feat(mcp): implement mcp-hub for hybrid host-cluster visibility (#299)

Author: victoriacheng15

Makefile

@@ -24,7 +24,9 @@ help:
 	@echo "  make proxy-build          - Build and restart the go proxy server"
 	@echo "  make ingestion-build      - Build and restart the go ingestion server"
 	@echo "  make mcp-telemetry-build  - Build and restart the go mcp telemetry server"
-	@echo "	 make all-build            - Build and restart all Go services"
+	@echo "  make mcp-pods-build       - Build and restart the go mcp pods server"
+	@echo "  make mcp-hub-build        - Build and restart the go mcp hub server"
+	@echo "  make all-build            - Build and restart all Go services"
 	@echo ""
 	@echo "Host Tier (Systemd & Secrets):"
 	@echo "  make install-services    - Install all systemd units"

cmd/mcp-hub/main.go

@@ -0,0 +1,55 @@
+package main
+
+import (
+	"context"
+	"os"
+	"os/signal"
+	"syscall"
+
+	"github.com/modelcontextprotocol/go-sdk/mcp"
+
+	internalmcp "observability-hub/internal/mcp"
+	"observability-hub/internal/mcp/providers"
+	"observability-hub/internal/telemetry"
+)
+
+const (
+	serviceName = "mcp-hub"
+	version     = "0.1.0"
+)
+
+func main() {
+	ctx, stop := signal.NotifyContext(context.Background(), os.Interrupt, syscall.SIGTERM)
+	defer stop()
+
+	// 1. Initialize Telemetry
+	shutdown, err := telemetry.Init(ctx, serviceName)
+	if err != nil {
+		telemetry.Error("failed to initialize telemetry", "error", err)
+		os.Exit(1)
+	}
+	defer shutdown()
+
+	// 2. Initialize Hub Provider
+	hubProvider := providers.NewHubProvider()
+
+	// 3. Create MCP Server using established implementation
+	server := mcp.NewServer(&mcp.Implementation{
+		Name:    serviceName,
+		Version: version,
+	}, nil)
+
+	// 4. Register Hub Tools
+	internalmcp.RegisterHubTools(server, hubProvider)
+
+	// 5. Run Server (Stdio transport)
+	telemetry.Info("mcp-hub ready", "tools", []string{"hub_inspect_platform", "hub_inspect_host", "hub_list_host_services", "hub_query_service_logs"})
+
+	transport := &mcp.StdioTransport{}
+	if err := server.Run(ctx, transport); err != nil {
+		telemetry.Error("mcp-hub execution failed", "error", err)
+		os.Exit(1)
+	}
+
+	telemetry.Info("shutting down mcp-hub")
+}

docs/decisions/019-hybrid-host-mcp-intelligence.md

@@ -0,0 +1,41 @@
+# ADR 019: Hybrid Host-MCP Intelligence Layer
+
+- **Status:** Accepted
+- **Date:** 2026-03-12
+- **Author:** Victoria Cheng
+
+## Context and Problem Statement
+
+The Observability Hub operates in a hybrid environment where high-performance data ingestion pipelines (`ingestion`, `proxy`) and core security infrastructure (`openbao`) reside as systemd services on the physical host, while the telemetry and visualization stack (LGTM) is orchestrated via Kubernetes (K3s).
+
+Existing Model Context Protocol (MCP) implementations, such as `mcp-pods`, provide deep visibility into the cluster but are blind to the host-resident "Pillar Services." This created an intelligence gap where AI agents could not correlate cluster-level telemetry with host-level system state or logs.
+
+## Decision Outcome
+
+Implement a dedicated MCP server, `mcp-hub`, to act as the authoritative "Host-Cluster Bridge."
+
+### Rationale
+
+- **Hybrid Visibility:** Enables agents to diagnose "Dark Matter" failures occurring outside the Kubernetes runtime by wrapping system-native tools (`systemctl`, `journalctl`, `free`, `df`).
+- **Semantic Clarity:** Strict namespacing with the `hub_` prefix prevents tool name collisions and provides a clear domain boundary for the agent.
+- **Testability & Reliability:** Use of a `CommandRunner` interface allows for 100% unit test coverage of state-parsing logic without side-effects.
+- **Architectural Consistency:** Aligns with the `internalmcp` pattern for unified telemetry and signal handling across all MCP services.
+
+## Consequences
+
+### Positive
+
+- **Executive Oversight:** Provides a unified summary (`hub_inspect_platform`) that combines K3s and Host health status.
+- **Direct-Path Ingestion:** Enables autonomous log analysis via systemd journal queries, bypassing the telemetry pipeline for real-time investigation.
+- **Resource Awareness:** Agents can now correlate host-level resource pressure (Memory/CPU) with pod failures.
+
+### Negative
+
+- **Privileged Access:** Requires host-level execution permissions for systemd and kubectl, increasing the security surface area.
+- **Dependency Bloat:** Adds another service to the MCP fleet that requires maintenance and monitoring.
+
+## Verification
+
+- [x] **Unit Tests:** `internal/mcp/providers/hub_test.go` and `internal/mcp/tools/hub_test.go` verify parsing logic and MCP handlers.
+- [x] **Registry Check:** Tools are correctly registered with the `hub_` prefix in the implementation.
+- [x] **Binary Verification:** `make mcp-hub-build` successfully compiles the service.

docs/decisions/README.md

@@ -8,6 +8,7 @@ This directory serves as the **Institutional Memory** for the Observability Hub.
 
 | ADR | Title | Status |
 | :--- | :--- | :--- |
+| **019** | [Hybrid Host-MCP Intelligence Layer](./019-hybrid-host-mcp-intelligence.md) | 🔵 Accepted |
 | **018** | [Domain-Isolated MCP Architecture](./018-domain-isolated-mcp-architecture.md) | 🔵 Accepted |
 | **017** | [Agentic Interface via MCP](./017-agentic-interface-mcp.md) | 🔵 Accepted |
 | **016** | [OpenTofu for K3s Service Management](./016-opentofu-k3s-migration.md) | 🔵 Accepted |

internal/mcp/providers/hub.go

@@ -0,0 +1,165 @@
+package providers
+
+import (
+	"context"
+	"fmt"
+	"os/exec"
+	"strings"
+	"time"
+
+	"observability-hub/internal/telemetry"
+)
+
+// CommandRunner defines the interface for executing shell commands.
+type CommandRunner interface {
+	Run(ctx context.Context, name string, arg ...string) ([]byte, error)
+}
+
+// RealCommandRunner is the production implementation.
+type RealCommandRunner struct{}
+
+func (r *RealCommandRunner) Run(ctx context.Context, name string, arg ...string) ([]byte, error) {
+	cmd := exec.CommandContext(ctx, name, arg...)
+	return cmd.CombinedOutput()
+}
+
+// HubProvider provides tools for host-level introspection and platform status.
+type HubProvider struct {
+	runner         CommandRunner
+	targetServices []string
+}
+
+// NewHubProvider creates a new HubProvider.
+func NewHubProvider() *HubProvider {
+	return &HubProvider{
+		runner: &RealCommandRunner{},
+		targetServices: []string{
+			"ingestion.service",
+			"proxy.service",
+			"openbao.service",
+			"tailscale-gate.service",
+		},
+	}
+}
+
+// HostResource represents physical resource usage on the host.
+type HostResource struct {
+	CPUUsage    string `json:"cpu_usage"`
+	MemoryTotal string `json:"memory_total"`
+	MemoryUsed  string `json:"memory_used"`
+	DiskUsage   string `json:"disk_usage"`
+	LoadAverage string `json:"load_average"`
+}
+
+// ServiceStatus represents the state of a systemd unit.
+type ServiceStatus struct {
+	Name   string `json:"name"`
+	Active string `json:"active"`
+	Sub    string `json:"sub"`
+	Since  string `json:"since"`
+}
+
+// ListHostServices returns the status of target systemd services.
+func (p *HubProvider) ListHostServices(ctx context.Context) ([]ServiceStatus, error) {
+	var statuses []ServiceStatus
+
+	for _, svc := range p.targetServices {
+		out, err := p.runner.Run(ctx, "systemctl", "show", svc, "--property=ActiveState,SubState,ActiveEnterTimestamp")
+		if err != nil {
+			telemetry.Warn("systemctl_show_failed", "service", svc, "error", err)
+			continue
+		}
+
+		status := ServiceStatus{Name: svc}
+		lines := strings.Split(string(out), "\n")
+		for _, line := range lines {
+			parts := strings.SplitN(line, "=", 2)
+			if len(parts) < 2 {
+				continue
+			}
+			val := strings.TrimSpace(parts[1])
+			switch parts[0] {
+			case "ActiveState":
+				status.Active = val
+			case "SubState":
+				status.Sub = val
+			case "ActiveEnterTimestamp":
+				status.Since = val
+			}
+		}
+		statuses = append(statuses, status)
+	}
+
+	return statuses, nil
+}
+
+// QueryServiceLogs retrieves journal logs for a specific service since a relative time.
+func (p *HubProvider) QueryServiceLogs(ctx context.Context, service string, since string) (string, error) {
+	if since == "" {
+		since = "5m"
+	}
+
+	argSince := fmt.Sprintf("%s ago", since)
+	out, err := p.runner.Run(ctx, "journalctl", "-u", service, "--since", argSince, "--no-pager", "-n", "50")
+	if err != nil {
+		return "", fmt.Errorf("failed to fetch logs for %s: %w", service, err)
+	}
+
+	return string(out), nil
+}
+
+// InspectHost retrieves physical resource statistics.
+func (p *HubProvider) InspectHost(ctx context.Context) (*HostResource, error) {
+	res := &HostResource{}
+
+	// Load Average
+	loadOut, _ := p.runner.Run(ctx, "uptime")
+	res.LoadAverage = strings.TrimSpace(string(loadOut))
+
+	// Memory (free -h)
+	memOut, _ := p.runner.Run(ctx, "free", "-h")
+	lines := strings.Split(string(memOut), "\n")
+	if len(lines) > 1 {
+		fields := strings.Fields(lines[1]) // Mem row
+		if len(fields) > 2 {
+			res.MemoryTotal = fields[1]
+			res.MemoryUsed = fields[2]
+		}
+	}
+
+	// Disk (df -h /)
+	diskOut, _ := p.runner.Run(ctx, "df", "-h", "/")
+	dLines := strings.Split(string(diskOut), "\n")
+	if len(dLines) > 1 {
+		dFields := strings.Fields(dLines[1])
+		if len(dFields) > 4 {
+			res.DiskUsage = dFields[4]
+		}
+	}
+
+	return res, nil
+}
+
+// InspectPlatform returns an executive summary of the entire hub.
+func (p *HubProvider) InspectPlatform(ctx context.Context) (map[string]interface{}, error) {
+	summary := make(map[string]interface{})
+	summary["timestamp"] = time.Now().Format(time.RFC3339)
+	summary["node"] = "server2"
+
+	if _, err := p.runner.Run(ctx, "kubectl", "get", "nodes"); err != nil {
+		summary["k3s_status"] = "unreachable"
+	} else {
+		summary["k3s_status"] = "healthy"
+	}
+
+	services, _ := p.ListHostServices(ctx)
+	runningCount := 0
+	for _, s := range services {
+		if s.Active == "active" {
+			runningCount++
+		}
+	}
+	summary["host_services_running"] = fmt.Sprintf("%d/%d", runningCount, len(p.targetServices))
+
+	return summary, nil
+}