feat(sentinel): add scoped observability links

[Agent-Hellboy]

Summary

• Add scoped observability API links for readable MCP servers and an allowlisted Prometheus query proxy that verifies the live namespace/server target before querying Prometheus.
• Include observability metadata in runtime server listings and show My Activity Metrics / configured Grafana actions only when the API says the server is observable for the caller.
• Document the split between raw admin-only Grafana/Prometheus and scoped user observability, plus PROMETHEUS_API_URL, GRAFANA_SERVER_DASHBOARD_URL, and GRAFANA_SCOPED_USER_ACCESS.

Testing

• go test ./internal/runtimeapi -count=1 from services/api
• go test ./... -count=1 from services/ui
• go test ./... -count=1 from services/api
• go test ./... -count=1 from repo root
• go vet ./... from repo root, services/api, and services/ui
• Commit pre-commit hooks: gitleaks, go fmt, staticcheck, go vet, go unit tests, generated file drift

Refs #181

[gemini-code-assist]

Code Review

This pull request introduces scoped observability for tenant users, enabling access to Prometheus metrics and Grafana dashboards restricted to their own namespaces or owned servers. It adds new API endpoints for observability links and Prometheus query proxying, updates the UI with 'Metrics' and 'Grafana' actions, and provides supporting documentation and tests. A review comment suggests enhancing the Prometheus proxy by logging the response body of failed upstream queries to improve debuggability.

[gemini-code-assist]

When the upstream Prometheus query fails with a non-200 status code, the response body is discarded without being logged. This can make debugging issues with the Prometheus integration difficult, as the reason for the failure is not captured. It would be beneficial to log the status code and the body of the error response from Prometheus to aid in troubleshooting.

Suggested change

	if resp.StatusCode != http.StatusOK {
	_, _ = io.Copy(io.Discard, io.LimitReader(resp.Body, 1024))
	writeJSON(w, http.StatusBadGateway, map[string]string{"error": "prometheus_query_failed"})
	return
	}
	if resp.StatusCode != http.StatusOK {
	body, _ := io.ReadAll(io.LimitReader(resp.Body, 4096))
	log.Printf("observability prometheus query returned status %d namespace=%q server=%q query_id=%q body=%s", resp.StatusCode, target.Namespace, target.Name, query.ID, string(body))
	writeJSON(w, http.StatusBadGateway, map[string]string{"error": "prometheus_query_failed"})
	return
	}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c28bdd297f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Query metrics that Prometheus actually scrapes

In the bundled deployment this query returns no data for every server: rg finds no producer for mcp_gateway_requests_total (nor the other mcp_gateway_* series), and k8s/11-prometheus.yaml only scrapes mcp-sentinel-api, ingest, processor, and clickhouse, not MCP gateway sidecars. Because the UI now shows a Metrics button whenever these links are present, users get an apparently working scoped link that always opens an empty Prometheus result until the gateway metrics are emitted and scraped, or the allowlist is changed to series that actually exist.

Useful? React with 👍 / 👎.

[Agent-Hellboy]

Thanks

[Agent-Hellboy]

Pushed review fixes (also on `fix/pr-198-review`):

• Namespace auth before `GetServer`; return 404 to block cross-tenant enumeration
• Gateway `/metrics` on separate `METRICS_PORT` (9103)
• Merge Prometheus service annotations without wiping user metadata
• Cross-tenant observability tests