Argosvix
Docs menuMCP server

MCP Server

Alpha live on npm — install with @argosvix/mcp-server@alpha. Stable (1.0) is in the works.


What it does

Through the Model Context Protocol (MCP), MCP-capable clients (Claude Desktop, Cursor, Codex CLI, anything else that speaks MCP) can observe, query, manage, and operate Argosvix data directly. The server exposes 87 tools + 3 resources + 8 resource templates + 3 prompts = 101 entities in total (84 of the tools are generally available; the remaining 3 are reserved for service operations), over both stdio and HTTP transports.

Sample usage

# In Claude Desktop chat
You:    Which model had the highest cost this month?
Claude: (invokes get_cost_summary on the argosvix MCP server)
Claude: claude-opus-4-1-20250805 was invoked 23 times at $0.452,
        which is 95% of the total Anthropic spend.
# In Cursor's AI agent
You:   gpt-5.5 has been feeling slow lately — what's going on?
Agent: (looks via query_calls + argosvix://traces/{id})
Agent: 3 of the last 10 calls hit 429 rate-limits, clustered around peak hours.
       The other 7 ran at normal latency.
# In Claude Desktop, mutating ops
You:    Add "be polite" to the customer support prompt.
Claude: (uses update_prompt to patch the template)
Claude: Added. The production label is unchanged.

Install

# stdio mode (subprocess driven by Claude Desktop, Cursor, etc.)
npm install -g @argosvix/mcp-server@alpha

Claude Desktop config

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "argosvix": {
      "command": "argosvix-mcp",
      "env": {
        "ARGOSVIX_API_KEY": "argk_..."
      }
    }
  }
}

Issue an API key at the dashboard API keys page. Restart Claude Desktop and tools like query_calls will appear.

About key permissions: keys issued by npx @argosvix/cli init are least-privilege (read + record ingest only) and cannot call write tools like deletes or prompt changes. Keys issued from the dashboard currently have full access. Unless you specifically want your agent to perform write operations, we recommend handing agents the least-privilege CLI-issued key.

Cursor config

If you use Cursor, you can add the server in one click (then replace YOUR_API_KEY with your own argk_... key):

+ Add Argosvix MCP to Cursor

Manual setup:

Add to ~/.cursor/mcp.json:

{
  "mcpServers": {
    "argosvix": {
      "command": "argosvix-mcp",
      "env": {
        "ARGOSVIX_API_KEY": "argk_..."
      }
    }
  }
}

Restart Cursor and Argosvix tools become available from the AI agent settings.

Codex CLI config

Add to ~/.codex/config.toml:

[mcp_servers.argosvix]
command = "argosvix-mcp"
env = { ARGOSVIX_API_KEY = "argk_..." }

Common failure patterns

SymptomCause / fix
argosvix-mcp: command not foundRe-run npm install -g @argosvix/mcp-server@alpha. Node.js 20 or newer is required.
argosvix does not appear in the tool listFully restart the client (Claude Desktop / Cursor). Check the config file for JSON syntax errors or key typos.
ARGOSVIX_API_KEY env var is requiredSet the env var. Issue a key at the dashboard API keys page — copy the value starting with argk_.
401 auth errorThe key may be invalid, expired, or revoked. Issue a new one and update the config.
404 endpoint not foundIf you override ARGOSVIX_API_BASE, verify its value. Default is https://ingest.argosvix.com.
HTTP transport rejects subscribe (-32601 Method not found)HTTP transport does not support subscribe. Use stdio transport when you need real-time updates.

Trimming the tool list (core profile)

If you don't need all 87 tools all the time, set ARGOSVIX_MCP_PROFILE=core to expose only the 11 day-to-day essentials (querying and aggregating records, cost, latency, health check, anomaly detection, basic alert operations, and resolving deployed prompts). This reduces client context usage and tool-selection confusion.

{
  "mcpServers": {
    "argosvix": {
      "command": "npx",
      "args": ["-y", "@argosvix/mcp-server"],
      "env": {
        "ARGOSVIX_API_KEY": "argk_...",
        "ARGOSVIX_MCP_PROFILE": "core"
      }
    }
  }
}

The default is full (all tools). Calling a tool outside the profile returns an error with instructions to switch to full.

HTTP transport mode

# Remote MCP server / multi-tenant. Per-request Bearer auth.
argosvix-mcp --http

# Alternate port / bind:
MCP_HTTP_PORT=4000 MCP_HTTP_HOST=0.0.0.0 \
MCP_HTTP_ALLOWED_HOSTS=mcp.example.com \
  argosvix-mcp --http

Send JSON-RPC bodies to POST /mcp with the API key in the Authorization header. localhost binds have DNS rebinding protection by default. Non-localhost binds require an explicit MCP_HTTP_ALLOWED_HOSTS; otherwise the server fails closed. See README Security notes for details.


Tools (87 total; 3 of them operator-only)

Autonomous AI ops (diagnostics & proposals)

ToolPurpose
classify_calls_batchRuns an on-demand safety classification pass over your account's unclassified calls (OpenAI Moderation via POST /v1/safety-assessments/scan-batch). Complements the automatic background scan (every 15 minutes) with an immediate "scan now" trigger. Pro+ plan required (Free relies on the automatic scan); backend enforces plan + budget gates. maxRecords is 1-100 (default 50). Returns { scanned, assessed, flagged, failures, skipped }. The results are marked as MCP-triggered to distinguish them from scheduled scans. Audit: emits safety.scan_batch_run to the audit log. Rate limit: 30 requests per 60-second fixed window (429 + Retry-After header; enforced account-wide). Example prompt: "classify all calls from last week" in one prompt.
get_account_healthReturns a one-shot health summary of your LLM infra, folding aggregates, percentiles, LLM budget, and recent audit events into a single response: per-window (1h / 24h / 7d) call count + cost + error rate (percent 0-100) + p50/p95/p99 latency (ms) + budget % used (0-100) + recent event count + an ok / warn / critical verdict. Thresholds: critical = errorRate ≥ 10% / budget ≥ 90% / p95 ≥ 10s; warn = ≥ 3% / ≥ 70% / ≥ 3s. Resilient to per-endpoint failures (returns partial results with a partialFailures array). Example prompt: "how is my LLM infra doing right now?" in one prompt.
propose_alert_rulesAnalyzes the past lookbackDays (7-30, default 14) of call patterns and proposes alert rules in JSON for cost_daily / latency_p95 / error_rate / anomaly_cost. Proposal-only (zero side effects); the customer reviews and applies via create_alert separately. Alert types already configured land in a skipped array with reason. Baseline = past daily-mean cost (USD), p95 latency (ms), observed error rate (percent 0-100), daily call count. The proposed thresholdValue for error_rate is also in percent (matching the backend create_alert contract). Example prompt: "design a sensible alert set from my traffic pattern" — one prompt to get baseline + 4 proposals.
detect_anomalyCompares the current window against the baseline window (same length, one period earlier) and flags anomalies across 4 axes: cost / latency / error_rate / call_volume. Sensitivity tunable via threshold: sensitive (= 1.5×) / normal (= 2×, default) / conservative (= 3×). Each anomaly carries a severity (minor / major / critical) and an explanation. error_rate is evaluated and displayed in percent (0-100) to match backend units; the +5 pp buffer applies in percent too. When baseline records are under 10, returns anomalies: [] with a warning. Example prompt: "anything unusual going on?" — a single prompt scans all 4 axes.
propose_eval_criteriaAsks an LLM judge (gpt-4o-mini) to propose evaluation criteria tailored to your use case (POST /v1/eval-criteria/propose). Inputs: useCaseHint (1-500 chars, required, e.g. "customer support bot for an e-commerce site") and optional sampleCallIds (up to 5, account-scoped representative calls). Returns up to maxCriteria (1-10, default 5) criteria, each with name (snake_case ≤ 32 chars) + rubric (1-200 chars) + scaleMin (= 1) + scaleMax (5 or 10) + reasoning (1-200 chars). Pro+ only; backend enforces plan + budget + decrypt + LLM call. Proposal-only — nothing is created automatically (you apply it via create_eval_criterion separately, so LLM hallucination impact is structurally bounded). Sample decrypt failures are reported in partialFailures (the LLM call still runs without samples). Audit: emits eval.propose_criteria. Rate limit: 30 requests per 60-second fixed window (429 + Retry-After header; enforced account-wide). Example prompt: "propose criteria to measure my prompt's quality" — one prompt to get 5 proposals.

Autonomous AI ops (billing operations — operator-only)

ToolPurpose
extend_customer_trialExtends the Stripe subscription trial on your own account by 1-30 days (POST /v1/tier2/trial/extend). Cumulative cap of 60 days (aggregated from the past 30 days of audit log); returns 409 unless the subscription status is trialing. dryRun must be passed explicitly, and dryRun=false additionally requires an idempotencyKey (16-128 chars) — re-calling with the same key returns the cached result. Operator-only (other accounts receive 403).
apply_promo_code_to_customerApplies a promotion code already registered in Stripe (e.g. "LAUNCH50") to your own account's subscription (POST /v1/tier2/promo/apply). Returns 409 if an active discount already exists, or if the subscription status is canceled / incomplete_expired. dryRun=true previews the resolved discount without touching Stripe; dryRun=false applies it (idempotencyKey required, same-key re-calls return the cached result). Operator-only (other accounts receive 403).

Autonomous AI ops (alert auto-remediation)

ToolPurpose
auto_silence_noisy_alertBatch-silences alerts that have been firing too often. Pass alertId (single mute) or byVolumeThreshold (silence every alert that fired ≥ N times in the past hour); silenceDurationMinutes defaults to 60 (range 5-1440). dryRun=true (default) previews matches with their fire counts; dryRun=false updates the silence expiry and emits tier2.auto_silence_noisy_alert per silenced alert with deterministic idempotency. Reversible via the existing unsilence_alert tool. The operation stays within your own account and is reversible, so it is available to any Pro+ user. Example prompt: "alert X has been firing 50 times an hour, silence it for the next hour" in one prompt.

Autonomous AI ops (data cleanup & recovery)

ToolPurpose
purge_expired_plaintextBulk-deletes retention-expired stored plaintext (prompt and completion content and related fields) from your call records. olderThanDays (1-365, default 30) sets the cutoff. dryRun=true (default) previews affected rows; dryRun=false executes. Emits tier2.purge_expired_plaintext to the audit log with deterministic idempotency. Pro+ plans only (Free gets 403). A real purge (dryRun=false) requires an approvalId: create one with request_approval (action: purge_expired_plaintext) and have a human approve it first — deleting stored plaintext is irreversible. Example prompt: "purge any plaintext older than 30 days" — dry-run, request approval, then execute.
retry_failed_webhookRe-queues failed Stripe webhook events. Either pass eventIds (up to 100) for specific events, or fromTimestamp / toTimestamp (7-day window cap) to range-select. dryRun=true (default) previews matches; dryRun=false emits a per-event audit row marked for manual redispatch. Emits tier2.retry_failed_webhook per event to the audit log with deterministic idempotency. Operator-only (billing-webhook recovery is a cross-account internal operation, so it will not be opened up). Example prompt: "retry every Stripe webhook failure from last week" in one prompt.

Observability (LLM calls)

ToolPurpose
query_callsFetch recent call records. Filter by provider / model / time / tags / latency range (latencyMin / latencyMax, ms). Paginate with the beforeTimestamp + beforeId cursor (timestamp-descending only).
get_cost_summaryAggregate cost / call count / tokens by provider or model over a window.
aggregate_callsAggregation cube grouped by provider / model / day / hour / minute / tag, with metric cost / latency / tokens / count / error_rate. Hour mode supports up to 168h, minute mode up to 60min.
get_percentilesReturns p50 / p95 / p99 / p99.9 / max for call latency or cost. Add groupBy to get a daily / hourly / minute series instead of a single window.
export_callsLarge batch export with per-plan caps (Free 1,000 / Pro 50,000). Available on all plans. Returns the same JSON shape as query_calls, ready for CSV or stats.
bulk_delete_callsDelete up to 100 call records by ID in a single transaction. Pass dryRun: true to preview the match count first. The operation is recorded as calls.bulk_deleted in the audit log. Related traces, annotations, and eval scores are deleted along with the records.

Saved views

ToolPurpose
list_saved_viewsList the account's saved /calls filters (range, provider, model, limit, preset). Max 20 per account.
create_saved_viewCreate or overwrite (same-name) a saved filter. Lets an agent persist favorite filter combinations such as "last week, GPT-4 only" under a name.
delete_saved_viewDelete a saved view.

Audit log

ToolPurpose
list_audit_logRead the account's audit log. Filter by eventType / targetKind / actorUserId / time range and paginate via cursor. Required for Team plan operational compliance (who did what, when).

Projects / workspaces

ToolPurpose
list_projectsList the account's projects (id / name / slug / archived_at).
create_projectCreate a new project. Slug must match ^[a-z][a-z0-9-]{0,31}$.
rename_projectUpdate an existing project's name / slug. Either field, or both, may be set.
delete_projectSoft-delete a project (sets archived_at). The default project cannot be deleted (returns 400).

Team members (Team plan)

ToolPurpose
list_membersLists the Team account's members — email / role (admin / member / viewer) / status / joined-at (GET /v1/memberships, removed members excluded). Read-only: invitations, role changes, and removals are permission-sensitive operations and are intentionally not exposed over MCP (use the dashboard).

Alerts

ToolPurpose
list_alertsList configured alerts and their most recent firing status.
get_alertSingle alert with rule + recent firing history.
list_alert_eventsAccount-wide firing history, newest first (filter to one alert with alertId). Each event carries a snapshot of the conditions at trigger time (thresholdValue / windowMinutes / alertType), so editing a rule later does not lose the historical context. For the next page, pass the last event's triggeredAt and id as beforeTriggeredAt + beforeId (keyset cursor; always both together).
create_alertCreate a new alert (9 types: cost, error rate, latency, anomaly detection, quality SLO (eval_score), and findings notification (guardian_findings)).
update_alertPartially update threshold, window, channels, etc. alertType is immutable.
delete_alertDelete an alert. Its fire history is deleted with it.
silence_alertMute an alert temporarily (default 24h).
unsilence_alertUnmute.
acknowledge_alertMark a specific firing event as handled (orthogonal to silence, idempotent).
test_webhookSend a test payload to a webhook URL. HTTPS-only with SSRF defense and a 5 / min rate limit.

Prompt management

ToolPurpose
list_promptsList registered prompts. Filter by label.
get_promptSingle prompt with template, variables, labels, description.
create_promptCreate a new prompt version (Pro+). name + version + template required. name + version must be unique within your account (duplicates return 409).
update_promptPartially update template / variables / labels / description (Pro+). name and version are immutable.
rename_promptChange name and version (Pro+). Useful for typo fixes.
delete_promptDelete a prompt (Pro+). ⚠ This detaches the prompt from past eval runs, so those runs lose their link to the prompt (provenance is lost). For logical sunset, prefer update_prompt to set labels to sunset.
deploy_promptDeploy a specific prompt version to a label (an environment such as production / staging) (Pro+, POST /v1/prompts/:id/deploy). If a deployment already exists, the previous version is kept aside so rollback_prompt can restore it in one click. Re-deploying the same version does not create a previous entry. Labels are scoped per prompt name (each name has its own production version).
rollback_promptRoll a label's deployed prompt back to the previous version (Pro+, POST /v1/prompts/deployments/rollback). Returns 409 if there is no previous version (first deploy only) or if the previous version has already been deleted. Calling it again swaps current and previous back, so you can toggle between the two versions.
get_deployed_promptResolve the prompt version currently deployed to an environment (name + label) (GET /v1/prompts/resolve, available on Free). The main path for an agent to fetch the "production prompt" at runtime. Returns that version's template, variables, labels, and version; 404 if nothing is deployed.
list_prompt_deploymentsList the current deployment state (GET /v1/prompts/deployments, available on Free). Each row contains promptName / label / currentVersion / canRollback / deployedAt. Filter by name / label (omit both for everything).

Eval criteria

ToolPurpose
list_eval_criteriaList global default criteria plus your account's custom criteria.
get_eval_criterionSingle criterion detail (rubric, scale, createdAt etc.).
create_eval_criterionCreate a custom criterion (Pro+). All 4 fields (name, rubric, scaleMin, scaleMax) required. Optional scope: call (default — scores each call) or trajectory (scores a whole multi-turn agent run grouped by trace_id as one unit; llm_judge type only).
update_eval_criterionFull-replace update of a custom criterion (Pro+). Global defaults are immutable.
delete_eval_criterionDelete a custom criterion (Pro+). ⚠ All scores recorded against it are deleted too, breaking historical comparison. Prefer update_eval_criterion if you only want to rename.

Eval runs

ToolPurpose
list_eval_runsList eval run history with summary (scoredCount / failedCount / mean scores).
get_eval_runSingle run detail with per (criterion × call) scores.
run_evalStart a new eval run (Pro+). Pass idempotencyKey to dedupe within 60 min.
compare_eval_runsCompare two eval runs (baseline vs candidate). Returns per-criterion mean delta, failed-count delta, and a verdict (improved / regressed / mixed / unchanged). Useful for prompt-improvement checks and regression detection.

Eval datasets

ToolPurpose
list_eval_datasetsList your account's golden datasets (GET /v1/eval-datasets). Each dataset carries a name, description, item count, and frozen state. A golden dataset is a fixed test set with expected outputs — the population run_eval_dataset runs a target model against to measure regressions.
get_eval_datasetSingle dataset detail with all items (GET /v1/eval-datasets/:id). Get datasetId from list_eval_datasets.
create_eval_datasetCreate a golden dataset (Pro+, POST /v1/eval-datasets). Pass up to 20 test cases with expected outputs in items (each input 1–4,000 chars). Max 50 datasets per account. Passing frozen: true freezes the population — items can no longer be changed and the dataset cannot be unfrozen (this pins comparability for regression verdicts).
run_eval_datasetRun a golden dataset against a target model and check for regressions (Pro+, POST /v1/eval-datasets/:id/run). Each item's input is sent to targetModel, and the output is scored against the default criteria by an LLM judge (default gpt-4o-mini, override with judgeModel) using the expected output as the reference answer. Compare runs with compare_eval_runs; records produced by a run are excluded from production cost / analytics / alert aggregation. Cost: items × criteria LLM calls. Pass idempotencyKey so retries with the same key return the existing run (prevents double billing). Target and judge models must be OpenAI models on the pricing table; unknown models return 400.
delete_eval_datasetDelete a golden dataset (Pro+, DELETE /v1/eval-datasets/:id). Its items are deleted with it; past eval runs and scores are kept.

Annotations

ToolPurpose
list_annotations_for_callList annotations attached to a single call.
list_annotations_by_labelList annotations across calls filtered by label.
get_annotationSingle annotation detail.
create_annotationAttach an annotation to a call (at least one of text, label, quality score required).
update_annotationPartially update an existing annotation. callId is immutable.
delete_annotationDelete an annotation.

Safety classification

ToolPurpose
list_safety_assessmentsList classifier assessments. With callId, returns all assessments for that call; without, returns the most recent across the account.
get_safety_assessmentSingle assessment detail (labels, score, reasoning, classifier_id, source).

LLM feature budget

ToolPurpose
get_llm_budgetReturns this month's LLM-feature budget, spent, and remaining. Use this to let an AI agent decide "did we hit 80%?".
raise_llm_budgetChange the monthly budget (Pro+, $5–$500). Auto-resets across calendar months.

Runtime control plane (budget gates)

ToolPurpose
get_budget_gateReturns the runtime budget gate configuration plus this month's LLM spend. Same source the SDK's budgetGate opt-in evaluates before each call. Distinct from get_llm_budget (which caps Argosvix's internal AI features) — this one caps your own LLM spend.
create_budget_gateCreates a runtime budget gate (Pro+). Sets an account-wide monthly LLM spend limit ($0.01–$1,000,000); the SDK blocks over-budget calls before they execute. Enforcement is optimistic: spend is cached for ~60s and in-flight calls pass, so the limit can be exceeded slightly — treat it as a guardrail, not a strict hard cap. enforceMode is fail_open (default — calls pass if the backend is unreachable) or fail_closed (calls stop too; cold start before the SDK has ever fetched the config additionally requires the SDK-side failClosed opt-in). Scope it three ways (most restrictive applicable limit wins, AND-evaluated): omit projectId/tagKey for an account-wide gate (one per account); set projectId for a per-project gate (one per project); or set tagKey+tagValue together for a per-tag gate (e.g. service=checkout, one per tag pair). projectId and tagKey are mutually exclusive. Returns 409 if a gate of the same scope already exists (use update_budget_gate instead).
update_budget_gatePartially updates a budget gate's monthlyLimitUsd / enforceMode / enabled (Pro+).
delete_budget_gateDeletes a budget gate (Pro+). Pre-flight enforcement in the SDK stops after deletion; if you only want to pause, update_budget_gate with enabled: false is safer.

Runtime control plane (policy gates)

ToolPurpose
get_policy_gateReturns the runtime policy gate configuration (model allowlist / PII block / secret block / enforceMode / enabled). The SDK's policyGate opt-in evaluates this locally before each LLM call.
create_policy_gateCreates a policy gate (Pro+). Configure a model allowlist (exact match, 1-100 entries; a leading models/ prefix is normalized before comparison), PII-detection blocking, and API-key-like token blocking; at least one rule is required. PII detection covers email, card numbers (Luhn-verified), delimiter-separated phone numbers and national IDs, IPv4, and IPv6 (full + common compressed forms); undelimited digit runs are intentionally out of scope to avoid false-positive blocking. One per account; returns 409 if one exists. Redact mode is not supported (block only).
update_policy_gatePartially updates a policy gate (Pro+). Pass modelAllowlist: null to lift the model restriction.
delete_policy_gateDeletes a policy gate (Pro+). If you only want to pause, update_policy_gate with enabled: false is safer.

Runtime control plane (human-approval gates)

ToolPurpose
request_approvalCreates a human-approval request before a dangerous operation (delete / payment / account closure, etc.) (Pro+). The account owner receives an email and approves or denies via the dashboard or the email link. No MCP tool can approve or deny — an AI agent cannot self-approve its own request. timeoutSeconds (60-86400, default 3600) elapsing marks the request expired = treated as denied.
get_approvalReturns the current state of an approval request: pending / approved / denied / expired. Anything other than approved means do not execute the gated operation (default-deny). In addition, the six dangerous mutation tools bulk_delete_calls / purge_expired_plaintext / retry_failed_webhook / auto_silence_noisy_alert / extend_customer_trial / apply_promo_code_to_customer accept an optional approvalId: the backend verifies approved status, expiry, action match, and unconsumed state, then consumes the approval at execution time (one approval = one execution). Create the approval request with action exactly matching the target tool name. Dry runs validate without consuming.
list_approvalsLists approval requests (latest 50). Status filter: pending (default) / approved / denied / expired / all.

Proposals (approval queue)

ToolPurpose
list_proposalsList unresolved improvement proposals Argosvix detected automatically (quality drift / reliability anomalies / cost switching / safety / silencing noisy alerts). Approving, dismissing, and executing happen in the dashboard inbox (agents can only view and converse).
get_proposal_threadReturn a single proposal's thread (questions asked so far and the AI's replies). Get proposalId from list_proposals (IDs start with prp_).
reply_proposalPost a question (body) about a proposal and get the AI's reply (same conversation as in the inbox). Explanation only — nothing is executed.

Event webhooks

ToolPurpose
list_webhooksList registered outbound event webhooks (GET /v1/webhooks). Each webhook includes id, url, hasSecret, enabled, eventTypes, last delivery status, and consecutive-failure count (the secret itself is never returned). This is the subscription surface that notifies external endpoints of account events (approval requests, proposal execution / reversal) via signed POSTs. Viewable on Free.
create_webhookRegister an outbound event webhook (Pro+, POST /v1/webhooks). url must be HTTPS; private / loopback hosts are rejected as SSRF defense. Optionally pass secret (HMAC-SHA256 signing key; when set, deliveries carry an X-Argosvix-Signature header) and eventTypes (array of event types to subscribe to: approval.requested / proposal.executed / proposal.reversed; omit or pass an empty array to subscribe to all). Max 10 per account. Delivery payload is { event, eventId, occurredAt, accountId, data }.
update_webhookPartially update a webhook (Pro+, PATCH /v1/webhooks/:id). Only the fields you pass change (url / secret / eventTypes / description / enabled). Passing secret: null removes signing; re-enabling with enabled: true also resets the consecutive-failure counter. webhookId is the id from list_webhooks.
delete_webhookDelete a webhook (Pro+, DELETE /v1/webhooks/:id). webhookId is the id from list_webhooks.

Resources (3 — static snapshots)

Read-only data fetched via resources/read. Host apps prefetch these into the conversation context.

URIContents
argosvix://accountPlan / quota / this-month record usage / retention snapshot (subscription details excluded).
argosvix://alerts/activeAll enabled=true alerts.
argosvix://cost/todayLast 24h cost aggregate (by provider + total).

Subscribe (stdio only)

stdio transport declares the resources.subscribe capability. Clients can subscribe to the 3 static resources; the server polls every 60s and emits notifications/resources/updated when content changes.

# subscribe → change notification → auto-refresh
client: resources/subscribe { uri: "argosvix://cost/today" }
server: {}                          # accept
... internal 60s polling cycle ...
server: notifications/resources/updated { uri: "argosvix://cost/today" }
client: resources/read { uri: "argosvix://cost/today" }   # fetch latest

Notes:

  • Subscribe is limited to the 3 URIs above; resource templates are not subscribable.
  • HTTP transport is per-request stateless and does not advertise subscribe. resources/subscribe requests get -32601 Method not found.
  • notifications/resources/list_changed is not supported (resource list is fixed for the lifetime of the server).
  • On shutdown / disconnect, the polling timer stops and the subscription set clears (handlers for SIGINT / SIGTERM / beforeExit are registered).

Resource templates (8 — URI parameterized)

Substitute {id} with an id from query_calls, list_alerts, etc., then call resources/read.

URI templateContents
argosvix://calls/{id}Single call record (from query_calls.records[].id).
argosvix://alerts/{id}Single alert config + last 20 firing events (channelTargets stripped).
argosvix://traces/{id}Full spans for a single trace (capped at 50, original count carried in meta; errorDetails / requestMeta stripped).
argosvix://annotations/{id}Single annotation detail.
argosvix://eval-criteria/{id}Single eval criterion detail.
argosvix://eval-runs/{id}Single eval run with per-criterion scores.
argosvix://safety-assessments/{id}Single safety assessment detail.
argosvix://prompts/{id}Single prompt detail.

For all resource template reads, fields surfaced to the LLM context are explicitly allow-listed (structural defense against prompt injection and internal-implementation leaks).


Prompts (3 — templated messages)

Fetched via prompts/get. Users typically invoke as slash commands.

NamePurpose
cost_reviewAnalyze cost trends over 24h / 7d / 30d and flag anomalies (sudden spikes, single-model dominance, unexpected models).
alert_auditAudit current alert rules, checking plan / threshold / channel appropriateness.
incident_triageInvestigate error / latency anomalies in the last N hours and infer root cause (hours optional, default 24).

Plan limits

ItemFreeProTeam
MCP server connectivity
Read tools
Write tools (prompt, eval, budget, etc.)partial
Monthly MCP requests1,000 / mo10,000 / mo10,000 / mo per seat

Team plan is in beta. See Pricing for details.


Debug logging

By default, raw backend error bodies are not logged to stderr. Opt-in explicitly for debugging:

ARGOSVIX_MCP_DEBUG=1 argosvix-mcp           # stdio
ARGOSVIX_MCP_DEBUG=1 argosvix-mcp --http    # HTTP

Without the env var, only path / status / x-request-id are logged. This keeps backend-side sensitive info out of production log aggregators by default.



Support

hello@argosvix.com

Last updated: 2026-07-09