Official New Relic AI MCP Server for connecting Claude, Codex, VS Code, Windsurf, Gemini CLI, and other MCP clients to New Relic observability data, NRQL, alerts, incidents, entities, logs, performance analysis, and deployment impact context.
New Relic documents the MCP Server as a preview feature. Re-check the official overview, setup guide, and tool reference before relying on a remembered endpoint, role requirement, authentication flow, tool tag, or tool name., New Relic warns that using AI tools with its MCP servers means the AI can take action on the user's behalf. Use a least-privilege New Relic account and keep assistant work read-only unless a human has explicitly approved the operation., Tool calls are governed by the permissions of the configured New Relic user API key or OAuth profile. RBAC failures are safer than over-broad access; do not use admin-like credentials just to make the assistant easier to use., The tool reference includes NRQL execution, natural-language-to-NRQL, alert and incident queries, entity discovery, dashboard access, logs, and deployment impact analysis. Treat generated queries and summaries as drafts until an operator checks the account, time window, filters, and service., Use `include-tags` to reduce the tool corpus when the task is narrow. For example, an alert triage session may only need `discovery,alerting` rather than every data-access, incident-response, performance, and advanced analysis tool., Do not commit API keys, OAuth tokens, `mcp.json`, Claude Desktop configs, Codex configs, or copied New Relic headers that contain real credentials.
Privacy notes
Tool results can expose New Relic account IDs, entity GUIDs, dashboard names, alert policy details, issue and incident state, NRQL query text, NRDB results, logs, error groups, change events, deployment markers, service names, tags, thread metrics, Kafka metrics, and other production observability data., Natural-language prompts can be converted into NRQL and executed against New Relic data. Review prompts, generated queries, and query results before pasting them into tickets, chat systems, public issues, or vendor support threads., Claude, Codex, IDE transcripts, MCP client logs, screenshots, exported incident reports, and shell history may retain New Relic-derived context outside New Relic's normal access controls., OAuth tokens and user API keys connect the assistant to a real New Relic identity. Rotate exposed keys, remove stale client configs, and audit account membership when a project or teammate no longer needs access.
Author
New Relic
Submitted by
oktofeesh1
Claim status
unclaimed
Last verified
2026-06-04
Decision playbook
Review trust signals before you adopt
Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.
Compare context
Selected
0
Current score
78
Baseline
—
Delta
No baseline selected
No major trust-signal divergence detected in the current selection.
Source and provenance checks
Complete
Confirm ownership and provenance before trusting install instructions.
Source link availableRequired
Open the canonical repository and verify ownership.
Done
Source provenance statusRequired
Marked as source-backed.
Done
Metadata reviewed
Registry metadata indicates a reviewed listing.
Done
Safety and privacy checks
Complete
Validate risk disclosures before installation or API wiring.
Safety notes presentRequired
Review the listed safety guidance before running commands.
Done
Privacy notes presentRequired
Review data handling notes before connecting accounts or secrets.
Done
Trust level risk gateRequired
Trust level does not block evaluation.
Done
Package and install checks
Needs review
Check package metadata and artifact integrity signals.
Install payload available
Install or copy payload is available for review.
Done
Package verification flag
No package verification flag provided.
Pending
Checksum metadata
No checksum provided for downloaded artifact.
Pending
Compare-driven decision checks
Needs review
Use compare context to validate trade-offs before adoption.
Compare tray has multiple entries
Add at least one more entry to compare trust differences.
6 safety and 4 privacy notes across 5 risk areas. Review closely: credentials & tokens, permissions & scopes, third-party handling.
5 areas
SafetyPermissions & scopesNew Relic documents the MCP Server as a preview feature. Re-check the official overview, setup guide, and tool reference before relying on a remembered endpoint, role requirement, authentication flow, tool tag, or tool name.
SafetyGeneralNew Relic warns that using AI tools with its MCP servers means the AI can take action on the user's behalf. Use a least-privilege New Relic account and keep assistant work read-only unless a human has explicitly approved the operation.
SafetyCredentials & tokensTool calls are governed by the permissions of the configured New Relic user API key or OAuth profile. RBAC failures are safer than over-broad access; do not use admin-like credentials just to make the assistant easier to use.
SafetyData retentionThe tool reference includes NRQL execution, natural-language-to-NRQL, alert and incident queries, entity discovery, dashboard access, logs, and deployment impact analysis. Treat generated queries and summaries as drafts until an operator checks the account, time window, filters, and service.
SafetyCredentials & tokensUse `include-tags` to reduce the tool corpus when the task is narrow. For example, an alert triage session may only need `discovery,alerting` rather than every data-access, incident-response, performance, and advanced analysis tool.
SafetyCredentials & tokensDo not commit API keys, OAuth tokens, `mcp.json`, Claude Desktop configs, Codex configs, or copied New Relic headers that contain real credentials.
PrivacyData retentionTool results can expose New Relic account IDs, entity GUIDs, dashboard names, alert policy details, issue and incident state, NRQL query text, NRDB results, logs, error groups, change events, deployment markers, service names, tags, thread metrics, Kafka metrics, and other production observability data.
PrivacyThird-party handlingNatural-language prompts can be converted into NRQL and executed against New Relic data. Review prompts, generated queries, and query results before pasting them into tickets, chat systems, public issues, or vendor support threads.
PrivacyPermissions & scopesClaude, Codex, IDE transcripts, MCP client logs, screenshots, exported incident reports, and shell history may retain New Relic-derived context outside New Relic's normal access controls.
PrivacyCredentials & tokensOAuth tokens and user API keys connect the assistant to a real New Relic identity. Rotate exposed keys, remove stale client configs, and audit account membership when a project or teammate no longer needs access.
Safety notes
New Relic documents the MCP Server as a preview feature. Re-check the official overview, setup guide, and tool reference before relying on a remembered endpoint, role requirement, authentication flow, tool tag, or tool name.
New Relic warns that using AI tools with its MCP servers means the AI can take action on the user's behalf. Use a least-privilege New Relic account and keep assistant work read-only unless a human has explicitly approved the operation.
Tool calls are governed by the permissions of the configured New Relic user API key or OAuth profile. RBAC failures are safer than over-broad access; do not use admin-like credentials just to make the assistant easier to use.
The tool reference includes NRQL execution, natural-language-to-NRQL, alert and incident queries, entity discovery, dashboard access, logs, and deployment impact analysis. Treat generated queries and summaries as drafts until an operator checks the account, time window, filters, and service.
Use `include-tags` to reduce the tool corpus when the task is narrow. For example, an alert triage session may only need `discovery,alerting` rather than every data-access, incident-response, performance, and advanced analysis tool.
Do not commit API keys, OAuth tokens, `mcp.json`, Claude Desktop configs, Codex configs, or copied New Relic headers that contain real credentials.
Privacy notes
Tool results can expose New Relic account IDs, entity GUIDs, dashboard names, alert policy details, issue and incident state, NRQL query text, NRDB results, logs, error groups, change events, deployment markers, service names, tags, thread metrics, Kafka metrics, and other production observability data.
Natural-language prompts can be converted into NRQL and executed against New Relic data. Review prompts, generated queries, and query results before pasting them into tickets, chat systems, public issues, or vendor support threads.
Claude, Codex, IDE transcripts, MCP client logs, screenshots, exported incident reports, and shell history may retain New Relic-derived context outside New Relic's normal access controls.
OAuth tokens and user API keys connect the assistant to a real New Relic identity. Rotate exposed keys, remove stale client configs, and audit account membership when a project or teammate no longer needs access.
Prerequisites
New Relic account with API access and the New Relic AI MCP Server public preview enabled.
New Relic group membership with an organizational role documented for MCP access, such as Organization Read Only, Organization Manager, or Organization Product Admin.
OAuth authentication, or a New Relic user API key approved for the target account and stored outside committed project files.
MCP-capable client such as Claude Code, Claude Desktop, Codex CLI, VS Code, Windsurf, Gemini CLI, or another compatible environment.
Decision on which accounts, entities, alert policies, dashboards, logs, NRQL queries, and incident data the assistant is allowed to inspect.
Tool-scope plan using `include-tags` when the task only needs discovery, data-access, alerting, incident-response, performance-analytics, or advanced-analysis tools.
New Relic MCP Server is New Relic's official Model Context Protocol bridge for
giving AI development tools controlled access to New Relic observability
context. It is useful when Claude, Codex, VS Code, Windsurf, Gemini CLI, or
another MCP-capable client needs to inspect live telemetry, alerts, incidents,
entities, dashboards, logs, or NRQL-backed analysis during debugging and
operations work.
The fit is strongest for read-only investigation: entity discovery, alert
triage, recent issue review, performance analysis, deployment impact review,
and natural-language queries over New Relic data. Keep permissions narrow, use
include-tags to limit the available tool categories, and require a human to
review any query, report, or operational conclusion before it changes an
incident response plan.
Features
Official New Relic AI MCP Server documented by New Relic.
Public preview setup flow with prerequisites, organizational role
requirements, and preview enablement in New Relic.
Remote HTTP endpoint at https://mcp.newrelic.com/mcp/.
OAuth and user API key authentication options.
Claude Code setup with OAuth or API key authentication.
Codex CLI setup with OAuth command-line registration or config-based API key
headers.
Claude Desktop setup through mcp-remote when OAuth is needed.
VS Code workspace setup through .vscode/mcp.json.
Tool filtering with the include-tags HTTP header.
Tool categories for discovery, data access, alerting, incident response,
performance analytics, and advanced analysis.
New Relic RBAC enforcement based on the configured user API key or OAuth
profile.
Use Cases
Ask Claude to list available New Relic accounts, entities, dashboards, and
related entities before an incident review.
Pull recent alerts, open issues, alert policies, and synthetic monitor
context for a service without leaving the coding assistant session.
Convert a plain-English performance question into an NRQL-backed analysis,
then have an operator review the query and result before acting on it.
Analyze recent logs, golden metrics, transactions, Kafka metrics, garbage
collection metrics, or thread metrics while debugging an application issue.
Review deployment impact and change events for an affected New Relic entity
during release triage.
Generate a draft alert insight or user-impact summary for an incident handoff
while preserving a clear source trail back to New Relic data.
Installation
Claude Code
For OAuth, add the remote MCP endpoint:
claude mcp add newrelic --transport http https://mcp.newrelic.com/mcp/
Start Claude Code, run /mcp, select the New Relic server, and complete the
browser-based OAuth flow.
For API key authentication, use a New Relic user API key and keep the real key
out of committed configuration:
claude mcp add newrelic https://mcp.newrelic.com/mcp/ --transport http --header "Api-Key: NRAK-YOUR-KEY-HERE"
Codex CLI
New Relic documents a config-based API key path for Codex:
performance-analytics: logs, golden metrics, Kafka metrics, threads,
transactions, garbage collection metrics, recent logs, and performance risk
groups.
advanced-analysis: combined analysis workflows such as deployment impact,
log analysis, alert insights, user impact, and natural-language NRQL.
Examples
Incident triage
Use New Relic MCP to list open issues, recent alerts, related entities, recent change events, and the most relevant dashboards for this service. Do not change anything.
NRQL review
Draft the NRQL query needed to compare request latency and error rate for the last 60 minutes. Show the query before executing it.
Deployment impact
Analyze deployment impact for this entity GUID over the last two hours and summarize evidence, time windows, and confidence. Keep this read-only.
Tool inventory
Before calling any New Relic tool, list which New Relic MCP tags and tool categories are available in this session.
Source Notes
New Relic's MCP overview describes the New Relic AI MCP Server as a centralized
bridge for connecting supported AI development tools to New Relic
observability context.
The overview documents the preview status, supported clients, prerequisites,
required New Relic organizational roles, authentication options, and public
preview enablement.
The setup guide documents Claude Code, Codex CLI, Claude Desktop, VS Code,
Windsurf, and Gemini CLI setup paths.
The tool reference documents natural-language use, include-tags, RBAC
enforcement, and tool categories for discovery, data access, alerting,
incident response, performance analytics, and advanced analysis.
The documented MCP endpoint is https://mcp.newrelic.com/mcp/.
Duplicate Check
Before drafting this entry, the current upstream content tree and live open PRs
were checked for New Relic, newrelic, new-relic-mcp-server,
mcp.newrelic.com, docs.newrelic.com/docs/agentic-ai/mcp, and related title
variants. Existing generic SRE and MCP setup entries only mention New Relic as
an example observability product. Existing Datadog, Grafana, and Sentry MCP
entries cover different observability providers. No dedicated New Relic MCP
Server entry, New Relic MCP source URL duplicate, or open duplicate PR was
found.
Editorial Disclosure
Submitted as a community MCP entry by oktofeesh1. This listing is based on
New Relic's official MCP overview, setup guide, and tool reference, with no
paid placement or affiliate relationship.
Show that New Relic MCP Server for Claude is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/mcp/new-relic-mcp-server)
How it compares
New Relic MCP Server for Claude side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
2 trust signals differ across this comparison (Source provenance, Submitter).
Official New Relic AI MCP Server for connecting Claude, Codex, VS Code, Windsurf, Gemini CLI, and other MCP clients to New Relic observability data, NRQL, alerts, incidents, entities, logs, performance analysis, and deployment impact context.
Official Datadog MCP Server for connecting Claude, Codex, Cursor, and other MCP clients to Datadog observability, incidents, logs, metrics, traces, dashboards, monitors, notebooks, services, and security signals.
Apache-2.0 agentic proxy that can expose stdio, HTTP, SSE, and Streamable HTTP MCP servers through a managed gateway with federation, OAuth/JWT authentication, RBAC/CEL policy, CORS, TLS, observability, and Kubernetes Gateway API support.
AnomalyArmor armor-mcp stdio server with 52 consolidated data observability tools for alerts, freshness, schema drift, quality metrics, lineage, and AI recommendations.
✓New Relic documents the MCP Server as a preview feature. Re-check the official overview, setup guide, and tool reference before relying on a remembered endpoint, role requirement, authentication flow, tool tag, or tool name.
New Relic warns that using AI tools with its MCP servers means the AI can take action on the user's behalf. Use a least-privilege New Relic account and keep assistant work read-only unless a human has explicitly approved the operation.
Tool calls are governed by the permissions of the configured New Relic user API key or OAuth profile. RBAC failures are safer than over-broad access; do not use admin-like credentials just to make the assistant easier to use.
The tool reference includes NRQL execution, natural-language-to-NRQL, alert and incident queries, entity discovery, dashboard access, logs, and deployment impact analysis. Treat generated queries and summaries as drafts until an operator checks the account, time window, filters, and service.
Use `include-tags` to reduce the tool corpus when the task is narrow. For example, an alert triage session may only need `discovery,alerting` rather than every data-access, incident-response, performance, and advanced analysis tool.
Do not commit API keys, OAuth tokens, `mcp.json`, Claude Desktop configs, Codex configs, or copied New Relic headers that contain real credentials.
✓Treat Datadog MCP Server as a production observability and operations interface. It can expose live incidents, monitors, logs, metrics, traces, dashboards, notebooks, services, RUM events, hosts, SLOs, and security context to the connected assistant.
Datadog separates the main remote MCP Server from the narrower local Code Security MCP Server. Use this entry for Datadog telemetry and platform tools; use the Code Security MCP Server only when the task is explicitly local SAST, SCA, IaC, secrets, or SBOM scanning.
Enable the smallest useful toolsets first. Use `toolsets` and `omit_tools` to keep context, permissions, and accidental action surface smaller than `toolsets=all`.
Some tools can create or edit Datadog resources such as monitors and notebooks. Require human review for generated monitor definitions, alerting changes, incident updates, notebook edits, workflow actions, or any operation that could page a team or change production observability state.
Datadog documents MCP-specific RBAC permissions as well as normal underlying resource permissions. A user who can connect the MCP Server may still need separate read or write permissions for monitors, logs, APM, dashboards, notebooks, incidents, services, and other products.
The MCP Server has fair-use limits documented as 50 requests per 10 seconds for tool-call bursts and 50,000 monthly tool calls, and Datadog notes that those limits are subject to change.
Datadog states that the MCP Server is under significant development. Review the official docs and available tool list before relying on a remembered tool name, permission, limit, or behavior.
✓Agentgateway can aggregate and expose many downstream MCP targets through one endpoint; every target's permissions become part of the gateway surface.
Stdio targets are spawned by the gateway process, so commands such as package runners or containers inherit the gateway host's trust boundary.
Demo configs use permissive CORS and local authorization servers; lock down origins, headers, issuers, audiences, JWKS, and resource metadata before production use.
CEL/RBAC policies can inspect MCP tool names, arguments, results, prompts, resources, request bodies, JWT claims, API keys, and backend metadata; test policies before relying on them.
Remote MCP proxying, OAuth provider adaptation, Kubernetes routing, TLS termination, and guardrails are infrastructure changes that should go through normal security review.
✓Tools can create alert rules, freshness schedules, metrics, and monitoring configurations.
manage_asset and related tools may trigger discovery jobs on production sources.
Alert acknowledgement and resolution changes operational state.
Review AI recommendations before applying automated monitoring at scale.
Privacy notes
✓Tool results can expose New Relic account IDs, entity GUIDs, dashboard names, alert policy details, issue and incident state, NRQL query text, NRDB results, logs, error groups, change events, deployment markers, service names, tags, thread metrics, Kafka metrics, and other production observability data.
Natural-language prompts can be converted into NRQL and executed against New Relic data. Review prompts, generated queries, and query results before pasting them into tickets, chat systems, public issues, or vendor support threads.
Claude, Codex, IDE transcripts, MCP client logs, screenshots, exported incident reports, and shell history may retain New Relic-derived context outside New Relic's normal access controls.
OAuth tokens and user API keys connect the assistant to a real New Relic identity. Rotate exposed keys, remove stale client configs, and audit account membership when a project or teammate no longer needs access.
✓Datadog says all MCP Server tool calls are recorded in Audit Trail with MCP metadata including tool name, arguments, user identity, and MCP client.
Datadog also emits MCP usage metrics such as `datadog.mcp.session.starts` and `datadog.mcp.tool.usage`, tagged with values including user ID, user email, client name, and tool name.
Remote Datadog MCP Server usage can include prompts, transitions to and from the Datadog login page, errors, user identifiers, and context leading to MCP tool usage; Datadog documents that this data is stored for 120 days.
Tool results can include production logs, traces, metric values, monitor states, dashboard names, notebook contents, incidents, service catalog metadata, host data, security findings, RUM events, team ownership, and operational timelines.
Claude transcripts, Codex logs, IDE logs, screenshots, exported notebooks, support bundles, and incident summaries can retain Datadog-derived data outside Datadog's normal access controls and retention policies.
Datadog describes the MCP Server as HIPAA-eligible, but users remain responsible for confirming that any connected AI tool, client, workflow, and retention path meets their compliance requirements.
✓MCP requests, tool arguments, tool results, prompt names, resource names, session IDs, JWT/API-key claims, raw request/response bodies, logs, traces, and telemetry may pass through the gateway.
CEL policy and observability features may buffer or inspect request and response bodies depending on configuration.
OAuth/JWT metadata, bearer tokens, API keys, DCR secrets, Keycloak/Auth0/Okta settings, and upstream MCP credentials must be protected as secrets.
Any data returned by downstream MCP tools can still be sent onward by the MCP client to the configured model provider.
✓Table names, schema metadata, alert details, and sample metrics are sent to AnomalyArmor.
Natural language `ask_question` queries may expose internal data catalog context to the LLM.
API keys grant access until revoked in AnomalyArmor settings.
Prerequisites
New Relic account with API access and the New Relic AI MCP Server public preview enabled.
New Relic group membership with an organizational role documented for MCP access, such as Organization Read Only, Organization Manager, or Organization Product Admin.
OAuth authentication, or a New Relic user API key approved for the target account and stored outside committed project files.
MCP-capable client such as Claude Code, Claude Desktop, Codex CLI, VS Code, Windsurf, Gemini CLI, or another compatible environment.
Datadog account on a supported commercial Datadog site; Datadog documents that the MCP Server is not GovCloud compatible.
MCP-capable client such as Claude, Claude Code, Codex, Cursor, Gemini CLI, Devin, Goose, OpenCode, VS Code, or another compatible client.
Correct regional Datadog MCP endpoint for the account's Datadog site.
OAuth access, or an approved API key and application key fallback when OAuth is not available.
Agentgateway binary, container image, or source checkout from the upstream release/container/docs path.
At least one downstream MCP target, such as a stdio command, remote MCP server, SSE server, or Streamable HTTP server.
MCP client that can connect to the exposed Streamable HTTP or SSE route.
Auth, CORS, TLS, route, and policy configuration reviewed before shared or remote exposure.
AnomalyArmor account with an API key from Settings → API Keys.
Python uv/uvx available on the host running the MCP client.
Connected data sources already onboarded in AnomalyArmor.
Claude Code, Cursor, or another MCP client with stdio transport.
Install
claude mcp add newrelic --transport http https://mcp.newrelic.com/mcp/
claude mcp add --transport http datadog-mcp <YOUR_MCP_SERVER_ENDPOINT>