5.8 KiB
Sentry MCP Configuration Guide
This guide explains how to enable the Sentry MCP server for Claude Code, Cursor, and other MCP-compatible clients so you can query Sentry issues, events, and stack traces from your agent without leaving the IDE.
Setup
The Sentry server is wired into .agents/mcp.json and uses a User Auth Token loaded from .env.local — same pattern as the GitHub, Jira, and Slack MCPs in this repo.
"Sentry": {
"command": "npx",
"args": ["-y", "@sentry/mcp-server@latest"],
"envFile": "${workspaceFolder}/.env.local"
}
Step 1: Create a Sentry User Auth Token
- Go to https://sentry.io/settings/account/api/auth-tokens/.
- Click Create New Token, name it something recognizable (e.g.,
opik-mcp-local). - Select these least-privilege scopes:
org:readproject:readteam:readevent:write(required by some MCP calls; does not allow event deletion)
- Add
project:writeandteam:writeonly if you want write actions (resolve issues, comment, assign). Read-only is recommended. - Create Token and copy the value.
Step 2: Add the token to .env.local
If you don't have .env.local yet, copy .env.template:
cp .env.template .env.local
Then set the value:
SENTRY_ACCESS_TOKEN=your-user-auth-token-here
.env.local is gitignored — do not commit it.
Step 3: Generate the Claude config
make claude
This regenerates .claude/ and .mcp.json. The convert script reads .env.local and inlines values into the Sentry block of .mcp.json (same as the Jira MCP). Verify:
jq '.mcpServers.Sentry.env | has("SENTRY_ACCESS_TOKEN")' .mcp.json
# → true
If you rotate the token later, update .env.local and re-run make claude.
Step 4: Restart your MCP client
Restart Claude Code (or Cursor, etc.) so it loads the new MCP server.
Step 5: Verify
Ask the agent something like:
List recent Sentry issues for opik-python-sdk in the comet-or org.
You should see it call a Sentry tool and return results.
Tools Exposed
The official Sentry MCP exposes (non-exhaustive):
- Read:
find_organizations,find_projects,find_releases,find_teams,get_sentry_resource,get_issue_tag_values,get_replay_details,whoami - Write (only with
*:writescopes):update_issue(resolve / assign / ignore)
Avoid the NL-Backed Search Tools
The Sentry MCP exposes three "search" tools — search_issues, search_events, search_issue_events — and one analysis tool, analyze_issue_with_seer. All of them route through Sentry's own OpenAI account for natural-language → Sentry query translation, and that account is frequently rate-limited (You exceeded your current quota). Treat them as best-effort; do not build workflows around them.
Direct, non-LLM tools that always work:
get_sentry_resource, get_issue_tag_values, find_organizations, find_projects, find_releases, find_teams, whoami, update_issue.
When you need to enumerate events inside an issue (the direct tools fetch a single resource but cannot paginate events), call Sentry's REST API directly using the same SENTRY_ACCESS_TOKEN. The /analyze-sentry-issue slash command (defined in ../commands/comet/analyze-sentry-issue.md) drives this — paginates /api/0/issues/<id>/events/ and aggregates by exception message, tags, and users.
Self-Hosted Sentry
If you point at a self-hosted Sentry, add SENTRY_HOST=sentry.example.com (no scheme) to .env.local. For plain-HTTP self-hosted deployments, append --insecure-http to the args array in .agents/mcp.json.
Alternative: OAuth / Remote Server (no token)
If you don't want to manage a personal token, you can run the official remote MCP via OAuth instead. Replace the Sentry block in .agents/mcp.json with:
"Sentry": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://mcp.sentry.dev/mcp"],
"env": {}
}
Then make claude + restart your MCP client. The first Sentry tool call opens a browser for OAuth. Tokens are cached at ~/.mcp-auth/. Note: this path won't help the /analyze-sentry-issue slash command, which still needs SENTRY_ACCESS_TOKEN in .env.local.
Security Notes
.agents/mcp.jsonis committed. Never put a token in it directly — always go through.env.localviaenvFile..mcp.jsonis gitignored (generated bymake claude), but treat it as if it weren't — re-runningmake claudeafter editing.env.localis the only supported way to update it.- The token inherits your existing Sentry permissions; the MCP cannot escalate access.
Troubleshooting
SENTRY_ACCESS_TOKEN missing from .mcp.json after make claude
jq '.mcpServers.Sentry.env | has("SENTRY_ACCESS_TOKEN")' .mcp.json
If false: confirm .env.local has the line SENTRY_ACCESS_TOKEN=... (no surrounding quotes, no leading whitespace) and re-run make claude.
"Server not found" after make claude
Confirm both files are in sync:
jq '.mcpServers | keys' .agents/mcp.json
jq '.mcpServers | keys' .mcp.json
Restart Claude Code after make claude — it only loads MCP servers at startup.
401 / authentication errors
- Verify the token is current and has the scopes from Step 1.
- Make sure no whitespace was copied with the value.
- Re-run
make claudeafter editing.env.local.
Token cached for the wrong org (OAuth alternative only)
rm -rf ~/.mcp-auth
Then trigger a Sentry tool call again to start a fresh OAuth flow.