fix: llm with mcp

[xunholy]

This pull request introduces and documents new AI-powered security analysis features for kguardian, integrating the Model Context Protocol (MCP) and expanding LLM provider support. The documentation has been updated to explain these capabilities, and the llm-bridge service now uses the MCP SDK to access cluster data through a standardized protocol. Additionally, the package dependencies for llm-bridge have been updated to include the MCP SDK and its requirements.

Key changes are as follows:

Documentation Updates

• Added detailed documentation in README.md for the new optional AI-powered security analysis, including natural language queries, supported LLM providers (OpenAI, Anthropic, Google Gemini, GitHub Copilot), and MCP integration. Instructions for enabling these features and managing secrets are also included. [1] [2] [3]
• Updated llm-bridge/README.md to reflect the new architecture: the bridge now connects to an MCP server (written in Go) that provides 6 comprehensive tools for LLMs to call, replacing the previous direct broker function calling. Expanded troubleshooting and configuration guidance for MCP integration. [1] [2] [3] [4] [5]

MCP Integration

• The llm-bridge now depends on @modelcontextprotocol/sdk for MCP support, enabling standardized access to cluster data and tool calling from LLMs.
• Added new environment variable MCP_SERVER_URL for configuring the MCP server endpoint in the bridge service.

Dependency and Package Updates

• Updated llm-bridge/package-lock.json to include @modelcontextprotocol/sdk and its dependencies (e.g., ajv, ajv-formats, eventsource, express-rate-limit, pkce-challenge, fast-uri, etc.), ensuring MCP tool support and compatibility with the new architecture. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13]

These changes make kguardian's AI assistant more powerful and flexible, with standardized, multi-provider support and improved documentation for users and developers.

[github-actions]

✅ Helm chart built and pushed for testing:

# Install PR Helm chart
helm install kguardian oci://ghcr.io/kguardian-dev/charts/kguardian \
  --version $(helm search repo kguardian-dev/kguardian --versions | grep pr510 | head -1 | awk '{print $2}') \
  --namespace kguardian \
  --create-namespace

# Or upgrade existing installation
helm upgrade kguardian oci://ghcr.io/kguardian-dev/charts/kguardian \
  --version $(helm search repo kguardian-dev/kguardian --versions | grep pr510 | head -1 | awk '{print $2}') \
  --namespace kguardian

[github-actions]

✅ LLM Bridge image built and pushed:

ghcr.io/kguardian-dev/kguardian/llm-bridge:pr-510

Digest: sha256:3c323dcc2b2bdd04ae706b3d71c1e5ddd3bcfc1bfd360a3b5fc082ade45df156

[github-actions]

✅ MCP Server image built and pushed:

ghcr.io/kguardian-dev/kguardian/mcp-server:pr-510

Digest: sha256:f810e9cbc48e5de25c0cd652e92a68f4e11d2d9cc20be7afd7123223b837382a

[github-actions]

🚀 PR Build Summary

Built Images

✅ LLM Bridge: ghcr.io/kguardian-dev/kguardian/llm-bridge:pr-510
✅ MCP Server: ghcr.io/kguardian-dev/kguardian/mcp-server:pr-510

🧪 Testing Instructions

Option 1: Use PR Helm Chart (Recommended)
A complete Helm chart with all PR changes has been published:

# Find the exact version
helm search repo oci://ghcr.io/kguardian-dev/charts --versions | grep pr510

# Install with PR chart
helm install kguardian oci://ghcr.io/kguardian-dev/charts/kguardian \
  --version <VERSION-FROM-ABOVE> \
  --namespace kguardian \
  --create-namespace \
  --wait

Option 2: Use Released Chart with PR Images

helm upgrade --install kguardian oci://ghcr.io/kguardian-dev/charts/kguardian \
  --namespace kguardian \
  --create-namespace \
  --set llmBridge.enabled=true \
  --set llmBridge.image.tag=pr-510 \
  --set mcpServer.enabled=true \
  --set mcpServer.image.tag=pr-510 \
  --wait