Connect Claude, Cursor, Windsurf, or any MCP-compatible AI tool directly to your ScryWatch logs for natural-language queries and debugging.

MCP Server

ScryWatch exposes a built-in Model Context Protocol (MCP) server that lets AI assistants — Claude Code, Claude Desktop, Cursor, Windsurf, and any MCP-compatible client — query your logs, patterns, alerts, and sessions using natural language.

Instead of switching to the dashboard, ask your AI assistant: “Show me the errors from the last hour” or “What patterns are firing in production?” and it queries ScryWatch directly.

What you’ll need

A ScryWatch project API key (create one in Settings > API Keys)
An MCP-compatible client (Claude Code, Claude Desktop, Cursor, Windsurf, etc.)

Step 1: Get your API key

Open the ScryWatch dashboard and go to Settings > API Keys.
Click Create API Key.
Copy the key — you’ll only see it once.

The key is scoped to a specific project. All MCP queries will return data from that project only.

Step 2: Configure your MCP client

Claude Code (CLI)

Create or edit .mcp.json in your project root:

{
  "mcpServers": {
    "scrywatch": {
      "type": "http",
      "url": "https://api.scrywatch.com/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_SCRYWATCH_API_KEY"
      }
    }
  }
}

Restart Claude Code. The ScryWatch tools will appear in your tool list.

Claude Desktop

Open Settings > Developer > MCP Servers and add:

{
  "scrywatch": {
    "type": "http",
    "url": "https://api.scrywatch.com/mcp",
    "headers": {
      "Authorization": "Bearer YOUR_SCRYWATCH_API_KEY"
    }
  }
}

Cursor

Open Settings > MCP and click Add MCP Server. Use:

Name: ScryWatch
Type: HTTP
URL: https://api.scrywatch.com/mcp
Headers: Authorization: Bearer YOUR_SCRYWATCH_API_KEY

Windsurf

Add to your MCP configuration file:

{
  "mcpServers": {
    "scrywatch": {
      "type": "http",
      "url": "https://api.scrywatch.com/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_SCRYWATCH_API_KEY"
      }
    }
  }
}

Any MCP Client

ScryWatch implements the MCP 2025-03-26 specification. It supports two transports:

Streamable HTTP (POST /mcp) — the current standard. Send JSON-RPC in the request body; include Accept: text/event-stream to receive SSE-streamed responses.
Legacy SSE (GET /mcp) — for older clients. Open a persistent SSE stream; the server sends an endpoint event with the POST URL, then keepalive comments every 15 seconds.

Any MCP-compatible client can connect to https://api.scrywatch.com/mcp with a Bearer token.

Step 3: Try it out

Once connected, try asking your AI assistant:

“Search my logs for errors in the last hour”
“What are the most frequent log patterns?”
“Show me recent alert firings”
“List all sessions with errors”
“What does the error distribution look like?”

The assistant will call the appropriate ScryWatch tools to answer your question.

Available tools

Your AI assistant gets access to 8 read-only tools:

Tool	What it does
search_logs	Search and filter log events with full-text search, level/service/environment filters, and pagination
get_log	Fetch a single log event by ID with full metadata
get_log_stats	Aggregate event counts grouped by level, type, and hour
get_log_facets	Value counts for level, type, service, environment, and device_type
list_alerts	List all alert rules configured for the project
get_alert_history	Recent alert firings with timestamps and matched event counts
list_sessions	User sessions with event counts and severity breakdowns
get_log_patterns	Log patterns ranked by frequency — identifies recurring issues

All tools are read-only. The MCP server cannot modify, delete, or create any data in your project.

How it works

ScryWatch implements the MCP 2025-03-26 specification over two transports.

Streamable HTTP (current standard)

Send JSON-RPC 2.0 requests to POST /mcp. The server follows the standard MCP lifecycle:

initialize — client connects; server returns capabilities and an Mcp-Session-Id header
notifications/initialized — client confirms ready (server returns 204 No Content)
tools/list — client requests available tools
tools/call — client invokes a tool; server queries your project data and returns results

Include Accept: text/event-stream to receive responses in SSE format (required for streaming-capable clients).

Legacy SSE (for older clients)

Open a persistent GET /mcp connection. The server immediately sends an endpoint event containing the absolute POST URL, then sends keepalive comments every 15 seconds. Submit JSON-RPC requests to that URL as usual.

Every request is authenticated with your API key. All queries are automatically scoped to your project — there is no way to access data from other projects or organizations.

Example: debugging a production issue

Imagine you’re investigating a spike in errors. Instead of switching to the dashboard:

You: “Search for error logs from the last 30 minutes in the payment service”

Assistant: (calls search_logs with level: "error", service: "payment", from: <30 min ago>)

Found 47 errors (showing 47)

[2026-03-16T14:32:01Z] [ERROR] [api_call] Connection refused to db-primary:5432 (service: payment) …

You: “What pattern is that? Is it new?”

Assistant: (calls get_log_patterns)

The pattern “Connection refused to {host}:{port}” has 47 occurrences. First seen 28 minutes ago.

You: “Are there any alerts configured for this?”

Assistant: (calls list_alerts)

You have 2 alert rules. “Error spike” triggers when error count > 10 in 5 minutes. It fired 25 minutes ago.

All of this happens without leaving your editor.

Security

Read-only access — the MCP server only exposes SELECT queries. No writes, deletes, or mutations.
Project-scoped — your API key is tied to a single project. Cross-project access is impossible.
Standard auth — uses the same requireApiKey middleware as the ingest endpoint. Keys are stored hashed with timing-safe comparison.
No data leaves Cloudflare — queries run on Cloudflare Workers against your D1 database. Log data is sent only to the MCP client that requested it.

Tip: Create a dedicated API key for MCP use. You can revoke it independently if needed without affecting your ingest pipeline.

Troubleshooting

“Tool not found” or empty tool list

Make sure the URL is exactly https://api.scrywatch.com/mcp (no trailing slash)
Restart your MCP client after adding the configuration

401 Unauthorized

Check that your API key is valid and hasn’t been revoked
Ensure the Authorization header format is Bearer <key> (with a space after Bearer)

Empty results

The API key must be associated with a project that has ingested logs
Check the time range — by default most tools query the last 24 hours

You’re done

You now have AI-powered access to your production logs from inside your editor. No context switching, no dashboard tabs, no manual queries.

Getting Started — Send your first logs
API Keys & Settings — Manage API keys
Pattern Intelligence — Understanding log patterns

MCP Server — Connect AI Models to Your Logs