sysdiglabs
diff --git a/‎README.md‎
Lines changed: 2 additions & 2 deletions b/‎README.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎pyproject.toml‎
Lines changed: 4 additions & 4 deletions b/‎pyproject.toml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎tests/events_feed_test.py‎
Lines changed: 19 additions & 1 deletion b/‎tests/events_feed_test.py‎
Lines changed: 19 additions & 1 deletion
diff --git a/‎tools/events_feed/tool.py‎
Lines changed: 23 additions & 52 deletions b/‎tools/events_feed/tool.py‎
Lines changed: 23 additions & 52 deletions
diff --git a/‎tools/inventory/tool.py‎
Lines changed: 12 additions & 30 deletions b/‎tools/inventory/tool.py‎
Lines changed: 12 additions & 30 deletions
@@ -172,8 +172,8 @@ The following environment variables are **required** for configuring the Sysdig
 
 You can also set the following variables to override the default configuration:
 
-- `SYSDIG_MCP_TRANSPORT`: The transport protocol for the MCP Server (`stdio`, `streamable-http`, `sse`). Defaults to: `stdio`.
-- `SYSDIG_MCP_MOUNT_PATH`:  The URL prefix for the Streamable-http/sse deployment. Defaults to: `/sysdig-mcp-server`
+- `MCP_TRANSPORT`: The transport protocol for the MCP Server (`stdio`, `streamable-http`, `sse`). Defaults to: `stdio`.
+- `MCP_MOUNT_PATH`:  The URL prefix for the Streamable-http/sse deployment. Defaults to: `/sysdig-mcp-server`
 - `LOGLEVEL`: Log Level of the application (`DEBUG`, `INFO`, `WARNING`, `ERROR`). Defaults to: `INFO`
 - `SYSDIG_MCP_LISTENING_PORT`: The port for the server when it is deployed using remote protocols (`steamable-http`, `sse`). Defaults to: `8080`
 - `SYSDIG_MCP_LISTENING_HOST`: The host for the server when it is deployed using remote protocols (`steamable-http`, `sse`). Defaults to: `localhost`
 
@@ -1,20 +1,20 @@
 [project]
 name = "sysdig-mcp-server"
-version = "0.1.5"
+version = "0.2.0"
 description = "Sysdig MCP Server"
 readme = "README.md"
 requires-python = ">=3.12"
 dependencies = [
-    "mcp[cli]==1.10.0",
+    "mcp[cli]==1.12.4",
     "python-dotenv>=1.1.0",
     "pyyaml==6.0.2",
     "sqlalchemy==2.0.36",
     "sqlmodel==0.0.22",
-    "sysdig-sdk @ git+https://github.com/sysdiglabs/sysdig-sdk-python@e9b0d336c2f617f3bbd752416860f84eed160c41",
+    "sysdig-sdk-python @ git+https://github.com/sysdiglabs/sysdig-sdk-python@597285143188019cd0e86fde43f94b1139f5441d",
     "dask==2025.4.1",
     "oauthlib==3.2.2",
     "fastapi==0.116.1",
-    "fastmcp==2.5.1",
+    "fastmcp==2.11.3",
     "requests",
 ]
 
 
@@ -7,7 +7,10 @@
 from utils.app_config import AppConfig
 from .conftest import util_load_json
 from unittest.mock import MagicMock, AsyncMock, create_autospec
+from sysdig_client.api import SecureEventsApi
 import os
+from fastmcp.server.context import Context
+from fastmcp.server import FastMCP
 
 # Get the absolute path of the current module file
 module_path = os.path.abspath(__file__)
@@ -40,12 +43,27 @@ def test_get_event_info(mock_success_response: MagicMock | AsyncMock, mock_creds
 
     tools_client = EventsFeedTools(app_config=mock_app_config())
 
+    ctx = Context(FastMCP())
+
+    # Seed FastMCP Context state with mocked API instances expected by the tools
+    secure_events_api = MagicMock(spec=SecureEventsApi)
+    # The tool returns whatever the SDK method returns; make it be our mocked HTTP response
+    secure_events_api.get_event_v1_without_preload_content.return_value = mock_success_response.return_value
+
+    api_instances = {
+        "secure_events": secure_events_api,
+        # Not used by this test, but present in real runtime; keep as empty mock to avoid KeyErrors elsewhere
+        "legacy_sysdig_api": MagicMock(),
+    }
+    ctx.set_state("api_instances", api_instances)
+
     # Pass the mocked Context object
-    result: dict = tools_client.tool_get_event_info("12345")
+    result: dict = tools_client.tool_get_event_info(ctx=ctx, event_id="12345")
     results: dict = result["results"]
 
     assert result.get("status_code") == HTTPStatus.OK
     assert results.get("results").get("name") == "Sysdig Runtime Threat Intelligence"
     assert results.get("results").get("content", {}).get("ruleName") == "Fileless execution via memfd_create"
     assert results.get("results").get("id") == "123456789012"
     assert results.get("results").get("content", {}).get("type") == "workloadRuntimeDetection"
+    print("Event info retrieved successfully.")
@@ -8,20 +8,17 @@
 import logging
 import os
 import time
-from datetime import datetime
-from typing import Optional, Annotated, Any, Dict
+import datetime
+from typing import Optional, Annotated
 from pydantic import Field
-from sysdig_client import ApiException
 from fastmcp.prompts.prompt import PromptMessage, TextContent
 from fastmcp.exceptions import ToolError
-from starlette.requests import Request
+from fastmcp.server.context import Context
+from sysdig_client import ApiException
 from sysdig_client.api import SecureEventsApi
-from utils.sysdig.old_sysdig_api import OldSysdigApi
-from fastmcp.server.dependencies import get_http_request
+from utils.sysdig.legacy_sysdig_api import LegacySysdigApi
 from utils.query_helpers import create_standard_response
-from utils.sysdig.client_config import get_configuration
 from utils.app_config import AppConfig
-from utils.sysdig.api import initialize_api_client
 
 
 class EventsFeedTools:
@@ -32,55 +29,23 @@ class EventsFeedTools:
 
     def __init__(self, app_config: AppConfig):
         self.app_config = app_config
-        logging.basicConfig(format="%(asctime)s-%(process)d-%(levelname)s- %(message)s", level=self.app_config.log_level())
         self.log = logging.getLogger(__name__)
 
-    def init_client(self, old_api: bool = False) -> SecureEventsApi | OldSysdigApi:
-        """
-        Initializes the SecureEventsApi client from the request state.
-        If the request does not have the API client initialized, it will create a new instance
-        using the Sysdig Secure token and host from the environment variables.
-        Args:
-            old_api (bool): If True, initializes the OldSysdigApi client instead of SecureEventsApi.
-        Returns:
-            SecureEventsApi | OldSysdigApi: An instance of the SecureEventsApi or OldSysdigApi client.
-        """
-        secure_events_api: SecureEventsApi = None
-        old_sysdig_api: OldSysdigApi = None
-        transport = self.app_config.transport()
-        if transport in ["streamable-http", "sse"]:
-            # Try to get the HTTP request
-            self.log.debug("Attempting to get the HTTP request to initialize the Sysdig API client.")
-            request: Request = get_http_request()
-            secure_events_api = request.state.api_instances["secure_events"]
-            old_sysdig_api = request.state.api_instances["old_sysdig_api"]
-        else:
-            # If running in STDIO mode, we need to initialize the API client from environment variables
-            self.log.debug("Running in STDIO mode, initializing the Sysdig API client from environment variables.")
-            cfg = get_configuration()
-            api_client = initialize_api_client(cfg)
-            secure_events_api = SecureEventsApi(api_client)
-            # Initialize the old Sysdig API client for process tree requests
-            old_cfg = get_configuration(old_api=True)
-            old_sysdig_api = initialize_api_client(old_cfg)
-            old_sysdig_api = OldSysdigApi(old_sysdig_api)
-
-        if old_api:
-            return old_sysdig_api
-        return secure_events_api
-
-    def tool_get_event_info(self, event_id: str) -> dict:
+    def tool_get_event_info(self, ctx: Context, event_id: str) -> dict:
         """
         Retrieves detailed information for a specific security event.
 
         Args:
+            ctx (Context): Context to use.
             event_id (str): The unique identifier of the security event.
 
         Returns:
             Event: The Event object containing detailed information about the specified event.
         """
         # Init of the sysdig client
-        secure_events_api = self.init_client()
+        api_instances: dict = ctx.get_state("api_instances")
+        secure_events_api: SecureEventsApi = api_instances.get("secure_events")
+
         try:
             # Get the HTTP request
             start_time = time.time()
@@ -98,6 +63,7 @@ def tool_get_event_info(self, event_id: str) -> dict:
 
     def tool_list_runtime_events(
         self,
+        ctx: Context,
         cursor: Optional[str] = None,
         scope_hours: int = 1,
         limit: int = 50,
@@ -136,6 +102,7 @@ def tool_list_runtime_events(
         cluster name, or an optional filter expression.
 
         Args:
+            ctx (Context): Context to use.
             cursor (Optional[str]): Cursor for pagination.
             scope_hours (int): Number of hours back from now to include events. Defaults to 1.
             limit (int): Maximum number of events to return. Defaults to 50.
@@ -144,7 +111,9 @@ def tool_list_runtime_events(
         Returns:
             dict: A dictionary containing the results of the runtime events query, including pagination information.
         """
-        secure_events_api = self.init_client()
+        api_instances: dict = ctx.get_state("api_instances")
+        secure_events_api: SecureEventsApi = api_instances.get("secure_events")
+
         start_time = time.time()
         # Compute time window
         now_ns = time.time_ns()
@@ -176,7 +145,7 @@ def tool_list_runtime_events(
 
     # A tool to retrieve all the process-tree information for a specific event.Add commentMore actions
 
-    def tool_get_event_process_tree(self, event_id: str) -> dict:
+    def tool_get_event_process_tree(self, ctx: Context, event_id: str) -> dict:
         """
         Retrieves the process tree for a specific security event.
         Not every event has a process tree, so this may return an empty tree.
@@ -191,12 +160,14 @@ def tool_get_event_process_tree(self, event_id: str) -> dict:
             ToolError: If there is an error constructing or processing the response.
         """
         try:
+            api_instances: dict = ctx.get_state("api_instances")
+            legacy_api_client: LegacySysdigApi = api_instances.get("legacy_sysdig_api")
+
             start_time = time.time()
             # Get process tree branches
-            old_api_client = self.init_client(old_api=True)
-            branches = old_api_client.request_process_tree_branches(event_id)
+            branches = legacy_api_client.request_process_tree_branches(event_id)
             # Get process tree
-            tree = old_api_client.request_process_tree_trees(event_id)
+            tree = legacy_api_client.request_process_tree_trees(event_id)
 
             # Parse the response (tolerates empty bodies)
             branches_std = create_standard_response(results=branches, execution_time_ms=(time.time() - start_time) * 1000)
@@ -209,7 +180,7 @@ def tool_get_event_process_tree(self, event_id: str) -> dict:
                 "tree": tree_std.get("results", {}),
                 "metadata": {
                     "execution_time_ms": execution_time,
-                    "timestamp": datetime.utcnow().isoformat() + "Z",
+                    "timestamp": datetime.datetime.now(datetime.UTC).isoformat().replace("+00:00", "Z"),
                 },
             }
 
@@ -222,7 +193,7 @@ def tool_get_event_process_tree(self, event_id: str) -> dict:
                     "tree": {},
                     "metadata": {
                         "execution_time_ms": (time.time() - start_time) * 1000,
-                        "timestamp": datetime.utcnow().isoformat() + "Z",
+                        "timestamp": datetime.datetime.now(datetime.UTC).isoformat().replace("+00:00", "Z"),
                         "note": "Process tree not available for this event"
                     },
                 }
 
@@ -5,14 +5,12 @@
 import logging
 import time
 from typing import Annotated
+
+from fastmcp import Context
 from pydantic import Field
-from fastmcp.server.dependencies import get_http_request
 from fastmcp.exceptions import ToolError
-from starlette.requests import Request
 from sysdig_client.api import InventoryApi
-from utils.sysdig.client_config import get_configuration
 from utils.app_config import AppConfig
-from utils.sysdig.api import initialize_api_client
 from utils.query_helpers import create_standard_response
 
 
@@ -24,34 +22,11 @@ class InventoryTools:
     def __init__(self, app_config: AppConfig):
         self.app_config = app_config
         # Configure logging
-        logging.basicConfig(format="%(asctime)s-%(process)d-%(levelname)s- %(message)s", level=self.app_config.log_level())
         self.log = logging.getLogger(__name__)
 
-    def init_client(self) -> InventoryApi:
-        """
-        Initializes the InventoryApi client from the request state.
-        If the request does not have the API client initialized, it will create a new instance
-        using the Sysdig Secure token and host from the environment variables.
-        Returns:
-            InventoryApi: An instance of the InventoryApi client.
-        """
-        inventory_api: InventoryApi = None
-        transport = self.app_config.transport()
-        if transport in ["streamable-http", "sse"]:
-            # Try to get the HTTP request
-            self.log.debug("Attempting to get the HTTP request to initialize the Sysdig API client.")
-            request: Request = get_http_request()
-            inventory_api = request.state.api_instances["inventory"]
-        else:
-            # If running in STDIO mode, we need to initialize the API client from environment variables
-            self.log.debug("Running in STDIO mode, initializing the Sysdig API client from environment variables.")
-            cfg = get_configuration()
-            api_client = initialize_api_client(cfg)
-            inventory_api = InventoryApi(api_client)
-        return inventory_api
-
     def tool_list_resources(
         self,
+        ctx: Context,
         filter_exp: Annotated[
             str,
             Field(
@@ -141,6 +116,7 @@ def tool_list_resources(
         List inventory items based on a filter expression, with optional pagination.
 
         Args:
+            ctx (Context): A context object containing configuration information.
             filter_exp (str): Sysdig query filter expression to filter inventory resources.
                 Use the resource://filter-query-language to get the expected filter expression format.
                 Supports operators: =, !=, in, exists, contains, startsWith.
@@ -162,7 +138,9 @@ def tool_list_resources(
             Or a dict containing an error message if the call fails.
         """
         try:
-            inventory_api = self.init_client()
+            api_instances: dict = ctx.get_state("api_instances")
+            inventory_api: InventoryApi = api_instances.get("inventory")
+
             start_time = time.time()
 
             api_response = inventory_api.get_resources_without_preload_content(
@@ -180,19 +158,23 @@ def tool_list_resources(
 
     def tool_get_resource(
         self,
+        ctx: Context,
         resource_hash: Annotated[str, Field(description="The unique hash of the inventory resource to retrieve.")],
     ) -> dict:
         """
         Fetch a specific inventory resource by hash.
 
         Args:
+            ctx (Context): A context object containing configuration information.
             resource_hash (str): The hash identifier of the resource.
 
         Returns:
             dict: A dictionary containing the details of the requested inventory resource.
         """
         try:
-            inventory_api = self.init_client()
+            api_instances: dict = ctx.get_state("api_instances")
+            inventory_api: InventoryApi = api_instances.get("inventory")
+
             start_time = time.time()
 
             api_response = inventory_api.get_resource_without_preload_content(hash=resource_hash)