feat(tools): add kubernetes_list_clusters tool

This commit introduces a new tool  to list Kubernetes clusters using a PromQL query.

The tool supports filtering by cluster name and limiting the number of results.

It uses the Sysdig client to execute the  PromQL query.

Author: tembleking

AGENTS.md

@@ -49,6 +49,7 @@ The handler filters tools dynamically based on `GetMyPermissions` from Sysdig Se
 | `get_event_process_tree` | `tool_get_event_process_tree.go` | Retrieve the process tree for an event when available. | `policy-events.read` | “Show the process tree behind event `abc123`.” |
 | `run_sysql` | `tool_run_sysql.go` | Execute caller-supplied Sysdig SysQL queries safely. | `sage.exec`, `risks.read` | “Run the following SysQL…”. |
 | `generate_sysql` | `tool_generate_sysql.go` | Convert natural language to SysQL via Sysdig Sage. | `sage.exec` (does not work with Service Accounts) | “Create a SysQL to list S3 buckets.” |
+| `kubernetes_list_clusters` | `tool_kubernetes_list_clusters.go` | Lists Kubernetes cluster information. | None | "List all Kubernetes clusters" |
 
 Every tool has a companion `_test.go` file that exercises request validation, permission metadata, and Sysdig client calls through mocks.
 Note that if you add more tools you need to also update this file to reflect that.

README.md

@@ -108,6 +108,11 @@ The server dynamically filters the available tools based on the permissions asso
   - **Required Permission**: `sage.exec`, `risks.read`
   - **Sample Prompt**: "Run this query: MATCH CloudResource WHERE type = 'aws_s3_bucket' LIMIT 10"
 
+- **`kubernetes_list_clusters`**
+  - **Description**: Lists the cluster information for all clusters or just the cluster specified.
+  - **Required Permission**: None
+  - **Sample Prompt**: "List all kubernetes clusters" or "Show me info for cluster 'production-gke'"
+
 ## Requirements
 
 - [Go](https://go.dev/doc/install) 1.25 or higher (if running without Docker).

cmd/server/main.go

@@ -94,6 +94,7 @@ func setupHandler(sysdigClient sysdig.ExtendedClientWithResponsesInterface) *mcp
 		tools.NewToolGetEventProcessTree(sysdigClient),
 		tools.NewToolRunSysql(sysdigClient),
 		tools.NewToolGenerateSysql(sysdigClient),
+		tools.NewKubernetesListClusters(sysdigClient),
 	)
 	return handler
 }

internal/infra/mcp/tools/tool_kubernetes_list_clusters.go

@@ -0,0 +1,69 @@
+package tools
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/mark3labs/mcp-go/mcp"
+	"github.com/mark3labs/mcp-go/server"
+	"github.com/sysdiglabs/sysdig-mcp-server/internal/infra/sysdig"
+)
+
+type KubernetesListClusters struct {
+	SysdigClient sysdig.ExtendedClientWithResponsesInterface
+}
+
+func NewKubernetesListClusters(sysdigClient sysdig.ExtendedClientWithResponsesInterface) *KubernetesListClusters {
+	return &KubernetesListClusters{
+		SysdigClient: sysdigClient,
+	}
+}
+
+func (t *KubernetesListClusters) RegisterInServer(s *server.MCPServer) {
+	tool := mcp.NewTool("kubernetes_list_clusters",
+		mcp.WithDescription("Lists the cluster information for all clusters or just the cluster specified."),
+		mcp.WithString("cluster_name", mcp.Description("The name of the cluster to filter by.")),
+		mcp.WithNumber("limit",
+			mcp.Description("Maximum number of clusters to return."),
+			mcp.DefaultNumber(10),
+		),
+		mcp.WithOutputSchema[map[string]any](),
+		WithRequiredPermissions(), // FIXME(fede): Add the required permissions. It should be `promql.exec` but somehow the token does not have that permission even if you are able to execute queries.
+	)
+	s.AddTool(tool, t.handle)
+}
+
+func (t *KubernetesListClusters) handle(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
+	clusterName := mcp.ParseString(request, "cluster_name", "")
+	limit := mcp.ParseInt(request, "limit", 10)
+
+	query := "kube_cluster_info"
+	if clusterName != "" {
+		query = fmt.Sprintf("kube_cluster_info{cluster=\"%s\"}", clusterName)
+	}
+
+	limitQuery := sysdig.LimitQuery(limit)
+	params := &sysdig.GetQueryV1Params{
+		Query: query,
+		Limit: &limitQuery,
+	}
+
+	httpResp, err := t.SysdigClient.GetQueryV1(ctx, params)
+	if err != nil {
+		return mcp.NewToolResultErrorFromErr("failed to get cluster list", err), nil
+	}
+
+	if httpResp.StatusCode != 200 {
+		bodyBytes, _ := io.ReadAll(httpResp.Body)
+		return mcp.NewToolResultErrorf("failed to get cluster list: status code %d, body: %s", httpResp.StatusCode, string(bodyBytes)), nil
+	}
+
+	var queryResponse sysdig.QueryResponseV1
+	if err := json.NewDecoder(httpResp.Body).Decode(&queryResponse); err != nil {
+		return mcp.NewToolResultErrorFromErr("failed to decode response", err), nil
+	}
+
+	return mcp.NewToolResultJSON(queryResponse)
+}

internal/infra/mcp/tools/tool_kubernetes_list_clusters_test.go

@@ -0,0 +1,112 @@
+package tools_test
+
+import (
+	"bytes"
+	"context"
+	"io"
+	"net/http"
+
+	"github.com/mark3labs/mcp-go/mcp"
+	"github.com/mark3labs/mcp-go/server"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	"github.com/sysdiglabs/sysdig-mcp-server/internal/infra/mcp/tools"
+	"github.com/sysdiglabs/sysdig-mcp-server/internal/infra/sysdig"
+	"github.com/sysdiglabs/sysdig-mcp-server/internal/infra/sysdig/mocks"
+	"go.uber.org/mock/gomock"
+)
+
+var _ = Describe("KubernetesListClusters Tool", func() {
+	var (
+		tool       *tools.KubernetesListClusters
+		mockSysdig *mocks.MockExtendedClientWithResponsesInterface
+		mcpServer  *server.MCPServer
+		ctrl       *gomock.Controller
+	)
+
+	BeforeEach(func() {
+		ctrl = gomock.NewController(GinkgoT())
+		mockSysdig = mocks.NewMockExtendedClientWithResponsesInterface(ctrl)
+		tool = tools.NewKubernetesListClusters(mockSysdig)
+		mcpServer = server.NewMCPServer("test", "test")
+		tool.RegisterInServer(mcpServer)
+	})
+
+	It("should register successfully in the server", func() {
+		Expect(mcpServer.GetTool("kubernetes_list_clusters")).NotTo(BeNil())
+	})
+
+	When("listing all clusters", func() {
+		DescribeTable("it succeeds", func(ctx context.Context, toolName string, request mcp.CallToolRequest, expectedParamsRequested sysdig.GetQueryV1Params) {
+			mockSysdig.EXPECT().GetQueryV1(gomock.Any(), &expectedParamsRequested).Return(&http.Response{
+				StatusCode: http.StatusOK,
+				Body:       io.NopCloser(bytes.NewBufferString(`{"status":"success"}`)),
+			}, nil)
+
+			serverTool := mcpServer.GetTool(toolName)
+			result, err := serverTool.Handler(ctx, request)
+			Expect(err).NotTo(HaveOccurred())
+
+			resultData, ok := result.Content[0].(mcp.TextContent)
+			Expect(ok).To(BeTrue())
+			Expect(resultData.Text).To(MatchJSON(`{"status":"success"}`))
+		},
+			Entry(nil,
+				"kubernetes_list_clusters",
+				mcp.CallToolRequest{
+					Params: mcp.CallToolParams{
+						Name:      "kubernetes_list_clusters",
+						Arguments: map[string]any{},
+					},
+				},
+				sysdig.GetQueryV1Params{
+					Query: `kube_cluster_info`,
+					Limit: asPtr(sysdig.LimitQuery(10)),
+				},
+			),
+			Entry(nil,
+				"kubernetes_list_clusters",
+				mcp.CallToolRequest{
+					Params: mcp.CallToolParams{
+						Name:      "kubernetes_list_clusters",
+						Arguments: map[string]any{"limit": "20"},
+					},
+				},
+				sysdig.GetQueryV1Params{
+					Query: `kube_cluster_info`,
+					Limit: asPtr(sysdig.LimitQuery(20)),
+				},
+			),
+			Entry(nil,
+				"kubernetes_list_clusters",
+				mcp.CallToolRequest{
+					Params: mcp.CallToolParams{
+						Name:      "kubernetes_list_clusters",
+						Arguments: map[string]any{"cluster_name": "my_cluster"},
+					},
+				},
+				sysdig.GetQueryV1Params{
+					Query: `kube_cluster_info{cluster="my_cluster"}`,
+					Limit: asPtr(sysdig.LimitQuery(10)),
+				},
+			),
+			Entry(nil,
+				"kubernetes_list_clusters",
+				mcp.CallToolRequest{
+					Params: mcp.CallToolParams{
+						Name:      "kubernetes_list_clusters",
+						Arguments: map[string]any{"cluster_name": "my_cluster", "limit": "20"},
+					},
+				},
+				sysdig.GetQueryV1Params{
+					Query: `kube_cluster_info{cluster="my_cluster"}`,
+					Limit: asPtr(sysdig.LimitQuery(20)),
+				},
+			),
+		)
+	})
+})
+
+func asPtr[T any](arg T) *T {
+	return &arg
+}