Merlonix MCP Server
Merlonix runs a Model Context Protocol (MCP) server so your AI agent can work with Merlonix monitoring data directly — no copy-pasting, no browser. Point an MCP client at the endpoint and ask it questions like "is the SSL certificate on example.com healthy?", "is Cloudflare having an incident right now?", or — with an API key — "add api.acme.com to my monitoring and resolve the DNS alert on the marketing site."
The public tools query public data and need no API key. The account tools read and manage your own assets and alerts and require a Merlonix API key.
Endpoint: https://api.merlonix.com/mcp
Transport: MCP Streamable HTTP (JSON-RPC 2.0)
Auth: none for public tools; "Authorization: Bearer mk_…" for account tools
Public tools (no API key)
| Tool | What it does | Arguments |
|---|---|---|
check_domain_health | Live SSL/TLS certificate (validity, expiry, issuer), DNS resolution (A/AAAA/MX/NS), and domain-registration (RDAP) expiry for any public hostname. | hostname |
check_agent_readiness | Scores how ready a website is for AI agents and answer engines — checks /llms.txt, /robots.txt, and homepage signals. Returns a letter grade with per-signal findings. | hostname |
list_vendor_status | Current operational status and recent incidents for every third-party vendor Merlonix monitors (Cloudflare, GitHub, Stripe, and more). | — |
get_vendor_status | Current status plus 30-day history for one monitored vendor by slug. | slug |
list_plans | Merlonix subscription plans and pricing with monitoring limits. | — |
Account tools (API key required)
Create a key in the app at Settings → API keys, then set Authorization: Bearer mk_… on your MCP client. Read tools work with any key; write tools require a key with the write scope. Every account tool is scoped to your tenant — you can only ever see and change your own data.
| Tool | What it does | Arguments | Scope |
|---|---|---|---|
list_my_assets | List the monitored assets in your account. | — | read |
get_asset_checks | Latest check results (SSL/DNS/uptime/heartbeat/port) for one of your assets. | asset_id | read |
list_my_alerts | Your recent alerts with severity and lifecycle status. | — | read |
create_asset | Start monitoring a new asset (subject to your plan's asset quota). | hostname, asset_type, (optional toggles) | write |
update_asset | Relabel an asset or toggle which checks run. | asset_id, (optional fields) | write |
delete_asset | Stop monitoring an asset and remove it (irreversible). | asset_id | write |
acknowledge_alert | Mark an alert as being handled. | alert_id, (optional note) | write |
resolve_alert | Close an alert. | alert_id, (optional resolution, note) | write |
Each tool maps to the matching Merlonix API endpoint — the MCP server is a thin, honest wrapper, so the same authentication, tenant-scoping, SSRF guards, rate limits, and caching apply. A call without the required key (or with a read-only key on a write tool) returns a clear in-band error, never a partial change.
Connect
Claude Code
claude mcp add --transport http merlonix https://api.merlonix.com/mcp
Then ask Claude Code, for example, "use the merlonix tools to check the SSL and DNS health of example.com."
Claude Desktop (and other stdio-only clients)
Clients that speak the local stdio transport can reach the hosted server through the mcp-remote bridge. Add this to your client's MCP config:
{
"mcpServers": {
"merlonix": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://api.merlonix.com/mcp"]
}
}
}
Any Streamable HTTP MCP client
Point the client at https://api.merlonix.com/mcp directly — the server implements the standard MCP initialize / tools/list / tools/call flow over a single POST endpoint. For the account tools, send Authorization: Bearer mk_….
Example prompts
- "Check the domain health of merlonix.com and tell me when the certificate expires."
- "Is my site AI-agent ready? Run check_agent_readiness on example.com and list what's missing."
- "Which vendors that Merlonix monitors are currently degraded?"
- "Show me Cloudflare's status history for the last month."
With an API key:
- "List my Merlonix assets and tell me which have alerts open."
- "Add api.acme.com to my monitoring with SSL and DNS checks enabled."
- "Acknowledge the SSL alert on store.acme.com, then resolve the DNS one as fixed."
Security
The account tools enforce authentication and tenant-scoping at the API, exactly as a direct REST call would: the MCP server forwards only the explicit Authorization bearer you send — it never authenticates from a browser cookie, so an ambient session can't drive a tool call. Write tools require a key with the write scope; a read-only key is rejected. You can only ever read or change data in your own account.
Want a workflow we don't cover yet? Tell us what you'd automate.