MCP Server
Service evidence through MCP Server paths.
OpsDiag uses MCP Server evidence paths as the technical route from RCA questions to APIs, telemetry, deploy records, and alerting systems.
Proxy route
- Ask
- Proxy
- MCP Server
- Provider API
- Evidence
Evidence paths
Source, evidence, RCA question.
| Source | Evidence | RCA question |
|---|---|---|
| Kubernetes | Rollout state, ingress behavior, workload readiness, autoscaling pressure, service discovery, and node-level symptoms. | Did a rollout, readiness check, ingress path, or cluster condition match the first alert? |
| Cloud APIs | Regional symptoms, dependency health, infrastructure changes, routing state, security groups, and provider events. | Did provider state or recent infrastructure drift explain the affected scope? |
| Observability | Logs, metrics, traces, alerts, deploy markers, and dashboard signals aligned by time and impact. | Which telemetry changed first, and does it support or reject the current hypothesis? |
| Deploy history | Release notes, configuration updates, deploy markers, edge rules, and policy changes. | Which recent change sits closest to the symptom start and affected path? |
| Edge / WAF | CDN and WAF behavior, origin reachability, blocked requests, traffic shifts, and security policy changes. | Did edge behavior block, redirect, or degrade traffic before it reached the origin? |
| Alerting | Incident grouping, escalation context, duplicate alerts, ownership, and handoff notes. | Which alert thread should responders keep, merge, suppress, or hand off? |
MCP Server Proxy
A scoped route between agents and provider APIs.
Ask
Prompt enters MCP Server Proxy
RCA or CLI asks a scoped operational question instead of requesting broad provider access.
Route
Proxy selects evidence path
The proxy routes to the MCP Server that matches the service, provider, cluster, or alert context.
Query
MCP Server calls provider API
The MCP Server reaches the provider API or service system that holds the incident signal.
Return
Evidence returns to RCA
The evidence returns into the same RCA thread so responders can compare signals by impact and time.
CLI workflows
Codex CLI and Claude CLI can continue the RCA.
Codex CLI
codex "continue the RCA for this alert and show missing validation"
Continue a running RCA from the terminal and ask for the evidence that supports or weakens the current hypothesis.
Claude CLI
claude "challenge the current RCA and list safer next actions"
Use the same MCP evidence context to compare hypotheses, inspect deploy changes, or prepare a handoff note.