MCP Tool Reference¶
The API Frontend exposes 23 kubernaut_* MCP tools on its Streamable HTTP endpoint (POST /mcp).
Each tool is SAR-gated via per-persona ClusterRoles, rate-limited, and audit-logged.
All tools return JSON in MCP CallToolResult text content. Default timeout is 30 s (configurable per tool).
RBAC is fail-closed — SAR errors deny the call.
Conditional tool surface (#1366)
When interactive.enabled is false, 11 session-dependent tools are hidden from MCP tools/list and the A2A agent, leaving 12 stateless tools (CRD operations + data/history); 13 with kubernaut_list_alerts if Prometheus is configured. Hidden tools: kubernaut_investigate, kubernaut_discover_workflows, kubernaut_select_workflow, kubernaut_present_decision, kubernaut_message, kubernaut_complete, kubernaut_complete_no_action, kubernaut_cancel, kubernaut_status, kubernaut_reconnect, kubernaut_await_session.
Building skills on Kubernaut tools
When authoring MCP skills or prompts that call these tools, use the "When to use" guidance below each tool to select the right one. Check the Persona Access Matrix to ensure the caller's ClusterRole includes the tool.
RemediationRequest¶
Backend: K8s API (AF ServiceAccount) — operates on kubernaut.ai/v1alpha1/remediationrequests.
Namespace model (ADR-057)
All CRD tools operate in the controller namespace (typically kubernaut-system), injected server-side. The namespace parameter is not exposed to callers. rr_id and rar_id are plain resource names (e.g. oom-fix-abc), not namespace/name pairs.
-
kubernaut_list_remediations— List active and recent remediations with optional filteringphase(string) — Filter bystatus.overallPhase(e.g.Pending,Running,Completed,Failed)kind(string) — Filter byspec.targetResource.kindname(string) — Filter byspec.targetResource.name
When to use: First step in any remediation workflow — discover what's active before drilling into a specific RR.
Response
Personas: SRE, AI Orchestrator, CI/CD, Observability, L3 Audit, Remediation Approver
-
kubernaut_get_remediation— Get details of a specific remediationrr_id(string) — RR namename(string) — RR name (alias forrr_id)
Provide
rr_idorname.When to use: Inspect a known remediation for phase, target resource, and status. Follow up after
kubernaut_list_remediations.Response
Personas: SRE, AI Orchestrator, CI/CD, Observability, L3 Audit, Remediation Approver
-
kubernaut_cancel_remediation— Cancel an active remediation that has not yet reached a terminal staterr_id(string) — RR namename(string) — RR name (alias forrr_id)
Provide
rr_idorname. Fails if the phase is already terminal (Completed,Failed,Cancelled).When to use: Abort a remediation that is no longer needed or was started in error. Check phase with
kubernaut_get_remediationfirst.Personas: SRE
-
kubernaut_watch— Stream live status updates for a remediation and its related resourcesrr_id(string) — RR namename(string) — RR name (alias forrr_id)
Blocks until terminal phase,
AwaitingApproval(yields so the LLM can approve), context cancellation, or internal 15-minute cap.When to use: Stay in the remediation journey — call after
kubernaut_select_workflowto see phase transitions in real time (Pending→Approved→Running→Completed/Failed).Response
Personas: SRE, AI Orchestrator, CI/CD, Observability, Remediation Approver
RemediationApprovalRequest¶
Backend: K8s API (AF ServiceAccount) — operates on kubernaut.ai/v1alpha1/remediationapprovalrequests.
-
kubernaut_list_approval_requests— List approval requests with optional filtering by decision statusdecision(string) — Filter:pending,approved,rejected,expired(empty = all)
When to use: Discover pending approval requests. First step in the approval UX flow before drilling into a specific RAR.
Response
Personas: Remediation Approver
-
kubernaut_get_approval_request— Get full details of a specific approval request for review before decidingrar_id(string) — RAR namename(string) — RAR name (alias forrar_id)
Provide
rar_idorname.When to use: Inspect an RAR's investigation summary, evidence, recommended actions, and alternatives before calling
kubernaut_approve.Response
{ "name": "rar-oom-fix-abc", "namespace": "prod", "remediation_request": "oom-fix-abc", "ai_analysis": "Memory limit insufficient for traffic spike", "confidence": 0.85, "confidence_level": "High", "investigation_summary": "Root cause: memory limit 256Mi too low...", "why_approval_required": "Confidence below auto-approve threshold", "recommended_workflow": { "name": "adjust-memory-limits", "version": "v2" }, "recommended_actions": [ { "action": "Increase memory limit to 512Mi", "rationale": "Matches p99 usage" } ], "evidence_collected": [ "pod/api-server-xyz OOMKilled", "metrics: mem_usage_p99=480Mi" ], "alternatives_considered": [ { "approach": "HPA scale-out", "pros_cons": "Cheaper but doesn't fix root cause" } ], "decision": "Pending", "time_remaining": "28m", "expired": false }Personas: Remediation Approver
-
kubernaut_approve— Approve or reject a pending remediation approval requestrar_name(string) (required) — RemediationApprovalRequest namedecision(string) (required) —ApprovedorRejected(enforced via InputSchema enum —Expiredis not a valid input)reason(string) — Decision rationale (stored asstatus.decisionMessage)workflow_override(string) — Override workflow (stored asstatus.workflowOverride.workflowName)
MCP bridge only (DD-AF-006, v1.5.1)
kubernaut_approveis structurally absent from the A2A agent'sbuildToolList()as of v1.5.1. It remains on the MCP bridge for the Kubernaut Console's Approve/Reject buttons. This prevents an LLM from autonomously approving RARs via prompt injection, preserving the human consent gate. Defense-in-depth: (1) tool absent from agent, (2) explicit prompt instruction, (3) SAR RBAC on MCP, (4) audit trail.When to use: Final step in the approval flow after reviewing the RAR with
kubernaut_get_approval_request. Always provide areasonfor audit trail traceability. Must be called via the MCP bridge (Console or direct MCP client) — not available to the A2A agent.Personas: Remediation Approver
Investigation¶
-
kubernaut_investigate— Start or join an investigation (consolidates formerstart_investigation,poll_investigation,stream_investigation, andtakeover— #1307, #1332)Backend: KA MCP — dispatches to the Kubernaut Agent's MCP server.
rr_id(string) — Existing RR name (starts investigation on that RR)api_version(string) — Kubernetes API group/version, e.g.apps/v1,v1(required when creating a new RR, #1372)namespace(string) — Target resource namespace (for creating a new RR + IS)kind(string) — Target resource kind (required withnamespace/name)name(string) — Target resource name (required withnamespace/name)
Provide
rr_idfor an existing RR, orapi_version+namespace+kind+nameto create a new RR and InvestigationSession for interactive use. Service accounts cannot start interactive investigations (namespace/kind/name path).In A2A mode, blocks until the investigation completes and returns the full RCA summary. On the MCP bridge, returns immediately; live events are streamed in the background via SSE. If the RR already has an active investigation driven by another user, a structured
session_activeresult is returned instead of an error.When to use: Single entry point for all investigation workflows. Follow up with
kubernaut_discover_workflowsafter the investigation completes.Response
Personas: SRE, AI Orchestrator
-
kubernaut_await_session— Wait for an investigation session to become ready on a RemediationRequestBackend: K8s API — watches/polls AIAnalysis resources until
status.investigationSession.idis populated.rr_name(string) (required) — RemediationRequest name
Blocks until the AIAnalysis for the given RR has a non-empty session ID or timeout (default: 3 minutes). Useful when the operator wants to interact with a session that was triggered autonomously (from an alert) but hasn't yet been submitted to KA.
When to use: Wait for an autonomous investigation to become joinable before calling
kubernaut_messageorkubernaut_reconnect.Personas: SRE, AI Orchestrator, CI/CD, Observability, Remediation Approver
Interactive Session Lifecycle¶
Backend: KA MCP — dispatches to the Kubernaut Agent's MCP server (POST /api/v1/mcp).
All interactive tools share a common response shape:
-
kubernaut_message— Send a message to an active investigation sessionrr_id(string) (required) — Remediation request IDmessage(string) (required) — Message content (max 10 240 chars)
When to use: Converse with the AI agent during an interactive session — provide context, ask questions, or steer the investigation.
Personas: SRE, AI Orchestrator
-
kubernaut_complete— Complete an investigation sessionrr_id(string) (required) — Remediation request IDmessage(string) — Optional completion message
When to use: Signal that the investigation is done. If a workflow was selected, this triggers the remediation pipeline.
Personas: SRE, AI Orchestrator
-
kubernaut_cancel— Cancel an active investigation sessionrr_id(string) (required) — Remediation request IDmessage(string) — Optional cancellation reason
When to use: Abort an interactive session that is no longer needed. The session is released and the MCP lease is freed.
Personas: SRE, AI Orchestrator
-
kubernaut_status— Get the current status of an investigation sessionrr_id(string) (required) — Remediation request ID
When to use: Check session state (active, completed, disconnected) before sending a message or reconnecting.
Personas: SRE, AI Orchestrator
-
kubernaut_reconnect— Reconnect to a disconnected investigation sessionrr_id(string) (required) — Remediation request IDmessage(string) — Optional message
When to use: Resume a session after a network disconnect or client restart. Check status with
kubernaut_statusfirst.Personas: SRE, AI Orchestrator
-
kubernaut_complete_no_action— Complete an investigation with no remediation action {: #complete-no-action }Backend: KA MCP
rr_id(string) (required) — Remediation request IDescalation_reason(string) — If provided, the investigation is escalated to operator review instead of dismissed
Two behavior paths based on
escalation_reason:- Absent — dismiss:
IsActionable=false,HumanReviewNeeded=false, status set tocompleted_no_action - Present — escalate:
HumanReviewNeeded=true,HumanReviewReason=operator_escalation, status set toescalated. The Remediation Orchestrator creates aManualReviewRequiredand sends aNotificationRequestto theops-escalation-channel.
MCP bridge only
This tool is available on the MCP bridge but is not registered in the A2A agent's
buildToolList()(DD-AF-007). The Console uses it for its dismiss and escalation buttons.When to use: End an investigation when no automated remediation is appropriate — either dismiss (alert self-resolved or false positive) or escalate (requires human expertise beyond Kubernaut's scope).
Personas: SRE, AI Orchestrator
Workflow¶
-
kubernaut_discover_workflows— Discover available workflows with parameter schemas for a remediationBackend: KA MCP
rr_id(string) (required) — Remediation request IDworkflow_id(string) — Filter to a specific workflowkind(string) — Filter by resource kind
Requires an active investigation session. Triggers LLM-driven workflow discovery based on investigation context. Parameters are pre-populated by the AI agent.
When to use: After the investigation completes and the user asks to fix/remediate — present workflow options with pre-populated parameters. Follow up with
kubernaut_select_workflow.Response
{ "workflows": [ { "workflow_id": "adjust-memory-limits", "name": "Adjust Memory Limits", "description": "Increase container memory limits based on usage analysis", "kind": "Deployment", "parameters": [ { "name": "memory_limit", "type": "string", "description": "New memory limit (e.g. 512Mi)", "required": true, "default": "512Mi" } ] } ], "count": 1 }Personas: SRE, AI Orchestrator
-
kubernaut_select_workflow— Select a workflow for executionBackend: KA MCP
rr_id(string) (required) — Remediation request IDworkflow_id(string) (required) — Workflow to select (must be from discovery results)kind(string) — Target resource kindname(string) — Target resource namenamespace(string) — Target namespaceparameters(object) — Workflow parameter values
Requires a prior
kubernaut_discover_workflowscall — theworkflow_idmust be from the discovery results.When to use: User has chosen a workflow from the discovery results. This triggers enrichment and creates a RemediationRequest. Follow up with
kubernaut_watchto track execution.Response
Personas: SRE, AI Orchestrator
-
kubernaut_list_workflows— List available remediation workflows from the catalogBackend: DataStorage
kind(string) — Filter by resource kind
Bridge-only for AF agent
This tool is available on the MCP bridge for remote clients but was removed from the AF agent's internal LLM tool set (AC-6 security). The AF agent uses
kubernaut_discover_workflowsinstead, which follows the RCA → discovery → selection pipeline.When to use: Browse the full workflow catalog without an active investigation. Unlike
kubernaut_discover_workflows, this does not require a session and returns catalog entries without LLM-based recommendations.Response
Personas: SRE, Observability, L3 Audit
Data & History¶
Backend: DataStorage — queries the Kubernaut DataStorage service.
-
kubernaut_get_remediation_history— Query historical remediations with optional filteringnamespace(string) — Filter by namespacekind(string) — Filter by target kindname(string) — Filter by target namesince(string) — Time filter
When to use: Analyze past remediation outcomes for a resource, namespace, or time window. Useful for trend analysis and post-incident reviews.
Response
Personas: SRE, L3 Audit
-
kubernaut_get_effectiveness— Get effectiveness scores and metrics for remediation workflowsworkflow_id(string) — Filter by workflownamespace(string) — Filter by namespace
When to use: Evaluate how well a workflow performs before recommending it. Compare success rates across workflows or namespaces.
Response
Personas: SRE, Observability, L3 Audit
-
kubernaut_get_audit_trail— Retrieve the audit trail for a remediation, showing all actions and decisionsrr_id(string) (required) — Remediation request IDevent_type(string) — Filter by event type
When to use: Compliance review — trace every action taken on a remediation from signal to completion. Required for L3 audits and post-incident reports.
Response
Personas: SRE, L3 Audit
Presentation¶
-
kubernaut_present_decision— Present investigation results and remediation options to the user for a decisionBackend: Local (no backend call — formats a human-readable decision prompt)
session_id(string) (required) — Investigation session IDsummary(string) (required) — Investigation summary / RCA textoptions(array) (required) — Workflow choices to presentoptions[].workflow_id(string) (required) — Workflow identifieroptions[].name(string) (required) — Display nameoptions[].description(string) (required) — Option descriptionoptions[].risk(string) — Risk label
When to use: Called by the AF agent to format investigation results into a structured decision prompt. Typically not called directly by external skills — the AF agent calls it internally after streaming an investigation.
Response
Personas: SRE, AI Orchestrator
Alerts¶
Backend: Prometheus (AF ServiceAccount) — queries the configured Prometheus endpoint.
Conditional registration
Alert tools are only registered when severityTriage.enabled: true and a Prometheus URL is configured via severityTriage.prometheusURL. When Prometheus is not configured, these tools do not appear in tools/list.
-
kubernaut_list_alerts— Query firing Prometheus alerts with optional filtersnamespace(string) — Filter by namespaceseverity(string) — Filter by severity (critical,high,warning,info)state(string) — Filter by alert state (firing,pending)
Returns a
ListAlertsResultwithalerts[](sorted by severity descending, thenactive_atascending FIFO),count,total_count,truncated, andprioritized(index-based priority metadata). Sensitive label keys (password,token,secret,key,credential,bearer) are stripped. URLs and IPs in label/annotation values are redacted (FedRAMP SI-10). If the serialized response exceeds the max tool output size, alerts are trimmed from the tail (lowest priority) andtruncatedis set totrue.When to use: Discover active alerts before starting an investigation. Use severity and namespace filters to narrow results.
Response
{ "alerts": [ { "labels": { "alertname": "KubePodCrashLooping", "namespace": "production", "severity": "critical", "pod": "api-server-xyz", "container": "api" }, "annotations": { "summary": "Pod production/api-server-xyz is crash looping", "runbook_url": "[URL_REDACTED]" }, "state": "firing", "active_at": "2026-06-18T14:30:00Z" }, { "labels": { "alertname": "KubeDeploymentReplicasMismatch", "namespace": "production", "severity": "warning", "deployment": "api-server" }, "annotations": { "summary": "Deployment production/api-server has 0/2 replicas ready" }, "state": "firing", "active_at": "2026-06-18T14:31:00Z" } ], "count": 2, "total_count": 2, "truncated": false, "prioritized": { "selected_index": 0, "tied_indices": [], "also_active_start": 1 } }prioritizedfields:selected_indexis the highest-severity, longest-firing alert.tied_indiceslists other alerts at the same severity.also_active_startis the array index where lower-severity alerts begin.Personas: SRE
Common UX Flows¶
Approval flow¶
kubernaut_list_approval_requests(decision="pending")
→ kubernaut_get_approval_request(rar_id)
→ kubernaut_approve(rar_name, decision, reason)
Autonomous investigation flow¶
kubernaut_investigate(rr_id)
→ kubernaut_discover_workflows(rr_id)
→ kubernaut_select_workflow(rr_id, workflow_id)
→ kubernaut_watch(rr_id)
Interactive investigation flow (new RR)¶
kubernaut_investigate(api_version, namespace, kind, name) # creates RR + IS
→ kubernaut_message(rr_id, message) # repeat as needed
→ kubernaut_discover_workflows(rr_id)
→ kubernaut_select_workflow(rr_id, workflow_id)
→ kubernaut_watch(rr_id)
Interactive investigation flow (existing RR)¶
kubernaut_list_remediations()
→ kubernaut_await_session(rr_name)
→ kubernaut_message(rr_id, message) # repeat as needed
→ kubernaut_discover_workflows(rr_id)
→ kubernaut_select_workflow(rr_id, workflow_id)
→ kubernaut_watch(rr_id)
Compliance audit flow¶
kubernaut_list_remediations()
→ kubernaut_get_remediation(rr_id)
→ kubernaut_get_audit_trail(rr_id)
→ kubernaut_get_effectiveness(workflow_id)
Backend Routing Summary¶
| Backend | Tools |
|---|---|
| K8s API (AF SA) | list_remediations, get_remediation, cancel_remediation, watch, approve, list_approval_requests, get_approval_request, await_session |
| KA MCP | investigate, message, complete, complete_no_action, cancel, status, reconnect, discover_workflows, select_workflow |
| DataStorage | list_workflows, get_remediation_history, get_effectiveness, get_audit_trail |
| Prometheus | list_alerts (conditional on severityTriage.enabled) |
| Local | present_decision |
Persona Access Matrix¶
The personas below are predefined bootstrap roles shipped with the Helm chart. Operators are encouraged to create their own ClusterRoles and ClusterRoleBindings tailored to their operational environment — the predefined set is a starting point, not a prescription.
All tool names below are prefixed with kubernaut_.
| Tool | SRE | AI Orch. | CI/CD | Obs. | L3 Audit | Approver |
|---|---|---|---|---|---|---|
list_remediations |
||||||
get_remediation |
||||||
cancel_remediation |
||||||
watch |
||||||
list_approval_requests |
||||||
get_approval_request |
||||||
approve |
||||||
await_session |
||||||
investigate |
||||||
message |
||||||
complete |
||||||
cancel |
||||||
status |
||||||
reconnect |
||||||
complete_no_action |
||||||
discover_workflows |
||||||
select_workflow |
||||||
present_decision |
||||||
list_workflows |
||||||
list_alerts |
||||||
get_remediation_history |
||||||
get_effectiveness |
||||||
get_audit_trail |
Internal Tools (A2A Agent Only)¶
The AF agent uses additional tools inside its A2A agent loop.
These are not exposed on the MCP bridge and cannot be called by external MCP clients.
However, they are SAR-gated on the A2A path via newRBACGuard() and are included in per-persona ClusterRoles in values.yaml.
Core internal tools (always registered)¶
| Tool | Purpose |
|---|---|
kubectl_get |
Get any namespaced K8s resource by kind/name/namespace (Secret .data redacted). GVR resolved via RESTMapper + static table. |
kubectl_list |
List namespaced K8s resources with optional label selector (Secret .data redacted). GVR resolved via RESTMapper + static table. |
kubectl_list_events |
List K8s events with reason/object filters |
kubernaut_check_existing_remediation |
Check for duplicate RemediationRequest before creation. Params: namespace, kind, name. |
kubernaut_remediate |
Create a new RemediationRequest CRD. Params: namespace, kind, name, api_version (required with namespace/kind/name, #1372), description, rr_id. |
Alert tools (registered when severityTriage.enabled: true + Prometheus configured)¶
These tools are only available when the AF has a Prometheus connection configured via severityTriage.prometheusURL. They enable the A2A agent to query firing alerts and create alert-driven RemediationRequests.
| Tool | Purpose |
|---|---|
list_alerts |
Query Prometheus alerts with optional filters. Params: namespace, severity (critical/high/warning/info), state (firing/pending). Returns redacted AlertSummary array. |
get_alert_details |
Get details of a specific alert. Params: alert_name (required), namespace (optional). Returns matching AlertSummary array. |
kubernaut_investigate_alert |
Alert-first RR creation with scope validation. Params: alert_name, api_version, kind, name (all required), namespace (optional for cluster-scoped). Validates alert exists in Prometheus and checks namespace/cluster scope via RESTMapper before creating the RR (#1372). |
KA kubectl tools have api_group
The Kubernaut Agent's kubectl tools (kubectl_get, kubectl_list in KA) support an api_group parameter for kind disambiguation (#1311). The AF's internal kubectl_get/kubectl_list do not — they resolve GVR via RESTMapper and a static GVK table.