kubectl-mcp-server 1.16.0__tar.gz → 1.17.0__tar.gz

{kubectl_mcp_server-1.16.0 → kubectl_mcp_server-1.17.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: kubectl-mcp-server
-Version: 1.16.0
+Version: 1.17.0
 Summary: A Model Context Protocol (MCP) server for Kubernetes with 220+ tools, 8 resources, and 8 prompts
 Home-page: https://github.com/rohitg00/kubectl-mcp-server
 Author: Rohit Ghumare

{kubectl_mcp_server-1.16.0 → kubectl_mcp_server-1.17.0}/kubectl_mcp_server.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: kubectl-mcp-server
-Version: 1.16.0
+Version: 1.17.0
 Summary: A Model Context Protocol (MCP) server for Kubernetes with 220+ tools, 8 resources, and 8 prompts
 Home-page: https://github.com/rohitg00/kubectl-mcp-server
 Author: Rohit Ghumare

{kubectl_mcp_server-1.16.0 → kubectl_mcp_server-1.17.0}/kubectl_mcp_server.egg-info/SOURCES.txt

@@ -13,6 +13,7 @@ kubectl_mcp_tool/crd_detector.py
 kubectl_mcp_tool/diagnostics.py
 kubectl_mcp_tool/k8s_config.py
 kubectl_mcp_tool/mcp_server.py
+kubectl_mcp_tool/safety.py
 kubectl_mcp_tool/auth/__init__.py
 kubectl_mcp_tool/auth/config.py
 kubectl_mcp_tool/auth/scopes.py
@@ -22,7 +23,16 @@ kubectl_mcp_tool/cli/__main__.py
 kubectl_mcp_tool/cli/cli.py
 kubectl_mcp_tool/cli/errors.py
 kubectl_mcp_tool/cli/output.py
+kubectl_mcp_tool/config/__init__.py
+kubectl_mcp_tool/config/loader.py
+kubectl_mcp_tool/config/schema.py
+kubectl_mcp_tool/observability/__init__.py
+kubectl_mcp_tool/observability/metrics.py
+kubectl_mcp_tool/observability/stats.py
+kubectl_mcp_tool/observability/tracing.py
 kubectl_mcp_tool/prompts/__init__.py
+kubectl_mcp_tool/prompts/builtin.py
+kubectl_mcp_tool/prompts/custom.py
 kubectl_mcp_tool/prompts/prompts.py
 kubectl_mcp_tool/resources/__init__.py
 kubectl_mcp_tool/resources/resources.py
@@ -57,8 +67,12 @@ tests/conftest.py
 tests/test_auth.py
 tests/test_browser.py
 tests/test_cli.py
+tests/test_config.py
 tests/test_ecosystem.py
+tests/test_mcp_integration.py
+tests/test_observability.py
 tests/test_prompts.py
 tests/test_resources.py
+tests/test_safety.py
 tests/test_server.py
 tests/test_tools.py

{kubectl_mcp_server-1.16.0 → kubectl_mcp_server-1.17.0}/kubectl_mcp_tool/__init__.py

@@ -7,7 +7,7 @@ with Kubernetes clusters through natural language commands.
 For more information, see: https://github.com/rohitg00/kubectl-mcp-server
 """
 
-__version__ = "1.16.0"
+__version__ = "1.17.0"
 
 from .mcp_server import MCPServer
 from .diagnostics import run_diagnostics, check_kubectl_installation, check_cluster_connection

{kubectl_mcp_server-1.16.0 → kubectl_mcp_server-1.17.0}/kubectl_mcp_tool/cli/cli.py

@@ -37,6 +37,7 @@ from .output import (
     format_error,
     format_success,
 )
+from ..safety import SafetyMode, set_safety_mode, get_mode_info
 
 # Logging setup
 log_file = os.environ.get("MCP_LOG_FILE")
@@ -56,18 +57,49 @@ logging.basicConfig(
 logger = logging.getLogger("kubectl-mcp-cli")
 
 
-async def serve_stdio():
-    server = MCPServer("kubernetes")
+async def serve_stdio(
+    read_only: bool = False,
+    disable_destructive: bool = False,
+    config_file: Optional[str] = None,
+):
+    server = MCPServer(
+        "kubernetes",
+        read_only=read_only,
+        disable_destructive=disable_destructive,
+        config_file=config_file,
+    )
     await server.serve_stdio()
 
 
-async def serve_sse(host: str, port: int):
-    server = MCPServer("kubernetes")
+async def serve_sse(
+    host: str,
+    port: int,
+    read_only: bool = False,
+    disable_destructive: bool = False,
+    config_file: Optional[str] = None,
+):
+    server = MCPServer(
+        "kubernetes",
+        read_only=read_only,
+        disable_destructive=disable_destructive,
+        config_file=config_file,
+    )
     await server.serve_sse(host=host, port=port)
 
 
-async def serve_http(host: str, port: int):
-    server = MCPServer("kubernetes")
+async def serve_http(
+    host: str,
+    port: int,
+    read_only: bool = False,
+    disable_destructive: bool = False,
+    config_file: Optional[str] = None,
+):
+    server = MCPServer(
+        "kubernetes",
+        read_only=read_only,
+        disable_destructive=disable_destructive,
+        config_file=config_file,
+    )
     await server.serve_http(host=host, port=port)
 
 
@@ -282,12 +314,16 @@ def cmd_info(args):
     except Exception:
         pass
 
+    # Get safety mode info
+    mode_info = get_mode_info()
+
     print(format_server_info(
         version=__version__,
         tool_count=len(tools),
         resource_count=len(resources),
         prompt_count=len(prompts),
         context=context,
+        safety_mode=mode_info,
         as_json=getattr(args, 'json', False)
     ))
     return ErrorCode.SUCCESS
@@ -407,6 +443,16 @@ def cmd_doctor(args):
     except ImportError:
         checks.append({"name": "fastmcp", "status": "error", "details": "fastmcp not installed"})
 
+    # Check safety mode
+    mode_info = get_mode_info()
+    mode = mode_info.get("mode", "normal")
+    if mode == "normal":
+        checks.append({"name": "safety_mode", "status": "ok", "version": mode, "details": "All operations allowed"})
+    elif mode == "read_only":
+        checks.append({"name": "safety_mode", "status": "warning", "version": mode, "details": "Write operations blocked"})
+    else:
+        checks.append({"name": "safety_mode", "status": "warning", "version": mode, "details": "Destructive operations blocked"})
+
     print(format_doctor_results(checks, as_json=getattr(args, 'json', False)))
 
     # Return error code if any critical checks failed
@@ -453,6 +499,9 @@ Environment Variables:
     )
     serve_parser.add_argument("--host", type=str, default="0.0.0.0", help="Host for SSE/HTTP (default: 0.0.0.0)")
     serve_parser.add_argument("--port", type=int, default=8000, help="Port for SSE/HTTP (default: 8000)")
+    serve_parser.add_argument("--config", type=str, default=None, help="Path to TOML configuration file")
+    serve_parser.add_argument("--read-only", action="store_true", help="Enable read-only mode (block all write operations)")
+    serve_parser.add_argument("--disable-destructive", action="store_true", help="Disable destructive operations (allow create/update, block delete)")
 
     # version command (existing)
     subparsers.add_parser("version", help="Show version")
@@ -507,12 +556,37 @@ Environment Variables:
 
     try:
         if args.command == "serve":
+            # Log safety mode (actual mode is applied in MCPServer)
+            if args.read_only:
+                logger.info("Starting server in READ-ONLY mode")
+            elif args.disable_destructive:
+                logger.info("Starting server with destructive operations disabled")
+
+            if args.config:
+                logger.info(f"Loading configuration from: {args.config}")
+
             if args.transport == "stdio":
-                asyncio.run(serve_stdio())
+                asyncio.run(serve_stdio(
+                    read_only=args.read_only,
+                    disable_destructive=args.disable_destructive,
+                    config_file=args.config,
+                ))
             elif args.transport == "sse":
-                asyncio.run(serve_sse(args.host, args.port))
+                asyncio.run(serve_sse(
+                    host=args.host,
+                    port=args.port,
+                    read_only=args.read_only,
+                    disable_destructive=args.disable_destructive,
+                    config_file=args.config,
+                ))
             elif args.transport in ("http", "streamable-http"):
-                asyncio.run(serve_http(args.host, args.port))
+                asyncio.run(serve_http(
+                    host=args.host,
+                    port=args.port,
+                    read_only=args.read_only,
+                    disable_destructive=args.disable_destructive,
+                    config_file=args.config,
+                ))
 
         elif args.command == "version":
             from .. import __version__

{kubectl_mcp_server-1.16.0 → kubectl_mcp_server-1.17.0}/kubectl_mcp_tool/cli/output.py

@@ -266,6 +266,7 @@ def format_server_info(
     resource_count: int,
     prompt_count: int,
     context: Optional[str] = None,
+    safety_mode: Optional[Dict[str, Any]] = None,
     as_json: bool = False
 ) -> str:
     info = {
@@ -276,6 +277,9 @@ def format_server_info(
         "k8s_context": context,
     }
 
+    if safety_mode:
+        info["safety_mode"] = safety_mode
+
     if as_json:
         return json.dumps(info, indent=2)
 
@@ -291,6 +295,16 @@ def format_server_info(
     if context:
         lines.append(f"  {cyan('K8s Context:')} {context}")
 
+    if safety_mode:
+        mode = safety_mode.get("mode", "normal")
+        if mode == "normal":
+            mode_str = green(mode)
+        elif mode == "read_only":
+            mode_str = yellow(mode) + " (write operations blocked)"
+        else:
+            mode_str = yellow(mode) + " (destructive operations blocked)"
+        lines.append(f"  {cyan('Safety Mode:')} {mode_str}")
+
     return "\n".join(lines)
 
 

kubectl_mcp_server-1.17.0/kubectl_mcp_tool/config/__init__.py

@@ -0,0 +1,46 @@
+"""Configuration management for kubectl-mcp-server.
+
+This module provides TOML-based configuration with:
+- Main config file support
+- Drop-in directory for modular configuration
+- SIGHUP reload for runtime updates
+- Environment variable overrides
+"""
+
+from .loader import (
+    Config,
+    load_config,
+    get_config,
+    reload_config,
+    get_config_paths,
+    setup_sighup_handler,
+    register_reload_callback,
+    unregister_reload_callback,
+)
+from .schema import (
+    ServerConfig,
+    SafetyConfig,
+    BrowserConfig,
+    MetricsConfig,
+    LoggingConfig,
+    validate_config,
+)
+
+__all__ = [
+    # Config loading
+    "Config",
+    "load_config",
+    "get_config",
+    "reload_config",
+    "get_config_paths",
+    "setup_sighup_handler",
+    "register_reload_callback",
+    "unregister_reload_callback",
+    # Config schemas
+    "ServerConfig",
+    "SafetyConfig",
+    "BrowserConfig",
+    "MetricsConfig",
+    "LoggingConfig",
+    "validate_config",
+]

kubectl_mcp_server-1.17.0/kubectl_mcp_tool/config/loader.py

@@ -0,0 +1,386 @@
+"""Configuration loader with TOML support, drop-in directories, and SIGHUP reload.
+
+This module handles:
+- Loading main config from ~/.config/kubectl-mcp-server/config.toml
+- Merging drop-in configs from ~/.config/kubectl-mcp-server/config.d/*.toml
+- Environment variable overrides
+- SIGHUP signal handling for runtime reloads
+"""
+
+import logging
+import os
+import signal
+import sys
+from dataclasses import fields
+from pathlib import Path
+from typing import Any, Callable, Dict, List, Optional, Union
+
+from .schema import (
+    BrowserConfig,
+    Config,
+    KubernetesConfig,
+    LoggingConfig,
+    MetricsConfig,
+    SafetyConfig,
+    ServerConfig,
+    validate_config,
+)
+
+logger = logging.getLogger(__name__)
+
+# Try to import tomli/tomllib for TOML parsing
+try:
+    import tomllib  # Python 3.11+
+except ImportError:
+    try:
+        import tomli as tomllib  # type: ignore
+    except ImportError:
+        tomllib = None  # type: ignore
+
+# Global config instance
+_config: Optional[Config] = None
+_config_callbacks: List[Callable[[Config], None]] = []
+
+
+def get_config_paths() -> Dict[str, Path]:
+    """Get standard configuration paths.
+
+    Returns:
+        Dictionary with paths for config_dir, main_config, and drop_in_dir
+    """
+    # Check XDG_CONFIG_HOME first, then fall back to ~/.config
+    xdg_config = os.environ.get("XDG_CONFIG_HOME")
+    if xdg_config:
+        base_dir = Path(xdg_config)
+    else:
+        base_dir = Path.home() / ".config"
+
+    config_dir = base_dir / "kubectl-mcp-server"
+
+    return {
+        "config_dir": config_dir,
+        "main_config": config_dir / "config.toml",
+        "drop_in_dir": config_dir / "config.d",
+    }
+
+
+def _load_toml_file(path: Path) -> Dict[str, Any]:
+    """Load a TOML file and return its contents as a dictionary.
+
+    Args:
+        path: Path to the TOML file
+
+    Returns:
+        Dictionary containing the TOML data
+
+    Raises:
+        RuntimeError: If tomllib/tomli is not available
+        FileNotFoundError: If the file doesn't exist
+        ValueError: If the TOML is invalid
+    """
+    if tomllib is None:
+        raise RuntimeError(
+            "TOML parsing requires Python 3.11+ or the 'tomli' package. "
+            "Install with: pip install tomli"
+        )
+
+    with open(path, "rb") as f:
+        return tomllib.load(f)
+
+
+def _deep_merge(base: Dict[str, Any], override: Dict[str, Any]) -> Dict[str, Any]:
+    """Deep merge two dictionaries, with override taking precedence.
+
+    Args:
+        base: Base dictionary
+        override: Override dictionary (takes precedence)
+
+    Returns:
+        Merged dictionary
+    """
+    result = base.copy()
+
+    for key, value in override.items():
+        if key in result and isinstance(result[key], dict) and isinstance(value, dict):
+            result[key] = _deep_merge(result[key], value)
+        else:
+            result[key] = value
+
+    return result
+
+
+def _apply_env_overrides(config_dict: Dict[str, Any]) -> Dict[str, Any]:
+    """Apply environment variable overrides to configuration.
+
+    Environment variables follow the pattern:
+    MCP_<SECTION>_<KEY>=value
+
+    Examples:
+        MCP_SERVER_PORT=9000
+        MCP_SAFETY_MODE=read-only
+        MCP_BROWSER_ENABLED=true
+
+    Args:
+        config_dict: Configuration dictionary
+
+    Returns:
+        Configuration with environment overrides applied
+    """
+    result = config_dict.copy()
+
+    env_mappings = {
+        # Server settings
+        "MCP_SERVER_TRANSPORT": ("server", "transport"),
+        "MCP_SERVER_HOST": ("server", "host"),
+        "MCP_SERVER_PORT": ("server", "port", int),
+        "MCP_DEBUG": ("server", "debug", lambda x: x.lower() in ("true", "1", "yes")),
+        "MCP_LOG_FILE": ("server", "log_file"),
+        "MCP_LOG_LEVEL": ("server", "log_level"),
+        # Safety settings
+        "MCP_SAFETY_MODE": ("safety", "mode"),
+        # Browser settings
+        "MCP_BROWSER_ENABLED": ("browser", "enabled", lambda x: x.lower() in ("true", "1", "yes")),
+        "MCP_BROWSER_PROVIDER": ("browser", "provider"),
+        "MCP_BROWSER_HEADED": ("browser", "headed", lambda x: x.lower() in ("true", "1", "yes")),
+        "BROWSERBASE_API_KEY": ("browser", "browserbase_api_key"),
+        "BROWSERBASE_PROJECT_ID": ("browser", "browserbase_project_id"),
+        "BROWSER_USE_API_KEY": ("browser", "browseruse_api_key"),
+        "MCP_BROWSER_CDP_URL": ("browser", "cdp_url"),
+        # Metrics settings
+        "MCP_METRICS_ENABLED": ("metrics", "enabled", lambda x: x.lower() in ("true", "1", "yes")),
+        "MCP_TRACING_ENABLED": ("metrics", "tracing_enabled", lambda x: x.lower() in ("true", "1", "yes")),
+        "OTEL_EXPORTER_OTLP_ENDPOINT": ("metrics", "otlp_endpoint"),
+        "OTEL_SERVICE_NAME": ("metrics", "service_name"),
+        # Kubernetes settings
+        "KUBECONFIG": ("kubernetes", "kubeconfig"),
+        "MCP_K8S_CONTEXT": ("kubernetes", "context"),
+        "MCP_K8S_NAMESPACE": ("kubernetes", "default_namespace"),
+    }
+
+    for env_var, mapping in env_mappings.items():
+        value = os.environ.get(env_var)
+        if value is not None:
+            section = mapping[0]
+            key = mapping[1]
+            converter = mapping[2] if len(mapping) > 2 else str
+
+            if section not in result:
+                result[section] = {}
+
+            try:
+                result[section][key] = converter(value)
+            except (ValueError, TypeError) as e:
+                logger.warning(f"Invalid value for {env_var}: {value} ({e})")
+
+    return result
+
+
+def _dict_to_config(config_dict: Dict[str, Any]) -> Config:
+    """Convert a configuration dictionary to a Config dataclass.
+
+    Args:
+        config_dict: Configuration dictionary
+
+    Returns:
+        Config dataclass instance
+    """
+
+    def make_dataclass(cls, data: Dict[str, Any]):
+        """Create a dataclass instance from a dictionary, ignoring extra keys."""
+        valid_keys = {f.name for f in fields(cls)}
+        filtered = {k: v for k, v in data.items() if k in valid_keys}
+        return cls(**filtered)
+
+    server = make_dataclass(ServerConfig, config_dict.get("server", {}))
+    safety = make_dataclass(SafetyConfig, config_dict.get("safety", {}))
+    browser = make_dataclass(BrowserConfig, config_dict.get("browser", {}))
+    metrics = make_dataclass(MetricsConfig, config_dict.get("metrics", {}))
+    logging_config = make_dataclass(LoggingConfig, config_dict.get("logging", {}))
+    kubernetes = make_dataclass(KubernetesConfig, config_dict.get("kubernetes", {}))
+
+    # Collect custom/unknown sections
+    known_sections = {"server", "safety", "browser", "metrics", "logging", "kubernetes"}
+    custom = {k: v for k, v in config_dict.items() if k not in known_sections}
+
+    return Config(
+        server=server,
+        safety=safety,
+        browser=browser,
+        metrics=metrics,
+        logging=logging_config,
+        kubernetes=kubernetes,
+        custom=custom,
+    )
+
+
+def load_config(
+    config_file: Optional[Union[str, Path]] = None,
+    skip_env: bool = False,
+) -> Config:
+    """Load configuration from files and environment.
+
+    Loading order (later takes precedence):
+    1. Default values
+    2. Main config file (~/.config/kubectl-mcp-server/config.toml)
+    3. Drop-in files (~/.config/kubectl-mcp-server/config.d/*.toml) in sorted order
+    4. Custom config file (if specified)
+    5. Environment variables (unless skip_env=True)
+
+    Args:
+        config_file: Optional path to a specific config file
+        skip_env: If True, skip environment variable overrides
+
+    Returns:
+        Loaded Config instance
+    """
+    global _config
+
+    config_dict: Dict[str, Any] = {}
+    paths = get_config_paths()
+
+    # 1. Load main config file if it exists
+    main_config = paths["main_config"]
+    if main_config.exists():
+        try:
+            loaded = _load_toml_file(main_config)
+            config_dict = _deep_merge(config_dict, loaded)
+            logger.debug(f"Loaded config from {main_config}")
+        except Exception as e:
+            logger.warning(f"Failed to load {main_config}: {e}")
+
+    # 2. Load drop-in configs in sorted order
+    drop_in_dir = paths["drop_in_dir"]
+    if drop_in_dir.exists() and drop_in_dir.is_dir():
+        drop_in_files = sorted(drop_in_dir.glob("*.toml"))
+        for drop_in_file in drop_in_files:
+            try:
+                loaded = _load_toml_file(drop_in_file)
+                config_dict = _deep_merge(config_dict, loaded)
+                logger.debug(f"Loaded drop-in config from {drop_in_file}")
+            except Exception as e:
+                logger.warning(f"Failed to load {drop_in_file}: {e}")
+
+    # 3. Load custom config file if specified
+    if config_file:
+        config_path = Path(config_file)
+        if config_path.exists():
+            try:
+                loaded = _load_toml_file(config_path)
+                config_dict = _deep_merge(config_dict, loaded)
+                logger.debug(f"Loaded custom config from {config_path}")
+            except Exception as e:
+                logger.warning(f"Failed to load {config_path}: {e}")
+        else:
+            logger.warning(f"Config file not found: {config_path}")
+
+    # 4. Apply environment variable overrides
+    if not skip_env:
+        config_dict = _apply_env_overrides(config_dict)
+
+    # 5. Validate configuration
+    errors = validate_config(config_dict)
+    if errors:
+        for error in errors:
+            logger.error(f"Config validation error: {error}")
+
+    # 6. Convert to Config dataclass
+    _config = _dict_to_config(config_dict)
+
+    return _config
+
+
+def get_config() -> Config:
+    """Get the current configuration, loading if necessary.
+
+    Returns:
+        Current Config instance
+    """
+    global _config
+    if _config is None:
+        _config = load_config()
+    return _config
+
+
+def reload_config() -> Config:
+    """Reload configuration from files.
+
+    This is called by the SIGHUP handler for runtime config updates.
+
+    Returns:
+        Newly loaded Config instance
+    """
+    global _config
+
+    logger.info("Reloading configuration...")
+    old_config = _config
+
+    try:
+        _config = load_config()
+        logger.info("Configuration reloaded successfully")
+
+        # Notify callbacks
+        for callback in _config_callbacks:
+            try:
+                callback(_config)
+            except Exception as e:
+                logger.error(f"Config reload callback failed: {e}")
+
+    except Exception as e:
+        logger.error(f"Failed to reload configuration: {e}")
+        _config = old_config
+        raise
+
+    return _config
+
+
+def register_reload_callback(callback: Callable[[Config], None]) -> None:
+    """Register a callback to be called when configuration is reloaded.
+
+    Args:
+        callback: Function that takes the new Config as argument
+    """
+    _config_callbacks.append(callback)
+
+
+def unregister_reload_callback(callback: Callable[[Config], None]) -> None:
+    """Unregister a previously registered reload callback.
+
+    Args:
+        callback: The callback function to remove
+    """
+    try:
+        _config_callbacks.remove(callback)
+    except ValueError:
+        pass
+
+
+def _sighup_handler(signum: int, frame: Any) -> None:
+    """Handle SIGHUP signal for configuration reload."""
+    logger.info("Received SIGHUP, reloading configuration...")
+    try:
+        reload_config()
+    except Exception as e:
+        logger.error(f"Configuration reload failed: {e}")
+
+
+def setup_sighup_handler() -> bool:
+    """Set up SIGHUP handler for runtime configuration reload.
+
+    Returns:
+        True if handler was set up, False if not supported (e.g., Windows)
+    """
+    if sys.platform == "win32":
+        logger.debug("SIGHUP not supported on Windows")
+        return False
+
+    try:
+        signal.signal(signal.SIGHUP, _sighup_handler)
+        logger.debug("SIGHUP handler installed for config reload")
+        return True
+    except (OSError, AttributeError) as e:
+        logger.warning(f"Could not install SIGHUP handler: {e}")
+        return False
+
+
+# Re-export Config from schema
+Config = Config