MCP Server

What the Model Context Protocol unlocks when your agentic editor can talk to your Atmos Pro workspace — triage failures, walk back through history, detect flapping, accelerate MTTR.

The Model Context Protocol is an open standard that lets LLM clients — Claude Code, Codex, Cursor, Continue, Cline — call tools on a remote server with the same identity and permissions as the user. Atmos Pro hosts an MCP server at https://atmos-pro.com/mcp so your agent can answer questions about your workspace's drift, deployments, workflow runs, and audit log without you ever opening the dashboard.

This page is about why that's interesting. For install steps, OAuth flow details, the full tool catalog, and security model mechanics, see MCP server configuration.

The dashboard answers "what's broken right now?". The MCP gives your agent the same answer plus the entire history that produced it.

With the Atmos Pro MCP, your agent can:

Triage failing stacks and components without opening the dashboard

Walk back through workflow runs to find when something started failing

Detect flapping infrastructure — drifted, remediated, drifted again

Get a structured failure category with a suggested next action, instead of regex over logs

Compare current stability against the previous period at the repo or workspace level

The catalog follows a single REST-style convention: every resource has a filterable list_<noun> and a single-row get_<noun>. Failing instances, pending approvals, running deployments aren't separate intent-named tools — they're filter arguments on the same broad list. This is deliberate: agents that don't have to memorize a dozen near-duplicate tools route faster and make fewer wrong calls.

Mean Time To Remediation is dominated by context-switching. Most of the wall-clock from "alert fires" to "fix merged" isn't writing the fix — it's bouncing between dashboard tabs, GitHub, your editor, and Slack to figure out what changed, who changed it, when it broke, and what the failure actually was. The MCP collapses that loop into your editor.

A typical remediation looks like this:

1
Detect. Drift detection or a failed run surfaces in the dashboard, a PR comment, or a Slack notification.
2
Triage in the editor. Ask your agent: "What instances are failing right now, and which ones are new since yesterday?" — one list_instances call with a status filter, one list_workflow_runs call to compare windows.
3
Root-cause. "Why did the latest apply on vpc/plat-ue1-prod fail?" — explain_workflow_failure returns a structured { category, suggestedAction }, so the agent routes on intent (fix_credentials vs fix_code vs rerun) instead of guessing at log text.
4
Trace. "What PR introduced this?" — list_commits and list_pull_requests filtered by the affected component.
5
Remediate. Either the agent dispatches a fix workflow (in a follow-up release, once write tools ship) or it opens a PR with the change.
6
Verify. The next workflow run shows up in list_workflow_runs; the agent confirms the failure category is now success.

The same loop without the MCP requires four browser tabs, two terminals, and a human who knows where everything lives. With it, the agent does the navigation and you read the synthesis.

Snapshots tell you what's broken. The MCP also exposes the trend.

get_repo_analytics matches the per-repo Analytics tab: workflow run counts, change failure rate, drift counts, success rate by stack, PR merge-time stats, top contributors. Compares an N-day window to the prior period.
get_workspace_insights matches the workspace-level Insights page (sidebar /insights).

These are how you ask "is our infrastructure getting more stable or less stable?" in the same conversation where you're triaging today's failure — instead of opening the dashboard and switching mental modes.

A few invariants hold whether you remember them or not. For the underlying mechanics — OAuth 2.1 with Dynamic Client Registration and PKCE, token TTLs, hashing, rate limits — see MCP server configuration.

No static credential to manage. No PAT to paste, no API key in your .env, no key to rotate. OAuth issues short-lived tokens; you never see, copy, or rotate them.
One workspace per token. Tokens are bound to a single workspace at consent time. To work across workspaces, install the client multiple times.
Scoped to what you can already do. Effective permissions are the intersection of your role and the scopes you granted at consent — the token can never act beyond what you yourself can do.
Destructive operations are off the table. Workspace deletion, billing changes, webhook configuration, and repository deletion are blocked at the actor-type guard, regardless of any scope claim.
Every call is audited. actor_type=mcp_client, the client name, the tool, and (redacted) arguments are recorded — you can see exactly what your agent has been doing.
One-click revocation. Settings → MCP Clients invalidates every token in a client's rotation chain immediately.

Install the MCP server

One-line install instructions for Claude Code, Codex, Cursor, Continue, and Cline.

Install Configuration reference

Model Context Protocol specification
MCP server configuration — install, OAuth flow, tool catalog, security model
Atmos Pro permission model
Audit log

Audit Log Troubleshooting

MCP Server

What the Model Context Protocol unlocks when your agentic editor can talk to your Atmos Pro workspace — triage failures, walk back through history, detect flapping, accelerate MTTR.

This page is about why that's interesting. For install steps, OAuth flow details, the full tool catalog, and security model mechanics, see MCP server configuration.

The dashboard answers "what's broken right now?". The MCP gives your agent the same answer plus the entire history that produced it.

With the Atmos Pro MCP, your agent can:

Triage failing stacks and components without opening the dashboard

Walk back through workflow runs to find when something started failing

Detect flapping infrastructure — drifted, remediated, drifted again

Get a structured failure category with a suggested next action, instead of regex over logs

Compare current stability against the previous period at the repo or workspace level

A typical remediation looks like this:

1
Detect. Drift detection or a failed run surfaces in the dashboard, a PR comment, or a Slack notification.
2
Triage in the editor. Ask your agent: "What instances are failing right now, and which ones are new since yesterday?" — one list_instances call with a status filter, one list_workflow_runs call to compare windows.
3
Root-cause. "Why did the latest apply on vpc/plat-ue1-prod fail?" — explain_workflow_failure returns a structured { category, suggestedAction }, so the agent routes on intent (fix_credentials vs fix_code vs rerun) instead of guessing at log text.
4
Trace. "What PR introduced this?" — list_commits and list_pull_requests filtered by the affected component.
5
Remediate. Either the agent dispatches a fix workflow (in a follow-up release, once write tools ship) or it opens a PR with the change.
6
Verify. The next workflow run shows up in list_workflow_runs; the agent confirms the failure category is now success.

The same loop without the MCP requires four browser tabs, two terminals, and a human who knows where everything lives. With it, the agent does the navigation and you read the synthesis.

Snapshots tell you what's broken. The MCP also exposes the trend.

get_repo_analytics matches the per-repo Analytics tab: workflow run counts, change failure rate, drift counts, success rate by stack, PR merge-time stats, top contributors. Compares an N-day window to the prior period.
get_workspace_insights matches the workspace-level Insights page (sidebar /insights).

No static credential to manage. No PAT to paste, no API key in your .env, no key to rotate. OAuth issues short-lived tokens; you never see, copy, or rotate them.
One workspace per token. Tokens are bound to a single workspace at consent time. To work across workspaces, install the client multiple times.
Scoped to what you can already do. Effective permissions are the intersection of your role and the scopes you granted at consent — the token can never act beyond what you yourself can do.
Destructive operations are off the table. Workspace deletion, billing changes, webhook configuration, and repository deletion are blocked at the actor-type guard, regardless of any scope claim.
Every call is audited. actor_type=mcp_client, the client name, the tool, and (redacted) arguments are recorded — you can see exactly what your agent has been doing.
One-click revocation. Settings → MCP Clients invalidates every token in a client's rotation chain immediately.

Install the MCP server

One-line install instructions for Claude Code, Codex, Cursor, Continue, and Cline.

Install Configuration reference

Model Context Protocol specification
MCP server configuration — install, OAuth flow, tool catalog, security model
Atmos Pro permission model
Audit log

Audit Log Troubleshooting

Atmos Pro

MCP Server

What Your Agent Can Do

With the Atmos Pro MCP, your agent can:

Triage failing stacks and components without opening the dashboard

Walk back through workflow runs to find when something started failing

Detect flapping infrastructure — drifted, remediated, drifted again

Get a structured failure category with a suggested next action, instead of regex over logs

Compare current stability against the previous period at the repo or workspace level

How This Accelerates MTTR

Stability Over Time

Security at a Glance

Where to Go Next

Install the MCP server

Reference

Atmos Pro

MCP Server

What Your Agent Can Do

With the Atmos Pro MCP, your agent can:

Triage failing stacks and components without opening the dashboard

Walk back through workflow runs to find when something started failing

Detect flapping infrastructure — drifted, remediated, drifted again

Get a structured failure category with a suggested next action, instead of regex over logs

Compare current stability against the previous period at the repo or workspace level

How This Accelerates MTTR

Stability Over Time

Security at a Glance

Where to Go Next

Install the MCP server

Reference