@dynatrace-oss/dynatrace-mcp-server 1.8.7 → 2.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +17 -0
- package/README.md +58 -10
- package/index.js +401 -9073
- package/package.json +3 -2
- package/server.json +2 -2
- package/ui/execute-dql/index.html +162 -141
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,22 @@
|
|
|
1
1
|
# @dynatrace-oss/dynatrace-mcp-server
|
|
2
2
|
|
|
3
|
+
## Unreleased
|
|
4
|
+
|
|
5
|
+
## 2.0.1
|
|
6
|
+
|
|
7
|
+
- Fixed: Human approval elicitation now defaults to `true`, so users only need to press Accept instead of having to toggle the value first.
|
|
8
|
+
|
|
9
|
+
## 2.0.0
|
|
10
|
+
|
|
11
|
+
- **Breaking**: Raised the minimum supported Node.js version from `22.10.0` to `24.0.0`.
|
|
12
|
+
- **Breaking**: Removed`create_workflow_for_notification` tool. The tool was not heavily used and `dtctl` provides more flexibility. If you relied on this tool, please create Dynatrace workflows manually via the Dynatrace UI, `dtctl`, or the Automations API.
|
|
13
|
+
- **Breaking**: Removed `make_workflow_public` tool. The tool was not heavily used and `dtctl` provides more flexibility. If you relied on this tool, please update workflow visibility manually via the Dynatrace UI, `dtctl`, or the Automations API.
|
|
14
|
+
- **Deprecation**: Using `--http` mode without a bearer token is deprecated and will be removed in a future release.
|
|
15
|
+
- Added `MCP_BEARER_TOKEN` environment variable to secure `--http` mode.
|
|
16
|
+
- Several security improvements when running in `--http` mode
|
|
17
|
+
- OAuth Authorization Code Flow tokens are now persisted to the OS keychain (macOS Keychain, Windows Credential Manager, or Linux Secret Service), so the browser authentication window only opens once per token lifetime instead of on every server restart.
|
|
18
|
+
- Updated `@dynatrace-sdk/client-classic-environment-v2` (5.1.0 → 5.2.3), `@dynatrace-sdk/client-davis-analyzers` (1.9.8 → 1.10.0), `@dynatrace-sdk/client-document` (1.29.0 → 1.31.0), `@dynatrace-sdk/client-platform-management-service` (1.6.3 → 1.7.0), `@dynatrace-sdk/client-query` (1.18.1 → 1.25.0), `@dynatrace-sdk/shared-errors` (1.0.0 → 1.0.2), `@dynatrace/openkit-js` (4.1.0 → 4.2.0), `@dynatrace/strato-icons` (2.1.0 → 2.3.0), `@modelcontextprotocol/ext-apps` (1.0.1 → 1.2.2), `commander` (14.0.0 → 14.0.3), `zod` (4.1.0 → 4.1.13), and `zod-to-json-schema` (3.25.0 → 3.25.1).
|
|
19
|
+
|
|
3
20
|
## 1.8.7
|
|
4
21
|
|
|
5
22
|
- Added a human approval gate to the `create_dynatrace_notebook` tool, consistent with other write-capable tools.
|
package/README.md
CHANGED
|
@@ -24,9 +24,15 @@
|
|
|
24
24
|
</a>
|
|
25
25
|
</h4>
|
|
26
26
|
|
|
27
|
-
|
|
27
|
+
## 🛠️ MAINTENANCE MODE
|
|
28
28
|
|
|
29
|
-
|
|
29
|
+
Please note, that this repository is currently in [_Maintenance Mode_](https://github.com/dynatrace-oss/dynatrace-mcp/issues/496). We will continue fixing/patching issues when they come up.
|
|
30
|
+
|
|
31
|
+
**Recommended Actions**
|
|
32
|
+
|
|
33
|
+
> 🚀 **Try [Dynatrace-for-Ai](https://github.com/Dynatrace/dynatrace-for-ai/) and [`dtctl`](https://github.com/dynatrace-oss/dtctl)** (recommended for local development use cases like VS Code, IntelliJ, Claude Code, Cursor and alike)
|
|
34
|
+
|
|
35
|
+
> **Try out our new [Remote Dynatrace MCP Server](https://www.dynatrace.com/hub/detail/dynatrace-mcp-server/)!** Now available - no local setup required, connect instantly to your Dynatrace environment from any MCP-compatible client. See our [migration guide](docs/remote-mcp-migration.md) for a comparison and step-by-step instructions. This setup is recommended when connecting another Agent (e.g., Atlassian Rovo, GitHub Coding Agent and alike) to Dynatrace.
|
|
30
36
|
|
|
31
37
|
The local _Dynatrace MCP server_ allows AI Assistants to interact with the [Dynatrace](https://www.dynatrace.com/) observability platform,
|
|
32
38
|
bringing real-time observability data directly into your development workflow.
|
|
@@ -39,7 +45,7 @@ https://github.com/user-attachments/assets/25c05db1-8e09-4a7f-add2-ed486ffd4b5a
|
|
|
39
45
|
|
|
40
46
|
## Prerequisites
|
|
41
47
|
|
|
42
|
-
- **Node.js
|
|
48
|
+
- **Node.js v24 or newer** is required to run the Dynatrace MCP Server.
|
|
43
49
|
|
|
44
50
|
## Quickstart
|
|
45
51
|
|
|
@@ -49,7 +55,9 @@ Furthermore, you need to configure the URL to a Dynatrace environment:
|
|
|
49
55
|
|
|
50
56
|
- `DT_ENVIRONMENT` (string, e.g., `https://abc12345.apps.dynatrace.com`) - URL to your Dynatrace Platform (do not use Dynatrace classic URLs like `abc12345.live.dynatrace.com`)
|
|
51
57
|
|
|
52
|
-
Authentication will be handled via Authorization Code Flow in your browser, you don't need to define a Platform Token nor an OAuth Client to get started.
|
|
58
|
+
Authentication will be handled via Authorization Code Flow in your browser, you don't need to define a Platform Token nor an OAuth Client to get started. After the initial authentication, your token is securely stored in the **OS keychain** (macOS Keychain, Windows Credential Manager, or Linux Secret Service) and reused on subsequent server starts, so the browser only opens once per token lifetime.
|
|
59
|
+
|
|
60
|
+
If you are running in a headless/container environment where the OS keychain is unavailable, set `DT_MCP_TOKEN_STORAGE=file` to persist tokens in `~/.config/dynatrace-mcp/` instead.
|
|
53
61
|
|
|
54
62
|
Once you are done, we recommend looking into [example prompts](#-example-prompts-), like `Get all details of the entity 'my-service'` or `Show me error logs`. Please mind that these prompts lead to executing DQL statements which may incur [costs](#costs) in accordance to your licence.
|
|
55
63
|
|
|
@@ -91,7 +99,7 @@ Once you are done, we recommend looking into [example prompts](#-example-prompts
|
|
|
91
99
|
- Querying Data from Grail (e.g., `execute_dql`, `verify_dql`, `generate_dql_from_natural_language`, `explain_dql_in_natural_language`)
|
|
92
100
|
- Entity Discovery (e.g., `find_entity_by_name`)
|
|
93
101
|
- [Dynatrace Intelligence](https://www.dynatrace.com/platform/artificial-intelligence/) (e.g., `chat_with_davis_copilot`, `list_davis_analyzers`, `execute_davis_analyzer`)
|
|
94
|
-
- Automation & Notifications (e.g., `
|
|
102
|
+
- Automation & Notifications (e.g., `send_slack_message`, `send_email`, `send_event`)
|
|
95
103
|
- Share results (e.g., `create_dynatrace_notebook`)
|
|
96
104
|
|
|
97
105
|
### Costs
|
|
@@ -252,10 +260,18 @@ Or manually in your `~/.gemini/settings.json` or `.gemini/settings.json`:
|
|
|
252
260
|
|
|
253
261
|
### HTTP Server Mode (Alternative)
|
|
254
262
|
|
|
263
|
+
> **💡 Recommendation:** Instead of self-hosting with `--http` / `--server`, consider using the official [Dynatrace Remote MCP Server](https://www.dynatrace.com/hub/detail/dynatrace-mcp-server/) — it is more secure, always up to date, and requires no infrastructure management.
|
|
264
|
+
|
|
255
265
|
For scenarios where you need to run the MCP server as an HTTP service instead of using stdio (e.g., for stateful sessions, load balancing, or integration with web clients), you can use the HTTP server mode:
|
|
256
266
|
|
|
257
267
|
**Running as HTTP server:**
|
|
258
268
|
|
|
269
|
+
Please secure your server with a bearer token:
|
|
270
|
+
|
|
271
|
+
```bash
|
|
272
|
+
export MCP_BEARER_TOKEN=<bearer-token>
|
|
273
|
+
```
|
|
274
|
+
|
|
259
275
|
```bash
|
|
260
276
|
# Get help and see all available options
|
|
261
277
|
npx -y @dynatrace-oss/dynatrace-mcp-server@latest --help
|
|
@@ -269,7 +285,7 @@ npx -y @dynatrace-oss/dynatrace-mcp-server@latest --http --port 3001
|
|
|
269
285
|
|
|
270
286
|
# Run with custom host/IP (using short or long flag)
|
|
271
287
|
npx -y @dynatrace-oss/dynatrace-mcp-server@latest --http --host 127.0.0.1 # recommended for local computers
|
|
272
|
-
npx -y @dynatrace-oss/dynatrace-mcp-server@latest --http --host 0.0.0.0 #
|
|
288
|
+
npx -y @dynatrace-oss/dynatrace-mcp-server@latest --http --host 0.0.0.0 # required for container (binds all interfaces; omitting --host defaults to 127.0.0.1)
|
|
273
289
|
npx -y @dynatrace-oss/dynatrace-mcp-server@latest --http -H 192.168.0.1 # recommended when sharing connection over a local network
|
|
274
290
|
|
|
275
291
|
# Static OAuth callback port (useful when the port must be exposed, e.g., when running the MCP in a container)
|
|
@@ -286,7 +302,42 @@ npx -y @dynatrace-oss/dynatrace-mcp-server@latest --version
|
|
|
286
302
|
"mcpServers": {
|
|
287
303
|
"dynatrace-http": {
|
|
288
304
|
"url": "http://localhost:3000",
|
|
289
|
-
"transport": "http"
|
|
305
|
+
"transport": "http",
|
|
306
|
+
"headers": {
|
|
307
|
+
"Authorization": "Bearer <bearer-token>"
|
|
308
|
+
}
|
|
309
|
+
}
|
|
310
|
+
}
|
|
311
|
+
}
|
|
312
|
+
```
|
|
313
|
+
|
|
314
|
+
#### Bearer Token Authentication (`MCP_BEARER_TOKEN`)
|
|
315
|
+
|
|
316
|
+
When running in HTTP mode you can protect the server with a bearer token:
|
|
317
|
+
|
|
318
|
+
| Behavior | Detail |
|
|
319
|
+
| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
|
320
|
+
| `MCP_BEARER_TOKEN` **set** | Every HTTP request must include an `Authorization: Bearer <token>` header. Requests without a valid token receive `401 Unauthorized`. |
|
|
321
|
+
| `MCP_BEARER_TOKEN` **not set** | **Deprecated** The server starts with a warning printed to stderr and accepts all requests without authentication. **Not recommended for production or any network-exposed deployment.** |
|
|
322
|
+
|
|
323
|
+
**Generating a secure token:**
|
|
324
|
+
|
|
325
|
+
```bash
|
|
326
|
+
export MCP_BEARER_TOKEN=$(openssl rand -base64 32)
|
|
327
|
+
npx -y @dynatrace-oss/dynatrace-mcp-server@latest --http
|
|
328
|
+
```
|
|
329
|
+
|
|
330
|
+
**Configuring the MCP client to send the token:**
|
|
331
|
+
|
|
332
|
+
```json
|
|
333
|
+
{
|
|
334
|
+
"mcpServers": {
|
|
335
|
+
"dynatrace-http": {
|
|
336
|
+
"url": "http://localhost:3000",
|
|
337
|
+
"transport": "http",
|
|
338
|
+
"headers": {
|
|
339
|
+
"Authorization": "Bearer <your-token>"
|
|
340
|
+
}
|
|
290
341
|
}
|
|
291
342
|
}
|
|
292
343
|
}
|
|
@@ -382,9 +433,6 @@ Depending on the features you are using, the following scopes are needed:
|
|
|
382
433
|
**Available for both Platform Tokens and OAuth Clients:**
|
|
383
434
|
|
|
384
435
|
- `app-engine:apps:run` - needed for almost all tools
|
|
385
|
-
- `automation:workflows:read` - read Workflows
|
|
386
|
-
- `automation:workflows:write` - create and update Workflows
|
|
387
|
-
- `automation:workflows:run` - run Workflows
|
|
388
436
|
- `app-settings:objects:read` - read app-settings - needed for `send_slack_message` tool to read connection details from App-Settings
|
|
389
437
|
- `storage:buckets:read` - needed for `execute_dql` tool to read all system data stored on Grail
|
|
390
438
|
- `storage:logs:read` - needed for `execute_dql` tool to read logs for reliability guardian validations
|