Axiom MCP

Live

API KEY

OBSERVABILITY

Monitoring

Axiom MCP gives agents authenticated access to your observability data: query logs and traces with APL, check firing monitors, and manage dashboards and alerts.

  • Per-user credentials: each call uses the actual user's token, never a shared bot.
  • Encrypted per-tenant vault: AES-256, resolved at request time, never in LLM context.
  • Scoped before every call: pre-call scope check, 90-day SIEM-exportable audit chain.
Axiom MCP
agent · Acme Q3
Run
Are any monitors firing, and what does the API error rate look like?
S
axiommcp_check_monitors
84ms
Axiom agent
2 of 18 monitors firing: api-5xx-rate and checkout-latency. API error rate 2.4% over the last hour, up from a 0.3% baseline.
Sources: 18 monitors, dataset api-logs
axiommcp
18 monitors
18:29
Message Claude...

Tools your on-call agent reaches for on Axiom, scoped per user.

CALL ANY TOOL
Observability end to end: explore datasets, query events and metrics, check firing monitors, and wire new alerts and dashboards.
axiommcp_list_datasets
List datasets
List every available dataset with its kind, which determines whether to query with APL or the metrics tools.
Parameters
Name
Type
Required
Description
No parameters required
axiommcp_get_dataset_fields
Get dataset fields
axiommcp_query_dataset
Query with APL
axiommcp_query_metrics
Query metrics
axiommcp_check_monitors
Check monitors
axiommcp_get_monitor_history
Get monitor history
axiommcp_create_monitor
Create monitor
axiommcp_create_dashboard
Create dashboard
Build your Agent
Same auth pattern across LangChain, OpenAI, Anthropic, and Google ADK.
Python · LlamaIndex
import { ScalekitClient } from "@scalekit-sdk/node";
import { createReactAgent } from "@langchain/langgraph/prebuilt";

const sk = new ScalekitClient(env.SCALEKIT_ENV_URL, env.SCALEKIT_CLIENT_ID, env.SCALEKIT_CLIENT_SECRET);

// Axiom tools scoped to this user
const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["axiommcp"], toolNames: [
    "axiommcp_query_dataset",
    "axiommcp_check_monitors",
    "axiommcp_list_datasets"] },
  pageSize: 100,
});

const agent = createReactAgent({ llm, tools });
await agent.invoke({ messages: [{ role: "user", content: "Which monitors are firing right now?" }] });
import OpenAI from "openai";
import { ScalekitClient } from "@scalekit-sdk/node";

const sk = new ScalekitClient(env.SCALEKIT_ENV_URL, env.SCALEKIT_CLIENT_ID, env.SCALEKIT_CLIENT_SECRET);
const openai = new OpenAI();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["axiommcp"] }, pageSize: 100,
});

const res = await openai.chat.completions.create({
  model: "gpt-5",
  messages: [{ role: "user", content: "Query api-logs for 5xx errors in the last hour." }],
  tools,
});

// Execute the tool call with the user's vaulted Axiom credential
await sk.tools.executeTool(res.choices[0].message.tool_calls[0], "user_123");
import Anthropic from "@anthropic-ai/sdk";
import { ScalekitClient } from "@scalekit-sdk/node";

const sk = new ScalekitClient(env.SCALEKIT_ENV_URL, env.SCALEKIT_CLIENT_ID, env.SCALEKIT_CLIENT_SECRET);
const anthropic = new Anthropic();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["axiommcp"] }, pageSize: 100,
});

const msg = await anthropic.messages.create({
  model: "claude-sonnet-5",
  max_tokens: 1024,
  messages: [{ role: "user", content: "Show the alert history for the checkout-latency monitor." }],
  tools,
});

// Tool call runs with the user's vaulted Axiom credential
await sk.tools.executeTool(msg.content, "user_123");
import { Agent } from "@google/adk/agents";
import { ScalekitClient } from "@scalekit-sdk/node";

const sk = new ScalekitClient(env.SCALEKIT_ENV_URL, env.SCALEKIT_CLIENT_ID, env.SCALEKIT_CLIENT_SECRET);

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["axiommcp"] }, pageSize: 100,
});

const agent = new Agent({
  name: "axiom_oncall_agent",
  model: "gemini-2.5-pro",
  instruction: "Investigate Axiom logs and monitors for the signed-in user.",
  tools,
});

await agent.run("Create a monitor for error rate above 2% over 5 minutes.");
Try these prompts
Copy any prompt into your agent. Each maps directly to an Axiom tool. Click to copy, paste into your agent, done.
Investigate incidents
Copy the prompt
Copied
Which monitors are firing right now?
Copy the prompt
Copied
Query the api-logs dataset for 5xx errors in the last hour, grouped by route.
Copy the prompt
Copied
Show the alert history for the checkout-latency monitor.
Explore your data
Copy the prompt
Copied
List all datasets and tell me which are events, traces, or metrics.
Copy the prompt
Copied
What fields does the frontend-traces dataset have?
Copy the prompt
Copied
Search for metrics matching http_server and list their tag keys.
Automate monitoring
Copy the prompt
Copied
Create a monitor that fires when the error rate exceeds 2% over 5 minutes.
Copy the prompt
Copied
Add a Slack notifier for the on-call channel and attach it to the api-5xx monitor.
Copy the prompt
Copied
Build a dashboard tracking p95 latency by service.
SEE HOW AUTH WORKS
Your users connect once. Their Axiom credentials stay vaulted, every call is scope-checked, and every action is logged.
1
Authorize
Your user connects
Axiom MCP
once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access
Who:
user ‘A’
when:
Once per user
access:
Limited to user
2
Store
Their
Axiom MCP
token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection
vault:
encrypted
scope:
per-user
tokens:
auto-refreshed
3
Resolve
When your agent calls a
Axiom MCP
tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs
speed:
~40ms
check:
before every call
seen by:
nobody
4
Audit
Every
Axiom MCP
tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it
history:
90 days
export:
SIEM-ready
logged:
every call
Test other agents
See the same per-user auth pattern across other monitoring connectors.
ENGINEERING
DevOps assistant agent
Triage GitHub incidents, open Linear tickets, and notify the on-call channel in Slack with context already attached.
ENGINEERING
Engineering standup agent
Aggregate GitHub and GitLab activity, link to Jira, and post a daily standup digest to Slack. No async updates.
Why Scalekit
Secure your agent's access. Connectors ship in minutes
Other connector libraries treat auth as a demo afterthought. Scalekit starts with identity, scope enforcement, and audit. Connectors follow.
01.
Shared tokens break per-user analytics
A shared Axiom API token looks fine in a demo. In production every query, monitor edit, and dashboard delete traces back to one service account, and you cannot tell who changed the alerting. Scalekit resolves the credential of the actual user who triggered the agent, never a shared bot.
// shared token
audit → bot_service_account

// scalekit
audit → user_abc ✓
02.
Authentication is not authorization
03.
Multi-tenancy is architectural
04.
Axiom today. Ten connectors tomorrow.
“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”
Venu Madhav Kattagoni
Head of Engineering / Von
FAQs
Frequently Asked Questions
Does the agent access Axiom as the user or through a shared key?
As the user. Scalekit resolves the credential of the person who triggered the agent at request time, so every APL query, monitor change, and dashboard edit in your audit trail is attributed to a real user, not a shared service account.
Where is the Axiom API key stored?
In an AES-256 encrypted vault with per-tenant namespacing. Keys are resolved at request time, never enter LLM context, and can be rotated or revoked from one dashboard.
Can I limit what the agent does in Axiom?
Yes. Filter by tool name in listScopedTools to expose only what you want, for example query and check_monitors without the create, update, or delete tools. Scalekit also enforces scope checks before every API call.
What happens when a user revokes access?
The credential is invalidated at the next tool call. The call fails closed, other users' connections are unaffected, and the revocation is logged in the audit chain.
Axiom uses API keys, not OAuth. How is that per-user?
Each user connects their own Axiom API token once, and Scalekit vaults it in that tenant's namespace. Query and monitor calls resolve that user's key at request time, so read-only analysts and admins who can run create_monitor or delete_dashboard stay separated by the keys they brought.
Start in your coding agent
Up and running in one command
Install the Scalekit skill in your editor of choice. Connector, auth, tools, prompt, all wired up
Claude Code REPL
/plugin marketplace add scalekit-inc/claude-code-authstack
/plugin install agentkit@scalekit-auth-stack
Cursor Code REPL
# ~/.cursor/mcp.json
{
""mcpServers"": {
""axiommcp"": {
""url"": ""https://mcp.scalekit.com/axiommcp"",
""headers"": { ""Authorization"": ""Bearer $SCALEKIT_TOKEN"" }
}
}
}
Codex Code REPL
# ~/.codex/config.toml
[mcp_servers.axiommcp]
url = ""https://mcp.scalekit.com/axiommcp""
auth_env = ""SCALEKIT_TOKEN""
Copilot Code REPL
# .vscode/mcp.json
{
""servers"": {
""axiommcp"": {
""url"": ""https://mcp.scalekit.com/axiommcp"",
""type"": ""http""
}
}
}