fix: cloudwatch_is_available should check source key presence not connection_verified

Ankit Juneja · Ankit Juneja · commit 03f5a2600601 · 2026-04-21T19:56:22.000+05:30
detect_sources.py populates sources["cloudwatch"] from alert annotations
(cloudwatch_log_group) but never writes connection_verified — CloudWatch
uses ambient IAM auth, not an API key. Checking connection_verified caused
the tool to be permanently hidden even when CloudWatch context was present.
diff --git a/app/tools/utils/availability.py b/app/tools/utils/availability.py
@@ -35,9 +35,11 @@ def datadog_available_or_backend(sources: dict[str, dict]) -> bool:
 
 
 def cloudwatch_is_available(sources: dict[str, dict]) -> bool:
-    """Available when a CloudWatch integration is configured.
+    """Available when a CloudWatch source is present in the alert context.
 
-    CloudWatch uses IAM-based auth — no connection string to extract.
+    CloudWatch uses IAM-based auth so detect_sources never writes
+    connection_verified — availability is gated on the source key existing
+    (populated when cloudwatch_log_group is present in alert annotations).
     Tool params like ``job_queue`` are alert-specific and provided by the LLM.
     """
-    return bool(sources.get("cloudwatch", {}).get("connection_verified"))
+    return bool(sources.get("cloudwatch"))
