Rootly MCP server

{"id":"Rootly-MCP-server-50c","title":"Implement comprehensive MCP server improvements (6-stage plan)","description":"Execute the comprehensive 6-stage improvement plan for the Rootly MCP server.\n\n**Plan Location**: /Users/sylvainkalache/.claude/plans/velvet-gathering-meerkat.md\n\n**Overview**:\n- Stage 1: Critical Security Fixes (Week 1)\n- Stage 2: Error Handling Refactoring (Week 2)\n- Stage 3: Code Complexity Reduction (Weeks 3-4)\n- Stage 4: Comprehensive Test Coverage (Week 5)\n- Stage 5: MCP Protocol Compliance (Week 6)\n- Stage 6: Code Simplification \u0026 Documentation (Weeks 7-8)\n\n**Key Outcomes**:\n- Zero security vulnerabilities\n- \u003e80% test coverage\n- All functions \u003c50 lines\n- Full MCP protocol compliance\n- Zero breaking changes\n\n**Dependencies**:\nThis bead blocks:\n- Rootly-MCP-server-jds (traceback exposure)\n- Rootly-MCP-server-561 (token logging)\n- Rootly-MCP-server-a8z (output schemas)\n- Rootly-MCP-server-b2d (request cancellation)\n- Rootly-MCP-server-9tl (prompt definitions)\n\n**Timeline**: 6-8 weeks\n**Estimated Effort**: 1-2 developers\n\nSee plan file for complete details, tradeoffs, and implementation strategy.","status":"open","priority":2,"issue_type":"task","owner":"sylvain@kalache.fr","created_at":"2026-01-27T18:42:19.916971-05:00","created_by":"Sylvain Kalache","updated_at":"2026-01-27T18:42:19.916971-05:00"} {"id":"Rootly-MCP-server-561","title":"Stop logging API token prefixes","description":"Debug output logs first 5 characters of API token (line 116 in server.py), which is sensitive information that should never be logged.\n\n**Impact**: HIGH - security/compliance concern\n**Files**: src/rootly_mcp_server/server.py (line 116)\n\n**Security issue**:\n- Even partial token exposure is a security risk\n- Violates security best practices and compliance requirements\n\n**Acceptance criteria**:\n- Remove all token logging\n- Replace with simple 'Token validated' message\n- Audit codebase for other sensitive data in logs","status":"open","priority":2,"issue_type":"task","owner":"sylvain@kalache.fr","created_at":"2026-01-27T18:31:39.25723-05:00","created_by":"Sylvain Kalache","updated_at":"2026-01-27T18:31:39.25723-05:00"} {"id":"Rootly-MCP-server-9tl","title":"Add prompt definitions for incident workflows","description":"Server is tool-only with no prompt definitions. Adding domain-specific prompts would improve usability for common incident management workflows.\n\n**Impact**: Medium - feature enhancement, protocol compliance\n**Files**: src/rootly_mcp_server/server.py (new @mcp.prompt() definitions)\n\n**Missing prompts**:\n- 'incident-triage' - structured incident analysis\n- 'oncall-handoff' - shift handoff template \n- 'incident-postmortem' - retrospective analysis\n\n**Acceptance criteria**:\n- Define 3 domain-specific prompts\n- Follow MCP prompt specification\n- Include appropriate arguments and templates","status":"open","priority":2,"issue_type":"task","owner":"sylvain@kalache.fr","created_at":"2026-01-27T18:31:39.949723-05:00","created_by":"Sylvain Kalache","updated_at":"2026-01-27T18:31:39.949723-05:00"} {"id":"Rootly-MCP-server-a8z","title":"Add output schemas to MCP tools","description":"Tools currently return dicts but don't declare their response structure in schema form. This makes it harder for clients to understand what data to expect.\n\n**Impact**: Medium - improves client integration\n**Files**: src/rootly_mcp_server/server.py (custom tools at lines 1124-1136, etc.)\n\n**Details from review**:\n- 7 custom tools need output schemas defined\n- search_incidents(), find_related_incidents(), suggest_solutions(), etc.\n- Should use MCP OutputSchema specification\n\n**Acceptance criteria**:\n- All custom tools have defined output schemas\n- Schemas match actual response structure\n- Follow MCP protocol specifications","status":"open","priority":2,"issue_type":"task","owner":"sylvain@kalache.fr","created_at":"2026-01-27T18:31:38.503711-05:00","created_by":"Sylvain Kalache","updated_at":"2026-01-27T18:31:38.503711-05:00"} {"id":"Rootly-MCP-server-b2d","title":"Implement request cancellation support","description":"Tools don't support MCP's request cancellation protocol, which prevents clients from canceling long-running operations.\n\n**Impact**: Medium - protocol compliance and UX\n**Files**: src/rootly_mcp_server/server.py (all tool implementations)\n\n**MCP protocol gap**:\n- No cancellation handlers implemented\n- Long-running tools (search_incidents, find_related_incidents) can't be canceled\n- Affects client responsiveness\n\n**Acceptance criteria**:\n- Add cancellation support to all async tools\n- Handle cancellation gracefully\n- Follow MCP cancellation protocol specification","status":"open","priority":2,"issue_type":"task","owner":"sylvain@kalache.fr","created_at":"2026-01-27T18:31:39.596691-05:00","created_by":"Sylvain Kalache","updated_at":"2026-01-27T18:31:39.596691-05:00"} {"id":"Rootly-MCP-server-jds","title":"Remove traceback exposure in error responses","description":"Error handling currently includes full exception tracebacks in error details (lines 1134, 1700 in server.py), which could leak sensitive information.\n\n**Impact**: HIGH - security concern\n**Files**: src/rootly_mcp_server/server.py (lines 1130-1135, 1697-1701)\n\n**Security issue**:\n- Tracebacks may expose file paths, environment details, internal logic\n- Error responses should sanitize exception details for clients\n\n**Acceptance criteria**:\n- Remove traceback from error responses\n- Keep error type and user-friendly message\n- Add proper logging for internal debugging without exposing to clients","status":"open","priority":2,"issue_type":"task","owner":"sylvain@kalache.fr","created_at":"2026-01-27T18:31:38.897731-05:00","created_by":"Sylvain Kalache","updated_at":"2026-01-27T18:31:38.897731-05:00"}