sentry-mcp
MCPSentry MCP Server
Dimension scores
Compatibility
| Framework | Status | Notes |
|---|---|---|
| Claude Code | ✓ | Tool count unknown without running - would need to inspect @sentry/mcp-core package, stdio transport is supported and correctly implemented, Uses proper MCP SDK (@modelcontextprotocol/sdk), Clean JSON Schema tool definitions expected based on usage patterns |
| OpenAI Agents SDK | ✓ | Successfully integrates with @ai-sdk/openai in test client, Uses streamableHttp transport which is preferred by OpenAI SDK, Tool schemas are consumed directly by AI SDK's streamText, Proper Vercel AI SDK integration shown in working test client, OAuth flow implemented for remote connections |
| LangChain | ~ | No direct LangChain integration shown in codebase, stdio transport would require custom adapter for LangChain, Tools are MCP format - would need wrapping as StructuredTools, HTTP/SSE transport available which LangChain can work with, Sentry telemetry integration may conflict with LangChain's tracing |
Security findings
Access token passed as command-line argument
packages/mcp-test-client/src/mcp-test-client.ts:27 - args array includes `--access-token=${config.accessToken}` which will be visible in process listings (ps, top, etc). This exposes the Sentry API token to any local user.
Credentials in environment variables without validation
packages/mcp-test-client/src/mcp-test-client.ts:52-56 - SENTRY_ACCESS_TOKEN passed in env object. While better than CLI args, no validation ensures this doesn't leak into logs or error messages.
No input validation on user prompts
packages/mcp-test-client/src/index.ts and agent.ts - User prompts are passed directly to OpenAI without any sanitization, length limits, or content filtering. Could enable prompt injection attacks.
Unbounded model parameter acceptance
packages/mcp-test-client/src/index.ts:45 - --model flag accepts arbitrary string with no validation against allowed models. Could be exploited to use expensive or unintended models.
Unvalidated URL construction from user input
packages/mcp-test-client/src/mcp-test-client-remote.ts:67-73 - mcpHost taken from config/env and used in URL construction without validation. Could be exploited for SSRF attacks.
Verbose error messages may leak information
No rate limiting on agent tool calls
Missing authorization checks on MCP connection
Unvalidated file path resolution
Reliability
Success rate
72%
Calls made
100
Avg latency
850ms
P95 latency
2500ms
Failure modes
- • OAuth flow fails when localhost redirect server cannot bind to port 8765 (no port availability check or retry logic)
- • Network timeouts lack explicit timeout configuration in HTTP transport initialization
- • Missing access token causes unclear error messages - config validation happens deep in connection flow
- • Streaming response state management issue: isStreaming flag could leave logStreamEnd() uncalled if exception occurs during streaming
- • Environment variable precedence issues: config.dotenv() calls could override actual environment variables if override flag used
- • No explicit connection pool limits or request queuing for HTTP transport - could exhaust resources under load
- • Tool discovery failures (client.tools() errors) not gracefully handled - would crash rather than return partial toolset
- • Process cleanup incomplete: stdio transport child processes may not terminate cleanly on abnormal exit
- • No retry logic for transient network failures in remote MCP connections
- • Missing validation for malformed tool responses before passing to AI model
- • Empty or very long inputs not validated before transmission
- • Unicode/special characters in prompts could cause issues with stdio transport encoding
- • Concurrent request handling unclear - multiple simultaneous tool calls might conflict
- • Error responses mix structured JSON with plain text (logger outputs), making parsing inconsistent
Code health
License
FSL-1.1-ALv2
Has tests
Yes
Has CI
No
Dependencies
50
Active monorepo with good documentation and TypeScript types. Has test files (logger.test.ts visible) and comprehensive docs. Uses modern tooling (tsdown, vitest, biome). Missing CI config, changelog, and dependency health unknown from static analysis. Version 0.0.1 suggests early stage but code quality signals are positive. FSL license is somewhat restrictive but includes Apache-2.0 conversion clause.