Pulls live status from Atlassian Statuspage endpoints for 26 built-in vendors (GitHub, Cloudflare, Slack, MongoDB Atlas, etc.) and lets you check custom URLs. You get current health indicators, active incidents with full timelines, and scheduled maintenance windows. The cert inspector runs real TLS handshakes to report expiry, chain depth, and cipher strength without calling external APIs. DNS propagation hits Google, Cloudflare, and Quad9 resolvers directly to catch discrepancies. The watch_stack tool persists vendor lists in session state so you can recheck your production dependencies in one call. Also ships incident response playbooks as structured output. Runs via stdio or streamable HTTP with 60-second result caching.
Check vendor status pages, inspect SSL/TLS certificates, verify DNS propagation, and get incident-response playbooks via MCP. STDIO or Streamable HTTP.
Public Hosted Server: https://devops-status.caseyjhand.com/mcp
Seven tools in three capability groups — vendor status (50 built-in vendors across Atlassian Statuspage, Status.io, Slack, AWS Health, and Firehydrant backends, normalized to one shape, + raw Statuspage URL passthrough), pure-TypeScript cert/DNS checks (any domain), and incident-response guidance:
| Tool | Description |
|---|---|
devops_list_vendors | List vendors in the built-in registry, optionally filtered by name or category. Returns slug, display name, category, and status page URL. |
devops_status_check | Check the current health status for one or more vendors. Returns per-vendor indicator (none / minor / major / critical), degraded components, and active incident summaries. |
devops_get_incidents | Fetch incident history for a vendor — active, resolved, or scheduled maintenance. Returns the full incident timeline with per-update bodies and affected components. |
devops_watch_stack | Check the health of a named vendor stack persisted in session state. Pass vendors once to save the list; subsequent calls reuse it. Returns an aggregate health rollup plus per-vendor detail. |
devops_check_certs | Inspect SSL/TLS certificate health for one or more domains via a real TLS handshake. Reports expiry, chain depth, protocol version, cipher suite, and HSTS presence. Pure TypeScript — no external API. |
devops_check_dns | Resolve DNS records and verify propagation for one or more domains across Google (8.8.8.8), Cloudflare (1.1.1.1), and Quad9 (9.9.9.9). Reports per-resolver latency and resolver discrepancies. Pure TypeScript — no external API. |
devops_suggest_action | Instruction tool — returns a tailored incident-response playbook and pre-filled follow-up tool calls given a vendor name and optional incident context. No external calls; fully deterministic. |
devops_list_vendorsDiscover available vendors before running status checks or configuring a stack.
query (matches name and slug, case-insensitive) and an optional category filtercloud, cdn-edge, dev-platform, data, comms, auth, monitoring, aiaws, gitlab, neon, slack, and redis-cloud served through native-API adapters)Built-in vendor registry:
| Category | Vendors |
|---|---|
cloud | digitalocean, linode, aws |
cdn-edge | cloudflare, akamai |
dev-platform | gitlab, github, npm, vercel, netlify, render, fly-io, circleci, travis-ci, snyk, atlassian, figma, launchdarkly |
data | mongodb-atlas, planetscale, supabase, neon, redis-cloud, elastic, influxdb, upstash, cloudinary, segment |
comms | slack, discord, twilio, sendgrid, mailgun, hubspot, brevo, courier, loops |
auth | auth0, clerk, workos |
monitoring | datadog, sentry, new-relic, grafana-cloud, honeycomb |
ai | openai, anthropic, elevenlabs, pinecone, cohere |
Most registry entries are Atlassian Statuspage endpoints; aws (AWS Health Dashboard), gitlab / neon (Status.io), slack (Slack's own status API), and redis-cloud (Firehydrant) are served through adapters that normalize into the same shapes, so every tool works identically for them. GCP and Azure publish no keyless machine-readable feed and remain out of the registry — Statuspage-compatible pages can still be reached by passing a raw base URL.
devops_status_checkBatch health snapshot across one or more vendors in a single call.
"github", "aws") or raw Atlassian Statuspage base URLs (e.g., "https://www.githubstatus.com") — mix freelymode: "summary" (default): indicator + degraded components + active incidentsmode: "detailed": adds full component list and scheduled maintenance windowsPromise.allSettled fan-out — one failing vendor does not block the rest; errors surface inlinecached: true flag on each resultdevops_get_incidentsFull incident timeline for a vendor with filter support.
filter: "all" (default): incidents plus scheduled maintenancesfilter: "active": only incidents with status investigating / identified / monitoringfilter: "resolved": only fully resolved incidentsfilter: "scheduled": only scheduled maintenance windowslimit (1–50) with offset for paging through longer history; a truncated result discloses the total and names the next offset to fetchfilter: "resolved" and filter: "scheduled" are always empty for awsdevops_watch_stackNamed, persisted vendor stack for recurring health sweeps.
vendors to define the stack — it is saved to tenant-scoped session state under stack_namevendors; the saved list is reused automaticallystack_name values (e.g., "production", "data-layer")all_operational / degraded / partial_outage / major_outage / unknown (a vendor could not be reached — errored vendors count as unavailable and never roll up as all_operational)devops_check_certsDirect TLS handshake inspection — no external API required.
https:// prefix) — up to 10 per callwarning at < 30 days, critical at < 7), certificate subject and SANs, issuer common name, chain depth, negotiated TLS version (flags 1.0 and 1.1 as insecure), cipher suiteStrict-Transport-Security response header"error") rather than throwing — useful partial results when checking multiple domainsdevops_check_dnsMulti-resolver DNS propagation check — no external API required.
devops_suggest_actionDeterministic incident-response guidance, no external calls.
aws or Amazon Web Services) — resolved to the canonical slug so the pre-filled follow-up arguments stay validnextToolSuggestions pre-populated with arguments from the provided context — execute in sequence to gather diagnostic datayour_domain populates cert and DNS check arguments automaticallyincident_summary / affected_components prepend a targeted section to the playbook and add a component re-check when they identify a subsystem (e.g. GitHub Actions → CI/CD-prioritized steps; Cloudflare DNS → DNS/TTL guidance)vendor_indicator — pass the indicator from devops_status_check to lead the playbook with severity-tailored urgency guidance (none / minor / major / critical)DEVOPS_STATUS_DISABLE_ACTIVE_PROBES=true, suggestions and playbook text replace the unregistered probe tools with equivalent manual commands (dig, openssl s_client)| Type | Name | Description |
|---|---|---|
| Resource | devops-status://vendors/{name} | Full registry entry for a vendor by slug — status page URL, category, API type. |
All resource data is also reachable via tools. Tool-only agents are fully supported.
Built on @cyanheads/mcp-ts-core:
none, jwt, oauthin-memory, filesystem, Supabase, Cloudflare KV/R2/D1DevOps-status-specific:
node:tls, node:dns)devops_watch_stack persists named vendor lists in tenant-scoped state for repeat morning checks or pre-deploy sweepsdevops_suggest_action dispatches category-specific playbooks deterministically — no LLM sampling dependency, works in all clientsAgent-friendly output:
devops_status_check, devops_watch_stack, devops_check_certs, devops_check_dns) use Promise.allSettled — one failing target never blocks the rest; errors surface as inline error fieldscached: true / checked_at on every status result — agents know when data was fetchednone / minor / major / critical; operational / degraded_performance / partial_outage / major_outage / under_maintenance) — callers branch on data, not string parsingnextToolSuggestions in devops_suggest_action pre-fills tool arguments from incident context — agents can execute the playbook mechanicallyA public instance is available at https://devops-status.caseyjhand.com/mcp — no installation required. Point any MCP client at it via Streamable HTTP:
{
"mcpServers": {
"devops-status-mcp-server": {
"type": "streamable-http",
"url": "https://devops-status.caseyjhand.com/mcp"
}
}
}
No API key required. Add the following to your MCP client configuration file:
{
"mcpServers": {
"devops-status-mcp-server": {
"type": "stdio",
"command": "bunx",
"args": ["@cyanheads/devops-status-mcp-server@latest"],
"env": {
"MCP_TRANSPORT_TYPE": "stdio",
"MCP_LOG_LEVEL": "info"
}
}
}
}
Or with npx (no Bun required):
{
"mcpServers": {
"devops-status-mcp-server": {
"type": "stdio",
"command": "npx",
"args": ["-y", "@cyanheads/devops-status-mcp-server@latest"],
"env": {
"MCP_TRANSPORT_TYPE": "stdio",
"MCP_LOG_LEVEL": "info"
}
}
}
}
Or with Docker:
{
"mcpServers": {
"devops-status-mcp-server": {
"type": "stdio",
"command": "docker",
"args": [
"run", "-i", "--rm",
"-e", "MCP_TRANSPORT_TYPE=stdio",
"ghcr.io/cyanheads/devops-status-mcp-server:latest"
]
}
}
}
For Streamable HTTP, set the transport and start the server:
MCP_TRANSPORT_TYPE=http MCP_HTTP_PORT=3010 bun run start:http
# Server listens at http://localhost:3010/mcp
git clone https://github.com/cyanheads/devops-status-mcp-server.git
cd devops-status-mcp-server
bun install
cp .env.example .env
# edit .env if you want to override defaults
No API keys required. All environment variables are optional.
| Variable | Description | Default |
|---|---|---|
DEVOPS_STATUS_CACHE_TTL_MS | In-memory cache TTL for vendor status reads (all backends) in milliseconds. | 60000 |
DEVOPS_STATUS_FETCH_TIMEOUT_MS | Per-request timeout for vendor status API calls (all backends) in milliseconds. | 8000 |
DEVOPS_STATUS_CERT_TIMEOUT_MS | Default timeout_ms for devops_check_certs (per-domain TLS handshake, milliseconds). A caller-passed timeout_ms overrides it. | 5000 |
DEVOPS_STATUS_DNS_TIMEOUT_MS | Default timeout_ms for devops_check_dns (per domain+resolver query, milliseconds). A caller-passed timeout_ms overrides it. | 3000 |
DEVOPS_STATUS_ALLOW_PRIVATE_TARGETS | When true, disables SSRF guards for user-supplied URLs and domains. For trusted local/intranet deployments only. | false |
DEVOPS_STATUS_DISABLE_ACTIVE_PROBES | When true, omits the arbitrary-target probe tools (devops_check_dns, devops_check_certs) from the registered tool surface; the five vendor-registry/incident tools remain. For shared/public multi-tenant instances. | false |
MCP_TRANSPORT_TYPE | Transport: stdio or http. | stdio |
MCP_HTTP_PORT | Port for HTTP server. | 3010 |
MCP_AUTH_MODE | Auth mode: none, jwt, or oauth. | none |
MCP_LOG_LEVEL | Log level (RFC 5424). | info |
LOGS_DIR | Directory for log files (Node.js only). | <project-root>/logs |
OTEL_ENABLED | Enable OpenTelemetry instrumentation. | false |
See .env.example for the full list of optional overrides.
Build and run:
bun run rebuild
bun run start:stdio
# or
bun run start:http
Run checks and tests:
bun run devcheck # Lint, format, typecheck, security
bun run test # Vitest test suite
bun run lint:mcp # Validate MCP definitions against spec
docker build -t devops-status-mcp-server .
docker run --rm -p 3010:3010 devops-status-mcp-server
The Dockerfile defaults to HTTP transport, stateless session mode, and logs to /var/log/devops-status-mcp-server. OpenTelemetry peer dependencies are installed by default — build with --build-arg OTEL_ENABLED=false to omit them.
| Path | Purpose |
|---|---|
src/index.ts | createApp() entry point — registers tools, resources, and inits services. |
src/config/ | Server-specific environment variable parsing and validation with Zod. |
src/mcp-server/tools/ | Tool definitions (*.tool.ts). |
src/mcp-server/resources/ | Resource definitions (*.resource.ts). |
src/services/cert/ | node:tls — TLS handshake, X.509 parsing, expiry and protocol flagging. |
src/services/dns/ | node:dns — multi-resolver DNS fan-out, propagation discrepancy detection. |
src/services/statuspage/ | Statuspage public API client with 60-second in-memory cache. |
src/services/status-adapters/ | Native-API adapters (Status.io, Slack, AWS Health, Firehydrant) + api_type dispatch, normalizing into the Statuspage shapes. |
src/services/vendor-registry/ | In-memory vendor registry loaded from src/data/vendor-registry.ts. |
src/data/ | Static vendor registry data file (vendor-registry.ts). |
tests/ | Vitest tests mirroring src/. |
See CLAUDE.md for development guidelines and architectural rules. The short version:
try/catch in tool logicctx.log for request-scoped logging, ctx.state for tenant-scoped storagesrc/mcp-server/*/definitions/index.tsdevops_check_certs and devops_check_dns use only Node.js stdlib — add no external deps for these pathsIssues and pull requests are welcome. Run checks and tests before submitting:
bun run devcheck
bun run test
Apache-2.0 — see LICENSE for details.
MCP_LOG_LEVELdefault: infoSets the minimum log level for output (e.g., 'debug', 'info', 'warn').
DEVOPS_STATUS_ALLOW_PRIVATE_TARGETSdefault: falseWhen 'true', disables SSRF guards for user-supplied URLs and domains. For trusted local/intranet deployments only. Leave unset or 'false' for hosted/public deployments.
MCP_HTTP_HOSTdefault: 127.0.0.1The hostname for the HTTP server.
MCP_HTTP_PORTdefault: 3010The port to run the HTTP server on.
MCP_HTTP_ENDPOINT_PATHdefault: /mcpThe endpoint path for the MCP server.
MCP_AUTH_MODEdefault: noneAuthentication mode to use: 'none', 'jwt', or 'oauth'.
io.github.infoinlet-marketplace/mcp-observability
betterdb-inc/monitor
com.mcparmory/datadog
thotischner/observability-mcp
io.github.tantiope/datadog-mcp
io.github.us-all/datadog