Skip to main content
Glama

bpftrace MCP Server

by eunomia-bpf
GitHub
Python
MIT License
42
  • Linux
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

bpftrace MCP Server: generate eBPF to trace linux kernel

A minimal MCP (Model Context Protocol) server that provides AI assistants with access to bpftrace kernel tracing capabilities.

Now implemented in Rust using the rmcp crate for better performance and type safety. The Python implementation is still available in the git history.

bpftrace MCP Server Demo

Features

  • AI-Powered Kernel Debugging: Enable AI assistants to help you debug complex Linux kernel issues through natural language - no eBPF expertise required
  • Discover System Trace Points: Browse and search through thousands of kernel probes to find exactly what you need to monitor - from system calls to network packets
  • Rich Context and Examples: Access a curated collection of production-ready bpftrace scripts for common debugging scenarios like performance bottlenecks, security monitoring, and system troubleshooting
  • Secure Execution Model: Run kernel traces safely without giving AI direct root access - MCPtrace acts as a secure gateway with proper authentication
  • Asynchronous Operation: Start long-running traces and retrieve results later - perfect for monitoring production issues that occur intermittently
  • System Capability Detection: Automatically discover what tracing features your kernel supports, including available helpers, map types, and probe types

Why MCPtrace?

Debugging kernel issues traditionally requires deep eBPF expertise. MCPtrace changes that.

By bridging AI assistants with bpftrace (the perfect eBPF tracing language), MCPtrace lets you debug complex system issues through natural conversation. Just describe what you want to observe - "show me which processes are opening files" or "trace slow disk operations" - and let AI generate the appropriate kernel traces.

AI never gets root access. MCPtrace acts as a secure gateway, and with its rich collection of example scripts and probe information, AI has everything needed to help you understand what's happening inside your kernel. No eBPF expertise required.

Installation

Prerequisites

  1. Install Rust (if not already installed):
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
  1. Ensure bpftrace is installed:
sudo apt-get install bpftrace # Ubuntu/Debian # or sudo dnf install bpftrace # Fedora
cargo install bpftrace-mcp-server

This will install the bpftrace-mcp-server binary to your Cargo bin directory (usually ~/.cargo/bin/).

Build from Source

Alternatively, you can build from source:

git clone https://github.com/yunwei37/MCPtrace cd MCPtrace cargo build --release

The binary will be available at ./target/release/bpftrace-mcp-server.

Quick Setup

Use our automated setup scripts:

  • Claude Desktop: ./setup/setup_claude.sh
  • Claude Code: ./setup/setup_claude_code.sh

For detailed setup instructions and manual configuration, see setup/SETUP.md.

Running the Server

If installed via cargo install

bpftrace-mcp-server

If built from source

./target/release/bpftrace-mcp-server

Development mode (from source)

cargo run --release

Manual Configuration

For manual setup instructions for Claude Desktop or Claude Code, see setup/SETUP.md.

Usage Examples

List System Call Probes

await list_probes(filter="syscalls:*read*")

Get BPF System Information

info = await bpf_info() # Returns system info, kernel helpers, features, map types, and probe types

Execute a Simple Trace

result = await exec_program( 'tracepoint:syscalls:sys_enter_open { printf("%s\\n", comm); }', timeout=10 ) exec_id = result["execution_id"]

Get Results

output = await get_result(exec_id) print(output["output"])

Security Notes

  • The server requires sudo access for bpftrace
  • Password Handling: Create a .env file with your sudo password:
    echo "BPFTRACE_PASSWD=your_sudo_password" > .env
  • Alternative: Configure passwordless sudo for bpftrace:
    sudo visudo # Add: your_username ALL=(ALL) NOPASSWD: /usr/bin/bpftrace
  • No script validation - trust the AI client to generate safe scripts
  • Resource limits: 60s max execution, 10k lines buffer
  • See SECURITY.md for detailed security configuration

Architecture

The Rust server uses:

  • Tokio async runtime for concurrent operations
  • Subprocess management for bpftrace execution
  • DashMap for thread-safe in-memory buffering
  • Automatic cleanup of old buffers
  • rmcp crate for MCP protocol implementation

Limitations

  • No real-time streaming (use get_result to poll)
  • Simple password handling (improve for production)
  • No persistent storage of executions
  • Basic error handling

Documentation

Future Enhancements

  • Add SSE transport for real-time streaming
  • Implement proper authentication
  • Add script validation and sandboxing
  • Support for saving/loading trace sessions
  • Integration with eBPF programs

This server cannot be installed

-
security - not tested
A
license - permissive license
-
quality - not tested

How are these scores calculated?

local-only server

The server can only run on the client's local machine because it depends on local resources.

A minimal server that provides AI assistants with access to Linux kernel tracing capabilities through bpftrace, enabling dynamic tracing and performance analysis via the Model Context Protocol.

  1. Features
    1. Why MCPtrace?
      1. Installation
        1. Prerequisites
        2. Install from crates.io (Recommended)
        3. Build from Source
        4. Quick Setup
      2. Running the Server
        1. If installed via cargo install
        2. If built from source
        3. Development mode (from source)
        4. Manual Configuration
      3. Usage Examples
        1. List System Call Probes
        2. Get BPF System Information
        3. Execute a Simple Trace
        4. Get Results
      4. Security Notes
        1. Architecture
          1. Limitations
            1. Documentation
              1. Future Enhancements

                Related MCP Servers

                • Sentry MCP Server

                  codyde
                  A
                  security
                  F
                  license
                  A
                  quality
                  A Model Context Protocol server that enables AI assistants to interact with Sentry for error tracking and monitoring, allowing retrieval and analysis of error data, project management, and performance monitoring through the Sentry API.
                  Last updated -
                  10
                  19
                  TypeScript

                • Scrapybara MCP

                  Scrapybara
                  A
                  security
                  A
                  license
                  A
                  quality
                  A Model Context Protocol server that enables AI clients to interact with virtual Ubuntu desktops, allowing them to browse the web, run code, and control instances through mouse/keyboard actions and bash commands.
                  Last updated -
                  5
                  15
                  JavaScript
                  MIT License

                • MCP Terminal

                  sichang824
                  A
                  security
                  A
                  license
                  A
                  quality
                  A server that enables AI assistants to execute terminal commands and retrieve outputs via the Model Context Protocol (MCP).
                  Last updated -
                  3
                  16
                  Python
                  MIT License
                  • Apple
                  • Linux

                • Sentry MCP Serverofficial

                  getsentry
                  A
                  security
                  F
                  license
                  A
                  quality
                  A Model Context Protocol server that lets AI assistants interact with the Sentry API to retrieve and analyze error data, manage projects, and monitor application performance.
                  Last updated -
                  11
                  7
                  TypeScript

                View all related MCP servers

                New MCP Servers

                MCP directory API

                We provide all the information about MCP servers via our MCP API.

                curl -X GET 'https://glama.ai/api/mcp/v1/servers/eunomia-bpf/MCPtrace'

                If you have feedback or need assistance with the MCP directory API, please join our Discord server