Opsphere logo

Opsphere

0

Thin client for Opsphere — all MCP tools run on the remote gateway (mcp-cursor.opsphere.io). Query logs, diagnose incidents, and manage Datadog, Vercel, GitHub, AWS, and more from Cursor. OAuth2 + PKCE; no backend code in the bundle.

1 rule

# Opsphere — DevOps Operational Intelligence Opsphere connects your DevOps tools to Cursor. Query logs, check deploys, search issues, diagnose incidents, and manage integrations — all from the chat, without leaving the IDE. The backend is a remote MCP server. All tool calls go to the Opsphere gateway. No tool logic runs locally. --- ## Available Tool Categories These tools are available once authenticated and integrations are configured: | Category | Provider | Tools | |----------|----------|-------| | Monitoring | Datadog | `dd_logs_search`, `dd_errors_by_service`, `dd_errors_recent`, `dd_synthetics_summary` | | Deployments | Vercel | `vercel_deploys_latest`, `vercel_project_status` | | Source Control | GitHub Enterprise | `ghe_repo_summary`, `ghe_actions_latest` | | Source Control | Bitbucket | `bb_pipelines_latest`, `bb_pipeline_diagnose` | | CDN / DNS | Cloudflare | `cf_quick_status`, `cf_dns_records` | | Issue Tracking | Jira | `jira_issue_get`, `jira_issues_search` | | Error Tracking | Sentry | `sentry_issues_list`, `sentry_issues_search` | | Cloud | AWS | `aws_sts_whoami`, `aws_cli_query` | | Network (built-in) | — | `dns_lookup`, `http_check`, `cert_status` | | Integration Mgmt | — | `ops_configure_integration`, `ops_list_integrations`, `ops_test_integration`, `ops_remove_integration` | | Plan & Usage | — | `ops_my_usage` | | Work context | — | `ops_set_work_context`, `ops_get_work_context` | | Operational memory | — | `memory_search`, `memory_store`, `memory_session_touch`, `memory_invalidate` | **Network tools (`dns_lookup`, `http_check`, `cert_status`) work immediately after login — no integration setup needed.** **Memory tools** appear only when the `memory` module is enabled for your tenant (`tenant_tools`, profile `cursor`). They store **distilled** notes from past sessions — not live ops truth. Always verify current state with Datadog, K8s, Vercel, or other live tools after reading memory. **Work context** is injected automatically when MCP connects (default cloud account + index of others). After signup, if `ops_my_usage` shows work context as not configured, run the `set-work-context` skill. For full text of a non-default account, use `ops_get_work_context` or resource `opsphere://tenant/account-context`. --- ## When to Suggest Integration Setup If a tool returns an error about missing credentials or an unconfigured provider: 1. Identify the provider from the tool name prefix: - `dd_` → Datadog - `vercel_` → Vercel - `ghe_` → GitHub - `bb_` → Bitbucket - `cf_` → Cloudflare - `jira_` → Jira - `sentry_` → Sentry - `aws_` → AWS 2. Suggest: "It looks like [Provider] is not configured yet. Say **'Configure my [Provider]'** and I will walk you through it." 3. Use the `configure-integration` skill for the full setup flow. --- ## Integration credentials — agent rules (mandatory) When a user needs to connect Datadog, Vercel, AWS, GitHub, or any other provider: 1. **Always** use the `configure-integration` skill — collect one credential at a time, then call **`ops_configure_integration(provider, credentials)`** with the full map in a single tool call. 2. **Never** ask the user to paste API keys, tokens, or passwords into free-form chat for general questions, troubleshooting, or work context. 3. **Never** store secrets in `ops_set_work_context`, `memory_store`, or any tool other than `ops_configure_integration`. 4. **Never** echo back full credential values in your reply — confirm success with provider name only (e.g. "Datadog connected"). 5. If the user pastes a secret outside the setup flow, acknowledge it and **immediately** move them into `configure-integration` → `ops_configure_integration`; remind them not to leave secrets in casual chat messages. Credentials persist **only** on the Opsphere gateway (encrypted, tenant-scoped). They are **not** written to this plugin repo, Cursor plugin files, or local disk. --- ## When to Suggest Signup / Re-login If the MCP connection fails with **401 Unauthorized** or tools are not visible: - The user likely has not set up an account yet, or their token has expired (tokens last 24 hours). - Suggest: "It looks like you need to authenticate. Say **'Set up my Opsphere account'**, run **`/opsphere-setup`**, or **`/opsphere-welcome`** for a quick start." For brand-new installs (no Connect yet), you may suggest **`/opsphere-welcome`** before full setup — it lists example prompts without running any shell scripts. --- ## Trial Expiration (TRIAL_EXPIRED) If the gateway returns error code `TRIAL_EXPIRED`: - Tell the user: "Your 30-day free trial has expired. Visit **https://opsphere.io/pricing** to continue using Opsphere." - Do not retry the request. - Do not suggest re-login — re-authentication will not fix an expired trial. --- ## Rate Limit (RATE_LIMIT_EXCEEDED) If the gateway returns error code `RATE_LIMIT_EXCEEDED`: - Tell the user how many calls they have used and when the limit resets (from `details.resetsAt` in the error body). - Suggest: "You can check your full plan status with `ops_my_usage`." - Do not retry the request automatically. --- ## Plan & Usage Visibility When the user asks about their plan, usage, trial status, remaining calls, or upgrade options: - Use `ops_my_usage` — no parameters required. - It returns: plan name, trial end date, days remaining, daily usage (used / limit / resets at), configured integrations count, and upgrade link. --- ## Example Prompts Users might say things like: - "Check my latest Vercel deploys" - "Search Datadog logs for errors in the last hour" - "What's failing in Sentry right now?" - "Is example.com up?" — triggers `dns_lookup` + `http_check` + `cert_status` - "Check the SSL cert for api.mycompany.com" - "Configure my Datadog" — triggers the `configure-integration` skill - "Tell Opsphere what I usually work with" — triggers the `set-work-context` skill - "Show PR #42 status in Bitbucket" - "Find Jira issues assigned to me" - "What GitHub Actions ran today on the main branch?" - "Show my usage" — triggers `ops_my_usage` - "Which integrations do I have configured?" — triggers `ops_list_integrations` - "Do we have memory about this outage before?" — `memory_search` with `scopes: ["incident"]` (and `repo` if known) - "Save this investigation summary for next time" — `memory_store` (`scope`: `user` or `session` for general notes; `incident` / `decision` for structured post-mortems) ### Memory quick selection | Need | Tool | |------|------| | Recall prior work / outage precedent | `memory_search` | | Save finding after investigation | `memory_store` | | Optional session heartbeat | `memory_session_touch` | | Remove stale memory | `memory_invalidate` | ### When to use memory (agent behavior) 1. **Before** repeating a long repo analysis or outage triage → `memory_search` (query ≥ 3 chars; optional `scopes`, `repo`). 2. **After** a useful investigation → `memory_store` with a **short** summary (no raw logs, no secrets). 3. **When outdated** → `memory_invalidate` with `status: stale` (owner or admin). 4. **Optional** at session start → `memory_session_touch` once (`repo` optional; inferred from `ghe_*` / `bb_*` / `repos_*` tool calls). Default scopes for partners: **session** + **user**. Use `scope=repository` only with explicit `repo` `org/name`. Use `scope=incident` (`kind=episodic` + `incident` object) or `scope=decision` (`decision` object) for post-mortems and ADR-lite. Do **not** store text that duplicates account catalog context (`cloud_accounts.system_prompt_context`). If `memory_store` returns `catalog_context_duplicate`, distill only session-specific findings or use `skip_catalog_duplicate_check=true` only when the user explicitly asks to override. If `memory_*` tools are missing from `tools/list`, the tenant does not have memory enabled — do not invent the tools; tell the user to contact Opsphere support or check signup plan. --- ## Important Constraints - Never invent tool names. Only call tools that exist in the list above. - Never ask the user to edit `mcp.json` or configure the MCP transport manually — the plugin handles this. - **Integration secrets:** collect only inside the `configure-integration` flow; persist **only** via `ops_configure_integration`. Never in free-form chat, work context, or memory. Never stored locally or in this repo. - When a tool is blocked (not in the free tier), explain the limitation briefly and mention the upgrade path at https://opsphere.io/pricing.