Which integrations are available for this server?

Provides integration with Datadog to fetch alerts, metrics, logs, and traces as evidence for incident triage. Provides integration with Jira (Cloud) to create tickets as part of incident triage workflow, with safety gates. Provides integration with Opsgenie to retrieve alerts as evidence for incident triage. Provides integration with PagerDuty to retrieve alerts as evidence for incident triage. Provides integration with Prometheus to retrieve alerts and metrics as evidence for incident triage. Provides integration with Slack to send notifications during incident triage.

How do I use Incident Triage MCP?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@Incident Triage MCP triage incident INC-123" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

Incident Triage MCP

by felixkwasisarpong

Overview Schema Related Servers Score Discussions

Python

Hybrid

Incident Triage MCP

Python MCP Transport Docker Kubernetes License

Incident Triage MCP is a Model Context Protocol (MCP) server for incident triage. It provides safe, auditable tools for evidence retrieval, deterministic summaries, ticket workflows, and notifications.

What This Project Is

MCP control plane for incident triage tools.
Compatible with local (stdio) and networked (streamable-http) MCP clients.
Designed for standalone mode, Docker Compose, and Kubernetes.

Related MCP server: ilert

What This Project Is Not

Not a standalone LLM agent platform.
Not a provider credentials vault.
Not a replacement for your evidence pipeline; it consumes normalized evidence bundles.

Architecture Snapshot

MCP server stays thin and policy-focused.
Evidence collection runs in Airflow (optional) and writes EvidenceBundle artifacts.
Agents call MCP tools only.
Contract stability is defined under spec/.

For full details, see docs/ARCHITECTURE.md.

Core Tools

Tool	Purpose	Mutating
`evidence_get_bundle`	Fetch normalized EvidenceBundle for an incident	No
`evidence_wait_for_bundle`	Poll until bundle is available	No
`incident_triage_summary`	Build deterministic triage summary from bundle	No
`jira_draft_ticket`	Build non-mutating ticket draft	No
`jira_create_ticket`	Create ticket with safety gates	Yes

Mutating actions are guarded by RBAC, dry_run, confirm_token, audit logging, and idempotency.

Provider Matrix

Area	Supported providers
Alerts	`mock`, `datadog`, `cloudwatch`, `prometheus`, `pagerduty`, `opsgenie`
Metrics	`mock`, `datadog`, `cloudwatch`, `prometheus`
Logs	`mock`, `datadog`, `cloudwatch`, `elk`, `none`
Traces	`mock`, `datadog`, `cloudwatch`, `xray`, `otel`, `none`
Ticketing (`JIRA_PROVIDER`)	`mock`, `cloud`, `servicenow`
Notify (`NOTIFY_PROVIDER`)	`slack`, `teams`

Quick Start

Local (stdio)

python -m venv .venv
source .venv/bin/activate
pip install -e .

MCP_TRANSPORT=stdio \
WORKFLOW_BACKEND=none \
EVIDENCE_BACKEND=fs \
EVIDENCE_DIR=./evidence \
incident-triage-mcp

Local agent run (single incident)

incident-triage-agent \
  --incident-id INC-123 \
  --service payments-api \
  --artifact-store fs \
  --artifact-dir ./evidence \
  --compact

Docker (streamable-http)

docker run --rm -p 3333:3333 \
  -e MCP_TRANSPORT=streamable-http \
  -e WORKFLOW_BACKEND=none \
  -e EVIDENCE_BACKEND=fs \
  ghcr.io/felixkwasisarpong/incident-triage-mcp:latest

Optional local stack (Airflow + Postgres + MinIO + MCP):

docker compose up --build

Kubernetes: One Agent Job Per Trigger

This is the recommended runtime pattern:

Incoming trigger (webhook/manual) arrives.
Dispatcher (or operator) creates one Kubernetes Job per incident.
Job runs incident-triage-agent once and exits.
Agent calls MCP tools over HTTP.
MCP optionally triggers Airflow DAG (incident_evidence_v1) and consumes bundle from fs/s3.

Deploy MCP server (Helm)

helm upgrade --install incident-triage-mcp ./charts/incident-triage-mcp \
  --namespace incident-triage --create-namespace \
  --set image.repository=ghcr.io/felixkwasisarpong/incident-triage-mcp \
  --set image.tag=0.2.8 \
  --set env.MCP_TRANSPORT=streamable-http \
  --set env.MCP_HTTP_AUTH_MODE=api_key \
  --set secretEnv.MCP_HTTP_API_KEY=change-me

Trigger one incident with a single-run agent Job

kubectl -n incident-triage create job triage-inc-123 \
  --image=ghcr.io/felixkwasisarpong/incident-triage-mcp:0.2.8 \
  -- incident-triage-agent \
  --incident-id INC-123 \
  --service payments-api \
  --mcp-url http://incident-triage-mcp/mcp \
  --mcp-api-key change-me \
  --compact

Ensure single-run behavior

Use deterministic job names per incident (triage-inc-<incident_id>).
Reject duplicates at dispatcher level if job already exists.
Keep ticket creates idempotent with idempotency_key.
Configure Job lifecycle controls (backoffLimit, activeDeadlineSeconds, ttlSecondsAfterFinished).

Configuration Essentials

Variable	Meaning
`MCP_TRANSPORT`	`stdio` or `streamable-http`
`WORKFLOW_BACKEND`	`none` or `airflow`
`EVIDENCE_BACKEND`	`none`, `fs`, `s3`, `airflow`
`EVIDENCE_DIR`	Local bundle directory when using `fs`
`AIRFLOW_BASE_URL`	Required for Airflow trigger/read tools
`MCP_HTTP_AUTH_MODE`	`none`, `api_key`, `jwt_hs256`
`AUDIT_MODE`	`stdout` (recommended in k8s) or `file`
`DEPLOYMENT_PROFILE`	`local`, `staging`, `prod`

Profile templates live in deploy/profiles/:

local.env.example
staging.env.example
prod.env.example

Testing

Run full tests:

pytest -q

Run contract checks only:

pytest -q tests/test_contract_evidence_bundle.py tests/test_contract_mcp_tools.py
python scripts/validate_contrib.py

Releases

Install from PyPI

pip install incident-triage-mcp==X.Y.Z

Pull container image

docker pull ghcr.io/felixkwasisarpong/incident-triage-mcp:X.Y.Z

Supported image tags:

X.Y.Z (exact)
X.Y (minor stream)
latest

For release workflow details, see docs/RELEASING.md.

Project Layout

incident-triage-mcp/
  src/incident_triage_mcp/      # MCP server + tools + adapters
  spec/                         # versioned contracts
  airflow/dags/                 # evidence pipeline
  charts/incident-triage-mcp/   # Helm chart
  k8s/                          # Kubernetes manifests
  contrib/                      # polyglot contribution area
  docs/                         # architecture, release, governance docs

Support And Triage

Discussions: https://github.com/felixkwasisarpong/incident-triage-mcp/discussions
Issues: https://github.com/felixkwasisarpong/incident-triage-mcp/issues
Security reports: SECURITY.md

Documentation Index

Contributing

Read CONTRIBUTING.md before opening a PR.

License

MIT

Install Server

license - permissive license

quality

maintenance

How are these scores calculated?

Maintenance

–Maintainers

–Response time

1dRelease cycle

6Releases (12mo)

Commit activity

Resources

GitHub Repository

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Tools

View all tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/felixkwasisarpong/incident-triage-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server