Model Context Protocol server for evidence-driven incident triage with safe actions and workflow integrations.
Project description
incident-triage-mcp
incident-triage-mcp is a Model Context Protocol (MCP) server for incident response workflows.
It exposes auditable, tool-based incident triage capabilities that AI hosts/agents can call over MCP (stdio or streamable-http) without giving the model direct infrastructure access.
What It Provides
- MCP tools for incident triage and evidence retrieval
- Deterministic incident summaries from normalized evidence bundles
- Safe action gating (RBAC, confirm tokens, audit logging)
- Ticketing integrations (Jira / ServiceNow)
- Notification integrations (Slack / Teams)
- Optional Airflow workflow trigger integration
- Standalone mode (no Airflow required)
Typical Architecture
- Agent/LLM host calls MCP tools only
- MCP server enforces guardrails and orchestrates triage actions
- Airflow (optional) collects/normalizes evidence into an
EvidenceBundle v1 - Evidence backend can be filesystem (local) or S3-compatible storage (prod)
Install
pip install incident-triage-mcp
Optional AWS extras (S3 / CloudWatch / X-Ray related integrations):
pip install "incident-triage-mcp[aws]"
Run
MCP server (stdio)
MCP_TRANSPORT=stdio incident-triage-mcp
MCP server (HTTP)
MCP_TRANSPORT=streamable-http MCP_HTTP_AUTH_MODE=api_key MCP_HTTP_API_KEY=change-me incident-triage-mcp
Local LangGraph agent CLI
incident-triage-agent --incident-id INC-123 --service payments-api
Core Configuration (overview)
WORKFLOW_BACKEND=none|airflowEVIDENCE_BACKEND=fs|s3|none(legacyairflowmode still supported)MCP_TRANSPORT=stdio|streamable-httpMCP_HTTP_AUTH_MODE=none|api_key|jwt_hs256JIRA_PROVIDER=mock|cloud|servicenowNOTIFY_PROVIDER=slack|teams
Project Links
- GitHub: https://github.com/felixkwasisarpong/incident-triage-mcp
- Issues: https://github.com/felixkwasisarpong/incident-triage-mcp/issues
For full setup (Docker, Kubernetes, Airflow, Helm, provider configs, and demos), see the repository README.md.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file incident_triage_mcp-0.2.7.tar.gz.
File metadata
- Download URL: incident_triage_mcp-0.2.7.tar.gz
- Upload date:
- Size: 98.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
16f98059b597744eb2ab02885aeb4a544aa72e655add476deb855a25f5bb1389
|
|
| MD5 |
1581514e278b4cf29482bb5e2f7d1a23
|
|
| BLAKE2b-256 |
51a3552a9c0d2bf36fc925ead10b2a76c208b619ecb36a7294483a6234e514c9
|
File details
Details for the file incident_triage_mcp-0.2.7-py3-none-any.whl.
File metadata
- Download URL: incident_triage_mcp-0.2.7-py3-none-any.whl
- Upload date:
- Size: 77.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0bdd9bd5c7d1f85dc751586bb1fb19d86a1474c3fe3710724f7ec48c6ec74b8e
|
|
| MD5 |
b3ccc4e14b79a1e93a7f32c28c7011eb
|
|
| BLAKE2b-256 |
896a1e467bad00170b4548d1a3a060331b5f69e30619e0a823b984c7fba45faa
|
