Already using the incident.io desktop app? You already have full access to everything on this page and more. The desktop app includes a local MCP server that provides all the tools described here, plus rich investigation file access, incident pinning, and the ability to post findings directly to incident channels. No additional setup is needed — if you’ve installed the desktop app, you’re set.The remote MCP server described here is for people who want to connect without installing the desktop app — for example, using Claude.ai in a browser, ChatGPT, or plugging incident.io into automated agent pipelines.
What you can do
Incident analysis and reporting
Ask questions across your entire incident history without manual data gathering:- “How many P1 incidents did we have this quarter, and which teams were most affected?”
- “What’s the trend in overnight responder workload by alert source?”
- “Show me the top 10 highest-workload incidents this month”
incident_stats tool supports 10 grouping dimensions (severity, status, type, mode, alert source, custom fields, roles, time periods) with workload breakdowns showing where responder time is spent — during working hours, late evening, or overnight.
Alert and noise analysis
Understand where alert noise is coming from and which areas generate the most on-call work:- “Which alerts result in actual incidents vs noise?”
- “Break down alert volume and workload by team and service”
- “What proportion of our pages happen overnight, and what triggers them?”
On-call and escalation management
Check schedules, respond to pages, and analyse paging patterns:- “Who’s on call for the platform team right now?”
- “What’s our ack rate by escalation path this month?”
- “Acknowledge the page for INC-456”
Incident management
Create and update incidents, manage follow-ups, and access investigation data:- “Create a P2 incident for the payments API degradation”
- “Update INC-123 to resolved”
- “What are the outstanding follow-ups from last week’s incidents?”
Deep investigation
For any specific incident, access AI investigation findings, post-mortem documents, and full status update history:- “Show me INC-123 with the investigation findings and post-mortem”
- “What was the root cause of our most recent major incident?”
Telemetry and observability
Query logs, metrics, traces, and dashboards across all the observability platforms you’ve connected via AI SRE — including Datadog, Grafana, Splunk, Honeycomb, Elasticsearch, GCP Cloud Logging, and more. This works for any debugging scenario, not just active incidents. Use it to investigate production issues, check service health, run ad-hoc queries, or pull data for reports:- “What are the error rates for the payments service over the last hour?”
- “Show me the logs around the time of INC-123”
- “Query the CPU and memory dashboards for the worker pods”
- “Are there any anomalies in the checkout service latency this week?”
- “Pull the Datadog traces for requests over 5 seconds”
Setup
The remote MCP server is available athttps://mcp.incident.io/mcp. There are two ways to authenticate, depending on your use case.
For interactive use (OAuth)
If you’re a human connecting via an AI assistant like Claude, ChatGPT, or Cursor, you’ll authenticate with your incident.io account via OAuth. The MCP client handles the flow — you just approve access in your browser when prompted. Actions are attributed to your user account, and you see the same data you’d see in the dashboard.- Claude Desktop
- Claude Code
- Codex
- Cursor
- ChatGPT
- Open Claude Desktop and go to Settings → Integrations → Add integration.
- Enter the server URL:
https://mcp.incident.io/mcp - Claude will redirect you to incident.io to authorise access.
- Once authorised, the incident.io tools will appear in Claude’s tool list.
For automated systems (API keys)
If you’re connecting programmatic agents, custom workflows, or automation pipelines, use an API key. API keys authenticate as a service actor rather than a specific user, and don’t expire until deleted.- Go to Settings → API keys in your incident.io dashboard.
- Create a new API key with the scopes you need.
- Pass it as a Bearer token in the
Authorizationheader when connecting your MCP client tohttps://mcp.incident.io/mcp.
Getting the most out of it
Read the configuration first
Before filtering or grouping, ask the tools for your organisation’s configuration — it lists your severity levels, custom fields, roles, and other values you’ll need:- Use the
resource_showtool withresource: "organisation", or - Read the
config://organisationresource directly (if your client supports MCP resources)
Use includes for deeper analysis
When investigating an incident, always request the investigation and post-mortem data:Start with stats, then drill in
For analytical questions, follow the stats → list → show pattern:incident_statsto get the shape (counts, workload, trends)incident_listto browse the interesting groupsincident_showto get full details on specific incidents
Send feedback
If you hit friction or wish a tool worked differently, use thefeedback tool to let us know. Your AI assistant will prompt you about this after completing tasks — approve the feedback to help us prioritise improvements.
Available tools
| Tool | Description |
|---|---|
incident_show | Full incident details with optional investigation, post-mortem, and update history |
incident_list | Search and browse incidents with filters, sortable by workload |
incident_create | Create a new incident |
incident_update | Update incident fields (status, severity, roles, custom fields) |
incident_stats | Aggregate counts and workload by 10+ dimensions |
incident_update_list | Full status update history for an incident |
alert_list | Search and browse alerts |
alert_show | Full alert details with linked incidents |
alert_source_list | List configured alert sources |
alert_stats | Alert counts with workload from linked incidents |
escalation_list | Search escalations (pages) |
escalation_show | Full escalation details with transition history |
escalation_respond | Acknowledge or decline a page |
escalation_stats | Paging counts by path, priority, time of day |
escalation_path_list | List escalation paths |
escalation_path_show | Who would be paged at each level |
schedule_list | List on-call schedules |
schedule_show | Schedule details with current and upcoming shifts |
follow_up_list | List post-incident follow-ups |
follow_up_create | Create a follow-up on an incident |
catalog_type_list | List catalog types (Service, Team, etc.) |
catalog_entry_list | Browse entries in a catalog type |
catalog_entry_show | Full catalog entry with all attributes |
ask | AI agent for on-call queries, schedule management, and general questions |
ask_incident | AI agent for incident investigation and management actions |
ask_telemetry | AI agent for querying logs, metrics, traces, and dashboards |
resource_show | Read organisation config, analysis playbook, or telemetry datasources |
feedback | Submit feedback about the tools |