mttrly

AI-powered incident management and server monitoring via MCP.

GitHub

mttrly MCP Server

License: MIT smithery badge

Remote MCP access to mttrly, an AI SRE agent for server health, diagnostics, playbooks, approvals, and audit history.

Scope

mttrly MCP is a remote Streamable HTTP connector. Every tool call reaches the mttrly Central API first; Central then talks to connected agents over the existing secure agent channel. A standalone agent does not expose a local MCP surface.

Variant A is intentionally remote-first: public catalogs point at the hosted endpoint, OAuth handles user authorization, and no npm package is required for normal client setup.

Connect

Claude.ai and Claude Desktop

Use the connector UI:

  1. Open Settings -> Connectors.
  2. Choose Add custom connector.
  3. Enter https://api.mttrly.com/mcp.
  4. Complete the OAuth sign-in flow.

Do not put the remote URL into claude_desktop_config.json; that file is for local stdio MCP servers.

Claude Code

claude mcp add --transport http mttrly https://api.mttrly.com/mcp

OpenAI Codex

Add this to ~/.codex/config.toml:

[mcp_servers.mttrly]
url = "https://api.mttrly.com/mcp"

Then complete OAuth login:

codex mcp login mttrly

Cursor

Add https://api.mttrly.com/mcp as a remote MCP server URL. Cursor should discover the protected resource metadata from the server challenge and start OAuth.

Auth

  • Remote transport uses OAuth 2.1 with PKCE S256 against https://app.mttrly.com.
  • The protected resource metadata URL is https://api.mttrly.com/.well-known/oauth-protected-resource/mcp.
  • Browser-origin MCP clients must be explicitly allowlisted with MCP_ALLOWED_ORIGINS.
  • Requests without an Origin header receive the normal 401 OAuth challenge.
  • Requests with an untrusted Origin header are rejected with 403 by design.

Tools

40 tools are available: 21 read tools and 19 execute tools. Always call mttrly_get_capabilities first to discover the current plan and any restrictions.

Read tools (21)

Tool IDTitlePlanDescription
mttrly_get_capabilitiesGet Plan CapabilitieswatchdogGet current plan, available tools, restricted tools, and plan limits. Call this first before using any other tool.
mttrly_list_serversList ServerswatchdogList all connected servers with online/offline status, server IDs, names, last seen, and agent version. Use mttrly_get_server_status for per-server CPU, RAM, disk, and active alert counts.
mttrly_get_server_statusGet Server StatuswatchdogGet detailed server health including CPU, RAM, disk usage, and active alert count.
mttrly_get_alertsGet Server AlertswatchdogGet alerts for a server with severity and status filtering. Plan-based retention limits apply.
mttrly_quick_triageQuick Server TriagewatchdogGet a shallow read-only diagnostic summary from safe Watchdog data: status, active alerts, and resource percentages.
mttrly_run_diagnosticRun Server Diagnosticdeployment_broRun a non-destructive diagnostic on a server. Describe the problem and the system will investigate. 30-second cooldown per server. Deployment Bro+ only — Watchdog has read-only inspect tools (status, alerts, list_playbooks).
mttrly_list_playbooksList PlaybookswatchdogList available remediation playbooks. Returns id, name, description, category, requires_approval flag, and optional parameters array. Filter by server_id or category.
mttrly_get_service_realityGet Service Realitydeployment_broGet the latest cached or live-refreshed service reality snapshot for a server, including discovery findings, services, runtimes, and current health context.
mttrly_refresh_realityRefresh Realitydeployment_broRun a live service reality refresh for a server and wait for the fresh snapshot, with a hard per-server cooldown window.
mttrly_get_server_timelineGet Server Timelinedeployment_broGet a unified recent timeline for a server that merges incidents, deploys, and audit events into one ordered stream.
mttrly_run_deploy_verifierRun Deploy Verifierdeployment_broRun the generic deploy verifier for a server. Returns healthcheck outcome, active incident context, and latest deploy status.
mttrly_read_fileRead Filedeployment_broRead allowlisted logs, Docker logs, Docker images, or managed env files from a server with shared redaction.
mttrly_read_privileged_fileRead Privileged Filedeployment_broRead an extended-allowlist privileged file, such as sudoers overrides or root authorized_keys, with shared redaction.
mttrly_search_filesSearch Filesdeployment_broSearch allowlisted files on a server for a literal query string, with optional glob filtering and shared redaction.
mttrly_diff_fileDiff Filesdeployment_broDiff two allowlisted files on a server and return a unified diff with shared redaction.
mttrly_compare_source_to_distCompare Source To Distdeployment_broCompare a source tree to dist output on a server through the canonical read-only compare capability.
mttrly_get_install_healthGet Install Healthdeployment_broRead installer-owned health state, drift, and repair planning for a server through the canonical recovery backend path.
mttrly_search_knowledgeSearch Knowledgedeployment_broSearch saved postmortems, recipes, and notes using full-text search. Optionally filter to a server.
mttrly_get_morning_briefGet Morning Briefdeployment_broGet the current proactive brief for the user, including newly detected anomalies and recent knowledge artifacts.
mttrly_get_investigation_bypassGet Investigation Bypassdeployment_broRead the current bypass state for an investigation. Use between exec calls to verify the bypass is still active without consuming an action slot.
mttrly_acknowledge_proactive_eventAcknowledge Proactive Eventdeployment_broMark a proactive event as accepted or as a false positive on behalf of the user. Drives the false-positive budget that mutes noisy detectors.

Execute tools (19)

Tool IDTitlePlanDescription
mttrly_run_playbookRun Playbookdeployment_broExecute a playbook on a server. Read-only playbooks run immediately; approval-required playbooks return pending_approval.
mttrly_execute_commandExecute Shell Commanddeployment_broRequest execution of an arbitrary shell command on a server. Read-only commands and active investigation bypasses can execute immediately; otherwise returns pending_approval.
mttrly_get_pending_actionsGet Pending Actionsdeployment_broList actions awaiting approval, created by mttrly_run_playbook or mttrly_execute_command. Returns action_id, server, type, description, and expiry. Actions expire after 30 minutes. Use mttrly_approve_action to approve or mttrly_cancel_action to reject.
mttrly_get_action_resultGet Action Resultdeployment_broRetrieve the current or terminal result for an action created by mttrly_run_playbook or mttrly_execute_command.
mttrly_approve_actionApprove or Reject Actiondeployment_broApprove or reject a pending action. Only call after explicit user confirmation; blocks until execution completes.
mttrly_cancel_actionCancel Actiondeployment_broCancel a pending action by rejecting it. Only call after explicit user confirmation.
mttrly_get_audit_logGet Audit Logdeployment_broGet the chronological audit trail for a server. Includes command executions, playbook runs, alert triggers, and agent fixes with source attribution (mcp/telegram/dashboard/api) and outcome.
mttrly_write_fileWrite Filedeployment_broWrite base64-encoded content to a managed server file. Always returns a pending approval action.
mttrly_cleanup_fileCleanup Filedeployment_broDelete an allowlisted managed server file. Always returns a pending approval action.
mttrly_execute_scriptExecute Scriptdeployment_broExecute an allowlisted managed script or an inline batch script on a server through the canonical script capability. Active investigation bypasses can execute immediately; otherwise returns pending_approval.
mttrly_bootstrap_recoverBootstrap Recoverdeployment_broGenerate the canonical bootstrap recovery one-liner for a server and install token.
mttrly_repair_installRepair Installdeployment_broRun canonical install recovery strategies such as issue-driven repair, full install-state convergence, wrapper reprovision, or agent uninstall. Always returns a pending approval action.
mttrly_regenerate_install_tokenRegenerate Install TokenwatchdogGenerate a new reinstall command for an existing offline server. Requires approval, rotates agent credentials, preserves server history, and does not clean the host.
mttrly_decommission_serverDelete Offline ServerwatchdogRemove an offline/dead server from the Central registry only. Requires approval and does not clean files, users, or systemd on the host.
mttrly_update_agentUpdate Agentdeployment_broUpdate the mttrly agent on a server through the canonical core update capability. Always returns a pending approval action.
mttrly_start_investigationStart Investigationdeployment_broStart or resume a server investigation bound to the current MCP session. Requires a short-lived MCP session.
mttrly_generate_retrospectiveGenerate Retrospectivedeployment_broGenerate a deterministic retrospective from the current server timeline, verifier state, and stored knowledge. Persists a postmortem entry.
mttrly_acquire_investigation_bypassAcquire Investigation Bypassdeployment_broAcquire a session-wide approval bypass on an open investigation. Requires 2FA. Subsequent execute_command/execute_script on the investigation server skip per-command approval until expiry, max actions, or revoke.
mttrly_revoke_investigation_bypassRevoke Investigation Bypassdeployment_broImmediately revoke an active investigation bypass. Subsequent exec returns to per-command approval. Idempotent: revoking an already-revoked bypass returns the current state instead of erroring.

Errors

CodeDescriptionSuggested action
ACTION_EXPIREDPending action exceeded the 30-minute TTL and was automatically cancelled.Re-run the original command or playbook to create a new pending action.
ACTION_NOT_FOUNDPending action was not found.List pending actions again and use a fresh action_id.
AUTH_FAILEDAuthentication failed or the provided credentials are invalid.Refresh authentication and retry with a valid API key or OAuth token.
CONNECTION_ERRORThe MCP server could not reach the backend API.Retry the request after connectivity is restored.
CONTRACT_VERSION_UNSUPPORTEDThe client requested an unsupported MCP contract major version.Upgrade the MCP client or use a currently supported contract major.
DIAGNOSTIC_COOLDOWNThe per-server diagnostic cooldown has not expired yet.Wait for the cooldown period to expire before retrying.
DOCKER_NOT_AVAILABLEDocker is not installed on the target server, so Docker playbooks are unavailable.Skip Docker playbooks or install Docker on the server first.
FORBIDDENThe requested MCP resource belongs to a different user or plan context.Re-fetch the latest server, playbook, or action IDs for the current account.
INTERNAL_ERRORThe backend hit an unexpected internal error.Retry once. If it keeps failing, inspect backend logs or contact support.
NOT_FOUNDThe requested MCP resource was not found.Refresh the relevant list endpoint and retry with a valid identifier.
PLAN_REQUIREDThe requested tool requires a higher subscription plan.Inform the user about the plan limitation and show the upgrade URL.
POLICY_DENIEDThe request was rejected by a known Central-side safety policy before execution.Choose a permitted target path or operation and retry.
PLAYBOOK_NOT_AVAILABLEThe selected playbook is not currently available on the target server.Refresh the playbook list for that server and pick one of the advertised playbooks.
PLAYBOOK_NOT_FOUNDThe specified playbook ID does not exist.Call mttrly_list_playbooks and choose a valid playbook_id.
RATE_LIMITEDThe request exceeded the current MCP rate limit window.Wait for the rate limit window to reset and retry.
SERVER_NOT_FOUNDThe specified server ID does not exist or does not belong to the current user.Call mttrly_list_servers to see the available server IDs.
SERVER_OFFLINEThe target server agent is not currently connected.Check whether the mttrly agent is running on the server.
SERVER_ONLINEThe target server is online, so registry-only delete is blocked.Use Delete to uninstall the agent first, or wait until the server is offline before deleting the registry record.
TIMEOUTThe request exceeded the configured timeout.Retry the request, or narrow the scope if the operation is expensive.
UNKNOWN_ERRORAn unknown error occurred in the MCP server.Retry the request and inspect the raw error details if it persists.
VALIDATION_ERRORThe request failed schema or parameter validation.Check the request parameters against the advertised tool schema.
APPROVAL_NOTIFICATION_FAILEDA pending action was created but the approval prompt could not be delivered to the user; the action has been failed-closed.Inspect the action_id in the error details to confirm the action is no longer pending, then retry the original request to create a fresh action.
INVESTIGATION_CLOSEDThe investigation is already closed and cannot acquire a bypass.Open a fresh investigation with mttrly_start_investigation before requesting bypass.
BYPASS_ALREADY_ACTIVEThis investigation already has an active, non-revoked bypass.Use the current bypass; or call mttrly_revoke_investigation_bypass and re-acquire if you need different limits.
BYPASS_ACQUIRE_FAILEDCould not acquire investigation bypass — investigation state changed between check and update.Re-read the investigation status and retry; if the investigation closed, start a new one.

Plans

Limits

PlanServersLog linesLog retention (days)Scheduled checks
watchdog15070
deployment_bro3500305
deployment_crew950030Unlimited

Access matrix

ToolWatchdogDeployment BroDeployment Crew
mttrly_get_capabilities
mttrly_list_servers
mttrly_get_server_status
mttrly_get_alerts
mttrly_quick_triage
mttrly_run_diagnostic
mttrly_list_playbooks
mttrly_run_playbook
mttrly_execute_command
mttrly_get_pending_actions
mttrly_get_action_result
mttrly_approve_action
mttrly_cancel_action
mttrly_get_audit_log
mttrly_get_service_reality
mttrly_refresh_reality
mttrly_get_server_timeline
mttrly_run_deploy_verifier
mttrly_read_file
mttrly_read_privileged_file
mttrly_search_files
mttrly_diff_file
mttrly_compare_source_to_dist
mttrly_get_install_health
mttrly_write_file
mttrly_cleanup_file
mttrly_execute_script
mttrly_bootstrap_recover
mttrly_repair_install
mttrly_regenerate_install_token
mttrly_decommission_server
mttrly_update_agent
mttrly_start_investigation
mttrly_generate_retrospective
mttrly_search_knowledge
mttrly_get_morning_brief
mttrly_get_investigation_bypass
mttrly_acquire_investigation_bypass
mttrly_revoke_investigation_bypass
mttrly_acknowledge_proactive_event

Support

Related Servers