AppSignal MCP

Live

API KEY

ERROR MONITORING

Monitoring

AppSignal MCP gives agents API key access to error monitoring: query incidents, read traces and logs, and manage alert triggers across your applications.

  • Per-user credentials: each call uses the actual user's token, never a shared bot.
  • Encrypted per-tenant vault: AES-256, resolved at request time, never in LLM context.
  • Scoped before every call: pre-call scope check, 90-day SIEM-exportable audit chain.
AppSignal MCP
agent · Acme Q3
Run
Any new exceptions in checkout since the last deploy?
S
appsignalmcp_get_exception_incidents
88ms
AppSignal agent
3 new exceptions since deploy a1f2c9. NoMethodError in CheckoutController spiked to 142 occurrences, first seen 09:14 UTC. The other 2 are single-digit.
Sources: 3 incidents, namespace web
appsignalmcp
3 incidents
18:29
Message Claude...

Tools your on-call agent reaches for on AppSignal, scoped per user.

CALL ANY TOOL
Error monitoring end to end: list exception and anomaly incidents, read logs and traces, and manage the triggers that page your team.
appsignalmcp_get_exception_incidents
List exception incidents
List and search exception incidents with optional date range, state, namespace, and deploy revision filters.
Parameters
Name
Type
Required
Description
app_environment
string
Required
The environment of the AppSignal application (e.g. production, staging).
app_name
string
Required
The name of the AppSignal application.
context
object
Required
AppSignal context object (app name, environment, org token)
deploy_revision
string
Optional
Filter incidents introduced in a specific deploy revision.
end
string
Optional
ISO 8601 end date/time for filtering incidents by occurrence time.
limit
integer
Optional
Maximum number of incidents to return.
namespace
string
Optional
Filter incidents by namespace (e.g. web, background).
start
string
Optional
ISO 8601 start date/time for filtering incidents by occurrence time.
state
string
Optional
Filter incidents by state (e.g. open, closed, wontfix).
appsignalmcp_get_incident
Get incident details
appsignalmcp_get_anomaly_incidents
List anomaly alerts
appsignalmcp_get_traces
Query traces
appsignalmcp_get_log_lines
Query logs
appsignalmcp_get_metrics_timeseries
Get metric timeseries
appsignalmcp_manage_trigger
Manage triggers
appsignalmcp_update_incidents
Update incidents
Build your Agent
Same auth pattern across LangChain, OpenAI, Anthropic, and Google ADK.
Python · LlamaIndex
import { ScalekitClient } from "@scalekit-sdk/node";
import { createReactAgent } from "@langchain/langgraph/prebuilt";

const sk = new ScalekitClient(env.SCALEKIT_ENV_URL, env.SCALEKIT_CLIENT_ID, env.SCALEKIT_CLIENT_SECRET);

// AppSignal tools scoped to this user
const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["appsignalmcp"], toolNames: [
    "appsignalmcp_get_exception_incidents",
    "appsignalmcp_get_incident",
    "appsignalmcp_get_traces"] },
  pageSize: 100,
});

const agent = createReactAgent({ llm, tools });
await agent.invoke({ messages: [{ role: "user", content: "Any new exceptions since the last deploy?" }] });
import OpenAI from "openai";
import { ScalekitClient } from "@scalekit-sdk/node";

const sk = new ScalekitClient(env.SCALEKIT_ENV_URL, env.SCALEKIT_CLIENT_ID, env.SCALEKIT_CLIENT_SECRET);
const openai = new OpenAI();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["appsignalmcp"] }, pageSize: 100,
});

const res = await openai.chat.completions.create({
  model: "gpt-5",
  messages: [{ role: "user", content: "Which endpoints slowed down after yesterday's deploy?" }],
  tools,
});

// Execute the tool call with the user's vaulted AppSignal credential
await sk.tools.executeTool(res.choices[0].message.tool_calls[0], "user_123");
import Anthropic from "@anthropic-ai/sdk";
import { ScalekitClient } from "@scalekit-sdk/node";

const sk = new ScalekitClient(env.SCALEKIT_ENV_URL, env.SCALEKIT_CLIENT_ID, env.SCALEKIT_CLIENT_SECRET);
const anthropic = new Anthropic();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["appsignalmcp"] }, pageSize: 100,
});

const msg = await anthropic.messages.create({
  model: "claude-sonnet-5",
  max_tokens: 1024,
  messages: [{ role: "user", content: "Summarize open anomaly alerts for the web namespace." }],
  tools,
});

// Tool call runs with the user's vaulted AppSignal credential
await sk.tools.executeTool(msg.content, "user_123");
import { Agent } from "@google/adk/agents";
import { ScalekitClient } from "@scalekit-sdk/node";

const sk = new ScalekitClient(env.SCALEKIT_ENV_URL, env.SCALEKIT_CLIENT_ID, env.SCALEKIT_CLIENT_SECRET);

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["appsignalmcp"] }, pageSize: 100,
});

const agent = new Agent({
  name: "appsignal_oncall_agent",
  model: "gemini-2.5-pro",
  instruction: "Triage AppSignal incidents for the signed-in user.",
  tools,
});

await agent.run("Assign the checkout exception spike to the payments team.");
Try these prompts
Copy any prompt into your agent. Each maps directly to an AppSignal tool. Click to copy, paste into your agent, done.
Triage errors
Copy the prompt
Copied
List open exception incidents from the last 24 hours.
Copy the prompt
Copied
Show details for incident 482 and its recent occurrences.
Copy the prompt
Copied
Which exceptions started after deploy revision a1f2c9?
Performance and logs
Copy the prompt
Copied
Trace the slowest checkout requests from this morning.
Copy the prompt
Copied
Query error-level log lines mentioning timeout in the web app.
Copy the prompt
Copied
Plot the response time timeseries for the API namespace this week.
Alerts and cleanup
Copy the prompt
Copied
Create a trigger that alerts when queue latency passes 5 seconds.
Copy the prompt
Copied
List anomaly alerts that are still open and unassigned.
Copy the prompt
Copied
Close all resolved incidents and assign the rest to on-call.
SEE HOW AUTH WORKS
Your users connect once. Their AppSignal credentials stay vaulted, every call is scope-checked, and every action is logged.
1
Authorize
Your user connects
AppSignal MCP
once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access
Who:
user ‘A’
when:
Once per user
access:
Limited to user
2
Store
Their
AppSignal MCP
token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection
vault:
encrypted
scope:
per-user
tokens:
auto-refreshed
3
Resolve
When your agent calls a
AppSignal MCP
tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs
speed:
~40ms
check:
before every call
seen by:
nobody
4
Audit
Every
AppSignal MCP
tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it
history:
90 days
export:
SIEM-ready
logged:
every call
Test other agents
See the same per-user auth pattern across other monitoring connectors.
ENGINEERING
DevOps assistant agent
Triage GitHub incidents, open Linear tickets, and notify the on-call channel in Slack with context already attached.
ENGINEERING
Engineering standup agent
Aggregate GitHub and GitLab activity, link to Jira, and post a daily standup digest to Slack. No async updates.
Why Scalekit
Secure your agent's access. Connectors ship in minutes
Other connector libraries treat auth as a demo afterthought. Scalekit starts with identity, scope enforcement, and audit. Connectors follow.
01.
Shared tokens break per-user analytics
A shared AppSignal key looks fine in a demo. In production every incident closed and trigger changed looks like one service account, and you cannot tell who silenced an alert before an outage. Scalekit resolves the credential of the actual user who triggered the agent, never a shared bot.
// shared key
audit → bot_service_account

// scalekit
audit → user_abc ✓
02.
Authentication is not authorization
03.
Multi-tenancy is architectural
04.
AppSignal today. Ten connectors tomorrow.
“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”
Venu Madhav Kattagoni
Head of Engineering / Von
FAQs
Frequently Asked Questions
Does the agent access AppSignal as the user or through a shared key?
As the user. Scalekit resolves the credential of the person who triggered the agent at request time, so every incident update and trigger change in your audit trail is attributed to a real user, not a shared service account.
Where is the AppSignal API key stored?
In an AES-256 encrypted vault with per-tenant namespacing. Keys are resolved at request time, never enter LLM context, and can be rotated or revoked from one dashboard.
Can I limit what the agent does in AppSignal?
Yes. Filter by tool name in listScopedTools to expose only what you want, for example read-only incident and trace queries without update_incidents or manage_trigger. Scalekit also enforces scope checks before every API call.
What happens when a user revokes access?
The credential is invalidated at the next tool call. The call fails closed, other users' connections are unaffected, and the revocation is logged in the audit chain.
Can the agent close incidents or change alert triggers on its own?
Only if you expose those tools. update_incidents, manage_trigger, and archive_trigger are separate tool names, so you can keep agents read-only or gate writes to specific users. Every state change is scope-checked first and logged with the user who triggered it.
Start in your coding agent
Up and running in one command
Install the Scalekit skill in your editor of choice. Connector, auth, tools, prompt, all wired up
Claude Code REPL
/plugin marketplace add scalekit-inc/claude-code-authstack
/plugin install agentkit@scalekit-auth-stack
Cursor Code REPL
# ~/.cursor/mcp.json
{
""mcpServers"": {
""appsignalmcp"": {
""url"": ""https://mcp.scalekit.com/appsignalmcp"",
""headers"": { ""Authorization"": ""Bearer $SCALEKIT_TOKEN"" }
}
}
}
Codex Code REPL
# ~/.codex/config.toml
[mcp_servers.appsignalmcp]
url = ""https://mcp.scalekit.com/appsignalmcp""
auth_env = ""SCALEKIT_TOKEN""
Copilot Code REPL
# .vscode/mcp.json
{
""servers"": {
""appsignalmcp"": {
""url"": ""https://mcp.scalekit.com/appsignalmcp"",
""type"": ""http""
}
}
}