holmesgpt 0.13.2__py3-none-any.whl → 0.18.4__py3-none-any.whl

holmes/plugins/toolsets/newrelic/newrelic.jinja2

@@ -0,0 +1,65 @@
+New Relic provides distributed tracing data along with logs and metrics.
+
+{% if config.enable_multi_account %}
+**MULTI-ACCOUNT MODE**: You have access to multiple New Relic accounts in this organization.
+
+### Important Multi-Account Workflow
+
+**Each NRQL query MUST include the account_id parameter.**
+1. A New Relic account ID is a numeric identifier, typically a 6–8 digit integer (e.g., 1234567).
+
+**Here's how to determine which account_id to use**
+
+1. **ALWAYS Check context first**: Look for common new relic labels or tags with the account id or name such as  `nrAccountId` `accountId` or `account` in the provided context 
+(e.g., from alerts, traces, or previous queries). If found, use that value.
+
+2. **ALWAYS CHECK if Account name provided**: If the user mentions a specific account name (e.g., "Production Account", "Staging"):
+   - YOU MUST First call `newrelic_list_organization_accounts` to get the list of all accounts
+   - Find the matching account by name and use its ID
+
+3. **No account specified**: If you can't find any account ID or name based on the context of the question.
+   - Use the function newrelic_execute_nrql_query default account id value as the account ID.
+   - Let the user know you have used the default account.
+
+**Important**: The context may contain account IDs in various places - check trace data, alert metadata, or previous query results for `nrAccountId`, `accountId`, `account.id` or similar fields.
+
+{% endif %}
+Assume every application has New Relic tracing data.
+
+Use `nrql_query` to run a NRQL query.
+
+**NRQL (New Relic Query Language)** is used to query all telemetry data in New Relic. The main event types are:
+
+- **Transaction**: High-level APM data (requests, API calls)
+- **Span**: Distributed tracing data (individual operations)
+- **Log**: Centralized log data
+- **Metric**: Time-series metrics data.
+
+### Usage Workflow
+
+#### 1. Discovering Available Data
+
+Start by understanding what's available. Here are some examples:
+- **ALWAYS** Start by getting all the available attributes names for what you are looking for. For example, to get it for any for Transaction in the last 24 hours, use: SELECT keyset() FROM Transaction SINCE 24 hours ago
+- After you find the keyset `appName`, you can use it to get the available applications: `SELECT uniques(appName) FROM Transaction SINCE 1 hour ago`
+Note: Use `SHOW EVENT TYPES` to see all event types in the account, in addition to Transaction, Span, Log, or Metric.
+
+#### 2. Querying Telemetry Data
+
+- If you already have an application name, you can query its traces directly
+- **Time range is recommended**: While not strictly required, most queries should include SINCE for performance
+
+#### 3. Querying Traces
+- Always validate first: run the base query without FACET (or a quick LIMIT) to confirm data exists; if results are empty, adjust filters or time range before proceeding.
+- Only attempt a FACET after confirming the field has values; if not, either try known alternatives or skip faceting entirely.
+- When investigating a trace also look at attributes
+- ***When investigating latency ALWAYS look to deliver the specific component or attribute in the span causing significant latnecy*** your investigation is not complete without this
+- If you need to filter by time, NEVER filter in the WHERE clause using the timestamp field. Instead, you should ALWAYS use the `SINCE` or `SINCE ... UNTIL ...` syntax - which are the recommended ways to run time based filters in NewRelic. Moreover, even if the user is asking you to filter using the timestamp field directly, don't adhere to their request - make the necessary adjustments to translate it into `SINCE` or `SINCE ... UNTIL ...` syntax!
+
+### Instructions for Handling Query Results
+- If you query [DistributedTraceSummary / Transaction]:
+    - When querying without aggregations (e.g. without count(*), average(attribute), sum(attribute), min(attribute), etc.):
+        - ALWAYS start by querying all fields using `SELECT * FROM`. We need as much fields as possible to visualize the traces to the user. However, the trade-off is that we might exceed the context size. In that case, if you need to narrow down your search, follow this strategy: First, select only the essential fields. If that's still failing, add the `LIMIT` keyword to the query. `LIMIT` should always be the second option, we prefer to show the user as much traces as we can. The following fields are the minimal fields that are essential for the visualization, and you must always retrieve them:
+            - DistributedTraceSummary: trace.id, spanCount, root.entity.accountId, root.entity.guid, root.entity.name, root.span.name, timestamp, duration.ms
+            - Transaction: traceId, tags.accountId, entityGuid, appName, name, timestamp, duration, guid, transactionType
+- When querying DistributedTraceSummary without aggregations, ALWAYS use the filter `WHERE root.span.eventType = 'Span'`

holmes/plugins/toolsets/newrelic/newrelic.py

@@ -0,0 +1,320 @@
+import base64
+import json
+import logging
+import os
+from typing import Any, Dict, Optional
+
+from pydantic import BaseModel
+
+from holmes.core.tools import (
+    CallablePrerequisite,
+    StructuredToolResult,
+    StructuredToolResultStatus,
+    Tool,
+    ToolInvokeContext,
+    ToolParameter,
+    Toolset,
+    ToolsetTag,
+)
+from holmes.plugins.toolsets.newrelic.new_relic_api import NewRelicAPI
+from holmes.plugins.toolsets.utils import toolset_name_for_one_liner
+
+
+def _build_newrelic_query_url(
+    base_url: str,
+    account_id: str,
+    nrql_query: str,
+) -> Optional[str]:
+    """Build a New Relic query URL for the NRQL query builder.
+
+    Note: URL links to queries are not officially supported by New Relic, so we are using
+    a workaround to open their overlay to the query builder with the query pre-filled.
+    This uses the dashboard launcher with an overlay parameter to open the query builder nerdlet.
+
+    """
+    try:
+        account_id_int = int(account_id) if isinstance(account_id, str) else account_id
+
+        overlay = {
+            "nerdletId": "data-exploration.query-builder",
+            "initialActiveInterface": "nrqlEditor",
+            "initialQueries": [
+                {
+                    "accountId": account_id_int,
+                    "nrql": nrql_query,
+                }
+            ],
+        }
+
+        overlay_json = json.dumps(overlay, separators=(",", ":"))
+        overlay_base64 = base64.b64encode(overlay_json.encode("utf-8")).decode("utf-8")
+
+        pane = {
+            "nerdletId": "dashboards.list",
+            "entityDomain": "VIZ",
+            "entityType": "DASHBOARD",
+        }
+        pane_json = json.dumps(pane, separators=(",", ":"))
+        pane_base64 = base64.b64encode(pane_json.encode("utf-8")).decode("utf-8")
+
+        url = (
+            f"{base_url}/launcher/dashboards.launcher"
+            f"?pane={pane_base64}"
+            f"&overlay={overlay_base64}"
+        )
+
+        return url
+    except Exception:
+        return None
+
+
+class ExecuteNRQLQuery(Tool):
+    def __init__(self, toolset: "NewRelicToolset"):
+        parameters = {
+            "query": ToolParameter(
+                description="""The NRQL query string to execute.
+
+MANDATORY: Before querying any event type, ALWAYS run `SELECT keyset() FROM <EventType> SINCE <timeframe>` to discover available attributes. Never use attributes without confirming they exist first. Make sure to remember which fields are stringKeys, numericKeys or booleanKeys as this will be important in subsequent queries.
+
+Example: Before querying Transactions, run: `SELECT keyset() FROM Transaction SINCE 24 hours ago`
+
+### ⚠️ Critical Rule: NRQL `FACET` Usa ge
+
+When using **FACET** in NRQL:
+- Any **non-constant value** in the `SELECT` clause **must be aggregated**.
+- The attribute you **FACET** on must **not appear in `SELECT`** unless it's wrapped in an aggregation.
+
+#### ✅ Correct
+```nrql
+-- Aggregated metric + facet
+SELECT count(*) FROM Transaction FACET transactionType
+
+-- Multiple aggregations with facet
+SELECT count(*), average(duration) FROM Transaction FACET transactionType
+```
+
+#### ❌ Incorrect
+```nrql
+-- Not allowed: raw attribute in SELECT
+SELECT count(*), transactionType FROM Transaction FACET transactionType
+```
+""",
+                type="string",
+                required=True,
+            ),
+            "description": ToolParameter(
+                description="A brief 6 word human understandable description of the query you are running.",
+                type="string",
+                required=True,
+            ),
+            "query_type": ToolParameter(
+                description="Either 'Metrics', 'Logs', 'Traces', 'Discover Attributes' or 'Other'.",
+                type="string",
+                required=True,
+            ),
+        }
+
+        # Add account_id parameter only in multi-account mode
+        if toolset.enable_multi_account:
+            parameters["account_id"] = ToolParameter(
+                description=(
+                    f"A New Relic account ID is a numeric identifier, typically a 6-8 digit integer (e.g., 1234567). It contains only digits, has no prefixes or separators, and uniquely identifies a New Relic account. default: {toolset.nr_account_id}"
+                ),
+                type="integer",
+                required=True,
+            )
+
+        super().__init__(
+            name="newrelic_execute_nrql_query",
+            description="Get Traces, APM, Spans, Logs and more by executing a NRQL query in New Relic. "
+            "Returns the result of the NRQL function. "
+            "⚠️ CRITICAL: NRQL silently returns empty results for invalid queries instead of errors. "
+            "If you get empty results, your query likely has issues such as: "
+            "1) Wrong attribute names (use SELECT keyset() first to verify), "
+            "2) Type mismatches (string vs numeric fields), "
+            "3) Wrong event type. "
+            "Always verify attribute names and types before querying.",
+            parameters=parameters,
+        )
+        self._toolset = toolset
+
+    def _invoke(self, params: dict, context: ToolInvokeContext) -> StructuredToolResult:
+        if self._toolset.enable_multi_account:
+            account_id = params.get("account_id") or self._toolset.nr_account_id
+            account_id = str(account_id)
+        else:
+            account_id = self._toolset.nr_account_id
+
+        if not account_id:
+            raise ValueError("NewRelic account ID is not configured")
+
+        api = self._toolset.create_api_client(account_id)
+
+        query = params["query"]
+        result = api.execute_nrql_query(query)
+
+        result_with_key = {
+            "query": query,
+            "data": result,
+            "is_eu": self._toolset.is_eu_datacenter,
+        }
+
+        # Build New Relic query URL
+        explore_url = _build_newrelic_query_url(
+            base_url=self._toolset.base_url,
+            account_id=account_id,
+            nrql_query=query,
+        )
+
+        return StructuredToolResult(
+            status=StructuredToolResultStatus.SUCCESS,
+            data=result_with_key,
+            params=params,
+            url=explore_url,
+        )
+
+    def get_parameterized_one_liner(self, params) -> str:
+        description = params.get("description", "")
+        return f"{toolset_name_for_one_liner(self._toolset.name)}: Execute NRQL ({description})"
+
+
+class ListOrganizationAccounts(Tool):
+    def __init__(self, toolset: "NewRelicToolset"):
+        super().__init__(
+            name="newrelic_list_organization_accounts",
+            description=(
+                "List all account names and IDs accessible in the New Relic organization. "
+                "Use this tool to:\n"
+                "1. Find the account ID when given an account name\n"
+                "2. Map account names to IDs for running NRQL queries\n"
+                "Returns a list of accounts with 'id' and 'name' fields."
+            ),
+            parameters={},
+        )
+        self._toolset = toolset
+
+    def _invoke(self, params: dict, context: ToolInvokeContext) -> StructuredToolResult:
+        api = self._toolset.create_api_client(
+            account_id="0"
+        )  # organization query does not need account_id
+
+        accounts = api.get_organization_accounts()
+
+        result_with_key = {
+            "accounts": accounts,
+            "total_count": len(accounts),
+            "is_eu": self._toolset.is_eu_datacenter,
+        }
+
+        # Build New Relic accounts URL
+        accounts_url = (
+            f"{self._toolset.base_url}/admin-portal/organizations/organization-detail"
+        )
+
+        return StructuredToolResult(
+            status=StructuredToolResultStatus.SUCCESS,
+            data=result_with_key,
+            params=params,
+            url=accounts_url,
+        )
+
+    def get_parameterized_one_liner(self, params) -> str:
+        return f"{toolset_name_for_one_liner(self._toolset.name)}: List organization accounts"
+
+
+class NewrelicConfig(BaseModel):
+    nr_api_key: str
+    nr_account_id: str
+    is_eu_datacenter: Optional[bool] = False
+    enable_multi_account: Optional[bool] = False
+
+
+class NewRelicToolset(Toolset):
+    nr_api_key: Optional[str] = None
+    nr_account_id: Optional[str] = None
+    is_eu_datacenter: bool = False
+    enable_multi_account: bool = False
+
+    @property
+    def base_url(self) -> str:
+        """Get the New Relic base URL based on datacenter region."""
+        return (
+            "https://one.eu.newrelic.com"
+            if self.is_eu_datacenter
+            else "https://one.newrelic.com"
+        )
+
+    def create_api_client(self, account_id: Optional[str] = None) -> NewRelicAPI:
+        """Create a NewRelicAPI client instance.
+
+        Args:
+            account_id: Account ID to use. If None, uses the default from config.
+                       Set to "0" for organization-level queries.
+
+        Returns:
+            Configured NewRelicAPI instance
+
+        Raises:
+            ValueError: If API key is not configured
+        """
+        if not self.nr_api_key:
+            raise ValueError("NewRelic API key is not configured")
+
+        effective_account_id = (
+            account_id if account_id is not None else self.nr_account_id
+        )
+
+        if not effective_account_id:
+            raise ValueError("NewRelic Account id is not configured")
+
+        return NewRelicAPI(
+            api_key=self.nr_api_key,
+            account_id=effective_account_id,
+            is_eu_datacenter=self.is_eu_datacenter,
+        )
+
+    def __init__(self):
+        super().__init__(
+            name="newrelic",
+            description="Toolset for interacting with New Relic to fetch logs, traces, and execute freeform NRQL queries",
+            docs_url="https://holmesgpt.dev/data-sources/builtin-toolsets/newrelic/",
+            icon_url="https://companieslogo.com/img/orig/NEWR-de5fcb2e.png?t=1720244493",
+            prerequisites=[CallablePrerequisite(callable=self.prerequisites_callable)],  # type: ignore
+            tools=[],
+            tags=[ToolsetTag.CORE],
+        )
+
+    def prerequisites_callable(
+        self, config: dict[str, Any]
+    ) -> tuple[bool, Optional[str]]:
+        if not config:
+            return False, "No configuration provided"
+
+        try:
+            nr_config = NewrelicConfig(**config)
+            self.nr_account_id = nr_config.nr_account_id
+            self.nr_api_key = nr_config.nr_api_key
+            self.is_eu_datacenter = nr_config.is_eu_datacenter or False
+            self.enable_multi_account = nr_config.enable_multi_account or False
+
+            # Tool uses enable_multi_account flag.
+            self.tools = [ExecuteNRQLQuery(self)]
+            if self.enable_multi_account:
+                self.tools.append(ListOrganizationAccounts(self))
+            template_file_path = os.path.abspath(
+                os.path.join(os.path.dirname(__file__), "newrelic.jinja2")
+            )
+            self._load_llm_instructions(jinja_template=f"file://{template_file_path}")
+
+            return True, None
+        except Exception as e:
+            logging.exception("Failed to set up New Relic toolset")
+            return False, str(e)
+
+    def get_example_config(self) -> Dict[str, Any]:
+        return {
+            "nr_api_key": "NRAK-XXXXXXXXXXXXXXXXXXXXXXXXXX",
+            "nr_account_id": "1234567",
+            "is_eu_datacenter": False,
+            "enable_multi_account": False,
+        }

holmes/plugins/toolsets/openshift.yaml

@@ -0,0 +1,283 @@
+toolsets:
+  openshift/core:
+    description: "Read access to OpenShift cluster resources including projects, routes, and deployment configs"
+    docs_url: "https://holmesgpt.dev/data-sources/builtin-toolsets/openshift/"
+    tags:
+      - core
+    prerequisites:
+      - command: "oc version --client"
+
+    # Note: Many tools in this toolset use transformers with llm_summarize
+    # to automatically summarize large oc outputs when a fast model is configured.
+    # This reduces context window usage while preserving key information for debugging.
+
+    tools:
+      - name: "oc_describe"
+        description: >
+          Run oc describe <kind> <name> -n <namespace>,
+          call this when users ask for description,
+          for example when a user asks
+            - 'describe pod xyz-123'
+            - 'show service xyz-123 in namespace my-ns'
+            - 'describe route my-route'
+            - 'show deployment config xyz'
+        command: "oc describe {{ kind }} {{ name }}{% if namespace %} -n {{ namespace }}{% endif %}"
+        transformers:
+          - name: llm_summarize
+            config:
+              input_threshold: 1000
+              prompt: |
+                Summarize this oc describe output focusing on:
+                - What needs attention or immediate action
+                - Resource status and health indicators
+                - Any errors, warnings, or non-standard states
+                - Key configuration details that could affect functionality
+                - OpenShift-specific features like routes, image streams, or security context constraints
+                - When possible, mention exact field names so the user can grep for specific details
+                - Be concise: aim for ≤ 50% of the original length; avoid repeating defaults/healthy/unchanged details
+                - Prefer aggregates and counts; list only outliers and actionable items
+                - Keep grep-friendly: include exact field names/values that matter``
+
+      - name: "oc_get_by_name"
+        description: "Run `oc get <kind> <name> --show-labels`"
+        command: "oc get --show-labels -o wide {{ kind }} {{ name }}{% if namespace %} -n {{ namespace }}{% endif %}"
+
+      - name: "oc_get_by_kind_in_namespace"
+        description: "Run `oc get <kind> -n <namespace> --show-labels` to get all resources of a given type in namespace"
+        command: "oc get --show-labels -o wide {{ kind }} -n {{ namespace }}"
+        transformers:
+          - name: llm_summarize
+            config:
+              input_threshold: 1000
+              prompt: |
+                Summarize this oc output focusing on:
+                - What needs attention or immediate action
+                - Group similar resources into aggregate descriptions
+                - Make sure to mention outliers, errors, and non-standard states
+                - List healthy resources as aggregate descriptions
+                - When listing unhealthy resources, also try to use aggregate descriptions when possible
+                - When possible, mention exact keywords so the user can rerun the command with | grep <keyword> and drill down
+                - Be concise and avoid expansion: target ≤ 50% of input size; prefer counts + outliers over full listings
+
+      - name: "oc_get_by_kind_in_cluster"
+        description: "Run `oc get -A <kind> --show-labels` to get all resources of a given type in the cluster"
+        command: "oc get -A --show-labels -o wide {{ kind }}"
+        transformers:
+          - name: llm_summarize
+            config:
+              input_threshold: 1000
+              prompt: |
+                Summarize this oc output focusing on:
+                - What needs attention or immediate action
+                - Group similar resources into a single line and description
+                - Make sure to mention outliers, errors, and non-standard states
+                - List healthy resources as aggregate descriptions
+                - When listing unhealthy resources, also try to use aggregate descriptions when possible
+                - When possible, mention exact keywords so the user can rerun the command with | grep <keyword> and drill down on the parts they care about
+                - Strive for ≤ 50% of the original size; keep results compact and grep-friendly (one line per aggregate)
+
+      - name: "oc_find_resource"
+        description: "Run `oc get {{ kind }} -A --show-labels | grep {{ keyword }}` to find a resource where you know a substring of the name, IP, namespace, or labels"
+        command: "oc get -A --show-labels -o wide {{ kind }} | grep {{ keyword }}"
+
+      - name: "oc_get_yaml"
+        description: "Run `oc get -o yaml` on a single OpenShift resource"
+        command: "oc get -o yaml {{ kind }} {{ name }}{% if namespace %} -n {{ namespace }}{% endif %}"
+
+      - name: "oc_events"
+        description: "Retrieve the events for a specific OpenShift resource. `resource_type` can be any kubernetes resource type: 'pod', 'service', 'deployment', 'deploymentconfig', 'route', etc."
+        command: "oc get events --field-selector involvedObject.kind={{ resource_type }},involvedObject.name={{ resource_name }}{% if namespace %} -n {{ namespace }}{% endif %}"
+
+      - name: "oc_projects"
+        description: "List all projects (namespaces) in the OpenShift cluster"
+        command: "oc get projects"
+
+      - name: "oc_project_current"
+        description: "Show the current project (namespace) context"
+        command: "oc project"
+
+      - name: "oc_routes"
+        description: "List all routes in a specific namespace or cluster-wide"
+        command: "oc get routes{% if namespace %} -n {{ namespace }}{% else %} -A{% endif %} -o wide"
+
+      - name: "oc_route_describe"
+        description: "Describe a specific route to see its configuration and status"
+        command: "oc describe route {{ route_name }}{% if namespace %} -n {{ namespace }}{% endif %}"
+
+      - name: "oc_imagestreams"
+        description: "List image streams in a namespace or cluster-wide"
+        command: "oc get imagestreams{% if namespace %} -n {{ namespace }}{% else %} -A{% endif %} -o wide"
+
+      - name: "oc_deploymentconfigs"
+        description: "List deployment configs in a namespace or cluster-wide"
+        command: "oc get deploymentconfigs{% if namespace %} -n {{ namespace }}{% else %} -A{% endif %} -o wide"
+
+      - name: "oc_buildconfigs"
+        description: "List build configs in a namespace or cluster-wide"
+        command: "oc get buildconfigs{% if namespace %} -n {{ namespace }}{% else %} -A{% endif %} -o wide"
+
+      - name: "oc_builds"
+        description: "List builds in a namespace or cluster-wide"
+        command: "oc get builds{% if namespace %} -n {{ namespace }}{% else %} -A{% endif %} -o wide"
+
+      - name: "oc_adm_openshift_audit_logs"
+        description: "Get OpenShift audit logs from a specified node"
+        command: "oc adm node-logs {{ node_name }} --path=openshift-apiserver/audit.log"
+
+      - name: "oc_adm_openshift_audit_logs_with_filter"
+        description: "Get OpenShift audit logs from a specified node with an applied filter"
+        command: "oc adm node-logs {{ node_name }} --path=openshift-apiserver/audit.log | grep {{ grep_filter }}"
+
+      - name: "oc_build_logs"
+        description: "Get logs from a specific build"
+        command: "oc logs build/{{ build_name }}{% if namespace %} -n {{ namespace }}{% endif %}"
+
+      - name: "openshift_jq_query"
+        user_description: "Query OpenShift Resources: oc get {{kind}}  -n {{ namespace }} -o json | jq -r {{jq_expr}}"
+        description: >
+          Use oc to get json for all resources of a specific kind pipe the results to jq to filter them. Do not worry about escaping the jq_expr it will be done by the system on an unescaped expression that you give. e.g. give an expression like .items[] | .spec.containers[].image | select(test("^registry.redhat.io/") | not)
+        command: oc get {{ kind }} --all-namespaces -o json | jq -r {{ jq_expr }}
+        transformers:
+          - name: llm_summarize
+            config:
+              input_threshold: 1000
+              prompt: |
+                Summarize this jq query output focusing on:
+                - Key patterns and commonalities in the data
+                - Notable outliers, anomalies, or items that need attention
+                - Group similar results into aggregate descriptions when possible
+                - Highlight any empty results, null values, or missing data
+                - When applicable, mention specific resource names, namespaces, or values that stand out
+                - Organize findings in a structured way that helps with troubleshooting
+                - Be concise: aim for ≤ 50% of the original text; prioritize aggregates and actionable outliers
+                - Include grep-ready keys/values; avoid repeating entire objects or unchanged defaults
+
+  openshift/logs:
+    description: "Read pod logs using oc command"
+    docs_url: "https://holmesgpt.dev/data-sources/builtin-toolsets/openshift/"
+    tags:
+      - core
+    prerequisites:
+      - command: "oc version --client"
+
+    # Note: Log tools use transformers with llm_summarize to automatically
+    # summarize large log outputs when a fast model is configured. This helps
+    # focus on errors, patterns, and key information while reducing context usage.
+
+    tools:
+      - name: "oc_previous_logs"
+        description: "Run `oc logs --previous` on a single pod. Used to fetch logs for a pod that crashed and see logs from before the crash. Never give a deployment name or a resource that is not a pod."
+        command: "oc logs {{pod_name}} -n {{ namespace }} --previous"
+
+      - name: "oc_previous_logs_all_containers"
+        description: "Run `oc logs --previous` on a single pod. Used to fetch logs for a pod that crashed and see logs from before the crash."
+        command: "oc logs {{pod_name}} -n {{ namespace }} --previous --all-containers"
+
+      - name: "oc_container_previous_logs"
+        description: "Run `oc logs --previous` on a single container of a pod. Used to fetch logs for a pod that crashed and see logs from before the crash."
+        command: "oc logs {{pod_name}} -c {{container_name}} -n {{ namespace }} --previous"
+
+      - name: "oc_logs"
+        description: "Run `oc logs` on a single pod. Never give a deployment name or a resource that is not a pod."
+        command: "oc logs {{pod_name}} -n {{ namespace }}"
+        transformers:
+          - name: llm_summarize
+            config:
+              input_threshold: 1000
+              prompt: |
+                Summarize these pod logs focusing on:
+                - Errors, exceptions, and warning messages
+                - Recent activity patterns and trends
+                - Any authentication, connection, or startup issues
+                - Performance indicators (response times, throughput)
+                - Group similar log entries together
+                - When possible, mention exact error codes or keywords for easier searching
+                - Be concise: aim for ≤ 50% of the original text; prioritize aggregates and actionable outliers
+                - Include grep-ready keys/values; avoid repeating entire logs or unchanged defaults
+
+      - name: "oc_logs_all_containers"
+        description: "Run `oc logs` on all containers within a single pod."
+        command: "oc logs {{pod_name}} -n {{ namespace }} --all-containers"
+        transformers:
+          - name: llm_summarize
+            config:
+              input_threshold: 1000
+              prompt: |
+                Summarize these multi-container pod logs focusing on:
+                - Errors, exceptions, and warning messages by container
+                - Inter-container communication patterns
+                - Any authentication, connection, or startup issues
+                - Performance indicators and resource usage patterns
+                - Group similar log entries together by container
+                - When possible, mention exact error codes or keywords for easier searching
+                - Strive for ≤ 50% of the original size; keep results compact and grep-friendly (one line per aggregate)
+                - Prioritize aggregates and actionable outliers over comprehensive details
+
+      - name: "oc_container_logs"
+        description: "Run `oc logs` on a single container within a pod. This is to get the logs of a specific container in a multi-container pod."
+        command: "oc logs {{pod_name}} -c {{container_name}} -n {{ namespace }} "
+
+      - name: "oc_logs_grep"
+        description: "Search for a specific term in the logs of a single pod. Only provide a pod name, not a deployment or other resource."
+        command: "oc logs {{ pod_name }} -n {{ namespace }} | grep {{ search_term }}"
+
+      - name: "oc_logs_all_containers_grep"
+        description: "Search for a specific term in the logs of a single pod across all of its containers. Only provide a pod name, not a deployment or other resource."
+        command: "oc logs {{pod_name}} -n {{ namespace }} --all-containers | grep {{ search_term }}"
+
+  openshift/live-metrics:
+    description: "Provides real-time metrics for pods and nodes using oc"
+    docs_url: "https://holmesgpt.dev/data-sources/builtin-toolsets/openshift/"
+    llm_instructions: |
+      The oc_top_pods or oc_top_nodes do not return time series data or metrics that can be used for graphs
+      Do NOT use oc_top_pods or oc_top_nodes for graph generation - it only shows current snapshot data
+      oc_top_pods or oc_top_nodes are for current status checks, not historical graphs
+    tags:
+      - core
+    prerequisites:
+      - command: "oc adm top nodes"
+    tools:
+      - name: "oc_top_pods"
+        description: "Retrieves real-time CPU and memory usage for each pod in the cluster."
+        command: >
+          oc adm top pods -A
+      - name: "oc_top_nodes"
+        description: "Retrieves real-time CPU and memory usage for each node in the cluster."
+        command: >
+          oc adm top nodes
+
+  openshift/security:
+    description: "OpenShift security-related resources and configurations"
+    docs_url: "https://holmesgpt.dev/data-sources/builtin-toolsets/openshift/"
+    tags:
+      - core
+    prerequisites:
+      - command: "oc version --client"
+    tools:
+      - name: "oc_scc"
+        description: "List Security Context Constraints (SCCs) in the cluster"
+        command: "oc get scc{% if scc_name %} {{ scc_name }}{% endif %} -o wide"
+
+      - name: "oc_scc_describe"
+        description: "Describe a specific Security Context Constraint"
+        command: "oc describe scc {{ scc_name }}"
+
+      - name: "oc_policy_who_can"
+        description: "Check who can perform a specific action on a resource"
+        command: "oc policy who-can {{ verb }} {{ resource }}{% if namespace %} -n {{ namespace }}{% endif %}"
+
+      - name: "oc_policy_can_i"
+        description: "Check if the current user can perform a specific action"
+        command: "oc policy can-i {{ verb }} {{ resource }}{% if namespace %} -n {{ namespace }}{% endif %}"
+
+      - name: "oc_serviceaccounts"
+        description: "List service accounts in a namespace or cluster-wide"
+        command: "oc get serviceaccounts{% if namespace %} -n {{ namespace }}{% else %} -A{% endif %} -o wide"
+
+      - name: "oc_rolebindings"
+        description: "List role bindings in a namespace or cluster-wide"
+        command: "oc get rolebindings{% if namespace %} -n {{ namespace }}{% else %} -A{% endif %} -o wide"
+
+      - name: "oc_clusterrolebindings"
+        description: "List cluster role bindings"
+        command: "oc get clusterrolebindings -o wide"