Add MCP server support to Graylog (#23462)

* initial, manual, mcp server support

* suppress audit events for testing and add changelog

* made Tool pluggable

the mcp service now uses a tool map (name to instance) to declare and call tools

the implemenation of list_streams should be replaced with resources (currently stubbed but not implemented)
basic support for json schema declaration is available but untested

* add missing license header

* add resources and generate jsonschema from input parameters

* add missing license headers

* fix: replace Nullable annotation import

* check MCP-Protocol-Version header

* fix: resources/read method implementation

* add dashboard and eventdefinitions as resources

* fix: wrong logic in MCP-Protocol-Version check

* WIP: resources-as-tools

* fix: use the right access modifier for params

* chore: specify locale

* feat(ListResourceTool): add support for pagination

* update list_resource tool description

* add systeminfo tool

* chore(ListStreamsTool): use the same format as overlord

* add list_inputs tool

* add list_indices tool

* use the same formats as overlord

* add list_index_sets tool

* add search tool

* add missing Locale

* fix: use IndexSetResponse instead of IndexSetSummary

* support prompts/list to make claude happy, it calls it even though we don't advertise supporting it. add some logging

* add prompt support and mcp proxy to use with claude desktop

* add getUser method to permission helper

* add markdown builder

* support for structured content responses

* remove unnecessary test

* fix missing license headers

* remove unused helper method

* support listing resource templates

* add kv md item from builder-like objects

* emit audit events for mcp protocol messages

* add audit events to remaining mcp protocol handlers

* revise MarkdownBuilder

* added role and permission for MCP access

users now need to have the mcp_server:access permission to be able to access the mcp endpoint
all other permission checks remain as always, this is just to selectively allow access to mcp in graylog

renamed McpResource to McpRestResource as the name was a bit ambiguous

* cannot have a public constant, make it private and add comment

* pull up PermissionHelper and hand it the current user instead of reloading it everywhere

added better exception handling to produce the correct audit event

* add test for McpService

* add SystemInfoFormattedTool for output formatting comparisons

* add MarkdownBuilderTest

* Add MCP configuration panel and storage

* remove exception from signatures

* hook up cluster config to allow disabling MCP access entirely

add minimal test (injection is a pain unfortunately)
fix in memory cluster config service to work with AutoValue classes

* Remove disclaimers

* Remove unused import

* add jakarta jsonschema module and include default values in tool schema

* include searchuser from resource context and migrate search tool to scripting api

* convert to junit5

* simplify test, for some unknown reason the injector fails on CI

* remove unused subject in scripting api signatures, add field list to tool, refactor to fit test

* add aggregate_messages tool

* adjust jsonschema generator to avoid creating () suffix for field-derived properties

* add list_fields tool

* add response trace log for debugging purposes

* make schema generators customizable from plugins

* Add tool for getting current time

* honor @jsonvalue annotations

some enums have a value annotation to serialize as lower-case
not looking at this when creating the output schema leads to validation failures with strict clients

fix #23880

* remove static prompt, we don't have a good mechanism to ship these for now

* fix prompt call tests

* add permission checks to ResourceProviders, also used by the corresponding tools for resources

* fix inverted permission check

* move permission check to viewService call

* lower log levels and remove mcp library logger config

* remove mcp proxy implementation, there are better prebuilt versions out there

* move mcp related dependencies into top level pom

* address review comments for mcp rest resource

* replace NotFoundException in resources with Optional return value, adapt call sites and tests

* address review comments, remove hardcoded product name, remove commented code

* Set enable_remote_access to false by default

* Switch log statement in McpService to DEBUG

* Remove traces of org.graylog2.database.NotFoundException

Especially from the ResourceProvider interface Javadoc.

* Remove product name from DashboardResourceProvider

* Use content-type constants in McpRestResource

* Use CustomizationConfig#productName instead of hardcoding "Graylog"

* Inject GRNRegistry instead of using a static creator

Otherwise, we will miss some types from plugins.

* Cleanup variable definition in McpService

* Remove commented code from PaginatedList

* More product name removal

* Remove product name from and cleanup ListIndexSetsTool

* Add missing permission check to and cleanup ListIndicesTool

* Fix whitespace in output

* Remove product name and mention of pagination

* Remove product name and commented code from ListStreamsTool

* Fix warnings in PermissionHelper

* Remove product name from ReadResourceTool

* simplify tool, pagination isn't supported, so we take it out. use explicit return records instead of paginated list of lists

* Remove product name from SearchMessagesTool and document limit parameter

* Use customized product name instead of hardcoded "Graylog"

Bind SystemInfoFormattedTool.

* remove paginatedlist, we can't reasonably support pagination right now

* Get cluster ID from ServerStatus

* Return a result if tool call failed in McpService

* Adjust McpConfig.tsx

- Remove telemetry comment as we apparently don't need it
- Use "MCP Server" for clarification
- Remove obsolete permission comment

* Re-add customized product name to doc strings

* Fix McpServiceTest

* be extra cautious and add markdown escaping in case this ever gets presented with user input

* Fix string format argument in McpService to return error message

* Add Javadoc to CurrentTimeTool

---------

Co-authored-by: Ramon Marquez <[email protected]>
Co-authored-by: robfromboulder <[email protected]>
Co-authored-by: Bernd Ahlers <[email protected]>
Co-authored-by: Bernd Ahlers <[email protected]>

Author: 4 people

changelog/unreleased/pr-23462.toml

@@ -0,0 +1,5 @@
+type = "a"
+message = 'Added MCP server to Graylog'
+
+issues = []
+pulls = ["23462"]

graylog2-server/pom.xml

@@ -797,6 +797,22 @@
             <groupId>io.grpc</groupId>
             <artifactId>grpc-services</artifactId>
         </dependency>
+        <dependency>
+            <groupId>io.modelcontextprotocol.sdk</groupId>
+            <artifactId>mcp</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.github.victools</groupId>
+            <artifactId>jsonschema-generator</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.github.victools</groupId>
+            <artifactId>jsonschema-module-jackson</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.github.victools</groupId>
+            <artifactId>jsonschema-module-jakarta-validation</artifactId>
+        </dependency>
 
         <!-- our basic test libraries, please only add infrastructure dependencies here -->
         <dependency>

graylog2-server/src/main/java/org/graylog/jsonschema/EmptyObjectAsObjectModule.java

@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2020 Graylog, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the Server Side Public License, version 1,
+ * as published by MongoDB, Inc.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * Server Side Public License for more details.
+ *
+ * You should have received a copy of the Server Side Public License
+ * along with this program. If not, see
+ * <http://www.mongodb.com/licensing/server-side-public-license>.
+ */
+package org.graylog.jsonschema;
+
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.github.victools.jsonschema.generator.Module;
+import com.github.victools.jsonschema.generator.SchemaGenerationContext;
+import com.github.victools.jsonschema.generator.SchemaGeneratorConfigBuilder;
+import com.github.victools.jsonschema.generator.SchemaKeyword;
+import com.github.victools.jsonschema.generator.TypeAttributeOverrideV2;
+import com.github.victools.jsonschema.generator.TypeScope;
+
+/**
+ * Ensures that “empty” parameter classes yield:
+ * {
+ *   "type": "object",
+ *   "properties": {}
+ * }
+ * instead of bare {} – which is non-compliant with the expected inputSchema/outputSchema according to
+ * the <a href="https://modelcontextprotocol.io/specification/2025-06-18/schema#tool">2025-06-18 MCP Tool schema</a>
+ */
+public final class EmptyObjectAsObjectModule implements Module {
+
+    @Override
+    public void applyToConfigBuilder(SchemaGeneratorConfigBuilder builder) {
+        builder.forTypesInGeneral().withTypeAttributeOverride(new ForceObjectTypeIfEmpty());
+    }
+
+    private static final class ForceObjectTypeIfEmpty implements TypeAttributeOverrideV2 {
+        @Override
+        public void overrideTypeAttributes(ObjectNode schemaNode, TypeScope scope, SchemaGenerationContext context) {
+            // If the generator didn’t decide on a type (and it’s not a $ref),
+            // declare an object with an empty properties object.
+            final String type = context.getKeyword(SchemaKeyword.TAG_TYPE);
+            final String ref  = context.getKeyword(SchemaKeyword.TAG_REF);
+            final String props = context.getKeyword(SchemaKeyword.TAG_PROPERTIES);
+
+            if (!schemaNode.has(type) && !schemaNode.has(ref)) {
+                schemaNode.put(type, "object");
+                // create {} only if missing; won’t harm if later properties are added
+                if (!schemaNode.has(props)) {
+                    schemaNode.putObject(props);
+                }
+            }
+        }
+    }
+}

graylog2-server/src/main/java/org/graylog/mcp/config/McpConfiguration.java

@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2020 Graylog, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the Server Side Public License, version 1,
+ * as published by MongoDB, Inc.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * Server Side Public License for more details.
+ *
+ * You should have received a copy of the Server Side Public License
+ * along with this program. If not, see
+ * <http://www.mongodb.com/licensing/server-side-public-license>.
+ */
+package org.graylog.mcp.config;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.google.auto.value.AutoValue;
+
+@JsonAutoDetect
+@AutoValue
+public abstract class McpConfiguration {
+    public static final McpConfiguration DEFAULT_VALUES = create(false);
+
+    @JsonProperty("enable_remote_access")
+    public abstract boolean enableRemoteAccess();
+
+    @JsonCreator
+    public static McpConfiguration create(@JsonProperty("enable_remote_access") boolean enableRemoteAccess) {
+        return new AutoValue_McpConfiguration(enableRemoteAccess);
+    }
+}

graylog2-server/src/main/java/org/graylog/mcp/resources/DashboardResourceProvider.java

@@ -0,0 +1,114 @@
+/*
+ * Copyright (C) 2020 Graylog, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the Server Side Public License, version 1,
+ * as published by MongoDB, Inc.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * Server Side Public License for more details.
+ *
+ * You should have received a copy of the Server Side Public License
+ * along with this program. If not, see
+ * <http://www.mongodb.com/licensing/server-side-public-license>.
+ */
+package org.graylog.mcp.resources;
+
+import io.modelcontextprotocol.spec.McpSchema;
+import jakarta.inject.Inject;
+import jakarta.ws.rs.core.MediaType;
+import org.glassfish.jersey.uri.UriTemplate;
+import org.graylog.grn.GRN;
+import org.graylog.grn.GRNRegistry;
+import org.graylog.grn.GRNType;
+import org.graylog.grn.GRNTypes;
+import org.graylog.mcp.server.ResourceProvider;
+import org.graylog.mcp.tools.PermissionHelper;
+import org.graylog.plugins.views.search.views.ViewDTO;
+import org.graylog.plugins.views.search.views.ViewService;
+import org.graylog2.rest.models.SortOrder;
+import org.graylog2.search.SearchQuery;
+import org.graylog2.web.customization.CustomizationConfig;
+
+import java.net.URI;
+import java.util.List;
+import java.util.Optional;
+import java.util.stream.Stream;
+
+import static org.graylog2.shared.utilities.StringUtils.f;
+
+public class DashboardResourceProvider extends ResourceProvider {
+    public static final GRNType GRN_TYPE = GRNTypes.DASHBOARD;
+    private static final String GRN_TEMPLATE = GRN_TYPE.toGRN("{dashboard_id}").toString();
+
+    private final ViewService viewService;
+    private final GRNRegistry grnRegistry;
+    private final String productName;
+
+    @Inject
+    public DashboardResourceProvider(ViewService viewService,
+                                     CustomizationConfig customizationConfig,
+                                     GRNRegistry grnRegistry) {
+        this.viewService = viewService;
+        this.grnRegistry = grnRegistry;
+        this.productName = customizationConfig.productName();
+    }
+
+    @Override
+    public Template resourceTemplate() {
+        return new Template(
+                new UriTemplate(GRN_TEMPLATE),
+                "Dashboards",
+                "Dashboards",
+                f("Access dashboards in this %s cluster", productName),
+                MediaType.APPLICATION_JSON
+        );
+    }
+
+    @Override
+    public Optional<McpSchema.Resource> read(final PermissionHelper permissionHelper, URI uri) {
+        final GRN grn = grnRegistry.parse(uri.toString());
+        if (!grn.isType(GRNTypes.DASHBOARD)) {
+            throw new IllegalArgumentException("Invalid GRN URI, expected a Dashboard GRN: " + uri);
+        }
+        final Optional<ViewDTO> viewDTO = viewService.get(grn.entity());
+        if (viewDTO.isEmpty()) {
+            return Optional.empty();
+        }
+        final var dashboard = viewDTO.get();
+        if (!permissionHelper.getSearchUser().canReadView(dashboard)) {
+            return Optional.empty();
+        }
+        return Optional.of(McpSchema.Resource.builder()
+                .name(dashboard.title())
+                .description(dashboard.description())
+                .uri(grn.toString())
+                .build());
+    }
+
+    @Override
+    public List<McpSchema.Resource> list(final PermissionHelper permissionHelper) {
+        final Stream<ViewDTO> resultStream = viewService.searchPaginatedByType(
+                ViewDTO.Type.DASHBOARD,
+                new SearchQuery(""),
+                dashboard -> permissionHelper.getSearchUser().canReadView(dashboard),
+                SortOrder.ASCENDING, ViewDTO.FIELD_ID, 1, 0).stream();
+
+        try (resultStream) {
+            return resultStream
+                    .map(dashboard -> new McpSchema.Resource(
+                            GRN_TYPE.toGRN(dashboard.id()).toString(),
+                            dashboard.title(),
+                            dashboard.title(),
+                            dashboard.description(),
+                            null,
+                            null,
+                            null,
+                            null))
+                    .toList();
+        }
+    }
+
+}

graylog2-server/src/main/java/org/graylog/mcp/resources/EventDefinitionResourceProvider.java

@@ -0,0 +1,108 @@
+/*
+ * Copyright (C) 2020 Graylog, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the Server Side Public License, version 1,
+ * as published by MongoDB, Inc.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * Server Side Public License for more details.
+ *
+ * You should have received a copy of the Server Side Public License
+ * along with this program. If not, see
+ * <http://www.mongodb.com/licensing/server-side-public-license>.
+ */
+package org.graylog.mcp.resources;
+
+import io.modelcontextprotocol.spec.McpSchema;
+import jakarta.inject.Inject;
+import jakarta.ws.rs.core.MediaType;
+import org.glassfish.jersey.uri.UriTemplate;
+import org.graylog.events.processor.DBEventDefinitionService;
+import org.graylog.events.processor.EventDefinitionDto;
+import org.graylog.grn.GRN;
+import org.graylog.grn.GRNRegistry;
+import org.graylog.grn.GRNType;
+import org.graylog.grn.GRNTypes;
+import org.graylog.mcp.server.ResourceProvider;
+import org.graylog.mcp.tools.PermissionHelper;
+import org.graylog2.shared.security.RestPermissions;
+import org.graylog2.web.customization.CustomizationConfig;
+
+import java.net.URI;
+import java.util.List;
+import java.util.Optional;
+
+import static org.graylog2.shared.utilities.StringUtils.f;
+
+public class EventDefinitionResourceProvider extends ResourceProvider {
+    public static final GRNType GRN_TYPE = GRNTypes.EVENT_DEFINITION;
+    private static final String GRN_TEMPLATE = GRN_TYPE.toGRN("{event_definition_id}").toString();
+
+    private final DBEventDefinitionService eventDefinitionService;
+    private final GRNRegistry grnRegistry;
+    private final String productName;
+
+    @Inject
+    public EventDefinitionResourceProvider(DBEventDefinitionService eventDefinitionService,
+                                           CustomizationConfig customizationConfig,
+                                           GRNRegistry grnRegistry) {
+        this.eventDefinitionService = eventDefinitionService;
+        this.grnRegistry = grnRegistry;
+        this.productName = customizationConfig.productName();
+    }
+
+    @Override
+    public Template resourceTemplate() {
+        return new Template(
+                new UriTemplate(GRN_TEMPLATE),
+                "EventDefinition",
+                "EventDefinition",
+                f("Access Event Definitions in this %s cluster", productName),
+                MediaType.APPLICATION_JSON
+        );
+    }
+
+    @Override
+    public Optional<McpSchema.Resource> read(final PermissionHelper permissionHelper, URI uri) {
+        final GRN grn = grnRegistry.parse(uri.toString());
+        if (!grn.isType(GRNTypes.EVENT_DEFINITION)) {
+            throw new IllegalArgumentException("Invalid GRN URI, expected an Event Definition GRN: " + uri);
+        }
+        if (!permissionHelper.isPermitted(RestPermissions.EVENT_DEFINITIONS_READ, grn.entity())) {
+            return Optional.empty();
+        }
+        final Optional<EventDefinitionDto> definitionDto = eventDefinitionService.get(grn.entity());
+        if (definitionDto.isEmpty()) {
+            return Optional.empty();
+        }
+        final var eventDefinition = definitionDto.get();
+        return Optional.of(McpSchema.Resource.builder()
+                .name(eventDefinition.title())
+                .description(eventDefinition.description())
+                .uri(grn.toString())
+                .build());
+    }
+
+    @Override
+    public List<McpSchema.Resource> list(final PermissionHelper permissionHelper) {
+        try (var dtos = eventDefinitionService.streamAll()) {
+            return dtos
+                    .filter(eventDefinition -> permissionHelper.isPermitted(RestPermissions.EVENT_DEFINITIONS_READ,
+                            eventDefinition.id()))
+                    .map(eventDefinition -> new McpSchema.Resource(
+                            GRN_TYPE.toGRN(eventDefinition.id()).toString(),
+                            eventDefinition.title(),
+                            eventDefinition.title(),
+                            eventDefinition.description(),
+                            null,
+                            null,
+                            null,
+                            null))
+                    .toList();
+        }
+    }
+
+}