Back to MCP Servers

incident.io MCP Server

Official remote MCP server from incident.io for incident management, alert handling, on-call scheduling, escalations, and AI-powered investigations.

Observability by incident.io OAuth2 active
Connect (Remote Server) Docs
Overview

The incident.io MCP server is an officially hosted remote MCP endpoint that connects any MCP-compatible AI assistant (Claude Desktop, Claude Code, Cursor, ChatGPT, and others) directly to your incident.io workspace. It exposes incidents, alerts, on-call schedules, escalation paths, catalog entries, follow-ups, and AI investigation data through a single HTTP endpoint at https://mcp.incident.io/mcp. The server superseded the earlier incident-io/incidentio-mcp-golang local prototype in March 2026 and is currently in Public Beta.

The server provides 30+ tools across six functional areas: incident analysis (history, stats, status updates), alert management (noise analysis, linked incidents), on-call operations (schedules, escalations, acknowledgments), AI investigation access (post-mortems, findings, archives), structured analysis playbooks, and telemetry queries across Datadog, Grafana, Splunk, Honeycomb, Elasticsearch, and GCP Cloud Logging. It also includes dedicated AI agent tools (ask, ask_incident, ask_telemetry) that proxy natural-language queries to the incident.io Agent.

Authentication supports two modes: OAuth2 for interactive users (actions are attributed to the user and inherit their dashboard permissions), and API keys passed as Bearer tokens for programmatic agents and automation pipelines. There is no local installation required, the server is enabled per workspace from Settings → MCP.

Tools

Tool Description
incident_list Search and browse incidents with filters
incident_show Full incident details with optional investigation data
incident_create Create a new incident
incident_update Update incident fields such as status, severity, and roles
incident_update_list Full status update history for an incident
incident_stats Aggregate counts and workload by dimensions
alert_list Search and browse alerts
alert_show Full alert details with linked incidents
alert_stats Alert counts with workload from linked incidents
alert_source_list List configured alert sources
escalation_list Search escalations (pages)
escalation_show Full escalation details with transition history
escalation_respond Acknowledge or decline a page
escalation_path_list List escalation paths
escalation_path_show Who would be paged at each level
escalation_stats Paging counts by path, priority, time of day
schedule_list List on-call schedules
schedule_show Schedule details with current and upcoming shifts
team_list List teams
team_show Team details with escalation paths and schedules
catalog_type_list List catalog types (Service, Team, etc.)
catalog_entry_list Browse entries in a catalog type
catalog_entry_show Full catalog entry with all attributes
follow_up_list List post-incident follow-ups
follow_up_create Create a follow-up on an incident
analysis_start Start structured operational analysis with playbooks, returns HTML report
investigation_sync Download full investigation as archive
ask AI agent for on-call queries and schedule management
ask_incident AI agent for incident investigation and management
ask_telemetry AI agent for querying logs, metrics, traces, dashboards across connected observability tools
resource_show Read organisation config and datasources
feedback Submit feedback about the MCP tools
Setup Guide

Prerequisites

  • An active incident.io workspace
  • MCP enabled from Settings → MCP (Public Beta)
  • For programmatic access: an API key with appropriate scopes (Settings → API keys)

Claude Code

claude mcp add incident-io --transport http https://mcp.incident.io/mcp

Claude Desktop

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "incident-io": {
      "url": "https://mcp.incident.io/mcp",
      "type": "http"
    }
  }
}

On first use the client launches the OAuth flow in your browser.

Cursor

  • Name: incident.io
  • Type: HTTP
  • URL: https://mcp.incident.io/mcp

Programmatic / Bearer token

For service accounts, pass an API key as a Bearer token in the Authorization header when connecting your MCP client. The key authenticates as a service actor rather than a specific user and does not expire until deleted.

Use Cases
  • Morning on-call handover: Ask "What happened overnight?" and pull a summary of all incidents, escalations, and acknowledgments since the previous shift.
  • Incident response from the IDE: Declare a new incident, update severity or status, and create follow-ups directly from Claude Code or Cursor while debugging.
  • On-call lookups: Check who is currently on call for a service, view upcoming shifts, and acknowledge or decline pages without leaving your AI assistant.
  • Alert noise analysis: Query alert stats and source breakdowns to identify noisy alert rules and the services generating the most paging volume.
  • Live investigations: Use ask_telemetry to query Datadog, Grafana, Splunk, Honeycomb, or Elasticsearch through natural language and correlate findings with active incidents.
Example Prompts
  • "Summarise all SEV1 and SEV2 incidents from the last 7 days grouped by affected service."
  • "Who is on call for the Payments team right now and for the next 24 hours?"
  • "Show me the open follow-ups from incident INC-482 and create a new one to add retry logic to the webhook handler."
  • "Use ask_telemetry to find error rate spikes in the checkout service Datadog dashboard over the last hour."
  • "List all unacknowledged escalations from the last 30 minutes and acknowledge the one assigned to me."
Pros
  • Officially built and hosted by incident.io, no local install or self-hosting needed
  • Comprehensive coverage of incidents, alerts, on-call, escalations, catalog, and follow-ups (30+ tools)
  • Built-in AI agent tools (ask, ask_incident, ask_telemetry) that connect through to telemetry sources like Datadog, Grafana, Splunk, and Honeycomb
  • Supports both OAuth (user-attributed) and API key (service actor) authentication
Limitations
  • Currently in Public Beta, behaviour and tool surface may change
  • Some features such as "Talk to Production" require the AI SRE add-on which is in Private Beta
  • Requires an incident.io workspace and admin access to enable the integration
Alternatives
  • PagerDuty MCP server for teams using PagerDuty for on-call and incident response instead of incident.io.
  • FireHydrant MCP integrations via Zapier or Composio for FireHydrant-based incident workflows.
  • Community Go implementations like incident-io/incidentio-mcp-golang (now archived/superseded) or klaviyo/incidentio-mcp for self-hosted setups.
More Observability MCP Servers
Axiom
Provider-hosted MCP server for Axiom's observability platform. Query datasets with APL, inspect schemas, monitor alerts, and manage dashboards.
Better Stack
Official Better Stack MCP server for uptime monitoring, incident response, on-call management, log/metric/error telemetry, and status pages.
Chronosphere
Read-only MCP bridge to Chronosphere's observability platform, exposing logs, metrics, traces, events, and config entities to AI agents.
Dynatrace
MCP server that brings real-time Dynatrace observability data into AI assistants, including problems, vulnerabilities, DQL queries, and Davis Copilot.