shinzo
by shinzo-labs
Overview
Shinzo is an open-source observability platform for monitoring and analyzing the performance, usage, and telemetry data of AI agents and Model Context Protocol (MCP) servers.
Installation
pnpm startEnvironment Variables
- DATABASE_URL
- BACKEND_PORT
- GRPC_PORT
- HTTP_PORT
- LOG_LEVEL
- TZ
- MAX_PAYLOAD_SIZE
- RATE_LIMIT_PER_MINUTE
- ENABLE_COMPRESSION
- BATCH_TIMEOUT
- MAX_BATCH_SIZE
- AUTH_PROVIDER
- JWT_SECRET
- API_KEY_STORE
- RATE_LIMIT_WINDOW
- RATE_LIMIT_MAX
- RATE_LIMIT_BY_KEY
- ENABLE_IP_RATE_LIMIT
- MAILGUN_API_KEY
- MAILGUN_DOMAIN
- FROM_EMAIL
- FROM_NAME
- FRONTEND_URL
- API_BASE_URL
- REFRESH_INTERVAL
- MAX_CACHE_AGE
- ENABLE_REALTIME
- DEFAULT_TIME_RANGE
- ENCRYPTION_KEY
- GOOGLE_CLIENT_ID
- GOOGLE_CLIENT_SECRET
- GOOGLE_REDIRECT_URI
- GITHUB_CLIENT_ID
- GITHUB_CLIENT_SECRET
- GITHUB_REDIRECT_URI
Security Notes
The database setup instructions in `db/README.md` are critically insecure for any production environment, recommending exposing PostgreSQL publicly (`0.0.0.0/0`) with MD5 passwords. The application's Fastify server enables Cross-Origin Resource Sharing (`CORS`) with `origin: true`, allowing requests from any origin, which is overly permissive for most production setups. Developers explicitly flag default `JWT_SECRET` and `ENCRYPTION_KEY` values in `backend/src/config.ts` and `backend/src/utils.ts` as insecure for production. While the codebase uses parameterized SQL queries to prevent injection, the reliance on a single, environment-provided `ENCRYPTION_KEY` means compromise of the server's environment would expose all stored provider keys. JWTs are used for user sessions, which are valid for 24 hours without an explicit server-side invalidation mechanism.
Similar Servers
opentelemetry-mcp-server
Enables AI assistants to query and analyze OpenTelemetry traces from LLM applications for debugging, performance, and cost optimization.
mcpcat-typescript-sdk
This SDK integrates analytics and telemetry capabilities into existing Model Context Protocol (MCP) servers, capturing user intentions, tool usage, and error patterns.
shinzo-ts
Provides OpenTelemetry-compatible instrumentation for TypeScript MCP servers to gain insight into agent usage patterns, contextualize tool calls, and analyze server performance.
alibabacloud-observability-mcp-server
The server provides AI-driven interaction capabilities for Alibaba Cloud observability products (SLS, ARMS, CloudMonitor, Prometheus), enabling natural language queries and analysis of multimodal data by mapping natural language to standardized tool calls.