holmesgpt 0.13.0__py3-none-any.whl → 0.13.2__py3-none-any.whl

holmes/interactive.py

@@ -27,10 +27,11 @@ from pygments.lexers import guess_lexer
 from rich.console import Console
 from rich.markdown import Markdown, Panel
 
+from holmes.common.env_vars import ENABLE_CLI_TOOL_APPROVAL
 from holmes.core.config import config_path_dir
 from holmes.core.prompt import build_initial_ask_messages
 from holmes.core.tool_calling_llm import ToolCallingLLM, ToolCallResult
-from holmes.core.tools import pretty_print_toolset_status
+from holmes.core.tools import StructuredToolResult, pretty_print_toolset_status
 from holmes.core.tracing import DummyTracer
 from holmes.utils.colors import (
     AI_COLOR,
@@ -584,6 +585,53 @@ def prompt_for_llm_sharing(
     return None
 
 
+def handle_tool_approval(
+    command: Optional[str],
+    error_message: Optional[str],
+    style: Style,
+    console: Console,
+) -> tuple[bool, Optional[str]]:
+    """
+    Handle user approval for potentially sensitive commands.
+
+    Args:
+        command: The command that needs approval
+        error_message: The error message explaining why approval is needed
+        session: PromptSession for user input
+        style: Style for prompts
+        console: Rich console for output
+
+    Returns:
+        Tuple of (approved: bool, feedback: Optional[str])
+        - approved: True if user approves, False if denied
+        - feedback: User's optional feedback message when denying
+    """
+    console.print("\n[bold yellow]⚠️  Command Approval Required[/bold yellow]")
+    console.print(f"[yellow]Command:[/yellow] {command or 'unknown'}")
+    console.print(f"[yellow]Reason:[/yellow] {error_message or 'unknown'}")
+    console.print()
+
+    # Create a temporary session without history for approval prompts
+    temp_session = PromptSession(history=InMemoryHistory())  # type: ignore
+
+    approval_prompt = temp_session.prompt(
+        [("class:prompt", "Do you want to approve and execute this command? (y/N): ")],
+        style=style,
+    )
+
+    if approval_prompt.lower().startswith("y"):
+        return True, None
+    else:
+        # Ask for optional feedback when denying
+        feedback_prompt = temp_session.prompt(
+            [("class:prompt", "Optional feedback for the AI (press Enter to skip): ")],
+            style=style,
+        )
+
+        feedback = feedback_prompt.strip() if feedback_prompt.strip() else None
+        return False, feedback
+
+
 def handle_run_command(
     bash_command: str, session: PromptSession, style: Style, console: Console
 ) -> Optional[str]:
@@ -811,6 +859,20 @@ def run_interactive_loop(
         }
     )
 
+    # Set up approval callback for potentially sensitive commands
+    def approval_handler(
+        tool_call_result: StructuredToolResult,
+    ) -> tuple[bool, Optional[str]]:
+        return handle_tool_approval(
+            command=tool_call_result.invocation,
+            error_message=tool_call_result.error,
+            style=style,
+            console=console,
+        )
+
+    if ENABLE_CLI_TOOL_APPROVAL:
+        ai.approval_callback = approval_handler
+
     # Create merged completer with slash commands, conditional executables, show command, and smart paths
     slash_completer = SlashCommandCompleter()
     executable_completer = ConditionalExecutableCompleter()
@@ -1002,7 +1064,6 @@ def run_interactive_loop(
                     user_input,
                     include_files,
                     ai.tool_executor,
-                    ai.investigation_id,
                     runbooks,
                     system_prompt_additions,
                 )

holmes/main.py

@@ -104,6 +104,11 @@ opt_verbose: Optional[List[bool]] = typer.Option(
     "-v",
     help="Verbose output. You can pass multiple times to increase the verbosity. e.g. -v or -vv or -vvv",
 )
+opt_log_costs: bool = typer.Option(
+    False,
+    "--log-costs",
+    help="Show LLM cost information in the output",
+)
 opt_echo_request: bool = typer.Option(
     True,
     "--echo/--no-echo",
@@ -176,6 +181,7 @@ def ask(
     custom_toolsets: Optional[List[Path]] = opt_custom_toolsets,
     max_steps: Optional[int] = opt_max_steps,
     verbose: Optional[List[bool]] = opt_verbose,
+    log_costs: bool = opt_log_costs,
     # semi-common options
     destination: Optional[DestinationType] = opt_destination,
     slack_token: Optional[str] = opt_slack_token,
@@ -219,7 +225,7 @@ def ask(
     """
     Ask any question and answer using available tools
     """
-    console = init_logging(verbose)  # type: ignore
+    console = init_logging(verbose, log_costs)  # type: ignore
     # Detect and read piped input
     piped_data = None
 
@@ -302,7 +308,6 @@ def ask(
         prompt,  # type: ignore
         include_file,
         ai.tool_executor,
-        ai.investigation_id,
         config.get_runbook_catalog(),
         system_prompt_additions,
     )

holmes/plugins/prompts/_fetch_logs.jinja2

@@ -4,6 +4,7 @@
 {%- set k8s_yaml_ts = toolsets | selectattr("name", "equalto", "kubernetes/logs") | rejectattr("fetch_pod_logs", "defined") | first -%}
 {%- set opensearch_ts = toolsets | selectattr("name", "equalto", "opensearch/logs") | first -%}
 {%- set datadog_ts = toolsets | selectattr("name", "equalto", "datadog/logs") | first -%}
+{%- set bash_ts = toolsets | selectattr("name", "equalto", "bash") | first -%}
 
 ## Logs
 
@@ -44,6 +45,9 @@ Tools to search and fetch logs from Kubernetes.
 * Check both kubectl_logs and kubectl_previous_logs because a pod restart mean kubectl_logs may not have relevant logs
 {%- elif opensearch_ts and opensearch_ts.status == "enabled" -%}
 {% include '_default_log_prompt.jinja2' %}
+{%- elif bash_ts and bash_ts.status == "enabled" -%}
+Use the tool `run_bash_command` to run `kubectl logs` commands and fetch any relevant pod logs.
+DO NOT use `--tail` or `| tail` when calling `kubectl logs` because you may miss critical information.
 {%- else -%}
 * You have not been given access to tools to fetch kubernetes logs for nodes, pods, services or apps. This is likely a misconfiguration.
 * If you need logs to answer questions or investigate issues, tell the user to configure the documentation and enable one of these toolsets:

holmes/plugins/prompts/_general_instructions.jinja2

@@ -62,10 +62,12 @@
 * Follow ALL tasks in your plan - don't skip any tasks
 * Use task management to ensure you don't miss important investigation steps
 * If you discover additional steps during investigation, add them to your task list using TodoWrite
+* When calling TodoWrite, you may ALSO call other tools in parallel to speed things up for your users and make them happy!
+* On the first TodoWrite call, mark at least one task as in_progress, and start working on it in parallel.
+* When calling TodoWrite for the first time, mark the tasks you started working on with ‘in_progress’ status.
 
 # Tool/function calls
 
 You are able to make tool calls / function calls. Recognise when a tool has already been called and reuse its result.
 If a tool call returns nothing, modify the parameters as required instead of repeating the tool call.
 When searching for resources in specific namespaces, test a cluster level tool to find the resource(s) and identify what namespace they are part of.
-You are limited in use to a maximum of 5 tool calls for each specific tool. Therefore make sure are smart about what tools you call and how you call them.

holmes/plugins/prompts/investigation_procedure.jinja2

@@ -1,8 +1,3 @@
-{% if investigation_id %}
-# Investigation ID for this session
-Investigation id: {{ investigation_id }}
-{% endif %}
-
 CLARIFICATION REQUIREMENT: Before starting ANY investigation, if the user's question is ambiguous or lacks critical details, you MUST ask for clarification first. Do NOT create TodoWrite tasks for unclear questions.
 Only proceed with TodoWrite and investigation AFTER you have clear, specific requirements.
 
@@ -16,8 +11,8 @@ MANDATORY Task Status Updates:
 - When completing a task: Call TodoWrite changing that task's status to "completed"
 
 PARALLEL EXECUTION RULES:
-- When possible, work on multiple tasks at a time. If tasks depend on one another, do them one after the other.
-- You MAY execute multiple INDEPENDENT tasks simultaneously
+- When possible, work on multiple tasks at a time. Only when tasks depend on one another, do them one after the other.
+- You SHOULD execute multiple INDEPENDENT tasks simultaneously
 - Mark multiple tasks as "in_progress" if they don't depend on each other
 - Wait for dependent tasks to complete before starting tasks that need their results
 - Always use a single TodoWrite call to update multiple task statuses
@@ -84,17 +79,12 @@ If you see ANY `[ ] pending` or `[~] in_progress` tasks, DO NOT provide final an
     {"id": "3", "content": "Check resources", "status": "pending"}
   ])
 
-
-{% if todo_list %}
-{{ todo_list }}
-{% endif %}
-
 # MANDATORY Multi-Phase Investigation Process
 
 For ANY question requiring investigation, you MUST follow this structured approach:
 
 ## Phase 1: Initial Investigation
-1. **IMMEDIATELY START with TodoWrite**: Create initial investigation task list
+1. **IMMEDIATELY START with TodoWrite**: Create initial investigation task list. Already start working on tasks. Mark the tasks you're working on as in_progress.
 2. **Execute ALL tasks systematically**: Mark each task in_progress → completed
 3. **Complete EVERY task** in the current list before proceeding
 

holmes/plugins/runbooks/CLAUDE.md

@@ -0,0 +1,85 @@
+You are an expert in automated diagnostics and runbook creation for an AI-driven troubleshooting agents. I will provide you with one or more issue descriptions or test scenarios.
+
+Your task is to generate a strictly executable runbook for AI Agent to follow. The runbook should be machine-readable but human-understandable, and must include the following sections:
+
+# Runbook Content Structure
+
+## 1. Goal
+- **Primary Objective:** Clearly define the specific category of issues this runbook addresses (e.g., "diagnose network connectivity problems", "troubleshoot pod startup failures", "investigate performance degradation").
+- **Scope:** Specify the environment, technology stack, or system components covered by this runbook.
+- **Agent Mandate:** Explicitly state that the AI agent must follow the workflow steps sequentially and systematically without deviation to ensure consistent, thorough troubleshooting.
+- **Expected Outcome:** Define what successful completion of this runbook should achieve (root cause identification, issue resolution, or escalation criteria).
+
+## 2. Workflow for [Issue Category] Diagnosis
+- Provide numbered, sequential steps the AI agent must execute in order.
+- Each step should specify:
+  - **Action:** Describe the diagnostic function conceptually (e.g., "retrieve container logs from specified pod", "check service connectivity between components", "examine resource utilization metrics")
+  - **Function Description:** Explain what the function should accomplish rather than naming specific tools (e.g., "query the cluster to list all pods in a namespace and their current status" instead of "kubectl_get_pods()")
+  - **Parameters:** What data/arguments to pass to the function (namespace, pod name, time range, etc.)
+  - **Expected Output:** What information to gather from the result (status codes, error messages, metrics, configurations)
+  - **Success/Failure Criteria:** How to interpret the output and what indicates normal vs. problematic conditions
+- Use conditional logic (IF/ELSE) when branching is required based on findings.
+- Describe functions generically so they can be mapped to available tools (e.g., "execute a command to test network connectivity" rather than "ping_host()")
+- Include verification steps to confirm each diagnostic action was successful.
+
+## 3. Synthesize Findings
+- **Data Correlation:** Describe how the AI agent should combine outputs from multiple workflow steps.
+- **Pattern Recognition:** Specify what patterns, error messages, or metrics indicate specific root causes.
+- **Prioritization Logic:** Provide criteria for ranking potential causes by likelihood or severity.
+- **Evidence Requirements:** Define what evidence is needed to confidently identify each potential root cause.
+- **Example Scenarios:** Include sample synthesis statements showing how findings should be summarized.
+
+## 4. Recommended Remediation Steps
+- **Immediate Actions:** List temporary workarounds or urgent fixes for critical issues.
+- **Permanent Solutions:** Provide step-by-step permanent remediation procedures.
+- **Verification Steps:** Define how to confirm each remediation action was successful.
+- **Documentation References:** Include links to official documentation, best practices, or vendor guidance.
+- **Escalation Criteria:** Specify when and how to escalate if remediation steps fail.
+- **Post-Remediation Monitoring:** Describe what to monitor to prevent recurrence.
+
+# File Organization Guidelines
+
+## Folder Structure
+*Category folders are used to distinguish and categorize different runbooks based on their focus area or technology domain. Each runbook must be placed into a specific category folder under `holmes/plugins/runbooks/` for better organization and discoverability. Create a new category folder if your runbook doesn't fit into existing categories.*
+
+## File Naming
+*Use consistent naming conventions for runbook files:*
+
+- Use descriptive, lowercase names with hyphens: `dns-resolution-troubleshooting.md`
+- Include the issue type or technology: `redis-connection-issues.md`
+- Avoid generic names like `troubleshooting.md` or `debug.md`
+
+### Catalog Registration
+After creating your runbook, you must add an entry to `catalog.json` in the runbooks directory to make it discoverable by AI agents.
+
+**Steps to add a new catalog entry:**
+
+1. **Open** `holmes/plugins/runbooks/catalog.json`
+2. **Add your entry** to the JSON array following this structure:
+   ```json
+   {
+     "name": "Brief, descriptive name of the runbook",
+     "path": "category-folder/your-runbook-filename.md",
+     "description": "Clear description of what issues this runbook addresses",
+     "tags": ["relevant", "tags", "for", "search"]
+   }
+   ```
+
+3. **Ensure proper JSON formatting** - add a comma after the previous entry if needed
+4. **Validate the JSON** is properly formatted before committing
+
+**Field Guidelines:**
+- `name`: Keep concise but descriptive (e.g., "Redis Connection Issues")
+- `path`: Always include the category folder (e.g., "database/redis-connection-issues.md")
+- `description`: Explain what specific problems this runbook solves
+- `tags`: Include technology names, issue types, and relevant keywords
+
+Example catalog entry:
+```json
+{
+  "name": "DNS Resolution Troubleshooting",
+  "path": "networking/dns-resolution-troubleshooting.md",
+  "description": "Comprehensive guide for diagnosing and resolving DNS resolution issues in Kubernetes clusters",
+  "tags": ["dns", "networking", "kubernetes", "troubleshooting"]
+}
+```

holmes/plugins/runbooks/README.md

@@ -20,3 +20,27 @@ This runbook is mainly used for `holmes investigate`
 
 Catalog specified in [catalog.json](catalog.json) contains a collection of runbooks written in markdown.
 During runtime, LLM will compare the runbook description with the user question and return the most matched runbook for investigation. It's possible no runbook is returned for no match.
+
+## Generating Runbooks
+
+To ensure all runbooks follow a consistent format and improve troubleshooting accuracy, contributors should use the standardized [runbook format prompt](runbook-format.prompt.md) when creating new runbooks.
+
+### Using the Runbook Format Prompt
+
+1. **Start with the Template**: Use `prompt.md` as your guide when creating new runbooks
+2. **Follow the Structure**: Ensure your runbook includes all required sections:
+   - **Goal**: Clear definition of issues addressed and agent mandate
+   - **Workflow**: Sequential diagnostic steps with detailed function descriptions
+   - **Synthesize Findings**: Logic for combining outputs and identifying root causes
+   - **Recommended Remediation Steps**: Both immediate and permanent solutions
+
+### Benefits of Using the Standard Format
+
+- **Consistency**: All runbooks follow the same structure and terminology
+- **AI Agent Compatibility**: Ensures runbooks are machine-readable and executable by AI agents
+- **Improved Accuracy**: Standardized format reduces ambiguity and improves diagnostic success rates
+- **Maintainability**: Easier to update and maintain runbooks across the project
+
+### Example Usage
+
+When creating a runbook for a new issue category (e.g., storage problems, authentication failures), provide the issue description to an LLM along with the prompt template to generate a properly formatted runbook that follows the established patterns.

holmes/plugins/toolsets/__init__.py

@@ -26,6 +26,9 @@ from holmes.plugins.toolsets.datadog.toolset_datadog_traces import (
 from holmes.plugins.toolsets.datadog.toolset_datadog_rds import (
     DatadogRDSToolset,
 )
+from holmes.plugins.toolsets.datadog.toolset_datadog_general import (
+    DatadogGeneralToolset,
+)
 from holmes.plugins.toolsets.git import GitToolset
 from holmes.plugins.toolsets.grafana.toolset_grafana import GrafanaToolset
 from holmes.plugins.toolsets.grafana.toolset_grafana_loki import GrafanaLokiToolset
@@ -82,6 +85,7 @@ def load_python_toolsets(dal: Optional[SupabaseDal]) -> List[Toolset]:
         NotionToolset(),
         KafkaToolset(),
         DatadogLogsToolset(),
+        DatadogGeneralToolset(),
         DatadogMetricsToolset(),
         DatadogTracesToolset(),
         DatadogRDSToolset(),
@@ -155,7 +159,7 @@ def load_toolsets_from_config(
 
     loaded_toolsets: list[Toolset] = []
     if is_old_toolset_config(toolsets):
-        message = "Old toolset config format detected, please update to the new format: https://docs.robusta.dev/master/configuration/holmesgpt/custom_toolsets.html"
+        message = "Old toolset config format detected, please update to the new format: https://holmesgpt.dev/data-sources/custom-toolsets/"
         logging.warning(message)
         raise ValueError(message)
 

holmes/plugins/toolsets/argocd.yaml

@@ -1,7 +1,7 @@
 toolsets:
   argocd/core:
     description: "Set of tools to get argocd metadata like list of apps, repositories, projects, etc."
-    docs_url: "https://docs.robusta.dev/master/configuration/holmesgpt/toolsets/argocd.html"
+    docs_url: "https://holmesgpt.dev/data-sources/builtin-toolsets/argocd/"
     icon_url: "https://argo-cd.readthedocs.io/en/stable/assets/logo.png"
     llm_instructions: |
       You have access to a set of ArgoCD tools for debugging Kubernetes application deployments.

holmes/plugins/toolsets/atlas_mongodb/mongodb_atlas.py

@@ -118,7 +118,9 @@ class ReturnProjectAlerts(MongoDBAtlasBaseTool):
         project_id = self.toolset.config.get("project_id", "")
         return f"{toolset_name_for_one_liner(self.toolset.name)}: Get Project Alerts ({project_id})"
 
-    def _invoke(self, params: Any) -> StructuredToolResult:
+    def _invoke(
+        self, params: dict, user_approved: bool = False
+    ) -> StructuredToolResult:
         try:
             url = "https://cloud.mongodb.com/api/atlas/v2/groups/{project_id}/alerts".format(
                 project_id=self.toolset.config.get("project_id")
@@ -143,7 +145,9 @@ class ReturnProjectProcesses(MongoDBAtlasBaseTool):
         project_id = self.toolset.config.get("project_id", "")
         return f"{toolset_name_for_one_liner(self.toolset.name)}: Get Project Processes ({project_id})"
 
-    def _invoke(self, params: Any) -> StructuredToolResult:
+    def _invoke(
+        self, params: dict, user_approved: bool = False
+    ) -> StructuredToolResult:
         try:
             url = "https://cloud.mongodb.com/api/atlas/v2/groups/{project_id}/processes".format(
                 project_id=self.toolset.config.get("project_id")
@@ -176,7 +180,9 @@ class ReturnProjectSlowQueries(MongoDBAtlasBaseTool):
         process_id = params.get("process_id", "")
         return f"{toolset_name_for_one_liner(self.toolset.name)}: Get Slow Queries ({process_id})"
 
-    def _invoke(self, params: Any) -> StructuredToolResult:
+    def _invoke(
+        self, params: dict, user_approved: bool = False
+    ) -> StructuredToolResult:
         try:
             url = self.url.format(
                 project_id=self.toolset.config.get("project_id"),
@@ -203,7 +209,9 @@ class ReturnEventsFromProject(MongoDBAtlasBaseTool):
         project_id = self.toolset.config.get("project_id", "")
         return f"{toolset_name_for_one_liner(self.toolset.name)}: Get Project Events ({project_id})"
 
-    def _invoke(self, params: Any) -> StructuredToolResult:
+    def _invoke(
+        self, params: dict, user_approved: bool = False
+    ) -> StructuredToolResult:
         params.update({"itemsPerPage": 500})
         try:
             now_utc = datetime.now(timezone.utc)
@@ -260,7 +268,9 @@ class ReturnLogsForProcessInProject(MongoDBAtlasBaseTool):
         hostname = params.get("hostName", "")
         return f"{toolset_name_for_one_liner(self.toolset.name)}: Get Host Logs ({hostname})"
 
-    def _invoke(self, params: Any) -> StructuredToolResult:
+    def _invoke(
+        self, params: dict, user_approved: bool = False
+    ) -> StructuredToolResult:
         one_hour_ago = datetime.now(timezone.utc) - timedelta(hours=1)
         try:
             url = self.url.format(
@@ -312,7 +322,9 @@ class ReturnEventTypeFromProject(MongoDBAtlasBaseTool):
         event_type = params.get("eventType", "")
         return f"{toolset_name_for_one_liner(self.toolset.name)}: Get Event Details ({event_type})"
 
-    def _invoke(self, params: Any) -> StructuredToolResult:
+    def _invoke(
+        self, params: dict, user_approved: bool = False
+    ) -> StructuredToolResult:
         try:
             url = self.url.format(projectId=self.toolset.config.get("project_id"))
 

holmes/plugins/toolsets/aws.yaml

@@ -1,7 +1,7 @@
 toolsets:
   aws/security:
     description: "Set of tools to audit AWS security"
-    docs_url: "https://docs.robusta.dev/master/configuration/holmesgpt/toolsets/aws.html#security"
+    docs_url: "https://holmesgpt.dev/data-sources/builtin-toolsets/aws/"
     icon_url: "https://upload.wikimedia.org/wikipedia/commons/9/93/Amazon_Web_Services_Logo.svg"
     tags:
       - cli
@@ -42,8 +42,12 @@ toolsets:
 
   aws/rds:
     description: "Read access to Amazon RDS resources"
-    docs_url: "https://docs.robusta.dev/master/configuration/holmesgpt/toolsets/aws.html#rds"
+    docs_url: "https://holmesgpt.dev/data-sources/builtin-toolsets/aws/"
     icon_url: "https://upload.wikimedia.org/wikipedia/commons/9/93/Amazon_Web_Services_Logo.svg"
+    llm_instructions: |
+      You have access to information on RDS resources.
+      Use this toolset to get extra information on RDS resources on AWS.
+      When investigating RDS resources ALWAYS fetch additional information if possible.
     tags:
       - cli
     prerequisites:
@@ -56,8 +60,8 @@ toolsets:
         command: "aws rds describe-events"
 
       - name: "aws_rds_describe_instance"
-        description: "Get the configuration of a RDS instance"
-        user_description: "Get the configuration of a RDS instance"
+        description: "Get the configuration of a RDS instance, its status and availability stats. Runs 'aws rds describe-db-instances' for a specific instance."
+        user_description: "Get the configuration of an RDS instance"
         command: "aws rds describe-db-instances --db-instance-identifier '{{ db_instance_identifier }}'"
 
       - name: "aws_rds_describe_instances"
@@ -66,7 +70,7 @@ toolsets:
         command: "aws rds describe-db-instances"
 
       - name: "aws_rds_describe_logs"
-        description: "Describe all available logs for an AWS RDS instance."
+        description: "Describe all available logs for an AWS RDS instance. Runs 'aws rds describe-db-log-files' for a specific instance."
         user_description: "list available RDS logs (e.g. slow query logs)"
         command: "aws rds describe-db-log-files --db-instance-identifier '{{ db_instance_identifier }}'"
 

holmes/plugins/toolsets/azure_sql/tools/analyze_connection_failures.py

@@ -213,7 +213,9 @@ class AnalyzeConnectionFailures(BaseAzureSQLTool):
 
         return "\n".join(report_sections)
 
-    def _invoke(self, params: Dict) -> StructuredToolResult:
+    def _invoke(
+        self, params: dict, user_approved: bool = False
+    ) -> StructuredToolResult:
         try:
             # Get configuration
             db_config = self.toolset.database_config()

holmes/plugins/toolsets/azure_sql/tools/analyze_database_connections.py

@@ -151,7 +151,9 @@ class AnalyzeDatabaseConnections(BaseAzureSQLTool):
 
         return "\n".join(report_sections)
 
-    def _invoke(self, params: Dict) -> StructuredToolResult:
+    def _invoke(
+        self, params: dict, user_approved: bool = False
+    ) -> StructuredToolResult:
         try:
             hours_back = params.get("hours_back", 2)
 

holmes/plugins/toolsets/azure_sql/tools/analyze_database_health_status.py

@@ -131,7 +131,9 @@ class AnalyzeDatabaseHealthStatus(BaseAzureSQLTool):
 
         return "\n".join(report_sections)
 
-    def _invoke(self, params: Dict) -> StructuredToolResult:
+    def _invoke(
+        self, params: dict, user_approved: bool = False
+    ) -> StructuredToolResult:
         try:
             db_config = self.toolset.database_config()
             client = self.toolset.api_client()

holmes/plugins/toolsets/azure_sql/tools/analyze_database_performance.py

@@ -192,7 +192,9 @@ class AnalyzeDatabasePerformance(BaseAzureSQLTool):
 
         return "\n".join(report_sections)
 
-    def _invoke(self, params: Dict) -> StructuredToolResult:
+    def _invoke(
+        self, params: dict, user_approved: bool = False
+    ) -> StructuredToolResult:
         try:
             db_config = self.toolset.database_config()
             client = self.toolset.api_client()

holmes/plugins/toolsets/azure_sql/tools/analyze_database_storage.py

@@ -249,7 +249,9 @@ class AnalyzeDatabaseStorage(BaseAzureSQLTool):
 
         return "\n".join(report_sections)
 
-    def _invoke(self, params: Dict) -> StructuredToolResult:
+    def _invoke(
+        self, params: dict, user_approved: bool = False
+    ) -> StructuredToolResult:
         try:
             hours_back = params.get("hours_back", 24)
             top_tables = params.get("top_tables", 20)

holmes/plugins/toolsets/azure_sql/tools/get_active_alerts.py

@@ -147,7 +147,9 @@ class GetActiveAlerts(BaseAzureSQLTool):
 
         return "\n".join(report_sections)
 
-    def _invoke(self, params: Dict) -> StructuredToolResult:
+    def _invoke(
+        self, params: dict, user_approved: bool = False
+    ) -> StructuredToolResult:
         try:
             db_config = self.toolset.database_config()
             api_client = self.toolset.api_client()

holmes/plugins/toolsets/azure_sql/tools/get_slow_queries.py

@@ -99,7 +99,9 @@ class GetSlowQueries(BaseAzureSQLTool):
 
         return "\n".join(report_sections)
 
-    def _invoke(self, params: Dict) -> StructuredToolResult:
+    def _invoke(
+        self, params: dict, user_approved: bool = False
+    ) -> StructuredToolResult:
         try:
             top_count = params.get("top_count", 15)
             hours_back = params.get("hours_back", 2)

holmes/plugins/toolsets/azure_sql/tools/get_top_cpu_queries.py

@@ -97,7 +97,9 @@ class GetTopCPUQueries(BaseAzureSQLTool):
 
         return "\n".join(report_sections)
 
-    def _invoke(self, params: Dict) -> StructuredToolResult:
+    def _invoke(
+        self, params: dict, user_approved: bool = False
+    ) -> StructuredToolResult:
         try:
             top_count = params.get("top_count", 15)
             hours_back = params.get("hours_back", 2)

holmes/plugins/toolsets/azure_sql/tools/get_top_data_io_queries.py

@@ -115,7 +115,9 @@ class GetTopDataIOQueries(BaseAzureSQLTool):
 
         return "\n".join(report_sections)
 
-    def _invoke(self, params: Dict) -> StructuredToolResult:
+    def _invoke(
+        self, params: dict, user_approved: bool = False
+    ) -> StructuredToolResult:
         try:
             top_count = params.get("top_count", 15)
             hours_back = params.get("hours_back", 2)

holmes/plugins/toolsets/azure_sql/tools/get_top_log_io_queries.py

@@ -107,7 +107,9 @@ class GetTopLogIOQueries(BaseAzureSQLTool):
 
         return "\n".join(report_sections)
 
-    def _invoke(self, params: Dict) -> StructuredToolResult:
+    def _invoke(
+        self, params: dict, user_approved: bool = False
+    ) -> StructuredToolResult:
         try:
             top_count = params.get("top_count", 15)
             hours_back = params.get("hours_back", 2)

holmes/plugins/toolsets/bash/argocd/__init__.py

@@ -0,0 +1,65 @@
+import argparse
+from typing import Any, Optional
+
+from holmes.plugins.toolsets.bash.common.bash_command import BashCommand
+from holmes.plugins.toolsets.bash.common.config import BashExecutorConfig
+from holmes.plugins.toolsets.bash.common.stringify import escape_shell_args
+from holmes.plugins.toolsets.bash.argocd.constants import (
+    ALLOWED_ARGOCD_COMMANDS,
+    DENIED_ARGOCD_COMMANDS,
+)
+from holmes.plugins.toolsets.bash.common.validators import (
+    validate_command_and_operations,
+)
+
+
+class ArgocdCommand(BashCommand):
+    def __init__(self):
+        super().__init__("argocd")
+
+    def add_parser(self, parent_parser: Any):
+        """Create Argo CD CLI parser with safe command validation."""
+        argocd_parser = parent_parser.add_parser(
+            "argocd", help="Argo CD Command Line Interface", exit_on_error=False
+        )
+
+        # Add command subparser
+        argocd_parser.add_argument(
+            "command", help="Argo CD command (e.g., app, cluster, proj, repo)"
+        )
+
+        # Capture remaining arguments
+        argocd_parser.add_argument(
+            "options",
+            nargs=argparse.REMAINDER,
+            default=[],
+            help="Argo CD CLI subcommands, operations, and options",
+        )
+        return argocd_parser
+
+    def validate_command(
+        self, command: Any, original_command: str, config: Optional[BashExecutorConfig]
+    ) -> None:
+        if hasattr(command, "options"):
+            validate_command_and_operations(
+                command.command,
+                command.options,
+                ALLOWED_ARGOCD_COMMANDS,
+                DENIED_ARGOCD_COMMANDS,
+            )
+
+    def stringify_command(
+        self, command: Any, original_command: str, config: Optional[BashExecutorConfig]
+    ) -> str:
+        """Convert parsed Argo CD command back to safe command string."""
+        parts = ["argocd", command.command]
+
+        if hasattr(command, "options") and command.options:
+            parts.extend(command.options)
+
+        return " ".join(escape_shell_args(parts))
+
+
+def create_argocd_parser(parent_parser: Any):
+    argocd_command = ArgocdCommand()
+    return argocd_command.add_parser(parent_parser)