fix(observability): include MCP session ID in access logs

* Add function to extract MCP session ID from request headers and query parameters
* Update access log to include MCP session ID
fix(cli): simplify project lookup logic
* Refactor project retrieval to prefer GUID lookup when input is a valid UUID
* Introduce separate functions for fetching projects by GUID and name

internal/observability/http.go

@@ -78,9 +78,10 @@ func AccessLog(log *slog.Logger) func(http.Handler) http.Handler {
 				slog.Int("status", recorder.status),
 				slog.Duration("duration", time.Since(started)),
 				slog.String("remote_addr", requestip.FromRequest(r)),
+				slog.String("mcp_session_id", mcpSessionIDFromRequest(r)),
 			}
 			if tool, _ := r.Context().Value(mcpToolContextKey).(string); strings.TrimSpace(tool) != "" {
-				attrs = append(attrs, slog.String("tool", tool))
+				attrs = append(attrs, slog.String("tool", tool), slog.String("tool_call", tool))
 			}
 			log.Info("http request", attrs...)
 		})
@@ -150,6 +151,22 @@ func mcpToolFromRequest(r *http.Request) string {
 	return msg.toolName()
 }
 
+func mcpSessionIDFromRequest(r *http.Request) string {
+	if r == nil {
+		return ""
+	}
+	if v := strings.TrimSpace(r.Header.Get("MCP-Session-Id")); v != "" {
+		return v
+	}
+	// Some clients/proxies may propagate the session in query params.
+	for _, key := range []string{"session_id", "sessionId", "mcp_session_id"} {
+		if v := strings.TrimSpace(r.URL.Query().Get(key)); v != "" {
+			return v
+		}
+	}
+	return ""
+}
+
 type rpcEnvelope struct {
 	Method string `json:"method"`
 	Params struct {

internal/observability/http_test.go

@@ -113,4 +113,46 @@ func TestAccessLogIncludesMCPToolName(t *testing.T) {
 	if !strings.Contains(buf.String(), "tool=list_projects") {
 		t.Fatalf("log output = %q, want tool=list_projects", buf.String())
 	}
+	if !strings.Contains(buf.String(), "tool_call=list_projects") {
+		t.Fatalf("log output = %q, want tool_call=list_projects", buf.String())
+	}
+}
+
+func TestAccessLogIncludesMCPSessionIDHeader(t *testing.T) {
+	var buf bytes.Buffer
+	logger := slog.New(slog.NewTextHandler(&buf, nil))
+	handler := AccessLog(logger)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusNoContent)
+	}))
+
+	req := httptest.NewRequest(http.MethodGet, "/sse", nil)
+	req.Header.Set("MCP-Session-Id", "sess-123")
+	rec := httptest.NewRecorder()
+	handler.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusNoContent {
+		t.Fatalf("status = %d, want %d", rec.Code, http.StatusNoContent)
+	}
+	if !strings.Contains(buf.String(), "mcp_session_id=sess-123") {
+		t.Fatalf("log output = %q, want mcp_session_id=sess-123", buf.String())
+	}
+}
+
+func TestAccessLogIncludesMCPSessionIDQueryParam(t *testing.T) {
+	var buf bytes.Buffer
+	logger := slog.New(slog.NewTextHandler(&buf, nil))
+	handler := AccessLog(logger)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusNoContent)
+	}))
+
+	req := httptest.NewRequest(http.MethodGet, "/sse?session_id=sess-q-1", nil)
+	rec := httptest.NewRecorder()
+	handler.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusNoContent {
+		t.Fatalf("status = %d, want %d", rec.Code, http.StatusNoContent)
+	}
+	if !strings.Contains(buf.String(), "mcp_session_id=sess-q-1") {
+		t.Fatalf("log output = %q, want mcp_session_id=sess-q-1", buf.String())
+	}
 }