MCP Servers Installation Manual
This guide describes how to enable the MCP servers provided by Develocity for your deployment. For information on how to connect AI clients to the MCP servers, see AI Clients.
| The Develocity MCP servers are extensions and may not be enabled for your installation. Contact Develocity support or your customer representative to enable them. |
Develocity MCP Server
The Develocity MCP Server provides a secure, streamlined way to bring Develocity's full build context into any MCP-enabled AI client.
Enabling the MCP Server
The Develocity MCP Server is part of the Develocity Kubernetes Helm Chart.
To enable the MCP Server, add the following property to your Develocity values.yaml:
mcpServer:
enabled: trueFor more details on how to configure your Develocity installation, see the Kubernetes Helm Chart Configuration Guide.
Confirm That the MCP Server Is Running
You can inspect the status of the MCP Server Pods:
kubectl get pods -l app.kubernetes.io/component=mcp-server --namespace develocityNAME READY STATUS RESTARTS AGE mcp-server-67bfcd7f6-t8kkn 1/1 Running 0 2m40s
You can verify that the MCP Server runs properly and is accessible by sending a curl request:
curl -X POST https://develocity.example.com/mcp \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "initialize",
"params": {
"protocolVersion": "2025-03-26",
"capabilities": {},
"clientInfo": {
"name": "curl-client",
"version": "1.0.0"
}
}
}'{
"jsonrpc":"2.0",
"id":1,
"result":{
"protocolVersion":"2025-03-26",
"capabilities":{
"tools":{
"listChanged":false
}
},
"serverInfo":{
"name":"develocity-mcp-server",
"version":"2026.1.0"
},
"instructions":"Allows querying data from the Develocity server https://develocity.example.com"
}
}Develocity Analytics MCP Server
The Develocity Analytics MCP Server provides a secure, streamlined way to bring Develocity's Reporting and Visualization data into any MCP-enabled AI client. You need Develocity 2025.4 or higher with Athena Data Export enabled, or Develocity Reporting Kit 2.1 or higher.
Enabling the MCP Server
The configuration steps depend on whether you are using Develocity Reporting and Visualization with Amazon Athena or using the Develocity Reporting Kit.
-
Develocity with Amazon Athena
-
Develocity Reporting Kit
Prerequisites
The Develocity Analytics MCP Server requires that the Athena Data Export feature is enabled. To enable it, follow the steps in the installation manual.
Set Up Read-Only Athena Credentials
For security reasons, the Athena credentials used by the MCP server cannot be the same as the ones used by the Athena Data Export feature. The credentials used by the MCP server must be read-only.
Create the Read-Only Athena Role
Create an IAM role in AWS with the permission to read build model data exported by Develocity. Use the following policy JSON as a template for setting up the permissions.
| The resources in the policy JSON below are placeholders. Replace these with your actual AWS resource ARNs. |
The policy includes permissions such as PutObject and DeleteObject.
These permissions must apply only to the S3 bucket used by Athena for storing query results, not the bucket containing the actual build model data.
|
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Read the build model data bucket",
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"exported-data-bucket:arn",
"exported-data-bucket:arn/*"
]
},
{
"Sid": "Put and get query result objects",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload",
"s3:PutObject"
],
"Resource": [
"workgroup-output-bucket:arn/output-location",
"workgroup-output-bucket:arn/output-location/*"
]
},
{
"Sid": "Create output location bucket if it doesn't exist",
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:CreateBucket",
"s3:PutBucketPublicAccessBlock"
],
"Resource": [
"workgroup-output-bucket:arn",
"workgroup-output-bucket:arn/*"
]
},
{
"Sid": "Execute queries and get their results",
"Effect": "Allow",
"Action": [
"athena:GetQueryExecution",
"athena:GetQueryResults",
"athena:GetQueryResultsStream",
"athena:GetWorkGroup",
"athena:StartQueryExecution",
"athena:StopQueryExecution"
],
"Resource": [
"athena:workgroup:arn/workgroup-name"
]
},
{
"Sid": "Read Glue metadata",
"Effect": "Allow",
"Action": [
"glue:GetDatabase",
"glue:GetDatabases",
"glue:GetTable",
"glue:GetTables",
"glue:GetPartitions",
"glue:GetPartition"
],
"Resource": [
"glue:catalog:arn",
"glue:database:arn/database-name",
"glue:table:arn/database-name/*"
]
},
{
"Sid": "List databases",
"Effect": "Allow",
"Action": [
"athena:ListDatabases"
],
"Resource": [
"*"
]
}
]
}Make the Read-Only Athena Role Available to Develocity
Once you have a read-only role ready to use, you can make it available to Develocity in one of two ways:
-
Create an AWS user, grant it the read-only role, and provide the user’s access key ID and secret access key to Develocity.
-
Use credentials provided by the AWS environment, such as IAM Roles for Service Accounts (IRSA) or an EC2 Instance Profile.
Access Key Credentials
Using access key credentials is straightforward, but requires you to manage the lifecycle of the credentials, including securing and rotating them.
IRSA or Instance Profile Credentials
To use credentials provided by the environment for the read-only Athena role, first consider if you are already using them elsewhere in Develocity (for example, for S3 object storage, IAM database authentication, or for the read/write access required by Athena Data Export).
A Kubernetes Pod in EKS can only have one attached IAM role, and an EC2 instance can only have one Instance Profile with one corresponding IAM role. To avoid reusing unnecessarily powerful credentials for the Develocity Analytics MCP Server, Develocity can assume a role specified with an ARN using its existing credentials.
For this to work, configure your read-only Athena role’s Trust Policy so that it can be assumed by the role currently used by Develocity (defined by your IRSA Kubernetes ServiceAccount annotation or your EC2 Instance Profile).
The following Trust Policy JSON allows the role to be assumed by a role called develocity-app.
Replace this placeholder with the ARN of the role used by your Develocity installation.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam:<aws-account-id>:develocity-app"
},
"Action": "sts:AssumeRole",
"Condition": {}
}
]
}Helm Configuration
Using Access Key Credentials
You can configure access key credentials either inline in your Helm values or using a user-managed Kubernetes Secret.
To configure them inline, set athenaDataExport.mcpServer.credentials.keys.accessKey and athenaDataExport.mcpServer.credentials.keys.secretKey.
To configure them in a user-managed Secret, provide the name of a Kubernetes Secret in the installation namespace.
The Secret must have two data fields: accessKey and secretKey.
athenaDataExport:
mcpServer:
enabled: true
credentials:
type: keys
keys:
accessKey: <AWS access key for read-only Athena role>
secretKey: <AWS secret key for read-only Athena role>
# OR
secretName: <Secret name with credentials for read-only Athena role>Using an Assumed Role
To use Develocity’s existing IAM role to assume the read-only Athena role, configure Develocity with the ARN for the read-only role. Develocity uses its existing IRSA or Instance Profile credentials to assume this role. For this to work, you must have configured the read-only role to be assumable by Develocity’s existing role, as described in IRSA or Instance Profile Credentials.
athenaDataExport:
mcpServer:
enabled: true
credentials:
readOnlyRoleArn: arn:aws:iam:...The Develocity Analytics MCP Server is part of the Reporting Kit Kubernetes Helm Chart.
To enable the MCP server, add the following Helm values to your Reporting Kit values.yaml:
mcpServer:
enabled: trueConfirm That the MCP Server Is Running
You can verify that the Develocity Analytics MCP Server runs properly and is accessible by sending a curl request:
curl -X POST https://develocity.example.com/drv-mcp \ (1)
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-H "Authorization: Bearer <Develocity Access Key>" \ (2)
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "initialize",
"params": {
"protocolVersion": "2025-03-26",
"capabilities": {},
"clientInfo": {
"name": "curl-client",
"version": "1.0.0"
}
}
}'| 1 | If you are using the Reporting Kit, use your Reporting Kit’s URL instead. Like https://reporting-kit.example.com/drv-mcp. |
| 2 | The Develocity Analytics MCP Server requires a valid Access Key for every interaction, not just for tool calls. |
{
"jsonrpc": "2.0",
"id": 1,
"result": {
"protocolVersion": "2025-03-26",
"capabilities": {
"tools": {
"listChanged": false
}
},
"serverInfo": {
"name": "DRV MCP Server",
"version": "2026.1.0"
}
}
}