{"id":49518889,"url":"https://github.com/thotischner/observability-mcp","last_synced_at":"2026-06-11T19:00:26.757Z","repository":{"id":355080272,"uuid":"1193031308","full_name":"ThoTischner/observability-mcp","owner":"ThoTischner","description":"Unified observability gateway for AI agents — one MCP server for Prometheus, Loki, and any backend, with cross-signal anomaly detection and a built-in Web UI.","archived":false,"fork":false,"pushed_at":"2026-06-09T21:09:02.000Z","size":17021,"stargazers_count":5,"open_issues_count":2,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-09T21:11:40.923Z","etag":null,"topics":["ai-agents","anomaly-detection","anthropic","claude","gateway","helm","kubernetes","llm","loki","mcp","mcp-server","model-context-protocol","monitoring","observability","prometheus","sre"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/@thotischner/observability-mcp","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ThoTischner.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":"SUPPORT.md","governance":null,"roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":"CLA.md"}},"created_at":"2026-03-26T20:01:28.000Z","updated_at":"2026-06-09T21:04:58.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/ThoTischner/observability-mcp","commit_stats":null,"previous_names":["thotischner/observability-mcp"],"tags_count":52,"template":false,"template_full_name":null,"purl":"pkg:github/ThoTischner/observability-mcp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThoTischner%2Fobservability-mcp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThoTischner%2Fobservability-mcp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThoTischner%2Fobservability-mcp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThoTischner%2Fobservability-mcp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ThoTischner","download_url":"https://codeload.github.com/ThoTischner/observability-mcp/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThoTischner%2Fobservability-mcp/sbom","scorecard":{"id":1246820,"data":{"date":"2026-05-01T20:02:41Z","repo":{"name":"github.com/ThoTischner/observability-mcp","commit":"831bf2f98e93bf2b989fa7a7c5f981f30e9cbe92"},"scorecard":{"version":"v5.0.0","commit":"ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4"},"score":4.3,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":-1,"reason":"no pull request found","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#ci-tests"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":0,"reason":"Found 0/17 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#code-review"}},{"name":"Contributors","score":3,"reason":"project has 1 contributing companies or organizations -- score normalized to 3","details":["Info: system vertrieb alexander gmbh contributor org/company found, "],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#contributors"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#dependency-update-tool"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#license"}},{"name":"Maintained","score":0,"reason":"project was created in last 90 days. please review its contents carefully","details":["Warn: Repository was created in last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#maintained"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/docker-publish.yml:14"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":1,"reason":"dependency not pinned by hash detected -- score normalized to 1","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/auto-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-release.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/auto-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-publish.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/docker-publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/docker-publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/docker-publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/docker-publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/docker-publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/npm-publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/npm-publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scorecard.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/scorecard.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/scorecard.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/scorecard.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scorecard.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/scorecard.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/security.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/security.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/security.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/security.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/security.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/security.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/security.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/security.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/security.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/security.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/security.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/security.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/ThoTischner/observability-mcp/security.yml/main?enable=pin","Warn: containerImage not pinned by hash: agent/Dockerfile:1: pin your Docker image by updating node:20-alpine to node:20-alpine@sha256:fb4cd12c85ee03686f6af5362a0b0d56d50c58a04632e6c0fb8363f609372293","Warn: containerImage not pinned by hash: example-services/Dockerfile:1: pin your Docker image by updating node:20-alpine to node:20-alpine@sha256:fb4cd12c85ee03686f6af5362a0b0d56d50c58a04632e6c0fb8363f609372293","Warn: containerImage not pinned by hash: mcp-server/Dockerfile:1: pin your Docker image by updating node:20-alpine to node:20-alpine@sha256:fb4cd12c85ee03686f6af5362a0b0d56d50c58a04632e6c0fb8363f609372293","Warn: npmCommand not pinned by hash: agent/Dockerfile:4","Warn: npmCommand not pinned by hash: example-services/Dockerfile:4","Warn: npmCommand not pinned by hash: mcp-server/Dockerfile:4","Warn: npmCommand not pinned by hash: .github/workflows/security.yml:25","Info:   0 out of  18 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   9 third-party GitHubAction dependencies pinned","Info:   0 out of   3 containerImage dependencies pinned","Info:   3 out of   7 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":10,"reason":"SAST tool detected: CodeQL","details":["Info: SAST configuration detected: CodeQL","Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#sast"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#signed-releases"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:16","Info: jobLevel 'contents' permission set to 'read': .github/workflows/docker-publish.yml:17","Info: jobLevel 'contents' permission set to 'read': .github/workflows/npm-publish.yml:12","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:16","Info: jobLevel 'contents' permission set to 'read': .github/workflows/security.yml:49","Warn: topLevel 'contents' permission set to 'write': .github/workflows/auto-release.yml:9","Warn: no topLevel permission defined: .github/workflows/codeql.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/dependabot-automerge.yml:9","Warn: no topLevel permission defined: .github/workflows/docker-publish.yml:1","Warn: no topLevel permission defined: .github/workflows/npm-publish.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:10","Warn: no topLevel permission defined: .github/workflows/security.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":3,"reason":"7 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-92pp-h63x-v22m","Warn: Project is vulnerable to: GHSA-26pp-8wgv-hjvm","Warn: Project is vulnerable to: GHSA-458j-xx4x-4375","Warn: Project is vulnerable to: GHSA-r5rp-j6wh-rvv4","Warn: Project is vulnerable to: GHSA-wmmm-f939-6g9c","Warn: Project is vulnerable to: GHSA-xf4j-xp2r-rqqx","Warn: Project is vulnerable to: GHSA-xpcf-pg52-r92g"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2026-05-01T20:24:24.781Z","repository_id":355080272,"created_at":"2026-05-01T20:24:24.781Z","updated_at":"2026-05-01T20:24:24.781Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34213179,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-11T02:00:06.485Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","anomaly-detection","anthropic","claude","gateway","helm","kubernetes","llm","loki","mcp","mcp-server","model-context-protocol","monitoring","observability","prometheus","sre"],"created_at":"2026-05-01T23:00:45.901Z","updated_at":"2026-06-11T19:00:26.722Z","avatar_url":"https://github.com/ThoTischner.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# observability-mcp\n\n**The unified observability gateway for AI agents.**\n\nOne MCP server that connects to any observability backend through pluggable connectors,\nnormalizes the data, adds robust anomaly analysis, and provides a web UI for configuration.\n\n*One MCP endpoint, every backend — so an agent triaging an incident asks one normalized\nquestion instead of juggling N vendor servers and their query languages.*\n\n**0/10 → 10/10:** the same 8B local model goes from hallucinating blast-radius answers\nto exactly correct ones once it gets this gateway's topology tools —\n[measured, not asserted](docs/benchmark-astronomy-shop.md).\n\n\u003c/div\u003e\n\n```bash\nnpx @thotischner/observability-mcp                                    # start (UI on :3000)\nclaude mcp add observability --transport http http://localhost:3000/mcp   # wire into Claude\n```\n\nTwelve read-only tools (`readOnlyHint: true` on every one) · server-side filter/aggregate\nso agents get **numbers, not haystacks** · [For-Agents guide](https://thotischner.github.io/observability-mcp/for-agents/)\n\n\u003cdiv align=\"center\"\u003e\n\n[![License: Apache 2.0](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](LICENSE)\n[![npm](https://img.shields.io/npm/v/@thotischner/observability-mcp?logo=npm)](https://www.npmjs.com/package/@thotischner/observability-mcp)\n[![npm downloads](https://img.shields.io/npm/dm/@thotischner/observability-mcp?logo=npm\u0026label=downloads)](https://www.npmjs.com/package/@thotischner/observability-mcp)\n[![GHCR](https://img.shields.io/badge/ghcr.io-observability--mcp-2496ED?logo=docker\u0026logoColor=white)](https://github.com/ThoTischner/observability-mcp/pkgs/container/observability-mcp)\n[![Smoke test](https://github.com/ThoTischner/observability-mcp/actions/workflows/integration.yml/badge.svg?branch=main)](https://github.com/ThoTischner/observability-mcp/actions/workflows/integration.yml)\n[![GitHub stars](https://img.shields.io/github/stars/ThoTischner/observability-mcp?style=flat\u0026logo=github)](https://github.com/ThoTischner/observability-mcp/stargazers)\n[![MCP SDK](https://img.shields.io/badge/MCP_SDK-1.29-orange)](https://modelcontextprotocol.io)\n[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/observability-mcp)](https://artifacthub.io/packages/search?repo=observability-mcp)\n\n\u003cdetails\u003e\n\u003csummary\u003eAll badges — CI, Helm, supply chain (cosign / SBOM / SLSA / provenance)\u003c/summary\u003e\n\u003cbr\u003e\n\n[![Helm IT](https://github.com/ThoTischner/observability-mcp/actions/workflows/helm-integration.yml/badge.svg?branch=main)](https://github.com/ThoTischner/observability-mcp/actions/workflows/helm-integration.yml)\n[![TypeScript](https://img.shields.io/badge/TypeScript-6.0-3178C6?logo=typescript\u0026logoColor=white)](https://www.typescriptlang.org/)\n[![Helm chart](https://img.shields.io/badge/helm-observability--mcp-0F1689?logo=helm\u0026logoColor=white)](./helm/observability-mcp)\n[![Provenance](https://img.shields.io/badge/npm-provenance-success?logo=npm)](https://docs.npmjs.com/generating-provenance-statements)\n[![Cosign signed](https://img.shields.io/badge/image-cosign_signed-2E7D32?logo=sigstore\u0026logoColor=white)](SECURITY.md#container-image--ghcr--scanned--cosign-signed--syft-sbom)\n[![SBOM CycloneDX](https://img.shields.io/badge/SBOM-CycloneDX-AB47BC?logo=cyclonedx\u0026logoColor=white)](SECURITY.md#container-image--ghcr--scanned--cosign-signed--syft-sbom)\n[![SBOM SPDX](https://img.shields.io/badge/SBOM-SPDX-1976D2?logo=spdx\u0026logoColor=white)](SECURITY.md#container-image--ghcr--scanned--cosign-signed--syft-sbom)\n[![SLSA provenance](https://img.shields.io/badge/SLSA-build_provenance-455A64?logo=slsa\u0026logoColor=white)](SECURITY.md#container-image--ghcr--scanned--cosign-signed--syft-sbom)\n[![Connector Hub](https://img.shields.io/badge/connector-hub-38bdf8?logo=googlechrome\u0026logoColor=white)](https://thotischner.github.io/observability-mcp/hub/)\n\n\u003c/details\u003e\n\n![observability-mcp — guided tour of the web UI](docs/demo.gif)\n\n\u003c/div\u003e\n\n---\n\n📖 **Full documentation site:** \u003chttps://thotischner.github.io/observability-mcp/\u003e\n\n🔌 **Open in MCP Inspector** — one-line interactive explorer:\n```bash\nnpx --yes @modelcontextprotocol/inspector \\\n  --config \u003c(npx --yes @thotischner/observability-mcp inspector-config)\n```\n\n## Why it matters — measured, not asserted\n\nOn a real Kubernetes-platform-team question (\"which other pods share a node with\n`payment-service` so we know what else falls over if that node goes down?\"), the same\nlocal model produces wildly different answers depending on the tools you hand it:\n\n| Tools available to the agent (llama3.1:8b, n=10) | Cross-namespace blast-radius accuracy |\n|---|:---:|\n| Generic metric + log + service tools | **0 / 10** \u0026nbsp;— hallucinates the wrong entity type (`prometheus`, `loki`, `kubernetes`) |\n| Same model + `get_topology` + `get_blast_radius` | **10 / 10** \u0026nbsp;— exact correct co-tenant list, every iteration |\n\nRaw JSON for both arms, plus three more scenarios (single-service RCA, in-namespace\nblast radius, scenarios where topology does *not* help), live in\n[docs/benchmark-astronomy-shop.md](docs/benchmark-astronomy-shop.md). The harness is in\n[`scripts/benchmark-rca.mjs`](scripts/benchmark-rca.mjs); re-run with `make benchmark-up \u0026\u0026 make benchmark-run`.\n\nWe don't claim universal speedup — the doc spells out exactly where the topology tools\nhelp (graph-shaped questions) and where they don't (pure single-metric drill-downs).\n\n---\n\n## Try it in 10 seconds\n\n```bash\nnpx @thotischner/observability-mcp\n# then open http://localhost:3000\n```\n\nWire it into Claude Code with one CLI call:\n\n```bash\nclaude mcp add observability --transport http http://localhost:3000/mcp\n```\n\n…or commit it to your repo as `.mcp.json` (works the same in Claude Desktop / Cursor):\n\n```json\n{\n  \"mcpServers\": {\n    \"observability\": {\n      \"transport\": { \"type\": \"http\", \"url\": \"http://localhost:3000/mcp\" }\n    }\n  }\n}\n```\n\nThe server starts with **zero sources**. Add Prometheus/Loki via the Web UI or `PROMETHEUS_URL` / `LOKI_URL` env vars.\n\n\u003e If you'd rather have the snippets above printed by a Make target — including\n\u003e custom-host / custom-port substitution — use `make connect-claude-code` or\n\u003e `make connect-cursor`. `make doctor` round-trips a real MCP handshake against\n\u003e a running server, reports the live governance posture (auth mode, redaction,\n\u003e audit-log persistence, per-identity rate cap), and tells you what to fix if\n\u003e it can't.\n\n\u003e **Multi-user / production?** See [docs/access-control.md](docs/access-control.md)\n\u003e for the opt-in basic-mode login + RBAC + audit log + per-identity rate limit\n\u003e setup. All off by default; the demo above is unchanged.\n\u003e\n\u003e **SSO via OIDC?** `make demo-oidc` boots a Keycloak + an OIDC-flavored\n\u003e mcp-server on port **3001** with three pre-provisioned users\n\u003e (`admin` / `operator` / `viewer`, password = username, DEMO ONLY).\n\u003e See [docs/auth-oidc.md](docs/auth-oidc.md) for production Keycloak /\n\u003e Authentik / Auth0 / Azure AD setups.\n\u003e\n\u003e **External RBAC via OPA?** `make demo-opa` boots an Open Policy Agent\n\u003e with an example Rego policy + an OPA-backed mcp-server on port **3002**.\n\u003e See [docs/policy-engines.md](docs/policy-engines.md) for the\n\u003e built-in / file / OPA backend trade-offs and migration paths.\n\u003e\n\u003e **Curated MCP Products?** Set `OMCP_PRODUCTS_FILE` to a YAML catalog\n\u003e ([`config/products.yaml.example`](mcp-server/config/products.yaml.example))\n\u003e and ship per-tenant/per-agent tool bundles instead of \"everything,\n\u003e all the time\". RBAC-gated, audited, hot-editable. Details in\n\u003e [docs/products.md](docs/products.md).\n\nWant the full chaos-engineering demo (Prometheus + Loki + 3 example services + the autonomous agent)? Clone and run:\n\n```bash\nmake demo   # equivalent to: docker compose --profile demo up --build --wait\n```\n\nOr run the **sovereign quickstart** — one command, fully on-prem, zero\nexternal calls: it starts the stack, injects a real incident, and shows\nside by side what an agent gets *without* vs *with* the analysis layer (a\nwall of raw numbers vs a scored verdict that pinpoints the culprit). The\noptional agent reasons over it with a **local** model (Ollama):\n\n```bash\nmake demo-sovereign\n```\n\nSee `make help` for all canonical workflows.\n\n## Why?\n\nEvery observability vendor ships its own MCP server — Prometheus, Grafana, Datadog, Elastic, each siloed. An AI agent triaging an incident across systems must juggle N separate servers and learn each query language (PromQL, LogQL, …). There is no unified abstraction layer.\n\n**observability-mcp** is that layer: one MCP endpoint that normalizes every backend and answers in plain service/metric/log terms, plus an analysis engine that flags anomalies the agent would otherwise have to reconstruct from raw queries itself.\n\n**Who it's for:** SRE / platform teams running Prometheus + Loki who use an AI agent (Claude, local LLMs, …) for incident triage. The gateway's leverage is largest when the agent is *not* a frontier model — a smaller or local model that can't reliably hand-write PromQL/LogQL benefits most from normalized tools and pre-computed analysis. A strong frontier model can query raw backends competently on its own; there the value is consistency and the analysis engine, not query convenience. We state this honestly rather than claiming a universal speedup.\n\n## Features\n\n- **Unified gateway** — Single MCP endpoint for all your observability backends.\n- **Cross-signal analysis** — Correlates metrics and logs automatically. Robust anomaly detection (median/MAD baseline, trend detection for slow ramps, warmup + dwell to suppress flapping) and weighted health scoring.\n- **Web UI** — Sources, services, health monitoring, configuration. Real-time, dark theme.\n- **prom-client defaults** — Works out of the box with the standard Node.js Prometheus instrumentation. Dynamic label resolution probes `job` / `service` / `app` / `service_name` so service filtering Just Works.\n- **Loki label fallback** — Discovers services through `service_name` / `service` / `job` / `app` / `container`, including Docker-shipped streams with leading slashes.\n- **Pluggable connectors** — One interface, any query language (PromQL, LogQL, Flux, KQL...). See [docs/connectors.md](docs/connectors.md).\n- **Auth \u0026 TLS** — Basic, Bearer, custom CA, mTLS. See [docs/auth-and-tls.md](docs/auth-and-tls.md).\n- **Multi-backend** — Multiple instances of the same type, no problem.\n\n## Detection quality\n\nThe anomaly engine is backtested against a labelled synthetic suite covering\nslow ramps (memory-leak-toward-OOM), spikes, step changes, stable noise,\ntransient blips, one-sided recoveries, daily-seasonal patterns, and a\ndeliberately ambiguous low-SNR \"hard\" tier. Scored as a CI gate\n([`backtest.test.ts`](mcp-server/src/analysis/backtest.test.ts)) — these\nnumbers are regenerated from that suite, not hand-written:\n\n| Cases | Precision | Recall | F1 |\n|------:|----------:|-------:|---:|\n| 64 | 100.0% | 87.5% | 93.3% |\n\nPrecision is 100% (no spurious alerts); the recalled misses are by design at\nthe noise floor of the hard tier. The suite is deterministic and a detector\nregression fails CI. Reproduce locally:\n\n```bash\ndocker run --rm -w /app -v \"$(pwd)/mcp-server:/app\" node:20-alpine \\\n  sh -c \"npm i --silent \u0026\u0026 npx tsx --test src/analysis/backtest.test.ts\"\n```\n\n## Screenshots\n\n| Dashboard | Service health | Connector hub |\n|---|---|---|\n| [![Dashboard](docs/screenshots/dashboard.png)](docs/screenshots/dashboard.png) | [![Service health](docs/screenshots/health.png)](docs/screenshots/health.png) | [![Connector hub](docs/screenshots/connectors.png)](docs/screenshots/connectors.png) |\n\n## Architecture\n\n```mermaid\ngraph TB\n    Agent[\"AI Agent\u003cbr/\u003e\u003csmall\u003eClaude, Ollama, etc.\u003c/small\u003e\"]\n\n    subgraph MCP [\"observability-mcp :3000\"]\n        Tools[\"8 MCP Tools\"]\n        Analysis[\"Analysis Engine\u003cbr/\u003e\u003csmall\u003eRobust stats, Health Scoring, Correlation\u003c/small\u003e\"]\n        UI[\"Web UI\"]\n    end\n\n    subgraph Connectors [\"Pluggable Connectors\"]\n        Prom[\"Prometheus\u003cbr/\u003e\u003csmall\u003ePromQL — metrics\u003c/small\u003e\"]\n        Loki[\"Loki\u003cbr/\u003e\u003csmall\u003eLogQL — logs\u003c/small\u003e\"]\n        K8s[\"Kubernetes\u003cbr/\u003e\u003csmall\u003ewatch — topology\u003c/small\u003e\"]\n        Next[\"Your Backend\u003cbr/\u003e\u003csmall\u003eAny query language\u003c/small\u003e\"]\n    end\n\n    Agent \u003c--\u003e|\"MCP\u003cbr/\u003eStreamable HTTP\"| Tools\n    Tools --- Analysis\n    Tools --- UI\n    MCP --\u003e Prom \u0026 Loki \u0026 K8s \u0026 Next\n\n    style MCP fill:#1a1a2e,stroke:#58a6ff,color:#fff\n    style Connectors fill:#0d1117,stroke:#3fb950,color:#fff\n    style Agent fill:#58a6ff,stroke:#58a6ff,color:#000\n    style Next fill:#0d1117,stroke:#3fb950,color:#8b949e,stroke-dasharray: 5 5\n```\n\n## Repo layout\n\n```\nmcp-server/   # the product — server, Web UI, analysis engine, built-in plugins\nhelm/         # ArtifactHub-grade Helm chart\ndocs/         # configuration, auth, plugin architecture, airgapped deployment, ...\nexamples/     # demo material — agent, example services, Prometheus+Loki configs\n```\n\n`mcp-server/` is what you install. Everything under `examples/` is opt-in via `docker compose --profile demo` — it's how the repo demos chaos detection end-to-end, but production deployments don't need any of it.\n\n## Installation\n\n| Method | Command | Best for |\n|--------|---------|----------|\n| **npm** | `npx @thotischner/observability-mcp` | Local dev, Node toolchains, zero install |\n| **Docker (GHCR)** | `docker run -p 3000:3000 ghcr.io/thotischner/observability-mcp:latest` | Production hosts, isolation |\n| **Helm** | `helm repo add observability-mcp https://thotischner.github.io/observability-mcp/`\u003cbr\u003e`helm install observability-mcp observability-mcp/observability-mcp` | Kubernetes |\n| **From source** | `git clone … \u0026\u0026 make demo` | Full POC with example services and chaos |\n| **CLI (`omcp`)** | `npm i -g @thotischner/observability-mcp` | Managing connectors, the demo stack \u0026 Helm from the terminal — see [CLI](#cli-omcp) |\n\nGHCR is multi-arch (amd64 + arm64). Available tags: `latest`, `main`, `X.Y.Z`, `X.Y`, `X`, `sha-\u003ccommit\u003e`. Note: the leading `v` is stripped from semver tags.\n\n### Helm chart\n\nThe chart ships with Deployment, Service, optional Ingress/PVC/HPA, NetworkPolicy, ServiceMonitor (auto-gated on the Prometheus Operator CRD), `helm test` connection probe, and `values.schema.json` validation. ArtifactHub-grade annotations. See [`helm/observability-mcp/`](./helm/observability-mcp/) for the full values reference, or the [airgapped deployment guide](docs/airgapped-deployment.md) for a hardened production example.\n\n```bash\nhelm repo add observability-mcp https://thotischner.github.io/observability-mcp/\nhelm repo update\nhelm install observability-mcp observability-mcp/observability-mcp \\\n  --set sources.prometheusUrl=http://prometheus.monitoring.svc.cluster.local:9090 \\\n  --set sources.lokiUrl=http://loki.logging.svc.cluster.local:3100\n```\n\n```yaml\n# docker-compose snippet\nservices:\n  observability-mcp:\n    image: ghcr.io/thotischner/observability-mcp:latest\n    ports: [\"3000:3000\"]\n    environment:\n      PROMETHEUS_URL: http://prometheus:9090\n      LOKI_URL: http://loki:3100\n    volumes:\n      - ./mcp-config:/home/node/.observability-mcp\n    restart: unless-stopped\n```\n\nFor full configuration — paths, env vars, `${VAR}` substitution, complete `sources.yaml` reference — see [docs/configuration.md](docs/configuration.md).\n\n## Quick Start\n\n### Option A: Standalone (your own backends)\n\n```bash\nnpx @thotischner/observability-mcp\n```\n\nThen open the Web UI at `http://localhost:3000`, click **Sources → + Add Source**, point at your Prometheus/Loki URLs. Or skip the UI:\n\n```bash\nPROMETHEUS_URL=http://localhost:9090 LOKI_URL=http://localhost:3100 \\\n  npx @thotischner/observability-mcp\n```\n\n### Option B: Grafana Cloud\n\nGrafana Cloud uses Basic Auth with your numeric instance ID as username and an API token as password. The instance ID for Prometheus and Loki is different — find both in *Connections → Data sources*.\n\n```yaml\n# ~/.observability-mcp/sources.yaml\nsources:\n  - name: grafana-cloud-prom\n    type: prometheus\n    url: https://prometheus-prod-XX-prod-eu-west-X.grafana.net/api/prom\n    enabled: true\n    auth:\n      type: basic\n      username: \"${GRAFANA_PROM_USER}\"   # numeric instance ID\n      password: \"${GRAFANA_TOKEN}\"\n  - name: grafana-cloud-loki\n    type: loki\n    url: https://logs-prod-XXX.grafana.net\n    enabled: true\n    auth:\n      type: basic\n      username: \"${GRAFANA_LOKI_USER}\"   # different from Prom!\n      password: \"${GRAFANA_TOKEN}\"\n```\n\n```bash\nGRAFANA_PROM_USER=… GRAFANA_LOKI_USER=… GRAFANA_TOKEN=glc_… \\\n  npx @thotischner/observability-mcp\n```\n\n### Option C: Full demo (Docker Compose with example services)\n\n```bash\ngit clone https://github.com/ThoTischner/observability-mcp.git\ncd observability-mcp\ndocker compose --profile demo up --build\n```\n\nBoots a single-node **k3s** cluster, builds the three example services and runs them as Kubernetes Deployments inside k3s, plus Prometheus, Loki, Promtail, the MCP server and the agent on the docker-compose side. Open `http://localhost:3000`.\n\nThe same Deployments that Prometheus scrapes and Loki receives logs from are also what the topology graph shows — so the agent can correlate a metric/log anomaly with its underlying host using `get_blast_radius`. Chaos endpoints stay on `localhost:8080/8081/8082` (mapped to the k3s NodePorts) so existing scripts and demo videos keep working unchanged.\n\nWithout `--profile demo`, only `mcp-server` starts — useful when you already run Prometheus/Loki elsewhere and just want to expose them via MCP.\n\n### Option D: Benchmark mode (OpenTelemetry Demo / Astronomy Shop)\n\nFor producing credible RCA numbers against a real microservice workload (~23 services, native OTel instrumentation):\n\n```bash\nmake benchmark-up         # clones upstream Astronomy Shop, brings up both stacks\nmake benchmark-run        # runs the harness baseline vs topology, writes JSON\nmake benchmark-down       # tears down\n```\n\n`make benchmark-up` adds Tempo + an OTel collector bridge under our `--profile benchmark` and orchestrates the upstream stack in a separate compose project, joining their network to ours so Astronomy Shop services push traces into our Tempo. See [docs/benchmark-astronomy-shop.md](docs/benchmark-astronomy-shop.md) and [examples/benchmark/README.md](examples/benchmark/README.md). First-time pull is ~4 GB.\n\n## MCP Tools\n\n| Tool | Signal | Purpose |\n|------|--------|---------|\n| `list_sources` | meta | Discover configured backends and connection status |\n| `list_services` | meta | Discover monitored services across all backends |\n| `query_metrics` | metrics | Query metrics with pre-computed summary stats |\n| `query_logs` | logs | Query logs with error/warning counts and top patterns |\n| `get_service_health` | unified | Health score combining metrics + logs (0–100) |\n| `detect_anomalies` | unified | Cross-signal anomaly detection with robust (median/MAD + trend) analysis |\n| `get_topology` | topology | Return the merged infrastructure graph (resources + edges) from every topology-capable connector, filterable by source/kind/scope |\n| `get_blast_radius` | topology | Pivot on the universal `RUNS_ON` relation — \"if this resource's host fails, who else fails?\". Works for pod→node, vm→hypervisor, container→host |\n\nThe two topology tools require a topology-capable connector. The bundled [Kubernetes connector](docs/kubernetes.md) is the first; future connectors (vCenter, NetBox, …) plug in via the same `isTopologyProvider` interface and emit `kind`/`relation` values from the canonical [topology vocabulary](docs/topology-vocabulary.md).\n\n## Using with Claude Code\n\nConnect Claude Code directly — no agent needed.\n\n**CLI:**\n\n```bash\nclaude mcp add observability --transport http http://localhost:3000/mcp\n```\n\n**Or `.mcp.json` in your project root** (commit-friendly):\n\n```json\n{\n  \"mcpServers\": {\n    \"observability\": {\n      \"transport\": { \"type\": \"http\", \"url\": \"http://localhost:3000/mcp\" }\n    }\n  }\n}\n```\n\nThen ask Claude in natural language. For example, after triggering chaos in the demo (`curl -X POST http://localhost:8081/chaos/error-spike`):\n\n\u003e *\"Are there any anomalies right now?\"*\n\nClaude calls `detect_anomalies` and finds:\n\n```json\n{\n  \"anomalies\": [\n    { \"metric\": \"cpu\", \"severity\": \"high\", \"service\": \"payment-service\",\n      \"description\": \"cpu is 3.4σ above baseline (18.36 → 37.31)\" },\n    { \"metric\": \"request_rate\", \"severity\": \"low\", \"service\": \"payment-service\",\n      \"description\": \"request_rate is -1.8σ below baseline (0.08 → 0.04)\" }\n  ]\n}\n```\n\n\u003e *\"Show me the error logs for payment-service.\"*\n\nClaude calls `query_logs`:\n\n```json\n{\n  \"summary\": {\n    \"total\": 11, \"errorCount\": 11,\n    \"topPatterns\": [\n      \"Request failed: internal error during POST /payments (6x)\",\n      \"Request failed: internal error during POST /refunds (4x)\"\n    ]\n  }\n}\n```\n\nClaude correlates the signals — CPU spike, error logs flooding, request rate halved — and explains the incident in plain language. No PromQL, no LogQL.\n\n## Demo: Chaos Engineering\n\nThree example microservices generate traffic and support chaos injection:\n\n```bash\ncurl -X POST http://localhost:8081/chaos/high-cpu        # CPU spike\ncurl -X POST http://localhost:8081/chaos/error-spike     # CPU + latency + errors\ncurl -X POST http://localhost:8081/chaos/slow-responses  # Latency\ncurl -X POST http://localhost:8081/chaos/memory-leak     # OOM logs\ncurl -X POST http://localhost:8081/chaos/reset\n```\n\nThe agent ([docs/agent.md](docs/agent.md)) detects anomalies within 30 seconds and produces an LLM incident analysis if Ollama is running.\n\n## CLI (`omcp`)\n\nA control CLI ships in the same npm package (`omcp` bin) — manage connectors, the demo stack, and Helm installs.\n\nInstall it (or run ad-hoc without installing):\n\n```bash\nnpm i -g @thotischner/observability-mcp   # puts `omcp` on your PATH\nomcp --help\n\n# or, no install:\nnpx -p @thotischner/observability-mcp omcp doctor\n```\n\nThen:\n\n```bash\nomcp doctor                       # check docker / compose / helm / node\nomcp demo up                      # full demo stack (auto-picks free host ports)\nomcp plugin list                  # browse the connector hub catalog\nomcp plugin install tempo@1.2.0 --trust-root key.pem    # download + verify + extract\nomcp plugin verify ./plugins/tempo --trust-root key.pem # offline audit\nomcp helm upgrade obs -- -n monitoring --set sources.prometheusUrl=http://prom:9090\n```\n\nPlugin install/verify reuse the server's fail-closed signature + integrity\nchecks (offline-capable; `--offline-dir` for airgapped). Extra `helm`\nflags pass through after a literal `--`.\n\n## Docs\n\n- [Configuration](docs/configuration.md) — paths, env vars, `${VAR}` substitution, full `sources.yaml` reference\n- [Authentication \u0026 TLS](docs/auth-and-tls.md) — Basic, Bearer, custom CA, mTLS\n- [Management-plane auth (basic mode)](docs/auth-basic.md) — optional login screen + signed session cookies for the Web UI / `/api/*` plane\n- [Log redaction](docs/redaction.md) — PII / secret patterns automatically masked in `query_logs` output before it reaches the agent; opt-out via `OMCP_REDACTION=off`\n- [Access control overview + runbook](docs/access-control.md) — RBAC roles, audit chain, per-identity rate limits, service catalog enrichment, and an investigation runbook for the most common \"who / why\" questions\n- [Prometheus](docs/prometheus.md) — defaults, label resolution, `resolvedSeries`, prom-client compatibility\n- [Loki](docs/loki.md) — label fallback, Docker container slash, managed Loki\n- [Connectors](docs/connectors.md) — write your own backend\n- [Agent](docs/agent.md) — Ollama setup, loop behavior\n- [Troubleshooting](docs/troubleshooting.md) — common pitfalls and fixes\n- [Security](docs/security.md) — automation pipeline, vulnerability reporting, built-in protections\n- [Airgapped deployment](docs/airgapped-deployment.md) — mirroring images, private plugins, GitOps-friendly config\n- [Topology vocabulary](docs/topology-vocabulary.md) — the canonical `kind` / `relation` contract every topology-capable connector emits, plus the warn-only validator\n- [RCA benchmark](docs/benchmark-astronomy-shop.md) — reproducible A/B harness; on a cross-namespace blast-radius question (llama3.1:8b, n=10) the baseline tool set scores 0/10 and hallucinates the wrong entity type, the same model with topology tools scores 10/10 deterministically — see the three-scenarios table for the full honest picture\n- [How this compares to adjacent tools](docs/comparison.md) — source-cited table vs. Datadog Bits AI, HolmesGPT, Robusta — what each is best at and where this fits\n- [Governance access-control gate](docs/enterprise-gate.md) — optional RBAC / catalog / audit behind a signed entitlement token (off by default)\n- [Connector Hub](https://thotischner.github.io/observability-mcp/hub/) — browse versioned, signed connectors (catalog: [`hub/`](hub/README.md))\n- [Use cases](USECASES.md) — five scenarios with the prompts that drive them\n\n## Endpoints\n\n| Service | URL |\n|---------|-----|\n| MCP Server (Streamable HTTP) | http://localhost:3000/mcp |\n| Web UI | http://localhost:3000 |\n| Health API | http://localhost:3000/api/health |\n\nIn the docker-compose demo: Prometheus on `:9090`, Loki on `:3100`. The three example services run as Kubernetes Deployments inside the in-compose k3s and are reachable on the host via the NodePort mapping `:8080–:8082` — same URLs as before the k8s migration, so existing chaos commands keep working.\n\n**Transports:** Streamable HTTP by default (`/mcp`). For stdio-based clients/catalogs (Claude Desktop, Glama's `mcp-proxy`, etc.) run with `--stdio` (or `MCP_TRANSPORT=stdio`) — one MCP server over stdin/stdout, all logs on stderr so the protocol stream stays clean.\n\n## Tech Stack\n\nTypeScript + Node 20, `@modelcontextprotocol/sdk` (Streamable HTTP), Express, Zod, js-yaml, prom-client (example services), Prometheus, Loki, Promtail, Docker Compose, optional Ollama.\n\n## Requirements\n\n- **Standalone:** Node 20+ (or just `npx`)\n- **Docker demo:** Docker + Compose, 4 GB+ RAM (8 GB+ with Ollama)\n- **Optional:** Ollama on the host for the agent's LLM analysis\n\n## Contributing\n\n1. Fork the repo and `docker-compose up --build`.\n2. Pick an issue or open one to discuss your idea.\n3. Submit a PR — all code runs in Docker, no local deps.\n\nIdeas: new connectors (InfluxDB, Elasticsearch, Datadog), additional analysis algorithms, UI improvements.\n\n## License\n\n[Apache License 2.0](LICENSE) — see also [NOTICE](NOTICE).\n\nReleases up to and including the last MIT-licensed version remain available\nunder MIT; subsequent releases are Apache-2.0. Contributions require a\n[Contributor License Agreement](CLA.md).\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\nIf you find this useful, consider giving it a star — it helps others discover the project.\n\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthotischner%2Fobservability-mcp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthotischner%2Fobservability-mcp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthotischner%2Fobservability-mcp/lists"}