Initial commit

Author: krutsko

.github/workflows/build.yaml

@@ -0,0 +1,50 @@
+name: Build
+
+on:
+  push:
+    branches:
+      - 'main'
+    paths-ignore:
+      - '.gitignore'
+      - 'LICENSE'
+      - '*.md'
+  pull_request:
+    paths-ignore:
+      - '.gitignore'
+      - 'LICENSE'
+      - '*.md'
+
+concurrency:
+  # Only run once for latest commit per ref and cancel other (previous) runs.
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  GO_VERSION: 1.24.1
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  build:
+    name: Build on ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-latest #x64
+          - windows-latest #x64
+          - macos-13 #x64
+          - macos-latest #arm64
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Build
+        run: make build
+      - name: Test
+        run: make test

.github/workflows/release.yaml

@@ -0,0 +1,43 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - '*'
+
+concurrency:
+  # Only run once for latest commit per ref and cancel other (previous) runs.
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  GO_VERSION: 1.24
+  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+permissions:
+  contents: write
+  discussions: write
+
+jobs:
+  release:
+    name: Release
+    runs-on: macos-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Build
+        run: make build-all-platforms
+      - name: Upload artifacts
+        uses: softprops/action-gh-release@v2
+        with:
+          generate_release_notes: true
+          make_latest: true
+          files: |
+            LICENSE.md
+            istio-mcp-server-*
+      - name: Publish npm
+        run:
+          make npm-publish

.gitignore

@@ -0,0 +1,24 @@
+.idea/
+.docusaurus/
+node_modules/
+
+# Build artifacts
+istio-mcp-server
+!cmd/istio-mcp-server
+!pkg/istio-mcp-server
+
+# OS specific files
+.DS_Store
+Thumbs.db
+
+# Editor files
+*.swp
+*.swo
+*~
+
+# Log files
+*.log
+
+# Temporary files
+*.tmp
+*.temp

LICENSE.md

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Sergey Krutsko
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,107 @@
+# If you update this file, please follow
+# https://www.thapaliya.com/en/writings/well-documented-makefiles/
+
+.DEFAULT_GOAL := help
+
+PACKAGE = $(shell go list -m)
+GIT_COMMIT_HASH = $(shell git rev-parse HEAD)
+GIT_VERSION = $(shell git describe --tags --always --dirty)
+BUILD_TIME = $(shell date -u '+%Y-%m-%dT%H:%M:%SZ')
+BINARY_NAME = istio-mcp-server
+LD_FLAGS = -s -w \
+	-X '$(PACKAGE)/pkg/version.CommitHash=$(GIT_COMMIT_HASH)' \
+	-X '$(PACKAGE)/pkg/version.Version=$(GIT_VERSION)' \
+	-X '$(PACKAGE)/pkg/version.BuildTime=$(BUILD_TIME)' \
+	-X '$(PACKAGE)/pkg/version.BinaryName=$(BINARY_NAME)'
+COMMON_BUILD_ARGS = -ldflags "$(LD_FLAGS)"
+
+GOLANGCI_LINT = $(shell pwd)/_output/tools/bin/golangci-lint
+GOLANGCI_LINT_VERSION ?= v2.2.2
+
+# NPM version should not append the -dirty flag
+NPM_VERSION ?= $(shell echo $(shell git describe --tags --always) | sed 's/^v//')
+OSES = darwin linux windows
+ARCHS = amd64 arm64
+
+CLEAN_TARGETS :=
+CLEAN_TARGETS += '$(BINARY_NAME)'
+CLEAN_TARGETS += bin/
+CLEAN_TARGETS += $(foreach os,$(OSES),$(foreach arch,$(ARCHS),$(BINARY_NAME)-$(os)-$(arch)$(if $(findstring windows,$(os)),.exe,)))
+CLEAN_TARGETS += $(foreach os,$(OSES),$(foreach arch,$(ARCHS),./npm/$(BINARY_NAME)-$(os)-$(arch)/bin/))
+CLEAN_TARGETS += ./npm/$(BINARY_NAME)/.npmrc ./npm/$(BINARY_NAME)/LICENSE.md ./npm/$(BINARY_NAME)/README.md ./npm/$(BINARY_NAME)/bin/
+CLEAN_TARGETS += $(foreach os,$(OSES),$(foreach arch,$(ARCHS),./npm/$(BINARY_NAME)-$(os)-$(arch)/.npmrc))
+
+# The help will print out all targets with their descriptions organized bellow their categories. The categories are represented by `##@` and the target descriptions by `##`.
+# The awk commands is responsible to read the entire set of makefiles included in this invocation, looking for lines of the file as xyz: ## something, and then pretty-format the target and help. Then, if there's a line with ##@ something, that gets pretty-printed as a category.
+# More info over the usage of ANSI control characters for terminal formatting: https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
+# More info over awk command: http://linuxcommand.org/lc3_adv_awk.php
+#
+# Notice that we have a little modification on the awk command to support slash in the recipe name:
+# origin: /^[a-zA-Z_0-9-]+:.*?##/
+# modified /^[a-zA-Z_0-9\/\.-]+:.*?##/
+.PHONY: help
+help: ## Display this help
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9\/\.-]+:.*?##/ { printf "  \033[36m%-21s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+.PHONY: clean
+clean: ## Clean up all build artifacts
+	rm -rf $(CLEAN_TARGETS)
+
+.PHONY: build
+build: clean tidy format ## Build the project
+	mkdir -p bin
+	go build $(COMMON_BUILD_ARGS) -o bin/$(BINARY_NAME) ./cmd/istio-mcp-server
+
+.PHONY: build-all-platforms
+build-all-platforms: clean tidy format ## Build the project for all platforms
+	$(foreach os,$(OSES),$(foreach arch,$(ARCHS), \
+		GOOS=$(os) GOARCH=$(arch) go build $(COMMON_BUILD_ARGS) -o $(BINARY_NAME)-$(os)-$(arch)$(if $(findstring windows,$(os)),.exe,) ./cmd/istio-mcp-server; \
+	))
+
+.PHONY: npm-copy-binaries
+npm-copy-binaries: build-all-platforms ## Copy the binaries to each npm package
+	$(foreach os,$(OSES),$(foreach arch,$(ARCHS), \
+		EXECUTABLE=./$(BINARY_NAME)-$(os)-$(arch)$(if $(findstring windows,$(os)),.exe,); \
+		DIRNAME=$(BINARY_NAME)-$(os)-$(arch); \
+		mkdir -p ./npm/$$DIRNAME/bin; \
+		cp $$EXECUTABLE ./npm/$$DIRNAME/bin/; \
+	))
+
+.PHONY: npm-publish
+npm-publish: npm-copy-binaries ## Publish the npm packages
+	$(foreach os,$(OSES),$(foreach arch,$(ARCHS), \
+		DIRNAME="$(BINARY_NAME)-$(os)-$(arch)"; \
+		cd npm/$$DIRNAME; \
+		echo '//registry.npmjs.org/:_authToken=$(NPM_TOKEN)' >> .npmrc; \
+		jq '.version = "$(NPM_VERSION)"' package.json > tmp.json && mv tmp.json package.json; \
+		npm publish; \
+		cd ../..; \
+	))
+	cp README.md LICENSE.md ./npm/$(BINARY_NAME)/
+	echo '//registry.npmjs.org/:_authToken=$(NPM_TOKEN)' >> ./npm/$(BINARY_NAME)/.npmrc
+	jq '.version = "$(NPM_VERSION)"' ./npm/$(BINARY_NAME)/package.json > tmp.json && mv tmp.json ./npm/$(BINARY_NAME)/package.json; \
+	jq '.optionalDependencies |= with_entries(.value = "$(NPM_VERSION)")' ./npm/$(BINARY_NAME)/package.json > tmp.json && mv tmp.json ./npm/$(BINARY_NAME)/package.json; \
+	cd npm/$(BINARY_NAME) && npm publish
+
+.PHONY: test
+test: ## Run the tests
+	go test -count=1 -v ./...
+
+.PHONY: format
+format: ## Format the code
+	go fmt ./...
+
+.PHONY: tidy
+tidy: ## Tidy up the go modules
+	go mod tidy
+
+.PHONY: golangci-lint
+golangci-lint: ## Download and install golangci-lint if not already installed
+		@[ -f $(GOLANGCI_LINT) ] || { \
+    	set -e ;\
+    	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(shell dirname $(GOLANGCI_LINT)) $(GOLANGCI_LINT_VERSION) ;\
+    	}
+
+.PHONY: lint
+lint: golangci-lint ## Lint the code
+	$(GOLANGCI_LINT) run --verbose --print-resources-usage 

PROXY_CONFIG.md

@@ -0,0 +1,68 @@
+# Istio Proxy Configuration Support
+
+This document describes the proxy configuration features available in the Istio MCP Server.
+
+## Overview
+
+The Istio MCP Server provides comprehensive tools for accessing Envoy proxy configurations within Istio service mesh. These tools allow you to inspect the runtime configuration of Envoy proxies running in your Istio-managed pods.
+
+## Available Tools
+
+The Istio MCP Server supports these proxy configuration tools:
+
+- **get-proxy-clusters**: Get Envoy cluster configuration from a pod
+- **get-proxy-listeners**: Get Envoy listener configuration from a pod  
+- **get-proxy-routes**: Get Envoy route configuration from a pod
+- **get-proxy-endpoints**: Get Envoy endpoint configuration from a pod
+- **get-proxy-bootstrap**: Get Envoy bootstrap configuration from a pod
+- **get-proxy-config-dump**: Get full Envoy configuration dump from a pod
+- **get-proxy-status**: Get proxy status information for all pods or a specific pod
+
+## Implementation Details
+
+- Uses `istioctl proxy-config` commands under the hood
+- Requires `istioctl` to be installed on the system
+- Returns JSON formatted output for easy parsing
+- Includes proper error handling and timeouts
+- Supports both namespace-wide and pod-specific queries
+
+## Usage
+
+Each tool requires:
+- `namespace` (optional, defaults to 'default')
+- `pod` (required for most tools, except `get-proxy-status`)
+
+### Examples
+
+```bash
+# Get cluster configuration for a specific pod
+get-proxy-clusters --namespace default --pod my-app-pod
+
+# Get listener configuration
+get-proxy-listeners --namespace istio-system --pod istio-ingressgateway-xyz
+
+# Get route configuration
+get-proxy-routes --namespace default --pod frontend-service
+
+# Get proxy status for all pods in a namespace
+get-proxy-status --namespace default
+
+# Get proxy status for a specific pod
+get-proxy-status --namespace default --pod my-app-pod
+```
+
+## Prerequisites
+
+- Istio installed in your Kubernetes cluster
+- `istioctl` CLI tool installed and configured
+- Proper RBAC permissions to access pod information
+- Network access to the Kubernetes API server
+
+## Error Handling
+
+The tools include comprehensive error handling for common scenarios:
+- Pod not found
+- Istio proxy not running in pod
+- Network connectivity issues
+- Permission denied errors
+- Invalid namespace or pod names