map((c) => c.name).sort();
+            const bigcoVisible = reg.getByTenant("bigco").map((c) => c.name).sort();
+            assert.deepEqual(acmeVisible, ["loki-global", "prom-global"]);
+            assert.deepEqual(bigcoVisible, ["loki-global", "prom-global"]);
+        });
+        it("tenant-tagged source is invisible to other tenants", async () => {
+            await getPluginLoader().load();
+            const reg = new ConnectorRegistry();
+            await reg.initialize(makeConfig([
+                { name: "shared", type: "prometheus", url: "http://p:9090", enabled: true },
+                { name: "acme-only", type: "loki", url: "http://l:3100", enabled: true, tenant: "acme" },
+            ]));
+            assert.deepEqual(reg.getByTenant("acme").map((c) => c.name).sort(), ["acme-only", "shared"]);
+            // bigco sees only the shared source — the acme-only one is hidden.
+            assert.deepEqual(reg.getByTenant("bigco").map((c) => c.name).sort(), ["shared"]);
+        });
+        it("getByNameForTenant returns undefined on cross-tenant probe (no existence leak)", async () => {
+            await getPluginLoader().load();
+            const reg = new ConnectorRegistry();
+            await reg.initialize(makeConfig([
+                { name: "acme-loki", type: "loki", url: "http://l:3100", enabled: true, tenant: "acme" },
+            ]));
+            // Within tenant: resolves.
+            assert.ok(reg.getByNameForTenant("acme-loki", "acme"));
+            // Cross-tenant: undefined — indistinguishable from "no such source".
+            assert.equal(reg.getByNameForTenant("acme-loki", "bigco"), undefined);
+            // Unknown name in own tenant: also undefined.
+            assert.equal(reg.getByNameForTenant("nope", "acme"), undefined);
+        });
+        it("a source whose tenant is unset resolves for every tenant via getByNameForTenant", async () => {
+            await getPluginLoader().load();
+            const reg = new ConnectorRegistry();
+            await reg.initialize(makeConfig([
+                { name: "global", type: "prometheus", url: "http://p:9090", enabled: true },
+            ]));
+            assert.ok(reg.getByNameForTenant("global", "acme"));
+            assert.ok(reg.getByNameForTenant("global", "bigco"));
+        });
+    });
 });

package/dist/context.d.ts

@@ -27,6 +27,12 @@ export interface RequestContext {
      *  "default" for anonymous principals + missing-tenant credentials,
      *  preserving the single-namespace behaviour of pre-E7 deployments. */
     tenant: string;
+    /** When set, the /mcp tools/list response is filtered to this
+     *  allow-list. Resolved from the active credential's bound Product
+     *  (OMCP_KEY_PRODUCTS) against the catalogue at request entry.
+     *  Anonymous + Product-less credentials leave this unset and see
+     *  every registered tool. */
+    allowedTools?: string[];
     /** Correlates all tool calls within one transport request/session. */
     correlationId: string;
 }
@@ -36,4 +42,30 @@ export declare function defaultContext(): RequestContext;
 export declare function principalContext(principalId: string, allowedSources?: string[], opts?: {
     allowBypassRedaction?: boolean;
     tenant?: string;
+    allowedTools?: string[];
 }): RequestContext;
+/** Context for an authenticated management-plane (browser / OIDC /
+ *  basic-auth) request. The session-derived tenant flows into tool
+ *  handlers exactly like the MCP-credential path, so a viewer in
+ *  tenant Acme reading /api/services through the dashboard sees the
+ *  same service set as an /mcp client bound to Acme. Anonymous mode
+ *  (no session) → behaves like defaultContext(). */
+export declare function sessionContext(session: {
+    sub?: string;
+    name?: string;
+    tenant?: string;
+} | undefined): RequestContext;
+/** Decide whether a given tool name is accessible under the active
+ *  Product binding. Pure helper so the registration site stays
+ *  declarative and the filtering policy is unit-testable in isolation.
+ *
+ *  Semantics:
+ *    - undefined allow-list → no Product binding, every tool allowed
+ *      (anonymous + Product-less credentials — back-compat).
+ *    - empty allow-list → a Product with no `tools` field. The schema
+ *      treats this as "all tools allowed", matching the YAML loader's
+ *      view that an absent / empty list means no restriction.
+ *    - non-empty → the named tool must appear verbatim.
+ *  Tool names are compared case-sensitively; the MCP spec is
+ *  case-sensitive on `name`. */
+export declare function allowsTool(allowedTools: string[] | undefined, toolName: string): boolean;

package/dist/context.js

@@ -17,6 +17,41 @@ export function principalContext(principalId, allowedSources, opts = {}) {
         allowedSources: allowedSources && allowedSources.length > 0 ? allowedSources : undefined,
         allowBypassRedaction: opts.allowBypassRedaction || undefined,
         tenant: normaliseTenant(opts.tenant),
+        allowedTools: opts.allowedTools && opts.allowedTools.length > 0 ? opts.allowedTools : undefined,
         correlationId: randomUUID(),
     };
 }
+/** Context for an authenticated management-plane (browser / OIDC /
+ *  basic-auth) request. The session-derived tenant flows into tool
+ *  handlers exactly like the MCP-credential path, so a viewer in
+ *  tenant Acme reading /api/services through the dashboard sees the
+ *  same service set as an /mcp client bound to Acme. Anonymous mode
+ *  (no session) → behaves like defaultContext(). */
+export function sessionContext(session) {
+    if (!session)
+        return defaultContext();
+    return {
+        principalId: session.sub || session.name || "anonymous",
+        auth: "apikey",
+        tenant: normaliseTenant(session.tenant),
+        correlationId: randomUUID(),
+    };
+}
+/** Decide whether a given tool name is accessible under the active
+ *  Product binding. Pure helper so the registration site stays
+ *  declarative and the filtering policy is unit-testable in isolation.
+ *
+ *  Semantics:
+ *    - undefined allow-list → no Product binding, every tool allowed
+ *      (anonymous + Product-less credentials — back-compat).
+ *    - empty allow-list → a Product with no `tools` field. The schema
+ *      treats this as "all tools allowed", matching the YAML loader's
+ *      view that an absent / empty list means no restriction.
+ *    - non-empty → the named tool must appear verbatim.
+ *  Tool names are compared case-sensitively; the MCP spec is
+ *  case-sensitive on `name`. */
+export function allowsTool(allowedTools, toolName) {
+    if (!allowedTools || allowedTools.length === 0)
+        return true;
+    return allowedTools.includes(toolName);
+}

package/dist/context.test.d.ts

@@ -0,0 +1 @@
+export {};