Skip to content

feat: facet querying API and integrated MCP server #32

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
scotwells merged 2 commits into from
Feb 5, 2026
Merged

feat: facet querying API and integrated MCP server #32

scotwells merged 2 commits into from
Feb 5, 2026

Conversation

@scotwells
Copy link
Contributor

@scotwells scotwells commented Feb 5, 2026
edited
Loading

This introduces a new AuditLogFacetsQuery API for retrieving field values based on a time range / filter supplied. This helps power a drop down menu with options based on what values are actually present in the audit logs over the requested time period and filter.

I also added a new MCP server that can be used by AI tools to query for audit logs and audit log facets. The MCP server tools are available in a library so they can be embedded into the Datum MCP server.

Part of datum-cloud/enhancements#469

@scotwells
feat: add AuditLogFacetsQuery API for faceted search
3370d06 
Add a new ephemeral API resource for retrieving distinct field values
with counts from audit logs. This enables UI features like autocomplete
suggestions and faceted search filters.

Key changes:
- Add AuditLogFacetsQuery and AuditLogFacetsQueryList types
- Add shared FacetSpec, FacetResult, and FacetValue types
- Implement ClickHouse storage for facet aggregation queries
- Split types.go into separate files for maintainability
@scotwells
feat: add MCP server for AI assistant integration
50c7b6c 
Add a Model Context Protocol server that exposes audit log query tools
for AI assistants like Claude Desktop. The server communicates via stdio
and uses the Activity API through a Kubernetes client.

Available tools:
- query_audit_logs: Search audit logs with CEL filters
- get_audit_log_facets: Get distinct values for audit log fields
@scotwells scotwells mentioned this pull request Feb 5, 2026
Open
@scotwells scotwells merged commit 7be4c9a into main Feb 5, 2026
4 checks passed
@scotwells scotwells deleted the feat/auditlog-facets-and-mcp branch February 5, 2026 02:08
@scotwells scotwells mentioned this pull request Feb 5, 2026
Merged
scotwells added a commit that referenced this pull request Feb 5, 2026
@scotwells
feat: allow users to query facets and support NOT operator (#33)
6e8a8d3 
This PR updates the AuditLogQuery and AuditLogFacetsQuery endpoints to
support the NOT operator (`!`) so users can execute filters like
`!user.username.startsWith("system:")`. It also grants users access to
query for audit log facets.

Follow up to #32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ecv ecv ecv approved these changes

@kevwilliams kevwilliams Awaiting requested review from kevwilliams

@zachsmith1 zachsmith1 Awaiting requested review from zachsmith1

@OscarLlamas6 OscarLlamas6 Awaiting requested review from OscarLlamas6

@JoseSzycho JoseSzycho Awaiting requested review from JoseSzycho

@cc-datum cc-datum Awaiting requested review from cc-datum

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@scotwells @ecv