Buildkite MCP

Live

OAUTH 2.0

DEVELOPER TOOLS

Developer Tools

Let your agent trigger builds, inspect pipelines, and read job logs on Buildkite as the developer who owns the access.

  • Acts as the developer. Every build triggered and pipeline change is attributed to the real user, not a shared CI bot.
  • Tokens stay vaulted. Buildkite OAuth credentials sit in an AES-256 vault, resolved per request, never in the prompt.
  • Scoped before every call. Organization and pipeline scopes enforced ahead of each API call, with a 90-day audit trail.
Buildkite MCP
agent · Acme Q3
Run
Did the last build on the api pipeline pass, and why did it fail if not?
S
buildkite_builds_list
88ms
Buildkite agent
The last build on api failed at the test step. The rspec job exited 1 with 2 failing specs in payments_spec.rb. Earlier steps passed.
Sources: build #4821, api pipeline, main branch
buildkitemcp
1 build, 6 jobs
18:29
Message Claude...

Tools your delivery agent reaches for on Buildkite, scoped per user.

CALL ANY TOOL
List and inspect pipelines and builds, read job logs, trigger new builds, and pull artifacts, each call scoped to the authenticated developer's organization access.
buildkite_pipelines_list
List pipelines
Return the pipelines in an organization the authenticated user can access.
Parameters
Name
Type
Required
Description
organization_slug
string
Required
Organization to list pipelines from
page
integer
Optional
Page number for pagination
buildkite_pipeline_get
Get pipeline
buildkite_builds_list
List builds
buildkite_build_create
Trigger build
buildkite_job_log_get
Get job log
buildkite_artifacts_list
List artifacts
buildkite_agents_list
List agents
Build your Agent
The same per-user auth pattern wires into every agent framework.
Python · LlamaIndex
import { ScalekitClient } from "@scalekit-sdk/node";
import { ChatOpenAI } from "@langchain/openai";
import { createReactAgent } from "@langchain/langgraph/prebuilt";

const sk = new ScalekitClient(process.env.SCALEKIT_ENV_URL, process.env.SCALEKIT_CLIENT_ID, process.env.SCALEKIT_CLIENT_SECRET);

const { tools } = await sk.tools.listScopedTools("user_123", {
filter: { connectionNames: ["buildkitemcp"], toolNames: ["buildkite_pipelines_list", "buildkite_builds_list", "buildkite_build_create"] },
pageSize: 100,
});

const agent = createReactAgent({ llm: new ChatOpenAI({ model: "gpt-4o" }), tools });
await agent.invoke({ messages: [{ role: "user", content: "Trigger a build on the api pipeline" }] });
import OpenAI from "openai";
import { ScalekitClient } from "@scalekit-sdk/node";

const openai = new OpenAI();
const sk = new ScalekitClient(process.env.SCALEKIT_ENV_URL, process.env.SCALEKIT_CLIENT_ID, process.env.SCALEKIT_CLIENT_SECRET);

const { tools } = await sk.tools.listScopedTools("user_123", {
filter: { connectionNames: ["buildkitemcp"], toolNames: ["buildkite_pipelines_list", "buildkite_builds_list", "buildkite_build_create"] },
pageSize: 100,
});

const res = await openai.responses.create({
model: "gpt-4o",
input: "List recent failed builds on the api pipeline",
tools,
});
import Anthropic from "@anthropic-ai/sdk";
import { ScalekitClient } from "@scalekit-sdk/node";

const anthropic = new Anthropic();
const sk = new ScalekitClient(process.env.SCALEKIT_ENV_URL, process.env.SCALEKIT_CLIENT_ID, process.env.SCALEKIT_CLIENT_SECRET);

const { tools } = await sk.tools.listScopedTools("user_123", {
filter: { connectionNames: ["buildkitemcp"], toolNames: ["buildkite_pipelines_list", "buildkite_builds_list", "buildkite_build_create"] },
pageSize: 100,
});

const msg = await anthropic.messages.create({
model: "claude-sonnet-4-6",
max_tokens: 1024,
tools,
messages: [{ role: "user", content: "Why did the last api build fail?" }],
});
import { LlmAgent } from "@google/adk/agents";
import { ScalekitClient } from "@scalekit-sdk/node";

const sk = new ScalekitClient(process.env.SCALEKIT_ENV_URL, process.env.SCALEKIT_CLIENT_ID, process.env.SCALEKIT_CLIENT_SECRET);

const { tools } = await sk.tools.listScopedTools("user_123", {
filter: { connectionNames: ["buildkitemcp"], toolNames: ["buildkite_pipelines_list", "buildkite_builds_list", "buildkite_build_create"] },
pageSize: 100,
});

const agent = new LlmAgent({ name: "buildkite_agent", model: "gemini-2.0-flash", tools });
await agent.run("List pipelines I can access");
Try these prompts
Paste any prompt into your agent to start working Buildkite pipelines.
Trigger & rerun
Copy the prompt
Copied
Trigger a build on the api pipeline for the main branch.
Copy the prompt
Copied
Rerun the last failed build on the web pipeline.
Copy the prompt
Copied
Start a build on frontend for commit a1b2c3d.
Investigate
Copy the prompt
Copied
Why did the last build on the api pipeline fail?
Copy the prompt
Copied
Show me the job log for the failing rspec step.
Copy the prompt
Copied
List the failed builds on main this week.
Report & recall
Copy the prompt
Copied
List all pipelines I have access to.
Copy the prompt
Copied
Which agents are currently connected and idle?
Copy the prompt
Copied
List the artifacts from the latest release build.
SEE HOW AUTH WORKS
The developer authorises Buildkite once. Every later agent call uses their token with organization scope enforced.
1
Authorize
Your user connects
Buildkite MCP
once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access
Who:
user ‘A’
when:
Once per user
access:
Limited to user
2
Store
Their
Buildkite MCP
token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection
vault:
encrypted
scope:
per-user
tokens:
auto-refreshed
3
Resolve
When your agent calls a
Buildkite MCP
tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs
speed:
~40ms
check:
before every call
seen by:
nobody
4
Audit
Every
Buildkite MCP
tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it
history:
90 days
export:
SIEM-ready
logged:
every call
Test other agents
See the same per-user auth pattern across other developer tools connectors.
ENGINEERING
DevOps assistant agent
Triage GitHub incidents, open Linear tickets, and notify the on-call channel in Slack with context already attached.
ENGINEERING
Auto-release notes agent
Group merged GitHub PRs by feature, fix, or chore and publish release notes per tag. No manual changelog grooming.
Why Scalekit
Secure your agent's access. Connectors ship in minutes
Other connector libraries treat auth as a demo afterthought. Triggering builds needs real per-user attribution.
01.
Shared tokens break per-user analytics
A shared Buildkite token looks fine in a demo. In production every triggered build logs as one service account, so you lose track of who shipped what. Scalekit resolves the real developer's credential per call.
// shared token
build → ci_bot

// scalekit
build → user_abc ✓
02.
Authentication is not authorization
03.
Multi-tenancy is architectural
04.
Buildkite today. Others tomorrow.
“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”
Venu Madhav Kattagoni
Head of Engineering / Von
FAQs
Frequently Asked Questions
Does the agent access Buildkite as the user or as a shared key?
As the user. Scalekit resolves the authenticated developer's own Buildkite credential at request time, so every build triggered, log read, and pipeline change is attributed to them in Buildkite's audit log rather than a shared CI bot.
Where is the Buildkite token stored?
In an AES-256 encrypted vault, namespaced per tenant. Tokens are fetched only at the moment of a tool call, refreshed automatically before expiry, and revocable from a single dashboard, never exposed to the model or the prompt.
Can I limit what the agent is allowed to do in Buildkite?
Yes. Pass a toolNames filter to listScopedTools to expose only the actions you want, for example read-only pipeline and build listing without triggering new builds. Scalekit also runs a scope check before each API call.
What happens when a user revokes Buildkite access?
The credential is invalidated at the next tool call, which fails closed rather than falling back to a shared token. Other users are unaffected, and the revocation is recorded in the audit trail.
Can the agent trigger builds, or only read pipeline status?
That is your choice. Expose only buildkite_pipelines_list and buildkite_builds_list for a read-only status agent, or add buildkite_build_create to let it trigger builds. The write scope is enforced per user, so a developer can only build pipelines they already have access to.
Start in your coding agent
Up and running in one command
Install the Scalekit skill in your editor of choice. Connector, auth, tools, prompt, all wired up
Claude Code REPL
/plugin marketplace add scalekit-inc/claude-code-authstack
/plugin install agentkit@scalekit-auth-stack
Cursor Code REPL
# ~/.cursor/mcp.json
{
""mcpServers"": {
""buildkitemcp"": {
""url"": ""https://mcp.scalekit.com/buildkitemcp"",
""headers"": { ""Authorization"": ""Bearer $SCALEKIT_TOKEN"" }
}
}
}
Codex Code REPL
# ~/.codex/config.toml
[mcp_servers.buildkitemcp]
url = ""https://mcp.scalekit.com/buildkitemcp""
auth_env = ""SCALEKIT_TOKEN""
Copilot Code REPL
# .vscode/mcp.json
{
""servers"": {
""buildkitemcp"": {
""url"": ""https://mcp.scalekit.com/buildkitemcp"",
""type"": ""http""
}
}
}