This guide explains how to set up Claude Code for automated StackRox CI failure investigation and triage.
To enable automated CI triage capabilities, you need to configure the following MCP (Model Context Protocol) servers in Claude Code:
-
Prow MCP Example MCPs configuration template:
-
Install gopls https://go.dev/gopls/#installation
-
Generate
JIRA_PERSONAL_TOKENhere https://issues.redhat.com/secure/ViewProfile.jspa?selectedTab=com.atlassian.pats.pats-plugin:jira-user-personal-access-tokens -
Generate
CONFLUENCE_PERSONAL_TOKENhere https://spaces.redhat.com/plugins/personalaccesstokens/usertokens.action -
Generate
GITHUB_TOKENfolowing this instructions https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens -
Export the above as environment variables before launching
claude -
Remember to pin image version using a content digest
-
Follow instructions to configure Claude code or Cursor (note: cursor have a different syntax for env resolution)
{
"mcpServers": {
"mcp-atlassian": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e",
"CONFLUENCE_URL",
"-e",
"CONFLUENCE_PERSONAL_TOKEN",
"-e",
"JIRA_URL",
"-e",
"JIRA_PERSONAL_TOKEN",
"ghcr.io/sooperset/mcp-atlassian@sha256:<Use desired version SHA>"
],
"env": {
"CONFLUENCE_URL": "https://spaces.redhat.com/",
"CONFLUENCE_PERSONAL_TOKEN": "${CONFLUENCE_PERSONAL_TOKEN}",
"JIRA_URL": "https://issues.redhat.com",
"JIRA_PERSONAL_TOKEN": "${JIRA_PERSONAL_TOKEN}"
}
},
"github": {
"type": "http",
"url": "https://api.githubcopilot.com/mcp/",
"headers": {
"Authorization": "Bearer ${GITHUB_TOKEN}"
}
},
"gopls-mcp": {
"command": "gopls",
"args": ["mcp"]
}
}
}The stackrox-ci-failure-investigator agent is automatically configured in .claude/agents/ and provides:
- Automated JIRA issue analysis - Fetches ROX-XXXXX issues and analyzes comments for build IDs
- Prow build log retrieval - Downloads CI artifacts and logs for failure analysis
- Root cause investigation - Correlates test failures with service logs and source code
- Team assignment - Routes issues to appropriate teams based on failure patterns
Run: /mcp.
In case of problems, try /doctor.
You can use the /triage command for automated CI failure investigation:
/triage ROX-12345
This command automatically triggers the stackrox-ci-failure-investigator agent to:
- Fetch the JIRA issue details
- Analyze comments for build IDs and failure information
- Download relevant CI artifacts and logs
- Perform comprehensive root cause analysis
- Provide team assignment recommendations
- Suggest permanent fixes
You can also trigger automated triage by providing one of the following as a claude code prompt:
- JIRA issue keys:
ROX-28636,ROX-30813 - Prow build IDs:
1963388448995807232 - Error logs or stack traces directly
- CI failure URLs from GitHub or Prow
- Downloads complete CI artifacts using
gsutil - Analyzes service logs (central, scanner, sensor, admission-control)
- Correlates test timestamps with failure events
- Searches source code for error origins
- Identifies flaky tests vs new failures
If MCP tools are unavailable, the agent provides manual investigation guidance using:
- Direct JIRA dashboard access
gsutilcommands for artifact download- Log analysis patterns and team assignment rules
For comprehensive triage procedures and ProdSec JIRA resolution, see: