npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

mcp-spring-boot-actuator

v0.1.3

Published

MCP server for Spring Boot Actuator analysis — health, metrics, environment, and bean diagnostics

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

dmitriusandmitriusan

Keywords

mcpmcp-servermodel-context-protocolaiclaudeanthropicspring-bootspringactuatorjavahealth-checkmetricsmonitoringdiagnostics

Readme

npm version License: MIT

MCP Spring Boot Actuator

An MCP server that analyzes Spring Boot Actuator endpoints — health, metrics, environment, beans, startup, and caches. Detects issues, security risks, and provides actionable recommendations.

Why This Tool?

There is no other MCP server that analyzes Spring Boot Actuator endpoints. This is the only tool that lets your AI assistant understand your Spring Boot application's health, performance, configuration, and startup behavior through actuator data.

7 analytical tools turn raw actuator JSON into actionable diagnostics — health checks, JVM metrics analysis, security risk detection in environment/beans, startup bottleneck identification, and cache efficiency analysis.

Tools (7)

analyze_health

Parse and diagnose the /health endpoint response. Detects unhealthy components (database, Redis, Kafka, Elasticsearch, disk space) with component-specific recommendations.

curl http://localhost:8080/actuator/health | jq '.' > health.json

Detects:

  • DOWN/OUT_OF_SERVICE components
  • Low disk space warnings (< 15% free)
  • Nested component health (e.g., primary/secondary databases)
  • Restricted health endpoints (no show-details)

analyze_metrics

Analyze JVM, HTTP, and database pool metrics from /metrics endpoints.

# Collect metrics into a single JSON object:
{
  "jvm.memory.used": 800000000,
  "jvm.memory.max": 1000000000,
  "jvm.threads.live": 150,
  "jvm.gc.pause.count": 500,
  "jvm.gc.pause.total": 8.5,
  "http.server.requests.count": 10000,
  "http.server.requests.error.count": 50,
  "hikaricp.connections.active": 8,
  "hikaricp.connections.max": 10
}

Detects:

  • Heap utilization >= 90% (CRITICAL) or > 75% (WARNING)
  • High thread count (> 500)
  • Long GC pauses (avg > 200ms)
  • HTTP error rate > 10% (CRITICAL) or > 1% (WARNING)
  • Connection pool exhaustion >= 90% (CRITICAL)
  • Pending connection requests

Supports both flat metric values and Spring Boot measurement format ({ measurements: [{ statistic: "VALUE", value: N }] }).

analyze_env

Analyze the /env endpoint for security risks and misconfigurations.

curl http://localhost:8080/actuator/env | jq '.' > env.json

Detects:

  • Exposed secrets (passwords, API keys, tokens not masked with ******)
  • Risky production configs: ddl-auto: create-drop, H2 console enabled, show-sql: true
  • DevTools enabled in production
  • All actuator endpoints exposed (management.endpoints.web.exposure.include=*)
  • Missing Spring profiles (no active profiles set)

analyze_beans

Analyze the /beans endpoint for architectural issues.

curl http://localhost:8080/actuator/beans | jq '.' > beans.json

Detects:

  • Circular dependencies (A → B → A)
  • Singleton beans depending on prototype-scoped beans (scope mismatch)
  • Beans with > 10 dependencies (God objects)
  • Large bean counts (> 500)
  • Multiple application contexts

analyze_startup

Analyze the /startup actuator endpoint (Spring Boot 3.2+). Parses the startup timeline to detect slow bean initialization and heavy auto-configurations.

curl -X POST http://localhost:8080/actuator/startup | jq '.' > startup.json

Parameters:

  • json — The /startup endpoint JSON response

Detects:

  • Slow startup (> 30s CRITICAL, > 15s WARNING)
  • Heavy auto-configurations consuming > 30% of startup time
  • Slow bean initialization (> 2s per bean)
  • Top slowest steps ranked by duration

analyze_caches

Analyze the /caches actuator endpoint. Lists registered caches and detects configuration issues.

curl http://localhost:8080/actuator/caches | jq '.' > caches.json

Parameters:

  • json — The /caches endpoint JSON response

Detects:

  • Unbounded ConcurrentMapCache usage (no eviction, will grow indefinitely)
  • Too many caches (> 20, memory overhead)
  • Missing cache managers (no Spring Cache configured)
  • Empty cache registrations

analyze_loggers

Analyze the /loggers actuator endpoint. Detects verbose logging configurations that impact performance and security in production.

curl http://localhost:8080/actuator/loggers | jq '.' > loggers.json

Parameters:

  • json — The /loggers endpoint JSON response

Detects:

  • ROOT logger set to DEBUG/TRACE (floods logs, degrades performance)
  • Explicitly configured DEBUG/TRACE loggers (likely leftover from debugging)
  • Verbose framework logging (Spring, Hibernate, HikariCP, Micrometer, Apache)
  • Inconsistent log levels across related packages
  • More than 5 verbose loggers (signs of leftover debug configuration)

Installation

npm install -g mcp-spring-boot-actuator

Or use directly with npx:

npx mcp-spring-boot-actuator

Configuration

Claude Desktop

Add to your Claude Desktop config (~/.claude/claude_desktop_config.json):

{
  "mcpServers": {
    "spring-boot-actuator": {
      "command": "npx",
      "args": ["-y", "mcp-spring-boot-actuator"]
    }
  }
}

Quick Demo

Once configured, try these prompts in Claude:

  1. "Check the health of my Spring Boot app: [paste /actuator/health JSON]" — Detects DOWN components, low disk space, and provides component-specific recommendations
  2. "Are there any security risks in my config? [paste /actuator/env JSON]" — Finds exposed secrets, risky settings like ddl-auto: create-drop, and over-exposed endpoints
  3. "How is my app performing? [paste JVM/HTTP metrics]" — Analyzes heap usage, GC pressure, HTTP error rates, and connection pool utilization
  • "Why is my app starting so slowly?" (paste /actuator/startup JSON)
  • "Are my caches configured properly?" (paste /actuator/caches JSON)

Requirements

  • Node.js 18+
  • Spring Boot application with Actuator endpoints enabled

Part of the MCP Java Backend Suite

This server works alongside:

Limitations & Known Issues

  • Actuator endpoints must be exposed: Spring Boot secures actuator endpoints by default. You must explicitly expose endpoints via management.endpoints.web.exposure.include.
  • Startup analysis: Requires Spring Boot 3.2+ with management.endpoint.startup.enabled=true. Older versions don't provide startup timing data.
  • Single instance: Analyzes one application instance at a time. For clustered applications, point to each instance separately.
  • Metric accumulation: Some metrics (HTTP request counts, error rates) require traffic to accumulate data. A freshly started app may show zeros.
  • Environment masking: Spring Boot masks sensitive properties by default. The analyze_env tool sees masked values (e.g., ******) and cannot detect actual credential exposure in masked properties.
  • Custom health indicators: The tool recognizes standard health indicator patterns. Custom health indicators with non-standard status values may not trigger specific recommendations.
  • Cache analysis: Supports ConcurrentMapCache, Caffeine, Redis, and EhCache. Other cache providers may show limited analysis.
  • Non-JSON responses: Handles HTML error pages (401, 403, 500) gracefully with "Invalid JSON" warnings, but cannot extract useful data from them.
  • Circular dependency depth: Detects A→B→A cycles but may miss longer chains (A→B→C→A) in complex applications.

License

MIT