Building an Autonomous DevOps Pipeline with Claude Code MCP
A Practical Guide to Connecting GitHub, Slack, and Sentry with the Model Context Protocol
How many tabs do you switch between when a production error occurs? Checking stack traces in Sentry, tracking related commits on GitHub, and notifying your team on Slack—the experience of spending 20 minutes on this workflow is familiar to most developers. By combining the Model Context Protocol (MCP) with the Claude Code subagent, this entire workflow is completed with a single natural language command in the CLI.
Model Context Protocol (MCP) is an open protocol that standardizes the integration method between AI systems and external tools. Previously, connecting each SaaS tool required writing separate custom integration code, but MCP connects thousands of tools through a single interface, much like a "USB port for AI." Claude Code (Anthropic's CLI-based coding agent) adds sub-agent functionality to this, supporting multi-agent autonomous pipelines where multiple agents with independent roles collaborate in parallel and serial.
After reading this article, you will be equipped with practical code examples covering how to configure GitHub, Slack, and Sentry to Claude Code, pipeline patterns for automating everything from error detection to PR creation and team notifications, and essential security considerations to know before production deployment. This article is primarily intended for developers who are already using Claude Code.
Key Concepts
MCP Architecture: Host · Client · Server
MCP consists of three roles.
| Role | Example | Role Description |
|---|---|---|
| Host | Claude Code, Cursor | AI Application. Runs multiple MCP clients simultaneously |
| Client | Host Internal Component | Converts user requests to JSON-RPC 2.0 format and delivers them to the server |
| Server | GitHub MCP, Sentry MCP | Lightweight server providing access to external tools |
JSON-RPC 2.0: A lightweight protocol that defines remote procedure calls in JSON format. Both requests and responses are serialized into JSON objects and transmitted. All MCP tool calls operate on this format.
There are two communication methods depending on the execution environment. Use stdio with local processes and Streamable HTTP with remote servers. Since Streamable HTTP is a designation adopted in the MCP specification after March 2025, the SSE (Server-Sent Events) based http type may be applied when using an older version of the MCP server. It is recommended to check the specification version of the server you intend to connect to first.
3 Primitives Provided by MCP
The MCP server provides three basic functions (Primitives). This article focuses on the Tools that are the most core to an actual DevOps pipeline, while Resources and Prompts are introduced at a conceptual level.
| Primitive | Role | How it works |
|---|---|---|
| Tools | Action functions directly called by AI | Manipulate external systems such as create_issue, send_message |
| Resources | Data injected into the AI context | Read directly by the AI via a URI like file:///logs/deploy.log |
| Prompts | Reusable prompt templates | Standardize code review forms, incident summary templates, etc. |
Claude Code Subagent: Parallel and Serial Execution Model
A sub-agent is a separate agent instance to which the main agent delegates independent tasks. Each sub-agent has an isolated context window and inherits the parent dialog's MCP tools by default. Parallel execution is supported, and it is recommended to check the latest figures for the maximum number of concurrent executions in the Claude Code Official Release Notes.
The key to data transfer between sub-agents is the file system. When the previous sub-agent records results to a temporary file, the main agent includes this in the task prompt of the next sub-agent and forwards it.
메인 에이전트
├── 서브에이전트 A: 스펙 작성 → spec-output.md 저장
├── 서브에이전트 B: spec-output.md 읽어 아키텍처 검토 → adr-output.md 저장
└── 서브에이전트 C: spec + adr 기반으로 코드 구현 + PR 생성Benefits of Context Isolation: Since each sub-agent focuses solely on its own task, there is no unnecessary consumption of context. This simultaneously leads to cost reduction and improved execution focus.
Practical Application
Basic MCP Server Connection Settings
Register the MCP server in .claude/settings.json of the project root. Below is an example of connecting GitHub (stdio), Sentry (HTTP), and Slack (stdio) simultaneously.
{
"mcpServers": {
"github": {
"type": "stdio",
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-github"],
"env": {
"GITHUB_TOKEN": "$GITHUB_TOKEN"
}
},
"sentry": {
"type": "http",
"url": "https://mcp.sentry.dev/mcp"
},
"slack": {
"type": "stdio",
"command": "npx",
"args": ["-y", "@slackapi/slack-mcp-plugin"],
"env": {
"SLACK_BOT_TOKEN": "$SLACK_BOT_TOKEN"
}
}
}
}| Settings Item | Description |
|---|---|
type: "stdio" |
Run a server process locally with npx and communicate via standard I/O |
type: "http" |
Connect directly to a remote HTTP endpoint. Use if you have an official cloud server |
env Environment Variable |
The token value must be passed in the format environment variable reference($VAR_NAME). Direct input of the value is strictly prohibited. |
Sentry Authentication Note: https://mcp.sentry.dev/mcp uses OAuth authentication. Claude Code guides you through the browser OAuth flow when you first connect. In CI or self-hosted environments, you can set the SENTRY_AUTH_TOKEN environment variable and use a local stdio-based Sentry MCP server (getsentry/sentry-mcp) instead.
Check Slack Package Name: @slackapi/slack-mcp-plugin is the package name based on the slackapi/slack-mcp-plugin repository. It is recommended to check the latest official package name in the npm registry before installation.
After configuring, restart Claude Code to immediately call the tool in natural language.
$ claude
> 최근 프로덕션 Sentry 오류 목록 보여줘
⏺ 도구 호출: sentry__get_issues (프로젝트: my-app, 환경: production)
최근 24시간 오류 8건 조회됨:
- SENTRY-1234: TypeError: Cannot read property 'id' of undefined (42회 발생)
- SENTRY-1235: UnhandledPromiseRejection in payment service (17회 발생)
...Autonomous CI/CD Monitoring Pipeline
It is a pattern that automates the entire process, from Sentry error detection to Slack notifications, with a single command.
[Sentry MCP] 프로덕션 오류 감지
↓
서브에이전트: 스택 트레이스 분석 및 근본 원인 파악
↓
[GitHub MCP] 관련 커밋 조회 → 수정 PR 자동 생성
↓
[Slack MCP] #incidents 채널에 장애 요약 + PR 링크 알림If you define pipeline behavior rules in .claude/CLAUDE.md, the agent operates consistently.
## 오류 대응 파이프라인 규칙
1. Sentry 오류 확인 시 반드시 관련 커밋 히스토리를 GitHub에서 조회할 것
2. PR 생성 전 테스트 코드가 포함되었는지 확인할 것
3. PR 생성 후 즉시 #incidents Slack 채널에 요약 메시지를 전송할 것
4. 프로덕션 DB에 대한 직접 쓰기 작업은 절대 수행하지 말 것With this rule defined, the entire pipeline is executed with the next single command.
$ claude
> SENTRY-1234 스택 트레이스 분석해서 수정 PR 만들어줘3-Stage Production Development Pipeline
It is a pattern in which three sub-agents with independent roles are connected in series to automate the process from specification writing to PR submission. The entire pipeline is initiated with a single command.
$ claude
> 사용자 인증 모듈에 OAuth 2.0 지원을 추가하는 작업을 진행해줘Internally, it branches as follows. The output of each stage is transferred to the next sub-agent via the file system.
메인 에이전트
│
├─ [pm-spec 서브에이전트]
│ 역할: 태스크를 읽어 수용 기준이 담긴 구조화된 스펙 작성
│ 도구: Confluence MCP (스펙 문서 저장), Jira MCP (티켓 연동)
│ 출력: spec-output.md → 파일 시스템에 저장
│
├─ [architect-review 서브에이전트] ← spec-output.md 수신
│ 역할: 스펙을 플랫폼 제약에 맞게 검토,
│ 아키텍처 결정 기록(ADR, Architecture Decision Record) 생성
│ 도구: 내부 지식베이스 MCP, GitHub MCP (기존 코드 컨텍스트 조회)
│ 출력: adr-output.md → 파일 시스템에 저장
│
└─ [implementer-tester 서브에이전트] ← spec-output.md + adr-output.md 수신
역할: 코드·테스트 작성, 문서 업데이트, PR 제출
도구: GitHub MCP (쓰기 권한만 허용)To restrict tool access by sub-agent, use the --allowedTools flag. In Claude Code, MCP tools are specified in the format mcp__서버명__도구명 namespace.
# implementer 서브에이전트는 PR 생성·파일 푸시만 허용
claude --allowedTools "mcp__github__create_pull_request,mcp__github__push_files"Multi-tool Context Maintaining Workflow
It is a pattern that sequentially calls multiple tools without context switching within a single session. Tasks that were previously handled manually by switching between four tabs are completed in a single conversation flow.
$ claude
> users 테이블에서 지난 7일간 로그인 실패 횟수가 10회 이상인 계정 조회해줘
⏺ 도구 호출: postgres__query
결과: 37개 계정 조회됨 (user_id, failure_count, last_attempt 포함)
> 이 계정들 관련 Sentry 오류가 있는지 확인해줘
⏺ 도구 호출: sentry__search_issues (이전 쿼리의 user_id 목록 기반 필터링)
결과: 12건의 관련 오류 발견 — 주로 "Invalid session token" 패턴
> 관련 이슈를 Jira에 P1 티켓으로 생성하고 보안팀 Slack 채널에 알려줘
⏺ 도구 호출: jira__create_issue + slack__post_message (동시 실행)
Jira: SEC-4521 생성 완료
Slack: #security-team 알림 전송 완료The key to this pattern is that the previous query result is automatically preserved as the context for the next tool call.
Pros and Cons Analysis
Advantages
| Item | Content |
|---|---|
| Standardization | No custom integration code required per tool. If an MCP server exists, connect with a single line of configuration |
| Contextual Persistence | Previous results are automatically used for the next task while switching between multiple tools |
| Parallel Processing | Significantly improved speed compared to sequential tasks through the concurrent execution of sub-agents |
| Scalability | Over 5,800 public MCP servers available (Based on official statistics). Easy to set up dedicated custom servers |
| Ecosystem | Major DevOps platforms such as GitHub Copilot and CloudBees adopt MCP as core scaling mechanism |
Disadvantages and Precautions
| Item | Content | Response Plan |
|---|---|---|
| Concentrated Security Attacks | MCP servers hold authentication tokens for multiple services in one place — become targets for high-value attacks | Apply the principle of least privilege, limiting token scope to read-only |
| Prompt Injection | External content such as GitHub issue bodies and Slack messages can manipulate AI behavior | Process external input separately from AI instructions |
| Tool Poisoning | Cases of malicious code injection into third-party MCP servers occurred (Refer to Red Hat Security Report) | Direct audit of open source code in official repositories |
| Supply Chain Risk | MCP Registry allows listing without security review | Use only official Anthropic servers or servers from verified organizations |
| Excessive Autonomy | Agents can perform destructive actions beyond explicit limits | Prohibited behaviors specified in CLAUDE.md, human approval step added to critical tasks |
| Latency | Response delays may occur when relying on a remote MCP server | Prioritize local stdio server, set timeout |
Prompt Injection: An attack in which instructions hidden within external data (GitHub issue bodies, Slack messages, etc.) trigger unintended behavior in the AI. Particular caution is required when the AI directly reads external content via MCP. For a detailed threat analysis, refer to the arXiv paper.
The Most Common Mistakes in Practice
- Hardcoding the token in the configuration file: If you directly enter the token value into
.claude/settings.json, it will be exposed to Git. You must reference the environment variable in the"GITHUB_TOKEN": "$GITHUB_TOKEN"format instead of the"GITHUB_TOKEN": "ghp_abc123..."format. - Granting excessive privileges to subagents: If all subagents are configured to have write and delete permissions, a single malfunction can corrupt production data. You should grant only the minimum privileges per role using the
--allowedToolsflag. For example, a look-only subagent should be allowed only read tools, and an implementation subagent only write tools. - Operating a sub-agent without CLAUDE.md: Executing without behavioral rules results in inconsistent behavior across agents and unpredictable outcomes. You must define operational principles in
.claude/CLAUDE.mdbefore starting the pipeline, such as "Do not write directly to the production DB," "Verify that tests are included before creating a PR," and "Mandatory Slack notification after completion."
In Conclusion
3 Steps to Start Right Now:
- GitHub MCP Connection: Add the settings below to
.claude/settings.jsonand restart Claude Code."최근 열린 PR 목록 보여줘"You can verify that it is working. { "mcpServers": { "github": { "type": "stdio", "command": "npx", "args": ["-y", "@modelcontextprotocol/server-github"], "env": { "GITHUB_TOKEN": "$GITHUB_TOKEN" } } } }- Automating Sentry Connection and Error Handling: Add the
sentryentry to settings.json and complete the OAuth authentication prompted on the first connection, then test the"최근 프로덕션 오류 분석해서 수정 PR 만들어줘"pipeline. - Defining Agent Behavior Rules with CLAUDE.md: Safely extend agent autonomy by documenting the team's operational principles in
.claude/CLAUDE.md, such as prohibiting direct writing to the production DB, verifying the inclusion of tests before creating a PR, and mandatory Slack notifications after completion.
Next Post: How to Build Your Own MCP Custom Server — Wrapping In-House Legacy Systems with an MCP Server Using Node.js and Connecting to Claude Code
Reference Materials
- Introducing the Model Context Protocol | Anthropic
- Claude Code Official MCP Connection Guide | Claude Code Docs
- Claude Code Sub-Agent Official Documentation | Claude Code Docs
- MCP Official Spec (2025-11-25) | modelcontextprotocol.io
- modelcontextprotocol/servers — Reference MCP Server Collection | GitHub
- Sentry Official MCP Server Documentation | Sentry Docs
- getsentry/sentry-mcp | GitHub
- slackapi/slack-mcp-plugin | GitHub
- Agentic AI in DevOps — MCP Use Case | CloudBees
- MCP Security Risks and Controls | Red Hat
- MCP Security Threat Analysis Paper | arXiv
- What is Model Context Protocol (MCP)? | IBM
- Understanding Skills, Agents, Subagents, and MCP in Claude Code | Colin McNamara
- VoltAgent/awesome-claude-code-subagents | GitHub
