@thotischner/observability-mcp 3.0.0 → 3.1.0

package/dist/connectors/loader.d.ts

@@ -1,5 +1,6 @@
 import type { ObservabilityConnector } from "./interface.js";
 import type { ConnectorFactory, ConnectorManifest } from "../sdk/index.js";
+import type { HookRegistry } from "../sdk/hooks.js";
 export interface LoadedConnector {
     /** Connector type id, e.g. "prometheus". Matches `source.type` in sources.yaml. */
     name: string;
@@ -26,11 +27,18 @@ export declare class PluginLoader {
     private verify;
     private trustRootPath?;
     private trustRoot?;
+    /** Optional HookRegistry — when set, the loader auto-registers
+     *  every entry in `manifest.hooks[]` after the plugin loads, and
+     *  unregisters them when a same-name plugin replaces it. Hooks
+     *  re-registered by name+kind on hot-reload (HookRegistry.register
+     *  already deduplicates). */
+    private hookRegistry?;
     constructor(opts?: {
         pluginsDir?: string;
         disabled?: string[];
         verify?: boolean;
         trustRoot?: string;
+        hookRegistry?: HookRegistry;
     });
     load(): Promise<void>;
     list(): LoadedConnector[];

package/dist/connectors/loader.js

@@ -31,10 +31,17 @@ export class PluginLoader {
     verify;
     trustRootPath;
     trustRoot;
+    /** Optional HookRegistry — when set, the loader auto-registers
+     *  every entry in `manifest.hooks[]` after the plugin loads, and
+     *  unregisters them when a same-name plugin replaces it. Hooks
+     *  re-registered by name+kind on hot-reload (HookRegistry.register
+     *  already deduplicates). */
+    hookRegistry;
     constructor(opts = {}) {
         this.pluginsDir = opts.pluginsDir
             ?? process.env.PLUGINS_DIR
             ?? "/app/plugins";
+        this.hookRegistry = opts.hookRegistry;
         // Per-plugin disable via env: PLUGINS_DISABLED="prometheus,loki"
         const envDisabled = (process.env.PLUGINS_DISABLED ?? "")
             .split(",")
@@ -202,6 +209,48 @@ export class PluginLoader {
             manifest,
             factory,
         });
+        // Manifest-driven hook auto-registration (Q10). After the
+        // entry module loads (and is integrity/sig-verified above), walk
+        // manifest.hooks[] and resolve each entry's `module` against the
+        // plugin root. Default export is the handler. Errors during
+        // individual hook load are logged + skipped — they don't tear
+        // down the connector itself.
+        if (this.hookRegistry && manifest?.hooks?.length) {
+            // Drop any prior registrations for this plugin so a hot-reload
+            // doesn't leave stale entries side-by-side with new ones.
+            this.hookRegistry.unregisterPlugin(marker.name);
+            for (const hookEntry of manifest.hooks) {
+                const hookPath = resolve(pluginRoot, hookEntry.module);
+                const inside = hookPath.startsWith(resolve(pluginRoot) + "/") || hookPath === resolve(pluginRoot);
+                if (!inside) {
+                    console.warn("Plugin %s hook module %s escapes the plugin root — skipping", sanitizeForLog(marker.name), sanitizeForLog(hookEntry.module));
+                    continue;
+                }
+                if (!existsSync(hookPath)) {
+                    console.warn("Plugin %s hook module %s not found — skipping", sanitizeForLog(marker.name), sanitizeForLog(hookEntry.module));
+                    continue;
+                }
+                try {
+                    const hookMod = await import(pathToFileURL(hookPath).href);
+                    const handler = hookMod.default ?? hookMod.handler;
+                    if (typeof handler !== "function") {
+                        console.warn("Plugin %s hook module %s has no default export — skipping", sanitizeForLog(marker.name), sanitizeForLog(hookEntry.module));
+                        continue;
+                    }
+                    this.hookRegistry.register({
+                        pluginName: marker.name,
+                        kind: hookEntry.kind,
+                        priority: hookEntry.priority,
+                        mode: hookEntry.mode,
+                        handler: handler,
+                    });
+                    console.log('Plugin "%s": registered %s hook from %s', sanitizeForLog(marker.name), sanitizeForLog(hookEntry.kind), sanitizeForLog(hookEntry.module));
+                }
+                catch (err) {
+                    console.warn("Plugin %s hook %s/%s failed to load: %s", sanitizeForLog(marker.name), sanitizeForLog(hookEntry.kind), sanitizeForLog(hookEntry.module), sanitizeForLog(err instanceof Error ? err.message : String(err)));
+                }
+            }
+        }
         console.log('Connector plugin "%s" loaded from %s', sanitizeForLog(marker.name), sanitizeForLog(pluginRoot));
     }
     register(entry) {

package/dist/connectors/loki.d.ts

@@ -1,5 +1,48 @@
 import type { ObservabilityConnector } from "./interface.js";
-import type { SourceConfig, ConnectorHealth, ServiceInfo, MetricDefinition, LogQuery, LogResult, SignalType } from "../types.js";
+import type { SourceConfig, ConnectorHealth, ServiceInfo, MetricDefinition, LogQuery, LogResult, LogAggregateQuery, LogAggregateResult, SignalType } from "../types.js";
+/** Escape a value for a double-quoted LogQL string literal. Backslash and
+ *  quote first (breakout chars), then control chars — a raw newline/tab in
+ *  a Go-style `"..."` literal is a parse error, so emit the escape sequence. */
+export declare function escapeLogQLValue(value: string): string;
+/**
+ * Compile a `labels` equality map into LogQL label-filter expressions that
+ * run AFTER `| json`, e.g. `{...} | json | method="GET" | status="200"`.
+ * Placed after the json parse so fields the pipeline extracts (not just
+ * stream labels) are filterable. Keys are sorted for deterministic output.
+ * Reusable, side-effect-free unit — also the basis for the Q-LOG2
+ * aggregation path and a future named-LogQL catalog. Callers validate the
+ * map (see validateLogLabels); this only escapes values.
+ */
+export declare function logqlLabelFilters(labels: Record<string, string> | undefined): string;
+/**
+ * Derive a log level from an HTTP status code when the line carries no
+ * explicit level: 5xx → error, 4xx → warn. Returns undefined otherwise so
+ * the caller keeps its existing fallback chain.
+ */
+export declare function levelFromStatus(status: unknown): "error" | "warn" | undefined;
+/** Parse a `<n><m|h|d>` duration into seconds. Returns null when malformed. */
+export declare function parseDurationSeconds(duration: string): number | null;
+/** Pick a bucket size (seconds) that yields ~60 points across the window,
+ *  floored at 60s, so a count_over_time range query isn't absurdly dense. */
+export declare function defaultBucketSeconds(durationSeconds: number): number;
+export interface AggregateLogQL {
+    logql: string;
+    /** instant (vector) for sum/topk; range (matrix) for count_over_time. */
+    mode: "instant" | "range";
+    /** Step for the range query, e.g. "300s". Only set when mode === "range". */
+    step?: string;
+}
+/**
+ * Wrap a stream+pipeline expression (`{sel} | json | …`) in a LogQL metric
+ * aggregation. Pure + side-effect-free so it's unit-testable without a
+ * backend. `by` labels are assumed pre-validated (label-name shape).
+ */
+export declare function buildAggregateLogQL(streamPipeline: string, agg: {
+    op: "count_over_time" | "sum" | "topk";
+    by?: string[];
+    k?: number;
+    step?: string;
+}, duration: string): AggregateLogQL;
 export declare class LokiConnector implements ObservabilityConnector {
     readonly type = "loki";
     readonly signalType: SignalType;
@@ -17,6 +60,7 @@ export declare class LokiConnector implements ObservabilityConnector {
     disconnect(): Promise<void>;
     listServices(): Promise<ServiceInfo[]>;
     queryLogs(params: LogQuery): Promise<LogResult>;
+    queryLogAggregate(params: LogAggregateQuery): Promise<LogAggregateResult>;
     private getLabelValues;
     private resolveServiceSelector;
     private parseLine;

package/dist/connectors/loki.js

@@ -1,6 +1,84 @@
 import { buildTlsAgent } from "./tls.js";
 const DEFAULT_SERVICE_LABELS = ["service_name", "service", "job", "app", "container"];
 const LABEL_CACHE_TTL_MS = 60_000;
+/** Escape a value for a double-quoted LogQL string literal. Backslash and
+ *  quote first (breakout chars), then control chars — a raw newline/tab in
+ *  a Go-style `"..."` literal is a parse error, so emit the escape sequence. */
+export function escapeLogQLValue(value) {
+    return value
+        .replace(/\\/g, "\\\\")
+        .replace(/"/g, '\\"')
+        .replace(/\n/g, "\\n")
+        .replace(/\r/g, "\\r")
+        .replace(/\t/g, "\\t");
+}
+/**
+ * Compile a `labels` equality map into LogQL label-filter expressions that
+ * run AFTER `| json`, e.g. `{...} | json | method="GET" | status="200"`.
+ * Placed after the json parse so fields the pipeline extracts (not just
+ * stream labels) are filterable. Keys are sorted for deterministic output.
+ * Reusable, side-effect-free unit — also the basis for the Q-LOG2
+ * aggregation path and a future named-LogQL catalog. Callers validate the
+ * map (see validateLogLabels); this only escapes values.
+ */
+export function logqlLabelFilters(labels) {
+    if (!labels)
+        return "";
+    return Object.keys(labels)
+        .sort()
+        .map((k) => ` | ${k}="${escapeLogQLValue(labels[k])}"`)
+        .join("");
+}
+/**
+ * Derive a log level from an HTTP status code when the line carries no
+ * explicit level: 5xx → error, 4xx → warn. Returns undefined otherwise so
+ * the caller keeps its existing fallback chain.
+ */
+export function levelFromStatus(status) {
+    const n = typeof status === "number" ? status : parseInt(String(status ?? ""), 10);
+    if (!Number.isFinite(n))
+        return undefined;
+    if (n >= 500 && n <= 599)
+        return "error";
+    if (n >= 400 && n <= 499)
+        return "warn";
+    return undefined;
+}
+/** Parse a `<n><m|h|d>` duration into seconds. Returns null when malformed. */
+export function parseDurationSeconds(duration) {
+    const m = /^(\d+)([mhd])$/.exec(duration);
+    if (!m)
+        return null;
+    const v = parseInt(m[1], 10);
+    return m[2] === "m" ? v * 60 : m[2] === "h" ? v * 3600 : v * 86400;
+}
+/** Pick a bucket size (seconds) that yields ~60 points across the window,
+ *  floored at 60s, so a count_over_time range query isn't absurdly dense. */
+export function defaultBucketSeconds(durationSeconds) {
+    return Math.max(60, Math.floor(durationSeconds / 60));
+}
+/**
+ * Wrap a stream+pipeline expression (`{sel} | json | …`) in a LogQL metric
+ * aggregation. Pure + side-effect-free so it's unit-testable without a
+ * backend. `by` labels are assumed pre-validated (label-name shape).
+ */
+export function buildAggregateLogQL(streamPipeline, agg, duration) {
+    const durSec = parseDurationSeconds(duration) ?? 3600;
+    const byClause = agg.by && agg.by.length ? ` by (${agg.by.join(", ")})` : "";
+    if (agg.op === "count_over_time") {
+        const stepSec = (agg.step && parseDurationSeconds(agg.step)) || defaultBucketSeconds(durSec);
+        const inner = `count_over_time(${streamPipeline} [${stepSec}s])`;
+        const logql = byClause ? `sum${byClause} (${inner})` : inner;
+        return { logql, mode: "range", step: `${stepSec}s` };
+    }
+    // sum / topk: count over the whole window, then aggregate → instant vector.
+    const totals = `sum${byClause} (count_over_time(${streamPipeline} [${durSec}s]))`;
+    if (agg.op === "topk") {
+        const k = agg.k && agg.k > 0 ? Math.floor(agg.k) : 10;
+        return { logql: `topk(${k}, ${totals})`, mode: "instant" };
+    }
+    return { logql: totals, mode: "instant" };
+}
 export class LokiConnector {
     type = "loki";
     signalType = "logs";
@@ -94,14 +172,13 @@ export class LokiConnector {
         // matches the real stream.
         const { label: matchedLabel, value: rawValue } = await this.resolveServiceSelector(params.service);
         const service = this.escapeLogQLValue(rawValue);
-        let logql = `{${matchedLabel}="${service}"}`;
+        let logql = `{${matchedLabel}="${service}"} | json`;
         if (params.level) {
-            const level = this.escapeLogQLValue(params.level);
-            logql += ` | json | level="${level}"`;
-        }
-        else {
-            logql += ` | json`;
+            logql += ` | level="${this.escapeLogQLValue(params.level)}"`;
         }
+        // Structured equality filters (method/status/url/environment/…) — run
+        // after `| json` so backend-extracted fields are selectable.
+        logql += logqlLabelFilters(params.labels);
         if (params.query) {
             const query = this.escapeLogQLRegex(params.query);
             logql += ` |~ \`${query}\``;
@@ -114,9 +191,16 @@ export class LokiConnector {
             const labels = stream.stream;
             for (const [ts, line] of stream.values) {
                 const parsed = this.parseLine(line);
+                // Prefer an explicit level; otherwise derive one from an HTTP
+                // status field (5xx→error, 4xx→warn) so structured access logs
+                // that carry `status` but no `level` are still filterable/triaged.
+                const level = parsed.level ||
+                    labels.level ||
+                    levelFromStatus(parsed.status ?? labels.status) ||
+                    "unknown";
                 entries.push({
                     timestamp: new Date(parseInt(ts) / 1_000_000).toISOString(),
-                    level: parsed.level || labels.level || "unknown",
+                    level,
                     message: parsed.msg || line,
                     labels,
                 });
@@ -140,6 +224,54 @@ export class LokiConnector {
             },
         };
     }
+    async queryLogAggregate(params) {
+        const { start, end } = this.parseTimeRange(params.duration);
+        const { label: matchedLabel, value: rawValue } = await this.resolveServiceSelector(params.service);
+        const service = this.escapeLogQLValue(rawValue);
+        // Same stream + pipeline prefix as queryLogs (reuses the Q-LOG1 unit),
+        // minus the level filter (aggregation groups, it doesn't level-filter).
+        let pipeline = `{${matchedLabel}="${service}"} | json`;
+        pipeline += logqlLabelFilters(params.labels);
+        if (params.query) {
+            pipeline += ` |~ \`${this.escapeLogQLRegex(params.query)}\``;
+        }
+        const { logql, mode, step } = buildAggregateLogQL(pipeline, { op: params.op, by: params.by, k: params.k, step: params.step }, params.duration);
+        const by = params.by ?? [];
+        const series = [];
+        if (mode === "instant") {
+            const url = `/loki/api/v1/query?query=${encodeURIComponent(logql)}&time=${end}000000000`;
+            const data = await this.apiGet(url);
+            for (const r of data?.data?.result || []) {
+                const v = Array.isArray(r.value) ? Number(r.value[1]) : NaN;
+                series.push({ labels: r.metric || {}, value: Number.isFinite(v) ? v : 0 });
+            }
+            // topk is already ordered by Loki; sort sum desc for a stable, useful view.
+            series.sort((a, b) => (b.value ?? 0) - (a.value ?? 0));
+        }
+        else {
+            // `step` from the builder is `<n>s`; the query_range step param wants seconds.
+            const stepSec = step ? parseInt(step, 10) || 60 : 60;
+            const url = `/loki/api/v1/query_range?query=${encodeURIComponent(logql)}` +
+                `&start=${start}000000000&end=${end}000000000&step=${stepSec}`;
+            const data = await this.apiGet(url);
+            for (const r of data?.data?.result || []) {
+                const points = (r.values || []).map(([ts, val]) => ({
+                    t: Math.round(Number(ts) * 1000),
+                    value: Number(val),
+                }));
+                series.push({ labels: r.metric || {}, points });
+            }
+        }
+        return {
+            source: this.name,
+            op: params.op,
+            by,
+            step: mode === "range" ? step : undefined,
+            mode,
+            series,
+            note: "Aggregate mode: `limit` does not apply (results are grouped counts, not raw rows).",
+        };
+    }
     // --- Private helpers ---
     async getLabelValues(label) {
         const cached = this.labelValuesCache.get(label);
@@ -204,7 +336,8 @@ export class LokiConnector {
         return { start: now - seconds, end: now };
     }
     escapeLogQLValue(value) {
-        return value.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
+        // Delegate to the canonical module-level escaper (single source of truth).
+        return escapeLogQLValue(value);
     }
     escapeLogQLRegex(value) {
         // Escape backslash first (so we don't double-escape sequences we add),

package/dist/connectors/loki.test.js

@@ -1,7 +1,177 @@
 import { describe, it } from "node:test";
 import assert from "node:assert/strict";
-import { LokiConnector } from "./loki.js";
+import { LokiConnector, logqlLabelFilters, levelFromStatus, escapeLogQLValue, buildAggregateLogQL, parseDurationSeconds, defaultBucketSeconds, } from "./loki.js";
 const proto = LokiConnector.prototype;
+function jsonRes(obj) {
+    return { ok: true, status: 200, statusText: "OK", json: async () => obj, text: async () => "" };
+}
+describe("Q-LOG1: logqlLabelFilters", () => {
+    it("returns empty string for undefined / empty", () => {
+        assert.equal(logqlLabelFilters(undefined), "");
+        assert.equal(logqlLabelFilters({}), "");
+    });
+    it("compiles a single filter", () => {
+        assert.equal(logqlLabelFilters({ method: "GET" }), ' | method="GET"');
+    });
+    it("compiles multiple filters, keys sorted for determinism", () => {
+        assert.equal(logqlLabelFilters({ status: "200", method: "GET", url: "/" }), ' | method="GET" | status="200" | url="/"');
+    });
+    it("escapes double quotes and backslashes in values", () => {
+        assert.equal(logqlLabelFilters({ path: 'a"b\\c' }), ' | path="a\\"b\\\\c"');
+    });
+});
+describe("Q-LOG1: levelFromStatus", () => {
+    it("maps 5xx → error", () => {
+        assert.equal(levelFromStatus(500), "error");
+        assert.equal(levelFromStatus("503"), "error");
+        assert.equal(levelFromStatus(599), "error");
+    });
+    it("maps 4xx → warn", () => {
+        assert.equal(levelFromStatus(404), "warn");
+        assert.equal(levelFromStatus("400"), "warn");
+    });
+    it("returns undefined for 2xx/3xx and non-numeric", () => {
+        assert.equal(levelFromStatus(200), undefined);
+        assert.equal(levelFromStatus(301), undefined);
+        assert.equal(levelFromStatus("abc"), undefined);
+        assert.equal(levelFromStatus(undefined), undefined);
+    });
+});
+describe("Q-LOG1: escapeLogQLValue", () => {
+    it("escapes backslash then quote", () => {
+        assert.equal(escapeLogQLValue('he said "hi"\\'), 'he said \\"hi\\"\\\\');
+    });
+    it("escapes control chars (newline/return/tab) into LogQL escape sequences", () => {
+        assert.equal(escapeLogQLValue("a\nb\rc\td"), "a\\nb\\rc\\td");
+    });
+});
+describe("Q-LOG1: queryLogs LogQL assembly", () => {
+    async function captureQuery(params) {
+        const conn = new LokiConnector();
+        await conn.connect({ name: "loki", type: "loki", url: "http://loki:3100", enabled: true });
+        let captured = "";
+        const orig = globalThis.fetch;
+        globalThis.fetch = (async (url) => {
+            const u = String(url);
+            if (u.includes("/label/") && u.includes("/values"))
+                return jsonRes({ data: ["payment"] });
+            if (u.includes("/query_range")) {
+                captured = decodeURIComponent((u.match(/query=([^&]+)/) || [])[1] || "");
+                return jsonRes({ data: { result: [] } });
+            }
+            return jsonRes({ data: [] });
+        });
+        try {
+            await conn.queryLogs({ service: "payment", duration: "5m", ...params });
+        }
+        finally {
+            globalThis.fetch = orig;
+        }
+        return captured;
+    }
+    it("AND's label filters after | json, with level and line filter", async () => {
+        const q = await captureQuery({ level: "error", labels: { method: "GET", status: "200" }, query: "timeout" });
+        assert.equal(q, '{service_name="payment"} | json | level="error" | method="GET" | status="200" |~ `timeout`');
+    });
+    it("works with labels only (no level/query)", async () => {
+        const q = await captureQuery({ labels: { environment: "prod" } });
+        assert.equal(q, '{service_name="payment"} | json | environment="prod"');
+    });
+    it("plain query (no labels) is unchanged from prior behaviour", async () => {
+        const q = await captureQuery({});
+        assert.equal(q, '{service_name="payment"} | json');
+    });
+});
+describe("Q-LOG2: parseDurationSeconds / defaultBucketSeconds", () => {
+    it("parses m/h/d", () => {
+        assert.equal(parseDurationSeconds("5m"), 300);
+        assert.equal(parseDurationSeconds("2h"), 7200);
+        assert.equal(parseDurationSeconds("1d"), 86400);
+        assert.equal(parseDurationSeconds("bad"), null);
+    });
+    it("buckets to ~60 points, floored at 60s", () => {
+        assert.equal(defaultBucketSeconds(3600), 60); // 1h → 60s
+        assert.equal(defaultBucketSeconds(86400), 1440); // 24h → 1440s
+        assert.equal(defaultBucketSeconds(60), 60); // tiny window floors at 60s
+    });
+});
+describe("Q-LOG2: buildAggregateLogQL", () => {
+    const PIPE = '{service_name="app"} | json | method="GET"';
+    it("count_over_time with by → sum by + range mode + step", () => {
+        const r = buildAggregateLogQL(PIPE, { op: "count_over_time", by: ["url"], step: "15m" }, "1h");
+        assert.equal(r.mode, "range");
+        assert.equal(r.step, "900s");
+        assert.equal(r.logql, `sum by (url) (count_over_time(${PIPE} [900s]))`);
+    });
+    it("count_over_time without by → bare count_over_time, default step", () => {
+        const r = buildAggregateLogQL(PIPE, { op: "count_over_time" }, "1h");
+        assert.equal(r.mode, "range");
+        assert.equal(r.step, "60s");
+        assert.equal(r.logql, `count_over_time(${PIPE} [60s])`);
+    });
+    it("sum → instant total per group over the whole window", () => {
+        const r = buildAggregateLogQL(PIPE, { op: "sum", by: ["status"] }, "1h");
+        assert.equal(r.mode, "instant");
+        assert.equal(r.logql, `sum by (status) (count_over_time(${PIPE} [3600s]))`);
+    });
+    it("topk → instant topk(k, sum by) with default k=10", () => {
+        const r = buildAggregateLogQL(PIPE, { op: "topk", by: ["url"] }, "1h");
+        assert.equal(r.mode, "instant");
+        assert.equal(r.logql, `topk(10, sum by (url) (count_over_time(${PIPE} [3600s])))`);
+    });
+    it("topk honours explicit k", () => {
+        const r = buildAggregateLogQL(PIPE, { op: "topk", by: ["url"], k: 3 }, "30m");
+        assert.equal(r.logql, `topk(3, sum by (url) (count_over_time(${PIPE} [1800s])))`);
+    });
+});
+describe("Q-LOG2: queryLogAggregate", () => {
+    async function run(agg) {
+        const conn = new LokiConnector();
+        await conn.connect({ name: "loki", type: "loki", url: "http://loki:3100", enabled: true });
+        let capturedUrl = "";
+        const orig = globalThis.fetch;
+        globalThis.fetch = (async (url) => {
+            const u = String(url);
+            if (u.includes("/label/") && u.includes("/values"))
+                return jsonRes({ data: ["app"] });
+            if (u.includes("/query_range")) {
+                capturedUrl = u;
+                return jsonRes({ data: { resultType: "matrix", result: [
+                            { metric: { url: "/" }, values: [[1000, "3"], [1060, "5"]] },
+                        ] } });
+            }
+            if (u.includes("/query")) {
+                capturedUrl = u;
+                return jsonRes({ data: { resultType: "vector", result: [
+                            { metric: { url: "/a" }, value: [2000, "7"] },
+                            { metric: { url: "/b" }, value: [2000, "12"] },
+                        ] } });
+            }
+            return jsonRes({ data: [] });
+        });
+        try {
+            return await conn.queryLogAggregate({ service: "app", duration: "1h", ...agg });
+        }
+        finally {
+            globalThis.fetch = orig;
+        }
+    }
+    it("topk → instant vector parsed + sorted desc, note set", async () => {
+        const res = await run({ op: "topk", by: ["url"], k: 2 });
+        assert.equal(res.mode, "instant");
+        assert.equal(res.op, "topk");
+        assert.deepEqual(res.by, ["url"]);
+        assert.deepEqual(res.series.map((s) => [s.labels.url, s.value]), [["/b", 12], ["/a", 7]]);
+        assert.match(res.note, /limit/);
+    });
+    it("count_over_time → range matrix parsed into points", async () => {
+        const res = await run({ op: "count_over_time", by: ["url"], step: "1m" });
+        assert.equal(res.mode, "range");
+        assert.equal(res.step, "60s");
+        assert.equal(res.series.length, 1);
+        assert.deepEqual(res.series[0].points, [{ t: 1000000, value: 3 }, { t: 1060000, value: 5 }]);
+    });
+});
 describe("LokiConnector", () => {
     describe("parseLine", () => {
         it("parses valid JSON", () => {

package/dist/connectors/manifest-hooks.test.d.ts

@@ -0,0 +1 @@
+export {};